Mercurial > hg > icedtea7-forest > jdk
changeset 8924:c86c2dd2c870
Merge jdk7u111-b01
line wrap: on
line diff
--- a/.hgtags Fri Jul 29 04:24:21 2016 +0100 +++ b/.hgtags Sat Sep 10 22:36:17 2016 +0100 @@ -634,3 +634,11 @@ 91216176dcc70528412a937e962bcc7221322701 icedtea-2.7.0pre04 3fc5cbcd46dd9ac3c7a8eae4758e067eb701d129 icedtea-2.7.0pre05 d35404fe959028c7238a63d611d6278a1de0a216 icedtea-2.7.0pre06 +295856e8680fa7248dac54bc15b3d6ef697b27ce jdk7u91-b00 +9fc5d7338840ef6b73d28290735bab11395824b0 jdk7u91-b01 +c434c67b8189677dec0a0034a109fb261497cd92 jdk7u91-b02 +3a74fee9ba00da3bd3a22492e1b069430a82574d jdk7u95-b00 +0b89eea70cf4952b22dfe10ea8611ddb852d73d6 jdk7u99-b00 +bdcfc4d9ab9f52fbf37db876c08a1846765627c4 jdk7u101-b00 +a7267e8244b9418af15b1103b4d906e8c6a61bc0 jdk7u111-b00 +cc1ed9a351886645eb729144696e41d187564ec2 jdk7u111-b01
--- a/make/com/oracle/security/ucrypto/Makefile Fri Jul 29 04:24:21 2016 +0100 +++ b/make/com/oracle/security/ucrypto/Makefile Sat Sep 10 22:36:17 2016 +0100 @@ -99,7 +99,6 @@ JAVAC_MAX_WARNINGS=false JAVAC_LINT_OPTIONS=-Xlint:all,-deprecation - JAVAC_WARNINGS_FATAL=true # # C and Java Files
--- a/make/com/oracle/security/ucrypto/mapfile-vers Fri Jul 29 04:24:21 2016 +0100 +++ b/make/com/oracle/security/ucrypto/mapfile-vers Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ # -# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -39,6 +39,7 @@ Java_com_oracle_security_ucrypto_NativeCipher_nativeUpdate; Java_com_oracle_security_ucrypto_NativeCipher_nativeFinal; Java_com_oracle_security_ucrypto_NativeKey_nativeFree; + Java_com_oracle_security_ucrypto_NativeKey_00024RSAPrivate_nativeInit; Java_com_oracle_security_ucrypto_NativeKey_00024RSAPrivateCrt_nativeInit; Java_com_oracle_security_ucrypto_NativeKey_00024RSAPublic_nativeInit; Java_com_oracle_security_ucrypto_NativeRSASignature_nativeInit; @@ -56,6 +57,7 @@ JavaCritical_com_oracle_security_ucrypto_NativeCipher_nativeUpdate; JavaCritical_com_oracle_security_ucrypto_NativeCipher_nativeFinal; JavaCritical_com_oracle_security_ucrypto_NativeKey_nativeFree; + JavaCritical_com_oracle_security_ucrypto_NativeKey_00024RSAPrivate_nativeInit; JavaCritical_com_oracle_security_ucrypto_NativeKey_00024RSAPrivateCrt_nativeInit; JavaCritical_com_oracle_security_ucrypto_NativeKey_00024RSAPublic_nativeInit; JavaCritical_com_oracle_security_ucrypto_NativeRSASignature_nativeInit;
--- a/make/com/sun/crypto/provider/Makefile Fri Jul 29 04:24:21 2016 +0100 +++ b/make/com/sun/crypto/provider/Makefile Sat Sep 10 22:36:17 2016 +0100 @@ -113,6 +113,8 @@ endif endif +JAVAC_MAX_WARNINGS = false +JAVAC_LINT_OPTIONS = -Xlint:all,-deprecation include $(BUILDDIR)/common/Defs.gmk #
--- a/make/com/sun/java/pack/Makefile Fri Jul 29 04:24:21 2016 +0100 +++ b/make/com/sun/java/pack/Makefile Sat Sep 10 22:36:17 2016 +0100 @@ -32,6 +32,7 @@ LIBRARY = unpack PRODUCT = sun PGRM = unpack200 +JAVAC_MAX_WARNINGS=true include $(BUILDDIR)/common/Defs.gmk CPLUSPLUSLIBRARY=true
--- a/make/com/sun/security/Makefile Fri Jul 29 04:24:21 2016 +0100 +++ b/make/com/sun/security/Makefile Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ # -# Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -28,6 +28,8 @@ # BUILDDIR = ../../.. +SUBDIRS_MAKEFLAGS += JAVAC_MAX_WARNINGS=false +SUBDIRS_MAKEFLAGS += JAVAC_LINT_OPTIONS=-Xlint:all,-deprecation include $(BUILDDIR)/common/Defs.gmk SUBDIRS = auth
--- a/make/common/Release.gmk Fri Jul 29 04:24:21 2016 +0100 +++ b/make/common/Release.gmk Sat Sep 10 22:36:17 2016 +0100 @@ -360,15 +360,15 @@ sun/tools/serialver \ sun/tools/tree \ sun/tools/util \ - sun/security/tools/JarBASE64Encoder.class \ - sun/security/tools/JarSigner.class \ - sun/security/tools/JarSignerParameters.class \ - sun/security/tools/JarSignerResources.class \ - sun/security/tools/JarSignerResources_ja.class \ - sun/security/tools/JarSignerResources_zh_CN.class \ - sun/security/tools/SignatureFile\$$Block.class \ - sun/security/tools/SignatureFile.class \ - sun/security/tools/TimestampedSigner.class \ + sun/security/tools/jarsigner/JarBASE64Encoder.class \ + sun/security/tools/jarsigner/Main.class \ + sun/security/tools/jarsigner/JarSignerParameters.class \ + sun/security/tools/jarsigner/Resources.class \ + sun/security/tools/jarsigner/Resources_ja.class \ + sun/security/tools/jarsigner/Resources_zh_CN.class \ + sun/security/tools/jarsigner/SignatureFile\$$Block.class \ + sun/security/tools/jarsigner/SignatureFile.class \ + sun/security/tools/jarsigner/TimestampedSigner.class \ sun/rmi/rmic \ sun/applet \ sun/jvmstat \ @@ -593,15 +593,15 @@ $(ECHO) "sun/tools/serialver/" >> $@ $(ECHO) "sun/tools/tree/" >> $@ $(ECHO) "sun/tools/util/" >> $@ - $(ECHO) "sun/security/tools/JarBASE64Encoder.class" >> $@ - $(ECHO) "sun/security/tools/JarSigner.class" >> $@ - $(ECHO) "sun/security/tools/JarSignerParameters.class" >> $@ - $(ECHO) "sun/security/tools/JarSignerResources.class" >> $@ - $(ECHO) "sun/security/tools/JarSignerResources_ja.class" >> $@ - $(ECHO) "sun/security/tools/JarSignerResources_zh_CN.class" >> $@ - $(ECHO) "sun/security/tools/SignatureFile\$$Block.class" >> $@ - $(ECHO) "sun/security/tools/SignatureFile.class" >> $@ - $(ECHO) "sun/security/tools/TimestampedSigner.class" >> $@ + $(ECHO) "sun/security/tools/jarsigner/JarBASE64Encoder.class" >> $@ + $(ECHO) "sun/security/tools/jarsigner/Main.class" >> $@ + $(ECHO) "sun/security/tools/jarsigner/JarSignerParameters.class" >> $@ + $(ECHO) "sun/security/tools/jarsigner/Resources.class" >> $@ + $(ECHO) "sun/security/tools/jarsigner/Resources_ja.class" >> $@ + $(ECHO) "sun/security/tools/jarsigner/Resources_zh_CN.class" >> $@ + $(ECHO) "sun/security/tools/jarsigner/SignatureFile\$$Block.class" >> $@ + $(ECHO) "sun/security/tools/jarsigner/SignatureFile.class" >> $@ + $(ECHO) "sun/security/tools/jarsigner/TimestampedSigner.class" >> $@ $(ECHO) "sun/security/provider/Sun.class" >> $@ $(ECHO) "sun/security/rsa/SunRsaSign.class" >> $@ $(ECHO) "sun/security/ssl/" >> $@
--- a/make/common/shared/Defs-java.gmk Fri Jul 29 04:24:21 2016 +0100 +++ b/make/common/shared/Defs-java.gmk Sat Sep 10 22:36:17 2016 +0100 @@ -129,12 +129,17 @@ JAVACFLAGS += -g endif ifeq ($(JAVAC_MAX_WARNINGS), true) - JAVACFLAGS += -Xlint:all + JAVAC_LINT_OPTIONS += -Xlint:all endif ifeq ($(JAVAC_WARNINGS_FATAL), true) JAVACFLAGS += -Werror endif +# TODO: Workaround for CR 7063027. Remove -path eventually. +JAVAC_LINT_OPTIONS += -Xlint:-path + +JAVACFLAGS += $(JAVAC_LINT_OPTIONS) + # # Some licensees do not get the Security Source bundles. We will # fall back on the prebuilt jce.jar so that we can do a best @@ -224,9 +229,7 @@ # The javac options supplied to the boot javac is limited. This compiler # should only be used to build the 'make/tools' sources, which are not # class files that end up in the classes directory. -ifeq ($(JAVAC_MAX_WARNINGS), true) - BOOT_JAVACFLAGS += -Xlint:all -endif +BOOT_JAVACFLAGS += $(JAVAC_LINT_OPTIONS) ifeq ($(JAVAC_WARNINGS_FATAL), true) BOOT_JAVACFLAGS += -Werror endif
--- a/make/java/security/Makefile Fri Jul 29 04:24:21 2016 +0100 +++ b/make/java/security/Makefile Sat Sep 10 22:36:17 2016 +0100 @@ -26,6 +26,8 @@ BUILDDIR = ../.. PACKAGE = java.security PRODUCT = sun +JAVAC_MAX_WARNINGS = false +JAVAC_LINT_OPTIONS = -Xlint:all,-deprecation include $(BUILDDIR)/common/Defs.gmk #
--- a/make/javax/crypto/Makefile Fri Jul 29 04:24:21 2016 +0100 +++ b/make/javax/crypto/Makefile Sat Sep 10 22:36:17 2016 +0100 @@ -128,6 +128,7 @@ endif endif +JAVAC_MAX_WARNINGS = true include $(BUILDDIR)/common/Defs.gmk #
--- a/make/launchers/Makefile Fri Jul 29 04:24:21 2016 +0100 +++ b/make/launchers/Makefile Sat Sep 10 22:36:17 2016 +0100 @@ -59,7 +59,7 @@ $(call make-launcher, extcheck, com.sun.tools.extcheck.Main, , ) $(call make-launcher, idlj, com.sun.tools.corba.se.idl.toJavaPortable.Compile, , ) $(call make-launcher, jar, sun.tools.jar.Main, , ) -$(call make-launcher, jarsigner, sun.security.tools.JarSigner, , ) +$(call make-launcher, jarsigner, sun.security.tools.jarsigner.Main, , ) $(call make-launcher, javac, com.sun.tools.javac.Main, , ) $(call make-launcher, javadoc, com.sun.tools.javadoc.Main, , ) $(call make-launcher, javah, com.sun.tools.javah.Main, , )
--- a/make/sun/cmm/lcms/Makefile Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/cmm/lcms/Makefile Sat Sep 10 22:36:17 2016 +0100 @@ -103,6 +103,7 @@ OTHER_LDLIBS = $(LIBM) -lawt -L$(LIBDIR)/$(LIBARCH)/xawt endif +CPPFLAGS += -DCMS_DONT_USE_FAST_FLOOR CPPFLAGS += -I$(SHARE_SRC)/native/sun/java2d \ -I$(SHARE_SRC)/native/sun/awt/debug endif
--- a/make/sun/font/Makefile Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/font/Makefile Sat Sep 10 22:36:17 2016 +0100 @@ -94,14 +94,27 @@ endif # PLATFORM -# Turn off aliasing with GCC +# Turn off aliasing with GCC for ExtensionSubtables.cpp (and others on GCC < 4.3) +# Turn off strict overflow with GCC for IndicRearrangementProcessor.cpp on GCC >= 4.3 +# Ensure signed integers wrap with GCC for IndicRearrangementProcessor.cpp on GCC < 4.3 ifeq ($(PLATFORM), linux) - CXXFLAGS += -fno-strict-aliasing + CXXFLAGS += $(CXXFLAGS_$(@F)) + CXXFLAGS_ExtensionSubtables.o = -fno-strict-aliasing +ifeq "$(shell expr \( $(CC_VER_MAJOR) \> 4 \) \| \( \( $(CC_VER_MAJOR) = 4 \) \& \( $(CC_VER_MINOR) \>= 3 \) \))" "0" + # GCC >= 4.3. This flag is not known in gcc 4.1.2. + CXXFLAGS_IndicRearrangementProcessor.o := -fno-strict-overflow + CXXFLAGS_IndicRearrangementProcessor2.o := -fno-strict-overflow +else + CXXFLAGS_ContextualGlyphSubstProc.o = -fno-strict-aliasing + CXXFLAGS_IndicRearrangementProcessor.o := -fwrapv -fno-strict-aliasing + CXXFLAGS_IndicRearrangementProcessor2.o := -fwrapv + CXXFLAGS_MorphTables2.o = -fno-strict-aliasing +endif endif # Turn on infinality rendering support when requested ifeq ($(INFINALITY_SUPPORT),true) -OTHER_CFLAGS += $(FONTCONFIG_CFLAGS) -DINFINALITY + OTHER_CFLAGS += $(FONTCONFIG_CFLAGS) -DINFINALITY endif #In the non-OpenJDK mode we need to build T2K
--- a/make/sun/javazic/tzdata/VERSION Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/javazic/tzdata/VERSION Sat Sep 10 22:36:17 2016 +0100 @@ -21,4 +21,4 @@ # or visit www.oracle.com if you need additional information or have any # questions. # -tzdata2015d +tzdata2016d
--- a/make/sun/javazic/tzdata/africa Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/javazic/tzdata/africa Sat Sep 10 22:36:17 2016 +0100 @@ -361,9 +361,10 @@ # time this summer, and carry out studies on the possibility of canceling the # practice altogether in future years." # -# From Paul Eggert (2015-04-20): -# For now, assume DST will be canceled. Any resumption would likely -# use different rules anyway. +# From Paul Eggert (2015-04-24): +# Yesterday the office of Egyptian President El-Sisi announced his +# decision to abandon DST permanently. See Ahram Online 2015-04-24. +# http://english.ahram.org.eg/NewsContent/1/64/128509/Egypt/Politics-/Sisi-cancels-daylight-saving-time-in-Egypt.aspx Rule Egypt 2008 only - Aug lastThu 24:00 0 - Rule Egypt 2009 only - Aug 20 24:00 0 - @@ -560,7 +561,7 @@ # From Alex Krivenyshev (2008-07-11): # Seems that English language article "The revival of daylight saving -# time: Energy conservation?"-# No. 16578 (07/11/2008) was originally +# time: Energy conservation?"- No. 16578 (07/11/2008) was originally # published on Monday, June 30, 2008... # # I guess that article in French "Le gouvernement avance l'introduction @@ -692,7 +693,7 @@ # Here is a link to official document from Royaume du Maroc Premier Ministre, # Ministère de la Modernisation des Secteurs Publics # -# Under Article 1 of Royal Decree No. 455-67 of Act 23 safar 1387 (2 june 1967) +# Under Article 1 of Royal Decree No. 455-67 of Act 23 safar 1387 (2 June 1967) # concerning the amendment of the legal time, the Ministry of Modernization of # Public Sectors announced that the official time in the Kingdom will be # advanced 60 minutes from Sunday 31 May 2009 at midnight. @@ -810,20 +811,41 @@ # will resume again at 02:00 on Saturday, August 2, 2014.... # http://www.mmsp.gov.ma/fr/actualites.aspx?id=586 -# From Paul Eggert (2014-06-05): -# For now, guess that later spring and fall transitions will use 2014's rules, +# From Milamber (2015-06-08): +# (Google Translation) The hour will thus be delayed 60 minutes +# Sunday, June 14 at 3:00, the ministry said in a statement, adding +# that the time will be advanced again 60 minutes Sunday, July 19, +# 2015 at 2:00. The move comes under 2.12.126 Decree of 26 Jumada I +# 1433 (18 April 2012) and the decision of the Head of Government of +# 16 N. 3-29-15 Chaaban 1435 (4 June 2015). +# Source (french): +# http://lnt.ma/le-maroc-reculera-dune-heure-le-dimanche-14-juin/ +# +# From Milamber (2015-06-09): +# http://www.mmsp.gov.ma/fr/actualites.aspx?id=863 +# +# From Michael Deckers (2015-06-09): +# [The gov.ma announcement] would (probably) make the switch on 2015-07-19 go +# from 03:00 to 04:00 rather than from 02:00 to 03:00, as in the patch.... +# I think the patch is correct and the quoted text is wrong; the text in +# <http://lnt.ma/le-maroc-reculera-dune-heure-le-dimanche-14-juin/> agrees +# with the patch. + +# From Paul Eggert (2015-06-08): +# For now, guess that later spring and fall transitions will use 2015's rules, # and guess that Morocco will switch to standard time at 03:00 the last -# Saturday before Ramadan, and back to DST at 02:00 the first Saturday after -# Ramadan. To implement this, transition dates for 2015 through 2037 were +# Sunday before Ramadan, and back to DST at 02:00 the first Sunday after +# Ramadan. To implement this, transition dates for 2016 through 2037 were # determined by running the following program under GNU Emacs 24.3, with the # results integrated by hand into the table below. -# (let ((islamic-year 1436)) +# (let ((islamic-year 1437)) +# (require 'cal-islam) # (while (< islamic-year 1460) # (let ((a (calendar-islamic-to-absolute (list 9 1 islamic-year))) # (b (calendar-islamic-to-absolute (list 10 1 islamic-year))) -# (saturday 6)) -# (while (/= saturday (mod (setq a (1- a)) 7))) -# (while (/= saturday (mod b 7)) +# (sunday 0)) +# (while (/= sunday (mod (setq a (1- a)) 7))) +# (while (/= sunday (mod b 7)) # (setq b (1+ b))) # (setq a (calendar-gregorian-from-absolute a)) # (setq b (calendar-gregorian-from-absolute b)) @@ -867,32 +889,30 @@ Rule Morocco 2013 only - Jul 7 3:00 0 - Rule Morocco 2013 only - Aug 10 2:00 1:00 S Rule Morocco 2013 max - Oct lastSun 3:00 0 - -Rule Morocco 2014 2022 - Mar lastSun 2:00 1:00 S +Rule Morocco 2014 2021 - Mar lastSun 2:00 1:00 S Rule Morocco 2014 only - Jun 28 3:00 0 - Rule Morocco 2014 only - Aug 2 2:00 1:00 S -Rule Morocco 2015 only - Jun 13 3:00 0 - -Rule Morocco 2015 only - Jul 18 2:00 1:00 S -Rule Morocco 2016 only - Jun 4 3:00 0 - -Rule Morocco 2016 only - Jul 9 2:00 1:00 S -Rule Morocco 2017 only - May 20 3:00 0 - -Rule Morocco 2017 only - Jul 1 2:00 1:00 S -Rule Morocco 2018 only - May 12 3:00 0 - -Rule Morocco 2018 only - Jun 16 2:00 1:00 S -Rule Morocco 2019 only - May 4 3:00 0 - -Rule Morocco 2019 only - Jun 8 2:00 1:00 S -Rule Morocco 2020 only - Apr 18 3:00 0 - -Rule Morocco 2020 only - May 30 2:00 1:00 S -Rule Morocco 2021 only - Apr 10 3:00 0 - -Rule Morocco 2021 only - May 15 2:00 1:00 S -Rule Morocco 2022 only - Apr 2 3:00 0 - -Rule Morocco 2022 only - May 7 2:00 1:00 S -Rule Morocco 2023 only - Apr 22 2:00 1:00 S -Rule Morocco 2024 only - Apr 13 2:00 1:00 S -Rule Morocco 2025 only - Apr 5 2:00 1:00 S +Rule Morocco 2015 only - Jun 14 3:00 0 - +Rule Morocco 2015 only - Jul 19 2:00 1:00 S +Rule Morocco 2016 only - Jun 5 3:00 0 - +Rule Morocco 2016 only - Jul 10 2:00 1:00 S +Rule Morocco 2017 only - May 21 3:00 0 - +Rule Morocco 2017 only - Jul 2 2:00 1:00 S +Rule Morocco 2018 only - May 13 3:00 0 - +Rule Morocco 2018 only - Jun 17 2:00 1:00 S +Rule Morocco 2019 only - May 5 3:00 0 - +Rule Morocco 2019 only - Jun 9 2:00 1:00 S +Rule Morocco 2020 only - Apr 19 3:00 0 - +Rule Morocco 2020 only - May 24 2:00 1:00 S +Rule Morocco 2021 only - Apr 11 3:00 0 - +Rule Morocco 2021 only - May 16 2:00 1:00 S +Rule Morocco 2022 only - May 8 2:00 1:00 S +Rule Morocco 2023 only - Apr 23 2:00 1:00 S +Rule Morocco 2024 only - Apr 14 2:00 1:00 S +Rule Morocco 2025 only - Apr 6 2:00 1:00 S Rule Morocco 2026 max - Mar lastSun 2:00 1:00 S -Rule Morocco 2035 only - Oct 27 3:00 0 - -Rule Morocco 2036 only - Oct 18 3:00 0 - -Rule Morocco 2037 only - Oct 10 3:00 0 - +Rule Morocco 2036 only - Oct 19 3:00 0 - +Rule Morocco 2037 only - Oct 4 3:00 0 - # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Africa/Casablanca -0:30:20 - LMT 1913 Oct 26
--- a/make/sun/javazic/tzdata/asia Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/javazic/tzdata/asia Sat Sep 10 22:36:17 2016 +0100 @@ -29,7 +29,7 @@ # tz@iana.org for general use in the future). For more, please see # the file CONTRIBUTING in the tz distribution. -# From Paul Eggert (2014-10-31): +# From Paul Eggert (2015-08-08): # # Unless otherwise specified, the source for data through 1990 is: # Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition), @@ -66,7 +66,7 @@ # 2:00 EET EEST Eastern European Time # 2:00 IST IDT Israel # 3:00 AST ADT Arabia* -# 3:30 IRST IRDT Iran +# 3:30 IRST IRDT Iran* # 4:00 GST Gulf* # 5:30 IST India # 7:00 ICT Indochina, most times and locations* @@ -75,10 +75,11 @@ # 8:00 CST China # 8:00 IDT Indochina, 1943-45, 1947-55, 1960-75 (some locations)* # 8:00 JWST Western Standard Time (Japan, 1896/1937)* +# 8:30 KST KDT Korea when at +0830* # 9:00 JCST Central Standard Time (Japan, 1896/1937) # 9:00 WIT east Indonesia (Waktu Indonesia Timur) # 9:00 JST JDT Japan -# 9:00 KST KDT Korea +# 9:00 KST KDT Korea when at +09 # 9:30 ACST Australian Central Standard Time # # See the 'europe' file for Russia and Turkey in Asia. @@ -101,13 +102,9 @@ Rule E-EurAsia 1996 max - Oct lastSun 0:00 0 - Rule RussiaAsia 1981 1984 - Apr 1 0:00 1:00 S Rule RussiaAsia 1981 1983 - Oct 1 0:00 0 - -Rule RussiaAsia 1984 1991 - Sep lastSun 2:00s 0 - -Rule RussiaAsia 1985 1991 - Mar lastSun 2:00s 1:00 S -Rule RussiaAsia 1992 only - Mar lastSat 23:00 1:00 S -Rule RussiaAsia 1992 only - Sep lastSat 23:00 0 - -Rule RussiaAsia 1993 max - Mar lastSun 2:00s 1:00 S -Rule RussiaAsia 1993 1995 - Sep lastSun 2:00s 0 - -Rule RussiaAsia 1996 max - Oct lastSun 2:00s 0 - +Rule RussiaAsia 1984 1995 - Sep lastSun 2:00s 0 - +Rule RussiaAsia 1985 2011 - Mar lastSun 2:00s 1:00 S +Rule RussiaAsia 1996 2011 - Oct lastSun 2:00s 0 - # Afghanistan # Zone NAME GMTOFF RULES FORMAT [UNTIL] @@ -147,16 +144,26 @@ 3:00 1:00 YERST 1991 Sep 23 # independence 3:00 RussiaAsia AM%sT 1995 Sep 24 2:00s 4:00 - AMT 1997 - 4:00 RussiaAsia AM%sT 2012 Mar 25 2:00s + 4:00 RussiaAsia AM%sT 2012 Feb 9 4:00 - AMT # Azerbaijan + # From Rustam Aliyev of the Azerbaijan Internet Forum (2005-10-23): # According to the resolution of Cabinet of Ministers, 1997 -# Resolution available at: http://aif.az/docs/daylight_res.pdf +# From Paul Eggert (2015-09-17): It was Resolution No. 21 (1997-03-17). +# http://code.az/files/daylight_res.pdf + +# From Steffen Thorsen (2016-03-17): +# ... the Azerbaijani Cabinet of Ministers has cancelled switching to +# daylight saving time.... +# http://www.azernews.az/azerbaijan/94137.html +# http://vestnikkavkaza.net/news/Azerbaijani-Cabinet-of-Ministers-cancels-daylight-saving-time.html +# http://en.apa.az/xeber_azerbaijan_abolishes_daylight_savings_ti_240862.html + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S -Rule Azer 1997 max - Mar lastSun 4:00 1:00 S -Rule Azer 1997 max - Oct lastSun 5:00 0 - +Rule Azer 1997 2015 - Mar lastSun 4:00 1:00 S +Rule Azer 1997 2015 - Oct lastSun 5:00 0 - # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Asia/Baku 3:19:24 - LMT 1924 May 2 3:00 - BAKT 1957 Mar # Baku Time @@ -895,6 +902,15 @@ 9:00 - TLT # India + +# From Ian P. Beacock, in "A brief history of (modern) time", The Atlantic +# http://www.theatlantic.com/technology/archive/2015/12/the-creation-of-modern-time/421419/ +# (2015-12-22): +# In January 1906, several thousand cotton-mill workers rioted on the +# outskirts of Bombay.... They were protesting the proposed abolition of +# local time in favor of Indian Standard Time.... Journalists called this +# dispute the "Battle of the Clocks." It lasted nearly half a century. + # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Asia/Kolkata 5:53:28 - LMT 1880 # Kolkata 5:53:20 - HMT 1941 Oct # Howrah Mean Time? @@ -1050,7 +1066,7 @@ # # From Roozbeh Pournader (2007-11-05): # This is quoted from Official Gazette of the Islamic Republic of -# Iran, Volume 63, Number 18242, dated Tuesday 1386/6/24 +# Iran, Volume 63, No. 18242, dated Tuesday 1386/6/24 # [2007-10-16]. I am doing the best translation I can:... # The official time of the country will be moved forward for one hour # on the 24 hours of the first day of the month of Farvardin and will @@ -1105,8 +1121,15 @@ Rule Iran 2032 2033 - Sep 21 0:00 0 S Rule Iran 2034 2035 - Mar 22 0:00 1:00 D Rule Iran 2034 2035 - Sep 22 0:00 0 S -Rule Iran 2036 2037 - Mar 21 0:00 1:00 D -Rule Iran 2036 2037 - Sep 21 0:00 0 S +# +# The following rules are approximations starting in the year 2038. +# These are the best post-2037 approximations available, given the +# restrictions of a single rule using a Gregorian-based data format. +# At some point this table will need to be extended, though quite +# possibly Iran will change the rules first. +Rule Iran 2036 max - Mar 21 0:00 1:00 D +Rule Iran 2036 max - Sep 21 0:00 0 S + # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Asia/Tehran 3:25:44 - LMT 1916 3:25:44 - TMT 1946 # Tehran Mean Time @@ -1563,24 +1586,7 @@ # Kazakhstan -# From Paul Eggert (1996-11-22): -# Andrew Evtichov (1996-04-13) writes that Kazakhstan -# stayed in sync with Moscow after 1990, and that Aqtobe (formerly Aktyubinsk) -# and Aqtau (formerly Shevchenko) are the largest cities in their zones. -# Guess that Aqtau and Aqtobe diverged in 1995, since that's the first time -# IATA SSIM mentions a third time zone in Kazakhstan. - -# From Paul Eggert (2006-03-22): -# German Iofis, ELSI, Almaty (2001-10-09) reports that Kazakhstan uses -# RussiaAsia rules, instead of switching at 00:00 as the IATA has it. -# Go with Shanks & Pottenger, who have them always using RussiaAsia rules. -# Also go with the following claims of Shanks & Pottenger: -# -# - Kazakhstan did not observe DST in 1991. -# - Qyzylorda switched from +5:00 to +6:00 on 1992-01-19 02:00. -# - Oral switched from +5:00 to +4:00 in spring 1989. - -# From Kazakhstan Embassy's News Bulletin #11 +# From Kazakhstan Embassy's News Bulletin No. 11 # <http://www.kazsociety.org.uk/news/2005/03/30.htm> (2005-03-21): # The Government of Kazakhstan passed a resolution March 15 abolishing # daylight saving time citing lack of economic benefits and health @@ -1596,61 +1602,232 @@ # everything else.... I guess that would make Kazakhstan time zones # de jure UTC+5 and UTC+6 respectively. +# From Stepan Golosunov (2016-03-27) ([*] means see later comments below): +# Review of the linked documents from http://adilet.zan.kz/ +# produced the following data for post-1991 Kazakhstan: +# +# 0. Act of the Cabinet of Ministers of the USSR +# from 1991-02-04 No. 20 +# http://pravo.gov.ru/proxy/ips/?docbody=&nd=102010545 +# removed the extra hour ("decree time") on the territory of the USSR +# starting with the last Sunday of March 1991. +# It also allowed (but not mandated) Kazakh SSR, Kirghiz SSR, Tajik SSR, +# Turkmen SSR and Uzbek SSR to not have "summer" time. +# +# The 1992-01-13 act also refers to the act of the Cabinet of Ministers +# of the Kazakh SSR from 1991-03-20 No. 170 "About the act of the Cabinet +# of Ministers of the USSR from 1991-02-04 No. 20" but I didn't found its +# text. +# +# According to Izvestia newspaper No. 68 (23334) from 1991-03-20 +# (page 6; available at http://libinfo.org/newsr/newsr2574.djvu via +# http://libinfo.org/index.php?id=58564) on 1991-03-31 at 2:00 during +# transition to "summer" time: +# Republic of Georgia, Latvian SSR, Lithuanian SSR, SSR Moldova, +# Estonian SSR; Komi ASSR; Kaliningrad oblast; Nenets autonomous okrug +# were to move clocks 1 hour forward. +# Kazakh SSR (excluding Uralsk oblast); Republic of Kyrgyzstan, Tajik +# SSR; Andijan, Jizzakh, Namangan, Sirdarya, Tashkent, Fergana oblasts +# of the Uzbek SSR were to move clocks 1 hour backwards. +# Other territories were to not move clocks. +# When the "summer" time would end on 1991-09-29, clocks were to be +# moved 1 hour backwards on the territory of the USSR excluding +# Kazakhstan, Kirghizia, Uzbekistan, Turkmenia, Tajikistan. +# +# Apparently there were last minute changes. Apparently Kazakh act No. 170 +# was one of such changes. +# +# https://ru.wikipedia.org/wiki/Декретное время +# claims that Sovetskaya Rossiya newspaper on 1991-03-29 published that +# Nenets autonomous okrug, Komi and Kazakhstan (excluding Uralsk oblast) +# were to not move clocks and Uralsk oblast was to move clocks +# forward; on 1991-09-29 Kazakhstan was to move clocks backwards. +# (Probably there were changes even after that publication. There is an +# article claiming that Kaliningrad oblast decided on 1991-03-29 to not +# move clocks.) +# +# This implies that on 1991-03-31 Asia/Oral remained on +04/+05 while +# the rest of Kazakhstan switched from +06/+07 to +05/06 or from +05/06 +# to +04/+05. It's unclear how Kzyl-Orda oblast moved into the fifth +# time belt. (By switching from +04/+05 to +05/+06 on 1991-09-29?) ... +# +# 1. Act of the Cabinet of Ministers of the Republic of Kazakhstan +# from 1992-01-13 No. 28 +# http://adilet.zan.kz/rus/docs/P920000028_ +# (text includes modification from the 1996 act) +# introduced new rules for calculation of time, mirroring Russian +# 1992-01-08 act. It specified that time would be calculated +# according to time belts plus extra hour ("decree time"), moved clocks +# on the whole territory of Kazakhstan 1 hour forward on 1992-01-19 at +# 2:00, specified DST rules. It acknowledged that Kazakhstan was +# located in the fourth and the fifth time belts and specified the +# border between them to be located east of Kustanay and Aktyubinsk +# oblasts (notably including Turgai and Kzyl-Orda oblasts into the fifth +# time belt). +# +# This means switch on 1992-01-19 at 2:00 from +04/+05 to +05/+06 for +# Asia/Aqtau, Asia/Aqtobe, Asia/Oral, Atyrau and Kustanay oblasts; from +# +05/+06 to +06/+07 for Asia/Almaty and Asia/Qyzylorda (and Arkalyk) [*].... +# +# 2. Act of the Cabinet of Ministers of the Republic of Kazakhstan +# from 1992-03-27 No. 284 +# http://adilet.zan.kz/rus/docs/P920000284_ +# cancels extra hour ("decree time") for Uralsk and Kzyl-Orda oblasts +# since the last Sunday of March 1992, while keeping them in the fourth +# and the fifth time belts respectively. +# +# 3. Order of the Prime Minister of the Republic of Kazakhstan +# from 1994-09-23 No. 384 +# http://adilet.zan.kz/rus/docs/R940000384_ +# cancels the extra hour ("decree time") on the territory of Mangystau +# oblast since the last Sunday of September 1994 (saying that time on +# the territory would correspond to the third time belt as a +# result).... +# +# 4. Act of the Government of the Republic of Kazakhstan +# from 1996-05-08 No. 575 +# http://adilet.zan.kz/rus/docs/P960000575_ +# amends the 1992-01-13 act to end summer time in October instead +# of September, mirroring identical Russian change from 1996-04-23 act. +# +# 5. Act of the Government of the Republic of Kazakhstan +# from 1999-03-26 No. 305 +# http://adilet.zan.kz/rus/docs/P990000305_ +# cancels the extra hour ("decree time") for Atyrau oblast since the +# last Sunday of March 1999 while retaining the oblast in the fourth +# time belt. +# +# This means change from +05/+06 to +04/+05. +# +# There is no zone for Atyrau currently (listed under Asia/Aqtau in +# zone1970.tab).[*] +# +# 6. Act of the Government of the Republic of Kazakhstan +# from 2000-11-23 No. 1749 +# http://adilet.zan.kz/rus/archive/docs/P000001749_/23.11.2000 +# replaces the previous five documents. +# +# The only changes I noticed are in definition of the border between the +# fourth and the fifth time belts. They account for changes in spelling +# and administrative division (splitting of Turgai oblast in 1997 +# probably changed time in territories incorporated into Kostanay oblast +# (including Arkalyk) from +06/+07 to +05/+06) and move Kyzylorda oblast +# from being in the fifth time belt and not using decree time into the +# fourth time belt (no change in practice).[*] +# +# 7. Act of the Government of the Republic of Kazakhstan +# from 2003-12-29 No. 1342 +# http://adilet.zan.kz/rus/docs/P030001342_ +# modified the 2000-11-23 act. No relevant changes, apparently. +# +# 8. Act of the Government of the Republic of Kazakhstan +# from 2004-07-20 No. 775 +# http://adilet.zan.kz/rus/archive/docs/P040000775_/20.07.2004 +# modified the 2000-11-23 act to move Kostanay and Kyzylorda oblasts into +# the fifth time belt and add Aktobe oblast to the list of regions not +# using extra hour ("decree time"), leaving Kazakhstan with only 2 time +# zones (+04/+05 and +06/+07). The changes were to be implemented +# during DST transitions in 2004 and 2005 but the acts got radically +# amended before implementation happened. +# +# 9. Act of the Government of the Republic of Kazakhstan +# from 2004-09-15 No. 1059 +# http://adilet.zan.kz/rus/docs/P040001059_ +# modified the 2000-11-23 act to remove exceptions from the "decree time" +# (leaving Kazakhstan in +05/+06 and +06/+07 zones), amended the +# 2004-07-20 act to implement changes for Atyrau, West Kazakhstan, +# Kostanay, Kyzylorda and Mangystau oblasts by not moving clocks +# during the 2014 transition to "winter" time. +# +# This means transition from +04/+05 to +05/+06 for Atyrau oblast (no +# zone currently), Asia/Oral, Asia/Aqtau and transition from +05/+06 to +# +06/+07 for Kostanay oblast (Kostanay and Arkalyk, no zones currently) +# and Asia/Qyzylorda on 2004-10-31 at 3:00....[*] +# +# 10. Act of the Government of the Republic of Kazakhstan +# from 2005-03-15 No. 231 +# http://adilet.zan.kz/rus/docs/P050000231_ +# removes DST provisions from the 2000-11-23 act, removes most of the +# (already implemented) provisions from the 2004-07-20 and 2004-09-15 +# acts, comes into effect 10 days after official publication. +# The only practical effect seems to be the abolition of the summer +# time. +# +# Unamended version of the act of the Government of the Russian Federation +# No. 23 from 1992-01-08 [See 'europe' file for details]. +# Kazakh 1992-01-13 act appears to provide the same rules and 1992-03-27 +# act was to be enacted on the last Sunday of March 1992. + +# From Paul Eggert (2016-04-15): +# The tables below should reflect Stepan Golosunov's remarks above, +# except for the items marked "[*]" which I haven't gotten to yet. +# It looks like we will need new zones Asia/Atyrau and Asia/Qostanay +# to handle changes from 1992 through 2004 that we did not previously +# know about. + # # Zone NAME GMTOFF RULES FORMAT [UNTIL] # # Almaty (formerly Alma-Ata), representing most locations in Kazakhstan +# This includes KZ-AKM, KZ-ALA, KZ-ALM, KZ-AST, KZ-BAY, KZ-VOS, KZ-ZHA, +# KZ-KAR, KZ-SEV, KZ-PAV, and KZ-YUZ. Zone Asia/Almaty 5:07:48 - LMT 1924 May 2 # or Alma-Ata - 5:00 - ALMT 1930 Jun 21 # Alma-Ata Time - 6:00 RussiaAsia ALM%sT 1991 - 6:00 - ALMT 1992 - 6:00 RussiaAsia ALM%sT 2005 Mar 15 - 6:00 - ALMT -# Qyzylorda (aka Kyzylorda, Kizilorda, Kzyl-Orda, etc.) + 5:00 - +05 1930 Jun 21 + 6:00 RussiaAsia +06/+07 1991 Mar 31 2:00s + 5:00 RussiaAsia +05/+06 1992 Jan 19 2:00s + 6:00 RussiaAsia +06/+07 2004 Oct 31 2:00s + 6:00 - +06 +# Qyzylorda (aka Kyzylorda, Kizilorda, Kzyl-Orda, etc.) (KZ-KZY) Zone Asia/Qyzylorda 4:21:52 - LMT 1924 May 2 - 4:00 - KIZT 1930 Jun 21 # Kizilorda Time - 5:00 - KIZT 1981 Apr 1 - 5:00 1:00 KIZST 1981 Oct 1 - 6:00 - KIZT 1982 Apr 1 - 5:00 RussiaAsia KIZ%sT 1991 - 5:00 - KIZT 1991 Dec 16 # independence - 5:00 - QYZT 1992 Jan 19 2:00 - 6:00 RussiaAsia QYZ%sT 2005 Mar 15 - 6:00 - QYZT -# Aqtobe (aka Aktobe, formerly Aktyubinsk) + 4:00 - +04 1930 Jun 21 + 5:00 - +05 1981 Apr 1 + 5:00 1:00 +06 1981 Oct 1 + 6:00 - +06 1982 Apr 1 + 5:00 RussiaAsia +05/+06 1991 Mar 31 2:00s + 4:00 RussiaAsia +04/+05 1991 Sep 29 2:00s + 5:00 RussiaAsia +05/+06 1992 Jan 19 2:00s + 6:00 RussiaAsia +06/+07 1992 Mar 29 2:00s + 5:00 RussiaAsia +05/+06 2004 Oct 31 2:00s + 6:00 - +06 +# Aqtobe (aka Aktobe, formerly Aktyubinsk) (KZ-AKT) Zone Asia/Aqtobe 3:48:40 - LMT 1924 May 2 - 4:00 - AKTT 1930 Jun 21 # Aktyubinsk Time - 5:00 - AKTT 1981 Apr 1 - 5:00 1:00 AKTST 1981 Oct 1 - 6:00 - AKTT 1982 Apr 1 - 5:00 RussiaAsia AKT%sT 1991 - 5:00 - AKTT 1991 Dec 16 # independence - 5:00 RussiaAsia AQT%sT 2005 Mar 15 # Aqtobe Time - 5:00 - AQTT -# Mangghystau + 4:00 - +04 1930 Jun 21 + 5:00 - +05 1981 Apr 1 + 5:00 1:00 +06 1981 Oct 1 + 6:00 - +06 1982 Apr 1 + 5:00 RussiaAsia +05/+06 1991 Mar 31 2:00s + 4:00 RussiaAsia +04/+05 1992 Jan 19 2:00s + 5:00 RussiaAsia +05/+06 2004 Oct 31 2:00s + 5:00 - +05 +# Qostanay (KZ-KUS) + +# Mangghystau (KZ-MAN) # Aqtau was not founded until 1963, but it represents an inhabited region, # so include time stamps before 1963. Zone Asia/Aqtau 3:21:04 - LMT 1924 May 2 - 4:00 - FORT 1930 Jun 21 # Fort Shevchenko T - 5:00 - FORT 1963 - 5:00 - SHET 1981 Oct 1 # Shevchenko Time - 6:00 - SHET 1982 Apr 1 - 5:00 RussiaAsia SHE%sT 1991 - 5:00 - SHET 1991 Dec 16 # independence - 5:00 RussiaAsia AQT%sT 1995 Mar lastSun 2:00 # Aqtau Time - 4:00 RussiaAsia AQT%sT 2005 Mar 15 - 5:00 - AQTT -# West Kazakhstan + 4:00 - +04 1930 Jun 21 + 5:00 - +05 1963 + 5:00 - +05 1981 Oct 1 + 6:00 - +06 1982 Apr 1 + 5:00 RussiaAsia +05/+06 1991 Mar 31 2:00s + 4:00 RussiaAsia +04/+05 1992 Jan 19 2:00s + 5:00 RussiaAsia +05/+06 1994 Sep 25 2:00s + 4:00 RussiaAsia +04/+05 2004 Oct 31 2:00s + 5:00 - +05 + +# West Kazakhstan (KZ-ZAP) +# From Paul Eggert (2016-03-18): +# The 1989 transition is from USSR act No. 227 (1989-03-14). Zone Asia/Oral 3:25:24 - LMT 1924 May 2 # or Ural'sk - 4:00 - URAT 1930 Jun 21 # Ural'sk time - 5:00 - URAT 1981 Apr 1 - 5:00 1:00 URAST 1981 Oct 1 - 6:00 - URAT 1982 Apr 1 - 5:00 RussiaAsia URA%sT 1989 Mar 26 2:00 - 4:00 RussiaAsia URA%sT 1991 - 4:00 - URAT 1991 Dec 16 # independence - 4:00 RussiaAsia ORA%sT 2005 Mar 15 # Oral Time - 5:00 - ORAT + 4:00 - +04 1930 Jun 21 + 5:00 - +05 1981 Apr 1 + 5:00 1:00 +06 1981 Oct 1 + 6:00 - +06 1982 Apr 1 + 5:00 RussiaAsia +05/+06 1989 Mar 26 2:00s + 4:00 RussiaAsia +04/+05 1992 Jan 19 2:00s + 5:00 RussiaAsia +05/+06 1992 Mar 29 2:00s + 4:00 RussiaAsia +04/+05 2004 Oct 31 2:00s + 5:00 - +05 # Kyrgyzstan (Kirgizstan) # Transitions through 1991 are from Shanks & Pottenger. @@ -1734,6 +1911,18 @@ # # For Pyongyang we have no information; guess no changes since World War II. +# From Steffen Thorsen (2015-08-07): +# According to many news sources, North Korea is going to change to +# the 8:30 time zone on August 15, one example: +# http://www.bbc.com/news/world-asia-33815049 +# +# From Paul Eggert (2015-08-15): +# Bells rang out midnight (00:00) Friday as part of the celebrations. See: +# Talmadge E. North Korea celebrates new time zone, 'Pyongyang Time' +# http://news.yahoo.com/north-korea-celebrates-time-zone-pyongyang-time-164038128.html +# There is no common English-language abbreviation for this time zone. +# Use KST, as that's what we already use for 1954-1961 in ROK. + # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Asia/Seoul 8:27:52 - LMT 1908 Apr 1 8:30 - KST 1912 Jan 1 @@ -1746,7 +1935,8 @@ 8:30 - KST 1912 Jan 1 9:00 - JCST 1937 Oct 1 9:00 - JST 1945 Aug 24 - 9:00 - KST + 9:00 - KST 2015 Aug 15 00:00 + 8:30 - KST ############################################################################### @@ -2119,8 +2309,8 @@ # http://www.app.com.pk/en_/index.php?option=com_content&task=view&id=99374&Itemid=2 # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S -Rule Pakistan 2002 only - Apr Sun>=2 0:01 1:00 S -Rule Pakistan 2002 only - Oct Sun>=2 0:01 0 - +Rule Pakistan 2002 only - Apr Sun>=2 0:00 1:00 S +Rule Pakistan 2002 only - Oct Sun>=2 0:00 0 - Rule Pakistan 2008 only - Jun 1 0:00 1:00 S Rule Pakistan 2008 2009 - Nov 1 0:00 0 - Rule Pakistan 2009 only - Apr 15 0:00 1:00 S @@ -2388,6 +2578,16 @@ # http://www.timeanddate.com/time/change/gaza-strip/gaza # http://www.timeanddate.com/time/change/west-bank/hebron +# From Hannah Kreitem (2016-03-09): +# http://www.palestinecabinet.gov.ps/WebSite/ar/ViewDetails?ID=31728 +# [Google translation]: "The Council also decided to start daylight +# saving in Palestine as of one o'clock on Saturday morning, +# 2016-03-26, to provide the clock 60 minutes ahead." +# +# From Paul Eggert (2016-03-12): +# Predict spring transitions on March's last Saturday at 01:00 from now on. +# Leave fall predictions alone for now. + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule EgyptAsia 1957 only - May 10 0:00 1:00 S Rule EgyptAsia 1957 1958 - Oct 1 0:00 0 - @@ -2416,7 +2616,8 @@ Rule Palestine 2012 only - Sep 21 1:00 0 - Rule Palestine 2013 only - Sep Fri>=21 0:00 0 - Rule Palestine 2014 max - Oct Fri>=21 0:00 0 - -Rule Palestine 2015 max - Mar lastFri 24:00 1:00 S +Rule Palestine 2015 only - Mar lastFri 24:00 1:00 S +Rule Palestine 2016 max - Mar lastSat 1:00 1:00 S # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Asia/Gaza 2:17:52 - LMT 1900 Oct
--- a/make/sun/javazic/tzdata/australasia Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/javazic/tzdata/australasia Sat Sep 10 22:36:17 2016 +0100 @@ -83,6 +83,14 @@ # Hamilton is the largest, but there is also a Hamilton in Victoria, # so use Lindeman. # +# From J William Piggott (2016-02-20): +# There is no location named Holiday Islands in Queensland Australia; holiday +# islands is a colloquial term used globally. Hayman and Lindeman are at the +# north and south extremes of the Whitsunday Islands archipelago, and +# Hamilton is in between; it is reasonable to believe that this time zone +# applies to all of the Whitsundays. +# http://www.australia.gov.au/about-australia/australian-story/austn-islands +# # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule AQ 1971 only - Oct lastSun 2:00s 1:00 D Rule AQ 1972 only - Feb lastSun 2:00s 0 S @@ -358,10 +366,17 @@ # DST will start Nov. 2 this year. # http://www.fiji.gov.fj/Media-Center/Press-Releases/DAYLIGHT-SAVING-STARTS-ON-SUNDAY,-NOVEMBER-2ND.aspx -# From Paul Eggert (2014-10-20): +# From a government order dated 2015-08-26 and published as Legal Notice No. 77 +# in the Government of Fiji Gazette Supplement No. 24 (2015-08-28), +# via Ken Rylander (2015-09-02): +# the daylight saving period is 1 hour in advance of the standard time +# commencing at 2.00 am on Sunday 1st November, 2015 and ending at +# 3.00 am on Sunday 17th January, 2016. + +# From Paul Eggert (2015-09-01): # For now, guess DST from 02:00 the first Sunday in November to -# 03:00 the first Sunday on or after January 18. Although ad hoc, it -# matches this year's plan and seems more likely to match future +# 03:00 the third Sunday in January. Although ad hoc, it matches +# transitions since late 2014 and seems more likely to match future # practice than guessing no DST. # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S @@ -374,7 +389,7 @@ Rule Fiji 2012 2013 - Jan Sun>=18 3:00 0 - Rule Fiji 2014 only - Jan Sun>=18 2:00 0 - Rule Fiji 2014 max - Nov Sun>=1 2:00 1:00 S -Rule Fiji 2015 max - Jan Sun>=18 3:00 0 - +Rule Fiji 2015 max - Jan Sun>=15 3:00 0 - # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Pacific/Fiji 11:55:44 - LMT 1915 Oct 26 # Suva 12:00 Fiji FJ%sT # Fiji Time @@ -533,7 +548,10 @@ # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Pacific/Norfolk 11:11:52 - LMT 1901 # Kingston 11:12 - NMT 1951 # Norfolk Mean Time - 11:30 - NFT # Norfolk Time + 11:30 - NFT 1974 Oct 27 02:00 # Norfolk T. + 11:30 1:00 NFST 1975 Mar 2 02:00 + 11:30 - NFT 2015 Oct 4 02:00 + 11:00 - NFT # Palau (Belau) # Zone NAME GMTOFF RULES FORMAT [UNTIL] @@ -1573,6 +1591,20 @@ # started DST on June 3. Possibly DST was observed other years # in Midway, but we have no record of it. +# Norfolk + +# From Alexander Krivenyshev (2015-09-23): +# Norfolk Island will change ... from +1130 to +1100: +# https://www.comlaw.gov.au/Details/F2015L01483/Explanatory%20Statement/Text +# ... at 12.30 am (by legal time in New South Wales) on 4 October 2015. +# http://www.norfolkisland.gov.nf/nia/MediaRelease/Media%20Release%20Norfolk%20Island%20Standard%20Time%20Change.pdf + +# From Paul Eggert (2015-09-23): +# Transitions before 2015 are from timeanddate.com, which consulted +# the Norfolk Island Museum and the Australian Bureau of Meteorology's +# Norfolk Island station, and found no record of Norfolk observing DST +# other than in 1974/5. See: +# http://www.timeanddate.com/time/australia/norfolk-island.html # Pitcairn
--- a/make/sun/javazic/tzdata/backward Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/javazic/tzdata/backward Sat Sep 10 22:36:17 2016 +0100 @@ -46,6 +46,7 @@ Link America/Toronto America/Montreal Link America/Rio_Branco America/Porto_Acre Link America/Argentina/Cordoba America/Rosario +Link America/Tijuana America/Santa_Isabel Link America/Denver America/Shiprock Link America/Port_of_Spain America/Virgin Link Pacific/Auckland Antarctica/South_Pole
--- a/make/sun/javazic/tzdata/europe Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/javazic/tzdata/europe Sat Sep 10 22:36:17 2016 +0100 @@ -216,11 +216,14 @@ # republished in Finest Hour (Spring 2002) 1(114):26 # http://www.winstonchurchill.org/images/finesthour/Vol.01%20No.114.pdf -# From Paul Eggert (1996-09-03): +# From Paul Eggert (2015-08-08): # The OED Supplement says that the English originally said "Daylight Saving" # when they were debating the adoption of DST in 1908; but by 1916 this # term appears only in quotes taken from DST's opponents, whereas the # proponents (who eventually won the argument) are quoted as using "Summer". +# The term "Summer Time" was introduced by Herbert Samuel, Home Secretary; see: +# Viscount Samuel. Leisure in a Democracy. Cambridge University Press +# ISBN 978-1-107-49471-8 (1949, reissued 2015), p 8. # From Arthur David Olson (1989-01-19): # A source at the British Information Office in New York avers that it's @@ -366,7 +369,7 @@ # From an anonymous contributor (1996-06-02): # The law governing time in Ireland is under Statutory Instrument SI 395/94, -# which gives force to European Union 7th Council Directive # 94/21/EC. +# which gives force to European Union 7th Council Directive No. 94/21/EC. # Under this directive, the Minister for Justice in Ireland makes appropriate # regulations. I spoke this morning with the Secretary of the Department of # Justice (tel +353 1 678 9711) who confirmed to me that the correct name is @@ -615,21 +618,45 @@ Rule Russia 1921 only - Mar 20 23:00 2:00 MSM # Midsummer Rule Russia 1921 only - Sep 1 0:00 1:00 MSD Rule Russia 1921 only - Oct 1 0:00 0 - -# Act No.925 of the Council of Ministers of the USSR (1980-10-24): +# Act No. 925 of the Council of Ministers of the USSR (1980-10-24): Rule Russia 1981 1984 - Apr 1 0:00 1:00 S Rule Russia 1981 1983 - Oct 1 0:00 0 - -# Act No.967 of the Council of Ministers of the USSR (1984-09-13), repeated in -# Act No.227 of the Council of Ministers of the USSR (1989-03-14): -Rule Russia 1984 1991 - Sep lastSun 2:00s 0 - -Rule Russia 1985 1991 - Mar lastSun 2:00s 1:00 S +# Act No. 967 of the Council of Ministers of the USSR (1984-09-13), repeated in +# Act No. 227 of the Council of Ministers of the USSR (1989-03-14): +Rule Russia 1984 1995 - Sep lastSun 2:00s 0 - +Rule Russia 1985 2010 - Mar lastSun 2:00s 1:00 S # -Rule Russia 1992 only - Mar lastSat 23:00 1:00 S -Rule Russia 1992 only - Sep lastSat 23:00 0 - -Rule Russia 1993 2010 - Mar lastSun 2:00s 1:00 S -Rule Russia 1993 1995 - Sep lastSun 2:00s 0 - Rule Russia 1996 2010 - Oct lastSun 2:00s 0 - # As described below, Russia's 2014 change affects Zone data, not Rule data. +# From Stepan Golosunov (2016-03-07): +# Wikipedia and other sources refer to the Act of the Council of +# Ministers of the USSR from 1988-01-04 No. 5 and the Act of the +# Council of Ministers of the USSR from 1989-03-14 No. 227. +# +# I did not find full texts of these acts. For the 1989 one we have +# title at http://base.garant.ru/70754136/ : +# "About change in calculation of time on the territories of +# Lithuanian SSR, Latvian SSR and Estonian SSR, Astrakhan, +# Kaliningrad, Kirov, Kuybyshev, Ulyanovsk and Uralsk oblasts". +# And http://astrozet.net/files/Zones/DOC/RU/1980-925.txt appears to +# contain quotes from both acts: Since last Sunday of March 1988 rules +# of the second time belt are installed in Volgograd and Saratov +# oblasts. Since last Sunday of March 1989: +# a) Lithuanian SSR, Latvian SSR, Estonian SSR, Kaliningrad oblast: +# second time belt rules without extra hour (Moscow-1); +# b) Astrakhan, Kirov, Kuybyshev, Ulyanovsk oblasts: second time belt +# rules (Moscow time) +# c) Uralsk oblast: third time belt rules (Moscow+1). + +# From Stepan Golosunov (2016-03-27): +# Unamended version of the act of the +# Government of the Russian Federation No. 23 from 08.01.1992 +# http://pravo.gov.ru/proxy/ips/?docbody=&nd=102014034&rdk=0 +# says that every year clocks were to be moved forward on last Sunday +# of March at 2 hours and moved backwards on last Sunday of September +# at 3 hours. It was amended in 1996 to replace September with October. + # From Alexander Krivenyshev (2011-06-14): # According to Kremlin press service, Russian President Dmitry Medvedev # signed a federal law "On calculation of time" on June 9, 2011. @@ -851,7 +878,7 @@ # Bulgaria # # From Plamen Simenov via Steffen Thorsen (1999-09-09): -# A document of Government of Bulgaria (No.94/1997) says: +# A document of Government of Bulgaria (No. 94/1997) says: # EET -> EETDST is in 03:00 Local time in last Sunday of March ... # EETDST -> EET is in 04:00 Local time in last Sunday of October # @@ -868,7 +895,7 @@ 1:00 C-Eur CE%sT 1945 1:00 - CET 1945 Apr 2 3:00 2:00 - EET 1979 Mar 31 23:00 - 2:00 Bulg EE%sT 1982 Sep 26 2:00 + 2:00 Bulg EE%sT 1982 Sep 26 3:00 2:00 C-Eur EE%sT 1991 2:00 E-Eur EE%sT 1997 2:00 EU EE%sT @@ -1025,6 +1052,12 @@ # startkart.no says Thule does not observe DST, but this is clearly an error, # so go with Shanks & Pottenger for Thule transitions until this year. # For 2007 on assume Thule will stay in sync with US DST rules. + +# From J William Piggott (2016-02-20): +# "Greenland north of the community of Scoresbysund" is officially named +# "National Park" by Executive Order: +# http://naalakkersuisut.gl/~/media/Nanoq/Files/Attached%20Files/Engelske-tekster/Legislation/Executive%20Order%20National%20Park.rtf +# It is their only National Park. # # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule Thule 1991 1992 - Mar lastSun 2:00 1:00 D @@ -1050,6 +1083,10 @@ -4:00 Thule A%sT # Estonia +# +# From Paul Eggert (2016-03-18): +# The 1989 transition is from USSR act No. 227 (1989-03-14). +# # From Peter Ilieve (1994-10-15): # A relative in Tallinn confirms the accuracy of the data for 1989 onwards # [through 1994] and gives the legal authority for it, @@ -1085,8 +1122,8 @@ # after that. # From Mart Oruaas (2000-01-29): -# Regulation no. 301 (1999-10-12) obsoletes previous regulation -# no. 206 (1998-09-22) and thus sticks Estonia to +02:00 GMT for all +# Regulation No. 301 (1999-10-12) obsoletes previous regulation +# No. 206 (1998-09-22) and thus sticks Estonia to +02:00 GMT for all # the year round. The regulation is effective 1999-11-01. # From Toomas Soome (2002-02-21): @@ -1107,7 +1144,7 @@ 3:00 Russia MSK/MSD 1989 Mar 26 2:00s 2:00 1:00 EEST 1989 Sep 24 2:00s 2:00 C-Eur EE%sT 1998 Sep 22 - 2:00 EU EE%sT 1999 Nov 1 + 2:00 EU EE%sT 1999 Oct 31 4:00 2:00 - EET 2002 Feb 21 2:00 EU EE%sT @@ -1550,21 +1587,21 @@ # correct data in juridical acts and I found some juridical documents about # changes in the counting of time in Latvia from 1981.... # -# Act No.35 of the Council of Ministers of Latvian SSR of 1981-01-22 ... -# according to the Act No.925 of the Council of Ministers of USSR of 1980-10-24 +# Act No. 35 of the Council of Ministers of Latvian SSR of 1981-01-22 ... +# according to the Act No. 925 of the Council of Ministers of USSR of 1980-10-24 # ...: all year round the time of 2nd time zone + 1 hour, in addition turning # the hands of the clock 1 hour forward on 1 April at 00:00 (GMT 31 March 21:00) # and 1 hour backward on the 1 October at 00:00 (GMT 30 September 20:00). # -# Act No.592 of the Council of Ministers of Latvian SSR of 1984-09-24 ... -# according to the Act No.967 of the Council of Ministers of USSR of 1984-09-13 +# Act No. 592 of the Council of Ministers of Latvian SSR of 1984-09-24 ... +# according to the Act No. 967 of the Council of Ministers of USSR of 1984-09-13 # ...: all year round the time of 2nd time zone + 1 hour, in addition turning # the hands of the clock 1 hour forward on the last Sunday of March at 02:00 # (GMT 23:00 on the previous day) and 1 hour backward on the last Sunday of # September at 03:00 (GMT 23:00 on the previous day). # -# Act No.81 of the Council of Ministers of Latvian SSR of 1989-03-22 ... -# according to the Act No.227 of the Council of Ministers of USSR of 1989-03-14 +# Act No. 81 of the Council of Ministers of Latvian SSR of 1989-03-22 ... +# according to the Act No. 227 of the Council of Ministers of USSR of 1989-03-14 # ...: since the last Sunday of March 1989 in Lithuanian SSR, Latvian SSR, # Estonian SSR and Kaliningrad region of Russian Federation all year round the # time of 2nd time zone (Moscow time minus one hour). On the territory of Latvia @@ -1581,7 +1618,7 @@ # From Andrei Ivanov (2000-03-06): # This year Latvia will not switch to Daylight Savings Time (as specified in # The Regulations of the Cabinet of Ministers of the Rep. of Latvia of -# 29-Feb-2000 (#79) <http://www.lv-laiks.lv/wwwraksti/2000/071072/vd4.htm>, +# 29-Feb-2000 (No. 79) <http://www.lv-laiks.lv/wwwraksti/2000/071072/vd4.htm>, # in Latvian for subscribers only). # From RFE/RL Newsline @@ -1643,6 +1680,9 @@ # Lithuania +# From Paul Eggert (2016-03-18): +# The 1989 transition is from USSR act No. 227 (1989-03-14). + # From Paul Eggert (1996-11-22): # IATA SSIM (1992/1996) says Lithuania uses W-Eur rules, but since it is # known to be wrong about Estonia and Latvia, assume it's wrong here too. @@ -1682,8 +1722,8 @@ 1:00 - CET 1940 Aug 3 3:00 - MSK 1941 Jun 24 1:00 C-Eur CE%sT 1944 Aug - 3:00 Russia MSK/MSD 1991 Mar 31 2:00s - 2:00 1:00 EEST 1991 Sep 29 2:00s + 3:00 Russia MSK/MSD 1989 Mar 26 2:00s + 2:00 Russia EE%sT 1991 Sep 29 2:00s 2:00 C-Eur EE%sT 1998 2:00 - EET 1998 Mar 29 1:00u 1:00 EU CE%sT 1999 Oct 31 1:00u @@ -1748,6 +1788,16 @@ # Moldova +# From Stepan Golosunov (2016-03-07): +# the act of the government of the Republic of Moldova Nr. 132 from 1990-05-04 +# http://lex.justice.md/viewdoc.php?action=view&view=doc&id=298782&lang=2 +# ... says that since 1990-05-06 on the territory of the Moldavian SSR +# time would be calculated as the standard time of the second time belt +# plus one hour of the "summer" time. To implement that clocks would be +# adjusted one hour backwards at 1990-05-06 2:00. After that "summer" +# time would be cancelled last Sunday of September at 3:00 and +# reintroduced last Sunday of March at 2:00. + # From Paul Eggert (2006-03-22): # A previous version of this database followed Shanks & Pottenger, who write # that Tiraspol switched to Moscow time on 1992-01-19 at 02:00. @@ -1786,6 +1836,18 @@ # News from Moldova (in russian): # http://ru.publika.md/link_317061.html +# From Roman Tudos (2015-07-02): +# http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=355077 +# From Paul Eggert (2015-07-01): +# The abovementioned official link to IGO1445-868/2014 states that +# 2014-10-26's fallback transition occurred at 03:00 local time. Also, +# http://www.trm.md/en/social/la-30-martie-vom-trece-la-ora-de-vara +# says the 2014-03-30 spring-forward transition was at 02:00 local time. +# Guess that since 1997 Moldova has switched one hour before the EU. + +# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +Rule Moldova 1997 max - Mar lastSun 2:00 1:00 S +Rule Moldova 1997 max - Oct lastSun 3:00 0 - # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Europe/Chisinau 1:55:20 - LMT 1880 @@ -1794,13 +1856,11 @@ 2:00 Romania EE%sT 1940 Aug 15 2:00 1:00 EEST 1941 Jul 17 1:00 C-Eur CE%sT 1944 Aug 24 - 3:00 Russia MSK/MSD 1990 - 3:00 - MSK 1990 May 6 - 2:00 - EET 1991 + 3:00 Russia MSK/MSD 1990 May 6 2:00 2:00 Russia EE%sT 1992 2:00 E-Eur EE%sT 1997 # See Romania commentary for the guessed 1997 transition to EU rules. - 2:00 EU EE%sT + 2:00 Moldova EE%sT # Monaco # Shanks & Pottenger give 0:09:20 for Paris Mean Time; go with Howse's @@ -2146,7 +2206,7 @@ # Russia # From Alexander Krivenyshev (2011-09-15): -# Based on last Russian Government Decree # 725 on August 31, 2011 +# Based on last Russian Government Decree No. 725 on August 31, 2011 # (Government document # http://www.government.ru/gov/results/16355/print/ # in Russian) @@ -2156,7 +2216,7 @@ # http://www.worldtimezone.com/dst_news/dst_news_russia36.htm # From Sanjeev Gupta (2011-09-27): -# Scans of [Decree #23 of January 8, 1992] are available at: +# Scans of [Decree No. 23 of January 8, 1992] are available at: # http://government.consultant.ru/page.aspx?1223966 # They are in Cyrillic letters (presumably Russian). @@ -2167,19 +2227,19 @@ # One source is # http://government.ru/gov/results/16355/ # which, according to translate.google.com, begins "Decree of August 31, -# 2011 No 725" and contains no other dates or "effective date" information. +# 2011 No. 725" and contains no other dates or "effective date" information. # # Another source is # http://www.rg.ru/2011/09/06/chas-zona-dok.html # which, according to translate.google.com, begins "Resolution of the # Government of the Russian Federation on August 31, 2011 N 725" and also # contains "Date first official publication: September 6, 2011 Posted on: -# in the 'RG' - Federal Issue number 5573 September 6, 2011" but which +# in the 'RG' - Federal Issue No. 5573 September 6, 2011" but which # does not contain any "effective date" information. # # Another source is # http://en.wikipedia.org/wiki/Oymyakonsky_District#cite_note-RuTime-7 -# which, in note 8, contains "Resolution #725 of August 31, 2011... +# which, in note 8, contains "Resolution No. 725 of August 31, 2011... # Effective as of after 7 days following the day of the official publication" # but which does not contain any reference to September 6, 2011. # @@ -2274,16 +2334,32 @@ # Europe/Kaliningrad covers... # 39 RU-KGD Kaliningrad Oblast +# From Paul Eggert (2016-03-18): +# The 1989 transition is from USSR act No. 227 (1989-03-14). + +# From Stepan Golosunov (2016-03-07): +# http://www.rgo.ru/ru/kaliningradskoe-oblastnoe-otdelenie/ob-otdelenii/publikacii/kak-nam-zhilos-bez-letnego-vremeni +# confirms that the 1989 change to Moscow-1 was implemented. +# (The article, though, is misattributed to 1990 while saying that +# summer->winter transition would be done on the 24 of September. But +# 1990-09-24 was Monday, while 1989-09-24 was Sunday as expected.) +# ... +# http://www.kaliningradka.ru/site_pc/cherez/index.php?ELEMENT_ID=40091 +# says that Kaliningrad switched to Moscow-1 on 1989-03-26, avoided +# at the last moment switch to Moscow-1 on 1991-03-31, switched to +# Moscow on 1991-11-03, switched to Moscow-1 on 1992-01-19. + Zone Europe/Kaliningrad 1:22:00 - LMT 1893 Apr 1:00 C-Eur CE%sT 1945 2:00 Poland CE%sT 1946 - 3:00 Russia MSK/MSD 1991 Mar 31 2:00s + 3:00 Russia MSK/MSD 1989 Mar 26 2:00s 2:00 Russia EE%sT 2011 Mar 27 2:00s 3:00 - FET 2014 Oct 26 2:00s 2:00 - EET -# From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2001-08-25): +# From Paul Eggert (2016-02-21), per Tim Parenti (2014-07-03) and +# Oscar van Vlijmen (2001-08-25): # Europe/Moscow covers... # 01 RU-AD Adygea, Republic of # 05 RU-DA Dagestan, Republic of @@ -2326,12 +2402,92 @@ # 68 RU-TAM Tambov Oblast # 69 RU-TVE Tver Oblast # 71 RU-TUL Tula Oblast -# 73 RU-ULY Ulyanovsk Oblast # 76 RU-YAR Yaroslavl Oblast # 77 RU-MOW Moscow # 78 RU-SPE Saint Petersburg # 83 RU-NEN Nenets Autonomous Okrug +# From Stepan Golosunov (2016-03-07): +# 11. Regions-violators, 1981-1982. +# Wikipedia refers to +# http://maps.monetonos.ru/maps/raznoe/Old_Maps/Old_Maps/Articles/022/3_1981.html +# http://besp.narod.ru/nauka_1981_3.htm +# +# The second link provides two articles scanned from the Nauka i Zhizn +# magazine No. 3, 1981 and a scan of the short article attributed to +# the Trud newspaper from February 1982. The first link provides the +# same Nauka i Zhizn articles converted to the text form (but misses +# time belt changes map). +# +# The second Nauka i Zhizn article says that in addition to +# introduction of summer time on 1981-04-01 there are some time belt +# border changes on 1981-10-01, mostly affecting Nenets Autonomous +# Okrug, Krasnoyarsk Krai, Yakutia, Magadan Oblast and Chukotka +# according to the provided map (colored one). In addition to that +# "time violators" (regions which were not using rules of the time +# belts in which they were located) would not be moving off the DST on +# 1981-10-01 to restore the decree time usage. (Komi ASSR was +# supposed to repeat that move in October 1982 to account for the 2 +# hour difference.) Map depicting "time violators" before 1981-10-01 +# is also provided. +# +# The article from Trud says that 1981-10-01 changes caused problems +# and some territories would be moved to pre-1981-10-01 time by not +# moving to summer time on 1982-04-01. Namely: Dagestan, +# Kabardino-Balkar, Kalmyk, Komi, Mari, Mordovian, North Ossetian, +# Tatar, Chechen-Ingush and Chuvash ASSR, Krasnodar and Stavropol +# krais, Arkhangelsk, Vladimir, Vologda, Voronezh, Gorky, Ivanovo, +# Kostroma, Lipetsk, Penza, Rostov, Ryazan, Tambov, Tyumen and +# Yaroslavl oblasts, Nenets and Evenk autonomous okrugs, Khatangsky +# district of Taymyr Autonomous Okrug. As a result Evenk Autonomous +# Okrug and Khatangsky district of Taymyr Autonomous Okrug would end +# up on Moscow+4, Tyumen Oblast on Moscow+2 and the rest on Moscow +# time. +# +# http://astrozet.net/files/Zones/DOC/RU/1980-925.txt +# attributes the 1982 changes to the Act of the Council of Ministers +# of the USSR No. 126 from 18.02.1982. 1980-925.txt also adds +# Udmurtia to the list of affected territories and lists Khatangsky +# district separately from Taymyr Autonomous Okurg. Probably erroneously. +# +# The affected territories are currently listed under Europe/Moscow, +# Asia/Yekaterinburg and Asia/Krasnoyarsk. +# +# 12. Udmurtia +# The fact that Udmurtia is depicted as a violator in the Nauka i +# Zhizn article hints at Izhevsk being on different time from +# Kuybyshev before 1981-10-01. Udmurtia is not mentioned in the 1989 act. +# http://astrozet.net/files/Zones/DOC/RU/1980-925.txt +# implies Udmurtia was on Moscow time after 1982-04-01. +# Wikipedia implies Udmurtia being on Moscow+1 until 1991. +# +# ... +# +# All Russian zones are supposed to have by default a -1 change at +# 1991-03-31 2:00 (cancellation of the decree time in the USSR) and a +1 +# change at 1992-01-19 2:00 (restoration of the decree time in Russia). +# +# There were some exceptions, though. +# Wikipedia says newspapers listed Astrakhan, Saratov, Kirov, Volgograd, +# Izhevsk, Grozny, Kazan and Samara as such exceptions for the 1992 +# change. (Different newspapers providing different lists. And some +# lists found in the internet are quite wild.) +# +# And apparently some exceptions were reverted in the last moment. +# http://www.kaliningradka.ru/site_pc/cherez/index.php?ELEMENT_ID=40091 +# says that Kaliningrad decided not to be an exception 2 days before the +# 1991-03-31 switch and one person at +# http://izhevsk.ru/forum_light_message/50/682597-m8369040.html +# says he remembers that Samara opted out of the 1992-01-19 exception +# 2 days before the switch. +# +# +# From Paul Eggert (2016-03-18): +# Given the above, we appear to be missing some Zone entries for the +# chaotic early 1980s in Russia. It's not clear what these entries +# should be. For now, sweep this under the rug and just document the +# time in Moscow. + # From Vladimir Karpinsky (2014-07-08): # LMT in Moscow (before Jul 3, 1916) is 2:30:17, that was defined by Moscow # Observatory (coordinates: 55 deg. 45'29.70", 37 deg. 34'05.30").... @@ -2387,7 +2543,7 @@ # changed in May. 2:00 E-Eur EE%sT 1994 May # From IATA SSIM (1994/1997), which also says that Kerch is still like Kiev. - 3:00 E-Eur MSK/MSD 1996 Mar 31 3:00s + 3:00 E-Eur MSK/MSD 1996 Mar 31 0:00s 3:00 1:00 MSD 1996 Oct 27 3:00s # IATA SSIM (1997-09) says Crimea switched to EET/EEST. # Assume it happened in March by not changing the clocks. @@ -2405,47 +2561,102 @@ 3:00 - MSK -# From Tim Parenti (2014-07-03): -# Europe/Volgograd covers... +# From Paul Eggert (2016-03-18): +# Europe/Astrakhan covers: # 30 RU-AST Astrakhan Oblast +# +# The 1989 transition is from USSR act No. 227 (1989-03-14). + +# From Alexander Krivenyshev (2016-01-12): +# On February 10, 2016 Astrakhan Oblast got approval by the Federation +# Council to change its time zone to UTC+4 (from current UTC+3 Moscow time).... +# This Federal Law shall enter into force on 27 March 2016 at 02:00. +# From Matt Johnson (2016-03-09): +# http://publication.pravo.gov.ru/Document/View/0001201602150056 + +Zone Europe/Astrakhan 3:12:12 - LMT 1924 May + 3:00 - +03 1930 Jun 21 + 4:00 Russia +04/+05 1989 Mar 26 2:00s + 3:00 Russia +03/+04 1991 Mar 31 2:00s + 4:00 - +04 1992 Mar 29 2:00s + 3:00 Russia +03/+04 2011 Mar 27 2:00s + 4:00 - +04 2014 Oct 26 2:00s + 3:00 - +03 2016 Mar 27 2:00s + 4:00 - +04 + +# From Paul Eggert (2016-03-18): +# Europe/Volgograd covers: # 34 RU-VGG Volgograd Oblast -# 43 RU-KIR Kirov Oblast # 64 RU-SAR Saratov Oblast - -# From Paul Eggert (2006-05-09): -# Shanks & Pottenger say Kirov is still at +0400 but Wikipedia says +0300. -# Perhaps it switched after the others? But we have no data. +# The 1988 transition is from USSR act No. 5 (1988-01-04). Zone Europe/Volgograd 2:57:40 - LMT 1920 Jan 3 3:00 - TSAT 1925 Apr 6 # Tsaritsyn Time 3:00 - STAT 1930 Jun 21 # Stalingrad Time 4:00 - STAT 1961 Nov 11 - 4:00 Russia VOL%sT 1989 Mar 26 2:00s # Volgograd T + 4:00 Russia VOL%sT 1988 Mar 27 2:00s # Volgograd T 3:00 Russia VOL%sT 1991 Mar 31 2:00s 4:00 - VOLT 1992 Mar 29 2:00s 3:00 Russia MSK/MSD 2011 Mar 27 2:00s 4:00 - MSK 2014 Oct 26 2:00s 3:00 - MSK +# From Paul Eggert (2016-03-18): +# Europe/Kirov covers: +# 43 RU-KIR Kirov Oblast +# The 1989 transition is from USSR act No. 227 (1989-03-14). +# +Zone Europe/Kirov 3:18:48 - LMT 1919 Jul 1 2:00 + 3:00 - +03 1930 Jun 21 + 4:00 Russia +04/+05 1989 Mar 26 2:00s + 3:00 Russia +03/+04 1991 Mar 31 2:00s + 4:00 - +04 1992 Mar 29 2:00s + 3:00 Russia +03/+04 2011 Mar 27 2:00s + 4:00 - +04 2014 Oct 26 2:00s + 3:00 - +03 # From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2001-08-25): # Europe/Samara covers... # 18 RU-UD Udmurt Republic # 63 RU-SAM Samara Oblast +# From Paul Eggert (2016-03-18): # Byalokoz 1919 says Samara was 3:20:20. +# The 1989 transition is from USSR act No. 227 (1989-03-14). Zone Europe/Samara 3:20:20 - LMT 1919 Jul 1 2:00 - 3:00 - SAMT 1930 Jun 21 + 3:00 - SAMT 1930 Jun 21 # Samara Time 4:00 - SAMT 1935 Jan 27 4:00 Russia KUY%sT 1989 Mar 26 2:00s # Kuybyshev 3:00 Russia MSK/MSD 1991 Mar 31 2:00s 2:00 Russia EE%sT 1991 Sep 29 2:00s - 3:00 - KUYT 1991 Oct 20 3:00 - 4:00 Russia SAM%sT 2010 Mar 28 2:00s # Samara Time + 3:00 - SAMT 1991 Oct 20 3:00 + 4:00 Russia SAM%sT 2010 Mar 28 2:00s 3:00 Russia SAM%sT 2011 Mar 27 2:00s 4:00 - SAMT +# From Paul Eggert (2016-03-18): +# Europe/Ulyanovsk covers: +# 73 RU-ULY Ulyanovsk Oblast + +# The 1989 transition is from USSR act No. 227 (1989-03-14). + +# From Alexander Krivenyshev (2016-02-17): +# Ulyanovsk ... on their way to change time zones by March 27, 2016 at 2am. +# Ulyanovsk Oblast ... from MSK to MSK+1 (UTC+3 to UTC+4) ... +# 920582-6 ... 02/17/2016 The State Duma passed the bill in the first reading. +# From Matt Johnson (2016-03-09): +# http://publication.pravo.gov.ru/Document/View/0001201603090051 + +Zone Europe/Ulyanovsk 3:13:36 - LMT 1919 Jul 1 2:00 + 3:00 - +03 1930 Jun 21 + 4:00 Russia +04/+05 1989 Mar 26 2:00s + 3:00 Russia +03/+04 1991 Mar 31 2:00s + 2:00 Russia +02/+03 1992 Jan 19 2:00s + 3:00 Russia +03/+04 2011 Mar 27 2:00s + 4:00 - +04 2014 Oct 26 2:00s + 3:00 - +03 2016 Mar 27 2:00s + 4:00 - +04 # From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2001-08-25): # Asia/Yekaterinburg covers... @@ -2479,8 +2690,6 @@ # From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2001-08-25): # Asia/Omsk covers... -# 04 RU-AL Altai Republic -# 22 RU-ALT Altai Krai # 55 RU-OMS Omsk Oblast # Byalokoz 1919 says Omsk was 4:53:30. @@ -2493,14 +2702,49 @@ 7:00 - OMST 2014 Oct 26 2:00s 6:00 - OMST - -# From Tim Parenti (2014-07-03): -# Asia/Novosibirsk covers... +# From Paul Eggert (2016-02-22): +# Asia/Barnaul covers: +# 04 RU-AL Altai Republic +# 22 RU-ALT Altai Krai + +# Data before 1991 are from Shanks & Pottenger. + +# From Stepan Golosunov (2016-03-07): +# Letter of Bank of Russia from 1995-05-25 +# http://www.bestpravo.ru/rossijskoje/lj-akty/y3a.htm +# suggests that Altai Republic transitioned to Moscow+3 on +# 1995-05-28. +# +# http://regnum.ru/news/society/1957270.html +# has some historical data for Altai Krai: +# before 1957: west part on UTC+6, east on UTC+7 +# after 1957: UTC+7 +# since 1995: UTC+6 +# http://barnaul.rusplt.ru/index/pochemu_altajskij_kraj_okazalsja_v_neprivychnom_chasovom_pojase-17648.html +# confirms that and provides more details including 1995-05-28 transition date. + +# From Alexander Krivenyshev (2016-02-17): +# Altai Krai and Altai Republic on their way to change time zones +# by March 27, 2016 at 2am.... +# Altai Republic / Gorno-Altaysk MSK+3 to MSK+4 (UTC+6 to UTC+7) ... +# Altai Krai / Barnaul MSK+3 to MSK+4 (UTC+6 to UTC+7) +# From Matt Johnson (2016-03-09): +# http://publication.pravo.gov.ru/Document/View/0001201603090043 +# http://publication.pravo.gov.ru/Document/View/0001201603090038 + +Zone Asia/Barnaul 5:35:00 - LMT 1919 Dec 10 + 6:00 - +06 1930 Jun 21 + 7:00 Russia +07/+08 1991 Mar 31 2:00s + 6:00 Russia +06/+07 1992 Jan 19 2:00s + 7:00 Russia +07/+08 1995 May 28 + 6:00 Russia +06/+07 2011 Mar 27 2:00s + 7:00 - +07 2014 Oct 26 2:00s + 6:00 - +06 2016 Mar 27 2:00s + 7:00 - +07 + +# From Paul Eggert (2016-03-18): +# Asia/Novosibirsk covers: # 54 RU-NVS Novosibirsk Oblast -# 70 RU-TOM Tomsk Oblast - -# From Paul Eggert (2006-08-19): I'm guessing about Tomsk here; it's -# not clear when it switched from +7 to +6. Zone Asia/Novosibirsk 5:31:40 - LMT 1919 Dec 14 6:00 6:00 - NOVT 1930 Jun 21 # Novosibirsk Time @@ -2511,6 +2755,55 @@ 7:00 - NOVT 2014 Oct 26 2:00s 6:00 - NOVT +# From Paul Eggert (2016-03-18): +# Asia/Tomsk covers: +# 70 RU-TOM Tomsk Oblast + +# From Stepan Golosunov (2016-03-24): +# Byalokoz listed Tomsk at 5:39:51. + +# From Stanislaw A. Kuzikowski (1994-06-29): +# Tomsk is still 4 hours ahead of Moscow. + +# From Stepan Golosunov (2016-03-19): +# http://pravo.gov.ru/proxy/ips/?docbody=&nd=102075743 +# (fifth time belt being UTC+5+1(decree time) +# / UTC+5+1(decree time)+1(summer time)) ... +# Note that time belts (numbered from 2 (Moscow) to 12 according to their +# GMT/UTC offset and having too many exceptions like regions formally +# belonging to one belt but using time from another) were replaced +# with time zones in 2011 with different numberings (there was a +# 2-hour gap between second and third zones in 2011-2014). + +# From Stepan Golosunov (2016-04-12): +# http://asozd2.duma.gov.ru/main.nsf/(SpravkaNew)?OpenAgent&RN=1006865-6 +# This bill was approved in the first reading today. It moves Tomsk oblast +# from UTC+6 to UTC+7 and is supposed to come into effect on 2016-05-29 at +# 2:00. The bill needs to be approved in the second and the third readings by +# the State Duma, approved by the Federation Council, signed by the President +# and published to become a law. Minor changes in the text are to be expected +# before the second reading (references need to be updated to account for the +# recent changes). +# +# Judging by the ultra-short one-day amendments period, recent similar laws, +# the State Duma schedule and the Federation Council schedule +# http://www.duma.gov.ru/legislative/planning/day-shedule/por_vesna_2016/ +# http://council.gov.ru/activity/meetings/schedule/63303 +# I speculate that the final text of the bill will be proposed tomorrow, the +# bill will be approved in the second and the third readings on Friday, +# approved by the Federation Council on 2016-04-20, signed by the President and +# published as a law around 2016-04-26. + +Zone Asia/Tomsk 5:39:51 - LMT 1919 Dec 22 + 6:00 - +06 1930 Jun 21 + 7:00 Russia +07/+08 1991 Mar 31 2:00s + 6:00 Russia +06/+07 1992 Jan 19 2:00s + 7:00 Russia +07/+08 2002 May 1 3:00 + 6:00 Russia +06/+07 2011 Mar 27 2:00s + 7:00 - +07 2014 Oct 26 2:00s + 6:00 - +06 2016 May 29 2:00s + 7:00 - +07 + # From Tim Parenti (2014-07-03): # Asia/Novokuznetsk covers... @@ -2522,7 +2815,7 @@ # from current Russia Zone 6 - Krasnoyarsk Time Zone (KRA) UTC +0700 # to Russia Zone 5 - Novosibirsk Time Zone (NOV) UTC +0600 # -# This is according to Government of Russia decree # 740, on September +# This is according to Government of Russia decree No. 740, on September # 14, 2009 "Application in the territory of the Kemerovo region the Fifth # time zone." ("Russia Zone 5" or old "USSR Zone 5" is GMT +0600) # @@ -2534,9 +2827,6 @@ # # Thus, when Russia will switch to DST on the night of March 28, 2010 # Kemerovo region (Kemerovo oblast') will not change the clock. -# -# As a result, Kemerovo oblast' will be in the same time zone as -# Novosibirsk, Omsk, Tomsk, Barnaul and Altai Republic. # From Tim Parenti (2014-07-02), per Alexander Krivenyshev (2014-07-02): # The Kemerovo region will remain at UTC+7 through the 2014-10-26 change, thus @@ -2601,13 +2891,20 @@ # Note: Effective 2008-03-01, (75) Chita Oblast and (80) Agin-Buryat # Autonomous Okrug merged to form (92, RU-ZAB) Zabaykalsky Krai. +# From Alexander Krivenyshev (2016-01-02): +# [The] time zone in the Trans-Baikal Territory (Zabaykalsky Krai) - +# Asia/Chita [is changing] from UTC+8 to UTC+9. Effective date will +# be March 27, 2016 at 2:00am.... +# http://publication.pravo.gov.ru/Document/View/0001201512300107 + Zone Asia/Chita 7:33:52 - LMT 1919 Dec 15 8:00 - YAKT 1930 Jun 21 # Yakutsk Time 9:00 Russia YAK%sT 1991 Mar 31 2:00s 8:00 Russia YAK%sT 1992 Jan 19 2:00s 9:00 Russia YAK%sT 2011 Mar 27 2:00s 10:00 - YAKT 2014 Oct 26 2:00s - 8:00 - IRKT + 8:00 - IRKT 2016 Mar 27 2:00 + 9:00 - YAKT # From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2009-11-29): @@ -2709,6 +3006,11 @@ # ...with the exception of: # 65-11 **** Severo-Kurilsky District (North Kuril Islands) +# From Matt Johnson (2016-02-22): +# Asia/Sakhalin is moving (in entirety) from UTC+10 to UTC+11 ... +# (2016-03-09): +# http://publication.pravo.gov.ru/Document/View/0001201603090044 + # The Zone name should be Asia/Yuzhno-Sakhalinsk, but that's too long. Zone Asia/Sakhalin 9:30:48 - LMT 1905 Aug 23 9:00 - JCST 1937 Oct 1 @@ -2718,7 +3020,8 @@ 11:00 Russia SAK%sT 1997 Mar lastSun 2:00s 10:00 Russia SAK%sT 2011 Mar 27 2:00s 11:00 - SAKT 2014 Oct 26 2:00s - 10:00 - SAKT + 10:00 - SAKT 2016 Mar 27 2:00s + 11:00 - SAKT # From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2009-11-29): @@ -2732,13 +3035,22 @@ # until now by Asia/Magadan, will instead move to UTC+11. These regions will # need their own zone. +# From Alexander Krivenyshev (2016-03-27): +# ... draft bill 948300-6 to change its time zone from UTC+10 to UTC+11 ... +# will take ... effect ... on April 24, 2016 at 2 o'clock +# +# From Matt Johnson (2016-04-05): +# ... signed by the President today ... +# http://publication.pravo.gov.ru/Document/View/0001201604050038 + Zone Asia/Magadan 10:03:12 - LMT 1924 May 2 10:00 - MAGT 1930 Jun 21 # Magadan Time 11:00 Russia MAG%sT 1991 Mar 31 2:00s 10:00 Russia MAG%sT 1992 Jan 19 2:00s 11:00 Russia MAG%sT 2011 Mar 27 2:00s 12:00 - MAGT 2014 Oct 26 2:00s - 10:00 - MAGT + 10:00 - MAGT 2016 Apr 24 2:00s + 11:00 - MAGT # From Tim Parenti (2014-07-06): @@ -2945,7 +3257,7 @@ Zone Atlantic/Canary -1:01:36 - LMT 1922 Mar # Las Palmas de Gran C. -1:00 - CANT 1946 Sep 30 1:00 # Canaries T 0:00 - WET 1980 Apr 6 0:00s - 0:00 1:00 WEST 1980 Sep 28 0:00s + 0:00 1:00 WEST 1980 Sep 28 1:00u 0:00 EU WE%sT # IATA SSIM (1996-09) says the Canaries switch at 2:00u, not 1:00u. # Ignore this for now, as the Canaries are part of the EU. @@ -3158,6 +3470,17 @@ # http://www.balkaneu.com/eventful-elections-turkey/ 2014-03-30. # I guess the best we can do is document the official time. +# From Fatih (2015-09-29): +# It's officially announced now by the Ministry of Energy. +# Turkey delays winter time to 8th of November 04:00 +# http://www.aa.com.tr/tr/turkiye/yaz-saati-uygulamasi-8-kasimda-sona-erecek/362217 +# +# From BBC News (2015-10-25): +# Confused Turks are asking "what's the time?" after automatic clocks defied a +# government decision ... "For the next two weeks #Turkey is on EEST... Erdogan +# Engineered Standard Time," said Twitter user @aysekarahasan. +# http://www.bbc.com/news/world-europe-34631326 + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule Turkey 1916 only - May 1 0:00 1:00 S Rule Turkey 1916 only - Oct 1 0:00 0 - @@ -3227,6 +3550,8 @@ 2:00 - EET 2011 Mar 28 1:00u 2:00 EU EE%sT 2014 Mar 30 1:00u 2:00 - EET 2014 Mar 31 1:00u + 2:00 EU EE%sT 2015 Oct 25 1:00u + 2:00 1:00 EEST 2015 Nov 8 1:00u 2:00 EU EE%sT Link Europe/Istanbul Asia/Istanbul # Istanbul is in both continents. @@ -3235,7 +3560,7 @@ # From Igor Karpov, who works for the Ukrainian Ministry of Justice, # via Garrett Wollman (2003-01-27): # BTW, I've found the official document on this matter. It's government -# regulations number 509, May 13, 1996. In my poor translation it says: +# regulations No. 509, May 13, 1996. In my poor translation it says: # "Time in Ukraine is set to second timezone (Kiev time). Each last Sunday # of March at 3am the time is changing to 4am and each last Sunday of # October the time at 4am is changing to 3am" @@ -3244,7 +3569,7 @@ # On September 20, 2011 the deputies of the Verkhovna Rada agreed to # abolish the transfer clock to winter time. # -# Bill number 8330 of MP from the Party of Regions Oleg Nadoshi got +# Bill No. 8330 of MP from the Party of Regions Oleg Nadoshi got # approval from 266 deputies. # # Ukraine abolishes transfer back to the winter time (in Russian)
--- a/make/sun/javazic/tzdata/iso3166.tab Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/javazic/tzdata/iso3166.tab Sat Sep 10 22:36:17 2016 +0100 @@ -26,11 +26,10 @@ # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. # -# From Paul Eggert (2014-07-18): +# From Paul Eggert (2015-05-02): # This file contains a table of two-letter country codes. Columns are # separated by a single tab. Lines beginning with '#' are comments. -# Although all text currently uses ASCII encoding, this is planned to -# change to UTF-8 soon. The columns of the table are as follows: +# All text uses UTF-8 encoding. The columns of the table are as follows: # # 1. ISO 3166-1 alpha-2 country code, current as of # ISO 3166-1 Newsletter VI-16 (2013-07-11). See: Updates on ISO 3166 @@ -61,7 +60,7 @@ AT Austria AU Australia AW Aruba -AX Aaland Islands +AX Åland Islands AZ Azerbaijan BA Bosnia & Herzegovina BB Barbados @@ -76,7 +75,7 @@ BM Bermuda BN Brunei BO Bolivia -BQ Caribbean Netherlands +BQ Caribbean NL BR Brazil BS Bahamas BT Bhutan @@ -90,7 +89,7 @@ CF Central African Rep. CG Congo (Rep.) CH Switzerland -CI Cote d'Ivoire +CI Côte d'Ivoire CK Cook Islands CL Chile CM Cameroon @@ -187,7 +186,7 @@ MC Monaco MD Moldova ME Montenegro -MF St Martin (French part) +MF St Martin (French) MG Madagascar MH Marshall Islands MK Macedonia @@ -234,7 +233,7 @@ PW Palau PY Paraguay QA Qatar -RE Reunion +RE Réunion RO Romania RS Serbia RU Russia @@ -257,7 +256,7 @@ SS South Sudan ST Sao Tome & Principe SV El Salvador -SX St Maarten (Dutch part) +SX St Maarten (Dutch) SY Syria SZ Swaziland TC Turks & Caicos Is
--- a/make/sun/javazic/tzdata/leapseconds Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/javazic/tzdata/leapseconds Sat Sep 10 22:36:17 2016 +0100 @@ -29,6 +29,7 @@ # leap-seconds.list file available from most NIST time servers. # If the URL <ftp://time.nist.gov/pub/leap-seconds.list> does not work, # you should be able to pick up leap-seconds.list from a secondary NIST server. +# See <http://tf.nist.gov/tf-cgi/servers.cgi> for a list of secondary servers. # For more about leap-seconds.list, please see # The NTP Timescale and Leap Seconds # http://www.eecis.udel.edu/~mills/leap.html @@ -79,5 +80,5 @@ Leap 2012 Jun 30 23:59:60 + S Leap 2015 Jun 30 23:59:60 + S -# Updated through IERS Bulletin C49 -# File expires on: 28 December 2015 +# Updated through IERS Bulletin C51 +# File expires on: 28 December 2016
--- a/make/sun/javazic/tzdata/northamerica Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/javazic/tzdata/northamerica Sat Sep 10 22:36:17 2016 +0100 @@ -348,6 +348,16 @@ # Statue 175 closer in synch with the US Congress' intent.... # http://www.legis.state.wi.us/2007/data/acts/07Act3.pdf +# From an email administrator of the City of Fort Pierre, SD (2015-12-21): +# Fort Pierre is technically located in the Mountain time zone as is +# the rest of Stanley County. Most of Stanley County and Fort Pierre +# uses the Central time zone due to doing most of their business in +# Pierre so it simplifies schedules. I have lived in Stanley County +# all my life and it has been that way since I can remember. (43 years!) +# +# From Paul Eggert (2015-12-25): +# Assume this practice predates 1970, so Fort Pierre can use America/Chicago. + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER Rule Chicago 1920 only - Jun 13 2:00 1:00 D Rule Chicago 1920 1921 - Oct lastSun 2:00 0 S @@ -504,6 +514,12 @@ # For lack of better information, assume that Metlakatla's # abandonment of use of daylight saving resulted from the 1983 vote. +# From Steffen Thorsen (2015-11-09): +# It seems Metlakatla did go off PST on Sunday, November 1, changing +# their time to AKST and are going to follow Alaska's DST, switching +# between AKST and AKDT from now on.... +# http://www.krbd.org/2015/10/30/annette-island-times-they-are-a-changing/ + # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone America/Juneau 15:02:19 - LMT 1867 Oct 18 -8:57:41 - LMT 1900 Aug 20 12:00 @@ -529,7 +545,8 @@ -8:00 US P%sT 1946 -8:00 - PST 1969 -8:00 US P%sT 1983 Oct 30 2:00 - -8:00 - PST + -8:00 - PST 2015 Nov 1 2:00 + -9:00 US AK%sT Zone America/Yakutat 14:41:05 - LMT 1867 Oct 18 -9:18:55 - LMT 1900 Aug 20 12:00 -9:00 - YST 1942 @@ -1258,10 +1275,19 @@ # west Labrador, Nova Scotia, Prince Edward I -# From Paul Eggert (2006-03-22): +# From Brian Inglis (2015-07-20): +# From the historical weather station records available at: +# https://weatherspark.com/history/28351/1971/Sydney-Nova-Scotia-Canada +# Sydney shares the same time history as Glace Bay, so was +# likely to be the same across the island.... +# Sydney, as the capital and most populous location, or Cape Breton, would +# have been better names for the zone had we known this in 1996. + +# From Paul Eggert (2015-07-20): # Shanks & Pottenger write that since 1970 most of this region has been like # Halifax. Many locales did not observe peacetime DST until 1972; -# Glace Bay, NS is the largest that we know of. +# the Cape Breton area, represented by Glace Bay, is the largest we know of +# (Glace Bay was perhaps not the best name choice but no point changing now). # Shanks & Pottenger also write that Liverpool, NS was the only town # in Canada to observe DST in 1971 but not 1970; for now we'll assume # this is a typo. @@ -1819,13 +1845,13 @@ # Exact date in October unknown; Sunday October 1 is a reasonable guess. # 3. June 1918: switch to Pacific Daylight Time (GMT-7) # Exact date in June unknown; Sunday June 2 is a reasonable guess. -# note#1: +# note 1: # On Oct 27/1918 when daylight saving ended in the rest of Canada, # Creston did not change its clocks. -# note#2: +# note 2: # During WWII when the Federal Government legislated a mandatory clock change, # Creston did not oblige. -# note#3: +# note 3: # There is no guarantee that Creston will remain on Mountain Standard Time # (UTC-7) forever. # The subject was debated at least once this year by the town Council. @@ -1840,6 +1866,22 @@ # The transition dates (and times) are guesses. +# From Matt Johnson (2015-09-21): +# Fort Nelson, BC, Canada will cancel DST this year. So while previously they +# were aligned with America/Vancouver, they're now aligned with +# America/Dawson_Creek. +# http://www.northernrockies.ca/EN/meta/news/archives/2015/northern-rockies-time-change.html +# +# From Tim Parenti (2015-09-23): +# This requires a new zone for the Northern Rockies Regional Municipality, +# America/Fort_Nelson. The resolution of 2014-12-08 was reached following a +# 2014-11-15 poll with nearly 75% support. Effectively, the municipality has +# been on MST (-0700) like Dawson Creek since it advanced its clocks on +# 2015-03-08. +# +# From Paul Eggert (2015-09-23): +# Shanks says Fort Nelson did not observe DST in 1946, unlike Vancouver. + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule Vanc 1918 only - Apr 14 2:00 1:00 D Rule Vanc 1918 only - Oct 27 2:00 0 S @@ -1858,6 +1900,12 @@ -8:00 Canada P%sT 1947 -8:00 Vanc P%sT 1972 Aug 30 2:00 -7:00 - MST +Zone America/Fort_Nelson -8:10:47 - LMT 1884 + -8:00 Vanc P%sT 1946 + -8:00 - PST 1947 + -8:00 Vanc P%sT 1987 + -8:00 Canada P%sT 2015 Mar 8 2:00 + -7:00 - MST Zone America/Creston -7:46:04 - LMT 1884 -7:00 - MST 1916 Oct 1 -8:00 - PST 1918 Jun 2 @@ -2450,13 +2498,22 @@ -6:00 - CST 1981 Dec 23 -5:00 - EST 1982 Dec 2 -6:00 Mexico C%sT -# Coahuila, Durango, Nuevo León, Tamaulipas (near US border) +# Coahuila, Nuevo León, Tamaulipas (near US border) +# This includes the following municipalities: +# in Coahuila: Ocampo, Acuña, Zaragoza, Jiménez, Piedras Negras, Nava, +# Guerrero, Hidalgo. +# in Nuevo León: Anáhuac, Los Aldama. +# in Tamaulipas: Nuevo Laredo, Guerrero, Mier, Miguel Alemán, Camargo, +# Gustavo Díaz Ordaz, Reynosa, Río Bravo, Valle Hermoso, Matamoros. +# See: Inicia mañana Horario de Verano en zona fronteriza, El Universal, +# 2016-03-12 +# http://www.eluniversal.com.mx/articulo/estados/2016/03/12/inicia-manana-horario-de-verano-en-zona-fronteriza Zone America/Matamoros -6:40:00 - LMT 1921 Dec 31 23:20:00 -6:00 - CST 1988 -6:00 US C%sT 1989 -6:00 Mexico C%sT 2010 -6:00 US C%sT -# Coahuila, Durango, Nuevo León, Tamaulipas (away from US border) +# Durango; Coahuila, Nuevo León, Tamaulipas (away from US border) Zone America/Monterrey -6:41:16 - LMT 1921 Dec 31 23:18:44 -6:00 - CST 1988 -6:00 US C%sT 1989 @@ -2472,6 +2529,9 @@ -6:00 - CST 2002 Feb 20 -6:00 Mexico C%sT # Chihuahua (near US border) +# This includes the municipalities of Janos, Ascensión, Juárez, Guadalupe, +# Práxedis G Guerrero, Coyame del Sotol, Ojinaga, and Manuel Benavides. +# (See the 2016-03-12 El Universal source mentioned above.) Zone America/Ojinaga -6:57:40 - LMT 1922 Jan 1 0:02:20 -7:00 - MST 1927 Jun 10 23:00 -6:00 - CST 1930 Nov 15 @@ -2559,7 +2619,7 @@ -7:00 Mexico M%sT 2010 Apr 4 2:00 -6:00 Mexico C%sT -# Baja California (near US border) +# Baja California Zone America/Tijuana -7:48:04 - LMT 1922 Jan 1 0:11:56 -7:00 - MST 1924 -8:00 - PST 1927 Jun 10 23:00 @@ -2579,25 +2639,6 @@ -8:00 US P%sT 2002 Feb 20 -8:00 Mexico P%sT 2010 -8:00 US P%sT -# Baja California (away from US border) -Zone America/Santa_Isabel -7:39:28 - LMT 1922 Jan 1 0:20:32 - -7:00 - MST 1924 - -8:00 - PST 1927 Jun 10 23:00 - -7:00 - MST 1930 Nov 15 - -8:00 - PST 1931 Apr 1 - -8:00 1:00 PDT 1931 Sep 30 - -8:00 - PST 1942 Apr 24 - -8:00 1:00 PWT 1945 Aug 14 23:00u - -8:00 1:00 PPT 1945 Nov 12 # Peace - -8:00 - PST 1948 Apr 5 - -8:00 1:00 PDT 1949 Jan 14 - -8:00 - PST 1954 - -8:00 CA P%sT 1961 - -8:00 - PST 1976 - -8:00 US P%sT 1996 - -8:00 Mexico P%sT 2001 - -8:00 US P%sT 2002 Feb 20 - -8:00 Mexico P%sT # From Paul Eggert (2006-03-22): # Formerly there was an America/Ensenada zone, which differed from # America/Tijuana only in that it did not observe DST from 1976 @@ -2610,6 +2651,13 @@ # other than America/Tijuana for Baja, but it's not clear yet what its # name or contents should be. # +# From Paul Eggert (2015-10-08): +# Formerly there was an America/Santa_Isabel zone, but this appears to +# have come from a misreading of +# http://dof.gob.mx/nota_detalle.php?codigo=5127480&fecha=06/01/2010 +# It has been moved to the 'backward' file. +# +# # Revillagigedo Is # no information @@ -3047,6 +3095,13 @@ # http://radiovision2000haiti.net/public/haiti-avis-changement-dheure-dimanche/ # http://www.canalplushaiti.net/?p=6714 +# From Steffen Thorsen (2016-03-12): +# Jean Antoine, editor of www.haiti-reference.com informed us that Haiti +# are not going on DST this year. Several other resources confirm this: ... +# http://www.radiotelevisioncaraibes.com/presse/heure_d_t_pas_de_changement_d_heure_pr_vu_pour_cet_ann_e.html +# http://www.vantbefinfo.com/changement-dheure-pas-pour-haiti/ +# http://news.anmwe.com/haiti-lheure-nationale-ne-sera-ni-avancee-ni-reculee-cette-annee/ + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule Haiti 1983 only - May 8 0:00 1:00 D Rule Haiti 1984 1987 - Apr lastSun 0:00 1:00 D @@ -3057,8 +3112,8 @@ Rule Haiti 1988 1997 - Oct lastSun 1:00s 0 S Rule Haiti 2005 2006 - Apr Sun>=1 0:00 1:00 D Rule Haiti 2005 2006 - Oct lastSun 0:00 0 S -Rule Haiti 2012 max - Mar Sun>=8 2:00 1:00 D -Rule Haiti 2012 max - Nov Sun>=1 2:00 0 S +Rule Haiti 2012 2015 - Mar Sun>=8 2:00 1:00 D +Rule Haiti 2012 2015 - Nov Sun>=1 2:00 0 S # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone America/Port-au-Prince -4:49:20 - LMT 1890 -4:49 - PPMT 1917 Jan 24 12:00 # P-a-P MT
--- a/make/sun/javazic/tzdata/southamerica Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/javazic/tzdata/southamerica Sat Sep 10 22:36:17 2016 +0100 @@ -53,7 +53,7 @@ # I suggest the use of _Summer time_ instead of the more cumbersome # _daylight-saving time_. _Summer time_ seems to be in general use # in Europe and South America. -# -- E O Cutler, _New York Times_ (1937-02-14), quoted in +# -- E O Cutler, _New York Times_ (1937-02-14), quoted in # H L Mencken, _The American Language: Supplement I_ (1960), p 466 # # Earlier editions of these tables also used the North American style @@ -154,7 +154,7 @@ # Timezone Law (which never was effectively applied) will (would?) be # in effect.... The article is at # http://ar.clarin.com/diario/2001-06-06/e-01701.htm -# ... The Law itself is "Ley No 25155", sanctioned on 1999-08-25, enacted +# ... The Law itself is "Ley No. 25155", sanctioned on 1999-08-25, enacted # 1999-09-17, and published 1999-09-21. The official publication is at: # http://www.boletin.jus.gov.ar/BON/Primera/1999/09-Septiembre/21/PDF/BO21-09-99LEG.PDF # Regretfully, you have to subscribe (and pay) for the on-line version.... @@ -198,15 +198,11 @@ # http://www.worldtimezone.com/dst_news/dst_news_argentina03.html # http://www.impulsobaires.com.ar/nota.php?id=57832 (in spanish) -# From Rodrigo Severo (2008-10-06): -# Here is some info available at a Gentoo bug related to TZ on Argentina's DST: -# ... -# ------- Comment #1 from [jmdocile] 2008-10-06 16:28 0000 ------- -# Hi, there is a problem with timezone-data-2008e and maybe with -# timezone-data-2008f -# Argentinian law [Number] 25.155 is no longer valid. +# From Juan Manuel Docile in https://bugs.gentoo.org/240339 (2008-10-07) +# via Rodrigo Severo: +# Argentinian law No. 25.155 is no longer valid. # http://www.infoleg.gov.ar/infolegInternet/anexos/60000-64999/60036/norma.htm -# The new one is law [Number] 26.350 +# The new one is law No. 26.350 # http://www.infoleg.gov.ar/infolegInternet/anexos/135000-139999/136191/norma.htm # So there is no summer time in Argentina for now. @@ -794,7 +790,7 @@ # [ and in a second message (same day): ] # I found the decree. # -# DECRETO No- 7.584, DE 13 DE OUTUBRO DE 2011 +# DECRETO No. 7.584, DE 13 DE OUTUBRO DE 2011 # Link : # http://www.in.gov.br/visualiza/index.jsp?data=13/10/2011&jornal=1000&pagina=6&totalArquivos=6 @@ -1148,7 +1144,7 @@ # Conflicts between [1] and [2] were resolved as follows: # # - [1] says the 1910 transition was Jan 1, [2] says Jan 10 and cites -# Boletín Nº 1, Aviso Nº 1 (1910). Go with [2]. +# Boletín No. 1, Aviso No. 1 (1910). Go with [2]. # # - [1] says SMT was -4:42:45, [2] says Chile's official time from # 1916 to 1919 was -4:42:46.3, the meridian of Chile's National @@ -1156,7 +1152,7 @@ # Quinta Normal in Santiago. Go with [2], rounding it to -4:42:46. # # - [1] says the 1918 transition was Sep 1, [2] says Sep 10 and cites -# Boletín Nº 22, Aviso Nº 129/1918 (1918-08-23). Go with [2]. +# Boletín No. 22, Aviso No. 129/1918 (1918-08-23). Go with [2]. # # - [1] does not give times for transitions; assume they occur # at midnight mainland time, the current common practice. However, @@ -1248,6 +1244,20 @@ # From Paul Eggert (2015-03-03): # For now, assume that the extension will persist indefinitely. +# From Juan Correa (2016-03-18): +# The decree regarding DST has been published in today's Official Gazette: +# http://www.diariooficial.interior.gob.cl/versiones-anteriores/do/20160318/ +# http://www.leychile.cl/Navegar?idNorma=1088502 +# It does consider the second Saturday of May and August as the dates +# for the transition; and it lists DST dates until 2019, but I think +# this scheme will stick. +# +# From Paul Eggert (2016-03-18): +# For now, assume the pattern holds for the indefinite future. +# The decree says transitions occur at 24:00; in practice this appears +# to mean 24:00 mainland time, not 24:00 local time, so that Easter +# Island is always two hours behind the mainland. + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule Chile 1927 1931 - Sep 1 0:00 1:00 S Rule Chile 1928 1932 - Apr 1 0:00 0 - @@ -1279,8 +1289,10 @@ Rule Chile 2010 only - Apr Sun>=1 3:00u 0 - Rule Chile 2011 only - May Sun>=2 3:00u 0 - Rule Chile 2011 only - Aug Sun>=16 4:00u 1:00 S -Rule Chile 2012 2015 - Apr Sun>=23 3:00u 0 - +Rule Chile 2012 2014 - Apr Sun>=23 3:00u 0 - Rule Chile 2012 2014 - Sep Sun>=2 4:00u 1:00 S +Rule Chile 2016 max - May Sun>=9 3:00u 0 - +Rule Chile 2016 max - Aug Sun>=9 4:00u 1:00 S # IATA SSIM anomalies: (1992-02) says 1992-03-14; # (1996-09) says 1998-03-08. Ignore these. # Zone NAME GMTOFF RULES FORMAT [UNTIL] @@ -1297,13 +1309,11 @@ -4:00 1:00 CLST 1946 Sep 1 # central Chile -4:00 - CLT 1947 Apr 1 -5:00 - CLT 1947 May 21 23:00 - -4:00 Chile CL%sT 2015 Apr 26 3:00u - -3:00 - CLT + -4:00 Chile CL%sT Zone Pacific/Easter -7:17:28 - LMT 1890 -7:17:28 - EMT 1932 Sep # Easter Mean Time -7:00 Chile EAS%sT 1982 Mar 14 3:00u # Easter Time - -6:00 Chile EAS%sT 2015 Apr 26 3:00u - -5:00 - EAST + -6:00 Chile EAS%sT # # Salas y Gómez Island is uninhabited. # Other Chilean locations, including Juan Fernández Is, Desventuradas Is, @@ -1325,8 +1335,7 @@ Zone Antarctica/Palmer 0 - zzz 1965 -4:00 Arg AR%sT 1969 Oct 5 -3:00 Arg AR%sT 1982 May - -4:00 Chile CL%sT 2015 Apr 26 3:00u - -3:00 - CLT + -4:00 Chile CL%sT # Colombia @@ -1556,7 +1565,7 @@ # (1999-09) reports no date; go with above sources and Gerd Knops (2001-02-27). Rule Para 1998 2001 - Mar Sun>=1 0:00 0 - # From Rives McDow (2002-02-28): -# A decree was issued in Paraguay (no. 16350) on 2002-02-26 that changed the +# A decree was issued in Paraguay (No. 16350) on 2002-02-26 that changed the # dst method to be from the first Sunday in September to the first Sunday in # April. Rule Para 2002 2004 - Apr Sun>=1 0:00 0 - @@ -1736,8 +1745,19 @@ Rule Uruguay 2006 only - Mar 12 2:00 0 - # From Jesper Nørgaard Welen (2006-09-06): # http://www.presidencia.gub.uy/_web/decretos/2006/09/CM%20210_08%2006%202006_00001.PDF -Rule Uruguay 2006 max - Oct Sun>=1 2:00 1:00 S -Rule Uruguay 2007 max - Mar Sun>=8 2:00 0 - +# +# From Steffen Thorsen (2015-06-30): +# ... it looks like they will not be using DST the coming summer: +# http://www.elobservador.com.uy/gobierno-resolvio-que-no-habra-cambio-horario-verano-n656787 +# http://www.republica.com.uy/este-ano-no-se-modificara-el-huso-horario-en-uruguay/523760/ +# From Paul Eggert (2015-06-30): +# Apparently restaurateurs complained that DST caused people to go to the beach +# instead of out to dinner. +# From Pablo Camargo (2015-07-13): +# http://archivo.presidencia.gub.uy/sci/decretos/2015/06/cons_min_201.pdf +# [dated 2015-06-29; repeals Decree 311/006 dated 2006-09-04] +Rule Uruguay 2006 2014 - Oct Sun>=1 2:00 1:00 S +Rule Uruguay 2007 2015 - Mar Sun>=8 2:00 0 - # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone America/Montevideo -3:44:44 - LMT 1898 Jun 28 -3:44:44 - MMT 1920 May 1 # Montevideo MT @@ -1746,6 +1766,10 @@ # Venezuela # +# From Paul Eggert (2015-07-28): +# For the 1965 transition see Gaceta Oficial No. 27.619 (1964-12-15), p 205.533 +# http://www.pgr.gob.ve/dmdocuments/1964/27619.pdf +# # From John Stainforth (2007-11-28): # ... the change for Venezuela originally expected for 2007-12-31 has # been brought forward to 2007-12-09. The official announcement was @@ -1754,9 +1778,25 @@ # resolution publication) # http://www.globovision.com/news.php?nid=72208 +# From Alexander Krivenyshev (2016-04-15): +# https://actualidad.rt.com/actualidad/204758-venezuela-modificar-huso-horario-sequia-elnino +# +# From Paul Eggert (2016-04-15): +# Clocks advance 30 minutes on 2016-05-01 at 02:30. See: +# Barboza AD. Huso horario en Venezuela volverá a 4 horas menos con +# respecto al "Greenwich". Panorama 2016-04-15 12:20 -0430. +# http://www.panorama.com.ve/ciudad/Huso-horario-en-Venezuela-volvera-a-4-horas-menos-con-respecto-al-Greenwich-20160415-0032.html +# +# "'Venezuela's new time-zone: hours without light, hours without water, +# hours of presidential broadcasts, hours of lines," quipped comedian +# Jean Mary Curro ...". See: Cawthorne A, Kai D. Venezuela scraps +# half-hour time difference set by Chavez. Reuters 2016-04-15 14:50 -0400 +# http://www.reuters.com/article/us-venezuela-timezone-idUSKCN0XC2BE + # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone America/Caracas -4:27:44 - LMT 1890 -4:27:40 - CMT 1912 Feb 12 # Caracas Mean Time? - -4:30 - VET 1965 # Venezuela Time + -4:30 - VET 1965 Jan 1 0:00 # Venezuela T. -4:00 - VET 2007 Dec 9 3:00 - -4:30 - VET + -4:30 - VET 2016 May 1 2:30 + -4:00 - VET
--- a/make/sun/javazic/tzdata/zone.tab Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/javazic/tzdata/zone.tab Sat Sep 10 22:36:17 2016 +0100 @@ -53,22 +53,22 @@ AL +4120+01950 Europe/Tirane AM +4011+04430 Asia/Yerevan AO -0848+01314 Africa/Luanda -AQ -7750+16636 Antarctica/McMurdo McMurdo, South Pole, Scott (New Zealand time) -AQ -6734-06808 Antarctica/Rothera Rothera Station, Adelaide Island -AQ -6448-06406 Antarctica/Palmer Palmer Station, Anvers Island -AQ -6736+06253 Antarctica/Mawson Mawson Station, Holme Bay -AQ -6835+07758 Antarctica/Davis Davis Station, Vestfold Hills -AQ -6617+11031 Antarctica/Casey Casey Station, Bailey Peninsula -AQ -7824+10654 Antarctica/Vostok Vostok Station, Lake Vostok -AQ -6640+14001 Antarctica/DumontDUrville Dumont-d'Urville Station, Adelie Land -AQ -690022+0393524 Antarctica/Syowa Syowa Station, E Ongul I -AQ -720041+0023206 Antarctica/Troll Troll Station, Queen Maud Land +AQ -7750+16636 Antarctica/McMurdo New Zealand time - McMurdo, South Pole +AQ -6617+11031 Antarctica/Casey Casey +AQ -6835+07758 Antarctica/Davis Davis +AQ -6640+14001 Antarctica/DumontDUrville Dumont-d'Urville +AQ -6736+06253 Antarctica/Mawson Mawson +AQ -6448-06406 Antarctica/Palmer Palmer +AQ -6734-06808 Antarctica/Rothera Rothera +AQ -690022+0393524 Antarctica/Syowa Syowa +AQ -720041+0023206 Antarctica/Troll Troll +AQ -7824+10654 Antarctica/Vostok Vostok AR -3436-05827 America/Argentina/Buenos_Aires Buenos Aires (BA, CF) -AR -3124-06411 America/Argentina/Cordoba most locations (CB, CC, CN, ER, FM, MN, SE, SF) -AR -2447-06525 America/Argentina/Salta (SA, LP, NQ, RN) +AR -3124-06411 America/Argentina/Cordoba Argentina (most areas: CB, CC, CN, ER, FM, MN, SE, SF) +AR -2447-06525 America/Argentina/Salta Salta (SA, LP, NQ, RN) AR -2411-06518 America/Argentina/Jujuy Jujuy (JY) AR -2649-06513 America/Argentina/Tucuman Tucuman (TM) -AR -2828-06547 America/Argentina/Catamarca Catamarca (CT), Chubut (CH) +AR -2828-06547 America/Argentina/Catamarca Catamarca (CT); Chubut (CH) AR -2926-06651 America/Argentina/La_Rioja La Rioja (LR) AR -3132-06831 America/Argentina/San_Juan San Juan (SJ) AR -3253-06849 America/Argentina/Mendoza Mendoza (MZ) @@ -79,17 +79,17 @@ AT +4813+01620 Europe/Vienna AU -3133+15905 Australia/Lord_Howe Lord Howe Island AU -5430+15857 Antarctica/Macquarie Macquarie Island -AU -4253+14719 Australia/Hobart Tasmania - most locations -AU -3956+14352 Australia/Currie Tasmania - King Island +AU -4253+14719 Australia/Hobart Tasmania (most areas) +AU -3956+14352 Australia/Currie Tasmania (King Island) AU -3749+14458 Australia/Melbourne Victoria -AU -3352+15113 Australia/Sydney New South Wales - most locations -AU -3157+14127 Australia/Broken_Hill New South Wales - Yancowinna -AU -2728+15302 Australia/Brisbane Queensland - most locations -AU -2016+14900 Australia/Lindeman Queensland - Holiday Islands +AU -3352+15113 Australia/Sydney New South Wales (most areas) +AU -3157+14127 Australia/Broken_Hill New South Wales (Yancowinna) +AU -2728+15302 Australia/Brisbane Queensland (most areas) +AU -2016+14900 Australia/Lindeman Queensland (Whitsunday Islands) AU -3455+13835 Australia/Adelaide South Australia AU -1228+13050 Australia/Darwin Northern Territory -AU -3157+11551 Australia/Perth Western Australia - most locations -AU -3143+12852 Australia/Eucla Western Australia - Eucla area +AU -3157+11551 Australia/Perth Western Australia (most areas) +AU -3143+12852 Australia/Eucla Western Australia (Eucla) AW +1230-06958 America/Aruba AX +6006+01957 Europe/Mariehamn AZ +4023+04951 Asia/Baku @@ -108,62 +108,63 @@ BO -1630-06809 America/La_Paz BQ +120903-0681636 America/Kralendijk BR -0351-03225 America/Noronha Atlantic islands -BR -0127-04829 America/Belem Amapa, E Para -BR -0343-03830 America/Fortaleza NE Brazil (MA, PI, CE, RN, PB) +BR -0127-04829 America/Belem Para (east); Amapa +BR -0343-03830 America/Fortaleza Brazil (northeast: MA, PI, CE, RN, PB) BR -0803-03454 America/Recife Pernambuco BR -0712-04812 America/Araguaina Tocantins BR -0940-03543 America/Maceio Alagoas, Sergipe BR -1259-03831 America/Bahia Bahia -BR -2332-04637 America/Sao_Paulo S & SE Brazil (GO, DF, MG, ES, RJ, SP, PR, SC, RS) +BR -2332-04637 America/Sao_Paulo Brazil (southeast: GO, DF, MG, ES, RJ, SP, PR, SC, RS) BR -2027-05437 America/Campo_Grande Mato Grosso do Sul BR -1535-05605 America/Cuiaba Mato Grosso -BR -0226-05452 America/Santarem W Para +BR -0226-05452 America/Santarem Para (west) BR -0846-06354 America/Porto_Velho Rondonia BR +0249-06040 America/Boa_Vista Roraima -BR -0308-06001 America/Manaus E Amazonas -BR -0640-06952 America/Eirunepe W Amazonas +BR -0308-06001 America/Manaus Amazonas (east) +BR -0640-06952 America/Eirunepe Amazonas (west) BR -0958-06748 America/Rio_Branco Acre BS +2505-07721 America/Nassau BT +2728+08939 Asia/Thimphu BW -2439+02555 Africa/Gaborone BY +5354+02734 Europe/Minsk BZ +1730-08812 America/Belize -CA +4734-05243 America/St_Johns Newfoundland Time, including SE Labrador -CA +4439-06336 America/Halifax Atlantic Time - Nova Scotia (most places), PEI -CA +4612-05957 America/Glace_Bay Atlantic Time - Nova Scotia - places that did not observe DST 1966-1971 -CA +4606-06447 America/Moncton Atlantic Time - New Brunswick -CA +5320-06025 America/Goose_Bay Atlantic Time - Labrador - most locations -CA +5125-05707 America/Blanc-Sablon Atlantic Standard Time - Quebec - Lower North Shore -CA +4339-07923 America/Toronto Eastern Time - Ontario & Quebec - most locations -CA +4901-08816 America/Nipigon Eastern Time - Ontario & Quebec - places that did not observe DST 1967-1973 -CA +4823-08915 America/Thunder_Bay Eastern Time - Thunder Bay, Ontario -CA +6344-06828 America/Iqaluit Eastern Time - east Nunavut - most locations -CA +6608-06544 America/Pangnirtung Eastern Time - Pangnirtung, Nunavut -CA +744144-0944945 America/Resolute Central Time - Resolute, Nunavut -CA +484531-0913718 America/Atikokan Eastern Standard Time - Atikokan, Ontario and Southampton I, Nunavut -CA +624900-0920459 America/Rankin_Inlet Central Time - central Nunavut -CA +4953-09709 America/Winnipeg Central Time - Manitoba & west Ontario -CA +4843-09434 America/Rainy_River Central Time - Rainy River & Fort Frances, Ontario -CA +5024-10439 America/Regina Central Standard Time - Saskatchewan - most locations -CA +5017-10750 America/Swift_Current Central Standard Time - Saskatchewan - midwest -CA +5333-11328 America/Edmonton Mountain Time - Alberta, east British Columbia & west Saskatchewan -CA +690650-1050310 America/Cambridge_Bay Mountain Time - west Nunavut -CA +6227-11421 America/Yellowknife Mountain Time - central Northwest Territories -CA +682059-1334300 America/Inuvik Mountain Time - west Northwest Territories -CA +4906-11631 America/Creston Mountain Standard Time - Creston, British Columbia -CA +5946-12014 America/Dawson_Creek Mountain Standard Time - Dawson Creek & Fort Saint John, British Columbia -CA +4916-12307 America/Vancouver Pacific Time - west British Columbia -CA +6043-13503 America/Whitehorse Pacific Time - south Yukon -CA +6404-13925 America/Dawson Pacific Time - north Yukon +CA +4734-05243 America/St_Johns Newfoundland; Labrador (southeast) +CA +4439-06336 America/Halifax Atlantic - NS (most areas); PE +CA +4612-05957 America/Glace_Bay Atlantic - NS (Cape Breton) +CA +4606-06447 America/Moncton Atlantic - New Brunswick +CA +5320-06025 America/Goose_Bay Atlantic - Labrador (most areas) +CA +5125-05707 America/Blanc-Sablon AST - QC (Lower North Shore) +CA +4339-07923 America/Toronto Eastern - ON, QC (most areas) +CA +4901-08816 America/Nipigon Eastern - ON, QC (no DST 1967-73) +CA +4823-08915 America/Thunder_Bay Eastern - ON (Thunder Bay) +CA +6344-06828 America/Iqaluit Eastern - NU (most east areas) +CA +6608-06544 America/Pangnirtung Eastern - NU (Pangnirtung) +CA +484531-0913718 America/Atikokan EST - ON (Atikokan); NU (Coral H) +CA +4953-09709 America/Winnipeg Central - ON (west); Manitoba +CA +4843-09434 America/Rainy_River Central - ON (Rainy R, Ft Frances) +CA +744144-0944945 America/Resolute Central - NU (Resolute) +CA +624900-0920459 America/Rankin_Inlet Central - NU (central) +CA +5024-10439 America/Regina CST - SK (most areas) +CA +5017-10750 America/Swift_Current CST - SK (midwest) +CA +5333-11328 America/Edmonton Mountain - AB; BC (E); SK (W) +CA +690650-1050310 America/Cambridge_Bay Mountain - NU (west) +CA +6227-11421 America/Yellowknife Mountain - NT (central) +CA +682059-1334300 America/Inuvik Mountain - NT (west) +CA +4906-11631 America/Creston MST - BC (Creston) +CA +5946-12014 America/Dawson_Creek MST - BC (Dawson Cr, Ft St John) +CA +5848-12242 America/Fort_Nelson MST - BC (Ft Nelson) +CA +4916-12307 America/Vancouver Pacific - BC (most areas) +CA +6043-13503 America/Whitehorse Pacific - Yukon (south) +CA +6404-13925 America/Dawson Pacific - Yukon (north) CC -1210+09655 Indian/Cocos -CD -0418+01518 Africa/Kinshasa west Dem. Rep. of Congo -CD -1140+02728 Africa/Lubumbashi east Dem. Rep. of Congo +CD -0418+01518 Africa/Kinshasa Dem. Rep. of Congo (west) +CD -1140+02728 Africa/Lubumbashi Dem. Rep. of Congo (east) CF +0422+01835 Africa/Bangui CG -0416+01517 Africa/Brazzaville CH +4723+00832 Europe/Zurich CI +0519-00402 Africa/Abidjan CK -2114-15946 Pacific/Rarotonga -CL -3327-07040 America/Santiago most locations +CL -3327-07040 America/Santiago Chile (most areas) CL -2709-10926 Pacific/Easter Easter Island CM +0403+00942 Africa/Douala CN +3114+12128 Asia/Shanghai Beijing Time @@ -176,28 +177,28 @@ CX -1025+10543 Indian/Christmas CY +3510+03322 Asia/Nicosia CZ +5005+01426 Europe/Prague -DE +5230+01322 Europe/Berlin most locations +DE +5230+01322 Europe/Berlin Germany (most areas) DE +4742+00841 Europe/Busingen Busingen DJ +1136+04309 Africa/Djibouti DK +5540+01235 Europe/Copenhagen DM +1518-06124 America/Dominica DO +1828-06954 America/Santo_Domingo DZ +3647+00303 Africa/Algiers -EC -0210-07950 America/Guayaquil mainland +EC -0210-07950 America/Guayaquil Ecuador (mainland) EC -0054-08936 Pacific/Galapagos Galapagos Islands EE +5925+02445 Europe/Tallinn EG +3003+03115 Africa/Cairo EH +2709-01312 Africa/El_Aaiun ER +1520+03853 Africa/Asmara -ES +4024-00341 Europe/Madrid mainland -ES +3553-00519 Africa/Ceuta Ceuta & Melilla +ES +4024-00341 Europe/Madrid Spain (mainland) +ES +3553-00519 Africa/Ceuta Ceuta, Melilla ES +2806-01524 Atlantic/Canary Canary Islands ET +0902+03842 Africa/Addis_Ababa FI +6010+02458 Europe/Helsinki FJ -1808+17825 Pacific/Fiji FK -5142-05751 Atlantic/Stanley -FM +0725+15147 Pacific/Chuuk Chuuk (Truk) and Yap -FM +0658+15813 Pacific/Pohnpei Pohnpei (Ponape) +FM +0725+15147 Pacific/Chuuk Chuuk/Truk, Yap +FM +0658+15813 Pacific/Pohnpei Pohnpei/Ponape FM +0519+16259 Pacific/Kosrae Kosrae FO +6201-00646 Atlantic/Faroe FR +4852+00220 Europe/Paris @@ -209,10 +210,10 @@ GG +4927-00232 Europe/Guernsey GH +0533-00013 Africa/Accra GI +3608-00521 Europe/Gibraltar -GL +6411-05144 America/Godthab most locations -GL +7646-01840 America/Danmarkshavn east coast, north of Scoresbysund -GL +7029-02158 America/Scoresbysund Scoresbysund / Ittoqqortoormiit -GL +7634-06847 America/Thule Thule / Pituffik +GL +6411-05144 America/Godthab Greenland (most areas) +GL +7646-01840 America/Danmarkshavn National Park (east coast) +GL +7029-02158 America/Scoresbysund Scoresbysund/Ittoqqortoormiit +GL +7634-06847 America/Thule Thule/Pituffik GM +1328-01639 Africa/Banjul GN +0931-01343 Africa/Conakry GP +1614-06132 America/Guadeloupe @@ -228,10 +229,10 @@ HR +4548+01558 Europe/Zagreb HT +1832-07220 America/Port-au-Prince HU +4730+01905 Europe/Budapest -ID -0610+10648 Asia/Jakarta Java & Sumatra -ID -0002+10920 Asia/Pontianak west & central Borneo -ID -0507+11924 Asia/Makassar east & south Borneo, Sulawesi (Celebes), Bali, Nusa Tengarra, west Timor -ID -0232+14042 Asia/Jayapura west New Guinea (Irian Jaya) & Malukus (Moluccas) +ID -0610+10648 Asia/Jakarta Java, Sumatra +ID -0002+10920 Asia/Pontianak Borneo (west, central) +ID -0507+11924 Asia/Makassar Borneo (east, south); Sulawesi/Celebes, Bali, Nusa Tengarra; Timor (west) +ID -0232+14042 Asia/Jayapura New Guinea (West Papua / Irian Jaya); Malukus/Moluccas IE +5320-00615 Europe/Dublin IL +314650+0351326 Asia/Jerusalem IM +5409-00428 Europe/Isle_of_Man @@ -257,10 +258,10 @@ KR +3733+12658 Asia/Seoul KW +2920+04759 Asia/Kuwait KY +1918-08123 America/Cayman -KZ +4315+07657 Asia/Almaty most locations -KZ +4448+06528 Asia/Qyzylorda Qyzylorda (Kyzylorda, Kzyl-Orda) -KZ +5017+05710 Asia/Aqtobe Aqtobe (Aktobe) -KZ +4431+05016 Asia/Aqtau Atyrau (Atirau, Gur'yev), Mangghystau (Mankistau) +KZ +4315+07657 Asia/Almaty Kazakhstan (most areas) +KZ +4448+06528 Asia/Qyzylorda Qyzylorda/Kyzylorda/Kzyl-Orda +KZ +5017+05710 Asia/Aqtobe Aqtobe/Aktobe +KZ +4431+05016 Asia/Aqtau Atyrau/Atirau/Gur'yev, Mangghystau/Mankistau KZ +5113+05121 Asia/Oral West Kazakhstan LA +1758+10236 Asia/Vientiane LB +3353+03530 Asia/Beirut @@ -279,12 +280,12 @@ ME +4226+01916 Europe/Podgorica MF +1804-06305 America/Marigot MG -1855+04731 Indian/Antananarivo -MH +0709+17112 Pacific/Majuro most locations +MH +0709+17112 Pacific/Majuro Marshall Islands (most areas) MH +0905+16720 Pacific/Kwajalein Kwajalein MK +4159+02126 Europe/Skopje ML +1239-00800 Africa/Bamako MM +1647+09610 Asia/Rangoon -MN +4755+10653 Asia/Ulaanbaatar most locations +MN +4755+10653 Asia/Ulaanbaatar Mongolia (most areas) MN +4801+09139 Asia/Hovd Bayan-Olgiy, Govi-Altai, Hovd, Uvs, Zavkhan MN +4804+11430 Asia/Choibalsan Dornod, Sukhbaatar MO +2214+11335 Asia/Macau @@ -296,20 +297,19 @@ MU -2010+05730 Indian/Mauritius MV +0410+07330 Indian/Maldives MW -1547+03500 Africa/Blantyre -MX +1924-09909 America/Mexico_City Central Time - most locations +MX +1924-09909 America/Mexico_City Central Time MX +2105-08646 America/Cancun Eastern Standard Time - Quintana Roo MX +2058-08937 America/Merida Central Time - Campeche, Yucatan -MX +2540-10019 America/Monterrey Mexican Central Time - Coahuila, Durango, Nuevo Leon, Tamaulipas away from US border -MX +2550-09730 America/Matamoros US Central Time - Coahuila, Durango, Nuevo Leon, Tamaulipas near US border -MX +2313-10625 America/Mazatlan Mountain Time - S Baja, Nayarit, Sinaloa -MX +2838-10605 America/Chihuahua Mexican Mountain Time - Chihuahua away from US border -MX +2934-10425 America/Ojinaga US Mountain Time - Chihuahua near US border +MX +2540-10019 America/Monterrey Central Time - Durango; Coahuila, Nuevo Leon, Tamaulipas (most areas) +MX +2550-09730 America/Matamoros Central Time US - Coahuila, Nuevo Leon, Tamaulipas (US border) +MX +2313-10625 America/Mazatlan Mountain Time - Baja California Sur, Nayarit, Sinaloa +MX +2838-10605 America/Chihuahua Mountain Time - Chihuahua (most areas) +MX +2934-10425 America/Ojinaga Mountain Time US - Chihuahua (US border) MX +2904-11058 America/Hermosillo Mountain Standard Time - Sonora -MX +3232-11701 America/Tijuana US Pacific Time - Baja California near US border -MX +3018-11452 America/Santa_Isabel Mexican Pacific Time - Baja California away from US border -MX +2048-10515 America/Bahia_Banderas Mexican Central Time - Bahia de Banderas -MY +0310+10142 Asia/Kuala_Lumpur peninsular Malaysia -MY +0133+11020 Asia/Kuching Sabah & Sarawak +MX +3232-11701 America/Tijuana Pacific Time US - Baja California +MX +2048-10515 America/Bahia_Banderas Central Time - Bahia de Banderas +MY +0310+10142 Asia/Kuala_Lumpur Malaysia (peninsula) +MY +0133+11020 Asia/Kuching Sabah, Sarawak MZ -2558+03235 Africa/Maputo NA -2234+01706 Africa/Windhoek NC -2216+16627 Pacific/Noumea @@ -322,7 +322,7 @@ NP +2743+08519 Asia/Kathmandu NR -0031+16655 Pacific/Nauru NU -1901-16955 Pacific/Niue -NZ -3652+17446 Pacific/Auckland most locations +NZ -3652+17446 Pacific/Auckland New Zealand (most areas) NZ -4357-17633 Pacific/Chatham Chatham Islands OM +2336+05835 Asia/Muscat PA +0858-07932 America/Panama @@ -330,7 +330,7 @@ PF -1732-14934 Pacific/Tahiti Society Islands PF -0900-13930 Pacific/Marquesas Marquesas Islands PF -2308-13457 Pacific/Gambier Gambier Islands -PG -0930+14710 Pacific/Port_Moresby most locations +PG -0930+14710 Pacific/Port_Moresby Papua New Guinea (most areas) PG -0613+15534 Pacific/Bougainville Bougainville PH +1435+12100 Asia/Manila PK +2452+06703 Asia/Karachi @@ -340,7 +340,7 @@ PR +182806-0660622 America/Puerto_Rico PS +3130+03428 Asia/Gaza Gaza Strip PS +313200+0350542 Asia/Hebron West Bank -PT +3843-00908 Europe/Lisbon mainland +PT +3843-00908 Europe/Lisbon Portugal (mainland) PT +3238-01654 Atlantic/Madeira Madeira Islands PT +3744-02540 Atlantic/Azores Azores PW +0720+13429 Pacific/Palau @@ -349,27 +349,32 @@ RE -2052+05528 Indian/Reunion RO +4426+02606 Europe/Bucharest RS +4450+02030 Europe/Belgrade -RU +5443+02030 Europe/Kaliningrad Moscow-01 - Kaliningrad -RU +554521+0373704 Europe/Moscow Moscow+00 - west Russia -RU +4457+03406 Europe/Simferopol Moscow+00 - Crimea -RU +4844+04425 Europe/Volgograd Moscow+00 - Caspian Sea -RU +5312+05009 Europe/Samara Moscow+00 (Moscow+01 after 2014-10-26) - Samara, Udmurtia -RU +5651+06036 Asia/Yekaterinburg Moscow+02 - Urals -RU +5500+07324 Asia/Omsk Moscow+03 - west Siberia -RU +5502+08255 Asia/Novosibirsk Moscow+03 - Novosibirsk -RU +5345+08707 Asia/Novokuznetsk Moscow+03 (Moscow+04 after 2014-10-26) - Kemerovo -RU +5601+09250 Asia/Krasnoyarsk Moscow+04 - Yenisei River -RU +5216+10420 Asia/Irkutsk Moscow+05 - Lake Baikal -RU +5203+11328 Asia/Chita Moscow+06 (Moscow+05 after 2014-10-26) - Zabaykalsky -RU +6200+12940 Asia/Yakutsk Moscow+06 - Lena River -RU +623923+1353314 Asia/Khandyga Moscow+06 - Tomponsky, Ust-Maysky -RU +4310+13156 Asia/Vladivostok Moscow+07 - Amur River -RU +4658+14242 Asia/Sakhalin Moscow+07 - Sakhalin Island -RU +643337+1431336 Asia/Ust-Nera Moscow+07 - Oymyakonsky -RU +5934+15048 Asia/Magadan Moscow+08 (Moscow+07 after 2014-10-26) - Magadan -RU +6728+15343 Asia/Srednekolymsk Moscow+08 - E Sakha, N Kuril Is -RU +5301+15839 Asia/Kamchatka Moscow+08 (Moscow+09 after 2014-10-26) - Kamchatka -RU +6445+17729 Asia/Anadyr Moscow+08 (Moscow+09 after 2014-10-26) - Bering Sea +RU +5443+02030 Europe/Kaliningrad MSK-01 - Kaliningrad +RU +554521+0373704 Europe/Moscow MSK+00 - Moscow area +RU +4457+03406 Europe/Simferopol MSK+00 - Crimea +RU +4844+04425 Europe/Volgograd MSK+00 - Volgograd, Saratov +RU +5836+04939 Europe/Kirov MSK+00 - Kirov +RU +4621+04803 Europe/Astrakhan MSK+01 - Astrakhan +RU +5312+05009 Europe/Samara MSK+01 - Samara, Udmurtia +RU +5420+04824 Europe/Ulyanovsk MSK+01 - Ulyanovsk +RU +5651+06036 Asia/Yekaterinburg MSK+02 - Urals +RU +5500+07324 Asia/Omsk MSK+03 - Omsk +RU +5502+08255 Asia/Novosibirsk MSK+03 - Novosibirsk +RU +5322+08345 Asia/Barnaul MSK+04 - Altai +RU +5630+08458 Asia/Tomsk MSK+04 - Tomsk +RU +5345+08707 Asia/Novokuznetsk MSK+04 - Kemerovo +RU +5601+09250 Asia/Krasnoyarsk MSK+04 - Krasnoyarsk area +RU +5216+10420 Asia/Irkutsk MSK+05 - Irkutsk, Buryatia +RU +5203+11328 Asia/Chita MSK+06 - Zabaykalsky +RU +6200+12940 Asia/Yakutsk MSK+06 - Lena River +RU +623923+1353314 Asia/Khandyga MSK+06 - Tomponsky, Ust-Maysky +RU +4310+13156 Asia/Vladivostok MSK+07 - Amur River +RU +643337+1431336 Asia/Ust-Nera MSK+07 - Oymyakonsky +RU +5934+15048 Asia/Magadan MSK+08 - Magadan +RU +4658+14242 Asia/Sakhalin MSK+08 - Sakhalin Island +RU +6728+15343 Asia/Srednekolymsk MSK+08 - Sakha (E); North Kuril Is +RU +5301+15839 Asia/Kamchatka MSK+09 - Kamchatka +RU +6445+17729 Asia/Anadyr MSK+09 - Bering Sea RW -0157+03004 Africa/Kigali SA +2438+04643 Asia/Riyadh SB -0932+16012 Pacific/Guadalcanal @@ -408,45 +413,45 @@ TV -0831+17913 Pacific/Funafuti TW +2503+12130 Asia/Taipei TZ -0648+03917 Africa/Dar_es_Salaam -UA +5026+03031 Europe/Kiev most locations +UA +5026+03031 Europe/Kiev Ukraine (most areas) UA +4837+02218 Europe/Uzhgorod Ruthenia -UA +4750+03510 Europe/Zaporozhye Zaporozh'ye, E Lugansk / Zaporizhia, E Luhansk +UA +4750+03510 Europe/Zaporozhye Zaporozh'ye/Zaporizhia; Lugansk/Luhansk (east) UG +0019+03225 Africa/Kampala UM +1645-16931 Pacific/Johnston Johnston Atoll UM +2813-17722 Pacific/Midway Midway Islands UM +1917+16637 Pacific/Wake Wake Island -US +404251-0740023 America/New_York Eastern Time -US +421953-0830245 America/Detroit Eastern Time - Michigan - most locations -US +381515-0854534 America/Kentucky/Louisville Eastern Time - Kentucky - Louisville area -US +364947-0845057 America/Kentucky/Monticello Eastern Time - Kentucky - Wayne County -US +394606-0860929 America/Indiana/Indianapolis Eastern Time - Indiana - most locations -US +384038-0873143 America/Indiana/Vincennes Eastern Time - Indiana - Daviess, Dubois, Knox & Martin Counties -US +410305-0863611 America/Indiana/Winamac Eastern Time - Indiana - Pulaski County -US +382232-0862041 America/Indiana/Marengo Eastern Time - Indiana - Crawford County -US +382931-0871643 America/Indiana/Petersburg Eastern Time - Indiana - Pike County -US +384452-0850402 America/Indiana/Vevay Eastern Time - Indiana - Switzerland County -US +415100-0873900 America/Chicago Central Time -US +375711-0864541 America/Indiana/Tell_City Central Time - Indiana - Perry County -US +411745-0863730 America/Indiana/Knox Central Time - Indiana - Starke County -US +450628-0873651 America/Menominee Central Time - Michigan - Dickinson, Gogebic, Iron & Menominee Counties -US +470659-1011757 America/North_Dakota/Center Central Time - North Dakota - Oliver County -US +465042-1012439 America/North_Dakota/New_Salem Central Time - North Dakota - Morton County (except Mandan area) -US +471551-1014640 America/North_Dakota/Beulah Central Time - North Dakota - Mercer County -US +394421-1045903 America/Denver Mountain Time -US +433649-1161209 America/Boise Mountain Time - south Idaho & east Oregon -US +332654-1120424 America/Phoenix Mountain Standard Time - Arizona (except Navajo) -US +340308-1181434 America/Los_Angeles Pacific Time -US +550737-1313435 America/Metlakatla Pacific Standard Time - Annette Island, Alaska -US +611305-1495401 America/Anchorage Alaska Time -US +581807-1342511 America/Juneau Alaska Time - Alaska panhandle -US +571035-1351807 America/Sitka Alaska Time - southeast Alaska panhandle -US +593249-1394338 America/Yakutat Alaska Time - Alaska panhandle neck -US +643004-1652423 America/Nome Alaska Time - west Alaska +US +404251-0740023 America/New_York Eastern (most areas) +US +421953-0830245 America/Detroit Eastern - MI (most areas) +US +381515-0854534 America/Kentucky/Louisville Eastern - KY (Louisville area) +US +364947-0845057 America/Kentucky/Monticello Eastern - KY (Wayne) +US +394606-0860929 America/Indiana/Indianapolis Eastern - IN (most areas) +US +384038-0873143 America/Indiana/Vincennes Eastern - IN (Da, Du, K, Mn) +US +410305-0863611 America/Indiana/Winamac Eastern - IN (Pulaski) +US +382232-0862041 America/Indiana/Marengo Eastern - IN (Crawford) +US +382931-0871643 America/Indiana/Petersburg Eastern - IN (Pike) +US +384452-0850402 America/Indiana/Vevay Eastern - IN (Switzerland) +US +415100-0873900 America/Chicago Central (most areas) +US +375711-0864541 America/Indiana/Tell_City Central - IN (Perry) +US +411745-0863730 America/Indiana/Knox Central - IN (Starke) +US +450628-0873651 America/Menominee Central - MI (Wisconsin border) +US +470659-1011757 America/North_Dakota/Center Central - ND (Oliver) +US +465042-1012439 America/North_Dakota/New_Salem Central - ND (Morton rural) +US +471551-1014640 America/North_Dakota/Beulah Central - ND (Mercer) +US +394421-1045903 America/Denver Mountain (most areas) +US +433649-1161209 America/Boise Mountain - ID (south); OR (east) +US +332654-1120424 America/Phoenix MST - Arizona (except Navajo) +US +340308-1181434 America/Los_Angeles Pacific +US +611305-1495401 America/Anchorage Alaska (most areas) +US +581807-1342511 America/Juneau Alaska - Juneau area +US +571035-1351807 America/Sitka Alaska - Sitka area +US +550737-1313435 America/Metlakatla Alaska - Annette Island +US +593249-1394338 America/Yakutat Alaska - Yakutat +US +643004-1652423 America/Nome Alaska (west) US +515248-1763929 America/Adak Aleutian Islands US +211825-1575130 Pacific/Honolulu Hawaii UY -3453-05611 America/Montevideo -UZ +3940+06648 Asia/Samarkand west Uzbekistan -UZ +4120+06918 Asia/Tashkent east Uzbekistan +UZ +3940+06648 Asia/Samarkand Uzbekistan (west) +UZ +4120+06918 Asia/Tashkent Uzbekistan (east) VA +415408+0122711 Europe/Vatican VC +1309-06114 America/St_Vincent VE +1030-06656 America/Caracas
--- a/make/sun/rmi/cgi/Makefile Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/rmi/cgi/Makefile Sat Sep 10 22:36:17 2016 +0100 @@ -29,7 +29,6 @@ BUILDDIR = ../../.. JAVAC_MAX_WARNINGS = true -JAVAC_WARNINGS_FATAL = true # java-rmi.cgi is a JDK tool PACKAGE = sun.rmi PRODUCT = sun
--- a/make/sun/rmi/registry/Makefile Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/rmi/registry/Makefile Sat Sep 10 22:36:17 2016 +0100 @@ -29,7 +29,6 @@ BUILDDIR = ../../.. JAVAC_MAX_WARNINGS = true -JAVAC_WARNINGS_FATAL = true JAVAC_LINT_OPTIONS = -Xlint:all,-deprecation PACKAGE = sun.rmi.registry PRODUCT = sun
--- a/make/sun/rmi/rmi/Makefile Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/rmi/rmi/Makefile Sat Sep 10 22:36:17 2016 +0100 @@ -29,7 +29,6 @@ BUILDDIR = ../../.. JAVAC_MAX_WARNINGS = true -JAVAC_WARNINGS_FATAL = true JAVAC_LINT_OPTIONS = -Xlint:all,-deprecation PACKAGE = sun.rmi PRODUCT = sun
--- a/make/sun/rmi/rmid/Makefile Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/rmi/rmid/Makefile Sat Sep 10 22:36:17 2016 +0100 @@ -30,7 +30,6 @@ BUILDDIR = ../../.. JAVAC_MAX_WARNINGS = true -JAVAC_WARNINGS_FATAL = true PACKAGE = sun.rmi.activation PRODUCT = sun include $(BUILDDIR)/common/Defs.gmk
--- a/make/sun/security/Makefile Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/security/Makefile Sat Sep 10 22:36:17 2016 +0100 @@ -35,6 +35,7 @@ # BUILDDIR = ../.. +SUBDIRS_MAKEFLAGS += JAVAC_MAX_WARNINGS=true include $(BUILDDIR)/common/Defs.gmk # build sun/security/jgss/wrapper on non-windows platform
--- a/make/sun/security/ec/Makefile Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/security/ec/Makefile Sat Sep 10 22:36:17 2016 +0100 @@ -109,6 +109,8 @@ endif endif +JAVAC_MAX_WARNINGS=false +JAVAC_LINT_OPTIONS=-Xlint:all,-deprecation include $(BUILDDIR)/common/Defs.gmk #
--- a/make/sun/security/other/Makefile Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/security/other/Makefile Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ # -# Copyright (c) 1996, 2009, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,8 @@ BUILDDIR = ../../.. PACKAGE = sun.security.other PRODUCT = sun +JAVAC_MAX_WARNINGS=false +JAVAC_LINT_OPTIONS=-Xlint:all,-deprecation include $(BUILDDIR)/common/Defs.gmk # @@ -35,6 +37,7 @@ sun/security/acl \ sun/security/jca \ sun/security/pkcs \ + sun/security/pkcs10 \ sun/security/pkcs12 \ sun/security/provider \ sun/security/rsa \
--- a/make/sun/security/pkcs11/Makefile Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/security/pkcs11/Makefile Sat Sep 10 22:36:17 2016 +0100 @@ -110,6 +110,8 @@ endif endif +JAVAC_MAX_WARNINGS=false +JAVAC_LINT_OPTIONS=-Xlint:all,-deprecation include $(BUILDDIR)/common/Defs.gmk #
--- a/make/sun/security/tools/Makefile Fri Jul 29 04:24:21 2016 +0100 +++ b/make/sun/security/tools/Makefile Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ # -# Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -37,7 +37,7 @@ # Resources # LOCALE_SET_DEFINITION = jdk -RESOURCE_BUNDLES_JAVA = sun/security/tools/JarSignerResources.java +RESOURCE_BUNDLES_JAVA = sun/security/tools/jarsigner/Resources.java # # Rules @@ -45,7 +45,7 @@ include $(BUILDDIR)/common/Classes.gmk build: - $(call make-launcher, keytool, sun.security.tools.KeyTool, , ) + $(call make-launcher, keytool, sun.security.tools.keytool.Main, , ) ifndef BUILD_HEADLESS_ONLY $(call make-launcher, policytool, sun.security.tools.policytool.PolicyTool, , ) endif
--- a/src/macosx/classes/sun/lwawt/macosx/CPrinterJob.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/macosx/classes/sun/lwawt/macosx/CPrinterJob.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -200,6 +200,11 @@ // this will not work if the user clicks on the "Preview" button // However if the printer is a StreamPrintService, its the right path. PrintService psvc = getPrintService(); + + if (psvc == null) { + throw new PrinterException("No print service found."); + } + if (psvc instanceof StreamPrintService) { spoolToService(psvc, attributes); return;
--- a/src/macosx/classes/sun/nio/ch/KQueueArrayWrapper.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/macosx/classes/sun/nio/ch/KQueueArrayWrapper.java Sat Sep 10 22:36:17 2016 +0100 @@ -87,6 +87,7 @@ private int incomingInterruptFD; static { + IOUtil.load(); initStructSizes(); String datamodel = (String) java.security.AccessController.doPrivileged( new sun.security.action.GetPropertyAction("sun.arch.data.model"));
--- a/src/macosx/classes/sun/nio/ch/KQueueSelectorImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/macosx/classes/sun/nio/ch/KQueueSelectorImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -246,9 +246,4 @@ } return this; } - - - static { - Util.load(); - } }
--- a/src/share/classes/com/sun/accessibility/internal/resources/accessibility_ko.properties Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/accessibility/internal/resources/accessibility_ko.properties Sat Sep 10 22:36:17 2016 +0100 @@ -15,13 +15,13 @@ # alert=\uACBD\uBCF4 awtcomponent=AWT \uAD6C\uC131 \uC694\uC18C -checkbox=\uCCB4\uD06C \uBC15\uC2A4 +checkbox=\uCCB4\uD06C\uBC15\uC2A4 colorchooser=\uC0C9\uC0C1 \uC120\uD0DD\uAE30 columnheader=\uC5F4 \uBA38\uB9AC\uAE00 combobox=\uCF64\uBCF4 \uC0C1\uC790 canvas=\uCE94\uBC84\uC2A4 -desktopicon=\uBC14\uD0D5 \uD654\uBA74 \uC544\uC774\uCF58 -desktoppane=\uBC14\uD0D5 \uD654\uBA74 \uCC3D +desktopicon=\uBC14\uD0D5\uD654\uBA74 \uC544\uC774\uCF58 +desktoppane=\uBC14\uD0D5\uD654\uBA74 \uCC3D dialog=\uB300\uD654\uC0C1\uC790 directorypane=\uB514\uB809\uD1A0\uB9AC \uCC3D glasspane=\uAE00\uB798\uC2A4 \uCC3D
--- a/src/share/classes/com/sun/crypto/provider/AESCrypt.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/AESCrypt.java Sat Sep 10 22:36:17 2016 +0100 @@ -255,7 +255,7 @@ for (j = 0; j < 8; j++) { tmp = AA[i][j]; AA[i][j] = AA[t][j]; - AA[t][j] = (byte) tmp; + AA[t][j] = tmp; } pivot = AA[i][i]; }
--- a/src/share/classes/com/sun/crypto/provider/AESParameters.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/AESParameters.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,13 +25,10 @@ package com.sun.crypto.provider; -import java.util.*; import java.io.*; -import sun.security.util.*; import java.security.AlgorithmParametersSpi; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.InvalidParameterSpecException; -import javax.crypto.spec.IvParameterSpec; /** * This class implements the parameter (IV) used with the AES algorithm @@ -67,9 +64,15 @@ core.init(encoded, decodingMethod); } - protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec) + protected <T extends AlgorithmParameterSpec> + T engineGetParameterSpec(Class<T> paramSpec) throws InvalidParameterSpecException { - return core.getParameterSpec(paramSpec); + if (AlgorithmParameterSpec.class.isAssignableFrom(paramSpec)) { + return core.getParameterSpec(paramSpec); + } else { + throw new InvalidParameterSpecException + ("Inappropriate parameter Specification"); + } } protected byte[] engineGetEncoded() throws IOException {
--- a/src/share/classes/com/sun/crypto/provider/BlockCipherParamsCore.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/BlockCipherParamsCore.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,7 +25,6 @@ package com.sun.crypto.provider; -import java.util.*; import java.io.*; import sun.security.util.*; import sun.misc.HexDumpEncoder; @@ -64,7 +63,7 @@ throw new InvalidParameterSpecException("IV not " + block_size + " bytes long"); } - iv = (byte[]) tmpIv.clone(); + iv = tmpIv.clone(); } void init(byte[] encoded) throws IOException { @@ -90,11 +89,11 @@ init(encoded); } - AlgorithmParameterSpec getParameterSpec(Class paramSpec) + <T extends AlgorithmParameterSpec> T getParameterSpec(Class<T> paramSpec) throws InvalidParameterSpecException { if (IvParameterSpec.class.isAssignableFrom(paramSpec)) { - return new IvParameterSpec(this.iv); + return paramSpec.cast(new IvParameterSpec(this.iv)); } else { throw new InvalidParameterSpecException ("Inappropriate parameter specification");
--- a/src/share/classes/com/sun/crypto/provider/BlowfishParameters.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/BlowfishParameters.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,13 +25,10 @@ package com.sun.crypto.provider; -import java.util.*; import java.io.*; -import sun.security.util.*; import java.security.AlgorithmParametersSpi; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.InvalidParameterSpecException; -import javax.crypto.spec.IvParameterSpec; /** * This class implements the parameter (IV) used with the Blowfish algorithm in @@ -68,9 +65,15 @@ core.init(encoded, decodingMethod); } - protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec) + protected <T extends AlgorithmParameterSpec> + T engineGetParameterSpec(Class<T> paramSpec) throws InvalidParameterSpecException { - return core.getParameterSpec(paramSpec); + if (AlgorithmParameterSpec.class.isAssignableFrom(paramSpec)) { + return core.getParameterSpec(paramSpec); + } else { + throw new InvalidParameterSpecException + ("Inappropriate parameter Specification"); + } } protected byte[] engineGetEncoded() throws IOException {
--- a/src/share/classes/com/sun/crypto/provider/CipherBlockChaining.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/CipherBlockChaining.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -193,7 +193,7 @@ // This is necessary because in this constellation, a // ciphertext block (or parts of it) will be overridden by // the plaintext result. - cipherOrig = (byte[])cipher.clone(); + cipherOrig = cipher.clone(); } for (; cipherOffset < endIndex;
--- a/src/share/classes/com/sun/crypto/provider/CipherCore.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/CipherCore.java Sat Sep 10 22:36:17 2016 +0100 @@ -301,7 +301,7 @@ */ byte[] getIV() { byte[] iv = cipher.getIV(); - return (iv == null) ? null : (byte[])iv.clone(); + return (iv == null) ? null : iv.clone(); } /** @@ -475,8 +475,7 @@ IvParameterSpec ivSpec = null; if (params != null) { try { - ivSpec = (IvParameterSpec)params.getParameterSpec - (IvParameterSpec.class); + ivSpec = params.getParameterSpec(IvParameterSpec.class); } catch (InvalidParameterSpecException ipse) { throw new InvalidAlgorithmParameterException("Wrong parameter " + "type: IV " @@ -832,7 +831,7 @@ buffered = 0; diffBlocksize = blockSize; if (cipherMode != ECB_MODE) { - ((FeedbackCipher)cipher).reset(); + cipher.reset(); } return totalLen; }
--- a/src/share/classes/com/sun/crypto/provider/DESCrypt.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/DESCrypt.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -622,17 +622,17 @@ // mangler function: // every 6 bit is fed into the sbox, which // produces 4-bit output - left ^= s0p[(int)((temp & 0x3f) ^ key[j+0])] - ^ s1p[(int)(((temp >> 4) & 0x3f) ^ key[j+1])] - ^ s2p[(int)(((temp >> 8) & 0x3f) ^ key[j+2])] - ^ s3p[(int)(((temp >> 12) & 0x3f) ^ key[j+3])] - ^ s4p[(int)(((temp >> 16) & 0x3f) ^ key[j+4])] - ^ s5p[(int)(((temp >> 20) & 0x3f) ^ key[j+5])] - ^ s6p[(int)(((temp >> 24) & 0x3f) ^ key[j+6])]; + left ^= s0p[(temp & 0x3f) ^ key[j+0]] + ^ s1p[((temp >> 4) & 0x3f) ^ key[j+1]] + ^ s2p[((temp >> 8) & 0x3f) ^ key[j+2]] + ^ s3p[((temp >> 12) & 0x3f) ^ key[j+3]] + ^ s4p[((temp >> 16) & 0x3f) ^ key[j+4]] + ^ s5p[((temp >> 20) & 0x3f) ^ key[j+5]] + ^ s6p[((temp >> 24) & 0x3f) ^ key[j+6]]; // make the last sbox input the last bit from right[0] temp = ((right & 1) << 5) | ((right >> 27) & 0x1f); - left ^= s7p[(int)(temp ^ key[j+7])]; + left ^= s7p[temp ^ key[j+7]]; temp = left; left = right; right = temp;
--- a/src/share/classes/com/sun/crypto/provider/DESKey.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/DESKey.java Sat Sep 10 22:36:17 2016 +0100 @@ -79,7 +79,7 @@ public byte[] getEncoded() { // Return a copy of the key, rather than a reference, // so that the key data cannot be modified from outside - return (byte[])this.key.clone(); + return this.key.clone(); } public String getAlgorithm() { @@ -127,7 +127,7 @@ throws java.io.IOException, ClassNotFoundException { s.defaultReadObject(); - key = (byte[])key.clone(); + key = key.clone(); } /**
--- a/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it
--- a/src/share/classes/com/sun/crypto/provider/DESParameters.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/DESParameters.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,13 +25,10 @@ package com.sun.crypto.provider; -import java.util.*; import java.io.*; -import sun.security.util.*; import java.security.AlgorithmParametersSpi; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.InvalidParameterSpecException; -import javax.crypto.spec.IvParameterSpec; /** * This class implements the parameter (IV) used with the DES algorithm in @@ -68,9 +65,15 @@ core.init(encoded, decodingMethod); } - protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec) + protected <T extends AlgorithmParameterSpec> + T engineGetParameterSpec(Class<T> paramSpec) throws InvalidParameterSpecException { - return core.getParameterSpec(paramSpec); + if (AlgorithmParameterSpec.class.isAssignableFrom(paramSpec)) { + return core.getParameterSpec(paramSpec); + } else { + throw new InvalidParameterSpecException + ("Inappropriate parameter Specification"); + } } protected byte[] engineGetEncoded() throws IOException {
--- a/src/share/classes/com/sun/crypto/provider/DESedeKey.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/DESedeKey.java Sat Sep 10 22:36:17 2016 +0100 @@ -79,7 +79,7 @@ } public byte[] getEncoded() { - return (byte[])this.key.clone(); + return this.key.clone(); } public String getAlgorithm() { @@ -128,7 +128,7 @@ throws java.io.IOException, ClassNotFoundException { s.defaultReadObject(); - key = (byte[])key.clone(); + key = key.clone(); } /**
--- a/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it
--- a/src/share/classes/com/sun/crypto/provider/DESedeParameters.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/DESedeParameters.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,13 +25,10 @@ package com.sun.crypto.provider; -import java.util.*; import java.io.*; -import sun.security.util.*; import java.security.AlgorithmParametersSpi; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.InvalidParameterSpecException; -import javax.crypto.spec.IvParameterSpec; /** * This class implements the parameter (IV) used with the Triple DES algorithm @@ -67,9 +64,15 @@ core.init(encoded, decodingMethod); } - protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec) + protected <T extends AlgorithmParameterSpec> + T engineGetParameterSpec(Class<T> paramSpec) throws InvalidParameterSpecException { - return core.getParameterSpec(paramSpec); + if (AlgorithmParameterSpec.class.isAssignableFrom(paramSpec)) { + return core.getParameterSpec(paramSpec); + } else { + throw new InvalidParameterSpecException + ("Inappropriate parameter Specification"); + } } protected byte[] engineGetEncoded() throws IOException {
--- a/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,7 +25,6 @@ package com.sun.crypto.provider; -import java.util.Arrays; import java.security.*; import java.security.spec.*; import javax.crypto.*; @@ -151,7 +150,7 @@ * been set. */ protected byte[] engineGetIV() { - return (iv == null? null:(byte[]) iv.clone()); + return (iv == null) ? null : iv.clone(); } /** @@ -277,8 +276,7 @@ try { DESedeParameters paramsEng = new DESedeParameters(); paramsEng.engineInit(params.getEncoded()); - ivSpec = (IvParameterSpec) - paramsEng.engineGetParameterSpec(IvParameterSpec.class); + ivSpec = paramsEng.engineGetParameterSpec(IvParameterSpec.class); } catch (Exception ex) { InvalidAlgorithmParameterException iape = new InvalidAlgorithmParameterException
--- a/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,8 +25,6 @@ package com.sun.crypto.provider; -import java.util.*; -import java.lang.*; import java.security.Key; import java.security.PublicKey; import java.security.PrivateKey; @@ -140,7 +138,8 @@ * inappropriate for the given key, or the given key cannot be processed * (e.g., the given key has an unrecognized algorithm or format). */ - protected KeySpec engineGetKeySpec(Key key, Class keySpec) + protected <T extends KeySpec> + T engineGetKeySpec(Key key, Class<T> keySpec) throws InvalidKeySpecException { DHParameterSpec params; @@ -150,12 +149,12 @@ javax.crypto.interfaces.DHPublicKey dhPubKey = (javax.crypto.interfaces.DHPublicKey) key; params = dhPubKey.getParams(); - return new DHPublicKeySpec(dhPubKey.getY(), - params.getP(), - params.getG()); + return keySpec.cast(new DHPublicKeySpec(dhPubKey.getY(), + params.getP(), + params.getG())); } else if (X509EncodedKeySpec.class.isAssignableFrom(keySpec)) { - return new X509EncodedKeySpec(key.getEncoded()); + return keySpec.cast(new X509EncodedKeySpec(key.getEncoded())); } else { throw new InvalidKeySpecException @@ -168,12 +167,12 @@ javax.crypto.interfaces.DHPrivateKey dhPrivKey = (javax.crypto.interfaces.DHPrivateKey)key; params = dhPrivKey.getParams(); - return new DHPrivateKeySpec(dhPrivKey.getX(), - params.getP(), - params.getG()); + return keySpec.cast(new DHPrivateKeySpec(dhPrivKey.getX(), + params.getP(), + params.getG())); } else if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) { - return new PKCS8EncodedKeySpec(key.getEncoded()); + return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded())); } else { throw new InvalidKeySpecException @@ -208,8 +207,7 @@ } // Convert key to spec DHPublicKeySpec dhPubKeySpec - = (DHPublicKeySpec)engineGetKeySpec - (key, DHPublicKeySpec.class); + = engineGetKeySpec(key, DHPublicKeySpec.class); // Create key from spec, and return it return engineGeneratePublic(dhPubKeySpec); @@ -220,8 +218,7 @@ } // Convert key to spec DHPrivateKeySpec dhPrivKeySpec - = (DHPrivateKeySpec)engineGetKeySpec - (key, DHPrivateKeySpec.class); + = engineGetKeySpec(key, DHPrivateKeySpec.class); // Create key from spec, and return it return engineGeneratePrivate(dhPrivKeySpec);
--- a/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java Sat Sep 10 22:36:17 2016 +0100 @@ -26,7 +26,6 @@ package com.sun.crypto.provider; -import java.math.BigInteger; import java.security.*; import java.security.spec.*; import javax.crypto.spec.DHParameterSpec; @@ -142,8 +141,7 @@ paramGen = AlgorithmParameterGenerator.getInstance("DSA"); paramGen.init(this.primeSize, random); algParams = paramGen.generateParameters(); - dsaParamSpec = (DSAParameterSpec) - algParams.getParameterSpec(DSAParameterSpec.class); + dsaParamSpec = algParams.getParameterSpec(DSAParameterSpec.class); DHParameterSpec dhParamSpec; if (this.exponentSize > 0) {
--- a/src/share/classes/com/sun/crypto/provider/DHParameters.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/DHParameters.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,7 +25,6 @@ package com.sun.crypto.provider; -import java.util.*; import java.io.*; import sun.security.util.*; import java.math.BigInteger; @@ -95,11 +94,12 @@ engineInit(params); } - protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec) + protected <T extends AlgorithmParameterSpec> + T engineGetParameterSpec(Class<T> paramSpec) throws InvalidParameterSpecException { if (DHParameterSpec.class.isAssignableFrom(paramSpec)) { - return new DHParameterSpec(this.p, this.g, this.l); + return paramSpec.cast(new DHParameterSpec(this.p, this.g, this.l)); } else { throw new InvalidParameterSpecException ("Inappropriate parameter Specification");
--- a/src/share/classes/com/sun/crypto/provider/DHPrivateKey.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/DHPrivateKey.java Sat Sep 10 22:36:17 2016 +0100 @@ -31,7 +31,6 @@ import java.security.PrivateKey; import java.security.InvalidKeyException; import java.security.ProviderException; -import javax.crypto.*; import javax.crypto.spec.DHParameterSpec; import sun.security.util.*; @@ -182,7 +181,7 @@ // ignore OPTIONAL attributes - this.encodedKey = (byte[])encodedKey.clone(); + this.encodedKey = encodedKey.clone(); } catch (NumberFormatException e) { InvalidKeyException ike = new InvalidKeyException( @@ -256,7 +255,7 @@ return null; } } - return (byte[])this.encodedKey.clone(); + return this.encodedKey.clone(); } /**
--- a/src/share/classes/com/sun/crypto/provider/DHPublicKey.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/DHPublicKey.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,10 +29,8 @@ import java.math.BigInteger; import java.security.KeyRep; import java.security.InvalidKeyException; -import java.security.InvalidAlgorithmParameterException; import java.security.ProviderException; import java.security.PublicKey; -import javax.crypto.*; import javax.crypto.spec.DHParameterSpec; import sun.security.util.*; @@ -174,7 +172,7 @@ throw new InvalidKeyException("Excess key data"); } - this.encodedKey = (byte[])encodedKey.clone(); + this.encodedKey = encodedKey.clone(); } catch (NumberFormatException e) { throw new InvalidKeyException("Private-value length too big"); @@ -237,7 +235,7 @@ return null; } } - return (byte[])this.encodedKey.clone(); + return this.encodedKey.clone(); } /**
--- a/src/share/classes/com/sun/crypto/provider/EncryptedPrivateKeyInfo.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/EncryptedPrivateKeyInfo.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -77,7 +77,7 @@ if (seq[1].data.available() != 0) throw new IOException("encryptedData field overrun"); - this.encoded = (byte[])encoded.clone(); + this.encoded = encoded.clone(); } /** @@ -86,7 +86,7 @@ */ EncryptedPrivateKeyInfo(AlgorithmId algid, byte[] encryptedData) { this.algid = algid; - this.encryptedData = (byte[])encryptedData.clone(); + this.encryptedData = encryptedData.clone(); this.encoded = null; // lazy generation of encoding } @@ -101,7 +101,7 @@ * Returns the encrypted data. */ byte[] getEncryptedData() { - return (byte[])this.encryptedData.clone(); + return this.encryptedData.clone(); } /** @@ -110,7 +110,7 @@ byte[] getEncoded() throws IOException { - if (this.encoded != null) return (byte[])this.encoded.clone(); + if (this.encoded != null) return this.encoded.clone(); DerOutputStream out = new DerOutputStream(); DerOutputStream tmp = new DerOutputStream(); @@ -125,6 +125,6 @@ out.write(DerValue.tag_Sequence, tmp); this.encoded = out.toByteArray(); - return (byte[])this.encoded.clone(); + return this.encoded.clone(); } }
--- a/src/share/classes/com/sun/crypto/provider/JceKeyStore.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/JceKeyStore.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -38,9 +38,7 @@ import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; import java.security.cert.CertificateException; -import java.security.spec.InvalidKeySpecException; import javax.crypto.SealedObject; /** @@ -87,7 +85,7 @@ * Private keys and certificates are stored in a hashtable. * Hash entries are keyed by alias names. */ - private Hashtable entries = new Hashtable(); + private Hashtable<String, Object> entries = new Hashtable<String, Object>(); /** * Returns the key associated with the given alias, using the given @@ -156,7 +154,7 @@ if ((entry instanceof PrivateKeyEntry) && (((PrivateKeyEntry)entry).chain != null)) { - chain = (Certificate[])((PrivateKeyEntry)entry).chain.clone(); + chain = ((PrivateKeyEntry)entry).chain.clone(); } return chain; @@ -262,7 +260,7 @@ // clone the chain if ((chain != null) && (chain.length !=0)) { - entry.chain = (Certificate[])chain.clone(); + entry.chain = chain.clone(); } else { entry.chain = null; } @@ -316,10 +314,10 @@ PrivateKeyEntry entry = new PrivateKeyEntry(); entry.date = new Date(); - entry.protectedKey = (byte[])key.clone(); + entry.protectedKey = key.clone(); if ((chain != null) && (chain.length != 0)) { - entry.chain = (Certificate[])chain.clone(); + entry.chain = chain.clone(); } else { entry.chain = null; } @@ -384,7 +382,7 @@ * * @return enumeration of the alias names */ - public Enumeration engineAliases() { + public Enumeration<String> engineAliases() { return entries.keys(); } @@ -462,9 +460,9 @@ public String engineGetCertificateAlias(Certificate cert) { Certificate certElem; - Enumeration e = entries.keys(); + Enumeration<String> e = entries.keys(); while (e.hasMoreElements()) { - String alias = (String)e.nextElement(); + String alias = e.nextElement(); Object entry = entries.get(alias); if (entry instanceof TrustedCertEntry) { certElem = ((TrustedCertEntry)entry).cert; @@ -560,10 +558,10 @@ dos.writeInt(entries.size()); - Enumeration e = entries.keys(); + Enumeration<String> e = entries.keys(); while (e.hasMoreElements()) { - String alias = (String)e.nextElement(); + String alias = e.nextElement(); Object entry = entries.get(alias); if (entry instanceof PrivateKeyEntry) { @@ -677,7 +675,7 @@ DataInputStream dis; MessageDigest md = null; CertificateFactory cf = null; - Hashtable cfs = null; + Hashtable<String, CertificateFactory> cfs = null; ByteArrayInputStream bais = null; byte[] encoded = null; @@ -713,7 +711,7 @@ cf = CertificateFactory.getInstance("X509"); } else { // version 2 - cfs = new Hashtable(3); + cfs = new Hashtable<String, CertificateFactory>(3); } entries.clear(); @@ -761,7 +759,7 @@ String certType = dis.readUTF(); if (cfs.containsKey(certType)) { // reuse certificate factory - cf = (CertificateFactory)cfs.get(certType); + cf = cfs.get(certType); } else { // create new certificate factory cf = CertificateFactory.getInstance( @@ -803,7 +801,7 @@ String certType = dis.readUTF(); if (cfs.containsKey(certType)) { // reuse certificate factory - cf = (CertificateFactory)cfs.get(certType); + cf = cfs.get(certType); } else { // create new certificate factory cf = CertificateFactory.getInstance(certType);
--- a/src/share/classes/com/sun/crypto/provider/KeyProtector.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/KeyProtector.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,14 +25,8 @@ package com.sun.crypto.provider; -import java.io.UnsupportedEncodingException; import java.io.IOException; import java.io.Serializable; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.io.ObjectInputStream.GetField; import java.security.Security; import java.security.Key; import java.security.PrivateKey; @@ -42,22 +36,14 @@ import java.security.GeneralSecurityException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; -import java.security.SecureRandom; import java.security.UnrecoverableKeyException; -import java.security.InvalidParameterException; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; import java.security.AlgorithmParameters; -import java.security.spec.InvalidParameterSpecException; -import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import javax.crypto.Cipher; import javax.crypto.CipherSpi; import javax.crypto.SecretKey; -import javax.crypto.NoSuchPaddingException; import javax.crypto.IllegalBlockSizeException; -import javax.crypto.BadPaddingException; import javax.crypto.SealedObject; import javax.crypto.spec.*; import sun.security.x509.AlgorithmId; @@ -127,7 +113,7 @@ PBEWithMD5AndTripleDESCipher cipher; cipher = new PBEWithMD5AndTripleDESCipher(); cipher.engineInit(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null); - byte[] plain = (byte[])key.getEncoded(); + byte[] plain = key.getEncoded(); byte[] encrKey = cipher.engineDoFinal(plain, 0, plain.length); // wrap encrypted private key in EncryptedPrivateKeyInfo @@ -169,8 +155,8 @@ AlgorithmParameters pbeParams = AlgorithmParameters.getInstance("PBE"); pbeParams.init(encodedParams); - PBEParameterSpec pbeSpec = (PBEParameterSpec) - pbeParams.getParameterSpec(PBEParameterSpec.class); + PBEParameterSpec pbeSpec = + pbeParams.getParameterSpec(PBEParameterSpec.class); // create PBE key from password PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
--- a/src/share/classes/com/sun/crypto/provider/OAEPParameters.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/OAEPParameters.java Sat Sep 10 22:36:17 2016 +0100 @@ -26,7 +26,6 @@ package com.sun.crypto.provider; import java.math.BigInteger; -import java.util.*; import java.io.*; import sun.security.util.*; import sun.security.x509.*; @@ -169,11 +168,13 @@ engineInit(encoded); } - protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec) + protected <T extends AlgorithmParameterSpec> + T engineGetParameterSpec(Class<T> paramSpec) throws InvalidParameterSpecException { if (OAEPParameterSpec.class.isAssignableFrom(paramSpec)) { - return new OAEPParameterSpec(mdName, "MGF1", mgfSpec, - new PSource.PSpecified(p)); + return paramSpec.cast( + new OAEPParameterSpec(mdName, "MGF1", mgfSpec, + new PSource.PSpecified(p))); } else { throw new InvalidParameterSpecException ("Inappropriate parameter specification");
--- a/src/share/classes/com/sun/crypto/provider/PBECipherCore.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/PBECipherCore.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,7 +25,6 @@ package com.sun.crypto.provider; -import java.io.UnsupportedEncodingException; import java.security.*; import java.security.spec.*; import javax.crypto.*; @@ -326,8 +325,7 @@ PBEParameterSpec pbeSpec = null; if (params != null) { try { - pbeSpec = (PBEParameterSpec) params.getParameterSpec - (PBEParameterSpec.class); + pbeSpec = params.getParameterSpec(PBEParameterSpec.class); } catch (InvalidParameterSpecException ipse) { throw new InvalidAlgorithmParameterException("Wrong parameter " + "type: PBE "
--- a/src/share/classes/com/sun/crypto/provider/PBEKey.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/PBEKey.java Sat Sep 10 22:36:17 2016 +0100 @@ -25,7 +25,6 @@ package com.sun.crypto.provider; -import java.io.UnsupportedEncodingException; import java.security.MessageDigest; import java.security.KeyRep; import java.security.spec.InvalidKeySpecException; @@ -73,7 +72,7 @@ } public byte[] getEncoded() { - return (byte[])this.key.clone(); + return this.key.clone(); } public String getAlgorithm() { @@ -122,7 +121,7 @@ throws java.io.IOException, ClassNotFoundException { s.defaultReadObject(); - key = (byte[])key.clone(); + key = key.clone(); }
--- a/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,7 +25,6 @@ package com.sun.crypto.provider; -import java.io.UnsupportedEncodingException; import java.security.InvalidKeyException; import java.security.spec.KeySpec; import java.security.spec.InvalidKeySpecException;
--- a/src/share/classes/com/sun/crypto/provider/PBEParameters.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/PBEParameters.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,7 +25,6 @@ package com.sun.crypto.provider; -import java.util.*; import java.io.*; import java.math.BigInteger; import java.security.AlgorithmParametersSpi; @@ -65,7 +64,7 @@ throw new InvalidParameterSpecException ("Inappropriate parameter specification"); } - this.salt = (byte[])((PBEParameterSpec)paramSpec).getSalt().clone(); + this.salt = ((PBEParameterSpec)paramSpec).getSalt().clone(); this.iCount = ((PBEParameterSpec)paramSpec).getIterationCount(); } @@ -98,11 +97,12 @@ engineInit(encoded); } - protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec) + protected <T extends AlgorithmParameterSpec> + T engineGetParameterSpec(Class<T> paramSpec) throws InvalidParameterSpecException { if (PBEParameterSpec.class.isAssignableFrom(paramSpec)) { - return new PBEParameterSpec(this.salt, this.iCount); + return paramSpec.cast(new PBEParameterSpec(this.salt, this.iCount)); } else { throw new InvalidParameterSpecException ("Inappropriate parameter specification");
--- a/src/share/classes/com/sun/crypto/provider/PBKDF2HmacSHA1Factory.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/PBKDF2HmacSHA1Factory.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,14 +25,12 @@ package com.sun.crypto.provider; -import java.io.*; import java.security.InvalidKeyException; import java.security.spec.KeySpec; import java.security.spec.InvalidKeySpecException; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactorySpi; import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.SecretKeySpec; /** * This class implements a key factory for PBE keys derived using
--- a/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -134,6 +134,7 @@ byte[] ti = new byte[hlen]; // SecretKeySpec cannot be used, since password can be empty here. SecretKey macKey = new SecretKey() { + private static final long serialVersionUID = 7874493593505141603L; @Override public String getAlgorithm() { return prf.getAlgorithm(); @@ -195,7 +196,7 @@ } public byte[] getEncoded() { - return (byte[]) key.clone(); + return key.clone(); } public String getAlgorithm() { @@ -207,7 +208,7 @@ } public char[] getPassword() { - return (char[]) passwd.clone(); + return passwd.clone(); } public byte[] getSalt() { @@ -269,7 +270,7 @@ protected void finalize() throws Throwable { try { if (this.passwd != null) { - java.util.Arrays.fill(this.passwd, (char) '0'); + java.util.Arrays.fill(this.passwd, '0'); this.passwd = null; } if (this.key != null) {
--- a/src/share/classes/com/sun/crypto/provider/PCBC.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/PCBC.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -145,7 +145,7 @@ for (; plainOffset < endIndex; plainOffset += blockSize, cipherOffset += blockSize) { for (i=0; i<blockSize; i++) { - k[i] ^= (byte)(plain[i+plainOffset]); + k[i] ^= plain[i+plainOffset]; } embeddedCipher.encryptBlock(k, 0, cipher, cipherOffset); for (i = 0; i < blockSize; i++) {
--- a/src/share/classes/com/sun/crypto/provider/RC2Cipher.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/RC2Cipher.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -98,8 +98,8 @@ throws InvalidKeyException, InvalidAlgorithmParameterException { if (params != null && params.getAlgorithm().equals("RC2")) { try { - RC2ParameterSpec rc2Params = (RC2ParameterSpec) - params.getParameterSpec(RC2ParameterSpec.class); + RC2ParameterSpec rc2Params = + params.getParameterSpec(RC2ParameterSpec.class); engineInit(opmode, key, rc2Params, random); } catch (InvalidParameterSpecException ipse) { throw new InvalidAlgorithmParameterException
--- a/src/share/classes/com/sun/crypto/provider/RC2Parameters.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/RC2Parameters.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -55,7 +55,6 @@ * @author Sean Mullan * @since 1.5 */ - public final class RC2Parameters extends AlgorithmParametersSpi { // TABLE[EKB] from section 6 of RFC 2268, used to convert effective key @@ -177,13 +176,14 @@ engineInit(encoded); } - protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec) + protected <T extends AlgorithmParameterSpec> + T engineGetParameterSpec(Class<T> paramSpec) throws InvalidParameterSpecException { if (RC2ParameterSpec.class.isAssignableFrom(paramSpec)) { - return (iv == null ? - new RC2ParameterSpec(effectiveKeySize) : - new RC2ParameterSpec(effectiveKeySize, iv)); + return paramSpec.cast((iv == null ? + new RC2ParameterSpec(effectiveKeySize) : + new RC2ParameterSpec(effectiveKeySize, iv))); } else { throw new InvalidParameterSpecException ("Inappropriate parameter specification");
--- a/src/share/classes/com/sun/crypto/provider/RSACipher.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/RSACipher.java Sat Sep 10 22:36:17 2016 +0100 @@ -232,8 +232,8 @@ init(opmode, key, random, null); } else { try { - OAEPParameterSpec spec = (OAEPParameterSpec) - params.getParameterSpec(OAEPParameterSpec.class); + OAEPParameterSpec spec = + params.getParameterSpec(OAEPParameterSpec.class); init(opmode, key, random, spec); } catch (InvalidParameterSpecException ipse) { InvalidAlgorithmParameterException iape =
--- a/src/share/classes/com/sun/crypto/provider/SunJCE.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/SunJCE.java Sat Sep 10 22:36:17 2016 +0100 @@ -27,11 +27,6 @@ import java.security.AccessController; import java.security.Provider; -import java.security.PrivilegedAction; -import java.security.cert.*; -import java.net.URL; -import java.io.ByteArrayInputStream; -import java.security.CodeSource; import java.security.SecureRandom; @@ -105,433 +100,431 @@ "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128"; final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING"; - AccessController.doPrivileged(new java.security.PrivilegedAction() { + AccessController.doPrivileged( + new java.security.PrivilegedAction<Object>() { public Object run() { - /* - * Cipher engines - */ - put("Cipher.RSA", "com.sun.crypto.provider.RSACipher"); - put("Cipher.RSA SupportedModes", "ECB"); - put("Cipher.RSA SupportedPaddings", - "NOPADDING|PKCS1PADDING|OAEPWITHMD5ANDMGF1PADDING" - + "|OAEPWITHSHA1ANDMGF1PADDING" - + "|OAEPWITHSHA-1ANDMGF1PADDING" - + "|OAEPWITHSHA-224ANDMGF1PADDING" - + "|OAEPWITHSHA-256ANDMGF1PADDING" - + "|OAEPWITHSHA-384ANDMGF1PADDING" - + "|OAEPWITHSHA-512ANDMGF1PADDING"); - put("Cipher.RSA SupportedKeyClasses", - "java.security.interfaces.RSAPublicKey" + - "|java.security.interfaces.RSAPrivateKey"); + /* + * Cipher engines + */ + put("Cipher.RSA", "com.sun.crypto.provider.RSACipher"); + put("Cipher.RSA SupportedModes", "ECB"); + put("Cipher.RSA SupportedPaddings", + "NOPADDING|PKCS1PADDING|OAEPWITHMD5ANDMGF1PADDING" + + "|OAEPWITHSHA1ANDMGF1PADDING" + + "|OAEPWITHSHA-1ANDMGF1PADDING" + + "|OAEPWITHSHA-224ANDMGF1PADDING" + + "|OAEPWITHSHA-256ANDMGF1PADDING" + + "|OAEPWITHSHA-384ANDMGF1PADDING" + + "|OAEPWITHSHA-512ANDMGF1PADDING"); + put("Cipher.RSA SupportedKeyClasses", + "java.security.interfaces.RSAPublicKey" + + "|java.security.interfaces.RSAPrivateKey"); - put("Cipher.DES", "com.sun.crypto.provider.DESCipher"); - put("Cipher.DES SupportedModes", BLOCK_MODES); - put("Cipher.DES SupportedPaddings", BLOCK_PADS); - put("Cipher.DES SupportedKeyFormats", "RAW"); + put("Cipher.DES", "com.sun.crypto.provider.DESCipher"); + put("Cipher.DES SupportedModes", BLOCK_MODES); + put("Cipher.DES SupportedPaddings", BLOCK_PADS); + put("Cipher.DES SupportedKeyFormats", "RAW"); - put("Cipher.DESede", "com.sun.crypto.provider.DESedeCipher"); - put("Alg.Alias.Cipher.TripleDES", "DESede"); - put("Cipher.DESede SupportedModes", BLOCK_MODES); - put("Cipher.DESede SupportedPaddings", BLOCK_PADS); - put("Cipher.DESede SupportedKeyFormats", "RAW"); + put("Cipher.DESede", "com.sun.crypto.provider.DESedeCipher"); + put("Alg.Alias.Cipher.TripleDES", "DESede"); + put("Cipher.DESede SupportedModes", BLOCK_MODES); + put("Cipher.DESede SupportedPaddings", BLOCK_PADS); + put("Cipher.DESede SupportedKeyFormats", "RAW"); - put("Cipher.DESedeWrap", - "com.sun.crypto.provider.DESedeWrapCipher"); - put("Cipher.DESedeWrap SupportedModes", "CBC"); - put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING"); - put("Cipher.DESedeWrap SupportedKeyFormats", "RAW"); + put("Cipher.DESedeWrap", + "com.sun.crypto.provider.DESedeWrapCipher"); + put("Cipher.DESedeWrap SupportedModes", "CBC"); + put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING"); + put("Cipher.DESedeWrap SupportedKeyFormats", "RAW"); - put("Cipher.PBEWithMD5AndDES", - "com.sun.crypto.provider.PBEWithMD5AndDESCipher"); - put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES, - "PBEWithMD5AndDES"); - put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES, - "PBEWithMD5AndDES"); - put("Cipher.PBEWithMD5AndTripleDES", - "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher"); - put("Cipher.PBEWithSHA1AndRC2_40", - "com.sun.crypto.provider.PKCS12PBECipherCore$" + - "PBEWithSHA1AndRC2_40"); - put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40, - "PBEWithSHA1AndRC2_40"); - put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40, - "PBEWithSHA1AndRC2_40"); - put("Cipher.PBEWithSHA1AndDESede", - "com.sun.crypto.provider.PKCS12PBECipherCore$" + - "PBEWithSHA1AndDESede"); - put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede, - "PBEWithSHA1AndDESede"); - put("Alg.Alias.Cipher." + OID_PKCS12_DESede, - "PBEWithSHA1AndDESede"); + put("Cipher.PBEWithMD5AndDES", + "com.sun.crypto.provider.PBEWithMD5AndDESCipher"); + put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES, + "PBEWithMD5AndDES"); + put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES, + "PBEWithMD5AndDES"); + put("Cipher.PBEWithMD5AndTripleDES", + "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher"); + put("Cipher.PBEWithSHA1AndRC2_40", + "com.sun.crypto.provider.PKCS12PBECipherCore$" + + "PBEWithSHA1AndRC2_40"); + put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40, + "PBEWithSHA1AndRC2_40"); + put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40, + "PBEWithSHA1AndRC2_40"); + put("Cipher.PBEWithSHA1AndDESede", + "com.sun.crypto.provider.PKCS12PBECipherCore$" + + "PBEWithSHA1AndDESede"); + put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede, + "PBEWithSHA1AndDESede"); + put("Alg.Alias.Cipher." + OID_PKCS12_DESede, + "PBEWithSHA1AndDESede"); - put("Cipher.Blowfish", - "com.sun.crypto.provider.BlowfishCipher"); - put("Cipher.Blowfish SupportedModes", BLOCK_MODES); - put("Cipher.Blowfish SupportedPaddings", BLOCK_PADS); - put("Cipher.Blowfish SupportedKeyFormats", "RAW"); + put("Cipher.Blowfish", + "com.sun.crypto.provider.BlowfishCipher"); + put("Cipher.Blowfish SupportedModes", BLOCK_MODES); + put("Cipher.Blowfish SupportedPaddings", BLOCK_PADS); + put("Cipher.Blowfish SupportedKeyFormats", "RAW"); - put("Cipher.AES", "com.sun.crypto.provider.AESCipher"); - put("Cipher.AES", "com.sun.crypto.provider.AESCipher$General"); - put("Alg.Alias.Cipher.Rijndael", "AES"); - put("Cipher.AES SupportedModes", BLOCK_MODES128); - put("Cipher.AES SupportedPaddings", BLOCK_PADS); - put("Cipher.AES SupportedKeyFormats", "RAW"); + put("Cipher.AES", "com.sun.crypto.provider.AESCipher$General"); + put("Alg.Alias.Cipher.Rijndael", "AES"); + put("Cipher.AES SupportedModes", BLOCK_MODES128); + put("Cipher.AES SupportedPaddings", BLOCK_PADS); + put("Cipher.AES SupportedKeyFormats", "RAW"); - put("Cipher.AES_128/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding"); - put("Cipher.AES_128/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding"); - put("Cipher.AES_128/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding"); - put("Cipher.AES_128/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding"); + put("Cipher.AES_128/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding"); + put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding"); + put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding"); + put("Cipher.AES_128/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding"); + put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding"); + put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding"); + put("Cipher.AES_128/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding"); + put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding"); + put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding"); + put("Cipher.AES_128/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding"); + put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding"); + put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding"); - put("Cipher.AES_192/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding"); - put("Cipher.AES_192/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding"); - put("Cipher.AES_192/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding"); - put("Cipher.AES_192/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding"); + put("Cipher.AES_192/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding"); + put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding"); + put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding"); + put("Cipher.AES_192/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding"); + put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding"); + put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding"); + put("Cipher.AES_192/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding"); + put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding"); + put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding"); + put("Cipher.AES_192/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding"); + put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding"); + put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding"); - put("Cipher.AES_256/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding"); - put("Cipher.AES_256/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding"); - put("Cipher.AES_256/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding"); - put("Cipher.AES_256/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding"); - - put("Cipher.AESWrap", "com.sun.crypto.provider.AESWrapCipher$General"); - put("Cipher.AESWrap SupportedModes", "ECB"); - put("Cipher.AESWrap SupportedPaddings", "NOPADDING"); - put("Cipher.AESWrap SupportedKeyFormats", "RAW"); + put("Cipher.AES_256/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding"); + put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding"); + put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding"); + put("Cipher.AES_256/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding"); + put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding"); + put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding"); + put("Cipher.AES_256/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding"); + put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding"); + put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding"); + put("Cipher.AES_256/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding"); + put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding"); + put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding"); - put("Cipher.AESWrap_128", "com.sun.crypto.provider.AESWrapCipher$AES128"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.5", "AESWrap_128"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.5", "AESWrap_128"); - put("Cipher.AESWrap_192", "com.sun.crypto.provider.AESWrapCipher$AES192"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.25", "AESWrap_192"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.25", "AESWrap_192"); - put("Cipher.AESWrap_256", "com.sun.crypto.provider.AESWrapCipher$AES256"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.45", "AESWrap_256"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.45", "AESWrap_256"); + put("Cipher.AESWrap", "com.sun.crypto.provider.AESWrapCipher$General"); + put("Cipher.AESWrap SupportedModes", "ECB"); + put("Cipher.AESWrap SupportedPaddings", "NOPADDING"); + put("Cipher.AESWrap SupportedKeyFormats", "RAW"); - put("Cipher.RC2", - "com.sun.crypto.provider.RC2Cipher"); - put("Cipher.RC2 SupportedModes", BLOCK_MODES); - put("Cipher.RC2 SupportedPaddings", BLOCK_PADS); - put("Cipher.RC2 SupportedKeyFormats", "RAW"); + put("Cipher.AESWrap_128", "com.sun.crypto.provider.AESWrapCipher$AES128"); + put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.5", "AESWrap_128"); + put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.5", "AESWrap_128"); + put("Cipher.AESWrap_192", "com.sun.crypto.provider.AESWrapCipher$AES192"); + put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.25", "AESWrap_192"); + put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.25", "AESWrap_192"); + put("Cipher.AESWrap_256", "com.sun.crypto.provider.AESWrapCipher$AES256"); + put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.45", "AESWrap_256"); + put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.45", "AESWrap_256"); + + put("Cipher.RC2", + "com.sun.crypto.provider.RC2Cipher"); + put("Cipher.RC2 SupportedModes", BLOCK_MODES); + put("Cipher.RC2 SupportedPaddings", BLOCK_PADS); + put("Cipher.RC2 SupportedKeyFormats", "RAW"); - put("Cipher.ARCFOUR", - "com.sun.crypto.provider.ARCFOURCipher"); - put("Alg.Alias.Cipher.RC4", "ARCFOUR"); - put("Cipher.ARCFOUR SupportedModes", "ECB"); - put("Cipher.ARCFOUR SupportedPaddings", "NOPADDING"); - put("Cipher.ARCFOUR SupportedKeyFormats", "RAW"); + put("Cipher.ARCFOUR", + "com.sun.crypto.provider.ARCFOURCipher"); + put("Alg.Alias.Cipher.RC4", "ARCFOUR"); + put("Cipher.ARCFOUR SupportedModes", "ECB"); + put("Cipher.ARCFOUR SupportedPaddings", "NOPADDING"); + put("Cipher.ARCFOUR SupportedKeyFormats", "RAW"); - /* - * Key(pair) Generator engines - */ - put("KeyGenerator.DES", - "com.sun.crypto.provider.DESKeyGenerator"); + /* + * Key(pair) Generator engines + */ + put("KeyGenerator.DES", + "com.sun.crypto.provider.DESKeyGenerator"); - put("KeyGenerator.DESede", - "com.sun.crypto.provider.DESedeKeyGenerator"); - put("Alg.Alias.KeyGenerator.TripleDES", "DESede"); + put("KeyGenerator.DESede", + "com.sun.crypto.provider.DESedeKeyGenerator"); + put("Alg.Alias.KeyGenerator.TripleDES", "DESede"); - put("KeyGenerator.Blowfish", - "com.sun.crypto.provider.BlowfishKeyGenerator"); + put("KeyGenerator.Blowfish", + "com.sun.crypto.provider.BlowfishKeyGenerator"); - put("KeyGenerator.AES", - "com.sun.crypto.provider.AESKeyGenerator"); - put("Alg.Alias.KeyGenerator.Rijndael", "AES"); - - put("KeyGenerator.RC2", - "com.sun.crypto.provider.KeyGeneratorCore$" + - "RC2KeyGenerator"); - put("KeyGenerator.ARCFOUR", - "com.sun.crypto.provider.KeyGeneratorCore$" + - "ARCFOURKeyGenerator"); - put("Alg.Alias.KeyGenerator.RC4", "ARCFOUR"); + put("KeyGenerator.AES", + "com.sun.crypto.provider.AESKeyGenerator"); + put("Alg.Alias.KeyGenerator.Rijndael", "AES"); - put("KeyGenerator.HmacMD5", - "com.sun.crypto.provider.HmacMD5KeyGenerator"); + put("KeyGenerator.RC2", + "com.sun.crypto.provider.KeyGeneratorCore$" + + "RC2KeyGenerator"); + put("KeyGenerator.ARCFOUR", + "com.sun.crypto.provider.KeyGeneratorCore$" + + "ARCFOURKeyGenerator"); + put("Alg.Alias.KeyGenerator.RC4", "ARCFOUR"); - put("KeyGenerator.HmacSHA1", - "com.sun.crypto.provider.HmacSHA1KeyGenerator"); - put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.7", "HmacSHA1"); - put("Alg.Alias.KeyGenerator.1.2.840.113549.2.7", "HmacSHA1"); + put("KeyGenerator.HmacMD5", + "com.sun.crypto.provider.HmacMD5KeyGenerator"); - put("KeyGenerator.HmacSHA224", - "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224"); - put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.8", "HmacSHA224"); - put("Alg.Alias.KeyGenerator.1.2.840.113549.2.8", "HmacSHA224"); + put("KeyGenerator.HmacSHA1", + "com.sun.crypto.provider.HmacSHA1KeyGenerator"); + put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.7", "HmacSHA1"); + put("Alg.Alias.KeyGenerator.1.2.840.113549.2.7", "HmacSHA1"); - put("KeyGenerator.HmacSHA256", - "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256"); - put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.9", "HmacSHA256"); - put("Alg.Alias.KeyGenerator.1.2.840.113549.2.9", "HmacSHA256"); + put("KeyGenerator.HmacSHA224", + "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224"); + put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.8", "HmacSHA224"); + put("Alg.Alias.KeyGenerator.1.2.840.113549.2.8", "HmacSHA224"); - put("KeyGenerator.HmacSHA384", - "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384"); - put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.10", "HmacSHA384"); - put("Alg.Alias.KeyGenerator.1.2.840.113549.2.10", "HmacSHA384"); + put("KeyGenerator.HmacSHA256", + "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256"); + put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.9", "HmacSHA256"); + put("Alg.Alias.KeyGenerator.1.2.840.113549.2.9", "HmacSHA256"); - put("KeyGenerator.HmacSHA512", - "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512"); - put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.11", "HmacSHA512"); - put("Alg.Alias.KeyGenerator.1.2.840.113549.2.11", "HmacSHA512"); + put("KeyGenerator.HmacSHA384", + "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384"); + put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.10", "HmacSHA384"); + put("Alg.Alias.KeyGenerator.1.2.840.113549.2.10", "HmacSHA384"); - put("KeyPairGenerator.DiffieHellman", - "com.sun.crypto.provider.DHKeyPairGenerator"); - put("Alg.Alias.KeyPairGenerator.DH", "DiffieHellman"); - put("Alg.Alias.KeyPairGenerator.OID."+OID_PKCS3, - "DiffieHellman"); - put("Alg.Alias.KeyPairGenerator."+OID_PKCS3, - "DiffieHellman"); - /* - * Algorithm parameter generation engines - */ - put("AlgorithmParameterGenerator.DiffieHellman", - "com.sun.crypto.provider.DHParameterGenerator"); - put("Alg.Alias.AlgorithmParameterGenerator.DH", - "DiffieHellman"); - put("Alg.Alias.AlgorithmParameterGenerator.OID."+OID_PKCS3, - "DiffieHellman"); - put("Alg.Alias.AlgorithmParameterGenerator."+OID_PKCS3, - "DiffieHellman"); + put("KeyGenerator.HmacSHA512", + "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512"); + put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.11", "HmacSHA512"); + put("Alg.Alias.KeyGenerator.1.2.840.113549.2.11", "HmacSHA512"); + + put("KeyPairGenerator.DiffieHellman", + "com.sun.crypto.provider.DHKeyPairGenerator"); + put("Alg.Alias.KeyPairGenerator.DH", "DiffieHellman"); + put("Alg.Alias.KeyPairGenerator.OID."+OID_PKCS3, + "DiffieHellman"); + put("Alg.Alias.KeyPairGenerator."+OID_PKCS3, + "DiffieHellman"); + /* + * Algorithm parameter generation engines + */ + put("AlgorithmParameterGenerator.DiffieHellman", + "com.sun.crypto.provider.DHParameterGenerator"); + put("Alg.Alias.AlgorithmParameterGenerator.DH", + "DiffieHellman"); + put("Alg.Alias.AlgorithmParameterGenerator.OID."+OID_PKCS3, + "DiffieHellman"); + put("Alg.Alias.AlgorithmParameterGenerator."+OID_PKCS3, + "DiffieHellman"); - /* - * Key Agreement engines - */ - put("KeyAgreement.DiffieHellman", - "com.sun.crypto.provider.DHKeyAgreement"); - put("Alg.Alias.KeyAgreement.DH", "DiffieHellman"); - put("Alg.Alias.KeyAgreement.OID."+OID_PKCS3, "DiffieHellman"); - put("Alg.Alias.KeyAgreement."+OID_PKCS3, "DiffieHellman"); + /* + * Key Agreement engines + */ + put("KeyAgreement.DiffieHellman", + "com.sun.crypto.provider.DHKeyAgreement"); + put("Alg.Alias.KeyAgreement.DH", "DiffieHellman"); + put("Alg.Alias.KeyAgreement.OID."+OID_PKCS3, "DiffieHellman"); + put("Alg.Alias.KeyAgreement."+OID_PKCS3, "DiffieHellman"); - put("KeyAgreement.DiffieHellman SupportedKeyClasses", - "javax.crypto.interfaces.DHPublicKey" + - "|javax.crypto.interfaces.DHPrivateKey"); - - /* - * Algorithm Parameter engines - */ - put("AlgorithmParameters.DiffieHellman", - "com.sun.crypto.provider.DHParameters"); - put("Alg.Alias.AlgorithmParameters.DH", "DiffieHellman"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS3, - "DiffieHellman"); - put("Alg.Alias.AlgorithmParameters."+OID_PKCS3, - "DiffieHellman"); + put("KeyAgreement.DiffieHellman SupportedKeyClasses", + "javax.crypto.interfaces.DHPublicKey" + + "|javax.crypto.interfaces.DHPrivateKey"); - put("AlgorithmParameters.DES", - "com.sun.crypto.provider.DESParameters"); + /* + * Algorithm Parameter engines + */ + put("AlgorithmParameters.DiffieHellman", + "com.sun.crypto.provider.DHParameters"); + put("Alg.Alias.AlgorithmParameters.DH", "DiffieHellman"); + put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS3, + "DiffieHellman"); + put("Alg.Alias.AlgorithmParameters."+OID_PKCS3, + "DiffieHellman"); - put("AlgorithmParameters.DESede", - "com.sun.crypto.provider.DESedeParameters"); - put("Alg.Alias.AlgorithmParameters.TripleDES", "DESede"); - - put("AlgorithmParameters.PBE", - "com.sun.crypto.provider.PBEParameters"); + put("AlgorithmParameters.DES", + "com.sun.crypto.provider.DESParameters"); - put("AlgorithmParameters.PBEWithMD5AndDES", - "com.sun.crypto.provider.PBEParameters"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_MD5_DES, - "PBEWithMD5AndDES"); - put("Alg.Alias.AlgorithmParameters."+OID_PKCS5_MD5_DES, - "PBEWithMD5AndDES"); + put("AlgorithmParameters.DESede", + "com.sun.crypto.provider.DESedeParameters"); + put("Alg.Alias.AlgorithmParameters.TripleDES", "DESede"); + + put("AlgorithmParameters.PBE", + "com.sun.crypto.provider.PBEParameters"); - put("AlgorithmParameters.PBEWithMD5AndTripleDES", - "com.sun.crypto.provider.PBEParameters"); + put("AlgorithmParameters.PBEWithMD5AndDES", + "com.sun.crypto.provider.PBEParameters"); + put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_MD5_DES, + "PBEWithMD5AndDES"); + put("Alg.Alias.AlgorithmParameters."+OID_PKCS5_MD5_DES, + "PBEWithMD5AndDES"); - put("AlgorithmParameters.PBEWithSHA1AndDESede", - "com.sun.crypto.provider.PBEParameters"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_DESede, - "PBEWithSHA1AndDESede"); - put("Alg.Alias.AlgorithmParameters."+OID_PKCS12_DESede, - "PBEWithSHA1AndDESede"); + put("AlgorithmParameters.PBEWithMD5AndTripleDES", + "com.sun.crypto.provider.PBEParameters"); - put("AlgorithmParameters.PBEWithSHA1AndRC2_40", - "com.sun.crypto.provider.PBEParameters"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_40, - "PBEWithSHA1AndRC2_40"); - put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40, - "PBEWithSHA1AndRC2_40"); + put("AlgorithmParameters.PBEWithSHA1AndDESede", + "com.sun.crypto.provider.PBEParameters"); + put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_DESede, + "PBEWithSHA1AndDESede"); + put("Alg.Alias.AlgorithmParameters."+OID_PKCS12_DESede, + "PBEWithSHA1AndDESede"); - put("AlgorithmParameters.Blowfish", - "com.sun.crypto.provider.BlowfishParameters"); + put("AlgorithmParameters.PBEWithSHA1AndRC2_40", + "com.sun.crypto.provider.PBEParameters"); + put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_40, + "PBEWithSHA1AndRC2_40"); + put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40, + "PBEWithSHA1AndRC2_40"); - put("AlgorithmParameters.AES", - "com.sun.crypto.provider.AESParameters"); - put("Alg.Alias.AlgorithmParameters.Rijndael", "AES"); + put("AlgorithmParameters.Blowfish", + "com.sun.crypto.provider.BlowfishParameters"); - - put("AlgorithmParameters.RC2", - "com.sun.crypto.provider.RC2Parameters"); + put("AlgorithmParameters.AES", + "com.sun.crypto.provider.AESParameters"); + put("Alg.Alias.AlgorithmParameters.Rijndael", "AES"); - put("AlgorithmParameters.OAEP", - "com.sun.crypto.provider.OAEPParameters"); + put("AlgorithmParameters.RC2", + "com.sun.crypto.provider.RC2Parameters"); + put("AlgorithmParameters.OAEP", + "com.sun.crypto.provider.OAEPParameters"); - /* - * Key factories - */ - put("KeyFactory.DiffieHellman", - "com.sun.crypto.provider.DHKeyFactory"); - put("Alg.Alias.KeyFactory.DH", "DiffieHellman"); - put("Alg.Alias.KeyFactory.OID."+OID_PKCS3, - "DiffieHellman"); - put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman"); - /* - * Secret-key factories - */ - put("SecretKeyFactory.DES", - "com.sun.crypto.provider.DESKeyFactory"); + /* + * Key factories + */ + put("KeyFactory.DiffieHellman", + "com.sun.crypto.provider.DHKeyFactory"); + put("Alg.Alias.KeyFactory.DH", "DiffieHellman"); + put("Alg.Alias.KeyFactory.OID."+OID_PKCS3, + "DiffieHellman"); + put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman"); + /* + * Secret-key factories + */ + put("SecretKeyFactory.DES", + "com.sun.crypto.provider.DESKeyFactory"); - put("SecretKeyFactory.DESede", - "com.sun.crypto.provider.DESedeKeyFactory"); - put("Alg.Alias.SecretKeyFactory.TripleDES", "DESede"); + put("SecretKeyFactory.DESede", + "com.sun.crypto.provider.DESedeKeyFactory"); + put("Alg.Alias.SecretKeyFactory.TripleDES", "DESede"); - put("SecretKeyFactory.PBEWithMD5AndDES", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES" - ); - put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS5_MD5_DES, - "PBEWithMD5AndDES"); - put("Alg.Alias.SecretKeyFactory."+OID_PKCS5_MD5_DES, - "PBEWithMD5AndDES"); + put("SecretKeyFactory.PBEWithMD5AndDES", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES" + ); + put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS5_MD5_DES, + "PBEWithMD5AndDES"); + put("Alg.Alias.SecretKeyFactory."+OID_PKCS5_MD5_DES, + "PBEWithMD5AndDES"); - put("Alg.Alias.SecretKeyFactory.PBE", - "PBEWithMD5AndDES"); + put("Alg.Alias.SecretKeyFactory.PBE", + "PBEWithMD5AndDES"); - /* - * Internal in-house crypto algorithm used for - * the JCEKS keystore type. Since this was developed - * internally, there isn't an OID corresponding to this - * algorithm. - */ - put("SecretKeyFactory.PBEWithMD5AndTripleDES", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithMD5AndTripleDES" - ); + /* + * Internal in-house crypto algorithm used for + * the JCEKS keystore type. Since this was developed + * internally, there isn't an OID corresponding to this + * algorithm. + */ + put("SecretKeyFactory.PBEWithMD5AndTripleDES", + "com.sun.crypto.provider.PBEKeyFactory$" + + "PBEWithMD5AndTripleDES" + ); - put("SecretKeyFactory.PBEWithSHA1AndDESede", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede" - ); - put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS12_DESede, - "PBEWithSHA1AndDESede"); - put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_DESede, - "PBEWithSHA1AndDESede"); + put("SecretKeyFactory.PBEWithSHA1AndDESede", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede" + ); + put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS12_DESede, + "PBEWithSHA1AndDESede"); + put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_DESede, + "PBEWithSHA1AndDESede"); - put("SecretKeyFactory.PBEWithSHA1AndRC2_40", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40" - ); - put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_40, - "PBEWithSHA1AndRC2_40"); - put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40, - "PBEWithSHA1AndRC2_40"); + put("SecretKeyFactory.PBEWithSHA1AndRC2_40", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40" + ); + put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_40, + "PBEWithSHA1AndRC2_40"); + put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40, + "PBEWithSHA1AndRC2_40"); - put("SecretKeyFactory.PBKDF2WithHmacSHA1", - "com.sun.crypto.provider.PBKDF2HmacSHA1Factory"); - put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2, - "PBKDF2WithHmacSHA1"); - put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2, - "PBKDF2WithHmacSHA1"); + put("SecretKeyFactory.PBKDF2WithHmacSHA1", + "com.sun.crypto.provider.PBKDF2HmacSHA1Factory"); + put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2, + "PBKDF2WithHmacSHA1"); + put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2, + "PBKDF2WithHmacSHA1"); - /* - * MAC - */ - put("Mac.HmacMD5", "com.sun.crypto.provider.HmacMD5"); - put("Mac.HmacSHA1", "com.sun.crypto.provider.HmacSHA1"); - put("Alg.Alias.Mac.OID.1.2.840.113549.2.7", "HmacSHA1"); - put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1"); - put("Mac.HmacSHA224", - "com.sun.crypto.provider.HmacCore$HmacSHA224"); - put("Alg.Alias.Mac.OID.1.2.840.113549.2.8", "HmacSHA224"); - put("Alg.Alias.Mac.1.2.840.113549.2.8", "HmacSHA224"); - put("Mac.HmacSHA256", - "com.sun.crypto.provider.HmacCore$HmacSHA256"); - put("Alg.Alias.Mac.OID.1.2.840.113549.2.9", "HmacSHA256"); - put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256"); - put("Mac.HmacSHA384", - "com.sun.crypto.provider.HmacCore$HmacSHA384"); - put("Alg.Alias.Mac.OID.1.2.840.113549.2.10", "HmacSHA384"); - put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384"); - put("Mac.HmacSHA512", - "com.sun.crypto.provider.HmacCore$HmacSHA512"); - put("Alg.Alias.Mac.OID.1.2.840.113549.2.11", "HmacSHA512"); - put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512"); + /* + * MAC + */ + put("Mac.HmacMD5", "com.sun.crypto.provider.HmacMD5"); + put("Mac.HmacSHA1", "com.sun.crypto.provider.HmacSHA1"); + put("Alg.Alias.Mac.OID.1.2.840.113549.2.7", "HmacSHA1"); + put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1"); + put("Mac.HmacSHA224", + "com.sun.crypto.provider.HmacCore$HmacSHA224"); + put("Alg.Alias.Mac.OID.1.2.840.113549.2.8", "HmacSHA224"); + put("Alg.Alias.Mac.1.2.840.113549.2.8", "HmacSHA224"); + put("Mac.HmacSHA256", + "com.sun.crypto.provider.HmacCore$HmacSHA256"); + put("Alg.Alias.Mac.OID.1.2.840.113549.2.9", "HmacSHA256"); + put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256"); + put("Mac.HmacSHA384", + "com.sun.crypto.provider.HmacCore$HmacSHA384"); + put("Alg.Alias.Mac.OID.1.2.840.113549.2.10", "HmacSHA384"); + put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384"); + put("Mac.HmacSHA512", + "com.sun.crypto.provider.HmacCore$HmacSHA512"); + put("Alg.Alias.Mac.OID.1.2.840.113549.2.11", "HmacSHA512"); + put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512"); - put("Mac.HmacPBESHA1", - "com.sun.crypto.provider.HmacPKCS12PBESHA1"); + put("Mac.HmacPBESHA1", + "com.sun.crypto.provider.HmacPKCS12PBESHA1"); - put("Mac.SslMacMD5", - "com.sun.crypto.provider.SslMacCore$SslMacMD5"); - put("Mac.SslMacSHA1", - "com.sun.crypto.provider.SslMacCore$SslMacSHA1"); + put("Mac.SslMacMD5", + "com.sun.crypto.provider.SslMacCore$SslMacMD5"); + put("Mac.SslMacSHA1", + "com.sun.crypto.provider.SslMacCore$SslMacSHA1"); - put("Mac.HmacMD5 SupportedKeyFormats", "RAW"); - put("Mac.HmacSHA1 SupportedKeyFormats", "RAW"); - put("Mac.HmacSHA224 SupportedKeyFormats", "RAW"); - put("Mac.HmacSHA256 SupportedKeyFormats", "RAW"); - put("Mac.HmacSHA384 SupportedKeyFormats", "RAW"); - put("Mac.HmacSHA512 SupportedKeyFormats", "RAW"); - put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW"); - put("Mac.SslMacMD5 SupportedKeyFormats", "RAW"); - put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW"); + put("Mac.HmacMD5 SupportedKeyFormats", "RAW"); + put("Mac.HmacSHA1 SupportedKeyFormats", "RAW"); + put("Mac.HmacSHA224 SupportedKeyFormats", "RAW"); + put("Mac.HmacSHA256 SupportedKeyFormats", "RAW"); + put("Mac.HmacSHA384 SupportedKeyFormats", "RAW"); + put("Mac.HmacSHA512 SupportedKeyFormats", "RAW"); + put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW"); + put("Mac.SslMacMD5 SupportedKeyFormats", "RAW"); + put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW"); - /* - * KeyStore - */ - put("KeyStore.JCEKS", "com.sun.crypto.provider.JceKeyStore"); + /* + * KeyStore + */ + put("KeyStore.JCEKS", "com.sun.crypto.provider.JceKeyStore"); - /* - * SSL/TLS mechanisms - * - * These are strictly internal implementations and may - * be changed at any time. These names were chosen - * because PKCS11/SunPKCS11 does not yet have TLS1.2 - * mechanisms, and it will cause calls to come here. - */ - put("KeyGenerator.SunTlsPrf", - "com.sun.crypto.provider.TlsPrfGenerator$V10"); - put("KeyGenerator.SunTls12Prf", - "com.sun.crypto.provider.TlsPrfGenerator$V12"); + /* + * SSL/TLS mechanisms + * + * These are strictly internal implementations and may + * be changed at any time. These names were chosen + * because PKCS11/SunPKCS11 does not yet have TLS1.2 + * mechanisms, and it will cause calls to come here. + */ + put("KeyGenerator.SunTlsPrf", + "com.sun.crypto.provider.TlsPrfGenerator$V10"); + put("KeyGenerator.SunTls12Prf", + "com.sun.crypto.provider.TlsPrfGenerator$V12"); - put("KeyGenerator.SunTlsMasterSecret", - "com.sun.crypto.provider.TlsMasterSecretGenerator"); - put("Alg.Alias.KeyGenerator.SunTls12MasterSecret", - "SunTlsMasterSecret"); + put("KeyGenerator.SunTlsMasterSecret", + "com.sun.crypto.provider.TlsMasterSecretGenerator"); + put("Alg.Alias.KeyGenerator.SunTls12MasterSecret", + "SunTlsMasterSecret"); - put("KeyGenerator.SunTlsKeyMaterial", - "com.sun.crypto.provider.TlsKeyMaterialGenerator"); - put("Alg.Alias.KeyGenerator.SunTls12KeyMaterial", - "SunTlsKeyMaterial"); + put("KeyGenerator.SunTlsKeyMaterial", + "com.sun.crypto.provider.TlsKeyMaterialGenerator"); + put("Alg.Alias.KeyGenerator.SunTls12KeyMaterial", + "SunTlsKeyMaterial"); - put("KeyGenerator.SunTlsRsaPremasterSecret", - "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator"); - put("Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret", - "SunTlsRsaPremasterSecret"); + put("KeyGenerator.SunTlsRsaPremasterSecret", + "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator"); + put("Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret", + "SunTlsRsaPremasterSecret"); - return null; - } - }); + return null; + } + }); } }
--- a/src/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,7 +31,6 @@ import javax.crypto.*; import javax.crypto.spec.*; -import sun.security.internal.interfaces.TlsMasterSecret; import sun.security.internal.spec.*; import static com.sun.crypto.provider.TlsPrfGenerator.*;
--- a/src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -140,6 +140,7 @@ } private static final class TlsMasterSecretKey implements TlsMasterSecret { + private static final long serialVersionUID = 1019571680375368880L; private byte[] key; private final int majorVersion, minorVersion;
--- a/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java Sat Sep 10 22:36:17 2016 +0100 @@ -74,11 +74,14 @@ "TlsRsaPremasterSecretGenerator must be initialized"); } - if (random == null) { - random = new SecureRandom(); + byte[] b = spec.getEncodedSecret(); + if (b == null) { + if (random == null) { + random = new SecureRandom(); + } + b = new byte[48]; + random.nextBytes(b); } - byte[] b = new byte[48]; - random.nextBytes(b); b[0] = (byte)spec.getMajorVersion(); b[1] = (byte)spec.getMinorVersion();
--- a/src/share/classes/com/sun/jarsigner/ContentSignerParameters.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/jarsigner/ContentSignerParameters.java Sat Sep 10 22:36:17 2016 +0100 @@ -60,6 +60,13 @@ public X509Certificate getTimestampingAuthorityCertificate(); /** + * Retrieves the TSAPolicyID for a Timestamping Authority (TSA). + * + * @return The TSAPolicyID. May be null. + */ + public String getTSAPolicyID(); + + /** * Retrieves the JAR file's signature. * * @return The non-null array of signature bytes.
--- a/src/share/classes/com/sun/java/swing/plaf/gtk/resources/gtk_ko.properties Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/swing/plaf/gtk/resources/gtk_ko.properties Sat Sep 10 22:36:17 2016 +0100 @@ -39,7 +39,7 @@ FileChooser.openButton.textAndMnemonic=\uD655\uC778(&O) FileChooser.saveDialogTitle.textAndMnemonic=\uC800\uC7A5 FileChooser.openDialogTitle.textAndMnemonic=\uC5F4\uAE30 -FileChooser.pathLabel.textAndMnemonic=\uC120\uD0DD \uC0AC\uD56D(&S): +FileChooser.pathLabel.textAndMnemonic=\uC120\uD0DD\uC0AC\uD56D(&S): FileChooser.filterLabel.textAndMnemonic=\uD544\uD130: FileChooser.foldersLabel.textAndMnemonic=\uD3F4\uB354(&D) FileChooser.filesLabel.textAndMnemonic=\uD30C\uC77C(&F)
--- a/src/share/classes/com/sun/java/swing/plaf/windows/resources/windows_ko.properties Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/swing/plaf/windows/resources/windows_ko.properties Sat Sep 10 22:36:17 2016 +0100 @@ -33,11 +33,11 @@ FileChooser.listViewButtonToolTip.textAndMnemonic=\uBAA9\uB85D FileChooser.listViewButtonAccessibleName=\uBAA9\uB85D FileChooser.listViewActionLabel.textAndMnemonic=\uBAA9\uB85D -FileChooser.detailsViewButtonToolTip.textAndMnemonic=\uC138\uBD80 \uC815\uBCF4 -FileChooser.detailsViewButtonAccessibleName=\uC138\uBD80 \uC815\uBCF4 +FileChooser.detailsViewButtonToolTip.textAndMnemonic=\uC138\uBD80\uC815\uBCF4 +FileChooser.detailsViewButtonAccessibleName=\uC138\uBD80\uC815\uBCF4 FileChooser.viewMenuButtonToolTipText = \uBCF4\uAE30 \uBA54\uB274 FileChooser.viewMenuButtonAccessibleName = \uBCF4\uAE30 \uBA54\uB274 -FileChooser.detailsViewActionLabel.textAndMnemonic=\uC138\uBD80 \uC815\uBCF4 +FileChooser.detailsViewActionLabel.textAndMnemonic=\uC138\uBD80\uC815\uBCF4 FileChooser.refreshActionLabel.textAndMnemonic=\uC0C8\uB85C \uACE0\uCE68 FileChooser.viewMenuLabel.textAndMnemonic=\uBCF4\uAE30 FileChooser.fileNameHeader.textAndMnemonic=\uC774\uB984
--- a/src/share/classes/com/sun/java/util/jar/pack/Attribute.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/Attribute.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -45,7 +45,7 @@ * attribute layouts. * @author John Rose */ -class Attribute implements Comparable { +class Attribute implements Comparable<Attribute> { // Attribute instance fields. Layout def; // the name and format of this attr @@ -99,8 +99,7 @@ return this == def.canon; } - public int compareTo(Object o) { - Attribute that = (Attribute) o; + public int compareTo(Attribute that) { return this.def.compareTo(that.def); } @@ -447,7 +446,7 @@ * and format. The formats are specified in a "little language". */ public static - class Layout implements Comparable { + class Layout implements Comparable<Layout> { int ctype; // attribute context type, e.g., ATTR_CONTEXT_CODE String name; // name of attribute boolean hasRefs; // this kind of attr contains CP refs? @@ -540,8 +539,7 @@ * 37 + layout.hashCode()) * 37 + ctype); } - public int compareTo(Object o) { - Layout that = (Layout) o; + public int compareTo(Layout that) { int r; r = this.name.compareTo(that.name); if (r != 0) return r; @@ -663,6 +661,8 @@ public static class FormatException extends IOException { + private static final long serialVersionUID = -2542243830788066513L; + private int ctype; private String name; String layout;
--- a/src/share/classes/com/sun/java/util/jar/pack/BandStructure.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/BandStructure.java Sat Sep 10 22:36:17 2016 +0100 @@ -1705,7 +1705,7 @@ for (int i = 0; i < ATTR_CONTEXT_LIMIT; i++) { assert(attrIndexLimit[i] == 0); attrIndexLimit[i] = 32; // just for the sake of predefs. - attrDefs.set(i, new ArrayList<Attribute.Layout>(Collections.nCopies( + attrDefs.set(i, new ArrayList<>(Collections.nCopies( attrIndexLimit[i], (Attribute.Layout)null))); } @@ -1893,7 +1893,7 @@ return testBit(archiveOptions, mask); } - protected List getPredefinedAttrs(int ctype) { + protected List<Attribute.Layout> getPredefinedAttrs(int ctype) { assert(attrIndexLimit[ctype] != 0); List<Attribute.Layout> res = new ArrayList<>(attrIndexLimit[ctype]); // Remove nulls and non-predefs. @@ -2650,7 +2650,7 @@ // Utilities for reallocating: protected static Object[] realloc(Object[] a, int len) { - java.lang.Class elt = a.getClass().getComponentType(); + java.lang.Class<?> elt = a.getClass().getComponentType(); Object[] na = (Object[]) java.lang.reflect.Array.newInstance(elt, len); System.arraycopy(a, 0, na, 0, Math.min(a.length, len)); return na;
--- a/src/share/classes/com/sun/java/util/jar/pack/ClassReader.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/ClassReader.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -52,7 +52,7 @@ long inPos; DataInputStream in; Map<Attribute.Layout, Attribute> attrDefs; - Map attrCommands; + Map<Attribute.Layout, String> attrCommands; String unknownAttrCommand = "error";; ClassReader(Class cls, InputStream in) throws IOException { @@ -82,7 +82,7 @@ this.attrDefs = attrDefs; } - public void setAttrCommands(Map attrCommands) { + public void setAttrCommands(Map<Attribute.Layout, String> attrCommands) { this.attrCommands = attrCommands; } @@ -348,8 +348,8 @@ int length = readInt(); // See if there is a special command that applies. if (attrCommands != null) { - Object lkey = Attribute.keyForLookup(ctype, name); - String cmd = (String) attrCommands.get(lkey); + Attribute.Layout lkey = Attribute.keyForLookup(ctype, name); + String cmd = attrCommands.get(lkey); if (cmd != null) { switch (cmd) { case "pass": @@ -483,6 +483,8 @@ } static class ClassFormatException extends IOException { + private static final long serialVersionUID = -3564121733989501833L; + public ClassFormatException(String message) { super(message); }
--- a/src/share/classes/com/sun/java/util/jar/pack/ClassWriter.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/ClassWriter.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -36,7 +36,6 @@ import java.io.DataOutputStream; import java.io.IOException; import java.io.OutputStream; -import java.util.Iterator; import java.util.List; import static com.sun.java.util.jar.pack.Constants.*; /** @@ -165,14 +164,13 @@ } void writeMembers(boolean doMethods) throws IOException { - List mems; + List<? extends Class.Member> mems; if (!doMethods) mems = cls.getFields(); else mems = cls.getMethods(); writeShort(mems.size()); - for (Iterator i = mems.iterator(); i.hasNext(); ) { - Class.Member m = (Class.Member) i.next(); + for (Class.Member m : mems) { writeMember(m, doMethods); } }
--- a/src/share/classes/com/sun/java/util/jar/pack/Code.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/Code.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -125,7 +125,7 @@ return expandInstructionMap(getInsnMap()); } - void addFixups(Collection moreFixups) { + void addFixups(Collection<Fixups.Fixup> moreFixups) { if (fixups == null) { fixups = new Fixups(bytes); }
--- a/src/share/classes/com/sun/java/util/jar/pack/Coding.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/Coding.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,7 +37,7 @@ * varying degrees of length variability, and varying amounts of signed-ness. * @author John Rose */ -class Coding implements Comparable, CodingMethod, Histogram.BitMetric { +class Coding implements Comparable<Coding>, CodingMethod, Histogram.BitMetric { /* Coding schema for single integers, parameterized by (B,H,S): @@ -605,8 +605,7 @@ public int byteMin(int b) { return byteMin[b-1]; } public int byteMax(int b) { return byteMax[b-1]; } - public int compareTo(Object x) { - Coding that = (Coding) x; + public int compareTo(Coding that) { int dkey = this.del - that.del; if (dkey == 0) dkey = this.B - that.B;
--- a/src/share/classes/com/sun/java/util/jar/pack/ConstantPool.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/ConstantPool.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -72,7 +72,7 @@ return e; } /** Factory for literal constants (String, Integer, etc.). */ - public static synchronized LiteralEntry getLiteralEntry(Comparable value) { + public static synchronized LiteralEntry getLiteralEntry(Comparable<?> value) { Map<Object, LiteralEntry> literalEntries = Utils.getLiteralEntries(); LiteralEntry e = literalEntries.get(value); if (e == null) { @@ -140,7 +140,7 @@ /** Entries in the constant pool. */ public static abstract - class Entry implements Comparable { + class Entry implements Comparable<Object> { protected final byte tag; // a CONSTANT_foo code protected int valueHash; // cached hashCode @@ -257,7 +257,7 @@ super(tag); } - public abstract Comparable literalValue(); + public abstract Comparable<?> literalValue(); } public static @@ -280,15 +280,17 @@ public int compareTo(Object o) { int x = superCompareTo(o); if (x == 0) { - x = ((Comparable)value).compareTo(((NumberEntry)o).value); + @SuppressWarnings("unchecked") + Comparable<Number> compValue = (Comparable<Number>)value; + x = compValue.compareTo(((NumberEntry)o).value); } return x; } public Number numberValue() { return value; } - public Comparable literalValue() { - return (Comparable) value; + public Comparable<?> literalValue() { + return (Comparable<?>) value; } public String stringValue() { return value.toString(); @@ -319,7 +321,7 @@ } return x; } - public Comparable literalValue() { + public Comparable<?> literalValue() { return ref.stringValue(); } public String stringValue() { @@ -730,7 +732,7 @@ /** An Index is a mapping between CP entries and small integers. */ public static final - class Index extends AbstractList { + class Index extends AbstractList<Entry> { protected String debugName; protected Entry[] cpMap; protected boolean flattenSigs; @@ -760,7 +762,7 @@ public int size() { return cpMap.length; } - public Object get(int i) { + public Entry get(int i) { return cpMap[i]; } public Entry getEntry(int i) { @@ -805,13 +807,7 @@ assert(index >= 0); return index; } - public boolean contains(Object e) { - return findIndexOf((Entry)e) >= 0; - } - public int indexOf(Object e) { - return findIndexOf((Entry)e); - } - public int lastIndexOf(Object e) { + public int lastIndexOf(Entry e) { return indexOf(e); } @@ -864,14 +860,14 @@ indexValue[probe] = i; } } - public Object[] toArray(Object[] a) { + public Entry[] toArray(Entry[] a) { int sz = size(); if (a.length < sz) return super.toArray(a); System.arraycopy(cpMap, 0, a, 0, sz); if (a.length > sz) a[sz] = null; return a; } - public Object[] toArray() { + public Entry[] toArray() { return toArray(new Entry[size()]); } public Object clone() {
--- a/src/share/classes/com/sun/java/util/jar/pack/Constants.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/Constants.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -153,11 +153,11 @@ public static final int NO_MODTIME = 0; // null modtime value // some comstantly empty containers - public final static int[] noInts = {}; - public final static byte[] noBytes = {}; - public final static Object[] noValues = {}; - public final static String[] noStrings = {}; - public final static List emptyList = Arrays.asList(noValues); + public final static int[] noInts = {}; + public final static byte[] noBytes = {}; + public final static Object[] noValues = {}; + public final static String[] noStrings = {}; + public final static List<Object> emptyList = Arrays.asList(noValues); // meta-coding public final static int
--- a/src/share/classes/com/sun/java/util/jar/pack/Fixups.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/Fixups.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -42,7 +42,7 @@ * * @author John Rose */ -final class Fixups extends AbstractCollection { +final class Fixups extends AbstractCollection<Fixups.Fixup> { byte[] bytes; // the subject of the relocations int head; // desc locating first reloc int tail; // desc locating last reloc @@ -66,11 +66,11 @@ // If there are no bytes, all descs are kept in bigDescs. this((byte[])null); } - Fixups(byte[] bytes, Collection fixups) { + Fixups(byte[] bytes, Collection<Fixup> fixups) { this(bytes); addAll(fixups); } - Fixups(Collection fixups) { + Fixups(Collection<Fixup> fixups) { this((byte[])null); addAll(fixups); } @@ -108,8 +108,7 @@ public void clear() { if (bytes != null) { // Clean the bytes: - for (Iterator i = iterator(); i.hasNext(); ) { - Fixup fx = (Fixup) i.next(); + for (Fixup fx : this) { //System.out.println("clean "+fx); storeIndex(fx.location(), fx.format(), 0); } @@ -124,15 +123,14 @@ return bytes; } - @SuppressWarnings("unchecked") public void setBytes(byte[] newBytes) { if (bytes == newBytes) return; - ArrayList old = null; - assert((old = new ArrayList(this)) != null); + ArrayList<Fixup> old = null; + assert((old = new ArrayList<>(this)) != null); if (bytes == null || newBytes == null) { // One or the other representations is deficient. // Construct a checkpoint. - ArrayList save = new ArrayList(this); + ArrayList<Fixup> save = new ArrayList<>(this); clear(); bytes = newBytes; addAll(save); @@ -140,7 +138,7 @@ // assume newBytes is some sort of bitwise copy of the old bytes bytes = newBytes; } - assert(old.equals(new ArrayList(this))); + assert(old.equals(new ArrayList<>(this))); } static final int LOC_SHIFT = 1; @@ -236,7 +234,7 @@ /** Simple and necessary tuple to present each fixup. */ public static - class Fixup implements Comparable { + class Fixup implements Comparable<Fixup> { int desc; // location and format of reloc Entry entry; // which entry to plug into the bytes Fixup(int desc, Entry entry) { @@ -254,9 +252,6 @@ // Ordering depends only on location. return this.location() - that.location(); } - public int compareTo(Object that) { - return compareTo((Fixup)that); - } public boolean equals(Object x) { if (!(x instanceof Fixup)) return false; Fixup that = (Fixup) x; @@ -268,13 +263,13 @@ } private - class Itr implements Iterator { + class Itr implements Iterator<Fixup> { int index = 0; // index into entries int bigIndex = BIGSIZE+1; // index into bigDescs int next = head; // desc pointing to next fixup public boolean hasNext() { return index < size; } public void remove() { throw new UnsupportedOperationException(); } - public Object next() { + public Fixup next() { int thisIndex = index; return new Fixup(nextDesc(), entries[thisIndex]); } @@ -298,7 +293,7 @@ } } - public Iterator iterator() { + public Iterator<Fixup> iterator() { return new Itr(); } public void add(int location, int format, Entry entry) { @@ -308,11 +303,8 @@ addDesc(f.desc, f.entry); return true; } - public boolean add(Object fixup) { - return add((Fixup) fixup); - } - @SuppressWarnings("unchecked") - public boolean addAll(Collection c) { + + public boolean addAll(Collection<? extends Fixup> c) { if (c instanceof Fixups) { // Use knowledge of Itr structure to avoid building little structs. Fixups that = (Fixups) c; @@ -453,8 +445,7 @@ void finishRefs(ConstantPool.Index ix) { if (isEmpty()) return; - for (Iterator i = iterator(); i.hasNext(); ) { - Fixup fx = (Fixup) i.next(); + for (Fixup fx : this) { int index = ix.indexOf(fx.entry); //System.out.println("finish "+fx+" = "+index); // Note that the iterator has already fetched the
--- a/src/share/classes/com/sun/java/util/jar/pack/Instruction.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/Instruction.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -657,6 +657,8 @@ } } static class FormatException extends IOException { + private static final long serialVersionUID = 3175572275651367015L; + FormatException(String message) { super(message); }
--- a/src/share/classes/com/sun/java/util/jar/pack/NativeUnpack.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/NativeUnpack.java Sat Sep 10 22:36:17 2016 +0100 @@ -296,7 +296,7 @@ } ZipEntry z = new ZipEntry(name); - z.setTime( (long)mtime * 1000); + z.setTime(mtime * 1000); if (size == 0) { z.setMethod(ZipOutputStream.STORED);
--- a/src/share/classes/com/sun/java/util/jar/pack/Package.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/Package.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -188,7 +188,7 @@ } public final - class Class extends Attribute.Holder implements Comparable { + class Class extends Attribute.Holder implements Comparable<Class> { public Package getPackage() { return Package.this; } // Optional file characteristics and data source (a "class stub") @@ -247,8 +247,7 @@ } // Note: equals and hashCode are identity-based. - public int compareTo(Object o) { - Class that = (Class)o; + public int compareTo(Class that) { String n0 = this.getName(); String n1 = that.getName(); return n0.compareTo(n1); @@ -488,7 +487,7 @@ } public abstract - class Member extends Attribute.Holder implements Comparable { + class Member extends Attribute.Holder implements Comparable<Member> { DescriptorEntry descriptor; protected Member(int flags, DescriptorEntry descriptor) { @@ -549,7 +548,7 @@ return descriptor.getLiteralTag(); } - public int compareTo(Object o) { + public int compareTo(Member o) { Field that = (Field)o; return this.order - that.order; } @@ -582,7 +581,7 @@ } // Sort methods in a canonical order (by type, then by name). - public int compareTo(Object o) { + public int compareTo(Member o) { Method that = (Method)o; return this.getDescriptor().compareTo(that.getDescriptor()); } @@ -608,11 +607,10 @@ public void trimToSize() { super.trimToSize(); for (int isM = 0; isM <= 1; isM++) { - ArrayList members = (isM == 0) ? fields : methods; + ArrayList<? extends Member> members = (isM == 0) ? fields : methods; if (members == null) continue; members.trimToSize(); - for (Iterator i = members.iterator(); i.hasNext(); ) { - Member m = (Member)i.next(); + for (Member m : members) { m.trimToSize(); } } @@ -625,10 +623,9 @@ if ("InnerClass".equals(attrName)) innerClasses = null; for (int isM = 0; isM <= 1; isM++) { - ArrayList members = (isM == 0) ? fields : methods; + ArrayList<? extends Member> members = (isM == 0) ? fields : methods; if (members == null) continue; - for (Iterator i = members.iterator(); i.hasNext(); ) { - Member m = (Member)i.next(); + for (Member m : members) { m.strip(attrName); } } @@ -641,10 +638,9 @@ refs.add(superClass); refs.addAll(Arrays.asList(interfaces)); for (int isM = 0; isM <= 1; isM++) { - ArrayList members = (isM == 0) ? fields : methods; + ArrayList<? extends Member> members = (isM == 0) ? fields : methods; if (members == null) continue; - for (Iterator i = members.iterator(); i.hasNext(); ) { - Member m = (Member)i.next(); + for (Member m : members) { boolean ok = false; try { m.visitRefs(mode, refs); @@ -747,13 +743,13 @@ return classStubs; } - public final class File implements Comparable { + public final class File implements Comparable<File> { String nameString; // true name of this file Utf8Entry name; int modtime = NO_MODTIME; int options = 0; // random flag bits, such as deflate_hint Class stubClass; // if this is a stub, here's the class - ArrayList prepend = new ArrayList(); // list of byte[] + ArrayList<byte[]> prepend = new ArrayList<>(); // list of byte[] java.io.ByteArrayOutputStream append = new ByteArrayOutputStream(); File(Utf8Entry name) { @@ -798,8 +794,7 @@ return nameString.hashCode(); } // Simple alphabetic sort. PackageWriter uses a better comparator. - public int compareTo(Object o) { - File that = (File)o; + public int compareTo(File that) { return this.nameString.compareTo(that.nameString); } public String toString() { @@ -834,8 +829,7 @@ public long getFileLength() { long len = 0; if (prepend == null || append == null) return 0; - for (Iterator i = prepend.iterator(); i.hasNext(); ) { - byte[] block = (byte[]) i.next(); + for (byte[] block : prepend) { len += block.length; } len += append.size(); @@ -843,8 +837,7 @@ } public void writeTo(OutputStream out) throws IOException { if (prepend == null || append == null) return; - for (Iterator i = prepend.iterator(); i.hasNext(); ) { - byte[] block = (byte[]) i.next(); + for (byte[] block : prepend) { out.write(block); } append.writeTo(out); @@ -860,8 +853,7 @@ InputStream in = new ByteArrayInputStream(append.toByteArray()); if (prepend.isEmpty()) return in; List<InputStream> isa = new ArrayList<>(prepend.size()+1); - for (Iterator i = prepend.iterator(); i.hasNext(); ) { - byte[] bytes = (byte[]) i.next(); + for (byte[] bytes : prepend) { isa.add(new ByteArrayInputStream(bytes)); } isa.add(in); @@ -926,7 +918,7 @@ } static - class InnerClass implements Comparable { + class InnerClass implements Comparable<InnerClass> { final ClassEntry thisClass; final ClassEntry outerClass; final Utf8Entry name; @@ -977,8 +969,7 @@ public int hashCode() { return thisClass.hashCode(); } - public int compareTo(Object o) { - InnerClass that = (InnerClass)o; + public int compareTo(InnerClass that) { return this.thisClass.compareTo(that.thisClass); } @@ -1108,7 +1099,7 @@ return ConstantPool.getUtf8Entry(s); } - static LiteralEntry getRefLiteral(Comparable s) { + static LiteralEntry getRefLiteral(Comparable<?> s) { return ConstantPool.getLiteralEntry(s); } @@ -1199,7 +1190,6 @@ // compress better. It also moves classes to the end of the // file order. It also removes JAR directory entries, which // are useless. - @SuppressWarnings("unchecked") void reorderFiles(boolean keepClassOrder, boolean stripDirectories) { // First reorder the classes, if that is allowed. if (!keepClassOrder) { @@ -1226,10 +1216,8 @@ // This keeps files of similar format near each other. // Put class files at the end, keeping their fixed order. // Be sure the JAR file's required manifest stays at the front. (4893051) - Collections.sort(files, new Comparator() { - public int compare(Object o0, Object o1) { - File r0 = (File) o0; - File r1 = (File) o1; + Collections.sort(files, new Comparator<File>() { + public int compare(File r0, File r1) { // Get the file name. String f0 = r0.nameString; String f1 = r1.nameString;
--- a/src/share/classes/com/sun/java/util/jar/pack/PackageReader.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/PackageReader.java Sat Sep 10 22:36:17 2016 +0100 @@ -750,7 +750,7 @@ file_options.readFrom(in); file_bits.setInputStreamFrom(in); - Iterator nextClass = pkg.getClasses().iterator(); + Iterator<Class> nextClass = pkg.getClasses().iterator(); // Compute file lengths before reading any file bits. long totalFileLength = 0; @@ -790,14 +790,14 @@ pkg.addFile(file); if (file.isClassStub()) { assert(file.getFileLength() == 0); - Class cls = (Class) nextClass.next(); + Class cls = nextClass.next(); cls.initFile(file); } } // Do the rest of the classes. while (nextClass.hasNext()) { - Class cls = (Class) nextClass.next(); + Class cls = nextClass.next(); cls.initFile(null); // implicitly initialize to a trivial one cls.file.modtime = pkg.default_modtime; } @@ -1006,14 +1006,14 @@ if (k >= 0) return k; if (e.tag == CONSTANT_Utf8) { - Entry se = (Entry) utf8Signatures.get(e); + Entry se = utf8Signatures.get(e); return pkg.cp.untypedIndexOf(se); } return -1; } Comparator<Entry> entryOutputOrder = new Comparator<Entry>() { - public int compare(Entry e0, Entry e1) { + public int compare(Entry e0, Entry e1) { int k0 = getOutputIndex(e0); int k1 = getOutputIndex(e1); if (k0 >= 0 && k1 >= 0) @@ -1332,7 +1332,8 @@ // classes, fields, methods, and codes. // The holders is a global list, already collected, // of attribute "customers". - void countAndReadAttrs(int ctype, Collection holders) throws IOException { + void countAndReadAttrs(int ctype, Collection<? extends Attribute.Holder> holders) + throws IOException { // class_attr_bands: // *class_flags :UNSIGNED5 // *class_attr_count :UNSIGNED5 @@ -1386,7 +1387,8 @@ // Read flags and count the attributes that are to be placed // on the given holders. - void countAttrs(int ctype, Collection holders) throws IOException { + void countAttrs(int ctype, Collection<? extends Attribute.Holder> holders) + throws IOException { // Here, xxx stands for one of class, field, method, code. MultiBand xxx_attr_bands = attrBands[ctype]; long flagMask = attrFlagMask[ctype]; @@ -1414,8 +1416,7 @@ xxx_flags_lo.expectLength(holders.size()); xxx_flags_lo.readFrom(in); assert((flagMask & overflowMask) == overflowMask); - for (Iterator i = holders.iterator(); i.hasNext(); ) { - Attribute.Holder h = (Attribute.Holder) i.next(); + for (Attribute.Holder h : holders) { int flags = xxx_flags_lo.getInt(); h.flags = flags; if ((flags & overflowMask) != 0) @@ -1433,8 +1434,7 @@ // (class/field/method/code), and also we accumulate (b) a total // count for each attribute type. int[] totalCounts = new int[defs.length]; - for (Iterator i = holders.iterator(); i.hasNext(); ) { - Attribute.Holder h = (Attribute.Holder) i.next(); + for (Attribute.Holder h : holders) { assert(h.attributes == null); // System.out.println("flags="+h.flags+" using fm="+flagMask); long attrBits = ((h.flags & flagMask) << 32) >>> 32; @@ -1582,13 +1582,12 @@ ATTR_CONTEXT_NAME[ctype]+" attribute"); } - @SuppressWarnings("unchecked") - void readAttrs(int ctype, Collection holders) throws IOException { + void readAttrs(int ctype, Collection<? extends Attribute.Holder> holders) + throws IOException { // Decode band values into attributes. Set<Attribute.Layout> sawDefs = new HashSet<>(); ByteArrayOutputStream buf = new ByteArrayOutputStream(); - for (Iterator i = holders.iterator(); i.hasNext(); ) { - final Attribute.Holder h = (Attribute.Holder) i.next(); + for (final Attribute.Holder h : holders) { if (h.attributes == null) continue; for (ListIterator<Attribute> j = h.attributes.listIterator(); j.hasNext(); ) { Attribute a = j.next();
--- a/src/share/classes/com/sun/java/util/jar/pack/PackageWriter.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/PackageWriter.java Sat Sep 10 22:36:17 2016 +0100 @@ -720,7 +720,6 @@ Utils.log.info("Wrote "+numFiles+" resource files"); } - @SuppressWarnings("unchecked") void collectAttributeLayouts() { maxFlags = new int[ATTR_CONTEXT_LIMIT]; allLayouts = new FixedList<>(ATTR_CONTEXT_LIMIT); @@ -781,26 +780,27 @@ avHiBits &= (1L<<attrIndexLimit[i])-1; int nextLoBit = 0; Map<Attribute.Layout, int[]> defMap = allLayouts.get(i); - Map.Entry[] layoutsAndCounts = new Map.Entry[defMap.size()]; + @SuppressWarnings({ "unchecked", "rawtypes" }) + Map.Entry<Attribute.Layout, int[]>[] layoutsAndCounts = + new Map.Entry[defMap.size()]; defMap.entrySet().toArray(layoutsAndCounts); // Sort by count, most frequent first. // Predefs. participate in this sort, though it does not matter. - Arrays.sort(layoutsAndCounts, new Comparator<Object>() { - public int compare(Object o0, Object o1) { - Map.Entry e0 = (Map.Entry) o0; - Map.Entry e1 = (Map.Entry) o1; + Arrays.sort(layoutsAndCounts, + new Comparator<Map.Entry<Attribute.Layout, int[]>>() { + public int compare(Map.Entry<Attribute.Layout, int[]> e0, + Map.Entry<Attribute.Layout, int[]> e1) { // Primary sort key is count, reversed. - int r = - ( ((int[])e0.getValue())[0] - - ((int[])e1.getValue())[0] ); + int r = -(e0.getValue()[0] - e1.getValue()[0]); if (r != 0) return r; - return ((Comparable)e0.getKey()).compareTo(e1.getKey()); + return e0.getKey().compareTo(e1.getKey()); } }); attrCounts[i] = new int[attrIndexLimit[i]+layoutsAndCounts.length]; for (int j = 0; j < layoutsAndCounts.length; j++) { - Map.Entry e = layoutsAndCounts[j]; - Attribute.Layout def = (Attribute.Layout) e.getKey(); - int count = ((int[])e.getValue())[0]; + Map.Entry<Attribute.Layout, int[]> e = layoutsAndCounts[j]; + Attribute.Layout def = e.getKey(); + int count = e.getValue()[0]; int index; Integer predefIndex = attrIndexTable.get(def); if (predefIndex != null) { @@ -881,7 +881,6 @@ Attribute.Layout[] attrDefsWritten; - @SuppressWarnings("unchecked") void writeAttrDefs() throws IOException { List<Object[]> defList = new ArrayList<>(); for (int i = 0; i < ATTR_CONTEXT_LIMIT; i++) { @@ -906,20 +905,19 @@ int numAttrDefs = defList.size(); Object[][] defs = new Object[numAttrDefs][]; defList.toArray(defs); - Arrays.sort(defs, new Comparator() { - public int compare(Object o0, Object o1) { - Object[] a0 = (Object[]) o0; - Object[] a1 = (Object[]) o1; + Arrays.sort(defs, new Comparator<Object[]>() { + public int compare(Object[] a0, Object[] a1) { // Primary sort key is attr def header. + @SuppressWarnings("unchecked") int r = ((Comparable)a0[0]).compareTo(a1[0]); if (r != 0) return r; - Object ind0 = attrIndexTable.get(a0[1]); - Object ind1 = attrIndexTable.get(a1[1]); + Integer ind0 = attrIndexTable.get(a0[1]); + Integer ind1 = attrIndexTable.get(a1[1]); // Secondary sort key is attribute index. // (This must be so, in order to keep overflow attr order.) assert(ind0 != null); assert(ind1 != null); - return ((Comparable)ind0).compareTo(ind1); + return ind0.compareTo(ind1); } }); attrDefsWritten = new Attribute.Layout[numAttrDefs];
--- a/src/share/classes/com/sun/java/util/jar/pack/PackerImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/PackerImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -69,8 +69,7 @@ * Get the set of options for the pack and unpack engines. * @return A sorted association of option key strings to option values. */ - @SuppressWarnings("unchecked") - public SortedMap properties() { + public SortedMap<String, String> properties() { return props; } @@ -157,7 +156,6 @@ // All the worker bees..... // The packer worker. - @SuppressWarnings("unchecked") private class DoPack { final int verbose = props.getInteger(Utils.DEBUG_VERBOSE); @@ -199,9 +197,8 @@ }; for (int i = 0; i < ctypes.length; i++) { String pfx = keys[i]; - Map<Object, Object> map = props.prefixMap(pfx); - for (Object k : map.keySet()) { - String key = (String)k; + Map<String, String> map = props.prefixMap(pfx); + for (String key : map.keySet()) { assert(key.startsWith(pfx)); String name = key.substring(pfx.length()); String layout = props.getProperty(key);
--- a/src/share/classes/com/sun/java/util/jar/pack/PropMap.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/PropMap.java Sat Sep 10 22:36:17 2016 +0100 @@ -27,7 +27,6 @@ import java.beans.PropertyChangeListener; import java.beans.PropertyChangeEvent; -import java.io.BufferedInputStream; import java.io.IOException; import java.io.InputStream; import java.io.PrintStream; @@ -47,8 +46,8 @@ * Control block for publishing Pack200 options to the other classes. */ -final class PropMap implements SortedMap<Object, Object> { - private final TreeMap<Object, Object> theMap = new TreeMap<>();; +final class PropMap implements SortedMap<String, String> { + private final TreeMap<String, String> theMap = new TreeMap<>();; private final List<PropertyChangeListener> listenerList = new ArrayList<>(1); void addListener(PropertyChangeListener listener) { @@ -68,12 +67,12 @@ } // Override: - public Object put(Object key, Object value) { - Object oldValue = theMap.put(key, value); + public String put(String key, String value) { + String oldValue = theMap.put(key, value); if (value != oldValue && !listenerList.isEmpty()) { // Post the property change event. PropertyChangeEvent event = - new PropertyChangeEvent(this, (String) key, + new PropertyChangeEvent(this, key, oldValue, value); for (PropertyChangeListener listener : listenerList) { listener.propertyChange(event); @@ -85,7 +84,7 @@ // All this other stuff is private to the current package. // Outide clients of Pack200 do not need to use it; they can // get by with generic SortedMap functionality. - private static Map<Object, Object> defaultProps; + private static Map<String, String> defaultProps; static { Properties props = new Properties(); @@ -141,7 +140,9 @@ } } - defaultProps = (new HashMap<>(props)); // shrink to fit + @SuppressWarnings({"unchecked", "rawtypes"}) + HashMap<String, String> temp = new HashMap(props); // shrink to fit + defaultProps = temp; } PropMap() { @@ -151,7 +152,7 @@ // Return a view of this map which includes only properties // that begin with the given prefix. This is easy because // the map is sorted, and has a subMap accessor. - SortedMap<Object, Object> prefixMap(String prefix) { + SortedMap<String, String> prefixMap(String prefix) { int len = prefix.length(); if (len == 0) return this; @@ -162,7 +163,7 @@ } String getProperty(String s) { - return (String) get(s); + return get(s); } String getProperty(String s, String defaultVal) { String val = getProperty(s); @@ -171,13 +172,13 @@ return val; } String setProperty(String s, String val) { - return (String) put(s, val); + return put(s, val); } // Get sequence of props for "prefix", and "prefix.*". - List getProperties(String prefix) { - Collection<Object> values = prefixMap(prefix).values(); - List<Object> res = new ArrayList<>(values.size()); + List<String> getProperties(String prefix) { + Collection<String> values = prefixMap(prefix).values(); + List<String> res = new ArrayList<>(values.size()); res.addAll(values); while (res.remove(null)); return res; @@ -241,8 +242,8 @@ } void list(PrintWriter out) { out.println("#"+Utils.PACK_ZIP_ARCHIVE_MARKER_COMMENT+"["); - Set defaults = defaultProps.entrySet(); - for (Map.Entry e : theMap.entrySet()) { + Set<Map.Entry<String, String>> defaults = defaultProps.entrySet(); + for (Map.Entry<String, String> e : theMap.entrySet()) { if (defaults.contains(e)) continue; out.println(" " + e.getKey() + " = " + e.getValue()); } @@ -270,18 +271,17 @@ } @Override - public Object get(Object key) { + public String get(Object key) { return theMap.get(key); } @Override - public Object remove(Object key) { + public String remove(Object key) { return theMap.remove(key); } @Override - @SuppressWarnings("unchecked") - public void putAll(Map m) { + public void putAll(Map<? extends String, ? extends String> m) { theMap.putAll(m); } @@ -291,48 +291,47 @@ } @Override - public Set<Object> keySet() { + public Set<String> keySet() { return theMap.keySet(); } @Override - public Collection<Object> values() { + public Collection<String> values() { return theMap.values(); } @Override - public Set<Map.Entry<Object, Object>> entrySet() { + public Set<Map.Entry<String, String>> entrySet() { return theMap.entrySet(); } @Override - @SuppressWarnings("unchecked") - public Comparator<Object> comparator() { - return (Comparator<Object>) theMap.comparator(); + public Comparator<? super String> comparator() { + return theMap.comparator(); } @Override - public SortedMap<Object, Object> subMap(Object fromKey, Object toKey) { + public SortedMap<String, String> subMap(String fromKey, String toKey) { return theMap.subMap(fromKey, toKey); } @Override - public SortedMap<Object, Object> headMap(Object toKey) { + public SortedMap<String, String> headMap(String toKey) { return theMap.headMap(toKey); } @Override - public SortedMap<Object, Object> tailMap(Object fromKey) { + public SortedMap<String, String> tailMap(String fromKey) { return theMap.tailMap(fromKey); } @Override - public Object firstKey() { + public String firstKey() { return theMap.firstKey(); } @Override - public Object lastKey() { + public String lastKey() { return theMap.lastKey(); } }
--- a/src/share/classes/com/sun/java/util/jar/pack/TLGlobals.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/TLGlobals.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -67,7 +67,7 @@ props = new PropMap(); } - SortedMap<Object, Object> getPropMap() { + SortedMap<String, String> getPropMap() { return props; }
--- a/src/share/classes/com/sun/java/util/jar/pack/UnpackerImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/UnpackerImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -81,8 +81,7 @@ * Get the set of options for the pack and unpack engines. * @return A sorted association of option key strings to option values. */ - @SuppressWarnings("unchecked") - public SortedMap properties() { + public SortedMap<String, String> properties() { return props; }
--- a/src/share/classes/com/sun/java/util/jar/pack/Utils.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/java/util/jar/pack/Utils.java Sat Sep 10 22:36:17 2016 +0100 @@ -253,8 +253,8 @@ } static void copyJarFile(JarFile in, JarOutputStream out) throws IOException { byte[] buffer = new byte[1 << 14]; - for (Enumeration e = in.entries(); e.hasMoreElements(); ) { - JarEntry je = (JarEntry) e.nextElement(); + for (Enumeration<JarEntry> e = in.entries(); e.hasMoreElements(); ) { + JarEntry je = e.nextElement(); out.putNextEntry(je); InputStream ein = in.getInputStream(je); for (int nr; 0 < (nr = ein.read(buffer)); ) {
--- a/src/share/classes/com/sun/jmx/remote/security/JMXSubjectDomainCombiner.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/jmx/remote/security/JMXSubjectDomainCombiner.java Sat Sep 10 22:36:17 2016 +0100 @@ -81,7 +81,7 @@ * A ProtectionDomain with a null CodeSource and an empty permission set. */ private static final ProtectionDomain pdNoPerms = - new ProtectionDomain(nullCodeSource, new Permissions()); + new ProtectionDomain(nullCodeSource, new Permissions(), null, null); /** * Get the current AccessControlContext combined with the supplied subject.
--- a/src/share/classes/com/sun/jmx/remote/util/EnvHelp.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/jmx/remote/util/EnvHelp.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,6 +1,6 @@ /* - * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -55,6 +55,21 @@ public class EnvHelp { /** + * Name of the attribute that specifies a list of class names acceptable + * as parameters to the {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()} + * remote method call. + * <p> + * This list of classes should correspond to the transitive closure of the + * credentials class (or classes) used by the installed {@linkplain JMXAuthenticator} + * associated with the {@linkplain RMIServer} implementation. + * <p> + * If the attribute is not set, or is null, then any class is + * deemed acceptable. + */ + public static final String CREDENTIAL_TYPES = + "jmx.remote.rmi.server.credential.types"; + + /** * <p>Name of the attribute that specifies a default class loader * object. * The value associated with this attribute is a ClassLoader object</p>
--- a/src/share/classes/com/sun/rowset/RowSetResourceBundle_de.properties Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/rowset/RowSetResourceBundle_de.properties Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ # -# Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -31,7 +31,7 @@ cachedrowsetimpl.accfailed = acceptChanges nicht erfolgreich cachedrowsetimpl.invalidcp = Ung\u00FCltige Cursorposition cachedrowsetimpl.illegalop = Ung\u00FCltiger Vorgang bei nicht eingef\u00FCgter Zeile -cachedrowsetimpl.clonefail = Clonen nicht erfolgreich: {0} +cachedrowsetimpl.clonefail = Klonen nicht erfolgreich: {0} cachedrowsetimpl.invalidcol = Ung\u00FCltiger Spaltenindex cachedrowsetimpl.invalcolnm = Ung\u00FCltiger Spaltenname cachedrowsetimpl.boolfail = getBoolen bei Wert ( {0} ) in Spalte {1} nicht erfolgreich
--- a/src/share/classes/com/sun/rowset/RowSetResourceBundle_ko.properties Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/rowset/RowSetResourceBundle_ko.properties Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ # -# Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -52,11 +52,11 @@ cachedrowsetimpl.absolute = \uC808\uB300: \uCEE4\uC11C \uC704\uCE58\uAC00 \uBD80\uC801\uD569\uD569\uB2C8\uB2E4. cachedrowsetimpl.relative = \uC0C1\uB300: \uCEE4\uC11C \uC704\uCE58\uAC00 \uBD80\uC801\uD569\uD569\uB2C8\uB2E4. cachedrowsetimpl.asciistream = ASCII \uC2A4\uD2B8\uB9BC\uC5D0 \uB300\uD55C \uC77D\uAE30\uB97C \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4. -cachedrowsetimpl.binstream = \uC774\uC9C4 \uC2A4\uD2B8\uB9BC\uC5D0\uC11C \uC77D\uAE30\uB97C \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4. +cachedrowsetimpl.binstream = \uBC14\uC774\uB108\uB9AC \uC2A4\uD2B8\uB9BC\uC5D0\uC11C \uC77D\uAE30\uB97C \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4. cachedrowsetimpl.failedins = \uD589 \uC0BD\uC785\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4. cachedrowsetimpl.updateins = \uD589\uC744 \uC0BD\uC785\uD558\uB294 \uC911 updateRow\uAC00 \uD638\uCD9C\uB418\uC5C8\uC2B5\uB2C8\uB2E4. cachedrowsetimpl.movetoins = moveToInsertRow: CONCUR_READ_ONLY -cachedrowsetimpl.movetoins1 = moveToInsertRow: \uBA54\uD0C0 \uB370\uC774\uD130\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4. +cachedrowsetimpl.movetoins1 = moveToInsertRow: \uBA54\uD0C0\uB370\uC774\uD130\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4. cachedrowsetimpl.movetoins2 = moveToInsertRow: \uC5F4 \uC218\uAC00 \uBD80\uC801\uD569\uD569\uB2C8\uB2E4. cachedrowsetimpl.tablename = \uD14C\uC774\uBE14 \uC774\uB984\uC740 \uB110\uC77C \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. cachedrowsetimpl.keycols = \uD0A4 \uC5F4\uC774 \uBD80\uC801\uD569\uD569\uB2C8\uB2E4. @@ -150,7 +150,7 @@ #XmlReaderContentHandler exceptions xmlrch.errmap = \uB9F5\uC744 \uC124\uC815\uD558\uB294 \uC911 \uC624\uB958 \uBC1C\uC0DD: {0} -xmlrch.errmetadata = \uBA54\uD0C0 \uB370\uC774\uD130\uB97C \uC124\uC815\uD558\uB294 \uC911 \uC624\uB958 \uBC1C\uC0DD: {0} +xmlrch.errmetadata = \uBA54\uD0C0\uB370\uC774\uD130\uB97C \uC124\uC815\uD558\uB294 \uC911 \uC624\uB958 \uBC1C\uC0DD: {0} xmlrch.errinsertval = \uAC12\uC744 \uC0BD\uC785\uD558\uB294 \uC911 \uC624\uB958 \uBC1C\uC0DD: {0} xmlrch.errconstr = \uD589\uC744 \uC0DD\uC131\uD558\uB294 \uC911 \uC624\uB958 \uBC1C\uC0DD: {0} xmlrch.errdel = \uD589\uC744 \uC0AD\uC81C\uD558\uB294 \uC911 \uC624\uB958 \uBC1C\uC0DD: {0} @@ -160,7 +160,7 @@ xmlrch.errupdrow = \uD589\uC744 \uC5C5\uB370\uC774\uD2B8\uD558\uB294 \uC911 \uC624\uB958 \uBC1C\uC0DD: {0} xmlrch.chars = \uBB38\uC790: xmlrch.badvalue = \uC798\uBABB\uB41C \uAC12: \uB110\uC77C \uC218 \uC5C6\uB294 \uC18D\uC131\uC785\uB2C8\uB2E4. -xmlrch.badvalue1 = \uC798\uBABB\uB41C \uAC12: \uB110\uC77C \uC218 \uC5C6\uB294 \uBA54\uD0C0 \uB370\uC774\uD130\uC785\uB2C8\uB2E4. +xmlrch.badvalue1 = \uC798\uBABB\uB41C \uAC12: \uB110\uC77C \uC218 \uC5C6\uB294 \uBA54\uD0C0\uB370\uC774\uD130\uC785\uB2C8\uB2E4. xmlrch.warning = ** \uACBD\uACE0: {0}, \uD589: {1}, URI: {2} #RIOptimisticProvider Exceptions
--- a/src/share/classes/com/sun/security/auth/PolicyFile.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/auth/PolicyFile.java Sat Sep 10 22:36:17 2016 +0100 @@ -26,13 +26,10 @@ package com.sun.security.auth; import java.io.*; -import java.lang.RuntimePermission; import java.lang.reflect.*; -import java.net.MalformedURLException; import java.net.URL; import java.util.*; -import java.security.AccessController; import java.security.CodeSource; import java.security.KeyStore; import java.security.KeyStoreException; @@ -260,7 +257,7 @@ private static final String AUTH_POLICY_URL = "auth.policy.url."; private Vector<PolicyEntry> policyEntries; - private Hashtable aliasMapping; + private Hashtable<Object, Object> aliasMapping; private boolean initialized = false; @@ -293,7 +290,7 @@ return; policyEntries = new Vector<PolicyEntry>(); - aliasMapping = new Hashtable(11); + aliasMapping = new Hashtable<Object, Object>(11); initPolicyFile(); initialized = true; @@ -403,7 +400,7 @@ } try { extra_policy = PropertyExpander.expand(extra_policy); - URL policyURL;; + URL policyURL; File policyFile = new File(extra_policy); if (policyFile.exists()) { policyURL = @@ -702,8 +699,8 @@ InvocationTargetException { //XXX we might want to keep a hash of created factories... - Class pc = Class.forName(type); - Constructor c = pc.getConstructor(PARAMS); + Class<?> pc = Class.forName(type); + Constructor<?> c = pc.getConstructor(PARAMS); return (Permission) c.newInstance(new Object[] { name, actions }); } @@ -1088,16 +1085,20 @@ // because the earlier CodeSource.implies succeeded SubjectCodeSource scs = (SubjectCodeSource)accCs; - Set<Principal> principalSet = null; + Set<? extends Principal> principalSet = null; try { - Class pClass = Class.forName(principal.principalClass, false, - ClassLoader.getSystemClassLoader()); + // principal.principalClass should extend Principal + // If it doesn't, we should stop here with a ClassCastException. + @SuppressWarnings("unchecked") + Class<? extends Principal> pClass = (Class<? extends Principal>) + Class.forName(principal.principalClass, false, + ClassLoader.getSystemClassLoader()); principalSet = scs.getSubject().getPrincipals(pClass); } catch (Exception e) { if (debug != null) { debug.println("problem finding Principal Class " + - "when expanding SELF permission: " + - e.toString()); + "when expanding SELF permission: " + + e.toString()); } } @@ -1107,11 +1108,9 @@ } String[][] info = new String[principalSet.size()][2]; - java.util.Iterator<Principal> pIterator = principalSet.iterator(); int i = 0; - while (pIterator.hasNext()) { - Principal p = pIterator.next(); + for (Principal p : principalSet) { info[i][0] = p.getClass().getName(); info[i][1] = p.getName(); i++;
--- a/src/share/classes/com/sun/security/auth/SubjectCodeSource.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/auth/SubjectCodeSource.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -205,10 +205,9 @@ // handle PrincipalComparators - Class principalComparator = Class.forName(pppe.principalClass, - true, - sysClassLoader); - Constructor c = principalComparator.getConstructor(PARAMS); + Class<?> principalComparator = Class.forName( + pppe.principalClass, true, sysClassLoader); + Constructor<?> c = principalComparator.getConstructor(PARAMS); PrincipalComparator pc = (PrincipalComparator)c.newInstance (new Object[] { pppe.principalName });
--- a/src/share/classes/com/sun/security/auth/module/JndiLoginModule.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/auth/module/JndiLoginModule.java Sat Sep 10 22:36:17 2016 +0100 @@ -32,16 +32,13 @@ import javax.naming.*; import javax.naming.directory.*; -import java.io.IOException; import java.util.Map; import java.util.LinkedList; -import java.util.ResourceBundle; import com.sun.security.auth.UnixPrincipal; import com.sun.security.auth.UnixNumericUserPrincipal; import com.sun.security.auth.UnixNumericGroupPrincipal; -import sun.security.util.AuthResources; /** * <p> The module prompts for a username and password @@ -189,7 +186,7 @@ // initial state private Subject subject; private CallbackHandler callbackHandler; - private Map sharedState; + private Map<String, Object> sharedState; private Map<String, ?> options; private static final String CRYPT = "{crypt}"; @@ -217,13 +214,18 @@ * <code>Configuration</code> for this particular * <code>LoginModule</code>. */ + // Unchecked warning from (Map<String, Object>)sharedState is safe + // since javax.security.auth.login.LoginContext passes a raw HashMap. + // Unchecked warnings from options.get(String) are safe since we are + // passing known keys. + @SuppressWarnings("unchecked") public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options) { this.subject = subject; this.callbackHandler = callbackHandler; - this.sharedState = sharedState; + this.sharedState = (Map<String, Object>)sharedState; this.options = options; // initialize any configured options
--- a/src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java Sat Sep 10 22:36:17 2016 +0100 @@ -25,11 +25,9 @@ package com.sun.security.auth.module; -import javax.security.auth.x500.X500Principal; import java.io.File; import java.io.IOException; import java.io.InputStream; -import java.io.PushbackInputStream; import java.net.MalformedURLException; import java.net.URL; import java.security.AuthProvider; @@ -39,7 +37,6 @@ import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; -import java.security.Principal; import java.security.PrivateKey; import java.security.Provider; import java.security.UnrecoverableKeyException; @@ -49,13 +46,10 @@ import java.util.Iterator; import java.util.LinkedList; import java.util.Map; -import java.util.ResourceBundle; import javax.security.auth.Destroyable; import javax.security.auth.DestroyFailedException; import javax.security.auth.Subject; import javax.security.auth.x500.*; -import javax.security.auth.Subject; -import javax.security.auth.x500.*; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.ConfirmationCallback; @@ -67,7 +61,6 @@ import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; -import sun.security.util.AuthResources; import sun.security.util.Password; /** @@ -159,7 +152,7 @@ private Subject subject; private CallbackHandler callbackHandler; - private Map sharedState; + private Map<String, Object> sharedState; private Map<String, ?> options; private char[] keyStorePassword; @@ -202,7 +195,9 @@ * <code>Configuration</code> for this particular * <code>LoginModule</code>. */ - + // Unchecked warning from (Map<String, Object>)sharedState is safe + // since javax.security.auth.login.LoginContext passes a raw HashMap. + @SuppressWarnings("unchecked") public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, @@ -210,7 +205,7 @@ { this.subject = subject; this.callbackHandler = callbackHandler; - this.sharedState = sharedState; + this.sharedState = (Map<String, Object>)sharedState; this.options = options; processOptions(); @@ -337,6 +332,7 @@ } /** Get the alias and passwords to use for looking up in the KeyStore. */ + @SuppressWarnings("fallthrough") private void getAliasAndPasswords(int env) throws LoginException { if (callbackHandler == null) {
--- a/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java Sat Sep 10 22:36:17 2016 +0100 @@ -367,7 +367,7 @@ // initial state private Subject subject; private CallbackHandler callbackHandler; - private Map sharedState; + private Map<String, Object> sharedState; private Map<String, ?> options; // configurable option @@ -432,7 +432,11 @@ * <code>Configuration</code> for this particular * <code>LoginModule</code>. */ - + // Unchecked warning from (Map<String, Object>)sharedState is safe + // since javax.security.auth.login.LoginContext passes a raw HashMap. + // Unchecked warnings from options.get(String) are safe since we are + // passing known keys. + @SuppressWarnings("unchecked") public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, @@ -440,7 +444,7 @@ this.subject = subject; this.callbackHandler = callbackHandler; - this.sharedState = sharedState; + this.sharedState = (Map<String, Object>)sharedState; this.options = options; // initialize any configured options
--- a/src/share/classes/com/sun/security/auth/module/LdapLoginModule.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/auth/module/LdapLoginModule.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,14 +25,12 @@ package com.sun.security.auth.module; -import java.io.IOException; import java.security.AccessController; import java.net.SocketPermission; import java.security.Principal; import java.security.PrivilegedAction; import java.util.Arrays; import java.util.Hashtable; -import java.util.Iterator; import java.util.Map; import java.util.ResourceBundle; import java.util.regex.Matcher; @@ -50,7 +48,6 @@ import com.sun.security.auth.LdapPrincipal; import com.sun.security.auth.UserPrincipal; -import sun.security.util.AuthResources; /** * This {@link LoginModule} performs LDAP-based authentication. @@ -366,12 +363,12 @@ // Initial state private Subject subject; private CallbackHandler callbackHandler; - private Map sharedState; + private Map<String, Object> sharedState; private Map<String, ?> options; private LdapContext ctx; private Matcher identityMatcher = null; private Matcher filterMatcher = null; - private Hashtable ldapEnvironment; + private Hashtable<String, Object> ldapEnvironment; private SearchControls constraints = null; /** @@ -385,15 +382,18 @@ * <code>Configuration</code> for this particular * <code>LoginModule</code>. */ + // Unchecked warning from (Map<String, Object>)sharedState is safe + // since javax.security.auth.login.LoginContext passes a raw HashMap. + @SuppressWarnings("unchecked") public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) { this.subject = subject; this.callbackHandler = callbackHandler; - this.sharedState = sharedState; + this.sharedState = (Map<String, Object>)sharedState; this.options = options; - ldapEnvironment = new Hashtable(9); + ldapEnvironment = new Hashtable<String, Object>(9); ldapEnvironment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
--- a/src/share/classes/com/sun/security/jgss/InquireSecContextPermission.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/jgss/InquireSecContextPermission.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -36,6 +36,7 @@ * <p>The target name is the {@link InquireType} allowed. */ public final class InquireSecContextPermission extends BasicPermission { + private static final long serialVersionUID = -7131173349668647297L; /** * Constructs a new {@code InquireSecContextPermission} object with
--- a/src/share/classes/com/sun/security/ntlm/NTLMException.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/ntlm/NTLMException.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,6 +31,7 @@ * An NTLM-related Exception */ public final class NTLMException extends GeneralSecurityException { + private static final long serialVersionUID = -3298539507906689430L; /** * If the incoming packet is invalid.
--- a/src/share/classes/com/sun/security/sasl/CramMD5Server.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/sasl/CramMD5Server.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,7 +33,6 @@ import java.io.UnsupportedEncodingException; import java.security.NoSuchAlgorithmException; -import java.util.logging.Logger; import java.util.logging.Level; /** @@ -68,7 +67,7 @@ * @param pw A non-null String or byte[] * containing the password. If it is an array, it is first cloned. */ - CramMD5Server(String protocol, String serverFqdn, Map props, + CramMD5Server(String protocol, String serverFqdn, Map<String, ?> props, CallbackHandler cbh) throws SaslException { if (serverFqdn == null) { throw new SaslException(
--- a/src/share/classes/com/sun/security/sasl/digest/DigestMD5Base.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/sasl/digest/DigestMD5Base.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,21 +28,15 @@ import java.util.Map; import java.util.Arrays; import java.util.List; -import java.util.Set; -import java.util.logging.Logger; import java.util.logging.Level; import java.math.BigInteger; import java.util.Random; -import java.security.Provider; -import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.UnsupportedEncodingException; import java.io.IOException; import java.security.MessageDigest; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.security.NoSuchAlgorithmException; import java.security.InvalidKeyException; import java.security.spec.KeySpec; @@ -53,7 +47,6 @@ import javax.crypto.SecretKey; import javax.crypto.Mac; import javax.crypto.SecretKeyFactory; -import javax.crypto.BadPaddingException; import javax.crypto.NoSuchPaddingException; import javax.crypto.IllegalBlockSizeException; import javax.crypto.spec.IvParameterSpec; @@ -175,8 +168,9 @@ * * @throws SaslException If invalid value found in props. */ - protected DigestMD5Base(Map props, String className, int firstStep, - String digestUri, CallbackHandler cbh) throws SaslException { + protected DigestMD5Base(Map<String, ?> props, String className, + int firstStep, String digestUri, CallbackHandler cbh) + throws SaslException { super(props, className); // sets QOP, STENGTH and BUFFER_SIZE step = firstStep; @@ -791,7 +785,7 @@ } } else if (realmChoices != null && i == realmIndex) { // > 1 realm specified - if (realmChoices.size() == 0) { + if (realmChoices.isEmpty()) { realmChoices.add(valueTable[i]); // add existing one } realmChoices.add(value); // add new one @@ -1585,47 +1579,45 @@ KeySpec spec = null; SecretKeyFactory desFactory = SecretKeyFactory.getInstance(desStrength); - - if (desStrength.equals("des")) { - spec = new DESKeySpec(subkey1, 0); - if (logger.isLoggable(Level.FINEST)) { - traceOutput(DP_CLASS_NAME, "makeDesKeys", - "DIGEST42:DES key input: ", input); - traceOutput(DP_CLASS_NAME, "makeDesKeys", - "DIGEST43:DES key parity-adjusted: ", subkey1); - traceOutput(DP_CLASS_NAME, "makeDesKeys", - "DIGEST44:DES key material: ", ((DESKeySpec)spec).getKey()); - logger.log(Level.FINEST, "DIGEST45: is parity-adjusted? {0}", - Boolean.valueOf(DESKeySpec.isParityAdjusted(subkey1, 0))); - } - - } else if (desStrength.equals("desede")) { - - // Generate second subkey using second 7 bytes - byte[] subkey2 = addDesParity(input, 7, 7); - - // Construct 24-byte encryption-decryption-encryption sequence - byte[] ede = new byte[subkey1.length*2+subkey2.length]; - System.arraycopy(subkey1, 0, ede, 0, subkey1.length); - System.arraycopy(subkey2, 0, ede, subkey1.length, subkey2.length); - System.arraycopy(subkey1, 0, ede, subkey1.length+subkey2.length, - subkey1.length); - - spec = new DESedeKeySpec(ede, 0); - if (logger.isLoggable(Level.FINEST)) { - traceOutput(DP_CLASS_NAME, "makeDesKeys", - "DIGEST46:3DES key input: ", input); - traceOutput(DP_CLASS_NAME, "makeDesKeys", - "DIGEST47:3DES key ede: ", ede); - traceOutput(DP_CLASS_NAME, "makeDesKeys", - "DIGEST48:3DES key material: ", - ((DESedeKeySpec)spec).getKey()); - logger.log(Level.FINEST, "DIGEST49: is parity-adjusted? ", - Boolean.valueOf(DESedeKeySpec.isParityAdjusted(ede, 0))); - } - } else { - throw new IllegalArgumentException("Invalid DES strength:" + - desStrength); + switch (desStrength) { + case "des": + spec = new DESKeySpec(subkey1, 0); + if (logger.isLoggable(Level.FINEST)) { + traceOutput(DP_CLASS_NAME, "makeDesKeys", + "DIGEST42:DES key input: ", input); + traceOutput(DP_CLASS_NAME, "makeDesKeys", + "DIGEST43:DES key parity-adjusted: ", subkey1); + traceOutput(DP_CLASS_NAME, "makeDesKeys", + "DIGEST44:DES key material: ", ((DESKeySpec)spec).getKey()); + logger.log(Level.FINEST, "DIGEST45: is parity-adjusted? {0}", + Boolean.valueOf(DESKeySpec.isParityAdjusted(subkey1, 0))); + } + break; + case "desede": + // Generate second subkey using second 7 bytes + byte[] subkey2 = addDesParity(input, 7, 7); + // Construct 24-byte encryption-decryption-encryption sequence + byte[] ede = new byte[subkey1.length*2+subkey2.length]; + System.arraycopy(subkey1, 0, ede, 0, subkey1.length); + System.arraycopy(subkey2, 0, ede, subkey1.length, subkey2.length); + System.arraycopy(subkey1, 0, ede, subkey1.length+subkey2.length, + subkey1.length); + spec = new DESedeKeySpec(ede, 0); + if (logger.isLoggable(Level.FINEST)) { + traceOutput(DP_CLASS_NAME, "makeDesKeys", + "DIGEST46:3DES key input: ", input); + traceOutput(DP_CLASS_NAME, "makeDesKeys", + "DIGEST47:3DES key ede: ", ede); + traceOutput(DP_CLASS_NAME, "makeDesKeys", + "DIGEST48:3DES key material: ", + ((DESedeKeySpec)spec).getKey()); + logger.log(Level.FINEST, "DIGEST49: is parity-adjusted? ", + Boolean.valueOf(DESedeKeySpec.isParityAdjusted(ede, 0))); + } + break; + default: + throw new IllegalArgumentException("Invalid DES strength:" + + desStrength); } return desFactory.generateSecret(spec); }
--- a/src/share/classes/com/sun/security/sasl/digest/DigestMD5Client.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/sasl/digest/DigestMD5Client.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,21 +25,16 @@ package com.sun.security.sasl.digest; -import java.security.AccessController; -import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.io.ByteArrayOutputStream; -import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.util.StringTokenizer; import java.util.ArrayList; import java.util.List; import java.util.Map; -import java.util.Set; import java.util.Arrays; -import java.util.logging.Logger; import java.util.logging.Level; import javax.security.sasl.*; @@ -153,7 +148,7 @@ * @throws SaslException if no authentication ID or password is supplied */ DigestMD5Client(String authzid, String protocol, String serverName, - Map props, CallbackHandler cbh) throws SaslException { + Map<String, ?> props, CallbackHandler cbh) throws SaslException { super(props, MY_CLASS_NAME, 2, protocol + "/" + serverName, cbh);
--- a/src/share/classes/com/sun/security/sasl/digest/DigestMD5Server.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/sasl/digest/DigestMD5Server.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,23 +25,16 @@ package com.sun.security.sasl.digest; -import java.security.AccessController; -import java.security.Provider; -import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.io.ByteArrayOutputStream; -import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; -import java.util.Random; import java.util.StringTokenizer; import java.util.ArrayList; import java.util.List; import java.util.Map; -import java.util.Set; import java.util.Arrays; -import java.util.logging.Logger; import java.util.logging.Level; import javax.security.sasl.*; @@ -147,7 +140,7 @@ private byte[] myCiphers; private List<String> serverRealms; - DigestMD5Server(String protocol, String serverName, Map props, + DigestMD5Server(String protocol, String serverName, Map<String, ?> props, CallbackHandler cbh) throws SaslException { super(props, MY_CLASS_NAME, 1, protocol + "/" + serverName, cbh); @@ -179,7 +172,7 @@ encoding = (useUTF8 ? "UTF8" : "8859_1"); // By default, use server name as realm - if (serverRealms.size() == 0) { + if (serverRealms.isEmpty()) { serverRealms.add(serverName); } } @@ -468,19 +461,23 @@ // Check that QOP is one sent by server byte cQop; - if (negotiatedQop.equals("auth")) { - cQop = NO_PROTECTION; - } else if (negotiatedQop.equals("auth-int")) { - cQop = INTEGRITY_ONLY_PROTECTION; - integrity = true; - rawSendSize = sendMaxBufSize - 16; - } else if (negotiatedQop.equals("auth-conf")) { - cQop = PRIVACY_PROTECTION; - integrity = privacy = true; - rawSendSize = sendMaxBufSize - 26; - } else { - throw new SaslException("DIGEST-MD5: digest response format " + - "violation. Invalid QOP: " + negotiatedQop); + switch (negotiatedQop) { + case "auth": + cQop = NO_PROTECTION; + break; + case "auth-int": + cQop = INTEGRITY_ONLY_PROTECTION; + integrity = true; + rawSendSize = sendMaxBufSize - 16; + break; + case "auth-conf": + cQop = PRIVACY_PROTECTION; + integrity = privacy = true; + rawSendSize = sendMaxBufSize - 26; + break; + default: + throw new SaslException("DIGEST-MD5: digest response format " + + "violation. Invalid QOP: " + negotiatedQop); } if ((cQop&allQop) == 0) { throw new SaslException("DIGEST-MD5: server does not support " +
--- a/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Base.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Base.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,9 +26,7 @@ package com.sun.security.sasl.gsskerb; -import java.io.IOException; import java.util.Map; -import java.util.logging.Logger; import java.util.logging.Level; import javax.security.sasl.*; import com.sun.security.sasl.util.AbstractSaslImpl; @@ -49,7 +47,8 @@ protected GSSContext secCtx = null; protected static final int JGSS_QOP = 0; // unrelated to SASL QOP mask - protected GssKrb5Base(Map props, String className) throws SaslException { + protected GssKrb5Base(Map<String, ?> props, String className) + throws SaslException { super(props, className); }
--- a/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Client.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Client.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,7 +27,6 @@ import java.io.IOException; import java.util.Map; -import java.util.logging.Logger; import java.util.logging.Level; import javax.security.sasl.*; @@ -93,7 +92,7 @@ * with the server. */ GssKrb5Client(String authzID, String protocol, String serverName, - Map props, CallbackHandler cbh) throws SaslException { + Map<String, ?> props, CallbackHandler cbh) throws SaslException { super(props, MY_CLASS_NAME);
--- a/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Server.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Server.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,7 +28,6 @@ import javax.security.sasl.*; import java.io.*; import java.util.Map; -import java.util.logging.Logger; import java.util.logging.Level; // JAAS @@ -77,7 +76,7 @@ * with the client. */ GssKrb5Server(String protocol, String serverName, - Map props, CallbackHandler cbh) throws SaslException { + Map<String, ?> props, CallbackHandler cbh) throws SaslException { super(props, MY_CLASS_NAME);
--- a/src/share/classes/com/sun/security/sasl/ntlm/NTLMClient.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/sasl/ntlm/NTLMClient.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -111,7 +111,7 @@ * @throws SaslException */ NTLMClient(String mech, String authzid, String protocol, String serverName, - Map props, CallbackHandler cbh) throws SaslException { + Map<String, ?> props, CallbackHandler cbh) throws SaslException { this.mech = mech; String version = null; @@ -205,12 +205,13 @@ if (!isComplete()) { throw new IllegalStateException("authentication not complete"); } - if (propName.equals(Sasl.QOP)) { - return "auth"; - } else if (propName.equals(NTLM_DOMAIN)) { - return client.getDomain(); - } else { - return null; + switch (propName) { + case Sasl.QOP: + return "auth"; + case NTLM_DOMAIN: + return client.getDomain(); + default: + return null; } }
--- a/src/share/classes/com/sun/security/sasl/ntlm/NTLMServer.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/sasl/ntlm/NTLMServer.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -110,7 +110,8 @@ * @throws SaslException */ NTLMServer(String mech, String protocol, String serverName, - Map props, final CallbackHandler cbh) throws SaslException { + Map<String, ?> props, final CallbackHandler cbh) + throws SaslException { this.mech = mech; String version = null; @@ -218,12 +219,13 @@ if (!isComplete()) { throw new IllegalStateException("authentication not complete"); } - if (propName.equals(Sasl.QOP)) { - return "auth"; - } else if (propName.equals(NTLM_HOSTNAME)) { - return hostname; - } else { - return null; + switch (propName) { + case Sasl.QOP: + return "auth"; + case NTLM_HOSTNAME: + return hostname; + default: + return null; } }
--- a/src/share/classes/com/sun/security/sasl/util/AbstractSaslImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/sasl/util/AbstractSaslImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,8 +29,6 @@ import java.io.*; import java.util.Map; import java.util.StringTokenizer; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.logging.Logger; import java.util.logging.Level; @@ -63,7 +61,8 @@ protected String myClassName; - protected AbstractSaslImpl(Map props, String className) throws SaslException { + protected AbstractSaslImpl(Map<String, ?> props, String className) + throws SaslException { myClassName = className; // Parse properties to set desired context options @@ -156,23 +155,23 @@ if (!completed) { throw new IllegalStateException("SASL authentication not completed"); } - - if (propName.equals(Sasl.QOP)) { - if (privacy) { - return "auth-conf"; - } else if (integrity) { - return "auth-int"; - } else { - return "auth"; - } - } else if (propName.equals(Sasl.MAX_BUFFER)) { - return Integer.toString(recvMaxBufSize); - } else if (propName.equals(Sasl.RAW_SEND_SIZE)) { - return Integer.toString(rawSendSize); - } else if (propName.equals(MAX_SEND_BUF)) { - return Integer.toString(sendMaxBufSize); - } else { - return null; + switch (propName) { + case Sasl.QOP: + if (privacy) { + return "auth-conf"; + } else if (integrity) { + return "auth-int"; + } else { + return "auth"; + } + case Sasl.MAX_BUFFER: + return Integer.toString(recvMaxBufSize); + case Sasl.RAW_SEND_SIZE: + return Integer.toString(rawSendSize); + case MAX_SEND_BUF: + return Integer.toString(sendMaxBufSize); + default: + return null; } }
--- a/src/share/classes/com/sun/security/sasl/util/PolicyUtils.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/security/sasl/util/PolicyUtils.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -53,7 +53,7 @@ * @param props The security policy properties to check * @return true if passes; false if fails */ - public static boolean checkPolicy(int flags, Map props) { + public static boolean checkPolicy(int flags, Map<String, ?> props) { if (props == null) { return true; } @@ -93,7 +93,7 @@ * */ public static String[] filterMechs(String[] mechs, int[] policies, - Map props) { + Map<String, ?> props) { if (props == null) { return mechs.clone(); }
--- a/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_ko.properties Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_ko.properties Sat Sep 10 22:36:17 2016 +0100 @@ -71,7 +71,7 @@ FileChooser.directoryOpenButtonToolTip.textAndMnemonic=\uC120\uD0DD\uB41C \uB514\uB809\uD1A0\uB9AC \uC5F4\uAE30 FileChooser.filesListAccessibleName=\uD30C\uC77C \uBAA9\uB85D -FileChooser.filesDetailsAccessibleName=\uD30C\uC77C \uC138\uBD80 \uC815\uBCF4 +FileChooser.filesDetailsAccessibleName=\uD30C\uC77C \uC138\uBD80\uC815\uBCF4 ############ COLOR CHOOSER STRINGS ############# ColorChooser.preview.textAndMnemonic=\uBBF8\uB9AC\uBCF4\uAE30
--- a/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_ko.properties Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_ko.properties Sat Sep 10 22:36:17 2016 +0100 @@ -33,9 +33,9 @@ FileChooser.listViewButtonToolTip.textAndMnemonic=\uBAA9\uB85D FileChooser.listViewButtonAccessibleName=\uBAA9\uB85D FileChooser.listViewActionLabel.textAndMnemonic=\uBAA9\uB85D -FileChooser.detailsViewButtonToolTip.textAndMnemonic=\uC138\uBD80 \uC815\uBCF4 -FileChooser.detailsViewButtonAccessibleName=\uC138\uBD80 \uC815\uBCF4 -FileChooser.detailsViewActionLabel.textAndMnemonic=\uC138\uBD80 \uC815\uBCF4 +FileChooser.detailsViewButtonToolTip.textAndMnemonic=\uC138\uBD80\uC815\uBCF4 +FileChooser.detailsViewButtonAccessibleName=\uC138\uBD80\uC815\uBCF4 +FileChooser.detailsViewActionLabel.textAndMnemonic=\uC138\uBD80\uC815\uBCF4 FileChooser.refreshActionLabel.textAndMnemonic=\uC0C8\uB85C \uACE0\uCE68 FileChooser.viewMenuLabel.textAndMnemonic=\uBCF4\uAE30 FileChooser.fileNameHeader.textAndMnemonic=\uC774\uB984
--- a/src/share/classes/com/sun/swing/internal/plaf/synth/resources/synth_ko.properties Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/com/sun/swing/internal/plaf/synth/resources/synth_ko.properties Sat Sep 10 22:36:17 2016 +0100 @@ -33,9 +33,9 @@ FileChooser.listViewButtonToolTip.textAndMnemonic=\uBAA9\uB85D FileChooser.listViewButtonAccessibleName=\uBAA9\uB85D FileChooser.listViewActionLabel.textAndMnemonic=\uBAA9\uB85D -FileChooser.detailsViewButtonToolTip.textAndMnemonic=\uC138\uBD80 \uC815\uBCF4 -FileChooser.detailsViewButtonAccessibleName=\uC138\uBD80 \uC815\uBCF4 -FileChooser.detailsViewActionLabel.textAndMnemonic=\uC138\uBD80 \uC815\uBCF4 +FileChooser.detailsViewButtonToolTip.textAndMnemonic=\uC138\uBD80\uC815\uBCF4 +FileChooser.detailsViewButtonAccessibleName=\uC138\uBD80\uC815\uBCF4 +FileChooser.detailsViewActionLabel.textAndMnemonic=\uC138\uBD80\uC815\uBCF4 FileChooser.refreshActionLabel.textAndMnemonic=\uC0C8\uB85C \uACE0\uCE68 FileChooser.viewMenuLabel.textAndMnemonic=\uBCF4\uAE30 FileChooser.fileNameHeader.textAndMnemonic=\uC774\uB984
--- a/src/share/classes/java/beans/PropertyDescriptor.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/beans/PropertyDescriptor.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,6 +28,7 @@ import java.lang.ref.Reference; import java.lang.reflect.Method; import java.lang.reflect.Constructor; +import sun.reflect.misc.ReflectUtil; /** * A PropertyDescriptor describes one property that a Java Bean @@ -424,8 +425,9 @@ public PropertyEditor createPropertyEditor(Object bean) { Object editor = null; - Class cls = getPropertyEditorClass(); - if (cls != null) { + final Class cls = getPropertyEditorClass(); + if (cls != null && PropertyEditor.class.isAssignableFrom(cls) + && ReflectUtil.isPackageAccessible(cls)) { Constructor ctor = null; if (bean != null) { try {
--- a/src/share/classes/java/io/ObjectInputStream.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/io/ObjectInputStream.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -39,8 +39,11 @@ import java.util.HashMap; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; -import java.util.concurrent.atomic.AtomicBoolean; import static java.io.ObjectStreamClass.processQueue; +import sun.misc.JavaObjectInputStreamAccess; +import sun.misc.ObjectStreamClassValidator; +import sun.misc.SharedSecrets; +import sun.misc.Unsafe; import sun.reflect.misc.ReflectUtil; /** @@ -1503,23 +1506,28 @@ throws IOException { byte tc = bin.peekByte(); + ObjectStreamClass descriptor; switch (tc) { case TC_NULL: - return (ObjectStreamClass) readNull(); - + descriptor = (ObjectStreamClass) readNull(); + break; case TC_REFERENCE: - return (ObjectStreamClass) readHandle(unshared); - + descriptor = (ObjectStreamClass) readHandle(unshared); + break; case TC_PROXYCLASSDESC: - return readProxyDesc(unshared); - + descriptor = readProxyDesc(unshared); + break; case TC_CLASSDESC: - return readNonProxyDesc(unshared); - + descriptor = readNonProxyDesc(unshared); + break; default: throw new StreamCorruptedException( String.format("invalid type code: %02X", tc)); } + if (descriptor != null) { + validateDescriptor(descriptor); + } + return descriptor; } private boolean isCustomSubclass() { @@ -1887,6 +1895,8 @@ if (obj == null || handles.lookupException(passHandle) != null) { defaultReadFields(null, slotDesc); // skip field values } else if (slotDesc.hasReadObjectMethod()) { + ThreadDeath t = null; + boolean reset = false; SerialCallbackContext oldContext = curContext; if (oldContext != null) oldContext.check(); @@ -1905,10 +1915,19 @@ */ handles.markException(passHandle, ex); } finally { - curContext.setUsed(); - if (oldContext!= null) - oldContext.check(); - curContext = oldContext; + do { + try { + curContext.setUsed(); + if (oldContext!= null) + oldContext.check(); + curContext = oldContext; + reset = true; + } catch (ThreadDeath x) { + t = x; // defer until reset is true + } + } while (!reset); + if (t != null) + throw t; } /* @@ -1919,7 +1938,7 @@ defaultDataEnd = false; } else { defaultReadFields(obj, slotDesc); - } + } if (slotDesc.hasWriteObjectData()) { skipCustomData(); @@ -1935,7 +1954,7 @@ } } } - } + } /** * Skips over all block data and objects until TC_ENDBLOCKDATA is @@ -1983,27 +2002,27 @@ if (primVals == null || primVals.length < primDataSize) { primVals = new byte[primDataSize]; } - bin.readFully(primVals, 0, primDataSize, false); + bin.readFully(primVals, 0, primDataSize, false); if (obj != null) { desc.setPrimFieldValues(obj, primVals); } - int objHandle = passHandle; - ObjectStreamField[] fields = desc.getFields(false); + int objHandle = passHandle; + ObjectStreamField[] fields = desc.getFields(false); Object[] objVals = new Object[desc.getNumObjFields()]; - int numPrimFields = fields.length - objVals.length; - for (int i = 0; i < objVals.length; i++) { - ObjectStreamField f = fields[numPrimFields + i]; - objVals[i] = readObject0(f.isUnshared()); - if (f.getField() != null) { - handles.markDependency(objHandle, passHandle); + int numPrimFields = fields.length - objVals.length; + for (int i = 0; i < objVals.length; i++) { + ObjectStreamField f = fields[numPrimFields + i]; + objVals[i] = readObject0(f.isUnshared()); + if (f.getField() != null) { + handles.markDependency(objHandle, passHandle); + } } - } if (obj != null) { desc.setObjFieldValues(obj, objVals); } - passHandle = objHandle; - } + passHandle = objHandle; + } /** * Reads in and returns IOException that caused serialization to abort. @@ -3539,4 +3558,25 @@ } } + private void validateDescriptor(ObjectStreamClass descriptor) { + ObjectStreamClassValidator validating = validator; + if (validating != null) { + validating.validateDescriptor(descriptor); + } + } + + // controlled access to ObjectStreamClassValidator + private volatile ObjectStreamClassValidator validator; + + private static void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator) { + ois.validator = validator; + } + static { + SharedSecrets.setJavaObjectInputStreamAccess(new JavaObjectInputStreamAccess() { + @Override + public void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator) { + ObjectInputStream.setValidator(ois, validator); + } + }); + } }
--- a/src/share/classes/java/io/ObjectStreamClass.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/io/ObjectStreamClass.java Sat Sep 10 22:36:17 2016 +0100 @@ -189,6 +189,9 @@ /** superclass descriptor appearing in stream */ private ObjectStreamClass superDesc; + /** true if, and only if, the object has been correctly initialized */ + private boolean initialized; + /** * Initializes native code. */ @@ -266,6 +269,7 @@ if (cl == null) { return null; } + requireInitialized(); if (System.getSecurityManager() != null) { Class<?> caller = Reflection.getCallerClass(); if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), cl.getClassLoader())) { @@ -533,6 +537,7 @@ name, "unmatched serializable field(s) declared"); } } + initialized = true; } /** @@ -550,6 +555,14 @@ ObjectStreamClass superDesc) throws InvalidClassException { + ObjectStreamClass osc = null; + if (cl != null) { + osc = lookup(cl, true); + if (!osc.isProxy) { + throw new InvalidClassException( + "cannot bind proxy descriptor to a non-proxy class"); + } + } this.cl = cl; this.resolveEx = resolveEx; this.superDesc = superDesc; @@ -557,21 +570,17 @@ serializable = true; suid = Long.valueOf(0); fields = NO_FIELDS; - - if (cl != null) { - localDesc = lookup(cl, true); - if (!localDesc.isProxy) { - throw new InvalidClassException( - "cannot bind proxy descriptor to a non-proxy class"); - } + if (osc != null) { + localDesc = osc; name = localDesc.name; externalizable = localDesc.externalizable; - cons = localDesc.cons; writeReplaceMethod = localDesc.writeReplaceMethod; readResolveMethod = localDesc.readResolveMethod; deserializeEx = localDesc.deserializeEx; + cons = localDesc.cons; } fieldRefl = getReflector(fields, localDesc); + initialized = true; } /** @@ -583,11 +592,57 @@ ObjectStreamClass superDesc) throws InvalidClassException { + long suid = Long.valueOf(model.getSerialVersionUID()); + ObjectStreamClass osc = null; + if (cl != null) { + osc = lookup(cl, true); + if (osc.isProxy) { + throw new InvalidClassException( + "cannot bind non-proxy descriptor to a proxy class"); + } + if (model.isEnum != osc.isEnum) { + throw new InvalidClassException(model.isEnum ? + "cannot bind enum descriptor to a non-enum class" : + "cannot bind non-enum descriptor to an enum class"); + } + + if (model.serializable == osc.serializable && + !cl.isArray() && + suid != osc.getSerialVersionUID()) { + throw new InvalidClassException(osc.name, + "local class incompatible: " + + "stream classdesc serialVersionUID = " + suid + + ", local class serialVersionUID = " + + osc.getSerialVersionUID()); + } + + if (!classNamesEqual(model.name, osc.name)) { + throw new InvalidClassException(osc.name, + "local class name incompatible with stream class " + + "name \"" + model.name + "\""); + } + + if (!model.isEnum) { + if ((model.serializable == osc.serializable) && + (model.externalizable != osc.externalizable)) { + throw new InvalidClassException(osc.name, + "Serializable incompatible with Externalizable"); + } + + if ((model.serializable != osc.serializable) || + (model.externalizable != osc.externalizable) || + !(model.serializable || model.externalizable)) { + deserializeEx = new ExceptionInfo( + osc.name, "class invalid for deserialization"); + } + } + } + this.cl = cl; this.resolveEx = resolveEx; this.superDesc = superDesc; name = model.name; - suid = Long.valueOf(model.getSerialVersionUID()); + this.suid = suid; isProxy = false; isEnum = model.isEnum; serializable = model.serializable; @@ -598,53 +653,8 @@ primDataSize = model.primDataSize; numObjFields = model.numObjFields; - if (cl != null) { - localDesc = lookup(cl, true); - if (localDesc.isProxy) { - throw new InvalidClassException( - "cannot bind non-proxy descriptor to a proxy class"); - } - if (isEnum != localDesc.isEnum) { - throw new InvalidClassException(isEnum ? - "cannot bind enum descriptor to a non-enum class" : - "cannot bind non-enum descriptor to an enum class"); - } - - if (serializable == localDesc.serializable && - !cl.isArray() && - suid.longValue() != localDesc.getSerialVersionUID()) - { - throw new InvalidClassException(localDesc.name, - "local class incompatible: " + - "stream classdesc serialVersionUID = " + suid + - ", local class serialVersionUID = " + - localDesc.getSerialVersionUID()); - } - - if (!classNamesEqual(name, localDesc.name)) { - throw new InvalidClassException(localDesc.name, - "local class name incompatible with stream class " + - "name \"" + name + "\""); - } - - if (!isEnum) { - if ((serializable == localDesc.serializable) && - (externalizable != localDesc.externalizable)) - { - throw new InvalidClassException(localDesc.name, - "Serializable incompatible with Externalizable"); - } - - if ((serializable != localDesc.serializable) || - (externalizable != localDesc.externalizable) || - !(serializable || externalizable)) - { - deserializeEx = new ExceptionInfo( - localDesc.name, "class invalid for deserialization"); - } - } - - cons = localDesc.cons; + if (osc != null) { + localDesc = osc; writeObjectMethod = localDesc.writeObjectMethod; readObjectMethod = localDesc.readObjectMethod; readObjectNoDataMethod = localDesc.readObjectNoDataMethod; @@ -653,10 +663,13 @@ if (deserializeEx == null) { deserializeEx = localDesc.deserializeEx; } + cons = localDesc.cons; } + fieldRefl = getReflector(fields, localDesc); // reassign to matched fields so as to reflect local unshared settings fields = fieldRefl.getFields(); + initialized = true; } /** @@ -759,11 +772,20 @@ } /** + * Throws InternalError if not initialized. + */ + private final void requireInitialized() { + if (!initialized) + throw new InternalError("Unexpected call when not initialized"); + } + + /** * Throws an InvalidClassException if object instances referencing this * class descriptor should not be allowed to deserialize. This method does * not apply to deserialization of enum constants. */ void checkDeserialize() throws InvalidClassException { + requireInitialized(); if (deserializeEx != null) { throw deserializeEx.newInvalidClassException(); } @@ -775,6 +797,7 @@ * not apply to serialization of enum constants. */ void checkSerialize() throws InvalidClassException { + requireInitialized(); if (serializeEx != null) { throw serializeEx.newInvalidClassException(); } @@ -788,6 +811,7 @@ * does not apply to deserialization of enum constants. */ void checkDefaultSerialize() throws InvalidClassException { + requireInitialized(); if (defaultSerializeEx != null) { throw defaultSerializeEx.newInvalidClassException(); } @@ -799,6 +823,7 @@ * of the subclass descriptor's bound class. */ ObjectStreamClass getSuperDesc() { + requireInitialized(); return superDesc; } @@ -809,6 +834,7 @@ * associated with this descriptor. */ ObjectStreamClass getLocalDesc() { + requireInitialized(); return localDesc; } @@ -851,6 +877,7 @@ * otherwise. */ boolean isProxy() { + requireInitialized(); return isProxy; } @@ -859,6 +886,7 @@ * otherwise. */ boolean isEnum() { + requireInitialized(); return isEnum; } @@ -867,6 +895,7 @@ * otherwise. */ boolean isExternalizable() { + requireInitialized(); return externalizable; } @@ -875,6 +904,7 @@ * otherwise. */ boolean isSerializable() { + requireInitialized(); return serializable; } @@ -883,6 +913,7 @@ * has written its data in 1.2 (block data) format, false otherwise. */ boolean hasBlockExternalData() { + requireInitialized(); return hasBlockExternalData; } @@ -892,6 +923,7 @@ * writeObject() method, false otherwise. */ boolean hasWriteObjectData() { + requireInitialized(); return hasWriteObjectData; } @@ -903,6 +935,7 @@ * accessible no-arg constructor. Otherwise, returns false. */ boolean isInstantiable() { + requireInitialized(); return (cons != null); } @@ -912,6 +945,7 @@ * returns false. */ boolean hasWriteObjectMethod() { + requireInitialized(); return (writeObjectMethod != null); } @@ -921,6 +955,7 @@ * returns false. */ boolean hasReadObjectMethod() { + requireInitialized(); return (readObjectMethod != null); } @@ -930,6 +965,7 @@ * Otherwise, returns false. */ boolean hasReadObjectNoDataMethod() { + requireInitialized(); return (readObjectNoDataMethod != null); } @@ -938,6 +974,7 @@ * defines a conformant writeReplace method. Otherwise, returns false. */ boolean hasWriteReplaceMethod() { + requireInitialized(); return (writeReplaceMethod != null); } @@ -946,6 +983,7 @@ * defines a conformant readResolve method. Otherwise, returns false. */ boolean hasReadResolveMethod() { + requireInitialized(); return (readResolveMethod != null); } @@ -962,6 +1000,7 @@ throws InstantiationException, InvocationTargetException, UnsupportedOperationException { + requireInitialized(); if (cons != null) { try { return cons.newInstance(); @@ -983,6 +1022,7 @@ void invokeWriteObject(Object obj, ObjectOutputStream out) throws IOException, UnsupportedOperationException { + requireInitialized(); if (writeObjectMethod != null) { try { writeObjectMethod.invoke(obj, new Object[]{ out }); @@ -1012,6 +1052,7 @@ throws ClassNotFoundException, IOException, UnsupportedOperationException { + requireInitialized(); if (readObjectMethod != null) { try { readObjectMethod.invoke(obj, new Object[]{ in }); @@ -1042,6 +1083,7 @@ void invokeReadObjectNoData(Object obj) throws IOException, UnsupportedOperationException { + requireInitialized(); if (readObjectNoDataMethod != null) { try { readObjectNoDataMethod.invoke(obj, (Object[]) null); @@ -1070,6 +1112,7 @@ Object invokeWriteReplace(Object obj) throws IOException, UnsupportedOperationException { + requireInitialized(); if (writeReplaceMethod != null) { try { return writeReplaceMethod.invoke(obj, (Object[]) null); @@ -1099,6 +1142,7 @@ Object invokeReadResolve(Object obj) throws IOException, UnsupportedOperationException { + requireInitialized(); if (readResolveMethod != null) { try { return readResolveMethod.invoke(obj, (Object[]) null);
--- a/src/share/classes/java/lang/ClassLoader.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/lang/ClassLoader.java Sat Sep 10 22:36:17 2016 +0100 @@ -654,6 +654,9 @@ if (!checkName(name)) throw new NoClassDefFoundError("IllegalName: " + name); + // Note: Checking logic in java.lang.invoke.MemberName.checkForTypeAlias + // relies on the fact that spoofing is impossible if a class has a name + // of the form "java.*" if ((name != null) && name.startsWith("java.")) { throw new SecurityException ("Prohibited package name: " +
--- a/src/share/classes/java/lang/invoke/DirectMethodHandle.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/lang/invoke/DirectMethodHandle.java Sat Sep 10 22:36:17 2016 +0100 @@ -131,45 +131,8 @@ return member; } - @Override - MethodHandle bindArgument(int pos, char basicType, Object value) { - // If the member needs dispatching, do so. - if (pos == 0 && basicType == 'L') { - DirectMethodHandle concrete = maybeRebind(value); - if (concrete != null) - return concrete.bindReceiver(value); - } - return super.bindArgument(pos, basicType, value); - } - - @Override - MethodHandle bindReceiver(Object receiver) { - // If the member needs dispatching, do so. - DirectMethodHandle concrete = maybeRebind(receiver); - if (concrete != null) - return concrete.bindReceiver(receiver); - return super.bindReceiver(receiver); - } - private static final MemberName.Factory IMPL_NAMES = MemberName.getFactory(); - private DirectMethodHandle maybeRebind(Object receiver) { - if (receiver != null) { - switch (member.getReferenceKind()) { - case REF_invokeInterface: - case REF_invokeVirtual: - // Pre-dispatch the member. - Class<?> concreteClass = receiver.getClass(); - MemberName concrete = new MemberName(concreteClass, member.getName(), member.getMethodType(), REF_invokeSpecial); - concrete = IMPL_NAMES.resolveOrNull(REF_invokeSpecial, concrete, concreteClass); - if (concrete != null) - return new DirectMethodHandle(type(), preparedLambdaForm(concrete), concrete); - break; - } - } - return null; - } - /** * Create a LF which can invoke the given method. * Cache and share this structure among all methods with
--- a/src/share/classes/java/lang/invoke/MemberName.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/lang/invoke/MemberName.java Sat Sep 10 22:36:17 2016 +0100 @@ -668,7 +668,7 @@ assert(isResolved() == isResolved); } - void checkForTypeAlias() { + void checkForTypeAlias(Class<?> refc) { if (isInvocable()) { MethodType type; if (this.type instanceof MethodType) @@ -676,16 +676,16 @@ else this.type = type = getMethodType(); if (type.erase() == type) return; - if (VerifyAccess.isTypeVisible(type, clazz)) return; - throw new LinkageError("bad method type alias: "+type+" not visible from "+clazz); + if (VerifyAccess.isTypeVisible(type, refc)) return; + throw new LinkageError("bad method type alias: "+type+" not visible from "+refc); } else { Class<?> type; if (this.type instanceof Class<?>) type = (Class<?>) this.type; else this.type = type = getFieldType(); - if (VerifyAccess.isTypeVisible(type, clazz)) return; - throw new LinkageError("bad field type alias: "+type+" not visible from "+clazz); + if (VerifyAccess.isTypeVisible(type, refc)) return; + throw new LinkageError("bad field type alias: "+type+" not visible from "+refc); } } @@ -844,10 +844,25 @@ MemberName m = ref.clone(); // JVM will side-effect the ref assert(refKind == m.getReferenceKind()); try { + // There are 4 entities in play here: + // * LC: lookupClass + // * REFC: symbolic reference class (MN.clazz before resolution); + // * DEFC: resolved method holder (MN.clazz after resolution); + // * PTYPES: parameter types (MN.type) + // + // What we care about when resolving a MemberName is consistency between DEFC and PTYPES. + // We do type alias (TA) checks on DEFC to ensure that. DEFC is not known until the JVM + // finishes the resolution, so do TA checks right after MHN.resolve() is over. + // + // All parameters passed by a caller are checked against MH type (PTYPES) on every invocation, + // so it is safe to call a MH from any context. + // + // REFC view on PTYPES doesn't matter, since it is used only as a starting point for resolution and doesn't + // participate in method selection. m = MethodHandleNatives.resolve(m, lookupClass); - m.checkForTypeAlias(); + m.checkForTypeAlias(m.getDeclaringClass()); m.resolution = null; - } catch (LinkageError ex) { + } catch (ClassNotFoundException | LinkageError ex) { // JVM reports that the "bytecode behavior" would get an error assert(!m.isResolved()); m.resolution = ex;
--- a/src/share/classes/java/lang/invoke/MethodHandleNatives.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/lang/invoke/MethodHandleNatives.java Sat Sep 10 22:36:17 2016 +0100 @@ -46,7 +46,7 @@ static native void init(MemberName self, Object ref); static native void expand(MemberName self); - static native MemberName resolve(MemberName self, Class<?> caller) throws LinkageError; + static native MemberName resolve(MemberName self, Class<?> caller) throws LinkageError, ClassNotFoundException; static native int getMembers(Class<?> defc, String matchName, String matchSig, int matchFlags, Class<?> caller, int skip, MemberName[] results);
--- a/src/share/classes/java/lang/invoke/MethodHandles.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/lang/invoke/MethodHandles.java Sat Sep 10 22:36:17 2016 +0100 @@ -1942,6 +1942,7 @@ */ public static MethodHandle dropArguments(MethodHandle target, int pos, List<Class<?>> valueTypes) { + valueTypes = copyTypes(valueTypes); MethodType oldType = target.type(); // get NPE int dropped = valueTypes.size(); MethodType.checkSlotCount(dropped); @@ -1957,6 +1958,11 @@ return target.dropArguments(newType, pos, dropped); } + private static List<Class<?>> copyTypes(List<Class<?>> types) { + Object[] a = types.toArray(); + return Arrays.asList((Class<?>[]) Arrays.copyOf(a, a.length, Class[].class)); + } + /** * Produces a method handle which will discard some dummy arguments * before calling some other specified <i>target</i> method handle. @@ -2177,7 +2183,7 @@ int filterValues = filterType.parameterCount(); if (filterValues == 0 ? (rtype != void.class) - : (rtype != filterType.parameterType(0))) + : (rtype != filterType.parameterType(0) || filterValues != 1)) throw newIllegalArgumentException("target and filter types do not match", target, filter); // result = fold( lambda(retval, arg...) { filter(retval) }, // lambda( arg...) { target(arg...) } )
--- a/src/share/classes/java/net/URL.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/net/URL.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1995, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,6 +27,10 @@ import java.io.IOException; import java.io.InputStream; +import java.io.InvalidObjectException; +import java.io.ObjectStreamException; +import java.io.ObjectStreamField; +import java.io.ObjectInputStream.GetField; import java.io.OutputStream; import java.security.AccessController; import java.security.PrivilegedAction; @@ -138,6 +142,7 @@ */ public final class URL implements java.io.Serializable { + static final String BUILTIN_HANDLERS_PREFIX = "sun.net.www.protocol"; static final long serialVersionUID = -7627629688361524110L; /** @@ -222,6 +227,8 @@ */ private int hashCode = -1; + private transient UrlDeserializedState tempState; + /** * Creates a <code>URL</code> object from the specified * <code>protocol</code>, <code>host</code>, <code>port</code> @@ -1247,6 +1254,31 @@ } /** + * @serialField protocol String + * + * @serialField host String + * + * @serialField port int + * + * @serialField authority String + * + * @serialField file String + * + * @serialField ref String + * + * @serialField hashCode int + * + */ + private static final ObjectStreamField[] serialPersistentFields = { + new ObjectStreamField("protocol", String.class), + new ObjectStreamField("host", String.class), + new ObjectStreamField("port", int.class), + new ObjectStreamField("authority", String.class), + new ObjectStreamField("file", String.class), + new ObjectStreamField("ref", String.class), + new ObjectStreamField("hashCode", int.class), }; + + /** * WriteObject is called to save the state of the URL to an * ObjectOutputStream. The handler is not saved since it is * specific to this system. @@ -1268,16 +1300,67 @@ * stream handler. */ private synchronized void readObject(java.io.ObjectInputStream s) - throws IOException, ClassNotFoundException - { - s.defaultReadObject(); // read the fields - if ((handler = getURLStreamHandler(protocol)) == null) { + throws IOException, ClassNotFoundException { + GetField gf = s.readFields(); + String protocol = (String)gf.get("protocol", null); + if (getURLStreamHandler(protocol) == null) { throw new IOException("unknown protocol: " + protocol); } + String host = (String)gf.get("host", null); + int port = gf.get("port", -1); + String authority = (String)gf.get("authority", null); + String file = (String)gf.get("file", null); + String ref = (String)gf.get("ref", null); + int hashCode = gf.get("hashCode", -1); + if (authority == null + && ((host != null && host.length() > 0) || port != -1)) { + if (host == null) + host = ""; + authority = (port == -1) ? host : host + ":" + port; + } + tempState = new UrlDeserializedState(protocol, host, port, authority, + file, ref, hashCode); + } + + /** + * Replaces the de-serialized object with an URL object. + * + * @return a newly created object from the deserialzed state. + * + * @throws ObjectStreamException if a new object replacing this + * object could not be created + */ + + private Object readResolve() throws ObjectStreamException { + + URLStreamHandler handler = null; + // already been checked in readObject + handler = getURLStreamHandler(tempState.getProtocol()); + + URL replacementURL = null; + if (isBuiltinStreamHandler(handler.getClass().getName())) { + replacementURL = fabricateNewURL(); + } else { + replacementURL = setDeserializedFields(handler); + } + return replacementURL; + } + + private URL setDeserializedFields(URLStreamHandler handler) { + URL replacementURL; + String userInfo = null; + String protocol = tempState.getProtocol(); + String host = tempState.getHost(); + int port = tempState.getPort(); + String authority = tempState.getAuthority(); + String file = tempState.getFile(); + String ref = tempState.getRef(); + int hashCode = tempState.getHashCode(); + // Construct authority part - if (authority == null && - ((host != null && host.length() > 0) || port != -1)) { + if (authority == null + && ((host != null && host.length() > 0) || port != -1)) { if (host == null) host = ""; authority = (port == -1) ? host : host + ":" + port; @@ -1296,8 +1379,8 @@ } // Construct path and query part - path = null; - query = null; + String path = null; + String query = null; if (file != null) { // Fix: only do this if hierarchical? int q = file.lastIndexOf('?'); @@ -1307,6 +1390,67 @@ } else path = file; } + + if (port == -1) { + port = 0; + } + // Set the object fields. + this.protocol = protocol; + this.host = host; + this.port = port; + this.file = file; + this.authority = authority; + this.ref = ref; + this.hashCode = hashCode; + this.handler = handler; + this.query = query; + this.path = path; + this.userInfo = userInfo; + replacementURL = this; + return replacementURL; + } + + private URL fabricateNewURL() + throws InvalidObjectException { + // create URL string from deserialized object + URL replacementURL = null; + String urlString = tempState.reconstituteUrlString(); + + try { + replacementURL = new URL(urlString); + } catch (MalformedURLException mEx) { + resetState(); + InvalidObjectException invoEx = new InvalidObjectException( + "Malformed URL: " + urlString); + invoEx.initCause(mEx); + throw invoEx; + } + replacementURL.setSerializedHashCode(tempState.getHashCode()); + resetState(); + return replacementURL; + } + + private boolean isBuiltinStreamHandler(String handlerClassName) { + return (handlerClassName.startsWith(BUILTIN_HANDLERS_PREFIX)); + } + + private void resetState() { + this.protocol = null; + this.host = null; + this.port = -1; + this.file = null; + this.authority = null; + this.ref = null; + this.hashCode = -1; + this.handler = null; + this.query = null; + this.path = null; + this.userInfo = null; + this.tempState = null; + } + + private void setSerializedHashCode(int hc) { + this.hashCode = hc; } } @@ -1338,3 +1482,82 @@ return ref; } } + +final class UrlDeserializedState { + private final String protocol; + private final String host; + private final int port; + private final String authority; + private final String file; + private final String ref; + private final int hashCode; + + public UrlDeserializedState(String protocol, + String host, int port, + String authority, String file, + String ref, int hashCode) { + this.protocol = protocol; + this.host = host; + this.port = port; + this.authority = authority; + this.file = file; + this.ref = ref; + this.hashCode = hashCode; + } + + String getProtocol() { + return protocol; + } + + String getHost() { + return host; + } + + String getAuthority () { + return authority; + } + + int getPort() { + return port; + } + + String getFile () { + return file; + } + + String getRef () { + return ref; + } + + int getHashCode () { + return hashCode; + } + + String reconstituteUrlString() { + + // pre-compute length of StringBuilder + int len = protocol.length() + 1; + if (authority != null && authority.length() > 0) + len += 2 + authority.length(); + if (file != null) { + len += file.length(); + } + if (ref != null) + len += 1 + ref.length(); + StringBuilder result = new StringBuilder(len); + result.append(protocol); + result.append(":"); + if (authority != null && authority.length() > 0) { + result.append("//"); + result.append(authority); + } + if (file != null) { + result.append(file); + } + if (ref != null) { + result.append("#"); + result.append(ref); + } + return result.toString(); + } +}
--- a/src/share/classes/java/nio/Direct-X-Buffer.java.template Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/nio/Direct-X-Buffer.java.template Sat Sep 10 22:36:17 2016 +0100 @@ -242,7 +242,7 @@ } private long ix(int i) { - return address + (i << $LG_BYTES_PER_VALUE$); + return address + ((long)i << $LG_BYTES_PER_VALUE$); } public $type$ get() { @@ -255,7 +255,7 @@ public $Type$Buffer get($type$[] dst, int offset, int length) { #if[rw] - if ((length << $LG_BYTES_PER_VALUE$) > Bits.JNI_COPY_TO_ARRAY_THRESHOLD) { + if (((long)length << $LG_BYTES_PER_VALUE$) > Bits.JNI_COPY_TO_ARRAY_THRESHOLD) { checkBounds(offset, length, dst.length); int pos = position(); int lim = limit(); @@ -267,13 +267,13 @@ #if[!byte] if (order() != ByteOrder.nativeOrder()) Bits.copyTo$Memtype$Array(ix(pos), dst, - offset << $LG_BYTES_PER_VALUE$, - length << $LG_BYTES_PER_VALUE$); + (long)offset << $LG_BYTES_PER_VALUE$, + (long)length << $LG_BYTES_PER_VALUE$); else #end[!byte] Bits.copyToArray(ix(pos), dst, arrayBaseOffset, - offset << $LG_BYTES_PER_VALUE$, - length << $LG_BYTES_PER_VALUE$); + (long)offset << $LG_BYTES_PER_VALUE$, + (long)length << $LG_BYTES_PER_VALUE$); position(pos + length); } else { super.get(dst, offset, length); @@ -323,7 +323,7 @@ if (srem > rem) throw new BufferOverflowException(); - unsafe.copyMemory(sb.ix(spos), ix(pos), srem << $LG_BYTES_PER_VALUE$); + unsafe.copyMemory(sb.ix(spos), ix(pos), (long)srem << $LG_BYTES_PER_VALUE$); sb.position(spos + srem); position(pos + srem); } else if (src.hb != null) { @@ -347,7 +347,7 @@ public $Type$Buffer put($type$[] src, int offset, int length) { #if[rw] - if ((length << $LG_BYTES_PER_VALUE$) > Bits.JNI_COPY_FROM_ARRAY_THRESHOLD) { + if (((long)length << $LG_BYTES_PER_VALUE$) > Bits.JNI_COPY_FROM_ARRAY_THRESHOLD) { checkBounds(offset, length, src.length); int pos = position(); int lim = limit(); @@ -358,12 +358,16 @@ #if[!byte] if (order() != ByteOrder.nativeOrder()) - Bits.copyFrom$Memtype$Array(src, offset << $LG_BYTES_PER_VALUE$, - ix(pos), length << $LG_BYTES_PER_VALUE$); + Bits.copyFrom$Memtype$Array(src, + (long)offset << $LG_BYTES_PER_VALUE$, + ix(pos), + (long)length << $LG_BYTES_PER_VALUE$); else #end[!byte] - Bits.copyFromArray(src, arrayBaseOffset, offset << $LG_BYTES_PER_VALUE$, - ix(pos), length << $LG_BYTES_PER_VALUE$); + Bits.copyFromArray(src, arrayBaseOffset, + (long)offset << $LG_BYTES_PER_VALUE$, + ix(pos), + (long)length << $LG_BYTES_PER_VALUE$); position(pos + length); } else { super.put(src, offset, length); @@ -381,7 +385,7 @@ assert (pos <= lim); int rem = (pos <= lim ? lim - pos : 0); - unsafe.copyMemory(ix(pos), ix(0), rem << $LG_BYTES_PER_VALUE$); + unsafe.copyMemory(ix(pos), ix(0), (long)rem << $LG_BYTES_PER_VALUE$); position(rem); limit(capacity()); discardMark();
--- a/src/share/classes/java/rmi/server/RemoteObjectInvocationHandler.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/rmi/server/RemoteObjectInvocationHandler.java Sat Sep 10 22:36:17 2016 +0100 @@ -162,6 +162,14 @@ public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { + if (! Proxy.isProxyClass(proxy.getClass())) { + throw new IllegalArgumentException("not a proxy"); + } + + if (Proxy.getInvocationHandler(proxy) != this) { + throw new IllegalArgumentException("handler mismatch"); + } + if (method.getDeclaringClass() == Object.class) { return invokeObjectMethod(proxy, method, args); } else if ("finalize".equals(method.getName()) && method.getParameterTypes().length == 0 && @@ -186,11 +194,13 @@ } else if (name.equals("equals")) { Object obj = args[0]; + InvocationHandler hdlr; return proxy == obj || (obj != null && Proxy.isProxyClass(obj.getClass()) && - equals(Proxy.getInvocationHandler(obj))); + (hdlr = Proxy.getInvocationHandler(obj)) instanceof RemoteObjectInvocationHandler && + this.equals(hdlr)); } else if (name.equals("toString")) { return proxyToString(proxy);
--- a/src/share/classes/java/security/AccessControlContext.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/security/AccessControlContext.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,8 +29,6 @@ import java.util.List; import sun.security.util.Debug; import sun.security.util.SecurityConstants; -import sun.misc.JavaSecurityAccess; -import sun.misc.SharedSecrets; /** @@ -90,6 +88,15 @@ private DomainCombiner combiner = null; + // limited privilege scope + private Permission permissions[]; + private AccessControlContext parent; + private boolean isWrapped; + + // is constrained by limited privilege scope? + private boolean isLimited; + private ProtectionDomain limitedContext[]; + private static boolean debugInit = false; private static Debug debug = null; @@ -165,9 +172,24 @@ public AccessControlContext(AccessControlContext acc, DomainCombiner combiner) { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(SecurityConstants.CREATE_ACC_PERMISSION); + this(acc, combiner, false); + } + + /** + * package private to allow calls from ProtectionDomain without performing + * the security check for {@linkplain SecurityConstants.CREATE_ACC_PERMISSION} + * permission + */ + AccessControlContext(AccessControlContext acc, + DomainCombiner combiner, + boolean preauthorized) { + if (!preauthorized) { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkPermission(SecurityConstants.CREATE_ACC_PERMISSION); + this.isAuthorized = true; + } + } else { this.isAuthorized = true; } @@ -184,15 +206,80 @@ /** * package private for AccessController + * + * This "argument wrapper" context will be passed as the actual context + * parameter on an internal doPrivileged() call used in the implementation. */ - AccessControlContext(ProtectionDomain context[], DomainCombiner combiner) { + AccessControlContext(ProtectionDomain caller, DomainCombiner combiner, + AccessControlContext parent, AccessControlContext context, + Permission[] perms) + { + /* + * Combine the domains from the doPrivileged() context into our + * wrapper context, if necessary. + */ + ProtectionDomain[] callerPDs = null; + if (caller != null) { + callerPDs = new ProtectionDomain[] { caller }; + } if (context != null) { - this.context = context.clone(); + if (combiner != null) { + this.context = combiner.combine(callerPDs, context.context); + } else { + this.context = combine(callerPDs, context.context); + } + } else { + /* + * Call combiner even if there is seemingly nothing to combine. + */ + if (combiner != null) { + this.context = combiner.combine(callerPDs, null); + } else { + this.context = combine(callerPDs, null); + } } this.combiner = combiner; + + Permission[] tmp = null; + if (perms != null) { + tmp = new Permission[perms.length]; + for (int i=0; i < perms.length; i++) { + if (perms[i] == null) { + throw new NullPointerException("permission can't be null"); + } + + /* + * An AllPermission argument is equivalent to calling + * doPrivileged() without any limit permissions. + */ + if (perms[i].getClass() == AllPermission.class) { + parent = null; + } + tmp[i] = perms[i]; + } + } + + /* + * For a doPrivileged() with limited privilege scope, initialize + * the relevant fields. + * + * The limitedContext field contains the union of all domains which + * are enclosed by this limited privilege scope. In other words, + * it contains all of the domains which could potentially be checked + * if none of the limiting permissions implied a requested permission. + */ + if (parent != null) { + this.limitedContext = combine(parent.context, parent.limitedContext); + this.isLimited = true; + this.isWrapped = true; + this.permissions = tmp; + this.parent = parent; + this.privilegedContext = context; // used in checkPermission2() + } this.isAuthorized = true; } + /** * package private constructor for AccessController.getContext() */ @@ -268,9 +355,20 @@ if (sm != null) { sm.checkPermission(SecurityConstants.GET_COMBINER_PERMISSION); } + return getCombiner(); + } + + /** + * package private for AccessController + */ + DomainCombiner getCombiner() { return combiner; } + boolean isAuthorized() { + return isAuthorized; + } + /** * Determines whether the access request indicated by the * specified permission should be allowed or denied, based on @@ -318,7 +416,7 @@ Debug.isOn("permission=" + perm.getClass().getCanonicalName()); if (dumpDebug && Debug.isOn("stack")) { - Thread.currentThread().dumpStack(); + Thread.dumpStack(); } if (dumpDebug && Debug.isOn("domain")) { @@ -343,8 +441,10 @@ or the first domain was a Privileged system domain. This is to make the common case for system code very fast */ - if (context == null) + if (context == null) { + checkPermission2(perm); return; + } for (int i=0; i< context.length; i++) { if (context[i] != null && !context[i].implies(perm)) { @@ -359,7 +459,7 @@ if (!dumpDebug) { debug.println("access denied " + perm); } - Thread.currentThread().dumpStack(); + Thread.dumpStack(); final ProtectionDomain pd = context[i]; final Debug db = debug; AccessController.doPrivileged (new PrivilegedAction<Void>() { @@ -378,20 +478,108 @@ debug.println("access allowed "+perm); } - return; + checkPermission2(perm); + } + + /* + * Check the domains associated with the limited privilege scope. + */ + private void checkPermission2(Permission perm) { + if (!isLimited) { + return; + } + + /* + * Check the doPrivileged() context parameter, if present. + */ + if (privilegedContext != null) { + privilegedContext.checkPermission2(perm); + } + + /* + * Ignore the limited permissions and parent fields of a wrapper + * context since they were already carried down into the unwrapped + * context. + */ + if (isWrapped) { + return; + } + + /* + * Try to match any limited privilege scope. + */ + if (permissions != null) { + Class<?> permClass = perm.getClass(); + for (int i=0; i < permissions.length; i++) { + Permission limit = permissions[i]; + if (limit.getClass().equals(permClass) && limit.implies(perm)) { + return; + } + } + } + + /* + * Check the limited privilege scope up the call stack or the inherited + * parent thread call stack of this ACC. + */ + if (parent != null) { + /* + * As an optimization, if the parent context is the inherited call + * stack context from a parent thread then checking the protection + * domains of the parent context is redundant since they have + * already been merged into the child thread's context by + * optimize(). When parent is set to an inherited context this + * context was not directly created by a limited scope + * doPrivileged() and it does not have its own limited permissions. + */ + if (permissions == null) { + parent.checkPermission2(perm); + } else { + parent.checkPermission(perm); + } + } } /** * Take the stack-based context (this) and combine it with the - * privileged or inherited context, if need be. + * privileged or inherited context, if need be. Any limited + * privilege scope is flagged regardless of whether the assigned + * context comes from an immediately enclosing limited doPrivileged(). + * The limited privilege scope can indirectly flow from the inherited + * parent thread or an assigned context previously captured by getContext(). */ AccessControlContext optimize() { // the assigned (privileged or inherited) context AccessControlContext acc; + DomainCombiner combiner = null; + AccessControlContext parent = null; + Permission[] permissions = null; + if (isPrivileged) { acc = privilegedContext; + if (acc != null) { + /* + * If the context is from a limited scope doPrivileged() then + * copy the permissions and parent fields out of the wrapper + * context that was created to hold them. + */ + if (acc.isWrapped) { + permissions = acc.permissions; + parent = acc.parent; + } + } } else { acc = AccessController.getInheritedAccessControlContext(); + if (acc != null) { + /* + * If the inherited context is constrained by a limited scope + * doPrivileged() then set it as our parent so we will process + * the non-domain-related state. + */ + if (acc.isLimited) { + parent = acc; + } + } } // this.context could be null if only system code is on the stack; @@ -401,53 +589,98 @@ // acc.context could be null if only system code was involved; // in that case, ignore the assigned context boolean skipAssigned = (acc == null || acc.context == null); + ProtectionDomain[] assigned = (skipAssigned) ? null : acc.context; + ProtectionDomain[] pd; + + // if there is no enclosing limited privilege scope on the stack or + // inherited from a parent thread + boolean skipLimited = ((acc == null || !acc.isWrapped) && parent == null); if (acc != null && acc.combiner != null) { // let the assigned acc's combiner do its thing - return goCombiner(context, acc); + if (getDebug() != null) { + debug.println("AccessControlContext invoking the Combiner"); + } + + // No need to clone current and assigned.context + // combine() will not update them + combiner = acc.combiner; + pd = combiner.combine(context, assigned); + } else { + if (skipStack) { + if (skipAssigned) { + calculateFields(acc, parent, permissions); + return this; + } else if (skipLimited) { + return acc; + } + } else if (assigned != null) { + if (skipLimited) { + // optimization: if there is a single stack domain and + // that domain is already in the assigned context; no + // need to combine + if (context.length == 1 && context[0] == assigned[0]) { + return acc; + } + } + } + + pd = combine(context, assigned); + if (skipLimited && !skipAssigned && pd == assigned) { + return acc; + } else if (skipAssigned && pd == context) { + calculateFields(acc, parent, permissions); + return this; + } } - // optimization: if neither have contexts; return acc if possible - // rather than this, because acc might have a combiner - if (skipAssigned && skipStack) { - return this; - } + // Reuse existing ACC + this.context = pd; + this.combiner = combiner; + this.isPrivileged = false; + + calculateFields(acc, parent, permissions); + return this; + } + - // optimization: if there is no stack context; there is no reason - // to compress the assigned context, it already is compressed - if (skipStack) { - return acc; - } + /* + * Combine the current (stack) and assigned domains. + */ + private static ProtectionDomain[] combine(ProtectionDomain[]current, + ProtectionDomain[] assigned) { - int slen = context.length; + // current could be null if only system code is on the stack; + // in that case, ignore the stack context + boolean skipStack = (current == null); + + // assigned could be null if only system code was involved; + // in that case, ignore the assigned context + boolean skipAssigned = (assigned == null); + + int slen = (skipStack) ? 0 : current.length; // optimization: if there is no assigned context and the stack length // is less then or equal to two; there is no reason to compress the // stack context, it already is if (skipAssigned && slen <= 2) { - return this; + return current; } - // optimization: if there is a single stack domain and that domain - // is already in the assigned context; no need to combine - if ((slen == 1) && (context[0] == acc.context[0])) { - return acc; - } - - int n = (skipAssigned) ? 0 : acc.context.length; + int n = (skipAssigned) ? 0 : assigned.length; // now we combine both of them, and create a new context ProtectionDomain pd[] = new ProtectionDomain[slen + n]; // first copy in the assigned context domains, no need to compress if (!skipAssigned) { - System.arraycopy(acc.context, 0, pd, 0, n); + System.arraycopy(assigned, 0, pd, 0, n); } // now add the stack context domains, discarding nulls and duplicates outer: - for (int i = 0; i < context.length; i++) { - ProtectionDomain sd = context[i]; + for (int i = 0; i < slen; i++) { + ProtectionDomain sd = current[i]; if (sd != null) { for (int j = 0; j < n; j++) { if (sd == pd[j]) { @@ -461,54 +694,46 @@ // if length isn't equal, we need to shorten the array if (n != pd.length) { // optimization: if we didn't really combine anything - if (!skipAssigned && n == acc.context.length) { - return acc; + if (!skipAssigned && n == assigned.length) { + return assigned; } else if (skipAssigned && n == slen) { - return this; + return current; } ProtectionDomain tmp[] = new ProtectionDomain[n]; System.arraycopy(pd, 0, tmp, 0, n); pd = tmp; } - // return new AccessControlContext(pd, false); - - // Reuse existing ACC - - this.context = pd; - this.combiner = null; - this.isPrivileged = false; - - return this; + return pd; } - private AccessControlContext goCombiner(ProtectionDomain[] current, - AccessControlContext assigned) { - - // the assigned ACC's combiner is not null -- - // let the combiner do its thing - - // XXX we could add optimizations to 'current' here ... - - if (getDebug() != null) { - debug.println("AccessControlContext invoking the Combiner"); - } + /* + * Calculate the additional domains that could potentially be reached via + * limited privilege scope. Mark the context as being subject to limited + * privilege scope unless the reachable domains (if any) are already + * contained in this domain context (in which case any limited + * privilege scope checking would be redundant). + */ + private void calculateFields(AccessControlContext assigned, + AccessControlContext parent, Permission[] permissions) + { + ProtectionDomain[] parentLimit = null; + ProtectionDomain[] assignedLimit = null; + ProtectionDomain[] newLimit; - // No need to clone current and assigned.context - // combine() will not update them - ProtectionDomain[] combinedPds = assigned.combiner.combine( - current, assigned.context); - - // return new AccessControlContext(combinedPds, assigned.combiner); + parentLimit = (parent != null)? parent.limitedContext: null; + assignedLimit = (assigned != null)? assigned.limitedContext: null; + newLimit = combine(parentLimit, assignedLimit); + if (newLimit != null) { + if (context == null || !containsAllPDs(newLimit, context)) { + this.limitedContext = newLimit; + this.permissions = permissions; + this.parent = parent; + this.isLimited = true; + } + } + } - // Reuse existing ACC - this.context = combinedPds; - this.combiner = assigned.combiner; - this.isPrivileged = false; - this.isAuthorized = assigned.isAuthorized; - - return this; - } /** * Checks two AccessControlContext objects for equality. @@ -529,31 +754,131 @@ AccessControlContext that = (AccessControlContext) obj; + if (!equalContext(that)) + return false; - if (context == null) { - return (that.context == null); - } + if (!equalLimitedContext(that)) + return false; + + return true; + } - if (that.context == null) + /* + * Compare for equality based on state that is free of limited + * privilege complications. + */ + private boolean equalContext(AccessControlContext that) { + if (!equalPDs(this.context, that.context)) return false; - if (!(this.containsAllPDs(that) && that.containsAllPDs(this))) + if (this.combiner == null && that.combiner != null) + return false; + + if (this.combiner != null && !this.combiner.equals(that.combiner)) return false; - if (this.combiner == null) - return (that.combiner == null); + return true; + } - if (that.combiner == null) + private boolean equalPDs(ProtectionDomain[] a, ProtectionDomain[] b) { + if (a == null) { + return (b == null); + } + + if (b == null) return false; - if (!this.combiner.equals(that.combiner)) + if (!(containsAllPDs(a, b) && containsAllPDs(b, a))) return false; return true; } - private boolean containsAllPDs(AccessControlContext that) { + /* + * Compare for equality based on state that is captured during a + * call to AccessController.getContext() when a limited privilege + * scope is in effect. + */ + private boolean equalLimitedContext(AccessControlContext that) { + if (that == null) + return false; + + /* + * If neither instance has limited privilege scope then we're done. + */ + if (!this.isLimited && !that.isLimited) + return true; + + /* + * If only one instance has limited privilege scope then we're done. + */ + if (!(this.isLimited && that.isLimited)) + return false; + + /* + * Wrapped instances should never escape outside the implementation + * this class and AccessController so this will probably never happen + * but it only makes any sense to compare if they both have the same + * isWrapped state. + */ + if ((this.isWrapped && !that.isWrapped) || + (!this.isWrapped && that.isWrapped)) { + return false; + } + + if (this.permissions == null && that.permissions != null) + return false; + + if (this.permissions != null && that.permissions == null) + return false; + + if (!(this.containsAllLimits(that) && that.containsAllLimits(this))) + return false; + + /* + * Skip through any wrapped contexts. + */ + AccessControlContext thisNextPC = getNextPC(this); + AccessControlContext thatNextPC = getNextPC(that); + + /* + * The protection domains and combiner of a privilegedContext are + * not relevant because they have already been included in the context + * of this instance by optimize() so we only care about any limited + * privilege state they may have. + */ + if (thisNextPC == null && thatNextPC != null && thatNextPC.isLimited) + return false; + + if (thisNextPC != null && !thisNextPC.equalLimitedContext(thatNextPC)) + return false; + + if (this.parent == null && that.parent != null) + return false; + + if (this.parent != null && !this.parent.equals(that.parent)) + return false; + + return true; + } + + /* + * Follow the privilegedContext link making our best effort to skip + * through any wrapper contexts. + */ + private static AccessControlContext getNextPC(AccessControlContext acc) { + while (acc != null && acc.privilegedContext != null) { + acc = acc.privilegedContext; + if (!acc.isWrapped) + return acc; + } + return null; + } + + private static boolean containsAllPDs(ProtectionDomain[] thisContext, + ProtectionDomain[] thatContext) { boolean match = false; + // // ProtectionDomains within an ACC currently cannot be null // and this is enforced by the constructor and the various @@ -561,17 +886,17 @@ // to support the notion of a null PD and therefore this logic continues // to support that notion. ProtectionDomain thisPd; - for (int i = 0; i < context.length; i++) { + for (int i = 0; i < thisContext.length; i++) { match = false; - if ((thisPd = context[i]) == null) { - for (int j = 0; (j < that.context.length) && !match; j++) { - match = (that.context[j] == null); + if ((thisPd = thisContext[i]) == null) { + for (int j = 0; (j < thatContext.length) && !match; j++) { + match = (thatContext[j] == null); } } else { - Class thisPdClass = thisPd.getClass(); + Class<?> thisPdClass = thisPd.getClass(); ProtectionDomain thatPd; - for (int j = 0; (j < that.context.length) && !match; j++) { - thatPd = that.context[j]; + for (int j = 0; (j < thatContext.length) && !match; j++) { + thatPd = thatContext[j]; // Class check required to avoid PD exposure (4285406) match = (thatPd != null && @@ -582,6 +907,29 @@ } return match; } + + private boolean containsAllLimits(AccessControlContext that) { + boolean match = false; + Permission thisPerm; + + if (this.permissions == null && that.permissions == null) + return true; + + for (int i = 0; i < this.permissions.length; i++) { + Permission limit = this.permissions[i]; + Class <?> limitClass = limit.getClass(); + match = false; + for (int j = 0; (j < that.permissions.length) && !match; j++) { + Permission perm = that.permissions[j]; + match = (limitClass.equals(perm.getClass()) && + limit.equals(perm)); + } + if (!match) return false; + } + return match; + } + + /** * Returns the hash code value for this context. The hash code * is computed by exclusive or-ing the hash code of all the protection @@ -600,6 +948,7 @@ if (context[i] != null) hashCode ^= context[i].hashCode(); } + return hashCode; } }
--- a/src/share/classes/java/security/AccessController.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/security/AccessController.java Sat Sep 10 22:36:17 2016 +0100 @@ -333,6 +333,55 @@ public static native <T> T doPrivileged(PrivilegedAction<T> action, AccessControlContext context); + + /** + * Performs the specified <code>PrivilegedAction</code> with privileges + * enabled and restricted by the specified + * <code>AccessControlContext</code> and with a privilege scope limited + * by specified <code>Permission</code> arguments. + * + * The action is performed with the intersection of the permissions + * possessed by the caller's protection domain, and those possessed + * by the domains represented by the specified + * <code>AccessControlContext</code>. + * <p> + * If the action's <code>run</code> method throws an (unchecked) exception, + * it will propagate through this method. + * + * @param action the action to be performed. + * @param context an <i>access control context</i> + * representing the restriction to be applied to the + * caller's domain's privileges before performing + * the specified action. If the context is + * <code>null</code>, + * then no additional restriction is applied. + * @param perms the <code>Permission</code> arguments which limit the + * scope of the caller's privileges. The number of arguments + * is variable. + * + * @return the value returned by the action's <code>run</code> method. + * + * @throws NullPointerException if action or perms or any element of + * perms is <code>null</code> + * + * @see #doPrivileged(PrivilegedAction) + * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext) + * + * @since 1.8 + */ + @CallerSensitive + static <T> T doPrivileged(PrivilegedAction<T> action, + AccessControlContext context, Permission... perms) { + + AccessControlContext parent = getContext(); + if (perms == null) { + throw new NullPointerException("null permissions parameter"); + } + Class <?> caller = Reflection.getCallerClass(); + return AccessController.doPrivileged(action, createWrapper(null, + caller, parent, context, perms)); + } + /** * Performs the specified <code>PrivilegedExceptionAction</code> with * privileges enabled. The action is performed with <i>all</i> of the @@ -405,6 +454,32 @@ */ private static AccessControlContext preserveCombiner(DomainCombiner combiner, final Class<?> caller) { + return createWrapper(combiner, caller, null, null, null); + } + + /** + * Create a wrapper to contain the limited privilege scope data. + */ + private static AccessControlContext + createWrapper(DomainCombiner combiner, Class<?> caller, + AccessControlContext parent, AccessControlContext context, + Permission[] perms) + { + ProtectionDomain callerPD = getCallerPD(caller); + // check if caller is authorized to create context + if (context != null && !context.isAuthorized() && + System.getSecurityManager() != null && + !callerPD.impliesCreateAccessControlContext()) + { + ProtectionDomain nullPD = new ProtectionDomain(null, null); + return new AccessControlContext(new ProtectionDomain[] { nullPD }); + } else { + return new AccessControlContext(callerPD, combiner, parent, + context, perms); + } + } + + private static ProtectionDomain getCallerPD(final Class <?> caller) { ProtectionDomain callerPd = doPrivileged (new PrivilegedAction<ProtectionDomain>() { public ProtectionDomain run() { @@ -412,18 +487,9 @@ } }); - // perform 'combine' on the caller of doPrivileged, - // even if the caller is from the bootclasspath - ProtectionDomain[] pds = new ProtectionDomain[] {callerPd}; - if (combiner == null) { - return new AccessControlContext(pds); - } else { - return new AccessControlContext(combiner.combine(pds, null), - combiner); - } + return callerPd; } - /** * Performs the specified <code>PrivilegedExceptionAction</code> with * privileges enabled and restricted by the specified @@ -451,7 +517,7 @@ * @exception NullPointerException if the action is <code>null</code> * * @see #doPrivileged(PrivilegedAction) - * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext) + * @see #doPrivileged(PrivilegedAction,AccessControlContext) */ @CallerSensitive public static native <T> T @@ -460,6 +526,65 @@ throws PrivilegedActionException; /** + * Performs the specified {@code PrivilegedExceptionAction} with + * privileges enabled and restricted by the specified + * {@code AccessControlContext} and with a privilege scope limited by + * specified {@code Permission} arguments. + * + * The action is performed with the intersection of the permissions + * possessed by the caller's protection domain, and those possessed + * by the domains represented by the specified + * {@code AccessControlContext}. + * <p> + * If the action's {@code run} method throws an (unchecked) exception, + * it will propagate through this method. + * <p> + * If a security manager is installed and the specified + * {@code AccessControlContext} was not created by system code and the + * caller's {@code ProtectionDomain} has not been granted the + * {@literal "createAccessControlContext"} + * {@link java.security.SecurityPermission}, then the action is performed + * with no permissions. + * + * @param <T> the type of the value returned by the + * PrivilegedExceptionAction's {@code run} method. + * @param action the action to be performed. + * @param context an <i>access control context</i> + * representing the restriction to be applied to the + * caller's domain's privileges before performing + * the specified action. If the context is + * {@code null}, + * then no additional restriction is applied. + * @param perms the {@code Permission} arguments which limit the + * scope of the caller's privileges. The number of arguments + * is variable. + * + * @return the value returned by the action's {@code run} method. + * + * @throws PrivilegedActionException if the specified action's + * {@code run} method threw a <i>checked</i> exception + * @throws NullPointerException if action or perms or any element of + * perms is {@code null} + * + * @see #doPrivileged(PrivilegedAction) + * @see #doPrivileged(PrivilegedAction,AccessControlContext) + * + * @since 1.8 + */ + @CallerSensitive + static <T> T doPrivileged(PrivilegedExceptionAction<T> action, + AccessControlContext context, Permission... perms) + throws PrivilegedActionException + { + AccessControlContext parent = getContext(); + if (perms == null) { + throw new NullPointerException("null permissions parameter"); + } + Class <?> caller = Reflection.getCallerClass(); + return AccessController.doPrivileged(action, createWrapper(null, caller, parent, context, perms)); + } + + /** * Returns the AccessControl context. i.e., it gets * the protection domains of all the callers on the stack, * starting at the first class with a non-null @@ -471,6 +596,7 @@ private static native AccessControlContext getStackAccessControlContext(); + /** * Returns the "inherited" AccessControl context. This is the context * that existed when the thread was created. Package private so @@ -481,9 +607,9 @@ /** * This method takes a "snapshot" of the current calling context, which - * includes the current Thread's inherited AccessControlContext, - * and places it in an AccessControlContext object. This context may then - * be checked at a later point, possibly in another thread. + * includes the current Thread's inherited AccessControlContext and any + * limited privilege scope, and places it in an AccessControlContext object. + * This context may then be checked at a later point, possibly in another thread. * * @see AccessControlContext * @@ -521,7 +647,7 @@ */ public static void checkPermission(Permission perm) - throws AccessControlException + throws AccessControlException { //System.err.println("checkPermission "+perm); //Thread.currentThread().dumpStack(); @@ -542,7 +668,7 @@ } if (dumpDebug && Debug.isOn("stack")) { - Thread.currentThread().dumpStack(); + Thread.dumpStack(); } if (dumpDebug && Debug.isOn("domain")) {
--- a/src/share/classes/java/security/BasicPermission.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/security/BasicPermission.java Sat Sep 10 22:36:17 2016 +0100 @@ -25,7 +25,6 @@ package java.security; -import java.security.*; import java.util.Enumeration; import java.util.Map; import java.util.HashMap; @@ -333,14 +332,14 @@ * * @see #serialPersistentFields */ - private Class permClass; + private Class<?> permClass; /** * Create an empty BasicPermissionCollection object. * */ - public BasicPermissionCollection(Class clazz) { + public BasicPermissionCollection(Class<?> clazz) { perms = new HashMap<String, Permission>(11); all_allowed = false; permClass = clazz; @@ -542,6 +541,9 @@ ObjectInputStream.GetField gfields = in.readFields(); // Get permissions + // writeObject writes a Hashtable<String, Permission> for the + // permissions key, so this cast is safe, unless the data is corrupt. + @SuppressWarnings("unchecked") Hashtable<String, Permission> permissions = (Hashtable<String, Permission>)gfields.get("permissions", null); perms = new HashMap<String, Permission>(permissions.size()*2); @@ -551,7 +553,7 @@ all_allowed = gfields.get("all_allowed", false); // Get permClass - permClass = (Class) gfields.get("permClass", null); + permClass = (Class<?>) gfields.get("permClass", null); if (permClass == null) { // set permClass
--- a/src/share/classes/java/security/Permissions.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/security/Permissions.java Sat Sep 10 22:36:17 2016 +0100 @@ -31,7 +31,6 @@ import java.util.Map; import java.util.HashMap; import java.util.List; -import java.util.ArrayList; import java.util.Iterator; import java.util.Collections; import java.io.Serializable; @@ -238,7 +237,7 @@ */ private PermissionCollection getPermissionCollection(Permission p, boolean createEmpty) { - Class c = p.getClass(); + Class<?> c = p.getClass(); PermissionCollection pc = permsMap.get(c); @@ -390,6 +389,9 @@ allPermission = (PermissionCollection) gfields.get("allPermission", null); // Get permissions + // writeObject writes a Hashtable<Class<?>, PermissionCollection> for + // the perms key, so this cast is safe, unless the data is corrupt. + @SuppressWarnings("unchecked") Hashtable<Class<?>, PermissionCollection> perms = (Hashtable<Class<?>, PermissionCollection>)gfields.get("perms", null); permsMap = new HashMap<Class<?>, PermissionCollection>(perms.size()*2); @@ -590,6 +592,9 @@ ObjectInputStream.GetField gfields = in.readFields(); // Get permissions + // writeObject writes a Hashtable<Class<?>, PermissionCollection> for + // the perms key, so this cast is safe, unless the data is corrupt. + @SuppressWarnings("unchecked") Hashtable<Permission, Permission> perms = (Hashtable<Permission, Permission>)gfields.get("perms", null); permsMap = new HashMap<Permission, Permission>(perms.size()*2);
--- a/src/share/classes/java/security/Policy.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/security/Policy.java Sat Sep 10 22:36:17 2016 +0100 @@ -26,16 +26,7 @@ package java.security; -import java.io.*; -import java.lang.RuntimePermission; -import java.lang.reflect.*; -import java.net.MalformedURLException; -import java.net.URL; import java.util.Enumeration; -import java.util.Hashtable; -import java.util.PropertyPermission; -import java.util.StringTokenizer; -import java.util.Vector; import java.util.WeakHashMap; import java.util.concurrent.atomic.AtomicReference; import sun.security.jca.GetInstance; @@ -813,6 +804,8 @@ private static class UnsupportedEmptyCollection extends PermissionCollection { + private static final long serialVersionUID = -8492269157353014774L; + private Permissions perms; /**
--- a/src/share/classes/java/security/ProtectionDomain.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/security/ProtectionDomain.java Sat Sep 10 22:36:17 2016 +0100 @@ -33,7 +33,6 @@ import java.util.WeakHashMap; import sun.misc.JavaSecurityProtectionDomainAccess; import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache; -import sun.misc.SharedSecrets; import sun.security.util.Debug; import sun.security.util.SecurityConstants; import sun.misc.JavaSecurityAccess; @@ -60,35 +59,63 @@ */ public class ProtectionDomain { + private static class JavaSecurityAccessImpl implements JavaSecurityAccess { + + private JavaSecurityAccessImpl() { + } + + @Override + public <T> T doIntersectionPrivilege( + PrivilegedAction<T> action, + final AccessControlContext stack, + final AccessControlContext context) { + if (action == null) { + throw new NullPointerException(); + } + + return AccessController.doPrivileged( + action, + getCombinedACC(context, stack) + ); + } + + @Override + public <T> T doIntersectionPrivilege( + PrivilegedAction<T> action, + AccessControlContext context) { + return doIntersectionPrivilege(action, + AccessController.getContext(), context); + } + + @Override + public <T> T doPrivileged(PrivilegedAction<T> action, + AccessControlContext context, + Permission... perms) + { + return AccessController.doPrivileged(action, context, + perms); + } + + @Override + public <T> T doPrivileged(PrivilegedExceptionAction<T> action, + AccessControlContext context, + Permission... perms) + throws PrivilegedActionException + { + return AccessController.doPrivileged(action, context, + perms); + } + + private static AccessControlContext getCombinedACC(AccessControlContext context, AccessControlContext stack) { + AccessControlContext acc = new AccessControlContext(context, stack.getCombiner(), true); + + return new AccessControlContext(stack.getContext(), acc).optimize(); + } + } static { // Set up JavaSecurityAccess in SharedSecrets - SharedSecrets.setJavaSecurityAccess( - new JavaSecurityAccess() { - public <T> T doIntersectionPrivilege( - PrivilegedAction<T> action, - final AccessControlContext stack, - final AccessControlContext context) - { - if (action == null) { - throw new NullPointerException(); - } - return AccessController.doPrivileged( - action, - new AccessControlContext( - stack.getContext(), context).optimize() - ); - } - - public <T> T doIntersectionPrivilege( - PrivilegedAction<T> action, - AccessControlContext context) - { - return doIntersectionPrivilege(action, - AccessController.getContext(), context); - } - } - ); + SharedSecrets.setJavaSecurityAccess(new JavaSecurityAccessImpl()); } /* CodeSource */ @@ -408,7 +435,7 @@ e = permissions.elements(); // domain vs policy while (e.hasMoreElements()) { Permission pdp = e.nextElement(); - Class pdpClass = pdp.getClass(); + Class<?> pdpClass = pdp.getClass(); String pdpActions = pdp.getActions(); String pdpName = pdp.getName(); for (int i = 0; i < plVector.size(); i++) { @@ -467,6 +494,11 @@ } }; } + + @Override + public boolean getStaticPermissionsField(ProtectionDomain pd) { + return pd.staticPermissions; + } }); } }
--- a/src/share/classes/java/security/Provider.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/security/Provider.java Sat Sep 10 22:36:17 2016 +0100 @@ -31,9 +31,6 @@ import java.lang.ref.*; import java.lang.reflect.*; -import java.security.cert.CertStoreParameters; -import javax.security.auth.login.Configuration; - /** * This class represents a "provider" for the * Java Security API, where a provider implements some or all parts of @@ -453,8 +450,8 @@ * Internal method to be called AFTER the security check has been * performed. */ - private void implPutAll(Map t) { - for (Map.Entry e : ((Map<?,?>)t).entrySet()) { + private void implPutAll(Map<?,?> t) { + for (Map.Entry<?,?> e : t.entrySet()) { implPut(e.getKey(), e.getValue()); } } @@ -562,9 +559,9 @@ * occur if the legacy properties are inconsistent or incomplete. */ private void removeInvalidServices(Map<ServiceKey,Service> map) { - for (Iterator t = map.entrySet().iterator(); t.hasNext(); ) { - Map.Entry entry = (Map.Entry)t.next(); - Service s = (Service)entry.getValue(); + for (Iterator<Map.Entry<ServiceKey, Service>> t = + map.entrySet().iterator(); t.hasNext(); ) { + Service s = t.next().getValue(); if (s.isValid() == false) { t.remove(); } @@ -918,15 +915,15 @@ final String name; final boolean supportsParameter; final String constructorParameterClassName; - private volatile Class constructorParameterClass; + private volatile Class<?> constructorParameterClass; EngineDescription(String name, boolean sp, String paramName) { this.name = name; this.supportsParameter = sp; this.constructorParameterClassName = paramName; } - Class getConstructorParameterClass() throws ClassNotFoundException { - Class clazz = constructorParameterClass; + Class<?> getConstructorParameterClass() throws ClassNotFoundException { + Class<?> clazz = constructorParameterClass; if (clazz == null) { clazz = Class.forName(constructorParameterClassName); constructorParameterClass = clazz; @@ -1038,7 +1035,7 @@ private Map<UString,String> attributes; // Reference to the cached implementation Class object - private volatile Reference<Class> classRef; + private volatile Reference<Class<?>> classRef; // flag indicating whether this service has its attributes for // supportedKeyFormats or supportedKeyClasses set @@ -1055,7 +1052,7 @@ // whether this service has been registered with the Provider private boolean registered; - private static final Class[] CLASS0 = new Class[0]; + private static final Class<?>[] CLASS0 = new Class<?>[0]; // this constructor and these methods are used for parsing // the legacy string properties. @@ -1234,14 +1231,14 @@ ("constructorParameter not used with " + type + " engines"); } - Class clazz = getImplClass(); + Class<?> clazz = getImplClass(); Class<?>[] empty = {}; Constructor<?> con = clazz.getConstructor(empty); return con.newInstance(); } else { - Class paramClass = cap.getConstructorParameterClass(); + Class<?> paramClass = cap.getConstructorParameterClass(); if (constructorParameter != null) { - Class argClass = constructorParameter.getClass(); + Class<?> argClass = constructorParameter.getClass(); if (paramClass.isAssignableFrom(argClass) == false) { throw new InvalidParameterException ("constructorParameter must be instanceof " @@ -1249,8 +1246,8 @@ + " for engine type " + type); } } - Class clazz = getImplClass(); - Constructor cons = clazz.getConstructor(paramClass); + Class<?> clazz = getImplClass(); + Constructor<?> cons = clazz.getConstructor(paramClass); return cons.newInstance(constructorParameter); } } catch (NoSuchAlgorithmException e) { @@ -1269,10 +1266,10 @@ } // return the implementation Class object for this service - private Class getImplClass() throws NoSuchAlgorithmException { + private Class<?> getImplClass() throws NoSuchAlgorithmException { try { - Reference<Class> ref = classRef; - Class clazz = (ref == null) ? null : ref.get(); + Reference<Class<?>> ref = classRef; + Class<?> clazz = (ref == null) ? null : ref.get(); if (clazz == null) { ClassLoader cl = provider.getClass().getClassLoader(); if (cl == null) { @@ -1285,7 +1282,7 @@ ("class configured for " + type + " (provider: " + provider.getName() + ") is not public."); } - classRef = new WeakReference<Class>(clazz); + classRef = new WeakReference<Class<?>>(clazz); } return clazz; } catch (ClassNotFoundException e) { @@ -1302,7 +1299,7 @@ */ private Object newInstanceGeneric(Object constructorParameter) throws Exception { - Class clazz = getImplClass(); + Class<?> clazz = getImplClass(); if (constructorParameter == null) { // create instance with public no-arg constructor if it exists try { @@ -1314,12 +1311,12 @@ + "constructor found in class " + className); } } - Class argClass = constructorParameter.getClass(); + Class<?> argClass = constructorParameter.getClass(); Constructor[] cons = clazz.getConstructors(); // find first public constructor that can take the // argument as parameter for (Constructor<?> con : cons) { - Class[] paramTypes = con.getParameterTypes(); + Class<?>[] paramTypes = con.getParameterTypes(); if (paramTypes.length != 1) { continue; } @@ -1406,10 +1403,10 @@ s = getAttribute("SupportedKeyClasses"); if (s != null) { String[] classNames = s.split("\\|"); - List<Class> classList = + List<Class<?>> classList = new ArrayList<>(classNames.length); for (String className : classNames) { - Class clazz = getKeyClass(className); + Class<?> clazz = getKeyClass(className); if (clazz != null) { classList.add(clazz); } @@ -1426,7 +1423,7 @@ } // get the key class object of the specified name - private Class getKeyClass(String name) { + private Class<?> getKeyClass(String name) { try { return Class.forName(name); } catch (ClassNotFoundException e) { @@ -1463,8 +1460,8 @@ if (supportedClasses == null) { return false; } - Class keyClass = key.getClass(); - for (Class clazz : supportedClasses) { + Class<?> keyClass = key.getClass(); + for (Class<?> clazz : supportedClasses) { if (clazz.isAssignableFrom(keyClass)) { return true; }
--- a/src/share/classes/java/security/Security.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/security/Security.java Sat Sep 10 22:36:17 2016 +0100 @@ -33,8 +33,6 @@ import sun.security.util.Debug; import sun.security.util.PropertyExpander; -import java.security.Provider.Service; - import sun.security.jca.*; /** @@ -660,15 +658,16 @@ } // Map containing cached Spi Class objects of the specified type - private static final Map<String, Class> spiMap = new ConcurrentHashMap<>(); + private static final Map<String, Class<?>> spiMap = + new ConcurrentHashMap<>(); /** * Return the Class object for the given engine type * (e.g. "MessageDigest"). Works for Spis in the java.security package * only. */ - private static Class getSpiClass(String type) { - Class clazz = spiMap.get(type); + private static Class<?> getSpiClass(String type) { + Class<?> clazz = spiMap.get(type); if (clazz != null) { return clazz; } @@ -1078,7 +1077,7 @@ if ((serviceName == null) || (serviceName.length() == 0) || (serviceName.endsWith("."))) { - return Collections.EMPTY_SET; + return Collections.emptySet(); } HashSet<String> result = new HashSet<>();
--- a/src/share/classes/java/security/UnresolvedPermission.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/security/UnresolvedPermission.java Sat Sep 10 22:36:17 2016 +0100 @@ -28,9 +28,7 @@ import java.io.IOException; import java.io.ByteArrayInputStream; import java.util.ArrayList; -import java.util.Enumeration; import java.util.Hashtable; -import java.util.Vector; import java.lang.reflect.*; import java.security.cert.*; @@ -247,19 +245,19 @@ } } try { - Class pc = p.getClass(); + Class<?> pc = p.getClass(); if (name == null && actions == null) { try { - Constructor c = pc.getConstructor(PARAMS0); + Constructor<?> c = pc.getConstructor(PARAMS0); return (Permission)c.newInstance(new Object[] {}); } catch (NoSuchMethodException ne) { try { - Constructor c = pc.getConstructor(PARAMS1); + Constructor<?> c = pc.getConstructor(PARAMS1); return (Permission) c.newInstance( new Object[] { name}); } catch (NoSuchMethodException ne1) { - Constructor c = pc.getConstructor(PARAMS2); + Constructor<?> c = pc.getConstructor(PARAMS2); return (Permission) c.newInstance( new Object[] { name, actions }); } @@ -267,16 +265,16 @@ } else { if (name != null && actions == null) { try { - Constructor c = pc.getConstructor(PARAMS1); + Constructor<?> c = pc.getConstructor(PARAMS1); return (Permission) c.newInstance( new Object[] { name}); } catch (NoSuchMethodException ne) { - Constructor c = pc.getConstructor(PARAMS2); + Constructor<?> c = pc.getConstructor(PARAMS2); return (Permission) c.newInstance( new Object[] { name, actions }); } } else { - Constructor c = pc.getConstructor(PARAMS2); + Constructor<?> c = pc.getConstructor(PARAMS2); return (Permission) c.newInstance( new Object[] { name, actions }); }
--- a/src/share/classes/java/security/UnresolvedPermissionCollection.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/security/UnresolvedPermissionCollection.java Sat Sep 10 22:36:17 2016 +0100 @@ -197,8 +197,12 @@ ObjectInputStream.GetField gfields = in.readFields(); // Get permissions + @SuppressWarnings("unchecked") + // writeObject writes a Hashtable<String, Vector<UnresolvedPermission>> + // for the permissions key, so this cast is safe, unless the data is corrupt. Hashtable<String, Vector<UnresolvedPermission>> permissions = - (Hashtable<String, Vector<UnresolvedPermission>>)gfields.get("permissions", null); + (Hashtable<String, Vector<UnresolvedPermission>>) + gfields.get("permissions", null); perms = new HashMap<String, List<UnresolvedPermission>>(permissions.size()*2); // Convert each entry (Vector) into a List
--- a/src/share/classes/java/security/cert/CertificateRevokedException.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/security/cert/CertificateRevokedException.java Sat Sep 10 22:36:17 2016 +0100 @@ -32,7 +32,6 @@ import java.util.Date; import java.util.HashMap; import java.util.Map; -import java.util.Map.Entry; import javax.security.auth.x500.X500Principal; import sun.security.util.ObjectIdentifier; @@ -151,8 +150,7 @@ return null; } else { try { - Date invalidity = - (Date) InvalidityDateExtension.toImpl(ext).get("DATE"); + Date invalidity = InvalidityDateExtension.toImpl(ext).get("DATE"); return new Date(invalidity.getTime()); } catch (IOException ioe) { return null;
--- a/src/share/classes/java/security/cert/X509CRLSelector.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/security/cert/X509CRLSelector.java Sat Sep 10 22:36:17 2016 +0100 @@ -632,7 +632,7 @@ byte[] encoded = in.getOctetString(); CRLNumberExtension crlNumExt = new CRLNumberExtension(Boolean.FALSE, encoded); - crlNum = (BigInteger)crlNumExt.get(CRLNumberExtension.NUMBER); + crlNum = crlNumExt.get(CRLNumberExtension.NUMBER); } catch (IOException ex) { if (debug != null) { debug.println("X509CRLSelector.match: exception in "
--- a/src/share/classes/java/security/cert/X509CertSelector.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/java/security/cert/X509CertSelector.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -277,7 +277,7 @@ try { issuer = (issuerDN == null ? null : new X500Principal(issuerDN)); } catch (IllegalArgumentException e) { - throw (IOException)new IOException("Invalid name").initCause(e); + throw new IOException("Invalid name", e); } } @@ -341,7 +341,7 @@ try { subject = (subjectDN == null ? null : new X500Principal(subjectDN)); } catch (IllegalArgumentException e) { - throw (IOException)new IOException("Invalid name").initCause(e); + throw new IOException("Invalid name", e); } } @@ -872,7 +872,7 @@ * @param object2 a Collection containing the second object to compare * @return true if the objects are equal, false otherwise */ - static boolean equalNames(Collection object1, Collection object2) { + static boolean equalNames(Collection<?> object1, Collection<?> object2) { if ((object1 == null) || (object2 == null)) { return object1 == object2; } @@ -1672,19 +1672,15 @@ private static Set<List<?>> cloneAndCheckNames(Collection<List<?>> names) throws IOException { // Copy the Lists and Collection Set<List<?>> namesCopy = new HashSet<List<?>>(); - Iterator<List<?>> i = names.iterator(); - while (i.hasNext()) { - Object o = i.next(); - if (!(o instanceof List)) { - throw new IOException("expected a List"); - } - namesCopy.add(new ArrayList<Object>((List<?>)o)); + for (List<?> o : names) + { + namesCopy.add(new ArrayList<Object>(o)); } // Check the contents of the Lists and clone any byte arrays - i = namesCopy.iterator(); - while (i.hasNext()) { - List<Object> nameList = (List<Object>)i.next(); + for (List<?> list : namesCopy) { + @SuppressWarnings("unchecked") // See javadoc for parameter "names". + List<Object> nameList = (List<Object>)list; if (nameList.size() != 2) { throw new IOException("name list size not 2"); } @@ -2184,8 +2180,7 @@ if (debug != null) { String time = "n/a"; try { - Date notAfter = - (Date)ext.get(PrivateKeyUsageExtension.NOT_AFTER); + Date notAfter = ext.get(PrivateKeyUsageExtension.NOT_AFTER); time = notAfter.toString(); } catch (CertificateException ex) { // not able to retrieve notAfter value @@ -2201,8 +2196,7 @@ if (debug != null) { String time = "n/a"; try { - Date notBefore = (Date) - ext.get(PrivateKeyUsageExtension.NOT_BEFORE); + Date notBefore = ext.get(PrivateKeyUsageExtension.NOT_BEFORE); time = notBefore.toString(); } catch (CertificateException ex) { // not able to retrieve notBefore value @@ -2214,14 +2208,6 @@ e2.printStackTrace(); } return false; - } catch (CertificateException e3) { - if (debug != null) { - debug.println("X509CertSelector.match: CertificateException " - + "in private key usage check; X509CertSelector: " - + this.toString()); - e3.printStackTrace(); - } - return false; } catch (IOException e4) { if (debug != null) { debug.println("X509CertSelector.match: IOException in " @@ -2252,7 +2238,7 @@ + subjectPublicKeyAlgID + ", xcert subjectPublicKeyAlgID = " + algID.getOID()); } - if (!subjectPublicKeyAlgID.equals(algID.getOID())) { + if (!subjectPublicKeyAlgID.equals((Object)algID.getOID())) { if (debug != null) { debug.println("X509CertSelector.match: " + "subject public key alg IDs don't match"); @@ -2301,7 +2287,7 @@ EXTENDED_KEY_USAGE_ID); if (ext != null) { Vector<ObjectIdentifier> certKeyPurposeVector = - (Vector<ObjectIdentifier>)ext.get(ExtendedKeyUsageExtension.USAGES); + ext.get(ExtendedKeyUsageExtension.USAGES); if (!certKeyPurposeVector.contains(ANY_EXTENDED_KEY_USAGE) && !certKeyPurposeVector.containsAll(keyPurposeOIDSet)) { if (debug != null) { @@ -2337,8 +2323,8 @@ } return false; } - GeneralNames certNames = (GeneralNames) - sanExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME); + GeneralNames certNames = + sanExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME); Iterator<GeneralNameInterface> i = subjectAlternativeGeneralNames.iterator(); while (i.hasNext()) { @@ -2406,7 +2392,7 @@ } return false; } - List<PolicyInformation> policies = (List<PolicyInformation>)ext.get(CertificatePoliciesExtension.POLICIES); + List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES); /* * Convert the Vector of PolicyInformation to a Vector * of CertificatePolicyIds for easier comparison. @@ -2467,7 +2453,7 @@ if (ext == null) { return true; } - if ((debug != null) && debug.isOn("certpath")) { + if ((debug != null) && Debug.isOn("certpath")) { debug.println("X509CertSelector.match pathToNames:\n"); Iterator<GeneralNameInterface> i = pathToGeneralNames.iterator(); @@ -2476,10 +2462,10 @@ } } - GeneralSubtrees permitted = (GeneralSubtrees) - ext.get(NameConstraintsExtension.PERMITTED_SUBTREES); - GeneralSubtrees excluded = (GeneralSubtrees) - ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES); + GeneralSubtrees permitted = + ext.get(NameConstraintsExtension.PERMITTED_SUBTREES); + GeneralSubtrees excluded = + ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES); if (excluded != null) { if (matchExcluded(excluded) == false) { return false; @@ -2597,12 +2583,13 @@ return true; } - private static Set<?> cloneSet(Set<?> set) { + @SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly + private static <T> Set<T> cloneSet(Set<T> set) { if (set instanceof HashSet) { - Object clone = ((HashSet<?>)set).clone(); - return (Set<?>)clone; + Object clone = ((HashSet<T>)set).clone(); + return (Set<T>)clone; } else { - return new HashSet<Object>(set); + return new HashSet<T>(set); } } @@ -2617,17 +2604,13 @@ // Must clone these because addPathToName et al. modify them if (subjectAlternativeNames != null) { copy.subjectAlternativeNames = - (Set<List<?>>)cloneSet(subjectAlternativeNames); + cloneSet(subjectAlternativeNames); copy.subjectAlternativeGeneralNames = - (Set<GeneralNameInterface>)cloneSet - (subjectAlternativeGeneralNames); + cloneSet(subjectAlternativeGeneralNames); } if (pathToGeneralNames != null) { - copy.pathToNames = - (Set<List<?>>)cloneSet(pathToNames); - copy.pathToGeneralNames = - (Set<GeneralNameInterface>)cloneSet - (pathToGeneralNames); + copy.pathToNames = cloneSet(pathToNames); + copy.pathToGeneralNames = cloneSet(pathToGeneralNames); } return copy; } catch (CloneNotSupportedException e) {
--- a/src/share/classes/javax/crypto/Cipher.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/Cipher.java Sat Sep 10 22:36:17 2016 +0100 @@ -30,7 +30,6 @@ import java.util.concurrent.ConcurrentMap; import java.util.regex.*; -import static java.util.Locale.ENGLISH; import java.security.*; import java.security.Provider.Service; @@ -46,7 +45,6 @@ import sun.security.util.Debug; import sun.security.jca.*; -import sun.security.jca.GetInstance.Instance; /** * This class provides the functionality of a cryptographic cipher for @@ -228,10 +226,10 @@ // remaining services to try in provider selection // null once provider is selected - private Iterator serviceIterator; + private Iterator<Service> serviceIterator; // list of transform Strings to lookup in the provider - private List transforms; + private List<Transform> transforms; private final Object lock; @@ -264,7 +262,8 @@ } private Cipher(CipherSpi firstSpi, Service firstService, - Iterator serviceIterator, String transformation, List transforms) { + Iterator<Service> serviceIterator, String transformation, + List<Transform> transforms) { this.firstSpi = firstSpi; this.firstService = firstService; this.serviceIterator = serviceIterator; @@ -388,7 +387,7 @@ new ConcurrentHashMap<String, Pattern>(); private static boolean matches(String regexp, String str) { - Pattern pattern = (Pattern)patternCache.get(regexp); + Pattern pattern = patternCache.get(regexp); if (pattern == null) { pattern = Pattern.compile(regexp); patternCache.putIfAbsent(regexp, pattern); @@ -398,7 +397,7 @@ } - private static List getTransforms(String transformation) + private static List<Transform> getTransforms(String transformation) throws NoSuchAlgorithmException { String[] parts = tokenizeTransformation(transformation); @@ -418,7 +417,7 @@ return Collections.singletonList(tr); } else { // if ((mode != null) && (pad != null)) { // DES/CBC/PKCS5Padding - List list = new ArrayList(4); + List<Transform> list = new ArrayList<>(4); list.add(new Transform(alg, "/" + mode + "/" + pad, null, null)); list.add(new Transform(alg, "/" + mode, null, pad)); list.add(new Transform(alg, "//" + pad, mode, null)); @@ -428,10 +427,10 @@ } // get the transform matching the specified service - private static Transform getTransform(Service s, List transforms) { + private static Transform getTransform(Service s, + List<Transform> transforms) { String alg = s.getAlgorithm().toUpperCase(Locale.ENGLISH); - for (Iterator t = transforms.iterator(); t.hasNext(); ) { - Transform tr = (Transform)t.next(); + for (Transform tr : transforms) { if (alg.endsWith(tr.suffix)) { return tr; } @@ -474,19 +473,18 @@ public static final Cipher getInstance(String transformation) throws NoSuchAlgorithmException, NoSuchPaddingException { - List transforms = getTransforms(transformation); - List cipherServices = new ArrayList(transforms.size()); - for (Iterator t = transforms.iterator(); t.hasNext(); ) { - Transform transform = (Transform)t.next(); + List<Transform> transforms = getTransforms(transformation); + List<ServiceId> cipherServices = new ArrayList<>(transforms.size()); + for (Transform transform : transforms) { cipherServices.add(new ServiceId("Cipher", transform.transform)); } - List services = GetInstance.getServices(cipherServices); + List<Service> services = GetInstance.getServices(cipherServices); // make sure there is at least one service from a signed provider // and that it can use the specified mode and padding - Iterator t = services.iterator(); + Iterator<Service> t = services.iterator(); Exception failure = null; while (t.hasNext()) { - Service s = (Service)t.next(); + Service s = t.next(); Transform tr = getTransform(s, transforms); if (tr == null) { // should never happen @@ -609,10 +607,9 @@ throw new IllegalArgumentException("Missing provider"); } Exception failure = null; - List transforms = getTransforms(transformation); + List<Transform> transforms = getTransforms(transformation); String paddingError = null; - for (Iterator t = transforms.iterator(); t.hasNext();) { - Transform tr = (Transform)t.next(); + for (Transform tr : transforms) { Service s = provider.getService("Cipher", tr.transform); if (s == null) { continue; @@ -685,7 +682,7 @@ firstService = null; firstSpi = null; } else { - s = (Service)serviceIterator.next(); + s = serviceIterator.next(); thisSpi = null; } Transform tr = getTransform(s, transforms); @@ -771,7 +768,7 @@ firstService = null; firstSpi = null; } else { - s = (Service)serviceIterator.next(); + s = serviceIterator.next(); thisSpi = null; } // if provider says it does not support this key, ignore it @@ -1497,7 +1494,7 @@ // Check whether the cert has a key usage extension // marked as a critical extension. X509Certificate cert = (X509Certificate)certificate; - Set critSet = cert.getCriticalExtensionOIDs(); + Set<String> critSet = cert.getCriticalExtensionOIDs(); if (critSet != null && !critSet.isEmpty() && critSet.contains(KEY_USAGE_EXTENSION_OID)) {
--- a/src/share/classes/javax/crypto/CryptoAllPermission.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/CryptoAllPermission.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -171,8 +171,8 @@ * * @return an enumeration of all the CryptoAllPermission objects. */ - public Enumeration elements() { - Vector v = new Vector(1); + public Enumeration<Permission> elements() { + Vector<Permission> v = new Vector<>(1); if (all_allowed) v.add(CryptoAllPermission.INSTANCE); return v.elements(); }
--- a/src/share/classes/javax/crypto/CryptoPermission.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/CryptoPermission.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -475,14 +475,14 @@ private static final long serialVersionUID = -511215555898802763L; - private Vector permissions; + private Vector<Permission> permissions; /** * Creates an empty CryptoPermissionCollection * object. */ CryptoPermissionCollection() { - permissions = new Vector(3); + permissions = new Vector<Permission>(3); } /** @@ -520,7 +520,7 @@ CryptoPermission cp = (CryptoPermission)permission; - Enumeration e = permissions.elements(); + Enumeration<Permission> e = permissions.elements(); while (e.hasMoreElements()) { CryptoPermission x = (CryptoPermission) e.nextElement(); @@ -538,7 +538,7 @@ * @return an enumeration of all the CryptoPermission objects. */ - public Enumeration elements() + public Enumeration<Permission> elements() { return permissions.elements(); }
--- a/src/share/classes/javax/crypto/CryptoPermissions.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/CryptoPermissions.java Sat Sep 10 22:36:17 2016 +0100 @@ -179,7 +179,7 @@ * * @return an enumeration of all the Permissions. */ - public Enumeration elements() { + public Enumeration<Permission> elements() { // go through each Permissions in the hash table // and call their elements() function. return new PermissionsEnumerator(perms.elements()); @@ -211,8 +211,7 @@ PermissionCollection thatWildcard = - (PermissionCollection)other.perms.get( - CryptoPermission.ALG_NAME_WILDCARD); + other.perms.get(CryptoPermission.ALG_NAME_WILDCARD); int maxKeySize = 0; if (thatWildcard != null) { maxKeySize = ((CryptoPermission) @@ -221,14 +220,12 @@ // For each algorithm in this CryptoPermissions, // find out if there is anything we should add into // ret. - Enumeration thisKeys = this.perms.keys(); + Enumeration<String> thisKeys = this.perms.keys(); while (thisKeys.hasMoreElements()) { - String alg = (String)thisKeys.nextElement(); + String alg = thisKeys.nextElement(); - PermissionCollection thisPc = - (PermissionCollection)this.perms.get(alg); - PermissionCollection thatPc = - (PermissionCollection)other.perms.get(alg); + PermissionCollection thisPc = this.perms.get(alg); + PermissionCollection thatPc = other.perms.get(alg); CryptoPermission[] partialResult; @@ -251,8 +248,7 @@ } PermissionCollection thisWildcard = - (PermissionCollection)this.perms.get( - CryptoPermission.ALG_NAME_WILDCARD); + this.perms.get(CryptoPermission.ALG_NAME_WILDCARD); // If this CryptoPermissions doesn't // have a wildcard, we are done. @@ -265,16 +261,15 @@ maxKeySize = ((CryptoPermission) thisWildcard.elements().nextElement()).getMaxKeySize(); - Enumeration thatKeys = other.perms.keys(); + Enumeration<String> thatKeys = other.perms.keys(); while (thatKeys.hasMoreElements()) { - String alg = (String)thatKeys.nextElement(); + String alg = thatKeys.nextElement(); if (this.perms.containsKey(alg)) { continue; } - PermissionCollection thatPc = - (PermissionCollection)other.perms.get(alg); + PermissionCollection thatPc = other.perms.get(alg); CryptoPermission[] partialResult; @@ -299,9 +294,9 @@ */ private CryptoPermission[] getMinimum(PermissionCollection thisPc, PermissionCollection thatPc) { - Vector permVector = new Vector(2); + Vector<CryptoPermission> permVector = new Vector<>(2); - Enumeration thisPcPermissions = thisPc.elements(); + Enumeration<Permission> thisPcPermissions = thisPc.elements(); // For each CryptoPermission in // thisPc object, do the following: @@ -320,7 +315,7 @@ CryptoPermission thisCp = (CryptoPermission)thisPcPermissions.nextElement(); - Enumeration thatPcPermissions = thatPc.elements(); + Enumeration<Permission> thatPcPermissions = thatPc.elements(); while (thatPcPermissions.hasMoreElements()) { CryptoPermission thatCp = (CryptoPermission)thatPcPermissions.nextElement(); @@ -355,9 +350,9 @@ */ private CryptoPermission[] getMinimum(int maxKeySize, PermissionCollection pc) { - Vector permVector = new Vector(1); + Vector<CryptoPermission> permVector = new Vector<>(1); - Enumeration enum_ = pc.elements(); + Enumeration<Permission> enum_ = pc.elements(); while (enum_.hasMoreElements()) { CryptoPermission cp = @@ -424,7 +419,7 @@ String alg = cryptoPerm.getAlgorithm(); - PermissionCollection pc = (PermissionCollection)perms.get(alg); + PermissionCollection pc = perms.get(alg); if (pc == null) { pc = cryptoPerm.newPermissionCollection(); @@ -455,14 +450,14 @@ } } -final class PermissionsEnumerator implements Enumeration { +final class PermissionsEnumerator implements Enumeration<Permission> { // all the perms - private Enumeration perms; + private Enumeration<PermissionCollection> perms; // the current set - private Enumeration permset; + private Enumeration<Permission> permset; - PermissionsEnumerator(Enumeration e) { + PermissionsEnumerator(Enumeration<PermissionCollection> e) { perms = e; permset = getNextEnumWithMore(); } @@ -486,7 +481,7 @@ return (permset != null); } - public synchronized Object nextElement() { + public synchronized Permission nextElement() { // hasMoreElements will update permset to the next permset // with something in it... @@ -497,11 +492,10 @@ } } - private Enumeration getNextEnumWithMore() { + private Enumeration<Permission> getNextEnumWithMore() { while (perms.hasMoreElements()) { - PermissionCollection pc = - (PermissionCollection) perms.nextElement(); - Enumeration next = pc.elements(); + PermissionCollection pc = perms.nextElement(); + Enumeration<Permission> next = pc.elements(); if (next.hasMoreElements()) return next; }
--- a/src/share/classes/javax/crypto/CryptoPolicyParser.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/CryptoPolicyParser.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,7 +29,6 @@ import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; -import java.util.StringTokenizer; import static java.util.Locale.ENGLISH; import java.security.GeneralSecurityException; @@ -64,7 +63,7 @@ final class CryptoPolicyParser { - private Vector grantEntries; + private Vector<GrantEntry> grantEntries; // Convenience variables for parsing private StreamTokenizer st; @@ -74,7 +73,7 @@ * Creates a CryptoPolicyParser object. */ CryptoPolicyParser() { - grantEntries = new Vector(); + grantEntries = new Vector<GrantEntry>(); } /** @@ -127,7 +126,7 @@ * The crypto jurisdiction policy must be consistent. The * following hashtable is used for checking consistency. */ - Hashtable processedPermissions = null; + Hashtable<String, Vector<String>> processedPermissions = null; /* * The main parsing loop. The loop is executed once for each entry @@ -152,7 +151,8 @@ /** * parse a Grant entry */ - private GrantEntry parseGrantEntry(Hashtable processedPermissions) + private GrantEntry parseGrantEntry( + Hashtable<String, Vector<String>> processedPermissions) throws ParsingException, IOException { GrantEntry e = new GrantEntry(); @@ -180,7 +180,7 @@ * parse a CryptoPermission entry */ private CryptoPermissionEntry parsePermissionEntry( - Hashtable processedPermissions) + Hashtable<String, Vector<String>> processedPermissions) throws ParsingException, IOException { CryptoPermissionEntry e = new CryptoPermissionEntry(); @@ -252,7 +252,7 @@ // AlgorithmParameterSpec class name. String algParamSpecClassName = match("quoted string"); - Vector paramsV = new Vector(1); + Vector<Integer> paramsV = new Vector<>(1); while (peek(",")) { match(","); if (peek("number")) { @@ -285,14 +285,14 @@ AlgorithmParameterSpec ret = null; try { - Class apsClass = Class.forName(type); - Class[] paramClasses = new Class[params.length]; + Class<?> apsClass = Class.forName(type); + Class<?>[] paramClasses = new Class<?>[params.length]; for (int i = 0; i < params.length; i++) { paramClasses[i] = int.class; } - Constructor c = apsClass.getConstructor(paramClasses); + Constructor<?> c = apsClass.getConstructor(paramClasses); ret = (AlgorithmParameterSpec) c.newInstance((Object[]) params); } catch (Exception e) { throw new ParsingException("Cannot call the constructor of " + @@ -456,15 +456,15 @@ } CryptoPermission[] getPermissions() { - Vector result = new Vector(); + Vector<CryptoPermission> result = new Vector<>(); - Enumeration grantEnum = grantEntries.elements(); + Enumeration<GrantEntry> grantEnum = grantEntries.elements(); while (grantEnum.hasMoreElements()) { - GrantEntry ge = (GrantEntry)grantEnum.nextElement(); - Enumeration permEnum = ge.permissionElements(); + GrantEntry ge = grantEnum.nextElement(); + Enumeration<CryptoPermissionEntry> permEnum = + ge.permissionElements(); while (permEnum.hasMoreElements()) { - CryptoPermissionEntry pe = - (CryptoPermissionEntry)permEnum.nextElement(); + CryptoPermissionEntry pe = permEnum.nextElement(); if (pe.cryptoPermission.equals( "javax.crypto.CryptoAllPermission")) { result.addElement(CryptoAllPermission.INSTANCE); @@ -491,15 +491,14 @@ return ret; } - private boolean isConsistent(String alg, - String exemptionMechanism, - Hashtable processedPermissions) { + private boolean isConsistent(String alg, String exemptionMechanism, + Hashtable<String, Vector<String>> processedPermissions) { String thisExemptionMechanism = exemptionMechanism == null ? "none" : exemptionMechanism; if (processedPermissions == null) { - processedPermissions = new Hashtable(); - Vector exemptionMechanisms = new Vector(1); + processedPermissions = new Hashtable<String, Vector<String>>(); + Vector<String> exemptionMechanisms = new Vector<>(1); exemptionMechanisms.addElement(thisExemptionMechanism); processedPermissions.put(alg, exemptionMechanisms); return true; @@ -509,15 +508,15 @@ return false; } - Vector exemptionMechanisms; + Vector<String> exemptionMechanisms; if (processedPermissions.containsKey(alg)) { - exemptionMechanisms = (Vector)processedPermissions.get(alg); + exemptionMechanisms = processedPermissions.get(alg); if (exemptionMechanisms.contains(thisExemptionMechanism)) { return false; } } else { - exemptionMechanisms = new Vector(1); + exemptionMechanisms = new Vector<String>(1); } exemptionMechanisms.addElement(thisExemptionMechanism); @@ -556,10 +555,10 @@ private static class GrantEntry { - private Vector permissionEntries; + private Vector<CryptoPermissionEntry> permissionEntries; GrantEntry() { - permissionEntries = new Vector(); + permissionEntries = new Vector<CryptoPermissionEntry>(); } void add(CryptoPermissionEntry pe) @@ -580,7 +579,7 @@ /** * Enumerate all the permission entries in this GrantEntry. */ - Enumeration permissionElements(){ + Enumeration<CryptoPermissionEntry> permissionElements(){ return permissionEntries.elements(); }
--- a/src/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -80,7 +80,7 @@ throw new NullPointerException("the encoded parameter " + "must be non-null"); } - this.encoded = (byte[])encoded.clone(); + this.encoded = encoded.clone(); DerValue val = new DerValue(this.encoded); DerValue[] seq = new DerValue[2]; @@ -143,7 +143,7 @@ throw new IllegalArgumentException("the encryptedData " + "parameter must not be empty"); } else { - this.encryptedData = (byte[])encryptedData.clone(); + this.encryptedData = encryptedData.clone(); } // delay the generation of ASN.1 encoding until // getEncoded() is called @@ -183,7 +183,7 @@ throw new IllegalArgumentException("the encryptedData " + "parameter must not be empty"); } else { - this.encryptedData = (byte[])encryptedData.clone(); + this.encryptedData = encryptedData.clone(); } // delay the generation of ASN.1 encoding until @@ -222,7 +222,7 @@ * each time this method is called. */ public byte[] getEncryptedData() { - return (byte[])this.encryptedData.clone(); + return this.encryptedData.clone(); } /** @@ -247,26 +247,13 @@ throws InvalidKeySpecException { byte[] encoded = null; try { - encoded = cipher.doFinal((byte[])encryptedData); + encoded = cipher.doFinal(encryptedData); checkPKCS8Encoding(encoded); - } catch (GeneralSecurityException gse) { - InvalidKeySpecException ikse = new - InvalidKeySpecException( - "Cannot retrieve the PKCS8EncodedKeySpec"); - ikse.initCause(gse); - throw ikse; - } catch (IOException ioe) { - InvalidKeySpecException ikse = new - InvalidKeySpecException( - "Cannot retrieve the PKCS8EncodedKeySpec"); - ikse.initCause(ioe); - throw ikse; - } catch (IllegalStateException ise) { - InvalidKeySpecException ikse = new - InvalidKeySpecException( - "Cannot retrieve the PKCS8EncodedKeySpec"); - ikse.initCause(ise); - throw ikse; + } catch (GeneralSecurityException | + IOException | + IllegalStateException ex) { + throw new InvalidKeySpecException( + "Cannot retrieve the PKCS8EncodedKeySpec", ex); } return new PKCS8EncodedKeySpec(encoded); } @@ -289,16 +276,9 @@ } catch (NoSuchAlgorithmException nsae) { // rethrow throw nsae; - } catch (GeneralSecurityException gse) { - InvalidKeyException ike = new InvalidKeyException - ("Cannot retrieve the PKCS8EncodedKeySpec"); - ike.initCause(gse); - throw ike; - } catch (IOException ioe) { - InvalidKeyException ike = new InvalidKeyException - ("Cannot retrieve the PKCS8EncodedKeySpec"); - ike.initCause(ioe); - throw ike; + } catch (GeneralSecurityException | IOException ex) { + throw new InvalidKeyException( + "Cannot retrieve the PKCS8EncodedKeySpec", ex); } return new PKCS8EncodedKeySpec(encoded); } @@ -413,7 +393,7 @@ out.write(DerValue.tag_Sequence, tmp); this.encoded = out.toByteArray(); } - return (byte[])this.encoded.clone(); + return this.encoded.clone(); } private static void checkTag(DerValue val, byte tag, String valName) @@ -424,6 +404,7 @@ } } + @SuppressWarnings("fallthrough") private static void checkPKCS8Encoding(byte[] encodedKey) throws IOException { DerInputStream in = new DerInputStream(encodedKey); @@ -432,6 +413,7 @@ switch (values.length) { case 4: checkTag(values[3], DerValue.TAG_CONTEXT, "attributes"); + /* fall through */ case 3: checkTag(values[0], DerValue.tag_Integer, "version"); DerInputStream algid = values[1].toDerInputStream();
--- a/src/share/classes/javax/crypto/JarVerifier.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/JarVerifier.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -86,23 +86,19 @@ // Get a link to the Jarfile to search. try { - jf = (JarFile) - AccessController.doPrivileged( - new PrivilegedExceptionAction() { - public Object run() throws Exception { - JarURLConnection conn = - (JarURLConnection) url.openConnection(); - // You could do some caching here as - // an optimization. - conn.setUseCaches(false); - return conn.getJarFile(); - } - }); + jf = AccessController.doPrivileged( + new PrivilegedExceptionAction<JarFile>() { + public JarFile run() throws Exception { + JarURLConnection conn = + (JarURLConnection) url.openConnection(); + // You could do some caching here as + // an optimization. + conn.setUseCaches(false); + return conn.getJarFile(); + } + }); } catch (java.security.PrivilegedActionException pae) { - SecurityException se = new SecurityException( - "Cannot load " + url.toString()); - se.initCause(pae); - throw se; + throw new SecurityException("Cannot load " + url.toString(), pae); } if (jf != null) {
--- a/src/share/classes/javax/crypto/JceSecurity.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/JceSecurity.java Sat Sep 10 22:36:17 2016 +0100 @@ -57,10 +57,12 @@ // Map<Provider,?> of the providers we already have verified // value == PROVIDER_VERIFIED is successfully verified // value is failure cause Exception in error case - private final static Map verificationResults = new IdentityHashMap(); + private final static Map<Provider, Object> verificationResults = + new IdentityHashMap<>(); // Map<Provider,?> of the providers currently being verified - private final static Map verifyingProviders = new IdentityHashMap(); + private final static Map<Provider, Object> verifyingProviders = + new IdentityHashMap<>(); // Set the default value. May be changed in the static initializer. private static boolean isRestricted = true; @@ -73,25 +75,23 @@ static { try { - AccessController.doPrivileged(new PrivilegedExceptionAction() { - public Object run() throws Exception { - setupJurisdictionPolicies(); - return null; - } - }); + AccessController.doPrivileged( + new PrivilegedExceptionAction<Object>() { + public Object run() throws Exception { + setupJurisdictionPolicies(); + return null; + } + }); isRestricted = defaultPolicy.implies( CryptoAllPermission.INSTANCE) ? false : true; } catch (Exception e) { - SecurityException se = - new SecurityException( - "Can not initialize cryptographic mechanism"); - se.initCause(e); - throw se; + throw new SecurityException( + "Can not initialize cryptographic mechanism", e); } } - static Instance getInstance(String type, Class clazz, String algorithm, + static Instance getInstance(String type, Class<?> clazz, String algorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderException { Service s = GetInstance.getService(type, algorithm, provider); @@ -104,7 +104,7 @@ return GetInstance.getInstance(s, clazz); } - static Instance getInstance(String type, Class clazz, String algorithm, + static Instance getInstance(String type, Class<?> clazz, String algorithm, Provider provider) throws NoSuchAlgorithmException { Service s = GetInstance.getService(type, algorithm, provider); Exception ve = JceSecurity.getVerificationResult(provider); @@ -116,12 +116,11 @@ return GetInstance.getInstance(s, clazz); } - static Instance getInstance(String type, Class clazz, String algorithm) + static Instance getInstance(String type, Class<?> clazz, String algorithm) throws NoSuchAlgorithmException { - List services = GetInstance.getServices(type, algorithm); + List<Service> services = GetInstance.getServices(type, algorithm); NoSuchAlgorithmException failure = null; - for (Iterator t = services.iterator(); t.hasNext(); ) { - Service s = (Service)t.next(); + for (Service s : services) { if (canUseProvider(s.getProvider()) == false) { // allow only signed providers continue; @@ -213,17 +212,18 @@ } // reference to a Map we use as a cache for codebases - private static final Map codeBaseCacheRef = new WeakHashMap(); + private static final Map<Class<?>, URL> codeBaseCacheRef = + new WeakHashMap<>(); /* * Returns the CodeBase for the given class. */ - static URL getCodeBase(final Class clazz) { + static URL getCodeBase(final Class<?> clazz) { synchronized (codeBaseCacheRef) { - URL url = (URL)codeBaseCacheRef.get(clazz); + URL url = codeBaseCacheRef.get(clazz); if (url == null) { - url = (URL)AccessController.doPrivileged(new PrivilegedAction() { - public Object run() { + url = AccessController.doPrivileged(new PrivilegedAction<URL>() { + public URL run() { ProtectionDomain pd = clazz.getProtectionDomain(); if (pd != null) { CodeSource cs = pd.getCodeSource(); @@ -292,9 +292,9 @@ JarFile jf = new JarFile(jarPathName); - Enumeration entries = jf.entries(); + Enumeration<JarEntry> entries = jf.entries(); while (entries.hasMoreElements()) { - JarEntry je = (JarEntry)entries.nextElement(); + JarEntry je = entries.nextElement(); InputStream is = null; try { if (je.getName().startsWith("default_")) {
--- a/src/share/classes/javax/crypto/JceSecurityManager.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/JceSecurityManager.java Sat Sep 10 22:36:17 2016 +0100 @@ -28,7 +28,6 @@ import java.security.*; import java.net.*; import java.util.*; -import java.util.jar.*; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; @@ -52,7 +51,8 @@ private static final CryptoPermissions defaultPolicy; private static final CryptoPermissions exemptPolicy; private static final CryptoAllPermission allPerm; - private static final Vector TrustedCallersCache = new Vector(2); + private static final Vector<Class<?>> TrustedCallersCache = + new Vector<>(2); private static final ConcurrentMap<URL,CryptoPermissions> exemptCache = new ConcurrentHashMap<>(); private static final CryptoPermissions CACHE_NULL_MARK = @@ -65,12 +65,12 @@ defaultPolicy = JceSecurity.getDefaultPolicy(); exemptPolicy = JceSecurity.getExemptPolicy(); allPerm = CryptoAllPermission.INSTANCE; - INSTANCE = (JceSecurityManager) - AccessController.doPrivileged(new PrivilegedAction() { - public Object run() { - return new JceSecurityManager(); - } - }); + INSTANCE = AccessController.doPrivileged( + new PrivilegedAction<JceSecurityManager>() { + public JceSecurityManager run() { + return new JceSecurityManager(); + } + }); } private JceSecurityManager() { @@ -99,11 +99,11 @@ // javax.crypto.* packages. // NOTE: javax.crypto.* package maybe subject to package // insertion, so need to check its classloader as well. - Class[] context = getClassContext(); + Class<?>[] context = getClassContext(); URL callerCodeBase = null; int i; for (i=0; i<context.length; i++) { - Class cls = context[i]; + Class<?> cls = context[i]; callerCodeBase = JceSecurity.getCodeBase(cls); if (callerCodeBase != null) { break; @@ -150,7 +150,7 @@ if (appPc == null) { return defaultPerm; } - Enumeration enum_ = appPc.elements(); + Enumeration<Permission> enum_ = appPc.elements(); while (enum_.hasMoreElements()) { CryptoPermission cp = (CryptoPermission)enum_.nextElement(); if (cp.getExemptionMechanism() == null) { @@ -222,7 +222,7 @@ * Returns the default permission for the given algorithm. */ private CryptoPermission getDefaultPermission(String alg) { - Enumeration enum_ = + Enumeration<Permission> enum_ = defaultPolicy.getPermissionCollection(alg).elements(); return (CryptoPermission)enum_.nextElement(); }
--- a/src/share/classes/javax/crypto/KeyAgreement.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/KeyAgreement.java Sat Sep 10 22:36:17 2016 +0100 @@ -98,7 +98,7 @@ // remaining services to try in provider selection // null once provider is selected - private Iterator serviceIterator; + private Iterator<Service> serviceIterator; private final Object lock; @@ -117,7 +117,7 @@ lock = null; } - private KeyAgreement(Service s, Iterator t, String algorithm) { + private KeyAgreement(Service s, Iterator<Service> t, String algorithm) { firstService = s; serviceIterator = t; this.algorithm = algorithm; @@ -170,11 +170,12 @@ */ public static final KeyAgreement getInstance(String algorithm) throws NoSuchAlgorithmException { - List services = GetInstance.getServices("KeyAgreement", algorithm); + List<Service> services = + GetInstance.getServices("KeyAgreement", algorithm); // make sure there is at least one service from a signed provider - Iterator t = services.iterator(); + Iterator<Service> t = services.iterator(); while (t.hasNext()) { - Service s = (Service)t.next(); + Service s = t.next(); if (JceSecurity.canUseProvider(s.getProvider()) == false) { continue; } @@ -306,7 +307,7 @@ s = firstService; firstService = null; } else { - s = (Service)serviceIterator.next(); + s = serviceIterator.next(); } if (JceSecurity.canUseProvider(s.getProvider()) == false) { continue; @@ -363,7 +364,7 @@ s = firstService; firstService = null; } else { - s = (Service)serviceIterator.next(); + s = serviceIterator.next(); } // if provider says it does not support this key, ignore it if (s.supportsParameter(key) == false) {
--- a/src/share/classes/javax/crypto/KeyGenerator.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/KeyGenerator.java Sat Sep 10 22:36:17 2016 +0100 @@ -133,7 +133,7 @@ private final Object lock = new Object(); - private Iterator serviceIterator; + private Iterator<Service> serviceIterator; private int initType; private int initKeySize; @@ -161,7 +161,8 @@ private KeyGenerator(String algorithm) throws NoSuchAlgorithmException { this.algorithm = algorithm; - List list = GetInstance.getServices("KeyGenerator", algorithm); + List<Service> list = + GetInstance.getServices("KeyGenerator", algorithm); serviceIterator = list.iterator(); initType = I_NONE; // fetch and instantiate initial spi @@ -336,7 +337,7 @@ return null; } while (serviceIterator.hasNext()) { - Service s = (Service)serviceIterator.next(); + Service s = serviceIterator.next(); if (JceSecurity.canUseProvider(s.getProvider()) == false) { continue; }
--- a/src/share/classes/javax/crypto/Mac.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/Mac.java Sat Sep 10 22:36:17 2016 +0100 @@ -100,7 +100,7 @@ // remaining services to try in provider selection // null once provider is selected - private Iterator serviceIterator; + private Iterator<Service> serviceIterator; private final Object lock; @@ -119,7 +119,7 @@ lock = null; } - private Mac(Service s, Iterator t, String algorithm) { + private Mac(Service s, Iterator<Service> t, String algorithm) { firstService = s; serviceIterator = t; this.algorithm = algorithm; @@ -168,11 +168,11 @@ */ public static final Mac getInstance(String algorithm) throws NoSuchAlgorithmException { - List services = GetInstance.getServices("Mac", algorithm); + List<Service> services = GetInstance.getServices("Mac", algorithm); // make sure there is at least one service from a signed provider - Iterator t = services.iterator(); + Iterator<Service> t = services.iterator(); while (t.hasNext()) { - Service s = (Service)t.next(); + Service s = t.next(); if (JceSecurity.canUseProvider(s.getProvider()) == false) { continue; } @@ -293,7 +293,7 @@ s = firstService; firstService = null; } else { - s = (Service)serviceIterator.next(); + s = serviceIterator.next(); } if (JceSecurity.canUseProvider(s.getProvider()) == false) { continue; @@ -336,7 +336,7 @@ s = firstService; firstService = null; } else { - s = (Service)serviceIterator.next(); + s = serviceIterator.next(); } // if provider says it does not support this key, ignore it if (s.supportsParameter(key) == false) {
--- a/src/share/classes/javax/crypto/SealedObject.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/SealedObject.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -193,11 +193,11 @@ * @exception NullPointerException if the given sealed object is null. */ protected SealedObject(SealedObject so) { - this.encryptedContent = (byte[]) so.encryptedContent.clone(); + this.encryptedContent = so.encryptedContent.clone(); this.sealAlg = so.sealAlg; this.paramsAlg = so.paramsAlg; if (so.encodedParams != null) { - this.encodedParams = (byte[]) so.encodedParams.clone(); + this.encodedParams = so.encodedParams.clone(); } else { this.encodedParams = null; } @@ -353,10 +353,8 @@ try { return unseal(key, provider); - } catch (IllegalBlockSizeException ibse) { - throw new InvalidKeyException(ibse.getMessage()); - } catch (BadPaddingException bpe) { - throw new InvalidKeyException(bpe.getMessage()); + } catch (IllegalBlockSizeException | BadPaddingException ex) { + throw new InvalidKeyException(ex.getMessage()); } } @@ -450,9 +448,9 @@ { s.defaultReadObject(); if (encryptedContent != null) - encryptedContent = (byte[])encryptedContent.clone(); + encryptedContent = encryptedContent.clone(); if (encodedParams != null) - encodedParams = (byte[])encodedParams.clone(); + encodedParams = encodedParams.clone(); } } @@ -465,7 +463,7 @@ super(in); } - protected Class resolveClass(ObjectStreamClass v) + protected Class<?> resolveClass(ObjectStreamClass v) throws IOException, ClassNotFoundException {
--- a/src/share/classes/javax/crypto/SecretKeyFactory.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/SecretKeyFactory.java Sat Sep 10 22:36:17 2016 +0100 @@ -96,7 +96,7 @@ // remaining services to try in provider selection // null once provider is selected - private Iterator serviceIterator; + private Iterator<Service> serviceIterator; /** * Creates a SecretKeyFactory object. @@ -114,7 +114,8 @@ private SecretKeyFactory(String algorithm) throws NoSuchAlgorithmException { this.algorithm = algorithm; - List list = GetInstance.getServices("SecretKeyFactory", algorithm); + List<Service> list = + GetInstance.getServices("SecretKeyFactory", algorithm); serviceIterator = list.iterator(); // fetch and instantiate initial spi if (nextSpi(null) == null) { @@ -290,7 +291,7 @@ return null; } while (serviceIterator.hasNext()) { - Service s = (Service)serviceIterator.next(); + Service s = serviceIterator.next(); if (JceSecurity.canUseProvider(s.getProvider()) == false) { continue; }
--- a/src/share/classes/javax/crypto/SecretKeyFactorySpi.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/SecretKeyFactorySpi.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it
--- a/src/share/classes/javax/crypto/spec/DESKeySpec.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/spec/DESKeySpec.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -165,7 +165,7 @@ * each time this method is called. */ public byte[] getKey() { - return (byte[])this.key.clone(); + return this.key.clone(); } /**
--- a/src/share/classes/javax/crypto/spec/DESedeKeySpec.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/spec/DESedeKeySpec.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -95,7 +95,7 @@ * each time this method is called. */ public byte[] getKey() { - return (byte[])this.key.clone(); + return this.key.clone(); } /**
--- a/src/share/classes/javax/crypto/spec/IvParameterSpec.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/spec/IvParameterSpec.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -94,6 +94,6 @@ * each time this method is called. */ public byte[] getIV() { - return (byte[])this.iv.clone(); + return this.iv.clone(); } }
--- a/src/share/classes/javax/crypto/spec/PBEKeySpec.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/spec/PBEKeySpec.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -80,7 +80,7 @@ if ((password == null) || (password.length == 0)) { this.password = new char[0]; } else { - this.password = (char[])password.clone(); + this.password = password.clone(); } } @@ -109,7 +109,7 @@ if ((password == null) || (password.length == 0)) { this.password = new char[0]; } else { - this.password = (char[])password.clone(); + this.password = password.clone(); } if (salt == null) { throw new NullPointerException("the salt parameter " + @@ -118,7 +118,7 @@ throw new IllegalArgumentException("the salt parameter " + "must not be empty"); } else { - this.salt = (byte[]) salt.clone(); + this.salt = salt.clone(); } if (iterationCount<=0) { throw new IllegalArgumentException("invalid iterationCount value"); @@ -151,7 +151,7 @@ if ((password == null) || (password.length == 0)) { this.password = new char[0]; } else { - this.password = (char[])password.clone(); + this.password = password.clone(); } if (salt == null) { throw new NullPointerException("the salt parameter " + @@ -160,7 +160,7 @@ throw new IllegalArgumentException("the salt parameter " + "must not be empty"); } else { - this.salt = (byte[]) salt.clone(); + this.salt = salt.clone(); } if (iterationCount<=0) { throw new IllegalArgumentException("invalid iterationCount value"); @@ -196,7 +196,7 @@ if (password == null) { throw new IllegalStateException("password has been cleared"); } - return (char[]) password.clone(); + return password.clone(); } /** @@ -210,7 +210,7 @@ */ public final byte[] getSalt() { if (salt != null) { - return (byte[]) salt.clone(); + return salt.clone(); } else { return null; }
--- a/src/share/classes/javax/crypto/spec/PBEParameterSpec.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/spec/PBEParameterSpec.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,7 +25,6 @@ package javax.crypto.spec; -import java.math.BigInteger; import java.security.spec.AlgorithmParameterSpec; /** @@ -53,7 +52,7 @@ * @exception NullPointerException if <code>salt</code> is null. */ public PBEParameterSpec(byte[] salt, int iterationCount) { - this.salt = (byte[])salt.clone(); + this.salt = salt.clone(); this.iterationCount = iterationCount; } @@ -64,7 +63,7 @@ * each time this method is called. */ public byte[] getSalt() { - return (byte[])this.salt.clone(); + return this.salt.clone(); } /**
--- a/src/share/classes/javax/crypto/spec/PSource.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/spec/PSource.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,9 +25,6 @@ package javax.crypto.spec; -import java.math.BigInteger; -import java.security.spec.AlgorithmParameterSpec; - /** * This class specifies the source for encoding input P in OAEP Padding, * as defined in the @@ -97,7 +94,7 @@ */ public PSpecified(byte[] p) { super("PSpecified"); - this.p = (byte[]) p.clone(); + this.p = p.clone(); } /** * Returns the value of encoding input P. @@ -105,7 +102,7 @@ * returned each time this method is called. */ public byte[] getValue() { - return (p.length==0? p: (byte[])p.clone()); + return (p.length==0? p: p.clone()); } } }
--- a/src/share/classes/javax/crypto/spec/RC2ParameterSpec.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/spec/RC2ParameterSpec.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -117,7 +117,7 @@ * Returns a new array each time this method is called. */ public byte[] getIV() { - return (iv == null? null:(byte[])iv.clone()); + return (iv == null? null:iv.clone()); } /**
--- a/src/share/classes/javax/crypto/spec/RC5ParameterSpec.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/spec/RC5ParameterSpec.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -157,7 +157,7 @@ * Returns a new array each time this method is called. */ public byte[] getIV() { - return (iv == null? null:(byte[])iv.clone()); + return (iv == null? null:iv.clone()); } /**
--- a/src/share/classes/javax/crypto/spec/SecretKeySpec.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/crypto/spec/SecretKeySpec.java Sat Sep 10 22:36:17 2016 +0100 @@ -25,8 +25,6 @@ package javax.crypto.spec; -import java.io.UnsupportedEncodingException; -import java.security.Key; import java.security.MessageDigest; import java.security.spec.KeySpec; import javax.crypto.SecretKey; @@ -96,7 +94,7 @@ if (key.length == 0) { throw new IllegalArgumentException("Empty key"); } - this.key = (byte[])key.clone(); + this.key = key.clone(); this.algorithm = algorithm; } @@ -182,7 +180,7 @@ * each time this method is called. */ public byte[] getEncoded() { - return (byte[])this.key.clone(); + return this.key.clone(); } /**
--- a/src/share/classes/javax/management/openmbean/OpenMBeanAttributeInfoSupport.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/management/openmbean/OpenMBeanAttributeInfoSupport.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -45,7 +45,6 @@ import javax.management.ImmutableDescriptor; import javax.management.MBeanAttributeInfo; import com.sun.jmx.remote.util.EnvHelp; -import sun.reflect.misc.ConstructorUtil; import sun.reflect.misc.MethodUtil; import sun.reflect.misc.ReflectUtil; @@ -693,8 +692,9 @@ private static <T> T convertFromString(String s, OpenType<T> openType) { Class<T> c; try { - ReflectUtil.checkPackageAccess(openType.safeGetClassName()); - c = cast(Class.forName(openType.safeGetClassName())); + String className = openType.safeGetClassName(); + ReflectUtil.checkPackageAccess(className); + c = cast(Class.forName(className)); } catch (ClassNotFoundException e) { throw new NoClassDefFoundError(e.toString()); // can't happen } @@ -762,11 +762,15 @@ Class<?> stringArrayClass; Class<?> targetArrayClass; try { + String baseClassName = baseType.safeGetClassName(); + + // check access to the provided base type class name and bail out early + ReflectUtil.checkPackageAccess(baseClassName); + stringArrayClass = Class.forName(squareBrackets + "Ljava.lang.String;"); targetArrayClass = - Class.forName(squareBrackets + "L" + baseType.safeGetClassName() + - ";"); + Class.forName(squareBrackets + "L" + baseClassName + ";"); } catch (ClassNotFoundException e) { throw new NoClassDefFoundError(e.toString()); // can't happen }
--- a/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -382,7 +382,6 @@ "connectionId=" + connectionId +", className=" + className +", name=" + name - +", params=" + objects(values) +", signature=" + strings(signature)); return (ObjectInstance) @@ -448,7 +447,6 @@ +", className=" + className +", name=" + name +", loaderName=" + loaderName - +", params=" + objects(values) +", signature=" + strings(signature)); return (ObjectInstance) @@ -740,7 +738,7 @@ if (debug) logger.debug("setAttribute", "connectionId=" + connectionId +", name="+name - +", attribute="+attr); + +", attribute name="+attr.getName()); doPrivilegedOperation( SET_ATTRIBUTE, @@ -791,7 +789,7 @@ if (debug) logger.debug("setAttributes", "connectionId=" + connectionId +", name="+name - +", attributes="+attrlist); + +", attribute names="+RMIConnector.getAttributesNames(attrlist)); return (AttributeList) doPrivilegedOperation( @@ -846,7 +844,6 @@ "connectionId=" + connectionId +", name="+name +", operationName="+operationName - +", params="+objects(values) +", signature="+strings(signature)); return
--- a/src/share/classes/javax/management/remote/rmi/RMIConnector.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/management/remote/rmi/RMIConnector.java Sat Sep 10 22:36:17 2016 +0100 @@ -66,6 +66,7 @@ import java.util.Arrays; import java.util.Collections; import java.util.HashMap; +import java.util.Iterator; import java.util.Map; import java.util.Properties; import java.util.Set; @@ -712,9 +713,7 @@ if (logger.debugOn()) logger.debug("createMBean(String,ObjectName,Object[],String[])", "className=" + className + ", name=" - + name + ", params=" - + objects(params) + ", signature=" - + strings(signature)); + + name + ", signature=" + strings(signature)); final MarshalledObject<Object[]> sParams = new MarshalledObject<Object[]>(params); @@ -753,8 +752,7 @@ if (logger.debugOn()) logger.debug( "createMBean(String,ObjectName,ObjectName,Object[],String[])", "className=" + className + ", name=" + name + ", loaderName=" - + loaderName + ", params=" + objects(params) - + ", signature=" + strings(signature)); + + loaderName + ", signature=" + strings(signature)); final MarshalledObject<Object[]> sParams = new MarshalledObject<Object[]>(params); @@ -954,8 +952,8 @@ IOException { if (logger.debugOn()) logger.debug("setAttribute", - "name=" + name + ", attribute=" - + attribute); + "name=" + name + ", attribute name=" + + attribute.getName()); final MarshalledObject<Attribute> sAttribute = new MarshalledObject<Attribute>(attribute); @@ -977,9 +975,11 @@ ReflectionException, IOException { - if (logger.debugOn()) logger.debug("setAttributes", - "name=" + name + ", attributes=" - + attributes); + if (logger.debugOn()) { + logger.debug("setAttributes", + "name=" + name + ", attribute names=" + + getAttributesNames(attributes)); + } final MarshalledObject<AttributeList> sAttributes = new MarshalledObject<AttributeList>(attributes); @@ -1012,7 +1012,6 @@ if (logger.debugOn()) logger.debug("invoke", "name=" + name + ", operationName=" + operationName - + ", params=" + objects(params) + ", signature=" + strings(signature)); final MarshalledObject<Object[]> sParams = @@ -2608,4 +2607,18 @@ private static String strings(final String[] strs) { return objects(strs); } + + static String getAttributesNames(AttributeList attributes) { + StringBuilder builder = new StringBuilder("["); + if (attributes != null) { + Iterator<Attribute> i = attributes.asList().iterator(); + while (i.hasNext()) { + builder.append(i.next().getName()); + if (i.hasNext()) + builder.append(", "); + } + } + builder.append("]"); + return builder.toString(); + } }
--- a/src/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -39,6 +39,12 @@ import com.sun.jmx.remote.internal.RMIExporter; import com.sun.jmx.remote.util.EnvHelp; +import java.io.ObjectStreamClass; +import java.lang.reflect.Method; +import java.util.ArrayList; +import java.util.List; +import sun.reflect.misc.ReflectUtil; +import sun.rmi.server.DeserializationChecker; import sun.rmi.server.UnicastServerRef; import sun.rmi.server.UnicastServerRef2; @@ -52,6 +58,9 @@ * @since 1.5 */ public class RMIJRMPServerImpl extends RMIServerImpl { + + private final ExportedWrapper exportedWrapper; + /** * <p>Creates a new {@link RMIServer} object that will be exported * on the given port using the given socket factories.</p> @@ -89,10 +98,31 @@ this.csf = csf; this.ssf = ssf; this.env = (env == null) ? Collections.<String, Object>emptyMap() : env; + + String[] credentialsTypes + = (String[]) this.env.get(EnvHelp.CREDENTIAL_TYPES); + List<String> types = null; + if (credentialsTypes != null) { + types = new ArrayList<>(); + for (String type : credentialsTypes) { + if (type == null) { + throw new IllegalArgumentException("A credential type is null."); + } + ReflectUtil.checkPackageAccess(type); + types.add(type); + } + } + exportedWrapper = types != null ? + new ExportedWrapper(this, types) : + null; } protected void export() throws IOException { - export(this); + if (exportedWrapper != null) { + export(exportedWrapper); + } else { + export(this); + } } private void export(Remote obj) throws RemoteException { @@ -142,7 +172,11 @@ * RMIJRMPServerImpl has not been exported yet. */ public Remote toStub() throws IOException { - return RemoteObject.toStub(this); + if (exportedWrapper != null) { + return RemoteObject.toStub(exportedWrapper); + } else { + return RemoteObject.toStub(this); + } } /** @@ -189,11 +223,61 @@ * server failed. */ protected void closeServer() throws IOException { - unexport(this, true); + if (exportedWrapper != null) { + unexport(exportedWrapper, true); + } else { + unexport(this, true); + } } private final int port; private final RMIClientSocketFactory csf; private final RMIServerSocketFactory ssf; private final Map<String, ?> env; + + private static class ExportedWrapper implements RMIServer, DeserializationChecker { + private final RMIServer impl; + private final List<String> allowedTypes; + private ExportedWrapper(RMIServer impl, List<String> credentialsTypes) { + this.impl = impl; + allowedTypes = credentialsTypes; + } + + @Override + public String getVersion() throws RemoteException { + return impl.getVersion(); + } + + @Override + public RMIConnection newClient(Object credentials) throws IOException { + return impl.newClient(credentials); + } + + @Override + public void check(Method method, ObjectStreamClass descriptor, + int paramIndex, int callID) { + + String type = descriptor.getName(); + if (!allowedTypes.contains(type)) { + throw new ClassCastException("Unsupported type: " + type); + } + } + + @Override + public void checkProxyClass(Method method, String[] ifaces, + int paramIndex, int callID) { + if (ifaces != null && ifaces.length > 0) { + for (String iface : ifaces) { + if (!allowedTypes.contains(iface)) { + throw new ClassCastException("Unsupported type: " + iface); + } + } + } + } + + @Override + public void end(int callID) { + /* Do nothing */ + } + } }
--- a/src/share/classes/javax/security/auth/SubjectDomainCombiner.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/security/auth/SubjectDomainCombiner.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,6 +37,8 @@ import java.util.Set; import java.util.WeakHashMap; import java.lang.ref.WeakReference; +import sun.misc.SharedSecrets; +import sun.misc.JavaSecurityProtectionDomainAccess; /** * A <code>SubjectDomainCombiner</code> updates ProtectionDomains @@ -64,6 +66,9 @@ private static final boolean allowCaching = (useJavaxPolicy && cachePolicy()); + private static final JavaSecurityProtectionDomainAccess pdAccess = + SharedSecrets.getJavaSecurityProtectionDomainAccess(); + /** * Associate the provided <code>Subject</code> with this * <code>SubjectDomainCombiner</code>. @@ -238,10 +243,16 @@ subjectPd = cachedPDs.getValue(pd); if (subjectPd == null) { - subjectPd = new ProtectionDomain(pd.getCodeSource(), + if (pdAccess.getStaticPermissionsField(pd)) { + // Need to keep static ProtectionDomain objects static + subjectPd = new ProtectionDomain(pd.getCodeSource(), + pd.getPermissions()); + } else { + subjectPd = new ProtectionDomain(pd.getCodeSource(), pd.getPermissions(), pd.getClassLoader(), principals); + } cachedPDs.putValue(pd, subjectPd); } else { allNew = false; @@ -338,59 +349,63 @@ ProtectionDomain subjectPd = cachedPDs.getValue(pd); if (subjectPd == null) { - - // XXX - // we must first add the original permissions. - // that way when we later add the new JAAS permissions, - // any unresolved JAAS-related permissions will - // automatically get resolved. + if (pdAccess.getStaticPermissionsField(pd)) { + // keep static ProtectionDomain objects static + subjectPd = new ProtectionDomain(pd.getCodeSource(), + pd.getPermissions()); + } else { + // XXX + // we must first add the original permissions. + // that way when we later add the new JAAS permissions, + // any unresolved JAAS-related permissions will + // automatically get resolved. - // get the original perms - Permissions perms = new Permissions(); - PermissionCollection coll = pd.getPermissions(); - java.util.Enumeration e; - if (coll != null) { - synchronized (coll) { - e = coll.elements(); - while (e.hasMoreElements()) { - Permission newPerm = - (Permission)e.nextElement(); - perms.add(newPerm); + // get the original perms + Permissions perms = new Permissions(); + PermissionCollection coll = pd.getPermissions(); + java.util.Enumeration<Permission> e; + if (coll != null) { + synchronized (coll) { + e = coll.elements(); + while (e.hasMoreElements()) { + Permission newPerm = + e.nextElement(); + perms.add(newPerm); + } } } - } - - // get perms from the policy - final java.security.CodeSource finalCs = pd.getCodeSource(); - final Subject finalS = subject; - PermissionCollection newPerms = - java.security.AccessController.doPrivileged - (new PrivilegedAction<PermissionCollection>() { - public PermissionCollection run() { - return - javax.security.auth.Policy.getPolicy().getPermissions - (finalS, finalCs); - } - }); + // get perms from the policy + final java.security.CodeSource finalCs = pd.getCodeSource(); + final Subject finalS = subject; + PermissionCollection newPerms = + java.security.AccessController.doPrivileged + (new PrivilegedAction<PermissionCollection>() { + @SuppressWarnings("deprecation") + public PermissionCollection run() { + return + javax.security.auth.Policy.getPolicy().getPermissions + (finalS, finalCs); + } + }); - // add the newly granted perms, - // avoiding duplicates - synchronized (newPerms) { - e = newPerms.elements(); - while (e.hasMoreElements()) { - Permission newPerm = (Permission)e.nextElement(); - if (!perms.implies(newPerm)) { - perms.add(newPerm); - if (debug != null) - debug.println ( - "Adding perm " + newPerm + "\n"); + // add the newly granted perms, + // avoiding duplicates + synchronized (newPerms) { + e = newPerms.elements(); + while (e.hasMoreElements()) { + Permission newPerm = e.nextElement(); + if (!perms.implies(newPerm)) { + perms.add(newPerm); + if (debug != null) + debug.println ( + "Adding perm " + newPerm + "\n"); + } } } + subjectPd = new ProtectionDomain + (finalCs, perms, pd.getClassLoader(), principals); } - subjectPd = new ProtectionDomain - (finalCs, perms, pd.getClassLoader(), principals); - if (allowCaching) cachedPDs.putValue(pd, subjectPd); }
--- a/src/share/classes/javax/security/auth/kerberos/KerberosPrincipal.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/security/auth/kerberos/KerberosPrincipal.java Sat Sep 10 22:36:17 2016 +0100 @@ -26,7 +26,6 @@ package javax.security.auth.kerberos; import java.io.*; -import sun.security.krb5.Asn1Exception; import sun.security.krb5.KrbException; import sun.security.krb5.PrincipalName; import sun.security.krb5.Realm; @@ -81,14 +80,12 @@ public static final int KRB_NT_UID = 5; - private transient String fullName; private transient String realm; private transient int nameType; - private static final char NAME_REALM_SEPARATOR = '@'; /** * Constructs a KerberosPrincipal from the provided string input. The @@ -115,18 +112,7 @@ * java.security.krb5.realm system property. */ public KerberosPrincipal(String name) { - - PrincipalName krb5Principal = null; - - try { - // Appends the default realm if it is missing - krb5Principal = new PrincipalName(name, KRB_NT_PRINCIPAL); - } catch (KrbException e) { - throw new IllegalArgumentException(e.getMessage()); - } - nameType = KRB_NT_PRINCIPAL; // default name type - fullName = krb5Principal.toString(); - realm = krb5Principal.getRealmString(); + this(name, KRB_NT_PRINCIPAL); } /** @@ -168,6 +154,20 @@ throw new IllegalArgumentException(e.getMessage()); } + // A ServicePermission with a principal in the deduced realm and + // any action must be granted if no realm is provided by caller. + if (krb5Principal.isRealmDeduced() && !Realm.AUTODEDUCEREALM) { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + try { + sm.checkPermission(new ServicePermission( + "@" + krb5Principal.getRealmAsString(), "-")); + } catch (SecurityException se) { + // Swallow the actual exception to hide info + throw new SecurityException("Cannot read realm info"); + } + } + } this.nameType = nameType; fullName = krb5Principal.toString(); realm = krb5Principal.getRealmString(); @@ -233,41 +233,35 @@ * realm in their DER-encoded form as specified in Section 5.2.2 of * <a href=http://www.ietf.org/rfc/rfc4120.txt> RFC4120</a>. */ - private void writeObject(ObjectOutputStream oos) - throws IOException { + throws IOException { - PrincipalName krb5Principal = null; + PrincipalName krb5Principal; try { - krb5Principal = new PrincipalName(fullName,nameType); + krb5Principal = new PrincipalName(fullName, nameType); oos.writeObject(krb5Principal.asn1Encode()); oos.writeObject(krb5Principal.getRealm().asn1Encode()); } catch (Exception e) { - IOException ioe = new IOException(e.getMessage()); - ioe.initCause(e); - throw ioe; + throw new IOException(e); } } /** * Reads this object from a stream (i.e., deserializes it) */ - private void readObject(ObjectInputStream ois) - throws IOException, ClassNotFoundException { + throws IOException, ClassNotFoundException { byte[] asn1EncPrincipal = (byte [])ois.readObject(); byte[] encRealm = (byte [])ois.readObject(); try { - PrincipalName krb5Principal = new PrincipalName(new - DerValue(asn1EncPrincipal)); - realm = (new Realm(new DerValue(encRealm))).toString(); - fullName = krb5Principal.toString() + NAME_REALM_SEPARATOR + - realm.toString(); + Realm realmObject = new Realm(new DerValue(encRealm)); + PrincipalName krb5Principal = new PrincipalName( + new DerValue(asn1EncPrincipal), realmObject); + realm = realmObject.toString(); + fullName = krb5Principal.toString(); nameType = krb5Principal.getNameType(); } catch (Exception e) { - IOException ioe = new IOException(e.getMessage()); - ioe.initCause(e); - throw ioe; + throw new IOException(e); } } @@ -288,9 +282,7 @@ * <a href=http://www.ietf.org/rfc/rfc4120.txt> RFC4120</a>. * * @return the name type. - * */ - public int getNameType() { return nameType; }
--- a/src/share/classes/javax/security/auth/kerberos/ServicePermission.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/security/auth/kerberos/ServicePermission.java Sat Sep 10 22:36:17 2016 +0100 @@ -50,7 +50,7 @@ * used within. * <p> * The service principal name is the canonical name of the - * <code>KereberosPrincipal</code> supplying the service, that is + * {@code KerberosPrincipal} supplying the service, that is * the KerberosPrincipal represents a Kerberos service * principal. This name is treated in a case sensitive manner. * An asterisk may appear by itself, to signify any service principal. @@ -145,6 +145,9 @@ * @param action the action string */ public ServicePermission(String servicePrincipal, String action) { + // Note: servicePrincipal can be "@REALM" which means any principal in + // this realm implies it. action can be "-" which means any + // action implies it. super(servicePrincipal); init(servicePrincipal, getMask(action)); } @@ -188,7 +191,9 @@ boolean impliesIgnoreMask(ServicePermission p) { return ((this.getName().equals("*")) || - this.getName().equals(p.getName())); + this.getName().equals(p.getName()) || + (p.getName().startsWith("@") && + this.getName().endsWith(p.getName()))); } /** @@ -298,7 +303,10 @@ /** * Convert an action string to an integer actions mask. * - * @param action the action string + * Note: if action is "-", action will be NONE, which means any + * action implies it. + * + * @param action the action string. * @return the action mask */ @@ -316,9 +324,11 @@ char[] a = action.toCharArray(); + if (a.length == 1 && a[0] == '-') { + return mask; + } + int i = a.length - 1; - if (i < 0) - return mask; while (i != -1) { char c; @@ -480,6 +490,17 @@ ServicePermission np = (ServicePermission) permission; int desired = np.getMask(); + + if (desired == 0) { + for (Permission p: perms) { + ServicePermission sp = (ServicePermission)p; + if (sp.impliesIgnoreMask(np)) { + return true; + } + } + return false; + } + int effective = 0; int needed = desired;
--- a/src/share/classes/javax/swing/TimerQueue.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/javax/swing/TimerQueue.java Sat Sep 10 22:36:17 2016 +0100 @@ -93,6 +93,9 @@ void startIfNeeded() { if (! running) { runningLock.lock(); + if (running) { + return; + } try { final ThreadGroup threadGroup = AppContext.getAppContext().getThreadGroup(); @@ -168,15 +171,17 @@ try { while (running) { try { - Timer timer = queue.take().getTimer(); + DelayedTimer runningTimer = queue.take(); + Timer timer = runningTimer.getTimer(); timer.getLock().lock(); try { DelayedTimer delayedTimer = timer.delayedTimer; - if (delayedTimer != null) { + if (delayedTimer == runningTimer) { /* - * Timer is not removed after we get it from - * the queue and before the lock on the timer is - * acquired + * Timer is not removed (delayedTimer != null) + * or not removed and added (runningTimer == delayedTimer) + * after we get it from the queue and before the + * lock on the timer is acquired */ timer.post(); // have timer post an event timer.delayedTimer = null;
--- a/src/share/classes/sun/applet/resources/MsgAppletViewer_de.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/applet/resources/MsgAppletViewer_de.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -38,7 +38,7 @@ {"appletviewer.menuitem.stop", "Stoppen"}, {"appletviewer.menuitem.save", "Speichern..."}, {"appletviewer.menuitem.start", "Starten..."}, - {"appletviewer.menuitem.clone", "Clonen..."}, + {"appletviewer.menuitem.clone", "Klonen..."}, {"appletviewer.menuitem.tag", "Tag..."}, {"appletviewer.menuitem.info", "Informationen..."}, {"appletviewer.menuitem.edit", "Bearbeiten"},
--- a/src/share/classes/sun/applet/resources/MsgAppletViewer_ko.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/applet/resources/MsgAppletViewer_ko.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -79,7 +79,7 @@ {"appletviewer.main.err.dupoption", "\uC911\uBCF5\uB41C \uC635\uC158 \uC0AC\uC6A9: {0}"}, {"appletviewer.main.err.inputfile", "\uC9C0\uC815\uB41C \uC785\uB825 \uD30C\uC77C\uC774 \uC5C6\uC2B5\uB2C8\uB2E4."}, {"appletviewer.main.err.badurl", "\uC798\uBABB\uB41C URL: {0}({1})"}, - {"appletviewer.main.err.io", "\uC77D\uB294 \uC911 I/O \uC608\uC678 \uC0AC\uD56D \uBC1C\uC0DD: {0}"}, + {"appletviewer.main.err.io", "\uC77D\uB294 \uC911 I/O \uC608\uC678\uC0AC\uD56D \uBC1C\uC0DD: {0}"}, {"appletviewer.main.err.readablefile", "{0}\uC774(\uAC00) \uD30C\uC77C\uC774\uBA70 \uC77D\uAE30 \uAC00\uB2A5\uD55C \uC0C1\uD0DC\uC778\uC9C0 \uD655\uC778\uD558\uC2ED\uC2DC\uC624."}, {"appletviewer.main.err.correcturl", "{0}\uC774(\uAC00) \uC62C\uBC14\uB978 URL\uC785\uB2C8\uAE4C?"}, {"appletviewer.main.prop.store", "\uC0AC\uC6A9\uC790 \uAD00\uB828 AppletViewer \uC18D\uC131"}, @@ -88,7 +88,7 @@ {"appletviewer.main.warn.nosecmgr", "\uACBD\uACE0: \uBCF4\uC548\uC744 \uC0AC\uC6A9 \uC548\uD568\uC73C\uB85C \uC124\uC815\uD558\uB294 \uC911\uC785\uB2C8\uB2E4."}, {"appletviewer.main.debug.cantfinddebug", "\uB514\uBC84\uAC70\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4!"}, {"appletviewer.main.debug.cantfindmain", "\uB514\uBC84\uAC70\uC5D0\uC11C \uAE30\uBCF8 \uBA54\uC18C\uB4DC\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4!"}, - {"appletviewer.main.debug.exceptionindebug", "\uB514\uBC84\uAC70\uC5D0 \uC608\uC678 \uC0AC\uD56D\uC774 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4!"}, + {"appletviewer.main.debug.exceptionindebug", "\uB514\uBC84\uAC70\uC5D0 \uC608\uC678\uC0AC\uD56D\uC774 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4!"}, {"appletviewer.main.debug.cantaccess", "\uB514\uBC84\uAC70\uC5D0 \uC561\uC138\uC2A4\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4!"}, {"appletviewer.main.nosecmgr", "\uACBD\uACE0: SecurityManager\uAC00 \uC124\uCE58\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4!"}, {"appletviewer.main.warning", "\uACBD\uACE0: \uC2DC\uC791\uB41C \uC560\uD50C\uB9BF\uC774 \uC5C6\uC2B5\uB2C8\uB2E4. <applet> \uD0DC\uADF8\uAC00 \uC785\uB825\uB418\uC5C8\uB294\uC9C0 \uD655\uC778\uD558\uC2ED\uC2DC\uC624."}, @@ -98,9 +98,9 @@ {"appletioexception.loadclass.throw.notloaded", "\uD074\uB798\uC2A4\uAC00 \uB85C\uB4DC\uB418\uC9C0 \uC54A\uC74C: {0}"}, {"appletclassloader.loadcode.verbose", "{1}\uC744(\uB97C) \uAC00\uC838\uC624\uAE30 \uC704\uD574 {0}\uC5D0 \uB300\uD55C \uC2A4\uD2B8\uB9BC\uC744 \uC5EC\uB294 \uC911"}, {"appletclassloader.filenotfound", "{0}\uC744(\uB97C) \uAC80\uC0C9\uD558\uB294 \uC911 \uD30C\uC77C\uC744 \uCC3E\uC9C0 \uBABB\uD588\uC2B5\uB2C8\uB2E4."}, - {"appletclassloader.fileformat", "\uB85C\uB4DC \uC911 \uD30C\uC77C \uD615\uC2DD \uC608\uC678 \uC0AC\uD56D \uBC1C\uC0DD: {0}"}, - {"appletclassloader.fileioexception", "\uB85C\uB4DC \uC911 I/O \uC608\uC678 \uC0AC\uD56D \uBC1C\uC0DD: {0}"}, - {"appletclassloader.fileexception", "\uB85C\uB4DC \uC911 {0} \uC608\uC678 \uC0AC\uD56D \uBC1C\uC0DD: {1}"}, + {"appletclassloader.fileformat", "\uB85C\uB4DC \uC911 \uD30C\uC77C \uD615\uC2DD \uC608\uC678\uC0AC\uD56D \uBC1C\uC0DD: {0}"}, + {"appletclassloader.fileioexception", "\uB85C\uB4DC \uC911 I/O \uC608\uC678\uC0AC\uD56D \uBC1C\uC0DD: {0}"}, + {"appletclassloader.fileexception", "\uB85C\uB4DC \uC911 {0} \uC608\uC678\uC0AC\uD56D \uBC1C\uC0DD: {1}"}, {"appletclassloader.filedeath", "\uB85C\uB4DC \uC911 {0}\uC774(\uAC00) \uC885\uB8CC\uB428: {1}"}, {"appletclassloader.fileerror", "\uB85C\uB4DC \uC911 {0} \uC624\uB958 \uBC1C\uC0DD: {1}"}, {"appletclassloader.findclass.verbose.openstream", "{1}\uC744(\uB97C) \uAC00\uC838\uC624\uAE30 \uC704\uD574 {0}\uC5D0 \uB300\uD55C \uC2A4\uD2B8\uB9BC\uC744 \uC5EC\uB294 \uC911"}, @@ -108,7 +108,7 @@ {"appletclassloader.getresource.verbose.found", "\uC2DC\uC2A4\uD15C \uB9AC\uC18C\uC2A4\uB85C {0} \uB9AC\uC18C\uC2A4\uB97C \uCC3E\uC558\uC2B5\uB2C8\uB2E4."}, {"appletclassloader.getresourceasstream.verbose", "\uC2DC\uC2A4\uD15C \uB9AC\uC18C\uC2A4\uB85C {0} \uB9AC\uC18C\uC2A4\uB97C \uCC3E\uC558\uC2B5\uB2C8\uB2E4."}, {"appletpanel.runloader.err", "\uAC1D\uCCB4 \uB610\uB294 \uCF54\uB4DC \uB9E4\uAC1C\uBCC0\uC218\uC785\uB2C8\uB2E4!"}, - {"appletpanel.runloader.exception", "{0}\uC758 \uC9C1\uB82C\uD654\uB97C \uD574\uC81C\uD558\uB294 \uC911 \uC608\uC678 \uC0AC\uD56D\uC774 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4."}, + {"appletpanel.runloader.exception", "{0}\uC758 \uC9C1\uB82C\uD654\uB97C \uD574\uC81C\uD558\uB294 \uC911 \uC608\uC678\uC0AC\uD56D\uC774 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4."}, {"appletpanel.destroyed", "\uC560\uD50C\uB9BF\uC774 \uC0AD\uC81C\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, {"appletpanel.loaded", "\uC560\uD50C\uB9BF\uC774 \uB85C\uB4DC\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, {"appletpanel.started", "\uC560\uD50C\uB9BF\uC774 \uC2DC\uC791\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, @@ -120,8 +120,8 @@ {"appletpanel.nocreate", "\uB85C\uB4DC: {0}\uC744(\uB97C) \uC778\uC2A4\uD134\uC2A4\uD654\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."}, {"appletpanel.noconstruct", "\uB85C\uB4DC: {0}\uC740(\uB294) \uACF5\uC6A9\uC774 \uC544\uB2C8\uAC70\uB098 \uACF5\uC6A9 \uC0DD\uC131\uC790\uB97C \uD3EC\uD568\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4."}, {"appletpanel.death", "\uC885\uB8CC\uB428"}, - {"appletpanel.exception", "\uC608\uC678 \uC0AC\uD56D: {0}."}, - {"appletpanel.exception2", "\uC608\uC678 \uC0AC\uD56D: {0}: {1}."}, + {"appletpanel.exception", "\uC608\uC678\uC0AC\uD56D: {0}."}, + {"appletpanel.exception2", "\uC608\uC678\uC0AC\uD56D: {0}: {1}."}, {"appletpanel.error", "\uC624\uB958: {0}."}, {"appletpanel.error2", "\uC624\uB958: {0}: {1}."}, {"appletpanel.notloaded", "\uCD08\uAE30\uD654: \uC560\uD50C\uB9BF\uC774 \uB85C\uB4DC\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."}, @@ -132,9 +132,9 @@ {"appletpanel.notdisposed", "\uB85C\uB4DC: \uC560\uD50C\uB9BF\uC774 \uBC30\uCE58\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."}, {"appletpanel.bail", "\uC911\uB2E8\uB428: \uC911\uB2E8\uD558\uB294 \uC911\uC785\uB2C8\uB2E4."}, {"appletpanel.filenotfound", "{0}\uC744(\uB97C) \uAC80\uC0C9\uD558\uB294 \uC911 \uD30C\uC77C\uC744 \uCC3E\uC9C0 \uBABB\uD588\uC2B5\uB2C8\uB2E4."}, - {"appletpanel.fileformat", "\uB85C\uB4DC \uC911 \uD30C\uC77C \uD615\uC2DD \uC608\uC678 \uC0AC\uD56D \uBC1C\uC0DD: {0}"}, - {"appletpanel.fileioexception", "\uB85C\uB4DC \uC911 I/O \uC608\uC678 \uC0AC\uD56D \uBC1C\uC0DD: {0}"}, - {"appletpanel.fileexception", "\uB85C\uB4DC \uC911 {0} \uC608\uC678 \uC0AC\uD56D \uBC1C\uC0DD: {1}"}, + {"appletpanel.fileformat", "\uB85C\uB4DC \uC911 \uD30C\uC77C \uD615\uC2DD \uC608\uC678\uC0AC\uD56D \uBC1C\uC0DD: {0}"}, + {"appletpanel.fileioexception", "\uB85C\uB4DC \uC911 I/O \uC608\uC678\uC0AC\uD56D \uBC1C\uC0DD: {0}"}, + {"appletpanel.fileexception", "\uB85C\uB4DC \uC911 {0} \uC608\uC678\uC0AC\uD56D \uBC1C\uC0DD: {1}"}, {"appletpanel.filedeath", "\uB85C\uB4DC \uC911 {0}\uC774(\uAC00) \uC885\uB8CC\uB428: {1}"}, {"appletpanel.fileerror", "\uB85C\uB4DC \uC911 {0} \uC624\uB958 \uBC1C\uC0DD: {1}"}, {"appletpanel.badattribute.exception", "HTML \uAD6C\uBB38 \uBD84\uC11D \uC911: width/height \uC18D\uC131\uC5D0 \uB300\uD55C \uAC12\uC774 \uC62C\uBC14\uB974\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4."}, @@ -162,36 +162,36 @@ {"appletprops.button.ok", "\uD655\uC778"}, /* end 4066432 */ {"appletprops.prop.store", "\uC0AC\uC6A9\uC790 \uAD00\uB828 AppletViewer \uC18D\uC131"}, - {"appletsecurityexception.checkcreateclassloader", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uD074\uB798\uC2A4 \uB85C\uB354"}, - {"appletsecurityexception.checkaccess.thread", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uC2A4\uB808\uB4DC"}, - {"appletsecurityexception.checkaccess.threadgroup", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uC2A4\uB808\uB4DC \uADF8\uB8F9: {0}"}, - {"appletsecurityexception.checkexit", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uC885\uB8CC: {0}"}, - {"appletsecurityexception.checkexec", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uC2E4\uD589: {0}"}, - {"appletsecurityexception.checklink", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uB9C1\uD06C: {0}"}, - {"appletsecurityexception.checkpropsaccess", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uC18D\uC131"}, - {"appletsecurityexception.checkpropsaccess.key", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uC18D\uC131 \uC561\uC138\uC2A4 {0}"}, - {"appletsecurityexception.checkread.exception1", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: {0}, {1}"}, - {"appletsecurityexception.checkread.exception2", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: file.read: {0}"}, - {"appletsecurityexception.checkread", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: file.read: {0} == {1}"}, - {"appletsecurityexception.checkwrite.exception", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: {0}, {1}"}, - {"appletsecurityexception.checkwrite", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: file.write: {0} == {1}"}, - {"appletsecurityexception.checkread.fd", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: fd.read"}, - {"appletsecurityexception.checkwrite.fd", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: fd.write"}, - {"appletsecurityexception.checklisten", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: socket.listen: {0}"}, - {"appletsecurityexception.checkaccept", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: socket.accept: {0}:{1}"}, - {"appletsecurityexception.checkconnect.networknone", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: socket.connect: {0}->{1}"}, - {"appletsecurityexception.checkconnect.networkhost1", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: {1}\uC5D0\uC11C {0}\uC5D0 \uC811\uC18D\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."}, - {"appletsecurityexception.checkconnect.networkhost2", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: {0} \uD638\uC2A4\uD2B8 \uB610\uB294 {1}\uC5D0 \uB300\uD55C IP\uB97C \uBD84\uC11D\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. "}, - {"appletsecurityexception.checkconnect.networkhost3", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: {0} \uD638\uC2A4\uD2B8\uC5D0 \uB300\uD55C IP\uB97C \uBD84\uC11D\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. trustProxy \uC18D\uC131\uC744 \uCC38\uC870\uD558\uC2ED\uC2DC\uC624."}, - {"appletsecurityexception.checkconnect", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uC811\uC18D: {0}->{1}"}, - {"appletsecurityexception.checkpackageaccess", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uD328\uD0A4\uC9C0\uC5D0 \uC561\uC138\uC2A4\uD560 \uC218 \uC5C6\uC74C: {0}"}, - {"appletsecurityexception.checkpackagedefinition", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uD328\uD0A4\uC9C0\uB97C \uC815\uC758\uD560 \uC218 \uC5C6\uC74C: {0}"}, - {"appletsecurityexception.cannotsetfactory", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uD329\uD1A0\uB9AC\uB97C \uC124\uC815\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."}, - {"appletsecurityexception.checkmemberaccess", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uBA64\uBC84 \uC561\uC138\uC2A4\uB97C \uD655\uC778\uD558\uC2ED\uC2DC\uC624."}, - {"appletsecurityexception.checkgetprintjob", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: getPrintJob"}, - {"appletsecurityexception.checksystemclipboardaccess", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: getSystemClipboard"}, - {"appletsecurityexception.checkawteventqueueaccess", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: getEventQueue"}, - {"appletsecurityexception.checksecurityaccess", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uBCF4\uC548 \uC791\uC5C5: {0}"}, + {"appletsecurityexception.checkcreateclassloader", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uD074\uB798\uC2A4 \uB85C\uB354"}, + {"appletsecurityexception.checkaccess.thread", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uC2A4\uB808\uB4DC"}, + {"appletsecurityexception.checkaccess.threadgroup", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uC2A4\uB808\uB4DC \uADF8\uB8F9: {0}"}, + {"appletsecurityexception.checkexit", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uC885\uB8CC: {0}"}, + {"appletsecurityexception.checkexec", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uC2E4\uD589: {0}"}, + {"appletsecurityexception.checklink", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uB9C1\uD06C: {0}"}, + {"appletsecurityexception.checkpropsaccess", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uC18D\uC131"}, + {"appletsecurityexception.checkpropsaccess.key", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uC18D\uC131 \uC561\uC138\uC2A4 {0}"}, + {"appletsecurityexception.checkread.exception1", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: {0}, {1}"}, + {"appletsecurityexception.checkread.exception2", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: file.read: {0}"}, + {"appletsecurityexception.checkread", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: file.read: {0} == {1}"}, + {"appletsecurityexception.checkwrite.exception", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: {0}, {1}"}, + {"appletsecurityexception.checkwrite", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: file.write: {0} == {1}"}, + {"appletsecurityexception.checkread.fd", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: fd.read"}, + {"appletsecurityexception.checkwrite.fd", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: fd.write"}, + {"appletsecurityexception.checklisten", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: socket.listen: {0}"}, + {"appletsecurityexception.checkaccept", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: socket.accept: {0}:{1}"}, + {"appletsecurityexception.checkconnect.networknone", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: socket.connect: {0}->{1}"}, + {"appletsecurityexception.checkconnect.networkhost1", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: {1}\uC5D0\uC11C {0}\uC5D0 \uC811\uC18D\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."}, + {"appletsecurityexception.checkconnect.networkhost2", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: {0} \uD638\uC2A4\uD2B8 \uB610\uB294 {1}\uC5D0 \uB300\uD55C IP\uB97C \uBD84\uC11D\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. "}, + {"appletsecurityexception.checkconnect.networkhost3", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: {0} \uD638\uC2A4\uD2B8\uC5D0 \uB300\uD55C IP\uB97C \uBD84\uC11D\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. trustProxy \uC18D\uC131\uC744 \uCC38\uC870\uD558\uC2ED\uC2DC\uC624."}, + {"appletsecurityexception.checkconnect", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uC811\uC18D: {0}->{1}"}, + {"appletsecurityexception.checkpackageaccess", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uD328\uD0A4\uC9C0\uC5D0 \uC561\uC138\uC2A4\uD560 \uC218 \uC5C6\uC74C: {0}"}, + {"appletsecurityexception.checkpackagedefinition", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uD328\uD0A4\uC9C0\uB97C \uC815\uC758\uD560 \uC218 \uC5C6\uC74C: {0}"}, + {"appletsecurityexception.cannotsetfactory", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uD329\uD1A0\uB9AC\uB97C \uC124\uC815\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."}, + {"appletsecurityexception.checkmemberaccess", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uBA64\uBC84 \uC561\uC138\uC2A4\uB97C \uD655\uC778\uD558\uC2ED\uC2DC\uC624."}, + {"appletsecurityexception.checkgetprintjob", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: getPrintJob"}, + {"appletsecurityexception.checksystemclipboardaccess", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: getSystemClipboard"}, + {"appletsecurityexception.checkawteventqueueaccess", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: getEventQueue"}, + {"appletsecurityexception.checksecurityaccess", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uBCF4\uC548 \uC791\uC5C5: {0}"}, {"appletsecurityexception.getsecuritycontext.unknown", "\uC54C \uC218 \uC5C6\uB294 \uD074\uB798\uC2A4 \uB85C\uB354 \uC720\uD615\uC785\uB2C8\uB2E4. getContext\uB97C \uD655\uC778\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."}, {"appletsecurityexception.checkread.unknown", "\uC54C \uC218 \uC5C6\uB294 \uD074\uB798\uC2A4 \uB85C\uB354 \uC720\uD615\uC785\uB2C8\uB2E4. {0} \uC77D\uAE30\uB97C \uD655\uC778\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."}, {"appletsecurityexception.checkconnect.unknown", "\uC54C \uC218 \uC5C6\uB294 \uD074\uB798\uC2A4 \uB85C\uB354 \uC720\uD615\uC785\uB2C8\uB2E4. \uC811\uC18D\uC744 \uD655\uC778\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."},
--- a/src/share/classes/sun/awt/resources/awt_de.properties Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/awt/resources/awt_de.properties Sat Sep 10 22:36:17 2016 +0100 @@ -44,7 +44,7 @@ AWT.subtract=NumPad - AWT.decimal=NumPad . AWT.divide=NumPad / -AWT.delete=Entf +AWT.delete=L\u00F6schen AWT.numLock=Num AWT.scrollLock=Rollen AWT.f1=F1
--- a/src/share/classes/sun/invoke/util/VerifyAccess.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/invoke/util/VerifyAccess.java Sat Sep 10 22:36:17 2016 +0100 @@ -168,22 +168,66 @@ * @param refc */ public static boolean isTypeVisible(Class<?> type, Class<?> refc) { - if (type == refc) return true; // easy check + if (type == refc) { + return true; // easy check + } while (type.isArray()) type = type.getComponentType(); - if (type.isPrimitive() || type == Object.class) return true; - ClassLoader parent = type.getClassLoader(); - if (parent == null) return true; - ClassLoader child = refc.getClassLoader(); - if (child == null) return false; - if (parent == child || loadersAreRelated(parent, child, true)) + if (type.isPrimitive() || type == Object.class) { return true; - // Do it the hard way: Look up the type name from the refc loader. - try { - Class<?> res = child.loadClass(type.getName()); - return (type == res); - } catch (ClassNotFoundException ex) { + } + ClassLoader typeLoader = type.getClassLoader(); + final ClassLoader refcLoader = refc.getClassLoader(); + if (typeLoader == refcLoader) { + return true; + } + if (refcLoader == null && typeLoader != null) { return false; } + if (typeLoader == null && type.getName().startsWith("java.")) { + // Note: The API for actually loading classes, ClassLoader.defineClass, + // guarantees that classes with names beginning "java." cannot be aliased, + // because class loaders cannot load them directly. + return true; + } + + // Do it the hard way: Look up the type name from the refc loader. + // + // Force the refc loader to report and commit to a particular binding for this type name (type.getName()). + // + // In principle, this query might force the loader to load some unrelated class, + // which would cause this query to fail (and the original caller to give up). + // This would be wasted effort, but it is expected to be very rare, occurring + // only when an attacker is attempting to create a type alias. + // In the normal case, one class loader will simply delegate to the other, + // and the same type will be visible through both, with no extra loading. + // + // It is important to go through Class.forName instead of ClassLoader.loadClass + // because Class.forName goes through the JVM system dictionary, which records + // the class lookup once for all. This means that even if a not-well-behaved class loader + // would "change its mind" about the meaning of the name, the Class.forName request + // will use the result cached in the JVM system dictionary. Note that the JVM system dictionary + // will record the first successful result. Unsuccessful results are not stored. + // + // We use doPrivileged in order to allow an unprivileged caller to ask an arbitrary + // class loader about the binding of the proposed name (type.getName()). + // The looked up type ("res") is compared for equality against the proposed + // type ("type") and then is discarded. Thus, the worst that can happen to + // the "child" class loader is that it is bothered to load and report a class + // that differs from "type"; this happens once due to JVM system dictionary + // memoization. And the caller never gets to look at the alternate type binding + // ("res"), whether it exists or not. + final String name = type.getName(); + Class<?> res = java.security.AccessController.doPrivileged( + new java.security.PrivilegedAction<Class>() { + public Class<?> run() { + try { + return Class.forName(name, false, refcLoader); + } catch (ClassNotFoundException | LinkageError e) { + return null; // Assume the class is not found + } + } + }); + return (type == res); } /**
--- a/src/share/classes/sun/launcher/resources/launcher_ko.properties Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/launcher/resources/launcher_ko.properties Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ # -# Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -41,7 +41,7 @@ \uC788\uC2B5\uB2C8\uB2E4.\n # Translators please note do not translate the options themselves -java.launcher.X.macosx.usage=\n\uB2E4\uC74C\uC740 Mac OS X\uC5D0 \uD2B9\uC815\uB41C \uC635\uC158\uC785\uB2C8\uB2E4.\n -XstartOnFirstThread\n \uCCAB\uBC88\uC9F8 (AppKit) \uC2A4\uB808\uB4DC\uC5D0 main() \uBA54\uC18C\uB4DC\uB97C \uC2E4\uD589\uD569\uB2C8\uB2E4.\n -Xdock:name=<application name>"\n \uACE0\uC815\uC73C\uB85C \uD45C\uC2DC\uB41C \uAE30\uBCF8 \uC751\uC6A9 \uD504\uB85C\uADF8\uB7A8 \uC774\uB984\uC744 \uBB34\uD6A8\uD654\uD569\uB2C8\uB2E4.\n -Xdock:icon=<path to icon file>\n \uACE0\uC815\uC73C\uB85C \uD45C\uC2DC\uB41C \uAE30\uBCF8 \uC544\uC774\uCF58\uC744 \uBB34\uD6A8\uD654\uD569\uB2C8\uB2E4.\n\n +java.launcher.X.macosx.usage=\n\uB2E4\uC74C\uC740 Mac OS X\uC5D0 \uD2B9\uC815\uB41C \uC635\uC158\uC785\uB2C8\uB2E4.\n -XstartOnFirstThread\n \uCCAB\uBC88\uC9F8 (AppKit) \uC2A4\uB808\uB4DC\uC5D0 main() \uBA54\uC18C\uB4DC\uB97C \uC2E4\uD589\uD569\uB2C8\uB2E4.\n -Xdock:name=<application name>"\n \uACE0\uC815\uC73C\uB85C \uD45C\uC2DC\uB41C \uAE30\uBCF8 \uC560\uD50C\uB9AC\uCF00\uC774\uC158 \uC774\uB984\uC744 \uBB34\uD6A8\uD654\uD569\uB2C8\uB2E4.\n -Xdock:icon=<path to icon file>\n \uACE0\uC815\uC73C\uB85C \uD45C\uC2DC\uB41C \uAE30\uBCF8 \uC544\uC774\uCF58\uC744 \uBB34\uD6A8\uD654\uD569\uB2C8\uB2E4.\n\n java.launcher.cls.error1=\uC624\uB958: \uAE30\uBCF8 \uD074\uB798\uC2A4 {0}\uC744(\uB97C) \uCC3E\uAC70\uB098 \uB85C\uB4DC\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. java.launcher.cls.error2=\uC624\uB958: {1} \uD074\uB798\uC2A4\uC5D0\uC11C \uAE30\uBCF8 \uBA54\uC18C\uB4DC\uAC00 {0}\uC774(\uAC00) \uC544\uB2D9\uB2C8\uB2E4. \uB2E4\uC74C \uD615\uC2DD\uC73C\uB85C \uAE30\uBCF8 \uBA54\uC18C\uB4DC\uB97C \uC815\uC758\uD558\uC2ED\uC2DC\uC624.\n public static void main(String[] args)
--- a/src/share/classes/sun/launcher/resources/launcher_zh_TW.properties Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/launcher/resources/launcher_zh_TW.properties Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ # -# Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -44,7 +44,7 @@ java.launcher.cls.error1=\u932F\u8AA4: \u627E\u4E0D\u5230\u6216\u7121\u6CD5\u8F09\u5165\u4E3B\u8981\u985E\u5225 {0} java.launcher.cls.error2=\u932F\u8AA4: \u4E3B\u8981\u65B9\u6CD5\u4E0D\u662F\u985E\u5225 {1} \u4E2D\u7684 {0}\uFF0C\u8ACB\u5B9A\u7FA9\u4E3B\u8981\u65B9\u6CD5\u70BA:\n public static void main(String[] args) -java.launcher.cls.error3=\u932F\u8AA4: \u4E3B\u8981\u65B9\u6CD5\u5FC5\u9808\u50B3\u56DE\u985E\u5225 {0} \u4E2D void \u985E\u578B\u7684\u503C\uFF0C \n\u8ACB\u5B9A\u7FA9\u4E3B\u8981\u65B9\u6CD5\u70BA:\n public static void main(String[] args) +java.launcher.cls.error3=\u932F\u8AA4: \u4E3B\u8981\u65B9\u6CD5\u5FC5\u9808\u50B3\u56DE\u985E\u5225 {0} \u4E2D void \u985E\u578B\u7684\u503C\uFF0C\n\u8ACB\u5B9A\u7FA9\u4E3B\u8981\u65B9\u6CD5\u70BA:\n public static void main(String[] args) java.launcher.cls.error4=\u932F\u8AA4: \u5728\u985E\u5225 {0} \u4E2D\u627E\u4E0D\u5230\u4E3B\u8981\u65B9\u6CD5\uFF0C\u8ACB\u5B9A\u7FA9\u4E3B\u8981\u65B9\u6CD5\u70BA:\n public static void main(String[] args) java.launcher.jar.error1=\u932F\u8AA4: \u5617\u8A66\u958B\u555F\u6A94\u6848 {0} \u6642\u767C\u751F\u672A\u9810\u671F\u7684\u932F\u8AA4 java.launcher.jar.error2=\u5728 {0} \u4E2D\u627E\u4E0D\u5230\u8CC7\u8A0A\u6E05\u55AE
--- a/src/share/classes/sun/management/GarbageCollectorImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/management/GarbageCollectorImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -105,17 +105,13 @@ GarbageCollectionNotificationInfo.GARBAGE_COLLECTION_NOTIFICATION }; - private MBeanNotificationInfo[] notifInfo = null; + @Override public MBeanNotificationInfo[] getNotificationInfo() { - synchronized (this) { - if (notifInfo == null) { - notifInfo = new MBeanNotificationInfo[1]; - notifInfo[0] = new MBeanNotificationInfo(gcNotifTypes, - notifName, - "GC Notification"); - } - } - return notifInfo; + return new MBeanNotificationInfo[]{ + new MBeanNotificationInfo(gcNotifTypes, + notifName, + "GC Notification") + }; } private static long seqNumber = 0;
--- a/src/share/classes/sun/management/MemoryImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/management/MemoryImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -115,17 +115,10 @@ "Memory usage exceeds collection usage threshold" }; - private MBeanNotificationInfo[] notifInfo = null; public MBeanNotificationInfo[] getNotificationInfo() { - synchronized (this) { - if (notifInfo == null) { - notifInfo = new MBeanNotificationInfo[1]; - notifInfo[0] = new MBeanNotificationInfo(notifTypes, - notifName, - "Memory Notification"); - } - } - return notifInfo; + return new MBeanNotificationInfo[] { + new MBeanNotificationInfo(notifTypes, notifName, "Memory Notification") + }; } private static String getNotifMsg(String notifType) {
--- a/src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -74,6 +74,7 @@ import com.sun.jmx.remote.internal.RMIExporter; import com.sun.jmx.remote.security.JMXPluggableAuthenticator; import com.sun.jmx.remote.util.ClassLogger; +import com.sun.jmx.remote.util.EnvHelp; import sun.management.Agent; import sun.management.AgentConfigurationError; @@ -511,6 +512,9 @@ // This RMI server should not keep the VM alive Map<String, Object> env = new HashMap<String, Object>(); env.put(RMIExporter.EXPORTER_ATTRIBUTE, new PermanentExporter()); + env.put(EnvHelp.CREDENTIAL_TYPES, new String[]{ + String[].class.getName(), String.class.getName() + }); // The local connector server need only be available via the // loopback connection. @@ -750,6 +754,9 @@ PermanentExporter exporter = new PermanentExporter(); env.put(RMIExporter.EXPORTER_ATTRIBUTE, exporter); + env.put(EnvHelp.CREDENTIAL_TYPES, new String[]{ + String[].class.getName(), String.class.getName() + }); boolean useSocketFactory = bindAddress != null && !useSsl;
--- a/src/share/classes/sun/management/resources/agent_ko.properties Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/management/resources/agent_ko.properties Sat Sep 10 22:36:17 2016 +0100 @@ -1,6 +1,6 @@ # # -# Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -28,7 +28,7 @@ # these are the same as the non-localized level name. agent.err.error = \uC624\uB958 -agent.err.exception = \uC5D0\uC774\uC804\uD2B8\uC5D0 \uC608\uC678 \uC0AC\uD56D\uC774 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. +agent.err.exception = \uC5D0\uC774\uC804\uD2B8\uC5D0 \uC608\uC678\uC0AC\uD56D\uC774 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. agent.err.warning = \uACBD\uACE0 agent.err.configfile.notfound = \uAD6C\uC131 \uD30C\uC77C\uC744 \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4.
--- a/src/share/classes/sun/management/resources/agent_zh_TW.properties Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/management/resources/agent_zh_TW.properties Sat Sep 10 22:36:17 2016 +0100 @@ -1,6 +1,6 @@ # # -# Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -31,10 +31,10 @@ agent.err.exception = \u4EE3\u7406\u7A0B\u5F0F\u767C\u751F\u7570\u5E38 agent.err.warning = \u8B66\u544A -agent.err.configfile.notfound = \u627E\u4E0D\u5230\u914D\u7F6E\u6A94\u6848 -agent.err.configfile.failed = \u7121\u6CD5\u8B80\u53D6\u914D\u7F6E\u6A94\u6848 -agent.err.configfile.closed.failed = \u7121\u6CD5\u95DC\u9589\u914D\u7F6E\u6A94\u6848 -agent.err.configfile.access.denied = \u5B58\u53D6\u914D\u7F6E\u6A94\u6848\u906D\u5230\u62D2\u7D55 +agent.err.configfile.notfound = \u627E\u4E0D\u5230\u7D44\u614B\u6A94\u6848 +agent.err.configfile.failed = \u7121\u6CD5\u8B80\u53D6\u7D44\u614B\u6A94\u6848 +agent.err.configfile.closed.failed = \u7121\u6CD5\u95DC\u9589\u7D44\u614B\u6A94\u6848 +agent.err.configfile.access.denied = \u5B58\u53D6\u7D44\u614B\u6A94\u6848\u906D\u5230\u62D2\u7D55 agent.err.exportaddress.failed = \u5C07 JMX \u9023\u63A5\u5668\u4F4D\u5740\u532F\u51FA\u81F3\u8A2D\u5099\u7DE9\u885D\u5340\u5931\u6557
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/misc/JavaObjectInputStreamAccess.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.misc; + +import java.io.ObjectInputStream; + +/** + * The interface to specify methods for accessing {@code ObjectInputStream} + * @author sjiang + */ +public interface JavaObjectInputStreamAccess { + /** + * Sets a descriptor validating. + * @param ois stream to have the descriptors validated + * @param validator validator used to validate a descriptor. + */ + public void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator); +}
--- a/src/share/classes/sun/misc/JavaSecurityAccess.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/misc/JavaSecurityAccess.java Sat Sep 10 22:36:17 2016 +0100 @@ -26,7 +26,10 @@ package sun.misc; import java.security.AccessControlContext; +import java.security.Permission; import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; public interface JavaSecurityAccess { @@ -37,4 +40,13 @@ <T> T doIntersectionPrivilege(PrivilegedAction<T> action, AccessControlContext context); + <T> T doPrivileged(PrivilegedAction<T> action, + AccessControlContext context, + Permission... perms); + + <T> T doPrivileged(PrivilegedExceptionAction<T> action, + AccessControlContext context, + Permission... perms) + throws PrivilegedActionException; + }
--- a/src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java Sat Sep 10 22:36:17 2016 +0100 @@ -36,4 +36,9 @@ * Returns the ProtectionDomainCache. */ ProtectionDomainCache getProtectionDomainCache(); + + /** + * Returns the staticPermissions field of the specified object + */ + boolean getStaticPermissionsField(ProtectionDomain pd); }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/misc/ObjectStreamClassValidator.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.misc; + +import java.io.ObjectStreamClass; + +/** + * A callback used by {@code ObjectInputStream} to do descriptor validation. + * + * @author sjiang + */ +public interface ObjectStreamClassValidator { + /** + * This method will be called by ObjectInputStream to + * check a descriptor just before creating an object described by this descriptor. + * The object will not be created if this method throws a {@code RuntimeException}. + * @param descriptor descriptor to be checked. + */ + public void validateDescriptor(ObjectStreamClass descriptor); +}
--- a/src/share/classes/sun/misc/SharedSecrets.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/misc/SharedSecrets.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,6 +28,7 @@ import java.util.jar.JarFile; import java.io.Console; import java.io.FileDescriptor; +import java.io.ObjectInputStream; import java.security.ProtectionDomain; import java.util.zip.Adler32; import javax.security.auth.kerberos.KeyTab; @@ -58,6 +59,7 @@ private static JavaUtilZipAccess javaUtilZipAccess; private static JavaUtilZipFileAccess javaUtilZipFileAccess; private static JavaAWTAccess javaAWTAccess; + private static JavaObjectInputStreamAccess javaObjectInputStreamAccess; public static JavaUtilJarAccess javaUtilJarAccess() { if (javaUtilJarAccess == null) { @@ -200,4 +202,15 @@ // provision for. return javaAWTAccess; } + + public static JavaObjectInputStreamAccess getJavaObjectInputStreamAccess() { + if (javaObjectInputStreamAccess == null) { + unsafe.ensureClassInitialized(ObjectInputStream.class); + } + return javaObjectInputStreamAccess; + } + + public static void setJavaObjectInputStreamAccess(JavaObjectInputStreamAccess access) { + javaObjectInputStreamAccess = access; + } }
--- a/src/share/classes/sun/misc/Version.java.template Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/misc/Version.java.template Sat Sep 10 22:36:17 2016 +0100 @@ -313,15 +313,24 @@ jvm_minor_version = Character.digit(cs.charAt(2), 10); jvm_micro_version = Character.digit(cs.charAt(4), 10); cs = cs.subSequence(5, cs.length()); - if (cs.charAt(0) == '_' && cs.length() >= 3 && - Character.isDigit(cs.charAt(1)) && - Character.isDigit(cs.charAt(2))) { - int nextChar = 3; + if (cs.charAt(0) == '_' && cs.length() >= 3) { + int nextChar = 0; + if (Character.isDigit(cs.charAt(1)) && + Character.isDigit(cs.charAt(2)) && + Character.isDigit(cs.charAt(3))) + { + nextChar = 4; + } else if (Character.isDigit(cs.charAt(1)) && + Character.isDigit(cs.charAt(2))) + { + nextChar = 3; + } + try { - String uu = cs.subSequence(1, 3).toString(); + String uu = cs.subSequence(1, nextChar).toString(); jvm_update_version = Integer.valueOf(uu).intValue(); - if (cs.length() >= 4) { - char c = cs.charAt(3); + if (cs.length() >= nextChar + 1) { + char c = cs.charAt(nextChar); if (c >= 'a' && c <= 'z') { jvm_special_version = Character.toString(c); nextChar++;
--- a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Sat Sep 10 22:36:17 2016 +0100 @@ -460,7 +460,8 @@ private void checkMessageHeader(String key, String value) { char LF = '\n'; int index = key.indexOf(LF); - if (index != -1) { + int index1 = key.indexOf(':'); + if (index != -1 || index1 != -1) { throw new IllegalArgumentException( "Illegal character(s) in message header field: " + key); }
--- a/src/share/classes/sun/nio/ch/AbstractPollSelectorImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/nio/ch/AbstractPollSelectorImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -193,9 +193,4 @@ if (!selch.isOpen() && !selch.isRegistered()) ((SelChImpl)selch).kill(); } - - static { - Util.load(); - } - }
--- a/src/share/classes/sun/nio/ch/DatagramChannelImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/nio/ch/DatagramChannelImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -1125,7 +1125,7 @@ throws IOException; static { - Util.load(); + IOUtil.load(); initIDs(); }
--- a/src/share/classes/sun/nio/ch/FileChannelImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/nio/ch/FileChannelImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -1201,7 +1201,7 @@ private static native long initIDs(); static { - Util.load(); + IOUtil.load(); allocationGranularity = initIDs(); }
--- a/src/share/classes/sun/nio/ch/IOUtil.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/nio/ch/IOUtil.java Sat Sep 10 22:36:17 2016 +0100 @@ -346,9 +346,23 @@ static native void initIDs(); + /** + * Used to trigger loading of native libraries + */ + public static void load() { } + static { - // Note that IOUtil.initIDs is called from within Util.load. - Util.load(); + java.security.AccessController.doPrivileged( + new java.security.PrivilegedAction<Void>() { + public Void run() { + System.loadLibrary("net"); + System.loadLibrary("nio"); + return null; + } + }); + + initIDs(); + IOV_MAX = iovMax(); }
--- a/src/share/classes/sun/nio/ch/Net.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/nio/ch/Net.java Sat Sep 10 22:36:17 2016 +0100 @@ -628,7 +628,7 @@ private static native void initIDs(); static { - Util.load(); + IOUtil.load(); initIDs(); }
--- a/src/share/classes/sun/nio/ch/ServerSocketChannelImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/nio/ch/ServerSocketChannelImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -403,7 +403,7 @@ private static native void initIDs(); static { - Util.load(); + IOUtil.load(); initIDs(); nd = new SocketDispatcher(); }
--- a/src/share/classes/sun/nio/ch/SocketChannelImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/nio/ch/SocketChannelImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -1038,7 +1038,7 @@ throws IOException; static { - Util.load(); + IOUtil.load(); nd = new SocketDispatcher(); }
--- a/src/share/classes/sun/nio/ch/Util.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/nio/ch/Util.java Sat Sep 10 22:36:17 2016 +0100 @@ -471,25 +471,4 @@ return bugLevel.equals(bl); } - - - // -- Initialization -- - - private static boolean loaded = false; - - static void load() { - synchronized (Util.class) { - if (loaded) - return; - loaded = true; - java.security.AccessController - .doPrivileged(new sun.security.action.LoadLibraryAction("net")); - java.security.AccessController - .doPrivileged(new sun.security.action.LoadLibraryAction("nio")); - // IOUtil must be initialized; Its native methods are called from - // other places in native nio code so they must be set up. - IOUtil.initIDs(); - } - } - }
--- a/src/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java Sat Sep 10 22:36:17 2016 +0100 @@ -25,6 +25,7 @@ package sun.reflect.annotation; +import java.io.ObjectInputStream; import java.lang.annotation.*; import java.lang.reflect.*; import java.io.Serializable; @@ -424,35 +425,72 @@ private void readObject(java.io.ObjectInputStream s) throws java.io.IOException, ClassNotFoundException { - s.defaultReadObject(); + ObjectInputStream.GetField fields = s.readFields(); + + @SuppressWarnings("unchecked") + Class<? extends Annotation> t = (Class<? extends Annotation>)fields.get("type", null); + @SuppressWarnings("unchecked") + Map<String, Object> streamVals = (Map<String, Object>)fields.get("memberValues", null); // Check to make sure that types have not evolved incompatibly AnnotationType annotationType = null; try { - annotationType = AnnotationType.getInstance(type); + annotationType = AnnotationType.getInstance(t); } catch(IllegalArgumentException e) { // Class is no longer an annotation type; time to punch out throw new java.io.InvalidObjectException("Non-annotation type in annotation serial stream"); } Map<String, Class<?>> memberTypes = annotationType.memberTypes(); + // consistent with runtime Map type + Map<String, Object> mv = new LinkedHashMap<>(); // If there are annotation members without values, that // situation is handled by the invoke method. - for (Map.Entry<String, Object> memberValue : memberValues.entrySet()) { + for (Map.Entry<String, Object> memberValue : streamVals.entrySet()) { String name = memberValue.getKey(); + Object value = null; Class<?> memberType = memberTypes.get(name); if (memberType != null) { // i.e. member still exists - Object value = memberValue.getValue(); + value = memberValue.getValue(); if (!(memberType.isInstance(value) || value instanceof ExceptionProxy)) { - memberValue.setValue( - new AnnotationTypeMismatchExceptionProxy( + value = new AnnotationTypeMismatchExceptionProxy( value.getClass() + "[" + value + "]").setMember( - annotationType.members().get(name))); + annotationType.members().get(name)); } } + mv.put(name, value); + } + + UnsafeAccessor.setType(this, t); + UnsafeAccessor.setMemberValues(this, mv); + } + + private static class UnsafeAccessor { + private static final sun.misc.Unsafe unsafe; + private static final long typeOffset; + private static final long memberValuesOffset; + static { + try { + unsafe = sun.misc.Unsafe.getUnsafe(); + typeOffset = unsafe.objectFieldOffset + (AnnotationInvocationHandler.class.getDeclaredField("type")); + memberValuesOffset = unsafe.objectFieldOffset + (AnnotationInvocationHandler.class.getDeclaredField("memberValues")); + } catch (Exception ex) { + throw new ExceptionInInitializerError(ex); + } + } + static void setType(AnnotationInvocationHandler o, + Class<? extends Annotation> type) { + unsafe.putObject(o, typeOffset, type); + } + + static void setMemberValues(AnnotationInvocationHandler o, + Map<String, Object> memberValues) { + unsafe.putObject(o, memberValuesOffset, memberValues); } } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/rmi/server/DeserializationChecker.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,93 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.rmi.server; + +import java.io.ObjectStreamClass; +import java.lang.reflect.Method; + +/** + * Implementing this interface to have a deserialization control when RMI + * dispatches a remote request. If an exported object implements this interface, + * RMI dispatching mechanism will call the method {@code check} every time + * deserialising a remote object for invoking a method of the exported object. + * + * @author sjiang + */ +public interface DeserializationChecker { + /** + * Will be called to check a descriptor. + * This method may be called 2 times, the first time is when a descriptor is read + * from the stream, the second is just before creating an object described + * by this descriptor. + * + * @param method the method invoked from a remote request. + * @param descriptor The descriptor of the class of any object deserialised + * while deserialising the parameter. The first descriptor will be that of + * the top level object (the concrete class of the parameter itself); + * Subsequent calls with the same {@code method}, {@code paramIndex} and + * {@code callID} will correspond to objects contained in the parameter. + * @param paramIndex an index indicates the position of a parameter in the + * method. This index will be reused for deserialising all + * objects contained in the parameter object. For example, the parameter + * being deserialised is a {@code List}, all deserialisation calls for its + * elements will have same index. + * @param callID a unique ID identifying one + * time method invocation, the same ID is used for deserialization call of + * all parameters within the method. + */ + public void check(Method method, + ObjectStreamClass descriptor, + int paramIndex, + int callID); + + /** + * Will be called to validate a Proxy interfaces from a remote user before loading it. + * @param method the method invoked from a remote request. + * @param ifaces a string table of all interfaces implemented by the proxy to be checked. + * @param paramIndex an index indicates the position of a parameter in the + * method. This index will be reused for deserialising all + * objects contained in the parameter object. For example, the parameter + * being deserialised is a {@code List}, all deserialisation calls for its + * elements will have same index. + * @param callID a unique ID identifying one + * time method invocation, the same ID is used for deserialization call of + * all parameters within the method. + */ + public void checkProxyClass(Method method, + String[] ifaces, + int paramIndex, + int callID); + + /** + * Inform of the completion of parameter deserialisation for a method invocation. + * This is useful if the last parameter is a complex object, like a {@code List} + * which elements are complex object too. + * + * The default implementation does nothing. + * @param callID the ID identifying a method invocation. + */ + public void end(int callID); +}
--- a/src/share/classes/sun/rmi/server/MarshalInputStream.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/rmi/server/MarshalInputStream.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,12 +30,12 @@ import java.io.ObjectInputStream; import java.io.ObjectStreamClass; import java.io.StreamCorruptedException; -import java.net.URL; import java.util.*; import java.security.AccessControlException; import java.security.Permission; - import java.rmi.server.RMIClassLoader; +import sun.misc.ObjectStreamClassValidator; +import sun.misc.SharedSecrets; /** * MarshalInputStream is an extension of ObjectInputStream. When resolving @@ -53,6 +53,11 @@ * @author Peter Jones */ public class MarshalInputStream extends ObjectInputStream { + interface StreamChecker extends ObjectStreamClassValidator { + void checkProxyInterfaceNames(String[] ifaces); + } + + private volatile StreamChecker streamChecker = null; /** * Value of "java.rmi.server.useCodebaseOnly" property, @@ -122,7 +127,7 @@ throws IOException, StreamCorruptedException { super(in); - } + } /** * Returns a callback previously registered via the setDoneCallback @@ -239,6 +244,11 @@ protected Class<?> resolveProxyClass(String[] interfaces) throws IOException, ClassNotFoundException { + StreamChecker checker = streamChecker; + if (checker != null) { + checker.checkProxyInterfaceNames(interfaces); + } + /* * Always read annotation written by MarshalOutputStream. */ @@ -318,4 +328,28 @@ void useCodebaseOnly() { useCodebaseOnly = true; } + + synchronized void setStreamChecker(StreamChecker checker) { + streamChecker = checker; + SharedSecrets.getJavaObjectInputStreamAccess().setValidator(this, checker); + } + @Override + protected ObjectStreamClass readClassDescriptor() throws IOException, + ClassNotFoundException { + ObjectStreamClass descriptor = super.readClassDescriptor(); + + validateDesc(descriptor); + + return descriptor; + } + + private void validateDesc(ObjectStreamClass descriptor) { + StreamChecker checker; + synchronized (this) { + checker = streamChecker; + } + if (checker != null) { + checker.validateDescriptor(descriptor); + } + } }
--- a/src/share/classes/sun/rmi/server/UnicastServerRef.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/rmi/server/UnicastServerRef.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,7 +28,7 @@ import java.io.IOException; import java.io.ObjectInput; import java.io.ObjectOutput; -import java.io.PrintStream; +import java.io.ObjectStreamClass; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.rmi.MarshalException; @@ -52,7 +52,9 @@ import java.util.HashMap; import java.util.Map; import java.util.WeakHashMap; +import java.util.concurrent.atomic.AtomicInteger; import sun.rmi.runtime.Log; +import static sun.rmi.server.UnicastRef.marshalValue; import sun.rmi.transport.LiveRef; import sun.rmi.transport.Target; import sun.rmi.transport.tcp.TCPTransport; @@ -117,6 +119,8 @@ private static final Map<Class<?>,?> withoutSkeletons = Collections.synchronizedMap(new WeakHashMap<Class<?>,Void>()); + private final AtomicInteger methodCallIDCount = new AtomicInteger(0); + /** * Create a new (empty) Unicast server remote reference. */ @@ -298,14 +302,11 @@ logCall(obj, method); // unmarshal parameters - Class[] types = method.getParameterTypes(); - Object[] params = new Object[types.length]; + Object[] params = null; try { unmarshalCustomCallData(in); - for (int i = 0; i < types.length; i++) { - params[i] = unmarshalValue(types[i], in); - } + params = unmarshalParameters(obj, method, marshalStream); } catch (java.io.IOException e) { throw new UnmarshalException( "error unmarshalling arguments", e); @@ -566,4 +567,85 @@ return map; } } + + /** + * Unmarshal parameters for the given method of the given instance over + * the given marshalinputstream. Perform any necessary checks. + */ + private Object[] unmarshalParameters(Object obj, Method method, MarshalInputStream in) + throws IOException, ClassNotFoundException { + return (obj instanceof DeserializationChecker) ? + unmarshalParametersChecked((DeserializationChecker)obj, method, in) : + unmarshalParametersUnchecked(method, in); + } + + /** + * Unmarshal parameters for the given method of the given instance over + * the given marshalinputstream. Do not perform any additional checks. + */ + private Object[] unmarshalParametersUnchecked(Method method, ObjectInput in) + throws IOException, ClassNotFoundException { + Class<?>[] types = method.getParameterTypes(); + Object[] params = new Object[types.length]; + for (int i = 0; i < types.length; i++) { + params[i] = unmarshalValue(types[i], in); + } + return params; + } + + /** + * Unmarshal parameters for the given method of the given instance over + * the given marshalinputstream. Do perform all additional checks. + */ + private Object[] unmarshalParametersChecked( + DeserializationChecker checker, + Method method, MarshalInputStream in) + throws IOException, ClassNotFoundException { + int callID = methodCallIDCount.getAndIncrement(); + MyChecker myChecker = new MyChecker(checker, method, callID); + in.setStreamChecker(myChecker); + try { + Class<?>[] types = method.getParameterTypes(); + Object[] values = new Object[types.length]; + for (int i = 0; i < types.length; i++) { + myChecker.setIndex(i); + values[i] = unmarshalValue(types[i], in); + } + myChecker.end(callID); + return values; + } finally { + in.setStreamChecker(null); + } + } + + private static class MyChecker implements MarshalInputStream.StreamChecker { + private final DeserializationChecker descriptorCheck; + private final Method method; + private final int callID; + private int parameterIndex; + + MyChecker(DeserializationChecker descriptorCheck, Method method, int callID) { + this.descriptorCheck = descriptorCheck; + this.method = method; + this.callID = callID; + } + + @Override + public void validateDescriptor(ObjectStreamClass descriptor) { + descriptorCheck.check(method, descriptor, parameterIndex, callID); + } + + @Override + public void checkProxyInterfaceNames(String[] ifaces) { + descriptorCheck.checkProxyClass(method, ifaces, parameterIndex, callID); + } + + void setIndex(int parameterIndex) { + this.parameterIndex = parameterIndex; + } + + void end(int callId) { + descriptorCheck.end(callId); + } + } }
--- a/src/share/classes/sun/rmi/server/resources/rmid_ko.properties Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/rmi/server/resources/rmid_ko.properties Sat Sep 10 22:36:17 2016 +0100 @@ -1,6 +1,6 @@ # # -# Copyright (c) 1998, 2005, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -47,7 +47,7 @@ # {0} = the (string) reason text that came with a thrown exception # "Activation.main" should not be translated, because it's a codepoint -rmid.unexpected.exception=Activation.main: \uC608\uC678 \uC0AC\uD56D \uBC1C\uC0DD: {0} +rmid.unexpected.exception=Activation.main: \uC608\uC678\uC0AC\uD56D \uBC1C\uC0DD: {0} # "java.home" should not be translated, because it's a property name # "ActivatorImpl" should not be translated, because it's a codepoint @@ -60,7 +60,7 @@ rmid.exec.policy.invalid=Activation.main: \uC2E4\uD589 \uC815\uCC45 \uD074\uB798\uC2A4\uAC00 \uBD80\uC801\uD569\uD569\uB2C8\uB2E4. # "rmid" should not be translated -rmid.exec.policy.exception=rmid: \uC2E4\uD589 \uC815\uCC45\uC744 \uAC00\uC838\uC624\uB824\uB294 \uC2DC\uB3C4\uB85C \uBC1C\uC0DD\uD55C \uC608\uC678 \uC0AC\uD56D: +rmid.exec.policy.exception=rmid: \uC2E4\uD589 \uC815\uCC45\uC744 \uAC00\uC838\uC624\uB824\uB294 \uC2DC\uB3C4\uB85C \uBC1C\uC0DD\uD55C \uC608\uC678\uC0AC\uD56D: # "rmid" should not be translated rmid.exec.command=rmid: debugExec: "{0}" \uC2E4\uD589 \uC911
--- a/src/share/classes/sun/rmi/server/resources/rmid_zh_TW.properties Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/rmi/server/resources/rmid_zh_TW.properties Sat Sep 10 22:36:17 2016 +0100 @@ -1,6 +1,6 @@ # # -# Copyright (c) 1998, 2005, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -71,7 +71,7 @@ # "Activation.main", "sun.rmi.activation.execPolicy", "ExecPermission" and # "ExecOptionPermission" should not be translated, since they refer to # class/permission names. -rmid.exec.perms.inadequate=Activation.main: \u8B66\u544A: sun.rmi.activation.execPolicy \u7CFB\u7D71\n\u5C6C\u6027\u672A\u6307\u5B9A\uFF0C\u4E26\u4E14\u672A\u6388\u4E88 ExecPermissions/ExecOptionPermissions; \n\u5F8C\u7E8C\u7684\u555F\u52D5\u5617\u8A66\u53EF\u80FD\u6703\u56E0\u70BA\u672A\u6210\u529F\u7684\nExecPermission/ExecOptionPermission \u6B0A\u9650\u6AA2\u67E5\u800C\u5931\u6557\u3002\u5982\u9700\n\u95DC\u65BC\u5982\u4F55\u914D\u7F6E rmid \u5B89\u5168\u7684\u8AAA\u660E\u6587\u4EF6\uFF0C\u8ACB\u53C3\u8003:\n\nhttp://java.sun.com/j2se/1.4/docs/tooldocs/solaris/rmid.html\nhttp://java.sun.com/j2se/1.4/docs/tooldocs/win32/rmid.html\n +rmid.exec.perms.inadequate=Activation.main: \u8B66\u544A: sun.rmi.activation.execPolicy \u7CFB\u7D71\n\u5C6C\u6027\u672A\u6307\u5B9A\uFF0C\u4E26\u4E14\u672A\u6388\u4E88 ExecPermissions/ExecOptionPermissions; \n\u5F8C\u7E8C\u7684\u555F\u52D5\u5617\u8A66\u53EF\u80FD\u6703\u56E0\u70BA\u672A\u6210\u529F\u7684\nExecPermission/ExecOptionPermission \u6B0A\u9650\u6AA2\u67E5\u800C\u5931\u6557\u3002\u5982\u9700\n\u95DC\u65BC\u5982\u4F55\u8A2D\u5B9A rmid \u5B89\u5168\u7684\u8AAA\u660E\u6587\u4EF6\uFF0C\u8ACB\u53C3\u8003:\n\nhttp://java.sun.com/j2se/1.4/docs/tooldocs/solaris/rmid.html\nhttp://java.sun.com/j2se/1.4/docs/tooldocs/win32/rmid.html\n # "rmid", "-port", "-log", "-stop", "-C" and "-J" should not be translated, # because they are syntax
--- a/src/share/classes/sun/rmi/transport/DGCClient.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/rmi/transport/DGCClient.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ import java.lang.ref.PhantomReference; import java.lang.ref.ReferenceQueue; +import java.net.SocketPermission; import java.security.AccessController; import java.security.PrivilegedAction; import java.util.HashMap; @@ -46,6 +47,10 @@ import sun.rmi.server.Util; import sun.security.action.GetLongAction; +import java.security.AccessControlContext; +import java.security.Permissions; +import java.security.ProtectionDomain; + /** * DGCClient implements the client-side of the RMI distributed garbage * collection system. @@ -113,6 +118,18 @@ /** ObjID for server-side DGC object */ private static final ObjID dgcID = new ObjID(ObjID.DGC_ID); + /** + * An AccessControlContext with only socket permissions, + * suitable for an RMIClientSocketFactory. + */ + private static final AccessControlContext SOCKET_ACC; + static { + Permissions perms = new Permissions(); + perms.add(new SocketPermission("*", "connect,resolve")); + ProtectionDomain[] pd = { new ProtectionDomain(null, perms) }; + SOCKET_ACC = new AccessControlContext(pd); + } + /* * Disallow anyone from creating one of these. */ @@ -570,13 +587,20 @@ } } - if (needRenewal) { - makeDirtyCall(refsToDirty, sequenceNum); - } + final boolean needRenewal_ = needRenewal; + final Set<RefEntry> refsToDirty_ = refsToDirty; + final long sequenceNum_ = sequenceNum; + AccessController.doPrivileged(new PrivilegedAction<Void>() { + public Void run() { + if (needRenewal_) { + makeDirtyCall(refsToDirty_, sequenceNum_); + } - if (!pendingCleans.isEmpty()) { - makeCleanCalls(); - } + if (!pendingCleans.isEmpty()) { + makeCleanCalls(); + } + return null; + }}, SOCKET_ACC); } while (!removed || !pendingCleans.isEmpty()); } }
--- a/src/share/classes/sun/rmi/transport/DGCImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/rmi/transport/DGCImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,6 +24,7 @@ */ package sun.rmi.transport; +import java.net.SocketPermission; import java.rmi.Remote; import java.rmi.RemoteException; import java.rmi.dgc.DGC; @@ -33,8 +34,11 @@ import java.rmi.server.ObjID; import java.rmi.server.RemoteServer; import java.rmi.server.ServerNotActiveException; +import java.security.AccessControlContext; import java.security.AccessController; +import java.security.Permissions; import java.security.PrivilegedAction; +import java.security.ProtectionDomain; import java.util.ArrayList; import java.util.HashSet; import java.util.HashMap; @@ -288,15 +292,26 @@ */ try { dgc = new DGCImpl(); - ObjID dgcID = new ObjID(ObjID.DGC_ID); + final ObjID dgcID = new ObjID(ObjID.DGC_ID); LiveRef ref = new LiveRef(dgcID, 0); - UnicastServerRef disp = new UnicastServerRef(ref); - Remote stub = + final UnicastServerRef disp = new UnicastServerRef(ref); + final Remote stub = Util.createProxy(DGCImpl.class, new UnicastRef(ref), true); disp.setSkeleton(dgc); - Target target = - new Target(dgc, disp, stub, dgcID, true); + + Permissions perms = new Permissions(); + perms.add(new SocketPermission("*", "accept,resolve")); + ProtectionDomain[] pd = { new ProtectionDomain(null, perms) }; + AccessControlContext acceptAcc = new AccessControlContext(pd); + + Target target = AccessController.doPrivileged( + new PrivilegedAction<Target>() { + public Target run() { + return new Target(dgc, disp, stub, dgcID, true); + } + }, acceptAcc); + ObjectTable.putTarget(target); } catch (RemoteException e) { throw new Error(
--- a/src/share/classes/sun/security/acl/AclEntryImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/acl/AclEntryImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -25,7 +25,6 @@ package sun.security.acl; import java.util.*; -import java.io.*; import java.security.Principal; import java.security.acl.*; @@ -162,6 +161,7 @@ /** * Clones an AclEntry. */ + @SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly public synchronized Object clone() { AclEntryImpl cloned; cloned = new AclEntryImpl(user);
--- a/src/share/classes/sun/security/action/PutAllAction.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/action/PutAllAction.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,9 +41,9 @@ public class PutAllAction implements PrivilegedAction<Void> { private final Provider provider; - private final Map map; + private final Map<?, ?> map; - public PutAllAction(Provider provider, Map map) { + public PutAllAction(Provider provider, Map<?, ?> map) { this.provider = provider; this.map = map; }
--- a/src/share/classes/sun/security/ec/ECDSASignature.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/ec/ECDSASignature.java Sat Sep 10 22:36:17 2016 +0100 @@ -25,10 +25,8 @@ package sun.security.ec; -import java.io.IOException; import java.nio.ByteBuffer; import java.math.BigInteger; -import java.util.Arrays; import java.security.*; import java.security.interfaces.*; @@ -36,7 +34,6 @@ import sun.security.jca.JCAUtil; import sun.security.util.*; -import sun.security.x509.AlgorithmId; /** * ECDSA signature implementation. This class currently supports the @@ -324,6 +321,7 @@ // set parameter, not supported. See JCA doc @Override + @Deprecated protected void engineSetParameter(String param, Object value) throws InvalidParameterException { throw new UnsupportedOperationException("setParameter() not supported"); @@ -331,6 +329,7 @@ // get parameter, not supported. See JCA doc @Override + @Deprecated protected Object engineGetParameter(String param) throws InvalidParameterException { throw new UnsupportedOperationException("getParameter() not supported");
--- a/src/share/classes/sun/security/ec/ECKeyFactory.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/ec/ECKeyFactory.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -61,7 +61,9 @@ public final static Provider ecInternalProvider; static { - final Provider p = new Provider("SunEC-Internal", 1.0d, null) {}; + final Provider p = new Provider("SunEC-Internal", 1.0d, null) { + private static final long serialVersionUID = 970685700309471261L; + }; AccessController.doPrivileged(new PrivilegedAction<Void>() { public Void run() { p.put("KeyFactory.EC", "sun.security.ec.ECKeyFactory"); @@ -262,12 +264,12 @@ if (key instanceof ECPublicKey) { ECPublicKey ecKey = (ECPublicKey)key; if (ECPublicKeySpec.class.isAssignableFrom(keySpec)) { - return (T) new ECPublicKeySpec( + return keySpec.cast(new ECPublicKeySpec( ecKey.getW(), ecKey.getParams() - ); + )); } else if (X509EncodedKeySpec.class.isAssignableFrom(keySpec)) { - return (T) new X509EncodedKeySpec(key.getEncoded()); + return keySpec.cast(new X509EncodedKeySpec(key.getEncoded())); } else { throw new InvalidKeySpecException ("KeySpec must be ECPublicKeySpec or " @@ -275,13 +277,13 @@ } } else if (key instanceof ECPrivateKey) { if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) { - return (T) new PKCS8EncodedKeySpec(key.getEncoded()); + return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded())); } else if (ECPrivateKeySpec.class.isAssignableFrom(keySpec)) { ECPrivateKey ecKey = (ECPrivateKey)key; - return (T) new ECPrivateKeySpec( + return keySpec.cast(new ECPrivateKeySpec( ecKey.getS(), ecKey.getParams() - ); + )); } else { throw new InvalidKeySpecException ("KeySpec must be ECPrivateKeySpec or "
--- a/src/share/classes/sun/security/ec/ECParameters.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/ec/ECParameters.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -326,9 +326,9 @@ protected <T extends AlgorithmParameterSpec> T engineGetParameterSpec(Class<T> spec) throws InvalidParameterSpecException { if (spec.isAssignableFrom(ECParameterSpec.class)) { - return (T)paramSpec; + return spec.cast(paramSpec); } else if (spec.isAssignableFrom(ECGenParameterSpec.class)) { - return (T)new ECGenParameterSpec(getCurveName(paramSpec)); + return spec.cast(new ECGenParameterSpec(getCurveName(paramSpec))); } else { throw new InvalidParameterSpecException ("Only ECParameterSpec and ECGenParameterSpec supported");
--- a/src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java Sat Sep 10 22:36:17 2016 +0100 @@ -43,6 +43,8 @@ public class TlsRsaPremasterSecretParameterSpec implements AlgorithmParameterSpec { + private final byte[] encodedSecret; + /* * The TLS spec says that the version in the RSA premaster secret must * be the maximum version supported by the client (i.e. the version it @@ -89,6 +91,33 @@ this.clientVersion = checkVersion(clientVersion); this.serverVersion = checkVersion(serverVersion); + this.encodedSecret = null; + } + + /** + * Constructs a new TlsRsaPremasterSecretParameterSpec. + * + * @param clientVersion the version of the TLS protocol by which the + * client wishes to communicate during this session + * @param serverVersion the negotiated version of the TLS protocol which + * contains the lower of that suggested by the client in the client + * hello and the highest supported by the server. + * @param encodedSecret the encoded secret key + * + * @throws IllegalArgumentException if clientVersion or serverVersion are + * negative or larger than (2^16 - 1) or if encodedSecret is not + * exactly 48 bytes + */ + public TlsRsaPremasterSecretParameterSpec( + int clientVersion, int serverVersion, byte[] encodedSecret) { + + this.clientVersion = checkVersion(clientVersion); + this.serverVersion = checkVersion(serverVersion); + if (encodedSecret == null || encodedSecret.length != 48) { + throw new IllegalArgumentException( + "Encoded secret is not exactly 48 bytes"); + } + this.encodedSecret = encodedSecret.clone(); } /** @@ -147,4 +176,13 @@ } return version; } + + /** + * Returns the encoded secret. + * + * @return the encoded secret, may be null if no encoded secret. + */ + public byte[] getEncodedSecret() { + return encodedSecret == null ? null : encodedSecret.clone(); + } }
--- a/src/share/classes/sun/security/jca/GetInstance.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/jca/GetInstance.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -149,7 +149,7 @@ * There are overloaded methods for all the permutations. */ - public static Instance getInstance(String type, Class clazz, + public static Instance getInstance(String type, Class<?> clazz, String algorithm) throws NoSuchAlgorithmException { // in the almost all cases, the first service will work // avoid taking long path if so @@ -181,7 +181,7 @@ throw failure; } - public static Instance getInstance(String type, Class clazz, + public static Instance getInstance(String type, Class<?> clazz, String algorithm, Object param) throws NoSuchAlgorithmException { List<Service> services = getServices(type, algorithm); NoSuchAlgorithmException failure = null; @@ -200,25 +200,25 @@ } } - public static Instance getInstance(String type, Class clazz, + public static Instance getInstance(String type, Class<?> clazz, String algorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderException { return getInstance(getService(type, algorithm, provider), clazz); } - public static Instance getInstance(String type, Class clazz, + public static Instance getInstance(String type, Class<?> clazz, String algorithm, Object param, String provider) throws NoSuchAlgorithmException, NoSuchProviderException { return getInstance(getService(type, algorithm, provider), clazz, param); } - public static Instance getInstance(String type, Class clazz, + public static Instance getInstance(String type, Class<?> clazz, String algorithm, Provider provider) throws NoSuchAlgorithmException { return getInstance(getService(type, algorithm, provider), clazz); } - public static Instance getInstance(String type, Class clazz, + public static Instance getInstance(String type, Class<?> clazz, String algorithm, Object param, Provider provider) throws NoSuchAlgorithmException { return getInstance(getService(type, algorithm, provider), clazz, param); @@ -231,14 +231,14 @@ * Signature class. */ - public static Instance getInstance(Service s, Class clazz) + public static Instance getInstance(Service s, Class<?> clazz) throws NoSuchAlgorithmException { Object instance = s.newInstance(null); checkSuperClass(s, instance.getClass(), clazz); return new Instance(s.getProvider(), instance); } - public static Instance getInstance(Service s, Class clazz, + public static Instance getInstance(Service s, Class<?> clazz, Object param) throws NoSuchAlgorithmException { Object instance = s.newInstance(param); checkSuperClass(s, instance.getClass(), clazz); @@ -249,8 +249,8 @@ * Check is subClass is a subclass of superClass. If not, * throw a NoSuchAlgorithmException. */ - public static void checkSuperClass(Service s, Class subClass, - Class superClass) throws NoSuchAlgorithmException { + public static void checkSuperClass(Service s, Class<?> subClass, + Class<?> superClass) throws NoSuchAlgorithmException { if (superClass == null) { return; }
--- a/src/share/classes/sun/security/jca/JCAUtil.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/jca/JCAUtil.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,12 +41,6 @@ // no instantiation } - // lock to use for synchronization - private static final Object LOCK = JCAUtil.class; - - // cached SecureRandom instance - private static volatile SecureRandom secureRandom; - // size of the temporary arrays we use. Should fit into the CPU's 1st // level cache and could be adjusted based on the platform private final static int ARRAY_SIZE = 4096; @@ -60,26 +54,19 @@ return Math.min(ARRAY_SIZE, totalSize); } + // cached SecureRandom instance + private static class CachedSecureRandomHolder { + public static SecureRandom instance = new SecureRandom(); + } + /** - * Get a SecureRandom instance. This method should me used by JDK + * Get a SecureRandom instance. This method should be used by JDK * internal code in favor of calling "new SecureRandom()". That needs to * iterate through the provider table to find the default SecureRandom * implementation, which is fairly inefficient. */ public static SecureRandom getSecureRandom() { - // we use double checked locking to minimize synchronization - // works because we use a volatile reference - SecureRandom r = secureRandom; - if (r == null) { - synchronized (LOCK) { - r = secureRandom; - if (r == null) { - r = new SecureRandom(); - secureRandom = r; - } - } - } - return r; + return CachedSecureRandomHolder.instance; } }
--- a/src/share/classes/sun/security/jca/ProviderList.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/jca/ProviderList.java Sat Sep 10 22:36:17 2016 +0100 @@ -69,6 +69,7 @@ // used to avoid explicit null checks in various places private static final Provider EMPTY_PROVIDER = new Provider("##Empty##", 1.0d, "initialization in progress") { + private static final long serialVersionUID = 1151354171352296389L; // override getService() to return null slightly faster public Service getService(String type, String algorithm) { return null;
--- a/src/share/classes/sun/security/jca/Providers.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/jca/Providers.java Sat Sep 10 22:36:17 2016 +0100 @@ -25,10 +25,7 @@ package sun.security.jca; -import java.util.*; - import java.security.Provider; -import java.security.Security; /** * Collection of methods to get and set provider list. Also includes @@ -97,11 +94,11 @@ // sun.security.util.ManifestEntryVerifier and java.security.SecureRandom. public static Provider getSunProvider() { try { - Class clazz = Class.forName(jarVerificationProviders[0]); + Class<?> clazz = Class.forName(jarVerificationProviders[0]); return (Provider)clazz.newInstance(); } catch (Exception e) { try { - Class clazz = Class.forName(BACKUP_PROVIDER_CLASSNAME); + Class<?> clazz = Class.forName(BACKUP_PROVIDER_CLASSNAME); return (Provider)clazz.newInstance(); } catch (Exception ee) { throw new RuntimeException("Sun provider not found", e);
--- a/src/share/classes/sun/security/jgss/GSSUtil.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/jgss/GSSUtil.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -319,24 +319,25 @@ * no Subject present or a Vector which contains 0 or more * matching GSSCredentialSpi objects. */ - public static Vector searchSubject(final GSSNameSpi name, - final Oid mech, - final boolean initiate, - final Class credCls) { + public static <T extends GSSCredentialSpi> Vector<T> + searchSubject(final GSSNameSpi name, + final Oid mech, + final boolean initiate, + final Class<? extends T> credCls) { debug("Search Subject for " + getMechStr(mech) + (initiate? " INIT" : " ACCEPT") + " cred (" + (name == null? "<<DEF>>" : name.toString()) + ", " + credCls.getName() + ")"); final AccessControlContext acc = AccessController.getContext(); try { - Vector creds = + Vector<T> creds = AccessController.doPrivileged - (new PrivilegedExceptionAction<Vector>() { - public Vector run() throws Exception { + (new PrivilegedExceptionAction<Vector<T>>() { + public Vector<T> run() throws Exception { Subject accSubj = Subject.getSubject(acc); - Vector<GSSCredentialSpi> result = null; + Vector<T> result = null; if (accSubj != null) { - result = new Vector<GSSCredentialSpi>(); + result = new Vector<T>(); Iterator<GSSCredentialImpl> iterator = accSubj.getPrivateCredentials (GSSCredentialImpl.class).iterator(); @@ -350,7 +351,7 @@ if (ce.getClass().equals(credCls) && (name == null || name.equals((Object) ce.getName()))) { - result.add(ce); + result.add(credCls.cast(ce)); } else { debug("......Discard element"); }
--- a/src/share/classes/sun/security/jgss/krb5/CipherHelper.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/jgss/krb5/CipherHelper.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -139,6 +139,7 @@ return flag; } + @SuppressWarnings("fallthrough") byte[] calculateChecksum(int alg, byte[] header, byte[] trailer, byte[] data, int start, int len, int tokenId) throws GSSException { @@ -1265,7 +1266,7 @@ // Note: When using this RC4 based encryption type, the sequence number // is always sent in big-endian rather than little-endian order. byte[] seqNum = new byte[4]; - token.writeBigEndian(token.getSequenceNumber(), seqNum); + WrapToken.writeBigEndian(token.getSequenceNumber(), seqNum); // Krb5Token.debug("\narcFourEncrypt:" + Krb5Token.getHexBytes(all));
--- a/src/share/classes/sun/security/jgss/krb5/Krb5Context.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/jgss/krb5/Krb5Context.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1320,6 +1320,8 @@ * The session key returned by inquireSecContext(KRB5_INQ_SSPI_SESSION_KEY) */ static class KerberosSessionKey implements Key { + private static final long serialVersionUID = 699307378954123869L; + private final EncryptionKey key; KerberosSessionKey(EncryptionKey key) {
--- a/src/share/classes/sun/security/jgss/krb5/Krb5NameElement.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/jgss/krb5/Krb5NameElement.java Sat Sep 10 22:36:17 2016 +0100 @@ -27,10 +27,11 @@ import org.ietf.jgss.*; import sun.security.jgss.spi.*; -import javax.security.auth.kerberos.*; import sun.security.krb5.PrincipalName; +import sun.security.krb5.Realm; import sun.security.krb5.KrbException; -import sun.security.krb5.ServiceName; + +import javax.security.auth.kerberos.ServicePermission; import java.io.UnsupportedEncodingException; import java.net.InetAddress; import java.net.UnknownHostException; @@ -119,8 +120,8 @@ hostName = components[1]; String principal = getHostBasedInstance(service, hostName); - principalName = new ServiceName(principal, - PrincipalName.KRB_NT_SRV_HST); + principalName = new PrincipalName(principal, + PrincipalName.KRB_NT_SRV_HST); } } @@ -128,6 +129,18 @@ throw new GSSException(GSSException.BAD_NAME, -1, e.getMessage()); } + if (principalName.isRealmDeduced() && !Realm.AUTODEDUCEREALM) { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + try { + sm.checkPermission(new ServicePermission( + "@" + principalName.getRealmAsString(), "-")); + } catch (SecurityException se) { + // Do not chain the actual exception to hide info + throw new GSSException(GSSException.FAILURE); + } + } + } return new Krb5NameElement(principalName, gssNameStr, gssNameType); } @@ -200,7 +213,7 @@ * If either name denotes an anonymous principal, the call should * return false. * - * @param name to be compared with + * @param other to be compared with * @returns true if they both refer to the same entity, else false * @exception GSSException with major codes of BAD_NAMETYPE, * BAD_NAME, FAILURE
--- a/src/share/classes/sun/security/jgss/krb5/MessageToken.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/jgss/krb5/MessageToken.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,12 +27,10 @@ import org.ietf.jgss.*; import sun.security.jgss.*; -import sun.security.krb5.*; import java.io.InputStream; import java.io.OutputStream; import java.io.IOException; import java.io.ByteArrayInputStream; -import java.security.GeneralSecurityException; import java.security.MessageDigest; /** @@ -184,7 +182,7 @@ try { gssHeader = new GSSHeader(is); - if (!gssHeader.getOid().equals(OID)) { + if (!gssHeader.getOid().equals((Object)OID)) { throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1, getTokenName(tokenId)); }
--- a/src/share/classes/sun/security/jgss/krb5/SubjectComber.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/jgss/krb5/SubjectComber.java Sat Sep 10 22:36:17 2016 +0100 @@ -56,15 +56,17 @@ static <T> T find(Subject subject, String serverPrincipal, String clientPrincipal, Class<T> credClass) { - return (T)findAux(subject, serverPrincipal, clientPrincipal, credClass, - true); + // findAux returns T if oneOnly. + return credClass.cast(findAux(subject, serverPrincipal, + clientPrincipal, credClass, true)); } + @SuppressWarnings("unchecked") // findAux returns List<T> if !oneOnly. static <T> List<T> findMany(Subject subject, String serverPrincipal, String clientPrincipal, Class<T> credClass) { - return (List<T>)findAux(subject, serverPrincipal, clientPrincipal, credClass, - false); + return (List<T>)findAux(subject, serverPrincipal, clientPrincipal, + credClass, false); } /** @@ -73,6 +75,7 @@ * * @return the private credentials */ + // Returns T if oneOnly and List<T> if !oneOnly. private static <T> Object findAux(Subject subject, String serverPrincipal, String clientPrincipal, Class<T> credClass, boolean oneOnly) { @@ -98,11 +101,11 @@ } } else if (credClass == KerberosKey.class) { // We are looking for credentials for the serverPrincipal - Iterator<T> iterator = - subject.getPrivateCredentials(credClass).iterator(); + Iterator<KerberosKey> iterator = + subject.getPrivateCredentials(KerberosKey.class).iterator(); while (iterator.hasNext()) { - T t = iterator.next(); - String name = ((KerberosKey)t).getPrincipal().getName(); + KerberosKey t = iterator.next(); + String name = t.getPrincipal().getName(); if (serverPrincipal == null || serverPrincipal.equals(name)) { if (DEBUG) { System.out.println("Found " + @@ -116,7 +119,7 @@ // belong to the same principal serverPrincipal = name; } - answer.add(t); + answer.add(credClass.cast(t)); } } } @@ -129,6 +132,7 @@ while (iterator.hasNext()) { Object obj = iterator.next(); if (obj instanceof KerberosTicket) { + @SuppressWarnings("unchecked") KerberosTicket ticket = (KerberosTicket)obj; if (DEBUG) { System.out.println("Found ticket for " @@ -180,7 +184,7 @@ serverPrincipal = ticket.getServer().getName(); } - answer.add((T)ticket); + answer.add(credClass.cast(ticket)); } } }
--- a/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1050,7 +1050,7 @@ // get the peer name for the mechanism if (mechContext != null) { GSSNameImpl targName = (GSSNameImpl)mechContext.getTargName(); - peerName = (GSSNameSpi) targName.getElement(internal_mech); + peerName = targName.getElement(internal_mech); return peerName; } else { if (DEBUG) { @@ -1066,7 +1066,7 @@ // get the src name for the mechanism if (mechContext != null) { GSSNameImpl srcName = (GSSNameImpl)mechContext.getSrcName(); - myName = (GSSNameSpi) srcName.getElement(internal_mech); + myName = srcName.getElement(internal_mech); return myName; } else { if (DEBUG) { @@ -1098,8 +1098,8 @@ if (delegCred.getUsage() == GSSCredential.INITIATE_ONLY) { initiate = true; } - GSSCredentialSpi mechCred = (GSSCredentialSpi) - delegCred.getElement(internal_mech, initiate); + GSSCredentialSpi mechCred = + delegCred.getElement(internal_mech, initiate); SpNegoCredElement cred = new SpNegoCredElement(mechCred); return cred.getInternalCred(); } else {
--- a/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java Sat Sep 10 22:36:17 2016 +0100 @@ -30,6 +30,7 @@ import java.security.Security; import java.io.IOException; import java.io.UnsupportedEncodingException; +import sun.security.krb5.Realm; import sun.security.jgss.GSSUtil; import sun.security.util.ObjectIdentifier; import sun.security.util.DerInputStream; @@ -38,6 +39,8 @@ import sun.security.jgss.GSSExceptionImpl; import sun.security.jgss.spi.GSSNameSpi; +import javax.security.auth.kerberos.ServicePermission; + /** * This class is essentially a wrapper class for the gss_name_t * structure of the native GSS library. @@ -150,6 +153,28 @@ pName = cStub.importName(name, nameType); setPrintables(); + SecurityManager sm = System.getSecurityManager(); + if (sm != null && !Realm.AUTODEDUCEREALM) { + String krbName = getKrbName(); + int atPos = krbName.lastIndexOf('@'); + if (atPos != -1) { + String atRealm = krbName.substring(atPos); + // getNativeNameType() can modify NT_GSS_KRB5_PRINCIPAL to null + if ((nameType == null + || nameType.equals(GSSUtil.NT_GSS_KRB5_PRINCIPAL)) + && new String(nameBytes).endsWith(atRealm)) { + // Created from Kerberos name with realm, no need to check + } else { + try { + sm.checkPermission(new ServicePermission(atRealm, "-")); + } catch (SecurityException se) { + // Do not chain the actual exception to hide info + throw new GSSException(GSSException.FAILURE); + } + } + } + } + SunNativeProvider.debug("Imported " + printableName + " w/ type " + printableType); }
--- a/src/share/classes/sun/security/jgss/wrapper/NativeGSSFactory.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/jgss/wrapper/NativeGSSFactory.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -113,8 +113,7 @@ } GSSCredElement credElement = - getCredFromSubject((GSSNameElement) nname, - (usage == GSSCredential.INITIATE_ONLY)); + getCredFromSubject(nname, (usage == GSSCredential.INITIATE_ONLY)); if (credElement == null) { // No cred in the Subject
--- a/src/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java Sat Sep 10 22:36:17 2016 +0100 @@ -52,7 +52,7 @@ "sun.security.jgss.wrapper.NativeGSSFactory"; private static final String LIB_PROP = "sun.security.jgss.lib"; private static final String DEBUG_PROP = "sun.security.nativegss.debug"; - private static HashMap MECH_MAP; + private static HashMap<String, String> MECH_MAP; static final Provider INSTANCE = new SunNativeProvider(); static boolean DEBUG; static void debug(String message) { @@ -66,8 +66,9 @@ static { MECH_MAP = - AccessController.doPrivileged(new PrivilegedAction<HashMap>() { - public HashMap run() { + AccessController.doPrivileged( + new PrivilegedAction<HashMap<String, String>>() { + public HashMap<String, String> run() { DEBUG = Boolean.parseBoolean (System.getProperty(DEBUG_PROP)); try {
--- a/src/share/classes/sun/security/krb5/Checksum.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/Checksum.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -199,7 +199,7 @@ if (cksumType != cksum.cksumType) return false; CksumType cksumEngine = CksumType.getInstance(cksumType); - return cksumEngine.isChecksumEqual(checksum, cksum.checksum); + return CksumType.isChecksumEqual(checksum, cksum.checksum); } /**
--- a/src/share/classes/sun/security/krb5/Config.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/Config.java Sat Sep 10 22:36:17 2016 +0100 @@ -46,7 +46,6 @@ import java.util.Locale; import sun.net.dns.ResolverConfiguration; import sun.security.krb5.internal.crypto.EType; -import sun.security.krb5.internal.ktab.*; import sun.security.krb5.internal.Krb5; /** @@ -280,15 +279,18 @@ * @return the value found in config file, returns null if no value * matched with the key is found. */ - private String getDefault(String k, Hashtable t) { + private String getDefault(String k, Hashtable<String, Object> t) { String result = null; String key; if (stanzaTable != null) { - for (Enumeration e = t.keys(); e.hasMoreElements(); ) { - key = (String)e.nextElement(); + for (Enumeration<String> e = t.keys(); e.hasMoreElements(); ) { + key = e.nextElement(); Object ob = t.get(key); if (ob instanceof Hashtable) { - result = getDefault(k, (Hashtable)ob); + @SuppressWarnings("unchecked") // Checked with an instanceof check + Hashtable<String, Object> table = + (Hashtable<String, Object>)ob; + result = getDefault(k, table); if (result != null) { return result; } @@ -323,15 +325,20 @@ * @param section the name of the section. * @return the default value, null is returned if it cannot be found. */ + // stanzaTable leads to a lot of unchecked casts since its value type is + // STANZATABLE = String | Hashtable<String, STANZATABLE> + @SuppressWarnings("unchecked") public String getDefault(String name, String section) { String stanzaName; String result = null; - Hashtable subTable; + Hashtable<String, Object> subTable; if (stanzaTable != null) { - for (Enumeration e = stanzaTable.keys(); e.hasMoreElements(); ) { - stanzaName = (String)e.nextElement(); - subTable = (Hashtable)stanzaTable.get(stanzaName); + for (Enumeration<String> e = stanzaTable.keys(); + e.hasMoreElements(); ) { + stanzaName = e.nextElement(); + subTable = (Hashtable<String, Object>) + stanzaTable.get(stanzaName); if (stanzaName.equalsIgnoreCase(section)) { if (subTable.containsKey(name)) { return (String)(subTable.get(name)); @@ -339,7 +346,8 @@ } else if (subTable.containsKey(section)) { Object ob = subTable.get(section); if (ob instanceof Hashtable) { - Hashtable temp = (Hashtable)ob; + Hashtable<String, Object> temp = + (Hashtable<String, Object>)ob; if (temp.containsKey(name)) { Object object = temp.get(name); if (object instanceof Vector) { @@ -929,10 +937,10 @@ /** * Compares the key with the known keys to see if it exists. */ - private boolean exists(String key, Vector v) { + private boolean exists(String key, Vector<String> v) { boolean exists = false; for (int i = 0; i < v.size(); i++) { - if (((String)(v.elementAt(i))).equals(key)) { + if (v.elementAt(i).equals(key)) { exists = true; } } @@ -947,12 +955,15 @@ listTable(stanzaTable); } - private void listTable(Hashtable table) { - Vector v = new Vector(); + // stanzaTable leads to a lot of unchecked casts since its value type is + // STANZATABLE = String | Hashtable<String, STANZATABLE> + @SuppressWarnings("unchecked") + private void listTable(Hashtable<String, Object> table) { + Vector<String> v = new Vector<String>(); String key; if (stanzaTable != null) { - for (Enumeration e = table.keys(); e.hasMoreElements(); ) { - key = (String)e.nextElement(); + for (Enumeration<String> e = table.keys(); e.hasMoreElements(); ) { + key = e.nextElement(); Object object = table.get(key); if (table == stanzaTable) { System.out.println("[" + key + "]"); @@ -960,7 +971,7 @@ if (object instanceof Hashtable) { if (table != stanzaTable) System.out.println("\t" + key + " = {"); - listTable((Hashtable)object); + listTable((Hashtable<String, Object>)object); if (table != stanzaTable) System.out.println("\t}"); @@ -968,10 +979,9 @@ System.out.println("\t" + key + " = " + (String)table.get(key)); } else if (object instanceof Vector) { - v = (Vector)object; + v = (Vector<String>)object; for (int i = 0; i < v.size(); i++) { - System.out.println("\t" + key + " = " + - (String)v.elementAt(i)); + System.out.println("\t" + key + " = " + v.elementAt(i)); } } } @@ -1016,7 +1026,7 @@ ls.add(type); } } - if (ls.size() == 0) { + if (ls.isEmpty()) { if (DEBUG) { System.out.println( "no supported default etypes for " + enctypes);
--- a/src/share/classes/sun/security/krb5/Credentials.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/Credentials.java Sat Sep 10 22:36:17 2016 +0100 @@ -471,8 +471,7 @@ System.out.println(">>> DEBUG: ----Credentials----"); System.out.println("\tclient: " + c.client.toString()); System.out.println("\tserver: " + c.server.toString()); - System.out.println("\tticket: realm: " + c.ticket.realm.toString()); - System.out.println("\t sname: " + c.ticket.sname.toString()); + System.out.println("\tticket: sname: " + c.ticket.sname.toString()); if (c.startTime != null) { System.out.println("\tstartTime: " + c.startTime.getTime()); }
--- a/src/share/classes/sun/security/krb5/KrbApReq.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/KrbApReq.java Sat Sep 10 22:36:17 2016 +0100 @@ -179,7 +179,6 @@ KrbApReq(APOptions apOptions, Ticket ticket, EncryptionKey key, - Realm crealm, PrincipalName cname, Checksum cksum, KerberosTime ctime, @@ -189,7 +188,7 @@ throws Asn1Exception, IOException, KdcErrException, KrbCryptoException { - init(apOptions, ticket, key, crealm, cname, + init(apOptions, ticket, key, cname, cksum, ctime, subKey, seqNumber, authorizationData, KeyUsage.KU_PA_TGS_REQ_AUTHENTICATOR); @@ -208,7 +207,6 @@ init(options, tgs_creds.ticket, tgs_creds.key, - tgs_creds.client.getRealm(), tgs_creds.client, cksum, ctime, @@ -221,7 +219,6 @@ private void init(APOptions apOptions, Ticket ticket, EncryptionKey key, - Realm crealm, PrincipalName cname, Checksum cksum, KerberosTime ctime, @@ -232,7 +229,7 @@ throws Asn1Exception, IOException, KdcErrException, KrbCryptoException { - createMessage(apOptions, ticket, key, crealm, cname, + createMessage(apOptions, ticket, key, cname, cksum, ctime, subKey, seqNumber, authorizationData, usage); obuf = apReqMessg.asn1Encode(); @@ -289,9 +286,6 @@ ctime = authenticator.ctime; cusec = authenticator.cusec; authenticator.ctime.setMicroSeconds(authenticator.cusec); - authenticator.cname.setRealm(authenticator.crealm); - apReqMessg.ticket.sname.setRealm(apReqMessg.ticket.realm); - enc_ticketPart.cname.setRealm(enc_ticketPart.crealm); if (!authenticator.cname.equals(enc_ticketPart.cname)) throw new KrbApErrException(Krb5.KRB_AP_ERR_BADMATCH); @@ -457,7 +451,6 @@ private void createMessage(APOptions apOptions, Ticket ticket, EncryptionKey key, - Realm crealm, PrincipalName cname, Checksum cksum, KerberosTime ctime, @@ -474,8 +467,7 @@ seqno = new Integer(seqNumber.current()); authenticator = - new Authenticator(crealm, - cname, + new Authenticator(cname, cksum, ctime.getMicroSeconds(), ctime,
--- a/src/share/classes/sun/security/krb5/KrbAppMessage.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/KrbAppMessage.java Sat Sep 10 22:36:17 2016 +0100 @@ -48,8 +48,7 @@ HostAddress rAddress, boolean timestampRequired, boolean seqNumberRequired, - PrincipalName packetPrincipal, - Realm packetRealm) + PrincipalName packetPrincipal) throws KrbApErrException { if (!Krb5.AP_EMPTY_ADDRESSES_ALLOWED || sAddress != null) {
--- a/src/share/classes/sun/security/krb5/KrbAsRep.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/KrbAsRep.java Sat Sep 10 22:36:17 2016 +0100 @@ -152,11 +152,10 @@ DerValue encoding = new DerValue(enc_as_rep_part); EncASRepPart enc_part = new EncASRepPart(encoding); - rep.ticket.sname.setRealm(rep.ticket.realm); rep.encKDCRepPart = enc_part; ASReq req = asReq.getMessage(); - check(req, rep); + check(true, req, rep); creds = new Credentials( rep.ticket,
--- a/src/share/classes/sun/security/krb5/KrbAsReq.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/KrbAsReq.java Sat Sep 10 22:36:17 2016 +0100 @@ -115,10 +115,8 @@ } if (sname == null) { - sname = new PrincipalName("krbtgt" + - PrincipalName.NAME_COMPONENT_SEPARATOR + - cname.getRealmAsString(), - PrincipalName.KRB_NT_SRV_INST); + String realm = cname.getRealmAsString(); + sname = PrincipalName.tgsService(realm, realm); } if (till == null) { @@ -128,7 +126,6 @@ // enc-authorization-data and additional-tickets never in AS-REQ KDCReqBody kdc_req_body = new KDCReqBody(options, cname, - cname.getRealm(), sname, from, till,
--- a/src/share/classes/sun/security/krb5/KrbAsReqBuilder.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/KrbAsReqBuilder.java Sat Sep 10 22:36:17 2016 +0100 @@ -99,9 +99,6 @@ // Called by other constructors private void init(PrincipalName cname) throws KrbException { - if (cname.getRealm() == null) { - cname.setRealm(Config.getInstance().getDefaultRealm()); - } this.cname = cname; state = State.INIT; }
--- a/src/share/classes/sun/security/krb5/KrbCred.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/KrbCred.java Sat Sep 10 22:36:17 2016 +0100 @@ -96,12 +96,11 @@ PrincipalName princ = delegatedCreds.getClient(); Realm realm = princ.getRealm(); PrincipalName tgService = delegatedCreds.getServer(); - Realm tgsRealm = tgService.getRealm(); - KrbCredInfo credInfo = new KrbCredInfo(sessionKey, realm, + KrbCredInfo credInfo = new KrbCredInfo(sessionKey, princ, delegatedCreds.flags, delegatedCreds.authTime, delegatedCreds.startTime, delegatedCreds.endTime, - delegatedCreds.renewTill, tgsRealm, tgService, + delegatedCreds.renewTill, tgService, delegatedCreds.cAddr); timeStamp = new KerberosTime(KerberosTime.NOW); @@ -138,19 +137,13 @@ KrbCredInfo credInfo = encPart.ticketInfo[0]; EncryptionKey credInfoKey = credInfo.key; - Realm prealm = credInfo.prealm; - // XXX PrincipalName can store realm + principalname or - // just principal name. PrincipalName pname = credInfo.pname; - pname.setRealm(prealm); TicketFlags flags = credInfo.flags; KerberosTime authtime = credInfo.authtime; KerberosTime starttime = credInfo.starttime; KerberosTime endtime = credInfo.endtime; KerberosTime renewTill = credInfo.renewTill; - Realm srealm = credInfo.srealm; PrincipalName sname = credInfo.sname; - sname.setRealm(srealm); HostAddresses caddr = credInfo.caddr; if (DEBUG) {
--- a/src/share/classes/sun/security/krb5/KrbException.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/KrbException.java Sat Sep 10 22:36:17 2016 +0100 @@ -45,6 +45,10 @@ super(s); } + public KrbException(Throwable cause) { + super(cause); + } + public KrbException(int i) { returnCode = i; }
--- a/src/share/classes/sun/security/krb5/KrbKdcRep.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/KrbKdcRep.java Sat Sep 10 22:36:17 2016 +0100 @@ -35,28 +35,17 @@ abstract class KrbKdcRep { static void check( + boolean isAsReq, KDCReq req, KDCRep rep ) throws KrbApErrException { - if (!req.reqBody.cname.equalsWithoutRealm(rep.cname)) { + if (isAsReq && !req.reqBody.cname.equals(rep.cname)) { rep.encKDCRepPart.key.destroy(); throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED); } - /**** XXX - if (!req.reqBody.crealm.equals(rep.crealm)) { - rep.encKDCRepPart.key.destroy(); - throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED); - } - *****/ - - if (!req.reqBody.sname.equalsWithoutRealm(rep.encKDCRepPart.sname)) { - rep.encKDCRepPart.key.destroy(); - throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED); - } - - if (!req.reqBody.crealm.equals(rep.encKDCRepPart.srealm)) { + if (!req.reqBody.sname.equals(rep.encKDCRepPart.sname)) { rep.encKDCRepPart.key.destroy(); throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED); } @@ -73,7 +62,6 @@ throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED); } - for (int i = 1; i < 6; i++) { if (req.reqBody.kdcOptions.get(i) != rep.encKDCRepPart.flags.get(i)) {
--- a/src/share/classes/sun/security/krb5/KrbPriv.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/KrbPriv.java Sat Sep 10 22:36:17 2016 +0100 @@ -89,8 +89,7 @@ raddr, timestampRequired, seqNumberRequired, - creds.client, - creds.client.getRealm() + creds.client ); } @@ -151,8 +150,7 @@ HostAddress rAddress, boolean timestampRequired, boolean seqNumberRequired, - PrincipalName cname, - Realm crealm + PrincipalName cname ) throws Asn1Exception, KdcErrException, KrbApErrException, IOException, KrbCryptoException { @@ -172,8 +170,7 @@ rAddress, timestampRequired, seqNumberRequired, - cname, - crealm + cname ); return enc_part.userData;
--- a/src/share/classes/sun/security/krb5/KrbSafe.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/KrbSafe.java Sat Sep 10 22:36:17 2016 +0100 @@ -90,8 +90,7 @@ raddr, timestampRequired, seqNumberRequired, - creds.client, - creds.client.getRealm() + creds.client ); } @@ -154,8 +153,7 @@ HostAddress rAddress, boolean timestampRequired, boolean seqNumberRequired, - PrincipalName cname, - Realm crealm + PrincipalName cname ) throws Asn1Exception, KdcErrException, KrbApErrException, IOException, KrbCryptoException { @@ -177,8 +175,7 @@ rAddress, timestampRequired, seqNumberRequired, - cname, - crealm + cname ); return krb_safe.safeBody.userData;
--- a/src/share/classes/sun/security/krb5/KrbServiceLocator.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/KrbServiceLocator.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,18 +25,22 @@ package sun.security.krb5; +import sun.security.krb5.internal.Krb5; + +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.util.Arrays; -import java.util.Enumeration; import java.util.Hashtable; -import java.util.NoSuchElementException; import java.util.Random; import java.util.StringTokenizer; -import java.util.List; import javax.naming.*; import javax.naming.directory.*; import javax.naming.spi.NamingManager; +import sun.misc.SharedSecrets; + /** * This class discovers the location of Kerberos services by querying DNS, * as defined in RFC 4120. @@ -55,6 +59,8 @@ private static final Random random = new Random(); + private static final boolean DEBUG = Krb5.DEBUG; + private KrbServiceLocator() { } @@ -65,27 +71,37 @@ * Information on the mapping of DNS hostnames and domain names * to Kerberos realms is stored using DNS TXT records * - * @param domainName A string domain name. - * @param environment The possibly null environment of the context. + * @param realmName A string realm name. * @return An ordered list of hostports for the Kerberos service or null if * the service has not been located. */ static String[] getKerberosService(String realmName) { // search realm in SRV TXT records - String dnsUrl = "dns:///_kerberos." + realmName; + final String dnsUrl = "dns:///_kerberos." + realmName; String[] records = null; try { // Create the DNS context using NamingManager rather than using // the initial context constructor. This avoids having the initial // context constructor call itself (when processing the URL // argument in the getAttributes call). - Context ctx = NamingManager.getURLContext("dns", new Hashtable(0)); + final Context ctx = NamingManager.getURLContext("dns", new Hashtable<>(0)); if (!(ctx instanceof DirContext)) { return null; // cannot create a DNS context } - Attributes attrs = - ((DirContext)ctx).getAttributes(dnsUrl, SRV_TXT_ATTR); + Attributes attrs = null; + try { + // both connect and accept are needed since DNS is thru UDP + attrs = SharedSecrets.getJavaSecurityAccess().doPrivileged + (new PrivilegedExceptionAction<Attributes>() { + public Attributes run() throws Exception { + return ((DirContext)ctx).getAttributes(dnsUrl, SRV_TXT_ATTR); + } + }, null, + new java.net.SocketPermission("*", "connect,accept")); + } catch (PrivilegedActionException e) { + throw (NamingException)e.getCause(); + } Attribute attr; if (attrs != null && ((attr = attrs.get(SRV_TXT)) != null)) { @@ -127,13 +143,14 @@ * Queries DNS for a list of KERBEROS Service Location Records (SRV) for a * given domain name. * - * @param domainName A string domain name. + * @param realmName A string realm name. + * @param protocol the protocol string, can be "_udp" or "_tcp" * @return An ordered list of hostports for the Kerberos service or null if * the service has not been located. */ static String[] getKerberosService(String realmName, String protocol) { - String dnsUrl = "dns:///_kerberos." + protocol + "." + realmName; + final String dnsUrl = "dns:///_kerberos." + protocol + "." + realmName; String[] hostports = null; try { @@ -141,12 +158,25 @@ // the initial context constructor. This avoids having the initial // context constructor call itself (when processing the URL // argument in the getAttributes call). - Context ctx = NamingManager.getURLContext("dns", new Hashtable(0)); + final Context ctx = NamingManager.getURLContext("dns", new Hashtable<>(0)); if (!(ctx instanceof DirContext)) { return null; // cannot create a DNS context } - Attributes attrs = - ((DirContext)ctx).getAttributes(dnsUrl, SRV_RR_ATTR); + + Attributes attrs = null; + try { + // both connect and accept are needed since DNS is thru UDP + attrs = SharedSecrets.getJavaSecurityAccess().doPrivileged + (new PrivilegedExceptionAction<Attributes>() { + public Attributes run() throws Exception { + return ((DirContext)ctx).getAttributes(dnsUrl, SRV_RR_ATTR); + } + }, null, + new java.net.SocketPermission("*", "connect,accept")); + } catch (PrivilegedActionException e) { + throw (NamingException)e.getCause(); + } + Attribute attr; if (attrs != null && ((attr = attrs.get(SRV_RR)) != null)) { @@ -263,7 +293,7 @@ * See http://www.ietf.org/rfc/rfc2782.txt */ -static class SrvRecord implements Comparable { +static class SrvRecord implements Comparable<SrvRecord> { int priority; int weight; @@ -295,8 +325,7 @@ * Sort records in ascending order of priority value. For records with * equal priority move those with weight 0 to the top of the list. */ - public int compareTo(Object o) { - SrvRecord that = (SrvRecord) o; + public int compareTo(SrvRecord that) { if (priority > that.priority) { return 1; // this > that } else if (priority < that.priority) {
--- a/src/share/classes/sun/security/krb5/KrbTgsRep.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/KrbTgsRep.java Sat Sep 10 22:36:17 2016 +0100 @@ -82,12 +82,11 @@ byte[] enc_tgs_rep_part = rep.encPart.reset(enc_tgs_rep_bytes); ref = new DerValue(enc_tgs_rep_part); EncTGSRepPart enc_part = new EncTGSRepPart(ref); - rep.ticket.sname.setRealm(rep.ticket.realm); rep.encKDCRepPart = enc_part; - check(req, rep); + check(false, req, rep); - creds = new Credentials(rep.ticket, + this.creds = new Credentials(rep.ticket, req.reqBody.cname, rep.ticket.sname, enc_part.key, @@ -99,7 +98,6 @@ enc_part.caddr ); this.rep = rep; - this.creds = creds; this.secondTicket = tgsReq.getSecondTicket(); }
--- a/src/share/classes/sun/security/krb5/KrbTgsReq.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/KrbTgsReq.java Sat Sep 10 22:36:17 2016 +0100 @@ -148,7 +148,6 @@ asCreds.key, ctime, princName, - princName.getRealm(), servName, from, till, @@ -214,7 +213,6 @@ EncryptionKey key, KerberosTime ctime, PrincipalName cname, - Realm crealm, PrincipalName sname, KerberosTime from, KerberosTime till, @@ -273,8 +271,6 @@ KDCReqBody reqBody = new KDCReqBody( kdc_options, cname, - // crealm, - sname.getRealm(), // TO sname, from, req_till, @@ -315,7 +311,6 @@ new APOptions(), ticket, key, - crealm, cname, cksum, ctime,
--- a/src/share/classes/sun/security/krb5/PrincipalName.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/PrincipalName.java Sat Sep 10 22:36:17 2016 +0100 @@ -38,15 +38,25 @@ import java.util.Locale; import java.io.IOException; import java.math.BigInteger; +import java.util.Arrays; import sun.security.krb5.internal.ccache.CCacheOutputStream; import sun.security.krb5.internal.util.KerberosString; /** - * This class encapsulates a Kerberos principal. + * Implements the ASN.1 PrincipalName type and its realm in a single class. + * <xmp> + * Realm ::= KerberosString + * + * PrincipalName ::= SEQUENCE { + * name-type [0] Int32, + * name-string [1] SEQUENCE OF KerberosString + * } + * </xmp> + * This class is immutable. + * @see Realm */ -public class PrincipalName - implements Cloneable { +public class PrincipalName implements Cloneable { //name types @@ -80,8 +90,6 @@ */ public static final int KRB_NT_UID = 5; - - /** * TGS Name */ @@ -96,98 +104,112 @@ public static final String NAME_REALM_SEPARATOR_STR = "@"; public static final String REALM_COMPONENT_SEPARATOR_STR = "."; - private int nameType; - private String[] nameStrings; // Principal names don't mutate often + // Instance fields. + + /** + * The name type, from PrincipalName's name-type field. + */ + private final int nameType; + + /** + * The name strings, from PrincipalName's name-strings field. This field + * must be neither null nor empty. Each entry of it must also be neither + * null nor empty. Make sure to clone the field when it's passed in or out. + */ + private final String[] nameStrings; + + /** + * The realm this principal belongs to. + */ + private final Realm nameRealm; // not null + - private Realm nameRealm; // optional; a null realm means use default - // Note: the nameRealm is not included in the default ASN.1 encoding + /** + * When constructing a PrincipalName, whether the realm is included in + * the input, or deduced from default realm or domain-realm mapping. + */ + private final boolean realmDeduced; + + // cached default salt, not used in clone + private transient String salt = null; - // cached salt, might be changed by KDC info, not used in clone - private String salt = null; + // There are 3 basic constructors. All other constructors must call them. + // All basic constructors must call validateNameStrings. + // 1. From name components + // 2. From name + // 3. From DER encoding - protected PrincipalName() { + /** + * Creates a PrincipalName. + */ + public PrincipalName(int nameType, String[] nameStrings, Realm nameRealm) { + if (nameRealm == null) { + throw new IllegalArgumentException("Null realm not allowed"); + } + validateNameStrings(nameStrings); + this.nameType = nameType; + this.nameStrings = nameStrings.clone(); + this.nameRealm = nameRealm; + this.realmDeduced = false; } - public PrincipalName(String[] nameParts, int type) - throws IllegalArgumentException, IOException { - if (nameParts == null) { - throw new IllegalArgumentException("Null input not allowed"); - } - nameStrings = new String[nameParts.length]; - System.arraycopy(nameParts, 0, nameStrings, 0, nameParts.length); - nameType = type; - nameRealm = null; + // This method is called by Windows NativeCred.c + public PrincipalName(String[] nameParts, String realm) throws RealmException { + this(KRB_NT_UNKNOWN, nameParts, new Realm(realm)); } - public PrincipalName(String[] nameParts) throws IOException { - this(nameParts, KRB_NT_UNKNOWN); + // Validate a nameStrings argument + private static void validateNameStrings(String[] ns) { + if (ns == null) { + throw new IllegalArgumentException("Null nameStrings not allowed"); + } + if (ns.length == 0) { + throw new IllegalArgumentException("Empty nameStrings not allowed"); + } + for (String s: ns) { + if (s == null) { + throw new IllegalArgumentException("Null nameString not allowed"); + } + if (s.isEmpty()) { + throw new IllegalArgumentException("Empty nameString not allowed"); + } + } } public Object clone() { try { PrincipalName pName = (PrincipalName) super.clone(); - // Re-assign mutable fields - if (nameStrings != null) { - pName.nameStrings = nameStrings.clone(); - } - if (nameRealm != null) { - pName.nameRealm = (Realm)nameRealm.clone(); - } + UNSAFE.putObject(this, NAME_STRINGS_OFFSET, nameStrings.clone()); return pName; } catch (CloneNotSupportedException ex) { throw new AssertionError("Should never happen"); } } - /* - * Added to workaround a bug where the equals method that takes a - * PrincipalName is not being called but Object.equals(Object) is - * being called. - */ - public boolean equals(Object o) { - if (o instanceof PrincipalName) - return equals((PrincipalName)o); - else - return false; + private static final long NAME_STRINGS_OFFSET; + private static final sun.misc.Unsafe UNSAFE; + static { + try { + sun.misc.Unsafe unsafe = sun.misc.Unsafe.getUnsafe(); + NAME_STRINGS_OFFSET = unsafe.objectFieldOffset( + PrincipalName.class.getDeclaredField("nameStrings")); + UNSAFE = unsafe; + } catch (ReflectiveOperationException e) { + throw new Error(e); + } } - public boolean equals(PrincipalName other) { - - - if (!equalsWithoutRealm(other)) { - return false; - } - - if ((nameRealm != null && other.nameRealm == null) || - (nameRealm == null && other.nameRealm != null)) { - return false; - } - - if (nameRealm != null && other.nameRealm != null) { - if (!nameRealm.equals(other.nameRealm)) { - return false; - } + @Override + public boolean equals(Object o) { + if (this == o) { + return true; } - - return true; - } - - boolean equalsWithoutRealm(PrincipalName other) { - - if ((nameStrings != null && other.nameStrings == null) || - (nameStrings == null && other.nameStrings != null)) - return false; - - if (nameStrings != null && other.nameStrings != null) { - if (nameStrings.length != other.nameStrings.length) - return false; - for (int i = 0; i < nameStrings.length; i++) - if (!nameStrings[i].equals(other.nameStrings[i])) - return false; + if (o instanceof PrincipalName) { + PrincipalName other = (PrincipalName)o; + return nameRealm.equals(other.nameRealm) && + Arrays.equals(nameStrings, other.nameStrings); } - - return true; - + return false; } /** @@ -207,21 +229,25 @@ * <a href="http://www.ietf.org/rfc/rfc4120.txt"> * http://www.ietf.org/rfc/rfc4120.txt</a>. * - * @param encoding a Der-encoded data. + * @param encoding DER-encoded PrincipalName (without Realm) + * @param realm the realm for this name * @exception Asn1Exception if an error occurs while decoding * an ASN1 encoded data. * @exception Asn1Exception if there is an ASN1 encoding error * @exception IOException if an I/O error occurs * @exception IllegalArgumentException if encoding is null * reading encoded data. - * */ - public PrincipalName(DerValue encoding) - throws Asn1Exception, IOException { - nameRealm = null; + public PrincipalName(DerValue encoding, Realm realm) + throws Asn1Exception, IOException { + if (realm == null) { + throw new IllegalArgumentException("Null realm not allowed"); + } + realmDeduced = false; + nameRealm = realm; DerValue der; if (encoding == null) { - throw new IllegalArgumentException("Null input not allowed"); + throw new IllegalArgumentException("Null encoding not allowed"); } if (encoding.getTag() != DerValue.tag_Sequence) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); @@ -243,14 +269,12 @@ DerValue subSubDer; while(subDer.getData().available() > 0) { subSubDer = subDer.getData().getDerValue(); - v.addElement(new KerberosString(subSubDer).toString()); + String namePart = new KerberosString(subSubDer).toString(); + v.addElement(namePart); } - if (v.size() > 0) { - nameStrings = new String[v.size()]; - v.copyInto(nameStrings); - } else { - nameStrings = new String[] {""}; - } + nameStrings = new String[v.size()]; + v.copyInto(nameStrings); + validateNameStrings(nameStrings); } else { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } @@ -267,32 +291,35 @@ * more marshaled value. * @param explicitTag tag number. * @param optional indicate if this data field is optional - * @return an instance of <code>PrincipalName</code>. - * + * @param realm the realm for the name + * @return an instance of <code>PrincipalName</code>, or null if the + * field is optional and missing. */ public static PrincipalName parse(DerInputStream data, byte explicitTag, boolean - optional) - throws Asn1Exception, IOException { + optional, + Realm realm) + throws Asn1Exception, IOException, RealmException { if ((optional) && (((byte)data.peekByte() & (byte)0x1F) != explicitTag)) return null; DerValue der = data.getDerValue(); - if (explicitTag != (der.getTag() & (byte)0x1F)) + if (explicitTag != (der.getTag() & (byte)0x1F)) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); - else { + } else { DerValue subDer = der.getData().getDerValue(); - return new PrincipalName(subDer); + if (realm == null) { + realm = Realm.getDefault(); + } + return new PrincipalName(subDer, realm); } } - // This is protected because the definition of a principal - // string is fixed // XXX Error checkin consistent with MIT krb5_parse_name // Code repetition, realm parsed again by class Realm - protected static String[] parseName(String name) { + private static String[] parseName(String name) { Vector<String> tempStrings = new Vector<>(); String temp = name; @@ -312,13 +339,13 @@ continue; } else { - if (componentStart < i) { + if (componentStart <= i) { component = temp.substring(componentStart, i); tempStrings.addElement(component); } componentStart = i + 1; } - } else + } else { if (temp.charAt(i) == NAME_REALM_SEPARATOR) { /* * If this separator is escaped then don't treat it @@ -337,11 +364,11 @@ break; } } + } i++; } - if (i == temp.length()) - if (componentStart < i) { + if (i == temp.length()) { component = temp.substring(componentStart, i); tempStrings.addElement(component); } @@ -351,29 +378,29 @@ return result; } - public PrincipalName(String name, int type) - throws RealmException { + /** + * Constructs a PrincipalName from a string. + * @param name the name + * @param type the type + * @param realm the realm, null if not known. Note that when realm is not + * null, it will be always used even if there is a realm part in name. When + * realm is null, will read realm part from name, or try to map a realm + * (for KRB_NT_SRV_HST), or use the default realm, or fail + * @throws RealmException + */ + public PrincipalName(String name, int type, String realm) + throws RealmException { if (name == null) { throw new IllegalArgumentException("Null name not allowed"); } String[] nameParts = parseName(name); - Realm tempRealm = null; - String realmString = Realm.parseRealmAtSeparator(name); - - if (realmString == null) { - try { - Config config = Config.getInstance(); - realmString = config.getDefaultRealm(); - } catch (KrbException e) { - RealmException re = - new RealmException(e.getMessage()); - re.initCause(e); - throw re; - } + validateNameStrings(nameParts); + if (realm == null) { + realm = Realm.parseRealmAtSeparator(name); } - if (realmString != null) - tempRealm = new Realm(realmString); + // No realm info from parameter and string, must deduce later + realmDeduced = realm == null; switch (type) { case KRB_NT_SRV_HST: @@ -394,25 +421,29 @@ hostName.toLowerCase(Locale.ENGLISH)+".")) { hostName = canonicalized; } - } catch (UnknownHostException e) { - // no canonicalization, use old + } catch (UnknownHostException | SecurityException e) { + // not canonicalized or no permission to do so, use old } nameParts[1] = hostName.toLowerCase(Locale.ENGLISH); } nameStrings = nameParts; nameType = type; + + if (realm != null) { + nameRealm = new Realm(realm); + } else { // We will try to get realm name from the mapping in // the configuration. If it is not specified // we will use the default realm. This nametype does // not allow a realm to be specified. The name string must of // the form service@host and this is internally changed into // service/host by Kerberos - - String mapRealm = mapHostToRealm(nameParts[1]); - if (mapRealm != null) { - nameRealm = new Realm(mapRealm); - } else { - nameRealm = tempRealm; + String mapRealm = mapHostToRealm(nameParts[1]); + if (mapRealm != null) { + nameRealm = new Realm(mapRealm); + } else { + nameRealm = Realm.getDefault(); + } } break; case KRB_NT_UNKNOWN: @@ -422,20 +453,34 @@ case KRB_NT_UID: nameStrings = nameParts; nameType = type; - nameRealm = tempRealm; + if (realm != null) { + nameRealm = new Realm(realm); + } else { + nameRealm = Realm.getDefault(); + } break; default: throw new IllegalArgumentException("Illegal name type"); } } + public PrincipalName(String name, int type) throws RealmException { + this(name, type, (String)null); + } + public PrincipalName(String name) throws RealmException { this(name, KRB_NT_UNKNOWN); } public PrincipalName(String name, String realm) throws RealmException { - this(name, KRB_NT_UNKNOWN); - nameRealm = new Realm(realm); + this(name, KRB_NT_UNKNOWN, realm); + } + + public static PrincipalName tgsService(String r1, String r2) + throws KrbException { + return new PrincipalName(PrincipalName.KRB_NT_SRV_INST, + new String[] {PrincipalName.TGS_DEFAULT_SRV_NAME, r1}, + new Realm(r2)); } public String getRealmAsString() { @@ -475,29 +520,17 @@ } public String getRealmString() { - if (nameRealm != null) - return nameRealm.toString(); - return null; + return nameRealm.toString(); } public Realm getRealm() { return nameRealm; } - public void setRealm(Realm new_nameRealm) throws RealmException { - nameRealm = new_nameRealm; - } - - public void setRealm(String realmsString) throws RealmException { - nameRealm = new Realm(realmsString); - } - public String getSalt() { if (salt == null) { StringBuffer salt = new StringBuffer(); - if (nameRealm != null) { - salt.append(nameRealm.toString()); - } + salt.append(nameRealm.toString()); for (int i = 0; i < nameStrings.length; i++) { salt.append(nameStrings[i]); } @@ -513,11 +546,8 @@ str.append("/"); str.append(nameStrings[i]); } - if (nameRealm != null) { - str.append("@"); - str.append(nameRealm.toString()); - } - + str.append("@"); + str.append(nameRealm.toString()); return str.toString(); } @@ -532,7 +562,8 @@ } /** - * Encodes a <code>PrincipalName</code> object. + * Encodes a <code>PrincipalName</code> object. Note that only the type and + * names are encoded. To encode the realm, call getRealm().asn1Encode(). * @return the byte array of the encoded PrncipalName object. * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. * @exception IOException if an I/O error occurs while reading encoded data. @@ -597,12 +628,10 @@ public void writePrincipal(CCacheOutputStream cos) throws IOException { cos.write32(nameType); cos.write32(nameStrings.length); - if (nameRealm != null) { - byte[] realmBytes = null; - realmBytes = nameRealm.toString().getBytes(); - cos.write32(realmBytes.length); - cos.write(realmBytes, 0, realmBytes.length); - } + byte[] realmBytes = null; + realmBytes = nameRealm.toString().getBytes(); + cos.write32(realmBytes.length); + cos.write(realmBytes, 0, realmBytes.length); byte[] bytes = null; for (int i = 0; i < nameStrings.length; i++) { bytes = nameStrings[i].getBytes(); @@ -612,31 +641,6 @@ } /** - * Creates a KRB_NT_SRV_INST name from the supplied - * name components and realm. - * @param primary the primary component of the name - * @param instance the instance component of the name - * @param realm the realm - * @throws KrbException - */ - protected PrincipalName(String primary, String instance, String realm, - int type) - throws KrbException { - - if (type != KRB_NT_SRV_INST) { - throw new KrbException(Krb5.KRB_ERR_GENERIC, "Bad name type"); - } - - String[] nParts = new String[2]; - nParts[0] = primary; - nParts[1] = instance; - - this.nameStrings = nParts; - this.nameRealm = new Realm(realm); - this.nameType = type; - } - - /** * Returns the instance component of a name. * In a multi-component name such as a KRB_NT_SRV_INST * name, the second component is returned. @@ -684,4 +688,7 @@ return result; } + public boolean isRealmDeduced() { + return realmDeduced; + } }
--- a/src/share/classes/sun/security/krb5/Realm.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/Realm.java Sat Sep 10 22:36:17 2016 +0100 @@ -47,24 +47,35 @@ * <xmp> * Realm ::= GeneralString * </xmp> + * This class is immutable. */ public class Realm implements Cloneable { - private String realm; - private static boolean DEBUG = Krb5.DEBUG; - private Realm() { - } + public static final boolean AUTODEDUCEREALM = + java.security.AccessController.doPrivileged( + new sun.security.action.GetBooleanAction( + "sun.security.krb5.autodeducerealm")); + + private final String realm; // not null nor empty + private static boolean DEBUG = Krb5.DEBUG; public Realm(String name) throws RealmException { realm = parseRealm(name); } + public static Realm getDefault() throws RealmException { + try { + return new Realm(Config.getInstance().getDefaultRealm()); + } catch (RealmException re) { + throw re; + } catch (KrbException ke) { + throw new RealmException(ke); + } + } + + // Immutable class, no need to clone public Object clone() { - Realm new_realm = new Realm(); - if (realm != null) { - new_realm.realm = new String(realm); - } - return new_realm; + return this; } public boolean equals(Object obj) { @@ -77,21 +88,11 @@ } Realm that = (Realm)obj; - if (this.realm != null && that.realm != null ) { - return this.realm.equals(that.realm); - } else { - return (this.realm == null && that.realm == null); - } + return this.realm.equals(that.realm); } public int hashCode() { - int result = 17 ; - - if( realm != null ) { - result = 37 * result + realm.hashCode(); - } - - return result; + return realm.hashCode(); } /** @@ -117,6 +118,7 @@ return realm; } + // Extract realm from a string like dummy@REALM public static String parseRealmAtSeparator(String name) throws RealmException { if (name == null) { @@ -129,8 +131,12 @@ while (i < temp.length()) { if (temp.charAt(i) == PrincipalName.NAME_REALM_SEPARATOR) { if (i == 0 || temp.charAt(i - 1) != '\\') { - if (i + 1 < temp.length()) + if (i + 1 < temp.length()) { result = temp.substring(i + 1, temp.length()); + } else { + throw new IllegalArgumentException + ("empty realm part not allowed"); + } break; } } @@ -220,7 +226,8 @@ * @return an instance of Realm. * */ - public static Realm parse(DerInputStream data, byte explicitTag, boolean optional) throws Asn1Exception, IOException, RealmException { + public static Realm parse(DerInputStream data, byte explicitTag, boolean optional) + throws Asn1Exception, IOException, RealmException { if ((optional) && (((byte)data.peekByte() & (byte)0x1F) != explicitTag)) { return null; }
--- a/src/share/classes/sun/security/krb5/RealmException.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/RealmException.java Sat Sep 10 22:36:17 2016 +0100 @@ -47,4 +47,7 @@ super(i,s); } + public RealmException(Throwable cause) { + super(cause); + } }
--- a/src/share/classes/sun/security/krb5/ServiceName.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,57 +0,0 @@ -/* - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * - * (C) Copyright IBM Corp. 1999 All Rights Reserved. - * Copyright 1997 The Open Group Research Institute. All rights reserved. - */ - -package sun.security.krb5; - -import java.net.InetAddress; -import java.net.UnknownHostException; - -public class ServiceName extends PrincipalName { - - public ServiceName(String name, int type) throws RealmException { - super(name, type); - - } - public ServiceName(String name) throws RealmException { - this(name, PrincipalName.KRB_NT_UNKNOWN); - } - - public ServiceName(String name, String realm) throws RealmException { - this(name, PrincipalName.KRB_NT_UNKNOWN); - setRealm(realm); - } - - public ServiceName (String service, String instance, String realm) - throws KrbException - { - super(service, instance, realm, PrincipalName.KRB_NT_SRV_INST); - } - -}
--- a/src/share/classes/sun/security/krb5/internal/ASRep.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/ASRep.java Sat Sep 10 22:36:17 2016 +0100 @@ -42,11 +42,10 @@ public ASRep( PAData[] new_pAData, - Realm new_crealm, PrincipalName new_cname, Ticket new_ticket, EncryptedData new_encPart) throws IOException { - super(new_pAData, new_crealm, new_cname, new_ticket, + super(new_pAData, new_cname, new_ticket, new_encPart, Krb5.KRB_AS_REP); }
--- a/src/share/classes/sun/security/krb5/internal/Authenticator.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/Authenticator.java Sat Sep 10 22:36:17 2016 +0100 @@ -61,7 +61,6 @@ public class Authenticator { public int authenticator_vno; - public Realm crealm; public PrincipalName cname; Checksum cksum; //optional public int cusec; @@ -71,7 +70,6 @@ public AuthorizationData authorizationData; //optional public Authenticator( - Realm new_crealm, PrincipalName new_cname, Checksum new_cksum, int new_cusec, @@ -80,7 +78,6 @@ Integer new_seqNumber, AuthorizationData new_authorizationData) { authenticator_vno = Krb5.AUTHNETICATOR_VNO; - crealm = new_crealm; cname = new_cname; cksum = new_cksum; cusec = new_cusec; @@ -131,8 +128,8 @@ if (authenticator_vno != 5) { throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); } - crealm = Realm.parse(der.getData(), (byte) 0x01, false); - cname = PrincipalName.parse(der.getData(), (byte) 0x02, false); + Realm crealm = Realm.parse(der.getData(), (byte) 0x01, false); + cname = PrincipalName.parse(der.getData(), (byte) 0x02, false, crealm); cksum = Checksum.parse(der.getData(), (byte) 0x03, true); subDer = der.getData().getDerValue(); if ((subDer.getTag() & (byte) 0x1F) == 0x04) { @@ -180,7 +177,7 @@ DerOutputStream temp = new DerOutputStream(); temp.putInteger(BigInteger.valueOf(authenticator_vno)); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp.toByteArray())); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), crealm.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), cname.getRealm().asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), cname.asn1Encode())); if (cksum != null) { v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), cksum.asn1Encode()));
--- a/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java Sat Sep 10 22:36:17 2016 +0100 @@ -72,23 +72,9 @@ public static Credentials acquireServiceCreds( String service, Credentials ccreds) throws KrbException, IOException { - ServiceName sname = new ServiceName(service); + PrincipalName sname = new PrincipalName(service); String serviceRealm = sname.getRealmString(); String localRealm = ccreds.getClient().getRealmString(); - String defaultRealm = Config.getInstance().getDefaultRealm(); - - if (localRealm == null) { - PrincipalName temp = null; - if ((temp = ccreds.getServer()) != null) - localRealm = temp.getRealmString(); - } - if (localRealm == null) { - localRealm = defaultRealm; - } - if (serviceRealm == null) { - serviceRealm = localRealm; - sname.setRealm(serviceRealm); - } /* if (!localRealm.equalsIgnoreCase(serviceRealm)) { //do cross-realm auth entication @@ -128,13 +114,12 @@ int i = 0, k = 0; Credentials cTgt = null, newTgt = null, theTgt = null; - ServiceName tempService = null; + PrincipalName tempService = null; String realm = null, newTgtRealm = null, theTgtRealm = null; for (cTgt = ccreds, i = 0; i < realms.length;) { - tempService = new ServiceName(PrincipalName.TGS_DEFAULT_SRV_NAME, - serviceRealm, realms[i]); + tempService = PrincipalName.tgsService(serviceRealm, realms[i]); if (DEBUG) { @@ -162,9 +147,7 @@ newTgt == null && k < realms.length; k++) { - tempService = new ServiceName( - PrincipalName.TGS_DEFAULT_SRV_NAME, - realms[k], realms[i]); + tempService = PrincipalName.tgsService(realms[k], realms[i]); if (DEBUG) { System.out.println(">>> Credentials acquireServiceCreds: inner loop: [" + k +"] tempService=" + tempService); @@ -304,7 +287,7 @@ * This method does the real job to request the service credential. */ private static Credentials serviceCreds( - ServiceName service, Credentials ccreds) + PrincipalName service, Credentials ccreds) throws KrbException, IOException { return new KrbTgsReq(ccreds, service).sendAndGetCreds(); }
--- a/src/share/classes/sun/security/krb5/internal/EncASRepPart.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/EncASRepPart.java Sat Sep 10 22:36:17 2016 +0100 @@ -46,7 +46,6 @@ KerberosTime new_starttime, KerberosTime new_endtime, KerberosTime new_renewTill, - Realm new_srealm, PrincipalName new_sname, HostAddresses new_caddr) { super( @@ -59,7 +58,6 @@ new_starttime, new_endtime, new_renewTill, - new_srealm, new_sname, new_caddr, Krb5.KRB_ENC_AS_REP_PART
--- a/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java Sat Sep 10 22:36:17 2016 +0100 @@ -74,7 +74,6 @@ public KerberosTime starttime; //optional public KerberosTime endtime; public KerberosTime renewTill; //optional - public Realm srealm; public PrincipalName sname; public HostAddresses caddr; //optional public int msgType; //not included in sequence @@ -89,7 +88,6 @@ KerberosTime new_starttime, KerberosTime new_endtime, KerberosTime new_renewTill, - Realm new_srealm, PrincipalName new_sname, HostAddresses new_caddr, int new_msgType) { @@ -102,7 +100,6 @@ starttime = new_starttime; endtime = new_endtime; renewTill = new_renewTill; - srealm = new_srealm; sname = new_sname; caddr = new_caddr; msgType = new_msgType; @@ -158,8 +155,8 @@ starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true); endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false); renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true); - srealm = Realm.parse(der.getData(), (byte) 0x09, false); - sname = PrincipalName.parse(der.getData(), (byte) 0x0A, false); + Realm srealm = Realm.parse(der.getData(), (byte) 0x09, false); + sname = PrincipalName.parse(der.getData(), (byte) 0x0A, false, srealm); if (der.getData().available() > 0) { caddr = HostAddresses.parse(der.getData(), (byte) 0x0B, true); } @@ -206,7 +203,7 @@ true, (byte) 0x08), renewTill.asn1Encode()); } bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, - true, (byte) 0x09), srealm.asn1Encode()); + true, (byte) 0x09), sname.getRealm().asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x0A), sname.asn1Encode()); if (caddr != null) {
--- a/src/share/classes/sun/security/krb5/internal/EncTGSRepPart.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/EncTGSRepPart.java Sat Sep 10 22:36:17 2016 +0100 @@ -45,7 +45,6 @@ KerberosTime new_starttime, KerberosTime new_endtime, KerberosTime new_renewTill, - Realm new_srealm, PrincipalName new_sname, HostAddresses new_caddr) { super( @@ -58,7 +57,6 @@ new_starttime, new_endtime, new_renewTill, - new_srealm, new_sname, new_caddr, Krb5.KRB_ENC_TGS_REP_PART);
--- a/src/share/classes/sun/security/krb5/internal/EncTicketPart.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/EncTicketPart.java Sat Sep 10 22:36:17 2016 +0100 @@ -65,7 +65,6 @@ public TicketFlags flags; public EncryptionKey key; - public Realm crealm; public PrincipalName cname; public TransitedEncoding transited; public KerberosTime authtime; @@ -78,7 +77,6 @@ public EncTicketPart( TicketFlags new_flags, EncryptionKey new_key, - Realm new_crealm, PrincipalName new_cname, TransitedEncoding new_transited, KerberosTime new_authtime, @@ -89,7 +87,6 @@ AuthorizationData new_authorizationData) { flags = new_flags; key = new_key; - crealm = new_crealm; cname = new_cname; transited = new_transited; authtime = new_authtime; @@ -151,8 +148,8 @@ } flags = TicketFlags.parse(der.getData(), (byte) 0x00, false); key = EncryptionKey.parse(der.getData(), (byte) 0x01, false); - crealm = Realm.parse(der.getData(), (byte) 0x02, false); - cname = PrincipalName.parse(der.getData(), (byte) 0x03, false); + Realm crealm = Realm.parse(der.getData(), (byte) 0x02, false); + cname = PrincipalName.parse(der.getData(), (byte) 0x03, false, crealm); transited = TransitedEncoding.parse(der.getData(), (byte) 0x04, false); authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false); starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true); @@ -186,7 +183,7 @@ bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), key.asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, - true, (byte) 0x02), crealm.asn1Encode()); + true, (byte) 0x02), cname.getRealm().asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), cname.asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
--- a/src/share/classes/sun/security/krb5/internal/KDCRep.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/KDCRep.java Sat Sep 10 22:36:17 2016 +0100 @@ -61,7 +61,6 @@ */ public class KDCRep { - public Realm crealm; public PrincipalName cname; public Ticket ticket; public EncryptedData encPart; @@ -73,7 +72,6 @@ public KDCRep( PAData[] new_pAData, - Realm new_crealm, PrincipalName new_cname, Ticket new_ticket, EncryptedData new_encPart, @@ -90,7 +88,6 @@ } } } - crealm = new_crealm; cname = new_cname; ticket = new_ticket; encPart = new_encPart; @@ -174,8 +171,8 @@ } else { pAData = null; } - crealm = Realm.parse(der.getData(), (byte) 0x03, false); - cname = PrincipalName.parse(der.getData(), (byte) 0x04, false); + Realm crealm = Realm.parse(der.getData(), (byte) 0x03, false); + cname = PrincipalName.parse(der.getData(), (byte) 0x04, false, crealm); ticket = Ticket.parse(der.getData(), (byte) 0x05, false); encPart = EncryptedData.parse(der.getData(), (byte) 0x06, false); if (der.getData().available() > 0) { @@ -212,7 +209,7 @@ true, (byte) 0x02), temp); } bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, - true, (byte) 0x03), crealm.asn1Encode()); + true, (byte) 0x03), cname.getRealm().asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x04), cname.asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
--- a/src/share/classes/sun/security/krb5/internal/KDCReqBody.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/KDCReqBody.java Sat Sep 10 22:36:17 2016 +0100 @@ -72,7 +72,6 @@ public class KDCReqBody { public KDCOptions kdcOptions; public PrincipalName cname; //optional in ASReq only - public Realm crealm; public PrincipalName sname; //optional public KerberosTime from; //optional public KerberosTime till; @@ -87,7 +86,6 @@ public KDCReqBody( KDCOptions new_kdcOptions, PrincipalName new_cname, //optional in ASReq only - Realm new_crealm, PrincipalName new_sname, //optional KerberosTime new_from, //optional KerberosTime new_till, @@ -100,7 +98,6 @@ ) throws IOException { kdcOptions = new_kdcOptions; cname = new_cname; - crealm = new_crealm; sname = new_sname; from = new_from; till = new_till; @@ -142,12 +139,22 @@ throw new Asn1Exception(Krb5.ASN1_BAD_ID); } kdcOptions = KDCOptions.parse(encoding.getData(), (byte)0x00, false); - cname = PrincipalName.parse(encoding.getData(), (byte)0x01, true); + + // cname only appears in AS-REQ and it shares the realm field with + // sname. This is the only place where realm comes after the name. + // We first give cname a fake realm and reassign it the correct + // realm after the realm field is read. + cname = PrincipalName.parse(encoding.getData(), (byte)0x01, true, + new Realm("PLACEHOLDER")); if ((msgType != Krb5.KRB_AS_REQ) && (cname != null)) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } - crealm = Realm.parse(encoding.getData(), (byte)0x02, false); - sname = PrincipalName.parse(encoding.getData(), (byte)0x03, true); + Realm realm = Realm.parse(encoding.getData(), (byte)0x02, false); + if (cname != null) { + cname = new PrincipalName( + cname.getNameType(), cname.getNameStrings(), realm); + } + sname = PrincipalName.parse(encoding.getData(), (byte)0x03, true, realm); from = KerberosTime.parse(encoding.getData(), (byte)0x04, true); till = KerberosTime.parse(encoding.getData(), (byte)0x05, false); rtime = KerberosTime.parse(encoding.getData(), (byte)0x06, true); @@ -223,9 +230,11 @@ v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), cname.asn1Encode())); } } - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), crealm.asn1Encode())); if (sname != null) { + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), sname.getRealm().asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), sname.asn1Encode())); + } else if (cname != null) { + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), cname.getRealm().asn1Encode())); } if (from != null) { v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), from.asn1Encode()));
--- a/src/share/classes/sun/security/krb5/internal/KRBError.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/KRBError.java Sat Sep 10 22:36:17 2016 +0100 @@ -90,9 +90,7 @@ private KerberosTime sTime; private Integer suSec; private int errorCode; - private Realm crealm; //optional private PrincipalName cname; //optional - private Realm realm; private PrincipalName sname; private String eText; //optional private byte[] eData; //optional @@ -128,9 +126,7 @@ KerberosTime new_sTime, Integer new_suSec, int new_errorCode, - Realm new_crealm, PrincipalName new_cname, - Realm new_realm, PrincipalName new_sname, String new_eText, byte[] new_eData @@ -142,9 +138,7 @@ sTime = new_sTime; suSec = new_suSec; errorCode = new_errorCode; - crealm = new_crealm; cname = new_cname; - realm = new_realm; sname = new_sname; eText = new_eText; eData = new_eData; @@ -159,9 +153,7 @@ KerberosTime new_sTime, Integer new_suSec, int new_errorCode, - Realm new_crealm, PrincipalName new_cname, - Realm new_realm, PrincipalName new_sname, String new_eText, byte[] new_eData, @@ -174,9 +166,7 @@ sTime = new_sTime; suSec = new_suSec; errorCode = new_errorCode; - crealm = new_crealm; cname = new_cname; - realm = new_realm; sname = new_sname; eText = new_eText; eData = new_eData; @@ -359,10 +349,10 @@ errorCode = subDer.getData().getBigInteger().intValue(); } else throw new Asn1Exception(Krb5.ASN1_BAD_ID); - crealm = Realm.parse(der.getData(), (byte)0x07, true); - cname = PrincipalName.parse(der.getData(), (byte)0x08, true); - realm = Realm.parse(der.getData(), (byte)0x09, false); - sname = PrincipalName.parse(der.getData(), (byte)0x0A, false); + Realm crealm = Realm.parse(der.getData(), (byte)0x07, true); + cname = PrincipalName.parse(der.getData(), (byte)0x08, true, crealm); + Realm realm = Realm.parse(der.getData(), (byte)0x09, false); + sname = PrincipalName.parse(der.getData(), (byte)0x0A, false, realm); eText = null; eData = null; eCksum = null; @@ -403,15 +393,9 @@ System.out.println("\t suSec is " + suSec); System.out.println("\t error code is " + errorCode); System.out.println("\t error Message is " + Krb5.getErrorMessage(errorCode)); - if (crealm != null) { - System.out.println("\t crealm is " + crealm.toString()); - } if (cname != null) { System.out.println("\t cname is " + cname.toString()); } - if (realm != null) { - System.out.println("\t realm is " + realm.toString()); - } if (sname != null) { System.out.println("\t sname is " + sname.toString()); } @@ -458,14 +442,12 @@ temp.putInteger(BigInteger.valueOf(errorCode)); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), temp); - if (crealm != null) { - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), crealm.asn1Encode()); - } if (cname != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), cname.getRealm().asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), cname.asn1Encode()); } - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), realm.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), sname.getRealm().asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), sname.asn1Encode()); if (eText != null) { @@ -506,9 +488,7 @@ isEqual(sTime, other.sTime) && isEqual(suSec, other.suSec) && errorCode == other.errorCode && - isEqual(crealm, other.crealm) && isEqual(cname, other.cname) && - isEqual(realm, other.realm) && isEqual(sname, other.sname) && isEqual(eText, other.eText) && java.util.Arrays.equals(eData, other.eData) && @@ -528,9 +508,7 @@ if (sTime != null) result = 37 * result + sTime.hashCode(); if (suSec != null) result = 37 * result + suSec.hashCode(); result = 37 * result + errorCode; - if (crealm != null) result = 37 * result + crealm.hashCode(); if (cname != null) result = 37 * result + cname.hashCode(); - if (realm != null) result = 37 * result + realm.hashCode(); if (sname != null) result = 37 * result + sname.hashCode(); if (eText != null) result = 37 * result + eText.hashCode(); result = 37 * result + Arrays.hashCode(eData);
--- a/src/share/classes/sun/security/krb5/internal/KrbCredInfo.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/KrbCredInfo.java Sat Sep 10 22:36:17 2016 +0100 @@ -63,14 +63,12 @@ public class KrbCredInfo { public EncryptionKey key; - public Realm prealm; //optional public PrincipalName pname; //optional public TicketFlags flags; //optional public KerberosTime authtime; //optional public KerberosTime starttime; //optional public KerberosTime endtime; //optional public KerberosTime renewTill; //optional - public Realm srealm; //optional public PrincipalName sname; //optional public HostAddresses caddr; //optional @@ -79,26 +77,22 @@ public KrbCredInfo( EncryptionKey new_key, - Realm new_prealm, PrincipalName new_pname, TicketFlags new_flags, KerberosTime new_authtime, KerberosTime new_starttime, KerberosTime new_endtime, KerberosTime new_renewTill, - Realm new_srealm, PrincipalName new_sname, HostAddresses new_caddr ) { key = new_key; - prealm = new_prealm; pname = new_pname; flags = new_flags; authtime = new_authtime; starttime = new_starttime; endtime = new_endtime; renewTill = new_renewTill; - srealm = new_srealm; sname = new_sname; caddr = new_caddr; } @@ -115,21 +109,20 @@ if (encoding.getTag() != DerValue.tag_Sequence) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } - prealm = null; pname = null; flags = null; authtime = null; starttime = null; endtime = null; renewTill = null; - srealm = null; sname = null; caddr = null; key = EncryptionKey.parse(encoding.getData(), (byte)0x00, false); + Realm prealm = null, srealm = null; if (encoding.getData().available() > 0) prealm = Realm.parse(encoding.getData(), (byte)0x01, true); if (encoding.getData().available() > 0) - pname = PrincipalName.parse(encoding.getData(), (byte)0x02, true); + pname = PrincipalName.parse(encoding.getData(), (byte)0x02, true, prealm); if (encoding.getData().available() > 0) flags = TicketFlags.parse(encoding.getData(), (byte)0x03, true); if (encoding.getData().available() > 0) @@ -143,7 +136,7 @@ if (encoding.getData().available() > 0) srealm = Realm.parse(encoding.getData(), (byte)0x08, true); if (encoding.getData().available() > 0) - sname = PrincipalName.parse(encoding.getData(), (byte)0x09, true); + sname = PrincipalName.parse(encoding.getData(), (byte)0x09, true, srealm); if (encoding.getData().available() > 0) caddr = HostAddresses.parse(encoding.getData(), (byte)0x0A, true); if (encoding.getData().available() > 0) @@ -159,10 +152,10 @@ public byte[] asn1Encode() throws Asn1Exception, IOException { Vector<DerValue> v = new Vector<>(); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), key.asn1Encode())); - if (prealm != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), prealm.asn1Encode())); - if (pname != null) + if (pname != null) { + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), pname.getRealm().asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), pname.asn1Encode())); + } if (flags != null) v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), flags.asn1Encode())); if (authtime != null) @@ -173,10 +166,10 @@ v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), endtime.asn1Encode())); if (renewTill != null) v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), renewTill.asn1Encode())); - if (srealm != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), srealm.asn1Encode())); - if (sname != null) + if (sname != null) { + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), sname.getRealm().asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), sname.asn1Encode())); + } if (caddr != null) v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), caddr.asn1Encode())); DerValue der[] = new DerValue[v.size()]; @@ -190,8 +183,6 @@ KrbCredInfo kcred = new KrbCredInfo(); kcred.key = (EncryptionKey)key.clone(); // optional fields - if (prealm != null) - kcred.prealm = (Realm)prealm.clone(); if (pname != null) kcred.pname = (PrincipalName)pname.clone(); if (flags != null) @@ -204,8 +195,6 @@ kcred.endtime = (KerberosTime)endtime.clone(); if (renewTill != null) kcred.renewTill = (KerberosTime)renewTill.clone(); - if (srealm != null) - kcred.srealm = (Realm)srealm.clone(); if (sname != null) kcred.sname = (PrincipalName)sname.clone(); if (caddr != null)
--- a/src/share/classes/sun/security/krb5/internal/TGSRep.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/TGSRep.java Sat Sep 10 22:36:17 2016 +0100 @@ -42,12 +42,11 @@ public TGSRep( PAData[] new_pAData, - Realm new_crealm, PrincipalName new_cname, Ticket new_ticket, EncryptedData new_encPart ) throws IOException { - super(new_pAData, new_crealm, new_cname, new_ticket, + super(new_pAData, new_cname, new_ticket, new_encPart, Krb5.KRB_TGS_REP); }
--- a/src/share/classes/sun/security/krb5/internal/Ticket.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/Ticket.java Sat Sep 10 22:36:17 2016 +0100 @@ -60,7 +60,6 @@ public class Ticket implements Cloneable { public int tkt_vno; - public Realm realm; public PrincipalName sname; public EncryptedData encPart; @@ -69,7 +68,6 @@ public Object clone() { Ticket new_ticket = new Ticket(); - new_ticket.realm = (Realm)realm.clone(); new_ticket.sname = (PrincipalName)sname.clone(); new_ticket.encPart = (EncryptedData)encPart.clone(); new_ticket.tkt_vno = tkt_vno; @@ -77,12 +75,10 @@ } public Ticket( - Realm new_realm, PrincipalName new_sname, EncryptedData new_encPart ) { tkt_vno = Krb5.TICKET_VNO; - realm = new_realm; sname = new_sname; encPart = new_encPart; } @@ -123,8 +119,8 @@ tkt_vno = subDer.getData().getBigInteger().intValue(); if (tkt_vno != Krb5.TICKET_VNO) throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); - realm = Realm.parse(der.getData(), (byte)0x01, false); - sname = PrincipalName.parse(der.getData(), (byte)0x02, false); + Realm srealm = Realm.parse(der.getData(), (byte)0x01, false); + sname = PrincipalName.parse(der.getData(), (byte)0x02, false, srealm); encPart = EncryptedData.parse(der.getData(), (byte)0x03, false); if (der.getData().available() > 0) throw new Asn1Exception(Krb5.ASN1_BAD_ID); @@ -142,7 +138,7 @@ DerValue der[] = new DerValue[4]; temp.putInteger(BigInteger.valueOf(tkt_vno)); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), realm.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), sname.getRealm().asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), sname.asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), encPart.asn1Encode()); temp = new DerOutputStream();
--- a/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java Sat Sep 10 22:36:17 2016 +0100 @@ -32,9 +32,11 @@ import java.io.IOException; import java.io.InputStream; -import java.util.Hashtable; -import java.util.Vector; +import java.util.ArrayList; +import java.util.List; import java.util.StringTokenizer; + +import sun.misc.IOUtils; import sun.security.krb5.*; import sun.security.krb5.internal.*; import sun.security.krb5.internal.util.KrbDataInputStream; @@ -74,7 +76,6 @@ // this needs to be public for Kinit. public Tag readTag() throws IOException { char[] buf = new char[1024]; - byte[] bytes; int len; int tag = -1; int taglen; @@ -85,7 +86,6 @@ if (len < 0) { throw new IOException("stop."); } - bytes = new byte[len + 2]; if (len > buf.length) { throw new IOException("Invalid tag length."); } @@ -101,11 +101,7 @@ } len = len - (4 + taglen); } - Tag result; - if (tag == -1) { - } - result = new Tag(len, tag, time_offset, usec_offset); - return result; + return new Tag(len, tag, time_offset, usec_offset); } /* * In file-based credential cache, the realm name is stored as part of @@ -114,7 +110,6 @@ // made public for KinitOptions to call directly public PrincipalName readPrincipal(int version) throws IOException, RealmException { int type, length, namelength, kret; - PrincipalName p; String[] pname = null; String realm; /* Read principal type */ @@ -124,7 +119,7 @@ type = read(4); } length = readLength4(); - String[] result = new String[length + 1]; + List<String> result = new ArrayList<String>(); /* * DCE includes the principal's realm in the count; the new format * does not. @@ -133,22 +128,30 @@ length--; for (int i = 0; i <= length; i++) { namelength = readLength4(); - if (namelength > MAXNAMELENGTH) { - throw new IOException("Invalid name length in principal name."); - } - byte[] bytes = new byte[namelength]; - read(bytes, 0, namelength); - result[i] = new String(bytes); + byte[] bytes = IOUtils.readFully(this, namelength, true); + result.add(new String(bytes)); + } + if (result.isEmpty()) { + throw new IOException("No realm or principal"); } - if (isRealm(result[0])) { - realm = result[0]; - pname = new String[length]; - System.arraycopy(result, 1, pname, 0, length); - p = new PrincipalName(pname, type); - p.setRealm(realm); + if (isRealm(result.get(0))) { + realm = result.remove(0); + if (result.isEmpty()) { + throw new IOException("No principal name components"); + } + return new PrincipalName( + type, + result.toArray(new String[result.size()]), + new Realm(realm)); } - else p = new PrincipalName(result, type); - return p; + try { + return new PrincipalName( + type, + result.toArray(new String[result.size()]), + Realm.getDefault()); + } catch (RealmException re) { + return null; + } } /* @@ -183,10 +186,7 @@ if (version == KRB5_FCC_FVNO_3) read(2); /* keytype recorded twice in fvno 3 */ keyLen = readLength4(); - byte[] bytes = new byte[keyLen]; - for (int i = 0; i < keyLen; i++) { - bytes[i] = (byte)read(); - } + byte[] bytes = IOUtils.readFully(this, keyLen, true); return new EncryptionKey(bytes, keyType, new Integer(version)); } @@ -210,7 +210,7 @@ int numAddrs, addrType, addrLength; numAddrs = readLength4(); if (numAddrs > 0) { - HostAddress[] addrs = new HostAddress[numAddrs]; + List<HostAddress> addrs = new ArrayList<HostAddress>(); for (int i = 0; i < numAddrs; i++) { addrType = read(2); addrLength = readLength4(); @@ -223,9 +223,9 @@ byte[] result = new byte[addrLength]; for (int j = 0; j < addrLength; j++) result[j] = (byte)read(1); - addrs[i] = new HostAddress(addrType, result); + addrs.add(new HostAddress(addrType, result)); } - return addrs; + return addrs.toArray(new HostAddress[addrs.size()]); } return null; } @@ -234,18 +234,15 @@ int num, adtype, adlength; num = readLength4(); if (num > 0) { - AuthorizationDataEntry[] auData = new AuthorizationDataEntry[num]; + List<AuthorizationDataEntry> auData = new ArrayList<AuthorizationDataEntry>(); byte[] data = null; for (int i = 0; i < num; i++) { adtype = read(2); adlength = readLength4(); - data = new byte[adlength]; - for (int j = 0; j < adlength; j++) { - data[j] = (byte)read(); - } - auData[i] = new AuthorizationDataEntry(adtype, data); + data = IOUtils.readFully(this, adlength, true); + auData.add(new AuthorizationDataEntry(adtype, data)); } - return auData; + return auData.toArray(new AuthorizationDataEntry[auData.size()]); } else return null; } @@ -256,9 +253,7 @@ if (length == 0) { return null; } else { - byte[] bytes = new byte[length]; - read(bytes, 0, length); - return bytes; + return IOUtils.readFully(this, length, true); } } @@ -342,10 +337,10 @@ Credentials readCred(int version) throws IOException,RealmException, KrbApErrException, Asn1Exception { PrincipalName cpname = readPrincipal(version); if (DEBUG) - System.out.println(">>>DEBUG <CCacheInputStream> client principal is " + cpname.toString()); + System.out.println(">>>DEBUG <CCacheInputStream> client principal is " + cpname); PrincipalName spname = readPrincipal(version); if (DEBUG) - System.out.println(">>>DEBUG <CCacheInputStream> server principal is " + spname.toString()); + System.out.println(">>>DEBUG <CCacheInputStream> server principal is " + spname); EncryptionKey key = readKey(version); if (DEBUG) System.out.println(">>>DEBUG <CCacheInputStream> key type: " + key.getEType());
--- a/src/share/classes/sun/security/krb5/internal/ccache/Credentials.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/ccache/Credentials.java Sat Sep 10 22:36:17 2016 +0100 @@ -36,9 +36,7 @@ public class Credentials { PrincipalName cname; - Realm crealm; PrincipalName sname; - Realm srealm; EncryptionKey key; KerberosTime authtime; KerberosTime starttime;//optional @@ -67,15 +65,7 @@ Ticket new_ticket, Ticket new_secondTicket) { cname = (PrincipalName) new_cname.clone(); - if (new_cname.getRealm() != null) { - crealm = (Realm) new_cname.getRealm().clone(); - } - sname = (PrincipalName) new_sname.clone(); - if (new_sname.getRealm() != null) { - srealm = (Realm) new_sname.getRealm().clone(); - } - key = (EncryptionKey) new_key.clone(); authtime = (KerberosTime) new_authtime.clone(); @@ -110,7 +100,6 @@ { return; } - crealm = (Realm) kdcRep.crealm.clone(); cname = (PrincipalName) kdcRep.cname.clone(); ticket = (Ticket) kdcRep.ticket.clone(); key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone(); @@ -123,7 +112,6 @@ if (kdcRep.encKDCRepPart.renewTill != null) { renewTill = (KerberosTime) kdcRep.encKDCRepPart.renewTill.clone(); } - srealm = (Realm) kdcRep.encKDCRepPart.srealm.clone(); sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone(); caddr = (HostAddresses) kdcRep.encKDCRepPart.caddr.clone(); secondTicket = (Ticket) new_secondTicket.clone(); @@ -138,17 +126,7 @@ public Credentials(KDCRep kdcRep, Ticket new_ticket) { sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone(); - srealm = (Realm) kdcRep.encKDCRepPart.srealm.clone(); - try { - sname.setRealm(srealm); - } catch (RealmException e) { - } cname = (PrincipalName) kdcRep.cname.clone(); - crealm = (Realm) kdcRep.crealm.clone(); - try { - cname.setRealm(crealm); - } catch (RealmException e) { - } key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone(); authtime = (KerberosTime) kdcRep.encKDCRepPart.authtime.clone(); if (kdcRep.encKDCRepPart.starttime != null) { @@ -202,9 +180,6 @@ } public PrincipalName getServicePrincipal() throws RealmException { - if (sname.getRealm() == null) { - sname.setRealm(srealm); - } return sname; }
--- a/src/share/classes/sun/security/krb5/internal/ccache/CredentialsCache.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/ccache/CredentialsCache.java Sat Sep 10 22:36:17 2016 +0100 @@ -120,6 +120,6 @@ public abstract void save() throws IOException, KrbException; public abstract Credentials[] getCredsList(); public abstract Credentials getDefaultCreds(); - public abstract Credentials getCreds(PrincipalName sname, Realm srealm) ; - public abstract Credentials getCreds(LoginOptions options, PrincipalName sname, Realm srealm) ; + public abstract Credentials getCreds(PrincipalName sname); + public abstract Credentials getCreds(LoginOptions options, PrincipalName sname); }
--- a/src/share/classes/sun/security/krb5/internal/ccache/FileCCacheConstants.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/ccache/FileCCacheConstants.java Sat Sep 10 22:36:17 2016 +0100 @@ -49,7 +49,6 @@ public final int KRB5_FCC_FVNO_4 = 0x504; public final int FCC_TAG_DELTATIME = 1; public final int KRB5_NT_UNKNOWN = 0; - public final int MAXNAMELENGTH = 1024; public final int TKT_FLG_FORWARDABLE = 0x40000000; public final int TKT_FLG_FORWARDED = 0x20000000; public final int TKT_FLG_PROXIABLE = 0x10000000;
--- a/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java Sat Sep 10 22:36:17 2016 +0100 @@ -62,7 +62,6 @@ public int version; public Tag tag; // optional public PrincipalName primaryPrincipal; - public Realm primaryRealm; private Vector<Credentials> credentialsList; private static String dir; private static boolean DEBUG = Krb5.DEBUG; @@ -74,9 +73,9 @@ try { FileCredentialsCache fcc = new FileCredentialsCache(); if (cache == null) { - cacheName = fcc.getDefaultCacheName(); + cacheName = FileCredentialsCache.getDefaultCacheName(); } else { - cacheName = fcc.checkValidation(cache); + cacheName = FileCredentialsCache.checkValidation(cache); } if ((cacheName == null) || !(new File(cacheName)).exists()) { // invalid cache name or the file doesn't exist @@ -84,7 +83,6 @@ } if (principal != null) { fcc.primaryPrincipal = principal; - fcc.primaryRealm = principal.getRealm(); } fcc.load(cacheName); return fcc; @@ -110,7 +108,7 @@ String name) { try { FileCredentialsCache fcc = new FileCredentialsCache(); - cacheName = fcc.checkValidation(name); + cacheName = FileCredentialsCache.checkValidation(name); if (cacheName == null) { // invalid cache name or the file doesn't exist return null; @@ -128,7 +126,7 @@ static synchronized FileCredentialsCache New(PrincipalName principal) { try { FileCredentialsCache fcc = new FileCredentialsCache(); - cacheName = fcc.getDefaultCacheName(); + cacheName = FileCredentialsCache.getDefaultCacheName(); fcc.init(principal, cacheName); return fcc; } @@ -158,7 +156,6 @@ synchronized void init(PrincipalName principal, String name) throws IOException, KrbException { primaryPrincipal = principal; - primaryRealm = principal.getRealm(); try (FileOutputStream fos = new FileOutputStream(name); CCacheOutputStream cos = new CCacheOutputStream(fos)) { version = KRB5_FCC_FVNO_3; @@ -188,7 +185,6 @@ } } else primaryPrincipal = p; - primaryRealm = primaryPrincipal.getRealm(); credentialsList = new Vector<Credentials>(); while (cis.available() > 0) { Credentials cred = cis.readCred(version); @@ -296,18 +292,16 @@ } - public Credentials getCreds(LoginOptions options, - PrincipalName sname, Realm srealm) { + public Credentials getCreds(LoginOptions options, PrincipalName sname) { if (options == null) { - return getCreds(sname, srealm); + return getCreds(sname); } else { Credentials[] list = getCredsList(); if (list == null) { return null; } else { for (int i = 0; i < list.length; i++) { - if (sname.match(list[i].sname) && - (srealm.toString().equals(list[i].srealm.toString()))) { + if (sname.match(list[i].sname)) { if (list[i].flags.match(options)) { return list[i]; } @@ -322,16 +316,14 @@ /** * Gets a credentials for a specified service. * @param sname service principal name. - * @param srealm the realm that the service belongs to. */ - public Credentials getCreds(PrincipalName sname, Realm srealm) { + public Credentials getCreds(PrincipalName sname) { Credentials[] list = getCredsList(); if (list == null) { return null; } else { for (int i = 0; i < list.length; i++) { - if (sname.match(list[i].sname) && - (srealm.toString().equals(list[i].srealm.toString()))) { + if (sname.match(list[i].sname)) { return list[i]; } } @@ -348,7 +340,7 @@ if (list[i].sname.toString().startsWith("krbtgt")) { String[] nameStrings = list[i].sname.getNameStrings(); // find the TGT for the current realm krbtgt/realm@realm - if (nameStrings[1].equals(list[i].srealm.toString())) { + if (nameStrings[1].equals(list[i].sname.getRealm().toString())) { return list[i]; } }
--- a/src/share/classes/sun/security/krb5/internal/ccache/MemoryCredentialsCache.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/ccache/MemoryCredentialsCache.java Sat Sep 10 22:36:17 2016 +0100 @@ -64,7 +64,7 @@ public abstract Credentials[] getCredsList(); - public abstract Credentials getCreds(PrincipalName sname, Realm srealm) ; + public abstract Credentials getCreds(PrincipalName sname) ; public abstract PrincipalName getPrimaryPrincipal();
--- a/src/share/classes/sun/security/krb5/internal/ktab/KeyTabInputStream.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/krb5/internal/ktab/KeyTabInputStream.java Sat Sep 10 22:36:17 2016 +0100 @@ -83,8 +83,7 @@ } int nameType = read(4); index -= 4; - PrincipalName service = new PrincipalName(nameParts, nameType); - service.setRealm(realm); + PrincipalName service = new PrincipalName(nameType, nameParts, realm); KerberosTime timeStamp = readTimeStamp(); int keyVersion = read() & 0xff;
--- a/src/share/classes/sun/security/pkcs/ContentInfo.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs/ContentInfo.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -163,9 +163,9 @@ } public byte[] getData() throws IOException { - if (contentType.equals(DATA_OID) || - contentType.equals(OLD_DATA_OID) || - contentType.equals(TIMESTAMP_TOKEN_INFO_OID)) { + if (contentType.equals((Object)DATA_OID) || + contentType.equals((Object)OLD_DATA_OID) || + contentType.equals((Object)TIMESTAMP_TOKEN_INFO_OID)) { if (content == null) return null; else
--- a/src/share/classes/sun/security/pkcs/EncodingException.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,45 +0,0 @@ -/* - * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/** - * Generic PKCS Encoding exception. - * - * @author Benjamin Renaud - */ - -package sun.security.pkcs; - -public class EncodingException extends Exception { - - private static final long serialVersionUID = 4060198374240668325L; - - public EncodingException() { - super(); - } - - public EncodingException(String s) { - super(s); - } -}
--- a/src/share/classes/sun/security/pkcs/PKCS10.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,354 +0,0 @@ -/* - * Copyright (c) 1996, 2002, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - - -package sun.security.pkcs; - -import java.io.ByteArrayOutputStream; -import java.io.PrintStream; -import java.io.IOException; -import java.math.BigInteger; - -import java.security.cert.CertificateException; -import java.security.NoSuchAlgorithmException; -import java.security.InvalidKeyException; -import java.security.Signature; -import java.security.SignatureException; -import java.security.PublicKey; - -import sun.misc.BASE64Encoder; - -import sun.security.util.*; -import sun.security.x509.AlgorithmId; -import sun.security.x509.X509Key; -import sun.security.x509.X500Name; - -/** - * A PKCS #10 certificate request is created and sent to a Certificate - * Authority, which then creates an X.509 certificate and returns it to - * the entity that requested it. A certificate request basically consists - * of the subject's X.500 name, public key, and optionally some attributes, - * signed using the corresponding private key. - * - * The ASN.1 syntax for a Certification Request is: - * <pre> - * CertificationRequest ::= SEQUENCE { - * certificationRequestInfo CertificationRequestInfo, - * signatureAlgorithm SignatureAlgorithmIdentifier, - * signature Signature - * } - * - * SignatureAlgorithmIdentifier ::= AlgorithmIdentifier - * Signature ::= BIT STRING - * - * CertificationRequestInfo ::= SEQUENCE { - * version Version, - * subject Name, - * subjectPublicKeyInfo SubjectPublicKeyInfo, - * attributes [0] IMPLICIT Attributes - * } - * Attributes ::= SET OF Attribute - * </pre> - * - * @author David Brownell - * @author Amit Kapoor - * @author Hemma Prafullchandra - */ -public class PKCS10 { - /** - * Constructs an unsigned PKCS #10 certificate request. Before this - * request may be used, it must be encoded and signed. Then it - * must be retrieved in some conventional format (e.g. string). - * - * @param publicKey the public key that should be placed - * into the certificate generated by the CA. - */ - public PKCS10(PublicKey publicKey) { - subjectPublicKeyInfo = publicKey; - attributeSet = new PKCS10Attributes(); - } - - /** - * Constructs an unsigned PKCS #10 certificate request. Before this - * request may be used, it must be encoded and signed. Then it - * must be retrieved in some conventional format (e.g. string). - * - * @param publicKey the public key that should be placed - * into the certificate generated by the CA. - * @param attributes additonal set of PKCS10 attributes requested - * for in the certificate. - */ - public PKCS10(PublicKey publicKey, PKCS10Attributes attributes) { - subjectPublicKeyInfo = publicKey; - attributeSet = attributes; - } - - /** - * Parses an encoded, signed PKCS #10 certificate request, verifying - * the request's signature as it does so. This constructor would - * typically be used by a Certificate Authority, from which a new - * certificate would then be constructed. - * - * @param data the DER-encoded PKCS #10 request. - * @exception IOException for low level errors reading the data - * @exception SignatureException when the signature is invalid - * @exception NoSuchAlgorithmException when the signature - * algorithm is not supported in this environment - */ - public PKCS10(byte[] data) - throws IOException, SignatureException, NoSuchAlgorithmException { - DerInputStream in; - DerValue[] seq; - AlgorithmId id; - byte[] sigData; - Signature sig; - - encoded = data; - - // - // Outer sequence: request, signature algorithm, signature. - // Parse, and prepare to verify later. - // - in = new DerInputStream(data); - seq = in.getSequence(3); - - if (seq.length != 3) - throw new IllegalArgumentException("not a PKCS #10 request"); - - data = seq[0].toByteArray(); // reusing this variable - id = AlgorithmId.parse(seq[1]); - sigData = seq[2].getBitString(); - - // - // Inner sequence: version, name, key, attributes - // - BigInteger serial; - DerValue val; - - serial = seq[0].data.getBigInteger(); - if (!serial.equals(BigInteger.ZERO)) - throw new IllegalArgumentException("not PKCS #10 v1"); - - subject = new X500Name(seq[0].data); - subjectPublicKeyInfo = X509Key.parse(seq[0].data.getDerValue()); - - // Cope with a somewhat common illegal PKCS #10 format - if (seq[0].data.available() != 0) - attributeSet = new PKCS10Attributes(seq[0].data); - else - attributeSet = new PKCS10Attributes(); - - if (seq[0].data.available() != 0) - throw new IllegalArgumentException("illegal PKCS #10 data"); - - // - // OK, we parsed it all ... validate the signature using the - // key and signature algorithm we found. - // - try { - sig = Signature.getInstance(id.getName()); - sig.initVerify(subjectPublicKeyInfo); - sig.update(data); - if (!sig.verify(sigData)) - throw new SignatureException("Invalid PKCS #10 signature"); - } catch (InvalidKeyException e) { - throw new SignatureException("invalid key"); - } - } - - /** - * Create the signed certificate request. This will later be - * retrieved in either string or binary format. - * - * @param subject identifies the signer (by X.500 name). - * @param signature private key and signing algorithm to use. - * @exception IOException on errors. - * @exception CertificateException on certificate handling errors. - * @exception SignatureException on signature handling errors. - */ - public void encodeAndSign(X500Name subject, Signature signature) - throws CertificateException, IOException, SignatureException { - DerOutputStream out, scratch; - byte[] certificateRequestInfo; - byte[] sig; - - if (encoded != null) - throw new SignatureException("request is already signed"); - - this.subject = subject; - - /* - * Encode cert request info, wrap in a sequence for signing - */ - scratch = new DerOutputStream(); - scratch.putInteger(BigInteger.ZERO); // PKCS #10 v1.0 - subject.encode(scratch); // X.500 name - scratch.write(subjectPublicKeyInfo.getEncoded()); // public key - attributeSet.encode(scratch); - - out = new DerOutputStream(); - out.write(DerValue.tag_Sequence, scratch); // wrap it! - certificateRequestInfo = out.toByteArray(); - scratch = out; - - /* - * Sign it ... - */ - signature.update(certificateRequestInfo, 0, - certificateRequestInfo.length); - sig = signature.sign(); - - /* - * Build guts of SIGNED macro - */ - AlgorithmId algId = null; - try { - algId = AlgorithmId.getAlgorithmId(signature.getAlgorithm()); - } catch (NoSuchAlgorithmException nsae) { - throw new SignatureException(nsae); - } - algId.encode(scratch); // sig algorithm - scratch.putBitString(sig); // sig - - /* - * Wrap those guts in a sequence - */ - out = new DerOutputStream(); - out.write(DerValue.tag_Sequence, scratch); - encoded = out.toByteArray(); - } - - /** - * Returns the subject's name. - */ - public X500Name getSubjectName() { return subject; } - - /** - * Returns the subject's public key. - */ - public PublicKey getSubjectPublicKeyInfo() - { return subjectPublicKeyInfo; } - - /** - * Returns the additional attributes requested. - */ - public PKCS10Attributes getAttributes() - { return attributeSet; } - - /** - * Returns the encoded and signed certificate request as a - * DER-encoded byte array. - * - * @return the certificate request, or null if encodeAndSign() - * has not yet been called. - */ - public byte[] getEncoded() { - if (encoded != null) - return encoded.clone(); - else - return null; - } - - /** - * Prints an E-Mailable version of the certificate request on the print - * stream passed. The format is a common base64 encoded one, supported - * by most Certificate Authorities because Netscape web servers have - * used this for some time. Some certificate authorities expect some - * more information, in particular contact information for the web - * server administrator. - * - * @param out the print stream where the certificate request - * will be printed. - * @exception IOException when an output operation failed - * @exception SignatureException when the certificate request was - * not yet signed. - */ - public void print(PrintStream out) - throws IOException, SignatureException { - if (encoded == null) - throw new SignatureException("Cert request was not signed"); - - BASE64Encoder encoder = new BASE64Encoder(); - - out.println("-----BEGIN NEW CERTIFICATE REQUEST-----"); - encoder.encodeBuffer(encoded, out); - out.println("-----END NEW CERTIFICATE REQUEST-----"); - } - - /** - * Provides a short description of this request. - */ - public String toString() { - return "[PKCS #10 certificate request:\n" - + subjectPublicKeyInfo.toString() - + " subject: <" + subject + ">" + "\n" - + " attributes: " + attributeSet.toString() - + "\n]"; - } - - /** - * Compares this object for equality with the specified - * object. If the <code>other</code> object is an - * <code>instanceof</code> <code>PKCS10</code>, then - * its encoded form is retrieved and compared with the - * encoded form of this certificate request. - * - * @param other the object to test for equality with this object. - * @return true iff the encoded forms of the two certificate - * requests match, false otherwise. - */ - public boolean equals(Object other) { - if (this == other) - return true; - if (!(other instanceof PKCS10)) - return false; - if (encoded == null) // not signed yet - return false; - byte[] otherEncoded = ((PKCS10)other).getEncoded(); - if (otherEncoded == null) - return false; - - return java.util.Arrays.equals(encoded, otherEncoded); - } - - /** - * Returns a hashcode value for this certificate request from its - * encoded form. - * - * @return the hashcode value. - */ - public int hashCode() { - int retval = 0; - if (encoded != null) - for (int i = 1; i < encoded.length; i++) - retval += encoded[i] * i; - return(retval); - } - - private X500Name subject; - private PublicKey subjectPublicKeyInfo; - private PKCS10Attributes attributeSet; - private byte[] encoded; // signed -}
--- a/src/share/classes/sun/security/pkcs/PKCS10Attribute.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,135 +0,0 @@ -/* - * Copyright (c) 1997, 1998, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.pkcs; - -import java.io.OutputStream; -import java.io.IOException; - -import sun.security.util.*; - -/** - * Represent a PKCS#10 Attribute. - * - * <p>Attributes are additonal information which can be inserted in a PKCS#10 - * certificate request. For example a "Driving License Certificate" could have - * the driving license number as an attribute. - * - * <p>Attributes are represented as a sequence of the attribute identifier - * (Object Identifier) and a set of DER encoded attribute values. - * - * ASN.1 definition of Attribute: - * <pre> - * Attribute :: SEQUENCE { - * type AttributeType, - * values SET OF AttributeValue - * } - * AttributeType ::= OBJECT IDENTIFIER - * AttributeValue ::= ANY defined by type - * </pre> - * - * @author Amit Kapoor - * @author Hemma Prafullchandra - */ -public class PKCS10Attribute implements DerEncoder { - - protected ObjectIdentifier attributeId = null; - protected Object attributeValue = null; - - /** - * Constructs an attribute from a DER encoding. - * This constructor expects the value to be encoded as defined above, - * i.e. a SEQUENCE of OID and SET OF value(s), not a literal - * X.509 v3 extension. Only PKCS9 defined attributes are supported - * currently. - * - * @param derVal the der encoded attribute. - * @exception IOException on parsing errors. - */ - public PKCS10Attribute(DerValue derVal) throws IOException { - PKCS9Attribute attr = new PKCS9Attribute(derVal); - this.attributeId = attr.getOID(); - this.attributeValue = attr.getValue(); - } - - /** - * Constructs an attribute from individual components of - * ObjectIdentifier and the value (any java object). - * - * @param attributeId the ObjectIdentifier of the attribute. - * @param attributeValue an instance of a class that implements - * the attribute identified by the ObjectIdentifier. - */ - public PKCS10Attribute(ObjectIdentifier attributeId, - Object attributeValue) { - this.attributeId = attributeId; - this.attributeValue = attributeValue; - } - - /** - * Constructs an attribute from PKCS9 attribute. - * - * @param attr the PKCS9Attribute to create from. - */ - public PKCS10Attribute(PKCS9Attribute attr) { - this.attributeId = attr.getOID(); - this.attributeValue = attr.getValue(); - } - - /** - * DER encode this object onto an output stream. - * Implements the <code>DerEncoder</code> interface. - * - * @param out - * the OutputStream on which to write the DER encoding. - * - * @exception IOException on encoding errors. - */ - public void derEncode(OutputStream out) throws IOException { - PKCS9Attribute attr = new PKCS9Attribute(attributeId, attributeValue); - attr.derEncode(out); - } - - /** - * Returns the ObjectIdentifier of the attribute. - */ - public ObjectIdentifier getAttributeId() { - return (attributeId); - } - - /** - * Returns the attribute value. - */ - public Object getAttributeValue() { - return (attributeValue); - } - - /** - * Returns the attribute in user readable form. - */ - public String toString() { - return (attributeValue.toString()); - } -}
--- a/src/share/classes/sun/security/pkcs/PKCS10Attributes.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,219 +0,0 @@ -/* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.pkcs; - -import java.io.IOException; -import java.io.OutputStream; -import java.security.cert.CertificateException; -import java.util.Collection; -import java.util.Collections; -import java.util.Enumeration; -import java.util.Hashtable; - -import sun.security.util.*; - -/** - * This class defines the PKCS10 attributes for the request. - * The ASN.1 syntax for this is: - * <pre> - * Attributes ::= SET OF Attribute - * </pre> - * - * @author Amit Kapoor - * @author Hemma Prafullchandra - * @see PKCS10 - * @see PKCS10Attribute - */ -public class PKCS10Attributes implements DerEncoder { - - private Hashtable<String, PKCS10Attribute> map = - new Hashtable<String, PKCS10Attribute>(3); - - /** - * Default constructor for the PKCS10 attribute. - */ - public PKCS10Attributes() { } - - /** - * Create the object from the array of PKCS10Attribute objects. - * - * @param attrs the array of PKCS10Attribute objects. - */ - public PKCS10Attributes(PKCS10Attribute[] attrs) { - for (int i = 0; i < attrs.length; i++) { - map.put(attrs[i].getAttributeId().toString(), attrs[i]); - } - } - - /** - * Create the object, decoding the values from the passed DER stream. - * The DER stream contains the SET OF Attribute. - * - * @param in the DerInputStream to read the attributes from. - * @exception IOException on decoding errors. - */ - public PKCS10Attributes(DerInputStream in) throws IOException { - DerValue[] attrs = in.getSet(3, true); - - if (attrs == null) - throw new IOException("Illegal encoding of attributes"); - for (int i = 0; i < attrs.length; i++) { - PKCS10Attribute attr = new PKCS10Attribute(attrs[i]); - map.put(attr.getAttributeId().toString(), attr); - } - } - - /** - * Encode the attributes in DER form to the stream. - * - * @param out the OutputStream to marshal the contents to. - * @exception IOException on encoding errors. - */ - public void encode(OutputStream out) throws IOException { - derEncode(out); - } - - /** - * Encode the attributes in DER form to the stream. - * Implements the <code>DerEncoder</code> interface. - * - * @param out the OutputStream to marshal the contents to. - * @exception IOException on encoding errors. - */ - public void derEncode(OutputStream out) throws IOException { - // first copy the elements into an array - Collection<PKCS10Attribute> allAttrs = map.values(); - PKCS10Attribute[] attribs = - allAttrs.toArray(new PKCS10Attribute[map.size()]); - - DerOutputStream attrOut = new DerOutputStream(); - attrOut.putOrderedSetOf(DerValue.createTag(DerValue.TAG_CONTEXT, - true, (byte)0), - attribs); - out.write(attrOut.toByteArray()); - } - - /** - * Set the attribute value. - */ - public void setAttribute(String name, Object obj) { - if (obj instanceof PKCS10Attribute) { - map.put(name, (PKCS10Attribute)obj); - } - } - - /** - * Get the attribute value. - */ - public Object getAttribute(String name) { - return map.get(name); - } - - /** - * Delete the attribute value. - */ - public void deleteAttribute(String name) { - map.remove(name); - } - - /** - * Return an enumeration of names of attributes existing within this - * attribute. - */ - public Enumeration<PKCS10Attribute> getElements() { - return (map.elements()); - } - - /** - * Return a Collection of attributes existing within this - * PKCS10Attributes object. - */ - public Collection<PKCS10Attribute> getAttributes() { - return (Collections.unmodifiableCollection(map.values())); - } - - /** - * Compares this PKCS10Attributes for equality with the specified - * object. If the <code>other</code> object is an - * <code>instanceof</code> <code>PKCS10Attributes</code>, then - * all the entries are compared with the entries from this. - * - * @param other the object to test for equality with this PKCS10Attributes. - * @return true if all the entries match that of the Other, - * false otherwise. - */ - public boolean equals(Object other) { - if (this == other) - return true; - if (!(other instanceof PKCS10Attributes)) - return false; - - Collection<PKCS10Attribute> othersAttribs = - ((PKCS10Attributes)other).getAttributes(); - PKCS10Attribute[] attrs = - othersAttribs.toArray(new PKCS10Attribute[othersAttribs.size()]); - int len = attrs.length; - if (len != map.size()) - return false; - PKCS10Attribute thisAttr, otherAttr; - String key = null; - for (int i=0; i < len; i++) { - otherAttr = attrs[i]; - key = otherAttr.getAttributeId().toString(); - - if (key == null) - return false; - thisAttr = map.get(key); - if (thisAttr == null) - return false; - if (! thisAttr.equals(otherAttr)) - return false; - } - return true; - } - - /** - * Returns a hashcode value for this PKCS10Attributes. - * - * @return the hashcode value. - */ - public int hashCode() { - return map.hashCode(); - } - - /** - * Returns a string representation of this <tt>PKCS10Attributes</tt> object - * in the form of a set of entries, enclosed in braces and separated - * by the ASCII characters "<tt>, </tt>" (comma and space). - * <p>Overrides the <tt>toString</tt> method of <tt>Object</tt>. - * - * @return a string representation of this PKCS10Attributes. - */ - public String toString() { - String s = map.size() + "\n" + map.toString(); - return s; - } -}
--- a/src/share/classes/sun/security/pkcs/PKCS7.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs/PKCS7.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,6 +27,7 @@ import java.io.*; import java.math.BigInteger; +import java.net.URI; import java.util.*; import java.security.cert.X509Certificate; import java.security.cert.CertificateException; @@ -35,6 +36,7 @@ import java.security.cert.CertificateFactory; import java.security.*; +import sun.security.timestamp.*; import sun.security.util.*; import sun.security.x509.AlgorithmId; import sun.security.x509.CertificateIssuerName; @@ -68,6 +70,33 @@ private Principal[] certIssuerNames; + /* + * Random number generator for creating nonce values + * (Lazy initialization) + */ + private static class SecureRandomHolder { + static final SecureRandom RANDOM; + static { + SecureRandom tmp = null; + try { + tmp = SecureRandom.getInstance("SHA1PRNG"); + } catch (NoSuchAlgorithmException e) { + // should not happen + } + RANDOM = tmp; + } + } + + /* + * Object identifier for the timestamping key purpose. + */ + private static final String KP_TIMESTAMPING_OID = "1.3.6.1.5.5.7.3.8"; + + /* + * Object identifier for extendedKeyUsage extension + */ + private static final String EXTENDED_KEY_USAGE_OID = "2.5.29.37"; + /** * Unmarshals a PKCS7 block from its encoded form, parsing the * encoded bytes from the InputStream. @@ -154,12 +183,13 @@ contentType = contentInfo.contentType; DerValue content = contentInfo.getContent(); - if (contentType.equals(ContentInfo.SIGNED_DATA_OID)) { + if (contentType.equals((Object)ContentInfo.SIGNED_DATA_OID)) { parseSignedData(content); - } else if (contentType.equals(ContentInfo.OLD_SIGNED_DATA_OID)) { + } else if (contentType.equals((Object)ContentInfo.OLD_SIGNED_DATA_OID)) { // This is for backwards compatibility with JDK 1.1.x parseOldSignedData(content); - } else if (contentType.equals(ContentInfo.NETSCAPE_CERT_SEQUENCE_OID)){ + } else if (contentType.equals((Object) + ContentInfo.NETSCAPE_CERT_SEQUENCE_OID)){ parseNetscapeCertChain(content); } else { throw new ParsingException("content type " + contentType + @@ -488,9 +518,7 @@ byte[] encoded = certificates[i].getEncoded(); implCerts[i] = new X509CertImpl(encoded); } catch (CertificateException ce) { - IOException ie = new IOException(ce.getMessage()); - ie.initCause(ce); - throw ie; + throw new IOException(ce); } } } @@ -512,9 +540,7 @@ byte[] encoded = crl.getEncoded(); implCRLs.add(new X509CRLImpl(encoded)); } catch (CRLException ce) { - IOException ie = new IOException(ce.getMessage()); - ie.initCause(ce); - throw ie; + throw new IOException(ce); } } } @@ -573,7 +599,7 @@ intResult.addElement(signerInfo); } } - if (intResult.size() != 0) { + if (!intResult.isEmpty()) { SignerInfo[] result = new SignerInfo[intResult.size()]; intResult.copyInto(result); @@ -747,4 +773,186 @@ public boolean isOldStyle() { return this.oldStyle; } + + /** + * Assembles a PKCS #7 signed data message that optionally includes a + * signature timestamp. + * + * @param signature the signature bytes + * @param signerChain the signer's X.509 certificate chain + * @param content the content that is signed; specify null to not include + * it in the PKCS7 data + * @param signatureAlgorithm the name of the signature algorithm + * @param tsaURI the URI of the Timestamping Authority; or null if no + * timestamp is requested + * @param tSAPolicyID the TSAPolicyID of the Timestamping Authority as a + * numerical object identifier; or null if we leave the TSA server + * to choose one. This argument is only used when tsaURI is provided + * @return the bytes of the encoded PKCS #7 signed data message + * @throws NoSuchAlgorithmException The exception is thrown if the signature + * algorithm is unrecognised. + * @throws CertificateException The exception is thrown if an error occurs + * while processing the signer's certificate or the TSA's + * certificate. + * @throws IOException The exception is thrown if an error occurs while + * generating the signature timestamp or while generating the signed + * data message. + */ + public static byte[] generateSignedData(byte[] signature, + X509Certificate[] signerChain, + byte[] content, + String signatureAlgorithm, + URI tsaURI, + String tSAPolicyID, + String tSADigestAlg) + throws CertificateException, IOException, NoSuchAlgorithmException + { + + // Generate the timestamp token + PKCS9Attributes unauthAttrs = null; + if (tsaURI != null) { + // Timestamp the signature + HttpTimestamper tsa = new HttpTimestamper(tsaURI); + byte[] tsToken = generateTimestampToken( + tsa, tSAPolicyID, tSADigestAlg, signature); + + // Insert the timestamp token into the PKCS #7 signer info element + // (as an unsigned attribute) + unauthAttrs = + new PKCS9Attributes(new PKCS9Attribute[]{ + new PKCS9Attribute( + PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_STR, + tsToken)}); + } + + // Create the SignerInfo + X500Name issuerName = + X500Name.asX500Name(signerChain[0].getIssuerX500Principal()); + BigInteger serialNumber = signerChain[0].getSerialNumber(); + String encAlg = AlgorithmId.getEncAlgFromSigAlg(signatureAlgorithm); + String digAlg = AlgorithmId.getDigAlgFromSigAlg(signatureAlgorithm); + SignerInfo signerInfo = new SignerInfo(issuerName, serialNumber, + AlgorithmId.get(digAlg), null, + AlgorithmId.get(encAlg), + signature, unauthAttrs); + + // Create the PKCS #7 signed data message + SignerInfo[] signerInfos = {signerInfo}; + AlgorithmId[] algorithms = {signerInfo.getDigestAlgorithmId()}; + // Include or exclude content + ContentInfo contentInfo = (content == null) + ? new ContentInfo(ContentInfo.DATA_OID, null) + : new ContentInfo(content); + PKCS7 pkcs7 = new PKCS7(algorithms, contentInfo, + signerChain, signerInfos); + ByteArrayOutputStream p7out = new ByteArrayOutputStream(); + pkcs7.encodeSignedData(p7out); + + return p7out.toByteArray(); + } + + /** + * Requests, processes and validates a timestamp token from a TSA using + * common defaults. Uses the following defaults in the timestamp request: + * SHA-1 for the hash algorithm, a 64-bit nonce, and request certificate + * set to true. + * + * @param tsa the timestamping authority to use + * @param tSAPolicyID the TSAPolicyID of the Timestamping Authority as a + * numerical object identifier; or null if we leave the TSA server + * to choose one + * @param toBeTimestamped the token that is to be timestamped + * @return the encoded timestamp token + * @throws IOException The exception is thrown if an error occurs while + * communicating with the TSA, or a non-null + * TSAPolicyID is specified in the request but it + * does not match the one in the reply + * @throws CertificateException The exception is thrown if the TSA's + * certificate is not permitted for timestamping. + */ + private static byte[] generateTimestampToken(Timestamper tsa, + String tSAPolicyID, + String tSADigestAlg, + byte[] toBeTimestamped) + throws IOException, CertificateException + { + // Generate a timestamp + MessageDigest messageDigest = null; + TSRequest tsQuery = null; + try { + messageDigest = MessageDigest.getInstance(tSADigestAlg); + tsQuery = new TSRequest(tSAPolicyID, toBeTimestamped, messageDigest); + } catch (NoSuchAlgorithmException e) { + throw new IllegalArgumentException(e); + } + + // Generate a nonce + BigInteger nonce = null; + if (SecureRandomHolder.RANDOM != null) { + nonce = new BigInteger(64, SecureRandomHolder.RANDOM); + tsQuery.setNonce(nonce); + } + tsQuery.requestCertificate(true); + + TSResponse tsReply = tsa.generateTimestamp(tsQuery); + int status = tsReply.getStatusCode(); + // Handle TSP error + if (status != 0 && status != 1) { + throw new IOException("Error generating timestamp: " + + tsReply.getStatusCodeAsText() + " " + + tsReply.getFailureCodeAsText()); + } + + if (tSAPolicyID != null && + !tSAPolicyID.equals(tsReply.getTimestampToken().getPolicyID())) { + throw new IOException("TSAPolicyID changed in " + + "timestamp token"); + } + PKCS7 tsToken = tsReply.getToken(); + + TimestampToken tst = tsReply.getTimestampToken(); + try { + if (!tst.getHashAlgorithm().equals(AlgorithmId.get(tSADigestAlg))) { + throw new IOException("Digest algorithm not " + tSADigestAlg + " in " + + "timestamp token"); + } + } catch (NoSuchAlgorithmException nase) { + throw new IllegalArgumentException(); // should have been caught before + } + if (!MessageDigest.isEqual(tst.getHashedMessage(), + tsQuery.getHashedMessage())) { + throw new IOException("Digest octets changed in timestamp token"); + } + + BigInteger replyNonce = tst.getNonce(); + if (replyNonce == null && nonce != null) { + throw new IOException("Nonce missing in timestamp token"); + } + if (replyNonce != null && !replyNonce.equals(nonce)) { + throw new IOException("Nonce changed in timestamp token"); + } + + // Examine the TSA's certificate (if present) + for (SignerInfo si: tsToken.getSignerInfos()) { + X509Certificate cert = si.getCertificate(tsToken); + if (cert == null) { + // Error, we've already set tsRequestCertificate = true + throw new CertificateException( + "Certificate not included in timestamp token"); + } else { + if (!cert.getCriticalExtensionOIDs().contains( + EXTENDED_KEY_USAGE_OID)) { + throw new CertificateException( + "Certificate is not valid for timestamping"); + } + List<String> keyPurposes = cert.getExtendedKeyUsage(); + if (keyPurposes == null || + !keyPurposes.contains(KP_TIMESTAMPING_OID)) { + throw new CertificateException( + "Certificate is not valid for timestamping"); + } + } + } + return tsReply.getEncodedToken(); + } }
--- a/src/share/classes/sun/security/pkcs/PKCS8Key.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs/PKCS8Key.java Sat Sep 10 22:36:17 2016 +0100 @@ -208,7 +208,7 @@ throw new InstantiationException(); } - Class keyClass = null; + Class<?> keyClass = null; try { keyClass = Class.forName(classname); } catch (ClassNotFoundException e) { @@ -331,9 +331,9 @@ BigInteger version = val.data.getBigInteger(); - if (!version.equals(this.version)) { + if (!version.equals(PKCS8Key.version)) { throw new IOException("version mismatch: (supported: " + - Debug.toHexString(this.version) + + Debug.toHexString(PKCS8Key.version) + ", parsed: " + Debug.toHexString(version)); }
--- a/src/share/classes/sun/security/pkcs/PKCS9Attribute.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs/PKCS9Attribute.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -330,11 +330,11 @@ {new Byte(DerValue.tag_Sequence)} // SignatureTimestampToken }; - private static final Class[] VALUE_CLASSES = new Class[18]; + private static final Class<?>[] VALUE_CLASSES = new Class<?>[18]; static { try { - Class str = Class.forName("[Ljava.lang.String;"); + Class<?> str = Class.forName("[Ljava.lang.String;"); VALUE_CLASSES[0] = null; // not used VALUE_CLASSES[1] = str; // EMailAddress
--- a/src/share/classes/sun/security/pkcs/SignerInfo.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs/SignerInfo.java Sat Sep 10 22:36:17 2016 +0100 @@ -28,15 +28,19 @@ import java.io.OutputStream; import java.io.IOException; import java.math.BigInteger; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.CertPath; import java.security.cert.X509Certificate; import java.security.*; import java.util.ArrayList; +import java.util.Arrays; +import sun.security.timestamp.TimestampToken; import sun.security.util.*; import sun.security.x509.AlgorithmId; import sun.security.x509.X500Name; import sun.security.x509.KeyUsageExtension; -import sun.security.x509.PKIXExtensions; import sun.misc.HexDumpEncoder; /** @@ -52,6 +56,9 @@ AlgorithmId digestAlgorithmId; AlgorithmId digestEncryptionAlgorithmId; byte[] encryptedDigest; + Timestamp timestamp; + private boolean hasTimestamp = true; + private static final Debug debug = Debug.getInstance("jar"); PKCS9Attributes authenticatedAttributes; PKCS9Attributes unauthenticatedAttributes; @@ -300,7 +307,7 @@ authenticatedAttributes.getAttributeValue( PKCS9Attribute.CONTENT_TYPE_OID); if (contentType == null || - !contentType.equals(content.contentType)) + !contentType.equals((Object)content.contentType)) return null; // contentType does not match, bad SignerInfo // now, check message digest @@ -372,11 +379,11 @@ + "extension"); } - boolean digSigAllowed = ((Boolean)keyUsage.get( - KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue(); + boolean digSigAllowed = keyUsage.get( + KeyUsageExtension.DIGITAL_SIGNATURE).booleanValue(); - boolean nonRepuAllowed = ((Boolean)keyUsage.get( - KeyUsageExtension.NON_REPUDIATION)).booleanValue(); + boolean nonRepuAllowed = keyUsage.get( + KeyUsageExtension.NON_REPUDIATION).booleanValue(); if (!digSigAllowed && !nonRepuAllowed) { throw new SignatureException("Key usage restricted: " @@ -444,6 +451,92 @@ return unauthenticatedAttributes; } + /* + * Extracts a timestamp from a PKCS7 SignerInfo. + * + * Examines the signer's unsigned attributes for a + * <tt>signatureTimestampToken</tt> attribute. If present, + * then it is parsed to extract the date and time at which the + * timestamp was generated. + * + * @param info A signer information element of a PKCS 7 block. + * + * @return A timestamp token or null if none is present. + * @throws IOException if an error is encountered while parsing the + * PKCS7 data. + * @throws NoSuchAlgorithmException if an error is encountered while + * verifying the PKCS7 object. + * @throws SignatureException if an error is encountered while + * verifying the PKCS7 object. + * @throws CertificateException if an error is encountered while generating + * the TSA's certpath. + */ + public Timestamp getTimestamp() + throws IOException, NoSuchAlgorithmException, SignatureException, + CertificateException + { + if (timestamp != null || !hasTimestamp) + return timestamp; + + if (unauthenticatedAttributes == null) { + hasTimestamp = false; + return null; + } + PKCS9Attribute tsTokenAttr = + unauthenticatedAttributes.getAttribute( + PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID); + if (tsTokenAttr == null) { + hasTimestamp = false; + return null; + } + + PKCS7 tsToken = new PKCS7((byte[])tsTokenAttr.getValue()); + // Extract the content (an encoded timestamp token info) + byte[] encTsTokenInfo = tsToken.getContentInfo().getData(); + // Extract the signer (the Timestamping Authority) + // while verifying the content + SignerInfo[] tsa = tsToken.verify(encTsTokenInfo); + // Expect only one signer + ArrayList<X509Certificate> chain = tsa[0].getCertificateChain(tsToken); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + CertPath tsaChain = cf.generateCertPath(chain); + // Create a timestamp token info object + TimestampToken tsTokenInfo = new TimestampToken(encTsTokenInfo); + // Check that the signature timestamp applies to this signature + verifyTimestamp(tsTokenInfo); + // Create a timestamp object + timestamp = new Timestamp(tsTokenInfo.getDate(), tsaChain); + return timestamp; + } + + /* + * Check that the signature timestamp applies to this signature. + * Match the hash present in the signature timestamp token against the hash + * of this signature. + */ + private void verifyTimestamp(TimestampToken token) + throws NoSuchAlgorithmException, SignatureException { + + MessageDigest md = + MessageDigest.getInstance(AlgorithmId.getStandardDigestName( + token.getHashAlgorithm().getName())); + + if (!Arrays.equals(token.getHashedMessage(), + md.digest(encryptedDigest))) { + + throw new SignatureException("Signature timestamp (#" + + token.getSerialNumber() + ") generated on " + token.getDate() + + " is inapplicable"); + } + + if (debug != null) { + debug.println(); + debug.println("Detected signature timestamp (#" + + token.getSerialNumber() + ") generated on " + token.getDate()); + debug.println(); + } + } + public String toString() { HexDumpEncoder hexDump = new HexDumpEncoder(); @@ -469,5 +562,4 @@ } return out; } - }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/pkcs10/PKCS10.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,353 @@ +/* + * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + + +package sun.security.pkcs10; + +import java.io.PrintStream; +import java.io.IOException; +import java.math.BigInteger; + +import java.security.cert.CertificateException; +import java.security.NoSuchAlgorithmException; +import java.security.InvalidKeyException; +import java.security.Signature; +import java.security.SignatureException; +import java.security.PublicKey; + +import sun.misc.BASE64Encoder; + +import sun.security.util.*; +import sun.security.x509.AlgorithmId; +import sun.security.x509.X509Key; +import sun.security.x509.X500Name; + +/** + * A PKCS #10 certificate request is created and sent to a Certificate + * Authority, which then creates an X.509 certificate and returns it to + * the entity that requested it. A certificate request basically consists + * of the subject's X.500 name, public key, and optionally some attributes, + * signed using the corresponding private key. + * + * The ASN.1 syntax for a Certification Request is: + * <pre> + * CertificationRequest ::= SEQUENCE { + * certificationRequestInfo CertificationRequestInfo, + * signatureAlgorithm SignatureAlgorithmIdentifier, + * signature Signature + * } + * + * SignatureAlgorithmIdentifier ::= AlgorithmIdentifier + * Signature ::= BIT STRING + * + * CertificationRequestInfo ::= SEQUENCE { + * version Version, + * subject Name, + * subjectPublicKeyInfo SubjectPublicKeyInfo, + * attributes [0] IMPLICIT Attributes + * } + * Attributes ::= SET OF Attribute + * </pre> + * + * @author David Brownell + * @author Amit Kapoor + * @author Hemma Prafullchandra + */ +public class PKCS10 { + /** + * Constructs an unsigned PKCS #10 certificate request. Before this + * request may be used, it must be encoded and signed. Then it + * must be retrieved in some conventional format (e.g. string). + * + * @param publicKey the public key that should be placed + * into the certificate generated by the CA. + */ + public PKCS10(PublicKey publicKey) { + subjectPublicKeyInfo = publicKey; + attributeSet = new PKCS10Attributes(); + } + + /** + * Constructs an unsigned PKCS #10 certificate request. Before this + * request may be used, it must be encoded and signed. Then it + * must be retrieved in some conventional format (e.g. string). + * + * @param publicKey the public key that should be placed + * into the certificate generated by the CA. + * @param attributes additonal set of PKCS10 attributes requested + * for in the certificate. + */ + public PKCS10(PublicKey publicKey, PKCS10Attributes attributes) { + subjectPublicKeyInfo = publicKey; + attributeSet = attributes; + } + + /** + * Parses an encoded, signed PKCS #10 certificate request, verifying + * the request's signature as it does so. This constructor would + * typically be used by a Certificate Authority, from which a new + * certificate would then be constructed. + * + * @param data the DER-encoded PKCS #10 request. + * @exception IOException for low level errors reading the data + * @exception SignatureException when the signature is invalid + * @exception NoSuchAlgorithmException when the signature + * algorithm is not supported in this environment + */ + public PKCS10(byte[] data) + throws IOException, SignatureException, NoSuchAlgorithmException { + DerInputStream in; + DerValue[] seq; + AlgorithmId id; + byte[] sigData; + Signature sig; + + encoded = data; + + // + // Outer sequence: request, signature algorithm, signature. + // Parse, and prepare to verify later. + // + in = new DerInputStream(data); + seq = in.getSequence(3); + + if (seq.length != 3) + throw new IllegalArgumentException("not a PKCS #10 request"); + + data = seq[0].toByteArray(); // reusing this variable + id = AlgorithmId.parse(seq[1]); + sigData = seq[2].getBitString(); + + // + // Inner sequence: version, name, key, attributes + // + BigInteger serial; + DerValue val; + + serial = seq[0].data.getBigInteger(); + if (!serial.equals(BigInteger.ZERO)) + throw new IllegalArgumentException("not PKCS #10 v1"); + + subject = new X500Name(seq[0].data); + subjectPublicKeyInfo = X509Key.parse(seq[0].data.getDerValue()); + + // Cope with a somewhat common illegal PKCS #10 format + if (seq[0].data.available() != 0) + attributeSet = new PKCS10Attributes(seq[0].data); + else + attributeSet = new PKCS10Attributes(); + + if (seq[0].data.available() != 0) + throw new IllegalArgumentException("illegal PKCS #10 data"); + + // + // OK, we parsed it all ... validate the signature using the + // key and signature algorithm we found. + // + try { + sig = Signature.getInstance(id.getName()); + sig.initVerify(subjectPublicKeyInfo); + sig.update(data); + if (!sig.verify(sigData)) + throw new SignatureException("Invalid PKCS #10 signature"); + } catch (InvalidKeyException e) { + throw new SignatureException("invalid key"); + } + } + + /** + * Create the signed certificate request. This will later be + * retrieved in either string or binary format. + * + * @param subject identifies the signer (by X.500 name). + * @param signature private key and signing algorithm to use. + * @exception IOException on errors. + * @exception CertificateException on certificate handling errors. + * @exception SignatureException on signature handling errors. + */ + public void encodeAndSign(X500Name subject, Signature signature) + throws CertificateException, IOException, SignatureException { + DerOutputStream out, scratch; + byte[] certificateRequestInfo; + byte[] sig; + + if (encoded != null) + throw new SignatureException("request is already signed"); + + this.subject = subject; + + /* + * Encode cert request info, wrap in a sequence for signing + */ + scratch = new DerOutputStream(); + scratch.putInteger(BigInteger.ZERO); // PKCS #10 v1.0 + subject.encode(scratch); // X.500 name + scratch.write(subjectPublicKeyInfo.getEncoded()); // public key + attributeSet.encode(scratch); + + out = new DerOutputStream(); + out.write(DerValue.tag_Sequence, scratch); // wrap it! + certificateRequestInfo = out.toByteArray(); + scratch = out; + + /* + * Sign it ... + */ + signature.update(certificateRequestInfo, 0, + certificateRequestInfo.length); + sig = signature.sign(); + + /* + * Build guts of SIGNED macro + */ + AlgorithmId algId = null; + try { + algId = AlgorithmId.get(signature.getAlgorithm()); + } catch (NoSuchAlgorithmException nsae) { + throw new SignatureException(nsae); + } + algId.encode(scratch); // sig algorithm + scratch.putBitString(sig); // sig + + /* + * Wrap those guts in a sequence + */ + out = new DerOutputStream(); + out.write(DerValue.tag_Sequence, scratch); + encoded = out.toByteArray(); + } + + /** + * Returns the subject's name. + */ + public X500Name getSubjectName() { return subject; } + + /** + * Returns the subject's public key. + */ + public PublicKey getSubjectPublicKeyInfo() + { return subjectPublicKeyInfo; } + + /** + * Returns the additional attributes requested. + */ + public PKCS10Attributes getAttributes() + { return attributeSet; } + + /** + * Returns the encoded and signed certificate request as a + * DER-encoded byte array. + * + * @return the certificate request, or null if encodeAndSign() + * has not yet been called. + */ + public byte[] getEncoded() { + if (encoded != null) + return encoded.clone(); + else + return null; + } + + /** + * Prints an E-Mailable version of the certificate request on the print + * stream passed. The format is a common base64 encoded one, supported + * by most Certificate Authorities because Netscape web servers have + * used this for some time. Some certificate authorities expect some + * more information, in particular contact information for the web + * server administrator. + * + * @param out the print stream where the certificate request + * will be printed. + * @exception IOException when an output operation failed + * @exception SignatureException when the certificate request was + * not yet signed. + */ + public void print(PrintStream out) + throws IOException, SignatureException { + if (encoded == null) + throw new SignatureException("Cert request was not signed"); + + BASE64Encoder encoder = new BASE64Encoder(); + + out.println("-----BEGIN NEW CERTIFICATE REQUEST-----"); + encoder.encodeBuffer(encoded, out); + out.println("-----END NEW CERTIFICATE REQUEST-----"); + } + + /** + * Provides a short description of this request. + */ + public String toString() { + return "[PKCS #10 certificate request:\n" + + subjectPublicKeyInfo.toString() + + " subject: <" + subject + ">" + "\n" + + " attributes: " + attributeSet.toString() + + "\n]"; + } + + /** + * Compares this object for equality with the specified + * object. If the <code>other</code> object is an + * <code>instanceof</code> <code>PKCS10</code>, then + * its encoded form is retrieved and compared with the + * encoded form of this certificate request. + * + * @param other the object to test for equality with this object. + * @return true iff the encoded forms of the two certificate + * requests match, false otherwise. + */ + public boolean equals(Object other) { + if (this == other) + return true; + if (!(other instanceof PKCS10)) + return false; + if (encoded == null) // not signed yet + return false; + byte[] otherEncoded = ((PKCS10)other).getEncoded(); + if (otherEncoded == null) + return false; + + return java.util.Arrays.equals(encoded, otherEncoded); + } + + /** + * Returns a hashcode value for this certificate request from its + * encoded form. + * + * @return the hashcode value. + */ + public int hashCode() { + int retval = 0; + if (encoded != null) + for (int i = 1; i < encoded.length; i++) + retval += encoded[i] * i; + return(retval); + } + + private X500Name subject; + private PublicKey subjectPublicKeyInfo; + private PKCS10Attributes attributeSet; + private byte[] encoded; // signed +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/pkcs10/PKCS10Attribute.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,136 @@ +/* + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.pkcs10; + +import java.io.OutputStream; +import java.io.IOException; + +import sun.security.pkcs.PKCS9Attribute; +import sun.security.util.*; + +/** + * Represent a PKCS#10 Attribute. + * + * <p>Attributes are additonal information which can be inserted in a PKCS#10 + * certificate request. For example a "Driving License Certificate" could have + * the driving license number as an attribute. + * + * <p>Attributes are represented as a sequence of the attribute identifier + * (Object Identifier) and a set of DER encoded attribute values. + * + * ASN.1 definition of Attribute: + * <pre> + * Attribute :: SEQUENCE { + * type AttributeType, + * values SET OF AttributeValue + * } + * AttributeType ::= OBJECT IDENTIFIER + * AttributeValue ::= ANY defined by type + * </pre> + * + * @author Amit Kapoor + * @author Hemma Prafullchandra + */ +public class PKCS10Attribute implements DerEncoder { + + protected ObjectIdentifier attributeId = null; + protected Object attributeValue = null; + + /** + * Constructs an attribute from a DER encoding. + * This constructor expects the value to be encoded as defined above, + * i.e. a SEQUENCE of OID and SET OF value(s), not a literal + * X.509 v3 extension. Only PKCS9 defined attributes are supported + * currently. + * + * @param derVal the der encoded attribute. + * @exception IOException on parsing errors. + */ + public PKCS10Attribute(DerValue derVal) throws IOException { + PKCS9Attribute attr = new PKCS9Attribute(derVal); + this.attributeId = attr.getOID(); + this.attributeValue = attr.getValue(); + } + + /** + * Constructs an attribute from individual components of + * ObjectIdentifier and the value (any java object). + * + * @param attributeId the ObjectIdentifier of the attribute. + * @param attributeValue an instance of a class that implements + * the attribute identified by the ObjectIdentifier. + */ + public PKCS10Attribute(ObjectIdentifier attributeId, + Object attributeValue) { + this.attributeId = attributeId; + this.attributeValue = attributeValue; + } + + /** + * Constructs an attribute from PKCS9 attribute. + * + * @param attr the PKCS9Attribute to create from. + */ + public PKCS10Attribute(PKCS9Attribute attr) { + this.attributeId = attr.getOID(); + this.attributeValue = attr.getValue(); + } + + /** + * DER encode this object onto an output stream. + * Implements the <code>DerEncoder</code> interface. + * + * @param out + * the OutputStream on which to write the DER encoding. + * + * @exception IOException on encoding errors. + */ + public void derEncode(OutputStream out) throws IOException { + PKCS9Attribute attr = new PKCS9Attribute(attributeId, attributeValue); + attr.derEncode(out); + } + + /** + * Returns the ObjectIdentifier of the attribute. + */ + public ObjectIdentifier getAttributeId() { + return (attributeId); + } + + /** + * Returns the attribute value. + */ + public Object getAttributeValue() { + return (attributeValue); + } + + /** + * Returns the attribute in user readable form. + */ + public String toString() { + return (attributeValue.toString()); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/pkcs10/PKCS10Attributes.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,219 @@ +/* + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.pkcs10; + +import java.io.IOException; +import java.io.OutputStream; +import java.security.cert.CertificateException; +import java.util.Collection; +import java.util.Collections; +import java.util.Enumeration; +import java.util.Hashtable; + +import sun.security.util.*; + +/** + * This class defines the PKCS10 attributes for the request. + * The ASN.1 syntax for this is: + * <pre> + * Attributes ::= SET OF Attribute + * </pre> + * + * @author Amit Kapoor + * @author Hemma Prafullchandra + * @see PKCS10 + * @see PKCS10Attribute + */ +public class PKCS10Attributes implements DerEncoder { + + private Hashtable<String, PKCS10Attribute> map = + new Hashtable<String, PKCS10Attribute>(3); + + /** + * Default constructor for the PKCS10 attribute. + */ + public PKCS10Attributes() { } + + /** + * Create the object from the array of PKCS10Attribute objects. + * + * @param attrs the array of PKCS10Attribute objects. + */ + public PKCS10Attributes(PKCS10Attribute[] attrs) { + for (int i = 0; i < attrs.length; i++) { + map.put(attrs[i].getAttributeId().toString(), attrs[i]); + } + } + + /** + * Create the object, decoding the values from the passed DER stream. + * The DER stream contains the SET OF Attribute. + * + * @param in the DerInputStream to read the attributes from. + * @exception IOException on decoding errors. + */ + public PKCS10Attributes(DerInputStream in) throws IOException { + DerValue[] attrs = in.getSet(3, true); + + if (attrs == null) + throw new IOException("Illegal encoding of attributes"); + for (int i = 0; i < attrs.length; i++) { + PKCS10Attribute attr = new PKCS10Attribute(attrs[i]); + map.put(attr.getAttributeId().toString(), attr); + } + } + + /** + * Encode the attributes in DER form to the stream. + * + * @param out the OutputStream to marshal the contents to. + * @exception IOException on encoding errors. + */ + public void encode(OutputStream out) throws IOException { + derEncode(out); + } + + /** + * Encode the attributes in DER form to the stream. + * Implements the <code>DerEncoder</code> interface. + * + * @param out the OutputStream to marshal the contents to. + * @exception IOException on encoding errors. + */ + public void derEncode(OutputStream out) throws IOException { + // first copy the elements into an array + Collection<PKCS10Attribute> allAttrs = map.values(); + PKCS10Attribute[] attribs = + allAttrs.toArray(new PKCS10Attribute[map.size()]); + + DerOutputStream attrOut = new DerOutputStream(); + attrOut.putOrderedSetOf(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte)0), + attribs); + out.write(attrOut.toByteArray()); + } + + /** + * Set the attribute value. + */ + public void setAttribute(String name, Object obj) { + if (obj instanceof PKCS10Attribute) { + map.put(name, (PKCS10Attribute)obj); + } + } + + /** + * Get the attribute value. + */ + public Object getAttribute(String name) { + return map.get(name); + } + + /** + * Delete the attribute value. + */ + public void deleteAttribute(String name) { + map.remove(name); + } + + /** + * Return an enumeration of names of attributes existing within this + * attribute. + */ + public Enumeration<PKCS10Attribute> getElements() { + return (map.elements()); + } + + /** + * Return a Collection of attributes existing within this + * PKCS10Attributes object. + */ + public Collection<PKCS10Attribute> getAttributes() { + return (Collections.unmodifiableCollection(map.values())); + } + + /** + * Compares this PKCS10Attributes for equality with the specified + * object. If the <code>other</code> object is an + * <code>instanceof</code> <code>PKCS10Attributes</code>, then + * all the entries are compared with the entries from this. + * + * @param other the object to test for equality with this PKCS10Attributes. + * @return true if all the entries match that of the Other, + * false otherwise. + */ + public boolean equals(Object other) { + if (this == other) + return true; + if (!(other instanceof PKCS10Attributes)) + return false; + + Collection<PKCS10Attribute> othersAttribs = + ((PKCS10Attributes)other).getAttributes(); + PKCS10Attribute[] attrs = + othersAttribs.toArray(new PKCS10Attribute[othersAttribs.size()]); + int len = attrs.length; + if (len != map.size()) + return false; + PKCS10Attribute thisAttr, otherAttr; + String key = null; + for (int i=0; i < len; i++) { + otherAttr = attrs[i]; + key = otherAttr.getAttributeId().toString(); + + if (key == null) + return false; + thisAttr = map.get(key); + if (thisAttr == null) + return false; + if (! thisAttr.equals(otherAttr)) + return false; + } + return true; + } + + /** + * Returns a hashcode value for this PKCS10Attributes. + * + * @return the hashcode value. + */ + public int hashCode() { + return map.hashCode(); + } + + /** + * Returns a string representation of this <tt>PKCS10Attributes</tt> object + * in the form of a set of entries, enclosed in braces and separated + * by the ASCII characters "<tt>, </tt>" (comma and space). + * <p>Overrides the <tt>toString</tt> method of <tt>Object</tt>. + * + * @return a string representation of this PKCS10Attributes. + */ + public String toString() { + String s = map.size() + "\n" + map.toString(); + return s; + } +}
--- a/src/share/classes/sun/security/pkcs11/Config.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/Config.java Sat Sep 10 22:36:17 2016 +0100 @@ -574,12 +574,13 @@ private boolean parseBoolean() throws IOException { String val = parseWord(); - if (val.equals("true")) { - return true; - } else if (val.equals("false")) { - return false; - } else { - throw excToken("Expected boolean value, read:"); + switch (val) { + case "true": + return true; + case "false": + return false; + default: + throw excToken("Expected boolean value, read:"); } } @@ -916,14 +917,15 @@ private String parseOperation() throws IOException { String op = parseWord(); - if (op.equals("*")) { - return TemplateManager.O_ANY; - } else if (op.equals("generate")) { - return TemplateManager.O_GENERATE; - } else if (op.equals("import")) { - return TemplateManager.O_IMPORT; - } else { - throw excLine("Unknown operation " + op); + switch (op) { + case "*": + return TemplateManager.O_ANY; + case "generate": + return TemplateManager.O_GENERATE; + case "import": + return TemplateManager.O_IMPORT; + default: + throw excLine("Unknown operation " + op); } } @@ -1010,6 +1012,7 @@ } class ConfigurationException extends IOException { + private static final long serialVersionUID = 254492758807673194L; ConfigurationException(String msg) { super(msg); }
--- a/src/share/classes/sun/security/pkcs11/P11Cipher.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/P11Cipher.java Sat Sep 10 22:36:17 2016 +0100 @@ -35,6 +35,7 @@ import javax.crypto.spec.*; import sun.nio.ch.DirectBuffer; +import sun.security.jca.JCAUtil; import sun.security.pkcs11.wrapper.*; import static sun.security.pkcs11.wrapper.PKCS11Constants.*; @@ -278,7 +279,7 @@ // see JCE spec protected byte[] engineGetIV() { - return (iv == null) ? null : (byte[]) iv.clone(); + return (iv == null) ? null : iv.clone(); } // see JCE spec @@ -335,7 +336,7 @@ byte[] ivValue; if (params != null) { try { - IvParameterSpec ivSpec = (IvParameterSpec) + IvParameterSpec ivSpec = params.getParameterSpec(IvParameterSpec.class); ivValue = ivSpec.getIV(); } catch (InvalidParameterSpecException e) { @@ -388,7 +389,7 @@ } // generate random IV if (random == null) { - random = new SecureRandom(); + random = JCAUtil.getSecureRandom(); } iv = new byte[blockSize]; random.nextBytes(iv);
--- a/src/share/classes/sun/security/pkcs11/P11DHKeyFactory.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/P11DHKeyFactory.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -212,8 +212,8 @@ } } - KeySpec implGetPublicKeySpec(P11Key key, Class keySpec, Session[] session) - throws PKCS11Exception, InvalidKeySpecException { + <T extends KeySpec> T implGetPublicKeySpec(P11Key key, Class<T> keySpec, + Session[] session) throws PKCS11Exception, InvalidKeySpecException { if (DHPublicKeySpec.class.isAssignableFrom(keySpec)) { session[0] = token.getObjSession(); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { @@ -227,15 +227,15 @@ attributes[1].getBigInteger(), attributes[2].getBigInteger() ); - return spec; + return keySpec.cast(spec); } else { // X.509 handled in superclass throw new InvalidKeySpecException("Only DHPublicKeySpec and " + "X509EncodedKeySpec supported for DH public keys"); } } - KeySpec implGetPrivateKeySpec(P11Key key, Class keySpec, Session[] session) - throws PKCS11Exception, InvalidKeySpecException { + <T extends KeySpec> T implGetPrivateKeySpec(P11Key key, Class<T> keySpec, + Session[] session) throws PKCS11Exception, InvalidKeySpecException { if (DHPrivateKeySpec.class.isAssignableFrom(keySpec)) { session[0] = token.getObjSession(); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { @@ -249,7 +249,7 @@ attributes[1].getBigInteger(), attributes[2].getBigInteger() ); - return spec; + return keySpec.cast(spec); } else { // PKCS#8 handled in superclass throw new InvalidKeySpecException("Only DHPrivateKeySpec " + "and PKCS8EncodedKeySpec supported for DH private keys");
--- a/src/share/classes/sun/security/pkcs11/P11DSAKeyFactory.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/P11DSAKeyFactory.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -208,8 +208,8 @@ } } - KeySpec implGetPublicKeySpec(P11Key key, Class keySpec, Session[] session) - throws PKCS11Exception, InvalidKeySpecException { + <T extends KeySpec> T implGetPublicKeySpec(P11Key key, Class<T> keySpec, + Session[] session) throws PKCS11Exception, InvalidKeySpecException { if (DSAPublicKeySpec.class.isAssignableFrom(keySpec)) { session[0] = token.getObjSession(); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { @@ -225,15 +225,15 @@ attributes[2].getBigInteger(), attributes[3].getBigInteger() ); - return spec; + return keySpec.cast(spec); } else { // X.509 handled in superclass throw new InvalidKeySpecException("Only DSAPublicKeySpec and " + "X509EncodedKeySpec supported for DSA public keys"); } } - KeySpec implGetPrivateKeySpec(P11Key key, Class keySpec, Session[] session) - throws PKCS11Exception, InvalidKeySpecException { + <T extends KeySpec> T implGetPrivateKeySpec(P11Key key, Class<T> keySpec, + Session[] session) throws PKCS11Exception, InvalidKeySpecException { if (DSAPrivateKeySpec.class.isAssignableFrom(keySpec)) { session[0] = token.getObjSession(); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { @@ -249,7 +249,7 @@ attributes[2].getBigInteger(), attributes[3].getBigInteger() ); - return spec; + return keySpec.cast(spec); } else { // PKCS#8 handled in superclass throw new InvalidKeySpecException("Only DSAPrivateKeySpec " + "and PKCS8EncodedKeySpec supported for DSA private keys");
--- a/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java Sat Sep 10 22:36:17 2016 +0100 @@ -259,8 +259,8 @@ } } - KeySpec implGetPublicKeySpec(P11Key key, Class keySpec, Session[] session) - throws PKCS11Exception, InvalidKeySpecException { + <T extends KeySpec> T implGetPublicKeySpec(P11Key key, Class<T> keySpec, + Session[] session) throws PKCS11Exception, InvalidKeySpecException { if (ECPublicKeySpec.class.isAssignableFrom(keySpec)) { session[0] = token.getObjSession(); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { @@ -271,7 +271,7 @@ try { ECParameterSpec params = decodeParameters(attributes[1].getByteArray()); ECPoint point = decodePoint(attributes[0].getByteArray(), params.getCurve()); - return new ECPublicKeySpec(point, params); + return keySpec.cast(new ECPublicKeySpec(point, params)); } catch (IOException e) { throw new InvalidKeySpecException("Could not parse key", e); } @@ -281,8 +281,8 @@ } } - KeySpec implGetPrivateKeySpec(P11Key key, Class keySpec, Session[] session) - throws PKCS11Exception, InvalidKeySpecException { + <T extends KeySpec> T implGetPrivateKeySpec(P11Key key, Class<T> keySpec, + Session[] session) throws PKCS11Exception, InvalidKeySpecException { if (ECPrivateKeySpec.class.isAssignableFrom(keySpec)) { session[0] = token.getObjSession(); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { @@ -292,7 +292,8 @@ token.p11.C_GetAttributeValue(session[0].id(), key.keyID, attributes); try { ECParameterSpec params = decodeParameters(attributes[1].getByteArray()); - return new ECPrivateKeySpec(attributes[0].getBigInteger(), params); + return keySpec.cast( + new ECPrivateKeySpec(attributes[0].getBigInteger(), params)); } catch (IOException e) { throw new InvalidKeySpecException("Could not parse key", e); }
--- a/src/share/classes/sun/security/pkcs11/P11Key.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/P11Key.java Sat Sep 10 22:36:17 2016 +0100 @@ -129,7 +129,7 @@ // see JCA spec public final byte[] getEncoded() { byte[] b = getEncodedInternal(); - return (b == null) ? null : (byte[])b.clone(); + return (b == null) ? null : b.clone(); } abstract byte[] getEncodedInternal(); @@ -304,21 +304,22 @@ // we assume that all components of public keys are always accessible static PublicKey publicKey(Session session, long keyID, String algorithm, int keyLength, CK_ATTRIBUTE[] attributes) { - if (algorithm.equals("RSA")) { - return new P11RSAPublicKey - (session, keyID, algorithm, keyLength, attributes); - } else if (algorithm.equals("DSA")) { - return new P11DSAPublicKey - (session, keyID, algorithm, keyLength, attributes); - } else if (algorithm.equals("DH")) { - return new P11DHPublicKey - (session, keyID, algorithm, keyLength, attributes); - } else if (algorithm.equals("EC")) { - return new P11ECPublicKey - (session, keyID, algorithm, keyLength, attributes); - } else { - throw new ProviderException - ("Unknown public key algorithm " + algorithm); + switch (algorithm) { + case "RSA": + return new P11RSAPublicKey + (session, keyID, algorithm, keyLength, attributes); + case "DSA": + return new P11DSAPublicKey + (session, keyID, algorithm, keyLength, attributes); + case "DH": + return new P11DHPublicKey + (session, keyID, algorithm, keyLength, attributes); + case "EC": + return new P11ECPublicKey + (session, keyID, algorithm, keyLength, attributes); + default: + throw new ProviderException + ("Unknown public key algorithm " + algorithm); } } @@ -333,42 +334,43 @@ return new P11PrivateKey (session, keyID, algorithm, keyLength, attributes); } else { - if (algorithm.equals("RSA")) { - // XXX better test for RSA CRT keys (single getAttributes() call) - // we need to determine whether this is a CRT key - // see if we can obtain the public exponent - // this should also be readable for sensitive/extractable keys - CK_ATTRIBUTE[] attrs2 = new CK_ATTRIBUTE[] { - new CK_ATTRIBUTE(CKA_PUBLIC_EXPONENT), - }; - boolean crtKey; - try { - session.token.p11.C_GetAttributeValue - (session.id(), keyID, attrs2); - crtKey = (attrs2[0].pValue instanceof byte[]); - } catch (PKCS11Exception e) { - // ignore, assume not available - crtKey = false; - } - if (crtKey) { - return new P11RSAPrivateKey + switch (algorithm) { + case "RSA": + // XXX better test for RSA CRT keys (single getAttributes() call) + // we need to determine whether this is a CRT key + // see if we can obtain the public exponent + // this should also be readable for sensitive/extractable keys + CK_ATTRIBUTE[] attrs2 = new CK_ATTRIBUTE[] { + new CK_ATTRIBUTE(CKA_PUBLIC_EXPONENT), + }; + boolean crtKey; + try { + session.token.p11.C_GetAttributeValue + (session.id(), keyID, attrs2); + crtKey = (attrs2[0].pValue instanceof byte[]); + } catch (PKCS11Exception e) { + // ignore, assume not available + crtKey = false; + } + if (crtKey) { + return new P11RSAPrivateKey + (session, keyID, algorithm, keyLength, attributes); + } else { + return new P11RSAPrivateNonCRTKey + (session, keyID, algorithm, keyLength, attributes); + } + case "DSA": + return new P11DSAPrivateKey (session, keyID, algorithm, keyLength, attributes); - } else { - return new P11RSAPrivateNonCRTKey + case "DH": + return new P11DHPrivateKey (session, keyID, algorithm, keyLength, attributes); - } - } else if (algorithm.equals("DSA")) { - return new P11DSAPrivateKey - (session, keyID, algorithm, keyLength, attributes); - } else if (algorithm.equals("DH")) { - return new P11DHPrivateKey - (session, keyID, algorithm, keyLength, attributes); - } else if (algorithm.equals("EC")) { - return new P11ECPrivateKey - (session, keyID, algorithm, keyLength, attributes); - } else { - throw new ProviderException - ("Unknown private key algorithm " + algorithm); + case "EC": + return new P11ECPrivateKey + (session, keyID, algorithm, keyLength, attributes); + default: + throw new ProviderException + ("Unknown private key algorithm " + algorithm); } } } @@ -376,6 +378,8 @@ // class for sensitive and unextractable private keys private static final class P11PrivateKey extends P11Key implements PrivateKey { + private static final long serialVersionUID = -2138581185214187615L; + P11PrivateKey(Session session, long keyID, String algorithm, int keyLength, CK_ATTRIBUTE[] attributes) { super(PRIVATE, session, keyID, algorithm, keyLength, attributes); @@ -392,6 +396,7 @@ } private static class P11SecretKey extends P11Key implements SecretKey { + private static final long serialVersionUID = -7828241727014329084L; private volatile byte[] encoded; P11SecretKey(Session session, long keyID, String algorithm, int keyLength, CK_ATTRIBUTE[] attributes) { @@ -439,6 +444,8 @@ private static class P11TlsMasterSecretKey extends P11SecretKey implements TlsMasterSecret { + private static final long serialVersionUID = -1318560923770573441L; + private final int majorVersion, minorVersion; P11TlsMasterSecretKey(Session session, long keyID, String algorithm, int keyLength, CK_ATTRIBUTE[] attributes, int major, int minor) { @@ -458,6 +465,8 @@ // RSA CRT private key private static final class P11RSAPrivateKey extends P11Key implements RSAPrivateCrtKey { + private static final long serialVersionUID = 9215872438913515220L; + private BigInteger n, e, d, p, q, pe, qe, coeff; private byte[] encoded; P11RSAPrivateKey(Session session, long keyID, String algorithm, @@ -547,6 +556,8 @@ // RSA non-CRT private key private static final class P11RSAPrivateNonCRTKey extends P11Key implements RSAPrivateKey { + private static final long serialVersionUID = 1137764983777411481L; + private BigInteger n, d; private byte[] encoded; P11RSAPrivateNonCRTKey(Session session, long keyID, String algorithm, @@ -599,6 +610,8 @@ private static final class P11RSAPublicKey extends P11Key implements RSAPublicKey { + private static final long serialVersionUID = -826726289023854455L; + private BigInteger n, e; private byte[] encoded; P11RSAPublicKey(Session session, long keyID, String algorithm, @@ -651,6 +664,8 @@ private static final class P11DSAPublicKey extends P11Key implements DSAPublicKey { + private static final long serialVersionUID = 5989753793316396637L; + private BigInteger y; private DSAParams params; private byte[] encoded; @@ -712,6 +727,8 @@ private static final class P11DSAPrivateKey extends P11Key implements DSAPrivateKey { + private static final long serialVersionUID = 3119629997181999389L; + private BigInteger x; private DSAParams params; private byte[] encoded; @@ -768,6 +785,8 @@ private static final class P11DHPrivateKey extends P11Key implements DHPrivateKey { + private static final long serialVersionUID = -1698576167364928838L; + private BigInteger x; private DHParameterSpec params; private byte[] encoded; @@ -825,6 +844,8 @@ private static final class P11DHPublicKey extends P11Key implements DHPublicKey { + static final long serialVersionUID = -598383872153843657L; + private BigInteger y; private DHParameterSpec params; private byte[] encoded; @@ -887,6 +908,8 @@ private static final class P11ECPrivateKey extends P11Key implements ECPrivateKey { + private static final long serialVersionUID = -7786054399510515515L; + private BigInteger s; private ECParameterSpec params; private byte[] encoded; @@ -941,6 +964,8 @@ private static final class P11ECPublicKey extends P11Key implements ECPublicKey { + private static final long serialVersionUID = -6371481375154806089L; + private ECPoint w; private ECParameterSpec params; private byte[] encoded;
--- a/src/share/classes/sun/security/pkcs11/P11KeyAgreement.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/P11KeyAgreement.java Sat Sep 10 22:36:17 2016 +0100 @@ -148,8 +148,8 @@ // just in case not, attempt conversion P11DHKeyFactory kf = new P11DHKeyFactory(token, "DH"); try { - DHPublicKeySpec spec = (DHPublicKeySpec)kf.engineGetKeySpec - (key, DHPublicKeySpec.class); + DHPublicKeySpec spec = kf.engineGetKeySpec( + key, DHPublicKeySpec.class); // validate the Diffie-Hellman public key KeyUtil.validate(spec);
--- a/src/share/classes/sun/security/pkcs11/P11KeyFactory.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/P11KeyFactory.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,7 +29,6 @@ import java.security.spec.*; import sun.security.pkcs11.wrapper.PKCS11Exception; -import static sun.security.pkcs11.wrapper.PKCS11Constants.*; /** * KeyFactory base class. Provides common infrastructure for the RSA, DSA, @@ -77,7 +76,7 @@ if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec) || X509EncodedKeySpec.class.isAssignableFrom(keySpec)) { try { - return (T)implGetSoftwareFactory().getKeySpec(key, keySpec); + return implGetSoftwareFactory().getKeySpec(key, keySpec); } catch (GeneralSecurityException e) { throw new InvalidKeySpecException("Could not encode key", e); } @@ -92,9 +91,9 @@ Session[] session = new Session[1]; try { if (p11Key.isPublic()) { - return (T)implGetPublicKeySpec(p11Key, keySpec, session); + return implGetPublicKeySpec(p11Key, keySpec, session); } else { - return (T)implGetPrivateKeySpec(p11Key, keySpec, session); + return implGetPrivateKeySpec(p11Key, keySpec, session); } } catch (PKCS11Exception e) { throw new InvalidKeySpecException("Could not generate KeySpec", e); @@ -138,10 +137,10 @@ } } - abstract KeySpec implGetPublicKeySpec(P11Key key, Class keySpec, + abstract <T extends KeySpec> T implGetPublicKeySpec(P11Key key, Class<T> keySpec, Session[] session) throws PKCS11Exception, InvalidKeySpecException; - abstract KeySpec implGetPrivateKeySpec(P11Key key, Class keySpec, + abstract <T extends KeySpec> T implGetPrivateKeySpec(P11Key key, Class<T> keySpec, Session[] session) throws PKCS11Exception, InvalidKeySpecException; abstract PublicKey implTranslatePublicKey(PublicKey key)
--- a/src/share/classes/sun/security/pkcs11/P11KeyStore.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/P11KeyStore.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,12 +34,9 @@ import java.io.UnsupportedEncodingException; import java.util.Arrays; -import java.util.Collection; import java.util.Collections; import java.util.Date; import java.util.Enumeration; -import java.util.Iterator; -import java.util.List; import java.util.ArrayList; import java.util.HashSet; import java.util.HashMap; @@ -48,7 +45,6 @@ import java.security.*; import java.security.KeyStore.*; -import java.security.cert.CertPath; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.security.cert.CertificateFactory; @@ -60,7 +56,6 @@ import javax.crypto.SecretKey; import javax.crypto.interfaces.*; -import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import javax.security.auth.login.LoginException; import javax.security.auth.callback.Callback; @@ -69,7 +64,6 @@ import javax.security.auth.callback.UnsupportedCallbackException; import sun.security.util.Debug; -import sun.security.x509.SerialNumber; import sun.security.util.DerValue; import sun.security.ec.ECParameters; @@ -235,7 +229,7 @@ private PasswordCallbackHandler(char[] password) { if (password != null) { - this.password = (char[])password.clone(); + this.password = password.clone(); } } @@ -331,10 +325,8 @@ // did not find anything return null; - } catch (PKCS11Exception pe) { - throw new ProviderException(pe); - } catch (KeyStoreException ke) { - throw new ProviderException(ke); + } catch (PKCS11Exception | KeyStoreException e) { + throw new ProviderException(e); } finally { token.releaseSession(session); } @@ -458,10 +450,8 @@ } else if (key instanceof SecretKey) { entry = new KeyStore.SecretKeyEntry((SecretKey)key); } - } catch (NullPointerException npe) { - throw new KeyStoreException(npe); - } catch (IllegalArgumentException iae) { - throw new KeyStoreException(iae); + } catch (NullPointerException | IllegalArgumentException e) { + throw new KeyStoreException(e); } engineSetEntry(alias, entry, new KeyStore.PasswordProtection(password)); } @@ -566,10 +556,8 @@ } else { throw new KeyStoreException("unexpected entry type"); } - } catch (PKCS11Exception pe) { - throw new KeyStoreException(pe); - } catch (CertificateException ce) { - throw new KeyStoreException(ce); + } catch (PKCS11Exception | CertificateException e) { + throw new KeyStoreException(e); } } return false; @@ -770,18 +758,8 @@ if (debug != null) { dumpTokenMap(); } - } catch (LoginException le) { - IOException ioe = new IOException("load failed"); - ioe.initCause(le); - throw ioe; - } catch (KeyStoreException kse) { - IOException ioe = new IOException("load failed"); - ioe.initCause(kse); - throw ioe; - } catch (PKCS11Exception pe) { - IOException ioe = new IOException("load failed"); - ioe.initCause(pe); - throw ioe; + } catch (LoginException | KeyStoreException | PKCS11Exception e) { + throw new IOException("load failed", e); } } @@ -860,11 +838,7 @@ if (debug != null) { dumpTokenMap(); } - } catch (LoginException e) { - throw new IOException("load failed", e); - } catch (KeyStoreException e) { - throw new IOException("load failed", e); - } catch (PKCS11Exception e) { + } catch (LoginException | KeyStoreException | PKCS11Exception e) { throw new IOException("load failed", e); } } @@ -1054,9 +1028,7 @@ storeCert(alias, xcert); module.setTrust(token, xcert); mapLabels(); - } catch (PKCS11Exception e) { - throw new KeyStoreException(e); - } catch (CertificateException e) { + } catch (PKCS11Exception | CertificateException e) { throw new KeyStoreException(e); } @@ -1118,10 +1090,8 @@ storePkey(alias, (KeyStore.PrivateKeyEntry)entry); } - } catch (PKCS11Exception pe) { + } catch (PKCS11Exception | CertificateException pe) { throw new KeyStoreException(pe); - } catch (CertificateException ce) { - throw new KeyStoreException(ce); } } else if (entry instanceof KeyStore.SecretKeyEntry) { @@ -1158,10 +1128,8 @@ if (debug != null) { dumpTokenMap(); } - } catch (PKCS11Exception pe) { + } catch (PKCS11Exception | CertificateException pe) { throw new KeyStoreException(pe); - } catch (CertificateException ce) { - throw new KeyStoreException(ce); } } @@ -1870,7 +1838,7 @@ debug.println("creating RSAPrivateKey attrs"); } - RSAPrivateKey rsaKey = (RSAPrivateKey)key; + RSAPrivateKey rsaKey = key; attrs = new CK_ATTRIBUTE[] { ATTR_TOKEN_TRUE, @@ -2662,7 +2630,7 @@ private void dumpTokenMap() { Set<String> aliases = aliasMap.keySet(); System.out.println("Token Alias Map:"); - if (aliases.size() == 0) { + if (aliases.isEmpty()) { System.out.println(" [empty]"); } else { for (String s : aliases) {
--- a/src/share/classes/sun/security/pkcs11/P11RSACipher.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/P11RSACipher.java Sat Sep 10 22:36:17 2016 +0100 @@ -468,49 +468,49 @@ algorithm.equals("TlsRsaPremasterSecret"); Exception failover = null; - SecureRandom secureRandom = random; - if (secureRandom == null && isTlsRsaPremasterSecret) { - secureRandom = new SecureRandom(); - } - // Should C_Unwrap be preferred for non-TLS RSA premaster secret? if (token.supportsRawSecretKeyImport()) { // XXX implement unwrap using C_Unwrap() for all keys implInit(Cipher.DECRYPT_MODE, p11Key); - if (wrappedKey.length > maxInputSize) { - throw new InvalidKeyException("Key is too long for unwrapping"); - } + try { + if (wrappedKey.length > maxInputSize) { + throw new InvalidKeyException("Key is too long for unwrapping"); + } - byte[] encoded = null; - implUpdate(wrappedKey, 0, wrappedKey.length); - try { - encoded = doFinal(); - } catch (BadPaddingException e) { - if (isTlsRsaPremasterSecret) { - failover = e; - } else { + byte[] encoded = null; + implUpdate(wrappedKey, 0, wrappedKey.length); + try { + encoded = doFinal(); + } catch (BadPaddingException e) { + if (isTlsRsaPremasterSecret) { + failover = e; + } else { + throw new InvalidKeyException("Unwrapping failed", e); + } + } catch (IllegalBlockSizeException e) { + // should not occur, handled with length check above throw new InvalidKeyException("Unwrapping failed", e); } - } catch (IllegalBlockSizeException e) { - // should not occur, handled with length check above - throw new InvalidKeyException("Unwrapping failed", e); - } + + if (isTlsRsaPremasterSecret) { + if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) { + throw new IllegalStateException( + "No TlsRsaPremasterSecretParameterSpec specified"); + } - if (isTlsRsaPremasterSecret) { - if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) { - throw new IllegalStateException( - "No TlsRsaPremasterSecretParameterSpec specified"); + // polish the TLS premaster secret + TlsRsaPremasterSecretParameterSpec psps = + (TlsRsaPremasterSecretParameterSpec)spec; + encoded = KeyUtil.checkTlsPreMasterSecretKey( + psps.getClientVersion(), psps.getServerVersion(), + random, encoded, (failover != null)); } - // polish the TLS premaster secret - TlsRsaPremasterSecretParameterSpec psps = - (TlsRsaPremasterSecretParameterSpec)spec; - encoded = KeyUtil.checkTlsPreMasterSecretKey( - psps.getClientVersion(), psps.getServerVersion(), - secureRandom, encoded, (failover != null)); + return ConstructKeys.constructKey(encoded, algorithm, type); + } finally { + // Restore original mode + implInit(Cipher.UNWRAP_MODE, p11Key); } - - return ConstructKeys.constructKey(encoded, algorithm, type); } else { Session s = null; SecretKey secretKey = null; @@ -538,20 +538,13 @@ } if (isTlsRsaPremasterSecret) { - byte[] replacer = new byte[48]; - if (failover == null) { - // Does smart compiler dispose this operation? - secureRandom.nextBytes(replacer); - } - TlsRsaPremasterSecretParameterSpec psps = (TlsRsaPremasterSecretParameterSpec)spec; - // Please use the tricky failover and replacer byte array - // as the parameters so that smart compiler won't dispose - // the unused variable . + // Please use the tricky failover as the parameter so that + // smart compiler won't dispose the unused variable. secretKey = polishPreMasterSecretKey(token, s, - failover, replacer, secretKey, + failover, secretKey, psps.getClientVersion(), psps.getServerVersion()); } @@ -570,29 +563,27 @@ private static SecretKey polishPreMasterSecretKey( Token token, Session session, - Exception failover, byte[] replacer, SecretKey secretKey, + Exception failover, SecretKey unwrappedKey, int clientVersion, int serverVersion) { - if (failover != null) { - CK_VERSION version = new CK_VERSION( - (clientVersion >>> 8) & 0xFF, clientVersion & 0xFF); - try { - CK_ATTRIBUTE[] attributes = token.getAttributes( - O_GENERATE, CKO_SECRET_KEY, - CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); - long keyID = token.p11.C_GenerateKey(session.id(), - // new CK_MECHANISM(CKM_TLS_PRE_MASTER_KEY_GEN, version), - new CK_MECHANISM(CKM_SSL3_PRE_MASTER_KEY_GEN, version), - attributes); - return P11Key.secretKey(session, - keyID, "TlsRsaPremasterSecret", 48 << 3, attributes); - } catch (PKCS11Exception e) { - throw new ProviderException( - "Could not generate premaster secret", e); - } + SecretKey newKey; + CK_VERSION version = new CK_VERSION( + (clientVersion >>> 8) & 0xFF, clientVersion & 0xFF); + try { + CK_ATTRIBUTE[] attributes = token.getAttributes( + O_GENERATE, CKO_SECRET_KEY, + CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); + long keyID = token.p11.C_GenerateKey(session.id(), + new CK_MECHANISM(CKM_SSL3_PRE_MASTER_KEY_GEN, version), + attributes); + newKey = P11Key.secretKey(session, + keyID, "TlsRsaPremasterSecret", 48 << 3, attributes); + } catch (PKCS11Exception e) { + throw new ProviderException( + "Could not generate premaster secret", e); } - return secretKey; + return (failover == null) ? unwrappedKey : newKey; } }
--- a/src/share/classes/sun/security/pkcs11/P11RSAKeyFactory.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/P11RSAKeyFactory.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -130,10 +130,7 @@ rs.getModulus(), rs.getPublicExponent() ); - } catch (PKCS11Exception e) { - throw new InvalidKeySpecException - ("Could not create RSA public key", e); - } catch (InvalidKeyException e) { + } catch (PKCS11Exception | InvalidKeyException e) { throw new InvalidKeySpecException ("Could not create RSA public key", e); } @@ -177,10 +174,7 @@ throw new InvalidKeySpecException("Only RSAPrivate(Crt)KeySpec " + "and PKCS8EncodedKeySpec supported for RSA private keys"); } - } catch (PKCS11Exception e) { - throw new InvalidKeySpecException - ("Could not create RSA private key", e); - } catch (InvalidKeyException e) { + } catch (PKCS11Exception | InvalidKeyException e) { throw new InvalidKeySpecException ("Could not create RSA private key", e); } @@ -260,8 +254,8 @@ } } - KeySpec implGetPublicKeySpec(P11Key key, Class keySpec, Session[] session) - throws PKCS11Exception, InvalidKeySpecException { + <T extends KeySpec> T implGetPublicKeySpec(P11Key key, Class<T> keySpec, + Session[] session) throws PKCS11Exception, InvalidKeySpecException { if (RSAPublicKeySpec.class.isAssignableFrom(keySpec)) { session[0] = token.getObjSession(); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { @@ -273,15 +267,15 @@ attributes[0].getBigInteger(), attributes[1].getBigInteger() ); - return spec; + return keySpec.cast(spec); } else { // X.509 handled in superclass throw new InvalidKeySpecException("Only RSAPublicKeySpec and " + "X509EncodedKeySpec supported for RSA public keys"); } } - KeySpec implGetPrivateKeySpec(P11Key key, Class keySpec, Session[] session) - throws PKCS11Exception, InvalidKeySpecException { + <T extends KeySpec> T implGetPrivateKeySpec(P11Key key, Class<T> keySpec, + Session[] session) throws PKCS11Exception, InvalidKeySpecException { if (RSAPrivateCrtKeySpec.class.isAssignableFrom(keySpec)) { session[0] = token.getObjSession(); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { @@ -305,7 +299,7 @@ attributes[6].getBigInteger(), attributes[7].getBigInteger() ); - return spec; + return keySpec.cast(spec); } else if (RSAPrivateKeySpec.class.isAssignableFrom(keySpec)) { session[0] = token.getObjSession(); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { @@ -317,7 +311,7 @@ attributes[0].getBigInteger(), attributes[1].getBigInteger() ); - return spec; + return keySpec.cast(spec); } else { // PKCS#8 handled in superclass throw new InvalidKeySpecException("Only RSAPrivate(Crt)KeySpec " + "and PKCS8EncodedKeySpec supported for RSA private keys");
--- a/src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it
--- a/src/share/classes/sun/security/pkcs11/P11Signature.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/P11Signature.java Sat Sep 10 22:36:17 2016 +0100 @@ -407,7 +407,7 @@ ensureInitialized(); switch (type) { case T_UPDATE: - buffer[0] = (byte)b; + buffer[0] = b; engineUpdate(buffer, 0, 1); break; case T_DIGEST:
--- a/src/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -98,6 +98,8 @@ // SecretKeySpec does not allow zero length keys, so we define our own class. private static final SecretKey NULL_KEY = new SecretKey() { + private static final long serialVersionUID = -8090049519656411362L; + public byte[] getEncoded() { return new byte[0]; }
--- a/src/share/classes/sun/security/pkcs11/P11Util.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/P11Util.java Sat Sep 10 22:36:17 2016 +0100 @@ -88,7 +88,7 @@ p = Security.getProvider(providerName); if (p == null) { try { - Class clazz = Class.forName(className); + Class<?> clazz = Class.forName(className); p = (Provider)clazz.newInstance(); } catch (Exception e) { throw new ProviderException
--- a/src/share/classes/sun/security/pkcs11/Secmod.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/Secmod.java Sat Sep 10 22:36:17 2016 +0100 @@ -243,6 +243,7 @@ throw new IllegalStateException(e); } if (modules == null) { + @SuppressWarnings("unchecked") List<Module> modules = (List<Module>)nssGetModuleList(nssHandle, nssLibDir); this.modules = Collections.unmodifiableList(modules);
--- a/src/share/classes/sun/security/pkcs11/wrapper/Functions.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/wrapper/Functions.java Sat Sep 10 22:36:17 2016 +0100 @@ -501,7 +501,7 @@ if (array != null) { for (int i = 0; (i < 4) && (i < array.length); i++) { - hash ^= ((int) (0xFF & array[i])) << ((i%4) << 3); + hash ^= (0xFF & array[i]) << ((i%4) << 3); } } @@ -521,7 +521,7 @@ if (array != null) { for (int i = 0; (i < 4) && (i < array.length); i++) { - hash ^= ((int) (0xFFFF & array[i])) << ((i%2) << 4); + hash ^= (0xFFFF & array[i]) << ((i%2) << 4); } } @@ -541,18 +541,18 @@ if (date != null) { if (date.year.length == 4) { - hash ^= ((int) (0xFFFF & date.year[0])) << 16; - hash ^= (int) (0xFFFF & date.year[1]); - hash ^= ((int) (0xFFFF & date.year[2])) << 16; - hash ^= (int) (0xFFFF & date.year[3]); + hash ^= (0xFFFF & date.year[0]) << 16; + hash ^= 0xFFFF & date.year[1]; + hash ^= (0xFFFF & date.year[2]) << 16; + hash ^= 0xFFFF & date.year[3]; } if (date.month.length == 2) { - hash ^= ((int) (0xFFFF & date.month[0])) << 16; - hash ^= (int) (0xFFFF & date.month[1]); + hash ^= (0xFFFF & date.month[0]) << 16; + hash ^= 0xFFFF & date.month[1]; } if (date.day.length == 2) { - hash ^= ((int) (0xFFFF & date.day[0])) << 16; - hash ^= (int) (0xFFFF & date.day[1]); + hash ^= (0xFFFF & date.day[0]) << 16; + hash ^= 0xFFFF & date.day[1]; } }
--- a/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -63,6 +63,7 @@ * @invariants */ public class PKCS11Exception extends Exception { + private static final long serialVersionUID = 4877072363729195L; /** * The code of the error which was the reason for this exception.
--- a/src/share/classes/sun/security/pkcs11/wrapper/PKCS11RuntimeException.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs11/wrapper/PKCS11RuntimeException.java Sat Sep 10 22:36:17 2016 +0100 @@ -57,6 +57,7 @@ * @invariants */ public class PKCS11RuntimeException extends RuntimeException { + private static final long serialVersionUID = 7889842162743590564L; /** * Empty constructor.
--- a/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java Sat Sep 10 22:36:17 2016 +0100 @@ -41,13 +41,10 @@ import java.security.cert.CertificateException; import java.security.spec.PKCS8EncodedKeySpec; import java.util.*; -import java.math.*; import java.security.AlgorithmParameters; -import java.security.spec.AlgorithmParameterSpec; import javax.crypto.spec.PBEParameterSpec; import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.SecretKeySpec; import javax.crypto.SecretKeyFactory; import javax.crypto.SecretKey; import javax.crypto.Cipher; @@ -434,10 +431,8 @@ // add the entry entries.put(alias.toLowerCase(Locale.ENGLISH), entry); } catch (Exception nsae) { - KeyStoreException ke = new KeyStoreException("Key protection " + - " algorithm not found: " + nsae); - ke.initCause(nsae); - throw ke; + throw new KeyStoreException("Key protection " + + " algorithm not found: " + nsae, nsae); } } @@ -473,10 +468,8 @@ try { new EncryptedPrivateKeyInfo(key); } catch (IOException ioe) { - KeyStoreException ke = new KeyStoreException("Private key is not" - + " stored as PKCS#8 EncryptedPrivateKeyInfo: " + ioe); - ke.initCause(ioe); - throw ke; + throw new KeyStoreException("Private key is not stored" + + " as PKCS#8 EncryptedPrivateKeyInfo: " + ioe, ioe); } KeyEntry entry = new KeyEntry(); @@ -535,11 +528,8 @@ algParams = AlgorithmParameters.getInstance(algorithm); algParams.init(paramSpec); } catch (Exception e) { - IOException ioe = - new IOException("getAlgorithmParameters failed: " + - e.getMessage()); - ioe.initCause(e); - throw ioe; + throw new IOException("getAlgorithmParameters failed: " + + e.getMessage(), e); } return algParams; } @@ -566,11 +556,8 @@ algParams.init(params.toByteArray()); } } catch (Exception e) { - IOException ioe = - new IOException("parseAlgParameters failed: " + - e.getMessage()); - ioe.initCause(e); - throw ioe; + throw new IOException("parseAlgParameters failed: " + + e.getMessage(), e); } return algParams; } @@ -587,10 +574,8 @@ SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE"); skey = skFac.generateSecret(keySpec); } catch (Exception e) { - IOException ioe = new IOException("getSecretKey failed: " + - e.getMessage()); - ioe.initCause(e); - throw ioe; + throw new IOException("getSecretKey failed: " + + e.getMessage(), e); } return skey; } @@ -848,9 +833,7 @@ md.update(data); digest = md.digest(); } catch (Exception e) { - IOException ioe = new IOException("generateHash failed: " + e); - ioe.initCause(e); - throw ioe; + throw new IOException("generateHash failed: " + e, e); } return digest; } @@ -888,9 +871,7 @@ bytes.write(macData.getEncoded()); mData = bytes.toByteArray(); } catch (Exception e) { - IOException ioe = new IOException("calculateMac failed: " + e); - ioe.initCause(e); - throw ioe; + throw new IOException("calculateMac failed: " + e, e); } return mData; } @@ -1176,10 +1157,8 @@ encryptedData = cipher.doFinal(data); } catch (Exception e) { - IOException ioe = new IOException("Failed to encrypt" + - " safe contents entry: " + e); - ioe.initCause(e); - throw ioe; + throw new IOException("Failed to encrypt" + + " safe contents entry: " + e, e); } // create EncryptedContentInfo @@ -1247,7 +1226,7 @@ ContentInfo authSafe = new ContentInfo(s); ObjectIdentifier contentType = authSafe.getContentType(); - if (contentType.equals(ContentInfo.DATA_OID)) { + if (contentType.equals((Object)ContentInfo.DATA_OID)) { authSafeData = authSafe.getData(); } else /* signed data */ { throw new IOException("public key protected PKCS12 not supported"); @@ -1273,7 +1252,7 @@ safeContents = new ContentInfo(sci); contentType = safeContents.getContentType(); safeContentsData = null; - if (contentType.equals(ContentInfo.DATA_OID)) { + if (contentType.equals((Object)ContentInfo.DATA_OID)) { safeContentsData = safeContents.getData(); } else if (contentType.equals(ContentInfo.ENCRYPTED_DATA_OID)) { if (password == null) { @@ -1353,10 +1332,7 @@ " integrity checking"); } } catch (Exception e) { - IOException ioe = - new IOException("Integrity check failed: " + e); - ioe.initCause(e); - throw ioe; + throw new IOException("Integrity check failed: " + e, e); } } @@ -1453,12 +1429,12 @@ + bagValue.tag); } bagValue = bagValue.data.getDerValue(); - if (bagId.equals(PKCS8ShroudedKeyBag_OID)) { + if (bagId.equals((Object)PKCS8ShroudedKeyBag_OID)) { KeyEntry kEntry = new KeyEntry(); kEntry.protectedPrivKey = bagValue.toByteArray(); bagItem = kEntry; privateKeyCount++; - } else if (bagId.equals(CertBag_OID)) { + } else if (bagId.equals((Object)CertBag_OID)) { DerInputStream cs = new DerInputStream(bagValue.toByteArray()); DerValue[] certValues = cs.getSequence(2); ObjectIdentifier certId = certValues[0].getOID(); @@ -1504,9 +1480,9 @@ throw new IOException("Attribute " + attrId + " should have a value " + e.getMessage()); } - if (attrId.equals(PKCS9FriendlyName_OID)) { + if (attrId.equals((Object)PKCS9FriendlyName_OID)) { alias = valSet[0].getBMPString(); - } else if (attrId.equals(PKCS9LocalKeyId_OID)) { + } else if (attrId.equals((Object)PKCS9LocalKeyId_OID)) { keyId = valSet[0].getOctetString(); } else { // log error message for "unknown attr"
--- a/src/share/classes/sun/security/provider/DSA.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/DSA.java Sat Sep 10 22:36:17 2016 +0100 @@ -94,6 +94,18 @@ this.md = md; } + private static void checkKey(DSAParams params, int digestLen, String mdAlgo) + throws InvalidKeyException { + // FIPS186-3 states in sec4.2 that a hash function which provides + // a lower security strength than the (L, N) pair ordinarily should + // not be used. + int valueN = params.getQ().bitLength(); + if (valueN > digestLen) { + throw new InvalidKeyException("The security strength of " + + mdAlgo + " digest algorithm is not sufficient for this key size"); + } + } + /** * Initialize the DSA object with a DSA private key. * @@ -118,6 +130,12 @@ throw new InvalidKeyException("DSA private key lacks parameters"); } + // check key size against hash output size for signing + // skip this check for verification to minimize impact on existing apps + if (md.getAlgorithm() != "NullDigest20") { + checkKey(params, md.getDigestLength()*8, md.getAlgorithm()); + } + this.params = params; this.presetX = priv.getX(); this.presetY = null; @@ -148,7 +166,6 @@ if (params == null) { throw new InvalidKeyException("DSA public key lacks parameters"); } - this.params = params; this.presetY = pub.getY(); this.presetX = null; @@ -349,20 +366,13 @@ return t5.mod(q); } - // NOTE: This following impl is defined in FIPS 186-3 AppendixB.2.2. - // Original DSS algos such as SHA1withDSA and RawDSA uses a different - // algorithm defined in FIPS 186-1 Sec3.2, and thus need to override this. + // NOTE: This following impl is defined in FIPS 186-4 AppendixB.2.1. protected BigInteger generateK(BigInteger q) { SecureRandom random = getSigningRandom(); - byte[] kValue = new byte[q.bitLength()/8]; + byte[] kValue = new byte[(q.bitLength() + 7)/8 + 8]; - while (true) { - random.nextBytes(kValue); - BigInteger k = new BigInteger(1, kValue).mod(q); - if (k.signum() > 0 && k.compareTo(q) < 0) { - return k; - } - } + random.nextBytes(kValue); + return new BigInteger(1, kValue).mod(q.subtract(BigInteger.ONE)).add(BigInteger.ONE); } // Use the application-specified SecureRandom Object if provided. @@ -429,214 +439,10 @@ } } - static class LegacyDSA extends DSA { - /* The random seed used to generate k */ - private int[] kSeed; - /* The random seed used to generate k (specified by application) */ - private byte[] kSeedAsByteArray; - /* - * The random seed used to generate k - * (prevent the same Kseed from being used twice in a row - */ - private int[] kSeedLast; - - public LegacyDSA(MessageDigest md) throws NoSuchAlgorithmException { - super(md); - } - - @Deprecated - protected void engineSetParameter(String key, Object param) { - if (key.equals("KSEED")) { - if (param instanceof byte[]) { - kSeed = byteArray2IntArray((byte[])param); - kSeedAsByteArray = (byte[])param; - } else { - debug("unrecognized param: " + key); - throw new InvalidParameterException("kSeed not a byte array"); - } - } else { - throw new InvalidParameterException("Unsupported parameter"); - } - } - - @Deprecated - protected Object engineGetParameter(String key) { - if (key.equals("KSEED")) { - return kSeedAsByteArray; - } else { - return null; - } - } - - /* - * Please read bug report 4044247 for an alternative, faster, - * NON-FIPS approved method to generate K - */ - @Override - protected BigInteger generateK(BigInteger q) { - BigInteger k = null; - - // The application specified a kSeed for us to use. - // Note: we dis-allow usage of the same Kseed twice in a row - if (kSeed != null && !Arrays.equals(kSeed, kSeedLast)) { - k = generateKUsingKSeed(kSeed, q); - if (k.signum() > 0 && k.compareTo(q) < 0) { - kSeedLast = kSeed.clone(); - return k; - } - } - - // The application did not specify a Kseed for us to use. - // We'll generate a new Kseed by getting random bytes from - // a SecureRandom object. - SecureRandom random = getSigningRandom(); - - while (true) { - int[] seed = new int[5]; - - for (int i = 0; i < 5; i++) seed[i] = random.nextInt(); - - k = generateKUsingKSeed(seed, q); - if (k.signum() > 0 && k.compareTo(q) < 0) { - kSeedLast = seed; - return k; - } - } - } - - /** - * Compute k for the DSA signature as defined in the original DSS, - * i.e. FIPS186. - * - * @param seed the seed for generating k. This seed should be - * secure. This is what is refered to as the KSEED in the DSA - * specification. - * - * @param g the g parameter from the DSA key pair. - */ - private BigInteger generateKUsingKSeed(int[] seed, BigInteger q) { - - // check out t in the spec. - int[] t = { 0xEFCDAB89, 0x98BADCFE, 0x10325476, - 0xC3D2E1F0, 0x67452301 }; - // - int[] tmp = SHA_7(seed, t); - byte[] tmpBytes = new byte[tmp.length * 4]; - for (int i = 0; i < tmp.length; i++) { - int k = tmp[i]; - for (int j = 0; j < 4; j++) { - tmpBytes[(i * 4) + j] = (byte) (k >>> (24 - (j * 8))); - } - } - BigInteger k = new BigInteger(1, tmpBytes).mod(q); - return k; - } - - // Constants for each round - private static final int round1_kt = 0x5a827999; - private static final int round2_kt = 0x6ed9eba1; - private static final int round3_kt = 0x8f1bbcdc; - private static final int round4_kt = 0xca62c1d6; - - /** - * Computes set 1 thru 7 of SHA-1 on m1. */ - static int[] SHA_7(int[] m1, int[] h) { - - int[] W = new int[80]; - System.arraycopy(m1,0,W,0,m1.length); - int temp = 0; - - for (int t = 16; t <= 79; t++){ - temp = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]; - W[t] = ((temp << 1) | (temp >>>(32 - 1))); - } - - int a = h[0],b = h[1],c = h[2], d = h[3], e = h[4]; - for (int i = 0; i < 20; i++) { - temp = ((a<<5) | (a>>>(32-5))) + - ((b&c)|((~b)&d))+ e + W[i] + round1_kt; - e = d; - d = c; - c = ((b<<30) | (b>>>(32-30))); - b = a; - a = temp; - } - - // Round 2 - for (int i = 20; i < 40; i++) { - temp = ((a<<5) | (a>>>(32-5))) + - (b ^ c ^ d) + e + W[i] + round2_kt; - e = d; - d = c; - c = ((b<<30) | (b>>>(32-30))); - b = a; - a = temp; - } - - // Round 3 - for (int i = 40; i < 60; i++) { - temp = ((a<<5) | (a>>>(32-5))) + - ((b&c)|(b&d)|(c&d)) + e + W[i] + round3_kt; - e = d; - d = c; - c = ((b<<30) | (b>>>(32-30))); - b = a; - a = temp; - } - - // Round 4 - for (int i = 60; i < 80; i++) { - temp = ((a<<5) | (a>>>(32-5))) + - (b ^ c ^ d) + e + W[i] + round4_kt; - e = d; - d = c; - c = ((b<<30) | (b>>>(32-30))); - b = a; - a = temp; - } - int[] md = new int[5]; - md[0] = h[0] + a; - md[1] = h[1] + b; - md[2] = h[2] + c; - md[3] = h[3] + d; - md[4] = h[4] + e; - return md; - } - - /* - * Utility routine for converting a byte array into an int array - */ - private int[] byteArray2IntArray(byte[] byteArray) { - - int j = 0; - byte[] newBA; - int mod = byteArray.length % 4; - - // guarantee that the incoming byteArray is a multiple of 4 - // (pad with 0's) - switch (mod) { - case 3: newBA = new byte[byteArray.length + 1]; break; - case 2: newBA = new byte[byteArray.length + 2]; break; - case 1: newBA = new byte[byteArray.length + 3]; break; - default: newBA = new byte[byteArray.length + 0]; break; - } - System.arraycopy(byteArray, 0, newBA, 0, byteArray.length); - - // copy each set of 4 bytes in the byte array into an integer - int[] newSeed = new int[newBA.length / 4]; - for (int i = 0; i < newBA.length; i += 4) { - newSeed[j] = newBA[i + 3] & 0xFF; - newSeed[j] |= (newBA[i + 2] << 8) & 0xFF00; - newSeed[j] |= (newBA[i + 1] << 16) & 0xFF0000; - newSeed[j] |= (newBA[i + 0] << 24) & 0xFF000000; - j++; - } - - return newSeed; - } - } - - public static final class SHA1withDSA extends LegacyDSA { + /** + * Standard SHA1withDSA implementation. + */ + public static final class SHA1withDSA extends DSA { public SHA1withDSA() throws NoSuchAlgorithmException { super(MessageDigest.getInstance("SHA-1")); } @@ -649,7 +455,7 @@ * not, a SignatureException is thrown when sign()/verify() is called * per JCA spec. */ - public static final class RawDSA extends LegacyDSA { + public static final class RawDSA extends DSA { // Internal special-purpose MessageDigest impl for RawDSA // Only override whatever methods used // NOTE: no clone support
--- a/src/share/classes/sun/security/provider/DSAKeyFactory.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/DSAKeyFactory.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,15 +25,12 @@ package sun.security.provider; -import java.util.*; -import java.lang.*; import java.security.Key; import java.security.PublicKey; import java.security.PrivateKey; import java.security.KeyFactorySpi; import java.security.InvalidKeyException; import java.security.AccessController; -import java.security.PrivilegedAction; import java.security.interfaces.DSAParams; import java.security.spec.DSAPublicKeySpec; import java.security.spec.DSAPrivateKeySpec; @@ -194,13 +191,13 @@ java.security.interfaces.DSAPublicKey dsaPubKey = (java.security.interfaces.DSAPublicKey)key; params = dsaPubKey.getParams(); - return (T) new DSAPublicKeySpec(dsaPubKey.getY(), - params.getP(), - params.getQ(), - params.getG()); + return keySpec.cast(new DSAPublicKeySpec(dsaPubKey.getY(), + params.getP(), + params.getQ(), + params.getG())); } else if (x509KeySpec.isAssignableFrom(keySpec)) { - return (T) new X509EncodedKeySpec(key.getEncoded()); + return keySpec.cast(new X509EncodedKeySpec(key.getEncoded())); } else { throw new InvalidKeySpecException @@ -219,13 +216,13 @@ java.security.interfaces.DSAPrivateKey dsaPrivKey = (java.security.interfaces.DSAPrivateKey)key; params = dsaPrivKey.getParams(); - return (T) new DSAPrivateKeySpec(dsaPrivKey.getX(), - params.getP(), - params.getQ(), - params.getG()); + return keySpec.cast(new DSAPrivateKeySpec(dsaPrivKey.getX(), + params.getP(), + params.getQ(), + params.getG())); } else if (pkcs8KeySpec.isAssignableFrom(keySpec)) { - return (T) new PKCS8EncodedKeySpec(key.getEncoded()); + return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded())); } else { throw new InvalidKeySpecException
--- a/src/share/classes/sun/security/provider/DSAParameterGenerator.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/DSAParameterGenerator.java Sat Sep 10 22:36:17 2016 +0100 @@ -39,6 +39,8 @@ import java.security.spec.DSAParameterSpec; import sun.security.spec.DSAGenParameterSpec; +import sun.security.spec.DSAGenParameterSpec; + /** * This class generates parameters for the DSA algorithm. It uses a default * prime modulus size of 1024 bits, which can be overwritten during
--- a/src/share/classes/sun/security/provider/DSAParameters.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/DSAParameters.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,7 +25,6 @@ package sun.security.provider; -import java.util.*; import java.io.*; import java.math.BigInteger; import java.security.AlgorithmParametersSpi; @@ -103,7 +102,8 @@ Class<?> dsaParamSpec = Class.forName ("java.security.spec.DSAParameterSpec"); if (dsaParamSpec.isAssignableFrom(paramSpec)) { - return (T)new DSAParameterSpec(this.p, this.q, this.g); + return paramSpec.cast( + new DSAParameterSpec(this.p, this.q, this.g)); } else { throw new InvalidParameterSpecException ("Inappropriate parameter Specification");
--- a/src/share/classes/sun/security/provider/MD4.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/MD4.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -65,7 +65,9 @@ private final static Provider md4Provider; static { - md4Provider = new Provider("MD4Provider", 1.0d, "MD4 MessageDigest") {}; + md4Provider = new Provider("MD4Provider", 1.0d, "MD4 MessageDigest") { + private static final long serialVersionUID = -8850464997518327965L; + }; AccessController.doPrivileged(new PrivilegedAction<Void>() { public Void run() { md4Provider.put("MessageDigest.MD4", "sun.security.provider.MD4");
--- a/src/share/classes/sun/security/provider/PolicyFile.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/PolicyFile.java Sat Sep 10 22:36:17 2016 +0100 @@ -26,27 +26,21 @@ package sun.security.provider; import java.io.*; -import java.lang.RuntimePermission; import java.lang.reflect.*; -import java.lang.ref.*; import java.net.MalformedURLException; import java.net.URL; import java.net.URI; import java.util.*; import java.util.Enumeration; -import java.util.Hashtable; import java.util.List; import java.util.StringTokenizer; -import java.util.PropertyPermission; import java.util.ArrayList; import java.util.ListIterator; -import java.util.WeakHashMap; import java.text.MessageFormat; import com.sun.security.auth.PrincipalComparator; import java.security.*; import java.security.cert.Certificate; import java.security.cert.X509Certificate; -import javax.security.auth.PrivateCredentialPermission; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import java.io.FilePermission; @@ -68,7 +62,6 @@ import sun.misc.JavaSecurityProtectionDomainAccess; import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache; import sun.misc.SharedSecrets; -import sun.security.util.Password; import sun.security.util.PolicyUtil; import sun.security.util.PropertyExpander; import sun.security.util.Debug; @@ -1006,7 +999,7 @@ * via reflection. Keep list short to not penalize non-JDK-defined * permissions. */ - private static final Permission getKnownInstance(Class claz, + private static final Permission getKnownInstance(Class<?> claz, String name, String actions) { // XXX shorten list to most popular ones? if (claz.equals(FilePermission.class)) { @@ -1346,7 +1339,7 @@ "\tActive Principals: " + accPs); } - if (entryPs == null || entryPs.size() == 0) { + if (entryPs == null || entryPs.isEmpty()) { // policy entry has no principals - // add perms regardless of principals in current ACC @@ -1547,7 +1540,7 @@ Principal[] pdp, Permissions perms) { - if (entryPs == null || entryPs.size() == 0) { + if (entryPs == null || entryPs.isEmpty()) { // No principals in the grant to substitute if (debug != null) { debug.println("Ignoring permission " @@ -1890,7 +1883,7 @@ private boolean replacePrincipals( List<PolicyParser.PrincipalEntry> principals, KeyStore keystore) { - if (principals == null || principals.size() == 0 || keystore == null) + if (principals == null || principals.isEmpty() || keystore == null) return true; ListIterator<PolicyParser.PrincipalEntry> i = principals.listIterator(); @@ -2403,7 +2396,7 @@ final List<PolicyEntry> identityPolicyEntries; // Maps aliases to certs - final Map aliasMapping; + final Map<Object, Object> aliasMapping; // Maps ProtectionDomain to PermissionCollection private final ProtectionDomainCache[] pdMapping; @@ -2413,7 +2406,8 @@ policyEntries = new ArrayList<PolicyEntry>(); identityPolicyEntries = Collections.synchronizedList(new ArrayList<PolicyEntry>(2)); - aliasMapping = Collections.synchronizedMap(new HashMap(11)); + aliasMapping = Collections.synchronizedMap( + new HashMap<Object, Object>(11)); pdMapping = new ProtectionDomainCache[numCaches]; JavaSecurityProtectionDomainAccess jspda
--- a/src/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java Sat Sep 10 22:36:17 2016 +0100 @@ -101,7 +101,8 @@ void parseAuthorityKeyIdentifierExtension( AuthorityKeyIdentifierExtension akidext) throws IOException { if (akidext != null) { - KeyIdentifier akid = (KeyIdentifier)akidext.get(akidext.KEY_ID); + KeyIdentifier akid = (KeyIdentifier)akidext.get( + AuthorityKeyIdentifierExtension.KEY_ID); if (akid != null) { // Do not override the previous setting for initial selection. if (isSKIDSensitive || getSubjectKeyIdentifier() == null) { @@ -113,8 +114,8 @@ } } - SerialNumber asn = - (SerialNumber)akidext.get(akidext.SERIAL_NUMBER); + SerialNumber asn = (SerialNumber)akidext.get( + AuthorityKeyIdentifierExtension.SERIAL_NUMBER); if (asn != null) { // Do not override the previous setting for initial selection. if (isSNSensitive || getSerialNumber() == null) {
--- a/src/share/classes/sun/security/provider/certpath/AlgorithmChecker.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/AlgorithmChecker.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -77,6 +77,13 @@ private final static Set<CryptoPrimitive> SIGNATURE_PRIMITIVE_SET = Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE)); + private final static Set<CryptoPrimitive> KU_PRIMITIVE_SET = + Collections.unmodifiableSet(EnumSet.of( + CryptoPrimitive.SIGNATURE, + CryptoPrimitive.KEY_ENCAPSULATION, + CryptoPrimitive.PUBLIC_KEY_ENCRYPTION, + CryptoPrimitive.KEY_AGREEMENT)); + private final static DisabledAlgorithmConstraints certPathDefaultConstraints = new DisabledAlgorithmConstraints( DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS); @@ -210,9 +217,11 @@ null, null, -1, PKIXReason.INVALID_KEY_USAGE); } + // Assume all key usage bits are set if key usage is not present + Set<CryptoPrimitive> primitives = KU_PRIMITIVE_SET; + if (keyUsage != null) { - Set<CryptoPrimitive> primitives = - EnumSet.noneOf(CryptoPrimitive.class); + primitives = EnumSet.noneOf(CryptoPrimitive.class); if (keyUsage[0] || keyUsage[1] || keyUsage[5] || keyUsage[6]) { // keyUsage[0]: KeyUsage.digitalSignature @@ -237,15 +246,19 @@ // KeyUsage.encipherOnly and KeyUsage.decipherOnly are // undefined in the absence of the keyAgreement bit. - if (!primitives.isEmpty()) { - if (!constraints.permits(primitives, currPubKey)) { - throw new CertPathValidatorException( - "algorithm constraints check failed", - null, null, -1, BasicReason.ALGORITHM_CONSTRAINED); - } + if (primitives.isEmpty()) { + throw new CertPathValidatorException( + "incorrect KeyUsage extension", + null, null, -1, PKIXReason.INVALID_KEY_USAGE); } } + if (!constraints.permits(primitives, currPubKey)) { + throw new CertPathValidatorException( + "algorithm constraints check failed", + null, null, -1, BasicReason.ALGORITHM_CONSTRAINED); + } + // Check with previous cert for signature algorithm and public key if (prevPubKey != null) { if (currSigAlg != null) {
--- a/src/share/classes/sun/security/provider/certpath/Builder.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/Builder.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -153,6 +153,7 @@ if (debug != null) { debug.println("Builder.distance(): Names are different types"); } + return incomparable; case GeneralNameInterface.NAME_SAME_TYPE: if (debug != null) { debug.println("Builder.distance(): Names are same type but " + @@ -306,8 +307,8 @@ SubjectAlternativeNameExtension altNameExt = certImpl.getSubjectAlternativeNameExtension(); if (altNameExt != null) { - GeneralNames altNames = - (GeneralNames)altNameExt.get(altNameExt.SUBJECT_NAME); + GeneralNames altNames = altNameExt.get( + SubjectAlternativeNameExtension.SUBJECT_NAME); /* see if any alternative name matches target */ if (altNames != null) { for (int j = 0, n = altNames.size(); j < n; j++) { @@ -343,10 +344,10 @@ + String.valueOf(constraints)); } /* reduce permitted by excluded */ - GeneralSubtrees permitted = (GeneralSubtrees) - constraints.get(constraints.PERMITTED_SUBTREES); - GeneralSubtrees excluded = (GeneralSubtrees) - constraints.get(constraints.EXCLUDED_SUBTREES); + GeneralSubtrees permitted = + constraints.get(NameConstraintsExtension.PERMITTED_SUBTREES); + GeneralSubtrees excluded = + constraints.get(NameConstraintsExtension.EXCLUDED_SUBTREES); if (permitted != null) { permitted.reduce(excluded); }
--- a/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,32 +27,86 @@ import java.net.URI; import java.util.Collection; +import java.util.HashMap; +import java.util.Map; +import java.security.AccessController; import java.security.NoSuchAlgorithmException; import java.security.InvalidAlgorithmParameterException; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.security.cert.CertStore; import java.security.cert.X509CertSelector; import java.security.cert.X509CRLSelector; import javax.security.auth.x500.X500Principal; import java.io.IOException; +import sun.security.util.Cache; + /** - * Helper used by URICertStore when delegating to another CertStore to - * fetch certs and CRLs. + * Helper used by URICertStore and others when delegating to another CertStore + * to fetch certs and CRLs. */ -public interface CertStoreHelper { +public abstract class CertStoreHelper { + + private static final int NUM_TYPES = 2; + private final static Map<String,String> classMap = new HashMap<>(NUM_TYPES); + static { + classMap.put( + "LDAP", + "sun.security.provider.certpath.ldap.LDAPCertStoreHelper"); + classMap.put( + "SSLServer", + "sun.security.provider.certpath.ssl.SSLServerCertStoreHelper"); + }; + private static Cache cache = Cache.newSoftMemoryCache(NUM_TYPES); + + public static CertStoreHelper getInstance(final String type) + throws NoSuchAlgorithmException + { + CertStoreHelper helper = (CertStoreHelper)cache.get(type); + if (helper != null) { + return helper; + } + final String cl = classMap.get(type); + if (cl == null) { + throw new NoSuchAlgorithmException(type + " not available"); + } + try { + helper = AccessController.doPrivileged( + new PrivilegedExceptionAction<CertStoreHelper>() { + public CertStoreHelper run() throws ClassNotFoundException { + try { + Class<?> c = Class.forName(cl, true, null); + CertStoreHelper csh + = (CertStoreHelper)c.newInstance(); + cache.put(type, csh); + return csh; + } catch (InstantiationException e) { + throw new AssertionError(e); + } catch (IllegalAccessException e) { + throw new AssertionError(e); + } + } + }); + return helper; + } catch (PrivilegedActionException e) { + throw new NoSuchAlgorithmException(type + " not available", + e.getException()); + } + } /** * Returns a CertStore using the given URI as parameters. */ - CertStore getCertStore(URI uri) + public abstract CertStore getCertStore(URI uri) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException; /** * Wraps an existing X509CertSelector when needing to avoid DN matching * issues. */ - X509CertSelector wrap(X509CertSelector selector, + public abstract X509CertSelector wrap(X509CertSelector selector, X500Principal certSubject, String dn) throws IOException; @@ -61,7 +115,7 @@ * Wraps an existing X509CRLSelector when needing to avoid DN matching * issues. */ - X509CRLSelector wrap(X509CRLSelector selector, + public abstract X509CRLSelector wrap(X509CRLSelector selector, Collection<X500Principal> certIssuers, String dn) throws IOException;
--- a/src/share/classes/sun/security/provider/certpath/CrlRevocationChecker.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/CrlRevocationChecker.java Sat Sep 10 22:36:17 2016 +0100 @@ -60,7 +60,6 @@ import java.security.cert.X509CRLEntry; import java.security.cert.X509CRLSelector; import java.security.interfaces.DSAPublicKey; -import javax.security.auth.x500.X500Principal; import sun.security.util.Debug; import sun.security.x509.AccessDescription; import sun.security.x509.AuthorityInfoAccessExtension; @@ -775,8 +774,7 @@ null, null); points = Collections.singletonList(point); } else { - points = (List<DistributionPoint>)ext.get( - CRLDistributionPointsExtension.POINTS); + points = ext.get(CRLDistributionPointsExtension.POINTS); } Set<X509CRL> results = new HashSet<X509CRL>(); for (Iterator<DistributionPoint> t = points.iterator();
--- a/src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java Sat Sep 10 22:36:17 2016 +0100 @@ -108,8 +108,8 @@ } return Collections.emptySet(); } - List<DistributionPoint> points = (List<DistributionPoint>)ext.get( - CRLDistributionPointsExtension.POINTS); + List<DistributionPoint> points = + ext.get(CRLDistributionPointsExtension.POINTS); Set<X509CRL> results = new HashSet<X509CRL>(); for (Iterator<DistributionPoint> t = points.iterator(); t.hasNext() && !Arrays.equals(reasonsMask, ALL_REASONS); ) { @@ -565,15 +565,16 @@ AuthorityKeyIdentifierExtension akidext = crlImpl.getAuthKeyIdExtension(); if (akidext != null) { - KeyIdentifier akid = (KeyIdentifier)akidext.get(akidext.KEY_ID); + KeyIdentifier akid = (KeyIdentifier)akidext.get( + AuthorityKeyIdentifierExtension.KEY_ID); if (akid != null) { DerOutputStream derout = new DerOutputStream(); derout.putOctetString(akid.getIdentifier()); certSel.setSubjectKeyIdentifier(derout.toByteArray()); } - SerialNumber asn = - (SerialNumber)akidext.get(akidext.SERIAL_NUMBER); + SerialNumber asn = (SerialNumber)akidext.get( + AuthorityKeyIdentifierExtension.SERIAL_NUMBER); if (asn != null) { certSel.setSerialNumber(asn.getNumber()); }
--- a/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java Sat Sep 10 22:36:17 2016 +0100 @@ -30,7 +30,6 @@ import java.security.GeneralSecurityException; import java.security.InvalidKeyException; -import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertPathValidatorException; import java.security.cert.PKIXReason; @@ -44,22 +43,13 @@ import javax.security.auth.x500.X500Principal; import sun.security.util.Debug; -import sun.security.util.DerOutputStream; import sun.security.x509.AccessDescription; import sun.security.x509.AuthorityInfoAccessExtension; import sun.security.x509.PKIXExtensions; import sun.security.x509.PolicyMappingsExtension; import sun.security.x509.X500Name; import sun.security.x509.X509CertImpl; -import sun.security.x509.X509CRLImpl; import sun.security.x509.AuthorityKeyIdentifierExtension; -import sun.security.x509.KeyIdentifier; -import sun.security.x509.SubjectKeyIdentifierExtension; -import sun.security.x509.SerialNumber; -import sun.security.x509.GeneralNames; -import sun.security.x509.GeneralName; -import sun.security.x509.GeneralNameInterface; -import java.math.BigInteger; /** * This class represents a forward builder, which is able to retrieve @@ -362,6 +352,9 @@ * Download Certificates from the given AIA and add them to the * specified Collection. */ + // cs.getCertificates(caSelector) returns a collection of X509Certificate's + // because of the selector, so the cast is safe + @SuppressWarnings("unchecked") private boolean getCerts(AuthorityInfoAccessExtension aiaExt, Collection<X509Certificate> certs) { if (Builder.USE_AIA == false) {
--- a/src/share/classes/sun/security/provider/certpath/ForwardState.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/ForwardState.java Sat Sep 10 22:36:17 2016 +0100 @@ -209,8 +209,8 @@ SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { - GeneralNames gNames = (GeneralNames) - subjAltNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME); + GeneralNames gNames = subjAltNameExt.get( + SubjectAlternativeNameExtension.SUBJECT_NAME); for (Iterator<GeneralName> t = gNames.iterator(); t.hasNext(); ) { GeneralNameInterface gName = t.next().getName(); @@ -239,6 +239,7 @@ * because some of them will * not have their contents modified by subsequent calls to updateState. */ + @SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly public Object clone() { try { ForwardState clonedState = (ForwardState) super.clone();
--- a/src/share/classes/sun/security/provider/certpath/IndexedCollectionCertStore.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/IndexedCollectionCertStore.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -185,6 +185,7 @@ list.add((X509Certificate)oldEntry); certSubjects.put(subject, list); } else { + @SuppressWarnings("unchecked") // See certSubjects javadoc. List<X509Certificate> list = (List<X509Certificate>)oldEntry; if (list.contains(cert) == false) { list.add(cert); @@ -210,6 +211,8 @@ list.add((X509CRL)oldEntry); crlIssuers.put(issuer, list); } else { + // See crlIssuers javadoc. + @SuppressWarnings("unchecked") List<X509CRL> list = (List<X509CRL>)oldEntry; if (list.contains(crl) == false) { list.add(crl); @@ -279,6 +282,8 @@ return Collections.<X509Certificate>emptySet(); } } else { + // See certSubjects javadoc. + @SuppressWarnings("unchecked") List<X509Certificate> list = (List<X509Certificate>)entry; Set<X509Certificate> matches = new HashSet<X509Certificate>(16); for (X509Certificate cert : list) { @@ -309,6 +314,8 @@ matches.add(cert); } } else { + // See certSubjects javadoc. + @SuppressWarnings("unchecked") List<X509Certificate> list = (List<X509Certificate>)obj; for (X509Certificate cert : list) { if (selector.match(cert)) { @@ -370,6 +377,8 @@ matches.add(crl); } } else { // List + // See crlIssuers javadoc. + @SuppressWarnings("unchecked") List<X509CRL> list = (List<X509CRL>)entry; for (X509CRL crl : list) { if (x509Selector.match(crl)) { @@ -398,6 +407,8 @@ matches.add(crl); } } else { + // See crlIssuers javadoc. + @SuppressWarnings("unchecked") List<X509CRL> list = (List<X509CRL>)obj; for (X509CRL crl : list) { if (selector.match(crl)) {
--- a/src/share/classes/sun/security/provider/certpath/OCSPChecker.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/OCSPChecker.java Sat Sep 10 22:36:17 2016 +0100 @@ -343,9 +343,11 @@ List<CertStore> certStores = pkixParams.getCertStores(); for (CertStore certStore : certStores) { try { - responderCerts.addAll( - (Collection<X509Certificate>) - certStore.getCertificates(filter)); + for (Certificate storeCert : certStore.getCertificates(filter)) { + if (storeCert instanceof X509Certificate) { + responderCerts.add((X509Certificate) storeCert); + } + } } catch (CertStoreException cse) { // ignore and try next certStore if (DEBUG != null) {
--- a/src/share/classes/sun/security/provider/certpath/OCSPRequest.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/OCSPRequest.java Sat Sep 10 22:36:17 2016 +0100 @@ -75,7 +75,7 @@ class OCSPRequest { private static final Debug debug = Debug.getInstance("certpath"); - private static final boolean dump = debug.isOn("ocsp"); + private static final boolean dump = Debug.isOn("ocsp"); // List of request CertIds private final List<CertId> certIds;
--- a/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Sat Sep 10 22:36:17 2016 +0100 @@ -129,7 +129,7 @@ private static ResponseStatus[] rsvalues = ResponseStatus.values(); private static final Debug DEBUG = Debug.getInstance("certpath"); - private static final boolean dump = DEBUG.isOn("ocsp"); + private static final boolean dump = Debug.isOn("ocsp"); private static final ObjectIdentifier OCSP_BASIC_RESPONSE_OID = ObjectIdentifier.newInternal(new int[] { 1, 3, 6, 1, 5, 5, 7, 48, 1, 1}); private static final ObjectIdentifier OCSP_NONCE_EXTENSION_OID =
--- a/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java Sat Sep 10 22:36:17 2016 +0100 @@ -25,7 +25,6 @@ package sun.security.provider.certpath; -import java.io.IOException; import java.security.AccessController; import java.security.InvalidAlgorithmParameterException; import java.security.cert.CertPath; @@ -40,13 +39,11 @@ import java.security.cert.PolicyNode; import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; -import java.security.cert.X509CertSelector; import java.util.Collections; import java.util.List; import java.util.ArrayList; import java.util.Date; import java.util.Set; -import javax.security.auth.x500.X500Principal; import sun.security.action.GetBooleanSecurityPropertyAction; import sun.security.util.Debug; @@ -130,6 +127,9 @@ // Must copy elements of certList into a new modifiable List before // calling Collections.reverse(). + // If cp is not an X.509 or X509 certpath, an + // InvalidAlgorithmParameterException will have been thrown by now. + @SuppressWarnings("unchecked") ArrayList<X509Certificate> certList = new ArrayList<X509Certificate> ((List<X509Certificate>)cp.getCertificates()); if (debug != null) {
--- a/src/share/classes/sun/security/provider/certpath/PolicyChecker.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/PolicyChecker.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -274,8 +274,8 @@ = currCert.getPolicyConstraintsExtension(); if (polConstExt == null) return explicitPolicy; - int require = ((Integer) - polConstExt.get(PolicyConstraintsExtension.REQUIRE)).intValue(); + int require = + polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue(); if (debug != null) { debug.println("PolicyChecker.mergeExplicitPolicy() " + "require Index from cert = " + require); @@ -328,8 +328,8 @@ if (polConstExt == null) return policyMapping; - int inhibit = ((Integer) - polConstExt.get(PolicyConstraintsExtension.INHIBIT)).intValue(); + int inhibit = + polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue(); if (debug != null) debug.println("PolicyChecker.mergePolicyMapping() " + "inhibit Index from cert = " + inhibit); @@ -376,8 +376,8 @@ if (inhAnyPolExt == null) return inhibitAnyPolicy; - int skipCerts = ((Integer) - inhAnyPolExt.get(InhibitAnyPolicyExtension.SKIP_CERTS)).intValue(); + int skipCerts = + inhAnyPolExt.get(InhibitAnyPolicyExtension.SKIP_CERTS).intValue(); if (debug != null) debug.println("PolicyChecker.mergeInhibitAnyPolicy() " + "skipCerts Index from cert = " + skipCerts); @@ -448,8 +448,7 @@ + "policiesCritical = " + policiesCritical); try { - policyInfo = (List<PolicyInformation>) - currCertPolicies.get(CertificatePoliciesExtension.POLICIES); + policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES); } catch (IOException ioe) { throw new CertPathValidatorException("Exception while " + "retrieving policyOIDs", ioe); @@ -751,8 +750,7 @@ List<CertificatePolicyMap> maps = null; try { - maps = (List<CertificatePolicyMap>)polMappingsExt.get - (PolicyMappingsExtension.MAP); + maps = polMappingsExt.get(PolicyMappingsExtension.MAP); } catch (IOException e) { if (debug != null) { debug.println("PolicyChecker.processPolicyMappings() " @@ -860,8 +858,7 @@ { List<PolicyInformation> policyInfo = null; try { - policyInfo = (List<PolicyInformation>) - currCertPolicies.get(CertificatePoliciesExtension.POLICIES); + policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES); } catch (IOException ioe) { throw new CertPathValidatorException("Exception while " + "retrieving policyOIDs", ioe);
--- a/src/share/classes/sun/security/provider/certpath/ReverseState.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/ReverseState.java Sat Sep 10 22:36:17 2016 +0100 @@ -368,6 +368,7 @@ * because some of them (e.g., subjKeyId) will * not have their contents modified by subsequent calls to updateState. */ + @SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly public Object clone() { try { ReverseState clonedState = (ReverseState) super.clone();
--- a/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java Sat Sep 10 22:36:17 2016 +0100 @@ -318,7 +318,9 @@ } // break out of loop if search is successful - break; + if (pathCompleted) { + break; + } } if (debug != null) {
--- a/src/share/classes/sun/security/provider/certpath/URICertStore.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/URICertStore.java Sat Sep 10 22:36:17 2016 +0100 @@ -30,8 +30,6 @@ import java.net.HttpURLConnection; import java.net.URI; import java.net.URLConnection; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; import java.security.Provider; @@ -121,35 +119,10 @@ // true if URI is ldap private boolean ldap = false; + private CertStoreHelper ldapHelper; private CertStore ldapCertStore; private String ldapPath; - /** - * Holder class to lazily load LDAPCertStoreHelper if present. - */ - private static class LDAP { - private static final String CERT_STORE_HELPER = - "sun.security.provider.certpath.ldap.LDAPCertStoreHelper"; - private static final CertStoreHelper helper = - AccessController.doPrivileged( - new PrivilegedAction<CertStoreHelper>() { - public CertStoreHelper run() { - try { - Class<?> c = Class.forName(CERT_STORE_HELPER, true, null); - return (CertStoreHelper)c.newInstance(); - } catch (ClassNotFoundException cnf) { - return null; - } catch (InstantiationException e) { - throw new AssertionError(e); - } catch (IllegalAccessException e) { - throw new AssertionError(e); - } - }}); - static CertStoreHelper helper() { - return helper; - } - } - // Default maximum connect timeout in milliseconds (15 seconds) // allowed when downloading CRLs private static final int DEFAULT_CRL_CONNECT_TIMEOUT = 15000; @@ -192,10 +165,9 @@ this.uri = ((URICertStoreParameters) params).uri; // if ldap URI, use an LDAPCertStore to fetch certs and CRLs if (uri.getScheme().toLowerCase(Locale.ENGLISH).equals("ldap")) { - if (LDAP.helper() == null) - throw new NoSuchAlgorithmException("LDAP not present"); ldap = true; - ldapCertStore = LDAP.helper().getCertStore(uri); + ldapHelper = CertStoreHelper.getInstance("LDAP"); + ldapCertStore = ldapHelper.getCertStore(uri); ldapPath = uri.getPath(); // strip off leading '/' if (ldapPath.charAt(0) == '/') { @@ -237,7 +209,8 @@ * object of a certificate's Authority Information Access Extension. */ static CertStore getInstance(AccessDescription ad) { - if (!ad.getAccessMethod().equals(AccessDescription.Ad_CAISSUERS_Id)) { + if (!ad.getAccessMethod().equals((Object) + AccessDescription.Ad_CAISSUERS_Id)) { return null; } GeneralNameInterface gn = ad.getAccessLocation().getName(); @@ -269,6 +242,7 @@ * match the specified selector * @throws CertStoreException if an exception occurs */ + @SuppressWarnings("unchecked") public synchronized Collection<X509Certificate> engineGetCertificates (CertSelector selector) throws CertStoreException { @@ -277,12 +251,13 @@ if (ldap) { X509CertSelector xsel = (X509CertSelector) selector; try { - xsel = LDAP.helper().wrap(xsel, xsel.getSubject(), ldapPath); + xsel = ldapHelper.wrap(xsel, xsel.getSubject(), ldapPath); } catch (IOException ioe) { throw new CertStoreException(ioe); } // Fetch the certificates via LDAP. LDAPCertStore has its own // caching mechanism, see the class description for more info. + // Safe cast since xsel is an X509 certificate selector. return (Collection<X509Certificate>) ldapCertStore.getCertificates(xsel); } @@ -298,57 +273,45 @@ return getMatchingCerts(certs, selector); } lastChecked = time; - InputStream in = null; try { URLConnection connection = uri.toURL().openConnection(); if (lastModified != 0) { connection.setIfModifiedSince(lastModified); } - in = connection.getInputStream(); long oldLastModified = lastModified; - lastModified = connection.getLastModified(); - if (oldLastModified != 0) { - if (oldLastModified == lastModified) { - if (debug != null) { - debug.println("Not modified, using cached copy"); - } - return getMatchingCerts(certs, selector); - } else if (connection instanceof HttpURLConnection) { - // some proxy servers omit last modified - HttpURLConnection hconn = (HttpURLConnection) connection; - if (hconn.getResponseCode() - == HttpURLConnection.HTTP_NOT_MODIFIED) { + try (InputStream in = connection.getInputStream()) { + lastModified = connection.getLastModified(); + if (oldLastModified != 0) { + if (oldLastModified == lastModified) { if (debug != null) { debug.println("Not modified, using cached copy"); } return getMatchingCerts(certs, selector); + } else if (connection instanceof HttpURLConnection) { + // some proxy servers omit last modified + HttpURLConnection hconn = (HttpURLConnection)connection; + if (hconn.getResponseCode() + == HttpURLConnection.HTTP_NOT_MODIFIED) { + if (debug != null) { + debug.println("Not modified, using cached copy"); + } + return getMatchingCerts(certs, selector); + } } } - } - if (debug != null) { - debug.println("Downloading new certificates..."); + if (debug != null) { + debug.println("Downloading new certificates..."); + } + // Safe cast since factory is an X.509 certificate factory + certs = (Collection<X509Certificate>) + factory.generateCertificates(in); } - certs = (Collection<X509Certificate>) - factory.generateCertificates(in); return getMatchingCerts(certs, selector); - } catch (IOException e) { + } catch (IOException | CertificateException e) { if (debug != null) { debug.println("Exception fetching certificates:"); e.printStackTrace(); } - } catch (CertificateException e) { - if (debug != null) { - debug.println("Exception fetching certificates:"); - e.printStackTrace(); - } - } finally { - if (in != null) { - try { - in.close(); - } catch (IOException e) { - // ignore - } - } } // exception, forget previous values lastModified = 0; @@ -367,8 +330,7 @@ if (selector == null) { return certs; } - List<X509Certificate> matchedCerts = - new ArrayList<X509Certificate>(certs.size()); + List<X509Certificate> matchedCerts = new ArrayList<>(certs.size()); for (X509Certificate cert : certs) { if (selector.match(cert)) { matchedCerts.add(cert); @@ -389,6 +351,7 @@ * match the specified selector * @throws CertStoreException if an exception occurs */ + @SuppressWarnings("unchecked") public synchronized Collection<X509CRL> engineGetCRLs(CRLSelector selector) throws CertStoreException { @@ -397,12 +360,13 @@ if (ldap) { X509CRLSelector xsel = (X509CRLSelector) selector; try { - xsel = LDAP.helper().wrap(xsel, null, ldapPath); + xsel = ldapHelper.wrap(xsel, null, ldapPath); } catch (IOException ioe) { throw new CertStoreException(ioe); } // Fetch the CRLs via LDAP. LDAPCertStore has its own // caching mechanism, see the class description for more info. + // Safe cast since xsel is an X509 certificate selector. return (Collection<X509CRL>) ldapCertStore.getCRLs(xsel); } @@ -417,57 +381,44 @@ return getMatchingCRLs(crl, selector); } lastChecked = time; - InputStream in = null; try { URLConnection connection = uri.toURL().openConnection(); if (lastModified != 0) { connection.setIfModifiedSince(lastModified); } + long oldLastModified = lastModified; connection.setConnectTimeout(CRL_CONNECT_TIMEOUT); - in = connection.getInputStream(); - long oldLastModified = lastModified; - lastModified = connection.getLastModified(); - if (oldLastModified != 0) { - if (oldLastModified == lastModified) { - if (debug != null) { - debug.println("Not modified, using cached copy"); - } - return getMatchingCRLs(crl, selector); - } else if (connection instanceof HttpURLConnection) { - // some proxy servers omit last modified - HttpURLConnection hconn = (HttpURLConnection) connection; - if (hconn.getResponseCode() - == HttpURLConnection.HTTP_NOT_MODIFIED) { + try (InputStream in = connection.getInputStream()) { + lastModified = connection.getLastModified(); + if (oldLastModified != 0) { + if (oldLastModified == lastModified) { if (debug != null) { debug.println("Not modified, using cached copy"); } return getMatchingCRLs(crl, selector); + } else if (connection instanceof HttpURLConnection) { + // some proxy servers omit last modified + HttpURLConnection hconn = (HttpURLConnection)connection; + if (hconn.getResponseCode() + == HttpURLConnection.HTTP_NOT_MODIFIED) { + if (debug != null) { + debug.println("Not modified, using cached copy"); + } + return getMatchingCRLs(crl, selector); + } } } - } - if (debug != null) { - debug.println("Downloading new CRL..."); + if (debug != null) { + debug.println("Downloading new CRL..."); + } + crl = (X509CRL) factory.generateCRL(in); } - crl = (X509CRL) factory.generateCRL(in); return getMatchingCRLs(crl, selector); - } catch (IOException e) { + } catch (IOException | CRLException e) { if (debug != null) { debug.println("Exception fetching CRL:"); e.printStackTrace(); } - } catch (CRLException e) { - if (debug != null) { - debug.println("Exception fetching CRL:"); - e.printStackTrace(); - } - } finally { - if (in != null) { - try { - in.close(); - } catch (IOException e) { - // ignore - } - } } // exception, forget previous values lastModified = 0;
--- a/src/share/classes/sun/security/provider/certpath/Vertex.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/Vertex.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2002, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -171,7 +171,8 @@ try { sKeyID = x509Cert.getSubjectKeyIdentifierExtension(); if (sKeyID != null) { - KeyIdentifier keyID = (KeyIdentifier)sKeyID.get(sKeyID.KEY_ID); + KeyIdentifier keyID = sKeyID.get( + SubjectKeyIdentifierExtension.KEY_ID); out = out + "SubjKeyID: " + keyID.toString(); } } catch (Exception e) { @@ -184,7 +185,8 @@ try { aKeyID = x509Cert.getAuthorityKeyIdentifierExtension(); if (aKeyID != null) { - KeyIdentifier keyID = (KeyIdentifier)aKeyID.get(aKeyID.KEY_ID); + KeyIdentifier keyID = (KeyIdentifier)aKeyID.get( + AuthorityKeyIdentifierExtension.KEY_ID); out = out + "AuthKeyID: " + keyID.toString(); } } catch (Exception e) {
--- a/src/share/classes/sun/security/provider/certpath/X509CertPath.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/X509CertPath.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,7 +25,6 @@ package sun.security.provider.certpath; -import java.io.BufferedInputStream; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -101,11 +100,18 @@ * @exception CertificateException if <code>certs</code> contains an element * that is not an <code>X509Certificate</code> */ + @SuppressWarnings("unchecked") public X509CertPath(List<? extends Certificate> certs) throws CertificateException { super("X.509"); // Ensure that the List contains only X509Certificates - for (Object obj : (List<?>)certs) { + // + // Note; The certs parameter is not necessarily to be of Certificate + // for some old code. For compatibility, to make sure the exception + // is CertificateException, rather than ClassCastException, please + // don't use + // for (Certificate obj : certs) + for (Object obj : certs) { if (obj instanceof X509Certificate == false) { throw new CertificateException ("List is not all X509Certificates: " @@ -147,12 +153,15 @@ throws CertificateException { super("X.509"); - if (PKIPATH_ENCODING.equals(encoding)) { - certs = parsePKIPATH(is); - } else if (PKCS7_ENCODING.equals(encoding)) { - certs = parsePKCS7(is); - } else { - throw new CertificateException("unsupported encoding"); + switch (encoding) { + case PKIPATH_ENCODING: + certs = parsePKIPATH(is); + break; + case PKCS7_ENCODING: + certs = parsePKCS7(is); + break; + default: + throw new CertificateException("unsupported encoding"); } } @@ -192,10 +201,8 @@ return Collections.unmodifiableList(certList); } catch (IOException ioe) { - CertificateException ce = new CertificateException("IOException" + - " parsing PkiPath data: " + ioe); - ce.initCause(ioe); - throw ce; + throw new CertificateException("IOException parsing PkiPath data: " + + ioe, ioe); } } @@ -220,7 +227,7 @@ // Copy the entire input stream into an InputStream that does // support mark is = new ByteArrayInputStream(readAllBytes(is)); - }; + } PKCS7 pkcs7 = new PKCS7(is); X509Certificate[] certArray = pkcs7.getCertificates(); @@ -301,10 +308,8 @@ return derout.toByteArray(); } catch (IOException ioe) { - CertificateEncodingException ce = new CertificateEncodingException - ("IOException encoding PkiPath data: " + ioe); - ce.initCause(ioe); - throw ce; + throw new CertificateEncodingException("IOException encoding " + + "PkiPath data: " + ioe, ioe); } } @@ -339,12 +344,13 @@ */ public byte[] getEncoded(String encoding) throws CertificateEncodingException { - if (PKIPATH_ENCODING.equals(encoding)) { - return encodePKIPATH(); - } else if (PKCS7_ENCODING.equals(encoding)) { - return encodePKCS7(); - } else { - throw new CertificateEncodingException("unsupported encoding"); + switch (encoding) { + case PKIPATH_ENCODING: + return encodePKIPATH(); + case PKCS7_ENCODING: + return encodePKCS7(); + default: + throw new CertificateEncodingException("unsupported encoding"); } }
--- a/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java Sat Sep 10 22:36:17 2016 +0100 @@ -104,7 +104,7 @@ * @author Steve Hanna * @author Andreas Sterbenz */ -public class LDAPCertStore extends CertStoreSpi { +public final class LDAPCertStore extends CertStoreSpi { private static final Debug debug = Debug.getInstance("certpath");
--- a/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,11 +41,9 @@ * LDAP implementation of CertStoreHelper. */ -public class LDAPCertStoreHelper - implements CertStoreHelper +public final class LDAPCertStoreHelper + extends CertStoreHelper { - public LDAPCertStoreHelper() { } - @Override public CertStore getCertStore(URI uri) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStore.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,240 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.provider.certpath.ssl; + +import java.io.IOException; +import java.net.URI; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.security.GeneralSecurityException; +import java.security.InvalidAlgorithmParameterException; +import java.security.Provider; +import java.security.cert.CertificateException; +import java.security.cert.CertSelector; +import java.security.cert.CertStore; +import java.security.cert.CertStoreException; +import java.security.cert.CertStoreParameters; +import java.security.cert.CertStoreSpi; +import java.security.cert.CRLSelector; +import java.security.cert.X509Certificate; +import java.security.cert.X509CRL; +import java.net.Socket; +import java.net.URLConnection; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509ExtendedTrustManager; + +/** + * A CertStore that retrieves an SSL server's certificate chain. + */ +public final class SSLServerCertStore extends CertStoreSpi { + + private final URI uri; + private final static GetChainTrustManager trustManager; + private final static SSLSocketFactory socketFactory; + private final static HostnameVerifier hostnameVerifier; + + static { + trustManager = new GetChainTrustManager(); + hostnameVerifier = new HostnameVerifier() { + public boolean verify(String hostname, SSLSession session) { + return true; + } + }; + + SSLSocketFactory tempFactory; + try { + SSLContext context = SSLContext.getInstance("SSL"); + context.init(null, new TrustManager[] { trustManager }, null); + tempFactory = context.getSocketFactory(); + } catch (GeneralSecurityException gse) { + tempFactory = null; + } + + socketFactory = tempFactory; + } + + SSLServerCertStore(URI uri) throws InvalidAlgorithmParameterException { + super(null); + this.uri = uri; + } + + public Collection<X509Certificate> engineGetCertificates + (CertSelector selector) throws CertStoreException { + + try { + URLConnection urlConn = uri.toURL().openConnection(); + if (urlConn instanceof HttpsURLConnection) { + if (socketFactory == null) { + throw new CertStoreException( + "No initialized SSLSocketFactory"); + } + + HttpsURLConnection https = (HttpsURLConnection)urlConn; + https.setSSLSocketFactory(socketFactory); + https.setHostnameVerifier(hostnameVerifier); + synchronized (trustManager) { + try { + https.connect(); + return getMatchingCerts( + trustManager.serverChain, selector); + } catch (IOException ioe) { + // If the server certificate has already been + // retrieved, don't mind the connection state. + if (trustManager.exchangedServerCerts) { + return getMatchingCerts( + trustManager.serverChain, selector); + } + + // otherwise, rethrow the exception + throw ioe; + } finally { + trustManager.cleanup(); + } + } + } + } catch (IOException ioe) { + throw new CertStoreException(ioe); + } + + return Collections.<X509Certificate>emptySet(); + } + + private static List<X509Certificate> getMatchingCerts + (List<X509Certificate> certs, CertSelector selector) + { + // if selector not specified, all certs match + if (selector == null) { + return certs; + } + List<X509Certificate> matchedCerts = new ArrayList<>(certs.size()); + for (X509Certificate cert : certs) { + if (selector.match(cert)) { + matchedCerts.add(cert); + } + } + return matchedCerts; + } + + public Collection<X509CRL> engineGetCRLs(CRLSelector selector) + throws CertStoreException + { + throw new UnsupportedOperationException(); + } + + static CertStore getInstance(URI uri) + throws InvalidAlgorithmParameterException + { + return new CS(new SSLServerCertStore(uri), null, "SSLServer", null); + } + + /* + * An X509ExtendedTrustManager that ignores the server certificate + * validation. + */ + private static class GetChainTrustManager + extends X509ExtendedTrustManager { + + private List<X509Certificate> serverChain = + Collections.<X509Certificate>emptyList(); + private boolean exchangedServerCerts = false; + + @Override + public X509Certificate[] getAcceptedIssuers() { + return new X509Certificate[0]; + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, + String authType) throws CertificateException { + + throw new UnsupportedOperationException(); + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType, + Socket socket) throws CertificateException { + + throw new UnsupportedOperationException(); + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType, + SSLEngine engine) throws CertificateException { + + throw new UnsupportedOperationException(); + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, + String authType) throws CertificateException { + + exchangedServerCerts = true; + this.serverChain = (chain == null) + ? Collections.<X509Certificate>emptyList() + : Arrays.<X509Certificate>asList(chain); + + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType, + Socket socket) throws CertificateException { + + checkServerTrusted(chain, authType); + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType, + SSLEngine engine) throws CertificateException { + + checkServerTrusted(chain, authType); + } + + void cleanup() { + exchangedServerCerts = false; + serverChain = Collections.<X509Certificate>emptyList(); + } + } + + /** + * This class allows the SSLServerCertStore to be accessed as a CertStore. + */ + private static class CS extends CertStore { + protected CS(CertStoreSpi spi, Provider p, String type, + CertStoreParameters params) + { + super(spi, p, type, params); + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStoreHelper.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.provider.certpath.ssl; + +import java.net.URI; +import java.util.Collection; +import java.security.NoSuchAlgorithmException; +import java.security.InvalidAlgorithmParameterException; +import java.security.cert.CertStore; +import java.security.cert.X509CertSelector; +import java.security.cert.X509CRLSelector; +import javax.security.auth.x500.X500Principal; +import java.io.IOException; + +import sun.security.provider.certpath.CertStoreHelper; + +/** + * SSL implementation of CertStoreHelper. + */ +public final class SSLServerCertStoreHelper extends CertStoreHelper { + + @Override + public CertStore getCertStore(URI uri) + throws NoSuchAlgorithmException, InvalidAlgorithmParameterException + { + return SSLServerCertStore.getInstance(uri); + } + + @Override + public X509CertSelector wrap(X509CertSelector selector, + X500Principal certSubject, + String ldapDN) + throws IOException + { + throw new UnsupportedOperationException(); + } + + @Override + public X509CRLSelector wrap(X509CRLSelector selector, + Collection<X500Principal> certIssuers, + String ldapDN) + throws IOException + { + throw new UnsupportedOperationException(); + } +}
--- a/src/share/classes/sun/security/rsa/RSAKeyFactory.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/rsa/RSAKeyFactory.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -351,12 +351,12 @@ if (key instanceof RSAPublicKey) { RSAPublicKey rsaKey = (RSAPublicKey)key; if (rsaPublicKeySpecClass.isAssignableFrom(keySpec)) { - return (T) new RSAPublicKeySpec( + return keySpec.cast(new RSAPublicKeySpec( rsaKey.getModulus(), rsaKey.getPublicExponent() - ); + )); } else if (x509KeySpecClass.isAssignableFrom(keySpec)) { - return (T) new X509EncodedKeySpec(key.getEncoded()); + return keySpec.cast(new X509EncodedKeySpec(key.getEncoded())); } else { throw new InvalidKeySpecException ("KeySpec must be RSAPublicKeySpec or " @@ -364,11 +364,11 @@ } } else if (key instanceof RSAPrivateKey) { if (pkcs8KeySpecClass.isAssignableFrom(keySpec)) { - return (T) new PKCS8EncodedKeySpec(key.getEncoded()); + return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded())); } else if (rsaPrivateCrtKeySpecClass.isAssignableFrom(keySpec)) { if (key instanceof RSAPrivateCrtKey) { RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)key; - return (T) new RSAPrivateCrtKeySpec( + return keySpec.cast(new RSAPrivateCrtKeySpec( crtKey.getModulus(), crtKey.getPublicExponent(), crtKey.getPrivateExponent(), @@ -377,17 +377,17 @@ crtKey.getPrimeExponentP(), crtKey.getPrimeExponentQ(), crtKey.getCrtCoefficient() - ); + )); } else { throw new InvalidKeySpecException ("RSAPrivateCrtKeySpec can only be used with CRT keys"); } } else if (rsaPrivateKeySpecClass.isAssignableFrom(keySpec)) { RSAPrivateKey rsaKey = (RSAPrivateKey)key; - return (T) new RSAPrivateKeySpec( + return keySpec.cast(new RSAPrivateKeySpec( rsaKey.getModulus(), rsaKey.getPrivateExponent() - ); + )); } else { throw new InvalidKeySpecException ("KeySpec must be RSAPrivate(Crt)KeySpec or "
--- a/src/share/classes/sun/security/rsa/RSASignature.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/rsa/RSASignature.java Sat Sep 10 22:36:17 2016 +0100 @@ -27,7 +27,6 @@ import java.io.IOException; import java.nio.ByteBuffer; -import java.math.BigInteger; import java.security.*; import java.security.interfaces.*; @@ -201,8 +200,6 @@ // return false rather than propagating the exception for // compatibility/ease of use return false; - } catch (GeneralSecurityException e) { - throw new SignatureException("Signature verification failed", e); } catch (IOException e) { throw new SignatureException("Signature encoding error", e); } @@ -234,7 +231,7 @@ throw new IOException("SEQUENCE length error"); } AlgorithmId algId = AlgorithmId.parse(values[0]); - if (algId.getOID().equals(oid) == false) { + if (algId.getOID().equals((Object)oid) == false) { throw new IOException("ObjectIdentifier mismatch: " + algId.getOID()); }
--- a/src/share/classes/sun/security/ssl/CipherSuite.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/ssl/CipherSuite.java Sat Sep 10 22:36:17 2016 +0100 @@ -65,7 +65,7 @@ * unavailable or disabled at compile time * */ -final class CipherSuite implements Comparable { +final class CipherSuite implements Comparable<CipherSuite> { // minimum priority for supported CipherSuites final static int SUPPORTED_SUITES_PRIORITY = 1; @@ -206,8 +206,8 @@ * Note that for unsupported CipherSuites parsed from a handshake * message we violate the equals() contract. */ - public int compareTo(Object o) { - return ((CipherSuite)o).priority - priority; + public int compareTo(CipherSuite o) { + return o.priority - priority; } /**
--- a/src/share/classes/sun/security/ssl/ClientHandshaker.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/ssl/ClientHandshaker.java Sat Sep 10 22:36:17 2016 +0100 @@ -266,7 +266,7 @@ input, serverKey, clnt_random.random_bytes, svr_random.random_bytes, messageLen, - localSupportedSignAlgs, protocolVersion)); + getLocalSupportedSignAlgs(), protocolVersion)); } catch (GeneralSecurityException e) { throwSSLException("Server key", e); } @@ -278,7 +278,7 @@ this.serverKeyExchange(new ECDH_ServerKeyExchange (input, serverKey, clnt_random.random_bytes, svr_random.random_bytes, - localSupportedSignAlgs, protocolVersion)); + getLocalSupportedSignAlgs(), protocolVersion)); } catch (GeneralSecurityException e) { throwSSLException("Server key", e); } @@ -328,7 +328,7 @@ Collection<SignatureAndHashAlgorithm> supportedPeerSignAlgs = SignatureAndHashAlgorithm.getSupportedAlgorithms( - peerSignAlgs); + algorithmConstraints, peerSignAlgs); if (supportedPeerSignAlgs.isEmpty()) { throw new SSLHandshakeException( "No supported signature and hash algorithm in common"); @@ -616,6 +616,9 @@ } } else { // we wanted to resume, but the server refused + // + // Invalidate the session in case of reusing next time. + session.invalidate(); session = null; if (!enableNewSession) { throw new SSLException("New session creation is disabled"); @@ -1050,8 +1053,8 @@ if (protocolVersion.v >= ProtocolVersion.TLS12.v) { preferableSignatureAlgorithm = SignatureAndHashAlgorithm.getPreferableAlgorithm( - peerSupportedSignAlgs, signingKey.getAlgorithm(), - signingKey); + getPeerSupportedSignAlgs(), + signingKey.getAlgorithm(), signingKey); if (preferableSignatureAlgorithm == null) { throw new SSLHandshakeException(
--- a/src/share/classes/sun/security/ssl/DHCrypt.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/ssl/DHCrypt.java Sat Sep 10 22:36:17 2016 +0100 @@ -26,6 +26,11 @@ package sun.security.ssl; +import java.util.Map; +import java.util.HashMap; +import java.util.Collections; +import java.util.regex.Pattern; +import java.util.regex.Matcher; import java.math.BigInteger; import java.security.*; import java.io.IOException; @@ -95,9 +100,35 @@ * Generate a Diffie-Hellman keypair of the specified size. */ DHCrypt(int keyLength, SecureRandom random) { + this(keyLength, + ParametersHolder.definedParams.get(keyLength), random); + } + + /** + * Generate a Diffie-Hellman keypair using the specified parameters. + * + * @param modulus the Diffie-Hellman modulus P + * @param base the Diffie-Hellman base G + */ + DHCrypt(BigInteger modulus, BigInteger base, SecureRandom random) { + this(modulus.bitLength(), + new DHParameterSpec(modulus, base), random); + } + + /** + * Generate a Diffie-Hellman keypair using the specified size and + * parameters. + */ + private DHCrypt(int keyLength, + DHParameterSpec params, SecureRandom random) { + try { KeyPairGenerator kpg = JsseJce.getKeyPairGenerator("DiffieHellman"); - kpg.initialize(keyLength, random); + if (params != null) { + kpg.initialize(params, random); + } else { + kpg.initialize(keyLength, random); + } DHPublicKeySpec spec = generateDHPublicKeySpec(kpg); if (spec == null) { @@ -112,33 +143,6 @@ } } - - /** - * Generate a Diffie-Hellman keypair using the specified parameters. - * - * @param modulus the Diffie-Hellman modulus P - * @param base the Diffie-Hellman base G - */ - DHCrypt(BigInteger modulus, BigInteger base, SecureRandom random) { - this.modulus = modulus; - this.base = base; - try { - KeyPairGenerator kpg = JsseJce.getKeyPairGenerator("DiffieHellman"); - DHParameterSpec params = new DHParameterSpec(modulus, base); - kpg.initialize(params, random); - - DHPublicKeySpec spec = generateDHPublicKeySpec(kpg); - if (spec == null) { - throw new RuntimeException("Could not generate DH keypair"); - } - - publicValue = spec.getY(); - } catch (GeneralSecurityException e) { - throw new RuntimeException("Could not generate DH keypair", e); - } - } - - static DHPublicKeySpec getDHPublicKeySpec(PublicKey key) { if (key instanceof DHPublicKey) { DHPublicKey dhKey = (DHPublicKey)key; @@ -268,4 +272,144 @@ return null; } + + // lazy initialization holder class idiom for static default parameters + // + // See Effective Java Second Edition: Item 71. + private static class ParametersHolder { + private final static boolean debugIsOn = + (Debug.getInstance("ssl") != null) && Debug.isOn("sslctx"); + + // + // Default DH ephemeral parameters + // + private static final BigInteger g2 = BigInteger.valueOf(2); + + private static final BigInteger p512 = new BigInteger( // generated + "D87780E15FF50B4ABBE89870188B049406B5BEA98AB23A02" + + "41D88EA75B7755E669C08093D3F0CA7FC3A5A25CF067DCB9" + + "A43DD89D1D90921C6328884461E0B6D3", 16); + private static final BigInteger p768 = new BigInteger( // RFC 2409 + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" + + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" + + "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF", 16); + + private static final BigInteger p1024 = new BigInteger( // RFC 2409 + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" + + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" + + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" + + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" + + "FFFFFFFFFFFFFFFF", 16); + private static final BigInteger p2048 = new BigInteger( // TLS FEDHE + "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" + + "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" + + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" + + "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" + + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" + + "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" + + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" + + "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" + + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" + + "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" + + "886B423861285C97FFFFFFFFFFFFFFFF", 16); + + private static final BigInteger[] supportedPrimes = { + p512, p768, p1024, p2048}; + + // a measure of the uncertainty that prime modulus p is not a prime + // + // see BigInteger.isProbablePrime(int certainty) + private final static int PRIME_CERTAINTY = 120; + + // the known security property, jdk.tls.server.defaultDHEParameters + private final static String PROPERTY_NAME = + "jdk.tls.server.defaultDHEParameters"; + + private static final Pattern spacesPattern = Pattern.compile("\\s+"); + + private final static Pattern syntaxPattern = Pattern.compile( + "(\\{[0-9A-Fa-f]+,[0-9A-Fa-f]+\\})" + + "(,\\{[0-9A-Fa-f]+,[0-9A-Fa-f]+\\})*"); + + private static final Pattern paramsPattern = Pattern.compile( + "\\{([0-9A-Fa-f]+),([0-9A-Fa-f]+)\\}"); + + // cache of predefined default DH ephemeral parameters + private final static Map<Integer,DHParameterSpec> definedParams; + + static { + String property = AccessController.doPrivileged( + new PrivilegedAction<String>() { + public String run() { + return Security.getProperty(PROPERTY_NAME); + } + }); + + if (property != null && !property.isEmpty()) { + // remove double quote marks from beginning/end of the property + if (property.length() >= 2 && property.charAt(0) == '"' && + property.charAt(property.length() - 1) == '"') { + property = property.substring(1, property.length() - 1); + } + + property = property.trim(); + } + + if (property != null && !property.isEmpty()) { + Matcher spacesMatcher = spacesPattern.matcher(property); + property = spacesMatcher.replaceAll(""); + + if (debugIsOn) { + System.out.println("The Security Property " + + PROPERTY_NAME + ": " + property); + } + } + + Map<Integer,DHParameterSpec> defaultParams = new HashMap<>(); + if (property != null && !property.isEmpty()) { + Matcher syntaxMatcher = syntaxPattern.matcher(property); + if (syntaxMatcher.matches()) { + Matcher paramsFinder = paramsPattern.matcher(property); + while(paramsFinder.find()) { + String primeModulus = paramsFinder.group(1); + BigInteger p = new BigInteger(primeModulus, 16); + if (!p.isProbablePrime(PRIME_CERTAINTY)) { + if (debugIsOn) { + System.out.println( + "Prime modulus p in Security Property, " + + PROPERTY_NAME + ", is not a prime: " + + primeModulus); + } + + continue; + } + + String baseGenerator = paramsFinder.group(2); + BigInteger g = new BigInteger(baseGenerator, 16); + + DHParameterSpec spec = new DHParameterSpec(p, g); + int primeLen = p.bitLength(); + defaultParams.put(primeLen, spec); + } + } else if (debugIsOn) { + System.out.println("Invalid Security Property, " + + PROPERTY_NAME + ", definition"); + } + } + + for (BigInteger p : supportedPrimes) { + int primeLen = p.bitLength(); + DHParameterSpec value = defaultParams.get(primeLen); + if (value == null) { + defaultParams.put(primeLen, new DHParameterSpec(p, g2)); + } + } + + definedParams = + Collections.<Integer,DHParameterSpec>unmodifiableMap( + defaultParams); + } + } }
--- a/src/share/classes/sun/security/ssl/HandshakeMessage.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/ssl/HandshakeMessage.java Sat Sep 10 22:36:17 2016 +0100 @@ -823,13 +823,16 @@ sig = JsseJce.getSignature( preferableSignatureAlgorithm.getAlgorithmName()); } else { - if (algorithm.equals("DSA")) { - sig = JsseJce.getSignature(JsseJce.SIGNATURE_DSA); - } else if (algorithm.equals("RSA")) { - sig = RSASignature.getInstance(); - } else { - throw new SSLKeyException("neither an RSA or a DSA key"); - } + switch (algorithm) { + case "DSA": + sig = JsseJce.getSignature(JsseJce.SIGNATURE_DSA); + break; + case "RSA": + sig = RSASignature.getInstance(); + break; + default: + throw new SSLKeyException("neither an RSA or a DSA key"); + } } sig.initVerify(publicKey); @@ -1109,13 +1112,14 @@ private static Signature getSignature(String keyAlgorithm) throws NoSuchAlgorithmException { - if (keyAlgorithm.equals("EC")) { - return JsseJce.getSignature(JsseJce.SIGNATURE_ECDSA); - } else if (keyAlgorithm.equals("RSA")) { - return RSASignature.getInstance(); - } else { - throw new NoSuchAlgorithmException("neither an RSA or a EC key"); - } + switch (keyAlgorithm) { + case "EC": + return JsseJce.getSignature(JsseJce.SIGNATURE_ECDSA); + case "RSA": + return RSASignature.getInstance(); + default: + throw new NoSuchAlgorithmException("neither an RSA or a EC key"); + } } private void updateSignature(Signature sig, byte clntNonce[], @@ -1528,7 +1532,7 @@ // the signature bytes private byte[] signature; - // protocol version being established using this ServerKeyExchange message + // protocol version being established using this CertificateVerify message ProtocolVersion protocolVersion; // the preferable signature algorithm used by this CertificateVerify message @@ -1581,7 +1585,7 @@ preferableSignatureAlgorithm)) { throw new SSLHandshakeException( "Unsupported SignatureAndHashAlgorithm in " + - "ServerKeyExchange message"); + "CertificateVerify message"); } } @@ -1623,16 +1627,17 @@ */ private static Signature getSignature(ProtocolVersion protocolVersion, String algorithm) throws GeneralSecurityException { - if (algorithm.equals("RSA")) { - return RSASignature.getInternalInstance(); - } else if (algorithm.equals("DSA")) { - return JsseJce.getSignature(JsseJce.SIGNATURE_RAWDSA); - } else if (algorithm.equals("EC")) { - return JsseJce.getSignature(JsseJce.SIGNATURE_RAWECDSA); - } else { - throw new SignatureException("Unrecognized algorithm: " - + algorithm); - } + switch (algorithm) { + case "RSA": + return RSASignature.getInternalInstance(); + case "DSA": + return JsseJce.getSignature(JsseJce.SIGNATURE_RAWDSA); + case "EC": + return JsseJce.getSignature(JsseJce.SIGNATURE_RAWECDSA); + default: + throw new SignatureException("Unrecognized algorithm: " + + algorithm); + } } /* @@ -1708,7 +1713,7 @@ md.update(temp); } - private final static Class delegate; + private final static Class<?> delegate; private final static Field spiField; static { @@ -1736,7 +1741,7 @@ // cache Method objects per Spi class // Note that this will prevent the Spi classes from being GC'd. We assume // that is not a problem. - private final static Map<Class,Object> methodCache = + private final static Map<Class<?>,Object> methodCache = new ConcurrentHashMap<>(); private static void digestKey(MessageDigest md, SecretKey key) {
--- a/src/share/classes/sun/security/ssl/Handshaker.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/ssl/Handshaker.java Sat Sep 10 22:36:17 2016 +0100 @@ -88,7 +88,7 @@ AlgorithmConstraints algorithmConstraints = null; // Local supported signature and algorithms - Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs; + private Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs; // Peer supported signature and algorithms Collection<SignatureAndHashAlgorithm> peerSupportedSignAlgs; @@ -156,7 +156,7 @@ * Data is protected by the SSLEngine.this lock. */ private volatile boolean taskDelegated = false; - private volatile DelegatedTask delegatedTask = null; + private volatile DelegatedTask<?> delegatedTask = null; private volatile Exception thrown = null; // Could probably use a java.util.concurrent.atomic.AtomicReference @@ -1300,7 +1300,7 @@ thrown = null; } - DelegatedTask getTask() { + DelegatedTask<?> getTask() { if (!taskDelegated) { taskDelegated = true; return delegatedTask; @@ -1342,8 +1342,7 @@ thrown = null; if (e instanceof RuntimeException) { - throw (RuntimeException) - new RuntimeException(msg).initCause(e); + throw new RuntimeException(msg, e); } else if (e instanceof SSLHandshakeException) { throw (SSLHandshakeException) new SSLHandshakeException(msg).initCause(e); @@ -1361,8 +1360,7 @@ * If it's SSLException or any other Exception, * we'll wrap it in an SSLException. */ - throw (SSLException) - new SSLException(msg).initCause(e); + throw new SSLException(msg, e); } } }
--- a/src/share/classes/sun/security/ssl/JsseJce.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/ssl/JsseJce.java Sat Sep 10 22:36:17 2016 +0100 @@ -30,7 +30,6 @@ import java.security.*; import java.security.interfaces.RSAPublicKey; -import java.security.spec.RSAPublicKeySpec; import java.security.spec.*; import javax.crypto.*; @@ -110,6 +109,8 @@ } private static final class SunCertificates extends Provider { + private static final long serialVersionUID = -3284138292032213752L; + SunCertificates(final Provider p) { super("SunCertificates", 1.0d, "SunJSSE internal"); AccessController.doPrivileged(new PrivilegedAction<Object>() { @@ -372,7 +373,7 @@ KeyFactory factory = JsseJce.getKeyFactory("RSA"); return factory.getKeySpec(key, RSAPublicKeySpec.class); } catch (Exception e) { - throw (RuntimeException)new RuntimeException().initCause(e); + throw new RuntimeException(e); } }
--- a/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java Sat Sep 10 22:36:17 2016 +0100 @@ -113,15 +113,34 @@ } } + byte[] encoded = null; try { Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1); - // Cannot generate key here, please don't use Cipher.UNWRAP_MODE! - cipher.init(Cipher.UNWRAP_MODE, privateKey, - new TlsRsaPremasterSecretParameterSpec( - maxVersion.v, currentVersion.v), - generator); - preMaster = (SecretKey)cipher.unwrap(encrypted, - "TlsRsaPremasterSecret", Cipher.SECRET_KEY); + boolean needFailover = !KeyUtil.isOracleJCEProvider( + cipher.getProvider().getName()); + if (needFailover) { + cipher.init(Cipher.DECRYPT_MODE, privateKey); + boolean failed = false; + try { + encoded = cipher.doFinal(encrypted); + } catch (BadPaddingException bpe) { + // Note: encoded == null + failed = true; + } + encoded = KeyUtil.checkTlsPreMasterSecretKey( + maxVersion.v, currentVersion.v, + generator, encoded, failed); + preMaster = generatePreMasterSecret( + maxVersion.v, currentVersion.v, + encoded, generator); + } else { + cipher.init(Cipher.UNWRAP_MODE, privateKey, + new TlsRsaPremasterSecretParameterSpec( + maxVersion.v, currentVersion.v), + generator); + preMaster = (SecretKey)cipher.unwrap(encrypted, + "TlsRsaPremasterSecret", Cipher.SECRET_KEY); + } } catch (InvalidKeyException ibk) { // the message is too big to process with RSA throw new SSLProtocolException( @@ -136,6 +155,35 @@ } } + // generate a premaster secret with the specified version number + @SuppressWarnings("deprecation") + private static SecretKey generatePreMasterSecret( + int clientVersion, int serverVersion, + byte[] encodedSecret, SecureRandom generator) { + + if (debug != null && Debug.isOn("handshake")) { + System.out.println("Generating a premaster secret"); + } + + try { + String s = ((clientVersion >= ProtocolVersion.TLS12.v) ? + "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret"); + KeyGenerator kg = JsseJce.getKeyGenerator(s); + kg.init(new TlsRsaPremasterSecretParameterSpec( + clientVersion, serverVersion, encodedSecret), + generator); + return kg.generateKey(); + } catch (InvalidAlgorithmParameterException | + NoSuchAlgorithmException iae) { + // unlikely to happen, otherwise, must be a provider exception + if (debug != null && Debug.isOn("handshake")) { + System.out.println("RSA premaster secret generation error:"); + iae.printStackTrace(System.out); + } + throw new RuntimeException("Could not generate premaster secret", iae); + } + } + @Override int messageType() { return ht_client_key_exchange;
--- a/src/share/classes/sun/security/ssl/SSLEngineImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/ssl/SSLEngineImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -27,8 +27,6 @@ import java.io.*; import java.nio.*; -import java.nio.ReadOnlyBufferException; -import java.util.LinkedList; import java.security.*; import javax.crypto.BadPaddingException; @@ -36,7 +34,6 @@ import javax.net.ssl.*; import javax.net.ssl.SSLEngineResult.*; -import com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager; /** * Implementation of an non-blocking SSLEngine. @@ -588,8 +585,7 @@ readMAC = handshaker.newReadMAC(); } catch (GeneralSecurityException e) { // "can't happen" - throw (SSLException)new SSLException - ("Algorithm missing: ").initCause(e); + throw new SSLException("Algorithm missing: ", e); } /* @@ -625,8 +621,7 @@ writeMAC = handshaker.newWriteMAC(); } catch (GeneralSecurityException e) { // "can't happen" - throw (SSLException)new SSLException - ("Algorithm missing: ").initCause(e); + throw new SSLException("Algorithm missing: ", e); } // See comment above. @@ -894,9 +889,7 @@ } catch (SSLException e) { throw e; } catch (IOException e) { - SSLException ex = new SSLException("readRecord"); - ex.initCause(e); - throw ex; + throw new SSLException("readRecord", e); } /* @@ -1162,7 +1155,7 @@ * For now, force it to be large enough to handle any * valid SSL/TLS record. */ - if (netData.remaining() < outputRecord.maxRecordSize) { + if (netData.remaining() < EngineOutputRecord.maxRecordSize) { return new SSLEngineResult( Status.BUFFER_OVERFLOW, getHSStatus(null), 0, 0); } @@ -1259,9 +1252,7 @@ } catch (SSLException e) { throw e; } catch (IOException e) { - SSLException ex = new SSLException("Write problems"); - ex.initCause(e); - throw ex; + throw new SSLException("Write problems", e); } /* @@ -1669,10 +1660,7 @@ } else if (cause instanceof SSLException) { throw (SSLException)cause; } else if (cause instanceof Exception) { - SSLException ssle = new SSLException( - "fatal SSLEngine condition"); - ssle.initCause(cause); - throw ssle; + throw new SSLException("fatal SSLEngine condition", cause); } } @@ -1920,6 +1908,7 @@ * client or server mode. Must be called before any SSL * traffic has started. */ + @SuppressWarnings("fallthrough") synchronized public void setUseClientMode(boolean flag) { switch (connectionState) {
--- a/src/share/classes/sun/security/ssl/SSLSocketImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/ssl/SSLSocketImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -41,8 +41,6 @@ import javax.net.ssl.*; -import com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager; - import sun.misc.JavaNetAccess; import sun.misc.SharedSecrets; @@ -2076,8 +2074,7 @@ readMAC = handshaker.newReadMAC(); } catch (GeneralSecurityException e) { // "can't happen" - throw (SSLException)new SSLException - ("Algorithm missing: ").initCause(e); + throw new SSLException("Algorithm missing: ", e); } /* @@ -2108,8 +2105,7 @@ writeMAC = handshaker.newWriteMAC(); } catch (GeneralSecurityException e) { // "can't happen" - throw (SSLException)new SSLException - ("Algorithm missing: ").initCause(e); + throw new SSLException("Algorithm missing: ", e); } // See comment above. @@ -2330,6 +2326,7 @@ * client or server mode. Must be called before any SSL * traffic has started. */ + @SuppressWarnings("fallthrough") synchronized public void setUseClientMode(boolean flag) { switch (connectionState) {
--- a/src/share/classes/sun/security/ssl/ServerHandshaker.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/ssl/ServerHandshaker.java Sat Sep 10 22:36:17 2016 +0100 @@ -41,15 +41,14 @@ import javax.security.auth.Subject; -import sun.security.util.KeyUtil; -import sun.security.util.LegacyAlgorithmConstraints; - import sun.security.action.GetPropertyAction; import sun.security.ssl.HandshakeMessage.*; import sun.security.ssl.CipherSuite.*; import sun.security.ssl.SignatureAndHashAlgorithm.*; import static sun.security.ssl.CipherSuite.*; import static sun.security.ssl.CipherSuite.KeyExchange.*; +import sun.security.util.KeyUtil; +import sun.security.util.LegacyAlgorithmConstraints; /** * ServerHandshaker does the protocol handshaking from the point @@ -99,6 +98,12 @@ // the preferable signature algorithm used by ServerKeyExchange message SignatureAndHashAlgorithm preferableSignatureAlgorithm; + // legacy algorithm constraints + private static final AlgorithmConstraints legacyAlgorithmConstraints = + new LegacyAlgorithmConstraints( + LegacyAlgorithmConstraints.PROPERTY_TLS_LEGACY_ALGS, + new SSLAlgorithmDecomposer()); + // Flag to use smart ephemeral DH key which size matches the corresponding // authentication key private static final boolean useSmartEphemeralDHKeys; @@ -110,12 +115,6 @@ // The customized ephemeral DH key size for non-exportable cipher suites. private static final int customizedDHKeySize; - // legacy algorithm constraints - private static final AlgorithmConstraints legacyAlgorithmConstraints = - new LegacyAlgorithmConstraints( - LegacyAlgorithmConstraints.PROPERTY_TLS_LEGACY_ALGS, - new SSLAlgorithmDecomposer()); - static { String property = AccessController.doPrivileged( new GetPropertyAction("jdk.tls.ephemeralDHKeySize")); @@ -291,7 +290,7 @@ case HandshakeMessage.ht_certificate_verify: this.clientCertificateVerify(new CertificateVerify(input, - localSupportedSignAlgs, protocolVersion)); + getLocalSupportedSignAlgs(), protocolVersion)); break; case HandshakeMessage.ht_finished: @@ -653,11 +652,10 @@ Collection<SignatureAndHashAlgorithm> supportedPeerSignAlgs = SignatureAndHashAlgorithm.getSupportedAlgorithms( - peerSignAlgs); + algorithmConstraints, peerSignAlgs); if (supportedPeerSignAlgs.isEmpty()) { throw new SSLHandshakeException( - "No supported signature and hash algorithm " + - "in common"); + "No signature and hash algorithm in common"); } setPeerSupportedSignAlgs(supportedPeerSignAlgs); @@ -1069,6 +1067,13 @@ supportedSignAlgs = new ArrayList<SignatureAndHashAlgorithm>(1); supportedSignAlgs.add(algorithm); + + supportedSignAlgs = + SignatureAndHashAlgorithm.getSupportedAlgorithms( + algorithmConstraints, supportedSignAlgs); + + // May be no default activated signature algorithm, but + // let the following process make the final decision. } // Sets the peer supported signature algorithm to use in KM @@ -1113,6 +1118,11 @@ SignatureAndHashAlgorithm.getPreferableAlgorithm( supportedSignAlgs, "RSA", privateKey); if (preferableSignatureAlgorithm == null) { + if ((debug != null) && Debug.isOn("handshake")) { + System.out.println( + "No signature and hash algorithm for cipher " + + suite); + } return false; } } @@ -1131,6 +1141,11 @@ SignatureAndHashAlgorithm.getPreferableAlgorithm( supportedSignAlgs, "RSA", privateKey); if (preferableSignatureAlgorithm == null) { + if ((debug != null) && Debug.isOn("handshake")) { + System.out.println( + "No signature and hash algorithm for cipher " + + suite); + } return false; } } @@ -1146,6 +1161,11 @@ SignatureAndHashAlgorithm.getPreferableAlgorithm( supportedSignAlgs, "DSA"); if (preferableSignatureAlgorithm == null) { + if ((debug != null) && Debug.isOn("handshake")) { + System.out.println( + "No signature and hash algorithm for cipher " + + suite); + } return false; } } @@ -1164,6 +1184,11 @@ SignatureAndHashAlgorithm.getPreferableAlgorithm( supportedSignAlgs, "ECDSA"); if (preferableSignatureAlgorithm == null) { + if ((debug != null) && Debug.isOn("handshake")) { + System.out.println( + "No signature and hash algorithm for cipher " + + suite); + } return false; } } @@ -1209,7 +1234,8 @@ break; default: // internal error, unknown key exchange - throw new RuntimeException("Unrecognized cipherSuite: " + suite); + throw new RuntimeException( + "Unrecognized cipherSuite: " + suite); } setCipherSuite(suite); @@ -1834,7 +1860,7 @@ * specified radix (as determined by whether {@link * java.lang.Character#digit(char, int)} returns a nonnegative * value), except that the first character may be an ASCII plus - * sign {@code '+'} (<code>'\u002B'</code>). The resulting + * sign {@code '+'} ({@code '\u005Cu002B'}). The resulting * integer value is returned. * * <p>An exception of type {@code NumberFormatException} is @@ -1849,7 +1875,7 @@ * * <li>Any character of the string is not a digit of the specified * radix, except that the first character may be a plus sign - * {@code '+'} (<code>'\u002B'</code>) provided that the + * {@code '+'} ({@code '\u005Cu002B'}) provided that the * string is longer than length 1. * * <li>The value represented by the string is larger than the @@ -1865,7 +1891,6 @@ * specified radix. * @throws NumberFormatException if the {@code String} * does not contain a parsable {@code int}. - * @since 1.8 */ private static int parseUnsignedInt(String s, int radix) throws NumberFormatException { @@ -1904,7 +1929,7 @@ * Parses the string argument as an unsigned decimal integer. The * characters in the string must all be decimal digits, except * that the first character may be an an ASCII plus sign {@code - * '+'} (<code>'\u002B'</code>). The resulting integer value + * '+'} ({@code '\u005Cu002B'}). The resulting integer value * is returned, exactly as if the argument and the radix 10 were * given as arguments to the {@link * #parseUnsignedInt(java.lang.String, int)} method. @@ -1914,7 +1939,6 @@ * @return the unsigned integer value represented by the argument in decimal. * @throws NumberFormatException if the string does not contain a * parsable unsigned integer. - * @since 1.8 */ private static int parseUnsignedInt(String s) throws NumberFormatException { return parseUnsignedInt(s, 10);
--- a/src/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -172,10 +172,13 @@ // Get supported algorithm collection from an untrusted collection static Collection<SignatureAndHashAlgorithm> getSupportedAlgorithms( + AlgorithmConstraints constraints, Collection<SignatureAndHashAlgorithm> algorithms ) { Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>(); for (SignatureAndHashAlgorithm sigAlg : algorithms) { - if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) { + if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM && + constraints.permits(SIGNATURE_PRIMITIVE_SET, + sigAlg.algorithm, null)) { supported.add(sigAlg); } } @@ -239,30 +242,42 @@ } static SignatureAndHashAlgorithm getPreferableAlgorithm( - Collection<SignatureAndHashAlgorithm> algorithms, - String expected, PrivateKey signingKey) { + Collection<SignatureAndHashAlgorithm> algorithms, + String expected, PrivateKey signingKey) { - if (expected == null && !algorithms.isEmpty()) { - for (SignatureAndHashAlgorithm sigAlg : algorithms) { - if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) { - return sigAlg; + int maxDigestLength = getMaxDigestLength(signingKey); + for (SignatureAndHashAlgorithm algorithm : algorithms) { + int signValue = algorithm.id & 0xFF; + if ((expected == null) || + (expected.equalsIgnoreCase("rsa") && + signValue == SignatureAlgorithm.RSA.value) || + (expected.equalsIgnoreCase("dsa") && + signValue == SignatureAlgorithm.DSA.value) || + (expected.equalsIgnoreCase("ecdsa") && + signValue == SignatureAlgorithm.ECDSA.value) || + (expected.equalsIgnoreCase("ec") && + signValue == SignatureAlgorithm.ECDSA.value)) { + + if (algorithm.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM && + algorithm.hash.length <= maxDigestLength) { + + return algorithm; } } - - return null; // no supported algorithm - } - - if (expected == null ) { - return null; // no expected algorithm, no supported algorithm } - /* - * Need to check RSA key length to match the length of hash value - */ + return null; + } + + /* + * Need to check key length to match the length of hash value + */ + private static int getMaxDigestLength(PrivateKey signingKey) { int maxDigestLength = Integer.MAX_VALUE; + + // only need to check RSA algorithm at present. if (signingKey != null && - "rsa".equalsIgnoreCase(signingKey.getAlgorithm()) && - expected.equalsIgnoreCase("rsa")) { + "rsa".equalsIgnoreCase(signingKey.getAlgorithm())) { /* * RSA keys of 512 bits have been shown to be practically * breakable, it does not make much sense to use the strong @@ -290,25 +305,7 @@ // perferable hash algorithm. } - for (SignatureAndHashAlgorithm algorithm : algorithms) { - int signValue = algorithm.id & 0xFF; - if (expected.equalsIgnoreCase("rsa") && - signValue == SignatureAlgorithm.RSA.value) { - if (algorithm.hash.length <= maxDigestLength) { - return algorithm; - } - } else if ( - (expected.equalsIgnoreCase("dsa") && - signValue == SignatureAlgorithm.DSA.value) || - (expected.equalsIgnoreCase("ecdsa") && - signValue == SignatureAlgorithm.ECDSA.value) || - (expected.equalsIgnoreCase("ec") && - signValue == SignatureAlgorithm.ECDSA.value)) { - return algorithm; - } - } - - return null; + return maxDigestLength; } static enum HashAlgorithm {
--- a/src/share/classes/sun/security/ssl/X509KeyManagerImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/ssl/X509KeyManagerImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -91,6 +91,8 @@ // LinkedHashMap with a max size of 10 // see LinkedHashMap JavaDocs private static class SizedMap<K,V> extends LinkedHashMap<K,V> { + private static final long serialVersionUID = -8211222668790986062L; + @Override protected boolean removeEldestEntry(Map.Entry<K,V> eldest) { return size() > 10; } @@ -247,7 +249,7 @@ return null; } entry = (PrivateKeyEntry)newEntry; - entryCacheMap.put(alias, new SoftReference(entry)); + entryCacheMap.put(alias, new SoftReference<PrivateKeyEntry>(entry)); return entry; } catch (Exception e) { // ignore @@ -329,7 +331,7 @@ */ private String chooseAlias(List<KeyType> keyTypeList, Principal[] issuers, CheckType checkType, AlgorithmConstraints constraints) { - if (keyTypeList == null || keyTypeList.size() == 0) { + if (keyTypeList == null || keyTypeList.isEmpty()) { return null; } @@ -403,7 +405,7 @@ // ignore } } - if (allResults == null || allResults.size() == 0) { + if (allResults == null || allResults.isEmpty()) { if (useDebug) { debug.println("KeyMgr: no matching alias found"); } @@ -523,38 +525,43 @@ if (ku != null) { String algorithm = cert.getPublicKey().getAlgorithm(); boolean kuSignature = getBit(ku, 0); - if (algorithm.equals("RSA")) { - // require either signature bit - // or if server also allow key encipherment bit - if (kuSignature == false) { - if ((this == CLIENT) || (getBit(ku, 2) == false)) { + switch (algorithm) { + case "RSA": + // require either signature bit + // or if server also allow key encipherment bit + if (kuSignature == false) { + if ((this == CLIENT) || (getBit(ku, 2) == false)) { + return CheckResult.EXTENSION_MISMATCH; + } + } + break; + case "DSA": + // require signature bit + if (kuSignature == false) { return CheckResult.EXTENSION_MISMATCH; } - } - } else if (algorithm.equals("DSA")) { - // require signature bit - if (kuSignature == false) { - return CheckResult.EXTENSION_MISMATCH; - } - } else if (algorithm.equals("DH")) { - // require keyagreement bit - if (getBit(ku, 4) == false) { - return CheckResult.EXTENSION_MISMATCH; - } - } else if (algorithm.equals("EC")) { - // require signature bit - if (kuSignature == false) { - return CheckResult.EXTENSION_MISMATCH; - } - // For servers, also require key agreement. - // This is not totally accurate as the keyAgreement bit - // is only necessary for static ECDH key exchange and - // not ephemeral ECDH. We leave it in for now until - // there are signs that this check causes problems - // for real world EC certificates. - if ((this == SERVER) && (getBit(ku, 4) == false)) { - return CheckResult.EXTENSION_MISMATCH; - } + break; + case "DH": + // require keyagreement bit + if (getBit(ku, 4) == false) { + return CheckResult.EXTENSION_MISMATCH; + } + break; + case "EC": + // require signature bit + if (kuSignature == false) { + return CheckResult.EXTENSION_MISMATCH; + } + // For servers, also require key agreement. + // This is not totally accurate as the keyAgreement bit + // is only necessary for static ECDH key exchange and + // not ephemeral ECDH. We leave it in for now until + // there are signs that this check causes problems + // for real world EC certificates. + if ((this == SERVER) && (getBit(ku, 4) == false)) { + return CheckResult.EXTENSION_MISMATCH; + } + break; } } } catch (CertificateException e) {
--- a/src/share/classes/sun/security/ssl/krb5/KerberosClientKeyExchangeImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/ssl/krb5/KerberosClientKeyExchangeImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -163,7 +163,7 @@ EncryptedData encPart = t.encPart; PrincipalName ticketSname = t.sname; - Realm ticketRealm = t.realm; + Realm ticketRealm = t.sname.getRealm(); String serverPrincipal = serverKeys[0].getPrincipal().getName(); @@ -175,8 +175,7 @@ */ // Check that ticket Sname matches serverPrincipal - String ticketPrinc = ticketSname.toString().concat("@" + - ticketRealm.toString()); + String ticketPrinc = ticketSname.toString(); if (!ticketPrinc.equals(serverPrincipal)) { if (debug != null && Debug.isOn("handshake")) System.out.println("Service principal in Ticket does not" @@ -224,7 +223,6 @@ if (debug != null && Debug.isOn("handshake")) { System.out.println("server principal: " + serverPrincipal); - System.out.println("realm: " + encTicketPart.crealm.toString()); System.out.println("cname: " + encTicketPart.cname.toString()); } } catch (IOException e) {
--- a/src/share/classes/sun/security/timestamp/HttpTimestamper.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/timestamp/HttpTimestamper.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,14 +28,13 @@ import java.io.BufferedInputStream; import java.io.DataOutputStream; import java.io.IOException; +import java.net.URI; import java.net.URL; import java.net.HttpURLConnection; -import java.util.Iterator; -import java.util.Set; -import java.util.Arrays; +import java.util.*; import sun.misc.IOUtils; -import sun.security.pkcs.*; +import sun.security.util.Debug; /** * A timestamper that communicates with a Timestamping Authority (TSA) @@ -59,20 +58,23 @@ private static final String TS_REPLY_MIME_TYPE = "application/timestamp-reply"; - private static final boolean DEBUG = false; + private static final Debug debug = Debug.getInstance("ts"); /* - * HTTP URL identifying the location of the TSA + * HTTP URI identifying the location of the TSA */ - private String tsaUrl = null; + private URI tsaURI = null; /** * Creates a timestamper that connects to the specified TSA. * - * @param tsa The location of the TSA. It must be an HTTP URL. + * @param tsa The location of the TSA. It must be an HTTP URI. + * @throws IllegalArgumentException if tsaURI is not an HTTP URI */ - public HttpTimestamper(String tsaUrl) { - this.tsaUrl = tsaUrl; + public HttpTimestamper(URI tsaURI) { + if (!tsaURI.getScheme().equalsIgnoreCase("http")) + throw new IllegalArgumentException("TSA must be an HTTP URI"); + this.tsaURI = tsaURI; } /** @@ -86,7 +88,7 @@ public TSResponse generateTimestamp(TSRequest tsQuery) throws IOException { HttpURLConnection connection = - (HttpURLConnection) new URL(tsaUrl).openConnection(); + (HttpURLConnection) tsaURI.toURL().openConnection(); connection.setDoOutput(true); connection.setUseCaches(false); // ignore cache connection.setRequestProperty("Content-Type", TS_QUERY_MIME_TYPE); @@ -94,14 +96,15 @@ // Avoids the "hang" when a proxy is required but none has been set. connection.setConnectTimeout(CONNECT_TIMEOUT); - if (DEBUG) { - Set headers = connection.getRequestProperties().entrySet(); - System.out.println(connection.getRequestMethod() + " " + tsaUrl + + if (debug != null) { + Set<Map.Entry<String, List<String>>> headers = + connection.getRequestProperties().entrySet(); + debug.println(connection.getRequestMethod() + " " + tsaURI + " HTTP/1.1"); - for (Iterator i = headers.iterator(); i.hasNext(); ) { - System.out.println(" " + i.next()); + for (Map.Entry<String, List<String>> e : headers) { + debug.println(" " + e); } - System.out.println(); + debug.println(); } connection.connect(); // No HTTP authentication is performed @@ -112,8 +115,8 @@ byte[] request = tsQuery.encode(); output.write(request, 0, request.length); output.flush(); - if (DEBUG) { - System.out.println("sent timestamp query (length=" + + if (debug != null) { + debug.println("sent timestamp query (length=" + request.length + ")"); } } finally { @@ -127,17 +130,17 @@ byte[] replyBuffer = null; try { input = new BufferedInputStream(connection.getInputStream()); - if (DEBUG) { + if (debug != null) { String header = connection.getHeaderField(0); - System.out.println(header); + debug.println(header); int i = 1; while ((header = connection.getHeaderField(i)) != null) { String key = connection.getHeaderFieldKey(i); - System.out.println(" " + ((key==null) ? "" : key + ": ") + + debug.println(" " + ((key==null) ? "" : key + ": ") + header); i++; } - System.out.println(); + debug.println(); } verifyMimeType(connection.getContentType()); @@ -145,8 +148,8 @@ int contentLength = connection.getContentLength(); replyBuffer = IOUtils.readFully(input, contentLength, false); - if (DEBUG) { - System.out.println("received timestamp response (length=" + + if (debug != null) { + debug.println("received timestamp response (length=" + total + ")"); } } finally {
--- a/src/share/classes/sun/security/timestamp/TSRequest.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/timestamp/TSRequest.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,10 +27,13 @@ import java.io.IOException; import java.math.BigInteger; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; import java.security.cert.X509Extension; import sun.security.util.DerValue; import sun.security.util.DerOutputStream; import sun.security.util.ObjectIdentifier; +import sun.security.x509.AlgorithmId; /** * This class provides a timestamp request, as defined in @@ -64,24 +67,9 @@ public class TSRequest { - private static final ObjectIdentifier SHA1_OID; - private static final ObjectIdentifier MD5_OID; - static { - ObjectIdentifier sha1 = null; - ObjectIdentifier md5 = null; - try { - sha1 = new ObjectIdentifier("1.3.14.3.2.26"); - md5 = new ObjectIdentifier("1.2.840.113549.2.5"); - } catch (IOException ioe) { - // should not happen - } - SHA1_OID = sha1; - MD5_OID = md5; - } - private int version = 1; - private ObjectIdentifier hashAlgorithmId = null; + private AlgorithmId hashAlgorithmId = null; private byte[] hashValue; @@ -94,30 +82,22 @@ private X509Extension[] extensions = null; /** - * Constructs a timestamp request for the supplied hash value.. + * Constructs a timestamp request for the supplied data. * - * @param hashValue The hash value. This is the data to be timestamped. - * @param hashAlgorithm The name of the hash algorithm. + * @param toBeTimeStamped The data to be timestamped. + * @param messageDigest The MessageDigest of the hash algorithm to use. + * @throws NoSuchAlgorithmException if the hash algorithm is not supported */ - public TSRequest(byte[] hashValue, String hashAlgorithm) { + public TSRequest(String tSAPolicyID, byte[] toBeTimeStamped, MessageDigest messageDigest) + throws NoSuchAlgorithmException { - // Check the common hash algorithms - if ("MD5".equalsIgnoreCase(hashAlgorithm)) { - hashAlgorithmId = MD5_OID; - // Check that the hash value matches the hash algorithm - assert hashValue.length == 16; + this.policyId = tSAPolicyID; + this.hashAlgorithmId = AlgorithmId.get(messageDigest.getAlgorithm()); + this.hashValue = messageDigest.digest(toBeTimeStamped); + } - } else if ("SHA-1".equalsIgnoreCase(hashAlgorithm) || - "SHA".equalsIgnoreCase(hashAlgorithm) || - "SHA1".equalsIgnoreCase(hashAlgorithm)) { - hashAlgorithmId = SHA1_OID; - // Check that the hash value matches the hash algorithm - assert hashValue.length == 20; - - } - // Clone the hash value - this.hashValue = new byte[hashValue.length]; - System.arraycopy(hashValue, 0, this.hashValue, 0, hashValue.length); + public byte[] getHashedMessage() { + return hashValue.clone(); } /** @@ -176,9 +156,7 @@ // encode messageImprint DerOutputStream messageImprint = new DerOutputStream(); - DerOutputStream hashAlgorithm = new DerOutputStream(); - hashAlgorithm.putOID(hashAlgorithmId); - messageImprint.write(DerValue.tag_Sequence, hashAlgorithm); + hashAlgorithmId.encode(messageImprint); messageImprint.putOctetString(hashValue); request.write(DerValue.tag_Sequence, messageImprint);
--- a/src/share/classes/sun/security/timestamp/TSResponse.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/timestamp/TSResponse.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,15 +26,9 @@ package sun.security.timestamp; import java.io.IOException; -import java.math.BigInteger; import sun.security.pkcs.PKCS7; -import sun.security.pkcs.PKCS9Attribute; -import sun.security.pkcs.PKCS9Attributes; -import sun.security.pkcs.ParsingException; -import sun.security.pkcs.SignerInfo; +import sun.security.util.Debug; import sun.security.util.DerValue; -import sun.security.x509.AlgorithmId; -import sun.security.x509.X500Name; /** * This class provides the response corresponding to a timestamp request, @@ -182,18 +176,20 @@ */ public static final int SYSTEM_FAILURE = 25; - private static final boolean DEBUG = false; + private static final Debug debug = Debug.getInstance("ts"); private int status; private String[] statusString = null; - private int failureInfo = -1; + private boolean[] failureInfo = null; private byte[] encodedTsToken = null; private PKCS7 tsToken = null; + private TimestampToken tstInfo; + /** * Constructs an object to store the response to a timestamp request. * @@ -222,11 +218,11 @@ } /** - * Retrieve the failure code returned by the TSA. + * Retrieve the failure info returned by the TSA. * - * @return If -1 then no failure code was received. + * @return the failure info, or null if no failure code was received. */ - public int getFailureCode() { + public boolean[] getFailureInfo() { return failureInfo; } @@ -257,42 +253,38 @@ } } + private boolean isSet(int position) { + return failureInfo[position]; + } + public String getFailureCodeAsText() { - if (failureInfo == -1) { - return null; + if (failureInfo == null) { + return ""; } - switch (failureInfo) { - - case BAD_ALG: - return "Unrecognized or unsupported alrorithm identifier."; - - case BAD_REQUEST: - return "The requested transaction is not permitted or supported."; - - case BAD_DATA_FORMAT: - return "The data submitted has the wrong format."; - - case TIME_NOT_AVAILABLE: - return "The TSA's time source is not available."; + try { + if (isSet(BAD_ALG)) + return "Unrecognized or unsupported algorithm identifier."; + if (isSet(BAD_REQUEST)) + return "The requested transaction is not permitted or " + + "supported."; + if (isSet(BAD_DATA_FORMAT)) + return "The data submitted has the wrong format."; + if (isSet(TIME_NOT_AVAILABLE)) + return "The TSA's time source is not available."; + if (isSet(UNACCEPTED_POLICY)) + return "The requested TSA policy is not supported by the TSA."; + if (isSet(UNACCEPTED_EXTENSION)) + return "The requested extension is not supported by the TSA."; + if (isSet(ADD_INFO_NOT_AVAILABLE)) + return "The additional information requested could not be " + + "understood or is not available."; + if (isSet(SYSTEM_FAILURE)) + return "The request cannot be handled due to system failure."; + } catch (ArrayIndexOutOfBoundsException ex) {} - case UNACCEPTED_POLICY: - return "The requested TSA policy is not supported by the TSA."; - - case UNACCEPTED_EXTENSION: - return "The requested extension is not supported by the TSA."; - - case ADD_INFO_NOT_AVAILABLE: - return "The additional information requested could not be " + - "understood or is not available."; - - case SYSTEM_FAILURE: - return "The request cannot be handled due to system failure."; - - default: - return ("unknown status code " + status); - } + return ("unknown failure code"); } /** @@ -304,6 +296,10 @@ return tsToken; } + public TimestampToken getTimestampToken() { + return tstInfo; + } + /** * Retrieve the ASN.1 BER encoded timestamp token returned by the TSA. * @@ -330,29 +326,30 @@ // Parse status - DerValue status = derValue.data.getDerValue(); - // Parse status - this.status = status.data.getInteger(); - if (DEBUG) { - System.out.println("timestamp response: status=" + this.status); + DerValue statusInfo = derValue.data.getDerValue(); + this.status = statusInfo.data.getInteger(); + if (debug != null) { + debug.println("timestamp response: status=" + this.status); } // Parse statusString, if present - if (status.data.available() > 0) { - DerValue[] strings = status.data.getSequence(1); - statusString = new String[strings.length]; - for (int i = 0; i < strings.length; i++) { - statusString[i] = strings[i].getUTF8String(); + if (statusInfo.data.available() > 0) { + byte tag = (byte)statusInfo.data.peekByte(); + if (tag == DerValue.tag_SequenceOf) { + DerValue[] strings = statusInfo.data.getSequence(1); + statusString = new String[strings.length]; + for (int i = 0; i < strings.length; i++) { + statusString[i] = strings[i].getUTF8String(); + if (debug != null) { + debug.println("timestamp response: statusString=" + + statusString[i]); + } + } } } // Parse failInfo, if present - if (status.data.available() > 0) { - byte[] failInfo = status.data.getBitString(); - int failureInfo = (new Byte(failInfo[0])).intValue(); - if (failureInfo < 0 || failureInfo > 25 || failInfo.length != 1) { - throw new IOException("Bad encoding for timestamp response: " + - "unrecognized value for the failInfo element"); - } - this.failureInfo = failureInfo; + if (statusInfo.data.available() > 0) { + this.failureInfo + = statusInfo.data.getUnalignedBitString().toBooleanArray(); } // Parse timeStampToken, if present @@ -360,6 +357,7 @@ DerValue timestampToken = derValue.data.getDerValue(); encodedTsToken = timestampToken.toByteArray(); tsToken = new PKCS7(encodedTsToken); + tstInfo = new TimestampToken(tsToken.getContentInfo().getData()); } // Check the format of the timestamp response @@ -376,9 +374,11 @@ } } -final static class TimestampException extends IOException { - TimestampException(String message) { - super(message); + final static class TimestampException extends IOException { + private static final long serialVersionUID = -1631631794891940953L; + + TimestampException(String message) { + super(message); + } } } -}
--- a/src/share/classes/sun/security/timestamp/TimestampToken.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/timestamp/TimestampToken.java Sat Sep 10 22:36:17 2016 +0100 @@ -119,6 +119,10 @@ return serialNumber; } + public String getPolicyID() { + return policy.toString(); + } + /* * Parses the timestamp token info. *
--- a/src/share/classes/sun/security/tools/JarSigner.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,2525 +0,0 @@ -/* - * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.tools; - -import java.io.*; -import java.util.*; -import java.util.zip.*; -import java.util.jar.*; -import java.math.BigInteger; -import java.net.URI; -import java.net.URISyntaxException; -import java.text.Collator; -import java.text.MessageFormat; -import java.security.cert.Certificate; -import java.security.cert.X509Certificate; -import java.security.cert.CertificateException; -import java.security.*; -import java.lang.reflect.Constructor; - -import com.sun.jarsigner.ContentSigner; -import com.sun.jarsigner.ContentSignerParameters; -import java.net.SocketTimeoutException; -import java.net.URL; -import java.net.URLClassLoader; -import java.security.cert.CertPath; -import java.security.cert.CertPathValidator; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateFactory; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.PKIXParameters; -import java.security.cert.TrustAnchor; -import java.util.Map.Entry; -import sun.security.x509.*; -import sun.security.util.*; -import sun.misc.BASE64Encoder; - - -/** - * <p>The jarsigner utility. - * - * The exit codes for the main method are: - * - * 0: success - * 1: any error that the jar cannot be signed or verified, including: - * keystore loading error - * TSP communication error - * jarsigner command line error... - * otherwise: error codes from -strict - * - * @author Roland Schemers - * @author Jan Luehe - */ - -public class JarSigner { - - // for i18n - private static final java.util.ResourceBundle rb = - java.util.ResourceBundle.getBundle - ("sun.security.tools.JarSignerResources"); - private static final Collator collator = Collator.getInstance(); - static { - // this is for case insensitive string comparisions - collator.setStrength(Collator.PRIMARY); - } - - private static final String META_INF = "META-INF/"; - - private static final Class[] PARAM_STRING = { String.class }; - - private static final String NONE = "NONE"; - private static final String P11KEYSTORE = "PKCS11"; - - private static final long SIX_MONTHS = 180*24*60*60*1000L; //milliseconds - - // Attention: - // This is the entry that get launched by the security tool jarsigner. - public static void main(String args[]) throws Exception { - JarSigner js = new JarSigner(); - js.run(args); - } - - static final String VERSION = "1.0"; - - static final int IN_KEYSTORE = 0x01; // signer is in keystore - static final int IN_SCOPE = 0x02; - static final int NOT_ALIAS = 0x04; // alias list is NOT empty and - // signer is not in alias list - static final int SIGNED_BY_ALIAS = 0x08; // signer is in alias list - - X509Certificate[] certChain; // signer's cert chain (when composing) - PrivateKey privateKey; // private key - KeyStore store; // the keystore specified by -keystore - // or the default keystore, never null - - String keystore; // key store file - boolean nullStream = false; // null keystore input stream (NONE) - boolean token = false; // token-based keystore - String jarfile; // jar files to sign or verify - String alias; // alias to sign jar with - List<String> ckaliases = new ArrayList<>(); // aliases in -verify - char[] storepass; // keystore password - boolean protectedPath; // protected authentication path - String storetype; // keystore type - String providerName; // provider name - Vector<String> providers = null; // list of providers - // arguments for provider constructors - HashMap<String,String> providerArgs = new HashMap<>(); - char[] keypass; // private key password - String sigfile; // name of .SF file - String sigalg; // name of signature algorithm - String digestalg = "SHA-256"; // name of digest algorithm - String signedjar; // output filename - String tsaUrl; // location of the Timestamping Authority - String tsaAlias; // alias for the Timestamping Authority's certificate - String altCertChain; // file to read alternative cert chain from - boolean verify = false; // verify the jar - String verbose = null; // verbose output when signing/verifying - boolean showcerts = false; // show certs when verifying - boolean debug = false; // debug - boolean signManifest = true; // "sign" the whole manifest - boolean externalSF = true; // leave the .SF out of the PKCS7 block - boolean strict = false; // treat warnings as error - - // read zip entry raw bytes - private ByteArrayOutputStream baos = new ByteArrayOutputStream(2048); - private byte[] buffer = new byte[8192]; - private ContentSigner signingMechanism = null; - private String altSignerClass = null; - private String altSignerClasspath = null; - private ZipFile zipFile = null; - - // Informational warnings - private boolean hasExpiringCert = false; - private boolean noTimestamp = false; - private Date expireDate = new Date(0L); // used in noTimestamp warning - - // Severe warnings - private boolean hasExpiredCert = false; - private boolean notYetValidCert = false; - private boolean chainNotValidated = false; - private boolean notSignedByAlias = false; - private boolean aliasNotInStore = false; - private boolean hasUnsignedEntry = false; - private boolean badKeyUsage = false; - private boolean badExtendedKeyUsage = false; - private boolean badNetscapeCertType = false; - - CertificateFactory certificateFactory; - CertPathValidator validator; - PKIXParameters pkixParameters; - - public void run(String args[]) { - try { - parseArgs(args); - - // Try to load and install the specified providers - if (providers != null) { - ClassLoader cl = ClassLoader.getSystemClassLoader(); - Enumeration<String> e = providers.elements(); - while (e.hasMoreElements()) { - String provName = e.nextElement(); - Class<?> provClass; - if (cl != null) { - provClass = cl.loadClass(provName); - } else { - provClass = Class.forName(provName); - } - - String provArg = providerArgs.get(provName); - Object obj; - if (provArg == null) { - obj = provClass.newInstance(); - } else { - Constructor<?> c = - provClass.getConstructor(PARAM_STRING); - obj = c.newInstance(provArg); - } - - if (!(obj instanceof Provider)) { - MessageFormat form = new MessageFormat(rb.getString - ("provName.not.a.provider")); - Object[] source = {provName}; - throw new Exception(form.format(source)); - } - Security.addProvider((Provider)obj); - } - } - - if (verify) { - try { - loadKeyStore(keystore, false); - } catch (Exception e) { - if ((keystore != null) || (storepass != null)) { - System.out.println(rb.getString("jarsigner.error.") + - e.getMessage()); - System.exit(1); - } - } - /* if (debug) { - SignatureFileVerifier.setDebug(true); - ManifestEntryVerifier.setDebug(true); - } - */ - verifyJar(jarfile); - } else { - loadKeyStore(keystore, true); - getAliasInfo(alias); - - // load the alternative signing mechanism - if (altSignerClass != null) { - signingMechanism = loadSigningMechanism(altSignerClass, - altSignerClasspath); - } - signJar(jarfile, alias, args); - } - } catch (Exception e) { - System.out.println(rb.getString("jarsigner.error.") + e); - if (debug) { - e.printStackTrace(); - } - System.exit(1); - } finally { - // zero-out private key password - if (keypass != null) { - Arrays.fill(keypass, ' '); - keypass = null; - } - // zero-out keystore password - if (storepass != null) { - Arrays.fill(storepass, ' '); - storepass = null; - } - } - - if (strict) { - int exitCode = 0; - if (chainNotValidated || hasExpiredCert || notYetValidCert) { - exitCode |= 4; - } - if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType) { - exitCode |= 8; - } - if (hasUnsignedEntry) { - exitCode |= 16; - } - if (notSignedByAlias || aliasNotInStore) { - exitCode |= 32; - } - if (exitCode != 0) { - System.exit(exitCode); - } - } - } - - /* - * Parse command line arguments. - */ - void parseArgs(String args[]) { - /* parse flags */ - int n = 0; - - if (args.length == 0) fullusage(); - for (n=0; n < args.length; n++) { - - String flags = args[n]; - String modifier = null; - if (flags.charAt(0) == '-') { - int pos = flags.indexOf(':'); - if (pos > 0) { - modifier = flags.substring(pos+1); - flags = flags.substring(0, pos); - } - } - - if (collator.compare(flags, "-keystore") == 0) { - if (++n == args.length) usageNoArg(); - keystore = args[n]; - } else if (collator.compare(flags, "-storepass") ==0) { - if (++n == args.length) usageNoArg(); - storepass = getPass(modifier, args[n]); - } else if (collator.compare(flags, "-storetype") ==0) { - if (++n == args.length) usageNoArg(); - storetype = args[n]; - } else if (collator.compare(flags, "-providerName") ==0) { - if (++n == args.length) usageNoArg(); - providerName = args[n]; - } else if ((collator.compare(flags, "-provider") == 0) || - (collator.compare(flags, "-providerClass") == 0)) { - if (++n == args.length) usageNoArg(); - if (providers == null) { - providers = new Vector<String>(3); - } - providers.add(args[n]); - - if (args.length > (n+1)) { - flags = args[n+1]; - if (collator.compare(flags, "-providerArg") == 0) { - if (args.length == (n+2)) usageNoArg(); - providerArgs.put(args[n], args[n+2]); - n += 2; - } - } - } else if (collator.compare(flags, "-protected") ==0) { - protectedPath = true; - } else if (collator.compare(flags, "-certchain") ==0) { - if (++n == args.length) usageNoArg(); - altCertChain = args[n]; - } else if (collator.compare(flags, "-debug") ==0) { - debug = true; - } else if (collator.compare(flags, "-keypass") ==0) { - if (++n == args.length) usageNoArg(); - keypass = getPass(modifier, args[n]); - } else if (collator.compare(flags, "-sigfile") ==0) { - if (++n == args.length) usageNoArg(); - sigfile = args[n]; - } else if (collator.compare(flags, "-signedjar") ==0) { - if (++n == args.length) usageNoArg(); - signedjar = args[n]; - } else if (collator.compare(flags, "-tsa") ==0) { - if (++n == args.length) usageNoArg(); - tsaUrl = args[n]; - } else if (collator.compare(flags, "-tsacert") ==0) { - if (++n == args.length) usageNoArg(); - tsaAlias = args[n]; - } else if (collator.compare(flags, "-altsigner") ==0) { - if (++n == args.length) usageNoArg(); - altSignerClass = args[n]; - } else if (collator.compare(flags, "-altsignerpath") ==0) { - if (++n == args.length) usageNoArg(); - altSignerClasspath = args[n]; - } else if (collator.compare(flags, "-sectionsonly") ==0) { - signManifest = false; - } else if (collator.compare(flags, "-internalsf") ==0) { - externalSF = false; - } else if (collator.compare(flags, "-verify") ==0) { - verify = true; - } else if (collator.compare(flags, "-verbose") ==0) { - verbose = (modifier != null) ? modifier : "all"; - } else if (collator.compare(flags, "-sigalg") ==0) { - if (++n == args.length) usageNoArg(); - sigalg = args[n]; - } else if (collator.compare(flags, "-digestalg") ==0) { - if (++n == args.length) usageNoArg(); - digestalg = args[n]; - } else if (collator.compare(flags, "-certs") ==0) { - showcerts = true; - } else if (collator.compare(flags, "-strict") ==0) { - strict = true; - } else if (collator.compare(flags, "-h") == 0 || - collator.compare(flags, "-help") == 0) { - fullusage(); - } else { - if (!flags.startsWith("-")) { - if (jarfile == null) { - jarfile = flags; - } else { - alias = flags; - ckaliases.add(alias); - } - } else { - System.err.println( - rb.getString("Illegal.option.") + flags); - usage(); - } - } - } - - // -certs must always be specified with -verbose - if (verbose == null) showcerts = false; - - if (jarfile == null) { - System.err.println(rb.getString("Please.specify.jarfile.name")); - usage(); - } - if (!verify && alias == null) { - System.err.println(rb.getString("Please.specify.alias.name")); - usage(); - } - if (!verify && ckaliases.size() > 1) { - System.err.println(rb.getString("Only.one.alias.can.be.specified")); - usage(); - } - - if (storetype == null) { - storetype = KeyStore.getDefaultType(); - } - storetype = KeyStoreUtil.niceStoreTypeName(storetype); - - try { - if (signedjar != null && new File(signedjar).getCanonicalPath().equals( - new File(jarfile).getCanonicalPath())) { - signedjar = null; - } - } catch (IOException ioe) { - // File system error? - // Just ignore it. - } - - if (P11KEYSTORE.equalsIgnoreCase(storetype) || - KeyStoreUtil.isWindowsKeyStore(storetype)) { - token = true; - if (keystore == null) { - keystore = NONE; - } - } - - if (NONE.equals(keystore)) { - nullStream = true; - } - - if (token && !nullStream) { - System.err.println(MessageFormat.format(rb.getString - (".keystore.must.be.NONE.if.storetype.is.{0}"), storetype)); - usage(); - } - - if (token && keypass != null) { - System.err.println(MessageFormat.format(rb.getString - (".keypass.can.not.be.specified.if.storetype.is.{0}"), storetype)); - usage(); - } - - if (protectedPath) { - if (storepass != null || keypass != null) { - System.err.println(rb.getString - ("If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified")); - usage(); - } - } - if (KeyStoreUtil.isWindowsKeyStore(storetype)) { - if (storepass != null || keypass != null) { - System.err.println(rb.getString - ("If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified")); - usage(); - } - } - } - - static char[] getPass(String modifier, String arg) { - char[] output = KeyTool.getPassWithModifier(modifier, arg); - if (output != null) return output; - usage(); - return null; // Useless, usage() already exit - } - - static void usageNoArg() { - System.out.println(rb.getString("Option.lacks.argument")); - usage(); - } - - static void usage() { - System.out.println(); - System.out.println(rb.getString("Please.type.jarsigner.help.for.usage")); - System.exit(1); - } - - static void fullusage() { - System.out.println(rb.getString - ("Usage.jarsigner.options.jar.file.alias")); - System.out.println(rb.getString - (".jarsigner.verify.options.jar.file.alias.")); - System.out.println(); - System.out.println(rb.getString - (".keystore.url.keystore.location")); - System.out.println(); - System.out.println(rb.getString - (".storepass.password.password.for.keystore.integrity")); - System.out.println(); - System.out.println(rb.getString - (".storetype.type.keystore.type")); - System.out.println(); - System.out.println(rb.getString - (".keypass.password.password.for.private.key.if.different.")); - System.out.println(); - System.out.println(rb.getString - (".certchain.file.name.of.alternative.certchain.file")); - System.out.println(); - System.out.println(rb.getString - (".sigfile.file.name.of.SF.DSA.file")); - System.out.println(); - System.out.println(rb.getString - (".signedjar.file.name.of.signed.JAR.file")); - System.out.println(); - System.out.println(rb.getString - (".digestalg.algorithm.name.of.digest.algorithm")); - System.out.println(); - System.out.println(rb.getString - (".sigalg.algorithm.name.of.signature.algorithm")); - System.out.println(); - System.out.println(rb.getString - (".verify.verify.a.signed.JAR.file")); - System.out.println(); - System.out.println(rb.getString - (".verbose.suboptions.verbose.output.when.signing.verifying.")); - System.out.println(rb.getString - (".suboptions.can.be.all.grouped.or.summary")); - System.out.println(); - System.out.println(rb.getString - (".certs.display.certificates.when.verbose.and.verifying")); - System.out.println(); - System.out.println(rb.getString - (".tsa.url.location.of.the.Timestamping.Authority")); - System.out.println(); - System.out.println(rb.getString - (".tsacert.alias.public.key.certificate.for.Timestamping.Authority")); - System.out.println(); - System.out.println(rb.getString - (".altsigner.class.class.name.of.an.alternative.signing.mechanism")); - System.out.println(); - System.out.println(rb.getString - (".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism")); - System.out.println(); - System.out.println(rb.getString - (".internalsf.include.the.SF.file.inside.the.signature.block")); - System.out.println(); - System.out.println(rb.getString - (".sectionsonly.don.t.compute.hash.of.entire.manifest")); - System.out.println(); - System.out.println(rb.getString - (".protected.keystore.has.protected.authentication.path")); - System.out.println(); - System.out.println(rb.getString - (".providerName.name.provider.name")); - System.out.println(); - System.out.println(rb.getString - (".providerClass.class.name.of.cryptographic.service.provider.s")); - System.out.println(rb.getString - (".providerArg.arg.master.class.file.and.constructor.argument")); - System.out.println(); - System.out.println(rb.getString - (".strict.treat.warnings.as.errors")); - System.out.println(); - - System.exit(0); - } - - void verifyJar(String jarName) - throws Exception - { - boolean anySigned = false; // if there exists entry inside jar signed - JarFile jf = null; - - try { - jf = new JarFile(jarName, true); - Vector<JarEntry> entriesVec = new Vector<>(); - byte[] buffer = new byte[8192]; - - Enumeration<JarEntry> entries = jf.entries(); - while (entries.hasMoreElements()) { - JarEntry je = entries.nextElement(); - entriesVec.addElement(je); - InputStream is = null; - try { - is = jf.getInputStream(je); - int n; - while ((n = is.read(buffer, 0, buffer.length)) != -1) { - // we just read. this will throw a SecurityException - // if a signature/digest check fails. - } - } finally { - if (is != null) { - is.close(); - } - } - } - - Manifest man = jf.getManifest(); - - // The map to record display info, only used when -verbose provided - // key: signer info string - // value: the list of files with common key - Map<String,List<String>> output = new LinkedHashMap<>(); - - if (man != null) { - if (verbose != null) System.out.println(); - Enumeration<JarEntry> e = entriesVec.elements(); - - String tab = rb.getString("6SPACE"); - - while (e.hasMoreElements()) { - JarEntry je = e.nextElement(); - String name = je.getName(); - CodeSigner[] signers = je.getCodeSigners(); - boolean isSigned = (signers != null); - anySigned |= isSigned; - hasUnsignedEntry |= !je.isDirectory() && !isSigned - && !signatureRelated(name); - - int inStoreOrScope = inKeyStore(signers); - - boolean inStore = (inStoreOrScope & IN_KEYSTORE) != 0; - boolean inScope = (inStoreOrScope & IN_SCOPE) != 0; - - notSignedByAlias |= (inStoreOrScope & NOT_ALIAS) != 0; - if (keystore != null) { - aliasNotInStore |= isSigned && (!inStore && !inScope); - } - - // Only used when -verbose provided - StringBuffer sb = null; - if (verbose != null) { - sb = new StringBuffer(); - boolean inManifest = - ((man.getAttributes(name) != null) || - (man.getAttributes("./"+name) != null) || - (man.getAttributes("/"+name) != null)); - sb.append( - (isSigned ? rb.getString("s") : rb.getString("SPACE")) + - (inManifest ? rb.getString("m") : rb.getString("SPACE")) + - (inStore ? rb.getString("k") : rb.getString("SPACE")) + - (inScope ? rb.getString("i") : rb.getString("SPACE")) + - ((inStoreOrScope & NOT_ALIAS) != 0 ?"X":" ") + - rb.getString("SPACE")); - sb.append("|"); - } - - // When -certs provided, display info has extra empty - // lines at the beginning and end. - if (isSigned) { - if (showcerts) sb.append('\n'); - for (CodeSigner signer: signers) { - // signerInfo() must be called even if -verbose - // not provided. The method updates various - // warning flags. - String si = signerInfo(signer, tab); - if (showcerts) { - sb.append(si); - sb.append('\n'); - } - } - } else if (showcerts && !verbose.equals("all")) { - // Print no info for unsigned entries when -verbose:all, - // to be consistent with old behavior. - if (signatureRelated(name)) { - sb.append("\n" + tab + rb.getString( - ".Signature.related.entries.") + "\n\n"); - } else { - sb.append("\n" + tab + rb.getString( - ".Unsigned.entries.") + "\n\n"); - } - } - - if (verbose != null) { - String label = sb.toString(); - if (signatureRelated(name)) { - // Entries inside META-INF and other unsigned - // entries are grouped separately. - label = "-" + label; - } - - // The label finally contains 2 parts separated by '|': - // The legend displayed before the entry names, and - // the cert info (if -certs specfied). - - if (!output.containsKey(label)) { - output.put(label, new ArrayList<String>()); - } - - StringBuffer fb = new StringBuffer(); - String s = Long.toString(je.getSize()); - for (int i = 6 - s.length(); i > 0; --i) { - fb.append(' '); - } - fb.append(s).append(' '). - append(new Date(je.getTime()).toString()); - fb.append(' ').append(name); - - output.get(label).add(fb.toString()); - } - } - } - if (verbose != null) { - for (Entry<String,List<String>> s: output.entrySet()) { - List<String> files = s.getValue(); - String key = s.getKey(); - if (key.charAt(0) == '-') { // the signature-related group - key = key.substring(1); - } - int pipe = key.indexOf('|'); - if (verbose.equals("all")) { - for (String f: files) { - System.out.println(key.substring(0, pipe) + f); - System.out.printf(key.substring(pipe+1)); - } - } else { - if (verbose.equals("grouped")) { - for (String f: files) { - System.out.println(key.substring(0, pipe) + f); - } - } else if (verbose.equals("summary")) { - System.out.print(key.substring(0, pipe)); - if (files.size() > 1) { - System.out.println(files.get(0) + " " + - String.format(rb.getString( - ".and.d.more."), files.size()-1)); - } else { - System.out.println(files.get(0)); - } - } - System.out.printf(key.substring(pipe+1)); - } - } - System.out.println(); - System.out.println(rb.getString( - ".s.signature.was.verified.")); - System.out.println(rb.getString( - ".m.entry.is.listed.in.manifest")); - System.out.println(rb.getString( - ".k.at.least.one.certificate.was.found.in.keystore")); - System.out.println(rb.getString( - ".i.at.least.one.certificate.was.found.in.identity.scope")); - if (ckaliases.size() > 0) { - System.out.println(rb.getString( - ".X.not.signed.by.specified.alias.es.")); - } - System.out.println(); - } - if (man == null) - System.out.println(rb.getString("no.manifest.")); - - if (!anySigned) { - System.out.println(rb.getString( - "jar.is.unsigned.signatures.missing.or.not.parsable.")); - } else { - boolean warningAppeared = false; - boolean errorAppeared = false; - if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType || - notYetValidCert || chainNotValidated || hasExpiredCert || - hasUnsignedEntry || - aliasNotInStore || notSignedByAlias) { - - if (strict) { - System.out.println(rb.getString("jar.verified.with.signer.errors.")); - System.out.println(); - System.out.println(rb.getString("Error.")); - errorAppeared = true; - } else { - System.out.println(rb.getString("jar.verified.")); - System.out.println(); - System.out.println(rb.getString("Warning.")); - warningAppeared = true; - } - - if (badKeyUsage) { - System.out.println( - rb.getString("This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.")); - } - - if (badExtendedKeyUsage) { - System.out.println( - rb.getString("This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.")); - } - - if (badNetscapeCertType) { - System.out.println( - rb.getString("This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.")); - } - - if (hasUnsignedEntry) { - System.out.println(rb.getString( - "This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.")); - } - if (hasExpiredCert) { - System.out.println(rb.getString( - "This.jar.contains.entries.whose.signer.certificate.has.expired.")); - } - if (notYetValidCert) { - System.out.println(rb.getString( - "This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid.")); - } - - if (chainNotValidated) { - System.out.println( - rb.getString("This.jar.contains.entries.whose.certificate.chain.is.not.validated.")); - } - - if (notSignedByAlias) { - System.out.println( - rb.getString("This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es.")); - } - - if (aliasNotInStore) { - System.out.println(rb.getString("This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore.")); - } - } else { - System.out.println(rb.getString("jar.verified.")); - } - if (hasExpiringCert || noTimestamp) { - if (!warningAppeared) { - System.out.println(); - System.out.println(rb.getString("Warning.")); - warningAppeared = true; - } - if (hasExpiringCert) { - System.out.println(rb.getString( - "This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months.")); - } - if (noTimestamp) { - System.out.println( - String.format(rb.getString("no.timestamp.verifying"), expireDate)); - } - } - if (warningAppeared || errorAppeared) { - if (! (verbose != null && showcerts)) { - System.out.println(); - System.out.println(rb.getString( - "Re.run.with.the.verbose.and.certs.options.for.more.details.")); - } - } - } - return; - } catch (Exception e) { - System.out.println(rb.getString("jarsigner.") + e); - if (debug) { - e.printStackTrace(); - } - } finally { // close the resource - if (jf != null) { - jf.close(); - } - } - - System.exit(1); - } - - private static MessageFormat validityTimeForm = null; - private static MessageFormat notYetTimeForm = null; - private static MessageFormat expiredTimeForm = null; - private static MessageFormat expiringTimeForm = null; - - /* - * Display some details about a certificate: - * - * [<tab>] <cert-type> [", " <subject-DN>] [" (" <keystore-entry-alias> ")"] - * [<validity-period> | <expiry-warning>] - * - * Note: no newline character at the end - */ - String printCert(String tab, Certificate c, boolean checkValidityPeriod, - Date timestamp, boolean checkUsage) { - - StringBuilder certStr = new StringBuilder(); - String space = rb.getString("SPACE"); - X509Certificate x509Cert = null; - - if (c instanceof X509Certificate) { - x509Cert = (X509Certificate) c; - certStr.append(tab).append(x509Cert.getType()) - .append(rb.getString("COMMA")) - .append(x509Cert.getSubjectDN().getName()); - } else { - certStr.append(tab).append(c.getType()); - } - - String alias = storeHash.get(c); - if (alias != null) { - certStr.append(space).append(alias); - } - - if (checkValidityPeriod && x509Cert != null) { - - certStr.append("\n").append(tab).append("["); - Date notAfter = x509Cert.getNotAfter(); - try { - boolean printValidity = true; - if (timestamp == null) { - if (expireDate.getTime() == 0 || expireDate.after(notAfter)) { - expireDate = notAfter; - } - x509Cert.checkValidity(); - // test if cert will expire within six months - if (notAfter.getTime() < System.currentTimeMillis() + SIX_MONTHS) { - hasExpiringCert = true; - if (expiringTimeForm == null) { - expiringTimeForm = new MessageFormat( - rb.getString("certificate.will.expire.on")); - } - Object[] source = { notAfter }; - certStr.append(expiringTimeForm.format(source)); - printValidity = false; - } - } else { - x509Cert.checkValidity(timestamp); - } - if (printValidity) { - if (validityTimeForm == null) { - validityTimeForm = new MessageFormat( - rb.getString("certificate.is.valid.from")); - } - Object[] source = { x509Cert.getNotBefore(), notAfter }; - certStr.append(validityTimeForm.format(source)); - } - } catch (CertificateExpiredException cee) { - hasExpiredCert = true; - - if (expiredTimeForm == null) { - expiredTimeForm = new MessageFormat( - rb.getString("certificate.expired.on")); - } - Object[] source = { notAfter }; - certStr.append(expiredTimeForm.format(source)); - - } catch (CertificateNotYetValidException cnyve) { - notYetValidCert = true; - - if (notYetTimeForm == null) { - notYetTimeForm = new MessageFormat( - rb.getString("certificate.is.not.valid.until")); - } - Object[] source = { x509Cert.getNotBefore() }; - certStr.append(notYetTimeForm.format(source)); - } - certStr.append("]"); - - if (checkUsage) { - boolean[] bad = new boolean[3]; - checkCertUsage(x509Cert, bad); - if (bad[0] || bad[1] || bad[2]) { - String x = ""; - if (bad[0]) { - x ="KeyUsage"; - } - if (bad[1]) { - if (x.length() > 0) x = x + ", "; - x = x + "ExtendedKeyUsage"; - } - if (bad[2]) { - if (x.length() > 0) x = x + ", "; - x = x + "NetscapeCertType"; - } - certStr.append("\n").append(tab) - .append(MessageFormat.format(rb.getString( - ".{0}.extension.does.not.support.code.signing."), x)); - } - } - } - return certStr.toString(); - } - - private static MessageFormat signTimeForm = null; - - private String printTimestamp(String tab, Timestamp timestamp) { - - if (signTimeForm == null) { - signTimeForm = - new MessageFormat(rb.getString("entry.was.signed.on")); - } - Object[] source = { timestamp.getTimestamp() }; - - return new StringBuilder().append(tab).append("[") - .append(signTimeForm.format(source)).append("]").toString(); - } - - private Map<CodeSigner,Integer> cacheForInKS = new IdentityHashMap<>(); - - private int inKeyStoreForOneSigner(CodeSigner signer) { - if (cacheForInKS.containsKey(signer)) { - return cacheForInKS.get(signer); - } - - boolean found = false; - int result = 0; - List<? extends Certificate> certs = signer.getSignerCertPath().getCertificates(); - for (Certificate c : certs) { - String alias = storeHash.get(c); - if (alias != null) { - if (alias.startsWith("(")) { - result |= IN_KEYSTORE; - } else if (alias.startsWith("[")) { - result |= IN_SCOPE; - } - if (ckaliases.contains(alias.substring(1, alias.length() - 1))) { - result |= SIGNED_BY_ALIAS; - } - } else { - if (store != null) { - try { - alias = store.getCertificateAlias(c); - } catch (KeyStoreException kse) { - // never happens, because keystore has been loaded - } - if (alias != null) { - storeHash.put(c, "(" + alias + ")"); - found = true; - result |= IN_KEYSTORE; - } - } - if (ckaliases.contains(alias)) { - result |= SIGNED_BY_ALIAS; - } - } - } - cacheForInKS.put(signer, result); - return result; - } - - Hashtable<Certificate, String> storeHash = new Hashtable<>(); - - int inKeyStore(CodeSigner[] signers) { - - if (signers == null) - return 0; - - int output = 0; - - for (CodeSigner signer: signers) { - int result = inKeyStoreForOneSigner(signer); - output |= result; - } - if (ckaliases.size() > 0 && (output & SIGNED_BY_ALIAS) == 0) { - output |= NOT_ALIAS; - } - return output; - } - - void signJar(String jarName, String alias, String[] args) - throws Exception { - boolean aliasUsed = false; - X509Certificate tsaCert = null; - - if (sigfile == null) { - sigfile = alias; - aliasUsed = true; - } - - if (sigfile.length() > 8) { - sigfile = sigfile.substring(0, 8).toUpperCase(Locale.ENGLISH); - } else { - sigfile = sigfile.toUpperCase(Locale.ENGLISH); - } - - StringBuilder tmpSigFile = new StringBuilder(sigfile.length()); - for (int j = 0; j < sigfile.length(); j++) { - char c = sigfile.charAt(j); - if (! - ((c>= 'A' && c<= 'Z') || - (c>= '0' && c<= '9') || - (c == '-') || - (c == '_'))) { - if (aliasUsed) { - // convert illegal characters from the alias to be _'s - c = '_'; - } else { - throw new - RuntimeException(rb.getString - ("signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.")); - } - } - tmpSigFile.append(c); - } - - sigfile = tmpSigFile.toString(); - - String tmpJarName; - if (signedjar == null) tmpJarName = jarName+".sig"; - else tmpJarName = signedjar; - - File jarFile = new File(jarName); - File signedJarFile = new File(tmpJarName); - - // Open the jar (zip) file - try { - zipFile = new ZipFile(jarName); - } catch (IOException ioe) { - error(rb.getString("unable.to.open.jar.file.")+jarName, ioe); - } - - FileOutputStream fos = null; - try { - fos = new FileOutputStream(signedJarFile); - } catch (IOException ioe) { - error(rb.getString("unable.to.create.")+tmpJarName, ioe); - } - - PrintStream ps = new PrintStream(fos); - ZipOutputStream zos = new ZipOutputStream(ps); - - /* First guess at what they might be - we don't xclude RSA ones. */ - String sfFilename = (META_INF + sigfile + ".SF").toUpperCase(Locale.ENGLISH); - String bkFilename = (META_INF + sigfile + ".DSA").toUpperCase(Locale.ENGLISH); - - Manifest manifest = new Manifest(); - Map<String,Attributes> mfEntries = manifest.getEntries(); - - // The Attributes of manifest before updating - Attributes oldAttr = null; - - boolean mfModified = false; - boolean mfCreated = false; - byte[] mfRawBytes = null; - - try { - MessageDigest digests[] = { MessageDigest.getInstance(digestalg) }; - - // Check if manifest exists - ZipEntry mfFile; - if ((mfFile = getManifestFile(zipFile)) != null) { - // Manifest exists. Read its raw bytes. - mfRawBytes = getBytes(zipFile, mfFile); - manifest.read(new ByteArrayInputStream(mfRawBytes)); - oldAttr = (Attributes)(manifest.getMainAttributes().clone()); - } else { - // Create new manifest - Attributes mattr = manifest.getMainAttributes(); - mattr.putValue(Attributes.Name.MANIFEST_VERSION.toString(), - "1.0"); - String javaVendor = System.getProperty("java.vendor"); - String jdkVersion = System.getProperty("java.version"); - mattr.putValue("Created-By", jdkVersion + " (" +javaVendor - + ")"); - mfFile = new ZipEntry(JarFile.MANIFEST_NAME); - mfCreated = true; - } - - /* - * For each entry in jar - * (except for signature-related META-INF entries), - * do the following: - * - * - if entry is not contained in manifest, add it to manifest; - * - if entry is contained in manifest, calculate its hash and - * compare it with the one in the manifest; if they are - * different, replace the hash in the manifest with the newly - * generated one. (This may invalidate existing signatures!) - */ - BASE64Encoder encoder = new JarBASE64Encoder(); - Vector<ZipEntry> mfFiles = new Vector<>(); - - boolean wasSigned = false; - - for (Enumeration<? extends ZipEntry> enum_=zipFile.entries(); - enum_.hasMoreElements();) { - ZipEntry ze = enum_.nextElement(); - - if (ze.getName().startsWith(META_INF)) { - // Store META-INF files in vector, so they can be written - // out first - mfFiles.addElement(ze); - - if (SignatureFileVerifier.isBlockOrSF( - ze.getName().toUpperCase(Locale.ENGLISH))) { - wasSigned = true; - } - - if (signatureRelated(ze.getName())) { - // ignore signature-related and manifest files - continue; - } - } - - if (manifest.getAttributes(ze.getName()) != null) { - // jar entry is contained in manifest, check and - // possibly update its digest attributes - if (updateDigests(ze, zipFile, digests, encoder, - manifest) == true) { - mfModified = true; - } - } else if (!ze.isDirectory()) { - // Add entry to manifest - Attributes attrs = getDigestAttributes(ze, zipFile, - digests, - encoder); - mfEntries.put(ze.getName(), attrs); - mfModified = true; - } - } - - // Recalculate the manifest raw bytes if necessary - if (mfModified) { - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - manifest.write(baos); - if (wasSigned) { - byte[] newBytes = baos.toByteArray(); - if (mfRawBytes != null - && oldAttr.equals(manifest.getMainAttributes())) { - - /* - * Note: - * - * The Attributes object is based on HashMap and can handle - * continuation columns. Therefore, even if the contents are - * not changed (in a Map view), the bytes that it write() - * may be different from the original bytes that it read() - * from. Since the signature on the main attributes is based - * on raw bytes, we must retain the exact bytes. - */ - - int newPos = findHeaderEnd(newBytes); - int oldPos = findHeaderEnd(mfRawBytes); - - if (newPos == oldPos) { - System.arraycopy(mfRawBytes, 0, newBytes, 0, oldPos); - } else { - // cat oldHead newTail > newBytes - byte[] lastBytes = new byte[oldPos + - newBytes.length - newPos]; - System.arraycopy(mfRawBytes, 0, lastBytes, 0, oldPos); - System.arraycopy(newBytes, newPos, lastBytes, oldPos, - newBytes.length - newPos); - newBytes = lastBytes; - } - } - mfRawBytes = newBytes; - } else { - mfRawBytes = baos.toByteArray(); - } - } - - // Write out the manifest - if (mfModified) { - // manifest file has new length - mfFile = new ZipEntry(JarFile.MANIFEST_NAME); - } - if (verbose != null) { - if (mfCreated) { - System.out.println(rb.getString(".adding.") + - mfFile.getName()); - } else if (mfModified) { - System.out.println(rb.getString(".updating.") + - mfFile.getName()); - } - } - zos.putNextEntry(mfFile); - zos.write(mfRawBytes); - - // Calculate SignatureFile (".SF") and SignatureBlockFile - ManifestDigester manDig = new ManifestDigester(mfRawBytes); - SignatureFile sf = new SignatureFile(digests, manifest, manDig, - sigfile, signManifest); - - if (tsaAlias != null) { - tsaCert = getTsaCert(tsaAlias); - } - - if (tsaUrl == null && tsaCert == null) { - noTimestamp = true; - } - - SignatureFile.Block block = null; - - try { - block = - sf.generateBlock(privateKey, sigalg, certChain, - externalSF, tsaUrl, tsaCert, signingMechanism, args, - zipFile); - } catch (SocketTimeoutException e) { - // Provide a helpful message when TSA is beyond a firewall - error(rb.getString("unable.to.sign.jar.") + - rb.getString("no.response.from.the.Timestamping.Authority.") + - "\n -J-Dhttp.proxyHost=<hostname>" + - "\n -J-Dhttp.proxyPort=<portnumber>\n" + - rb.getString("or") + - "\n -J-Dhttps.proxyHost=<hostname> " + - "\n -J-Dhttps.proxyPort=<portnumber> ", e); - } - - sfFilename = sf.getMetaName(); - bkFilename = block.getMetaName(); - - ZipEntry sfFile = new ZipEntry(sfFilename); - ZipEntry bkFile = new ZipEntry(bkFilename); - - long time = System.currentTimeMillis(); - sfFile.setTime(time); - bkFile.setTime(time); - - // signature file - zos.putNextEntry(sfFile); - sf.write(zos); - if (verbose != null) { - if (zipFile.getEntry(sfFilename) != null) { - System.out.println(rb.getString(".updating.") + - sfFilename); - } else { - System.out.println(rb.getString(".adding.") + - sfFilename); - } - } - - if (verbose != null) { - if (tsaUrl != null || tsaCert != null) { - System.out.println( - rb.getString("requesting.a.signature.timestamp")); - } - if (tsaUrl != null) { - System.out.println(rb.getString("TSA.location.") + tsaUrl); - } - if (tsaCert != null) { - String certUrl = - TimestampedSigner.getTimestampingUrl(tsaCert); - if (certUrl != null) { - System.out.println(rb.getString("TSA.location.") + - certUrl); - } - System.out.println(rb.getString("TSA.certificate.") + - printCert("", tsaCert, false, null, false)); - } - if (signingMechanism != null) { - System.out.println( - rb.getString("using.an.alternative.signing.mechanism")); - } - } - - // signature block file - zos.putNextEntry(bkFile); - block.write(zos); - if (verbose != null) { - if (zipFile.getEntry(bkFilename) != null) { - System.out.println(rb.getString(".updating.") + - bkFilename); - } else { - System.out.println(rb.getString(".adding.") + - bkFilename); - } - } - - // Write out all other META-INF files that we stored in the - // vector - for (int i=0; i<mfFiles.size(); i++) { - ZipEntry ze = mfFiles.elementAt(i); - if (!ze.getName().equalsIgnoreCase(JarFile.MANIFEST_NAME) - && !ze.getName().equalsIgnoreCase(sfFilename) - && !ze.getName().equalsIgnoreCase(bkFilename)) { - writeEntry(zipFile, zos, ze); - } - } - - // Write out all other files - for (Enumeration<? extends ZipEntry> enum_=zipFile.entries(); - enum_.hasMoreElements();) { - ZipEntry ze = enum_.nextElement(); - - if (!ze.getName().startsWith(META_INF)) { - if (verbose != null) { - if (manifest.getAttributes(ze.getName()) != null) - System.out.println(rb.getString(".signing.") + - ze.getName()); - else - System.out.println(rb.getString(".adding.") + - ze.getName()); - } - writeEntry(zipFile, zos, ze); - } - } - } catch(IOException ioe) { - error(rb.getString("unable.to.sign.jar.")+ioe, ioe); - } finally { - // close the resouces - if (zipFile != null) { - zipFile.close(); - zipFile = null; - } - - if (zos != null) { - zos.close(); - } - } - - // no IOException thrown in the follow try clause, so disable - // the try clause. - // try { - if (signedjar == null) { - // attempt an atomic rename. If that fails, - // rename the original jar file, then the signed - // one, then delete the original. - if (!signedJarFile.renameTo(jarFile)) { - File origJar = new File(jarName+".orig"); - - if (jarFile.renameTo(origJar)) { - if (signedJarFile.renameTo(jarFile)) { - origJar.delete(); - } else { - MessageFormat form = new MessageFormat(rb.getString - ("attempt.to.rename.signedJarFile.to.jarFile.failed")); - Object[] source = {signedJarFile, jarFile}; - error(form.format(source)); - } - } else { - MessageFormat form = new MessageFormat(rb.getString - ("attempt.to.rename.jarFile.to.origJar.failed")); - Object[] source = {jarFile, origJar}; - error(form.format(source)); - } - } - } - - boolean warningAppeared = false; - if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType || - notYetValidCert || chainNotValidated || hasExpiredCert) { - if (strict) { - System.out.println(rb.getString("jar.signed.with.signer.errors.")); - System.out.println(); - System.out.println(rb.getString("Error.")); - } else { - System.out.println(rb.getString("jar.signed.")); - System.out.println(); - System.out.println(rb.getString("Warning.")); - warningAppeared = true; - } - - if (badKeyUsage) { - System.out.println( - rb.getString("The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.")); - } - - if (badExtendedKeyUsage) { - System.out.println( - rb.getString("The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.")); - } - - if (badNetscapeCertType) { - System.out.println( - rb.getString("The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.")); - } - - if (hasExpiredCert) { - System.out.println( - rb.getString("The.signer.certificate.has.expired.")); - } else if (notYetValidCert) { - System.out.println( - rb.getString("The.signer.certificate.is.not.yet.valid.")); - } - - if (chainNotValidated) { - System.out.println( - rb.getString("The.signer.s.certificate.chain.is.not.validated.")); - } - } else { - System.out.println(rb.getString("jar.signed.")); - } - if (hasExpiringCert || noTimestamp) { - if (!warningAppeared) { - System.out.println(); - System.out.println(rb.getString("Warning.")); - } - - if (hasExpiringCert) { - System.out.println( - rb.getString("The.signer.certificate.will.expire.within.six.months.")); - } - - if (noTimestamp) { - System.out.println( - String.format(rb.getString("no.timestamp.signing"), expireDate)); - } - } - - // no IOException thrown in the above try clause, so disable - // the catch clause. - // } catch(IOException ioe) { - // error(rb.getString("unable.to.sign.jar.")+ioe, ioe); - // } - } - - /** - * Find the length of header inside bs. The header is a multiple (>=0) - * lines of attributes plus an empty line. The empty line is included - * in the header. - */ - private int findHeaderEnd(byte[] bs) { - // Initial state true to deal with empty header - boolean newline = true; // just met a newline - int len = bs.length; - for (int i=0; i<len; i++) { - switch (bs[i]) { - case '\r': - if (i < len - 1 && bs[i+1] == '\n') i++; - // fallthrough - case '\n': - if (newline) return i+1; //+1 to get length - newline = true; - break; - default: - newline = false; - } - } - // If header end is not found, it means the MANIFEST.MF has only - // the main attributes section and it does not end with 2 newlines. - // Returns the whole length so that it can be completely replaced. - return len; - } - - /** - * signature-related files include: - * . META-INF/MANIFEST.MF - * . META-INF/SIG-* - * . META-INF/*.SF - * . META-INF/*.DSA - * . META-INF/*.RSA - * . META-INF/*.EC - */ - private boolean signatureRelated(String name) { - return SignatureFileVerifier.isSigningRelated(name); - } - - Map<CodeSigner,String> cacheForSignerInfo = new IdentityHashMap<>(); - - /** - * Returns a string of singer info, with a newline at the end - */ - private String signerInfo(CodeSigner signer, String tab) { - if (cacheForSignerInfo.containsKey(signer)) { - return cacheForSignerInfo.get(signer); - } - StringBuffer s = new StringBuffer(); - List<? extends Certificate> certs = signer.getSignerCertPath().getCertificates(); - // display the signature timestamp, if present - Date timestamp; - Timestamp ts = signer.getTimestamp(); - if (ts != null) { - s.append(printTimestamp(tab, ts)); - s.append('\n'); - timestamp = ts.getTimestamp(); - } else { - timestamp = null; - noTimestamp = true; - } - // display the certificate(s). The first one is end-entity cert and - // its KeyUsage should be checked. - boolean first = true; - for (Certificate c : certs) { - s.append(printCert(tab, c, true, timestamp, first)); - s.append('\n'); - first = false; - } - try { - validateCertChain(certs); - } catch (Exception e) { - if (debug) { - e.printStackTrace(); - } - if (e.getCause() != null && - (e.getCause() instanceof CertificateExpiredException || - e.getCause() instanceof CertificateNotYetValidException)) { - // No more warning, we alreay have hasExpiredCert or notYetValidCert - } else { - chainNotValidated = true; - s.append(tab + rb.getString(".CertPath.not.validated.") + - e.getLocalizedMessage() + "]\n"); // TODO - } - } - String result = s.toString(); - cacheForSignerInfo.put(signer, result); - return result; - } - - private void writeEntry(ZipFile zf, ZipOutputStream os, ZipEntry ze) - throws IOException - { - ZipEntry ze2 = new ZipEntry(ze.getName()); - ze2.setMethod(ze.getMethod()); - ze2.setTime(ze.getTime()); - ze2.setComment(ze.getComment()); - ze2.setExtra(ze.getExtra()); - if (ze.getMethod() == ZipEntry.STORED) { - ze2.setSize(ze.getSize()); - ze2.setCrc(ze.getCrc()); - } - os.putNextEntry(ze2); - writeBytes(zf, ze, os); - } - - /** - * Writes all the bytes for a given entry to the specified output stream. - */ - private synchronized void writeBytes - (ZipFile zf, ZipEntry ze, ZipOutputStream os) throws IOException { - int n; - - InputStream is = null; - try { - is = zf.getInputStream(ze); - long left = ze.getSize(); - - while((left > 0) && (n = is.read(buffer, 0, buffer.length)) != -1) { - os.write(buffer, 0, n); - left -= n; - } - } finally { - if (is != null) { - is.close(); - } - } - } - - void loadKeyStore(String keyStoreName, boolean prompt) { - - if (!nullStream && keyStoreName == null) { - keyStoreName = System.getProperty("user.home") + File.separator - + ".keystore"; - } - - try { - - certificateFactory = CertificateFactory.getInstance("X.509"); - validator = CertPathValidator.getInstance("PKIX"); - Set<TrustAnchor> tas = new HashSet<>(); - try { - KeyStore caks = KeyTool.getCacertsKeyStore(); - if (caks != null) { - Enumeration<String> aliases = caks.aliases(); - while (aliases.hasMoreElements()) { - String a = aliases.nextElement(); - try { - tas.add(new TrustAnchor((X509Certificate)caks.getCertificate(a), null)); - } catch (Exception e2) { - // ignore, when a SecretkeyEntry does not include a cert - } - } - } - } catch (Exception e) { - // Ignore, if cacerts cannot be loaded - } - - if (providerName == null) { - store = KeyStore.getInstance(storetype); - } else { - store = KeyStore.getInstance(storetype, providerName); - } - - // Get pass phrase - // XXX need to disable echo; on UNIX, call getpass(char *prompt)Z - // and on NT call ?? - if (token && storepass == null && !protectedPath - && !KeyStoreUtil.isWindowsKeyStore(storetype)) { - storepass = getPass - (rb.getString("Enter.Passphrase.for.keystore.")); - } else if (!token && storepass == null && prompt) { - storepass = getPass - (rb.getString("Enter.Passphrase.for.keystore.")); - } - - try { - if (nullStream) { - store.load(null, storepass); - } else { - keyStoreName = keyStoreName.replace(File.separatorChar, '/'); - URL url = null; - try { - url = new URL(keyStoreName); - } catch (java.net.MalformedURLException e) { - // try as file - url = new File(keyStoreName).toURI().toURL(); - } - InputStream is = null; - try { - is = url.openStream(); - store.load(is, storepass); - } finally { - if (is != null) { - is.close(); - } - } - } - Enumeration<String> aliases = store.aliases(); - while (aliases.hasMoreElements()) { - String a = aliases.nextElement(); - try { - X509Certificate c = (X509Certificate)store.getCertificate(a); - // Only add TrustedCertificateEntry and self-signed - // PrivateKeyEntry - if (store.isCertificateEntry(a) || - c.getSubjectDN().equals(c.getIssuerDN())) { - tas.add(new TrustAnchor(c, null)); - } - } catch (Exception e2) { - // ignore, when a SecretkeyEntry does not include a cert - } - } - } finally { - try { - pkixParameters = new PKIXParameters(tas); - pkixParameters.setRevocationEnabled(false); - } catch (InvalidAlgorithmParameterException ex) { - // Only if tas is empty - } - } - } catch (IOException ioe) { - throw new RuntimeException(rb.getString("keystore.load.") + - ioe.getMessage()); - } catch (java.security.cert.CertificateException ce) { - throw new RuntimeException(rb.getString("certificate.exception.") + - ce.getMessage()); - } catch (NoSuchProviderException pe) { - throw new RuntimeException(rb.getString("keystore.load.") + - pe.getMessage()); - } catch (NoSuchAlgorithmException nsae) { - throw new RuntimeException(rb.getString("keystore.load.") + - nsae.getMessage()); - } catch (KeyStoreException kse) { - throw new RuntimeException - (rb.getString("unable.to.instantiate.keystore.class.") + - kse.getMessage()); - } - } - - X509Certificate getTsaCert(String alias) { - - java.security.cert.Certificate cs = null; - - try { - cs = store.getCertificate(alias); - } catch (KeyStoreException kse) { - // this never happens, because keystore has been loaded - } - if (cs == null || (!(cs instanceof X509Certificate))) { - MessageFormat form = new MessageFormat(rb.getString - ("Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the")); - Object[] source = {alias, alias}; - error(form.format(source)); - } - return (X509Certificate) cs; - } - - /** - * Check if userCert is designed to be a code signer - * @param userCert the certificate to be examined - * @param bad 3 booleans to show if the KeyUsage, ExtendedKeyUsage, - * NetscapeCertType has codeSigning flag turned on. - * If null, the class field badKeyUsage, badExtendedKeyUsage, - * badNetscapeCertType will be set. - */ - void checkCertUsage(X509Certificate userCert, boolean[] bad) { - - // Can act as a signer? - // 1. if KeyUsage, then [0:digitalSignature] or - // [1:nonRepudiation] should be true - // 2. if ExtendedKeyUsage, then should contains ANY or CODE_SIGNING - // 3. if NetscapeCertType, then should contains OBJECT_SIGNING - // 1,2,3 must be true - - if (bad != null) { - bad[0] = bad[1] = bad[2] = false; - } - - boolean[] keyUsage = userCert.getKeyUsage(); - if (keyUsage != null) { - keyUsage = Arrays.copyOf(keyUsage, 9); - if (!keyUsage[0] && !keyUsage[1]) { - if (bad != null) { - bad[0] = true; - badKeyUsage = true; - } - } - } - - try { - List<String> xKeyUsage = userCert.getExtendedKeyUsage(); - if (xKeyUsage != null) { - if (!xKeyUsage.contains("2.5.29.37.0") // anyExtendedKeyUsage - && !xKeyUsage.contains("1.3.6.1.5.5.7.3.3")) { // codeSigning - if (bad != null) { - bad[1] = true; - badExtendedKeyUsage = true; - } - } - } - } catch (java.security.cert.CertificateParsingException e) { - // shouldn't happen - } - - try { - // OID_NETSCAPE_CERT_TYPE - byte[] netscapeEx = userCert.getExtensionValue - ("2.16.840.1.113730.1.1"); - if (netscapeEx != null) { - DerInputStream in = new DerInputStream(netscapeEx); - byte[] encoded = in.getOctetString(); - encoded = new DerValue(encoded).getUnalignedBitString() - .toByteArray(); - - NetscapeCertTypeExtension extn = - new NetscapeCertTypeExtension(encoded); - - Boolean val = (Boolean)extn.get( - NetscapeCertTypeExtension.OBJECT_SIGNING); - if (!val) { - if (bad != null) { - bad[2] = true; - badNetscapeCertType = true; - } - } - } - } catch (IOException e) { - // - } - } - - void getAliasInfo(String alias) { - - Key key = null; - - try { - java.security.cert.Certificate[] cs = null; - if (altCertChain != null) { - try { - cs = CertificateFactory.getInstance("X.509"). - generateCertificates(new FileInputStream(altCertChain)). - toArray(new Certificate[0]); - } catch (CertificateException ex) { - error(rb.getString("Cannot.restore.certchain.from.file.specified")); - } catch (FileNotFoundException ex) { - error(rb.getString("File.specified.by.certchain.does.not.exist")); - } - } else { - try { - cs = store.getCertificateChain(alias); - } catch (KeyStoreException kse) { - // this never happens, because keystore has been loaded - } - } - if (cs == null || cs.length == 0) { - if (altCertChain != null) { - error(rb.getString - ("Certificate.chain.not.found.in.the.file.specified.")); - } else { - MessageFormat form = new MessageFormat(rb.getString - ("Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and")); - Object[] source = {alias, alias}; - error(form.format(source)); - } - } - - certChain = new X509Certificate[cs.length]; - for (int i=0; i<cs.length; i++) { - if (!(cs[i] instanceof X509Certificate)) { - error(rb.getString - ("found.non.X.509.certificate.in.signer.s.chain")); - } - certChain[i] = (X509Certificate)cs[i]; - } - - // We don't meant to print anything, the next call - // checks validity and keyUsage etc - printCert("", certChain[0], true, null, true); - - try { - validateCertChain(Arrays.asList(certChain)); - } catch (Exception e) { - if (debug) { - e.printStackTrace(); - } - if (e.getCause() != null && - (e.getCause() instanceof CertificateExpiredException || - e.getCause() instanceof CertificateNotYetValidException)) { - // No more warning, we alreay have hasExpiredCert or notYetValidCert - } else { - chainNotValidated = true; - } - } - - try { - if (!token && keypass == null) - key = store.getKey(alias, storepass); - else - key = store.getKey(alias, keypass); - } catch (UnrecoverableKeyException e) { - if (token) { - throw e; - } else if (keypass == null) { - // Did not work out, so prompt user for key password - MessageFormat form = new MessageFormat(rb.getString - ("Enter.key.password.for.alias.")); - Object[] source = {alias}; - keypass = getPass(form.format(source)); - key = store.getKey(alias, keypass); - } - } - } catch (NoSuchAlgorithmException e) { - error(e.getMessage()); - } catch (UnrecoverableKeyException e) { - error(rb.getString("unable.to.recover.key.from.keystore")); - } catch (KeyStoreException kse) { - // this never happens, because keystore has been loaded - } - - if (!(key instanceof PrivateKey)) { - MessageFormat form = new MessageFormat(rb.getString - ("key.associated.with.alias.not.a.private.key")); - Object[] source = {alias}; - error(form.format(source)); - } else { - privateKey = (PrivateKey)key; - } - } - - void error(String message) - { - System.out.println(rb.getString("jarsigner.")+message); - System.exit(1); - } - - - void error(String message, Exception e) - { - System.out.println(rb.getString("jarsigner.")+message); - if (debug) { - e.printStackTrace(); - } - System.exit(1); - } - - void validateCertChain(List<? extends Certificate> certs) throws Exception { - int cpLen = 0; - out: for (; cpLen<certs.size(); cpLen++) { - for (TrustAnchor ta: pkixParameters.getTrustAnchors()) { - if (ta.getTrustedCert().equals(certs.get(cpLen))) { - break out; - } - } - } - if (cpLen > 0) { - CertPath cp = certificateFactory.generateCertPath( - (cpLen == certs.size())? certs: certs.subList(0, cpLen)); - validator.validate(cp, pkixParameters); - } - } - - char[] getPass(String prompt) - { - System.err.print(prompt); - System.err.flush(); - try { - char[] pass = Password.readPassword(System.in); - - if (pass == null) { - error(rb.getString("you.must.enter.key.password")); - } else { - return pass; - } - } catch (IOException ioe) { - error(rb.getString("unable.to.read.password.")+ioe.getMessage()); - } - // this shouldn't happen - return null; - } - - /* - * Reads all the bytes for a given zip entry. - */ - private synchronized byte[] getBytes(ZipFile zf, - ZipEntry ze) throws IOException { - int n; - - InputStream is = null; - try { - is = zf.getInputStream(ze); - baos.reset(); - long left = ze.getSize(); - - while((left > 0) && (n = is.read(buffer, 0, buffer.length)) != -1) { - baos.write(buffer, 0, n); - left -= n; - } - } finally { - if (is != null) { - is.close(); - } - } - - return baos.toByteArray(); - } - - /* - * Returns manifest entry from given jar file, or null if given jar file - * does not have a manifest entry. - */ - private ZipEntry getManifestFile(ZipFile zf) { - ZipEntry ze = zf.getEntry(JarFile.MANIFEST_NAME); - if (ze == null) { - // Check all entries for matching name - Enumeration<? extends ZipEntry> enum_ = zf.entries(); - while (enum_.hasMoreElements() && ze == null) { - ze = enum_.nextElement(); - if (!JarFile.MANIFEST_NAME.equalsIgnoreCase - (ze.getName())) { - ze = null; - } - } - } - return ze; - } - - /* - * Computes the digests of a zip entry, and returns them as an array - * of base64-encoded strings. - */ - private synchronized String[] getDigests(ZipEntry ze, ZipFile zf, - MessageDigest[] digests, - BASE64Encoder encoder) - throws IOException { - - int n, i; - InputStream is = null; - try { - is = zf.getInputStream(ze); - long left = ze.getSize(); - while((left > 0) - && (n = is.read(buffer, 0, buffer.length)) != -1) { - for (i=0; i<digests.length; i++) { - digests[i].update(buffer, 0, n); - } - left -= n; - } - } finally { - if (is != null) { - is.close(); - } - } - - // complete the digests - String[] base64Digests = new String[digests.length]; - for (i=0; i<digests.length; i++) { - base64Digests[i] = encoder.encode(digests[i].digest()); - } - return base64Digests; - } - - /* - * Computes the digests of a zip entry, and returns them as a list of - * attributes - */ - private Attributes getDigestAttributes(ZipEntry ze, ZipFile zf, - MessageDigest[] digests, - BASE64Encoder encoder) - throws IOException { - - String[] base64Digests = getDigests(ze, zf, digests, encoder); - Attributes attrs = new Attributes(); - - for (int i=0; i<digests.length; i++) { - attrs.putValue(digests[i].getAlgorithm()+"-Digest", - base64Digests[i]); - } - return attrs; - } - - /* - * Updates the digest attributes of a manifest entry, by adding or - * replacing digest values. - * A digest value is added if the manifest entry does not contain a digest - * for that particular algorithm. - * A digest value is replaced if it is obsolete. - * - * Returns true if the manifest entry has been changed, and false - * otherwise. - */ - private boolean updateDigests(ZipEntry ze, ZipFile zf, - MessageDigest[] digests, - BASE64Encoder encoder, - Manifest mf) throws IOException { - boolean update = false; - - Attributes attrs = mf.getAttributes(ze.getName()); - String[] base64Digests = getDigests(ze, zf, digests, encoder); - - for (int i=0; i<digests.length; i++) { - // The entry name to be written into attrs - String name = null; - try { - // Find if the digest already exists - AlgorithmId aid = AlgorithmId.get(digests[i].getAlgorithm()); - for (Object key: attrs.keySet()) { - if (key instanceof Attributes.Name) { - String n = ((Attributes.Name)key).toString(); - if (n.toUpperCase(Locale.ENGLISH).endsWith("-DIGEST")) { - String tmp = n.substring(0, n.length() - 7); - if (AlgorithmId.get(tmp).equals(aid)) { - name = n; - break; - } - } - } - } - } catch (NoSuchAlgorithmException nsae) { - // Ignored. Writing new digest entry. - } - - if (name == null) { - name = digests[i].getAlgorithm()+"-Digest"; - attrs.putValue(name, base64Digests[i]); - update=true; - } else { - // compare digests, and replace the one in the manifest - // if they are different - String mfDigest = attrs.getValue(name); - if (!mfDigest.equalsIgnoreCase(base64Digests[i])) { - attrs.putValue(name, base64Digests[i]); - update=true; - } - } - } - return update; - } - - /* - * Try to load the specified signing mechanism. - * The URL class loader is used. - */ - private ContentSigner loadSigningMechanism(String signerClassName, - String signerClassPath) throws Exception { - - // construct class loader - String cpString = null; // make sure env.class.path defaults to dot - - // do prepends to get correct ordering - cpString = PathList.appendPath(System.getProperty("env.class.path"), cpString); - cpString = PathList.appendPath(System.getProperty("java.class.path"), cpString); - cpString = PathList.appendPath(signerClassPath, cpString); - URL[] urls = PathList.pathToURLs(cpString); - ClassLoader appClassLoader = new URLClassLoader(urls); - - // attempt to find signer - Class signerClass = appClassLoader.loadClass(signerClassName); - - // Check that it implements ContentSigner - Object signer = signerClass.newInstance(); - if (!(signer instanceof ContentSigner)) { - MessageFormat form = new MessageFormat( - rb.getString("signerClass.is.not.a.signing.mechanism")); - Object[] source = {signerClass.getName()}; - throw new IllegalArgumentException(form.format(source)); - } - return (ContentSigner)signer; - } -} - -/** - * This is a BASE64Encoder that does not insert a default newline at the end of - * every output line. This is necessary because java.util.jar does its own - * line management (see Manifest.make72Safe()). Inserting additional new lines - * can cause line-wrapping problems (see CR 6219522). - */ -class JarBASE64Encoder extends BASE64Encoder { - /** - * Encode the suffix that ends every output line. - */ - protected void encodeLineSuffix(OutputStream aStream) throws IOException { } -} - -class SignatureFile { - - /** SignatureFile */ - Manifest sf; - - /** .SF base name */ - String baseName; - - public SignatureFile(MessageDigest digests[], - Manifest mf, - ManifestDigester md, - String baseName, - boolean signManifest) - - { - this.baseName = baseName; - - String version = System.getProperty("java.version"); - String javaVendor = System.getProperty("java.vendor"); - - sf = new Manifest(); - Attributes mattr = sf.getMainAttributes(); - BASE64Encoder encoder = new JarBASE64Encoder(); - - mattr.putValue(Attributes.Name.SIGNATURE_VERSION.toString(), "1.0"); - mattr.putValue("Created-By", version + " (" + javaVendor + ")"); - - if (signManifest) { - // sign the whole manifest - for (int i=0; i < digests.length; i++) { - mattr.putValue(digests[i].getAlgorithm()+"-Digest-Manifest", - encoder.encode(md.manifestDigest(digests[i]))); - } - } - - // create digest of the manifest main attributes - ManifestDigester.Entry mde = - md.get(ManifestDigester.MF_MAIN_ATTRS, false); - if (mde != null) { - for (int i=0; i < digests.length; i++) { - mattr.putValue(digests[i].getAlgorithm() + - "-Digest-" + ManifestDigester.MF_MAIN_ATTRS, - encoder.encode(mde.digest(digests[i]))); - } - } else { - throw new IllegalStateException - ("ManifestDigester failed to create " + - "Manifest-Main-Attribute entry"); - } - - /* go through the manifest entries and create the digests */ - - Map<String,Attributes> entries = sf.getEntries(); - Iterator<Map.Entry<String,Attributes>> mit = - mf.getEntries().entrySet().iterator(); - while(mit.hasNext()) { - Map.Entry<String,Attributes> e = mit.next(); - String name = e.getKey(); - mde = md.get(name, false); - if (mde != null) { - Attributes attr = new Attributes(); - for (int i=0; i < digests.length; i++) { - attr.putValue(digests[i].getAlgorithm()+"-Digest", - encoder.encode(mde.digest(digests[i]))); - } - entries.put(name, attr); - } - } - } - - /** - * Writes the SignatureFile to the specified OutputStream. - * - * @param out the output stream - * @exception IOException if an I/O error has occurred - */ - - public void write(OutputStream out) throws IOException - { - sf.write(out); - } - - /** - * get .SF file name - */ - public String getMetaName() - { - return "META-INF/"+ baseName + ".SF"; - } - - /** - * get base file name - */ - public String getBaseName() - { - return baseName; - } - - /* - * Generate a signed data block. - * If a URL or a certificate (containing a URL) for a Timestamping - * Authority is supplied then a signature timestamp is generated and - * inserted into the signed data block. - * - * @param sigalg signature algorithm to use, or null to use default - * @param tsaUrl The location of the Timestamping Authority. If null - * then no timestamp is requested. - * @param tsaCert The certificate for the Timestamping Authority. If null - * then no timestamp is requested. - * @param signingMechanism The signing mechanism to use. - * @param args The command-line arguments to jarsigner. - * @param zipFile The original source Zip file. - */ - public Block generateBlock(PrivateKey privateKey, - String sigalg, - X509Certificate[] certChain, - boolean externalSF, String tsaUrl, - X509Certificate tsaCert, - ContentSigner signingMechanism, - String[] args, ZipFile zipFile) - throws NoSuchAlgorithmException, InvalidKeyException, IOException, - SignatureException, CertificateException - { - return new Block(this, privateKey, sigalg, certChain, externalSF, - tsaUrl, tsaCert, signingMechanism, args, zipFile); - } - - - public static class Block { - - private byte[] block; - private String blockFileName; - - /* - * Construct a new signature block. - */ - Block(SignatureFile sfg, PrivateKey privateKey, String sigalg, - X509Certificate[] certChain, boolean externalSF, String tsaUrl, - X509Certificate tsaCert, ContentSigner signingMechanism, - String[] args, ZipFile zipFile) - throws NoSuchAlgorithmException, InvalidKeyException, IOException, - SignatureException, CertificateException { - - Principal issuerName = certChain[0].getIssuerDN(); - if (!(issuerName instanceof X500Name)) { - // must extract the original encoded form of DN for subsequent - // name comparison checks (converting to a String and back to - // an encoded DN could cause the types of String attribute - // values to be changed) - X509CertInfo tbsCert = new - X509CertInfo(certChain[0].getTBSCertificate()); - issuerName = (Principal) - tbsCert.get(CertificateIssuerName.NAME + "." + - CertificateIssuerName.DN_NAME); - } - BigInteger serial = certChain[0].getSerialNumber(); - - String signatureAlgorithm; - String keyAlgorithm = privateKey.getAlgorithm(); - /* - * If no signature algorithm was specified, we choose a - * default that is compatible with the private key algorithm. - */ - if (sigalg == null) { - - if (keyAlgorithm.equalsIgnoreCase("DSA")) - signatureAlgorithm = "SHA1withDSA"; - else if (keyAlgorithm.equalsIgnoreCase("RSA")) - signatureAlgorithm = "SHA256withRSA"; - else if (keyAlgorithm.equalsIgnoreCase("EC")) - signatureAlgorithm = "SHA256withECDSA"; - else - throw new RuntimeException("private key is not a DSA or " - + "RSA key"); - } else { - signatureAlgorithm = sigalg; - } - - // check common invalid key/signature algorithm combinations - String sigAlgUpperCase = signatureAlgorithm.toUpperCase(Locale.ENGLISH); - if ((sigAlgUpperCase.endsWith("WITHRSA") && - !keyAlgorithm.equalsIgnoreCase("RSA")) || - (sigAlgUpperCase.endsWith("WITHECDSA") && - !keyAlgorithm.equalsIgnoreCase("EC")) || - (sigAlgUpperCase.endsWith("WITHDSA") && - !keyAlgorithm.equalsIgnoreCase("DSA"))) { - throw new SignatureException - ("private key algorithm is not compatible with signature algorithm"); - } - - blockFileName = "META-INF/"+sfg.getBaseName()+"."+keyAlgorithm; - - AlgorithmId sigAlg = AlgorithmId.get(signatureAlgorithm); - AlgorithmId digEncrAlg = AlgorithmId.get(keyAlgorithm); - - Signature sig = Signature.getInstance(signatureAlgorithm); - sig.initSign(privateKey); - - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - sfg.write(baos); - - byte[] content = baos.toByteArray(); - - sig.update(content); - byte[] signature = sig.sign(); - - // Timestamp the signature and generate the signature block file - if (signingMechanism == null) { - signingMechanism = new TimestampedSigner(); - } - URI tsaUri = null; - try { - if (tsaUrl != null) { - tsaUri = new URI(tsaUrl); - } - } catch (URISyntaxException e) { - IOException ioe = new IOException(); - ioe.initCause(e); - throw ioe; - } - - // Assemble parameters for the signing mechanism - ContentSignerParameters params = - new JarSignerParameters(args, tsaUri, tsaCert, signature, - signatureAlgorithm, certChain, content, zipFile); - - // Generate the signature block - block = signingMechanism.generateSignedData( - params, externalSF, (tsaUrl != null || tsaCert != null)); - } - - /* - * get block file name. - */ - public String getMetaName() - { - return blockFileName; - } - - /** - * Writes the block file to the specified OutputStream. - * - * @param out the output stream - * @exception IOException if an I/O error has occurred - */ - - public void write(OutputStream out) throws IOException - { - out.write(block); - } - } -} - - -/* - * This object encapsulates the parameters used to perform content signing. - */ -class JarSignerParameters implements ContentSignerParameters { - - private String[] args; - private URI tsa; - private X509Certificate tsaCertificate; - private byte[] signature; - private String signatureAlgorithm; - private X509Certificate[] signerCertificateChain; - private byte[] content; - private ZipFile source; - - /** - * Create a new object. - */ - JarSignerParameters(String[] args, URI tsa, X509Certificate tsaCertificate, - byte[] signature, String signatureAlgorithm, - X509Certificate[] signerCertificateChain, byte[] content, - ZipFile source) { - - if (signature == null || signatureAlgorithm == null || - signerCertificateChain == null) { - throw new NullPointerException(); - } - this.args = args; - this.tsa = tsa; - this.tsaCertificate = tsaCertificate; - this.signature = signature; - this.signatureAlgorithm = signatureAlgorithm; - this.signerCertificateChain = signerCertificateChain; - this.content = content; - this.source = source; - } - - /** - * Retrieves the command-line arguments. - * - * @return The command-line arguments. May be null. - */ - public String[] getCommandLine() { - return args; - } - - /** - * Retrieves the identifier for a Timestamping Authority (TSA). - * - * @return The TSA identifier. May be null. - */ - public URI getTimestampingAuthority() { - return tsa; - } - - /** - * Retrieves the certificate for a Timestamping Authority (TSA). - * - * @return The TSA certificate. May be null. - */ - public X509Certificate getTimestampingAuthorityCertificate() { - return tsaCertificate; - } - - /** - * Retrieves the signature. - * - * @return The non-null signature bytes. - */ - public byte[] getSignature() { - return signature; - } - - /** - * Retrieves the name of the signature algorithm. - * - * @return The non-null string name of the signature algorithm. - */ - public String getSignatureAlgorithm() { - return signatureAlgorithm; - } - - /** - * Retrieves the signer's X.509 certificate chain. - * - * @return The non-null array of X.509 public-key certificates. - */ - public X509Certificate[] getSignerCertificateChain() { - return signerCertificateChain; - } - - /** - * Retrieves the content that was signed. - * - * @return The content bytes. May be null. - */ - public byte[] getContent() { - return content; - } - - /** - * Retrieves the original source ZIP file before it was signed. - * - * @return The original ZIP file. May be null. - */ - public ZipFile getSource() { - return source; - } -}
--- a/src/share/classes/sun/security/tools/JarSignerResources.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,250 +0,0 @@ -/* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.tools; - -/** - * <p> This class represents the <code>ResourceBundle</code> - * for JarSigner. - * - */ -public class JarSignerResources extends java.util.ListResourceBundle { - - private static final Object[][] contents = { - - // shared (from jarsigner) - {"SPACE", " "}, - {"2SPACE", " "}, - {"6SPACE", " "}, - {"COMMA", ", "}, - - {"provName.not.a.provider", "{0} not a provider"}, - {"signerClass.is.not.a.signing.mechanism", "{0} is not a signing mechanism"}, - {"jarsigner.error.", "jarsigner error: "}, - {"Illegal.option.", "Illegal option: "}, - {".keystore.must.be.NONE.if.storetype.is.{0}", - "-keystore must be NONE if -storetype is {0}"}, - {".keypass.can.not.be.specified.if.storetype.is.{0}", - "-keypass can not be specified if -storetype is {0}"}, - {"If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified", - "If -protected is specified, then -storepass and -keypass must not be specified"}, - {"If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified", - "If keystore is not password protected, then -storepass and -keypass must not be specified"}, - {"Usage.jarsigner.options.jar.file.alias", - "Usage: jarsigner [options] jar-file alias"}, - {".jarsigner.verify.options.jar.file.alias.", - " jarsigner -verify [options] jar-file [alias...]"}, - {".keystore.url.keystore.location", - "[-keystore <url>] keystore location"}, - {".storepass.password.password.for.keystore.integrity", - "[-storepass <password>] password for keystore integrity"}, - {".storetype.type.keystore.type", - "[-storetype <type>] keystore type"}, - {".keypass.password.password.for.private.key.if.different.", - "[-keypass <password>] password for private key (if different)"}, - {".certchain.file.name.of.alternative.certchain.file", - "[-certchain <file>] name of alternative certchain file"}, - {".sigfile.file.name.of.SF.DSA.file", - "[-sigfile <file>] name of .SF/.DSA file"}, - {".signedjar.file.name.of.signed.JAR.file", - "[-signedjar <file>] name of signed JAR file"}, - {".digestalg.algorithm.name.of.digest.algorithm", - "[-digestalg <algorithm>] name of digest algorithm"}, - {".sigalg.algorithm.name.of.signature.algorithm", - "[-sigalg <algorithm>] name of signature algorithm"}, - {".verify.verify.a.signed.JAR.file", - "[-verify] verify a signed JAR file"}, - {".verbose.suboptions.verbose.output.when.signing.verifying.", - "[-verbose[:suboptions]] verbose output when signing/verifying."}, - {".suboptions.can.be.all.grouped.or.summary", - " suboptions can be all, grouped or summary"}, - {".certs.display.certificates.when.verbose.and.verifying", - "[-certs] display certificates when verbose and verifying"}, - {".tsa.url.location.of.the.Timestamping.Authority", - "[-tsa <url>] location of the Timestamping Authority"}, - {".tsacert.alias.public.key.certificate.for.Timestamping.Authority", - "[-tsacert <alias>] public key certificate for Timestamping Authority"}, - {".altsigner.class.class.name.of.an.alternative.signing.mechanism", - "[-altsigner <class>] class name of an alternative signing mechanism"}, - {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism", - "[-altsignerpath <pathlist>] location of an alternative signing mechanism"}, - {".internalsf.include.the.SF.file.inside.the.signature.block", - "[-internalsf] include the .SF file inside the signature block"}, - {".sectionsonly.don.t.compute.hash.of.entire.manifest", - "[-sectionsonly] don't compute hash of entire manifest"}, - {".protected.keystore.has.protected.authentication.path", - "[-protected] keystore has protected authentication path"}, - {".providerName.name.provider.name", - "[-providerName <name>] provider name"}, - {".providerClass.class.name.of.cryptographic.service.provider.s", - "[-providerClass <class> name of cryptographic service provider's"}, - {".providerArg.arg.master.class.file.and.constructor.argument", - " [-providerArg <arg>]] ... master class file and constructor argument"}, - {".strict.treat.warnings.as.errors", - "[-strict] treat warnings as errors"}, - {"Option.lacks.argument", "Option lacks argument"}, - {"Please.type.jarsigner.help.for.usage", "Please type jarsigner -help for usage"}, - {"Please.specify.jarfile.name", "Please specify jarfile name"}, - {"Please.specify.alias.name", "Please specify alias name"}, - {"Only.one.alias.can.be.specified", "Only one alias can be specified"}, - {"This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es.", - "This jar contains signed entries which are not signed by the specified alias(es)."}, - {"This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore.", - "This jar contains signed entries that are not signed by alias in this keystore."}, - {"s", "s"}, - {"m", "m"}, - {"k", "k"}, - {"i", "i"}, - {".and.d.more.", "(and %d more)"}, - {".s.signature.was.verified.", - " s = signature was verified "}, - {".m.entry.is.listed.in.manifest", - " m = entry is listed in manifest"}, - {".k.at.least.one.certificate.was.found.in.keystore", - " k = at least one certificate was found in keystore"}, - {".i.at.least.one.certificate.was.found.in.identity.scope", - " i = at least one certificate was found in identity scope"}, - {".X.not.signed.by.specified.alias.es.", - " X = not signed by specified alias(es)"}, - {"no.manifest.", "no manifest."}, - {".Signature.related.entries.","(Signature related entries)"}, - {".Unsigned.entries.", "(Unsigned entries)"}, - {"jar.is.unsigned.signatures.missing.or.not.parsable.", - "jar is unsigned. (signatures missing or not parsable)"}, - {"jar.signed.", "jar signed."}, - {"jar.signed.with.signer.errors.", "jar signed, with signer errors."}, - {"jar.verified.", "jar verified."}, - {"jar.verified.with.signer.errors.", "jar verified, with signer errors."}, - {"jarsigner.", "jarsigner: "}, - {"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.", - "signature filename must consist of the following characters: A-Z, 0-9, _ or -"}, - {"unable.to.open.jar.file.", "unable to open jar file: "}, - {"unable.to.create.", "unable to create: "}, - {".adding.", " adding: "}, - {".updating.", " updating: "}, - {".signing.", " signing: "}, - {"attempt.to.rename.signedJarFile.to.jarFile.failed", - "attempt to rename {0} to {1} failed"}, - {"attempt.to.rename.jarFile.to.origJar.failed", - "attempt to rename {0} to {1} failed"}, - {"unable.to.sign.jar.", "unable to sign jar: "}, - {"Enter.Passphrase.for.keystore.", "Enter Passphrase for keystore: "}, - {"keystore.load.", "keystore load: "}, - {"certificate.exception.", "certificate exception: "}, - {"unable.to.instantiate.keystore.class.", - "unable to instantiate keystore class: "}, - {"Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and", - "Certificate chain not found for: {0}. {1} must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain."}, - {"File.specified.by.certchain.does.not.exist", - "File specified by -certchain does not exist"}, - {"Cannot.restore.certchain.from.file.specified", - "Cannot restore certchain from file specified"}, - {"Certificate.chain.not.found.in.the.file.specified.", - "Certificate chain not found in the file specified."}, - {"found.non.X.509.certificate.in.signer.s.chain", - "found non-X.509 certificate in signer's chain"}, - {"incomplete.certificate.chain", "incomplete certificate chain"}, - {"Enter.key.password.for.alias.", "Enter key password for {0}: "}, - {"unable.to.recover.key.from.keystore", - "unable to recover key from keystore"}, - {"key.associated.with.alias.not.a.private.key", - "key associated with {0} not a private key"}, - {"you.must.enter.key.password", "you must enter key password"}, - {"unable.to.read.password.", "unable to read password: "}, - {"certificate.is.valid.from", "certificate is valid from {0} to {1}"}, - {"certificate.expired.on", "certificate expired on {0}"}, - {"certificate.is.not.valid.until", - "certificate is not valid until {0}"}, - {"certificate.will.expire.on", "certificate will expire on {0}"}, - {".CertPath.not.validated.", "[CertPath not validated: "}, - {"requesting.a.signature.timestamp", - "requesting a signature timestamp"}, - {"TSA.location.", "TSA location: "}, - {"TSA.certificate.", "TSA certificate: "}, - {"no.response.from.the.Timestamping.Authority.", - "no response from the Timestamping Authority. When connecting" - + " from behind a firewall an HTTP or HTTPS proxy may need to" - + " be specified. Supply the following options to jarsigner:"}, - {"or", "or"}, - {"Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the", - "Certificate not found for: {0}. {1} must reference a valid KeyStore entry containing an X.509 public key certificate for the Timestamping Authority."}, - {"using.an.alternative.signing.mechanism", - "using an alternative signing mechanism"}, - {"entry.was.signed.on", "entry was signed on {0}"}, - {"Warning.", "Warning: "}, - {"Error.", "Error: "}, - {"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.", - "This jar contains unsigned entries which have not been integrity-checked. "}, - {"This.jar.contains.entries.whose.signer.certificate.has.expired.", - "This jar contains entries whose signer certificate has expired. "}, - {"This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months.", - "This jar contains entries whose signer certificate will expire within six months. "}, - {"This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid.", - "This jar contains entries whose signer certificate is not yet valid. "}, - {"Re.run.with.the.verbose.option.for.more.details.", - "Re-run with the -verbose option for more details."}, - {"Re.run.with.the.verbose.and.certs.options.for.more.details.", - "Re-run with the -verbose and -certs options for more details."}, - {"The.signer.certificate.has.expired.", - "The signer certificate has expired."}, - {"The.signer.certificate.will.expire.within.six.months.", - "The signer certificate will expire within six months."}, - {"The.signer.certificate.is.not.yet.valid.", - "The signer certificate is not yet valid."}, - {"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.", - "The signer certificate's KeyUsage extension doesn't allow code signing."}, - {"The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.", - "The signer certificate's ExtendedKeyUsage extension doesn't allow code signing."}, - {"The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.", - "The signer certificate's NetscapeCertType extension doesn't allow code signing."}, - {"This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.", - "This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing."}, - {"This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.", - "This jar contains entries whose signer certificate's ExtendedKeyUsage extension doesn't allow code signing."}, - {"This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.", - "This jar contains entries whose signer certificate's NetscapeCertType extension doesn't allow code signing."}, - {".{0}.extension.does.not.support.code.signing.", - "[{0} extension does not support code signing]"}, - {"The.signer.s.certificate.chain.is.not.validated.", - "The signer's certificate chain is not validated."}, - {"This.jar.contains.entries.whose.certificate.chain.is.not.validated.", - "This jar contains entries whose certificate chain is not validated."}, - {"no.timestamp.signing", - "No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td) or after any future revocation date."}, - {"no.timestamp.verifying", - "This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td) or after any future revocation date."}, - }; - - /** - * Returns the contents of this <code>ResourceBundle</code>. - * - * <p> - * - * @return the contents of this <code>ResourceBundle</code>. - */ - public Object[][] getContents() { - return contents; - } -}
--- a/src/share/classes/sun/security/tools/JarSignerResources_ja.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,248 +0,0 @@ -/* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.tools; - -/** - * <p> This class represents the <code>ResourceBundle</code> - * for JarSigner. - * - */ -public class JarSignerResources_ja extends java.util.ListResourceBundle { - - private static final Object[][] contents = { - - // shared (from jarsigner) - {"SPACE", " "}, - {"2SPACE", " "}, - {"6SPACE", " "}, - {"COMMA", ", "}, - - {"provName.not.a.provider", "{0}\u306F\u30D7\u30ED\u30D0\u30A4\u30C0\u3067\u306F\u3042\u308A\u307E\u305B\u3093"}, - {"signerClass.is.not.a.signing.mechanism", "{0}\u306F\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u3067\u306F\u3042\u308A\u307E\u305B\u3093"}, - {"jarsigner.error.", "jarsigner\u30A8\u30E9\u30FC: "}, - {"Illegal.option.", "\u4E0D\u6B63\u306A\u30AA\u30D7\u30B7\u30E7\u30F3: "}, - {".keystore.must.be.NONE.if.storetype.is.{0}", - "-storetype\u304C{0}\u306E\u5834\u5408\u3001-keystore\u306FNONE\u3067\u3042\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, - {".keypass.can.not.be.specified.if.storetype.is.{0}", - "-storetype\u304C{0}\u306E\u5834\u5408\u3001-keypass\u306F\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093"}, - {"If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified", - "-protected\u3092\u6307\u5B9A\u3059\u308B\u5834\u5408\u306F\u3001-storepass\u304A\u3088\u3073-keypass\u3092\u6307\u5B9A\u3057\u306A\u3044\u3067\u304F\u3060\u3055\u3044"}, - {"If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified", - "\u30AD\u30FC\u30B9\u30C8\u30A2\u304C\u30D1\u30B9\u30EF\u30FC\u30C9\u3067\u4FDD\u8B77\u3055\u308C\u3066\u3044\u306A\u3044\u5834\u5408\u3001-storepass\u304A\u3088\u3073-keypass\u3092\u6307\u5B9A\u3057\u306A\u3044\u3067\u304F\u3060\u3055\u3044"}, - {"Usage.jarsigner.options.jar.file.alias", - "\u4F7F\u7528\u65B9\u6CD5: jarsigner [options] jar-file alias"}, - {".jarsigner.verify.options.jar.file.alias.", - " jarsigner -verify [options] jar-file [alias...]"}, - {".keystore.url.keystore.location", - "[-keystore <url>] \u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u4F4D\u7F6E"}, - {".storepass.password.password.for.keystore.integrity", - "[-storepass <password>] \u30AD\u30FC\u30B9\u30C8\u30A2\u6574\u5408\u6027\u306E\u305F\u3081\u306E\u30D1\u30B9\u30EF\u30FC\u30C9"}, - {".storetype.type.keystore.type", - "[-storetype <type>] \u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u578B"}, - {".keypass.password.password.for.private.key.if.different.", - "[-keypass <password>] \u79D8\u5BC6\u9375\u306E\u30D1\u30B9\u30EF\u30FC\u30C9(\u7570\u306A\u308B\u5834\u5408)"}, - {".certchain.file.name.of.alternative.certchain.file", - "[-certchain <file>] \u4EE3\u66FF\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u30FB\u30D5\u30A1\u30A4\u30EB\u306E\u540D\u524D"}, - {".sigfile.file.name.of.SF.DSA.file", - "[-sigfile <file>] .SF/.DSA\u30D5\u30A1\u30A4\u30EB\u306E\u540D\u524D"}, - {".signedjar.file.name.of.signed.JAR.file", - "[-signedjar <file>] \u7F72\u540D\u4ED8\u304DJAR\u30D5\u30A1\u30A4\u30EB\u306E\u540D\u524D"}, - {".digestalg.algorithm.name.of.digest.algorithm", - "[-digestalg <algorithm>] \u30C0\u30A4\u30B8\u30A7\u30B9\u30C8\u30FB\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u306E\u540D\u524D"}, - {".sigalg.algorithm.name.of.signature.algorithm", - "[-sigalg <algorithm>] \u7F72\u540D\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u306E\u540D\u524D"}, - {".verify.verify.a.signed.JAR.file", - "[-verify] \u7F72\u540D\u4ED8\u304DJAR\u30D5\u30A1\u30A4\u30EB\u306E\u691C\u8A3C"}, - {".verbose.suboptions.verbose.output.when.signing.verifying.", - "[-verbose[:suboptions]] \u7F72\u540D/\u691C\u8A3C\u6642\u306E\u8A73\u7D30\u51FA\u529B\u3002"}, - {".suboptions.can.be.all.grouped.or.summary", - " \u30B5\u30D6\u30AA\u30D7\u30B7\u30E7\u30F3\u3068\u3057\u3066\u3001all\u3001grouped\u307E\u305F\u306Fsummary\u3092\u4F7F\u7528\u3067\u304D\u307E\u3059"}, - {".certs.display.certificates.when.verbose.and.verifying", - "[-certs] \u8A73\u7D30\u51FA\u529B\u304A\u3088\u3073\u691C\u8A3C\u6642\u306B\u8A3C\u660E\u66F8\u3092\u8868\u793A"}, - {".tsa.url.location.of.the.Timestamping.Authority", - "[-tsa <url>] \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306E\u5834\u6240"}, - {".tsacert.alias.public.key.certificate.for.Timestamping.Authority", - "[-tsacert <alias>] \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306E\u516C\u958B\u9375\u8A3C\u660E\u66F8"}, - {".altsigner.class.class.name.of.an.alternative.signing.mechanism", - "[-altsigner <class>] \u4EE3\u66FF\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u306E\u30AF\u30E9\u30B9\u540D"}, - {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism", - "[-altsignerpath <pathlist>] \u4EE3\u66FF\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u306E\u5834\u6240"}, - {".internalsf.include.the.SF.file.inside.the.signature.block", - "[-internalsf] \u7F72\u540D\u30D6\u30ED\u30C3\u30AF\u306B.SF\u30D5\u30A1\u30A4\u30EB\u3092\u542B\u3081\u308B"}, - {".sectionsonly.don.t.compute.hash.of.entire.manifest", - "[-sectionsonly] \u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u5168\u4F53\u306E\u30CF\u30C3\u30B7\u30E5\u306F\u8A08\u7B97\u3057\u306A\u3044"}, - {".protected.keystore.has.protected.authentication.path", - "[-protected] \u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u306F\u4FDD\u8B77\u3055\u308C\u305F\u8A8D\u8A3C\u30D1\u30B9\u304C\u3042\u308B"}, - {".providerName.name.provider.name", - "[-providerName <name>] \u30D7\u30ED\u30D0\u30A4\u30C0\u540D"}, - {".providerClass.class.name.of.cryptographic.service.provider.s", - "[-providerClass <class> \u6697\u53F7\u5316\u30B5\u30FC\u30D3\u30B9\u30FB\u30D7\u30ED\u30D0\u30A4\u30C0\u306E\u540D\u524D"}, - {".providerArg.arg.master.class.file.and.constructor.argument", - " [-providerArg <arg>]] ... \u30DE\u30B9\u30BF\u30FC\u30FB\u30AF\u30E9\u30B9\u30FB\u30D5\u30A1\u30A4\u30EB\u3068\u30B3\u30F3\u30B9\u30C8\u30E9\u30AF\u30BF\u306E\u5F15\u6570"}, - {".strict.treat.warnings.as.errors", - "[-strict] \u8B66\u544A\u3092\u30A8\u30E9\u30FC\u3068\u3057\u3066\u51E6\u7406"}, - {"Option.lacks.argument", "\u30AA\u30D7\u30B7\u30E7\u30F3\u306B\u5F15\u6570\u304C\u3042\u308A\u307E\u305B\u3093"}, - {"Please.type.jarsigner.help.for.usage", "\u4F7F\u7528\u65B9\u6CD5\u306B\u3064\u3044\u3066\u306Fjarsigner -help\u3068\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044"}, - {"Please.specify.jarfile.name", "jarfile\u540D\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"}, - {"Please.specify.alias.name", "\u5225\u540D\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"}, - {"Only.one.alias.can.be.specified", "\u5225\u540D\u306F1\u3064\u306E\u307F\u6307\u5B9A\u3067\u304D\u307E\u3059"}, - {"This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es.", - "\u3053\u306Ejar\u306B\u542B\u307E\u308C\u308B\u7F72\u540D\u6E08\u30A8\u30F3\u30C8\u30EA\u306F\u3001\u6307\u5B9A\u3055\u308C\u305F\u5225\u540D\u306B\u3088\u3063\u3066\u7F72\u540D\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002"}, - {"This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore.", - "\u3053\u306Ejar\u306B\u542B\u307E\u308C\u308B\u7F72\u540D\u6E08\u30A8\u30F3\u30C8\u30EA\u306F\u3001\u3053\u306E\u30AD\u30FC\u30B9\u30C8\u30A2\u5185\u306E\u5225\u540D\u306B\u3088\u3063\u3066\u7F72\u540D\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002"}, - {"s", "s"}, - {"m", "m"}, - {"k", "k"}, - {"i", "i"}, - {".and.d.more.", "(\u4ED6\u306B\u3082%d\u500B)"}, - {".s.signature.was.verified.", - " s=\u7F72\u540D\u304C\u691C\u8A3C\u3055\u308C\u307E\u3057\u305F "}, - {".m.entry.is.listed.in.manifest", - " m=\u30A8\u30F3\u30C8\u30EA\u304C\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u5185\u306B\u30EA\u30B9\u30C8\u3055\u308C\u307E\u3059"}, - {".k.at.least.one.certificate.was.found.in.keystore", - " k=1\u3064\u4EE5\u4E0A\u306E\u8A3C\u660E\u66F8\u304C\u30AD\u30FC\u30B9\u30C8\u30A2\u3067\u691C\u51FA\u3055\u308C\u307E\u3057\u305F"}, - {".i.at.least.one.certificate.was.found.in.identity.scope", - " i=1\u3064\u4EE5\u4E0A\u306E\u8A3C\u660E\u66F8\u304C\u30A2\u30A4\u30C7\u30F3\u30C6\u30A3\u30C6\u30A3\u30FB\u30B9\u30B3\u30FC\u30D7\u3067\u691C\u51FA\u3055\u308C\u307E\u3057\u305F"}, - {".X.not.signed.by.specified.alias.es.", - " X =\u6307\u5B9A\u3057\u305F\u5225\u540D\u3067\u7F72\u540D\u3055\u308C\u3066\u3044\u307E\u305B\u3093"}, - {"no.manifest.", "\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u306F\u5B58\u5728\u3057\u307E\u305B\u3093\u3002"}, - {".Signature.related.entries.","(\u7F72\u540D\u95A2\u9023\u30A8\u30F3\u30C8\u30EA)"}, - {".Unsigned.entries.", "(\u672A\u7F72\u540D\u306E\u30A8\u30F3\u30C8\u30EA)"}, - {"jar.is.unsigned.signatures.missing.or.not.parsable.", - "jar\u306F\u7F72\u540D\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002(\u7F72\u540D\u304C\u898B\u3064\u304B\u3089\u306A\u3044\u304B\u3001\u69CB\u6587\u89E3\u6790\u3067\u304D\u307E\u305B\u3093)"}, - {"jar.signed.", "jar\u306F\u7F72\u540D\u3055\u308C\u307E\u3057\u305F\u3002"}, - {"jar.signed.with.signer.errors.", "jar\u306F\u7F72\u540D\u3055\u308C\u307E\u3057\u305F - \u7F72\u540D\u8005\u30A8\u30E9\u30FC\u304C\u3042\u308A\u307E\u3059\u3002"}, - {"jar.verified.", "jar\u306F\u691C\u8A3C\u3055\u308C\u307E\u3057\u305F\u3002"}, - {"jar.verified.with.signer.errors.", "jar\u306F\u691C\u8A3C\u3055\u308C\u307E\u3057\u305F - \u7F72\u540D\u8005\u30A8\u30E9\u30FC\u304C\u3042\u308A\u307E\u3059\u3002"}, - {"jarsigner.", "jarsigner: "}, - {"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.", - "\u7F72\u540D\u306E\u30D5\u30A1\u30A4\u30EB\u540D\u306F\u6B21\u306E\u6587\u5B57\u3067\u69CB\u6210\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059: A-Z 0-9 _ -"}, - {"unable.to.open.jar.file.", "\u6B21\u306Ejar\u30D5\u30A1\u30A4\u30EB\u3092\u958B\u304F\u3053\u3068\u304C\u3067\u304D\u307E\u305B\u3093: "}, - {"unable.to.create.", "\u4F5C\u6210\u3067\u304D\u307E\u305B\u3093: "}, - {".adding.", " \u8FFD\u52A0\u4E2D: "}, - {".updating.", " \u66F4\u65B0\u4E2D: "}, - {".signing.", " \u7F72\u540D\u4E2D: "}, - {"attempt.to.rename.signedJarFile.to.jarFile.failed", - "{0}\u306E\u540D\u524D\u3092{1}\u306B\u5909\u66F4\u3057\u3088\u3046\u3068\u3057\u307E\u3057\u305F\u304C\u5931\u6557\u3057\u307E\u3057\u305F"}, - {"attempt.to.rename.jarFile.to.origJar.failed", - "{0}\u306E\u540D\u524D\u3092{1}\u306B\u5909\u66F4\u3057\u3088\u3046\u3068\u3057\u307E\u3057\u305F\u304C\u5931\u6557\u3057\u307E\u3057\u305F"}, - {"unable.to.sign.jar.", "jar\u306B\u7F72\u540D\u3067\u304D\u307E\u305B\u3093: "}, - {"Enter.Passphrase.for.keystore.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "}, - {"keystore.load.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30ED\u30FC\u30C9: "}, - {"certificate.exception.", "\u8A3C\u660E\u66F8\u4F8B\u5916: "}, - {"unable.to.instantiate.keystore.class.", - "\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30AF\u30E9\u30B9\u306E\u30A4\u30F3\u30B9\u30BF\u30F3\u30B9\u3092\u751F\u6210\u3067\u304D\u307E\u305B\u3093: "}, - {"Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and", - "\u6B21\u306E\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: {0}\u3002{1}\u306F\u3001\u79D8\u5BC6\u9375\u304A\u3088\u3073\u5BFE\u5FDC\u3059\u308B\u516C\u958B\u9375\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u3092\u542B\u3080\u6709\u52B9\u306AKeyStore\u9375\u30A8\u30F3\u30C8\u30EA\u3092\u53C2\u7167\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002"}, - {"File.specified.by.certchain.does.not.exist", - "-certchain\u3067\u6307\u5B9A\u3055\u308C\u3066\u3044\u308B\u30D5\u30A1\u30A4\u30EB\u306F\u5B58\u5728\u3057\u307E\u305B\u3093"}, - {"Cannot.restore.certchain.from.file.specified", - "\u6307\u5B9A\u3055\u308C\u305F\u30D5\u30A1\u30A4\u30EB\u304B\u3089\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u3092\u5FA9\u5143\u3067\u304D\u307E\u305B\u3093"}, - {"Certificate.chain.not.found.in.the.file.specified.", - "\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u306F\u6307\u5B9A\u3055\u308C\u305F\u30D5\u30A1\u30A4\u30EB\u306B\u898B\u3064\u304B\u308A\u307E\u305B\u3093\u3002"}, - {"found.non.X.509.certificate.in.signer.s.chain", - "\u7F72\u540D\u8005\u306E\u9023\u9396\u5185\u3067\u975EX.509\u8A3C\u660E\u66F8\u304C\u691C\u51FA\u3055\u308C\u307E\u3057\u305F"}, - {"incomplete.certificate.chain", "\u4E0D\u5B8C\u5168\u306A\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3"}, - {"Enter.key.password.for.alias.", "{0}\u306E\u9375\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "}, - {"unable.to.recover.key.from.keystore", - "\u30AD\u30FC\u30B9\u30C8\u30A2\u304B\u3089\u9375\u3092\u5FA9\u5143\u3067\u304D\u307E\u305B\u3093"}, - {"key.associated.with.alias.not.a.private.key", - "{0}\u3068\u95A2\u9023\u4ED8\u3051\u3089\u308C\u305F\u9375\u306F\u3001\u79D8\u5BC6\u9375\u3067\u306F\u3042\u308A\u307E\u305B\u3093"}, - {"you.must.enter.key.password", "\u9375\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, - {"unable.to.read.password.", "\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u8AAD\u307F\u8FBC\u3081\u307E\u305B\u3093: "}, - {"certificate.is.valid.from", "\u8A3C\u660E\u66F8\u306F{0}\u304B\u3089{1}\u307E\u3067\u6709\u52B9\u3067\u3059"}, - {"certificate.expired.on", "\u8A3C\u660E\u66F8\u306F{0}\u306B\u5931\u52B9\u3057\u307E\u3057\u305F"}, - {"certificate.is.not.valid.until", - "\u8A3C\u660E\u66F8\u306F{0}\u307E\u3067\u6709\u52B9\u3067\u306F\u3042\u308A\u307E\u305B\u3093"}, - {"certificate.will.expire.on", "\u8A3C\u660E\u66F8\u306F{0}\u306B\u5931\u52B9\u3057\u307E\u3059"}, - {".CertPath.not.validated.", "[CertPath\u304C\u691C\u8A3C\u3055\u308C\u3066\u3044\u307E\u305B\u3093: "}, - {"requesting.a.signature.timestamp", - "\u7F72\u540D\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306E\u30EA\u30AF\u30A8\u30B9\u30C8"}, - {"TSA.location.", "TSA\u306E\u5834\u6240: "}, - {"TSA.certificate.", "TSA\u8A3C\u660E\u66F8: "}, - {"no.response.from.the.Timestamping.Authority.", - "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u304B\u3089\u306E\u30EC\u30B9\u30DD\u30F3\u30B9\u304C\u3042\u308A\u307E\u305B\u3093\u3002\u30D5\u30A1\u30A4\u30A2\u30A6\u30A9\u30FC\u30EB\u3092\u4ECB\u3057\u3066\u63A5\u7D9A\u3059\u308B\u3068\u304D\u306F\u3001\u5FC5\u8981\u306B\u5FDC\u3058\u3066HTTP\u307E\u305F\u306FHTTPS\u30D7\u30ED\u30AD\u30B7\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044\u3002jarsigner\u306B\u6B21\u306E\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044:"}, - {"or", "\u307E\u305F\u306F"}, - {"Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the", - "\u8A3C\u660E\u66F8\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093\u3067\u3057\u305F: {0}\u3002{1}\u306F\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306EX.509\u516C\u958B\u9375\u8A3C\u660E\u66F8\u304C\u542B\u307E\u308C\u3066\u3044\u308B\u6709\u52B9\u306AKeyStore\u30A8\u30F3\u30C8\u30EA\u3092\u53C2\u7167\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002"}, - {"using.an.alternative.signing.mechanism", - "\u4EE3\u66FF\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u306E\u4F7F\u7528"}, - {"entry.was.signed.on", "\u30A8\u30F3\u30C8\u30EA\u306F{0}\u306B\u7F72\u540D\u3055\u308C\u307E\u3057\u305F"}, - {"Warning.", "\u8B66\u544A: "}, - {"Error.", "\u30A8\u30E9\u30FC: "}, - {"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.", - "\u3053\u306Ejar\u306B\u306F\u3001\u6574\u5408\u6027\u30C1\u30A7\u30C3\u30AF\u3092\u3057\u3066\u3044\u306A\u3044\u672A\u7F72\u540D\u306E\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "}, - {"This.jar.contains.entries.whose.signer.certificate.has.expired.", - "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u304C\u671F\u9650\u5207\u308C\u306E\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "}, - {"This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months.", - "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u304C6\u304B\u6708\u4EE5\u5185\u306B\u671F\u9650\u5207\u308C\u3068\u306A\u308B\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "}, - {"This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid.", - "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u304C\u307E\u3060\u6709\u52B9\u306B\u306A\u3063\u3066\u3044\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "}, - {"Re.run.with.the.verbose.option.for.more.details.", - "\u8A73\u7D30\u306F\u3001-verbose\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u4F7F\u7528\u3057\u3066\u518D\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, - {"Re.run.with.the.verbose.and.certs.options.for.more.details.", - "\u8A73\u7D30\u306F\u3001-verbose\u304A\u3088\u3073-certs\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u4F7F\u7528\u3057\u3066\u518D\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, - {"The.signer.certificate.has.expired.", - "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F\u671F\u9650\u5207\u308C\u3067\u3059\u3002"}, - {"The.signer.certificate.will.expire.within.six.months.", - "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F6\u304B\u6708\u4EE5\u5185\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002"}, - {"The.signer.certificate.is.not.yet.valid.", - "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F\u307E\u3060\u6709\u52B9\u306B\u306A\u3063\u3066\u3044\u307E\u305B\u3093\u3002"}, - {"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.", - "\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306EKeyUsage\u62E1\u5F35\u6A5F\u80FD\u3067\u306F\u3001\u30B3\u30FC\u30C9\u7F72\u540D\u306F\u8A31\u53EF\u3055\u308C\u307E\u305B\u3093\u3002"}, - {"The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.", - "\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306EExtendedKeyUsage\u62E1\u5F35\u6A5F\u80FD\u3067\u306F\u3001\u30B3\u30FC\u30C9\u7F72\u540D\u306F\u8A31\u53EF\u3055\u308C\u307E\u305B\u3093\u3002"}, - {"The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.", - "\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306ENetscapeCertType\u62E1\u5F35\u6A5F\u80FD\u3067\u306F\u3001\u30B3\u30FC\u30C9\u7F72\u540D\u306F\u8A31\u53EF\u3055\u308C\u307E\u305B\u3093\u3002"}, - {"This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.", - "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306EKeyUsage\u62E1\u5F35\u6A5F\u80FD\u304C\u30B3\u30FC\u30C9\u7F72\u540D\u3092\u8A31\u53EF\u3057\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002"}, - {"This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.", - "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306EExtendedKeyUsage\u62E1\u5F35\u6A5F\u80FD\u304C\u30B3\u30FC\u30C9\u7F72\u540D\u3092\u8A31\u53EF\u3057\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002"}, - {"This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.", - "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306ENetscapeCertType\u62E1\u5F35\u6A5F\u80FD\u304C\u30B3\u30FC\u30C9\u7F72\u540D\u3092\u8A31\u53EF\u3057\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002"}, - {".{0}.extension.does.not.support.code.signing.", - "[{0}\u62E1\u5F35\u6A5F\u80FD\u306F\u30B3\u30FC\u30C9\u7F72\u540D\u3092\u30B5\u30DD\u30FC\u30C8\u3057\u3066\u3044\u307E\u305B\u3093]"}, - {"The.signer.s.certificate.chain.is.not.validated.", - "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u304C\u307E\u3060\u691C\u8A3C\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002"}, - {"This.jar.contains.entries.whose.certificate.chain.is.not.validated.", - "\u3053\u306Ejar\u306B\u306F\u3001\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u304C\u307E\u3060\u691C\u8A3C\u3055\u308C\u3066\u3044\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002"}, - {"no.timestamp.signing", - "-tsa\u307E\u305F\u306F-tsacert\u304C\u6307\u5B9A\u3055\u308C\u3066\u3044\u306A\u3044\u305F\u3081\u3001\u3053\u306Ejar\u306B\u306F\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u4ED8\u52A0\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650(%1$tY-%1$tm-%1$td)\u5F8C\u307E\u305F\u306F\u5C06\u6765\u306E\u5931\u52B9\u65E5\u5F8C\u306B\u3001\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002"}, - {"no.timestamp.verifying", - "\u3053\u306Ejar\u306B\u306F\u3001\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u7F72\u540D\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650(%1$tY-%1$tm-%1$td)\u5F8C\u307E\u305F\u306F\u5C06\u6765\u306E\u5931\u52B9\u65E5\u5F8C\u306B\u3001\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002"}, - }; - - /** - * Returns the contents of this <code>ResourceBundle</code>. - * - * <p> - * - * @return the contents of this <code>ResourceBundle</code>. - */ - public Object[][] getContents() { - return contents; - } -}
--- a/src/share/classes/sun/security/tools/JarSignerResources_zh_CN.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,248 +0,0 @@ -/* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.tools; - -/** - * <p> This class represents the <code>ResourceBundle</code> - * for JarSigner. - * - */ -public class JarSignerResources_zh_CN extends java.util.ListResourceBundle { - - private static final Object[][] contents = { - - // shared (from jarsigner) - {"SPACE", " "}, - {"2SPACE", " "}, - {"6SPACE", " "}, - {"COMMA", ", "}, - - {"provName.not.a.provider", "{0}\u4E0D\u662F\u63D0\u4F9B\u65B9"}, - {"signerClass.is.not.a.signing.mechanism", "{0}\u4E0D\u662F\u7B7E\u540D\u673A\u5236"}, - {"jarsigner.error.", "jarsigner \u9519\u8BEF: "}, - {"Illegal.option.", "\u975E\u6CD5\u9009\u9879: "}, - {".keystore.must.be.NONE.if.storetype.is.{0}", - "\u5982\u679C -storetype \u4E3A {0}, \u5219 -keystore \u5FC5\u987B\u4E3A NONE"}, - {".keypass.can.not.be.specified.if.storetype.is.{0}", - "\u5982\u679C -storetype \u4E3A {0}, \u5219\u4E0D\u80FD\u6307\u5B9A -keypass"}, - {"If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified", - "\u5982\u679C\u6307\u5B9A\u4E86 -protected, \u5219\u4E0D\u80FD\u6307\u5B9A -storepass \u548C -keypass"}, - {"If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified", - "\u5982\u679C\u5BC6\u94A5\u5E93\u672A\u53D7\u53E3\u4EE4\u4FDD\u62A4, \u5219\u4E0D\u80FD\u6307\u5B9A -storepass \u548C -keypass"}, - {"Usage.jarsigner.options.jar.file.alias", - "\u7528\u6CD5: jarsigner [\u9009\u9879] jar-file \u522B\u540D"}, - {".jarsigner.verify.options.jar.file.alias.", - " jarsigner -verify [\u9009\u9879] jar-file [\u522B\u540D...]"}, - {".keystore.url.keystore.location", - "[-keystore <url>] \u5BC6\u94A5\u5E93\u4F4D\u7F6E"}, - {".storepass.password.password.for.keystore.integrity", - "[-storepass <\u53E3\u4EE4>] \u7528\u4E8E\u5BC6\u94A5\u5E93\u5B8C\u6574\u6027\u7684\u53E3\u4EE4"}, - {".storetype.type.keystore.type", - "[-storetype <\u7C7B\u578B>] \u5BC6\u94A5\u5E93\u7C7B\u578B"}, - {".keypass.password.password.for.private.key.if.different.", - "[-keypass <\u53E3\u4EE4>] \u79C1\u6709\u5BC6\u94A5\u7684\u53E3\u4EE4 (\u5982\u679C\u4E0D\u540C)"}, - {".certchain.file.name.of.alternative.certchain.file", - "[-certchain <\u6587\u4EF6>] \u66FF\u4EE3\u8BC1\u4E66\u94FE\u6587\u4EF6\u7684\u540D\u79F0"}, - {".sigfile.file.name.of.SF.DSA.file", - "[-sigfile <\u6587\u4EF6>] .SF/.DSA \u6587\u4EF6\u7684\u540D\u79F0"}, - {".signedjar.file.name.of.signed.JAR.file", - "[-signedjar <\u6587\u4EF6>] \u5DF2\u7B7E\u540D\u7684 JAR \u6587\u4EF6\u7684\u540D\u79F0"}, - {".digestalg.algorithm.name.of.digest.algorithm", - "[-digestalg <\u7B97\u6CD5>] \u6458\u8981\u7B97\u6CD5\u7684\u540D\u79F0"}, - {".sigalg.algorithm.name.of.signature.algorithm", - "[-sigalg <\u7B97\u6CD5>] \u7B7E\u540D\u7B97\u6CD5\u7684\u540D\u79F0"}, - {".verify.verify.a.signed.JAR.file", - "[-verify] \u9A8C\u8BC1\u5DF2\u7B7E\u540D\u7684 JAR \u6587\u4EF6"}, - {".verbose.suboptions.verbose.output.when.signing.verifying.", - "[-verbose[:suboptions]] \u7B7E\u540D/\u9A8C\u8BC1\u65F6\u8F93\u51FA\u8BE6\u7EC6\u4FE1\u606F\u3002"}, - {".suboptions.can.be.all.grouped.or.summary", - " \u5B50\u9009\u9879\u53EF\u4EE5\u662F all, grouped \u6216 summary"}, - {".certs.display.certificates.when.verbose.and.verifying", - "[-certs] \u8F93\u51FA\u8BE6\u7EC6\u4FE1\u606F\u548C\u9A8C\u8BC1\u65F6\u663E\u793A\u8BC1\u4E66"}, - {".tsa.url.location.of.the.Timestamping.Authority", - "[-tsa <url>] \u65F6\u95F4\u6233\u9881\u53D1\u673A\u6784\u7684\u4F4D\u7F6E"}, - {".tsacert.alias.public.key.certificate.for.Timestamping.Authority", - "[-tsacert <\u522B\u540D>] \u65F6\u95F4\u6233\u9881\u53D1\u673A\u6784\u7684\u516C\u5171\u5BC6\u94A5\u8BC1\u4E66"}, - {".altsigner.class.class.name.of.an.alternative.signing.mechanism", - "[-altsigner <\u7C7B>] \u66FF\u4EE3\u7684\u7B7E\u540D\u673A\u5236\u7684\u7C7B\u540D"}, - {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism", - "[-altsignerpath <\u8DEF\u5F84\u5217\u8868>] \u66FF\u4EE3\u7684\u7B7E\u540D\u673A\u5236\u7684\u4F4D\u7F6E"}, - {".internalsf.include.the.SF.file.inside.the.signature.block", - "[-internalsf] \u5728\u7B7E\u540D\u5757\u5185\u5305\u542B .SF \u6587\u4EF6"}, - {".sectionsonly.don.t.compute.hash.of.entire.manifest", - "[-sectionsonly] \u4E0D\u8BA1\u7B97\u6574\u4E2A\u6E05\u5355\u7684\u6563\u5217"}, - {".protected.keystore.has.protected.authentication.path", - "[-protected] \u5BC6\u94A5\u5E93\u5177\u6709\u53D7\u4FDD\u62A4\u9A8C\u8BC1\u8DEF\u5F84"}, - {".providerName.name.provider.name", - "[-providerName <\u540D\u79F0>] \u63D0\u4F9B\u65B9\u540D\u79F0"}, - {".providerClass.class.name.of.cryptographic.service.provider.s", - "[-providerClass <\u7C7B> \u52A0\u5BC6\u670D\u52A1\u63D0\u4F9B\u65B9\u7684\u540D\u79F0"}, - {".providerArg.arg.master.class.file.and.constructor.argument", - " [-providerArg <\u53C2\u6570>]]... \u4E3B\u7C7B\u6587\u4EF6\u548C\u6784\u9020\u5668\u53C2\u6570"}, - {".strict.treat.warnings.as.errors", - "[-strict] \u5C06\u8B66\u544A\u89C6\u4E3A\u9519\u8BEF"}, - {"Option.lacks.argument", "\u9009\u9879\u7F3A\u5C11\u53C2\u6570"}, - {"Please.type.jarsigner.help.for.usage", "\u8BF7\u952E\u5165 jarsigner -help \u4EE5\u4E86\u89E3\u7528\u6CD5"}, - {"Please.specify.jarfile.name", "\u8BF7\u6307\u5B9A jarfile \u540D\u79F0"}, - {"Please.specify.alias.name", "\u8BF7\u6307\u5B9A\u522B\u540D"}, - {"Only.one.alias.can.be.specified", "\u53EA\u80FD\u6307\u5B9A\u4E00\u4E2A\u522B\u540D"}, - {"This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es.", - "\u6B64 jar \u5305\u542B\u672A\u7531\u6307\u5B9A\u522B\u540D\u7B7E\u540D\u7684\u5DF2\u7B7E\u540D\u6761\u76EE\u3002"}, - {"This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore.", - "\u6B64 jar \u5305\u542B\u672A\u7531\u6B64\u5BC6\u94A5\u5E93\u4E2D\u7684\u522B\u540D\u7B7E\u540D\u7684\u5DF2\u7B7E\u540D\u6761\u76EE\u3002"}, - {"s", "s"}, - {"m", "m"}, - {"k", "k"}, - {"i", "i"}, - {".and.d.more.", "(%d \u53CA\u4EE5\u4E0A)"}, - {".s.signature.was.verified.", - " s = \u5DF2\u9A8C\u8BC1\u7B7E\u540D "}, - {".m.entry.is.listed.in.manifest", - " m = \u5728\u6E05\u5355\u4E2D\u5217\u51FA\u6761\u76EE"}, - {".k.at.least.one.certificate.was.found.in.keystore", - " k = \u5728\u5BC6\u94A5\u5E93\u4E2D\u81F3\u5C11\u627E\u5230\u4E86\u4E00\u4E2A\u8BC1\u4E66"}, - {".i.at.least.one.certificate.was.found.in.identity.scope", - " i = \u5728\u8EAB\u4EFD\u4F5C\u7528\u57DF\u5185\u81F3\u5C11\u627E\u5230\u4E86\u4E00\u4E2A\u8BC1\u4E66"}, - {".X.not.signed.by.specified.alias.es.", - " X = \u672A\u7531\u6307\u5B9A\u522B\u540D\u7B7E\u540D"}, - {"no.manifest.", "\u6CA1\u6709\u6E05\u5355\u3002"}, - {".Signature.related.entries.","(\u4E0E\u7B7E\u540D\u76F8\u5173\u7684\u6761\u76EE)"}, - {".Unsigned.entries.", "(\u672A\u7B7E\u540D\u6761\u76EE)"}, - {"jar.is.unsigned.signatures.missing.or.not.parsable.", - "jar \u672A\u7B7E\u540D\u3002(\u7F3A\u5C11\u7B7E\u540D\u6216\u65E0\u6CD5\u89E3\u6790\u7B7E\u540D)"}, - {"jar.signed.", "jar \u5DF2\u7B7E\u540D\u3002"}, - {"jar.signed.with.signer.errors.", "jar \u5DF2\u7B7E\u540D, \u4F46\u51FA\u73B0\u7B7E\u540D\u8005\u9519\u8BEF\u3002"}, - {"jar.verified.", "jar \u5DF2\u9A8C\u8BC1\u3002"}, - {"jar.verified.with.signer.errors.", "jar \u5DF2\u9A8C\u8BC1, \u4F46\u51FA\u73B0\u7B7E\u540D\u8005\u9519\u8BEF\u3002"}, - {"jarsigner.", "jarsigner: "}, - {"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.", - "\u7B7E\u540D\u6587\u4EF6\u540D\u5FC5\u987B\u5305\u542B\u4EE5\u4E0B\u5B57\u7B26: A-Z, 0-9, _ \u6216 -"}, - {"unable.to.open.jar.file.", "\u65E0\u6CD5\u6253\u5F00 jar \u6587\u4EF6: "}, - {"unable.to.create.", "\u65E0\u6CD5\u521B\u5EFA: "}, - {".adding.", " \u6B63\u5728\u6DFB\u52A0: "}, - {".updating.", " \u6B63\u5728\u66F4\u65B0: "}, - {".signing.", " \u6B63\u5728\u7B7E\u540D: "}, - {"attempt.to.rename.signedJarFile.to.jarFile.failed", - "\u5C1D\u8BD5\u5C06{0}\u91CD\u547D\u540D\u4E3A{1}\u65F6\u5931\u8D25"}, - {"attempt.to.rename.jarFile.to.origJar.failed", - "\u5C1D\u8BD5\u5C06{0}\u91CD\u547D\u540D\u4E3A{1}\u65F6\u5931\u8D25"}, - {"unable.to.sign.jar.", "\u65E0\u6CD5\u5BF9 jar \u8FDB\u884C\u7B7E\u540D: "}, - {"Enter.Passphrase.for.keystore.", "\u8F93\u5165\u5BC6\u94A5\u5E93\u7684\u5BC6\u7801\u77ED\u8BED: "}, - {"keystore.load.", "\u5BC6\u94A5\u5E93\u52A0\u8F7D: "}, - {"certificate.exception.", "\u8BC1\u4E66\u5F02\u5E38\u9519\u8BEF: "}, - {"unable.to.instantiate.keystore.class.", - "\u65E0\u6CD5\u5B9E\u4F8B\u5316\u5BC6\u94A5\u5E93\u7C7B: "}, - {"Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and", - "\u627E\u4E0D\u5230{0}\u7684\u8BC1\u4E66\u94FE\u3002{1}\u5FC5\u987B\u5F15\u7528\u5305\u542B\u79C1\u6709\u5BC6\u94A5\u548C\u76F8\u5E94\u7684\u516C\u5171\u5BC6\u94A5\u8BC1\u4E66\u94FE\u7684\u6709\u6548\u5BC6\u94A5\u5E93\u5BC6\u94A5\u6761\u76EE\u3002"}, - {"File.specified.by.certchain.does.not.exist", - "\u7531 -certchain \u6307\u5B9A\u7684\u6587\u4EF6\u4E0D\u5B58\u5728"}, - {"Cannot.restore.certchain.from.file.specified", - "\u65E0\u6CD5\u4ECE\u6307\u5B9A\u7684\u6587\u4EF6\u8FD8\u539F certchain"}, - {"Certificate.chain.not.found.in.the.file.specified.", - "\u5728\u6307\u5B9A\u7684\u6587\u4EF6\u4E2D\u627E\u4E0D\u5230\u8BC1\u4E66\u94FE\u3002"}, - {"found.non.X.509.certificate.in.signer.s.chain", - "\u5728\u7B7E\u540D\u8005\u7684\u94FE\u4E2D\u627E\u5230\u975E X.509 \u8BC1\u4E66"}, - {"incomplete.certificate.chain", "\u8BC1\u4E66\u94FE\u4E0D\u5B8C\u6574"}, - {"Enter.key.password.for.alias.", "\u8F93\u5165{0}\u7684\u5BC6\u94A5\u53E3\u4EE4: "}, - {"unable.to.recover.key.from.keystore", - "\u65E0\u6CD5\u4ECE\u5BC6\u94A5\u5E93\u4E2D\u6062\u590D\u5BC6\u94A5"}, - {"key.associated.with.alias.not.a.private.key", - "\u4E0E{0}\u5173\u8054\u7684\u5BC6\u94A5\u4E0D\u662F\u79C1\u6709\u5BC6\u94A5"}, - {"you.must.enter.key.password", "\u5FC5\u987B\u8F93\u5165\u5BC6\u94A5\u53E3\u4EE4"}, - {"unable.to.read.password.", "\u65E0\u6CD5\u8BFB\u53D6\u53E3\u4EE4: "}, - {"certificate.is.valid.from", "\u8BC1\u4E66\u7684\u6709\u6548\u671F\u4E3A{0}\u81F3{1}"}, - {"certificate.expired.on", "\u8BC1\u4E66\u5230\u671F\u65E5\u671F\u4E3A {0}"}, - {"certificate.is.not.valid.until", - "\u76F4\u5230{0}, \u8BC1\u4E66\u624D\u6709\u6548"}, - {"certificate.will.expire.on", "\u8BC1\u4E66\u5C06\u5728{0}\u5230\u671F"}, - {".CertPath.not.validated.", "[CertPath \u672A\u9A8C\u8BC1: "}, - {"requesting.a.signature.timestamp", - "\u6B63\u5728\u8BF7\u6C42\u7B7E\u540D\u65F6\u95F4\u6233"}, - {"TSA.location.", "TSA \u4F4D\u7F6E: "}, - {"TSA.certificate.", "TSA \u8BC1\u4E66: "}, - {"no.response.from.the.Timestamping.Authority.", - "\u65F6\u95F4\u6233\u9881\u53D1\u673A\u6784\u6CA1\u6709\u54CD\u5E94\u3002\u5982\u679C\u8981\u4ECE\u9632\u706B\u5899\u540E\u9762\u8FDE\u63A5, \u5219\u53EF\u80FD\u9700\u8981\u6307\u5B9A HTTP \u6216 HTTPS \u4EE3\u7406\u3002\u8BF7\u4E3A jarsigner \u63D0\u4F9B\u4EE5\u4E0B\u9009\u9879: "}, - {"or", "\u6216"}, - {"Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the", - "\u627E\u4E0D\u5230{0}\u7684\u8BC1\u4E66\u3002{1}\u5FC5\u987B\u5F15\u7528\u5305\u542B\u65F6\u95F4\u6233\u9881\u53D1\u673A\u6784\u7684 X.509 \u516C\u5171\u5BC6\u94A5\u8BC1\u4E66\u7684\u6709\u6548\u5BC6\u94A5\u5E93\u6761\u76EE\u3002"}, - {"using.an.alternative.signing.mechanism", - "\u6B63\u5728\u4F7F\u7528\u66FF\u4EE3\u7684\u7B7E\u540D\u673A\u5236"}, - {"entry.was.signed.on", "\u6761\u76EE\u7684\u7B7E\u540D\u65E5\u671F\u4E3A {0}"}, - {"Warning.", "\u8B66\u544A: "}, - {"Error.", "\u9519\u8BEF: "}, - {"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.", - "\u6B64 jar \u5305\u542B\u5C1A\u672A\u8FDB\u884C\u5B8C\u6574\u6027\u68C0\u67E5\u7684\u672A\u7B7E\u540D\u6761\u76EE\u3002 "}, - {"This.jar.contains.entries.whose.signer.certificate.has.expired.", - "\u6B64 jar \u5305\u542B\u7B7E\u540D\u8005\u8BC1\u4E66\u5DF2\u8FC7\u671F\u7684\u6761\u76EE\u3002 "}, - {"This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months.", - "\u6B64 jar \u5305\u542B\u7B7E\u540D\u8005\u8BC1\u4E66\u5C06\u5728\u516D\u4E2A\u6708\u5185\u8FC7\u671F\u7684\u6761\u76EE\u3002 "}, - {"This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid.", - "\u6B64 jar \u5305\u542B\u7B7E\u540D\u8005\u8BC1\u4E66\u4ECD\u65E0\u6548\u7684\u6761\u76EE\u3002 "}, - {"Re.run.with.the.verbose.option.for.more.details.", - "\u6709\u5173\u8BE6\u7EC6\u4FE1\u606F, \u8BF7\u4F7F\u7528 -verbose \u9009\u9879\u91CD\u65B0\u8FD0\u884C\u3002"}, - {"Re.run.with.the.verbose.and.certs.options.for.more.details.", - "\u6709\u5173\u8BE6\u7EC6\u4FE1\u606F, \u8BF7\u4F7F\u7528 -verbose \u548C -certs \u9009\u9879\u91CD\u65B0\u8FD0\u884C\u3002"}, - {"The.signer.certificate.has.expired.", - "\u7B7E\u540D\u8005\u8BC1\u4E66\u5DF2\u8FC7\u671F\u3002"}, - {"The.signer.certificate.will.expire.within.six.months.", - "\u7B7E\u540D\u8005\u8BC1\u4E66\u5C06\u5728\u516D\u4E2A\u6708\u5185\u8FC7\u671F\u3002"}, - {"The.signer.certificate.is.not.yet.valid.", - "\u7B7E\u540D\u8005\u8BC1\u4E66\u4ECD\u65E0\u6548\u3002"}, - {"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.", - "\u7531\u4E8E\u7B7E\u540D\u8005\u8BC1\u4E66\u7684 KeyUsage \u6269\u5C55\u800C\u65E0\u6CD5\u8FDB\u884C\u4EE3\u7801\u7B7E\u540D\u3002"}, - {"The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.", - "\u7531\u4E8E\u7B7E\u540D\u8005\u8BC1\u4E66\u7684 ExtendedKeyUsage \u6269\u5C55\u800C\u65E0\u6CD5\u8FDB\u884C\u4EE3\u7801\u7B7E\u540D\u3002"}, - {"The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.", - "\u7531\u4E8E\u7B7E\u540D\u8005\u8BC1\u4E66\u7684 NetscapeCertType \u6269\u5C55\u800C\u65E0\u6CD5\u8FDB\u884C\u4EE3\u7801\u7B7E\u540D\u3002"}, - {"This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.", - "\u6B64 jar \u5305\u542B\u7531\u4E8E\u7B7E\u540D\u8005\u8BC1\u4E66\u7684 KeyUsage \u6269\u5C55\u800C\u65E0\u6CD5\u8FDB\u884C\u4EE3\u7801\u7B7E\u540D\u7684\u6761\u76EE\u3002"}, - {"This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.", - "\u6B64 jar \u5305\u542B\u7531\u4E8E\u7B7E\u540D\u8005\u8BC1\u4E66\u7684 ExtendedKeyUsage \u6269\u5C55\u800C\u65E0\u6CD5\u8FDB\u884C\u4EE3\u7801\u7B7E\u540D\u7684\u6761\u76EE\u3002"}, - {"This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.", - "\u6B64 jar \u5305\u542B\u7531\u4E8E\u7B7E\u540D\u8005\u8BC1\u4E66\u7684 NetscapeCertType \u6269\u5C55\u800C\u65E0\u6CD5\u8FDB\u884C\u4EE3\u7801\u7B7E\u540D\u7684\u6761\u76EE\u3002"}, - {".{0}.extension.does.not.support.code.signing.", - "[{0} \u6269\u5C55\u4E0D\u652F\u6301\u4EE3\u7801\u7B7E\u540D]"}, - {"The.signer.s.certificate.chain.is.not.validated.", - "\u7B7E\u540D\u8005\u7684\u8BC1\u4E66\u94FE\u672A\u9A8C\u8BC1\u3002"}, - {"This.jar.contains.entries.whose.certificate.chain.is.not.validated.", - "\u6B64 jar \u5305\u542B\u8BC1\u4E66\u94FE\u672A\u9A8C\u8BC1\u7684\u6761\u76EE\u3002"}, - {"no.timestamp.signing", - "\u672A\u63D0\u4F9B -tsa \u6216 -tsacert, \u6B64 jar \u6CA1\u6709\u65F6\u95F4\u6233\u3002\u5982\u679C\u6CA1\u6709\u65F6\u95F4\u6233, \u5219\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u7684\u5230\u671F\u65E5\u671F (%1$tY-%1$tm-%1$td) \u6216\u4EE5\u540E\u7684\u4EFB\u4F55\u64A4\u9500\u65E5\u671F\u4E4B\u540E, \u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002"}, - {"no.timestamp.verifying", - "\u6B64 jar \u5305\u542B\u7684\u7B7E\u540D\u6CA1\u6709\u65F6\u95F4\u6233\u3002\u5982\u679C\u6CA1\u6709\u65F6\u95F4\u6233, \u5219\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u7684\u5230\u671F\u65E5\u671F (%1$tY-%1$tm-%1$td) \u6216\u4EE5\u540E\u7684\u4EFB\u4F55\u64A4\u9500\u65E5\u671F\u4E4B\u540E, \u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002"}, - }; - - /** - * Returns the contents of this <code>ResourceBundle</code>. - * - * <p> - * - * @return the contents of this <code>ResourceBundle</code>. - */ - public Object[][] getContents() { - return contents; - } -}
--- a/src/share/classes/sun/security/tools/KeyStoreUtil.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/tools/KeyStoreUtil.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,18 @@ package sun.security.tools; +import java.io.BufferedReader; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStreamReader; + +import java.net.URL; + +import java.security.KeyStore; + +import java.text.Collator; + import java.util.Locale; /** @@ -34,18 +46,17 @@ */ public class KeyStoreUtil { - // Class and methods marked as public so that they can be - // accessed by JarSigner, which although lies in a package - // with the same name, but bundled in tools.jar and loaded - // by another class loader, hence in a different *runtime* - // package. - // - // See JVM Spec, 5.3 and 5.4.4 - private KeyStoreUtil() { // this class is not meant to be instantiated } + private static final String JKS = "jks"; + + private static final Collator collator = Collator.getInstance(); + static { + // this is for case insensitive string comparisons + collator.setStrength(Collator.PRIMARY); + }; /** * Returns true if KeyStore has a password. This is true except for @@ -68,4 +79,76 @@ return storetype.toUpperCase(Locale.ENGLISH); } } + + /** + * Returns the keystore with the configured CA certificates. + */ + public static KeyStore getCacertsKeyStore() + throws Exception + { + String sep = File.separator; + File file = new File(System.getProperty("java.home") + sep + + "lib" + sep + "security" + sep + + "cacerts"); + if (!file.exists()) { + return null; + } + KeyStore caks = null; + try (FileInputStream fis = new FileInputStream(file)) { + caks = KeyStore.getInstance(JKS); + caks.load(fis, null); + } + return caks; + } + + public static char[] getPassWithModifier(String modifier, String arg, + java.util.ResourceBundle rb) { + if (modifier == null) { + return arg.toCharArray(); + } else if (collator.compare(modifier, "env") == 0) { + String value = System.getenv(arg); + if (value == null) { + System.err.println(rb.getString( + "Cannot.find.environment.variable.") + arg); + return null; + } else { + return value.toCharArray(); + } + } else if (collator.compare(modifier, "file") == 0) { + try { + URL url = null; + try { + url = new URL(arg); + } catch (java.net.MalformedURLException mue) { + File f = new File(arg); + if (f.exists()) { + url = f.toURI().toURL(); + } else { + System.err.println(rb.getString( + "Cannot.find.file.") + arg); + return null; + } + } + + try (BufferedReader br = + new BufferedReader(new InputStreamReader( + url.openStream()))) { + String value = br.readLine(); + + if (value == null) { + return new char[0]; + } + + return value.toCharArray(); + } + } catch (IOException ioe) { + System.err.println(ioe); + return null; + } + } else { + System.err.println(rb.getString("Unknown.password.type.") + + modifier); + return null; + } + } }
--- a/src/share/classes/sun/security/tools/KeyTool.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,4245 +0,0 @@ -/* - * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.tools; - -import java.io.*; -import java.security.CodeSigner; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.MessageDigest; -import java.security.Key; -import java.security.PublicKey; -import java.security.PrivateKey; -import java.security.Security; -import java.security.Signature; -import java.security.Timestamp; -import java.security.UnrecoverableEntryException; -import java.security.UnrecoverableKeyException; -import java.security.Principal; -import java.security.Provider; -import java.security.cert.Certificate; -import java.security.cert.CertificateFactory; -import java.security.cert.CRL; -import java.security.cert.X509Certificate; -import java.security.cert.CertificateException; -import java.text.Collator; -import java.text.MessageFormat; -import java.util.*; -import java.util.jar.JarEntry; -import java.util.jar.JarFile; -import java.lang.reflect.Constructor; -import java.math.BigInteger; -import java.net.Socket; -import java.net.URI; -import java.net.URL; -import java.net.URLClassLoader; -import java.security.cert.CertStore; - -import java.security.cert.X509CRL; -import java.security.cert.X509CRLEntry; -import java.security.cert.X509CRLSelector; -import javax.security.auth.x500.X500Principal; -import sun.misc.BASE64Encoder; -import sun.security.util.ObjectIdentifier; -import sun.security.pkcs.PKCS10; -import sun.security.provider.X509Factory; -import sun.security.util.Password; -import sun.security.util.PathList; -import javax.crypto.KeyGenerator; -import javax.crypto.SecretKey; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; -import sun.misc.BASE64Decoder; -import sun.security.pkcs.PKCS10Attribute; -import sun.security.pkcs.PKCS9Attribute; -import sun.security.provider.certpath.ldap.LDAPCertStoreHelper; -import sun.security.util.DerValue; -import sun.security.x509.*; - -import static java.security.KeyStore.*; -import javax.net.ssl.*; -import static sun.security.tools.KeyTool.Command.*; -import static sun.security.tools.KeyTool.Option.*; - -/** - * This tool manages keystores. - * - * @author Jan Luehe - * - * - * @see java.security.KeyStore - * @see sun.security.provider.KeyProtector - * @see sun.security.provider.JavaKeyStore - * - * @since 1.2 - */ -public final class KeyTool { - - private boolean debug = false; - private Command command = null; - private String sigAlgName = null; - private String keyAlgName = null; - private boolean verbose = false; - private int keysize = -1; - private boolean rfc = false; - private long validity = (long)90; - private String alias = null; - private String dname = null; - private String dest = null; - private String filename = null; - private String infilename = null; - private String outfilename = null; - private String srcksfname = null; - - // User-specified providers are added before any command is called. - // However, they are not removed before the end of the main() method. - // If you're calling KeyTool.main() directly in your own Java program, - // please programtically add any providers you need and do not specify - // them through the command line. - - private Set<Pair <String, String>> providers = null; - private String storetype = null; - private String srcProviderName = null; - private String providerName = null; - private String pathlist = null; - private char[] storePass = null; - private char[] storePassNew = null; - private char[] keyPass = null; - private char[] keyPassNew = null; - private char[] newPass = null; - private char[] destKeyPass = null; - private char[] srckeyPass = null; - private String ksfname = null; - private File ksfile = null; - private InputStream ksStream = null; // keystore stream - private String sslserver = null; - private String jarfile = null; - private KeyStore keyStore = null; - private boolean token = false; - private boolean nullStream = false; - private boolean kssave = false; - private boolean noprompt = false; - private boolean trustcacerts = false; - private boolean protectedPath = false; - private boolean srcprotectedPath = false; - private CertificateFactory cf = null; - private KeyStore caks = null; // "cacerts" keystore - private char[] srcstorePass = null; - private String srcstoretype = null; - private Set<char[]> passwords = new HashSet<>(); - private String startDate = null; - - private List<String> ids = new ArrayList<>(); // used in GENCRL - private List<String> v3ext = new ArrayList<>(); - - enum Command { - CERTREQ("Generates.a.certificate.request", - ALIAS, SIGALG, FILEOUT, KEYPASS, KEYSTORE, DNAME, - STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS, - PROVIDERARG, PROVIDERPATH, V, PROTECTED), - CHANGEALIAS("Changes.an.entry.s.alias", - ALIAS, DESTALIAS, KEYPASS, KEYSTORE, STOREPASS, - STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG, - PROVIDERPATH, V, PROTECTED), - DELETE("Deletes.an.entry", - ALIAS, KEYSTORE, STOREPASS, STORETYPE, - PROVIDERNAME, PROVIDERCLASS, PROVIDERARG, - PROVIDERPATH, V, PROTECTED), - EXPORTCERT("Exports.certificate", - RFC, ALIAS, FILEOUT, KEYSTORE, STOREPASS, - STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG, - PROVIDERPATH, V, PROTECTED), - GENKEYPAIR("Generates.a.key.pair", - ALIAS, KEYALG, KEYSIZE, SIGALG, DESTALIAS, DNAME, - STARTDATE, EXT, VALIDITY, KEYPASS, KEYSTORE, - STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS, - PROVIDERARG, PROVIDERPATH, V, PROTECTED), - GENSECKEY("Generates.a.secret.key", - ALIAS, KEYPASS, KEYALG, KEYSIZE, KEYSTORE, - STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS, - PROVIDERARG, PROVIDERPATH, V, PROTECTED), - GENCERT("Generates.certificate.from.a.certificate.request", - RFC, INFILE, OUTFILE, ALIAS, SIGALG, DNAME, - STARTDATE, EXT, VALIDITY, KEYPASS, KEYSTORE, - STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS, - PROVIDERARG, PROVIDERPATH, V, PROTECTED), - IMPORTCERT("Imports.a.certificate.or.a.certificate.chain", - NOPROMPT, TRUSTCACERTS, PROTECTED, ALIAS, FILEIN, - KEYPASS, KEYSTORE, STOREPASS, STORETYPE, - PROVIDERNAME, PROVIDERCLASS, PROVIDERARG, - PROVIDERPATH, V), - IMPORTKEYSTORE("Imports.one.or.all.entries.from.another.keystore", - SRCKEYSTORE, DESTKEYSTORE, SRCSTORETYPE, - DESTSTORETYPE, SRCSTOREPASS, DESTSTOREPASS, - SRCPROTECTED, SRCPROVIDERNAME, DESTPROVIDERNAME, - SRCALIAS, DESTALIAS, SRCKEYPASS, DESTKEYPASS, - NOPROMPT, PROVIDERCLASS, PROVIDERARG, PROVIDERPATH, - V), - KEYPASSWD("Changes.the.key.password.of.an.entry", - ALIAS, KEYPASS, NEW, KEYSTORE, STOREPASS, - STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG, - PROVIDERPATH, V), - LIST("Lists.entries.in.a.keystore", - RFC, ALIAS, KEYSTORE, STOREPASS, STORETYPE, - PROVIDERNAME, PROVIDERCLASS, PROVIDERARG, - PROVIDERPATH, V, PROTECTED), - PRINTCERT("Prints.the.content.of.a.certificate", - RFC, FILEIN, SSLSERVER, JARFILE, V), - PRINTCERTREQ("Prints.the.content.of.a.certificate.request", - FILEIN, V), - PRINTCRL("Prints.the.content.of.a.CRL.file", - FILEIN, V), - STOREPASSWD("Changes.the.store.password.of.a.keystore", - NEW, KEYSTORE, STOREPASS, STORETYPE, PROVIDERNAME, - PROVIDERCLASS, PROVIDERARG, PROVIDERPATH, V), - - // Undocumented start here, KEYCLONE is used a marker in -help; - - KEYCLONE("Clones.a.key.entry", - ALIAS, DESTALIAS, KEYPASS, NEW, STORETYPE, - KEYSTORE, STOREPASS, PROVIDERNAME, PROVIDERCLASS, - PROVIDERARG, PROVIDERPATH, V), - SELFCERT("Generates.a.self.signed.certificate", - ALIAS, SIGALG, DNAME, STARTDATE, VALIDITY, KEYPASS, - STORETYPE, KEYSTORE, STOREPASS, PROVIDERNAME, - PROVIDERCLASS, PROVIDERARG, PROVIDERPATH, V), - GENCRL("Generates.CRL", - RFC, FILEOUT, ID, - ALIAS, SIGALG, EXT, KEYPASS, KEYSTORE, - STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS, - PROVIDERARG, PROVIDERPATH, V, PROTECTED), - IDENTITYDB("Imports.entries.from.a.JDK.1.1.x.style.identity.database", - FILEIN, STORETYPE, KEYSTORE, STOREPASS, PROVIDERNAME, - PROVIDERCLASS, PROVIDERARG, PROVIDERPATH, V); - - final String description; - final Option[] options; - Command(String d, Option... o) { - description = d; - options = o; - } - @Override - public String toString() { - return "-" + name().toLowerCase(Locale.ENGLISH); - } - }; - - enum Option { - ALIAS("alias", "<alias>", "alias.name.of.the.entry.to.process"), - DESTALIAS("destalias", "<destalias>", "destination.alias"), - DESTKEYPASS("destkeypass", "<arg>", "destination.key.password"), - DESTKEYSTORE("destkeystore", "<destkeystore>", "destination.keystore.name"), - DESTPROTECTED("destprotected", null, "destination.keystore.password.protected"), - DESTPROVIDERNAME("destprovidername", "<destprovidername>", "destination.keystore.provider.name"), - DESTSTOREPASS("deststorepass", "<arg>", "destination.keystore.password"), - DESTSTORETYPE("deststoretype", "<deststoretype>", "destination.keystore.type"), - DNAME("dname", "<dname>", "distinguished.name"), - EXT("ext", "<value>", "X.509.extension"), - FILEOUT("file", "<filename>", "output.file.name"), - FILEIN("file", "<filename>", "input.file.name"), - ID("id", "<id:reason>", "Serial.ID.of.cert.to.revoke"), - INFILE("infile", "<filename>", "input.file.name"), - KEYALG("keyalg", "<keyalg>", "key.algorithm.name"), - KEYPASS("keypass", "<arg>", "key.password"), - KEYSIZE("keysize", "<keysize>", "key.bit.size"), - KEYSTORE("keystore", "<keystore>", "keystore.name"), - NEW("new", "<arg>", "new.password"), - NOPROMPT("noprompt", null, "do.not.prompt"), - OUTFILE("outfile", "<filename>", "output.file.name"), - PROTECTED("protected", null, "password.through.protected.mechanism"), - PROVIDERARG("providerarg", "<arg>", "provider.argument"), - PROVIDERCLASS("providerclass", "<providerclass>", "provider.class.name"), - PROVIDERNAME("providername", "<providername>", "provider.name"), - PROVIDERPATH("providerpath", "<pathlist>", "provider.classpath"), - RFC("rfc", null, "output.in.RFC.style"), - SIGALG("sigalg", "<sigalg>", "signature.algorithm.name"), - SRCALIAS("srcalias", "<srcalias>", "source.alias"), - SRCKEYPASS("srckeypass", "<arg>", "source.key.password"), - SRCKEYSTORE("srckeystore", "<srckeystore>", "source.keystore.name"), - SRCPROTECTED("srcprotected", null, "source.keystore.password.protected"), - SRCPROVIDERNAME("srcprovidername", "<srcprovidername>", "source.keystore.provider.name"), - SRCSTOREPASS("srcstorepass", "<arg>", "source.keystore.password"), - SRCSTORETYPE("srcstoretype", "<srcstoretype>", "source.keystore.type"), - SSLSERVER("sslserver", "<server[:port]>", "SSL.server.host.and.port"), - JARFILE("jarfile", "<filename>", "signed.jar.file"), - STARTDATE("startdate", "<startdate>", "certificate.validity.start.date.time"), - STOREPASS("storepass", "<arg>", "keystore.password"), - STORETYPE("storetype", "<storetype>", "keystore.type"), - TRUSTCACERTS("trustcacerts", null, "trust.certificates.from.cacerts"), - V("v", null, "verbose.output"), - VALIDITY("validity", "<valDays>", "validity.number.of.days"); - - final String name, arg, description; - Option(String name, String arg, String description) { - this.name = name; - this.arg = arg; - this.description = description; - } - @Override - public String toString() { - return "-" + name; - } - }; - - private static final Class[] PARAM_STRING = { String.class }; - - private static final String JKS = "jks"; - private static final String NONE = "NONE"; - private static final String P11KEYSTORE = "PKCS11"; - private static final String P12KEYSTORE = "PKCS12"; - private final String keyAlias = "mykey"; - - // for i18n - private static final java.util.ResourceBundle rb = - java.util.ResourceBundle.getBundle("sun.security.util.Resources"); - private static final Collator collator = Collator.getInstance(); - static { - // this is for case insensitive string comparisons - collator.setStrength(Collator.PRIMARY); - }; - - private KeyTool() { } - - public static void main(String[] args) throws Exception { - KeyTool kt = new KeyTool(); - kt.run(args, System.out); - } - - private void run(String[] args, PrintStream out) throws Exception { - try { - parseArgs(args); - if (command != null) { - doCommands(out); - } - } catch (Exception e) { - System.out.println(rb.getString("keytool.error.") + e); - if (verbose) { - e.printStackTrace(System.out); - } - if (!debug) { - System.exit(1); - } else { - throw e; - } - } finally { - for (char[] pass : passwords) { - if (pass != null) { - Arrays.fill(pass, ' '); - pass = null; - } - } - - if (ksStream != null) { - ksStream.close(); - } - } - } - - /** - * Parse command line arguments. - */ - void parseArgs(String[] args) { - - int i=0; - boolean help = args.length == 0; - - for (i=0; (i < args.length) && args[i].startsWith("-"); i++) { - - String flags = args[i]; - - // Check if the last option needs an arg - if (i == args.length - 1) { - for (Option option: Option.values()) { - // Only options with an arg need to be checked - if (collator.compare(flags, option.toString()) == 0) { - if (option.arg != null) errorNeedArgument(flags); - break; - } - } - } - - /* - * Check modifiers - */ - String modifier = null; - int pos = flags.indexOf(':'); - if (pos > 0) { - modifier = flags.substring(pos+1); - flags = flags.substring(0, pos); - } - /* - * command modes - */ - boolean isCommand = false; - for (Command c: Command.values()) { - if (collator.compare(flags, c.toString()) == 0) { - command = c; - isCommand = true; - break; - } - } - - if (isCommand) { - // already recognized as a command - } else if (collator.compare(flags, "-export") == 0) { - command = EXPORTCERT; - } else if (collator.compare(flags, "-genkey") == 0) { - command = GENKEYPAIR; - } else if (collator.compare(flags, "-import") == 0) { - command = IMPORTCERT; - } - /* - * Help - */ - else if (collator.compare(flags, "-help") == 0) { - help = true; - } - - /* - * specifiers - */ - else if (collator.compare(flags, "-keystore") == 0 || - collator.compare(flags, "-destkeystore") == 0) { - ksfname = args[++i]; - } else if (collator.compare(flags, "-storepass") == 0 || - collator.compare(flags, "-deststorepass") == 0) { - storePass = getPass(modifier, args[++i]); - passwords.add(storePass); - } else if (collator.compare(flags, "-storetype") == 0 || - collator.compare(flags, "-deststoretype") == 0) { - storetype = args[++i]; - } else if (collator.compare(flags, "-srcstorepass") == 0) { - srcstorePass = getPass(modifier, args[++i]); - passwords.add(srcstorePass); - } else if (collator.compare(flags, "-srcstoretype") == 0) { - srcstoretype = args[++i]; - } else if (collator.compare(flags, "-srckeypass") == 0) { - srckeyPass = getPass(modifier, args[++i]); - passwords.add(srckeyPass); - } else if (collator.compare(flags, "-srcprovidername") == 0) { - srcProviderName = args[++i]; - } else if (collator.compare(flags, "-providername") == 0 || - collator.compare(flags, "-destprovidername") == 0) { - providerName = args[++i]; - } else if (collator.compare(flags, "-providerpath") == 0) { - pathlist = args[++i]; - } else if (collator.compare(flags, "-keypass") == 0) { - keyPass = getPass(modifier, args[++i]); - passwords.add(keyPass); - } else if (collator.compare(flags, "-new") == 0) { - newPass = getPass(modifier, args[++i]); - passwords.add(newPass); - } else if (collator.compare(flags, "-destkeypass") == 0) { - destKeyPass = getPass(modifier, args[++i]); - passwords.add(destKeyPass); - } else if (collator.compare(flags, "-alias") == 0 || - collator.compare(flags, "-srcalias") == 0) { - alias = args[++i]; - } else if (collator.compare(flags, "-dest") == 0 || - collator.compare(flags, "-destalias") == 0) { - dest = args[++i]; - } else if (collator.compare(flags, "-dname") == 0) { - dname = args[++i]; - } else if (collator.compare(flags, "-keysize") == 0) { - keysize = Integer.parseInt(args[++i]); - } else if (collator.compare(flags, "-keyalg") == 0) { - keyAlgName = args[++i]; - } else if (collator.compare(flags, "-sigalg") == 0) { - sigAlgName = args[++i]; - } else if (collator.compare(flags, "-startdate") == 0) { - startDate = args[++i]; - } else if (collator.compare(flags, "-validity") == 0) { - validity = Long.parseLong(args[++i]); - } else if (collator.compare(flags, "-ext") == 0) { - v3ext.add(args[++i]); - } else if (collator.compare(flags, "-id") == 0) { - ids.add(args[++i]); - } else if (collator.compare(flags, "-file") == 0) { - filename = args[++i]; - } else if (collator.compare(flags, "-infile") == 0) { - infilename = args[++i]; - } else if (collator.compare(flags, "-outfile") == 0) { - outfilename = args[++i]; - } else if (collator.compare(flags, "-sslserver") == 0) { - sslserver = args[++i]; - } else if (collator.compare(flags, "-jarfile") == 0) { - jarfile = args[++i]; - } else if (collator.compare(flags, "-srckeystore") == 0) { - srcksfname = args[++i]; - } else if ((collator.compare(flags, "-provider") == 0) || - (collator.compare(flags, "-providerclass") == 0)) { - if (providers == null) { - providers = new HashSet<Pair <String, String>> (3); - } - String providerClass = args[++i]; - String providerArg = null; - - if (args.length > (i+1)) { - flags = args[i+1]; - if (collator.compare(flags, "-providerarg") == 0) { - if (args.length == (i+2)) errorNeedArgument(flags); - providerArg = args[i+2]; - i += 2; - } - } - providers.add( - Pair.of(providerClass, providerArg)); - } - - /* - * options - */ - else if (collator.compare(flags, "-v") == 0) { - verbose = true; - } else if (collator.compare(flags, "-debug") == 0) { - debug = true; - } else if (collator.compare(flags, "-rfc") == 0) { - rfc = true; - } else if (collator.compare(flags, "-noprompt") == 0) { - noprompt = true; - } else if (collator.compare(flags, "-trustcacerts") == 0) { - trustcacerts = true; - } else if (collator.compare(flags, "-protected") == 0 || - collator.compare(flags, "-destprotected") == 0) { - protectedPath = true; - } else if (collator.compare(flags, "-srcprotected") == 0) { - srcprotectedPath = true; - } else { - System.err.println(rb.getString("Illegal.option.") + flags); - tinyHelp(); - } - } - - if (i<args.length) { - System.err.println(rb.getString("Illegal.option.") + args[i]); - tinyHelp(); - } - - if (command == null) { - if (help) { - usage(); - } else { - System.err.println(rb.getString("Usage.error.no.command.provided")); - tinyHelp(); - } - } else if (help) { - usage(); - command = null; - } - } - - boolean isKeyStoreRelated(Command cmd) { - return cmd != PRINTCERT && cmd != PRINTCERTREQ; - } - - /** - * Execute the commands. - */ - void doCommands(PrintStream out) throws Exception { - - if (storetype == null) { - storetype = KeyStore.getDefaultType(); - } - storetype = KeyStoreUtil.niceStoreTypeName(storetype); - - if (srcstoretype == null) { - srcstoretype = KeyStore.getDefaultType(); - } - srcstoretype = KeyStoreUtil.niceStoreTypeName(srcstoretype); - - if (P11KEYSTORE.equalsIgnoreCase(storetype) || - KeyStoreUtil.isWindowsKeyStore(storetype)) { - token = true; - if (ksfname == null) { - ksfname = NONE; - } - } - if (NONE.equals(ksfname)) { - nullStream = true; - } - - if (token && !nullStream) { - System.err.println(MessageFormat.format(rb.getString - (".keystore.must.be.NONE.if.storetype.is.{0}"), storetype)); - System.err.println(); - tinyHelp(); - } - - if (token && - (command == KEYPASSWD || command == STOREPASSWD)) { - throw new UnsupportedOperationException(MessageFormat.format(rb.getString - (".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}"), storetype)); - } - - if (P12KEYSTORE.equalsIgnoreCase(storetype) && command == KEYPASSWD) { - throw new UnsupportedOperationException(rb.getString - (".keypasswd.commands.not.supported.if.storetype.is.PKCS12")); - } - - if (token && (keyPass != null || newPass != null || destKeyPass != null)) { - throw new IllegalArgumentException(MessageFormat.format(rb.getString - (".keypass.and.new.can.not.be.specified.if.storetype.is.{0}"), storetype)); - } - - if (protectedPath) { - if (storePass != null || keyPass != null || - newPass != null || destKeyPass != null) { - throw new IllegalArgumentException(rb.getString - ("if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified")); - } - } - - if (srcprotectedPath) { - if (srcstorePass != null || srckeyPass != null) { - throw new IllegalArgumentException(rb.getString - ("if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified")); - } - } - - if (KeyStoreUtil.isWindowsKeyStore(storetype)) { - if (storePass != null || keyPass != null || - newPass != null || destKeyPass != null) { - throw new IllegalArgumentException(rb.getString - ("if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified")); - } - } - - if (KeyStoreUtil.isWindowsKeyStore(srcstoretype)) { - if (srcstorePass != null || srckeyPass != null) { - throw new IllegalArgumentException(rb.getString - ("if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified")); - } - } - - if (validity <= (long)0) { - throw new Exception - (rb.getString("Validity.must.be.greater.than.zero")); - } - - // Try to load and install specified provider - if (providers != null) { - ClassLoader cl = null; - if (pathlist != null) { - String path = null; - path = PathList.appendPath( - path, System.getProperty("java.class.path")); - path = PathList.appendPath( - path, System.getProperty("env.class.path")); - path = PathList.appendPath(path, pathlist); - - URL[] urls = PathList.pathToURLs(path); - cl = new URLClassLoader(urls); - } else { - cl = ClassLoader.getSystemClassLoader(); - } - - for (Pair <String, String> provider: providers) { - String provName = provider.fst; - Class<?> provClass; - if (cl != null) { - provClass = cl.loadClass(provName); - } else { - provClass = Class.forName(provName); - } - - String provArg = provider.snd; - Object obj; - if (provArg == null) { - obj = provClass.newInstance(); - } else { - Constructor<?> c = provClass.getConstructor(PARAM_STRING); - obj = c.newInstance(provArg); - } - if (!(obj instanceof Provider)) { - MessageFormat form = new MessageFormat - (rb.getString("provName.not.a.provider")); - Object[] source = {provName}; - throw new Exception(form.format(source)); - } - Security.addProvider((Provider)obj); - } - } - - if (command == LIST && verbose && rfc) { - System.err.println(rb.getString - ("Must.not.specify.both.v.and.rfc.with.list.command")); - tinyHelp(); - } - - // Make sure provided passwords are at least 6 characters long - if (command == GENKEYPAIR && keyPass!=null && keyPass.length < 6) { - throw new Exception(rb.getString - ("Key.password.must.be.at.least.6.characters")); - } - if (newPass != null && newPass.length < 6) { - throw new Exception(rb.getString - ("New.password.must.be.at.least.6.characters")); - } - if (destKeyPass != null && destKeyPass.length < 6) { - throw new Exception(rb.getString - ("New.password.must.be.at.least.6.characters")); - } - - // Check if keystore exists. - // If no keystore has been specified at the command line, try to use - // the default, which is located in $HOME/.keystore. - // If the command is "genkey", "identitydb", "import", or "printcert", - // it is OK not to have a keystore. - if (isKeyStoreRelated(command)) { - if (ksfname == null) { - ksfname = System.getProperty("user.home") + File.separator - + ".keystore"; - } - - if (!nullStream) { - try { - ksfile = new File(ksfname); - // Check if keystore file is empty - if (ksfile.exists() && ksfile.length() == 0) { - throw new Exception(rb.getString - ("Keystore.file.exists.but.is.empty.") + ksfname); - } - ksStream = new FileInputStream(ksfile); - } catch (FileNotFoundException e) { - if (command != GENKEYPAIR && - command != GENSECKEY && - command != IDENTITYDB && - command != IMPORTCERT && - command != IMPORTKEYSTORE && - command != PRINTCRL) { - throw new Exception(rb.getString - ("Keystore.file.does.not.exist.") + ksfname); - } - } - } - } - - if ((command == KEYCLONE || command == CHANGEALIAS) - && dest == null) { - dest = getAlias("destination"); - if ("".equals(dest)) { - throw new Exception(rb.getString - ("Must.specify.destination.alias")); - } - } - - if (command == DELETE && alias == null) { - alias = getAlias(null); - if ("".equals(alias)) { - throw new Exception(rb.getString("Must.specify.alias")); - } - } - - // Create new keystore - if (providerName == null) { - keyStore = KeyStore.getInstance(storetype); - } else { - keyStore = KeyStore.getInstance(storetype, providerName); - } - - /* - * Load the keystore data. - * - * At this point, it's OK if no keystore password has been provided. - * We want to make sure that we can load the keystore data, i.e., - * the keystore data has the right format. If we cannot load the - * keystore, why bother asking the user for his or her password? - * Only if we were able to load the keystore, and no keystore - * password has been provided, will we prompt the user for the - * keystore password to verify the keystore integrity. - * This means that the keystore is loaded twice: first load operation - * checks the keystore format, second load operation verifies the - * keystore integrity. - * - * If the keystore password has already been provided (at the - * command line), however, the keystore is loaded only once, and the - * keystore format and integrity are checked "at the same time". - * - * Null stream keystores are loaded later. - */ - if (!nullStream) { - keyStore.load(ksStream, storePass); - if (ksStream != null) { - ksStream.close(); - } - } - - // All commands that create or modify the keystore require a keystore - // password. - - if (nullStream && storePass != null) { - keyStore.load(null, storePass); - } else if (!nullStream && storePass != null) { - // If we are creating a new non nullStream-based keystore, - // insist that the password be at least 6 characters - if (ksStream == null && storePass.length < 6) { - throw new Exception(rb.getString - ("Keystore.password.must.be.at.least.6.characters")); - } - } else if (storePass == null) { - - // only prompt if (protectedPath == false) - - if (!protectedPath && !KeyStoreUtil.isWindowsKeyStore(storetype) && - (command == CERTREQ || - command == DELETE || - command == GENKEYPAIR || - command == GENSECKEY || - command == IMPORTCERT || - command == IMPORTKEYSTORE || - command == KEYCLONE || - command == CHANGEALIAS || - command == SELFCERT || - command == STOREPASSWD || - command == KEYPASSWD || - command == IDENTITYDB)) { - int count = 0; - do { - if (command == IMPORTKEYSTORE) { - System.err.print - (rb.getString("Enter.destination.keystore.password.")); - } else { - System.err.print - (rb.getString("Enter.keystore.password.")); - } - System.err.flush(); - storePass = Password.readPassword(System.in); - passwords.add(storePass); - - // If we are creating a new non nullStream-based keystore, - // insist that the password be at least 6 characters - if (!nullStream && (storePass == null || storePass.length < 6)) { - System.err.println(rb.getString - ("Keystore.password.is.too.short.must.be.at.least.6.characters")); - storePass = null; - } - - // If the keystore file does not exist and needs to be - // created, the storepass should be prompted twice. - if (storePass != null && !nullStream && ksStream == null) { - System.err.print(rb.getString("Re.enter.new.password.")); - char[] storePassAgain = Password.readPassword(System.in); - passwords.add(storePassAgain); - if (!Arrays.equals(storePass, storePassAgain)) { - System.err.println - (rb.getString("They.don.t.match.Try.again")); - storePass = null; - } - } - - count++; - } while ((storePass == null) && count < 3); - - - if (storePass == null) { - System.err.println - (rb.getString("Too.many.failures.try.later")); - return; - } - } else if (!protectedPath - && !KeyStoreUtil.isWindowsKeyStore(storetype) - && isKeyStoreRelated(command)) { - // here we have EXPORTCERT and LIST (info valid until STOREPASSWD) - if (command != PRINTCRL) { - System.err.print(rb.getString("Enter.keystore.password.")); - System.err.flush(); - storePass = Password.readPassword(System.in); - passwords.add(storePass); - } - } - - // Now load a nullStream-based keystore, - // or verify the integrity of an input stream-based keystore - if (nullStream) { - keyStore.load(null, storePass); - } else if (ksStream != null) { - ksStream = new FileInputStream(ksfile); - keyStore.load(ksStream, storePass); - ksStream.close(); - } - } - - if (storePass != null && P12KEYSTORE.equalsIgnoreCase(storetype)) { - MessageFormat form = new MessageFormat(rb.getString( - "Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.")); - if (keyPass != null && !Arrays.equals(storePass, keyPass)) { - Object[] source = {"-keypass"}; - System.err.println(form.format(source)); - keyPass = storePass; - } - if (newPass != null && !Arrays.equals(storePass, newPass)) { - Object[] source = {"-new"}; - System.err.println(form.format(source)); - newPass = storePass; - } - if (destKeyPass != null && !Arrays.equals(storePass, destKeyPass)) { - Object[] source = {"-destkeypass"}; - System.err.println(form.format(source)); - destKeyPass = storePass; - } - } - - // Create a certificate factory - if (command == PRINTCERT || command == IMPORTCERT - || command == IDENTITYDB || command == PRINTCRL) { - cf = CertificateFactory.getInstance("X509"); - } - - if (trustcacerts) { - caks = getCacertsKeyStore(); - } - - // Perform the specified command - if (command == CERTREQ) { - PrintStream ps = null; - if (filename != null) { - ps = new PrintStream(new FileOutputStream - (filename)); - out = ps; - } - try { - doCertReq(alias, sigAlgName, out); - } finally { - if (ps != null) { - ps.close(); - } - } - if (verbose && filename != null) { - MessageFormat form = new MessageFormat(rb.getString - ("Certification.request.stored.in.file.filename.")); - Object[] source = {filename}; - System.err.println(form.format(source)); - System.err.println(rb.getString("Submit.this.to.your.CA")); - } - } else if (command == DELETE) { - doDeleteEntry(alias); - kssave = true; - } else if (command == EXPORTCERT) { - PrintStream ps = null; - if (filename != null) { - ps = new PrintStream(new FileOutputStream - (filename)); - out = ps; - } - try { - doExportCert(alias, out); - } finally { - if (ps != null) { - ps.close(); - } - } - if (filename != null) { - MessageFormat form = new MessageFormat(rb.getString - ("Certificate.stored.in.file.filename.")); - Object[] source = {filename}; - System.err.println(form.format(source)); - } - } else if (command == GENKEYPAIR) { - if (keyAlgName == null) { - keyAlgName = "DSA"; - } - doGenKeyPair(alias, dname, keyAlgName, keysize, sigAlgName); - kssave = true; - } else if (command == GENSECKEY) { - if (keyAlgName == null) { - keyAlgName = "DES"; - } - doGenSecretKey(alias, keyAlgName, keysize); - kssave = true; - } else if (command == IDENTITYDB) { - InputStream inStream = System.in; - if (filename != null) { - inStream = new FileInputStream(filename); - } - try { - doImportIdentityDatabase(inStream); - } finally { - if (inStream != System.in) { - inStream.close(); - } - } - } else if (command == IMPORTCERT) { - InputStream inStream = System.in; - if (filename != null) { - inStream = new FileInputStream(filename); - } - String importAlias = (alias!=null)?alias:keyAlias; - try { - if (keyStore.entryInstanceOf( - importAlias, KeyStore.PrivateKeyEntry.class)) { - kssave = installReply(importAlias, inStream); - if (kssave) { - System.err.println(rb.getString - ("Certificate.reply.was.installed.in.keystore")); - } else { - System.err.println(rb.getString - ("Certificate.reply.was.not.installed.in.keystore")); - } - } else if (!keyStore.containsAlias(importAlias) || - keyStore.entryInstanceOf(importAlias, - KeyStore.TrustedCertificateEntry.class)) { - kssave = addTrustedCert(importAlias, inStream); - if (kssave) { - System.err.println(rb.getString - ("Certificate.was.added.to.keystore")); - } else { - System.err.println(rb.getString - ("Certificate.was.not.added.to.keystore")); - } - } - } finally { - if (inStream != System.in) { - inStream.close(); - } - } - } else if (command == IMPORTKEYSTORE) { - doImportKeyStore(); - kssave = true; - } else if (command == KEYCLONE) { - keyPassNew = newPass; - - // added to make sure only key can go thru - if (alias == null) { - alias = keyAlias; - } - if (keyStore.containsAlias(alias) == false) { - MessageFormat form = new MessageFormat - (rb.getString("Alias.alias.does.not.exist")); - Object[] source = {alias}; - throw new Exception(form.format(source)); - } - if (!keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { - MessageFormat form = new MessageFormat(rb.getString( - "Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key")); - Object[] source = {alias}; - throw new Exception(form.format(source)); - } - - doCloneEntry(alias, dest, true); // Now everything can be cloned - kssave = true; - } else if (command == CHANGEALIAS) { - if (alias == null) { - alias = keyAlias; - } - doCloneEntry(alias, dest, false); - // in PKCS11, clone a PrivateKeyEntry will delete the old one - if (keyStore.containsAlias(alias)) { - doDeleteEntry(alias); - } - kssave = true; - } else if (command == KEYPASSWD) { - keyPassNew = newPass; - doChangeKeyPasswd(alias); - kssave = true; - } else if (command == LIST) { - if (alias != null) { - doPrintEntry(alias, out, true); - } else { - doPrintEntries(out); - } - } else if (command == PRINTCERT) { - doPrintCert(out); - } else if (command == SELFCERT) { - doSelfCert(alias, dname, sigAlgName); - kssave = true; - } else if (command == STOREPASSWD) { - storePassNew = newPass; - if (storePassNew == null) { - storePassNew = getNewPasswd("keystore password", storePass); - } - kssave = true; - } else if (command == GENCERT) { - if (alias == null) { - alias = keyAlias; - } - InputStream inStream = System.in; - if (infilename != null) { - inStream = new FileInputStream(infilename); - } - PrintStream ps = null; - if (outfilename != null) { - ps = new PrintStream(new FileOutputStream(outfilename)); - out = ps; - } - try { - doGenCert(alias, sigAlgName, inStream, out); - } finally { - if (inStream != System.in) { - inStream.close(); - } - if (ps != null) { - ps.close(); - } - } - } else if (command == GENCRL) { - if (alias == null) { - alias = keyAlias; - } - PrintStream ps = null; - if (filename != null) { - ps = new PrintStream(new FileOutputStream(filename)); - out = ps; - } - try { - doGenCRL(out); - } finally { - if (ps != null) { - ps.close(); - } - } - } else if (command == PRINTCERTREQ) { - InputStream inStream = System.in; - if (filename != null) { - inStream = new FileInputStream(filename); - } - try { - doPrintCertReq(inStream, out); - } finally { - if (inStream != System.in) { - inStream.close(); - } - } - } else if (command == PRINTCRL) { - doPrintCRL(filename, out); - } - - // If we need to save the keystore, do so. - if (kssave) { - if (verbose) { - MessageFormat form = new MessageFormat - (rb.getString(".Storing.ksfname.")); - Object[] source = {nullStream ? "keystore" : ksfname}; - System.err.println(form.format(source)); - } - - if (token) { - keyStore.store(null, null); - } else { - char[] pass = (storePassNew!=null) ? storePassNew : storePass; - if (nullStream) { - keyStore.store(null, pass); - } else { - ByteArrayOutputStream bout = new ByteArrayOutputStream(); - keyStore.store(bout, pass); - try (FileOutputStream fout = new FileOutputStream(ksfname)) { - fout.write(bout.toByteArray()); - } - } - } - } - } - - /** - * Generate a certificate: Read PKCS10 request from in, and print - * certificate to out. Use alias as CA, sigAlgName as the signature - * type. - */ - private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStream out) - throws Exception { - - - Certificate signerCert = keyStore.getCertificate(alias); - byte[] encoded = signerCert.getEncoded(); - X509CertImpl signerCertImpl = new X509CertImpl(encoded); - X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); - X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." + - CertificateSubjectName.DN_NAME); - - Date firstDate = getStartDate(startDate); - Date lastDate = new Date(); - lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L); - CertificateValidity interval = new CertificateValidity(firstDate, - lastDate); - - PrivateKey privateKey = - (PrivateKey)recoverKey(alias, storePass, keyPass).fst; - if (sigAlgName == null) { - sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm()); - } - Signature signature = Signature.getInstance(sigAlgName); - signature.initSign(privateKey); - - X509CertInfo info = new X509CertInfo(); - info.set(X509CertInfo.VALIDITY, interval); - info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( - new java.util.Random().nextInt() & 0x7fffffff)); - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); - info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( - AlgorithmId.getAlgorithmId(sigAlgName))); - info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer)); - - BufferedReader reader = new BufferedReader(new InputStreamReader(in)); - boolean canRead = false; - StringBuffer sb = new StringBuffer(); - while (true) { - String s = reader.readLine(); - if (s == null) break; - // OpenSSL does not use NEW - //if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) { - if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) { - canRead = true; - //} else if (s.startsWith("-----END NEW CERTIFICATE REQUEST-----")) { - } else if (s.startsWith("-----END") && s.indexOf("REQUEST") >= 0) { - break; - } else if (canRead) { - sb.append(s); - } - } - byte[] rawReq = new BASE64Decoder().decodeBuffer(new String(sb)); - PKCS10 req = new PKCS10(rawReq); - - info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo())); - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( - dname==null?req.getSubjectName():new X500Name(dname))); - CertificateExtensions reqex = null; - Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator(); - while (attrs.hasNext()) { - PKCS10Attribute attr = attrs.next(); - if (attr.getAttributeId().equals(PKCS9Attribute.EXTENSION_REQUEST_OID)) { - reqex = (CertificateExtensions)attr.getAttributeValue(); - } - } - CertificateExtensions ext = createV3Extensions( - reqex, - null, - v3ext, - req.getSubjectPublicKeyInfo(), - signerCert.getPublicKey()); - info.set(X509CertInfo.EXTENSIONS, ext); - X509CertImpl cert = new X509CertImpl(info); - cert.sign(privateKey, sigAlgName); - dumpCert(cert, out); - for (Certificate ca: keyStore.getCertificateChain(alias)) { - if (ca instanceof X509Certificate) { - X509Certificate xca = (X509Certificate)ca; - if (!isSelfSigned(xca)) { - dumpCert(xca, out); - } - } - } - } - - private void doGenCRL(PrintStream out) - throws Exception { - if (ids == null) { - throw new Exception("Must provide -id when -gencrl"); - } - Certificate signerCert = keyStore.getCertificate(alias); - byte[] encoded = signerCert.getEncoded(); - X509CertImpl signerCertImpl = new X509CertImpl(encoded); - X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); - X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." + - CertificateSubjectName.DN_NAME); - - Date firstDate = getStartDate(startDate); - Date lastDate = (Date) firstDate.clone(); - lastDate.setTime(lastDate.getTime() + (long)validity*1000*24*60*60); - CertificateValidity interval = new CertificateValidity(firstDate, - lastDate); - - - PrivateKey privateKey = - (PrivateKey)recoverKey(alias, storePass, keyPass).fst; - if (sigAlgName == null) { - sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm()); - } - - X509CRLEntry[] badCerts = new X509CRLEntry[ids.size()]; - for (int i=0; i<ids.size(); i++) { - String id = ids.get(i); - int d = id.indexOf(':'); - if (d >= 0) { - CRLExtensions ext = new CRLExtensions(); - ext.set("Reason", new CRLReasonCodeExtension(Integer.parseInt(id.substring(d+1)))); - badCerts[i] = new X509CRLEntryImpl(new BigInteger(id.substring(0, d)), - firstDate, ext); - } else { - badCerts[i] = new X509CRLEntryImpl(new BigInteger(ids.get(i)), firstDate); - } - } - X509CRLImpl crl = new X509CRLImpl(owner, firstDate, lastDate, badCerts); - crl.sign(privateKey, sigAlgName); - if (rfc) { - out.println("-----BEGIN X509 CRL-----"); - new BASE64Encoder().encodeBuffer(crl.getEncodedInternal(), out); - out.println("-----END X509 CRL-----"); - } else { - out.write(crl.getEncodedInternal()); - } - } - - /** - * Creates a PKCS#10 cert signing request, corresponding to the - * keys (and name) associated with a given alias. - */ - private void doCertReq(String alias, String sigAlgName, PrintStream out) - throws Exception - { - if (alias == null) { - alias = keyAlias; - } - - Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass); - PrivateKey privKey = (PrivateKey)objs.fst; - if (keyPass == null) { - keyPass = objs.snd; - } - - Certificate cert = keyStore.getCertificate(alias); - if (cert == null) { - MessageFormat form = new MessageFormat - (rb.getString("alias.has.no.public.key.certificate.")); - Object[] source = {alias}; - throw new Exception(form.format(source)); - } - PKCS10 request = new PKCS10(cert.getPublicKey()); - CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null); - // Attribute name is not significant - request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS, - new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext)); - - // Construct a Signature object, so that we can sign the request - if (sigAlgName == null) { - sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm()); - } - - Signature signature = Signature.getInstance(sigAlgName); - signature.initSign(privKey); - X500Name subject = dname == null? - new X500Name(((X509Certificate)cert).getSubjectDN().toString()): - new X500Name(dname); - - // Sign the request and base-64 encode it - request.encodeAndSign(subject, signature); - request.print(out); - } - - /** - * Deletes an entry from the keystore. - */ - private void doDeleteEntry(String alias) throws Exception { - if (keyStore.containsAlias(alias) == false) { - MessageFormat form = new MessageFormat - (rb.getString("Alias.alias.does.not.exist")); - Object[] source = {alias}; - throw new Exception(form.format(source)); - } - keyStore.deleteEntry(alias); - } - - /** - * Exports a certificate from the keystore. - */ - private void doExportCert(String alias, PrintStream out) - throws Exception - { - if (storePass == null - && !KeyStoreUtil.isWindowsKeyStore(storetype)) { - printWarning(); - } - if (alias == null) { - alias = keyAlias; - } - if (keyStore.containsAlias(alias) == false) { - MessageFormat form = new MessageFormat - (rb.getString("Alias.alias.does.not.exist")); - Object[] source = {alias}; - throw new Exception(form.format(source)); - } - - X509Certificate cert = (X509Certificate)keyStore.getCertificate(alias); - if (cert == null) { - MessageFormat form = new MessageFormat - (rb.getString("Alias.alias.has.no.certificate")); - Object[] source = {alias}; - throw new Exception(form.format(source)); - } - dumpCert(cert, out); - } - - /** - * Prompt the user for a keypass when generating a key entry. - * @param alias the entry we will set password for - * @param orig the original entry of doing a dup, null if generate new - * @param origPass the password to copy from if user press ENTER - */ - private char[] promptForKeyPass(String alias, String orig, char[] origPass) throws Exception{ - if (P12KEYSTORE.equalsIgnoreCase(storetype)) { - return origPass; - } else if (!token && !protectedPath) { - // Prompt for key password - int count; - for (count = 0; count < 3; count++) { - MessageFormat form = new MessageFormat(rb.getString - ("Enter.key.password.for.alias.")); - Object[] source = {alias}; - System.err.println(form.format(source)); - if (orig == null) { - System.err.print(rb.getString - (".RETURN.if.same.as.keystore.password.")); - } else { - form = new MessageFormat(rb.getString - (".RETURN.if.same.as.for.otherAlias.")); - Object[] src = {orig}; - System.err.print(form.format(src)); - } - System.err.flush(); - char[] entered = Password.readPassword(System.in); - passwords.add(entered); - if (entered == null) { - return origPass; - } else if (entered.length >= 6) { - System.err.print(rb.getString("Re.enter.new.password.")); - char[] passAgain = Password.readPassword(System.in); - passwords.add(passAgain); - if (!Arrays.equals(entered, passAgain)) { - System.err.println - (rb.getString("They.don.t.match.Try.again")); - continue; - } - return entered; - } else { - System.err.println(rb.getString - ("Key.password.is.too.short.must.be.at.least.6.characters")); - } - } - if (count == 3) { - if (command == KEYCLONE) { - throw new Exception(rb.getString - ("Too.many.failures.Key.entry.not.cloned")); - } else { - throw new Exception(rb.getString - ("Too.many.failures.key.not.added.to.keystore")); - } - } - } - return null; // PKCS11, MSCAPI, or -protected - } - /** - * Creates a new secret key. - */ - private void doGenSecretKey(String alias, String keyAlgName, - int keysize) - throws Exception - { - if (alias == null) { - alias = keyAlias; - } - if (keyStore.containsAlias(alias)) { - MessageFormat form = new MessageFormat(rb.getString - ("Secret.key.not.generated.alias.alias.already.exists")); - Object[] source = {alias}; - throw new Exception(form.format(source)); - } - - SecretKey secKey = null; - KeyGenerator keygen = KeyGenerator.getInstance(keyAlgName); - if (keysize != -1) { - keygen.init(keysize); - } else if ("DES".equalsIgnoreCase(keyAlgName)) { - keygen.init(56); - } else if ("DESede".equalsIgnoreCase(keyAlgName)) { - keygen.init(168); - } else { - throw new Exception(rb.getString - ("Please.provide.keysize.for.secret.key.generation")); - } - - secKey = keygen.generateKey(); - if (keyPass == null) { - keyPass = promptForKeyPass(alias, null, storePass); - } - keyStore.setKeyEntry(alias, secKey, keyPass, null); - } - - /** - * If no signature algorithm was specified at the command line, - * we choose one that is compatible with the selected private key - */ - private static String getCompatibleSigAlgName(String keyAlgName) - throws Exception { - if ("DSA".equalsIgnoreCase(keyAlgName)) { - return "SHA1WithDSA"; - } else if ("RSA".equalsIgnoreCase(keyAlgName)) { - return "SHA256WithRSA"; - } else if ("EC".equalsIgnoreCase(keyAlgName)) { - return "SHA256withECDSA"; - } else { - throw new Exception(rb.getString - ("Cannot.derive.signature.algorithm")); - } - } - /** - * Creates a new key pair and self-signed certificate. - */ - private void doGenKeyPair(String alias, String dname, String keyAlgName, - int keysize, String sigAlgName) - throws Exception - { - if (keysize == -1) { - if ("EC".equalsIgnoreCase(keyAlgName)) { - keysize = 256; - } else if ("RSA".equalsIgnoreCase(keyAlgName)) { - keysize = 2048; - } else { - keysize = 1024; - } - } - - if (alias == null) { - alias = keyAlias; - } - - if (keyStore.containsAlias(alias)) { - MessageFormat form = new MessageFormat(rb.getString - ("Key.pair.not.generated.alias.alias.already.exists")); - Object[] source = {alias}; - throw new Exception(form.format(source)); - } - - if (sigAlgName == null) { - sigAlgName = getCompatibleSigAlgName(keyAlgName); - } - CertAndKeyGen keypair = - new CertAndKeyGen(keyAlgName, sigAlgName, providerName); - - - // If DN is provided, parse it. Otherwise, prompt the user for it. - X500Name x500Name; - if (dname == null) { - x500Name = getX500Name(); - } else { - x500Name = new X500Name(dname); - } - - keypair.generate(keysize); - PrivateKey privKey = keypair.getPrivateKey(); - - CertificateExtensions ext = createV3Extensions( - null, - null, - v3ext, - keypair.getPublicKeyAnyway(), - null); - - X509Certificate[] chain = new X509Certificate[1]; - chain[0] = keypair.getSelfCertificate( - x500Name, getStartDate(startDate), validity*24L*60L*60L, ext); - - if (verbose) { - MessageFormat form = new MessageFormat(rb.getString - ("Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for")); - Object[] source = {new Integer(keysize), - privKey.getAlgorithm(), - chain[0].getSigAlgName(), - new Long(validity), - x500Name}; - System.err.println(form.format(source)); - } - - if (keyPass == null) { - keyPass = promptForKeyPass(alias, null, storePass); - } - keyStore.setKeyEntry(alias, privKey, keyPass, chain); - } - - /** - * Clones an entry - * @param orig original alias - * @param dest destination alias - * @changePassword if the password can be changed - */ - private void doCloneEntry(String orig, String dest, boolean changePassword) - throws Exception - { - if (orig == null) { - orig = keyAlias; - } - - if (keyStore.containsAlias(dest)) { - MessageFormat form = new MessageFormat - (rb.getString("Destination.alias.dest.already.exists")); - Object[] source = {dest}; - throw new Exception(form.format(source)); - } - - Pair<Entry,char[]> objs = recoverEntry(keyStore, orig, storePass, keyPass); - Entry entry = objs.fst; - keyPass = objs.snd; - - PasswordProtection pp = null; - - if (keyPass != null) { // protected - if (!changePassword || P12KEYSTORE.equalsIgnoreCase(storetype)) { - keyPassNew = keyPass; - } else { - if (keyPassNew == null) { - keyPassNew = promptForKeyPass(dest, orig, keyPass); - } - } - pp = new PasswordProtection(keyPassNew); - } - keyStore.setEntry(dest, entry, pp); - } - - /** - * Changes a key password. - */ - private void doChangeKeyPasswd(String alias) throws Exception - { - - if (alias == null) { - alias = keyAlias; - } - Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass); - Key privKey = objs.fst; - if (keyPass == null) { - keyPass = objs.snd; - } - - if (keyPassNew == null) { - MessageFormat form = new MessageFormat - (rb.getString("key.password.for.alias.")); - Object[] source = {alias}; - keyPassNew = getNewPasswd(form.format(source), keyPass); - } - keyStore.setKeyEntry(alias, privKey, keyPassNew, - keyStore.getCertificateChain(alias)); - } - - /** - * Imports a JDK 1.1-style identity database. We can only store one - * certificate per identity, because we use the identity's name as the - * alias (which references a keystore entry), and aliases must be unique. - */ - private void doImportIdentityDatabase(InputStream in) - throws Exception - { - System.err.println(rb.getString - ("No.entries.from.identity.database.added")); - } - - /** - * Prints a single keystore entry. - */ - private void doPrintEntry(String alias, PrintStream out, - boolean printWarning) - throws Exception - { - if (storePass == null && printWarning - && !KeyStoreUtil.isWindowsKeyStore(storetype)) { - printWarning(); - } - - if (keyStore.containsAlias(alias) == false) { - MessageFormat form = new MessageFormat - (rb.getString("Alias.alias.does.not.exist")); - Object[] source = {alias}; - throw new Exception(form.format(source)); - } - - if (verbose || rfc || debug) { - MessageFormat form = new MessageFormat - (rb.getString("Alias.name.alias")); - Object[] source = {alias}; - out.println(form.format(source)); - - if (!token) { - form = new MessageFormat(rb.getString - ("Creation.date.keyStore.getCreationDate.alias.")); - Object[] src = {keyStore.getCreationDate(alias)}; - out.println(form.format(src)); - } - } else { - if (!token) { - MessageFormat form = new MessageFormat - (rb.getString("alias.keyStore.getCreationDate.alias.")); - Object[] source = {alias, keyStore.getCreationDate(alias)}; - out.print(form.format(source)); - } else { - MessageFormat form = new MessageFormat - (rb.getString("alias.")); - Object[] source = {alias}; - out.print(form.format(source)); - } - } - - if (keyStore.entryInstanceOf(alias, KeyStore.SecretKeyEntry.class)) { - if (verbose || rfc || debug) { - Object[] source = {"SecretKeyEntry"}; - out.println(new MessageFormat( - rb.getString("Entry.type.type.")).format(source)); - } else { - out.println("SecretKeyEntry, "); - } - } else if (keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { - if (verbose || rfc || debug) { - Object[] source = {"PrivateKeyEntry"}; - out.println(new MessageFormat( - rb.getString("Entry.type.type.")).format(source)); - } else { - out.println("PrivateKeyEntry, "); - } - - // Get the chain - Certificate[] chain = keyStore.getCertificateChain(alias); - if (chain != null) { - if (verbose || rfc || debug) { - out.println(rb.getString - ("Certificate.chain.length.") + chain.length); - for (int i = 0; i < chain.length; i ++) { - MessageFormat form = new MessageFormat - (rb.getString("Certificate.i.1.")); - Object[] source = {new Integer((i + 1))}; - out.println(form.format(source)); - if (verbose && (chain[i] instanceof X509Certificate)) { - printX509Cert((X509Certificate)(chain[i]), out); - } else if (debug) { - out.println(chain[i].toString()); - } else { - dumpCert(chain[i], out); - } - } - } else { - // Print the digest of the user cert only - out.println - (rb.getString("Certificate.fingerprint.SHA1.") + - getCertFingerPrint("SHA1", chain[0])); - } - } - } else if (keyStore.entryInstanceOf(alias, - KeyStore.TrustedCertificateEntry.class)) { - // We have a trusted certificate entry - Certificate cert = keyStore.getCertificate(alias); - Object[] source = {"trustedCertEntry"}; - String mf = new MessageFormat( - rb.getString("Entry.type.type.")).format(source) + "\n"; - if (verbose && (cert instanceof X509Certificate)) { - out.println(mf); - printX509Cert((X509Certificate)cert, out); - } else if (rfc) { - out.println(mf); - dumpCert(cert, out); - } else if (debug) { - out.println(cert.toString()); - } else { - out.println("trustedCertEntry, "); - out.println(rb.getString("Certificate.fingerprint.SHA1.") - + getCertFingerPrint("SHA1", cert)); - } - } else { - out.println(rb.getString("Unknown.Entry.Type")); - } - } - - /** - * Load the srckeystore from a stream, used in -importkeystore - * @returns the src KeyStore - */ - KeyStore loadSourceKeyStore() throws Exception { - boolean isPkcs11 = false; - - InputStream is = null; - - if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) || - KeyStoreUtil.isWindowsKeyStore(srcstoretype)) { - if (!NONE.equals(srcksfname)) { - System.err.println(MessageFormat.format(rb.getString - (".keystore.must.be.NONE.if.storetype.is.{0}"), srcstoretype)); - System.err.println(); - tinyHelp(); - } - isPkcs11 = true; - } else { - if (srcksfname != null) { - File srcksfile = new File(srcksfname); - if (srcksfile.exists() && srcksfile.length() == 0) { - throw new Exception(rb.getString - ("Source.keystore.file.exists.but.is.empty.") + - srcksfname); - } - is = new FileInputStream(srcksfile); - } else { - throw new Exception(rb.getString - ("Please.specify.srckeystore")); - } - } - - KeyStore store; - try { - if (srcProviderName == null) { - store = KeyStore.getInstance(srcstoretype); - } else { - store = KeyStore.getInstance(srcstoretype, srcProviderName); - } - - if (srcstorePass == null - && !srcprotectedPath - && !KeyStoreUtil.isWindowsKeyStore(srcstoretype)) { - System.err.print(rb.getString("Enter.source.keystore.password.")); - System.err.flush(); - srcstorePass = Password.readPassword(System.in); - passwords.add(srcstorePass); - } - - // always let keypass be storepass when using pkcs12 - if (P12KEYSTORE.equalsIgnoreCase(srcstoretype)) { - if (srckeyPass != null && srcstorePass != null && - !Arrays.equals(srcstorePass, srckeyPass)) { - MessageFormat form = new MessageFormat(rb.getString( - "Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.")); - Object[] source = {"-srckeypass"}; - System.err.println(form.format(source)); - srckeyPass = srcstorePass; - } - } - - store.load(is, srcstorePass); // "is" already null in PKCS11 - } finally { - if (is != null) { - is.close(); - } - } - - if (srcstorePass == null - && !KeyStoreUtil.isWindowsKeyStore(srcstoretype)) { - // anti refactoring, copied from printWarning(), - // but change 2 lines - System.err.println(); - System.err.println(rb.getString - (".WARNING.WARNING.WARNING.")); - System.err.println(rb.getString - (".The.integrity.of.the.information.stored.in.the.srckeystore.")); - System.err.println(rb.getString - (".WARNING.WARNING.WARNING.")); - System.err.println(); - } - - return store; - } - - /** - * import all keys and certs from importkeystore. - * keep alias unchanged if no name conflict, otherwise, prompt. - * keep keypass unchanged for keys - */ - private void doImportKeyStore() throws Exception { - - if (alias != null) { - doImportKeyStoreSingle(loadSourceKeyStore(), alias); - } else { - if (dest != null || srckeyPass != null || destKeyPass != null) { - throw new Exception(rb.getString( - "if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified")); - } - doImportKeyStoreAll(loadSourceKeyStore()); - } - /* - * Information display rule of -importkeystore - * 1. inside single, shows failure - * 2. inside all, shows sucess - * 3. inside all where there is a failure, prompt for continue - * 4. at the final of all, shows summary - */ - } - - /** - * Import a single entry named alias from srckeystore - * @returns 1 if the import action succeed - * 0 if user choose to ignore an alias-dumplicated entry - * 2 if setEntry throws Exception - */ - private int doImportKeyStoreSingle(KeyStore srckeystore, String alias) - throws Exception { - - String newAlias = (dest==null) ? alias : dest; - - if (keyStore.containsAlias(newAlias)) { - Object[] source = {alias}; - if (noprompt) { - System.err.println(new MessageFormat(rb.getString( - "Warning.Overwriting.existing.alias.alias.in.destination.keystore")).format(source)); - } else { - String reply = getYesNoReply(new MessageFormat(rb.getString( - "Existing.entry.alias.alias.exists.overwrite.no.")).format(source)); - if ("NO".equals(reply)) { - newAlias = inputStringFromStdin(rb.getString - ("Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.")); - if ("".equals(newAlias)) { - System.err.println(new MessageFormat(rb.getString( - "Entry.for.alias.alias.not.imported.")).format( - source)); - return 0; - } - } - } - } - - Pair<Entry,char[]> objs = recoverEntry(srckeystore, alias, srcstorePass, srckeyPass); - Entry entry = objs.fst; - - PasswordProtection pp = null; - - // According to keytool.html, "The destination entry will be protected - // using destkeypass. If destkeypass is not provided, the destination - // entry will be protected with the source entry password." - // so always try to protect with destKeyPass. - if (destKeyPass != null) { - pp = new PasswordProtection(destKeyPass); - } else if (objs.snd != null) { - pp = new PasswordProtection(objs.snd); - } - - try { - keyStore.setEntry(newAlias, entry, pp); - return 1; - } catch (KeyStoreException kse) { - Object[] source2 = {alias, kse.toString()}; - MessageFormat form = new MessageFormat(rb.getString( - "Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.")); - System.err.println(form.format(source2)); - return 2; - } - } - - private void doImportKeyStoreAll(KeyStore srckeystore) throws Exception { - - int ok = 0; - int count = srckeystore.size(); - for (Enumeration<String> e = srckeystore.aliases(); - e.hasMoreElements(); ) { - String alias = e.nextElement(); - int result = doImportKeyStoreSingle(srckeystore, alias); - if (result == 1) { - ok++; - Object[] source = {alias}; - MessageFormat form = new MessageFormat(rb.getString("Entry.for.alias.alias.successfully.imported.")); - System.err.println(form.format(source)); - } else if (result == 2) { - if (!noprompt) { - String reply = getYesNoReply("Do you want to quit the import process? [no]: "); - if ("YES".equals(reply)) { - break; - } - } - } - } - Object[] source = {ok, count-ok}; - MessageFormat form = new MessageFormat(rb.getString( - "Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled")); - System.err.println(form.format(source)); - } - - /** - * Prints all keystore entries. - */ - private void doPrintEntries(PrintStream out) - throws Exception - { - if (storePass == null - && !KeyStoreUtil.isWindowsKeyStore(storetype)) { - printWarning(); - } else { - out.println(); - } - - out.println(rb.getString("Keystore.type.") + keyStore.getType()); - out.println(rb.getString("Keystore.provider.") + - keyStore.getProvider().getName()); - out.println(); - - MessageFormat form; - form = (keyStore.size() == 1) ? - new MessageFormat(rb.getString - ("Your.keystore.contains.keyStore.size.entry")) : - new MessageFormat(rb.getString - ("Your.keystore.contains.keyStore.size.entries")); - Object[] source = {new Integer(keyStore.size())}; - out.println(form.format(source)); - out.println(); - - for (Enumeration<String> e = keyStore.aliases(); - e.hasMoreElements(); ) { - String alias = e.nextElement(); - doPrintEntry(alias, out, false); - if (verbose || rfc) { - out.println(rb.getString("NEWLINE")); - out.println(rb.getString - ("STAR")); - out.println(rb.getString - ("STARNN")); - } - } - } - - private static <T> Iterable<T> e2i(final Enumeration<T> e) { - return new Iterable<T>() { - @Override - public Iterator<T> iterator() { - return new Iterator<T>() { - @Override - public boolean hasNext() { - return e.hasMoreElements(); - } - @Override - public T next() { - return e.nextElement(); - } - public void remove() { - throw new UnsupportedOperationException("Not supported yet."); - } - }; - } - }; - } - - /** - * Loads CRLs from a source. This method is also called in JarSigner. - * @param src the source, which means System.in if null, or a URI, - * or a bare file path name - */ - public static Collection<? extends CRL> loadCRLs(String src) throws Exception { - InputStream in = null; - URI uri = null; - if (src == null) { - in = System.in; - } else { - try { - uri = new URI(src); - if (uri.getScheme().equals("ldap")) { - // No input stream for LDAP - } else { - in = uri.toURL().openStream(); - } - } catch (Exception e) { - try { - in = new FileInputStream(src); - } catch (Exception e2) { - if (uri == null || uri.getScheme() == null) { - throw e2; // More likely a bare file path - } else { - throw e; // More likely a protocol or network problem - } - } - } - } - if (in != null) { - try { - // Read the full stream before feeding to X509Factory, - // otherwise, keytool -gencrl | keytool -printcrl - // might not work properly, since -gencrl is slow - // and there's no data in the pipe at the beginning. - ByteArrayOutputStream bout = new ByteArrayOutputStream(); - byte[] b = new byte[4096]; - while (true) { - int len = in.read(b); - if (len < 0) break; - bout.write(b, 0, len); - } - return CertificateFactory.getInstance("X509").generateCRLs( - new ByteArrayInputStream(bout.toByteArray())); - } finally { - if (in != System.in) { - in.close(); - } - } - } else { // must be LDAP, and uri is not null - String path = uri.getPath(); - if (path.charAt(0) == '/') path = path.substring(1); - LDAPCertStoreHelper h = new LDAPCertStoreHelper(); - CertStore s = h.getCertStore(uri); - X509CRLSelector sel = - h.wrap(new X509CRLSelector(), null, path); - return s.getCRLs(sel); - } - } - - /** - * Returns CRLs described in a X509Certificate's CRLDistributionPoints - * Extension. Only those containing a general name of type URI are read. - */ - public static List<CRL> readCRLsFromCert(X509Certificate cert) - throws Exception { - List<CRL> crls = new ArrayList<>(); - CRLDistributionPointsExtension ext = - X509CertImpl.toImpl(cert).getCRLDistributionPointsExtension(); - if (ext == null) return crls; - for (DistributionPoint o: (List<DistributionPoint>) - ext.get(CRLDistributionPointsExtension.POINTS)) { - GeneralNames names = o.getFullName(); - if (names != null) { - for (GeneralName name: names.names()) { - if (name.getType() == GeneralNameInterface.NAME_URI) { - URIName uriName = (URIName)name.getName(); - for (CRL crl: KeyTool.loadCRLs(uriName.getName())) { - if (crl instanceof X509CRL) { - crls.add((X509CRL)crl); - } - } - break; // Different name should point to same CRL - } - } - } - } - return crls; - } - - private static String verifyCRL(KeyStore ks, CRL crl) - throws Exception { - X509CRLImpl xcrl = (X509CRLImpl)crl; - X500Principal issuer = xcrl.getIssuerX500Principal(); - for (String s: e2i(ks.aliases())) { - Certificate cert = ks.getCertificate(s); - if (cert instanceof X509Certificate) { - X509Certificate xcert = (X509Certificate)cert; - if (xcert.getSubjectX500Principal().equals(issuer)) { - try { - ((X509CRLImpl)crl).verify(cert.getPublicKey()); - return s; - } catch (Exception e) { - } - } - } - } - return null; - } - - private void doPrintCRL(String src, PrintStream out) - throws Exception { - for (CRL crl: loadCRLs(src)) { - printCRL(crl, out); - String issuer = null; - if (caks != null) { - issuer = verifyCRL(caks, crl); - if (issuer != null) { - System.out.println("Verified by " + issuer + " in cacerts"); - } - } - if (issuer == null && keyStore != null) { - issuer = verifyCRL(keyStore, crl); - if (issuer != null) { - System.out.println("Verified by " + issuer + " in keystore"); - } - } - if (issuer == null) { - out.println(rb.getString - ("STAR")); - out.println("WARNING: not verified. Make sure -keystore and -alias are correct."); - out.println(rb.getString - ("STARNN")); - } - } - } - - private void printCRL(CRL crl, PrintStream out) - throws Exception { - if (rfc) { - X509CRL xcrl = (X509CRL)crl; - out.println("-----BEGIN X509 CRL-----"); - new BASE64Encoder().encodeBuffer(xcrl.getEncoded(), out); - out.println("-----END X509 CRL-----"); - } else { - out.println(crl.toString()); - } - } - - private void doPrintCertReq(InputStream in, PrintStream out) - throws Exception { - - BufferedReader reader = new BufferedReader(new InputStreamReader(in)); - StringBuffer sb = new StringBuffer(); - boolean started = false; - while (true) { - String s = reader.readLine(); - if (s == null) break; - if (!started) { - if (s.startsWith("-----")) { - started = true; - } - } else { - if (s.startsWith("-----")) { - break; - } - sb.append(s); - } - } - PKCS10 req = new PKCS10(new BASE64Decoder().decodeBuffer(new String(sb))); - - PublicKey pkey = req.getSubjectPublicKeyInfo(); - out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."), - req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm()); - for (PKCS10Attribute attr: req.getAttributes().getAttributes()) { - ObjectIdentifier oid = attr.getAttributeId(); - if (oid.equals(PKCS9Attribute.EXTENSION_REQUEST_OID)) { - CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue(); - if (exts != null) { - printExtensions(rb.getString("Extension.Request."), exts, out); - } - } else { - out.println(attr.getAttributeId()); - out.println(attr.getAttributeValue()); - } - } - if (debug) { - out.println(req); // Just to see more, say, public key length... - } - } - - /** - * Reads a certificate (or certificate chain) and prints its contents in - * a human readable format. - */ - private void printCertFromStream(InputStream in, PrintStream out) - throws Exception - { - Collection<? extends Certificate> c = null; - try { - c = cf.generateCertificates(in); - } catch (CertificateException ce) { - throw new Exception(rb.getString("Failed.to.parse.input"), ce); - } - if (c.isEmpty()) { - throw new Exception(rb.getString("Empty.input")); - } - Certificate[] certs = c.toArray(new Certificate[c.size()]); - for (int i=0; i<certs.length; i++) { - X509Certificate x509Cert = null; - try { - x509Cert = (X509Certificate)certs[i]; - } catch (ClassCastException cce) { - throw new Exception(rb.getString("Not.X.509.certificate")); - } - if (certs.length > 1) { - MessageFormat form = new MessageFormat - (rb.getString("Certificate.i.1.")); - Object[] source = {new Integer(i + 1)}; - out.println(form.format(source)); - } - if (rfc) dumpCert(x509Cert, out); - else printX509Cert(x509Cert, out); - if (i < (certs.length-1)) { - out.println(); - } - } - } - - private void doPrintCert(final PrintStream out) throws Exception { - if (jarfile != null) { - JarFile jf = new JarFile(jarfile, true); - Enumeration<JarEntry> entries = jf.entries(); - Set<CodeSigner> ss = new HashSet<>(); - byte[] buffer = new byte[8192]; - int pos = 0; - while (entries.hasMoreElements()) { - JarEntry je = entries.nextElement(); - InputStream is = null; - try { - is = jf.getInputStream(je); - while (is.read(buffer) != -1) { - // we just read. this will throw a SecurityException - // if a signature/digest check fails. This also - // populate the signers - } - } finally { - if (is != null) { - is.close(); - } - } - CodeSigner[] signers = je.getCodeSigners(); - if (signers != null) { - for (CodeSigner signer: signers) { - if (!ss.contains(signer)) { - ss.add(signer); - out.printf(rb.getString("Signer.d."), ++pos); - out.println(); - out.println(); - out.println(rb.getString("Signature.")); - out.println(); - for (Certificate cert: signer.getSignerCertPath().getCertificates()) { - X509Certificate x = (X509Certificate)cert; - if (rfc) { - out.println(rb.getString("Certificate.owner.") + x.getSubjectDN() + "\n"); - dumpCert(x, out); - } else { - printX509Cert(x, out); - } - out.println(); - } - Timestamp ts = signer.getTimestamp(); - if (ts != null) { - out.println(rb.getString("Timestamp.")); - out.println(); - for (Certificate cert: ts.getSignerCertPath().getCertificates()) { - X509Certificate x = (X509Certificate)cert; - if (rfc) { - out.println(rb.getString("Certificate.owner.") + x.getSubjectDN() + "\n"); - dumpCert(x, out); - } else { - printX509Cert(x, out); - } - out.println(); - } - } - } - } - } - } - jf.close(); - if (ss.size() == 0) { - out.println(rb.getString("Not.a.signed.jar.file")); - } - } else if (sslserver != null) { - SSLContext sc = SSLContext.getInstance("SSL"); - final boolean[] certPrinted = new boolean[1]; - sc.init(null, new TrustManager[] { - new X509ExtendedTrustManager() { - @Override - public X509Certificate[] getAcceptedIssuers() { - return new X509Certificate[0]; - } - @Override - public void checkClientTrusted( - X509Certificate[] certs, String authType) { - throw new UnsupportedOperationException(); - } - @Override - public void checkClientTrusted(X509Certificate[] chain, - String authType, Socket socket) - throws CertificateException { - throw new UnsupportedOperationException(); - } - @Override - public void checkClientTrusted(X509Certificate[] chain, - String authType, SSLEngine engine) throws - CertificateException { - throw new UnsupportedOperationException(); - } - @Override - public void checkServerTrusted( - X509Certificate[] certs, String authType) { - for (int i=0; i<certs.length; i++) { - X509Certificate cert = certs[i]; - try { - if (rfc) { - dumpCert(cert, out); - } else { - out.println("Certificate #" + i); - out.println("===================================="); - printX509Cert(cert, out); - out.println(); - } - } catch (Exception e) { - if (debug) { - e.printStackTrace(); - } - } - } - - // Set to true where there's something to print - if (certs.length > 0) { - certPrinted[0] = true; - } - } - @Override - public void checkServerTrusted(X509Certificate[] chain, - String authType, Socket socket) - throws CertificateException { - checkServerTrusted(chain, authType); - } - @Override - public void checkServerTrusted(X509Certificate[] chain, - String authType, SSLEngine engine) - throws CertificateException { - checkServerTrusted(chain, authType); - } - } - }, null); - HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); - HttpsURLConnection.setDefaultHostnameVerifier( - new HostnameVerifier() { - public boolean verify(String hostname, SSLSession session) { - return true; - } - }); - // HTTPS instead of raw SSL, so that -Dhttps.proxyHost and - // -Dhttps.proxyPort can be used. Since we only go through - // the handshake process, an HTTPS server is not needed. - // This program should be able to deal with any SSL-based - // network service. - Exception ex = null; - try { - new URL("https://" + sslserver).openConnection().connect(); - } catch (Exception e) { - ex = e; - } - // If the certs are not printed out, we consider it an error even - // if the URL connection is successful. - if (!certPrinted[0]) { - Exception e = new Exception( - rb.getString("No.certificate.from.the.SSL.server")); - if (ex != null) { - e.initCause(ex); - } - throw e; - } - } else { - InputStream inStream = System.in; - if (filename != null) { - inStream = new FileInputStream(filename); - } - try { - printCertFromStream(inStream, out); - } finally { - if (inStream != System.in) { - inStream.close(); - } - } - } - } - /** - * Creates a self-signed certificate, and stores it as a single-element - * certificate chain. - */ - private void doSelfCert(String alias, String dname, String sigAlgName) - throws Exception - { - if (alias == null) { - alias = keyAlias; - } - - Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass); - PrivateKey privKey = (PrivateKey)objs.fst; - if (keyPass == null) - keyPass = objs.snd; - - // Determine the signature algorithm - if (sigAlgName == null) { - sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm()); - } - - // Get the old certificate - Certificate oldCert = keyStore.getCertificate(alias); - if (oldCert == null) { - MessageFormat form = new MessageFormat - (rb.getString("alias.has.no.public.key")); - Object[] source = {alias}; - throw new Exception(form.format(source)); - } - if (!(oldCert instanceof X509Certificate)) { - MessageFormat form = new MessageFormat - (rb.getString("alias.has.no.X.509.certificate")); - Object[] source = {alias}; - throw new Exception(form.format(source)); - } - - // convert to X509CertImpl, so that we can modify selected fields - // (no public APIs available yet) - byte[] encoded = oldCert.getEncoded(); - X509CertImpl certImpl = new X509CertImpl(encoded); - X509CertInfo certInfo = (X509CertInfo)certImpl.get(X509CertImpl.NAME - + "." + - X509CertImpl.INFO); - - // Extend its validity - Date firstDate = getStartDate(startDate); - Date lastDate = new Date(); - lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L); - CertificateValidity interval = new CertificateValidity(firstDate, - lastDate); - certInfo.set(X509CertInfo.VALIDITY, interval); - - // Make new serial number - certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( - new java.util.Random().nextInt() & 0x7fffffff)); - - // Set owner and issuer fields - X500Name owner; - if (dname == null) { - // Get the owner name from the certificate - owner = (X500Name)certInfo.get(X509CertInfo.SUBJECT + "." + - CertificateSubjectName.DN_NAME); - } else { - // Use the owner name specified at the command line - owner = new X500Name(dname); - certInfo.set(X509CertInfo.SUBJECT + "." + - CertificateSubjectName.DN_NAME, owner); - } - // Make issuer same as owner (self-signed!) - certInfo.set(X509CertInfo.ISSUER + "." + - CertificateIssuerName.DN_NAME, owner); - - // The inner and outer signature algorithms have to match. - // The way we achieve that is really ugly, but there seems to be no - // other solution: We first sign the cert, then retrieve the - // outer sigalg and use it to set the inner sigalg - X509CertImpl newCert = new X509CertImpl(certInfo); - newCert.sign(privKey, sigAlgName); - AlgorithmId sigAlgid = (AlgorithmId)newCert.get(X509CertImpl.SIG_ALG); - certInfo.set(CertificateAlgorithmId.NAME + "." + - CertificateAlgorithmId.ALGORITHM, sigAlgid); - - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); - - CertificateExtensions ext = createV3Extensions( - null, - (CertificateExtensions)certInfo.get(X509CertInfo.EXTENSIONS), - v3ext, - oldCert.getPublicKey(), - null); - certInfo.set(X509CertInfo.EXTENSIONS, ext); - // Sign the new certificate - newCert = new X509CertImpl(certInfo); - newCert.sign(privKey, sigAlgName); - - // Store the new certificate as a single-element certificate chain - keyStore.setKeyEntry(alias, privKey, - (keyPass != null) ? keyPass : storePass, - new Certificate[] { newCert } ); - - if (verbose) { - System.err.println(rb.getString("New.certificate.self.signed.")); - System.err.print(newCert.toString()); - System.err.println(); - } - } - - /** - * Processes a certificate reply from a certificate authority. - * - * <p>Builds a certificate chain on top of the certificate reply, - * using trusted certificates from the keystore. The chain is complete - * after a self-signed certificate has been encountered. The self-signed - * certificate is considered a root certificate authority, and is stored - * at the end of the chain. - * - * <p>The newly generated chain replaces the old chain associated with the - * key entry. - * - * @return true if the certificate reply was installed, otherwise false. - */ - private boolean installReply(String alias, InputStream in) - throws Exception - { - if (alias == null) { - alias = keyAlias; - } - - Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass); - PrivateKey privKey = (PrivateKey)objs.fst; - if (keyPass == null) { - keyPass = objs.snd; - } - - Certificate userCert = keyStore.getCertificate(alias); - if (userCert == null) { - MessageFormat form = new MessageFormat - (rb.getString("alias.has.no.public.key.certificate.")); - Object[] source = {alias}; - throw new Exception(form.format(source)); - } - - // Read the certificates in the reply - Collection<? extends Certificate> c = cf.generateCertificates(in); - if (c.isEmpty()) { - throw new Exception(rb.getString("Reply.has.no.certificates")); - } - Certificate[] replyCerts = c.toArray(new Certificate[c.size()]); - Certificate[] newChain; - if (replyCerts.length == 1) { - // single-cert reply - newChain = establishCertChain(userCert, replyCerts[0]); - } else { - // cert-chain reply (e.g., PKCS#7) - newChain = validateReply(alias, userCert, replyCerts); - } - - // Now store the newly established chain in the keystore. The new - // chain replaces the old one. - if (newChain != null) { - keyStore.setKeyEntry(alias, privKey, - (keyPass != null) ? keyPass : storePass, - newChain); - return true; - } else { - return false; - } - } - - /** - * Imports a certificate and adds it to the list of trusted certificates. - * - * @return true if the certificate was added, otherwise false. - */ - private boolean addTrustedCert(String alias, InputStream in) - throws Exception - { - if (alias == null) { - throw new Exception(rb.getString("Must.specify.alias")); - } - if (keyStore.containsAlias(alias)) { - MessageFormat form = new MessageFormat(rb.getString - ("Certificate.not.imported.alias.alias.already.exists")); - Object[] source = {alias}; - throw new Exception(form.format(source)); - } - - // Read the certificate - X509Certificate cert = null; - try { - cert = (X509Certificate)cf.generateCertificate(in); - } catch (ClassCastException cce) { - throw new Exception(rb.getString("Input.not.an.X.509.certificate")); - } catch (CertificateException ce) { - throw new Exception(rb.getString("Input.not.an.X.509.certificate")); - } - - // if certificate is self-signed, make sure it verifies - boolean selfSigned = false; - if (isSelfSigned(cert)) { - cert.verify(cert.getPublicKey()); - selfSigned = true; - } - - if (noprompt) { - keyStore.setCertificateEntry(alias, cert); - return true; - } - - // check if cert already exists in keystore - String reply = null; - String trustalias = keyStore.getCertificateAlias(cert); - if (trustalias != null) { - MessageFormat form = new MessageFormat(rb.getString - ("Certificate.already.exists.in.keystore.under.alias.trustalias.")); - Object[] source = {trustalias}; - System.err.println(form.format(source)); - reply = getYesNoReply - (rb.getString("Do.you.still.want.to.add.it.no.")); - } else if (selfSigned) { - if (trustcacerts && (caks != null) && - ((trustalias=caks.getCertificateAlias(cert)) != null)) { - MessageFormat form = new MessageFormat(rb.getString - ("Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.")); - Object[] source = {trustalias}; - System.err.println(form.format(source)); - reply = getYesNoReply - (rb.getString("Do.you.still.want.to.add.it.to.your.own.keystore.no.")); - } - if (trustalias == null) { - // Print the cert and ask user if they really want to add - // it to their keystore - printX509Cert(cert, System.out); - reply = getYesNoReply - (rb.getString("Trust.this.certificate.no.")); - } - } - if (reply != null) { - if ("YES".equals(reply)) { - keyStore.setCertificateEntry(alias, cert); - return true; - } else { - return false; - } - } - - // Try to establish trust chain - try { - Certificate[] chain = establishCertChain(null, cert); - if (chain != null) { - keyStore.setCertificateEntry(alias, cert); - return true; - } - } catch (Exception e) { - // Print the cert and ask user if they really want to add it to - // their keystore - printX509Cert(cert, System.out); - reply = getYesNoReply - (rb.getString("Trust.this.certificate.no.")); - if ("YES".equals(reply)) { - keyStore.setCertificateEntry(alias, cert); - return true; - } else { - return false; - } - } - - return false; - } - - /** - * Prompts user for new password. New password must be different from - * old one. - * - * @param prompt the message that gets prompted on the screen - * @param oldPasswd the current (i.e., old) password - */ - private char[] getNewPasswd(String prompt, char[] oldPasswd) - throws Exception - { - char[] entered = null; - char[] reentered = null; - - for (int count = 0; count < 3; count++) { - MessageFormat form = new MessageFormat - (rb.getString("New.prompt.")); - Object[] source = {prompt}; - System.err.print(form.format(source)); - entered = Password.readPassword(System.in); - passwords.add(entered); - if (entered == null || entered.length < 6) { - System.err.println(rb.getString - ("Password.is.too.short.must.be.at.least.6.characters")); - } else if (Arrays.equals(entered, oldPasswd)) { - System.err.println(rb.getString("Passwords.must.differ")); - } else { - form = new MessageFormat - (rb.getString("Re.enter.new.prompt.")); - Object[] src = {prompt}; - System.err.print(form.format(src)); - reentered = Password.readPassword(System.in); - passwords.add(reentered); - if (!Arrays.equals(entered, reentered)) { - System.err.println - (rb.getString("They.don.t.match.Try.again")); - } else { - Arrays.fill(reentered, ' '); - return entered; - } - } - if (entered != null) { - Arrays.fill(entered, ' '); - entered = null; - } - if (reentered != null) { - Arrays.fill(reentered, ' '); - reentered = null; - } - } - throw new Exception(rb.getString("Too.many.failures.try.later")); - } - - /** - * Prompts user for alias name. - * @param prompt the {0} of "Enter {0} alias name: " in prompt line - * @returns the string entered by the user, without the \n at the end - */ - private String getAlias(String prompt) throws Exception { - if (prompt != null) { - MessageFormat form = new MessageFormat - (rb.getString("Enter.prompt.alias.name.")); - Object[] source = {prompt}; - System.err.print(form.format(source)); - } else { - System.err.print(rb.getString("Enter.alias.name.")); - } - return (new BufferedReader(new InputStreamReader( - System.in))).readLine(); - } - - /** - * Prompts user for an input string from the command line (System.in) - * @prompt the prompt string printed - * @returns the string entered by the user, without the \n at the end - */ - private String inputStringFromStdin(String prompt) throws Exception { - System.err.print(prompt); - return (new BufferedReader(new InputStreamReader( - System.in))).readLine(); - } - - /** - * Prompts user for key password. User may select to choose the same - * password (<code>otherKeyPass</code>) as for <code>otherAlias</code>. - */ - private char[] getKeyPasswd(String alias, String otherAlias, - char[] otherKeyPass) - throws Exception - { - int count = 0; - char[] keyPass = null; - - do { - if (otherKeyPass != null) { - MessageFormat form = new MessageFormat(rb.getString - ("Enter.key.password.for.alias.")); - Object[] source = {alias}; - System.err.println(form.format(source)); - - form = new MessageFormat(rb.getString - (".RETURN.if.same.as.for.otherAlias.")); - Object[] src = {otherAlias}; - System.err.print(form.format(src)); - } else { - MessageFormat form = new MessageFormat(rb.getString - ("Enter.key.password.for.alias.")); - Object[] source = {alias}; - System.err.print(form.format(source)); - } - System.err.flush(); - keyPass = Password.readPassword(System.in); - passwords.add(keyPass); - if (keyPass == null) { - keyPass = otherKeyPass; - } - count++; - } while ((keyPass == null) && count < 3); - - if (keyPass == null) { - throw new Exception(rb.getString("Too.many.failures.try.later")); - } - - return keyPass; - } - - /** - * Prints a certificate in a human readable format. - */ - private void printX509Cert(X509Certificate cert, PrintStream out) - throws Exception - { - /* - out.println("Owner: " - + cert.getSubjectDN().toString() - + "\n" - + "Issuer: " - + cert.getIssuerDN().toString() - + "\n" - + "Serial number: " + cert.getSerialNumber().toString(16) - + "\n" - + "Valid from: " + cert.getNotBefore().toString() - + " until: " + cert.getNotAfter().toString() - + "\n" - + "Certificate fingerprints:\n" - + "\t MD5: " + getCertFingerPrint("MD5", cert) - + "\n" - + "\t SHA1: " + getCertFingerPrint("SHA1", cert)); - */ - - MessageFormat form = new MessageFormat - (rb.getString(".PATTERN.printX509Cert")); - Object[] source = {cert.getSubjectDN().toString(), - cert.getIssuerDN().toString(), - cert.getSerialNumber().toString(16), - cert.getNotBefore().toString(), - cert.getNotAfter().toString(), - getCertFingerPrint("MD5", cert), - getCertFingerPrint("SHA1", cert), - getCertFingerPrint("SHA-256", cert), - cert.getSigAlgName(), - cert.getVersion() - }; - out.println(form.format(source)); - - if (cert instanceof X509CertImpl) { - X509CertImpl impl = (X509CertImpl)cert; - X509CertInfo certInfo = (X509CertInfo)impl.get(X509CertImpl.NAME - + "." + - X509CertImpl.INFO); - CertificateExtensions exts = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); - if (exts != null) { - printExtensions(rb.getString("Extensions."), exts, out); - } - } - } - - private static void printExtensions(String title, CertificateExtensions exts, PrintStream out) - throws Exception { - int extnum = 0; - Iterator<Extension> i1 = exts.getAllExtensions().iterator(); - Iterator<Extension> i2 = exts.getUnparseableExtensions().values().iterator(); - while (i1.hasNext() || i2.hasNext()) { - Extension ext = i1.hasNext()?i1.next():i2.next(); - if (extnum == 0) { - out.println(); - out.println(title); - out.println(); - } - out.print("#"+(++extnum)+": "+ ext); - if (ext.getClass() == Extension.class) { - byte[] v = ext.getExtensionValue(); - if (v.length == 0) { - out.println(rb.getString(".Empty.value.")); - } else { - new sun.misc.HexDumpEncoder().encodeBuffer(ext.getExtensionValue(), out); - out.println(); - } - } - out.println(); - } - } - - /** - * Returns true if the certificate is self-signed, false otherwise. - */ - private boolean isSelfSigned(X509Certificate cert) { - return signedBy(cert, cert); - } - - private boolean signedBy(X509Certificate end, X509Certificate ca) { - if (!ca.getSubjectDN().equals(end.getIssuerDN())) { - return false; - } - try { - end.verify(ca.getPublicKey()); - return true; - } catch (Exception e) { - return false; - } - } - - /** - * Locates a signer for a given certificate from a given keystore and - * returns the signer's certificate. - * @param cert the certificate whose signer is searched, not null - * @param ks the keystore to search with, not null - * @return <code>cert</code> itself if it's already inside <code>ks</code>, - * or a certificate inside <code>ks</code> who signs <code>cert</code>, - * or null otherwise. - */ - private static Certificate getTrustedSigner(Certificate cert, KeyStore ks) - throws Exception { - if (ks.getCertificateAlias(cert) != null) { - return cert; - } - for (Enumeration<String> aliases = ks.aliases(); - aliases.hasMoreElements(); ) { - String name = aliases.nextElement(); - Certificate trustedCert = ks.getCertificate(name); - if (trustedCert != null) { - try { - cert.verify(trustedCert.getPublicKey()); - return trustedCert; - } catch (Exception e) { - // Not verified, skip to the next one - } - } - } - return null; - } - - /** - * Gets an X.500 name suitable for inclusion in a certification request. - */ - private X500Name getX500Name() throws IOException { - BufferedReader in; - in = new BufferedReader(new InputStreamReader(System.in)); - String commonName = "Unknown"; - String organizationalUnit = "Unknown"; - String organization = "Unknown"; - String city = "Unknown"; - String state = "Unknown"; - String country = "Unknown"; - X500Name name; - String userInput = null; - - int maxRetry = 20; - do { - if (maxRetry-- < 0) { - throw new RuntimeException(rb.getString( - "Too.many.retries.program.terminated")); - } - commonName = inputString(in, - rb.getString("What.is.your.first.and.last.name."), - commonName); - organizationalUnit = inputString(in, - rb.getString - ("What.is.the.name.of.your.organizational.unit."), - organizationalUnit); - organization = inputString(in, - rb.getString("What.is.the.name.of.your.organization."), - organization); - city = inputString(in, - rb.getString("What.is.the.name.of.your.City.or.Locality."), - city); - state = inputString(in, - rb.getString("What.is.the.name.of.your.State.or.Province."), - state); - country = inputString(in, - rb.getString - ("What.is.the.two.letter.country.code.for.this.unit."), - country); - name = new X500Name(commonName, organizationalUnit, organization, - city, state, country); - MessageFormat form = new MessageFormat - (rb.getString("Is.name.correct.")); - Object[] source = {name}; - userInput = inputString - (in, form.format(source), rb.getString("no")); - } while (collator.compare(userInput, rb.getString("yes")) != 0 && - collator.compare(userInput, rb.getString("y")) != 0); - - System.err.println(); - return name; - } - - private String inputString(BufferedReader in, String prompt, - String defaultValue) - throws IOException - { - System.err.println(prompt); - MessageFormat form = new MessageFormat - (rb.getString(".defaultValue.")); - Object[] source = {defaultValue}; - System.err.print(form.format(source)); - System.err.flush(); - - String value = in.readLine(); - if (value == null || collator.compare(value, "") == 0) { - value = defaultValue; - } - return value; - } - - /** - * Writes an X.509 certificate in base64 or binary encoding to an output - * stream. - */ - private void dumpCert(Certificate cert, PrintStream out) - throws IOException, CertificateException - { - if (rfc) { - BASE64Encoder encoder = new BASE64Encoder(); - out.println(X509Factory.BEGIN_CERT); - encoder.encodeBuffer(cert.getEncoded(), out); - out.println(X509Factory.END_CERT); - } else { - out.write(cert.getEncoded()); // binary - } - } - - /** - * Converts a byte to hex digit and writes to the supplied buffer - */ - private void byte2hex(byte b, StringBuffer buf) { - char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8', - '9', 'A', 'B', 'C', 'D', 'E', 'F' }; - int high = ((b & 0xf0) >> 4); - int low = (b & 0x0f); - buf.append(hexChars[high]); - buf.append(hexChars[low]); - } - - /** - * Converts a byte array to hex string - */ - private String toHexString(byte[] block) { - StringBuffer buf = new StringBuffer(); - int len = block.length; - for (int i = 0; i < len; i++) { - byte2hex(block[i], buf); - if (i < len-1) { - buf.append(":"); - } - } - return buf.toString(); - } - - /** - * Recovers (private) key associated with given alias. - * - * @return an array of objects, where the 1st element in the array is the - * recovered private key, and the 2nd element is the password used to - * recover it. - */ - private Pair<Key,char[]> recoverKey(String alias, char[] storePass, - char[] keyPass) - throws Exception - { - Key key = null; - - if (keyStore.containsAlias(alias) == false) { - MessageFormat form = new MessageFormat - (rb.getString("Alias.alias.does.not.exist")); - Object[] source = {alias}; - throw new Exception(form.format(source)); - } - if (!keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class) && - !keyStore.entryInstanceOf(alias, KeyStore.SecretKeyEntry.class)) { - MessageFormat form = new MessageFormat - (rb.getString("Alias.alias.has.no.key")); - Object[] source = {alias}; - throw new Exception(form.format(source)); - } - - if (keyPass == null) { - // Try to recover the key using the keystore password - try { - key = keyStore.getKey(alias, storePass); - - keyPass = storePass; - passwords.add(keyPass); - } catch (UnrecoverableKeyException e) { - // Did not work out, so prompt user for key password - if (!token) { - keyPass = getKeyPasswd(alias, null, null); - key = keyStore.getKey(alias, keyPass); - } else { - throw e; - } - } - } else { - key = keyStore.getKey(alias, keyPass); - } - - return Pair.of(key, keyPass); - } - - /** - * Recovers entry associated with given alias. - * - * @return an array of objects, where the 1st element in the array is the - * recovered entry, and the 2nd element is the password used to - * recover it (null if no password). - */ - private Pair<Entry,char[]> recoverEntry(KeyStore ks, - String alias, - char[] pstore, - char[] pkey) throws Exception { - - if (ks.containsAlias(alias) == false) { - MessageFormat form = new MessageFormat - (rb.getString("Alias.alias.does.not.exist")); - Object[] source = {alias}; - throw new Exception(form.format(source)); - } - - PasswordProtection pp = null; - Entry entry; - - try { - // First attempt to access entry without key password - // (PKCS11 entry or trusted certificate entry, for example) - - entry = ks.getEntry(alias, pp); - pkey = null; - } catch (UnrecoverableEntryException une) { - - if(P11KEYSTORE.equalsIgnoreCase(ks.getType()) || - KeyStoreUtil.isWindowsKeyStore(ks.getType())) { - // should not happen, but a possibility - throw une; - } - - // entry is protected - - if (pkey != null) { - - // try provided key password - - pp = new PasswordProtection(pkey); - entry = ks.getEntry(alias, pp); - - } else { - - // try store pass - - try { - pp = new PasswordProtection(pstore); - entry = ks.getEntry(alias, pp); - pkey = pstore; - } catch (UnrecoverableEntryException une2) { - if (P12KEYSTORE.equalsIgnoreCase(ks.getType())) { - - // P12 keystore currently does not support separate - // store and entry passwords - - throw une2; - } else { - - // prompt for entry password - - pkey = getKeyPasswd(alias, null, null); - pp = new PasswordProtection(pkey); - entry = ks.getEntry(alias, pp); - } - } - } - } - - return Pair.of(entry, pkey); - } - /** - * Gets the requested finger print of the certificate. - */ - private String getCertFingerPrint(String mdAlg, Certificate cert) - throws Exception - { - byte[] encCertInfo = cert.getEncoded(); - MessageDigest md = MessageDigest.getInstance(mdAlg); - byte[] digest = md.digest(encCertInfo); - return toHexString(digest); - } - - /** - * Prints warning about missing integrity check. - */ - private void printWarning() { - System.err.println(); - System.err.println(rb.getString - (".WARNING.WARNING.WARNING.")); - System.err.println(rb.getString - (".The.integrity.of.the.information.stored.in.your.keystore.")); - System.err.println(rb.getString - (".WARNING.WARNING.WARNING.")); - System.err.println(); - } - - /** - * Validates chain in certification reply, and returns the ordered - * elements of the chain (with user certificate first, and root - * certificate last in the array). - * - * @param alias the alias name - * @param userCert the user certificate of the alias - * @param replyCerts the chain provided in the reply - */ - private Certificate[] validateReply(String alias, - Certificate userCert, - Certificate[] replyCerts) - throws Exception - { - // order the certs in the reply (bottom-up). - // we know that all certs in the reply are of type X.509, because - // we parsed them using an X.509 certificate factory - int i; - PublicKey userPubKey = userCert.getPublicKey(); - for (i=0; i<replyCerts.length; i++) { - if (userPubKey.equals(replyCerts[i].getPublicKey())) { - break; - } - } - if (i == replyCerts.length) { - MessageFormat form = new MessageFormat(rb.getString - ("Certificate.reply.does.not.contain.public.key.for.alias.")); - Object[] source = {alias}; - throw new Exception(form.format(source)); - } - - Certificate tmpCert = replyCerts[0]; - replyCerts[0] = replyCerts[i]; - replyCerts[i] = tmpCert; - - X509Certificate thisCert = (X509Certificate)replyCerts[0]; - - for (i=1; i < replyCerts.length-1; i++) { - // find a cert in the reply who signs thisCert - int j; - for (j=i; j<replyCerts.length; j++) { - if (signedBy(thisCert, (X509Certificate)replyCerts[j])) { - tmpCert = replyCerts[i]; - replyCerts[i] = replyCerts[j]; - replyCerts[j] = tmpCert; - thisCert = (X509Certificate)replyCerts[i]; - break; - } - } - if (j == replyCerts.length) { - throw new Exception - (rb.getString("Incomplete.certificate.chain.in.reply")); - } - } - - if (noprompt) { - return replyCerts; - } - - // do we trust the cert at the top? - Certificate topCert = replyCerts[replyCerts.length-1]; - Certificate root = getTrustedSigner(topCert, keyStore); - if (root == null && trustcacerts && caks != null) { - root = getTrustedSigner(topCert, caks); - } - if (root == null) { - System.err.println(); - System.err.println - (rb.getString("Top.level.certificate.in.reply.")); - printX509Cert((X509Certificate)topCert, System.out); - System.err.println(); - System.err.print(rb.getString(".is.not.trusted.")); - String reply = getYesNoReply - (rb.getString("Install.reply.anyway.no.")); - if ("NO".equals(reply)) { - return null; - } - } else { - if (root != topCert) { - // append the root CA cert to the chain - Certificate[] tmpCerts = - new Certificate[replyCerts.length+1]; - System.arraycopy(replyCerts, 0, tmpCerts, 0, - replyCerts.length); - tmpCerts[tmpCerts.length-1] = root; - replyCerts = tmpCerts; - } - } - - return replyCerts; - } - - /** - * Establishes a certificate chain (using trusted certificates in the - * keystore), starting with the user certificate - * and ending at a self-signed certificate found in the keystore. - * - * @param userCert the user certificate of the alias - * @param certToVerify the single certificate provided in the reply - */ - private Certificate[] establishCertChain(Certificate userCert, - Certificate certToVerify) - throws Exception - { - if (userCert != null) { - // Make sure that the public key of the certificate reply matches - // the original public key in the keystore - PublicKey origPubKey = userCert.getPublicKey(); - PublicKey replyPubKey = certToVerify.getPublicKey(); - if (!origPubKey.equals(replyPubKey)) { - throw new Exception(rb.getString - ("Public.keys.in.reply.and.keystore.don.t.match")); - } - - // If the two certs are identical, we're done: no need to import - // anything - if (certToVerify.equals(userCert)) { - throw new Exception(rb.getString - ("Certificate.reply.and.certificate.in.keystore.are.identical")); - } - } - - // Build a hash table of all certificates in the keystore. - // Use the subject distinguished name as the key into the hash table. - // All certificates associated with the same subject distinguished - // name are stored in the same hash table entry as a vector. - Hashtable<Principal, Vector<Certificate>> certs = null; - if (keyStore.size() > 0) { - certs = new Hashtable<Principal, Vector<Certificate>>(11); - keystorecerts2Hashtable(keyStore, certs); - } - if (trustcacerts) { - if (caks!=null && caks.size()>0) { - if (certs == null) { - certs = new Hashtable<Principal, Vector<Certificate>>(11); - } - keystorecerts2Hashtable(caks, certs); - } - } - - // start building chain - Vector<Certificate> chain = new Vector<>(2); - if (buildChain((X509Certificate)certToVerify, chain, certs)) { - Certificate[] newChain = new Certificate[chain.size()]; - // buildChain() returns chain with self-signed root-cert first and - // user-cert last, so we need to invert the chain before we store - // it - int j=0; - for (int i=chain.size()-1; i>=0; i--) { - newChain[j] = chain.elementAt(i); - j++; - } - return newChain; - } else { - throw new Exception - (rb.getString("Failed.to.establish.chain.from.reply")); - } - } - - /** - * Recursively tries to establish chain from pool of trusted certs. - * - * @param certToVerify the cert that needs to be verified. - * @param chain the chain that's being built. - * @param certs the pool of trusted certs - * - * @return true if successful, false otherwise. - */ - private boolean buildChain(X509Certificate certToVerify, - Vector<Certificate> chain, - Hashtable<Principal, Vector<Certificate>> certs) { - Principal issuer = certToVerify.getIssuerDN(); - if (isSelfSigned(certToVerify)) { - // reached self-signed root cert; - // no verification needed because it's trusted. - chain.addElement(certToVerify); - return true; - } - - // Get the issuer's certificate(s) - Vector<Certificate> vec = certs.get(issuer); - if (vec == null) { - return false; - } - - // Try out each certificate in the vector, until we find one - // whose public key verifies the signature of the certificate - // in question. - for (Enumeration<Certificate> issuerCerts = vec.elements(); - issuerCerts.hasMoreElements(); ) { - X509Certificate issuerCert - = (X509Certificate)issuerCerts.nextElement(); - PublicKey issuerPubKey = issuerCert.getPublicKey(); - try { - certToVerify.verify(issuerPubKey); - } catch (Exception e) { - continue; - } - if (buildChain(issuerCert, chain, certs)) { - chain.addElement(certToVerify); - return true; - } - } - return false; - } - - /** - * Prompts user for yes/no decision. - * - * @return the user's decision, can only be "YES" or "NO" - */ - private String getYesNoReply(String prompt) - throws IOException - { - String reply = null; - int maxRetry = 20; - do { - if (maxRetry-- < 0) { - throw new RuntimeException(rb.getString( - "Too.many.retries.program.terminated")); - } - System.err.print(prompt); - System.err.flush(); - reply = (new BufferedReader(new InputStreamReader - (System.in))).readLine(); - if (collator.compare(reply, "") == 0 || - collator.compare(reply, rb.getString("n")) == 0 || - collator.compare(reply, rb.getString("no")) == 0) { - reply = "NO"; - } else if (collator.compare(reply, rb.getString("y")) == 0 || - collator.compare(reply, rb.getString("yes")) == 0) { - reply = "YES"; - } else { - System.err.println(rb.getString("Wrong.answer.try.again")); - reply = null; - } - } while (reply == null); - return reply; - } - - /** - * Returns the keystore with the configured CA certificates. - */ - public static KeyStore getCacertsKeyStore() - throws Exception - { - String sep = File.separator; - File file = new File(System.getProperty("java.home") + sep - + "lib" + sep + "security" + sep - + "cacerts"); - if (!file.exists()) { - return null; - } - FileInputStream fis = null; - KeyStore caks = null; - try { - fis = new FileInputStream(file); - caks = KeyStore.getInstance(JKS); - caks.load(fis, null); - } finally { - if (fis != null) { - fis.close(); - } - } - return caks; - } - - /** - * Stores the (leaf) certificates of a keystore in a hashtable. - * All certs belonging to the same CA are stored in a vector that - * in turn is stored in the hashtable, keyed by the CA's subject DN - */ - private void keystorecerts2Hashtable(KeyStore ks, - Hashtable<Principal, Vector<Certificate>> hash) - throws Exception { - - for (Enumeration<String> aliases = ks.aliases(); - aliases.hasMoreElements(); ) { - String alias = aliases.nextElement(); - Certificate cert = ks.getCertificate(alias); - if (cert != null) { - Principal subjectDN = ((X509Certificate)cert).getSubjectDN(); - Vector<Certificate> vec = hash.get(subjectDN); - if (vec == null) { - vec = new Vector<Certificate>(); - vec.addElement(cert); - } else { - if (!vec.contains(cert)) { - vec.addElement(cert); - } - } - hash.put(subjectDN, vec); - } - } - } - - /** - * Returns the issue time that's specified the -startdate option - * @param s the value of -startdate option - */ - private static Date getStartDate(String s) throws IOException { - Calendar c = new GregorianCalendar(); - if (s != null) { - IOException ioe = new IOException( - rb.getString("Illegal.startdate.value")); - int len = s.length(); - if (len == 0) { - throw ioe; - } - if (s.charAt(0) == '-' || s.charAt(0) == '+') { - // Form 1: ([+-]nnn[ymdHMS])+ - int start = 0; - while (start < len) { - int sign = 0; - switch (s.charAt(start)) { - case '+': sign = 1; break; - case '-': sign = -1; break; - default: throw ioe; - } - int i = start+1; - for (; i<len; i++) { - char ch = s.charAt(i); - if (ch < '0' || ch > '9') break; - } - if (i == start+1) throw ioe; - int number = Integer.parseInt(s.substring(start+1, i)); - if (i >= len) throw ioe; - int unit = 0; - switch (s.charAt(i)) { - case 'y': unit = Calendar.YEAR; break; - case 'm': unit = Calendar.MONTH; break; - case 'd': unit = Calendar.DATE; break; - case 'H': unit = Calendar.HOUR; break; - case 'M': unit = Calendar.MINUTE; break; - case 'S': unit = Calendar.SECOND; break; - default: throw ioe; - } - c.add(unit, sign * number); - start = i + 1; - } - } else { - // Form 2: [yyyy/mm/dd] [HH:MM:SS] - String date = null, time = null; - if (len == 19) { - date = s.substring(0, 10); - time = s.substring(11); - if (s.charAt(10) != ' ') - throw ioe; - } else if (len == 10) { - date = s; - } else if (len == 8) { - time = s; - } else { - throw ioe; - } - if (date != null) { - if (date.matches("\\d\\d\\d\\d\\/\\d\\d\\/\\d\\d")) { - c.set(Integer.valueOf(date.substring(0, 4)), - Integer.valueOf(date.substring(5, 7))-1, - Integer.valueOf(date.substring(8, 10))); - } else { - throw ioe; - } - } - if (time != null) { - if (time.matches("\\d\\d:\\d\\d:\\d\\d")) { - c.set(Calendar.HOUR_OF_DAY, Integer.valueOf(time.substring(0, 2))); - c.set(Calendar.MINUTE, Integer.valueOf(time.substring(0, 2))); - c.set(Calendar.SECOND, Integer.valueOf(time.substring(0, 2))); - c.set(Calendar.MILLISECOND, 0); - } else { - throw ioe; - } - } - } - } - return c.getTime(); - } - - /** - * Match a command (may be abbreviated) with a command set. - * @param s the command provided - * @param list the legal command set. If there is a null, commands after it - * are regarded experimental, which means they are supported but their - * existence should not be revealed to user. - * @return the position of a single match, or -1 if none matched - * @throws Exception if s is ambiguous - */ - private static int oneOf(String s, String... list) throws Exception { - int[] match = new int[list.length]; - int nmatch = 0; - int experiment = Integer.MAX_VALUE; - for (int i = 0; i<list.length; i++) { - String one = list[i]; - if (one == null) { - experiment = i; - continue; - } - if (one.toLowerCase(Locale.ENGLISH) - .startsWith(s.toLowerCase(Locale.ENGLISH))) { - match[nmatch++] = i; - } else { - StringBuffer sb = new StringBuffer(); - boolean first = true; - for (char c: one.toCharArray()) { - if (first) { - sb.append(c); - first = false; - } else { - if (!Character.isLowerCase(c)) { - sb.append(c); - } - } - } - if (sb.toString().equalsIgnoreCase(s)) { - match[nmatch++] = i; - } - } - } - if (nmatch == 0) { - return -1; - } else if (nmatch == 1) { - return match[0]; - } else { - // If multiple matches is in experimental commands, ignore them - if (match[1] > experiment) { - return match[0]; - } - StringBuffer sb = new StringBuffer(); - MessageFormat form = new MessageFormat(rb.getString - ("command.{0}.is.ambiguous.")); - Object[] source = {s}; - sb.append(form.format(source)); - sb.append("\n "); - for (int i=0; i<nmatch && match[i]<experiment; i++) { - sb.append(' '); - sb.append(list[match[i]]); - } - throw new Exception(sb.toString()); - } - } - - /** - * Create a GeneralName object from known types - * @param t one of 5 known types - * @param v value - * @return which one - */ - private GeneralName createGeneralName(String t, String v) - throws Exception { - GeneralNameInterface gn; - int p = oneOf(t, "EMAIL", "URI", "DNS", "IP", "OID"); - if (p < 0) { - throw new Exception(rb.getString( - "Unrecognized.GeneralName.type.") + t); - } - switch (p) { - case 0: gn = new RFC822Name(v); break; - case 1: gn = new URIName(v); break; - case 2: gn = new DNSName(v); break; - case 3: gn = new IPAddressName(v); break; - default: gn = new OIDName(v); break; //4 - } - return new GeneralName(gn); - } - - private static final String[] extSupported = { - "BasicConstraints", - "KeyUsage", - "ExtendedKeyUsage", - "SubjectAlternativeName", - "IssuerAlternativeName", - "SubjectInfoAccess", - "AuthorityInfoAccess", - null, - "CRLDistributionPoints", - }; - - private ObjectIdentifier findOidForExtName(String type) - throws Exception { - switch (oneOf(type, extSupported)) { - case 0: return PKIXExtensions.BasicConstraints_Id; - case 1: return PKIXExtensions.KeyUsage_Id; - case 2: return PKIXExtensions.ExtendedKeyUsage_Id; - case 3: return PKIXExtensions.SubjectAlternativeName_Id; - case 4: return PKIXExtensions.IssuerAlternativeName_Id; - case 5: return PKIXExtensions.SubjectInfoAccess_Id; - case 6: return PKIXExtensions.AuthInfoAccess_Id; - case 8: return PKIXExtensions.CRLDistributionPoints_Id; - default: return new ObjectIdentifier(type); - } - } - - /** - * Create X509v3 extensions from a string representation. Note that the - * SubjectKeyIdentifierExtension will always be created non-critical besides - * the extension requested in the <code>extstr</code> argument. - * - * @param reqex the requested extensions, can be null, used for -gencert - * @param ext the original extensions, can be null, used for -selfcert - * @param extstrs -ext values, Read keytool doc - * @param pkey the public key for the certificate - * @param akey the public key for the authority (issuer) - * @return the created CertificateExtensions - */ - private CertificateExtensions createV3Extensions( - CertificateExtensions reqex, - CertificateExtensions ext, - List <String> extstrs, - PublicKey pkey, - PublicKey akey) throws Exception { - - if (ext != null && reqex != null) { - // This should not happen - throw new Exception("One of request and original should be null."); - } - if (ext == null) ext = new CertificateExtensions(); - try { - // name{:critical}{=value} - // Honoring requested extensions - if (reqex != null) { - for(String extstr: extstrs) { - if (extstr.toLowerCase(Locale.ENGLISH).startsWith("honored=")) { - List<String> list = Arrays.asList( - extstr.toLowerCase(Locale.ENGLISH).substring(8).split(",")); - // First check existence of "all" - if (list.contains("all")) { - ext = reqex; // we know ext was null - } - // one by one for others - for (String item: list) { - if (item.equals("all")) continue; - - // add or remove - boolean add = true; - // -1, unchanged, 0 crtical, 1 non-critical - int action = -1; - String type = null; - if (item.startsWith("-")) { - add = false; - type = item.substring(1); - } else { - int colonpos = item.indexOf(':'); - if (colonpos >= 0) { - type = item.substring(0, colonpos); - action = oneOf(item.substring(colonpos+1), - "critical", "non-critical"); - if (action == -1) { - throw new Exception(rb.getString - ("Illegal.value.") + item); - } - } - } - String n = reqex.getNameByOid(findOidForExtName(type)); - if (add) { - Extension e = (Extension)reqex.get(n); - if (!e.isCritical() && action == 0 - || e.isCritical() && action == 1) { - e = Extension.newExtension( - e.getExtensionId(), - !e.isCritical(), - e.getExtensionValue()); - ext.set(n, e); - } - } else { - ext.delete(n); - } - } - break; - } - } - } - for(String extstr: extstrs) { - String name, value; - boolean isCritical = false; - - int eqpos = extstr.indexOf('='); - if (eqpos >= 0) { - name = extstr.substring(0, eqpos); - value = extstr.substring(eqpos+1); - } else { - name = extstr; - value = null; - } - - int colonpos = name.indexOf(':'); - if (colonpos >= 0) { - if (oneOf(name.substring(colonpos+1), "critical") == 0) { - isCritical = true; - } - name = name.substring(0, colonpos); - } - - if (name.equalsIgnoreCase("honored")) { - continue; - } - int exttype = oneOf(name, extSupported); - switch (exttype) { - case 0: // BC - int pathLen = -1; - boolean isCA = false; - if (value == null) { - isCA = true; - } else { - try { // the abbr format - pathLen = Integer.parseInt(value); - isCA = true; - } catch (NumberFormatException ufe) { - // ca:true,pathlen:1 - for (String part: value.split(",")) { - String[] nv = part.split(":"); - if (nv.length != 2) { - throw new Exception(rb.getString - ("Illegal.value.") + extstr); - } else { - if (nv[0].equalsIgnoreCase("ca")) { - isCA = Boolean.parseBoolean(nv[1]); - } else if (nv[0].equalsIgnoreCase("pathlen")) { - pathLen = Integer.parseInt(nv[1]); - } else { - throw new Exception(rb.getString - ("Illegal.value.") + extstr); - } - } - } - } - } - ext.set(BasicConstraintsExtension.NAME, - new BasicConstraintsExtension(isCritical, isCA, - pathLen)); - break; - case 1: // KU - if(value != null) { - boolean[] ok = new boolean[9]; - for (String s: value.split(",")) { - int p = oneOf(s, - "digitalSignature", // (0), - "nonRepudiation", // (1) - "keyEncipherment", // (2), - "dataEncipherment", // (3), - "keyAgreement", // (4), - "keyCertSign", // (5), - "cRLSign", // (6), - "encipherOnly", // (7), - "decipherOnly", // (8) - "contentCommitment" // also (1) - ); - if (p < 0) { - throw new Exception(rb.getString("Unknown.keyUsage.type.") + s); - } - if (p == 9) p = 1; - ok[p] = true; - } - KeyUsageExtension kue = new KeyUsageExtension(ok); - // The above KeyUsageExtension constructor does not - // allow isCritical value, so... - ext.set(KeyUsageExtension.NAME, Extension.newExtension( - kue.getExtensionId(), - isCritical, - kue.getExtensionValue())); - } else { - throw new Exception(rb.getString - ("Illegal.value.") + extstr); - } - break; - case 2: // EKU - if(value != null) { - Vector<ObjectIdentifier> v = new Vector<>(); - for (String s: value.split(",")) { - int p = oneOf(s, - "anyExtendedKeyUsage", - "serverAuth", //1 - "clientAuth", //2 - "codeSigning", //3 - "emailProtection", //4 - "", //5 - "", //6 - "", //7 - "timeStamping", //8 - "OCSPSigning" //9 - ); - if (p < 0) { - try { - v.add(new ObjectIdentifier(s)); - } catch (Exception e) { - throw new Exception(rb.getString( - "Unknown.extendedkeyUsage.type.") + s); - } - } else if (p == 0) { - v.add(new ObjectIdentifier("2.5.29.37.0")); - } else { - v.add(new ObjectIdentifier("1.3.6.1.5.5.7.3." + p)); - } - } - ext.set(ExtendedKeyUsageExtension.NAME, - new ExtendedKeyUsageExtension(isCritical, v)); - } else { - throw new Exception(rb.getString - ("Illegal.value.") + extstr); - } - break; - case 3: // SAN - case 4: // IAN - if(value != null) { - String[] ps = value.split(","); - GeneralNames gnames = new GeneralNames(); - for(String item: ps) { - colonpos = item.indexOf(':'); - if (colonpos < 0) { - throw new Exception("Illegal item " + item + " in " + extstr); - } - String t = item.substring(0, colonpos); - String v = item.substring(colonpos+1); - gnames.add(createGeneralName(t, v)); - } - if (exttype == 3) { - ext.set(SubjectAlternativeNameExtension.NAME, - new SubjectAlternativeNameExtension( - isCritical, gnames)); - } else { - ext.set(IssuerAlternativeNameExtension.NAME, - new IssuerAlternativeNameExtension( - isCritical, gnames)); - } - } else { - throw new Exception(rb.getString - ("Illegal.value.") + extstr); - } - break; - case 5: // SIA, always non-critical - case 6: // AIA, always non-critical - if (isCritical) { - throw new Exception(rb.getString( - "This.extension.cannot.be.marked.as.critical.") + extstr); - } - if(value != null) { - List<AccessDescription> accessDescriptions = - new ArrayList<>(); - String[] ps = value.split(","); - for(String item: ps) { - colonpos = item.indexOf(':'); - int colonpos2 = item.indexOf(':', colonpos+1); - if (colonpos < 0 || colonpos2 < 0) { - throw new Exception(rb.getString - ("Illegal.value.") + extstr); - } - String m = item.substring(0, colonpos); - String t = item.substring(colonpos+1, colonpos2); - String v = item.substring(colonpos2+1); - int p = oneOf(m, - "", - "ocsp", //1 - "caIssuers", //2 - "timeStamping", //3 - "", - "caRepository" //5 - ); - ObjectIdentifier oid; - if (p < 0) { - try { - oid = new ObjectIdentifier(m); - } catch (Exception e) { - throw new Exception(rb.getString( - "Unknown.AccessDescription.type.") + m); - } - } else { - oid = new ObjectIdentifier("1.3.6.1.5.5.7.48." + p); - } - accessDescriptions.add(new AccessDescription( - oid, createGeneralName(t, v))); - } - if (exttype == 5) { - ext.set(SubjectInfoAccessExtension.NAME, - new SubjectInfoAccessExtension(accessDescriptions)); - } else { - ext.set(AuthorityInfoAccessExtension.NAME, - new AuthorityInfoAccessExtension(accessDescriptions)); - } - } else { - throw new Exception(rb.getString - ("Illegal.value.") + extstr); - } - break; - case 8: // CRL, experimental, only support 1 distributionpoint - if(value != null) { - String[] ps = value.split(","); - GeneralNames gnames = new GeneralNames(); - for(String item: ps) { - colonpos = item.indexOf(':'); - if (colonpos < 0) { - throw new Exception("Illegal item " + item + " in " + extstr); - } - String t = item.substring(0, colonpos); - String v = item.substring(colonpos+1); - gnames.add(createGeneralName(t, v)); - } - ext.set(CRLDistributionPointsExtension.NAME, - new CRLDistributionPointsExtension( - isCritical, Collections.singletonList( - new DistributionPoint(gnames, null, null)))); - } else { - throw new Exception(rb.getString - ("Illegal.value.") + extstr); - } - break; - case -1: - ObjectIdentifier oid = new ObjectIdentifier(name); - byte[] data = null; - if (value != null) { - data = new byte[value.length() / 2 + 1]; - int pos = 0; - for (char c: value.toCharArray()) { - int hex; - if (c >= '0' && c <= '9') { - hex = c - '0' ; - } else if (c >= 'A' && c <= 'F') { - hex = c - 'A' + 10; - } else if (c >= 'a' && c <= 'f') { - hex = c - 'a' + 10; - } else { - continue; - } - if (pos % 2 == 0) { - data[pos/2] = (byte)(hex << 4); - } else { - data[pos/2] += hex; - } - pos++; - } - if (pos % 2 != 0) { - throw new Exception(rb.getString( - "Odd.number.of.hex.digits.found.") + extstr); - } - data = Arrays.copyOf(data, pos/2); - } else { - data = new byte[0]; - } - ext.set(oid.toString(), new Extension(oid, isCritical, - new DerValue(DerValue.tag_OctetString, data) - .toByteArray())); - break; - default: - throw new Exception(rb.getString( - "Unknown.extension.type.") + extstr); - } - } - // always non-critical - ext.set(SubjectKeyIdentifierExtension.NAME, - new SubjectKeyIdentifierExtension( - new KeyIdentifier(pkey).getIdentifier())); - if (akey != null && !pkey.equals(akey)) { - ext.set(AuthorityKeyIdentifierExtension.NAME, - new AuthorityKeyIdentifierExtension( - new KeyIdentifier(akey), null, null)); - } - } catch(IOException e) { - throw new RuntimeException(e); - } - return ext; - } - - /** - * Prints the usage of this tool. - */ - private void usage() { - if (command != null) { - System.err.println("keytool " + command + - rb.getString(".OPTION.")); - System.err.println(); - System.err.println(rb.getString(command.description)); - System.err.println(); - System.err.println(rb.getString("Options.")); - System.err.println(); - - // Left and right sides of the options list - String[] left = new String[command.options.length]; - String[] right = new String[command.options.length]; - - // Check if there's an unknown option - boolean found = false; - - // Length of left side of options list - int lenLeft = 0; - for (int j=0; j<left.length; j++) { - Option opt = command.options[j]; - left[j] = opt.toString(); - if (opt.arg != null) left[j] += " " + opt.arg; - if (left[j].length() > lenLeft) { - lenLeft = left[j].length(); - } - right[j] = rb.getString(opt.description); - } - for (int j=0; j<left.length; j++) { - System.err.printf(" %-" + lenLeft + "s %s\n", - left[j], right[j]); - } - System.err.println(); - System.err.println(rb.getString( - "Use.keytool.help.for.all.available.commands")); - } else { - System.err.println(rb.getString( - "Key.and.Certificate.Management.Tool")); - System.err.println(); - System.err.println(rb.getString("Commands.")); - System.err.println(); - for (Command c: Command.values()) { - if (c == KEYCLONE) break; - System.err.printf(" %-20s%s\n", c, rb.getString(c.description)); - } - System.err.println(); - System.err.println(rb.getString( - "Use.keytool.command.name.help.for.usage.of.command.name")); - } - } - - private void tinyHelp() { - usage(); - if (debug) { - throw new RuntimeException("NO BIG ERROR, SORRY"); - } else { - System.exit(1); - } - } - - private void errorNeedArgument(String flag) { - Object[] source = {flag}; - System.err.println(new MessageFormat( - rb.getString("Command.option.flag.needs.an.argument.")).format(source)); - tinyHelp(); - } - - private char[] getPass(String modifier, String arg) { - char[] output = getPassWithModifier(modifier, arg); - if (output != null) return output; - tinyHelp(); - return null; // Useless, tinyHelp() already exits. - } - - // This method also used by JarSigner - public static char[] getPassWithModifier(String modifier, String arg) { - if (modifier == null) { - return arg.toCharArray(); - } else if (collator.compare(modifier, "env") == 0) { - String value = System.getenv(arg); - if (value == null) { - System.err.println(rb.getString( - "Cannot.find.environment.variable.") + arg); - return null; - } else { - return value.toCharArray(); - } - } else if (collator.compare(modifier, "file") == 0) { - try { - URL url = null; - try { - url = new URL(arg); - } catch (java.net.MalformedURLException mue) { - File f = new File(arg); - if (f.exists()) { - url = f.toURI().toURL(); - } else { - System.err.println(rb.getString( - "Cannot.find.file.") + arg); - return null; - } - } - BufferedReader br = new BufferedReader(new InputStreamReader( - url.openStream())); - String value = br.readLine(); - br.close(); - if (value == null) { - return new char[0]; - } else { - return value.toCharArray(); - } - } catch (IOException ioe) { - System.err.println(ioe); - return null; - } - } else { - System.err.println(rb.getString("Unknown.password.type.") + - modifier); - return null; - } - } -} - -// This class is exactly the same as com.sun.tools.javac.util.Pair, -// it's copied here since the original one is not included in JRE. -class Pair<A, B> { - - public final A fst; - public final B snd; - - public Pair(A fst, B snd) { - this.fst = fst; - this.snd = snd; - } - - public String toString() { - return "Pair[" + fst + "," + snd + "]"; - } - - private static boolean equals(Object x, Object y) { - return (x == null && y == null) || (x != null && x.equals(y)); - } - - public boolean equals(Object other) { - return - other instanceof Pair && - equals(fst, ((Pair)other).fst) && - equals(snd, ((Pair)other).snd); - } - - public int hashCode() { - if (fst == null) return (snd == null) ? 0 : snd.hashCode() + 1; - else if (snd == null) return fst.hashCode() + 2; - else return fst.hashCode() * 17 + snd.hashCode(); - } - - public static <A,B> Pair<A,B> of(A a, B b) { - return new Pair<>(a,b); - } -} -
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/PathList.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,111 @@ +/* + * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools; + +import java.io.File; +import java.io.IOException; +import java.lang.String; +import java.util.StringTokenizer; +import java.net.URL; +import java.net.URLClassLoader; +import java.net.MalformedURLException; + +/** + * A utility class for handle path list + * + */ +public class PathList { + /** + * Utility method for appending path from pathFrom to pathTo. + * + * @param pathTo the target path + * @param pathSource the path to be appended to pathTo + * @return the resulting path + */ + public static String appendPath(String pathTo, String pathFrom) { + if (pathTo == null || pathTo.length() == 0) { + return pathFrom; + } else if (pathFrom == null || pathFrom.length() == 0) { + return pathTo; + } else { + return pathTo + File.pathSeparator + pathFrom; + } + } + + /** + * Utility method for converting a search path string to an array + * of directory and JAR file URLs. + * + * @param path the search path string + * @return the resulting array of directory and JAR file URLs + */ + public static URL[] pathToURLs(String path) { + StringTokenizer st = new StringTokenizer(path, File.pathSeparator); + URL[] urls = new URL[st.countTokens()]; + int count = 0; + while (st.hasMoreTokens()) { + URL url = fileToURL(new File(st.nextToken())); + if (url != null) { + urls[count++] = url; + } + } + if (urls.length != count) { + URL[] tmp = new URL[count]; + System.arraycopy(urls, 0, tmp, 0, count); + urls = tmp; + } + return urls; + } + + /** + * Returns the directory or JAR file URL corresponding to the specified + * local file name. + * + * @param file the File object + * @return the resulting directory or JAR file URL, or null if unknown + */ + private static URL fileToURL(File file) { + String name; + try { + name = file.getCanonicalPath(); + } catch (IOException e) { + name = file.getAbsolutePath(); + } + name = name.replace(File.separatorChar, '/'); + if (!name.startsWith("/")) { + name = "/" + name; + } + // If the file does not exist, then assume that it's a directory + if (!file.isFile()) { + name = name + "/"; + } + try { + return new URL("file", "", name); + } catch (MalformedURLException e) { + throw new IllegalArgumentException("file"); + } + } +}
--- a/src/share/classes/sun/security/tools/TimestampedSigner.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,387 +0,0 @@ -/* - * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.tools; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.net.URI; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.Principal; -import java.security.SecureRandom; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import java.util.List; - -import com.sun.jarsigner.*; -import java.util.Arrays; -import sun.security.pkcs.*; -import sun.security.timestamp.*; -import sun.security.util.*; -import sun.security.x509.*; - -/** - * This class implements a content signing service. - * It generates a timestamped signature for a given content according to - * <a href="http://www.ietf.org/rfc/rfc3161.txt">RFC 3161</a>. - * The signature along with a trusted timestamp and the signer's certificate - * are all packaged into a standard PKCS #7 Signed Data message. - * - * @author Vincent Ryan - */ - -public final class TimestampedSigner extends ContentSigner { - - /* - * Random number generator for creating nonce values - */ - private static final SecureRandom RANDOM; - static { - SecureRandom tmp = null; - try { - tmp = SecureRandom.getInstance("SHA1PRNG"); - } catch (NoSuchAlgorithmException e) { - // should not happen - } - RANDOM = tmp; - } - - /* - * Object identifier for the subject information access X.509 certificate - * extension. - */ - private static final String SUBJECT_INFO_ACCESS_OID = "1.3.6.1.5.5.7.1.11"; - - /* - * Object identifier for the timestamping key purpose. - */ - private static final String KP_TIMESTAMPING_OID = "1.3.6.1.5.5.7.3.8"; - - /* - * Object identifier for extendedKeyUsage extension - */ - private static final String EXTENDED_KEY_USAGE_OID = "2.5.29.37"; - - /* - * Object identifier for the timestamping access descriptors. - */ - private static final ObjectIdentifier AD_TIMESTAMPING_Id; - static { - ObjectIdentifier tmp = null; - try { - tmp = new ObjectIdentifier("1.3.6.1.5.5.7.48.3"); - } catch (IOException e) { - // ignore - } - AD_TIMESTAMPING_Id = tmp; - } - - /* - * Location of the TSA. - */ - private String tsaUrl = null; - - /* - * TSA's X.509 certificate. - */ - private X509Certificate tsaCertificate = null; - - /* - * Generates an SHA-1 hash value for the data to be timestamped. - */ - private MessageDigest messageDigest = null; - - /* - * Parameters for the timestamping protocol. - */ - private boolean tsRequestCertificate = true; - - /** - * Instantiates a content signer that supports timestamped signatures. - */ - public TimestampedSigner() { - } - - /** - * Generates a PKCS #7 signed data message that includes a signature - * timestamp. - * This method is used when a signature has already been generated. - * The signature, a signature timestamp, the signer's certificate chain, - * and optionally the content that was signed, are packaged into a PKCS #7 - * signed data message. - * - * @param parameters The non-null input parameters. - * @param omitContent true if the content should be omitted from the - * signed data message. Otherwise the content is included. - * @param applyTimestamp true if the signature should be timestamped. - * Otherwise timestamping is not performed. - * @return A PKCS #7 signed data message including a signature timestamp. - * @throws NoSuchAlgorithmException The exception is thrown if the signature - * algorithm is unrecognised. - * @throws CertificateException The exception is thrown if an error occurs - * while processing the signer's certificate or the TSA's - * certificate. - * @throws IOException The exception is thrown if an error occurs while - * generating the signature timestamp or while generating the signed - * data message. - * @throws NullPointerException The exception is thrown if parameters is - * null. - */ - public byte[] generateSignedData(ContentSignerParameters parameters, - boolean omitContent, boolean applyTimestamp) - throws NoSuchAlgorithmException, CertificateException, IOException { - - if (parameters == null) { - throw new NullPointerException(); - } - - // Parse the signature algorithm to extract the digest and key - // algorithms. The expected format is: - // "<digest>with<encryption>" - // or "<digest>with<encryption>and<mgf>" - String signatureAlgorithm = parameters.getSignatureAlgorithm(); - String keyAlgorithm = - AlgorithmId.getEncAlgFromSigAlg(signatureAlgorithm); - String digestAlgorithm = - AlgorithmId.getDigAlgFromSigAlg(signatureAlgorithm); - AlgorithmId digestAlgorithmId = AlgorithmId.get(digestAlgorithm); - - // Examine signer's certificate - X509Certificate[] signerCertificateChain = - parameters.getSignerCertificateChain(); - Principal issuerName = signerCertificateChain[0].getIssuerDN(); - if (!(issuerName instanceof X500Name)) { - // must extract the original encoded form of DN for subsequent - // name comparison checks (converting to a String and back to - // an encoded DN could cause the types of String attribute - // values to be changed) - X509CertInfo tbsCert = new - X509CertInfo(signerCertificateChain[0].getTBSCertificate()); - issuerName = (Principal) - tbsCert.get(CertificateIssuerName.NAME + "." + - CertificateIssuerName.DN_NAME); - } - BigInteger serialNumber = signerCertificateChain[0].getSerialNumber(); - - // Include or exclude content - byte[] content = parameters.getContent(); - ContentInfo contentInfo; - if (omitContent) { - contentInfo = new ContentInfo(ContentInfo.DATA_OID, null); - } else { - contentInfo = new ContentInfo(content); - } - - // Generate the timestamp token - byte[] signature = parameters.getSignature(); - SignerInfo signerInfo = null; - if (applyTimestamp) { - - tsaCertificate = parameters.getTimestampingAuthorityCertificate(); - URI tsaUri = parameters.getTimestampingAuthority(); - if (tsaUri != null) { - tsaUrl = tsaUri.toString(); - } else { - // Examine TSA cert - String certUrl = getTimestampingUrl(tsaCertificate); - if (certUrl == null) { - throw new CertificateException( - "Subject Information Access extension not found"); - } - tsaUrl = certUrl; - } - - // Timestamp the signature - byte[] tsToken = generateTimestampToken(signature); - - // Insert the timestamp token into the PKCS #7 signer info element - // (as an unsigned attribute) - PKCS9Attributes unsignedAttrs = - new PKCS9Attributes(new PKCS9Attribute[]{ - new PKCS9Attribute( - PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_STR, - tsToken)}); - signerInfo = new SignerInfo((X500Name)issuerName, serialNumber, - digestAlgorithmId, null, AlgorithmId.get(keyAlgorithm), - signature, unsignedAttrs); - } else { - signerInfo = new SignerInfo((X500Name)issuerName, serialNumber, - digestAlgorithmId, AlgorithmId.get(keyAlgorithm), signature); - } - - SignerInfo[] signerInfos = {signerInfo}; - AlgorithmId[] algorithms = {digestAlgorithmId}; - - // Create the PKCS #7 signed data message - PKCS7 p7 = new PKCS7(algorithms, contentInfo, signerCertificateChain, - null, signerInfos); - ByteArrayOutputStream p7out = new ByteArrayOutputStream(); - p7.encodeSignedData(p7out); - - return p7out.toByteArray(); - } - - /** - * Examine the certificate for a Subject Information Access extension - * (<a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280</a>). - * The extension's <tt>accessMethod</tt> field should contain the object - * identifier defined for timestamping: 1.3.6.1.5.5.7.48.3 and its - * <tt>accessLocation</tt> field should contain an HTTP or HTTPS URL. - * - * @param tsaCertificate An X.509 certificate for the TSA. - * @return An HTTP or HTTPS URL or null if none was found. - */ - public static String getTimestampingUrl(X509Certificate tsaCertificate) { - - if (tsaCertificate == null) { - return null; - } - // Parse the extensions - try { - byte[] extensionValue = - tsaCertificate.getExtensionValue(SUBJECT_INFO_ACCESS_OID); - if (extensionValue == null) { - return null; - } - DerInputStream der = new DerInputStream(extensionValue); - der = new DerInputStream(der.getOctetString()); - DerValue[] derValue = der.getSequence(5); - AccessDescription description; - GeneralName location; - URIName uri; - for (int i = 0; i < derValue.length; i++) { - description = new AccessDescription(derValue[i]); - if (description.getAccessMethod().equals(AD_TIMESTAMPING_Id)) { - location = description.getAccessLocation(); - if (location.getType() == GeneralNameInterface.NAME_URI) { - uri = (URIName) location.getName(); - if (uri.getScheme().equalsIgnoreCase("http") || - uri.getScheme().equalsIgnoreCase("https")) { - return uri.getName(); - } - } - } - } - } catch (IOException ioe) { - // ignore - } - return null; - } - - /* - * Returns a timestamp token from a TSA for the given content. - * Performs a basic check on the token to confirm that it has been signed - * by a certificate that is permitted to sign timestamps. - * - * @param toBeTimestamped The data to be timestamped. - * @throws IOException The exception is throw if an error occurs while - * communicating with the TSA. - * @throws CertificateException The exception is throw if the TSA's - * certificate is not permitted for timestamping. - */ - private byte[] generateTimestampToken(byte[] toBeTimestamped) - throws CertificateException, IOException { - - // Generate hash value for the data to be timestamped - // SHA-1 is always used. - if (messageDigest == null) { - try { - messageDigest = MessageDigest.getInstance("SHA-1"); - } catch (NoSuchAlgorithmException e) { - // ignore - } - } - byte[] digest = messageDigest.digest(toBeTimestamped); - - // Generate a timestamp - TSRequest tsQuery = new TSRequest(digest, "SHA-1"); - // Generate a nonce - BigInteger nonce = null; - if (RANDOM != null) { - nonce = new BigInteger(64, RANDOM); - tsQuery.setNonce(nonce); - } - tsQuery.requestCertificate(tsRequestCertificate); - - Timestamper tsa = new HttpTimestamper(tsaUrl); // use supplied TSA - TSResponse tsReply = tsa.generateTimestamp(tsQuery); - int status = tsReply.getStatusCode(); - // Handle TSP error - if (status != 0 && status != 1) { - int failureCode = tsReply.getFailureCode(); - if (failureCode == -1) { - throw new IOException("Error generating timestamp: " + - tsReply.getStatusCodeAsText()); - } else { - throw new IOException("Error generating timestamp: " + - tsReply.getStatusCodeAsText() + " " + - tsReply.getFailureCodeAsText()); - } - } - PKCS7 tsToken = tsReply.getToken(); - - TimestampToken tst = new TimestampToken(tsToken.getContentInfo().getData()); - if (!tst.getHashAlgorithm().equals( - new AlgorithmId(new ObjectIdentifier("1.3.14.3.2.26")))) { - throw new IOException("Digest algorithm not SHA-1 in timestamp token"); - } - if (!Arrays.equals(tst.getHashedMessage(), digest)) { - throw new IOException("Digest octets changed in timestamp token"); - }; - - BigInteger replyNonce = tst.getNonce(); - if (replyNonce == null && nonce != null) { - throw new IOException("Nonce missing in timestamp token"); - } - if (replyNonce != null && !replyNonce.equals(nonce)) { - throw new IOException("Nonce changed in timestamp token"); - } - - // Examine the TSA's certificate (if present) - for (SignerInfo si: tsToken.getSignerInfos()) { - X509Certificate cert = si.getCertificate(tsToken); - if (cert == null) { - // Error, we've already set tsRequestCertificate = true - throw new CertificateException( - "Certificate not included in timestamp token"); - } else { - if (!cert.getCriticalExtensionOIDs().contains( - EXTENDED_KEY_USAGE_OID)) { - throw new CertificateException( - "Certificate is not valid for timestamping"); - } - List keyPurposes = cert.getExtendedKeyUsage(); - if (keyPurposes == null || - ! keyPurposes.contains(KP_TIMESTAMPING_OID)) { - throw new CertificateException( - "Certificate is not valid for timestamping"); - } - } - } - return tsReply.getEncodedToken(); - } -}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/jarsigner/JarSignerParameters.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,152 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.jarsigner; + +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.net.URI; +import java.util.zip.*; + +import com.sun.jarsigner.ContentSignerParameters; + +class JarSignerParameters implements ContentSignerParameters { + + private String[] args; + private URI tsa; + private X509Certificate tsaCertificate; + private byte[] signature; + private String signatureAlgorithm; + private X509Certificate[] signerCertificateChain; + private byte[] content; + private ZipFile source; + private String tSAPolicyID; + private String tSADigestAlg; + + /** + * Create a new object. + */ + JarSignerParameters(String[] args, URI tsa, X509Certificate tsaCertificate, + String tSAPolicyID, String tSADigestAlg, + byte[] signature, String signatureAlgorithm, + X509Certificate[] signerCertificateChain, byte[] content, + ZipFile source) { + + if (signature == null || signatureAlgorithm == null || + signerCertificateChain == null || tSADigestAlg == null) { + throw new NullPointerException(); + } + this.args = args; + this.tsa = tsa; + this.tsaCertificate = tsaCertificate; + this.tSAPolicyID = tSAPolicyID; + this.tSADigestAlg = tSADigestAlg; + this.signature = signature; + this.signatureAlgorithm = signatureAlgorithm; + this.signerCertificateChain = signerCertificateChain; + this.content = content; + this.source = source; + } + + /** + * Retrieves the command-line arguments. + * + * @return The command-line arguments. May be null. + */ + public String[] getCommandLine() { + return args; + } + + /** + * Retrieves the identifier for a Timestamping Authority (TSA). + * + * @return The TSA identifier. May be null. + */ + public URI getTimestampingAuthority() { + return tsa; + } + + /** + * Retrieves the certificate for a Timestamping Authority (TSA). + * + * @return The TSA certificate. May be null. + */ + public X509Certificate getTimestampingAuthorityCertificate() { + return tsaCertificate; + } + + public String getTSAPolicyID() { + return tSAPolicyID; + } + + public String getTSADigestAlg() { + return tSADigestAlg; + } + + /** + * Retrieves the signature. + * + * @return The non-null signature bytes. + */ + public byte[] getSignature() { + return signature; + } + + /** + * Retrieves the name of the signature algorithm. + * + * @return The non-null string name of the signature algorithm. + */ + public String getSignatureAlgorithm() { + return signatureAlgorithm; + } + + /** + * Retrieves the signer's X.509 certificate chain. + * + * @return The non-null array of X.509 public-key certificates. + */ + public X509Certificate[] getSignerCertificateChain() { + return signerCertificateChain; + } + + /** + * Retrieves the content that was signed. + * + * @return The content bytes. May be null. + */ + public byte[] getContent() { + return content; + } + + /** + * Retrieves the original source ZIP file before it was signed. + * + * @return The original ZIP file. May be null. + */ + public ZipFile getSource() { + return source; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/jarsigner/Main.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,2431 @@ +/* + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.jarsigner; + +import java.io.*; +import java.util.*; +import java.util.zip.*; +import java.util.jar.*; +import java.math.BigInteger; +import java.net.URI; +import java.net.URISyntaxException; +import java.text.Collator; +import java.text.MessageFormat; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.security.cert.CertificateException; +import java.security.*; +import java.lang.reflect.Constructor; + +import com.sun.jarsigner.ContentSigner; +import com.sun.jarsigner.ContentSignerParameters; +import java.net.SocketTimeoutException; +import java.net.URL; +import java.net.URLClassLoader; +import java.security.cert.CertPath; +import java.security.cert.CertPathValidator; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateFactory; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.PKIXParameters; +import java.security.cert.TrustAnchor; +import java.util.Map.Entry; +import sun.security.tools.KeyStoreUtil; +import sun.security.tools.PathList; +import sun.security.x509.*; +import sun.security.util.*; +import sun.misc.BASE64Encoder; + + +/** + * <p>The jarsigner utility. + * + * The exit codes for the main method are: + * + * 0: success + * 1: any error that the jar cannot be signed or verified, including: + * keystore loading error + * TSP communication error + * jarsigner command line error... + * otherwise: error codes from -strict + * + * @author Roland Schemers + * @author Jan Luehe + */ + +public class Main { + + // for i18n + private static final java.util.ResourceBundle rb = + java.util.ResourceBundle.getBundle + ("sun.security.tools.jarsigner.Resources"); + private static final Collator collator = Collator.getInstance(); + static { + // this is for case insensitive string comparisions + collator.setStrength(Collator.PRIMARY); + } + + private static final String META_INF = "META-INF/"; + + private static final Class[] PARAM_STRING = { String.class }; + + private static final String NONE = "NONE"; + private static final String P11KEYSTORE = "PKCS11"; + + private static final long SIX_MONTHS = 180*24*60*60*1000L; //milliseconds + + // Attention: + // This is the entry that get launched by the security tool jarsigner. + public static void main(String args[]) throws Exception { + Main js = new Main(); + js.run(args); + } + + static final String VERSION = "1.0"; + + static final int IN_KEYSTORE = 0x01; // signer is in keystore + static final int IN_SCOPE = 0x02; + static final int NOT_ALIAS = 0x04; // alias list is NOT empty and + // signer is not in alias list + static final int SIGNED_BY_ALIAS = 0x08; // signer is in alias list + + X509Certificate[] certChain; // signer's cert chain (when composing) + PrivateKey privateKey; // private key + KeyStore store; // the keystore specified by -keystore + // or the default keystore, never null + + String keystore; // key store file + boolean nullStream = false; // null keystore input stream (NONE) + boolean token = false; // token-based keystore + String jarfile; // jar files to sign or verify + String alias; // alias to sign jar with + List<String> ckaliases = new ArrayList<>(); // aliases in -verify + char[] storepass; // keystore password + boolean protectedPath; // protected authentication path + String storetype; // keystore type + String providerName; // provider name + Vector<String> providers = null; // list of providers + // arguments for provider constructors + HashMap<String,String> providerArgs = new HashMap<>(); + char[] keypass; // private key password + String sigfile; // name of .SF file + String sigalg; // name of signature algorithm + String digestalg = "SHA-256"; // name of digest algorithm + String signedjar; // output filename + String tsaUrl; // location of the Timestamping Authority + String tsaAlias; // alias for the Timestamping Authority's certificate + String altCertChain; // file to read alternative cert chain from + String tSAPolicyID; + String tSADigestAlg = "SHA-256"; + boolean verify = false; // verify the jar + String verbose = null; // verbose output when signing/verifying + boolean showcerts = false; // show certs when verifying + boolean debug = false; // debug + boolean signManifest = true; // "sign" the whole manifest + boolean externalSF = true; // leave the .SF out of the PKCS7 block + boolean strict = false; // treat warnings as error + + // read zip entry raw bytes + private ByteArrayOutputStream baos = new ByteArrayOutputStream(2048); + private byte[] buffer = new byte[8192]; + private ContentSigner signingMechanism = null; + private String altSignerClass = null; + private String altSignerClasspath = null; + private ZipFile zipFile = null; + + // Informational warnings + private boolean hasExpiringCert = false; + private boolean noTimestamp = false; + private Date expireDate = new Date(0L); // used in noTimestamp warning + + // Severe warnings + private boolean hasExpiredCert = false; + private boolean notYetValidCert = false; + private boolean chainNotValidated = false; + private boolean notSignedByAlias = false; + private boolean aliasNotInStore = false; + private boolean hasUnsignedEntry = false; + private boolean badKeyUsage = false; + private boolean badExtendedKeyUsage = false; + private boolean badNetscapeCertType = false; + + CertificateFactory certificateFactory; + CertPathValidator validator; + PKIXParameters pkixParameters; + + public void run(String args[]) { + try { + parseArgs(args); + + // Try to load and install the specified providers + if (providers != null) { + ClassLoader cl = ClassLoader.getSystemClassLoader(); + Enumeration<String> e = providers.elements(); + while (e.hasMoreElements()) { + String provName = e.nextElement(); + Class<?> provClass; + if (cl != null) { + provClass = cl.loadClass(provName); + } else { + provClass = Class.forName(provName); + } + + String provArg = providerArgs.get(provName); + Object obj; + if (provArg == null) { + obj = provClass.newInstance(); + } else { + Constructor<?> c = + provClass.getConstructor(PARAM_STRING); + obj = c.newInstance(provArg); + } + + if (!(obj instanceof Provider)) { + MessageFormat form = new MessageFormat(rb.getString + ("provName.not.a.provider")); + Object[] source = {provName}; + throw new Exception(form.format(source)); + } + Security.addProvider((Provider)obj); + } + } + + if (verify) { + try { + loadKeyStore(keystore, false); + } catch (Exception e) { + if ((keystore != null) || (storepass != null)) { + System.out.println(rb.getString("jarsigner.error.") + + e.getMessage()); + System.exit(1); + } + } + /* if (debug) { + SignatureFileVerifier.setDebug(true); + ManifestEntryVerifier.setDebug(true); + } + */ + verifyJar(jarfile); + } else { + loadKeyStore(keystore, true); + getAliasInfo(alias); + + // load the alternative signing mechanism + if (altSignerClass != null) { + signingMechanism = loadSigningMechanism(altSignerClass, + altSignerClasspath); + } + signJar(jarfile, alias, args); + } + } catch (Exception e) { + System.out.println(rb.getString("jarsigner.error.") + e); + if (debug) { + e.printStackTrace(); + } + System.exit(1); + } finally { + // zero-out private key password + if (keypass != null) { + Arrays.fill(keypass, ' '); + keypass = null; + } + // zero-out keystore password + if (storepass != null) { + Arrays.fill(storepass, ' '); + storepass = null; + } + } + + if (strict) { + int exitCode = 0; + if (chainNotValidated || hasExpiredCert || notYetValidCert) { + exitCode |= 4; + } + if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType) { + exitCode |= 8; + } + if (hasUnsignedEntry) { + exitCode |= 16; + } + if (notSignedByAlias || aliasNotInStore) { + exitCode |= 32; + } + if (exitCode != 0) { + System.exit(exitCode); + } + } + } + + /* + * Parse command line arguments. + */ + void parseArgs(String args[]) { + /* parse flags */ + int n = 0; + + if (args.length == 0) fullusage(); + for (n=0; n < args.length; n++) { + + String flags = args[n]; + String modifier = null; + if (flags.charAt(0) == '-') { + int pos = flags.indexOf(':'); + if (pos > 0) { + modifier = flags.substring(pos+1); + flags = flags.substring(0, pos); + } + } + + if (collator.compare(flags, "-keystore") == 0) { + if (++n == args.length) usageNoArg(); + keystore = args[n]; + } else if (collator.compare(flags, "-storepass") ==0) { + if (++n == args.length) usageNoArg(); + storepass = getPass(modifier, args[n]); + } else if (collator.compare(flags, "-storetype") ==0) { + if (++n == args.length) usageNoArg(); + storetype = args[n]; + } else if (collator.compare(flags, "-providerName") ==0) { + if (++n == args.length) usageNoArg(); + providerName = args[n]; + } else if ((collator.compare(flags, "-provider") == 0) || + (collator.compare(flags, "-providerClass") == 0)) { + if (++n == args.length) usageNoArg(); + if (providers == null) { + providers = new Vector<String>(3); + } + providers.add(args[n]); + + if (args.length > (n+1)) { + flags = args[n+1]; + if (collator.compare(flags, "-providerArg") == 0) { + if (args.length == (n+2)) usageNoArg(); + providerArgs.put(args[n], args[n+2]); + n += 2; + } + } + } else if (collator.compare(flags, "-protected") ==0) { + protectedPath = true; + } else if (collator.compare(flags, "-certchain") ==0) { + if (++n == args.length) usageNoArg(); + altCertChain = args[n]; + } else if (collator.compare(flags, "-tsapolicyid") ==0) { + if (++n == args.length) usageNoArg(); + tSAPolicyID = args[n]; + } else if (collator.compare(flags, "-tsadigestalg") ==0) { + if (++n == args.length) usageNoArg(); + tSADigestAlg = args[n]; + } else if (collator.compare(flags, "-debug") ==0) { + debug = true; + } else if (collator.compare(flags, "-keypass") ==0) { + if (++n == args.length) usageNoArg(); + keypass = getPass(modifier, args[n]); + } else if (collator.compare(flags, "-sigfile") ==0) { + if (++n == args.length) usageNoArg(); + sigfile = args[n]; + } else if (collator.compare(flags, "-signedjar") ==0) { + if (++n == args.length) usageNoArg(); + signedjar = args[n]; + } else if (collator.compare(flags, "-tsa") ==0) { + if (++n == args.length) usageNoArg(); + tsaUrl = args[n]; + } else if (collator.compare(flags, "-tsacert") ==0) { + if (++n == args.length) usageNoArg(); + tsaAlias = args[n]; + } else if (collator.compare(flags, "-altsigner") ==0) { + if (++n == args.length) usageNoArg(); + altSignerClass = args[n]; + } else if (collator.compare(flags, "-altsignerpath") ==0) { + if (++n == args.length) usageNoArg(); + altSignerClasspath = args[n]; + } else if (collator.compare(flags, "-sectionsonly") ==0) { + signManifest = false; + } else if (collator.compare(flags, "-internalsf") ==0) { + externalSF = false; + } else if (collator.compare(flags, "-verify") ==0) { + verify = true; + } else if (collator.compare(flags, "-verbose") ==0) { + verbose = (modifier != null) ? modifier : "all"; + } else if (collator.compare(flags, "-sigalg") ==0) { + if (++n == args.length) usageNoArg(); + sigalg = args[n]; + } else if (collator.compare(flags, "-digestalg") ==0) { + if (++n == args.length) usageNoArg(); + digestalg = args[n]; + } else if (collator.compare(flags, "-certs") ==0) { + showcerts = true; + } else if (collator.compare(flags, "-strict") ==0) { + strict = true; + } else if (collator.compare(flags, "-h") == 0 || + collator.compare(flags, "-help") == 0) { + fullusage(); + } else { + if (!flags.startsWith("-")) { + if (jarfile == null) { + jarfile = flags; + } else { + alias = flags; + ckaliases.add(alias); + } + } else { + System.err.println( + rb.getString("Illegal.option.") + flags); + usage(); + } + } + } + + // -certs must always be specified with -verbose + if (verbose == null) showcerts = false; + + if (jarfile == null) { + System.err.println(rb.getString("Please.specify.jarfile.name")); + usage(); + } + if (!verify && alias == null) { + System.err.println(rb.getString("Please.specify.alias.name")); + usage(); + } + if (!verify && ckaliases.size() > 1) { + System.err.println(rb.getString("Only.one.alias.can.be.specified")); + usage(); + } + + if (storetype == null) { + storetype = KeyStore.getDefaultType(); + } + storetype = KeyStoreUtil.niceStoreTypeName(storetype); + + try { + if (signedjar != null && new File(signedjar).getCanonicalPath().equals( + new File(jarfile).getCanonicalPath())) { + signedjar = null; + } + } catch (IOException ioe) { + // File system error? + // Just ignore it. + } + + if (P11KEYSTORE.equalsIgnoreCase(storetype) || + KeyStoreUtil.isWindowsKeyStore(storetype)) { + token = true; + if (keystore == null) { + keystore = NONE; + } + } + + if (NONE.equals(keystore)) { + nullStream = true; + } + + if (token && !nullStream) { + System.err.println(MessageFormat.format(rb.getString + (".keystore.must.be.NONE.if.storetype.is.{0}"), storetype)); + usage(); + } + + if (token && keypass != null) { + System.err.println(MessageFormat.format(rb.getString + (".keypass.can.not.be.specified.if.storetype.is.{0}"), storetype)); + usage(); + } + + if (protectedPath) { + if (storepass != null || keypass != null) { + System.err.println(rb.getString + ("If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified")); + usage(); + } + } + if (KeyStoreUtil.isWindowsKeyStore(storetype)) { + if (storepass != null || keypass != null) { + System.err.println(rb.getString + ("If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified")); + usage(); + } + } + } + + static char[] getPass(String modifier, String arg) { + char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb); + if (output != null) return output; + usage(); + return null; // Useless, usage() already exit + } + + static void usageNoArg() { + System.out.println(rb.getString("Option.lacks.argument")); + usage(); + } + + static void usage() { + System.out.println(); + System.out.println(rb.getString("Please.type.jarsigner.help.for.usage")); + System.exit(1); + } + + static void fullusage() { + System.out.println(rb.getString + ("Usage.jarsigner.options.jar.file.alias")); + System.out.println(rb.getString + (".jarsigner.verify.options.jar.file.alias.")); + System.out.println(); + System.out.println(rb.getString + (".keystore.url.keystore.location")); + System.out.println(); + System.out.println(rb.getString + (".storepass.password.password.for.keystore.integrity")); + System.out.println(); + System.out.println(rb.getString + (".storetype.type.keystore.type")); + System.out.println(); + System.out.println(rb.getString + (".keypass.password.password.for.private.key.if.different.")); + System.out.println(); + System.out.println(rb.getString + (".certchain.file.name.of.alternative.certchain.file")); + System.out.println(); + System.out.println(rb.getString + (".sigfile.file.name.of.SF.DSA.file")); + System.out.println(); + System.out.println(rb.getString + (".signedjar.file.name.of.signed.JAR.file")); + System.out.println(); + System.out.println(rb.getString + (".digestalg.algorithm.name.of.digest.algorithm")); + System.out.println(); + System.out.println(rb.getString + (".sigalg.algorithm.name.of.signature.algorithm")); + System.out.println(); + System.out.println(rb.getString + (".verify.verify.a.signed.JAR.file")); + System.out.println(); + System.out.println(rb.getString + (".verbose.suboptions.verbose.output.when.signing.verifying.")); + System.out.println(rb.getString + (".suboptions.can.be.all.grouped.or.summary")); + System.out.println(); + System.out.println(rb.getString + (".certs.display.certificates.when.verbose.and.verifying")); + System.out.println(); + System.out.println(rb.getString + (".tsa.url.location.of.the.Timestamping.Authority")); + System.out.println(); + System.out.println(rb.getString + (".tsacert.alias.public.key.certificate.for.Timestamping.Authority")); + System.out.println(); + System.out.println(rb.getString + (".tsapolicyid.tsapolicyid.for.Timestamping.Authority")); + System.out.println(); + System.out.println(rb.getString + (".tsadigestalg.algorithm.of.digest.data.in.timestamping.request")); + System.out.println(); + System.out.println(rb.getString + (".altsigner.class.class.name.of.an.alternative.signing.mechanism")); + System.out.println(); + System.out.println(rb.getString + (".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism")); + System.out.println(); + System.out.println(rb.getString + (".internalsf.include.the.SF.file.inside.the.signature.block")); + System.out.println(); + System.out.println(rb.getString + (".sectionsonly.don.t.compute.hash.of.entire.manifest")); + System.out.println(); + System.out.println(rb.getString + (".protected.keystore.has.protected.authentication.path")); + System.out.println(); + System.out.println(rb.getString + (".providerName.name.provider.name")); + System.out.println(); + System.out.println(rb.getString + (".providerClass.class.name.of.cryptographic.service.provider.s")); + System.out.println(rb.getString + (".providerArg.arg.master.class.file.and.constructor.argument")); + System.out.println(); + System.out.println(rb.getString + (".strict.treat.warnings.as.errors")); + System.out.println(); + + System.exit(0); + } + + void verifyJar(String jarName) + throws Exception + { + boolean anySigned = false; // if there exists entry inside jar signed + JarFile jf = null; + + try { + jf = new JarFile(jarName, true); + Vector<JarEntry> entriesVec = new Vector<>(); + byte[] buffer = new byte[8192]; + + Enumeration<JarEntry> entries = jf.entries(); + while (entries.hasMoreElements()) { + JarEntry je = entries.nextElement(); + entriesVec.addElement(je); + InputStream is = null; + try { + is = jf.getInputStream(je); + int n; + while ((n = is.read(buffer, 0, buffer.length)) != -1) { + // we just read. this will throw a SecurityException + // if a signature/digest check fails. + } + } finally { + if (is != null) { + is.close(); + } + } + } + + Manifest man = jf.getManifest(); + + // The map to record display info, only used when -verbose provided + // key: signer info string + // value: the list of files with common key + Map<String,List<String>> output = new LinkedHashMap<>(); + + if (man != null) { + if (verbose != null) System.out.println(); + Enumeration<JarEntry> e = entriesVec.elements(); + + String tab = rb.getString("6SPACE"); + + while (e.hasMoreElements()) { + JarEntry je = e.nextElement(); + String name = je.getName(); + CodeSigner[] signers = je.getCodeSigners(); + boolean isSigned = (signers != null); + anySigned |= isSigned; + hasUnsignedEntry |= !je.isDirectory() && !isSigned + && !signatureRelated(name); + + int inStoreOrScope = inKeyStore(signers); + + boolean inStore = (inStoreOrScope & IN_KEYSTORE) != 0; + boolean inScope = (inStoreOrScope & IN_SCOPE) != 0; + + notSignedByAlias |= (inStoreOrScope & NOT_ALIAS) != 0; + if (keystore != null) { + aliasNotInStore |= isSigned && (!inStore && !inScope); + } + + // Only used when -verbose provided + StringBuffer sb = null; + if (verbose != null) { + sb = new StringBuffer(); + boolean inManifest = + ((man.getAttributes(name) != null) || + (man.getAttributes("./"+name) != null) || + (man.getAttributes("/"+name) != null)); + sb.append( + (isSigned ? rb.getString("s") : rb.getString("SPACE")) + + (inManifest ? rb.getString("m") : rb.getString("SPACE")) + + (inStore ? rb.getString("k") : rb.getString("SPACE")) + + (inScope ? rb.getString("i") : rb.getString("SPACE")) + + ((inStoreOrScope & NOT_ALIAS) != 0 ?"X":" ") + + rb.getString("SPACE")); + sb.append("|"); + } + + // When -certs provided, display info has extra empty + // lines at the beginning and end. + if (isSigned) { + if (showcerts) sb.append('\n'); + for (CodeSigner signer: signers) { + // signerInfo() must be called even if -verbose + // not provided. The method updates various + // warning flags. + String si = signerInfo(signer, tab); + if (showcerts) { + sb.append(si); + sb.append('\n'); + } + } + } else if (showcerts && !verbose.equals("all")) { + // Print no info for unsigned entries when -verbose:all, + // to be consistent with old behavior. + if (signatureRelated(name)) { + sb.append("\n" + tab + rb.getString( + ".Signature.related.entries.") + "\n\n"); + } else { + sb.append("\n" + tab + rb.getString( + ".Unsigned.entries.") + "\n\n"); + } + } + + if (verbose != null) { + String label = sb.toString(); + if (signatureRelated(name)) { + // Entries inside META-INF and other unsigned + // entries are grouped separately. + label = "-" + label; + } + + // The label finally contains 2 parts separated by '|': + // The legend displayed before the entry names, and + // the cert info (if -certs specfied). + + if (!output.containsKey(label)) { + output.put(label, new ArrayList<String>()); + } + + StringBuffer fb = new StringBuffer(); + String s = Long.toString(je.getSize()); + for (int i = 6 - s.length(); i > 0; --i) { + fb.append(' '); + } + fb.append(s).append(' '). + append(new Date(je.getTime()).toString()); + fb.append(' ').append(name); + + output.get(label).add(fb.toString()); + } + } + } + if (verbose != null) { + for (Entry<String,List<String>> s: output.entrySet()) { + List<String> files = s.getValue(); + String key = s.getKey(); + if (key.charAt(0) == '-') { // the signature-related group + key = key.substring(1); + } + int pipe = key.indexOf('|'); + if (verbose.equals("all")) { + for (String f: files) { + System.out.println(key.substring(0, pipe) + f); + System.out.printf(key.substring(pipe+1)); + } + } else { + if (verbose.equals("grouped")) { + for (String f: files) { + System.out.println(key.substring(0, pipe) + f); + } + } else if (verbose.equals("summary")) { + System.out.print(key.substring(0, pipe)); + if (files.size() > 1) { + System.out.println(files.get(0) + " " + + String.format(rb.getString( + ".and.d.more."), files.size()-1)); + } else { + System.out.println(files.get(0)); + } + } + System.out.printf(key.substring(pipe+1)); + } + } + System.out.println(); + System.out.println(rb.getString( + ".s.signature.was.verified.")); + System.out.println(rb.getString( + ".m.entry.is.listed.in.manifest")); + System.out.println(rb.getString( + ".k.at.least.one.certificate.was.found.in.keystore")); + System.out.println(rb.getString( + ".i.at.least.one.certificate.was.found.in.identity.scope")); + if (ckaliases.size() > 0) { + System.out.println(rb.getString( + ".X.not.signed.by.specified.alias.es.")); + } + System.out.println(); + } + if (man == null) + System.out.println(rb.getString("no.manifest.")); + + if (!anySigned) { + System.out.println(rb.getString( + "jar.is.unsigned.signatures.missing.or.not.parsable.")); + } else { + boolean warningAppeared = false; + boolean errorAppeared = false; + if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType || + notYetValidCert || chainNotValidated || hasExpiredCert || + hasUnsignedEntry || + aliasNotInStore || notSignedByAlias) { + + if (strict) { + System.out.println(rb.getString("jar.verified.with.signer.errors.")); + System.out.println(); + System.out.println(rb.getString("Error.")); + errorAppeared = true; + } else { + System.out.println(rb.getString("jar.verified.")); + System.out.println(); + System.out.println(rb.getString("Warning.")); + warningAppeared = true; + } + + if (badKeyUsage) { + System.out.println( + rb.getString("This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.")); + } + + if (badExtendedKeyUsage) { + System.out.println( + rb.getString("This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.")); + } + + if (badNetscapeCertType) { + System.out.println( + rb.getString("This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.")); + } + + if (hasUnsignedEntry) { + System.out.println(rb.getString( + "This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.")); + } + if (hasExpiredCert) { + System.out.println(rb.getString( + "This.jar.contains.entries.whose.signer.certificate.has.expired.")); + } + if (notYetValidCert) { + System.out.println(rb.getString( + "This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid.")); + } + + if (chainNotValidated) { + System.out.println( + rb.getString("This.jar.contains.entries.whose.certificate.chain.is.not.validated.")); + } + + if (notSignedByAlias) { + System.out.println( + rb.getString("This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es.")); + } + + if (aliasNotInStore) { + System.out.println(rb.getString("This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore.")); + } + } else { + System.out.println(rb.getString("jar.verified.")); + } + if (hasExpiringCert || noTimestamp) { + if (!warningAppeared) { + System.out.println(); + System.out.println(rb.getString("Warning.")); + warningAppeared = true; + } + if (hasExpiringCert) { + System.out.println(rb.getString( + "This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months.")); + } + if (noTimestamp) { + System.out.println( + String.format(rb.getString("no.timestamp.verifying"), expireDate)); + } + } + if (warningAppeared || errorAppeared) { + if (! (verbose != null && showcerts)) { + System.out.println(); + System.out.println(rb.getString( + "Re.run.with.the.verbose.and.certs.options.for.more.details.")); + } + } + } + return; + } catch (Exception e) { + System.out.println(rb.getString("jarsigner.") + e); + if (debug) { + e.printStackTrace(); + } + } finally { // close the resource + if (jf != null) { + jf.close(); + } + } + + System.exit(1); + } + + private static MessageFormat validityTimeForm = null; + private static MessageFormat notYetTimeForm = null; + private static MessageFormat expiredTimeForm = null; + private static MessageFormat expiringTimeForm = null; + + /* + * Display some details about a certificate: + * + * [<tab>] <cert-type> [", " <subject-DN>] [" (" <keystore-entry-alias> ")"] + * [<validity-period> | <expiry-warning>] + * + * Note: no newline character at the end + */ + String printCert(String tab, Certificate c, boolean checkValidityPeriod, + Date timestamp, boolean checkUsage) { + + StringBuilder certStr = new StringBuilder(); + String space = rb.getString("SPACE"); + X509Certificate x509Cert = null; + + if (c instanceof X509Certificate) { + x509Cert = (X509Certificate) c; + certStr.append(tab).append(x509Cert.getType()) + .append(rb.getString("COMMA")) + .append(x509Cert.getSubjectDN().getName()); + } else { + certStr.append(tab).append(c.getType()); + } + + String alias = storeHash.get(c); + if (alias != null) { + certStr.append(space).append(alias); + } + + if (checkValidityPeriod && x509Cert != null) { + + certStr.append("\n").append(tab).append("["); + Date notAfter = x509Cert.getNotAfter(); + try { + boolean printValidity = true; + if (timestamp == null) { + if (expireDate.getTime() == 0 || expireDate.after(notAfter)) { + expireDate = notAfter; + } + x509Cert.checkValidity(); + // test if cert will expire within six months + if (notAfter.getTime() < System.currentTimeMillis() + SIX_MONTHS) { + hasExpiringCert = true; + if (expiringTimeForm == null) { + expiringTimeForm = new MessageFormat( + rb.getString("certificate.will.expire.on")); + } + Object[] source = { notAfter }; + certStr.append(expiringTimeForm.format(source)); + printValidity = false; + } + } else { + x509Cert.checkValidity(timestamp); + } + if (printValidity) { + if (validityTimeForm == null) { + validityTimeForm = new MessageFormat( + rb.getString("certificate.is.valid.from")); + } + Object[] source = { x509Cert.getNotBefore(), notAfter }; + certStr.append(validityTimeForm.format(source)); + } + } catch (CertificateExpiredException cee) { + hasExpiredCert = true; + + if (expiredTimeForm == null) { + expiredTimeForm = new MessageFormat( + rb.getString("certificate.expired.on")); + } + Object[] source = { notAfter }; + certStr.append(expiredTimeForm.format(source)); + + } catch (CertificateNotYetValidException cnyve) { + notYetValidCert = true; + + if (notYetTimeForm == null) { + notYetTimeForm = new MessageFormat( + rb.getString("certificate.is.not.valid.until")); + } + Object[] source = { x509Cert.getNotBefore() }; + certStr.append(notYetTimeForm.format(source)); + } + certStr.append("]"); + + if (checkUsage) { + boolean[] bad = new boolean[3]; + checkCertUsage(x509Cert, bad); + if (bad[0] || bad[1] || bad[2]) { + String x = ""; + if (bad[0]) { + x ="KeyUsage"; + } + if (bad[1]) { + if (x.length() > 0) x = x + ", "; + x = x + "ExtendedKeyUsage"; + } + if (bad[2]) { + if (x.length() > 0) x = x + ", "; + x = x + "NetscapeCertType"; + } + certStr.append("\n").append(tab) + .append(MessageFormat.format(rb.getString( + ".{0}.extension.does.not.support.code.signing."), x)); + } + } + } + return certStr.toString(); + } + + private static MessageFormat signTimeForm = null; + + private String printTimestamp(String tab, Timestamp timestamp) { + + if (signTimeForm == null) { + signTimeForm = + new MessageFormat(rb.getString("entry.was.signed.on")); + } + Object[] source = { timestamp.getTimestamp() }; + + return new StringBuilder().append(tab).append("[") + .append(signTimeForm.format(source)).append("]").toString(); + } + + private Map<CodeSigner,Integer> cacheForInKS = new IdentityHashMap<>(); + + private int inKeyStoreForOneSigner(CodeSigner signer) { + if (cacheForInKS.containsKey(signer)) { + return cacheForInKS.get(signer); + } + + boolean found = false; + int result = 0; + List<? extends Certificate> certs = signer.getSignerCertPath().getCertificates(); + for (Certificate c : certs) { + String alias = storeHash.get(c); + if (alias != null) { + if (alias.startsWith("(")) { + result |= IN_KEYSTORE; + } else if (alias.startsWith("[")) { + result |= IN_SCOPE; + } + if (ckaliases.contains(alias.substring(1, alias.length() - 1))) { + result |= SIGNED_BY_ALIAS; + } + } else { + if (store != null) { + try { + alias = store.getCertificateAlias(c); + } catch (KeyStoreException kse) { + // never happens, because keystore has been loaded + } + if (alias != null) { + storeHash.put(c, "(" + alias + ")"); + found = true; + result |= IN_KEYSTORE; + } + } + if (ckaliases.contains(alias)) { + result |= SIGNED_BY_ALIAS; + } + } + } + cacheForInKS.put(signer, result); + return result; + } + + Hashtable<Certificate, String> storeHash = new Hashtable<>(); + + int inKeyStore(CodeSigner[] signers) { + + if (signers == null) + return 0; + + int output = 0; + + for (CodeSigner signer: signers) { + int result = inKeyStoreForOneSigner(signer); + output |= result; + } + if (ckaliases.size() > 0 && (output & SIGNED_BY_ALIAS) == 0) { + output |= NOT_ALIAS; + } + return output; + } + + void signJar(String jarName, String alias, String[] args) + throws Exception { + boolean aliasUsed = false; + X509Certificate tsaCert = null; + + if (sigfile == null) { + sigfile = alias; + aliasUsed = true; + } + + if (sigfile.length() > 8) { + sigfile = sigfile.substring(0, 8).toUpperCase(Locale.ENGLISH); + } else { + sigfile = sigfile.toUpperCase(Locale.ENGLISH); + } + + StringBuilder tmpSigFile = new StringBuilder(sigfile.length()); + for (int j = 0; j < sigfile.length(); j++) { + char c = sigfile.charAt(j); + if (! + ((c>= 'A' && c<= 'Z') || + (c>= '0' && c<= '9') || + (c == '-') || + (c == '_'))) { + if (aliasUsed) { + // convert illegal characters from the alias to be _'s + c = '_'; + } else { + throw new + RuntimeException(rb.getString + ("signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.")); + } + } + tmpSigFile.append(c); + } + + sigfile = tmpSigFile.toString(); + + String tmpJarName; + if (signedjar == null) tmpJarName = jarName+".sig"; + else tmpJarName = signedjar; + + File jarFile = new File(jarName); + File signedJarFile = new File(tmpJarName); + + // Open the jar (zip) file + try { + zipFile = new ZipFile(jarName); + } catch (IOException ioe) { + error(rb.getString("unable.to.open.jar.file.")+jarName, ioe); + } + + FileOutputStream fos = null; + try { + fos = new FileOutputStream(signedJarFile); + } catch (IOException ioe) { + error(rb.getString("unable.to.create.")+tmpJarName, ioe); + } + + PrintStream ps = new PrintStream(fos); + ZipOutputStream zos = new ZipOutputStream(ps); + + /* First guess at what they might be - we don't xclude RSA ones. */ + String sfFilename = (META_INF + sigfile + ".SF").toUpperCase(Locale.ENGLISH); + String bkFilename = (META_INF + sigfile + ".DSA").toUpperCase(Locale.ENGLISH); + + Manifest manifest = new Manifest(); + Map<String,Attributes> mfEntries = manifest.getEntries(); + + // The Attributes of manifest before updating + Attributes oldAttr = null; + + boolean mfModified = false; + boolean mfCreated = false; + byte[] mfRawBytes = null; + + try { + MessageDigest digests[] = { MessageDigest.getInstance(digestalg) }; + + // Check if manifest exists + ZipEntry mfFile; + if ((mfFile = getManifestFile(zipFile)) != null) { + // Manifest exists. Read its raw bytes. + mfRawBytes = getBytes(zipFile, mfFile); + manifest.read(new ByteArrayInputStream(mfRawBytes)); + oldAttr = (Attributes)(manifest.getMainAttributes().clone()); + } else { + // Create new manifest + Attributes mattr = manifest.getMainAttributes(); + mattr.putValue(Attributes.Name.MANIFEST_VERSION.toString(), + "1.0"); + String javaVendor = System.getProperty("java.vendor"); + String jdkVersion = System.getProperty("java.version"); + mattr.putValue("Created-By", jdkVersion + " (" +javaVendor + + ")"); + mfFile = new ZipEntry(JarFile.MANIFEST_NAME); + mfCreated = true; + } + + /* + * For each entry in jar + * (except for signature-related META-INF entries), + * do the following: + * + * - if entry is not contained in manifest, add it to manifest; + * - if entry is contained in manifest, calculate its hash and + * compare it with the one in the manifest; if they are + * different, replace the hash in the manifest with the newly + * generated one. (This may invalidate existing signatures!) + */ + BASE64Encoder encoder = new JarBASE64Encoder(); + Vector<ZipEntry> mfFiles = new Vector<>(); + + boolean wasSigned = false; + + for (Enumeration<? extends ZipEntry> enum_=zipFile.entries(); + enum_.hasMoreElements();) { + ZipEntry ze = enum_.nextElement(); + + if (ze.getName().startsWith(META_INF)) { + // Store META-INF files in vector, so they can be written + // out first + mfFiles.addElement(ze); + + if (SignatureFileVerifier.isBlockOrSF( + ze.getName().toUpperCase(Locale.ENGLISH))) { + wasSigned = true; + } + + if (signatureRelated(ze.getName())) { + // ignore signature-related and manifest files + continue; + } + } + + if (manifest.getAttributes(ze.getName()) != null) { + // jar entry is contained in manifest, check and + // possibly update its digest attributes + if (updateDigests(ze, zipFile, digests, encoder, + manifest) == true) { + mfModified = true; + } + } else if (!ze.isDirectory()) { + // Add entry to manifest + Attributes attrs = getDigestAttributes(ze, zipFile, + digests, + encoder); + mfEntries.put(ze.getName(), attrs); + mfModified = true; + } + } + + // Recalculate the manifest raw bytes if necessary + if (mfModified) { + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + manifest.write(baos); + if (wasSigned) { + byte[] newBytes = baos.toByteArray(); + if (mfRawBytes != null + && oldAttr.equals(manifest.getMainAttributes())) { + + /* + * Note: + * + * The Attributes object is based on HashMap and can handle + * continuation columns. Therefore, even if the contents are + * not changed (in a Map view), the bytes that it write() + * may be different from the original bytes that it read() + * from. Since the signature on the main attributes is based + * on raw bytes, we must retain the exact bytes. + */ + + int newPos = findHeaderEnd(newBytes); + int oldPos = findHeaderEnd(mfRawBytes); + + if (newPos == oldPos) { + System.arraycopy(mfRawBytes, 0, newBytes, 0, oldPos); + } else { + // cat oldHead newTail > newBytes + byte[] lastBytes = new byte[oldPos + + newBytes.length - newPos]; + System.arraycopy(mfRawBytes, 0, lastBytes, 0, oldPos); + System.arraycopy(newBytes, newPos, lastBytes, oldPos, + newBytes.length - newPos); + newBytes = lastBytes; + } + } + mfRawBytes = newBytes; + } else { + mfRawBytes = baos.toByteArray(); + } + } + + // Write out the manifest + if (mfModified) { + // manifest file has new length + mfFile = new ZipEntry(JarFile.MANIFEST_NAME); + } + if (verbose != null) { + if (mfCreated) { + System.out.println(rb.getString(".adding.") + + mfFile.getName()); + } else if (mfModified) { + System.out.println(rb.getString(".updating.") + + mfFile.getName()); + } + } + zos.putNextEntry(mfFile); + zos.write(mfRawBytes); + + // Calculate SignatureFile (".SF") and SignatureBlockFile + ManifestDigester manDig = new ManifestDigester(mfRawBytes); + SignatureFile sf = new SignatureFile(digests, manifest, manDig, + sigfile, signManifest); + + if (tsaAlias != null) { + tsaCert = getTsaCert(tsaAlias); + } + + if (tsaUrl == null && tsaCert == null) { + noTimestamp = true; + } + + SignatureFile.Block block = null; + + try { + block = + sf.generateBlock(privateKey, sigalg, certChain, + externalSF, tsaUrl, tsaCert, tSAPolicyID, tSADigestAlg, + signingMechanism, args, zipFile); + } catch (SocketTimeoutException e) { + // Provide a helpful message when TSA is beyond a firewall + error(rb.getString("unable.to.sign.jar.") + + rb.getString("no.response.from.the.Timestamping.Authority.") + + "\n -J-Dhttp.proxyHost=<hostname>" + + "\n -J-Dhttp.proxyPort=<portnumber>\n" + + rb.getString("or") + + "\n -J-Dhttps.proxyHost=<hostname> " + + "\n -J-Dhttps.proxyPort=<portnumber> ", e); + } + + sfFilename = sf.getMetaName(); + bkFilename = block.getMetaName(); + + ZipEntry sfFile = new ZipEntry(sfFilename); + ZipEntry bkFile = new ZipEntry(bkFilename); + + long time = System.currentTimeMillis(); + sfFile.setTime(time); + bkFile.setTime(time); + + // signature file + zos.putNextEntry(sfFile); + sf.write(zos); + if (verbose != null) { + if (zipFile.getEntry(sfFilename) != null) { + System.out.println(rb.getString(".updating.") + + sfFilename); + } else { + System.out.println(rb.getString(".adding.") + + sfFilename); + } + } + + if (verbose != null) { + if (tsaUrl != null || tsaCert != null) { + System.out.println( + rb.getString("requesting.a.signature.timestamp")); + } + if (tsaUrl != null) { + System.out.println(rb.getString("TSA.location.") + tsaUrl); + } + if (tsaCert != null) { + URI tsaURI = TimestampedSigner.getTimestampingURI(tsaCert); + if (tsaURI != null) { + System.out.println(rb.getString("TSA.location.") + + tsaURI); + } + System.out.println(rb.getString("TSA.certificate.") + + printCert("", tsaCert, false, null, false)); + } + if (signingMechanism != null) { + System.out.println( + rb.getString("using.an.alternative.signing.mechanism")); + } + } + + // signature block file + zos.putNextEntry(bkFile); + block.write(zos); + if (verbose != null) { + if (zipFile.getEntry(bkFilename) != null) { + System.out.println(rb.getString(".updating.") + + bkFilename); + } else { + System.out.println(rb.getString(".adding.") + + bkFilename); + } + } + + // Write out all other META-INF files that we stored in the + // vector + for (int i=0; i<mfFiles.size(); i++) { + ZipEntry ze = mfFiles.elementAt(i); + if (!ze.getName().equalsIgnoreCase(JarFile.MANIFEST_NAME) + && !ze.getName().equalsIgnoreCase(sfFilename) + && !ze.getName().equalsIgnoreCase(bkFilename)) { + writeEntry(zipFile, zos, ze); + } + } + + // Write out all other files + for (Enumeration<? extends ZipEntry> enum_=zipFile.entries(); + enum_.hasMoreElements();) { + ZipEntry ze = enum_.nextElement(); + + if (!ze.getName().startsWith(META_INF)) { + if (verbose != null) { + if (manifest.getAttributes(ze.getName()) != null) + System.out.println(rb.getString(".signing.") + + ze.getName()); + else + System.out.println(rb.getString(".adding.") + + ze.getName()); + } + writeEntry(zipFile, zos, ze); + } + } + } catch(IOException ioe) { + error(rb.getString("unable.to.sign.jar.")+ioe, ioe); + } finally { + // close the resouces + if (zipFile != null) { + zipFile.close(); + zipFile = null; + } + + if (zos != null) { + zos.close(); + } + } + + // no IOException thrown in the follow try clause, so disable + // the try clause. + // try { + if (signedjar == null) { + // attempt an atomic rename. If that fails, + // rename the original jar file, then the signed + // one, then delete the original. + if (!signedJarFile.renameTo(jarFile)) { + File origJar = new File(jarName+".orig"); + + if (jarFile.renameTo(origJar)) { + if (signedJarFile.renameTo(jarFile)) { + origJar.delete(); + } else { + MessageFormat form = new MessageFormat(rb.getString + ("attempt.to.rename.signedJarFile.to.jarFile.failed")); + Object[] source = {signedJarFile, jarFile}; + error(form.format(source)); + } + } else { + MessageFormat form = new MessageFormat(rb.getString + ("attempt.to.rename.jarFile.to.origJar.failed")); + Object[] source = {jarFile, origJar}; + error(form.format(source)); + } + } + } + + boolean warningAppeared = false; + if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType || + notYetValidCert || chainNotValidated || hasExpiredCert) { + if (strict) { + System.out.println(rb.getString("jar.signed.with.signer.errors.")); + System.out.println(); + System.out.println(rb.getString("Error.")); + } else { + System.out.println(rb.getString("jar.signed.")); + System.out.println(); + System.out.println(rb.getString("Warning.")); + warningAppeared = true; + } + + if (badKeyUsage) { + System.out.println( + rb.getString("The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.")); + } + + if (badExtendedKeyUsage) { + System.out.println( + rb.getString("The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.")); + } + + if (badNetscapeCertType) { + System.out.println( + rb.getString("The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.")); + } + + if (hasExpiredCert) { + System.out.println( + rb.getString("The.signer.certificate.has.expired.")); + } else if (notYetValidCert) { + System.out.println( + rb.getString("The.signer.certificate.is.not.yet.valid.")); + } + + if (chainNotValidated) { + System.out.println( + rb.getString("The.signer.s.certificate.chain.is.not.validated.")); + } + } else { + System.out.println(rb.getString("jar.signed.")); + } + if (hasExpiringCert || noTimestamp) { + if (!warningAppeared) { + System.out.println(); + System.out.println(rb.getString("Warning.")); + } + + if (hasExpiringCert) { + System.out.println( + rb.getString("The.signer.certificate.will.expire.within.six.months.")); + } + + if (noTimestamp) { + System.out.println( + String.format(rb.getString("no.timestamp.signing"), expireDate)); + } + } + + // no IOException thrown in the above try clause, so disable + // the catch clause. + // } catch(IOException ioe) { + // error(rb.getString("unable.to.sign.jar.")+ioe, ioe); + // } + } + + /** + * Find the length of header inside bs. The header is a multiple (>=0) + * lines of attributes plus an empty line. The empty line is included + * in the header. + */ + @SuppressWarnings("fallthrough") + private int findHeaderEnd(byte[] bs) { + // Initial state true to deal with empty header + boolean newline = true; // just met a newline + int len = bs.length; + for (int i=0; i<len; i++) { + switch (bs[i]) { + case '\r': + if (i < len - 1 && bs[i+1] == '\n') i++; + // fallthrough + case '\n': + if (newline) return i+1; //+1 to get length + newline = true; + break; + default: + newline = false; + } + } + // If header end is not found, it means the MANIFEST.MF has only + // the main attributes section and it does not end with 2 newlines. + // Returns the whole length so that it can be completely replaced. + return len; + } + + /** + * signature-related files include: + * . META-INF/MANIFEST.MF + * . META-INF/SIG-* + * . META-INF/*.SF + * . META-INF/*.DSA + * . META-INF/*.RSA + * . META-INF/*.EC + */ + private boolean signatureRelated(String name) { + return SignatureFileVerifier.isSigningRelated(name); + } + + Map<CodeSigner,String> cacheForSignerInfo = new IdentityHashMap<>(); + + /** + * Returns a string of singer info, with a newline at the end + */ + private String signerInfo(CodeSigner signer, String tab) { + if (cacheForSignerInfo.containsKey(signer)) { + return cacheForSignerInfo.get(signer); + } + StringBuffer s = new StringBuffer(); + List<? extends Certificate> certs = signer.getSignerCertPath().getCertificates(); + // display the signature timestamp, if present + Date timestamp; + Timestamp ts = signer.getTimestamp(); + if (ts != null) { + s.append(printTimestamp(tab, ts)); + s.append('\n'); + timestamp = ts.getTimestamp(); + } else { + timestamp = null; + noTimestamp = true; + } + // display the certificate(s). The first one is end-entity cert and + // its KeyUsage should be checked. + boolean first = true; + for (Certificate c : certs) { + s.append(printCert(tab, c, true, timestamp, first)); + s.append('\n'); + first = false; + } + try { + validateCertChain(certs); + } catch (Exception e) { + if (debug) { + e.printStackTrace(); + } + if (e.getCause() != null && + (e.getCause() instanceof CertificateExpiredException || + e.getCause() instanceof CertificateNotYetValidException)) { + // No more warning, we alreay have hasExpiredCert or notYetValidCert + } else { + chainNotValidated = true; + s.append(tab + rb.getString(".CertPath.not.validated.") + + e.getLocalizedMessage() + "]\n"); // TODO + } + } + String result = s.toString(); + cacheForSignerInfo.put(signer, result); + return result; + } + + private void writeEntry(ZipFile zf, ZipOutputStream os, ZipEntry ze) + throws IOException + { + ZipEntry ze2 = new ZipEntry(ze.getName()); + ze2.setMethod(ze.getMethod()); + ze2.setTime(ze.getTime()); + ze2.setComment(ze.getComment()); + ze2.setExtra(ze.getExtra()); + if (ze.getMethod() == ZipEntry.STORED) { + ze2.setSize(ze.getSize()); + ze2.setCrc(ze.getCrc()); + } + os.putNextEntry(ze2); + writeBytes(zf, ze, os); + } + + /** + * Writes all the bytes for a given entry to the specified output stream. + */ + private synchronized void writeBytes + (ZipFile zf, ZipEntry ze, ZipOutputStream os) throws IOException { + int n; + + InputStream is = null; + try { + is = zf.getInputStream(ze); + long left = ze.getSize(); + + while((left > 0) && (n = is.read(buffer, 0, buffer.length)) != -1) { + os.write(buffer, 0, n); + left -= n; + } + } finally { + if (is != null) { + is.close(); + } + } + } + + void loadKeyStore(String keyStoreName, boolean prompt) { + + if (!nullStream && keyStoreName == null) { + keyStoreName = System.getProperty("user.home") + File.separator + + ".keystore"; + } + + try { + + certificateFactory = CertificateFactory.getInstance("X.509"); + validator = CertPathValidator.getInstance("PKIX"); + Set<TrustAnchor> tas = new HashSet<>(); + try { + KeyStore caks = KeyStoreUtil.getCacertsKeyStore(); + if (caks != null) { + Enumeration<String> aliases = caks.aliases(); + while (aliases.hasMoreElements()) { + String a = aliases.nextElement(); + try { + tas.add(new TrustAnchor((X509Certificate)caks.getCertificate(a), null)); + } catch (Exception e2) { + // ignore, when a SecretkeyEntry does not include a cert + } + } + } + } catch (Exception e) { + // Ignore, if cacerts cannot be loaded + } + + if (providerName == null) { + store = KeyStore.getInstance(storetype); + } else { + store = KeyStore.getInstance(storetype, providerName); + } + + // Get pass phrase + // XXX need to disable echo; on UNIX, call getpass(char *prompt)Z + // and on NT call ?? + if (token && storepass == null && !protectedPath + && !KeyStoreUtil.isWindowsKeyStore(storetype)) { + storepass = getPass + (rb.getString("Enter.Passphrase.for.keystore.")); + } else if (!token && storepass == null && prompt) { + storepass = getPass + (rb.getString("Enter.Passphrase.for.keystore.")); + } + + try { + if (nullStream) { + store.load(null, storepass); + } else { + keyStoreName = keyStoreName.replace(File.separatorChar, '/'); + URL url = null; + try { + url = new URL(keyStoreName); + } catch (java.net.MalformedURLException e) { + // try as file + url = new File(keyStoreName).toURI().toURL(); + } + InputStream is = null; + try { + is = url.openStream(); + store.load(is, storepass); + } finally { + if (is != null) { + is.close(); + } + } + } + Enumeration<String> aliases = store.aliases(); + while (aliases.hasMoreElements()) { + String a = aliases.nextElement(); + try { + X509Certificate c = (X509Certificate)store.getCertificate(a); + // Only add TrustedCertificateEntry and self-signed + // PrivateKeyEntry + if (store.isCertificateEntry(a) || + c.getSubjectDN().equals(c.getIssuerDN())) { + tas.add(new TrustAnchor(c, null)); + } + } catch (Exception e2) { + // ignore, when a SecretkeyEntry does not include a cert + } + } + } finally { + try { + pkixParameters = new PKIXParameters(tas); + pkixParameters.setRevocationEnabled(false); + } catch (InvalidAlgorithmParameterException ex) { + // Only if tas is empty + } + } + } catch (IOException ioe) { + throw new RuntimeException(rb.getString("keystore.load.") + + ioe.getMessage()); + } catch (java.security.cert.CertificateException ce) { + throw new RuntimeException(rb.getString("certificate.exception.") + + ce.getMessage()); + } catch (NoSuchProviderException pe) { + throw new RuntimeException(rb.getString("keystore.load.") + + pe.getMessage()); + } catch (NoSuchAlgorithmException nsae) { + throw new RuntimeException(rb.getString("keystore.load.") + + nsae.getMessage()); + } catch (KeyStoreException kse) { + throw new RuntimeException + (rb.getString("unable.to.instantiate.keystore.class.") + + kse.getMessage()); + } + } + + X509Certificate getTsaCert(String alias) { + + java.security.cert.Certificate cs = null; + + try { + cs = store.getCertificate(alias); + } catch (KeyStoreException kse) { + // this never happens, because keystore has been loaded + } + if (cs == null || (!(cs instanceof X509Certificate))) { + MessageFormat form = new MessageFormat(rb.getString + ("Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the")); + Object[] source = {alias, alias}; + error(form.format(source)); + } + return (X509Certificate) cs; + } + + /** + * Check if userCert is designed to be a code signer + * @param userCert the certificate to be examined + * @param bad 3 booleans to show if the KeyUsage, ExtendedKeyUsage, + * NetscapeCertType has codeSigning flag turned on. + * If null, the class field badKeyUsage, badExtendedKeyUsage, + * badNetscapeCertType will be set. + */ + void checkCertUsage(X509Certificate userCert, boolean[] bad) { + + // Can act as a signer? + // 1. if KeyUsage, then [0:digitalSignature] or + // [1:nonRepudiation] should be true + // 2. if ExtendedKeyUsage, then should contains ANY or CODE_SIGNING + // 3. if NetscapeCertType, then should contains OBJECT_SIGNING + // 1,2,3 must be true + + if (bad != null) { + bad[0] = bad[1] = bad[2] = false; + } + + boolean[] keyUsage = userCert.getKeyUsage(); + if (keyUsage != null) { + keyUsage = Arrays.copyOf(keyUsage, 9); + if (!keyUsage[0] && !keyUsage[1]) { + if (bad != null) { + bad[0] = true; + badKeyUsage = true; + } + } + } + + try { + List<String> xKeyUsage = userCert.getExtendedKeyUsage(); + if (xKeyUsage != null) { + if (!xKeyUsage.contains("2.5.29.37.0") // anyExtendedKeyUsage + && !xKeyUsage.contains("1.3.6.1.5.5.7.3.3")) { // codeSigning + if (bad != null) { + bad[1] = true; + badExtendedKeyUsage = true; + } + } + } + } catch (java.security.cert.CertificateParsingException e) { + // shouldn't happen + } + + try { + // OID_NETSCAPE_CERT_TYPE + byte[] netscapeEx = userCert.getExtensionValue + ("2.16.840.1.113730.1.1"); + if (netscapeEx != null) { + DerInputStream in = new DerInputStream(netscapeEx); + byte[] encoded = in.getOctetString(); + encoded = new DerValue(encoded).getUnalignedBitString() + .toByteArray(); + + NetscapeCertTypeExtension extn = + new NetscapeCertTypeExtension(encoded); + + Boolean val = extn.get(NetscapeCertTypeExtension.OBJECT_SIGNING); + if (!val) { + if (bad != null) { + bad[2] = true; + badNetscapeCertType = true; + } + } + } + } catch (IOException e) { + // + } + } + + void getAliasInfo(String alias) { + + Key key = null; + + try { + java.security.cert.Certificate[] cs = null; + if (altCertChain != null) { + try { + cs = CertificateFactory.getInstance("X.509"). + generateCertificates(new FileInputStream(altCertChain)). + toArray(new Certificate[0]); + } catch (CertificateException ex) { + error(rb.getString("Cannot.restore.certchain.from.file.specified")); + } catch (FileNotFoundException ex) { + error(rb.getString("File.specified.by.certchain.does.not.exist")); + } + } else { + try { + cs = store.getCertificateChain(alias); + } catch (KeyStoreException kse) { + // this never happens, because keystore has been loaded + } + } + if (cs == null || cs.length == 0) { + if (altCertChain != null) { + error(rb.getString + ("Certificate.chain.not.found.in.the.file.specified.")); + } else { + MessageFormat form = new MessageFormat(rb.getString + ("Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and")); + Object[] source = {alias, alias}; + error(form.format(source)); + } + } + + certChain = new X509Certificate[cs.length]; + for (int i=0; i<cs.length; i++) { + if (!(cs[i] instanceof X509Certificate)) { + error(rb.getString + ("found.non.X.509.certificate.in.signer.s.chain")); + } + certChain[i] = (X509Certificate)cs[i]; + } + + // We don't meant to print anything, the next call + // checks validity and keyUsage etc + printCert("", certChain[0], true, null, true); + + try { + validateCertChain(Arrays.asList(certChain)); + } catch (Exception e) { + if (debug) { + e.printStackTrace(); + } + if (e.getCause() != null && + (e.getCause() instanceof CertificateExpiredException || + e.getCause() instanceof CertificateNotYetValidException)) { + // No more warning, we alreay have hasExpiredCert or notYetValidCert + } else { + chainNotValidated = true; + } + } + + try { + if (!token && keypass == null) + key = store.getKey(alias, storepass); + else + key = store.getKey(alias, keypass); + } catch (UnrecoverableKeyException e) { + if (token) { + throw e; + } else if (keypass == null) { + // Did not work out, so prompt user for key password + MessageFormat form = new MessageFormat(rb.getString + ("Enter.key.password.for.alias.")); + Object[] source = {alias}; + keypass = getPass(form.format(source)); + key = store.getKey(alias, keypass); + } + } + } catch (NoSuchAlgorithmException e) { + error(e.getMessage()); + } catch (UnrecoverableKeyException e) { + error(rb.getString("unable.to.recover.key.from.keystore")); + } catch (KeyStoreException kse) { + // this never happens, because keystore has been loaded + } + + if (!(key instanceof PrivateKey)) { + MessageFormat form = new MessageFormat(rb.getString + ("key.associated.with.alias.not.a.private.key")); + Object[] source = {alias}; + error(form.format(source)); + } else { + privateKey = (PrivateKey)key; + } + } + + void error(String message) + { + System.out.println(rb.getString("jarsigner.")+message); + System.exit(1); + } + + + void error(String message, Exception e) + { + System.out.println(rb.getString("jarsigner.")+message); + if (debug) { + e.printStackTrace(); + } + System.exit(1); + } + + void validateCertChain(List<? extends Certificate> certs) throws Exception { + int cpLen = 0; + out: for (; cpLen<certs.size(); cpLen++) { + for (TrustAnchor ta: pkixParameters.getTrustAnchors()) { + if (ta.getTrustedCert().equals(certs.get(cpLen))) { + break out; + } + } + } + if (cpLen > 0) { + CertPath cp = certificateFactory.generateCertPath( + (cpLen == certs.size())? certs: certs.subList(0, cpLen)); + validator.validate(cp, pkixParameters); + } + } + + char[] getPass(String prompt) + { + System.err.print(prompt); + System.err.flush(); + try { + char[] pass = Password.readPassword(System.in); + + if (pass == null) { + error(rb.getString("you.must.enter.key.password")); + } else { + return pass; + } + } catch (IOException ioe) { + error(rb.getString("unable.to.read.password.")+ioe.getMessage()); + } + // this shouldn't happen + return null; + } + + /* + * Reads all the bytes for a given zip entry. + */ + private synchronized byte[] getBytes(ZipFile zf, + ZipEntry ze) throws IOException { + int n; + + InputStream is = null; + try { + is = zf.getInputStream(ze); + baos.reset(); + long left = ze.getSize(); + + while((left > 0) && (n = is.read(buffer, 0, buffer.length)) != -1) { + baos.write(buffer, 0, n); + left -= n; + } + } finally { + if (is != null) { + is.close(); + } + } + + return baos.toByteArray(); + } + + /* + * Returns manifest entry from given jar file, or null if given jar file + * does not have a manifest entry. + */ + private ZipEntry getManifestFile(ZipFile zf) { + ZipEntry ze = zf.getEntry(JarFile.MANIFEST_NAME); + if (ze == null) { + // Check all entries for matching name + Enumeration<? extends ZipEntry> enum_ = zf.entries(); + while (enum_.hasMoreElements() && ze == null) { + ze = enum_.nextElement(); + if (!JarFile.MANIFEST_NAME.equalsIgnoreCase + (ze.getName())) { + ze = null; + } + } + } + return ze; + } + + /* + * Computes the digests of a zip entry, and returns them as an array + * of base64-encoded strings. + */ + private synchronized String[] getDigests(ZipEntry ze, ZipFile zf, + MessageDigest[] digests, + BASE64Encoder encoder) + throws IOException { + + int n, i; + InputStream is = null; + try { + is = zf.getInputStream(ze); + long left = ze.getSize(); + while((left > 0) + && (n = is.read(buffer, 0, buffer.length)) != -1) { + for (i=0; i<digests.length; i++) { + digests[i].update(buffer, 0, n); + } + left -= n; + } + } finally { + if (is != null) { + is.close(); + } + } + + // complete the digests + String[] base64Digests = new String[digests.length]; + for (i=0; i<digests.length; i++) { + base64Digests[i] = encoder.encode(digests[i].digest()); + } + return base64Digests; + } + + /* + * Computes the digests of a zip entry, and returns them as a list of + * attributes + */ + private Attributes getDigestAttributes(ZipEntry ze, ZipFile zf, + MessageDigest[] digests, + BASE64Encoder encoder) + throws IOException { + + String[] base64Digests = getDigests(ze, zf, digests, encoder); + Attributes attrs = new Attributes(); + + for (int i=0; i<digests.length; i++) { + attrs.putValue(digests[i].getAlgorithm()+"-Digest", + base64Digests[i]); + } + return attrs; + } + + /* + * Updates the digest attributes of a manifest entry, by adding or + * replacing digest values. + * A digest value is added if the manifest entry does not contain a digest + * for that particular algorithm. + * A digest value is replaced if it is obsolete. + * + * Returns true if the manifest entry has been changed, and false + * otherwise. + */ + private boolean updateDigests(ZipEntry ze, ZipFile zf, + MessageDigest[] digests, + BASE64Encoder encoder, + Manifest mf) throws IOException { + boolean update = false; + + Attributes attrs = mf.getAttributes(ze.getName()); + String[] base64Digests = getDigests(ze, zf, digests, encoder); + + for (int i=0; i<digests.length; i++) { + // The entry name to be written into attrs + String name = null; + try { + // Find if the digest already exists + AlgorithmId aid = AlgorithmId.get(digests[i].getAlgorithm()); + for (Object key: attrs.keySet()) { + if (key instanceof Attributes.Name) { + String n = ((Attributes.Name)key).toString(); + if (n.toUpperCase(Locale.ENGLISH).endsWith("-DIGEST")) { + String tmp = n.substring(0, n.length() - 7); + if (AlgorithmId.get(tmp).equals(aid)) { + name = n; + break; + } + } + } + } + } catch (NoSuchAlgorithmException nsae) { + // Ignored. Writing new digest entry. + } + + if (name == null) { + name = digests[i].getAlgorithm()+"-Digest"; + attrs.putValue(name, base64Digests[i]); + update=true; + } else { + // compare digests, and replace the one in the manifest + // if they are different + String mfDigest = attrs.getValue(name); + if (!mfDigest.equalsIgnoreCase(base64Digests[i])) { + attrs.putValue(name, base64Digests[i]); + update=true; + } + } + } + return update; + } + + /* + * Try to load the specified signing mechanism. + * The URL class loader is used. + */ + private ContentSigner loadSigningMechanism(String signerClassName, + String signerClassPath) throws Exception { + + // construct class loader + String cpString = null; // make sure env.class.path defaults to dot + + // do prepends to get correct ordering + cpString = PathList.appendPath(System.getProperty("env.class.path"), cpString); + cpString = PathList.appendPath(System.getProperty("java.class.path"), cpString); + cpString = PathList.appendPath(signerClassPath, cpString); + URL[] urls = PathList.pathToURLs(cpString); + ClassLoader appClassLoader = new URLClassLoader(urls); + + // attempt to find signer + Class<?> signerClass = appClassLoader.loadClass(signerClassName); + + // Check that it implements ContentSigner + Object signer = signerClass.newInstance(); + if (!(signer instanceof ContentSigner)) { + MessageFormat form = new MessageFormat( + rb.getString("signerClass.is.not.a.signing.mechanism")); + Object[] source = {signerClass.getName()}; + throw new IllegalArgumentException(form.format(source)); + } + return (ContentSigner)signer; + } +} + +/** + * This is a BASE64Encoder that does not insert a default newline at the end of + * every output line. This is necessary because java.util.jar does its own + * line management (see Manifest.make72Safe()). Inserting additional new lines + * can cause line-wrapping problems (see CR 6219522). + */ +class JarBASE64Encoder extends BASE64Encoder { + /** + * Encode the suffix that ends every output line. + */ + protected void encodeLineSuffix(OutputStream aStream) throws IOException { } +} + +class SignatureFile { + + /** SignatureFile */ + Manifest sf; + + /** .SF base name */ + String baseName; + + public SignatureFile(MessageDigest digests[], + Manifest mf, + ManifestDigester md, + String baseName, + boolean signManifest) + + { + this.baseName = baseName; + + String version = System.getProperty("java.version"); + String javaVendor = System.getProperty("java.vendor"); + + sf = new Manifest(); + Attributes mattr = sf.getMainAttributes(); + BASE64Encoder encoder = new JarBASE64Encoder(); + + mattr.putValue(Attributes.Name.SIGNATURE_VERSION.toString(), "1.0"); + mattr.putValue("Created-By", version + " (" + javaVendor + ")"); + + if (signManifest) { + // sign the whole manifest + for (int i=0; i < digests.length; i++) { + mattr.putValue(digests[i].getAlgorithm()+"-Digest-Manifest", + encoder.encode(md.manifestDigest(digests[i]))); + } + } + + // create digest of the manifest main attributes + ManifestDigester.Entry mde = + md.get(ManifestDigester.MF_MAIN_ATTRS, false); + if (mde != null) { + for (int i=0; i < digests.length; i++) { + mattr.putValue(digests[i].getAlgorithm() + + "-Digest-" + ManifestDigester.MF_MAIN_ATTRS, + encoder.encode(mde.digest(digests[i]))); + } + } else { + throw new IllegalStateException + ("ManifestDigester failed to create " + + "Manifest-Main-Attribute entry"); + } + + /* go through the manifest entries and create the digests */ + + Map<String,Attributes> entries = sf.getEntries(); + Iterator<Map.Entry<String,Attributes>> mit = + mf.getEntries().entrySet().iterator(); + while(mit.hasNext()) { + Map.Entry<String,Attributes> e = mit.next(); + String name = e.getKey(); + mde = md.get(name, false); + if (mde != null) { + Attributes attr = new Attributes(); + for (int i=0; i < digests.length; i++) { + attr.putValue(digests[i].getAlgorithm()+"-Digest", + encoder.encode(mde.digest(digests[i]))); + } + entries.put(name, attr); + } + } + } + + /** + * Writes the SignatureFile to the specified OutputStream. + * + * @param out the output stream + * @exception IOException if an I/O error has occurred + */ + + public void write(OutputStream out) throws IOException + { + sf.write(out); + } + + /** + * get .SF file name + */ + public String getMetaName() + { + return "META-INF/"+ baseName + ".SF"; + } + + /** + * get base file name + */ + public String getBaseName() + { + return baseName; + } + + /* + * Generate a signed data block. + * If a URL or a certificate (containing a URL) for a Timestamping + * Authority is supplied then a signature timestamp is generated and + * inserted into the signed data block. + * + * @param sigalg signature algorithm to use, or null to use default + * @param tsaUrl The location of the Timestamping Authority. If null + * then no timestamp is requested. + * @param tsaCert The certificate for the Timestamping Authority. If null + * then no timestamp is requested. + * @param signingMechanism The signing mechanism to use. + * @param args The command-line arguments to jarsigner. + * @param zipFile The original source Zip file. + */ + public Block generateBlock(PrivateKey privateKey, + String sigalg, + X509Certificate[] certChain, + boolean externalSF, String tsaUrl, + X509Certificate tsaCert, + String tSAPolicyID, + String tSADigestAlg, + ContentSigner signingMechanism, + String[] args, ZipFile zipFile) + throws NoSuchAlgorithmException, InvalidKeyException, IOException, + SignatureException, CertificateException + { + return new Block(this, privateKey, sigalg, certChain, externalSF, + tsaUrl, tsaCert, tSAPolicyID, tSADigestAlg, signingMechanism, args, zipFile); + } + + + public static class Block { + + private byte[] block; + private String blockFileName; + + /* + * Construct a new signature block. + */ + Block(SignatureFile sfg, PrivateKey privateKey, String sigalg, + X509Certificate[] certChain, boolean externalSF, String tsaUrl, + X509Certificate tsaCert, String tSAPolicyID, String tSADigestAlg, + ContentSigner signingMechanism, String[] args, ZipFile zipFile) + throws NoSuchAlgorithmException, InvalidKeyException, IOException, + SignatureException, CertificateException { + + Principal issuerName = certChain[0].getIssuerDN(); + if (!(issuerName instanceof X500Name)) { + // must extract the original encoded form of DN for subsequent + // name comparison checks (converting to a String and back to + // an encoded DN could cause the types of String attribute + // values to be changed) + X509CertInfo tbsCert = new + X509CertInfo(certChain[0].getTBSCertificate()); + issuerName = (Principal) + tbsCert.get(CertificateIssuerName.NAME + "." + + CertificateIssuerName.DN_NAME); + } + BigInteger serial = certChain[0].getSerialNumber(); + + String signatureAlgorithm; + String keyAlgorithm = privateKey.getAlgorithm(); + /* + * If no signature algorithm was specified, we choose a + * default that is compatible with the private key algorithm. + */ + if (sigalg == null) { + + if (keyAlgorithm.equalsIgnoreCase("DSA")) + signatureAlgorithm = "SHA1withDSA"; + else if (keyAlgorithm.equalsIgnoreCase("RSA")) + signatureAlgorithm = "SHA256withRSA"; + else if (keyAlgorithm.equalsIgnoreCase("EC")) + signatureAlgorithm = "SHA256withECDSA"; + else + throw new RuntimeException("private key is not a DSA or " + + "RSA key"); + } else { + signatureAlgorithm = sigalg; + } + + // check common invalid key/signature algorithm combinations + String sigAlgUpperCase = signatureAlgorithm.toUpperCase(Locale.ENGLISH); + if ((sigAlgUpperCase.endsWith("WITHRSA") && + !keyAlgorithm.equalsIgnoreCase("RSA")) || + (sigAlgUpperCase.endsWith("WITHECDSA") && + !keyAlgorithm.equalsIgnoreCase("EC")) || + (sigAlgUpperCase.endsWith("WITHDSA") && + !keyAlgorithm.equalsIgnoreCase("DSA"))) { + throw new SignatureException + ("private key algorithm is not compatible with signature algorithm"); + } + + blockFileName = "META-INF/"+sfg.getBaseName()+"."+keyAlgorithm; + + AlgorithmId sigAlg = AlgorithmId.get(signatureAlgorithm); + AlgorithmId digEncrAlg = AlgorithmId.get(keyAlgorithm); + + Signature sig = Signature.getInstance(signatureAlgorithm); + sig.initSign(privateKey); + + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + sfg.write(baos); + + byte[] content = baos.toByteArray(); + + sig.update(content); + byte[] signature = sig.sign(); + + // Timestamp the signature and generate the signature block file + if (signingMechanism == null) { + signingMechanism = new TimestampedSigner(); + } + URI tsaUri = null; + try { + if (tsaUrl != null) { + tsaUri = new URI(tsaUrl); + } + } catch (URISyntaxException e) { + throw new IOException(e); + } + + // Assemble parameters for the signing mechanism + ContentSignerParameters params = + new JarSignerParameters(args, tsaUri, tsaCert, tSAPolicyID, + tSADigestAlg, signature, + signatureAlgorithm, certChain, content, zipFile); + + // Generate the signature block + block = signingMechanism.generateSignedData( + params, externalSF, (tsaUrl != null || tsaCert != null)); + } + + /* + * get block file name. + */ + public String getMetaName() + { + return blockFileName; + } + + /** + * Writes the block file to the specified OutputStream. + * + * @param out the output stream + * @exception IOException if an I/O error has occurred + */ + + public void write(OutputStream out) throws IOException + { + out.write(block); + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/jarsigner/Resources.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,259 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.jarsigner; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for JarSigner. + * + */ +public class Resources extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + + // shared (from jarsigner) + {"SPACE", " "}, + {"2SPACE", " "}, + {"6SPACE", " "}, + {"COMMA", ", "}, + + {"provName.not.a.provider", "{0} not a provider"}, + {"signerClass.is.not.a.signing.mechanism", "{0} is not a signing mechanism"}, + {"jarsigner.error.", "jarsigner error: "}, + {"Illegal.option.", "Illegal option: "}, + {".keystore.must.be.NONE.if.storetype.is.{0}", + "-keystore must be NONE if -storetype is {0}"}, + {".keypass.can.not.be.specified.if.storetype.is.{0}", + "-keypass can not be specified if -storetype is {0}"}, + {"If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified", + "If -protected is specified, then -storepass and -keypass must not be specified"}, + {"If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified", + "If keystore is not password protected, then -storepass and -keypass must not be specified"}, + {"Usage.jarsigner.options.jar.file.alias", + "Usage: jarsigner [options] jar-file alias"}, + {".jarsigner.verify.options.jar.file.alias.", + " jarsigner -verify [options] jar-file [alias...]"}, + {".keystore.url.keystore.location", + "[-keystore <url>] keystore location"}, + {".storepass.password.password.for.keystore.integrity", + "[-storepass <password>] password for keystore integrity"}, + {".storetype.type.keystore.type", + "[-storetype <type>] keystore type"}, + {".keypass.password.password.for.private.key.if.different.", + "[-keypass <password>] password for private key (if different)"}, + {".certchain.file.name.of.alternative.certchain.file", + "[-certchain <file>] name of alternative certchain file"}, + {".sigfile.file.name.of.SF.DSA.file", + "[-sigfile <file>] name of .SF/.DSA file"}, + {".signedjar.file.name.of.signed.JAR.file", + "[-signedjar <file>] name of signed JAR file"}, + {".digestalg.algorithm.name.of.digest.algorithm", + "[-digestalg <algorithm>] name of digest algorithm"}, + {".sigalg.algorithm.name.of.signature.algorithm", + "[-sigalg <algorithm>] name of signature algorithm"}, + {".verify.verify.a.signed.JAR.file", + "[-verify] verify a signed JAR file"}, + {".verbose.suboptions.verbose.output.when.signing.verifying.", + "[-verbose[:suboptions]] verbose output when signing/verifying."}, + {".suboptions.can.be.all.grouped.or.summary", + " suboptions can be all, grouped or summary"}, + {".certs.display.certificates.when.verbose.and.verifying", + "[-certs] display certificates when verbose and verifying"}, + {".tsa.url.location.of.the.Timestamping.Authority", + "[-tsa <url>] location of the Timestamping Authority"}, + {".tsacert.alias.public.key.certificate.for.Timestamping.Authority", + "[-tsacert <alias>] public key certificate for Timestamping Authority"}, + {".tsapolicyid.tsapolicyid.for.Timestamping.Authority", + "[-tsapolicyid <oid>] TSAPolicyID for Timestamping Authority"}, + {".tsadigestalg.algorithm.of.digest.data.in.timestamping.request", + "[-tsadigestalg <algorithm>] algorithm of digest data in timestamping request"}, + {".altsigner.class.class.name.of.an.alternative.signing.mechanism", + "[-altsigner <class>] class name of an alternative signing mechanism"}, + {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism", + "[-altsignerpath <pathlist>] location of an alternative signing mechanism"}, + {".internalsf.include.the.SF.file.inside.the.signature.block", + "[-internalsf] include the .SF file inside the signature block"}, + {".sectionsonly.don.t.compute.hash.of.entire.manifest", + "[-sectionsonly] don't compute hash of entire manifest"}, + {".protected.keystore.has.protected.authentication.path", + "[-protected] keystore has protected authentication path"}, + {".providerName.name.provider.name", + "[-providerName <name>] provider name"}, + {".providerClass.class.name.of.cryptographic.service.provider.s", + "[-providerClass <class> name of cryptographic service provider's"}, + {".providerArg.arg.master.class.file.and.constructor.argument", + " [-providerArg <arg>]] ... master class file and constructor argument"}, + {".strict.treat.warnings.as.errors", + "[-strict] treat warnings as errors"}, + {"Option.lacks.argument", "Option lacks argument"}, + {"Please.type.jarsigner.help.for.usage", "Please type jarsigner -help for usage"}, + {"Please.specify.jarfile.name", "Please specify jarfile name"}, + {"Please.specify.alias.name", "Please specify alias name"}, + {"Only.one.alias.can.be.specified", "Only one alias can be specified"}, + {"This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es.", + "This jar contains signed entries which are not signed by the specified alias(es)."}, + {"This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore.", + "This jar contains signed entries that are not signed by alias in this keystore."}, + {"s", "s"}, + {"m", "m"}, + {"k", "k"}, + {"i", "i"}, + {".and.d.more.", "(and %d more)"}, + {".s.signature.was.verified.", + " s = signature was verified "}, + {".m.entry.is.listed.in.manifest", + " m = entry is listed in manifest"}, + {".k.at.least.one.certificate.was.found.in.keystore", + " k = at least one certificate was found in keystore"}, + {".i.at.least.one.certificate.was.found.in.identity.scope", + " i = at least one certificate was found in identity scope"}, + {".X.not.signed.by.specified.alias.es.", + " X = not signed by specified alias(es)"}, + {"no.manifest.", "no manifest."}, + {".Signature.related.entries.","(Signature related entries)"}, + {".Unsigned.entries.", "(Unsigned entries)"}, + {"jar.is.unsigned.signatures.missing.or.not.parsable.", + "jar is unsigned. (signatures missing or not parsable)"}, + {"jar.signed.", "jar signed."}, + {"jar.signed.with.signer.errors.", "jar signed, with signer errors."}, + {"jar.verified.", "jar verified."}, + {"jar.verified.with.signer.errors.", "jar verified, with signer errors."}, + {"jarsigner.", "jarsigner: "}, + {"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.", + "signature filename must consist of the following characters: A-Z, 0-9, _ or -"}, + {"unable.to.open.jar.file.", "unable to open jar file: "}, + {"unable.to.create.", "unable to create: "}, + {".adding.", " adding: "}, + {".updating.", " updating: "}, + {".signing.", " signing: "}, + {"attempt.to.rename.signedJarFile.to.jarFile.failed", + "attempt to rename {0} to {1} failed"}, + {"attempt.to.rename.jarFile.to.origJar.failed", + "attempt to rename {0} to {1} failed"}, + {"unable.to.sign.jar.", "unable to sign jar: "}, + {"Enter.Passphrase.for.keystore.", "Enter Passphrase for keystore: "}, + {"keystore.load.", "keystore load: "}, + {"certificate.exception.", "certificate exception: "}, + {"unable.to.instantiate.keystore.class.", + "unable to instantiate keystore class: "}, + {"Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and", + "Certificate chain not found for: {0}. {1} must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain."}, + {"File.specified.by.certchain.does.not.exist", + "File specified by -certchain does not exist"}, + {"Cannot.restore.certchain.from.file.specified", + "Cannot restore certchain from file specified"}, + {"Certificate.chain.not.found.in.the.file.specified.", + "Certificate chain not found in the file specified."}, + {"found.non.X.509.certificate.in.signer.s.chain", + "found non-X.509 certificate in signer's chain"}, + {"incomplete.certificate.chain", "incomplete certificate chain"}, + {"Enter.key.password.for.alias.", "Enter key password for {0}: "}, + {"unable.to.recover.key.from.keystore", + "unable to recover key from keystore"}, + {"key.associated.with.alias.not.a.private.key", + "key associated with {0} not a private key"}, + {"you.must.enter.key.password", "you must enter key password"}, + {"unable.to.read.password.", "unable to read password: "}, + {"certificate.is.valid.from", "certificate is valid from {0} to {1}"}, + {"certificate.expired.on", "certificate expired on {0}"}, + {"certificate.is.not.valid.until", + "certificate is not valid until {0}"}, + {"certificate.will.expire.on", "certificate will expire on {0}"}, + {".CertPath.not.validated.", "[CertPath not validated: "}, + {"requesting.a.signature.timestamp", + "requesting a signature timestamp"}, + {"TSA.location.", "TSA location: "}, + {"TSA.certificate.", "TSA certificate: "}, + {"no.response.from.the.Timestamping.Authority.", + "no response from the Timestamping Authority. When connecting" + + " from behind a firewall an HTTP or HTTPS proxy may need to" + + " be specified. Supply the following options to jarsigner:"}, + {"or", "or"}, + {"Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the", + "Certificate not found for: {0}. {1} must reference a valid KeyStore entry containing an X.509 public key certificate for the Timestamping Authority."}, + {"using.an.alternative.signing.mechanism", + "using an alternative signing mechanism"}, + {"entry.was.signed.on", "entry was signed on {0}"}, + {"Warning.", "Warning: "}, + {"Error.", "Error: "}, + {"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.", + "This jar contains unsigned entries which have not been integrity-checked. "}, + {"This.jar.contains.entries.whose.signer.certificate.has.expired.", + "This jar contains entries whose signer certificate has expired. "}, + {"This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months.", + "This jar contains entries whose signer certificate will expire within six months. "}, + {"This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid.", + "This jar contains entries whose signer certificate is not yet valid. "}, + {"Re.run.with.the.verbose.option.for.more.details.", + "Re-run with the -verbose option for more details."}, + {"Re.run.with.the.verbose.and.certs.options.for.more.details.", + "Re-run with the -verbose and -certs options for more details."}, + {"The.signer.certificate.has.expired.", + "The signer certificate has expired."}, + {"The.signer.certificate.will.expire.within.six.months.", + "The signer certificate will expire within six months."}, + {"The.signer.certificate.is.not.yet.valid.", + "The signer certificate is not yet valid."}, + {"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.", + "The signer certificate's KeyUsage extension doesn't allow code signing."}, + {"The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.", + "The signer certificate's ExtendedKeyUsage extension doesn't allow code signing."}, + {"The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.", + "The signer certificate's NetscapeCertType extension doesn't allow code signing."}, + {"This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.", + "This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing."}, + {"This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.", + "This jar contains entries whose signer certificate's ExtendedKeyUsage extension doesn't allow code signing."}, + {"This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.", + "This jar contains entries whose signer certificate's NetscapeCertType extension doesn't allow code signing."}, + {".{0}.extension.does.not.support.code.signing.", + "[{0} extension does not support code signing]"}, + {"The.signer.s.certificate.chain.is.not.validated.", + "The signer's certificate chain is not validated."}, + {"This.jar.contains.entries.whose.certificate.chain.is.not.validated.", + "This jar contains entries whose certificate chain is not validated."}, + {"Unknown.password.type.", "Unknown password type: "}, + {"Cannot.find.environment.variable.", + "Cannot find environment variable: "}, + {"Cannot.find.file.", "Cannot find file: "}, + {"no.timestamp.signing", + "No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td) or after any future revocation date."}, + {"no.timestamp.verifying", + "This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td) or after any future revocation date."}, + }; + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/jarsigner/Resources_ja.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,257 @@ +/* + * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.jarsigner; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for JarSigner. + * + */ +public class Resources_ja extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + + // shared (from jarsigner) + {"SPACE", " "}, + {"2SPACE", " "}, + {"6SPACE", " "}, + {"COMMA", ", "}, + + {"provName.not.a.provider", "{0}\u306F\u30D7\u30ED\u30D0\u30A4\u30C0\u3067\u306F\u3042\u308A\u307E\u305B\u3093"}, + {"signerClass.is.not.a.signing.mechanism", "{0}\u306F\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u3067\u306F\u3042\u308A\u307E\u305B\u3093"}, + {"jarsigner.error.", "jarsigner\u30A8\u30E9\u30FC: "}, + {"Illegal.option.", "\u4E0D\u6B63\u306A\u30AA\u30D7\u30B7\u30E7\u30F3: "}, + {".keystore.must.be.NONE.if.storetype.is.{0}", + "-storetype\u304C{0}\u306E\u5834\u5408\u3001-keystore\u306FNONE\u3067\u3042\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, + {".keypass.can.not.be.specified.if.storetype.is.{0}", + "-storetype\u304C{0}\u306E\u5834\u5408\u3001-keypass\u306F\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093"}, + {"If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified", + "-protected\u3092\u6307\u5B9A\u3059\u308B\u5834\u5408\u306F\u3001-storepass\u304A\u3088\u3073-keypass\u3092\u6307\u5B9A\u3057\u306A\u3044\u3067\u304F\u3060\u3055\u3044"}, + {"If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified", + "\u30AD\u30FC\u30B9\u30C8\u30A2\u304C\u30D1\u30B9\u30EF\u30FC\u30C9\u3067\u4FDD\u8B77\u3055\u308C\u3066\u3044\u306A\u3044\u5834\u5408\u3001-storepass\u304A\u3088\u3073-keypass\u3092\u6307\u5B9A\u3057\u306A\u3044\u3067\u304F\u3060\u3055\u3044"}, + {"Usage.jarsigner.options.jar.file.alias", + "\u4F7F\u7528\u65B9\u6CD5: jarsigner [options] jar-file alias"}, + {".jarsigner.verify.options.jar.file.alias.", + " jarsigner -verify [options] jar-file [alias...]"}, + {".keystore.url.keystore.location", + "[-keystore <url>] \u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u4F4D\u7F6E"}, + {".storepass.password.password.for.keystore.integrity", + "[-storepass <password>] \u30AD\u30FC\u30B9\u30C8\u30A2\u6574\u5408\u6027\u306E\u305F\u3081\u306E\u30D1\u30B9\u30EF\u30FC\u30C9"}, + {".storetype.type.keystore.type", + "[-storetype <type>] \u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u578B"}, + {".keypass.password.password.for.private.key.if.different.", + "[-keypass <password>] \u79D8\u5BC6\u9375\u306E\u30D1\u30B9\u30EF\u30FC\u30C9(\u7570\u306A\u308B\u5834\u5408)"}, + {".certchain.file.name.of.alternative.certchain.file", + "[-certchain <file>] \u4EE3\u66FF\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u30FB\u30D5\u30A1\u30A4\u30EB\u306E\u540D\u524D"}, + {".sigfile.file.name.of.SF.DSA.file", + "[-sigfile <file>] .SF/.DSA\u30D5\u30A1\u30A4\u30EB\u306E\u540D\u524D"}, + {".signedjar.file.name.of.signed.JAR.file", + "[-signedjar <file>] \u7F72\u540D\u4ED8\u304DJAR\u30D5\u30A1\u30A4\u30EB\u306E\u540D\u524D"}, + {".digestalg.algorithm.name.of.digest.algorithm", + "[-digestalg <algorithm>] \u30C0\u30A4\u30B8\u30A7\u30B9\u30C8\u30FB\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u306E\u540D\u524D"}, + {".sigalg.algorithm.name.of.signature.algorithm", + "[-sigalg <algorithm>] \u7F72\u540D\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u306E\u540D\u524D"}, + {".verify.verify.a.signed.JAR.file", + "[-verify] \u7F72\u540D\u4ED8\u304DJAR\u30D5\u30A1\u30A4\u30EB\u306E\u691C\u8A3C"}, + {".verbose.suboptions.verbose.output.when.signing.verifying.", + "[-verbose[:suboptions]] \u7F72\u540D/\u691C\u8A3C\u6642\u306E\u8A73\u7D30\u51FA\u529B\u3002"}, + {".suboptions.can.be.all.grouped.or.summary", + " \u30B5\u30D6\u30AA\u30D7\u30B7\u30E7\u30F3\u3068\u3057\u3066\u3001all\u3001grouped\u307E\u305F\u306Fsummary\u3092\u4F7F\u7528\u3067\u304D\u307E\u3059"}, + {".certs.display.certificates.when.verbose.and.verifying", + "[-certs] \u8A73\u7D30\u51FA\u529B\u304A\u3088\u3073\u691C\u8A3C\u6642\u306B\u8A3C\u660E\u66F8\u3092\u8868\u793A"}, + {".tsa.url.location.of.the.Timestamping.Authority", + "[-tsa <url>] \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306E\u5834\u6240"}, + {".tsacert.alias.public.key.certificate.for.Timestamping.Authority", + "[-tsacert <alias>] \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306E\u516C\u958B\u9375\u8A3C\u660E\u66F8"}, + {".tsapolicyid.tsapolicyid.for.Timestamping.Authority", + "[-tsapolicyid <oid>] \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306ETSAPolicyID"}, + {".tsadigestalg.algorithm.of.digest.data.in.timestamping.request", + "[-tsadigestalg <algorithm>] \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u30FB\u30EA\u30AF\u30A8\u30B9\u30C8\u306E\u30C0\u30A4\u30B8\u30A7\u30B9\u30C8\u30FB\u30C7\u30FC\u30BF\u306E\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0"}, + {".altsigner.class.class.name.of.an.alternative.signing.mechanism", + "[-altsigner <class>] \u4EE3\u66FF\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u306E\u30AF\u30E9\u30B9\u540D"}, + {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism", + "[-altsignerpath <pathlist>] \u4EE3\u66FF\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u306E\u5834\u6240"}, + {".internalsf.include.the.SF.file.inside.the.signature.block", + "[-internalsf] \u7F72\u540D\u30D6\u30ED\u30C3\u30AF\u306B.SF\u30D5\u30A1\u30A4\u30EB\u3092\u542B\u3081\u308B"}, + {".sectionsonly.don.t.compute.hash.of.entire.manifest", + "[-sectionsonly] \u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u5168\u4F53\u306E\u30CF\u30C3\u30B7\u30E5\u306F\u8A08\u7B97\u3057\u306A\u3044"}, + {".protected.keystore.has.protected.authentication.path", + "[-protected] \u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u306F\u4FDD\u8B77\u3055\u308C\u305F\u8A8D\u8A3C\u30D1\u30B9\u304C\u3042\u308B"}, + {".providerName.name.provider.name", + "[-providerName <name>] \u30D7\u30ED\u30D0\u30A4\u30C0\u540D"}, + {".providerClass.class.name.of.cryptographic.service.provider.s", + "[-providerClass <class> \u6697\u53F7\u5316\u30B5\u30FC\u30D3\u30B9\u30FB\u30D7\u30ED\u30D0\u30A4\u30C0\u306E\u540D\u524D"}, + {".providerArg.arg.master.class.file.and.constructor.argument", + " [-providerArg <arg>]] ... \u30DE\u30B9\u30BF\u30FC\u30FB\u30AF\u30E9\u30B9\u30FB\u30D5\u30A1\u30A4\u30EB\u3068\u30B3\u30F3\u30B9\u30C8\u30E9\u30AF\u30BF\u306E\u5F15\u6570"}, + {".strict.treat.warnings.as.errors", + "[-strict] \u8B66\u544A\u3092\u30A8\u30E9\u30FC\u3068\u3057\u3066\u51E6\u7406"}, + {"Option.lacks.argument", "\u30AA\u30D7\u30B7\u30E7\u30F3\u306B\u5F15\u6570\u304C\u3042\u308A\u307E\u305B\u3093"}, + {"Please.type.jarsigner.help.for.usage", "\u4F7F\u7528\u65B9\u6CD5\u306B\u3064\u3044\u3066\u306Fjarsigner -help\u3068\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044"}, + {"Please.specify.jarfile.name", "jarfile\u540D\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"}, + {"Please.specify.alias.name", "\u5225\u540D\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"}, + {"Only.one.alias.can.be.specified", "\u5225\u540D\u306F1\u3064\u306E\u307F\u6307\u5B9A\u3067\u304D\u307E\u3059"}, + {"This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es.", + "\u3053\u306Ejar\u306B\u542B\u307E\u308C\u308B\u7F72\u540D\u6E08\u30A8\u30F3\u30C8\u30EA\u306F\u3001\u6307\u5B9A\u3055\u308C\u305F\u5225\u540D\u306B\u3088\u3063\u3066\u7F72\u540D\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002"}, + {"This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore.", + "\u3053\u306Ejar\u306B\u542B\u307E\u308C\u308B\u7F72\u540D\u6E08\u30A8\u30F3\u30C8\u30EA\u306F\u3001\u3053\u306E\u30AD\u30FC\u30B9\u30C8\u30A2\u5185\u306E\u5225\u540D\u306B\u3088\u3063\u3066\u7F72\u540D\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002"}, + {"s", "s"}, + {"m", "m"}, + {"k", "k"}, + {"i", "i"}, + {".and.d.more.", "(\u4ED6\u306B\u3082%d\u500B)"}, + {".s.signature.was.verified.", + " s=\u7F72\u540D\u304C\u691C\u8A3C\u3055\u308C\u307E\u3057\u305F "}, + {".m.entry.is.listed.in.manifest", + " m=\u30A8\u30F3\u30C8\u30EA\u304C\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u5185\u306B\u30EA\u30B9\u30C8\u3055\u308C\u307E\u3059"}, + {".k.at.least.one.certificate.was.found.in.keystore", + " k=1\u3064\u4EE5\u4E0A\u306E\u8A3C\u660E\u66F8\u304C\u30AD\u30FC\u30B9\u30C8\u30A2\u3067\u691C\u51FA\u3055\u308C\u307E\u3057\u305F"}, + {".i.at.least.one.certificate.was.found.in.identity.scope", + " i=1\u3064\u4EE5\u4E0A\u306E\u8A3C\u660E\u66F8\u304C\u30A2\u30A4\u30C7\u30F3\u30C6\u30A3\u30C6\u30A3\u30FB\u30B9\u30B3\u30FC\u30D7\u3067\u691C\u51FA\u3055\u308C\u307E\u3057\u305F"}, + {".X.not.signed.by.specified.alias.es.", + " X =\u6307\u5B9A\u3057\u305F\u5225\u540D\u3067\u7F72\u540D\u3055\u308C\u3066\u3044\u307E\u305B\u3093"}, + {"no.manifest.", "\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u306F\u5B58\u5728\u3057\u307E\u305B\u3093\u3002"}, + {".Signature.related.entries.","(\u7F72\u540D\u95A2\u9023\u30A8\u30F3\u30C8\u30EA)"}, + {".Unsigned.entries.", "(\u672A\u7F72\u540D\u306E\u30A8\u30F3\u30C8\u30EA)"}, + {"jar.is.unsigned.signatures.missing.or.not.parsable.", + "jar\u306F\u7F72\u540D\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002(\u7F72\u540D\u304C\u898B\u3064\u304B\u3089\u306A\u3044\u304B\u3001\u69CB\u6587\u89E3\u6790\u3067\u304D\u307E\u305B\u3093)"}, + {"jar.signed.", "jar\u306F\u7F72\u540D\u3055\u308C\u307E\u3057\u305F\u3002"}, + {"jar.signed.with.signer.errors.", "jar\u306F\u7F72\u540D\u3055\u308C\u307E\u3057\u305F - \u7F72\u540D\u8005\u30A8\u30E9\u30FC\u304C\u3042\u308A\u307E\u3059\u3002"}, + {"jar.verified.", "jar\u306F\u691C\u8A3C\u3055\u308C\u307E\u3057\u305F\u3002"}, + {"jar.verified.with.signer.errors.", "jar\u306F\u691C\u8A3C\u3055\u308C\u307E\u3057\u305F - \u7F72\u540D\u8005\u30A8\u30E9\u30FC\u304C\u3042\u308A\u307E\u3059\u3002"}, + {"jarsigner.", "jarsigner: "}, + {"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.", + "\u7F72\u540D\u306E\u30D5\u30A1\u30A4\u30EB\u540D\u306F\u6B21\u306E\u6587\u5B57\u3067\u69CB\u6210\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059: A-Z 0-9 _ -"}, + {"unable.to.open.jar.file.", "\u6B21\u306Ejar\u30D5\u30A1\u30A4\u30EB\u3092\u958B\u304F\u3053\u3068\u304C\u3067\u304D\u307E\u305B\u3093: "}, + {"unable.to.create.", "\u4F5C\u6210\u3067\u304D\u307E\u305B\u3093: "}, + {".adding.", " \u8FFD\u52A0\u4E2D: "}, + {".updating.", " \u66F4\u65B0\u4E2D: "}, + {".signing.", " \u7F72\u540D\u4E2D: "}, + {"attempt.to.rename.signedJarFile.to.jarFile.failed", + "{0}\u306E\u540D\u524D\u3092{1}\u306B\u5909\u66F4\u3057\u3088\u3046\u3068\u3057\u307E\u3057\u305F\u304C\u5931\u6557\u3057\u307E\u3057\u305F"}, + {"attempt.to.rename.jarFile.to.origJar.failed", + "{0}\u306E\u540D\u524D\u3092{1}\u306B\u5909\u66F4\u3057\u3088\u3046\u3068\u3057\u307E\u3057\u305F\u304C\u5931\u6557\u3057\u307E\u3057\u305F"}, + {"unable.to.sign.jar.", "jar\u306B\u7F72\u540D\u3067\u304D\u307E\u305B\u3093: "}, + {"Enter.Passphrase.for.keystore.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "}, + {"keystore.load.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30ED\u30FC\u30C9: "}, + {"certificate.exception.", "\u8A3C\u660E\u66F8\u4F8B\u5916: "}, + {"unable.to.instantiate.keystore.class.", + "\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30AF\u30E9\u30B9\u306E\u30A4\u30F3\u30B9\u30BF\u30F3\u30B9\u3092\u751F\u6210\u3067\u304D\u307E\u305B\u3093: "}, + {"Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and", + "\u6B21\u306E\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: {0}\u3002{1}\u306F\u3001\u79D8\u5BC6\u9375\u304A\u3088\u3073\u5BFE\u5FDC\u3059\u308B\u516C\u958B\u9375\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u3092\u542B\u3080\u6709\u52B9\u306AKeyStore\u9375\u30A8\u30F3\u30C8\u30EA\u3092\u53C2\u7167\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002"}, + {"File.specified.by.certchain.does.not.exist", + "-certchain\u3067\u6307\u5B9A\u3055\u308C\u3066\u3044\u308B\u30D5\u30A1\u30A4\u30EB\u306F\u5B58\u5728\u3057\u307E\u305B\u3093"}, + {"Cannot.restore.certchain.from.file.specified", + "\u6307\u5B9A\u3055\u308C\u305F\u30D5\u30A1\u30A4\u30EB\u304B\u3089\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u3092\u5FA9\u5143\u3067\u304D\u307E\u305B\u3093"}, + {"Certificate.chain.not.found.in.the.file.specified.", + "\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u306F\u6307\u5B9A\u3055\u308C\u305F\u30D5\u30A1\u30A4\u30EB\u306B\u898B\u3064\u304B\u308A\u307E\u305B\u3093\u3002"}, + {"found.non.X.509.certificate.in.signer.s.chain", + "\u7F72\u540D\u8005\u306E\u9023\u9396\u5185\u3067\u975EX.509\u8A3C\u660E\u66F8\u304C\u691C\u51FA\u3055\u308C\u307E\u3057\u305F"}, + {"incomplete.certificate.chain", "\u4E0D\u5B8C\u5168\u306A\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3"}, + {"Enter.key.password.for.alias.", "{0}\u306E\u9375\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "}, + {"unable.to.recover.key.from.keystore", + "\u30AD\u30FC\u30B9\u30C8\u30A2\u304B\u3089\u9375\u3092\u5FA9\u5143\u3067\u304D\u307E\u305B\u3093"}, + {"key.associated.with.alias.not.a.private.key", + "{0}\u3068\u95A2\u9023\u4ED8\u3051\u3089\u308C\u305F\u9375\u306F\u3001\u79D8\u5BC6\u9375\u3067\u306F\u3042\u308A\u307E\u305B\u3093"}, + {"you.must.enter.key.password", "\u9375\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, + {"unable.to.read.password.", "\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u8AAD\u307F\u8FBC\u3081\u307E\u305B\u3093: "}, + {"certificate.is.valid.from", "\u8A3C\u660E\u66F8\u306F{0}\u304B\u3089{1}\u307E\u3067\u6709\u52B9\u3067\u3059"}, + {"certificate.expired.on", "\u8A3C\u660E\u66F8\u306F{0}\u306B\u5931\u52B9\u3057\u307E\u3057\u305F"}, + {"certificate.is.not.valid.until", + "\u8A3C\u660E\u66F8\u306F{0}\u307E\u3067\u6709\u52B9\u3067\u306F\u3042\u308A\u307E\u305B\u3093"}, + {"certificate.will.expire.on", "\u8A3C\u660E\u66F8\u306F{0}\u306B\u5931\u52B9\u3057\u307E\u3059"}, + {".CertPath.not.validated.", "[CertPath\u304C\u691C\u8A3C\u3055\u308C\u3066\u3044\u307E\u305B\u3093: "}, + {"requesting.a.signature.timestamp", + "\u7F72\u540D\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306E\u30EA\u30AF\u30A8\u30B9\u30C8"}, + {"TSA.location.", "TSA\u306E\u5834\u6240: "}, + {"TSA.certificate.", "TSA\u8A3C\u660E\u66F8: "}, + {"no.response.from.the.Timestamping.Authority.", + "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u304B\u3089\u306E\u30EC\u30B9\u30DD\u30F3\u30B9\u304C\u3042\u308A\u307E\u305B\u3093\u3002\u30D5\u30A1\u30A4\u30A2\u30A6\u30A9\u30FC\u30EB\u3092\u4ECB\u3057\u3066\u63A5\u7D9A\u3059\u308B\u3068\u304D\u306F\u3001\u5FC5\u8981\u306B\u5FDC\u3058\u3066HTTP\u307E\u305F\u306FHTTPS\u30D7\u30ED\u30AD\u30B7\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044\u3002jarsigner\u306B\u6B21\u306E\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044:"}, + {"or", "\u307E\u305F\u306F"}, + {"Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the", + "\u8A3C\u660E\u66F8\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093\u3067\u3057\u305F: {0}\u3002{1}\u306F\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306EX.509\u516C\u958B\u9375\u8A3C\u660E\u66F8\u304C\u542B\u307E\u308C\u3066\u3044\u308B\u6709\u52B9\u306AKeyStore\u30A8\u30F3\u30C8\u30EA\u3092\u53C2\u7167\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002"}, + {"using.an.alternative.signing.mechanism", + "\u4EE3\u66FF\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u306E\u4F7F\u7528"}, + {"entry.was.signed.on", "\u30A8\u30F3\u30C8\u30EA\u306F{0}\u306B\u7F72\u540D\u3055\u308C\u307E\u3057\u305F"}, + {"Warning.", "\u8B66\u544A: "}, + {"Error.", "\u30A8\u30E9\u30FC: "}, + {"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.", + "\u3053\u306Ejar\u306B\u306F\u3001\u6574\u5408\u6027\u30C1\u30A7\u30C3\u30AF\u3092\u3057\u3066\u3044\u306A\u3044\u672A\u7F72\u540D\u306E\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "}, + {"This.jar.contains.entries.whose.signer.certificate.has.expired.", + "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u304C\u671F\u9650\u5207\u308C\u306E\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "}, + {"This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months.", + "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u304C6\u304B\u6708\u4EE5\u5185\u306B\u671F\u9650\u5207\u308C\u3068\u306A\u308B\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "}, + {"This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid.", + "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u304C\u307E\u3060\u6709\u52B9\u306B\u306A\u3063\u3066\u3044\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "}, + {"Re.run.with.the.verbose.option.for.more.details.", + "\u8A73\u7D30\u306F\u3001-verbose\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u4F7F\u7528\u3057\u3066\u518D\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, + {"Re.run.with.the.verbose.and.certs.options.for.more.details.", + "\u8A73\u7D30\u306F\u3001-verbose\u304A\u3088\u3073-certs\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u4F7F\u7528\u3057\u3066\u518D\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, + {"The.signer.certificate.has.expired.", + "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F\u671F\u9650\u5207\u308C\u3067\u3059\u3002"}, + {"The.signer.certificate.will.expire.within.six.months.", + "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F6\u304B\u6708\u4EE5\u5185\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002"}, + {"The.signer.certificate.is.not.yet.valid.", + "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F\u307E\u3060\u6709\u52B9\u306B\u306A\u3063\u3066\u3044\u307E\u305B\u3093\u3002"}, + {"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.", + "\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306EKeyUsage\u62E1\u5F35\u6A5F\u80FD\u3067\u306F\u3001\u30B3\u30FC\u30C9\u7F72\u540D\u306F\u8A31\u53EF\u3055\u308C\u307E\u305B\u3093\u3002"}, + {"The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.", + "\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306EExtendedKeyUsage\u62E1\u5F35\u6A5F\u80FD\u3067\u306F\u3001\u30B3\u30FC\u30C9\u7F72\u540D\u306F\u8A31\u53EF\u3055\u308C\u307E\u305B\u3093\u3002"}, + {"The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.", + "\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306ENetscapeCertType\u62E1\u5F35\u6A5F\u80FD\u3067\u306F\u3001\u30B3\u30FC\u30C9\u7F72\u540D\u306F\u8A31\u53EF\u3055\u308C\u307E\u305B\u3093\u3002"}, + {"This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.", + "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306EKeyUsage\u62E1\u5F35\u6A5F\u80FD\u304C\u30B3\u30FC\u30C9\u7F72\u540D\u3092\u8A31\u53EF\u3057\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002"}, + {"This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.", + "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306EExtendedKeyUsage\u62E1\u5F35\u6A5F\u80FD\u304C\u30B3\u30FC\u30C9\u7F72\u540D\u3092\u8A31\u53EF\u3057\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002"}, + {"This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.", + "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306ENetscapeCertType\u62E1\u5F35\u6A5F\u80FD\u304C\u30B3\u30FC\u30C9\u7F72\u540D\u3092\u8A31\u53EF\u3057\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002"}, + {".{0}.extension.does.not.support.code.signing.", + "[{0}\u62E1\u5F35\u6A5F\u80FD\u306F\u30B3\u30FC\u30C9\u7F72\u540D\u3092\u30B5\u30DD\u30FC\u30C8\u3057\u3066\u3044\u307E\u305B\u3093]"}, + {"The.signer.s.certificate.chain.is.not.validated.", + "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u304C\u307E\u3060\u691C\u8A3C\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002"}, + {"This.jar.contains.entries.whose.certificate.chain.is.not.validated.", + "\u3053\u306Ejar\u306B\u306F\u3001\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u304C\u307E\u3060\u691C\u8A3C\u3055\u308C\u3066\u3044\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002"}, + {"Unknown.password.type.", "\u4E0D\u660E\u306A\u30D1\u30B9\u30EF\u30FC\u30C9\u30FB\u30BF\u30A4\u30D7: "}, + {"Cannot.find.environment.variable.", + "\u74B0\u5883\u5909\u6570\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: "}, + {"Cannot.find.file.", "\u30D5\u30A1\u30A4\u30EB\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: "}, + {"no.timestamp.signing", + "-tsa\u307E\u305F\u306F-tsacert\u304C\u6307\u5B9A\u3055\u308C\u3066\u3044\u306A\u3044\u305F\u3081\u3001\u3053\u306Ejar\u306B\u306F\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u4ED8\u52A0\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650(%1$tY-%1$tm-%1$td)\u5F8C\u307E\u305F\u306F\u5C06\u6765\u306E\u5931\u52B9\u65E5\u5F8C\u306B\u3001\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002"}, + {"no.timestamp.verifying", + "\u3053\u306Ejar\u306B\u306F\u3001\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u7F72\u540D\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650(%1$tY-%1$tm-%1$td)\u5F8C\u307E\u305F\u306F\u5C06\u6765\u306E\u5931\u52B9\u65E5\u5F8C\u306B\u3001\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002"}, + }; + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,258 @@ +/* + * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.jarsigner; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for JarSigner. + * + */ +public class Resources_zh_CN extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + + // shared (from jarsigner) + {"SPACE", " "}, + {"2SPACE", " "}, + {"6SPACE", " "}, + {"COMMA", ", "}, + + {"provName.not.a.provider", "{0}\u4E0D\u662F\u63D0\u4F9B\u65B9"}, + {"signerClass.is.not.a.signing.mechanism", "{0}\u4E0D\u662F\u7B7E\u540D\u673A\u5236"}, + {"jarsigner.error.", "jarsigner \u9519\u8BEF: "}, + {"Illegal.option.", "\u975E\u6CD5\u9009\u9879: "}, + {".keystore.must.be.NONE.if.storetype.is.{0}", + "\u5982\u679C -storetype \u4E3A {0}, \u5219 -keystore \u5FC5\u987B\u4E3A NONE"}, + {".keypass.can.not.be.specified.if.storetype.is.{0}", + "\u5982\u679C -storetype \u4E3A {0}, \u5219\u4E0D\u80FD\u6307\u5B9A -keypass"}, + {"If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified", + "\u5982\u679C\u6307\u5B9A\u4E86 -protected, \u5219\u4E0D\u80FD\u6307\u5B9A -storepass \u548C -keypass"}, + {"If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified", + "\u5982\u679C\u5BC6\u94A5\u5E93\u672A\u53D7\u53E3\u4EE4\u4FDD\u62A4, \u5219\u4E0D\u80FD\u6307\u5B9A -storepass \u548C -keypass"}, + {"Usage.jarsigner.options.jar.file.alias", + "\u7528\u6CD5: jarsigner [\u9009\u9879] jar-file \u522B\u540D"}, + {".jarsigner.verify.options.jar.file.alias.", + " jarsigner -verify [\u9009\u9879] jar-file [\u522B\u540D...]"}, + {".keystore.url.keystore.location", + "[-keystore <url>] \u5BC6\u94A5\u5E93\u4F4D\u7F6E"}, + {".storepass.password.password.for.keystore.integrity", + "[-storepass <\u53E3\u4EE4>] \u7528\u4E8E\u5BC6\u94A5\u5E93\u5B8C\u6574\u6027\u7684\u53E3\u4EE4"}, + {".storetype.type.keystore.type", + "[-storetype <\u7C7B\u578B>] \u5BC6\u94A5\u5E93\u7C7B\u578B"}, + {".keypass.password.password.for.private.key.if.different.", + "[-keypass <\u53E3\u4EE4>] \u79C1\u6709\u5BC6\u94A5\u7684\u53E3\u4EE4 (\u5982\u679C\u4E0D\u540C)"}, + {".certchain.file.name.of.alternative.certchain.file", + "[-certchain <\u6587\u4EF6>] \u66FF\u4EE3\u8BC1\u4E66\u94FE\u6587\u4EF6\u7684\u540D\u79F0"}, + {".sigfile.file.name.of.SF.DSA.file", + "[-sigfile <\u6587\u4EF6>] .SF/.DSA \u6587\u4EF6\u7684\u540D\u79F0"}, + {".signedjar.file.name.of.signed.JAR.file", + "[-signedjar <\u6587\u4EF6>] \u5DF2\u7B7E\u540D\u7684 JAR \u6587\u4EF6\u7684\u540D\u79F0"}, + {".digestalg.algorithm.name.of.digest.algorithm", + "[-digestalg <\u7B97\u6CD5>] \u6458\u8981\u7B97\u6CD5\u7684\u540D\u79F0"}, + {".sigalg.algorithm.name.of.signature.algorithm", + "[-sigalg <\u7B97\u6CD5>] \u7B7E\u540D\u7B97\u6CD5\u7684\u540D\u79F0"}, + {".verify.verify.a.signed.JAR.file", + "[-verify] \u9A8C\u8BC1\u5DF2\u7B7E\u540D\u7684 JAR \u6587\u4EF6"}, + {".verbose.suboptions.verbose.output.when.signing.verifying.", + "[-verbose[:suboptions]] \u7B7E\u540D/\u9A8C\u8BC1\u65F6\u8F93\u51FA\u8BE6\u7EC6\u4FE1\u606F\u3002"}, + {".suboptions.can.be.all.grouped.or.summary", + " \u5B50\u9009\u9879\u53EF\u4EE5\u662F all, grouped \u6216 summary"}, + {".certs.display.certificates.when.verbose.and.verifying", + "[-certs] \u8F93\u51FA\u8BE6\u7EC6\u4FE1\u606F\u548C\u9A8C\u8BC1\u65F6\u663E\u793A\u8BC1\u4E66"}, + {".tsa.url.location.of.the.Timestamping.Authority", + "[-tsa <url>] \u65F6\u95F4\u6233\u9881\u53D1\u673A\u6784\u7684\u4F4D\u7F6E"}, + {".tsacert.alias.public.key.certificate.for.Timestamping.Authority", + "[-tsacert <\u522B\u540D>] \u65F6\u95F4\u6233\u9881\u53D1\u673A\u6784\u7684\u516C\u5171\u5BC6\u94A5\u8BC1\u4E66"}, + {".tsapolicyid.tsapolicyid.for.Timestamping.Authority", + "[-tsapolicyid <oid>] \u65F6\u95F4\u6233\u9881\u53D1\u673A\u6784\u7684 TSAPolicyID"}, + {".tsadigestalg.algorithm.of.digest.data.in.timestamping.request", + "[-tsadigestalg <\u7B97\u6CD5>] \u65F6\u95F4\u6233\u8BF7\u6C42\u4E2D\u7684\u6458\u8981\u6570\u636E\u7684\u7B97\u6CD5"}, + {".altsigner.class.class.name.of.an.alternative.signing.mechanism", + "[-altsigner <\u7C7B>] \u66FF\u4EE3\u7684\u7B7E\u540D\u673A\u5236\u7684\u7C7B\u540D"}, + {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism", + "[-altsignerpath <\u8DEF\u5F84\u5217\u8868>] \u66FF\u4EE3\u7684\u7B7E\u540D\u673A\u5236\u7684\u4F4D\u7F6E"}, + {".internalsf.include.the.SF.file.inside.the.signature.block", + "[-internalsf] \u5728\u7B7E\u540D\u5757\u5185\u5305\u542B .SF \u6587\u4EF6"}, + {".sectionsonly.don.t.compute.hash.of.entire.manifest", + "[-sectionsonly] \u4E0D\u8BA1\u7B97\u6574\u4E2A\u6E05\u5355\u7684\u6563\u5217"}, + {".protected.keystore.has.protected.authentication.path", + "[-protected] \u5BC6\u94A5\u5E93\u5177\u6709\u53D7\u4FDD\u62A4\u9A8C\u8BC1\u8DEF\u5F84"}, + {".providerName.name.provider.name", + "[-providerName <\u540D\u79F0>] \u63D0\u4F9B\u65B9\u540D\u79F0"}, + {".providerClass.class.name.of.cryptographic.service.provider.s", + "[-providerClass <\u7C7B> \u52A0\u5BC6\u670D\u52A1\u63D0\u4F9B\u65B9\u7684\u540D\u79F0"}, + {".providerArg.arg.master.class.file.and.constructor.argument", + " [-providerArg <\u53C2\u6570>]]... \u4E3B\u7C7B\u6587\u4EF6\u548C\u6784\u9020\u5668\u53C2\u6570"}, + {".strict.treat.warnings.as.errors", + "[-strict] \u5C06\u8B66\u544A\u89C6\u4E3A\u9519\u8BEF"}, + {"Option.lacks.argument", "\u9009\u9879\u7F3A\u5C11\u53C2\u6570"}, + {"Please.type.jarsigner.help.for.usage", "\u8BF7\u952E\u5165 jarsigner -help \u4EE5\u4E86\u89E3\u7528\u6CD5"}, + {"Please.specify.jarfile.name", "\u8BF7\u6307\u5B9A jarfile \u540D\u79F0"}, + {"Please.specify.alias.name", "\u8BF7\u6307\u5B9A\u522B\u540D"}, + {"Only.one.alias.can.be.specified", "\u53EA\u80FD\u6307\u5B9A\u4E00\u4E2A\u522B\u540D"}, + {"This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es.", + "\u6B64 jar \u5305\u542B\u672A\u7531\u6307\u5B9A\u522B\u540D\u7B7E\u540D\u7684\u5DF2\u7B7E\u540D\u6761\u76EE\u3002"}, + {"This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore.", + "\u6B64 jar \u5305\u542B\u672A\u7531\u6B64\u5BC6\u94A5\u5E93\u4E2D\u7684\u522B\u540D\u7B7E\u540D\u7684\u5DF2\u7B7E\u540D\u6761\u76EE\u3002"}, + {"s", "s"}, + {"m", "m"}, + {"k", "k"}, + {"i", "i"}, + {".and.d.more.", "(%d \u53CA\u4EE5\u4E0A)"}, + {".s.signature.was.verified.", + " s = \u5DF2\u9A8C\u8BC1\u7B7E\u540D "}, + {".m.entry.is.listed.in.manifest", + " m = \u5728\u6E05\u5355\u4E2D\u5217\u51FA\u6761\u76EE"}, + {".k.at.least.one.certificate.was.found.in.keystore", + " k = \u5728\u5BC6\u94A5\u5E93\u4E2D\u81F3\u5C11\u627E\u5230\u4E86\u4E00\u4E2A\u8BC1\u4E66"}, + {".i.at.least.one.certificate.was.found.in.identity.scope", + " i = \u5728\u8EAB\u4EFD\u4F5C\u7528\u57DF\u5185\u81F3\u5C11\u627E\u5230\u4E86\u4E00\u4E2A\u8BC1\u4E66"}, + {".X.not.signed.by.specified.alias.es.", + " X = \u672A\u7531\u6307\u5B9A\u522B\u540D\u7B7E\u540D"}, + {"no.manifest.", "\u6CA1\u6709\u6E05\u5355\u3002"}, + {".Signature.related.entries.","(\u4E0E\u7B7E\u540D\u76F8\u5173\u7684\u6761\u76EE)"}, + {".Unsigned.entries.", "(\u672A\u7B7E\u540D\u6761\u76EE)"}, + {"jar.is.unsigned.signatures.missing.or.not.parsable.", + "jar \u672A\u7B7E\u540D\u3002(\u7F3A\u5C11\u7B7E\u540D\u6216\u65E0\u6CD5\u89E3\u6790\u7B7E\u540D)"}, + {"jar.signed.", "jar \u5DF2\u7B7E\u540D\u3002"}, + {"jar.signed.with.signer.errors.", "jar \u5DF2\u7B7E\u540D, \u4F46\u51FA\u73B0\u7B7E\u540D\u8005\u9519\u8BEF\u3002"}, + {"jar.verified.", "jar \u5DF2\u9A8C\u8BC1\u3002"}, + {"jar.verified.with.signer.errors.", "jar \u5DF2\u9A8C\u8BC1, \u4F46\u51FA\u73B0\u7B7E\u540D\u8005\u9519\u8BEF\u3002"}, + {"jarsigner.", "jarsigner: "}, + {"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.", + "\u7B7E\u540D\u6587\u4EF6\u540D\u5FC5\u987B\u5305\u542B\u4EE5\u4E0B\u5B57\u7B26: A-Z, 0-9, _ \u6216 -"}, + {"unable.to.open.jar.file.", "\u65E0\u6CD5\u6253\u5F00 jar \u6587\u4EF6: "}, + {"unable.to.create.", "\u65E0\u6CD5\u521B\u5EFA: "}, + {".adding.", " \u6B63\u5728\u6DFB\u52A0: "}, + {".updating.", " \u6B63\u5728\u66F4\u65B0: "}, + {".signing.", " \u6B63\u5728\u7B7E\u540D: "}, + {"attempt.to.rename.signedJarFile.to.jarFile.failed", + "\u5C1D\u8BD5\u5C06{0}\u91CD\u547D\u540D\u4E3A{1}\u65F6\u5931\u8D25"}, + {"attempt.to.rename.jarFile.to.origJar.failed", + "\u5C1D\u8BD5\u5C06{0}\u91CD\u547D\u540D\u4E3A{1}\u65F6\u5931\u8D25"}, + {"unable.to.sign.jar.", "\u65E0\u6CD5\u5BF9 jar \u8FDB\u884C\u7B7E\u540D: "}, + {"Enter.Passphrase.for.keystore.", "\u8F93\u5165\u5BC6\u94A5\u5E93\u7684\u5BC6\u7801\u77ED\u8BED: "}, + {"keystore.load.", "\u5BC6\u94A5\u5E93\u52A0\u8F7D: "}, + {"certificate.exception.", "\u8BC1\u4E66\u5F02\u5E38\u9519\u8BEF: "}, + {"unable.to.instantiate.keystore.class.", + "\u65E0\u6CD5\u5B9E\u4F8B\u5316\u5BC6\u94A5\u5E93\u7C7B: "}, + {"Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and", + "\u627E\u4E0D\u5230{0}\u7684\u8BC1\u4E66\u94FE\u3002{1}\u5FC5\u987B\u5F15\u7528\u5305\u542B\u79C1\u6709\u5BC6\u94A5\u548C\u76F8\u5E94\u7684\u516C\u5171\u5BC6\u94A5\u8BC1\u4E66\u94FE\u7684\u6709\u6548\u5BC6\u94A5\u5E93\u5BC6\u94A5\u6761\u76EE\u3002"}, + {"File.specified.by.certchain.does.not.exist", + "\u7531 -certchain \u6307\u5B9A\u7684\u6587\u4EF6\u4E0D\u5B58\u5728"}, + {"Cannot.restore.certchain.from.file.specified", + "\u65E0\u6CD5\u4ECE\u6307\u5B9A\u7684\u6587\u4EF6\u8FD8\u539F certchain"}, + {"Certificate.chain.not.found.in.the.file.specified.", + "\u5728\u6307\u5B9A\u7684\u6587\u4EF6\u4E2D\u627E\u4E0D\u5230\u8BC1\u4E66\u94FE\u3002"}, + {"found.non.X.509.certificate.in.signer.s.chain", + "\u5728\u7B7E\u540D\u8005\u7684\u94FE\u4E2D\u627E\u5230\u975E X.509 \u8BC1\u4E66"}, + {"incomplete.certificate.chain", "\u8BC1\u4E66\u94FE\u4E0D\u5B8C\u6574"}, + {"Enter.key.password.for.alias.", "\u8F93\u5165{0}\u7684\u5BC6\u94A5\u53E3\u4EE4: "}, + {"unable.to.recover.key.from.keystore", + "\u65E0\u6CD5\u4ECE\u5BC6\u94A5\u5E93\u4E2D\u6062\u590D\u5BC6\u94A5"}, + {"key.associated.with.alias.not.a.private.key", + "\u4E0E{0}\u5173\u8054\u7684\u5BC6\u94A5\u4E0D\u662F\u79C1\u6709\u5BC6\u94A5"}, + {"you.must.enter.key.password", "\u5FC5\u987B\u8F93\u5165\u5BC6\u94A5\u53E3\u4EE4"}, + {"unable.to.read.password.", "\u65E0\u6CD5\u8BFB\u53D6\u53E3\u4EE4: "}, + {"certificate.is.valid.from", "\u8BC1\u4E66\u7684\u6709\u6548\u671F\u4E3A{0}\u81F3{1}"}, + {"certificate.expired.on", "\u8BC1\u4E66\u5230\u671F\u65E5\u671F\u4E3A {0}"}, + {"certificate.is.not.valid.until", + "\u76F4\u5230{0}, \u8BC1\u4E66\u624D\u6709\u6548"}, + {"certificate.will.expire.on", "\u8BC1\u4E66\u5C06\u5728{0}\u5230\u671F"}, + {".CertPath.not.validated.", "[CertPath \u672A\u9A8C\u8BC1: "}, + {"requesting.a.signature.timestamp", + "\u6B63\u5728\u8BF7\u6C42\u7B7E\u540D\u65F6\u95F4\u6233"}, + {"TSA.location.", "TSA \u4F4D\u7F6E: "}, + {"TSA.certificate.", "TSA \u8BC1\u4E66: "}, + {"no.response.from.the.Timestamping.Authority.", + "\u65F6\u95F4\u6233\u9881\u53D1\u673A\u6784\u6CA1\u6709\u54CD\u5E94\u3002\u5982\u679C\u8981\u4ECE\u9632\u706B\u5899\u540E\u9762\u8FDE\u63A5, \u5219\u53EF\u80FD\u9700\u8981\u6307\u5B9A HTTP \u6216 HTTPS \u4EE3\u7406\u3002\u8BF7\u4E3A jarsigner \u63D0\u4F9B\u4EE5\u4E0B\u9009\u9879: "}, + {"or", "\u6216"}, + {"Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the", + "\u627E\u4E0D\u5230{0}\u7684\u8BC1\u4E66\u3002{1}\u5FC5\u987B\u5F15\u7528\u5305\u542B\u65F6\u95F4\u6233\u9881\u53D1\u673A\u6784\u7684 X.509 \u516C\u5171\u5BC6\u94A5\u8BC1\u4E66\u7684\u6709\u6548\u5BC6\u94A5\u5E93\u6761\u76EE\u3002"}, + {"using.an.alternative.signing.mechanism", + "\u6B63\u5728\u4F7F\u7528\u66FF\u4EE3\u7684\u7B7E\u540D\u673A\u5236"}, + {"entry.was.signed.on", "\u6761\u76EE\u7684\u7B7E\u540D\u65E5\u671F\u4E3A {0}"}, + {"Warning.", "\u8B66\u544A: "}, + {"Error.", "\u9519\u8BEF: "}, + {"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.", + "\u6B64 jar \u5305\u542B\u5C1A\u672A\u8FDB\u884C\u5B8C\u6574\u6027\u68C0\u67E5\u7684\u672A\u7B7E\u540D\u6761\u76EE\u3002 "}, + {"This.jar.contains.entries.whose.signer.certificate.has.expired.", + "\u6B64 jar \u5305\u542B\u7B7E\u540D\u8005\u8BC1\u4E66\u5DF2\u8FC7\u671F\u7684\u6761\u76EE\u3002 "}, + {"This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months.", + "\u6B64 jar \u5305\u542B\u7B7E\u540D\u8005\u8BC1\u4E66\u5C06\u5728\u516D\u4E2A\u6708\u5185\u8FC7\u671F\u7684\u6761\u76EE\u3002 "}, + {"This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid.", + "\u6B64 jar \u5305\u542B\u7B7E\u540D\u8005\u8BC1\u4E66\u4ECD\u65E0\u6548\u7684\u6761\u76EE\u3002 "}, + {"Re.run.with.the.verbose.option.for.more.details.", + "\u6709\u5173\u8BE6\u7EC6\u4FE1\u606F, \u8BF7\u4F7F\u7528 -verbose \u9009\u9879\u91CD\u65B0\u8FD0\u884C\u3002"}, + {"Re.run.with.the.verbose.and.certs.options.for.more.details.", + "\u6709\u5173\u8BE6\u7EC6\u4FE1\u606F, \u8BF7\u4F7F\u7528 -verbose \u548C -certs \u9009\u9879\u91CD\u65B0\u8FD0\u884C\u3002"}, + {"The.signer.certificate.has.expired.", + "\u7B7E\u540D\u8005\u8BC1\u4E66\u5DF2\u8FC7\u671F\u3002"}, + {"The.signer.certificate.will.expire.within.six.months.", + "\u7B7E\u540D\u8005\u8BC1\u4E66\u5C06\u5728\u516D\u4E2A\u6708\u5185\u8FC7\u671F\u3002"}, + {"The.signer.certificate.is.not.yet.valid.", + "\u7B7E\u540D\u8005\u8BC1\u4E66\u4ECD\u65E0\u6548\u3002"}, + {"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.", + "\u7531\u4E8E\u7B7E\u540D\u8005\u8BC1\u4E66\u7684 KeyUsage \u6269\u5C55\u800C\u65E0\u6CD5\u8FDB\u884C\u4EE3\u7801\u7B7E\u540D\u3002"}, + {"The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.", + "\u7531\u4E8E\u7B7E\u540D\u8005\u8BC1\u4E66\u7684 ExtendedKeyUsage \u6269\u5C55\u800C\u65E0\u6CD5\u8FDB\u884C\u4EE3\u7801\u7B7E\u540D\u3002"}, + {"The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.", + "\u7531\u4E8E\u7B7E\u540D\u8005\u8BC1\u4E66\u7684 NetscapeCertType \u6269\u5C55\u800C\u65E0\u6CD5\u8FDB\u884C\u4EE3\u7801\u7B7E\u540D\u3002"}, + {"This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.", + "\u6B64 jar \u5305\u542B\u7531\u4E8E\u7B7E\u540D\u8005\u8BC1\u4E66\u7684 KeyUsage \u6269\u5C55\u800C\u65E0\u6CD5\u8FDB\u884C\u4EE3\u7801\u7B7E\u540D\u7684\u6761\u76EE\u3002"}, + {"This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.", + "\u6B64 jar \u5305\u542B\u7531\u4E8E\u7B7E\u540D\u8005\u8BC1\u4E66\u7684 ExtendedKeyUsage \u6269\u5C55\u800C\u65E0\u6CD5\u8FDB\u884C\u4EE3\u7801\u7B7E\u540D\u7684\u6761\u76EE\u3002"}, + {"This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.", + "\u6B64 jar \u5305\u542B\u7531\u4E8E\u7B7E\u540D\u8005\u8BC1\u4E66\u7684 NetscapeCertType \u6269\u5C55\u800C\u65E0\u6CD5\u8FDB\u884C\u4EE3\u7801\u7B7E\u540D\u7684\u6761\u76EE\u3002"}, + {".{0}.extension.does.not.support.code.signing.", + "[{0} \u6269\u5C55\u4E0D\u652F\u6301\u4EE3\u7801\u7B7E\u540D]"}, + {"The.signer.s.certificate.chain.is.not.validated.", + "\u7B7E\u540D\u8005\u7684\u8BC1\u4E66\u94FE\u672A\u9A8C\u8BC1\u3002"}, + {"This.jar.contains.entries.whose.certificate.chain.is.not.validated.", + "\u6B64 jar \u5305\u542B\u8BC1\u4E66\u94FE\u672A\u9A8C\u8BC1\u7684\u6761\u76EE\u3002"}, + {"Unknown.password.type.", "\u672A\u77E5\u53E3\u4EE4\u7C7B\u578B: "}, + {"Cannot.find.environment.variable.", + "\u627E\u4E0D\u5230\u73AF\u5883\u53D8\u91CF: "}, + {"Cannot.find.file.", "\u627E\u4E0D\u5230\u6587\u4EF6: "}, + {"Command.option.flag.needs.an.argument.", "\u547D\u4EE4\u9009\u9879{0}\u9700\u8981\u4E00\u4E2A\u53C2\u6570\u3002"}, + {"no.timestamp.signing", + "\u672A\u63D0\u4F9B -tsa \u6216 -tsacert, \u6B64 jar \u6CA1\u6709\u65F6\u95F4\u6233\u3002\u5982\u679C\u6CA1\u6709\u65F6\u95F4\u6233, \u5219\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u7684\u5230\u671F\u65E5\u671F (%1$tY-%1$tm-%1$td) \u6216\u4EE5\u540E\u7684\u4EFB\u4F55\u64A4\u9500\u65E5\u671F\u4E4B\u540E, \u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002"}, + {"no.timestamp.verifying", + "\u6B64 jar \u5305\u542B\u7684\u7B7E\u540D\u6CA1\u6709\u65F6\u95F4\u6233\u3002\u5982\u679C\u6CA1\u6709\u65F6\u95F4\u6233, \u5219\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u7684\u5230\u671F\u65E5\u671F (%1$tY-%1$tm-%1$td) \u6216\u4EE5\u540E\u7684\u4EFB\u4F55\u64A4\u9500\u65E5\u671F\u4E4B\u540E, \u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002"}, + }; + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,192 @@ +/* + * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.jarsigner; + +import java.io.IOException; +import java.net.URI; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +import com.sun.jarsigner.*; +import sun.security.pkcs.PKCS7; +import sun.security.util.*; +import sun.security.x509.*; + +/** + * This class implements a content signing service. + * It generates a timestamped signature for a given content according to + * <a href="http://www.ietf.org/rfc/rfc3161.txt">RFC 3161</a>. + * The signature along with a trusted timestamp and the signer's certificate + * are all packaged into a standard PKCS #7 Signed Data message. + * + * @author Vincent Ryan + */ + +public final class TimestampedSigner extends ContentSigner { + + /* + * Object identifier for the subject information access X.509 certificate + * extension. + */ + private static final String SUBJECT_INFO_ACCESS_OID = "1.3.6.1.5.5.7.1.11"; + + /* + * Object identifier for the timestamping access descriptors. + */ + private static final ObjectIdentifier AD_TIMESTAMPING_Id; + static { + ObjectIdentifier tmp = null; + try { + tmp = new ObjectIdentifier("1.3.6.1.5.5.7.48.3"); + } catch (IOException e) { + // ignore + } + AD_TIMESTAMPING_Id = tmp; + } + + /** + * Instantiates a content signer that supports timestamped signatures. + */ + public TimestampedSigner() { + } + + /** + * Generates a PKCS #7 signed data message that includes a signature + * timestamp. + * This method is used when a signature has already been generated. + * The signature, a signature timestamp, the signer's certificate chain, + * and optionally the content that was signed, are packaged into a PKCS #7 + * signed data message. + * + * @param params The non-null input parameters. + * @param omitContent true if the content should be omitted from the + * signed data message. Otherwise the content is included. + * @param applyTimestamp true if the signature should be timestamped. + * Otherwise timestamping is not performed. + * @return A PKCS #7 signed data message including a signature timestamp. + * @throws NoSuchAlgorithmException The exception is thrown if the signature + * algorithm is unrecognised. + * @throws CertificateException The exception is thrown if an error occurs + * while processing the signer's certificate or the TSA's + * certificate. + * @throws IOException The exception is thrown if an error occurs while + * generating the signature timestamp or while generating the signed + * data message. + * @throws NullPointerException The exception is thrown if parameters is + * null. + */ + public byte[] generateSignedData(ContentSignerParameters params, + boolean omitContent, boolean applyTimestamp) + throws NoSuchAlgorithmException, CertificateException, IOException { + + if (params == null) { + throw new NullPointerException(); + } + + // Parse the signature algorithm to extract the digest + // algorithm. The expected format is: + // "<digest>with<encryption>" + // or "<digest>with<encryption>and<mgf>" + String signatureAlgorithm = params.getSignatureAlgorithm(); + + X509Certificate[] signerChain = params.getSignerCertificateChain(); + byte[] signature = params.getSignature(); + + // Include or exclude content + byte[] content = (omitContent == true) ? null : params.getContent(); + + URI tsaURI = null; + if (applyTimestamp) { + tsaURI = params.getTimestampingAuthority(); + if (tsaURI == null) { + // Examine TSA cert + tsaURI = getTimestampingURI( + params.getTimestampingAuthorityCertificate()); + if (tsaURI == null) { + throw new CertificateException( + "Subject Information Access extension not found"); + } + } + } + String tSADigestAlg = "SHA-256"; + if (params instanceof JarSignerParameters) { + tSADigestAlg = ((JarSignerParameters)params).getTSADigestAlg(); + } + return PKCS7.generateSignedData(signature, signerChain, content, + params.getSignatureAlgorithm(), tsaURI, + params.getTSAPolicyID(), + tSADigestAlg); + } + + /** + * Examine the certificate for a Subject Information Access extension + * (<a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280</a>). + * The extension's <tt>accessMethod</tt> field should contain the object + * identifier defined for timestamping: 1.3.6.1.5.5.7.48.3 and its + * <tt>accessLocation</tt> field should contain an HTTP or HTTPS URL. + * + * @param tsaCertificate An X.509 certificate for the TSA. + * @return An HTTP or HTTPS URI or null if none was found. + */ + public static URI getTimestampingURI(X509Certificate tsaCertificate) { + + if (tsaCertificate == null) { + return null; + } + // Parse the extensions + try { + byte[] extensionValue = + tsaCertificate.getExtensionValue(SUBJECT_INFO_ACCESS_OID); + if (extensionValue == null) { + return null; + } + DerInputStream der = new DerInputStream(extensionValue); + der = new DerInputStream(der.getOctetString()); + DerValue[] derValue = der.getSequence(5); + AccessDescription description; + GeneralName location; + URIName uri; + for (int i = 0; i < derValue.length; i++) { + description = new AccessDescription(derValue[i]); + if (description.getAccessMethod() + .equals((Object)AD_TIMESTAMPING_Id)) { + location = description.getAccessLocation(); + if (location.getType() == GeneralNameInterface.NAME_URI) { + uri = (URIName) location.getName(); + if (uri.getScheme().equalsIgnoreCase("http") || + uri.getScheme().equalsIgnoreCase("https")) { + return uri.getURI(); + } + } + } + } + } catch (IOException ioe) { + // ignore + } + return null; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/keytool/CertAndKeyGen.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,342 @@ +/* + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.keytool; + +import java.io.IOException; +import java.security.cert.X509Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateEncodingException; +import java.security.*; +import java.util.Date; + +import sun.security.pkcs10.PKCS10; +import sun.security.x509.AlgorithmId; +import sun.security.x509.CertificateAlgorithmId; +import sun.security.x509.CertificateExtensions; +import sun.security.x509.CertificateIssuerName; +import sun.security.x509.CertificateSerialNumber; +import sun.security.x509.CertificateSubjectName; +import sun.security.x509.CertificateValidity; +import sun.security.x509.CertificateVersion; +import sun.security.x509.CertificateX509Key; +import sun.security.x509.X500Name; +import sun.security.x509.X509CertImpl; +import sun.security.x509.X509CertInfo; +import sun.security.x509.X509Key; + + +/** + * Generate a pair of keys, and provide access to them. This class is + * provided primarily for ease of use. + * + * <P>This provides some simple certificate management functionality. + * Specifically, it allows you to create self-signed X.509 certificates + * as well as PKCS 10 based certificate signing requests. + * + * <P>Keys for some public key signature algorithms have algorithm + * parameters, such as DSS/DSA. Some sites' Certificate Authorities + * adopt fixed algorithm parameters, which speeds up some operations + * including key generation and signing. <em>At this time, this interface + * does not provide a way to provide such algorithm parameters, e.g. + * by providing the CA certificate which includes those parameters.</em> + * + * <P>Also, note that at this time only signature-capable keys may be + * acquired through this interface. Diffie-Hellman keys, used for secure + * key exchange, may be supported later. + * + * @author David Brownell + * @author Hemma Prafullchandra + * @see PKCS10 + * @see X509CertImpl + */ +public final class CertAndKeyGen { + /** + * Creates a CertAndKeyGen object for a particular key type + * and signature algorithm. + * + * @param keyType type of key, e.g. "RSA", "DSA" + * @param sigAlg name of the signature algorithm, e.g. "MD5WithRSA", + * "MD2WithRSA", "SHAwithDSA". + * @exception NoSuchAlgorithmException on unrecognized algorithms. + */ + public CertAndKeyGen (String keyType, String sigAlg) + throws NoSuchAlgorithmException + { + keyGen = KeyPairGenerator.getInstance(keyType); + this.sigAlg = sigAlg; + } + + /** + * Creates a CertAndKeyGen object for a particular key type, + * signature algorithm, and provider. + * + * @param keyType type of key, e.g. "RSA", "DSA" + * @param sigAlg name of the signature algorithm, e.g. "MD5WithRSA", + * "MD2WithRSA", "SHAwithDSA". + * @param providerName name of the provider + * @exception NoSuchAlgorithmException on unrecognized algorithms. + * @exception NoSuchProviderException on unrecognized providers. + */ + public CertAndKeyGen (String keyType, String sigAlg, String providerName) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (providerName == null) { + keyGen = KeyPairGenerator.getInstance(keyType); + } else { + try { + keyGen = KeyPairGenerator.getInstance(keyType, providerName); + } catch (Exception e) { + // try first available provider instead + keyGen = KeyPairGenerator.getInstance(keyType); + } + } + this.sigAlg = sigAlg; + } + + /** + * Sets the source of random numbers used when generating keys. + * If you do not provide one, a system default facility is used. + * You may wish to provide your own source of random numbers + * to get a reproducible sequence of keys and signatures, or + * because you may be able to take advantage of strong sources + * of randomness/entropy in your environment. + */ + public void setRandom (SecureRandom generator) + { + prng = generator; + } + + // want "public void generate (X509Certificate)" ... inherit DSA/D-H param + + /** + * Generates a random public/private key pair, with a given key + * size. Different algorithms provide different degrees of security + * for the same key size, because of the "work factor" involved in + * brute force attacks. As computers become faster, it becomes + * easier to perform such attacks. Small keys are to be avoided. + * + * <P>Note that not all values of "keyBits" are valid for all + * algorithms, and not all public key algorithms are currently + * supported for use in X.509 certificates. If the algorithm + * you specified does not produce X.509 compatible keys, an + * invalid key exception is thrown. + * + * @param keyBits the number of bits in the keys. + * @exception InvalidKeyException if the environment does not + * provide X.509 public keys for this signature algorithm. + */ + public void generate (int keyBits) + throws InvalidKeyException + { + KeyPair pair; + + try { + if (prng == null) { + prng = new SecureRandom(); + } + keyGen.initialize(keyBits, prng); + pair = keyGen.generateKeyPair(); + + } catch (Exception e) { + throw new IllegalArgumentException(e.getMessage()); + } + + publicKey = pair.getPublic(); + privateKey = pair.getPrivate(); + + // publicKey's format must be X.509 otherwise + // the whole CertGen part of this class is broken. + // Allow "X509" in 7u for backwards compatibility. + if (!"X.509".equalsIgnoreCase(publicKey.getFormat()) && + !"X509".equalsIgnoreCase(publicKey.getFormat())) { + throw new IllegalArgumentException("Public key format is " + + publicKey.getFormat() + ", must be X.509"); + } + } + + + /** + * Returns the public key of the generated key pair if it is of type + * <code>X509Key</code>, or null if the public key is of a different type. + * + * XXX Note: This behaviour is needed for backwards compatibility. + * What this method really should return is the public key of the + * generated key pair, regardless of whether or not it is an instance of + * <code>X509Key</code>. Accordingly, the return type of this method + * should be <code>PublicKey</code>. + */ + public X509Key getPublicKey() + { + if (!(publicKey instanceof X509Key)) { + return null; + } + return (X509Key)publicKey; + } + + /** + * Always returns the public key of the generated key pair. Used + * by KeyTool only. + * + * The publicKey is not necessarily to be an instance of + * X509Key in some JCA/JCE providers, for example SunPKCS11. + */ + public PublicKey getPublicKeyAnyway() { + return publicKey; + } + + /** + * Returns the private key of the generated key pair. + * + * <P><STRONG><em>Be extremely careful when handling private keys. + * When private keys are not kept secret, they lose their ability + * to securely authenticate specific entities ... that is a huge + * security risk!</em></STRONG> + */ + public PrivateKey getPrivateKey () + { + return privateKey; + } + + /** + * Returns a self-signed X.509v3 certificate for the public key. + * The certificate is immediately valid. No extensions. + * + * <P>Such certificates normally are used to identify a "Certificate + * Authority" (CA). Accordingly, they will not always be accepted by + * other parties. However, such certificates are also useful when + * you are bootstrapping your security infrastructure, or deploying + * system prototypes. + * + * @param myname X.500 name of the subject (who is also the issuer) + * @param firstDate the issue time of the certificate + * @param validity how long the certificate should be valid, in seconds + * @exception CertificateException on certificate handling errors. + * @exception InvalidKeyException on key handling errors. + * @exception SignatureException on signature handling errors. + * @exception NoSuchAlgorithmException on unrecognized algorithms. + * @exception NoSuchProviderException on unrecognized providers. + */ + public X509Certificate getSelfCertificate ( + X500Name myname, Date firstDate, long validity) + throws CertificateException, InvalidKeyException, SignatureException, + NoSuchAlgorithmException, NoSuchProviderException + { + return getSelfCertificate(myname, firstDate, validity, null); + } + + // Like above, plus a CertificateExtensions argument, which can be null. + public X509Certificate getSelfCertificate (X500Name myname, Date firstDate, + long validity, CertificateExtensions ext) + throws CertificateException, InvalidKeyException, SignatureException, + NoSuchAlgorithmException, NoSuchProviderException + { + X509CertImpl cert; + Date lastDate; + + try { + lastDate = new Date (); + lastDate.setTime (firstDate.getTime () + validity * 1000); + + CertificateValidity interval = + new CertificateValidity(firstDate,lastDate); + + X509CertInfo info = new X509CertInfo(); + // Add all mandatory attributes + info.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); + info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( + new java.util.Random().nextInt() & 0x7fffffff)); + AlgorithmId algID = AlgorithmId.get(sigAlg); + info.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId(algID)); + info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(myname)); + info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey)); + info.set(X509CertInfo.VALIDITY, interval); + info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname)); + if (ext != null) info.set(X509CertInfo.EXTENSIONS, ext); + + cert = new X509CertImpl(info); + cert.sign(privateKey, this.sigAlg); + + return (X509Certificate)cert; + + } catch (IOException e) { + throw new CertificateEncodingException("getSelfCert: " + + e.getMessage()); + } + } + + // Keep the old method + public X509Certificate getSelfCertificate (X500Name myname, long validity) + throws CertificateException, InvalidKeyException, SignatureException, + NoSuchAlgorithmException, NoSuchProviderException + { + return getSelfCertificate(myname, new Date(), validity); + } + + /** + * Returns a PKCS #10 certificate request. The caller uses either + * <code>PKCS10.print</code> or <code>PKCS10.toByteArray</code> + * operations on the result, to get the request in an appropriate + * transmission format. + * + * <P>PKCS #10 certificate requests are sent, along with some proof + * of identity, to Certificate Authorities (CAs) which then issue + * X.509 public key certificates. + * + * @param myname X.500 name of the subject + * @exception InvalidKeyException on key handling errors. + * @exception SignatureException on signature handling errors. + */ + public PKCS10 getCertRequest (X500Name myname) + throws InvalidKeyException, SignatureException + { + PKCS10 req = new PKCS10 (publicKey); + + try { + Signature signature = Signature.getInstance(sigAlg); + signature.initSign (privateKey); + req.encodeAndSign(myname, signature); + + } catch (CertificateException e) { + throw new SignatureException (sigAlg + " CertificateException"); + + } catch (IOException e) { + throw new SignatureException (sigAlg + " IOException"); + + } catch (NoSuchAlgorithmException e) { + // "can't happen" + throw new SignatureException (sigAlg + " unavailable?"); + } + return req; + } + + private SecureRandom prng; + private String sigAlg; + private KeyPairGenerator keyGen; + private PublicKey publicKey; + private PrivateKey privateKey; +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Main.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,4081 @@ +/* + * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.keytool; + +import java.io.*; +import java.security.CodeSigner; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.MessageDigest; +import java.security.Key; +import java.security.PublicKey; +import java.security.PrivateKey; +import java.security.Security; +import java.security.Signature; +import java.security.Timestamp; +import java.security.UnrecoverableEntryException; +import java.security.UnrecoverableKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.Principal; +import java.security.Provider; +import java.security.cert.Certificate; +import java.security.cert.CertificateFactory; +import java.security.cert.CertStoreException; +import java.security.cert.CRL; +import java.security.cert.X509Certificate; +import java.security.cert.CertificateException; +import java.text.Collator; +import java.text.MessageFormat; +import java.util.*; +import java.util.jar.JarEntry; +import java.util.jar.JarFile; +import java.lang.reflect.Constructor; +import java.math.BigInteger; +import java.net.Socket; +import java.net.URI; +import java.net.URL; +import java.net.URLClassLoader; +import java.security.cert.CertStore; + +import java.security.cert.X509CRL; +import java.security.cert.X509CRLEntry; +import java.security.cert.X509CRLSelector; +import javax.security.auth.x500.X500Principal; +import sun.misc.BASE64Encoder; +import sun.security.util.ObjectIdentifier; +import sun.security.pkcs10.PKCS10; +import sun.security.pkcs10.PKCS10Attribute; +import sun.security.provider.X509Factory; +import sun.security.provider.certpath.CertStoreHelper; +import sun.security.util.Password; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; + +import sun.misc.BASE64Decoder; +import sun.security.pkcs.PKCS9Attribute; +import sun.security.tools.KeyStoreUtil; +import sun.security.tools.PathList; +import sun.security.util.DerValue; +import sun.security.x509.*; + +import static java.security.KeyStore.*; +import javax.net.ssl.*; +import static sun.security.tools.keytool.Main.Command.*; +import static sun.security.tools.keytool.Main.Option.*; + +/** + * This tool manages keystores. + * + * @author Jan Luehe + * + * + * @see java.security.KeyStore + * @see sun.security.provider.KeyProtector + * @see sun.security.provider.JavaKeyStore + * + * @since 1.2 + */ +public final class Main { + + private boolean debug = false; + private Command command = null; + private String sigAlgName = null; + private String keyAlgName = null; + private boolean verbose = false; + private int keysize = -1; + private boolean rfc = false; + private long validity = (long)90; + private String alias = null; + private String dname = null; + private String dest = null; + private String filename = null; + private String infilename = null; + private String outfilename = null; + private String srcksfname = null; + + // User-specified providers are added before any command is called. + // However, they are not removed before the end of the main() method. + // If you're calling KeyTool.main() directly in your own Java program, + // please programtically add any providers you need and do not specify + // them through the command line. + + private Set<Pair <String, String>> providers = null; + private String storetype = null; + private String srcProviderName = null; + private String providerName = null; + private String pathlist = null; + private char[] storePass = null; + private char[] storePassNew = null; + private char[] keyPass = null; + private char[] keyPassNew = null; + private char[] newPass = null; + private char[] destKeyPass = null; + private char[] srckeyPass = null; + private String ksfname = null; + private File ksfile = null; + private InputStream ksStream = null; // keystore stream + private String sslserver = null; + private String jarfile = null; + private KeyStore keyStore = null; + private boolean token = false; + private boolean nullStream = false; + private boolean kssave = false; + private boolean noprompt = false; + private boolean trustcacerts = false; + private boolean protectedPath = false; + private boolean srcprotectedPath = false; + private CertificateFactory cf = null; + private KeyStore caks = null; // "cacerts" keystore + private char[] srcstorePass = null; + private String srcstoretype = null; + private Set<char[]> passwords = new HashSet<>(); + private String startDate = null; + + private List<String> ids = new ArrayList<>(); // used in GENCRL + private List<String> v3ext = new ArrayList<>(); + + enum Command { + CERTREQ("Generates.a.certificate.request", + ALIAS, SIGALG, FILEOUT, KEYPASS, KEYSTORE, DNAME, + STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS, + PROVIDERARG, PROVIDERPATH, V, PROTECTED), + CHANGEALIAS("Changes.an.entry.s.alias", + ALIAS, DESTALIAS, KEYPASS, KEYSTORE, STOREPASS, + STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG, + PROVIDERPATH, V, PROTECTED), + DELETE("Deletes.an.entry", + ALIAS, KEYSTORE, STOREPASS, STORETYPE, + PROVIDERNAME, PROVIDERCLASS, PROVIDERARG, + PROVIDERPATH, V, PROTECTED), + EXPORTCERT("Exports.certificate", + RFC, ALIAS, FILEOUT, KEYSTORE, STOREPASS, + STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG, + PROVIDERPATH, V, PROTECTED), + GENKEYPAIR("Generates.a.key.pair", + ALIAS, KEYALG, KEYSIZE, SIGALG, DESTALIAS, DNAME, + STARTDATE, EXT, VALIDITY, KEYPASS, KEYSTORE, + STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS, + PROVIDERARG, PROVIDERPATH, V, PROTECTED), + GENSECKEY("Generates.a.secret.key", + ALIAS, KEYPASS, KEYALG, KEYSIZE, KEYSTORE, + STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS, + PROVIDERARG, PROVIDERPATH, V, PROTECTED), + GENCERT("Generates.certificate.from.a.certificate.request", + RFC, INFILE, OUTFILE, ALIAS, SIGALG, DNAME, + STARTDATE, EXT, VALIDITY, KEYPASS, KEYSTORE, + STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS, + PROVIDERARG, PROVIDERPATH, V, PROTECTED), + IMPORTCERT("Imports.a.certificate.or.a.certificate.chain", + NOPROMPT, TRUSTCACERTS, PROTECTED, ALIAS, FILEIN, + KEYPASS, KEYSTORE, STOREPASS, STORETYPE, + PROVIDERNAME, PROVIDERCLASS, PROVIDERARG, + PROVIDERPATH, V), + IMPORTKEYSTORE("Imports.one.or.all.entries.from.another.keystore", + SRCKEYSTORE, DESTKEYSTORE, SRCSTORETYPE, + DESTSTORETYPE, SRCSTOREPASS, DESTSTOREPASS, + SRCPROTECTED, SRCPROVIDERNAME, DESTPROVIDERNAME, + SRCALIAS, DESTALIAS, SRCKEYPASS, DESTKEYPASS, + NOPROMPT, PROVIDERCLASS, PROVIDERARG, PROVIDERPATH, + V), + KEYPASSWD("Changes.the.key.password.of.an.entry", + ALIAS, KEYPASS, NEW, KEYSTORE, STOREPASS, + STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG, + PROVIDERPATH, V), + LIST("Lists.entries.in.a.keystore", + RFC, ALIAS, KEYSTORE, STOREPASS, STORETYPE, + PROVIDERNAME, PROVIDERCLASS, PROVIDERARG, + PROVIDERPATH, V, PROTECTED), + PRINTCERT("Prints.the.content.of.a.certificate", + RFC, FILEIN, SSLSERVER, JARFILE, V), + PRINTCERTREQ("Prints.the.content.of.a.certificate.request", + FILEIN, V), + PRINTCRL("Prints.the.content.of.a.CRL.file", + FILEIN, V), + STOREPASSWD("Changes.the.store.password.of.a.keystore", + NEW, KEYSTORE, STOREPASS, STORETYPE, PROVIDERNAME, + PROVIDERCLASS, PROVIDERARG, PROVIDERPATH, V), + + // Undocumented start here, KEYCLONE is used a marker in -help; + + KEYCLONE("Clones.a.key.entry", + ALIAS, DESTALIAS, KEYPASS, NEW, STORETYPE, + KEYSTORE, STOREPASS, PROVIDERNAME, PROVIDERCLASS, + PROVIDERARG, PROVIDERPATH, V), + SELFCERT("Generates.a.self.signed.certificate", + ALIAS, SIGALG, DNAME, STARTDATE, VALIDITY, KEYPASS, + STORETYPE, KEYSTORE, STOREPASS, PROVIDERNAME, + PROVIDERCLASS, PROVIDERARG, PROVIDERPATH, V), + GENCRL("Generates.CRL", + RFC, FILEOUT, ID, + ALIAS, SIGALG, EXT, KEYPASS, KEYSTORE, + STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS, + PROVIDERARG, PROVIDERPATH, V, PROTECTED), + IDENTITYDB("Imports.entries.from.a.JDK.1.1.x.style.identity.database", + FILEIN, STORETYPE, KEYSTORE, STOREPASS, PROVIDERNAME, + PROVIDERCLASS, PROVIDERARG, PROVIDERPATH, V); + + final String description; + final Option[] options; + Command(String d, Option... o) { + description = d; + options = o; + } + @Override + public String toString() { + return "-" + name().toLowerCase(Locale.ENGLISH); + } + }; + + enum Option { + ALIAS("alias", "<alias>", "alias.name.of.the.entry.to.process"), + DESTALIAS("destalias", "<destalias>", "destination.alias"), + DESTKEYPASS("destkeypass", "<arg>", "destination.key.password"), + DESTKEYSTORE("destkeystore", "<destkeystore>", "destination.keystore.name"), + DESTPROTECTED("destprotected", null, "destination.keystore.password.protected"), + DESTPROVIDERNAME("destprovidername", "<destprovidername>", "destination.keystore.provider.name"), + DESTSTOREPASS("deststorepass", "<arg>", "destination.keystore.password"), + DESTSTORETYPE("deststoretype", "<deststoretype>", "destination.keystore.type"), + DNAME("dname", "<dname>", "distinguished.name"), + EXT("ext", "<value>", "X.509.extension"), + FILEOUT("file", "<filename>", "output.file.name"), + FILEIN("file", "<filename>", "input.file.name"), + ID("id", "<id:reason>", "Serial.ID.of.cert.to.revoke"), + INFILE("infile", "<filename>", "input.file.name"), + KEYALG("keyalg", "<keyalg>", "key.algorithm.name"), + KEYPASS("keypass", "<arg>", "key.password"), + KEYSIZE("keysize", "<keysize>", "key.bit.size"), + KEYSTORE("keystore", "<keystore>", "keystore.name"), + NEW("new", "<arg>", "new.password"), + NOPROMPT("noprompt", null, "do.not.prompt"), + OUTFILE("outfile", "<filename>", "output.file.name"), + PROTECTED("protected", null, "password.through.protected.mechanism"), + PROVIDERARG("providerarg", "<arg>", "provider.argument"), + PROVIDERCLASS("providerclass", "<providerclass>", "provider.class.name"), + PROVIDERNAME("providername", "<providername>", "provider.name"), + PROVIDERPATH("providerpath", "<pathlist>", "provider.classpath"), + RFC("rfc", null, "output.in.RFC.style"), + SIGALG("sigalg", "<sigalg>", "signature.algorithm.name"), + SRCALIAS("srcalias", "<srcalias>", "source.alias"), + SRCKEYPASS("srckeypass", "<arg>", "source.key.password"), + SRCKEYSTORE("srckeystore", "<srckeystore>", "source.keystore.name"), + SRCPROTECTED("srcprotected", null, "source.keystore.password.protected"), + SRCPROVIDERNAME("srcprovidername", "<srcprovidername>", "source.keystore.provider.name"), + SRCSTOREPASS("srcstorepass", "<arg>", "source.keystore.password"), + SRCSTORETYPE("srcstoretype", "<srcstoretype>", "source.keystore.type"), + SSLSERVER("sslserver", "<server[:port]>", "SSL.server.host.and.port"), + JARFILE("jarfile", "<filename>", "signed.jar.file"), + STARTDATE("startdate", "<startdate>", "certificate.validity.start.date.time"), + STOREPASS("storepass", "<arg>", "keystore.password"), + STORETYPE("storetype", "<storetype>", "keystore.type"), + TRUSTCACERTS("trustcacerts", null, "trust.certificates.from.cacerts"), + V("v", null, "verbose.output"), + VALIDITY("validity", "<valDays>", "validity.number.of.days"); + + final String name, arg, description; + Option(String name, String arg, String description) { + this.name = name; + this.arg = arg; + this.description = description; + } + @Override + public String toString() { + return "-" + name; + } + }; + + private static final Class[] PARAM_STRING = { String.class }; + + private static final String NONE = "NONE"; + private static final String P11KEYSTORE = "PKCS11"; + private static final String P12KEYSTORE = "PKCS12"; + private final String keyAlias = "mykey"; + + // for i18n + private static final java.util.ResourceBundle rb = + java.util.ResourceBundle.getBundle( + "sun.security.tools.keytool.Resources"); + private static final Collator collator = Collator.getInstance(); + static { + // this is for case insensitive string comparisons + collator.setStrength(Collator.PRIMARY); + }; + + private Main() { } + + public static void main(String[] args) throws Exception { + Main kt = new Main(); + kt.run(args, System.out); + } + + private void run(String[] args, PrintStream out) throws Exception { + try { + parseArgs(args); + if (command != null) { + doCommands(out); + } + } catch (Exception e) { + System.out.println(rb.getString("keytool.error.") + e); + if (verbose) { + e.printStackTrace(System.out); + } + if (!debug) { + System.exit(1); + } else { + throw e; + } + } finally { + for (char[] pass : passwords) { + if (pass != null) { + Arrays.fill(pass, ' '); + pass = null; + } + } + + if (ksStream != null) { + ksStream.close(); + } + } + } + + /** + * Parse command line arguments. + */ + void parseArgs(String[] args) { + + int i=0; + boolean help = args.length == 0; + + for (i=0; (i < args.length) && args[i].startsWith("-"); i++) { + + String flags = args[i]; + + // Check if the last option needs an arg + if (i == args.length - 1) { + for (Option option: Option.values()) { + // Only options with an arg need to be checked + if (collator.compare(flags, option.toString()) == 0) { + if (option.arg != null) errorNeedArgument(flags); + break; + } + } + } + + /* + * Check modifiers + */ + String modifier = null; + int pos = flags.indexOf(':'); + if (pos > 0) { + modifier = flags.substring(pos+1); + flags = flags.substring(0, pos); + } + /* + * command modes + */ + boolean isCommand = false; + for (Command c: Command.values()) { + if (collator.compare(flags, c.toString()) == 0) { + command = c; + isCommand = true; + break; + } + } + + if (isCommand) { + // already recognized as a command + } else if (collator.compare(flags, "-export") == 0) { + command = EXPORTCERT; + } else if (collator.compare(flags, "-genkey") == 0) { + command = GENKEYPAIR; + } else if (collator.compare(flags, "-import") == 0) { + command = IMPORTCERT; + } + /* + * Help + */ + else if (collator.compare(flags, "-help") == 0) { + help = true; + } + + /* + * specifiers + */ + else if (collator.compare(flags, "-keystore") == 0 || + collator.compare(flags, "-destkeystore") == 0) { + ksfname = args[++i]; + } else if (collator.compare(flags, "-storepass") == 0 || + collator.compare(flags, "-deststorepass") == 0) { + storePass = getPass(modifier, args[++i]); + passwords.add(storePass); + } else if (collator.compare(flags, "-storetype") == 0 || + collator.compare(flags, "-deststoretype") == 0) { + storetype = args[++i]; + } else if (collator.compare(flags, "-srcstorepass") == 0) { + srcstorePass = getPass(modifier, args[++i]); + passwords.add(srcstorePass); + } else if (collator.compare(flags, "-srcstoretype") == 0) { + srcstoretype = args[++i]; + } else if (collator.compare(flags, "-srckeypass") == 0) { + srckeyPass = getPass(modifier, args[++i]); + passwords.add(srckeyPass); + } else if (collator.compare(flags, "-srcprovidername") == 0) { + srcProviderName = args[++i]; + } else if (collator.compare(flags, "-providername") == 0 || + collator.compare(flags, "-destprovidername") == 0) { + providerName = args[++i]; + } else if (collator.compare(flags, "-providerpath") == 0) { + pathlist = args[++i]; + } else if (collator.compare(flags, "-keypass") == 0) { + keyPass = getPass(modifier, args[++i]); + passwords.add(keyPass); + } else if (collator.compare(flags, "-new") == 0) { + newPass = getPass(modifier, args[++i]); + passwords.add(newPass); + } else if (collator.compare(flags, "-destkeypass") == 0) { + destKeyPass = getPass(modifier, args[++i]); + passwords.add(destKeyPass); + } else if (collator.compare(flags, "-alias") == 0 || + collator.compare(flags, "-srcalias") == 0) { + alias = args[++i]; + } else if (collator.compare(flags, "-dest") == 0 || + collator.compare(flags, "-destalias") == 0) { + dest = args[++i]; + } else if (collator.compare(flags, "-dname") == 0) { + dname = args[++i]; + } else if (collator.compare(flags, "-keysize") == 0) { + keysize = Integer.parseInt(args[++i]); + } else if (collator.compare(flags, "-keyalg") == 0) { + keyAlgName = args[++i]; + } else if (collator.compare(flags, "-sigalg") == 0) { + sigAlgName = args[++i]; + } else if (collator.compare(flags, "-startdate") == 0) { + startDate = args[++i]; + } else if (collator.compare(flags, "-validity") == 0) { + validity = Long.parseLong(args[++i]); + } else if (collator.compare(flags, "-ext") == 0) { + v3ext.add(args[++i]); + } else if (collator.compare(flags, "-id") == 0) { + ids.add(args[++i]); + } else if (collator.compare(flags, "-file") == 0) { + filename = args[++i]; + } else if (collator.compare(flags, "-infile") == 0) { + infilename = args[++i]; + } else if (collator.compare(flags, "-outfile") == 0) { + outfilename = args[++i]; + } else if (collator.compare(flags, "-sslserver") == 0) { + sslserver = args[++i]; + } else if (collator.compare(flags, "-jarfile") == 0) { + jarfile = args[++i]; + } else if (collator.compare(flags, "-srckeystore") == 0) { + srcksfname = args[++i]; + } else if ((collator.compare(flags, "-provider") == 0) || + (collator.compare(flags, "-providerclass") == 0)) { + if (providers == null) { + providers = new HashSet<Pair <String, String>> (3); + } + String providerClass = args[++i]; + String providerArg = null; + + if (args.length > (i+1)) { + flags = args[i+1]; + if (collator.compare(flags, "-providerarg") == 0) { + if (args.length == (i+2)) errorNeedArgument(flags); + providerArg = args[i+2]; + i += 2; + } + } + providers.add( + Pair.of(providerClass, providerArg)); + } + + /* + * options + */ + else if (collator.compare(flags, "-v") == 0) { + verbose = true; + } else if (collator.compare(flags, "-debug") == 0) { + debug = true; + } else if (collator.compare(flags, "-rfc") == 0) { + rfc = true; + } else if (collator.compare(flags, "-noprompt") == 0) { + noprompt = true; + } else if (collator.compare(flags, "-trustcacerts") == 0) { + trustcacerts = true; + } else if (collator.compare(flags, "-protected") == 0 || + collator.compare(flags, "-destprotected") == 0) { + protectedPath = true; + } else if (collator.compare(flags, "-srcprotected") == 0) { + srcprotectedPath = true; + } else { + System.err.println(rb.getString("Illegal.option.") + flags); + tinyHelp(); + } + } + + if (i<args.length) { + System.err.println(rb.getString("Illegal.option.") + args[i]); + tinyHelp(); + } + + if (command == null) { + if (help) { + usage(); + } else { + System.err.println(rb.getString("Usage.error.no.command.provided")); + tinyHelp(); + } + } else if (help) { + usage(); + command = null; + } + } + + boolean isKeyStoreRelated(Command cmd) { + return cmd != PRINTCERT && cmd != PRINTCERTREQ; + } + + /** + * Execute the commands. + */ + void doCommands(PrintStream out) throws Exception { + + if (storetype == null) { + storetype = KeyStore.getDefaultType(); + } + storetype = KeyStoreUtil.niceStoreTypeName(storetype); + + if (srcstoretype == null) { + srcstoretype = KeyStore.getDefaultType(); + } + srcstoretype = KeyStoreUtil.niceStoreTypeName(srcstoretype); + + if (P11KEYSTORE.equalsIgnoreCase(storetype) || + KeyStoreUtil.isWindowsKeyStore(storetype)) { + token = true; + if (ksfname == null) { + ksfname = NONE; + } + } + if (NONE.equals(ksfname)) { + nullStream = true; + } + + if (token && !nullStream) { + System.err.println(MessageFormat.format(rb.getString + (".keystore.must.be.NONE.if.storetype.is.{0}"), storetype)); + System.err.println(); + tinyHelp(); + } + + if (token && + (command == KEYPASSWD || command == STOREPASSWD)) { + throw new UnsupportedOperationException(MessageFormat.format(rb.getString + (".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}"), storetype)); + } + + if (P12KEYSTORE.equalsIgnoreCase(storetype) && command == KEYPASSWD) { + throw new UnsupportedOperationException(rb.getString + (".keypasswd.commands.not.supported.if.storetype.is.PKCS12")); + } + + if (token && (keyPass != null || newPass != null || destKeyPass != null)) { + throw new IllegalArgumentException(MessageFormat.format(rb.getString + (".keypass.and.new.can.not.be.specified.if.storetype.is.{0}"), storetype)); + } + + if (protectedPath) { + if (storePass != null || keyPass != null || + newPass != null || destKeyPass != null) { + throw new IllegalArgumentException(rb.getString + ("if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified")); + } + } + + if (srcprotectedPath) { + if (srcstorePass != null || srckeyPass != null) { + throw new IllegalArgumentException(rb.getString + ("if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified")); + } + } + + if (KeyStoreUtil.isWindowsKeyStore(storetype)) { + if (storePass != null || keyPass != null || + newPass != null || destKeyPass != null) { + throw new IllegalArgumentException(rb.getString + ("if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified")); + } + } + + if (KeyStoreUtil.isWindowsKeyStore(srcstoretype)) { + if (srcstorePass != null || srckeyPass != null) { + throw new IllegalArgumentException(rb.getString + ("if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified")); + } + } + + if (validity <= (long)0) { + throw new Exception + (rb.getString("Validity.must.be.greater.than.zero")); + } + + // Try to load and install specified provider + if (providers != null) { + ClassLoader cl = null; + if (pathlist != null) { + String path = null; + path = PathList.appendPath( + path, System.getProperty("java.class.path")); + path = PathList.appendPath( + path, System.getProperty("env.class.path")); + path = PathList.appendPath(path, pathlist); + + URL[] urls = PathList.pathToURLs(path); + cl = new URLClassLoader(urls); + } else { + cl = ClassLoader.getSystemClassLoader(); + } + + for (Pair <String, String> provider: providers) { + String provName = provider.fst; + Class<?> provClass; + if (cl != null) { + provClass = cl.loadClass(provName); + } else { + provClass = Class.forName(provName); + } + + String provArg = provider.snd; + Object obj; + if (provArg == null) { + obj = provClass.newInstance(); + } else { + Constructor<?> c = provClass.getConstructor(PARAM_STRING); + obj = c.newInstance(provArg); + } + if (!(obj instanceof Provider)) { + MessageFormat form = new MessageFormat + (rb.getString("provName.not.a.provider")); + Object[] source = {provName}; + throw new Exception(form.format(source)); + } + Security.addProvider((Provider)obj); + } + } + + if (command == LIST && verbose && rfc) { + System.err.println(rb.getString + ("Must.not.specify.both.v.and.rfc.with.list.command")); + tinyHelp(); + } + + // Make sure provided passwords are at least 6 characters long + if (command == GENKEYPAIR && keyPass!=null && keyPass.length < 6) { + throw new Exception(rb.getString + ("Key.password.must.be.at.least.6.characters")); + } + if (newPass != null && newPass.length < 6) { + throw new Exception(rb.getString + ("New.password.must.be.at.least.6.characters")); + } + if (destKeyPass != null && destKeyPass.length < 6) { + throw new Exception(rb.getString + ("New.password.must.be.at.least.6.characters")); + } + + // Check if keystore exists. + // If no keystore has been specified at the command line, try to use + // the default, which is located in $HOME/.keystore. + // If the command is "genkey", "identitydb", "import", or "printcert", + // it is OK not to have a keystore. + if (isKeyStoreRelated(command)) { + if (ksfname == null) { + ksfname = System.getProperty("user.home") + File.separator + + ".keystore"; + } + + if (!nullStream) { + try { + ksfile = new File(ksfname); + // Check if keystore file is empty + if (ksfile.exists() && ksfile.length() == 0) { + throw new Exception(rb.getString + ("Keystore.file.exists.but.is.empty.") + ksfname); + } + ksStream = new FileInputStream(ksfile); + } catch (FileNotFoundException e) { + if (command != GENKEYPAIR && + command != GENSECKEY && + command != IDENTITYDB && + command != IMPORTCERT && + command != IMPORTKEYSTORE && + command != PRINTCRL) { + throw new Exception(rb.getString + ("Keystore.file.does.not.exist.") + ksfname); + } + } + } + } + + if ((command == KEYCLONE || command == CHANGEALIAS) + && dest == null) { + dest = getAlias("destination"); + if ("".equals(dest)) { + throw new Exception(rb.getString + ("Must.specify.destination.alias")); + } + } + + if (command == DELETE && alias == null) { + alias = getAlias(null); + if ("".equals(alias)) { + throw new Exception(rb.getString("Must.specify.alias")); + } + } + + // Create new keystore + if (providerName == null) { + keyStore = KeyStore.getInstance(storetype); + } else { + keyStore = KeyStore.getInstance(storetype, providerName); + } + + /* + * Load the keystore data. + * + * At this point, it's OK if no keystore password has been provided. + * We want to make sure that we can load the keystore data, i.e., + * the keystore data has the right format. If we cannot load the + * keystore, why bother asking the user for his or her password? + * Only if we were able to load the keystore, and no keystore + * password has been provided, will we prompt the user for the + * keystore password to verify the keystore integrity. + * This means that the keystore is loaded twice: first load operation + * checks the keystore format, second load operation verifies the + * keystore integrity. + * + * If the keystore password has already been provided (at the + * command line), however, the keystore is loaded only once, and the + * keystore format and integrity are checked "at the same time". + * + * Null stream keystores are loaded later. + */ + if (!nullStream) { + keyStore.load(ksStream, storePass); + if (ksStream != null) { + ksStream.close(); + } + } + + // All commands that create or modify the keystore require a keystore + // password. + + if (nullStream && storePass != null) { + keyStore.load(null, storePass); + } else if (!nullStream && storePass != null) { + // If we are creating a new non nullStream-based keystore, + // insist that the password be at least 6 characters + if (ksStream == null && storePass.length < 6) { + throw new Exception(rb.getString + ("Keystore.password.must.be.at.least.6.characters")); + } + } else if (storePass == null) { + + // only prompt if (protectedPath == false) + + if (!protectedPath && !KeyStoreUtil.isWindowsKeyStore(storetype) && + (command == CERTREQ || + command == DELETE || + command == GENKEYPAIR || + command == GENSECKEY || + command == IMPORTCERT || + command == IMPORTKEYSTORE || + command == KEYCLONE || + command == CHANGEALIAS || + command == SELFCERT || + command == STOREPASSWD || + command == KEYPASSWD || + command == IDENTITYDB)) { + int count = 0; + do { + if (command == IMPORTKEYSTORE) { + System.err.print + (rb.getString("Enter.destination.keystore.password.")); + } else { + System.err.print + (rb.getString("Enter.keystore.password.")); + } + System.err.flush(); + storePass = Password.readPassword(System.in); + passwords.add(storePass); + + // If we are creating a new non nullStream-based keystore, + // insist that the password be at least 6 characters + if (!nullStream && (storePass == null || storePass.length < 6)) { + System.err.println(rb.getString + ("Keystore.password.is.too.short.must.be.at.least.6.characters")); + storePass = null; + } + + // If the keystore file does not exist and needs to be + // created, the storepass should be prompted twice. + if (storePass != null && !nullStream && ksStream == null) { + System.err.print(rb.getString("Re.enter.new.password.")); + char[] storePassAgain = Password.readPassword(System.in); + passwords.add(storePassAgain); + if (!Arrays.equals(storePass, storePassAgain)) { + System.err.println + (rb.getString("They.don.t.match.Try.again")); + storePass = null; + } + } + + count++; + } while ((storePass == null) && count < 3); + + + if (storePass == null) { + System.err.println + (rb.getString("Too.many.failures.try.later")); + return; + } + } else if (!protectedPath + && !KeyStoreUtil.isWindowsKeyStore(storetype) + && isKeyStoreRelated(command)) { + // here we have EXPORTCERT and LIST (info valid until STOREPASSWD) + if (command != PRINTCRL) { + System.err.print(rb.getString("Enter.keystore.password.")); + System.err.flush(); + storePass = Password.readPassword(System.in); + passwords.add(storePass); + } + } + + // Now load a nullStream-based keystore, + // or verify the integrity of an input stream-based keystore + if (nullStream) { + keyStore.load(null, storePass); + } else if (ksStream != null) { + ksStream = new FileInputStream(ksfile); + keyStore.load(ksStream, storePass); + ksStream.close(); + } + } + + if (storePass != null && P12KEYSTORE.equalsIgnoreCase(storetype)) { + MessageFormat form = new MessageFormat(rb.getString( + "Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.")); + if (keyPass != null && !Arrays.equals(storePass, keyPass)) { + Object[] source = {"-keypass"}; + System.err.println(form.format(source)); + keyPass = storePass; + } + if (newPass != null && !Arrays.equals(storePass, newPass)) { + Object[] source = {"-new"}; + System.err.println(form.format(source)); + newPass = storePass; + } + if (destKeyPass != null && !Arrays.equals(storePass, destKeyPass)) { + Object[] source = {"-destkeypass"}; + System.err.println(form.format(source)); + destKeyPass = storePass; + } + } + + // Create a certificate factory + if (command == PRINTCERT || command == IMPORTCERT + || command == IDENTITYDB || command == PRINTCRL) { + cf = CertificateFactory.getInstance("X509"); + } + + if (trustcacerts) { + caks = KeyStoreUtil.getCacertsKeyStore(); + } + + // Perform the specified command + if (command == CERTREQ) { + if (filename != null) { + try (PrintStream ps = new PrintStream(new FileOutputStream + (filename))) { + doCertReq(alias, sigAlgName, ps); + } + } else { + doCertReq(alias, sigAlgName, out); + } + if (verbose && filename != null) { + MessageFormat form = new MessageFormat(rb.getString + ("Certification.request.stored.in.file.filename.")); + Object[] source = {filename}; + System.err.println(form.format(source)); + System.err.println(rb.getString("Submit.this.to.your.CA")); + } + } else if (command == DELETE) { + doDeleteEntry(alias); + kssave = true; + } else if (command == EXPORTCERT) { + if (filename != null) { + try (PrintStream ps = new PrintStream(new FileOutputStream + (filename))) { + doExportCert(alias, ps); + } + } else { + doExportCert(alias, out); + } + if (filename != null) { + MessageFormat form = new MessageFormat(rb.getString + ("Certificate.stored.in.file.filename.")); + Object[] source = {filename}; + System.err.println(form.format(source)); + } + } else if (command == GENKEYPAIR) { + if (keyAlgName == null) { + keyAlgName = "DSA"; + } + doGenKeyPair(alias, dname, keyAlgName, keysize, sigAlgName); + kssave = true; + } else if (command == GENSECKEY) { + if (keyAlgName == null) { + keyAlgName = "DES"; + } + doGenSecretKey(alias, keyAlgName, keysize); + kssave = true; + } else if (command == IDENTITYDB) { + if (filename != null) { + try (InputStream inStream = new FileInputStream(filename)) { + doImportIdentityDatabase(inStream); + } + } else { + doImportIdentityDatabase(System.in); + } + } else if (command == IMPORTCERT) { + InputStream inStream = System.in; + if (filename != null) { + inStream = new FileInputStream(filename); + } + String importAlias = (alias!=null)?alias:keyAlias; + try { + if (keyStore.entryInstanceOf( + importAlias, KeyStore.PrivateKeyEntry.class)) { + kssave = installReply(importAlias, inStream); + if (kssave) { + System.err.println(rb.getString + ("Certificate.reply.was.installed.in.keystore")); + } else { + System.err.println(rb.getString + ("Certificate.reply.was.not.installed.in.keystore")); + } + } else if (!keyStore.containsAlias(importAlias) || + keyStore.entryInstanceOf(importAlias, + KeyStore.TrustedCertificateEntry.class)) { + kssave = addTrustedCert(importAlias, inStream); + if (kssave) { + System.err.println(rb.getString + ("Certificate.was.added.to.keystore")); + } else { + System.err.println(rb.getString + ("Certificate.was.not.added.to.keystore")); + } + } + } finally { + if (inStream != System.in) { + inStream.close(); + } + } + } else if (command == IMPORTKEYSTORE) { + doImportKeyStore(); + kssave = true; + } else if (command == KEYCLONE) { + keyPassNew = newPass; + + // added to make sure only key can go thru + if (alias == null) { + alias = keyAlias; + } + if (keyStore.containsAlias(alias) == false) { + MessageFormat form = new MessageFormat + (rb.getString("Alias.alias.does.not.exist")); + Object[] source = {alias}; + throw new Exception(form.format(source)); + } + if (!keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { + MessageFormat form = new MessageFormat(rb.getString( + "Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key")); + Object[] source = {alias}; + throw new Exception(form.format(source)); + } + + doCloneEntry(alias, dest, true); // Now everything can be cloned + kssave = true; + } else if (command == CHANGEALIAS) { + if (alias == null) { + alias = keyAlias; + } + doCloneEntry(alias, dest, false); + // in PKCS11, clone a PrivateKeyEntry will delete the old one + if (keyStore.containsAlias(alias)) { + doDeleteEntry(alias); + } + kssave = true; + } else if (command == KEYPASSWD) { + keyPassNew = newPass; + doChangeKeyPasswd(alias); + kssave = true; + } else if (command == LIST) { + if (alias != null) { + doPrintEntry(alias, out, true); + } else { + doPrintEntries(out); + } + } else if (command == PRINTCERT) { + doPrintCert(out); + } else if (command == SELFCERT) { + doSelfCert(alias, dname, sigAlgName); + kssave = true; + } else if (command == STOREPASSWD) { + storePassNew = newPass; + if (storePassNew == null) { + storePassNew = getNewPasswd("keystore password", storePass); + } + kssave = true; + } else if (command == GENCERT) { + if (alias == null) { + alias = keyAlias; + } + InputStream inStream = System.in; + if (infilename != null) { + inStream = new FileInputStream(infilename); + } + PrintStream ps = null; + if (outfilename != null) { + ps = new PrintStream(new FileOutputStream(outfilename)); + out = ps; + } + try { + doGenCert(alias, sigAlgName, inStream, out); + } finally { + if (inStream != System.in) { + inStream.close(); + } + if (ps != null) { + ps.close(); + } + } + } else if (command == GENCRL) { + if (alias == null) { + alias = keyAlias; + } + if (filename != null) { + try (PrintStream ps = + new PrintStream(new FileOutputStream(filename))) { + doGenCRL(ps); + } + } else { + doGenCRL(out); + } + } else if (command == PRINTCERTREQ) { + if (filename != null) { + try (InputStream inStream = new FileInputStream(filename)) { + doPrintCertReq(inStream, out); + } + } else { + doPrintCertReq(System.in, out); + } + } else if (command == PRINTCRL) { + doPrintCRL(filename, out); + } + + // If we need to save the keystore, do so. + if (kssave) { + if (verbose) { + MessageFormat form = new MessageFormat + (rb.getString(".Storing.ksfname.")); + Object[] source = {nullStream ? "keystore" : ksfname}; + System.err.println(form.format(source)); + } + + if (token) { + keyStore.store(null, null); + } else { + char[] pass = (storePassNew!=null) ? storePassNew : storePass; + if (nullStream) { + keyStore.store(null, pass); + } else { + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + keyStore.store(bout, pass); + try (FileOutputStream fout = new FileOutputStream(ksfname)) { + fout.write(bout.toByteArray()); + } + } + } + } + } + + /** + * Generate a certificate: Read PKCS10 request from in, and print + * certificate to out. Use alias as CA, sigAlgName as the signature + * type. + */ + private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStream out) + throws Exception { + + + Certificate signerCert = keyStore.getCertificate(alias); + byte[] encoded = signerCert.getEncoded(); + X509CertImpl signerCertImpl = new X509CertImpl(encoded); + X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); + X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." + + CertificateSubjectName.DN_NAME); + + Date firstDate = getStartDate(startDate); + Date lastDate = new Date(); + lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L); + CertificateValidity interval = new CertificateValidity(firstDate, + lastDate); + + PrivateKey privateKey = + (PrivateKey)recoverKey(alias, storePass, keyPass).fst; + if (sigAlgName == null) { + sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm()); + } + Signature signature = Signature.getInstance(sigAlgName); + signature.initSign(privateKey); + + X509CertInfo info = new X509CertInfo(); + info.set(X509CertInfo.VALIDITY, interval); + info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( + new java.util.Random().nextInt() & 0x7fffffff)); + info.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); + info.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId( + AlgorithmId.get(sigAlgName))); + info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer)); + + BufferedReader reader = new BufferedReader(new InputStreamReader(in)); + boolean canRead = false; + StringBuffer sb = new StringBuffer(); + while (true) { + String s = reader.readLine(); + if (s == null) break; + // OpenSSL does not use NEW + //if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) { + if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) { + canRead = true; + //} else if (s.startsWith("-----END NEW CERTIFICATE REQUEST-----")) { + } else if (s.startsWith("-----END") && s.indexOf("REQUEST") >= 0) { + break; + } else if (canRead) { + sb.append(s); + } + } + byte[] rawReq = new BASE64Decoder().decodeBuffer(new String(sb)); + PKCS10 req = new PKCS10(rawReq); + + info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo())); + info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + dname==null?req.getSubjectName():new X500Name(dname))); + CertificateExtensions reqex = null; + Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator(); + while (attrs.hasNext()) { + PKCS10Attribute attr = attrs.next(); + if (attr.getAttributeId().equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) { + reqex = (CertificateExtensions)attr.getAttributeValue(); + } + } + CertificateExtensions ext = createV3Extensions( + reqex, + null, + v3ext, + req.getSubjectPublicKeyInfo(), + signerCert.getPublicKey()); + info.set(X509CertInfo.EXTENSIONS, ext); + X509CertImpl cert = new X509CertImpl(info); + cert.sign(privateKey, sigAlgName); + dumpCert(cert, out); + for (Certificate ca: keyStore.getCertificateChain(alias)) { + if (ca instanceof X509Certificate) { + X509Certificate xca = (X509Certificate)ca; + if (!isSelfSigned(xca)) { + dumpCert(xca, out); + } + } + } + } + + private void doGenCRL(PrintStream out) + throws Exception { + if (ids == null) { + throw new Exception("Must provide -id when -gencrl"); + } + Certificate signerCert = keyStore.getCertificate(alias); + byte[] encoded = signerCert.getEncoded(); + X509CertImpl signerCertImpl = new X509CertImpl(encoded); + X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); + X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." + + CertificateSubjectName.DN_NAME); + + Date firstDate = getStartDate(startDate); + Date lastDate = (Date) firstDate.clone(); + lastDate.setTime(lastDate.getTime() + validity*1000*24*60*60); + CertificateValidity interval = new CertificateValidity(firstDate, + lastDate); + + + PrivateKey privateKey = + (PrivateKey)recoverKey(alias, storePass, keyPass).fst; + if (sigAlgName == null) { + sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm()); + } + + X509CRLEntry[] badCerts = new X509CRLEntry[ids.size()]; + for (int i=0; i<ids.size(); i++) { + String id = ids.get(i); + int d = id.indexOf(':'); + if (d >= 0) { + CRLExtensions ext = new CRLExtensions(); + ext.set("Reason", new CRLReasonCodeExtension(Integer.parseInt(id.substring(d+1)))); + badCerts[i] = new X509CRLEntryImpl(new BigInteger(id.substring(0, d)), + firstDate, ext); + } else { + badCerts[i] = new X509CRLEntryImpl(new BigInteger(ids.get(i)), firstDate); + } + } + X509CRLImpl crl = new X509CRLImpl(owner, firstDate, lastDate, badCerts); + crl.sign(privateKey, sigAlgName); + if (rfc) { + out.println("-----BEGIN X509 CRL-----"); + new BASE64Encoder().encodeBuffer(crl.getEncodedInternal(), out); + out.println("-----END X509 CRL-----"); + } else { + out.write(crl.getEncodedInternal()); + } + } + + /** + * Creates a PKCS#10 cert signing request, corresponding to the + * keys (and name) associated with a given alias. + */ + private void doCertReq(String alias, String sigAlgName, PrintStream out) + throws Exception + { + if (alias == null) { + alias = keyAlias; + } + + Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass); + PrivateKey privKey = (PrivateKey)objs.fst; + if (keyPass == null) { + keyPass = objs.snd; + } + + Certificate cert = keyStore.getCertificate(alias); + if (cert == null) { + MessageFormat form = new MessageFormat + (rb.getString("alias.has.no.public.key.certificate.")); + Object[] source = {alias}; + throw new Exception(form.format(source)); + } + PKCS10 request = new PKCS10(cert.getPublicKey()); + CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null); + // Attribute name is not significant + request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS, + new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext)); + + // Construct a Signature object, so that we can sign the request + if (sigAlgName == null) { + sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm()); + } + + Signature signature = Signature.getInstance(sigAlgName); + signature.initSign(privKey); + X500Name subject = dname == null? + new X500Name(((X509Certificate)cert).getSubjectDN().toString()): + new X500Name(dname); + + // Sign the request and base-64 encode it + request.encodeAndSign(subject, signature); + request.print(out); + } + + /** + * Deletes an entry from the keystore. + */ + private void doDeleteEntry(String alias) throws Exception { + if (keyStore.containsAlias(alias) == false) { + MessageFormat form = new MessageFormat + (rb.getString("Alias.alias.does.not.exist")); + Object[] source = {alias}; + throw new Exception(form.format(source)); + } + keyStore.deleteEntry(alias); + } + + /** + * Exports a certificate from the keystore. + */ + private void doExportCert(String alias, PrintStream out) + throws Exception + { + if (storePass == null + && !KeyStoreUtil.isWindowsKeyStore(storetype)) { + printWarning(); + } + if (alias == null) { + alias = keyAlias; + } + if (keyStore.containsAlias(alias) == false) { + MessageFormat form = new MessageFormat + (rb.getString("Alias.alias.does.not.exist")); + Object[] source = {alias}; + throw new Exception(form.format(source)); + } + + X509Certificate cert = (X509Certificate)keyStore.getCertificate(alias); + if (cert == null) { + MessageFormat form = new MessageFormat + (rb.getString("Alias.alias.has.no.certificate")); + Object[] source = {alias}; + throw new Exception(form.format(source)); + } + dumpCert(cert, out); + } + + /** + * Prompt the user for a keypass when generating a key entry. + * @param alias the entry we will set password for + * @param orig the original entry of doing a dup, null if generate new + * @param origPass the password to copy from if user press ENTER + */ + private char[] promptForKeyPass(String alias, String orig, char[] origPass) throws Exception{ + if (P12KEYSTORE.equalsIgnoreCase(storetype)) { + return origPass; + } else if (!token && !protectedPath) { + // Prompt for key password + int count; + for (count = 0; count < 3; count++) { + MessageFormat form = new MessageFormat(rb.getString + ("Enter.key.password.for.alias.")); + Object[] source = {alias}; + System.err.println(form.format(source)); + if (orig == null) { + System.err.print(rb.getString + (".RETURN.if.same.as.keystore.password.")); + } else { + form = new MessageFormat(rb.getString + (".RETURN.if.same.as.for.otherAlias.")); + Object[] src = {orig}; + System.err.print(form.format(src)); + } + System.err.flush(); + char[] entered = Password.readPassword(System.in); + passwords.add(entered); + if (entered == null) { + return origPass; + } else if (entered.length >= 6) { + System.err.print(rb.getString("Re.enter.new.password.")); + char[] passAgain = Password.readPassword(System.in); + passwords.add(passAgain); + if (!Arrays.equals(entered, passAgain)) { + System.err.println + (rb.getString("They.don.t.match.Try.again")); + continue; + } + return entered; + } else { + System.err.println(rb.getString + ("Key.password.is.too.short.must.be.at.least.6.characters")); + } + } + if (count == 3) { + if (command == KEYCLONE) { + throw new Exception(rb.getString + ("Too.many.failures.Key.entry.not.cloned")); + } else { + throw new Exception(rb.getString + ("Too.many.failures.key.not.added.to.keystore")); + } + } + } + return null; // PKCS11, MSCAPI, or -protected + } + /** + * Creates a new secret key. + */ + private void doGenSecretKey(String alias, String keyAlgName, + int keysize) + throws Exception + { + if (alias == null) { + alias = keyAlias; + } + if (keyStore.containsAlias(alias)) { + MessageFormat form = new MessageFormat(rb.getString + ("Secret.key.not.generated.alias.alias.already.exists")); + Object[] source = {alias}; + throw new Exception(form.format(source)); + } + + SecretKey secKey = null; + KeyGenerator keygen = KeyGenerator.getInstance(keyAlgName); + if (keysize != -1) { + keygen.init(keysize); + } else if ("DES".equalsIgnoreCase(keyAlgName)) { + keygen.init(56); + } else if ("DESede".equalsIgnoreCase(keyAlgName)) { + keygen.init(168); + } else { + throw new Exception(rb.getString + ("Please.provide.keysize.for.secret.key.generation")); + } + + secKey = keygen.generateKey(); + if (keyPass == null) { + keyPass = promptForKeyPass(alias, null, storePass); + } + keyStore.setKeyEntry(alias, secKey, keyPass, null); + } + + /** + * If no signature algorithm was specified at the command line, + * we choose one that is compatible with the selected private key + */ + private static String getCompatibleSigAlgName(String keyAlgName) + throws Exception { + if ("DSA".equalsIgnoreCase(keyAlgName)) { + return "SHA1WithDSA"; + } else if ("RSA".equalsIgnoreCase(keyAlgName)) { + return "SHA256WithRSA"; + } else if ("EC".equalsIgnoreCase(keyAlgName)) { + return "SHA256withECDSA"; + } else { + throw new Exception(rb.getString + ("Cannot.derive.signature.algorithm")); + } + } + /** + * Creates a new key pair and self-signed certificate. + */ + private void doGenKeyPair(String alias, String dname, String keyAlgName, + int keysize, String sigAlgName) + throws Exception + { + if (keysize == -1) { + if ("EC".equalsIgnoreCase(keyAlgName)) { + keysize = 256; + } else if ("RSA".equalsIgnoreCase(keyAlgName)) { + keysize = 2048; + } else { + keysize = 1024; + } + } + + if (alias == null) { + alias = keyAlias; + } + + if (keyStore.containsAlias(alias)) { + MessageFormat form = new MessageFormat(rb.getString + ("Key.pair.not.generated.alias.alias.already.exists")); + Object[] source = {alias}; + throw new Exception(form.format(source)); + } + + if (sigAlgName == null) { + sigAlgName = getCompatibleSigAlgName(keyAlgName); + } + CertAndKeyGen keypair = + new CertAndKeyGen(keyAlgName, sigAlgName, providerName); + + + // If DN is provided, parse it. Otherwise, prompt the user for it. + X500Name x500Name; + if (dname == null) { + x500Name = getX500Name(); + } else { + x500Name = new X500Name(dname); + } + + keypair.generate(keysize); + PrivateKey privKey = keypair.getPrivateKey(); + + CertificateExtensions ext = createV3Extensions( + null, + null, + v3ext, + keypair.getPublicKeyAnyway(), + null); + + X509Certificate[] chain = new X509Certificate[1]; + chain[0] = keypair.getSelfCertificate( + x500Name, getStartDate(startDate), validity*24L*60L*60L, ext); + + if (verbose) { + MessageFormat form = new MessageFormat(rb.getString + ("Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for")); + Object[] source = {new Integer(keysize), + privKey.getAlgorithm(), + chain[0].getSigAlgName(), + new Long(validity), + x500Name}; + System.err.println(form.format(source)); + } + + if (keyPass == null) { + keyPass = promptForKeyPass(alias, null, storePass); + } + keyStore.setKeyEntry(alias, privKey, keyPass, chain); + } + + /** + * Clones an entry + * @param orig original alias + * @param dest destination alias + * @changePassword if the password can be changed + */ + private void doCloneEntry(String orig, String dest, boolean changePassword) + throws Exception + { + if (orig == null) { + orig = keyAlias; + } + + if (keyStore.containsAlias(dest)) { + MessageFormat form = new MessageFormat + (rb.getString("Destination.alias.dest.already.exists")); + Object[] source = {dest}; + throw new Exception(form.format(source)); + } + + Pair<Entry,char[]> objs = recoverEntry(keyStore, orig, storePass, keyPass); + Entry entry = objs.fst; + keyPass = objs.snd; + + PasswordProtection pp = null; + + if (keyPass != null) { // protected + if (!changePassword || P12KEYSTORE.equalsIgnoreCase(storetype)) { + keyPassNew = keyPass; + } else { + if (keyPassNew == null) { + keyPassNew = promptForKeyPass(dest, orig, keyPass); + } + } + pp = new PasswordProtection(keyPassNew); + } + keyStore.setEntry(dest, entry, pp); + } + + /** + * Changes a key password. + */ + private void doChangeKeyPasswd(String alias) throws Exception + { + + if (alias == null) { + alias = keyAlias; + } + Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass); + Key privKey = objs.fst; + if (keyPass == null) { + keyPass = objs.snd; + } + + if (keyPassNew == null) { + MessageFormat form = new MessageFormat + (rb.getString("key.password.for.alias.")); + Object[] source = {alias}; + keyPassNew = getNewPasswd(form.format(source), keyPass); + } + keyStore.setKeyEntry(alias, privKey, keyPassNew, + keyStore.getCertificateChain(alias)); + } + + /** + * Imports a JDK 1.1-style identity database. We can only store one + * certificate per identity, because we use the identity's name as the + * alias (which references a keystore entry), and aliases must be unique. + */ + private void doImportIdentityDatabase(InputStream in) + throws Exception + { + System.err.println(rb.getString + ("No.entries.from.identity.database.added")); + } + + /** + * Prints a single keystore entry. + */ + private void doPrintEntry(String alias, PrintStream out, + boolean printWarning) + throws Exception + { + if (storePass == null && printWarning + && !KeyStoreUtil.isWindowsKeyStore(storetype)) { + printWarning(); + } + + if (keyStore.containsAlias(alias) == false) { + MessageFormat form = new MessageFormat + (rb.getString("Alias.alias.does.not.exist")); + Object[] source = {alias}; + throw new Exception(form.format(source)); + } + + if (verbose || rfc || debug) { + MessageFormat form = new MessageFormat + (rb.getString("Alias.name.alias")); + Object[] source = {alias}; + out.println(form.format(source)); + + if (!token) { + form = new MessageFormat(rb.getString + ("Creation.date.keyStore.getCreationDate.alias.")); + Object[] src = {keyStore.getCreationDate(alias)}; + out.println(form.format(src)); + } + } else { + if (!token) { + MessageFormat form = new MessageFormat + (rb.getString("alias.keyStore.getCreationDate.alias.")); + Object[] source = {alias, keyStore.getCreationDate(alias)}; + out.print(form.format(source)); + } else { + MessageFormat form = new MessageFormat + (rb.getString("alias.")); + Object[] source = {alias}; + out.print(form.format(source)); + } + } + + if (keyStore.entryInstanceOf(alias, KeyStore.SecretKeyEntry.class)) { + if (verbose || rfc || debug) { + Object[] source = {"SecretKeyEntry"}; + out.println(new MessageFormat( + rb.getString("Entry.type.type.")).format(source)); + } else { + out.println("SecretKeyEntry, "); + } + } else if (keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { + if (verbose || rfc || debug) { + Object[] source = {"PrivateKeyEntry"}; + out.println(new MessageFormat( + rb.getString("Entry.type.type.")).format(source)); + } else { + out.println("PrivateKeyEntry, "); + } + + // Get the chain + Certificate[] chain = keyStore.getCertificateChain(alias); + if (chain != null) { + if (verbose || rfc || debug) { + out.println(rb.getString + ("Certificate.chain.length.") + chain.length); + for (int i = 0; i < chain.length; i ++) { + MessageFormat form = new MessageFormat + (rb.getString("Certificate.i.1.")); + Object[] source = {new Integer((i + 1))}; + out.println(form.format(source)); + if (verbose && (chain[i] instanceof X509Certificate)) { + printX509Cert((X509Certificate)(chain[i]), out); + } else if (debug) { + out.println(chain[i].toString()); + } else { + dumpCert(chain[i], out); + } + } + } else { + // Print the digest of the user cert only + out.println + (rb.getString("Certificate.fingerprint.SHA1.") + + getCertFingerPrint("SHA1", chain[0])); + } + } + } else if (keyStore.entryInstanceOf(alias, + KeyStore.TrustedCertificateEntry.class)) { + // We have a trusted certificate entry + Certificate cert = keyStore.getCertificate(alias); + Object[] source = {"trustedCertEntry"}; + String mf = new MessageFormat( + rb.getString("Entry.type.type.")).format(source) + "\n"; + if (verbose && (cert instanceof X509Certificate)) { + out.println(mf); + printX509Cert((X509Certificate)cert, out); + } else if (rfc) { + out.println(mf); + dumpCert(cert, out); + } else if (debug) { + out.println(cert.toString()); + } else { + out.println("trustedCertEntry, "); + out.println(rb.getString("Certificate.fingerprint.SHA1.") + + getCertFingerPrint("SHA1", cert)); + } + } else { + out.println(rb.getString("Unknown.Entry.Type")); + } + } + + /** + * Load the srckeystore from a stream, used in -importkeystore + * @returns the src KeyStore + */ + KeyStore loadSourceKeyStore() throws Exception { + boolean isPkcs11 = false; + + InputStream is = null; + + if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) || + KeyStoreUtil.isWindowsKeyStore(srcstoretype)) { + if (!NONE.equals(srcksfname)) { + System.err.println(MessageFormat.format(rb.getString + (".keystore.must.be.NONE.if.storetype.is.{0}"), srcstoretype)); + System.err.println(); + tinyHelp(); + } + isPkcs11 = true; + } else { + if (srcksfname != null) { + File srcksfile = new File(srcksfname); + if (srcksfile.exists() && srcksfile.length() == 0) { + throw new Exception(rb.getString + ("Source.keystore.file.exists.but.is.empty.") + + srcksfname); + } + is = new FileInputStream(srcksfile); + } else { + throw new Exception(rb.getString + ("Please.specify.srckeystore")); + } + } + + KeyStore store; + try { + if (srcProviderName == null) { + store = KeyStore.getInstance(srcstoretype); + } else { + store = KeyStore.getInstance(srcstoretype, srcProviderName); + } + + if (srcstorePass == null + && !srcprotectedPath + && !KeyStoreUtil.isWindowsKeyStore(srcstoretype)) { + System.err.print(rb.getString("Enter.source.keystore.password.")); + System.err.flush(); + srcstorePass = Password.readPassword(System.in); + passwords.add(srcstorePass); + } + + // always let keypass be storepass when using pkcs12 + if (P12KEYSTORE.equalsIgnoreCase(srcstoretype)) { + if (srckeyPass != null && srcstorePass != null && + !Arrays.equals(srcstorePass, srckeyPass)) { + MessageFormat form = new MessageFormat(rb.getString( + "Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.")); + Object[] source = {"-srckeypass"}; + System.err.println(form.format(source)); + srckeyPass = srcstorePass; + } + } + + store.load(is, srcstorePass); // "is" already null in PKCS11 + } finally { + if (is != null) { + is.close(); + } + } + + if (srcstorePass == null + && !KeyStoreUtil.isWindowsKeyStore(srcstoretype)) { + // anti refactoring, copied from printWarning(), + // but change 2 lines + System.err.println(); + System.err.println(rb.getString + (".WARNING.WARNING.WARNING.")); + System.err.println(rb.getString + (".The.integrity.of.the.information.stored.in.the.srckeystore.")); + System.err.println(rb.getString + (".WARNING.WARNING.WARNING.")); + System.err.println(); + } + + return store; + } + + /** + * import all keys and certs from importkeystore. + * keep alias unchanged if no name conflict, otherwise, prompt. + * keep keypass unchanged for keys + */ + private void doImportKeyStore() throws Exception { + + if (alias != null) { + doImportKeyStoreSingle(loadSourceKeyStore(), alias); + } else { + if (dest != null || srckeyPass != null || destKeyPass != null) { + throw new Exception(rb.getString( + "if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified")); + } + doImportKeyStoreAll(loadSourceKeyStore()); + } + /* + * Information display rule of -importkeystore + * 1. inside single, shows failure + * 2. inside all, shows sucess + * 3. inside all where there is a failure, prompt for continue + * 4. at the final of all, shows summary + */ + } + + /** + * Import a single entry named alias from srckeystore + * @returns 1 if the import action succeed + * 0 if user choose to ignore an alias-dumplicated entry + * 2 if setEntry throws Exception + */ + private int doImportKeyStoreSingle(KeyStore srckeystore, String alias) + throws Exception { + + String newAlias = (dest==null) ? alias : dest; + + if (keyStore.containsAlias(newAlias)) { + Object[] source = {alias}; + if (noprompt) { + System.err.println(new MessageFormat(rb.getString( + "Warning.Overwriting.existing.alias.alias.in.destination.keystore")).format(source)); + } else { + String reply = getYesNoReply(new MessageFormat(rb.getString( + "Existing.entry.alias.alias.exists.overwrite.no.")).format(source)); + if ("NO".equals(reply)) { + newAlias = inputStringFromStdin(rb.getString + ("Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.")); + if ("".equals(newAlias)) { + System.err.println(new MessageFormat(rb.getString( + "Entry.for.alias.alias.not.imported.")).format( + source)); + return 0; + } + } + } + } + + Pair<Entry,char[]> objs = recoverEntry(srckeystore, alias, srcstorePass, srckeyPass); + Entry entry = objs.fst; + + PasswordProtection pp = null; + + // According to keytool.html, "The destination entry will be protected + // using destkeypass. If destkeypass is not provided, the destination + // entry will be protected with the source entry password." + // so always try to protect with destKeyPass. + if (destKeyPass != null) { + pp = new PasswordProtection(destKeyPass); + } else if (objs.snd != null) { + pp = new PasswordProtection(objs.snd); + } + + try { + keyStore.setEntry(newAlias, entry, pp); + return 1; + } catch (KeyStoreException kse) { + Object[] source2 = {alias, kse.toString()}; + MessageFormat form = new MessageFormat(rb.getString( + "Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.")); + System.err.println(form.format(source2)); + return 2; + } + } + + private void doImportKeyStoreAll(KeyStore srckeystore) throws Exception { + + int ok = 0; + int count = srckeystore.size(); + for (Enumeration<String> e = srckeystore.aliases(); + e.hasMoreElements(); ) { + String alias = e.nextElement(); + int result = doImportKeyStoreSingle(srckeystore, alias); + if (result == 1) { + ok++; + Object[] source = {alias}; + MessageFormat form = new MessageFormat(rb.getString("Entry.for.alias.alias.successfully.imported.")); + System.err.println(form.format(source)); + } else if (result == 2) { + if (!noprompt) { + String reply = getYesNoReply("Do you want to quit the import process? [no]: "); + if ("YES".equals(reply)) { + break; + } + } + } + } + Object[] source = {ok, count-ok}; + MessageFormat form = new MessageFormat(rb.getString( + "Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled")); + System.err.println(form.format(source)); + } + + /** + * Prints all keystore entries. + */ + private void doPrintEntries(PrintStream out) + throws Exception + { + if (storePass == null + && !KeyStoreUtil.isWindowsKeyStore(storetype)) { + printWarning(); + } else { + out.println(); + } + + out.println(rb.getString("Keystore.type.") + keyStore.getType()); + out.println(rb.getString("Keystore.provider.") + + keyStore.getProvider().getName()); + out.println(); + + MessageFormat form; + form = (keyStore.size() == 1) ? + new MessageFormat(rb.getString + ("Your.keystore.contains.keyStore.size.entry")) : + new MessageFormat(rb.getString + ("Your.keystore.contains.keyStore.size.entries")); + Object[] source = {new Integer(keyStore.size())}; + out.println(form.format(source)); + out.println(); + + for (Enumeration<String> e = keyStore.aliases(); + e.hasMoreElements(); ) { + String alias = e.nextElement(); + doPrintEntry(alias, out, false); + if (verbose || rfc) { + out.println(rb.getString("NEWLINE")); + out.println(rb.getString + ("STAR")); + out.println(rb.getString + ("STARNN")); + } + } + } + + private static <T> Iterable<T> e2i(final Enumeration<T> e) { + return new Iterable<T>() { + @Override + public Iterator<T> iterator() { + return new Iterator<T>() { + @Override + public boolean hasNext() { + return e.hasMoreElements(); + } + @Override + public T next() { + return e.nextElement(); + } + public void remove() { + throw new UnsupportedOperationException("Not supported yet."); + } + }; + } + }; + } + + /** + * Loads CRLs from a source. This method is also called in JarSigner. + * @param src the source, which means System.in if null, or a URI, + * or a bare file path name + */ + public static Collection<? extends CRL> loadCRLs(String src) throws Exception { + InputStream in = null; + URI uri = null; + if (src == null) { + in = System.in; + } else { + try { + uri = new URI(src); + if (uri.getScheme().equals("ldap")) { + // No input stream for LDAP + } else { + in = uri.toURL().openStream(); + } + } catch (Exception e) { + try { + in = new FileInputStream(src); + } catch (Exception e2) { + if (uri == null || uri.getScheme() == null) { + throw e2; // More likely a bare file path + } else { + throw e; // More likely a protocol or network problem + } + } + } + } + if (in != null) { + try { + // Read the full stream before feeding to X509Factory, + // otherwise, keytool -gencrl | keytool -printcrl + // might not work properly, since -gencrl is slow + // and there's no data in the pipe at the beginning. + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + byte[] b = new byte[4096]; + while (true) { + int len = in.read(b); + if (len < 0) break; + bout.write(b, 0, len); + } + return CertificateFactory.getInstance("X509").generateCRLs( + new ByteArrayInputStream(bout.toByteArray())); + } finally { + if (in != System.in) { + in.close(); + } + } + } else { // must be LDAP, and uri is not null + // Lazily load LDAPCertStoreHelper if present + CertStoreHelper helper = CertStoreHelper.getInstance("LDAP"); + String path = uri.getPath(); + if (path.charAt(0) == '/') path = path.substring(1); + CertStore s = helper.getCertStore(uri); + X509CRLSelector sel = + helper.wrap(new X509CRLSelector(), null, path); + return s.getCRLs(sel); + } + } + + /** + * Returns CRLs described in a X509Certificate's CRLDistributionPoints + * Extension. Only those containing a general name of type URI are read. + */ + public static List<CRL> readCRLsFromCert(X509Certificate cert) + throws Exception { + List<CRL> crls = new ArrayList<>(); + CRLDistributionPointsExtension ext = + X509CertImpl.toImpl(cert).getCRLDistributionPointsExtension(); + if (ext == null) return crls; + List<DistributionPoint> distPoints = + ext.get(CRLDistributionPointsExtension.POINTS); + for (DistributionPoint o: distPoints) { + GeneralNames names = o.getFullName(); + if (names != null) { + for (GeneralName name: names.names()) { + if (name.getType() == GeneralNameInterface.NAME_URI) { + URIName uriName = (URIName)name.getName(); + for (CRL crl: loadCRLs(uriName.getName())) { + if (crl instanceof X509CRL) { + crls.add((X509CRL)crl); + } + } + break; // Different name should point to same CRL + } + } + } + } + return crls; + } + + private static String verifyCRL(KeyStore ks, CRL crl) + throws Exception { + X509CRLImpl xcrl = (X509CRLImpl)crl; + X500Principal issuer = xcrl.getIssuerX500Principal(); + for (String s: e2i(ks.aliases())) { + Certificate cert = ks.getCertificate(s); + if (cert instanceof X509Certificate) { + X509Certificate xcert = (X509Certificate)cert; + if (xcert.getSubjectX500Principal().equals(issuer)) { + try { + ((X509CRLImpl)crl).verify(cert.getPublicKey()); + return s; + } catch (Exception e) { + } + } + } + } + return null; + } + + private void doPrintCRL(String src, PrintStream out) + throws Exception { + for (CRL crl: loadCRLs(src)) { + printCRL(crl, out); + String issuer = null; + if (caks != null) { + issuer = verifyCRL(caks, crl); + if (issuer != null) { + System.out.println("Verified by " + issuer + " in cacerts"); + } + } + if (issuer == null && keyStore != null) { + issuer = verifyCRL(keyStore, crl); + if (issuer != null) { + System.out.println("Verified by " + issuer + " in keystore"); + } + } + if (issuer == null) { + out.println(rb.getString + ("STAR")); + out.println("WARNING: not verified. Make sure -keystore and -alias are correct."); + out.println(rb.getString + ("STARNN")); + } + } + } + + private void printCRL(CRL crl, PrintStream out) + throws Exception { + if (rfc) { + X509CRL xcrl = (X509CRL)crl; + out.println("-----BEGIN X509 CRL-----"); + new BASE64Encoder().encodeBuffer(xcrl.getEncoded(), out); + out.println("-----END X509 CRL-----"); + } else { + out.println(crl.toString()); + } + } + + private void doPrintCertReq(InputStream in, PrintStream out) + throws Exception { + + BufferedReader reader = new BufferedReader(new InputStreamReader(in)); + StringBuffer sb = new StringBuffer(); + boolean started = false; + while (true) { + String s = reader.readLine(); + if (s == null) break; + if (!started) { + if (s.startsWith("-----")) { + started = true; + } + } else { + if (s.startsWith("-----")) { + break; + } + sb.append(s); + } + } + PKCS10 req = new PKCS10(new BASE64Decoder().decodeBuffer(new String(sb))); + + PublicKey pkey = req.getSubjectPublicKeyInfo(); + out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."), + req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm()); + for (PKCS10Attribute attr: req.getAttributes().getAttributes()) { + ObjectIdentifier oid = attr.getAttributeId(); + if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) { + CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue(); + if (exts != null) { + printExtensions(rb.getString("Extension.Request."), exts, out); + } + } else { + out.println(attr.getAttributeId()); + out.println(attr.getAttributeValue()); + } + } + if (debug) { + out.println(req); // Just to see more, say, public key length... + } + } + + /** + * Reads a certificate (or certificate chain) and prints its contents in + * a human readable format. + */ + private void printCertFromStream(InputStream in, PrintStream out) + throws Exception + { + Collection<? extends Certificate> c = null; + try { + c = cf.generateCertificates(in); + } catch (CertificateException ce) { + throw new Exception(rb.getString("Failed.to.parse.input"), ce); + } + if (c.isEmpty()) { + throw new Exception(rb.getString("Empty.input")); + } + Certificate[] certs = c.toArray(new Certificate[c.size()]); + for (int i=0; i<certs.length; i++) { + X509Certificate x509Cert = null; + try { + x509Cert = (X509Certificate)certs[i]; + } catch (ClassCastException cce) { + throw new Exception(rb.getString("Not.X.509.certificate")); + } + if (certs.length > 1) { + MessageFormat form = new MessageFormat + (rb.getString("Certificate.i.1.")); + Object[] source = {new Integer(i + 1)}; + out.println(form.format(source)); + } + if (rfc) dumpCert(x509Cert, out); + else printX509Cert(x509Cert, out); + if (i < (certs.length-1)) { + out.println(); + } + } + } + + private void doPrintCert(final PrintStream out) throws Exception { + if (jarfile != null) { + JarFile jf = new JarFile(jarfile, true); + Enumeration<JarEntry> entries = jf.entries(); + Set<CodeSigner> ss = new HashSet<>(); + byte[] buffer = new byte[8192]; + int pos = 0; + while (entries.hasMoreElements()) { + JarEntry je = entries.nextElement(); + try (InputStream is = jf.getInputStream(je)) { + while (is.read(buffer) != -1) { + // we just read. this will throw a SecurityException + // if a signature/digest check fails. This also + // populate the signers + } + } + CodeSigner[] signers = je.getCodeSigners(); + if (signers != null) { + for (CodeSigner signer: signers) { + if (!ss.contains(signer)) { + ss.add(signer); + out.printf(rb.getString("Signer.d."), ++pos); + out.println(); + out.println(); + out.println(rb.getString("Signature.")); + out.println(); + for (Certificate cert: signer.getSignerCertPath().getCertificates()) { + X509Certificate x = (X509Certificate)cert; + if (rfc) { + out.println(rb.getString("Certificate.owner.") + x.getSubjectDN() + "\n"); + dumpCert(x, out); + } else { + printX509Cert(x, out); + } + out.println(); + } + Timestamp ts = signer.getTimestamp(); + if (ts != null) { + out.println(rb.getString("Timestamp.")); + out.println(); + for (Certificate cert: ts.getSignerCertPath().getCertificates()) { + X509Certificate x = (X509Certificate)cert; + if (rfc) { + out.println(rb.getString("Certificate.owner.") + x.getSubjectDN() + "\n"); + dumpCert(x, out); + } else { + printX509Cert(x, out); + } + out.println(); + } + } + } + } + } + } + jf.close(); + if (ss.isEmpty()) { + out.println(rb.getString("Not.a.signed.jar.file")); + } + } else if (sslserver != null) { + // Lazily load SSLCertStoreHelper if present + CertStoreHelper helper = CertStoreHelper.getInstance("SSLServer"); + CertStore cs = helper.getCertStore(new URI("https://" + sslserver)); + Collection<? extends Certificate> chain; + try { + chain = cs.getCertificates(null); + if (chain.isEmpty()) { + // If the certs are not retrieved, we consider it an error + // even if the URL connection is successful. + throw new Exception(rb.getString( + "No.certificate.from.the.SSL.server")); + } + } catch (CertStoreException cse) { + if (cse.getCause() instanceof IOException) { + throw new Exception(rb.getString( + "No.certificate.from.the.SSL.server"), + cse.getCause()); + } else { + throw cse; + } + } + + int i = 0; + for (Certificate cert : chain) { + try { + if (rfc) { + dumpCert(cert, out); + } else { + out.println("Certificate #" + i++); + out.println("===================================="); + printX509Cert((X509Certificate)cert, out); + out.println(); + } + } catch (Exception e) { + if (debug) { + e.printStackTrace(); + } + } + } + } else { + if (filename != null) { + try (FileInputStream inStream = new FileInputStream(filename)) { + printCertFromStream(inStream, out); + } + } else { + printCertFromStream(System.in, out); + } + } + } + /** + * Creates a self-signed certificate, and stores it as a single-element + * certificate chain. + */ + private void doSelfCert(String alias, String dname, String sigAlgName) + throws Exception + { + if (alias == null) { + alias = keyAlias; + } + + Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass); + PrivateKey privKey = (PrivateKey)objs.fst; + if (keyPass == null) + keyPass = objs.snd; + + // Determine the signature algorithm + if (sigAlgName == null) { + sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm()); + } + + // Get the old certificate + Certificate oldCert = keyStore.getCertificate(alias); + if (oldCert == null) { + MessageFormat form = new MessageFormat + (rb.getString("alias.has.no.public.key")); + Object[] source = {alias}; + throw new Exception(form.format(source)); + } + if (!(oldCert instanceof X509Certificate)) { + MessageFormat form = new MessageFormat + (rb.getString("alias.has.no.X.509.certificate")); + Object[] source = {alias}; + throw new Exception(form.format(source)); + } + + // convert to X509CertImpl, so that we can modify selected fields + // (no public APIs available yet) + byte[] encoded = oldCert.getEncoded(); + X509CertImpl certImpl = new X509CertImpl(encoded); + X509CertInfo certInfo = (X509CertInfo)certImpl.get(X509CertImpl.NAME + + "." + + X509CertImpl.INFO); + + // Extend its validity + Date firstDate = getStartDate(startDate); + Date lastDate = new Date(); + lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L); + CertificateValidity interval = new CertificateValidity(firstDate, + lastDate); + certInfo.set(X509CertInfo.VALIDITY, interval); + + // Make new serial number + certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( + new java.util.Random().nextInt() & 0x7fffffff)); + + // Set owner and issuer fields + X500Name owner; + if (dname == null) { + // Get the owner name from the certificate + owner = (X500Name)certInfo.get(X509CertInfo.SUBJECT + "." + + CertificateSubjectName.DN_NAME); + } else { + // Use the owner name specified at the command line + owner = new X500Name(dname); + certInfo.set(X509CertInfo.SUBJECT + "." + + CertificateSubjectName.DN_NAME, owner); + } + // Make issuer same as owner (self-signed!) + certInfo.set(X509CertInfo.ISSUER + "." + + CertificateIssuerName.DN_NAME, owner); + + // The inner and outer signature algorithms have to match. + // The way we achieve that is really ugly, but there seems to be no + // other solution: We first sign the cert, then retrieve the + // outer sigalg and use it to set the inner sigalg + X509CertImpl newCert = new X509CertImpl(certInfo); + newCert.sign(privKey, sigAlgName); + AlgorithmId sigAlgid = (AlgorithmId)newCert.get(X509CertImpl.SIG_ALG); + certInfo.set(CertificateAlgorithmId.NAME + "." + + CertificateAlgorithmId.ALGORITHM, sigAlgid); + + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); + + CertificateExtensions ext = createV3Extensions( + null, + (CertificateExtensions)certInfo.get(X509CertInfo.EXTENSIONS), + v3ext, + oldCert.getPublicKey(), + null); + certInfo.set(X509CertInfo.EXTENSIONS, ext); + // Sign the new certificate + newCert = new X509CertImpl(certInfo); + newCert.sign(privKey, sigAlgName); + + // Store the new certificate as a single-element certificate chain + keyStore.setKeyEntry(alias, privKey, + (keyPass != null) ? keyPass : storePass, + new Certificate[] { newCert } ); + + if (verbose) { + System.err.println(rb.getString("New.certificate.self.signed.")); + System.err.print(newCert.toString()); + System.err.println(); + } + } + + /** + * Processes a certificate reply from a certificate authority. + * + * <p>Builds a certificate chain on top of the certificate reply, + * using trusted certificates from the keystore. The chain is complete + * after a self-signed certificate has been encountered. The self-signed + * certificate is considered a root certificate authority, and is stored + * at the end of the chain. + * + * <p>The newly generated chain replaces the old chain associated with the + * key entry. + * + * @return true if the certificate reply was installed, otherwise false. + */ + private boolean installReply(String alias, InputStream in) + throws Exception + { + if (alias == null) { + alias = keyAlias; + } + + Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass); + PrivateKey privKey = (PrivateKey)objs.fst; + if (keyPass == null) { + keyPass = objs.snd; + } + + Certificate userCert = keyStore.getCertificate(alias); + if (userCert == null) { + MessageFormat form = new MessageFormat + (rb.getString("alias.has.no.public.key.certificate.")); + Object[] source = {alias}; + throw new Exception(form.format(source)); + } + + // Read the certificates in the reply + Collection<? extends Certificate> c = cf.generateCertificates(in); + if (c.isEmpty()) { + throw new Exception(rb.getString("Reply.has.no.certificates")); + } + Certificate[] replyCerts = c.toArray(new Certificate[c.size()]); + Certificate[] newChain; + if (replyCerts.length == 1) { + // single-cert reply + newChain = establishCertChain(userCert, replyCerts[0]); + } else { + // cert-chain reply (e.g., PKCS#7) + newChain = validateReply(alias, userCert, replyCerts); + } + + // Now store the newly established chain in the keystore. The new + // chain replaces the old one. + if (newChain != null) { + keyStore.setKeyEntry(alias, privKey, + (keyPass != null) ? keyPass : storePass, + newChain); + return true; + } else { + return false; + } + } + + /** + * Imports a certificate and adds it to the list of trusted certificates. + * + * @return true if the certificate was added, otherwise false. + */ + private boolean addTrustedCert(String alias, InputStream in) + throws Exception + { + if (alias == null) { + throw new Exception(rb.getString("Must.specify.alias")); + } + if (keyStore.containsAlias(alias)) { + MessageFormat form = new MessageFormat(rb.getString + ("Certificate.not.imported.alias.alias.already.exists")); + Object[] source = {alias}; + throw new Exception(form.format(source)); + } + + // Read the certificate + X509Certificate cert = null; + try { + cert = (X509Certificate)cf.generateCertificate(in); + } catch (ClassCastException | CertificateException ce) { + throw new Exception(rb.getString("Input.not.an.X.509.certificate")); + } + + // if certificate is self-signed, make sure it verifies + boolean selfSigned = false; + if (isSelfSigned(cert)) { + cert.verify(cert.getPublicKey()); + selfSigned = true; + } + + if (noprompt) { + keyStore.setCertificateEntry(alias, cert); + return true; + } + + // check if cert already exists in keystore + String reply = null; + String trustalias = keyStore.getCertificateAlias(cert); + if (trustalias != null) { + MessageFormat form = new MessageFormat(rb.getString + ("Certificate.already.exists.in.keystore.under.alias.trustalias.")); + Object[] source = {trustalias}; + System.err.println(form.format(source)); + reply = getYesNoReply + (rb.getString("Do.you.still.want.to.add.it.no.")); + } else if (selfSigned) { + if (trustcacerts && (caks != null) && + ((trustalias=caks.getCertificateAlias(cert)) != null)) { + MessageFormat form = new MessageFormat(rb.getString + ("Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.")); + Object[] source = {trustalias}; + System.err.println(form.format(source)); + reply = getYesNoReply + (rb.getString("Do.you.still.want.to.add.it.to.your.own.keystore.no.")); + } + if (trustalias == null) { + // Print the cert and ask user if they really want to add + // it to their keystore + printX509Cert(cert, System.out); + reply = getYesNoReply + (rb.getString("Trust.this.certificate.no.")); + } + } + if (reply != null) { + if ("YES".equals(reply)) { + keyStore.setCertificateEntry(alias, cert); + return true; + } else { + return false; + } + } + + // Try to establish trust chain + try { + Certificate[] chain = establishCertChain(null, cert); + if (chain != null) { + keyStore.setCertificateEntry(alias, cert); + return true; + } + } catch (Exception e) { + // Print the cert and ask user if they really want to add it to + // their keystore + printX509Cert(cert, System.out); + reply = getYesNoReply + (rb.getString("Trust.this.certificate.no.")); + if ("YES".equals(reply)) { + keyStore.setCertificateEntry(alias, cert); + return true; + } else { + return false; + } + } + + return false; + } + + /** + * Prompts user for new password. New password must be different from + * old one. + * + * @param prompt the message that gets prompted on the screen + * @param oldPasswd the current (i.e., old) password + */ + private char[] getNewPasswd(String prompt, char[] oldPasswd) + throws Exception + { + char[] entered = null; + char[] reentered = null; + + for (int count = 0; count < 3; count++) { + MessageFormat form = new MessageFormat + (rb.getString("New.prompt.")); + Object[] source = {prompt}; + System.err.print(form.format(source)); + entered = Password.readPassword(System.in); + passwords.add(entered); + if (entered == null || entered.length < 6) { + System.err.println(rb.getString + ("Password.is.too.short.must.be.at.least.6.characters")); + } else if (Arrays.equals(entered, oldPasswd)) { + System.err.println(rb.getString("Passwords.must.differ")); + } else { + form = new MessageFormat + (rb.getString("Re.enter.new.prompt.")); + Object[] src = {prompt}; + System.err.print(form.format(src)); + reentered = Password.readPassword(System.in); + passwords.add(reentered); + if (!Arrays.equals(entered, reentered)) { + System.err.println + (rb.getString("They.don.t.match.Try.again")); + } else { + Arrays.fill(reentered, ' '); + return entered; + } + } + if (entered != null) { + Arrays.fill(entered, ' '); + entered = null; + } + if (reentered != null) { + Arrays.fill(reentered, ' '); + reentered = null; + } + } + throw new Exception(rb.getString("Too.many.failures.try.later")); + } + + /** + * Prompts user for alias name. + * @param prompt the {0} of "Enter {0} alias name: " in prompt line + * @returns the string entered by the user, without the \n at the end + */ + private String getAlias(String prompt) throws Exception { + if (prompt != null) { + MessageFormat form = new MessageFormat + (rb.getString("Enter.prompt.alias.name.")); + Object[] source = {prompt}; + System.err.print(form.format(source)); + } else { + System.err.print(rb.getString("Enter.alias.name.")); + } + return (new BufferedReader(new InputStreamReader( + System.in))).readLine(); + } + + /** + * Prompts user for an input string from the command line (System.in) + * @prompt the prompt string printed + * @returns the string entered by the user, without the \n at the end + */ + private String inputStringFromStdin(String prompt) throws Exception { + System.err.print(prompt); + return (new BufferedReader(new InputStreamReader( + System.in))).readLine(); + } + + /** + * Prompts user for key password. User may select to choose the same + * password (<code>otherKeyPass</code>) as for <code>otherAlias</code>. + */ + private char[] getKeyPasswd(String alias, String otherAlias, + char[] otherKeyPass) + throws Exception + { + int count = 0; + char[] keyPass = null; + + do { + if (otherKeyPass != null) { + MessageFormat form = new MessageFormat(rb.getString + ("Enter.key.password.for.alias.")); + Object[] source = {alias}; + System.err.println(form.format(source)); + + form = new MessageFormat(rb.getString + (".RETURN.if.same.as.for.otherAlias.")); + Object[] src = {otherAlias}; + System.err.print(form.format(src)); + } else { + MessageFormat form = new MessageFormat(rb.getString + ("Enter.key.password.for.alias.")); + Object[] source = {alias}; + System.err.print(form.format(source)); + } + System.err.flush(); + keyPass = Password.readPassword(System.in); + passwords.add(keyPass); + if (keyPass == null) { + keyPass = otherKeyPass; + } + count++; + } while ((keyPass == null) && count < 3); + + if (keyPass == null) { + throw new Exception(rb.getString("Too.many.failures.try.later")); + } + + return keyPass; + } + + /** + * Prints a certificate in a human readable format. + */ + private void printX509Cert(X509Certificate cert, PrintStream out) + throws Exception + { + /* + out.println("Owner: " + + cert.getSubjectDN().toString() + + "\n" + + "Issuer: " + + cert.getIssuerDN().toString() + + "\n" + + "Serial number: " + cert.getSerialNumber().toString(16) + + "\n" + + "Valid from: " + cert.getNotBefore().toString() + + " until: " + cert.getNotAfter().toString() + + "\n" + + "Certificate fingerprints:\n" + + "\t MD5: " + getCertFingerPrint("MD5", cert) + + "\n" + + "\t SHA1: " + getCertFingerPrint("SHA1", cert)); + */ + + MessageFormat form = new MessageFormat + (rb.getString(".PATTERN.printX509Cert")); + Object[] source = {cert.getSubjectDN().toString(), + cert.getIssuerDN().toString(), + cert.getSerialNumber().toString(16), + cert.getNotBefore().toString(), + cert.getNotAfter().toString(), + getCertFingerPrint("MD5", cert), + getCertFingerPrint("SHA1", cert), + getCertFingerPrint("SHA-256", cert), + cert.getSigAlgName(), + cert.getVersion() + }; + out.println(form.format(source)); + + if (cert instanceof X509CertImpl) { + X509CertImpl impl = (X509CertImpl)cert; + X509CertInfo certInfo = (X509CertInfo)impl.get(X509CertImpl.NAME + + "." + + X509CertImpl.INFO); + CertificateExtensions exts = (CertificateExtensions) + certInfo.get(X509CertInfo.EXTENSIONS); + if (exts != null) { + printExtensions(rb.getString("Extensions."), exts, out); + } + } + } + + private static void printExtensions(String title, CertificateExtensions exts, PrintStream out) + throws Exception { + int extnum = 0; + Iterator<Extension> i1 = exts.getAllExtensions().iterator(); + Iterator<Extension> i2 = exts.getUnparseableExtensions().values().iterator(); + while (i1.hasNext() || i2.hasNext()) { + Extension ext = i1.hasNext()?i1.next():i2.next(); + if (extnum == 0) { + out.println(); + out.println(title); + out.println(); + } + out.print("#"+(++extnum)+": "+ ext); + if (ext.getClass() == Extension.class) { + byte[] v = ext.getExtensionValue(); + if (v.length == 0) { + out.println(rb.getString(".Empty.value.")); + } else { + new sun.misc.HexDumpEncoder().encodeBuffer(ext.getExtensionValue(), out); + out.println(); + } + } + out.println(); + } + } + + /** + * Returns true if the certificate is self-signed, false otherwise. + */ + private boolean isSelfSigned(X509Certificate cert) { + return signedBy(cert, cert); + } + + private boolean signedBy(X509Certificate end, X509Certificate ca) { + if (!ca.getSubjectDN().equals(end.getIssuerDN())) { + return false; + } + try { + end.verify(ca.getPublicKey()); + return true; + } catch (Exception e) { + return false; + } + } + + /** + * Locates a signer for a given certificate from a given keystore and + * returns the signer's certificate. + * @param cert the certificate whose signer is searched, not null + * @param ks the keystore to search with, not null + * @return <code>cert</code> itself if it's already inside <code>ks</code>, + * or a certificate inside <code>ks</code> who signs <code>cert</code>, + * or null otherwise. + */ + private static Certificate getTrustedSigner(Certificate cert, KeyStore ks) + throws Exception { + if (ks.getCertificateAlias(cert) != null) { + return cert; + } + for (Enumeration<String> aliases = ks.aliases(); + aliases.hasMoreElements(); ) { + String name = aliases.nextElement(); + Certificate trustedCert = ks.getCertificate(name); + if (trustedCert != null) { + try { + cert.verify(trustedCert.getPublicKey()); + return trustedCert; + } catch (Exception e) { + // Not verified, skip to the next one + } + } + } + return null; + } + + /** + * Gets an X.500 name suitable for inclusion in a certification request. + */ + private X500Name getX500Name() throws IOException { + BufferedReader in; + in = new BufferedReader(new InputStreamReader(System.in)); + String commonName = "Unknown"; + String organizationalUnit = "Unknown"; + String organization = "Unknown"; + String city = "Unknown"; + String state = "Unknown"; + String country = "Unknown"; + X500Name name; + String userInput = null; + + int maxRetry = 20; + do { + if (maxRetry-- < 0) { + throw new RuntimeException(rb.getString( + "Too.many.retries.program.terminated")); + } + commonName = inputString(in, + rb.getString("What.is.your.first.and.last.name."), + commonName); + organizationalUnit = inputString(in, + rb.getString + ("What.is.the.name.of.your.organizational.unit."), + organizationalUnit); + organization = inputString(in, + rb.getString("What.is.the.name.of.your.organization."), + organization); + city = inputString(in, + rb.getString("What.is.the.name.of.your.City.or.Locality."), + city); + state = inputString(in, + rb.getString("What.is.the.name.of.your.State.or.Province."), + state); + country = inputString(in, + rb.getString + ("What.is.the.two.letter.country.code.for.this.unit."), + country); + name = new X500Name(commonName, organizationalUnit, organization, + city, state, country); + MessageFormat form = new MessageFormat + (rb.getString("Is.name.correct.")); + Object[] source = {name}; + userInput = inputString + (in, form.format(source), rb.getString("no")); + } while (collator.compare(userInput, rb.getString("yes")) != 0 && + collator.compare(userInput, rb.getString("y")) != 0); + + System.err.println(); + return name; + } + + private String inputString(BufferedReader in, String prompt, + String defaultValue) + throws IOException + { + System.err.println(prompt); + MessageFormat form = new MessageFormat + (rb.getString(".defaultValue.")); + Object[] source = {defaultValue}; + System.err.print(form.format(source)); + System.err.flush(); + + String value = in.readLine(); + if (value == null || collator.compare(value, "") == 0) { + value = defaultValue; + } + return value; + } + + /** + * Writes an X.509 certificate in base64 or binary encoding to an output + * stream. + */ + private void dumpCert(Certificate cert, PrintStream out) + throws IOException, CertificateException + { + if (rfc) { + BASE64Encoder encoder = new BASE64Encoder(); + out.println(X509Factory.BEGIN_CERT); + encoder.encodeBuffer(cert.getEncoded(), out); + out.println(X509Factory.END_CERT); + } else { + out.write(cert.getEncoded()); // binary + } + } + + /** + * Converts a byte to hex digit and writes to the supplied buffer + */ + private void byte2hex(byte b, StringBuffer buf) { + char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8', + '9', 'A', 'B', 'C', 'D', 'E', 'F' }; + int high = ((b & 0xf0) >> 4); + int low = (b & 0x0f); + buf.append(hexChars[high]); + buf.append(hexChars[low]); + } + + /** + * Converts a byte array to hex string + */ + private String toHexString(byte[] block) { + StringBuffer buf = new StringBuffer(); + int len = block.length; + for (int i = 0; i < len; i++) { + byte2hex(block[i], buf); + if (i < len-1) { + buf.append(":"); + } + } + return buf.toString(); + } + + /** + * Recovers (private) key associated with given alias. + * + * @return an array of objects, where the 1st element in the array is the + * recovered private key, and the 2nd element is the password used to + * recover it. + */ + private Pair<Key,char[]> recoverKey(String alias, char[] storePass, + char[] keyPass) + throws Exception + { + Key key = null; + + if (keyStore.containsAlias(alias) == false) { + MessageFormat form = new MessageFormat + (rb.getString("Alias.alias.does.not.exist")); + Object[] source = {alias}; + throw new Exception(form.format(source)); + } + if (!keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class) && + !keyStore.entryInstanceOf(alias, KeyStore.SecretKeyEntry.class)) { + MessageFormat form = new MessageFormat + (rb.getString("Alias.alias.has.no.key")); + Object[] source = {alias}; + throw new Exception(form.format(source)); + } + + if (keyPass == null) { + // Try to recover the key using the keystore password + try { + key = keyStore.getKey(alias, storePass); + + keyPass = storePass; + passwords.add(keyPass); + } catch (UnrecoverableKeyException e) { + // Did not work out, so prompt user for key password + if (!token) { + keyPass = getKeyPasswd(alias, null, null); + key = keyStore.getKey(alias, keyPass); + } else { + throw e; + } + } + } else { + key = keyStore.getKey(alias, keyPass); + } + + return Pair.of(key, keyPass); + } + + /** + * Recovers entry associated with given alias. + * + * @return an array of objects, where the 1st element in the array is the + * recovered entry, and the 2nd element is the password used to + * recover it (null if no password). + */ + private Pair<Entry,char[]> recoverEntry(KeyStore ks, + String alias, + char[] pstore, + char[] pkey) throws Exception { + + if (ks.containsAlias(alias) == false) { + MessageFormat form = new MessageFormat + (rb.getString("Alias.alias.does.not.exist")); + Object[] source = {alias}; + throw new Exception(form.format(source)); + } + + PasswordProtection pp = null; + Entry entry; + + try { + // First attempt to access entry without key password + // (PKCS11 entry or trusted certificate entry, for example) + + entry = ks.getEntry(alias, pp); + pkey = null; + } catch (UnrecoverableEntryException une) { + + if(P11KEYSTORE.equalsIgnoreCase(ks.getType()) || + KeyStoreUtil.isWindowsKeyStore(ks.getType())) { + // should not happen, but a possibility + throw une; + } + + // entry is protected + + if (pkey != null) { + + // try provided key password + + pp = new PasswordProtection(pkey); + entry = ks.getEntry(alias, pp); + + } else { + + // try store pass + + try { + pp = new PasswordProtection(pstore); + entry = ks.getEntry(alias, pp); + pkey = pstore; + } catch (UnrecoverableEntryException une2) { + if (P12KEYSTORE.equalsIgnoreCase(ks.getType())) { + + // P12 keystore currently does not support separate + // store and entry passwords + + throw une2; + } else { + + // prompt for entry password + + pkey = getKeyPasswd(alias, null, null); + pp = new PasswordProtection(pkey); + entry = ks.getEntry(alias, pp); + } + } + } + } + + return Pair.of(entry, pkey); + } + /** + * Gets the requested finger print of the certificate. + */ + private String getCertFingerPrint(String mdAlg, Certificate cert) + throws Exception + { + byte[] encCertInfo = cert.getEncoded(); + MessageDigest md = MessageDigest.getInstance(mdAlg); + byte[] digest = md.digest(encCertInfo); + return toHexString(digest); + } + + /** + * Prints warning about missing integrity check. + */ + private void printWarning() { + System.err.println(); + System.err.println(rb.getString + (".WARNING.WARNING.WARNING.")); + System.err.println(rb.getString + (".The.integrity.of.the.information.stored.in.your.keystore.")); + System.err.println(rb.getString + (".WARNING.WARNING.WARNING.")); + System.err.println(); + } + + /** + * Validates chain in certification reply, and returns the ordered + * elements of the chain (with user certificate first, and root + * certificate last in the array). + * + * @param alias the alias name + * @param userCert the user certificate of the alias + * @param replyCerts the chain provided in the reply + */ + private Certificate[] validateReply(String alias, + Certificate userCert, + Certificate[] replyCerts) + throws Exception + { + // order the certs in the reply (bottom-up). + // we know that all certs in the reply are of type X.509, because + // we parsed them using an X.509 certificate factory + int i; + PublicKey userPubKey = userCert.getPublicKey(); + for (i=0; i<replyCerts.length; i++) { + if (userPubKey.equals(replyCerts[i].getPublicKey())) { + break; + } + } + if (i == replyCerts.length) { + MessageFormat form = new MessageFormat(rb.getString + ("Certificate.reply.does.not.contain.public.key.for.alias.")); + Object[] source = {alias}; + throw new Exception(form.format(source)); + } + + Certificate tmpCert = replyCerts[0]; + replyCerts[0] = replyCerts[i]; + replyCerts[i] = tmpCert; + + X509Certificate thisCert = (X509Certificate)replyCerts[0]; + + for (i=1; i < replyCerts.length-1; i++) { + // find a cert in the reply who signs thisCert + int j; + for (j=i; j<replyCerts.length; j++) { + if (signedBy(thisCert, (X509Certificate)replyCerts[j])) { + tmpCert = replyCerts[i]; + replyCerts[i] = replyCerts[j]; + replyCerts[j] = tmpCert; + thisCert = (X509Certificate)replyCerts[i]; + break; + } + } + if (j == replyCerts.length) { + throw new Exception + (rb.getString("Incomplete.certificate.chain.in.reply")); + } + } + + if (noprompt) { + return replyCerts; + } + + // do we trust the cert at the top? + Certificate topCert = replyCerts[replyCerts.length-1]; + Certificate root = getTrustedSigner(topCert, keyStore); + if (root == null && trustcacerts && caks != null) { + root = getTrustedSigner(topCert, caks); + } + if (root == null) { + System.err.println(); + System.err.println + (rb.getString("Top.level.certificate.in.reply.")); + printX509Cert((X509Certificate)topCert, System.out); + System.err.println(); + System.err.print(rb.getString(".is.not.trusted.")); + String reply = getYesNoReply + (rb.getString("Install.reply.anyway.no.")); + if ("NO".equals(reply)) { + return null; + } + } else { + if (root != topCert) { + // append the root CA cert to the chain + Certificate[] tmpCerts = + new Certificate[replyCerts.length+1]; + System.arraycopy(replyCerts, 0, tmpCerts, 0, + replyCerts.length); + tmpCerts[tmpCerts.length-1] = root; + replyCerts = tmpCerts; + } + } + + return replyCerts; + } + + /** + * Establishes a certificate chain (using trusted certificates in the + * keystore), starting with the user certificate + * and ending at a self-signed certificate found in the keystore. + * + * @param userCert the user certificate of the alias + * @param certToVerify the single certificate provided in the reply + */ + private Certificate[] establishCertChain(Certificate userCert, + Certificate certToVerify) + throws Exception + { + if (userCert != null) { + // Make sure that the public key of the certificate reply matches + // the original public key in the keystore + PublicKey origPubKey = userCert.getPublicKey(); + PublicKey replyPubKey = certToVerify.getPublicKey(); + if (!origPubKey.equals(replyPubKey)) { + throw new Exception(rb.getString + ("Public.keys.in.reply.and.keystore.don.t.match")); + } + + // If the two certs are identical, we're done: no need to import + // anything + if (certToVerify.equals(userCert)) { + throw new Exception(rb.getString + ("Certificate.reply.and.certificate.in.keystore.are.identical")); + } + } + + // Build a hash table of all certificates in the keystore. + // Use the subject distinguished name as the key into the hash table. + // All certificates associated with the same subject distinguished + // name are stored in the same hash table entry as a vector. + Hashtable<Principal, Vector<Certificate>> certs = null; + if (keyStore.size() > 0) { + certs = new Hashtable<Principal, Vector<Certificate>>(11); + keystorecerts2Hashtable(keyStore, certs); + } + if (trustcacerts) { + if (caks!=null && caks.size()>0) { + if (certs == null) { + certs = new Hashtable<Principal, Vector<Certificate>>(11); + } + keystorecerts2Hashtable(caks, certs); + } + } + + // start building chain + Vector<Certificate> chain = new Vector<>(2); + if (buildChain((X509Certificate)certToVerify, chain, certs)) { + Certificate[] newChain = new Certificate[chain.size()]; + // buildChain() returns chain with self-signed root-cert first and + // user-cert last, so we need to invert the chain before we store + // it + int j=0; + for (int i=chain.size()-1; i>=0; i--) { + newChain[j] = chain.elementAt(i); + j++; + } + return newChain; + } else { + throw new Exception + (rb.getString("Failed.to.establish.chain.from.reply")); + } + } + + /** + * Recursively tries to establish chain from pool of trusted certs. + * + * @param certToVerify the cert that needs to be verified. + * @param chain the chain that's being built. + * @param certs the pool of trusted certs + * + * @return true if successful, false otherwise. + */ + private boolean buildChain(X509Certificate certToVerify, + Vector<Certificate> chain, + Hashtable<Principal, Vector<Certificate>> certs) { + Principal issuer = certToVerify.getIssuerDN(); + if (isSelfSigned(certToVerify)) { + // reached self-signed root cert; + // no verification needed because it's trusted. + chain.addElement(certToVerify); + return true; + } + + // Get the issuer's certificate(s) + Vector<Certificate> vec = certs.get(issuer); + if (vec == null) { + return false; + } + + // Try out each certificate in the vector, until we find one + // whose public key verifies the signature of the certificate + // in question. + for (Enumeration<Certificate> issuerCerts = vec.elements(); + issuerCerts.hasMoreElements(); ) { + X509Certificate issuerCert + = (X509Certificate)issuerCerts.nextElement(); + PublicKey issuerPubKey = issuerCert.getPublicKey(); + try { + certToVerify.verify(issuerPubKey); + } catch (Exception e) { + continue; + } + if (buildChain(issuerCert, chain, certs)) { + chain.addElement(certToVerify); + return true; + } + } + return false; + } + + /** + * Prompts user for yes/no decision. + * + * @return the user's decision, can only be "YES" or "NO" + */ + private String getYesNoReply(String prompt) + throws IOException + { + String reply = null; + int maxRetry = 20; + do { + if (maxRetry-- < 0) { + throw new RuntimeException(rb.getString( + "Too.many.retries.program.terminated")); + } + System.err.print(prompt); + System.err.flush(); + reply = (new BufferedReader(new InputStreamReader + (System.in))).readLine(); + if (collator.compare(reply, "") == 0 || + collator.compare(reply, rb.getString("n")) == 0 || + collator.compare(reply, rb.getString("no")) == 0) { + reply = "NO"; + } else if (collator.compare(reply, rb.getString("y")) == 0 || + collator.compare(reply, rb.getString("yes")) == 0) { + reply = "YES"; + } else { + System.err.println(rb.getString("Wrong.answer.try.again")); + reply = null; + } + } while (reply == null); + return reply; + } + + /** + * Stores the (leaf) certificates of a keystore in a hashtable. + * All certs belonging to the same CA are stored in a vector that + * in turn is stored in the hashtable, keyed by the CA's subject DN + */ + private void keystorecerts2Hashtable(KeyStore ks, + Hashtable<Principal, Vector<Certificate>> hash) + throws Exception { + + for (Enumeration<String> aliases = ks.aliases(); + aliases.hasMoreElements(); ) { + String alias = aliases.nextElement(); + Certificate cert = ks.getCertificate(alias); + if (cert != null) { + Principal subjectDN = ((X509Certificate)cert).getSubjectDN(); + Vector<Certificate> vec = hash.get(subjectDN); + if (vec == null) { + vec = new Vector<Certificate>(); + vec.addElement(cert); + } else { + if (!vec.contains(cert)) { + vec.addElement(cert); + } + } + hash.put(subjectDN, vec); + } + } + } + + /** + * Returns the issue time that's specified the -startdate option + * @param s the value of -startdate option + */ + private static Date getStartDate(String s) throws IOException { + Calendar c = new GregorianCalendar(); + if (s != null) { + IOException ioe = new IOException( + rb.getString("Illegal.startdate.value")); + int len = s.length(); + if (len == 0) { + throw ioe; + } + if (s.charAt(0) == '-' || s.charAt(0) == '+') { + // Form 1: ([+-]nnn[ymdHMS])+ + int start = 0; + while (start < len) { + int sign = 0; + switch (s.charAt(start)) { + case '+': sign = 1; break; + case '-': sign = -1; break; + default: throw ioe; + } + int i = start+1; + for (; i<len; i++) { + char ch = s.charAt(i); + if (ch < '0' || ch > '9') break; + } + if (i == start+1) throw ioe; + int number = Integer.parseInt(s.substring(start+1, i)); + if (i >= len) throw ioe; + int unit = 0; + switch (s.charAt(i)) { + case 'y': unit = Calendar.YEAR; break; + case 'm': unit = Calendar.MONTH; break; + case 'd': unit = Calendar.DATE; break; + case 'H': unit = Calendar.HOUR; break; + case 'M': unit = Calendar.MINUTE; break; + case 'S': unit = Calendar.SECOND; break; + default: throw ioe; + } + c.add(unit, sign * number); + start = i + 1; + } + } else { + // Form 2: [yyyy/mm/dd] [HH:MM:SS] + String date = null, time = null; + if (len == 19) { + date = s.substring(0, 10); + time = s.substring(11); + if (s.charAt(10) != ' ') + throw ioe; + } else if (len == 10) { + date = s; + } else if (len == 8) { + time = s; + } else { + throw ioe; + } + if (date != null) { + if (date.matches("\\d\\d\\d\\d\\/\\d\\d\\/\\d\\d")) { + c.set(Integer.valueOf(date.substring(0, 4)), + Integer.valueOf(date.substring(5, 7))-1, + Integer.valueOf(date.substring(8, 10))); + } else { + throw ioe; + } + } + if (time != null) { + if (time.matches("\\d\\d:\\d\\d:\\d\\d")) { + c.set(Calendar.HOUR_OF_DAY, Integer.valueOf(time.substring(0, 2))); + c.set(Calendar.MINUTE, Integer.valueOf(time.substring(0, 2))); + c.set(Calendar.SECOND, Integer.valueOf(time.substring(0, 2))); + c.set(Calendar.MILLISECOND, 0); + } else { + throw ioe; + } + } + } + } + return c.getTime(); + } + + /** + * Match a command (may be abbreviated) with a command set. + * @param s the command provided + * @param list the legal command set. If there is a null, commands after it + * are regarded experimental, which means they are supported but their + * existence should not be revealed to user. + * @return the position of a single match, or -1 if none matched + * @throws Exception if s is ambiguous + */ + private static int oneOf(String s, String... list) throws Exception { + int[] match = new int[list.length]; + int nmatch = 0; + int experiment = Integer.MAX_VALUE; + for (int i = 0; i<list.length; i++) { + String one = list[i]; + if (one == null) { + experiment = i; + continue; + } + if (one.toLowerCase(Locale.ENGLISH) + .startsWith(s.toLowerCase(Locale.ENGLISH))) { + match[nmatch++] = i; + } else { + StringBuffer sb = new StringBuffer(); + boolean first = true; + for (char c: one.toCharArray()) { + if (first) { + sb.append(c); + first = false; + } else { + if (!Character.isLowerCase(c)) { + sb.append(c); + } + } + } + if (sb.toString().equalsIgnoreCase(s)) { + match[nmatch++] = i; + } + } + } + if (nmatch == 0) { + return -1; + } else if (nmatch == 1) { + return match[0]; + } else { + // If multiple matches is in experimental commands, ignore them + if (match[1] > experiment) { + return match[0]; + } + StringBuffer sb = new StringBuffer(); + MessageFormat form = new MessageFormat(rb.getString + ("command.{0}.is.ambiguous.")); + Object[] source = {s}; + sb.append(form.format(source)); + sb.append("\n "); + for (int i=0; i<nmatch && match[i]<experiment; i++) { + sb.append(' '); + sb.append(list[match[i]]); + } + throw new Exception(sb.toString()); + } + } + + /** + * Create a GeneralName object from known types + * @param t one of 5 known types + * @param v value + * @return which one + */ + private GeneralName createGeneralName(String t, String v) + throws Exception { + GeneralNameInterface gn; + int p = oneOf(t, "EMAIL", "URI", "DNS", "IP", "OID"); + if (p < 0) { + throw new Exception(rb.getString( + "Unrecognized.GeneralName.type.") + t); + } + switch (p) { + case 0: gn = new RFC822Name(v); break; + case 1: gn = new URIName(v); break; + case 2: gn = new DNSName(v); break; + case 3: gn = new IPAddressName(v); break; + default: gn = new OIDName(v); break; //4 + } + return new GeneralName(gn); + } + + private static final String[] extSupported = { + "BasicConstraints", + "KeyUsage", + "ExtendedKeyUsage", + "SubjectAlternativeName", + "IssuerAlternativeName", + "SubjectInfoAccess", + "AuthorityInfoAccess", + null, + "CRLDistributionPoints", + }; + + private ObjectIdentifier findOidForExtName(String type) + throws Exception { + switch (oneOf(type, extSupported)) { + case 0: return PKIXExtensions.BasicConstraints_Id; + case 1: return PKIXExtensions.KeyUsage_Id; + case 2: return PKIXExtensions.ExtendedKeyUsage_Id; + case 3: return PKIXExtensions.SubjectAlternativeName_Id; + case 4: return PKIXExtensions.IssuerAlternativeName_Id; + case 5: return PKIXExtensions.SubjectInfoAccess_Id; + case 6: return PKIXExtensions.AuthInfoAccess_Id; + case 8: return PKIXExtensions.CRLDistributionPoints_Id; + default: return new ObjectIdentifier(type); + } + } + + /** + * Create X509v3 extensions from a string representation. Note that the + * SubjectKeyIdentifierExtension will always be created non-critical besides + * the extension requested in the <code>extstr</code> argument. + * + * @param reqex the requested extensions, can be null, used for -gencert + * @param ext the original extensions, can be null, used for -selfcert + * @param extstrs -ext values, Read keytool doc + * @param pkey the public key for the certificate + * @param akey the public key for the authority (issuer) + * @return the created CertificateExtensions + */ + private CertificateExtensions createV3Extensions( + CertificateExtensions reqex, + CertificateExtensions ext, + List <String> extstrs, + PublicKey pkey, + PublicKey akey) throws Exception { + + if (ext != null && reqex != null) { + // This should not happen + throw new Exception("One of request and original should be null."); + } + if (ext == null) ext = new CertificateExtensions(); + try { + // name{:critical}{=value} + // Honoring requested extensions + if (reqex != null) { + for(String extstr: extstrs) { + if (extstr.toLowerCase(Locale.ENGLISH).startsWith("honored=")) { + List<String> list = Arrays.asList( + extstr.toLowerCase(Locale.ENGLISH).substring(8).split(",")); + // First check existence of "all" + if (list.contains("all")) { + ext = reqex; // we know ext was null + } + // one by one for others + for (String item: list) { + if (item.equals("all")) continue; + + // add or remove + boolean add = true; + // -1, unchanged, 0 crtical, 1 non-critical + int action = -1; + String type = null; + if (item.startsWith("-")) { + add = false; + type = item.substring(1); + } else { + int colonpos = item.indexOf(':'); + if (colonpos >= 0) { + type = item.substring(0, colonpos); + action = oneOf(item.substring(colonpos+1), + "critical", "non-critical"); + if (action == -1) { + throw new Exception(rb.getString + ("Illegal.value.") + item); + } + } + } + String n = reqex.getNameByOid(findOidForExtName(type)); + if (add) { + Extension e = reqex.get(n); + if (!e.isCritical() && action == 0 + || e.isCritical() && action == 1) { + e = Extension.newExtension( + e.getExtensionId(), + !e.isCritical(), + e.getExtensionValue()); + ext.set(n, e); + } + } else { + ext.delete(n); + } + } + break; + } + } + } + for(String extstr: extstrs) { + String name, value; + boolean isCritical = false; + + int eqpos = extstr.indexOf('='); + if (eqpos >= 0) { + name = extstr.substring(0, eqpos); + value = extstr.substring(eqpos+1); + } else { + name = extstr; + value = null; + } + + int colonpos = name.indexOf(':'); + if (colonpos >= 0) { + if (oneOf(name.substring(colonpos+1), "critical") == 0) { + isCritical = true; + } + name = name.substring(0, colonpos); + } + + if (name.equalsIgnoreCase("honored")) { + continue; + } + int exttype = oneOf(name, extSupported); + switch (exttype) { + case 0: // BC + int pathLen = -1; + boolean isCA = false; + if (value == null) { + isCA = true; + } else { + try { // the abbr format + pathLen = Integer.parseInt(value); + isCA = true; + } catch (NumberFormatException ufe) { + // ca:true,pathlen:1 + for (String part: value.split(",")) { + String[] nv = part.split(":"); + if (nv.length != 2) { + throw new Exception(rb.getString + ("Illegal.value.") + extstr); + } else { + if (nv[0].equalsIgnoreCase("ca")) { + isCA = Boolean.parseBoolean(nv[1]); + } else if (nv[0].equalsIgnoreCase("pathlen")) { + pathLen = Integer.parseInt(nv[1]); + } else { + throw new Exception(rb.getString + ("Illegal.value.") + extstr); + } + } + } + } + } + ext.set(BasicConstraintsExtension.NAME, + new BasicConstraintsExtension(isCritical, isCA, + pathLen)); + break; + case 1: // KU + if(value != null) { + boolean[] ok = new boolean[9]; + for (String s: value.split(",")) { + int p = oneOf(s, + "digitalSignature", // (0), + "nonRepudiation", // (1) + "keyEncipherment", // (2), + "dataEncipherment", // (3), + "keyAgreement", // (4), + "keyCertSign", // (5), + "cRLSign", // (6), + "encipherOnly", // (7), + "decipherOnly", // (8) + "contentCommitment" // also (1) + ); + if (p < 0) { + throw new Exception(rb.getString("Unknown.keyUsage.type.") + s); + } + if (p == 9) p = 1; + ok[p] = true; + } + KeyUsageExtension kue = new KeyUsageExtension(ok); + // The above KeyUsageExtension constructor does not + // allow isCritical value, so... + ext.set(KeyUsageExtension.NAME, Extension.newExtension( + kue.getExtensionId(), + isCritical, + kue.getExtensionValue())); + } else { + throw new Exception(rb.getString + ("Illegal.value.") + extstr); + } + break; + case 2: // EKU + if(value != null) { + Vector<ObjectIdentifier> v = new Vector<>(); + for (String s: value.split(",")) { + int p = oneOf(s, + "anyExtendedKeyUsage", + "serverAuth", //1 + "clientAuth", //2 + "codeSigning", //3 + "emailProtection", //4 + "", //5 + "", //6 + "", //7 + "timeStamping", //8 + "OCSPSigning" //9 + ); + if (p < 0) { + try { + v.add(new ObjectIdentifier(s)); + } catch (Exception e) { + throw new Exception(rb.getString( + "Unknown.extendedkeyUsage.type.") + s); + } + } else if (p == 0) { + v.add(new ObjectIdentifier("2.5.29.37.0")); + } else { + v.add(new ObjectIdentifier("1.3.6.1.5.5.7.3." + p)); + } + } + ext.set(ExtendedKeyUsageExtension.NAME, + new ExtendedKeyUsageExtension(isCritical, v)); + } else { + throw new Exception(rb.getString + ("Illegal.value.") + extstr); + } + break; + case 3: // SAN + case 4: // IAN + if(value != null) { + String[] ps = value.split(","); + GeneralNames gnames = new GeneralNames(); + for(String item: ps) { + colonpos = item.indexOf(':'); + if (colonpos < 0) { + throw new Exception("Illegal item " + item + " in " + extstr); + } + String t = item.substring(0, colonpos); + String v = item.substring(colonpos+1); + gnames.add(createGeneralName(t, v)); + } + if (exttype == 3) { + ext.set(SubjectAlternativeNameExtension.NAME, + new SubjectAlternativeNameExtension( + isCritical, gnames)); + } else { + ext.set(IssuerAlternativeNameExtension.NAME, + new IssuerAlternativeNameExtension( + isCritical, gnames)); + } + } else { + throw new Exception(rb.getString + ("Illegal.value.") + extstr); + } + break; + case 5: // SIA, always non-critical + case 6: // AIA, always non-critical + if (isCritical) { + throw new Exception(rb.getString( + "This.extension.cannot.be.marked.as.critical.") + extstr); + } + if(value != null) { + List<AccessDescription> accessDescriptions = + new ArrayList<>(); + String[] ps = value.split(","); + for(String item: ps) { + colonpos = item.indexOf(':'); + int colonpos2 = item.indexOf(':', colonpos+1); + if (colonpos < 0 || colonpos2 < 0) { + throw new Exception(rb.getString + ("Illegal.value.") + extstr); + } + String m = item.substring(0, colonpos); + String t = item.substring(colonpos+1, colonpos2); + String v = item.substring(colonpos2+1); + int p = oneOf(m, + "", + "ocsp", //1 + "caIssuers", //2 + "timeStamping", //3 + "", + "caRepository" //5 + ); + ObjectIdentifier oid; + if (p < 0) { + try { + oid = new ObjectIdentifier(m); + } catch (Exception e) { + throw new Exception(rb.getString( + "Unknown.AccessDescription.type.") + m); + } + } else { + oid = new ObjectIdentifier("1.3.6.1.5.5.7.48." + p); + } + accessDescriptions.add(new AccessDescription( + oid, createGeneralName(t, v))); + } + if (exttype == 5) { + ext.set(SubjectInfoAccessExtension.NAME, + new SubjectInfoAccessExtension(accessDescriptions)); + } else { + ext.set(AuthorityInfoAccessExtension.NAME, + new AuthorityInfoAccessExtension(accessDescriptions)); + } + } else { + throw new Exception(rb.getString + ("Illegal.value.") + extstr); + } + break; + case 8: // CRL, experimental, only support 1 distributionpoint + if(value != null) { + String[] ps = value.split(","); + GeneralNames gnames = new GeneralNames(); + for(String item: ps) { + colonpos = item.indexOf(':'); + if (colonpos < 0) { + throw new Exception("Illegal item " + item + " in " + extstr); + } + String t = item.substring(0, colonpos); + String v = item.substring(colonpos+1); + gnames.add(createGeneralName(t, v)); + } + ext.set(CRLDistributionPointsExtension.NAME, + new CRLDistributionPointsExtension( + isCritical, Collections.singletonList( + new DistributionPoint(gnames, null, null)))); + } else { + throw new Exception(rb.getString + ("Illegal.value.") + extstr); + } + break; + case -1: + ObjectIdentifier oid = new ObjectIdentifier(name); + byte[] data = null; + if (value != null) { + data = new byte[value.length() / 2 + 1]; + int pos = 0; + for (char c: value.toCharArray()) { + int hex; + if (c >= '0' && c <= '9') { + hex = c - '0' ; + } else if (c >= 'A' && c <= 'F') { + hex = c - 'A' + 10; + } else if (c >= 'a' && c <= 'f') { + hex = c - 'a' + 10; + } else { + continue; + } + if (pos % 2 == 0) { + data[pos/2] = (byte)(hex << 4); + } else { + data[pos/2] += hex; + } + pos++; + } + if (pos % 2 != 0) { + throw new Exception(rb.getString( + "Odd.number.of.hex.digits.found.") + extstr); + } + data = Arrays.copyOf(data, pos/2); + } else { + data = new byte[0]; + } + ext.set(oid.toString(), new Extension(oid, isCritical, + new DerValue(DerValue.tag_OctetString, data) + .toByteArray())); + break; + default: + throw new Exception(rb.getString( + "Unknown.extension.type.") + extstr); + } + } + // always non-critical + ext.set(SubjectKeyIdentifierExtension.NAME, + new SubjectKeyIdentifierExtension( + new KeyIdentifier(pkey).getIdentifier())); + if (akey != null && !pkey.equals(akey)) { + ext.set(AuthorityKeyIdentifierExtension.NAME, + new AuthorityKeyIdentifierExtension( + new KeyIdentifier(akey), null, null)); + } + } catch(IOException e) { + throw new RuntimeException(e); + } + return ext; + } + + /** + * Prints the usage of this tool. + */ + private void usage() { + if (command != null) { + System.err.println("keytool " + command + + rb.getString(".OPTION.")); + System.err.println(); + System.err.println(rb.getString(command.description)); + System.err.println(); + System.err.println(rb.getString("Options.")); + System.err.println(); + + // Left and right sides of the options list + String[] left = new String[command.options.length]; + String[] right = new String[command.options.length]; + + // Check if there's an unknown option + boolean found = false; + + // Length of left side of options list + int lenLeft = 0; + for (int j=0; j<left.length; j++) { + Option opt = command.options[j]; + left[j] = opt.toString(); + if (opt.arg != null) left[j] += " " + opt.arg; + if (left[j].length() > lenLeft) { + lenLeft = left[j].length(); + } + right[j] = rb.getString(opt.description); + } + for (int j=0; j<left.length; j++) { + System.err.printf(" %-" + lenLeft + "s %s\n", + left[j], right[j]); + } + System.err.println(); + System.err.println(rb.getString( + "Use.keytool.help.for.all.available.commands")); + } else { + System.err.println(rb.getString( + "Key.and.Certificate.Management.Tool")); + System.err.println(); + System.err.println(rb.getString("Commands.")); + System.err.println(); + for (Command c: Command.values()) { + if (c == KEYCLONE) break; + System.err.printf(" %-20s%s\n", c, rb.getString(c.description)); + } + System.err.println(); + System.err.println(rb.getString( + "Use.keytool.command.name.help.for.usage.of.command.name")); + } + } + + private void tinyHelp() { + usage(); + if (debug) { + throw new RuntimeException("NO BIG ERROR, SORRY"); + } else { + System.exit(1); + } + } + + private void errorNeedArgument(String flag) { + Object[] source = {flag}; + System.err.println(new MessageFormat( + rb.getString("Command.option.flag.needs.an.argument.")).format(source)); + tinyHelp(); + } + + private char[] getPass(String modifier, String arg) { + char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb); + if (output != null) return output; + tinyHelp(); + return null; // Useless, tinyHelp() already exits. + } +} + +// This class is exactly the same as com.sun.tools.javac.util.Pair, +// it's copied here since the original one is not included in JRE. +class Pair<A, B> { + + public final A fst; + public final B snd; + + public Pair(A fst, B snd) { + this.fst = fst; + this.snd = snd; + } + + public String toString() { + return "Pair[" + fst + "," + snd + "]"; + } + + private static boolean equals(Object x, Object y) { + return (x == null && y == null) || (x != null && x.equals(y)); + } + + public boolean equals(Object other) { + return + other instanceof Pair && + equals(fst, ((Pair)other).fst) && + equals(snd, ((Pair)other).snd); + } + + public int hashCode() { + if (fst == null) return (snd == null) ? 0 : snd.hashCode() + 1; + else if (snd == null) return fst.hashCode() + 2; + else return fst.hashCode() * 17 + snd.hashCode(); + } + + public static <A,B> Pair<A,B> of(A a, B b) { + return new Pair<>(a,b); + } +} +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Resources.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,434 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.keytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the keytool. + * + */ +public class Resources extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"STAR", + "*******************************************"}, + {"STARNN", + "*******************************************\n\n"}, + + // keytool: Help part + {".OPTION.", " [OPTION]..."}, + {"Options.", "Options:"}, + {"Use.keytool.help.for.all.available.commands", + "Use \"keytool -help\" for all available commands"}, + {"Key.and.Certificate.Management.Tool", + "Key and Certificate Management Tool"}, + {"Commands.", "Commands:"}, + {"Use.keytool.command.name.help.for.usage.of.command.name", + "Use \"keytool -command_name -help\" for usage of command_name"}, + // keytool: help: commands + {"Generates.a.certificate.request", + "Generates a certificate request"}, //-certreq + {"Changes.an.entry.s.alias", + "Changes an entry's alias"}, //-changealias + {"Deletes.an.entry", + "Deletes an entry"}, //-delete + {"Exports.certificate", + "Exports certificate"}, //-exportcert + {"Generates.a.key.pair", + "Generates a key pair"}, //-genkeypair + {"Generates.a.secret.key", + "Generates a secret key"}, //-genseckey + {"Generates.certificate.from.a.certificate.request", + "Generates certificate from a certificate request"}, //-gencert + {"Generates.CRL", "Generates CRL"}, //-gencrl + {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", + "Imports entries from a JDK 1.1.x-style identity database"}, //-identitydb + {"Imports.a.certificate.or.a.certificate.chain", + "Imports a certificate or a certificate chain"}, //-importcert + {"Imports.one.or.all.entries.from.another.keystore", + "Imports one or all entries from another keystore"}, //-importkeystore + {"Clones.a.key.entry", + "Clones a key entry"}, //-keyclone + {"Changes.the.key.password.of.an.entry", + "Changes the key password of an entry"}, //-keypasswd + {"Lists.entries.in.a.keystore", + "Lists entries in a keystore"}, //-list + {"Prints.the.content.of.a.certificate", + "Prints the content of a certificate"}, //-printcert + {"Prints.the.content.of.a.certificate.request", + "Prints the content of a certificate request"}, //-printcertreq + {"Prints.the.content.of.a.CRL.file", + "Prints the content of a CRL file"}, //-printcrl + {"Generates.a.self.signed.certificate", + "Generates a self-signed certificate"}, //-selfcert + {"Changes.the.store.password.of.a.keystore", + "Changes the store password of a keystore"}, //-storepasswd + // keytool: help: options + {"alias.name.of.the.entry.to.process", + "alias name of the entry to process"}, //-alias + {"destination.alias", + "destination alias"}, //-destalias + {"destination.key.password", + "destination key password"}, //-destkeypass + {"destination.keystore.name", + "destination keystore name"}, //-destkeystore + {"destination.keystore.password.protected", + "destination keystore password protected"}, //-destprotected + {"destination.keystore.provider.name", + "destination keystore provider name"}, //-destprovidername + {"destination.keystore.password", + "destination keystore password"}, //-deststorepass + {"destination.keystore.type", + "destination keystore type"}, //-deststoretype + {"distinguished.name", + "distinguished name"}, //-dname + {"X.509.extension", + "X.509 extension"}, //-ext + {"output.file.name", + "output file name"}, //-file and -outfile + {"input.file.name", + "input file name"}, //-file and -infile + {"key.algorithm.name", + "key algorithm name"}, //-keyalg + {"key.password", + "key password"}, //-keypass + {"key.bit.size", + "key bit size"}, //-keysize + {"keystore.name", + "keystore name"}, //-keystore + {"new.password", + "new password"}, //-new + {"do.not.prompt", + "do not prompt"}, //-noprompt + {"password.through.protected.mechanism", + "password through protected mechanism"}, //-protected + {"provider.argument", + "provider argument"}, //-providerarg + {"provider.class.name", + "provider class name"}, //-providerclass + {"provider.name", + "provider name"}, //-providername + {"provider.classpath", + "provider classpath"}, //-providerpath + {"output.in.RFC.style", + "output in RFC style"}, //-rfc + {"signature.algorithm.name", + "signature algorithm name"}, //-sigalg + {"source.alias", + "source alias"}, //-srcalias + {"source.key.password", + "source key password"}, //-srckeypass + {"source.keystore.name", + "source keystore name"}, //-srckeystore + {"source.keystore.password.protected", + "source keystore password protected"}, //-srcprotected + {"source.keystore.provider.name", + "source keystore provider name"}, //-srcprovidername + {"source.keystore.password", + "source keystore password"}, //-srcstorepass + {"source.keystore.type", + "source keystore type"}, //-srcstoretype + {"SSL.server.host.and.port", + "SSL server host and port"}, //-sslserver + {"signed.jar.file", + "signed jar file"}, //=jarfile + {"certificate.validity.start.date.time", + "certificate validity start date/time"}, //-startdate + {"keystore.password", + "keystore password"}, //-storepass + {"keystore.type", + "keystore type"}, //-storetype + {"trust.certificates.from.cacerts", + "trust certificates from cacerts"}, //-trustcacerts + {"verbose.output", + "verbose output"}, //-v + {"validity.number.of.days", + "validity number of days"}, //-validity + {"Serial.ID.of.cert.to.revoke", + "Serial ID of cert to revoke"}, //-id + // keytool: Running part + {"keytool.error.", "keytool error: "}, + {"Illegal.option.", "Illegal option: "}, + {"Illegal.value.", "Illegal value: "}, + {"Unknown.password.type.", "Unknown password type: "}, + {"Cannot.find.environment.variable.", + "Cannot find environment variable: "}, + {"Cannot.find.file.", "Cannot find file: "}, + {"Command.option.flag.needs.an.argument.", "Command option {0} needs an argument."}, + {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", + "Warning: Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified {0} value."}, + {".keystore.must.be.NONE.if.storetype.is.{0}", + "-keystore must be NONE if -storetype is {0}"}, + {"Too.many.retries.program.terminated", + "Too many retries, program terminated"}, + {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", + "-storepasswd and -keypasswd commands not supported if -storetype is {0}"}, + {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", + "-keypasswd commands not supported if -storetype is PKCS12"}, + {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", + "-keypass and -new can not be specified if -storetype is {0}"}, + {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", + "if -protected is specified, then -storepass, -keypass, and -new must not be specified"}, + {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", + "if -srcprotected is specified, then -srcstorepass and -srckeypass must not be specified"}, + {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", + "if keystore is not password protected, then -storepass, -keypass, and -new must not be specified"}, + {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", + "if source keystore is not password protected, then -srcstorepass and -srckeypass must not be specified"}, + {"Illegal.startdate.value", "Illegal startdate value"}, + {"Validity.must.be.greater.than.zero", + "Validity must be greater than zero"}, + {"provName.not.a.provider", "{0} not a provider"}, + {"Usage.error.no.command.provided", "Usage error: no command provided"}, + {"Source.keystore.file.exists.but.is.empty.", "Source keystore file exists, but is empty: "}, + {"Please.specify.srckeystore", "Please specify -srckeystore"}, + {"Must.not.specify.both.v.and.rfc.with.list.command", + "Must not specify both -v and -rfc with 'list' command"}, + {"Key.password.must.be.at.least.6.characters", + "Key password must be at least 6 characters"}, + {"New.password.must.be.at.least.6.characters", + "New password must be at least 6 characters"}, + {"Keystore.file.exists.but.is.empty.", + "Keystore file exists, but is empty: "}, + {"Keystore.file.does.not.exist.", + "Keystore file does not exist: "}, + {"Must.specify.destination.alias", "Must specify destination alias"}, + {"Must.specify.alias", "Must specify alias"}, + {"Keystore.password.must.be.at.least.6.characters", + "Keystore password must be at least 6 characters"}, + {"Enter.keystore.password.", "Enter keystore password: "}, + {"Enter.source.keystore.password.", "Enter source keystore password: "}, + {"Enter.destination.keystore.password.", "Enter destination keystore password: "}, + {"Keystore.password.is.too.short.must.be.at.least.6.characters", + "Keystore password is too short - must be at least 6 characters"}, + {"Unknown.Entry.Type", "Unknown Entry Type"}, + {"Too.many.failures.Alias.not.changed", "Too many failures. Alias not changed"}, + {"Entry.for.alias.alias.successfully.imported.", + "Entry for alias {0} successfully imported."}, + {"Entry.for.alias.alias.not.imported.", "Entry for alias {0} not imported."}, + {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", + "Problem importing entry for alias {0}: {1}.\nEntry for alias {0} not imported."}, + {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", + "Import command completed: {0} entries successfully imported, {1} entries failed or cancelled"}, + {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", + "Warning: Overwriting existing alias {0} in destination keystore"}, + {"Existing.entry.alias.alias.exists.overwrite.no.", + "Existing entry alias {0} exists, overwrite? [no]: "}, + {"Too.many.failures.try.later", "Too many failures - try later"}, + {"Certification.request.stored.in.file.filename.", + "Certification request stored in file <{0}>"}, + {"Submit.this.to.your.CA", "Submit this to your CA"}, + {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", + "if alias not specified, destalias, srckeypass, and destkeypass must not be specified"}, + {"Certificate.stored.in.file.filename.", + "Certificate stored in file <{0}>"}, + {"Certificate.reply.was.installed.in.keystore", + "Certificate reply was installed in keystore"}, + {"Certificate.reply.was.not.installed.in.keystore", + "Certificate reply was not installed in keystore"}, + {"Certificate.was.added.to.keystore", + "Certificate was added to keystore"}, + {"Certificate.was.not.added.to.keystore", + "Certificate was not added to keystore"}, + {".Storing.ksfname.", "[Storing {0}]"}, + {"alias.has.no.public.key.certificate.", + "{0} has no public key (certificate)"}, + {"Cannot.derive.signature.algorithm", + "Cannot derive signature algorithm"}, + {"Alias.alias.does.not.exist", + "Alias <{0}> does not exist"}, + {"Alias.alias.has.no.certificate", + "Alias <{0}> has no certificate"}, + {"Key.pair.not.generated.alias.alias.already.exists", + "Key pair not generated, alias <{0}> already exists"}, + {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", + "Generating {0} bit {1} key pair and self-signed certificate ({2}) with a validity of {3} days\n\tfor: {4}"}, + {"Enter.key.password.for.alias.", "Enter key password for <{0}>"}, + {".RETURN.if.same.as.keystore.password.", + "\t(RETURN if same as keystore password): "}, + {"Key.password.is.too.short.must.be.at.least.6.characters", + "Key password is too short - must be at least 6 characters"}, + {"Too.many.failures.key.not.added.to.keystore", + "Too many failures - key not added to keystore"}, + {"Destination.alias.dest.already.exists", + "Destination alias <{0}> already exists"}, + {"Password.is.too.short.must.be.at.least.6.characters", + "Password is too short - must be at least 6 characters"}, + {"Too.many.failures.Key.entry.not.cloned", + "Too many failures. Key entry not cloned"}, + {"key.password.for.alias.", "key password for <{0}>"}, + {"Keystore.entry.for.id.getName.already.exists", + "Keystore entry for <{0}> already exists"}, + {"Creating.keystore.entry.for.id.getName.", + "Creating keystore entry for <{0}> ..."}, + {"No.entries.from.identity.database.added", + "No entries from identity database added"}, + {"Alias.name.alias", "Alias name: {0}"}, + {"Creation.date.keyStore.getCreationDate.alias.", + "Creation date: {0,date}"}, + {"alias.keyStore.getCreationDate.alias.", + "{0}, {1,date}, "}, + {"alias.", "{0}, "}, + {"Entry.type.type.", "Entry type: {0}"}, + {"Certificate.chain.length.", "Certificate chain length: "}, + {"Certificate.i.1.", "Certificate[{0,number,integer}]:"}, + {"Certificate.fingerprint.SHA1.", "Certificate fingerprint (SHA1): "}, + {"Keystore.type.", "Keystore type: "}, + {"Keystore.provider.", "Keystore provider: "}, + {"Your.keystore.contains.keyStore.size.entry", + "Your keystore contains {0,number,integer} entry"}, + {"Your.keystore.contains.keyStore.size.entries", + "Your keystore contains {0,number,integer} entries"}, + {"Failed.to.parse.input", "Failed to parse input"}, + {"Empty.input", "Empty input"}, + {"Not.X.509.certificate", "Not X.509 certificate"}, + {"alias.has.no.public.key", "{0} has no public key"}, + {"alias.has.no.X.509.certificate", "{0} has no X.509 certificate"}, + {"New.certificate.self.signed.", "New certificate (self-signed):"}, + {"Reply.has.no.certificates", "Reply has no certificates"}, + {"Certificate.not.imported.alias.alias.already.exists", + "Certificate not imported, alias <{0}> already exists"}, + {"Input.not.an.X.509.certificate", "Input not an X.509 certificate"}, + {"Certificate.already.exists.in.keystore.under.alias.trustalias.", + "Certificate already exists in keystore under alias <{0}>"}, + {"Do.you.still.want.to.add.it.no.", + "Do you still want to add it? [no]: "}, + {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", + "Certificate already exists in system-wide CA keystore under alias <{0}>"}, + {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", + "Do you still want to add it to your own keystore? [no]: "}, + {"Trust.this.certificate.no.", "Trust this certificate? [no]: "}, + {"YES", "YES"}, + {"New.prompt.", "New {0}: "}, + {"Passwords.must.differ", "Passwords must differ"}, + {"Re.enter.new.prompt.", "Re-enter new {0}: "}, + {"Re.enter.new.password.", "Re-enter new password: "}, + {"They.don.t.match.Try.again", "They don't match. Try again"}, + {"Enter.prompt.alias.name.", "Enter {0} alias name: "}, + {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", + "Enter new alias name\t(RETURN to cancel import for this entry): "}, + {"Enter.alias.name.", "Enter alias name: "}, + {".RETURN.if.same.as.for.otherAlias.", + "\t(RETURN if same as for <{0}>)"}, + {".PATTERN.printX509Cert", + "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t Signature algorithm name: {8}\n\t Version: {9}"}, + {"What.is.your.first.and.last.name.", + "What is your first and last name?"}, + {"What.is.the.name.of.your.organizational.unit.", + "What is the name of your organizational unit?"}, + {"What.is.the.name.of.your.organization.", + "What is the name of your organization?"}, + {"What.is.the.name.of.your.City.or.Locality.", + "What is the name of your City or Locality?"}, + {"What.is.the.name.of.your.State.or.Province.", + "What is the name of your State or Province?"}, + {"What.is.the.two.letter.country.code.for.this.unit.", + "What is the two-letter country code for this unit?"}, + {"Is.name.correct.", "Is {0} correct?"}, + {"no", "no"}, + {"yes", "yes"}, + {"y", "y"}, + {".defaultValue.", " [{0}]: "}, + {"Alias.alias.has.no.key", + "Alias <{0}> has no key"}, + {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", + "Alias <{0}> references an entry type that is not a private key entry. The -keyclone command only supports cloning of private key entries"}, + + {".WARNING.WARNING.WARNING.", + "***************** WARNING WARNING WARNING *****************"}, + {"Signer.d.", "Signer #%d:"}, + {"Timestamp.", "Timestamp:"}, + {"Signature.", "Signature:"}, + {"CRLs.", "CRLs:"}, + {"Certificate.owner.", "Certificate owner: "}, + {"Not.a.signed.jar.file", "Not a signed jar file"}, + {"No.certificate.from.the.SSL.server", + "No certificate from the SSL server"}, + + {".The.integrity.of.the.information.stored.in.your.keystore.", + "* The integrity of the information stored in your keystore *\n" + + "* has NOT been verified! In order to verify its integrity, *\n" + + "* you must provide your keystore password. *"}, + {".The.integrity.of.the.information.stored.in.the.srckeystore.", + "* The integrity of the information stored in the srckeystore*\n" + + "* has NOT been verified! In order to verify its integrity, *\n" + + "* you must provide the srckeystore password. *"}, + + {"Certificate.reply.does.not.contain.public.key.for.alias.", + "Certificate reply does not contain public key for <{0}>"}, + {"Incomplete.certificate.chain.in.reply", + "Incomplete certificate chain in reply"}, + {"Certificate.chain.in.reply.does.not.verify.", + "Certificate chain in reply does not verify: "}, + {"Top.level.certificate.in.reply.", + "Top-level certificate in reply:\n"}, + {".is.not.trusted.", "... is not trusted. "}, + {"Install.reply.anyway.no.", "Install reply anyway? [no]: "}, + {"NO", "NO"}, + {"Public.keys.in.reply.and.keystore.don.t.match", + "Public keys in reply and keystore don't match"}, + {"Certificate.reply.and.certificate.in.keystore.are.identical", + "Certificate reply and certificate in keystore are identical"}, + {"Failed.to.establish.chain.from.reply", + "Failed to establish chain from reply"}, + {"n", "n"}, + {"Wrong.answer.try.again", "Wrong answer, try again"}, + {"Secret.key.not.generated.alias.alias.already.exists", + "Secret Key not generated, alias <{0}> already exists"}, + {"Please.provide.keysize.for.secret.key.generation", + "Please provide -keysize for secret key generation"}, + + {"Extensions.", "Extensions: "}, + {".Empty.value.", "(Empty value)"}, + {"Extension.Request.", "Extension Request:"}, + {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", + "PKCS #10 Certificate Request (Version 1.0)\n" + + "Subject: %s\nPublic Key: %s format %s key\n"}, + {"Unknown.keyUsage.type.", "Unknown keyUsage type: "}, + {"Unknown.extendedkeyUsage.type.", "Unknown extendedkeyUsage type: "}, + {"Unknown.AccessDescription.type.", "Unknown AccessDescription type: "}, + {"Unrecognized.GeneralName.type.", "Unrecognized GeneralName type: "}, + {"This.extension.cannot.be.marked.as.critical.", + "This extension cannot be marked as critical. "}, + {"Odd.number.of.hex.digits.found.", "Odd number of hex digits found: "}, + {"Unknown.extension.type.", "Unknown extension type: "}, + {"command.{0}.is.ambiguous.", "command {0} is ambiguous:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Resources_de.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,429 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.keytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the keytool. + * + */ +public class Resources_de extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"STAR", + "*******************************************"}, + {"STARNN", + "*******************************************\n\n"}, + + // keytool: Help part + {".OPTION.", " [OPTION]..."}, + {"Options.", "Optionen:"}, + {"Use.keytool.help.for.all.available.commands", + "\"keytool -help\" f\u00FCr alle verf\u00FCgbaren Befehle verwenden"}, + {"Key.and.Certificate.Management.Tool", + "Schl\u00FCssel- und Zertifikatsverwaltungstool"}, + {"Commands.", "Befehle:"}, + {"Use.keytool.command.name.help.for.usage.of.command.name", + "\"keytool -command_name -help\" f\u00FCr Verwendung von command_name verwenden"}, + // keytool: help: commands + {"Generates.a.certificate.request", + "Generiert eine Zertifikatanforderung"}, //-certreq + {"Changes.an.entry.s.alias", + "\u00C4ndert den Alias eines Eintrags"}, //-changealias + {"Deletes.an.entry", + "L\u00F6scht einen Eintrag"}, //-delete + {"Exports.certificate", + "Exportiert ein Zertifikat"}, //-exportcert + {"Generates.a.key.pair", + "Generiert ein Schl\u00FCsselpaar"}, //-genkeypair + {"Generates.a.secret.key", + "Generiert einen Secret Key"}, //-genseckey + {"Generates.certificate.from.a.certificate.request", + "Generiert ein Zertifikat aus einer Zertifikatanforderung"}, //-gencert + {"Generates.CRL", "Generiert eine CRL"}, //-gencrl + {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", + "Importiert Eintr\u00E4ge aus einer Identity-Datenbank im JDK 1.1.x-Stil"}, //-identitydb + {"Imports.a.certificate.or.a.certificate.chain", + "Importiert ein Zertifikat oder eine Zertifikatskette"}, //-importcert + {"Imports.one.or.all.entries.from.another.keystore", + "Importiert einen oder alle Eintr\u00E4ge aus einem anderen Keystore"}, //-importkeystore + {"Clones.a.key.entry", + "Clont einen Schl\u00FCsseleintrag"}, //-keyclone + {"Changes.the.key.password.of.an.entry", + "\u00C4ndert das Schl\u00FCsselkennwort eines Eintrags"}, //-keypasswd + {"Lists.entries.in.a.keystore", + "Listet die Eintr\u00E4ge in einem Keystore auf"}, //-list + {"Prints.the.content.of.a.certificate", + "Druckt den Content eines Zertifikats"}, //-printcert + {"Prints.the.content.of.a.certificate.request", + "Druckt den Content einer Zertifikatanforderung"}, //-printcertreq + {"Prints.the.content.of.a.CRL.file", + "Druckt den Content einer CRL-Datei"}, //-printcrl + {"Generates.a.self.signed.certificate", + "Generiert ein selbst signiertes Zertifikat"}, //-selfcert + {"Changes.the.store.password.of.a.keystore", + "\u00C4ndert das Speicherkennwort eines Keystores"}, //-storepasswd + // keytool: help: options + {"alias.name.of.the.entry.to.process", + "Aliasname des zu verarbeitenden Eintrags"}, //-alias + {"destination.alias", + "Zielalias"}, //-destalias + {"destination.key.password", + "Zielschl\u00FCssel-Kennwort"}, //-destkeypass + {"destination.keystore.name", + "Ziel-Keystore-Name"}, //-destkeystore + {"destination.keystore.password.protected", + "Ziel-Keystore kennwortgesch\u00FCtzt"}, //-destprotected + {"destination.keystore.provider.name", + "Ziel-Keystore-Providername"}, //-destprovidername + {"destination.keystore.password", + "Ziel-Keystore-Kennwort"}, //-deststorepass + {"destination.keystore.type", + "Ziel-Keystore-Typ"}, //-deststoretype + {"distinguished.name", + "Distinguished Name"}, //-dname + {"X.509.extension", + "X.509-Erweiterung"}, //-ext + {"output.file.name", + "Ausgabedateiname"}, //-file and -outfile + {"input.file.name", + "Eingabedateiname"}, //-file and -infile + {"key.algorithm.name", + "Schl\u00FCsselalgorithmusname"}, //-keyalg + {"key.password", + "Schl\u00FCsselkennwort"}, //-keypass + {"key.bit.size", + "Schl\u00FCsselbitgr\u00F6\u00DFe"}, //-keysize + {"keystore.name", + "Keystore-Name"}, //-keystore + {"new.password", + "Neues Kennwort"}, //-new + {"do.not.prompt", + "Kein Prompt"}, //-noprompt + {"password.through.protected.mechanism", + "Kennwort \u00FCber gesch\u00FCtzten Mechanismus"}, //-protected + {"provider.argument", + "Providerargument"}, //-providerarg + {"provider.class.name", + "Providerklassenname"}, //-providerclass + {"provider.name", + "Providername"}, //-providername + {"provider.classpath", + "Provider-Classpath"}, //-providerpath + {"output.in.RFC.style", + "Ausgabe in RFC-Stil"}, //-rfc + {"signature.algorithm.name", + "Signaturalgorithmusname"}, //-sigalg + {"source.alias", + "Quellalias"}, //-srcalias + {"source.key.password", + "Quellschl\u00FCssel-Kennwort"}, //-srckeypass + {"source.keystore.name", + "Quell-Keystore-Name"}, //-srckeystore + {"source.keystore.password.protected", + "Quell-Keystore kennwortgesch\u00FCtzt"}, //-srcprotected + {"source.keystore.provider.name", + "Quell-Keystore-Providername"}, //-srcprovidername + {"source.keystore.password", + "Quell-Keystore-Kennwort"}, //-srcstorepass + {"source.keystore.type", + "Quell-Keystore-Typ"}, //-srcstoretype + {"SSL.server.host.and.port", + "SSL-Serverhost und -port"}, //-sslserver + {"signed.jar.file", + "Signierte JAR-Datei"}, //=jarfile + {"certificate.validity.start.date.time", + "Anfangsdatum/-zeit f\u00FCr Zertifikatsg\u00FCltigkeit"}, //-startdate + {"keystore.password", + "Keystore-Kennwort"}, //-storepass + {"keystore.type", + "Keystore-Typ"}, //-storetype + {"trust.certificates.from.cacerts", + "Zertifikaten aus cacerts vertrauen"}, //-trustcacerts + {"verbose.output", + "Verbose-Ausgabe"}, //-v + {"validity.number.of.days", + "G\u00FCltigkeitsdauer (Tage)"}, //-validity + {"Serial.ID.of.cert.to.revoke", + "Serielle ID des zu entziehenden Certs"}, //-id + // keytool: Running part + {"keytool.error.", "Keytool-Fehler: "}, + {"Illegal.option.", "Ung\u00FCltige Option: "}, + {"Illegal.value.", "Ung\u00FCltiger Wert: "}, + {"Unknown.password.type.", "Unbekannter Kennworttyp: "}, + {"Cannot.find.environment.variable.", + "Umgebungsvariable kann nicht gefunden werden: "}, + {"Cannot.find.file.", "Datei kann nicht gefunden werden: "}, + {"Command.option.flag.needs.an.argument.", "Befehlsoption {0} ben\u00F6tigt ein Argument."}, + {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", + "Warnung: Keine Unterst\u00FCtzung f\u00FCr unterschiedliche Speicher- und Schl\u00FCsselkennw\u00F6rter bei PKCS12 KeyStores. Der benutzerdefinierte Wert {0} wird ignoriert."}, + {".keystore.must.be.NONE.if.storetype.is.{0}", + "-keystore muss NONE sein, wenn -storetype {0} ist"}, + {"Too.many.retries.program.terminated", + "Zu viele erneute Versuche. Programm wird beendet"}, + {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", + "Befehle -storepasswd und -keypasswd werden nicht unterst\u00FCtzt, wenn -storetype {0} ist"}, + {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", + "Befehle des Typs -keypasswd werden nicht unterst\u00FCtzt, wenn -storetype PKCS12 ist"}, + {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", + "-keypass und -new k\u00F6nnen nicht angegeben werden, wenn -storetype {0} ist"}, + {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", + "Wenn -protected angegeben ist, d\u00FCrfen -storepass, -keypass und -new nicht angegeben werden"}, + {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", + "Wenn -srcprotected angegeben ist, d\u00FCrfen -srcstorepass und -srckeypass nicht angegeben werden"}, + {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", + "Wenn der Keystore nicht kennwortgesch\u00FCtzt ist, d\u00FCrfen -storepass, -keypass und -new nicht angegeben werden"}, + {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", + "Wenn der Quell-Keystore nicht kennwortgesch\u00FCtzt ist, d\u00FCrfen -srcstorepass und -srckeypass nicht angegeben werden"}, + {"Illegal.startdate.value", "Ung\u00FCltiger Wert f\u00FCr Anfangsdatum"}, + {"Validity.must.be.greater.than.zero", + "G\u00FCltigkeit muss gr\u00F6\u00DFer als null sein"}, + {"provName.not.a.provider", "{0} kein Provider"}, + {"Usage.error.no.command.provided", "Verwendungsfehler: Kein Befehl angegeben"}, + {"Source.keystore.file.exists.but.is.empty.", "Quell-Keystore-Datei ist zwar vorhanden, ist aber leer: "}, + {"Please.specify.srckeystore", "Geben Sie -srckeystore an"}, + {"Must.not.specify.both.v.and.rfc.with.list.command", + "-v und -rfc d\u00FCrfen bei Befehl \"list\" nicht beide angegeben werden"}, + {"Key.password.must.be.at.least.6.characters", + "Schl\u00FCsselkennwort muss mindestens sechs Zeichen lang sein"}, + {"New.password.must.be.at.least.6.characters", + "Neues Kennwort muss mindestens sechs Zeichen lang sein"}, + {"Keystore.file.exists.but.is.empty.", + "Keystore-Datei ist vorhanden, ist aber leer: "}, + {"Keystore.file.does.not.exist.", + "Keystore-Datei ist nicht vorhanden: "}, + {"Must.specify.destination.alias", "Sie m\u00FCssen einen Zielalias angeben"}, + {"Must.specify.alias", "Sie m\u00FCssen einen Alias angeben"}, + {"Keystore.password.must.be.at.least.6.characters", + "Keystore-Kennwort muss mindestens sechs Zeichen lang sein"}, + {"Enter.keystore.password.", "Keystore-Kennwort eingeben: "}, + {"Enter.source.keystore.password.", "Quell-Keystore-Kennwort eingeben: "}, + {"Enter.destination.keystore.password.", "Ziel-Keystore-Kennwort eingeben: "}, + {"Keystore.password.is.too.short.must.be.at.least.6.characters", + "Keystore-Kennwort ist zu kurz. Es muss mindestens sechs Zeichen lang sein"}, + {"Unknown.Entry.Type", "Unbekannter Eintragstyp"}, + {"Too.many.failures.Alias.not.changed", "Zu viele Fehler. Alias nicht ge\u00E4ndert"}, + {"Entry.for.alias.alias.successfully.imported.", + "Eintrag f\u00FCr Alias {0} erfolgreich importiert."}, + {"Entry.for.alias.alias.not.imported.", "Eintrag f\u00FCr Alias {0} nicht importiert."}, + {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", + "Problem beim Importieren des Eintrags f\u00FCr Alias {0}: {1}.\nEintrag f\u00FCr Alias {0} nicht importiert."}, + {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", + "Importbefehl abgeschlossen: {0} Eintr\u00E4ge erfolgreich importiert, {1} Eintr\u00E4ge nicht erfolgreich oder abgebrochen"}, + {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", + "Warnung: Vorhandener Alias {0} in Ziel-Keystore wird \u00FCberschrieben"}, + {"Existing.entry.alias.alias.exists.overwrite.no.", + "Eintragsalias {0} ist bereits vorhanden. \u00DCberschreiben? [Nein]: "}, + {"Too.many.failures.try.later", "Zu viele Fehler. Versuchen Sie es sp\u00E4ter erneut"}, + {"Certification.request.stored.in.file.filename.", + "Zertifizierungsanforderung in Datei <{0}> gespeichert"}, + {"Submit.this.to.your.CA", "Leiten Sie dies an die CA weiter"}, + {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", + "Wenn kein Alias angegeben ist, d\u00FCrfen destalias, srckeypass und destkeypass nicht angegeben werden"}, + {"Certificate.stored.in.file.filename.", + "Zertifikat in Datei <{0}> gespeichert"}, + {"Certificate.reply.was.installed.in.keystore", + "Zertifikatantwort wurde in Keystore installiert"}, + {"Certificate.reply.was.not.installed.in.keystore", + "Zertifikatantwort wurde nicht in Keystore installiert"}, + {"Certificate.was.added.to.keystore", + "Zertifikat wurde Keystore hinzugef\u00FCgt"}, + {"Certificate.was.not.added.to.keystore", + "Zertifikat wurde nicht zu Keystore hinzugef\u00FCgt"}, + {".Storing.ksfname.", "[{0} wird gesichert]"}, + {"alias.has.no.public.key.certificate.", + "{0} hat keinen Public Key (Zertifikat)"}, + {"Cannot.derive.signature.algorithm", + "Signaturalgorithmus kann nicht abgeleitet werden"}, + {"Alias.alias.does.not.exist", + "Alias <{0}> ist nicht vorhanden"}, + {"Alias.alias.has.no.certificate", + "Alias <{0}> hat kein Zertifikat"}, + {"Key.pair.not.generated.alias.alias.already.exists", + "Schl\u00FCsselpaar wurde nicht generiert. Alias <{0}> ist bereits vorhanden"}, + {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", + "Generieren von Schl\u00FCsselpaar (Typ {1}, {0} Bit) und selbst signiertem Zertifikat ({2}) mit einer G\u00FCltigkeit von {3} Tagen\n\tf\u00FCr: {4}"}, + {"Enter.key.password.for.alias.", "Schl\u00FCsselkennwort f\u00FCr <{0}> eingeben"}, + {".RETURN.if.same.as.keystore.password.", + "\t(RETURN, wenn identisch mit Keystore-Kennwort): "}, + {"Key.password.is.too.short.must.be.at.least.6.characters", + "Schl\u00FCsselkennwort ist zu kurz. Es muss mindestens sechs Zeichen lang sein"}, + {"Too.many.failures.key.not.added.to.keystore", + "Zu viele Fehler. Schl\u00FCssel wurde nicht zu Keystore hinzugef\u00FCgt"}, + {"Destination.alias.dest.already.exists", + "Zielalias <{0}> bereits vorhanden"}, + {"Password.is.too.short.must.be.at.least.6.characters", + "Kennwort ist zu kurz. Es muss mindestens sechs Zeichen lang sein"}, + {"Too.many.failures.Key.entry.not.cloned", + "Zu viele Fehler. Schl\u00FCsseleintrag wurde nicht geclont"}, + {"key.password.for.alias.", "Schl\u00FCsselkennwort f\u00FCr <{0}>"}, + {"Keystore.entry.for.id.getName.already.exists", + "Keystore-Eintrag f\u00FCr <{0}> bereits vorhanden"}, + {"Creating.keystore.entry.for.id.getName.", + "Keystore-Eintrag f\u00FCr <{0}> wird erstellt..."}, + {"No.entries.from.identity.database.added", + "Keine Eintr\u00E4ge aus Identity-Datenbank hinzugef\u00FCgt"}, + {"Alias.name.alias", "Aliasname: {0}"}, + {"Creation.date.keyStore.getCreationDate.alias.", + "Erstellungsdatum: {0,date}"}, + {"alias.keyStore.getCreationDate.alias.", + "{0}, {1,date}, "}, + {"alias.", "{0}, "}, + {"Entry.type.type.", "Eintragstyp: {0}"}, + {"Certificate.chain.length.", "Zertifikatskettenl\u00E4nge: "}, + {"Certificate.i.1.", "Zertifikat[{0,number,integer}]:"}, + {"Certificate.fingerprint.SHA1.", "Zertifikat-Fingerprint (SHA1): "}, + {"Keystore.type.", "Keystore-Typ: "}, + {"Keystore.provider.", "Keystore-Provider: "}, + {"Your.keystore.contains.keyStore.size.entry", + "Keystore enth\u00E4lt {0,number,integer} Eintrag"}, + {"Your.keystore.contains.keyStore.size.entries", + "Keystore enth\u00E4lt {0,number,integer} Eintr\u00E4ge"}, + {"Failed.to.parse.input", "Eingabe konnte nicht geparst werden"}, + {"Empty.input", "Leere Eingabe"}, + {"Not.X.509.certificate", "Kein X.509-Zertifikat"}, + {"alias.has.no.public.key", "{0} hat keinen Public Key"}, + {"alias.has.no.X.509.certificate", "{0} hat kein X.509-Zertifikat"}, + {"New.certificate.self.signed.", "Neues Zertifikat (selbst signiert):"}, + {"Reply.has.no.certificates", "Antwort hat keine Zertifikate"}, + {"Certificate.not.imported.alias.alias.already.exists", + "Zertifikat nicht importiert. Alias <{0}> ist bereits vorhanden"}, + {"Input.not.an.X.509.certificate", "Eingabe kein X.509-Zertifikat"}, + {"Certificate.already.exists.in.keystore.under.alias.trustalias.", + "Zertifikat ist bereits unter Alias <{0}> im Keystore vorhanden"}, + {"Do.you.still.want.to.add.it.no.", + "M\u00F6chten Sie es trotzdem hinzuf\u00FCgen? [Nein]: "}, + {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", + "Zertifikat ist bereits unter Alias <{0}> im systemweiten CA-Keystore vorhanden"}, + {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", + "M\u00F6chten Sie es trotzdem zu Ihrem eigenen Keystore hinzuf\u00FCgen? [Nein]: "}, + {"Trust.this.certificate.no.", "Diesem Zertifikat vertrauen? [Nein]: "}, + {"YES", "JA"}, + {"New.prompt.", "Neues {0}: "}, + {"Passwords.must.differ", "Kennw\u00F6rter m\u00FCssen sich unterscheiden"}, + {"Re.enter.new.prompt.", "Neues {0} erneut eingeben: "}, + {"Re.enter.new.password.", "Neues Kennwort erneut eingeben: "}, + {"They.don.t.match.Try.again", "Keine \u00DCbereinstimmung. Wiederholen Sie den Vorgang"}, + {"Enter.prompt.alias.name.", "{0}-Aliasnamen eingeben: "}, + {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", + "Geben Sie einen neuen Aliasnamen ein\t(RETURN, um den Import dieses Eintrags abzubrechen): "}, + {"Enter.alias.name.", "Aliasnamen eingeben: "}, + {".RETURN.if.same.as.for.otherAlias.", + "\t(RETURN, wenn identisch mit <{0}>)"}, + {".PATTERN.printX509Cert", + "Eigent\u00FCmer: {0}\nAussteller: {1}\nSeriennummer: {2}\nG\u00FCltig von: {3} bis: {4}\nZertifikat-Fingerprints:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t Signaturalgorithmusname: {8}\n\t Version: {9}"}, + {"What.is.your.first.and.last.name.", + "Wie lautet Ihr Vor- und Nachname?"}, + {"What.is.the.name.of.your.organizational.unit.", + "Wie lautet der Name Ihrer organisatorischen Einheit?"}, + {"What.is.the.name.of.your.organization.", + "Wie lautet der Name Ihrer Organisation?"}, + {"What.is.the.name.of.your.City.or.Locality.", + "Wie lautet der Name Ihrer Stadt oder Gemeinde?"}, + {"What.is.the.name.of.your.State.or.Province.", + "Wie lautet der Name Ihres Bundeslands?"}, + {"What.is.the.two.letter.country.code.for.this.unit.", + "Wie lautet der L\u00E4ndercode (zwei Buchstaben) f\u00FCr diese Einheit?"}, + {"Is.name.correct.", "Ist {0} richtig?"}, + {"no", "Nein"}, + {"yes", "Ja"}, + {"y", "J"}, + {".defaultValue.", " [{0}]: "}, + {"Alias.alias.has.no.key", + "Alias <{0}> verf\u00FCgt \u00FCber keinen Schl\u00FCssel"}, + {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", + "Alias <{0}> verweist auf einen Eintragstyp, der kein Private Key-Eintrag ist. Der Befehl -keyclone unterst\u00FCtzt nur das Clonen von Private Key-Eintr\u00E4gen"}, + + {".WARNING.WARNING.WARNING.", + "***************** WARNING WARNING WARNING *****************"}, + {"Signer.d.", "Signaturgeber #%d:"}, + {"Timestamp.", "Zeitstempel:"}, + {"Signature.", "Signatur:"}, + {"CRLs.", "CRLs:"}, + {"Certificate.owner.", "Zertifikateigent\u00FCmer: "}, + {"Not.a.signed.jar.file", "Keine signierte JAR-Datei"}, + {"No.certificate.from.the.SSL.server", + "Kein Zertifikat vom SSL-Server"}, + + {".The.integrity.of.the.information.stored.in.your.keystore.", + "* Die Integrit\u00E4t der Informationen, die in Ihrem Keystore gespeichert sind, *\n* wurde NICHT gepr\u00FCft. Um die Integrit\u00E4t zu pr\u00FCfen, *\n* m\u00FCssen Sie Ihr Keystore-Kennwort angeben. *"}, + {".The.integrity.of.the.information.stored.in.the.srckeystore.", + "* Die Integrit\u00E4t der Informationen, die in Ihrem Srckeystore gespeichert sind, *\n* wurde NICHT gepr\u00FCft. Um die Integrit\u00E4t zu pr\u00FCfen, *\n* m\u00FCssen Sie Ihr Srckeystore-Kennwort angeben. *"}, + + {"Certificate.reply.does.not.contain.public.key.for.alias.", + "Zertifikatantwort enth\u00E4lt keinen Public Key f\u00FCr <{0}>"}, + {"Incomplete.certificate.chain.in.reply", + "Unvollst\u00E4ndige Zertifikatskette in Antwort"}, + {"Certificate.chain.in.reply.does.not.verify.", + "Zertifikatskette in Antwort verifiziert nicht: "}, + {"Top.level.certificate.in.reply.", + "Zertifikat der obersten Ebene in Antwort:\n"}, + {".is.not.trusted.", "... ist nicht vertrauensw\u00FCrdig. "}, + {"Install.reply.anyway.no.", "Antwort trotzdem installieren? [Nein]: "}, + {"NO", "Nein"}, + {"Public.keys.in.reply.and.keystore.don.t.match", + "Public Keys in Antwort und Keystore stimmen nicht \u00FCberein"}, + {"Certificate.reply.and.certificate.in.keystore.are.identical", + "Zertifikatantwort und Zertifikat in Keystore sind identisch"}, + {"Failed.to.establish.chain.from.reply", + "Kette konnte der Antwort nicht entnommen werden"}, + {"n", "N"}, + {"Wrong.answer.try.again", "Falsche Antwort. Wiederholen Sie den Vorgang"}, + {"Secret.key.not.generated.alias.alias.already.exists", + "Secret Key wurde nicht generiert. Alias <{0}> ist bereits vorhanden"}, + {"Please.provide.keysize.for.secret.key.generation", + "Geben Sie -keysize zum Erstellen eines Secret Keys an"}, + + {"Extensions.", "Erweiterungen: "}, + {".Empty.value.", "(Leerer Wert)"}, + {"Extension.Request.", "Erweiterungsanforderung:"}, + {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", + "PKCS #10-Zertifikatanforderung (Version 1.0)\nSubjekt: %s\nPublic Key: %s Format %s Schl\u00FCssel\n"}, + {"Unknown.keyUsage.type.", "Unbekannter keyUsage-Typ: "}, + {"Unknown.extendedkeyUsage.type.", "Unbekannter extendedkeyUsage-Typ: "}, + {"Unknown.AccessDescription.type.", "Unbekannter AccessDescription-Typ: "}, + {"Unrecognized.GeneralName.type.", "Unbekannter GeneralName-Typ: "}, + {"This.extension.cannot.be.marked.as.critical.", + "Erweiterung kann nicht als \"Kritisch\" markiert werden. "}, + {"Odd.number.of.hex.digits.found.", "Ungerade Anzahl hexadezimaler Ziffern gefunden: "}, + {"Unknown.extension.type.", "Unbekannter Erweiterungstyp: "}, + {"command.{0}.is.ambiguous.", "Befehl {0} ist mehrdeutig:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Resources_es.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,429 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.keytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the keytool. + * + */ +public class Resources_es extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"STAR", + "*******************************************"}, + {"STARNN", + "*******************************************\n\n"}, + + // keytool: Help part + {".OPTION.", " [OPTION]..."}, + {"Options.", "Opciones:"}, + {"Use.keytool.help.for.all.available.commands", + "Utilice\"keytool -help\" para todos los comandos disponibles"}, + {"Key.and.Certificate.Management.Tool", + "Herramienta de Gesti\u00F3n de Certificados y Claves"}, + {"Commands.", "Comandos:"}, + {"Use.keytool.command.name.help.for.usage.of.command.name", + "Utilice \"keytool -command_name -help\" para la sintaxis de nombre_comando"}, + // keytool: help: commands + {"Generates.a.certificate.request", + "Genera una solicitud de certificado"}, //-certreq + {"Changes.an.entry.s.alias", + "Cambia un alias de entrada"}, //-changealias + {"Deletes.an.entry", + "Suprime una entrada"}, //-delete + {"Exports.certificate", + "Exporta el certificado"}, //-exportcert + {"Generates.a.key.pair", + "Genera un par de claves"}, //-genkeypair + {"Generates.a.secret.key", + "Genera un clave secreta"}, //-genseckey + {"Generates.certificate.from.a.certificate.request", + "Genera un certificado a partir de una solicitud de certificado"}, //-gencert + {"Generates.CRL", "Genera CRL"}, //-gencrl + {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", + "Importa entradas desde una base de datos de identidades JDK 1.1.x-style"}, //-identitydb + {"Imports.a.certificate.or.a.certificate.chain", + "Importa un certificado o una cadena de certificados"}, //-importcert + {"Imports.one.or.all.entries.from.another.keystore", + "Importa una o todas las entradas desde otro almac\u00E9n de claves"}, //-importkeystore + {"Clones.a.key.entry", + "Clona una entrada de clave"}, //-keyclone + {"Changes.the.key.password.of.an.entry", + "Cambia la contrase\u00F1a de clave de una entrada"}, //-keypasswd + {"Lists.entries.in.a.keystore", + "Enumera las entradas de un almac\u00E9n de claves"}, //-list + {"Prints.the.content.of.a.certificate", + "Imprime el contenido de un certificado"}, //-printcert + {"Prints.the.content.of.a.certificate.request", + "Imprime el contenido de una solicitud de certificado"}, //-printcertreq + {"Prints.the.content.of.a.CRL.file", + "Imprime el contenido de un archivo CRL"}, //-printcrl + {"Generates.a.self.signed.certificate", + "Genera un certificado autofirmado"}, //-selfcert + {"Changes.the.store.password.of.a.keystore", + "Cambia la contrase\u00F1a de almac\u00E9n de un almac\u00E9n de claves"}, //-storepasswd + // keytool: help: options + {"alias.name.of.the.entry.to.process", + "nombre de alias de la entrada que se va a procesar"}, //-alias + {"destination.alias", + "alias de destino"}, //-destalias + {"destination.key.password", + "contrase\u00F1a de clave de destino"}, //-destkeypass + {"destination.keystore.name", + "nombre de almac\u00E9n de claves de destino"}, //-destkeystore + {"destination.keystore.password.protected", + "almac\u00E9n de claves de destino protegido por contrase\u00F1a"}, //-destprotected + {"destination.keystore.provider.name", + "nombre de proveedor de almac\u00E9n de claves de destino"}, //-destprovidername + {"destination.keystore.password", + "contrase\u00F1a de almac\u00E9n de claves de destino"}, //-deststorepass + {"destination.keystore.type", + "tipo de almac\u00E9n de claves de destino"}, //-deststoretype + {"distinguished.name", + "nombre distintivo"}, //-dname + {"X.509.extension", + "extensi\u00F3n X.509"}, //-ext + {"output.file.name", + "nombre de archivo de salida"}, //-file and -outfile + {"input.file.name", + "nombre de archivo de entrada"}, //-file and -infile + {"key.algorithm.name", + "nombre de algoritmo de clave"}, //-keyalg + {"key.password", + "contrase\u00F1a de clave"}, //-keypass + {"key.bit.size", + "tama\u00F1o de bit de clave"}, //-keysize + {"keystore.name", + "nombre de almac\u00E9n de claves"}, //-keystore + {"new.password", + "nueva contrase\u00F1a"}, //-new + {"do.not.prompt", + "no solicitar"}, //-noprompt + {"password.through.protected.mechanism", + "contrase\u00F1a a trav\u00E9s de mecanismo protegido"}, //-protected + {"provider.argument", + "argumento del proveedor"}, //-providerarg + {"provider.class.name", + "nombre de clase del proveedor"}, //-providerclass + {"provider.name", + "nombre del proveedor"}, //-providername + {"provider.classpath", + "classpath de proveedor"}, //-providerpath + {"output.in.RFC.style", + "salida en estilo RFC"}, //-rfc + {"signature.algorithm.name", + "nombre de algoritmo de firma"}, //-sigalg + {"source.alias", + "alias de origen"}, //-srcalias + {"source.key.password", + "contrase\u00F1a de clave de origen"}, //-srckeypass + {"source.keystore.name", + "nombre de almac\u00E9n de claves de origen"}, //-srckeystore + {"source.keystore.password.protected", + "almac\u00E9n de claves de origen protegido por contrase\u00F1a"}, //-srcprotected + {"source.keystore.provider.name", + "nombre de proveedor de almac\u00E9n de claves de origen"}, //-srcprovidername + {"source.keystore.password", + "contrase\u00F1a de almac\u00E9n de claves de origen"}, //-srcstorepass + {"source.keystore.type", + "tipo de almac\u00E9n de claves de origen"}, //-srcstoretype + {"SSL.server.host.and.port", + "puerto y host del servidor SSL"}, //-sslserver + {"signed.jar.file", + "archivo jar firmado"}, //=jarfile + {"certificate.validity.start.date.time", + "fecha/hora de inicio de validez del certificado"}, //-startdate + {"keystore.password", + "contrase\u00F1a de almac\u00E9n de claves"}, //-storepass + {"keystore.type", + "tipo de almac\u00E9n de claves"}, //-storetype + {"trust.certificates.from.cacerts", + "certificados de protecci\u00F3n de cacerts"}, //-trustcacerts + {"verbose.output", + "salida detallada"}, //-v + {"validity.number.of.days", + "n\u00FAmero de validez de d\u00EDas"}, //-validity + {"Serial.ID.of.cert.to.revoke", + "identificador de serie del certificado que se va a revocar"}, //-id + // keytool: Running part + {"keytool.error.", "error de herramienta de claves: "}, + {"Illegal.option.", "Opci\u00F3n no permitida: "}, + {"Illegal.value.", "Valor no permitido: "}, + {"Unknown.password.type.", "Tipo de contrase\u00F1a desconocido: "}, + {"Cannot.find.environment.variable.", + "No se ha encontrado la variable del entorno: "}, + {"Cannot.find.file.", "No se ha encontrado el archivo: "}, + {"Command.option.flag.needs.an.argument.", "La opci\u00F3n de comando {0} necesita un argumento."}, + {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", + "Advertencia: los almacenes de claves en formato PKCS12 no admiten contrase\u00F1as de clave y almacenamiento distintas. Se ignorar\u00E1 el valor especificado por el usuario, {0}."}, + {".keystore.must.be.NONE.if.storetype.is.{0}", + "-keystore debe ser NONE si -storetype es {0}"}, + {"Too.many.retries.program.terminated", + "Ha habido demasiados intentos, se ha cerrado el programa"}, + {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", + "Los comandos -storepasswd y -keypasswd no est\u00E1n soportados si -storetype es {0}"}, + {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", + "Los comandos -keypasswd no est\u00E1n soportados si -storetype es PKCS12"}, + {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", + "-keypass y -new no se pueden especificar si -storetype es {0}"}, + {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", + "si se especifica -protected, no deben especificarse -storepass, -keypass ni -new"}, + {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", + "Si se especifica -srcprotected, no se puede especificar -srcstorepass ni -srckeypass"}, + {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", + "Si keystore no est\u00E1 protegido por contrase\u00F1a, no se deben especificar -storepass, -keypass ni -new"}, + {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", + "Si el almac\u00E9n de claves de origen no est\u00E1 protegido por contrase\u00F1a, no se deben especificar -srcstorepass ni -srckeypass"}, + {"Illegal.startdate.value", "Valor de fecha de inicio no permitido"}, + {"Validity.must.be.greater.than.zero", + "La validez debe ser mayor que cero"}, + {"provName.not.a.provider", "{0} no es un proveedor"}, + {"Usage.error.no.command.provided", "Error de sintaxis: no se ha proporcionado ning\u00FAn comando"}, + {"Source.keystore.file.exists.but.is.empty.", "El archivo de almac\u00E9n de claves de origen existe, pero est\u00E1 vac\u00EDo: "}, + {"Please.specify.srckeystore", "Especifique -srckeystore"}, + {"Must.not.specify.both.v.and.rfc.with.list.command", + "No se deben especificar -v y -rfc simult\u00E1neamente con el comando 'list'"}, + {"Key.password.must.be.at.least.6.characters", + "La contrase\u00F1a de clave debe tener al menos 6 caracteres"}, + {"New.password.must.be.at.least.6.characters", + "La nueva contrase\u00F1a debe tener al menos 6 caracteres"}, + {"Keystore.file.exists.but.is.empty.", + "El archivo de almac\u00E9n de claves existe, pero est\u00E1 vac\u00EDo: "}, + {"Keystore.file.does.not.exist.", + "El archivo de almac\u00E9n de claves no existe: "}, + {"Must.specify.destination.alias", "Se debe especificar un alias de destino"}, + {"Must.specify.alias", "Se debe especificar un alias"}, + {"Keystore.password.must.be.at.least.6.characters", + "La contrase\u00F1a del almac\u00E9n de claves debe tener al menos 6 caracteres"}, + {"Enter.keystore.password.", "Introduzca la contrase\u00F1a del almac\u00E9n de claves: "}, + {"Enter.source.keystore.password.", "Introduzca la contrase\u00F1a de almac\u00E9n de claves de origen: "}, + {"Enter.destination.keystore.password.", "Introduzca la contrase\u00F1a de almac\u00E9n de claves de destino: "}, + {"Keystore.password.is.too.short.must.be.at.least.6.characters", + "La contrase\u00F1a del almac\u00E9n de claves es demasiado corta, debe tener al menos 6 caracteres"}, + {"Unknown.Entry.Type", "Tipo de Entrada Desconocido"}, + {"Too.many.failures.Alias.not.changed", "Demasiados fallos. No se ha cambiado el alias"}, + {"Entry.for.alias.alias.successfully.imported.", + "La entrada del alias {0} se ha importado correctamente."}, + {"Entry.for.alias.alias.not.imported.", "La entrada del alias {0} no se ha importado."}, + {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", + "Problema al importar la entrada del alias {0}: {1}.\nNo se ha importado la entrada del alias {0}."}, + {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", + "Comando de importaci\u00F3n completado: {0} entradas importadas correctamente, {1} entradas incorrectas o canceladas"}, + {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", + "Advertencia: se sobrescribir\u00E1 el alias {0} en el almac\u00E9n de claves de destino"}, + {"Existing.entry.alias.alias.exists.overwrite.no.", + "El alias de entrada existente {0} ya existe, \u00BFdesea sobrescribirlo? [no]: "}, + {"Too.many.failures.try.later", "Demasiados fallos; int\u00E9ntelo m\u00E1s adelante"}, + {"Certification.request.stored.in.file.filename.", + "Solicitud de certificaci\u00F3n almacenada en el archivo <{0}>"}, + {"Submit.this.to.your.CA", "Enviar a la CA"}, + {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", + "si no se especifica el alias, no se puede especificar destalias, srckeypass ni destkeypass"}, + {"Certificate.stored.in.file.filename.", + "Certificado almacenado en el archivo <{0}>"}, + {"Certificate.reply.was.installed.in.keystore", + "Se ha instalado la respuesta del certificado en el almac\u00E9n de claves"}, + {"Certificate.reply.was.not.installed.in.keystore", + "No se ha instalado la respuesta del certificado en el almac\u00E9n de claves"}, + {"Certificate.was.added.to.keystore", + "Se ha agregado el certificado al almac\u00E9n de claves"}, + {"Certificate.was.not.added.to.keystore", + "No se ha agregado el certificado al almac\u00E9n de claves"}, + {".Storing.ksfname.", "[Almacenando {0}]"}, + {"alias.has.no.public.key.certificate.", + "{0} no tiene clave p\u00FAblica (certificado)"}, + {"Cannot.derive.signature.algorithm", + "No se puede derivar el algoritmo de firma"}, + {"Alias.alias.does.not.exist", + "El alias <{0}> no existe"}, + {"Alias.alias.has.no.certificate", + "El alias <{0}> no tiene certificado"}, + {"Key.pair.not.generated.alias.alias.already.exists", + "No se ha generado el par de claves, el alias <{0}> ya existe"}, + {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", + "Generando par de claves {1} de {0} bits para certificado autofirmado ({2}) con una validez de {3} d\u00EDas\n\tpara: {4}"}, + {"Enter.key.password.for.alias.", "Introduzca la contrase\u00F1a de clave para <{0}>"}, + {".RETURN.if.same.as.keystore.password.", + "\t(INTRO si es la misma contrase\u00F1a que la del almac\u00E9n de claves): "}, + {"Key.password.is.too.short.must.be.at.least.6.characters", + "La contrase\u00F1a de clave es demasiado corta; debe tener al menos 6 caracteres"}, + {"Too.many.failures.key.not.added.to.keystore", + "Demasiados fallos; no se ha agregado la clave al almac\u00E9n de claves"}, + {"Destination.alias.dest.already.exists", + "El alias de destino <{0}> ya existe"}, + {"Password.is.too.short.must.be.at.least.6.characters", + "La contrase\u00F1a es demasiado corta; debe tener al menos 6 caracteres"}, + {"Too.many.failures.Key.entry.not.cloned", + "Demasiados fallos. No se ha clonado la entrada de clave"}, + {"key.password.for.alias.", "contrase\u00F1a de clave para <{0}>"}, + {"Keystore.entry.for.id.getName.already.exists", + "La entrada de almac\u00E9n de claves para <{0}> ya existe"}, + {"Creating.keystore.entry.for.id.getName.", + "Creando entrada de almac\u00E9n de claves para <{0}> ..."}, + {"No.entries.from.identity.database.added", + "No se han agregado entradas de la base de datos de identidades"}, + {"Alias.name.alias", "Nombre de Alias: {0}"}, + {"Creation.date.keyStore.getCreationDate.alias.", + "Fecha de Creaci\u00F3n: {0,date}"}, + {"alias.keyStore.getCreationDate.alias.", + "{0}, {1,date}, "}, + {"alias.", "{0}, "}, + {"Entry.type.type.", "Tipo de Entrada: {0}"}, + {"Certificate.chain.length.", "Longitud de la Cadena de Certificado: "}, + {"Certificate.i.1.", "Certificado[{0,number,integer}]:"}, + {"Certificate.fingerprint.SHA1.", "Huella Digital de Certificado (SHA1): "}, + {"Keystore.type.", "Tipo de Almac\u00E9n de Claves: "}, + {"Keystore.provider.", "Proveedor de Almac\u00E9n de Claves: "}, + {"Your.keystore.contains.keyStore.size.entry", + "Su almac\u00E9n de claves contiene {0,number,integer} entrada"}, + {"Your.keystore.contains.keyStore.size.entries", + "Su almac\u00E9n de claves contiene {0,number,integer} entradas"}, + {"Failed.to.parse.input", "Fallo al analizar la entrada"}, + {"Empty.input", "Entrada vac\u00EDa"}, + {"Not.X.509.certificate", "No es un certificado X.509"}, + {"alias.has.no.public.key", "{0} no tiene clave p\u00FAblica"}, + {"alias.has.no.X.509.certificate", "{0} no tiene certificado X.509"}, + {"New.certificate.self.signed.", "Nuevo Certificado (Autofirmado):"}, + {"Reply.has.no.certificates", "La respuesta no tiene certificados"}, + {"Certificate.not.imported.alias.alias.already.exists", + "Certificado no importado, el alias <{0}> ya existe"}, + {"Input.not.an.X.509.certificate", "La entrada no es un certificado X.509"}, + {"Certificate.already.exists.in.keystore.under.alias.trustalias.", + "El certificado ya existe en el almac\u00E9n de claves con el alias <{0}>"}, + {"Do.you.still.want.to.add.it.no.", + "\u00BFA\u00FAn desea agregarlo? [no]: "}, + {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", + "El certificado ya existe en el almac\u00E9n de claves de la CA del sistema, con el alias <{0}>"}, + {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", + "\u00BFA\u00FAn desea agregarlo a su propio almac\u00E9n de claves? [no]: "}, + {"Trust.this.certificate.no.", "\u00BFConfiar en este certificado? [no]: "}, + {"YES", "S\u00CD"}, + {"New.prompt.", "Nuevo {0}: "}, + {"Passwords.must.differ", "Las contrase\u00F1as deben ser distintas"}, + {"Re.enter.new.prompt.", "Vuelva a escribir el nuevo {0}: "}, + {"Re.enter.new.password.", "Volver a escribir la contrase\u00F1a nueva: "}, + {"They.don.t.match.Try.again", "No coinciden. Int\u00E9ntelo de nuevo"}, + {"Enter.prompt.alias.name.", "Escriba el nombre de alias de {0}: "}, + {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", + "Indique el nuevo nombre de alias\t(INTRO para cancelar la importaci\u00F3n de esta entrada): "}, + {"Enter.alias.name.", "Introduzca el nombre de alias: "}, + {".RETURN.if.same.as.for.otherAlias.", + "\t(INTRO si es el mismo que para <{0}>)"}, + {".PATTERN.printX509Cert", + "Propietario: {0}\nEmisor: {1}\nN\u00FAmero de serie: {2}\nV\u00E1lido desde: {3} hasta: {4}\nHuellas digitales del Certificado:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t Nombre del Algoritmo de Firma: {8}\n\t Versi\u00F3n: {9}"}, + {"What.is.your.first.and.last.name.", + "\u00BFCu\u00E1les son su nombre y su apellido?"}, + {"What.is.the.name.of.your.organizational.unit.", + "\u00BFCu\u00E1l es el nombre de su unidad de organizaci\u00F3n?"}, + {"What.is.the.name.of.your.organization.", + "\u00BFCu\u00E1l es el nombre de su organizaci\u00F3n?"}, + {"What.is.the.name.of.your.City.or.Locality.", + "\u00BFCu\u00E1l es el nombre de su ciudad o localidad?"}, + {"What.is.the.name.of.your.State.or.Province.", + "\u00BFCu\u00E1l es el nombre de su estado o provincia?"}, + {"What.is.the.two.letter.country.code.for.this.unit.", + "\u00BFCu\u00E1l es el c\u00F3digo de pa\u00EDs de dos letras de la unidad?"}, + {"Is.name.correct.", "\u00BFEs correcto {0}?"}, + {"no", "no"}, + {"yes", "s\u00ED"}, + {"y", "s"}, + {".defaultValue.", " [{0}]: "}, + {"Alias.alias.has.no.key", + "El alias <{0}> no tiene clave"}, + {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", + "El alias <{0}> hace referencia a un tipo de entrada que no es una clave privada. El comando -keyclone s\u00F3lo permite la clonaci\u00F3n de entradas de claves privadas"}, + + {".WARNING.WARNING.WARNING.", + "***************** WARNING WARNING WARNING *****************"}, + {"Signer.d.", "#%d de Firmante:"}, + {"Timestamp.", "Registro de Hora:"}, + {"Signature.", "Firma:"}, + {"CRLs.", "CRL:"}, + {"Certificate.owner.", "Propietario del Certificado: "}, + {"Not.a.signed.jar.file", "No es un archivo jar firmado"}, + {"No.certificate.from.the.SSL.server", + "Ning\u00FAn certificado del servidor SSL"}, + + {".The.integrity.of.the.information.stored.in.your.keystore.", + "* La integridad de la informaci\u00F3n almacenada en el almac\u00E9n de claves *\n* NO se ha comprobado. Para comprobar dicha integridad, *\n* debe proporcionar la contrase\u00F1a del almac\u00E9n de claves. *"}, + {".The.integrity.of.the.information.stored.in.the.srckeystore.", + "* La integridad de la informaci\u00F3n almacenada en srckeystore*\n* NO se ha comprobado. Para comprobar dicha integridad, *\n* debe proporcionar la contrase\u00F1a de srckeystore. *"}, + + {"Certificate.reply.does.not.contain.public.key.for.alias.", + "La respuesta de certificado no contiene una clave p\u00FAblica para <{0}>"}, + {"Incomplete.certificate.chain.in.reply", + "Cadena de certificado incompleta en la respuesta"}, + {"Certificate.chain.in.reply.does.not.verify.", + "La cadena de certificado de la respuesta no verifica: "}, + {"Top.level.certificate.in.reply.", + "Certificado de nivel superior en la respuesta:\n"}, + {".is.not.trusted.", "... no es de confianza. "}, + {"Install.reply.anyway.no.", "\u00BFInstalar respuesta de todos modos? [no]: "}, + {"NO", "NO"}, + {"Public.keys.in.reply.and.keystore.don.t.match", + "Las claves p\u00FAblicas en la respuesta y en el almac\u00E9n de claves no coinciden"}, + {"Certificate.reply.and.certificate.in.keystore.are.identical", + "La respuesta del certificado y el certificado en el almac\u00E9n de claves son id\u00E9nticos"}, + {"Failed.to.establish.chain.from.reply", + "No se ha podido definir una cadena a partir de la respuesta"}, + {"n", "n"}, + {"Wrong.answer.try.again", "Respuesta incorrecta, vuelva a intentarlo"}, + {"Secret.key.not.generated.alias.alias.already.exists", + "No se ha generado la clave secreta, el alias <{0}> ya existe"}, + {"Please.provide.keysize.for.secret.key.generation", + "Proporcione el valor de -keysize para la generaci\u00F3n de claves secretas"}, + + {"Extensions.", "Extensiones: "}, + {".Empty.value.", "(Valor vac\u00EDo)"}, + {"Extension.Request.", "Solicitud de Extensi\u00F3n:"}, + {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", + "Solicitud de Certificado PKCS #10 (Versi\u00F3n 1.0)\nAsunto: %s\nClave P\u00FAblica: %s formato %s clave\n"}, + {"Unknown.keyUsage.type.", "Tipo de uso de clave desconocido: "}, + {"Unknown.extendedkeyUsage.type.", "Tipo de uso de clave extendida desconocido: "}, + {"Unknown.AccessDescription.type.", "Tipo de descripci\u00F3n de acceso desconocido: "}, + {"Unrecognized.GeneralName.type.", "Tipo de nombre general no reconocido: "}, + {"This.extension.cannot.be.marked.as.critical.", + "Esta extensi\u00F3n no se puede marcar como cr\u00EDtica. "}, + {"Odd.number.of.hex.digits.found.", "Se ha encontrado un n\u00FAmero impar de d\u00EDgitos hexadecimales: "}, + {"Unknown.extension.type.", "Tipo de extensi\u00F3n desconocida: "}, + {"command.{0}.is.ambiguous.", "El comando {0} es ambiguo:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Resources_fr.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,429 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.keytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the keytool. + * + */ +public class Resources_fr extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"STAR", + "*******************************************"}, + {"STARNN", + "*******************************************\n\n"}, + + // keytool: Help part + {".OPTION.", " [OPTION]..."}, + {"Options.", "Options :"}, + {"Use.keytool.help.for.all.available.commands", + "Utiliser \"keytool -help\" pour toutes les commandes disponibles"}, + {"Key.and.Certificate.Management.Tool", + "Outil de gestion de certificats et de cl\u00E9s"}, + {"Commands.", "Commandes :"}, + {"Use.keytool.command.name.help.for.usage.of.command.name", + "Utiliser \"keytool -command_name -help\" pour la syntaxe de command_name"}, + // keytool: help: commands + {"Generates.a.certificate.request", + "G\u00E9n\u00E8re une demande de certificat"}, //-certreq + {"Changes.an.entry.s.alias", + "Modifie l'alias d'une entr\u00E9e"}, //-changealias + {"Deletes.an.entry", + "Supprime une entr\u00E9e"}, //-delete + {"Exports.certificate", + "Exporte le certificat"}, //-exportcert + {"Generates.a.key.pair", + "G\u00E9n\u00E8re une paire de cl\u00E9s"}, //-genkeypair + {"Generates.a.secret.key", + "G\u00E9n\u00E8re une cl\u00E9 secr\u00E8te"}, //-genseckey + {"Generates.certificate.from.a.certificate.request", + "G\u00E9n\u00E8re le certificat \u00E0 partir d'une demande de certificat"}, //-gencert + {"Generates.CRL", "G\u00E9n\u00E8re la liste des certificats r\u00E9voqu\u00E9s (CRL)"}, //-gencrl + {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", + "Importe les entr\u00E9es \u00E0 partir d'une base de donn\u00E9es d'identit\u00E9s de type JDK 1.1.x"}, //-identitydb + {"Imports.a.certificate.or.a.certificate.chain", + "Importe un certificat ou une cha\u00EEne de certificat"}, //-importcert + {"Imports.one.or.all.entries.from.another.keystore", + "Importe une entr\u00E9e ou la totalit\u00E9 des entr\u00E9es depuis un autre fichier de cl\u00E9s"}, //-importkeystore + {"Clones.a.key.entry", + "Clone une entr\u00E9e de cl\u00E9"}, //-keyclone + {"Changes.the.key.password.of.an.entry", + "Modifie le mot de passe de cl\u00E9 d'une entr\u00E9e"}, //-keypasswd + {"Lists.entries.in.a.keystore", + "R\u00E9pertorie les entr\u00E9es d'un fichier de cl\u00E9s"}, //-list + {"Prints.the.content.of.a.certificate", + "Imprime le contenu d'un certificat"}, //-printcert + {"Prints.the.content.of.a.certificate.request", + "Imprime le contenu d'une demande de certificat"}, //-printcertreq + {"Prints.the.content.of.a.CRL.file", + "Imprime le contenu d'un fichier de liste des certificats r\u00E9voqu\u00E9s (CRL)"}, //-printcrl + {"Generates.a.self.signed.certificate", + "G\u00E9n\u00E8re un certificat auto-sign\u00E9"}, //-selfcert + {"Changes.the.store.password.of.a.keystore", + "Modifie le mot de passe de banque d'un fichier de cl\u00E9s"}, //-storepasswd + // keytool: help: options + {"alias.name.of.the.entry.to.process", + "nom d'alias de l'entr\u00E9e \u00E0 traiter"}, //-alias + {"destination.alias", + "alias de destination"}, //-destalias + {"destination.key.password", + "mot de passe de la cl\u00E9 de destination"}, //-destkeypass + {"destination.keystore.name", + "nom du fichier de cl\u00E9s de destination"}, //-destkeystore + {"destination.keystore.password.protected", + "mot de passe du fichier de cl\u00E9s de destination prot\u00E9g\u00E9"}, //-destprotected + {"destination.keystore.provider.name", + "nom du fournisseur du fichier de cl\u00E9s de destination"}, //-destprovidername + {"destination.keystore.password", + "mot de passe du fichier de cl\u00E9s de destination"}, //-deststorepass + {"destination.keystore.type", + "type du fichier de cl\u00E9s de destination"}, //-deststoretype + {"distinguished.name", + "nom distinctif"}, //-dname + {"X.509.extension", + "extension X.509"}, //-ext + {"output.file.name", + "nom du fichier de sortie"}, //-file and -outfile + {"input.file.name", + "nom du fichier d'entr\u00E9e"}, //-file and -infile + {"key.algorithm.name", + "nom de l'algorithme de cl\u00E9"}, //-keyalg + {"key.password", + "mot de passe de la cl\u00E9"}, //-keypass + {"key.bit.size", + "taille en bits de la cl\u00E9"}, //-keysize + {"keystore.name", + "nom du fichier de cl\u00E9s"}, //-keystore + {"new.password", + "nouveau mot de passe"}, //-new + {"do.not.prompt", + "ne pas inviter"}, //-noprompt + {"password.through.protected.mechanism", + "mot de passe via m\u00E9canisme prot\u00E9g\u00E9"}, //-protected + {"provider.argument", + "argument du fournisseur"}, //-providerarg + {"provider.class.name", + "nom de la classe de fournisseur"}, //-providerclass + {"provider.name", + "nom du fournisseur"}, //-providername + {"provider.classpath", + "variable d'environnement CLASSPATH du fournisseur"}, //-providerpath + {"output.in.RFC.style", + "sortie au style RFC"}, //-rfc + {"signature.algorithm.name", + "nom de l'algorithme de signature"}, //-sigalg + {"source.alias", + "alias source"}, //-srcalias + {"source.key.password", + "mot de passe de la cl\u00E9 source"}, //-srckeypass + {"source.keystore.name", + "nom du fichier de cl\u00E9s source"}, //-srckeystore + {"source.keystore.password.protected", + "mot de passe du fichier de cl\u00E9s source prot\u00E9g\u00E9"}, //-srcprotected + {"source.keystore.provider.name", + "nom du fournisseur du fichier de cl\u00E9s source"}, //-srcprovidername + {"source.keystore.password", + "mot de passe du fichier de cl\u00E9s source"}, //-srcstorepass + {"source.keystore.type", + "type du fichier de cl\u00E9s source"}, //-srcstoretype + {"SSL.server.host.and.port", + "Port et h\u00F4te du serveur SSL"}, //-sslserver + {"signed.jar.file", + "fichier JAR sign\u00E9"}, //=jarfile + {"certificate.validity.start.date.time", + "date/heure de d\u00E9but de validit\u00E9 du certificat"}, //-startdate + {"keystore.password", + "mot de passe du fichier de cl\u00E9s"}, //-storepass + {"keystore.type", + "type du fichier de cl\u00E9s"}, //-storetype + {"trust.certificates.from.cacerts", + "certificats s\u00E9curis\u00E9s issus de certificats CA"}, //-trustcacerts + {"verbose.output", + "sortie en mode verbose"}, //-v + {"validity.number.of.days", + "nombre de jours de validit\u00E9"}, //-validity + {"Serial.ID.of.cert.to.revoke", + "ID de s\u00E9rie du certificat \u00E0 r\u00E9voquer"}, //-id + // keytool: Running part + {"keytool.error.", "erreur keytool : "}, + {"Illegal.option.", "Option non admise : "}, + {"Illegal.value.", "Valeur non admise : "}, + {"Unknown.password.type.", "Type de mot de passe inconnu : "}, + {"Cannot.find.environment.variable.", + "Variable d'environnement introuvable : "}, + {"Cannot.find.file.", "Fichier introuvable : "}, + {"Command.option.flag.needs.an.argument.", "L''option de commande {0} requiert un argument."}, + {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", + "Avertissement\u00A0: les mots de passe de cl\u00E9 et de banque distincts ne sont pas pris en charge pour les fichiers de cl\u00E9s d''acc\u00E8s PKCS12. La valeur {0} sp\u00E9cifi\u00E9e par l''utilisateur est ignor\u00E9e."}, + {".keystore.must.be.NONE.if.storetype.is.{0}", + "-keystore doit \u00EAtre d\u00E9fini sur NONE si -storetype est {0}"}, + {"Too.many.retries.program.terminated", + "Trop de tentatives, fin du programme"}, + {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", + "Les commandes -storepasswd et -keypasswd ne sont pas prises en charge si -storetype est d\u00E9fini sur {0}"}, + {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", + "Les commandes -keypasswd ne sont pas prises en charge si -storetype est d\u00E9fini sur PKCS12"}, + {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", + "Les commandes -keypass et -new ne peuvent pas \u00EAtre sp\u00E9cifi\u00E9es si -storetype est d\u00E9fini sur {0}"}, + {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", + "si -protected est sp\u00E9cifi\u00E9, -storepass, -keypass et -new ne doivent pas \u00EAtre indiqu\u00E9s"}, + {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", + "Si -srcprotected est indiqu\u00E9, les commandes -srcstorepass et -srckeypass ne doivent pas \u00EAtre sp\u00E9cifi\u00E9es"}, + {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", + "Si le fichier de cl\u00E9s n'est pas prot\u00E9g\u00E9 par un mot de passe, les commandes -storepass, -keypass et -new ne doivent pas \u00EAtre sp\u00E9cifi\u00E9es"}, + {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", + "Si le fichier de cl\u00E9s source n'est pas prot\u00E9g\u00E9 par un mot de passe, les commandes -srcstorepass et -srckeypass ne doivent pas \u00EAtre sp\u00E9cifi\u00E9es"}, + {"Illegal.startdate.value", "Valeur de date de d\u00E9but non admise"}, + {"Validity.must.be.greater.than.zero", + "La validit\u00E9 doit \u00EAtre sup\u00E9rieure \u00E0 z\u00E9ro"}, + {"provName.not.a.provider", "{0} n''est pas un fournisseur"}, + {"Usage.error.no.command.provided", "Erreur de syntaxe\u00A0: aucune commande fournie"}, + {"Source.keystore.file.exists.but.is.empty.", "Le fichier de cl\u00E9s source existe mais il est vide : "}, + {"Please.specify.srckeystore", "Indiquez -srckeystore"}, + {"Must.not.specify.both.v.and.rfc.with.list.command", + "-v et -rfc ne doivent pas \u00EAtre sp\u00E9cifi\u00E9s avec la commande 'list'"}, + {"Key.password.must.be.at.least.6.characters", + "Un mot de passe de cl\u00E9 doit comporter au moins 6 caract\u00E8res"}, + {"New.password.must.be.at.least.6.characters", + "Le nouveau mot de passe doit comporter au moins 6 caract\u00E8res"}, + {"Keystore.file.exists.but.is.empty.", + "Fichier de cl\u00E9s existant mais vide : "}, + {"Keystore.file.does.not.exist.", + "Le fichier de cl\u00E9s n'existe pas : "}, + {"Must.specify.destination.alias", "L'alias de destination doit \u00EAtre sp\u00E9cifi\u00E9"}, + {"Must.specify.alias", "L'alias doit \u00EAtre sp\u00E9cifi\u00E9"}, + {"Keystore.password.must.be.at.least.6.characters", + "Un mot de passe de fichier de cl\u00E9s doit comporter au moins 6 caract\u00E8res"}, + {"Enter.keystore.password.", "Entrez le mot de passe du fichier de cl\u00E9s : "}, + {"Enter.source.keystore.password.", "Entrez le mot de passe du fichier de cl\u00E9s source\u00A0: "}, + {"Enter.destination.keystore.password.", "Entrez le mot de passe du fichier de cl\u00E9s de destination\u00A0: "}, + {"Keystore.password.is.too.short.must.be.at.least.6.characters", + "Le mot de passe du fichier de cl\u00E9s est trop court : il doit comporter au moins 6 caract\u00E8res"}, + {"Unknown.Entry.Type", "Type d'entr\u00E9e inconnu"}, + {"Too.many.failures.Alias.not.changed", "Trop d'erreurs. Alias non modifi\u00E9"}, + {"Entry.for.alias.alias.successfully.imported.", + "L''entr\u00E9e de l''alias {0} a \u00E9t\u00E9 import\u00E9e."}, + {"Entry.for.alias.alias.not.imported.", "L''entr\u00E9e de l''alias {0} n''a pas \u00E9t\u00E9 import\u00E9e."}, + {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", + "Probl\u00E8me lors de l''import de l''entr\u00E9e de l''alias {0}\u00A0: {1}.\nL''entr\u00E9e de l''alias {0} n''a pas \u00E9t\u00E9 import\u00E9e."}, + {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", + "Commande d''import ex\u00E9cut\u00E9e\u00A0: {0} entr\u00E9es import\u00E9es, \u00E9chec ou annulation de {1} entr\u00E9es"}, + {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", + "Avertissement\u00A0: l''alias {0} existant sera remplac\u00E9 dans le fichier de cl\u00E9s d''acc\u00E8s de destination"}, + {"Existing.entry.alias.alias.exists.overwrite.no.", + "L''alias d''entr\u00E9e {0} existe d\u00E9j\u00E0. Voulez-vous le remplacer ? [non]\u00A0: "}, + {"Too.many.failures.try.later", "Trop d'erreurs. R\u00E9essayez plus tard"}, + {"Certification.request.stored.in.file.filename.", + "Demande de certification stock\u00E9e dans le fichier <{0}>"}, + {"Submit.this.to.your.CA", "Soumettre \u00E0 votre CA"}, + {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", + "si l'alias n'est pas sp\u00E9cifi\u00E9, destalias, srckeypass et destkeypass ne doivent pas \u00EAtre sp\u00E9cifi\u00E9s"}, + {"Certificate.stored.in.file.filename.", + "Certificat stock\u00E9 dans le fichier <{0}>"}, + {"Certificate.reply.was.installed.in.keystore", + "R\u00E9ponse de certificat install\u00E9e dans le fichier de cl\u00E9s"}, + {"Certificate.reply.was.not.installed.in.keystore", + "R\u00E9ponse de certificat non install\u00E9e dans le fichier de cl\u00E9s"}, + {"Certificate.was.added.to.keystore", + "Certificat ajout\u00E9 au fichier de cl\u00E9s"}, + {"Certificate.was.not.added.to.keystore", + "Certificat non ajout\u00E9 au fichier de cl\u00E9s"}, + {".Storing.ksfname.", "[Stockage de {0}]"}, + {"alias.has.no.public.key.certificate.", + "{0} ne poss\u00E8de pas de cl\u00E9 publique (certificat)"}, + {"Cannot.derive.signature.algorithm", + "Impossible de d\u00E9duire l'algorithme de signature"}, + {"Alias.alias.does.not.exist", + "L''alias <{0}> n''existe pas"}, + {"Alias.alias.has.no.certificate", + "L''alias <{0}> ne poss\u00E8de pas de certificat"}, + {"Key.pair.not.generated.alias.alias.already.exists", + "Paire de cl\u00E9s non g\u00E9n\u00E9r\u00E9e, l''alias <{0}> existe d\u00E9j\u00E0"}, + {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", + "G\u00E9n\u00E9ration d''une paire de cl\u00E9s {1} de {0} bits et d''un certificat auto-sign\u00E9 ({2}) d''une validit\u00E9 de {3} jours\n\tpour : {4}"}, + {"Enter.key.password.for.alias.", "Entrez le mot de passe de la cl\u00E9 pour <{0}>"}, + {".RETURN.if.same.as.keystore.password.", + "\t(appuyez sur Entr\u00E9e s'il s'agit du mot de passe du fichier de cl\u00E9s) : "}, + {"Key.password.is.too.short.must.be.at.least.6.characters", + "Le mot de passe de la cl\u00E9 est trop court : il doit comporter au moins 6 caract\u00E8res"}, + {"Too.many.failures.key.not.added.to.keystore", + "Trop d'erreurs. Cl\u00E9 non ajout\u00E9e au fichier de cl\u00E9s"}, + {"Destination.alias.dest.already.exists", + "L''alias de la destination <{0}> existe d\u00E9j\u00E0"}, + {"Password.is.too.short.must.be.at.least.6.characters", + "Le mot de passe est trop court : il doit comporter au moins 6 caract\u00E8res"}, + {"Too.many.failures.Key.entry.not.cloned", + "Trop d'erreurs. Entr\u00E9e de cl\u00E9 non clon\u00E9e"}, + {"key.password.for.alias.", "mot de passe de cl\u00E9 pour <{0}>"}, + {"Keystore.entry.for.id.getName.already.exists", + "L''entr\u00E9e de fichier de cl\u00E9s d''acc\u00E8s pour <{0}> existe d\u00E9j\u00E0"}, + {"Creating.keystore.entry.for.id.getName.", + "Cr\u00E9ation d''une entr\u00E9e de fichier de cl\u00E9s d''acc\u00E8s pour <{0}>..."}, + {"No.entries.from.identity.database.added", + "Aucune entr\u00E9e ajout\u00E9e \u00E0 partir de la base de donn\u00E9es d'identit\u00E9s"}, + {"Alias.name.alias", "Nom d''alias : {0}"}, + {"Creation.date.keyStore.getCreationDate.alias.", + "Date de cr\u00E9ation : {0,date}"}, + {"alias.keyStore.getCreationDate.alias.", + "{0}, {1,date}, "}, + {"alias.", "{0}, "}, + {"Entry.type.type.", "Type d''entr\u00E9e\u00A0: {0}"}, + {"Certificate.chain.length.", "Longueur de cha\u00EEne du certificat : "}, + {"Certificate.i.1.", "Certificat[{0,number,integer}]:"}, + {"Certificate.fingerprint.SHA1.", "Empreinte du certificat (SHA1) : "}, + {"Keystore.type.", "Type de fichier de cl\u00E9s : "}, + {"Keystore.provider.", "Fournisseur de fichier de cl\u00E9s : "}, + {"Your.keystore.contains.keyStore.size.entry", + "Votre fichier de cl\u00E9s d''acc\u00E8s contient {0,number,integer} entr\u00E9e"}, + {"Your.keystore.contains.keyStore.size.entries", + "Votre fichier de cl\u00E9s d''acc\u00E8s contient {0,number,integer} entr\u00E9es"}, + {"Failed.to.parse.input", "L'analyse de l'entr\u00E9e a \u00E9chou\u00E9"}, + {"Empty.input", "Entr\u00E9e vide"}, + {"Not.X.509.certificate", "Pas un certificat X.509"}, + {"alias.has.no.public.key", "{0} ne poss\u00E8de pas de cl\u00E9 publique"}, + {"alias.has.no.X.509.certificate", "{0} ne poss\u00E8de pas de certificat X.509"}, + {"New.certificate.self.signed.", "Nouveau certificat (auto-sign\u00E9) :"}, + {"Reply.has.no.certificates", "La r\u00E9ponse n'a pas de certificat"}, + {"Certificate.not.imported.alias.alias.already.exists", + "Certificat non import\u00E9, l''alias <{0}> existe d\u00E9j\u00E0"}, + {"Input.not.an.X.509.certificate", "L'entr\u00E9e n'est pas un certificat X.509"}, + {"Certificate.already.exists.in.keystore.under.alias.trustalias.", + "Le certificat existe d\u00E9j\u00E0 dans le fichier de cl\u00E9s d''acc\u00E8s sous l''alias <{0}>"}, + {"Do.you.still.want.to.add.it.no.", + "Voulez-vous toujours l'ajouter ? [non] : "}, + {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", + "Le certificat existe d\u00E9j\u00E0 dans le fichier de cl\u00E9s d''acc\u00E8s CA syst\u00E8me sous l''alias <{0}>"}, + {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", + "Voulez-vous toujours l'ajouter \u00E0 votre fichier de cl\u00E9s ? [non] : "}, + {"Trust.this.certificate.no.", "Faire confiance \u00E0 ce certificat ? [non] : "}, + {"YES", "OUI"}, + {"New.prompt.", "Nouveau {0} : "}, + {"Passwords.must.differ", "Les mots de passe doivent diff\u00E9rer"}, + {"Re.enter.new.prompt.", "Indiquez encore le nouveau {0} : "}, + {"Re.enter.new.password.", "Ressaisissez le nouveau mot de passe : "}, + {"They.don.t.match.Try.again", "Ils sont diff\u00E9rents. R\u00E9essayez."}, + {"Enter.prompt.alias.name.", "Indiquez le nom d''alias {0} : "}, + {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", + "Saisissez le nom du nouvel alias\t(ou appuyez sur Entr\u00E9e pour annuler l'import de cette entr\u00E9e)\u00A0: "}, + {"Enter.alias.name.", "Indiquez le nom d'alias : "}, + {".RETURN.if.same.as.for.otherAlias.", + "\t(appuyez sur Entr\u00E9e si le r\u00E9sultat est identique \u00E0 <{0}>)"}, + {".PATTERN.printX509Cert", + "Propri\u00E9taire : {0}\nEmetteur : {1}\nNum\u00E9ro de s\u00E9rie : {2}\nValide du : {3} au : {4}\nEmpreintes du certificat :\n\t MD5: {5}\n\t SHA1 : {6}\n\t SHA256 : {7}\n\t Nom de l''algorithme de signature : {8}\n\t Version : {9}"}, + {"What.is.your.first.and.last.name.", + "Quels sont vos nom et pr\u00E9nom ?"}, + {"What.is.the.name.of.your.organizational.unit.", + "Quel est le nom de votre unit\u00E9 organisationnelle ?"}, + {"What.is.the.name.of.your.organization.", + "Quel est le nom de votre entreprise ?"}, + {"What.is.the.name.of.your.City.or.Locality.", + "Quel est le nom de votre ville de r\u00E9sidence ?"}, + {"What.is.the.name.of.your.State.or.Province.", + "Quel est le nom de votre \u00E9tat ou province ?"}, + {"What.is.the.two.letter.country.code.for.this.unit.", + "Quel est le code pays \u00E0 deux lettres pour cette unit\u00E9 ?"}, + {"Is.name.correct.", "Est-ce {0} ?"}, + {"no", "non"}, + {"yes", "oui"}, + {"y", "o"}, + {".defaultValue.", " [{0}]: "}, + {"Alias.alias.has.no.key", + "L''alias <{0}> n''est associ\u00E9 \u00E0 aucune cl\u00E9"}, + {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", + "L''entr\u00E9e \u00E0 laquelle l''alias <{0}> fait r\u00E9f\u00E9rence n''est pas une entr\u00E9e de type cl\u00E9 priv\u00E9e. La commande -keyclone prend uniquement en charge le clonage des cl\u00E9s priv\u00E9es"}, + + {".WARNING.WARNING.WARNING.", + "***************** WARNING WARNING WARNING *****************"}, + {"Signer.d.", "Signataire n\u00B0%d :"}, + {"Timestamp.", "Horodatage :"}, + {"Signature.", "Signature :"}, + {"CRLs.", "Listes des certificats r\u00E9voqu\u00E9s (CRL) :"}, + {"Certificate.owner.", "Propri\u00E9taire du certificat : "}, + {"Not.a.signed.jar.file", "Fichier JAR non sign\u00E9"}, + {"No.certificate.from.the.SSL.server", + "Aucun certificat du serveur SSL"}, + + {".The.integrity.of.the.information.stored.in.your.keystore.", + "* L'int\u00E9grit\u00E9 des informations stock\u00E9es dans votre fichier de cl\u00E9s *\n* n'a PAS \u00E9t\u00E9 v\u00E9rifi\u00E9e. Pour cela, *\n* vous devez fournir le mot de passe de votre fichier de cl\u00E9s. *"}, + {".The.integrity.of.the.information.stored.in.the.srckeystore.", + "* L'int\u00E9grit\u00E9 des informations stock\u00E9es dans le fichier de cl\u00E9s source *\n* n'a PAS \u00E9t\u00E9 v\u00E9rifi\u00E9e. Pour cela, *\n* vous devez fournir le mot de passe de votre fichier de cl\u00E9s source. *"}, + + {"Certificate.reply.does.not.contain.public.key.for.alias.", + "La r\u00E9ponse au certificat ne contient pas de cl\u00E9 publique pour <{0}>"}, + {"Incomplete.certificate.chain.in.reply", + "Cha\u00EEne de certificat incompl\u00E8te dans la r\u00E9ponse"}, + {"Certificate.chain.in.reply.does.not.verify.", + "La cha\u00EEne de certificat de la r\u00E9ponse ne concorde pas : "}, + {"Top.level.certificate.in.reply.", + "Certificat de niveau sup\u00E9rieur dans la r\u00E9ponse :\n"}, + {".is.not.trusted.", "... non s\u00E9curis\u00E9. "}, + {"Install.reply.anyway.no.", "Installer la r\u00E9ponse quand m\u00EAme ? [non] : "}, + {"NO", "NON"}, + {"Public.keys.in.reply.and.keystore.don.t.match", + "Les cl\u00E9s publiques de la r\u00E9ponse et du fichier de cl\u00E9s ne concordent pas"}, + {"Certificate.reply.and.certificate.in.keystore.are.identical", + "La r\u00E9ponse au certificat et le certificat du fichier de cl\u00E9s sont identiques"}, + {"Failed.to.establish.chain.from.reply", + "Impossible de cr\u00E9er une cha\u00EEne \u00E0 partir de la r\u00E9ponse"}, + {"n", "n"}, + {"Wrong.answer.try.again", "R\u00E9ponse incorrecte, recommencez"}, + {"Secret.key.not.generated.alias.alias.already.exists", + "Cl\u00E9 secr\u00E8te non g\u00E9n\u00E9r\u00E9e, l''alias <{0}> existe d\u00E9j\u00E0"}, + {"Please.provide.keysize.for.secret.key.generation", + "Indiquez -keysize pour la g\u00E9n\u00E9ration de la cl\u00E9 secr\u00E8te"}, + + {"Extensions.", "Extensions\u00A0: "}, + {".Empty.value.", "(Valeur vide)"}, + {"Extension.Request.", "Demande d'extension :"}, + {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", + "Demande de certificat PKCS #10 (version 1.0)\nSujet : %s\nCl\u00E9 publique : format %s pour la cl\u00E9 %s\n"}, + {"Unknown.keyUsage.type.", "Type keyUsage inconnu : "}, + {"Unknown.extendedkeyUsage.type.", "Type extendedkeyUsage inconnu : "}, + {"Unknown.AccessDescription.type.", "Type AccessDescription inconnu : "}, + {"Unrecognized.GeneralName.type.", "Type GeneralName non reconnu : "}, + {"This.extension.cannot.be.marked.as.critical.", + "Cette extension ne peut pas \u00EAtre marqu\u00E9e comme critique. "}, + {"Odd.number.of.hex.digits.found.", "Nombre impair de chiffres hexad\u00E9cimaux trouv\u00E9 : "}, + {"Unknown.extension.type.", "Type d'extension inconnu : "}, + {"command.{0}.is.ambiguous.", "commande {0} ambigu\u00EB :"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Resources_it.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,429 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.keytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the keytool. + * + */ +public class Resources_it extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"STAR", + "*******************************************"}, + {"STARNN", + "*******************************************\n\n"}, + + // keytool: Help part + {".OPTION.", " [OPTION]..."}, + {"Options.", "Opzioni:"}, + {"Use.keytool.help.for.all.available.commands", + "Utilizzare \"keytool -help\" per visualizzare tutti i comandi disponibili"}, + {"Key.and.Certificate.Management.Tool", + "Strumento di gestione di chiavi e certificati"}, + {"Commands.", "Comandi:"}, + {"Use.keytool.command.name.help.for.usage.of.command.name", + "Utilizzare \"keytool -command_name -help\" per informazioni sull'uso di command_name"}, + // keytool: help: commands + {"Generates.a.certificate.request", + "Genera una richiesta di certificato"}, //-certreq + {"Changes.an.entry.s.alias", + "Modifica l'alias di una voce"}, //-changealias + {"Deletes.an.entry", + "Elimina una voce"}, //-delete + {"Exports.certificate", + "Esporta il certificato"}, //-exportcert + {"Generates.a.key.pair", + "Genera una coppia di chiavi"}, //-genkeypair + {"Generates.a.secret.key", + "Genera una chiave segreta"}, //-genseckey + {"Generates.certificate.from.a.certificate.request", + "Genera un certificato da una richiesta di certificato"}, //-gencert + {"Generates.CRL", "Genera CRL"}, //-gencrl + {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", + "Importa le voci da un database delle identit\u00E0 di tipo JDK 1.1.x"}, //-identitydb + {"Imports.a.certificate.or.a.certificate.chain", + "Importa un certificato o una catena di certificati"}, //-importcert + {"Imports.one.or.all.entries.from.another.keystore", + "Importa una o tutte le voci da un altro keystore"}, //-importkeystore + {"Clones.a.key.entry", + "Duplica una voce di chiave"}, //-keyclone + {"Changes.the.key.password.of.an.entry", + "Modifica la password della chiave per una voce"}, //-keypasswd + {"Lists.entries.in.a.keystore", + "Elenca le voci in un keystore"}, //-list + {"Prints.the.content.of.a.certificate", + "Visualizza i contenuti di un certificato"}, //-printcert + {"Prints.the.content.of.a.certificate.request", + "Visualizza i contenuti di una richiesta di certificato"}, //-printcertreq + {"Prints.the.content.of.a.CRL.file", + "Visualizza i contenuti di un file CRL"}, //-printcrl + {"Generates.a.self.signed.certificate", + "Genera certificato con firma automatica"}, //-selfcert + {"Changes.the.store.password.of.a.keystore", + "Modifica la password di area di memorizzazione di un keystore"}, //-storepasswd + // keytool: help: options + {"alias.name.of.the.entry.to.process", + "nome alias della voce da elaborare"}, //-alias + {"destination.alias", + "alias di destinazione"}, //-destalias + {"destination.key.password", + "password chiave di destinazione"}, //-destkeypass + {"destination.keystore.name", + "nome keystore di destinazione"}, //-destkeystore + {"destination.keystore.password.protected", + "password keystore di destinazione protetta"}, //-destprotected + {"destination.keystore.provider.name", + "nome provider keystore di destinazione"}, //-destprovidername + {"destination.keystore.password", + "password keystore di destinazione"}, //-deststorepass + {"destination.keystore.type", + "tipo keystore di destinazione"}, //-deststoretype + {"distinguished.name", + "nome distinto"}, //-dname + {"X.509.extension", + "estensione X.509"}, //-ext + {"output.file.name", + "nome file di output"}, //-file and -outfile + {"input.file.name", + "nome file di input"}, //-file and -infile + {"key.algorithm.name", + "nome algoritmo chiave"}, //-keyalg + {"key.password", + "password chiave"}, //-keypass + {"key.bit.size", + "dimensione bit chiave"}, //-keysize + {"keystore.name", + "nome keystore"}, //-keystore + {"new.password", + "nuova password"}, //-new + {"do.not.prompt", + "non richiedere"}, //-noprompt + {"password.through.protected.mechanism", + "password mediante meccanismo protetto"}, //-protected + {"provider.argument", + "argomento provider"}, //-providerarg + {"provider.class.name", + "nome classe provider"}, //-providerclass + {"provider.name", + "nome provider"}, //-providername + {"provider.classpath", + "classpath provider"}, //-providerpath + {"output.in.RFC.style", + "output in stile RFC"}, //-rfc + {"signature.algorithm.name", + "nome algoritmo firma"}, //-sigalg + {"source.alias", + "alias origine"}, //-srcalias + {"source.key.password", + "password chiave di origine"}, //-srckeypass + {"source.keystore.name", + "nome keystore di origine"}, //-srckeystore + {"source.keystore.password.protected", + "password keystore di origine protetta"}, //-srcprotected + {"source.keystore.provider.name", + "nome provider keystore di origine"}, //-srcprovidername + {"source.keystore.password", + "password keystore di origine"}, //-srcstorepass + {"source.keystore.type", + "tipo keystore di origine"}, //-srcstoretype + {"SSL.server.host.and.port", + "host e porta server SSL"}, //-sslserver + {"signed.jar.file", + "file jar firmato"}, //=jarfile + {"certificate.validity.start.date.time", + "data/ora di inizio validit\u00E0 certificato"}, //-startdate + {"keystore.password", + "password keystore"}, //-storepass + {"keystore.type", + "tipo keystore"}, //-storetype + {"trust.certificates.from.cacerts", + "considera sicuri i certificati da cacerts"}, //-trustcacerts + {"verbose.output", + "output descrittivo"}, //-v + {"validity.number.of.days", + "numero di giorni di validit\u00E0"}, //-validity + {"Serial.ID.of.cert.to.revoke", + "ID seriale del certificato da revocare"}, //-id + // keytool: Running part + {"keytool.error.", "Errore keytool: "}, + {"Illegal.option.", "Opzione non valida: "}, + {"Illegal.value.", "Valore non valido: "}, + {"Unknown.password.type.", "Tipo di password sconosciuto: "}, + {"Cannot.find.environment.variable.", + "Impossibile trovare la variabile di ambiente: "}, + {"Cannot.find.file.", "Impossibile trovare il file: "}, + {"Command.option.flag.needs.an.argument.", "\u00C8 necessario specificare un argomento per l''opzione di comando {0}."}, + {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", + "Avvertenza: non sono supportate password diverse di chiave e di archivio per i keystore PKCS12. Il valore {0} specificato dall''utente verr\u00E0 ignorato."}, + {".keystore.must.be.NONE.if.storetype.is.{0}", + "Se -storetype \u00E8 impostato su {0}, -keystore deve essere impostato su NONE"}, + {"Too.many.retries.program.terminated", + "Il numero dei tentativi consentiti \u00E8 stato superato. Il programma verr\u00E0 terminato."}, + {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", + "Se -storetype \u00E8 impostato su {0}, i comandi -storepasswd e -keypasswd non sono supportati"}, + {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", + "Se -storetype \u00E8 impostato su PKCS12 i comandi -keypasswd non vengono supportati"}, + {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", + "Se -storetype \u00E8 impostato su {0}, non \u00E8 possibile specificare un valore per -keypass e -new"}, + {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", + "Se \u00E8 specificata l'opzione -protected, le opzioni -storepass, -keypass e -new non possono essere specificate"}, + {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", + "Se viene specificato -srcprotected, -srcstorepass e -srckeypass non dovranno essere specificati"}, + {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", + "Se il file keystore non \u00E8 protetto da password, non deve essere specificato alcun valore per -storepass, -keypass e -new"}, + {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", + "Se il file keystore non \u00E8 protetto da password, non deve essere specificato alcun valore per -srcstorepass e -srckeypass"}, + {"Illegal.startdate.value", "Valore di data di inizio non valido"}, + {"Validity.must.be.greater.than.zero", + "La validit\u00E0 deve essere maggiore di zero"}, + {"provName.not.a.provider", "{0} non \u00E8 un provider"}, + {"Usage.error.no.command.provided", "Errore di utilizzo: nessun comando specificato"}, + {"Source.keystore.file.exists.but.is.empty.", "Il file keystore di origine esiste, ma \u00E8 vuoto: "}, + {"Please.specify.srckeystore", "Specificare -srckeystore"}, + {"Must.not.specify.both.v.and.rfc.with.list.command", + "Impossibile specificare sia -v sia -rfc con il comando 'list'"}, + {"Key.password.must.be.at.least.6.characters", + "La password della chiave deve contenere almeno 6 caratteri"}, + {"New.password.must.be.at.least.6.characters", + "La nuova password deve contenere almeno 6 caratteri"}, + {"Keystore.file.exists.but.is.empty.", + "Il file keystore esiste ma \u00E8 vuoto: "}, + {"Keystore.file.does.not.exist.", + "Il file keystore non esiste: "}, + {"Must.specify.destination.alias", "\u00C8 necessario specificare l'alias di destinazione"}, + {"Must.specify.alias", "\u00C8 necessario specificare l'alias"}, + {"Keystore.password.must.be.at.least.6.characters", + "La password del keystore deve contenere almeno 6 caratteri"}, + {"Enter.keystore.password.", "Immettere la password del keystore: "}, + {"Enter.source.keystore.password.", "Immettere la password del keystore di origine: "}, + {"Enter.destination.keystore.password.", "Immettere la password del keystore di destinazione: "}, + {"Keystore.password.is.too.short.must.be.at.least.6.characters", + "La password del keystore \u00E8 troppo corta - deve contenere almeno 6 caratteri"}, + {"Unknown.Entry.Type", "Tipo di voce sconosciuto"}, + {"Too.many.failures.Alias.not.changed", "Numero eccessivo di errori. L'alias non \u00E8 stato modificato."}, + {"Entry.for.alias.alias.successfully.imported.", + "La voce dell''alias {0} \u00E8 stata importata."}, + {"Entry.for.alias.alias.not.imported.", "La voce dell''alias {0} non \u00E8 stata importata."}, + {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", + "Si \u00E8 verificato un problema durante l''importazione della voce dell''alias {0}: {1}.\nLa voce dell''alias {0} non \u00E8 stata importata."}, + {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", + "Comando di importazione completato: {0} voce/i importata/e, {1} voce/i non importata/e o annullata/e"}, + {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", + "Avvertenza: sovrascrittura in corso dell''alias {0} nel file keystore di destinazione"}, + {"Existing.entry.alias.alias.exists.overwrite.no.", + "La voce dell''alias {0} esiste gi\u00E0. Sovrascrivere? [no]: "}, + {"Too.many.failures.try.later", "Troppi errori - riprovare"}, + {"Certification.request.stored.in.file.filename.", + "La richiesta di certificazione \u00E8 memorizzata nel file <{0}>"}, + {"Submit.this.to.your.CA", "Sottomettere alla propria CA"}, + {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", + "Se l'alias non \u00E8 specificato, destalias, srckeypass e destkeypass non dovranno essere specificati"}, + {"Certificate.stored.in.file.filename.", + "Il certificato \u00E8 memorizzato nel file <{0}>"}, + {"Certificate.reply.was.installed.in.keystore", + "La risposta del certificato \u00E8 stata installata nel keystore"}, + {"Certificate.reply.was.not.installed.in.keystore", + "La risposta del certificato non \u00E8 stata installata nel keystore"}, + {"Certificate.was.added.to.keystore", + "Il certificato \u00E8 stato aggiunto al keystore"}, + {"Certificate.was.not.added.to.keystore", + "Il certificato non \u00E8 stato aggiunto al keystore"}, + {".Storing.ksfname.", "[Memorizzazione di {0}] in corso"}, + {"alias.has.no.public.key.certificate.", + "{0} non dispone di chiave pubblica (certificato)"}, + {"Cannot.derive.signature.algorithm", + "Impossibile derivare l'algoritmo di firma"}, + {"Alias.alias.does.not.exist", + "L''alias <{0}> non esiste"}, + {"Alias.alias.has.no.certificate", + "L''alias <{0}> non dispone di certificato"}, + {"Key.pair.not.generated.alias.alias.already.exists", + "Non \u00E8 stata generata la coppia di chiavi, l''alias <{0}> \u00E8 gi\u00E0 esistente"}, + {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", + "Generazione in corso di una coppia di chiavi {1} da {0} bit e di un certificato autofirmato ({2}) con una validit\u00E0 di {3} giorni\n\tper: {4}"}, + {"Enter.key.password.for.alias.", "Immettere la password della chiave per <{0}>"}, + {".RETURN.if.same.as.keystore.password.", + "\t(INVIO se corrisponde alla password del keystore): "}, + {"Key.password.is.too.short.must.be.at.least.6.characters", + "La password della chiave \u00E8 troppo corta - deve contenere almeno 6 caratteri"}, + {"Too.many.failures.key.not.added.to.keystore", + "Troppi errori - la chiave non \u00E8 stata aggiunta al keystore"}, + {"Destination.alias.dest.already.exists", + "L''alias di destinazione <{0}> \u00E8 gi\u00E0 esistente"}, + {"Password.is.too.short.must.be.at.least.6.characters", + "La password \u00E8 troppo corta - deve contenere almeno 6 caratteri"}, + {"Too.many.failures.Key.entry.not.cloned", + "Numero eccessivo di errori. Il valore della chiave non \u00E8 stato copiato."}, + {"key.password.for.alias.", "password della chiave per <{0}>"}, + {"Keystore.entry.for.id.getName.already.exists", + "La voce del keystore per <{0}> esiste gi\u00E0"}, + {"Creating.keystore.entry.for.id.getName.", + "Creazione della voce del keystore per <{0}> in corso..."}, + {"No.entries.from.identity.database.added", + "Nessuna voce aggiunta dal database delle identit\u00E0"}, + {"Alias.name.alias", "Nome alias: {0}"}, + {"Creation.date.keyStore.getCreationDate.alias.", + "Data di creazione: {0,date}"}, + {"alias.keyStore.getCreationDate.alias.", + "{0}, {1,date}, "}, + {"alias.", "{0}, "}, + {"Entry.type.type.", "Tipo di voce: {0}"}, + {"Certificate.chain.length.", "Lunghezza catena certificati: "}, + {"Certificate.i.1.", "Certificato[{0,number,integer}]:"}, + {"Certificate.fingerprint.SHA1.", "Impronta digitale certificato (SHA1): "}, + {"Keystore.type.", "Tipo keystore: "}, + {"Keystore.provider.", "Provider keystore: "}, + {"Your.keystore.contains.keyStore.size.entry", + "Il keystore contiene {0,number,integer} voce"}, + {"Your.keystore.contains.keyStore.size.entries", + "Il keystore contiene {0,number,integer} voci"}, + {"Failed.to.parse.input", "Impossibile analizzare l'input"}, + {"Empty.input", "Input vuoto"}, + {"Not.X.509.certificate", "Il certificato non \u00E8 X.509"}, + {"alias.has.no.public.key", "{0} non dispone di chiave pubblica"}, + {"alias.has.no.X.509.certificate", "{0} non dispone di certificato X.509"}, + {"New.certificate.self.signed.", "Nuovo certificato (autofirmato):"}, + {"Reply.has.no.certificates", "La risposta non dispone di certificati"}, + {"Certificate.not.imported.alias.alias.already.exists", + "Impossibile importare il certificato, l''alias <{0}> \u00E8 gi\u00E0 esistente"}, + {"Input.not.an.X.509.certificate", "L'input non \u00E8 un certificato X.509"}, + {"Certificate.already.exists.in.keystore.under.alias.trustalias.", + "Il certificato esiste gi\u00E0 nel keystore con alias <{0}>"}, + {"Do.you.still.want.to.add.it.no.", + "Aggiungerlo ugualmente? [no]: "}, + {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", + "Il certificato esiste gi\u00E0 nel keystore CA con alias <{0}>"}, + {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", + "Aggiungerlo al proprio keystore? [no]: "}, + {"Trust.this.certificate.no.", "Considerare sicuro questo certificato? [no]: "}, + {"YES", "S\u00EC"}, + {"New.prompt.", "Nuova {0}: "}, + {"Passwords.must.differ", "Le password non devono coincidere"}, + {"Re.enter.new.prompt.", "Reimmettere un nuovo valore per {0}: "}, + {"Re.enter.new.password.", "Immettere nuovamente la nuova password: "}, + {"They.don.t.match.Try.again", "Non corrispondono. Riprovare."}, + {"Enter.prompt.alias.name.", "Immettere nome alias {0}: "}, + {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", + "Immettere un nuovo nome alias\t(premere INVIO per annullare l'importazione della voce): "}, + {"Enter.alias.name.", "Immettere nome alias: "}, + {".RETURN.if.same.as.for.otherAlias.", + "\t(INVIO se corrisponde al nome di <{0}>)"}, + {".PATTERN.printX509Cert", + "Proprietario: {0}\nAutorit\u00E0 emittente: {1}\nNumero di serie: {2}\nValido da: {3} a: {4}\nImpronte digitali certificato:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t Nome algoritmo firma: {8}\n\t Versione: {9}"}, + {"What.is.your.first.and.last.name.", + "Specificare nome e cognome"}, + {"What.is.the.name.of.your.organizational.unit.", + "Specificare il nome dell'unit\u00E0 organizzativa"}, + {"What.is.the.name.of.your.organization.", + "Specificare il nome dell'organizzazione"}, + {"What.is.the.name.of.your.City.or.Locality.", + "Specificare la localit\u00E0"}, + {"What.is.the.name.of.your.State.or.Province.", + "Specificare la provincia"}, + {"What.is.the.two.letter.country.code.for.this.unit.", + "Specificare il codice a due lettere del paese in cui si trova l'unit\u00E0"}, + {"Is.name.correct.", "Il dato {0} \u00E8 corretto?"}, + {"no", "no"}, + {"yes", "s\u00EC"}, + {"y", "s"}, + {".defaultValue.", " [{0}]: "}, + {"Alias.alias.has.no.key", + "All''alias <{0}> non \u00E8 associata alcuna chiave"}, + {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", + "L''alias <{0}> fa riferimento a un tipo di voce che non \u00E8 una voce di chiave privata. Il comando -keyclone supporta solo la copia delle voci di chiave private."}, + + {".WARNING.WARNING.WARNING.", + "***************** WARNING WARNING WARNING *****************"}, + {"Signer.d.", "Firmatario #%d:"}, + {"Timestamp.", "Indicatore orario:"}, + {"Signature.", "Firma:"}, + {"CRLs.", "CRL:"}, + {"Certificate.owner.", "Proprietario certificato: "}, + {"Not.a.signed.jar.file", "Non \u00E8 un file jar firmato"}, + {"No.certificate.from.the.SSL.server", + "Nessun certificato dal server SSL"}, + + {".The.integrity.of.the.information.stored.in.your.keystore.", + "* L'integrit\u00E0 delle informazioni memorizzate nel keystore *\n* NON \u00E8 stata verificata. Per verificarne l'integrit\u00E0 *\n* \u00E8 necessario fornire la password del keystore. *"}, + {".The.integrity.of.the.information.stored.in.the.srckeystore.", + "* L'integrit\u00E0 delle informazioni memorizzate nel srckeystore *\n* NON \u00E8 stata verificata. Per verificarne l'integrit\u00E0 *\n* \u00E8 necessario fornire la password del srckeystore. *"}, + + {"Certificate.reply.does.not.contain.public.key.for.alias.", + "La risposta del certificato non contiene la chiave pubblica per <{0}>"}, + {"Incomplete.certificate.chain.in.reply", + "Catena dei certificati incompleta nella risposta"}, + {"Certificate.chain.in.reply.does.not.verify.", + "La catena dei certificati nella risposta non verifica: "}, + {"Top.level.certificate.in.reply.", + "Certificato di primo livello nella risposta:\n"}, + {".is.not.trusted.", "...non \u00E8 considerato sicuro. "}, + {"Install.reply.anyway.no.", "Installare la risposta? [no]: "}, + {"NO", "NO"}, + {"Public.keys.in.reply.and.keystore.don.t.match", + "Le chiavi pubbliche nella risposta e nel keystore non corrispondono"}, + {"Certificate.reply.and.certificate.in.keystore.are.identical", + "La risposta del certificato e il certificato nel keystore sono identici"}, + {"Failed.to.establish.chain.from.reply", + "Impossibile stabilire la catena dalla risposta"}, + {"n", "n"}, + {"Wrong.answer.try.again", "Risposta errata, riprovare"}, + {"Secret.key.not.generated.alias.alias.already.exists", + "La chiave segreta non \u00E8 stata generata; l''alias <{0}> esiste gi\u00E0"}, + {"Please.provide.keysize.for.secret.key.generation", + "Specificare il valore -keysize per la generazione della chiave segreta"}, + + {"Extensions.", "Estensioni: "}, + {".Empty.value.", "(valore vuoto)"}, + {"Extension.Request.", "Richiesta di estensione:"}, + {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", + "Richiesta di certificato PKCS #10 (versione 1.0)\nOggetto: %s\nChiave pubblica: %s formato %s chiave\n"}, + {"Unknown.keyUsage.type.", "Tipo keyUsage sconosciuto: "}, + {"Unknown.extendedkeyUsage.type.", "Tipo extendedkeyUsage sconosciuto: "}, + {"Unknown.AccessDescription.type.", "Tipo AccessDescription sconosciuto: "}, + {"Unrecognized.GeneralName.type.", "Tipo GeneralName non riconosciuto: "}, + {"This.extension.cannot.be.marked.as.critical.", + "Impossibile contrassegnare questa estensione come critica. "}, + {"Odd.number.of.hex.digits.found.", "\u00C8 stato trovato un numero dispari di cifre esadecimali: "}, + {"Unknown.extension.type.", "Tipo di estensione sconosciuto: "}, + {"command.{0}.is.ambiguous.", "il comando {0} \u00E8 ambiguo:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Resources_ja.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,429 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.keytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the keytool. + * + */ +public class Resources_ja extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"STAR", + "*******************************************"}, + {"STARNN", + "*******************************************\n\n"}, + + // keytool: Help part + {".OPTION.", " [OPTION]..."}, + {"Options.", "\u30AA\u30D7\u30B7\u30E7\u30F3:"}, + {"Use.keytool.help.for.all.available.commands", + "\u4F7F\u7528\u53EF\u80FD\u306A\u3059\u3079\u3066\u306E\u30B3\u30DE\u30F3\u30C9\u306B\u3064\u3044\u3066\u306F\"keytool -help\"\u3092\u4F7F\u7528\u3057\u3066\u304F\u3060\u3055\u3044"}, + {"Key.and.Certificate.Management.Tool", + "\u30AD\u30FC\u304A\u3088\u3073\u8A3C\u660E\u66F8\u7BA1\u7406\u30C4\u30FC\u30EB"}, + {"Commands.", "\u30B3\u30DE\u30F3\u30C9:"}, + {"Use.keytool.command.name.help.for.usage.of.command.name", + "command_name\u306E\u4F7F\u7528\u65B9\u6CD5\u306B\u3064\u3044\u3066\u306F\"keytool -command_name -help\"\u3092\u4F7F\u7528\u3057\u3066\u304F\u3060\u3055\u3044"}, + // keytool: help: commands + {"Generates.a.certificate.request", + "\u8A3C\u660E\u66F8\u30EA\u30AF\u30A8\u30B9\u30C8\u3092\u751F\u6210\u3057\u307E\u3059"}, //-certreq + {"Changes.an.entry.s.alias", + "\u30A8\u30F3\u30C8\u30EA\u306E\u5225\u540D\u3092\u5909\u66F4\u3057\u307E\u3059"}, //-changealias + {"Deletes.an.entry", + "\u30A8\u30F3\u30C8\u30EA\u3092\u524A\u9664\u3057\u307E\u3059"}, //-delete + {"Exports.certificate", + "\u8A3C\u660E\u66F8\u3092\u30A8\u30AF\u30B9\u30DD\u30FC\u30C8\u3057\u307E\u3059"}, //-exportcert + {"Generates.a.key.pair", + "\u9375\u30DA\u30A2\u3092\u751F\u6210\u3057\u307E\u3059"}, //-genkeypair + {"Generates.a.secret.key", + "\u79D8\u5BC6\u9375\u3092\u751F\u6210\u3057\u307E\u3059"}, //-genseckey + {"Generates.certificate.from.a.certificate.request", + "\u8A3C\u660E\u66F8\u30EA\u30AF\u30A8\u30B9\u30C8\u304B\u3089\u8A3C\u660E\u66F8\u3092\u751F\u6210\u3057\u307E\u3059"}, //-gencert + {"Generates.CRL", "CRL\u3092\u751F\u6210\u3057\u307E\u3059"}, //-gencrl + {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", + "JDK 1.1.x-style\u30A2\u30A4\u30C7\u30F3\u30C6\u30A3\u30C6\u30A3\u30FB\u30C7\u30FC\u30BF\u30D9\u30FC\u30B9\u304B\u3089\u30A8\u30F3\u30C8\u30EA\u3092\u30A4\u30F3\u30DD\u30FC\u30C8\u3057\u307E\u3059"}, //-identitydb + {"Imports.a.certificate.or.a.certificate.chain", + "\u8A3C\u660E\u66F8\u307E\u305F\u306F\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u3092\u30A4\u30F3\u30DD\u30FC\u30C8\u3057\u307E\u3059"}, //-importcert + {"Imports.one.or.all.entries.from.another.keystore", + "\u5225\u306E\u30AD\u30FC\u30B9\u30C8\u30A2\u304B\u30891\u3064\u307E\u305F\u306F\u3059\u3079\u3066\u306E\u30A8\u30F3\u30C8\u30EA\u3092\u30A4\u30F3\u30DD\u30FC\u30C8\u3057\u307E\u3059"}, //-importkeystore + {"Clones.a.key.entry", + "\u9375\u30A8\u30F3\u30C8\u30EA\u306E\u30AF\u30ED\u30FC\u30F3\u3092\u4F5C\u6210\u3057\u307E\u3059"}, //-keyclone + {"Changes.the.key.password.of.an.entry", + "\u30A8\u30F3\u30C8\u30EA\u306E\u9375\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5909\u66F4\u3057\u307E\u3059"}, //-keypasswd + {"Lists.entries.in.a.keystore", + "\u30AD\u30FC\u30B9\u30C8\u30A2\u5185\u306E\u30A8\u30F3\u30C8\u30EA\u3092\u30EA\u30B9\u30C8\u3057\u307E\u3059"}, //-list + {"Prints.the.content.of.a.certificate", + "\u8A3C\u660E\u66F8\u306E\u5185\u5BB9\u3092\u51FA\u529B\u3057\u307E\u3059"}, //-printcert + {"Prints.the.content.of.a.certificate.request", + "\u8A3C\u660E\u66F8\u30EA\u30AF\u30A8\u30B9\u30C8\u306E\u5185\u5BB9\u3092\u51FA\u529B\u3057\u307E\u3059"}, //-printcertreq + {"Prints.the.content.of.a.CRL.file", + "CRL\u30D5\u30A1\u30A4\u30EB\u306E\u5185\u5BB9\u3092\u51FA\u529B\u3057\u307E\u3059"}, //-printcrl + {"Generates.a.self.signed.certificate", + "\u81EA\u5DF1\u7F72\u540D\u578B\u8A3C\u660E\u66F8\u3092\u751F\u6210\u3057\u307E\u3059"}, //-selfcert + {"Changes.the.store.password.of.a.keystore", + "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30B9\u30C8\u30A2\u30FB\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5909\u66F4\u3057\u307E\u3059"}, //-storepasswd + // keytool: help: options + {"alias.name.of.the.entry.to.process", + "\u51E6\u7406\u3059\u308B\u30A8\u30F3\u30C8\u30EA\u306E\u5225\u540D"}, //-alias + {"destination.alias", + "\u51FA\u529B\u5148\u306E\u5225\u540D"}, //-destalias + {"destination.key.password", + "\u51FA\u529B\u5148\u30AD\u30FC\u306E\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-destkeypass + {"destination.keystore.name", + "\u51FA\u529B\u5148\u30AD\u30FC\u30B9\u30C8\u30A2\u540D"}, //-destkeystore + {"destination.keystore.password.protected", + "\u51FA\u529B\u5148\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u4FDD\u8B77\u5BFE\u8C61\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-destprotected + {"destination.keystore.provider.name", + "\u51FA\u529B\u5148\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30D7\u30ED\u30D0\u30A4\u30C0\u540D"}, //-destprovidername + {"destination.keystore.password", + "\u51FA\u529B\u5148\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-deststorepass + {"destination.keystore.type", + "\u51FA\u529B\u5148\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30BF\u30A4\u30D7"}, //-deststoretype + {"distinguished.name", + "\u8B58\u5225\u540D"}, //-dname + {"X.509.extension", + "X.509\u62E1\u5F35"}, //-ext + {"output.file.name", + "\u51FA\u529B\u30D5\u30A1\u30A4\u30EB\u540D"}, //-file and -outfile + {"input.file.name", + "\u5165\u529B\u30D5\u30A1\u30A4\u30EB\u540D"}, //-file and -infile + {"key.algorithm.name", + "\u9375\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u540D"}, //-keyalg + {"key.password", + "\u9375\u306E\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-keypass + {"key.bit.size", + "\u9375\u306E\u30D3\u30C3\u30C8\u30FB\u30B5\u30A4\u30BA"}, //-keysize + {"keystore.name", + "\u30AD\u30FC\u30B9\u30C8\u30A2\u540D"}, //-keystore + {"new.password", + "\u65B0\u898F\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-new + {"do.not.prompt", + "\u30D7\u30ED\u30F3\u30D7\u30C8\u3092\u8868\u793A\u3057\u306A\u3044"}, //-noprompt + {"password.through.protected.mechanism", + "\u4FDD\u8B77\u30E1\u30AB\u30CB\u30BA\u30E0\u306B\u3088\u308B\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-protected + {"provider.argument", + "\u30D7\u30ED\u30D0\u30A4\u30C0\u5F15\u6570"}, //-providerarg + {"provider.class.name", + "\u30D7\u30ED\u30D0\u30A4\u30C0\u30FB\u30AF\u30E9\u30B9\u540D"}, //-providerclass + {"provider.name", + "\u30D7\u30ED\u30D0\u30A4\u30C0\u540D"}, //-providername + {"provider.classpath", + "\u30D7\u30ED\u30D0\u30A4\u30C0\u30FB\u30AF\u30E9\u30B9\u30D1\u30B9"}, //-providerpath + {"output.in.RFC.style", + "RFC\u30B9\u30BF\u30A4\u30EB\u306E\u51FA\u529B"}, //-rfc + {"signature.algorithm.name", + "\u7F72\u540D\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u540D"}, //-sigalg + {"source.alias", + "\u30BD\u30FC\u30B9\u5225\u540D"}, //-srcalias + {"source.key.password", + "\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u306E\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-srckeypass + {"source.keystore.name", + "\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u540D"}, //-srckeystore + {"source.keystore.password.protected", + "\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u4FDD\u8B77\u5BFE\u8C61\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-srcprotected + {"source.keystore.provider.name", + "\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30D7\u30ED\u30D0\u30A4\u30C0\u540D"}, //-srcprovidername + {"source.keystore.password", + "\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-srcstorepass + {"source.keystore.type", + "\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30BF\u30A4\u30D7"}, //-srcstoretype + {"SSL.server.host.and.port", + "SSL\u30B5\u30FC\u30D0\u30FC\u306E\u30DB\u30B9\u30C8\u3068\u30DD\u30FC\u30C8"}, //-sslserver + {"signed.jar.file", + "\u7F72\u540D\u4ED8\u304DJAR\u30D5\u30A1\u30A4\u30EB"}, //=jarfile + {"certificate.validity.start.date.time", + "\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u958B\u59CB\u65E5\u6642"}, //-startdate + {"keystore.password", + "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-storepass + {"keystore.type", + "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30BF\u30A4\u30D7"}, //-storetype + {"trust.certificates.from.cacerts", + "cacerts\u304B\u3089\u306E\u8A3C\u660E\u66F8\u3092\u4FE1\u983C\u3059\u308B"}, //-trustcacerts + {"verbose.output", + "\u8A73\u7D30\u51FA\u529B"}, //-v + {"validity.number.of.days", + "\u59A5\u5F53\u6027\u65E5\u6570"}, //-validity + {"Serial.ID.of.cert.to.revoke", + "\u5931\u52B9\u3059\u308B\u8A3C\u660E\u66F8\u306E\u30B7\u30EA\u30A2\u30EBID"}, //-id + // keytool: Running part + {"keytool.error.", "keytool\u30A8\u30E9\u30FC: "}, + {"Illegal.option.", "\u4E0D\u6B63\u306A\u30AA\u30D7\u30B7\u30E7\u30F3: "}, + {"Illegal.value.", "\u4E0D\u6B63\u306A\u5024: "}, + {"Unknown.password.type.", "\u4E0D\u660E\u306A\u30D1\u30B9\u30EF\u30FC\u30C9\u30FB\u30BF\u30A4\u30D7: "}, + {"Cannot.find.environment.variable.", + "\u74B0\u5883\u5909\u6570\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: "}, + {"Cannot.find.file.", "\u30D5\u30A1\u30A4\u30EB\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: "}, + {"Command.option.flag.needs.an.argument.", "\u30B3\u30DE\u30F3\u30C9\u30FB\u30AA\u30D7\u30B7\u30E7\u30F3{0}\u306B\u306F\u5F15\u6570\u304C\u5FC5\u8981\u3067\u3059\u3002"}, + {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", + "\u8B66\u544A: PKCS12\u30AD\u30FC\u30B9\u30C8\u30A2\u3067\u306F\u3001\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u3068\u9375\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u304C\u7570\u306A\u308B\u72B6\u6CC1\u306F\u30B5\u30DD\u30FC\u30C8\u3055\u308C\u307E\u305B\u3093\u3002\u30E6\u30FC\u30B6\u30FC\u304C\u6307\u5B9A\u3057\u305F{0}\u306E\u5024\u306F\u7121\u8996\u3057\u307E\u3059\u3002"}, + {".keystore.must.be.NONE.if.storetype.is.{0}", + "-storetype\u304C{0}\u306E\u5834\u5408\u3001-keystore\u306FNONE\u3067\u3042\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, + {"Too.many.retries.program.terminated", + "\u518D\u8A66\u884C\u304C\u591A\u3059\u304E\u307E\u3059\u3002\u30D7\u30ED\u30B0\u30E9\u30E0\u304C\u7D42\u4E86\u3057\u307E\u3057\u305F"}, + {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", + "-storetype\u304C{0}\u306E\u5834\u5408\u3001-storepasswd\u30B3\u30DE\u30F3\u30C9\u304A\u3088\u3073-keypasswd\u30B3\u30DE\u30F3\u30C9\u306F\u30B5\u30DD\u30FC\u30C8\u3055\u308C\u307E\u305B\u3093"}, + {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", + "-storetype\u304CPKCS12\u306E\u5834\u5408\u3001-keypasswd\u30B3\u30DE\u30F3\u30C9\u306F\u30B5\u30DD\u30FC\u30C8\u3055\u308C\u307E\u305B\u3093"}, + {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", + "-storetype\u304C{0}\u306E\u5834\u5408\u3001-keypass\u3068-new\u306F\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093"}, + {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", + "-protected\u304C\u6307\u5B9A\u3055\u308C\u3066\u3044\u308B\u5834\u5408\u3001-storepass\u3001-keypass\u304A\u3088\u3073-new\u306F\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093"}, + {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", + "-srcprotected\u304C\u6307\u5B9A\u3055\u308C\u3066\u3044\u308B\u5834\u5408\u3001-srcstorepass\u304A\u3088\u3073-srckeypass\u306F\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093"}, + {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", + "\u30AD\u30FC\u30B9\u30C8\u30A2\u304C\u30D1\u30B9\u30EF\u30FC\u30C9\u3067\u4FDD\u8B77\u3055\u308C\u3066\u3044\u306A\u3044\u5834\u5408\u3001-storepass\u3001-keypass\u304A\u3088\u3073-new\u306F\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093"}, + {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", + "\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u304C\u30D1\u30B9\u30EF\u30FC\u30C9\u3067\u4FDD\u8B77\u3055\u308C\u3066\u3044\u306A\u3044\u5834\u5408\u3001-srcstorepass\u304A\u3088\u3073-srckeypass\u306F\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093"}, + {"Illegal.startdate.value", "startdate\u5024\u304C\u7121\u52B9\u3067\u3059"}, + {"Validity.must.be.greater.than.zero", + "\u59A5\u5F53\u6027\u306F\u30BC\u30ED\u3088\u308A\u5927\u304D\u3044\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, + {"provName.not.a.provider", "{0}\u306F\u30D7\u30ED\u30D0\u30A4\u30C0\u3067\u306F\u3042\u308A\u307E\u305B\u3093"}, + {"Usage.error.no.command.provided", "\u4F7F\u7528\u30A8\u30E9\u30FC: \u30B3\u30DE\u30F3\u30C9\u304C\u6307\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093"}, + {"Source.keystore.file.exists.but.is.empty.", "\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30D5\u30A1\u30A4\u30EB\u306F\u3001\u5B58\u5728\u3057\u307E\u3059\u304C\u7A7A\u3067\u3059: "}, + {"Please.specify.srckeystore", "-srckeystore\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"}, + {"Must.not.specify.both.v.and.rfc.with.list.command", + "'list'\u30B3\u30DE\u30F3\u30C9\u306B-v\u3068-rfc\u306E\u4E21\u65B9\u3092\u6307\u5B9A\u3059\u308B\u3053\u3068\u306F\u3067\u304D\u307E\u305B\u3093"}, + {"Key.password.must.be.at.least.6.characters", + "\u9375\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u306F6\u6587\u5B57\u4EE5\u4E0A\u3067\u3042\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, + {"New.password.must.be.at.least.6.characters", + "\u65B0\u898F\u30D1\u30B9\u30EF\u30FC\u30C9\u306F6\u6587\u5B57\u4EE5\u4E0A\u3067\u3042\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, + {"Keystore.file.exists.but.is.empty.", + "\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30D5\u30A1\u30A4\u30EB\u306F\u5B58\u5728\u3057\u307E\u3059\u304C\u3001\u7A7A\u3067\u3059: "}, + {"Keystore.file.does.not.exist.", + "\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30D5\u30A1\u30A4\u30EB\u306F\u5B58\u5728\u3057\u307E\u305B\u3093: "}, + {"Must.specify.destination.alias", "\u51FA\u529B\u5148\u306E\u5225\u540D\u3092\u6307\u5B9A\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, + {"Must.specify.alias", "\u5225\u540D\u3092\u6307\u5B9A\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, + {"Keystore.password.must.be.at.least.6.characters", + "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u306F6\u6587\u5B57\u4EE5\u4E0A\u3067\u3042\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, + {"Enter.keystore.password.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "}, + {"Enter.source.keystore.password.", "\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "}, + {"Enter.destination.keystore.password.", "\u51FA\u529B\u5148\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "}, + {"Keystore.password.is.too.short.must.be.at.least.6.characters", + "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u304C\u77ED\u3059\u304E\u307E\u3059 - 6\u6587\u5B57\u4EE5\u4E0A\u306B\u3057\u3066\u304F\u3060\u3055\u3044"}, + {"Unknown.Entry.Type", "\u4E0D\u660E\u306A\u30A8\u30F3\u30C8\u30EA\u30FB\u30BF\u30A4\u30D7"}, + {"Too.many.failures.Alias.not.changed", "\u969C\u5BB3\u304C\u591A\u3059\u304E\u307E\u3059\u3002\u5225\u540D\u306F\u5909\u66F4\u3055\u308C\u307E\u305B\u3093"}, + {"Entry.for.alias.alias.successfully.imported.", + "\u5225\u540D{0}\u306E\u30A8\u30F3\u30C8\u30EA\u306E\u30A4\u30F3\u30DD\u30FC\u30C8\u306B\u6210\u529F\u3057\u307E\u3057\u305F\u3002"}, + {"Entry.for.alias.alias.not.imported.", "\u5225\u540D{0}\u306E\u30A8\u30F3\u30C8\u30EA\u306F\u30A4\u30F3\u30DD\u30FC\u30C8\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F\u3002"}, + {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", + "\u5225\u540D{0}\u306E\u30A8\u30F3\u30C8\u30EA\u306E\u30A4\u30F3\u30DD\u30FC\u30C8\u4E2D\u306B\u554F\u984C\u304C\u767A\u751F\u3057\u307E\u3057\u305F: {1}\u3002\n\u5225\u540D{0}\u306E\u30A8\u30F3\u30C8\u30EA\u306F\u30A4\u30F3\u30DD\u30FC\u30C8\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F\u3002"}, + {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", + "\u30A4\u30F3\u30DD\u30FC\u30C8\u30FB\u30B3\u30DE\u30F3\u30C9\u304C\u5B8C\u4E86\u3057\u307E\u3057\u305F: {0}\u4EF6\u306E\u30A8\u30F3\u30C8\u30EA\u306E\u30A4\u30F3\u30DD\u30FC\u30C8\u304C\u6210\u529F\u3057\u307E\u3057\u305F\u3002{1}\u4EF6\u306E\u30A8\u30F3\u30C8\u30EA\u306E\u30A4\u30F3\u30DD\u30FC\u30C8\u304C\u5931\u6557\u3057\u305F\u304B\u53D6\u308A\u6D88\u3055\u308C\u307E\u3057\u305F"}, + {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", + "\u8B66\u544A: \u51FA\u529B\u5148\u30AD\u30FC\u30B9\u30C8\u30A2\u5185\u306E\u65E2\u5B58\u306E\u5225\u540D{0}\u3092\u4E0A\u66F8\u304D\u3057\u3066\u3044\u307E\u3059"}, + {"Existing.entry.alias.alias.exists.overwrite.no.", + "\u65E2\u5B58\u306E\u30A8\u30F3\u30C8\u30EA\u306E\u5225\u540D{0}\u304C\u5B58\u5728\u3057\u3066\u3044\u307E\u3059\u3002\u4E0A\u66F8\u304D\u3057\u307E\u3059\u304B\u3002[\u3044\u3044\u3048]: "}, + {"Too.many.failures.try.later", "\u969C\u5BB3\u304C\u591A\u3059\u304E\u307E\u3059 - \u5F8C\u3067\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044"}, + {"Certification.request.stored.in.file.filename.", + "\u8A3C\u660E\u66F8\u30EA\u30AF\u30A8\u30B9\u30C8\u304C\u30D5\u30A1\u30A4\u30EB<{0}>\u306B\u4FDD\u5B58\u3055\u308C\u307E\u3057\u305F"}, + {"Submit.this.to.your.CA", "\u3053\u308C\u3092CA\u306B\u63D0\u51FA\u3057\u3066\u304F\u3060\u3055\u3044"}, + {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", + "\u5225\u540D\u3092\u6307\u5B9A\u3057\u306A\u3044\u5834\u5408\u3001\u51FA\u529B\u5148\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u5225\u540D\u3001\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u304A\u3088\u3073\u51FA\u529B\u5148\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u306F\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093"}, + {"Certificate.stored.in.file.filename.", + "\u8A3C\u660E\u66F8\u304C\u30D5\u30A1\u30A4\u30EB<{0}>\u306B\u4FDD\u5B58\u3055\u308C\u307E\u3057\u305F"}, + {"Certificate.reply.was.installed.in.keystore", + "\u8A3C\u660E\u66F8\u5FDC\u7B54\u304C\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u3055\u308C\u307E\u3057\u305F"}, + {"Certificate.reply.was.not.installed.in.keystore", + "\u8A3C\u660E\u66F8\u5FDC\u7B54\u304C\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F"}, + {"Certificate.was.added.to.keystore", + "\u8A3C\u660E\u66F8\u304C\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u8FFD\u52A0\u3055\u308C\u307E\u3057\u305F"}, + {"Certificate.was.not.added.to.keystore", + "\u8A3C\u660E\u66F8\u304C\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u8FFD\u52A0\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F"}, + {".Storing.ksfname.", "[{0}\u3092\u683C\u7D0D\u4E2D]"}, + {"alias.has.no.public.key.certificate.", + "{0}\u306B\u306F\u516C\u958B\u9375(\u8A3C\u660E\u66F8)\u304C\u3042\u308A\u307E\u305B\u3093"}, + {"Cannot.derive.signature.algorithm", + "\u7F72\u540D\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u3092\u53D6\u5F97\u3067\u304D\u307E\u305B\u3093"}, + {"Alias.alias.does.not.exist", + "\u5225\u540D<{0}>\u306F\u5B58\u5728\u3057\u307E\u305B\u3093"}, + {"Alias.alias.has.no.certificate", + "\u5225\u540D<{0}>\u306B\u306F\u8A3C\u660E\u66F8\u304C\u3042\u308A\u307E\u305B\u3093"}, + {"Key.pair.not.generated.alias.alias.already.exists", + "\u9375\u30DA\u30A2\u306F\u751F\u6210\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F\u3002\u5225\u540D<{0}>\u306F\u3059\u3067\u306B\u5B58\u5728\u3057\u307E\u3059"}, + {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", + "{3}\u65E5\u9593\u6709\u52B9\u306A{0}\u30D3\u30C3\u30C8\u306E{1}\u306E\u9375\u30DA\u30A2\u3068\u81EA\u5DF1\u7F72\u540D\u578B\u8A3C\u660E\u66F8({2})\u3092\u751F\u6210\u3057\u3066\u3044\u307E\u3059\n\t\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u540D: {4}"}, + {"Enter.key.password.for.alias.", "<{0}>\u306E\u9375\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044"}, + {".RETURN.if.same.as.keystore.password.", + "\t(\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u3068\u540C\u3058\u5834\u5408\u306FRETURN\u3092\u62BC\u3057\u3066\u304F\u3060\u3055\u3044): "}, + {"Key.password.is.too.short.must.be.at.least.6.characters", + "\u9375\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u304C\u77ED\u3059\u304E\u307E\u3059 - 6\u6587\u5B57\u4EE5\u4E0A\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"}, + {"Too.many.failures.key.not.added.to.keystore", + "\u969C\u5BB3\u304C\u591A\u3059\u304E\u307E\u3059 - \u9375\u306F\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u8FFD\u52A0\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F"}, + {"Destination.alias.dest.already.exists", + "\u51FA\u529B\u5148\u306E\u5225\u540D<{0}>\u306F\u3059\u3067\u306B\u5B58\u5728\u3057\u307E\u3059"}, + {"Password.is.too.short.must.be.at.least.6.characters", + "\u30D1\u30B9\u30EF\u30FC\u30C9\u304C\u77ED\u3059\u304E\u307E\u3059 - 6\u6587\u5B57\u4EE5\u4E0A\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"}, + {"Too.many.failures.Key.entry.not.cloned", + "\u969C\u5BB3\u304C\u591A\u3059\u304E\u307E\u3059\u3002\u9375\u30A8\u30F3\u30C8\u30EA\u306E\u30AF\u30ED\u30FC\u30F3\u306F\u4F5C\u6210\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F"}, + {"key.password.for.alias.", "<{0}>\u306E\u9375\u306E\u30D1\u30B9\u30EF\u30FC\u30C9"}, + {"Keystore.entry.for.id.getName.already.exists", + "<{0}>\u306E\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30A8\u30F3\u30C8\u30EA\u306F\u3059\u3067\u306B\u5B58\u5728\u3057\u307E\u3059"}, + {"Creating.keystore.entry.for.id.getName.", + "<{0}>\u306E\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30A8\u30F3\u30C8\u30EA\u3092\u4F5C\u6210\u4E2D..."}, + {"No.entries.from.identity.database.added", + "\u30A2\u30A4\u30C7\u30F3\u30C6\u30A3\u30C6\u30A3\u30FB\u30C7\u30FC\u30BF\u30D9\u30FC\u30B9\u304B\u3089\u8FFD\u52A0\u3055\u308C\u305F\u30A8\u30F3\u30C8\u30EA\u306F\u3042\u308A\u307E\u305B\u3093"}, + {"Alias.name.alias", "\u5225\u540D: {0}"}, + {"Creation.date.keyStore.getCreationDate.alias.", + "\u4F5C\u6210\u65E5: {0,date}"}, + {"alias.keyStore.getCreationDate.alias.", + "{0},{1,date}, "}, + {"alias.", "{0}, "}, + {"Entry.type.type.", "\u30A8\u30F3\u30C8\u30EA\u30FB\u30BF\u30A4\u30D7: {0}"}, + {"Certificate.chain.length.", "\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u306E\u9577\u3055: "}, + {"Certificate.i.1.", "\u8A3C\u660E\u66F8[{0,number,integer}]:"}, + {"Certificate.fingerprint.SHA1.", "\u8A3C\u660E\u66F8\u306E\u30D5\u30A3\u30F3\u30AC\u30D7\u30EA\u30F3\u30C8(SHA1): "}, + {"Keystore.type.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30BF\u30A4\u30D7: "}, + {"Keystore.provider.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30D7\u30ED\u30D0\u30A4\u30C0: "}, + {"Your.keystore.contains.keyStore.size.entry", + "\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u306F{0,number,integer}\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u307E\u3059"}, + {"Your.keystore.contains.keyStore.size.entries", + "\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u306F{0,number,integer}\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u307E\u3059"}, + {"Failed.to.parse.input", "\u5165\u529B\u306E\u69CB\u6587\u89E3\u6790\u306B\u5931\u6557\u3057\u307E\u3057\u305F"}, + {"Empty.input", "\u5165\u529B\u304C\u3042\u308A\u307E\u305B\u3093"}, + {"Not.X.509.certificate", "X.509\u8A3C\u660E\u66F8\u3067\u306F\u3042\u308A\u307E\u305B\u3093"}, + {"alias.has.no.public.key", "{0}\u306B\u306F\u516C\u958B\u9375\u304C\u3042\u308A\u307E\u305B\u3093"}, + {"alias.has.no.X.509.certificate", "{0}\u306B\u306FX.509\u8A3C\u660E\u66F8\u304C\u3042\u308A\u307E\u305B\u3093"}, + {"New.certificate.self.signed.", "\u65B0\u3057\u3044\u8A3C\u660E\u66F8(\u81EA\u5DF1\u7F72\u540D\u578B):"}, + {"Reply.has.no.certificates", "\u5FDC\u7B54\u306B\u306F\u8A3C\u660E\u66F8\u304C\u3042\u308A\u307E\u305B\u3093"}, + {"Certificate.not.imported.alias.alias.already.exists", + "\u8A3C\u660E\u66F8\u306F\u30A4\u30F3\u30DD\u30FC\u30C8\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F\u3002\u5225\u540D<{0}>\u306F\u3059\u3067\u306B\u5B58\u5728\u3057\u307E\u3059"}, + {"Input.not.an.X.509.certificate", "\u5165\u529B\u306FX.509\u8A3C\u660E\u66F8\u3067\u306F\u3042\u308A\u307E\u305B\u3093"}, + {"Certificate.already.exists.in.keystore.under.alias.trustalias.", + "\u8A3C\u660E\u66F8\u306F\u3001\u5225\u540D<{0}>\u306E\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u3059\u3067\u306B\u5B58\u5728\u3057\u307E\u3059"}, + {"Do.you.still.want.to.add.it.no.", + "\u8FFD\u52A0\u3057\u307E\u3059\u304B\u3002[\u3044\u3044\u3048]: "}, + {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", + "\u8A3C\u660E\u66F8\u306F\u3001\u5225\u540D<{0}>\u306E\u30B7\u30B9\u30C6\u30E0\u898F\u6A21\u306ECA\u30AD\u30FC\u30B9\u30C8\u30A2\u5185\u306B\u3059\u3067\u306B\u5B58\u5728\u3057\u307E\u3059"}, + {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", + "\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u8FFD\u52A0\u3057\u307E\u3059\u304B\u3002 [\u3044\u3044\u3048]: "}, + {"Trust.this.certificate.no.", "\u3053\u306E\u8A3C\u660E\u66F8\u3092\u4FE1\u983C\u3057\u307E\u3059\u304B\u3002 [\u3044\u3044\u3048]: "}, + {"YES", "\u306F\u3044"}, + {"New.prompt.", "\u65B0\u898F{0}: "}, + {"Passwords.must.differ", "\u30D1\u30B9\u30EF\u30FC\u30C9\u306F\u7570\u306A\u3063\u3066\u3044\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, + {"Re.enter.new.prompt.", "\u65B0\u898F{0}\u3092\u518D\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "}, + {"Re.enter.new.password.", "\u65B0\u898F\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u518D\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "}, + {"They.don.t.match.Try.again", "\u4E00\u81F4\u3057\u307E\u305B\u3093\u3002\u3082\u3046\u4E00\u5EA6\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044"}, + {"Enter.prompt.alias.name.", "{0}\u306E\u5225\u540D\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "}, + {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", + "\u65B0\u3057\u3044\u5225\u540D\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\t(\u3053\u306E\u30A8\u30F3\u30C8\u30EA\u306E\u30A4\u30F3\u30DD\u30FC\u30C8\u3092\u53D6\u308A\u6D88\u3059\u5834\u5408\u306FRETURN\u3092\u62BC\u3057\u3066\u304F\u3060\u3055\u3044): "}, + {"Enter.alias.name.", "\u5225\u540D\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "}, + {".RETURN.if.same.as.for.otherAlias.", + "\t(<{0}>\u3068\u540C\u3058\u5834\u5408\u306FRETURN\u3092\u62BC\u3057\u3066\u304F\u3060\u3055\u3044)"}, + {".PATTERN.printX509Cert", + "\u6240\u6709\u8005: {0}\n\u767A\u884C\u8005: {1}\n\u30B7\u30EA\u30A2\u30EB\u756A\u53F7: {2}\n\u6709\u52B9\u671F\u9593\u306E\u958B\u59CB\u65E5: {3}\u7D42\u4E86\u65E5: {4}\n\u8A3C\u660E\u66F8\u306E\u30D5\u30A3\u30F3\u30AC\u30D7\u30EA\u30F3\u30C8:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t \u7F72\u540D\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u540D: {8}\n\t \u30D0\u30FC\u30B8\u30E7\u30F3: {9}"}, + {"What.is.your.first.and.last.name.", + "\u59D3\u540D\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, + {"What.is.the.name.of.your.organizational.unit.", + "\u7D44\u7E54\u5358\u4F4D\u540D\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, + {"What.is.the.name.of.your.organization.", + "\u7D44\u7E54\u540D\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, + {"What.is.the.name.of.your.City.or.Locality.", + "\u90FD\u5E02\u540D\u307E\u305F\u306F\u5730\u57DF\u540D\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, + {"What.is.the.name.of.your.State.or.Province.", + "\u90FD\u9053\u5E9C\u770C\u540D\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, + {"What.is.the.two.letter.country.code.for.this.unit.", + "\u3053\u306E\u5358\u4F4D\u306B\u8A72\u5F53\u3059\u308B2\u6587\u5B57\u306E\u56FD\u30B3\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, + {"Is.name.correct.", "{0}\u3067\u3088\u308D\u3057\u3044\u3067\u3059\u304B\u3002"}, + {"no", "\u3044\u3044\u3048"}, + {"yes", "\u306F\u3044"}, + {"y", "y"}, + {".defaultValue.", " [{0}]: "}, + {"Alias.alias.has.no.key", + "\u5225\u540D<{0}>\u306B\u306F\u9375\u304C\u3042\u308A\u307E\u305B\u3093"}, + {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", + "\u5225\u540D<{0}>\u304C\u53C2\u7167\u3057\u3066\u3044\u308B\u30A8\u30F3\u30C8\u30EA\u30FB\u30BF\u30A4\u30D7\u306F\u79D8\u5BC6\u9375\u30A8\u30F3\u30C8\u30EA\u3067\u306F\u3042\u308A\u307E\u305B\u3093\u3002-keyclone\u30B3\u30DE\u30F3\u30C9\u306F\u79D8\u5BC6\u9375\u30A8\u30F3\u30C8\u30EA\u306E\u30AF\u30ED\u30FC\u30F3\u4F5C\u6210\u306E\u307F\u3092\u30B5\u30DD\u30FC\u30C8\u3057\u307E\u3059"}, + + {".WARNING.WARNING.WARNING.", + "***************** WARNING WARNING WARNING *****************"}, + {"Signer.d.", "\u7F72\u540D\u8005\u756A\u53F7%d:"}, + {"Timestamp.", "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7:"}, + {"Signature.", "\u7F72\u540D:"}, + {"CRLs.", "CRL:"}, + {"Certificate.owner.", "\u8A3C\u660E\u66F8\u306E\u6240\u6709\u8005: "}, + {"Not.a.signed.jar.file", "\u7F72\u540D\u4ED8\u304DJAR\u30D5\u30A1\u30A4\u30EB\u3067\u306F\u3042\u308A\u307E\u305B\u3093"}, + {"No.certificate.from.the.SSL.server", + "SSL\u30B5\u30FC\u30D0\u30FC\u304B\u3089\u306E\u8A3C\u660E\u66F8\u304C\u3042\u308A\u307E\u305B\u3093"}, + + {".The.integrity.of.the.information.stored.in.your.keystore.", + "*\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u4FDD\u5B58\u3055\u308C\u305F\u60C5\u5831\u306E\u6574\u5408\u6027\u306F*\n*\u691C\u8A3C\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002\u6574\u5408\u6027\u3092\u691C\u8A3C\u3059\u308B\u306B\u306F*\n*\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002*"}, + {".The.integrity.of.the.information.stored.in.the.srckeystore.", + "*\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u4FDD\u5B58\u3055\u308C\u305F\u60C5\u5831\u306E\u6574\u5408\u6027\u306F*\n*\u691C\u8A3C\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002\u6574\u5408\u6027\u3092\u691C\u8A3C\u3059\u308B\u306B\u306F*\n*\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002*"}, + + {"Certificate.reply.does.not.contain.public.key.for.alias.", + "\u8A3C\u660E\u66F8\u5FDC\u7B54\u306B\u306F\u3001<{0}>\u306E\u516C\u958B\u9375\u306F\u542B\u307E\u308C\u307E\u305B\u3093"}, + {"Incomplete.certificate.chain.in.reply", + "\u5FDC\u7B54\u3057\u305F\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u306F\u4E0D\u5B8C\u5168\u3067\u3059"}, + {"Certificate.chain.in.reply.does.not.verify.", + "\u5FDC\u7B54\u3057\u305F\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u306F\u691C\u8A3C\u3055\u308C\u3066\u3044\u307E\u305B\u3093: "}, + {"Top.level.certificate.in.reply.", + "\u5FDC\u7B54\u3057\u305F\u30C8\u30C3\u30D7\u30EC\u30D9\u30EB\u306E\u8A3C\u660E\u66F8:\n"}, + {".is.not.trusted.", "... \u306F\u4FE1\u983C\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002 "}, + {"Install.reply.anyway.no.", "\u5FDC\u7B54\u3092\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u3057\u307E\u3059\u304B\u3002[\u3044\u3044\u3048]: "}, + {"NO", "\u3044\u3044\u3048"}, + {"Public.keys.in.reply.and.keystore.don.t.match", + "\u5FDC\u7B54\u3057\u305F\u516C\u958B\u9375\u3068\u30AD\u30FC\u30B9\u30C8\u30A2\u304C\u4E00\u81F4\u3057\u307E\u305B\u3093"}, + {"Certificate.reply.and.certificate.in.keystore.are.identical", + "\u8A3C\u660E\u66F8\u5FDC\u7B54\u3068\u30AD\u30FC\u30B9\u30C8\u30A2\u5185\u306E\u8A3C\u660E\u66F8\u304C\u540C\u3058\u3067\u3059"}, + {"Failed.to.establish.chain.from.reply", + "\u5FDC\u7B54\u304B\u3089\u9023\u9396\u3092\u78BA\u7ACB\u3067\u304D\u307E\u305B\u3093\u3067\u3057\u305F"}, + {"n", "n"}, + {"Wrong.answer.try.again", "\u5FDC\u7B54\u304C\u9593\u9055\u3063\u3066\u3044\u307E\u3059\u3002\u3082\u3046\u4E00\u5EA6\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044"}, + {"Secret.key.not.generated.alias.alias.already.exists", + "\u79D8\u5BC6\u9375\u306F\u751F\u6210\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F\u3002\u5225\u540D<{0}>\u306F\u3059\u3067\u306B\u5B58\u5728\u3057\u307E\u3059"}, + {"Please.provide.keysize.for.secret.key.generation", + "\u79D8\u5BC6\u9375\u306E\u751F\u6210\u6642\u306B\u306F -keysize\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"}, + + {"Extensions.", "\u62E1\u5F35: "}, + {".Empty.value.", "(\u7A7A\u306E\u5024)"}, + {"Extension.Request.", "\u62E1\u5F35\u30EA\u30AF\u30A8\u30B9\u30C8:"}, + {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", + "PKCS #10\u8A3C\u660E\u66F8\u30EA\u30AF\u30A8\u30B9\u30C8(\u30D0\u30FC\u30B8\u30E7\u30F31.0)\n\u30B5\u30D6\u30B8\u30A7\u30AF\u30C8: %s\n\u516C\u958B\u9375: %s \u30D5\u30A9\u30FC\u30DE\u30C3\u30C8 %s \u30AD\u30FC\n"}, + {"Unknown.keyUsage.type.", "\u4E0D\u660E\u306AkeyUsage\u30BF\u30A4\u30D7: "}, + {"Unknown.extendedkeyUsage.type.", "\u4E0D\u660E\u306AextendedkeyUsage\u30BF\u30A4\u30D7: "}, + {"Unknown.AccessDescription.type.", "\u4E0D\u660E\u306AAccessDescription\u30BF\u30A4\u30D7: "}, + {"Unrecognized.GeneralName.type.", "\u8A8D\u8B58\u3055\u308C\u306A\u3044GeneralName\u30BF\u30A4\u30D7: "}, + {"This.extension.cannot.be.marked.as.critical.", + "\u3053\u306E\u62E1\u5F35\u306F\u30AF\u30EA\u30C6\u30A3\u30AB\u30EB\u3068\u3057\u3066\u30DE\u30FC\u30AF\u4ED8\u3051\u3067\u304D\u307E\u305B\u3093\u3002 "}, + {"Odd.number.of.hex.digits.found.", "\u5947\u6570\u306E16\u9032\u6570\u304C\u898B\u3064\u304B\u308A\u307E\u3057\u305F: "}, + {"Unknown.extension.type.", "\u4E0D\u660E\u306A\u62E1\u5F35\u30BF\u30A4\u30D7: "}, + {"command.{0}.is.ambiguous.", "\u30B3\u30DE\u30F3\u30C9{0}\u306F\u3042\u3044\u307E\u3044\u3067\u3059:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Resources_ko.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,429 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.keytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the keytool. + * + */ +public class Resources_ko extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"STAR", + "*******************************************"}, + {"STARNN", + "*******************************************\n\n"}, + + // keytool: Help part + {".OPTION.", " [OPTION]..."}, + {"Options.", "\uC635\uC158:"}, + {"Use.keytool.help.for.all.available.commands", + "\uC0AC\uC6A9 \uAC00\uB2A5\uD55C \uBAA8\uB4E0 \uBA85\uB839\uC5D0 \"keytool -help\" \uC0AC\uC6A9"}, + {"Key.and.Certificate.Management.Tool", + "\uD0A4 \uBC0F \uC778\uC99D\uC11C \uAD00\uB9AC \uD234"}, + {"Commands.", "\uBA85\uB839:"}, + {"Use.keytool.command.name.help.for.usage.of.command.name", + "command_name \uC0AC\uC6A9\uBC95\uC5D0 \"keytool -command_name -help\" \uC0AC\uC6A9"}, + // keytool: help: commands + {"Generates.a.certificate.request", + "\uC778\uC99D\uC11C \uC694\uCCAD\uC744 \uC0DD\uC131\uD569\uB2C8\uB2E4."}, //-certreq + {"Changes.an.entry.s.alias", + "\uD56D\uBAA9\uC758 \uBCC4\uCE6D\uC744 \uBCC0\uACBD\uD569\uB2C8\uB2E4."}, //-changealias + {"Deletes.an.entry", + "\uD56D\uBAA9\uC744 \uC0AD\uC81C\uD569\uB2C8\uB2E4."}, //-delete + {"Exports.certificate", + "\uC778\uC99D\uC11C\uB97C \uC775\uC2A4\uD3EC\uD2B8\uD569\uB2C8\uB2E4."}, //-exportcert + {"Generates.a.key.pair", + "\uD0A4 \uC30D\uC744 \uC0DD\uC131\uD569\uB2C8\uB2E4."}, //-genkeypair + {"Generates.a.secret.key", + "\uBCF4\uC548 \uD0A4\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4."}, //-genseckey + {"Generates.certificate.from.a.certificate.request", + "\uC778\uC99D\uC11C \uC694\uCCAD\uC5D0\uC11C \uC778\uC99D\uC11C\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4."}, //-gencert + {"Generates.CRL", "CRL\uC744 \uC0DD\uC131\uD569\uB2C8\uB2E4."}, //-gencrl + {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", + "JDK 1.1.x \uC2A4\uD0C0\uC77C ID \uB370\uC774\uD130\uBCA0\uC774\uC2A4\uC5D0\uC11C \uD56D\uBAA9\uC744 \uC784\uD3EC\uD2B8\uD569\uB2C8\uB2E4."}, //-identitydb + {"Imports.a.certificate.or.a.certificate.chain", + "\uC778\uC99D\uC11C \uB610\uB294 \uC778\uC99D\uC11C \uCCB4\uC778\uC744 \uC784\uD3EC\uD2B8\uD569\uB2C8\uB2E4."}, //-importcert + {"Imports.one.or.all.entries.from.another.keystore", + "\uB2E4\uB978 \uD0A4 \uC800\uC7A5\uC18C\uC5D0\uC11C \uD558\uB098 \uB610\uB294 \uBAA8\uB4E0 \uD56D\uBAA9\uC744 \uC784\uD3EC\uD2B8\uD569\uB2C8\uB2E4."}, //-importkeystore + {"Clones.a.key.entry", + "\uD0A4 \uD56D\uBAA9\uC744 \uBCF5\uC81C\uD569\uB2C8\uB2E4."}, //-keyclone + {"Changes.the.key.password.of.an.entry", + "\uD56D\uBAA9\uC758 \uD0A4 \uBE44\uBC00\uBC88\uD638\uB97C \uBCC0\uACBD\uD569\uB2C8\uB2E4."}, //-keypasswd + {"Lists.entries.in.a.keystore", + "\uD0A4 \uC800\uC7A5\uC18C\uC758 \uD56D\uBAA9\uC744 \uB098\uC5F4\uD569\uB2C8\uB2E4."}, //-list + {"Prints.the.content.of.a.certificate", + "\uC778\uC99D\uC11C\uC758 \uCF58\uD150\uCE20\uB97C \uC778\uC1C4\uD569\uB2C8\uB2E4."}, //-printcert + {"Prints.the.content.of.a.certificate.request", + "\uC778\uC99D\uC11C \uC694\uCCAD\uC758 \uCF58\uD150\uCE20\uB97C \uC778\uC1C4\uD569\uB2C8\uB2E4."}, //-printcertreq + {"Prints.the.content.of.a.CRL.file", + "CRL \uD30C\uC77C\uC758 \uCF58\uD150\uCE20\uB97C \uC778\uC1C4\uD569\uB2C8\uB2E4."}, //-printcrl + {"Generates.a.self.signed.certificate", + "\uC790\uCCB4 \uC11C\uBA85\uB41C \uC778\uC99D\uC11C\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4."}, //-selfcert + {"Changes.the.store.password.of.a.keystore", + "\uD0A4 \uC800\uC7A5\uC18C\uC758 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638\uB97C \uBCC0\uACBD\uD569\uB2C8\uB2E4."}, //-storepasswd + // keytool: help: options + {"alias.name.of.the.entry.to.process", + "\uCC98\uB9AC\uD560 \uD56D\uBAA9\uC758 \uBCC4\uCE6D \uC774\uB984"}, //-alias + {"destination.alias", + "\uB300\uC0C1 \uBCC4\uCE6D"}, //-destalias + {"destination.key.password", + "\uB300\uC0C1 \uD0A4 \uBE44\uBC00\uBC88\uD638"}, //-destkeypass + {"destination.keystore.name", + "\uB300\uC0C1 \uD0A4 \uC800\uC7A5\uC18C \uC774\uB984"}, //-destkeystore + {"destination.keystore.password.protected", + "\uB300\uC0C1 \uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638\uB85C \uBCF4\uD638\uB428"}, //-destprotected + {"destination.keystore.provider.name", + "\uB300\uC0C1 \uD0A4 \uC800\uC7A5\uC18C \uC81C\uACF5\uC790 \uC774\uB984"}, //-destprovidername + {"destination.keystore.password", + "\uB300\uC0C1 \uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638"}, //-deststorepass + {"destination.keystore.type", + "\uB300\uC0C1 \uD0A4 \uC800\uC7A5\uC18C \uC720\uD615"}, //-deststoretype + {"distinguished.name", + "\uC2DD\uBCC4 \uC774\uB984"}, //-dname + {"X.509.extension", + "X.509 \uD655\uC7A5"}, //-ext + {"output.file.name", + "\uCD9C\uB825 \uD30C\uC77C \uC774\uB984"}, //-file and -outfile + {"input.file.name", + "\uC785\uB825 \uD30C\uC77C \uC774\uB984"}, //-file and -infile + {"key.algorithm.name", + "\uD0A4 \uC54C\uACE0\uB9AC\uC998 \uC774\uB984"}, //-keyalg + {"key.password", + "\uD0A4 \uBE44\uBC00\uBC88\uD638"}, //-keypass + {"key.bit.size", + "\uD0A4 \uBE44\uD2B8 \uD06C\uAE30"}, //-keysize + {"keystore.name", + "\uD0A4 \uC800\uC7A5\uC18C \uC774\uB984"}, //-keystore + {"new.password", + "\uC0C8 \uBE44\uBC00\uBC88\uD638"}, //-new + {"do.not.prompt", + "\uD655\uC778\uD558\uC9C0 \uC54A\uC74C"}, //-noprompt + {"password.through.protected.mechanism", + "\uBCF4\uD638\uB418\uB294 \uBA54\uCEE4\uB2C8\uC998\uC744 \uD1B5\uD55C \uBE44\uBC00\uBC88\uD638"}, //-protected + {"provider.argument", + "\uC81C\uACF5\uC790 \uC778\uC218"}, //-providerarg + {"provider.class.name", + "\uC81C\uACF5\uC790 \uD074\uB798\uC2A4 \uC774\uB984"}, //-providerclass + {"provider.name", + "\uC81C\uACF5\uC790 \uC774\uB984"}, //-providername + {"provider.classpath", + "\uC81C\uACF5\uC790 \uD074\uB798\uC2A4 \uACBD\uB85C"}, //-providerpath + {"output.in.RFC.style", + "RFC \uC2A4\uD0C0\uC77C\uC758 \uCD9C\uB825"}, //-rfc + {"signature.algorithm.name", + "\uC11C\uBA85 \uC54C\uACE0\uB9AC\uC998 \uC774\uB984"}, //-sigalg + {"source.alias", + "\uC18C\uC2A4 \uBCC4\uCE6D"}, //-srcalias + {"source.key.password", + "\uC18C\uC2A4 \uD0A4 \uBE44\uBC00\uBC88\uD638"}, //-srckeypass + {"source.keystore.name", + "\uC18C\uC2A4 \uD0A4 \uC800\uC7A5\uC18C \uC774\uB984"}, //-srckeystore + {"source.keystore.password.protected", + "\uC18C\uC2A4 \uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638\uB85C \uBCF4\uD638\uB428"}, //-srcprotected + {"source.keystore.provider.name", + "\uC18C\uC2A4 \uD0A4 \uC800\uC7A5\uC18C \uC81C\uACF5\uC790 \uC774\uB984"}, //-srcprovidername + {"source.keystore.password", + "\uC18C\uC2A4 \uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638"}, //-srcstorepass + {"source.keystore.type", + "\uC18C\uC2A4 \uD0A4 \uC800\uC7A5\uC18C \uC720\uD615"}, //-srcstoretype + {"SSL.server.host.and.port", + "SSL \uC11C\uBC84 \uD638\uC2A4\uD2B8 \uBC0F \uD3EC\uD2B8"}, //-sslserver + {"signed.jar.file", + "\uC11C\uBA85\uB41C jar \uD30C\uC77C"}, //=jarfile + {"certificate.validity.start.date.time", + "\uC778\uC99D\uC11C \uC720\uD6A8 \uAE30\uAC04 \uC2DC\uC791 \uB0A0\uC9DC/\uC2DC\uAC04"}, //-startdate + {"keystore.password", + "\uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638"}, //-storepass + {"keystore.type", + "\uD0A4 \uC800\uC7A5\uC18C \uC720\uD615"}, //-storetype + {"trust.certificates.from.cacerts", + "cacerts\uC758 \uBCF4\uC548 \uC778\uC99D\uC11C"}, //-trustcacerts + {"verbose.output", + "\uC0C1\uC138 \uC815\uBCF4 \uCD9C\uB825"}, //-v + {"validity.number.of.days", + "\uC720\uD6A8 \uAE30\uAC04 \uC77C \uC218"}, //-validity + {"Serial.ID.of.cert.to.revoke", + "\uCCA0\uD68C\uD560 \uC778\uC99D\uC11C\uC758 \uC77C\uB828 ID"}, //-id + // keytool: Running part + {"keytool.error.", "keytool \uC624\uB958: "}, + {"Illegal.option.", "\uC798\uBABB\uB41C \uC635\uC158: "}, + {"Illegal.value.", "\uC798\uBABB\uB41C \uAC12: "}, + {"Unknown.password.type.", "\uC54C \uC218 \uC5C6\uB294 \uBE44\uBC00\uBC88\uD638 \uC720\uD615: "}, + {"Cannot.find.environment.variable.", + "\uD658\uACBD \uBCC0\uC218\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC74C: "}, + {"Cannot.find.file.", "\uD30C\uC77C\uC744 \uCC3E\uC744 \uC218 \uC5C6\uC74C: "}, + {"Command.option.flag.needs.an.argument.", "\uBA85\uB839 \uC635\uC158 {0}\uC5D0 \uC778\uC218\uAC00 \uD544\uC694\uD569\uB2C8\uB2E4."}, + {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", + "\uACBD\uACE0: \uB2E4\uB978 \uC800\uC7A5\uC18C \uBC0F \uD0A4 \uBE44\uBC00\uBC88\uD638\uB294 PKCS12 KeyStores\uC5D0 \uB300\uD574 \uC9C0\uC6D0\uB418\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4. \uC0AC\uC6A9\uC790\uAC00 \uC9C0\uC815\uD55C {0} \uAC12\uC744 \uBB34\uC2DC\uD558\uB294 \uC911\uC785\uB2C8\uB2E4."}, + {".keystore.must.be.NONE.if.storetype.is.{0}", + "-storetype\uC774 {0}\uC778 \uACBD\uC6B0 -keystore\uB294 NONE\uC774\uC5B4\uC57C \uD569\uB2C8\uB2E4."}, + {"Too.many.retries.program.terminated", + "\uC7AC\uC2DC\uB3C4 \uD69F\uC218\uAC00 \uB108\uBB34 \uB9CE\uC544 \uD504\uB85C\uADF8\uB7A8\uC774 \uC885\uB8CC\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, + {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", + "-storetype\uC774 {0}\uC778 \uACBD\uC6B0 -storepasswd \uBC0F -keypasswd \uBA85\uB839\uC774 \uC9C0\uC6D0\uB418\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4."}, + {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", + "-storetype\uC774 PKCS12\uC778 \uACBD\uC6B0 -keypasswd \uBA85\uB839\uC774 \uC9C0\uC6D0\uB418\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4."}, + {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", + "-storetype\uC774 {0}\uC778 \uACBD\uC6B0 -keypass \uBC0F -new\uB97C \uC9C0\uC815\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."}, + {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", + "-protected\uB97C \uC9C0\uC815\uD55C \uACBD\uC6B0 -storepass, -keypass \uBC0F -new\uB97C \uC9C0\uC815\uD558\uC9C0 \uC54A\uC544\uC57C \uD569\uB2C8\uB2E4."}, + {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", + "-srcprotected\uB97C \uC9C0\uC815\uD55C \uACBD\uC6B0 -srcstorepass \uBC0F -srckeypass\uB97C \uC9C0\uC815\uD558\uC9C0 \uC54A\uC544\uC57C \uD569\uB2C8\uB2E4."}, + {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", + "\uD0A4 \uC800\uC7A5\uC18C\uAC00 \uBE44\uBC00\uBC88\uD638\uB85C \uBCF4\uD638\uB418\uC9C0 \uC54A\uB294 \uACBD\uC6B0 -storepass, -keypass \uBC0F -new\uB97C \uC9C0\uC815\uD558\uC9C0 \uC54A\uC544\uC57C \uD569\uB2C8\uB2E4."}, + {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", + "\uC18C\uC2A4 \uD0A4 \uC800\uC7A5\uC18C\uAC00 \uBE44\uBC00\uBC88\uD638\uB85C \uBCF4\uD638\uB418\uC9C0 \uC54A\uB294 \uACBD\uC6B0 -srcstorepass \uBC0F -srckeypass\uB97C \uC9C0\uC815\uD558\uC9C0 \uC54A\uC544\uC57C \uD569\uB2C8\uB2E4."}, + {"Illegal.startdate.value", "startdate \uAC12\uC774 \uC798\uBABB\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, + {"Validity.must.be.greater.than.zero", + "\uC720\uD6A8 \uAE30\uAC04\uC740 0\uBCF4\uB2E4 \uCEE4\uC57C \uD569\uB2C8\uB2E4."}, + {"provName.not.a.provider", "{0}\uC740(\uB294) \uC81C\uACF5\uC790\uAC00 \uC544\uB2D9\uB2C8\uB2E4."}, + {"Usage.error.no.command.provided", "\uC0AC\uC6A9\uBC95 \uC624\uB958: \uBA85\uB839\uC744 \uC785\uB825\uD558\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."}, + {"Source.keystore.file.exists.but.is.empty.", "\uC18C\uC2A4 \uD0A4 \uC800\uC7A5\uC18C \uD30C\uC77C\uC774 \uC874\uC7AC\uD558\uC9C0\uB9CC \uBE44\uC5B4 \uC788\uC74C: "}, + {"Please.specify.srckeystore", "-srckeystore\uB97C \uC9C0\uC815\uD558\uC2ED\uC2DC\uC624."}, + {"Must.not.specify.both.v.and.rfc.with.list.command", + "'list' \uBA85\uB839\uC5D0 -v\uC640 -rfc\uB97C \uD568\uAED8 \uC9C0\uC815\uD558\uC9C0 \uC54A\uC544\uC57C \uD569\uB2C8\uB2E4."}, + {"Key.password.must.be.at.least.6.characters", + "\uD0A4 \uBE44\uBC00\uBC88\uD638\uB294 6\uC790 \uC774\uC0C1\uC774\uC5B4\uC57C \uD569\uB2C8\uB2E4."}, + {"New.password.must.be.at.least.6.characters", + "\uC0C8 \uBE44\uBC00\uBC88\uD638\uB294 6\uC790 \uC774\uC0C1\uC774\uC5B4\uC57C \uD569\uB2C8\uB2E4."}, + {"Keystore.file.exists.but.is.empty.", + "\uD0A4 \uC800\uC7A5\uC18C \uD30C\uC77C\uC774 \uC874\uC7AC\uD558\uC9C0\uB9CC \uBE44\uC5B4 \uC788\uC74C: "}, + {"Keystore.file.does.not.exist.", + "\uD0A4 \uC800\uC7A5\uC18C \uD30C\uC77C\uC774 \uC874\uC7AC\uD558\uC9C0 \uC54A\uC74C: "}, + {"Must.specify.destination.alias", "\uB300\uC0C1 \uBCC4\uCE6D\uC744 \uC9C0\uC815\uD574\uC57C \uD569\uB2C8\uB2E4."}, + {"Must.specify.alias", "\uBCC4\uCE6D\uC744 \uC9C0\uC815\uD574\uC57C \uD569\uB2C8\uB2E4."}, + {"Keystore.password.must.be.at.least.6.characters", + "\uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638\uB294 6\uC790 \uC774\uC0C1\uC774\uC5B4\uC57C \uD569\uB2C8\uB2E4."}, + {"Enter.keystore.password.", "\uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638 \uC785\uB825: "}, + {"Enter.source.keystore.password.", "\uC18C\uC2A4 \uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638 \uC785\uB825: "}, + {"Enter.destination.keystore.password.", "\uB300\uC0C1 \uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638 \uC785\uB825: "}, + {"Keystore.password.is.too.short.must.be.at.least.6.characters", + "\uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638\uAC00 \uB108\uBB34 \uC9E7\uC74C - 6\uC790 \uC774\uC0C1\uC774\uC5B4\uC57C \uD569\uB2C8\uB2E4."}, + {"Unknown.Entry.Type", "\uC54C \uC218 \uC5C6\uB294 \uD56D\uBAA9 \uC720\uD615"}, + {"Too.many.failures.Alias.not.changed", "\uC624\uB958\uAC00 \uB108\uBB34 \uB9CE\uC2B5\uB2C8\uB2E4. \uBCC4\uCE6D\uC774 \uBCC0\uACBD\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."}, + {"Entry.for.alias.alias.successfully.imported.", + "{0} \uBCC4\uCE6D\uC5D0 \uB300\uD55C \uD56D\uBAA9\uC774 \uC131\uACF5\uC801\uC73C\uB85C \uC784\uD3EC\uD2B8\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, + {"Entry.for.alias.alias.not.imported.", "{0} \uBCC4\uCE6D\uC5D0 \uB300\uD55C \uD56D\uBAA9\uC774 \uC784\uD3EC\uD2B8\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."}, + {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", + "{0} \uBCC4\uCE6D\uC5D0 \uB300\uD55C \uD56D\uBAA9\uC744 \uC784\uD3EC\uD2B8\uD558\uB294 \uC911 \uBB38\uC81C \uBC1C\uC0DD: {1}.\n{0} \uBCC4\uCE6D\uC5D0 \uB300\uD55C \uD56D\uBAA9\uC774 \uC784\uD3EC\uD2B8\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."}, + {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", + "\uC784\uD3EC\uD2B8 \uBA85\uB839 \uC644\uB8CC: \uC131\uACF5\uC801\uC73C\uB85C \uC784\uD3EC\uD2B8\uB41C \uD56D\uBAA9\uC740 {0}\uAC1C, \uC2E4\uD328\uD558\uAC70\uB098 \uCDE8\uC18C\uB41C \uD56D\uBAA9\uC740 {1}\uAC1C\uC785\uB2C8\uB2E4."}, + {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", + "\uACBD\uACE0: \uB300\uC0C1 \uD0A4 \uC800\uC7A5\uC18C\uC5D0\uC11C \uAE30\uC874 \uBCC4\uCE6D {0}\uC744(\uB97C) \uACB9\uCCD0 \uC4F0\uB294 \uC911"}, + {"Existing.entry.alias.alias.exists.overwrite.no.", + "\uAE30\uC874 \uD56D\uBAA9 \uBCC4\uCE6D {0}\uC774(\uAC00) \uC874\uC7AC\uD569\uB2C8\uB2E4. \uACB9\uCCD0 \uC4F0\uACA0\uC2B5\uB2C8\uAE4C? [\uC544\uB2C8\uC624]: "}, + {"Too.many.failures.try.later", "\uC624\uB958\uAC00 \uB108\uBB34 \uB9CE\uC74C - \uB098\uC911\uC5D0 \uC2DC\uB3C4\uD558\uC2ED\uC2DC\uC624."}, + {"Certification.request.stored.in.file.filename.", + "\uC778\uC99D \uC694\uCCAD\uC774 <{0}> \uD30C\uC77C\uC5D0 \uC800\uC7A5\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, + {"Submit.this.to.your.CA", "CA\uC5D0\uAC8C \uC81C\uCD9C\uD558\uC2ED\uC2DC\uC624."}, + {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", + "\uBCC4\uCE6D\uC744 \uC9C0\uC815\uD558\uC9C0 \uC54A\uC740 \uACBD\uC6B0 destalias, srckeypass \uBC0F destkeypass\uB97C \uC9C0\uC815\uD558\uC9C0 \uC54A\uC544\uC57C \uD569\uB2C8\uB2E4."}, + {"Certificate.stored.in.file.filename.", + "\uC778\uC99D\uC11C\uAC00 <{0}> \uD30C\uC77C\uC5D0 \uC800\uC7A5\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, + {"Certificate.reply.was.installed.in.keystore", + "\uC778\uC99D\uC11C \uD68C\uC2E0\uC774 \uD0A4 \uC800\uC7A5\uC18C\uC5D0 \uC124\uCE58\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, + {"Certificate.reply.was.not.installed.in.keystore", + "\uC778\uC99D\uC11C \uD68C\uC2E0\uC774 \uD0A4 \uC800\uC7A5\uC18C\uC5D0 \uC124\uCE58\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."}, + {"Certificate.was.added.to.keystore", + "\uC778\uC99D\uC11C\uAC00 \uD0A4 \uC800\uC7A5\uC18C\uC5D0 \uCD94\uAC00\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, + {"Certificate.was.not.added.to.keystore", + "\uC778\uC99D\uC11C\uAC00 \uD0A4 \uC800\uC7A5\uC18C\uC5D0 \uCD94\uAC00\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."}, + {".Storing.ksfname.", "[{0}\uC744(\uB97C) \uC800\uC7A5\uD558\uB294 \uC911]"}, + {"alias.has.no.public.key.certificate.", + "{0}\uC5D0 \uACF5\uC6A9 \uD0A4(\uC778\uC99D\uC11C)\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4."}, + {"Cannot.derive.signature.algorithm", + "\uC11C\uBA85 \uC54C\uACE0\uB9AC\uC998\uC744 \uD30C\uC0DD\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."}, + {"Alias.alias.does.not.exist", + "<{0}> \uBCC4\uCE6D\uC774 \uC874\uC7AC\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4."}, + {"Alias.alias.has.no.certificate", + "<{0}> \uBCC4\uCE6D\uC5D0 \uC778\uC99D\uC11C\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4."}, + {"Key.pair.not.generated.alias.alias.already.exists", + "\uD0A4 \uC30D\uC774 \uC0DD\uC131\uB418\uC9C0 \uC54A\uC558\uC73C\uBA70 <{0}> \uBCC4\uCE6D\uC774 \uC874\uC7AC\uD569\uB2C8\uB2E4."}, + {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", + "\uB2E4\uC74C\uC5D0 \uB300\uD574 \uC720\uD6A8 \uAE30\uAC04\uC774 {3}\uC77C\uC778 {0}\uBE44\uD2B8 {1} \uD0A4 \uC30D \uBC0F \uC790\uCCB4 \uC11C\uBA85\uB41C \uC778\uC99D\uC11C({2})\uB97C \uC0DD\uC131\uD558\uB294 \uC911\n\t: {4}"}, + {"Enter.key.password.for.alias.", "<{0}>\uC5D0 \uB300\uD55C \uD0A4 \uBE44\uBC00\uBC88\uD638\uB97C \uC785\uB825\uD558\uC2ED\uC2DC\uC624."}, + {".RETURN.if.same.as.keystore.password.", + "\t(\uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638\uC640 \uB3D9\uC77C\uD55C \uACBD\uC6B0 Enter \uD0A4\uB97C \uB204\uB984): "}, + {"Key.password.is.too.short.must.be.at.least.6.characters", + "\uD0A4 \uBE44\uBC00\uBC88\uD638\uAC00 \uB108\uBB34 \uC9E7\uC74C - 6\uC790 \uC774\uC0C1\uC774\uC5B4\uC57C \uD569\uB2C8\uB2E4."}, + {"Too.many.failures.key.not.added.to.keystore", + "\uC624\uB958\uAC00 \uB108\uBB34 \uB9CE\uC74C - \uD0A4 \uC800\uC7A5\uC18C\uC5D0 \uD0A4\uAC00 \uCD94\uAC00\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."}, + {"Destination.alias.dest.already.exists", + "\uB300\uC0C1 \uBCC4\uCE6D <{0}>\uC774(\uAC00) \uC874\uC7AC\uD569\uB2C8\uB2E4."}, + {"Password.is.too.short.must.be.at.least.6.characters", + "\uBE44\uBC00\uBC88\uD638\uAC00 \uB108\uBB34 \uC9E7\uC74C - 6\uC790 \uC774\uC0C1\uC774\uC5B4\uC57C \uD569\uB2C8\uB2E4."}, + {"Too.many.failures.Key.entry.not.cloned", + "\uC624\uB958\uAC00 \uB108\uBB34 \uB9CE\uC2B5\uB2C8\uB2E4. \uD0A4 \uD56D\uBAA9\uC774 \uBCF5\uC81C\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."}, + {"key.password.for.alias.", "<{0}>\uC5D0 \uB300\uD55C \uD0A4 \uBE44\uBC00\uBC88\uD638"}, + {"Keystore.entry.for.id.getName.already.exists", + "<{0}>\uC5D0 \uB300\uD55C \uD0A4 \uC800\uC7A5\uC18C \uD56D\uBAA9\uC774 \uC874\uC7AC\uD569\uB2C8\uB2E4."}, + {"Creating.keystore.entry.for.id.getName.", + "<{0}>\uC5D0 \uB300\uD55C \uD0A4 \uC800\uC7A5\uC18C \uD56D\uBAA9\uC744 \uC0DD\uC131\uD558\uB294 \uC911..."}, + {"No.entries.from.identity.database.added", + "ID \uB370\uC774\uD130\uBCA0\uC774\uC2A4\uC5D0\uC11C \uCD94\uAC00\uB41C \uD56D\uBAA9\uC774 \uC5C6\uC2B5\uB2C8\uB2E4."}, + {"Alias.name.alias", "\uBCC4\uCE6D \uC774\uB984: {0}"}, + {"Creation.date.keyStore.getCreationDate.alias.", + "\uC0DD\uC131 \uB0A0\uC9DC: {0,date}"}, + {"alias.keyStore.getCreationDate.alias.", + "{0}, {1,date}, "}, + {"alias.", "{0}, "}, + {"Entry.type.type.", "\uD56D\uBAA9 \uC720\uD615: {0}"}, + {"Certificate.chain.length.", "\uC778\uC99D\uC11C \uCCB4\uC778 \uAE38\uC774: "}, + {"Certificate.i.1.", "\uC778\uC99D\uC11C[{0,number,integer}]:"}, + {"Certificate.fingerprint.SHA1.", "\uC778\uC99D\uC11C \uC9C0\uBB38(SHA1): "}, + {"Keystore.type.", "\uD0A4 \uC800\uC7A5\uC18C \uC720\uD615: "}, + {"Keystore.provider.", "\uD0A4 \uC800\uC7A5\uC18C \uC81C\uACF5\uC790: "}, + {"Your.keystore.contains.keyStore.size.entry", + "\uD0A4 \uC800\uC7A5\uC18C\uC5D0 {0,number,integer}\uAC1C\uC758 \uD56D\uBAA9\uC774 \uD3EC\uD568\uB418\uC5B4 \uC788\uC2B5\uB2C8\uB2E4."}, + {"Your.keystore.contains.keyStore.size.entries", + "\uD0A4 \uC800\uC7A5\uC18C\uC5D0 {0,number,integer}\uAC1C\uC758 \uD56D\uBAA9\uC774 \uD3EC\uD568\uB418\uC5B4 \uC788\uC2B5\uB2C8\uB2E4."}, + {"Failed.to.parse.input", "\uC785\uB825\uAC12\uC758 \uAD6C\uBB38 \uBD84\uC11D\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4."}, + {"Empty.input", "\uC785\uB825\uAC12\uC774 \uBE44\uC5B4 \uC788\uC2B5\uB2C8\uB2E4."}, + {"Not.X.509.certificate", "X.509 \uC778\uC99D\uC11C\uAC00 \uC544\uB2D9\uB2C8\uB2E4."}, + {"alias.has.no.public.key", "{0}\uC5D0 \uACF5\uC6A9 \uD0A4\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4."}, + {"alias.has.no.X.509.certificate", "{0}\uC5D0 X.509 \uC778\uC99D\uC11C\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4."}, + {"New.certificate.self.signed.", "\uC0C8 \uC778\uC99D\uC11C(\uC790\uCCB4 \uC11C\uBA85):"}, + {"Reply.has.no.certificates", "\uD68C\uC2E0\uC5D0 \uC778\uC99D\uC11C\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4."}, + {"Certificate.not.imported.alias.alias.already.exists", + "\uC778\uC99D\uC11C\uAC00 \uC784\uD3EC\uD2B8\uB418\uC9C0 \uC54A\uC558\uC73C\uBA70 <{0}> \uBCC4\uCE6D\uC774 \uC874\uC7AC\uD569\uB2C8\uB2E4."}, + {"Input.not.an.X.509.certificate", "\uC785\uB825\uC774 X.509 \uC778\uC99D\uC11C\uAC00 \uC544\uB2D9\uB2C8\uB2E4."}, + {"Certificate.already.exists.in.keystore.under.alias.trustalias.", + "\uC778\uC99D\uC11C\uAC00 <{0}> \uBCC4\uCE6D \uC544\uB798\uC758 \uD0A4 \uC800\uC7A5\uC18C\uC5D0 \uC874\uC7AC\uD569\uB2C8\uB2E4."}, + {"Do.you.still.want.to.add.it.no.", + "\uCD94\uAC00\uD558\uACA0\uC2B5\uB2C8\uAE4C? [\uC544\uB2C8\uC624]: "}, + {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", + "\uC778\uC99D\uC11C\uAC00 <{0}> \uBCC4\uCE6D \uC544\uB798\uC5D0 \uC788\uB294 \uC2DC\uC2A4\uD15C \uCC28\uC6D0\uC758 CA \uD0A4 \uC800\uC7A5\uC18C\uC5D0 \uC874\uC7AC\uD569\uB2C8\uB2E4."}, + {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", + "\uACE0\uC720\uD55C \uD0A4 \uC800\uC7A5\uC18C\uC5D0 \uCD94\uAC00\uD558\uACA0\uC2B5\uB2C8\uAE4C? [\uC544\uB2C8\uC624]: "}, + {"Trust.this.certificate.no.", "\uC774 \uC778\uC99D\uC11C\uB97C \uC2E0\uB8B0\uD569\uB2C8\uAE4C? [\uC544\uB2C8\uC624]: "}, + {"YES", "\uC608"}, + {"New.prompt.", "\uC0C8 {0}: "}, + {"Passwords.must.differ", "\uBE44\uBC00\uBC88\uD638\uB294 \uB2EC\uB77C\uC57C \uD569\uB2C8\uB2E4."}, + {"Re.enter.new.prompt.", "\uC0C8 {0} \uB2E4\uC2DC \uC785\uB825: "}, + {"Re.enter.new.password.", "\uC0C8 \uBE44\uBC00\uBC88\uD638 \uB2E4\uC2DC \uC785\uB825: "}, + {"They.don.t.match.Try.again", "\uC77C\uCE58\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4. \uB2E4\uC2DC \uC2DC\uB3C4\uD558\uC2ED\uC2DC\uC624."}, + {"Enter.prompt.alias.name.", "{0} \uBCC4\uCE6D \uC774\uB984 \uC785\uB825: "}, + {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", + "\uC0C8 \uBCC4\uCE6D \uC774\uB984 \uC785\uB825\t(\uC774 \uD56D\uBAA9\uC5D0 \uB300\uD55C \uC784\uD3EC\uD2B8\uB97C \uCDE8\uC18C\uD558\uB824\uBA74 Enter \uD0A4\uB97C \uB204\uB984): "}, + {"Enter.alias.name.", "\uBCC4\uCE6D \uC774\uB984 \uC785\uB825: "}, + {".RETURN.if.same.as.for.otherAlias.", + "\t(<{0}>\uACFC(\uC640) \uB3D9\uC77C\uD55C \uACBD\uC6B0 Enter \uD0A4\uB97C \uB204\uB984)"}, + {".PATTERN.printX509Cert", + "\uC18C\uC720\uC790: {0}\n\uBC1C\uD589\uC790: {1}\n\uC77C\uB828 \uBC88\uD638: {2}\n\uC801\uD569\uD55C \uC2DC\uC791 \uB0A0\uC9DC: {3}, \uC885\uB8CC \uB0A0\uC9DC: {4}\n\uC778\uC99D\uC11C \uC9C0\uBB38:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t \uC11C\uBA85 \uC54C\uACE0\uB9AC\uC998 \uC774\uB984: {8}\n\t \uBC84\uC804: {9}"}, + {"What.is.your.first.and.last.name.", + "\uC774\uB984\uACFC \uC131\uC744 \uC785\uB825\uD558\uC2ED\uC2DC\uC624."}, + {"What.is.the.name.of.your.organizational.unit.", + "\uC870\uC9C1 \uB2E8\uC704 \uC774\uB984\uC744 \uC785\uB825\uD558\uC2ED\uC2DC\uC624."}, + {"What.is.the.name.of.your.organization.", + "\uC870\uC9C1 \uC774\uB984\uC744 \uC785\uB825\uD558\uC2ED\uC2DC\uC624."}, + {"What.is.the.name.of.your.City.or.Locality.", + "\uAD6C/\uAD70/\uC2DC \uC774\uB984\uC744 \uC785\uB825\uD558\uC2ED\uC2DC\uC624?"}, + {"What.is.the.name.of.your.State.or.Province.", + "\uC2DC/\uB3C4 \uC774\uB984\uC744 \uC785\uB825\uD558\uC2ED\uC2DC\uC624."}, + {"What.is.the.two.letter.country.code.for.this.unit.", + "\uC774 \uC870\uC9C1\uC758 \uB450 \uC790\uB9AC \uAD6D\uAC00 \uCF54\uB4DC\uB97C \uC785\uB825\uD558\uC2ED\uC2DC\uC624."}, + {"Is.name.correct.", "{0}\uC774(\uAC00) \uB9DE\uC2B5\uB2C8\uAE4C?"}, + {"no", "\uC544\uB2C8\uC624"}, + {"yes", "\uC608"}, + {"y", "y"}, + {".defaultValue.", " [{0}]: "}, + {"Alias.alias.has.no.key", + "<{0}> \uBCC4\uCE6D\uC5D0 \uD0A4\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4."}, + {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", + "<{0}> \uBCC4\uCE6D\uC740 \uC804\uC6A9 \uD0A4 \uD56D\uBAA9\uC774 \uC544\uB2CC \uD56D\uBAA9 \uC720\uD615\uC744 \uCC38\uC870\uD569\uB2C8\uB2E4. -keyclone \uBA85\uB839\uC740 \uC804\uC6A9 \uD0A4 \uD56D\uBAA9\uC758 \uBCF5\uC81C\uB9CC \uC9C0\uC6D0\uD569\uB2C8\uB2E4."}, + + {".WARNING.WARNING.WARNING.", + "***************** WARNING WARNING WARNING *****************"}, + {"Signer.d.", "\uC11C\uBA85\uC790 #%d:"}, + {"Timestamp.", "\uC2DC\uAC04 \uAE30\uB85D:"}, + {"Signature.", "\uC11C\uBA85:"}, + {"CRLs.", "CRL:"}, + {"Certificate.owner.", "\uC778\uC99D\uC11C \uC18C\uC720\uC790: "}, + {"Not.a.signed.jar.file", "\uC11C\uBA85\uB41C jar \uD30C\uC77C\uC774 \uC544\uB2D9\uB2C8\uB2E4."}, + {"No.certificate.from.the.SSL.server", + "SSL \uC11C\uBC84\uC5D0\uC11C \uAC00\uC838\uC628 \uC778\uC99D\uC11C\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4."}, + + {".The.integrity.of.the.information.stored.in.your.keystore.", + "* \uD0A4 \uC800\uC7A5\uC18C\uC5D0 \uC800\uC7A5\uB41C \uC815\uBCF4\uC758 \uBB34\uACB0\uC131\uC774 *\n* \uD655\uC778\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4! \uBB34\uACB0\uC131\uC744 \uD655\uC778\uD558\uB824\uBA74, *\n* \uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638\uB97C \uC81C\uACF5\uD574\uC57C \uD569\uB2C8\uB2E4. *"}, + {".The.integrity.of.the.information.stored.in.the.srckeystore.", + "* srckeystore\uC5D0 \uC800\uC7A5\uB41C \uC815\uBCF4\uC758 \uBB34\uACB0\uC131\uC774 *\n* \uD655\uC778\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4! \uBB34\uACB0\uC131\uC744 \uD655\uC778\uD558\uB824\uBA74, *\n* srckeystore \uBE44\uBC00\uBC88\uD638\uB97C \uC81C\uACF5\uD574\uC57C \uD569\uB2C8\uB2E4. *"}, + + {"Certificate.reply.does.not.contain.public.key.for.alias.", + "\uC778\uC99D\uC11C \uD68C\uC2E0\uC5D0 <{0}>\uC5D0 \uB300\uD55C \uACF5\uC6A9 \uD0A4\uAC00 \uD3EC\uD568\uB418\uC5B4 \uC788\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4."}, + {"Incomplete.certificate.chain.in.reply", + "\uD68C\uC2E0\uC5D0 \uBD88\uC644\uC804\uD55C \uC778\uC99D\uC11C \uCCB4\uC778\uC774 \uC788\uC2B5\uB2C8\uB2E4."}, + {"Certificate.chain.in.reply.does.not.verify.", + "\uD68C\uC2E0\uC758 \uC778\uC99D\uC11C \uCCB4\uC778\uC774 \uD655\uC778\uB418\uC9C0 \uC54A\uC74C: "}, + {"Top.level.certificate.in.reply.", + "\uD68C\uC2E0\uC5D0 \uCD5C\uC0C1\uC704 \uB808\uBCA8 \uC778\uC99D\uC11C\uAC00 \uC788\uC74C:\n"}, + {".is.not.trusted.", "...\uC744(\uB97C) \uC2E0\uB8B0\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. "}, + {"Install.reply.anyway.no.", "\uD68C\uC2E0\uC744 \uC124\uCE58\uD558\uACA0\uC2B5\uB2C8\uAE4C? [\uC544\uB2C8\uC624]: "}, + {"NO", "\uC544\uB2C8\uC624"}, + {"Public.keys.in.reply.and.keystore.don.t.match", + "\uD68C\uC2E0\uACFC \uD0A4 \uC800\uC7A5\uC18C\uC758 \uACF5\uC6A9 \uD0A4\uAC00 \uC77C\uCE58\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4."}, + {"Certificate.reply.and.certificate.in.keystore.are.identical", + "\uD68C\uC2E0\uACFC \uD0A4 \uC800\uC7A5\uC18C\uC758 \uC778\uC99D\uC11C\uAC00 \uB3D9\uC77C\uD569\uB2C8\uB2E4."}, + {"Failed.to.establish.chain.from.reply", + "\uD68C\uC2E0\uC758 \uCCB4\uC778 \uC124\uC815\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4."}, + {"n", "n"}, + {"Wrong.answer.try.again", "\uC798\uBABB\uB41C \uC751\uB2F5\uC785\uB2C8\uB2E4. \uB2E4\uC2DC \uC2DC\uB3C4\uD558\uC2ED\uC2DC\uC624."}, + {"Secret.key.not.generated.alias.alias.already.exists", + "\uBCF4\uC548 \uD0A4\uAC00 \uC0DD\uC131\uB418\uC9C0 \uC54A\uC558\uC73C\uBA70 <{0}> \uBCC4\uCE6D\uC774 \uC874\uC7AC\uD569\uB2C8\uB2E4."}, + {"Please.provide.keysize.for.secret.key.generation", + "\uBCF4\uC548 \uD0A4\uB97C \uC0DD\uC131\uD558\uB824\uBA74 -keysize\uB97C \uC81C\uACF5\uD558\uC2ED\uC2DC\uC624."}, + + {"Extensions.", "\uD655\uC7A5: "}, + {".Empty.value.", "(\uBE44\uC5B4 \uC788\uB294 \uAC12)"}, + {"Extension.Request.", "\uD655\uC7A5 \uC694\uCCAD:"}, + {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", + "PKCS #10 \uC778\uC99D\uC11C \uC694\uCCAD(1.0 \uBC84\uC804)\n\uC81C\uBAA9: %s\n\uACF5\uC6A9 \uD0A4: %s \uD615\uC2DD %s \uD0A4\n"}, + {"Unknown.keyUsage.type.", "\uC54C \uC218 \uC5C6\uB294 keyUsage \uC720\uD615: "}, + {"Unknown.extendedkeyUsage.type.", "\uC54C \uC218 \uC5C6\uB294 extendedkeyUsage \uC720\uD615: "}, + {"Unknown.AccessDescription.type.", "\uC54C \uC218 \uC5C6\uB294 AccessDescription \uC720\uD615: "}, + {"Unrecognized.GeneralName.type.", "\uC54C \uC218 \uC5C6\uB294 GeneralName \uC720\uD615: "}, + {"This.extension.cannot.be.marked.as.critical.", + "\uC774 \uD655\uC7A5\uC740 \uC911\uC694\uD55C \uAC83\uC73C\uB85C \uD45C\uC2DC\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. "}, + {"Odd.number.of.hex.digits.found.", "\uD640\uC218 \uAC1C\uC758 16\uC9C4\uC218\uAC00 \uBC1C\uACAC\uB428: "}, + {"Unknown.extension.type.", "\uC54C \uC218 \uC5C6\uB294 \uD655\uC7A5 \uC720\uD615: "}, + {"command.{0}.is.ambiguous.", "{0} \uBA85\uB839\uC774 \uBAA8\uD638\uD568:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Resources_pt_BR.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,429 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.keytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the keytool. + * + */ +public class Resources_pt_BR extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"STAR", + "*******************************************"}, + {"STARNN", + "*******************************************\n\n"}, + + // keytool: Help part + {".OPTION.", " [OPTION]..."}, + {"Options.", "Op\u00E7\u00F5es:"}, + {"Use.keytool.help.for.all.available.commands", + "Use \"keytool -help\" para todos os comandos dispon\u00EDveis"}, + {"Key.and.Certificate.Management.Tool", + "Ferramenta de Gerenciamento de Chave e Certificado"}, + {"Commands.", "Comandos:"}, + {"Use.keytool.command.name.help.for.usage.of.command.name", + "Use \"keytool -command_name -help\" para uso de command_name"}, + // keytool: help: commands + {"Generates.a.certificate.request", + "Gera uma solicita\u00E7\u00E3o de certificado"}, //-certreq + {"Changes.an.entry.s.alias", + "Altera um alias de entrada"}, //-changealias + {"Deletes.an.entry", + "Exclui uma entrada"}, //-delete + {"Exports.certificate", + "Exporta o certificado"}, //-exportcert + {"Generates.a.key.pair", + "Gera um par de chaves"}, //-genkeypair + {"Generates.a.secret.key", + "Gera uma chave secreta"}, //-genseckey + {"Generates.certificate.from.a.certificate.request", + "Gera um certificado de uma solicita\u00E7\u00E3o de certificado"}, //-gencert + {"Generates.CRL", "Gera CRL"}, //-gencrl + {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", + "Importa entradas de um banco de dados de identidade JDK 1.1.x-style"}, //-identitydb + {"Imports.a.certificate.or.a.certificate.chain", + "Importa um certificado ou uma cadeia de certificados"}, //-importcert + {"Imports.one.or.all.entries.from.another.keystore", + "Importa uma ou todas as entradas de outra \u00E1rea de armazenamento de chaves"}, //-importkeystore + {"Clones.a.key.entry", + "Clona uma entrada de chave"}, //-keyclone + {"Changes.the.key.password.of.an.entry", + "Altera a senha da chave de uma entrada"}, //-keypasswd + {"Lists.entries.in.a.keystore", + "Lista entradas em uma \u00E1rea de armazenamento de chaves"}, //-list + {"Prints.the.content.of.a.certificate", + "Imprime o conte\u00FAdo de um certificado"}, //-printcert + {"Prints.the.content.of.a.certificate.request", + "Imprime o conte\u00FAdo de uma solicita\u00E7\u00E3o de certificado"}, //-printcertreq + {"Prints.the.content.of.a.CRL.file", + "Imprime o conte\u00FAdo de um arquivo CRL"}, //-printcrl + {"Generates.a.self.signed.certificate", + "Gera um certificado autoassinado"}, //-selfcert + {"Changes.the.store.password.of.a.keystore", + "Altera a senha de armazenamento de uma \u00E1rea de armazenamento de chaves"}, //-storepasswd + // keytool: help: options + {"alias.name.of.the.entry.to.process", + "nome do alias da entrada a ser processada"}, //-alias + {"destination.alias", + "alias de destino"}, //-destalias + {"destination.key.password", + "senha da chave de destino"}, //-destkeypass + {"destination.keystore.name", + "nome da \u00E1rea de armazenamento de chaves de destino"}, //-destkeystore + {"destination.keystore.password.protected", + "senha protegida da \u00E1rea de armazenamento de chaves de destino"}, //-destprotected + {"destination.keystore.provider.name", + "nome do fornecedor da \u00E1rea de armazenamento de chaves de destino"}, //-destprovidername + {"destination.keystore.password", + "senha da \u00E1rea de armazenamento de chaves de destino"}, //-deststorepass + {"destination.keystore.type", + "tipo de \u00E1rea de armazenamento de chaves de destino"}, //-deststoretype + {"distinguished.name", + "nome distinto"}, //-dname + {"X.509.extension", + "extens\u00E3o X.509"}, //-ext + {"output.file.name", + "nome do arquivo de sa\u00EDda"}, //-file and -outfile + {"input.file.name", + "nome do arquivo de entrada"}, //-file and -infile + {"key.algorithm.name", + "nome do algoritmo da chave"}, //-keyalg + {"key.password", + "senha da chave"}, //-keypass + {"key.bit.size", + "tamanho do bit da chave"}, //-keysize + {"keystore.name", + "nome da \u00E1rea de armazenamento de chaves"}, //-keystore + {"new.password", + "nova senha"}, //-new + {"do.not.prompt", + "n\u00E3o perguntar"}, //-noprompt + {"password.through.protected.mechanism", + "senha por meio de mecanismo protegido"}, //-protected + {"provider.argument", + "argumento do fornecedor"}, //-providerarg + {"provider.class.name", + "nome da classe do fornecedor"}, //-providerclass + {"provider.name", + "nome do fornecedor"}, //-providername + {"provider.classpath", + "classpath do fornecedor"}, //-providerpath + {"output.in.RFC.style", + "sa\u00EDda no estilo RFC"}, //-rfc + {"signature.algorithm.name", + "nome do algoritmo de assinatura"}, //-sigalg + {"source.alias", + "alias de origem"}, //-srcalias + {"source.key.password", + "senha da chave de origem"}, //-srckeypass + {"source.keystore.name", + "nome da \u00E1rea de armazenamento de chaves de origem"}, //-srckeystore + {"source.keystore.password.protected", + "senha protegida da \u00E1rea de armazenamento de chaves de origem"}, //-srcprotected + {"source.keystore.provider.name", + "nome do fornecedor da \u00E1rea de armazenamento de chaves de origem"}, //-srcprovidername + {"source.keystore.password", + "senha da \u00E1rea de armazenamento de chaves de origem"}, //-srcstorepass + {"source.keystore.type", + "tipo de \u00E1rea de armazenamento de chaves de origem"}, //-srcstoretype + {"SSL.server.host.and.port", + "porta e host do servidor SSL"}, //-sslserver + {"signed.jar.file", + "arquivo jar assinado"}, //=jarfile + {"certificate.validity.start.date.time", + "data/hora inicial de validade do certificado"}, //-startdate + {"keystore.password", + "senha da \u00E1rea de armazenamento de chaves"}, //-storepass + {"keystore.type", + "tipo de \u00E1rea de armazenamento de chaves"}, //-storetype + {"trust.certificates.from.cacerts", + "certificados confi\u00E1veis do cacerts"}, //-trustcacerts + {"verbose.output", + "sa\u00EDda detalhada"}, //-v + {"validity.number.of.days", + "n\u00FAmero de dias da validade"}, //-validity + {"Serial.ID.of.cert.to.revoke", + "ID de s\u00E9rie do certificado a ser revogado"}, //-id + // keytool: Running part + {"keytool.error.", "erro de keytool: "}, + {"Illegal.option.", "Op\u00E7\u00E3o inv\u00E1lida: "}, + {"Illegal.value.", "Valor inv\u00E1lido: "}, + {"Unknown.password.type.", "Tipo de senha desconhecido: "}, + {"Cannot.find.environment.variable.", + "N\u00E3o \u00E9 poss\u00EDvel localizar a vari\u00E1vel do ambiente: "}, + {"Cannot.find.file.", "N\u00E3o \u00E9 poss\u00EDvel localizar o arquivo: "}, + {"Command.option.flag.needs.an.argument.", "A op\u00E7\u00E3o de comando {0} precisa de um argumento."}, + {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", + "Advert\u00EAncia: Senhas de chave e de armazenamento diferentes n\u00E3o suportadas para KeyStores PKCS12. Ignorando valor {0} especificado pelo usu\u00E1rio."}, + {".keystore.must.be.NONE.if.storetype.is.{0}", + "-keystore deve ser NONE se -storetype for {0}"}, + {"Too.many.retries.program.terminated", + "Excesso de tentativas de repeti\u00E7\u00E3o; programa finalizado"}, + {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", + "comandos -storepasswd e -keypasswd n\u00E3o suportados se -storetype for {0}"}, + {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", + "comandos -keypasswd n\u00E3o suportados se -storetype for PKCS12"}, + {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", + "-keypass e -new n\u00E3o podem ser especificados se -storetype for {0}"}, + {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", + "se -protected for especificado, ent\u00E3o -storepass, -keypass e -new n\u00E3o dever\u00E3o ser especificados"}, + {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", + "se -srcprotected for especificado, ent\u00E3o -srcstorepass e -srckeypass n\u00E3o dever\u00E3o ser especificados"}, + {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", + "se a \u00E1rea de armazenamento de chaves n\u00E3o estiver protegida por senha, ent\u00E3o -storepass, -keypass e -new n\u00E3o dever\u00E3o ser especificados"}, + {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", + "se a \u00E1rea de armazenamento de chaves de origem n\u00E3o estiver protegida por senha, ent\u00E3o -srcstorepass e -srckeypass n\u00E3o dever\u00E3o ser especificados"}, + {"Illegal.startdate.value", "valor da data inicial inv\u00E1lido"}, + {"Validity.must.be.greater.than.zero", + "A validade deve ser maior do que zero"}, + {"provName.not.a.provider", "{0} n\u00E3o \u00E9 um fornecedor"}, + {"Usage.error.no.command.provided", "Erro de uso: nenhum comando fornecido"}, + {"Source.keystore.file.exists.but.is.empty.", "O arquivo da \u00E1rea de armazenamento de chaves de origem existe, mas est\u00E1 vazio: "}, + {"Please.specify.srckeystore", "Especifique -srckeystore"}, + {"Must.not.specify.both.v.and.rfc.with.list.command", + "N\u00E3o devem ser especificados -v e -rfc com o comando 'list'"}, + {"Key.password.must.be.at.least.6.characters", + "A senha da chave deve ter, no m\u00EDnimo, 6 caracteres"}, + {"New.password.must.be.at.least.6.characters", + "A nova senha deve ter, no m\u00EDnimo, 6 caracteres"}, + {"Keystore.file.exists.but.is.empty.", + "O arquivo da \u00E1rea de armazenamento de chaves existe, mas est\u00E1 vazio: "}, + {"Keystore.file.does.not.exist.", + "O arquivo da \u00E1rea de armazenamento de chaves n\u00E3o existe. "}, + {"Must.specify.destination.alias", "Deve ser especificado um alias de destino"}, + {"Must.specify.alias", "Deve ser especificado um alias"}, + {"Keystore.password.must.be.at.least.6.characters", + "A senha da \u00E1rea de armazenamento de chaves deve ter, no m\u00EDnimo, 6 caracteres"}, + {"Enter.keystore.password.", "Informe a senha da \u00E1rea de armazenamento de chaves: "}, + {"Enter.source.keystore.password.", "Informe a senha da \u00E1rea de armazenamento de chaves de origem: "}, + {"Enter.destination.keystore.password.", "Informe a senha da \u00E1rea de armazenamento de chaves de destino: "}, + {"Keystore.password.is.too.short.must.be.at.least.6.characters", + "A senha da \u00E1rea de armazenamento de chaves \u00E9 muito curta - ela deve ter, no m\u00EDnimo, 6 caracteres"}, + {"Unknown.Entry.Type", "Tipo de Entrada Desconhecido"}, + {"Too.many.failures.Alias.not.changed", "Excesso de falhas. Alias n\u00E3o alterado"}, + {"Entry.for.alias.alias.successfully.imported.", + "Entrada do alias {0} importada com \u00EAxito."}, + {"Entry.for.alias.alias.not.imported.", "Entrada do alias {0} n\u00E3o importada."}, + {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", + "Problema ao importar a entrada do alias {0}: {1}.\nEntrada do alias {0} n\u00E3o importada."}, + {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", + "Comando de importa\u00E7\u00E3o conclu\u00EDdo: {0} entradas importadas com \u00EAxito, {1} entradas falharam ou foram canceladas"}, + {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", + "Advert\u00EAncia: Substitui\u00E7\u00E3o do alias {0} existente na \u00E1rea de armazenamento de chaves de destino"}, + {"Existing.entry.alias.alias.exists.overwrite.no.", + "Entrada j\u00E1 existente no alias {0}, substituir? [n\u00E3o]: "}, + {"Too.many.failures.try.later", "Excesso de falhas - tente mais tarde"}, + {"Certification.request.stored.in.file.filename.", + "Solicita\u00E7\u00E3o de certificado armazenada no arquivo <{0}>"}, + {"Submit.this.to.your.CA", "Submeter \u00E0 CA"}, + {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", + "se o alias n\u00E3o estiver especificado, destalias, srckeypass e destkeypass n\u00E3o dever\u00E3o ser especificados"}, + {"Certificate.stored.in.file.filename.", + "Certificado armazenado no arquivo <{0}>"}, + {"Certificate.reply.was.installed.in.keystore", + "A resposta do certificado foi instalada na \u00E1rea de armazenamento de chaves"}, + {"Certificate.reply.was.not.installed.in.keystore", + "A resposta do certificado n\u00E3o foi instalada na \u00E1rea de armazenamento de chaves"}, + {"Certificate.was.added.to.keystore", + "O certificado foi adicionado \u00E0 \u00E1rea de armazenamento de chaves"}, + {"Certificate.was.not.added.to.keystore", + "O certificado n\u00E3o foi adicionado \u00E0 \u00E1rea de armazenamento de chaves"}, + {".Storing.ksfname.", "[Armazenando {0}]"}, + {"alias.has.no.public.key.certificate.", + "{0} n\u00E3o tem chave p\u00FAblica (certificado)"}, + {"Cannot.derive.signature.algorithm", + "N\u00E3o \u00E9 poss\u00EDvel obter um algoritmo de assinatura"}, + {"Alias.alias.does.not.exist", + "O alias <{0}> n\u00E3o existe"}, + {"Alias.alias.has.no.certificate", + "O alias <{0}> n\u00E3o tem certificado"}, + {"Key.pair.not.generated.alias.alias.already.exists", + "Par de chaves n\u00E3o gerado; o alias <{0}> j\u00E1 existe"}, + {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", + "Gerando o par de chaves {1} de {0} bit e o certificado autoassinado ({2}) com uma validade de {3} dias\n\tpara: {4}"}, + {"Enter.key.password.for.alias.", "Informar a senha da chave de <{0}>"}, + {".RETURN.if.same.as.keystore.password.", + "\t(RETURN se for igual \u00E0 senha da \u00E1rea do armazenamento de chaves): "}, + {"Key.password.is.too.short.must.be.at.least.6.characters", + "A senha da chave \u00E9 muito curta - deve ter, no m\u00EDnimo, 6 caracteres"}, + {"Too.many.failures.key.not.added.to.keystore", + "Excesso de falhas - chave n\u00E3o adicionada a \u00E1rea de armazenamento de chaves"}, + {"Destination.alias.dest.already.exists", + "O alias de destino <{0}> j\u00E1 existe"}, + {"Password.is.too.short.must.be.at.least.6.characters", + "A senha \u00E9 muito curta - deve ter, no m\u00EDnimo, 6 caracteres"}, + {"Too.many.failures.Key.entry.not.cloned", + "Excesso de falhas. Entrada da chave n\u00E3o clonada"}, + {"key.password.for.alias.", "senha da chave de <{0}>"}, + {"Keystore.entry.for.id.getName.already.exists", + "A entrada da \u00E1rea do armazenamento de chaves de <{0}> j\u00E1 existe"}, + {"Creating.keystore.entry.for.id.getName.", + "Criando entrada da \u00E1rea do armazenamento de chaves para <{0}> ..."}, + {"No.entries.from.identity.database.added", + "Nenhuma entrada adicionada do banco de dados de identidades"}, + {"Alias.name.alias", "Nome do alias: {0}"}, + {"Creation.date.keyStore.getCreationDate.alias.", + "Data de cria\u00E7\u00E3o: {0,date}"}, + {"alias.keyStore.getCreationDate.alias.", + "{0}, {1,date}, "}, + {"alias.", "{0}, "}, + {"Entry.type.type.", "Tipo de entrada: {0}"}, + {"Certificate.chain.length.", "Comprimento da cadeia de certificados: "}, + {"Certificate.i.1.", "Certificado[{0,number,integer}]:"}, + {"Certificate.fingerprint.SHA1.", "Fingerprint (SHA1) do certificado: "}, + {"Keystore.type.", "Tipo de \u00E1rea de armazenamento de chaves: "}, + {"Keystore.provider.", "Fornecedor da \u00E1rea de armazenamento de chaves: "}, + {"Your.keystore.contains.keyStore.size.entry", + "Sua \u00E1rea de armazenamento de chaves cont\u00E9m {0,number,integer} entrada"}, + {"Your.keystore.contains.keyStore.size.entries", + "Sua \u00E1rea de armazenamento de chaves cont\u00E9m {0,number,integer} entradas"}, + {"Failed.to.parse.input", "Falha durante o parsing da entrada"}, + {"Empty.input", "Entrada vazia"}, + {"Not.X.509.certificate", "N\u00E3o \u00E9 um certificado X.509"}, + {"alias.has.no.public.key", "{0} n\u00E3o tem chave p\u00FAblica"}, + {"alias.has.no.X.509.certificate", "{0} n\u00E3o tem certificado X.509"}, + {"New.certificate.self.signed.", "Novo certificado (autoassinado):"}, + {"Reply.has.no.certificates", "A resposta n\u00E3o tem certificado"}, + {"Certificate.not.imported.alias.alias.already.exists", + "Certificado n\u00E3o importado, o alias <{0}> j\u00E1 existe"}, + {"Input.not.an.X.509.certificate", "A entrada n\u00E3o \u00E9 um certificado X.509"}, + {"Certificate.already.exists.in.keystore.under.alias.trustalias.", + "O certificado j\u00E1 existe no armazenamento de chaves no alias <{0}>"}, + {"Do.you.still.want.to.add.it.no.", + "Ainda deseja adicion\u00E1-lo? [n\u00E3o]: "}, + {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", + "O certificado j\u00E1 existe na \u00E1rea de armazenamento de chaves da CA em todo o sistema no alias <{0}>"}, + {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", + "Ainda deseja adicion\u00E1-lo \u00E0 sua \u00E1rea de armazenamento de chaves? [n\u00E3o]: "}, + {"Trust.this.certificate.no.", "Confiar neste certificado? [n\u00E3o]: "}, + {"YES", "SIM"}, + {"New.prompt.", "Nova {0}: "}, + {"Passwords.must.differ", "As senhas devem ser diferentes"}, + {"Re.enter.new.prompt.", "Informe novamente a nova {0}: "}, + {"Re.enter.new.password.", "Informe novamente a nova senha: "}, + {"They.don.t.match.Try.again", "Elas n\u00E3o correspondem. Tente novamente"}, + {"Enter.prompt.alias.name.", "Informe o nome do alias {0}: "}, + {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", + "Informe o novo nome do alias\t(RETURN para cancelar a importa\u00E7\u00E3o desta entrada): "}, + {"Enter.alias.name.", "Informe o nome do alias: "}, + {".RETURN.if.same.as.for.otherAlias.", + "\t(RETURN se for igual ao de <{0}>)"}, + {".PATTERN.printX509Cert", + "Propriet\u00E1rio: {0}\nEmissor: {1}\nN\u00FAmero de s\u00E9rie: {2}\nV\u00E1lido de: {3} a: {4}\nFingerprints do certificado:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t Nome do algoritmo de assinatura: {8}\n\t Vers\u00E3o: {9}"}, + {"What.is.your.first.and.last.name.", + "Qual \u00E9 o seu nome e o seu sobrenome?"}, + {"What.is.the.name.of.your.organizational.unit.", + "Qual \u00E9 o nome da sua unidade organizacional?"}, + {"What.is.the.name.of.your.organization.", + "Qual \u00E9 o nome da sua empresa?"}, + {"What.is.the.name.of.your.City.or.Locality.", + "Qual \u00E9 o nome da sua Cidade ou Localidade?"}, + {"What.is.the.name.of.your.State.or.Province.", + "Qual \u00E9 o nome do seu Estado ou Munic\u00EDpio?"}, + {"What.is.the.two.letter.country.code.for.this.unit.", + "Quais s\u00E3o as duas letras do c\u00F3digo do pa\u00EDs desta unidade?"}, + {"Is.name.correct.", "{0} Est\u00E1 correto?"}, + {"no", "n\u00E3o"}, + {"yes", "sim"}, + {"y", "s"}, + {".defaultValue.", " [{0}]: "}, + {"Alias.alias.has.no.key", + "O alias <{0}> n\u00E3o tem chave"}, + {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", + "O alias <{0}> faz refer\u00EAncia a um tipo de entrada que n\u00E3o \u00E9 uma entrada de chave privada. O comando -keyclone oferece suporte somente \u00E0 clonagem de entradas de chave privada"}, + + {".WARNING.WARNING.WARNING.", + "***************** WARNING WARNING WARNING *****************"}, + {"Signer.d.", "Signat\u00E1rio #%d:"}, + {"Timestamp.", "Timestamp:"}, + {"Signature.", "Assinatura:"}, + {"CRLs.", "CRLs:"}, + {"Certificate.owner.", "Propriet\u00E1rio do certificado: "}, + {"Not.a.signed.jar.file", "N\u00E3o \u00E9 um arquivo jar assinado"}, + {"No.certificate.from.the.SSL.server", + "N\u00E3o \u00E9 um certificado do servidor SSL"}, + + {".The.integrity.of.the.information.stored.in.your.keystore.", + "* A integridade das informa\u00E7\u00F5es armazenadas na sua \u00E1rea de armazenamento de chaves *\n* N\u00C3O foi verificada! Para que seja poss\u00EDvel verificar sua integridade, *\n* voc\u00EA deve fornecer a senha da \u00E1rea de armazenamento de chaves. *"}, + {".The.integrity.of.the.information.stored.in.the.srckeystore.", + "* A integridade das informa\u00E7\u00F5es armazenadas no srckeystore *\n* N\u00C3O foi verificada! Para que seja poss\u00EDvel verificar sua integridade, *\n* voc\u00EA deve fornecer a senha do srckeystore. *"}, + + {"Certificate.reply.does.not.contain.public.key.for.alias.", + "A resposta do certificado n\u00E3o cont\u00E9m a chave p\u00FAblica de <{0}>"}, + {"Incomplete.certificate.chain.in.reply", + "Cadeia de certificados incompleta na resposta"}, + {"Certificate.chain.in.reply.does.not.verify.", + "A cadeia de certificados da resposta n\u00E3o verifica: "}, + {"Top.level.certificate.in.reply.", + "Certificado de n\u00EDvel superior na resposta:\n"}, + {".is.not.trusted.", "... n\u00E3o \u00E9 confi\u00E1vel. "}, + {"Install.reply.anyway.no.", "Instalar resposta assim mesmo? [n\u00E3o]: "}, + {"NO", "N\u00C3O"}, + {"Public.keys.in.reply.and.keystore.don.t.match", + "As chaves p\u00FAblicas da resposta e da \u00E1rea de armazenamento de chaves n\u00E3o correspondem"}, + {"Certificate.reply.and.certificate.in.keystore.are.identical", + "O certificado da resposta e o certificado da \u00E1rea de armazenamento de chaves s\u00E3o id\u00EAnticos"}, + {"Failed.to.establish.chain.from.reply", + "Falha ao estabelecer a cadeia a partir da resposta"}, + {"n", "n"}, + {"Wrong.answer.try.again", "Resposta errada; tente novamente"}, + {"Secret.key.not.generated.alias.alias.already.exists", + "Chave secreta n\u00E3o gerada; o alias <{0}> j\u00E1 existe"}, + {"Please.provide.keysize.for.secret.key.generation", + "Forne\u00E7a o -keysize para a gera\u00E7\u00E3o da chave secreta"}, + + {"Extensions.", "Extens\u00F5es: "}, + {".Empty.value.", "(Valor vazio)"}, + {"Extension.Request.", "Solicita\u00E7\u00E3o de Extens\u00E3o:"}, + {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", + "Solicita\u00E7\u00E3o do Certificado PKCS #10 (Vers\u00E3o 1.0)\nAssunto: %s\nChave P\u00FAblica: %s formato %s chave\n"}, + {"Unknown.keyUsage.type.", "Tipo de keyUsage desconhecido: "}, + {"Unknown.extendedkeyUsage.type.", "Tipo de extendedkeyUsage desconhecido: "}, + {"Unknown.AccessDescription.type.", "Tipo de AccessDescription desconhecido: "}, + {"Unrecognized.GeneralName.type.", "Tipo de GeneralName n\u00E3o reconhecido: "}, + {"This.extension.cannot.be.marked.as.critical.", + "Esta extens\u00E3o n\u00E3o pode ser marcada como cr\u00EDtica. "}, + {"Odd.number.of.hex.digits.found.", "Encontrado n\u00FAmero \u00EDmpar de seis d\u00EDgitos: "}, + {"Unknown.extension.type.", "Tipo de extens\u00E3o desconhecido: "}, + {"command.{0}.is.ambiguous.", "o comando {0} \u00E9 amb\u00EDguo:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Resources_sv.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,429 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.keytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the keytool. + * + */ +public class Resources_sv extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"STAR", + "*******************************************"}, + {"STARNN", + "*******************************************\n\n"}, + + // keytool: Help part + {".OPTION.", " [OPTION]..."}, + {"Options.", "Alternativ:"}, + {"Use.keytool.help.for.all.available.commands", + "L\u00E4s \"Hj\u00E4lp - Nyckelverktyg\" f\u00F6r alla tillg\u00E4ngliga kommandon"}, + {"Key.and.Certificate.Management.Tool", + "Hanteringsverktyg f\u00F6r nycklar och certifikat"}, + {"Commands.", "Kommandon:"}, + {"Use.keytool.command.name.help.for.usage.of.command.name", + "L\u00E4s \"Hj\u00E4lp - Nyckelverktyg - command_name\" om anv\u00E4ndning av command_name"}, + // keytool: help: commands + {"Generates.a.certificate.request", + "Genererar certifikatbeg\u00E4ran"}, //-certreq + {"Changes.an.entry.s.alias", + "\u00C4ndrar postalias"}, //-changealias + {"Deletes.an.entry", + "Tar bort post"}, //-delete + {"Exports.certificate", + "Exporterar certifikat"}, //-exportcert + {"Generates.a.key.pair", + "Genererar nyckelpar"}, //-genkeypair + {"Generates.a.secret.key", + "Genererar hemlig nyckel"}, //-genseckey + {"Generates.certificate.from.a.certificate.request", + "Genererar certifikat fr\u00E5n certifikatbeg\u00E4ran"}, //-gencert + {"Generates.CRL", "Genererar CRL"}, //-gencrl + {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", + "Importerar poster fr\u00E5n identitetsdatabas i JDK 1.1.x-format"}, //-identitydb + {"Imports.a.certificate.or.a.certificate.chain", + "Importerar ett certifikat eller en certifikatkedja"}, //-importcert + {"Imports.one.or.all.entries.from.another.keystore", + "Importerar en eller alla poster fr\u00E5n annat nyckellager"}, //-importkeystore + {"Clones.a.key.entry", + "Klonar en nyckelpost"}, //-keyclone + {"Changes.the.key.password.of.an.entry", + "\u00C4ndrar nyckell\u00F6senordet f\u00F6r en post"}, //-keypasswd + {"Lists.entries.in.a.keystore", + "Visar lista \u00F6ver poster i nyckellager"}, //-list + {"Prints.the.content.of.a.certificate", + "Skriver ut inneh\u00E5llet i ett certifikat"}, //-printcert + {"Prints.the.content.of.a.certificate.request", + "Skriver ut inneh\u00E5llet i en certifikatbeg\u00E4ran"}, //-printcertreq + {"Prints.the.content.of.a.CRL.file", + "Skriver ut inneh\u00E5llet i en CRL-fil"}, //-printcrl + {"Generates.a.self.signed.certificate", + "Genererar ett sj\u00E4lvsignerat certifikat"}, //-selfcert + {"Changes.the.store.password.of.a.keystore", + "\u00C4ndrar lagerl\u00F6senordet f\u00F6r ett nyckellager"}, //-storepasswd + // keytool: help: options + {"alias.name.of.the.entry.to.process", + "aliasnamn f\u00F6r post som ska bearbetas"}, //-alias + {"destination.alias", + "destinationsalias"}, //-destalias + {"destination.key.password", + "l\u00F6senord f\u00F6r destinationsnyckel"}, //-destkeypass + {"destination.keystore.name", + "namn p\u00E5 destinationsnyckellager"}, //-destkeystore + {"destination.keystore.password.protected", + "skyddat l\u00F6senord f\u00F6r destinationsnyckellager"}, //-destprotected + {"destination.keystore.provider.name", + "leverant\u00F6rsnamn f\u00F6r destinationsnyckellager"}, //-destprovidername + {"destination.keystore.password", + "l\u00F6senord f\u00F6r destinationsnyckellager"}, //-deststorepass + {"destination.keystore.type", + "typ av destinationsnyckellager"}, //-deststoretype + {"distinguished.name", + "unikt namn"}, //-dname + {"X.509.extension", + "X.509-till\u00E4gg"}, //-ext + {"output.file.name", + "namn p\u00E5 utdatafil"}, //-file and -outfile + {"input.file.name", + "namn p\u00E5 indatafil"}, //-file and -infile + {"key.algorithm.name", + "namn p\u00E5 nyckelalgoritm"}, //-keyalg + {"key.password", + "nyckell\u00F6senord"}, //-keypass + {"key.bit.size", + "nyckelbitstorlek"}, //-keysize + {"keystore.name", + "namn p\u00E5 nyckellager"}, //-keystore + {"new.password", + "nytt l\u00F6senord"}, //-new + {"do.not.prompt", + "fr\u00E5ga inte"}, //-noprompt + {"password.through.protected.mechanism", + "l\u00F6senord med skyddad mekanism"}, //-protected + {"provider.argument", + "leverant\u00F6rsargument"}, //-providerarg + {"provider.class.name", + "namn p\u00E5 leverant\u00F6rsklass"}, //-providerclass + {"provider.name", + "leverant\u00F6rsnamn"}, //-providername + {"provider.classpath", + "leverant\u00F6rsklass\u00F6kv\u00E4g"}, //-providerpath + {"output.in.RFC.style", + "utdata i RFC-format"}, //-rfc + {"signature.algorithm.name", + "namn p\u00E5 signaturalgoritm"}, //-sigalg + {"source.alias", + "k\u00E4llalias"}, //-srcalias + {"source.key.password", + "l\u00F6senord f\u00F6r k\u00E4llnyckel"}, //-srckeypass + {"source.keystore.name", + "namn p\u00E5 k\u00E4llnyckellager"}, //-srckeystore + {"source.keystore.password.protected", + "skyddat l\u00F6senord f\u00F6r k\u00E4llnyckellager"}, //-srcprotected + {"source.keystore.provider.name", + "leverant\u00F6rsnamn f\u00F6r k\u00E4llnyckellager"}, //-srcprovidername + {"source.keystore.password", + "l\u00F6senord f\u00F6r k\u00E4llnyckellager"}, //-srcstorepass + {"source.keystore.type", + "typ av k\u00E4llnyckellager"}, //-srcstoretype + {"SSL.server.host.and.port", + "SSL-serverv\u00E4rd och -port"}, //-sslserver + {"signed.jar.file", + "signerad jar-fil"}, //=jarfile + {"certificate.validity.start.date.time", + "startdatum/-tid f\u00F6r certifikatets giltighet"}, //-startdate + {"keystore.password", + "l\u00F6senord f\u00F6r nyckellager"}, //-storepass + {"keystore.type", + "nyckellagertyp"}, //-storetype + {"trust.certificates.from.cacerts", + "tillf\u00F6rlitliga certifikat fr\u00E5n cacerts"}, //-trustcacerts + {"verbose.output", + "utf\u00F6rliga utdata"}, //-v + {"validity.number.of.days", + "antal dagar f\u00F6r giltighet"}, //-validity + {"Serial.ID.of.cert.to.revoke", + "Seriellt ID f\u00F6r certifikat som ska \u00E5terkallas"}, //-id + // keytool: Running part + {"keytool.error.", "nyckelverktygsfel: "}, + {"Illegal.option.", "Otill\u00E5tet alternativ: "}, + {"Illegal.value.", "Otill\u00E5tet v\u00E4rde: "}, + {"Unknown.password.type.", "Ok\u00E4nd l\u00F6senordstyp: "}, + {"Cannot.find.environment.variable.", + "Hittar inte milj\u00F6variabel: "}, + {"Cannot.find.file.", "Hittar inte fil: "}, + {"Command.option.flag.needs.an.argument.", "Kommandoalternativet {0} beh\u00F6ver ett argument."}, + {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", + "Varning! PKCS12-nyckellager har inte st\u00F6d f\u00F6r olika l\u00F6senord f\u00F6r lagret och nyckeln. Det anv\u00E4ndarspecificerade {0}-v\u00E4rdet ignoreras."}, + {".keystore.must.be.NONE.if.storetype.is.{0}", + "-keystore m\u00E5ste vara NONE om -storetype \u00E4r {0}"}, + {"Too.many.retries.program.terminated", + "F\u00F6r m\u00E5nga f\u00F6rs\u00F6k. Programmet avslutas"}, + {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", + "-storepasswd- och -keypasswd-kommandon st\u00F6ds inte om -storetype \u00E4r {0}"}, + {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", + "-keypasswd-kommandon st\u00F6ds inte om -storetype \u00E4r PKCS12"}, + {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", + "-keypass och -new kan inte anges om -storetype \u00E4r {0}"}, + {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", + "om -protected har angetts f\u00E5r inte -storepass, -keypass och -new anges"}, + {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", + "om -srcprotected anges f\u00E5r -srcstorepass och -srckeypass inte anges"}, + {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", + "om nyckellagret inte \u00E4r l\u00F6senordsskyddat f\u00E5r -storepass, -keypass och -new inte anges"}, + {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", + "om k\u00E4llnyckellagret inte \u00E4r l\u00F6senordsskyddat f\u00E5r -srcstorepass och -srckeypass inte anges"}, + {"Illegal.startdate.value", "Otill\u00E5tet v\u00E4rde f\u00F6r startdatum"}, + {"Validity.must.be.greater.than.zero", + "Giltigheten m\u00E5ste vara st\u00F6rre \u00E4n noll"}, + {"provName.not.a.provider", "{0} \u00E4r inte en leverant\u00F6r"}, + {"Usage.error.no.command.provided", "Syntaxfel: inget kommando angivet"}, + {"Source.keystore.file.exists.but.is.empty.", "Nyckellagrets k\u00E4llfil finns, men \u00E4r tom: "}, + {"Please.specify.srckeystore", "Ange -srckeystore"}, + {"Must.not.specify.both.v.and.rfc.with.list.command", + "Kan inte specificera b\u00E5de -v och -rfc med 'list'-kommandot"}, + {"Key.password.must.be.at.least.6.characters", + "Nyckell\u00F6senordet m\u00E5ste inneh\u00E5lla minst 6 tecken"}, + {"New.password.must.be.at.least.6.characters", + "Det nya l\u00F6senordet m\u00E5ste inneh\u00E5lla minst 6 tecken"}, + {"Keystore.file.exists.but.is.empty.", + "Nyckellagerfilen finns, men \u00E4r tom: "}, + {"Keystore.file.does.not.exist.", + "Nyckellagerfilen finns inte: "}, + {"Must.specify.destination.alias", "Du m\u00E5ste ange destinationsalias"}, + {"Must.specify.alias", "Du m\u00E5ste ange alias"}, + {"Keystore.password.must.be.at.least.6.characters", + "Nyckellagerl\u00F6senordet m\u00E5ste inneh\u00E5lla minst 6 tecken"}, + {"Enter.keystore.password.", "Ange nyckellagerl\u00F6senord: "}, + {"Enter.source.keystore.password.", "Ange l\u00F6senord f\u00F6r k\u00E4llnyckellagret: "}, + {"Enter.destination.keystore.password.", "Ange nyckellagerl\u00F6senord f\u00F6r destination: "}, + {"Keystore.password.is.too.short.must.be.at.least.6.characters", + "Nyckellagerl\u00F6senordet \u00E4r f\u00F6r kort - det m\u00E5ste inneh\u00E5lla minst 6 tecken"}, + {"Unknown.Entry.Type", "Ok\u00E4nd posttyp"}, + {"Too.many.failures.Alias.not.changed", "F\u00F6r m\u00E5nga fel. Alias har inte \u00E4ndrats"}, + {"Entry.for.alias.alias.successfully.imported.", + "Posten f\u00F6r alias {0} har importerats."}, + {"Entry.for.alias.alias.not.imported.", "Posten f\u00F6r alias {0} har inte importerats."}, + {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", + "Ett problem uppstod vid importen av posten f\u00F6r alias {0}: {1}.\nPosten {0} har inte importerats."}, + {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", + "Kommandoimporten slutf\u00F6rd: {0} poster har importerats, {1} poster var felaktiga eller annullerades"}, + {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", + "Varning! Det befintliga aliaset {0} i destinationsnyckellagret skrivs \u00F6ver"}, + {"Existing.entry.alias.alias.exists.overwrite.no.", + "Aliaset {0} finns redan. Vill du skriva \u00F6ver det? [nej]: "}, + {"Too.many.failures.try.later", "F\u00F6r m\u00E5nga fel - f\u00F6rs\u00F6k igen senare"}, + {"Certification.request.stored.in.file.filename.", + "Certifikatbeg\u00E4ran har lagrats i filen <{0}>"}, + {"Submit.this.to.your.CA", "Skicka detta till certifikatutf\u00E4rdaren"}, + {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", + "om n\u00E5got alias inte anges f\u00E5r destalias, srckeypass och destkeypass inte anges"}, + {"Certificate.stored.in.file.filename.", + "Certifikatet har lagrats i filen <{0}>"}, + {"Certificate.reply.was.installed.in.keystore", + "Certifikatsvaret har installerats i nyckellagret"}, + {"Certificate.reply.was.not.installed.in.keystore", + "Certifikatsvaret har inte installerats i nyckellagret"}, + {"Certificate.was.added.to.keystore", + "Certifikatet har lagts till i nyckellagret"}, + {"Certificate.was.not.added.to.keystore", + "Certifikatet har inte lagts till i nyckellagret"}, + {".Storing.ksfname.", "[Lagrar {0}]"}, + {"alias.has.no.public.key.certificate.", + "{0} saknar offentlig nyckel (certifikat)"}, + {"Cannot.derive.signature.algorithm", + "Kan inte h\u00E4rleda signaturalgoritm"}, + {"Alias.alias.does.not.exist", + "Aliaset <{0}> finns inte"}, + {"Alias.alias.has.no.certificate", + "Aliaset <{0}> saknar certifikat"}, + {"Key.pair.not.generated.alias.alias.already.exists", + "Nyckelparet genererades inte. Aliaset <{0}> finns redan"}, + {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", + "Genererar {0} bitars {1}-nyckelpar och sj\u00E4lvsignerat certifikat ({2}) med en giltighet p\u00E5 {3} dagar\n\tf\u00F6r: {4}"}, + {"Enter.key.password.for.alias.", "Ange nyckell\u00F6senord f\u00F6r <{0}>"}, + {".RETURN.if.same.as.keystore.password.", + "\t(RETURN om det \u00E4r identiskt med nyckellagerl\u00F6senordet): "}, + {"Key.password.is.too.short.must.be.at.least.6.characters", + "Nyckell\u00F6senordet \u00E4r f\u00F6r kort - det m\u00E5ste inneh\u00E5lla minst 6 tecken"}, + {"Too.many.failures.key.not.added.to.keystore", + "F\u00F6r m\u00E5nga fel - nyckeln lades inte till i nyckellagret"}, + {"Destination.alias.dest.already.exists", + "Destinationsaliaset <{0}> finns redan"}, + {"Password.is.too.short.must.be.at.least.6.characters", + "L\u00F6senordet \u00E4r f\u00F6r kort - det m\u00E5ste inneh\u00E5lla minst 6 tecken"}, + {"Too.many.failures.Key.entry.not.cloned", + "F\u00F6r m\u00E5nga fel. Nyckelposten har inte klonats"}, + {"key.password.for.alias.", "nyckell\u00F6senord f\u00F6r <{0}>"}, + {"Keystore.entry.for.id.getName.already.exists", + "Nyckellagerpost f\u00F6r <{0}> finns redan"}, + {"Creating.keystore.entry.for.id.getName.", + "Skapar nyckellagerpost f\u00F6r <{0}> ..."}, + {"No.entries.from.identity.database.added", + "Inga poster fr\u00E5n identitetsdatabasen har lagts till"}, + {"Alias.name.alias", "Aliasnamn: {0}"}, + {"Creation.date.keyStore.getCreationDate.alias.", + "Skapat den: {0,date}"}, + {"alias.keyStore.getCreationDate.alias.", + "{0}, {1,date}, "}, + {"alias.", "{0}, "}, + {"Entry.type.type.", "Posttyp: {0}"}, + {"Certificate.chain.length.", "L\u00E4ngd p\u00E5 certifikatskedja: "}, + {"Certificate.i.1.", "Certifikat[{0,number,integer}]:"}, + {"Certificate.fingerprint.SHA1.", "Certifikatets fingeravtryck (SHA1): "}, + {"Keystore.type.", "Nyckellagertyp: "}, + {"Keystore.provider.", "Nyckellagerleverant\u00F6r: "}, + {"Your.keystore.contains.keyStore.size.entry", + "Nyckellagret inneh\u00E5ller {0,number,integer} post"}, + {"Your.keystore.contains.keyStore.size.entries", + "Nyckellagret inneh\u00E5ller {0,number,integer} poster"}, + {"Failed.to.parse.input", "Kunde inte tolka indata"}, + {"Empty.input", "Inga indata"}, + {"Not.X.509.certificate", "Inte ett X.509-certifikat"}, + {"alias.has.no.public.key", "{0} saknar offentlig nyckel"}, + {"alias.has.no.X.509.certificate", "{0} saknar X.509-certifikat"}, + {"New.certificate.self.signed.", "Nytt certifikat (sj\u00E4lvsignerat):"}, + {"Reply.has.no.certificates", "Svaret saknar certifikat"}, + {"Certificate.not.imported.alias.alias.already.exists", + "Certifikatet importerades inte. Aliaset <{0}> finns redan"}, + {"Input.not.an.X.509.certificate", "Indata \u00E4r inte ett X.509-certifikat"}, + {"Certificate.already.exists.in.keystore.under.alias.trustalias.", + "Certifikatet finns redan i nyckellagerfilen under aliaset <{0}>"}, + {"Do.you.still.want.to.add.it.no.", + "Vill du fortfarande l\u00E4gga till det? [nej]: "}, + {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", + "Certifikatet finns redan i den systemomsp\u00E4nnande CA-nyckellagerfilen under aliaset <{0}>"}, + {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", + "Vill du fortfarande l\u00E4gga till det i ditt eget nyckellagret? [nej]: "}, + {"Trust.this.certificate.no.", "Litar du p\u00E5 det h\u00E4r certifikatet? [nej]: "}, + {"YES", "JA"}, + {"New.prompt.", "Nytt {0}: "}, + {"Passwords.must.differ", "L\u00F6senorden m\u00E5ste vara olika"}, + {"Re.enter.new.prompt.", "Ange nytt {0} igen: "}, + {"Re.enter.new.password.", "Ange det nya l\u00F6senordet igen: "}, + {"They.don.t.match.Try.again", "De matchar inte. F\u00F6rs\u00F6k igen"}, + {"Enter.prompt.alias.name.", "Ange aliasnamn f\u00F6r {0}: "}, + {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", + "Ange ett nytt aliasnamn\t(skriv RETURN f\u00F6r att avbryta importen av denna post): "}, + {"Enter.alias.name.", "Ange aliasnamn: "}, + {".RETURN.if.same.as.for.otherAlias.", + "\t(RETURN om det \u00E4r det samma som f\u00F6r <{0}>)"}, + {".PATTERN.printX509Cert", + "\u00C4gare: {0}\nUtf\u00E4rdare: {1}\nSerienummer: {2}\nGiltigt fr\u00E5n den: {3} till: {4}\nCertifikatets fingeravtryck:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t Namn p\u00E5 signaturalgoritm: {8}\n\t Version: {9}"}, + {"What.is.your.first.and.last.name.", + "Vad heter du i f\u00F6r- och efternamn?"}, + {"What.is.the.name.of.your.organizational.unit.", + "Vad heter din avdelning inom organisationen?"}, + {"What.is.the.name.of.your.organization.", + "Vad heter din organisation?"}, + {"What.is.the.name.of.your.City.or.Locality.", + "Vad heter din ort eller plats?"}, + {"What.is.the.name.of.your.State.or.Province.", + "Vad heter ditt land eller din provins?"}, + {"What.is.the.two.letter.country.code.for.this.unit.", + "Vilken \u00E4r den tv\u00E5st\u00E4lliga landskoden?"}, + {"Is.name.correct.", "\u00C4r {0} korrekt?"}, + {"no", "nej"}, + {"yes", "ja"}, + {"y", "j"}, + {".defaultValue.", " [{0}]: "}, + {"Alias.alias.has.no.key", + "Aliaset <{0}> saknar nyckel"}, + {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", + "Aliaset <{0}> refererar till en posttyp som inte \u00E4r n\u00E5gon privat nyckelpost. Kommandot -keyclone har endast st\u00F6d f\u00F6r kloning av privata nyckelposter"}, + + {".WARNING.WARNING.WARNING.", + "***************** WARNING WARNING WARNING *****************"}, + {"Signer.d.", "Signerare #%d:"}, + {"Timestamp.", "Tidsst\u00E4mpel:"}, + {"Signature.", "Underskrift:"}, + {"CRLs.", "CRL:er:"}, + {"Certificate.owner.", "Certifikat\u00E4gare: "}, + {"Not.a.signed.jar.file", "Ingen signerad jar-fil"}, + {"No.certificate.from.the.SSL.server", + "Inget certifikat fr\u00E5n SSL-servern"}, + + {".The.integrity.of.the.information.stored.in.your.keystore.", + "* Integriteten f\u00F6r den information som lagras i nyckellagerfilen *\n* har INTE verifierats! Om du vill verifiera dess integritet *\n* m\u00E5ste du ange l\u00F6senordet f\u00F6r nyckellagret. *"}, + {".The.integrity.of.the.information.stored.in.the.srckeystore.", + "* Integriteten f\u00F6r den information som lagras i srckeystore*\n* har INTE verifierats! Om du vill verifiera dess integritet *\n* m\u00E5ste du ange l\u00F6senordet f\u00F6r srckeystore. *"}, + + {"Certificate.reply.does.not.contain.public.key.for.alias.", + "Certifikatsvaret inneh\u00E5ller inte n\u00E5gon offentlig nyckel f\u00F6r <{0}>"}, + {"Incomplete.certificate.chain.in.reply", + "Ofullst\u00E4ndig certifikatskedja i svaret"}, + {"Certificate.chain.in.reply.does.not.verify.", + "Certifikatskedjan i svaret g\u00E5r inte att verifiera: "}, + {"Top.level.certificate.in.reply.", + "Toppniv\u00E5certifikatet i svaret:\n"}, + {".is.not.trusted.", "... \u00E4r inte betrott. "}, + {"Install.reply.anyway.no.", "Vill du installera svaret \u00E4nd\u00E5? [nej]: "}, + {"NO", "NEJ"}, + {"Public.keys.in.reply.and.keystore.don.t.match", + "De offentliga nycklarna i svaret och nyckellagret matchar inte varandra"}, + {"Certificate.reply.and.certificate.in.keystore.are.identical", + "Certifikatsvaret och certifikatet i nyckellagret \u00E4r identiska"}, + {"Failed.to.establish.chain.from.reply", + "Kunde inte uppr\u00E4tta kedja fr\u00E5n svaret"}, + {"n", "n"}, + {"Wrong.answer.try.again", "Fel svar. F\u00F6rs\u00F6k p\u00E5 nytt."}, + {"Secret.key.not.generated.alias.alias.already.exists", + "Den hemliga nyckeln har inte genererats eftersom aliaset <{0}> redan finns"}, + {"Please.provide.keysize.for.secret.key.generation", + "Ange -keysize f\u00F6r att skapa hemlig nyckel"}, + + {"Extensions.", "Till\u00E4gg: "}, + {".Empty.value.", "(Tomt v\u00E4rde)"}, + {"Extension.Request.", "Till\u00E4ggsbeg\u00E4ran:"}, + {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", + "PKCS #10 certifikatbeg\u00E4ran (version 1.0)\n\u00C4mne: %s\nAllm\u00E4n nyckel: %s-format %s-nyckel\n"}, + {"Unknown.keyUsage.type.", "Ok\u00E4nd keyUsage-typ: "}, + {"Unknown.extendedkeyUsage.type.", "Ok\u00E4nd extendedkeyUsage-typ: "}, + {"Unknown.AccessDescription.type.", "Ok\u00E4nd AccessDescription-typ: "}, + {"Unrecognized.GeneralName.type.", "Ok\u00E4nd GeneralName-typ: "}, + {"This.extension.cannot.be.marked.as.critical.", + "Detta till\u00E4gg kan inte markeras som kritiskt. "}, + {"Odd.number.of.hex.digits.found.", "Udda antal hex-siffror p\u00E5tr\u00E4ffades: "}, + {"Unknown.extension.type.", "Ok\u00E4nd till\u00E4ggstyp: "}, + {"command.{0}.is.ambiguous.", "kommandot {0} \u00E4r tvetydigt:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Resources_zh_CN.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,429 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.keytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the keytool. + * + */ +public class Resources_zh_CN extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"STAR", + "*******************************************"}, + {"STARNN", + "*******************************************\n\n"}, + + // keytool: Help part + {".OPTION.", " [OPTION]..."}, + {"Options.", "\u9009\u9879:"}, + {"Use.keytool.help.for.all.available.commands", + "\u4F7F\u7528 \"keytool -help\" \u83B7\u53D6\u6240\u6709\u53EF\u7528\u547D\u4EE4"}, + {"Key.and.Certificate.Management.Tool", + "\u5BC6\u94A5\u548C\u8BC1\u4E66\u7BA1\u7406\u5DE5\u5177"}, + {"Commands.", "\u547D\u4EE4:"}, + {"Use.keytool.command.name.help.for.usage.of.command.name", + "\u4F7F\u7528 \"keytool -command_name -help\" \u83B7\u53D6 command_name \u7684\u7528\u6CD5"}, + // keytool: help: commands + {"Generates.a.certificate.request", + "\u751F\u6210\u8BC1\u4E66\u8BF7\u6C42"}, //-certreq + {"Changes.an.entry.s.alias", + "\u66F4\u6539\u6761\u76EE\u7684\u522B\u540D"}, //-changealias + {"Deletes.an.entry", + "\u5220\u9664\u6761\u76EE"}, //-delete + {"Exports.certificate", + "\u5BFC\u51FA\u8BC1\u4E66"}, //-exportcert + {"Generates.a.key.pair", + "\u751F\u6210\u5BC6\u94A5\u5BF9"}, //-genkeypair + {"Generates.a.secret.key", + "\u751F\u6210\u5BC6\u94A5"}, //-genseckey + {"Generates.certificate.from.a.certificate.request", + "\u6839\u636E\u8BC1\u4E66\u8BF7\u6C42\u751F\u6210\u8BC1\u4E66"}, //-gencert + {"Generates.CRL", "\u751F\u6210 CRL"}, //-gencrl + {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", + "\u4ECE JDK 1.1.x \u6837\u5F0F\u7684\u8EAB\u4EFD\u6570\u636E\u5E93\u5BFC\u5165\u6761\u76EE"}, //-identitydb + {"Imports.a.certificate.or.a.certificate.chain", + "\u5BFC\u5165\u8BC1\u4E66\u6216\u8BC1\u4E66\u94FE"}, //-importcert + {"Imports.one.or.all.entries.from.another.keystore", + "\u4ECE\u5176\u4ED6\u5BC6\u94A5\u5E93\u5BFC\u5165\u4E00\u4E2A\u6216\u6240\u6709\u6761\u76EE"}, //-importkeystore + {"Clones.a.key.entry", + "\u514B\u9686\u5BC6\u94A5\u6761\u76EE"}, //-keyclone + {"Changes.the.key.password.of.an.entry", + "\u66F4\u6539\u6761\u76EE\u7684\u5BC6\u94A5\u53E3\u4EE4"}, //-keypasswd + {"Lists.entries.in.a.keystore", + "\u5217\u51FA\u5BC6\u94A5\u5E93\u4E2D\u7684\u6761\u76EE"}, //-list + {"Prints.the.content.of.a.certificate", + "\u6253\u5370\u8BC1\u4E66\u5185\u5BB9"}, //-printcert + {"Prints.the.content.of.a.certificate.request", + "\u6253\u5370\u8BC1\u4E66\u8BF7\u6C42\u7684\u5185\u5BB9"}, //-printcertreq + {"Prints.the.content.of.a.CRL.file", + "\u6253\u5370 CRL \u6587\u4EF6\u7684\u5185\u5BB9"}, //-printcrl + {"Generates.a.self.signed.certificate", + "\u751F\u6210\u81EA\u7B7E\u540D\u8BC1\u4E66"}, //-selfcert + {"Changes.the.store.password.of.a.keystore", + "\u66F4\u6539\u5BC6\u94A5\u5E93\u7684\u5B58\u50A8\u53E3\u4EE4"}, //-storepasswd + // keytool: help: options + {"alias.name.of.the.entry.to.process", + "\u8981\u5904\u7406\u7684\u6761\u76EE\u7684\u522B\u540D"}, //-alias + {"destination.alias", + "\u76EE\u6807\u522B\u540D"}, //-destalias + {"destination.key.password", + "\u76EE\u6807\u5BC6\u94A5\u53E3\u4EE4"}, //-destkeypass + {"destination.keystore.name", + "\u76EE\u6807\u5BC6\u94A5\u5E93\u540D\u79F0"}, //-destkeystore + {"destination.keystore.password.protected", + "\u53D7\u4FDD\u62A4\u7684\u76EE\u6807\u5BC6\u94A5\u5E93\u53E3\u4EE4"}, //-destprotected + {"destination.keystore.provider.name", + "\u76EE\u6807\u5BC6\u94A5\u5E93\u63D0\u4F9B\u65B9\u540D\u79F0"}, //-destprovidername + {"destination.keystore.password", + "\u76EE\u6807\u5BC6\u94A5\u5E93\u53E3\u4EE4"}, //-deststorepass + {"destination.keystore.type", + "\u76EE\u6807\u5BC6\u94A5\u5E93\u7C7B\u578B"}, //-deststoretype + {"distinguished.name", + "\u552F\u4E00\u5224\u522B\u540D"}, //-dname + {"X.509.extension", + "X.509 \u6269\u5C55"}, //-ext + {"output.file.name", + "\u8F93\u51FA\u6587\u4EF6\u540D"}, //-file and -outfile + {"input.file.name", + "\u8F93\u5165\u6587\u4EF6\u540D"}, //-file and -infile + {"key.algorithm.name", + "\u5BC6\u94A5\u7B97\u6CD5\u540D\u79F0"}, //-keyalg + {"key.password", + "\u5BC6\u94A5\u53E3\u4EE4"}, //-keypass + {"key.bit.size", + "\u5BC6\u94A5\u4F4D\u5927\u5C0F"}, //-keysize + {"keystore.name", + "\u5BC6\u94A5\u5E93\u540D\u79F0"}, //-keystore + {"new.password", + "\u65B0\u53E3\u4EE4"}, //-new + {"do.not.prompt", + "\u4E0D\u63D0\u793A"}, //-noprompt + {"password.through.protected.mechanism", + "\u901A\u8FC7\u53D7\u4FDD\u62A4\u7684\u673A\u5236\u7684\u53E3\u4EE4"}, //-protected + {"provider.argument", + "\u63D0\u4F9B\u65B9\u53C2\u6570"}, //-providerarg + {"provider.class.name", + "\u63D0\u4F9B\u65B9\u7C7B\u540D"}, //-providerclass + {"provider.name", + "\u63D0\u4F9B\u65B9\u540D\u79F0"}, //-providername + {"provider.classpath", + "\u63D0\u4F9B\u65B9\u7C7B\u8DEF\u5F84"}, //-providerpath + {"output.in.RFC.style", + "\u4EE5 RFC \u6837\u5F0F\u8F93\u51FA"}, //-rfc + {"signature.algorithm.name", + "\u7B7E\u540D\u7B97\u6CD5\u540D\u79F0"}, //-sigalg + {"source.alias", + "\u6E90\u522B\u540D"}, //-srcalias + {"source.key.password", + "\u6E90\u5BC6\u94A5\u53E3\u4EE4"}, //-srckeypass + {"source.keystore.name", + "\u6E90\u5BC6\u94A5\u5E93\u540D\u79F0"}, //-srckeystore + {"source.keystore.password.protected", + "\u53D7\u4FDD\u62A4\u7684\u6E90\u5BC6\u94A5\u5E93\u53E3\u4EE4"}, //-srcprotected + {"source.keystore.provider.name", + "\u6E90\u5BC6\u94A5\u5E93\u63D0\u4F9B\u65B9\u540D\u79F0"}, //-srcprovidername + {"source.keystore.password", + "\u6E90\u5BC6\u94A5\u5E93\u53E3\u4EE4"}, //-srcstorepass + {"source.keystore.type", + "\u6E90\u5BC6\u94A5\u5E93\u7C7B\u578B"}, //-srcstoretype + {"SSL.server.host.and.port", + "SSL \u670D\u52A1\u5668\u4E3B\u673A\u548C\u7AEF\u53E3"}, //-sslserver + {"signed.jar.file", + "\u5DF2\u7B7E\u540D\u7684 jar \u6587\u4EF6"}, //=jarfile + {"certificate.validity.start.date.time", + "\u8BC1\u4E66\u6709\u6548\u671F\u5F00\u59CB\u65E5\u671F/\u65F6\u95F4"}, //-startdate + {"keystore.password", + "\u5BC6\u94A5\u5E93\u53E3\u4EE4"}, //-storepass + {"keystore.type", + "\u5BC6\u94A5\u5E93\u7C7B\u578B"}, //-storetype + {"trust.certificates.from.cacerts", + "\u4FE1\u4EFB\u6765\u81EA cacerts \u7684\u8BC1\u4E66"}, //-trustcacerts + {"verbose.output", + "\u8BE6\u7EC6\u8F93\u51FA"}, //-v + {"validity.number.of.days", + "\u6709\u6548\u5929\u6570"}, //-validity + {"Serial.ID.of.cert.to.revoke", + "\u8981\u64A4\u9500\u7684\u8BC1\u4E66\u7684\u5E8F\u5217 ID"}, //-id + // keytool: Running part + {"keytool.error.", "keytool \u9519\u8BEF: "}, + {"Illegal.option.", "\u975E\u6CD5\u9009\u9879: "}, + {"Illegal.value.", "\u975E\u6CD5\u503C: "}, + {"Unknown.password.type.", "\u672A\u77E5\u53E3\u4EE4\u7C7B\u578B: "}, + {"Cannot.find.environment.variable.", + "\u627E\u4E0D\u5230\u73AF\u5883\u53D8\u91CF: "}, + {"Cannot.find.file.", "\u627E\u4E0D\u5230\u6587\u4EF6: "}, + {"Command.option.flag.needs.an.argument.", "\u547D\u4EE4\u9009\u9879{0}\u9700\u8981\u4E00\u4E2A\u53C2\u6570\u3002"}, + {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", + "\u8B66\u544A: PKCS12 \u5BC6\u94A5\u5E93\u4E0D\u652F\u6301\u5176\u4ED6\u5B58\u50A8\u548C\u5BC6\u94A5\u53E3\u4EE4\u3002\u6B63\u5728\u5FFD\u7565\u7528\u6237\u6307\u5B9A\u7684{0}\u503C\u3002"}, + {".keystore.must.be.NONE.if.storetype.is.{0}", + "\u5982\u679C -storetype \u4E3A {0}, \u5219 -keystore \u5FC5\u987B\u4E3A NONE"}, + {"Too.many.retries.program.terminated", + "\u91CD\u8BD5\u6B21\u6570\u8FC7\u591A, \u7A0B\u5E8F\u5DF2\u7EC8\u6B62"}, + {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", + "\u5982\u679C -storetype \u4E3A {0}, \u5219\u4E0D\u652F\u6301 -storepasswd \u548C -keypasswd \u547D\u4EE4"}, + {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", + "\u5982\u679C -storetype \u4E3A PKCS12, \u5219\u4E0D\u652F\u6301 -keypasswd \u547D\u4EE4"}, + {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", + "\u5982\u679C -storetype \u4E3A {0}, \u5219\u4E0D\u80FD\u6307\u5B9A -keypass \u548C -new"}, + {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", + "\u5982\u679C\u6307\u5B9A\u4E86 -protected, \u5219\u4E0D\u80FD\u6307\u5B9A -storepass, -keypass \u548C -new"}, + {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", + "\u5982\u679C\u6307\u5B9A\u4E86 -srcprotected, \u5219\u4E0D\u80FD\u6307\u5B9A -srcstorepass \u548C -srckeypass"}, + {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", + "\u5982\u679C\u5BC6\u94A5\u5E93\u672A\u53D7\u53E3\u4EE4\u4FDD\u62A4, \u5219\u4E0D\u80FD\u6307\u5B9A -storepass, -keypass \u548C -new"}, + {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", + "\u5982\u679C\u6E90\u5BC6\u94A5\u5E93\u672A\u53D7\u53E3\u4EE4\u4FDD\u62A4, \u5219\u4E0D\u80FD\u6307\u5B9A -srcstorepass \u548C -srckeypass"}, + {"Illegal.startdate.value", "\u975E\u6CD5\u5F00\u59CB\u65E5\u671F\u503C"}, + {"Validity.must.be.greater.than.zero", + "\u6709\u6548\u6027\u5FC5\u987B\u5927\u4E8E\u96F6"}, + {"provName.not.a.provider", "{0}\u4E0D\u662F\u63D0\u4F9B\u65B9"}, + {"Usage.error.no.command.provided", "\u7528\u6CD5\u9519\u8BEF: \u6CA1\u6709\u63D0\u4F9B\u547D\u4EE4"}, + {"Source.keystore.file.exists.but.is.empty.", "\u6E90\u5BC6\u94A5\u5E93\u6587\u4EF6\u5B58\u5728, \u4F46\u4E3A\u7A7A: "}, + {"Please.specify.srckeystore", "\u8BF7\u6307\u5B9A -srckeystore"}, + {"Must.not.specify.both.v.and.rfc.with.list.command", + "\u4E0D\u80FD\u4F7F\u7528 'list' \u547D\u4EE4\u6765\u6307\u5B9A -v \u53CA -rfc"}, + {"Key.password.must.be.at.least.6.characters", + "\u5BC6\u94A5\u53E3\u4EE4\u81F3\u5C11\u5FC5\u987B\u4E3A 6 \u4E2A\u5B57\u7B26"}, + {"New.password.must.be.at.least.6.characters", + "\u65B0\u53E3\u4EE4\u81F3\u5C11\u5FC5\u987B\u4E3A 6 \u4E2A\u5B57\u7B26"}, + {"Keystore.file.exists.but.is.empty.", + "\u5BC6\u94A5\u5E93\u6587\u4EF6\u5B58\u5728, \u4F46\u4E3A\u7A7A: "}, + {"Keystore.file.does.not.exist.", + "\u5BC6\u94A5\u5E93\u6587\u4EF6\u4E0D\u5B58\u5728: "}, + {"Must.specify.destination.alias", "\u5FC5\u987B\u6307\u5B9A\u76EE\u6807\u522B\u540D"}, + {"Must.specify.alias", "\u5FC5\u987B\u6307\u5B9A\u522B\u540D"}, + {"Keystore.password.must.be.at.least.6.characters", + "\u5BC6\u94A5\u5E93\u53E3\u4EE4\u81F3\u5C11\u5FC5\u987B\u4E3A 6 \u4E2A\u5B57\u7B26"}, + {"Enter.keystore.password.", "\u8F93\u5165\u5BC6\u94A5\u5E93\u53E3\u4EE4: "}, + {"Enter.source.keystore.password.", "\u8F93\u5165\u6E90\u5BC6\u94A5\u5E93\u53E3\u4EE4: "}, + {"Enter.destination.keystore.password.", "\u8F93\u5165\u76EE\u6807\u5BC6\u94A5\u5E93\u53E3\u4EE4: "}, + {"Keystore.password.is.too.short.must.be.at.least.6.characters", + "\u5BC6\u94A5\u5E93\u53E3\u4EE4\u592A\u77ED - \u81F3\u5C11\u5FC5\u987B\u4E3A 6 \u4E2A\u5B57\u7B26"}, + {"Unknown.Entry.Type", "\u672A\u77E5\u6761\u76EE\u7C7B\u578B"}, + {"Too.many.failures.Alias.not.changed", "\u6545\u969C\u592A\u591A\u3002\u672A\u66F4\u6539\u522B\u540D"}, + {"Entry.for.alias.alias.successfully.imported.", + "\u5DF2\u6210\u529F\u5BFC\u5165\u522B\u540D {0} \u7684\u6761\u76EE\u3002"}, + {"Entry.for.alias.alias.not.imported.", "\u672A\u5BFC\u5165\u522B\u540D {0} \u7684\u6761\u76EE\u3002"}, + {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", + "\u5BFC\u5165\u522B\u540D {0} \u7684\u6761\u76EE\u65F6\u51FA\u73B0\u95EE\u9898: {1}\u3002\n\u672A\u5BFC\u5165\u522B\u540D {0} \u7684\u6761\u76EE\u3002"}, + {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", + "\u5DF2\u5B8C\u6210\u5BFC\u5165\u547D\u4EE4: {0} \u4E2A\u6761\u76EE\u6210\u529F\u5BFC\u5165, {1} \u4E2A\u6761\u76EE\u5931\u8D25\u6216\u53D6\u6D88"}, + {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", + "\u8B66\u544A: \u6B63\u5728\u8986\u76D6\u76EE\u6807\u5BC6\u94A5\u5E93\u4E2D\u7684\u73B0\u6709\u522B\u540D {0}"}, + {"Existing.entry.alias.alias.exists.overwrite.no.", + "\u5B58\u5728\u73B0\u6709\u6761\u76EE\u522B\u540D {0}, \u662F\u5426\u8986\u76D6? [\u5426]: "}, + {"Too.many.failures.try.later", "\u6545\u969C\u592A\u591A - \u8BF7\u7A0D\u540E\u518D\u8BD5"}, + {"Certification.request.stored.in.file.filename.", + "\u5B58\u50A8\u5728\u6587\u4EF6 <{0}> \u4E2D\u7684\u8BA4\u8BC1\u8BF7\u6C42"}, + {"Submit.this.to.your.CA", "\u5C06\u6B64\u63D0\u4EA4\u7ED9\u60A8\u7684 CA"}, + {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", + "\u5982\u679C\u6CA1\u6709\u6307\u5B9A\u522B\u540D, \u5219\u4E0D\u80FD\u6307\u5B9A\u76EE\u6807\u522B\u540D, \u6E90\u5BC6\u94A5\u5E93\u53E3\u4EE4\u548C\u76EE\u6807\u5BC6\u94A5\u5E93\u53E3\u4EE4"}, + {"Certificate.stored.in.file.filename.", + "\u5B58\u50A8\u5728\u6587\u4EF6 <{0}> \u4E2D\u7684\u8BC1\u4E66"}, + {"Certificate.reply.was.installed.in.keystore", + "\u8BC1\u4E66\u56DE\u590D\u5DF2\u5B89\u88C5\u5728\u5BC6\u94A5\u5E93\u4E2D"}, + {"Certificate.reply.was.not.installed.in.keystore", + "\u8BC1\u4E66\u56DE\u590D\u672A\u5B89\u88C5\u5728\u5BC6\u94A5\u5E93\u4E2D"}, + {"Certificate.was.added.to.keystore", + "\u8BC1\u4E66\u5DF2\u6DFB\u52A0\u5230\u5BC6\u94A5\u5E93\u4E2D"}, + {"Certificate.was.not.added.to.keystore", + "\u8BC1\u4E66\u672A\u6DFB\u52A0\u5230\u5BC6\u94A5\u5E93\u4E2D"}, + {".Storing.ksfname.", "[\u6B63\u5728\u5B58\u50A8{0}]"}, + {"alias.has.no.public.key.certificate.", + "{0}\u6CA1\u6709\u516C\u5171\u5BC6\u94A5 (\u8BC1\u4E66)"}, + {"Cannot.derive.signature.algorithm", + "\u65E0\u6CD5\u6D3E\u751F\u7B7E\u540D\u7B97\u6CD5"}, + {"Alias.alias.does.not.exist", + "\u522B\u540D <{0}> \u4E0D\u5B58\u5728"}, + {"Alias.alias.has.no.certificate", + "\u522B\u540D <{0}> \u6CA1\u6709\u8BC1\u4E66"}, + {"Key.pair.not.generated.alias.alias.already.exists", + "\u672A\u751F\u6210\u5BC6\u94A5\u5BF9, \u522B\u540D <{0}> \u5DF2\u7ECF\u5B58\u5728"}, + {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", + "\u6B63\u5728\u4E3A\u4EE5\u4E0B\u5BF9\u8C61\u751F\u6210 {0} \u4F4D{1}\u5BC6\u94A5\u5BF9\u548C\u81EA\u7B7E\u540D\u8BC1\u4E66 ({2}) (\u6709\u6548\u671F\u4E3A {3} \u5929):\n\t {4}"}, + {"Enter.key.password.for.alias.", "\u8F93\u5165 <{0}> \u7684\u5BC6\u94A5\u53E3\u4EE4"}, + {".RETURN.if.same.as.keystore.password.", + "\t(\u5982\u679C\u548C\u5BC6\u94A5\u5E93\u53E3\u4EE4\u76F8\u540C, \u6309\u56DE\u8F66): "}, + {"Key.password.is.too.short.must.be.at.least.6.characters", + "\u5BC6\u94A5\u53E3\u4EE4\u592A\u77ED - \u81F3\u5C11\u5FC5\u987B\u4E3A 6 \u4E2A\u5B57\u7B26"}, + {"Too.many.failures.key.not.added.to.keystore", + "\u6545\u969C\u592A\u591A - \u5BC6\u94A5\u672A\u6DFB\u52A0\u5230\u5BC6\u94A5\u5E93\u4E2D"}, + {"Destination.alias.dest.already.exists", + "\u76EE\u6807\u522B\u540D <{0}> \u5DF2\u7ECF\u5B58\u5728"}, + {"Password.is.too.short.must.be.at.least.6.characters", + "\u53E3\u4EE4\u592A\u77ED - \u81F3\u5C11\u5FC5\u987B\u4E3A 6 \u4E2A\u5B57\u7B26"}, + {"Too.many.failures.Key.entry.not.cloned", + "\u6545\u969C\u592A\u591A\u3002\u672A\u514B\u9686\u5BC6\u94A5\u6761\u76EE"}, + {"key.password.for.alias.", "<{0}> \u7684\u5BC6\u94A5\u53E3\u4EE4"}, + {"Keystore.entry.for.id.getName.already.exists", + "<{0}> \u7684\u5BC6\u94A5\u5E93\u6761\u76EE\u5DF2\u7ECF\u5B58\u5728"}, + {"Creating.keystore.entry.for.id.getName.", + "\u6B63\u5728\u521B\u5EFA <{0}> \u7684\u5BC6\u94A5\u5E93\u6761\u76EE..."}, + {"No.entries.from.identity.database.added", + "\u672A\u4ECE\u8EAB\u4EFD\u6570\u636E\u5E93\u4E2D\u6DFB\u52A0\u4EFB\u4F55\u6761\u76EE"}, + {"Alias.name.alias", "\u522B\u540D: {0}"}, + {"Creation.date.keyStore.getCreationDate.alias.", + "\u521B\u5EFA\u65E5\u671F: {0,date}"}, + {"alias.keyStore.getCreationDate.alias.", + "{0}, {1,date}, "}, + {"alias.", "{0}, "}, + {"Entry.type.type.", "\u6761\u76EE\u7C7B\u578B: {0}"}, + {"Certificate.chain.length.", "\u8BC1\u4E66\u94FE\u957F\u5EA6: "}, + {"Certificate.i.1.", "\u8BC1\u4E66[{0,number,integer}]:"}, + {"Certificate.fingerprint.SHA1.", "\u8BC1\u4E66\u6307\u7EB9 (SHA1): "}, + {"Keystore.type.", "\u5BC6\u94A5\u5E93\u7C7B\u578B: "}, + {"Keystore.provider.", "\u5BC6\u94A5\u5E93\u63D0\u4F9B\u65B9: "}, + {"Your.keystore.contains.keyStore.size.entry", + "\u60A8\u7684\u5BC6\u94A5\u5E93\u5305\u542B {0,number,integer} \u4E2A\u6761\u76EE"}, + {"Your.keystore.contains.keyStore.size.entries", + "\u60A8\u7684\u5BC6\u94A5\u5E93\u5305\u542B {0,number,integer} \u4E2A\u6761\u76EE"}, + {"Failed.to.parse.input", "\u65E0\u6CD5\u89E3\u6790\u8F93\u5165"}, + {"Empty.input", "\u7A7A\u8F93\u5165"}, + {"Not.X.509.certificate", "\u975E X.509 \u8BC1\u4E66"}, + {"alias.has.no.public.key", "{0}\u6CA1\u6709\u516C\u5171\u5BC6\u94A5"}, + {"alias.has.no.X.509.certificate", "{0}\u6CA1\u6709 X.509 \u8BC1\u4E66"}, + {"New.certificate.self.signed.", "\u65B0\u8BC1\u4E66 (\u81EA\u7B7E\u540D):"}, + {"Reply.has.no.certificates", "\u56DE\u590D\u4E2D\u6CA1\u6709\u8BC1\u4E66"}, + {"Certificate.not.imported.alias.alias.already.exists", + "\u8BC1\u4E66\u672A\u5BFC\u5165, \u522B\u540D <{0}> \u5DF2\u7ECF\u5B58\u5728"}, + {"Input.not.an.X.509.certificate", "\u6240\u8F93\u5165\u7684\u4E0D\u662F X.509 \u8BC1\u4E66"}, + {"Certificate.already.exists.in.keystore.under.alias.trustalias.", + "\u5728\u522B\u540D <{0}> \u4E4B\u4E0B, \u8BC1\u4E66\u5DF2\u7ECF\u5B58\u5728\u4E8E\u5BC6\u94A5\u5E93\u4E2D"}, + {"Do.you.still.want.to.add.it.no.", + "\u662F\u5426\u4ECD\u8981\u6DFB\u52A0? [\u5426]: "}, + {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", + "\u5728\u522B\u540D <{0}> \u4E4B\u4E0B, \u8BC1\u4E66\u5DF2\u7ECF\u5B58\u5728\u4E8E\u7CFB\u7EDF\u8303\u56F4\u7684 CA \u5BC6\u94A5\u5E93\u4E2D"}, + {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", + "\u662F\u5426\u4ECD\u8981\u5C06\u5B83\u6DFB\u52A0\u5230\u81EA\u5DF1\u7684\u5BC6\u94A5\u5E93? [\u5426]: "}, + {"Trust.this.certificate.no.", "\u662F\u5426\u4FE1\u4EFB\u6B64\u8BC1\u4E66? [\u5426]: "}, + {"YES", "YES"}, + {"New.prompt.", "\u65B0{0}: "}, + {"Passwords.must.differ", "\u53E3\u4EE4\u4E0D\u80FD\u76F8\u540C"}, + {"Re.enter.new.prompt.", "\u91CD\u65B0\u8F93\u5165\u65B0{0}: "}, + {"Re.enter.new.password.", "\u518D\u6B21\u8F93\u5165\u65B0\u53E3\u4EE4: "}, + {"They.don.t.match.Try.again", "\u5B83\u4EEC\u4E0D\u5339\u914D\u3002\u8BF7\u91CD\u8BD5"}, + {"Enter.prompt.alias.name.", "\u8F93\u5165{0}\u522B\u540D: "}, + {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", + "\u5BFC\u5165\u65B0\u7684\u522B\u540D\t(\u6309\u56DE\u8F66\u4EE5\u53D6\u6D88\u5BF9\u6B64\u6761\u76EE\u7684\u5BFC\u5165): "}, + {"Enter.alias.name.", "\u8F93\u5165\u522B\u540D: "}, + {".RETURN.if.same.as.for.otherAlias.", + "\t(\u5982\u679C\u548C <{0}> \u76F8\u540C, \u5219\u6309\u56DE\u8F66)"}, + {".PATTERN.printX509Cert", + "\u6240\u6709\u8005: {0}\n\u53D1\u5E03\u8005: {1}\n\u5E8F\u5217\u53F7: {2}\n\u6709\u6548\u671F\u5F00\u59CB\u65E5\u671F: {3}, \u622A\u6B62\u65E5\u671F: {4}\n\u8BC1\u4E66\u6307\u7EB9:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t \u7B7E\u540D\u7B97\u6CD5\u540D\u79F0: {8}\n\t \u7248\u672C: {9}"}, + {"What.is.your.first.and.last.name.", + "\u60A8\u7684\u540D\u5B57\u4E0E\u59D3\u6C0F\u662F\u4EC0\u4E48?"}, + {"What.is.the.name.of.your.organizational.unit.", + "\u60A8\u7684\u7EC4\u7EC7\u5355\u4F4D\u540D\u79F0\u662F\u4EC0\u4E48?"}, + {"What.is.the.name.of.your.organization.", + "\u60A8\u7684\u7EC4\u7EC7\u540D\u79F0\u662F\u4EC0\u4E48?"}, + {"What.is.the.name.of.your.City.or.Locality.", + "\u60A8\u6240\u5728\u7684\u57CE\u5E02\u6216\u533A\u57DF\u540D\u79F0\u662F\u4EC0\u4E48?"}, + {"What.is.the.name.of.your.State.or.Province.", + "\u60A8\u6240\u5728\u7684\u7701/\u5E02/\u81EA\u6CBB\u533A\u540D\u79F0\u662F\u4EC0\u4E48?"}, + {"What.is.the.two.letter.country.code.for.this.unit.", + "\u8BE5\u5355\u4F4D\u7684\u53CC\u5B57\u6BCD\u56FD\u5BB6/\u5730\u533A\u4EE3\u7801\u662F\u4EC0\u4E48?"}, + {"Is.name.correct.", "{0}\u662F\u5426\u6B63\u786E?"}, + {"no", "\u5426"}, + {"yes", "\u662F"}, + {"y", "y"}, + {".defaultValue.", " [{0}]: "}, + {"Alias.alias.has.no.key", + "\u522B\u540D <{0}> \u6CA1\u6709\u5BC6\u94A5"}, + {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", + "\u522B\u540D <{0}> \u5F15\u7528\u4E86\u4E0D\u5C5E\u4E8E\u79C1\u6709\u5BC6\u94A5\u6761\u76EE\u7684\u6761\u76EE\u7C7B\u578B\u3002-keyclone \u547D\u4EE4\u4EC5\u652F\u6301\u5BF9\u79C1\u6709\u5BC6\u94A5\u6761\u76EE\u7684\u514B\u9686"}, + + {".WARNING.WARNING.WARNING.", + "***************** WARNING WARNING WARNING *****************"}, + {"Signer.d.", "\u7B7E\u540D\u8005 #%d:"}, + {"Timestamp.", "\u65F6\u95F4\u6233:"}, + {"Signature.", "\u7B7E\u540D:"}, + {"CRLs.", "CRL:"}, + {"Certificate.owner.", "\u8BC1\u4E66\u6240\u6709\u8005: "}, + {"Not.a.signed.jar.file", "\u4E0D\u662F\u5DF2\u7B7E\u540D\u7684 jar \u6587\u4EF6"}, + {"No.certificate.from.the.SSL.server", + "\u6CA1\u6709\u6765\u81EA SSL \u670D\u52A1\u5668\u7684\u8BC1\u4E66"}, + + {".The.integrity.of.the.information.stored.in.your.keystore.", + "* \u5B58\u50A8\u5728\u60A8\u7684\u5BC6\u94A5\u5E93\u4E2D\u7684\u4FE1\u606F\u7684\u5B8C\u6574\u6027 *\n* \u5C1A\u672A\u7ECF\u8FC7\u9A8C\u8BC1! \u4E3A\u4E86\u9A8C\u8BC1\u5176\u5B8C\u6574\u6027, *\n* \u5FC5\u987B\u63D0\u4F9B\u5BC6\u94A5\u5E93\u53E3\u4EE4\u3002 *"}, + {".The.integrity.of.the.information.stored.in.the.srckeystore.", + "* \u5B58\u50A8\u5728 srckeystore \u4E2D\u7684\u4FE1\u606F\u7684\u5B8C\u6574\u6027*\n* \u5C1A\u672A\u7ECF\u8FC7\u9A8C\u8BC1! \u4E3A\u4E86\u9A8C\u8BC1\u5176\u5B8C\u6574\u6027, *\n* \u5FC5\u987B\u63D0\u4F9B\u6E90\u5BC6\u94A5\u5E93\u53E3\u4EE4\u3002 *"}, + + {"Certificate.reply.does.not.contain.public.key.for.alias.", + "\u8BC1\u4E66\u56DE\u590D\u4E2D\u4E0D\u5305\u542B <{0}> \u7684\u516C\u5171\u5BC6\u94A5"}, + {"Incomplete.certificate.chain.in.reply", + "\u56DE\u590D\u4E2D\u7684\u8BC1\u4E66\u94FE\u4E0D\u5B8C\u6574"}, + {"Certificate.chain.in.reply.does.not.verify.", + "\u56DE\u590D\u4E2D\u7684\u8BC1\u4E66\u94FE\u672A\u9A8C\u8BC1: "}, + {"Top.level.certificate.in.reply.", + "\u56DE\u590D\u4E2D\u7684\u9876\u7EA7\u8BC1\u4E66:\n"}, + {".is.not.trusted.", "... \u662F\u4E0D\u53EF\u4FE1\u7684\u3002"}, + {"Install.reply.anyway.no.", "\u662F\u5426\u4ECD\u8981\u5B89\u88C5\u56DE\u590D? [\u5426]: "}, + {"NO", "NO"}, + {"Public.keys.in.reply.and.keystore.don.t.match", + "\u56DE\u590D\u4E2D\u7684\u516C\u5171\u5BC6\u94A5\u4E0E\u5BC6\u94A5\u5E93\u4E0D\u5339\u914D"}, + {"Certificate.reply.and.certificate.in.keystore.are.identical", + "\u8BC1\u4E66\u56DE\u590D\u4E0E\u5BC6\u94A5\u5E93\u4E2D\u7684\u8BC1\u4E66\u662F\u76F8\u540C\u7684"}, + {"Failed.to.establish.chain.from.reply", + "\u65E0\u6CD5\u4ECE\u56DE\u590D\u4E2D\u5EFA\u7ACB\u94FE"}, + {"n", "n"}, + {"Wrong.answer.try.again", "\u9519\u8BEF\u7684\u7B54\u6848, \u8BF7\u518D\u8BD5\u4E00\u6B21"}, + {"Secret.key.not.generated.alias.alias.already.exists", + "\u6CA1\u6709\u751F\u6210\u5BC6\u94A5, \u522B\u540D <{0}> \u5DF2\u7ECF\u5B58\u5728"}, + {"Please.provide.keysize.for.secret.key.generation", + "\u8BF7\u63D0\u4F9B -keysize \u4EE5\u751F\u6210\u5BC6\u94A5"}, + + {"Extensions.", "\u6269\u5C55: "}, + {".Empty.value.", "(\u7A7A\u503C)"}, + {"Extension.Request.", "\u6269\u5C55\u8BF7\u6C42:"}, + {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", + "PKCS #10 \u8BC1\u4E66\u8BF7\u6C42 (\u7248\u672C 1.0)\n\u4E3B\u9898: %s\n\u516C\u5171\u5BC6\u94A5: %s \u683C\u5F0F %s \u5BC6\u94A5\n"}, + {"Unknown.keyUsage.type.", "\u672A\u77E5 keyUsage \u7C7B\u578B: "}, + {"Unknown.extendedkeyUsage.type.", "\u672A\u77E5 extendedkeyUsage \u7C7B\u578B: "}, + {"Unknown.AccessDescription.type.", "\u672A\u77E5 AccessDescription \u7C7B\u578B: "}, + {"Unrecognized.GeneralName.type.", "\u65E0\u6CD5\u8BC6\u522B\u7684 GeneralName \u7C7B\u578B: "}, + {"This.extension.cannot.be.marked.as.critical.", + "\u65E0\u6CD5\u5C06\u6B64\u6269\u5C55\u6807\u8BB0\u4E3A\u201C\u4E25\u91CD\u201D\u3002"}, + {"Odd.number.of.hex.digits.found.", "\u627E\u5230\u5947\u6570\u4E2A\u5341\u516D\u8FDB\u5236\u6570\u5B57: "}, + {"Unknown.extension.type.", "\u672A\u77E5\u6269\u5C55\u7C7B\u578B: "}, + {"command.{0}.is.ambiguous.", "\u547D\u4EE4{0}\u4E0D\u660E\u786E:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Resources_zh_HK.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,431 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.keytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the keytool. + * + */ +public class Resources_zh_HK extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"STAR", + "*******************************************"}, + {"STARNN", + "*******************************************\n\n"}, + + // keytool: Help part +// "Option" should be translated. + {".OPTION.", " [\u9078\u9805]..."}, + {"Options.", "\u9078\u9805:"}, + {"Use.keytool.help.for.all.available.commands", + "\u4F7F\u7528 \"keytool -help\" \u53D6\u5F97\u6240\u6709\u53EF\u7528\u7684\u547D\u4EE4"}, + {"Key.and.Certificate.Management.Tool", + "\u91D1\u9470\u8207\u6191\u8B49\u7BA1\u7406\u5DE5\u5177"}, + {"Commands.", "\u547D\u4EE4:"}, + {"Use.keytool.command.name.help.for.usage.of.command.name", + "\u4F7F\u7528 \"keytool -command_name -help\" \u53D6\u5F97 command_name \u7684\u7528\u6CD5"}, + // keytool: help: commands + {"Generates.a.certificate.request", + "\u7522\u751F\u6191\u8B49\u8981\u6C42"}, //-certreq + {"Changes.an.entry.s.alias", + "\u8B8A\u66F4\u9805\u76EE\u7684\u5225\u540D"}, //-changealias + {"Deletes.an.entry", + "\u522A\u9664\u9805\u76EE"}, //-delete + {"Exports.certificate", + "\u532F\u51FA\u6191\u8B49"}, //-exportcert + {"Generates.a.key.pair", + "\u7522\u751F\u91D1\u9470\u7D44"}, //-genkeypair +// translation of "secret" key should be different to "private" key. + {"Generates.a.secret.key", + "\u7522\u751F\u79D8\u5BC6\u91D1\u9470"}, //-genseckey + {"Generates.certificate.from.a.certificate.request", + "\u5F9E\u6191\u8B49\u8981\u6C42\u7522\u751F\u6191\u8B49"}, //-gencert + {"Generates.CRL", "\u7522\u751F CRL"}, //-gencrl + {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", + "\u5F9E JDK 1.1.x-style \u8B58\u5225\u8CC7\u6599\u5EAB\u532F\u5165\u9805\u76EE"}, //-identitydb + {"Imports.a.certificate.or.a.certificate.chain", + "\u532F\u5165\u6191\u8B49\u6216\u6191\u8B49\u93C8"}, //-importcert + {"Imports.one.or.all.entries.from.another.keystore", + "\u5F9E\u5176\u4ED6\u91D1\u9470\u5132\u5B58\u5EAB\u532F\u5165\u4E00\u500B\u6216\u5168\u90E8\u9805\u76EE"}, //-importkeystore + {"Clones.a.key.entry", + "\u8907\u88FD\u91D1\u9470\u9805\u76EE"}, //-keyclone + {"Changes.the.key.password.of.an.entry", + "\u8B8A\u66F4\u9805\u76EE\u7684\u91D1\u9470\u5BC6\u78BC"}, //-keypasswd + {"Lists.entries.in.a.keystore", + "\u5217\u793A\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u7684\u9805\u76EE"}, //-list + {"Prints.the.content.of.a.certificate", + "\u5217\u5370\u6191\u8B49\u7684\u5167\u5BB9"}, //-printcert + {"Prints.the.content.of.a.certificate.request", + "\u5217\u5370\u6191\u8B49\u8981\u6C42\u7684\u5167\u5BB9"}, //-printcertreq + {"Prints.the.content.of.a.CRL.file", + "\u5217\u5370 CRL \u6A94\u6848\u7684\u5167\u5BB9"}, //-printcrl + {"Generates.a.self.signed.certificate", + "\u7522\u751F\u81EA\u884C\u7C3D\u7F72\u7684\u6191\u8B49"}, //-selfcert + {"Changes.the.store.password.of.a.keystore", + "\u8B8A\u66F4\u91D1\u9470\u5132\u5B58\u5EAB\u7684\u5132\u5B58\u5BC6\u78BC"}, //-storepasswd + // keytool: help: options + {"alias.name.of.the.entry.to.process", + "\u8981\u8655\u7406\u9805\u76EE\u7684\u5225\u540D\u540D\u7A31"}, //-alias + {"destination.alias", + "\u76EE\u7684\u5730\u5225\u540D"}, //-destalias + {"destination.key.password", + "\u76EE\u7684\u5730\u91D1\u9470\u5BC6\u78BC"}, //-destkeypass + {"destination.keystore.name", + "\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u540D\u7A31"}, //-destkeystore + {"destination.keystore.password.protected", + "\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u4FDD\u8B77"}, //-destprotected + {"destination.keystore.provider.name", + "\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u63D0\u4F9B\u8005\u540D\u7A31"}, //-destprovidername + {"destination.keystore.password", + "\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC"}, //-deststorepass + {"destination.keystore.type", + "\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u985E\u578B"}, //-deststoretype + {"distinguished.name", + "\u8FA8\u5225\u540D\u7A31"}, //-dname + {"X.509.extension", + "X.509 \u64F4\u5145\u5957\u4EF6"}, //-ext + {"output.file.name", + "\u8F38\u51FA\u6A94\u6848\u540D\u7A31"}, //-file and -outfile + {"input.file.name", + "\u8F38\u5165\u6A94\u6848\u540D\u7A31"}, //-file and -infile + {"key.algorithm.name", + "\u91D1\u9470\u6F14\u7B97\u6CD5\u540D\u7A31"}, //-keyalg + {"key.password", + "\u91D1\u9470\u5BC6\u78BC"}, //-keypass + {"key.bit.size", + "\u91D1\u9470\u4F4D\u5143\u5927\u5C0F"}, //-keysize + {"keystore.name", + "\u91D1\u9470\u5132\u5B58\u5EAB\u540D\u7A31"}, //-keystore + {"new.password", + "\u65B0\u5BC6\u78BC"}, //-new + {"do.not.prompt", + "\u4E0D\u8981\u63D0\u793A"}, //-noprompt + {"password.through.protected.mechanism", + "\u7D93\u7531\u4FDD\u8B77\u6A5F\u5236\u7684\u5BC6\u78BC"}, //-protected + {"provider.argument", + "\u63D0\u4F9B\u8005\u5F15\u6578"}, //-providerarg + {"provider.class.name", + "\u63D0\u4F9B\u8005\u985E\u5225\u540D\u7A31"}, //-providerclass + {"provider.name", + "\u63D0\u4F9B\u8005\u540D\u7A31"}, //-providername + {"provider.classpath", + "\u63D0\u4F9B\u8005\u985E\u5225\u8DEF\u5F91"}, //-providerpath + {"output.in.RFC.style", + "\u4EE5 RFC \u6A23\u5F0F\u8F38\u51FA"}, //-rfc + {"signature.algorithm.name", + "\u7C3D\u7AE0\u6F14\u7B97\u6CD5\u540D\u7A31"}, //-sigalg + {"source.alias", + "\u4F86\u6E90\u5225\u540D"}, //-srcalias + {"source.key.password", + "\u4F86\u6E90\u91D1\u9470\u5BC6\u78BC"}, //-srckeypass + {"source.keystore.name", + "\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u540D\u7A31"}, //-srckeystore + {"source.keystore.password.protected", + "\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u4FDD\u8B77"}, //-srcprotected + {"source.keystore.provider.name", + "\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u63D0\u4F9B\u8005\u540D\u7A31"}, //-srcprovidername + {"source.keystore.password", + "\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC"}, //-srcstorepass + {"source.keystore.type", + "\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u985E\u578B"}, //-srcstoretype + {"SSL.server.host.and.port", + "SSL \u4F3A\u670D\u5668\u4E3B\u6A5F\u8207\u9023\u63A5\u57E0"}, //-sslserver + {"signed.jar.file", + "\u7C3D\u7F72\u7684 jar \u6A94\u6848"}, //=jarfile + {"certificate.validity.start.date.time", + "\u6191\u8B49\u6709\u6548\u6027\u958B\u59CB\u65E5\u671F/\u6642\u9593"}, //-startdate + {"keystore.password", + "\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC"}, //-storepass + {"keystore.type", + "\u91D1\u9470\u5132\u5B58\u5EAB\u985E\u578B"}, //-storetype + {"trust.certificates.from.cacerts", + "\u4F86\u81EA cacerts \u7684\u4FE1\u4EFB\u6191\u8B49"}, //-trustcacerts + {"verbose.output", + "\u8A73\u7D30\u8CC7\u8A0A\u8F38\u51FA"}, //-v + {"validity.number.of.days", + "\u6709\u6548\u6027\u65E5\u6578"}, //-validity + {"Serial.ID.of.cert.to.revoke", + "\u8981\u64A4\u92B7\u6191\u8B49\u7684\u5E8F\u5217 ID"}, //-id + // keytool: Running part + {"keytool.error.", "\u91D1\u9470\u5DE5\u5177\u932F\u8AA4: "}, + {"Illegal.option.", "\u7121\u6548\u7684\u9078\u9805:"}, + {"Illegal.value.", "\u7121\u6548\u503C: "}, + {"Unknown.password.type.", "\u4E0D\u660E\u7684\u5BC6\u78BC\u985E\u578B: "}, + {"Cannot.find.environment.variable.", + "\u627E\u4E0D\u5230\u74B0\u5883\u8B8A\u6578: "}, + {"Cannot.find.file.", "\u627E\u4E0D\u5230\u6A94\u6848: "}, + {"Command.option.flag.needs.an.argument.", "\u547D\u4EE4\u9078\u9805 {0} \u9700\u8981\u5F15\u6578\u3002"}, + {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", + "\u8B66\u544A: PKCS12 \u91D1\u9470\u5132\u5B58\u5EAB\u4E0D\u652F\u63F4\u4E0D\u540C\u7684\u5132\u5B58\u5EAB\u548C\u91D1\u9470\u5BC6\u78BC\u3002\u5FFD\u7565\u4F7F\u7528\u8005\u6307\u5B9A\u7684 {0} \u503C\u3002"}, + {".keystore.must.be.NONE.if.storetype.is.{0}", + "\u5982\u679C -storetype \u70BA {0}\uFF0C\u5247 -keystore \u5FC5\u9808\u70BA NONE"}, + {"Too.many.retries.program.terminated", + "\u91CD\u8A66\u6B21\u6578\u592A\u591A\uFF0C\u7A0B\u5F0F\u5DF2\u7D42\u6B62"}, + {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", + "\u5982\u679C -storetype \u70BA {0}\uFF0C\u5247\u4E0D\u652F\u63F4 -storepasswd \u548C -keypasswd \u547D\u4EE4"}, + {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", + "\u5982\u679C -storetype \u70BA PKCS12\uFF0C\u5247\u4E0D\u652F\u63F4 -keypasswd \u547D\u4EE4"}, + {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", + "\u5982\u679C -storetype \u70BA {0}\uFF0C\u5247\u4E0D\u80FD\u6307\u5B9A -keypass \u548C -new"}, + {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", + "\u5982\u679C\u6307\u5B9A -protected\uFF0C\u5247\u4E0D\u80FD\u6307\u5B9A -storepass\u3001-keypass \u548C -new"}, + {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", + "\u5982\u679C\u6307\u5B9A -srcprotected\uFF0C\u5247\u4E0D\u80FD\u6307\u5B9A -srcstorepass \u548C -srckeypass"}, + {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", + "\u5982\u679C\u91D1\u9470\u5132\u5B58\u5EAB\u4E0D\u53D7\u5BC6\u78BC\u4FDD\u8B77\uFF0C\u5247\u4E0D\u80FD\u6307\u5B9A -storepass\u3001-keypass \u548C -new"}, + {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", + "\u5982\u679C\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u4E0D\u53D7\u5BC6\u78BC\u4FDD\u8B77\uFF0C\u5247\u4E0D\u80FD\u6307\u5B9A -srcstorepass \u548C -srckeypass"}, + {"Illegal.startdate.value", "\u7121\u6548\u7684 startdate \u503C"}, + {"Validity.must.be.greater.than.zero", + "\u6709\u6548\u6027\u5FC5\u9808\u5927\u65BC\u96F6"}, + {"provName.not.a.provider", "{0} \u4E0D\u662F\u4E00\u500B\u63D0\u4F9B\u8005"}, + {"Usage.error.no.command.provided", "\u7528\u6CD5\u932F\u8AA4: \u672A\u63D0\u4F9B\u547D\u4EE4"}, + {"Source.keystore.file.exists.but.is.empty.", "\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u6A94\u6848\u5B58\u5728\uFF0C\u4F46\u70BA\u7A7A: "}, + {"Please.specify.srckeystore", "\u8ACB\u6307\u5B9A -srckeystore"}, + {"Must.not.specify.both.v.and.rfc.with.list.command", + " 'list' \u547D\u4EE4\u4E0D\u80FD\u540C\u6642\u6307\u5B9A -v \u53CA -rfc"}, + {"Key.password.must.be.at.least.6.characters", + "\u91D1\u9470\u5BC6\u78BC\u5FC5\u9808\u81F3\u5C11\u70BA 6 \u500B\u5B57\u5143"}, + {"New.password.must.be.at.least.6.characters", + "\u65B0\u7684\u5BC6\u78BC\u5FC5\u9808\u81F3\u5C11\u70BA 6 \u500B\u5B57\u5143"}, + {"Keystore.file.exists.but.is.empty.", + "\u91D1\u9470\u5132\u5B58\u5EAB\u6A94\u6848\u5B58\u5728\uFF0C\u4F46\u70BA\u7A7A\u767D: "}, + {"Keystore.file.does.not.exist.", + "\u91D1\u9470\u5132\u5B58\u5EAB\u6A94\u6848\u4E0D\u5B58\u5728: "}, + {"Must.specify.destination.alias", "\u5FC5\u9808\u6307\u5B9A\u76EE\u7684\u5730\u5225\u540D"}, + {"Must.specify.alias", "\u5FC5\u9808\u6307\u5B9A\u5225\u540D"}, + {"Keystore.password.must.be.at.least.6.characters", + "\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u5FC5\u9808\u81F3\u5C11\u70BA 6 \u500B\u5B57\u5143"}, + {"Enter.keystore.password.", "\u8F38\u5165\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC: "}, + {"Enter.source.keystore.password.", "\u8ACB\u8F38\u5165\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC: "}, + {"Enter.destination.keystore.password.", "\u8ACB\u8F38\u5165\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC: "}, + {"Keystore.password.is.too.short.must.be.at.least.6.characters", + "\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u592A\u77ED - \u5FC5\u9808\u81F3\u5C11\u70BA 6 \u500B\u5B57\u5143"}, + {"Unknown.Entry.Type", "\u4E0D\u660E\u7684\u9805\u76EE\u985E\u578B"}, + {"Too.many.failures.Alias.not.changed", "\u592A\u591A\u932F\u8AA4\u3002\u672A\u8B8A\u66F4\u5225\u540D"}, + {"Entry.for.alias.alias.successfully.imported.", + "\u5DF2\u6210\u529F\u532F\u5165\u5225\u540D {0} \u7684\u9805\u76EE\u3002"}, + {"Entry.for.alias.alias.not.imported.", "\u672A\u532F\u5165\u5225\u540D {0} \u7684\u9805\u76EE\u3002"}, + {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", + "\u532F\u5165\u5225\u540D {0} \u7684\u9805\u76EE\u6642\u51FA\u73FE\u554F\u984C: {1}\u3002\n\u672A\u532F\u5165\u5225\u540D {0} \u7684\u9805\u76EE\u3002"}, + {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", + "\u5DF2\u5B8C\u6210\u532F\u5165\u547D\u4EE4: \u6210\u529F\u532F\u5165 {0} \u500B\u9805\u76EE\uFF0C{1} \u500B\u9805\u76EE\u5931\u6557\u6216\u5DF2\u53D6\u6D88"}, + {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", + "\u8B66\u544A: \u6B63\u5728\u8986\u5BEB\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u7684\u73FE\u6709\u5225\u540D {0}"}, + {"Existing.entry.alias.alias.exists.overwrite.no.", + "\u73FE\u6709\u9805\u76EE\u5225\u540D {0} \u5B58\u5728\uFF0C\u662F\u5426\u8986\u5BEB\uFF1F[\u5426]: "}, + {"Too.many.failures.try.later", "\u592A\u591A\u932F\u8AA4 - \u8ACB\u7A0D\u5F8C\u518D\u8A66"}, + {"Certification.request.stored.in.file.filename.", + "\u8A8D\u8B49\u8981\u6C42\u5132\u5B58\u5728\u6A94\u6848 <{0}>"}, + {"Submit.this.to.your.CA", "\u5C07\u6B64\u9001\u51FA\u81F3\u60A8\u7684 CA"}, + {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", + "\u5982\u679C\u672A\u6307\u5B9A\u5225\u540D\uFF0C\u5247\u4E0D\u80FD\u6307\u5B9A destalias\u3001srckeypass \u53CA destkeypass"}, + {"Certificate.stored.in.file.filename.", + "\u6191\u8B49\u5132\u5B58\u5728\u6A94\u6848 <{0}>"}, + {"Certificate.reply.was.installed.in.keystore", + "\u6191\u8B49\u56DE\u8986\u5DF2\u5B89\u88DD\u5728\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D"}, + {"Certificate.reply.was.not.installed.in.keystore", + "\u6191\u8B49\u56DE\u8986\u672A\u5B89\u88DD\u5728\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D"}, + {"Certificate.was.added.to.keystore", + "\u6191\u8B49\u5DF2\u65B0\u589E\u81F3\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D"}, + {"Certificate.was.not.added.to.keystore", + "\u6191\u8B49\u672A\u65B0\u589E\u81F3\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D"}, + {".Storing.ksfname.", "[\u5132\u5B58 {0}]"}, + {"alias.has.no.public.key.certificate.", + "{0} \u6C92\u6709\u516C\u958B\u91D1\u9470 (\u6191\u8B49)"}, + {"Cannot.derive.signature.algorithm", + "\u7121\u6CD5\u53D6\u5F97\u7C3D\u7AE0\u6F14\u7B97\u6CD5"}, + {"Alias.alias.does.not.exist", + "\u5225\u540D <{0}> \u4E0D\u5B58\u5728"}, + {"Alias.alias.has.no.certificate", + "\u5225\u540D <{0}> \u6C92\u6709\u6191\u8B49"}, + {"Key.pair.not.generated.alias.alias.already.exists", + "\u6C92\u6709\u5EFA\u7ACB\u91D1\u9470\u7D44\uFF0C\u5225\u540D <{0}> \u5DF2\u7D93\u5B58\u5728"}, + {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", + "\u91DD\u5C0D {4} \u7522\u751F\u6709\u6548\u671F {3} \u5929\u7684 {0} \u4F4D\u5143 {1} \u91D1\u9470\u7D44\u4EE5\u53CA\u81EA\u6211\u7C3D\u7F72\u6191\u8B49 ({2})\n\t"}, + {"Enter.key.password.for.alias.", "\u8F38\u5165 <{0}> \u7684\u91D1\u9470\u5BC6\u78BC"}, + {".RETURN.if.same.as.keystore.password.", + "\t(RETURN \u5982\u679C\u548C\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u76F8\u540C): "}, + {"Key.password.is.too.short.must.be.at.least.6.characters", + "\u91D1\u9470\u5BC6\u78BC\u592A\u77ED - \u5FC5\u9808\u81F3\u5C11\u70BA 6 \u500B\u5B57\u5143"}, + {"Too.many.failures.key.not.added.to.keystore", + "\u592A\u591A\u932F\u8AA4 - \u91D1\u9470\u672A\u65B0\u589E\u81F3\u91D1\u9470\u5132\u5B58\u5EAB"}, + {"Destination.alias.dest.already.exists", + "\u76EE\u7684\u5730\u5225\u540D <{0}> \u5DF2\u7D93\u5B58\u5728"}, + {"Password.is.too.short.must.be.at.least.6.characters", + "\u5BC6\u78BC\u592A\u77ED - \u5FC5\u9808\u81F3\u5C11\u70BA 6 \u500B\u5B57\u5143"}, + {"Too.many.failures.Key.entry.not.cloned", + "\u592A\u591A\u932F\u8AA4\u3002\u672A\u8907\u88FD\u91D1\u9470\u9805\u76EE"}, + {"key.password.for.alias.", "<{0}> \u7684\u91D1\u9470\u5BC6\u78BC"}, + {"Keystore.entry.for.id.getName.already.exists", + "<{0}> \u7684\u91D1\u9470\u5132\u5B58\u5EAB\u9805\u76EE\u5DF2\u7D93\u5B58\u5728"}, + {"Creating.keystore.entry.for.id.getName.", + "\u5EFA\u7ACB <{0}> \u7684\u91D1\u9470\u5132\u5B58\u5EAB\u9805\u76EE..."}, + {"No.entries.from.identity.database.added", + "\u6C92\u6709\u65B0\u589E\u4F86\u81EA\u8B58\u5225\u8CC7\u6599\u5EAB\u7684\u9805\u76EE"}, + {"Alias.name.alias", "\u5225\u540D\u540D\u7A31: {0}"}, + {"Creation.date.keyStore.getCreationDate.alias.", + "\u5EFA\u7ACB\u65E5\u671F: {0,date}"}, + {"alias.keyStore.getCreationDate.alias.", + "{0}, {1,date}, "}, + {"alias.", "{0}, "}, + {"Entry.type.type.", "\u9805\u76EE\u985E\u578B: {0}"}, + {"Certificate.chain.length.", "\u6191\u8B49\u93C8\u9577\u5EA6: "}, + {"Certificate.i.1.", "\u6191\u8B49 [{0,number,integer}]:"}, + {"Certificate.fingerprint.SHA1.", "\u6191\u8B49\u6307\u7D0B (SHA1): "}, + {"Keystore.type.", "\u91D1\u9470\u5132\u5B58\u5EAB\u985E\u578B: "}, + {"Keystore.provider.", "\u91D1\u9470\u5132\u5B58\u5EAB\u63D0\u4F9B\u8005: "}, + {"Your.keystore.contains.keyStore.size.entry", + "\u60A8\u7684\u91D1\u9470\u5132\u5B58\u5EAB\u5305\u542B {0,number,integer} \u9805\u76EE"}, + {"Your.keystore.contains.keyStore.size.entries", + "\u60A8\u7684\u91D1\u9470\u5132\u5B58\u5EAB\u5305\u542B {0,number,integer} \u9805\u76EE"}, + {"Failed.to.parse.input", "\u7121\u6CD5\u5256\u6790\u8F38\u5165"}, + {"Empty.input", "\u7A7A\u8F38\u5165"}, + {"Not.X.509.certificate", "\u975E X.509 \u6191\u8B49"}, + {"alias.has.no.public.key", "{0} \u7121\u516C\u958B\u91D1\u9470"}, + {"alias.has.no.X.509.certificate", "{0} \u7121 X.509 \u6191\u8B49"}, + {"New.certificate.self.signed.", "\u65B0\u6191\u8B49 (\u81EA\u6211\u7C3D\u7F72): "}, + {"Reply.has.no.certificates", "\u56DE\u8986\u4E0D\u542B\u6191\u8B49"}, + {"Certificate.not.imported.alias.alias.already.exists", + "\u6191\u8B49\u672A\u8F38\u5165\uFF0C\u5225\u540D <{0}> \u5DF2\u7D93\u5B58\u5728"}, + {"Input.not.an.X.509.certificate", "\u8F38\u5165\u7684\u4E0D\u662F X.509 \u6191\u8B49"}, + {"Certificate.already.exists.in.keystore.under.alias.trustalias.", + "\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u7684 <{0}> \u5225\u540D\u4E4B\u4E0B\uFF0C\u6191\u8B49\u5DF2\u7D93\u5B58\u5728"}, + {"Do.you.still.want.to.add.it.no.", + "\u60A8\u4ECD\u7136\u60F3\u8981\u5C07\u4E4B\u65B0\u589E\u55CE\uFF1F [\u5426]: "}, + {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", + "\u6574\u500B\u7CFB\u7D71 CA \u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u7684 <{0}> \u5225\u540D\u4E4B\u4E0B\uFF0C\u6191\u8B49\u5DF2\u7D93\u5B58\u5728"}, + {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", + "\u60A8\u4ECD\u7136\u60F3\u8981\u5C07\u4E4B\u65B0\u589E\u81F3\u81EA\u5DF1\u7684\u91D1\u9470\u5132\u5B58\u5EAB\u55CE\uFF1F [\u5426]: "}, + {"Trust.this.certificate.no.", "\u4FE1\u4EFB\u9019\u500B\u6191\u8B49\uFF1F [\u5426]: "}, + {"YES", "\u662F"}, + {"New.prompt.", "\u65B0 {0}: "}, + {"Passwords.must.differ", "\u5FC5\u9808\u662F\u4E0D\u540C\u7684\u5BC6\u78BC"}, + {"Re.enter.new.prompt.", "\u91CD\u65B0\u8F38\u5165\u65B0 {0}: "}, + {"Re.enter.new.password.", "\u91CD\u65B0\u8F38\u5165\u65B0\u5BC6\u78BC: "}, + {"They.don.t.match.Try.again", "\u5B83\u5011\u4E0D\u76F8\u7B26\u3002\u8ACB\u91CD\u8A66"}, + {"Enter.prompt.alias.name.", "\u8F38\u5165 {0} \u5225\u540D\u540D\u7A31: "}, + {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", + "\u8ACB\u8F38\u5165\u65B0\u7684\u5225\u540D\u540D\u7A31\t(RETURN \u4EE5\u53D6\u6D88\u532F\u5165\u6B64\u9805\u76EE):"}, + {"Enter.alias.name.", "\u8F38\u5165\u5225\u540D\u540D\u7A31: "}, + {".RETURN.if.same.as.for.otherAlias.", + "\t(RETURN \u5982\u679C\u548C <{0}> \u7684\u76F8\u540C)"}, + {".PATTERN.printX509Cert", + "\u64C1\u6709\u8005: {0}\n\u767C\u51FA\u8005: {1}\n\u5E8F\u865F: {2}\n\u6709\u6548\u671F\u81EA: {3} \u5230: {4}\n\u6191\u8B49\u6307\u7D0B:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t \u7C3D\u7AE0\u6F14\u7B97\u6CD5\u540D\u7A31: {8}\n\t \u7248\u672C: {9}"}, + {"What.is.your.first.and.last.name.", + "\u60A8\u7684\u540D\u5B57\u8207\u59D3\u6C0F\u70BA\u4F55\uFF1F"}, + {"What.is.the.name.of.your.organizational.unit.", + "\u60A8\u7684\u7D44\u7E54\u55AE\u4F4D\u540D\u7A31\u70BA\u4F55\uFF1F"}, + {"What.is.the.name.of.your.organization.", + "\u60A8\u7684\u7D44\u7E54\u540D\u7A31\u70BA\u4F55\uFF1F"}, + {"What.is.the.name.of.your.City.or.Locality.", + "\u60A8\u6240\u5728\u7684\u57CE\u5E02\u6216\u5730\u5340\u540D\u7A31\u70BA\u4F55\uFF1F"}, + {"What.is.the.name.of.your.State.or.Province.", + "\u60A8\u6240\u5728\u7684\u5DDE\u53CA\u7701\u4EFD\u540D\u7A31\u70BA\u4F55\uFF1F"}, + {"What.is.the.two.letter.country.code.for.this.unit.", + "\u6B64\u55AE\u4F4D\u7684\u5169\u500B\u5B57\u6BCD\u570B\u5225\u4EE3\u78BC\u70BA\u4F55\uFF1F"}, + {"Is.name.correct.", "{0} \u6B63\u78BA\u55CE\uFF1F"}, + {"no", "\u5426"}, + {"yes", "\u662F"}, + {"y", "y"}, + {".defaultValue.", " [{0}]: "}, + {"Alias.alias.has.no.key", + "\u5225\u540D <{0}> \u6C92\u6709\u91D1\u9470"}, + {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", + "\u5225\u540D <{0}> \u6240\u53C3\u7167\u7684\u9805\u76EE\u4E0D\u662F\u79C1\u5BC6\u91D1\u9470\u985E\u578B\u3002-keyclone \u547D\u4EE4\u50C5\u652F\u63F4\u79C1\u5BC6\u91D1\u9470\u9805\u76EE\u7684\u8907\u88FD"}, + + {".WARNING.WARNING.WARNING.", + "***************** \u8B66\u544A \u8B66\u544A \u8B66\u544A *****************"}, + {"Signer.d.", "\u7C3D\u7F72\u8005 #%d:"}, + {"Timestamp.", "\u6642\u6233:"}, + {"Signature.", "\u7C3D\u7AE0:"}, + {"CRLs.", "CRL:"}, + {"Certificate.owner.", "\u6191\u8B49\u64C1\u6709\u8005: "}, + {"Not.a.signed.jar.file", "\u4E0D\u662F\u7C3D\u7F72\u7684 jar \u6A94\u6848"}, + {"No.certificate.from.the.SSL.server", + "\u6C92\u6709\u4F86\u81EA SSL \u4F3A\u670D\u5668\u7684\u6191\u8B49"}, + + {".The.integrity.of.the.information.stored.in.your.keystore.", + "* \u5C1A\u672A\u9A57\u8B49\u5132\u5B58\u65BC\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u8CC7\u8A0A *\n* \u7684\u5B8C\u6574\u6027\uFF01\u82E5\u8981\u9A57\u8B49\u5176\u5B8C\u6574\u6027\uFF0C*\n* \u60A8\u5FC5\u9808\u63D0\u4F9B\u60A8\u7684\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u3002 *"}, + {".The.integrity.of.the.information.stored.in.the.srckeystore.", + "* \u5C1A\u672A\u9A57\u8B49\u5132\u5B58\u65BC srckeystore \u4E2D\u8CC7\u8A0A*\n* \u7684\u5B8C\u6574\u6027\uFF01\u82E5\u8981\u9A57\u8B49\u5176\u5B8C\u6574\u6027\uFF0C\u60A8\u5FC5\u9808 *\n* \u63D0\u4F9B srckeystore \u5BC6\u78BC\u3002 *"}, + + {"Certificate.reply.does.not.contain.public.key.for.alias.", + "\u6191\u8B49\u56DE\u8986\u4E26\u672A\u5305\u542B <{0}> \u7684\u516C\u958B\u91D1\u9470"}, + {"Incomplete.certificate.chain.in.reply", + "\u56DE\u8986\u6642\u7684\u6191\u8B49\u93C8\u4E0D\u5B8C\u6574"}, + {"Certificate.chain.in.reply.does.not.verify.", + "\u56DE\u8986\u6642\u7684\u6191\u8B49\u93C8\u672A\u9A57\u8B49: "}, + {"Top.level.certificate.in.reply.", + "\u56DE\u8986\u6642\u7684\u6700\u9AD8\u7D1A\u6191\u8B49:\\n"}, + {".is.not.trusted.", "... \u662F\u4E0D\u88AB\u4FE1\u4EFB\u7684\u3002"}, + {"Install.reply.anyway.no.", "\u9084\u662F\u8981\u5B89\u88DD\u56DE\u8986\uFF1F [\u5426]: "}, + {"NO", "\u5426"}, + {"Public.keys.in.reply.and.keystore.don.t.match", + "\u56DE\u8986\u6642\u7684\u516C\u958B\u91D1\u9470\u8207\u91D1\u9470\u5132\u5B58\u5EAB\u4E0D\u7B26"}, + {"Certificate.reply.and.certificate.in.keystore.are.identical", + "\u6191\u8B49\u56DE\u8986\u8207\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u7684\u6191\u8B49\u662F\u76F8\u540C\u7684"}, + {"Failed.to.establish.chain.from.reply", + "\u7121\u6CD5\u5F9E\u56DE\u8986\u4E2D\u5C07\u93C8\u5EFA\u7ACB\u8D77\u4F86"}, + {"n", "n"}, + {"Wrong.answer.try.again", "\u932F\u8AA4\u7684\u7B54\u6848\uFF0C\u8ACB\u518D\u8A66\u4E00\u6B21"}, + {"Secret.key.not.generated.alias.alias.already.exists", + "\u672A\u7522\u751F\u79D8\u5BC6\u91D1\u9470\uFF0C\u5225\u540D <{0}> \u5DF2\u5B58\u5728"}, + {"Please.provide.keysize.for.secret.key.generation", + "\u8ACB\u63D0\u4F9B -keysize \u4EE5\u7522\u751F\u79D8\u5BC6\u91D1\u9470"}, + + {"Extensions.", "\u64F4\u5145\u5957\u4EF6: "}, + {".Empty.value.", "(\u7A7A\u767D\u503C)"}, + {"Extension.Request.", "\u64F4\u5145\u5957\u4EF6\u8981\u6C42:"}, + {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", + "PKCS #10 \u6191\u8B49\u8981\u6C42 (\u7248\u672C 1.0)\n\u4E3B\u9AD4: %s\n\u516C\u7528\u91D1\u9470: %s \u683C\u5F0F %s \u91D1\u9470\n"}, + {"Unknown.keyUsage.type.", "\u4E0D\u660E\u7684 keyUsage \u985E\u578B: "}, + {"Unknown.extendedkeyUsage.type.", "\u4E0D\u660E\u7684 extendedkeyUsage \u985E\u578B: "}, + {"Unknown.AccessDescription.type.", "\u4E0D\u660E\u7684 AccessDescription \u985E\u578B: "}, + {"Unrecognized.GeneralName.type.", "\u7121\u6CD5\u8FA8\u8B58\u7684 GeneralName \u985E\u578B: "}, + {"This.extension.cannot.be.marked.as.critical.", + "\u6B64\u64F4\u5145\u5957\u4EF6\u7121\u6CD5\u6A19\u793A\u70BA\u95DC\u9375\u3002"}, + {"Odd.number.of.hex.digits.found.", "\u627E\u5230\u5341\u516D\u9032\u4F4D\u6578\u5B57\u7684\u5947\u6578: "}, + {"Unknown.extension.type.", "\u4E0D\u660E\u7684\u64F4\u5145\u5957\u4EF6\u985E\u578B: "}, + {"command.{0}.is.ambiguous.", "\u547D\u4EE4 {0} \u4E0D\u660E\u78BA:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Resources_zh_TW.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,429 @@ +/* + * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.keytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the keytool. + * + */ +public class Resources_zh_TW extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"STAR", + "*******************************************"}, + {"STARNN", + "*******************************************\n\n"}, + + // keytool: Help part + {".OPTION.", " [OPTION]..."}, + {"Options.", "\u9078\u9805:"}, + {"Use.keytool.help.for.all.available.commands", + "\u4F7F\u7528 \"keytool -help\" \u53D6\u5F97\u6240\u6709\u53EF\u7528\u7684\u547D\u4EE4"}, + {"Key.and.Certificate.Management.Tool", + "\u91D1\u9470\u8207\u6191\u8B49\u7BA1\u7406\u5DE5\u5177"}, + {"Commands.", "\u547D\u4EE4:"}, + {"Use.keytool.command.name.help.for.usage.of.command.name", + "\u4F7F\u7528 \"keytool -command_name -help\" \u53D6\u5F97 command_name \u7684\u7528\u6CD5"}, + // keytool: help: commands + {"Generates.a.certificate.request", + "\u7522\u751F\u6191\u8B49\u8981\u6C42"}, //-certreq + {"Changes.an.entry.s.alias", + "\u8B8A\u66F4\u9805\u76EE\u7684\u5225\u540D"}, //-changealias + {"Deletes.an.entry", + "\u522A\u9664\u9805\u76EE"}, //-delete + {"Exports.certificate", + "\u532F\u51FA\u6191\u8B49"}, //-exportcert + {"Generates.a.key.pair", + "\u7522\u751F\u91D1\u9470\u7D44"}, //-genkeypair + {"Generates.a.secret.key", + "\u7522\u751F\u79D8\u5BC6\u91D1\u9470"}, //-genseckey + {"Generates.certificate.from.a.certificate.request", + "\u5F9E\u6191\u8B49\u8981\u6C42\u7522\u751F\u6191\u8B49"}, //-gencert + {"Generates.CRL", "\u7522\u751F CRL"}, //-gencrl + {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", + "\u5F9E JDK 1.1.x-style \u8B58\u5225\u8CC7\u6599\u5EAB\u532F\u5165\u9805\u76EE"}, //-identitydb + {"Imports.a.certificate.or.a.certificate.chain", + "\u532F\u5165\u6191\u8B49\u6216\u6191\u8B49\u93C8"}, //-importcert + {"Imports.one.or.all.entries.from.another.keystore", + "\u5F9E\u5176\u4ED6\u91D1\u9470\u5132\u5B58\u5EAB\u532F\u5165\u4E00\u500B\u6216\u5168\u90E8\u9805\u76EE"}, //-importkeystore + {"Clones.a.key.entry", + "\u8907\u88FD\u91D1\u9470\u9805\u76EE"}, //-keyclone + {"Changes.the.key.password.of.an.entry", + "\u8B8A\u66F4\u9805\u76EE\u7684\u91D1\u9470\u5BC6\u78BC"}, //-keypasswd + {"Lists.entries.in.a.keystore", + "\u5217\u793A\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u7684\u9805\u76EE"}, //-list + {"Prints.the.content.of.a.certificate", + "\u5217\u5370\u6191\u8B49\u7684\u5167\u5BB9"}, //-printcert + {"Prints.the.content.of.a.certificate.request", + "\u5217\u5370\u6191\u8B49\u8981\u6C42\u7684\u5167\u5BB9"}, //-printcertreq + {"Prints.the.content.of.a.CRL.file", + "\u5217\u5370 CRL \u6A94\u6848\u7684\u5167\u5BB9"}, //-printcrl + {"Generates.a.self.signed.certificate", + "\u7522\u751F\u81EA\u884C\u7C3D\u7F72\u7684\u6191\u8B49"}, //-selfcert + {"Changes.the.store.password.of.a.keystore", + "\u8B8A\u66F4\u91D1\u9470\u5132\u5B58\u5EAB\u7684\u5132\u5B58\u5BC6\u78BC"}, //-storepasswd + // keytool: help: options + {"alias.name.of.the.entry.to.process", + "\u8981\u8655\u7406\u9805\u76EE\u7684\u5225\u540D\u540D\u7A31"}, //-alias + {"destination.alias", + "\u76EE\u7684\u5730\u5225\u540D"}, //-destalias + {"destination.key.password", + "\u76EE\u7684\u5730\u91D1\u9470\u5BC6\u78BC"}, //-destkeypass + {"destination.keystore.name", + "\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u540D\u7A31"}, //-destkeystore + {"destination.keystore.password.protected", + "\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u4FDD\u8B77"}, //-destprotected + {"destination.keystore.provider.name", + "\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u63D0\u4F9B\u8005\u540D\u7A31"}, //-destprovidername + {"destination.keystore.password", + "\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC"}, //-deststorepass + {"destination.keystore.type", + "\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u985E\u578B"}, //-deststoretype + {"distinguished.name", + "\u8FA8\u5225\u540D\u7A31"}, //-dname + {"X.509.extension", + "X.509 \u64F4\u5145\u5957\u4EF6"}, //-ext + {"output.file.name", + "\u8F38\u51FA\u6A94\u6848\u540D\u7A31"}, //-file and -outfile + {"input.file.name", + "\u8F38\u5165\u6A94\u6848\u540D\u7A31"}, //-file and -infile + {"key.algorithm.name", + "\u91D1\u9470\u6F14\u7B97\u6CD5\u540D\u7A31"}, //-keyalg + {"key.password", + "\u91D1\u9470\u5BC6\u78BC"}, //-keypass + {"key.bit.size", + "\u91D1\u9470\u4F4D\u5143\u5927\u5C0F"}, //-keysize + {"keystore.name", + "\u91D1\u9470\u5132\u5B58\u5EAB\u540D\u7A31"}, //-keystore + {"new.password", + "\u65B0\u5BC6\u78BC"}, //-new + {"do.not.prompt", + "\u4E0D\u8981\u63D0\u793A"}, //-noprompt + {"password.through.protected.mechanism", + "\u7D93\u7531\u4FDD\u8B77\u6A5F\u5236\u7684\u5BC6\u78BC"}, //-protected + {"provider.argument", + "\u63D0\u4F9B\u8005\u5F15\u6578"}, //-providerarg + {"provider.class.name", + "\u63D0\u4F9B\u8005\u985E\u5225\u540D\u7A31"}, //-providerclass + {"provider.name", + "\u63D0\u4F9B\u8005\u540D\u7A31"}, //-providername + {"provider.classpath", + "\u63D0\u4F9B\u8005\u985E\u5225\u8DEF\u5F91"}, //-providerpath + {"output.in.RFC.style", + "\u4EE5 RFC \u6A23\u5F0F\u8F38\u51FA"}, //-rfc + {"signature.algorithm.name", + "\u7C3D\u7AE0\u6F14\u7B97\u6CD5\u540D\u7A31"}, //-sigalg + {"source.alias", + "\u4F86\u6E90\u5225\u540D"}, //-srcalias + {"source.key.password", + "\u4F86\u6E90\u91D1\u9470\u5BC6\u78BC"}, //-srckeypass + {"source.keystore.name", + "\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u540D\u7A31"}, //-srckeystore + {"source.keystore.password.protected", + "\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u4FDD\u8B77"}, //-srcprotected + {"source.keystore.provider.name", + "\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u63D0\u4F9B\u8005\u540D\u7A31"}, //-srcprovidername + {"source.keystore.password", + "\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC"}, //-srcstorepass + {"source.keystore.type", + "\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u985E\u578B"}, //-srcstoretype + {"SSL.server.host.and.port", + "SSL \u4F3A\u670D\u5668\u4E3B\u6A5F\u8207\u9023\u63A5\u57E0"}, //-sslserver + {"signed.jar.file", + "\u7C3D\u7F72\u7684 jar \u6A94\u6848"}, //=jarfile + {"certificate.validity.start.date.time", + "\u6191\u8B49\u6709\u6548\u6027\u958B\u59CB\u65E5\u671F/\u6642\u9593"}, //-startdate + {"keystore.password", + "\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC"}, //-storepass + {"keystore.type", + "\u91D1\u9470\u5132\u5B58\u5EAB\u985E\u578B"}, //-storetype + {"trust.certificates.from.cacerts", + "\u4F86\u81EA cacerts \u7684\u4FE1\u4EFB\u6191\u8B49"}, //-trustcacerts + {"verbose.output", + "\u8A73\u7D30\u8CC7\u8A0A\u8F38\u51FA"}, //-v + {"validity.number.of.days", + "\u6709\u6548\u6027\u65E5\u6578"}, //-validity + {"Serial.ID.of.cert.to.revoke", + "\u8981\u64A4\u92B7\u6191\u8B49\u7684\u5E8F\u5217 ID"}, //-id + // keytool: Running part + {"keytool.error.", "\u91D1\u9470\u5DE5\u5177\u932F\u8AA4: "}, + {"Illegal.option.", "\u7121\u6548\u7684\u9078\u9805:"}, + {"Illegal.value.", "\u7121\u6548\u503C: "}, + {"Unknown.password.type.", "\u4E0D\u660E\u7684\u5BC6\u78BC\u985E\u578B: "}, + {"Cannot.find.environment.variable.", + "\u627E\u4E0D\u5230\u74B0\u5883\u8B8A\u6578: "}, + {"Cannot.find.file.", "\u627E\u4E0D\u5230\u6A94\u6848: "}, + {"Command.option.flag.needs.an.argument.", "\u547D\u4EE4\u9078\u9805 {0} \u9700\u8981\u5F15\u6578\u3002"}, + {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", + "\u8B66\u544A: PKCS12 \u91D1\u9470\u5132\u5B58\u5EAB\u4E0D\u652F\u63F4\u4E0D\u540C\u7684\u5132\u5B58\u5EAB\u548C\u91D1\u9470\u5BC6\u78BC\u3002\u5FFD\u7565\u4F7F\u7528\u8005\u6307\u5B9A\u7684 {0} \u503C\u3002"}, + {".keystore.must.be.NONE.if.storetype.is.{0}", + "\u5982\u679C -storetype \u70BA {0}\uFF0C\u5247 -keystore \u5FC5\u9808\u70BA NONE"}, + {"Too.many.retries.program.terminated", + "\u91CD\u8A66\u6B21\u6578\u592A\u591A\uFF0C\u7A0B\u5F0F\u5DF2\u7D42\u6B62"}, + {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", + "\u5982\u679C -storetype \u70BA {0}\uFF0C\u5247\u4E0D\u652F\u63F4 -storepasswd \u548C -keypasswd \u547D\u4EE4"}, + {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", + "\u5982\u679C -storetype \u70BA PKCS12\uFF0C\u5247\u4E0D\u652F\u63F4 -keypasswd \u547D\u4EE4"}, + {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", + "\u5982\u679C -storetype \u70BA {0}\uFF0C\u5247\u4E0D\u80FD\u6307\u5B9A -keypass \u548C -new"}, + {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", + "\u5982\u679C\u6307\u5B9A -protected\uFF0C\u5247\u4E0D\u80FD\u6307\u5B9A -storepass\u3001-keypass \u548C -new"}, + {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", + "\u5982\u679C\u6307\u5B9A -srcprotected\uFF0C\u5247\u4E0D\u80FD\u6307\u5B9A -srcstorepass \u548C -srckeypass"}, + {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", + "\u5982\u679C\u91D1\u9470\u5132\u5B58\u5EAB\u4E0D\u53D7\u5BC6\u78BC\u4FDD\u8B77\uFF0C\u5247\u4E0D\u80FD\u6307\u5B9A -storepass\u3001-keypass \u548C -new"}, + {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", + "\u5982\u679C\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u4E0D\u53D7\u5BC6\u78BC\u4FDD\u8B77\uFF0C\u5247\u4E0D\u80FD\u6307\u5B9A -srcstorepass \u548C -srckeypass"}, + {"Illegal.startdate.value", "\u7121\u6548\u7684 startdate \u503C"}, + {"Validity.must.be.greater.than.zero", + "\u6709\u6548\u6027\u5FC5\u9808\u5927\u65BC\u96F6"}, + {"provName.not.a.provider", "{0} \u4E0D\u662F\u4E00\u500B\u63D0\u4F9B\u8005"}, + {"Usage.error.no.command.provided", "\u7528\u6CD5\u932F\u8AA4: \u672A\u63D0\u4F9B\u547D\u4EE4"}, + {"Source.keystore.file.exists.but.is.empty.", "\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u6A94\u6848\u5B58\u5728\uFF0C\u4F46\u70BA\u7A7A: "}, + {"Please.specify.srckeystore", "\u8ACB\u6307\u5B9A -srckeystore"}, + {"Must.not.specify.both.v.and.rfc.with.list.command", + " 'list' \u547D\u4EE4\u4E0D\u80FD\u540C\u6642\u6307\u5B9A -v \u53CA -rfc"}, + {"Key.password.must.be.at.least.6.characters", + "\u91D1\u9470\u5BC6\u78BC\u5FC5\u9808\u81F3\u5C11\u70BA 6 \u500B\u5B57\u5143"}, + {"New.password.must.be.at.least.6.characters", + "\u65B0\u7684\u5BC6\u78BC\u5FC5\u9808\u81F3\u5C11\u70BA 6 \u500B\u5B57\u5143"}, + {"Keystore.file.exists.but.is.empty.", + "\u91D1\u9470\u5132\u5B58\u5EAB\u6A94\u6848\u5B58\u5728\uFF0C\u4F46\u70BA\u7A7A\u767D: "}, + {"Keystore.file.does.not.exist.", + "\u91D1\u9470\u5132\u5B58\u5EAB\u6A94\u6848\u4E0D\u5B58\u5728: "}, + {"Must.specify.destination.alias", "\u5FC5\u9808\u6307\u5B9A\u76EE\u7684\u5730\u5225\u540D"}, + {"Must.specify.alias", "\u5FC5\u9808\u6307\u5B9A\u5225\u540D"}, + {"Keystore.password.must.be.at.least.6.characters", + "\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u5FC5\u9808\u81F3\u5C11\u70BA 6 \u500B\u5B57\u5143"}, + {"Enter.keystore.password.", "\u8F38\u5165\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC: "}, + {"Enter.source.keystore.password.", "\u8ACB\u8F38\u5165\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC: "}, + {"Enter.destination.keystore.password.", "\u8ACB\u8F38\u5165\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC: "}, + {"Keystore.password.is.too.short.must.be.at.least.6.characters", + "\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u592A\u77ED - \u5FC5\u9808\u81F3\u5C11\u70BA 6 \u500B\u5B57\u5143"}, + {"Unknown.Entry.Type", "\u4E0D\u660E\u7684\u9805\u76EE\u985E\u578B"}, + {"Too.many.failures.Alias.not.changed", "\u592A\u591A\u932F\u8AA4\u3002\u672A\u8B8A\u66F4\u5225\u540D"}, + {"Entry.for.alias.alias.successfully.imported.", + "\u5DF2\u6210\u529F\u532F\u5165\u5225\u540D {0} \u7684\u9805\u76EE\u3002"}, + {"Entry.for.alias.alias.not.imported.", "\u672A\u532F\u5165\u5225\u540D {0} \u7684\u9805\u76EE\u3002"}, + {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", + "\u532F\u5165\u5225\u540D {0} \u7684\u9805\u76EE\u6642\u51FA\u73FE\u554F\u984C: {1}\u3002\n\u672A\u532F\u5165\u5225\u540D {0} \u7684\u9805\u76EE\u3002"}, + {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", + "\u5DF2\u5B8C\u6210\u532F\u5165\u547D\u4EE4: \u6210\u529F\u532F\u5165 {0} \u500B\u9805\u76EE\uFF0C{1} \u500B\u9805\u76EE\u5931\u6557\u6216\u5DF2\u53D6\u6D88"}, + {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", + "\u8B66\u544A: \u6B63\u5728\u8986\u5BEB\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u7684\u73FE\u6709\u5225\u540D {0}"}, + {"Existing.entry.alias.alias.exists.overwrite.no.", + "\u73FE\u6709\u9805\u76EE\u5225\u540D {0} \u5B58\u5728\uFF0C\u662F\u5426\u8986\u5BEB\uFF1F[\u5426]: "}, + {"Too.many.failures.try.later", "\u592A\u591A\u932F\u8AA4 - \u8ACB\u7A0D\u5F8C\u518D\u8A66"}, + {"Certification.request.stored.in.file.filename.", + "\u8A8D\u8B49\u8981\u6C42\u5132\u5B58\u5728\u6A94\u6848 <{0}>"}, + {"Submit.this.to.your.CA", "\u5C07\u6B64\u9001\u51FA\u81F3\u60A8\u7684 CA"}, + {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", + "\u5982\u679C\u672A\u6307\u5B9A\u5225\u540D\uFF0C\u5247\u4E0D\u80FD\u6307\u5B9A destalias\u3001srckeypass \u53CA destkeypass"}, + {"Certificate.stored.in.file.filename.", + "\u6191\u8B49\u5132\u5B58\u5728\u6A94\u6848 <{0}>"}, + {"Certificate.reply.was.installed.in.keystore", + "\u6191\u8B49\u56DE\u8986\u5DF2\u5B89\u88DD\u5728\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D"}, + {"Certificate.reply.was.not.installed.in.keystore", + "\u6191\u8B49\u56DE\u8986\u672A\u5B89\u88DD\u5728\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D"}, + {"Certificate.was.added.to.keystore", + "\u6191\u8B49\u5DF2\u65B0\u589E\u81F3\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D"}, + {"Certificate.was.not.added.to.keystore", + "\u6191\u8B49\u672A\u65B0\u589E\u81F3\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D"}, + {".Storing.ksfname.", "[\u5132\u5B58 {0}]"}, + {"alias.has.no.public.key.certificate.", + "{0} \u6C92\u6709\u516C\u958B\u91D1\u9470 (\u6191\u8B49)"}, + {"Cannot.derive.signature.algorithm", + "\u7121\u6CD5\u53D6\u5F97\u7C3D\u7AE0\u6F14\u7B97\u6CD5"}, + {"Alias.alias.does.not.exist", + "\u5225\u540D <{0}> \u4E0D\u5B58\u5728"}, + {"Alias.alias.has.no.certificate", + "\u5225\u540D <{0}> \u6C92\u6709\u6191\u8B49"}, + {"Key.pair.not.generated.alias.alias.already.exists", + "\u6C92\u6709\u5EFA\u7ACB\u91D1\u9470\u7D44\uFF0C\u5225\u540D <{0}> \u5DF2\u7D93\u5B58\u5728"}, + {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", + "\u91DD\u5C0D {4} \u7522\u751F\u6709\u6548\u671F {3} \u5929\u7684 {0} \u4F4D\u5143 {1} \u91D1\u9470\u7D44\u4EE5\u53CA\u81EA\u6211\u7C3D\u7F72\u6191\u8B49 ({2})\n\t"}, + {"Enter.key.password.for.alias.", "\u8F38\u5165 <{0}> \u7684\u91D1\u9470\u5BC6\u78BC"}, + {".RETURN.if.same.as.keystore.password.", + "\t(RETURN \u5982\u679C\u548C\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u76F8\u540C): "}, + {"Key.password.is.too.short.must.be.at.least.6.characters", + "\u91D1\u9470\u5BC6\u78BC\u592A\u77ED - \u5FC5\u9808\u81F3\u5C11\u70BA 6 \u500B\u5B57\u5143"}, + {"Too.many.failures.key.not.added.to.keystore", + "\u592A\u591A\u932F\u8AA4 - \u91D1\u9470\u672A\u65B0\u589E\u81F3\u91D1\u9470\u5132\u5B58\u5EAB"}, + {"Destination.alias.dest.already.exists", + "\u76EE\u7684\u5730\u5225\u540D <{0}> \u5DF2\u7D93\u5B58\u5728"}, + {"Password.is.too.short.must.be.at.least.6.characters", + "\u5BC6\u78BC\u592A\u77ED - \u5FC5\u9808\u81F3\u5C11\u70BA 6 \u500B\u5B57\u5143"}, + {"Too.many.failures.Key.entry.not.cloned", + "\u592A\u591A\u932F\u8AA4\u3002\u672A\u8907\u88FD\u91D1\u9470\u9805\u76EE"}, + {"key.password.for.alias.", "<{0}> \u7684\u91D1\u9470\u5BC6\u78BC"}, + {"Keystore.entry.for.id.getName.already.exists", + "<{0}> \u7684\u91D1\u9470\u5132\u5B58\u5EAB\u9805\u76EE\u5DF2\u7D93\u5B58\u5728"}, + {"Creating.keystore.entry.for.id.getName.", + "\u5EFA\u7ACB <{0}> \u7684\u91D1\u9470\u5132\u5B58\u5EAB\u9805\u76EE..."}, + {"No.entries.from.identity.database.added", + "\u6C92\u6709\u65B0\u589E\u4F86\u81EA\u8B58\u5225\u8CC7\u6599\u5EAB\u7684\u9805\u76EE"}, + {"Alias.name.alias", "\u5225\u540D\u540D\u7A31: {0}"}, + {"Creation.date.keyStore.getCreationDate.alias.", + "\u5EFA\u7ACB\u65E5\u671F: {0,date}"}, + {"alias.keyStore.getCreationDate.alias.", + "{0}, {1,date}, "}, + {"alias.", "{0}, "}, + {"Entry.type.type.", "\u9805\u76EE\u985E\u578B: {0}"}, + {"Certificate.chain.length.", "\u6191\u8B49\u93C8\u9577\u5EA6: "}, + {"Certificate.i.1.", "\u6191\u8B49 [{0,number,integer}]:"}, + {"Certificate.fingerprint.SHA1.", "\u6191\u8B49\u6307\u7D0B (SHA1): "}, + {"Keystore.type.", "\u91D1\u9470\u5132\u5B58\u5EAB\u985E\u578B: "}, + {"Keystore.provider.", "\u91D1\u9470\u5132\u5B58\u5EAB\u63D0\u4F9B\u8005: "}, + {"Your.keystore.contains.keyStore.size.entry", + "\u60A8\u7684\u91D1\u9470\u5132\u5B58\u5EAB\u5305\u542B {0,number,integer} \u9805\u76EE"}, + {"Your.keystore.contains.keyStore.size.entries", + "\u60A8\u7684\u91D1\u9470\u5132\u5B58\u5EAB\u5305\u542B {0,number,integer} \u9805\u76EE"}, + {"Failed.to.parse.input", "\u7121\u6CD5\u5256\u6790\u8F38\u5165"}, + {"Empty.input", "\u7A7A\u8F38\u5165"}, + {"Not.X.509.certificate", "\u975E X.509 \u6191\u8B49"}, + {"alias.has.no.public.key", "{0} \u7121\u516C\u958B\u91D1\u9470"}, + {"alias.has.no.X.509.certificate", "{0} \u7121 X.509 \u6191\u8B49"}, + {"New.certificate.self.signed.", "\u65B0\u6191\u8B49 (\u81EA\u6211\u7C3D\u7F72): "}, + {"Reply.has.no.certificates", "\u56DE\u8986\u4E0D\u542B\u6191\u8B49"}, + {"Certificate.not.imported.alias.alias.already.exists", + "\u6191\u8B49\u672A\u8F38\u5165\uFF0C\u5225\u540D <{0}> \u5DF2\u7D93\u5B58\u5728"}, + {"Input.not.an.X.509.certificate", "\u8F38\u5165\u7684\u4E0D\u662F X.509 \u6191\u8B49"}, + {"Certificate.already.exists.in.keystore.under.alias.trustalias.", + "\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u7684 <{0}> \u5225\u540D\u4E4B\u4E0B\uFF0C\u6191\u8B49\u5DF2\u7D93\u5B58\u5728"}, + {"Do.you.still.want.to.add.it.no.", + "\u60A8\u4ECD\u7136\u60F3\u8981\u5C07\u4E4B\u65B0\u589E\u55CE\uFF1F [\u5426]: "}, + {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", + "\u6574\u500B\u7CFB\u7D71 CA \u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u7684 <{0}> \u5225\u540D\u4E4B\u4E0B\uFF0C\u6191\u8B49\u5DF2\u7D93\u5B58\u5728"}, + {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", + "\u60A8\u4ECD\u7136\u60F3\u8981\u5C07\u4E4B\u65B0\u589E\u81F3\u81EA\u5DF1\u7684\u91D1\u9470\u5132\u5B58\u5EAB\u55CE\uFF1F [\u5426]: "}, + {"Trust.this.certificate.no.", "\u4FE1\u4EFB\u9019\u500B\u6191\u8B49\uFF1F [\u5426]: "}, + {"YES", "\u662F"}, + {"New.prompt.", "\u65B0 {0}: "}, + {"Passwords.must.differ", "\u5FC5\u9808\u662F\u4E0D\u540C\u7684\u5BC6\u78BC"}, + {"Re.enter.new.prompt.", "\u91CD\u65B0\u8F38\u5165\u65B0 {0}: "}, + {"Re.enter.new.password.", "\u91CD\u65B0\u8F38\u5165\u65B0\u5BC6\u78BC: "}, + {"They.don.t.match.Try.again", "\u5B83\u5011\u4E0D\u76F8\u7B26\u3002\u8ACB\u91CD\u8A66"}, + {"Enter.prompt.alias.name.", "\u8F38\u5165 {0} \u5225\u540D\u540D\u7A31: "}, + {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", + "\u8ACB\u8F38\u5165\u65B0\u7684\u5225\u540D\u540D\u7A31\t(RETURN \u4EE5\u53D6\u6D88\u532F\u5165\u6B64\u9805\u76EE):"}, + {"Enter.alias.name.", "\u8F38\u5165\u5225\u540D\u540D\u7A31: "}, + {".RETURN.if.same.as.for.otherAlias.", + "\t(RETURN \u5982\u679C\u548C <{0}> \u7684\u76F8\u540C)"}, + {".PATTERN.printX509Cert", + "\u64C1\u6709\u8005: {0}\n\u767C\u51FA\u8005: {1}\n\u5E8F\u865F: {2}\n\u6709\u6548\u671F\u81EA: {3} \u5230: {4}\n\u6191\u8B49\u6307\u7D0B:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t \u7C3D\u7AE0\u6F14\u7B97\u6CD5\u540D\u7A31: {8}\n\t \u7248\u672C: {9}"}, + {"What.is.your.first.and.last.name.", + "\u60A8\u7684\u540D\u5B57\u8207\u59D3\u6C0F\u70BA\u4F55\uFF1F"}, + {"What.is.the.name.of.your.organizational.unit.", + "\u60A8\u7684\u7D44\u7E54\u55AE\u4F4D\u540D\u7A31\u70BA\u4F55\uFF1F"}, + {"What.is.the.name.of.your.organization.", + "\u60A8\u7684\u7D44\u7E54\u540D\u7A31\u70BA\u4F55\uFF1F"}, + {"What.is.the.name.of.your.City.or.Locality.", + "\u60A8\u6240\u5728\u7684\u57CE\u5E02\u6216\u5730\u5340\u540D\u7A31\u70BA\u4F55\uFF1F"}, + {"What.is.the.name.of.your.State.or.Province.", + "\u60A8\u6240\u5728\u7684\u5DDE\u53CA\u7701\u4EFD\u540D\u7A31\u70BA\u4F55\uFF1F"}, + {"What.is.the.two.letter.country.code.for.this.unit.", + "\u6B64\u55AE\u4F4D\u7684\u5169\u500B\u5B57\u6BCD\u570B\u5225\u4EE3\u78BC\u70BA\u4F55\uFF1F"}, + {"Is.name.correct.", "{0} \u6B63\u78BA\u55CE\uFF1F"}, + {"no", "\u5426"}, + {"yes", "\u662F"}, + {"y", "y"}, + {".defaultValue.", " [{0}]: "}, + {"Alias.alias.has.no.key", + "\u5225\u540D <{0}> \u6C92\u6709\u91D1\u9470"}, + {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", + "\u5225\u540D <{0}> \u6240\u53C3\u7167\u7684\u9805\u76EE\u4E0D\u662F\u79C1\u5BC6\u91D1\u9470\u985E\u578B\u3002-keyclone \u547D\u4EE4\u50C5\u652F\u63F4\u79C1\u5BC6\u91D1\u9470\u9805\u76EE\u7684\u8907\u88FD"}, + + {".WARNING.WARNING.WARNING.", + "***************** WARNING WARNING WARNING *****************"}, + {"Signer.d.", "\u7C3D\u7F72\u8005 #%d:"}, + {"Timestamp.", "\u6642\u6233:"}, + {"Signature.", "\u7C3D\u7AE0:"}, + {"CRLs.", "CRL:"}, + {"Certificate.owner.", "\u6191\u8B49\u64C1\u6709\u8005: "}, + {"Not.a.signed.jar.file", "\u4E0D\u662F\u7C3D\u7F72\u7684 jar \u6A94\u6848"}, + {"No.certificate.from.the.SSL.server", + "\u6C92\u6709\u4F86\u81EA SSL \u4F3A\u670D\u5668\u7684\u6191\u8B49"}, + + {".The.integrity.of.the.information.stored.in.your.keystore.", + "* \u5C1A\u672A\u9A57\u8B49\u5132\u5B58\u65BC\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u8CC7\u8A0A *\n* \u7684\u5B8C\u6574\u6027\uFF01\u82E5\u8981\u9A57\u8B49\u5176\u5B8C\u6574\u6027\uFF0C *\n* \u60A8\u5FC5\u9808\u63D0\u4F9B\u60A8\u7684\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u3002 *"}, + {".The.integrity.of.the.information.stored.in.the.srckeystore.", + "* \u5C1A\u672A\u9A57\u8B49\u5132\u5B58\u65BC srckeystore \u4E2D\u8CC7\u8A0A *\n* \u7684\u5B8C\u6574\u6027\uFF01\u82E5\u8981\u9A57\u8B49\u5176\u5B8C\u6574\u6027\uFF0C\u60A8\u5FC5\u9808 *\n* \u63D0\u4F9B srckeystore \u5BC6\u78BC\u3002 *"}, + + {"Certificate.reply.does.not.contain.public.key.for.alias.", + "\u6191\u8B49\u56DE\u8986\u4E26\u672A\u5305\u542B <{0}> \u7684\u516C\u958B\u91D1\u9470"}, + {"Incomplete.certificate.chain.in.reply", + "\u56DE\u8986\u6642\u7684\u6191\u8B49\u93C8\u4E0D\u5B8C\u6574"}, + {"Certificate.chain.in.reply.does.not.verify.", + "\u56DE\u8986\u6642\u7684\u6191\u8B49\u93C8\u672A\u9A57\u8B49: "}, + {"Top.level.certificate.in.reply.", + "\u56DE\u8986\u6642\u7684\u6700\u9AD8\u7D1A\u6191\u8B49:\n"}, + {".is.not.trusted.", "... \u662F\u4E0D\u88AB\u4FE1\u4EFB\u7684\u3002"}, + {"Install.reply.anyway.no.", "\u9084\u662F\u8981\u5B89\u88DD\u56DE\u8986\uFF1F [\u5426]: "}, + {"NO", "\u5426"}, + {"Public.keys.in.reply.and.keystore.don.t.match", + "\u56DE\u8986\u6642\u7684\u516C\u958B\u91D1\u9470\u8207\u91D1\u9470\u5132\u5B58\u5EAB\u4E0D\u7B26"}, + {"Certificate.reply.and.certificate.in.keystore.are.identical", + "\u6191\u8B49\u56DE\u8986\u8207\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u7684\u6191\u8B49\u662F\u76F8\u540C\u7684"}, + {"Failed.to.establish.chain.from.reply", + "\u7121\u6CD5\u5F9E\u56DE\u8986\u4E2D\u5C07\u93C8\u5EFA\u7ACB\u8D77\u4F86"}, + {"n", "n"}, + {"Wrong.answer.try.again", "\u932F\u8AA4\u7684\u7B54\u6848\uFF0C\u8ACB\u518D\u8A66\u4E00\u6B21"}, + {"Secret.key.not.generated.alias.alias.already.exists", + "\u672A\u7522\u751F\u79D8\u5BC6\u91D1\u9470\uFF0C\u5225\u540D <{0}> \u5DF2\u5B58\u5728"}, + {"Please.provide.keysize.for.secret.key.generation", + "\u8ACB\u63D0\u4F9B -keysize \u4EE5\u7522\u751F\u79D8\u5BC6\u91D1\u9470"}, + + {"Extensions.", "\u64F4\u5145\u5957\u4EF6: "}, + {".Empty.value.", "(\u7A7A\u767D\u503C)"}, + {"Extension.Request.", "\u64F4\u5145\u5957\u4EF6\u8981\u6C42:"}, + {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", + "PKCS #10 \u6191\u8B49\u8981\u6C42 (\u7248\u672C 1.0)\n\u4E3B\u9AD4: %s\n\u516C\u7528\u91D1\u9470: %s \u683C\u5F0F %s \u91D1\u9470\n"}, + {"Unknown.keyUsage.type.", "\u4E0D\u660E\u7684 keyUsage \u985E\u578B: "}, + {"Unknown.extendedkeyUsage.type.", "\u4E0D\u660E\u7684 extendedkeyUsage \u985E\u578B: "}, + {"Unknown.AccessDescription.type.", "\u4E0D\u660E\u7684 AccessDescription \u985E\u578B: "}, + {"Unrecognized.GeneralName.type.", "\u7121\u6CD5\u8FA8\u8B58\u7684 GeneralName \u985E\u578B: "}, + {"This.extension.cannot.be.marked.as.critical.", + "\u6B64\u64F4\u5145\u5957\u4EF6\u7121\u6CD5\u6A19\u793A\u70BA\u95DC\u9375\u3002"}, + {"Odd.number.of.hex.digits.found.", "\u627E\u5230\u5341\u516D\u9032\u4F4D\u6578\u5B57\u7684\u5947\u6578: "}, + {"Unknown.extension.type.", "\u4E0D\u660E\u7684\u64F4\u5145\u5957\u4EF6\u985E\u578B: "}, + {"command.{0}.is.ambiguous.", "\u547D\u4EE4 {0} \u4E0D\u660E\u78BA:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- a/src/share/classes/sun/security/tools/policytool/PolicyTool.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/tools/policytool/PolicyTool.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -60,7 +60,8 @@ // for i18n static final java.util.ResourceBundle rb = - java.util.ResourceBundle.getBundle("sun.security.util.Resources"); + java.util.ResourceBundle.getBundle( + "sun.security.tools.policytool.Resources"); static final Collator collator = Collator.getInstance(); static { // this is for case insensitive string comparisons @@ -123,7 +124,7 @@ * set the PolicyFileName */ void setPolicyFileName(String policyFileName) { - this.policyFileName = policyFileName; + PolicyTool.policyFileName = policyFileName; } /** @@ -605,7 +606,7 @@ if (type.equals(PolicyParser.PrincipalEntry.WILDCARD_CLASS) || type.equals(PolicyParser.REPLACE_NAME)) { return; - }; + } Class<?> PRIN = Class.forName("java.security.Principal"); Class<?> pc = Class.forName(type, true, Thread.currentThread().getContextClassLoader()); @@ -629,6 +630,7 @@ /** * Check to see if the Permission contents are OK */ + @SuppressWarnings("fallthrough") void verifyPermission(String type, String name, String actions) @@ -655,6 +657,7 @@ // proceed to the one-param constructor objects.add(null); } + /* fall through */ case 1: try { c = pc.getConstructor(ONEPARAMS); @@ -663,6 +666,7 @@ // proceed to the two-param constructor objects.add(null); } + /* fall through */ case 2: c = pc.getConstructor(TWOPARAMS); break; @@ -1553,16 +1557,15 @@ if (edit) { // get the selected item entries = tool.getEntry(); - List policyList = (List)tw.getComponent(tw.MW_POLICY_LIST); + List policyList = (List)tw.getComponent(ToolWindow.MW_POLICY_LIST); listIndex = policyList.getSelectedIndex(); // get principal list - LinkedList principals = + LinkedList<PolicyParser.PrincipalEntry> principals = entries[listIndex].getGrantEntry().principals; for (int i = 0; i < principals.size(); i++) { String prinString = null; - PolicyParser.PrincipalEntry nextPrin = - (PolicyParser.PrincipalEntry)principals.get(i); + PolicyParser.PrincipalEntry nextPrin = principals.get(i); prinList.addTaggedItem(PrincipalEntryToUserFriendlyString(nextPrin), nextPrin); } @@ -1631,10 +1634,10 @@ label = new Label(PolicyTool.rb.getString("Principals.")); tw.addNewComponent(this, label, PE_PRIN_LABEL, 0, 3, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.BOTTOM_PADDING); + ToolWindow.BOTTOM_PADDING); tw.addNewComponent(this, prinList, PE_PRIN_LIST, 1, 3, 3, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.BOTTOM_PADDING); + ToolWindow.BOTTOM_PADDING); // panel for permission buttons panel = new Panel(); @@ -1661,12 +1664,12 @@ tw.addNewComponent(this, panel, PE_PANEL1, 0, 4, 2, 1, 0.0, 0.0, GridBagConstraints.HORIZONTAL, - tw.LITE_BOTTOM_PADDING); + ToolWindow.LITE_BOTTOM_PADDING); // permission list tw.addNewComponent(this, permList, PE_PERM_LIST, 0, 5, 3, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.BOTTOM_PADDING); + ToolWindow.BOTTOM_PADDING); // panel for Done and Cancel buttons @@ -1679,14 +1682,14 @@ (new AddEntryDoneButtonListener(tool, tw, this, edit)); tw.addNewComponent(panel, button, PE_DONE_BUTTON, 0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL, - tw.LR_PADDING); + ToolWindow.LR_PADDING); // Cancel Button button = new Button(PolicyTool.rb.getString("Cancel")); button.addActionListener(new CancelButtonListener(this)); tw.addNewComponent(panel, button, PE_CANCEL_BUTTON, 1, 0, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL, - tw.LR_PADDING); + ToolWindow.LR_PADDING); // add the panel tw.addNewComponent(this, panel, PE_PANEL2, @@ -1760,7 +1763,7 @@ (PolicyTool.rb.getString("KeyStore.URL.")); tw.addNewComponent(this, label, KSD_NAME_LABEL, 0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.BOTTOM_PADDING); + ToolWindow.BOTTOM_PADDING); TextField tf = new TextField(tool.getKeyStoreName(), 30); // URL to U R L, so that accessibility reader will pronounce well @@ -1768,45 +1771,45 @@ PolicyTool.rb.getString("KeyStore.U.R.L.")); tw.addNewComponent(this, tf, KSD_NAME_TEXTFIELD, 1, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.BOTTOM_PADDING); + ToolWindow.BOTTOM_PADDING); // KeyStore type and textfield label = new Label(PolicyTool.rb.getString("KeyStore.Type.")); tw.addNewComponent(this, label, KSD_TYPE_LABEL, 0, 1, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.BOTTOM_PADDING); + ToolWindow.BOTTOM_PADDING); tf = new TextField(tool.getKeyStoreType(), 30); tf.getAccessibleContext().setAccessibleName( PolicyTool.rb.getString("KeyStore.Type.")); tw.addNewComponent(this, tf, KSD_TYPE_TEXTFIELD, 1, 1, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.BOTTOM_PADDING); + ToolWindow.BOTTOM_PADDING); // KeyStore provider and textfield label = new Label(PolicyTool.rb.getString ("KeyStore.Provider.")); tw.addNewComponent(this, label, KSD_PROVIDER_LABEL, 0, 2, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.BOTTOM_PADDING); + ToolWindow.BOTTOM_PADDING); tf = new TextField(tool.getKeyStoreProvider(), 30); tf.getAccessibleContext().setAccessibleName( PolicyTool.rb.getString("KeyStore.Provider.")); tw.addNewComponent(this, tf, KSD_PROVIDER_TEXTFIELD, 1, 2, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.BOTTOM_PADDING); + ToolWindow.BOTTOM_PADDING); // KeyStore password URL and textfield label = new Label(PolicyTool.rb.getString ("KeyStore.Password.URL.")); tw.addNewComponent(this, label, KSD_PWD_URL_LABEL, 0, 3, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.BOTTOM_PADDING); + ToolWindow.BOTTOM_PADDING); tf = new TextField(tool.getKeyStorePwdURL(), 30); tf.getAccessibleContext().setAccessibleName( PolicyTool.rb.getString("KeyStore.Password.U.R.L.")); tw.addNewComponent(this, tf, KSD_PWD_URL_TEXTFIELD, 1, 3, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.BOTTOM_PADDING); + ToolWindow.BOTTOM_PADDING); // OK button Button okButton = new Button(PolicyTool.rb.getString("OK")); @@ -1862,7 +1865,7 @@ new Label(PolicyTool.rb.getString(".Add.New.Principal."))); tw.addNewComponent(newTD, label, PRD_DESC_LABEL, 0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.TOP_BOTTOM_PADDING); + ToolWindow.TOP_BOTTOM_PADDING); // principal choice Choice choice = new Choice(); @@ -1888,7 +1891,7 @@ tw.addNewComponent(newTD, choice, PRD_PRIN_CHOICE, 0, 1, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.LR_PADDING); + ToolWindow.LR_PADDING); // principal textfield TextField tf; @@ -1898,7 +1901,7 @@ tf.getAccessibleContext().setAccessibleName(PRIN_TYPE); tw.addNewComponent(newTD, tf, PRD_PRIN_TEXTFIELD, 1, 1, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.LR_PADDING); + ToolWindow.LR_PADDING); // name label and textfield label = new Label(PRIN_NAME); @@ -1909,10 +1912,10 @@ tw.addNewComponent(newTD, label, PRD_NAME_LABEL, 0, 2, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.LR_PADDING); + ToolWindow.LR_PADDING); tw.addNewComponent(newTD, tf, PRD_NAME_TEXTFIELD, 1, 2, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.LR_PADDING); + ToolWindow.LR_PADDING); // OK button Button okButton = new Button(PolicyTool.rb.getString("OK")); @@ -1921,13 +1924,13 @@ (tool, tw, this, newTD, edit)); tw.addNewComponent(newTD, okButton, PRD_OK_BUTTON, 0, 3, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL, - tw.TOP_BOTTOM_PADDING); + ToolWindow.TOP_BOTTOM_PADDING); // cancel button Button cancelButton = new Button(PolicyTool.rb.getString("Cancel")); cancelButton.addActionListener(new CancelButtonListener(newTD)); tw.addNewComponent(newTD, cancelButton, PRD_CANCEL_BUTTON, 1, 3, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL, - tw.TOP_BOTTOM_PADDING); + ToolWindow.TOP_BOTTOM_PADDING); newTD.setVisible(true); } @@ -1969,7 +1972,7 @@ new Label(PolicyTool.rb.getString(".Add.New.Permission."))); tw.addNewComponent(newTD, label, PD_DESC_LABEL, 0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.TOP_BOTTOM_PADDING); + ToolWindow.TOP_BOTTOM_PADDING); // permission choice (added in alphabetical order) Choice choice = new Choice(); @@ -1982,7 +1985,7 @@ choice.addItemListener(new PermissionMenuListener(newTD)); tw.addNewComponent(newTD, choice, PD_PERM_CHOICE, 0, 1, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.LR_PADDING); + ToolWindow.LR_PADDING); // permission textfield TextField tf; @@ -1996,7 +1999,7 @@ } tw.addNewComponent(newTD, tf, PD_PERM_TEXTFIELD, 1, 1, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.LR_PADDING); + ToolWindow.LR_PADDING); // name label and textfield choice = new Choice(); @@ -2010,10 +2013,10 @@ } tw.addNewComponent(newTD, choice, PD_NAME_CHOICE, 0, 2, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.LR_PADDING); + ToolWindow.LR_PADDING); tw.addNewComponent(newTD, tf, PD_NAME_TEXTFIELD, 1, 2, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.LR_PADDING); + ToolWindow.LR_PADDING); // actions label and textfield choice = new Choice(); @@ -2027,22 +2030,22 @@ } tw.addNewComponent(newTD, choice, PD_ACTIONS_CHOICE, 0, 3, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.LR_PADDING); + ToolWindow.LR_PADDING); tw.addNewComponent(newTD, tf, PD_ACTIONS_TEXTFIELD, 1, 3, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.LR_PADDING); + ToolWindow.LR_PADDING); // signedby label and textfield label = new Label(PolicyTool.rb.getString("Signed.By.")); tw.addNewComponent(newTD, label, PD_SIGNEDBY_LABEL, 0, 4, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.LR_PADDING); + ToolWindow.LR_PADDING); tf = (edit ? new TextField(editMe.signedBy, 40) : new TextField(40)); tf.getAccessibleContext().setAccessibleName( PolicyTool.rb.getString("Signed.By.")); tw.addNewComponent(newTD, tf, PD_SIGNEDBY_TEXTFIELD, 1, 4, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.LR_PADDING); + ToolWindow.LR_PADDING); // OK button Button okButton = new Button(PolicyTool.rb.getString("OK")); @@ -2051,14 +2054,14 @@ (tool, tw, this, newTD, edit)); tw.addNewComponent(newTD, okButton, PD_OK_BUTTON, 0, 5, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL, - tw.TOP_BOTTOM_PADDING); + ToolWindow.TOP_BOTTOM_PADDING); // cancel button Button cancelButton = new Button(PolicyTool.rb.getString("Cancel")); cancelButton.addActionListener(new CancelButtonListener(newTD)); tw.addNewComponent(newTD, cancelButton, PD_CANCEL_BUTTON, 1, 5, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL, - tw.TOP_BOTTOM_PADDING); + ToolWindow.TOP_BOTTOM_PADDING); newTD.setVisible(true); } @@ -2205,7 +2208,7 @@ void displayConfirmRemovePolicyEntry() { // find the entry to be removed - List list = (List)tw.getComponent(tw.MW_POLICY_LIST); + List list = (List)tw.getComponent(ToolWindow.MW_POLICY_LIST); int index = list.getSelectedIndex(); PolicyEntry entries[] = tool.getEntry(); @@ -2219,7 +2222,7 @@ (PolicyTool.rb.getString("Remove.this.Policy.Entry.")); tw.addNewComponent(this, label, CRPE_LABEL1, 0, 0, 2, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.BOTTOM_PADDING); + ToolWindow.BOTTOM_PADDING); // display the policy entry label = new Label(entries[index].codebaseToString()); @@ -2237,7 +2240,8 @@ if (i == (perms.size()-1)) { tw.addNewComponent(this, label, CRPE_LABEL2 + 2 + i, 1, 3 + i, 1, 1, 0.0, 0.0, - GridBagConstraints.BOTH, tw.BOTTOM_PADDING); + GridBagConstraints.BOTH, + ToolWindow.BOTTOM_PADDING); } else { tw.addNewComponent(this, label, CRPE_LABEL2 + 2 + i, 1, 3 + i, 1, 1, 0.0, 0.0, @@ -2256,18 +2260,18 @@ (new ConfirmRemovePolicyEntryOKButtonListener(tool, tw, this)); tw.addNewComponent(panel, okButton, CRPE_PANEL_OK, 0, 0, 1, 1, 0.0, 0.0, - GridBagConstraints.VERTICAL, tw.LR_PADDING); + GridBagConstraints.VERTICAL, ToolWindow.LR_PADDING); // cancel button Button cancelButton = new Button(PolicyTool.rb.getString("Cancel")); cancelButton.addActionListener(new CancelButtonListener(this)); tw.addNewComponent(panel, cancelButton, CRPE_PANEL_CANCEL, 1, 0, 1, 1, 0.0, 0.0, - GridBagConstraints.VERTICAL, tw.LR_PADDING); + GridBagConstraints.VERTICAL, ToolWindow.LR_PADDING); tw.addNewComponent(this, panel, CRPE_LABEL2 + 2 + perms.size(), 0, 3 + perms.size(), 2, 1, 0.0, 0.0, - GridBagConstraints.VERTICAL, tw.TOP_BOTTOM_PADDING); + GridBagConstraints.VERTICAL, ToolWindow.TOP_BOTTOM_PADDING); pack(); setVisible(true); @@ -2310,7 +2314,7 @@ // display the new policy filename TextField newFilename = (TextField)tw.getComponent - (tw.MW_FILENAME_TEXTFIELD); + (ToolWindow.MW_FILENAME_TEXTFIELD); newFilename.setText(filename); tw.setVisible(true); @@ -2346,7 +2350,7 @@ (PolicyTool.rb.getString("Save.changes.")); tw.addNewComponent(this, label, USC_LABEL, 0, 0, 3, 1, 0.0, 0.0, GridBagConstraints.BOTH, - tw.L_TOP_BOTTOM_PADDING); + ToolWindow.L_TOP_BOTTOM_PADDING); Panel panel = new Panel(); panel.setLayout(new GridBagLayout()); @@ -2357,21 +2361,21 @@ tw.addNewComponent(panel, yesButton, USC_YES_BUTTON, 0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL, - tw.LR_BOTTOM_PADDING); + ToolWindow.LR_BOTTOM_PADDING); Button noButton = new Button(PolicyTool.rb.getString("No")); noButton.addActionListener (new UserSaveNoButtonListener(this, tool, tw, select)); tw.addNewComponent(panel, noButton, USC_NO_BUTTON, 1, 0, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL, - tw.LR_BOTTOM_PADDING); + ToolWindow.LR_BOTTOM_PADDING); Button cancelButton = new Button(PolicyTool.rb.getString("Cancel")); cancelButton.addActionListener (new UserSaveCancelButtonListener(this)); tw.addNewComponent(panel, cancelButton, USC_CANCEL_BUTTON, 2, 0, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL, - tw.LR_BOTTOM_PADDING); + ToolWindow.LR_BOTTOM_PADDING); tw.addNewComponent(this, panel, USC_PANEL, 0, 1, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH); @@ -2391,6 +2395,7 @@ * (either QUITting, opening NEW policy file, or OPENing an existing * policy file. do that now. */ + @SuppressWarnings("fallthrough") void userSaveContinue(PolicyTool tool, ToolWindow tw, ToolDialog us, int select) { @@ -2417,8 +2422,8 @@ tw.replacePolicyList(list); // display null policy filename and keystore - TextField newFilename = (TextField) - tw.getComponent(tw.MW_FILENAME_TEXTFIELD); + TextField newFilename = (TextField)tw.getComponent( + ToolWindow.MW_FILENAME_TEXTFIELD); newFilename.setText(""); tw.setVisible(true); break; @@ -2459,8 +2464,8 @@ tool.modified = false; // display the new policy filename - newFilename = (TextField) - tw.getComponent(tw.MW_FILENAME_TEXTFIELD); + newFilename = (TextField)tw.getComponent( + ToolWindow.MW_FILENAME_TEXTFIELD); newFilename.setText(policyFile); tw.setVisible(true); @@ -2479,8 +2484,8 @@ tool.modified = false; // display a null policy filename - newFilename = (TextField) - tw.getComponent(tw.MW_FILENAME_TEXTFIELD); + newFilename = (TextField)tw.getComponent( + ToolWindow.MW_FILENAME_TEXTFIELD); newFilename.setText(""); tw.setVisible(true); @@ -2658,51 +2663,52 @@ public void actionPerformed(ActionEvent e) { - if (PolicyTool.collator.compare(e.getActionCommand(), tw.QUIT) == 0) { + if (PolicyTool.collator.compare(e.getActionCommand(), + ToolWindow.QUIT) == 0) { // ask user if they want to save changes ToolDialog td = new ToolDialog (PolicyTool.rb.getString("Save.Changes"), tool, tw, true); - td.displayUserSave(td.QUIT); + td.displayUserSave(ToolDialog.QUIT); // the above method will perform the QUIT as long as the // user does not CANCEL the request } else if (PolicyTool.collator.compare(e.getActionCommand(), - tw.NEW_POLICY_FILE) == 0) { + ToolWindow.NEW_POLICY_FILE) == 0) { // ask user if they want to save changes ToolDialog td = new ToolDialog (PolicyTool.rb.getString("Save.Changes"), tool, tw, true); - td.displayUserSave(td.NEW); + td.displayUserSave(ToolDialog.NEW); // the above method will perform the NEW as long as the // user does not CANCEL the request } else if (PolicyTool.collator.compare(e.getActionCommand(), - tw.OPEN_POLICY_FILE) == 0) { + ToolWindow.OPEN_POLICY_FILE) == 0) { // ask user if they want to save changes ToolDialog td = new ToolDialog (PolicyTool.rb.getString("Save.Changes"), tool, tw, true); - td.displayUserSave(td.OPEN); + td.displayUserSave(ToolDialog.OPEN); // the above method will perform the OPEN as long as the // user does not CANCEL the request } else if (PolicyTool.collator.compare(e.getActionCommand(), - tw.SAVE_POLICY_FILE) == 0) { + ToolWindow.SAVE_POLICY_FILE) == 0) { // get the previously entered filename - String filename = ((TextField) - tw.getComponent(tw.MW_FILENAME_TEXTFIELD)).getText(); + String filename = ((TextField)tw.getComponent( + ToolWindow.MW_FILENAME_TEXTFIELD)).getText(); // if there is no filename, do a SAVE_AS if (filename == null || filename.length() == 0) { // user wants to SAVE AS ToolDialog td = new ToolDialog (PolicyTool.rb.getString("Save.As"), tool, tw, true); - td.displaySaveAsDialog(td.NOACTION); + td.displaySaveAsDialog(ToolDialog.NOACTION); } else { try { // save the policy entries to a file @@ -2726,15 +2732,15 @@ } } } else if (PolicyTool.collator.compare(e.getActionCommand(), - tw.SAVE_AS_POLICY_FILE) == 0) { + ToolWindow.SAVE_AS_POLICY_FILE) == 0) { // user wants to SAVE AS ToolDialog td = new ToolDialog (PolicyTool.rb.getString("Save.As"), tool, tw, true); - td.displaySaveAsDialog(td.NOACTION); + td.displaySaveAsDialog(ToolDialog.NOACTION); } else if (PolicyTool.collator.compare(e.getActionCommand(), - tw.VIEW_WARNINGS) == 0) { + ToolWindow.VIEW_WARNINGS) == 0) { tw.displayWarningLog(null); } } @@ -2756,7 +2762,7 @@ public void actionPerformed(ActionEvent e) { if (PolicyTool.collator.compare(e.getActionCommand(), - tw.ADD_POLICY_ENTRY) == 0) { + ToolWindow.ADD_POLICY_ENTRY) == 0) { // display a dialog box for the user to enter policy info ToolDialog td = new ToolDialog @@ -2764,10 +2770,10 @@ td.displayPolicyEntryDialog(false); } else if (PolicyTool.collator.compare(e.getActionCommand(), - tw.REMOVE_POLICY_ENTRY) == 0) { + ToolWindow.REMOVE_POLICY_ENTRY) == 0) { // get the selected entry - List list = (List)tw.getComponent(tw.MW_POLICY_LIST); + List list = (List)tw.getComponent(ToolWindow.MW_POLICY_LIST); int index = list.getSelectedIndex(); if (index < 0) { tw.displayErrorDialog(null, new Exception @@ -2781,10 +2787,10 @@ td.displayConfirmRemovePolicyEntry(); } else if (PolicyTool.collator.compare(e.getActionCommand(), - tw.EDIT_POLICY_ENTRY) == 0) { + ToolWindow.EDIT_POLICY_ENTRY) == 0) { // get the selected entry - List list = (List)tw.getComponent(tw.MW_POLICY_LIST); + List list = (List)tw.getComponent(ToolWindow.MW_POLICY_LIST); int index = list.getSelectedIndex(); if (index < 0) { tw.displayErrorDialog(null, new Exception @@ -2798,12 +2804,12 @@ td.displayPolicyEntryDialog(true); } else if (PolicyTool.collator.compare(e.getActionCommand(), - tw.EDIT_KEYSTORE) == 0) { + ToolWindow.EDIT_KEYSTORE) == 0) { // display a dialog box for the user to enter keystore info ToolDialog td = new ToolDialog (PolicyTool.rb.getString("KeyStore"), tool, tw, true); - td.keyStoreDialog(td.EDIT_KEYSTORE); + td.keyStoreDialog(ToolDialog.EDIT_KEYSTORE); } } } @@ -2855,7 +2861,7 @@ } // add the entry - List policyList = (List)tw.getComponent(tw.MW_POLICY_LIST); + List policyList = (List)tw.getComponent(ToolWindow.MW_POLICY_LIST); if (edit) { int listIndex = policyList.getSelectedIndex(); tool.addEntry(newEntry, listIndex); @@ -2896,14 +2902,14 @@ public void actionPerformed(ActionEvent e) { - String URLString = ((TextField) - td.getComponent(td.KSD_NAME_TEXTFIELD)).getText().trim(); - String type = ((TextField) - td.getComponent(td.KSD_TYPE_TEXTFIELD)).getText().trim(); - String provider = ((TextField) - td.getComponent(td.KSD_PROVIDER_TEXTFIELD)).getText().trim(); - String pwdURL = ((TextField) - td.getComponent(td.KSD_PWD_URL_TEXTFIELD)).getText().trim(); + String URLString = ((TextField)td.getComponent( + ToolDialog.KSD_NAME_TEXTFIELD)).getText().trim(); + String type = ((TextField)td.getComponent( + ToolDialog.KSD_TYPE_TEXTFIELD)).getText().trim(); + String provider = ((TextField)td.getComponent( + ToolDialog.KSD_PROVIDER_TEXTFIELD)).getText().trim(); + String pwdURL = ((TextField)td.getComponent( + ToolDialog.KSD_PWD_URL_TEXTFIELD)).getText().trim(); try { tool.openKeyStore @@ -3018,7 +3024,7 @@ // add the principal to the GUI principal list TaggedList prinList = - (TaggedList)listDialog.getComponent(listDialog.PE_PRIN_LIST); + (TaggedList)listDialog.getComponent(ToolDialog.PE_PRIN_LIST); String prinString = ToolDialog.PrincipalEntryToUserFriendlyString(pppe); if (edit) { @@ -3079,7 +3085,7 @@ // add the permission to the GUI permission list TaggedList permList = - (TaggedList)listDialog.getComponent(listDialog.PE_PERM_LIST); + (TaggedList)listDialog.getComponent(ToolDialog.PE_PERM_LIST); String permString = ToolDialog.PermissionEntryToUserFriendlyString(pppe); if (edit) { @@ -3121,7 +3127,8 @@ public void actionPerformed(ActionEvent e) { // get the Principal selected from the Principal List - TaggedList prinList = (TaggedList)td.getComponent(td.PE_PRIN_LIST); + TaggedList prinList = (TaggedList)td.getComponent( + ToolDialog.PE_PRIN_LIST); int prinIndex = prinList.getSelectedIndex(); if (prinIndex < 0) { @@ -3155,7 +3162,8 @@ public void actionPerformed(ActionEvent e) { // get the Permission selected from the Permission List - TaggedList permList = (TaggedList)td.getComponent(td.PE_PERM_LIST); + TaggedList permList = (TaggedList)td.getComponent( + ToolDialog.PE_PERM_LIST); int permIndex = permList.getSelectedIndex(); if (permIndex < 0) { @@ -3196,7 +3204,8 @@ public void actionPerformed(ActionEvent e) { // get the Principal selected from the Principal List - TaggedList list = (TaggedList)td.getComponent(td.PE_PRIN_LIST); + TaggedList list = (TaggedList)td.getComponent( + ToolDialog.PE_PRIN_LIST); int prinIndex = list.getSelectedIndex(); if (prinIndex < 0) { @@ -3235,7 +3244,7 @@ public void actionPerformed(ActionEvent e) { // get the Permission selected from the Permission List - List list = (List)td.getComponent(td.PE_PERM_LIST); + List list = (List)td.getComponent(ToolDialog.PE_PERM_LIST); int permIndex = list.getSelectedIndex(); if (permIndex < 0) { @@ -3260,19 +3269,19 @@ public void itemStateChanged(ItemEvent e) { - Choice prin = (Choice)td.getComponent(td.PRD_PRIN_CHOICE); - TextField prinField = - (TextField)td.getComponent(td.PRD_PRIN_TEXTFIELD); - TextField nameField = - (TextField)td.getComponent(td.PRD_NAME_TEXTFIELD); + Choice prin = (Choice)td.getComponent(ToolDialog.PRD_PRIN_CHOICE); + TextField prinField = (TextField)td.getComponent( + ToolDialog.PRD_PRIN_TEXTFIELD); + TextField nameField = (TextField)td.getComponent( + ToolDialog.PRD_NAME_TEXTFIELD); prin.getAccessibleContext().setAccessibleName( PolicyTool.splitToWords((String)e.getItem())); - if (((String)e.getItem()).equals(td.PRIN_TYPE)) { + if (((String)e.getItem()).equals(ToolDialog.PRIN_TYPE)) { // ignore if they choose "Principal Type:" item if (prinField.getText() != null && prinField.getText().length() > 0) { - Prin inputPrin = td.getPrin(prinField.getText(), true); + Prin inputPrin = ToolDialog.getPrin(prinField.getText(), true); prin.select(inputPrin.CLASS); } return; @@ -3286,7 +3295,7 @@ // set the text in the textfield and also modify the // pull-down choice menus to reflect the correct possible // set of names and actions - Prin inputPrin = td.getPrin((String)e.getItem(), false); + Prin inputPrin = ToolDialog.getPrin((String)e.getItem(), false); if (inputPrin != null) { prinField.setText(inputPrin.FULL_CLASS); } @@ -3306,26 +3315,31 @@ public void itemStateChanged(ItemEvent e) { - Choice perms = (Choice)td.getComponent(td.PD_PERM_CHOICE); - Choice names = (Choice)td.getComponent(td.PD_NAME_CHOICE); - Choice actions = (Choice)td.getComponent(td.PD_ACTIONS_CHOICE); - TextField nameField = - (TextField)td.getComponent(td.PD_NAME_TEXTFIELD); - TextField actionsField = - (TextField)td.getComponent(td.PD_ACTIONS_TEXTFIELD); - TextField permField = (TextField)td.getComponent(td.PD_PERM_TEXTFIELD); - TextField signedbyField = - (TextField)td.getComponent(td.PD_SIGNEDBY_TEXTFIELD); + Choice perms = (Choice)td.getComponent( + ToolDialog.PD_PERM_CHOICE); + Choice names = (Choice)td.getComponent( + ToolDialog.PD_NAME_CHOICE); + Choice actions = (Choice)td.getComponent( + ToolDialog.PD_ACTIONS_CHOICE); + TextField nameField = (TextField)td.getComponent( + ToolDialog.PD_NAME_TEXTFIELD); + TextField actionsField = (TextField)td.getComponent( + ToolDialog.PD_ACTIONS_TEXTFIELD); + TextField permField = (TextField)td.getComponent( + ToolDialog.PD_PERM_TEXTFIELD); + TextField signedbyField = (TextField)td.getComponent( + ToolDialog.PD_SIGNEDBY_TEXTFIELD); perms.getAccessibleContext().setAccessibleName( PolicyTool.splitToWords((String)e.getItem())); // ignore if they choose the 'Permission:' item - if (PolicyTool.collator.compare((String)e.getItem(), td.PERM) == 0) { + if (PolicyTool.collator.compare((String)e.getItem(), + ToolDialog.PERM) == 0) { if (permField.getText() != null && permField.getText().length() > 0) { - Perm inputPerm = td.getPerm(permField.getText(), true); + Perm inputPerm = ToolDialog.getPerm(permField.getText(), true); if (inputPerm != null) { perms.select(inputPerm.CLASS); } @@ -3344,7 +3358,7 @@ // pull-down choice menus to reflect the correct possible // set of names and actions - Perm inputPerm = td.getPerm((String)e.getItem(), false); + Perm inputPerm = ToolDialog.getPerm((String)e.getItem(), false); if (inputPerm == null) { permField.setText(""); } else { @@ -3368,14 +3382,14 @@ public void itemStateChanged(ItemEvent e) { - Choice names = (Choice)td.getComponent(td.PD_NAME_CHOICE); + Choice names = (Choice)td.getComponent(ToolDialog.PD_NAME_CHOICE); names.getAccessibleContext().setAccessibleName( PolicyTool.splitToWords((String)e.getItem())); - if (((String)e.getItem()).indexOf(td.PERM_NAME) != -1) + if (((String)e.getItem()).indexOf(ToolDialog.PERM_NAME) != -1) return; - TextField tf = (TextField)td.getComponent(td.PD_NAME_TEXTFIELD); + TextField tf = (TextField)td.getComponent(ToolDialog.PD_NAME_TEXTFIELD); tf.setText((String)e.getItem()); } } @@ -3393,13 +3407,15 @@ public void itemStateChanged(ItemEvent e) { - Choice actions = (Choice)td.getComponent(td.PD_ACTIONS_CHOICE); + Choice actions = (Choice)td.getComponent( + ToolDialog.PD_ACTIONS_CHOICE); actions.getAccessibleContext().setAccessibleName((String)e.getItem()); - if (((String)e.getItem()).indexOf(td.PERM_ACTIONS) != -1) + if (((String)e.getItem()).indexOf(ToolDialog.PERM_ACTIONS) != -1) return; - TextField tf = (TextField)td.getComponent(td.PD_ACTIONS_TEXTFIELD); + TextField tf = (TextField)td.getComponent( + ToolDialog.PD_ACTIONS_TEXTFIELD); if (tf.getText() == null || tf.getText().equals("")) { tf.setText((String)e.getItem()); } else { @@ -3521,8 +3537,8 @@ us.dispose(); try { - String filename = ((TextField) - tw.getComponent(tw.MW_FILENAME_TEXTFIELD)).getText(); + String filename = ((TextField)tw.getComponent( + ToolWindow.MW_FILENAME_TEXTFIELD)).getText(); if (filename == null || filename.equals("")) { us.displaySaveAsDialog(select); @@ -3616,7 +3632,7 @@ public void actionPerformed(ActionEvent e) { // remove the entry - List list = (List)tw.getComponent(tw.MW_POLICY_LIST); + List list = (List)tw.getComponent(ToolWindow.MW_POLICY_LIST); int index = list.getSelectedIndex(); PolicyEntry entries[] = tool.getEntry(); tool.removeEntry(entries[index]); @@ -3640,13 +3656,15 @@ * it's special, and does not pop out a warning box. */ class NoDisplayException extends RuntimeException { - + private static final long serialVersionUID = -4611761427108719794L; } /** * This is a java.awt.List that bind an Object to each String it holds. */ class TaggedList extends List { + private static final long serialVersionUID = -5676238110427785853L; + private java.util.List<Object> data = new LinkedList<>(); public TaggedList(int i, boolean b) { super(i, b);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/policytool/Resources.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,161 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.policytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the policytool. + * + */ +public class Resources extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", + "Warning: A public key for alias {0} does not exist. Make sure a KeyStore is properly configured."}, + {"Warning.Class.not.found.class", "Warning: Class not found: {0}"}, + {"Warning.Invalid.argument.s.for.constructor.arg", + "Warning: Invalid argument(s) for constructor: {0}"}, + {"Illegal.Principal.Type.type", "Illegal Principal Type: {0}"}, + {"Illegal.option.option", "Illegal option: {0}"}, + {"Usage.policytool.options.", "Usage: policytool [options]"}, + {".file.file.policy.file.location", + " [-file <file>] policy file location"}, + {"New", "New"}, + {"Open", "Open"}, + {"Save", "Save"}, + {"Save.As", "Save As"}, + {"View.Warning.Log", "View Warning Log"}, + {"Exit", "Exit"}, + {"Add.Policy.Entry", "Add Policy Entry"}, + {"Edit.Policy.Entry", "Edit Policy Entry"}, + {"Remove.Policy.Entry", "Remove Policy Entry"}, + {"Edit", "Edit"}, + {"Retain", "Retain"}, + + {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", + "Warning: File name may include escaped backslash characters. " + + "It is not necessary to escape backslash characters " + + "(the tool escapes characters as necessary when writing " + + "the policy contents to the persistent store).\n\n" + + "Click on Retain to retain the entered name, or click on " + + "Edit to edit the name."}, + + {"Add.Public.Key.Alias", "Add Public Key Alias"}, + {"Remove.Public.Key.Alias", "Remove Public Key Alias"}, + {"File", "File"}, + {"KeyStore", "KeyStore"}, + {"Policy.File.", "Policy File:"}, + {"Could.not.open.policy.file.policyFile.e.toString.", + "Could not open policy file: {0}: {1}"}, + {"Policy.Tool", "Policy Tool"}, + {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", + "Errors have occurred while opening the policy configuration. View the Warning Log for more information."}, + {"Error", "Error"}, + {"OK", "OK"}, + {"Status", "Status"}, + {"Warning", "Warning"}, + {"Permission.", + "Permission: "}, + {"Principal.Type.", "Principal Type:"}, + {"Principal.Name.", "Principal Name:"}, + {"Target.Name.", + "Target Name: "}, + {"Actions.", + "Actions: "}, + {"OK.to.overwrite.existing.file.filename.", + "OK to overwrite existing file {0}?"}, + {"Cancel", "Cancel"}, + {"CodeBase.", "CodeBase:"}, + {"SignedBy.", "SignedBy:"}, + {"Add.Principal", "Add Principal"}, + {"Edit.Principal", "Edit Principal"}, + {"Remove.Principal", "Remove Principal"}, + {"Principals.", "Principals:"}, + {".Add.Permission", " Add Permission"}, + {".Edit.Permission", " Edit Permission"}, + {"Remove.Permission", "Remove Permission"}, + {"Done", "Done"}, + {"KeyStore.URL.", "KeyStore URL:"}, + {"KeyStore.Type.", "KeyStore Type:"}, + {"KeyStore.Provider.", "KeyStore Provider:"}, + {"KeyStore.Password.URL.", "KeyStore Password URL:"}, + {"Principals", "Principals"}, + {".Edit.Principal.", " Edit Principal:"}, + {".Add.New.Principal.", " Add New Principal:"}, + {"Permissions", "Permissions"}, + {".Edit.Permission.", " Edit Permission:"}, + {".Add.New.Permission.", " Add New Permission:"}, + {"Signed.By.", "Signed By:"}, + {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", + "Cannot Specify Principal with a Wildcard Class without a Wildcard Name"}, + {"Cannot.Specify.Principal.without.a.Name", + "Cannot Specify Principal without a Name"}, + {"Permission.and.Target.Name.must.have.a.value", + "Permission and Target Name must have a value"}, + {"Remove.this.Policy.Entry.", "Remove this Policy Entry?"}, + {"Overwrite.File", "Overwrite File"}, + {"Policy.successfully.written.to.filename", + "Policy successfully written to {0}"}, + {"null.filename", "null filename"}, + {"Save.changes.", "Save changes?"}, + {"Yes", "Yes"}, + {"No", "No"}, + {"Policy.Entry", "Policy Entry"}, + {"Save.Changes", "Save Changes"}, + {"No.Policy.Entry.selected", "No Policy Entry selected"}, + {"Unable.to.open.KeyStore.ex.toString.", + "Unable to open KeyStore: {0}"}, + {"No.principal.selected", "No principal selected"}, + {"No.permission.selected", "No permission selected"}, + {"name", "name"}, + {"configuration.type", "configuration type"}, + {"environment.variable.name", "environment variable name"}, + {"library.name", "library name"}, + {"package.name", "package name"}, + {"policy.type", "policy type"}, + {"property.name", "property name"}, + {"provider.name", "provider name"}, + {"Principal.List", "Principal List"}, + {"Permission.List", "Permission List"}, + {"Code.Base", "Code Base"}, + {"KeyStore.U.R.L.", "KeyStore U R L:"}, + {"KeyStore.Password.U.R.L.", "KeyStore Password U R L:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/policytool/Resources_de.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.policytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the policytool. + * + */ +public class Resources_de extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", + "Warnung: Kein Public Key f\u00FCr Alias {0} vorhanden. Vergewissern Sie sich, dass der KeyStore ordnungsgem\u00E4\u00DF konfiguriert ist."}, + {"Warning.Class.not.found.class", "Warnung: Klasse nicht gefunden: {0}"}, + {"Warning.Invalid.argument.s.for.constructor.arg", + "Warnung: Ung\u00FCltige(s) Argument(e) f\u00FCr Constructor: {0}"}, + {"Illegal.Principal.Type.type", "Ung\u00FCltiger Principal-Typ: {0}"}, + {"Illegal.option.option", "Ung\u00FCltige Option: {0}"}, + {"Usage.policytool.options.", "Verwendung: policytool [Optionen]"}, + {".file.file.policy.file.location", + " [-file <Datei>] Policy-Dateiverzeichnis"}, + {"New", "Neu"}, + {"Open", "\u00D6ffnen"}, + {"Save", "Speichern"}, + {"Save.As", "Speichern unter"}, + {"View.Warning.Log", "Warnungslog anzeigen"}, + {"Exit", "Beenden"}, + {"Add.Policy.Entry", "Policy-Eintrag hinzuf\u00FCgen"}, + {"Edit.Policy.Entry", "Policy-Eintrag bearbeiten"}, + {"Remove.Policy.Entry", "Policy-Eintrag entfernen"}, + {"Edit", "Bearbeiten"}, + {"Retain", "Beibehalten"}, + + {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", + "Warnung: M\u00F6glicherweise enth\u00E4lt der Dateiname Escapezeichen mit Backslash. Es ist nicht notwendig, Backslash-Zeichen zu escapen (das Tool f\u00FChrt dies automatisch beim Schreiben des Policy-Contents in den persistenten Speicher aus).\n\nKlicken Sie auf \"Beibehalten\", um den eingegebenen Namen beizubehalten oder auf \"Bearbeiten\", um den Namen zu bearbeiten."}, + + {"Add.Public.Key.Alias", "Public Key-Alias hinzuf\u00FCgen"}, + {"Remove.Public.Key.Alias", "Public Key-Alias entfernen"}, + {"File", "Datei"}, + {"KeyStore", "KeyStore"}, + {"Policy.File.", "Policy-Datei:"}, + {"Could.not.open.policy.file.policyFile.e.toString.", + "Policy-Datei konnte nicht ge\u00F6ffnet werden: {0}: {1}"}, + {"Policy.Tool", "Policy-Tool"}, + {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", + "Beim \u00D6ffnen der Policy-Konfiguration sind Fehler aufgetreten. Weitere Informationen finden Sie im Warnungslog."}, + {"Error", "Fehler"}, + {"OK", "OK"}, + {"Status", "Status"}, + {"Warning", "Warnung"}, + {"Permission.", + "Berechtigung: "}, + {"Principal.Type.", "Principal-Typ:"}, + {"Principal.Name.", "Principal-Name:"}, + {"Target.Name.", + "Zielname: "}, + {"Actions.", + "Aktionen: "}, + {"OK.to.overwrite.existing.file.filename.", + "Vorhandene Datei {0} \u00FCberschreiben?"}, + {"Cancel", "Abbrechen"}, + {"CodeBase.", "CodeBase:"}, + {"SignedBy.", "SignedBy:"}, + {"Add.Principal", "Principal hinzuf\u00FCgen"}, + {"Edit.Principal", "Principal bearbeiten"}, + {"Remove.Principal", "Principal entfernen"}, + {"Principals.", "Principals:"}, + {".Add.Permission", " Berechtigung hinzuf\u00FCgen"}, + {".Edit.Permission", " Berechtigung bearbeiten"}, + {"Remove.Permission", "Berechtigung entfernen"}, + {"Done", "Fertig"}, + {"KeyStore.URL.", "KeyStore-URL:"}, + {"KeyStore.Type.", "KeyStore-Typ:"}, + {"KeyStore.Provider.", "KeyStore-Provider:"}, + {"KeyStore.Password.URL.", "KeyStore-Kennwort-URL:"}, + {"Principals", "Principals"}, + {".Edit.Principal.", " Principal bearbeiten:"}, + {".Add.New.Principal.", " Neuen Principal hinzuf\u00FCgen:"}, + {"Permissions", "Berechtigungen"}, + {".Edit.Permission.", " Berechtigung bearbeiten:"}, + {".Add.New.Permission.", " Neue Berechtigung hinzuf\u00FCgen:"}, + {"Signed.By.", "Signiert von:"}, + {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", + "Principal kann nicht mit einer Platzhalterklasse ohne Platzhalternamen angegeben werden"}, + {"Cannot.Specify.Principal.without.a.Name", + "Principal kann nicht ohne einen Namen angegeben werden"}, + {"Permission.and.Target.Name.must.have.a.value", + "Berechtigung und Zielname m\u00FCssen einen Wert haben"}, + {"Remove.this.Policy.Entry.", "Diesen Policy-Eintrag entfernen?"}, + {"Overwrite.File", "Datei \u00FCberschreiben"}, + {"Policy.successfully.written.to.filename", + "Policy erfolgreich in {0} geschrieben"}, + {"null.filename", "Null-Dateiname"}, + {"Save.changes.", "\u00C4nderungen speichern?"}, + {"Yes", "Ja"}, + {"No", "Nein"}, + {"Policy.Entry", "Policy-Eintrag"}, + {"Save.Changes", "\u00C4nderungen speichern"}, + {"No.Policy.Entry.selected", "Kein Policy-Eintrag ausgew\u00E4hlt"}, + {"Unable.to.open.KeyStore.ex.toString.", + "KeyStore kann nicht ge\u00F6ffnet werden: {0}"}, + {"No.principal.selected", "Kein Principal ausgew\u00E4hlt"}, + {"No.permission.selected", "Keine Berechtigung ausgew\u00E4hlt"}, + {"name", "Name"}, + {"configuration.type", "Konfigurationstyp"}, + {"environment.variable.name", "Umgebungsvariablenname"}, + {"library.name", "Library-Name"}, + {"package.name", "Packagename"}, + {"policy.type", "Policy-Typ"}, + {"property.name", "Eigenschaftsname"}, + {"provider.name", "Providername"}, + {"Principal.List", "Principal-Liste"}, + {"Permission.List", "Berechtigungsliste"}, + {"Code.Base", "Codebase"}, + {"KeyStore.U.R.L.", "KeyStore-URL:"}, + {"KeyStore.Password.U.R.L.", "KeyStore-Kennwort-URL:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/policytool/Resources_es.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.policytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the policytool. + * + */ +public class Resources_es extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", + "Advertencia: no hay clave p\u00FAblica para el alias {0}. Aseg\u00FArese de que se ha configurado correctamente un almac\u00E9n de claves."}, + {"Warning.Class.not.found.class", "Advertencia: no se ha encontrado la clase: {0}"}, + {"Warning.Invalid.argument.s.for.constructor.arg", + "Advertencia: argumento(s) no v\u00E1lido(s) para el constructor: {0}"}, + {"Illegal.Principal.Type.type", "Tipo de principal no permitido: {0}"}, + {"Illegal.option.option", "Opci\u00F3n no permitida: {0}"}, + {"Usage.policytool.options.", "Sintaxis: policytool [opciones]"}, + {".file.file.policy.file.location", + " [-file <archivo>] ubicaci\u00F3n del archivo de normas"}, + {"New", "Nuevo"}, + {"Open", "Abrir"}, + {"Save", "Guardar"}, + {"Save.As", "Guardar como"}, + {"View.Warning.Log", "Ver Log de Advertencias"}, + {"Exit", "Salir"}, + {"Add.Policy.Entry", "Agregar Entrada de Pol\u00EDtica"}, + {"Edit.Policy.Entry", "Editar Entrada de Pol\u00EDtica"}, + {"Remove.Policy.Entry", "Eliminar Entrada de Pol\u00EDtica"}, + {"Edit", "Editar"}, + {"Retain", "Mantener"}, + + {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", + "Advertencia: el nombre del archivo puede contener caracteres de barra invertida de escape. No es necesario utilizar barras invertidas de escape (la herramienta aplica caracteres de escape seg\u00FAn sea necesario al escribir el contenido de las pol\u00EDticas en el almac\u00E9n persistente).\n\nHaga clic en Mantener para conservar el nombre introducido o en Editar para modificarlo."}, + + {"Add.Public.Key.Alias", "Agregar Alias de Clave P\u00FAblico"}, + {"Remove.Public.Key.Alias", "Eliminar Alias de Clave P\u00FAblico"}, + {"File", "Archivo"}, + {"KeyStore", "Almac\u00E9n de Claves"}, + {"Policy.File.", "Archivo de Pol\u00EDtica:"}, + {"Could.not.open.policy.file.policyFile.e.toString.", + "No se ha podido abrir el archivo de pol\u00EDtica: {0}: {1}"}, + {"Policy.Tool", "Herramienta de Pol\u00EDticas"}, + {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", + "Ha habido errores al abrir la configuraci\u00F3n de pol\u00EDticas. V\u00E9ase el log de advertencias para obtener m\u00E1s informaci\u00F3n."}, + {"Error", "Error"}, + {"OK", "Aceptar"}, + {"Status", "Estado"}, + {"Warning", "Advertencia"}, + {"Permission.", + "Permiso: "}, + {"Principal.Type.", "Tipo de Principal:"}, + {"Principal.Name.", "Nombre de Principal:"}, + {"Target.Name.", + "Nombre de Destino: "}, + {"Actions.", + "Acciones: "}, + {"OK.to.overwrite.existing.file.filename.", + "\u00BFSobrescribir el archivo existente {0}?"}, + {"Cancel", "Cancelar"}, + {"CodeBase.", "CodeBase:"}, + {"SignedBy.", "SignedBy:"}, + {"Add.Principal", "Agregar Principal"}, + {"Edit.Principal", "Editar Principal"}, + {"Remove.Principal", "Eliminar Principal"}, + {"Principals.", "Principales:"}, + {".Add.Permission", " Agregar Permiso"}, + {".Edit.Permission", " Editar Permiso"}, + {"Remove.Permission", "Eliminar Permiso"}, + {"Done", "Listo"}, + {"KeyStore.URL.", "URL de Almac\u00E9n de Claves:"}, + {"KeyStore.Type.", "Tipo de Almac\u00E9n de Claves:"}, + {"KeyStore.Provider.", "Proveedor de Almac\u00E9n de Claves:"}, + {"KeyStore.Password.URL.", "URL de Contrase\u00F1a de Almac\u00E9n de Claves:"}, + {"Principals", "Principales"}, + {".Edit.Principal.", " Editar Principal:"}, + {".Add.New.Principal.", " Agregar Nuevo Principal:"}, + {"Permissions", "Permisos"}, + {".Edit.Permission.", " Editar Permiso:"}, + {".Add.New.Permission.", " Agregar Permiso Nuevo:"}, + {"Signed.By.", "Firmado Por:"}, + {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", + "No se puede especificar un principal con una clase de comod\u00EDn sin un nombre de comod\u00EDn"}, + {"Cannot.Specify.Principal.without.a.Name", + "No se puede especificar el principal sin un nombre"}, + {"Permission.and.Target.Name.must.have.a.value", + "Permiso y Nombre de Destino deben tener un valor"}, + {"Remove.this.Policy.Entry.", "\u00BFEliminar esta entrada de pol\u00EDtica?"}, + {"Overwrite.File", "Sobrescribir Archivo"}, + {"Policy.successfully.written.to.filename", + "Pol\u00EDtica escrita correctamente en {0}"}, + {"null.filename", "nombre de archivo nulo"}, + {"Save.changes.", "\u00BFGuardar los cambios?"}, + {"Yes", "S\u00ED"}, + {"No", "No"}, + {"Policy.Entry", "Entrada de Pol\u00EDtica"}, + {"Save.Changes", "Guardar Cambios"}, + {"No.Policy.Entry.selected", "No se ha seleccionado la entrada de pol\u00EDtica"}, + {"Unable.to.open.KeyStore.ex.toString.", + "No se ha podido abrir el almac\u00E9n de claves: {0}"}, + {"No.principal.selected", "No se ha seleccionado un principal"}, + {"No.permission.selected", "No se ha seleccionado un permiso"}, + {"name", "nombre"}, + {"configuration.type", "tipo de configuraci\u00F3n"}, + {"environment.variable.name", "nombre de variable de entorno"}, + {"library.name", "nombre de la biblioteca"}, + {"package.name", "nombre del paquete"}, + {"policy.type", "tipo de pol\u00EDtica"}, + {"property.name", "nombre de la propiedad"}, + {"provider.name", "nombre del proveedor"}, + {"Principal.List", "Lista de Principales"}, + {"Permission.List", "Lista de Permisos"}, + {"Code.Base", "Base de C\u00F3digo"}, + {"KeyStore.U.R.L.", "URL de Almac\u00E9n de Claves:"}, + {"KeyStore.Password.U.R.L.", "URL de Contrase\u00F1a de Almac\u00E9n de Claves:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/policytool/Resources_fr.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.policytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the policytool. + * + */ +public class Resources_fr extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", + "Avertissement\u00A0: il n''existe pas de cl\u00E9 publique pour l''alias {0}. V\u00E9rifiez que le fichier de cl\u00E9s d''acc\u00E8s est correctement configur\u00E9."}, + {"Warning.Class.not.found.class", "Avertissement : classe introuvable - {0}"}, + {"Warning.Invalid.argument.s.for.constructor.arg", + "Avertissement\u00A0: arguments non valides pour le constructeur\u00A0- {0}"}, + {"Illegal.Principal.Type.type", "Type de principal non admis : {0}"}, + {"Illegal.option.option", "Option non admise : {0}"}, + {"Usage.policytool.options.", "Syntaxe : policytool [options]"}, + {".file.file.policy.file.location", + " [-file <file>] emplacement du fichier de r\u00E8gles"}, + {"New", "Nouveau"}, + {"Open", "Ouvrir"}, + {"Save", "Enregistrer"}, + {"Save.As", "Enregistrer sous"}, + {"View.Warning.Log", "Afficher le journal des avertissements"}, + {"Exit", "Quitter"}, + {"Add.Policy.Entry", "Ajouter une r\u00E8gle"}, + {"Edit.Policy.Entry", "Modifier une r\u00E8gle"}, + {"Remove.Policy.Entry", "Enlever une r\u00E8gle"}, + {"Edit", "Modifier"}, + {"Retain", "Conserver"}, + + {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", + "Avertissement : il se peut que le nom de fichier contienne des barres obliques inverses avec caract\u00E8re d'\u00E9chappement. Il n'est pas n\u00E9cessaire d'ajouter un caract\u00E8re d'\u00E9chappement aux barres obliques inverses. (L'outil proc\u00E8de \u00E0 l'\u00E9chappement si n\u00E9cessaire lorsqu'il \u00E9crit le contenu des r\u00E8gles dans la zone de stockage persistant).\n\nCliquez sur Conserver pour garder le nom saisi ou sur Modifier pour le remplacer."}, + + {"Add.Public.Key.Alias", "Ajouter un alias de cl\u00E9 publique"}, + {"Remove.Public.Key.Alias", "Enlever un alias de cl\u00E9 publique"}, + {"File", "Fichier"}, + {"KeyStore", "Fichier de cl\u00E9s"}, + {"Policy.File.", "Fichier de r\u00E8gles :"}, + {"Could.not.open.policy.file.policyFile.e.toString.", + "Impossible d''ouvrir le fichier de r\u00E8gles\u00A0: {0}: {1}"}, + {"Policy.Tool", "Policy Tool"}, + {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", + "Des erreurs se sont produites \u00E0 l'ouverture de la configuration de r\u00E8gles. Pour plus d'informations, consultez le journal des avertissements."}, + {"Error", "Erreur"}, + {"OK", "OK"}, + {"Status", "Statut"}, + {"Warning", "Avertissement"}, + {"Permission.", + "Droit : "}, + {"Principal.Type.", "Type de principal :"}, + {"Principal.Name.", "Nom de principal :"}, + {"Target.Name.", + "Nom de cible : "}, + {"Actions.", + "Actions : "}, + {"OK.to.overwrite.existing.file.filename.", + "Remplacer le fichier existant {0} ?"}, + {"Cancel", "Annuler"}, + {"CodeBase.", "Base de code :"}, + {"SignedBy.", "Sign\u00E9 par :"}, + {"Add.Principal", "Ajouter un principal"}, + {"Edit.Principal", "Modifier un principal"}, + {"Remove.Principal", "Enlever un principal"}, + {"Principals.", "Principaux :"}, + {".Add.Permission", " Ajouter un droit"}, + {".Edit.Permission", " Modifier un droit"}, + {"Remove.Permission", "Enlever un droit"}, + {"Done", "Termin\u00E9"}, + {"KeyStore.URL.", "URL du fichier de cl\u00E9s :"}, + {"KeyStore.Type.", "Type du fichier de cl\u00E9s :"}, + {"KeyStore.Provider.", "Fournisseur du fichier de cl\u00E9s :"}, + {"KeyStore.Password.URL.", "URL du mot de passe du fichier de cl\u00E9s :"}, + {"Principals", "Principaux"}, + {".Edit.Principal.", " Modifier un principal :"}, + {".Add.New.Principal.", " Ajouter un principal :"}, + {"Permissions", "Droits"}, + {".Edit.Permission.", " Modifier un droit :"}, + {".Add.New.Permission.", " Ajouter un droit :"}, + {"Signed.By.", "Sign\u00E9 par :"}, + {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", + "Impossible de sp\u00E9cifier un principal avec une classe g\u00E9n\u00E9rique sans nom g\u00E9n\u00E9rique"}, + {"Cannot.Specify.Principal.without.a.Name", + "Impossible de sp\u00E9cifier un principal sans nom"}, + {"Permission.and.Target.Name.must.have.a.value", + "Le droit et le nom de cible doivent avoir une valeur"}, + {"Remove.this.Policy.Entry.", "Enlever cette r\u00E8gle ?"}, + {"Overwrite.File", "Remplacer le fichier"}, + {"Policy.successfully.written.to.filename", + "R\u00E8gle \u00E9crite dans {0}"}, + {"null.filename", "nom de fichier NULL"}, + {"Save.changes.", "Enregistrer les modifications ?"}, + {"Yes", "Oui"}, + {"No", "Non"}, + {"Policy.Entry", "R\u00E8gle"}, + {"Save.Changes", "Enregistrer les modifications"}, + {"No.Policy.Entry.selected", "Aucune r\u00E8gle s\u00E9lectionn\u00E9e"}, + {"Unable.to.open.KeyStore.ex.toString.", + "Impossible d''ouvrir le fichier de cl\u00E9s d''acc\u00E8s : {0}"}, + {"No.principal.selected", "Aucun principal s\u00E9lectionn\u00E9"}, + {"No.permission.selected", "Aucun droit s\u00E9lectionn\u00E9"}, + {"name", "nom"}, + {"configuration.type", "type de configuration"}, + {"environment.variable.name", "Nom de variable d'environnement"}, + {"library.name", "nom de biblioth\u00E8que"}, + {"package.name", "nom de package"}, + {"policy.type", "type de r\u00E8gle"}, + {"property.name", "nom de propri\u00E9t\u00E9"}, + {"provider.name", "nom du fournisseur"}, + {"Principal.List", "Liste de principaux"}, + {"Permission.List", "Liste de droits"}, + {"Code.Base", "Base de code"}, + {"KeyStore.U.R.L.", "URL du fichier de cl\u00E9s :"}, + {"KeyStore.Password.U.R.L.", "URL du mot de passe du fichier de cl\u00E9s :"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/policytool/Resources_it.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.policytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the policytool. + * + */ +public class Resources_it extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", + "Avvertenza: non esiste una chiave pubblica per l''alias {0}. Verificare che il keystore sia configurato correttamente."}, + {"Warning.Class.not.found.class", "Avvertenza: classe non trovata: {0}"}, + {"Warning.Invalid.argument.s.for.constructor.arg", + "Avvertenza: argomento o argomenti non validi per il costruttore {0}"}, + {"Illegal.Principal.Type.type", "Tipo principal non valido: {0}"}, + {"Illegal.option.option", "Opzione non valida: {0}"}, + {"Usage.policytool.options.", "Uso: policytool [opzioni]"}, + {".file.file.policy.file.location", + " [-file <file>] posizione del file dei criteri"}, + {"New", "Nuovo"}, + {"Open", "Apri"}, + {"Save", "Salva"}, + {"Save.As", "Salva con nome"}, + {"View.Warning.Log", "Visualizza registro avvertenze"}, + {"Exit", "Esci"}, + {"Add.Policy.Entry", "Aggiungi voce dei criteri"}, + {"Edit.Policy.Entry", "Modifica voce dei criteri"}, + {"Remove.Policy.Entry", "Rimuovi voce dei criteri"}, + {"Edit", "Modifica"}, + {"Retain", "Mantieni"}, + + {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", + "Avvertenza: il nome file pu\u00F2 includere barre rovesciate con escape. Non \u00E8 necessario eseguire l'escape delle barre rovesciate (se necessario lo strumento esegue l'escape dei caratteri al momento della scrittura del contenuto dei criteri nell'area di memorizzazione persistente).\n\nFare click su Mantieni per conservare il nome immesso, oppure su Modifica per modificare il nome."}, + + {"Add.Public.Key.Alias", "Aggiungi alias chiave pubblica"}, + {"Remove.Public.Key.Alias", "Rimuovi alias chiave pubblica"}, + {"File", "File"}, + {"KeyStore", "Keystore"}, + {"Policy.File.", "File dei criteri:"}, + {"Could.not.open.policy.file.policyFile.e.toString.", + "Impossibile aprire il file di criteri {0}: {1}"}, + {"Policy.Tool", "Strumento criteri"}, + {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", + "Si sono verificati errori durante l'apertura della configurazione dei criteri. Consultare il registro delle avvertenze per ulteriori informazioni."}, + {"Error", "Errore"}, + {"OK", "OK"}, + {"Status", "Stato"}, + {"Warning", "Avvertenza"}, + {"Permission.", + "Autorizzazione: "}, + {"Principal.Type.", "Tipo principal:"}, + {"Principal.Name.", "Nome principal:"}, + {"Target.Name.", + "Nome destinazione: "}, + {"Actions.", + "Azioni: "}, + {"OK.to.overwrite.existing.file.filename.", + "OK per sovrascrivere il file {0}?"}, + {"Cancel", "Annulla"}, + {"CodeBase.", "CodeBase:"}, + {"SignedBy.", "SignedBy:"}, + {"Add.Principal", "Aggiungi principal"}, + {"Edit.Principal", "Modifica principal"}, + {"Remove.Principal", "Rimuovi principal"}, + {"Principals.", "Principal:"}, + {".Add.Permission", " Aggiungi autorizzazione"}, + {".Edit.Permission", " Modifica autorizzazione"}, + {"Remove.Permission", "Rimuovi autorizzazione"}, + {"Done", "Fine"}, + {"KeyStore.URL.", "URL keystore:"}, + {"KeyStore.Type.", "Tipo keystore:"}, + {"KeyStore.Provider.", "Provider keystore:"}, + {"KeyStore.Password.URL.", "URL password keystore:"}, + {"Principals", "Principal:"}, + {".Edit.Principal.", " Modifica principal:"}, + {".Add.New.Principal.", " Aggiungi nuovo principal:"}, + {"Permissions", "Autorizzazioni"}, + {".Edit.Permission.", " Modifica autorizzazione:"}, + {".Add.New.Permission.", " Aggiungi nuova autorizzazione:"}, + {"Signed.By.", "Firmato da:"}, + {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", + "Impossibile specificare principal con una classe carattere jolly senza un nome carattere jolly"}, + {"Cannot.Specify.Principal.without.a.Name", + "Impossibile specificare principal senza un nome"}, + {"Permission.and.Target.Name.must.have.a.value", + "L'autorizzazione e il nome destinazione non possono essere nulli"}, + {"Remove.this.Policy.Entry.", "Rimuovere questa voce dei criteri?"}, + {"Overwrite.File", "Sovrascrivi file"}, + {"Policy.successfully.written.to.filename", + "I criteri sono stati scritti in {0}"}, + {"null.filename", "nome file nullo"}, + {"Save.changes.", "Salvare le modifiche?"}, + {"Yes", "S\u00EC"}, + {"No", "No"}, + {"Policy.Entry", "Voce dei criteri"}, + {"Save.Changes", "Salva le modifiche"}, + {"No.Policy.Entry.selected", "Nessuna voce dei criteri selezionata"}, + {"Unable.to.open.KeyStore.ex.toString.", + "Impossibile aprire il keystore: {0}"}, + {"No.principal.selected", "Nessun principal selezionato"}, + {"No.permission.selected", "Nessuna autorizzazione selezionata"}, + {"name", "nome"}, + {"configuration.type", "tipo di configurazione"}, + {"environment.variable.name", "nome variabile ambiente"}, + {"library.name", "nome libreria"}, + {"package.name", "nome package"}, + {"policy.type", "tipo di criteri"}, + {"property.name", "nome propriet\u00E0"}, + {"provider.name", "nome provider"}, + {"Principal.List", "Lista principal"}, + {"Permission.List", "Lista autorizzazioni"}, + {"Code.Base", "Codebase"}, + {"KeyStore.U.R.L.", "URL keystore:"}, + {"KeyStore.Password.U.R.L.", "URL password keystore:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/policytool/Resources_ja.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.policytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the policytool. + * + */ +public class Resources_ja extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", + "\u8B66\u544A: \u5225\u540D{0}\u306E\u516C\u958B\u9375\u304C\u5B58\u5728\u3057\u307E\u305B\u3093\u3002\u30AD\u30FC\u30B9\u30C8\u30A2\u304C\u6B63\u3057\u304F\u69CB\u6210\u3055\u308C\u3066\u3044\u308B\u3053\u3068\u3092\u78BA\u8A8D\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, + {"Warning.Class.not.found.class", "\u8B66\u544A: \u30AF\u30E9\u30B9\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: {0}"}, + {"Warning.Invalid.argument.s.for.constructor.arg", + "\u8B66\u544A: \u30B3\u30F3\u30B9\u30C8\u30E9\u30AF\u30BF\u306E\u5F15\u6570\u304C\u7121\u52B9\u3067\u3059: {0}"}, + {"Illegal.Principal.Type.type", "\u4E0D\u6B63\u306A\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u306E\u30BF\u30A4\u30D7: {0}"}, + {"Illegal.option.option", "\u4E0D\u6B63\u306A\u30AA\u30D7\u30B7\u30E7\u30F3: {0}"}, + {"Usage.policytool.options.", "\u4F7F\u7528\u65B9\u6CD5: policytool [options]"}, + {".file.file.policy.file.location", + " [-file <file>] \u30DD\u30EA\u30B7\u30FC\u30FB\u30D5\u30A1\u30A4\u30EB\u306E\u5834\u6240"}, + {"New", "\u65B0\u898F"}, + {"Open", "\u958B\u304F"}, + {"Save", "\u4FDD\u5B58"}, + {"Save.As", "\u5225\u540D\u4FDD\u5B58"}, + {"View.Warning.Log", "\u8B66\u544A\u30ED\u30B0\u306E\u8868\u793A"}, + {"Exit", "\u7D42\u4E86"}, + {"Add.Policy.Entry", "\u30DD\u30EA\u30B7\u30FC\u30FB\u30A8\u30F3\u30C8\u30EA\u306E\u8FFD\u52A0"}, + {"Edit.Policy.Entry", "\u30DD\u30EA\u30B7\u30FC\u30FB\u30A8\u30F3\u30C8\u30EA\u306E\u7DE8\u96C6"}, + {"Remove.Policy.Entry", "\u30DD\u30EA\u30B7\u30FC\u30FB\u30A8\u30F3\u30C8\u30EA\u306E\u524A\u9664"}, + {"Edit", "\u7DE8\u96C6"}, + {"Retain", "\u4FDD\u6301"}, + + {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", + "\u8B66\u544A: \u30D5\u30A1\u30A4\u30EB\u540D\u306B\u30A8\u30B9\u30B1\u30FC\u30D7\u3055\u308C\u305F\u30D0\u30C3\u30AF\u30B9\u30E9\u30C3\u30B7\u30E5\u6587\u5B57\u304C\u542B\u307E\u308C\u3066\u3044\u308B\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002\u30D0\u30C3\u30AF\u30B9\u30E9\u30C3\u30B7\u30E5\u6587\u5B57\u3092\u30A8\u30B9\u30B1\u30FC\u30D7\u3059\u308B\u5FC5\u8981\u306F\u3042\u308A\u307E\u305B\u3093(\u30C4\u30FC\u30EB\u306F\u30DD\u30EA\u30B7\u30FC\u5185\u5BB9\u3092\u6C38\u7D9A\u30B9\u30C8\u30A2\u306B\u66F8\u304D\u8FBC\u3080\u3068\u304D\u306B\u3001\u5FC5\u8981\u306B\u5FDC\u3058\u3066\u6587\u5B57\u3092\u30A8\u30B9\u30B1\u30FC\u30D7\u3057\u307E\u3059)\u3002\n\n\u5165\u529B\u6E08\u306E\u540D\u524D\u3092\u4FDD\u6301\u3059\u308B\u306B\u306F\u300C\u4FDD\u6301\u300D\u3092\u30AF\u30EA\u30C3\u30AF\u3057\u3001\u540D\u524D\u3092\u7DE8\u96C6\u3059\u308B\u306B\u306F\u300C\u7DE8\u96C6\u300D\u3092\u30AF\u30EA\u30C3\u30AF\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, + + {"Add.Public.Key.Alias", "\u516C\u958B\u9375\u306E\u5225\u540D\u306E\u8FFD\u52A0"}, + {"Remove.Public.Key.Alias", "\u516C\u958B\u9375\u306E\u5225\u540D\u3092\u524A\u9664"}, + {"File", "\u30D5\u30A1\u30A4\u30EB"}, + {"KeyStore", "\u30AD\u30FC\u30B9\u30C8\u30A2"}, + {"Policy.File.", "\u30DD\u30EA\u30B7\u30FC\u30FB\u30D5\u30A1\u30A4\u30EB:"}, + {"Could.not.open.policy.file.policyFile.e.toString.", + "\u30DD\u30EA\u30B7\u30FC\u30FB\u30D5\u30A1\u30A4\u30EB\u3092\u958B\u3051\u307E\u305B\u3093\u3067\u3057\u305F: {0}: {1}"}, + {"Policy.Tool", "\u30DD\u30EA\u30B7\u30FC\u30FB\u30C4\u30FC\u30EB"}, + {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", + "\u30DD\u30EA\u30B7\u30FC\u69CB\u6210\u3092\u958B\u304F\u3068\u304D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F\u3002\u8A73\u7D30\u306F\u8B66\u544A\u30ED\u30B0\u3092\u53C2\u7167\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, + {"Error", "\u30A8\u30E9\u30FC"}, + {"OK", "OK"}, + {"Status", "\u72B6\u614B"}, + {"Warning", "\u8B66\u544A"}, + {"Permission.", + "\u30A2\u30AF\u30BB\u30B9\u6A29: "}, + {"Principal.Type.", "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u306E\u30BF\u30A4\u30D7:"}, + {"Principal.Name.", "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u306E\u540D\u524D:"}, + {"Target.Name.", + "\u30BF\u30FC\u30B2\u30C3\u30C8\u540D: "}, + {"Actions.", + "\u30A2\u30AF\u30B7\u30E7\u30F3: "}, + {"OK.to.overwrite.existing.file.filename.", + "\u65E2\u5B58\u306E\u30D5\u30A1\u30A4\u30EB{0}\u306B\u4E0A\u66F8\u304D\u3057\u307E\u3059\u304B\u3002"}, + {"Cancel", "\u53D6\u6D88"}, + {"CodeBase.", "CodeBase:"}, + {"SignedBy.", "SignedBy:"}, + {"Add.Principal", "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u306E\u8FFD\u52A0"}, + {"Edit.Principal", "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u306E\u7DE8\u96C6"}, + {"Remove.Principal", "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u306E\u524A\u9664"}, + {"Principals.", "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB:"}, + {".Add.Permission", " \u30A2\u30AF\u30BB\u30B9\u6A29\u306E\u8FFD\u52A0"}, + {".Edit.Permission", " \u30A2\u30AF\u30BB\u30B9\u6A29\u306E\u7DE8\u96C6"}, + {"Remove.Permission", "\u30A2\u30AF\u30BB\u30B9\u6A29\u306E\u524A\u9664"}, + {"Done", "\u5B8C\u4E86"}, + {"KeyStore.URL.", "\u30AD\u30FC\u30B9\u30C8\u30A2URL:"}, + {"KeyStore.Type.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30BF\u30A4\u30D7:"}, + {"KeyStore.Provider.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30D7\u30ED\u30D0\u30A4\u30C0:"}, + {"KeyStore.Password.URL.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30D1\u30B9\u30EF\u30FC\u30C9URL:"}, + {"Principals", "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB"}, + {".Edit.Principal.", " \u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u306E\u7DE8\u96C6:"}, + {".Add.New.Principal.", " \u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u306E\u65B0\u898F\u8FFD\u52A0:"}, + {"Permissions", "\u30A2\u30AF\u30BB\u30B9\u6A29"}, + {".Edit.Permission.", " \u30A2\u30AF\u30BB\u30B9\u6A29\u306E\u7DE8\u96C6:"}, + {".Add.New.Permission.", " \u65B0\u898F\u30A2\u30AF\u30BB\u30B9\u6A29\u306E\u8FFD\u52A0:"}, + {"Signed.By.", "\u7F72\u540D\u8005:"}, + {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", + "\u30EF\u30A4\u30EB\u30C9\u30AB\u30FC\u30C9\u540D\u306E\u306A\u3044\u30EF\u30A4\u30EB\u30C9\u30AB\u30FC\u30C9\u30FB\u30AF\u30E9\u30B9\u3092\u4F7F\u7528\u3057\u3066\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u3092\u6307\u5B9A\u3059\u308B\u3053\u3068\u306F\u3067\u304D\u307E\u305B\u3093"}, + {"Cannot.Specify.Principal.without.a.Name", + "\u540D\u524D\u3092\u4F7F\u7528\u305B\u305A\u306B\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u3092\u6307\u5B9A\u3059\u308B\u3053\u3068\u306F\u3067\u304D\u307E\u305B\u3093"}, + {"Permission.and.Target.Name.must.have.a.value", + "\u30A2\u30AF\u30BB\u30B9\u6A29\u3068\u30BF\u30FC\u30B2\u30C3\u30C8\u540D\u306F\u3001\u5024\u3092\u4FDD\u6301\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, + {"Remove.this.Policy.Entry.", "\u3053\u306E\u30DD\u30EA\u30B7\u30FC\u30FB\u30A8\u30F3\u30C8\u30EA\u3092\u524A\u9664\u3057\u307E\u3059\u304B\u3002"}, + {"Overwrite.File", "\u30D5\u30A1\u30A4\u30EB\u3092\u4E0A\u66F8\u304D\u3057\u307E\u3059"}, + {"Policy.successfully.written.to.filename", + "\u30DD\u30EA\u30B7\u30FC\u306E{0}\u3078\u306E\u66F8\u8FBC\u307F\u306B\u6210\u529F\u3057\u307E\u3057\u305F"}, + {"null.filename", "\u30D5\u30A1\u30A4\u30EB\u540D\u304Cnull\u3067\u3059"}, + {"Save.changes.", "\u5909\u66F4\u3092\u4FDD\u5B58\u3057\u307E\u3059\u304B\u3002"}, + {"Yes", "\u306F\u3044"}, + {"No", "\u3044\u3044\u3048"}, + {"Policy.Entry", "\u30DD\u30EA\u30B7\u30FC\u30FB\u30A8\u30F3\u30C8\u30EA"}, + {"Save.Changes", "\u5909\u66F4\u3092\u4FDD\u5B58\u3057\u307E\u3059"}, + {"No.Policy.Entry.selected", "\u30DD\u30EA\u30B7\u30FC\u30FB\u30A8\u30F3\u30C8\u30EA\u304C\u9078\u629E\u3055\u308C\u3066\u3044\u307E\u305B\u3093"}, + {"Unable.to.open.KeyStore.ex.toString.", + "\u30AD\u30FC\u30B9\u30C8\u30A2{0}\u3092\u958B\u3051\u307E\u305B\u3093"}, + {"No.principal.selected", "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u304C\u9078\u629E\u3055\u308C\u3066\u3044\u307E\u305B\u3093"}, + {"No.permission.selected", "\u30A2\u30AF\u30BB\u30B9\u6A29\u304C\u9078\u629E\u3055\u308C\u3066\u3044\u307E\u305B\u3093"}, + {"name", "\u540D\u524D"}, + {"configuration.type", "\u69CB\u6210\u30BF\u30A4\u30D7"}, + {"environment.variable.name", "\u74B0\u5883\u5909\u6570\u540D"}, + {"library.name", "\u30E9\u30A4\u30D6\u30E9\u30EA\u540D"}, + {"package.name", "\u30D1\u30C3\u30B1\u30FC\u30B8\u540D"}, + {"policy.type", "\u30DD\u30EA\u30B7\u30FC\u30FB\u30BF\u30A4\u30D7"}, + {"property.name", "\u30D7\u30ED\u30D1\u30C6\u30A3\u540D"}, + {"provider.name", "\u30D7\u30ED\u30D0\u30A4\u30C0\u540D"}, + {"Principal.List", "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u306E\u30EA\u30B9\u30C8"}, + {"Permission.List", "\u30A2\u30AF\u30BB\u30B9\u6A29\u306E\u30EA\u30B9\u30C8"}, + {"Code.Base", "\u30B3\u30FC\u30C9\u30FB\u30D9\u30FC\u30B9"}, + {"KeyStore.U.R.L.", "\u30AD\u30FC\u30B9\u30C8\u30A2U R L:"}, + {"KeyStore.Password.U.R.L.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30D1\u30B9\u30EF\u30FC\u30C9U R L:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/policytool/Resources_ko.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.policytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the policytool. + * + */ +public class Resources_ko extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", + "\uACBD\uACE0: {0} \uBCC4\uCE6D\uC5D0 \uB300\uD55C \uACF5\uC6A9 \uD0A4\uAC00 \uC874\uC7AC\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4. \uD0A4 \uC800\uC7A5\uC18C\uAC00 \uC81C\uB300\uB85C \uAD6C\uC131\uB418\uC5B4 \uC788\uB294\uC9C0 \uD655\uC778\uD558\uC2ED\uC2DC\uC624."}, + {"Warning.Class.not.found.class", "\uACBD\uACE0: \uD074\uB798\uC2A4\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC74C: {0}"}, + {"Warning.Invalid.argument.s.for.constructor.arg", + "\uACBD\uACE0: \uC0DD\uC131\uC790\uC5D0 \uB300\uD574 \uBD80\uC801\uD569\uD55C \uC778\uC218: {0}"}, + {"Illegal.Principal.Type.type", "\uC798\uBABB\uB41C \uC8FC\uCCB4 \uC720\uD615: {0}"}, + {"Illegal.option.option", "\uC798\uBABB\uB41C \uC635\uC158: {0}"}, + {"Usage.policytool.options.", "\uC0AC\uC6A9\uBC95: policytool [options]"}, + {".file.file.policy.file.location", + " [-file <file>] \uC815\uCC45 \uD30C\uC77C \uC704\uCE58"}, + {"New", "\uC0C8\uB85C \uB9CC\uB4E4\uAE30"}, + {"Open", "\uC5F4\uAE30"}, + {"Save", "\uC800\uC7A5"}, + {"Save.As", "\uB2E4\uB978 \uC774\uB984\uC73C\uB85C \uC800\uC7A5"}, + {"View.Warning.Log", "\uACBD\uACE0 \uB85C\uADF8 \uBCF4\uAE30"}, + {"Exit", "\uC885\uB8CC"}, + {"Add.Policy.Entry", "\uC815\uCC45 \uD56D\uBAA9 \uCD94\uAC00"}, + {"Edit.Policy.Entry", "\uC815\uCC45 \uD56D\uBAA9 \uD3B8\uC9D1"}, + {"Remove.Policy.Entry", "\uC815\uCC45 \uD56D\uBAA9 \uC81C\uAC70"}, + {"Edit", "\uD3B8\uC9D1"}, + {"Retain", "\uC720\uC9C0"}, + + {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", + "\uACBD\uACE0: \uD30C\uC77C \uC774\uB984\uC5D0 \uC774\uC2A4\uCF00\uC774\uD504\uB41C \uBC31\uC2AC\uB798\uC2DC \uBB38\uC790\uAC00 \uD3EC\uD568\uB418\uC5C8\uC744 \uC218 \uC788\uC2B5\uB2C8\uB2E4. \uBC31\uC2AC\uB798\uC2DC \uBB38\uC790\uB294 \uC774\uC2A4\uCF00\uC774\uD504\uD560 \uD544\uC694\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4. \uC601\uAD6C \uC800\uC7A5\uC18C\uC5D0 \uC815\uCC45 \uCF58\uD150\uCE20\uB97C \uC4F8 \uB54C \uD544\uC694\uC5D0 \uB530\uB77C \uC790\uB3D9\uC73C\uB85C \uBB38\uC790\uAC00 \uC774\uC2A4\uCF00\uC774\uD504\uB429\uB2C8\uB2E4.\n\n\uC785\uB825\uB41C \uC774\uB984\uC744 \uADF8\uB300\uB85C \uC720\uC9C0\uD558\uB824\uBA74 [\uC720\uC9C0]\uB97C \uB204\uB974\uACE0, \uC774\uB984\uC744 \uD3B8\uC9D1\uD558\uB824\uBA74 [\uD3B8\uC9D1]\uC744 \uB204\uB974\uC2ED\uC2DC\uC624."}, + + {"Add.Public.Key.Alias", "\uACF5\uC6A9 \uD0A4 \uBCC4\uCE6D \uCD94\uAC00"}, + {"Remove.Public.Key.Alias", "\uACF5\uC6A9 \uD0A4 \uBCC4\uCE6D \uC81C\uAC70"}, + {"File", "\uD30C\uC77C"}, + {"KeyStore", "\uD0A4 \uC800\uC7A5\uC18C"}, + {"Policy.File.", "\uC815\uCC45 \uD30C\uC77C:"}, + {"Could.not.open.policy.file.policyFile.e.toString.", + "\uC815\uCC45 \uD30C\uC77C\uC744 \uC5F4 \uC218 \uC5C6\uC74C: {0}: {1}"}, + {"Policy.Tool", "\uC815\uCC45 \uD234"}, + {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", + "\uC815\uCC45 \uAD6C\uC131\uC744 \uC5EC\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. \uC790\uC138\uD55C \uB0B4\uC6A9\uC740 \uACBD\uACE0 \uB85C\uADF8\uB97C \uD655\uC778\uD558\uC2ED\uC2DC\uC624."}, + {"Error", "\uC624\uB958"}, + {"OK", "\uD655\uC778"}, + {"Status", "\uC0C1\uD0DC"}, + {"Warning", "\uACBD\uACE0"}, + {"Permission.", + "\uAD8C\uD55C: "}, + {"Principal.Type.", "\uC8FC\uCCB4 \uC720\uD615:"}, + {"Principal.Name.", "\uC8FC\uCCB4 \uC774\uB984:"}, + {"Target.Name.", + "\uB300\uC0C1 \uC774\uB984: "}, + {"Actions.", + "\uC791\uC5C5: "}, + {"OK.to.overwrite.existing.file.filename.", + "\uAE30\uC874 \uD30C\uC77C {0}\uC744(\uB97C) \uACB9\uCCD0 \uC4F0\uACA0\uC2B5\uB2C8\uAE4C?"}, + {"Cancel", "\uCDE8\uC18C"}, + {"CodeBase.", "CodeBase:"}, + {"SignedBy.", "SignedBy:"}, + {"Add.Principal", "\uC8FC\uCCB4 \uCD94\uAC00"}, + {"Edit.Principal", "\uC8FC\uCCB4 \uD3B8\uC9D1"}, + {"Remove.Principal", "\uC8FC\uCCB4 \uC81C\uAC70"}, + {"Principals.", "\uC8FC\uCCB4:"}, + {".Add.Permission", " \uAD8C\uD55C \uCD94\uAC00"}, + {".Edit.Permission", " \uAD8C\uD55C \uD3B8\uC9D1"}, + {"Remove.Permission", "\uAD8C\uD55C \uC81C\uAC70"}, + {"Done", "\uC644\uB8CC"}, + {"KeyStore.URL.", "\uD0A4 \uC800\uC7A5\uC18C URL:"}, + {"KeyStore.Type.", "\uD0A4 \uC800\uC7A5\uC18C \uC720\uD615:"}, + {"KeyStore.Provider.", "\uD0A4 \uC800\uC7A5\uC18C \uC81C\uACF5\uC790:"}, + {"KeyStore.Password.URL.", "\uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638 URL:"}, + {"Principals", "\uC8FC\uCCB4"}, + {".Edit.Principal.", " \uC8FC\uCCB4 \uD3B8\uC9D1:"}, + {".Add.New.Principal.", " \uC0C8 \uC8FC\uCCB4 \uCD94\uAC00:"}, + {"Permissions", "\uAD8C\uD55C"}, + {".Edit.Permission.", " \uAD8C\uD55C \uD3B8\uC9D1:"}, + {".Add.New.Permission.", " \uC0C8 \uAD8C\uD55C \uCD94\uAC00:"}, + {"Signed.By.", "\uC11C\uBA85\uC790:"}, + {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", + "\uC640\uC77C\uB4DC \uCE74\uB4DC \uBB38\uC790 \uC774\uB984 \uC5C6\uC774 \uC640\uC77C\uB4DC \uCE74\uB4DC \uBB38\uC790 \uD074\uB798\uC2A4\uB97C \uC0AC\uC6A9\uD558\uB294 \uC8FC\uCCB4\uB97C \uC9C0\uC815\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."}, + {"Cannot.Specify.Principal.without.a.Name", + "\uC774\uB984 \uC5C6\uC774 \uC8FC\uCCB4\uB97C \uC9C0\uC815\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."}, + {"Permission.and.Target.Name.must.have.a.value", + "\uAD8C\uD55C\uACFC \uB300\uC0C1 \uC774\uB984\uC758 \uAC12\uC774 \uC788\uC5B4\uC57C \uD569\uB2C8\uB2E4."}, + {"Remove.this.Policy.Entry.", "\uC774 \uC815\uCC45 \uD56D\uBAA9\uC744 \uC81C\uAC70\uD558\uACA0\uC2B5\uB2C8\uAE4C?"}, + {"Overwrite.File", "\uD30C\uC77C \uACB9\uCCD0\uC4F0\uAE30"}, + {"Policy.successfully.written.to.filename", + "{0}\uC5D0 \uC131\uACF5\uC801\uC73C\uB85C \uC815\uCC45\uC744 \uC37C\uC2B5\uB2C8\uB2E4."}, + {"null.filename", "\uB110 \uD30C\uC77C \uC774\uB984"}, + {"Save.changes.", "\uBCC0\uACBD \uC0AC\uD56D\uC744 \uC800\uC7A5\uD558\uACA0\uC2B5\uB2C8\uAE4C?"}, + {"Yes", "\uC608"}, + {"No", "\uC544\uB2C8\uC624"}, + {"Policy.Entry", "\uC815\uCC45 \uD56D\uBAA9"}, + {"Save.Changes", "\uBCC0\uACBD \uC0AC\uD56D \uC800\uC7A5"}, + {"No.Policy.Entry.selected", "\uC120\uD0DD\uB41C \uC815\uCC45 \uD56D\uBAA9\uC774 \uC5C6\uC2B5\uB2C8\uB2E4."}, + {"Unable.to.open.KeyStore.ex.toString.", + "\uD0A4 \uC800\uC7A5\uC18C\uB97C \uC5F4 \uC218 \uC5C6\uC74C: {0}"}, + {"No.principal.selected", "\uC120\uD0DD\uB41C \uC8FC\uCCB4\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4."}, + {"No.permission.selected", "\uC120\uD0DD\uB41C \uAD8C\uD55C\uC774 \uC5C6\uC2B5\uB2C8\uB2E4."}, + {"name", "\uC774\uB984"}, + {"configuration.type", "\uAD6C\uC131 \uC720\uD615"}, + {"environment.variable.name", "\uD658\uACBD \uBCC0\uC218 \uC774\uB984"}, + {"library.name", "\uB77C\uC774\uBE0C\uB7EC\uB9AC \uC774\uB984"}, + {"package.name", "\uD328\uD0A4\uC9C0 \uC774\uB984"}, + {"policy.type", "\uC815\uCC45 \uC720\uD615"}, + {"property.name", "\uC18D\uC131 \uC774\uB984"}, + {"provider.name", "\uC81C\uACF5\uC790 \uC774\uB984"}, + {"Principal.List", "\uC8FC\uCCB4 \uBAA9\uB85D"}, + {"Permission.List", "\uAD8C\uD55C \uBAA9\uB85D"}, + {"Code.Base", "\uCF54\uB4DC \uBCA0\uC774\uC2A4"}, + {"KeyStore.U.R.L.", "\uD0A4 \uC800\uC7A5\uC18C URL:"}, + {"KeyStore.Password.U.R.L.", "\uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638 URL:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/policytool/Resources_pt_BR.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.policytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the policytool. + * + */ +public class Resources_pt_BR extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", + "Advert\u00EAncia: N\u00E3o existe uma chave p\u00FAblica para o alias {0}. Certifique-se de que um KeyStore esteja configurado adequadamente."}, + {"Warning.Class.not.found.class", "Advert\u00EAncia: Classe n\u00E3o encontrada: {0}"}, + {"Warning.Invalid.argument.s.for.constructor.arg", + "Advert\u00EAncia: Argumento(s) inv\u00E1lido(s) para o construtor: {0}"}, + {"Illegal.Principal.Type.type", "Tipo Principal Inv\u00E1lido: {0}"}, + {"Illegal.option.option", "Op\u00E7\u00E3o inv\u00E1lida: {0}"}, + {"Usage.policytool.options.", "Uso: policytool [op\u00E7\u00F5es]"}, + {".file.file.policy.file.location", + " [-file <arquivo>] localiza\u00E7\u00E3o do arquivo de pol\u00EDtica"}, + {"New", "Novo"}, + {"Open", "Abrir"}, + {"Save", "Salvar"}, + {"Save.As", "Salvar Como"}, + {"View.Warning.Log", "Exibir Log de Advert\u00EAncias"}, + {"Exit", "Sair"}, + {"Add.Policy.Entry", "Adicionar Entrada de Pol\u00EDtica"}, + {"Edit.Policy.Entry", "Editar Entrada de Pol\u00EDtica"}, + {"Remove.Policy.Entry", "Remover Entrada de Pol\u00EDtica"}, + {"Edit", "Editar"}, + {"Retain", "Reter"}, + + {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", + "Advert\u00EAncia: O nome do arquivo pode conter caracteres de escape barra invertida. N\u00E3o \u00E9 necess\u00E1rio fazer o escape dos caracteres de barra invertida (a ferramenta faz o escape dos caracteres conforme necess\u00E1rio ao gravar o conte\u00FAdo da pol\u00EDtica no armazenamento persistente).\n\nClique em Reter para reter o nome da entrada ou clique em Editar para edit\u00E1-lo."}, + + {"Add.Public.Key.Alias", "Adicionar Alias de Chave P\u00FAblica"}, + {"Remove.Public.Key.Alias", "Remover Alias de Chave P\u00FAblica"}, + {"File", "Arquivo"}, + {"KeyStore", "KeyStore"}, + {"Policy.File.", "Arquivo de Pol\u00EDtica:"}, + {"Could.not.open.policy.file.policyFile.e.toString.", + "N\u00E3o foi poss\u00EDvel abrir o arquivo de pol\u00EDtica: {0}: {1}"}, + {"Policy.Tool", "Ferramenta de Pol\u00EDtica"}, + {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", + "Erros durante a abertura da configura\u00E7\u00E3o da pol\u00EDtica. Consulte o Log de Advert\u00EAncias para obter mais informa\u00E7\u00F5es."}, + {"Error", "Erro"}, + {"OK", "OK"}, + {"Status", "Status"}, + {"Warning", "Advert\u00EAncia"}, + {"Permission.", + "Permiss\u00E3o: "}, + {"Principal.Type.", "Tipo do Principal:"}, + {"Principal.Name.", "Nome do Principal:"}, + {"Target.Name.", + "Nome do Alvo: "}, + {"Actions.", + "A\u00E7\u00F5es: "}, + {"OK.to.overwrite.existing.file.filename.", + "Est\u00E1 correto substituir o arquivo existente {0}?"}, + {"Cancel", "Cancelar"}, + {"CodeBase.", "CodeBase:"}, + {"SignedBy.", "SignedBy:"}, + {"Add.Principal", "Adicionar Principal"}, + {"Edit.Principal", "Editar Principal"}, + {"Remove.Principal", "Remover Principal"}, + {"Principals.", "Principais:"}, + {".Add.Permission", " Adicionar Permiss\u00E3o"}, + {".Edit.Permission", " Editar Permiss\u00E3o"}, + {"Remove.Permission", "Remover Permiss\u00E3o"}, + {"Done", "Conclu\u00EDdo"}, + {"KeyStore.URL.", "URL do KeyStore:"}, + {"KeyStore.Type.", "Tipo de KeyStore:"}, + {"KeyStore.Provider.", "Fornecedor de KeyStore:"}, + {"KeyStore.Password.URL.", "URL da Senha do KeyStore:"}, + {"Principals", "Principais"}, + {".Edit.Principal.", " Editar Principal:"}, + {".Add.New.Principal.", " Adicionar Novo Principal:"}, + {"Permissions", "Permiss\u00F5es"}, + {".Edit.Permission.", " Editar Permiss\u00E3o:"}, + {".Add.New.Permission.", " Adicionar Nova Permiss\u00E3o:"}, + {"Signed.By.", "Assinado por:"}, + {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", + "N\u00E3o \u00E9 Poss\u00EDvel Especificar um Principal com uma Classe de Curinga sem um Nome de Curinga"}, + {"Cannot.Specify.Principal.without.a.Name", + "N\u00E3o \u00E9 Poss\u00EDvel Especificar um Principal sem um Nome"}, + {"Permission.and.Target.Name.must.have.a.value", + "O Nome de Destino e a Permiss\u00E3o devem ter um Valor"}, + {"Remove.this.Policy.Entry.", "Remover esta Entrada de Pol\u00EDtica?"}, + {"Overwrite.File", "Substituir Arquivo"}, + {"Policy.successfully.written.to.filename", + "Pol\u00EDtica gravada com \u00EAxito em {0}"}, + {"null.filename", "nome de arquivo nulo"}, + {"Save.changes.", "Salvar altera\u00E7\u00F5es?"}, + {"Yes", "Sim"}, + {"No", "N\u00E3o"}, + {"Policy.Entry", "Entrada de Pol\u00EDtica"}, + {"Save.Changes", "Salvar Altera\u00E7\u00F5es"}, + {"No.Policy.Entry.selected", "Nenhuma Entrada de Pol\u00EDtica Selecionada"}, + {"Unable.to.open.KeyStore.ex.toString.", + "N\u00E3o \u00E9 poss\u00EDvel abrir a KeyStore: {0}"}, + {"No.principal.selected", "Nenhum principal selecionado"}, + {"No.permission.selected", "Nenhuma permiss\u00E3o selecionada"}, + {"name", "nome"}, + {"configuration.type", "tipo de configura\u00E7\u00E3o"}, + {"environment.variable.name", "nome da vari\u00E1vel de ambiente"}, + {"library.name", "nome da biblioteca"}, + {"package.name", "nome do pacote"}, + {"policy.type", "tipo de pol\u00EDtica"}, + {"property.name", "nome da propriedade"}, + {"provider.name", "nome do fornecedor"}, + {"Principal.List", "Lista de Principais"}, + {"Permission.List", "Lista de Permiss\u00F5es"}, + {"Code.Base", "Base de C\u00F3digo"}, + {"KeyStore.U.R.L.", "U R L da KeyStore:"}, + {"KeyStore.Password.U.R.L.", "U R L da Senha do KeyStore:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/policytool/Resources_sv.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.policytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the policytool. + * + */ +public class Resources_sv extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", + "Varning! Det finns ingen offentlig nyckel f\u00F6r aliaset {0}. Kontrollera att det aktuella nyckellagret \u00E4r korrekt konfigurerat."}, + {"Warning.Class.not.found.class", "Varning! Klassen hittades inte: {0}"}, + {"Warning.Invalid.argument.s.for.constructor.arg", + "Varning! Ogiltiga argument f\u00F6r konstruktor: {0}"}, + {"Illegal.Principal.Type.type", "Otill\u00E5ten identitetshavaretyp: {0}"}, + {"Illegal.option.option", "Otill\u00E5tet alternativ: {0}"}, + {"Usage.policytool.options.", "Syntax: policytool [alternativ]"}, + {".file.file.policy.file.location", + " [-file <fil>] policyfilens plats"}, + {"New", "Nytt"}, + {"Open", "\u00D6ppna"}, + {"Save", "Spara"}, + {"Save.As", "Spara som"}, + {"View.Warning.Log", "Visa varningslogg"}, + {"Exit", "Avsluta"}, + {"Add.Policy.Entry", "L\u00E4gg till policypost"}, + {"Edit.Policy.Entry", "Redigera policypost"}, + {"Remove.Policy.Entry", "Ta bort policypost"}, + {"Edit", "Redigera"}, + {"Retain", "Beh\u00E5ll"}, + + {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", + "Varning! Filnamnet kan inneh\u00E5lla omv\u00E4nda snedstreck inom citattecken. Citattecken kr\u00E4vs inte f\u00F6r omv\u00E4nda snedstreck (verktyget hanterar detta n\u00E4r policyinneh\u00E5llet skrivs till det best\u00E4ndiga lagret).\n\nKlicka p\u00E5 Beh\u00E5ll f\u00F6r att beh\u00E5lla det angivna namnet, eller klicka p\u00E5 Redigera f\u00F6r att \u00E4ndra det."}, + + {"Add.Public.Key.Alias", "L\u00E4gg till offentligt nyckelalias"}, + {"Remove.Public.Key.Alias", "Ta bort offentligt nyckelalias"}, + {"File", "Fil"}, + {"KeyStore", "Nyckellager"}, + {"Policy.File.", "Policyfil:"}, + {"Could.not.open.policy.file.policyFile.e.toString.", + "Kan inte \u00F6ppna policyfilen: {0}: {1}"}, + {"Policy.Tool", "Policyverktyg"}, + {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", + "Det uppstod ett fel n\u00E4r policykonfigurationen skulle \u00F6ppnas. Se varningsloggen f\u00F6r mer information."}, + {"Error", "Fel"}, + {"OK", "OK"}, + {"Status", "Status"}, + {"Warning", "Varning"}, + {"Permission.", + "Beh\u00F6righet: "}, + {"Principal.Type.", "Identitetshavaretyp:"}, + {"Principal.Name.", "Identitetshavare:"}, + {"Target.Name.", + "M\u00E5l: "}, + {"Actions.", + "Funktioner: "}, + {"OK.to.overwrite.existing.file.filename.", + "Ska den befintliga filen {0} skrivas \u00F6ver?"}, + {"Cancel", "Avbryt"}, + {"CodeBase.", "Kodbas:"}, + {"SignedBy.", "Signerad av:"}, + {"Add.Principal", "L\u00E4gg till identitetshavare"}, + {"Edit.Principal", "Redigera identitetshavare"}, + {"Remove.Principal", "Ta bort identitetshavare"}, + {"Principals.", "Identitetshavare:"}, + {".Add.Permission", " L\u00E4gg till beh\u00F6righet"}, + {".Edit.Permission", " Redigera beh\u00F6righet"}, + {"Remove.Permission", "Ta bort beh\u00F6righet"}, + {"Done", "Utf\u00F6rd"}, + {"KeyStore.URL.", "URL f\u00F6r nyckellager:"}, + {"KeyStore.Type.", "Nyckellagertyp:"}, + {"KeyStore.Provider.", "Nyckellagerleverant\u00F6r:"}, + {"KeyStore.Password.URL.", "URL f\u00F6r l\u00F6senord till nyckellager:"}, + {"Principals", "Identitetshavare"}, + {".Edit.Principal.", " Redigera identitetshavare:"}, + {".Add.New.Principal.", " L\u00E4gg till ny identitetshavare:"}, + {"Permissions", "Beh\u00F6righet"}, + {".Edit.Permission.", " Redigera beh\u00F6righet:"}, + {".Add.New.Permission.", " L\u00E4gg till ny beh\u00F6righet:"}, + {"Signed.By.", "Signerad av:"}, + {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", + "Kan inte specificera identitetshavare med jokerteckenklass utan jokerteckennamn"}, + {"Cannot.Specify.Principal.without.a.Name", + "Kan inte specificera identitetshavare utan namn"}, + {"Permission.and.Target.Name.must.have.a.value", + "Beh\u00F6righet och m\u00E5lnamn m\u00E5ste ha ett v\u00E4rde"}, + {"Remove.this.Policy.Entry.", "Vill du ta bort den h\u00E4r policyposten?"}, + {"Overwrite.File", "Skriv \u00F6ver fil"}, + {"Policy.successfully.written.to.filename", + "Policy har skrivits till {0}"}, + {"null.filename", "nullfilnamn"}, + {"Save.changes.", "Vill du spara \u00E4ndringarna?"}, + {"Yes", "Ja"}, + {"No", "Nej"}, + {"Policy.Entry", "Policyfel"}, + {"Save.Changes", "Spara \u00E4ndringar"}, + {"No.Policy.Entry.selected", "Ingen policypost har valts"}, + {"Unable.to.open.KeyStore.ex.toString.", + "Kan inte \u00F6ppna nyckellagret: {0}"}, + {"No.principal.selected", "Ingen identitetshavare har valts"}, + {"No.permission.selected", "Ingen beh\u00F6righet har valts"}, + {"name", "namn"}, + {"configuration.type", "konfigurationstyp"}, + {"environment.variable.name", "variabelnamn f\u00F6r milj\u00F6"}, + {"library.name", "biblioteksnamn"}, + {"package.name", "paketnamn"}, + {"policy.type", "policytyp"}, + {"property.name", "egenskapsnamn"}, + {"provider.name", "leverant\u00F6rsnamn"}, + {"Principal.List", "Lista \u00F6ver identitetshavare"}, + {"Permission.List", "Beh\u00F6righetslista"}, + {"Code.Base", "Kodbas"}, + {"KeyStore.U.R.L.", "URL f\u00F6r nyckellager:"}, + {"KeyStore.Password.U.R.L.", "URL f\u00F6r l\u00F6senord till nyckellager:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/policytool/Resources_zh_CN.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.policytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the policytool. + * + */ +public class Resources_zh_CN extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", + "\u8B66\u544A: \u522B\u540D {0} \u7684\u516C\u5171\u5BC6\u94A5\u4E0D\u5B58\u5728\u3002\u8BF7\u786E\u4FDD\u5DF2\u6B63\u786E\u914D\u7F6E\u5BC6\u94A5\u5E93\u3002"}, + {"Warning.Class.not.found.class", "\u8B66\u544A: \u627E\u4E0D\u5230\u7C7B: {0}"}, + {"Warning.Invalid.argument.s.for.constructor.arg", + "\u8B66\u544A: \u6784\u9020\u5668\u7684\u53C2\u6570\u65E0\u6548: {0}"}, + {"Illegal.Principal.Type.type", "\u975E\u6CD5\u7684\u4E3B\u7528\u6237\u7C7B\u578B: {0}"}, + {"Illegal.option.option", "\u975E\u6CD5\u9009\u9879: {0}"}, + {"Usage.policytool.options.", "\u7528\u6CD5: policytool [\u9009\u9879]"}, + {".file.file.policy.file.location", + " [-file <file>] \u7B56\u7565\u6587\u4EF6\u4F4D\u7F6E"}, + {"New", "\u65B0\u5EFA"}, + {"Open", "\u6253\u5F00"}, + {"Save", "\u4FDD\u5B58"}, + {"Save.As", "\u53E6\u5B58\u4E3A"}, + {"View.Warning.Log", "\u67E5\u770B\u8B66\u544A\u65E5\u5FD7"}, + {"Exit", "\u9000\u51FA"}, + {"Add.Policy.Entry", "\u6DFB\u52A0\u7B56\u7565\u6761\u76EE"}, + {"Edit.Policy.Entry", "\u7F16\u8F91\u7B56\u7565\u6761\u76EE"}, + {"Remove.Policy.Entry", "\u5220\u9664\u7B56\u7565\u6761\u76EE"}, + {"Edit", "\u7F16\u8F91"}, + {"Retain", "\u4FDD\u7559"}, + + {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", + "\u8B66\u544A: \u6587\u4EF6\u540D\u5305\u542B\u8F6C\u4E49\u7684\u53CD\u659C\u6760\u5B57\u7B26\u3002\u4E0D\u9700\u8981\u5BF9\u53CD\u659C\u6760\u5B57\u7B26\u8FDB\u884C\u8F6C\u4E49 (\u8BE5\u5DE5\u5177\u5728\u5C06\u7B56\u7565\u5185\u5BB9\u5199\u5165\u6C38\u4E45\u5B58\u50A8\u65F6\u4F1A\u6839\u636E\u9700\u8981\u5BF9\u5B57\u7B26\u8FDB\u884C\u8F6C\u4E49)\u3002\n\n\u5355\u51FB\u201C\u4FDD\u7559\u201D\u53EF\u4FDD\u7559\u8F93\u5165\u7684\u540D\u79F0, \u6216\u8005\u5355\u51FB\u201C\u7F16\u8F91\u201D\u53EF\u7F16\u8F91\u8BE5\u540D\u79F0\u3002"}, + + {"Add.Public.Key.Alias", "\u6DFB\u52A0\u516C\u5171\u5BC6\u94A5\u522B\u540D"}, + {"Remove.Public.Key.Alias", "\u5220\u9664\u516C\u5171\u5BC6\u94A5\u522B\u540D"}, + {"File", "\u6587\u4EF6"}, + {"KeyStore", "\u5BC6\u94A5\u5E93"}, + {"Policy.File.", "\u7B56\u7565\u6587\u4EF6:"}, + {"Could.not.open.policy.file.policyFile.e.toString.", + "\u65E0\u6CD5\u6253\u5F00\u7B56\u7565\u6587\u4EF6: {0}: {1}"}, + {"Policy.Tool", "\u7B56\u7565\u5DE5\u5177"}, + {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", + "\u6253\u5F00\u7B56\u7565\u914D\u7F6E\u65F6\u51FA\u9519\u3002\u6709\u5173\u8BE6\u7EC6\u4FE1\u606F, \u8BF7\u67E5\u770B\u8B66\u544A\u65E5\u5FD7\u3002"}, + {"Error", "\u9519\u8BEF"}, + {"OK", "\u786E\u5B9A"}, + {"Status", "\u72B6\u6001"}, + {"Warning", "\u8B66\u544A"}, + {"Permission.", + "\u6743\u9650: "}, + {"Principal.Type.", "\u4E3B\u7528\u6237\u7C7B\u578B:"}, + {"Principal.Name.", "\u4E3B\u7528\u6237\u540D\u79F0:"}, + {"Target.Name.", + "\u76EE\u6807\u540D\u79F0: "}, + {"Actions.", + "\u64CD\u4F5C: "}, + {"OK.to.overwrite.existing.file.filename.", + "\u786E\u8BA4\u8986\u76D6\u73B0\u6709\u7684\u6587\u4EF6{0}?"}, + {"Cancel", "\u53D6\u6D88"}, + {"CodeBase.", "CodeBase:"}, + {"SignedBy.", "SignedBy:"}, + {"Add.Principal", "\u6DFB\u52A0\u4E3B\u7528\u6237"}, + {"Edit.Principal", "\u7F16\u8F91\u4E3B\u7528\u6237"}, + {"Remove.Principal", "\u5220\u9664\u4E3B\u7528\u6237"}, + {"Principals.", "\u4E3B\u7528\u6237:"}, + {".Add.Permission", " \u6DFB\u52A0\u6743\u9650"}, + {".Edit.Permission", " \u7F16\u8F91\u6743\u9650"}, + {"Remove.Permission", "\u5220\u9664\u6743\u9650"}, + {"Done", "\u5B8C\u6210"}, + {"KeyStore.URL.", "\u5BC6\u94A5\u5E93 URL:"}, + {"KeyStore.Type.", "\u5BC6\u94A5\u5E93\u7C7B\u578B:"}, + {"KeyStore.Provider.", "\u5BC6\u94A5\u5E93\u63D0\u4F9B\u65B9:"}, + {"KeyStore.Password.URL.", "\u5BC6\u94A5\u5E93\u53E3\u4EE4 URL:"}, + {"Principals", "\u4E3B\u7528\u6237"}, + {".Edit.Principal.", " \u7F16\u8F91\u4E3B\u7528\u6237:"}, + {".Add.New.Principal.", " \u6DFB\u52A0\u65B0\u4E3B\u7528\u6237:"}, + {"Permissions", "\u6743\u9650"}, + {".Edit.Permission.", " \u7F16\u8F91\u6743\u9650:"}, + {".Add.New.Permission.", " \u52A0\u5165\u65B0\u7684\u6743\u9650:"}, + {"Signed.By.", "\u7B7E\u7F72\u4EBA: "}, + {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", + "\u6CA1\u6709\u901A\u914D\u7B26\u540D\u79F0, \u65E0\u6CD5\u4F7F\u7528\u901A\u914D\u7B26\u7C7B\u6307\u5B9A\u4E3B\u7528\u6237"}, + {"Cannot.Specify.Principal.without.a.Name", + "\u6CA1\u6709\u540D\u79F0, \u65E0\u6CD5\u6307\u5B9A\u4E3B\u7528\u6237"}, + {"Permission.and.Target.Name.must.have.a.value", + "\u6743\u9650\u53CA\u76EE\u6807\u540D\u5FC5\u987B\u6709\u4E00\u4E2A\u503C"}, + {"Remove.this.Policy.Entry.", "\u662F\u5426\u5220\u9664\u6B64\u7B56\u7565\u6761\u76EE?"}, + {"Overwrite.File", "\u8986\u76D6\u6587\u4EF6"}, + {"Policy.successfully.written.to.filename", + "\u7B56\u7565\u5DF2\u6210\u529F\u5199\u5165\u5230{0}"}, + {"null.filename", "\u7A7A\u6587\u4EF6\u540D"}, + {"Save.changes.", "\u662F\u5426\u4FDD\u5B58\u6240\u505A\u7684\u66F4\u6539?"}, + {"Yes", "\u662F"}, + {"No", "\u5426"}, + {"Policy.Entry", "\u7B56\u7565\u6761\u76EE"}, + {"Save.Changes", "\u4FDD\u5B58\u66F4\u6539"}, + {"No.Policy.Entry.selected", "\u6CA1\u6709\u9009\u62E9\u7B56\u7565\u6761\u76EE"}, + {"Unable.to.open.KeyStore.ex.toString.", + "\u65E0\u6CD5\u6253\u5F00\u5BC6\u94A5\u5E93: {0}"}, + {"No.principal.selected", "\u672A\u9009\u62E9\u4E3B\u7528\u6237"}, + {"No.permission.selected", "\u6CA1\u6709\u9009\u62E9\u6743\u9650"}, + {"name", "\u540D\u79F0"}, + {"configuration.type", "\u914D\u7F6E\u7C7B\u578B"}, + {"environment.variable.name", "\u73AF\u5883\u53D8\u91CF\u540D"}, + {"library.name", "\u5E93\u540D\u79F0"}, + {"package.name", "\u7A0B\u5E8F\u5305\u540D\u79F0"}, + {"policy.type", "\u7B56\u7565\u7C7B\u578B"}, + {"property.name", "\u5C5E\u6027\u540D\u79F0"}, + {"provider.name", "\u63D0\u4F9B\u65B9\u540D\u79F0"}, + {"Principal.List", "\u4E3B\u7528\u6237\u5217\u8868"}, + {"Permission.List", "\u6743\u9650\u5217\u8868"}, + {"Code.Base", "\u4EE3\u7801\u5E93"}, + {"KeyStore.U.R.L.", "\u5BC6\u94A5\u5E93 URL:"}, + {"KeyStore.Password.U.R.L.", "\u5BC6\u94A5\u5E93\u53E3\u4EE4 URL:"}, + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/policytool/Resources_zh_HK.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.policytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the policytool. + * + */ +public class Resources_zh_HK extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", + "\u8B66\u544A: \u5225\u540D {0} \u7684\u516C\u958B\u91D1\u9470\u4E0D\u5B58\u5728\u3002\u8ACB\u78BA\u5B9A\u91D1\u9470\u5132\u5B58\u5EAB\u914D\u7F6E\u6B63\u78BA\u3002"}, + {"Warning.Class.not.found.class", "\u8B66\u544A: \u627E\u4E0D\u5230\u985E\u5225 {0}"}, + {"Warning.Invalid.argument.s.for.constructor.arg", + "\u8B66\u544A: \u7121\u6548\u7684\u5EFA\u69CB\u5B50\u5F15\u6578: {0}"}, + {"Illegal.Principal.Type.type", "\u7121\u6548\u7684 Principal \u985E\u578B: {0}"}, + {"Illegal.option.option", "\u7121\u6548\u7684\u9078\u9805: {0}"}, + {"Usage.policytool.options.", "\u7528\u6CD5: policytool [options]"}, + {".file.file.policy.file.location", + " [-file <file>] \u539F\u5247\u6A94\u6848\u4F4D\u7F6E"}, + {"New", "\u65B0\u589E"}, + {"Open", "\u958B\u555F"}, + {"Save", "\u5132\u5B58"}, + {"Save.As", "\u53E6\u5B58\u65B0\u6A94"}, + {"View.Warning.Log", "\u6AA2\u8996\u8B66\u544A\u8A18\u9304"}, + {"Exit", "\u7D50\u675F"}, + {"Add.Policy.Entry", "\u65B0\u589E\u539F\u5247\u9805\u76EE"}, + {"Edit.Policy.Entry", "\u7DE8\u8F2F\u539F\u5247\u9805\u76EE"}, + {"Remove.Policy.Entry", "\u79FB\u9664\u539F\u5247\u9805\u76EE"}, + {"Edit", "\u7DE8\u8F2F"}, + {"Retain", "\u4FDD\u7559"}, + + {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", + "\u8B66\u544A: \u6A94\u6848\u540D\u7A31\u5305\u542B\u9041\u96E2\u53CD\u659C\u7DDA\u5B57\u5143\u3002\u4E0D\u9700\u8981\u9041\u96E2\u53CD\u659C\u7DDA\u5B57\u5143 (\u64B0\u5BEB\u539F\u5247\u5167\u5BB9\u81F3\u6C38\u4E45\u5B58\u653E\u5340\u6642\u9700\u8981\u5DE5\u5177\u9041\u96E2\u5B57\u5143)\u3002\n\n\u6309\u4E00\u4E0B\u300C\u4FDD\u7559\u300D\u4EE5\u4FDD\u7559\u8F38\u5165\u7684\u540D\u7A31\uFF0C\u6216\u6309\u4E00\u4E0B\u300C\u7DE8\u8F2F\u300D\u4EE5\u7DE8\u8F2F\u540D\u7A31\u3002"}, + + {"Add.Public.Key.Alias", "\u65B0\u589E\u516C\u958B\u91D1\u9470\u5225\u540D"}, + {"Remove.Public.Key.Alias", "\u79FB\u9664\u516C\u958B\u91D1\u9470\u5225\u540D"}, + {"File", "\u6A94\u6848"}, + {"KeyStore", "\u91D1\u9470\u5132\u5B58\u5EAB"}, + {"Policy.File.", "\u539F\u5247\u6A94\u6848: "}, + {"Could.not.open.policy.file.policyFile.e.toString.", + "\u7121\u6CD5\u958B\u555F\u539F\u5247\u6A94\u6848: {0}: {1}"}, + {"Policy.Tool", "\u539F\u5247\u5DE5\u5177"}, + {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", + "\u958B\u555F\u539F\u5247\u8A18\u7F6E\u6642\u767C\u751F\u932F\u8AA4\u3002\u8ACB\u6AA2\u8996\u8B66\u544A\u8A18\u9304\u4EE5\u53D6\u5F97\u66F4\u591A\u7684\u8CC7\u8A0A"}, + {"Error", "\u932F\u8AA4"}, + {"OK", "\u78BA\u5B9A"}, + {"Status", "\u72C0\u614B"}, + {"Warning", "\u8B66\u544A"}, + {"Permission.", + "\u6B0A\u9650: "}, + {"Principal.Type.", "Principal \u985E\u578B: "}, + {"Principal.Name.", "Principal \u540D\u7A31: "}, + {"Target.Name.", + "\u76EE\u6A19\u540D\u7A31: "}, + {"Actions.", + "\u52D5\u4F5C: "}, + {"OK.to.overwrite.existing.file.filename.", + "\u78BA\u8A8D\u8986\u5BEB\u73FE\u5B58\u7684\u6A94\u6848 {0}\uFF1F"}, + {"Cancel", "\u53D6\u6D88"}, + {"CodeBase.", "CodeBase:"}, + {"SignedBy.", "SignedBy:"}, + {"Add.Principal", "\u65B0\u589E Principal"}, + {"Edit.Principal", "\u7DE8\u8F2F Principal"}, + {"Remove.Principal", "\u79FB\u9664 Principal"}, + {"Principals.", "Principal:"}, + {".Add.Permission", " \u65B0\u589E\u6B0A\u9650"}, + {".Edit.Permission", " \u7DE8\u8F2F\u6B0A\u9650"}, + {"Remove.Permission", "\u79FB\u9664\u6B0A\u9650"}, + {"Done", "\u5B8C\u6210"}, + {"KeyStore.URL.", "\u91D1\u9470\u5132\u5B58\u5EAB URL: "}, + {"KeyStore.Type.", "\u91D1\u9470\u5132\u5B58\u5EAB\u985E\u578B:"}, + {"KeyStore.Provider.", "\u91D1\u9470\u5132\u5B58\u5EAB\u63D0\u4F9B\u8005:"}, + {"KeyStore.Password.URL.", "\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC URL: "}, + {"Principals", "Principal"}, + {".Edit.Principal.", " \u7DE8\u8F2F Principal: "}, + {".Add.New.Principal.", " \u65B0\u589E Principal: "}, + {"Permissions", "\u6B0A\u9650"}, + {".Edit.Permission.", " \u7DE8\u8F2F\u6B0A\u9650:"}, + {".Add.New.Permission.", " \u65B0\u589E\u6B0A\u9650:"}, + {"Signed.By.", "\u7C3D\u7F72\u4EBA: "}, + {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", + "\u6C92\u6709\u842C\u7528\u5B57\u5143\u540D\u7A31\uFF0C\u7121\u6CD5\u6307\u5B9A\u542B\u6709\u842C\u7528\u5B57\u5143\u985E\u5225\u7684 Principal"}, + {"Cannot.Specify.Principal.without.a.Name", + "\u6C92\u6709\u540D\u7A31\uFF0C\u7121\u6CD5\u6307\u5B9A Principal"}, + {"Permission.and.Target.Name.must.have.a.value", + "\u6B0A\u9650\u53CA\u76EE\u6A19\u540D\u7A31\u5FC5\u9808\u6709\u4E00\u500B\u503C\u3002"}, + {"Remove.this.Policy.Entry.", "\u79FB\u9664\u9019\u500B\u539F\u5247\u9805\u76EE\uFF1F"}, + {"Overwrite.File", "\u8986\u5BEB\u6A94\u6848"}, + {"Policy.successfully.written.to.filename", + "\u539F\u5247\u6210\u529F\u5BEB\u5165\u81F3 {0}"}, + {"null.filename", "\u7A7A\u503C\u6A94\u540D"}, + {"Save.changes.", "\u5132\u5B58\u8B8A\u66F4\uFF1F"}, + {"Yes", "\u662F"}, + {"No", "\u5426"}, + {"Policy.Entry", "\u539F\u5247\u9805\u76EE"}, + {"Save.Changes", "\u5132\u5B58\u8B8A\u66F4"}, + {"No.Policy.Entry.selected", "\u6C92\u6709\u9078\u53D6\u539F\u5247\u9805\u76EE"}, + {"Unable.to.open.KeyStore.ex.toString.", + "\u7121\u6CD5\u958B\u555F\u91D1\u9470\u5132\u5B58\u5EAB: {0}"}, + {"No.principal.selected", "\u672A\u9078\u53D6 Principal"}, + {"No.permission.selected", "\u6C92\u6709\u9078\u53D6\u6B0A\u9650"}, + {"name", "\u540D\u7A31"}, + {"configuration.type", "\u7D44\u614B\u985E\u578B"}, + {"environment.variable.name", "\u74B0\u5883\u8B8A\u6578\u540D\u7A31"}, + {"library.name", "\u7A0B\u5F0F\u5EAB\u540D\u7A31"}, + {"package.name", "\u5957\u88DD\u7A0B\u5F0F\u540D\u7A31"}, + {"policy.type", "\u539F\u5247\u985E\u578B"}, + {"property.name", "\u5C6C\u6027\u540D\u7A31"}, + {"provider.name", "\u63D0\u4F9B\u8005\u540D\u7A31"}, + {"Principal.List", "Principal \u6E05\u55AE"}, + {"Permission.List", "\u6B0A\u9650\u6E05\u55AE"}, + {"Code.Base", "\u4EE3\u78BC\u57FA\u6E96"}, + {"KeyStore.U.R.L.", "\u91D1\u9470\u5132\u5B58\u5EAB URL:"}, + {"KeyStore.Password.U.R.L.", "\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC URL:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/tools/policytool/Resources_zh_TW.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools.policytool; + +/** + * <p> This class represents the <code>ResourceBundle</code> + * for the policytool. + * + */ +public class Resources_zh_TW extends java.util.ListResourceBundle { + + private static final Object[][] contents = { + {"NEWLINE", "\n"}, + {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", + "\u8B66\u544A: \u5225\u540D {0} \u7684\u516C\u958B\u91D1\u9470\u4E0D\u5B58\u5728\u3002\u8ACB\u78BA\u5B9A\u91D1\u9470\u5132\u5B58\u5EAB\u8A2D\u5B9A\u6B63\u78BA\u3002"}, + {"Warning.Class.not.found.class", "\u8B66\u544A: \u627E\u4E0D\u5230\u985E\u5225 {0}"}, + {"Warning.Invalid.argument.s.for.constructor.arg", + "\u8B66\u544A: \u7121\u6548\u7684\u5EFA\u69CB\u5B50\u5F15\u6578: {0}"}, + {"Illegal.Principal.Type.type", "\u7121\u6548\u7684 Principal \u985E\u578B: {0}"}, + {"Illegal.option.option", "\u7121\u6548\u7684\u9078\u9805: {0}"}, + {"Usage.policytool.options.", "\u7528\u6CD5: policytool [options]"}, + {".file.file.policy.file.location", + " [-file <file>] \u539F\u5247\u6A94\u6848\u4F4D\u7F6E"}, + {"New", "\u65B0\u589E"}, + {"Open", "\u958B\u555F"}, + {"Save", "\u5132\u5B58"}, + {"Save.As", "\u53E6\u5B58\u65B0\u6A94"}, + {"View.Warning.Log", "\u6AA2\u8996\u8B66\u544A\u8A18\u9304"}, + {"Exit", "\u7D50\u675F"}, + {"Add.Policy.Entry", "\u65B0\u589E\u539F\u5247\u9805\u76EE"}, + {"Edit.Policy.Entry", "\u7DE8\u8F2F\u539F\u5247\u9805\u76EE"}, + {"Remove.Policy.Entry", "\u79FB\u9664\u539F\u5247\u9805\u76EE"}, + {"Edit", "\u7DE8\u8F2F"}, + {"Retain", "\u4FDD\u7559"}, + + {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", + "\u8B66\u544A: \u6A94\u6848\u540D\u7A31\u5305\u542B\u9041\u96E2\u53CD\u659C\u7DDA\u5B57\u5143\u3002\u4E0D\u9700\u8981\u9041\u96E2\u53CD\u659C\u7DDA\u5B57\u5143 (\u64B0\u5BEB\u539F\u5247\u5167\u5BB9\u81F3\u6C38\u4E45\u5B58\u653E\u5340\u6642\u9700\u8981\u5DE5\u5177\u9041\u96E2\u5B57\u5143)\u3002\n\n\u6309\u4E00\u4E0B\u300C\u4FDD\u7559\u300D\u4EE5\u4FDD\u7559\u8F38\u5165\u7684\u540D\u7A31\uFF0C\u6216\u6309\u4E00\u4E0B\u300C\u7DE8\u8F2F\u300D\u4EE5\u7DE8\u8F2F\u540D\u7A31\u3002"}, + + {"Add.Public.Key.Alias", "\u65B0\u589E\u516C\u958B\u91D1\u9470\u5225\u540D"}, + {"Remove.Public.Key.Alias", "\u79FB\u9664\u516C\u958B\u91D1\u9470\u5225\u540D"}, + {"File", "\u6A94\u6848"}, + {"KeyStore", "\u91D1\u9470\u5132\u5B58\u5EAB"}, + {"Policy.File.", "\u539F\u5247\u6A94\u6848: "}, + {"Could.not.open.policy.file.policyFile.e.toString.", + "\u7121\u6CD5\u958B\u555F\u539F\u5247\u6A94\u6848: {0}: {1}"}, + {"Policy.Tool", "\u539F\u5247\u5DE5\u5177"}, + {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", + "\u958B\u555F\u539F\u5247\u8A18\u7F6E\u6642\u767C\u751F\u932F\u8AA4\u3002\u8ACB\u6AA2\u8996\u8B66\u544A\u8A18\u9304\u4EE5\u53D6\u5F97\u66F4\u591A\u7684\u8CC7\u8A0A"}, + {"Error", "\u932F\u8AA4"}, + {"OK", "\u78BA\u5B9A"}, + {"Status", "\u72C0\u614B"}, + {"Warning", "\u8B66\u544A"}, + {"Permission.", + "\u6B0A\u9650: "}, + {"Principal.Type.", "Principal \u985E\u578B: "}, + {"Principal.Name.", "Principal \u540D\u7A31: "}, + {"Target.Name.", + "\u76EE\u6A19\u540D\u7A31: "}, + {"Actions.", + "\u52D5\u4F5C: "}, + {"OK.to.overwrite.existing.file.filename.", + "\u78BA\u8A8D\u8986\u5BEB\u73FE\u5B58\u7684\u6A94\u6848 {0}\uFF1F"}, + {"Cancel", "\u53D6\u6D88"}, + {"CodeBase.", "CodeBase:"}, + {"SignedBy.", "SignedBy:"}, + {"Add.Principal", "\u65B0\u589E Principal"}, + {"Edit.Principal", "\u7DE8\u8F2F Principal"}, + {"Remove.Principal", "\u79FB\u9664 Principal"}, + {"Principals.", "Principal:"}, + {".Add.Permission", " \u65B0\u589E\u6B0A\u9650"}, + {".Edit.Permission", " \u7DE8\u8F2F\u6B0A\u9650"}, + {"Remove.Permission", "\u79FB\u9664\u6B0A\u9650"}, + {"Done", "\u5B8C\u6210"}, + {"KeyStore.URL.", "\u91D1\u9470\u5132\u5B58\u5EAB URL: "}, + {"KeyStore.Type.", "\u91D1\u9470\u5132\u5B58\u5EAB\u985E\u578B:"}, + {"KeyStore.Provider.", "\u91D1\u9470\u5132\u5B58\u5EAB\u63D0\u4F9B\u8005:"}, + {"KeyStore.Password.URL.", "\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC URL: "}, + {"Principals", "Principal"}, + {".Edit.Principal.", " \u7DE8\u8F2F Principal: "}, + {".Add.New.Principal.", " \u65B0\u589E Principal: "}, + {"Permissions", "\u6B0A\u9650"}, + {".Edit.Permission.", " \u7DE8\u8F2F\u6B0A\u9650:"}, + {".Add.New.Permission.", " \u65B0\u589E\u6B0A\u9650:"}, + {"Signed.By.", "\u7C3D\u7F72\u4EBA: "}, + {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", + "\u6C92\u6709\u842C\u7528\u5B57\u5143\u540D\u7A31\uFF0C\u7121\u6CD5\u6307\u5B9A\u542B\u6709\u842C\u7528\u5B57\u5143\u985E\u5225\u7684 Principal"}, + {"Cannot.Specify.Principal.without.a.Name", + "\u6C92\u6709\u540D\u7A31\uFF0C\u7121\u6CD5\u6307\u5B9A Principal"}, + {"Permission.and.Target.Name.must.have.a.value", + "\u6B0A\u9650\u53CA\u76EE\u6A19\u540D\u7A31\u5FC5\u9808\u6709\u4E00\u500B\u503C\u3002"}, + {"Remove.this.Policy.Entry.", "\u79FB\u9664\u9019\u500B\u539F\u5247\u9805\u76EE\uFF1F"}, + {"Overwrite.File", "\u8986\u5BEB\u6A94\u6848"}, + {"Policy.successfully.written.to.filename", + "\u539F\u5247\u6210\u529F\u5BEB\u5165\u81F3 {0}"}, + {"null.filename", "\u7A7A\u503C\u6A94\u540D"}, + {"Save.changes.", "\u5132\u5B58\u8B8A\u66F4\uFF1F"}, + {"Yes", "\u662F"}, + {"No", "\u5426"}, + {"Policy.Entry", "\u539F\u5247\u9805\u76EE"}, + {"Save.Changes", "\u5132\u5B58\u8B8A\u66F4"}, + {"No.Policy.Entry.selected", "\u6C92\u6709\u9078\u53D6\u539F\u5247\u9805\u76EE"}, + {"Unable.to.open.KeyStore.ex.toString.", + "\u7121\u6CD5\u958B\u555F\u91D1\u9470\u5132\u5B58\u5EAB: {0}"}, + {"No.principal.selected", "\u672A\u9078\u53D6 Principal"}, + {"No.permission.selected", "\u6C92\u6709\u9078\u53D6\u6B0A\u9650"}, + {"name", "\u540D\u7A31"}, + {"configuration.type", "\u7D44\u614B\u985E\u578B"}, + {"environment.variable.name", "\u74B0\u5883\u8B8A\u6578\u540D\u7A31"}, + {"library.name", "\u7A0B\u5F0F\u5EAB\u540D\u7A31"}, + {"package.name", "\u5957\u88DD\u7A0B\u5F0F\u540D\u7A31"}, + {"policy.type", "\u539F\u5247\u985E\u578B"}, + {"property.name", "\u5C6C\u6027\u540D\u7A31"}, + {"provider.name", "\u63D0\u4F9B\u8005\u540D\u7A31"}, + {"Principal.List", "Principal \u6E05\u55AE"}, + {"Permission.List", "\u6B0A\u9650\u6E05\u55AE"}, + {"Code.Base", "\u4EE3\u78BC\u57FA\u6E96"}, + {"KeyStore.U.R.L.", "\u91D1\u9470\u5132\u5B58\u5EAB URL:"}, + {"KeyStore.Password.U.R.L.", "\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC URL:"} + }; + + + /** + * Returns the contents of this <code>ResourceBundle</code>. + * + * <p> + * + * @return the contents of this <code>ResourceBundle</code>. + */ + @Override + public Object[][] getContents() { + return contents; + } +}
--- a/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java Sat Sep 10 22:36:17 2016 +0100 @@ -56,13 +56,12 @@ String[] algorithmsInProperty = null; if (property != null && !property.isEmpty()) { // remove double quote marks from beginning/end of the property - if (property.charAt(0) == '"' - && property.charAt(property.length() - 1) == '"') { + if (property.length() >= 2 && property.charAt(0) == '"' && + property.charAt(property.length() - 1) == '"') { property = property.substring(1, property.length() - 1); } algorithmsInProperty = property.split(","); - for (int i = 0; i < algorithmsInProperty.length; - i++) { + for (int i = 0; i < algorithmsInProperty.length; i++) { algorithmsInProperty[i] = algorithmsInProperty[i].trim(); } }
--- a/src/share/classes/sun/security/util/AuthResources_ko.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/AuthResources_ko.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -88,7 +88,7 @@ {"Keystore.alias.","\uD0A4 \uC800\uC7A5\uC18C \uBCC4\uCE6D: "}, {"Keystore.password.","\uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638: "}, {"Private.key.password.optional.", - "\uC804\uC6A9 \uD0A4 \uBE44\uBC00\uBC88\uD638(\uC120\uD0DD \uC0AC\uD56D): "}, + "\uC804\uC6A9 \uD0A4 \uBE44\uBC00\uBC88\uD638(\uC120\uD0DD\uC0AC\uD56D): "}, // com.sun.security.auth.module.Krb5LoginModule {"Kerberos.username.defUsername.",
--- a/src/share/classes/sun/security/util/BigInt.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,198 +0,0 @@ -/* - * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.util; - -import java.math.BigInteger; - - -/** - * A low-overhead arbitrary-precision <em>unsigned</em> integer. - * This is intended for use with ASN.1 parsing, and printing of - * such parsed values. Convert to "BigInteger" if you need to do - * arbitrary precision arithmetic, rather than just represent - * the number as a wrapped array of bytes. - * - * <P><em><b>NOTE:</b> This class may eventually disappear, to - * be supplanted by big-endian byte arrays which hold both signed - * and unsigned arbitrary-precision integers.</em> - * - * @author David Brownell - */ -public final class BigInt { - - // Big endian -- MSB first. - private byte[] places; - - /** - * Constructs a "Big" integer from a set of (big-endian) bytes. - * Leading zeroes should be stripped off. - * - * @param data a sequence of bytes, most significant bytes/digits - * first. CONSUMED. - */ - public BigInt(byte[] data) { places = data.clone(); } - - /** - * Constructs a "Big" integer from a "BigInteger", which must be - * positive (or zero) in value. - */ - public BigInt(BigInteger i) { - byte[] temp = i.toByteArray(); - - if ((temp[0] & 0x80) != 0) - throw new IllegalArgumentException("negative BigInteger"); - - // XXX we assume exactly _one_ sign byte is used... - - if (temp[0] != 0) - places = temp; - else { - places = new byte[temp.length - 1]; - for (int j = 1; j < temp.length; j++) - places[j - 1] = temp[j]; - } - } - - /** - * Constructs a "Big" integer from a normal Java integer. - * - * @param i the java primitive integer - */ - public BigInt(int i) { - if (i < (1 << 8)) { - places = new byte[1]; - places[0] = (byte) i; - } else if (i < (1 << 16)) { - places = new byte[2]; - places[0] = (byte) (i >> 8); - places[1] = (byte) i; - } else if (i < (1 << 24)) { - places = new byte[3]; - places[0] = (byte) (i >> 16); - places[1] = (byte) (i >> 8); - places[2] = (byte) i; - } else { - places = new byte[4]; - places[0] = (byte) (i >> 24); - places[1] = (byte) (i >> 16); - places[2] = (byte) (i >> 8); - places[3] = (byte) i; - } - } - - /** - * Converts the "big" integer to a java primitive integer. - * - * @excpet NumberFormatException if 32 bits is insufficient. - */ - public int toInt() { - if (places.length > 4) - throw new NumberFormatException("BigInt.toLong, too big"); - int retval = 0, i = 0; - for (; i < places.length; i++) - retval = (retval << 8) + ((int)places[i] & 0xff); - return retval; - } - - /** - * Returns a hexadecimal printed representation. The value is - * formatted to fit on lines of at least 75 characters, with - * embedded newlines. Words are separated for readability, - * with eight words (32 bytes) per line. - */ - public String toString() { return hexify(); } - - /** - * Returns a BigInteger value which supports many arithmetic - * operations. Assumes negative values will never occur. - */ - public BigInteger toBigInteger() - { return new BigInteger(1, places); } - - /** - * Returns the data as a byte array. The most significant bit - * of the array is bit zero (as in <code>java.math.BigInteger</code>). - */ - public byte[] toByteArray() { return places.clone(); } - - private static final String digits = "0123456789abcdef"; - private String hexify() { - if (places.length == 0) - return " 0 "; - - StringBuffer buf = new StringBuffer(places.length * 2); - buf.append(" "); // four spaces - for (int i = 0; i < places.length; i++) { - buf.append(digits.charAt((places[i] >> 4) & 0x0f)); - buf.append(digits.charAt(places[i] & 0x0f)); - if (((i + 1) % 32) == 0) { - if ((i + 1) != places.length) - buf.append("\n "); // line after four words - } else if (((i + 1) % 4) == 0) - buf.append(' '); // space between words - } - return buf.toString(); - } - - /** - * Returns true iff the parameter is a numerically equivalent - * BigInt. - * - * @param other the object being compared with this one. - */ - public boolean equals(Object other) { - if (other instanceof BigInt) - return equals((BigInt) other); - return false; - } - - /** - * Returns true iff the parameter is numerically equivalent. - * - * @param other the BigInt being compared with this one. - */ - public boolean equals(BigInt other) { - if (this == other) - return true; - - byte[] otherPlaces = other.toByteArray(); - if (places.length != otherPlaces.length) - return false; - for (int i = 0; i < places.length; i++) - if (places[i] != otherPlaces[i]) - return false; - return true; - } - - /** - * Returns a hashcode for this BigInt. - * - * @return a hashcode for this BigInt. - */ - public int hashCode() { - return hexify().hashCode(); - } -}
--- a/src/share/classes/sun/security/util/Cache.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/Cache.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -251,7 +251,7 @@ private final Map<Object, CacheEntry> cacheMap; private int maxSize; private long lifetime; - private final ReferenceQueue queue; + private final ReferenceQueue<Object> queue; public MemoryCache(boolean soft, int maxSize) { this(soft, maxSize, 0); @@ -260,7 +260,7 @@ public MemoryCache(boolean soft, int maxSize, int lifetime) { this.maxSize = maxSize; this.lifetime = lifetime * 1000; - this.queue = soft ? new ReferenceQueue() : null; + this.queue = soft ? new ReferenceQueue<Object>() : null; int buckets = (int)(maxSize / LOAD_FACTOR) + 1; cacheMap = new LinkedHashMap<Object, CacheEntry>(buckets, LOAD_FACTOR, true); @@ -449,7 +449,7 @@ } protected CacheEntry newEntry(Object key, Object value, - long expirationTime, ReferenceQueue queue) { + long expirationTime, ReferenceQueue<Object> queue) { if (queue != null) { return new SoftCacheEntry(key, value, expirationTime, queue); } else { @@ -504,13 +504,13 @@ } private static class SoftCacheEntry - extends SoftReference implements CacheEntry { + extends SoftReference<Object> implements CacheEntry { private Object key; private long expirationTime; SoftCacheEntry(Object key, Object value, long expirationTime, - ReferenceQueue queue) { + ReferenceQueue<Object> queue) { super(value, queue); this.key = key; this.expirationTime = expirationTime;
--- a/src/share/classes/sun/security/util/Debug.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/Debug.java Sat Sep 10 22:36:17 2016 +0100 @@ -80,6 +80,7 @@ System.err.println("policy loading and granting"); System.err.println("provider security provider debugging"); System.err.println("scl permissions SecureClassLoader assigns"); + System.err.println("ts timestamping"); System.err.println(); System.err.println("The following can be used with access:"); System.err.println();
--- a/src/share/classes/sun/security/util/KeyUtil.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/KeyUtil.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,6 +41,8 @@ import javax.crypto.spec.DHPublicKeySpec; import java.math.BigInteger; +import sun.security.jca.JCAUtil; + /** * A utility class to get key length, valiate keys, etc. */ @@ -144,8 +146,6 @@ /** * Returns whether the specified provider is Oracle provider or not. - * <P> - * Note that this method is only apply to SunJCE and SunPKCS11 at present. * * @param providerName * the provider name @@ -153,8 +153,11 @@ * {@code providerName} is Oracle provider */ public static final boolean isOracleJCEProvider(String providerName) { - return providerName != null && (providerName.equals("SunJCE") || - providerName.startsWith("SunPKCS11")); + return providerName != null && + (providerName.equals("SunJCE") || + providerName.equals("SunMSCAPI") || + providerName.equals("OracleUcrypto") || + providerName.startsWith("SunPKCS11")); } /** @@ -199,7 +202,7 @@ byte[] encoded, boolean isFailOver) { if (random == null) { - random = new SecureRandom(); + random = JCAUtil.getSecureRandom(); } byte[] replacer = new byte[48]; random.nextBytes(replacer);
--- a/src/share/classes/sun/security/util/ManifestDigester.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/ManifestDigester.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -62,6 +62,7 @@ * @returns false if end of bytes has been reached, otherwise returns * true */ + @SuppressWarnings("fallthrough") private boolean findSection(int offset, Position pos) { int i = offset, len = rawBytes.length; @@ -79,6 +80,7 @@ pos.endOfFirstLine = i-1; if ((i < len) && (rawBytes[i+1] == '\n')) i++; + /* fall through */ case '\n': if (pos.endOfFirstLine == -1) pos.endOfFirstLine = i-1;
--- a/src/share/classes/sun/security/util/Password.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/Password.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -43,6 +43,7 @@ /** Reads user password from given input stream. * @param isEchoOn true if the password should be echoed on the screen */ + @SuppressWarnings("fallthrough") public static char[] readPassword(InputStream in, boolean isEchoOn) throws IOException { @@ -95,7 +96,7 @@ done = true; break; } - + /* fall through */ default: if (--room < 0) { buf = new char[offset + 128];
--- a/src/share/classes/sun/security/util/PathList.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,111 +0,0 @@ -/* - * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.util; - -import java.io.File; -import java.io.IOException; -import java.lang.String; -import java.util.StringTokenizer; -import java.net.URL; -import java.net.URLClassLoader; -import java.net.MalformedURLException; - -/** - * A utility class for handle path list - * - */ -public class PathList { - /** - * Utility method for appending path from pathFrom to pathTo. - * - * @param pathTo the target path - * @param pathSource the path to be appended to pathTo - * @return the resulting path - */ - public static String appendPath(String pathTo, String pathFrom) { - if (pathTo == null || pathTo.length() == 0) { - return pathFrom; - } else if (pathFrom == null || pathFrom.length() == 0) { - return pathTo; - } else { - return pathTo + File.pathSeparator + pathFrom; - } - } - - /** - * Utility method for converting a search path string to an array - * of directory and JAR file URLs. - * - * @param path the search path string - * @return the resulting array of directory and JAR file URLs - */ - public static URL[] pathToURLs(String path) { - StringTokenizer st = new StringTokenizer(path, File.pathSeparator); - URL[] urls = new URL[st.countTokens()]; - int count = 0; - while (st.hasMoreTokens()) { - URL url = fileToURL(new File(st.nextToken())); - if (url != null) { - urls[count++] = url; - } - } - if (urls.length != count) { - URL[] tmp = new URL[count]; - System.arraycopy(urls, 0, tmp, 0, count); - urls = tmp; - } - return urls; - } - - /** - * Returns the directory or JAR file URL corresponding to the specified - * local file name. - * - * @param file the File object - * @return the resulting directory or JAR file URL, or null if unknown - */ - private static URL fileToURL(File file) { - String name; - try { - name = file.getCanonicalPath(); - } catch (IOException e) { - name = file.getAbsolutePath(); - } - name = name.replace(File.separatorChar, '/'); - if (!name.startsWith("/")) { - name = "/" + name; - } - // If the file does not exist, then assume that it's a directory - if (!file.isFile()) { - name = name + "/"; - } - try { - return new URL("file", "", name); - } catch (MalformedURLException e) { - throw new IllegalArgumentException("file"); - } - } -}
--- a/src/share/classes/sun/security/util/Resources.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/Resources.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,509 +34,6 @@ private static final Object[][] contents = { - // shared (from jarsigner) - {"SPACE", " "}, - {"2SPACE", " "}, - {"6SPACE", " "}, - {"COMMA", ", "}, - // shared (from keytool) - {"NEWLINE", "\n"}, - {"STAR", - "*******************************************"}, - {"STARNN", - "*******************************************\n\n"}, - - // keytool: Help part - {".OPTION.", " [OPTION]..."}, - {"Options.", "Options:"}, - {"Use.keytool.help.for.all.available.commands", - "Use \"keytool -help\" for all available commands"}, - {"Key.and.Certificate.Management.Tool", - "Key and Certificate Management Tool"}, - {"Commands.", "Commands:"}, - {"Use.keytool.command.name.help.for.usage.of.command.name", - "Use \"keytool -command_name -help\" for usage of command_name"}, - // keytool: help: commands - {"Generates.a.certificate.request", - "Generates a certificate request"}, //-certreq - {"Changes.an.entry.s.alias", - "Changes an entry's alias"}, //-changealias - {"Deletes.an.entry", - "Deletes an entry"}, //-delete - {"Exports.certificate", - "Exports certificate"}, //-exportcert - {"Generates.a.key.pair", - "Generates a key pair"}, //-genkeypair - {"Generates.a.secret.key", - "Generates a secret key"}, //-genseckey - {"Generates.certificate.from.a.certificate.request", - "Generates certificate from a certificate request"}, //-gencert - {"Generates.CRL", "Generates CRL"}, //-gencrl - {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", - "Imports entries from a JDK 1.1.x-style identity database"}, //-identitydb - {"Imports.a.certificate.or.a.certificate.chain", - "Imports a certificate or a certificate chain"}, //-importcert - {"Imports.one.or.all.entries.from.another.keystore", - "Imports one or all entries from another keystore"}, //-importkeystore - {"Clones.a.key.entry", - "Clones a key entry"}, //-keyclone - {"Changes.the.key.password.of.an.entry", - "Changes the key password of an entry"}, //-keypasswd - {"Lists.entries.in.a.keystore", - "Lists entries in a keystore"}, //-list - {"Prints.the.content.of.a.certificate", - "Prints the content of a certificate"}, //-printcert - {"Prints.the.content.of.a.certificate.request", - "Prints the content of a certificate request"}, //-printcertreq - {"Prints.the.content.of.a.CRL.file", - "Prints the content of a CRL file"}, //-printcrl - {"Generates.a.self.signed.certificate", - "Generates a self-signed certificate"}, //-selfcert - {"Changes.the.store.password.of.a.keystore", - "Changes the store password of a keystore"}, //-storepasswd - // keytool: help: options - {"alias.name.of.the.entry.to.process", - "alias name of the entry to process"}, //-alias - {"destination.alias", - "destination alias"}, //-destalias - {"destination.key.password", - "destination key password"}, //-destkeypass - {"destination.keystore.name", - "destination keystore name"}, //-destkeystore - {"destination.keystore.password.protected", - "destination keystore password protected"}, //-destprotected - {"destination.keystore.provider.name", - "destination keystore provider name"}, //-destprovidername - {"destination.keystore.password", - "destination keystore password"}, //-deststorepass - {"destination.keystore.type", - "destination keystore type"}, //-deststoretype - {"distinguished.name", - "distinguished name"}, //-dname - {"X.509.extension", - "X.509 extension"}, //-ext - {"output.file.name", - "output file name"}, //-file and -outfile - {"input.file.name", - "input file name"}, //-file and -infile - {"key.algorithm.name", - "key algorithm name"}, //-keyalg - {"key.password", - "key password"}, //-keypass - {"key.bit.size", - "key bit size"}, //-keysize - {"keystore.name", - "keystore name"}, //-keystore - {"new.password", - "new password"}, //-new - {"do.not.prompt", - "do not prompt"}, //-noprompt - {"password.through.protected.mechanism", - "password through protected mechanism"}, //-protected - {"provider.argument", - "provider argument"}, //-providerarg - {"provider.class.name", - "provider class name"}, //-providerclass - {"provider.name", - "provider name"}, //-providername - {"provider.classpath", - "provider classpath"}, //-providerpath - {"output.in.RFC.style", - "output in RFC style"}, //-rfc - {"signature.algorithm.name", - "signature algorithm name"}, //-sigalg - {"source.alias", - "source alias"}, //-srcalias - {"source.key.password", - "source key password"}, //-srckeypass - {"source.keystore.name", - "source keystore name"}, //-srckeystore - {"source.keystore.password.protected", - "source keystore password protected"}, //-srcprotected - {"source.keystore.provider.name", - "source keystore provider name"}, //-srcprovidername - {"source.keystore.password", - "source keystore password"}, //-srcstorepass - {"source.keystore.type", - "source keystore type"}, //-srcstoretype - {"SSL.server.host.and.port", - "SSL server host and port"}, //-sslserver - {"signed.jar.file", - "signed jar file"}, //=jarfile - {"certificate.validity.start.date.time", - "certificate validity start date/time"}, //-startdate - {"keystore.password", - "keystore password"}, //-storepass - {"keystore.type", - "keystore type"}, //-storetype - {"trust.certificates.from.cacerts", - "trust certificates from cacerts"}, //-trustcacerts - {"verbose.output", - "verbose output"}, //-v - {"validity.number.of.days", - "validity number of days"}, //-validity - {"Serial.ID.of.cert.to.revoke", - "Serial ID of cert to revoke"}, //-id - // keytool: Running part - {"keytool.error.", "keytool error: "}, - {"Illegal.option.", "Illegal option: "}, - {"Illegal.value.", "Illegal value: "}, - {"Unknown.password.type.", "Unknown password type: "}, - {"Cannot.find.environment.variable.", - "Cannot find environment variable: "}, - {"Cannot.find.file.", "Cannot find file: "}, - {"Command.option.flag.needs.an.argument.", "Command option {0} needs an argument."}, - {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", - "Warning: Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified {0} value."}, - {".keystore.must.be.NONE.if.storetype.is.{0}", - "-keystore must be NONE if -storetype is {0}"}, - {"Too.many.retries.program.terminated", - "Too many retries, program terminated"}, - {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", - "-storepasswd and -keypasswd commands not supported if -storetype is {0}"}, - {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", - "-keypasswd commands not supported if -storetype is PKCS12"}, - {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", - "-keypass and -new can not be specified if -storetype is {0}"}, - {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", - "if -protected is specified, then -storepass, -keypass, and -new must not be specified"}, - {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", - "if -srcprotected is specified, then -srcstorepass and -srckeypass must not be specified"}, - {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", - "if keystore is not password protected, then -storepass, -keypass, and -new must not be specified"}, - {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", - "if source keystore is not password protected, then -srcstorepass and -srckeypass must not be specified"}, - {"Illegal.startdate.value", "Illegal startdate value"}, - {"Validity.must.be.greater.than.zero", - "Validity must be greater than zero"}, - {"provName.not.a.provider", "{0} not a provider"}, - {"Usage.error.no.command.provided", "Usage error: no command provided"}, - {"Source.keystore.file.exists.but.is.empty.", "Source keystore file exists, but is empty: "}, - {"Please.specify.srckeystore", "Please specify -srckeystore"}, - {"Must.not.specify.both.v.and.rfc.with.list.command", - "Must not specify both -v and -rfc with 'list' command"}, - {"Key.password.must.be.at.least.6.characters", - "Key password must be at least 6 characters"}, - {"New.password.must.be.at.least.6.characters", - "New password must be at least 6 characters"}, - {"Keystore.file.exists.but.is.empty.", - "Keystore file exists, but is empty: "}, - {"Keystore.file.does.not.exist.", - "Keystore file does not exist: "}, - {"Must.specify.destination.alias", "Must specify destination alias"}, - {"Must.specify.alias", "Must specify alias"}, - {"Keystore.password.must.be.at.least.6.characters", - "Keystore password must be at least 6 characters"}, - {"Enter.keystore.password.", "Enter keystore password: "}, - {"Enter.source.keystore.password.", "Enter source keystore password: "}, - {"Enter.destination.keystore.password.", "Enter destination keystore password: "}, - {"Keystore.password.is.too.short.must.be.at.least.6.characters", - "Keystore password is too short - must be at least 6 characters"}, - {"Unknown.Entry.Type", "Unknown Entry Type"}, - {"Too.many.failures.Alias.not.changed", "Too many failures. Alias not changed"}, - {"Entry.for.alias.alias.successfully.imported.", - "Entry for alias {0} successfully imported."}, - {"Entry.for.alias.alias.not.imported.", "Entry for alias {0} not imported."}, - {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", - "Problem importing entry for alias {0}: {1}.\nEntry for alias {0} not imported."}, - {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", - "Import command completed: {0} entries successfully imported, {1} entries failed or cancelled"}, - {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", - "Warning: Overwriting existing alias {0} in destination keystore"}, - {"Existing.entry.alias.alias.exists.overwrite.no.", - "Existing entry alias {0} exists, overwrite? [no]: "}, - {"Too.many.failures.try.later", "Too many failures - try later"}, - {"Certification.request.stored.in.file.filename.", - "Certification request stored in file <{0}>"}, - {"Submit.this.to.your.CA", "Submit this to your CA"}, - {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", - "if alias not specified, destalias, srckeypass, and destkeypass must not be specified"}, - {"Certificate.stored.in.file.filename.", - "Certificate stored in file <{0}>"}, - {"Certificate.reply.was.installed.in.keystore", - "Certificate reply was installed in keystore"}, - {"Certificate.reply.was.not.installed.in.keystore", - "Certificate reply was not installed in keystore"}, - {"Certificate.was.added.to.keystore", - "Certificate was added to keystore"}, - {"Certificate.was.not.added.to.keystore", - "Certificate was not added to keystore"}, - {".Storing.ksfname.", "[Storing {0}]"}, - {"alias.has.no.public.key.certificate.", - "{0} has no public key (certificate)"}, - {"Cannot.derive.signature.algorithm", - "Cannot derive signature algorithm"}, - {"Alias.alias.does.not.exist", - "Alias <{0}> does not exist"}, - {"Alias.alias.has.no.certificate", - "Alias <{0}> has no certificate"}, - {"Key.pair.not.generated.alias.alias.already.exists", - "Key pair not generated, alias <{0}> already exists"}, - {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", - "Generating {0} bit {1} key pair and self-signed certificate ({2}) with a validity of {3} days\n\tfor: {4}"}, - {"Enter.key.password.for.alias.", "Enter key password for <{0}>"}, - {".RETURN.if.same.as.keystore.password.", - "\t(RETURN if same as keystore password): "}, - {"Key.password.is.too.short.must.be.at.least.6.characters", - "Key password is too short - must be at least 6 characters"}, - {"Too.many.failures.key.not.added.to.keystore", - "Too many failures - key not added to keystore"}, - {"Destination.alias.dest.already.exists", - "Destination alias <{0}> already exists"}, - {"Password.is.too.short.must.be.at.least.6.characters", - "Password is too short - must be at least 6 characters"}, - {"Too.many.failures.Key.entry.not.cloned", - "Too many failures. Key entry not cloned"}, - {"key.password.for.alias.", "key password for <{0}>"}, - {"Keystore.entry.for.id.getName.already.exists", - "Keystore entry for <{0}> already exists"}, - {"Creating.keystore.entry.for.id.getName.", - "Creating keystore entry for <{0}> ..."}, - {"No.entries.from.identity.database.added", - "No entries from identity database added"}, - {"Alias.name.alias", "Alias name: {0}"}, - {"Creation.date.keyStore.getCreationDate.alias.", - "Creation date: {0,date}"}, - {"alias.keyStore.getCreationDate.alias.", - "{0}, {1,date}, "}, - {"alias.", "{0}, "}, - {"Entry.type.type.", "Entry type: {0}"}, - {"Certificate.chain.length.", "Certificate chain length: "}, - {"Certificate.i.1.", "Certificate[{0,number,integer}]:"}, - {"Certificate.fingerprint.SHA1.", "Certificate fingerprint (SHA1): "}, - {"Keystore.type.", "Keystore type: "}, - {"Keystore.provider.", "Keystore provider: "}, - {"Your.keystore.contains.keyStore.size.entry", - "Your keystore contains {0,number,integer} entry"}, - {"Your.keystore.contains.keyStore.size.entries", - "Your keystore contains {0,number,integer} entries"}, - {"Failed.to.parse.input", "Failed to parse input"}, - {"Empty.input", "Empty input"}, - {"Not.X.509.certificate", "Not X.509 certificate"}, - {"alias.has.no.public.key", "{0} has no public key"}, - {"alias.has.no.X.509.certificate", "{0} has no X.509 certificate"}, - {"New.certificate.self.signed.", "New certificate (self-signed):"}, - {"Reply.has.no.certificates", "Reply has no certificates"}, - {"Certificate.not.imported.alias.alias.already.exists", - "Certificate not imported, alias <{0}> already exists"}, - {"Input.not.an.X.509.certificate", "Input not an X.509 certificate"}, - {"Certificate.already.exists.in.keystore.under.alias.trustalias.", - "Certificate already exists in keystore under alias <{0}>"}, - {"Do.you.still.want.to.add.it.no.", - "Do you still want to add it? [no]: "}, - {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", - "Certificate already exists in system-wide CA keystore under alias <{0}>"}, - {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", - "Do you still want to add it to your own keystore? [no]: "}, - {"Trust.this.certificate.no.", "Trust this certificate? [no]: "}, - {"YES", "YES"}, - {"New.prompt.", "New {0}: "}, - {"Passwords.must.differ", "Passwords must differ"}, - {"Re.enter.new.prompt.", "Re-enter new {0}: "}, - {"Re.enter.new.password.", "Re-enter new password: "}, - {"They.don.t.match.Try.again", "They don't match. Try again"}, - {"Enter.prompt.alias.name.", "Enter {0} alias name: "}, - {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", - "Enter new alias name\t(RETURN to cancel import for this entry): "}, - {"Enter.alias.name.", "Enter alias name: "}, - {".RETURN.if.same.as.for.otherAlias.", - "\t(RETURN if same as for <{0}>)"}, - {".PATTERN.printX509Cert", - "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t Signature algorithm name: {8}\n\t Version: {9}"}, - {"What.is.your.first.and.last.name.", - "What is your first and last name?"}, - {"What.is.the.name.of.your.organizational.unit.", - "What is the name of your organizational unit?"}, - {"What.is.the.name.of.your.organization.", - "What is the name of your organization?"}, - {"What.is.the.name.of.your.City.or.Locality.", - "What is the name of your City or Locality?"}, - {"What.is.the.name.of.your.State.or.Province.", - "What is the name of your State or Province?"}, - {"What.is.the.two.letter.country.code.for.this.unit.", - "What is the two-letter country code for this unit?"}, - {"Is.name.correct.", "Is {0} correct?"}, - {"no", "no"}, - {"yes", "yes"}, - {"y", "y"}, - {".defaultValue.", " [{0}]: "}, - {"Alias.alias.has.no.key", - "Alias <{0}> has no key"}, - {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", - "Alias <{0}> references an entry type that is not a private key entry. The -keyclone command only supports cloning of private key entries"}, - - {".WARNING.WARNING.WARNING.", - "***************** WARNING WARNING WARNING *****************"}, - {"Signer.d.", "Signer #%d:"}, - {"Timestamp.", "Timestamp:"}, - {"Signature.", "Signature:"}, - {"CRLs.", "CRLs:"}, - {"Certificate.owner.", "Certificate owner: "}, - {"Not.a.signed.jar.file", "Not a signed jar file"}, - {"No.certificate.from.the.SSL.server", - "No certificate from the SSL server"}, - - {".The.integrity.of.the.information.stored.in.your.keystore.", - "* The integrity of the information stored in your keystore *\n" + - "* has NOT been verified! In order to verify its integrity, *\n" + - "* you must provide your keystore password. *"}, - {".The.integrity.of.the.information.stored.in.the.srckeystore.", - "* The integrity of the information stored in the srckeystore*\n" + - "* has NOT been verified! In order to verify its integrity, *\n" + - "* you must provide the srckeystore password. *"}, - - {"Certificate.reply.does.not.contain.public.key.for.alias.", - "Certificate reply does not contain public key for <{0}>"}, - {"Incomplete.certificate.chain.in.reply", - "Incomplete certificate chain in reply"}, - {"Certificate.chain.in.reply.does.not.verify.", - "Certificate chain in reply does not verify: "}, - {"Top.level.certificate.in.reply.", - "Top-level certificate in reply:\n"}, - {".is.not.trusted.", "... is not trusted. "}, - {"Install.reply.anyway.no.", "Install reply anyway? [no]: "}, - {"NO", "NO"}, - {"Public.keys.in.reply.and.keystore.don.t.match", - "Public keys in reply and keystore don't match"}, - {"Certificate.reply.and.certificate.in.keystore.are.identical", - "Certificate reply and certificate in keystore are identical"}, - {"Failed.to.establish.chain.from.reply", - "Failed to establish chain from reply"}, - {"n", "n"}, - {"Wrong.answer.try.again", "Wrong answer, try again"}, - {"Secret.key.not.generated.alias.alias.already.exists", - "Secret Key not generated, alias <{0}> already exists"}, - {"Please.provide.keysize.for.secret.key.generation", - "Please provide -keysize for secret key generation"}, - - {"Extensions.", "Extensions: "}, - {".Empty.value.", "(Empty value)"}, - {"Extension.Request.", "Extension Request:"}, - {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", - "PKCS #10 Certificate Request (Version 1.0)\n" + - "Subject: %s\nPublic Key: %s format %s key\n"}, - {"Unknown.keyUsage.type.", "Unknown keyUsage type: "}, - {"Unknown.extendedkeyUsage.type.", "Unknown extendedkeyUsage type: "}, - {"Unknown.AccessDescription.type.", "Unknown AccessDescription type: "}, - {"Unrecognized.GeneralName.type.", "Unrecognized GeneralName type: "}, - {"This.extension.cannot.be.marked.as.critical.", - "This extension cannot be marked as critical. "}, - {"Odd.number.of.hex.digits.found.", "Odd number of hex digits found: "}, - {"Unknown.extension.type.", "Unknown extension type: "}, - {"command.{0}.is.ambiguous.", "command {0} is ambiguous:"}, - - // policytool - {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", - "Warning: A public key for alias {0} does not exist. Make sure a KeyStore is properly configured."}, - {"Warning.Class.not.found.class", "Warning: Class not found: {0}"}, - {"Warning.Invalid.argument.s.for.constructor.arg", - "Warning: Invalid argument(s) for constructor: {0}"}, - {"Illegal.Principal.Type.type", "Illegal Principal Type: {0}"}, - {"Illegal.option.option", "Illegal option: {0}"}, - {"Usage.policytool.options.", "Usage: policytool [options]"}, - {".file.file.policy.file.location", - " [-file <file>] policy file location"}, - {"New", "New"}, - {"Open", "Open"}, - {"Save", "Save"}, - {"Save.As", "Save As"}, - {"View.Warning.Log", "View Warning Log"}, - {"Exit", "Exit"}, - {"Add.Policy.Entry", "Add Policy Entry"}, - {"Edit.Policy.Entry", "Edit Policy Entry"}, - {"Remove.Policy.Entry", "Remove Policy Entry"}, - {"Edit", "Edit"}, - {"Retain", "Retain"}, - - {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", - "Warning: File name may include escaped backslash characters. " + - "It is not necessary to escape backslash characters " + - "(the tool escapes characters as necessary when writing " + - "the policy contents to the persistent store).\n\n" + - "Click on Retain to retain the entered name, or click on " + - "Edit to edit the name."}, - - {"Add.Public.Key.Alias", "Add Public Key Alias"}, - {"Remove.Public.Key.Alias", "Remove Public Key Alias"}, - {"File", "File"}, - {"KeyStore", "KeyStore"}, - {"Policy.File.", "Policy File:"}, - {"Could.not.open.policy.file.policyFile.e.toString.", - "Could not open policy file: {0}: {1}"}, - {"Policy.Tool", "Policy Tool"}, - {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", - "Errors have occurred while opening the policy configuration. View the Warning Log for more information."}, - {"Error", "Error"}, - {"OK", "OK"}, - {"Status", "Status"}, - {"Warning", "Warning"}, - {"Permission.", - "Permission: "}, - {"Principal.Type.", "Principal Type:"}, - {"Principal.Name.", "Principal Name:"}, - {"Target.Name.", - "Target Name: "}, - {"Actions.", - "Actions: "}, - {"OK.to.overwrite.existing.file.filename.", - "OK to overwrite existing file {0}?"}, - {"Cancel", "Cancel"}, - {"CodeBase.", "CodeBase:"}, - {"SignedBy.", "SignedBy:"}, - {"Add.Principal", "Add Principal"}, - {"Edit.Principal", "Edit Principal"}, - {"Remove.Principal", "Remove Principal"}, - {"Principals.", "Principals:"}, - {".Add.Permission", " Add Permission"}, - {".Edit.Permission", " Edit Permission"}, - {"Remove.Permission", "Remove Permission"}, - {"Done", "Done"}, - {"KeyStore.URL.", "KeyStore URL:"}, - {"KeyStore.Type.", "KeyStore Type:"}, - {"KeyStore.Provider.", "KeyStore Provider:"}, - {"KeyStore.Password.URL.", "KeyStore Password URL:"}, - {"Principals", "Principals"}, - {".Edit.Principal.", " Edit Principal:"}, - {".Add.New.Principal.", " Add New Principal:"}, - {"Permissions", "Permissions"}, - {".Edit.Permission.", " Edit Permission:"}, - {".Add.New.Permission.", " Add New Permission:"}, - {"Signed.By.", "Signed By:"}, - {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", - "Cannot Specify Principal with a Wildcard Class without a Wildcard Name"}, - {"Cannot.Specify.Principal.without.a.Name", - "Cannot Specify Principal without a Name"}, - {"Permission.and.Target.Name.must.have.a.value", - "Permission and Target Name must have a value"}, - {"Remove.this.Policy.Entry.", "Remove this Policy Entry?"}, - {"Overwrite.File", "Overwrite File"}, - {"Policy.successfully.written.to.filename", - "Policy successfully written to {0}"}, - {"null.filename", "null filename"}, - {"Save.changes.", "Save changes?"}, - {"Yes", "Yes"}, - {"No", "No"}, - {"Policy.Entry", "Policy Entry"}, - {"Save.Changes", "Save Changes"}, - {"No.Policy.Entry.selected", "No Policy Entry selected"}, - {"Unable.to.open.KeyStore.ex.toString.", - "Unable to open KeyStore: {0}"}, - {"No.principal.selected", "No principal selected"}, - {"No.permission.selected", "No permission selected"}, - {"name", "name"}, - {"configuration.type", "configuration type"}, - {"environment.variable.name", "environment variable name"}, - {"library.name", "library name"}, - {"package.name", "package name"}, - {"policy.type", "policy type"}, - {"property.name", "property name"}, - {"Principal.List", "Principal List"}, - {"Permission.List", "Permission List"}, - {"Code.Base", "Code Base"}, - {"KeyStore.U.R.L.", "KeyStore U R L:"}, - {"KeyStore.Password.U.R.L.", "KeyStore Password U R L:"}, - - // javax.security.auth.PrivateCredentialPermission {"invalid.null.input.s.", "invalid null input(s)"}, {"actions.can.only.be.read.", "actions can only be 'read'"}, @@ -561,6 +58,7 @@ {"provided.null.OID.map", "provided null OID map"}, // javax.security.auth.Subject + {"NEWLINE", "\n"}, {"invalid.null.AccessControlContext.provided", "invalid null AccessControlContext provided"}, {"invalid.null.action.provided", "invalid null action provided"}, @@ -664,6 +162,7 @@ * * @return the contents of this <code>ResourceBundle</code>. */ + @Override public Object[][] getContents() { return contents; }
--- a/src/share/classes/sun/security/util/Resources_de.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/Resources_de.java Sat Sep 10 22:36:17 2016 +0100 @@ -34,499 +34,6 @@ private static final Object[][] contents = { - // shared (from jarsigner) - {"SPACE", " "}, - {"2SPACE", " "}, - {"6SPACE", " "}, - {"COMMA", ", "}, - // shared (from keytool) - {"NEWLINE", "\n"}, - {"STAR", - "*******************************************"}, - {"STARNN", - "*******************************************\n\n"}, - - // keytool: Help part - {".OPTION.", " [OPTION]..."}, - {"Options.", "Optionen:"}, - {"Use.keytool.help.for.all.available.commands", - "\"keytool -help\" f\u00FCr alle verf\u00FCgbaren Befehle verwenden"}, - {"Key.and.Certificate.Management.Tool", - "Schl\u00FCssel- und Zertifikatsverwaltungstool"}, - {"Commands.", "Befehle:"}, - {"Use.keytool.command.name.help.for.usage.of.command.name", - "\"keytool -command_name -help\" f\u00FCr Verwendung von command_name verwenden"}, - // keytool: help: commands - {"Generates.a.certificate.request", - "Generiert eine Zertifikatanforderung"}, //-certreq - {"Changes.an.entry.s.alias", - "\u00C4ndert den Alias eines Eintrags"}, //-changealias - {"Deletes.an.entry", - "L\u00F6scht einen Eintrag"}, //-delete - {"Exports.certificate", - "Exportiert ein Zertifikat"}, //-exportcert - {"Generates.a.key.pair", - "Generiert ein Schl\u00FCsselpaar"}, //-genkeypair - {"Generates.a.secret.key", - "Generiert einen Secret Key"}, //-genseckey - {"Generates.certificate.from.a.certificate.request", - "Generiert ein Zertifikat aus einer Zertifikatanforderung"}, //-gencert - {"Generates.CRL", "Generiert eine CRL"}, //-gencrl - {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", - "Importiert Eintr\u00E4ge aus einer Identity-Datenbank im JDK 1.1.x-Stil"}, //-identitydb - {"Imports.a.certificate.or.a.certificate.chain", - "Importiert ein Zertifikat oder eine Zertifikatskette"}, //-importcert - {"Imports.one.or.all.entries.from.another.keystore", - "Importiert einen oder alle Eintr\u00E4ge aus einem anderen Keystore"}, //-importkeystore - {"Clones.a.key.entry", - "Clont einen Schl\u00FCsseleintrag"}, //-keyclone - {"Changes.the.key.password.of.an.entry", - "\u00C4ndert das Schl\u00FCsselkennwort eines Eintrags"}, //-keypasswd - {"Lists.entries.in.a.keystore", - "Listet die Eintr\u00E4ge in einem Keystore auf"}, //-list - {"Prints.the.content.of.a.certificate", - "Druckt den Content eines Zertifikats"}, //-printcert - {"Prints.the.content.of.a.certificate.request", - "Druckt den Content einer Zertifikatanforderung"}, //-printcertreq - {"Prints.the.content.of.a.CRL.file", - "Druckt den Content einer CRL-Datei"}, //-printcrl - {"Generates.a.self.signed.certificate", - "Generiert ein selbst signiertes Zertifikat"}, //-selfcert - {"Changes.the.store.password.of.a.keystore", - "\u00C4ndert das Speicherkennwort eines Keystores"}, //-storepasswd - // keytool: help: options - {"alias.name.of.the.entry.to.process", - "Aliasname des zu verarbeitenden Eintrags"}, //-alias - {"destination.alias", - "Zielalias"}, //-destalias - {"destination.key.password", - "Zielschl\u00FCssel-Kennwort"}, //-destkeypass - {"destination.keystore.name", - "Ziel-Keystore-Name"}, //-destkeystore - {"destination.keystore.password.protected", - "Ziel-Keystore kennwortgesch\u00FCtzt"}, //-destprotected - {"destination.keystore.provider.name", - "Ziel-Keystore-Providername"}, //-destprovidername - {"destination.keystore.password", - "Ziel-Keystore-Kennwort"}, //-deststorepass - {"destination.keystore.type", - "Ziel-Keystore-Typ"}, //-deststoretype - {"distinguished.name", - "Distinguished Name"}, //-dname - {"X.509.extension", - "X.509-Erweiterung"}, //-ext - {"output.file.name", - "Ausgabedateiname"}, //-file and -outfile - {"input.file.name", - "Eingabedateiname"}, //-file and -infile - {"key.algorithm.name", - "Schl\u00FCsselalgorithmusname"}, //-keyalg - {"key.password", - "Schl\u00FCsselkennwort"}, //-keypass - {"key.bit.size", - "Schl\u00FCsselbitgr\u00F6\u00DFe"}, //-keysize - {"keystore.name", - "Keystore-Name"}, //-keystore - {"new.password", - "Neues Kennwort"}, //-new - {"do.not.prompt", - "Kein Prompt"}, //-noprompt - {"password.through.protected.mechanism", - "Kennwort \u00FCber gesch\u00FCtzten Mechanismus"}, //-protected - {"provider.argument", - "Providerargument"}, //-providerarg - {"provider.class.name", - "Providerklassenname"}, //-providerclass - {"provider.name", - "Providername"}, //-providername - {"provider.classpath", - "Provider-Classpath"}, //-providerpath - {"output.in.RFC.style", - "Ausgabe in RFC-Stil"}, //-rfc - {"signature.algorithm.name", - "Signaturalgorithmusname"}, //-sigalg - {"source.alias", - "Quellalias"}, //-srcalias - {"source.key.password", - "Quellschl\u00FCssel-Kennwort"}, //-srckeypass - {"source.keystore.name", - "Quell-Keystore-Name"}, //-srckeystore - {"source.keystore.password.protected", - "Quell-Keystore kennwortgesch\u00FCtzt"}, //-srcprotected - {"source.keystore.provider.name", - "Quell-Keystore-Providername"}, //-srcprovidername - {"source.keystore.password", - "Quell-Keystore-Kennwort"}, //-srcstorepass - {"source.keystore.type", - "Quell-Keystore-Typ"}, //-srcstoretype - {"SSL.server.host.and.port", - "SSL-Serverhost und -port"}, //-sslserver - {"signed.jar.file", - "Signierte JAR-Datei"}, //=jarfile - {"certificate.validity.start.date.time", - "Anfangsdatum/-zeit f\u00FCr Zertifikatsg\u00FCltigkeit"}, //-startdate - {"keystore.password", - "Keystore-Kennwort"}, //-storepass - {"keystore.type", - "Keystore-Typ"}, //-storetype - {"trust.certificates.from.cacerts", - "Zertifikaten aus cacerts vertrauen"}, //-trustcacerts - {"verbose.output", - "Verbose-Ausgabe"}, //-v - {"validity.number.of.days", - "G\u00FCltigkeitsdauer (Tage)"}, //-validity - {"Serial.ID.of.cert.to.revoke", - "Serielle ID des zu entziehenden Certs"}, //-id - // keytool: Running part - {"keytool.error.", "Keytool-Fehler: "}, - {"Illegal.option.", "Ung\u00FCltige Option: "}, - {"Illegal.value.", "Ung\u00FCltiger Wert: "}, - {"Unknown.password.type.", "Unbekannter Kennworttyp: "}, - {"Cannot.find.environment.variable.", - "Umgebungsvariable kann nicht gefunden werden: "}, - {"Cannot.find.file.", "Datei kann nicht gefunden werden: "}, - {"Command.option.flag.needs.an.argument.", "Befehlsoption {0} ben\u00F6tigt ein Argument."}, - {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", - "Warnung: Keine Unterst\u00FCtzung f\u00FCr unterschiedliche Speicher- und Schl\u00FCsselkennw\u00F6rter bei PKCS12 KeyStores. Der benutzerdefinierte Wert {0} wird ignoriert."}, - {".keystore.must.be.NONE.if.storetype.is.{0}", - "-keystore muss NONE sein, wenn -storetype {0} ist"}, - {"Too.many.retries.program.terminated", - "Zu viele erneute Versuche. Programm wird beendet"}, - {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", - "Befehle -storepasswd und -keypasswd werden nicht unterst\u00FCtzt, wenn -storetype {0} ist"}, - {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", - "Befehle des Typs -keypasswd werden nicht unterst\u00FCtzt, wenn -storetype PKCS12 ist"}, - {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", - "-keypass und -new k\u00F6nnen nicht angegeben werden, wenn -storetype {0} ist"}, - {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", - "Wenn -protected angegeben ist, d\u00FCrfen -storepass, -keypass und -new nicht angegeben werden"}, - {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", - "Wenn -srcprotected angegeben ist, d\u00FCrfen -srcstorepass und -srckeypass nicht angegeben werden"}, - {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", - "Wenn der Keystore nicht kennwortgesch\u00FCtzt ist, d\u00FCrfen -storepass, -keypass und -new nicht angegeben werden"}, - {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", - "Wenn der Quell-Keystore nicht kennwortgesch\u00FCtzt ist, d\u00FCrfen -srcstorepass und -srckeypass nicht angegeben werden"}, - {"Illegal.startdate.value", "Ung\u00FCltiger Wert f\u00FCr Anfangsdatum"}, - {"Validity.must.be.greater.than.zero", - "G\u00FCltigkeit muss gr\u00F6\u00DFer als null sein"}, - {"provName.not.a.provider", "{0} kein Provider"}, - {"Usage.error.no.command.provided", "Verwendungsfehler: Kein Befehl angegeben"}, - {"Source.keystore.file.exists.but.is.empty.", "Quell-Keystore-Datei ist zwar vorhanden, ist aber leer: "}, - {"Please.specify.srckeystore", "Geben Sie -srckeystore an"}, - {"Must.not.specify.both.v.and.rfc.with.list.command", - "-v und -rfc d\u00FCrfen bei Befehl \"list\" nicht beide angegeben werden"}, - {"Key.password.must.be.at.least.6.characters", - "Schl\u00FCsselkennwort muss mindestens sechs Zeichen lang sein"}, - {"New.password.must.be.at.least.6.characters", - "Neues Kennwort muss mindestens sechs Zeichen lang sein"}, - {"Keystore.file.exists.but.is.empty.", - "Keystore-Datei ist vorhanden, ist aber leer: "}, - {"Keystore.file.does.not.exist.", - "Keystore-Datei ist nicht vorhanden: "}, - {"Must.specify.destination.alias", "Sie m\u00FCssen einen Zielalias angeben"}, - {"Must.specify.alias", "Sie m\u00FCssen einen Alias angeben"}, - {"Keystore.password.must.be.at.least.6.characters", - "Keystore-Kennwort muss mindestens sechs Zeichen lang sein"}, - {"Enter.keystore.password.", "Keystore-Kennwort eingeben: "}, - {"Enter.source.keystore.password.", "Quell-Keystore-Kennwort eingeben: "}, - {"Enter.destination.keystore.password.", "Ziel-Keystore-Kennwort eingeben: "}, - {"Keystore.password.is.too.short.must.be.at.least.6.characters", - "Keystore-Kennwort ist zu kurz. Es muss mindestens sechs Zeichen lang sein"}, - {"Unknown.Entry.Type", "Unbekannter Eintragstyp"}, - {"Too.many.failures.Alias.not.changed", "Zu viele Fehler. Alias nicht ge\u00E4ndert"}, - {"Entry.for.alias.alias.successfully.imported.", - "Eintrag f\u00FCr Alias {0} erfolgreich importiert."}, - {"Entry.for.alias.alias.not.imported.", "Eintrag f\u00FCr Alias {0} nicht importiert."}, - {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", - "Problem beim Importieren des Eintrags f\u00FCr Alias {0}: {1}.\nEintrag f\u00FCr Alias {0} nicht importiert."}, - {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", - "Importbefehl abgeschlossen: {0} Eintr\u00E4ge erfolgreich importiert, {1} Eintr\u00E4ge nicht erfolgreich oder abgebrochen"}, - {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", - "Warnung: Vorhandener Alias {0} in Ziel-Keystore wird \u00FCberschrieben"}, - {"Existing.entry.alias.alias.exists.overwrite.no.", - "Eintragsalias {0} ist bereits vorhanden. \u00DCberschreiben? [Nein]: "}, - {"Too.many.failures.try.later", "Zu viele Fehler. Versuchen Sie es sp\u00E4ter erneut"}, - {"Certification.request.stored.in.file.filename.", - "Zertifizierungsanforderung in Datei <{0}> gespeichert"}, - {"Submit.this.to.your.CA", "Leiten Sie dies an die CA weiter"}, - {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", - "Wenn kein Alias angegeben ist, d\u00FCrfen destalias, srckeypass und destkeypass nicht angegeben werden"}, - {"Certificate.stored.in.file.filename.", - "Zertifikat in Datei <{0}> gespeichert"}, - {"Certificate.reply.was.installed.in.keystore", - "Zertifikatantwort wurde in Keystore installiert"}, - {"Certificate.reply.was.not.installed.in.keystore", - "Zertifikatantwort wurde nicht in Keystore installiert"}, - {"Certificate.was.added.to.keystore", - "Zertifikat wurde Keystore hinzugef\u00FCgt"}, - {"Certificate.was.not.added.to.keystore", - "Zertifikat wurde nicht zu Keystore hinzugef\u00FCgt"}, - {".Storing.ksfname.", "[{0} wird gesichert]"}, - {"alias.has.no.public.key.certificate.", - "{0} hat keinen Public Key (Zertifikat)"}, - {"Cannot.derive.signature.algorithm", - "Signaturalgorithmus kann nicht abgeleitet werden"}, - {"Alias.alias.does.not.exist", - "Alias <{0}> ist nicht vorhanden"}, - {"Alias.alias.has.no.certificate", - "Alias <{0}> hat kein Zertifikat"}, - {"Key.pair.not.generated.alias.alias.already.exists", - "Schl\u00FCsselpaar wurde nicht generiert. Alias <{0}> ist bereits vorhanden"}, - {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", - "Generieren von Schl\u00FCsselpaar (Typ {1}, {0} Bit) und selbst signiertem Zertifikat ({2}) mit einer G\u00FCltigkeit von {3} Tagen\n\tf\u00FCr: {4}"}, - {"Enter.key.password.for.alias.", "Schl\u00FCsselkennwort f\u00FCr <{0}> eingeben"}, - {".RETURN.if.same.as.keystore.password.", - "\t(RETURN, wenn identisch mit Keystore-Kennwort): "}, - {"Key.password.is.too.short.must.be.at.least.6.characters", - "Schl\u00FCsselkennwort ist zu kurz. Es muss mindestens sechs Zeichen lang sein"}, - {"Too.many.failures.key.not.added.to.keystore", - "Zu viele Fehler. Schl\u00FCssel wurde nicht zu Keystore hinzugef\u00FCgt"}, - {"Destination.alias.dest.already.exists", - "Zielalias <{0}> bereits vorhanden"}, - {"Password.is.too.short.must.be.at.least.6.characters", - "Kennwort ist zu kurz. Es muss mindestens sechs Zeichen lang sein"}, - {"Too.many.failures.Key.entry.not.cloned", - "Zu viele Fehler. Schl\u00FCsseleintrag wurde nicht geclont"}, - {"key.password.for.alias.", "Schl\u00FCsselkennwort f\u00FCr <{0}>"}, - {"Keystore.entry.for.id.getName.already.exists", - "Keystore-Eintrag f\u00FCr <{0}> bereits vorhanden"}, - {"Creating.keystore.entry.for.id.getName.", - "Keystore-Eintrag f\u00FCr <{0}> wird erstellt..."}, - {"No.entries.from.identity.database.added", - "Keine Eintr\u00E4ge aus Identity-Datenbank hinzugef\u00FCgt"}, - {"Alias.name.alias", "Aliasname: {0}"}, - {"Creation.date.keyStore.getCreationDate.alias.", - "Erstellungsdatum: {0,date}"}, - {"alias.keyStore.getCreationDate.alias.", - "{0}, {1,date}, "}, - {"alias.", "{0}, "}, - {"Entry.type.type.", "Eintragstyp: {0}"}, - {"Certificate.chain.length.", "Zertifikatskettenl\u00E4nge: "}, - {"Certificate.i.1.", "Zertifikat[{0,number,integer}]:"}, - {"Certificate.fingerprint.SHA1.", "Zertifikat-Fingerprint (SHA1): "}, - {"Keystore.type.", "Keystore-Typ: "}, - {"Keystore.provider.", "Keystore-Provider: "}, - {"Your.keystore.contains.keyStore.size.entry", - "Keystore enth\u00E4lt {0,number,integer} Eintrag"}, - {"Your.keystore.contains.keyStore.size.entries", - "Keystore enth\u00E4lt {0,number,integer} Eintr\u00E4ge"}, - {"Failed.to.parse.input", "Eingabe konnte nicht geparst werden"}, - {"Empty.input", "Leere Eingabe"}, - {"Not.X.509.certificate", "Kein X.509-Zertifikat"}, - {"alias.has.no.public.key", "{0} hat keinen Public Key"}, - {"alias.has.no.X.509.certificate", "{0} hat kein X.509-Zertifikat"}, - {"New.certificate.self.signed.", "Neues Zertifikat (selbst signiert):"}, - {"Reply.has.no.certificates", "Antwort hat keine Zertifikate"}, - {"Certificate.not.imported.alias.alias.already.exists", - "Zertifikat nicht importiert. Alias <{0}> ist bereits vorhanden"}, - {"Input.not.an.X.509.certificate", "Eingabe kein X.509-Zertifikat"}, - {"Certificate.already.exists.in.keystore.under.alias.trustalias.", - "Zertifikat ist bereits unter Alias <{0}> im Keystore vorhanden"}, - {"Do.you.still.want.to.add.it.no.", - "M\u00F6chten Sie es trotzdem hinzuf\u00FCgen? [Nein]: "}, - {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", - "Zertifikat ist bereits unter Alias <{0}> im systemweiten CA-Keystore vorhanden"}, - {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", - "M\u00F6chten Sie es trotzdem zu Ihrem eigenen Keystore hinzuf\u00FCgen? [Nein]: "}, - {"Trust.this.certificate.no.", "Diesem Zertifikat vertrauen? [Nein]: "}, - {"YES", "JA"}, - {"New.prompt.", "Neues {0}: "}, - {"Passwords.must.differ", "Kennw\u00F6rter m\u00FCssen sich unterscheiden"}, - {"Re.enter.new.prompt.", "Neues {0} erneut eingeben: "}, - {"Re.enter.new.password.", "Neues Kennwort erneut eingeben: "}, - {"They.don.t.match.Try.again", "Keine \u00DCbereinstimmung. Wiederholen Sie den Vorgang"}, - {"Enter.prompt.alias.name.", "{0}-Aliasnamen eingeben: "}, - {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", - "Geben Sie einen neuen Aliasnamen ein\t(RETURN, um den Import dieses Eintrags abzubrechen): "}, - {"Enter.alias.name.", "Aliasnamen eingeben: "}, - {".RETURN.if.same.as.for.otherAlias.", - "\t(RETURN, wenn identisch mit <{0}>)"}, - {".PATTERN.printX509Cert", - "Eigent\u00FCmer: {0}\nAussteller: {1}\nSeriennummer: {2}\nG\u00FCltig von: {3} bis: {4}\nZertifikat-Fingerprints:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t Signaturalgorithmusname: {8}\n\t Version: {9}"}, - {"What.is.your.first.and.last.name.", - "Wie lautet Ihr Vor- und Nachname?"}, - {"What.is.the.name.of.your.organizational.unit.", - "Wie lautet der Name Ihrer organisatorischen Einheit?"}, - {"What.is.the.name.of.your.organization.", - "Wie lautet der Name Ihrer Organisation?"}, - {"What.is.the.name.of.your.City.or.Locality.", - "Wie lautet der Name Ihrer Stadt oder Gemeinde?"}, - {"What.is.the.name.of.your.State.or.Province.", - "Wie lautet der Name Ihres Bundeslands?"}, - {"What.is.the.two.letter.country.code.for.this.unit.", - "Wie lautet der L\u00E4ndercode (zwei Buchstaben) f\u00FCr diese Einheit?"}, - {"Is.name.correct.", "Ist {0} richtig?"}, - {"no", "Nein"}, - {"yes", "Ja"}, - {"y", "J"}, - {".defaultValue.", " [{0}]: "}, - {"Alias.alias.has.no.key", - "Alias <{0}> verf\u00FCgt \u00FCber keinen Schl\u00FCssel"}, - {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", - "Alias <{0}> verweist auf einen Eintragstyp, der kein Private Key-Eintrag ist. Der Befehl -keyclone unterst\u00FCtzt nur das Clonen von Private Key-Eintr\u00E4gen"}, - - {".WARNING.WARNING.WARNING.", - "***************** WARNING WARNING WARNING *****************"}, - {"Signer.d.", "Signaturgeber #%d:"}, - {"Timestamp.", "Zeitstempel:"}, - {"Signature.", "Signatur:"}, - {"CRLs.", "CRLs:"}, - {"Certificate.owner.", "Zertifikateigent\u00FCmer: "}, - {"Not.a.signed.jar.file", "Keine signierte JAR-Datei"}, - {"No.certificate.from.the.SSL.server", - "Kein Zertifikat vom SSL-Server"}, - - {".The.integrity.of.the.information.stored.in.your.keystore.", - "* Die Integrit\u00E4t der Informationen, die in Ihrem Keystore gespeichert sind, *\n* wurde NICHT gepr\u00FCft. Um die Integrit\u00E4t zu pr\u00FCfen, *\n* m\u00FCssen Sie Ihr Keystore-Kennwort angeben. *"}, - {".The.integrity.of.the.information.stored.in.the.srckeystore.", - "* Die Integrit\u00E4t der Informationen, die in Ihrem Srckeystore gespeichert sind, *\n* wurde NICHT gepr\u00FCft. Um die Integrit\u00E4t zu pr\u00FCfen, *\n* m\u00FCssen Sie Ihr Srckeystore-Kennwort angeben. *"}, - - {"Certificate.reply.does.not.contain.public.key.for.alias.", - "Zertifikatantwort enth\u00E4lt keinen Public Key f\u00FCr <{0}>"}, - {"Incomplete.certificate.chain.in.reply", - "Unvollst\u00E4ndige Zertifikatskette in Antwort"}, - {"Certificate.chain.in.reply.does.not.verify.", - "Zertifikatskette in Antwort verifiziert nicht: "}, - {"Top.level.certificate.in.reply.", - "Zertifikat der obersten Ebene in Antwort:\n"}, - {".is.not.trusted.", "... ist nicht vertrauensw\u00FCrdig. "}, - {"Install.reply.anyway.no.", "Antwort trotzdem installieren? [Nein]: "}, - {"NO", "NEIN"}, - {"Public.keys.in.reply.and.keystore.don.t.match", - "Public Keys in Antwort und Keystore stimmen nicht \u00FCberein"}, - {"Certificate.reply.and.certificate.in.keystore.are.identical", - "Zertifikatantwort und Zertifikat in Keystore sind identisch"}, - {"Failed.to.establish.chain.from.reply", - "Kette konnte der Antwort nicht entnommen werden"}, - {"n", "N"}, - {"Wrong.answer.try.again", "Falsche Antwort. Wiederholen Sie den Vorgang"}, - {"Secret.key.not.generated.alias.alias.already.exists", - "Secret Key wurde nicht generiert. Alias <{0}> ist bereits vorhanden"}, - {"Please.provide.keysize.for.secret.key.generation", - "Geben Sie -keysize zum Erstellen eines Secret Keys an"}, - - {"Extensions.", "Erweiterungen: "}, - {".Empty.value.", "(Leerer Wert)"}, - {"Extension.Request.", "Erweiterungsanforderung:"}, - {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", - "PKCS #10-Zertifikatanforderung (Version 1.0)\nSubjekt: %s\nPublic Key: %s Format %s Schl\u00FCssel\n"}, - {"Unknown.keyUsage.type.", "Unbekannter keyUsage-Typ: "}, - {"Unknown.extendedkeyUsage.type.", "Unbekannter extendedkeyUsage-Typ: "}, - {"Unknown.AccessDescription.type.", "Unbekannter AccessDescription-Typ: "}, - {"Unrecognized.GeneralName.type.", "Unbekannter GeneralName-Typ: "}, - {"This.extension.cannot.be.marked.as.critical.", - "Erweiterung kann nicht als \"Kritisch\" markiert werden. "}, - {"Odd.number.of.hex.digits.found.", "Ungerade Anzahl hexadezimaler Ziffern gefunden: "}, - {"Unknown.extension.type.", "Unbekannter Erweiterungstyp: "}, - {"command.{0}.is.ambiguous.", "Befehl {0} ist mehrdeutig:"}, - - // policytool - {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", - "Warnung: Kein Public Key f\u00FCr Alias {0} vorhanden. Vergewissern Sie sich, dass der KeyStore ordnungsgem\u00E4\u00DF konfiguriert ist."}, - {"Warning.Class.not.found.class", "Warnung: Klasse nicht gefunden: {0}"}, - {"Warning.Invalid.argument.s.for.constructor.arg", - "Warnung: Ung\u00FCltige(s) Argument(e) f\u00FCr Constructor: {0}"}, - {"Illegal.Principal.Type.type", "Ung\u00FCltiger Principal-Typ: {0}"}, - {"Illegal.option.option", "Ung\u00FCltige Option: {0}"}, - {"Usage.policytool.options.", "Verwendung: policytool [Optionen]"}, - {".file.file.policy.file.location", - " [-file <Datei>] Policy-Dateiverzeichnis"}, - {"New", "Neu"}, - {"Open", "\u00D6ffnen"}, - {"Save", "Speichern"}, - {"Save.As", "Speichern unter"}, - {"View.Warning.Log", "Warnungslog anzeigen"}, - {"Exit", "Beenden"}, - {"Add.Policy.Entry", "Policy-Eintrag hinzuf\u00FCgen"}, - {"Edit.Policy.Entry", "Policy-Eintrag bearbeiten"}, - {"Remove.Policy.Entry", "Policy-Eintrag entfernen"}, - {"Edit", "Bearbeiten"}, - {"Retain", "Beibehalten"}, - - {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", - "Warnung: M\u00F6glicherweise enth\u00E4lt der Dateiname Escapezeichen mit Backslash. Es ist nicht notwendig, Backslash-Zeichen zu escapen (das Tool f\u00FChrt dies automatisch beim Schreiben des Policy-Contents in den persistenten Speicher aus).\n\nKlicken Sie auf \"Beibehalten\", um den eingegebenen Namen beizubehalten oder auf \"Bearbeiten\", um den Namen zu bearbeiten."}, - - {"Add.Public.Key.Alias", "Public Key-Alias hinzuf\u00FCgen"}, - {"Remove.Public.Key.Alias", "Public Key-Alias entfernen"}, - {"File", "Datei"}, - {"KeyStore", "KeyStore"}, - {"Policy.File.", "Policy-Datei:"}, - {"Could.not.open.policy.file.policyFile.e.toString.", - "Policy-Datei konnte nicht ge\u00F6ffnet werden: {0}: {1}"}, - {"Policy.Tool", "Policy-Tool"}, - {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", - "Beim \u00D6ffnen der Policy-Konfiguration sind Fehler aufgetreten. Weitere Informationen finden Sie im Warnungslog."}, - {"Error", "Fehler"}, - {"OK", "OK"}, - {"Status", "Status"}, - {"Warning", "Warnung"}, - {"Permission.", - "Berechtigung: "}, - {"Principal.Type.", "Principal-Typ:"}, - {"Principal.Name.", "Principal-Name:"}, - {"Target.Name.", - "Zielname: "}, - {"Actions.", - "Aktionen: "}, - {"OK.to.overwrite.existing.file.filename.", - "Vorhandene Datei {0} \u00FCberschreiben?"}, - {"Cancel", "Abbrechen"}, - {"CodeBase.", "CodeBase:"}, - {"SignedBy.", "SignedBy:"}, - {"Add.Principal", "Principal hinzuf\u00FCgen"}, - {"Edit.Principal", "Principal bearbeiten"}, - {"Remove.Principal", "Principal entfernen"}, - {"Principals.", "Principals:"}, - {".Add.Permission", " Berechtigung hinzuf\u00FCgen"}, - {".Edit.Permission", " Berechtigung bearbeiten"}, - {"Remove.Permission", "Berechtigung entfernen"}, - {"Done", "Fertig"}, - {"KeyStore.URL.", "KeyStore-URL:"}, - {"KeyStore.Type.", "KeyStore-Typ:"}, - {"KeyStore.Provider.", "KeyStore-Provider:"}, - {"KeyStore.Password.URL.", "KeyStore-Kennwort-URL:"}, - {"Principals", "Principals"}, - {".Edit.Principal.", " Principal bearbeiten:"}, - {".Add.New.Principal.", " Neuen Principal hinzuf\u00FCgen:"}, - {"Permissions", "Berechtigungen"}, - {".Edit.Permission.", " Berechtigung bearbeiten:"}, - {".Add.New.Permission.", " Neue Berechtigung hinzuf\u00FCgen:"}, - {"Signed.By.", "Signiert von:"}, - {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", - "Principal kann nicht mit einer Platzhalterklasse ohne Platzhalternamen angegeben werden"}, - {"Cannot.Specify.Principal.without.a.Name", - "Principal kann nicht ohne einen Namen angegeben werden"}, - {"Permission.and.Target.Name.must.have.a.value", - "Berechtigung und Zielname m\u00FCssen einen Wert haben"}, - {"Remove.this.Policy.Entry.", "Diesen Policy-Eintrag entfernen?"}, - {"Overwrite.File", "Datei \u00FCberschreiben"}, - {"Policy.successfully.written.to.filename", - "Policy erfolgreich in {0} geschrieben"}, - {"null.filename", "Null-Dateiname"}, - {"Save.changes.", "\u00C4nderungen speichern?"}, - {"Yes", "Ja"}, - {"No", "Nein"}, - {"Policy.Entry", "Policy-Eintrag"}, - {"Save.Changes", "\u00C4nderungen speichern"}, - {"No.Policy.Entry.selected", "Kein Policy-Eintrag ausgew\u00E4hlt"}, - {"Unable.to.open.KeyStore.ex.toString.", - "KeyStore kann nicht ge\u00F6ffnet werden: {0}"}, - {"No.principal.selected", "Kein Principal ausgew\u00E4hlt"}, - {"No.permission.selected", "Keine Berechtigung ausgew\u00E4hlt"}, - {"name", "Name"}, - {"configuration.type", "Konfigurationstyp"}, - {"environment.variable.name", "Umgebungsvariablenname"}, - {"library.name", "Library-Name"}, - {"package.name", "Packagename"}, - {"policy.type", "Policy-Typ"}, - {"property.name", "Eigenschaftsname"}, - {"Principal.List", "Principal-Liste"}, - {"Permission.List", "Berechtigungsliste"}, - {"Code.Base", "Codebase"}, - {"KeyStore.U.R.L.", "KeyStore-URL:"}, - {"KeyStore.Password.U.R.L.", "KeyStore-Kennwort-URL:"}, - - // javax.security.auth.PrivateCredentialPermission {"invalid.null.input.s.", "Ung\u00FCltige Nulleingabe(n)"}, {"actions.can.only.be.read.", "Aktionen k\u00F6nnen nur \"lesen\" sein"}, @@ -551,6 +58,7 @@ {"provided.null.OID.map", "Null-OID-Zuordnung angegeben"}, // javax.security.auth.Subject + {"NEWLINE", "\n"}, {"invalid.null.AccessControlContext.provided", "Ung\u00FCltiger Nullwert f\u00FCr AccessControlContext angegeben"}, {"invalid.null.action.provided", "Ung\u00FCltige Nullaktion angegeben"}, @@ -654,6 +162,7 @@ * * @return the contents of this <code>ResourceBundle</code>. */ + @Override public Object[][] getContents() { return contents; }
--- a/src/share/classes/sun/security/util/Resources_es.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/Resources_es.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,499 +34,6 @@ private static final Object[][] contents = { - // shared (from jarsigner) - {"SPACE", " "}, - {"2SPACE", " "}, - {"6SPACE", " "}, - {"COMMA", ", "}, - // shared (from keytool) - {"NEWLINE", "\n"}, - {"STAR", - "*******************************************"}, - {"STARNN", - "*******************************************\n\n"}, - - // keytool: Help part - {".OPTION.", " [OPTION]..."}, - {"Options.", "Opciones:"}, - {"Use.keytool.help.for.all.available.commands", - "Utilice\"keytool -help\" para todos los comandos disponibles"}, - {"Key.and.Certificate.Management.Tool", - "Herramienta de Gesti\u00F3n de Certificados y Claves"}, - {"Commands.", "Comandos:"}, - {"Use.keytool.command.name.help.for.usage.of.command.name", - "Utilice \"keytool -command_name -help\" para la sintaxis de nombre_comando"}, - // keytool: help: commands - {"Generates.a.certificate.request", - "Genera una solicitud de certificado"}, //-certreq - {"Changes.an.entry.s.alias", - "Cambia un alias de entrada"}, //-changealias - {"Deletes.an.entry", - "Suprime una entrada"}, //-delete - {"Exports.certificate", - "Exporta el certificado"}, //-exportcert - {"Generates.a.key.pair", - "Genera un par de claves"}, //-genkeypair - {"Generates.a.secret.key", - "Genera un clave secreta"}, //-genseckey - {"Generates.certificate.from.a.certificate.request", - "Genera un certificado a partir de una solicitud de certificado"}, //-gencert - {"Generates.CRL", "Genera CRL"}, //-gencrl - {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", - "Importa entradas desde una base de datos de identidades JDK 1.1.x-style"}, //-identitydb - {"Imports.a.certificate.or.a.certificate.chain", - "Importa un certificado o una cadena de certificados"}, //-importcert - {"Imports.one.or.all.entries.from.another.keystore", - "Importa una o todas las entradas desde otro almac\u00E9n de claves"}, //-importkeystore - {"Clones.a.key.entry", - "Clona una entrada de clave"}, //-keyclone - {"Changes.the.key.password.of.an.entry", - "Cambia la contrase\u00F1a de clave de una entrada"}, //-keypasswd - {"Lists.entries.in.a.keystore", - "Enumera las entradas de un almac\u00E9n de claves"}, //-list - {"Prints.the.content.of.a.certificate", - "Imprime el contenido de un certificado"}, //-printcert - {"Prints.the.content.of.a.certificate.request", - "Imprime el contenido de una solicitud de certificado"}, //-printcertreq - {"Prints.the.content.of.a.CRL.file", - "Imprime el contenido de un archivo CRL"}, //-printcrl - {"Generates.a.self.signed.certificate", - "Genera un certificado autofirmado"}, //-selfcert - {"Changes.the.store.password.of.a.keystore", - "Cambia la contrase\u00F1a de almac\u00E9n de un almac\u00E9n de claves"}, //-storepasswd - // keytool: help: options - {"alias.name.of.the.entry.to.process", - "nombre de alias de la entrada que se va a procesar"}, //-alias - {"destination.alias", - "alias de destino"}, //-destalias - {"destination.key.password", - "contrase\u00F1a de clave de destino"}, //-destkeypass - {"destination.keystore.name", - "nombre de almac\u00E9n de claves de destino"}, //-destkeystore - {"destination.keystore.password.protected", - "almac\u00E9n de claves de destino protegido por contrase\u00F1a"}, //-destprotected - {"destination.keystore.provider.name", - "nombre de proveedor de almac\u00E9n de claves de destino"}, //-destprovidername - {"destination.keystore.password", - "contrase\u00F1a de almac\u00E9n de claves de destino"}, //-deststorepass - {"destination.keystore.type", - "tipo de almac\u00E9n de claves de destino"}, //-deststoretype - {"distinguished.name", - "nombre distintivo"}, //-dname - {"X.509.extension", - "extensi\u00F3n X.509"}, //-ext - {"output.file.name", - "nombre de archivo de salida"}, //-file and -outfile - {"input.file.name", - "nombre de archivo de entrada"}, //-file and -infile - {"key.algorithm.name", - "nombre de algoritmo de clave"}, //-keyalg - {"key.password", - "contrase\u00F1a de clave"}, //-keypass - {"key.bit.size", - "tama\u00F1o de bit de clave"}, //-keysize - {"keystore.name", - "nombre de almac\u00E9n de claves"}, //-keystore - {"new.password", - "nueva contrase\u00F1a"}, //-new - {"do.not.prompt", - "no solicitar"}, //-noprompt - {"password.through.protected.mechanism", - "contrase\u00F1a a trav\u00E9s de mecanismo protegido"}, //-protected - {"provider.argument", - "argumento del proveedor"}, //-providerarg - {"provider.class.name", - "nombre de clase del proveedor"}, //-providerclass - {"provider.name", - "nombre del proveedor"}, //-providername - {"provider.classpath", - "classpath de proveedor"}, //-providerpath - {"output.in.RFC.style", - "salida en estilo RFC"}, //-rfc - {"signature.algorithm.name", - "nombre de algoritmo de firma"}, //-sigalg - {"source.alias", - "alias de origen"}, //-srcalias - {"source.key.password", - "contrase\u00F1a de clave de origen"}, //-srckeypass - {"source.keystore.name", - "nombre de almac\u00E9n de claves de origen"}, //-srckeystore - {"source.keystore.password.protected", - "almac\u00E9n de claves de origen protegido por contrase\u00F1a"}, //-srcprotected - {"source.keystore.provider.name", - "nombre de proveedor de almac\u00E9n de claves de origen"}, //-srcprovidername - {"source.keystore.password", - "contrase\u00F1a de almac\u00E9n de claves de origen"}, //-srcstorepass - {"source.keystore.type", - "tipo de almac\u00E9n de claves de origen"}, //-srcstoretype - {"SSL.server.host.and.port", - "puerto y host del servidor SSL"}, //-sslserver - {"signed.jar.file", - "archivo jar firmado"}, //=jarfile - {"certificate.validity.start.date.time", - "fecha/hora de inicio de validez del certificado"}, //-startdate - {"keystore.password", - "contrase\u00F1a de almac\u00E9n de claves"}, //-storepass - {"keystore.type", - "tipo de almac\u00E9n de claves"}, //-storetype - {"trust.certificates.from.cacerts", - "certificados de protecci\u00F3n de cacerts"}, //-trustcacerts - {"verbose.output", - "salida detallada"}, //-v - {"validity.number.of.days", - "n\u00FAmero de validez de d\u00EDas"}, //-validity - {"Serial.ID.of.cert.to.revoke", - "identificador de serie del certificado que se va a revocar"}, //-id - // keytool: Running part - {"keytool.error.", "error de herramienta de claves: "}, - {"Illegal.option.", "Opci\u00F3n no permitida: "}, - {"Illegal.value.", "Valor no permitido: "}, - {"Unknown.password.type.", "Tipo de contrase\u00F1a desconocido: "}, - {"Cannot.find.environment.variable.", - "No se ha encontrado la variable del entorno: "}, - {"Cannot.find.file.", "No se ha encontrado el archivo: "}, - {"Command.option.flag.needs.an.argument.", "La opci\u00F3n de comando {0} necesita un argumento."}, - {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", - "Advertencia: los almacenes de claves en formato PKCS12 no admiten contrase\u00F1as de clave y almacenamiento distintas. Se ignorar\u00E1 el valor especificado por el usuario, {0}."}, - {".keystore.must.be.NONE.if.storetype.is.{0}", - "-keystore debe ser NONE si -storetype es {0}"}, - {"Too.many.retries.program.terminated", - "Ha habido demasiados intentos, se ha cerrado el programa"}, - {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", - "Los comandos -storepasswd y -keypasswd no est\u00E1n soportados si -storetype es {0}"}, - {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", - "Los comandos -keypasswd no est\u00E1n soportados si -storetype es PKCS12"}, - {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", - "-keypass y -new no se pueden especificar si -storetype es {0}"}, - {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", - "si se especifica -protected, no deben especificarse -storepass, -keypass ni -new"}, - {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", - "Si se especifica -srcprotected, no se puede especificar -srcstorepass ni -srckeypass"}, - {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", - "Si keystore no est\u00E1 protegido por contrase\u00F1a, no se deben especificar -storepass, -keypass ni -new"}, - {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", - "Si el almac\u00E9n de claves de origen no est\u00E1 protegido por contrase\u00F1a, no se deben especificar -srcstorepass ni -srckeypass"}, - {"Illegal.startdate.value", "Valor de fecha de inicio no permitido"}, - {"Validity.must.be.greater.than.zero", - "La validez debe ser mayor que cero"}, - {"provName.not.a.provider", "{0} no es un proveedor"}, - {"Usage.error.no.command.provided", "Error de sintaxis: no se ha proporcionado ning\u00FAn comando"}, - {"Source.keystore.file.exists.but.is.empty.", "El archivo de almac\u00E9n de claves de origen existe, pero est\u00E1 vac\u00EDo: "}, - {"Please.specify.srckeystore", "Especifique -srckeystore"}, - {"Must.not.specify.both.v.and.rfc.with.list.command", - "No se deben especificar -v y -rfc simult\u00E1neamente con el comando 'list'"}, - {"Key.password.must.be.at.least.6.characters", - "La contrase\u00F1a de clave debe tener al menos 6 caracteres"}, - {"New.password.must.be.at.least.6.characters", - "La nueva contrase\u00F1a debe tener al menos 6 caracteres"}, - {"Keystore.file.exists.but.is.empty.", - "El archivo de almac\u00E9n de claves existe, pero est\u00E1 vac\u00EDo: "}, - {"Keystore.file.does.not.exist.", - "El archivo de almac\u00E9n de claves no existe: "}, - {"Must.specify.destination.alias", "Se debe especificar un alias de destino"}, - {"Must.specify.alias", "Se debe especificar un alias"}, - {"Keystore.password.must.be.at.least.6.characters", - "La contrase\u00F1a del almac\u00E9n de claves debe tener al menos 6 caracteres"}, - {"Enter.keystore.password.", "Introduzca la contrase\u00F1a del almac\u00E9n de claves: "}, - {"Enter.source.keystore.password.", "Introduzca la contrase\u00F1a de almac\u00E9n de claves de origen: "}, - {"Enter.destination.keystore.password.", "Introduzca la contrase\u00F1a de almac\u00E9n de claves de destino: "}, - {"Keystore.password.is.too.short.must.be.at.least.6.characters", - "La contrase\u00F1a del almac\u00E9n de claves es demasiado corta, debe tener al menos 6 caracteres"}, - {"Unknown.Entry.Type", "Tipo de Entrada Desconocido"}, - {"Too.many.failures.Alias.not.changed", "Demasiados fallos. No se ha cambiado el alias"}, - {"Entry.for.alias.alias.successfully.imported.", - "La entrada del alias {0} se ha importado correctamente."}, - {"Entry.for.alias.alias.not.imported.", "La entrada del alias {0} no se ha importado."}, - {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", - "Problema al importar la entrada del alias {0}: {1}.\nNo se ha importado la entrada del alias {0}."}, - {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", - "Comando de importaci\u00F3n completado: {0} entradas importadas correctamente, {1} entradas incorrectas o canceladas"}, - {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", - "Advertencia: se sobrescribir\u00E1 el alias {0} en el almac\u00E9n de claves de destino"}, - {"Existing.entry.alias.alias.exists.overwrite.no.", - "El alias de entrada existente {0} ya existe, \u00BFdesea sobrescribirlo? [no]: "}, - {"Too.many.failures.try.later", "Demasiados fallos; int\u00E9ntelo m\u00E1s adelante"}, - {"Certification.request.stored.in.file.filename.", - "Solicitud de certificaci\u00F3n almacenada en el archivo <{0}>"}, - {"Submit.this.to.your.CA", "Enviar a la CA"}, - {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", - "si no se especifica el alias, no se puede especificar destalias, srckeypass ni destkeypass"}, - {"Certificate.stored.in.file.filename.", - "Certificado almacenado en el archivo <{0}>"}, - {"Certificate.reply.was.installed.in.keystore", - "Se ha instalado la respuesta del certificado en el almac\u00E9n de claves"}, - {"Certificate.reply.was.not.installed.in.keystore", - "No se ha instalado la respuesta del certificado en el almac\u00E9n de claves"}, - {"Certificate.was.added.to.keystore", - "Se ha agregado el certificado al almac\u00E9n de claves"}, - {"Certificate.was.not.added.to.keystore", - "No se ha agregado el certificado al almac\u00E9n de claves"}, - {".Storing.ksfname.", "[Almacenando {0}]"}, - {"alias.has.no.public.key.certificate.", - "{0} no tiene clave p\u00FAblica (certificado)"}, - {"Cannot.derive.signature.algorithm", - "No se puede derivar el algoritmo de firma"}, - {"Alias.alias.does.not.exist", - "El alias <{0}> no existe"}, - {"Alias.alias.has.no.certificate", - "El alias <{0}> no tiene certificado"}, - {"Key.pair.not.generated.alias.alias.already.exists", - "No se ha generado el par de claves, el alias <{0}> ya existe"}, - {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", - "Generando par de claves {1} de {0} bits para certificado autofirmado ({2}) con una validez de {3} d\u00EDas\n\tpara: {4}"}, - {"Enter.key.password.for.alias.", "Introduzca la contrase\u00F1a de clave para <{0}>"}, - {".RETURN.if.same.as.keystore.password.", - "\t(INTRO si es la misma contrase\u00F1a que la del almac\u00E9n de claves): "}, - {"Key.password.is.too.short.must.be.at.least.6.characters", - "La contrase\u00F1a de clave es demasiado corta; debe tener al menos 6 caracteres"}, - {"Too.many.failures.key.not.added.to.keystore", - "Demasiados fallos; no se ha agregado la clave al almac\u00E9n de claves"}, - {"Destination.alias.dest.already.exists", - "El alias de destino <{0}> ya existe"}, - {"Password.is.too.short.must.be.at.least.6.characters", - "La contrase\u00F1a es demasiado corta; debe tener al menos 6 caracteres"}, - {"Too.many.failures.Key.entry.not.cloned", - "Demasiados fallos. No se ha clonado la entrada de clave"}, - {"key.password.for.alias.", "contrase\u00F1a de clave para <{0}>"}, - {"Keystore.entry.for.id.getName.already.exists", - "La entrada de almac\u00E9n de claves para <{0}> ya existe"}, - {"Creating.keystore.entry.for.id.getName.", - "Creando entrada de almac\u00E9n de claves para <{0}> ..."}, - {"No.entries.from.identity.database.added", - "No se han agregado entradas de la base de datos de identidades"}, - {"Alias.name.alias", "Nombre de Alias: {0}"}, - {"Creation.date.keyStore.getCreationDate.alias.", - "Fecha de Creaci\u00F3n: {0,date}"}, - {"alias.keyStore.getCreationDate.alias.", - "{0}, {1,date}, "}, - {"alias.", "{0}, "}, - {"Entry.type.type.", "Tipo de Entrada: {0}"}, - {"Certificate.chain.length.", "Longitud de la Cadena de Certificado: "}, - {"Certificate.i.1.", "Certificado[{0,number,integer}]:"}, - {"Certificate.fingerprint.SHA1.", "Huella Digital de Certificado (SHA1): "}, - {"Keystore.type.", "Tipo de Almac\u00E9n de Claves: "}, - {"Keystore.provider.", "Proveedor de Almac\u00E9n de Claves: "}, - {"Your.keystore.contains.keyStore.size.entry", - "Su almac\u00E9n de claves contiene {0,number,integer} entrada"}, - {"Your.keystore.contains.keyStore.size.entries", - "Su almac\u00E9n de claves contiene {0,number,integer} entradas"}, - {"Failed.to.parse.input", "Fallo al analizar la entrada"}, - {"Empty.input", "Entrada vac\u00EDa"}, - {"Not.X.509.certificate", "No es un certificado X.509"}, - {"alias.has.no.public.key", "{0} no tiene clave p\u00FAblica"}, - {"alias.has.no.X.509.certificate", "{0} no tiene certificado X.509"}, - {"New.certificate.self.signed.", "Nuevo Certificado (Autofirmado):"}, - {"Reply.has.no.certificates", "La respuesta no tiene certificados"}, - {"Certificate.not.imported.alias.alias.already.exists", - "Certificado no importado, el alias <{0}> ya existe"}, - {"Input.not.an.X.509.certificate", "La entrada no es un certificado X.509"}, - {"Certificate.already.exists.in.keystore.under.alias.trustalias.", - "El certificado ya existe en el almac\u00E9n de claves con el alias <{0}>"}, - {"Do.you.still.want.to.add.it.no.", - "\u00BFA\u00FAn desea agregarlo? [no]: "}, - {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", - "El certificado ya existe en el almac\u00E9n de claves de la CA del sistema, con el alias <{0}>"}, - {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", - "\u00BFA\u00FAn desea agregarlo a su propio almac\u00E9n de claves? [no]: "}, - {"Trust.this.certificate.no.", "\u00BFConfiar en este certificado? [no]: "}, - {"YES", "S\u00CD"}, - {"New.prompt.", "Nuevo {0}: "}, - {"Passwords.must.differ", "Las contrase\u00F1as deben ser distintas"}, - {"Re.enter.new.prompt.", "Vuelva a escribir el nuevo {0}: "}, - {"Re.enter.new.password.", "Volver a escribir la contrase\u00F1a nueva: "}, - {"They.don.t.match.Try.again", "No coinciden. Int\u00E9ntelo de nuevo"}, - {"Enter.prompt.alias.name.", "Escriba el nombre de alias de {0}: "}, - {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", - "Indique el nuevo nombre de alias\t(INTRO para cancelar la importaci\u00F3n de esta entrada): "}, - {"Enter.alias.name.", "Introduzca el nombre de alias: "}, - {".RETURN.if.same.as.for.otherAlias.", - "\t(INTRO si es el mismo que para <{0}>)"}, - {".PATTERN.printX509Cert", - "Propietario: {0}\nEmisor: {1}\nN\u00FAmero de serie: {2}\nV\u00E1lido desde: {3} hasta: {4}\nHuellas digitales del Certificado:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t Nombre del Algoritmo de Firma: {8}\n\t Versi\u00F3n: {9}"}, - {"What.is.your.first.and.last.name.", - "\u00BFCu\u00E1les son su nombre y su apellido?"}, - {"What.is.the.name.of.your.organizational.unit.", - "\u00BFCu\u00E1l es el nombre de su unidad de organizaci\u00F3n?"}, - {"What.is.the.name.of.your.organization.", - "\u00BFCu\u00E1l es el nombre de su organizaci\u00F3n?"}, - {"What.is.the.name.of.your.City.or.Locality.", - "\u00BFCu\u00E1l es el nombre de su ciudad o localidad?"}, - {"What.is.the.name.of.your.State.or.Province.", - "\u00BFCu\u00E1l es el nombre de su estado o provincia?"}, - {"What.is.the.two.letter.country.code.for.this.unit.", - "\u00BFCu\u00E1l es el c\u00F3digo de pa\u00EDs de dos letras de la unidad?"}, - {"Is.name.correct.", "\u00BFEs correcto {0}?"}, - {"no", "no"}, - {"yes", "s\u00ED"}, - {"y", "s"}, - {".defaultValue.", " [{0}]: "}, - {"Alias.alias.has.no.key", - "El alias <{0}> no tiene clave"}, - {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", - "El alias <{0}> hace referencia a un tipo de entrada que no es una clave privada. El comando -keyclone s\u00F3lo permite la clonaci\u00F3n de entradas de claves privadas"}, - - {".WARNING.WARNING.WARNING.", - "***************** WARNING WARNING WARNING *****************"}, - {"Signer.d.", "#%d de Firmante:"}, - {"Timestamp.", "Registro de Hora:"}, - {"Signature.", "Firma:"}, - {"CRLs.", "CRL:"}, - {"Certificate.owner.", "Propietario del Certificado: "}, - {"Not.a.signed.jar.file", "No es un archivo jar firmado"}, - {"No.certificate.from.the.SSL.server", - "Ning\u00FAn certificado del servidor SSL"}, - - {".The.integrity.of.the.information.stored.in.your.keystore.", - "* La integridad de la informaci\u00F3n almacenada en el almac\u00E9n de claves *\n* NO se ha comprobado. Para comprobar dicha integridad, *\n* debe proporcionar la contrase\u00F1a del almac\u00E9n de claves. *"}, - {".The.integrity.of.the.information.stored.in.the.srckeystore.", - "* La integridad de la informaci\u00F3n almacenada en srckeystore*\n* NO se ha comprobado. Para comprobar dicha integridad, *\n* debe proporcionar la contrase\u00F1a de srckeystore. *"}, - - {"Certificate.reply.does.not.contain.public.key.for.alias.", - "La respuesta de certificado no contiene una clave p\u00FAblica para <{0}>"}, - {"Incomplete.certificate.chain.in.reply", - "Cadena de certificado incompleta en la respuesta"}, - {"Certificate.chain.in.reply.does.not.verify.", - "La cadena de certificado de la respuesta no verifica: "}, - {"Top.level.certificate.in.reply.", - "Certificado de nivel superior en la respuesta:\n"}, - {".is.not.trusted.", "... no es de confianza. "}, - {"Install.reply.anyway.no.", "\u00BFInstalar respuesta de todos modos? [no]: "}, - {"NO", "NO"}, - {"Public.keys.in.reply.and.keystore.don.t.match", - "Las claves p\u00FAblicas en la respuesta y en el almac\u00E9n de claves no coinciden"}, - {"Certificate.reply.and.certificate.in.keystore.are.identical", - "La respuesta del certificado y el certificado en el almac\u00E9n de claves son id\u00E9nticos"}, - {"Failed.to.establish.chain.from.reply", - "No se ha podido definir una cadena a partir de la respuesta"}, - {"n", "n"}, - {"Wrong.answer.try.again", "Respuesta incorrecta, vuelva a intentarlo"}, - {"Secret.key.not.generated.alias.alias.already.exists", - "No se ha generado la clave secreta, el alias <{0}> ya existe"}, - {"Please.provide.keysize.for.secret.key.generation", - "Proporcione el valor de -keysize para la generaci\u00F3n de claves secretas"}, - - {"Extensions.", "Extensiones: "}, - {".Empty.value.", "(Valor vac\u00EDo)"}, - {"Extension.Request.", "Solicitud de Extensi\u00F3n:"}, - {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", - "Solicitud de Certificado PKCS #10 (Versi\u00F3n 1.0)\nAsunto: %s\nClave P\u00FAblica: %s formato %s clave\n"}, - {"Unknown.keyUsage.type.", "Tipo de uso de clave desconocido: "}, - {"Unknown.extendedkeyUsage.type.", "Tipo de uso de clave extendida desconocido: "}, - {"Unknown.AccessDescription.type.", "Tipo de descripci\u00F3n de acceso desconocido: "}, - {"Unrecognized.GeneralName.type.", "Tipo de nombre general no reconocido: "}, - {"This.extension.cannot.be.marked.as.critical.", - "Esta extensi\u00F3n no se puede marcar como cr\u00EDtica. "}, - {"Odd.number.of.hex.digits.found.", "Se ha encontrado un n\u00FAmero impar de d\u00EDgitos hexadecimales: "}, - {"Unknown.extension.type.", "Tipo de extensi\u00F3n desconocida: "}, - {"command.{0}.is.ambiguous.", "El comando {0} es ambiguo:"}, - - // policytool - {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", - "Advertencia: no hay clave p\u00FAblica para el alias {0}. Aseg\u00FArese de que se ha configurado correctamente un almac\u00E9n de claves."}, - {"Warning.Class.not.found.class", "Advertencia: no se ha encontrado la clase: {0}"}, - {"Warning.Invalid.argument.s.for.constructor.arg", - "Advertencia: argumento(s) no v\u00E1lido(s) para el constructor: {0}"}, - {"Illegal.Principal.Type.type", "Tipo de principal no permitido: {0}"}, - {"Illegal.option.option", "Opci\u00F3n no permitida: {0}"}, - {"Usage.policytool.options.", "Sintaxis: policytool [opciones]"}, - {".file.file.policy.file.location", - " [-file <archivo>] ubicaci\u00F3n del archivo de normas"}, - {"New", "Nuevo"}, - {"Open", "Abrir"}, - {"Save", "Guardar"}, - {"Save.As", "Guardar como"}, - {"View.Warning.Log", "Ver Log de Advertencias"}, - {"Exit", "Salir"}, - {"Add.Policy.Entry", "Agregar Entrada de Pol\u00EDtica"}, - {"Edit.Policy.Entry", "Editar Entrada de Pol\u00EDtica"}, - {"Remove.Policy.Entry", "Eliminar Entrada de Pol\u00EDtica"}, - {"Edit", "Editar"}, - {"Retain", "Mantener"}, - - {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", - "Advertencia: el nombre del archivo puede contener caracteres de barra invertida de escape. No es necesario utilizar barras invertidas de escape (la herramienta aplica caracteres de escape seg\u00FAn sea necesario al escribir el contenido de las pol\u00EDticas en el almac\u00E9n persistente).\n\nHaga clic en Mantener para conservar el nombre introducido o en Editar para modificarlo."}, - - {"Add.Public.Key.Alias", "Agregar Alias de Clave P\u00FAblico"}, - {"Remove.Public.Key.Alias", "Eliminar Alias de Clave P\u00FAblico"}, - {"File", "Archivo"}, - {"KeyStore", "Almac\u00E9n de Claves"}, - {"Policy.File.", "Archivo de Pol\u00EDtica:"}, - {"Could.not.open.policy.file.policyFile.e.toString.", - "No se ha podido abrir el archivo de pol\u00EDtica: {0}: {1}"}, - {"Policy.Tool", "Herramienta de Pol\u00EDticas"}, - {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", - "Ha habido errores al abrir la configuraci\u00F3n de pol\u00EDticas. V\u00E9ase el log de advertencias para obtener m\u00E1s informaci\u00F3n."}, - {"Error", "Error"}, - {"OK", "Aceptar"}, - {"Status", "Estado"}, - {"Warning", "Advertencia"}, - {"Permission.", - "Permiso: "}, - {"Principal.Type.", "Tipo de Principal:"}, - {"Principal.Name.", "Nombre de Principal:"}, - {"Target.Name.", - "Nombre de Destino: "}, - {"Actions.", - "Acciones: "}, - {"OK.to.overwrite.existing.file.filename.", - "\u00BFSobrescribir el archivo existente {0}?"}, - {"Cancel", "Cancelar"}, - {"CodeBase.", "CodeBase:"}, - {"SignedBy.", "SignedBy:"}, - {"Add.Principal", "Agregar Principal"}, - {"Edit.Principal", "Editar Principal"}, - {"Remove.Principal", "Eliminar Principal"}, - {"Principals.", "Principales:"}, - {".Add.Permission", " Agregar Permiso"}, - {".Edit.Permission", " Editar Permiso"}, - {"Remove.Permission", "Eliminar Permiso"}, - {"Done", "Listo"}, - {"KeyStore.URL.", "URL de Almac\u00E9n de Claves:"}, - {"KeyStore.Type.", "Tipo de Almac\u00E9n de Claves:"}, - {"KeyStore.Provider.", "Proveedor de Almac\u00E9n de Claves:"}, - {"KeyStore.Password.URL.", "URL de Contrase\u00F1a de Almac\u00E9n de Claves:"}, - {"Principals", "Principales"}, - {".Edit.Principal.", " Editar Principal:"}, - {".Add.New.Principal.", " Agregar Nuevo Principal:"}, - {"Permissions", "Permisos"}, - {".Edit.Permission.", " Editar Permiso:"}, - {".Add.New.Permission.", " Agregar Permiso Nuevo:"}, - {"Signed.By.", "Firmado Por:"}, - {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", - "No se puede especificar un principal con una clase de comod\u00EDn sin un nombre de comod\u00EDn"}, - {"Cannot.Specify.Principal.without.a.Name", - "No se puede especificar el principal sin un nombre"}, - {"Permission.and.Target.Name.must.have.a.value", - "Permiso y Nombre de Destino deben tener un valor"}, - {"Remove.this.Policy.Entry.", "\u00BFEliminar esta entrada de pol\u00EDtica?"}, - {"Overwrite.File", "Sobrescribir Archivo"}, - {"Policy.successfully.written.to.filename", - "Pol\u00EDtica escrita correctamente en {0}"}, - {"null.filename", "nombre de archivo nulo"}, - {"Save.changes.", "\u00BFGuardar los cambios?"}, - {"Yes", "S\u00ED"}, - {"No", "No"}, - {"Policy.Entry", "Entrada de Pol\u00EDtica"}, - {"Save.Changes", "Guardar Cambios"}, - {"No.Policy.Entry.selected", "No se ha seleccionado la entrada de pol\u00EDtica"}, - {"Unable.to.open.KeyStore.ex.toString.", - "No se ha podido abrir el almac\u00E9n de claves: {0}"}, - {"No.principal.selected", "No se ha seleccionado un principal"}, - {"No.permission.selected", "No se ha seleccionado un permiso"}, - {"name", "nombre"}, - {"configuration.type", "tipo de configuraci\u00F3n"}, - {"environment.variable.name", "nombre de variable de entorno"}, - {"library.name", "nombre de la biblioteca"}, - {"package.name", "nombre del paquete"}, - {"policy.type", "tipo de pol\u00EDtica"}, - {"property.name", "nombre de la propiedad"}, - {"Principal.List", "Lista de Principales"}, - {"Permission.List", "Lista de Permisos"}, - {"Code.Base", "Base de C\u00F3digo"}, - {"KeyStore.U.R.L.", "URL de Almac\u00E9n de Claves:"}, - {"KeyStore.Password.U.R.L.", "URL de Contrase\u00F1a de Almac\u00E9n de Claves:"}, - - // javax.security.auth.PrivateCredentialPermission {"invalid.null.input.s.", "entradas nulas no v\u00E1lidas"}, {"actions.can.only.be.read.", "las acciones s\u00F3lo pueden 'leerse'"}, @@ -551,6 +58,7 @@ {"provided.null.OID.map", "mapa de OID proporcionado nulo"}, // javax.security.auth.Subject + {"NEWLINE", "\n"}, {"invalid.null.AccessControlContext.provided", "se ha proporcionado un AccessControlContext nulo no v\u00E1lido"}, {"invalid.null.action.provided", "se ha proporcionado una acci\u00F3n nula no v\u00E1lida"}, @@ -654,6 +162,7 @@ * * @return the contents of this <code>ResourceBundle</code>. */ + @Override public Object[][] getContents() { return contents; }
--- a/src/share/classes/sun/security/util/Resources_fr.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/Resources_fr.java Sat Sep 10 22:36:17 2016 +0100 @@ -34,499 +34,6 @@ private static final Object[][] contents = { - // shared (from jarsigner) - {"SPACE", " "}, - {"2SPACE", " "}, - {"6SPACE", " "}, - {"COMMA", ", "}, - // shared (from keytool) - {"NEWLINE", "\n"}, - {"STAR", - "*******************************************"}, - {"STARNN", - "*******************************************\n\n"}, - - // keytool: Help part - {".OPTION.", " [OPTION]..."}, - {"Options.", "Options :"}, - {"Use.keytool.help.for.all.available.commands", - "Utiliser \"keytool -help\" pour toutes les commandes disponibles"}, - {"Key.and.Certificate.Management.Tool", - "Outil de gestion de certificats et de cl\u00E9s"}, - {"Commands.", "Commandes :"}, - {"Use.keytool.command.name.help.for.usage.of.command.name", - "Utiliser \"keytool -command_name -help\" pour la syntaxe de command_name"}, - // keytool: help: commands - {"Generates.a.certificate.request", - "G\u00E9n\u00E8re une demande de certificat"}, //-certreq - {"Changes.an.entry.s.alias", - "Modifie l'alias d'une entr\u00E9e"}, //-changealias - {"Deletes.an.entry", - "Supprime une entr\u00E9e"}, //-delete - {"Exports.certificate", - "Exporte le certificat"}, //-exportcert - {"Generates.a.key.pair", - "G\u00E9n\u00E8re une paire de cl\u00E9s"}, //-genkeypair - {"Generates.a.secret.key", - "G\u00E9n\u00E8re une cl\u00E9 secr\u00E8te"}, //-genseckey - {"Generates.certificate.from.a.certificate.request", - "G\u00E9n\u00E8re le certificat \u00E0 partir d'une demande de certificat"}, //-gencert - {"Generates.CRL", "G\u00E9n\u00E8re la liste des certificats r\u00E9voqu\u00E9s (CRL)"}, //-gencrl - {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", - "Importe les entr\u00E9es \u00E0 partir d'une base de donn\u00E9es d'identit\u00E9s de type JDK 1.1.x"}, //-identitydb - {"Imports.a.certificate.or.a.certificate.chain", - "Importe un certificat ou une cha\u00EEne de certificat"}, //-importcert - {"Imports.one.or.all.entries.from.another.keystore", - "Importe une entr\u00E9e ou la totalit\u00E9 des entr\u00E9es depuis un autre fichier de cl\u00E9s"}, //-importkeystore - {"Clones.a.key.entry", - "Clone une entr\u00E9e de cl\u00E9"}, //-keyclone - {"Changes.the.key.password.of.an.entry", - "Modifie le mot de passe de cl\u00E9 d'une entr\u00E9e"}, //-keypasswd - {"Lists.entries.in.a.keystore", - "R\u00E9pertorie les entr\u00E9es d'un fichier de cl\u00E9s"}, //-list - {"Prints.the.content.of.a.certificate", - "Imprime le contenu d'un certificat"}, //-printcert - {"Prints.the.content.of.a.certificate.request", - "Imprime le contenu d'une demande de certificat"}, //-printcertreq - {"Prints.the.content.of.a.CRL.file", - "Imprime le contenu d'un fichier de liste des certificats r\u00E9voqu\u00E9s (CRL)"}, //-printcrl - {"Generates.a.self.signed.certificate", - "G\u00E9n\u00E8re un certificat auto-sign\u00E9"}, //-selfcert - {"Changes.the.store.password.of.a.keystore", - "Modifie le mot de passe de banque d'un fichier de cl\u00E9s"}, //-storepasswd - // keytool: help: options - {"alias.name.of.the.entry.to.process", - "nom d'alias de l'entr\u00E9e \u00E0 traiter"}, //-alias - {"destination.alias", - "alias de destination"}, //-destalias - {"destination.key.password", - "mot de passe de la cl\u00E9 de destination"}, //-destkeypass - {"destination.keystore.name", - "nom du fichier de cl\u00E9s de destination"}, //-destkeystore - {"destination.keystore.password.protected", - "mot de passe du fichier de cl\u00E9s de destination prot\u00E9g\u00E9"}, //-destprotected - {"destination.keystore.provider.name", - "nom du fournisseur du fichier de cl\u00E9s de destination"}, //-destprovidername - {"destination.keystore.password", - "mot de passe du fichier de cl\u00E9s de destination"}, //-deststorepass - {"destination.keystore.type", - "type du fichier de cl\u00E9s de destination"}, //-deststoretype - {"distinguished.name", - "nom distinctif"}, //-dname - {"X.509.extension", - "extension X.509"}, //-ext - {"output.file.name", - "nom du fichier de sortie"}, //-file and -outfile - {"input.file.name", - "nom du fichier d'entr\u00E9e"}, //-file and -infile - {"key.algorithm.name", - "nom de l'algorithme de cl\u00E9"}, //-keyalg - {"key.password", - "mot de passe de la cl\u00E9"}, //-keypass - {"key.bit.size", - "taille en bits de la cl\u00E9"}, //-keysize - {"keystore.name", - "nom du fichier de cl\u00E9s"}, //-keystore - {"new.password", - "nouveau mot de passe"}, //-new - {"do.not.prompt", - "ne pas inviter"}, //-noprompt - {"password.through.protected.mechanism", - "mot de passe via m\u00E9canisme prot\u00E9g\u00E9"}, //-protected - {"provider.argument", - "argument du fournisseur"}, //-providerarg - {"provider.class.name", - "nom de la classe de fournisseur"}, //-providerclass - {"provider.name", - "nom du fournisseur"}, //-providername - {"provider.classpath", - "variable d'environnement CLASSPATH du fournisseur"}, //-providerpath - {"output.in.RFC.style", - "sortie au style RFC"}, //-rfc - {"signature.algorithm.name", - "nom de l'algorithme de signature"}, //-sigalg - {"source.alias", - "alias source"}, //-srcalias - {"source.key.password", - "mot de passe de la cl\u00E9 source"}, //-srckeypass - {"source.keystore.name", - "nom du fichier de cl\u00E9s source"}, //-srckeystore - {"source.keystore.password.protected", - "mot de passe du fichier de cl\u00E9s source prot\u00E9g\u00E9"}, //-srcprotected - {"source.keystore.provider.name", - "nom du fournisseur du fichier de cl\u00E9s source"}, //-srcprovidername - {"source.keystore.password", - "mot de passe du fichier de cl\u00E9s source"}, //-srcstorepass - {"source.keystore.type", - "type du fichier de cl\u00E9s source"}, //-srcstoretype - {"SSL.server.host.and.port", - "Port et h\u00F4te du serveur SSL"}, //-sslserver - {"signed.jar.file", - "fichier JAR sign\u00E9"}, //=jarfile - {"certificate.validity.start.date.time", - "date/heure de d\u00E9but de validit\u00E9 du certificat"}, //-startdate - {"keystore.password", - "mot de passe du fichier de cl\u00E9s"}, //-storepass - {"keystore.type", - "type du fichier de cl\u00E9s"}, //-storetype - {"trust.certificates.from.cacerts", - "certificats s\u00E9curis\u00E9s issus de certificats CA"}, //-trustcacerts - {"verbose.output", - "sortie en mode verbose"}, //-v - {"validity.number.of.days", - "nombre de jours de validit\u00E9"}, //-validity - {"Serial.ID.of.cert.to.revoke", - "ID de s\u00E9rie du certificat \u00E0 r\u00E9voquer"}, //-id - // keytool: Running part - {"keytool.error.", "erreur keytool : "}, - {"Illegal.option.", "Option non admise : "}, - {"Illegal.value.", "Valeur non admise : "}, - {"Unknown.password.type.", "Type de mot de passe inconnu : "}, - {"Cannot.find.environment.variable.", - "Variable d'environnement introuvable : "}, - {"Cannot.find.file.", "Fichier introuvable : "}, - {"Command.option.flag.needs.an.argument.", "L''option de commande {0} requiert un argument."}, - {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", - "Avertissement\u00A0: les mots de passe de cl\u00E9 et de banque distincts ne sont pas pris en charge pour les fichiers de cl\u00E9s d''acc\u00E8s PKCS12. La valeur {0} sp\u00E9cifi\u00E9e par l''utilisateur est ignor\u00E9e."}, - {".keystore.must.be.NONE.if.storetype.is.{0}", - "-keystore doit \u00EAtre d\u00E9fini sur NONE si -storetype est {0}"}, - {"Too.many.retries.program.terminated", - "Trop de tentatives, fin du programme"}, - {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", - "Les commandes -storepasswd et -keypasswd ne sont pas prises en charge si -storetype est d\u00E9fini sur {0}"}, - {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", - "Les commandes -keypasswd ne sont pas prises en charge si -storetype est d\u00E9fini sur PKCS12"}, - {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", - "Les commandes -keypass et -new ne peuvent pas \u00EAtre sp\u00E9cifi\u00E9es si -storetype est d\u00E9fini sur {0}"}, - {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", - "si -protected est sp\u00E9cifi\u00E9, -storepass, -keypass et -new ne doivent pas \u00EAtre indiqu\u00E9s"}, - {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", - "Si -srcprotected est indiqu\u00E9, les commandes -srcstorepass et -srckeypass ne doivent pas \u00EAtre sp\u00E9cifi\u00E9es"}, - {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", - "Si le fichier de cl\u00E9s n'est pas prot\u00E9g\u00E9 par un mot de passe, les commandes -storepass, -keypass et -new ne doivent pas \u00EAtre sp\u00E9cifi\u00E9es"}, - {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", - "Si le fichier de cl\u00E9s source n'est pas prot\u00E9g\u00E9 par un mot de passe, les commandes -srcstorepass et -srckeypass ne doivent pas \u00EAtre sp\u00E9cifi\u00E9es"}, - {"Illegal.startdate.value", "Valeur de date de d\u00E9but non admise"}, - {"Validity.must.be.greater.than.zero", - "La validit\u00E9 doit \u00EAtre sup\u00E9rieure \u00E0 z\u00E9ro"}, - {"provName.not.a.provider", "{0} n''est pas un fournisseur"}, - {"Usage.error.no.command.provided", "Erreur de syntaxe\u00A0: aucune commande fournie"}, - {"Source.keystore.file.exists.but.is.empty.", "Le fichier de cl\u00E9s source existe mais il est vide : "}, - {"Please.specify.srckeystore", "Indiquez -srckeystore"}, - {"Must.not.specify.both.v.and.rfc.with.list.command", - "-v et -rfc ne doivent pas \u00EAtre sp\u00E9cifi\u00E9s avec la commande 'list'"}, - {"Key.password.must.be.at.least.6.characters", - "Un mot de passe de cl\u00E9 doit comporter au moins 6 caract\u00E8res"}, - {"New.password.must.be.at.least.6.characters", - "Le nouveau mot de passe doit comporter au moins 6 caract\u00E8res"}, - {"Keystore.file.exists.but.is.empty.", - "Fichier de cl\u00E9s existant mais vide : "}, - {"Keystore.file.does.not.exist.", - "Le fichier de cl\u00E9s n'existe pas : "}, - {"Must.specify.destination.alias", "L'alias de destination doit \u00EAtre sp\u00E9cifi\u00E9"}, - {"Must.specify.alias", "L'alias doit \u00EAtre sp\u00E9cifi\u00E9"}, - {"Keystore.password.must.be.at.least.6.characters", - "Un mot de passe de fichier de cl\u00E9s doit comporter au moins 6 caract\u00E8res"}, - {"Enter.keystore.password.", "Entrez le mot de passe du fichier de cl\u00E9s : "}, - {"Enter.source.keystore.password.", "Entrez le mot de passe du fichier de cl\u00E9s source\u00A0: "}, - {"Enter.destination.keystore.password.", "Entrez le mot de passe du fichier de cl\u00E9s de destination\u00A0: "}, - {"Keystore.password.is.too.short.must.be.at.least.6.characters", - "Le mot de passe du fichier de cl\u00E9s est trop court : il doit comporter au moins 6 caract\u00E8res"}, - {"Unknown.Entry.Type", "Type d'entr\u00E9e inconnu"}, - {"Too.many.failures.Alias.not.changed", "Trop d'erreurs. Alias non modifi\u00E9"}, - {"Entry.for.alias.alias.successfully.imported.", - "L''entr\u00E9e de l''alias {0} a \u00E9t\u00E9 import\u00E9e."}, - {"Entry.for.alias.alias.not.imported.", "L''entr\u00E9e de l''alias {0} n''a pas \u00E9t\u00E9 import\u00E9e."}, - {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", - "Probl\u00E8me lors de l''import de l''entr\u00E9e de l''alias {0}\u00A0: {1}.\nL''entr\u00E9e de l''alias {0} n''a pas \u00E9t\u00E9 import\u00E9e."}, - {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", - "Commande d''import ex\u00E9cut\u00E9e\u00A0: {0} entr\u00E9es import\u00E9es, \u00E9chec ou annulation de {1} entr\u00E9es"}, - {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", - "Avertissement\u00A0: l''alias {0} existant sera remplac\u00E9 dans le fichier de cl\u00E9s d''acc\u00E8s de destination"}, - {"Existing.entry.alias.alias.exists.overwrite.no.", - "L''alias d''entr\u00E9e {0} existe d\u00E9j\u00E0. Voulez-vous le remplacer ? [non]\u00A0: "}, - {"Too.many.failures.try.later", "Trop d'erreurs. R\u00E9essayez plus tard"}, - {"Certification.request.stored.in.file.filename.", - "Demande de certification stock\u00E9e dans le fichier <{0}>"}, - {"Submit.this.to.your.CA", "Soumettre \u00E0 votre CA"}, - {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", - "si l'alias n'est pas sp\u00E9cifi\u00E9, destalias, srckeypass et destkeypass ne doivent pas \u00EAtre sp\u00E9cifi\u00E9s"}, - {"Certificate.stored.in.file.filename.", - "Certificat stock\u00E9 dans le fichier <{0}>"}, - {"Certificate.reply.was.installed.in.keystore", - "R\u00E9ponse de certificat install\u00E9e dans le fichier de cl\u00E9s"}, - {"Certificate.reply.was.not.installed.in.keystore", - "R\u00E9ponse de certificat non install\u00E9e dans le fichier de cl\u00E9s"}, - {"Certificate.was.added.to.keystore", - "Certificat ajout\u00E9 au fichier de cl\u00E9s"}, - {"Certificate.was.not.added.to.keystore", - "Certificat non ajout\u00E9 au fichier de cl\u00E9s"}, - {".Storing.ksfname.", "[Stockage de {0}]"}, - {"alias.has.no.public.key.certificate.", - "{0} ne poss\u00E8de pas de cl\u00E9 publique (certificat)"}, - {"Cannot.derive.signature.algorithm", - "Impossible de d\u00E9duire l'algorithme de signature"}, - {"Alias.alias.does.not.exist", - "L''alias <{0}> n''existe pas"}, - {"Alias.alias.has.no.certificate", - "L''alias <{0}> ne poss\u00E8de pas de certificat"}, - {"Key.pair.not.generated.alias.alias.already.exists", - "Paire de cl\u00E9s non g\u00E9n\u00E9r\u00E9e, l''alias <{0}> existe d\u00E9j\u00E0"}, - {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", - "G\u00E9n\u00E9ration d''une paire de cl\u00E9s {1} de {0} bits et d''un certificat auto-sign\u00E9 ({2}) d''une validit\u00E9 de {3} jours\n\tpour : {4}"}, - {"Enter.key.password.for.alias.", "Entrez le mot de passe de la cl\u00E9 pour <{0}>"}, - {".RETURN.if.same.as.keystore.password.", - "\t(appuyez sur Entr\u00E9e s'il s'agit du mot de passe du fichier de cl\u00E9s) : "}, - {"Key.password.is.too.short.must.be.at.least.6.characters", - "Le mot de passe de la cl\u00E9 est trop court : il doit comporter au moins 6 caract\u00E8res"}, - {"Too.many.failures.key.not.added.to.keystore", - "Trop d'erreurs. Cl\u00E9 non ajout\u00E9e au fichier de cl\u00E9s"}, - {"Destination.alias.dest.already.exists", - "L''alias de la destination <{0}> existe d\u00E9j\u00E0"}, - {"Password.is.too.short.must.be.at.least.6.characters", - "Le mot de passe est trop court : il doit comporter au moins 6 caract\u00E8res"}, - {"Too.many.failures.Key.entry.not.cloned", - "Trop d'erreurs. Entr\u00E9e de cl\u00E9 non clon\u00E9e"}, - {"key.password.for.alias.", "mot de passe de cl\u00E9 pour <{0}>"}, - {"Keystore.entry.for.id.getName.already.exists", - "L''entr\u00E9e de fichier de cl\u00E9s d''acc\u00E8s pour <{0}> existe d\u00E9j\u00E0"}, - {"Creating.keystore.entry.for.id.getName.", - "Cr\u00E9ation d''une entr\u00E9e de fichier de cl\u00E9s d''acc\u00E8s pour <{0}>..."}, - {"No.entries.from.identity.database.added", - "Aucune entr\u00E9e ajout\u00E9e \u00E0 partir de la base de donn\u00E9es d'identit\u00E9s"}, - {"Alias.name.alias", "Nom d''alias : {0}"}, - {"Creation.date.keyStore.getCreationDate.alias.", - "Date de cr\u00E9ation : {0,date}"}, - {"alias.keyStore.getCreationDate.alias.", - "{0}, {1,date}, "}, - {"alias.", "{0}, "}, - {"Entry.type.type.", "Type d''entr\u00E9e\u00A0: {0}"}, - {"Certificate.chain.length.", "Longueur de cha\u00EEne du certificat : "}, - {"Certificate.i.1.", "Certificat[{0,number,integer}]:"}, - {"Certificate.fingerprint.SHA1.", "Empreinte du certificat (SHA1) : "}, - {"Keystore.type.", "Type de fichier de cl\u00E9s : "}, - {"Keystore.provider.", "Fournisseur de fichier de cl\u00E9s : "}, - {"Your.keystore.contains.keyStore.size.entry", - "Votre fichier de cl\u00E9s d''acc\u00E8s contient {0,number,integer} entr\u00E9e"}, - {"Your.keystore.contains.keyStore.size.entries", - "Votre fichier de cl\u00E9s d''acc\u00E8s contient {0,number,integer} entr\u00E9es"}, - {"Failed.to.parse.input", "L'analyse de l'entr\u00E9e a \u00E9chou\u00E9"}, - {"Empty.input", "Entr\u00E9e vide"}, - {"Not.X.509.certificate", "Pas un certificat X.509"}, - {"alias.has.no.public.key", "{0} ne poss\u00E8de pas de cl\u00E9 publique"}, - {"alias.has.no.X.509.certificate", "{0} ne poss\u00E8de pas de certificat X.509"}, - {"New.certificate.self.signed.", "Nouveau certificat (auto-sign\u00E9) :"}, - {"Reply.has.no.certificates", "La r\u00E9ponse n'a pas de certificat"}, - {"Certificate.not.imported.alias.alias.already.exists", - "Certificat non import\u00E9, l''alias <{0}> existe d\u00E9j\u00E0"}, - {"Input.not.an.X.509.certificate", "L'entr\u00E9e n'est pas un certificat X.509"}, - {"Certificate.already.exists.in.keystore.under.alias.trustalias.", - "Le certificat existe d\u00E9j\u00E0 dans le fichier de cl\u00E9s d''acc\u00E8s sous l''alias <{0}>"}, - {"Do.you.still.want.to.add.it.no.", - "Voulez-vous toujours l'ajouter ? [non] : "}, - {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", - "Le certificat existe d\u00E9j\u00E0 dans le fichier de cl\u00E9s d''acc\u00E8s CA syst\u00E8me sous l''alias <{0}>"}, - {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", - "Voulez-vous toujours l'ajouter \u00E0 votre fichier de cl\u00E9s ? [non] : "}, - {"Trust.this.certificate.no.", "Faire confiance \u00E0 ce certificat ? [non] : "}, - {"YES", "OUI"}, - {"New.prompt.", "Nouveau {0} : "}, - {"Passwords.must.differ", "Les mots de passe doivent diff\u00E9rer"}, - {"Re.enter.new.prompt.", "Indiquez encore le nouveau {0} : "}, - {"Re.enter.new.password.", "Ressaisissez le nouveau mot de passe : "}, - {"They.don.t.match.Try.again", "Ils sont diff\u00E9rents. R\u00E9essayez."}, - {"Enter.prompt.alias.name.", "Indiquez le nom d''alias {0} : "}, - {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", - "Saisissez le nom du nouvel alias\t(ou appuyez sur Entr\u00E9e pour annuler l'import de cette entr\u00E9e)\u00A0: "}, - {"Enter.alias.name.", "Indiquez le nom d'alias : "}, - {".RETURN.if.same.as.for.otherAlias.", - "\t(appuyez sur Entr\u00E9e si le r\u00E9sultat est identique \u00E0 <{0}>)"}, - {".PATTERN.printX509Cert", - "Propri\u00E9taire : {0}\nEmetteur : {1}\nNum\u00E9ro de s\u00E9rie : {2}\nValide du : {3} au : {4}\nEmpreintes du certificat :\n\t MD5: {5}\n\t SHA1 : {6}\n\t SHA256 : {7}\n\t Nom de l''algorithme de signature : {8}\n\t Version : {9}"}, - {"What.is.your.first.and.last.name.", - "Quels sont vos nom et pr\u00E9nom ?"}, - {"What.is.the.name.of.your.organizational.unit.", - "Quel est le nom de votre unit\u00E9 organisationnelle ?"}, - {"What.is.the.name.of.your.organization.", - "Quel est le nom de votre entreprise ?"}, - {"What.is.the.name.of.your.City.or.Locality.", - "Quel est le nom de votre ville de r\u00E9sidence ?"}, - {"What.is.the.name.of.your.State.or.Province.", - "Quel est le nom de votre \u00E9tat ou province ?"}, - {"What.is.the.two.letter.country.code.for.this.unit.", - "Quel est le code pays \u00E0 deux lettres pour cette unit\u00E9 ?"}, - {"Is.name.correct.", "Est-ce {0} ?"}, - {"no", "non"}, - {"yes", "oui"}, - {"y", "o"}, - {".defaultValue.", " [{0}]: "}, - {"Alias.alias.has.no.key", - "L''alias <{0}> n''est associ\u00E9 \u00E0 aucune cl\u00E9"}, - {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", - "L''entr\u00E9e \u00E0 laquelle l''alias <{0}> fait r\u00E9f\u00E9rence n''est pas une entr\u00E9e de type cl\u00E9 priv\u00E9e. La commande -keyclone prend uniquement en charge le clonage des cl\u00E9s priv\u00E9es"}, - - {".WARNING.WARNING.WARNING.", - "***************** WARNING WARNING WARNING *****************"}, - {"Signer.d.", "Signataire n\u00B0%d :"}, - {"Timestamp.", "Horodatage :"}, - {"Signature.", "Signature :"}, - {"CRLs.", "Listes des certificats r\u00E9voqu\u00E9s (CRL) :"}, - {"Certificate.owner.", "Propri\u00E9taire du certificat : "}, - {"Not.a.signed.jar.file", "Fichier JAR non sign\u00E9"}, - {"No.certificate.from.the.SSL.server", - "Aucun certificat du serveur SSL"}, - - {".The.integrity.of.the.information.stored.in.your.keystore.", - "* L'int\u00E9grit\u00E9 des informations stock\u00E9es dans votre fichier de cl\u00E9s *\n* n'a PAS \u00E9t\u00E9 v\u00E9rifi\u00E9e. Pour cela, *\n* vous devez fournir le mot de passe de votre fichier de cl\u00E9s. *"}, - {".The.integrity.of.the.information.stored.in.the.srckeystore.", - "* L'int\u00E9grit\u00E9 des informations stock\u00E9es dans le fichier de cl\u00E9s source *\n* n'a PAS \u00E9t\u00E9 v\u00E9rifi\u00E9e. Pour cela, *\n* vous devez fournir le mot de passe de votre fichier de cl\u00E9s source. *"}, - - {"Certificate.reply.does.not.contain.public.key.for.alias.", - "La r\u00E9ponse au certificat ne contient pas de cl\u00E9 publique pour <{0}>"}, - {"Incomplete.certificate.chain.in.reply", - "Cha\u00EEne de certificat incompl\u00E8te dans la r\u00E9ponse"}, - {"Certificate.chain.in.reply.does.not.verify.", - "La cha\u00EEne de certificat de la r\u00E9ponse ne concorde pas : "}, - {"Top.level.certificate.in.reply.", - "Certificat de niveau sup\u00E9rieur dans la r\u00E9ponse :\n"}, - {".is.not.trusted.", "... non s\u00E9curis\u00E9. "}, - {"Install.reply.anyway.no.", "Installer la r\u00E9ponse quand m\u00EAme ? [non] : "}, - {"NO", "NON"}, - {"Public.keys.in.reply.and.keystore.don.t.match", - "Les cl\u00E9s publiques de la r\u00E9ponse et du fichier de cl\u00E9s ne concordent pas"}, - {"Certificate.reply.and.certificate.in.keystore.are.identical", - "La r\u00E9ponse au certificat et le certificat du fichier de cl\u00E9s sont identiques"}, - {"Failed.to.establish.chain.from.reply", - "Impossible de cr\u00E9er une cha\u00EEne \u00E0 partir de la r\u00E9ponse"}, - {"n", "n"}, - {"Wrong.answer.try.again", "R\u00E9ponse incorrecte, recommencez"}, - {"Secret.key.not.generated.alias.alias.already.exists", - "Cl\u00E9 secr\u00E8te non g\u00E9n\u00E9r\u00E9e, l''alias <{0}> existe d\u00E9j\u00E0"}, - {"Please.provide.keysize.for.secret.key.generation", - "Indiquez -keysize pour la g\u00E9n\u00E9ration de la cl\u00E9 secr\u00E8te"}, - - {"Extensions.", "Extensions\u00A0: "}, - {".Empty.value.", "(Valeur vide)"}, - {"Extension.Request.", "Demande d'extension :"}, - {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", - "Demande de certificat PKCS #10 (version 1.0)\nSujet : %s\nCl\u00E9 publique : format %s pour la cl\u00E9 %s\n"}, - {"Unknown.keyUsage.type.", "Type keyUsage inconnu : "}, - {"Unknown.extendedkeyUsage.type.", "Type extendedkeyUsage inconnu : "}, - {"Unknown.AccessDescription.type.", "Type AccessDescription inconnu : "}, - {"Unrecognized.GeneralName.type.", "Type GeneralName non reconnu : "}, - {"This.extension.cannot.be.marked.as.critical.", - "Cette extension ne peut pas \u00EAtre marqu\u00E9e comme critique. "}, - {"Odd.number.of.hex.digits.found.", "Nombre impair de chiffres hexad\u00E9cimaux trouv\u00E9 : "}, - {"Unknown.extension.type.", "Type d'extension inconnu : "}, - {"command.{0}.is.ambiguous.", "commande {0} ambigu\u00EB :"}, - - // policytool - {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", - "Avertissement\u00A0: il n''existe pas de cl\u00E9 publique pour l''alias {0}. V\u00E9rifiez que le fichier de cl\u00E9s d''acc\u00E8s est correctement configur\u00E9."}, - {"Warning.Class.not.found.class", "Avertissement : classe introuvable - {0}"}, - {"Warning.Invalid.argument.s.for.constructor.arg", - "Avertissement\u00A0: arguments non valides pour le constructeur\u00A0- {0}"}, - {"Illegal.Principal.Type.type", "Type de principal non admis : {0}"}, - {"Illegal.option.option", "Option non admise : {0}"}, - {"Usage.policytool.options.", "Syntaxe : policytool [options]"}, - {".file.file.policy.file.location", - " [-file <file>] emplacement du fichier de r\u00E8gles"}, - {"New", "Nouveau"}, - {"Open", "Ouvrir"}, - {"Save", "Enregistrer"}, - {"Save.As", "Enregistrer sous"}, - {"View.Warning.Log", "Afficher le journal des avertissements"}, - {"Exit", "Quitter"}, - {"Add.Policy.Entry", "Ajouter une r\u00E8gle"}, - {"Edit.Policy.Entry", "Modifier une r\u00E8gle"}, - {"Remove.Policy.Entry", "Enlever une r\u00E8gle"}, - {"Edit", "Modifier"}, - {"Retain", "Conserver"}, - - {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", - "Avertissement : il se peut que le nom de fichier contienne des barres obliques inverses avec caract\u00E8re d'\u00E9chappement. Il n'est pas n\u00E9cessaire d'ajouter un caract\u00E8re d'\u00E9chappement aux barres obliques inverses. (L'outil proc\u00E8de \u00E0 l'\u00E9chappement si n\u00E9cessaire lorsqu'il \u00E9crit le contenu des r\u00E8gles dans la zone de stockage persistant).\n\nCliquez sur Conserver pour garder le nom saisi ou sur Modifier pour le remplacer."}, - - {"Add.Public.Key.Alias", "Ajouter un alias de cl\u00E9 publique"}, - {"Remove.Public.Key.Alias", "Enlever un alias de cl\u00E9 publique"}, - {"File", "Fichier"}, - {"KeyStore", "Fichier de cl\u00E9s"}, - {"Policy.File.", "Fichier de r\u00E8gles :"}, - {"Could.not.open.policy.file.policyFile.e.toString.", - "Impossible d''ouvrir le fichier de r\u00E8gles\u00A0: {0}: {1}"}, - {"Policy.Tool", "Policy Tool"}, - {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", - "Des erreurs se sont produites \u00E0 l'ouverture de la configuration de r\u00E8gles. Pour plus d'informations, consultez le journal des avertissements."}, - {"Error", "Erreur"}, - {"OK", "OK"}, - {"Status", "Statut"}, - {"Warning", "Avertissement"}, - {"Permission.", - "Droit : "}, - {"Principal.Type.", "Type de principal :"}, - {"Principal.Name.", "Nom de principal :"}, - {"Target.Name.", - "Nom de cible : "}, - {"Actions.", - "Actions : "}, - {"OK.to.overwrite.existing.file.filename.", - "Remplacer le fichier existant {0} ?"}, - {"Cancel", "Annuler"}, - {"CodeBase.", "Base de code :"}, - {"SignedBy.", "Sign\u00E9 par :"}, - {"Add.Principal", "Ajouter un principal"}, - {"Edit.Principal", "Modifier un principal"}, - {"Remove.Principal", "Enlever un principal"}, - {"Principals.", "Principaux :"}, - {".Add.Permission", " Ajouter un droit"}, - {".Edit.Permission", " Modifier un droit"}, - {"Remove.Permission", "Enlever un droit"}, - {"Done", "Termin\u00E9"}, - {"KeyStore.URL.", "URL du fichier de cl\u00E9s :"}, - {"KeyStore.Type.", "Type du fichier de cl\u00E9s :"}, - {"KeyStore.Provider.", "Fournisseur du fichier de cl\u00E9s :"}, - {"KeyStore.Password.URL.", "URL du mot de passe du fichier de cl\u00E9s :"}, - {"Principals", "Principaux"}, - {".Edit.Principal.", " Modifier un principal :"}, - {".Add.New.Principal.", " Ajouter un principal :"}, - {"Permissions", "Droits"}, - {".Edit.Permission.", " Modifier un droit :"}, - {".Add.New.Permission.", " Ajouter un droit :"}, - {"Signed.By.", "Sign\u00E9 par :"}, - {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", - "Impossible de sp\u00E9cifier un principal avec une classe g\u00E9n\u00E9rique sans nom g\u00E9n\u00E9rique"}, - {"Cannot.Specify.Principal.without.a.Name", - "Impossible de sp\u00E9cifier un principal sans nom"}, - {"Permission.and.Target.Name.must.have.a.value", - "Le droit et le nom de cible doivent avoir une valeur"}, - {"Remove.this.Policy.Entry.", "Enlever cette r\u00E8gle ?"}, - {"Overwrite.File", "Remplacer le fichier"}, - {"Policy.successfully.written.to.filename", - "R\u00E8gle \u00E9crite dans {0}"}, - {"null.filename", "nom de fichier NULL"}, - {"Save.changes.", "Enregistrer les modifications ?"}, - {"Yes", "Oui"}, - {"No", "Non"}, - {"Policy.Entry", "R\u00E8gle"}, - {"Save.Changes", "Enregistrer les modifications"}, - {"No.Policy.Entry.selected", "Aucune r\u00E8gle s\u00E9lectionn\u00E9e"}, - {"Unable.to.open.KeyStore.ex.toString.", - "Impossible d''ouvrir le fichier de cl\u00E9s d''acc\u00E8s : {0}"}, - {"No.principal.selected", "Aucun principal s\u00E9lectionn\u00E9"}, - {"No.permission.selected", "Aucun droit s\u00E9lectionn\u00E9"}, - {"name", "nom"}, - {"configuration.type", "type de configuration"}, - {"environment.variable.name", "Nom de variable d'environnement"}, - {"library.name", "nom de biblioth\u00E8que"}, - {"package.name", "nom de package"}, - {"policy.type", "type de r\u00E8gle"}, - {"property.name", "nom de propri\u00E9t\u00E9"}, - {"Principal.List", "Liste de principaux"}, - {"Permission.List", "Liste de droits"}, - {"Code.Base", "Base de code"}, - {"KeyStore.U.R.L.", "URL du fichier de cl\u00E9s :"}, - {"KeyStore.Password.U.R.L.", "URL du mot de passe du fichier de cl\u00E9s :"}, - - // javax.security.auth.PrivateCredentialPermission {"invalid.null.input.s.", "entr\u00E9es NULL non valides"}, {"actions.can.only.be.read.", "les actions sont accessibles en lecture uniquement"}, @@ -551,6 +58,7 @@ {"provided.null.OID.map", "mappage OID NULL fourni"}, // javax.security.auth.Subject + {"NEWLINE", "\n"}, {"invalid.null.AccessControlContext.provided", "AccessControlContext NULL fourni non valide"}, {"invalid.null.action.provided", "action NULL fournie non valide"}, @@ -654,6 +162,7 @@ * * @return the contents of this <code>ResourceBundle</code>. */ + @Override public Object[][] getContents() { return contents; }
--- a/src/share/classes/sun/security/util/Resources_it.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/Resources_it.java Sat Sep 10 22:36:17 2016 +0100 @@ -34,499 +34,6 @@ private static final Object[][] contents = { - // shared (from jarsigner) - {"SPACE", " "}, - {"2SPACE", " "}, - {"6SPACE", " "}, - {"COMMA", ", "}, - // shared (from keytool) - {"NEWLINE", "\n"}, - {"STAR", - "*******************************************"}, - {"STARNN", - "*******************************************\n\n"}, - - // keytool: Help part - {".OPTION.", " [OPTION]..."}, - {"Options.", "Opzioni:"}, - {"Use.keytool.help.for.all.available.commands", - "Utilizzare \"keytool -help\" per visualizzare tutti i comandi disponibili"}, - {"Key.and.Certificate.Management.Tool", - "Strumento di gestione di chiavi e certificati"}, - {"Commands.", "Comandi:"}, - {"Use.keytool.command.name.help.for.usage.of.command.name", - "Utilizzare \"keytool -command_name -help\" per informazioni sull'uso di command_name"}, - // keytool: help: commands - {"Generates.a.certificate.request", - "Genera una richiesta di certificato"}, //-certreq - {"Changes.an.entry.s.alias", - "Modifica l'alias di una voce"}, //-changealias - {"Deletes.an.entry", - "Elimina una voce"}, //-delete - {"Exports.certificate", - "Esporta il certificato"}, //-exportcert - {"Generates.a.key.pair", - "Genera una coppia di chiavi"}, //-genkeypair - {"Generates.a.secret.key", - "Genera una chiave segreta"}, //-genseckey - {"Generates.certificate.from.a.certificate.request", - "Genera un certificato da una richiesta di certificato"}, //-gencert - {"Generates.CRL", "Genera CRL"}, //-gencrl - {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", - "Importa le voci da un database delle identit\u00E0 di tipo JDK 1.1.x"}, //-identitydb - {"Imports.a.certificate.or.a.certificate.chain", - "Importa un certificato o una catena di certificati"}, //-importcert - {"Imports.one.or.all.entries.from.another.keystore", - "Importa una o tutte le voci da un altro keystore"}, //-importkeystore - {"Clones.a.key.entry", - "Duplica una voce di chiave"}, //-keyclone - {"Changes.the.key.password.of.an.entry", - "Modifica la password della chiave per una voce"}, //-keypasswd - {"Lists.entries.in.a.keystore", - "Elenca le voci in un keystore"}, //-list - {"Prints.the.content.of.a.certificate", - "Visualizza i contenuti di un certificato"}, //-printcert - {"Prints.the.content.of.a.certificate.request", - "Visualizza i contenuti di una richiesta di certificato"}, //-printcertreq - {"Prints.the.content.of.a.CRL.file", - "Visualizza i contenuti di un file CRL"}, //-printcrl - {"Generates.a.self.signed.certificate", - "Genera certificato con firma automatica"}, //-selfcert - {"Changes.the.store.password.of.a.keystore", - "Modifica la password di area di memorizzazione di un keystore"}, //-storepasswd - // keytool: help: options - {"alias.name.of.the.entry.to.process", - "nome alias della voce da elaborare"}, //-alias - {"destination.alias", - "alias di destinazione"}, //-destalias - {"destination.key.password", - "password chiave di destinazione"}, //-destkeypass - {"destination.keystore.name", - "nome keystore di destinazione"}, //-destkeystore - {"destination.keystore.password.protected", - "password keystore di destinazione protetta"}, //-destprotected - {"destination.keystore.provider.name", - "nome provider keystore di destinazione"}, //-destprovidername - {"destination.keystore.password", - "password keystore di destinazione"}, //-deststorepass - {"destination.keystore.type", - "tipo keystore di destinazione"}, //-deststoretype - {"distinguished.name", - "nome distinto"}, //-dname - {"X.509.extension", - "estensione X.509"}, //-ext - {"output.file.name", - "nome file di output"}, //-file and -outfile - {"input.file.name", - "nome file di input"}, //-file and -infile - {"key.algorithm.name", - "nome algoritmo chiave"}, //-keyalg - {"key.password", - "password chiave"}, //-keypass - {"key.bit.size", - "dimensione bit chiave"}, //-keysize - {"keystore.name", - "nome keystore"}, //-keystore - {"new.password", - "nuova password"}, //-new - {"do.not.prompt", - "non richiedere"}, //-noprompt - {"password.through.protected.mechanism", - "password mediante meccanismo protetto"}, //-protected - {"provider.argument", - "argomento provider"}, //-providerarg - {"provider.class.name", - "nome classe provider"}, //-providerclass - {"provider.name", - "nome provider"}, //-providername - {"provider.classpath", - "classpath provider"}, //-providerpath - {"output.in.RFC.style", - "output in stile RFC"}, //-rfc - {"signature.algorithm.name", - "nome algoritmo firma"}, //-sigalg - {"source.alias", - "alias origine"}, //-srcalias - {"source.key.password", - "password chiave di origine"}, //-srckeypass - {"source.keystore.name", - "nome keystore di origine"}, //-srckeystore - {"source.keystore.password.protected", - "password keystore di origine protetta"}, //-srcprotected - {"source.keystore.provider.name", - "nome provider keystore di origine"}, //-srcprovidername - {"source.keystore.password", - "password keystore di origine"}, //-srcstorepass - {"source.keystore.type", - "tipo keystore di origine"}, //-srcstoretype - {"SSL.server.host.and.port", - "host e porta server SSL"}, //-sslserver - {"signed.jar.file", - "file jar firmato"}, //=jarfile - {"certificate.validity.start.date.time", - "data/ora di inizio validit\u00E0 certificato"}, //-startdate - {"keystore.password", - "password keystore"}, //-storepass - {"keystore.type", - "tipo keystore"}, //-storetype - {"trust.certificates.from.cacerts", - "considera sicuri i certificati da cacerts"}, //-trustcacerts - {"verbose.output", - "output descrittivo"}, //-v - {"validity.number.of.days", - "numero di giorni di validit\u00E0"}, //-validity - {"Serial.ID.of.cert.to.revoke", - "ID seriale del certificato da revocare"}, //-id - // keytool: Running part - {"keytool.error.", "Errore keytool: "}, - {"Illegal.option.", "Opzione non valida: "}, - {"Illegal.value.", "Valore non valido: "}, - {"Unknown.password.type.", "Tipo di password sconosciuto: "}, - {"Cannot.find.environment.variable.", - "Impossibile trovare la variabile di ambiente: "}, - {"Cannot.find.file.", "Impossibile trovare il file: "}, - {"Command.option.flag.needs.an.argument.", "\u00C8 necessario specificare un argomento per l''opzione di comando {0}."}, - {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", - "Avvertenza: non sono supportate password diverse di chiave e di archivio per i keystore PKCS12. Il valore {0} specificato dall''utente verr\u00E0 ignorato."}, - {".keystore.must.be.NONE.if.storetype.is.{0}", - "Se -storetype \u00E8 impostato su {0}, -keystore deve essere impostato su NONE"}, - {"Too.many.retries.program.terminated", - "Il numero dei tentativi consentiti \u00E8 stato superato. Il programma verr\u00E0 terminato."}, - {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", - "Se -storetype \u00E8 impostato su {0}, i comandi -storepasswd e -keypasswd non sono supportati"}, - {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", - "Se -storetype \u00E8 impostato su PKCS12 i comandi -keypasswd non vengono supportati"}, - {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", - "Se -storetype \u00E8 impostato su {0}, non \u00E8 possibile specificare un valore per -keypass e -new"}, - {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", - "Se \u00E8 specificata l'opzione -protected, le opzioni -storepass, -keypass e -new non possono essere specificate"}, - {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", - "Se viene specificato -srcprotected, -srcstorepass e -srckeypass non dovranno essere specificati"}, - {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", - "Se il file keystore non \u00E8 protetto da password, non deve essere specificato alcun valore per -storepass, -keypass e -new"}, - {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", - "Se il file keystore non \u00E8 protetto da password, non deve essere specificato alcun valore per -srcstorepass e -srckeypass"}, - {"Illegal.startdate.value", "Valore di data di inizio non valido"}, - {"Validity.must.be.greater.than.zero", - "La validit\u00E0 deve essere maggiore di zero"}, - {"provName.not.a.provider", "{0} non \u00E8 un provider"}, - {"Usage.error.no.command.provided", "Errore di utilizzo: nessun comando specificato"}, - {"Source.keystore.file.exists.but.is.empty.", "Il file keystore di origine esiste, ma \u00E8 vuoto: "}, - {"Please.specify.srckeystore", "Specificare -srckeystore"}, - {"Must.not.specify.both.v.and.rfc.with.list.command", - "Impossibile specificare sia -v sia -rfc con il comando 'list'"}, - {"Key.password.must.be.at.least.6.characters", - "La password della chiave deve contenere almeno 6 caratteri"}, - {"New.password.must.be.at.least.6.characters", - "La nuova password deve contenere almeno 6 caratteri"}, - {"Keystore.file.exists.but.is.empty.", - "Il file keystore esiste ma \u00E8 vuoto: "}, - {"Keystore.file.does.not.exist.", - "Il file keystore non esiste: "}, - {"Must.specify.destination.alias", "\u00C8 necessario specificare l'alias di destinazione"}, - {"Must.specify.alias", "\u00C8 necessario specificare l'alias"}, - {"Keystore.password.must.be.at.least.6.characters", - "La password del keystore deve contenere almeno 6 caratteri"}, - {"Enter.keystore.password.", "Immettere la password del keystore: "}, - {"Enter.source.keystore.password.", "Immettere la password del keystore di origine: "}, - {"Enter.destination.keystore.password.", "Immettere la password del keystore di destinazione: "}, - {"Keystore.password.is.too.short.must.be.at.least.6.characters", - "La password del keystore \u00E8 troppo corta - deve contenere almeno 6 caratteri"}, - {"Unknown.Entry.Type", "Tipo di voce sconosciuto"}, - {"Too.many.failures.Alias.not.changed", "Numero eccessivo di errori. L'alias non \u00E8 stato modificato."}, - {"Entry.for.alias.alias.successfully.imported.", - "La voce dell''alias {0} \u00E8 stata importata."}, - {"Entry.for.alias.alias.not.imported.", "La voce dell''alias {0} non \u00E8 stata importata."}, - {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", - "Si \u00E8 verificato un problema durante l''importazione della voce dell''alias {0}: {1}.\nLa voce dell''alias {0} non \u00E8 stata importata."}, - {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", - "Comando di importazione completato: {0} voce/i importata/e, {1} voce/i non importata/e o annullata/e"}, - {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", - "Avvertenza: sovrascrittura in corso dell''alias {0} nel file keystore di destinazione"}, - {"Existing.entry.alias.alias.exists.overwrite.no.", - "La voce dell''alias {0} esiste gi\u00E0. Sovrascrivere? [no]: "}, - {"Too.many.failures.try.later", "Troppi errori - riprovare"}, - {"Certification.request.stored.in.file.filename.", - "La richiesta di certificazione \u00E8 memorizzata nel file <{0}>"}, - {"Submit.this.to.your.CA", "Sottomettere alla propria CA"}, - {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", - "Se l'alias non \u00E8 specificato, destalias, srckeypass e destkeypass non dovranno essere specificati"}, - {"Certificate.stored.in.file.filename.", - "Il certificato \u00E8 memorizzato nel file <{0}>"}, - {"Certificate.reply.was.installed.in.keystore", - "La risposta del certificato \u00E8 stata installata nel keystore"}, - {"Certificate.reply.was.not.installed.in.keystore", - "La risposta del certificato non \u00E8 stata installata nel keystore"}, - {"Certificate.was.added.to.keystore", - "Il certificato \u00E8 stato aggiunto al keystore"}, - {"Certificate.was.not.added.to.keystore", - "Il certificato non \u00E8 stato aggiunto al keystore"}, - {".Storing.ksfname.", "[Memorizzazione di {0}] in corso"}, - {"alias.has.no.public.key.certificate.", - "{0} non dispone di chiave pubblica (certificato)"}, - {"Cannot.derive.signature.algorithm", - "Impossibile derivare l'algoritmo di firma"}, - {"Alias.alias.does.not.exist", - "L''alias <{0}> non esiste"}, - {"Alias.alias.has.no.certificate", - "L''alias <{0}> non dispone di certificato"}, - {"Key.pair.not.generated.alias.alias.already.exists", - "Non \u00E8 stata generata la coppia di chiavi, l''alias <{0}> \u00E8 gi\u00E0 esistente"}, - {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", - "Generazione in corso di una coppia di chiavi {1} da {0} bit e di un certificato autofirmato ({2}) con una validit\u00E0 di {3} giorni\n\tper: {4}"}, - {"Enter.key.password.for.alias.", "Immettere la password della chiave per <{0}>"}, - {".RETURN.if.same.as.keystore.password.", - "\t(INVIO se corrisponde alla password del keystore): "}, - {"Key.password.is.too.short.must.be.at.least.6.characters", - "La password della chiave \u00E8 troppo corta - deve contenere almeno 6 caratteri"}, - {"Too.many.failures.key.not.added.to.keystore", - "Troppi errori - la chiave non \u00E8 stata aggiunta al keystore"}, - {"Destination.alias.dest.already.exists", - "L''alias di destinazione <{0}> \u00E8 gi\u00E0 esistente"}, - {"Password.is.too.short.must.be.at.least.6.characters", - "La password \u00E8 troppo corta - deve contenere almeno 6 caratteri"}, - {"Too.many.failures.Key.entry.not.cloned", - "Numero eccessivo di errori. Il valore della chiave non \u00E8 stato copiato."}, - {"key.password.for.alias.", "password della chiave per <{0}>"}, - {"Keystore.entry.for.id.getName.already.exists", - "La voce del keystore per <{0}> esiste gi\u00E0"}, - {"Creating.keystore.entry.for.id.getName.", - "Creazione della voce del keystore per <{0}> in corso..."}, - {"No.entries.from.identity.database.added", - "Nessuna voce aggiunta dal database delle identit\u00E0"}, - {"Alias.name.alias", "Nome alias: {0}"}, - {"Creation.date.keyStore.getCreationDate.alias.", - "Data di creazione: {0,date}"}, - {"alias.keyStore.getCreationDate.alias.", - "{0}, {1,date}, "}, - {"alias.", "{0}, "}, - {"Entry.type.type.", "Tipo di voce: {0}"}, - {"Certificate.chain.length.", "Lunghezza catena certificati: "}, - {"Certificate.i.1.", "Certificato[{0,number,integer}]:"}, - {"Certificate.fingerprint.SHA1.", "Impronta digitale certificato (SHA1): "}, - {"Keystore.type.", "Tipo keystore: "}, - {"Keystore.provider.", "Provider keystore: "}, - {"Your.keystore.contains.keyStore.size.entry", - "Il keystore contiene {0,number,integer} voce"}, - {"Your.keystore.contains.keyStore.size.entries", - "Il keystore contiene {0,number,integer} voci"}, - {"Failed.to.parse.input", "Impossibile analizzare l'input"}, - {"Empty.input", "Input vuoto"}, - {"Not.X.509.certificate", "Il certificato non \u00E8 X.509"}, - {"alias.has.no.public.key", "{0} non dispone di chiave pubblica"}, - {"alias.has.no.X.509.certificate", "{0} non dispone di certificato X.509"}, - {"New.certificate.self.signed.", "Nuovo certificato (autofirmato):"}, - {"Reply.has.no.certificates", "La risposta non dispone di certificati"}, - {"Certificate.not.imported.alias.alias.already.exists", - "Impossibile importare il certificato, l''alias <{0}> \u00E8 gi\u00E0 esistente"}, - {"Input.not.an.X.509.certificate", "L'input non \u00E8 un certificato X.509"}, - {"Certificate.already.exists.in.keystore.under.alias.trustalias.", - "Il certificato esiste gi\u00E0 nel keystore con alias <{0}>"}, - {"Do.you.still.want.to.add.it.no.", - "Aggiungerlo ugualmente? [no]: "}, - {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", - "Il certificato esiste gi\u00E0 nel keystore CA con alias <{0}>"}, - {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", - "Aggiungerlo al proprio keystore? [no]: "}, - {"Trust.this.certificate.no.", "Considerare sicuro questo certificato? [no]: "}, - {"YES", "S\u00EC"}, - {"New.prompt.", "Nuova {0}: "}, - {"Passwords.must.differ", "Le password non devono coincidere"}, - {"Re.enter.new.prompt.", "Reimmettere un nuovo valore per {0}: "}, - {"Re.enter.new.password.", "Immettere nuovamente la nuova password: "}, - {"They.don.t.match.Try.again", "Non corrispondono. Riprovare."}, - {"Enter.prompt.alias.name.", "Immettere nome alias {0}: "}, - {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", - "Immettere un nuovo nome alias\t(premere INVIO per annullare l'importazione della voce): "}, - {"Enter.alias.name.", "Immettere nome alias: "}, - {".RETURN.if.same.as.for.otherAlias.", - "\t(INVIO se corrisponde al nome di <{0}>)"}, - {".PATTERN.printX509Cert", - "Proprietario: {0}\nAutorit\u00E0 emittente: {1}\nNumero di serie: {2}\nValido da: {3} a: {4}\nImpronte digitali certificato:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t Nome algoritmo firma: {8}\n\t Versione: {9}"}, - {"What.is.your.first.and.last.name.", - "Specificare nome e cognome"}, - {"What.is.the.name.of.your.organizational.unit.", - "Specificare il nome dell'unit\u00E0 organizzativa"}, - {"What.is.the.name.of.your.organization.", - "Specificare il nome dell'organizzazione"}, - {"What.is.the.name.of.your.City.or.Locality.", - "Specificare la localit\u00E0"}, - {"What.is.the.name.of.your.State.or.Province.", - "Specificare la provincia"}, - {"What.is.the.two.letter.country.code.for.this.unit.", - "Specificare il codice a due lettere del paese in cui si trova l'unit\u00E0"}, - {"Is.name.correct.", "Il dato {0} \u00E8 corretto?"}, - {"no", "no"}, - {"yes", "s\u00EC"}, - {"y", "s"}, - {".defaultValue.", " [{0}]: "}, - {"Alias.alias.has.no.key", - "All''alias <{0}> non \u00E8 associata alcuna chiave"}, - {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", - "L''alias <{0}> fa riferimento a un tipo di voce che non \u00E8 una voce di chiave privata. Il comando -keyclone supporta solo la copia delle voci di chiave private."}, - - {".WARNING.WARNING.WARNING.", - "***************** WARNING WARNING WARNING *****************"}, - {"Signer.d.", "Firmatario #%d:"}, - {"Timestamp.", "Indicatore orario:"}, - {"Signature.", "Firma:"}, - {"CRLs.", "CRL:"}, - {"Certificate.owner.", "Proprietario certificato: "}, - {"Not.a.signed.jar.file", "Non \u00E8 un file jar firmato"}, - {"No.certificate.from.the.SSL.server", - "Nessun certificato dal server SSL"}, - - {".The.integrity.of.the.information.stored.in.your.keystore.", - "* L'integrit\u00E0 delle informazioni memorizzate nel keystore *\n* NON \u00E8 stata verificata. Per verificarne l'integrit\u00E0 *\n* \u00E8 necessario fornire la password del keystore. *"}, - {".The.integrity.of.the.information.stored.in.the.srckeystore.", - "* L'integrit\u00E0 delle informazioni memorizzate nel srckeystore *\n* NON \u00E8 stata verificata. Per verificarne l'integrit\u00E0 *\n* \u00E8 necessario fornire la password del srckeystore. *"}, - - {"Certificate.reply.does.not.contain.public.key.for.alias.", - "La risposta del certificato non contiene la chiave pubblica per <{0}>"}, - {"Incomplete.certificate.chain.in.reply", - "Catena dei certificati incompleta nella risposta"}, - {"Certificate.chain.in.reply.does.not.verify.", - "La catena dei certificati nella risposta non verifica: "}, - {"Top.level.certificate.in.reply.", - "Certificato di primo livello nella risposta:\n"}, - {".is.not.trusted.", "...non \u00E8 considerato sicuro. "}, - {"Install.reply.anyway.no.", "Installare la risposta? [no]: "}, - {"NO", "NO"}, - {"Public.keys.in.reply.and.keystore.don.t.match", - "Le chiavi pubbliche nella risposta e nel keystore non corrispondono"}, - {"Certificate.reply.and.certificate.in.keystore.are.identical", - "La risposta del certificato e il certificato nel keystore sono identici"}, - {"Failed.to.establish.chain.from.reply", - "Impossibile stabilire la catena dalla risposta"}, - {"n", "n"}, - {"Wrong.answer.try.again", "Risposta errata, riprovare"}, - {"Secret.key.not.generated.alias.alias.already.exists", - "La chiave segreta non \u00E8 stata generata; l''alias <{0}> esiste gi\u00E0"}, - {"Please.provide.keysize.for.secret.key.generation", - "Specificare il valore -keysize per la generazione della chiave segreta"}, - - {"Extensions.", "Estensioni: "}, - {".Empty.value.", "(valore vuoto)"}, - {"Extension.Request.", "Richiesta di estensione:"}, - {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", - "Richiesta di certificato PKCS #10 (versione 1.0)\nOggetto: %s\nChiave pubblica: %s formato %s chiave\n"}, - {"Unknown.keyUsage.type.", "Tipo keyUsage sconosciuto: "}, - {"Unknown.extendedkeyUsage.type.", "Tipo extendedkeyUsage sconosciuto: "}, - {"Unknown.AccessDescription.type.", "Tipo AccessDescription sconosciuto: "}, - {"Unrecognized.GeneralName.type.", "Tipo GeneralName non riconosciuto: "}, - {"This.extension.cannot.be.marked.as.critical.", - "Impossibile contrassegnare questa estensione come critica. "}, - {"Odd.number.of.hex.digits.found.", "\u00C8 stato trovato un numero dispari di cifre esadecimali: "}, - {"Unknown.extension.type.", "Tipo di estensione sconosciuto: "}, - {"command.{0}.is.ambiguous.", "il comando {0} \u00E8 ambiguo:"}, - - // policytool - {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", - "Avvertenza: non esiste una chiave pubblica per l''alias {0}. Verificare che il keystore sia configurato correttamente."}, - {"Warning.Class.not.found.class", "Avvertenza: classe non trovata: {0}"}, - {"Warning.Invalid.argument.s.for.constructor.arg", - "Avvertenza: argomento o argomenti non validi per il costruttore {0}"}, - {"Illegal.Principal.Type.type", "Tipo principal non valido: {0}"}, - {"Illegal.option.option", "Opzione non valida: {0}"}, - {"Usage.policytool.options.", "Uso: policytool [opzioni]"}, - {".file.file.policy.file.location", - " [-file <file>] posizione del file dei criteri"}, - {"New", "Nuovo"}, - {"Open", "Apri"}, - {"Save", "Salva"}, - {"Save.As", "Salva con nome"}, - {"View.Warning.Log", "Visualizza registro avvertenze"}, - {"Exit", "Esci"}, - {"Add.Policy.Entry", "Aggiungi voce dei criteri"}, - {"Edit.Policy.Entry", "Modifica voce dei criteri"}, - {"Remove.Policy.Entry", "Rimuovi voce dei criteri"}, - {"Edit", "Modifica"}, - {"Retain", "Mantieni"}, - - {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", - "Avvertenza: il nome file pu\u00F2 includere barre rovesciate con escape. Non \u00E8 necessario eseguire l'escape delle barre rovesciate (se necessario lo strumento esegue l'escape dei caratteri al momento della scrittura del contenuto dei criteri nell'area di memorizzazione persistente).\n\nFare click su Mantieni per conservare il nome immesso, oppure su Modifica per modificare il nome."}, - - {"Add.Public.Key.Alias", "Aggiungi alias chiave pubblica"}, - {"Remove.Public.Key.Alias", "Rimuovi alias chiave pubblica"}, - {"File", "File"}, - {"KeyStore", "Keystore"}, - {"Policy.File.", "File dei criteri:"}, - {"Could.not.open.policy.file.policyFile.e.toString.", - "Impossibile aprire il file di criteri {0}: {1}"}, - {"Policy.Tool", "Strumento criteri"}, - {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", - "Si sono verificati errori durante l'apertura della configurazione dei criteri. Consultare il registro delle avvertenze per ulteriori informazioni."}, - {"Error", "Errore"}, - {"OK", "OK"}, - {"Status", "Stato"}, - {"Warning", "Avvertenza"}, - {"Permission.", - "Autorizzazione: "}, - {"Principal.Type.", "Tipo principal:"}, - {"Principal.Name.", "Nome principal:"}, - {"Target.Name.", - "Nome destinazione: "}, - {"Actions.", - "Azioni: "}, - {"OK.to.overwrite.existing.file.filename.", - "OK per sovrascrivere il file {0}?"}, - {"Cancel", "Annulla"}, - {"CodeBase.", "CodeBase:"}, - {"SignedBy.", "SignedBy:"}, - {"Add.Principal", "Aggiungi principal"}, - {"Edit.Principal", "Modifica principal"}, - {"Remove.Principal", "Rimuovi principal"}, - {"Principals.", "Principal:"}, - {".Add.Permission", " Aggiungi autorizzazione"}, - {".Edit.Permission", " Modifica autorizzazione"}, - {"Remove.Permission", "Rimuovi autorizzazione"}, - {"Done", "Fine"}, - {"KeyStore.URL.", "URL keystore:"}, - {"KeyStore.Type.", "Tipo keystore:"}, - {"KeyStore.Provider.", "Provider keystore:"}, - {"KeyStore.Password.URL.", "URL password keystore:"}, - {"Principals", "Principal:"}, - {".Edit.Principal.", " Modifica principal:"}, - {".Add.New.Principal.", " Aggiungi nuovo principal:"}, - {"Permissions", "Autorizzazioni"}, - {".Edit.Permission.", " Modifica autorizzazione:"}, - {".Add.New.Permission.", " Aggiungi nuova autorizzazione:"}, - {"Signed.By.", "Firmato da:"}, - {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", - "Impossibile specificare principal con una classe carattere jolly senza un nome carattere jolly"}, - {"Cannot.Specify.Principal.without.a.Name", - "Impossibile specificare principal senza un nome"}, - {"Permission.and.Target.Name.must.have.a.value", - "L'autorizzazione e il nome destinazione non possono essere nulli"}, - {"Remove.this.Policy.Entry.", "Rimuovere questa voce dei criteri?"}, - {"Overwrite.File", "Sovrascrivi file"}, - {"Policy.successfully.written.to.filename", - "I criteri sono stati scritti in {0}"}, - {"null.filename", "nome file nullo"}, - {"Save.changes.", "Salvare le modifiche?"}, - {"Yes", "S\u00EC"}, - {"No", "No"}, - {"Policy.Entry", "Voce dei criteri"}, - {"Save.Changes", "Salva le modifiche"}, - {"No.Policy.Entry.selected", "Nessuna voce dei criteri selezionata"}, - {"Unable.to.open.KeyStore.ex.toString.", - "Impossibile aprire il keystore: {0}"}, - {"No.principal.selected", "Nessun principal selezionato"}, - {"No.permission.selected", "Nessuna autorizzazione selezionata"}, - {"name", "nome"}, - {"configuration.type", "tipo di configurazione"}, - {"environment.variable.name", "nome variabile ambiente"}, - {"library.name", "nome libreria"}, - {"package.name", "nome package"}, - {"policy.type", "tipo di criteri"}, - {"property.name", "nome propriet\u00E0"}, - {"Principal.List", "Lista principal"}, - {"Permission.List", "Lista autorizzazioni"}, - {"Code.Base", "Codebase"}, - {"KeyStore.U.R.L.", "URL keystore:"}, - {"KeyStore.Password.U.R.L.", "URL password keystore:"}, - - // javax.security.auth.PrivateCredentialPermission {"invalid.null.input.s.", "input nullo/i non valido/i"}, {"actions.can.only.be.read.", "le azioni possono essere solamente 'lette'"}, @@ -551,6 +58,7 @@ {"provided.null.OID.map", "specificata mappa OID null"}, // javax.security.auth.Subject + {"NEWLINE", "\n"}, {"invalid.null.AccessControlContext.provided", "fornito un valore nullo non valido per AccessControlContext"}, {"invalid.null.action.provided", "fornita un'azione nulla non valida"}, @@ -654,6 +162,7 @@ * * @return the contents of this <code>ResourceBundle</code>. */ + @Override public Object[][] getContents() { return contents; }
--- a/src/share/classes/sun/security/util/Resources_ja.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/Resources_ja.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,499 +34,6 @@ private static final Object[][] contents = { - // shared (from jarsigner) - {"SPACE", " "}, - {"2SPACE", " "}, - {"6SPACE", " "}, - {"COMMA", ", "}, - // shared (from keytool) - {"NEWLINE", "\n"}, - {"STAR", - "*******************************************"}, - {"STARNN", - "*******************************************\n\n"}, - - // keytool: Help part - {".OPTION.", " [OPTION]..."}, - {"Options.", "\u30AA\u30D7\u30B7\u30E7\u30F3:"}, - {"Use.keytool.help.for.all.available.commands", - "\u4F7F\u7528\u53EF\u80FD\u306A\u3059\u3079\u3066\u306E\u30B3\u30DE\u30F3\u30C9\u306B\u3064\u3044\u3066\u306F\"keytool -help\"\u3092\u4F7F\u7528\u3057\u3066\u304F\u3060\u3055\u3044"}, - {"Key.and.Certificate.Management.Tool", - "\u30AD\u30FC\u304A\u3088\u3073\u8A3C\u660E\u66F8\u7BA1\u7406\u30C4\u30FC\u30EB"}, - {"Commands.", "\u30B3\u30DE\u30F3\u30C9:"}, - {"Use.keytool.command.name.help.for.usage.of.command.name", - "command_name\u306E\u4F7F\u7528\u65B9\u6CD5\u306B\u3064\u3044\u3066\u306F\"keytool -command_name -help\"\u3092\u4F7F\u7528\u3057\u3066\u304F\u3060\u3055\u3044"}, - // keytool: help: commands - {"Generates.a.certificate.request", - "\u8A3C\u660E\u66F8\u30EA\u30AF\u30A8\u30B9\u30C8\u3092\u751F\u6210\u3057\u307E\u3059"}, //-certreq - {"Changes.an.entry.s.alias", - "\u30A8\u30F3\u30C8\u30EA\u306E\u5225\u540D\u3092\u5909\u66F4\u3057\u307E\u3059"}, //-changealias - {"Deletes.an.entry", - "\u30A8\u30F3\u30C8\u30EA\u3092\u524A\u9664\u3057\u307E\u3059"}, //-delete - {"Exports.certificate", - "\u8A3C\u660E\u66F8\u3092\u30A8\u30AF\u30B9\u30DD\u30FC\u30C8\u3057\u307E\u3059"}, //-exportcert - {"Generates.a.key.pair", - "\u9375\u30DA\u30A2\u3092\u751F\u6210\u3057\u307E\u3059"}, //-genkeypair - {"Generates.a.secret.key", - "\u79D8\u5BC6\u9375\u3092\u751F\u6210\u3057\u307E\u3059"}, //-genseckey - {"Generates.certificate.from.a.certificate.request", - "\u8A3C\u660E\u66F8\u30EA\u30AF\u30A8\u30B9\u30C8\u304B\u3089\u8A3C\u660E\u66F8\u3092\u751F\u6210\u3057\u307E\u3059"}, //-gencert - {"Generates.CRL", "CRL\u3092\u751F\u6210\u3057\u307E\u3059"}, //-gencrl - {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", - "JDK 1.1.x-style\u30A2\u30A4\u30C7\u30F3\u30C6\u30A3\u30C6\u30A3\u30FB\u30C7\u30FC\u30BF\u30D9\u30FC\u30B9\u304B\u3089\u30A8\u30F3\u30C8\u30EA\u3092\u30A4\u30F3\u30DD\u30FC\u30C8\u3057\u307E\u3059"}, //-identitydb - {"Imports.a.certificate.or.a.certificate.chain", - "\u8A3C\u660E\u66F8\u307E\u305F\u306F\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u3092\u30A4\u30F3\u30DD\u30FC\u30C8\u3057\u307E\u3059"}, //-importcert - {"Imports.one.or.all.entries.from.another.keystore", - "\u5225\u306E\u30AD\u30FC\u30B9\u30C8\u30A2\u304B\u30891\u3064\u307E\u305F\u306F\u3059\u3079\u3066\u306E\u30A8\u30F3\u30C8\u30EA\u3092\u30A4\u30F3\u30DD\u30FC\u30C8\u3057\u307E\u3059"}, //-importkeystore - {"Clones.a.key.entry", - "\u9375\u30A8\u30F3\u30C8\u30EA\u306E\u30AF\u30ED\u30FC\u30F3\u3092\u4F5C\u6210\u3057\u307E\u3059"}, //-keyclone - {"Changes.the.key.password.of.an.entry", - "\u30A8\u30F3\u30C8\u30EA\u306E\u9375\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5909\u66F4\u3057\u307E\u3059"}, //-keypasswd - {"Lists.entries.in.a.keystore", - "\u30AD\u30FC\u30B9\u30C8\u30A2\u5185\u306E\u30A8\u30F3\u30C8\u30EA\u3092\u30EA\u30B9\u30C8\u3057\u307E\u3059"}, //-list - {"Prints.the.content.of.a.certificate", - "\u8A3C\u660E\u66F8\u306E\u5185\u5BB9\u3092\u51FA\u529B\u3057\u307E\u3059"}, //-printcert - {"Prints.the.content.of.a.certificate.request", - "\u8A3C\u660E\u66F8\u30EA\u30AF\u30A8\u30B9\u30C8\u306E\u5185\u5BB9\u3092\u51FA\u529B\u3057\u307E\u3059"}, //-printcertreq - {"Prints.the.content.of.a.CRL.file", - "CRL\u30D5\u30A1\u30A4\u30EB\u306E\u5185\u5BB9\u3092\u51FA\u529B\u3057\u307E\u3059"}, //-printcrl - {"Generates.a.self.signed.certificate", - "\u81EA\u5DF1\u7F72\u540D\u578B\u8A3C\u660E\u66F8\u3092\u751F\u6210\u3057\u307E\u3059"}, //-selfcert - {"Changes.the.store.password.of.a.keystore", - "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30B9\u30C8\u30A2\u30FB\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5909\u66F4\u3057\u307E\u3059"}, //-storepasswd - // keytool: help: options - {"alias.name.of.the.entry.to.process", - "\u51E6\u7406\u3059\u308B\u30A8\u30F3\u30C8\u30EA\u306E\u5225\u540D"}, //-alias - {"destination.alias", - "\u51FA\u529B\u5148\u306E\u5225\u540D"}, //-destalias - {"destination.key.password", - "\u51FA\u529B\u5148\u30AD\u30FC\u306E\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-destkeypass - {"destination.keystore.name", - "\u51FA\u529B\u5148\u30AD\u30FC\u30B9\u30C8\u30A2\u540D"}, //-destkeystore - {"destination.keystore.password.protected", - "\u51FA\u529B\u5148\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u4FDD\u8B77\u5BFE\u8C61\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-destprotected - {"destination.keystore.provider.name", - "\u51FA\u529B\u5148\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30D7\u30ED\u30D0\u30A4\u30C0\u540D"}, //-destprovidername - {"destination.keystore.password", - "\u51FA\u529B\u5148\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-deststorepass - {"destination.keystore.type", - "\u51FA\u529B\u5148\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30BF\u30A4\u30D7"}, //-deststoretype - {"distinguished.name", - "\u8B58\u5225\u540D"}, //-dname - {"X.509.extension", - "X.509\u62E1\u5F35"}, //-ext - {"output.file.name", - "\u51FA\u529B\u30D5\u30A1\u30A4\u30EB\u540D"}, //-file and -outfile - {"input.file.name", - "\u5165\u529B\u30D5\u30A1\u30A4\u30EB\u540D"}, //-file and -infile - {"key.algorithm.name", - "\u9375\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u540D"}, //-keyalg - {"key.password", - "\u9375\u306E\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-keypass - {"key.bit.size", - "\u9375\u306E\u30D3\u30C3\u30C8\u30FB\u30B5\u30A4\u30BA"}, //-keysize - {"keystore.name", - "\u30AD\u30FC\u30B9\u30C8\u30A2\u540D"}, //-keystore - {"new.password", - "\u65B0\u898F\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-new - {"do.not.prompt", - "\u30D7\u30ED\u30F3\u30D7\u30C8\u3092\u8868\u793A\u3057\u306A\u3044"}, //-noprompt - {"password.through.protected.mechanism", - "\u4FDD\u8B77\u30E1\u30AB\u30CB\u30BA\u30E0\u306B\u3088\u308B\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-protected - {"provider.argument", - "\u30D7\u30ED\u30D0\u30A4\u30C0\u5F15\u6570"}, //-providerarg - {"provider.class.name", - "\u30D7\u30ED\u30D0\u30A4\u30C0\u30FB\u30AF\u30E9\u30B9\u540D"}, //-providerclass - {"provider.name", - "\u30D7\u30ED\u30D0\u30A4\u30C0\u540D"}, //-providername - {"provider.classpath", - "\u30D7\u30ED\u30D0\u30A4\u30C0\u30FB\u30AF\u30E9\u30B9\u30D1\u30B9"}, //-providerpath - {"output.in.RFC.style", - "RFC\u30B9\u30BF\u30A4\u30EB\u306E\u51FA\u529B"}, //-rfc - {"signature.algorithm.name", - "\u7F72\u540D\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u540D"}, //-sigalg - {"source.alias", - "\u30BD\u30FC\u30B9\u5225\u540D"}, //-srcalias - {"source.key.password", - "\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u306E\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-srckeypass - {"source.keystore.name", - "\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u540D"}, //-srckeystore - {"source.keystore.password.protected", - "\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u4FDD\u8B77\u5BFE\u8C61\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-srcprotected - {"source.keystore.provider.name", - "\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30D7\u30ED\u30D0\u30A4\u30C0\u540D"}, //-srcprovidername - {"source.keystore.password", - "\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-srcstorepass - {"source.keystore.type", - "\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30BF\u30A4\u30D7"}, //-srcstoretype - {"SSL.server.host.and.port", - "SSL\u30B5\u30FC\u30D0\u30FC\u306E\u30DB\u30B9\u30C8\u3068\u30DD\u30FC\u30C8"}, //-sslserver - {"signed.jar.file", - "\u7F72\u540D\u4ED8\u304DJAR\u30D5\u30A1\u30A4\u30EB"}, //=jarfile - {"certificate.validity.start.date.time", - "\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u958B\u59CB\u65E5\u6642"}, //-startdate - {"keystore.password", - "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9"}, //-storepass - {"keystore.type", - "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30BF\u30A4\u30D7"}, //-storetype - {"trust.certificates.from.cacerts", - "cacerts\u304B\u3089\u306E\u8A3C\u660E\u66F8\u3092\u4FE1\u983C\u3059\u308B"}, //-trustcacerts - {"verbose.output", - "\u8A73\u7D30\u51FA\u529B"}, //-v - {"validity.number.of.days", - "\u59A5\u5F53\u6027\u65E5\u6570"}, //-validity - {"Serial.ID.of.cert.to.revoke", - "\u5931\u52B9\u3059\u308B\u8A3C\u660E\u66F8\u306E\u30B7\u30EA\u30A2\u30EBID"}, //-id - // keytool: Running part - {"keytool.error.", "keytool\u30A8\u30E9\u30FC: "}, - {"Illegal.option.", "\u4E0D\u6B63\u306A\u30AA\u30D7\u30B7\u30E7\u30F3: "}, - {"Illegal.value.", "\u4E0D\u6B63\u306A\u5024: "}, - {"Unknown.password.type.", "\u4E0D\u660E\u306A\u30D1\u30B9\u30EF\u30FC\u30C9\u30FB\u30BF\u30A4\u30D7: "}, - {"Cannot.find.environment.variable.", - "\u74B0\u5883\u5909\u6570\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: "}, - {"Cannot.find.file.", "\u30D5\u30A1\u30A4\u30EB\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: "}, - {"Command.option.flag.needs.an.argument.", "\u30B3\u30DE\u30F3\u30C9\u30FB\u30AA\u30D7\u30B7\u30E7\u30F3{0}\u306B\u306F\u5F15\u6570\u304C\u5FC5\u8981\u3067\u3059\u3002"}, - {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", - "\u8B66\u544A: PKCS12\u30AD\u30FC\u30B9\u30C8\u30A2\u3067\u306F\u3001\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u3068\u9375\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u304C\u7570\u306A\u308B\u72B6\u6CC1\u306F\u30B5\u30DD\u30FC\u30C8\u3055\u308C\u307E\u305B\u3093\u3002\u30E6\u30FC\u30B6\u30FC\u304C\u6307\u5B9A\u3057\u305F{0}\u306E\u5024\u306F\u7121\u8996\u3057\u307E\u3059\u3002"}, - {".keystore.must.be.NONE.if.storetype.is.{0}", - "-storetype\u304C{0}\u306E\u5834\u5408\u3001-keystore\u306FNONE\u3067\u3042\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, - {"Too.many.retries.program.terminated", - "\u518D\u8A66\u884C\u304C\u591A\u3059\u304E\u307E\u3059\u3002\u30D7\u30ED\u30B0\u30E9\u30E0\u304C\u7D42\u4E86\u3057\u307E\u3057\u305F"}, - {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", - "-storetype\u304C{0}\u306E\u5834\u5408\u3001-storepasswd\u30B3\u30DE\u30F3\u30C9\u304A\u3088\u3073-keypasswd\u30B3\u30DE\u30F3\u30C9\u306F\u30B5\u30DD\u30FC\u30C8\u3055\u308C\u307E\u305B\u3093"}, - {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", - "-storetype\u304CPKCS12\u306E\u5834\u5408\u3001-keypasswd\u30B3\u30DE\u30F3\u30C9\u306F\u30B5\u30DD\u30FC\u30C8\u3055\u308C\u307E\u305B\u3093"}, - {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", - "-storetype\u304C{0}\u306E\u5834\u5408\u3001-keypass\u3068-new\u306F\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093"}, - {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", - "-protected\u304C\u6307\u5B9A\u3055\u308C\u3066\u3044\u308B\u5834\u5408\u3001-storepass\u3001-keypass\u304A\u3088\u3073-new\u306F\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093"}, - {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", - "-srcprotected\u304C\u6307\u5B9A\u3055\u308C\u3066\u3044\u308B\u5834\u5408\u3001-srcstorepass\u304A\u3088\u3073-srckeypass\u306F\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093"}, - {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", - "\u30AD\u30FC\u30B9\u30C8\u30A2\u304C\u30D1\u30B9\u30EF\u30FC\u30C9\u3067\u4FDD\u8B77\u3055\u308C\u3066\u3044\u306A\u3044\u5834\u5408\u3001-storepass\u3001-keypass\u304A\u3088\u3073-new\u306F\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093"}, - {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", - "\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u304C\u30D1\u30B9\u30EF\u30FC\u30C9\u3067\u4FDD\u8B77\u3055\u308C\u3066\u3044\u306A\u3044\u5834\u5408\u3001-srcstorepass\u304A\u3088\u3073-srckeypass\u306F\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093"}, - {"Illegal.startdate.value", "startdate\u5024\u304C\u7121\u52B9\u3067\u3059"}, - {"Validity.must.be.greater.than.zero", - "\u59A5\u5F53\u6027\u306F\u30BC\u30ED\u3088\u308A\u5927\u304D\u3044\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, - {"provName.not.a.provider", "{0}\u306F\u30D7\u30ED\u30D0\u30A4\u30C0\u3067\u306F\u3042\u308A\u307E\u305B\u3093"}, - {"Usage.error.no.command.provided", "\u4F7F\u7528\u30A8\u30E9\u30FC: \u30B3\u30DE\u30F3\u30C9\u304C\u6307\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093"}, - {"Source.keystore.file.exists.but.is.empty.", "\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30D5\u30A1\u30A4\u30EB\u306F\u3001\u5B58\u5728\u3057\u307E\u3059\u304C\u7A7A\u3067\u3059: "}, - {"Please.specify.srckeystore", "-srckeystore\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"}, - {"Must.not.specify.both.v.and.rfc.with.list.command", - "'list'\u30B3\u30DE\u30F3\u30C9\u306B-v\u3068-rfc\u306E\u4E21\u65B9\u3092\u6307\u5B9A\u3059\u308B\u3053\u3068\u306F\u3067\u304D\u307E\u305B\u3093"}, - {"Key.password.must.be.at.least.6.characters", - "\u9375\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u306F6\u6587\u5B57\u4EE5\u4E0A\u3067\u3042\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, - {"New.password.must.be.at.least.6.characters", - "\u65B0\u898F\u30D1\u30B9\u30EF\u30FC\u30C9\u306F6\u6587\u5B57\u4EE5\u4E0A\u3067\u3042\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, - {"Keystore.file.exists.but.is.empty.", - "\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30D5\u30A1\u30A4\u30EB\u306F\u5B58\u5728\u3057\u307E\u3059\u304C\u3001\u7A7A\u3067\u3059: "}, - {"Keystore.file.does.not.exist.", - "\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30D5\u30A1\u30A4\u30EB\u306F\u5B58\u5728\u3057\u307E\u305B\u3093: "}, - {"Must.specify.destination.alias", "\u51FA\u529B\u5148\u306E\u5225\u540D\u3092\u6307\u5B9A\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, - {"Must.specify.alias", "\u5225\u540D\u3092\u6307\u5B9A\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, - {"Keystore.password.must.be.at.least.6.characters", - "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u306F6\u6587\u5B57\u4EE5\u4E0A\u3067\u3042\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, - {"Enter.keystore.password.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "}, - {"Enter.source.keystore.password.", "\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "}, - {"Enter.destination.keystore.password.", "\u51FA\u529B\u5148\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "}, - {"Keystore.password.is.too.short.must.be.at.least.6.characters", - "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u304C\u77ED\u3059\u304E\u307E\u3059 - 6\u6587\u5B57\u4EE5\u4E0A\u306B\u3057\u3066\u304F\u3060\u3055\u3044"}, - {"Unknown.Entry.Type", "\u4E0D\u660E\u306A\u30A8\u30F3\u30C8\u30EA\u30FB\u30BF\u30A4\u30D7"}, - {"Too.many.failures.Alias.not.changed", "\u969C\u5BB3\u304C\u591A\u3059\u304E\u307E\u3059\u3002\u5225\u540D\u306F\u5909\u66F4\u3055\u308C\u307E\u305B\u3093"}, - {"Entry.for.alias.alias.successfully.imported.", - "\u5225\u540D{0}\u306E\u30A8\u30F3\u30C8\u30EA\u306E\u30A4\u30F3\u30DD\u30FC\u30C8\u306B\u6210\u529F\u3057\u307E\u3057\u305F\u3002"}, - {"Entry.for.alias.alias.not.imported.", "\u5225\u540D{0}\u306E\u30A8\u30F3\u30C8\u30EA\u306F\u30A4\u30F3\u30DD\u30FC\u30C8\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F\u3002"}, - {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", - "\u5225\u540D{0}\u306E\u30A8\u30F3\u30C8\u30EA\u306E\u30A4\u30F3\u30DD\u30FC\u30C8\u4E2D\u306B\u554F\u984C\u304C\u767A\u751F\u3057\u307E\u3057\u305F: {1}\u3002\n\u5225\u540D{0}\u306E\u30A8\u30F3\u30C8\u30EA\u306F\u30A4\u30F3\u30DD\u30FC\u30C8\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F\u3002"}, - {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", - "\u30A4\u30F3\u30DD\u30FC\u30C8\u30FB\u30B3\u30DE\u30F3\u30C9\u304C\u5B8C\u4E86\u3057\u307E\u3057\u305F: {0}\u4EF6\u306E\u30A8\u30F3\u30C8\u30EA\u306E\u30A4\u30F3\u30DD\u30FC\u30C8\u304C\u6210\u529F\u3057\u307E\u3057\u305F\u3002{1}\u4EF6\u306E\u30A8\u30F3\u30C8\u30EA\u306E\u30A4\u30F3\u30DD\u30FC\u30C8\u304C\u5931\u6557\u3057\u305F\u304B\u53D6\u308A\u6D88\u3055\u308C\u307E\u3057\u305F"}, - {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", - "\u8B66\u544A: \u51FA\u529B\u5148\u30AD\u30FC\u30B9\u30C8\u30A2\u5185\u306E\u65E2\u5B58\u306E\u5225\u540D{0}\u3092\u4E0A\u66F8\u304D\u3057\u3066\u3044\u307E\u3059"}, - {"Existing.entry.alias.alias.exists.overwrite.no.", - "\u65E2\u5B58\u306E\u30A8\u30F3\u30C8\u30EA\u306E\u5225\u540D{0}\u304C\u5B58\u5728\u3057\u3066\u3044\u307E\u3059\u3002\u4E0A\u66F8\u304D\u3057\u307E\u3059\u304B\u3002[\u3044\u3044\u3048]: "}, - {"Too.many.failures.try.later", "\u969C\u5BB3\u304C\u591A\u3059\u304E\u307E\u3059 - \u5F8C\u3067\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044"}, - {"Certification.request.stored.in.file.filename.", - "\u8A3C\u660E\u66F8\u30EA\u30AF\u30A8\u30B9\u30C8\u304C\u30D5\u30A1\u30A4\u30EB<{0}>\u306B\u4FDD\u5B58\u3055\u308C\u307E\u3057\u305F"}, - {"Submit.this.to.your.CA", "\u3053\u308C\u3092CA\u306B\u63D0\u51FA\u3057\u3066\u304F\u3060\u3055\u3044"}, - {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", - "\u5225\u540D\u3092\u6307\u5B9A\u3057\u306A\u3044\u5834\u5408\u3001\u51FA\u529B\u5148\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u5225\u540D\u3001\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u304A\u3088\u3073\u51FA\u529B\u5148\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u306F\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093"}, - {"Certificate.stored.in.file.filename.", - "\u8A3C\u660E\u66F8\u304C\u30D5\u30A1\u30A4\u30EB<{0}>\u306B\u4FDD\u5B58\u3055\u308C\u307E\u3057\u305F"}, - {"Certificate.reply.was.installed.in.keystore", - "\u8A3C\u660E\u66F8\u5FDC\u7B54\u304C\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u3055\u308C\u307E\u3057\u305F"}, - {"Certificate.reply.was.not.installed.in.keystore", - "\u8A3C\u660E\u66F8\u5FDC\u7B54\u304C\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F"}, - {"Certificate.was.added.to.keystore", - "\u8A3C\u660E\u66F8\u304C\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u8FFD\u52A0\u3055\u308C\u307E\u3057\u305F"}, - {"Certificate.was.not.added.to.keystore", - "\u8A3C\u660E\u66F8\u304C\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u8FFD\u52A0\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F"}, - {".Storing.ksfname.", "[{0}\u3092\u683C\u7D0D\u4E2D]"}, - {"alias.has.no.public.key.certificate.", - "{0}\u306B\u306F\u516C\u958B\u9375(\u8A3C\u660E\u66F8)\u304C\u3042\u308A\u307E\u305B\u3093"}, - {"Cannot.derive.signature.algorithm", - "\u7F72\u540D\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u3092\u53D6\u5F97\u3067\u304D\u307E\u305B\u3093"}, - {"Alias.alias.does.not.exist", - "\u5225\u540D<{0}>\u306F\u5B58\u5728\u3057\u307E\u305B\u3093"}, - {"Alias.alias.has.no.certificate", - "\u5225\u540D<{0}>\u306B\u306F\u8A3C\u660E\u66F8\u304C\u3042\u308A\u307E\u305B\u3093"}, - {"Key.pair.not.generated.alias.alias.already.exists", - "\u9375\u30DA\u30A2\u306F\u751F\u6210\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F\u3002\u5225\u540D<{0}>\u306F\u3059\u3067\u306B\u5B58\u5728\u3057\u307E\u3059"}, - {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", - "{3}\u65E5\u9593\u6709\u52B9\u306A{0}\u30D3\u30C3\u30C8\u306E{1}\u306E\u9375\u30DA\u30A2\u3068\u81EA\u5DF1\u7F72\u540D\u578B\u8A3C\u660E\u66F8({2})\u3092\u751F\u6210\u3057\u3066\u3044\u307E\u3059\n\t\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u540D: {4}"}, - {"Enter.key.password.for.alias.", "<{0}>\u306E\u9375\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044"}, - {".RETURN.if.same.as.keystore.password.", - "\t(\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u3068\u540C\u3058\u5834\u5408\u306FRETURN\u3092\u62BC\u3057\u3066\u304F\u3060\u3055\u3044): "}, - {"Key.password.is.too.short.must.be.at.least.6.characters", - "\u9375\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u304C\u77ED\u3059\u304E\u307E\u3059 - 6\u6587\u5B57\u4EE5\u4E0A\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"}, - {"Too.many.failures.key.not.added.to.keystore", - "\u969C\u5BB3\u304C\u591A\u3059\u304E\u307E\u3059 - \u9375\u306F\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u8FFD\u52A0\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F"}, - {"Destination.alias.dest.already.exists", - "\u51FA\u529B\u5148\u306E\u5225\u540D<{0}>\u306F\u3059\u3067\u306B\u5B58\u5728\u3057\u307E\u3059"}, - {"Password.is.too.short.must.be.at.least.6.characters", - "\u30D1\u30B9\u30EF\u30FC\u30C9\u304C\u77ED\u3059\u304E\u307E\u3059 - 6\u6587\u5B57\u4EE5\u4E0A\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"}, - {"Too.many.failures.Key.entry.not.cloned", - "\u969C\u5BB3\u304C\u591A\u3059\u304E\u307E\u3059\u3002\u9375\u30A8\u30F3\u30C8\u30EA\u306E\u30AF\u30ED\u30FC\u30F3\u306F\u4F5C\u6210\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F"}, - {"key.password.for.alias.", "<{0}>\u306E\u9375\u306E\u30D1\u30B9\u30EF\u30FC\u30C9"}, - {"Keystore.entry.for.id.getName.already.exists", - "<{0}>\u306E\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30A8\u30F3\u30C8\u30EA\u306F\u3059\u3067\u306B\u5B58\u5728\u3057\u307E\u3059"}, - {"Creating.keystore.entry.for.id.getName.", - "<{0}>\u306E\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30A8\u30F3\u30C8\u30EA\u3092\u4F5C\u6210\u4E2D..."}, - {"No.entries.from.identity.database.added", - "\u30A2\u30A4\u30C7\u30F3\u30C6\u30A3\u30C6\u30A3\u30FB\u30C7\u30FC\u30BF\u30D9\u30FC\u30B9\u304B\u3089\u8FFD\u52A0\u3055\u308C\u305F\u30A8\u30F3\u30C8\u30EA\u306F\u3042\u308A\u307E\u305B\u3093"}, - {"Alias.name.alias", "\u5225\u540D: {0}"}, - {"Creation.date.keyStore.getCreationDate.alias.", - "\u4F5C\u6210\u65E5: {0,date}"}, - {"alias.keyStore.getCreationDate.alias.", - "{0},{1,date}, "}, - {"alias.", "{0}, "}, - {"Entry.type.type.", "\u30A8\u30F3\u30C8\u30EA\u30FB\u30BF\u30A4\u30D7: {0}"}, - {"Certificate.chain.length.", "\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u306E\u9577\u3055: "}, - {"Certificate.i.1.", "\u8A3C\u660E\u66F8[{0,number,integer}]:"}, - {"Certificate.fingerprint.SHA1.", "\u8A3C\u660E\u66F8\u306E\u30D5\u30A3\u30F3\u30AC\u30D7\u30EA\u30F3\u30C8(SHA1): "}, - {"Keystore.type.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30BF\u30A4\u30D7: "}, - {"Keystore.provider.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30D7\u30ED\u30D0\u30A4\u30C0: "}, - {"Your.keystore.contains.keyStore.size.entry", - "\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u306F{0,number,integer}\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u307E\u3059"}, - {"Your.keystore.contains.keyStore.size.entries", - "\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u306F{0,number,integer}\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u307E\u3059"}, - {"Failed.to.parse.input", "\u5165\u529B\u306E\u69CB\u6587\u89E3\u6790\u306B\u5931\u6557\u3057\u307E\u3057\u305F"}, - {"Empty.input", "\u5165\u529B\u304C\u3042\u308A\u307E\u305B\u3093"}, - {"Not.X.509.certificate", "X.509\u8A3C\u660E\u66F8\u3067\u306F\u3042\u308A\u307E\u305B\u3093"}, - {"alias.has.no.public.key", "{0}\u306B\u306F\u516C\u958B\u9375\u304C\u3042\u308A\u307E\u305B\u3093"}, - {"alias.has.no.X.509.certificate", "{0}\u306B\u306FX.509\u8A3C\u660E\u66F8\u304C\u3042\u308A\u307E\u305B\u3093"}, - {"New.certificate.self.signed.", "\u65B0\u3057\u3044\u8A3C\u660E\u66F8(\u81EA\u5DF1\u7F72\u540D\u578B):"}, - {"Reply.has.no.certificates", "\u5FDC\u7B54\u306B\u306F\u8A3C\u660E\u66F8\u304C\u3042\u308A\u307E\u305B\u3093"}, - {"Certificate.not.imported.alias.alias.already.exists", - "\u8A3C\u660E\u66F8\u306F\u30A4\u30F3\u30DD\u30FC\u30C8\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F\u3002\u5225\u540D<{0}>\u306F\u3059\u3067\u306B\u5B58\u5728\u3057\u307E\u3059"}, - {"Input.not.an.X.509.certificate", "\u5165\u529B\u306FX.509\u8A3C\u660E\u66F8\u3067\u306F\u3042\u308A\u307E\u305B\u3093"}, - {"Certificate.already.exists.in.keystore.under.alias.trustalias.", - "\u8A3C\u660E\u66F8\u306F\u3001\u5225\u540D<{0}>\u306E\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u3059\u3067\u306B\u5B58\u5728\u3057\u307E\u3059"}, - {"Do.you.still.want.to.add.it.no.", - "\u8FFD\u52A0\u3057\u307E\u3059\u304B\u3002[\u3044\u3044\u3048]: "}, - {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", - "\u8A3C\u660E\u66F8\u306F\u3001\u5225\u540D<{0}>\u306E\u30B7\u30B9\u30C6\u30E0\u898F\u6A21\u306ECA\u30AD\u30FC\u30B9\u30C8\u30A2\u5185\u306B\u3059\u3067\u306B\u5B58\u5728\u3057\u307E\u3059"}, - {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", - "\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u8FFD\u52A0\u3057\u307E\u3059\u304B\u3002 [\u3044\u3044\u3048]: "}, - {"Trust.this.certificate.no.", "\u3053\u306E\u8A3C\u660E\u66F8\u3092\u4FE1\u983C\u3057\u307E\u3059\u304B\u3002 [\u3044\u3044\u3048]: "}, - {"YES", "\u306F\u3044"}, - {"New.prompt.", "\u65B0\u898F{0}: "}, - {"Passwords.must.differ", "\u30D1\u30B9\u30EF\u30FC\u30C9\u306F\u7570\u306A\u3063\u3066\u3044\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, - {"Re.enter.new.prompt.", "\u65B0\u898F{0}\u3092\u518D\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "}, - {"Re.enter.new.password.", "\u65B0\u898F\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u518D\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "}, - {"They.don.t.match.Try.again", "\u4E00\u81F4\u3057\u307E\u305B\u3093\u3002\u3082\u3046\u4E00\u5EA6\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044"}, - {"Enter.prompt.alias.name.", "{0}\u306E\u5225\u540D\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "}, - {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", - "\u65B0\u3057\u3044\u5225\u540D\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\t(\u3053\u306E\u30A8\u30F3\u30C8\u30EA\u306E\u30A4\u30F3\u30DD\u30FC\u30C8\u3092\u53D6\u308A\u6D88\u3059\u5834\u5408\u306FRETURN\u3092\u62BC\u3057\u3066\u304F\u3060\u3055\u3044): "}, - {"Enter.alias.name.", "\u5225\u540D\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "}, - {".RETURN.if.same.as.for.otherAlias.", - "\t(<{0}>\u3068\u540C\u3058\u5834\u5408\u306FRETURN\u3092\u62BC\u3057\u3066\u304F\u3060\u3055\u3044)"}, - {".PATTERN.printX509Cert", - "\u6240\u6709\u8005: {0}\n\u767A\u884C\u8005: {1}\n\u30B7\u30EA\u30A2\u30EB\u756A\u53F7: {2}\n\u6709\u52B9\u671F\u9593\u306E\u958B\u59CB\u65E5: {3}\u7D42\u4E86\u65E5: {4}\n\u8A3C\u660E\u66F8\u306E\u30D5\u30A3\u30F3\u30AC\u30D7\u30EA\u30F3\u30C8:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t \u7F72\u540D\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u540D: {8}\n\t \u30D0\u30FC\u30B8\u30E7\u30F3: {9}"}, - {"What.is.your.first.and.last.name.", - "\u59D3\u540D\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, - {"What.is.the.name.of.your.organizational.unit.", - "\u7D44\u7E54\u5358\u4F4D\u540D\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, - {"What.is.the.name.of.your.organization.", - "\u7D44\u7E54\u540D\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, - {"What.is.the.name.of.your.City.or.Locality.", - "\u90FD\u5E02\u540D\u307E\u305F\u306F\u5730\u57DF\u540D\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, - {"What.is.the.name.of.your.State.or.Province.", - "\u90FD\u9053\u5E9C\u770C\u540D\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, - {"What.is.the.two.letter.country.code.for.this.unit.", - "\u3053\u306E\u5358\u4F4D\u306B\u8A72\u5F53\u3059\u308B2\u6587\u5B57\u306E\u56FD\u30B3\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, - {"Is.name.correct.", "{0}\u3067\u3088\u308D\u3057\u3044\u3067\u3059\u304B\u3002"}, - {"no", "\u3044\u3044\u3048"}, - {"yes", "\u306F\u3044"}, - {"y", "y"}, - {".defaultValue.", " [{0}]: "}, - {"Alias.alias.has.no.key", - "\u5225\u540D<{0}>\u306B\u306F\u9375\u304C\u3042\u308A\u307E\u305B\u3093"}, - {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", - "\u5225\u540D<{0}>\u304C\u53C2\u7167\u3057\u3066\u3044\u308B\u30A8\u30F3\u30C8\u30EA\u30FB\u30BF\u30A4\u30D7\u306F\u79D8\u5BC6\u9375\u30A8\u30F3\u30C8\u30EA\u3067\u306F\u3042\u308A\u307E\u305B\u3093\u3002-keyclone\u30B3\u30DE\u30F3\u30C9\u306F\u79D8\u5BC6\u9375\u30A8\u30F3\u30C8\u30EA\u306E\u30AF\u30ED\u30FC\u30F3\u4F5C\u6210\u306E\u307F\u3092\u30B5\u30DD\u30FC\u30C8\u3057\u307E\u3059"}, - - {".WARNING.WARNING.WARNING.", - "***************** WARNING WARNING WARNING *****************"}, - {"Signer.d.", "\u7F72\u540D\u8005\u756A\u53F7%d:"}, - {"Timestamp.", "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7:"}, - {"Signature.", "\u7F72\u540D:"}, - {"CRLs.", "CRL:"}, - {"Certificate.owner.", "\u8A3C\u660E\u66F8\u306E\u6240\u6709\u8005: "}, - {"Not.a.signed.jar.file", "\u7F72\u540D\u4ED8\u304DJAR\u30D5\u30A1\u30A4\u30EB\u3067\u306F\u3042\u308A\u307E\u305B\u3093"}, - {"No.certificate.from.the.SSL.server", - "SSL\u30B5\u30FC\u30D0\u30FC\u304B\u3089\u306E\u8A3C\u660E\u66F8\u304C\u3042\u308A\u307E\u305B\u3093"}, - - {".The.integrity.of.the.information.stored.in.your.keystore.", - "*\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u4FDD\u5B58\u3055\u308C\u305F\u60C5\u5831\u306E\u6574\u5408\u6027\u306F*\n*\u691C\u8A3C\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002\u6574\u5408\u6027\u3092\u691C\u8A3C\u3059\u308B\u306B\u306F*\n*\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002*"}, - {".The.integrity.of.the.information.stored.in.the.srckeystore.", - "*\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u4FDD\u5B58\u3055\u308C\u305F\u60C5\u5831\u306E\u6574\u5408\u6027\u306F*\n*\u691C\u8A3C\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002\u6574\u5408\u6027\u3092\u691C\u8A3C\u3059\u308B\u306B\u306F*\n*\u30BD\u30FC\u30B9\u30FB\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002*"}, - - {"Certificate.reply.does.not.contain.public.key.for.alias.", - "\u8A3C\u660E\u66F8\u5FDC\u7B54\u306B\u306F\u3001<{0}>\u306E\u516C\u958B\u9375\u306F\u542B\u307E\u308C\u307E\u305B\u3093"}, - {"Incomplete.certificate.chain.in.reply", - "\u5FDC\u7B54\u3057\u305F\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u306F\u4E0D\u5B8C\u5168\u3067\u3059"}, - {"Certificate.chain.in.reply.does.not.verify.", - "\u5FDC\u7B54\u3057\u305F\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u306F\u691C\u8A3C\u3055\u308C\u3066\u3044\u307E\u305B\u3093: "}, - {"Top.level.certificate.in.reply.", - "\u5FDC\u7B54\u3057\u305F\u30C8\u30C3\u30D7\u30EC\u30D9\u30EB\u306E\u8A3C\u660E\u66F8:\n"}, - {".is.not.trusted.", "... \u306F\u4FE1\u983C\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002 "}, - {"Install.reply.anyway.no.", "\u5FDC\u7B54\u3092\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u3057\u307E\u3059\u304B\u3002[\u3044\u3044\u3048]: "}, - {"NO", "\u3044\u3044\u3048"}, - {"Public.keys.in.reply.and.keystore.don.t.match", - "\u5FDC\u7B54\u3057\u305F\u516C\u958B\u9375\u3068\u30AD\u30FC\u30B9\u30C8\u30A2\u304C\u4E00\u81F4\u3057\u307E\u305B\u3093"}, - {"Certificate.reply.and.certificate.in.keystore.are.identical", - "\u8A3C\u660E\u66F8\u5FDC\u7B54\u3068\u30AD\u30FC\u30B9\u30C8\u30A2\u5185\u306E\u8A3C\u660E\u66F8\u304C\u540C\u3058\u3067\u3059"}, - {"Failed.to.establish.chain.from.reply", - "\u5FDC\u7B54\u304B\u3089\u9023\u9396\u3092\u78BA\u7ACB\u3067\u304D\u307E\u305B\u3093\u3067\u3057\u305F"}, - {"n", "n"}, - {"Wrong.answer.try.again", "\u5FDC\u7B54\u304C\u9593\u9055\u3063\u3066\u3044\u307E\u3059\u3002\u3082\u3046\u4E00\u5EA6\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044"}, - {"Secret.key.not.generated.alias.alias.already.exists", - "\u79D8\u5BC6\u9375\u306F\u751F\u6210\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F\u3002\u5225\u540D<{0}>\u306F\u3059\u3067\u306B\u5B58\u5728\u3057\u307E\u3059"}, - {"Please.provide.keysize.for.secret.key.generation", - "\u79D8\u5BC6\u9375\u306E\u751F\u6210\u6642\u306B\u306F -keysize\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"}, - - {"Extensions.", "\u62E1\u5F35: "}, - {".Empty.value.", "(\u7A7A\u306E\u5024)"}, - {"Extension.Request.", "\u62E1\u5F35\u30EA\u30AF\u30A8\u30B9\u30C8:"}, - {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", - "PKCS #10\u8A3C\u660E\u66F8\u30EA\u30AF\u30A8\u30B9\u30C8(\u30D0\u30FC\u30B8\u30E7\u30F31.0)\n\u30B5\u30D6\u30B8\u30A7\u30AF\u30C8: %s\n\u516C\u958B\u9375: %s \u30D5\u30A9\u30FC\u30DE\u30C3\u30C8 %s \u30AD\u30FC\n"}, - {"Unknown.keyUsage.type.", "\u4E0D\u660E\u306AkeyUsage\u30BF\u30A4\u30D7: "}, - {"Unknown.extendedkeyUsage.type.", "\u4E0D\u660E\u306AextendedkeyUsage\u30BF\u30A4\u30D7: "}, - {"Unknown.AccessDescription.type.", "\u4E0D\u660E\u306AAccessDescription\u30BF\u30A4\u30D7: "}, - {"Unrecognized.GeneralName.type.", "\u8A8D\u8B58\u3055\u308C\u306A\u3044GeneralName\u30BF\u30A4\u30D7: "}, - {"This.extension.cannot.be.marked.as.critical.", - "\u3053\u306E\u62E1\u5F35\u306F\u30AF\u30EA\u30C6\u30A3\u30AB\u30EB\u3068\u3057\u3066\u30DE\u30FC\u30AF\u4ED8\u3051\u3067\u304D\u307E\u305B\u3093\u3002 "}, - {"Odd.number.of.hex.digits.found.", "\u5947\u6570\u306E16\u9032\u6570\u304C\u898B\u3064\u304B\u308A\u307E\u3057\u305F: "}, - {"Unknown.extension.type.", "\u4E0D\u660E\u306A\u62E1\u5F35\u30BF\u30A4\u30D7: "}, - {"command.{0}.is.ambiguous.", "\u30B3\u30DE\u30F3\u30C9{0}\u306F\u3042\u3044\u307E\u3044\u3067\u3059:"}, - - // policytool - {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", - "\u8B66\u544A: \u5225\u540D{0}\u306E\u516C\u958B\u9375\u304C\u5B58\u5728\u3057\u307E\u305B\u3093\u3002\u30AD\u30FC\u30B9\u30C8\u30A2\u304C\u6B63\u3057\u304F\u69CB\u6210\u3055\u308C\u3066\u3044\u308B\u3053\u3068\u3092\u78BA\u8A8D\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, - {"Warning.Class.not.found.class", "\u8B66\u544A: \u30AF\u30E9\u30B9\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: {0}"}, - {"Warning.Invalid.argument.s.for.constructor.arg", - "\u8B66\u544A: \u30B3\u30F3\u30B9\u30C8\u30E9\u30AF\u30BF\u306E\u5F15\u6570\u304C\u7121\u52B9\u3067\u3059: {0}"}, - {"Illegal.Principal.Type.type", "\u4E0D\u6B63\u306A\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u306E\u30BF\u30A4\u30D7: {0}"}, - {"Illegal.option.option", "\u4E0D\u6B63\u306A\u30AA\u30D7\u30B7\u30E7\u30F3: {0}"}, - {"Usage.policytool.options.", "\u4F7F\u7528\u65B9\u6CD5: policytool [options]"}, - {".file.file.policy.file.location", - " [-file <file>] \u30DD\u30EA\u30B7\u30FC\u30FB\u30D5\u30A1\u30A4\u30EB\u306E\u5834\u6240"}, - {"New", "\u65B0\u898F"}, - {"Open", "\u958B\u304F"}, - {"Save", "\u4FDD\u5B58"}, - {"Save.As", "\u5225\u540D\u4FDD\u5B58"}, - {"View.Warning.Log", "\u8B66\u544A\u30ED\u30B0\u306E\u8868\u793A"}, - {"Exit", "\u7D42\u4E86"}, - {"Add.Policy.Entry", "\u30DD\u30EA\u30B7\u30FC\u30FB\u30A8\u30F3\u30C8\u30EA\u306E\u8FFD\u52A0"}, - {"Edit.Policy.Entry", "\u30DD\u30EA\u30B7\u30FC\u30FB\u30A8\u30F3\u30C8\u30EA\u306E\u7DE8\u96C6"}, - {"Remove.Policy.Entry", "\u30DD\u30EA\u30B7\u30FC\u30FB\u30A8\u30F3\u30C8\u30EA\u306E\u524A\u9664"}, - {"Edit", "\u7DE8\u96C6"}, - {"Retain", "\u4FDD\u6301"}, - - {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", - "\u8B66\u544A: \u30D5\u30A1\u30A4\u30EB\u540D\u306B\u30A8\u30B9\u30B1\u30FC\u30D7\u3055\u308C\u305F\u30D0\u30C3\u30AF\u30B9\u30E9\u30C3\u30B7\u30E5\u6587\u5B57\u304C\u542B\u307E\u308C\u3066\u3044\u308B\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002\u30D0\u30C3\u30AF\u30B9\u30E9\u30C3\u30B7\u30E5\u6587\u5B57\u3092\u30A8\u30B9\u30B1\u30FC\u30D7\u3059\u308B\u5FC5\u8981\u306F\u3042\u308A\u307E\u305B\u3093(\u30C4\u30FC\u30EB\u306F\u30DD\u30EA\u30B7\u30FC\u5185\u5BB9\u3092\u6C38\u7D9A\u30B9\u30C8\u30A2\u306B\u66F8\u304D\u8FBC\u3080\u3068\u304D\u306B\u3001\u5FC5\u8981\u306B\u5FDC\u3058\u3066\u6587\u5B57\u3092\u30A8\u30B9\u30B1\u30FC\u30D7\u3057\u307E\u3059)\u3002\n\n\u5165\u529B\u6E08\u306E\u540D\u524D\u3092\u4FDD\u6301\u3059\u308B\u306B\u306F\u300C\u4FDD\u6301\u300D\u3092\u30AF\u30EA\u30C3\u30AF\u3057\u3001\u540D\u524D\u3092\u7DE8\u96C6\u3059\u308B\u306B\u306F\u300C\u7DE8\u96C6\u300D\u3092\u30AF\u30EA\u30C3\u30AF\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, - - {"Add.Public.Key.Alias", "\u516C\u958B\u9375\u306E\u5225\u540D\u306E\u8FFD\u52A0"}, - {"Remove.Public.Key.Alias", "\u516C\u958B\u9375\u306E\u5225\u540D\u3092\u524A\u9664"}, - {"File", "\u30D5\u30A1\u30A4\u30EB"}, - {"KeyStore", "\u30AD\u30FC\u30B9\u30C8\u30A2"}, - {"Policy.File.", "\u30DD\u30EA\u30B7\u30FC\u30FB\u30D5\u30A1\u30A4\u30EB:"}, - {"Could.not.open.policy.file.policyFile.e.toString.", - "\u30DD\u30EA\u30B7\u30FC\u30FB\u30D5\u30A1\u30A4\u30EB\u3092\u958B\u3051\u307E\u305B\u3093\u3067\u3057\u305F: {0}: {1}"}, - {"Policy.Tool", "\u30DD\u30EA\u30B7\u30FC\u30FB\u30C4\u30FC\u30EB"}, - {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", - "\u30DD\u30EA\u30B7\u30FC\u69CB\u6210\u3092\u958B\u304F\u3068\u304D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F\u3002\u8A73\u7D30\u306F\u8B66\u544A\u30ED\u30B0\u3092\u53C2\u7167\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, - {"Error", "\u30A8\u30E9\u30FC"}, - {"OK", "OK"}, - {"Status", "\u72B6\u614B"}, - {"Warning", "\u8B66\u544A"}, - {"Permission.", - "\u30A2\u30AF\u30BB\u30B9\u6A29: "}, - {"Principal.Type.", "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u306E\u30BF\u30A4\u30D7:"}, - {"Principal.Name.", "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u306E\u540D\u524D:"}, - {"Target.Name.", - "\u30BF\u30FC\u30B2\u30C3\u30C8\u540D: "}, - {"Actions.", - "\u30A2\u30AF\u30B7\u30E7\u30F3: "}, - {"OK.to.overwrite.existing.file.filename.", - "\u65E2\u5B58\u306E\u30D5\u30A1\u30A4\u30EB{0}\u306B\u4E0A\u66F8\u304D\u3057\u307E\u3059\u304B\u3002"}, - {"Cancel", "\u53D6\u6D88"}, - {"CodeBase.", "CodeBase:"}, - {"SignedBy.", "SignedBy:"}, - {"Add.Principal", "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u306E\u8FFD\u52A0"}, - {"Edit.Principal", "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u306E\u7DE8\u96C6"}, - {"Remove.Principal", "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u306E\u524A\u9664"}, - {"Principals.", "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB:"}, - {".Add.Permission", " \u30A2\u30AF\u30BB\u30B9\u6A29\u306E\u8FFD\u52A0"}, - {".Edit.Permission", " \u30A2\u30AF\u30BB\u30B9\u6A29\u306E\u7DE8\u96C6"}, - {"Remove.Permission", "\u30A2\u30AF\u30BB\u30B9\u6A29\u306E\u524A\u9664"}, - {"Done", "\u5B8C\u4E86"}, - {"KeyStore.URL.", "\u30AD\u30FC\u30B9\u30C8\u30A2URL:"}, - {"KeyStore.Type.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30BF\u30A4\u30D7:"}, - {"KeyStore.Provider.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30D7\u30ED\u30D0\u30A4\u30C0:"}, - {"KeyStore.Password.URL.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30D1\u30B9\u30EF\u30FC\u30C9URL:"}, - {"Principals", "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB"}, - {".Edit.Principal.", " \u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u306E\u7DE8\u96C6:"}, - {".Add.New.Principal.", " \u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u306E\u65B0\u898F\u8FFD\u52A0:"}, - {"Permissions", "\u30A2\u30AF\u30BB\u30B9\u6A29"}, - {".Edit.Permission.", " \u30A2\u30AF\u30BB\u30B9\u6A29\u306E\u7DE8\u96C6:"}, - {".Add.New.Permission.", " \u65B0\u898F\u30A2\u30AF\u30BB\u30B9\u6A29\u306E\u8FFD\u52A0:"}, - {"Signed.By.", "\u7F72\u540D\u8005:"}, - {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", - "\u30EF\u30A4\u30EB\u30C9\u30AB\u30FC\u30C9\u540D\u306E\u306A\u3044\u30EF\u30A4\u30EB\u30C9\u30AB\u30FC\u30C9\u30FB\u30AF\u30E9\u30B9\u3092\u4F7F\u7528\u3057\u3066\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u3092\u6307\u5B9A\u3059\u308B\u3053\u3068\u306F\u3067\u304D\u307E\u305B\u3093"}, - {"Cannot.Specify.Principal.without.a.Name", - "\u540D\u524D\u3092\u4F7F\u7528\u305B\u305A\u306B\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u3092\u6307\u5B9A\u3059\u308B\u3053\u3068\u306F\u3067\u304D\u307E\u305B\u3093"}, - {"Permission.and.Target.Name.must.have.a.value", - "\u30A2\u30AF\u30BB\u30B9\u6A29\u3068\u30BF\u30FC\u30B2\u30C3\u30C8\u540D\u306F\u3001\u5024\u3092\u4FDD\u6301\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"}, - {"Remove.this.Policy.Entry.", "\u3053\u306E\u30DD\u30EA\u30B7\u30FC\u30FB\u30A8\u30F3\u30C8\u30EA\u3092\u524A\u9664\u3057\u307E\u3059\u304B\u3002"}, - {"Overwrite.File", "\u30D5\u30A1\u30A4\u30EB\u3092\u4E0A\u66F8\u304D\u3057\u307E\u3059"}, - {"Policy.successfully.written.to.filename", - "\u30DD\u30EA\u30B7\u30FC\u306E{0}\u3078\u306E\u66F8\u8FBC\u307F\u306B\u6210\u529F\u3057\u307E\u3057\u305F"}, - {"null.filename", "\u30D5\u30A1\u30A4\u30EB\u540D\u304Cnull\u3067\u3059"}, - {"Save.changes.", "\u5909\u66F4\u3092\u4FDD\u5B58\u3057\u307E\u3059\u304B\u3002"}, - {"Yes", "\u306F\u3044"}, - {"No", "\u3044\u3044\u3048"}, - {"Policy.Entry", "\u30DD\u30EA\u30B7\u30FC\u30FB\u30A8\u30F3\u30C8\u30EA"}, - {"Save.Changes", "\u5909\u66F4\u3092\u4FDD\u5B58\u3057\u307E\u3059"}, - {"No.Policy.Entry.selected", "\u30DD\u30EA\u30B7\u30FC\u30FB\u30A8\u30F3\u30C8\u30EA\u304C\u9078\u629E\u3055\u308C\u3066\u3044\u307E\u305B\u3093"}, - {"Unable.to.open.KeyStore.ex.toString.", - "\u30AD\u30FC\u30B9\u30C8\u30A2{0}\u3092\u958B\u3051\u307E\u305B\u3093"}, - {"No.principal.selected", "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u304C\u9078\u629E\u3055\u308C\u3066\u3044\u307E\u305B\u3093"}, - {"No.permission.selected", "\u30A2\u30AF\u30BB\u30B9\u6A29\u304C\u9078\u629E\u3055\u308C\u3066\u3044\u307E\u305B\u3093"}, - {"name", "\u540D\u524D"}, - {"configuration.type", "\u69CB\u6210\u30BF\u30A4\u30D7"}, - {"environment.variable.name", "\u74B0\u5883\u5909\u6570\u540D"}, - {"library.name", "\u30E9\u30A4\u30D6\u30E9\u30EA\u540D"}, - {"package.name", "\u30D1\u30C3\u30B1\u30FC\u30B8\u540D"}, - {"policy.type", "\u30DD\u30EA\u30B7\u30FC\u30FB\u30BF\u30A4\u30D7"}, - {"property.name", "\u30D7\u30ED\u30D1\u30C6\u30A3\u540D"}, - {"Principal.List", "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u306E\u30EA\u30B9\u30C8"}, - {"Permission.List", "\u30A2\u30AF\u30BB\u30B9\u6A29\u306E\u30EA\u30B9\u30C8"}, - {"Code.Base", "\u30B3\u30FC\u30C9\u30FB\u30D9\u30FC\u30B9"}, - {"KeyStore.U.R.L.", "\u30AD\u30FC\u30B9\u30C8\u30A2U R L:"}, - {"KeyStore.Password.U.R.L.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30D1\u30B9\u30EF\u30FC\u30C9U R L:"}, - - // javax.security.auth.PrivateCredentialPermission {"invalid.null.input.s.", "null\u306E\u5165\u529B\u306F\u7121\u52B9\u3067\u3059"}, {"actions.can.only.be.read.", "\u30A2\u30AF\u30B7\u30E7\u30F3\u306F'\u8AAD\u8FBC\u307F'\u306E\u307F\u53EF\u80FD\u3067\u3059"}, @@ -551,6 +58,7 @@ {"provided.null.OID.map", "null\u306EOID\u30DE\u30C3\u30D7\u304C\u6307\u5B9A\u3055\u308C\u307E\u3057\u305F"}, // javax.security.auth.Subject + {"NEWLINE", "\n"}, {"invalid.null.AccessControlContext.provided", "\u7121\u52B9\u306Anull AccessControlContext\u304C\u6307\u5B9A\u3055\u308C\u307E\u3057\u305F"}, {"invalid.null.action.provided", "\u7121\u52B9\u306Anull\u30A2\u30AF\u30B7\u30E7\u30F3\u304C\u6307\u5B9A\u3055\u308C\u307E\u3057\u305F"}, @@ -654,6 +162,7 @@ * * @return the contents of this <code>ResourceBundle</code>. */ + @Override public Object[][] getContents() { return contents; }
--- a/src/share/classes/sun/security/util/Resources_ko.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/Resources_ko.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,499 +34,6 @@ private static final Object[][] contents = { - // shared (from jarsigner) - {"SPACE", " "}, - {"2SPACE", " "}, - {"6SPACE", " "}, - {"COMMA", ", "}, - // shared (from keytool) - {"NEWLINE", "\n"}, - {"STAR", - "*******************************************"}, - {"STARNN", - "*******************************************\n\n"}, - - // keytool: Help part - {".OPTION.", " [OPTION]..."}, - {"Options.", "\uC635\uC158:"}, - {"Use.keytool.help.for.all.available.commands", - "\uC0AC\uC6A9 \uAC00\uB2A5\uD55C \uBAA8\uB4E0 \uBA85\uB839\uC5D0 \"keytool -help\" \uC0AC\uC6A9"}, - {"Key.and.Certificate.Management.Tool", - "\uD0A4 \uBC0F \uC778\uC99D\uC11C \uAD00\uB9AC \uD234"}, - {"Commands.", "\uBA85\uB839:"}, - {"Use.keytool.command.name.help.for.usage.of.command.name", - "command_name \uC0AC\uC6A9\uBC95\uC5D0 \"keytool -command_name -help\" \uC0AC\uC6A9"}, - // keytool: help: commands - {"Generates.a.certificate.request", - "\uC778\uC99D\uC11C \uC694\uCCAD\uC744 \uC0DD\uC131\uD569\uB2C8\uB2E4."}, //-certreq - {"Changes.an.entry.s.alias", - "\uD56D\uBAA9\uC758 \uBCC4\uCE6D\uC744 \uBCC0\uACBD\uD569\uB2C8\uB2E4."}, //-changealias - {"Deletes.an.entry", - "\uD56D\uBAA9\uC744 \uC0AD\uC81C\uD569\uB2C8\uB2E4."}, //-delete - {"Exports.certificate", - "\uC778\uC99D\uC11C\uB97C \uC775\uC2A4\uD3EC\uD2B8\uD569\uB2C8\uB2E4."}, //-exportcert - {"Generates.a.key.pair", - "\uD0A4 \uC30D\uC744 \uC0DD\uC131\uD569\uB2C8\uB2E4."}, //-genkeypair - {"Generates.a.secret.key", - "\uBCF4\uC548 \uD0A4\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4."}, //-genseckey - {"Generates.certificate.from.a.certificate.request", - "\uC778\uC99D\uC11C \uC694\uCCAD\uC5D0\uC11C \uC778\uC99D\uC11C\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4."}, //-gencert - {"Generates.CRL", "CRL\uC744 \uC0DD\uC131\uD569\uB2C8\uB2E4."}, //-gencrl - {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", - "JDK 1.1.x \uC2A4\uD0C0\uC77C ID \uB370\uC774\uD130\uBCA0\uC774\uC2A4\uC5D0\uC11C \uD56D\uBAA9\uC744 \uC784\uD3EC\uD2B8\uD569\uB2C8\uB2E4."}, //-identitydb - {"Imports.a.certificate.or.a.certificate.chain", - "\uC778\uC99D\uC11C \uB610\uB294 \uC778\uC99D\uC11C \uCCB4\uC778\uC744 \uC784\uD3EC\uD2B8\uD569\uB2C8\uB2E4."}, //-importcert - {"Imports.one.or.all.entries.from.another.keystore", - "\uB2E4\uB978 \uD0A4 \uC800\uC7A5\uC18C\uC5D0\uC11C \uD558\uB098 \uB610\uB294 \uBAA8\uB4E0 \uD56D\uBAA9\uC744 \uC784\uD3EC\uD2B8\uD569\uB2C8\uB2E4."}, //-importkeystore - {"Clones.a.key.entry", - "\uD0A4 \uD56D\uBAA9\uC744 \uBCF5\uC81C\uD569\uB2C8\uB2E4."}, //-keyclone - {"Changes.the.key.password.of.an.entry", - "\uD56D\uBAA9\uC758 \uD0A4 \uBE44\uBC00\uBC88\uD638\uB97C \uBCC0\uACBD\uD569\uB2C8\uB2E4."}, //-keypasswd - {"Lists.entries.in.a.keystore", - "\uD0A4 \uC800\uC7A5\uC18C\uC758 \uD56D\uBAA9\uC744 \uB098\uC5F4\uD569\uB2C8\uB2E4."}, //-list - {"Prints.the.content.of.a.certificate", - "\uC778\uC99D\uC11C\uC758 \uCF58\uD150\uCE20\uB97C \uC778\uC1C4\uD569\uB2C8\uB2E4."}, //-printcert - {"Prints.the.content.of.a.certificate.request", - "\uC778\uC99D\uC11C \uC694\uCCAD\uC758 \uCF58\uD150\uCE20\uB97C \uC778\uC1C4\uD569\uB2C8\uB2E4."}, //-printcertreq - {"Prints.the.content.of.a.CRL.file", - "CRL \uD30C\uC77C\uC758 \uCF58\uD150\uCE20\uB97C \uC778\uC1C4\uD569\uB2C8\uB2E4."}, //-printcrl - {"Generates.a.self.signed.certificate", - "\uC790\uCCB4 \uC11C\uBA85\uB41C \uC778\uC99D\uC11C\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4."}, //-selfcert - {"Changes.the.store.password.of.a.keystore", - "\uD0A4 \uC800\uC7A5\uC18C\uC758 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638\uB97C \uBCC0\uACBD\uD569\uB2C8\uB2E4."}, //-storepasswd - // keytool: help: options - {"alias.name.of.the.entry.to.process", - "\uCC98\uB9AC\uD560 \uD56D\uBAA9\uC758 \uBCC4\uCE6D \uC774\uB984"}, //-alias - {"destination.alias", - "\uB300\uC0C1 \uBCC4\uCE6D"}, //-destalias - {"destination.key.password", - "\uB300\uC0C1 \uD0A4 \uBE44\uBC00\uBC88\uD638"}, //-destkeypass - {"destination.keystore.name", - "\uB300\uC0C1 \uD0A4 \uC800\uC7A5\uC18C \uC774\uB984"}, //-destkeystore - {"destination.keystore.password.protected", - "\uB300\uC0C1 \uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638\uB85C \uBCF4\uD638\uB428"}, //-destprotected - {"destination.keystore.provider.name", - "\uB300\uC0C1 \uD0A4 \uC800\uC7A5\uC18C \uC81C\uACF5\uC790 \uC774\uB984"}, //-destprovidername - {"destination.keystore.password", - "\uB300\uC0C1 \uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638"}, //-deststorepass - {"destination.keystore.type", - "\uB300\uC0C1 \uD0A4 \uC800\uC7A5\uC18C \uC720\uD615"}, //-deststoretype - {"distinguished.name", - "\uC2DD\uBCC4 \uC774\uB984"}, //-dname - {"X.509.extension", - "X.509 \uD655\uC7A5"}, //-ext - {"output.file.name", - "\uCD9C\uB825 \uD30C\uC77C \uC774\uB984"}, //-file and -outfile - {"input.file.name", - "\uC785\uB825 \uD30C\uC77C \uC774\uB984"}, //-file and -infile - {"key.algorithm.name", - "\uD0A4 \uC54C\uACE0\uB9AC\uC998 \uC774\uB984"}, //-keyalg - {"key.password", - "\uD0A4 \uBE44\uBC00\uBC88\uD638"}, //-keypass - {"key.bit.size", - "\uD0A4 \uBE44\uD2B8 \uD06C\uAE30"}, //-keysize - {"keystore.name", - "\uD0A4 \uC800\uC7A5\uC18C \uC774\uB984"}, //-keystore - {"new.password", - "\uC0C8 \uBE44\uBC00\uBC88\uD638"}, //-new - {"do.not.prompt", - "\uD655\uC778\uD558\uC9C0 \uC54A\uC74C"}, //-noprompt - {"password.through.protected.mechanism", - "\uBCF4\uD638\uB418\uB294 \uBA54\uCEE4\uB2C8\uC998\uC744 \uD1B5\uD55C \uBE44\uBC00\uBC88\uD638"}, //-protected - {"provider.argument", - "\uC81C\uACF5\uC790 \uC778\uC218"}, //-providerarg - {"provider.class.name", - "\uC81C\uACF5\uC790 \uD074\uB798\uC2A4 \uC774\uB984"}, //-providerclass - {"provider.name", - "\uC81C\uACF5\uC790 \uC774\uB984"}, //-providername - {"provider.classpath", - "\uC81C\uACF5\uC790 \uD074\uB798\uC2A4 \uACBD\uB85C"}, //-providerpath - {"output.in.RFC.style", - "RFC \uC2A4\uD0C0\uC77C\uC758 \uCD9C\uB825"}, //-rfc - {"signature.algorithm.name", - "\uC11C\uBA85 \uC54C\uACE0\uB9AC\uC998 \uC774\uB984"}, //-sigalg - {"source.alias", - "\uC18C\uC2A4 \uBCC4\uCE6D"}, //-srcalias - {"source.key.password", - "\uC18C\uC2A4 \uD0A4 \uBE44\uBC00\uBC88\uD638"}, //-srckeypass - {"source.keystore.name", - "\uC18C\uC2A4 \uD0A4 \uC800\uC7A5\uC18C \uC774\uB984"}, //-srckeystore - {"source.keystore.password.protected", - "\uC18C\uC2A4 \uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638\uB85C \uBCF4\uD638\uB428"}, //-srcprotected - {"source.keystore.provider.name", - "\uC18C\uC2A4 \uD0A4 \uC800\uC7A5\uC18C \uC81C\uACF5\uC790 \uC774\uB984"}, //-srcprovidername - {"source.keystore.password", - "\uC18C\uC2A4 \uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638"}, //-srcstorepass - {"source.keystore.type", - "\uC18C\uC2A4 \uD0A4 \uC800\uC7A5\uC18C \uC720\uD615"}, //-srcstoretype - {"SSL.server.host.and.port", - "SSL \uC11C\uBC84 \uD638\uC2A4\uD2B8 \uBC0F \uD3EC\uD2B8"}, //-sslserver - {"signed.jar.file", - "\uC11C\uBA85\uB41C jar \uD30C\uC77C"}, //=jarfile - {"certificate.validity.start.date.time", - "\uC778\uC99D\uC11C \uC720\uD6A8 \uAE30\uAC04 \uC2DC\uC791 \uB0A0\uC9DC/\uC2DC\uAC04"}, //-startdate - {"keystore.password", - "\uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638"}, //-storepass - {"keystore.type", - "\uD0A4 \uC800\uC7A5\uC18C \uC720\uD615"}, //-storetype - {"trust.certificates.from.cacerts", - "cacerts\uC758 \uBCF4\uC548 \uC778\uC99D\uC11C"}, //-trustcacerts - {"verbose.output", - "\uC0C1\uC138 \uC815\uBCF4 \uCD9C\uB825"}, //-v - {"validity.number.of.days", - "\uC720\uD6A8 \uAE30\uAC04 \uC77C \uC218"}, //-validity - {"Serial.ID.of.cert.to.revoke", - "\uCCA0\uD68C\uD560 \uC778\uC99D\uC11C\uC758 \uC77C\uB828 ID"}, //-id - // keytool: Running part - {"keytool.error.", "keytool \uC624\uB958: "}, - {"Illegal.option.", "\uC798\uBABB\uB41C \uC635\uC158: "}, - {"Illegal.value.", "\uC798\uBABB\uB41C \uAC12: "}, - {"Unknown.password.type.", "\uC54C \uC218 \uC5C6\uB294 \uBE44\uBC00\uBC88\uD638 \uC720\uD615: "}, - {"Cannot.find.environment.variable.", - "\uD658\uACBD \uBCC0\uC218\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC74C: "}, - {"Cannot.find.file.", "\uD30C\uC77C\uC744 \uCC3E\uC744 \uC218 \uC5C6\uC74C: "}, - {"Command.option.flag.needs.an.argument.", "\uBA85\uB839 \uC635\uC158 {0}\uC5D0 \uC778\uC218\uAC00 \uD544\uC694\uD569\uB2C8\uB2E4."}, - {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", - "\uACBD\uACE0: \uB2E4\uB978 \uC800\uC7A5\uC18C \uBC0F \uD0A4 \uBE44\uBC00\uBC88\uD638\uB294 PKCS12 KeyStores\uC5D0 \uB300\uD574 \uC9C0\uC6D0\uB418\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4. \uC0AC\uC6A9\uC790\uAC00 \uC9C0\uC815\uD55C {0} \uAC12\uC744 \uBB34\uC2DC\uD558\uB294 \uC911\uC785\uB2C8\uB2E4."}, - {".keystore.must.be.NONE.if.storetype.is.{0}", - "-storetype\uC774 {0}\uC778 \uACBD\uC6B0 -keystore\uB294 NONE\uC774\uC5B4\uC57C \uD569\uB2C8\uB2E4."}, - {"Too.many.retries.program.terminated", - "\uC7AC\uC2DC\uB3C4 \uD69F\uC218\uAC00 \uB108\uBB34 \uB9CE\uC544 \uD504\uB85C\uADF8\uB7A8\uC774 \uC885\uB8CC\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, - {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", - "-storetype\uC774 {0}\uC778 \uACBD\uC6B0 -storepasswd \uBC0F -keypasswd \uBA85\uB839\uC774 \uC9C0\uC6D0\uB418\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4."}, - {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", - "-storetype\uC774 PKCS12\uC778 \uACBD\uC6B0 -keypasswd \uBA85\uB839\uC774 \uC9C0\uC6D0\uB418\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4."}, - {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", - "-storetype\uC774 {0}\uC778 \uACBD\uC6B0 -keypass \uBC0F -new\uB97C \uC9C0\uC815\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."}, - {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", - "-protected\uB97C \uC9C0\uC815\uD55C \uACBD\uC6B0 -storepass, -keypass \uBC0F -new\uB97C \uC9C0\uC815\uD558\uC9C0 \uC54A\uC544\uC57C \uD569\uB2C8\uB2E4."}, - {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", - "-srcprotected\uB97C \uC9C0\uC815\uD55C \uACBD\uC6B0 -srcstorepass \uBC0F -srckeypass\uB97C \uC9C0\uC815\uD558\uC9C0 \uC54A\uC544\uC57C \uD569\uB2C8\uB2E4."}, - {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", - "\uD0A4 \uC800\uC7A5\uC18C\uAC00 \uBE44\uBC00\uBC88\uD638\uB85C \uBCF4\uD638\uB418\uC9C0 \uC54A\uB294 \uACBD\uC6B0 -storepass, -keypass \uBC0F -new\uB97C \uC9C0\uC815\uD558\uC9C0 \uC54A\uC544\uC57C \uD569\uB2C8\uB2E4."}, - {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", - "\uC18C\uC2A4 \uD0A4 \uC800\uC7A5\uC18C\uAC00 \uBE44\uBC00\uBC88\uD638\uB85C \uBCF4\uD638\uB418\uC9C0 \uC54A\uB294 \uACBD\uC6B0 -srcstorepass \uBC0F -srckeypass\uB97C \uC9C0\uC815\uD558\uC9C0 \uC54A\uC544\uC57C \uD569\uB2C8\uB2E4."}, - {"Illegal.startdate.value", "startdate \uAC12\uC774 \uC798\uBABB\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, - {"Validity.must.be.greater.than.zero", - "\uC720\uD6A8 \uAE30\uAC04\uC740 0\uBCF4\uB2E4 \uCEE4\uC57C \uD569\uB2C8\uB2E4."}, - {"provName.not.a.provider", "{0}\uC740(\uB294) \uC81C\uACF5\uC790\uAC00 \uC544\uB2D9\uB2C8\uB2E4."}, - {"Usage.error.no.command.provided", "\uC0AC\uC6A9\uBC95 \uC624\uB958: \uBA85\uB839\uC744 \uC785\uB825\uD558\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."}, - {"Source.keystore.file.exists.but.is.empty.", "\uC18C\uC2A4 \uD0A4 \uC800\uC7A5\uC18C \uD30C\uC77C\uC774 \uC874\uC7AC\uD558\uC9C0\uB9CC \uBE44\uC5B4 \uC788\uC74C: "}, - {"Please.specify.srckeystore", "-srckeystore\uB97C \uC9C0\uC815\uD558\uC2ED\uC2DC\uC624."}, - {"Must.not.specify.both.v.and.rfc.with.list.command", - "'list' \uBA85\uB839\uC5D0 -v\uC640 -rfc\uB97C \uD568\uAED8 \uC9C0\uC815\uD558\uC9C0 \uC54A\uC544\uC57C \uD569\uB2C8\uB2E4."}, - {"Key.password.must.be.at.least.6.characters", - "\uD0A4 \uBE44\uBC00\uBC88\uD638\uB294 6\uC790 \uC774\uC0C1\uC774\uC5B4\uC57C \uD569\uB2C8\uB2E4."}, - {"New.password.must.be.at.least.6.characters", - "\uC0C8 \uBE44\uBC00\uBC88\uD638\uB294 6\uC790 \uC774\uC0C1\uC774\uC5B4\uC57C \uD569\uB2C8\uB2E4."}, - {"Keystore.file.exists.but.is.empty.", - "\uD0A4 \uC800\uC7A5\uC18C \uD30C\uC77C\uC774 \uC874\uC7AC\uD558\uC9C0\uB9CC \uBE44\uC5B4 \uC788\uC74C: "}, - {"Keystore.file.does.not.exist.", - "\uD0A4 \uC800\uC7A5\uC18C \uD30C\uC77C\uC774 \uC874\uC7AC\uD558\uC9C0 \uC54A\uC74C: "}, - {"Must.specify.destination.alias", "\uB300\uC0C1 \uBCC4\uCE6D\uC744 \uC9C0\uC815\uD574\uC57C \uD569\uB2C8\uB2E4."}, - {"Must.specify.alias", "\uBCC4\uCE6D\uC744 \uC9C0\uC815\uD574\uC57C \uD569\uB2C8\uB2E4."}, - {"Keystore.password.must.be.at.least.6.characters", - "\uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638\uB294 6\uC790 \uC774\uC0C1\uC774\uC5B4\uC57C \uD569\uB2C8\uB2E4."}, - {"Enter.keystore.password.", "\uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638 \uC785\uB825: "}, - {"Enter.source.keystore.password.", "\uC18C\uC2A4 \uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638 \uC785\uB825: "}, - {"Enter.destination.keystore.password.", "\uB300\uC0C1 \uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638 \uC785\uB825: "}, - {"Keystore.password.is.too.short.must.be.at.least.6.characters", - "\uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638\uAC00 \uB108\uBB34 \uC9E7\uC74C - 6\uC790 \uC774\uC0C1\uC774\uC5B4\uC57C \uD569\uB2C8\uB2E4."}, - {"Unknown.Entry.Type", "\uC54C \uC218 \uC5C6\uB294 \uD56D\uBAA9 \uC720\uD615"}, - {"Too.many.failures.Alias.not.changed", "\uC624\uB958\uAC00 \uB108\uBB34 \uB9CE\uC2B5\uB2C8\uB2E4. \uBCC4\uCE6D\uC774 \uBCC0\uACBD\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."}, - {"Entry.for.alias.alias.successfully.imported.", - "{0} \uBCC4\uCE6D\uC5D0 \uB300\uD55C \uD56D\uBAA9\uC774 \uC131\uACF5\uC801\uC73C\uB85C \uC784\uD3EC\uD2B8\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, - {"Entry.for.alias.alias.not.imported.", "{0} \uBCC4\uCE6D\uC5D0 \uB300\uD55C \uD56D\uBAA9\uC774 \uC784\uD3EC\uD2B8\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."}, - {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", - "{0} \uBCC4\uCE6D\uC5D0 \uB300\uD55C \uD56D\uBAA9\uC744 \uC784\uD3EC\uD2B8\uD558\uB294 \uC911 \uBB38\uC81C \uBC1C\uC0DD: {1}.\n{0} \uBCC4\uCE6D\uC5D0 \uB300\uD55C \uD56D\uBAA9\uC774 \uC784\uD3EC\uD2B8\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."}, - {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", - "\uC784\uD3EC\uD2B8 \uBA85\uB839 \uC644\uB8CC: \uC131\uACF5\uC801\uC73C\uB85C \uC784\uD3EC\uD2B8\uB41C \uD56D\uBAA9\uC740 {0}\uAC1C, \uC2E4\uD328\uD558\uAC70\uB098 \uCDE8\uC18C\uB41C \uD56D\uBAA9\uC740 {1}\uAC1C\uC785\uB2C8\uB2E4."}, - {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", - "\uACBD\uACE0: \uB300\uC0C1 \uD0A4 \uC800\uC7A5\uC18C\uC5D0\uC11C \uAE30\uC874 \uBCC4\uCE6D {0}\uC744(\uB97C) \uACB9\uCCD0 \uC4F0\uB294 \uC911"}, - {"Existing.entry.alias.alias.exists.overwrite.no.", - "\uAE30\uC874 \uD56D\uBAA9 \uBCC4\uCE6D {0}\uC774(\uAC00) \uC874\uC7AC\uD569\uB2C8\uB2E4. \uACB9\uCCD0 \uC4F0\uACA0\uC2B5\uB2C8\uAE4C? [\uC544\uB2C8\uC624]: "}, - {"Too.many.failures.try.later", "\uC624\uB958\uAC00 \uB108\uBB34 \uB9CE\uC74C - \uB098\uC911\uC5D0 \uC2DC\uB3C4\uD558\uC2ED\uC2DC\uC624."}, - {"Certification.request.stored.in.file.filename.", - "\uC778\uC99D \uC694\uCCAD\uC774 <{0}> \uD30C\uC77C\uC5D0 \uC800\uC7A5\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, - {"Submit.this.to.your.CA", "CA\uC5D0\uAC8C \uC81C\uCD9C\uD558\uC2ED\uC2DC\uC624."}, - {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", - "\uBCC4\uCE6D\uC744 \uC9C0\uC815\uD558\uC9C0 \uC54A\uC740 \uACBD\uC6B0 destalias, srckeypass \uBC0F destkeypass\uB97C \uC9C0\uC815\uD558\uC9C0 \uC54A\uC544\uC57C \uD569\uB2C8\uB2E4."}, - {"Certificate.stored.in.file.filename.", - "\uC778\uC99D\uC11C\uAC00 <{0}> \uD30C\uC77C\uC5D0 \uC800\uC7A5\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, - {"Certificate.reply.was.installed.in.keystore", - "\uC778\uC99D\uC11C \uD68C\uC2E0\uC774 \uD0A4 \uC800\uC7A5\uC18C\uC5D0 \uC124\uCE58\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, - {"Certificate.reply.was.not.installed.in.keystore", - "\uC778\uC99D\uC11C \uD68C\uC2E0\uC774 \uD0A4 \uC800\uC7A5\uC18C\uC5D0 \uC124\uCE58\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."}, - {"Certificate.was.added.to.keystore", - "\uC778\uC99D\uC11C\uAC00 \uD0A4 \uC800\uC7A5\uC18C\uC5D0 \uCD94\uAC00\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, - {"Certificate.was.not.added.to.keystore", - "\uC778\uC99D\uC11C\uAC00 \uD0A4 \uC800\uC7A5\uC18C\uC5D0 \uCD94\uAC00\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."}, - {".Storing.ksfname.", "[{0}\uC744(\uB97C) \uC800\uC7A5\uD558\uB294 \uC911]"}, - {"alias.has.no.public.key.certificate.", - "{0}\uC5D0 \uACF5\uC6A9 \uD0A4(\uC778\uC99D\uC11C)\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4."}, - {"Cannot.derive.signature.algorithm", - "\uC11C\uBA85 \uC54C\uACE0\uB9AC\uC998\uC744 \uD30C\uC0DD\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."}, - {"Alias.alias.does.not.exist", - "<{0}> \uBCC4\uCE6D\uC774 \uC874\uC7AC\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4."}, - {"Alias.alias.has.no.certificate", - "<{0}> \uBCC4\uCE6D\uC5D0 \uC778\uC99D\uC11C\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4."}, - {"Key.pair.not.generated.alias.alias.already.exists", - "\uD0A4 \uC30D\uC774 \uC0DD\uC131\uB418\uC9C0 \uC54A\uC558\uC73C\uBA70 <{0}> \uBCC4\uCE6D\uC774 \uC874\uC7AC\uD569\uB2C8\uB2E4."}, - {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", - "\uB2E4\uC74C\uC5D0 \uB300\uD574 \uC720\uD6A8 \uAE30\uAC04\uC774 {3}\uC77C\uC778 {0}\uBE44\uD2B8 {1} \uD0A4 \uC30D \uBC0F \uC790\uCCB4 \uC11C\uBA85\uB41C \uC778\uC99D\uC11C({2})\uB97C \uC0DD\uC131\uD558\uB294 \uC911\n\t: {4}"}, - {"Enter.key.password.for.alias.", "<{0}>\uC5D0 \uB300\uD55C \uD0A4 \uBE44\uBC00\uBC88\uD638\uB97C \uC785\uB825\uD558\uC2ED\uC2DC\uC624."}, - {".RETURN.if.same.as.keystore.password.", - "\t(\uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638\uC640 \uB3D9\uC77C\uD55C \uACBD\uC6B0 Enter \uD0A4\uB97C \uB204\uB984): "}, - {"Key.password.is.too.short.must.be.at.least.6.characters", - "\uD0A4 \uBE44\uBC00\uBC88\uD638\uAC00 \uB108\uBB34 \uC9E7\uC74C - 6\uC790 \uC774\uC0C1\uC774\uC5B4\uC57C \uD569\uB2C8\uB2E4."}, - {"Too.many.failures.key.not.added.to.keystore", - "\uC624\uB958\uAC00 \uB108\uBB34 \uB9CE\uC74C - \uD0A4 \uC800\uC7A5\uC18C\uC5D0 \uD0A4\uAC00 \uCD94\uAC00\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."}, - {"Destination.alias.dest.already.exists", - "\uB300\uC0C1 \uBCC4\uCE6D <{0}>\uC774(\uAC00) \uC874\uC7AC\uD569\uB2C8\uB2E4."}, - {"Password.is.too.short.must.be.at.least.6.characters", - "\uBE44\uBC00\uBC88\uD638\uAC00 \uB108\uBB34 \uC9E7\uC74C - 6\uC790 \uC774\uC0C1\uC774\uC5B4\uC57C \uD569\uB2C8\uB2E4."}, - {"Too.many.failures.Key.entry.not.cloned", - "\uC624\uB958\uAC00 \uB108\uBB34 \uB9CE\uC2B5\uB2C8\uB2E4. \uD0A4 \uD56D\uBAA9\uC774 \uBCF5\uC81C\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."}, - {"key.password.for.alias.", "<{0}>\uC5D0 \uB300\uD55C \uD0A4 \uBE44\uBC00\uBC88\uD638"}, - {"Keystore.entry.for.id.getName.already.exists", - "<{0}>\uC5D0 \uB300\uD55C \uD0A4 \uC800\uC7A5\uC18C \uD56D\uBAA9\uC774 \uC874\uC7AC\uD569\uB2C8\uB2E4."}, - {"Creating.keystore.entry.for.id.getName.", - "<{0}>\uC5D0 \uB300\uD55C \uD0A4 \uC800\uC7A5\uC18C \uD56D\uBAA9\uC744 \uC0DD\uC131\uD558\uB294 \uC911..."}, - {"No.entries.from.identity.database.added", - "ID \uB370\uC774\uD130\uBCA0\uC774\uC2A4\uC5D0\uC11C \uCD94\uAC00\uB41C \uD56D\uBAA9\uC774 \uC5C6\uC2B5\uB2C8\uB2E4."}, - {"Alias.name.alias", "\uBCC4\uCE6D \uC774\uB984: {0}"}, - {"Creation.date.keyStore.getCreationDate.alias.", - "\uC0DD\uC131 \uB0A0\uC9DC: {0,date}"}, - {"alias.keyStore.getCreationDate.alias.", - "{0}, {1,date}, "}, - {"alias.", "{0}, "}, - {"Entry.type.type.", "\uD56D\uBAA9 \uC720\uD615: {0}"}, - {"Certificate.chain.length.", "\uC778\uC99D\uC11C \uCCB4\uC778 \uAE38\uC774: "}, - {"Certificate.i.1.", "\uC778\uC99D\uC11C[{0,number,integer}]:"}, - {"Certificate.fingerprint.SHA1.", "\uC778\uC99D\uC11C \uC9C0\uBB38(SHA1): "}, - {"Keystore.type.", "\uD0A4 \uC800\uC7A5\uC18C \uC720\uD615: "}, - {"Keystore.provider.", "\uD0A4 \uC800\uC7A5\uC18C \uC81C\uACF5\uC790: "}, - {"Your.keystore.contains.keyStore.size.entry", - "\uD0A4 \uC800\uC7A5\uC18C\uC5D0 {0,number,integer}\uAC1C\uC758 \uD56D\uBAA9\uC774 \uD3EC\uD568\uB418\uC5B4 \uC788\uC2B5\uB2C8\uB2E4."}, - {"Your.keystore.contains.keyStore.size.entries", - "\uD0A4 \uC800\uC7A5\uC18C\uC5D0 {0,number,integer}\uAC1C\uC758 \uD56D\uBAA9\uC774 \uD3EC\uD568\uB418\uC5B4 \uC788\uC2B5\uB2C8\uB2E4."}, - {"Failed.to.parse.input", "\uC785\uB825\uAC12\uC758 \uAD6C\uBB38 \uBD84\uC11D\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4."}, - {"Empty.input", "\uC785\uB825\uAC12\uC774 \uBE44\uC5B4 \uC788\uC2B5\uB2C8\uB2E4."}, - {"Not.X.509.certificate", "X.509 \uC778\uC99D\uC11C\uAC00 \uC544\uB2D9\uB2C8\uB2E4."}, - {"alias.has.no.public.key", "{0}\uC5D0 \uACF5\uC6A9 \uD0A4\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4."}, - {"alias.has.no.X.509.certificate", "{0}\uC5D0 X.509 \uC778\uC99D\uC11C\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4."}, - {"New.certificate.self.signed.", "\uC0C8 \uC778\uC99D\uC11C(\uC790\uCCB4 \uC11C\uBA85):"}, - {"Reply.has.no.certificates", "\uD68C\uC2E0\uC5D0 \uC778\uC99D\uC11C\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4."}, - {"Certificate.not.imported.alias.alias.already.exists", - "\uC778\uC99D\uC11C\uAC00 \uC784\uD3EC\uD2B8\uB418\uC9C0 \uC54A\uC558\uC73C\uBA70 <{0}> \uBCC4\uCE6D\uC774 \uC874\uC7AC\uD569\uB2C8\uB2E4."}, - {"Input.not.an.X.509.certificate", "\uC785\uB825\uC774 X.509 \uC778\uC99D\uC11C\uAC00 \uC544\uB2D9\uB2C8\uB2E4."}, - {"Certificate.already.exists.in.keystore.under.alias.trustalias.", - "\uC778\uC99D\uC11C\uAC00 <{0}> \uBCC4\uCE6D \uC544\uB798\uC758 \uD0A4 \uC800\uC7A5\uC18C\uC5D0 \uC874\uC7AC\uD569\uB2C8\uB2E4."}, - {"Do.you.still.want.to.add.it.no.", - "\uCD94\uAC00\uD558\uACA0\uC2B5\uB2C8\uAE4C? [\uC544\uB2C8\uC624]: "}, - {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", - "\uC778\uC99D\uC11C\uAC00 <{0}> \uBCC4\uCE6D \uC544\uB798\uC5D0 \uC788\uB294 \uC2DC\uC2A4\uD15C \uCC28\uC6D0\uC758 CA \uD0A4 \uC800\uC7A5\uC18C\uC5D0 \uC874\uC7AC\uD569\uB2C8\uB2E4."}, - {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", - "\uACE0\uC720\uD55C \uD0A4 \uC800\uC7A5\uC18C\uC5D0 \uCD94\uAC00\uD558\uACA0\uC2B5\uB2C8\uAE4C? [\uC544\uB2C8\uC624]: "}, - {"Trust.this.certificate.no.", "\uC774 \uC778\uC99D\uC11C\uB97C \uC2E0\uB8B0\uD569\uB2C8\uAE4C? [\uC544\uB2C8\uC624]: "}, - {"YES", "\uC608"}, - {"New.prompt.", "\uC0C8 {0}: "}, - {"Passwords.must.differ", "\uBE44\uBC00\uBC88\uD638\uB294 \uB2EC\uB77C\uC57C \uD569\uB2C8\uB2E4."}, - {"Re.enter.new.prompt.", "\uC0C8 {0} \uB2E4\uC2DC \uC785\uB825: "}, - {"Re.enter.new.password.", "\uC0C8 \uBE44\uBC00\uBC88\uD638 \uB2E4\uC2DC \uC785\uB825: "}, - {"They.don.t.match.Try.again", "\uC77C\uCE58\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4. \uB2E4\uC2DC \uC2DC\uB3C4\uD558\uC2ED\uC2DC\uC624."}, - {"Enter.prompt.alias.name.", "{0} \uBCC4\uCE6D \uC774\uB984 \uC785\uB825: "}, - {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", - "\uC0C8 \uBCC4\uCE6D \uC774\uB984 \uC785\uB825\t(\uC774 \uD56D\uBAA9\uC5D0 \uB300\uD55C \uC784\uD3EC\uD2B8\uB97C \uCDE8\uC18C\uD558\uB824\uBA74 Enter \uD0A4\uB97C \uB204\uB984): "}, - {"Enter.alias.name.", "\uBCC4\uCE6D \uC774\uB984 \uC785\uB825: "}, - {".RETURN.if.same.as.for.otherAlias.", - "\t(<{0}>\uACFC(\uC640) \uB3D9\uC77C\uD55C \uACBD\uC6B0 Enter \uD0A4\uB97C \uB204\uB984)"}, - {".PATTERN.printX509Cert", - "\uC18C\uC720\uC790: {0}\n\uBC1C\uD589\uC790: {1}\n\uC77C\uB828 \uBC88\uD638: {2}\n\uC801\uD569\uD55C \uC2DC\uC791 \uB0A0\uC9DC: {3}, \uC885\uB8CC \uB0A0\uC9DC: {4}\n\uC778\uC99D\uC11C \uC9C0\uBB38:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t \uC11C\uBA85 \uC54C\uACE0\uB9AC\uC998 \uC774\uB984: {8}\n\t \uBC84\uC804: {9}"}, - {"What.is.your.first.and.last.name.", - "\uC774\uB984\uACFC \uC131\uC744 \uC785\uB825\uD558\uC2ED\uC2DC\uC624."}, - {"What.is.the.name.of.your.organizational.unit.", - "\uC870\uC9C1 \uB2E8\uC704 \uC774\uB984\uC744 \uC785\uB825\uD558\uC2ED\uC2DC\uC624."}, - {"What.is.the.name.of.your.organization.", - "\uC870\uC9C1 \uC774\uB984\uC744 \uC785\uB825\uD558\uC2ED\uC2DC\uC624."}, - {"What.is.the.name.of.your.City.or.Locality.", - "\uAD6C/\uAD70/\uC2DC \uC774\uB984\uC744 \uC785\uB825\uD558\uC2ED\uC2DC\uC624?"}, - {"What.is.the.name.of.your.State.or.Province.", - "\uC2DC/\uB3C4 \uC774\uB984\uC744 \uC785\uB825\uD558\uC2ED\uC2DC\uC624."}, - {"What.is.the.two.letter.country.code.for.this.unit.", - "\uC774 \uC870\uC9C1\uC758 \uB450 \uC790\uB9AC \uAD6D\uAC00 \uCF54\uB4DC\uB97C \uC785\uB825\uD558\uC2ED\uC2DC\uC624."}, - {"Is.name.correct.", "{0}\uC774(\uAC00) \uB9DE\uC2B5\uB2C8\uAE4C?"}, - {"no", "\uC544\uB2C8\uC624"}, - {"yes", "\uC608"}, - {"y", "y"}, - {".defaultValue.", " [{0}]: "}, - {"Alias.alias.has.no.key", - "<{0}> \uBCC4\uCE6D\uC5D0 \uD0A4\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4."}, - {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", - "<{0}> \uBCC4\uCE6D\uC740 \uC804\uC6A9 \uD0A4 \uD56D\uBAA9\uC774 \uC544\uB2CC \uD56D\uBAA9 \uC720\uD615\uC744 \uCC38\uC870\uD569\uB2C8\uB2E4. -keyclone \uBA85\uB839\uC740 \uC804\uC6A9 \uD0A4 \uD56D\uBAA9\uC758 \uBCF5\uC81C\uB9CC \uC9C0\uC6D0\uD569\uB2C8\uB2E4."}, - - {".WARNING.WARNING.WARNING.", - "***************** WARNING WARNING WARNING *****************"}, - {"Signer.d.", "\uC11C\uBA85\uC790 #%d:"}, - {"Timestamp.", "\uC2DC\uAC04 \uAE30\uB85D:"}, - {"Signature.", "\uC11C\uBA85:"}, - {"CRLs.", "CRL:"}, - {"Certificate.owner.", "\uC778\uC99D\uC11C \uC18C\uC720\uC790: "}, - {"Not.a.signed.jar.file", "\uC11C\uBA85\uB41C jar \uD30C\uC77C\uC774 \uC544\uB2D9\uB2C8\uB2E4."}, - {"No.certificate.from.the.SSL.server", - "SSL \uC11C\uBC84\uC5D0\uC11C \uAC00\uC838\uC628 \uC778\uC99D\uC11C\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4."}, - - {".The.integrity.of.the.information.stored.in.your.keystore.", - "* \uD0A4 \uC800\uC7A5\uC18C\uC5D0 \uC800\uC7A5\uB41C \uC815\uBCF4\uC758 \uBB34\uACB0\uC131\uC774 *\n* \uD655\uC778\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4! \uBB34\uACB0\uC131\uC744 \uD655\uC778\uD558\uB824\uBA74, *\n* \uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638\uB97C \uC81C\uACF5\uD574\uC57C \uD569\uB2C8\uB2E4. *"}, - {".The.integrity.of.the.information.stored.in.the.srckeystore.", - "* srckeystore\uC5D0 \uC800\uC7A5\uB41C \uC815\uBCF4\uC758 \uBB34\uACB0\uC131\uC774 *\n* \uD655\uC778\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4! \uBB34\uACB0\uC131\uC744 \uD655\uC778\uD558\uB824\uBA74, *\n* srckeystore \uBE44\uBC00\uBC88\uD638\uB97C \uC81C\uACF5\uD574\uC57C \uD569\uB2C8\uB2E4. *"}, - - {"Certificate.reply.does.not.contain.public.key.for.alias.", - "\uC778\uC99D\uC11C \uD68C\uC2E0\uC5D0 <{0}>\uC5D0 \uB300\uD55C \uACF5\uC6A9 \uD0A4\uAC00 \uD3EC\uD568\uB418\uC5B4 \uC788\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4."}, - {"Incomplete.certificate.chain.in.reply", - "\uD68C\uC2E0\uC5D0 \uBD88\uC644\uC804\uD55C \uC778\uC99D\uC11C \uCCB4\uC778\uC774 \uC788\uC2B5\uB2C8\uB2E4."}, - {"Certificate.chain.in.reply.does.not.verify.", - "\uD68C\uC2E0\uC758 \uC778\uC99D\uC11C \uCCB4\uC778\uC774 \uD655\uC778\uB418\uC9C0 \uC54A\uC74C: "}, - {"Top.level.certificate.in.reply.", - "\uD68C\uC2E0\uC5D0 \uCD5C\uC0C1\uC704 \uB808\uBCA8 \uC778\uC99D\uC11C\uAC00 \uC788\uC74C:\n"}, - {".is.not.trusted.", "...\uC744(\uB97C) \uC2E0\uB8B0\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. "}, - {"Install.reply.anyway.no.", "\uD68C\uC2E0\uC744 \uC124\uCE58\uD558\uACA0\uC2B5\uB2C8\uAE4C? [\uC544\uB2C8\uC624]: "}, - {"NO", "\uC544\uB2C8\uC624"}, - {"Public.keys.in.reply.and.keystore.don.t.match", - "\uD68C\uC2E0\uACFC \uD0A4 \uC800\uC7A5\uC18C\uC758 \uACF5\uC6A9 \uD0A4\uAC00 \uC77C\uCE58\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4."}, - {"Certificate.reply.and.certificate.in.keystore.are.identical", - "\uD68C\uC2E0\uACFC \uD0A4 \uC800\uC7A5\uC18C\uC758 \uC778\uC99D\uC11C\uAC00 \uB3D9\uC77C\uD569\uB2C8\uB2E4."}, - {"Failed.to.establish.chain.from.reply", - "\uD68C\uC2E0\uC758 \uCCB4\uC778 \uC124\uC815\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4."}, - {"n", "n"}, - {"Wrong.answer.try.again", "\uC798\uBABB\uB41C \uC751\uB2F5\uC785\uB2C8\uB2E4. \uB2E4\uC2DC \uC2DC\uB3C4\uD558\uC2ED\uC2DC\uC624."}, - {"Secret.key.not.generated.alias.alias.already.exists", - "\uBCF4\uC548 \uD0A4\uAC00 \uC0DD\uC131\uB418\uC9C0 \uC54A\uC558\uC73C\uBA70 <{0}> \uBCC4\uCE6D\uC774 \uC874\uC7AC\uD569\uB2C8\uB2E4."}, - {"Please.provide.keysize.for.secret.key.generation", - "\uBCF4\uC548 \uD0A4\uB97C \uC0DD\uC131\uD558\uB824\uBA74 -keysize\uB97C \uC81C\uACF5\uD558\uC2ED\uC2DC\uC624."}, - - {"Extensions.", "\uD655\uC7A5: "}, - {".Empty.value.", "(\uBE44\uC5B4 \uC788\uB294 \uAC12)"}, - {"Extension.Request.", "\uD655\uC7A5 \uC694\uCCAD:"}, - {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", - "PKCS #10 \uC778\uC99D\uC11C \uC694\uCCAD(1.0 \uBC84\uC804)\n\uC81C\uBAA9: %s\n\uACF5\uC6A9 \uD0A4: %s \uD615\uC2DD %s \uD0A4\n"}, - {"Unknown.keyUsage.type.", "\uC54C \uC218 \uC5C6\uB294 keyUsage \uC720\uD615: "}, - {"Unknown.extendedkeyUsage.type.", "\uC54C \uC218 \uC5C6\uB294 extendedkeyUsage \uC720\uD615: "}, - {"Unknown.AccessDescription.type.", "\uC54C \uC218 \uC5C6\uB294 AccessDescription \uC720\uD615: "}, - {"Unrecognized.GeneralName.type.", "\uC54C \uC218 \uC5C6\uB294 GeneralName \uC720\uD615: "}, - {"This.extension.cannot.be.marked.as.critical.", - "\uC774 \uD655\uC7A5\uC740 \uC911\uC694\uD55C \uAC83\uC73C\uB85C \uD45C\uC2DC\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. "}, - {"Odd.number.of.hex.digits.found.", "\uD640\uC218 \uAC1C\uC758 16\uC9C4\uC218\uAC00 \uBC1C\uACAC\uB428: "}, - {"Unknown.extension.type.", "\uC54C \uC218 \uC5C6\uB294 \uD655\uC7A5 \uC720\uD615: "}, - {"command.{0}.is.ambiguous.", "{0} \uBA85\uB839\uC774 \uBAA8\uD638\uD568:"}, - - // policytool - {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", - "\uACBD\uACE0: {0} \uBCC4\uCE6D\uC5D0 \uB300\uD55C \uACF5\uC6A9 \uD0A4\uAC00 \uC874\uC7AC\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4. \uD0A4 \uC800\uC7A5\uC18C\uAC00 \uC81C\uB300\uB85C \uAD6C\uC131\uB418\uC5B4 \uC788\uB294\uC9C0 \uD655\uC778\uD558\uC2ED\uC2DC\uC624."}, - {"Warning.Class.not.found.class", "\uACBD\uACE0: \uD074\uB798\uC2A4\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC74C: {0}"}, - {"Warning.Invalid.argument.s.for.constructor.arg", - "\uACBD\uACE0: \uC0DD\uC131\uC790\uC5D0 \uB300\uD574 \uBD80\uC801\uD569\uD55C \uC778\uC218: {0}"}, - {"Illegal.Principal.Type.type", "\uC798\uBABB\uB41C \uC8FC\uCCB4 \uC720\uD615: {0}"}, - {"Illegal.option.option", "\uC798\uBABB\uB41C \uC635\uC158: {0}"}, - {"Usage.policytool.options.", "\uC0AC\uC6A9\uBC95: policytool [options]"}, - {".file.file.policy.file.location", - " [-file <file>] \uC815\uCC45 \uD30C\uC77C \uC704\uCE58"}, - {"New", "\uC0C8\uB85C \uB9CC\uB4E4\uAE30"}, - {"Open", "\uC5F4\uAE30"}, - {"Save", "\uC800\uC7A5"}, - {"Save.As", "\uB2E4\uB978 \uC774\uB984\uC73C\uB85C \uC800\uC7A5"}, - {"View.Warning.Log", "\uACBD\uACE0 \uB85C\uADF8 \uBCF4\uAE30"}, - {"Exit", "\uC885\uB8CC"}, - {"Add.Policy.Entry", "\uC815\uCC45 \uD56D\uBAA9 \uCD94\uAC00"}, - {"Edit.Policy.Entry", "\uC815\uCC45 \uD56D\uBAA9 \uD3B8\uC9D1"}, - {"Remove.Policy.Entry", "\uC815\uCC45 \uD56D\uBAA9 \uC81C\uAC70"}, - {"Edit", "\uD3B8\uC9D1"}, - {"Retain", "\uC720\uC9C0"}, - - {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", - "\uACBD\uACE0: \uD30C\uC77C \uC774\uB984\uC5D0 \uC774\uC2A4\uCF00\uC774\uD504\uB41C \uBC31\uC2AC\uB798\uC2DC \uBB38\uC790\uAC00 \uD3EC\uD568\uB418\uC5C8\uC744 \uC218 \uC788\uC2B5\uB2C8\uB2E4. \uBC31\uC2AC\uB798\uC2DC \uBB38\uC790\uB294 \uC774\uC2A4\uCF00\uC774\uD504\uD560 \uD544\uC694\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4. \uC601\uAD6C \uC800\uC7A5\uC18C\uC5D0 \uC815\uCC45 \uCF58\uD150\uCE20\uB97C \uC4F8 \uB54C \uD544\uC694\uC5D0 \uB530\uB77C \uC790\uB3D9\uC73C\uB85C \uBB38\uC790\uAC00 \uC774\uC2A4\uCF00\uC774\uD504\uB429\uB2C8\uB2E4.\n\n\uC785\uB825\uB41C \uC774\uB984\uC744 \uADF8\uB300\uB85C \uC720\uC9C0\uD558\uB824\uBA74 [\uC720\uC9C0]\uB97C \uB204\uB974\uACE0, \uC774\uB984\uC744 \uD3B8\uC9D1\uD558\uB824\uBA74 [\uD3B8\uC9D1]\uC744 \uB204\uB974\uC2ED\uC2DC\uC624."}, - - {"Add.Public.Key.Alias", "\uACF5\uC6A9 \uD0A4 \uBCC4\uCE6D \uCD94\uAC00"}, - {"Remove.Public.Key.Alias", "\uACF5\uC6A9 \uD0A4 \uBCC4\uCE6D \uC81C\uAC70"}, - {"File", "\uD30C\uC77C"}, - {"KeyStore", "\uD0A4 \uC800\uC7A5\uC18C"}, - {"Policy.File.", "\uC815\uCC45 \uD30C\uC77C:"}, - {"Could.not.open.policy.file.policyFile.e.toString.", - "\uC815\uCC45 \uD30C\uC77C\uC744 \uC5F4 \uC218 \uC5C6\uC74C: {0}: {1}"}, - {"Policy.Tool", "\uC815\uCC45 \uD234"}, - {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", - "\uC815\uCC45 \uAD6C\uC131\uC744 \uC5EC\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. \uC790\uC138\uD55C \uB0B4\uC6A9\uC740 \uACBD\uACE0 \uB85C\uADF8\uB97C \uD655\uC778\uD558\uC2ED\uC2DC\uC624."}, - {"Error", "\uC624\uB958"}, - {"OK", "\uD655\uC778"}, - {"Status", "\uC0C1\uD0DC"}, - {"Warning", "\uACBD\uACE0"}, - {"Permission.", - "\uAD8C\uD55C: "}, - {"Principal.Type.", "\uC8FC\uCCB4 \uC720\uD615:"}, - {"Principal.Name.", "\uC8FC\uCCB4 \uC774\uB984:"}, - {"Target.Name.", - "\uB300\uC0C1 \uC774\uB984: "}, - {"Actions.", - "\uC791\uC5C5: "}, - {"OK.to.overwrite.existing.file.filename.", - "\uAE30\uC874 \uD30C\uC77C {0}\uC744(\uB97C) \uACB9\uCCD0 \uC4F0\uACA0\uC2B5\uB2C8\uAE4C?"}, - {"Cancel", "\uCDE8\uC18C"}, - {"CodeBase.", "CodeBase:"}, - {"SignedBy.", "SignedBy:"}, - {"Add.Principal", "\uC8FC\uCCB4 \uCD94\uAC00"}, - {"Edit.Principal", "\uC8FC\uCCB4 \uD3B8\uC9D1"}, - {"Remove.Principal", "\uC8FC\uCCB4 \uC81C\uAC70"}, - {"Principals.", "\uC8FC\uCCB4:"}, - {".Add.Permission", " \uAD8C\uD55C \uCD94\uAC00"}, - {".Edit.Permission", " \uAD8C\uD55C \uD3B8\uC9D1"}, - {"Remove.Permission", "\uAD8C\uD55C \uC81C\uAC70"}, - {"Done", "\uC644\uB8CC"}, - {"KeyStore.URL.", "\uD0A4 \uC800\uC7A5\uC18C URL:"}, - {"KeyStore.Type.", "\uD0A4 \uC800\uC7A5\uC18C \uC720\uD615:"}, - {"KeyStore.Provider.", "\uD0A4 \uC800\uC7A5\uC18C \uC81C\uACF5\uC790:"}, - {"KeyStore.Password.URL.", "\uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638 URL:"}, - {"Principals", "\uC8FC\uCCB4"}, - {".Edit.Principal.", " \uC8FC\uCCB4 \uD3B8\uC9D1:"}, - {".Add.New.Principal.", " \uC0C8 \uC8FC\uCCB4 \uCD94\uAC00:"}, - {"Permissions", "\uAD8C\uD55C"}, - {".Edit.Permission.", " \uAD8C\uD55C \uD3B8\uC9D1:"}, - {".Add.New.Permission.", " \uC0C8 \uAD8C\uD55C \uCD94\uAC00:"}, - {"Signed.By.", "\uC11C\uBA85\uC790:"}, - {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", - "\uC640\uC77C\uB4DC \uCE74\uB4DC \uBB38\uC790 \uC774\uB984 \uC5C6\uC774 \uC640\uC77C\uB4DC \uCE74\uB4DC \uBB38\uC790 \uD074\uB798\uC2A4\uB97C \uC0AC\uC6A9\uD558\uB294 \uC8FC\uCCB4\uB97C \uC9C0\uC815\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."}, - {"Cannot.Specify.Principal.without.a.Name", - "\uC774\uB984 \uC5C6\uC774 \uC8FC\uCCB4\uB97C \uC9C0\uC815\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."}, - {"Permission.and.Target.Name.must.have.a.value", - "\uAD8C\uD55C\uACFC \uB300\uC0C1 \uC774\uB984\uC758 \uAC12\uC774 \uC788\uC5B4\uC57C \uD569\uB2C8\uB2E4."}, - {"Remove.this.Policy.Entry.", "\uC774 \uC815\uCC45 \uD56D\uBAA9\uC744 \uC81C\uAC70\uD558\uACA0\uC2B5\uB2C8\uAE4C?"}, - {"Overwrite.File", "\uD30C\uC77C \uACB9\uCCD0\uC4F0\uAE30"}, - {"Policy.successfully.written.to.filename", - "{0}\uC5D0 \uC131\uACF5\uC801\uC73C\uB85C \uC815\uCC45\uC744 \uC37C\uC2B5\uB2C8\uB2E4."}, - {"null.filename", "\uB110 \uD30C\uC77C \uC774\uB984"}, - {"Save.changes.", "\uBCC0\uACBD \uC0AC\uD56D\uC744 \uC800\uC7A5\uD558\uACA0\uC2B5\uB2C8\uAE4C?"}, - {"Yes", "\uC608"}, - {"No", "\uC544\uB2C8\uC624"}, - {"Policy.Entry", "\uC815\uCC45 \uD56D\uBAA9"}, - {"Save.Changes", "\uBCC0\uACBD \uC0AC\uD56D \uC800\uC7A5"}, - {"No.Policy.Entry.selected", "\uC120\uD0DD\uB41C \uC815\uCC45 \uD56D\uBAA9\uC774 \uC5C6\uC2B5\uB2C8\uB2E4."}, - {"Unable.to.open.KeyStore.ex.toString.", - "\uD0A4 \uC800\uC7A5\uC18C\uB97C \uC5F4 \uC218 \uC5C6\uC74C: {0}"}, - {"No.principal.selected", "\uC120\uD0DD\uB41C \uC8FC\uCCB4\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4."}, - {"No.permission.selected", "\uC120\uD0DD\uB41C \uAD8C\uD55C\uC774 \uC5C6\uC2B5\uB2C8\uB2E4."}, - {"name", "\uC774\uB984"}, - {"configuration.type", "\uAD6C\uC131 \uC720\uD615"}, - {"environment.variable.name", "\uD658\uACBD \uBCC0\uC218 \uC774\uB984"}, - {"library.name", "\uB77C\uC774\uBE0C\uB7EC\uB9AC \uC774\uB984"}, - {"package.name", "\uD328\uD0A4\uC9C0 \uC774\uB984"}, - {"policy.type", "\uC815\uCC45 \uC720\uD615"}, - {"property.name", "\uC18D\uC131 \uC774\uB984"}, - {"Principal.List", "\uC8FC\uCCB4 \uBAA9\uB85D"}, - {"Permission.List", "\uAD8C\uD55C \uBAA9\uB85D"}, - {"Code.Base", "\uCF54\uB4DC \uBCA0\uC774\uC2A4"}, - {"KeyStore.U.R.L.", "\uD0A4 \uC800\uC7A5\uC18C URL:"}, - {"KeyStore.Password.U.R.L.", "\uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638 URL:"}, - - // javax.security.auth.PrivateCredentialPermission {"invalid.null.input.s.", "\uB110 \uC785\uB825\uAC12\uC774 \uBD80\uC801\uD569\uD569\uB2C8\uB2E4."}, {"actions.can.only.be.read.", "\uC791\uC5C5\uC740 '\uC77D\uAE30' \uC804\uC6A9\uC785\uB2C8\uB2E4."}, @@ -551,6 +58,7 @@ {"provided.null.OID.map", "\uB110 OID \uB9F5\uC744 \uC81C\uACF5\uD588\uC2B5\uB2C8\uB2E4."}, // javax.security.auth.Subject + {"NEWLINE", "\n"}, {"invalid.null.AccessControlContext.provided", "\uBD80\uC801\uD569\uD55C \uB110 AccessControlContext\uAC00 \uC81C\uACF5\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, {"invalid.null.action.provided", "\uBD80\uC801\uD569\uD55C \uB110 \uC791\uC5C5\uC774 \uC81C\uACF5\uB418\uC5C8\uC2B5\uB2C8\uB2E4."}, @@ -654,6 +162,7 @@ * * @return the contents of this <code>ResourceBundle</code>. */ + @Override public Object[][] getContents() { return contents; }
--- a/src/share/classes/sun/security/util/Resources_pt_BR.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/Resources_pt_BR.java Sat Sep 10 22:36:17 2016 +0100 @@ -34,499 +34,6 @@ private static final Object[][] contents = { - // shared (from jarsigner) - {"SPACE", " "}, - {"2SPACE", " "}, - {"6SPACE", " "}, - {"COMMA", ", "}, - // shared (from keytool) - {"NEWLINE", "\n"}, - {"STAR", - "*******************************************"}, - {"STARNN", - "*******************************************\n\n"}, - - // keytool: Help part - {".OPTION.", " [OPTION]..."}, - {"Options.", "Op\u00E7\u00F5es:"}, - {"Use.keytool.help.for.all.available.commands", - "Use \"keytool -help\" para todos os comandos dispon\u00EDveis"}, - {"Key.and.Certificate.Management.Tool", - "Ferramenta de Gerenciamento de Chave e Certificado"}, - {"Commands.", "Comandos:"}, - {"Use.keytool.command.name.help.for.usage.of.command.name", - "Use \"keytool -command_name -help\" para uso de command_name"}, - // keytool: help: commands - {"Generates.a.certificate.request", - "Gera uma solicita\u00E7\u00E3o de certificado"}, //-certreq - {"Changes.an.entry.s.alias", - "Altera um alias de entrada"}, //-changealias - {"Deletes.an.entry", - "Exclui uma entrada"}, //-delete - {"Exports.certificate", - "Exporta o certificado"}, //-exportcert - {"Generates.a.key.pair", - "Gera um par de chaves"}, //-genkeypair - {"Generates.a.secret.key", - "Gera uma chave secreta"}, //-genseckey - {"Generates.certificate.from.a.certificate.request", - "Gera um certificado de uma solicita\u00E7\u00E3o de certificado"}, //-gencert - {"Generates.CRL", "Gera CRL"}, //-gencrl - {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", - "Importa entradas de um banco de dados de identidade JDK 1.1.x-style"}, //-identitydb - {"Imports.a.certificate.or.a.certificate.chain", - "Importa um certificado ou uma cadeia de certificados"}, //-importcert - {"Imports.one.or.all.entries.from.another.keystore", - "Importa uma ou todas as entradas de outra \u00E1rea de armazenamento de chaves"}, //-importkeystore - {"Clones.a.key.entry", - "Clona uma entrada de chave"}, //-keyclone - {"Changes.the.key.password.of.an.entry", - "Altera a senha da chave de uma entrada"}, //-keypasswd - {"Lists.entries.in.a.keystore", - "Lista entradas em uma \u00E1rea de armazenamento de chaves"}, //-list - {"Prints.the.content.of.a.certificate", - "Imprime o conte\u00FAdo de um certificado"}, //-printcert - {"Prints.the.content.of.a.certificate.request", - "Imprime o conte\u00FAdo de uma solicita\u00E7\u00E3o de certificado"}, //-printcertreq - {"Prints.the.content.of.a.CRL.file", - "Imprime o conte\u00FAdo de um arquivo CRL"}, //-printcrl - {"Generates.a.self.signed.certificate", - "Gera um certificado autoassinado"}, //-selfcert - {"Changes.the.store.password.of.a.keystore", - "Altera a senha de armazenamento de uma \u00E1rea de armazenamento de chaves"}, //-storepasswd - // keytool: help: options - {"alias.name.of.the.entry.to.process", - "nome do alias da entrada a ser processada"}, //-alias - {"destination.alias", - "alias de destino"}, //-destalias - {"destination.key.password", - "senha da chave de destino"}, //-destkeypass - {"destination.keystore.name", - "nome da \u00E1rea de armazenamento de chaves de destino"}, //-destkeystore - {"destination.keystore.password.protected", - "senha protegida da \u00E1rea de armazenamento de chaves de destino"}, //-destprotected - {"destination.keystore.provider.name", - "nome do fornecedor da \u00E1rea de armazenamento de chaves de destino"}, //-destprovidername - {"destination.keystore.password", - "senha da \u00E1rea de armazenamento de chaves de destino"}, //-deststorepass - {"destination.keystore.type", - "tipo de \u00E1rea de armazenamento de chaves de destino"}, //-deststoretype - {"distinguished.name", - "nome distinto"}, //-dname - {"X.509.extension", - "extens\u00E3o X.509"}, //-ext - {"output.file.name", - "nome do arquivo de sa\u00EDda"}, //-file and -outfile - {"input.file.name", - "nome do arquivo de entrada"}, //-file and -infile - {"key.algorithm.name", - "nome do algoritmo da chave"}, //-keyalg - {"key.password", - "senha da chave"}, //-keypass - {"key.bit.size", - "tamanho do bit da chave"}, //-keysize - {"keystore.name", - "nome da \u00E1rea de armazenamento de chaves"}, //-keystore - {"new.password", - "nova senha"}, //-new - {"do.not.prompt", - "n\u00E3o perguntar"}, //-noprompt - {"password.through.protected.mechanism", - "senha por meio de mecanismo protegido"}, //-protected - {"provider.argument", - "argumento do fornecedor"}, //-providerarg - {"provider.class.name", - "nome da classe do fornecedor"}, //-providerclass - {"provider.name", - "nome do fornecedor"}, //-providername - {"provider.classpath", - "classpath do fornecedor"}, //-providerpath - {"output.in.RFC.style", - "sa\u00EDda no estilo RFC"}, //-rfc - {"signature.algorithm.name", - "nome do algoritmo de assinatura"}, //-sigalg - {"source.alias", - "alias de origem"}, //-srcalias - {"source.key.password", - "senha da chave de origem"}, //-srckeypass - {"source.keystore.name", - "nome da \u00E1rea de armazenamento de chaves de origem"}, //-srckeystore - {"source.keystore.password.protected", - "senha protegida da \u00E1rea de armazenamento de chaves de origem"}, //-srcprotected - {"source.keystore.provider.name", - "nome do fornecedor da \u00E1rea de armazenamento de chaves de origem"}, //-srcprovidername - {"source.keystore.password", - "senha da \u00E1rea de armazenamento de chaves de origem"}, //-srcstorepass - {"source.keystore.type", - "tipo de \u00E1rea de armazenamento de chaves de origem"}, //-srcstoretype - {"SSL.server.host.and.port", - "porta e host do servidor SSL"}, //-sslserver - {"signed.jar.file", - "arquivo jar assinado"}, //=jarfile - {"certificate.validity.start.date.time", - "data/hora inicial de validade do certificado"}, //-startdate - {"keystore.password", - "senha da \u00E1rea de armazenamento de chaves"}, //-storepass - {"keystore.type", - "tipo de \u00E1rea de armazenamento de chaves"}, //-storetype - {"trust.certificates.from.cacerts", - "certificados confi\u00E1veis do cacerts"}, //-trustcacerts - {"verbose.output", - "sa\u00EDda detalhada"}, //-v - {"validity.number.of.days", - "n\u00FAmero de dias da validade"}, //-validity - {"Serial.ID.of.cert.to.revoke", - "ID de s\u00E9rie do certificado a ser revogado"}, //-id - // keytool: Running part - {"keytool.error.", "erro de keytool: "}, - {"Illegal.option.", "Op\u00E7\u00E3o inv\u00E1lida: "}, - {"Illegal.value.", "Valor inv\u00E1lido: "}, - {"Unknown.password.type.", "Tipo de senha desconhecido: "}, - {"Cannot.find.environment.variable.", - "N\u00E3o \u00E9 poss\u00EDvel localizar a vari\u00E1vel do ambiente: "}, - {"Cannot.find.file.", "N\u00E3o \u00E9 poss\u00EDvel localizar o arquivo: "}, - {"Command.option.flag.needs.an.argument.", "A op\u00E7\u00E3o de comando {0} precisa de um argumento."}, - {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", - "Advert\u00EAncia: Senhas de chave e de armazenamento diferentes n\u00E3o suportadas para KeyStores PKCS12. Ignorando valor {0} especificado pelo usu\u00E1rio."}, - {".keystore.must.be.NONE.if.storetype.is.{0}", - "-keystore deve ser NONE se -storetype for {0}"}, - {"Too.many.retries.program.terminated", - "Excesso de tentativas de repeti\u00E7\u00E3o; programa finalizado"}, - {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", - "comandos -storepasswd e -keypasswd n\u00E3o suportados se -storetype for {0}"}, - {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", - "comandos -keypasswd n\u00E3o suportados se -storetype for PKCS12"}, - {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", - "-keypass e -new n\u00E3o podem ser especificados se -storetype for {0}"}, - {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", - "se -protected for especificado, ent\u00E3o -storepass, -keypass e -new n\u00E3o dever\u00E3o ser especificados"}, - {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", - "se -srcprotected for especificado, ent\u00E3o -srcstorepass e -srckeypass n\u00E3o dever\u00E3o ser especificados"}, - {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", - "se a \u00E1rea de armazenamento de chaves n\u00E3o estiver protegida por senha, ent\u00E3o -storepass, -keypass e -new n\u00E3o dever\u00E3o ser especificados"}, - {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", - "se a \u00E1rea de armazenamento de chaves de origem n\u00E3o estiver protegida por senha, ent\u00E3o -srcstorepass e -srckeypass n\u00E3o dever\u00E3o ser especificados"}, - {"Illegal.startdate.value", "valor da data inicial inv\u00E1lido"}, - {"Validity.must.be.greater.than.zero", - "A validade deve ser maior do que zero"}, - {"provName.not.a.provider", "{0} n\u00E3o \u00E9 um fornecedor"}, - {"Usage.error.no.command.provided", "Erro de uso: nenhum comando fornecido"}, - {"Source.keystore.file.exists.but.is.empty.", "O arquivo da \u00E1rea de armazenamento de chaves de origem existe, mas est\u00E1 vazio: "}, - {"Please.specify.srckeystore", "Especifique -srckeystore"}, - {"Must.not.specify.both.v.and.rfc.with.list.command", - "N\u00E3o devem ser especificados -v e -rfc com o comando 'list'"}, - {"Key.password.must.be.at.least.6.characters", - "A senha da chave deve ter, no m\u00EDnimo, 6 caracteres"}, - {"New.password.must.be.at.least.6.characters", - "A nova senha deve ter, no m\u00EDnimo, 6 caracteres"}, - {"Keystore.file.exists.but.is.empty.", - "O arquivo da \u00E1rea de armazenamento de chaves existe, mas est\u00E1 vazio: "}, - {"Keystore.file.does.not.exist.", - "O arquivo da \u00E1rea de armazenamento de chaves n\u00E3o existe. "}, - {"Must.specify.destination.alias", "Deve ser especificado um alias de destino"}, - {"Must.specify.alias", "Deve ser especificado um alias"}, - {"Keystore.password.must.be.at.least.6.characters", - "A senha da \u00E1rea de armazenamento de chaves deve ter, no m\u00EDnimo, 6 caracteres"}, - {"Enter.keystore.password.", "Informe a senha da \u00E1rea de armazenamento de chaves: "}, - {"Enter.source.keystore.password.", "Informe a senha da \u00E1rea de armazenamento de chaves de origem: "}, - {"Enter.destination.keystore.password.", "Informe a senha da \u00E1rea de armazenamento de chaves de destino: "}, - {"Keystore.password.is.too.short.must.be.at.least.6.characters", - "A senha da \u00E1rea de armazenamento de chaves \u00E9 muito curta - ela deve ter, no m\u00EDnimo, 6 caracteres"}, - {"Unknown.Entry.Type", "Tipo de Entrada Desconhecido"}, - {"Too.many.failures.Alias.not.changed", "Excesso de falhas. Alias n\u00E3o alterado"}, - {"Entry.for.alias.alias.successfully.imported.", - "Entrada do alias {0} importada com \u00EAxito."}, - {"Entry.for.alias.alias.not.imported.", "Entrada do alias {0} n\u00E3o importada."}, - {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", - "Problema ao importar a entrada do alias {0}: {1}.\nEntrada do alias {0} n\u00E3o importada."}, - {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", - "Comando de importa\u00E7\u00E3o conclu\u00EDdo: {0} entradas importadas com \u00EAxito, {1} entradas falharam ou foram canceladas"}, - {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", - "Advert\u00EAncia: Substitui\u00E7\u00E3o do alias {0} existente na \u00E1rea de armazenamento de chaves de destino"}, - {"Existing.entry.alias.alias.exists.overwrite.no.", - "Entrada j\u00E1 existente no alias {0}, substituir? [n\u00E3o]: "}, - {"Too.many.failures.try.later", "Excesso de falhas - tente mais tarde"}, - {"Certification.request.stored.in.file.filename.", - "Solicita\u00E7\u00E3o de certificado armazenada no arquivo <{0}>"}, - {"Submit.this.to.your.CA", "Submeter \u00E0 CA"}, - {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", - "se o alias n\u00E3o estiver especificado, destalias, srckeypass e destkeypass n\u00E3o dever\u00E3o ser especificados"}, - {"Certificate.stored.in.file.filename.", - "Certificado armazenado no arquivo <{0}>"}, - {"Certificate.reply.was.installed.in.keystore", - "A resposta do certificado foi instalada na \u00E1rea de armazenamento de chaves"}, - {"Certificate.reply.was.not.installed.in.keystore", - "A resposta do certificado n\u00E3o foi instalada na \u00E1rea de armazenamento de chaves"}, - {"Certificate.was.added.to.keystore", - "O certificado foi adicionado \u00E0 \u00E1rea de armazenamento de chaves"}, - {"Certificate.was.not.added.to.keystore", - "O certificado n\u00E3o foi adicionado \u00E0 \u00E1rea de armazenamento de chaves"}, - {".Storing.ksfname.", "[Armazenando {0}]"}, - {"alias.has.no.public.key.certificate.", - "{0} n\u00E3o tem chave p\u00FAblica (certificado)"}, - {"Cannot.derive.signature.algorithm", - "N\u00E3o \u00E9 poss\u00EDvel obter um algoritmo de assinatura"}, - {"Alias.alias.does.not.exist", - "O alias <{0}> n\u00E3o existe"}, - {"Alias.alias.has.no.certificate", - "O alias <{0}> n\u00E3o tem certificado"}, - {"Key.pair.not.generated.alias.alias.already.exists", - "Par de chaves n\u00E3o gerado; o alias <{0}> j\u00E1 existe"}, - {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", - "Gerando o par de chaves {1} de {0} bit e o certificado autoassinado ({2}) com uma validade de {3} dias\n\tpara: {4}"}, - {"Enter.key.password.for.alias.", "Informar a senha da chave de <{0}>"}, - {".RETURN.if.same.as.keystore.password.", - "\t(RETURN se for igual \u00E0 senha da \u00E1rea do armazenamento de chaves): "}, - {"Key.password.is.too.short.must.be.at.least.6.characters", - "A senha da chave \u00E9 muito curta - deve ter, no m\u00EDnimo, 6 caracteres"}, - {"Too.many.failures.key.not.added.to.keystore", - "Excesso de falhas - chave n\u00E3o adicionada a \u00E1rea de armazenamento de chaves"}, - {"Destination.alias.dest.already.exists", - "O alias de destino <{0}> j\u00E1 existe"}, - {"Password.is.too.short.must.be.at.least.6.characters", - "A senha \u00E9 muito curta - deve ter, no m\u00EDnimo, 6 caracteres"}, - {"Too.many.failures.Key.entry.not.cloned", - "Excesso de falhas. Entrada da chave n\u00E3o clonada"}, - {"key.password.for.alias.", "senha da chave de <{0}>"}, - {"Keystore.entry.for.id.getName.already.exists", - "A entrada da \u00E1rea do armazenamento de chaves de <{0}> j\u00E1 existe"}, - {"Creating.keystore.entry.for.id.getName.", - "Criando entrada da \u00E1rea do armazenamento de chaves para <{0}> ..."}, - {"No.entries.from.identity.database.added", - "Nenhuma entrada adicionada do banco de dados de identidades"}, - {"Alias.name.alias", "Nome do alias: {0}"}, - {"Creation.date.keyStore.getCreationDate.alias.", - "Data de cria\u00E7\u00E3o: {0,date}"}, - {"alias.keyStore.getCreationDate.alias.", - "{0}, {1,date}, "}, - {"alias.", "{0}, "}, - {"Entry.type.type.", "Tipo de entrada: {0}"}, - {"Certificate.chain.length.", "Comprimento da cadeia de certificados: "}, - {"Certificate.i.1.", "Certificado[{0,number,integer}]:"}, - {"Certificate.fingerprint.SHA1.", "Fingerprint (SHA1) do certificado: "}, - {"Keystore.type.", "Tipo de \u00E1rea de armazenamento de chaves: "}, - {"Keystore.provider.", "Fornecedor da \u00E1rea de armazenamento de chaves: "}, - {"Your.keystore.contains.keyStore.size.entry", - "Sua \u00E1rea de armazenamento de chaves cont\u00E9m {0,number,integer} entrada"}, - {"Your.keystore.contains.keyStore.size.entries", - "Sua \u00E1rea de armazenamento de chaves cont\u00E9m {0,number,integer} entradas"}, - {"Failed.to.parse.input", "Falha durante o parsing da entrada"}, - {"Empty.input", "Entrada vazia"}, - {"Not.X.509.certificate", "N\u00E3o \u00E9 um certificado X.509"}, - {"alias.has.no.public.key", "{0} n\u00E3o tem chave p\u00FAblica"}, - {"alias.has.no.X.509.certificate", "{0} n\u00E3o tem certificado X.509"}, - {"New.certificate.self.signed.", "Novo certificado (autoassinado):"}, - {"Reply.has.no.certificates", "A resposta n\u00E3o tem certificado"}, - {"Certificate.not.imported.alias.alias.already.exists", - "Certificado n\u00E3o importado, o alias <{0}> j\u00E1 existe"}, - {"Input.not.an.X.509.certificate", "A entrada n\u00E3o \u00E9 um certificado X.509"}, - {"Certificate.already.exists.in.keystore.under.alias.trustalias.", - "O certificado j\u00E1 existe no armazenamento de chaves no alias <{0}>"}, - {"Do.you.still.want.to.add.it.no.", - "Ainda deseja adicion\u00E1-lo? [n\u00E3o]: "}, - {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", - "O certificado j\u00E1 existe na \u00E1rea de armazenamento de chaves da CA em todo o sistema no alias <{0}>"}, - {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", - "Ainda deseja adicion\u00E1-lo \u00E0 sua \u00E1rea de armazenamento de chaves? [n\u00E3o]: "}, - {"Trust.this.certificate.no.", "Confiar neste certificado? [n\u00E3o]: "}, - {"YES", "SIM"}, - {"New.prompt.", "Nova {0}: "}, - {"Passwords.must.differ", "As senhas devem ser diferentes"}, - {"Re.enter.new.prompt.", "Informe novamente a nova {0}: "}, - {"Re.enter.new.password.", "Informe novamente a nova senha: "}, - {"They.don.t.match.Try.again", "Elas n\u00E3o correspondem. Tente novamente"}, - {"Enter.prompt.alias.name.", "Informe o nome do alias {0}: "}, - {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", - "Informe o novo nome do alias\t(RETURN para cancelar a importa\u00E7\u00E3o desta entrada): "}, - {"Enter.alias.name.", "Informe o nome do alias: "}, - {".RETURN.if.same.as.for.otherAlias.", - "\t(RETURN se for igual ao de <{0}>)"}, - {".PATTERN.printX509Cert", - "Propriet\u00E1rio: {0}\nEmissor: {1}\nN\u00FAmero de s\u00E9rie: {2}\nV\u00E1lido de: {3} a: {4}\nFingerprints do certificado:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t Nome do algoritmo de assinatura: {8}\n\t Vers\u00E3o: {9}"}, - {"What.is.your.first.and.last.name.", - "Qual \u00E9 o seu nome e o seu sobrenome?"}, - {"What.is.the.name.of.your.organizational.unit.", - "Qual \u00E9 o nome da sua unidade organizacional?"}, - {"What.is.the.name.of.your.organization.", - "Qual \u00E9 o nome da sua empresa?"}, - {"What.is.the.name.of.your.City.or.Locality.", - "Qual \u00E9 o nome da sua Cidade ou Localidade?"}, - {"What.is.the.name.of.your.State.or.Province.", - "Qual \u00E9 o nome do seu Estado ou Munic\u00EDpio?"}, - {"What.is.the.two.letter.country.code.for.this.unit.", - "Quais s\u00E3o as duas letras do c\u00F3digo do pa\u00EDs desta unidade?"}, - {"Is.name.correct.", "{0} Est\u00E1 correto?"}, - {"no", "n\u00E3o"}, - {"yes", "sim"}, - {"y", "s"}, - {".defaultValue.", " [{0}]: "}, - {"Alias.alias.has.no.key", - "O alias <{0}> n\u00E3o tem chave"}, - {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", - "O alias <{0}> faz refer\u00EAncia a um tipo de entrada que n\u00E3o \u00E9 uma entrada de chave privada. O comando -keyclone oferece suporte somente \u00E0 clonagem de entradas de chave privada"}, - - {".WARNING.WARNING.WARNING.", - "***************** WARNING WARNING WARNING *****************"}, - {"Signer.d.", "Signat\u00E1rio #%d:"}, - {"Timestamp.", "Timestamp:"}, - {"Signature.", "Assinatura:"}, - {"CRLs.", "CRLs:"}, - {"Certificate.owner.", "Propriet\u00E1rio do certificado: "}, - {"Not.a.signed.jar.file", "N\u00E3o \u00E9 um arquivo jar assinado"}, - {"No.certificate.from.the.SSL.server", - "N\u00E3o \u00E9 um certificado do servidor SSL"}, - - {".The.integrity.of.the.information.stored.in.your.keystore.", - "* A integridade das informa\u00E7\u00F5es armazenadas na sua \u00E1rea de armazenamento de chaves *\n* N\u00C3O foi verificada! Para que seja poss\u00EDvel verificar sua integridade, *\n* voc\u00EA deve fornecer a senha da \u00E1rea de armazenamento de chaves. *"}, - {".The.integrity.of.the.information.stored.in.the.srckeystore.", - "* A integridade das informa\u00E7\u00F5es armazenadas no srckeystore *\n* N\u00C3O foi verificada! Para que seja poss\u00EDvel verificar sua integridade, *\n* voc\u00EA deve fornecer a senha do srckeystore. *"}, - - {"Certificate.reply.does.not.contain.public.key.for.alias.", - "A resposta do certificado n\u00E3o cont\u00E9m a chave p\u00FAblica de <{0}>"}, - {"Incomplete.certificate.chain.in.reply", - "Cadeia de certificados incompleta na resposta"}, - {"Certificate.chain.in.reply.does.not.verify.", - "A cadeia de certificados da resposta n\u00E3o verifica: "}, - {"Top.level.certificate.in.reply.", - "Certificado de n\u00EDvel superior na resposta:\n"}, - {".is.not.trusted.", "... n\u00E3o \u00E9 confi\u00E1vel. "}, - {"Install.reply.anyway.no.", "Instalar resposta assim mesmo? [n\u00E3o]: "}, - {"NO", "N\u00C3O"}, - {"Public.keys.in.reply.and.keystore.don.t.match", - "As chaves p\u00FAblicas da resposta e da \u00E1rea de armazenamento de chaves n\u00E3o correspondem"}, - {"Certificate.reply.and.certificate.in.keystore.are.identical", - "O certificado da resposta e o certificado da \u00E1rea de armazenamento de chaves s\u00E3o id\u00EAnticos"}, - {"Failed.to.establish.chain.from.reply", - "Falha ao estabelecer a cadeia a partir da resposta"}, - {"n", "n"}, - {"Wrong.answer.try.again", "Resposta errada; tente novamente"}, - {"Secret.key.not.generated.alias.alias.already.exists", - "Chave secreta n\u00E3o gerada; o alias <{0}> j\u00E1 existe"}, - {"Please.provide.keysize.for.secret.key.generation", - "Forne\u00E7a o -keysize para a gera\u00E7\u00E3o da chave secreta"}, - - {"Extensions.", "Extens\u00F5es: "}, - {".Empty.value.", "(Valor vazio)"}, - {"Extension.Request.", "Solicita\u00E7\u00E3o de Extens\u00E3o:"}, - {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", - "Solicita\u00E7\u00E3o do Certificado PKCS #10 (Vers\u00E3o 1.0)\nAssunto: %s\nChave P\u00FAblica: %s formato %s chave\n"}, - {"Unknown.keyUsage.type.", "Tipo de keyUsage desconhecido: "}, - {"Unknown.extendedkeyUsage.type.", "Tipo de extendedkeyUsage desconhecido: "}, - {"Unknown.AccessDescription.type.", "Tipo de AccessDescription desconhecido: "}, - {"Unrecognized.GeneralName.type.", "Tipo de GeneralName n\u00E3o reconhecido: "}, - {"This.extension.cannot.be.marked.as.critical.", - "Esta extens\u00E3o n\u00E3o pode ser marcada como cr\u00EDtica. "}, - {"Odd.number.of.hex.digits.found.", "Encontrado n\u00FAmero \u00EDmpar de seis d\u00EDgitos: "}, - {"Unknown.extension.type.", "Tipo de extens\u00E3o desconhecido: "}, - {"command.{0}.is.ambiguous.", "o comando {0} \u00E9 amb\u00EDguo:"}, - - // policytool - {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", - "Advert\u00EAncia: N\u00E3o existe uma chave p\u00FAblica para o alias {0}. Certifique-se de que um KeyStore esteja configurado adequadamente."}, - {"Warning.Class.not.found.class", "Advert\u00EAncia: Classe n\u00E3o encontrada: {0}"}, - {"Warning.Invalid.argument.s.for.constructor.arg", - "Advert\u00EAncia: Argumento(s) inv\u00E1lido(s) para o construtor: {0}"}, - {"Illegal.Principal.Type.type", "Tipo Principal Inv\u00E1lido: {0}"}, - {"Illegal.option.option", "Op\u00E7\u00E3o inv\u00E1lida: {0}"}, - {"Usage.policytool.options.", "Uso: policytool [op\u00E7\u00F5es]"}, - {".file.file.policy.file.location", - " [-file <arquivo>] localiza\u00E7\u00E3o do arquivo de pol\u00EDtica"}, - {"New", "Novo"}, - {"Open", "Abrir"}, - {"Save", "Salvar"}, - {"Save.As", "Salvar Como"}, - {"View.Warning.Log", "Exibir Log de Advert\u00EAncias"}, - {"Exit", "Sair"}, - {"Add.Policy.Entry", "Adicionar Entrada de Pol\u00EDtica"}, - {"Edit.Policy.Entry", "Editar Entrada de Pol\u00EDtica"}, - {"Remove.Policy.Entry", "Remover Entrada de Pol\u00EDtica"}, - {"Edit", "Editar"}, - {"Retain", "Reter"}, - - {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", - "Advert\u00EAncia: O nome do arquivo pode conter caracteres de escape barra invertida. N\u00E3o \u00E9 necess\u00E1rio fazer o escape dos caracteres de barra invertida (a ferramenta faz o escape dos caracteres conforme necess\u00E1rio ao gravar o conte\u00FAdo da pol\u00EDtica no armazenamento persistente).\n\nClique em Reter para reter o nome da entrada ou clique em Editar para edit\u00E1-lo."}, - - {"Add.Public.Key.Alias", "Adicionar Alias de Chave P\u00FAblica"}, - {"Remove.Public.Key.Alias", "Remover Alias de Chave P\u00FAblica"}, - {"File", "Arquivo"}, - {"KeyStore", "KeyStore"}, - {"Policy.File.", "Arquivo de Pol\u00EDtica:"}, - {"Could.not.open.policy.file.policyFile.e.toString.", - "N\u00E3o foi poss\u00EDvel abrir o arquivo de pol\u00EDtica: {0}: {1}"}, - {"Policy.Tool", "Ferramenta de Pol\u00EDtica"}, - {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", - "Erros durante a abertura da configura\u00E7\u00E3o da pol\u00EDtica. Consulte o Log de Advert\u00EAncias para obter mais informa\u00E7\u00F5es."}, - {"Error", "Erro"}, - {"OK", "OK"}, - {"Status", "Status"}, - {"Warning", "Advert\u00EAncia"}, - {"Permission.", - "Permiss\u00E3o: "}, - {"Principal.Type.", "Tipo do Principal:"}, - {"Principal.Name.", "Nome do Principal:"}, - {"Target.Name.", - "Nome do Alvo: "}, - {"Actions.", - "A\u00E7\u00F5es: "}, - {"OK.to.overwrite.existing.file.filename.", - "Est\u00E1 correto substituir o arquivo existente {0}?"}, - {"Cancel", "Cancelar"}, - {"CodeBase.", "CodeBase:"}, - {"SignedBy.", "SignedBy:"}, - {"Add.Principal", "Adicionar Principal"}, - {"Edit.Principal", "Editar Principal"}, - {"Remove.Principal", "Remover Principal"}, - {"Principals.", "Principais:"}, - {".Add.Permission", " Adicionar Permiss\u00E3o"}, - {".Edit.Permission", " Editar Permiss\u00E3o"}, - {"Remove.Permission", "Remover Permiss\u00E3o"}, - {"Done", "Conclu\u00EDdo"}, - {"KeyStore.URL.", "URL do KeyStore:"}, - {"KeyStore.Type.", "Tipo de KeyStore:"}, - {"KeyStore.Provider.", "Fornecedor de KeyStore:"}, - {"KeyStore.Password.URL.", "URL da Senha do KeyStore:"}, - {"Principals", "Principais"}, - {".Edit.Principal.", " Editar Principal:"}, - {".Add.New.Principal.", " Adicionar Novo Principal:"}, - {"Permissions", "Permiss\u00F5es"}, - {".Edit.Permission.", " Editar Permiss\u00E3o:"}, - {".Add.New.Permission.", " Adicionar Nova Permiss\u00E3o:"}, - {"Signed.By.", "Assinado por:"}, - {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", - "N\u00E3o \u00E9 Poss\u00EDvel Especificar um Principal com uma Classe de Curinga sem um Nome de Curinga"}, - {"Cannot.Specify.Principal.without.a.Name", - "N\u00E3o \u00E9 Poss\u00EDvel Especificar um Principal sem um Nome"}, - {"Permission.and.Target.Name.must.have.a.value", - "O Nome de Destino e a Permiss\u00E3o devem ter um Valor"}, - {"Remove.this.Policy.Entry.", "Remover esta Entrada de Pol\u00EDtica?"}, - {"Overwrite.File", "Substituir Arquivo"}, - {"Policy.successfully.written.to.filename", - "Pol\u00EDtica gravada com \u00EAxito em {0}"}, - {"null.filename", "nome de arquivo nulo"}, - {"Save.changes.", "Salvar altera\u00E7\u00F5es?"}, - {"Yes", "Sim"}, - {"No", "N\u00E3o"}, - {"Policy.Entry", "Entrada de Pol\u00EDtica"}, - {"Save.Changes", "Salvar Altera\u00E7\u00F5es"}, - {"No.Policy.Entry.selected", "Nenhuma Entrada de Pol\u00EDtica Selecionada"}, - {"Unable.to.open.KeyStore.ex.toString.", - "N\u00E3o \u00E9 poss\u00EDvel abrir a KeyStore: {0}"}, - {"No.principal.selected", "Nenhum principal selecionado"}, - {"No.permission.selected", "Nenhuma permiss\u00E3o selecionada"}, - {"name", "nome"}, - {"configuration.type", "tipo de configura\u00E7\u00E3o"}, - {"environment.variable.name", "nome da vari\u00E1vel de ambiente"}, - {"library.name", "nome da biblioteca"}, - {"package.name", "nome do pacote"}, - {"policy.type", "tipo de pol\u00EDtica"}, - {"property.name", "nome da propriedade"}, - {"Principal.List", "Lista de Principais"}, - {"Permission.List", "Lista de Permiss\u00F5es"}, - {"Code.Base", "Base de C\u00F3digo"}, - {"KeyStore.U.R.L.", "U R L da KeyStore:"}, - {"KeyStore.Password.U.R.L.", "U R L da Senha do KeyStore:"}, - - // javax.security.auth.PrivateCredentialPermission {"invalid.null.input.s.", "entrada(s) nula(s) inv\u00E1lida(s)"}, {"actions.can.only.be.read.", "as a\u00E7\u00F5es s\u00F3 podem ser 'lidas'"}, @@ -551,6 +58,7 @@ {"provided.null.OID.map", "mapa OID nulo fornecido"}, // javax.security.auth.Subject + {"NEWLINE", "\n"}, {"invalid.null.AccessControlContext.provided", "AccessControlContext nulo inv\u00E1lido fornecido"}, {"invalid.null.action.provided", "a\u00E7\u00E3o nula inv\u00E1lida fornecida"}, @@ -654,6 +162,7 @@ * * @return the contents of this <code>ResourceBundle</code>. */ + @Override public Object[][] getContents() { return contents; }
--- a/src/share/classes/sun/security/util/Resources_sv.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/Resources_sv.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,499 +34,6 @@ private static final Object[][] contents = { - // shared (from jarsigner) - {"SPACE", " "}, - {"2SPACE", " "}, - {"6SPACE", " "}, - {"COMMA", ", "}, - // shared (from keytool) - {"NEWLINE", "\n"}, - {"STAR", - "*******************************************"}, - {"STARNN", - "*******************************************\n\n"}, - - // keytool: Help part - {".OPTION.", " [OPTION]..."}, - {"Options.", "Alternativ:"}, - {"Use.keytool.help.for.all.available.commands", - "L\u00E4s \"Hj\u00E4lp - Nyckelverktyg\" f\u00F6r alla tillg\u00E4ngliga kommandon"}, - {"Key.and.Certificate.Management.Tool", - "Hanteringsverktyg f\u00F6r nycklar och certifikat"}, - {"Commands.", "Kommandon:"}, - {"Use.keytool.command.name.help.for.usage.of.command.name", - "L\u00E4s \"Hj\u00E4lp - Nyckelverktyg - command_name\" om anv\u00E4ndning av command_name"}, - // keytool: help: commands - {"Generates.a.certificate.request", - "Genererar certifikatbeg\u00E4ran"}, //-certreq - {"Changes.an.entry.s.alias", - "\u00C4ndrar postalias"}, //-changealias - {"Deletes.an.entry", - "Tar bort post"}, //-delete - {"Exports.certificate", - "Exporterar certifikat"}, //-exportcert - {"Generates.a.key.pair", - "Genererar nyckelpar"}, //-genkeypair - {"Generates.a.secret.key", - "Genererar hemlig nyckel"}, //-genseckey - {"Generates.certificate.from.a.certificate.request", - "Genererar certifikat fr\u00E5n certifikatbeg\u00E4ran"}, //-gencert - {"Generates.CRL", "Genererar CRL"}, //-gencrl - {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", - "Importerar poster fr\u00E5n identitetsdatabas i JDK 1.1.x-format"}, //-identitydb - {"Imports.a.certificate.or.a.certificate.chain", - "Importerar ett certifikat eller en certifikatkedja"}, //-importcert - {"Imports.one.or.all.entries.from.another.keystore", - "Importerar en eller alla poster fr\u00E5n annat nyckellager"}, //-importkeystore - {"Clones.a.key.entry", - "Klonar en nyckelpost"}, //-keyclone - {"Changes.the.key.password.of.an.entry", - "\u00C4ndrar nyckell\u00F6senordet f\u00F6r en post"}, //-keypasswd - {"Lists.entries.in.a.keystore", - "Visar lista \u00F6ver poster i nyckellager"}, //-list - {"Prints.the.content.of.a.certificate", - "Skriver ut inneh\u00E5llet i ett certifikat"}, //-printcert - {"Prints.the.content.of.a.certificate.request", - "Skriver ut inneh\u00E5llet i en certifikatbeg\u00E4ran"}, //-printcertreq - {"Prints.the.content.of.a.CRL.file", - "Skriver ut inneh\u00E5llet i en CRL-fil"}, //-printcrl - {"Generates.a.self.signed.certificate", - "Genererar ett sj\u00E4lvsignerat certifikat"}, //-selfcert - {"Changes.the.store.password.of.a.keystore", - "\u00C4ndrar lagerl\u00F6senordet f\u00F6r ett nyckellager"}, //-storepasswd - // keytool: help: options - {"alias.name.of.the.entry.to.process", - "aliasnamn f\u00F6r post som ska bearbetas"}, //-alias - {"destination.alias", - "destinationsalias"}, //-destalias - {"destination.key.password", - "l\u00F6senord f\u00F6r destinationsnyckel"}, //-destkeypass - {"destination.keystore.name", - "namn p\u00E5 destinationsnyckellager"}, //-destkeystore - {"destination.keystore.password.protected", - "skyddat l\u00F6senord f\u00F6r destinationsnyckellager"}, //-destprotected - {"destination.keystore.provider.name", - "leverant\u00F6rsnamn f\u00F6r destinationsnyckellager"}, //-destprovidername - {"destination.keystore.password", - "l\u00F6senord f\u00F6r destinationsnyckellager"}, //-deststorepass - {"destination.keystore.type", - "typ av destinationsnyckellager"}, //-deststoretype - {"distinguished.name", - "unikt namn"}, //-dname - {"X.509.extension", - "X.509-till\u00E4gg"}, //-ext - {"output.file.name", - "namn p\u00E5 utdatafil"}, //-file and -outfile - {"input.file.name", - "namn p\u00E5 indatafil"}, //-file and -infile - {"key.algorithm.name", - "namn p\u00E5 nyckelalgoritm"}, //-keyalg - {"key.password", - "nyckell\u00F6senord"}, //-keypass - {"key.bit.size", - "nyckelbitstorlek"}, //-keysize - {"keystore.name", - "namn p\u00E5 nyckellager"}, //-keystore - {"new.password", - "nytt l\u00F6senord"}, //-new - {"do.not.prompt", - "fr\u00E5ga inte"}, //-noprompt - {"password.through.protected.mechanism", - "l\u00F6senord med skyddad mekanism"}, //-protected - {"provider.argument", - "leverant\u00F6rsargument"}, //-providerarg - {"provider.class.name", - "namn p\u00E5 leverant\u00F6rsklass"}, //-providerclass - {"provider.name", - "leverant\u00F6rsnamn"}, //-providername - {"provider.classpath", - "leverant\u00F6rsklass\u00F6kv\u00E4g"}, //-providerpath - {"output.in.RFC.style", - "utdata i RFC-format"}, //-rfc - {"signature.algorithm.name", - "namn p\u00E5 signaturalgoritm"}, //-sigalg - {"source.alias", - "k\u00E4llalias"}, //-srcalias - {"source.key.password", - "l\u00F6senord f\u00F6r k\u00E4llnyckel"}, //-srckeypass - {"source.keystore.name", - "namn p\u00E5 k\u00E4llnyckellager"}, //-srckeystore - {"source.keystore.password.protected", - "skyddat l\u00F6senord f\u00F6r k\u00E4llnyckellager"}, //-srcprotected - {"source.keystore.provider.name", - "leverant\u00F6rsnamn f\u00F6r k\u00E4llnyckellager"}, //-srcprovidername - {"source.keystore.password", - "l\u00F6senord f\u00F6r k\u00E4llnyckellager"}, //-srcstorepass - {"source.keystore.type", - "typ av k\u00E4llnyckellager"}, //-srcstoretype - {"SSL.server.host.and.port", - "SSL-serverv\u00E4rd och -port"}, //-sslserver - {"signed.jar.file", - "signerad jar-fil"}, //=jarfile - {"certificate.validity.start.date.time", - "startdatum/-tid f\u00F6r certifikatets giltighet"}, //-startdate - {"keystore.password", - "l\u00F6senord f\u00F6r nyckellager"}, //-storepass - {"keystore.type", - "nyckellagertyp"}, //-storetype - {"trust.certificates.from.cacerts", - "tillf\u00F6rlitliga certifikat fr\u00E5n cacerts"}, //-trustcacerts - {"verbose.output", - "utf\u00F6rliga utdata"}, //-v - {"validity.number.of.days", - "antal dagar f\u00F6r giltighet"}, //-validity - {"Serial.ID.of.cert.to.revoke", - "Seriellt ID f\u00F6r certifikat som ska \u00E5terkallas"}, //-id - // keytool: Running part - {"keytool.error.", "nyckelverktygsfel: "}, - {"Illegal.option.", "Otill\u00E5tet alternativ: "}, - {"Illegal.value.", "Otill\u00E5tet v\u00E4rde: "}, - {"Unknown.password.type.", "Ok\u00E4nd l\u00F6senordstyp: "}, - {"Cannot.find.environment.variable.", - "Hittar inte milj\u00F6variabel: "}, - {"Cannot.find.file.", "Hittar inte fil: "}, - {"Command.option.flag.needs.an.argument.", "Kommandoalternativet {0} beh\u00F6ver ett argument."}, - {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", - "Varning! PKCS12-nyckellager har inte st\u00F6d f\u00F6r olika l\u00F6senord f\u00F6r lagret och nyckeln. Det anv\u00E4ndarspecificerade {0}-v\u00E4rdet ignoreras."}, - {".keystore.must.be.NONE.if.storetype.is.{0}", - "-keystore m\u00E5ste vara NONE om -storetype \u00E4r {0}"}, - {"Too.many.retries.program.terminated", - "F\u00F6r m\u00E5nga f\u00F6rs\u00F6k. Programmet avslutas"}, - {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", - "-storepasswd- och -keypasswd-kommandon st\u00F6ds inte om -storetype \u00E4r {0}"}, - {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", - "-keypasswd-kommandon st\u00F6ds inte om -storetype \u00E4r PKCS12"}, - {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", - "-keypass och -new kan inte anges om -storetype \u00E4r {0}"}, - {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", - "om -protected har angetts f\u00E5r inte -storepass, -keypass och -new anges"}, - {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", - "om -srcprotected anges f\u00E5r -srcstorepass och -srckeypass inte anges"}, - {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", - "om nyckellagret inte \u00E4r l\u00F6senordsskyddat f\u00E5r -storepass, -keypass och -new inte anges"}, - {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", - "om k\u00E4llnyckellagret inte \u00E4r l\u00F6senordsskyddat f\u00E5r -srcstorepass och -srckeypass inte anges"}, - {"Illegal.startdate.value", "Otill\u00E5tet v\u00E4rde f\u00F6r startdatum"}, - {"Validity.must.be.greater.than.zero", - "Giltigheten m\u00E5ste vara st\u00F6rre \u00E4n noll"}, - {"provName.not.a.provider", "{0} \u00E4r inte en leverant\u00F6r"}, - {"Usage.error.no.command.provided", "Syntaxfel: inget kommando angivet"}, - {"Source.keystore.file.exists.but.is.empty.", "Nyckellagrets k\u00E4llfil finns, men \u00E4r tom: "}, - {"Please.specify.srckeystore", "Ange -srckeystore"}, - {"Must.not.specify.both.v.and.rfc.with.list.command", - "Kan inte specificera b\u00E5de -v och -rfc med 'list'-kommandot"}, - {"Key.password.must.be.at.least.6.characters", - "Nyckell\u00F6senordet m\u00E5ste inneh\u00E5lla minst 6 tecken"}, - {"New.password.must.be.at.least.6.characters", - "Det nya l\u00F6senordet m\u00E5ste inneh\u00E5lla minst 6 tecken"}, - {"Keystore.file.exists.but.is.empty.", - "Nyckellagerfilen finns, men \u00E4r tom: "}, - {"Keystore.file.does.not.exist.", - "Nyckellagerfilen finns inte: "}, - {"Must.specify.destination.alias", "Du m\u00E5ste ange destinationsalias"}, - {"Must.specify.alias", "Du m\u00E5ste ange alias"}, - {"Keystore.password.must.be.at.least.6.characters", - "Nyckellagerl\u00F6senordet m\u00E5ste inneh\u00E5lla minst 6 tecken"}, - {"Enter.keystore.password.", "Ange nyckellagerl\u00F6senord: "}, - {"Enter.source.keystore.password.", "Ange l\u00F6senord f\u00F6r k\u00E4llnyckellagret: "}, - {"Enter.destination.keystore.password.", "Ange nyckellagerl\u00F6senord f\u00F6r destination: "}, - {"Keystore.password.is.too.short.must.be.at.least.6.characters", - "Nyckellagerl\u00F6senordet \u00E4r f\u00F6r kort - det m\u00E5ste inneh\u00E5lla minst 6 tecken"}, - {"Unknown.Entry.Type", "Ok\u00E4nd posttyp"}, - {"Too.many.failures.Alias.not.changed", "F\u00F6r m\u00E5nga fel. Alias har inte \u00E4ndrats"}, - {"Entry.for.alias.alias.successfully.imported.", - "Posten f\u00F6r alias {0} har importerats."}, - {"Entry.for.alias.alias.not.imported.", "Posten f\u00F6r alias {0} har inte importerats."}, - {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", - "Ett problem uppstod vid importen av posten f\u00F6r alias {0}: {1}.\nPosten {0} har inte importerats."}, - {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", - "Kommandoimporten slutf\u00F6rd: {0} poster har importerats, {1} poster var felaktiga eller annullerades"}, - {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", - "Varning! Det befintliga aliaset {0} i destinationsnyckellagret skrivs \u00F6ver"}, - {"Existing.entry.alias.alias.exists.overwrite.no.", - "Aliaset {0} finns redan. Vill du skriva \u00F6ver det? [nej]: "}, - {"Too.many.failures.try.later", "F\u00F6r m\u00E5nga fel - f\u00F6rs\u00F6k igen senare"}, - {"Certification.request.stored.in.file.filename.", - "Certifikatbeg\u00E4ran har lagrats i filen <{0}>"}, - {"Submit.this.to.your.CA", "Skicka detta till certifikatutf\u00E4rdaren"}, - {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", - "om n\u00E5got alias inte anges f\u00E5r destalias, srckeypass och destkeypass inte anges"}, - {"Certificate.stored.in.file.filename.", - "Certifikatet har lagrats i filen <{0}>"}, - {"Certificate.reply.was.installed.in.keystore", - "Certifikatsvaret har installerats i nyckellagret"}, - {"Certificate.reply.was.not.installed.in.keystore", - "Certifikatsvaret har inte installerats i nyckellagret"}, - {"Certificate.was.added.to.keystore", - "Certifikatet har lagts till i nyckellagret"}, - {"Certificate.was.not.added.to.keystore", - "Certifikatet har inte lagts till i nyckellagret"}, - {".Storing.ksfname.", "[Lagrar {0}]"}, - {"alias.has.no.public.key.certificate.", - "{0} saknar offentlig nyckel (certifikat)"}, - {"Cannot.derive.signature.algorithm", - "Kan inte h\u00E4rleda signaturalgoritm"}, - {"Alias.alias.does.not.exist", - "Aliaset <{0}> finns inte"}, - {"Alias.alias.has.no.certificate", - "Aliaset <{0}> saknar certifikat"}, - {"Key.pair.not.generated.alias.alias.already.exists", - "Nyckelparet genererades inte. Aliaset <{0}> finns redan"}, - {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", - "Genererar {0} bitars {1}-nyckelpar och sj\u00E4lvsignerat certifikat ({2}) med en giltighet p\u00E5 {3} dagar\n\tf\u00F6r: {4}"}, - {"Enter.key.password.for.alias.", "Ange nyckell\u00F6senord f\u00F6r <{0}>"}, - {".RETURN.if.same.as.keystore.password.", - "\t(RETURN om det \u00E4r identiskt med nyckellagerl\u00F6senordet): "}, - {"Key.password.is.too.short.must.be.at.least.6.characters", - "Nyckell\u00F6senordet \u00E4r f\u00F6r kort - det m\u00E5ste inneh\u00E5lla minst 6 tecken"}, - {"Too.many.failures.key.not.added.to.keystore", - "F\u00F6r m\u00E5nga fel - nyckeln lades inte till i nyckellagret"}, - {"Destination.alias.dest.already.exists", - "Destinationsaliaset <{0}> finns redan"}, - {"Password.is.too.short.must.be.at.least.6.characters", - "L\u00F6senordet \u00E4r f\u00F6r kort - det m\u00E5ste inneh\u00E5lla minst 6 tecken"}, - {"Too.many.failures.Key.entry.not.cloned", - "F\u00F6r m\u00E5nga fel. Nyckelposten har inte klonats"}, - {"key.password.for.alias.", "nyckell\u00F6senord f\u00F6r <{0}>"}, - {"Keystore.entry.for.id.getName.already.exists", - "Nyckellagerpost f\u00F6r <{0}> finns redan"}, - {"Creating.keystore.entry.for.id.getName.", - "Skapar nyckellagerpost f\u00F6r <{0}> ..."}, - {"No.entries.from.identity.database.added", - "Inga poster fr\u00E5n identitetsdatabasen har lagts till"}, - {"Alias.name.alias", "Aliasnamn: {0}"}, - {"Creation.date.keyStore.getCreationDate.alias.", - "Skapat den: {0,date}"}, - {"alias.keyStore.getCreationDate.alias.", - "{0}, {1,date}, "}, - {"alias.", "{0}, "}, - {"Entry.type.type.", "Posttyp: {0}"}, - {"Certificate.chain.length.", "L\u00E4ngd p\u00E5 certifikatskedja: "}, - {"Certificate.i.1.", "Certifikat[{0,number,integer}]:"}, - {"Certificate.fingerprint.SHA1.", "Certifikatets fingeravtryck (SHA1): "}, - {"Keystore.type.", "Nyckellagertyp: "}, - {"Keystore.provider.", "Nyckellagerleverant\u00F6r: "}, - {"Your.keystore.contains.keyStore.size.entry", - "Nyckellagret inneh\u00E5ller {0,number,integer} post"}, - {"Your.keystore.contains.keyStore.size.entries", - "Nyckellagret inneh\u00E5ller {0,number,integer} poster"}, - {"Failed.to.parse.input", "Kunde inte tolka indata"}, - {"Empty.input", "Inga indata"}, - {"Not.X.509.certificate", "Inte ett X.509-certifikat"}, - {"alias.has.no.public.key", "{0} saknar offentlig nyckel"}, - {"alias.has.no.X.509.certificate", "{0} saknar X.509-certifikat"}, - {"New.certificate.self.signed.", "Nytt certifikat (sj\u00E4lvsignerat):"}, - {"Reply.has.no.certificates", "Svaret saknar certifikat"}, - {"Certificate.not.imported.alias.alias.already.exists", - "Certifikatet importerades inte. Aliaset <{0}> finns redan"}, - {"Input.not.an.X.509.certificate", "Indata \u00E4r inte ett X.509-certifikat"}, - {"Certificate.already.exists.in.keystore.under.alias.trustalias.", - "Certifikatet finns redan i nyckellagerfilen under aliaset <{0}>"}, - {"Do.you.still.want.to.add.it.no.", - "Vill du fortfarande l\u00E4gga till det? [nej]: "}, - {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", - "Certifikatet finns redan i den systemomsp\u00E4nnande CA-nyckellagerfilen under aliaset <{0}>"}, - {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", - "Vill du fortfarande l\u00E4gga till det i ditt eget nyckellagret? [nej]: "}, - {"Trust.this.certificate.no.", "Litar du p\u00E5 det h\u00E4r certifikatet? [nej]: "}, - {"YES", "JA"}, - {"New.prompt.", "Nytt {0}: "}, - {"Passwords.must.differ", "L\u00F6senorden m\u00E5ste vara olika"}, - {"Re.enter.new.prompt.", "Ange nytt {0} igen: "}, - {"Re.enter.new.password.", "Ange det nya l\u00F6senordet igen: "}, - {"They.don.t.match.Try.again", "De matchar inte. F\u00F6rs\u00F6k igen"}, - {"Enter.prompt.alias.name.", "Ange aliasnamn f\u00F6r {0}: "}, - {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", - "Ange ett nytt aliasnamn\t(skriv RETURN f\u00F6r att avbryta importen av denna post): "}, - {"Enter.alias.name.", "Ange aliasnamn: "}, - {".RETURN.if.same.as.for.otherAlias.", - "\t(RETURN om det \u00E4r det samma som f\u00F6r <{0}>)"}, - {".PATTERN.printX509Cert", - "\u00C4gare: {0}\nUtf\u00E4rdare: {1}\nSerienummer: {2}\nGiltigt fr\u00E5n den: {3} till: {4}\nCertifikatets fingeravtryck:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t Namn p\u00E5 signaturalgoritm: {8}\n\t Version: {9}"}, - {"What.is.your.first.and.last.name.", - "Vad heter du i f\u00F6r- och efternamn?"}, - {"What.is.the.name.of.your.organizational.unit.", - "Vad heter din avdelning inom organisationen?"}, - {"What.is.the.name.of.your.organization.", - "Vad heter din organisation?"}, - {"What.is.the.name.of.your.City.or.Locality.", - "Vad heter din ort eller plats?"}, - {"What.is.the.name.of.your.State.or.Province.", - "Vad heter ditt land eller din provins?"}, - {"What.is.the.two.letter.country.code.for.this.unit.", - "Vilken \u00E4r den tv\u00E5st\u00E4lliga landskoden?"}, - {"Is.name.correct.", "\u00C4r {0} korrekt?"}, - {"no", "nej"}, - {"yes", "ja"}, - {"y", "j"}, - {".defaultValue.", " [{0}]: "}, - {"Alias.alias.has.no.key", - "Aliaset <{0}> saknar nyckel"}, - {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", - "Aliaset <{0}> refererar till en posttyp som inte \u00E4r n\u00E5gon privat nyckelpost. Kommandot -keyclone har endast st\u00F6d f\u00F6r kloning av privata nyckelposter"}, - - {".WARNING.WARNING.WARNING.", - "***************** WARNING WARNING WARNING *****************"}, - {"Signer.d.", "Signerare #%d:"}, - {"Timestamp.", "Tidsst\u00E4mpel:"}, - {"Signature.", "Underskrift:"}, - {"CRLs.", "CRL:er:"}, - {"Certificate.owner.", "Certifikat\u00E4gare: "}, - {"Not.a.signed.jar.file", "Ingen signerad jar-fil"}, - {"No.certificate.from.the.SSL.server", - "Inget certifikat fr\u00E5n SSL-servern"}, - - {".The.integrity.of.the.information.stored.in.your.keystore.", - "* Integriteten f\u00F6r den information som lagras i nyckellagerfilen *\n* har INTE verifierats! Om du vill verifiera dess integritet *\n* m\u00E5ste du ange l\u00F6senordet f\u00F6r nyckellagret. *"}, - {".The.integrity.of.the.information.stored.in.the.srckeystore.", - "* Integriteten f\u00F6r den information som lagras i srckeystore*\n* har INTE verifierats! Om du vill verifiera dess integritet *\n* m\u00E5ste du ange l\u00F6senordet f\u00F6r srckeystore. *"}, - - {"Certificate.reply.does.not.contain.public.key.for.alias.", - "Certifikatsvaret inneh\u00E5ller inte n\u00E5gon offentlig nyckel f\u00F6r <{0}>"}, - {"Incomplete.certificate.chain.in.reply", - "Ofullst\u00E4ndig certifikatskedja i svaret"}, - {"Certificate.chain.in.reply.does.not.verify.", - "Certifikatskedjan i svaret g\u00E5r inte att verifiera: "}, - {"Top.level.certificate.in.reply.", - "Toppniv\u00E5certifikatet i svaret:\n"}, - {".is.not.trusted.", "... \u00E4r inte betrott. "}, - {"Install.reply.anyway.no.", "Vill du installera svaret \u00E4nd\u00E5? [nej]: "}, - {"NO", "NEJ"}, - {"Public.keys.in.reply.and.keystore.don.t.match", - "De offentliga nycklarna i svaret och nyckellagret matchar inte varandra"}, - {"Certificate.reply.and.certificate.in.keystore.are.identical", - "Certifikatsvaret och certifikatet i nyckellagret \u00E4r identiska"}, - {"Failed.to.establish.chain.from.reply", - "Kunde inte uppr\u00E4tta kedja fr\u00E5n svaret"}, - {"n", "n"}, - {"Wrong.answer.try.again", "Fel svar. F\u00F6rs\u00F6k p\u00E5 nytt."}, - {"Secret.key.not.generated.alias.alias.already.exists", - "Den hemliga nyckeln har inte genererats eftersom aliaset <{0}> redan finns"}, - {"Please.provide.keysize.for.secret.key.generation", - "Ange -keysize f\u00F6r att skapa hemlig nyckel"}, - - {"Extensions.", "Till\u00E4gg: "}, - {".Empty.value.", "(Tomt v\u00E4rde)"}, - {"Extension.Request.", "Till\u00E4ggsbeg\u00E4ran:"}, - {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", - "PKCS #10 certifikatbeg\u00E4ran (version 1.0)\n\u00C4mne: %s\nAllm\u00E4n nyckel: %s-format %s-nyckel\n"}, - {"Unknown.keyUsage.type.", "Ok\u00E4nd keyUsage-typ: "}, - {"Unknown.extendedkeyUsage.type.", "Ok\u00E4nd extendedkeyUsage-typ: "}, - {"Unknown.AccessDescription.type.", "Ok\u00E4nd AccessDescription-typ: "}, - {"Unrecognized.GeneralName.type.", "Ok\u00E4nd GeneralName-typ: "}, - {"This.extension.cannot.be.marked.as.critical.", - "Detta till\u00E4gg kan inte markeras som kritiskt. "}, - {"Odd.number.of.hex.digits.found.", "Udda antal hex-siffror p\u00E5tr\u00E4ffades: "}, - {"Unknown.extension.type.", "Ok\u00E4nd till\u00E4ggstyp: "}, - {"command.{0}.is.ambiguous.", "kommandot {0} \u00E4r tvetydigt:"}, - - // policytool - {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", - "Varning! Det finns ingen offentlig nyckel f\u00F6r aliaset {0}. Kontrollera att det aktuella nyckellagret \u00E4r korrekt konfigurerat."}, - {"Warning.Class.not.found.class", "Varning! Klassen hittades inte: {0}"}, - {"Warning.Invalid.argument.s.for.constructor.arg", - "Varning! Ogiltiga argument f\u00F6r konstruktor: {0}"}, - {"Illegal.Principal.Type.type", "Otill\u00E5ten identitetshavaretyp: {0}"}, - {"Illegal.option.option", "Otill\u00E5tet alternativ: {0}"}, - {"Usage.policytool.options.", "Syntax: policytool [alternativ]"}, - {".file.file.policy.file.location", - " [-file <fil>] policyfilens plats"}, - {"New", "Nytt"}, - {"Open", "\u00D6ppna"}, - {"Save", "Spara"}, - {"Save.As", "Spara som"}, - {"View.Warning.Log", "Visa varningslogg"}, - {"Exit", "Avsluta"}, - {"Add.Policy.Entry", "L\u00E4gg till policypost"}, - {"Edit.Policy.Entry", "Redigera policypost"}, - {"Remove.Policy.Entry", "Ta bort policypost"}, - {"Edit", "Redigera"}, - {"Retain", "Beh\u00E5ll"}, - - {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", - "Varning! Filnamnet kan inneh\u00E5lla omv\u00E4nda snedstreck inom citattecken. Citattecken kr\u00E4vs inte f\u00F6r omv\u00E4nda snedstreck (verktyget hanterar detta n\u00E4r policyinneh\u00E5llet skrivs till det best\u00E4ndiga lagret).\n\nKlicka p\u00E5 Beh\u00E5ll f\u00F6r att beh\u00E5lla det angivna namnet, eller klicka p\u00E5 Redigera f\u00F6r att \u00E4ndra det."}, - - {"Add.Public.Key.Alias", "L\u00E4gg till offentligt nyckelalias"}, - {"Remove.Public.Key.Alias", "Ta bort offentligt nyckelalias"}, - {"File", "Fil"}, - {"KeyStore", "Nyckellager"}, - {"Policy.File.", "Policyfil:"}, - {"Could.not.open.policy.file.policyFile.e.toString.", - "Kan inte \u00F6ppna policyfilen: {0}: {1}"}, - {"Policy.Tool", "Policyverktyg"}, - {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", - "Det uppstod ett fel n\u00E4r policykonfigurationen skulle \u00F6ppnas. Se varningsloggen f\u00F6r mer information."}, - {"Error", "Fel"}, - {"OK", "OK"}, - {"Status", "Status"}, - {"Warning", "Varning"}, - {"Permission.", - "Beh\u00F6righet: "}, - {"Principal.Type.", "Identitetshavaretyp:"}, - {"Principal.Name.", "Identitetshavare:"}, - {"Target.Name.", - "M\u00E5l: "}, - {"Actions.", - "Funktioner: "}, - {"OK.to.overwrite.existing.file.filename.", - "Ska den befintliga filen {0} skrivas \u00F6ver?"}, - {"Cancel", "Avbryt"}, - {"CodeBase.", "Kodbas:"}, - {"SignedBy.", "Signerad av:"}, - {"Add.Principal", "L\u00E4gg till identitetshavare"}, - {"Edit.Principal", "Redigera identitetshavare"}, - {"Remove.Principal", "Ta bort identitetshavare"}, - {"Principals.", "Identitetshavare:"}, - {".Add.Permission", " L\u00E4gg till beh\u00F6righet"}, - {".Edit.Permission", " Redigera beh\u00F6righet"}, - {"Remove.Permission", "Ta bort beh\u00F6righet"}, - {"Done", "Utf\u00F6rd"}, - {"KeyStore.URL.", "URL f\u00F6r nyckellager:"}, - {"KeyStore.Type.", "Nyckellagertyp:"}, - {"KeyStore.Provider.", "Nyckellagerleverant\u00F6r:"}, - {"KeyStore.Password.URL.", "URL f\u00F6r l\u00F6senord till nyckellager:"}, - {"Principals", "Identitetshavare"}, - {".Edit.Principal.", " Redigera identitetshavare:"}, - {".Add.New.Principal.", " L\u00E4gg till ny identitetshavare:"}, - {"Permissions", "Beh\u00F6righet"}, - {".Edit.Permission.", " Redigera beh\u00F6righet:"}, - {".Add.New.Permission.", " L\u00E4gg till ny beh\u00F6righet:"}, - {"Signed.By.", "Signerad av:"}, - {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", - "Kan inte specificera identitetshavare med jokerteckenklass utan jokerteckennamn"}, - {"Cannot.Specify.Principal.without.a.Name", - "Kan inte specificera identitetshavare utan namn"}, - {"Permission.and.Target.Name.must.have.a.value", - "Beh\u00F6righet och m\u00E5lnamn m\u00E5ste ha ett v\u00E4rde"}, - {"Remove.this.Policy.Entry.", "Vill du ta bort den h\u00E4r policyposten?"}, - {"Overwrite.File", "Skriv \u00F6ver fil"}, - {"Policy.successfully.written.to.filename", - "Policy har skrivits till {0}"}, - {"null.filename", "nullfilnamn"}, - {"Save.changes.", "Vill du spara \u00E4ndringarna?"}, - {"Yes", "Ja"}, - {"No", "Nej"}, - {"Policy.Entry", "Policyfel"}, - {"Save.Changes", "Spara \u00E4ndringar"}, - {"No.Policy.Entry.selected", "Ingen policypost har valts"}, - {"Unable.to.open.KeyStore.ex.toString.", - "Kan inte \u00F6ppna nyckellagret: {0}"}, - {"No.principal.selected", "Ingen identitetshavare har valts"}, - {"No.permission.selected", "Ingen beh\u00F6righet har valts"}, - {"name", "namn"}, - {"configuration.type", "konfigurationstyp"}, - {"environment.variable.name", "variabelnamn f\u00F6r milj\u00F6"}, - {"library.name", "biblioteksnamn"}, - {"package.name", "paketnamn"}, - {"policy.type", "policytyp"}, - {"property.name", "egenskapsnamn"}, - {"Principal.List", "Lista \u00F6ver identitetshavare"}, - {"Permission.List", "Beh\u00F6righetslista"}, - {"Code.Base", "Kodbas"}, - {"KeyStore.U.R.L.", "URL f\u00F6r nyckellager:"}, - {"KeyStore.Password.U.R.L.", "URL f\u00F6r l\u00F6senord till nyckellager:"}, - - // javax.security.auth.PrivateCredentialPermission {"invalid.null.input.s.", "ogiltiga null-indata"}, {"actions.can.only.be.read.", "funktioner kan endast 'l\u00E4sas'"}, @@ -551,6 +58,7 @@ {"provided.null.OID.map", "null-OID-mappning tillhandah\u00F6lls"}, // javax.security.auth.Subject + {"NEWLINE", "\n"}, {"invalid.null.AccessControlContext.provided", "ogiltigt null-AccessControlContext"}, {"invalid.null.action.provided", "ogiltig null-funktion"}, @@ -654,6 +162,7 @@ * * @return the contents of this <code>ResourceBundle</code>. */ + @Override public Object[][] getContents() { return contents; }
--- a/src/share/classes/sun/security/util/Resources_zh_CN.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/Resources_zh_CN.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,499 +34,6 @@ private static final Object[][] contents = { - // shared (from jarsigner) - {"SPACE", " "}, - {"2SPACE", " "}, - {"6SPACE", " "}, - {"COMMA", ", "}, - // shared (from keytool) - {"NEWLINE", "\n"}, - {"STAR", - "*******************************************"}, - {"STARNN", - "*******************************************\n\n"}, - - // keytool: Help part - {".OPTION.", " [OPTION]..."}, - {"Options.", "\u9009\u9879:"}, - {"Use.keytool.help.for.all.available.commands", - "\u4F7F\u7528 \"keytool -help\" \u83B7\u53D6\u6240\u6709\u53EF\u7528\u547D\u4EE4"}, - {"Key.and.Certificate.Management.Tool", - "\u5BC6\u94A5\u548C\u8BC1\u4E66\u7BA1\u7406\u5DE5\u5177"}, - {"Commands.", "\u547D\u4EE4:"}, - {"Use.keytool.command.name.help.for.usage.of.command.name", - "\u4F7F\u7528 \"keytool -command_name -help\" \u83B7\u53D6 command_name \u7684\u7528\u6CD5"}, - // keytool: help: commands - {"Generates.a.certificate.request", - "\u751F\u6210\u8BC1\u4E66\u8BF7\u6C42"}, //-certreq - {"Changes.an.entry.s.alias", - "\u66F4\u6539\u6761\u76EE\u7684\u522B\u540D"}, //-changealias - {"Deletes.an.entry", - "\u5220\u9664\u6761\u76EE"}, //-delete - {"Exports.certificate", - "\u5BFC\u51FA\u8BC1\u4E66"}, //-exportcert - {"Generates.a.key.pair", - "\u751F\u6210\u5BC6\u94A5\u5BF9"}, //-genkeypair - {"Generates.a.secret.key", - "\u751F\u6210\u5BC6\u94A5"}, //-genseckey - {"Generates.certificate.from.a.certificate.request", - "\u6839\u636E\u8BC1\u4E66\u8BF7\u6C42\u751F\u6210\u8BC1\u4E66"}, //-gencert - {"Generates.CRL", "\u751F\u6210 CRL"}, //-gencrl - {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", - "\u4ECE JDK 1.1.x \u6837\u5F0F\u7684\u8EAB\u4EFD\u6570\u636E\u5E93\u5BFC\u5165\u6761\u76EE"}, //-identitydb - {"Imports.a.certificate.or.a.certificate.chain", - "\u5BFC\u5165\u8BC1\u4E66\u6216\u8BC1\u4E66\u94FE"}, //-importcert - {"Imports.one.or.all.entries.from.another.keystore", - "\u4ECE\u5176\u4ED6\u5BC6\u94A5\u5E93\u5BFC\u5165\u4E00\u4E2A\u6216\u6240\u6709\u6761\u76EE"}, //-importkeystore - {"Clones.a.key.entry", - "\u514B\u9686\u5BC6\u94A5\u6761\u76EE"}, //-keyclone - {"Changes.the.key.password.of.an.entry", - "\u66F4\u6539\u6761\u76EE\u7684\u5BC6\u94A5\u53E3\u4EE4"}, //-keypasswd - {"Lists.entries.in.a.keystore", - "\u5217\u51FA\u5BC6\u94A5\u5E93\u4E2D\u7684\u6761\u76EE"}, //-list - {"Prints.the.content.of.a.certificate", - "\u6253\u5370\u8BC1\u4E66\u5185\u5BB9"}, //-printcert - {"Prints.the.content.of.a.certificate.request", - "\u6253\u5370\u8BC1\u4E66\u8BF7\u6C42\u7684\u5185\u5BB9"}, //-printcertreq - {"Prints.the.content.of.a.CRL.file", - "\u6253\u5370 CRL \u6587\u4EF6\u7684\u5185\u5BB9"}, //-printcrl - {"Generates.a.self.signed.certificate", - "\u751F\u6210\u81EA\u7B7E\u540D\u8BC1\u4E66"}, //-selfcert - {"Changes.the.store.password.of.a.keystore", - "\u66F4\u6539\u5BC6\u94A5\u5E93\u7684\u5B58\u50A8\u53E3\u4EE4"}, //-storepasswd - // keytool: help: options - {"alias.name.of.the.entry.to.process", - "\u8981\u5904\u7406\u7684\u6761\u76EE\u7684\u522B\u540D"}, //-alias - {"destination.alias", - "\u76EE\u6807\u522B\u540D"}, //-destalias - {"destination.key.password", - "\u76EE\u6807\u5BC6\u94A5\u53E3\u4EE4"}, //-destkeypass - {"destination.keystore.name", - "\u76EE\u6807\u5BC6\u94A5\u5E93\u540D\u79F0"}, //-destkeystore - {"destination.keystore.password.protected", - "\u53D7\u4FDD\u62A4\u7684\u76EE\u6807\u5BC6\u94A5\u5E93\u53E3\u4EE4"}, //-destprotected - {"destination.keystore.provider.name", - "\u76EE\u6807\u5BC6\u94A5\u5E93\u63D0\u4F9B\u65B9\u540D\u79F0"}, //-destprovidername - {"destination.keystore.password", - "\u76EE\u6807\u5BC6\u94A5\u5E93\u53E3\u4EE4"}, //-deststorepass - {"destination.keystore.type", - "\u76EE\u6807\u5BC6\u94A5\u5E93\u7C7B\u578B"}, //-deststoretype - {"distinguished.name", - "\u552F\u4E00\u5224\u522B\u540D"}, //-dname - {"X.509.extension", - "X.509 \u6269\u5C55"}, //-ext - {"output.file.name", - "\u8F93\u51FA\u6587\u4EF6\u540D"}, //-file and -outfile - {"input.file.name", - "\u8F93\u5165\u6587\u4EF6\u540D"}, //-file and -infile - {"key.algorithm.name", - "\u5BC6\u94A5\u7B97\u6CD5\u540D\u79F0"}, //-keyalg - {"key.password", - "\u5BC6\u94A5\u53E3\u4EE4"}, //-keypass - {"key.bit.size", - "\u5BC6\u94A5\u4F4D\u5927\u5C0F"}, //-keysize - {"keystore.name", - "\u5BC6\u94A5\u5E93\u540D\u79F0"}, //-keystore - {"new.password", - "\u65B0\u53E3\u4EE4"}, //-new - {"do.not.prompt", - "\u4E0D\u63D0\u793A"}, //-noprompt - {"password.through.protected.mechanism", - "\u901A\u8FC7\u53D7\u4FDD\u62A4\u7684\u673A\u5236\u7684\u53E3\u4EE4"}, //-protected - {"provider.argument", - "\u63D0\u4F9B\u65B9\u53C2\u6570"}, //-providerarg - {"provider.class.name", - "\u63D0\u4F9B\u65B9\u7C7B\u540D"}, //-providerclass - {"provider.name", - "\u63D0\u4F9B\u65B9\u540D\u79F0"}, //-providername - {"provider.classpath", - "\u63D0\u4F9B\u65B9\u7C7B\u8DEF\u5F84"}, //-providerpath - {"output.in.RFC.style", - "\u4EE5 RFC \u6837\u5F0F\u8F93\u51FA"}, //-rfc - {"signature.algorithm.name", - "\u7B7E\u540D\u7B97\u6CD5\u540D\u79F0"}, //-sigalg - {"source.alias", - "\u6E90\u522B\u540D"}, //-srcalias - {"source.key.password", - "\u6E90\u5BC6\u94A5\u53E3\u4EE4"}, //-srckeypass - {"source.keystore.name", - "\u6E90\u5BC6\u94A5\u5E93\u540D\u79F0"}, //-srckeystore - {"source.keystore.password.protected", - "\u53D7\u4FDD\u62A4\u7684\u6E90\u5BC6\u94A5\u5E93\u53E3\u4EE4"}, //-srcprotected - {"source.keystore.provider.name", - "\u6E90\u5BC6\u94A5\u5E93\u63D0\u4F9B\u65B9\u540D\u79F0"}, //-srcprovidername - {"source.keystore.password", - "\u6E90\u5BC6\u94A5\u5E93\u53E3\u4EE4"}, //-srcstorepass - {"source.keystore.type", - "\u6E90\u5BC6\u94A5\u5E93\u7C7B\u578B"}, //-srcstoretype - {"SSL.server.host.and.port", - "SSL \u670D\u52A1\u5668\u4E3B\u673A\u548C\u7AEF\u53E3"}, //-sslserver - {"signed.jar.file", - "\u5DF2\u7B7E\u540D\u7684 jar \u6587\u4EF6"}, //=jarfile - {"certificate.validity.start.date.time", - "\u8BC1\u4E66\u6709\u6548\u671F\u5F00\u59CB\u65E5\u671F/\u65F6\u95F4"}, //-startdate - {"keystore.password", - "\u5BC6\u94A5\u5E93\u53E3\u4EE4"}, //-storepass - {"keystore.type", - "\u5BC6\u94A5\u5E93\u7C7B\u578B"}, //-storetype - {"trust.certificates.from.cacerts", - "\u4FE1\u4EFB\u6765\u81EA cacerts \u7684\u8BC1\u4E66"}, //-trustcacerts - {"verbose.output", - "\u8BE6\u7EC6\u8F93\u51FA"}, //-v - {"validity.number.of.days", - "\u6709\u6548\u5929\u6570"}, //-validity - {"Serial.ID.of.cert.to.revoke", - "\u8981\u64A4\u9500\u7684\u8BC1\u4E66\u7684\u5E8F\u5217 ID"}, //-id - // keytool: Running part - {"keytool.error.", "keytool \u9519\u8BEF: "}, - {"Illegal.option.", "\u975E\u6CD5\u9009\u9879: "}, - {"Illegal.value.", "\u975E\u6CD5\u503C: "}, - {"Unknown.password.type.", "\u672A\u77E5\u53E3\u4EE4\u7C7B\u578B: "}, - {"Cannot.find.environment.variable.", - "\u627E\u4E0D\u5230\u73AF\u5883\u53D8\u91CF: "}, - {"Cannot.find.file.", "\u627E\u4E0D\u5230\u6587\u4EF6: "}, - {"Command.option.flag.needs.an.argument.", "\u547D\u4EE4\u9009\u9879{0}\u9700\u8981\u4E00\u4E2A\u53C2\u6570\u3002"}, - {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", - "\u8B66\u544A: PKCS12 \u5BC6\u94A5\u5E93\u4E0D\u652F\u6301\u5176\u4ED6\u5B58\u50A8\u548C\u5BC6\u94A5\u53E3\u4EE4\u3002\u6B63\u5728\u5FFD\u7565\u7528\u6237\u6307\u5B9A\u7684{0}\u503C\u3002"}, - {".keystore.must.be.NONE.if.storetype.is.{0}", - "\u5982\u679C -storetype \u4E3A {0}, \u5219 -keystore \u5FC5\u987B\u4E3A NONE"}, - {"Too.many.retries.program.terminated", - "\u91CD\u8BD5\u6B21\u6570\u8FC7\u591A, \u7A0B\u5E8F\u5DF2\u7EC8\u6B62"}, - {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", - "\u5982\u679C -storetype \u4E3A {0}, \u5219\u4E0D\u652F\u6301 -storepasswd \u548C -keypasswd \u547D\u4EE4"}, - {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", - "\u5982\u679C -storetype \u4E3A PKCS12, \u5219\u4E0D\u652F\u6301 -keypasswd \u547D\u4EE4"}, - {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", - "\u5982\u679C -storetype \u4E3A {0}, \u5219\u4E0D\u80FD\u6307\u5B9A -keypass \u548C -new"}, - {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", - "\u5982\u679C\u6307\u5B9A\u4E86 -protected, \u5219\u4E0D\u80FD\u6307\u5B9A -storepass, -keypass \u548C -new"}, - {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", - "\u5982\u679C\u6307\u5B9A\u4E86 -srcprotected, \u5219\u4E0D\u80FD\u6307\u5B9A -srcstorepass \u548C -srckeypass"}, - {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", - "\u5982\u679C\u5BC6\u94A5\u5E93\u672A\u53D7\u53E3\u4EE4\u4FDD\u62A4, \u5219\u4E0D\u80FD\u6307\u5B9A -storepass, -keypass \u548C -new"}, - {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", - "\u5982\u679C\u6E90\u5BC6\u94A5\u5E93\u672A\u53D7\u53E3\u4EE4\u4FDD\u62A4, \u5219\u4E0D\u80FD\u6307\u5B9A -srcstorepass \u548C -srckeypass"}, - {"Illegal.startdate.value", "\u975E\u6CD5\u5F00\u59CB\u65E5\u671F\u503C"}, - {"Validity.must.be.greater.than.zero", - "\u6709\u6548\u6027\u5FC5\u987B\u5927\u4E8E\u96F6"}, - {"provName.not.a.provider", "{0}\u4E0D\u662F\u63D0\u4F9B\u65B9"}, - {"Usage.error.no.command.provided", "\u7528\u6CD5\u9519\u8BEF: \u6CA1\u6709\u63D0\u4F9B\u547D\u4EE4"}, - {"Source.keystore.file.exists.but.is.empty.", "\u6E90\u5BC6\u94A5\u5E93\u6587\u4EF6\u5B58\u5728, \u4F46\u4E3A\u7A7A: "}, - {"Please.specify.srckeystore", "\u8BF7\u6307\u5B9A -srckeystore"}, - {"Must.not.specify.both.v.and.rfc.with.list.command", - "\u4E0D\u80FD\u4F7F\u7528 'list' \u547D\u4EE4\u6765\u6307\u5B9A -v \u53CA -rfc"}, - {"Key.password.must.be.at.least.6.characters", - "\u5BC6\u94A5\u53E3\u4EE4\u81F3\u5C11\u5FC5\u987B\u4E3A 6 \u4E2A\u5B57\u7B26"}, - {"New.password.must.be.at.least.6.characters", - "\u65B0\u53E3\u4EE4\u81F3\u5C11\u5FC5\u987B\u4E3A 6 \u4E2A\u5B57\u7B26"}, - {"Keystore.file.exists.but.is.empty.", - "\u5BC6\u94A5\u5E93\u6587\u4EF6\u5B58\u5728, \u4F46\u4E3A\u7A7A: "}, - {"Keystore.file.does.not.exist.", - "\u5BC6\u94A5\u5E93\u6587\u4EF6\u4E0D\u5B58\u5728: "}, - {"Must.specify.destination.alias", "\u5FC5\u987B\u6307\u5B9A\u76EE\u6807\u522B\u540D"}, - {"Must.specify.alias", "\u5FC5\u987B\u6307\u5B9A\u522B\u540D"}, - {"Keystore.password.must.be.at.least.6.characters", - "\u5BC6\u94A5\u5E93\u53E3\u4EE4\u81F3\u5C11\u5FC5\u987B\u4E3A 6 \u4E2A\u5B57\u7B26"}, - {"Enter.keystore.password.", "\u8F93\u5165\u5BC6\u94A5\u5E93\u53E3\u4EE4: "}, - {"Enter.source.keystore.password.", "\u8F93\u5165\u6E90\u5BC6\u94A5\u5E93\u53E3\u4EE4: "}, - {"Enter.destination.keystore.password.", "\u8F93\u5165\u76EE\u6807\u5BC6\u94A5\u5E93\u53E3\u4EE4: "}, - {"Keystore.password.is.too.short.must.be.at.least.6.characters", - "\u5BC6\u94A5\u5E93\u53E3\u4EE4\u592A\u77ED - \u81F3\u5C11\u5FC5\u987B\u4E3A 6 \u4E2A\u5B57\u7B26"}, - {"Unknown.Entry.Type", "\u672A\u77E5\u6761\u76EE\u7C7B\u578B"}, - {"Too.many.failures.Alias.not.changed", "\u6545\u969C\u592A\u591A\u3002\u672A\u66F4\u6539\u522B\u540D"}, - {"Entry.for.alias.alias.successfully.imported.", - "\u5DF2\u6210\u529F\u5BFC\u5165\u522B\u540D {0} \u7684\u6761\u76EE\u3002"}, - {"Entry.for.alias.alias.not.imported.", "\u672A\u5BFC\u5165\u522B\u540D {0} \u7684\u6761\u76EE\u3002"}, - {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", - "\u5BFC\u5165\u522B\u540D {0} \u7684\u6761\u76EE\u65F6\u51FA\u73B0\u95EE\u9898: {1}\u3002\n\u672A\u5BFC\u5165\u522B\u540D {0} \u7684\u6761\u76EE\u3002"}, - {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", - "\u5DF2\u5B8C\u6210\u5BFC\u5165\u547D\u4EE4: {0} \u4E2A\u6761\u76EE\u6210\u529F\u5BFC\u5165, {1} \u4E2A\u6761\u76EE\u5931\u8D25\u6216\u53D6\u6D88"}, - {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", - "\u8B66\u544A: \u6B63\u5728\u8986\u76D6\u76EE\u6807\u5BC6\u94A5\u5E93\u4E2D\u7684\u73B0\u6709\u522B\u540D {0}"}, - {"Existing.entry.alias.alias.exists.overwrite.no.", - "\u5B58\u5728\u73B0\u6709\u6761\u76EE\u522B\u540D {0}, \u662F\u5426\u8986\u76D6? [\u5426]: "}, - {"Too.many.failures.try.later", "\u6545\u969C\u592A\u591A - \u8BF7\u7A0D\u540E\u518D\u8BD5"}, - {"Certification.request.stored.in.file.filename.", - "\u5B58\u50A8\u5728\u6587\u4EF6 <{0}> \u4E2D\u7684\u8BA4\u8BC1\u8BF7\u6C42"}, - {"Submit.this.to.your.CA", "\u5C06\u6B64\u63D0\u4EA4\u7ED9\u60A8\u7684 CA"}, - {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", - "\u5982\u679C\u6CA1\u6709\u6307\u5B9A\u522B\u540D, \u5219\u4E0D\u80FD\u6307\u5B9A\u76EE\u6807\u522B\u540D, \u6E90\u5BC6\u94A5\u5E93\u53E3\u4EE4\u548C\u76EE\u6807\u5BC6\u94A5\u5E93\u53E3\u4EE4"}, - {"Certificate.stored.in.file.filename.", - "\u5B58\u50A8\u5728\u6587\u4EF6 <{0}> \u4E2D\u7684\u8BC1\u4E66"}, - {"Certificate.reply.was.installed.in.keystore", - "\u8BC1\u4E66\u56DE\u590D\u5DF2\u5B89\u88C5\u5728\u5BC6\u94A5\u5E93\u4E2D"}, - {"Certificate.reply.was.not.installed.in.keystore", - "\u8BC1\u4E66\u56DE\u590D\u672A\u5B89\u88C5\u5728\u5BC6\u94A5\u5E93\u4E2D"}, - {"Certificate.was.added.to.keystore", - "\u8BC1\u4E66\u5DF2\u6DFB\u52A0\u5230\u5BC6\u94A5\u5E93\u4E2D"}, - {"Certificate.was.not.added.to.keystore", - "\u8BC1\u4E66\u672A\u6DFB\u52A0\u5230\u5BC6\u94A5\u5E93\u4E2D"}, - {".Storing.ksfname.", "[\u6B63\u5728\u5B58\u50A8{0}]"}, - {"alias.has.no.public.key.certificate.", - "{0}\u6CA1\u6709\u516C\u5171\u5BC6\u94A5 (\u8BC1\u4E66)"}, - {"Cannot.derive.signature.algorithm", - "\u65E0\u6CD5\u6D3E\u751F\u7B7E\u540D\u7B97\u6CD5"}, - {"Alias.alias.does.not.exist", - "\u522B\u540D <{0}> \u4E0D\u5B58\u5728"}, - {"Alias.alias.has.no.certificate", - "\u522B\u540D <{0}> \u6CA1\u6709\u8BC1\u4E66"}, - {"Key.pair.not.generated.alias.alias.already.exists", - "\u672A\u751F\u6210\u5BC6\u94A5\u5BF9, \u522B\u540D <{0}> \u5DF2\u7ECF\u5B58\u5728"}, - {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", - "\u6B63\u5728\u4E3A\u4EE5\u4E0B\u5BF9\u8C61\u751F\u6210 {0} \u4F4D{1}\u5BC6\u94A5\u5BF9\u548C\u81EA\u7B7E\u540D\u8BC1\u4E66 ({2}) (\u6709\u6548\u671F\u4E3A {3} \u5929):\n\t {4}"}, - {"Enter.key.password.for.alias.", "\u8F93\u5165 <{0}> \u7684\u5BC6\u94A5\u53E3\u4EE4"}, - {".RETURN.if.same.as.keystore.password.", - "\t(\u5982\u679C\u548C\u5BC6\u94A5\u5E93\u53E3\u4EE4\u76F8\u540C, \u6309\u56DE\u8F66): "}, - {"Key.password.is.too.short.must.be.at.least.6.characters", - "\u5BC6\u94A5\u53E3\u4EE4\u592A\u77ED - \u81F3\u5C11\u5FC5\u987B\u4E3A 6 \u4E2A\u5B57\u7B26"}, - {"Too.many.failures.key.not.added.to.keystore", - "\u6545\u969C\u592A\u591A - \u5BC6\u94A5\u672A\u6DFB\u52A0\u5230\u5BC6\u94A5\u5E93\u4E2D"}, - {"Destination.alias.dest.already.exists", - "\u76EE\u6807\u522B\u540D <{0}> \u5DF2\u7ECF\u5B58\u5728"}, - {"Password.is.too.short.must.be.at.least.6.characters", - "\u53E3\u4EE4\u592A\u77ED - \u81F3\u5C11\u5FC5\u987B\u4E3A 6 \u4E2A\u5B57\u7B26"}, - {"Too.many.failures.Key.entry.not.cloned", - "\u6545\u969C\u592A\u591A\u3002\u672A\u514B\u9686\u5BC6\u94A5\u6761\u76EE"}, - {"key.password.for.alias.", "<{0}> \u7684\u5BC6\u94A5\u53E3\u4EE4"}, - {"Keystore.entry.for.id.getName.already.exists", - "<{0}> \u7684\u5BC6\u94A5\u5E93\u6761\u76EE\u5DF2\u7ECF\u5B58\u5728"}, - {"Creating.keystore.entry.for.id.getName.", - "\u6B63\u5728\u521B\u5EFA <{0}> \u7684\u5BC6\u94A5\u5E93\u6761\u76EE..."}, - {"No.entries.from.identity.database.added", - "\u672A\u4ECE\u8EAB\u4EFD\u6570\u636E\u5E93\u4E2D\u6DFB\u52A0\u4EFB\u4F55\u6761\u76EE"}, - {"Alias.name.alias", "\u522B\u540D: {0}"}, - {"Creation.date.keyStore.getCreationDate.alias.", - "\u521B\u5EFA\u65E5\u671F: {0,date}"}, - {"alias.keyStore.getCreationDate.alias.", - "{0}, {1,date}, "}, - {"alias.", "{0}, "}, - {"Entry.type.type.", "\u6761\u76EE\u7C7B\u578B: {0}"}, - {"Certificate.chain.length.", "\u8BC1\u4E66\u94FE\u957F\u5EA6: "}, - {"Certificate.i.1.", "\u8BC1\u4E66[{0,number,integer}]:"}, - {"Certificate.fingerprint.SHA1.", "\u8BC1\u4E66\u6307\u7EB9 (SHA1): "}, - {"Keystore.type.", "\u5BC6\u94A5\u5E93\u7C7B\u578B: "}, - {"Keystore.provider.", "\u5BC6\u94A5\u5E93\u63D0\u4F9B\u65B9: "}, - {"Your.keystore.contains.keyStore.size.entry", - "\u60A8\u7684\u5BC6\u94A5\u5E93\u5305\u542B {0,number,integer} \u4E2A\u6761\u76EE"}, - {"Your.keystore.contains.keyStore.size.entries", - "\u60A8\u7684\u5BC6\u94A5\u5E93\u5305\u542B {0,number,integer} \u4E2A\u6761\u76EE"}, - {"Failed.to.parse.input", "\u65E0\u6CD5\u89E3\u6790\u8F93\u5165"}, - {"Empty.input", "\u7A7A\u8F93\u5165"}, - {"Not.X.509.certificate", "\u975E X.509 \u8BC1\u4E66"}, - {"alias.has.no.public.key", "{0}\u6CA1\u6709\u516C\u5171\u5BC6\u94A5"}, - {"alias.has.no.X.509.certificate", "{0}\u6CA1\u6709 X.509 \u8BC1\u4E66"}, - {"New.certificate.self.signed.", "\u65B0\u8BC1\u4E66 (\u81EA\u7B7E\u540D):"}, - {"Reply.has.no.certificates", "\u56DE\u590D\u4E2D\u6CA1\u6709\u8BC1\u4E66"}, - {"Certificate.not.imported.alias.alias.already.exists", - "\u8BC1\u4E66\u672A\u5BFC\u5165, \u522B\u540D <{0}> \u5DF2\u7ECF\u5B58\u5728"}, - {"Input.not.an.X.509.certificate", "\u6240\u8F93\u5165\u7684\u4E0D\u662F X.509 \u8BC1\u4E66"}, - {"Certificate.already.exists.in.keystore.under.alias.trustalias.", - "\u5728\u522B\u540D <{0}> \u4E4B\u4E0B, \u8BC1\u4E66\u5DF2\u7ECF\u5B58\u5728\u4E8E\u5BC6\u94A5\u5E93\u4E2D"}, - {"Do.you.still.want.to.add.it.no.", - "\u662F\u5426\u4ECD\u8981\u6DFB\u52A0? [\u5426]: "}, - {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", - "\u5728\u522B\u540D <{0}> \u4E4B\u4E0B, \u8BC1\u4E66\u5DF2\u7ECF\u5B58\u5728\u4E8E\u7CFB\u7EDF\u8303\u56F4\u7684 CA \u5BC6\u94A5\u5E93\u4E2D"}, - {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", - "\u662F\u5426\u4ECD\u8981\u5C06\u5B83\u6DFB\u52A0\u5230\u81EA\u5DF1\u7684\u5BC6\u94A5\u5E93? [\u5426]: "}, - {"Trust.this.certificate.no.", "\u662F\u5426\u4FE1\u4EFB\u6B64\u8BC1\u4E66? [\u5426]: "}, - {"YES", "YES"}, - {"New.prompt.", "\u65B0{0}: "}, - {"Passwords.must.differ", "\u53E3\u4EE4\u4E0D\u80FD\u76F8\u540C"}, - {"Re.enter.new.prompt.", "\u91CD\u65B0\u8F93\u5165\u65B0{0}: "}, - {"Re.enter.new.password.", "\u518D\u6B21\u8F93\u5165\u65B0\u53E3\u4EE4: "}, - {"They.don.t.match.Try.again", "\u5B83\u4EEC\u4E0D\u5339\u914D\u3002\u8BF7\u91CD\u8BD5"}, - {"Enter.prompt.alias.name.", "\u8F93\u5165{0}\u522B\u540D: "}, - {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", - "\u5BFC\u5165\u65B0\u7684\u522B\u540D\t(\u6309\u56DE\u8F66\u4EE5\u53D6\u6D88\u5BF9\u6B64\u6761\u76EE\u7684\u5BFC\u5165): "}, - {"Enter.alias.name.", "\u8F93\u5165\u522B\u540D: "}, - {".RETURN.if.same.as.for.otherAlias.", - "\t(\u5982\u679C\u548C <{0}> \u76F8\u540C, \u5219\u6309\u56DE\u8F66)"}, - {".PATTERN.printX509Cert", - "\u6240\u6709\u8005: {0}\n\u53D1\u5E03\u8005: {1}\n\u5E8F\u5217\u53F7: {2}\n\u6709\u6548\u671F\u5F00\u59CB\u65E5\u671F: {3}, \u622A\u6B62\u65E5\u671F: {4}\n\u8BC1\u4E66\u6307\u7EB9:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t \u7B7E\u540D\u7B97\u6CD5\u540D\u79F0: {8}\n\t \u7248\u672C: {9}"}, - {"What.is.your.first.and.last.name.", - "\u60A8\u7684\u540D\u5B57\u4E0E\u59D3\u6C0F\u662F\u4EC0\u4E48?"}, - {"What.is.the.name.of.your.organizational.unit.", - "\u60A8\u7684\u7EC4\u7EC7\u5355\u4F4D\u540D\u79F0\u662F\u4EC0\u4E48?"}, - {"What.is.the.name.of.your.organization.", - "\u60A8\u7684\u7EC4\u7EC7\u540D\u79F0\u662F\u4EC0\u4E48?"}, - {"What.is.the.name.of.your.City.or.Locality.", - "\u60A8\u6240\u5728\u7684\u57CE\u5E02\u6216\u533A\u57DF\u540D\u79F0\u662F\u4EC0\u4E48?"}, - {"What.is.the.name.of.your.State.or.Province.", - "\u60A8\u6240\u5728\u7684\u7701/\u5E02/\u81EA\u6CBB\u533A\u540D\u79F0\u662F\u4EC0\u4E48?"}, - {"What.is.the.two.letter.country.code.for.this.unit.", - "\u8BE5\u5355\u4F4D\u7684\u53CC\u5B57\u6BCD\u56FD\u5BB6/\u5730\u533A\u4EE3\u7801\u662F\u4EC0\u4E48?"}, - {"Is.name.correct.", "{0}\u662F\u5426\u6B63\u786E?"}, - {"no", "\u5426"}, - {"yes", "\u662F"}, - {"y", "y"}, - {".defaultValue.", " [{0}]: "}, - {"Alias.alias.has.no.key", - "\u522B\u540D <{0}> \u6CA1\u6709\u5BC6\u94A5"}, - {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", - "\u522B\u540D <{0}> \u5F15\u7528\u4E86\u4E0D\u5C5E\u4E8E\u79C1\u6709\u5BC6\u94A5\u6761\u76EE\u7684\u6761\u76EE\u7C7B\u578B\u3002-keyclone \u547D\u4EE4\u4EC5\u652F\u6301\u5BF9\u79C1\u6709\u5BC6\u94A5\u6761\u76EE\u7684\u514B\u9686"}, - - {".WARNING.WARNING.WARNING.", - "***************** WARNING WARNING WARNING *****************"}, - {"Signer.d.", "\u7B7E\u540D\u8005 #%d:"}, - {"Timestamp.", "\u65F6\u95F4\u6233:"}, - {"Signature.", "\u7B7E\u540D:"}, - {"CRLs.", "CRL:"}, - {"Certificate.owner.", "\u8BC1\u4E66\u6240\u6709\u8005: "}, - {"Not.a.signed.jar.file", "\u4E0D\u662F\u5DF2\u7B7E\u540D\u7684 jar \u6587\u4EF6"}, - {"No.certificate.from.the.SSL.server", - "\u6CA1\u6709\u6765\u81EA SSL \u670D\u52A1\u5668\u7684\u8BC1\u4E66"}, - - {".The.integrity.of.the.information.stored.in.your.keystore.", - "* \u5B58\u50A8\u5728\u60A8\u7684\u5BC6\u94A5\u5E93\u4E2D\u7684\u4FE1\u606F\u7684\u5B8C\u6574\u6027 *\n* \u5C1A\u672A\u7ECF\u8FC7\u9A8C\u8BC1! \u4E3A\u4E86\u9A8C\u8BC1\u5176\u5B8C\u6574\u6027, *\n* \u5FC5\u987B\u63D0\u4F9B\u5BC6\u94A5\u5E93\u53E3\u4EE4\u3002 *"}, - {".The.integrity.of.the.information.stored.in.the.srckeystore.", - "* \u5B58\u50A8\u5728 srckeystore \u4E2D\u7684\u4FE1\u606F\u7684\u5B8C\u6574\u6027*\n* \u5C1A\u672A\u7ECF\u8FC7\u9A8C\u8BC1! \u4E3A\u4E86\u9A8C\u8BC1\u5176\u5B8C\u6574\u6027, *\n* \u5FC5\u987B\u63D0\u4F9B\u6E90\u5BC6\u94A5\u5E93\u53E3\u4EE4\u3002 *"}, - - {"Certificate.reply.does.not.contain.public.key.for.alias.", - "\u8BC1\u4E66\u56DE\u590D\u4E2D\u4E0D\u5305\u542B <{0}> \u7684\u516C\u5171\u5BC6\u94A5"}, - {"Incomplete.certificate.chain.in.reply", - "\u56DE\u590D\u4E2D\u7684\u8BC1\u4E66\u94FE\u4E0D\u5B8C\u6574"}, - {"Certificate.chain.in.reply.does.not.verify.", - "\u56DE\u590D\u4E2D\u7684\u8BC1\u4E66\u94FE\u672A\u9A8C\u8BC1: "}, - {"Top.level.certificate.in.reply.", - "\u56DE\u590D\u4E2D\u7684\u9876\u7EA7\u8BC1\u4E66:\n"}, - {".is.not.trusted.", "... \u662F\u4E0D\u53EF\u4FE1\u7684\u3002"}, - {"Install.reply.anyway.no.", "\u662F\u5426\u4ECD\u8981\u5B89\u88C5\u56DE\u590D? [\u5426]: "}, - {"NO", "NO"}, - {"Public.keys.in.reply.and.keystore.don.t.match", - "\u56DE\u590D\u4E2D\u7684\u516C\u5171\u5BC6\u94A5\u4E0E\u5BC6\u94A5\u5E93\u4E0D\u5339\u914D"}, - {"Certificate.reply.and.certificate.in.keystore.are.identical", - "\u8BC1\u4E66\u56DE\u590D\u4E0E\u5BC6\u94A5\u5E93\u4E2D\u7684\u8BC1\u4E66\u662F\u76F8\u540C\u7684"}, - {"Failed.to.establish.chain.from.reply", - "\u65E0\u6CD5\u4ECE\u56DE\u590D\u4E2D\u5EFA\u7ACB\u94FE"}, - {"n", "n"}, - {"Wrong.answer.try.again", "\u9519\u8BEF\u7684\u7B54\u6848, \u8BF7\u518D\u8BD5\u4E00\u6B21"}, - {"Secret.key.not.generated.alias.alias.already.exists", - "\u6CA1\u6709\u751F\u6210\u5BC6\u94A5, \u522B\u540D <{0}> \u5DF2\u7ECF\u5B58\u5728"}, - {"Please.provide.keysize.for.secret.key.generation", - "\u8BF7\u63D0\u4F9B -keysize \u4EE5\u751F\u6210\u5BC6\u94A5"}, - - {"Extensions.", "\u6269\u5C55: "}, - {".Empty.value.", "(\u7A7A\u503C)"}, - {"Extension.Request.", "\u6269\u5C55\u8BF7\u6C42:"}, - {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", - "PKCS #10 \u8BC1\u4E66\u8BF7\u6C42 (\u7248\u672C 1.0)\n\u4E3B\u9898: %s\n\u516C\u5171\u5BC6\u94A5: %s \u683C\u5F0F %s \u5BC6\u94A5\n"}, - {"Unknown.keyUsage.type.", "\u672A\u77E5 keyUsage \u7C7B\u578B: "}, - {"Unknown.extendedkeyUsage.type.", "\u672A\u77E5 extendedkeyUsage \u7C7B\u578B: "}, - {"Unknown.AccessDescription.type.", "\u672A\u77E5 AccessDescription \u7C7B\u578B: "}, - {"Unrecognized.GeneralName.type.", "\u65E0\u6CD5\u8BC6\u522B\u7684 GeneralName \u7C7B\u578B: "}, - {"This.extension.cannot.be.marked.as.critical.", - "\u65E0\u6CD5\u5C06\u6B64\u6269\u5C55\u6807\u8BB0\u4E3A\u201C\u4E25\u91CD\u201D\u3002"}, - {"Odd.number.of.hex.digits.found.", "\u627E\u5230\u5947\u6570\u4E2A\u5341\u516D\u8FDB\u5236\u6570\u5B57: "}, - {"Unknown.extension.type.", "\u672A\u77E5\u6269\u5C55\u7C7B\u578B: "}, - {"command.{0}.is.ambiguous.", "\u547D\u4EE4{0}\u4E0D\u660E\u786E:"}, - - // policytool - {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", - "\u8B66\u544A: \u522B\u540D {0} \u7684\u516C\u5171\u5BC6\u94A5\u4E0D\u5B58\u5728\u3002\u8BF7\u786E\u4FDD\u5DF2\u6B63\u786E\u914D\u7F6E\u5BC6\u94A5\u5E93\u3002"}, - {"Warning.Class.not.found.class", "\u8B66\u544A: \u627E\u4E0D\u5230\u7C7B: {0}"}, - {"Warning.Invalid.argument.s.for.constructor.arg", - "\u8B66\u544A: \u6784\u9020\u5668\u7684\u53C2\u6570\u65E0\u6548: {0}"}, - {"Illegal.Principal.Type.type", "\u975E\u6CD5\u7684\u4E3B\u7528\u6237\u7C7B\u578B: {0}"}, - {"Illegal.option.option", "\u975E\u6CD5\u9009\u9879: {0}"}, - {"Usage.policytool.options.", "\u7528\u6CD5: policytool [\u9009\u9879]"}, - {".file.file.policy.file.location", - " [-file <file>] \u7B56\u7565\u6587\u4EF6\u4F4D\u7F6E"}, - {"New", "\u65B0\u5EFA"}, - {"Open", "\u6253\u5F00"}, - {"Save", "\u4FDD\u5B58"}, - {"Save.As", "\u53E6\u5B58\u4E3A"}, - {"View.Warning.Log", "\u67E5\u770B\u8B66\u544A\u65E5\u5FD7"}, - {"Exit", "\u9000\u51FA"}, - {"Add.Policy.Entry", "\u6DFB\u52A0\u7B56\u7565\u6761\u76EE"}, - {"Edit.Policy.Entry", "\u7F16\u8F91\u7B56\u7565\u6761\u76EE"}, - {"Remove.Policy.Entry", "\u5220\u9664\u7B56\u7565\u6761\u76EE"}, - {"Edit", "\u7F16\u8F91"}, - {"Retain", "\u4FDD\u7559"}, - - {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", - "\u8B66\u544A: \u6587\u4EF6\u540D\u5305\u542B\u8F6C\u4E49\u7684\u53CD\u659C\u6760\u5B57\u7B26\u3002\u4E0D\u9700\u8981\u5BF9\u53CD\u659C\u6760\u5B57\u7B26\u8FDB\u884C\u8F6C\u4E49 (\u8BE5\u5DE5\u5177\u5728\u5C06\u7B56\u7565\u5185\u5BB9\u5199\u5165\u6C38\u4E45\u5B58\u50A8\u65F6\u4F1A\u6839\u636E\u9700\u8981\u5BF9\u5B57\u7B26\u8FDB\u884C\u8F6C\u4E49)\u3002\n\n\u5355\u51FB\u201C\u4FDD\u7559\u201D\u53EF\u4FDD\u7559\u8F93\u5165\u7684\u540D\u79F0, \u6216\u8005\u5355\u51FB\u201C\u7F16\u8F91\u201D\u53EF\u7F16\u8F91\u8BE5\u540D\u79F0\u3002"}, - - {"Add.Public.Key.Alias", "\u6DFB\u52A0\u516C\u5171\u5BC6\u94A5\u522B\u540D"}, - {"Remove.Public.Key.Alias", "\u5220\u9664\u516C\u5171\u5BC6\u94A5\u522B\u540D"}, - {"File", "\u6587\u4EF6"}, - {"KeyStore", "\u5BC6\u94A5\u5E93"}, - {"Policy.File.", "\u7B56\u7565\u6587\u4EF6:"}, - {"Could.not.open.policy.file.policyFile.e.toString.", - "\u65E0\u6CD5\u6253\u5F00\u7B56\u7565\u6587\u4EF6: {0}: {1}"}, - {"Policy.Tool", "\u7B56\u7565\u5DE5\u5177"}, - {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", - "\u6253\u5F00\u7B56\u7565\u914D\u7F6E\u65F6\u51FA\u9519\u3002\u6709\u5173\u8BE6\u7EC6\u4FE1\u606F, \u8BF7\u67E5\u770B\u8B66\u544A\u65E5\u5FD7\u3002"}, - {"Error", "\u9519\u8BEF"}, - {"OK", "\u786E\u5B9A"}, - {"Status", "\u72B6\u6001"}, - {"Warning", "\u8B66\u544A"}, - {"Permission.", - "\u6743\u9650: "}, - {"Principal.Type.", "\u4E3B\u7528\u6237\u7C7B\u578B:"}, - {"Principal.Name.", "\u4E3B\u7528\u6237\u540D\u79F0:"}, - {"Target.Name.", - "\u76EE\u6807\u540D\u79F0: "}, - {"Actions.", - "\u64CD\u4F5C: "}, - {"OK.to.overwrite.existing.file.filename.", - "\u786E\u8BA4\u8986\u76D6\u73B0\u6709\u7684\u6587\u4EF6{0}?"}, - {"Cancel", "\u53D6\u6D88"}, - {"CodeBase.", "CodeBase:"}, - {"SignedBy.", "SignedBy:"}, - {"Add.Principal", "\u6DFB\u52A0\u4E3B\u7528\u6237"}, - {"Edit.Principal", "\u7F16\u8F91\u4E3B\u7528\u6237"}, - {"Remove.Principal", "\u5220\u9664\u4E3B\u7528\u6237"}, - {"Principals.", "\u4E3B\u7528\u6237:"}, - {".Add.Permission", " \u6DFB\u52A0\u6743\u9650"}, - {".Edit.Permission", " \u7F16\u8F91\u6743\u9650"}, - {"Remove.Permission", "\u5220\u9664\u6743\u9650"}, - {"Done", "\u5B8C\u6210"}, - {"KeyStore.URL.", "\u5BC6\u94A5\u5E93 URL:"}, - {"KeyStore.Type.", "\u5BC6\u94A5\u5E93\u7C7B\u578B:"}, - {"KeyStore.Provider.", "\u5BC6\u94A5\u5E93\u63D0\u4F9B\u65B9:"}, - {"KeyStore.Password.URL.", "\u5BC6\u94A5\u5E93\u53E3\u4EE4 URL:"}, - {"Principals", "\u4E3B\u7528\u6237"}, - {".Edit.Principal.", " \u7F16\u8F91\u4E3B\u7528\u6237:"}, - {".Add.New.Principal.", " \u6DFB\u52A0\u65B0\u4E3B\u7528\u6237:"}, - {"Permissions", "\u6743\u9650"}, - {".Edit.Permission.", " \u7F16\u8F91\u6743\u9650:"}, - {".Add.New.Permission.", " \u52A0\u5165\u65B0\u7684\u6743\u9650:"}, - {"Signed.By.", "\u7B7E\u7F72\u4EBA: "}, - {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", - "\u6CA1\u6709\u901A\u914D\u7B26\u540D\u79F0, \u65E0\u6CD5\u4F7F\u7528\u901A\u914D\u7B26\u7C7B\u6307\u5B9A\u4E3B\u7528\u6237"}, - {"Cannot.Specify.Principal.without.a.Name", - "\u6CA1\u6709\u540D\u79F0, \u65E0\u6CD5\u6307\u5B9A\u4E3B\u7528\u6237"}, - {"Permission.and.Target.Name.must.have.a.value", - "\u6743\u9650\u53CA\u76EE\u6807\u540D\u5FC5\u987B\u6709\u4E00\u4E2A\u503C"}, - {"Remove.this.Policy.Entry.", "\u662F\u5426\u5220\u9664\u6B64\u7B56\u7565\u6761\u76EE?"}, - {"Overwrite.File", "\u8986\u76D6\u6587\u4EF6"}, - {"Policy.successfully.written.to.filename", - "\u7B56\u7565\u5DF2\u6210\u529F\u5199\u5165\u5230{0}"}, - {"null.filename", "\u7A7A\u6587\u4EF6\u540D"}, - {"Save.changes.", "\u662F\u5426\u4FDD\u5B58\u6240\u505A\u7684\u66F4\u6539?"}, - {"Yes", "\u662F"}, - {"No", "\u5426"}, - {"Policy.Entry", "\u7B56\u7565\u6761\u76EE"}, - {"Save.Changes", "\u4FDD\u5B58\u66F4\u6539"}, - {"No.Policy.Entry.selected", "\u6CA1\u6709\u9009\u62E9\u7B56\u7565\u6761\u76EE"}, - {"Unable.to.open.KeyStore.ex.toString.", - "\u65E0\u6CD5\u6253\u5F00\u5BC6\u94A5\u5E93: {0}"}, - {"No.principal.selected", "\u672A\u9009\u62E9\u4E3B\u7528\u6237"}, - {"No.permission.selected", "\u6CA1\u6709\u9009\u62E9\u6743\u9650"}, - {"name", "\u540D\u79F0"}, - {"configuration.type", "\u914D\u7F6E\u7C7B\u578B"}, - {"environment.variable.name", "\u73AF\u5883\u53D8\u91CF\u540D"}, - {"library.name", "\u5E93\u540D\u79F0"}, - {"package.name", "\u7A0B\u5E8F\u5305\u540D\u79F0"}, - {"policy.type", "\u7B56\u7565\u7C7B\u578B"}, - {"property.name", "\u5C5E\u6027\u540D\u79F0"}, - {"Principal.List", "\u4E3B\u7528\u6237\u5217\u8868"}, - {"Permission.List", "\u6743\u9650\u5217\u8868"}, - {"Code.Base", "\u4EE3\u7801\u5E93"}, - {"KeyStore.U.R.L.", "\u5BC6\u94A5\u5E93 URL:"}, - {"KeyStore.Password.U.R.L.", "\u5BC6\u94A5\u5E93\u53E3\u4EE4 URL:"}, - - // javax.security.auth.PrivateCredentialPermission {"invalid.null.input.s.", "\u65E0\u6548\u7684\u7A7A\u8F93\u5165"}, {"actions.can.only.be.read.", "\u64CD\u4F5C\u53EA\u80FD\u4E3A '\u8BFB\u53D6'"}, @@ -551,6 +58,7 @@ {"provided.null.OID.map", "\u63D0\u4F9B\u7684 OID \u6620\u5C04\u4E3A\u7A7A\u503C"}, // javax.security.auth.Subject + {"NEWLINE", "\n"}, {"invalid.null.AccessControlContext.provided", "\u63D0\u4F9B\u4E86\u65E0\u6548\u7684\u7A7A AccessControlContext"}, {"invalid.null.action.provided", "\u63D0\u4F9B\u4E86\u65E0\u6548\u7684\u7A7A\u64CD\u4F5C"}, @@ -654,6 +162,7 @@ * * @return the contents of this <code>ResourceBundle</code>. */ + @Override public Object[][] getContents() { return contents; }
--- a/src/share/classes/sun/security/util/Resources_zh_TW.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/Resources_zh_TW.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,499 +34,6 @@ private static final Object[][] contents = { - // shared (from jarsigner) - {"SPACE", " "}, - {"2SPACE", " "}, - {"6SPACE", " "}, - {"COMMA", ", "}, - // shared (from keytool) - {"NEWLINE", "\n"}, - {"STAR", - "*******************************************"}, - {"STARNN", - "*******************************************\n\n"}, - - // keytool: Help part - {".OPTION.", " [OPTION]..."}, - {"Options.", "\u9078\u9805:"}, - {"Use.keytool.help.for.all.available.commands", - "\u4F7F\u7528 \"keytool -help\" \u53D6\u5F97\u6240\u6709\u53EF\u7528\u7684\u547D\u4EE4"}, - {"Key.and.Certificate.Management.Tool", - "\u91D1\u9470\u8207\u6191\u8B49\u7BA1\u7406\u5DE5\u5177"}, - {"Commands.", "\u547D\u4EE4:"}, - {"Use.keytool.command.name.help.for.usage.of.command.name", - "\u4F7F\u7528 \"keytool -command_name -help\" \u53D6\u5F97 command_name \u7684\u7528\u6CD5"}, - // keytool: help: commands - {"Generates.a.certificate.request", - "\u7522\u751F\u6191\u8B49\u8981\u6C42"}, //-certreq - {"Changes.an.entry.s.alias", - "\u8B8A\u66F4\u9805\u76EE\u7684\u5225\u540D"}, //-changealias - {"Deletes.an.entry", - "\u522A\u9664\u9805\u76EE"}, //-delete - {"Exports.certificate", - "\u532F\u51FA\u6191\u8B49"}, //-exportcert - {"Generates.a.key.pair", - "\u7522\u751F\u91D1\u9470\u7D44"}, //-genkeypair - {"Generates.a.secret.key", - "\u7522\u751F\u79D8\u5BC6\u91D1\u9470"}, //-genseckey - {"Generates.certificate.from.a.certificate.request", - "\u5F9E\u6191\u8B49\u8981\u6C42\u7522\u751F\u6191\u8B49"}, //-gencert - {"Generates.CRL", "\u7522\u751F CRL"}, //-gencrl - {"Imports.entries.from.a.JDK.1.1.x.style.identity.database", - "\u5F9E JDK 1.1.x-style \u8B58\u5225\u8CC7\u6599\u5EAB\u532F\u5165\u9805\u76EE"}, //-identitydb - {"Imports.a.certificate.or.a.certificate.chain", - "\u532F\u5165\u6191\u8B49\u6216\u6191\u8B49\u93C8"}, //-importcert - {"Imports.one.or.all.entries.from.another.keystore", - "\u5F9E\u5176\u4ED6\u91D1\u9470\u5132\u5B58\u5EAB\u532F\u5165\u4E00\u500B\u6216\u5168\u90E8\u9805\u76EE"}, //-importkeystore - {"Clones.a.key.entry", - "\u8907\u88FD\u91D1\u9470\u9805\u76EE"}, //-keyclone - {"Changes.the.key.password.of.an.entry", - "\u8B8A\u66F4\u9805\u76EE\u7684\u91D1\u9470\u5BC6\u78BC"}, //-keypasswd - {"Lists.entries.in.a.keystore", - "\u5217\u793A\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u7684\u9805\u76EE"}, //-list - {"Prints.the.content.of.a.certificate", - "\u5217\u5370\u6191\u8B49\u7684\u5167\u5BB9"}, //-printcert - {"Prints.the.content.of.a.certificate.request", - "\u5217\u5370\u6191\u8B49\u8981\u6C42\u7684\u5167\u5BB9"}, //-printcertreq - {"Prints.the.content.of.a.CRL.file", - "\u5217\u5370 CRL \u6A94\u6848\u7684\u5167\u5BB9"}, //-printcrl - {"Generates.a.self.signed.certificate", - "\u7522\u751F\u81EA\u884C\u7C3D\u7F72\u7684\u6191\u8B49"}, //-selfcert - {"Changes.the.store.password.of.a.keystore", - "\u8B8A\u66F4\u91D1\u9470\u5132\u5B58\u5EAB\u7684\u5132\u5B58\u5BC6\u78BC"}, //-storepasswd - // keytool: help: options - {"alias.name.of.the.entry.to.process", - "\u8981\u8655\u7406\u9805\u76EE\u7684\u5225\u540D\u540D\u7A31"}, //-alias - {"destination.alias", - "\u76EE\u7684\u5730\u5225\u540D"}, //-destalias - {"destination.key.password", - "\u76EE\u7684\u5730\u91D1\u9470\u5BC6\u78BC"}, //-destkeypass - {"destination.keystore.name", - "\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u540D\u7A31"}, //-destkeystore - {"destination.keystore.password.protected", - "\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u4FDD\u8B77"}, //-destprotected - {"destination.keystore.provider.name", - "\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u63D0\u4F9B\u8005\u540D\u7A31"}, //-destprovidername - {"destination.keystore.password", - "\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC"}, //-deststorepass - {"destination.keystore.type", - "\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u985E\u578B"}, //-deststoretype - {"distinguished.name", - "\u8FA8\u5225\u540D\u7A31"}, //-dname - {"X.509.extension", - "X.509 \u64F4\u5145\u5957\u4EF6"}, //-ext - {"output.file.name", - "\u8F38\u51FA\u6A94\u6848\u540D\u7A31"}, //-file and -outfile - {"input.file.name", - "\u8F38\u5165\u6A94\u6848\u540D\u7A31"}, //-file and -infile - {"key.algorithm.name", - "\u91D1\u9470\u6F14\u7B97\u6CD5\u540D\u7A31"}, //-keyalg - {"key.password", - "\u91D1\u9470\u5BC6\u78BC"}, //-keypass - {"key.bit.size", - "\u91D1\u9470\u4F4D\u5143\u5927\u5C0F"}, //-keysize - {"keystore.name", - "\u91D1\u9470\u5132\u5B58\u5EAB\u540D\u7A31"}, //-keystore - {"new.password", - "\u65B0\u5BC6\u78BC"}, //-new - {"do.not.prompt", - "\u4E0D\u8981\u63D0\u793A"}, //-noprompt - {"password.through.protected.mechanism", - "\u7D93\u7531\u4FDD\u8B77\u6A5F\u5236\u7684\u5BC6\u78BC"}, //-protected - {"provider.argument", - "\u63D0\u4F9B\u8005\u5F15\u6578"}, //-providerarg - {"provider.class.name", - "\u63D0\u4F9B\u8005\u985E\u5225\u540D\u7A31"}, //-providerclass - {"provider.name", - "\u63D0\u4F9B\u8005\u540D\u7A31"}, //-providername - {"provider.classpath", - "\u63D0\u4F9B\u8005\u985E\u5225\u8DEF\u5F91"}, //-providerpath - {"output.in.RFC.style", - "\u4EE5 RFC \u6A23\u5F0F\u8F38\u51FA"}, //-rfc - {"signature.algorithm.name", - "\u7C3D\u7AE0\u6F14\u7B97\u6CD5\u540D\u7A31"}, //-sigalg - {"source.alias", - "\u4F86\u6E90\u5225\u540D"}, //-srcalias - {"source.key.password", - "\u4F86\u6E90\u91D1\u9470\u5BC6\u78BC"}, //-srckeypass - {"source.keystore.name", - "\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u540D\u7A31"}, //-srckeystore - {"source.keystore.password.protected", - "\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u4FDD\u8B77"}, //-srcprotected - {"source.keystore.provider.name", - "\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u63D0\u4F9B\u8005\u540D\u7A31"}, //-srcprovidername - {"source.keystore.password", - "\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC"}, //-srcstorepass - {"source.keystore.type", - "\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u985E\u578B"}, //-srcstoretype - {"SSL.server.host.and.port", - "SSL \u4F3A\u670D\u5668\u4E3B\u6A5F\u8207\u9023\u63A5\u57E0"}, //-sslserver - {"signed.jar.file", - "\u7C3D\u7F72\u7684 jar \u6A94\u6848"}, //=jarfile - {"certificate.validity.start.date.time", - "\u6191\u8B49\u6709\u6548\u6027\u958B\u59CB\u65E5\u671F/\u6642\u9593"}, //-startdate - {"keystore.password", - "\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC"}, //-storepass - {"keystore.type", - "\u91D1\u9470\u5132\u5B58\u5EAB\u985E\u578B"}, //-storetype - {"trust.certificates.from.cacerts", - "\u4F86\u81EA cacerts \u7684\u4FE1\u4EFB\u6191\u8B49"}, //-trustcacerts - {"verbose.output", - "\u8A73\u7D30\u8CC7\u8A0A\u8F38\u51FA"}, //-v - {"validity.number.of.days", - "\u6709\u6548\u6027\u65E5\u6578"}, //-validity - {"Serial.ID.of.cert.to.revoke", - "\u8981\u64A4\u92B7\u6191\u8B49\u7684\u5E8F\u5217 ID"}, //-id - // keytool: Running part - {"keytool.error.", "\u91D1\u9470\u5DE5\u5177\u932F\u8AA4: "}, - {"Illegal.option.", "\u7121\u6548\u7684\u9078\u9805:"}, - {"Illegal.value.", "\u7121\u6548\u503C: "}, - {"Unknown.password.type.", "\u4E0D\u660E\u7684\u5BC6\u78BC\u985E\u578B: "}, - {"Cannot.find.environment.variable.", - "\u627E\u4E0D\u5230\u74B0\u5883\u8B8A\u6578: "}, - {"Cannot.find.file.", "\u627E\u4E0D\u5230\u6A94\u6848: "}, - {"Command.option.flag.needs.an.argument.", "\u547D\u4EE4\u9078\u9805 {0} \u9700\u8981\u5F15\u6578\u3002"}, - {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.", - "\u8B66\u544A: PKCS12 \u91D1\u9470\u5132\u5B58\u5EAB\u4E0D\u652F\u63F4\u4E0D\u540C\u7684\u5132\u5B58\u5EAB\u548C\u91D1\u9470\u5BC6\u78BC\u3002\u5FFD\u7565\u4F7F\u7528\u8005\u6307\u5B9A\u7684 {0} \u503C\u3002"}, - {".keystore.must.be.NONE.if.storetype.is.{0}", - "\u5982\u679C -storetype \u70BA {0}\uFF0C\u5247 -keystore \u5FC5\u9808\u70BA NONE"}, - {"Too.many.retries.program.terminated", - "\u91CD\u8A66\u6B21\u6578\u592A\u591A\uFF0C\u7A0B\u5F0F\u5DF2\u7D42\u6B62"}, - {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}", - "\u5982\u679C -storetype \u70BA {0}\uFF0C\u5247\u4E0D\u652F\u63F4 -storepasswd \u548C -keypasswd \u547D\u4EE4"}, - {".keypasswd.commands.not.supported.if.storetype.is.PKCS12", - "\u5982\u679C -storetype \u70BA PKCS12\uFF0C\u5247\u4E0D\u652F\u63F4 -keypasswd \u547D\u4EE4"}, - {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}", - "\u5982\u679C -storetype \u70BA {0}\uFF0C\u5247\u4E0D\u80FD\u6307\u5B9A -keypass \u548C -new"}, - {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified", - "\u5982\u679C\u6307\u5B9A -protected\uFF0C\u5247\u4E0D\u80FD\u6307\u5B9A -storepass\u3001-keypass \u548C -new"}, - {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified", - "\u5982\u679C\u6307\u5B9A -srcprotected\uFF0C\u5247\u4E0D\u80FD\u6307\u5B9A -srcstorepass \u548C -srckeypass"}, - {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified", - "\u5982\u679C\u91D1\u9470\u5132\u5B58\u5EAB\u4E0D\u53D7\u5BC6\u78BC\u4FDD\u8B77\uFF0C\u5247\u4E0D\u80FD\u6307\u5B9A -storepass\u3001-keypass \u548C -new"}, - {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified", - "\u5982\u679C\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u4E0D\u53D7\u5BC6\u78BC\u4FDD\u8B77\uFF0C\u5247\u4E0D\u80FD\u6307\u5B9A -srcstorepass \u548C -srckeypass"}, - {"Illegal.startdate.value", "\u7121\u6548\u7684 startdate \u503C"}, - {"Validity.must.be.greater.than.zero", - "\u6709\u6548\u6027\u5FC5\u9808\u5927\u65BC\u96F6"}, - {"provName.not.a.provider", "{0} \u4E0D\u662F\u4E00\u500B\u63D0\u4F9B\u8005"}, - {"Usage.error.no.command.provided", "\u7528\u6CD5\u932F\u8AA4: \u672A\u63D0\u4F9B\u547D\u4EE4"}, - {"Source.keystore.file.exists.but.is.empty.", "\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u6A94\u6848\u5B58\u5728\uFF0C\u4F46\u70BA\u7A7A: "}, - {"Please.specify.srckeystore", "\u8ACB\u6307\u5B9A -srckeystore"}, - {"Must.not.specify.both.v.and.rfc.with.list.command", - " 'list' \u547D\u4EE4\u4E0D\u80FD\u540C\u6642\u6307\u5B9A -v \u53CA -rfc"}, - {"Key.password.must.be.at.least.6.characters", - "\u91D1\u9470\u5BC6\u78BC\u5FC5\u9808\u81F3\u5C11\u70BA 6 \u500B\u5B57\u5143"}, - {"New.password.must.be.at.least.6.characters", - "\u65B0\u7684\u5BC6\u78BC\u5FC5\u9808\u81F3\u5C11\u70BA 6 \u500B\u5B57\u5143"}, - {"Keystore.file.exists.but.is.empty.", - "\u91D1\u9470\u5132\u5B58\u5EAB\u6A94\u6848\u5B58\u5728\uFF0C\u4F46\u70BA\u7A7A\u767D: "}, - {"Keystore.file.does.not.exist.", - "\u91D1\u9470\u5132\u5B58\u5EAB\u6A94\u6848\u4E0D\u5B58\u5728: "}, - {"Must.specify.destination.alias", "\u5FC5\u9808\u6307\u5B9A\u76EE\u7684\u5730\u5225\u540D"}, - {"Must.specify.alias", "\u5FC5\u9808\u6307\u5B9A\u5225\u540D"}, - {"Keystore.password.must.be.at.least.6.characters", - "\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u5FC5\u9808\u81F3\u5C11\u70BA 6 \u500B\u5B57\u5143"}, - {"Enter.keystore.password.", "\u8F38\u5165\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC: "}, - {"Enter.source.keystore.password.", "\u8ACB\u8F38\u5165\u4F86\u6E90\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC: "}, - {"Enter.destination.keystore.password.", "\u8ACB\u8F38\u5165\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC: "}, - {"Keystore.password.is.too.short.must.be.at.least.6.characters", - "\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u592A\u77ED - \u5FC5\u9808\u81F3\u5C11\u70BA 6 \u500B\u5B57\u5143"}, - {"Unknown.Entry.Type", "\u4E0D\u660E\u7684\u9805\u76EE\u985E\u578B"}, - {"Too.many.failures.Alias.not.changed", "\u592A\u591A\u932F\u8AA4\u3002\u672A\u8B8A\u66F4\u5225\u540D"}, - {"Entry.for.alias.alias.successfully.imported.", - "\u5DF2\u6210\u529F\u532F\u5165\u5225\u540D {0} \u7684\u9805\u76EE\u3002"}, - {"Entry.for.alias.alias.not.imported.", "\u672A\u532F\u5165\u5225\u540D {0} \u7684\u9805\u76EE\u3002"}, - {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.", - "\u532F\u5165\u5225\u540D {0} \u7684\u9805\u76EE\u6642\u51FA\u73FE\u554F\u984C: {1}\u3002\n\u672A\u532F\u5165\u5225\u540D {0} \u7684\u9805\u76EE\u3002"}, - {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled", - "\u5DF2\u5B8C\u6210\u532F\u5165\u547D\u4EE4: \u6210\u529F\u532F\u5165 {0} \u500B\u9805\u76EE\uFF0C{1} \u500B\u9805\u76EE\u5931\u6557\u6216\u5DF2\u53D6\u6D88"}, - {"Warning.Overwriting.existing.alias.alias.in.destination.keystore", - "\u8B66\u544A: \u6B63\u5728\u8986\u5BEB\u76EE\u7684\u5730\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u7684\u73FE\u6709\u5225\u540D {0}"}, - {"Existing.entry.alias.alias.exists.overwrite.no.", - "\u73FE\u6709\u9805\u76EE\u5225\u540D {0} \u5B58\u5728\uFF0C\u662F\u5426\u8986\u5BEB\uFF1F[\u5426]: "}, - {"Too.many.failures.try.later", "\u592A\u591A\u932F\u8AA4 - \u8ACB\u7A0D\u5F8C\u518D\u8A66"}, - {"Certification.request.stored.in.file.filename.", - "\u8A8D\u8B49\u8981\u6C42\u5132\u5B58\u5728\u6A94\u6848 <{0}>"}, - {"Submit.this.to.your.CA", "\u5C07\u6B64\u9001\u51FA\u81F3\u60A8\u7684 CA"}, - {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified", - "\u5982\u679C\u672A\u6307\u5B9A\u5225\u540D\uFF0C\u5247\u4E0D\u80FD\u6307\u5B9A destalias\u3001srckeypass \u53CA destkeypass"}, - {"Certificate.stored.in.file.filename.", - "\u6191\u8B49\u5132\u5B58\u5728\u6A94\u6848 <{0}>"}, - {"Certificate.reply.was.installed.in.keystore", - "\u6191\u8B49\u56DE\u8986\u5DF2\u5B89\u88DD\u5728\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D"}, - {"Certificate.reply.was.not.installed.in.keystore", - "\u6191\u8B49\u56DE\u8986\u672A\u5B89\u88DD\u5728\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D"}, - {"Certificate.was.added.to.keystore", - "\u6191\u8B49\u5DF2\u65B0\u589E\u81F3\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D"}, - {"Certificate.was.not.added.to.keystore", - "\u6191\u8B49\u672A\u65B0\u589E\u81F3\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D"}, - {".Storing.ksfname.", "[\u5132\u5B58 {0}]"}, - {"alias.has.no.public.key.certificate.", - "{0} \u6C92\u6709\u516C\u958B\u91D1\u9470 (\u6191\u8B49)"}, - {"Cannot.derive.signature.algorithm", - "\u7121\u6CD5\u53D6\u5F97\u7C3D\u7AE0\u6F14\u7B97\u6CD5"}, - {"Alias.alias.does.not.exist", - "\u5225\u540D <{0}> \u4E0D\u5B58\u5728"}, - {"Alias.alias.has.no.certificate", - "\u5225\u540D <{0}> \u6C92\u6709\u6191\u8B49"}, - {"Key.pair.not.generated.alias.alias.already.exists", - "\u6C92\u6709\u5EFA\u7ACB\u91D1\u9470\u7D44\uFF0C\u5225\u540D <{0}> \u5DF2\u7D93\u5B58\u5728"}, - {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for", - "\u91DD\u5C0D {4} \u7522\u751F\u6709\u6548\u671F {3} \u5929\u7684 {0} \u4F4D\u5143 {1} \u91D1\u9470\u7D44\u4EE5\u53CA\u81EA\u6211\u7C3D\u7F72\u6191\u8B49 ({2})\n\t"}, - {"Enter.key.password.for.alias.", "\u8F38\u5165 <{0}> \u7684\u91D1\u9470\u5BC6\u78BC"}, - {".RETURN.if.same.as.keystore.password.", - "\t(RETURN \u5982\u679C\u548C\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u76F8\u540C): "}, - {"Key.password.is.too.short.must.be.at.least.6.characters", - "\u91D1\u9470\u5BC6\u78BC\u592A\u77ED - \u5FC5\u9808\u81F3\u5C11\u70BA 6 \u500B\u5B57\u5143"}, - {"Too.many.failures.key.not.added.to.keystore", - "\u592A\u591A\u932F\u8AA4 - \u91D1\u9470\u672A\u65B0\u589E\u81F3\u91D1\u9470\u5132\u5B58\u5EAB"}, - {"Destination.alias.dest.already.exists", - "\u76EE\u7684\u5730\u5225\u540D <{0}> \u5DF2\u7D93\u5B58\u5728"}, - {"Password.is.too.short.must.be.at.least.6.characters", - "\u5BC6\u78BC\u592A\u77ED - \u5FC5\u9808\u81F3\u5C11\u70BA 6 \u500B\u5B57\u5143"}, - {"Too.many.failures.Key.entry.not.cloned", - "\u592A\u591A\u932F\u8AA4\u3002\u672A\u8907\u88FD\u91D1\u9470\u9805\u76EE"}, - {"key.password.for.alias.", "<{0}> \u7684\u91D1\u9470\u5BC6\u78BC"}, - {"Keystore.entry.for.id.getName.already.exists", - "<{0}> \u7684\u91D1\u9470\u5132\u5B58\u5EAB\u9805\u76EE\u5DF2\u7D93\u5B58\u5728"}, - {"Creating.keystore.entry.for.id.getName.", - "\u5EFA\u7ACB <{0}> \u7684\u91D1\u9470\u5132\u5B58\u5EAB\u9805\u76EE..."}, - {"No.entries.from.identity.database.added", - "\u6C92\u6709\u65B0\u589E\u4F86\u81EA\u8B58\u5225\u8CC7\u6599\u5EAB\u7684\u9805\u76EE"}, - {"Alias.name.alias", "\u5225\u540D\u540D\u7A31: {0}"}, - {"Creation.date.keyStore.getCreationDate.alias.", - "\u5EFA\u7ACB\u65E5\u671F: {0,date}"}, - {"alias.keyStore.getCreationDate.alias.", - "{0}, {1,date}, "}, - {"alias.", "{0}, "}, - {"Entry.type.type.", "\u9805\u76EE\u985E\u578B: {0}"}, - {"Certificate.chain.length.", "\u6191\u8B49\u93C8\u9577\u5EA6: "}, - {"Certificate.i.1.", "\u6191\u8B49 [{0,number,integer}]:"}, - {"Certificate.fingerprint.SHA1.", "\u6191\u8B49\u6307\u7D0B (SHA1): "}, - {"Keystore.type.", "\u91D1\u9470\u5132\u5B58\u5EAB\u985E\u578B: "}, - {"Keystore.provider.", "\u91D1\u9470\u5132\u5B58\u5EAB\u63D0\u4F9B\u8005: "}, - {"Your.keystore.contains.keyStore.size.entry", - "\u60A8\u7684\u91D1\u9470\u5132\u5B58\u5EAB\u5305\u542B {0,number,integer} \u9805\u76EE"}, - {"Your.keystore.contains.keyStore.size.entries", - "\u60A8\u7684\u91D1\u9470\u5132\u5B58\u5EAB\u5305\u542B {0,number,integer} \u9805\u76EE"}, - {"Failed.to.parse.input", "\u7121\u6CD5\u5256\u6790\u8F38\u5165"}, - {"Empty.input", "\u7A7A\u8F38\u5165"}, - {"Not.X.509.certificate", "\u975E X.509 \u6191\u8B49"}, - {"alias.has.no.public.key", "{0} \u7121\u516C\u958B\u91D1\u9470"}, - {"alias.has.no.X.509.certificate", "{0} \u7121 X.509 \u6191\u8B49"}, - {"New.certificate.self.signed.", "\u65B0\u6191\u8B49 (\u81EA\u6211\u7C3D\u7F72): "}, - {"Reply.has.no.certificates", "\u56DE\u8986\u4E0D\u542B\u6191\u8B49"}, - {"Certificate.not.imported.alias.alias.already.exists", - "\u6191\u8B49\u672A\u8F38\u5165\uFF0C\u5225\u540D <{0}> \u5DF2\u7D93\u5B58\u5728"}, - {"Input.not.an.X.509.certificate", "\u8F38\u5165\u7684\u4E0D\u662F X.509 \u6191\u8B49"}, - {"Certificate.already.exists.in.keystore.under.alias.trustalias.", - "\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u7684 <{0}> \u5225\u540D\u4E4B\u4E0B\uFF0C\u6191\u8B49\u5DF2\u7D93\u5B58\u5728"}, - {"Do.you.still.want.to.add.it.no.", - "\u60A8\u4ECD\u7136\u60F3\u8981\u5C07\u4E4B\u65B0\u589E\u55CE\uFF1F [\u5426]: "}, - {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.", - "\u6574\u500B\u7CFB\u7D71 CA \u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u7684 <{0}> \u5225\u540D\u4E4B\u4E0B\uFF0C\u6191\u8B49\u5DF2\u7D93\u5B58\u5728"}, - {"Do.you.still.want.to.add.it.to.your.own.keystore.no.", - "\u60A8\u4ECD\u7136\u60F3\u8981\u5C07\u4E4B\u65B0\u589E\u81F3\u81EA\u5DF1\u7684\u91D1\u9470\u5132\u5B58\u5EAB\u55CE\uFF1F [\u5426]: "}, - {"Trust.this.certificate.no.", "\u4FE1\u4EFB\u9019\u500B\u6191\u8B49\uFF1F [\u5426]: "}, - {"YES", "\u662F"}, - {"New.prompt.", "\u65B0 {0}: "}, - {"Passwords.must.differ", "\u5FC5\u9808\u662F\u4E0D\u540C\u7684\u5BC6\u78BC"}, - {"Re.enter.new.prompt.", "\u91CD\u65B0\u8F38\u5165\u65B0 {0}: "}, - {"Re.enter.new.password.", "\u91CD\u65B0\u8F38\u5165\u65B0\u5BC6\u78BC: "}, - {"They.don.t.match.Try.again", "\u5B83\u5011\u4E0D\u76F8\u7B26\u3002\u8ACB\u91CD\u8A66"}, - {"Enter.prompt.alias.name.", "\u8F38\u5165 {0} \u5225\u540D\u540D\u7A31: "}, - {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.", - "\u8ACB\u8F38\u5165\u65B0\u7684\u5225\u540D\u540D\u7A31\t(RETURN \u4EE5\u53D6\u6D88\u532F\u5165\u6B64\u9805\u76EE):"}, - {"Enter.alias.name.", "\u8F38\u5165\u5225\u540D\u540D\u7A31: "}, - {".RETURN.if.same.as.for.otherAlias.", - "\t(RETURN \u5982\u679C\u548C <{0}> \u7684\u76F8\u540C)"}, - {".PATTERN.printX509Cert", - "\u64C1\u6709\u8005: {0}\n\u767C\u51FA\u8005: {1}\n\u5E8F\u865F: {2}\n\u6709\u6548\u671F\u81EA: {3} \u5230: {4}\n\u6191\u8B49\u6307\u7D0B:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t \u7C3D\u7AE0\u6F14\u7B97\u6CD5\u540D\u7A31: {8}\n\t \u7248\u672C: {9}"}, - {"What.is.your.first.and.last.name.", - "\u60A8\u7684\u540D\u5B57\u8207\u59D3\u6C0F\u70BA\u4F55\uFF1F"}, - {"What.is.the.name.of.your.organizational.unit.", - "\u60A8\u7684\u7D44\u7E54\u55AE\u4F4D\u540D\u7A31\u70BA\u4F55\uFF1F"}, - {"What.is.the.name.of.your.organization.", - "\u60A8\u7684\u7D44\u7E54\u540D\u7A31\u70BA\u4F55\uFF1F"}, - {"What.is.the.name.of.your.City.or.Locality.", - "\u60A8\u6240\u5728\u7684\u57CE\u5E02\u6216\u5730\u5340\u540D\u7A31\u70BA\u4F55\uFF1F"}, - {"What.is.the.name.of.your.State.or.Province.", - "\u60A8\u6240\u5728\u7684\u5DDE\u53CA\u7701\u4EFD\u540D\u7A31\u70BA\u4F55\uFF1F"}, - {"What.is.the.two.letter.country.code.for.this.unit.", - "\u6B64\u55AE\u4F4D\u7684\u5169\u500B\u5B57\u6BCD\u570B\u5225\u4EE3\u78BC\u70BA\u4F55\uFF1F"}, - {"Is.name.correct.", "{0} \u6B63\u78BA\u55CE\uFF1F"}, - {"no", "\u5426"}, - {"yes", "\u662F"}, - {"y", "y"}, - {".defaultValue.", " [{0}]: "}, - {"Alias.alias.has.no.key", - "\u5225\u540D <{0}> \u6C92\u6709\u91D1\u9470"}, - {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key", - "\u5225\u540D <{0}> \u6240\u53C3\u7167\u7684\u9805\u76EE\u4E0D\u662F\u79C1\u5BC6\u91D1\u9470\u985E\u578B\u3002-keyclone \u547D\u4EE4\u50C5\u652F\u63F4\u79C1\u5BC6\u91D1\u9470\u9805\u76EE\u7684\u8907\u88FD"}, - - {".WARNING.WARNING.WARNING.", - "***************** WARNING WARNING WARNING *****************"}, - {"Signer.d.", "\u7C3D\u7F72\u8005 #%d:"}, - {"Timestamp.", "\u6642\u6233:"}, - {"Signature.", "\u7C3D\u7AE0:"}, - {"CRLs.", "CRL:"}, - {"Certificate.owner.", "\u6191\u8B49\u64C1\u6709\u8005: "}, - {"Not.a.signed.jar.file", "\u4E0D\u662F\u7C3D\u7F72\u7684 jar \u6A94\u6848"}, - {"No.certificate.from.the.SSL.server", - "\u6C92\u6709\u4F86\u81EA SSL \u4F3A\u670D\u5668\u7684\u6191\u8B49"}, - - {".The.integrity.of.the.information.stored.in.your.keystore.", - "* \u5C1A\u672A\u9A57\u8B49\u5132\u5B58\u65BC\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u8CC7\u8A0A *\n* \u7684\u5B8C\u6574\u6027\uFF01\u82E5\u8981\u9A57\u8B49\u5176\u5B8C\u6574\u6027\uFF0C*\n* \u60A8\u5FC5\u9808\u63D0\u4F9B\u60A8\u7684\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u3002 *"}, - {".The.integrity.of.the.information.stored.in.the.srckeystore.", - "* \u5C1A\u672A\u9A57\u8B49\u5132\u5B58\u65BC srckeystore \u4E2D\u8CC7\u8A0A*\n* \u7684\u5B8C\u6574\u6027\uFF01\u82E5\u8981\u9A57\u8B49\u5176\u5B8C\u6574\u6027\uFF0C\u60A8\u5FC5\u9808 *\n* \u63D0\u4F9B srckeystore \u5BC6\u78BC\u3002 *"}, - - {"Certificate.reply.does.not.contain.public.key.for.alias.", - "\u6191\u8B49\u56DE\u8986\u4E26\u672A\u5305\u542B <{0}> \u7684\u516C\u958B\u91D1\u9470"}, - {"Incomplete.certificate.chain.in.reply", - "\u56DE\u8986\u6642\u7684\u6191\u8B49\u93C8\u4E0D\u5B8C\u6574"}, - {"Certificate.chain.in.reply.does.not.verify.", - "\u56DE\u8986\u6642\u7684\u6191\u8B49\u93C8\u672A\u9A57\u8B49: "}, - {"Top.level.certificate.in.reply.", - "\u56DE\u8986\u6642\u7684\u6700\u9AD8\u7D1A\u6191\u8B49:\n"}, - {".is.not.trusted.", "... \u662F\u4E0D\u88AB\u4FE1\u4EFB\u7684\u3002"}, - {"Install.reply.anyway.no.", "\u9084\u662F\u8981\u5B89\u88DD\u56DE\u8986\uFF1F [\u5426]: "}, - {"NO", "\u5426"}, - {"Public.keys.in.reply.and.keystore.don.t.match", - "\u56DE\u8986\u6642\u7684\u516C\u958B\u91D1\u9470\u8207\u91D1\u9470\u5132\u5B58\u5EAB\u4E0D\u7B26"}, - {"Certificate.reply.and.certificate.in.keystore.are.identical", - "\u6191\u8B49\u56DE\u8986\u8207\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u7684\u6191\u8B49\u662F\u76F8\u540C\u7684"}, - {"Failed.to.establish.chain.from.reply", - "\u7121\u6CD5\u5F9E\u56DE\u8986\u4E2D\u5C07\u93C8\u5EFA\u7ACB\u8D77\u4F86"}, - {"n", "n"}, - {"Wrong.answer.try.again", "\u932F\u8AA4\u7684\u7B54\u6848\uFF0C\u8ACB\u518D\u8A66\u4E00\u6B21"}, - {"Secret.key.not.generated.alias.alias.already.exists", - "\u672A\u7522\u751F\u79D8\u5BC6\u91D1\u9470\uFF0C\u5225\u540D <{0}> \u5DF2\u5B58\u5728"}, - {"Please.provide.keysize.for.secret.key.generation", - "\u8ACB\u63D0\u4F9B -keysize \u4EE5\u7522\u751F\u79D8\u5BC6\u91D1\u9470"}, - - {"Extensions.", "\u64F4\u5145\u5957\u4EF6: "}, - {".Empty.value.", "(\u7A7A\u767D\u503C)"}, - {"Extension.Request.", "\u64F4\u5145\u5957\u4EF6\u8981\u6C42:"}, - {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.", - "PKCS #10 \u6191\u8B49\u8981\u6C42 (\u7248\u672C 1.0)\n\u4E3B\u9AD4: %s\n\u516C\u7528\u91D1\u9470: %s \u683C\u5F0F %s \u91D1\u9470\n"}, - {"Unknown.keyUsage.type.", "\u4E0D\u660E\u7684 keyUsage \u985E\u578B: "}, - {"Unknown.extendedkeyUsage.type.", "\u4E0D\u660E\u7684 extendedkeyUsage \u985E\u578B: "}, - {"Unknown.AccessDescription.type.", "\u4E0D\u660E\u7684 AccessDescription \u985E\u578B: "}, - {"Unrecognized.GeneralName.type.", "\u7121\u6CD5\u8FA8\u8B58\u7684 GeneralName \u985E\u578B: "}, - {"This.extension.cannot.be.marked.as.critical.", - "\u6B64\u64F4\u5145\u5957\u4EF6\u7121\u6CD5\u6A19\u793A\u70BA\u95DC\u9375\u3002"}, - {"Odd.number.of.hex.digits.found.", "\u627E\u5230\u5341\u516D\u9032\u4F4D\u6578\u5B57\u7684\u5947\u6578: "}, - {"Unknown.extension.type.", "\u4E0D\u660E\u7684\u64F4\u5145\u5957\u4EF6\u985E\u578B: "}, - {"command.{0}.is.ambiguous.", "\u547D\u4EE4 {0} \u4E0D\u660E\u78BA:"}, - - // policytool - {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.", - "\u8B66\u544A: \u5225\u540D {0} \u7684\u516C\u958B\u91D1\u9470\u4E0D\u5B58\u5728\u3002\u8ACB\u78BA\u5B9A\u91D1\u9470\u5132\u5B58\u5EAB\u914D\u7F6E\u6B63\u78BA\u3002"}, - {"Warning.Class.not.found.class", "\u8B66\u544A: \u627E\u4E0D\u5230\u985E\u5225 {0}"}, - {"Warning.Invalid.argument.s.for.constructor.arg", - "\u8B66\u544A: \u7121\u6548\u7684\u5EFA\u69CB\u5B50\u5F15\u6578: {0}"}, - {"Illegal.Principal.Type.type", "\u7121\u6548\u7684 Principal \u985E\u578B: {0}"}, - {"Illegal.option.option", "\u7121\u6548\u7684\u9078\u9805: {0}"}, - {"Usage.policytool.options.", "\u7528\u6CD5: policytool [options]"}, - {".file.file.policy.file.location", - " [-file <file>] \u539F\u5247\u6A94\u6848\u4F4D\u7F6E"}, - {"New", "\u65B0\u589E"}, - {"Open", "\u958B\u555F"}, - {"Save", "\u5132\u5B58"}, - {"Save.As", "\u53E6\u5B58\u65B0\u6A94"}, - {"View.Warning.Log", "\u6AA2\u8996\u8B66\u544A\u8A18\u9304"}, - {"Exit", "\u7D50\u675F"}, - {"Add.Policy.Entry", "\u65B0\u589E\u539F\u5247\u9805\u76EE"}, - {"Edit.Policy.Entry", "\u7DE8\u8F2F\u539F\u5247\u9805\u76EE"}, - {"Remove.Policy.Entry", "\u79FB\u9664\u539F\u5247\u9805\u76EE"}, - {"Edit", "\u7DE8\u8F2F"}, - {"Retain", "\u4FDD\u7559"}, - - {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes", - "\u8B66\u544A: \u6A94\u6848\u540D\u7A31\u5305\u542B\u9041\u96E2\u53CD\u659C\u7DDA\u5B57\u5143\u3002\u4E0D\u9700\u8981\u9041\u96E2\u53CD\u659C\u7DDA\u5B57\u5143 (\u64B0\u5BEB\u539F\u5247\u5167\u5BB9\u81F3\u6C38\u4E45\u5B58\u653E\u5340\u6642\u9700\u8981\u5DE5\u5177\u9041\u96E2\u5B57\u5143)\u3002\n\n\u6309\u4E00\u4E0B\u300C\u4FDD\u7559\u300D\u4EE5\u4FDD\u7559\u8F38\u5165\u7684\u540D\u7A31\uFF0C\u6216\u6309\u4E00\u4E0B\u300C\u7DE8\u8F2F\u300D\u4EE5\u7DE8\u8F2F\u540D\u7A31\u3002"}, - - {"Add.Public.Key.Alias", "\u65B0\u589E\u516C\u958B\u91D1\u9470\u5225\u540D"}, - {"Remove.Public.Key.Alias", "\u79FB\u9664\u516C\u958B\u91D1\u9470\u5225\u540D"}, - {"File", "\u6A94\u6848"}, - {"KeyStore", "\u91D1\u9470\u5132\u5B58\u5EAB"}, - {"Policy.File.", "\u539F\u5247\u6A94\u6848: "}, - {"Could.not.open.policy.file.policyFile.e.toString.", - "\u7121\u6CD5\u958B\u555F\u539F\u5247\u6A94\u6848: {0}: {1}"}, - {"Policy.Tool", "\u539F\u5247\u5DE5\u5177"}, - {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.", - "\u958B\u555F\u539F\u5247\u8A18\u7F6E\u6642\u767C\u751F\u932F\u8AA4\u3002\u8ACB\u6AA2\u8996\u8B66\u544A\u8A18\u9304\u4EE5\u53D6\u5F97\u66F4\u591A\u7684\u8CC7\u8A0A"}, - {"Error", "\u932F\u8AA4"}, - {"OK", "\u78BA\u5B9A"}, - {"Status", "\u72C0\u614B"}, - {"Warning", "\u8B66\u544A"}, - {"Permission.", - "\u6B0A\u9650: "}, - {"Principal.Type.", "Principal \u985E\u578B: "}, - {"Principal.Name.", "Principal \u540D\u7A31: "}, - {"Target.Name.", - "\u76EE\u6A19\u540D\u7A31: "}, - {"Actions.", - "\u52D5\u4F5C: "}, - {"OK.to.overwrite.existing.file.filename.", - "\u78BA\u8A8D\u8986\u5BEB\u73FE\u5B58\u7684\u6A94\u6848 {0}\uFF1F"}, - {"Cancel", "\u53D6\u6D88"}, - {"CodeBase.", "CodeBase:"}, - {"SignedBy.", "SignedBy:"}, - {"Add.Principal", "\u65B0\u589E Principal"}, - {"Edit.Principal", "\u7DE8\u8F2F Principal"}, - {"Remove.Principal", "\u79FB\u9664 Principal"}, - {"Principals.", "Principal:"}, - {".Add.Permission", " \u65B0\u589E\u6B0A\u9650"}, - {".Edit.Permission", " \u7DE8\u8F2F\u6B0A\u9650"}, - {"Remove.Permission", "\u79FB\u9664\u6B0A\u9650"}, - {"Done", "\u5B8C\u6210"}, - {"KeyStore.URL.", "\u91D1\u9470\u5132\u5B58\u5EAB URL: "}, - {"KeyStore.Type.", "\u91D1\u9470\u5132\u5B58\u5EAB\u985E\u578B:"}, - {"KeyStore.Provider.", "\u91D1\u9470\u5132\u5B58\u5EAB\u63D0\u4F9B\u8005:"}, - {"KeyStore.Password.URL.", "\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC URL: "}, - {"Principals", "Principal"}, - {".Edit.Principal.", " \u7DE8\u8F2F Principal: "}, - {".Add.New.Principal.", " \u65B0\u589E Principal: "}, - {"Permissions", "\u6B0A\u9650"}, - {".Edit.Permission.", " \u7DE8\u8F2F\u6B0A\u9650:"}, - {".Add.New.Permission.", " \u65B0\u589E\u6B0A\u9650:"}, - {"Signed.By.", "\u7C3D\u7F72\u4EBA: "}, - {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name", - "\u6C92\u6709\u842C\u7528\u5B57\u5143\u540D\u7A31\uFF0C\u7121\u6CD5\u6307\u5B9A\u542B\u6709\u842C\u7528\u5B57\u5143\u985E\u5225\u7684 Principal"}, - {"Cannot.Specify.Principal.without.a.Name", - "\u6C92\u6709\u540D\u7A31\uFF0C\u7121\u6CD5\u6307\u5B9A Principal"}, - {"Permission.and.Target.Name.must.have.a.value", - "\u6B0A\u9650\u53CA\u76EE\u6A19\u540D\u7A31\u5FC5\u9808\u6709\u4E00\u500B\u503C\u3002"}, - {"Remove.this.Policy.Entry.", "\u79FB\u9664\u9019\u500B\u539F\u5247\u9805\u76EE\uFF1F"}, - {"Overwrite.File", "\u8986\u5BEB\u6A94\u6848"}, - {"Policy.successfully.written.to.filename", - "\u539F\u5247\u6210\u529F\u5BEB\u5165\u81F3 {0}"}, - {"null.filename", "\u7A7A\u503C\u6A94\u540D"}, - {"Save.changes.", "\u5132\u5B58\u8B8A\u66F4\uFF1F"}, - {"Yes", "\u662F"}, - {"No", "\u5426"}, - {"Policy.Entry", "\u539F\u5247\u9805\u76EE"}, - {"Save.Changes", "\u5132\u5B58\u8B8A\u66F4"}, - {"No.Policy.Entry.selected", "\u6C92\u6709\u9078\u53D6\u539F\u5247\u9805\u76EE"}, - {"Unable.to.open.KeyStore.ex.toString.", - "\u7121\u6CD5\u958B\u555F\u91D1\u9470\u5132\u5B58\u5EAB: {0}"}, - {"No.principal.selected", "\u672A\u9078\u53D6 Principal"}, - {"No.permission.selected", "\u6C92\u6709\u9078\u53D6\u6B0A\u9650"}, - {"name", "\u540D\u7A31"}, - {"configuration.type", "\u7D44\u614B\u985E\u578B"}, - {"environment.variable.name", "\u74B0\u5883\u8B8A\u6578\u540D\u7A31"}, - {"library.name", "\u7A0B\u5F0F\u5EAB\u540D\u7A31"}, - {"package.name", "\u5957\u88DD\u7A0B\u5F0F\u540D\u7A31"}, - {"policy.type", "\u539F\u5247\u985E\u578B"}, - {"property.name", "\u5C6C\u6027\u540D\u7A31"}, - {"Principal.List", "Principal \u6E05\u55AE"}, - {"Permission.List", "\u6B0A\u9650\u6E05\u55AE"}, - {"Code.Base", "\u4EE3\u78BC\u57FA\u6E96"}, - {"KeyStore.U.R.L.", "\u91D1\u9470\u5132\u5B58\u5EAB URL:"}, - {"KeyStore.Password.U.R.L.", "\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC URL:"}, - - // javax.security.auth.PrivateCredentialPermission {"invalid.null.input.s.", "\u7121\u6548\u7A7A\u503C\u8F38\u5165"}, {"actions.can.only.be.read.", "\u52D5\u4F5C\u53EA\u80FD\u88AB\u300C\u8B80\u53D6\u300D"}, @@ -551,6 +58,7 @@ {"provided.null.OID.map", "\u63D0\u4F9B\u7A7A\u503C OID \u5C0D\u6620"}, // javax.security.auth.Subject + {"NEWLINE", "\n"}, {"invalid.null.AccessControlContext.provided", "\u63D0\u4F9B\u7121\u6548\u7684\u7A7A\u503C AccessControlContext"}, {"invalid.null.action.provided", "\u63D0\u4F9B\u7121\u6548\u7684\u7A7A\u503C\u52D5\u4F5C"}, @@ -575,7 +83,7 @@ // javax.security.auth.login.LoginContext {"Invalid.null.input.name", "\u7121\u6548\u7A7A\u503C\u8F38\u5165: \u540D\u7A31"}, {"No.LoginModules.configured.for.name", - "\u7121\u91DD\u5C0D {0} \u914D\u7F6E\u7684 LoginModules"}, + "\u7121\u91DD\u5C0D {0} \u8A2D\u5B9A\u7684 LoginModules"}, {"invalid.null.Subject.provided", "\u63D0\u4F9B\u7121\u6548\u7A7A\u503C\u4E3B\u984C"}, {"invalid.null.CallbackHandler.provided", "\u63D0\u4F9B\u7121\u6548\u7A7A\u503C CallbackHandler"}, @@ -654,6 +162,7 @@ * * @return the contents of this <code>ResourceBundle</code>. */ + @Override public Object[][] getContents() { return contents; }
--- a/src/share/classes/sun/security/util/SignatureFileVerifier.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/util/SignatureFileVerifier.java Sat Sep 10 22:36:17 2016 +0100 @@ -35,7 +35,6 @@ import java.util.jar.*; import sun.security.pkcs.*; -import sun.security.timestamp.TimestampToken; import sun.misc.BASE64Decoder; import sun.security.jca.Providers; @@ -228,7 +227,7 @@ * */ public void process(Hashtable<String, CodeSigner[]> signers, - List manifestDigests) + List<Object> manifestDigests) throws IOException, SignatureException, NoSuchAlgorithmException, JarException, CertificateException { @@ -245,7 +244,7 @@ } private void processImpl(Hashtable<String, CodeSigner[]> signers, - List manifestDigests) + List<Object> manifestDigests) throws IOException, SignatureException, NoSuchAlgorithmException, JarException, CertificateException { @@ -324,7 +323,7 @@ private boolean verifyManifestHash(Manifest sf, ManifestDigester md, BASE64Decoder decoder, - List manifestDigests) + List<Object> manifestDigests) throws IOException { Attributes mattr = sf.getMainAttributes(); @@ -532,7 +531,7 @@ signers = new ArrayList<CodeSigner>(); } // Append the new code signer - signers.add(new CodeSigner(certChain, getTimestamp(info))); + signers.add(new CodeSigner(certChain, info.getTimestamp())); if (debug != null) { debug.println("Signature Block Certificate: " + @@ -547,90 +546,6 @@ } } - /* - * Examines a signature timestamp token to generate a timestamp object. - * - * Examines the signer's unsigned attributes for a - * <tt>signatureTimestampToken</tt> attribute. If present, - * then it is parsed to extract the date and time at which the - * timestamp was generated. - * - * @param info A signer information element of a PKCS 7 block. - * - * @return A timestamp token or null if none is present. - * @throws IOException if an error is encountered while parsing the - * PKCS7 data. - * @throws NoSuchAlgorithmException if an error is encountered while - * verifying the PKCS7 object. - * @throws SignatureException if an error is encountered while - * verifying the PKCS7 object. - * @throws CertificateException if an error is encountered while generating - * the TSA's certpath. - */ - private Timestamp getTimestamp(SignerInfo info) - throws IOException, NoSuchAlgorithmException, SignatureException, - CertificateException { - - Timestamp timestamp = null; - - // Extract the signer's unsigned attributes - PKCS9Attributes unsignedAttrs = info.getUnauthenticatedAttributes(); - if (unsignedAttrs != null) { - PKCS9Attribute timestampTokenAttr = - unsignedAttrs.getAttribute("signatureTimestampToken"); - if (timestampTokenAttr != null) { - PKCS7 timestampToken = - new PKCS7((byte[])timestampTokenAttr.getValue()); - // Extract the content (an encoded timestamp token info) - byte[] encodedTimestampTokenInfo = - timestampToken.getContentInfo().getData(); - // Extract the signer (the Timestamping Authority) - // while verifying the content - SignerInfo[] tsa = - timestampToken.verify(encodedTimestampTokenInfo); - // Expect only one signer - ArrayList<X509Certificate> chain = - tsa[0].getCertificateChain(timestampToken); - CertPath tsaChain = certificateFactory.generateCertPath(chain); - // Create a timestamp token info object - TimestampToken timestampTokenInfo = - new TimestampToken(encodedTimestampTokenInfo); - // Check that the signature timestamp applies to this signature - verifyTimestamp(timestampTokenInfo, info.getEncryptedDigest()); - // Create a timestamp object - timestamp = - new Timestamp(timestampTokenInfo.getDate(), tsaChain); - } - } - return timestamp; - } - - /* - * Check that the signature timestamp applies to this signature. - * Match the hash present in the signature timestamp token against the hash - * of this signature. - */ - private void verifyTimestamp(TimestampToken token, byte[] signature) - throws NoSuchAlgorithmException, SignatureException { - - MessageDigest md = - MessageDigest.getInstance(AlgorithmId.getStandardDigestName( - token.getHashAlgorithm().getName())); - - if (!Arrays.equals(token.getHashedMessage(), md.digest(signature))) { - throw new SignatureException("Signature timestamp (#" + - token.getSerialNumber() + ") generated on " + token.getDate() + - " is inapplicable"); - } - - if (debug != null) { - debug.println(); - debug.println("Detected signature timestamp (#" + - token.getSerialNumber() + ") generated on " + token.getDate()); - debug.println(); - } - } - // for the toHex function private static final char[] hexc = {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
--- a/src/share/classes/sun/security/validator/SimpleValidator.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/validator/SimpleValidator.java Sat Sep 10 22:36:17 2016 +0100 @@ -37,7 +37,6 @@ import sun.security.x509.NetscapeCertTypeExtension; import sun.security.util.DerValue; import sun.security.util.DerInputStream; -import sun.security.util.DerOutputStream; import sun.security.util.ObjectIdentifier; import sun.security.provider.certpath.AlgorithmChecker; @@ -300,7 +299,7 @@ .toByteArray(); ext = new NetscapeCertTypeExtension(encoded); } - Boolean val = (Boolean)ext.get(type); + Boolean val = ext.get(type); return val.booleanValue(); } catch (IOException e) { return false;
--- a/src/share/classes/sun/security/x509/AVA.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/AVA.java Sat Sep 10 22:36:17 2016 +0100 @@ -369,8 +369,8 @@ // encode as PrintableString unless value contains // non-PrintableString chars - if (this.oid.equals(PKCS9Attribute.EMAIL_ADDRESS_OID) || - (this.oid.equals(X500Name.DOMAIN_COMPONENT_OID) && + if (this.oid.equals((Object)PKCS9Attribute.EMAIL_ADDRESS_OID) || + (this.oid.equals((Object)X500Name.DOMAIN_COMPONENT_OID) && PRESERVE_OLD_DC_ENCODING == false)) { // EmailAddress and DomainComponent must be IA5String return new DerValue(DerValue.tag_IA5String, @@ -503,8 +503,8 @@ // encode as PrintableString unless value contains // non-PrintableString chars - if (this.oid.equals(PKCS9Attribute.EMAIL_ADDRESS_OID) || - (this.oid.equals(X500Name.DOMAIN_COMPONENT_OID) && + if (this.oid.equals((Object)PKCS9Attribute.EMAIL_ADDRESS_OID) || + (this.oid.equals((Object)X500Name.DOMAIN_COMPONENT_OID) && PRESERVE_OLD_DC_ENCODING == false)) { // EmailAddress and DomainComponent must be IA5String return new DerValue(DerValue.tag_IA5String, temp.toString());
--- a/src/share/classes/sun/security/x509/AccessDescription.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/AccessDescription.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,7 +25,6 @@ package sun.security.x509; -import java.security.cert.*; import java.io.IOException; import sun.security.util.*; @@ -96,19 +95,19 @@ if (this == that) { return true; } - return (accessMethod.equals(that.getAccessMethod()) && + return (accessMethod.equals((Object)that.getAccessMethod()) && accessLocation.equals(that.getAccessLocation())); } public String toString() { String method = null; - if (accessMethod.equals(Ad_CAISSUERS_Id)) { + if (accessMethod.equals((Object)Ad_CAISSUERS_Id)) { method = "caIssuers"; - } else if (accessMethod.equals(Ad_CAREPOSITORY_Id)) { + } else if (accessMethod.equals((Object)Ad_CAREPOSITORY_Id)) { method = "caRepository"; - } else if (accessMethod.equals(Ad_TIMESTAMPING_Id)) { + } else if (accessMethod.equals((Object)Ad_TIMESTAMPING_Id)) { method = "timeStamping"; - } else if (accessMethod.equals(Ad_OCSP_Id)) { + } else if (accessMethod.equals((Object)Ad_OCSP_Id)) { method = "ocsp"; } else { method = accessMethod.toString();
--- a/src/share/classes/sun/security/x509/AlgorithmId.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/AlgorithmId.java Sat Sep 10 22:36:17 2016 +0100 @@ -237,7 +237,7 @@ if (algName != null) { return algName; } - if ((params != null) && algid.equals(specifiedWithECDSA_oid)) { + if ((params != null) && algid.equals((Object)specifiedWithECDSA_oid)) { try { AlgorithmId paramsId = AlgorithmId.parse(new DerValue(getEncodedParams())); @@ -274,7 +274,7 @@ public boolean equals(AlgorithmId other) { boolean paramsEqual = (params == null ? other.params == null : params.equals(other.params)); - return (algid.equals(other.algid) && paramsEqual); + return (algid.equals((Object)other.algid) && paramsEqual); } /** @@ -302,7 +302,7 @@ * they are the same algorithm, ignoring algorithm parameters. */ public final boolean equals(ObjectIdentifier id) { - return algid.equals(id); + return algid.equals((Object)id); } /** @@ -593,7 +593,7 @@ } if (oidTable == null) { - oidTable = new HashMap<String,ObjectIdentifier>(1); + oidTable = Collections.<String,ObjectIdentifier>emptyMap(); } initOidTable = true; }
--- a/src/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -163,6 +163,7 @@ /** * Set the attribute value. */ + @SuppressWarnings("unchecked") // Checked with an instanceof check public void set(String name, Object obj) throws IOException { if (name.equalsIgnoreCase(DESCRIPTIONS)) { if (!(obj instanceof List)) { @@ -180,7 +181,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public List<AccessDescription> get(String name) throws IOException { if (name.equalsIgnoreCase(DESCRIPTIONS)) { return accessDescriptions; } else {
--- a/src/share/classes/sun/security/x509/CRLDistributionPointsExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/CRLDistributionPointsExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,7 @@ import java.io.OutputStream; import java.util.*; +import java.util.Collections; import sun.security.util.DerOutputStream; import sun.security.util.DerValue; @@ -222,6 +223,7 @@ /** * Set the attribute value. */ + @SuppressWarnings("unchecked") // Checked with instanceof public void set(String name, Object obj) throws IOException { if (name.equalsIgnoreCase(POINTS)) { if (!(obj instanceof List)) { @@ -239,7 +241,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public List<DistributionPoint> get(String name) throws IOException { if (name.equalsIgnoreCase(POINTS)) { return distributionPoints; } else { @@ -254,11 +256,12 @@ */ public void delete(String name) throws IOException { if (name.equalsIgnoreCase(POINTS)) { - distributionPoints = new ArrayList<DistributionPoint>(); + distributionPoints = + Collections.<DistributionPoint>emptyList(); } else { throw new IOException("Attribute name [" + name + - "] not recognized by " + - "CertAttrSet:" + extensionName + "."); + "] not recognized by " + + "CertAttrSet:" + extensionName + '.'); } encodeThis(); }
--- a/src/share/classes/sun/security/x509/CRLExtensions.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/CRLExtensions.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -38,7 +38,6 @@ import java.util.TreeMap; import sun.security.util.*; -import sun.misc.HexDumpEncoder; /** * This class defines the CRL Extensions. @@ -112,7 +111,7 @@ // Parse the encoded extension private void parseExtension(Extension ext) throws CRLException { try { - Class extClass = OIDMap.getClass(ext.getExtensionId()); + Class<?> extClass = OIDMap.getClass(ext.getExtensionId()); if (extClass == null) { // Unsupported extension if (ext.isCritical()) unsupportedCritExt = true; @@ -120,10 +119,10 @@ throw new CRLException("Duplicate extensions not allowed"); return; } - Constructor cons = ((Class<?>)extClass).getConstructor(PARAMS); + Constructor<?> cons = extClass.getConstructor(PARAMS); Object[] passed = new Object[] {Boolean.valueOf(ext.isCritical()), ext.getExtensionValue()}; - CertAttrSet crlExt = (CertAttrSet)cons.newInstance(passed); + CertAttrSet<?> crlExt = (CertAttrSet<?>)cons.newInstance(passed); if (map.put(crlExt.getName(), (Extension)crlExt) != null) { throw new CRLException("Duplicate extensions not allowed"); }
--- a/src/share/classes/sun/security/x509/CRLNumberExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/CRLNumberExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -155,13 +155,12 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public BigInteger get(String name) throws IOException { if (name.equalsIgnoreCase(NUMBER)) { - if (crlNumber == null) return null; - else return crlNumber; + return crlNumber; } else { - throw new IOException("Attribute name not recognized by" - + " CertAttrSet:" + extensionName + "."); + throw new IOException("Attribute name not recognized by" + + " CertAttrSet:" + extensionName + '.'); } }
--- a/src/share/classes/sun/security/x509/CRLReasonCodeExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/CRLReasonCodeExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -155,7 +155,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public Integer get(String name) throws IOException { if (name.equalsIgnoreCase(REASON)) { return new Integer(reasonCode); } else {
--- a/src/share/classes/sun/security/x509/CertAndKeyGen.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,329 +0,0 @@ -/* - * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.x509; - -import java.io.IOException; -import java.security.cert.X509Certificate; -import java.security.cert.CertificateException; -import java.security.cert.CertificateEncodingException; -import java.security.*; -import java.util.Date; - -import sun.security.pkcs.PKCS10; - - -/** - * Generate a pair of keys, and provide access to them. This class is - * provided primarily for ease of use. - * - * <P>This provides some simple certificate management functionality. - * Specifically, it allows you to create self-signed X.509 certificates - * as well as PKCS 10 based certificate signing requests. - * - * <P>Keys for some public key signature algorithms have algorithm - * parameters, such as DSS/DSA. Some sites' Certificate Authorities - * adopt fixed algorithm parameters, which speeds up some operations - * including key generation and signing. <em>At this time, this interface - * does not provide a way to provide such algorithm parameters, e.g. - * by providing the CA certificate which includes those parameters.</em> - * - * <P>Also, note that at this time only signature-capable keys may be - * acquired through this interface. Diffie-Hellman keys, used for secure - * key exchange, may be supported later. - * - * @author David Brownell - * @author Hemma Prafullchandra - * @see PKCS10 - * @see X509CertImpl - */ -public final class CertAndKeyGen { - /** - * Creates a CertAndKeyGen object for a particular key type - * and signature algorithm. - * - * @param keyType type of key, e.g. "RSA", "DSA" - * @param sigAlg name of the signature algorithm, e.g. "MD5WithRSA", - * "MD2WithRSA", "SHAwithDSA". - * @exception NoSuchAlgorithmException on unrecognized algorithms. - */ - public CertAndKeyGen (String keyType, String sigAlg) - throws NoSuchAlgorithmException - { - keyGen = KeyPairGenerator.getInstance(keyType); - this.sigAlg = sigAlg; - } - - /** - * Creates a CertAndKeyGen object for a particular key type, - * signature algorithm, and provider. - * - * @param keyType type of key, e.g. "RSA", "DSA" - * @param sigAlg name of the signature algorithm, e.g. "MD5WithRSA", - * "MD2WithRSA", "SHAwithDSA". - * @param providerName name of the provider - * @exception NoSuchAlgorithmException on unrecognized algorithms. - * @exception NoSuchProviderException on unrecognized providers. - */ - public CertAndKeyGen (String keyType, String sigAlg, String providerName) - throws NoSuchAlgorithmException, NoSuchProviderException - { - if (providerName == null) { - keyGen = KeyPairGenerator.getInstance(keyType); - } else { - try { - keyGen = KeyPairGenerator.getInstance(keyType, providerName); - } catch (Exception e) { - // try first available provider instead - keyGen = KeyPairGenerator.getInstance(keyType); - } - } - this.sigAlg = sigAlg; - } - - /** - * Sets the source of random numbers used when generating keys. - * If you do not provide one, a system default facility is used. - * You may wish to provide your own source of random numbers - * to get a reproducible sequence of keys and signatures, or - * because you may be able to take advantage of strong sources - * of randomness/entropy in your environment. - */ - public void setRandom (SecureRandom generator) - { - prng = generator; - } - - // want "public void generate (X509Certificate)" ... inherit DSA/D-H param - - /** - * Generates a random public/private key pair, with a given key - * size. Different algorithms provide different degrees of security - * for the same key size, because of the "work factor" involved in - * brute force attacks. As computers become faster, it becomes - * easier to perform such attacks. Small keys are to be avoided. - * - * <P>Note that not all values of "keyBits" are valid for all - * algorithms, and not all public key algorithms are currently - * supported for use in X.509 certificates. If the algorithm - * you specified does not produce X.509 compatible keys, an - * invalid key exception is thrown. - * - * @param keyBits the number of bits in the keys. - * @exception InvalidKeyException if the environment does not - * provide X.509 public keys for this signature algorithm. - */ - public void generate (int keyBits) - throws InvalidKeyException - { - KeyPair pair; - - try { - if (prng == null) { - prng = new SecureRandom(); - } - keyGen.initialize(keyBits, prng); - pair = keyGen.generateKeyPair(); - - } catch (Exception e) { - throw new IllegalArgumentException(e.getMessage()); - } - - publicKey = pair.getPublic(); - privateKey = pair.getPrivate(); - - // publicKey's format must be X.509 otherwise - // the whole CertGen part of this class is broken. - // Allow "X509" in 7u for backwards compatibility. - if (!"X.509".equalsIgnoreCase(publicKey.getFormat()) && - !"X509".equalsIgnoreCase(publicKey.getFormat())) { - throw new IllegalArgumentException("Public key format is " + - publicKey.getFormat() + ", must be X.509"); - } - } - - - /** - * Returns the public key of the generated key pair if it is of type - * <code>X509Key</code>, or null if the public key is of a different type. - * - * XXX Note: This behaviour is needed for backwards compatibility. - * What this method really should return is the public key of the - * generated key pair, regardless of whether or not it is an instance of - * <code>X509Key</code>. Accordingly, the return type of this method - * should be <code>PublicKey</code>. - */ - public X509Key getPublicKey() - { - if (!(publicKey instanceof X509Key)) { - return null; - } - return (X509Key)publicKey; - } - - /** - * Always returns the public key of the generated key pair. Used - * by KeyTool only. - * - * The publicKey is not necessarily to be an instance of - * X509Key in some JCA/JCE providers, for example SunPKCS11. - */ - public PublicKey getPublicKeyAnyway() { - return publicKey; - } - - /** - * Returns the private key of the generated key pair. - * - * <P><STRONG><em>Be extremely careful when handling private keys. - * When private keys are not kept secret, they lose their ability - * to securely authenticate specific entities ... that is a huge - * security risk!</em></STRONG> - */ - public PrivateKey getPrivateKey () - { - return privateKey; - } - - /** - * Returns a self-signed X.509v3 certificate for the public key. - * The certificate is immediately valid. No extensions. - * - * <P>Such certificates normally are used to identify a "Certificate - * Authority" (CA). Accordingly, they will not always be accepted by - * other parties. However, such certificates are also useful when - * you are bootstrapping your security infrastructure, or deploying - * system prototypes. - * - * @param myname X.500 name of the subject (who is also the issuer) - * @param firstDate the issue time of the certificate - * @param validity how long the certificate should be valid, in seconds - * @exception CertificateException on certificate handling errors. - * @exception InvalidKeyException on key handling errors. - * @exception SignatureException on signature handling errors. - * @exception NoSuchAlgorithmException on unrecognized algorithms. - * @exception NoSuchProviderException on unrecognized providers. - */ - public X509Certificate getSelfCertificate ( - X500Name myname, Date firstDate, long validity) - throws CertificateException, InvalidKeyException, SignatureException, - NoSuchAlgorithmException, NoSuchProviderException - { - return getSelfCertificate(myname, firstDate, validity, null); - } - - // Like above, plus a CertificateExtensions argument, which can be null. - public X509Certificate getSelfCertificate (X500Name myname, Date firstDate, - long validity, CertificateExtensions ext) - throws CertificateException, InvalidKeyException, SignatureException, - NoSuchAlgorithmException, NoSuchProviderException - { - X509CertImpl cert; - Date lastDate; - - try { - lastDate = new Date (); - lastDate.setTime (firstDate.getTime () + validity * 1000); - - CertificateValidity interval = - new CertificateValidity(firstDate,lastDate); - - X509CertInfo info = new X509CertInfo(); - // Add all mandatory attributes - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); - info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( - new java.util.Random().nextInt() & 0x7fffffff)); - AlgorithmId algID = AlgorithmId.getAlgorithmId(sigAlg); - info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(algID)); - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(myname)); - info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey)); - info.set(X509CertInfo.VALIDITY, interval); - info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname)); - if (ext != null) info.set(X509CertInfo.EXTENSIONS, ext); - - cert = new X509CertImpl(info); - cert.sign(privateKey, this.sigAlg); - - return (X509Certificate)cert; - - } catch (IOException e) { - throw new CertificateEncodingException("getSelfCert: " + - e.getMessage()); - } - } - - // Keep the old method - public X509Certificate getSelfCertificate (X500Name myname, long validity) - throws CertificateException, InvalidKeyException, SignatureException, - NoSuchAlgorithmException, NoSuchProviderException - { - return getSelfCertificate(myname, new Date(), validity); - } - - /** - * Returns a PKCS #10 certificate request. The caller uses either - * <code>PKCS10.print</code> or <code>PKCS10.toByteArray</code> - * operations on the result, to get the request in an appropriate - * transmission format. - * - * <P>PKCS #10 certificate requests are sent, along with some proof - * of identity, to Certificate Authorities (CAs) which then issue - * X.509 public key certificates. - * - * @param myname X.500 name of the subject - * @exception InvalidKeyException on key handling errors. - * @exception SignatureException on signature handling errors. - */ - public PKCS10 getCertRequest (X500Name myname) - throws InvalidKeyException, SignatureException - { - PKCS10 req = new PKCS10 (publicKey); - - try { - Signature signature = Signature.getInstance(sigAlg); - signature.initSign (privateKey); - req.encodeAndSign(myname, signature); - - } catch (CertificateException e) { - throw new SignatureException (sigAlg + " CertificateException"); - - } catch (IOException e) { - throw new SignatureException (sigAlg + " IOException"); - - } catch (NoSuchAlgorithmException e) { - // "can't happen" - throw new SignatureException (sigAlg + " unavailable?"); - } - return req; - } - - private SecureRandom prng; - private String sigAlg; - private KeyPairGenerator keyGen; - private PublicKey publicKey; - private PrivateKey privateKey; -}
--- a/src/share/classes/sun/security/x509/CertificateAlgorithmId.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/CertificateAlgorithmId.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -130,7 +130,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public AlgorithmId get(String name) throws IOException { if (name.equalsIgnoreCase(ALGORITHM)) { return (algId); } else {
--- a/src/share/classes/sun/security/x509/CertificateExtensions.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/CertificateExtensions.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -94,7 +94,7 @@ // Parse the encoded extension private void parseExtension(Extension ext) throws IOException { try { - Class extClass = OIDMap.getClass(ext.getExtensionId()); + Class<?> extClass = OIDMap.getClass(ext.getExtensionId()); if (extClass == null) { // Unsupported extension if (ext.isCritical()) { unsupportedCritExt = true; @@ -105,11 +105,12 @@ throw new IOException("Duplicate extensions not allowed"); } } - Constructor cons = ((Class<?>)extClass).getConstructor(PARAMS); + Constructor<?> cons = extClass.getConstructor(PARAMS); Object[] passed = new Object[] {Boolean.valueOf(ext.isCritical()), ext.getExtensionValue()}; - CertAttrSet certExt = (CertAttrSet)cons.newInstance(passed); + CertAttrSet<?> certExt = (CertAttrSet<?>) + cons.newInstance(passed); if (map.put(certExt.getName(), (Extension)certExt) != null) { throw new IOException("Duplicate extensions not allowed"); } @@ -133,12 +134,12 @@ if (e instanceof IOException) { throw (IOException)e; } else { - throw (IOException)new IOException(e.toString()).initCause(e); + throw new IOException(e); } } catch (IOException e) { throw e; } catch (Exception e) { - throw (IOException)new IOException(e.toString()).initCause(e); + throw new IOException(e); } } @@ -211,8 +212,8 @@ * @param name the extension name used in the lookup. * @exception IOException if named extension is not found. */ - public Object get(String name) throws IOException { - Object obj = map.get(name); + public Extension get(String name) throws IOException { + Extension obj = map.get(name); if (obj == null) { throw new IOException("No extension found with name " + name); } @@ -240,7 +241,7 @@ public String getNameByOid(ObjectIdentifier oid) throws IOException { for (String name: map.keySet()) { - if (map.get(name).getExtensionId().equals(oid)) { + if (map.get(name).getExtensionId().equals((Object)oid)) { return name; } } @@ -360,7 +361,7 @@ name = ""; try { - Class extClass = OIDMap.getClass(ext.getExtensionId()); + Class<?> extClass = OIDMap.getClass(ext.getExtensionId()); if (extClass != null) { Field field = extClass.getDeclaredField("NAME"); name = (String)(field.get(null)) + " ";
--- a/src/share/classes/sun/security/x509/CertificateIssuerExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/CertificateIssuerExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -141,7 +141,7 @@ * * @throws IOException on error */ - public Object get(String name) throws IOException { + public GeneralNames get(String name) throws IOException { if (name.equalsIgnoreCase(ISSUER)) { return names; } else {
--- a/src/share/classes/sun/security/x509/CertificateIssuerUniqueIdentity.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/CertificateIssuerUniqueIdentity.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -136,7 +136,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public UniqueIdentity get(String name) throws IOException { if (name.equalsIgnoreCase(ID)) { return (id); } else {
--- a/src/share/classes/sun/security/x509/CertificatePoliciesExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/CertificatePoliciesExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -189,6 +189,7 @@ /** * Set the attribute value. */ + @SuppressWarnings("unchecked") // Checked with an instanceof check public void set(String name, Object obj) throws IOException { if (name.equalsIgnoreCase(POLICIES)) { if (!(obj instanceof List)) { @@ -206,7 +207,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public List<PolicyInformation> get(String name) throws IOException { if (name.equalsIgnoreCase(POLICIES)) { //XXXX May want to consider cloning this return certPolicies;
--- a/src/share/classes/sun/security/x509/CertificatePolicyId.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/CertificatePolicyId.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2000, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -93,7 +93,8 @@ */ public boolean equals(Object other) { if (other instanceof CertificatePolicyId) - return id.equals(((CertificatePolicyId) other).getIdentifier()); + return id.equals((Object) + ((CertificatePolicyId) other).getIdentifier()); else return false; }
--- a/src/share/classes/sun/security/x509/CertificateSerialNumber.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/CertificateSerialNumber.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -141,7 +141,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public SerialNumber get(String name) throws IOException { if (name.equalsIgnoreCase(NUMBER)) { return (serial); } else {
--- a/src/share/classes/sun/security/x509/CertificateSubjectUniqueIdentity.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/CertificateSubjectUniqueIdentity.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -135,7 +135,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public UniqueIdentity get(String name) throws IOException { if (name.equalsIgnoreCase(ID)) { return(id); } else {
--- a/src/share/classes/sun/security/x509/CertificateValidity.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/CertificateValidity.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -190,7 +190,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public Date get(String name) throws IOException { if (name.equalsIgnoreCase(NOT_BEFORE)) { return (getNotBefore()); } else if (name.equalsIgnoreCase(NOT_AFTER)) {
--- a/src/share/classes/sun/security/x509/CertificateVersion.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/CertificateVersion.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -191,7 +191,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public Integer get(String name) throws IOException { if (name.equalsIgnoreCase(VERSION)) { return(new Integer(getVersion())); } else {
--- a/src/share/classes/sun/security/x509/CertificateX509Key.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/CertificateX509Key.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -122,7 +122,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public PublicKey get(String name) throws IOException { if (name.equalsIgnoreCase(KEY)) { return(key); } else {
--- a/src/share/classes/sun/security/x509/DNSName.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/DNSName.java Sat Sep 10 22:36:17 2016 +0100 @@ -232,15 +232,15 @@ * @throws UnsupportedOperationException if not supported for this name type */ public int subtreeDepth() throws UnsupportedOperationException { - String subtree=name; - int i=1; + // subtree depth is always at least 1 + int sum = 1; - /* count dots */ - for (; subtree.lastIndexOf('.') >= 0; i++) { - subtree=subtree.substring(0,subtree.lastIndexOf('.')); + // count dots + for (int i = name.indexOf('.'); i >= 0; i = name.indexOf('.', i + 1)) { + ++sum; } - return i; + return sum; } }
--- a/src/share/classes/sun/security/x509/EDIPartyName.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/EDIPartyName.java Sat Sep 10 22:36:17 2016 +0100 @@ -197,7 +197,7 @@ */ public int hashCode() { if (myhash == -1) { - myhash = 37 + party.hashCode(); + myhash = 37 + (party == null ? 1 : party.hashCode()); if (assigner != null) { myhash = 37 * myhash + assigner.hashCode(); }
--- a/src/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -241,6 +241,7 @@ /** * Set the attribute value. */ + @SuppressWarnings("unchecked") // Checked with instanceof public void set(String name, Object obj) throws IOException { if (name.equalsIgnoreCase(USAGES)) { if (!(obj instanceof Vector)) { @@ -258,7 +259,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public Vector<ObjectIdentifier> get(String name) throws IOException { if (name.equalsIgnoreCase(USAGES)) { //XXXX May want to consider cloning this return keyUsages;
--- a/src/share/classes/sun/security/x509/Extension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/Extension.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -269,7 +269,7 @@ Extension otherExt = (Extension) other; if (critical != otherExt.critical) return false; - if (!extensionId.equals(otherExt.extensionId)) + if (!extensionId.equals((Object)otherExt.extensionId)) return false; return Arrays.equals(extensionValue, otherExt.extensionValue); }
--- a/src/share/classes/sun/security/x509/GeneralSubtrees.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/GeneralSubtrees.java Sat Sep 10 22:36:17 2016 +0100 @@ -191,7 +191,7 @@ // the list: if any subsequent entry matches or widens entry n, // remove entry n. If any subsequent entries narrow entry n, remove // the subsequent entries. - for (int i = 0; i < size(); i++) { + for (int i = 0; i < (size() - 1); i++) { GeneralNameInterface current = getGeneralNameInterface(i); boolean remove1 = false;
--- a/src/share/classes/sun/security/x509/IPAddressName.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/IPAddressName.java Sat Sep 10 22:36:17 2016 +0100 @@ -197,8 +197,10 @@ // append a mask corresponding to the num of prefix bits specified int prefixLen = Integer.parseInt(name.substring(slashNdx+1)); - if (prefixLen > 128) - throw new IOException("IPv6Address prefix is longer than 128"); + if (prefixLen < 0 || prefixLen > 128) { + throw new IOException("IPv6Address prefix length (" + + prefixLen + ") in out of valid range [0,128]"); + } // create new bit array initialized to zeros BitArray bitArray = new BitArray(MASKSIZE * 8); @@ -317,7 +319,8 @@ if (!(obj instanceof IPAddressName)) return false; - byte[] other = ((IPAddressName)obj).getBytes(); + IPAddressName otherName = (IPAddressName)obj; + byte[] other = otherName.address; if (other.length != address.length) return false; @@ -326,12 +329,10 @@ // Two subnet addresses // Mask each and compare masked values int maskLen = address.length/2; - byte[] maskedThis = new byte[maskLen]; - byte[] maskedOther = new byte[maskLen]; for (int i=0; i < maskLen; i++) { - maskedThis[i] = (byte)(address[i] & address[i+maskLen]); - maskedOther[i] = (byte)(other[i] & other[i+maskLen]); - if (maskedThis[i] != maskedOther[i]) { + byte maskedThis = (byte)(address[i] & address[i+maskLen]); + byte maskedOther = (byte)(other[i] & other[i+maskLen]); + if (maskedThis != maskedOther) { return false; } } @@ -400,7 +401,8 @@ else if (((IPAddressName)inputName).equals(this)) constraintType = NAME_MATCH; else { - byte[] otherAddress = ((IPAddressName)inputName).getBytes(); + IPAddressName otherName = (IPAddressName)inputName; + byte[] otherAddress = otherName.address; if (otherAddress.length == 4 && address.length == 4) // Two host addresses constraintType = NAME_SAME_TYPE;
--- a/src/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -215,7 +215,7 @@ * Integer. * @throws IOException on error */ - public Object get(String name) throws IOException { + public Integer get(String name) throws IOException { if (name.equalsIgnoreCase(SKIP_CERTS)) return (new Integer(skipCerts)); else
--- a/src/share/classes/sun/security/x509/InvalidityDateExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/InvalidityDateExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -138,7 +138,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public Date get(String name) throws IOException { if (name.equalsIgnoreCase(DATE)) { if (date == null) { return null;
--- a/src/share/classes/sun/security/x509/IssuerAlternativeNameExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/IssuerAlternativeNameExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -190,7 +190,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public GeneralNames get(String name) throws IOException { if (name.equalsIgnoreCase(ISSUER_NAME)) { return (names); } else {
--- a/src/share/classes/sun/security/x509/IssuingDistributionPointExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/IssuingDistributionPointExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -261,6 +261,7 @@ throw new IOException( "Attribute value should be of type ReasonFlags."); } + revocationReasons = (ReasonFlags)obj; } else if (name.equalsIgnoreCase(INDIRECT_CRL)) { if (!(obj instanceof Boolean)) { @@ -290,7 +291,6 @@ } hasOnlyAttributeCerts = ((Boolean)obj).booleanValue(); - } else { throw new IOException("Attribute name [" + name + "] not recognized by " +
--- a/src/share/classes/sun/security/x509/KeyIdentifier.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/KeyIdentifier.java Sat Sep 10 22:36:17 2016 +0100 @@ -148,7 +148,7 @@ return true; if (!(other instanceof KeyIdentifier)) return false; - return java.util.Arrays.equals(octetString, - ((KeyIdentifier)other).getIdentifier()); + byte[] otherString = ((KeyIdentifier)other).octetString; + return java.util.Arrays.equals(octetString, otherString); } }
--- a/src/share/classes/sun/security/x509/KeyUsageExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/KeyUsageExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -218,7 +218,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public Boolean get(String name) throws IOException { if (name.equalsIgnoreCase(DIGITAL_SIGNATURE)) { return Boolean.valueOf(isSet(0)); } else if (name.equalsIgnoreCase(NON_REPUDIATION)) {
--- a/src/share/classes/sun/security/x509/NameConstraintsExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/NameConstraintsExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,10 +27,7 @@ import java.io.IOException; import java.io.OutputStream; -import java.security.Principal; -import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; -import java.security.cert.CertificateParsingException; import java.security.cert.X509Certificate; import java.util.*; @@ -268,7 +265,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public GeneralSubtrees get(String name) throws IOException { if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { return (permitted); } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { @@ -349,8 +346,7 @@ * value and the value indicated in the extension field. */ - GeneralSubtrees newExcluded = - (GeneralSubtrees)newConstraints.get(EXCLUDED_SUBTREES); + GeneralSubtrees newExcluded = newConstraints.get(EXCLUDED_SUBTREES); if (excluded == null) { excluded = (newExcluded != null) ? (GeneralSubtrees)newExcluded.clone() : null; @@ -367,8 +363,7 @@ * previous value and the value indicated in the extension field. */ - GeneralSubtrees newPermitted = - (GeneralSubtrees)newConstraints.get(PERMITTED_SUBTREES); + GeneralSubtrees newPermitted = newConstraints.get(PERMITTED_SUBTREES); if (permitted == null) { permitted = (newPermitted != null) ? (GeneralSubtrees)newPermitted.clone() : null; @@ -455,8 +450,8 @@ if (altNameExt != null) { // extract altNames from extension; this call does not // return an IOException on null altnames - altNames = (GeneralNames) - (altNameExt.get(altNameExt.SUBJECT_NAME)); + altNames = altNameExt.get( + SubjectAlternativeNameExtension.SUBJECT_NAME); } } catch (CertificateException ce) { throw new IOException("Unable to extract extensions from " + @@ -575,10 +570,9 @@ * @throws IOException on error */ public boolean verifyRFC822SpecialCase(X500Name subject) throws IOException { - for (Iterator t = subject.allAvas().iterator(); t.hasNext(); ) { - AVA ava = (AVA)t.next(); + for (AVA ava : subject.allAvas()) { ObjectIdentifier attrOID = ava.getObjectIdentifier(); - if (attrOID.equals(PKCS9Attribute.EMAIL_ADDRESS_OID)) { + if (attrOID.equals((Object)PKCS9Attribute.EMAIL_ADDRESS_OID)) { String attrValue = ava.getValueString(); if (attrValue != null) { RFC822Name emailName;
--- a/src/share/classes/sun/security/x509/NetscapeCertTypeExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/NetscapeCertTypeExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -221,7 +221,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public Boolean get(String name) throws IOException { return Boolean.valueOf(isSet(getPosition(name))); } @@ -314,15 +314,15 @@ if (isSet(getPosition(SSL_CLIENT)) || isSet(getPosition(S_MIME)) || isSet(getPosition(OBJECT_SIGNING))) - keyUsage.set(keyUsage.DIGITAL_SIGNATURE, val); + keyUsage.set(KeyUsageExtension.DIGITAL_SIGNATURE, val); if (isSet(getPosition(SSL_SERVER))) - keyUsage.set(keyUsage.KEY_ENCIPHERMENT, val); + keyUsage.set(KeyUsageExtension.KEY_ENCIPHERMENT, val); if (isSet(getPosition(SSL_CA)) || isSet(getPosition(S_MIME_CA)) || isSet(getPosition(OBJECT_SIGNING_CA))) - keyUsage.set(keyUsage.KEY_CERTSIGN, val); + keyUsage.set(KeyUsageExtension.KEY_CERTSIGN, val); } catch (IOException e) { } return keyUsage.getBits(); }
--- a/src/share/classes/sun/security/x509/OIDMap.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/OIDMap.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,7 +29,6 @@ import java.io.IOException; import java.security.cert.CertificateException; -import java.security.cert.CertificateParsingException; import sun.security.util.*; @@ -186,7 +185,7 @@ final ObjectIdentifier oid; final String name; final String className; - private volatile Class clazz; + private volatile Class<?> clazz; OIDInfo(String name, ObjectIdentifier oid, String className) { this.name = name; @@ -194,7 +193,7 @@ this.className = className; } - OIDInfo(String name, ObjectIdentifier oid, Class clazz) { + OIDInfo(String name, ObjectIdentifier oid, Class<?> clazz) { this.name = name; this.oid = oid; this.className = clazz.getName(); @@ -204,17 +203,16 @@ /** * Return the Class object associated with this attribute. */ - Class getClazz() throws CertificateException { + Class<?> getClazz() throws CertificateException { try { - Class c = clazz; + Class<?> c = clazz; if (c == null) { c = Class.forName(className); clazz = c; } return c; } catch (ClassNotFoundException e) { - throw (CertificateException)new CertificateException - ("Could not load class: " + e).initCause(e); + throw new CertificateException("Could not load class: " + e, e); } } } @@ -228,7 +226,7 @@ * @param clazz the Class object associated with this attribute * @exception CertificateException on errors. */ - public static void addAttribute(String name, String oid, Class clazz) + public static void addAttribute(String name, String oid, Class<?> clazz) throws CertificateException { ObjectIdentifier objId; try { @@ -277,7 +275,7 @@ * @param name the user friendly name. * @exception CertificateException if class cannot be instantiated. */ - public static Class getClass(String name) throws CertificateException { + public static Class<?> getClass(String name) throws CertificateException { OIDInfo info = nameMap.get(name); return (info == null) ? null : info.getClazz(); } @@ -288,7 +286,7 @@ * @param oid the name of the object identifier to be returned. * @exception CertificateException if class cannot be instatiated. */ - public static Class getClass(ObjectIdentifier oid) + public static Class<?> getClass(ObjectIdentifier oid) throws CertificateException { OIDInfo info = oidMap.get(oid); return (info == null) ? null : info.getClazz();
--- a/src/share/classes/sun/security/x509/OIDName.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/OIDName.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2000, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -120,7 +120,7 @@ OIDName other = (OIDName)obj; - return oid.equals(other.oid); + return oid.equals((Object)other.oid); } /**
--- a/src/share/classes/sun/security/x509/OtherName.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/OtherName.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -120,19 +120,19 @@ private GeneralNameInterface getGNI(ObjectIdentifier oid, byte[] nameValue) throws IOException { try { - Class extClass = OIDMap.getClass(oid); + Class<?> extClass = OIDMap.getClass(oid); if (extClass == null) { // Unsupported OtherName return null; } - Class[] params = { Object.class }; - Constructor cons = ((Class<?>)extClass).getConstructor(params); + Class<?>[] params = { Object.class }; + Constructor<?> cons = extClass.getConstructor(params); Object[] passed = new Object[] { nameValue }; GeneralNameInterface gni = (GeneralNameInterface)cons.newInstance(passed); return gni; } catch (Exception e) { - throw (IOException)new IOException("Instantiation error: " + e).initCause(e); + throw new IOException("Instantiation error: " + e, e); } } @@ -176,7 +176,7 @@ return false; } OtherName otherOther = (OtherName)other; - if (!(otherOther.oid.equals(oid))) { + if (!(otherOther.oid.equals((Object)oid))) { return false; } GeneralNameInterface otherGNI = null;
--- a/src/share/classes/sun/security/x509/PolicyConstraintsExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/PolicyConstraintsExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -231,7 +231,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public Integer get(String name) throws IOException { if (name.equalsIgnoreCase(REQUIRE)) { return new Integer(require); } else if (name.equalsIgnoreCase(INHIBIT)) {
--- a/src/share/classes/sun/security/x509/PolicyInformation.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/PolicyInformation.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -186,6 +186,7 @@ /** * Set the attribute value. */ + @SuppressWarnings("unchecked") // Checked with instanceof public void set(String name, Object obj) throws IOException { if (name.equalsIgnoreCase(ID)) { if (obj instanceof CertificatePolicyId)
--- a/src/share/classes/sun/security/x509/PolicyMappingsExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/PolicyMappingsExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,8 +29,6 @@ import java.io.OutputStream; import java.util.*; -import java.security.cert.CertificateException; - import sun.security.util.*; /** @@ -104,7 +102,7 @@ public PolicyMappingsExtension() { extensionId = PKIXExtensions.KeyUsage_Id; critical = false; - maps = new ArrayList<CertificatePolicyMap>(); + maps = Collections.<CertificatePolicyMap>emptyList(); } /** @@ -165,6 +163,7 @@ /** * Set the attribute value. */ + @SuppressWarnings("unchecked") // Checked with instanceof public void set(String name, Object obj) throws IOException { if (name.equalsIgnoreCase(MAP)) { if (!(obj instanceof List)) { @@ -182,7 +181,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public List<CertificatePolicyMap> get(String name) throws IOException { if (name.equalsIgnoreCase(MAP)) { return (maps); } else {
--- a/src/share/classes/sun/security/x509/PrivateKeyUsageExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/PrivateKeyUsageExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,6 +33,7 @@ import java.security.cert.CertificateNotYetValidException; import java.util.Date; import java.util.Enumeration; +import java.util.Objects; import sun.security.util.*; @@ -206,16 +207,17 @@ */ public void valid(Date now) throws CertificateNotYetValidException, CertificateExpiredException { + Objects.requireNonNull(now); /* * we use the internal Dates rather than the passed in Date * because someone could override the Date methods after() * and before() to do something entirely different. */ - if (notBefore.after(now)) { + if (notBefore != null && notBefore.after(now)) { throw new CertificateNotYetValidException("NotBefore: " + notBefore.toString()); } - if (notAfter.before(now)) { + if (notAfter != null && notAfter.before(now)) { throw new CertificateExpiredException("NotAfter: " + notAfter.toString()); } @@ -262,7 +264,7 @@ * Get the attribute value. * @exception CertificateException on attribute handling errors. */ - public Object get(String name) throws CertificateException { + public Date get(String name) throws CertificateException { if (name.equalsIgnoreCase(NOT_BEFORE)) { return (new Date(notBefore.getTime())); } else if (name.equalsIgnoreCase(NOT_AFTER)) {
--- a/src/share/classes/sun/security/x509/RDN.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/RDN.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,17 +25,16 @@ package sun.security.x509; -import java.lang.reflect.*; import java.io.IOException; import java.io.StringReader; -import java.security.PrivilegedExceptionAction; -import java.security.AccessController; -import java.security.Principal; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.Comparator; +import java.util.List; +import java.util.Map; import sun.security.util.*; -import sun.security.pkcs.PKCS9Attribute; -import javax.security.auth.x500.X500Principal; /** * RDNs are a set of {attribute = value} assertions. Some of those @@ -327,7 +326,7 @@ */ DerValue findAttribute(ObjectIdentifier oid) { for (int i = 0; i < assertion.length; i++) { - if (assertion[i].oid.equals(oid)) { + if (assertion[i].oid.equals((Object)oid)) { return assertion[i].value; } } @@ -448,31 +447,20 @@ assertion[0].toRFC2253String(oidMap); } - StringBuilder relname = new StringBuilder(); - if (!canonical) { - for (int i = 0; i < assertion.length; i++) { - if (i > 0) { - relname.append('+'); - } - relname.append(assertion[i].toRFC2253String(oidMap)); - } - } else { + AVA[] toOutput = assertion; + if (canonical) { // order the string type AVA's alphabetically, // followed by the oid type AVA's numerically - List<AVA> avaList = new ArrayList<AVA>(assertion.length); - for (int i = 0; i < assertion.length; i++) { - avaList.add(assertion[i]); - } - java.util.Collections.sort(avaList, AVAComparator.getInstance()); - - for (int i = 0; i < avaList.size(); i++) { - if (i > 0) { - relname.append('+'); - } - relname.append(avaList.get(i).toRFC2253CanonicalString()); - } + toOutput = assertion.clone(); + Arrays.sort(toOutput, AVAComparator.getInstance()); } - return relname.toString(); + StringBuilder sb = new StringBuilder(); + for (int a = 0; a < toOutput.length; ++a) { + if (a > 0) sb.append("+"); + sb.append(canonical ? toOutput[a].toRFC2253CanonicalString() + : toOutput[a].toRFC2253String(oidMap)); + } + return sb.toString(); } }
--- a/src/share/classes/sun/security/x509/SubjectAlternativeNameExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/SubjectAlternativeNameExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -195,7 +195,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public GeneralNames get(String name) throws IOException { if (name.equalsIgnoreCase(SUBJECT_NAME)) { return (names); } else {
--- a/src/share/classes/sun/security/x509/SubjectInfoAccessExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/SubjectInfoAccessExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,6 +28,7 @@ import java.io.IOException; import java.io.OutputStream; +import java.util.Collections; import java.util.*; import sun.security.util.DerOutputStream; @@ -167,6 +168,7 @@ /** * Set the attribute value. */ + @SuppressWarnings("unchecked") // Checked with instanceof public void set(String name, Object obj) throws IOException { if (name.equalsIgnoreCase(DESCRIPTIONS)) { if (!(obj instanceof List)) { @@ -184,7 +186,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public List<AccessDescription> get(String name) throws IOException { if (name.equalsIgnoreCase(DESCRIPTIONS)) { return accessDescriptions; } else { @@ -199,7 +201,8 @@ */ public void delete(String name) throws IOException { if (name.equalsIgnoreCase(DESCRIPTIONS)) { - accessDescriptions = new ArrayList<AccessDescription>(); + accessDescriptions = + Collections.<AccessDescription>emptyList(); } else { throw new IOException("Attribute name [" + name + "] not recognized by " +
--- a/src/share/classes/sun/security/x509/SubjectKeyIdentifierExtension.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/SubjectKeyIdentifierExtension.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -156,7 +156,7 @@ /** * Get the attribute value. */ - public Object get(String name) throws IOException { + public KeyIdentifier get(String name) throws IOException { if (name.equalsIgnoreCase(KEY_ID)) { return (id); } else {
--- a/src/share/classes/sun/security/x509/URIName.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/URIName.java Sat Sep 10 22:36:17 2016 +0100 @@ -167,7 +167,7 @@ String host = uri.getSchemeSpecificPart(); try { DNSName hostDNS; - if (host.charAt(0) == '.') { + if (host.startsWith(".")) { hostDNS = new DNSName(host.substring(1)); } else { hostDNS = new DNSName(host);
--- a/src/share/classes/sun/security/x509/X500Name.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/X500Name.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,14 +27,12 @@ import java.lang.reflect.*; import java.io.IOException; -import java.io.StringReader; import java.security.PrivilegedExceptionAction; import java.security.AccessController; import java.security.Principal; import java.util.*; import sun.security.util.*; -import sun.security.pkcs.PKCS9Attribute; import javax.security.auth.x500.X500Principal; /** @@ -347,6 +345,8 @@ for (int i = 0; i < names.length; i++) { list.addAll(names[i].avas()); } + list = Collections.unmodifiableList(list); + allAvaList = list; } return list; } @@ -365,9 +365,6 @@ */ public boolean isEmpty() { int n = names.length; - if (n == 0) { - return true; - } for (int i = 0; i < n; i++) { if (names[i].assertion.length != 0) { return false; @@ -1371,7 +1368,7 @@ /** * Constructor object for use by asX500Principal(). */ - private static final Constructor principalConstructor; + private static final Constructor<X500Principal> principalConstructor; /** * Field object for use by asX500Name(). @@ -1386,9 +1383,9 @@ PrivilegedExceptionAction<Object[]> pa = new PrivilegedExceptionAction<Object[]>() { public Object[] run() throws Exception { - Class pClass = X500Principal.class; - Class[] args = new Class[] {X500Name.class}; - Constructor cons = ((Class<?>)pClass).getDeclaredConstructor(args); + Class<X500Principal> pClass = X500Principal.class; + Class<?>[] args = new Class<?>[] { X500Name.class }; + Constructor<X500Principal> cons = pClass.getDeclaredConstructor(args); cons.setAccessible(true); Field field = pClass.getDeclaredField("thisX500Name"); field.setAccessible(true); @@ -1397,7 +1394,10 @@ }; try { Object[] result = AccessController.doPrivileged(pa); - principalConstructor = (Constructor)result[0]; + @SuppressWarnings("unchecked") + Constructor<X500Principal> constr = + (Constructor<X500Principal>)result[0]; + principalConstructor = constr; principalField = (Field)result[1]; } catch (Exception e) { throw (InternalError)new InternalError("Could not obtain " @@ -1415,8 +1415,7 @@ if (x500Principal == null) { try { Object[] args = new Object[] {this}; - x500Principal = - (X500Principal)principalConstructor.newInstance(args); + x500Principal = principalConstructor.newInstance(args); } catch (Exception e) { throw new RuntimeException("Unexpected exception", e); }
--- a/src/share/classes/sun/security/x509/X509AttributeName.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/X509AttributeName.java Sat Sep 10 22:36:17 2016 +0100 @@ -47,7 +47,7 @@ */ public X509AttributeName(String name) { int i = name.indexOf(SEPARATOR); - if (i == (-1)) { + if (i < 0) { prefix = name; } else { prefix = name.substring(0, i);
--- a/src/share/classes/sun/security/x509/X509CRLEntryImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/X509CRLEntryImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,11 +25,9 @@ package sun.security.x509; -import java.io.InputStream; import java.io.IOException; import java.security.cert.CRLException; import java.security.cert.CRLReason; -import java.security.cert.CertificateException; import java.security.cert.X509CRLEntry; import java.math.BigInteger; import java.util.*; @@ -281,7 +279,7 @@ if (obj == null) return null; CRLReasonCodeExtension reasonCode = (CRLReasonCodeExtension)obj; - return (Integer)(reasonCode.get(reasonCode.REASON)); + return reasonCode.get(CRLReasonCodeExtension.REASON); } /** @@ -299,13 +297,13 @@ sb.append("\n Certificate issuer: " + certIssuer); } if (extensions != null) { - Collection allEntryExts = extensions.getAllExtensions(); - Object[] objs = allEntryExts.toArray(); + Collection<Extension> allEntryExts = extensions.getAllExtensions(); + Extension[] exts = allEntryExts.toArray(new Extension[0]); - sb.append("\n CRL Entry Extensions: " + objs.length); - for (int i = 0; i < objs.length; i++) { + sb.append("\n CRL Entry Extensions: " + exts.length); + for (int i = 0; i < exts.length; i++) { sb.append("\n [" + (i+1) + "]: "); - Extension ext = (Extension)objs[i]; + Extension ext = exts[i]; try { if (OIDMap.getClass(ext.getExtensionId()) == null) { sb.append(ext.toString()); @@ -409,7 +407,7 @@ e.hasMoreElements();) { ex = e.nextElement(); inCertOID = ex.getExtensionId(); - if (inCertOID.equals(findOID)) { + if (inCertOID.equals((Object)findOID)) { crlExt = ex; break; }
--- a/src/share/classes/sun/security/x509/X509CRLImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/X509CRLImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,7 +32,6 @@ import java.security.Principal; import java.security.PublicKey; import java.security.PrivateKey; -import java.security.Security; import java.security.Signature; import java.security.NoSuchAlgorithmException; import java.security.InvalidKeyException; @@ -687,9 +686,7 @@ public byte[] getTBSCertList() throws CRLException { if (tbsCertList == null) throw new CRLException("Uninitialized CRL"); - byte[] dup = new byte[tbsCertList.length]; - System.arraycopy(tbsCertList, 0, dup, 0, dup.length); - return dup; + return tbsCertList.clone(); } /** @@ -700,9 +697,7 @@ public byte[] getSignature() { if (signature == null) return null; - byte[] dup = new byte[signature.length]; - System.arraycopy(signature, 0, dup, 0, dup.length); - return dup; + return signature.clone(); } /** @@ -784,7 +779,8 @@ public KeyIdentifier getAuthKeyId() throws IOException { AuthorityKeyIdentifierExtension aki = getAuthKeyIdExtension(); if (aki != null) { - KeyIdentifier keyId = (KeyIdentifier)aki.get(aki.KEY_ID); + KeyIdentifier keyId = (KeyIdentifier)aki.get( + AuthorityKeyIdentifierExtension.KEY_ID); return keyId; } else { return null; @@ -823,7 +819,7 @@ public BigInteger getCRLNumber() throws IOException { CRLNumberExtension numExt = getCRLNumberExtension(); if (numExt != null) { - BigInteger num = (BigInteger)numExt.get(numExt.NUMBER); + BigInteger num = numExt.get(CRLNumberExtension.NUMBER); return num; } else { return null; @@ -852,7 +848,7 @@ public BigInteger getBaseCRLNumber() throws IOException { DeltaCRLIndicatorExtension dciExt = getDeltaCRLIndicatorExtension(); if (dciExt != null) { - BigInteger num = (BigInteger)dciExt.get(dciExt.NUMBER); + BigInteger num = dciExt.get(DeltaCRLIndicatorExtension.NUMBER); return num; } else { return null; @@ -963,7 +959,7 @@ e.hasMoreElements();) { ex = e.nextElement(); inCertOID = ex.getExtensionId(); - if (inCertOID.equals(findOID)) { + if (inCertOID.equals((Object)findOID)) { crlExt = ex; break; } @@ -1192,8 +1188,7 @@ CertificateIssuerExtension ciExt = entry.getCertificateIssuerExtension(); if (ciExt != null) { - GeneralNames names = (GeneralNames) - ciExt.get(CertificateIssuerExtension.ISSUER); + GeneralNames names = ciExt.get(CertificateIssuerExtension.ISSUER); X500Name issuerDN = (X500Name) names.get(0).getName(); return issuerDN.asX500Principal(); } else {
--- a/src/share/classes/sun/security/x509/X509CertImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/X509CertImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -956,9 +956,7 @@ public byte[] getSignature() { if (signature == null) return null; - byte[] dup = new byte[signature.length]; - System.arraycopy(signature, 0, dup, 0, dup.length); - return dup; + return signature.clone(); } /** @@ -1618,7 +1616,7 @@ } GeneralNames names; try { - names = (GeneralNames) subjectAltNameExt.get( + names = subjectAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); } catch (IOException ioe) { // should not occur @@ -1650,7 +1648,7 @@ GeneralNames names; try { - names = (GeneralNames) subjectAltNameExt.get( + names = subjectAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); } catch (IOException ioe) { // should not occur @@ -1681,7 +1679,7 @@ } GeneralNames names; try { - names = (GeneralNames) issuerAltNameExt.get( + names = issuerAltNameExt.get( IssuerAlternativeNameExtension.ISSUER_NAME); } catch (IOException ioe) { // should not occur @@ -1713,7 +1711,7 @@ data); GeneralNames names; try { - names = (GeneralNames) issuerAltNameExt.get( + names = issuerAltNameExt.get( IssuerAlternativeNameExtension.ISSUER_NAME); } catch (IOException ioe) { // should not occur
--- a/src/share/classes/sun/security/x509/X509CertInfo.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/X509CertInfo.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -149,10 +149,7 @@ parse(in); } catch (IOException e) { - CertificateParsingException parseException = - new CertificateParsingException(e.toString()); - parseException.initCause(e); - throw parseException; + throw new CertificateParsingException(e); } } @@ -168,10 +165,7 @@ try { parse(derVal); } catch (IOException e) { - CertificateParsingException parseException = - new CertificateParsingException(e.toString()); - parseException.initCause(e); - throw parseException; + throw new CertificateParsingException(e); } } @@ -319,12 +313,12 @@ sb.append(" Subject Id:\n" + subjectUniqueId.toString() + "\n"); } if (extensions != null) { - Collection allExts = extensions.getAllExtensions(); - Object[] objs = allExts.toArray(); - sb.append("\nCertificate Extensions: " + objs.length); - for (int i = 0; i < objs.length; i++) { + Collection<Extension> allExts = extensions.getAllExtensions(); + Extension[] exts = allExts.toArray(new Extension[0]); + sb.append("\nCertificate Extensions: " + exts.length); + for (int i = 0; i < exts.length; i++) { sb.append("\n[" + (i+1) + "]: "); - Extension ext = (Extension)objs[i]; + Extension ext = exts[i]; try { if (OIDMap.getClass(ext.getExtensionId()) == null) { sb.append(ext.toString()); @@ -766,8 +760,8 @@ try { subjectAltNameExt = (SubjectAlternativeNameExtension) extensions.get(SubjectAlternativeNameExtension.NAME); - names = (GeneralNames) subjectAltNameExt.get - (SubjectAlternativeNameExtension.SUBJECT_NAME); + names = subjectAltNameExt.get( + SubjectAlternativeNameExtension.SUBJECT_NAME); } catch (IOException e) { throw new CertificateParsingException("X.509 Certificate is " + "incomplete: subject field is empty, and " +
--- a/src/share/classes/sun/security/x509/X509Key.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/security/x509/X509Key.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,7 +31,6 @@ import java.security.Key; import java.security.PublicKey; import java.security.KeyFactory; -import java.security.KeyRep; import java.security.Security; import java.security.Provider; import java.security.InvalidKeyException; @@ -245,7 +244,7 @@ throw new InstantiationException(); } - Class keyClass = null; + Class<?> keyClass = null; try { keyClass = Class.forName(classname); } catch (ClassNotFoundException e) {
--- a/src/share/classes/sun/tools/jar/resources/jar_ja.properties Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/tools/jar/resources/jar_ja.properties Sat Sep 10 22:36:17 2016 +0100 @@ -44,4 +44,4 @@ out.inflated=\ {0}\u304C\u5C55\u958B\u3055\u308C\u307E\u3057\u305F out.size=(\u5165={0})(\u51FA={1}) -usage=\u4F7F\u7528\u65B9\u6CD5: jar {ctxui}[vfmn0PMe] [jar-file] [manifest-file] [entry-point] [-C dir] files ...\n\u30AA\u30D7\u30B7\u30E7\u30F3:\n -c \u30A2\u30FC\u30AB\u30A4\u30D6\u3092\u65B0\u898F\u4F5C\u6210\u3059\u308B\n -t \u30A2\u30FC\u30AB\u30A4\u30D6\u306E\u5185\u5BB9\u3092\u4E00\u89A7\u8868\u793A\u3059\u308B\n -x \u6307\u5B9A\u306E(\u307E\u305F\u306F\u3059\u3079\u3066\u306E)\u30D5\u30A1\u30A4\u30EB\u3092\u30A2\u30FC\u30AB\u30A4\u30D6\u304B\u3089\u62BD\u51FA\u3059\u308B\n -u \u65E2\u5B58\u30A2\u30FC\u30AB\u30A4\u30D6\u3092\u66F4\u65B0\u3059\u308B\n -v \u6A19\u6E96\u51FA\u529B\u306B\u8A73\u7D30\u306A\u51FA\u529B\u3092\u751F\u6210\u3059\u308B\n -f \u30A2\u30FC\u30AB\u30A4\u30D6\u30FB\u30D5\u30A1\u30A4\u30EB\u540D\u3092\u6307\u5B9A\u3059\u308B\n -m \u6307\u5B9A\u306E\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u30FB\u30D5\u30A1\u30A4\u30EB\u304B\u3089\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u60C5\u5831\u3092\u53D6\u308A\u8FBC\u3080\n -n \u65B0\u898F\u30A2\u30FC\u30AB\u30A4\u30D6\u306E\u4F5C\u6210\u5F8C\u306BPack200\u6B63\u898F\u5316\u3092\u5B9F\u884C\u3059\u308B\n -e \u5B9F\u884C\u53EF\u80FDjar\u30D5\u30A1\u30A4\u30EB\u306B\u30D0\u30F3\u30C9\u30EB\u3055\u308C\u305F\u30B9\u30BF\u30F3\u30C9\u30A2\u30ED\u30F3\u30FB\n \u30A2\u30D7\u30EA\u30B1\u30FC\u30B7\u30E7\u30F3\u306E\u30A8\u30F3\u30C8\u30EA\u30FB\u30DD\u30A4\u30F3\u30C8\u3092\u6307\u5B9A\u3059\u308B\n -0 \u683C\u7D0D\u306E\u307F\u3002ZIP\u5727\u7E2E\u3092\u4F7F\u7528\u3057\u306A\u3044\n -P \u30D5\u30A1\u30A4\u30EB\u540D\u306E\u5148\u982D\u306E'/' (\u7D76\u5BFE\u30D1\u30B9)\u304A\u3088\u3073\\"..\\" (\u89AA\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA)\u30B3\u30F3\u30DD\u30FC\u30CD\u30F3\u30C8\u3092\u4FDD\u6301\u3059\u308B\n -M \u30A8\u30F3\u30C8\u30EA\u306E\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u30FB\u30D5\u30A1\u30A4\u30EB\u3092\u4F5C\u6210\u3057\u306A\u3044\n -i \u6307\u5B9A\u306Ejar\u30D5\u30A1\u30A4\u30EB\u306E\u7D22\u5F15\u60C5\u5831\u3092\u751F\u6210\u3059\u308B\n -C \u6307\u5B9A\u306E\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u306B\u5909\u66F4\u3057\u3001\u6B21\u306E\u30D5\u30A1\u30A4\u30EB\u3092\u53D6\u308A\u8FBC\u3080\n\u30D5\u30A1\u30A4\u30EB\u304C\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u306E\u5834\u5408\u306F\u518D\u5E30\u7684\u306B\u51E6\u7406\u3055\u308C\u307E\u3059\u3002\n\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u30FB\u30D5\u30A1\u30A4\u30EB\u540D\u3001\u30A2\u30FC\u30AB\u30A4\u30D6\u30FB\u30D5\u30A1\u30A4\u30EB\u540D\u304A\u3088\u3073\u30A8\u30F3\u30C8\u30EA\u30FB\u30DD\u30A4\u30F3\u30C8\u540D\u306F\u3001\n\u30D5\u30E9\u30B0'm'\u3001'f'\u3001'e'\u306E\u6307\u5B9A\u3068\u540C\u3058\u9806\u756A\u3067\u6307\u5B9A\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002\n\n\u4F8B1: 2\u3064\u306E\u30AF\u30E9\u30B9\u30FB\u30D5\u30A1\u30A4\u30EB\u3092\u30A2\u30FC\u30AB\u30A4\u30D6classes.jar\u306B\u4FDD\u5B58\u3059\u308B: \n jar cvf classes.jar Foo.class Bar.class \n\u4F8B2: \u65E2\u5B58\u306E\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u30FB\u30D5\u30A1\u30A4\u30EB'mymanifest'\u3092\u4F7F\u7528\u3057\u3001foo/\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u306E\n \u5168\u30D5\u30A1\u30A4\u30EB\u3092'classes.jar'\u306B\u30A2\u30FC\u30AB\u30A4\u30D6\u3059\u308B: \n jar cvfm classes.jar mymanifest -C foo/ \n +usage=\u4F7F\u7528\u65B9\u6CD5: jar {ctxui}[vfmn0PMe] [jar-file] [manifest-file] [entry-point] [-C dir] files ...\n\u30AA\u30D7\u30B7\u30E7\u30F3:\n -c \u30A2\u30FC\u30AB\u30A4\u30D6\u3092\u65B0\u898F\u4F5C\u6210\u3059\u308B\n -t \u30A2\u30FC\u30AB\u30A4\u30D6\u306E\u5185\u5BB9\u3092\u4E00\u89A7\u8868\u793A\u3059\u308B\n -x \u6307\u5B9A\u306E(\u307E\u305F\u306F\u3059\u3079\u3066\u306E)\u30D5\u30A1\u30A4\u30EB\u3092\u30A2\u30FC\u30AB\u30A4\u30D6\u304B\u3089\u62BD\u51FA\u3059\u308B\n -u \u65E2\u5B58\u30A2\u30FC\u30AB\u30A4\u30D6\u3092\u66F4\u65B0\u3059\u308B\n -v \u6A19\u6E96\u51FA\u529B\u306B\u8A73\u7D30\u306A\u51FA\u529B\u3092\u751F\u6210\u3059\u308B\n -f \u30A2\u30FC\u30AB\u30A4\u30D6\u30FB\u30D5\u30A1\u30A4\u30EB\u540D\u3092\u6307\u5B9A\u3059\u308B\n -m \u6307\u5B9A\u306E\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u30FB\u30D5\u30A1\u30A4\u30EB\u304B\u3089\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u60C5\u5831\u3092\u53D6\u308A\u8FBC\u3080\n -n \u65B0\u898F\u30A2\u30FC\u30AB\u30A4\u30D6\u306E\u4F5C\u6210\u5F8C\u306BPack200\u6B63\u898F\u5316\u3092\u5B9F\u884C\u3059\u308B\n -e \u5B9F\u884C\u53EF\u80FDjar\u30D5\u30A1\u30A4\u30EB\u306B\u30D0\u30F3\u30C9\u30EB\u3055\u308C\u305F\u30B9\u30BF\u30F3\u30C9\u30A2\u30ED\u30F3\u30FB\n \u30A2\u30D7\u30EA\u30B1\u30FC\u30B7\u30E7\u30F3\u306E\u30A8\u30F3\u30C8\u30EA\u30FB\u30DD\u30A4\u30F3\u30C8\u3092\u6307\u5B9A\u3059\u308B\n -0 \u683C\u7D0D\u306E\u307F\u3002ZIP\u5727\u7E2E\u3092\u4F7F\u7528\u3057\u306A\u3044\n -P \u30D5\u30A1\u30A4\u30EB\u540D\u306E\u5148\u982D\u306E'/' (\u7D76\u5BFE\u30D1\u30B9)\u304A\u3088\u3073\\"..\\" (\u89AA\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA)\u30B3\u30F3\u30DD\u30FC\u30CD\u30F3\u30C8\u3092\u4FDD\u6301\u3059\u308B\n -M \u30A8\u30F3\u30C8\u30EA\u306E\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u30FB\u30D5\u30A1\u30A4\u30EB\u3092\u4F5C\u6210\u3057\u306A\u3044\n -i \u6307\u5B9A\u306Ejar\u30D5\u30A1\u30A4\u30EB\u306E\u7D22\u5F15\u60C5\u5831\u3092\u751F\u6210\u3059\u308B\n -C \u6307\u5B9A\u306E\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u306B\u5909\u66F4\u3057\u3001\u6B21\u306E\u30D5\u30A1\u30A4\u30EB\u3092\u53D6\u308A\u8FBC\u3080\n\u30D5\u30A1\u30A4\u30EB\u304C\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u306E\u5834\u5408\u306F\u518D\u5E30\u7684\u306B\u51E6\u7406\u3055\u308C\u307E\u3059\u3002\n\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u30FB\u30D5\u30A1\u30A4\u30EB\u540D\u3001\u30A2\u30FC\u30AB\u30A4\u30D6\u30FB\u30D5\u30A1\u30A4\u30EB\u540D\u304A\u3088\u3073\u30A8\u30F3\u30C8\u30EA\u30FB\u30DD\u30A4\u30F3\u30C8\u540D\u306F\u3001\n\u30D5\u30E9\u30B0'm'\u3001'f'\u3001'e'\u306E\u6307\u5B9A\u3068\u540C\u3058\u9806\u756A\u3067\u6307\u5B9A\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002\n\n\u4F8B1: 2\u3064\u306E\u30AF\u30E9\u30B9\u30FB\u30D5\u30A1\u30A4\u30EB\u3092\u30A2\u30FC\u30AB\u30A4\u30D6classes.jar\u306B\u4FDD\u5B58\u3059\u308B: \n jar cvf classes.jar Foo.class Bar.class \n\u4F8B2: \u65E2\u5B58\u306E\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u30FB\u30D5\u30A1\u30A4\u30EB'mymanifest'\u3092\u4F7F\u7528\u3057\u3001foo/\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u306E\n \u5168\u30D5\u30A1\u30A4\u30EB\u3092'classes.jar'\u306B\u30A2\u30FC\u30AB\u30A4\u30D6\u3059\u308B: \n jar cvfm classes.jar mymanifest -C foo/ .\n
--- a/src/share/classes/sun/tools/jar/resources/jar_ko.properties Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/tools/jar/resources/jar_ko.properties Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ # -# Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -44,4 +44,4 @@ out.inflated=\ \uC99D\uAC00\uB428: {0} out.size=(\uC785\uB825 = {0}) (\uCD9C\uB825 = {1}) -usage=\uC0AC\uC6A9\uBC95: jar {ctxui}[vfmn0PMe] [jar-file] [manifest-file] [entry-point] [-C dir] files ...\n\uC635\uC158:\n -c \uC0C8 \uC544\uCE74\uC774\uBE0C\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4.\n -t \uC544\uCE74\uC774\uBE0C\uC5D0 \uB300\uD55C \uBAA9\uCC28\uB97C \uB098\uC5F4\uD569\uB2C8\uB2E4.\n -x \uBA85\uBA85\uB41C(\uB610\uB294 \uBAA8\uB4E0) \uD30C\uC77C\uC744 \uC544\uCE74\uC774\uBE0C\uC5D0\uC11C \uCD94\uCD9C\uD569\uB2C8\uB2E4.\n -u \uAE30\uC874 \uC544\uCE74\uC774\uBE0C\uB97C \uC5C5\uB370\uC774\uD2B8\uD569\uB2C8\uB2E4.\n -v \uD45C\uC900 \uCD9C\uB825\uC5D0 \uC0C1\uC138 \uC815\uBCF4 \uCD9C\uB825\uC744 \uC0DD\uC131\uD569\uB2C8\uB2E4.\n -f \uC544\uCE74\uC774\uBE0C \uD30C\uC77C \uC774\uB984\uC744 \uC9C0\uC815\uD569\uB2C8\uB2E4.\n -m \uC9C0\uC815\uB41C Manifest \uD30C\uC77C\uC758 Manifest \uC815\uBCF4\uB97C \uD3EC\uD568\uD569\uB2C8\uB2E4.\n -n \uC0C8 \uC544\uCE74\uC774\uBE0C\uB97C \uC0DD\uC131\uD55C \uD6C4 Pack200 \uC815\uADDC\uD654\uB97C \uC218\uD589\uD569\uB2C8\uB2E4.\n -e jar \uC2E4\uD589 \uD30C\uC77C\uC5D0 \uBC88\uB4E4\uB85C \uC81C\uACF5\uB41C \uB3C5\uB9BD\uD615 \uC751\uC6A9 \uD504\uB85C\uADF8\uB7A8\uC758 \n \uC751\uC6A9 \uD504\uB85C\uADF8\uB7A8 \uC2DC\uC791 \uC9C0\uC810\uC744 \uC9C0\uC815\uD569\uB2C8\uB2E4.\n -0 \uC800\uC7A5 \uC804\uC6A9: ZIP \uC555\uCD95\uC744 \uC0AC\uC6A9\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4.\n -P \uD30C\uC77C \uC774\uB984\uC5D0\uC11C \uC120\uD589 '/'(\uC808\uB300 \uACBD\uB85C) \uBC0F ".."(\uC0C1\uC704 \uB514\uB809\uD1A0\uB9AC) \uAD6C\uC131 \uC694\uC18C\uB97C \uC720\uC9C0\uD569\uB2C8\uB2E4.\n -M \uD56D\uBAA9\uC5D0 \uB300\uD574 Manifest \uD30C\uC77C\uC744 \uC0DD\uC131\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4.\n -i \uC9C0\uC815\uB41C jar \uD30C\uC77C\uC5D0 \uB300\uD55C \uC778\uB371\uC2A4 \uC815\uBCF4\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4.\n -C \uC9C0\uC815\uB41C \uB514\uB809\uD1A0\uB9AC\uB85C \uBCC0\uACBD\uD558\uACE0 \uB2E4\uC74C \uD30C\uC77C\uC744 \uD3EC\uD568\uD569\uB2C8\uB2E4.\n\uD2B9\uC815 \uD30C\uC77C\uC774 \uB514\uB809\uD1A0\uB9AC\uC77C \uACBD\uC6B0 \uC21C\uD658\uC801\uC73C\uB85C \uCC98\uB9AC\uB429\uB2C8\uB2E4.\nManifest \uD30C\uC77C \uC774\uB984, \uC544\uCE74\uC774\uBE0C \uD30C\uC77C \uC774\uB984 \uBC0F \uC2DC\uC791 \uC9C0\uC810 \uC774\uB984\uC740\n'm', 'f' \uBC0F 'e' \uD50C\uB798\uADF8\uC640 \uB3D9\uC77C\uD55C \uC21C\uC11C\uB85C \uC9C0\uC815\uB429\uB2C8\uB2E4.\n\n\uC608 1: classes.jar\uB77C\uB294 \uC544\uCE74\uC774\uBE0C\uC5D0 \uB450 \uD074\uB798\uC2A4 \uD30C\uC77C\uC744 \uC544\uCE74\uC774\uBE0C\uD558\uB294 \uBC29\uBC95: \n jar cvf classes.jar Foo.class Bar.class \n\uC608 2: \uAE30\uC874 Manifest \uD30C\uC77C 'mymanifest'\uB97C \uC0AC\uC6A9\uD558\uC5EC\n foo/ \uB514\uB809\uD1A0\uB9AC\uC758 \uBAA8\uB4E0 \uD30C\uC77C\uC744 'classes.jar'\uB85C \uC544\uCE74\uC774\uBE0C\uD558\uB294 \uBC29\uBC95: \n jar cvfm classes.jar mymanifest -C foo/ . +usage=\uC0AC\uC6A9\uBC95: jar {ctxui}[vfmn0PMe] [jar-file] [manifest-file] [entry-point] [-C dir] files ...\n\uC635\uC158:\n -c \uC0C8 \uC544\uCE74\uC774\uBE0C\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4.\n -t \uC544\uCE74\uC774\uBE0C\uC5D0 \uB300\uD55C \uBAA9\uCC28\uB97C \uB098\uC5F4\uD569\uB2C8\uB2E4.\n -x \uBA85\uBA85\uB41C(\uB610\uB294 \uBAA8\uB4E0) \uD30C\uC77C\uC744 \uC544\uCE74\uC774\uBE0C\uC5D0\uC11C \uCD94\uCD9C\uD569\uB2C8\uB2E4.\n -u \uAE30\uC874 \uC544\uCE74\uC774\uBE0C\uB97C \uC5C5\uB370\uC774\uD2B8\uD569\uB2C8\uB2E4.\n -v \uD45C\uC900 \uCD9C\uB825\uC5D0 \uC0C1\uC138 \uC815\uBCF4 \uCD9C\uB825\uC744 \uC0DD\uC131\uD569\uB2C8\uB2E4.\n -f \uC544\uCE74\uC774\uBE0C \uD30C\uC77C \uC774\uB984\uC744 \uC9C0\uC815\uD569\uB2C8\uB2E4.\n -m \uC9C0\uC815\uB41C Manifest \uD30C\uC77C\uC758 Manifest \uC815\uBCF4\uB97C \uD3EC\uD568\uD569\uB2C8\uB2E4.\n -n \uC0C8 \uC544\uCE74\uC774\uBE0C\uB97C \uC0DD\uC131\uD55C \uD6C4 Pack200 \uC815\uADDC\uD654\uB97C \uC218\uD589\uD569\uB2C8\uB2E4.\n -e jar \uC2E4\uD589 \uD30C\uC77C\uC5D0 \uBC88\uB4E4\uB85C \uC81C\uACF5\uB41C \uB3C5\uB9BD\uD615 \uC560\uD50C\uB9AC\uCF00\uC774\uC158\uC758 \n \uC560\uD50C\uB9AC\uCF00\uC774\uC158 \uC2DC\uC791 \uC9C0\uC810\uC744 \uC9C0\uC815\uD569\uB2C8\uB2E4.\n -0 \uC800\uC7A5 \uC804\uC6A9: ZIP \uC555\uCD95\uC744 \uC0AC\uC6A9\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4.\n -P \uD30C\uC77C \uC774\uB984\uC5D0\uC11C \uC120\uD589 '/'(\uC808\uB300 \uACBD\uB85C) \uBC0F ".."(\uC0C1\uC704 \uB514\uB809\uD1A0\uB9AC) \uAD6C\uC131 \uC694\uC18C\uB97C \uC720\uC9C0\uD569\uB2C8\uB2E4.\n -M \uD56D\uBAA9\uC5D0 \uB300\uD574 Manifest \uD30C\uC77C\uC744 \uC0DD\uC131\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4.\n -i \uC9C0\uC815\uB41C jar \uD30C\uC77C\uC5D0 \uB300\uD55C \uC778\uB371\uC2A4 \uC815\uBCF4\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4.\n -C \uC9C0\uC815\uB41C \uB514\uB809\uD1A0\uB9AC\uB85C \uBCC0\uACBD\uD558\uACE0 \uB2E4\uC74C \uD30C\uC77C\uC744 \uD3EC\uD568\uD569\uB2C8\uB2E4.\n\uD2B9\uC815 \uD30C\uC77C\uC774 \uB514\uB809\uD1A0\uB9AC\uC77C \uACBD\uC6B0 \uC21C\uD658\uC801\uC73C\uB85C \uCC98\uB9AC\uB429\uB2C8\uB2E4.\nManifest \uD30C\uC77C \uC774\uB984, \uC544\uCE74\uC774\uBE0C \uD30C\uC77C \uC774\uB984 \uBC0F \uC2DC\uC791 \uC9C0\uC810 \uC774\uB984\uC740\n'm', 'f' \uBC0F 'e' \uD50C\uB798\uADF8\uC640 \uB3D9\uC77C\uD55C \uC21C\uC11C\uB85C \uC9C0\uC815\uB429\uB2C8\uB2E4.\n\n\uC608 1: classes.jar\uB77C\uB294 \uC544\uCE74\uC774\uBE0C\uC5D0 \uB450 \uD074\uB798\uC2A4 \uD30C\uC77C\uC744 \uC544\uCE74\uC774\uBE0C\uD558\uB294 \uBC29\uBC95: \n jar cvf classes.jar Foo.class Bar.class \n\uC608 2: \uAE30\uC874 Manifest \uD30C\uC77C 'mymanifest'\uB97C \uC0AC\uC6A9\uD558\uC5EC\n foo/ \uB514\uB809\uD1A0\uB9AC\uC758 \uBAA8\uB4E0 \uD30C\uC77C\uC744 'classes.jar'\uB85C \uC544\uCE74\uC774\uBE0C\uD558\uB294 \uBC29\uBC95: \n jar cvfm classes.jar mymanifest -C foo/ .
--- a/src/share/classes/sun/util/resources/TimeZoneNames.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/util/resources/TimeZoneNames.java Sat Sep 10 22:36:17 2016 +0100 @@ -352,6 +352,7 @@ {"America/Eirunepe", ACT}, {"America/El_Salvador", CST}, {"America/Ensenada", PST}, + {"America/Fort_Nelson", MST}, {"America/Fort_Wayne", EST}, {"America/Fortaleza", BRT}, {"America/Glace_Bay", AST}, @@ -401,7 +402,7 @@ {"America/Mendoza", AGT}, {"America/Menominee", CST}, {"America/Merida", CST}, - {"America/Metlakatla", PST}, + {"America/Metlakatla", AKST}, {"America/Mexico_City", CST}, {"America/Miquelon", new String[] {"Pierre & Miquelon Standard Time", "PMST", "Pierre & Miquelon Daylight Time", "PMDT"}}, @@ -504,7 +505,7 @@ {"Asia/Brunei", new String[] {"Brunei Time", "BNT", "Brunei Summer Time", "BNST"}}, {"Asia/Calcutta", IST}, - {"Asia/Chita", IRKT}, + {"Asia/Chita", YAKT}, {"Asia/Choibalsan", new String[] {"Choibalsan Time", "CHOT", "Choibalsan Summer Time", "CHOST"}}, {"Asia/Chongqing", CTT}, @@ -538,8 +539,7 @@ {"Asia/Kashgar", XJT}, {"Asia/Kathmandu", NPT}, {"Asia/Katmandu", NPT}, - {"Asia/Khandyga", new String[] {"Khandyga Time", "YAKT", - "Khandyga Summer Time", "YAKST"}}, + {"Asia/Khandyga", YAKT}, {"Asia/Kolkata", IST}, {"Asia/Krasnoyarsk", KRAT}, {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_de.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_de.java Sat Sep 10 22:36:17 2016 +0100 @@ -352,6 +352,7 @@ {"America/Eirunepe", ACT}, {"America/El_Salvador", CST}, {"America/Ensenada", PST}, + {"America/Fort_Nelson", MST}, {"America/Fort_Wayne", EST}, {"America/Fortaleza", BRT}, {"America/Glace_Bay", AST}, @@ -401,7 +402,7 @@ {"America/Mendoza", AGT}, {"America/Menominee", CST}, {"America/Merida", CST}, - {"America/Metlakatla", PST}, + {"America/Metlakatla", AKST}, {"America/Mexico_City", CST}, {"America/Miquelon", new String[] {"Pierre & Miquelon Normalzeit", "PMST", "Pierre & Miquelon Sommerzeit", "PMDT"}}, @@ -504,7 +505,7 @@ {"Asia/Brunei", new String[] {"Brunei Zeit", "BNT", "Brunei Sommerzeit", "BNST"}}, {"Asia/Calcutta", IST}, - {"Asia/Chita", IRKT}, + {"Asia/Chita", YAKT}, {"Asia/Choibalsan", new String[] {"Choibalsan Zeit", "CHOT", "Choibalsan Sommerzeit", "CHOST"}}, {"Asia/Chongqing", CTT}, @@ -538,8 +539,7 @@ {"Asia/Kashgar", XJT}, {"Asia/Kathmandu", NPT}, {"Asia/Katmandu", NPT}, - {"Asia/Khandyga", new String[] {"Chandyga Zeit", "YAKT", - "Chandyga Sommerzeit", "YAKST"}}, + {"Asia/Khandyga", YAKT}, {"Asia/Kolkata", IST}, {"Asia/Krasnoyarsk", KRAT}, {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_es.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_es.java Sat Sep 10 22:36:17 2016 +0100 @@ -352,6 +352,7 @@ {"America/Eirunepe", ACT}, {"America/El_Salvador", CST}, {"America/Ensenada", PST}, + {"America/Fort_Nelson", MST}, {"America/Fort_Wayne", EST}, {"America/Fortaleza", BRT}, {"America/Glace_Bay", AST}, @@ -401,7 +402,7 @@ {"America/Mendoza", AGT}, {"America/Menominee", CST}, {"America/Merida", CST}, - {"America/Metlakatla", PST}, + {"America/Metlakatla", AKST}, {"America/Mexico_City", CST}, {"America/Miquelon", new String[] {"Hora est\u00e1ndar de Pierre & Miquelon", "PMST", "Hora de verano de Pierre & Miquelon", "PMDT"}}, @@ -504,7 +505,7 @@ {"Asia/Brunei", new String[] {"Hora de Brunei", "BNT", "Hora de verano de Brunei", "BNST"}}, {"Asia/Calcutta", IST}, - {"Asia/Chita", IRKT}, + {"Asia/Chita", YAKT}, {"Asia/Choibalsan", new String[] {"Hora de Choibalsan", "CHOT", "Hora de verano de Choibalsan", "CHOST"}}, {"Asia/Chongqing", CTT}, @@ -538,8 +539,7 @@ {"Asia/Kashgar", XJT}, {"Asia/Kathmandu", NPT}, {"Asia/Katmandu", NPT}, - {"Asia/Khandyga", new String[] {"Hora de Khandyga", "YAKT", - "Hora de verano de Khandyga", "YAKST"}}, + {"Asia/Khandyga", YAKT}, {"Asia/Kolkata", IST}, {"Asia/Krasnoyarsk", KRAT}, {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_fr.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_fr.java Sat Sep 10 22:36:17 2016 +0100 @@ -352,6 +352,7 @@ {"America/Eirunepe", ACT}, {"America/El_Salvador", CST}, {"America/Ensenada", PST}, + {"America/Fort_Nelson", MST}, {"America/Fort_Wayne", EST}, {"America/Fortaleza", BRT}, {"America/Glace_Bay", AST}, @@ -401,7 +402,7 @@ {"America/Mendoza", AGT}, {"America/Menominee", CST}, {"America/Merida", CST}, - {"America/Metlakatla", PST}, + {"America/Metlakatla", AKST}, {"America/Mexico_City", CST}, {"America/Miquelon", new String[] {"Heure normale de Saint-Pierre et Miquelon", "PMST", "Heure avanc\u00e9e de Saint-Pierre et Miquelon", "PMDT"}}, @@ -504,7 +505,7 @@ {"Asia/Brunei", new String[] {"Heure du Brunei", "BNT", "Heure d'\u00e9t\u00e9 du Brunei", "BNST"}}, {"Asia/Calcutta", IST}, - {"Asia/Chita", IRKT}, + {"Asia/Chita", YAKT}, {"Asia/Choibalsan", new String[] {"Heure de Choibalsan", "CHOT", "Heure d'\u00e9t\u00e9 de Choibalsan", "CHOST"}}, {"Asia/Chongqing", CTT}, @@ -538,8 +539,7 @@ {"Asia/Kashgar", XJT}, {"Asia/Kathmandu", NPT}, {"Asia/Katmandu", NPT}, - {"Asia/Khandyga", new String[] {"Heure de Khandyga", "YAKT", - "Heure d'\u00E9t\u00E9 de Khandyga", "YAKST"}}, + {"Asia/Khandyga", YAKT}, {"Asia/Kolkata", IST}, {"Asia/Krasnoyarsk", KRAT}, {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_it.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_it.java Sat Sep 10 22:36:17 2016 +0100 @@ -352,6 +352,7 @@ {"America/Eirunepe", ACT}, {"America/El_Salvador", CST}, {"America/Ensenada", PST}, + {"America/Fort_Nelson", MST}, {"America/Fort_Wayne", EST}, {"America/Fortaleza", BRT}, {"America/Glace_Bay", AST}, @@ -401,7 +402,7 @@ {"America/Mendoza", AGT}, {"America/Menominee", CST}, {"America/Merida", CST}, - {"America/Metlakatla", PST}, + {"America/Metlakatla", AKST}, {"America/Mexico_City", CST}, {"America/Miquelon", new String[] {"Ora solare di Saint-Pierre e Miquelon", "PMST", "Ora legale di Saint-Pierre e Miquelon", "PMDT"}}, @@ -504,7 +505,7 @@ {"Asia/Brunei", new String[] {"Ora del Brunei", "BNT", "Ora estiva del Brunei", "BNST"}}, {"Asia/Calcutta", IST}, - {"Asia/Chita", IRKT}, + {"Asia/Chita", YAKT}, {"Asia/Choibalsan", new String[] {"Ora di Choibalsan", "CHOT", "Ora estiva di Choibalsan", "CHOST"}}, {"Asia/Chongqing", CTT}, @@ -538,8 +539,7 @@ {"Asia/Kashgar", XJT}, {"Asia/Kathmandu", NPT}, {"Asia/Katmandu", NPT}, - {"Asia/Khandyga", new String[] {"Ora di Khandyga", "YAKT", - "Ora estiva di Khandyga", "YAKST"}}, + {"Asia/Khandyga", YAKT}, {"Asia/Kolkata", IST}, {"Asia/Krasnoyarsk", KRAT}, {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_ja.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_ja.java Sat Sep 10 22:36:17 2016 +0100 @@ -352,6 +352,7 @@ {"America/Eirunepe", ACT}, {"America/El_Salvador", CST}, {"America/Ensenada", PST}, + {"America/Fort_Nelson", MST}, {"America/Fort_Wayne", EST}, {"America/Fortaleza", BRT}, {"America/Glace_Bay", AST}, @@ -401,7 +402,7 @@ {"America/Mendoza", AGT}, {"America/Menominee", CST}, {"America/Merida", CST}, - {"America/Metlakatla", PST}, + {"America/Metlakatla", AKST}, {"America/Mexico_City", CST}, {"America/Miquelon", new String[] {"\u30b5\u30f3\u30d4\u30a8\u30fc\u30eb\u30fb\u30df\u30af\u30ed\u30f3\u8af8\u5cf6\u6a19\u6e96\u6642", "PMST", "\u30b5\u30f3\u30d4\u30a8\u30fc\u30eb\u30fb\u30df\u30af\u30ed\u30f3\u8af8\u5cf6\u590f\u6642\u9593", "PMDT"}}, @@ -504,7 +505,7 @@ {"Asia/Brunei", new String[] {"\u30d6\u30eb\u30cd\u30a4\u6642\u9593", "BNT", "\u30d6\u30eb\u30cd\u30a4\u590f\u6642\u9593", "BNST"}}, {"Asia/Calcutta", IST}, - {"Asia/Chita", IRKT}, + {"Asia/Chita", YAKT}, {"Asia/Choibalsan", new String[] {"\u30c1\u30e7\u30a4\u30d0\u30eb\u30b5\u30f3\u6642\u9593", "CHOT", "\u30c1\u30e7\u30a4\u30d0\u30eb\u30b5\u30f3\u590f\u6642\u9593", "CHOST"}}, {"Asia/Chongqing", CTT}, @@ -538,8 +539,7 @@ {"Asia/Kashgar", XJT}, {"Asia/Kathmandu", NPT}, {"Asia/Katmandu", NPT}, - {"Asia/Khandyga", new String[] {"\u30CF\u30F3\u30C9\u30A5\u30A4\u30AC\u6642\u9593", "YAKT", - "\u30CF\u30F3\u30C9\u30A5\u30A4\u30AC\u590F\u6642\u9593", "YAKST"}}, + {"Asia/Khandyga", YAKT}, {"Asia/Kolkata", IST}, {"Asia/Krasnoyarsk", KRAT}, {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_ko.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_ko.java Sat Sep 10 22:36:17 2016 +0100 @@ -352,6 +352,7 @@ {"America/Eirunepe", ACT}, {"America/El_Salvador", CST}, {"America/Ensenada", PST}, + {"America/Fort_Nelson", MST}, {"America/Fort_Wayne", EST}, {"America/Fortaleza", BRT}, {"America/Glace_Bay", AST}, @@ -401,7 +402,7 @@ {"America/Mendoza", AGT}, {"America/Menominee", CST}, {"America/Merida", CST}, - {"America/Metlakatla", PST}, + {"America/Metlakatla", AKST}, {"America/Mexico_City", CST}, {"America/Miquelon", new String[] {"\ud53c\uc5d0\ub974 \ubbf8\ud06c\ub860 \ud45c\uc900\uc2dc", "PMST", "\ud53c\uc5d0\ub974 \ubbf8\ud06c\ub860 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "PMDT"}}, @@ -504,7 +505,7 @@ {"Asia/Brunei", new String[] {"\ube0c\ub8e8\ub098\uc774 \uc2dc\uac04", "BNT", "\ube0c\ub8e8\ub098\uc774 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "BNST"}}, {"Asia/Calcutta", IST}, - {"Asia/Chita", IRKT}, + {"Asia/Chita", YAKT}, {"Asia/Choibalsan", new String[] {"Choibalsan \uc2dc\uac04", "CHOT", "Choibalsan \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "CHOST"}}, {"Asia/Chongqing", CTT}, @@ -538,8 +539,7 @@ {"Asia/Kashgar", XJT}, {"Asia/Kathmandu", NPT}, {"Asia/Katmandu", NPT}, - {"Asia/Khandyga", new String[] {"\uD55C\uB514\uAC00 \uD45C\uC900\uC2DC", "YAKT", - "\uD55C\uB514\uAC00 \uC77C\uAD11 \uC808\uC57D \uC2DC\uAC04", "YAKST"}}, + {"Asia/Khandyga", YAKT}, {"Asia/Kolkata", IST}, {"Asia/Krasnoyarsk", KRAT}, {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_pt_BR.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_pt_BR.java Sat Sep 10 22:36:17 2016 +0100 @@ -352,6 +352,7 @@ {"America/Eirunepe", ACT}, {"America/El_Salvador", CST}, {"America/Ensenada", PST}, + {"America/Fort_Nelson", MST}, {"America/Fort_Wayne", EST}, {"America/Fortaleza", BRT}, {"America/Glace_Bay", AST}, @@ -401,7 +402,7 @@ {"America/Mendoza", AGT}, {"America/Menominee", CST}, {"America/Merida", CST}, - {"America/Metlakatla", PST}, + {"America/Metlakatla", AKST}, {"America/Mexico_City", CST}, {"America/Miquelon", new String[] {"Fuso hor\u00e1rio padr\u00e3o de S\u00e3o Pedro e Miquelon", "PMST", "Hor\u00e1rio de luz natural de S\u00e3o Pedro e Miquelon", "PMDT"}}, @@ -504,7 +505,7 @@ {"Asia/Brunei", new String[] {"Fuso hor\u00e1rio de Brunei", "BNT", "Fuso hor\u00e1rio de ver\u00e3o de Brunei", "BNST"}}, {"Asia/Calcutta", IST}, - {"Asia/Chita", IRKT}, + {"Asia/Chita", YAKT}, {"Asia/Choibalsan", new String[] {"Fuso hor\u00e1rio de Choibalsan", "CHOT", "Fuso hor\u00e1rio de ver\u00e3o de Choibalsan", "CHOST"}}, {"Asia/Chongqing", CTT}, @@ -538,8 +539,7 @@ {"Asia/Kashgar", XJT}, {"Asia/Kathmandu", NPT}, {"Asia/Katmandu", NPT}, - {"Asia/Khandyga", new String[] {"Hor\u00E1rio de Khandyga", "YAKT", - "Hor\u00E1rio de Ver\u00E3o de Khandyga", "YAKST"}}, + {"Asia/Khandyga", YAKT}, {"Asia/Kolkata", IST}, {"Asia/Krasnoyarsk", KRAT}, {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_sv.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_sv.java Sat Sep 10 22:36:17 2016 +0100 @@ -352,6 +352,7 @@ {"America/Eirunepe", ACT}, {"America/El_Salvador", CST}, {"America/Ensenada", PST}, + {"America/Fort_Nelson", MST}, {"America/Fort_Wayne", EST}, {"America/Fortaleza", BRT}, {"America/Glace_Bay", AST}, @@ -401,7 +402,7 @@ {"America/Mendoza", AGT}, {"America/Menominee", CST}, {"America/Merida", CST}, - {"America/Metlakatla", PST}, + {"America/Metlakatla", AKST}, {"America/Mexico_City", CST}, {"America/Miquelon", new String[] {"Saint-Pierre-et-Miquelon, normaltid", "PMST", "Saint-Pierre-et-Miquelon, sommartid", "PMDT"}}, @@ -508,7 +509,7 @@ "Choibalsan, sommartid", "CHOST"}}, {"Asia/Chongqing", CTT}, {"Asia/Chungking", CTT}, - {"Asia/Chita", IRKT}, + {"Asia/Chita", YAKT}, {"Asia/Colombo", IST}, {"Asia/Dacca", BDT}, {"Asia/Dhaka", BDT}, @@ -538,8 +539,7 @@ {"Asia/Kashgar", XJT}, {"Asia/Kathmandu", NPT}, {"Asia/Katmandu", NPT}, - {"Asia/Khandyga", new String[] {"Khandyga, normaltid", "YAKT", - "Khandyga, sommartid", "YAKST"}}, + {"Asia/Khandyga", YAKT}, {"Asia/Kolkata", IST}, {"Asia/Krasnoyarsk", KRAT}, {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_zh_CN.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_zh_CN.java Sat Sep 10 22:36:17 2016 +0100 @@ -352,6 +352,7 @@ {"America/Eirunepe", ACT}, {"America/El_Salvador", CST}, {"America/Ensenada", PST}, + {"America/Fort_Nelson", MST}, {"America/Fort_Wayne", EST}, {"America/Fortaleza", BRT}, {"America/Glace_Bay", AST}, @@ -401,7 +402,7 @@ {"America/Mendoza", AGT}, {"America/Menominee", CST}, {"America/Merida", CST}, - {"America/Metlakatla", PST}, + {"America/Metlakatla", AKST}, {"America/Mexico_City", CST}, {"America/Miquelon", new String[] {"\u76ae\u57c3\u5c14\u5c9b\u53ca\u5bc6\u514b\u9686\u5c9b\u6807\u51c6\u65f6\u95f4", "PMST", "\u76ae\u57c3\u5c14\u5c9b\u53ca\u5bc6\u514b\u9686\u5c9b\u590f\u4ee4\u65f6", "PMDT"}}, @@ -504,7 +505,7 @@ {"Asia/Brunei", new String[] {"\u6587\u83b1\u65f6\u95f4", "BNT", "\u6587\u83b1\u590f\u4ee4\u65f6", "BNST"}}, {"Asia/Calcutta", IST}, - {"Asia/Chita", IRKT}, + {"Asia/Chita", YAKT}, {"Asia/Choibalsan", new String[] {"Choibalsan \u65f6\u95f4", "CHOT", "Choibalsan \u590f\u4ee4\u65f6", "CHOST"}}, {"Asia/Chongqing", CTT}, @@ -538,8 +539,7 @@ {"Asia/Kashgar", XJT}, {"Asia/Kathmandu", NPT}, {"Asia/Katmandu", NPT}, - {"Asia/Khandyga", new String[] {"\u6C49\u5FB7\u52A0\u65F6\u95F4", "YAKT", - "\u6C49\u5FB7\u52A0\u590F\u4EE4\u65F6", "YAKST"}}, + {"Asia/Khandyga", YAKT}, {"Asia/Kolkata", IST}, {"Asia/Krasnoyarsk", KRAT}, {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_zh_TW.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_zh_TW.java Sat Sep 10 22:36:17 2016 +0100 @@ -352,6 +352,7 @@ {"America/Eirunepe", ACT}, {"America/El_Salvador", CST}, {"America/Ensenada", PST}, + {"America/Fort_Nelson", MST}, {"America/Fort_Wayne", EST}, {"America/Fortaleza", BRT}, {"America/Glace_Bay", AST}, @@ -401,7 +402,7 @@ {"America/Mendoza", AGT}, {"America/Menominee", CST}, {"America/Merida", CST}, - {"America/Metlakatla", PST}, + {"America/Metlakatla", AKST}, {"America/Mexico_City", CST}, {"America/Miquelon", new String[] {"\u76ae\u57c3\u723e\u5cf6\u53ca\u5bc6\u514b\u9686\u5cf6\u6a19\u6e96\u6642\u9593", "PMST", "\u76ae\u57c3\u723e\u5cf6\u53ca\u5bc6\u514b\u9686\u5cf6\u65e5\u5149\u7bc0\u7d04\u6642\u9593", "PMDT"}}, @@ -504,7 +505,7 @@ {"Asia/Brunei", new String[] {"\u6c76\u840a\u6642\u9593", "BNT", "\u6c76\u840a\u590f\u4ee4\u6642\u9593", "BNST"}}, {"Asia/Calcutta", IST}, - {"Asia/Chita", IRKT}, + {"Asia/Chita", YAKT}, {"Asia/Choibalsan", new String[] {"\u5de7\u5df4\u5c71 (Choibalsan) \u6642\u9593", "CHOT", "\u5de7\u5df4\u5c71 (Choibalsan) \u590f\u4ee4\u6642\u9593", "CHOST"}}, {"Asia/Chongqing", CTT}, @@ -538,8 +539,7 @@ {"Asia/Kashgar", XJT}, {"Asia/Kathmandu", NPT}, {"Asia/Katmandu", NPT}, - {"Asia/Khandyga", new String[] {"\u6F22\u5730\u52A0 (Khandyga) \u6642\u9593", "YAKT", - "\u6F22\u5730\u52A0 (Khandyga) \u590F\u4EE4\u6642\u9593", "YAKST"}}, + {"Asia/Khandyga", YAKT}, {"Asia/Kolkata", IST}, {"Asia/Krasnoyarsk", KRAT}, {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/lib/security/java.security-linux Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/lib/security/java.security-linux Sat Sep 10 22:36:17 2016 +0100 @@ -409,7 +409,7 @@ # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # # -jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 +jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing @@ -437,7 +437,7 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 +jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. @@ -495,3 +495,60 @@ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC + +# The pre-defined default finite field Diffie-Hellman ephemeral (DHE) +# parameters for Transport Layer Security (SSL/TLS/DTLS) processing. +# +# In traditional SSL/TLS/DTLS connections where finite field DHE parameters +# negotiation mechanism is not used, the server offers the client group +# parameters, base generator g and prime modulus p, for DHE key exchange. +# It is recommended to use dynamic group parameters. This property defines +# a mechanism that allows you to specify custom group parameters. +# +# The syntax of this property string is described as this Java BNF-style: +# DefaultDHEParameters: +# DefinedDHEParameters { , DefinedDHEParameters } +# +# DefinedDHEParameters: +# "{" DHEPrimeModulus , DHEBaseGenerator "}" +# +# DHEPrimeModulus: +# HexadecimalDigits +# +# DHEBaseGenerator: +# HexadecimalDigits +# +# HexadecimalDigits: +# HexadecimalDigit { HexadecimalDigit } +# +# HexadecimalDigit: one of +# 0 1 2 3 4 5 6 7 8 9 A B C D E F a b c d e f +# +# Whitespace characters are ignored. +# +# The "DefinedDHEParameters" defines the custom group parameters, prime +# modulus p and base generator g, for a particular size of prime modulus p. +# The "DHEPrimeModulus" defines the hexadecimal prime modulus p, and the +# "DHEBaseGenerator" defines the hexadecimal base generator g of a group +# parameter. It is recommended to use safe primes for the custom group +# parameters. +# +# If this property is not defined or the value is empty, the underlying JSSE +# provider's default group parameter is used for each connection. +# +# If the property value does not follow the grammar, or a particular group +# parameter is not valid, the connection will fall back and use the +# underlying JSSE provider's default group parameter. +# +# Note: This property is currently used by OpenJDK's JSSE implementation. It +# is not guaranteed to be examined and used by other implementations. +# +# Example: +# jdk.tls.server.defaultDHEParameters= +# { \ +# FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \ +# 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \ +# EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \ +# E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ +# EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ +# FFFFFFFF FFFFFFFF, 2}
--- a/src/share/lib/security/java.security-macosx Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/lib/security/java.security-macosx Sat Sep 10 22:36:17 2016 +0100 @@ -414,7 +414,7 @@ # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # # -jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 +jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing @@ -442,7 +442,7 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 +jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. @@ -500,3 +500,60 @@ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC + +# The pre-defined default finite field Diffie-Hellman ephemeral (DHE) +# parameters for Transport Layer Security (SSL/TLS/DTLS) processing. +# +# In traditional SSL/TLS/DTLS connections where finite field DHE parameters +# negotiation mechanism is not used, the server offers the client group +# parameters, base generator g and prime modulus p, for DHE key exchange. +# It is recommended to use dynamic group parameters. This property defines +# a mechanism that allows you to specify custom group parameters. +# +# The syntax of this property string is described as this Java BNF-style: +# DefaultDHEParameters: +# DefinedDHEParameters { , DefinedDHEParameters } +# +# DefinedDHEParameters: +# "{" DHEPrimeModulus , DHEBaseGenerator "}" +# +# DHEPrimeModulus: +# HexadecimalDigits +# +# DHEBaseGenerator: +# HexadecimalDigits +# +# HexadecimalDigits: +# HexadecimalDigit { HexadecimalDigit } +# +# HexadecimalDigit: one of +# 0 1 2 3 4 5 6 7 8 9 A B C D E F a b c d e f +# +# Whitespace characters are ignored. +# +# The "DefinedDHEParameters" defines the custom group parameters, prime +# modulus p and base generator g, for a particular size of prime modulus p. +# The "DHEPrimeModulus" defines the hexadecimal prime modulus p, and the +# "DHEBaseGenerator" defines the hexadecimal base generator g of a group +# parameter. It is recommended to use safe primes for the custom group +# parameters. +# +# If this property is not defined or the value is empty, the underlying JSSE +# provider's default group parameter is used for each connection. +# +# If the property value does not follow the grammar, or a particular group +# parameter is not valid, the connection will fall back and use the +# underlying JSSE provider's default group parameter. +# +# Note: This property is currently used by OpenJDK's JSSE implementation. It +# is not guaranteed to be examined and used by other implementations. +# +# Example: +# jdk.tls.server.defaultDHEParameters= +# { \ +# FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \ +# 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \ +# EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \ +# E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ +# EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ +# FFFFFFFF FFFFFFFF, 2}
--- a/src/share/lib/security/java.security-solaris Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/lib/security/java.security-solaris Sat Sep 10 22:36:17 2016 +0100 @@ -413,7 +413,7 @@ # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # # -jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 +jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing @@ -441,7 +441,7 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 +jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. @@ -499,3 +499,60 @@ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC + +# The pre-defined default finite field Diffie-Hellman ephemeral (DHE) +# parameters for Transport Layer Security (SSL/TLS/DTLS) processing. +# +# In traditional SSL/TLS/DTLS connections where finite field DHE parameters +# negotiation mechanism is not used, the server offers the client group +# parameters, base generator g and prime modulus p, for DHE key exchange. +# It is recommended to use dynamic group parameters. This property defines +# a mechanism that allows you to specify custom group parameters. +# +# The syntax of this property string is described as this Java BNF-style: +# DefaultDHEParameters: +# DefinedDHEParameters { , DefinedDHEParameters } +# +# DefinedDHEParameters: +# "{" DHEPrimeModulus , DHEBaseGenerator "}" +# +# DHEPrimeModulus: +# HexadecimalDigits +# +# DHEBaseGenerator: +# HexadecimalDigits +# +# HexadecimalDigits: +# HexadecimalDigit { HexadecimalDigit } +# +# HexadecimalDigit: one of +# 0 1 2 3 4 5 6 7 8 9 A B C D E F a b c d e f +# +# Whitespace characters are ignored. +# +# The "DefinedDHEParameters" defines the custom group parameters, prime +# modulus p and base generator g, for a particular size of prime modulus p. +# The "DHEPrimeModulus" defines the hexadecimal prime modulus p, and the +# "DHEBaseGenerator" defines the hexadecimal base generator g of a group +# parameter. It is recommended to use safe primes for the custom group +# parameters. +# +# If this property is not defined or the value is empty, the underlying JSSE +# provider's default group parameter is used for each connection. +# +# If the property value does not follow the grammar, or a particular group +# parameter is not valid, the connection will fall back and use the +# underlying JSSE provider's default group parameter. +# +# Note: This property is currently used by OpenJDK's JSSE implementation. It +# is not guaranteed to be examined and used by other implementations. +# +# Example: +# jdk.tls.server.defaultDHEParameters= +# { \ +# FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \ +# 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \ +# EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \ +# E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ +# EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ +# FFFFFFFF FFFFFFFF, 2}
--- a/src/share/lib/security/java.security-windows Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/lib/security/java.security-windows Sat Sep 10 22:36:17 2016 +0100 @@ -414,7 +414,7 @@ # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # # -jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 +jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing @@ -442,7 +442,7 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 +jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. @@ -500,3 +500,60 @@ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC + +# The pre-defined default finite field Diffie-Hellman ephemeral (DHE) +# parameters for Transport Layer Security (SSL/TLS/DTLS) processing. +# +# In traditional SSL/TLS/DTLS connections where finite field DHE parameters +# negotiation mechanism is not used, the server offers the client group +# parameters, base generator g and prime modulus p, for DHE key exchange. +# It is recommended to use dynamic group parameters. This property defines +# a mechanism that allows you to specify custom group parameters. +# +# The syntax of this property string is described as this Java BNF-style: +# DefaultDHEParameters: +# DefinedDHEParameters { , DefinedDHEParameters } +# +# DefinedDHEParameters: +# "{" DHEPrimeModulus , DHEBaseGenerator "}" +# +# DHEPrimeModulus: +# HexadecimalDigits +# +# DHEBaseGenerator: +# HexadecimalDigits +# +# HexadecimalDigits: +# HexadecimalDigit { HexadecimalDigit } +# +# HexadecimalDigit: one of +# 0 1 2 3 4 5 6 7 8 9 A B C D E F a b c d e f +# +# Whitespace characters are ignored. +# +# The "DefinedDHEParameters" defines the custom group parameters, prime +# modulus p and base generator g, for a particular size of prime modulus p. +# The "DHEPrimeModulus" defines the hexadecimal prime modulus p, and the +# "DHEBaseGenerator" defines the hexadecimal base generator g of a group +# parameter. It is recommended to use safe primes for the custom group +# parameters. +# +# If this property is not defined or the value is empty, the underlying JSSE +# provider's default group parameter is used for each connection. +# +# If the property value does not follow the grammar, or a particular group +# parameter is not valid, the connection will fall back and use the +# underlying JSSE provider's default group parameter. +# +# Note: This property is currently used by OpenJDK's JSSE implementation. It +# is not guaranteed to be examined and used by other implementations. +# +# Example: +# jdk.tls.server.defaultDHEParameters= +# { \ +# FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \ +# 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \ +# EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \ +# E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ +# EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ +# FFFFFFFF FFFFFFFF, 2}
--- a/src/share/native/common/jdk_util.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/common/jdk_util.c Sat Sep 10 22:36:17 2016 +0100 @@ -52,7 +52,8 @@ const char* jdk_update_string = JDK_UPDATE_VERSION; unsigned int jdk_update_version = 0; - char update_ver[3]; + int len_update_ver = 0; + char update_ver[5]; char jdk_special_version = '\0'; /* If the JDK_BUILD_NUMBER is of format bXX and XX is an integer @@ -78,16 +79,17 @@ assert(jdk_build_number >= 0 && jdk_build_number <= 255); - if (strlen(jdk_update_string) == 2 || strlen(jdk_update_string) == 3) { - if (isdigit(jdk_update_string[0]) && isdigit(jdk_update_string[1])) { - update_ver[0] = jdk_update_string[0]; - update_ver[1] = jdk_update_string[1]; - update_ver[2] = '\0'; - jdk_update_version = (unsigned int) atoi(update_ver); - if (strlen(jdk_update_string) == 3) { - jdk_special_version = jdk_update_string[2]; - } + len_update_ver = strlen(jdk_update_string); + if (len_update_ver >= 2 && len_update_ver <= 4) { + int update_digits = len_update_ver; + + if (!isdigit(jdk_update_string[len_update_ver - 1])) { + jdk_special_version = jdk_update_string[len_update_ver -1]; + update_digits = len_update_ver - 1; } + strncpy(update_ver, jdk_update_string, update_digits); + update_ver[update_digits] = '\0'; + jdk_update_version = (unsigned int) atoi(update_ver); } memset(info, 0, info_size);
--- a/src/share/native/sun/awt/image/jpeg/jpegdecoder.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/image/jpeg/jpegdecoder.c Sat Sep 10 22:36:17 2016 +0100 @@ -174,6 +174,7 @@ int *ip; unsigned char *bp; } outbuf; + size_t outbufSize; jobject hOutputBuffer; }; @@ -227,6 +228,7 @@ } if (src->hOutputBuffer) { assert(src->outbuf.ip == 0); + src->outbufSize = (*env)->GetArrayLength(env, src->hOutputBuffer); src->outbuf.ip = (int *)(*env)->GetPrimitiveArrayCritical (env, src->hOutputBuffer, 0); if (src->outbuf.ip == 0) { @@ -671,8 +673,8 @@ cinfo.output_scanline - 1); } else { if (hasalpha) { - ip = jsrc.outbuf.ip + cinfo.image_width; - bp = jsrc.outbuf.bp + cinfo.image_width * 4; + ip = jsrc.outbuf.ip + jsrc.outbufSize; + bp = jsrc.outbuf.bp + jsrc.outbufSize * 4; while (ip > jsrc.outbuf.ip) { pixel = (*--bp) << 24; pixel |= (*--bp); @@ -681,8 +683,8 @@ *--ip = pixel; } } else { - ip = jsrc.outbuf.ip + cinfo.image_width; - bp = jsrc.outbuf.bp + cinfo.image_width * 3; + ip = jsrc.outbuf.ip + jsrc.outbufSize; + bp = jsrc.outbuf.bp + jsrc.outbufSize * 3; while (ip > jsrc.outbuf.ip) { pixel = (*--bp); pixel |= (*--bp) << 8;
--- a/src/share/native/sun/awt/libpng/CHANGES Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/CHANGES Sat Sep 10 22:36:17 2016 +0100 @@ -23,13 +23,17 @@ * questions. */ +#if 0 CHANGES - changes for libpng -Version 0.2 +version 0.1 [March 29, 1995] + initial work-in-progress release + +version 0.2 [April 1, 1995] added reader into png.h fixed small problems in stub file -Version 0.3 +version 0.3 [April 8, 1995] added pull reader split up pngwrite.c to several files added pnglib.txt @@ -38,9 +42,9 @@ fixed some bugs in writer interfaced with zlib 0.5 added K&R support - added check for 64 KB blocks for 16-bit machines - -Version 0.4 + added check for 64 KB blocks for 16 bit machines + +version 0.4 [April 26, 1995] cleaned up code and commented code simplified time handling into png_time created png_color_16 and png_color_8 to handle color needs @@ -51,28 +55,29 @@ cleaned up zTXt reader and writer (using zlib's Reset functions) split transformations into pngrtran.c and pngwtran.c -Version 0.5 +version 0.5 [April 30, 1995] interfaced with zlib 0.8 fixed many reading and writing bugs saved using 3 spaces instead of tabs -Version 0.6 +version 0.6 [May 1, 1995] + first beta release added png_large_malloc() and png_large_free() added png_size_t cleaned up some compiler warnings added png_start_read_image() -Version 0.7 +version 0.7 [June 24, 1995] cleaned up lots of bugs finished dithering and other stuff added test program changed name from pnglib to libpng -Version 0.71 [June, 1995] +version 0.71 [June 26, 1995] changed pngtest.png for zlib 0.93 fixed error in libpng.txt and example.c -Version 0.8 +version 0.8 [August 20, 1995] cleaned up some bugs added png_set_filler() split up pngstub.c into pngmem.c, pngio.c, and pngerror.c @@ -115,7 +120,7 @@ cleaned up documentation added callbacks for read/write and warning/error functions -Version 0.89 [July, 1996] +Version 0.89 [June 5, 1996] Added new initialization API to make libpng work better with shared libs we now have png_create_read_struct(), png_create_write_struct(), png_create_info_struct(), png_destroy_read_struct(), and @@ -142,6 +147,9 @@ New pngtest image also has interlacing and zTXt Updated documentation to reflect new API +Version 0.89c [June 17, 1996] + Bug fixes. + Version 0.90 [January, 1997] Made CRC errors/warnings on critical and ancillary chunks configurable libpng will use the zlib CRC routines by (compile-time) default @@ -182,7 +190,7 @@ Added new pCAL chunk read/write support Added experimental filter selection weighting (Greg Roelofs) Removed old png_set_rgbx() and png_set_xrgb() functions that have been - obsolete for about 2 years now (use png_set_filler() instead) + obsolete for about 2 years now (use png_set_filler() instead) Added macros to read 16- and 32-bit ints directly from buffer, to be used only on those systems that support it (namely PowerPC and 680x0) With some testing, this may become the default for MACOS/PPC systems. @@ -464,7 +472,7 @@ Version 1.0.3a [August 12, 1999] Added check for PNG_READ_INTERLACE_SUPPORTED in pngread.c; issue a warning - if an attempt is made to read an interlaced image when it's not supported. + if an attempt is made to read an interlaced image when it's not supported. Added check if png_ptr->trans is defined before freeing it in pngread.c Modified the Y2K statement to include versions back to version 0.71 Fixed a bug in the check for valid IHDR bit_depth/color_types in pngrutil.c @@ -472,7 +480,7 @@ Replaced leading blanks with tab characters in makefile.hux Changed "dworkin.wustl.edu" to "ccrc.wustl.edu" in various documents. Changed (float)red and (float)green to (double)red, (double)green - in png_set_rgb_to_gray() to avoid "promotion" problems in AIX. + in png_set_rgb_to_gray() to avoid "promotion" problems in AIX. Fixed a bug in pngconf.h that omitted <stdio.h> when PNG_DEBUG==0 (K Bracey). Reformatted libpng.3 and libpngpf.3 with proper fonts (script by J. vanZandt). Updated documentation to refer to the PNG-1.2 specification. @@ -515,7 +523,7 @@ Added new png_expand functions to scripts/pngdef.pas and pngos2.def Added a demo read_user_transform_fn that examines the row filters in pngtest.c -Version 1.0.4 [September 24, 1999] +Version 1.0.4 [September 24, 1999, not distributed publicly] Define PNG_ALWAYS_EXTERN in pngconf.h if __STDC__ is defined Delete #define PNG_INTERNAL and include "png.h" from pngasmrd.h Made several minor corrections to pngtest.c @@ -542,6 +550,7 @@ Added a "png_check_version" function in png.c and pngtest.c that will generate a helpful compiler error if an old png.h is found in the search path. Changed type of png_user_transform_depth|channels from int to png_byte. + Added "Libpng is OSI Certified Open Source Software" statement to png.h Version 1.0.4d [October 6, 1999] Changed 0.45 to 0.45455 in png_set_sRGB() @@ -928,7 +937,7 @@ Version 1.0.8beta1 [July 8, 2000] Added png_free(png_ptr, key) two places in pngpread.c to stop memory leaks. Changed PNG_NO_STDIO to PNG_NO_CONSOLE_IO, several places in pngrutil.c and - pngwutil.c. + pngwutil.c. Changed PNG_EXPORT_VAR to use PNG_IMPEXP, in pngconf.h. Removed unused "#include <assert.h>" from png.c Added WindowsCE support. @@ -936,12 +945,12 @@ Version 1.0.8beta2 [July 10, 2000] Added project files to the wince directory and made further revisions - of pngtest.c, pngrio.c, and pngwio.c in support of WindowsCE. + of pngtest.c, pngrio.c, and pngwio.c in support of WindowsCE. Version 1.0.8beta3 [July 11, 2000] Only set the PNG_FLAG_FREE_TRNS or PNG_FREE_TRNS flag in png_handle_tRNS() - for indexed-color input files to avoid potential double-freeing trans array - under some unusual conditions; problem was introduced in version 1.0.6f. + for indexed-color input files to avoid potential double-freeing trans array + under some unusual conditions; problem was introduced in version 1.0.6f. Further revisions to pngtest.c and files in the wince subdirectory. Version 1.0.8beta4 [July 14, 2000] @@ -1113,16 +1122,16 @@ Version 1.2.0beta4 [June 23, 2001] Check for missing profile length field in iCCP chunk and free chunk_data - in case of truncated iCCP chunk. + in case of truncated iCCP chunk. Bumped shared-library number to 3 in makefile.sgi and makefile.sggcc Bumped dll-number from 2 to 3 in makefile.cygwin Revised contrib/gregbook/rpng*-x.c to avoid a memory leak and to exit cleanly - if user attempts to run it on an 8-bit display. + if user attempts to run it on an 8-bit display. Updated contrib/gregbook Use png_malloc instead of png_zalloc to allocate palette in pngset.c Updated makefile.ibmc Added some typecasts to eliminate gcc 3.0 warnings. Changed prototypes - of png_write_oFFS width and height from png_uint_32 to png_int_32. + of png_write_oFFS width and height from png_uint_32 to png_int_32. Updated example.c Revised prototypes for png_debug_malloc and png_debug_free in pngtest.c @@ -1130,9 +1139,9 @@ Revised contrib/gregbook Revised makefile.gcmmx Revised pnggccrd.c to conditionally compile some thread-unsafe code only - when PNG_THREAD_UNSAFE_OK is defined. + when PNG_THREAD_UNSAFE_OK is defined. Added tests to prevent pngwutil.c from writing a bKGD or tRNS chunk with - value exceeding 2^bit_depth-1 + value exceeding 2^bit_depth-1 Revised makefile.sgi and makefile.sggcc Replaced calls to fprintf(stderr,...) with png_warning() in pnggccrd.c Removed restriction that do_invert_mono only operate on 1-bit opaque files @@ -1473,8 +1482,9 @@ Use png_malloc instead of png_zalloc to allocate the pallete. Version 1.0.16rc1 and 1.2.6rc1 [August 4, 2004] - Fixed buffer overflow vulnerability in png_handle_tRNS() - Fixed integer arithmetic overflow vulnerability in png_read_png(). + Fixed buffer overflow vulnerability (CVE-2004-0597) in png_handle_tRNS(). + Fixed NULL dereference vulnerability (CVE-2004-0598) in png_handle_iCCP(). + Fixed integer overflow vulnerability (CVE-2004-0599) in png_read_png(). Fixed some harmless bugs in png_handle_sBIT, etc, that would cause duplicate chunk types to go undetected. Fixed some timestamps in the -config version @@ -1517,7 +1527,7 @@ Version 1.0.16rc5 and 1.2.6rc5 [August 10, 2004] Moved "PNG_HANDLE_CHUNK_*" macros out of PNG_ASSEMBLER_CODE_SUPPORTED - section of png.h where they were inadvertently placed in version rc3. + section of png.h where they were inadvertently placed in version rc3. Version 1.2.6 and 1.0.16 [August 15, 2004] Revised pngtest so memory allocation testing is only done when PNG_DEBUG==1. @@ -2126,7 +2136,7 @@ png_decompress_chunk(), and remove "chunkdata" from parameter list. Put a call to png_check_chunk_name() in png_read_chunk_header(). Revised png_check_chunk_name() to reject a name with a lowercase 3rd byte. - Removed two calls to png_check_chunk_name() occuring later in the process. + Removed two calls to png_check_chunk_name() occurring later in the process. Define PNG_NO_ERROR_NUMBERS by default in pngconf.h Version 1.4.0beta25 [July 30, 2008] @@ -2349,7 +2359,7 @@ Version 1.4.0beta64 [June 24, 2009] Eliminated PNG_LEGACY_SUPPORTED code. Moved the various unknown chunk macro definitions outside of the - PNG_READ|WRITE_ANCILLARY_CHUNK_SUPPORTED blocks. + PNG_READ|WRITE_ANCILLARY_CHUNK_SUPPORTED blocks. Version 1.4.0beta65 [June 26, 2009] Added a reference to the libpng license in each file. @@ -3771,8 +3781,9 @@ Version 1.5.7beta05 [November 25, 2011] Removed "zTXt" from warning in generic chunk decompression function. - Validate time settings passed to pngset() and png_convert_to_rfc1123() - (Frank Busse). + Validate time settings passed to png_set_tIME() and png_convert_to_rfc1123() + (Frank Busse). Note: This prevented CVE-2015-7981 from affecting + libpng-1.5.7 and later. Added MINGW support to CMakeLists.txt Reject invalid compression flag or method when reading the iTXt chunk. Backed out 'simplified' API changes. The API seems too complex and there @@ -3818,12 +3829,13 @@ (the other two required headers aren't used). Non-ANSI systems that don't have stddef.h or limits.h will have to provide an appropriate fake containing the relevant types and #defines. - The use of FAR/far has been eliminated and the definition of png_alloc_size_t - is now controlled by a flag so that 'small size_t' systems can select it - if necessary. Libpng 1.6 may not currently work on such systems -- it - seems likely that it will ask 'malloc' for more than 65535 bytes with any - image that has a sufficiently large row size (rather than simply failing - to read such images). + Dropped support for 16-bit platforms. The use of FAR/far has been eliminated + and the definition of png_alloc_size_t is now controlled by a flag so + that 'small size_t' systems can select it if necessary. Libpng 1.6 may + not currently work on such systems -- it seems likely that it will + ask 'malloc' for more than 65535 bytes with any image that has a + sufficiently large row size (rather than simply failing to read such + images). New tools directory containing tools used to generate libpng code. Fixed race conditions in parallel make builds. With higher degrees of parallelism during 'make' the use of the same temporary file names such @@ -4435,7 +4447,7 @@ Version 1.6.1beta03 [February 22, 2013] Fixed ALIGNED_MEMORY support. - Allow run-time ARM NEON checking to be disabled. A new configure option: + Added a new configure option: --enable-arm-neon=always will stop the run-time checks. New checks within arm/arm_init.c will cause the code not to be compiled unless __ARM_NEON__ is set. This should make it fail safe (if someone asks @@ -4454,10 +4466,10 @@ Version 1.6.1beta06 [March 4, 2013] Better documentation of unknown handling API interactions. Corrected Android builds and corrected libpng.vers with symbol - prefixing. This adds an API to set optimization options externally, + prefixing. It also makes those tests compile and link on Android. + Added an API png_set_option() to set optimization options externally, providing an alternative and general solution for the non-portable - run-time tests used by the ARM Neon code. It also makes those tests - compile and link on Android. + run-time tests used by the ARM Neon code, using the PNG_ARM_NEON option. The order of settings vs options in pnglibconf.h is reversed to allow settings to depend on options and options can now set (or override) the defaults for settings. @@ -4549,13 +4561,14 @@ Expanded manual paragraph about writing private chunks, particularly the need to call png_set_keep_unknown_chunks() when writing them. Avoid dereferencing NULL pointer possibly returned from - png_create_write_struct() (Andrew Church). + png_create_write_struct() (Andrew Church). Version 1.6.3beta05 [May 9, 2013] Calculate our own zlib windowBits when decoding rather than trusting the CMF bytes in the PNG datastream. Added an option to force maximum window size for inflating, which was - the behavior of libpng15 and earlier. + the behavior of libpng15 and earlier, via a new PNG_MAXIMUM_INFLATE_WINDOW + option for png_set_options(). Added png-fix-itxt and png-fix-too-far-back to the built programs and removed warnings from the source code and timepng that are revealed as a result. @@ -5138,17 +5151,326 @@ Version 1.6.16rc01 [December 21, 2014] Restored a test on width that was removed from png.c at libpng-1.6.9 - (Bug report by Alex Eubanks). + (Bug report by Alex Eubanks, CVE-2015-0973). Version 1.6.16rc02 [December 21, 2014] Undid the update to pngrutil.c in 1.6.16rc01. Version 1.6.16rc03 [December 21, 2014] - Fixed an overflow in png_combine_row with very wide interlaced images. + Fixed an overflow in png_combine_row() with very wide interlaced images + (Bug report and fix by John Bowler, CVE-2014-9495). Version 1.6.16 [December 22, 2014] No changes. +Version 1.6.17beta01 [January 29, 2015] + Removed duplicate PNG_SAFE_LIMITS_SUPPORTED handling from pngconf.h + Corrected the width limit calculation in png_check_IHDR(). + Removed user limits from pngfix. Also pass NULL pointers to + png_read_row to skip the unnecessary row de-interlace stuff. + Added testing of png_set_packing() to pngvalid.c + Regenerated configure scripts in the *.tar distributions with libtool-2.4.4 + Implement previously untested cases of libpng transforms in pngvalid.c + Fixed byte order in png_do_read_filler() with 16-bit input. Previously + the high and low bytes of the filler, from png_set_filler() or from + png_set_add_alpha(), were read in the wrong order. + Made the check for out-of-range values in png_set_tRNS() detect + values that are exactly 2^bit_depth, and work on 16-bit platforms. + Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47. + Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and + pngset.c to avoid warnings about dead code. + Added "& 0xff" to many instances of expressions that are typecast + to (png_byte), to avoid Coverity warnings. + +Version 1.6.17beta02 [February 7, 2015] + Work around one more Coverity-scan dead-code warning. + Do not build png_product2() when it is unused. + +Version 1.6.17beta03 [February 17, 2015] + Display user limits in the output from pngtest. + Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column + and 1-million-row default limits in pnglibconf.dfa, that can be reset + by the user at build time or run time. This provides a more robust + defense against DOS and as-yet undiscovered overflows. + +Version 1.6.17beta04 [February 21, 2015] + Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default. + Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins). + Rebuilt configure scripts with automake-1.15 and libtool-2.4.6 + +Version 1.6.17beta05 [February 25, 2015] + Restored compiling of png_reciprocal2 with PNG_NO_16BIT. + +Version 1.6.17beta06 [February 27, 2015] + Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block + of png.h. + Avoid runtime checks when converting integer to png_byte with + Visual Studio (Sergey Kosarevsky) + +Version 1.6.17rc01 [March 4, 2015] + No changes. + +Version 1.6.17rc02 [March 9, 2015] + Removed some comments that the configure script did not handle + properly from scripts/pnglibconf.dfa and pnglibconf.h.prebuilt. + Free the unknown_chunks structure even when it contains no data. + +Version 1.6.17rc03 [March 12, 2015] + Updated CMakeLists.txt to add OSX framework, change YES/NO to ON/OFF + for consistency, and remove some useless tests (Alexey Petruchik). + +Version 1.6.17rc04 [March 16, 2015] + Remove pnglibconf.h, pnglibconf.c, and pnglibconf.out instead of + pnglibconf.* in "make clean" (Cosmin). + Fix bug in calculation of maxbits, in png_write_sBIT, introduced + in libpng-1.6.17beta01 (John Bowler). + +Version 1.6.17rc05 [March 21, 2015] + Define PNG_FILTER_* and PNG_FILTER_VALUE_* in png.h even when WRITE + is not supported (John Bowler). This fixes an error introduced in + libpng-1.6.17beta06. + Reverted "& 0xff" additions of version 1.6.17beta01. Libpng passes + the Coverity scan without them. + +Version 1.6.17rc06 [March 23, 2015] + Remove pnglibconf.dfn and pnglibconf.pre with "make clean". + Reformatted some "&0xff" instances to "& 0xff". + Fixed simplified 8-bit-linear to sRGB alpha. The calculated alpha + value was wrong. It's not clear if this affected the final stored + value; in the obvious code path the upper and lower 8-bits of the + alpha value were identical and the alpha was truncated to 8-bits + rather than dividing by 257 (John Bowler). + +Version 1.6.17 [March 26, 2015] + No changes. + +Version 1.6.18beta01 [April 1, 2015] + Removed PNG_SET_CHUNK_[CACHE|MALLOC]_LIMIT_SUPPORTED macros. They + have been combined with PNG_SET_USER_LIMITS_SUPPORTED (resolves + bug report by Andrew Church). + Fixed rgb_to_gray checks and added tRNS checks to pngvalid.c. This + fixes some arithmetic errors that caused some tests to fail on + some 32-bit platforms (Bug reports by Peter Breitenlohner [i686] + and Petr Gajdos [i586]). + +Version 1.6.18beta02 [April 26, 2015] + Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler + (Bug report by Viktor Szakats). + +Version 1.6.18beta03 [May 6, 2015] + Replaced "unexpected" with an integer (0xabadca11) in pngset.c + where a long was expected, to avoid a compiler warning when PNG_DEBUG > 1. + Added contrib/examples/simpleover.c, to demonstrate how to handle + alpha compositing of multiple images, using the "simplified API" + and an example PNG generation tool, contrib/examples/genpng.c + (John Bowler). + +Version 1.6.18beta04 [May 20, 2015] + PNG_RELEASE_BUILD replaces tests where the code depended on the build base + type and can be defined on the command line, allowing testing in beta + builds (John Bowler). + Avoid Coverity issue 80858 (REVERSE NULL) in pngtest.c PNG_DEBUG builds. + Avoid a harmless potential integer overflow in png_XYZ_from_xy() (Bug + report from Christopher Ferris). + +Version 1.6.18beta05 [May 31, 2015] + Backport filter selection code from libpng-1.7.0beta51, to combine + sub_row, up_row, avg_row, and paeth_row into try_row and tst_row. + Changed png_voidcast(), etc., to voidcast(), etc., in contrib/tools/pngfix.c + to avoid confusion with the libpng private macros. + Fixed old cut&paste bug in the weighted filter selection code in + pngwutil.c, introduced in libpng-0.95, March 1997. + +Version 1.6.18beta06 [June 1, 2015] + Removed WRITE_WEIGHTED_FILTERED code, to save a few kbytes of the + compiled library size. It never worked properly and as far as we can + tell, no one uses it. The png_set_filter_heuristics() and + png_set_filter_heuristics_fixed() APIs are retained but deprecated + and do nothing. + +Version 1.6.18beta07 [June 6, 2015] + Removed non-working progressive reader 'skip' function. This + function has apparently never been used. It was implemented + to support back-door modification of png_struct in libpng-1.4.x + but (because it does nothing and cannot do anything) was apparently + never tested (John Bowler). + Fixed cexcept.h in which GCC 5 now reports that one of the auto + variables in the Try macro needs to be volatile to prevent value + being lost over the setjmp (John Bowler). + Fixed NO_WRITE_FILTER and -Wconversion build breaks (John Bowler). + Fix g++ build breaks (John Bowler). + Quieted some Coverity issues in pngfix.c, png-fix-itxt.c, pngvalid.c, + pngstest.c, and pngimage.c. Most seem harmless, but png-fix-itxt + would only work with iTXt chunks with length 255 or less. + Added #ifdef's to contrib/examples programs so people don't try + to compile them without the minimum required support enabled + (suggested by Flavio Medeiros). + +Version 1.6.18beta08 [June 30, 2015] + Eliminated the final two Coverity defects (insecure temporary file + handling in contrib/libtests/pngstest.c; possible overflow of + unsigned char in contrib/tools/png-fix-itxt.c). To use the "secure" + file handling, define PNG_USE_MKSTEMP, otherwise "tmpfile()" will + be used. + Removed some unused WEIGHTED_FILTER macros from png.h and pngstruct.h + +Version 1.6.18beta09 [July 5, 2015] + Removed some useless typecasts from contrib/tools/png-fix-itxt.c + Fixed a new signed-unsigned comparison in pngrtran.c (Max Stepin). + Replaced arbitrary use of 'extern' with #define PNG_LINKAGE_*. To + preserve API compatibility, the new defines all default to "extern" + (requested by Jan Nijtmans). + +Version 1.6.18rc01 [July 9, 2015] + Belatedly added Mans Rullgard and James Yu to the list of Contributing + Authors. + +Version 1.6.18rc02 [July 12, 2015] + Restored unused FILTER_HEURISTIC macros removed at libpng-1.6.18beta08 + to png.h to avoid compatibility warnings. + +Version 1.6.18rc03 [July 15, 2015] + Minor changes to the man page + +Version 1.6.18 [July 23, 2015] + No changes. + +Version 1.6.19beta01 [July 30, 2015] + Updated obsolete information about the simplified API macros in the + manual pages (Bug report by Arc Riley). + Avoid potentially dereferencing NULL info_ptr in png_info_init_3(). + Rearranged png.h to put the major sections in the same order as + in libpng17. + Eliminated unused PNG_COST_SHIFT, PNG_WEIGHT_SHIFT, PNG_COST_FACTOR, and + PNG_WEIGHT_FACTOR macros. + Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler + (Bug report by Viktor Szakats). Several warnings remain and are + unavoidable, where we test for overflow. + Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c + Fixed uninitialized variable in contrib/gregbook/rpng2-x.c + +Version 1.6.19beta02 [August 19, 2015] + Moved config.h.in~ from the "libpng_autotools_files" list to the + "libpng_autotools_extra" list in autogen.sh because it was causing a + false positive for missing files (bug report by Robert C. Seacord). + Removed unreachable "break" statements in png.c, pngread.c, and pngrtran.c + to suppress clang warnings (Bug report by Viktor Szakats). + Fixed some bad links in the man page. + Changed "n bit" to "n-bit" in comments. + Added signed/unsigned 16-bit safety net. This removes the dubious + 0x8000 flag definitions on 16-bit systems. They aren't supported + yet the defs *probably* work, however it seems much safer to do this + and be advised if anyone, contrary to advice, is building libpng 1.6 + on a 16-bit system. It also adds back various switch default clauses + for GCC; GCC errors out if they are not present (with an appropriately + high level of warnings). + Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert + Seacord). + Fixed the recently reported 1's complement security issue by replacing + the value that is illegal in the PNG spec, in both signed and unsigned + values, with 0. Illegal unsigned values (anything greater than or equal + to 0x80000000) can still pass through, but since these are not illegal + in ANSI-C (unlike 0x80000000 in the signed case) the checking that + occurs later can catch them (John Bowler). + +Version 1.6.19beta03 [September 26, 2015] + Fixed png_save_int_32 when int is not 2's complement (John Bowler). + Updated libpng16 with all the recent test changes from libpng17, + including changes to pngvalid.c to ensure that the original, + distributed, version of contrib/visupng/cexcept.h can be used + (John Bowler). + pngvalid contains the correction to the use of SAVE/STORE_ + UNKNOWN_CHUNKS; a bug revealed by changes in libpng 1.7. More + tests contain the --strict option to detect warnings and the + pngvalid-standard test has been corrected so that it does not + turn on progressive-read. There is a separate test which does + that. (John Bowler) + Also made some signed/unsigned fixes. + Make pngstest error limits version specific. Splitting the machine + generated error structs out to a file allows the values to be updated + without changing pngstest.c itself. Since libpng 1.6 and 1.7 have + slightly different error limits this simplifies maintenance. The + makepngs.sh script has also been updated to more accurately reflect + current problems in libpng 1.7 (John Bowler). + Incorporated new test PNG files into make check. tests/pngstest-* + are changed so that the new test files are divided into 8 groups by + gamma and alpha channel. These tests have considerably better code + and pixel-value coverage than contrib/pngsuite; however,coverage is + still incomplete (John Bowler). + Removed the '--strict' in 1.6 because of the double-gamma-correction + warning, updated pngstest-errors.h for the errors detected with the + new contrib/testspngs PNG test files (John Bowler). + +Version 1.6.19beta04 [October 15, 2015] + Worked around rgb-to-gray issues in libpng 1.6. The previous + attempts to ignore the errors in the code aren't quite enough to + deal with the 'channel selection' encoding added to libpng 1.7; abort. + pngvalid.c is changed to drop this encoding in prior versions. + Fixed 'pow' macros in pngvalid.c. It is legal for 'pow' to be a + macro, therefore the argument list cannot contain preprocessing + directives. Make sure pow is a function where this happens. This is + a minimal safe fix, the issue only arises in non-performance-critical + code (bug report by Curtis Leach, fix by John Bowler). + Added sPLT support to pngtest.c + +Version 1.6.19rc01 [October 23, 2015] + No changes. + +Version 1.6.19rc02 [October 31, 2015] + Prevent setting or writing over-length PLTE chunk (Cosmin Truta). + Silently truncate over-length PLTE chunk while reading. + Libpng incorrectly calculated the output rowbytes when the application + decreased either the number of channels or the bit depth (or both) in + a user transform. This was safe; libpng overallocated buffer space + (potentially by quite a lot; up to 4 times the amount required) but, + from 1.5.4 on, resulted in a png_error (John Bowler). + +Version 1.6.19rc03 [November 3, 2015] + Fixed some inconsequential cut-and-paste typos in png_set_cHRM_XYZ_fixed(). + Clarified COPYRIGHT information to state explicitly that versions + are derived from previous versions. + Removed much of the long list of previous versions from png.h and + libpng.3. + +Version 1.6.19rc04 [November 5, 2015] + Fixed new bug with CRC error after reading an over-length palette + (bug report by Cosmin Truta) (CVE-2015-8126). + +Version 1.6.19 [November 12, 2015] + Cleaned up coding style in png_handle_PLTE(). + +Version 1.6.20beta01 [November 20, 2015] + Avoid potential pointer overflow/underflow in png_handle_sPLT() and + png_handle_pCAL() (Bug report by John Regehr). + +Version 1.6.20beta02 [November 23, 2015] + Fixed incorrect implementation of png_set_PLTE() that uses png_ptr + not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126 + vulnerability. + +Version 1.6.20beta03 [November 24, 2015] + Backported tests from libpng-1.7.0beta69. + +Version 1.6.20rc01 [November 26, 2015] + Fixed an error in handling of bad zlib CMINFO field in pngfix, found by + American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't + immediately fault a bad CMINFO field; instead a 'too far back' error + happens later (at least some times). pngfix failed to limit CMINFO to + the allowed values but then assumed that window_bits was in range, + triggering an assert. The bug is mostly harmless; the PNG file cannot + be fixed. + +Version 1.6.20rc02 [November 29, 2015] + In libpng 1.6 zlib initialization was changed to use the window size + in the zlib stream, not a fixed value. This causes some invalid images, + where CINFO is too large, to display 'correctly' if the rest of the + data is valid. This provides a workaround for zlib versions where the + error arises (ones that support the API change to use the window size + in the stream). + +Version 1.6.20 [December 3, 2015] + No changes. + Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit https://lists.sourceforge.net/lists/listinfo/png-mng-implement @@ -5156,3 +5478,4 @@ or to glennrp at users.sourceforge.net Glenn R-P +#endif
--- a/src/share/native/sun/awt/libpng/LICENSE Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/LICENSE Sat Sep 10 22:36:17 2016 +0100 @@ -10,21 +10,18 @@ This code is released under the libpng license. -libpng versions 1.2.6, August 15, 2004, through 1.6.16, December 22, 2014, are -Copyright (c) 2004, 2006-2014 Glenn Randers-Pehrson, and are -distributed according to the same disclaimer and license as libpng-1.2.5 -with the following individual added to the list of Contributing Authors - - Cosmin Truta - -libpng versions 1.0.7, July 1, 2000, through 1.2.5 - October 3, 2002, are -Copyright (c) 2000-2002 Glenn Randers-Pehrson, and are -distributed according to the same disclaimer and license as libpng-1.0.6 -with the following individuals added to the list of Contributing Authors +libpng versions 1.0.7, July 1, 2000, through 1.6.20, December 3, 2015, are +Copyright (c) 2000-2002, 2004, 2006-2015 Glenn Randers-Pehrson, are +derived from libpng-1.0.6, and are distributed according to the same +disclaimer and license as libpng-1.0.6 with the following individuals +added to the list of Contributing Authors: Simon-Pierre Cadieux Eric S. Raymond + Mans Rullgard + Cosmin Truta Gilles Vollant + James Yu and with the following additions to the disclaimer: @@ -36,18 +33,20 @@ the user. libpng versions 0.97, January 1998, through 1.0.6, March 20, 2000, are -Copyright (c) 1998, 1999 Glenn Randers-Pehrson, and are -distributed according to the same disclaimer and license as libpng-0.96, -with the following individuals added to the list of Contributing Authors: +Copyright (c) 1998-2000 Glenn Randers-Pehrson, are derived from +libpng-0.96, and are distributed according to the same disclaimer and +license as libpng-0.96, with the following individuals added to the list +of Contributing Authors: Tom Lane Glenn Randers-Pehrson Willem van Schaik libpng versions 0.89, June 1996, through 0.96, May 1997, are -Copyright (c) 1996, 1997 Andreas Dilger -Distributed according to the same disclaimer and license as libpng-0.88, -with the following individuals added to the list of Contributing Authors: +Copyright (c) 1996-1997 Andreas Dilger, are derived from libpng-0.88, +and are distributed according to the same disclaimer and license as +libpng-0.88, with the following individuals added to the list of +Contributing Authors: John Bowler Kevin Bracey @@ -57,7 +56,7 @@ Tom Tanner libpng versions 0.5, May 1995, through 0.88, January 1996, are -Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc. +Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. For the purposes of this copyright and license, "Contributing Authors" is defined as the following set of individuals: @@ -80,13 +79,13 @@ source code, or portions hereof, for any purpose, without fee, subject to the following restrictions: -1. The origin of this source code must not be misrepresented. + 1. The origin of this source code must not be misrepresented. -2. Altered versions must be plainly marked as such and must not - be misrepresented as being the original source. + 2. Altered versions must be plainly marked as such and must not + be misrepresented as being the original source. -3. This Copyright notice may not be removed or altered from any - source or altered source distribution. + 3. This Copyright notice may not be removed or altered from any + source or altered source distribution. The Contributing Authors and Group 42, Inc. specifically permit, without fee, and encourage the use of this source code as a component to @@ -94,18 +93,20 @@ source code in a product, acknowledgment is not required but would be appreciated. +END OF COPYRIGHT NOTICE, DISCLAIMER, and LICENSE. A "png_get_copyright" function is available, for convenient use in "about" boxes and the like: - printf("%s",png_get_copyright(NULL)); + printf("%s", png_get_copyright(NULL)); Also, the PNG logo (in PNG format, of course) is supplied in the files "pngbar.png" and "pngbar.jpg (88x31) and "pngnow.png" (98x31). -Libpng is OSI Certified Open Source Software. OSI Certified Open Source is a -certification mark of the Open Source Initiative. +Libpng is OSI Certified Open Source Software. OSI Certified Open Source is +a certification mark of the Open Source Initiative. OSI has not addressed +the additional disclaimers inserted at version 1.0.7. Glenn Randers-Pehrson glennrp at users.sourceforge.net -December 22, 2014 +December 3, 2015
--- a/src/share/native/sun/awt/libpng/README Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/README Sat Sep 10 22:36:17 2016 +0100 @@ -1,4 +1,4 @@ -README for libpng version 1.6.16 - December 22, 2014 (shared library 16.0) +README for libpng version 1.6.20 - December 3, 2015 (shared library 16.0) See the note about version numbers near the top of png.h See INSTALL for instructions on how to install libpng. @@ -134,7 +134,7 @@ to others, if necessary. Please do not send suggestions on how to change PNG. We have -been discussing PNG for nineteen years now, and it is official and +been discussing PNG for twenty years now, and it is official and finished. If you have suggestions for libpng, however, I'll gladly listen. Even if your suggestion is not used immediately, it may be used later.
--- a/src/share/native/sun/awt/libpng/png.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/png.c Sat Sep 10 22:36:17 2016 +0100 @@ -29,8 +29,8 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Last changed in libpng 1.6.16 [December 22, 2014] - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Last changed in libpng 1.6.19 [November 12, 2015] + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -42,7 +42,7 @@ #include "pngpriv.h" /* Generate a compiler error if there is an old png.h in the search path. */ -typedef png_libpng_version_1_6_16 Your_png_h_is_not_version_1_6_16; +typedef png_libpng_version_1_6_20 Your_png_h_is_not_version_1_6_20; /* Tells libpng that we have already handled the first "num_bytes" bytes * of the PNG file signature. If the PNG data is embedded into another @@ -54,15 +54,20 @@ void PNGAPI png_set_sig_bytes(png_structrp png_ptr, int num_bytes) { + unsigned int nb = (unsigned int)num_bytes; + png_debug(1, "in png_set_sig_bytes"); if (png_ptr == NULL) return; - if (num_bytes > 8) + if (num_bytes < 0) + nb = 0; + + if (nb > 8) png_error(png_ptr, "Too many bytes for PNG signature"); - png_ptr->sig_bytes = (png_byte)(num_bytes < 0 ? 0 : num_bytes); + png_ptr->sig_bytes = (png_byte)nb; } /* Checks whether the supplied bytes match the PNG signature. We allow @@ -129,7 +134,7 @@ void /* PRIVATE */ png_reset_crc(png_structrp png_ptr) { - /* The cast is safe because the crc is a 32 bit value. */ + /* The cast is safe because the crc is a 32-bit value. */ png_ptr->crc = (png_uint_32)crc32(0, Z_NULL, 0); } @@ -157,7 +162,7 @@ } /* 'uLong' is defined in zlib.h as unsigned long; this means that on some - * systems it is a 64 bit value. crc32, however, returns 32 bits so the + * systems it is a 64-bit value. crc32, however, returns 32 bits so the * following cast is safe. 'uInt' may be no more than 16 bits, so it is * necessary to perform a loop here. */ @@ -168,8 +173,10 @@ do { uInt safe_length = (uInt)length; +#ifndef __COVERITY__ if (safe_length == 0) safe_length = (uInt)-1; /* evil, but safe */ +#endif crc = crc32(crc, ptr, safe_length); @@ -269,15 +276,15 @@ create_struct.user_height_max = PNG_USER_HEIGHT_MAX; # ifdef PNG_USER_CHUNK_CACHE_MAX - /* Added at libpng-1.2.43 and 1.4.0 */ - create_struct.user_chunk_cache_max = PNG_USER_CHUNK_CACHE_MAX; + /* Added at libpng-1.2.43 and 1.4.0 */ + create_struct.user_chunk_cache_max = PNG_USER_CHUNK_CACHE_MAX; # endif # ifdef PNG_USER_CHUNK_MALLOC_MAX - /* Added at libpng-1.2.43 and 1.4.1, required only for read but exists - * in png_struct regardless. - */ - create_struct.user_chunk_malloc_max = PNG_USER_CHUNK_MALLOC_MAX; + /* Added at libpng-1.2.43 and 1.4.1, required only for read but exists + * in png_struct regardless. + */ + create_struct.user_chunk_malloc_max = PNG_USER_CHUNK_MALLOC_MAX; # endif # endif @@ -301,7 +308,9 @@ # ifdef PNG_SETJMP_SUPPORTED if (!setjmp(create_jmp_buf)) +# endif { +# ifdef PNG_SETJMP_SUPPORTED /* Temporarily fake out the longjmp information until we have * successfully completed this function. This only works if we have * setjmp() support compiled in, but it is safe - this stuff should @@ -310,8 +319,6 @@ create_struct.jmp_buf_ptr = &create_jmp_buf; create_struct.jmp_buf_size = 0; /*stack allocation*/ create_struct.longjmp_fn = longjmp; -# else - { # endif /* Call the general version checker (shared with read and write code): */ @@ -330,10 +337,10 @@ create_struct.zstream.opaque = png_ptr; # ifdef PNG_SETJMP_SUPPORTED - /* Eliminate the local error handling: */ - create_struct.jmp_buf_ptr = NULL; - create_struct.jmp_buf_size = 0; - create_struct.longjmp_fn = 0; + /* Eliminate the local error handling: */ + create_struct.jmp_buf_ptr = NULL; + create_struct.jmp_buf_size = 0; + create_struct.longjmp_fn = 0; # endif *png_ptr = create_struct; @@ -439,6 +446,8 @@ free(info_ptr); info_ptr = png_voidcast(png_inforp, png_malloc_base(NULL, (sizeof *info_ptr))); + if (info_ptr == NULL) + return; *ptr_ptr = info_ptr; } @@ -504,9 +513,10 @@ /* Free any tRNS entry */ if (((mask & PNG_FREE_TRNS) & info_ptr->free_me) != 0) { + info_ptr->valid &= ~PNG_INFO_tRNS; png_free(png_ptr, info_ptr->trans_alpha); info_ptr->trans_alpha = NULL; - info_ptr->valid &= ~PNG_INFO_tRNS; + info_ptr->num_trans = 0; } #endif @@ -572,20 +582,17 @@ else { - if (info_ptr->splt_palettes_num != 0) + int i; + + for (i = 0; i < info_ptr->splt_palettes_num; i++) { - int i; - - for (i = 0; i < info_ptr->splt_palettes_num; i++) - { - png_free(png_ptr, info_ptr->splt_palettes[i].name); - png_free(png_ptr, info_ptr->splt_palettes[i].entries); - } - - png_free(png_ptr, info_ptr->splt_palettes); - info_ptr->splt_palettes = NULL; - info_ptr->splt_palettes_num = 0; + png_free(png_ptr, info_ptr->splt_palettes[i].name); + png_free(png_ptr, info_ptr->splt_palettes[i].entries); } + + png_free(png_ptr, info_ptr->splt_palettes); + info_ptr->splt_palettes = NULL; + info_ptr->splt_palettes_num = 0; info_ptr->valid &= ~PNG_INFO_sPLT; } } @@ -605,15 +612,12 @@ { int i; - if (info_ptr->unknown_chunks_num != 0) - { - for (i = 0; i < info_ptr->unknown_chunks_num; i++) - png_free(png_ptr, info_ptr->unknown_chunks[i].data); - - png_free(png_ptr, info_ptr->unknown_chunks); - info_ptr->unknown_chunks = NULL; - info_ptr->unknown_chunks_num = 0; - } + for (i = 0; i < info_ptr->unknown_chunks_num; i++) + png_free(png_ptr, info_ptr->unknown_chunks[i].data); + + png_free(png_ptr, info_ptr->unknown_chunks); + info_ptr->unknown_chunks = NULL; + info_ptr->unknown_chunks_num = 0; } } #endif @@ -694,22 +698,23 @@ } # endif -#ifdef PNG_SAVE_INT_32_SUPPORTED -/* The png_save_int_32 function assumes integers are stored in two's - * complement format. If this isn't the case, then this routine needs to - * be modified to write data in two's complement format. Note that, - * the following works correctly even if png_int_32 has more than 32 bits - * (compare the more complex code required on read for sign extension.) +# ifdef PNG_SAVE_INT_32_SUPPORTED +/* PNG signed integers are saved in 32-bit 2's complement format. ANSI C-90 + * defines a cast of a signed integer to an unsigned integer either to preserve + * the value, if it is positive, or to calculate: + * + * (UNSIGNED_MAX+1) + integer + * + * Where UNSIGNED_MAX is the appropriate maximum unsigned value, so when the + * negative integral value is added the result will be an unsigned value + * correspnding to the 2's complement representation. */ void PNGAPI png_save_int_32(png_bytep buf, png_int_32 i) { - buf[0] = (png_byte)((i >> 24) & 0xff); - buf[1] = (png_byte)((i >> 16) & 0xff); - buf[2] = (png_byte)((i >> 8) & 0xff); - buf[3] = (png_byte)(i & 0xff); + png_save_uint_32(buf, i); } -#endif +# endif # ifdef PNG_TIME_RFC1123_SUPPORTED /* Convert the supplied time into an RFC 1123 string suitable for use in @@ -753,6 +758,7 @@ APPEND(':'); APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->second); APPEND_STRING(" +0000"); /* This reliably terminates the buffer */ + PNG_UNUSED (pos) # undef APPEND # undef APPEND_NUMBER @@ -762,7 +768,7 @@ return 1; } -# if PNG_LIBPNG_VER < 10700 +# if PNG_LIBPNG_VER < 10700 /* To do: remove the following from libpng-1.7 */ /* Original API that uses a private buffer in png_struct. * Deprecated because it causes png_struct to carry a spurious temporary @@ -783,7 +789,7 @@ return NULL; } -# endif +# endif /* LIBPNG_VER < 10700 */ # endif /* TIME_RFC1123 */ #endif /* READ || WRITE */ @@ -797,14 +803,14 @@ #else # ifdef __STDC__ return PNG_STRING_NEWLINE \ - "libpng version 1.6.16 - December 22, 2014" PNG_STRING_NEWLINE \ - "Copyright (c) 1998-2014 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \ - "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ - "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \ - PNG_STRING_NEWLINE; + "libpng version 1.6.20 - December 3, 2015" PNG_STRING_NEWLINE \ + "Copyright (c) 1998-2015 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \ + "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ + "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \ + PNG_STRING_NEWLINE; # else - return "libpng version 1.6.16 - December 22, 2014\ - Copyright (c) 1998-2014 Glenn Randers-Pehrson\ + return "libpng version 1.6.20 - December 3, 2015\ + Copyright (c) 1998-2015 Glenn Randers-Pehrson\ Copyright (c) 1996-1997 Andreas Dilger\ Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."; # endif @@ -842,9 +848,9 @@ #ifdef __STDC__ return PNG_HEADER_VERSION_STRING # ifndef PNG_READ_SUPPORTED - " (NO READ SUPPORT)" + " (NO READ SUPPORT)" # endif - PNG_STRING_NEWLINE; + PNG_STRING_NEWLINE; #else return PNG_HEADER_VERSION_STRING; #endif @@ -900,9 +906,9 @@ for (i = 0, v = 0; i < num_palette; i++, v += color_inc) { - palette[i].red = (png_byte)v; - palette[i].green = (png_byte)v; - palette[i].blue = (png_byte)v; + palette[i].red = (png_byte)(v & 0xff); + palette[i].green = (png_byte)(v & 0xff); + palette[i].blue = (png_byte)(v & 0xff); } } #endif @@ -975,8 +981,6 @@ return((png_uint_32)PNG_LIBPNG_VER); } - - #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) /* Ensure that png_ptr->zstream.msg holds some appropriate error message string. * If it doesn't 'ret' is used to set it to something appropriate, even in cases @@ -1119,10 +1123,10 @@ errmsg = "gamma value out of range"; # ifdef PNG_READ_gAMA_SUPPORTED - /* Allow the application to set the gamma value more than once */ - else if ((png_ptr->mode & PNG_IS_READ_STRUCT) != 0 && - (colorspace->flags & PNG_COLORSPACE_FROM_gAMA) != 0) - errmsg = "duplicate"; + /* Allow the application to set the gamma value more than once */ + else if ((png_ptr->mode & PNG_IS_READ_STRUCT) != 0 && + (colorspace->flags & PNG_COLORSPACE_FROM_gAMA) != 0) + errmsg = "duplicate"; # endif /* Do nothing if the colorspace is already invalid */ @@ -1163,31 +1167,31 @@ PNG_INFO_iCCP); # ifdef PNG_COLORSPACE_SUPPORTED - /* Clean up the iCCP profile now if it won't be used. */ - png_free_data(png_ptr, info_ptr, PNG_FREE_ICCP, -1/*not used*/); + /* Clean up the iCCP profile now if it won't be used. */ + png_free_data(png_ptr, info_ptr, PNG_FREE_ICCP, -1/*not used*/); # else - PNG_UNUSED(png_ptr) + PNG_UNUSED(png_ptr) # endif } else { # ifdef PNG_COLORSPACE_SUPPORTED - /* Leave the INFO_iCCP flag set if the pngset.c code has already set - * it; this allows a PNG to contain a profile which matches sRGB and - * yet still have that profile retrievable by the application. - */ - if ((info_ptr->colorspace.flags & PNG_COLORSPACE_MATCHES_sRGB) != 0) - info_ptr->valid |= PNG_INFO_sRGB; - - else - info_ptr->valid &= ~PNG_INFO_sRGB; - - if ((info_ptr->colorspace.flags & PNG_COLORSPACE_HAVE_ENDPOINTS) != 0) - info_ptr->valid |= PNG_INFO_cHRM; - - else - info_ptr->valid &= ~PNG_INFO_cHRM; + /* Leave the INFO_iCCP flag set if the pngset.c code has already set + * it; this allows a PNG to contain a profile which matches sRGB and + * yet still have that profile retrievable by the application. + */ + if ((info_ptr->colorspace.flags & PNG_COLORSPACE_MATCHES_sRGB) != 0) + info_ptr->valid |= PNG_INFO_sRGB; + + else + info_ptr->valid &= ~PNG_INFO_sRGB; + + if ((info_ptr->colorspace.flags & PNG_COLORSPACE_HAVE_ENDPOINTS) != 0) + info_ptr->valid |= PNG_INFO_cHRM; + + else + info_ptr->valid &= ~PNG_INFO_cHRM; # endif if ((info_ptr->colorspace.flags & PNG_COLORSPACE_HAVE_GAMMA) != 0) @@ -1209,7 +1213,7 @@ png_colorspace_sync_info(png_ptr, info_ptr); } #endif -#endif +#endif /* GAMMA */ #ifdef PNG_COLORSPACE_SUPPORTED /* Added at libpng-1.5.5 to support read and write of true CIEXYZ values for @@ -1268,16 +1272,17 @@ /* Check xy and, implicitly, z. Note that wide gamut color spaces typically * have end points with 0 tristimulus values (these are impossible end - * points, but they are used to cover the possible colors.) + * points, but they are used to cover the possible colors). We check + * xy->whitey against 5, not 0, to avoid a possible integer overflow. */ - if (xy->redx < 0 || xy->redx > PNG_FP_1) return 1; - if (xy->redy < 0 || xy->redy > PNG_FP_1-xy->redx) return 1; + if (xy->redx < 0 || xy->redx > PNG_FP_1) return 1; + if (xy->redy < 0 || xy->redy > PNG_FP_1-xy->redx) return 1; if (xy->greenx < 0 || xy->greenx > PNG_FP_1) return 1; if (xy->greeny < 0 || xy->greeny > PNG_FP_1-xy->greenx) return 1; - if (xy->bluex < 0 || xy->bluex > PNG_FP_1) return 1; - if (xy->bluey < 0 || xy->bluey > PNG_FP_1-xy->bluex) return 1; + if (xy->bluex < 0 || xy->bluex > PNG_FP_1) return 1; + if (xy->bluey < 0 || xy->bluey > PNG_FP_1-xy->bluex) return 1; if (xy->whitex < 0 || xy->whitex > PNG_FP_1) return 1; - if (xy->whitey < 0 || xy->whitey > PNG_FP_1-xy->whitex) return 1; + if (xy->whitey < 5 || xy->whitey > PNG_FP_1-xy->whitex) return 1; /* The reverse calculation is more difficult because the original tristimulus * value had 9 independent values (red,green,blue)x(X,Y,Z) however only 8 @@ -1735,7 +1740,6 @@ */ colorspace->flags |= PNG_COLORSPACE_INVALID; png_error(png_ptr, "internal error checking chromaticities"); - break; } return 0; /* failed */ @@ -1763,7 +1767,6 @@ default: colorspace->flags |= PNG_COLORSPACE_INVALID; png_error(png_ptr, "internal error checking chromaticities"); - break; } return 0; /* failed */ @@ -2089,8 +2092,8 @@ temp = png_get_uint_32(profile+12); /* profile/device class */ switch (temp) { - case 0x73636E72: /* 'scnr' */ - case 0x6D6E7472: /* 'mntr' */ + case 0x73636e72: /* 'scnr' */ + case 0x6d6e7472: /* 'mntr' */ case 0x70727472: /* 'prtr' */ case 0x73706163: /* 'spac' */ /* All supported */ @@ -2101,7 +2104,7 @@ return png_icc_profile_error(png_ptr, colorspace, name, temp, "invalid embedded Abstract ICC profile"); - case 0x6C696E6B: /* 'link' */ + case 0x6c696e6b: /* 'link' */ /* DeviceLink profiles cannot be interpreted in a non-device specific * fashion, if an app uses the AToB0Tag in the profile the results are * undefined unless the result is sent to the intended device, @@ -2111,7 +2114,7 @@ return png_icc_profile_error(png_ptr, colorspace, name, temp, "unexpected DeviceLink ICC profile class"); - case 0x6E6D636C: /* 'nmcl' */ + case 0x6e6d636c: /* 'nmcl' */ /* A NamedColor profile is also device specific, however it doesn't * contain an AToB0 tag that is open to misinterpretation. Almost * certainly it will fail the tests below. @@ -2137,8 +2140,8 @@ temp = png_get_uint_32(profile+20); switch (temp) { - case 0x58595A20: /* 'XYZ ' */ - case 0x4C616220: /* 'Lab ' */ + case 0x58595a20: /* 'XYZ ' */ + case 0x4c616220: /* 'Lab ' */ break; default: @@ -2194,7 +2197,8 @@ return 1; /* success, maybe with warnings */ } -#if defined(PNG_sRGB_SUPPORTED) && PNG_sRGB_PROFILE_CHECKS >= 0 +#ifdef PNG_sRGB_SUPPORTED +#if PNG_sRGB_PROFILE_CHECKS >= 0 /* Information about the known ICC sRGB profiles */ static const struct { @@ -2307,8 +2311,8 @@ } /* Length *and* intent must match */ - if (length == png_sRGB_checks[i].length && - intent == png_sRGB_checks[i].intent) + if (length == (png_uint_32) png_sRGB_checks[i].length && + intent == (png_uint_32) png_sRGB_checks[i].intent) { /* Now calculate the adler32 if not done already. */ if (adler == 0) @@ -2352,8 +2356,8 @@ */ else if (png_sRGB_checks[i].have_md5 == 0) { - png_chunk_report(png_ptr, "out-of-date sRGB profile with" - " no signature", + png_chunk_report(png_ptr, + "out-of-date sRGB profile with no signature", PNG_CHUNK_WARNING); } @@ -2366,8 +2370,8 @@ * way. This probably indicates a data error or uninformed hacking. * Fall through to "no match". */ - png_chunk_report(png_ptr, "Not recognizing known sRGB profile that" - " has been edited", + png_chunk_report(png_ptr, + "Not recognizing known sRGB profile that has been edited", PNG_CHUNK_WARNING); break; # endif @@ -2377,9 +2381,8 @@ return 0; /* no match */ } -#endif - -#ifdef PNG_sRGB_SUPPORTED +#endif /* PNG_sRGB_PROFILE_CHECKS >= 0 */ + void /* PRIVATE */ png_icc_set_sRGB(png_const_structrp png_ptr, png_colorspacerp colorspace, png_const_bytep profile, uLong adler) @@ -2393,7 +2396,7 @@ (void)png_colorspace_set_sRGB(png_ptr, colorspace, (int)/*already checked*/png_get_uint_32(profile+64)); } -#endif /* READ_sRGB */ +#endif /* sRGB */ int /* PRIVATE */ png_colorspace_set_ICC(png_const_structrp png_ptr, png_colorspacerp colorspace, @@ -2485,7 +2488,7 @@ png_error(png_ptr, "internal error handling cHRM->XYZ"); } } -#endif +#endif /* READ_RGB_TO_GRAY */ #endif /* COLORSPACE */ @@ -2514,18 +2517,19 @@ png_warning(png_ptr, "Image width is zero in IHDR"); error = 1; } - else if (width > PNG_UINT_31_MAX) + + if (width > PNG_UINT_31_MAX) { png_warning(png_ptr, "Invalid image width in IHDR"); error = 1; } - else if (png_gt(width, - (PNG_SIZE_MAX >> 3) /* 8-byte RGBA pixels */ - - 48 /* big_row_buf hack */ - - 1 /* filter byte */ - - 7*8 /* rounding width to multiple of 8 pix */ - - 8)) /* extra max_pixel_depth pad */ + if (png_gt(((width + 7) & (~7)), + ((PNG_SIZE_MAX + - 48 /* big_row_buf hack */ + - 1) /* filter byte */ + / 8) /* 8-byte RGBA pixels */ + - 1)) /* extra max_pixel_depth pad */ { /* The size of the row must be within the limits of this architecture. * Because the read code can perform arbitrary transformations the @@ -2541,17 +2545,15 @@ png_warning(png_ptr, "Image width is too large for this architecture"); error = 1; } - else + +#ifdef PNG_SET_USER_LIMITS_SUPPORTED + if (width > png_ptr->user_width_max) +#else + if (width > PNG_USER_WIDTH_MAX) +#endif { -# ifdef PNG_SET_USER_LIMITS_SUPPORTED - if (width > png_ptr->user_width_max) -# else - if (width > PNG_USER_WIDTH_MAX) -# endif - { - png_warning(png_ptr, "Image width exceeds user limit in IHDR"); - error = 1; - } + png_warning(png_ptr, "Image width exceeds user limit in IHDR"); + error = 1; } if (height == 0) @@ -2559,22 +2561,21 @@ png_warning(png_ptr, "Image height is zero in IHDR"); error = 1; } - else if (height > PNG_UINT_31_MAX) + + if (height > PNG_UINT_31_MAX) { png_warning(png_ptr, "Invalid image height in IHDR"); error = 1; } - else + +#ifdef PNG_SET_USER_LIMITS_SUPPORTED + if (height > png_ptr->user_height_max) +#else + if (height > PNG_USER_HEIGHT_MAX) +#endif { -# ifdef PNG_SET_USER_LIMITS_SUPPORTED - if (height > png_ptr->user_height_max) -# else - if (height > PNG_USER_HEIGHT_MAX) -# endif - { - png_warning(png_ptr, "Image height exceeds user limit in IHDR"); - error = 1; - } + png_warning(png_ptr, "Image height exceeds user limit in IHDR"); + error = 1; } /* Check other values */ @@ -2613,7 +2614,7 @@ error = 1; } -# ifdef PNG_MNG_FEATURES_SUPPORTED +#ifdef PNG_MNG_FEATURES_SUPPORTED /* Accept filter_method 64 (intrapixel differencing) only if * 1. Libpng was compiled with PNG_MNG_FEATURES_SUPPORTED and * 2. Libpng did not read a PNG signature (this filter_method is only @@ -2646,13 +2647,13 @@ } } -# else +#else if (filter_type != PNG_FILTER_TYPE_BASE) { png_warning(png_ptr, "Unknown filter method in IHDR"); error = 1; } -# endif +#endif if (error == 1) png_error(png_ptr, "Invalid IHDR data"); @@ -2878,7 +2879,7 @@ if (fp >= DBL_MIN && fp <= DBL_MAX) { - int exp_b10; /* A base 10 exponent */ + int exp_b10; /* A base 10 exponent */ double base; /* 10^exp_b10 */ /* First extract a base 10 exponent of the number, @@ -2926,7 +2927,7 @@ */ { - int czero, clead, cdigits; + unsigned int czero, clead, cdigits; char exponent[10]; /* Allow up to two leading zeros - this will not lengthen @@ -2956,7 +2957,7 @@ * of the loop don't break the number into parts so * that the final digit is rounded. */ - if (cdigits+czero-clead+1 < (int)precision) + if (cdigits+czero+1 < precision+clead) fp = modf(fp, &d); else @@ -3062,14 +3063,14 @@ *ascii++ = (char)(48 + (int)d), ++cdigits; } } - while (cdigits+czero-clead < (int)precision && fp > DBL_MIN); + while (cdigits+czero < precision+clead && fp > DBL_MIN); /* The total output count (max) is now 4+precision */ /* Check for an exponent, if we don't need one we are * done and just need to terminate the string. At * this point exp_b10==(-1) is effectively if flag - it got - * to '-1' because of the decrement after outputing + * to '-1' because of the decrement after outputting * the decimal point above (the exponent required is * *not* -1!) */ @@ -3077,7 +3078,7 @@ { /* The following only happens if we didn't output the * leading zeros above for negative exponent, so this - * doest add to the digit requirement. Note that the + * doesn't add to the digit requirement. Note that the * two zeros here can only be output if the two leading * zeros were *not* output, so this doesn't increase * the output count. @@ -3130,7 +3131,7 @@ /* Need another size check here for the exponent digits, so * this need not be considered above. */ - if ((int)size > cdigits) + if (size > cdigits) { while (cdigits > 0) *ascii++ = exponent[--cdigits]; @@ -3178,7 +3179,7 @@ /* Avoid overflow here on the minimum integer. */ if (fp < 0) - *ascii++ = 45, --size, num = -fp; + *ascii++ = 45, num = -fp; else num = fp; @@ -3234,7 +3235,7 @@ png_error(png_ptr, "ASCII conversion buffer too small"); } # endif /* FIXED_POINT */ -#endif /* READ_SCAL */ +#endif /* SCAL */ #if defined(PNG_FLOATING_POINT_SUPPORTED) && \ !defined(PNG_FIXED_POINT_MACRO_SUPPORTED) && \ @@ -3252,7 +3253,7 @@ png_fixed_error(png_ptr, text); # ifndef PNG_ERROR_TEXT_SUPPORTED - PNG_UNUSED(text) + PNG_UNUSED(text) # endif return (png_fixed_point)r; @@ -3433,29 +3434,29 @@ #endif #ifdef PNG_READ_GAMMA_SUPPORTED -#if defined(PNG_16BIT_SUPPORTED) || !defined(PNG_FLOATING_ARITHMETIC_SUPPORTED) +#ifdef PNG_16BIT_SUPPORTED /* A local convenience routine. */ static png_fixed_point png_product2(png_fixed_point a, png_fixed_point b) { /* The required result is 1/a * 1/b; the following preserves accuracy. */ -# ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED +#ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED double r = a * 1E-5; r *= b; r = floor(r+.5); if (r <= 2147483647. && r >= -2147483648.) return (png_fixed_point)r; -# else +#else png_fixed_point res; if (png_muldiv(&res, a, b, 100000) != 0) return res; -# endif +#endif return 0; /* overflow */ } -#endif /* 16BIT || !FLOATING_ARITHMETIC */ +#endif /* 16BIT */ /* The inverse of the above. */ png_fixed_point @@ -3463,12 +3464,15 @@ { /* The required result is 1/a * 1/b; the following preserves accuracy. */ #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED - double r = 1E15/a; - r /= b; - r = floor(r+.5); - - if (r <= 2147483647. && r >= -2147483648.) - return (png_fixed_point)r; + if (a != 0 && b != 0) + { + double r = 1E15/a; + r /= b; + r = floor(r+.5); + + if (r <= 2147483647. && r >= -2147483648.) + return (png_fixed_point)r; + } #else /* This may overflow because the range of png_fixed_point isn't symmetric, * but this API is only used for the product of file and screen gamma so it @@ -3706,7 +3710,7 @@ if (x > 0 && x <= 0xfffff) /* Else overflow or zero (underflow) */ { /* Obtain a 4-bit approximation */ - png_uint_32 e = png_32bit_exp[(x >> 12) & 0xf]; + png_uint_32 e = png_32bit_exp[(x >> 12) & 0x0f]; /* Incorporate the low 12 bits - these decrease the returned value by * multiplying by a number less than 1 if the bit is set. The multiplier @@ -3759,7 +3763,7 @@ * step. */ x -= x >> 8; - return (png_byte)((x + 0x7fffffU) >> 24); + return (png_byte)(((x + 0x7fffffU) >> 24) & 0xff); } #ifdef PNG_16BIT_SUPPORTED @@ -3820,7 +3824,7 @@ # endif } - return (png_byte)value; + return (png_byte)(value & 0xff); } #ifdef PNG_16BIT_SUPPORTED @@ -4042,7 +4046,7 @@ else for (i=0; i<256; ++i) - table[i] = (png_byte)i; + table[i] = (png_byte)(i & 0xff); } /* Used from png_read_destroy and below to release the memory used by the gamma @@ -4182,7 +4186,8 @@ * */ if (sig_bit > 0 && sig_bit < 16U) - shift = (png_byte)(16U - sig_bit); /* shift == insignificant bits */ + /* shift == insignificant bits */ + shift = (png_byte)((16U - sig_bit) & 0xff); else shift = 0; /* keep all 16 bits */ @@ -4251,7 +4256,7 @@ int setting = (2 + (onoff != 0)) << option; int current = png_ptr->options; - png_ptr->options = (png_byte)((current & ~mask) | setting); + png_ptr->options = (png_byte)(((current & ~mask) | setting) & 0xff); return (current & mask) >> option; } @@ -4267,7 +4272,7 @@ * contrib/tools/makesRGB.c. The actual sRGB transfer curve defined in the * specification (see the article at http://en.wikipedia.org/wiki/SRGB) * is used, not the gamma=1/2.2 approximation use elsewhere in libpng. - * The sRGB to linear table is exact (to the nearest 16 bit linear fraction). + * The sRGB to linear table is exact (to the nearest 16-bit linear fraction). * The inverse (linear to sRGB) table has accuracies as follows: * * For all possible (255*65535+1) input values:
--- a/src/share/native/sun/awt/libpng/png.h Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/png.h Sat Sep 10 22:36:17 2016 +0100 @@ -29,8 +29,9 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * libpng version 1.6.16, December 22, 2014 - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * libpng version 1.6.20, December 3, 2015 + * + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -38,17 +39,137 @@ * * Authors and maintainers: * libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat - * libpng versions 0.89c, June 1996, through 0.96, May 1997: Andreas Dilger - * libpng versions 0.97, January 1998, through 1.6.16, December 22, 2014: Glenn + * libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger + * libpng versions 0.97, January 1998, through 1.6.20, December 3, 2015: + * Glenn Randers-Pehrson. * See also "Contributing Authors", below. + */ + +/* + * COPYRIGHT NOTICE, DISCLAIMER, and LICENSE: * - * Note about libpng version numbers: + * If you modify libpng you may insert additional notices immediately following + * this sentence. + * + * This code is released under the libpng license. + * + * libpng versions 1.0.7, July 1, 2000, through 1.6.20, December 3, 2015, are + * Copyright (c) 2000-2002, 2004, 2006-2015 Glenn Randers-Pehrson, are + * derived from libpng-1.0.6, and are distributed according to the same + * disclaimer and license as libpng-1.0.6 with the following individuals + * added to the list of Contributing Authors: + * + * Simon-Pierre Cadieux + * Eric S. Raymond + * Mans Rullgard + * Cosmin Truta + * Gilles Vollant + * James Yu + * + * and with the following additions to the disclaimer: + * + * There is no warranty against interference with your enjoyment of the + * library or against infringement. There is no warranty that our + * efforts or the library will fulfill any of your particular purposes + * or needs. This library is provided with all faults, and the entire + * risk of satisfactory quality, performance, accuracy, and effort is with + * the user. + * + * libpng versions 0.97, January 1998, through 1.0.6, March 20, 2000, are + * Copyright (c) 1998-2000 Glenn Randers-Pehrson, are derived from + * libpng-0.96, and are distributed according to the same disclaimer and + * license as libpng-0.96, with the following individuals added to the list + * of Contributing Authors: + * + * Tom Lane + * Glenn Randers-Pehrson + * Willem van Schaik + * + * libpng versions 0.89, June 1996, through 0.96, May 1997, are + * Copyright (c) 1996-1997 Andreas Dilger, are derived from libpng-0.88, + * and are distributed according to the same disclaimer and license as + * libpng-0.88, with the following individuals added to the list of + * Contributing Authors: + * + * John Bowler + * Kevin Bracey + * Sam Bushell + * Magnus Holmgren + * Greg Roelofs + * Tom Tanner + * + * libpng versions 0.5, May 1995, through 0.88, January 1996, are + * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. + * + * For the purposes of this copyright and license, "Contributing Authors" + * is defined as the following set of individuals: * - * Due to various miscommunications, unforeseen code incompatibilities - * and occasional factors outside the authors' control, version numbering - * on the library has not always been consistent and straightforward. - * The following table summarizes matters since version 0.89c, which was - * the first widely used release: + * Andreas Dilger + * Dave Martindale + * Guy Eric Schalnat + * Paul Schmidt + * Tim Wegner + * + * The PNG Reference Library is supplied "AS IS". The Contributing Authors + * and Group 42, Inc. disclaim all warranties, expressed or implied, + * including, without limitation, the warranties of merchantability and of + * fitness for any purpose. The Contributing Authors and Group 42, Inc. + * assume no liability for direct, indirect, incidental, special, exemplary, + * or consequential damages, which may result from the use of the PNG + * Reference Library, even if advised of the possibility of such damage. + * + * Permission is hereby granted to use, copy, modify, and distribute this + * source code, or portions hereof, for any purpose, without fee, subject + * to the following restrictions: + * + * 1. The origin of this source code must not be misrepresented. + * + * 2. Altered versions must be plainly marked as such and must not + * be misrepresented as being the original source. + * + * 3. This Copyright notice may not be removed or altered from any + * source or altered source distribution. + * + * The Contributing Authors and Group 42, Inc. specifically permit, without + * fee, and encourage the use of this source code as a component to + * supporting the PNG file format in commercial products. If you use this + * source code in a product, acknowledgment is not required but would be + * appreciated. + * + * END OF COPYRIGHT NOTICE, DISCLAIMER, and LICENSE. + */ + +/* + * A "png_get_copyright" function is available, for convenient use in "about" + * boxes and the like: + * + * printf("%s", png_get_copyright(NULL)); + * + * Also, the PNG logo (in PNG format, of course) is supplied in the + * files "pngbar.png" and "pngbar.jpg (88x31) and "pngnow.png" (98x31). + */ + +/* + * Libpng is OSI Certified Open Source Software. OSI Certified Open Source is + * a certification mark of the Open Source Initiative. OSI has not addressed + * the additional disclaimers inserted at version 1.0.7. + */ + +/* + * The contributing authors would like to thank all those who helped + * with testing, bug fixes, and patience. This wouldn't have been + * possible without all of you. + * + * Thanks to Frank J. T. Wojcik for helping with the documentation. + */ + +/* Note about libpng version numbers: + * + * Due to various miscommunications, unforeseen code incompatibilities + * and occasional factors outside the authors' control, version numbering + * on the library has not always been consistent and straightforward. + * The following table summarizes matters since version 0.89c, which was + * the first widely used release: * * source png.h png.h shared-lib * version string int version @@ -86,310 +207,48 @@ * 1.0.7beta15-18 1 10007 2.1.0.7beta15-18 (binary compatible) * 1.0.7rc1-2 1 10007 2.1.0.7rc1-2 (binary compatible) * 1.0.7 1 10007 (still compatible) - * 1.0.8beta1-4 1 10008 2.1.0.8beta1-4 - * 1.0.8rc1 1 10008 2.1.0.8rc1 - * 1.0.8 1 10008 2.1.0.8 - * 1.0.9beta1-6 1 10009 2.1.0.9beta1-6 - * 1.0.9rc1 1 10009 2.1.0.9rc1 - * 1.0.9beta7-10 1 10009 2.1.0.9beta7-10 - * 1.0.9rc2 1 10009 2.1.0.9rc2 - * 1.0.9 1 10009 2.1.0.9 - * 1.0.10beta1 1 10010 2.1.0.10beta1 - * 1.0.10rc1 1 10010 2.1.0.10rc1 - * 1.0.10 1 10010 2.1.0.10 - * 1.0.11beta1-3 1 10011 2.1.0.11beta1-3 - * 1.0.11rc1 1 10011 2.1.0.11rc1 - * 1.0.11 1 10011 2.1.0.11 - * 1.0.12beta1-2 2 10012 2.1.0.12beta1-2 - * 1.0.12rc1 2 10012 2.1.0.12rc1 - * 1.0.12 2 10012 2.1.0.12 - * 1.1.0a-f - 10100 2.1.1.0a-f (branch abandoned) - * 1.2.0beta1-2 2 10200 2.1.2.0beta1-2 - * 1.2.0beta3-5 3 10200 3.1.2.0beta3-5 - * 1.2.0rc1 3 10200 3.1.2.0rc1 - * 1.2.0 3 10200 3.1.2.0 - * 1.2.1beta1-4 3 10201 3.1.2.1beta1-4 - * 1.2.1rc1-2 3 10201 3.1.2.1rc1-2 - * 1.2.1 3 10201 3.1.2.1 - * 1.2.2beta1-6 12 10202 12.so.0.1.2.2beta1-6 - * 1.0.13beta1 10 10013 10.so.0.1.0.13beta1 - * 1.0.13rc1 10 10013 10.so.0.1.0.13rc1 - * 1.2.2rc1 12 10202 12.so.0.1.2.2rc1 - * 1.0.13 10 10013 10.so.0.1.0.13 - * 1.2.2 12 10202 12.so.0.1.2.2 - * 1.2.3rc1-6 12 10203 12.so.0.1.2.3rc1-6 - * 1.2.3 12 10203 12.so.0.1.2.3 - * 1.2.4beta1-3 13 10204 12.so.0.1.2.4beta1-3 - * 1.0.14rc1 13 10014 10.so.0.1.0.14rc1 - * 1.2.4rc1 13 10204 12.so.0.1.2.4rc1 - * 1.0.14 10 10014 10.so.0.1.0.14 - * 1.2.4 13 10204 12.so.0.1.2.4 - * 1.2.5beta1-2 13 10205 12.so.0.1.2.5beta1-2 - * 1.0.15rc1-3 10 10015 10.so.0.1.0.15rc1-3 - * 1.2.5rc1-3 13 10205 12.so.0.1.2.5rc1-3 - * 1.0.15 10 10015 10.so.0.1.0.15 - * 1.2.5 13 10205 12.so.0.1.2.5 - * 1.2.6beta1-4 13 10206 12.so.0.1.2.6beta1-4 - * 1.0.16 10 10016 10.so.0.1.0.16 - * 1.2.6 13 10206 12.so.0.1.2.6 - * 1.2.7beta1-2 13 10207 12.so.0.1.2.7beta1-2 - * 1.0.17rc1 10 10017 12.so.0.1.0.17rc1 - * 1.2.7rc1 13 10207 12.so.0.1.2.7rc1 - * 1.0.17 10 10017 12.so.0.1.0.17 - * 1.2.7 13 10207 12.so.0.1.2.7 - * 1.2.8beta1-5 13 10208 12.so.0.1.2.8beta1-5 - * 1.0.18rc1-5 10 10018 12.so.0.1.0.18rc1-5 - * 1.2.8rc1-5 13 10208 12.so.0.1.2.8rc1-5 - * 1.0.18 10 10018 12.so.0.1.0.18 - * 1.2.8 13 10208 12.so.0.1.2.8 - * 1.2.9beta1-3 13 10209 12.so.0.1.2.9beta1-3 - * 1.2.9beta4-11 13 10209 12.so.0.9[.0] - * 1.2.9rc1 13 10209 12.so.0.9[.0] - * 1.2.9 13 10209 12.so.0.9[.0] - * 1.2.10beta1-7 13 10210 12.so.0.10[.0] - * 1.2.10rc1-2 13 10210 12.so.0.10[.0] - * 1.2.10 13 10210 12.so.0.10[.0] - * 1.4.0beta1-5 14 10400 14.so.0.0[.0] - * 1.2.11beta1-4 13 10211 12.so.0.11[.0] - * 1.4.0beta7-8 14 10400 14.so.0.0[.0] - * 1.2.11 13 10211 12.so.0.11[.0] - * 1.2.12 13 10212 12.so.0.12[.0] - * 1.4.0beta9-14 14 10400 14.so.0.0[.0] - * 1.2.13 13 10213 12.so.0.13[.0] - * 1.4.0beta15-36 14 10400 14.so.0.0[.0] - * 1.4.0beta37-87 14 10400 14.so.14.0[.0] - * 1.4.0rc01 14 10400 14.so.14.0[.0] - * 1.4.0beta88-109 14 10400 14.so.14.0[.0] - * 1.4.0rc02-08 14 10400 14.so.14.0[.0] - * 1.4.0 14 10400 14.so.14.0[.0] - * 1.4.1beta01-03 14 10401 14.so.14.1[.0] - * 1.4.1rc01 14 10401 14.so.14.1[.0] - * 1.4.1beta04-12 14 10401 14.so.14.1[.0] - * 1.4.1 14 10401 14.so.14.1[.0] - * 1.4.2 14 10402 14.so.14.2[.0] - * 1.4.3 14 10403 14.so.14.3[.0] - * 1.4.4 14 10404 14.so.14.4[.0] - * 1.5.0beta01-58 15 10500 15.so.15.0[.0] - * 1.5.0rc01-07 15 10500 15.so.15.0[.0] - * 1.5.0 15 10500 15.so.15.0[.0] - * 1.5.1beta01-11 15 10501 15.so.15.1[.0] - * 1.5.1rc01-02 15 10501 15.so.15.1[.0] - * 1.5.1 15 10501 15.so.15.1[.0] - * 1.5.2beta01-03 15 10502 15.so.15.2[.0] - * 1.5.2rc01-03 15 10502 15.so.15.2[.0] - * 1.5.2 15 10502 15.so.15.2[.0] - * 1.5.3beta01-10 15 10503 15.so.15.3[.0] - * 1.5.3rc01-02 15 10503 15.so.15.3[.0] - * 1.5.3beta11 15 10503 15.so.15.3[.0] - * 1.5.3 [omitted] - * 1.5.4beta01-08 15 10504 15.so.15.4[.0] - * 1.5.4rc01 15 10504 15.so.15.4[.0] - * 1.5.4 15 10504 15.so.15.4[.0] - * 1.5.5beta01-08 15 10505 15.so.15.5[.0] - * 1.5.5rc01 15 10505 15.so.15.5[.0] - * 1.5.5 15 10505 15.so.15.5[.0] - * 1.5.6beta01-07 15 10506 15.so.15.6[.0] - * 1.5.6rc01-03 15 10506 15.so.15.6[.0] - * 1.5.6 15 10506 15.so.15.6[.0] - * 1.5.7beta01-05 15 10507 15.so.15.7[.0] - * 1.5.7rc01-03 15 10507 15.so.15.7[.0] - * 1.5.7 15 10507 15.so.15.7[.0] - * 1.6.0beta01-40 16 10600 16.so.16.0[.0] - * 1.6.0rc01-08 16 10600 16.so.16.0[.0] - * 1.6.0 16 10600 16.so.16.0[.0] - * 1.6.1beta01-09 16 10601 16.so.16.1[.0] - * 1.6.1rc01 16 10601 16.so.16.1[.0] - * 1.6.1 16 10601 16.so.16.1[.0] - * 1.6.2beta01 16 10602 16.so.16.2[.0] - * 1.6.2rc01-06 16 10602 16.so.16.2[.0] - * 1.6.2 16 10602 16.so.16.2[.0] - * 1.6.3beta01-11 16 10603 16.so.16.3[.0] - * 1.6.3rc01 16 10603 16.so.16.3[.0] - * 1.6.3 16 10603 16.so.16.3[.0] - * 1.6.4beta01-02 16 10604 16.so.16.4[.0] - * 1.6.4rc01 16 10604 16.so.16.4[.0] - * 1.6.4 16 10604 16.so.16.4[.0] - * 1.6.5 16 10605 16.so.16.5[.0] - * 1.6.6 16 10606 16.so.16.6[.0] - * 1.6.7beta01-04 16 10607 16.so.16.7[.0] - * 1.6.7rc01-03 16 10607 16.so.16.7[.0] - * 1.6.7 16 10607 16.so.16.7[.0] - * 1.6.8beta01-02 16 10608 16.so.16.8[.0] - * 1.6.8rc01-02 16 10608 16.so.16.8[.0] - * 1.6.8 16 10608 16.so.16.8[.0] - * 1.6.9beta01-04 16 10609 16.so.16.9[.0] - * 1.6.9rc01-02 16 10609 16.so.16.9[.0] - * 1.6.9 16 10609 16.so.16.9[.0] - * 1.6.10beta01-03 16 10610 16.so.16.10[.0] - * 1.6.10rc01-03 16 10610 16.so.16.10[.0] - * 1.6.10 16 10610 16.so.16.10[.0] - * 1.6.11beta01-06 16 10611 16.so.16.11[.0] - * 1.6.11rc01-02 16 10611 16.so.16.11[.0] - * 1.6.11 16 10611 16.so.16.11[.0] - * 1.6.12rc01-03 16 10612 16.so.16.12[.0] - * 1.6.12 16 10612 16.so.16.12[.0] - * 1.6.13beta01-04 16 10613 16.so.16.13[.0] - * 1.6.13rc01-02 16 10613 16.so.16.13[.0] - * 1.6.13 16 10613 16.so.16.13[.0] - * 1.6.14beta01-07 16 10614 16.so.16.14[.0] - * 1.6.14rc01-02 16 10614 16.so.16.14[.0] - * 1.6.14 16 10614 16.so.16.14[.0] - * 1.6.15beta01-08 16 10615 16.so.16.15[.0] - * 1.6.15rc01-03 16 10615 16.so.16.15[.0] - * 1.6.15 16 10615 16.so.16.15[.0] - * 1.6.16beta01-03 16 10616 16.so.16.16[.0] - * 1.6.16rc01-02 16 10616 16.so.16.16[.0] - * 1.6.16 16 10616 16.so.16.16[.0] + * ... + * 1.0.19 10 10019 10.so.0.19[.0] + * ... + * 1.2.53 13 10253 12.so.0.53[.0] + * ... + * 1.5.23 15 10523 15.so.15.23[.0] + * ... + * 1.6.20 16 10620 16.so.16.20[.0] * - * Henceforth the source version will match the shared-library major - * and minor numbers; the shared-library major version number will be - * used for changes in backward compatibility, as it is intended. The - * PNG_LIBPNG_VER macro, which is not used within libpng but is available - * for applications, is an unsigned integer of the form xyyzz corresponding - * to the source version x.y.z (leading zeros in y and z). Beta versions - * were given the previous public release number plus a letter, until - * version 1.0.6j; from then on they were given the upcoming public - * release number plus "betaNN" or "rcNN". - * - * Binary incompatibility exists only when applications make direct access - * to the info_ptr or png_ptr members through png.h, and the compiled - * application is loaded with a different version of the library. - * - * DLLNUM will change each time there are forward or backward changes - * in binary compatibility (e.g., when a new feature is added). - * - * See libpng-manual.txt or libpng.3 for more information. The PNG - * specification is available as a W3C Recommendation and as an ISO - * Specification, <http://www.w3.org/TR/2003/REC-PNG-20031110/ - */ - -/* - * COPYRIGHT NOTICE, DISCLAIMER, and LICENSE: - * - * If you modify libpng you may insert additional notices immediately following - * this sentence. - * - * This code is released under the libpng license. - * - * libpng versions 1.2.6, August 15, 2004, through 1.6.16, December 22, 2014, are - * Copyright (c) 2004, 2006-2014 Glenn Randers-Pehrson, and are - * distributed according to the same disclaimer and license as libpng-1.2.5 - * with the following individual added to the list of Contributing Authors: - * - * Cosmin Truta - * - * libpng versions 1.0.7, July 1, 2000, through 1.2.5, October 3, 2002, are - * Copyright (c) 2000-2002 Glenn Randers-Pehrson, and are - * distributed according to the same disclaimer and license as libpng-1.0.6 - * with the following individuals added to the list of Contributing Authors: - * - * Simon-Pierre Cadieux - * Eric S. Raymond - * Gilles Vollant - * - * and with the following additions to the disclaimer: - * - * There is no warranty against interference with your enjoyment of the - * library or against infringement. There is no warranty that our - * efforts or the library will fulfill any of your particular purposes - * or needs. This library is provided with all faults, and the entire - * risk of satisfactory quality, performance, accuracy, and effort is with - * the user. - * - * libpng versions 0.97, January 1998, through 1.0.6, March 20, 2000, are - * Copyright (c) 1998, 1999, 2000 Glenn Randers-Pehrson, and are - * distributed according to the same disclaimer and license as libpng-0.96, - * with the following individuals added to the list of Contributing Authors: - * - * Tom Lane - * Glenn Randers-Pehrson - * Willem van Schaik + * Henceforth the source version will match the shared-library major + * and minor numbers; the shared-library major version number will be + * used for changes in backward compatibility, as it is intended. The + * PNG_LIBPNG_VER macro, which is not used within libpng but is available + * for applications, is an unsigned integer of the form xyyzz corresponding + * to the source version x.y.z (leading zeros in y and z). Beta versions + * were given the previous public release number plus a letter, until + * version 1.0.6j; from then on they were given the upcoming public + * release number plus "betaNN" or "rcNN". * - * libpng versions 0.89, June 1996, through 0.96, May 1997, are - * Copyright (c) 1996, 1997 Andreas Dilger - * Distributed according to the same disclaimer and license as libpng-0.88, - * with the following individuals added to the list of Contributing Authors: - * - * John Bowler - * Kevin Bracey - * Sam Bushell - * Magnus Holmgren - * Greg Roelofs - * Tom Tanner - * - * libpng versions 0.5, May 1995, through 0.88, January 1996, are - * Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc. - * - * For the purposes of this copyright and license, "Contributing Authors" - * is defined as the following set of individuals: - * - * Andreas Dilger - * Dave Martindale - * Guy Eric Schalnat - * Paul Schmidt - * Tim Wegner - * - * The PNG Reference Library is supplied "AS IS". The Contributing Authors - * and Group 42, Inc. disclaim all warranties, expressed or implied, - * including, without limitation, the warranties of merchantability and of - * fitness for any purpose. The Contributing Authors and Group 42, Inc. - * assume no liability for direct, indirect, incidental, special, exemplary, - * or consequential damages, which may result from the use of the PNG - * Reference Library, even if advised of the possibility of such damage. - * - * Permission is hereby granted to use, copy, modify, and distribute this - * source code, or portions hereof, for any purpose, without fee, subject - * to the following restrictions: + * Binary incompatibility exists only when applications make direct access + * to the info_ptr or png_ptr members through png.h, and the compiled + * application is loaded with a different version of the library. * - * 1. The origin of this source code must not be misrepresented. - * - * 2. Altered versions must be plainly marked as such and must not - * be misrepresented as being the original source. - * - * 3. This Copyright notice may not be removed or altered from - * any source or altered source distribution. + * DLLNUM will change each time there are forward or backward changes + * in binary compatibility (e.g., when a new feature is added). * - * The Contributing Authors and Group 42, Inc. specifically permit, without - * fee, and encourage the use of this source code as a component to - * supporting the PNG file format in commercial products. If you use this - * source code in a product, acknowledgment is not required but would be - * appreciated. - */ - -/* - * A "png_get_copyright" function is available, for convenient use in "about" - * boxes and the like: - * - * printf("%s", png_get_copyright(NULL)); - * - * Also, the PNG logo (in PNG format, of course) is supplied in the - * files "pngbar.png" and "pngbar.jpg (88x31) and "pngnow.png" (98x31). - */ - -/* - * Libpng is OSI Certified Open Source Software. OSI Certified is a - * certification mark of the Open Source Initiative. - */ - -/* - * The contributing authors would like to thank all those who helped - * with testing, bug fixes, and patience. This wouldn't have been - * possible without all of you. - * - * Thanks to Frank J. T. Wojcik for helping with the documentation. + * See libpng.txt or libpng.3 for more information. The PNG specification + * is available as a W3C Recommendation and as an ISO Specification, + * <http://www.w3.org/TR/2003/REC-PNG-20031110/ */ /* * Y2K compliance in libpng: * ========================= * - * December 22, 2014 + * December 3, 2015 * * Since the PNG Development group is an ad-hoc body, we can't make * an official declaration. * * This is your unofficial assurance that libpng from version 0.71 and - * upward through 1.6.16 are Y2K compliant. It is my belief that + * upward through 1.6.20 are Y2K compliant. It is my belief that * earlier versions were also Y2K compliant. * * Libpng only has two year fields. One is a 2-byte unsigned integer @@ -451,9 +310,9 @@ */ /* Version information for png.h - this should match the version in png.c */ -#define PNG_LIBPNG_VER_STRING "1.6.16" +#define PNG_LIBPNG_VER_STRING "1.6.20" #define PNG_HEADER_VERSION_STRING \ - " libpng version 1.6.16 - December 22, 2014\n" + " libpng version 1.6.20 - December 3, 2015\n" #define PNG_LIBPNG_VER_SONUM 16 #define PNG_LIBPNG_VER_DLLNUM 16 @@ -461,7 +320,7 @@ /* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */ #define PNG_LIBPNG_VER_MAJOR 1 #define PNG_LIBPNG_VER_MINOR 6 -#define PNG_LIBPNG_VER_RELEASE 16 +#define PNG_LIBPNG_VER_RELEASE 20 /* This should match the numeric part of the final component of * PNG_LIBPNG_VER_STRING, omitting any leading zero: @@ -492,7 +351,7 @@ * version 1.0.0 was mis-numbered 100 instead of 10000). From * version 1.0.1 it's xxyyzz, where x=major, y=minor, z=release */ -#define PNG_LIBPNG_VER 10616 /* 1.6.16 */ +#define PNG_LIBPNG_VER 10620 /* 1.6.20 */ /* Library configuration: these options cannot be changed after * the library has been built. @@ -549,17 +408,22 @@ /* This file is arranged in several sections: * - * 1. Any configuration options that can be specified by for the application + * 1. [omitted] + * 2. Any configuration options that can be specified by for the application * code when it is built. (Build time configuration is in pnglibconf.h) - * 2. Type definitions (base types are defined in pngconf.h), structure + * 3. Type definitions (base types are defined in pngconf.h), structure * definitions. - * 3. Exported library functions. - * 4. Simplified API. + * 4. Exported library functions. + * 5. Simplified API. + * 6. Implementation options. * * The library source code has additional files (principally pngpriv.h) that * allow configuration of the library. */ -/* Section 1: run time configuration + +/* Section 1: [omitted] */ + +/* Section 2: run time configuration * See pnglibconf.h for build time configuration * * Run time configuration allows the application to choose between @@ -589,7 +453,7 @@ * Otherwise the calls are mapped to png_error. */ -/* Section 2: type definitions, including structures and compile time +/* Section 3: type definitions, including structures and compile time * constants. * See pngconf.h for base types that vary by machine/system */ @@ -597,7 +461,7 @@ /* This triggers a compiler error in png.c, if png.c and png.h * do not agree upon the version number. */ -typedef char* png_libpng_version_1_6_16; +typedef char* png_libpng_version_1_6_20; /* Basic control structions. Read libpng-manual.txt or libpng.3 for more info. * @@ -913,7 +777,9 @@ #define PNG_INFO_iCCP 0x1000 /* ESR, 1.0.6 */ #define PNG_INFO_sPLT 0x2000 /* ESR, 1.0.6 */ #define PNG_INFO_sCAL 0x4000 /* ESR, 1.0.6 */ +#if INT_MAX >= 0x8000 /* else this might break */ #define PNG_INFO_IDAT 0x8000 /* ESR, 1.0.6 */ +#endif /* This is used for the transformation routines, as some of them * change these values for the row. It also should enable using @@ -1017,7 +883,9 @@ #define PNG_TRANSFORM_GRAY_TO_RGB 0x2000 /* read only */ /* Added to libpng-1.5.4 */ #define PNG_TRANSFORM_EXPAND_16 0x4000 /* read only */ +#if INT_MAX >= 0x8000 /* else this might break */ #define PNG_TRANSFORM_SCALE_16 0x8000 /* read only */ +#endif /* Flags for MNG supported features */ #define PNG_FLAG_MNG_EMPTY_PLTE 0x01 @@ -1034,7 +902,7 @@ png_alloc_size_t)); typedef PNG_CALLBACK(void, *png_free_ptr, (png_structp, png_voidp)); -/* Section 3: exported functions +/* Section 4: exported functions * Here are the function definitions most commonly used. This is not * the place to find out how to use libpng. See libpng-manual.txt for the * full explanation, see example.c for the summary. This just provides @@ -1407,13 +1275,13 @@ #endif #if defined(PNG_READ_FILLER_SUPPORTED) || defined(PNG_WRITE_FILLER_SUPPORTED) -/* Add a filler byte to 8-bit Gray or 24-bit RGB images. */ +/* Add a filler byte to 8-bit or 16-bit Gray or 24-bit or 48-bit RGB images. */ PNG_EXPORT(39, void, png_set_filler, (png_structrp png_ptr, png_uint_32 filler, int flags)); /* The values of the PNG_FILLER_ defines should NOT be changed */ # define PNG_FILLER_BEFORE 0 # define PNG_FILLER_AFTER 1 -/* Add an alpha byte to 8-bit Gray or 24-bit RGB images. */ +/* Add an alpha byte to 8-bit or 16-bit Gray or 24-bit or 48-bit RGB images. */ PNG_EXPORT(40, void, png_set_add_alpha, (png_structrp png_ptr, png_uint_32 filler, int flags)); #endif /* READ_FILLER || WRITE_FILLER */ @@ -1606,6 +1474,7 @@ #define PNG_CRC_QUIET_USE 4 /* quiet/use data quiet/use data */ #define PNG_CRC_NO_CHANGE 5 /* use current value use current value */ +#ifdef PNG_WRITE_SUPPORTED /* These functions give the user control over the scan-line filtering in * libpng and the compression methods used by zlib. These functions are * mainly useful for testing, as the defaults should work with most users. @@ -1619,6 +1488,7 @@ */ PNG_EXPORT(67, void, png_set_filter, (png_structrp png_ptr, int method, int filters)); +#endif /* WRITE */ /* Flags for png_set_filter() to say which filters to use. The flags * are chosen so that they don't conflict with real filter types @@ -1644,35 +1514,8 @@ #define PNG_FILTER_VALUE_PAETH 4 #define PNG_FILTER_VALUE_LAST 5 -#ifdef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED /* EXPERIMENTAL */ -/* The "heuristic_method" is given by one of the PNG_FILTER_HEURISTIC_ - * defines, either the default (minimum-sum-of-absolute-differences), or - * the experimental method (weighted-minimum-sum-of-absolute-differences). - * - * Weights are factors >= 1.0, indicating how important it is to keep the - * filter type consistent between rows. Larger numbers mean the current - * filter is that many times as likely to be the same as the "num_weights" - * previous filters. This is cumulative for each previous row with a weight. - * There needs to be "num_weights" values in "filter_weights", or it can be - * NULL if the weights aren't being specified. Weights have no influence on - * the selection of the first row filter. Well chosen weights can (in theory) - * improve the compression for a given image. - * - * Costs are factors >= 1.0 indicating the relative decoding costs of a - * filter type. Higher costs indicate more decoding expense, and are - * therefore less likely to be selected over a filter with lower computational - * costs. There needs to be a value in "filter_costs" for each valid filter - * type (given by PNG_FILTER_VALUE_LAST), or it can be NULL if you aren't - * setting the costs. Costs try to improve the speed of decompression without - * unduly increasing the compressed image size. - * - * A negative weight or cost indicates the default value is to be used, and - * values in the range [0.0, 1.0) indicate the value is to remain unchanged. - * The default values for both weights and costs are currently 1.0, but may - * change if good general weighting/cost heuristics can be found. If both - * the weights and costs are set to 1.0, this degenerates the WEIGHTED method - * to the UNWEIGHTED method, but with added encoding time/computation. - */ +#ifdef PNG_WRITE_SUPPORTED +#ifdef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED /* DEPRECATED */ PNG_FP_EXPORT(68, void, png_set_filter_heuristics, (png_structrp png_ptr, int heuristic_method, int num_weights, png_const_doublep filter_weights, png_const_doublep filter_costs)) @@ -1682,15 +1525,12 @@ png_const_fixed_point_p filter_costs)) #endif /* WRITE_WEIGHTED_FILTER */ -/* Heuristic used for row filter selection. These defines should NOT be - * changed. - */ +/* The following are no longer used and will be removed from libpng-1.7: */ #define PNG_FILTER_HEURISTIC_DEFAULT 0 /* Currently "UNWEIGHTED" */ #define PNG_FILTER_HEURISTIC_UNWEIGHTED 1 /* Used by libpng < 0.95 */ #define PNG_FILTER_HEURISTIC_WEIGHTED 2 /* Experimental feature */ #define PNG_FILTER_HEURISTIC_LAST 3 /* Not a valid value */ -#ifdef PNG_WRITE_SUPPORTED /* Set the library compression level. Currently, valid values range from * 0 - 9, corresponding directly to the zlib compression levels 0 - 9 * (0 - no compression, 9 - "maximal" compression). Note that tests have @@ -1698,6 +1538,7 @@ * for PNG images, and do considerably fewer caclulations. In the future, * these values may not correspond directly to the zlib compression levels. */ +#ifdef PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED PNG_EXPORT(69, void, png_set_compression_level, (png_structrp png_ptr, int level)); @@ -1715,7 +1556,7 @@ PNG_EXPORT(73, void, png_set_compression_method, (png_structrp png_ptr, int method)); -#endif +#endif /* WRITE_CUSTOMIZE_COMPRESSION */ #ifdef PNG_WRITE_CUSTOMIZE_ZTXT_COMPRESSION_SUPPORTED /* Also set zlib parameters for compressing non-IDAT chunks */ @@ -1737,6 +1578,7 @@ PNG_EXPORT(226, void, png_set_text_compression_method, (png_structrp png_ptr, int method)); #endif /* WRITE_CUSTOMIZE_ZTXT_COMPRESSION */ +#endif /* WRITE */ /* These next functions are called for input/output, memory, and error * handling. They are in the file pngrio.c, pngwio.c, and pngerror.c, @@ -1847,7 +1689,7 @@ * * The integer return from the callback function is interpreted thus: * - * negative: An error occured, png_chunk_error will be called. + * negative: An error occurred; png_chunk_error will be called. * zero: The chunk was not handled, the chunk will be saved. A critical * chunk will cause an error at this point unless it is to be saved. * positive: The chunk was handled, libpng will ignore/discard it. @@ -2692,26 +2534,28 @@ * (png_uint_16)(alpha) \ + (png_uint_16)(bg)*(png_uint_16)(255 \ - (png_uint_16)(alpha)) + 128); \ - (composite) = (png_byte)((temp + (temp >> 8)) >> 8); } + (composite) = (png_byte)(((temp + (temp >> 8)) >> 8) & 0xff); } # define png_composite_16(composite, fg, alpha, bg) \ { png_uint_32 temp = (png_uint_32)((png_uint_32)(fg) \ * (png_uint_32)(alpha) \ + (png_uint_32)(bg)*(65535 \ - (png_uint_32)(alpha)) + 32768); \ - (composite) = (png_uint_16)((temp + (temp >> 16)) >> 16); } + (composite) = (png_uint_16)(0xffff & ((temp + (temp >> 16)) >> 16)); } #else /* Standard method using integer division */ -# define png_composite(composite, fg, alpha, bg) \ - (composite) = (png_byte)(((png_uint_16)(fg) * (png_uint_16)(alpha) + \ - (png_uint_16)(bg) * (png_uint_16)(255 - (png_uint_16)(alpha)) + \ - 127) / 255) +# define png_composite(composite, fg, alpha, bg) \ + (composite) = \ + (png_byte)(0xff & (((png_uint_16)(fg) * (png_uint_16)(alpha) + \ + (png_uint_16)(bg) * (png_uint_16)(255 - (png_uint_16)(alpha)) + \ + 127) / 255)) # define png_composite_16(composite, fg, alpha, bg) \ - (composite) = (png_uint_16)(((png_uint_32)(fg) * (png_uint_32)(alpha) + \ - (png_uint_32)(bg)*(png_uint_32)(65535 - (png_uint_32)(alpha)) + \ - 32767) / 65535) + (composite) = \ + (png_uint_16)(0xffff & (((png_uint_32)(fg) * (png_uint_32)(alpha) + \ + (png_uint_32)(bg)*(png_uint_32)(65535 - (png_uint_32)(alpha)) + \ + 32767) / 65535)) #endif /* READ_COMPOSITE_NODIV */ #ifdef PNG_READ_INT_FUNCTIONS_SUPPORTED @@ -2762,7 +2606,7 @@ # define PNG_get_int_32(buf) \ ((png_int_32)((*(buf) & 0x80) \ - ? -((png_int_32)((png_get_uint_32(buf) ^ 0xffffffffL) + 1)) \ + ? -((png_int_32)(((png_get_uint_32(buf)^0xffffffffU)+1U)&0x7fffffffU)) \ : (png_int_32)png_get_uint_32(buf))) /* If PNG_PREFIX is defined the same thing as below happens in pnglibconf.h, @@ -2782,10 +2626,17 @@ # endif #endif -#if defined(PNG_SIMPLIFIED_READ_SUPPORTED) || \ - defined(PNG_SIMPLIFIED_WRITE_SUPPORTED) +#ifdef PNG_CHECK_FOR_INVALID_INDEX_SUPPORTED +PNG_EXPORT(242, void, png_set_check_for_invalid_index, + (png_structrp png_ptr, int allowed)); +# ifdef PNG_GET_PALETTE_MAX_SUPPORTED +PNG_EXPORT(243, int, png_get_palette_max, (png_const_structp png_ptr, + png_const_infop info_ptr)); +# endif +#endif /* CHECK_FOR_INVALID_INDEX */ + /******************************************************************************* - * SIMPLIFIED API + * Section 5: SIMPLIFIED API ******************************************************************************* * * Please read the documentation in libpng-manual.txt (TODO: write said @@ -2801,8 +2652,9 @@ * * To read a PNG file using the simplified API: * - * 1) Declare a 'png_image' structure (see below) on the stack and set the - * version field to PNG_IMAGE_VERSION. + * 1) Declare a 'png_image' structure (see below) on the stack, set the + * version field to PNG_IMAGE_VERSION and the 'opaque' pointer to NULL + * (this is REQUIRED, your program may crash if you don't do it.) * 2) Call the appropriate png_image_begin_read... function. * 3) Set the png_image 'format' member to the required sample format. * 4) Allocate a buffer for the image and, if required, the color-map. @@ -2829,6 +2681,9 @@ * when it is being read or defines the in-memory format of an image that you * need to write: */ +#if defined(PNG_SIMPLIFIED_READ_SUPPORTED) || \ + defined(PNG_SIMPLIFIED_WRITE_SUPPORTED) + #define PNG_IMAGE_VERSION 1 typedef struct png_control *png_controlp; @@ -2928,7 +2783,7 @@ * called to read or write the color-map and set the format correctly for the * image data. Do not set the PNG_FORMAT_FLAG_COLORMAP bit directly! * - * NOTE: libpng can be built with particular features disabled, if you see + * NOTE: libpng can be built with particular features disabled. If you see * compiler errors because the definition of one of the following flags has been * compiled out it is because libpng does not have the required support. It is * possible, however, for the libpng configuration to enable the format on just @@ -2940,7 +2795,7 @@ */ #define PNG_FORMAT_FLAG_ALPHA 0x01U /* format with an alpha channel */ #define PNG_FORMAT_FLAG_COLOR 0x02U /* color format: otherwise grayscale */ -#define PNG_FORMAT_FLAG_LINEAR 0x04U /* 2 byte channels else 1 byte */ +#define PNG_FORMAT_FLAG_LINEAR 0x04U /* 2-byte channels else 1-byte */ #define PNG_FORMAT_FLAG_COLORMAP 0x08U /* image data is color-mapped */ #ifdef PNG_FORMAT_BGR_SUPPORTED @@ -3227,9 +3082,11 @@ * * With all APIs row_stride is handled as in the read APIs - it is the spacing * from one row to the next in component sized units (1 or 2 bytes) and if - * negative indicates a bottom-up row layout in the buffer. + * negative indicates a bottom-up row layout in the buffer. If row_stride is zero, + * libpng will calculate it for you from the image width and number of channels. * - * Note that the write API does not support interlacing or sub-8-bit pixels. + * Note that the write API does not support interlacing, sub-8-bit pixels, indexed + * PNG (color_type 3) or most ancillary chunks. */ #endif /* STDIO */ #endif /* SIMPLIFIED_WRITE */ @@ -3238,17 +3095,8 @@ ******************************************************************************/ #endif /* SIMPLIFIED_{READ|WRITE} */ -#ifdef PNG_CHECK_FOR_INVALID_INDEX_SUPPORTED -PNG_EXPORT(242, void, png_set_check_for_invalid_index, - (png_structrp png_ptr, int allowed)); -# ifdef PNG_GET_PALETTE_MAX_SUPPORTED -PNG_EXPORT(243, int, png_get_palette_max, (png_const_structp png_ptr, - png_const_infop info_ptr)); -# endif -#endif /* CHECK_FOR_INVALID_INDEX */ - /******************************************************************************* - * IMPLEMENTATION OPTIONS + * Section 6: IMPLEMENTATION OPTIONS ******************************************************************************* * * Support for arbitrary implementation-specific optimizations. The API allows
--- a/src/share/native/sun/awt/libpng/pngconf.h Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pngconf.h Sat Sep 10 22:36:17 2016 +0100 @@ -29,9 +29,9 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * libpng version 1.6.16,December 22, 2014 + * libpng version 1.6.20, December 3, 2015 * - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -39,9 +39,7 @@ * For conditions of distribution and use, see the disclaimer * and license in png.h * - */ - -/* Any machine specific code is near the front of this file, so if you + * Any machine specific code is near the front of this file, so if you * are configuring libpng for a machine, you may want to read the section * starting here down to where it starts to typedef png_color, png_text, * and png_info. @@ -50,26 +48,6 @@ #ifndef PNGCONF_H #define PNGCONF_H -/* To do: Do all of this in scripts/pnglibconf.dfa */ -#ifdef PNG_SAFE_LIMITS_SUPPORTED -# ifdef PNG_USER_WIDTH_MAX -# undef PNG_USER_WIDTH_MAX -# define PNG_USER_WIDTH_MAX 1000000L -# endif -# ifdef PNG_USER_HEIGHT_MAX -# undef PNG_USER_HEIGHT_MAX -# define PNG_USER_HEIGHT_MAX 1000000L -# endif -# ifdef PNG_USER_CHUNK_MALLOC_MAX -# undef PNG_USER_CHUNK_MALLOC_MAX -# define PNG_USER_CHUNK_MALLOC_MAX 4000000L -# endif -# ifdef PNG_USER_CHUNK_CACHE_MAX -# undef PNG_USER_CHUNK_CACHE_MAX -# define PNG_USER_CHUNK_CACHE_MAX 128 -# endif -#endif - #ifndef PNG_BUILDING_SYMBOL_TABLE /* else includes may cause problems */ /* From libpng 1.6.0 libpng requires an ANSI X3.159-1989 ("ISOC90") compliant C @@ -113,7 +91,7 @@ */ #define PNG_CONST const /* backward compatibility only */ -/* This controls optimization of the reading of 16 and 32 bit values +/* This controls optimization of the reading of 16-bit and 32-bit values * from PNG files. It can be set on a per-app-file basis - it * just changes whether a macro is used when the function is called. * The library builder sets the default; if read functions are not @@ -345,11 +323,11 @@ * table entries, so we discard it here. See the .dfn files in the * scripts directory. */ + #ifndef PNG_EXPORTA - -# define PNG_EXPORTA(ordinal, type, name, args, attributes)\ - PNG_FUNCTION(PNG_EXPORT_TYPE(type),(PNGAPI name),PNGARG(args), \ - extern attributes) +# define PNG_EXPORTA(ordinal, type, name, args, attributes) \ + PNG_FUNCTION(PNG_EXPORT_TYPE(type), (PNGAPI name), PNGARG(args), \ + PNG_LINKAGE_API attributes) #endif /* ANSI-C (C90) does not permit a macro to be invoked with an empty argument, @@ -357,7 +335,7 @@ */ #define PNG_EMPTY /*empty list*/ -#define PNG_EXPORT(ordinal, type, name, args)\ +#define PNG_EXPORT(ordinal, type, name, args) \ PNG_EXPORTA(ordinal, type, name, args, PNG_EMPTY) /* Use PNG_REMOVED to comment out a removed interface. */ @@ -530,7 +508,7 @@ #if CHAR_BIT == 8 && UCHAR_MAX == 255 typedef unsigned char png_byte; #else -# error "libpng requires 8 bit bytes" +# error "libpng requires 8-bit bytes" #endif #if INT_MIN == -32768 && INT_MAX == 32767 @@ -538,7 +516,7 @@ #elif SHRT_MIN == -32768 && SHRT_MAX == 32767 typedef short png_int_16; #else -# error "libpng requires a signed 16 bit type" +# error "libpng requires a signed 16-bit type" #endif #if UINT_MAX == 65535 @@ -546,7 +524,7 @@ #elif USHRT_MAX == 65535 typedef unsigned short png_uint_16; #else -# error "libpng requires an unsigned 16 bit type" +# error "libpng requires an unsigned 16-bit type" #endif #if INT_MIN < -2147483646 && INT_MAX > 2147483646 @@ -554,7 +532,7 @@ #elif LONG_MIN < -2147483646 && LONG_MAX > 2147483646 typedef long int png_int_32; #else -# error "libpng requires a signed 32 bit (or more) type" +# error "libpng requires a signed 32-bit (or more) type" #endif #if UINT_MAX > 4294967294 @@ -562,7 +540,7 @@ #elif ULONG_MAX > 4294967294 typedef unsigned long int png_uint_32; #else -# error "libpng requires an unsigned 32 bit (or more) type" +# error "libpng requires an unsigned 32-bit (or more) type" #endif /* Prior to 1.6.0 it was possible to disable the use of size_t, 1.6.0, however,
--- a/src/share/native/sun/awt/libpng/pngdebug.h Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pngdebug.h Sat Sep 10 22:36:17 2016 +0100 @@ -29,12 +29,11 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * + * Last changed in libpng 1.6.8 [December 19, 2013] * Copyright (c) 1998-2013 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * - * Last changed in libpng 1.6.8 [December 19, 2013] - * * This code is released under the libpng license. * For conditions of distribution and use, see the disclaimer * and license in png.h
--- a/src/share/native/sun/awt/libpng/pngget.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pngget.c Sat Sep 10 22:36:17 2016 +0100 @@ -29,8 +29,8 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Last changed in libpng 1.6.15 [November 20, 2014] - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Last changed in libpng 1.6.17 [March 26, 2015] + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -827,14 +827,20 @@ { png_debug1(1, "in %s retrieval function", "IHDR"); - if (png_ptr == NULL || info_ptr == NULL || width == NULL || - height == NULL || bit_depth == NULL || color_type == NULL) + if (png_ptr == NULL || info_ptr == NULL) return (0); - *width = info_ptr->width; - *height = info_ptr->height; - *bit_depth = info_ptr->bit_depth; - *color_type = info_ptr->color_type; + if (width != NULL) + *width = info_ptr->width; + + if (height != NULL) + *height = info_ptr->height; + + if (bit_depth != NULL) + *bit_depth = info_ptr->bit_depth; + + if (color_type != NULL) + *color_type = info_ptr->color_type; if (compression_type != NULL) *compression_type = info_ptr->compression_type; @@ -1163,21 +1169,21 @@ if (png_ptr == NULL) return 0; -# ifdef PNG_WRITE_SUPPORTED +#ifdef PNG_WRITE_SUPPORTED if ((png_ptr->mode & PNG_IS_READ_STRUCT) != 0) -# endif +#endif { -# ifdef PNG_SEQUENTIAL_READ_SUPPORTED +#ifdef PNG_SEQUENTIAL_READ_SUPPORTED return png_ptr->IDAT_read_size; -# else +#else return PNG_IDAT_READ_SIZE; -# endif +#endif } -# ifdef PNG_WRITE_SUPPORTED +#ifdef PNG_WRITE_SUPPORTED else return png_ptr->zbuffer_size; -# endif +#endif } #ifdef PNG_SET_USER_LIMITS_SUPPORTED
--- a/src/share/native/sun/awt/libpng/pnginfo.h Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pnginfo.h Sat Sep 10 22:36:17 2016 +0100 @@ -29,12 +29,11 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * + * Last changed in libpng 1.6.1 [March 28, 2013] * Copyright (c) 1998-2013 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * - * Last changed in libpng 1.6.1 [March 28, 2013] - * * This code is released under the libpng license. * For conditions of distribution and use, see the disclaimer * and license in png.h
--- a/src/share/native/sun/awt/libpng/pnglibconf.h Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pnglibconf.h Sat Sep 10 22:36:17 2016 +0100 @@ -34,7 +34,7 @@ * file and, per its terms, should not be removed: */ -/* libpng version 1.6.16,December 22, 2014 */ +/* libpng version 1.6.20, December 3, 2015 */ /* Copyright (c) 1998-2014 Glenn Randers-Pehrson */ @@ -129,13 +129,10 @@ #define PNG_READ_tIME_SUPPORTED #define PNG_READ_tRNS_SUPPORTED #define PNG_READ_zTXt_SUPPORTED -/*#undef PNG_SAFE_LIMITS_SUPPORTED*/ /*#undef PNG_SAVE_INT_32_SUPPORTED*/ #define PNG_SAVE_UNKNOWN_CHUNKS_SUPPORTED #define PNG_SEQUENTIAL_READ_SUPPORTED #define PNG_SETJMP_SUPPORTED -#define PNG_SET_CHUNK_CACHE_LIMIT_SUPPORTED -#define PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED #define PNG_SET_OPTION_SUPPORTED #define PNG_SET_UNKNOWN_CHUNKS_SUPPORTED #define PNG_SET_USER_LIMITS_SUPPORTED @@ -161,6 +158,7 @@ /*#undef PNG_WRITE_BGR_SUPPORTED*/ /*#undef PNG_WRITE_CHECK_FOR_INVALID_INDEX_SUPPORTED*/ /*#undef PNG_WRITE_COMPRESSED_TEXT_SUPPORTED*/ +/*#undef PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED*/ /*#undef PNG_WRITE_CUSTOMIZE_ZTXT_COMPRESSION_SUPPORTED*/ /*#undef PNG_WRITE_FILLER_SUPPORTED*/ /*#undef PNG_WRITE_FILTER_SUPPORTED*/ @@ -219,11 +217,14 @@ /* end of options */ /* settings */ #define PNG_API_RULE 0 -#define PNG_COST_SHIFT 3 #define PNG_DEFAULT_READ_MACROS 1 #define PNG_GAMMA_THRESHOLD_FIXED 5000 #define PNG_IDAT_READ_SIZE PNG_ZBUF_SIZE #define PNG_INFLATE_BUF_SIZE 1024 +#define PNG_LINKAGE_API extern +#define PNG_LINKAGE_CALLBACK extern +#define PNG_LINKAGE_DATA extern +#define PNG_LINKAGE_FUNCTION extern #define PNG_MAX_GAMMA_8 11 #define PNG_QUANTIZE_BLUE_BITS 5 #define PNG_QUANTIZE_GREEN_BITS 5 @@ -234,7 +235,6 @@ #define PNG_USER_CHUNK_MALLOC_MAX 0 #define PNG_USER_HEIGHT_MAX 1000000 #define PNG_USER_WIDTH_MAX 1000000 -#define PNG_WEIGHT_SHIFT 8 #define PNG_ZBUF_SIZE 8192 #define PNG_ZLIB_VERNUM 0 #define PNG_Z_DEFAULT_COMPRESSION (-1)
--- a/src/share/native/sun/awt/libpng/pngmem.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pngmem.c Sat Sep 10 22:36:17 2016 +0100 @@ -69,7 +69,7 @@ } /* Allocate memory. For reasonable files, size should never exceed - * 64K. However, zlib may allocate more then 64K if you don't tell + * 64K. However, zlib may allocate more than 64K if you don't tell * it not to. See zconf.h and png.h for more information. zlib does * need to allocate exactly 64K, so whatever you call here must * have the ability to do that. @@ -105,6 +105,9 @@ PNG_UNUSED(png_ptr) #endif + /* Some compilers complain that this is always true. However, it + * can be false when integer overflow happens. + */ if (size > 0 && size <= PNG_SIZE_MAX # ifdef PNG_MAX_MALLOC_64K && size <= 65536U
--- a/src/share/native/sun/awt/libpng/pngpread.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pngpread.c Sat Sep 10 22:36:17 2016 +0100 @@ -29,8 +29,8 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Last changed in libpng 1.6.15 [November 20, 2014] - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Last changed in libpng 1.6.18 [July 23, 2015] + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -47,7 +47,6 @@ #define PNG_READ_SIG_MODE 0 #define PNG_READ_CHUNK_MODE 1 #define PNG_READ_IDAT_MODE 2 -#define PNG_SKIP_MODE 3 #define PNG_READ_tEXt_MODE 4 #define PNG_READ_zTXt_MODE 5 #define PNG_READ_DONE_MODE 6 @@ -106,32 +105,14 @@ png_uint_32 PNGAPI png_process_data_skip(png_structrp png_ptr) { - png_uint_32 remaining = 0; - - if (png_ptr != NULL && png_ptr->process_mode == PNG_SKIP_MODE && - png_ptr->skip_length > 0) - { - /* At the end of png_process_data the buffer size must be 0 (see the loop - * above) so we can detect a broken call here: - */ - if (png_ptr->buffer_size != 0) - png_error(png_ptr, - "png_process_data_skip called inside png_process_data"); - - /* If is impossible for there to be a saved buffer at this point - - * otherwise we could not be in SKIP mode. This will also happen if - * png_process_skip is called inside png_process_data (but only very - * rarely.) - */ - if (png_ptr->save_buffer_size != 0) - png_error(png_ptr, "png_process_data_skip called with saved data"); - - remaining = png_ptr->skip_length; - png_ptr->skip_length = 0; - png_ptr->process_mode = PNG_READ_CHUNK_MODE; - } - - return remaining; + /* TODO: Deprecate and remove this API. + * Somewhere the implementation of this seems to have been lost, + * or abandoned. It was only to support some internal back-door access + * to png_struct) in libpng-1.4.x. + */ + png_app_warning(png_ptr, +"png_process_data_skip is not implemented in any current version of libpng"); + return 0; } /* What we do with the incoming data depends on what we were previously @@ -163,12 +144,6 @@ break; } - case PNG_SKIP_MODE: - { - png_push_crc_finish(png_ptr); - break; - } - default: { png_ptr->buffer_size = 0; @@ -187,7 +162,7 @@ png_push_read_sig(png_structrp png_ptr, png_inforp info_ptr) { png_size_t num_checked = png_ptr->sig_bytes, /* SAFE, does not exceed 8 */ - num_to_check = 8 - num_checked; + num_to_check = 8 - num_checked; if (png_ptr->buffer_size < num_to_check) { @@ -467,69 +442,6 @@ png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER; } -void /* PRIVATE */ -png_push_crc_skip(png_structrp png_ptr, png_uint_32 skip) -{ - png_ptr->process_mode = PNG_SKIP_MODE; - png_ptr->skip_length = skip; -} - -void /* PRIVATE */ -png_push_crc_finish(png_structrp png_ptr) -{ - if (png_ptr->skip_length != 0 && png_ptr->save_buffer_size != 0) - { - png_size_t save_size = png_ptr->save_buffer_size; - png_uint_32 skip_length = png_ptr->skip_length; - - /* We want the smaller of 'skip_length' and 'save_buffer_size', but - * they are of different types and we don't know which variable has the - * fewest bits. Carefully select the smaller and cast it to the type of - * the larger - this cannot overflow. Do not cast in the following test - * - it will break on either 16 or 64 bit platforms. - */ - if (skip_length < save_size) - save_size = (png_size_t)skip_length; - - else - skip_length = (png_uint_32)save_size; - - png_calculate_crc(png_ptr, png_ptr->save_buffer_ptr, save_size); - - png_ptr->skip_length -= skip_length; - png_ptr->buffer_size -= save_size; - png_ptr->save_buffer_size -= save_size; - png_ptr->save_buffer_ptr += save_size; - } - if (png_ptr->skip_length != 0 && png_ptr->current_buffer_size != 0) - { - png_size_t save_size = png_ptr->current_buffer_size; - png_uint_32 skip_length = png_ptr->skip_length; - - /* We want the smaller of 'skip_length' and 'current_buffer_size', here, - * the same problem exists as above and the same solution. - */ - if (skip_length < save_size) - save_size = (png_size_t)skip_length; - - else - skip_length = (png_uint_32)save_size; - - png_calculate_crc(png_ptr, png_ptr->current_buffer_ptr, save_size); - - png_ptr->skip_length -= skip_length; - png_ptr->buffer_size -= save_size; - png_ptr->current_buffer_size -= save_size; - png_ptr->current_buffer_ptr += save_size; - } - if (png_ptr->skip_length == 0) - { - PNG_PUSH_SAVE_BUFFER_IF_LT(4) - png_crc_finish(png_ptr, 0); - png_ptr->process_mode = PNG_READ_CHUNK_MODE; - } -} - void PNGCBAPI png_push_fill_buffer(png_structp png_ptr, png_bytep buffer, png_size_t length) { @@ -612,13 +524,11 @@ if (png_ptr->save_buffer == NULL) { png_free(png_ptr, old_buffer); - old_buffer = NULL; png_error(png_ptr, "Insufficient memory for save_buffer"); } memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size); png_free(png_ptr, old_buffer); - old_buffer = NULL; png_ptr->save_buffer_max = new_max; } if (png_ptr->current_buffer_size) @@ -681,7 +591,7 @@ * are of different types and we don't know which variable has the fewest * bits. Carefully select the smaller and cast it to the type of the * larger - this cannot overflow. Do not cast in the following test - it - * will break on either 16 or 64 bit platforms. + * will break on either 16-bit or 64-bit platforms. */ if (idat_size < save_size) save_size = (png_size_t)idat_size; @@ -724,6 +634,7 @@ png_ptr->current_buffer_size -= save_size; png_ptr->current_buffer_ptr += save_size; } + if (png_ptr->idat_size == 0) { PNG_PUSH_SAVE_BUFFER_IF_LT(4) @@ -754,7 +665,7 @@ * or the stream marked as finished. */ while (png_ptr->zstream.avail_in > 0 && - !(png_ptr->flags & PNG_FLAG_ZSTREAM_ENDED)) + (png_ptr->flags & PNG_FLAG_ZSTREAM_ENDED) == 0) { int ret; @@ -779,7 +690,7 @@ * change the current behavior (see comments in inflate.c * for why this doesn't happen at present with zlib 1.2.5). */ - ret = inflate(&png_ptr->zstream, Z_SYNC_FLUSH); + ret = PNG_INFLATE(png_ptr, Z_SYNC_FLUSH); /* Check for any failure before proceeding. */ if (ret != Z_OK && ret != Z_STREAM_END) @@ -1064,6 +975,7 @@ } } else +#endif { png_push_have_row(png_ptr, png_ptr->row_buf + 1); png_read_push_finish_row(png_ptr); @@ -1073,6 +985,7 @@ void /* PRIVATE */ png_read_push_finish_row(png_structrp png_ptr) { +#ifdef PNG_READ_INTERLACING_SUPPORTED /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */ /* Start of interlace block */ @@ -1097,6 +1010,7 @@ if (png_ptr->row_number < png_ptr->num_rows) return; +#ifdef PNG_READ_INTERLACING_SUPPORTED if (png_ptr->interlaced != 0) { png_ptr->row_number = 0; @@ -1131,6 +1045,7 @@ } while (png_ptr->iwidth == 0 || png_ptr->num_rows == 0); } +#endif /* READ_INTERLACING */ } void /* PRIVATE */ @@ -1155,6 +1070,7 @@ (int)png_ptr->pass); } +#ifdef PNG_READ_INTERLACING_SUPPORTED void PNGAPI png_progressive_combine_row(png_const_structrp png_ptr, png_bytep old_row, png_const_bytep new_row) @@ -1169,6 +1085,7 @@ if (new_row != NULL) png_combine_row(png_ptr, old_row, 1/*blocky display*/); } +#endif /* READ_INTERLACING */ void PNGAPI png_set_progressive_read_fn(png_structrp png_ptr, png_voidp progressive_ptr,
--- a/src/share/native/sun/awt/libpng/pngpriv.h Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pngpriv.h Sat Sep 10 22:36:17 2016 +0100 @@ -29,13 +29,11 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * For conditions of distribution and use, see copyright notice in png.h - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Last changed in libpng 1.6.18 [July 23, 2015] + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * - * Last changed in libpng 1.6.10 [March 6, 1014]] - * * This code is released under the libpng license. * For conditions of distribution and use, see the disclaimer * and license in png.h @@ -148,8 +146,12 @@ * to compile with an appropriate #error if ALIGNED_MEMORY has been turned * off. * - * Note that gcc-4.9 defines __ARM_NEON instead of __ARM_NEON__, so we - * check both variants. + * Note that gcc-4.9 defines __ARM_NEON instead of the deprecated + * __ARM_NEON__, so we check both variants. + * + * To disable ARM_NEON optimizations entirely, and skip compiling the + * associated assembler code, pass --enable-arm-neon=no to configure + * or put -DPNG_ARM_NEON_OPT=0 in CPPFLAGS. */ # if (defined(__ARM_NEON__) || defined(__ARM_NEON)) && \ defined(PNG_ALIGNED_MEMORY_SUPPORTED) @@ -278,17 +280,18 @@ * always be used to declare an extern data or function object in this file. */ #ifndef PNG_INTERNAL_DATA -# define PNG_INTERNAL_DATA(type, name, array) extern type name array +# define PNG_INTERNAL_DATA(type, name, array) PNG_LINKAGE_DATA type name array #endif #ifndef PNG_INTERNAL_FUNCTION # define PNG_INTERNAL_FUNCTION(type, name, args, attributes)\ - extern PNG_FUNCTION(type, name, args, PNG_EMPTY attributes) + PNG_LINKAGE_FUNCTION PNG_FUNCTION(type, name, args, PNG_EMPTY attributes) #endif #ifndef PNG_INTERNAL_CALLBACK # define PNG_INTERNAL_CALLBACK(type, name, args, attributes)\ - extern PNG_FUNCTION(type, (PNGCBAPI name), args, PNG_EMPTY attributes) + PNG_LINKAGE_CALLBACK PNG_FUNCTION(type, (PNGCBAPI name), args,\ + PNG_EMPTY attributes) #endif /* If floating or fixed point APIs are disabled they may still be compiled @@ -326,48 +329,27 @@ # define PNG_DLL_EXPORT #endif +/* This is a global switch to set the compilation for an installed system + * (a release build). It can be set for testing debug builds to ensure that + * they will compile when the build type is switched to RC or STABLE, the + * default is just to use PNG_LIBPNG_BUILD_BASE_TYPE. Set this in CPPFLAGS + * with either: + * + * -DPNG_RELEASE_BUILD Turns on the release compile path + * -DPNG_RELEASE_BUILD=0 Turns it off + * or in your pngusr.h with + * #define PNG_RELEASE_BUILD=1 Turns on the release compile path + * #define PNG_RELEASE_BUILD=0 Turns it off + */ +#ifndef PNG_RELEASE_BUILD +# define PNG_RELEASE_BUILD (PNG_LIBPNG_BUILD_BASE_TYPE >= PNG_LIBPNG_BUILD_RC) +#endif + /* SECURITY and SAFETY: * - * By default libpng is built without any internal limits on image size, - * individual heap (png_malloc) allocations or the total amount of memory used. - * If PNG_SAFE_LIMITS_SUPPORTED is defined, however, the limits below are used - * (unless individually overridden). These limits are believed to be fairly - * safe, but builders of secure systems should verify the values against the - * real system capabilities. - */ -#ifdef PNG_SAFE_LIMITS_SUPPORTED - /* 'safe' limits */ -# ifndef PNG_USER_WIDTH_MAX -# define PNG_USER_WIDTH_MAX 1000000 -# endif -# ifndef PNG_USER_HEIGHT_MAX -# define PNG_USER_HEIGHT_MAX 1000000 -# endif -# ifndef PNG_USER_CHUNK_CACHE_MAX -# define PNG_USER_CHUNK_CACHE_MAX 128 -# endif -# ifndef PNG_USER_CHUNK_MALLOC_MAX -# define PNG_USER_CHUNK_MALLOC_MAX 8000000 -# endif -#else - /* values for no limits */ -# ifndef PNG_USER_WIDTH_MAX -# define PNG_USER_WIDTH_MAX 0x7fffffff -# endif -# ifndef PNG_USER_HEIGHT_MAX -# define PNG_USER_HEIGHT_MAX 0x7fffffff -# endif -# ifndef PNG_USER_CHUNK_CACHE_MAX -# define PNG_USER_CHUNK_CACHE_MAX 0 -# endif -# ifndef PNG_USER_CHUNK_MALLOC_MAX -# define PNG_USER_CHUNK_MALLOC_MAX 0 -# endif -#endif - -/* Moved to pngpriv.h at libpng-1.5.0 */ -/* NOTE: some of these may have been used in external applications as - * these definitions were exposed in pngconf.h prior to 1.5. + * libpng is built with support for internal limits on image dimensions and + * memory usage. These are documented in scripts/pnglibconf.dfa of the + * source and recorded in the machine generated header file pnglibconf.h. */ /* If you are running on a machine where you cannot allocate more @@ -610,21 +592,17 @@ #define PNG_RGB_TO_GRAY_WARN 0x400000 #define PNG_RGB_TO_GRAY 0x600000 /* two bits, RGB_TO_GRAY_ERR|WARN */ #define PNG_ENCODE_ALPHA 0x800000 /* Added to libpng-1.5.4 */ -#define PNG_ADD_ALPHA 0x1000000 /* Added to libpng-1.2.7 */ -#define PNG_EXPAND_tRNS 0x2000000 /* Added to libpng-1.2.9 */ -#define PNG_SCALE_16_TO_8 0x4000000 /* Added to libpng-1.5.4 */ - /* 0x8000000 unused */ - /* 0x10000000 unused */ - /* 0x20000000 unused */ - /* 0x40000000 unused */ +#define PNG_ADD_ALPHA 0x1000000 /* Added to libpng-1.2.7 */ +#define PNG_EXPAND_tRNS 0x2000000 /* Added to libpng-1.2.9 */ +#define PNG_SCALE_16_TO_8 0x4000000 /* Added to libpng-1.5.4 */ + /* 0x8000000 unused */ + /* 0x10000000 unused */ + /* 0x20000000 unused */ + /* 0x40000000 unused */ /* Flags for png_create_struct */ #define PNG_STRUCT_PNG 0x0001 #define PNG_STRUCT_INFO 0x0002 -/* Scaling factor for filter heuristic weighting calculations */ -#define PNG_WEIGHT_FACTOR (1<<(PNG_WEIGHT_SHIFT)) -#define PNG_COST_FACTOR (1<<(PNG_COST_SHIFT)) - /* Flags for the png_ptr->flags rather than declaring a byte for each one */ #define PNG_FLAG_ZLIB_CUSTOM_STRATEGY 0x0001 #define PNG_FLAG_ZSTREAM_INITIALIZED 0x0002 /* Added to libpng-1.6.0 */ @@ -715,7 +693,7 @@ /* The fixed point conversion performs range checking and evaluates * its argument multiple times, so must be used with care. The * range checking uses the PNG specification values for a signed - * 32 bit fixed point value except that the values are deliberately + * 32-bit fixed point value except that the values are deliberately * rounded-to-zero to an integral value - 21474 (21474.83 is roughly * (2^31-1) * 100000). 's' is a string that describes the value being * converted. @@ -808,15 +786,17 @@ * macro will fail on top-bit-set values because of the sign extension. */ #define PNG_CHUNK_FROM_STRING(s)\ - PNG_U32(0xff&(s)[0], 0xff&(s)[1], 0xff&(s)[2], 0xff&(s)[3]) + PNG_U32(0xff & (s)[0], 0xff & (s)[1], 0xff & (s)[2], 0xff & (s)[3]) /* This uses (char), not (png_byte) to avoid warnings on systems where (char) is * signed and the argument is a (char[]) This macro will fail miserably on * systems where (char) is more than 8 bits. */ #define PNG_STRING_FROM_CHUNK(s,c)\ - (void)(((char*)(s))[0]=(char)((c)>>24), ((char*)(s))[1]=(char)((c)>>16),\ - ((char*)(s))[2]=(char)((c)>>8), ((char*)(s))[3]=(char)((c))) + (void)(((char*)(s))[0]=(char)(((c)>>24) & 0xff), \ + ((char*)(s))[1]=(char)(((c)>>16) & 0xff),\ + ((char*)(s))[2]=(char)(((c)>>8) & 0xff), \ + ((char*)(s))[3]=(char)((c & 0xff))) /* Do the same but terminate with a null character. */ #define PNG_CSTRING_FROM_CHUNK(s,c)\ @@ -860,7 +840,7 @@ */ #endif -/* This is used for 16 bit gamma tables -- only the top level pointers are +/* This is used for 16-bit gamma tables -- only the top level pointers are * const; this could be changed: */ typedef const png_uint_16p * png_const_uint_16pp; @@ -878,8 +858,9 @@ PNG_INTERNAL_DATA(const png_uint_16, png_sRGB_base, [512]); PNG_INTERNAL_DATA(const png_byte, png_sRGB_delta, [512]); -#define PNG_sRGB_FROM_LINEAR(linear) ((png_byte)((png_sRGB_base[(linear)>>15] +\ - ((((linear)&0x7fff)*png_sRGB_delta[(linear)>>15])>>12)) >> 8)) +#define PNG_sRGB_FROM_LINEAR(linear) \ + ((png_byte)(0xff & ((png_sRGB_base[(linear)>>15] \ + + ((((linear) & 0x7fff)*png_sRGB_delta[(linear)>>15])>>12)) >> 8))) /* Given a value 'linear' in the range 0..255*65535 calculate the 8-bit sRGB * encoded value with maximum error 0.646365. Note that the input is not a * 16-bit value; it has been multiplied by 255! */ @@ -1262,6 +1243,14 @@ /* Initialize the row buffers, etc. */ PNG_INTERNAL_FUNCTION(void,png_read_start_row,(png_structrp png_ptr),PNG_EMPTY); +#if PNG_ZLIB_VERNUM >= 0x1240 +PNG_INTERNAL_FUNCTION(int,png_zlib_inflate,(png_structrp png_ptr, int flush), + PNG_EMPTY); +# define PNG_INFLATE(pp, flush) png_zlib_inflate(pp, flush) +#else /* Zlib < 1.2.4 */ +# define PNG_INFLATE(pp, flush) inflate(&(pp)->zstream, flush) +#endif /* Zlib < 1.2.4 */ + #ifdef PNG_READ_TRANSFORMS_SUPPORTED /* Optional call to update the users info structure */ PNG_INTERNAL_FUNCTION(void,png_read_transform_info,(png_structrp png_ptr, @@ -1436,10 +1425,6 @@ PNG_INTERNAL_FUNCTION(void,png_push_read_sig,(png_structrp png_ptr, png_inforp info_ptr),PNG_EMPTY); PNG_INTERNAL_FUNCTION(void,png_push_check_crc,(png_structrp png_ptr),PNG_EMPTY); -PNG_INTERNAL_FUNCTION(void,png_push_crc_skip,(png_structrp png_ptr, - png_uint_32 length),PNG_EMPTY); -PNG_INTERNAL_FUNCTION(void,png_push_crc_finish,(png_structrp png_ptr), - PNG_EMPTY); PNG_INTERNAL_FUNCTION(void,png_push_save_buffer,(png_structrp png_ptr), PNG_EMPTY); PNG_INTERNAL_FUNCTION(void,png_push_restore_buffer,(png_structrp png_ptr,
--- a/src/share/native/sun/awt/libpng/pngread.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pngread.c Sat Sep 10 22:36:17 2016 +0100 @@ -29,8 +29,8 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Last changed in libpng 1.6.15 [November 20, 2014] - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Last changed in libpng 1.6.17 [March 26, 2015] + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -91,7 +91,7 @@ /* In stable builds only warn if an application error can be completely * handled. */ -# if PNG_LIBPNG_BUILD_BASE_TYPE >= PNG_LIBPNG_BUILD_RC +# if PNG_RELEASE_BUILD png_ptr->flags |= PNG_FLAG_APP_WARNINGS_WARN; # endif # endif @@ -842,8 +842,7 @@ /* Zero length IDATs are legal after the last IDAT has been * read, but not after other chunks have been read. */ - if ((length > 0) || - (png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT) != 0) + if ((length > 0) || (png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT) != 0) png_benign_error(png_ptr, "Too many IDATs found"); png_crc_finish(png_ptr, length); @@ -1072,9 +1071,9 @@ /* Tell libpng to strip 16-bit/color files down to 8 bits per color. */ if ((transforms & PNG_TRANSFORM_SCALE_16) != 0) - /* Added at libpng-1.5.4. "strip_16" produces the same result that it - * did in earlier versions, while "scale_16" is now more accurate. - */ + /* Added at libpng-1.5.4. "strip_16" produces the same result that it + * did in earlier versions, while "scale_16" is now more accurate. + */ #ifdef PNG_READ_SCALE_16_TO_8_SUPPORTED png_set_scale_16(png_ptr); #else @@ -1238,7 +1237,7 @@ for (iptr = 0; iptr < info_ptr->height; iptr++) info_ptr->row_pointers[iptr] = png_voidcast(png_bytep, - png_malloc(png_ptr, info_ptr->rowbytes)); + png_malloc(png_ptr, info_ptr->rowbytes)); } png_read_image(png_ptr, info_ptr->row_pointers); @@ -1712,10 +1711,11 @@ value *= 257; break; +#ifdef __GNUC__ default: png_error(display->image->opaque->png_ptr, "unexpected encoding (internal error)"); - break; +#endif } return value; @@ -1852,6 +1852,7 @@ y = (y + 128) >> 8; y *= 255; y = PNG_sRGB_FROM_LINEAR((y + 64) >> 7); + alpha = PNG_DIV257(alpha); encoding = P_sRGB; } @@ -2314,8 +2315,14 @@ output_processing = PNG_CMAP_NONE; break; } - +#ifdef __COVERITY__ + /* Coverity claims that output_encoding cannot be 2 (P_LINEAR) + * here. + */ + back_alpha = 255; +#else back_alpha = output_encoding == P_LINEAR ? 65535 : 255; +#endif } /* output_processing means that the libpng-processed row will be @@ -2440,7 +2447,14 @@ */ background_index = i; png_create_colormap_entry(display, i++, back_r, back_g, back_b, - output_encoding == P_LINEAR ? 65535U : 255U, output_encoding); +#ifdef __COVERITY__ + /* Coverity claims that output_encoding cannot be 2 (P_LINEAR) + * here. + */ 255U, +#else + output_encoding == P_LINEAR ? 65535U : 255U, +#endif + output_encoding); /* For non-opaque input composite on the sRGB background - this * requires inverting the encoding for each component. The input @@ -2852,7 +2866,6 @@ default: png_error(png_ptr, "invalid PNG color type"); /*NOT REACHED*/ - break; } /* Now deal with the output processing */ @@ -2862,10 +2875,6 @@ switch (data_encoding) { - default: - png_error(png_ptr, "bad data option (internal error)"); - break; - case P_sRGB: /* Change to 8-bit sRGB */ png_set_alpha_mode_fixed(png_ptr, PNG_ALPHA_PNG, PNG_GAMMA_sRGB); @@ -2875,6 +2884,11 @@ if (png_ptr->bit_depth > 8) png_set_scale_16(png_ptr); break; + +#ifdef __GNUC__ + default: + png_error(png_ptr, "bad data option (internal error)"); +#endif } if (cmap_entries > 256 || cmap_entries > image->colormap_entries) @@ -3274,7 +3288,7 @@ png_uint_32 width = image->width; ptrdiff_t step_row = display->row_bytes; unsigned int channels = - (image->format & PNG_FORMAT_FLAG_COLOR) != 0 ? 3 : 1; + (image->format & PNG_FORMAT_FLAG_COLOR) != 0 ? 3 : 1; int pass; for (pass = 0; pass < passes; ++pass) @@ -3425,10 +3439,6 @@ */ switch (info_ptr->bit_depth) { - default: - png_error(png_ptr, "unexpected bit depth"); - break; - case 8: /* 8-bit sRGB gray values with an alpha channel; the alpha channel is * to be removed by composing on a background: either the row if @@ -3646,6 +3656,11 @@ } } break; + +#ifdef __GNUC__ + default: + png_error(png_ptr, "unexpected bit depth"); +#endif } return 1;
--- a/src/share/native/sun/awt/libpng/pngrio.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pngrio.c Sat Sep 10 22:36:17 2016 +0100 @@ -29,8 +29,8 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Last changed in libpng 1.6.15 [November 20, 2014] - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Last changed in libpng 1.6.17 [March 26, 2015] + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -54,7 +54,7 @@ * reads from a file pointer. Note that this routine sometimes gets called * with very small lengths, so you should implement some kind of simple * buffering if you are using unbuffered reads. This should never be asked - * to read more then 64K on a 16 bit machine. + * to read more than 64K on a 16-bit machine. */ void /* PRIVATE */ png_read_data(png_structrp png_ptr, png_bytep data, png_size_t length)
--- a/src/share/native/sun/awt/libpng/pngrtran.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pngrtran.c Sat Sep 10 22:36:17 2016 +0100 @@ -29,8 +29,8 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Last changed in libpng 1.6.15 [November 20, 2014] - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Last changed in libpng 1.6.19 [November 12, 2015] + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -422,7 +422,7 @@ /* Dither file to 8-bit. Supply a palette, the current number * of elements in the palette, the maximum number of elements * allowed, and a histogram if possible. If the current number - * of colors is greater then the maximum number, the palette will be + * of colors is greater than the maximum number, the palette will be * modified to fit in the maximum number. "full_quantize" indicates * whether we need a quantizing cube set up for RGB images, or if we * simply are reducing the number of colors in a paletted image. @@ -1004,7 +1004,6 @@ default: png_error(png_ptr, "invalid error action to rgb_to_gray"); - break; } if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) @@ -2025,7 +2024,7 @@ # endif # else - /* No 16 bit support: force chopping 16-bit input down to 8, in this case + /* No 16-bit support: force chopping 16-bit input down to 8, in this case * the app program can chose if both APIs are available by setting the * correct scaling to use. */ @@ -2126,10 +2125,10 @@ defined(PNG_READ_USER_TRANSFORM_SUPPORTED) if ((png_ptr->transformations & PNG_USER_TRANSFORM) != 0) { - if (info_ptr->bit_depth < png_ptr->user_transform_depth) + if (png_ptr->user_transform_depth != 0) info_ptr->bit_depth = png_ptr->user_transform_depth; - if (info_ptr->channels < png_ptr->user_transform_channels) + if (png_ptr->user_transform_channels != 0) info_ptr->channels = png_ptr->user_transform_channels; } #endif @@ -2385,7 +2384,7 @@ if (++channel >= channels) channel = 0; *bp++ = (png_byte)(value >> 8); - *bp++ = (png_byte)(value & 0xff); + *bp++ = (png_byte)value; } break; } @@ -2410,8 +2409,8 @@ while (sp < ep) { - /* The input is an array of 16 bit components, these must be scaled to - * 8 bits each. For a 16 bit value V the required value (from the PNG + /* The input is an array of 16-bit components, these must be scaled to + * 8 bits each. For a 16-bit value V the required value (from the PNG * specification) is: * * (V * 255) / 65535 @@ -2432,7 +2431,7 @@ * * The approximate differs from the exact answer only when (vlo-vhi) is * 128; it then gives a correction of +1 when the exact correction is - * 0. This gives 128 errors. The exact answer (correct for all 16 bit + * 0. This gives 128 errors. The exact answer (correct for all 16-bit * input values) is: * * error = (vlo-vhi+128)*65535 >> 24; @@ -2690,9 +2689,9 @@ png_uint_32 row_width = row_info->width; #ifdef PNG_READ_16BIT_SUPPORTED - png_byte hi_filler = (png_byte)((filler>>8) & 0xff); + png_byte hi_filler = (png_byte)(filler>>8); #endif - png_byte lo_filler = (png_byte)(filler & 0xff); + png_byte lo_filler = (png_byte)filler; png_debug(1, "in png_do_read_filler"); @@ -2743,13 +2742,13 @@ png_bytep dp = sp + (png_size_t)row_width * 2; for (i = 1; i < row_width; i++) { + *(--dp) = lo_filler; *(--dp) = hi_filler; - *(--dp) = lo_filler; *(--dp) = *(--sp); *(--dp) = *(--sp); } + *(--dp) = lo_filler; *(--dp) = hi_filler; - *(--dp) = lo_filler; row_info->channels = 2; row_info->pixel_depth = 32; row_info->rowbytes = row_width * 4; @@ -2764,8 +2763,8 @@ { *(--dp) = *(--sp); *(--dp) = *(--sp); + *(--dp) = lo_filler; *(--dp) = hi_filler; - *(--dp) = lo_filler; } row_info->channels = 2; row_info->pixel_depth = 32; @@ -2824,8 +2823,8 @@ png_bytep dp = sp + (png_size_t)row_width * 2; for (i = 1; i < row_width; i++) { + *(--dp) = lo_filler; *(--dp) = hi_filler; - *(--dp) = lo_filler; *(--dp) = *(--sp); *(--dp) = *(--sp); *(--dp) = *(--sp); @@ -2833,8 +2832,8 @@ *(--dp) = *(--sp); *(--dp) = *(--sp); } + *(--dp) = lo_filler; *(--dp) = hi_filler; - *(--dp) = lo_filler; row_info->channels = 4; row_info->pixel_depth = 64; row_info->rowbytes = row_width * 8; @@ -2853,8 +2852,8 @@ *(--dp) = *(--sp); *(--dp) = *(--sp); *(--dp) = *(--sp); + *(--dp) = lo_filler; *(--dp) = hi_filler; - *(--dp) = lo_filler; } row_info->channels = 4; @@ -3115,10 +3114,11 @@ for (i = 0; i < row_width; i++) { png_uint_16 red, green, blue, w; - - red = (png_uint_16)(((*(sp)) << 8) | *(sp + 1)); sp += 2; - green = (png_uint_16)(((*(sp)) << 8) | *(sp + 1)); sp += 2; - blue = (png_uint_16)(((*(sp)) << 8) | *(sp + 1)); sp += 2; + png_byte hi,lo; + + hi=*(sp)++; lo=*(sp)++; red = (png_uint_16)((hi << 8) | (lo)); + hi=*(sp)++; lo=*(sp)++; green = (png_uint_16)((hi << 8) | (lo)); + hi=*(sp)++; lo=*(sp)++; blue = (png_uint_16)((hi << 8) | (lo)); if (red == green && red == blue) { @@ -3132,16 +3132,16 @@ else { - png_uint_16 red_1 = png_ptr->gamma_16_to_1[(red&0xff) + png_uint_16 red_1 = png_ptr->gamma_16_to_1[(red & 0xff) >> png_ptr->gamma_shift][red>>8]; png_uint_16 green_1 = - png_ptr->gamma_16_to_1[(green&0xff) >> + png_ptr->gamma_16_to_1[(green & 0xff) >> png_ptr->gamma_shift][green>>8]; - png_uint_16 blue_1 = png_ptr->gamma_16_to_1[(blue&0xff) + png_uint_16 blue_1 = png_ptr->gamma_16_to_1[(blue & 0xff) >> png_ptr->gamma_shift][blue>>8]; png_uint_16 gray16 = (png_uint_16)((rc*red_1 + gc*green_1 + bc*blue_1 + 16384)>>15); - w = png_ptr->gamma_16_from_1[(gray16&0xff) >> + w = png_ptr->gamma_16_from_1[(gray16 & 0xff) >> png_ptr->gamma_shift][gray16 >> 8]; rgb_error |= 1; } @@ -3166,17 +3166,18 @@ for (i = 0; i < row_width; i++) { png_uint_16 red, green, blue, gray16; - - red = (png_uint_16)(((*(sp)) << 8) | *(sp + 1)); sp += 2; - green = (png_uint_16)(((*(sp)) << 8) | *(sp + 1)); sp += 2; - blue = (png_uint_16)(((*(sp)) << 8) | *(sp + 1)); sp += 2; + png_byte hi,lo; + + hi=*(sp)++; lo=*(sp)++; red = (png_uint_16)((hi << 8) | (lo)); + hi=*(sp)++; lo=*(sp)++; green = (png_uint_16)((hi << 8) | (lo)); + hi=*(sp)++; lo=*(sp)++; blue = (png_uint_16)((hi << 8) | (lo)); if (red != green || red != blue) rgb_error |= 1; - /* From 1.5.5 in the 16 bit case do the accurate conversion even + /* From 1.5.5 in the 16-bit case do the accurate conversion even * in the 'fast' case - this is because this is where the code - * ends up when handling linear 16 bit data. + * ends up when handling linear 16-bit data. */ gray16 = (png_uint_16)((rc*red + gc*green + bc*blue + 16384) >> 15); @@ -3341,7 +3342,7 @@ if ((png_uint_16)((*sp >> shift) & 0x0f) == png_ptr->trans_color.gray) { - unsigned int tmp = *sp & (0xf0f >> (4 - shift)); + unsigned int tmp = *sp & (0x0f0f >> (4 - shift)); tmp |= png_ptr->background.gray << shift; *sp = (png_byte)(tmp & 0xff); } @@ -3351,7 +3352,7 @@ unsigned int p = (*sp >> shift) & 0x0f; unsigned int g = (gamma_table[p | (p << 4)] >> 4) & 0x0f; - unsigned int tmp = *sp & (0xf0f >> (4 - shift)); + unsigned int tmp = *sp & (0x0f0f >> (4 - shift)); tmp |= g << shift; *sp = (png_byte)(tmp & 0xff); } @@ -3377,7 +3378,7 @@ if ((png_uint_16)((*sp >> shift) & 0x0f) == png_ptr->trans_color.gray) { - unsigned int tmp = *sp & (0xf0f >> (4 - shift)); + unsigned int tmp = *sp & (0x0f0f >> (4 - shift)); tmp |= png_ptr->background.gray << shift; *sp = (png_byte)(tmp & 0xff); } @@ -3695,7 +3696,8 @@ if (optimize != 0) w = v; else - w = gamma_16_from_1[(v&0xff) >> gamma_shift][v >> 8]; + w = gamma_16_from_1[(v & 0xff) >> + gamma_shift][v >> 8]; *sp = (png_byte)((w >> 8) & 0xff); *(sp + 1) = (png_byte)(w & 0xff); } @@ -3859,7 +3861,7 @@ v = gamma_16_to_1[*(sp + 1) >> gamma_shift][*sp]; png_composite_16(w, v, a, png_ptr->background_1.red); if (optimize == 0) - w = gamma_16_from_1[((w&0xff) >> gamma_shift)][w >> + w = gamma_16_from_1[((w & 0xff) >> gamma_shift)][w >> 8]; *sp = (png_byte)((w >> 8) & 0xff); *(sp + 1) = (png_byte)(w & 0xff); @@ -3867,7 +3869,7 @@ v = gamma_16_to_1[*(sp + 3) >> gamma_shift][*(sp + 2)]; png_composite_16(w, v, a, png_ptr->background_1.green); if (optimize == 0) - w = gamma_16_from_1[((w&0xff) >> gamma_shift)][w >> + w = gamma_16_from_1[((w & 0xff) >> gamma_shift)][w >> 8]; *(sp + 2) = (png_byte)((w >> 8) & 0xff); @@ -3876,7 +3878,7 @@ v = gamma_16_to_1[*(sp + 5) >> gamma_shift][*(sp + 4)]; png_composite_16(w, v, a, png_ptr->background_1.blue); if (optimize == 0) - w = gamma_16_from_1[((w&0xff) >> gamma_shift)][w >> + w = gamma_16_from_1[((w & 0xff) >> gamma_shift)][w >> 8]; *(sp + 4) = (png_byte)((w >> 8) & 0xff); @@ -4485,7 +4487,7 @@ for (i = 0; i < row_width; i++) { - if (*sp == gray) + if ((*sp & 0xffU) == gray) *dp-- = 0; else @@ -4503,7 +4505,8 @@ dp = row + (row_info->rowbytes << 1) - 1; for (i = 0; i < row_width; i++) { - if (*(sp - 1) == gray_high && *(sp) == gray_low) + if ((*(sp - 1) & 0xffU) == gray_high && + (*(sp) & 0xffU) == gray_low) { *dp-- = 0; *dp-- = 0; @@ -4865,7 +4868,7 @@ /* Because PNG_COMPOSE does the gamma transform if there is something to * do (if there is an alpha channel or transparency.) */ - !((png_ptr->transformations & PNG_COMPOSE) && + !((png_ptr->transformations & PNG_COMPOSE) != 0 && ((png_ptr->num_trans != 0) || (png_ptr->color_type & PNG_COLOR_MASK_ALPHA) != 0)) && #endif
--- a/src/share/native/sun/awt/libpng/pngrutil.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pngrutil.c Sat Sep 10 22:36:17 2016 +0100 @@ -29,8 +29,8 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Last changed in libpng 1.6.15 [November 20, 2014] - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Last changed in libpng 1.6.20 [December 3, 2015] + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -117,7 +117,13 @@ return uval; uval = (uval ^ 0xffffffff) + 1; /* 2's complement: -x = ~x+1 */ - return -(png_int_32)uval; + if ((uval & 0x80000000) == 0) /* no overflow */ + return -(png_int_32)uval; + /* The following has to be safe; this function only gets called on PNG data + * and if we get here that data is invalid. 0 is the most safe value and + * if not then an attacker would surely just generate a PNG with 0 instead. + */ + return 0; } /* Grab an unsigned 16-bit integer from a buffer in big-endian format. */ @@ -126,7 +132,7 @@ { /* ANSI-C requires an int value to accomodate at least 16 bits so this * works and allows the compiler not to worry about possible narrowing - * on 32 bit systems. (Pre-ANSI systems did not make integers smaller + * on 32-bit systems. (Pre-ANSI systems did not make integers smaller * than 16 bits either.) */ unsigned int val = @@ -369,7 +375,7 @@ * are minimal. */ (void)png_safecat(msg, (sizeof msg), 4, " using zstream"); -#if PNG_LIBPNG_BUILD_BASE_TYPE >= PNG_LIBPNG_BUILD_RC +#if PNG_RELEASE_BUILD png_chunk_warning(png_ptr, msg); png_ptr->zowner = 0; #else @@ -399,10 +405,16 @@ if (((png_ptr->options >> PNG_MAXIMUM_INFLATE_WINDOW) & 3) == PNG_OPTION_ON) + { window_bits = 15; + png_ptr->zstream_start = 0; /* fixed window size */ + } else + { window_bits = 0; + png_ptr->zstream_start = 1; + } # else # define window_bits 0 # endif @@ -451,6 +463,31 @@ #endif } +#if PNG_ZLIB_VERNUM >= 0x1240 +/* Handle the start of the inflate stream if we called inflateInit2(strm,0); + * in this case some zlib versions skip validation of the CINFO field and, in + * certain circumstances, libpng may end up displaying an invalid image, in + * contrast to implementations that call zlib in the normal way (e.g. libpng + * 1.5). + */ +int /* PRIVATE */ +png_zlib_inflate(png_structrp png_ptr, int flush) +{ + if (png_ptr->zstream_start && png_ptr->zstream.avail_in > 0) + { + if ((*png_ptr->zstream.next_in >> 4) > 7) + { + png_ptr->zstream.msg = "invalid window size (libpng)"; + return Z_DATA_ERROR; + } + + png_ptr->zstream_start = 0; + } + + return inflate(&png_ptr->zstream, flush); +} +#endif /* Zlib >= 1.2.4 */ + #ifdef PNG_READ_COMPRESSED_TEXT_SUPPORTED /* png_inflate now returns zlib error codes including Z_OK and Z_STREAM_END to * allow the caller to do multiple calls if required. If the 'finish' flag is @@ -544,7 +581,7 @@ * the previous chunk of input data. Tell zlib if we have reached the * end of the output buffer. */ - ret = inflate(&png_ptr->zstream, avail_out > 0 ? Z_NO_FLUSH : + ret = PNG_INFLATE(png_ptr, avail_out > 0 ? Z_NO_FLUSH : (finish ? Z_FINISH : Z_SYNC_FLUSH)); } while (ret == Z_OK); @@ -603,7 +640,7 @@ */ png_alloc_size_t limit = PNG_SIZE_MAX; -# ifdef PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED +# ifdef PNG_SET_USER_LIMITS_SUPPORTED if (png_ptr->user_chunk_malloc_max > 0 && png_ptr->user_chunk_malloc_max < limit) limit = png_ptr->user_chunk_malloc_max; @@ -698,7 +735,6 @@ * success) */ png_free(png_ptr, text); - text = NULL; /* This really is very benign, but it's still an error because * the extra space may otherwise be used as a Trojan Horse. @@ -794,7 +830,7 @@ * the available output is produced; this allows reading of truncated * streams. */ - ret = inflate(&png_ptr->zstream, + ret = PNG_INFLATE(png_ptr, *chunk_bytes > 0 ? Z_NO_FLUSH : (finish ? Z_FINISH : Z_SYNC_FLUSH)); } while (ret == Z_OK && (*out_size > 0 || png_ptr->zstream.avail_out > 0)); @@ -895,7 +931,7 @@ png_handle_PLTE(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) { png_color palette[PNG_MAX_PALETTE_LENGTH]; - int num, i; + int max_palette_length, num, i; #ifdef PNG_POINTER_INDEXING_SUPPORTED png_colorp pal_ptr; #endif @@ -956,6 +992,19 @@ /* The cast is safe because 'length' is less than 3*PNG_MAX_PALETTE_LENGTH */ num = (int)length / 3; + /* If the palette has 256 or fewer entries but is too large for the bit + * depth, we don't issue an error, to preserve the behavior of previous + * libpng versions. We silently truncate the unused extra palette entries + * here. + */ + if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) + max_palette_length = (1 << png_ptr->bit_depth); + else + max_palette_length = PNG_MAX_PALETTE_LENGTH; + + if (num > max_palette_length) + num = max_palette_length; + #ifdef PNG_POINTER_INDEXING_SUPPORTED for (i = 0, pal_ptr = palette; i < num; i++, pal_ptr++) { @@ -988,7 +1037,7 @@ if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) #endif { - png_crc_finish(png_ptr, 0); + png_crc_finish(png_ptr, (int) length - num * 3); } #ifndef PNG_READ_OPT_PLTE_SUPPORTED @@ -1175,11 +1224,13 @@ return; for (i=0; i<truelen; ++i) + { if (buf[i] == 0 || buf[i] > sample_depth) { png_chunk_benign_error(png_ptr, "invalid"); return; } + } if ((png_ptr->color_type & PNG_COLOR_MASK_COLOR) != 0) { @@ -1490,10 +1541,10 @@ finished = 1; # ifdef PNG_sRGB_SUPPORTED - /* Check for a match against sRGB */ - png_icc_set_sRGB(png_ptr, - &png_ptr->colorspace, profile, - png_ptr->zstream.adler); + /* Check for a match against sRGB */ + png_icc_set_sRGB(png_ptr, + &png_ptr->colorspace, profile, + png_ptr->zstream.adler); # endif /* Steal the profile for info_ptr. */ @@ -1543,8 +1594,10 @@ else if (size > 0) errmsg = "truncated"; +#ifndef __COVERITY__ else errmsg = png_ptr->zstream.msg; +#endif } /* else png_icc_check_tag_table output an error */ @@ -1676,7 +1729,7 @@ ++entry_start; /* A sample depth should follow the separator, and we should be on it */ - if (entry_start > buffer + length - 2) + if (length < 2U || entry_start > buffer + (length - 2U)) { png_warning(png_ptr, "malformed sPLT chunk"); return; @@ -1701,8 +1754,8 @@ if (dl > max_dl) { - png_warning(png_ptr, "sPLT chunk too long"); - return; + png_warning(png_ptr, "sPLT chunk too long"); + return; } new_palette.nentries = (png_int_32)(data_length / entry_size); @@ -1712,8 +1765,8 @@ if (new_palette.entries == NULL) { - png_warning(png_ptr, "sPLT chunk requires too much memory"); - return; + png_warning(png_ptr, "sPLT chunk requires too much memory"); + return; } #ifdef PNG_POINTER_INDEXING_SUPPORTED @@ -1843,7 +1896,8 @@ return; } - if (length > png_ptr->num_palette || length > PNG_MAX_PALETTE_LENGTH || + if (length > (unsigned int) png_ptr->num_palette || + length > (unsigned int) PNG_MAX_PALETTE_LENGTH || length == 0) { png_crc_finish(png_ptr, length); @@ -2006,7 +2060,8 @@ num = length / 2 ; - if (num != png_ptr->num_palette || num > PNG_MAX_PALETTE_LENGTH) + if (num != (unsigned int) png_ptr->num_palette || + num > (unsigned int) PNG_MAX_PALETTE_LENGTH) { png_crc_finish(png_ptr, length); png_chunk_benign_error(png_ptr, "invalid"); @@ -2178,7 +2233,7 @@ /* We need to have at least 12 bytes after the purpose string * in order to get the parameter information. */ - if (endptr <= buf + 12) + if (endptr - buf <= 12) { png_chunk_benign_error(png_ptr, "invalid"); return; @@ -2741,14 +2796,14 @@ png_ptr->unknown_chunk.data = NULL; } -# ifdef PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED - if (png_ptr->user_chunk_malloc_max > 0 && - png_ptr->user_chunk_malloc_max < limit) - limit = png_ptr->user_chunk_malloc_max; +# ifdef PNG_SET_USER_LIMITS_SUPPORTED + if (png_ptr->user_chunk_malloc_max > 0 && + png_ptr->user_chunk_malloc_max < limit) + limit = png_ptr->user_chunk_malloc_max; # elif PNG_USER_CHUNK_MALLOC_MAX > 0 - if (PNG_USER_CHUNK_MALLOC_MAX < limit) - limit = PNG_USER_CHUNK_MALLOC_MAX; + if (PNG_USER_CHUNK_MALLOC_MAX < limit) + limit = PNG_USER_CHUNK_MALLOC_MAX; # endif if (length <= limit) @@ -2811,7 +2866,7 @@ */ # ifndef PNG_HANDLE_AS_UNKNOWN_SUPPORTED # ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED - keep = png_chunk_unknown_handling(png_ptr, png_ptr->chunk_name); + keep = png_chunk_unknown_handling(png_ptr, png_ptr->chunk_name); # endif # endif @@ -2820,153 +2875,153 @@ * PNG_READ_UNKNOWN_CHUNKS_SUPPORTED) */ # ifdef PNG_READ_USER_CHUNKS_SUPPORTED - /* The user callback takes precedence over the chunk keep value, but the - * keep value is still required to validate a save of a critical chunk. - */ - if (png_ptr->read_user_chunk_fn != NULL) + /* The user callback takes precedence over the chunk keep value, but the + * keep value is still required to validate a save of a critical chunk. + */ + if (png_ptr->read_user_chunk_fn != NULL) + { + if (png_cache_unknown_chunk(png_ptr, length) != 0) { - if (png_cache_unknown_chunk(png_ptr, length) != 0) + /* Callback to user unknown chunk handler */ + int ret = (*(png_ptr->read_user_chunk_fn))(png_ptr, + &png_ptr->unknown_chunk); + + /* ret is: + * negative: An error occurred; png_chunk_error will be called. + * zero: The chunk was not handled, the chunk will be discarded + * unless png_set_keep_unknown_chunks has been used to set + * a 'keep' behavior for this particular chunk, in which + * case that will be used. A critical chunk will cause an + * error at this point unless it is to be saved. + * positive: The chunk was handled, libpng will ignore/discard it. + */ + if (ret < 0) + png_chunk_error(png_ptr, "error in user chunk"); + + else if (ret == 0) { - /* Callback to user unknown chunk handler */ - int ret = (*(png_ptr->read_user_chunk_fn))(png_ptr, - &png_ptr->unknown_chunk); - - /* ret is: - * negative: An error occured, png_chunk_error will be called. - * zero: The chunk was not handled, the chunk will be discarded - * unless png_set_keep_unknown_chunks has been used to set - * a 'keep' behavior for this particular chunk, in which - * case that will be used. A critical chunk will cause an - * error at this point unless it is to be saved. - * positive: The chunk was handled, libpng will ignore/discard it. + /* If the keep value is 'default' or 'never' override it, but + * still error out on critical chunks unless the keep value is + * 'always' While this is weird it is the behavior in 1.4.12. + * A possible improvement would be to obey the value set for the + * chunk, but this would be an API change that would probably + * damage some applications. + * + * The png_app_warning below catches the case that matters, where + * the application has not set specific save or ignore for this + * chunk or global save or ignore. */ - if (ret < 0) - png_chunk_error(png_ptr, "error in user chunk"); - - else if (ret == 0) + if (keep < PNG_HANDLE_CHUNK_IF_SAFE) { - /* If the keep value is 'default' or 'never' override it, but - * still error out on critical chunks unless the keep value is - * 'always' While this is weird it is the behavior in 1.4.12. - * A possible improvement would be to obey the value set for the - * chunk, but this would be an API change that would probably - * damage some applications. - * - * The png_app_warning below catches the case that matters, where - * the application has not set specific save or ignore for this - * chunk or global save or ignore. - */ - if (keep < PNG_HANDLE_CHUNK_IF_SAFE) +# ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED + if (png_ptr->unknown_default < PNG_HANDLE_CHUNK_IF_SAFE) { -# ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED - if (png_ptr->unknown_default < PNG_HANDLE_CHUNK_IF_SAFE) - { - png_chunk_warning(png_ptr, "Saving unknown chunk:"); - png_app_warning(png_ptr, - "forcing save of an unhandled chunk;" - " please call png_set_keep_unknown_chunks"); - /* with keep = PNG_HANDLE_CHUNK_IF_SAFE */ - } -# endif - keep = PNG_HANDLE_CHUNK_IF_SAFE; + png_chunk_warning(png_ptr, "Saving unknown chunk:"); + png_app_warning(png_ptr, + "forcing save of an unhandled chunk;" + " please call png_set_keep_unknown_chunks"); + /* with keep = PNG_HANDLE_CHUNK_IF_SAFE */ } - } - - else /* chunk was handled */ - { - handled = 1; - /* Critical chunks can be safely discarded at this point. */ - keep = PNG_HANDLE_CHUNK_NEVER; +# endif + keep = PNG_HANDLE_CHUNK_IF_SAFE; } } - else - keep = PNG_HANDLE_CHUNK_NEVER; /* insufficient memory */ + else /* chunk was handled */ + { + handled = 1; + /* Critical chunks can be safely discarded at this point. */ + keep = PNG_HANDLE_CHUNK_NEVER; + } } else - /* Use the SAVE_UNKNOWN_CHUNKS code or skip the chunk */ + keep = PNG_HANDLE_CHUNK_NEVER; /* insufficient memory */ + } + + else + /* Use the SAVE_UNKNOWN_CHUNKS code or skip the chunk */ # endif /* READ_USER_CHUNKS */ # ifdef PNG_SAVE_UNKNOWN_CHUNKS_SUPPORTED + { + /* keep is currently just the per-chunk setting, if there was no + * setting change it to the global default now (not that this may + * still be AS_DEFAULT) then obtain the cache of the chunk if required, + * if not simply skip the chunk. + */ + if (keep == PNG_HANDLE_CHUNK_AS_DEFAULT) + keep = png_ptr->unknown_default; + + if (keep == PNG_HANDLE_CHUNK_ALWAYS || + (keep == PNG_HANDLE_CHUNK_IF_SAFE && + PNG_CHUNK_ANCILLARY(png_ptr->chunk_name))) { - /* keep is currently just the per-chunk setting, if there was no - * setting change it to the global default now (not that this may - * still be AS_DEFAULT) then obtain the cache of the chunk if required, - * if not simply skip the chunk. - */ - if (keep == PNG_HANDLE_CHUNK_AS_DEFAULT) - keep = png_ptr->unknown_default; - - if (keep == PNG_HANDLE_CHUNK_ALWAYS || - (keep == PNG_HANDLE_CHUNK_IF_SAFE && - PNG_CHUNK_ANCILLARY(png_ptr->chunk_name))) - { - if (png_cache_unknown_chunk(png_ptr, length) == 0) - keep = PNG_HANDLE_CHUNK_NEVER; - } - - else - png_crc_finish(png_ptr, length); + if (png_cache_unknown_chunk(png_ptr, length) == 0) + keep = PNG_HANDLE_CHUNK_NEVER; } + + else + png_crc_finish(png_ptr, length); + } # else # ifndef PNG_READ_USER_CHUNKS_SUPPORTED # error no method to support READ_UNKNOWN_CHUNKS # endif - { - /* If here there is no read callback pointer set and no support is - * compiled in to just save the unknown chunks, so simply skip this - * chunk. If 'keep' is something other than AS_DEFAULT or NEVER then - * the app has erroneously asked for unknown chunk saving when there - * is no support. - */ - if (keep > PNG_HANDLE_CHUNK_NEVER) - png_app_error(png_ptr, "no unknown chunk support available"); - - png_crc_finish(png_ptr, length); - } + { + /* If here there is no read callback pointer set and no support is + * compiled in to just save the unknown chunks, so simply skip this + * chunk. If 'keep' is something other than AS_DEFAULT or NEVER then + * the app has erroneously asked for unknown chunk saving when there + * is no support. + */ + if (keep > PNG_HANDLE_CHUNK_NEVER) + png_app_error(png_ptr, "no unknown chunk support available"); + + png_crc_finish(png_ptr, length); + } # endif # ifdef PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED - /* Now store the chunk in the chunk list if appropriate, and if the limits - * permit it. - */ - if (keep == PNG_HANDLE_CHUNK_ALWAYS || - (keep == PNG_HANDLE_CHUNK_IF_SAFE && - PNG_CHUNK_ANCILLARY(png_ptr->chunk_name))) - { + /* Now store the chunk in the chunk list if appropriate, and if the limits + * permit it. + */ + if (keep == PNG_HANDLE_CHUNK_ALWAYS || + (keep == PNG_HANDLE_CHUNK_IF_SAFE && + PNG_CHUNK_ANCILLARY(png_ptr->chunk_name))) + { # ifdef PNG_USER_LIMITS_SUPPORTED - switch (png_ptr->user_chunk_cache_max) - { - case 2: - png_ptr->user_chunk_cache_max = 1; - png_chunk_benign_error(png_ptr, "no space in chunk cache"); - /* FALL THROUGH */ - case 1: - /* NOTE: prior to 1.6.0 this case resulted in an unknown critical - * chunk being skipped, now there will be a hard error below. - */ - break; - - default: /* not at limit */ - --(png_ptr->user_chunk_cache_max); - /* FALL THROUGH */ - case 0: /* no limit */ -# endif /* USER_LIMITS */ - /* Here when the limit isn't reached or when limits are compiled - * out; store the chunk. - */ - png_set_unknown_chunks(png_ptr, info_ptr, - &png_ptr->unknown_chunk, 1); - handled = 1; -# ifdef PNG_USER_LIMITS_SUPPORTED - break; - } -# endif + switch (png_ptr->user_chunk_cache_max) + { + case 2: + png_ptr->user_chunk_cache_max = 1; + png_chunk_benign_error(png_ptr, "no space in chunk cache"); + /* FALL THROUGH */ + case 1: + /* NOTE: prior to 1.6.0 this case resulted in an unknown critical + * chunk being skipped, now there will be a hard error below. + */ + break; + + default: /* not at limit */ + --(png_ptr->user_chunk_cache_max); + /* FALL THROUGH */ + case 0: /* no limit */ +# endif /* USER_LIMITS */ + /* Here when the limit isn't reached or when limits are compiled + * out; store the chunk. + */ + png_set_unknown_chunks(png_ptr, info_ptr, + &png_ptr->unknown_chunk, 1); + handled = 1; +# ifdef PNG_USER_LIMITS_SUPPORTED + break; } +# endif + } # else /* no store support: the chunk must be handled by the user callback */ - PNG_UNUSED(info_ptr) + PNG_UNUSED(info_ptr) # endif /* Regardless of the error handling below the cached data (if any) can be @@ -3068,13 +3123,13 @@ end_ptr = dp + PNG_ROWBYTES(pixel_depth, row_width) - 1; end_byte = *end_ptr; # ifdef PNG_READ_PACKSWAP_SUPPORTED - if ((png_ptr->transformations & PNG_PACKSWAP) != 0) - /* little-endian byte */ - end_mask = 0xff << end_mask; - - else /* big-endian byte */ + if ((png_ptr->transformations & PNG_PACKSWAP) != 0) + /* little-endian byte */ + end_mask = 0xff << end_mask; + + else /* big-endian byte */ # endif - end_mask = 0xff >> end_mask; + end_mask = 0xff >> end_mask; /* end_mask is now the bits to *keep* from the destination row */ } @@ -3232,12 +3287,12 @@ png_uint_32 mask; # ifdef PNG_READ_PACKSWAP_SUPPORTED - if ((png_ptr->transformations & PNG_PACKSWAP) != 0) - mask = MASK(pass, pixel_depth, display, 0); - - else + if ((png_ptr->transformations & PNG_PACKSWAP) != 0) + mask = MASK(pass, pixel_depth, display, 0); + + else # endif - mask = MASK(pass, pixel_depth, display, 1); + mask = MASK(pass, pixel_depth, display, 1); for (;;) { @@ -3838,15 +3893,15 @@ p = b - c; pc = a - c; -# ifdef PNG_USE_ABS - pa = abs(p); - pb = abs(pc); - pc = abs(p + pc); -# else - pa = p < 0 ? -p : p; - pb = pc < 0 ? -pc : pc; - pc = (p + pc) < 0 ? -(p + pc) : p + pc; -# endif +#ifdef PNG_USE_ABS + pa = abs(p); + pb = abs(pc); + pc = abs(p + pc); +#else + pa = p < 0 ? -p : p; + pb = pc < 0 ? -pc : pc; + pc = (p + pc) < 0 ? -(p + pc) : p + pc; +#endif /* Find the best predictor, the least of pa, pb, pc favoring the earlier * ones in the case of a tie. @@ -3893,15 +3948,15 @@ p = b - c; pc = a - c; -# ifdef PNG_USE_ABS - pa = abs(p); - pb = abs(pc); - pc = abs(p + pc); -# else - pa = p < 0 ? -p : p; - pb = pc < 0 ? -pc : pc; - pc = (p + pc) < 0 ? -(p + pc) : p + pc; -# endif +#ifdef PNG_USE_ABS + pa = abs(p); + pb = abs(pc); + pc = abs(p + pc); +#else + pa = p < 0 ? -p : p; + pb = pc < 0 ? -pc : pc; + pc = (p + pc) < 0 ? -(p + pc) : p + pc; +#endif if (pb < pa) pa = pb, a = b; if (pc < pa) a = c; @@ -4043,7 +4098,7 @@ * * TODO: deal more elegantly with truncated IDAT lists. */ - ret = inflate(&png_ptr->zstream, Z_NO_FLUSH); + ret = PNG_INFLATE(png_ptr, Z_NO_FLUSH); /* Take the unconsumed output back. */ if (output != NULL) @@ -4306,18 +4361,18 @@ #ifdef PNG_READ_EXPAND_16_SUPPORTED if ((png_ptr->transformations & PNG_EXPAND_16) != 0) { -# ifdef PNG_READ_EXPAND_SUPPORTED - /* In fact it is an error if it isn't supported, but checking is - * the safe way. - */ - if ((png_ptr->transformations & PNG_EXPAND) != 0) - { - if (png_ptr->bit_depth < 16) - max_pixel_depth *= 2; - } - else -# endif - png_ptr->transformations &= ~PNG_EXPAND_16; +# ifdef PNG_READ_EXPAND_SUPPORTED + /* In fact it is an error if it isn't supported, but checking is + * the safe way. + */ + if ((png_ptr->transformations & PNG_EXPAND) != 0) + { + if (png_ptr->bit_depth < 16) + max_pixel_depth *= 2; + } + else +# endif + png_ptr->transformations &= ~PNG_EXPAND_16; } #endif
--- a/src/share/native/sun/awt/libpng/pngset.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pngset.c Sat Sep 10 22:36:17 2016 +0100 @@ -29,8 +29,8 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Last changed in libpng 1.6.15 [November 20, 2014] - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Last changed in libpng 1.6.19 [November 12, 2015] + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -151,12 +151,12 @@ png_fixed(png_ptr, red_X, "cHRM Red X"), png_fixed(png_ptr, red_Y, "cHRM Red Y"), png_fixed(png_ptr, red_Z, "cHRM Red Z"), - png_fixed(png_ptr, green_X, "cHRM Red X"), - png_fixed(png_ptr, green_Y, "cHRM Red Y"), - png_fixed(png_ptr, green_Z, "cHRM Red Z"), - png_fixed(png_ptr, blue_X, "cHRM Red X"), - png_fixed(png_ptr, blue_Y, "cHRM Red Y"), - png_fixed(png_ptr, blue_Z, "cHRM Red Z")); + png_fixed(png_ptr, green_X, "cHRM Green X"), + png_fixed(png_ptr, green_Y, "cHRM Green Y"), + png_fixed(png_ptr, green_Z, "cHRM Green Z"), + png_fixed(png_ptr, blue_X, "cHRM Blue X"), + png_fixed(png_ptr, blue_Y, "cHRM Blue Y"), + png_fixed(png_ptr, blue_Z, "cHRM Blue Z")); } # endif /* FLOATING_POINT */ @@ -218,6 +218,7 @@ if (info_ptr->hist == NULL) { png_warning(png_ptr, "Insufficient memory for hIST chunk data"); + return; } @@ -299,7 +300,7 @@ png_debug1(1, "in %s storage function", "pCAL"); if (png_ptr == NULL || info_ptr == NULL || purpose == NULL || units == NULL - || (nparams > 0 && params == NULL)) + || (nparams > 0 && params == NULL)) return; length = strlen(purpose) + 1; @@ -329,6 +330,7 @@ if (info_ptr->pcal_purpose == NULL) { png_warning(png_ptr, "Insufficient memory for pCAL purpose"); + return; } @@ -350,6 +352,7 @@ if (info_ptr->pcal_units == NULL) { png_warning(png_ptr, "Insufficient memory for pCAL units"); + return; } @@ -361,6 +364,7 @@ if (info_ptr->pcal_params == NULL) { png_warning(png_ptr, "Insufficient memory for pCAL params"); + return; } @@ -377,6 +381,7 @@ if (info_ptr->pcal_params[i] == NULL) { png_warning(png_ptr, "Insufficient memory for pCAL parameter"); + return; } @@ -426,6 +431,7 @@ if (info_ptr->scal_s_width == NULL) { png_warning(png_ptr, "Memory allocation failed while processing sCAL"); + return; } @@ -444,6 +450,7 @@ info_ptr->scal_s_width = NULL; png_warning(png_ptr, "Memory allocation failed while processing sCAL"); + return; } @@ -534,12 +541,17 @@ png_const_colorp palette, int num_palette) { + png_uint_32 max_palette_length; + png_debug1(1, "in %s storage function", "PLTE"); if (png_ptr == NULL || info_ptr == NULL) return; - if (num_palette < 0 || num_palette > PNG_MAX_PALETTE_LENGTH) + max_palette_length = (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ? + (1 << info_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH; + + if (num_palette < 0 || num_palette > (int) max_palette_length) { if (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE) png_error(png_ptr, "Invalid palette length"); @@ -547,6 +559,7 @@ else { png_warning(png_ptr, "Invalid palette length"); + return; } } @@ -559,7 +572,6 @@ )) { png_error(png_ptr, "Invalid palette"); - return; } /* It may not actually be necessary to set png_ptr->palette here; @@ -572,8 +584,8 @@ png_free_data(png_ptr, info_ptr, PNG_FREE_PLTE, 0); /* Changed in libpng-1.2.1 to allocate PNG_MAX_PALETTE_LENGTH instead - * of num_palette entries, in case of an invalid PNG file that has - * too-large sample values. + * of num_palette entries, in case of an invalid PNG file or incorrect + * call to png_set_PLTE() with too-large sample values. */ png_ptr->palette = png_voidcast(png_colorp, png_calloc(png_ptr, PNG_MAX_PALETTE_LENGTH * (sizeof (png_color)))); @@ -683,6 +695,7 @@ if (new_iccp_name == NULL) { png_benign_error(png_ptr, "Insufficient memory to process iCCP chunk"); + return; } @@ -693,9 +706,9 @@ if (new_iccp_profile == NULL) { png_free(png_ptr, new_iccp_name); - new_iccp_name = NULL; png_benign_error(png_ptr, "Insufficient memory to process iCCP profile"); + return; } @@ -729,7 +742,7 @@ { int i; - png_debug1(1, "in %lx storage function", png_ptr == NULL ? "unexpected" : + png_debug1(1, "in %lx storage function", png_ptr == NULL ? 0xabadca11U : (unsigned long)png_ptr->chunk_name); if (png_ptr == NULL || info_ptr == NULL || num_text <= 0 || text_ptr == NULL) @@ -771,6 +784,7 @@ { png_chunk_report(png_ptr, "too many text chunks", PNG_CHUNK_WRITE_ERROR); + return 1; } @@ -826,7 +840,7 @@ else lang_key_len = 0; } -# else /* PNG_iTXt_SUPPORTED */ +# else /* iTXt */ { png_chunk_report(png_ptr, "iTXt chunk not supported", PNG_CHUNK_WRITE_ERROR); @@ -859,6 +873,7 @@ { png_chunk_report(png_ptr, "text chunk: out of memory", PNG_CHUNK_WRITE_ERROR); + return 1; } @@ -932,6 +947,7 @@ mod_time->second > 60) { png_warning(png_ptr, "Ignoring invalid time value"); + return; } @@ -948,6 +964,7 @@ png_debug1(1, "in %s storage function", "tRNS"); if (png_ptr == NULL || info_ptr == NULL) + return; if (trans_alpha != NULL) @@ -973,16 +990,21 @@ if (trans_color != NULL) { - int sample_max = (1 << info_ptr->bit_depth); +#ifdef PNG_WARNINGS_SUPPORTED + if (info_ptr->bit_depth < 16) + { + int sample_max = (1 << info_ptr->bit_depth) - 1; - if ((info_ptr->color_type == PNG_COLOR_TYPE_GRAY && - trans_color->gray > sample_max) || - (info_ptr->color_type == PNG_COLOR_TYPE_RGB && - (trans_color->red > sample_max || - trans_color->green > sample_max || - trans_color->blue > sample_max))) - png_warning(png_ptr, - "tRNS chunk has out-of-range samples for bit_depth"); + if ((info_ptr->color_type == PNG_COLOR_TYPE_GRAY && + trans_color->gray > sample_max) || + (info_ptr->color_type == PNG_COLOR_TYPE_RGB && + (trans_color->red > sample_max || + trans_color->green > sample_max || + trans_color->blue > sample_max))) + png_warning(png_ptr, + "tRNS chunk has out-of-range samples for bit_depth"); + } +#endif info_ptr->trans_color = *trans_color; @@ -1029,6 +1051,7 @@ { /* Out of memory or too many chunks */ png_chunk_report(png_ptr, "too many sPLT chunks", PNG_CHUNK_WRITE_ERROR); + return; } @@ -1144,7 +1167,7 @@ png_unknown_chunkp np; if (png_ptr == NULL || info_ptr == NULL || num_unknowns <= 0 || - unknowns == NULL) + unknowns == NULL) return; /* Check for the failure cases where support has been disabled at compile @@ -1158,6 +1181,7 @@ if ((png_ptr->mode & PNG_IS_READ_STRUCT) != 0) { png_app_error(png_ptr, "no unknown chunk support on read"); + return; } # endif @@ -1166,6 +1190,7 @@ if ((png_ptr->mode & PNG_IS_READ_STRUCT) == 0) { png_app_error(png_ptr, "no unknown chunk support on write"); + return; } # endif @@ -1183,6 +1208,7 @@ { png_chunk_report(png_ptr, "too many unknown chunks", PNG_CHUNK_WRITE_ERROR); + return; } @@ -1260,8 +1286,7 @@ check_location(png_ptr, location); } } -#endif - +#endif /* STORE_UNKNOWN_CHUNKS */ #ifdef PNG_MNG_FEATURES_SUPPORTED png_uint_32 PNGAPI @@ -1292,6 +1317,7 @@ if (memcmp(list, add, 4) == 0) { list[4] = (png_byte)keep; + return count; } } @@ -1319,6 +1345,7 @@ if (keep < 0 || keep >= PNG_HANDLE_CHUNK_LAST) { png_app_error(png_ptr, "png_set_keep_unknown_chunks: invalid keep"); + return; } @@ -1368,6 +1395,7 @@ * which can be switched off. */ png_app_error(png_ptr, "png_set_keep_unknown_chunks: no chunk list"); + return; } @@ -1383,6 +1411,7 @@ if (num_chunks + old_num_chunks > UINT_MAX/5) { png_app_error(png_ptr, "png_set_keep_unknown_chunks: too many chunks"); + return; } @@ -1520,23 +1549,30 @@ { png_warning(png_ptr, "Compression buffer size cannot be changed because it is in use"); + return; } +#ifndef __COVERITY__ + /* Some compilers complain that this is always false. However, it + * can be true when integer overflow happens. + */ if (size > ZLIB_IO_MAX) { png_warning(png_ptr, "Compression buffer size limited to system maximum"); size = ZLIB_IO_MAX; /* must fit */ } +#endif - else if (size < 6) + if (size < 6) { /* Deflate will potentially go into an infinite loop on a SYNC_FLUSH * if this is permitted. */ png_warning(png_ptr, "Compression buffer size cannot be reduced below 6"); + return; } @@ -1565,7 +1601,7 @@ { /* Images with dimensions larger than these limits will be * rejected by png_set_IHDR(). To accept any PNG datastream - * regardless of dimensions, set both limits to 0x7ffffffL. + * regardless of dimensions, set both limits to 0x7fffffff. */ if (png_ptr == NULL) return; @@ -1578,8 +1614,8 @@ void PNGAPI png_set_chunk_cache_max (png_structrp png_ptr, png_uint_32 user_chunk_cache_max) { - if (png_ptr != NULL) - png_ptr->user_chunk_cache_max = user_chunk_cache_max; + if (png_ptr != NULL) + png_ptr->user_chunk_cache_max = user_chunk_cache_max; } /* This function was added to libpng 1.4.1 */
--- a/src/share/native/sun/awt/libpng/pngstruct.h Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pngstruct.h Sat Sep 10 22:36:17 2016 +0100 @@ -29,12 +29,11 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Copyright (c) 1998-2013 Glenn Randers-Pehrson + * Last changed in libpng 1.6.18 [July 23, 2015] + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * - * Last changed in libpng 1.6.1 [March 28, 2013] - * * This code is released under the libpng license. * For conditions of distribution and use, see the disclaimer * and license in png.h @@ -129,7 +128,7 @@ #endif /* COLORSPACE */ #if defined(PNG_COLORSPACE_SUPPORTED) || defined(PNG_GAMMA_SUPPORTED) -/* A colorspace is all the above plus, potentially, profile information, +/* A colorspace is all the above plus, potentially, profile information; * however at present libpng does not use the profile internally so it is only * stored in the png_info struct (if iCCP is supported.) The rendering intent * is retained here and is checked. @@ -248,16 +247,18 @@ png_uint_32 row_number; /* current row in interlace pass */ png_uint_32 chunk_name; /* PNG_CHUNK() id of current chunk */ png_bytep prev_row; /* buffer to save previous (unfiltered) row. - * This is a pointer into big_prev_row + * While reading this is a pointer into + * big_prev_row; while writing it is separately + * allocated if needed. */ png_bytep row_buf; /* buffer to save current (unfiltered) row. - * This is a pointer into big_row_buf + * While reading, this is a pointer into + * big_row_buf; while writing it is separately + * allocated. */ -#ifdef PNG_WRITE_SUPPORTED - png_bytep sub_row; /* buffer to save "sub" row when filtering */ - png_bytep up_row; /* buffer to save "up" row when filtering */ - png_bytep avg_row; /* buffer to save "avg" row when filtering */ - png_bytep paeth_row; /* buffer to save "Paeth" row when filtering */ +#ifdef PNG_WRITE_FILTER_SUPPORTED + png_bytep try_row; /* buffer to save trial row when filtering */ + png_bytep tst_row; /* buffer to save best trial row when filtering */ #endif png_size_t info_rowbytes; /* Added in 1.5.4: cache of updated row bytes */ @@ -290,6 +291,9 @@ /* pixel depth used for the row buffers */ png_byte transformed_pixel_depth; /* pixel depth after read/write transforms */ +#if PNG_ZLIB_VERNUM >= 0x1240 + png_byte zstream_start; /* at start of an input zlib stream */ +#endif /* Zlib >= 1.2.4 */ #if defined(PNG_READ_FILLER_SUPPORTED) || defined(PNG_WRITE_FILLER_SUPPORTED) png_uint_16 filler; /* filler bytes for pixel expansion */ #endif @@ -375,17 +379,7 @@ png_bytep quantize_index; /* index translation for palette files */ #endif -#ifdef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED - png_byte heuristic_method; /* heuristic for row filter selection */ - png_byte num_prev_filters; /* number of weights for previous rows */ - png_bytep prev_filters; /* filter type(s) of previous row(s) */ - png_uint_16p filter_weights; /* weight(s) for previous line(s) */ - png_uint_16p inv_filter_weights; /* 1/weight(s) for previous line(s) */ - png_uint_16p filter_costs; /* relative filter calculation cost */ - png_uint_16p inv_filter_costs; /* 1/relative filter calculation cost */ -#endif - - /* Options */ +/* Options */ #ifdef PNG_SET_OPTION_SUPPORTED png_byte options; /* On/off state (up to 4 options) */ #endif
--- a/src/share/native/sun/awt/libpng/pngtest.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pngtest.c Sat Sep 10 22:36:17 2016 +0100 @@ -29,8 +29,8 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Last changed in libpng 1.6.15 [November 20, 2014] - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Last changed in libpng 1.5.25 [December 3, 2015] + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -89,10 +89,11 @@ defined PNG_READ_sBIT_SUPPORTED &&\ defined PNG_READ_sCAL_SUPPORTED &&\ defined PNG_READ_sRGB_SUPPORTED &&\ + defined PNG_READ_sPLT_SUPPORTED &&\ defined PNG_READ_tEXt_SUPPORTED &&\ defined PNG_READ_tIME_SUPPORTED &&\ defined PNG_READ_zTXt_SUPPORTED &&\ - defined PNG_WRITE_INTERLACING_SUPPORTED + (defined PNG_WRITE_INTERLACING_SUPPORTED || PNG_LIBPNG_VER >= 10700) #ifdef PNG_ZLIB_HEADER # include PNG_ZLIB_HEADER /* defined by pnglibconf.h from 1.7 */ @@ -129,6 +130,10 @@ # define SINGLE_ROWBUF_ALLOC /* Makes buffer overruns easier to nail */ #endif +#ifndef PNG_UNUSED +# define PNG_UNUSED(param) (void)param; +#endif + /* Turn on CPU timing #define PNGTEST_TIMING */ @@ -146,6 +151,22 @@ #define PNG_tIME_STRING_LENGTH 29 static int tIME_chunk_present = 0; static char tIME_string[PNG_tIME_STRING_LENGTH] = "tIME chunk is not present"; + +#if PNG_LIBPNG_VER < 10619 +#define png_convert_to_rfc1123_buffer(ts, t) tIME_to_str(read_ptr, ts, t) + +static int +tIME_to_str(png_structp png_ptr, png_charp ts, png_const_timep t) +{ + png_const_charp str = png_convert_to_rfc1123(png_ptr, t); + + if (str == NULL) + return 0; + + strcpy(ts, str); + return 1; +} +#endif /* older libpng */ #endif static int verbose = 0; @@ -213,16 +234,14 @@ #ifdef PNG_READ_USER_TRANSFORM_SUPPORTED -/* Example of using user transform callback (we don't transform anything, - * but merely examine the row filters. We set this to 256 rather than - * 5 in case illegal filter values are present.) +/* Example of using a user transform callback (doesn't do anything at present). */ -static png_uint_32 filters_used[256]; static void PNGCBAPI -count_filters(png_structp png_ptr, png_row_infop row_info, png_bytep data) +read_user_callback(png_structp png_ptr, png_row_infop row_info, png_bytep data) { - if (png_ptr != NULL && row_info != NULL) - ++filters_used[*(data - 1)]; + PNG_UNUSED(png_ptr) + PNG_UNUSED(row_info) + PNG_UNUSED(data) } #endif @@ -497,7 +516,7 @@ #if defined(PNG_USER_MEM_SUPPORTED) && PNG_DEBUG /* Allocate memory. For reasonable files, size should never exceed - * 64K. However, zlib may allocate more then 64K if you don't tell + * 64K. However, zlib may allocate more than 64K if you don't tell * it not to. See zconf.h and png.h for more information. zlib does * need to allocate exactly 64K, so whatever you call here must * have the ability to do that. @@ -593,6 +612,7 @@ } /* Unlink the element from the list. */ + if (pinformation != NULL) { memory_infop *ppinfo = &pinformation; @@ -609,8 +629,7 @@ /* We must free the list element too, but first kill the memory that is to be freed. */ memset(ptr, 0x55, pinfo->size); - if (pinfo != NULL) - free(pinfo); + free(pinfo); pinfo = NULL; break; } @@ -820,7 +839,7 @@ */ #ifdef PNG_TEXT_SUPPORTED static void -pngtest_check_text_support(png_const_structp png_ptr, png_textp text_ptr, +pngtest_check_text_support(png_structp png_ptr, png_textp text_ptr, int num_text) { while (num_text > 0) @@ -833,6 +852,8 @@ case PNG_TEXT_COMPRESSION_zTXt: # ifndef PNG_WRITE_zTXt_SUPPORTED ++unsupported_chunks; + /* In libpng 1.7 this now does an app-error, so stop it: */ + text_ptr[num_text].compression = PNG_TEXT_COMPRESSION_NONE; # endif break; @@ -840,6 +861,7 @@ case PNG_ITXT_COMPRESSION_zTXt: # ifndef PNG_WRITE_iTXt_SUPPORTED ++unsupported_chunks; + text_ptr[num_text].compression = PNG_TEXT_COMPRESSION_NONE; # endif break; @@ -866,16 +888,19 @@ png_structp write_ptr; png_infop write_info_ptr; png_infop write_end_info_ptr; +#ifdef PNG_WRITE_FILTER_SUPPORTED int interlace_preserved = 1; -#else +#endif /* WRITE_FILTER */ +#else /* !WRITE */ png_structp write_ptr = NULL; png_infop write_info_ptr = NULL; png_infop write_end_info_ptr = NULL; -#endif +#endif /* !WRITE */ png_bytep row_buf; png_uint_32 y; png_uint_32 width, height; - int num_pass = 1, pass; + volatile int num_passes; + int pass; int bit_depth, color_type; row_buf = NULL; @@ -1028,14 +1053,7 @@ } #ifdef PNG_READ_USER_TRANSFORM_SUPPORTED - { - int i; - - for (i = 0; i<256; i++) - filters_used[i] = 0; - - png_set_read_user_transform_fn(read_ptr, count_filters); - } + png_set_read_user_transform_fn(read_ptr, read_user_callback); #endif #ifdef PNG_WRITE_USER_TRANSFORM_SUPPORTED zero_samples = 0; @@ -1082,27 +1100,27 @@ { png_set_IHDR(write_ptr, write_info_ptr, width, height, bit_depth, color_type, interlace_type, compression_type, filter_type); -#ifndef PNG_READ_INTERLACING_SUPPORTED - /* num_pass will not be set below, set it here if the image is - * interlaced: what happens is that write interlacing is *not* turned - * on an the partial interlaced rows are written directly. + /* num_passes may not be available below if interlace support is not + * provided by libpng for both read and write. */ switch (interlace_type) { case PNG_INTERLACE_NONE: - num_pass = 1; + num_passes = 1; break; case PNG_INTERLACE_ADAM7: - num_pass = 7; - break; + num_passes = 7; + break; default: - png_error(read_ptr, "invalid interlace type"); - /*NOT REACHED*/ + png_error(read_ptr, "invalid interlace type"); + /*NOT REACHED*/ } -#endif } + + else + png_error(read_ptr, "png_get_IHDR failed"); } #ifdef PNG_FIXED_POINT_SUPPORTED #ifdef PNG_cHRM_SUPPORTED @@ -1273,6 +1291,19 @@ #endif #endif #endif + +#ifdef PNG_sPLT_SUPPORTED + { + png_sPLT_tp entries; + + int num_entries = (int) png_get_sPLT(read_ptr, read_info_ptr, &entries); + if (num_entries) + { + png_set_sPLT(write_ptr, write_info_ptr, entries, num_entries); + } + } +#endif + #ifdef PNG_TEXT_SUPPORTED { png_textp text_ptr; @@ -1394,21 +1425,49 @@ #endif /* SINGLE_ROWBUF_ALLOC */ pngtest_debug("Writing row data"); -#ifdef PNG_READ_INTERLACING_SUPPORTED - num_pass = png_set_interlace_handling(read_ptr); - if (png_set_interlace_handling(write_ptr) != num_pass) - png_error(write_ptr, "png_set_interlace_handling: inconsistent num_pass"); -#endif +#if defined(PNG_READ_INTERLACING_SUPPORTED) &&\ + defined(PNG_WRITE_INTERLACING_SUPPORTED) + /* Both must be defined for libpng to be able to handle the interlace, + * otherwise it gets handled below by simply reading and writing the passes + * directly. + */ + if (png_set_interlace_handling(read_ptr) != num_passes) + png_error(write_ptr, + "png_set_interlace_handling(read): wrong pass count "); + if (png_set_interlace_handling(write_ptr) != num_passes) + png_error(write_ptr, + "png_set_interlace_handling(write): wrong pass count "); +#else /* png_set_interlace_handling not called on either read or write */ +# define calc_pass_height +#endif /* not using libpng interlace handling */ #ifdef PNGTEST_TIMING t_stop = (float)clock(); t_misc += (t_stop - t_start); t_start = t_stop; #endif - for (pass = 0; pass < num_pass; pass++) + for (pass = 0; pass < num_passes; pass++) { +# ifdef calc_pass_height + png_uint_32 pass_height; + + if (num_passes == 7) /* interlaced */ + { + if (PNG_PASS_COLS(width, pass) > 0) + pass_height = PNG_PASS_ROWS(height, pass); + + else + pass_height = 0; + } + + else /* not interlaced */ + pass_height = height; +# else +# define pass_height height +# endif + pngtest_debug1("Writing row data for pass %d", pass); - for (y = 0; y < height; y++) + for (y = 0; y < pass_height; y++) { #ifndef SINGLE_ROWBUF_ALLOC pngtest_debug2("Allocating row buffer (pass %d, y = %u)...", pass, y); @@ -1598,7 +1657,7 @@ } # ifdef PNG_WRITE_SUPPORTED - /* If there we no write support nothing was written! */ + /* If there is no write support nothing was written! */ else if (unsupported_chunks > 0) { fprintf(STDERR, "\n %s: unsupported chunks (%d)%s", @@ -1629,7 +1688,8 @@ return (1); } -#ifdef PNG_WRITE_SUPPORTED /* else nothing was written */ +#if defined (PNG_WRITE_SUPPORTED) /* else nothing was written */ &&\ + defined (PNG_WRITE_FILTER_SUPPORTED) if (interlace_preserved != 0) /* else the files will be changed */ { for (;;) @@ -1706,7 +1766,7 @@ } } } -#endif /* WRITE */ +#endif /* WRITE && WRITE_FILTER */ FCLOSE(fpin); FCLOSE(fpout); @@ -1729,6 +1789,8 @@ int multiple = 0; int ierror = 0; + png_structp dummy_ptr; + fprintf(STDERR, "\n Testing libpng version %s\n", PNG_LIBPNG_VER_STRING); fprintf(STDERR, " with zlib version %s\n", ZLIB_VERSION); fprintf(STDERR, "%s", png_get_copyright(NULL)); @@ -1843,26 +1905,17 @@ kerror = test_one_file(argv[i], outname); if (kerror == 0) { -#ifdef PNG_READ_USER_TRANSFORM_SUPPORTED - int k; -#endif #ifdef PNG_WRITE_USER_TRANSFORM_SUPPORTED fprintf(STDERR, "\n PASS (%lu zero samples)\n", (unsigned long)zero_samples); #else fprintf(STDERR, " PASS\n"); #endif -#ifdef PNG_READ_USER_TRANSFORM_SUPPORTED - for (k = 0; k<256; k++) - if (filters_used[k] != 0) - fprintf(STDERR, " Filter %d was used %lu times\n", - k, (unsigned long)filters_used[k]); -#endif #ifdef PNG_TIME_RFC1123_SUPPORTED - if (tIME_chunk_present != 0) - fprintf(STDERR, " tIME = %s\n", tIME_string); + if (tIME_chunk_present != 0) + fprintf(STDERR, " tIME = %s\n", tIME_string); - tIME_chunk_present = 0; + tIME_chunk_present = 0; #endif /* TIME_RFC1123 */ } @@ -1934,21 +1987,12 @@ { if (verbose == 1 || i == 2) { -#ifdef PNG_READ_USER_TRANSFORM_SUPPORTED - int k; -#endif #ifdef PNG_WRITE_USER_TRANSFORM_SUPPORTED fprintf(STDERR, "\n PASS (%lu zero samples)\n", (unsigned long)zero_samples); #else fprintf(STDERR, " PASS\n"); #endif -#ifdef PNG_READ_USER_TRANSFORM_SUPPORTED - for (k = 0; k<256; k++) - if (filters_used[k] != 0) - fprintf(STDERR, " Filter %d was used %lu times\n", - k, (unsigned long)filters_used[k]); -#endif #ifdef PNG_TIME_RFC1123_SUPPORTED if (tIME_chunk_present != 0) fprintf(STDERR, " tIME = %s\n", tIME_string); @@ -2022,6 +2066,24 @@ else fprintf(STDERR, " libpng FAILS test\n"); + dummy_ptr = png_create_read_struct(PNG_LIBPNG_VER_STRING, NULL, NULL, NULL); + fprintf(STDERR, " Default limits:\n"); + fprintf(STDERR, " width_max = %lu\n", + (unsigned long) png_get_user_width_max(dummy_ptr)); + fprintf(STDERR, " height_max = %lu\n", + (unsigned long) png_get_user_height_max(dummy_ptr)); + if (png_get_chunk_cache_max(dummy_ptr) == 0) + fprintf(STDERR, " cache_max = unlimited\n"); + else + fprintf(STDERR, " cache_max = %lu\n", + (unsigned long) png_get_chunk_cache_max(dummy_ptr)); + if (png_get_chunk_malloc_max(dummy_ptr) == 0) + fprintf(STDERR, " malloc_max = unlimited\n"); + else + fprintf(STDERR, " malloc_max = %lu\n", + (unsigned long) png_get_chunk_malloc_max(dummy_ptr)); + png_destroy_read_struct(&dummy_ptr, NULL, NULL); + return (int)(ierror != 0); } #else @@ -2036,4 +2098,4 @@ #endif /* Generate a compiler error if there is an old png.h in the search path. */ -typedef png_libpng_version_1_6_16 Your_png_h_is_not_version_1_6_16; +typedef png_libpng_version_1_6_20 Your_png_h_is_not_version_1_6_20;
--- a/src/share/native/sun/awt/libpng/pngtrans.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pngtrans.c Sat Sep 10 22:36:17 2016 +0100 @@ -29,8 +29,8 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Last changed in libpng 1.6.15 [November 20, 2014] - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Last changed in libpng 1.6.18 [July 23, 2015] + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -58,7 +58,7 @@ #endif #if defined(PNG_READ_SWAP_SUPPORTED) || defined(PNG_WRITE_SWAP_SUPPORTED) -/* Turn on 16 bit byte swapping */ +/* Turn on 16-bit byte swapping */ void PNGAPI png_set_swap(png_structrp png_ptr) { @@ -341,7 +341,7 @@ #ifdef PNG_16BIT_SUPPORTED #if defined(PNG_READ_SWAP_SUPPORTED) || defined(PNG_WRITE_SWAP_SUPPORTED) -/* Swaps byte order on 16 bit depth images */ +/* Swaps byte order on 16-bit depth images */ void /* PRIVATE */ png_do_swap(png_row_infop row_info, png_bytep row) { @@ -732,7 +732,7 @@ */ for (; rp > png_ptr->row_buf; rp--) { - if (*rp >> padding != 0) + if ((*rp >> padding) != 0) png_ptr->num_palette_max = 1; padding = 0; }
--- a/src/share/native/sun/awt/libpng/pngwio.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pngwio.c Sat Sep 10 22:36:17 2016 +0100 @@ -54,7 +54,7 @@ * writes to a file pointer. Note that this routine sometimes gets called * with very small lengths, so you should implement some kind of simple * buffering if you are using unbuffered writes. This should never be asked - * to write more than 64K on a 16 bit machine. + * to write more than 64K on a 16-bit machine. */ void /* PRIVATE */
--- a/src/share/native/sun/awt/libpng/pngwrite.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pngwrite.c Sat Sep 10 22:36:17 2016 +0100 @@ -29,8 +29,8 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Last changed in libpng 1.6.15 [November 20, 2014] - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Last changed in libpng 1.6.19 [November 12, 2015] + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -118,43 +118,44 @@ if ((png_ptr->mode & PNG_WROTE_INFO_BEFORE_PLTE) == 0) { - /* Write PNG signature */ - png_write_sig(png_ptr); + /* Write PNG signature */ + png_write_sig(png_ptr); #ifdef PNG_MNG_FEATURES_SUPPORTED - if ((png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) != 0 && \ - png_ptr->mng_features_permitted != 0) - { - png_warning(png_ptr, "MNG features are not allowed in a PNG datastream"); - png_ptr->mng_features_permitted = 0; - } + if ((png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) != 0 && \ + png_ptr->mng_features_permitted != 0) + { + png_warning(png_ptr, + "MNG features are not allowed in a PNG datastream"); + png_ptr->mng_features_permitted = 0; + } #endif - /* Write IHDR information. */ - png_write_IHDR(png_ptr, info_ptr->width, info_ptr->height, - info_ptr->bit_depth, info_ptr->color_type, info_ptr->compression_type, - info_ptr->filter_type, + /* Write IHDR information. */ + png_write_IHDR(png_ptr, info_ptr->width, info_ptr->height, + info_ptr->bit_depth, info_ptr->color_type, info_ptr->compression_type, + info_ptr->filter_type, #ifdef PNG_WRITE_INTERLACING_SUPPORTED - info_ptr->interlace_type + info_ptr->interlace_type #else - 0 + 0 #endif - ); + ); - /* The rest of these check to see if the valid field has the appropriate - * flag set, and if it does, writes the chunk. - * - * 1.6.0: COLORSPACE support controls the writing of these chunks too, and - * the chunks will be written if the WRITE routine is there and information - * is available in the COLORSPACE. (See png_colorspace_sync_info in png.c - * for where the valid flags get set.) - * - * Under certain circumstances the colorspace can be invalidated without - * syncing the info_struct 'valid' flags; this happens if libpng detects and - * error and calls png_error while the color space is being set, yet the - * application continues writing the PNG. So check the 'invalid' flag here - * too. - */ + /* The rest of these check to see if the valid field has the appropriate + * flag set, and if it does, writes the chunk. + * + * 1.6.0: COLORSPACE support controls the writing of these chunks too, and + * the chunks will be written if the WRITE routine is there and + * information * is available in the COLORSPACE. (See + * png_colorspace_sync_info in png.c for where the valid flags get set.) + * + * Under certain circumstances the colorspace can be invalidated without + * syncing the info_struct 'valid' flags; this happens if libpng detects + * an error and calls png_error while the color space is being set, yet + * the application continues writing the PNG. So check the 'invalid' + * flag here too. + */ #ifdef PNG_GAMMA_SUPPORTED # ifdef PNG_WRITE_gAMA_SUPPORTED if ((info_ptr->colorspace.flags & PNG_COLORSPACE_INVALID) == 0 && @@ -165,50 +166,50 @@ #endif #ifdef PNG_COLORSPACE_SUPPORTED - /* Write only one of sRGB or an ICC profile. If a profile was supplied - * and it matches one of the known sRGB ones issue a warning. - */ + /* Write only one of sRGB or an ICC profile. If a profile was supplied + * and it matches one of the known sRGB ones issue a warning. + */ # ifdef PNG_WRITE_iCCP_SUPPORTED - if ((info_ptr->colorspace.flags & PNG_COLORSPACE_INVALID) == 0 && - (info_ptr->valid & PNG_INFO_iCCP) != 0) - { -# ifdef PNG_WRITE_sRGB_SUPPORTED - if ((info_ptr->valid & PNG_INFO_sRGB) != 0) - png_app_warning(png_ptr, - "profile matches sRGB but writing iCCP instead"); -# endif + if ((info_ptr->colorspace.flags & PNG_COLORSPACE_INVALID) == 0 && + (info_ptr->valid & PNG_INFO_iCCP) != 0) + { +# ifdef PNG_WRITE_sRGB_SUPPORTED + if ((info_ptr->valid & PNG_INFO_sRGB) != 0) + png_app_warning(png_ptr, + "profile matches sRGB but writing iCCP instead"); +# endif - png_write_iCCP(png_ptr, info_ptr->iccp_name, - info_ptr->iccp_profile); - } + png_write_iCCP(png_ptr, info_ptr->iccp_name, + info_ptr->iccp_profile); + } # ifdef PNG_WRITE_sRGB_SUPPORTED else # endif # endif # ifdef PNG_WRITE_sRGB_SUPPORTED - if ((info_ptr->colorspace.flags & PNG_COLORSPACE_INVALID) == 0 && - (info_ptr->valid & PNG_INFO_sRGB) != 0) - png_write_sRGB(png_ptr, info_ptr->colorspace.rendering_intent); + if ((info_ptr->colorspace.flags & PNG_COLORSPACE_INVALID) == 0 && + (info_ptr->valid & PNG_INFO_sRGB) != 0) + png_write_sRGB(png_ptr, info_ptr->colorspace.rendering_intent); # endif /* WRITE_sRGB */ #endif /* COLORSPACE */ #ifdef PNG_WRITE_sBIT_SUPPORTED - if ((info_ptr->valid & PNG_INFO_sBIT) != 0) - png_write_sBIT(png_ptr, &(info_ptr->sig_bit), info_ptr->color_type); + if ((info_ptr->valid & PNG_INFO_sBIT) != 0) + png_write_sBIT(png_ptr, &(info_ptr->sig_bit), info_ptr->color_type); #endif #ifdef PNG_COLORSPACE_SUPPORTED # ifdef PNG_WRITE_cHRM_SUPPORTED - if ((info_ptr->colorspace.flags & PNG_COLORSPACE_INVALID) == 0 && - (info_ptr->colorspace.flags & PNG_COLORSPACE_FROM_cHRM) != 0 && - (info_ptr->valid & PNG_INFO_cHRM) != 0) - png_write_cHRM_fixed(png_ptr, &info_ptr->colorspace.end_points_xy); + if ((info_ptr->colorspace.flags & PNG_COLORSPACE_INVALID) == 0 && + (info_ptr->colorspace.flags & PNG_COLORSPACE_FROM_cHRM) != 0 && + (info_ptr->valid & PNG_INFO_cHRM) != 0) + png_write_cHRM_fixed(png_ptr, &info_ptr->colorspace.end_points_xy); # endif #endif #ifdef PNG_WRITE_UNKNOWN_CHUNKS_SUPPORTED - write_unknown_chunks(png_ptr, info_ptr, PNG_HAVE_IHDR); + write_unknown_chunks(png_ptr, info_ptr, PNG_HAVE_IHDR); #endif png_ptr->mode |= PNG_WROTE_INFO_BEFORE_PLTE; @@ -233,7 +234,7 @@ png_write_PLTE(png_ptr, info_ptr->palette, (png_uint_32)info_ptr->num_palette); - else if ((info_ptr->color_type == PNG_COLOR_TYPE_PALETTE) !=0) + else if (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE) png_error(png_ptr, "Valid palette required for paletted images"); #ifdef PNG_WRITE_tRNS_SUPPORTED @@ -244,8 +245,13 @@ if ((png_ptr->transformations & PNG_INVERT_ALPHA) != 0 && info_ptr->color_type == PNG_COLOR_TYPE_PALETTE) { - int j; - for (j = 0; j<(int)info_ptr->num_trans; j++) + int j, jend; + + jend = info_ptr->num_trans; + if (jend > PNG_MAX_PALETTE_LENGTH) + jend = PNG_MAX_PALETTE_LENGTH; + + for (j = 0; j<jend; ++j) info_ptr->trans_alpha[j] = (png_byte)(255 - info_ptr->trans_alpha[j]); } @@ -566,7 +572,7 @@ /* App warnings are warnings in release (or release candidate) builds but * are errors during development. */ -#if PNG_LIBPNG_BUILD_BASE_TYPE >= PNG_LIBPNG_BUILD_RC +#if PNG_RELEASE_BUILD png_ptr->flags |= PNG_FLAG_APP_WARNINGS_WARN; #endif @@ -666,8 +672,8 @@ for (i = 0, rp = row; i < row_width; i++, rp += bytes_per_pixel) { - *(rp) = (png_byte)((*rp - *(rp + 1)) & 0xff); - *(rp + 2) = (png_byte)((*(rp + 2) - *(rp + 1)) & 0xff); + *(rp) = (png_byte)(*rp - *(rp + 1)); + *(rp + 2) = (png_byte)(*(rp + 2) - *(rp + 1)); } } @@ -693,10 +699,10 @@ png_uint_32 s2 = (*(rp + 4) << 8) | *(rp + 5); png_uint_32 red = (png_uint_32)((s0 - s1) & 0xffffL); png_uint_32 blue = (png_uint_32)((s2 - s1) & 0xffffL); - *(rp ) = (png_byte)((red >> 8) & 0xff); - *(rp + 1) = (png_byte)(red & 0xff); - *(rp + 4) = (png_byte)((blue >> 8) & 0xff); - *(rp + 5) = (png_byte)(blue & 0xff); + *(rp ) = (png_byte)(red >> 8); + *(rp + 1) = (png_byte)red; + *(rp + 4) = (png_byte)(blue >> 8); + *(rp + 5) = (png_byte)blue; } } #endif /* WRITE_16BIT */ @@ -877,7 +883,7 @@ * which is also the output depth. */ if (row_info.pixel_depth != png_ptr->pixel_depth || - row_info.pixel_depth != png_ptr->transformed_pixel_depth) + row_info.pixel_depth != png_ptr->transformed_pixel_depth) png_error(png_ptr, "internal write transform logic error"); #ifdef PNG_MNG_FEATURES_SUPPORTED @@ -945,10 +951,6 @@ } #endif /* WRITE_FLUSH */ -#ifdef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED -static void png_reset_filter_heuristics(png_structrp png_ptr);/* forward decl */ -#endif - /* Free any memory used in png_ptr struct without freeing the struct itself. */ static void png_write_destroy(png_structrp png_ptr) @@ -965,24 +967,11 @@ png_ptr->row_buf = NULL; #ifdef PNG_WRITE_FILTER_SUPPORTED png_free(png_ptr, png_ptr->prev_row); - png_free(png_ptr, png_ptr->sub_row); - png_free(png_ptr, png_ptr->up_row); - png_free(png_ptr, png_ptr->avg_row); - png_free(png_ptr, png_ptr->paeth_row); + png_free(png_ptr, png_ptr->try_row); + png_free(png_ptr, png_ptr->tst_row); png_ptr->prev_row = NULL; - png_ptr->sub_row = NULL; - png_ptr->up_row = NULL; - png_ptr->avg_row = NULL; - png_ptr->paeth_row = NULL; -#endif - -#ifdef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED - /* Use this to save a little code space, it doesn't free the filter_costs */ - png_reset_filter_heuristics(png_ptr); - png_free(png_ptr, png_ptr->filter_costs); - png_free(png_ptr, png_ptr->inv_filter_costs); - png_ptr->filter_costs = NULL; - png_ptr->inv_filter_costs = NULL; + png_ptr->try_row = NULL; + png_ptr->tst_row = NULL; #endif #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED @@ -1072,211 +1061,85 @@ #endif /* WRITE_FILTER */ } +#ifdef PNG_WRITE_FILTER_SUPPORTED /* If we have allocated the row_buf, this means we have already started * with the image and we should have allocated all of the filter buffers * that have been selected. If prev_row isn't already allocated, then * it is too late to start using the filters that need it, since we * will be missing the data in the previous row. If an application * wants to start and stop using particular filters during compression, - * it should start out with all of the filters, and then add and - * remove them after the start of compression. + * it should start out with all of the filters, and then remove them + * or add them back after the start of compression. + * + * NOTE: this is a nasty constraint on the code, because it means that the + * prev_row buffer must be maintained even if there are currently no + * 'prev_row' requiring filters active. */ if (png_ptr->row_buf != NULL) { -#ifdef PNG_WRITE_FILTER_SUPPORTED - if ((png_ptr->do_filter & PNG_FILTER_SUB) != 0 && - png_ptr->sub_row == NULL) - { - png_ptr->sub_row = (png_bytep)png_malloc(png_ptr, - (png_ptr->rowbytes + 1)); - png_ptr->sub_row[0] = PNG_FILTER_VALUE_SUB; - } + int num_filters; + png_alloc_size_t buf_size; - if ((png_ptr->do_filter & PNG_FILTER_UP) != 0 && - png_ptr->up_row == NULL) + /* Repeat the checks in png_write_start_row; 1 pixel high or wide + * images cannot benefit from certain filters. If this isn't done here + * the check below will fire on 1 pixel high images. + */ + if (png_ptr->height == 1) + filters &= ~(PNG_FILTER_UP|PNG_FILTER_AVG|PNG_FILTER_PAETH); + + if (png_ptr->width == 1) + filters &= ~(PNG_FILTER_SUB|PNG_FILTER_AVG|PNG_FILTER_PAETH); + + if ((filters & (PNG_FILTER_UP|PNG_FILTER_AVG|PNG_FILTER_PAETH)) != 0 + && png_ptr->prev_row == NULL) { - if (png_ptr->prev_row == NULL) - { - png_warning(png_ptr, "Can't add Up filter after starting"); - png_ptr->do_filter = (png_byte)(png_ptr->do_filter & - ~PNG_FILTER_UP); - } - - else - { - png_ptr->up_row = (png_bytep)png_malloc(png_ptr, - (png_ptr->rowbytes + 1)); - png_ptr->up_row[0] = PNG_FILTER_VALUE_UP; - } + /* This is the error case, however it is benign - the previous row + * is not available so the filter can't be used. Just warn here. + */ + png_app_warning(png_ptr, + "png_set_filter: UP/AVG/PAETH cannot be added after start"); + filters &= ~(PNG_FILTER_UP|PNG_FILTER_AVG|PNG_FILTER_PAETH); } - if ((png_ptr->do_filter & PNG_FILTER_AVG) != 0 && - png_ptr->avg_row == NULL) - { - if (png_ptr->prev_row == NULL) - { - png_warning(png_ptr, "Can't add Average filter after starting"); - png_ptr->do_filter = (png_byte)(png_ptr->do_filter & - ~PNG_FILTER_AVG); - } + num_filters = 0; + + if (filters & PNG_FILTER_SUB) + num_filters++; - else - { - png_ptr->avg_row = (png_bytep)png_malloc(png_ptr, - (png_ptr->rowbytes + 1)); - png_ptr->avg_row[0] = PNG_FILTER_VALUE_AVG; - } - } + if (filters & PNG_FILTER_UP) + num_filters++; + + if (filters & PNG_FILTER_AVG) + num_filters++; + + if (filters & PNG_FILTER_PAETH) + num_filters++; - if ((png_ptr->do_filter & PNG_FILTER_PAETH) != 0 && - png_ptr->paeth_row == NULL) - { - if (png_ptr->prev_row == NULL) - { - png_warning(png_ptr, "Can't add Paeth filter after starting"); - png_ptr->do_filter &= (png_byte)(~PNG_FILTER_PAETH); - } + /* Allocate needed row buffers if they have not already been + * allocated. + */ + buf_size = PNG_ROWBYTES(png_ptr->usr_channels * png_ptr->usr_bit_depth, + png_ptr->width) + 1; + + if (png_ptr->try_row == NULL) + png_ptr->try_row = png_voidcast(png_bytep, + png_malloc(png_ptr, buf_size)); - else - { - png_ptr->paeth_row = (png_bytep)png_malloc(png_ptr, - (png_ptr->rowbytes + 1)); - png_ptr->paeth_row[0] = PNG_FILTER_VALUE_PAETH; - } + if (num_filters > 1) + { + if (png_ptr->tst_row == NULL) + png_ptr->tst_row = png_voidcast(png_bytep, + png_malloc(png_ptr, buf_size)); } - - if (png_ptr->do_filter == PNG_NO_FILTERS) -#endif /* WRITE_FILTER */ - png_ptr->do_filter = PNG_FILTER_NONE; } + png_ptr->do_filter = (png_byte)filters; +#endif } else png_error(png_ptr, "Unknown custom filter method"); } -/* This allows us to influence the way in which libpng chooses the "best" - * filter for the current scanline. While the "minimum-sum-of-absolute- - * differences metric is relatively fast and effective, there is some - * question as to whether it can be improved upon by trying to keep the - * filtered data going to zlib more consistent, hopefully resulting in - * better compression. - */ -#ifdef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED /* GRR 970116 */ -/* Convenience reset API. */ -static void -png_reset_filter_heuristics(png_structrp png_ptr) -{ - /* Clear out any old values in the 'weights' - this must be done because if - * the app calls set_filter_heuristics multiple times with different - * 'num_weights' values we would otherwise potentially have wrong sized - * arrays. - */ - png_ptr->num_prev_filters = 0; - png_ptr->heuristic_method = PNG_FILTER_HEURISTIC_UNWEIGHTED; - if (png_ptr->prev_filters != NULL) - { - png_bytep old = png_ptr->prev_filters; - png_ptr->prev_filters = NULL; - png_free(png_ptr, old); - } - if (png_ptr->filter_weights != NULL) - { - png_uint_16p old = png_ptr->filter_weights; - png_ptr->filter_weights = NULL; - png_free(png_ptr, old); - } - - if (png_ptr->inv_filter_weights != NULL) - { - png_uint_16p old = png_ptr->inv_filter_weights; - png_ptr->inv_filter_weights = NULL; - png_free(png_ptr, old); - } - - /* Leave the filter_costs - this array is fixed size. */ -} - -static int -png_init_filter_heuristics(png_structrp png_ptr, int heuristic_method, - int num_weights) -{ - if (png_ptr == NULL) - return 0; - - /* Clear out the arrays */ - png_reset_filter_heuristics(png_ptr); - - /* Check arguments; the 'reset' function makes the correct settings for the - * unweighted case, but we must handle the weight case by initializing the - * arrays for the caller. - */ - if (heuristic_method == PNG_FILTER_HEURISTIC_WEIGHTED) - { - int i; - - if (num_weights > 0) - { - png_ptr->prev_filters = (png_bytep)png_malloc(png_ptr, - (png_uint_32)((sizeof (png_byte)) * num_weights)); - - /* To make sure that the weighting starts out fairly */ - for (i = 0; i < num_weights; i++) - { - png_ptr->prev_filters[i] = 255; - } - - png_ptr->filter_weights = (png_uint_16p)png_malloc(png_ptr, - (png_uint_32)((sizeof (png_uint_16)) * num_weights)); - - png_ptr->inv_filter_weights = (png_uint_16p)png_malloc(png_ptr, - (png_uint_32)((sizeof (png_uint_16)) * num_weights)); - - for (i = 0; i < num_weights; i++) - { - png_ptr->inv_filter_weights[i] = - png_ptr->filter_weights[i] = PNG_WEIGHT_FACTOR; - } - - /* Safe to set this now */ - png_ptr->num_prev_filters = (png_byte)num_weights; - } - - /* If, in the future, there are other filter methods, this would - * need to be based on png_ptr->filter. - */ - if (png_ptr->filter_costs == NULL) - { - png_ptr->filter_costs = (png_uint_16p)png_malloc(png_ptr, - (png_uint_32)((sizeof (png_uint_16)) * PNG_FILTER_VALUE_LAST)); - - png_ptr->inv_filter_costs = (png_uint_16p)png_malloc(png_ptr, - (png_uint_32)((sizeof (png_uint_16)) * PNG_FILTER_VALUE_LAST)); - } - - for (i = 0; i < PNG_FILTER_VALUE_LAST; i++) - { - png_ptr->inv_filter_costs[i] = - png_ptr->filter_costs[i] = PNG_COST_FACTOR; - } - - /* All the arrays are inited, safe to set this: */ - png_ptr->heuristic_method = PNG_FILTER_HEURISTIC_WEIGHTED; - - /* Return the 'ok' code. */ - return 1; - } - else if (heuristic_method == PNG_FILTER_HEURISTIC_DEFAULT || - heuristic_method == PNG_FILTER_HEURISTIC_UNWEIGHTED) - { - return 1; - } - else - { - png_warning(png_ptr, "Unknown filter heuristic method"); - return 0; - } -} - +#ifdef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED /* DEPRECATED */ /* Provide floating and fixed point APIs */ #ifdef PNG_FLOATING_POINT_SUPPORTED void PNGAPI @@ -1284,52 +1147,11 @@ int num_weights, png_const_doublep filter_weights, png_const_doublep filter_costs) { - png_debug(1, "in png_set_filter_heuristics"); - - /* The internal API allocates all the arrays and ensures that the elements of - * those arrays are set to the default value. - */ - if (png_init_filter_heuristics(png_ptr, heuristic_method, num_weights) == 0) - return; - - /* If using the weighted method copy in the weights. */ - if (heuristic_method == PNG_FILTER_HEURISTIC_WEIGHTED) - { - int i; - for (i = 0; i < num_weights; i++) - { - if (filter_weights[i] <= 0.0) - { - png_ptr->inv_filter_weights[i] = - png_ptr->filter_weights[i] = PNG_WEIGHT_FACTOR; - } - - else - { - png_ptr->inv_filter_weights[i] = - (png_uint_16)(PNG_WEIGHT_FACTOR*filter_weights[i]+.5); - - png_ptr->filter_weights[i] = - (png_uint_16)(PNG_WEIGHT_FACTOR/filter_weights[i]+.5); - } - } - - /* Here is where we set the relative costs of the different filters. We - * should take the desired compression level into account when setting - * the costs, so that Paeth, for instance, has a high relative cost at low - * compression levels, while it has a lower relative cost at higher - * compression settings. The filter types are in order of increasing - * relative cost, so it would be possible to do this with an algorithm. - */ - for (i = 0; i < PNG_FILTER_VALUE_LAST; i++) if (filter_costs[i] >= 1.0) - { - png_ptr->inv_filter_costs[i] = - (png_uint_16)(PNG_COST_FACTOR / filter_costs[i] + .5); - - png_ptr->filter_costs[i] = - (png_uint_16)(PNG_COST_FACTOR * filter_costs[i] + .5); - } - } + PNG_UNUSED(png_ptr) + PNG_UNUSED(heuristic_method) + PNG_UNUSED(num_weights) + PNG_UNUSED(filter_weights) + PNG_UNUSED(filter_costs) } #endif /* FLOATING_POINT */ @@ -1339,67 +1161,16 @@ int num_weights, png_const_fixed_point_p filter_weights, png_const_fixed_point_p filter_costs) { - png_debug(1, "in png_set_filter_heuristics_fixed"); - - /* The internal API allocates all the arrays and ensures that the elements of - * those arrays are set to the default value. - */ - if (png_init_filter_heuristics(png_ptr, heuristic_method, num_weights) == 0) - return; - - /* If using the weighted method copy in the weights. */ - if (heuristic_method == PNG_FILTER_HEURISTIC_WEIGHTED) - { - int i; - for (i = 0; i < num_weights; i++) - { - if (filter_weights[i] <= 0) - { - png_ptr->inv_filter_weights[i] = - png_ptr->filter_weights[i] = PNG_WEIGHT_FACTOR; - } - - else - { - png_ptr->inv_filter_weights[i] = (png_uint_16) - ((PNG_WEIGHT_FACTOR*filter_weights[i]+PNG_FP_HALF)/PNG_FP_1); - - png_ptr->filter_weights[i] = (png_uint_16)((PNG_WEIGHT_FACTOR* - PNG_FP_1+(filter_weights[i]/2))/filter_weights[i]); - } - } - - /* Here is where we set the relative costs of the different filters. We - * should take the desired compression level into account when setting - * the costs, so that Paeth, for instance, has a high relative cost at low - * compression levels, while it has a lower relative cost at higher - * compression settings. The filter types are in order of increasing - * relative cost, so it would be possible to do this with an algorithm. - */ - for (i = 0; i < PNG_FILTER_VALUE_LAST; i++) - if (filter_costs[i] >= PNG_FP_1) - { - png_uint_32 tmp; - - /* Use a 32 bit unsigned temporary here because otherwise the - * intermediate value will be a 32 bit *signed* integer (ANSI rules) - * and this will get the wrong answer on division. - */ - tmp = PNG_COST_FACTOR*PNG_FP_1 + (filter_costs[i]/2); - tmp /= filter_costs[i]; - - png_ptr->inv_filter_costs[i] = (png_uint_16)tmp; - - tmp = PNG_COST_FACTOR * filter_costs[i] + PNG_FP_HALF; - tmp /= PNG_FP_1; - - png_ptr->filter_costs[i] = (png_uint_16)tmp; - } - } + PNG_UNUSED(png_ptr) + PNG_UNUSED(heuristic_method) + PNG_UNUSED(num_weights) + PNG_UNUSED(filter_weights) + PNG_UNUSED(filter_costs) } #endif /* FIXED_POINT */ #endif /* WRITE_WEIGHTED_FILTER */ +#ifdef PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED void PNGAPI png_set_compression_level(png_structrp png_ptr, int level) { @@ -1445,8 +1216,8 @@ if (png_ptr == NULL) return; - /* Prior to 1.6.0 this would warn but then set the window_bits value, this - * meant that negative window bits values could be selected which would cause + /* Prior to 1.6.0 this would warn but then set the window_bits value. This + * meant that negative window bits values could be selected that would cause * libpng to write a non-standard PNG file with raw deflate or gzip * compressed IDAT or ancillary chunks. Such files can be read and there is * no warning on read, so this seems like a very bad idea. @@ -1482,6 +1253,7 @@ png_ptr->zlib_method = method; } +#endif /* WRITE_CUSTOMIZE_COMPRESSION */ /* The following were added to libpng-1.5.4 */ #ifdef PNG_WRITE_CUSTOMIZE_ZTXT_COMPRESSION_SUPPORTED @@ -1642,14 +1414,14 @@ * alpha channel. */ if ((transforms & (PNG_TRANSFORM_STRIP_FILLER_AFTER| - PNG_TRANSFORM_STRIP_FILLER_BEFORE)) != 0) + PNG_TRANSFORM_STRIP_FILLER_BEFORE)) != 0) { #ifdef PNG_WRITE_FILLER_SUPPORTED if ((transforms & PNG_TRANSFORM_STRIP_FILLER_AFTER) != 0) { if ((transforms & PNG_TRANSFORM_STRIP_FILLER_BEFORE) != 0) png_app_error(png_ptr, - "PNG_TRANSFORM_STRIP_FILLER: BEFORE+AFTER not supported"); + "PNG_TRANSFORM_STRIP_FILLER: BEFORE+AFTER not supported"); /* Continue if ignored - this is the pre-1.6.10 behavior */ png_set_filler(png_ptr, 0, PNG_FILLER_AFTER); @@ -1678,7 +1450,7 @@ png_app_error(png_ptr, "PNG_TRANSFORM_SWAP_ENDIAN not supported"); #endif - /* Swap bits of 1, 2, 4 bit packed pixel formats */ + /* Swap bits of 1-bit, 2-bit, 4-bit packed pixel formats */ if ((transforms & PNG_TRANSFORM_PACKSWAP) != 0) #ifdef PNG_WRITE_PACKSWAP_SUPPORTED png_set_packswap(png_ptr); @@ -1708,13 +1480,13 @@ #ifdef PNG_SIMPLIFIED_WRITE_SUPPORTED -#ifdef PNG_STDIO_SUPPORTED /* currently required for png_image_write_* */ +# ifdef PNG_STDIO_SUPPORTED /* currently required for png_image_write_* */ /* Initialize the write structure - general purpose utility. */ static int png_image_write_init(png_imagep image) { png_structp png_ptr = png_create_write_struct(PNG_LIBPNG_VER_STRING, image, - png_safe_error, png_safe_warning); + png_safe_error, png_safe_warning); if (png_ptr != NULL) { @@ -1723,7 +1495,7 @@ if (info_ptr != NULL) { png_controlp control = png_voidcast(png_controlp, - png_malloc_warn(png_ptr, (sizeof *control))); + png_malloc_warn(png_ptr, (sizeof *control))); if (control != NULL) { @@ -1770,12 +1542,12 @@ png_write_image_16bit(png_voidp argument) { png_image_write_control *display = png_voidcast(png_image_write_control*, - argument); + argument); png_imagep image = display->image; png_structrp png_ptr = image->opaque->png_ptr; png_const_uint_16p input_row = png_voidcast(png_const_uint_16p, - display->first_row); + display->first_row); png_uint_16p output_row = png_voidcast(png_uint_16p, display->local_row); png_uint_16p row_end; const int channels = (image->format & PNG_FORMAT_FLAG_COLOR) != 0 ? 3 : 1; @@ -1784,17 +1556,18 @@ if ((image->format & PNG_FORMAT_FLAG_ALPHA) != 0) { -# ifdef PNG_SIMPLIFIED_WRITE_AFIRST_SUPPORTED - if ((image->format & PNG_FORMAT_FLAG_AFIRST) != 0) - { - aindex = -1; - ++input_row; /* To point to the first component */ - ++output_row; - } - +# ifdef PNG_SIMPLIFIED_WRITE_AFIRST_SUPPORTED + if ((image->format & PNG_FORMAT_FLAG_AFIRST) != 0) + { + aindex = -1; + ++input_row; /* To point to the first component */ + ++output_row; + } else + aindex = channels; +# else + aindex = channels; # endif - aindex = channels; } else @@ -1876,7 +1649,7 @@ * calculation can be done to 15 bits of accuracy; however, the output needs to * be scaled in the range 0..255*65535, so include that scaling here. */ -#define UNP_RECIPROCAL(alpha) ((((0xffff*0xff)<<7)+(alpha>>1))/alpha) +# define UNP_RECIPROCAL(alpha) ((((0xffff*0xff)<<7)+(alpha>>1))/alpha) static png_byte png_unpremultiply(png_uint_32 component, png_uint_32 alpha, @@ -1927,12 +1700,12 @@ png_write_image_8bit(png_voidp argument) { png_image_write_control *display = png_voidcast(png_image_write_control*, - argument); + argument); png_imagep image = display->image; png_structrp png_ptr = image->opaque->png_ptr; png_const_uint_16p input_row = png_voidcast(png_const_uint_16p, - display->first_row); + display->first_row); png_bytep output_row = png_voidcast(png_bytep, display->local_row); png_uint_32 y = image->height; const int channels = (image->format & PNG_FORMAT_FLAG_COLOR) != 0 ? 3 : 1; @@ -1942,17 +1715,17 @@ png_bytep row_end; int aindex; -# ifdef PNG_SIMPLIFIED_WRITE_AFIRST_SUPPORTED - if ((image->format & PNG_FORMAT_FLAG_AFIRST) != 0) - { - aindex = -1; - ++input_row; /* To point to the first component */ - ++output_row; - } +# ifdef PNG_SIMPLIFIED_WRITE_AFIRST_SUPPORTED + if ((image->format & PNG_FORMAT_FLAG_AFIRST) != 0) + { + aindex = -1; + ++input_row; /* To point to the first component */ + ++output_row; + } - else -# endif - aindex = channels; + else +# endif + aindex = channels; /* Use row_end in place of a loop counter: */ row_end = output_row + image->width * (channels+1); @@ -1986,7 +1759,7 @@ } /* while out_ptr < row_end */ png_write_row(png_ptr, png_voidcast(png_const_bytep, - display->local_row)); + display->local_row)); input_row += display->row_bytes/(sizeof (png_uint_16)); } /* while y */ } @@ -2025,25 +1798,25 @@ const png_imagep image = display->image; const void *cmap = display->colormap; const int entries = image->colormap_entries > 256 ? 256 : - (int)image->colormap_entries; + (int)image->colormap_entries; /* NOTE: the caller must check for cmap != NULL and entries != 0 */ const png_uint_32 format = image->format; const int channels = PNG_IMAGE_SAMPLE_CHANNELS(format); -# if defined(PNG_FORMAT_BGR_SUPPORTED) &&\ +# if defined(PNG_FORMAT_BGR_SUPPORTED) &&\ defined(PNG_SIMPLIFIED_WRITE_AFIRST_SUPPORTED) const int afirst = (format & PNG_FORMAT_FLAG_AFIRST) != 0 && - (format & PNG_FORMAT_FLAG_ALPHA) != 0; -# else + (format & PNG_FORMAT_FLAG_ALPHA) != 0; +# else # define afirst 0 -# endif +# endif -# ifdef PNG_FORMAT_BGR_SUPPORTED +# ifdef PNG_FORMAT_BGR_SUPPORTED const int bgr = (format & PNG_FORMAT_FLAG_BGR) != 0 ? 2 : 0; -# else +# else # define bgr 0 -# endif +# endif int i, num_trans; png_color palette[256]; @@ -2068,11 +1841,11 @@ if (channels >= 3) /* RGB */ { palette[i].blue = (png_byte)PNG_sRGB_FROM_LINEAR(255 * - entry[(2 ^ bgr)]); + entry[(2 ^ bgr)]); palette[i].green = (png_byte)PNG_sRGB_FROM_LINEAR(255 * - entry[1]); + entry[1]); palette[i].red = (png_byte)PNG_sRGB_FROM_LINEAR(255 * - entry[bgr]); + entry[bgr]); } else /* Gray */ @@ -2148,12 +1921,12 @@ } } -# ifdef afirst +# ifdef afirst # undef afirst -# endif -# ifdef bgr +# endif +# ifdef bgr # undef bgr -# endif +# endif png_set_PLTE(image->opaque->png_ptr, image->opaque->info_ptr, palette, entries); @@ -2181,10 +1954,10 @@ int alpha = !colormap && (format & PNG_FORMAT_FLAG_ALPHA); int write_16bit = linear && !colormap && (display->convert_to_8bit == 0); -# ifdef PNG_BENIGN_ERRORS_SUPPORTED +# ifdef PNG_BENIGN_ERRORS_SUPPORTED /* Make sure we error out on any bad situation */ png_set_benign_errors(png_ptr, 0/*error*/); -# endif +# endif /* Default the 'row_stride' parameter if required. */ if (display->row_stride == 0) @@ -2253,7 +2026,7 @@ /* Now set up the data transformations (*after* the header is written), * remove the handled transformations from the 'format' flags for checking. * - * First check for a little endian system if writing 16 bit files. + * First check for a little endian system if writing 16-bit files. */ if (write_16bit != 0) { @@ -2263,23 +2036,23 @@ png_set_swap(png_ptr); } -# ifdef PNG_SIMPLIFIED_WRITE_BGR_SUPPORTED +# ifdef PNG_SIMPLIFIED_WRITE_BGR_SUPPORTED if ((format & PNG_FORMAT_FLAG_BGR) != 0) { if (colormap == 0 && (format & PNG_FORMAT_FLAG_COLOR) != 0) png_set_bgr(png_ptr); format &= ~PNG_FORMAT_FLAG_BGR; } -# endif +# endif -# ifdef PNG_SIMPLIFIED_WRITE_AFIRST_SUPPORTED +# ifdef PNG_SIMPLIFIED_WRITE_AFIRST_SUPPORTED if ((format & PNG_FORMAT_FLAG_AFIRST) != 0) { if (colormap == 0 && (format & PNG_FORMAT_FLAG_ALPHA) != 0) png_set_swap_alpha(png_ptr); format &= ~PNG_FORMAT_FLAG_AFIRST; } -# endif +# endif /* If there are 16 or fewer color-map entries we wrote a lower bit depth * above, but the application data is still byte packed. @@ -2315,7 +2088,9 @@ * it about 50 times. The speed-up in pngstest was about 10-20% of the * total (user) time on a heavily loaded system. */ +# ifdef PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED png_set_compression_level(png_ptr, 3); +# endif } /* Check for the cases that currently require a pre-transform on the row @@ -2478,6 +2253,6 @@ else return 0; } -#endif /* STDIO */ +# endif /* STDIO */ #endif /* SIMPLIFIED_WRITE */ #endif /* WRITE */
--- a/src/share/native/sun/awt/libpng/pngwtran.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pngwtran.c Sat Sep 10 22:36:17 2016 +0100 @@ -29,8 +29,8 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Last changed in libpng 1.6.15 [November 20, 2014] - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Last changed in libpng 1.6.18 [July 23, 2015] + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -99,7 +99,8 @@ case 2: { png_bytep sp, dp; - int shift, v; + unsigned int shift; + int v; png_uint_32 i; png_uint_32 row_width = row_info->width; @@ -138,7 +139,8 @@ case 4: { png_bytep sp, dp; - int shift, v; + unsigned int shift; + int v; png_uint_32 i; png_uint_32 row_width = row_info->width; @@ -450,7 +452,7 @@ *(dp++) = *(sp++); */ sp+=3; dp = sp; - *(dp++) = (png_byte)(255 - *(sp++)); + *dp = (png_byte)(255 - *(sp++)); } } @@ -474,7 +476,7 @@ */ sp+=6; dp = sp; *(dp++) = (png_byte)(255 - *(sp++)); - *(dp++) = (png_byte)(255 - *(sp++)); + *dp = (png_byte)(255 - *(sp++)); } } #endif /* WRITE_16BIT */ @@ -512,7 +514,7 @@ */ sp+=2; dp = sp; *(dp++) = (png_byte)(255 - *(sp++)); - *(dp++) = (png_byte)(255 - *(sp++)); + *dp = (png_byte)(255 - *(sp++)); } } #endif /* WRITE_16BIT */
--- a/src/share/native/sun/awt/libpng/pngwutil.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/libpng/pngwutil.c Sat Sep 10 22:36:17 2016 +0100 @@ -29,8 +29,8 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Last changed in libpng 1.6.15 [November 20, 2014] - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Last changed in libpng 1.6.19 [November 12, 2015] + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -51,10 +51,10 @@ void PNGAPI png_save_uint_32(png_bytep buf, png_uint_32 i) { - buf[0] = (png_byte)((i >> 24) & 0xff); - buf[1] = (png_byte)((i >> 16) & 0xff); - buf[2] = (png_byte)((i >> 8) & 0xff); - buf[3] = (png_byte)(i & 0xff); + buf[0] = (png_byte)(i >> 24); + buf[1] = (png_byte)(i >> 16); + buf[2] = (png_byte)(i >> 8); + buf[3] = (png_byte)(i ); } /* Place a 16-bit number into a buffer in PNG byte order. @@ -64,8 +64,8 @@ void PNGAPI png_save_uint_16(png_bytep buf, unsigned int i) { - buf[0] = (png_byte)((i >> 8) & 0xff); - buf[1] = (png_byte)(i & 0xff); + buf[0] = (png_byte)(i >> 8); + buf[1] = (png_byte)(i ); } #endif @@ -207,7 +207,7 @@ if (png_ptr == NULL) return; - /* On 64 bit architectures 'length' may not fit in a png_uint_32. */ + /* On 64-bit architectures 'length' may not fit in a png_uint_32. */ if (length > PNG_UINT_31_MAX) png_error(png_ptr, "length exceeds PNG maximum"); @@ -336,7 +336,7 @@ */ (void)png_safecat(msg, (sizeof msg), 10, " using zstream"); #endif -#if PNG_LIBPNG_BUILD_BASE_TYPE >= PNG_LIBPNG_BUILD_RC +#if PNG_RELEASE_BUILD png_warning(png_ptr, msg); /* Attempt sane error recovery */ @@ -723,7 +723,7 @@ while (*key && key_len < 79) { - png_byte ch = (png_byte)(0xff & *key++); + png_byte ch = (png_byte)*key++; if ((ch > 32 && ch <= 126) || (ch >= 161 /*&& ch <= 255*/)) *new_key++ = ch, ++key_len, space = 0; @@ -899,7 +899,7 @@ interlace_type=PNG_INTERLACE_NONE; #endif - /* Save the relevent information */ + /* Save the relevant information */ png_ptr->bit_depth = (png_byte)bit_depth; png_ptr->color_type = (png_byte)color_type; png_ptr->interlaced = (png_byte)interlace_type; @@ -950,17 +950,20 @@ png_write_PLTE(png_structrp png_ptr, png_const_colorp palette, png_uint_32 num_pal) { - png_uint_32 i; + png_uint_32 max_palette_length, i; png_const_colorp pal_ptr; png_byte buf[3]; png_debug(1, "in png_write_PLTE"); + max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ? + (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH; + if (( #ifdef PNG_MNG_FEATURES_SUPPORTED (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0 && #endif - num_pal == 0) || num_pal > 256) + num_pal == 0) || num_pal > max_palette_length) { if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) { @@ -1472,7 +1475,7 @@ else if (color_type == PNG_COLOR_TYPE_GRAY) { - /* One 16 bit value */ + /* One 16-bit value */ if (tran->gray >= (1 << png_ptr->bit_depth)) { png_app_warning(png_ptr, @@ -1487,7 +1490,7 @@ else if (color_type == PNG_COLOR_TYPE_RGB) { - /* Three 16 bit values */ + /* Three 16-bit values */ png_save_uint_16(buf, tran->red); png_save_uint_16(buf + 2, tran->green); png_save_uint_16(buf + 4, tran->blue); @@ -1793,7 +1796,7 @@ png_write_compressed_data_out(png_ptr, &comp); else - png_write_chunk_data(png_ptr, (png_const_bytep)text, comp.input_len); + png_write_chunk_data(png_ptr, (png_const_bytep)text, comp.output_len); png_write_chunk_end(png_ptr); } @@ -1989,6 +1992,10 @@ png_alloc_size_t buf_size; int usr_pixel_depth; +#ifdef PNG_WRITE_FILTER_SUPPORTED + png_byte filters; +#endif + png_debug(1, "in png_write_start_row"); usr_pixel_depth = png_ptr->usr_channels * png_ptr->usr_bit_depth; @@ -1999,50 +2006,54 @@ png_ptr->maximum_pixel_depth = (png_byte)usr_pixel_depth; /* Set up row buffer */ - png_ptr->row_buf = (png_bytep)png_malloc(png_ptr, buf_size); + png_ptr->row_buf = png_voidcast(png_bytep, png_malloc(png_ptr, buf_size)); png_ptr->row_buf[0] = PNG_FILTER_VALUE_NONE; #ifdef PNG_WRITE_FILTER_SUPPORTED - /* Set up filtering buffer, if using this filter */ - if (png_ptr->do_filter & PNG_FILTER_SUB) - { - png_ptr->sub_row = (png_bytep)png_malloc(png_ptr, png_ptr->rowbytes + 1); - - png_ptr->sub_row[0] = PNG_FILTER_VALUE_SUB; - } - - /* We only need to keep the previous row if we are using one of these. */ - if ((png_ptr->do_filter & - (PNG_FILTER_AVG | PNG_FILTER_UP | PNG_FILTER_PAETH)) != 0) + filters = png_ptr->do_filter; + + if (png_ptr->height == 1) + filters &= 0xff & ~(PNG_FILTER_UP|PNG_FILTER_AVG|PNG_FILTER_PAETH); + + if (png_ptr->width == 1) + filters &= 0xff & ~(PNG_FILTER_SUB|PNG_FILTER_AVG|PNG_FILTER_PAETH); + + if (filters == 0) + filters = PNG_FILTER_NONE; + + png_ptr->do_filter = filters; + + if (((filters & (PNG_FILTER_SUB | PNG_FILTER_UP | PNG_FILTER_AVG | + PNG_FILTER_PAETH)) != 0) && png_ptr->try_row == NULL) { - /* Set up previous row buffer */ - png_ptr->prev_row = (png_bytep)png_calloc(png_ptr, buf_size); - - if ((png_ptr->do_filter & PNG_FILTER_UP) != 0) - { - png_ptr->up_row = (png_bytep)png_malloc(png_ptr, - png_ptr->rowbytes + 1); - - png_ptr->up_row[0] = PNG_FILTER_VALUE_UP; - } - - if ((png_ptr->do_filter & PNG_FILTER_AVG) != 0) - { - png_ptr->avg_row = (png_bytep)png_malloc(png_ptr, - png_ptr->rowbytes + 1); - - png_ptr->avg_row[0] = PNG_FILTER_VALUE_AVG; - } - - if ((png_ptr->do_filter & PNG_FILTER_PAETH) != 0) - { - png_ptr->paeth_row = (png_bytep)png_malloc(png_ptr, - png_ptr->rowbytes + 1); - - png_ptr->paeth_row[0] = PNG_FILTER_VALUE_PAETH; - } + int num_filters = 0; + + png_ptr->try_row = png_voidcast(png_bytep, png_malloc(png_ptr, buf_size)); + + if (filters & PNG_FILTER_SUB) + num_filters++; + + if (filters & PNG_FILTER_UP) + num_filters++; + + if (filters & PNG_FILTER_AVG) + num_filters++; + + if (filters & PNG_FILTER_PAETH) + num_filters++; + + if (num_filters > 1) + png_ptr->tst_row = png_voidcast(png_bytep, png_malloc(png_ptr, + buf_size)); } + + /* We only need to keep the previous row if we are using one of the following + * filters. + */ + if ((filters & (PNG_FILTER_AVG | PNG_FILTER_UP | PNG_FILTER_PAETH)) != 0) + png_ptr->prev_row = png_voidcast(png_bytep, + png_calloc(png_ptr, buf_size)); #endif /* WRITE_FILTER */ #ifdef PNG_WRITE_INTERLACING_SUPPORTED @@ -2188,7 +2199,7 @@ { png_bytep sp; png_bytep dp; - int shift; + unsigned int shift; int d; int value; png_uint_32 i; @@ -2226,7 +2237,7 @@ { png_bytep sp; png_bytep dp; - int shift; + unsigned int shift; int d; int value; png_uint_32 i; @@ -2263,7 +2274,7 @@ { png_bytep sp; png_bytep dp; - int shift; + unsigned int shift; int d; int value; png_uint_32 i; @@ -2338,50 +2349,181 @@ } #endif + /* This filters the row, chooses which filter to use, if it has not already * been specified by the application, and then writes the row out with the * chosen filter. */ -static void +static void /* PRIVATE */ png_write_filtered_row(png_structrp png_ptr, png_bytep filtered_row, png_size_t row_bytes); -#define PNG_MAXSUM (((png_uint_32)(-1)) >> 1) -#define PNG_HISHIFT 10 -#define PNG_LOMASK ((png_uint_32)0xffffL) -#define PNG_HIMASK ((png_uint_32)(~PNG_LOMASK >> PNG_HISHIFT)) +#ifdef PNG_WRITE_FILTER_SUPPORTED +static png_size_t /* PRIVATE */ +png_setup_sub_row(png_structrp png_ptr, const png_uint_32 bpp, + const png_size_t row_bytes, const png_size_t lmins) +{ + png_bytep rp, dp, lp; + png_size_t i; + png_size_t sum = 0; + int v; + + png_ptr->try_row[0] = PNG_FILTER_VALUE_SUB; + + for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1; i < bpp; + i++, rp++, dp++) + { + v = *dp = *rp; + sum += (v < 128) ? v : 256 - v; + } + + for (lp = png_ptr->row_buf + 1; i < row_bytes; + i++, rp++, lp++, dp++) + { + v = *dp = (png_byte)(((int)*rp - (int)*lp) & 0xff); + sum += (v < 128) ? v : 256 - v; + + if (sum > lmins) /* We are already worse, don't continue. */ + break; + } + + return (sum); +} + +static png_size_t /* PRIVATE */ +png_setup_up_row(png_structrp png_ptr, const png_size_t row_bytes, + const png_size_t lmins) +{ + png_bytep rp, dp, pp; + png_size_t i; + png_size_t sum = 0; + int v; + + png_ptr->try_row[0] = PNG_FILTER_VALUE_UP; + + for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1, + pp = png_ptr->prev_row + 1; i < row_bytes; + i++, rp++, pp++, dp++) + { + v = *dp = (png_byte)(((int)*rp - (int)*pp) & 0xff); + sum += (v < 128) ? v : 256 - v; + + if (sum > lmins) /* We are already worse, don't continue. */ + break; + } + + return (sum); +} + +static png_size_t /* PRIVATE */ +png_setup_avg_row(png_structrp png_ptr, const png_uint_32 bpp, + const png_size_t row_bytes, const png_size_t lmins) +{ + png_bytep rp, dp, pp, lp; + png_uint_32 i; + png_size_t sum = 0; + int v; + + png_ptr->try_row[0] = PNG_FILTER_VALUE_AVG; + + for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1, + pp = png_ptr->prev_row + 1; i < bpp; i++) + { + v = *dp++ = (png_byte)(((int)*rp++ - ((int)*pp++ / 2)) & 0xff); + + sum += (v < 128) ? v : 256 - v; + } + + for (lp = png_ptr->row_buf + 1; i < row_bytes; i++) + { + v = *dp++ = (png_byte)(((int)*rp++ - (((int)*pp++ + (int)*lp++) / 2)) + & 0xff); + + sum += (v < 128) ? v : 256 - v; + + if (sum > lmins) /* We are already worse, don't continue. */ + break; + } + + return (sum); +} + +static png_size_t /* PRIVATE */ +png_setup_paeth_row(png_structrp png_ptr, const png_uint_32 bpp, + const png_size_t row_bytes, const png_size_t lmins) +{ + png_bytep rp, dp, pp, cp, lp; + png_size_t i; + png_size_t sum = 0; + int v; + + png_ptr->try_row[0] = PNG_FILTER_VALUE_PAETH; + + for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1, + pp = png_ptr->prev_row + 1; i < bpp; i++) + { + v = *dp++ = (png_byte)(((int)*rp++ - (int)*pp++) & 0xff); + + sum += (v < 128) ? v : 256 - v; + } + + for (lp = png_ptr->row_buf + 1, cp = png_ptr->prev_row + 1; i < row_bytes; + i++) + { + int a, b, c, pa, pb, pc, p; + + b = *pp++; + c = *cp++; + a = *lp++; + + p = b - c; + pc = a - c; + +#ifdef PNG_USE_ABS + pa = abs(p); + pb = abs(pc); + pc = abs(p + pc); +#else + pa = p < 0 ? -p : p; + pb = pc < 0 ? -pc : pc; + pc = (p + pc) < 0 ? -(p + pc) : p + pc; +#endif + + p = (pa <= pb && pa <=pc) ? a : (pb <= pc) ? b : c; + + v = *dp++ = (png_byte)(((int)*rp++ - p) & 0xff); + + sum += (v < 128) ? v : 256 - v; + + if (sum > lmins) /* We are already worse, don't continue. */ + break; + } + + return (sum); +} +#endif /* WRITE_FILTER */ + void /* PRIVATE */ png_write_find_filter(png_structrp png_ptr, png_row_infop row_info) { - png_bytep best_row; -#ifdef PNG_WRITE_FILTER_SUPPORTED - png_bytep prev_row, row_buf; - png_uint_32 mins, bpp; +#ifndef PNG_WRITE_FILTER_SUPPORTED + png_write_filtered_row(png_ptr, png_ptr->row_buf, row_info->rowbytes+1); +#else png_byte filter_to_do = png_ptr->do_filter; + png_bytep row_buf; + png_bytep best_row; + png_uint_32 bpp; + png_size_t mins; png_size_t row_bytes = row_info->rowbytes; -#ifdef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED - int num_p_filters = png_ptr->num_prev_filters; -#endif png_debug(1, "in png_write_find_filter"); -#ifndef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED - if (png_ptr->row_number == 0 && filter_to_do == PNG_ALL_FILTERS) - { - /* These will never be selected so we need not test them. */ - filter_to_do &= ~(PNG_FILTER_UP | PNG_FILTER_PAETH); - } -#endif - /* Find out how many bytes offset each pixel is */ bpp = (row_info->pixel_depth + 7) >> 3; - prev_row = png_ptr->prev_row; -#endif - best_row = png_ptr->row_buf; -#ifdef PNG_WRITE_FILTER_SUPPORTED - row_buf = best_row; - mins = PNG_MAXSUM; + row_buf = png_ptr->row_buf; + mins = PNG_SIZE_MAX - 256/* so we can detect potential overflow of the + running sum */; /* The prediction method we use is to find which method provides the * smallest value when summing the absolute values of the distances @@ -2411,57 +2553,37 @@ /* We don't need to test the 'no filter' case if this is the only filter * that has been chosen, as it doesn't actually do anything to the data. */ + best_row = png_ptr->row_buf; + + if ((filter_to_do & PNG_FILTER_NONE) != 0 && filter_to_do != PNG_FILTER_NONE) { png_bytep rp; - png_uint_32 sum = 0; + png_size_t sum = 0; png_size_t i; int v; - for (i = 0, rp = row_buf + 1; i < row_bytes; i++, rp++) + if (PNG_SIZE_MAX/128 <= row_bytes) { - v = *rp; - sum += (v < 128) ? v : 256 - v; - } - -#ifdef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED - if (png_ptr->heuristic_method == PNG_FILTER_HEURISTIC_WEIGHTED) - { - png_uint_32 sumhi, sumlo; - int j; - sumlo = sum & PNG_LOMASK; - sumhi = (sum >> PNG_HISHIFT) & PNG_HIMASK; /* Gives us some footroom */ - - /* Reduce the sum if we match any of the previous rows */ - for (j = 0; j < num_p_filters; j++) + for (i = 0, rp = row_buf + 1; i < row_bytes; i++, rp++) { - if (png_ptr->prev_filters[j] == PNG_FILTER_VALUE_NONE) - { - sumlo = (sumlo * png_ptr->filter_weights[j]) >> - PNG_WEIGHT_SHIFT; - - sumhi = (sumhi * png_ptr->filter_weights[j]) >> - PNG_WEIGHT_SHIFT; - } + /* Check for overflow */ + if (sum > PNG_SIZE_MAX/128 - 256) + break; + + v = *rp; + sum += (v < 128) ? v : 256 - v; } - - /* Factor in the cost of this filter (this is here for completeness, - * but it makes no sense to have a "cost" for the NONE filter, as - * it has the minimum possible computational cost - none). - */ - sumlo = (sumlo * png_ptr->filter_costs[PNG_FILTER_VALUE_NONE]) >> - PNG_COST_SHIFT; - - sumhi = (sumhi * png_ptr->filter_costs[PNG_FILTER_VALUE_NONE]) >> - PNG_COST_SHIFT; - - if (sumhi > PNG_HIMASK) - sum = PNG_MAXSUM; - - else - sum = (sumhi << PNG_HISHIFT) + sumlo; } -#endif + else /* Overflow is not possible */ + { + for (i = 0, rp = row_buf + 1; i < row_bytes; i++, rp++) + { + v = *rp; + sum += (v < 128) ? v : 256 - v; + } + } + mins = sum; } @@ -2469,553 +2591,109 @@ if (filter_to_do == PNG_FILTER_SUB) /* It's the only filter so no testing is needed */ { - png_bytep rp, lp, dp; - png_size_t i; - - for (i = 0, rp = row_buf + 1, dp = png_ptr->sub_row + 1; i < bpp; - i++, rp++, dp++) - { - *dp = *rp; - } - - for (lp = row_buf + 1; i < row_bytes; - i++, rp++, lp++, dp++) - { - *dp = (png_byte)(((int)*rp - (int)*lp) & 0xff); - } - - best_row = png_ptr->sub_row; + (void) png_setup_sub_row(png_ptr, bpp, row_bytes, mins); + best_row = png_ptr->try_row; } else if ((filter_to_do & PNG_FILTER_SUB) != 0) { - png_bytep rp, dp, lp; - png_uint_32 sum = 0, lmins = mins; - png_size_t i; - int v; - -#ifdef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED - /* We temporarily increase the "minimum sum" by the factor we - * would reduce the sum of this filter, so that we can do the - * early exit comparison without scaling the sum each time. - */ - if (png_ptr->heuristic_method == PNG_FILTER_HEURISTIC_WEIGHTED) - { - int j; - png_uint_32 lmhi, lmlo; - lmlo = lmins & PNG_LOMASK; - lmhi = (lmins >> PNG_HISHIFT) & PNG_HIMASK; - - for (j = 0; j < num_p_filters; j++) - { - if (png_ptr->prev_filters[j] == PNG_FILTER_VALUE_SUB) - { - lmlo = (lmlo * png_ptr->inv_filter_weights[j]) >> - PNG_WEIGHT_SHIFT; - - lmhi = (lmhi * png_ptr->inv_filter_weights[j]) >> - PNG_WEIGHT_SHIFT; - } - } - - lmlo = (lmlo * png_ptr->inv_filter_costs[PNG_FILTER_VALUE_SUB]) >> - PNG_COST_SHIFT; - - lmhi = (lmhi * png_ptr->inv_filter_costs[PNG_FILTER_VALUE_SUB]) >> - PNG_COST_SHIFT; - - if (lmhi > PNG_HIMASK) - lmins = PNG_MAXSUM; - - else - lmins = (lmhi << PNG_HISHIFT) + lmlo; - } -#endif - - for (i = 0, rp = row_buf + 1, dp = png_ptr->sub_row + 1; i < bpp; - i++, rp++, dp++) - { - v = *dp = *rp; - - sum += (v < 128) ? v : 256 - v; - } - - for (lp = row_buf + 1; i < row_bytes; - i++, rp++, lp++, dp++) - { - v = *dp = (png_byte)(((int)*rp - (int)*lp) & 0xff); - - sum += (v < 128) ? v : 256 - v; - - if (sum > lmins) /* We are already worse, don't continue. */ - break; - } - -#ifdef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED - if (png_ptr->heuristic_method == PNG_FILTER_HEURISTIC_WEIGHTED) - { - int j; - png_uint_32 sumhi, sumlo; - sumlo = sum & PNG_LOMASK; - sumhi = (sum >> PNG_HISHIFT) & PNG_HIMASK; - - for (j = 0; j < num_p_filters; j++) - { - if (png_ptr->prev_filters[j] == PNG_FILTER_VALUE_SUB) - { - sumlo = (sumlo * png_ptr->inv_filter_weights[j]) >> - PNG_WEIGHT_SHIFT; - - sumhi = (sumhi * png_ptr->inv_filter_weights[j]) >> - PNG_WEIGHT_SHIFT; - } - } - - sumlo = (sumlo * png_ptr->inv_filter_costs[PNG_FILTER_VALUE_SUB]) >> - PNG_COST_SHIFT; - - sumhi = (sumhi * png_ptr->inv_filter_costs[PNG_FILTER_VALUE_SUB]) >> - PNG_COST_SHIFT; - - if (sumhi > PNG_HIMASK) - sum = PNG_MAXSUM; - - else - sum = (sumhi << PNG_HISHIFT) + sumlo; - } -#endif + png_size_t sum; + png_size_t lmins = mins; + + sum = png_setup_sub_row(png_ptr, bpp, row_bytes, lmins); if (sum < mins) { mins = sum; - best_row = png_ptr->sub_row; + best_row = png_ptr->try_row; + if (png_ptr->tst_row != NULL) + { + png_ptr->try_row = png_ptr->tst_row; + png_ptr->tst_row = best_row; + } } } /* Up filter */ if (filter_to_do == PNG_FILTER_UP) { - png_bytep rp, dp, pp; - png_size_t i; - - for (i = 0, rp = row_buf + 1, dp = png_ptr->up_row + 1, - pp = prev_row + 1; i < row_bytes; - i++, rp++, pp++, dp++) - { - *dp = (png_byte)(((int)*rp - (int)*pp) & 0xff); - } - - best_row = png_ptr->up_row; + (void) png_setup_up_row(png_ptr, row_bytes, mins); + best_row = png_ptr->try_row; } else if ((filter_to_do & PNG_FILTER_UP) != 0) { - png_bytep rp, dp, pp; - png_uint_32 sum = 0, lmins = mins; - png_size_t i; - int v; - - -#ifdef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED - if (png_ptr->heuristic_method == PNG_FILTER_HEURISTIC_WEIGHTED) - { - int j; - png_uint_32 lmhi, lmlo; - lmlo = lmins & PNG_LOMASK; - lmhi = (lmins >> PNG_HISHIFT) & PNG_HIMASK; - - for (j = 0; j < num_p_filters; j++) - { - if (png_ptr->prev_filters[j] == PNG_FILTER_VALUE_UP) - { - lmlo = (lmlo * png_ptr->inv_filter_weights[j]) >> - PNG_WEIGHT_SHIFT; - - lmhi = (lmhi * png_ptr->inv_filter_weights[j]) >> - PNG_WEIGHT_SHIFT; - } - } - - lmlo = (lmlo * png_ptr->inv_filter_costs[PNG_FILTER_VALUE_UP]) >> - PNG_COST_SHIFT; - - lmhi = (lmhi * png_ptr->inv_filter_costs[PNG_FILTER_VALUE_UP]) >> - PNG_COST_SHIFT; - - if (lmhi > PNG_HIMASK) - lmins = PNG_MAXSUM; - - else - lmins = (lmhi << PNG_HISHIFT) + lmlo; - } -#endif - - for (i = 0, rp = row_buf + 1, dp = png_ptr->up_row + 1, - pp = prev_row + 1; i < row_bytes; i++) - { - v = *dp++ = (png_byte)(((int)*rp++ - (int)*pp++) & 0xff); - - sum += (v < 128) ? v : 256 - v; - - if (sum > lmins) /* We are already worse, don't continue. */ - break; - } - -#ifdef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED - if (png_ptr->heuristic_method == PNG_FILTER_HEURISTIC_WEIGHTED) - { - int j; - png_uint_32 sumhi, sumlo; - sumlo = sum & PNG_LOMASK; - sumhi = (sum >> PNG_HISHIFT) & PNG_HIMASK; - - for (j = 0; j < num_p_filters; j++) - { - if (png_ptr->prev_filters[j] == PNG_FILTER_VALUE_UP) - { - sumlo = (sumlo * png_ptr->filter_weights[j]) >> - PNG_WEIGHT_SHIFT; - - sumhi = (sumhi * png_ptr->filter_weights[j]) >> - PNG_WEIGHT_SHIFT; - } - } - - sumlo = (sumlo * png_ptr->filter_costs[PNG_FILTER_VALUE_UP]) >> - PNG_COST_SHIFT; - - sumhi = (sumhi * png_ptr->filter_costs[PNG_FILTER_VALUE_UP]) >> - PNG_COST_SHIFT; - - if (sumhi > PNG_HIMASK) - sum = PNG_MAXSUM; - - else - sum = (sumhi << PNG_HISHIFT) + sumlo; - } -#endif + png_size_t sum; + png_size_t lmins = mins; + + sum = png_setup_up_row(png_ptr, row_bytes, lmins); if (sum < mins) { mins = sum; - best_row = png_ptr->up_row; + best_row = png_ptr->try_row; + if (png_ptr->tst_row != NULL) + { + png_ptr->try_row = png_ptr->tst_row; + png_ptr->tst_row = best_row; + } } } /* Avg filter */ if (filter_to_do == PNG_FILTER_AVG) { - png_bytep rp, dp, pp, lp; - png_uint_32 i; - - for (i = 0, rp = row_buf + 1, dp = png_ptr->avg_row + 1, - pp = prev_row + 1; i < bpp; i++) - { - *dp++ = (png_byte)(((int)*rp++ - ((int)*pp++ / 2)) & 0xff); - } - - for (lp = row_buf + 1; i < row_bytes; i++) - { - *dp++ = (png_byte)(((int)*rp++ - (((int)*pp++ + (int)*lp++) / 2)) - & 0xff); - } - best_row = png_ptr->avg_row; + (void) png_setup_avg_row(png_ptr, bpp, row_bytes, mins); + best_row = png_ptr->try_row; } else if ((filter_to_do & PNG_FILTER_AVG) != 0) { - png_bytep rp, dp, pp, lp; - png_uint_32 sum = 0, lmins = mins; - png_size_t i; - int v; - -#ifdef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED - if (png_ptr->heuristic_method == PNG_FILTER_HEURISTIC_WEIGHTED) - { - int j; - png_uint_32 lmhi, lmlo; - lmlo = lmins & PNG_LOMASK; - lmhi = (lmins >> PNG_HISHIFT) & PNG_HIMASK; - - for (j = 0; j < num_p_filters; j++) - { - if (png_ptr->prev_filters[j] == PNG_FILTER_VALUE_AVG) - { - lmlo = (lmlo * png_ptr->inv_filter_weights[j]) >> - PNG_WEIGHT_SHIFT; - - lmhi = (lmhi * png_ptr->inv_filter_weights[j]) >> - PNG_WEIGHT_SHIFT; - } - } - - lmlo = (lmlo * png_ptr->inv_filter_costs[PNG_FILTER_VALUE_AVG]) >> - PNG_COST_SHIFT; - - lmhi = (lmhi * png_ptr->inv_filter_costs[PNG_FILTER_VALUE_AVG]) >> - PNG_COST_SHIFT; - - if (lmhi > PNG_HIMASK) - lmins = PNG_MAXSUM; - - else - lmins = (lmhi << PNG_HISHIFT) + lmlo; - } -#endif - - for (i = 0, rp = row_buf + 1, dp = png_ptr->avg_row + 1, - pp = prev_row + 1; i < bpp; i++) - { - v = *dp++ = (png_byte)(((int)*rp++ - ((int)*pp++ / 2)) & 0xff); - - sum += (v < 128) ? v : 256 - v; - } - - for (lp = row_buf + 1; i < row_bytes; i++) - { - v = *dp++ = - (png_byte)(((int)*rp++ - (((int)*pp++ + (int)*lp++) / 2)) & 0xff); - - sum += (v < 128) ? v : 256 - v; - - if (sum > lmins) /* We are already worse, don't continue. */ - break; - } - -#ifdef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED - if (png_ptr->heuristic_method == PNG_FILTER_HEURISTIC_WEIGHTED) - { - int j; - png_uint_32 sumhi, sumlo; - sumlo = sum & PNG_LOMASK; - sumhi = (sum >> PNG_HISHIFT) & PNG_HIMASK; - - for (j = 0; j < num_p_filters; j++) - { - if (png_ptr->prev_filters[j] == PNG_FILTER_VALUE_NONE) - { - sumlo = (sumlo * png_ptr->filter_weights[j]) >> - PNG_WEIGHT_SHIFT; - - sumhi = (sumhi * png_ptr->filter_weights[j]) >> - PNG_WEIGHT_SHIFT; - } - } - - sumlo = (sumlo * png_ptr->filter_costs[PNG_FILTER_VALUE_AVG]) >> - PNG_COST_SHIFT; - - sumhi = (sumhi * png_ptr->filter_costs[PNG_FILTER_VALUE_AVG]) >> - PNG_COST_SHIFT; - - if (sumhi > PNG_HIMASK) - sum = PNG_MAXSUM; - - else - sum = (sumhi << PNG_HISHIFT) + sumlo; - } -#endif + png_size_t sum; + png_size_t lmins = mins; + + sum= png_setup_avg_row(png_ptr, bpp, row_bytes, lmins); if (sum < mins) { mins = sum; - best_row = png_ptr->avg_row; + best_row = png_ptr->try_row; + if (png_ptr->tst_row != NULL) + { + png_ptr->try_row = png_ptr->tst_row; + png_ptr->tst_row = best_row; + } } } /* Paeth filter */ if ((filter_to_do == PNG_FILTER_PAETH) != 0) { - png_bytep rp, dp, pp, cp, lp; - png_size_t i; - - for (i = 0, rp = row_buf + 1, dp = png_ptr->paeth_row + 1, - pp = prev_row + 1; i < bpp; i++) - { - *dp++ = (png_byte)(((int)*rp++ - (int)*pp++) & 0xff); - } - - for (lp = row_buf + 1, cp = prev_row + 1; i < row_bytes; i++) - { - int a, b, c, pa, pb, pc, p; - - b = *pp++; - c = *cp++; - a = *lp++; - - p = b - c; - pc = a - c; - -#ifdef PNG_USE_ABS - pa = abs(p); - pb = abs(pc); - pc = abs(p + pc); -#else - pa = p < 0 ? -p : p; - pb = pc < 0 ? -pc : pc; - pc = (p + pc) < 0 ? -(p + pc) : p + pc; -#endif - - p = (pa <= pb && pa <=pc) ? a : (pb <= pc) ? b : c; - - *dp++ = (png_byte)(((int)*rp++ - p) & 0xff); - } - best_row = png_ptr->paeth_row; + (void) png_setup_paeth_row(png_ptr, bpp, row_bytes, mins); + best_row = png_ptr->try_row; } else if ((filter_to_do & PNG_FILTER_PAETH) != 0) { - png_bytep rp, dp, pp, cp, lp; - png_uint_32 sum = 0, lmins = mins; - png_size_t i; - int v; - -#ifdef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED - if (png_ptr->heuristic_method == PNG_FILTER_HEURISTIC_WEIGHTED) - { - int j; - png_uint_32 lmhi, lmlo; - lmlo = lmins & PNG_LOMASK; - lmhi = (lmins >> PNG_HISHIFT) & PNG_HIMASK; - - for (j = 0; j < num_p_filters; j++) - { - if (png_ptr->prev_filters[j] == PNG_FILTER_VALUE_PAETH) - { - lmlo = (lmlo * png_ptr->inv_filter_weights[j]) >> - PNG_WEIGHT_SHIFT; - - lmhi = (lmhi * png_ptr->inv_filter_weights[j]) >> - PNG_WEIGHT_SHIFT; - } - } - - lmlo = (lmlo * png_ptr->inv_filter_costs[PNG_FILTER_VALUE_PAETH]) >> - PNG_COST_SHIFT; - - lmhi = (lmhi * png_ptr->inv_filter_costs[PNG_FILTER_VALUE_PAETH]) >> - PNG_COST_SHIFT; - - if (lmhi > PNG_HIMASK) - lmins = PNG_MAXSUM; - - else - lmins = (lmhi << PNG_HISHIFT) + lmlo; - } -#endif - - for (i = 0, rp = row_buf + 1, dp = png_ptr->paeth_row + 1, - pp = prev_row + 1; i < bpp; i++) - { - v = *dp++ = (png_byte)(((int)*rp++ - (int)*pp++) & 0xff); - - sum += (v < 128) ? v : 256 - v; - } - - for (lp = row_buf + 1, cp = prev_row + 1; i < row_bytes; i++) - { - int a, b, c, pa, pb, pc, p; - - b = *pp++; - c = *cp++; - a = *lp++; - -#ifndef PNG_SLOW_PAETH - p = b - c; - pc = a - c; -#ifdef PNG_USE_ABS - pa = abs(p); - pb = abs(pc); - pc = abs(p + pc); -#else - pa = p < 0 ? -p : p; - pb = pc < 0 ? -pc : pc; - pc = (p + pc) < 0 ? -(p + pc) : p + pc; -#endif - p = (pa <= pb && pa <=pc) ? a : (pb <= pc) ? b : c; -#else /* SLOW_PAETH */ - p = a + b - c; - pa = abs(p - a); - pb = abs(p - b); - pc = abs(p - c); - - if (pa <= pb && pa <= pc) - p = a; - - else if (pb <= pc) - p = b; - - else - p = c; -#endif /* SLOW_PAETH */ - - v = *dp++ = (png_byte)(((int)*rp++ - p) & 0xff); - - sum += (v < 128) ? v : 256 - v; - - if (sum > lmins) /* We are already worse, don't continue. */ - break; - } - -#ifdef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED - if (png_ptr->heuristic_method == PNG_FILTER_HEURISTIC_WEIGHTED) - { - int j; - png_uint_32 sumhi, sumlo; - sumlo = sum & PNG_LOMASK; - sumhi = (sum >> PNG_HISHIFT) & PNG_HIMASK; - - for (j = 0; j < num_p_filters; j++) - { - if (png_ptr->prev_filters[j] == PNG_FILTER_VALUE_PAETH) - { - sumlo = (sumlo * png_ptr->filter_weights[j]) >> - PNG_WEIGHT_SHIFT; - - sumhi = (sumhi * png_ptr->filter_weights[j]) >> - PNG_WEIGHT_SHIFT; - } - } - - sumlo = (sumlo * png_ptr->filter_costs[PNG_FILTER_VALUE_PAETH]) >> - PNG_COST_SHIFT; - - sumhi = (sumhi * png_ptr->filter_costs[PNG_FILTER_VALUE_PAETH]) >> - PNG_COST_SHIFT; - - if (sumhi > PNG_HIMASK) - sum = PNG_MAXSUM; - - else - sum = (sumhi << PNG_HISHIFT) + sumlo; - } -#endif + png_size_t sum; + png_size_t lmins = mins; + + sum = png_setup_paeth_row(png_ptr, bpp, row_bytes, lmins); if (sum < mins) { - best_row = png_ptr->paeth_row; + best_row = png_ptr->try_row; + if (png_ptr->tst_row != NULL) + { + png_ptr->try_row = png_ptr->tst_row; + png_ptr->tst_row = best_row; + } } } -#endif /* WRITE_FILTER */ /* Do the actual writing of the filtered row data from the chosen filter. */ png_write_filtered_row(png_ptr, best_row, row_info->rowbytes+1); -#ifdef PNG_WRITE_FILTER_SUPPORTED -#ifdef PNG_WRITE_WEIGHTED_FILTER_SUPPORTED - /* Save the type of filter we picked this time for future calculations */ - if (png_ptr->num_prev_filters > 0) - { - int j; - - for (j = 1; j < num_p_filters; j++) - { - png_ptr->prev_filters[j] = png_ptr->prev_filters[j - 1]; - } - - png_ptr->prev_filters[j] = best_row[0]; - } -#endif #endif /* WRITE_FILTER */ } @@ -3031,6 +2709,7 @@ png_compress_IDAT(png_ptr, filtered_row, full_row_length, Z_NO_FLUSH); +#ifdef PNG_WRITE_FILTER_SUPPORTED /* Swap the current and previous rows */ if (png_ptr->prev_row != NULL) { @@ -3040,6 +2719,7 @@ png_ptr->prev_row = png_ptr->row_buf; png_ptr->row_buf = tptr; } +#endif /* WRITE_FILTER */ /* Finish row - updates counters and flushes zlib if last row */ png_write_finish_row(png_ptr);
--- a/src/share/native/sun/awt/splashscreen/splashscreen_png.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/awt/splashscreen/splashscreen_png.c Sat Sep 10 22:36:17 2016 +0100 @@ -98,6 +98,7 @@ if (png_get_gAMA(png_ptr, info_ptr, &gamma)) png_set_gamma(png_ptr, 2.2, gamma); + png_set_interlace_handling(png_ptr); png_read_update_info(png_ptr, info_ptr); rowbytes = png_get_rowbytes(png_ptr, info_ptr);
--- a/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -243,14 +243,14 @@ le_uint16 srSetCount = SWAPW(subRuleSetCount); if (coverageIndex < srSetCount) { - LEReferenceToArrayOf<Offset> subRuleSetTableOffsetArrayRef(base, success, - &subRuleSetTableOffsetArray[coverageIndex], 1); + LEReferenceToArrayOf<Offset> + subRuleSetTableOffsetArrayRef(base, success, subRuleSetTableOffsetArray, srSetCount); if (LE_FAILURE(success)) { return 0; } Offset subRuleSetTableOffset = SWAPW(subRuleSetTableOffsetArray[coverageIndex]); - LEReferenceTo<SubRuleSetTable> - subRuleSetTable(base, success, (const SubRuleSetTable *) ((char *) this + subRuleSetTableOffset)); + LEReferenceTo<SubRuleSetTable> subRuleSetTable(base, success, subRuleSetTableOffset); + if (LE_FAILURE(success)) { return 0; } le_uint16 subRuleCount = SWAPW(subRuleSetTable->subRuleCount); le_int32 position = glyphIterator->getCurrStreamPosition(); @@ -264,6 +264,7 @@ SWAPW(subRuleSetTable->subRuleTableOffsetArray[subRule]); LEReferenceTo<SubRuleTable> subRuleTable(subRuleSetTable, success, subRuleTableOffset); + if (LE_FAILURE(success)) { return 0; } le_uint16 matchCount = SWAPW(subRuleTable->glyphCount) - 1; le_uint16 substCount = SWAPW(subRuleTable->substCount); LEReferenceToArrayOf<TTGlyphID> inputGlyphArray(base, success, subRuleTable->inputGlyphArray, matchCount+2); @@ -304,8 +305,8 @@ } if (coverageIndex >= 0) { - LEReferenceTo<ClassDefinitionTable> classDefinitionTable(base, success, - (const ClassDefinitionTable *) ((char *) this + SWAPW(classDefTableOffset))); + LEReferenceTo<ClassDefinitionTable> classDefinitionTable(base, success, SWAPW(classDefTableOffset)); + if (LE_FAILURE(success)) { return 0; } le_uint16 scSetCount = SWAPW(subClassSetCount); le_int32 setClass = classDefinitionTable->getGlyphClass(classDefinitionTable, glyphIterator->getCurrGlyphID(), @@ -313,44 +314,45 @@ if (setClass < scSetCount) { LEReferenceToArrayOf<Offset> - subClassSetTableOffsetArrayRef(base, success, subClassSetTableOffsetArray, setClass); + subClassSetTableOffsetArrayRef(base, success, subClassSetTableOffsetArray, scSetCount); if (LE_FAILURE(success)) { return 0; } if (subClassSetTableOffsetArray[setClass] != 0) { - Offset subClassSetTableOffset = SWAPW(subClassSetTableOffsetArray[setClass]); - LEReferenceTo<SubClassSetTable> - subClassSetTable(base, success, (const SubClassSetTable *) ((char *) this + subClassSetTableOffset)); - le_uint16 subClassRuleCount = SWAPW(subClassSetTable->subClassRuleCount); - le_int32 position = glyphIterator->getCurrStreamPosition(); + Offset subClassSetTableOffset = SWAPW(subClassSetTableOffsetArray[setClass]); + LEReferenceTo<SubClassSetTable> subClassSetTable(base, success, subClassSetTableOffset); + if (LE_FAILURE(success)) { return 0; } + le_uint16 subClassRuleCount = SWAPW(subClassSetTable->subClassRuleCount); + le_int32 position = glyphIterator->getCurrStreamPosition(); LEReferenceToArrayOf<Offset> subClassRuleTableOffsetArrayRef(base, success, subClassSetTable->subClassRuleTableOffsetArray, subClassRuleCount); if (LE_FAILURE(success)) { return 0; } - for (le_uint16 scRule = 0; scRule < subClassRuleCount; scRule += 1) { - Offset subClassRuleTableOffset = - SWAPW(subClassSetTable->subClassRuleTableOffsetArray[scRule]); - LEReferenceTo<SubClassRuleTable> - subClassRuleTable(subClassSetTable, success, subClassRuleTableOffset); - le_uint16 matchCount = SWAPW(subClassRuleTable->glyphCount) - 1; - le_uint16 substCount = SWAPW(subClassRuleTable->substCount); + for (le_uint16 scRule = 0; scRule < subClassRuleCount; scRule += 1) { + Offset subClassRuleTableOffset = + SWAPW(subClassSetTable->subClassRuleTableOffsetArray[scRule]); + LEReferenceTo<SubClassRuleTable> + subClassRuleTable(subClassSetTable, success, subClassRuleTableOffset); + if (LE_FAILURE(success)) { return 0; } + le_uint16 matchCount = SWAPW(subClassRuleTable->glyphCount) - 1; + le_uint16 substCount = SWAPW(subClassRuleTable->substCount); - LEReferenceToArrayOf<le_uint16> classArray(base, success, subClassRuleTable->classArray, matchCount+1); + LEReferenceToArrayOf<le_uint16> classArray(base, success, subClassRuleTable->classArray, matchCount+1); - if (LE_FAILURE(success)) { return 0; } - if (matchGlyphClasses(classArray, matchCount, glyphIterator, classDefinitionTable, success)) { - LEReferenceToArrayOf<SubstitutionLookupRecord> - substLookupRecordArray(base, success, (const SubstitutionLookupRecord *) &subClassRuleTable->classArray[matchCount], substCount); + if (LE_FAILURE(success)) { return 0; } + if (matchGlyphClasses(classArray, matchCount, glyphIterator, classDefinitionTable, success)) { + LEReferenceToArrayOf<SubstitutionLookupRecord> + substLookupRecordArray(base, success, (const SubstitutionLookupRecord *) &subClassRuleTable->classArray[matchCount], substCount); - applySubstitutionLookups(lookupProcessor, substLookupRecordArray, substCount, glyphIterator, fontInstance, position, success); + applySubstitutionLookups(lookupProcessor, substLookupRecordArray, substCount, glyphIterator, fontInstance, position, success); - return matchCount + 1; - } + return matchCount + 1; + } - glyphIterator->setCurrStreamPosition(position); + glyphIterator->setCurrStreamPosition(position); + } } } - } // XXX If we get here, the table is mal-formed... } @@ -463,13 +465,13 @@ if (coverageIndex < srSetCount) { LEReferenceToArrayOf<Offset> - chainSubRuleSetTableOffsetArrayRef(base, success, chainSubRuleSetTableOffsetArray, coverageIndex); + chainSubRuleSetTableOffsetArrayRef(base, success, chainSubRuleSetTableOffsetArray, srSetCount); if (LE_FAILURE(success)) { return 0; } Offset chainSubRuleSetTableOffset = SWAPW(chainSubRuleSetTableOffsetArray[coverageIndex]); - LEReferenceTo<ChainSubRuleSetTable> - chainSubRuleSetTable(base, success, (const ChainSubRuleSetTable *) ((char *) this + chainSubRuleSetTableOffset)); + LEReferenceTo<ChainSubRuleSetTable> chainSubRuleSetTable(base, success, chainSubRuleSetTableOffset); + if (LE_FAILURE(success)) { return 0; } le_uint16 chainSubRuleCount = SWAPW(chainSubRuleSetTable->chainSubRuleCount); le_int32 position = glyphIterator->getCurrStreamPosition(); GlyphIterator tempIterator(*glyphIterator, emptyFeatureList); @@ -550,17 +552,17 @@ if (coverageIndex >= 0) { LEReferenceTo<ClassDefinitionTable> - backtrackClassDefinitionTable(base, success, (const ClassDefinitionTable *) ((char *) this + SWAPW(backtrackClassDefTableOffset))); + backtrackClassDefinitionTable(base, success, SWAPW(backtrackClassDefTableOffset)); LEReferenceTo<ClassDefinitionTable> - inputClassDefinitionTable(base, success, (const ClassDefinitionTable *) ((char *) this + SWAPW(inputClassDefTableOffset))); + inputClassDefinitionTable(base, success, SWAPW(inputClassDefTableOffset)); LEReferenceTo<ClassDefinitionTable> - lookaheadClassDefinitionTable(base, success, (const ClassDefinitionTable *) ((char *) this + SWAPW(lookaheadClassDefTableOffset))); + lookaheadClassDefinitionTable(base, success, SWAPW(lookaheadClassDefTableOffset)); le_uint16 scSetCount = SWAPW(chainSubClassSetCount); le_int32 setClass = inputClassDefinitionTable->getGlyphClass(inputClassDefinitionTable, glyphIterator->getCurrGlyphID(), success); LEReferenceToArrayOf<Offset> - chainSubClassSetTableOffsetArrayRef(base, success, chainSubClassSetTableOffsetArray, setClass); + chainSubClassSetTableOffsetArrayRef(base, success, chainSubClassSetTableOffsetArray, scSetCount); if (LE_FAILURE(success)) { return 0; } @@ -568,7 +570,8 @@ if (setClass < scSetCount && chainSubClassSetTableOffsetArray[setClass] != 0) { Offset chainSubClassSetTableOffset = SWAPW(chainSubClassSetTableOffsetArray[setClass]); LEReferenceTo<ChainSubClassSetTable> - chainSubClassSetTable(base, success, (const ChainSubClassSetTable *) ((char *) this + chainSubClassSetTableOffset)); + chainSubClassSetTable(base, success, chainSubClassSetTableOffset); + if (LE_FAILURE(success)) { return 0; } le_uint16 chainSubClassRuleCount = SWAPW(chainSubClassSetTable->chainSubClassRuleCount); le_int32 position = glyphIterator->getCurrStreamPosition(); GlyphIterator tempIterator(*glyphIterator, emptyFeatureList); @@ -582,6 +585,7 @@ SWAPW(chainSubClassSetTable->chainSubClassRuleTableOffsetArray[scRule]); LEReferenceTo<ChainSubClassRuleTable> chainSubClassRuleTable(chainSubClassSetTable, success, chainSubClassRuleTableOffset); + if (LE_FAILURE(success)) { return 0; } le_uint16 backtrackGlyphCount = SWAPW(chainSubClassRuleTable->backtrackGlyphCount); LEReferenceToArrayOf<le_uint16> backtrackClassArray(base, success, chainSubClassRuleTable->backtrackClassArray, backtrackGlyphCount); if( LE_FAILURE(success) ) { return 0; }
--- a/src/share/native/sun/font/layout/CursiveAttachmentSubtables.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/CursiveAttachmentSubtables.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -46,7 +46,7 @@ le_uint16 eeCount = SWAPW(entryExitCount); LEReferenceToArrayOf<EntryExitRecord> - entryExitRecordsArrayRef(base, success, entryExitRecords, coverageIndex); + entryExitRecordsArrayRef(base, success, entryExitRecords, eeCount); if (coverageIndex < 0 || coverageIndex >= eeCount || LE_FAILURE(success)) { glyphIterator->setCursiveGlyph();
--- a/src/share/native/sun/font/layout/DeviceTables.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/DeviceTables.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -45,9 +45,12 @@ le_int16 DeviceTable::getAdjustment(const LEReferenceTo<DeviceTable>&base, le_uint16 ppem, LEErrorCode &success) const { + le_int16 result = 0; + if (LE_FAILURE(success)) { + return result; + } le_uint16 start = SWAPW(startSize); le_uint16 format = SWAPW(deltaFormat) - 1; - le_int16 result = 0; if (ppem >= start && ppem <= SWAPW(endSize) && format < FORMAT_COUNT) { le_uint16 sizeIndex = ppem - start;
--- a/src/share/native/sun/font/layout/Features.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/Features.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -41,11 +41,12 @@ LEReferenceTo<FeatureTable> FeatureListTable::getFeatureTable(const LETableReference &base, le_uint16 featureIndex, LETag *featureTag, LEErrorCode &success) const { LEReferenceToArrayOf<FeatureRecord> - featureRecordArrayRef(base, success, featureRecordArray, featureIndex+1); + featureRecordArrayRef(base, success, featureRecordArray, SWAPW(featureCount)); - if (featureIndex >= SWAPW(featureCount) || LE_FAILURE(success)) { - return LEReferenceTo<FeatureTable>(); - } + if (featureIndex >= SWAPW(featureCount) || LE_FAILURE(success)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return LEReferenceTo<FeatureTable>(); + } Offset featureTableOffset = featureRecordArray[featureIndex].featureTableOffset;
--- a/src/share/native/sun/font/layout/IndicRearrangementProcessor.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/IndicRearrangementProcessor.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -83,7 +83,7 @@ lastGlyph = currGlyph; } - doRearrangementAction(glyphStorage, (IndicRearrangementVerb) (flags & irfVerbMask)); + doRearrangementAction(glyphStorage, (IndicRearrangementVerb) (flags & irfVerbMask), success); if (!(flags & irfDontAdvance)) { // XXX: Should handle reverse too... @@ -97,18 +97,29 @@ { } -void IndicRearrangementProcessor::doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb) const +void IndicRearrangementProcessor::doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb, LEErrorCode &success) const { LEGlyphID a, b, c, d; le_int32 ia, ib, ic, id, ix, x; - LEErrorCode success = LE_NO_ERROR; + + if (LE_FAILURE(success)) return; + + if (verb == irvNoAction) { + return; + } + if (firstGlyph > lastGlyph) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return; + } switch(verb) { - case irvNoAction: - break; - case irvxA: + if (firstGlyph == lastGlyph) break; + if (firstGlyph + 1 < firstGlyph) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; ia = glyphStorage.getCharIndex(firstGlyph, success); x = firstGlyph + 1; @@ -125,6 +136,11 @@ break; case irvDx: + if (firstGlyph == lastGlyph) break; + if (lastGlyph - 1 > lastGlyph) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } d = glyphStorage[lastGlyph]; id = glyphStorage.getCharIndex(lastGlyph, success); x = lastGlyph - 1; @@ -153,6 +169,11 @@ break; case irvxAB: + if ((firstGlyph + 2 < firstGlyph) || + (lastGlyph - firstGlyph < 1)) { // difference == 1 is a no-op, < 1 is an error. + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; ia = glyphStorage.getCharIndex(firstGlyph, success); @@ -174,6 +195,11 @@ break; case irvxBA: + if ((firstGlyph + 2 < firstGlyph) || + (lastGlyph - firstGlyph < 1)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; ia = glyphStorage.getCharIndex(firstGlyph, success); @@ -195,6 +221,11 @@ break; case irvCDx: + if ((lastGlyph - 2 > lastGlyph) || + (lastGlyph - firstGlyph < 1)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } c = glyphStorage[lastGlyph - 1]; d = glyphStorage[lastGlyph]; ic = glyphStorage.getCharIndex(lastGlyph - 1, success); @@ -216,6 +247,11 @@ break; case irvDCx: + if ((lastGlyph - 2 > lastGlyph) || + (lastGlyph - firstGlyph < 1)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } c = glyphStorage[lastGlyph - 1]; d = glyphStorage[lastGlyph]; ic = glyphStorage.getCharIndex(lastGlyph - 1, success); @@ -237,6 +273,11 @@ break; case irvCDxA: + if ((lastGlyph - 2 > lastGlyph) || + (lastGlyph - firstGlyph < 2)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; c = glyphStorage[lastGlyph - 1]; d = glyphStorage[lastGlyph]; @@ -262,6 +303,11 @@ break; case irvDCxA: + if ((lastGlyph - 2 > lastGlyph) || + (lastGlyph - firstGlyph < 2)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; c = glyphStorage[lastGlyph - 1]; d = glyphStorage[lastGlyph]; @@ -287,6 +333,11 @@ break; case irvDxAB: + if ((firstGlyph + 2 < firstGlyph) || + (lastGlyph - firstGlyph < 2)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; d = glyphStorage[lastGlyph]; @@ -312,6 +363,11 @@ break; case irvDxBA: + if ((firstGlyph + 2 < firstGlyph) || + (lastGlyph - firstGlyph < 2)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; d = glyphStorage[lastGlyph]; @@ -337,6 +393,10 @@ break; case irvCDxAB: + if (lastGlyph - firstGlyph < 3) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; @@ -359,6 +419,10 @@ break; case irvCDxBA: + if (lastGlyph - firstGlyph < 3) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; @@ -381,6 +445,10 @@ break; case irvDCxAB: + if (lastGlyph - firstGlyph < 3) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; @@ -403,6 +471,10 @@ break; case irvDCxBA: + if (lastGlyph - firstGlyph < 3) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1];
--- a/src/share/native/sun/font/layout/IndicRearrangementProcessor.h Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/IndicRearrangementProcessor.h Sat Sep 10 22:36:17 2016 +0100 @@ -56,7 +56,7 @@ virtual void endStateTable(); - void doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb) const; + void doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb, LEErrorCode &success) const; IndicRearrangementProcessor(const LEReferenceTo<MorphSubtableHeader> &morphSubtableHeader, LEErrorCode &success); virtual ~IndicRearrangementProcessor();
--- a/src/share/native/sun/font/layout/IndicRearrangementProcessor2.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/IndicRearrangementProcessor2.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -81,7 +81,7 @@ lastGlyph = currGlyph; } - doRearrangementAction(glyphStorage, (IndicRearrangementVerb) (flags & irfVerbMask)); + doRearrangementAction(glyphStorage, (IndicRearrangementVerb) (flags & irfVerbMask), success); if (!(flags & irfDontAdvance)) { currGlyph += dir; @@ -94,18 +94,29 @@ { } -void IndicRearrangementProcessor2::doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb) const +void IndicRearrangementProcessor2::doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb, LEErrorCode &success) const { LEGlyphID a, b, c, d; le_int32 ia, ib, ic, id, ix, x; - LEErrorCode success = LE_NO_ERROR; + + if (LE_FAILURE(success)) return; + + if (verb == irvNoAction) { + return; + } + if (firstGlyph > lastGlyph) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return; + } switch(verb) { - case irvNoAction: - break; - case irvxA: + if (firstGlyph == lastGlyph) break; + if (firstGlyph + 1 < firstGlyph) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; ia = glyphStorage.getCharIndex(firstGlyph, success); x = firstGlyph + 1; @@ -122,6 +133,11 @@ break; case irvDx: + if (firstGlyph == lastGlyph) break; + if (lastGlyph - 1 > lastGlyph) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } d = glyphStorage[lastGlyph]; id = glyphStorage.getCharIndex(lastGlyph, success); x = lastGlyph - 1; @@ -150,6 +166,11 @@ break; case irvxAB: + if ((firstGlyph + 2 < firstGlyph) || + (lastGlyph - firstGlyph < 1)) { // difference == 1 is a no-op, < 1 is an error. + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; ia = glyphStorage.getCharIndex(firstGlyph, success); @@ -171,6 +192,11 @@ break; case irvxBA: + if ((firstGlyph + 2 < firstGlyph) || + (lastGlyph - firstGlyph < 1)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; ia = glyphStorage.getCharIndex(firstGlyph, success); @@ -192,6 +218,11 @@ break; case irvCDx: + if ((lastGlyph - 2 > lastGlyph) || + (lastGlyph - firstGlyph < 1)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } c = glyphStorage[lastGlyph - 1]; d = glyphStorage[lastGlyph]; ic = glyphStorage.getCharIndex(lastGlyph - 1, success); @@ -213,6 +244,11 @@ break; case irvDCx: + if ((lastGlyph - 2 > lastGlyph) || + (lastGlyph - firstGlyph < 1)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } c = glyphStorage[lastGlyph - 1]; d = glyphStorage[lastGlyph]; ic = glyphStorage.getCharIndex(lastGlyph - 1, success); @@ -234,6 +270,11 @@ break; case irvCDxA: + if ((lastGlyph - 2 > lastGlyph) || + (lastGlyph - firstGlyph < 2)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; c = glyphStorage[lastGlyph - 1]; d = glyphStorage[lastGlyph]; @@ -259,6 +300,11 @@ break; case irvDCxA: + if ((lastGlyph - 2 > lastGlyph) || + (lastGlyph - firstGlyph < 2)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; c = glyphStorage[lastGlyph - 1]; d = glyphStorage[lastGlyph]; @@ -284,6 +330,11 @@ break; case irvDxAB: + if ((firstGlyph + 2 < firstGlyph) || + (lastGlyph - firstGlyph < 2)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; d = glyphStorage[lastGlyph]; @@ -309,6 +360,11 @@ break; case irvDxBA: + if ((firstGlyph + 2 < firstGlyph) || + (lastGlyph - firstGlyph < 2)) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; d = glyphStorage[lastGlyph]; @@ -334,6 +390,10 @@ break; case irvCDxAB: + if (lastGlyph - firstGlyph < 3) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; @@ -356,6 +416,10 @@ break; case irvCDxBA: + if (lastGlyph - firstGlyph < 3) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; @@ -378,6 +442,10 @@ break; case irvDCxAB: + if (lastGlyph - firstGlyph < 3) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1]; @@ -400,6 +468,10 @@ break; case irvDCxBA: + if (lastGlyph - firstGlyph < 3) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + break; + } a = glyphStorage[firstGlyph]; b = glyphStorage[firstGlyph + 1];
--- a/src/share/native/sun/font/layout/IndicRearrangementProcessor2.h Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/IndicRearrangementProcessor2.h Sat Sep 10 22:36:17 2016 +0100 @@ -56,7 +56,7 @@ virtual void endStateTable(); - void doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb) const; + void doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb, LEErrorCode &success) const; IndicRearrangementProcessor2(const LEReferenceTo<MorphSubtableHeader2> &morphSubtableHeader, LEErrorCode &success); virtual ~IndicRearrangementProcessor2();
--- a/src/share/native/sun/font/layout/LigatureSubstProc.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/LigatureSubstProc.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -71,6 +71,10 @@ { LEErrorCode success = LE_NO_ERROR; const LigatureSubstitutionStateEntry *entry = entryTable.getAlias(index, success); + if (LE_FAILURE(success)) { + currGlyph++; + return 0; + } ByteOffset newState = SWAPW(entry->newStateOffset); le_uint16 flags = SWAPW(entry->flags); @@ -91,6 +95,10 @@ if (actionOffset != 0) { LEReferenceTo<LigatureActionEntry> ap(stHeader, success, actionOffset); + if (LE_FAILURE(success)) { + currGlyph++; + return newState; + } LigatureActionEntry action; le_int32 offset, i = 0, j = 0; le_int32 stack[nComponents]; @@ -101,6 +109,10 @@ if (j++ > 0) { ap.addObject(success); + if (LE_FAILURE(success)) { + currGlyph++; + return newState; + } } action = SWAPL(*ap.getAlias()); @@ -124,9 +136,17 @@ return newState; // get out! bad font } i += SWAPW(offsetTable.getObject(LE_GET_GLYPH(glyphStorage[componentGlyph]), success)); + if (LE_FAILURE(success)) { + currGlyph++; + return newState; + } if (action & (lafLast | lafStore)) { LEReferenceTo<TTGlyphID> ligatureOffset(stHeader, success, i); + if (LE_FAILURE(success)) { + currGlyph++; + return newState; + } TTGlyphID ligatureGlyph = SWAPW(*ligatureOffset.getAlias()); glyphStorage[componentGlyph] = LE_SET_GLYPH(glyphStorage[componentGlyph], ligatureGlyph);
--- a/src/share/native/sun/font/layout/LigatureSubstProc2.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/LigatureSubstProc2.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -95,6 +95,10 @@ if (actionOffset != 0) { LEReferenceTo<LigatureActionEntry> ap(stHeader, success, ligActionOffset); // byte offset + if (LE_FAILURE(success)) { + currGlyph+= dir; + return nextStateIndex; + } ap.addObject(ligActionIndex, success); LEReferenceToArrayOf<TTGlyphID> ligatureTable(stHeader, success, ligatureOffset, LE_UNBOUNDED_ARRAY); LigatureActionEntry action; @@ -114,6 +118,10 @@ if (j++ > 0) { ap.addObject(success); } + if (LE_FAILURE(success)) { + currGlyph+= dir; + return nextStateIndex; + } action = SWAPL(*ap.getAlias()); @@ -129,9 +137,17 @@ return nextStateIndex; // get out! bad font } i += SWAPW(componentTable(LE_GET_GLYPH(glyphStorage[componentGlyph]) + (SignExtend(offset, lafComponentOffsetMask)),success)); + if (LE_FAILURE(success)) { + currGlyph+= dir; + return nextStateIndex; + } if (action & (lafLast | lafStore)) { TTGlyphID ligatureGlyph = SWAPW(ligatureTable(i,success)); + if (LE_FAILURE(success)) { + currGlyph+= dir; + return nextStateIndex; + } glyphStorage[componentGlyph] = LE_SET_GLYPH(glyphStorage[componentGlyph], ligatureGlyph); if(mm==nComponents) { LE_DEBUG_BAD_FONT("exceeded nComponents");
--- a/src/share/native/sun/font/layout/LookupTables.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/LookupTables.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -91,6 +91,10 @@ LEReferenceTo<LookupSingle> entry(base, success, entries); LEReferenceTo<LookupSingle> trial(entry, success, extra); + if (!LE_SUCCESS(success)) { + return NULL; + } + if (SWAPW(trial->glyph) <= ttGlyph) { entry = trial; }
--- a/src/share/native/sun/font/layout/Lookups.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/Lookups.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -42,6 +42,7 @@ LEReferenceToArrayOf<Offset> lookupTableOffsetArrayRef(base, success, (const Offset*)&lookupTableOffsetArray, SWAPW(lookupCount)); if(LE_FAILURE(success) || lookupTableIndex>lookupTableOffsetArrayRef.getCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; return LEReferenceTo<LookupTable>(); } else { return LEReferenceTo<LookupTable>(base, success, SWAPW(lookupTableOffsetArrayRef.getObject(lookupTableIndex, success))); @@ -53,6 +54,7 @@ LEReferenceToArrayOf<Offset> subTableOffsetArrayRef(base, success, (const Offset*)&subTableOffsetArray, SWAPW(subTableCount)); if(LE_FAILURE(success) || subtableIndex>subTableOffsetArrayRef.getCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; return LEReferenceTo<LookupSubtable>(); } else { return LEReferenceTo<LookupSubtable>(base, success, SWAPW(subTableOffsetArrayRef.getObject(subtableIndex, success)));
--- a/src/share/native/sun/font/layout/MarkToBasePosnSubtables.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/MarkToBasePosnSubtables.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -93,7 +93,7 @@ } LEReferenceTo<BaseRecord> baseRecord(base, success, &baseArray->baseRecordArray[baseCoverage * mcCount]); if( LE_FAILURE(success) ) { return 0; } - LEReferenceToArrayOf<Offset> baseAnchorTableOffsetArray(base, success, &(baseRecord->baseAnchorTableOffsetArray[0]), markClass+1); + LEReferenceToArrayOf<Offset> baseAnchorTableOffsetArray(base, success, &(baseRecord->baseAnchorTableOffsetArray[0]), mcCount); if( LE_FAILURE(success) ) { return 0; } Offset anchorTableOffset = SWAPW(baseRecord->baseAnchorTableOffsetArray[markClass]);
--- a/src/share/native/sun/font/layout/MarkToLigaturePosnSubtables.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/MarkToLigaturePosnSubtables.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -83,6 +83,7 @@ LEGlyphID ligatureGlyph = findLigatureGlyph(&ligatureIterator); le_int32 ligatureCoverage = getBaseCoverage(base, (LEGlyphID) ligatureGlyph, success); LEReferenceTo<LigatureArray> ligatureArray(base, success, SWAPW(baseArrayOffset)); + if (LE_FAILURE(success)) { return 0; } le_uint16 ligatureCount = SWAPW(ligatureArray->ligatureCount); if (ligatureCoverage < 0 || ligatureCoverage >= ligatureCount) { @@ -95,6 +96,7 @@ le_int32 markPosition = glyphIterator->getCurrStreamPosition(); Offset ligatureAttachOffset = SWAPW(ligatureArray->ligatureAttachTableOffsetArray[ligatureCoverage]); LEReferenceTo<LigatureAttachTable> ligatureAttachTable(ligatureArray, success, ligatureAttachOffset); + if (LE_FAILURE(success)) { return 0; } le_int32 componentCount = SWAPW(ligatureAttachTable->componentCount); le_int32 component = ligatureIterator.getMarkComponent(markPosition); @@ -104,10 +106,12 @@ } LEReferenceTo<ComponentRecord> componentRecord(base, success, &ligatureAttachTable->componentRecordArray[component * mcCount]); - LEReferenceToArrayOf<Offset> ligatureAnchorTableOffsetArray(base, success, &(componentRecord->ligatureAnchorTableOffsetArray[0]), markClass+1); + if (LE_FAILURE(success)) { return 0; } + LEReferenceToArrayOf<Offset> ligatureAnchorTableOffsetArray(base, success, &(componentRecord->ligatureAnchorTableOffsetArray[0]), mcCount); if( LE_FAILURE(success) ) { return 0; } Offset anchorTableOffset = SWAPW(componentRecord->ligatureAnchorTableOffsetArray[markClass]); LEReferenceTo<AnchorTable> anchorTable(ligatureAttachTable, success, anchorTableOffset); + if (LE_FAILURE(success)) { return 0; } LEPoint ligatureAnchor, markAdvance, pixels; anchorTable->getAnchor(anchorTable, ligatureGlyph, fontInstance, ligatureAnchor, success);
--- a/src/share/native/sun/font/layout/MorphTables.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/MorphTables.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -75,6 +75,7 @@ return; } subtableHeader.addOffset(length, success); + if (LE_FAILURE(success)) break; } SubtableCoverage coverage = SWAPW(subtableHeader->coverage); FeatureFlags subtableFeatures = SWAPL(subtableHeader->subtableFeatures); @@ -91,6 +92,8 @@ { SubtableProcessor *processor = NULL; + if (LE_FAILURE(success)) return; + switch (SWAPW(coverage) & scfTypeMask) { case mstIndicRearrangement:
--- a/src/share/native/sun/font/layout/MorphTables2.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/MorphTables2.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -197,6 +197,7 @@ return; } subtableHeader.addOffset(length, success); // Don't addOffset for the last entry. + if (LE_FAILURE(success)) break; } le_uint32 coverage = SWAPL(subtableHeader->coverage); FeatureFlags subtableFeatures = SWAPL(subtableHeader->subtableFeatures); @@ -212,6 +213,8 @@ { SubtableProcessor2 *processor = NULL; + if (LE_FAILURE(success)) return; + switch (SWAPL(coverage) & scfTypeMask2) { case mstIndicRearrangement:
--- a/src/share/native/sun/font/layout/SegmentArrayProcessor.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/SegmentArrayProcessor.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -63,6 +63,8 @@ le_int32 glyphCount = glyphStorage.getGlyphCount(); le_int32 glyph; + if (LE_FAILURE(success)) return; + for (glyph = 0; glyph < glyphCount; glyph += 1) { LEGlyphID thisGlyph = glyphStorage[glyph]; const LookupSegment *lookupSegment = segmentArrayLookupTable->lookupSegment(segmentArrayLookupTable, segments, thisGlyph, success);
--- a/src/share/native/sun/font/layout/SegmentArrayProcessor2.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/SegmentArrayProcessor2.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -63,6 +63,8 @@ le_int32 glyphCount = glyphStorage.getGlyphCount(); le_int32 glyph; + if (LE_FAILURE(success)) return; + for (glyph = 0; glyph < glyphCount; glyph += 1) { LEGlyphID thisGlyph = glyphStorage[glyph]; // lookupSegment already range checked by lookupSegment() function.
--- a/src/share/native/sun/font/layout/SegmentSingleProcessor2.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/SegmentSingleProcessor2.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -64,6 +64,8 @@ le_int32 glyphCount = glyphStorage.getGlyphCount(); le_int32 glyph; + if (LE_FAILURE(success)) return; + for (glyph = 0; glyph < glyphCount; glyph += 1) { LEGlyphID thisGlyph = glyphStorage[glyph]; const LookupSegment *lookupSegment = segmentSingleLookupTable->lookupSegment(segmentSingleLookupTable, segments, thisGlyph, success);
--- a/src/share/native/sun/font/layout/SimpleArrayProcessor2.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/SimpleArrayProcessor2.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -61,10 +61,11 @@ void SimpleArrayProcessor2::process(LEGlyphStorage &glyphStorage, LEErrorCode &success) { - if (LE_FAILURE(success)) return; le_int32 glyphCount = glyphStorage.getGlyphCount(); le_int32 glyph; + if (LE_FAILURE(success)) return; + for (glyph = 0; glyph < glyphCount; glyph += 1) { LEGlyphID thisGlyph = glyphStorage[glyph]; if (LE_GET_GLYPH(thisGlyph) < 0xFFFF) {
--- a/src/share/native/sun/font/layout/SingleTableProcessor.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/SingleTableProcessor.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -63,6 +63,8 @@ le_int32 glyph; le_int32 glyphCount = glyphStorage.getGlyphCount(); + if (LE_FAILURE(success)) return; + for (glyph = 0; glyph < glyphCount; glyph += 1) { const LookupSingle *lookupSingle = singleTableLookupTable->lookupSingle(singleTableLookupTable, entries, glyphStorage[glyph], success);
--- a/src/share/native/sun/font/layout/StateTableProcessor2.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/font/layout/StateTableProcessor2.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -60,6 +60,7 @@ entryTableOffset = SWAPL(stHeader->entryTableOffset); classTable = LEReferenceTo<LookupTable>(stHeader, success, classTableOffset); + if (LE_FAILURE(success)) return; format = SWAPW(classTable->format); stateArray = LEReferenceToArrayOf<EntryTableIndex2>(stHeader, success, stateArrayOffset, LE_UNBOUNDED_ARRAY);
--- a/src/share/native/sun/java2d/cmm/lcms/cmscgats.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/share/native/sun/java2d/cmm/lcms/cmscgats.c Sat Sep 10 22:36:17 2016 +0100 @@ -2545,9 +2545,11 @@ for (i=0; i < t->nSamples; i++) { fld = GetDataFormat(it8, i); + if (fld != NULL) { if (cmsstrcasecmp(fld, cSample) == 0) return i; } + } return -1;
--- a/src/solaris/classes/sun/awt/X11/XBaseWindow.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/awt/X11/XBaseWindow.java Sat Sep 10 22:36:17 2016 +0100 @@ -661,7 +661,7 @@ XToolkit.awtLock(); try { XAtom xa = XAtom.get(XAtom.XA_WM_CLASS); - xa.setProperty8(getWindow(), cl[0] + '\0' + cl[1]); + xa.setProperty8(getWindow(), cl[0] + '\0' + cl[1] + '\0'); } finally { XToolkit.awtUnlock(); }
--- a/src/solaris/classes/sun/nio/ch/DatagramDispatcher.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/DatagramDispatcher.java Sat Sep 10 22:36:17 2016 +0100 @@ -36,7 +36,7 @@ class DatagramDispatcher extends NativeDispatcher { static { - Util.load(); + IOUtil.load(); } int read(FileDescriptor fd, long address, int len) throws IOException {
--- a/src/solaris/classes/sun/nio/ch/DevPollArrayWrapper.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/DevPollArrayWrapper.java Sat Sep 10 22:36:17 2016 +0100 @@ -319,4 +319,8 @@ private native int poll0(long pollAddress, int numfds, long timeout, int wfd); private static native void interrupt(int fd); + + static { + IOUtil.load(); + } }
--- a/src/solaris/classes/sun/nio/ch/DevPollSelectorImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/DevPollSelectorImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -196,9 +196,4 @@ } return this; } - - static { - Util.load(); - } - }
--- a/src/solaris/classes/sun/nio/ch/EPoll.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/EPoll.java Sat Sep 10 22:36:17 2016 +0100 @@ -113,6 +113,6 @@ throws IOException; static { - Util.load(); + IOUtil.load(); } }
--- a/src/solaris/classes/sun/nio/ch/EPollArrayWrapper.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/EPollArrayWrapper.java Sat Sep 10 22:36:17 2016 +0100 @@ -330,6 +330,7 @@ } static { + IOUtil.load(); init(); }
--- a/src/solaris/classes/sun/nio/ch/EPollPort.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/EPollPort.java Sat Sep 10 22:36:17 2016 +0100 @@ -318,6 +318,6 @@ private static native void close0(int fd); static { - Util.load(); + IOUtil.load(); } }
--- a/src/solaris/classes/sun/nio/ch/EPollSelectorImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/EPollSelectorImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -196,8 +196,4 @@ } return this; } - - static { - Util.load(); - } }
--- a/src/solaris/classes/sun/nio/ch/FileDispatcherImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/FileDispatcherImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -31,7 +31,7 @@ class FileDispatcherImpl extends FileDispatcher { static { - Util.load(); + IOUtil.load(); init(); }
--- a/src/solaris/classes/sun/nio/ch/InheritedChannel.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/InheritedChannel.java Sat Sep 10 22:36:17 2016 +0100 @@ -235,6 +235,6 @@ private static native int peerPort0(int fd); static { - Util.load(); + IOUtil.load(); } }
--- a/src/solaris/classes/sun/nio/ch/KQueue.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/KQueue.java Sat Sep 10 22:36:17 2016 +0100 @@ -115,6 +115,6 @@ throws IOException; static { - Util.load(); + IOUtil.load(); } }
--- a/src/solaris/classes/sun/nio/ch/KQueuePort.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/KQueuePort.java Sat Sep 10 22:36:17 2016 +0100 @@ -326,6 +326,6 @@ private static native void close0(int fd); static { - Util.load(); + IOUtil.load(); } }
--- a/src/solaris/classes/sun/nio/ch/NativeThread.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/NativeThread.java Sat Sep 10 22:36:17 2016 +0100 @@ -54,7 +54,7 @@ static native void init(); static { - Util.load(); + IOUtil.load(); init(); }
--- a/src/solaris/classes/sun/nio/ch/PollArrayWrapper.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/PollArrayWrapper.java Sat Sep 10 22:36:17 2016 +0100 @@ -126,4 +126,7 @@ private static native void interrupt(int fd); + static { + IOUtil.load(); + } }
--- a/src/solaris/classes/sun/nio/ch/SctpChannelImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/SctpChannelImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -1103,7 +1103,7 @@ boolean ready) throws IOException; static { - Util.load(); /* loads nio & net native libraries */ + IOUtil.load(); /* loads nio & net native libraries */ java.security.AccessController.doPrivileged( new sun.security.action.LoadLibraryAction("javasctp")); initIDs();
--- a/src/solaris/classes/sun/nio/ch/SctpMultiChannelImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/SctpMultiChannelImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -986,7 +986,7 @@ } static { - Util.load(); /* loads nio & net native libraries */ + IOUtil.load(); /* loads nio & net native libraries */ java.security.AccessController.doPrivileged( new sun.security.action.LoadLibraryAction("javasctp")); }
--- a/src/solaris/classes/sun/nio/ch/SctpServerChannelImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/SctpServerChannelImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -416,7 +416,7 @@ FileDescriptor newfd, InetSocketAddress[] isaa) throws IOException; static { - Util.load(); // loads nio & net native libraries + IOUtil.load(); // loads nio & net native libraries java.security.AccessController.doPrivileged( new sun.security.action.LoadLibraryAction("javasctp")); initIDs();
--- a/src/solaris/classes/sun/nio/ch/SinkChannelImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/SinkChannelImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -37,7 +37,7 @@ { // Used to make native read and write calls - private static NativeDispatcher nd; + private static final NativeDispatcher nd = new FileDispatcherImpl(); // The file descriptor associated with this channel FileDescriptor fd; @@ -206,10 +206,4 @@ throw new IndexOutOfBoundsException(); return write(Util.subsequence(srcs, offset, length)); } - - static { - Util.load(); - nd = new FileDispatcherImpl(); - } - }
--- a/src/solaris/classes/sun/nio/ch/SolarisEventPort.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/SolarisEventPort.java Sat Sep 10 22:36:17 2016 +0100 @@ -260,6 +260,6 @@ static { - Util.load(); + IOUtil.load(); } }
--- a/src/solaris/classes/sun/nio/ch/SourceChannelImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/SourceChannelImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -37,7 +37,7 @@ { // Used to make native read and write calls - private static NativeDispatcher nd; + private static final NativeDispatcher nd = new FileDispatcherImpl(); // The file descriptor associated with this channel FileDescriptor fd; @@ -206,10 +206,4 @@ } } } - - static { - Util.load(); - nd = new FileDispatcherImpl(); - } - }
--- a/src/solaris/classes/sun/nio/ch/UnixAsynchronousServerSocketChannelImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/UnixAsynchronousServerSocketChannelImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -345,7 +345,7 @@ throws IOException; static { - Util.load(); + IOUtil.load(); initIDs(); } }
--- a/src/solaris/classes/sun/nio/ch/UnixAsynchronousSocketChannelImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/classes/sun/nio/ch/UnixAsynchronousSocketChannelImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -748,6 +748,6 @@ private static native void checkConnect(int fdVal) throws IOException; static { - Util.load(); + IOUtil.load(); } }
--- a/src/solaris/native/sun/awt/fontpath.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/solaris/native/sun/awt/fontpath.c Sat Sep 10 22:36:17 2016 +0100 @@ -721,7 +721,7 @@ } #endif - pattern = FcNameParse ((FcChar8 *)fcName); + pattern = FcNameParse((FcChar8 *)fcName); if (locale != NULL) { FcPatternAddString (pattern, FC_LANG, (unsigned char*)locale); } @@ -892,9 +892,9 @@ if (fcName == NULL) { continue; } - pattern = FcNameParse ((FcChar8 *)fcName); + pattern = FcNameParse((FcChar8 *)fcName); + (*env)->ReleaseStringUTFChars(env, fcNameStr, (const char*)fcName); if (pattern == NULL) { - (*env)->ReleaseStringUTFChars(env, fcNameStr, (const char*)fcName); closeFontConfig(libfontconfig, JNI_FALSE); return; } @@ -911,8 +911,7 @@ FcDefaultSubstitute (pattern); fontset = FcFontSort (NULL, pattern, FcTrue, NULL, &result); if (fontset == NULL) { - FcPatternDestroy (pattern); - (*env)->ReleaseStringUTFChars(env, fcNameStr, (const char*)fcName); + FcPatternDestroy(pattern); closeFontConfig(libfontconfig, JNI_FALSE); return; } @@ -942,9 +941,8 @@ if (file != NULL) { free(file); } - FcPatternDestroy (pattern); - FcFontSetDestroy (fontset); - (*env)->ReleaseStringUTFChars(env, fcNameStr, (const char*)fcName); + FcPatternDestroy(pattern); + FcFontSetDestroy(fontset); closeFontConfig(libfontconfig, JNI_FALSE); return; } @@ -963,7 +961,7 @@ FcCharSet *unionCharset = NULL, *charset; fontformat = NULL; - (*FcPatternGetString)(fontPattern, FC_FONTFORMAT, 0, &fontformat); + FcPatternGetString(fontPattern, FC_FONTFORMAT, 0, &fontformat); /* We only want TrueType fonts but some Linuxes still depend * on Type 1 fonts for some Locale support, so we'll allow * them there. @@ -983,10 +981,8 @@ free(family); free(styleStr); free(file); - FcPatternDestroy (pattern); - FcFontSetDestroy (fontset); - (*env)->ReleaseStringUTFChars(env, - fcNameStr, (const char*)fcName); + FcPatternDestroy(pattern); + FcFontSetDestroy(fontset); closeFontConfig(libfontconfig, JNI_FALSE); return; } @@ -1031,6 +1027,16 @@ if (includeFallbacks) { fcFontArr = (*env)->NewObjectArray(env, fontCount, fcFontClass, NULL); + if (IS_NULL(fcFontArr)) { + free(family); + free(fullname); + free(styleStr); + free(file); + FcPatternDestroy(pattern); + FcFontSetDestroy(fontset); + closeFontConfig(libfontconfig, JNI_FALSE); + return; + } (*env)->SetObjectField(env,fcCompFontObj, fcAllFontsID, fcFontArr); } fn=0; @@ -1039,18 +1045,23 @@ if (family[j] != NULL) { jobject fcFont = (*env)->NewObject(env, fcFontClass, fcFontCons); + if (IS_NULL(fcFont)) break; jstr = (*env)->NewStringUTF(env, (const char*)family[j]); + if (IS_NULL(jstr)) break; (*env)->SetObjectField(env, fcFont, familyNameID, jstr); if (file[j] != NULL) { jstr = (*env)->NewStringUTF(env, (const char*)file[j]); + if (IS_NULL(jstr)) break; (*env)->SetObjectField(env, fcFont, fontFileID, jstr); } if (styleStr[j] != NULL) { jstr = (*env)->NewStringUTF(env, (const char*)styleStr[j]); + if (IS_NULL(jstr)) break; (*env)->SetObjectField(env, fcFont, styleNameID, jstr); } if (fullname[j] != NULL) { jstr = (*env)->NewStringUTF(env, (const char*)fullname[j]); + if (IS_NULL(jstr)) break; (*env)->SetObjectField(env, fcFont, fullNameID, jstr); } if (fn==0) { @@ -1064,7 +1075,6 @@ } } } - (*env)->ReleaseStringUTFChars (env, fcNameStr, (const char*)fcName); FcFontSetDestroy (fontset); FcPatternDestroy (pattern); free(family);
--- a/src/windows/classes/sun/nio/ch/DatagramDispatcher.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/nio/ch/DatagramDispatcher.java Sat Sep 10 22:36:17 2016 +0100 @@ -36,7 +36,7 @@ class DatagramDispatcher extends NativeDispatcher { static { - Util.load(); + IOUtil.load(); } int read(FileDescriptor fd, long address, int len) throws IOException {
--- a/src/windows/classes/sun/nio/ch/FileDispatcherImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/nio/ch/FileDispatcherImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -148,7 +148,7 @@ } static { - Util.load(); + IOUtil.load(); fastFileTransfer = isFastFileTransferRequested(); }
--- a/src/windows/classes/sun/nio/ch/FileKey.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/nio/ch/FileKey.java Sat Sep 10 22:36:17 2016 +0100 @@ -73,6 +73,7 @@ private static native void initIDs(); static { + IOUtil.load(); initIDs(); } }
--- a/src/windows/classes/sun/nio/ch/Iocp.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/nio/ch/Iocp.java Sat Sep 10 22:36:17 2016 +0100 @@ -443,7 +443,7 @@ private static native String getErrorMessage(int error); static { - Util.load(); + IOUtil.load(); initIDs(); // thread agnostic I/O on Vista/2008 or newer
--- a/src/windows/classes/sun/nio/ch/PipeImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/nio/ch/PipeImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,6 +37,7 @@ import java.security.AccessController; import java.security.PrivilegedExceptionAction; import java.security.PrivilegedActionException; +import java.security.SecureRandom; import java.util.Random; @@ -47,92 +48,121 @@ class PipeImpl extends Pipe { + // Number of bytes in the secret handshake. + private static final int NUM_SECRET_BYTES = 16; + + // Random object for handshake values + private static final Random RANDOM_NUMBER_GENERATOR = new SecureRandom(); // Source and sink channels private SourceChannel source; private SinkChannel sink; - // Random object for handshake values - private static final Random rnd; - - static { - Util.load(); - byte[] someBytes = new byte[8]; - boolean resultOK = IOUtil.randomBytes(someBytes); - if (resultOK) { - rnd = new Random(ByteBuffer.wrap(someBytes).getLong()); - } else { - rnd = new Random(); - } - } - private class Initializer implements PrivilegedExceptionAction<Void> { private final SelectorProvider sp; + private IOException ioe = null; + private Initializer(SelectorProvider sp) { this.sp = sp; } + @Override public Void run() throws IOException { - ServerSocketChannel ssc = null; - SocketChannel sc1 = null; - SocketChannel sc2 = null; - - try { - // loopback address - InetAddress lb = InetAddress.getByName("127.0.0.1"); - assert(lb.isLoopbackAddress()); - - // bind ServerSocketChannel to a port on the loopback address - ssc = ServerSocketChannel.open(); - ssc.socket().bind(new InetSocketAddress(lb, 0)); - - // Establish connection (assumes connections are eagerly - // accepted) - InetSocketAddress sa - = new InetSocketAddress(lb, ssc.socket().getLocalPort()); - sc1 = SocketChannel.open(sa); - - ByteBuffer bb = ByteBuffer.allocate(8); - long secret = rnd.nextLong(); - bb.putLong(secret).flip(); - sc1.write(bb); - - // Get a connection and verify it is legitimate + LoopbackConnector connector = new LoopbackConnector(); + connector.run(); + if (ioe instanceof ClosedByInterruptException) { + ioe = null; + Thread connThread = new Thread(connector) { + @Override + public void interrupt() {} + }; + connThread.start(); for (;;) { - sc2 = ssc.accept(); - bb.clear(); - sc2.read(bb); - bb.rewind(); - if (bb.getLong() == secret) + try { + connThread.join(); break; - sc2.close(); + } catch (InterruptedException ex) {} } + Thread.currentThread().interrupt(); + } + + if (ioe != null) + throw new IOException("Unable to establish loopback connection", ioe); - // Create source and sink channels - source = new SourceChannelImpl(sp, sc1); - sink = new SinkChannelImpl(sp, sc2); - } catch (IOException e) { + return null; + } + + private class LoopbackConnector implements Runnable { + + @Override + public void run() { + ServerSocketChannel ssc = null; + SocketChannel sc1 = null; + SocketChannel sc2 = null; + try { - if (sc1 != null) - sc1.close(); - if (sc2 != null) + // Create secret with a backing array. + ByteBuffer secret = ByteBuffer.allocate(NUM_SECRET_BYTES); + ByteBuffer bb = ByteBuffer.allocate(NUM_SECRET_BYTES); + + // Loopback address + InetAddress lb = InetAddress.getByName("127.0.0.1"); + assert(lb.isLoopbackAddress()); + InetSocketAddress sa = null; + for(;;) { + // Bind ServerSocketChannel to a port on the loopback + // address + if (ssc == null || !ssc.isOpen()) { + ssc = ServerSocketChannel.open(); + ssc.socket().bind(new InetSocketAddress(lb, 0)); + sa = new InetSocketAddress(lb, ssc.socket().getLocalPort()); + } + + // Establish connection (assume connections are eagerly + // accepted) + sc1 = SocketChannel.open(sa); + RANDOM_NUMBER_GENERATOR.nextBytes(secret.array()); + do { + sc1.write(secret); + } while (secret.hasRemaining()); + secret.rewind(); + + // Get a connection and verify it is legitimate + sc2 = ssc.accept(); + do { + sc2.read(bb); + } while (bb.hasRemaining()); + bb.rewind(); + + if (bb.equals(secret)) + break; + sc2.close(); - } catch (IOException e2) { } - IOException x = new IOException("Unable to establish" - + " loopback connection"); - x.initCause(e); - throw x; - } finally { - try { - if (ssc != null) - ssc.close(); - } catch (IOException e2) { } + sc1.close(); + } + + // Create source and sink channels + source = new SourceChannelImpl(sp, sc1); + sink = new SinkChannelImpl(sp, sc2); + } catch (IOException e) { + try { + if (sc1 != null) + sc1.close(); + if (sc2 != null) + sc2.close(); + } catch (IOException e2) {} + ioe = e; + } finally { + try { + if (ssc != null) + ssc.close(); + } catch (IOException e2) {} + } } - return null; } } @@ -144,7 +174,6 @@ } } - public SourceChannel source() { return source; }
--- a/src/windows/classes/sun/nio/ch/SocketDispatcher.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/nio/ch/SocketDispatcher.java Sat Sep 10 22:36:17 2016 +0100 @@ -36,7 +36,7 @@ { static { - Util.load(); + IOUtil.load(); } int read(FileDescriptor fd, long address, int len) throws IOException {
--- a/src/windows/classes/sun/nio/ch/WindowsAsynchronousFileChannelImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/nio/ch/WindowsAsynchronousFileChannelImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -755,6 +755,6 @@ private static native void close0(long handle); static { - Util.load(); + IOUtil.load(); } }
--- a/src/windows/classes/sun/nio/ch/WindowsAsynchronousServerSocketChannelImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/nio/ch/WindowsAsynchronousServerSocketChannelImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -363,7 +363,7 @@ private static native void closesocket0(long socket) throws IOException; static { - Util.load(); + IOUtil.load(); initIDs(); } }
--- a/src/windows/classes/sun/nio/ch/WindowsAsynchronousSocketChannelImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/nio/ch/WindowsAsynchronousSocketChannelImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -938,7 +938,7 @@ private static native void closesocket0(long socket) throws IOException; static { - Util.load(); + IOUtil.load(); initIDs(); } }
--- a/src/windows/classes/sun/nio/ch/WindowsSelectorImpl.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/nio/ch/WindowsSelectorImpl.java Sat Sep 10 22:36:17 2016 +0100 @@ -611,6 +611,6 @@ } static { - Util.load(); + IOUtil.load(); } }
--- a/src/windows/classes/sun/security/krb5/internal/tools/Kinit.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/security/krb5/internal/tools/Kinit.java Sat Sep 10 22:36:17 2016 +0100 @@ -206,9 +206,7 @@ System.out.println(">>> Kinit realm name is " + realm); } - PrincipalName sname = new PrincipalName("krbtgt" + "/" + realm, - PrincipalName.KRB_NT_SRV_INST); - sname.setRealm(realm); + PrincipalName sname = PrincipalName.tgsService(realm, realm); builder.setTarget(sname); if (DEBUG) {
--- a/src/windows/classes/sun/security/krb5/internal/tools/KinitOptions.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/security/krb5/internal/tools/KinitOptions.java Sat Sep 10 22:36:17 2016 +0100 @@ -146,15 +146,6 @@ "Principal name: " + p + e.getMessage()); } - if (principal.getRealm() == null) { - String realm = - Config.getInstance().getDefault("default_realm", - "libdefaults"); - if (realm != null) { - principal.setRealm(realm); - } else throw new IllegalArgumentException("invalid " + - "Realm name"); - } } else if (this.password == null) { // Have already processed a Principal, this must be a password password = args[i].toCharArray(); @@ -175,16 +166,6 @@ } PrincipalName getDefaultPrincipal() { - String cname; - String realm = null; - try { - realm = Config.getInstance().getDefaultRealm(); - } catch (KrbException e) { - System.out.println ("Can not get default realm " + - e.getMessage()); - e.printStackTrace(); - return null; - } // get default principal name from the cachename if it is // available. @@ -204,10 +185,6 @@ } PrincipalName p = cis.readPrincipal(version); cis.close(); - String temp = p.getRealmString(); - if (temp == null) { - p.setRealm(realm); - } if (DEBUG) { System.out.println(">>>KinitOptions principal name from "+ "the cache is :" + p); @@ -230,19 +207,15 @@ System.out.println(">>>KinitOptions default username is :" + username); } - if (realm != null) { - try { - PrincipalName p = new PrincipalName(username); - if (p.getRealm() == null) - p.setRealm(realm); - return p; - } catch (RealmException e) { - // ignore exception , return null - if (DEBUG) { - System.out.println ("Exception in getting principal " + - "name " + e.getMessage()); - e.printStackTrace(); - } + try { + PrincipalName p = new PrincipalName(username); + return p; + } catch (RealmException e) { + // ignore exception , return null + if (DEBUG) { + System.out.println ("Exception in getting principal " + + "name " + e.getMessage()); + e.printStackTrace(); } } return null;
--- a/src/windows/classes/sun/security/krb5/internal/tools/Ktab.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/security/krb5/internal/tools/Ktab.java Sat Sep 10 22:36:17 2016 +0100 @@ -255,9 +255,6 @@ PrincipalName pname = null; try { pname = new PrincipalName(principal); - if (pname.getRealm() == null) { - pname.setRealm(Config.getInstance().getDefaultRealm()); - } } catch (KrbException e) { System.err.println("Failed to add " + principal + " to keytab."); @@ -364,9 +361,6 @@ PrincipalName pname = null; try { pname = new PrincipalName(principal); - if (pname.getRealm() == null) { - pname.setRealm(Config.getInstance().getDefaultRealm()); - } if (!forced) { String answer; BufferedReader cis =
--- a/src/windows/classes/sun/security/mscapi/KeyStore.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/security/mscapi/KeyStore.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,7 +29,6 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.math.BigInteger; import java.security.AccessController; import java.security.InvalidKeyException; import java.security.KeyStoreSpi; @@ -40,15 +39,9 @@ import java.security.cert.X509Certificate; import java.security.cert.Certificate; import java.security.cert.CertificateException; -import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateFactory; import java.security.interfaces.RSAPrivateCrtKey; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Date; -import java.util.Enumeration; -import java.util.Iterator; -import java.util.UUID; +import java.util.*; import sun.security.action.GetPropertyAction; @@ -144,7 +137,7 @@ key.getPrimeExponentQ().toByteArray(), key.getCrtCoefficient().toByteArray()); - privateKey = storePrivateKey(keyBlob, + privateKey = storePrivateKey(Objects.requireNonNull(keyBlob), "{" + UUID.randomUUID().toString() + "}", keyBitLength); } @@ -319,7 +312,7 @@ if (alias.equals(entry.getAlias())) { X509Certificate[] certChain = entry.getCertificateChain(); - return certChain[0]; + return certChain.length == 0 ? null : certChain[0]; } } @@ -564,20 +557,20 @@ * * @return enumeration of the alias names */ - public Enumeration engineAliases() { + public Enumeration<String> engineAliases() { - final Iterator iter = entries.iterator(); + final Iterator<KeyEntry> iter = entries.iterator(); - return new Enumeration() + return new Enumeration<String>() { public boolean hasMoreElements() { return iter.hasNext(); } - public Object nextElement() + public String nextElement() { - KeyEntry entry = (KeyEntry) iter.next(); + KeyEntry entry = iter.next(); return entry.getAlias(); } }; @@ -591,10 +584,10 @@ * @return true if the alias exists, false otherwise */ public boolean engineContainsAlias(String alias) { - for (Enumeration enumerator = engineAliases(); + for (Enumeration<String> enumerator = engineAliases(); enumerator.hasMoreElements();) { - String a = (String) enumerator.nextElement(); + String a = enumerator.nextElement(); if (a.equals(alias)) return true; @@ -774,7 +767,8 @@ * certificates and stores the result into a key entry. */ private void generateCertificateChain(String alias, - Collection certCollection, Collection<KeyEntry> entries) + Collection<? extends Certificate> certCollection, + Collection<KeyEntry> entries) { try { @@ -782,7 +776,8 @@ new X509Certificate[certCollection.size()]; int i = 0; - for (Iterator iter=certCollection.iterator(); iter.hasNext(); i++) + for (Iterator<? extends Certificate> iter = + certCollection.iterator(); iter.hasNext(); i++) { certChain[i] = (X509Certificate) iter.next(); } @@ -805,7 +800,8 @@ */ private void generateRSAKeyAndCertificateChain(String alias, long hCryptProv, long hCryptKey, int keyLength, - Collection certCollection, Collection<KeyEntry> entries) + Collection<? extends Certificate> certCollection, + Collection<KeyEntry> entries) { try { @@ -813,7 +809,8 @@ new X509Certificate[certCollection.size()]; int i = 0; - for (Iterator iter=certCollection.iterator(); iter.hasNext(); i++) + for (Iterator<? extends Certificate> iter = + certCollection.iterator(); iter.hasNext(); i++) { certChain[i] = (X509Certificate) iter.next(); } @@ -837,19 +834,20 @@ * @param data Byte data. * @param certCollection Collection of certificates. */ - private void generateCertificate(byte[] data, Collection certCollection) - { + private void generateCertificate(byte[] data, + Collection<Certificate> certCollection) { try { ByteArrayInputStream bis = new ByteArrayInputStream(data); // Obtain certificate factory if (certificateFactory == null) { - certificateFactory = CertificateFactory.getInstance("X.509"); + certificateFactory = CertificateFactory.getInstance("X.509", "SUN"); } // Generate certificate - Collection c = certificateFactory.generateCertificates(bis); + Collection<? extends Certificate> c = + certificateFactory.generateCertificates(bis); certCollection.addAll(c); } catch (CertificateException e)
--- a/src/windows/classes/sun/security/mscapi/PRNG.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/security/mscapi/PRNG.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,8 +37,7 @@ public final class PRNG extends SecureRandomSpi implements java.io.Serializable { - // TODO - generate the serialVersionUID - //private static final long serialVersionUID = XXX; + private static final long serialVersionUID = 4129268715132691532L; /* * The CryptGenRandom function fills a buffer with cryptographically random
--- a/src/windows/classes/sun/security/mscapi/RSAPrivateKey.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/security/mscapi/RSAPrivateKey.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -35,6 +35,8 @@ */ class RSAPrivateKey extends Key implements PrivateKey { + private static final long serialVersionUID = 8113152807912338063L; + /** * Construct an RSAPrivateKey object. */
--- a/src/windows/classes/sun/security/mscapi/RSAPublicKey.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/security/mscapi/RSAPublicKey.java Sat Sep 10 22:36:17 2016 +0100 @@ -26,11 +26,9 @@ package sun.security.mscapi; import java.math.BigInteger; -import java.security.InvalidKeyException; import java.security.KeyException; import java.security.KeyRep; import java.security.ProviderException; -import java.security.PublicKey; import sun.security.rsa.RSAPublicKeyImpl; @@ -41,6 +39,8 @@ */ class RSAPublicKey extends Key implements java.security.interfaces.RSAPublicKey { + private static final long serialVersionUID = -2289561342425825391L; + private byte[] publicKeyBlob = null; private byte[] encoding = null; private BigInteger modulus = null;
--- a/src/windows/classes/sun/security/mscapi/RSASignature.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/security/mscapi/RSASignature.java Sat Sep 10 22:36:17 2016 +0100 @@ -30,14 +30,10 @@ import java.security.PrivateKey; import java.security.InvalidKeyException; import java.security.InvalidParameterException; -import java.security.InvalidAlgorithmParameterException; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.ProviderException; import java.security.MessageDigest; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.SignatureSpi; import java.security.SignatureException; import java.math.BigInteger; @@ -483,6 +479,7 @@ * #engineSetParameter(java.security.spec.AlgorithmParameterSpec) * engineSetParameter}. */ + @Deprecated protected void engineSetParameter(String param, Object value) throws InvalidParameterException { @@ -512,6 +509,7 @@ * * @deprecated */ + @Deprecated protected Object engineGetParameter(String param) throws InvalidParameterException {
--- a/src/windows/classes/sun/security/mscapi/SunMSCAPI.java Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/classes/sun/security/mscapi/SunMSCAPI.java Sat Sep 10 22:36:17 2016 +0100 @@ -28,7 +28,6 @@ import java.security.AccessController; import java.security.PrivilegedAction; import java.security.Provider; -import java.security.ProviderException; import java.util.HashMap; import java.util.Map; @@ -62,8 +61,9 @@ // if there is no security manager installed, put directly into // the provider. Otherwise, create a temporary map and use a // doPrivileged() call at the end to transfer the contents - final Map map = (System.getSecurityManager() == null) - ? (Map)this : new HashMap(); + final Map<Object, Object> map = + (System.getSecurityManager() == null) + ? this : new HashMap<Object, Object>(); /* * Secure random
--- a/src/windows/native/sun/security/krb5/NativeCreds.c Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/native/sun/security/krb5/NativeCreds.c Sat Sep 10 22:36:17 2016 +0100 @@ -67,7 +67,6 @@ jmethodID ticketFlagsConstructor = 0; jmethodID kerberosTimeConstructor = 0; jmethodID krbcredsConstructor = 0; -jmethodID setRealmMethod = 0; /* * Function prototypes for internal routines @@ -279,7 +278,7 @@ } principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, - "<init>", "([Ljava/lang/String;)V"); + "<init>", "([Ljava/lang/String;Ljava/lang/String;)V"); if (principalNameConstructor == 0) { printf("LSA: Couldn't find PrincipalName constructor\n"); return JNI_ERR; @@ -318,14 +317,6 @@ printf("LSA: Found KerberosTime constructor\n"); } - // load the setRealm method in PrincipalName - setRealmMethod = (*env)->GetMethodID(env, principalNameClass, - "setRealm", "(Ljava/lang/String;)V"); - if (setRealmMethod == 0) { - printf("LSA: Couldn't find setRealm in PrincipalName\n"); - return JNI_ERR; - } - if (native_debug) { printf("LSA: Finished OnLoad processing\n"); } @@ -975,13 +966,12 @@ // Do I have to worry about storage reclamation here? } - principal = (*env)->NewObject(env, principalNameClass, - principalNameConstructor, stringArray); - // now set the realm in the principal realmLen = (ULONG)wcslen((PWCHAR)realm); realmStr = (*env)->NewString(env, (PWCHAR)realm, (USHORT)realmLen); - (*env)->CallVoidMethod(env, principal, setRealmMethod, realmStr); + + principal = (*env)->NewObject(env, principalNameClass, + principalNameConstructor, stringArray, realmStr); // free local resources LocalFree(realm);
--- a/src/windows/native/sun/security/mscapi/security.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/native/sun/security/mscapi/security.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -74,7 +74,10 @@ const char* pszHashAlgorithm = NULL; ALG_ID algId = 0; - pszHashAlgorithm = env->GetStringUTFChars(jHashAlgorithm, NULL); + if ((pszHashAlgorithm = env->GetStringUTFChars(jHashAlgorithm, NULL)) + == NULL) { + return algId; + } if ((strcmp("SHA", pszHashAlgorithm) == 0) || (strcmp("SHA1", pszHashAlgorithm) == 0) || @@ -179,7 +182,9 @@ */ if (length < 0) { length = env->GetArrayLength(seed); - reseedBytes = env->GetByteArrayElements(seed, 0); + if ((reseedBytes = env->GetByteArrayElements(seed, 0)) == NULL) { + __leave; + } if (::CryptGenRandom( hCryptProv, @@ -211,7 +216,9 @@ } else { // length == 0 length = env->GetArrayLength(seed); - seedBytes = env->GetByteArrayElements(seed, 0); + if ((seedBytes = env->GetByteArrayElements(seed, 0)) == NULL) { + __leave; + } if (::CryptGenRandom( hCryptProv, @@ -275,7 +282,10 @@ __try { // Open a system certificate store. - pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL); + if ((pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL)) + == NULL) { + __leave; + } if ((hCertStore = ::CertOpenSystemStore(NULL, pszCertStoreName)) == NULL) { @@ -710,7 +720,10 @@ __try { - pszKeyContainerName = env->GetStringUTFChars(keyContainerName, NULL); + if ((pszKeyContainerName = + env->GetStringUTFChars(keyContainerName, NULL)) == NULL) { + __leave; + } // Acquire a CSP context (create a new key container). // Prefer a PROV_RSA_AES CSP, when available, due to its support @@ -847,7 +860,10 @@ __try { // Open a system certificate store. - pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL); + if ((pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL)) + == NULL) { + __leave; + } if ((hCertStore = ::CertOpenSystemStore(NULL, pszCertStoreName)) == NULL) { ThrowException(env, KEYSTORE_EXCEPTION, GetLastError()); __leave; @@ -1086,7 +1102,10 @@ __try { // Open a system certificate store. - pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL); + if ((pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL)) + == NULL) { + __leave; + } if ((hCertStore = ::CertOpenSystemStore(NULL, pszCertStoreName)) == NULL) { ThrowException(env, KEYSTORE_EXCEPTION, GetLastError()); __leave; @@ -1123,7 +1142,10 @@ cchNameString); // Compare the certificate's friendly name with supplied alias name - pszCertAliasName = env->GetStringUTFChars(jCertAliasName, NULL); + if ((pszCertAliasName = env->GetStringUTFChars(jCertAliasName, NULL)) + == NULL) { + __leave; + } if (strcmp(pszCertAliasName, pszNameString) == 0) { // Only delete the certificate if the alias names matches @@ -1181,7 +1203,10 @@ __try { - pszKeyContainerName = env->GetStringUTFChars(keyContainerName, NULL); + if ((pszKeyContainerName = + env->GetStringUTFChars(keyContainerName, NULL)) == NULL) { + __leave; + } // Destroying the default key container is not permitted // (because it may contain more one keypair). @@ -1234,8 +1259,14 @@ __try { - pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL); - pszCertAliasName = env->GetStringUTFChars(jCertAliasName, NULL); + if ((pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL)) + == NULL) { + __leave; + } + if ((pszCertAliasName = env->GetStringUTFChars(jCertAliasName, NULL)) + == NULL) { + __leave; + } // Open a system certificate store. if ((hCertStore = ::CertOpenSystemStore(NULL, pszCertStoreName)) == NULL) { @@ -1530,7 +1561,9 @@ __try { jsize length = env->GetArrayLength(jKeyBlob); - keyBlob = env->GetByteArrayElements(jKeyBlob, 0); + if ((keyBlob = env->GetByteArrayElements(jKeyBlob, 0)) == NULL) { + __leave; + } PUBLICKEYSTRUC* pPublicKeyStruc = (PUBLICKEYSTRUC *) keyBlob; @@ -1580,7 +1613,9 @@ __try { jsize length = env->GetArrayLength(jKeyBlob); - keyBlob = env->GetByteArrayElements(jKeyBlob, 0); + if ((keyBlob = env->GetByteArrayElements(jKeyBlob, 0)) == NULL) { + __leave; + } PUBLICKEYSTRUC* pPublicKeyStruc = (PUBLICKEYSTRUC *) keyBlob; @@ -1624,26 +1659,36 @@ int convertToLittleEndian(JNIEnv *env, jbyteArray source, jbyte* destination, int destinationLength) { - int count = 0; int sourceLength = env->GetArrayLength(source); - if (sourceLength < destinationLength) { + jbyte* sourceBytes = env->GetByteArrayElements(source, 0); + if (sourceBytes == NULL) { return -1; } - jbyte* sourceBytes = env->GetByteArrayElements(source, 0); + int copyLen = sourceLength; + if (sourceLength > destinationLength) { + // source might include an extra sign byte + if (sourceLength == destinationLength + 1 && sourceBytes[0] == 0) { + copyLen--; + } else { + return -1; + } + } // Copy bytes from the end of the source array to the beginning of the // destination array (until the destination array is full). // This ensures that the sign byte from the source array will be excluded. - for (int i = 0; i < destinationLength; i++) { - destination[i] = sourceBytes[sourceLength - i - 1]; - count++; + for (int i = 0; i < copyLen; i++) { + destination[i] = sourceBytes[sourceLength - 1 - i]; } - if (sourceBytes) - env->ReleaseByteArrayElements(source, sourceBytes, JNI_ABORT); + if (copyLen < destinationLength) { + memset(destination + copyLen, 0, destinationLength - copyLen); + } - return count; + env->ReleaseByteArrayElements(source, sourceBytes, JNI_ABORT); + + return destinationLength; } /* @@ -1740,45 +1785,61 @@ } // The length argument must be the smaller of jPublicExponentLength // and sizeof(pRsaPubKey->pubkey) - convertToLittleEndian(env, jPublicExponent, - (jbyte *) &(pRsaPubKey->pubexp), jPublicExponentLength); + if ((jElementLength = convertToLittleEndian(env, jPublicExponent, + (jbyte *) &(pRsaPubKey->pubexp), jPublicExponentLength)) < 0) { + __leave; + } // Modulus n jBlobElement = (jbyte *) (jBlobBytes + sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY)); - jElementLength = convertToLittleEndian(env, jModulus, jBlobElement, - jKeyByteLength); + if ((jElementLength = convertToLittleEndian(env, jModulus, jBlobElement, + jKeyByteLength)) < 0) { + __leave; + } if (bGeneratePrivateKeyBlob) { // Prime p jBlobElement += jElementLength; - jElementLength = convertToLittleEndian(env, jPrimeP, jBlobElement, - jKeyByteLength / 2); + if ((jElementLength = convertToLittleEndian(env, jPrimeP, + jBlobElement, jKeyByteLength / 2)) < 0) { + __leave; + } // Prime q jBlobElement += jElementLength; - jElementLength = convertToLittleEndian(env, jPrimeQ, jBlobElement, - jKeyByteLength / 2); + if ((jElementLength = convertToLittleEndian(env, jPrimeQ, + jBlobElement, jKeyByteLength / 2)) < 0) { + __leave; + } // Prime exponent p jBlobElement += jElementLength; - jElementLength = convertToLittleEndian(env, jExponentP, - jBlobElement, jKeyByteLength / 2); + if ((jElementLength = convertToLittleEndian(env, jExponentP, + jBlobElement, jKeyByteLength / 2)) < 0) { + __leave; + } // Prime exponent q jBlobElement += jElementLength; - jElementLength = convertToLittleEndian(env, jExponentQ, - jBlobElement, jKeyByteLength / 2); + if ((jElementLength = convertToLittleEndian(env, jExponentQ, + jBlobElement, jKeyByteLength / 2)) < 0) { + __leave; + } // CRT coefficient jBlobElement += jElementLength; - jElementLength = convertToLittleEndian(env, jCrtCoefficient, - jBlobElement, jKeyByteLength / 2); + if ((jElementLength = convertToLittleEndian(env, jCrtCoefficient, + jBlobElement, jKeyByteLength / 2)) < 0) { + __leave; + } // Private exponent jBlobElement += jElementLength; - convertToLittleEndian(env, jPrivateExponent, jBlobElement, - jKeyByteLength); + if ((jElementLength = convertToLittleEndian(env, jPrivateExponent, + jBlobElement, jKeyByteLength)) < 0) { + __leave; + } } jBlob = env->NewByteArray(jBlobLength); @@ -1849,9 +1910,15 @@ __try { - pszKeyContainerName = env->GetStringUTFChars(keyContainerName, NULL); + if ((pszKeyContainerName = + env->GetStringUTFChars(keyContainerName, NULL)) == NULL) { + __leave; + } dwBlobLen = env->GetArrayLength(keyBlob); - pbKeyBlob = (BYTE *) env->GetByteArrayElements(keyBlob, 0); + if ((pbKeyBlob = (BYTE *) env->GetByteArrayElements(keyBlob, 0)) + == NULL) { + __leave; + } // Acquire a CSP context (create a new key container). if (::CryptAcquireContext( @@ -1923,7 +1990,10 @@ __try { dwBlobLen = env->GetArrayLength(keyBlob); - pbKeyBlob = (BYTE *) env->GetByteArrayElements(keyBlob, 0); + if ((pbKeyBlob = (BYTE *) env->GetByteArrayElements(keyBlob, 0)) + == NULL) { + __leave; + } // Acquire a CSP context (create a new key container). // Prefer a PROV_RSA_AES CSP, when available, due to its support
--- a/src/windows/native/sun/windows/awt_Font.cpp Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/native/sun/windows/awt_Font.cpp Sat Sep 10 22:36:17 2016 +0100 @@ -248,7 +248,7 @@ AwtFont* awtFont = NULL; jobjectArray compFont = NULL; - int cfnum; + int cfnum = 0; try { if (env->EnsureLocalCapacity(3) < 0) @@ -256,7 +256,9 @@ if (IsMultiFont(env, font)) { compFont = GetComponentFonts(env, font); - cfnum = env->GetArrayLength(compFont); + if (compFont != NULL) { + cfnum = env->GetArrayLength(compFont); + } } else { compFont = NULL; cfnum = 0; @@ -601,7 +603,9 @@ if (IsMultiFont(env, font)) { array = GetComponentFonts(env, font); - num = env->GetArrayLength(array); + if (array != NULL) { + num = env->GetArrayLength(array); + } } else { array = NULL; num = 0; @@ -656,14 +660,16 @@ if (IsMultiFont(env, font)) { jobject peer = env->CallObjectMethod(font, AwtFont::peerMID); - array = (jobjectArray)(env->CallObjectMethod( - peer, AwtFont::makeConvertedMultiFontStringMID, str)); - DASSERT(!safe_ExceptionOccurred(env)); + if (peer != NULL) { + array = (jobjectArray)(env->CallObjectMethod( + peer, AwtFont::makeConvertedMultiFontStringMID, str)); + DASSERT(!safe_ExceptionOccurred(env)); - if (array != NULL) { - arrayLength = env->GetArrayLength(array); + if (array != NULL) { + arrayLength = env->GetArrayLength(array); + } + env->DeleteLocalRef(peer); } - env->DeleteLocalRef(peer); } else { array = NULL; arrayLength = 0;
--- a/src/windows/native/sun/windows/awt_Font.h Fri Jul 29 04:24:21 2016 +0100 +++ b/src/windows/native/sun/windows/awt_Font.h Sat Sep 10 22:36:17 2016 +0100 @@ -230,11 +230,14 @@ INLINE static jobjectArray GetComponentFonts(JNIEnv *env, jobject font) { jobject platformFont = env->CallObjectMethod(font, AwtFont::peerMID); - jobjectArray result = - (jobjectArray)(env->GetObjectField(platformFont, - AwtFont::componentFontsID)); - env->DeleteLocalRef(platformFont); - return result; + if (platformFont != NULL) { + jobjectArray result = + (jobjectArray)(env->GetObjectField(platformFont, + AwtFont::componentFontsID)); + env->DeleteLocalRef(platformFont); + return result; + } + return NULL; } /*
--- a/test/ProblemList.txt Fri Jul 29 04:24:21 2016 +0100 +++ b/test/ProblemList.txt Sat Sep 10 22:36:17 2016 +0100 @@ -43,11 +43,11 @@ # # List items are testnames followed by labels, all MUST BE commented # as to why they are here and use a label: -# generic-all Problems on all platforms -# generic-ARCH Where ARCH is one of: sparc, sparcv9, x64, i586, etc. -# OSNAME-all Where OSNAME is one of: solaris, linux, windows -# OSNAME-ARCH Specific on to one OSNAME and ARCH, e.g. solaris-x64 -# OSNAME-REV Specific on to one OSNAME and REV, e.g. solaris-5.8 +# generic-all Problems on all platforms +# generic-ARCH Where ARCH is one of: sparc, sparcv9, x64, i586, etc. +# OSNAME-all Where OSNAME is one of: solaris, linux, windows, macosx, aix +# OSNAME-ARCH Specific on to one OSNAME and ARCH, e.g. solaris-amd64 +# OSNAME-REV Specific on to one OSNAME and REV, e.g. solaris-5.8 # # More than one label is allowed but must be on the same line. # @@ -221,6 +221,11 @@ # Windows i586 failure, callback did not complete javax/management/eventService/LeaseManagerDeadlockTest.java windows-all +# 8030957 +com/sun/management/OperatingSystemMXBean/GetProcessCpuLoad.java aix-all +com/sun/management/OperatingSystemMXBean/GetSystemCpuLoad.java aix-all +javax/management/MBeanServer/OldMBeanServerTest.java aix-all + ############################################################################ # jdk_math
--- a/test/com/sun/corba/5036554/TestCorbaBug.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/com/sun/corba/5036554/TestCorbaBug.sh Sat Sep 10 22:36:17 2016 +0100 @@ -48,7 +48,7 @@ # set platform-dependent variables OS=`uname -s` case "$OS" in - SunOS | Linux | Darwin ) + SunOS | Linux | Darwin | AIX ) PS=":" FS="/" ;;
--- a/test/com/sun/jdi/CatchPatternTest.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/com/sun/jdi/CatchPatternTest.sh Sat Sep 10 22:36:17 2016 +0100 @@ -35,44 +35,44 @@ cat <<EOF > $classname.java.1 public class $classname { public void bark(int i) { - System.out.println(" bark: " + i); - switch (i) { - case 0: - throw new IllegalArgumentException("IllegalArgumentException"); - case 1: - throw new ArithmeticException("ArithmeticException"); - case 2: - throw new IllegalMonitorStateException("IllegalMonitorStateException"); - case 3: - throw new IndexOutOfBoundsException("IndexOutOfBoundsException"); - default: - throw new Error("should not happen"); - } + System.out.println(" bark: " + i); + switch (i) { + case 0: + throw new IllegalArgumentException("IllegalArgumentException"); + case 1: + throw new ArithmeticException("ArithmeticException"); + case 2: + throw new IllegalMonitorStateException("IllegalMonitorStateException"); + case 3: + throw new IndexOutOfBoundsException("IndexOutOfBoundsException"); + default: + throw new Error("should not happen"); + } } public void loop(int max) { - for (int i = 0; i <= max; i++) { - try { - bark(i); - } catch(RuntimeException re) { - System.out.println(" loop: " + re.getMessage() + - " caught and ignored."); - } - } + for (int i = 0; i <= max; i++) { + try { + bark(i); + } catch(RuntimeException re) { + System.out.println(" loop: " + re.getMessage() + + " caught and ignored."); + } + } } public void partOne() { loop(2); - System.out.println("partOne completed"); + System.out.println("partOne completed"); } public void partTwo() { loop(3); - System.out.println("partTwo completed"); + System.out.println("partTwo completed"); } public static void main(String[] args) { - System.out.println("Howdy!"); + System.out.println("Howdy!"); $classname my = new $classname(); - my.partOne(); - my.partTwo(); - System.out.println("Goodbye from $classname!"); + my.partOne(); + my.partTwo(); + System.out.println("Goodbye from $classname!"); } } EOF
--- a/test/com/sun/jdi/GetLocalVariables4Test.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/com/sun/jdi/GetLocalVariables4Test.sh Sat Sep 10 22:36:17 2016 +0100 @@ -39,12 +39,12 @@ public class GetLocalVariables4Targ { public static void main(String[] args) { System.out.println("Howdy!"); - int i = 0; - try { - i = 16 / i; - } catch(Exception e) { - System.out.println("e should be visible"); // @1 breakpoint - } + int i = 0; + try { + i = 16 / i; + } catch(Exception e) { + System.out.println("e should be visible"); // @1 breakpoint + } System.out.println("Goodbye from GetLocalVariables4Targ!"); } }
--- a/test/com/sun/jdi/JdbMethodExitTest.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/com/sun/jdi/JdbMethodExitTest.sh Sat Sep 10 22:36:17 2016 +0100 @@ -156,7 +156,7 @@ // a resume. $classname xx = new $classname(); - + System.out.println("threadid="+Thread.currentThread().getId()); bkpt(); // test all possible return types @@ -197,6 +197,8 @@ # test all possible return types runToBkpt @1 + debuggeeMatchRegexp "s/threadid=\(.*\)/\1/g" + threadid=$? cmd untrace cmd trace methods @@ -226,7 +228,7 @@ # trace exit of methods with all the return values # (but just check a couple of them) - cmd trace go exits + cmd trace go method exits $threadid cmd cont jdbFailIfNotPresent "instance of JdbMethodExitTest" jdbFailIfNotPresent "return value = 8" @@ -235,7 +237,7 @@ cmd step up - cmd trace methods + cmd trace methods $threadid cmd cont jdbFailIfNotPresent "Method entered:" cmd cont @@ -243,7 +245,9 @@ cmd step up - cmd trace go methods + cmd trace go methods $threadid + cmd cont + cmd cont cmd cont jdbFailIfNotPresent "Method entered: \"thread=main\", JdbMethodExitTest.traceMethods1" jdbFailIfNotPresent 'Method exited: .* JdbMethodExitTest.traceMethods1' @@ -251,14 +255,14 @@ cmd step up - cmd trace method exits + cmd trace method exits $threadid cmd cont jdbFailIfNotPresent "Method exited: return value = \"traceExits\"" cmd untrace cmd step up - cmd trace go method exits + cmd trace go method exits $threadid cmd cont jdbFailIfNotPresent 'Method exited: .* JdbMethodExitTest.traceExits1' cmd untrace @@ -266,7 +270,7 @@ cmd step # step into traceExit() - cmd trace method exit + cmd trace method exit $threadid cmd cont jdbFailIfNotPresent "Method exited: return value = \"traceExit\"" cmd untrace @@ -275,7 +279,7 @@ cmd step cmd step # skip over setting return value in caller :-( - cmd trace go method exit + cmd trace go method exit $threadid cmd cont jdbFailIfNotPresent 'Method exited: .*JdbMethodExitTest.traceExit1' cmd quit
--- a/test/com/sun/jdi/JdbReadTwiceTest.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/com/sun/jdi/JdbReadTwiceTest.sh Sat Sep 10 22:36:17 2016 +0100 @@ -204,22 +204,6 @@ clean fi - -if [ ! -r c:/ ] ; then - # Can't make a file unreadable under MKS. - echo - echo "+++++++++++++++++++++++++++++++++++" - echo "Read an unreadable file - verify the read fails." - # If the file exists, we try to read it. The - # read will fail. - mkFiles $HOME/jdb.ini - chmod a-r $HOME/jdb.ini - doit - failIfNot 1 "open: $HOME/jdb.ini" - clean -fi - - echo echo "+++++++++++++++++++++++++++++++++++" echo "Read a directory - verify the read fails" @@ -239,8 +223,8 @@ doit failIfNot 1 "from $fred" - if [ ! -r c:/ ] ; then - # Can't make a file unreadable under MKS + if [ "$canMakeUnreadable" = "Yes" ] + then chmod a-r $fred doit failIfNot 1 "open: $fred"
--- a/test/com/sun/jdi/NullLocalVariable.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/com/sun/jdi/NullLocalVariable.sh Sat Sep 10 22:36:17 2016 +0100 @@ -40,10 +40,10 @@ public static final void main(String args[]) { try { System.out.println("hi!"); // @1 breakpoint - } catch (Exception e) { + } catch (Exception e) { e.printStackTrace(); } finally { - System.out.println("done"); + System.out.println("done"); } } } @@ -54,11 +54,11 @@ dojdbCmds() { #set -x - cmd stop at badscope:4 ; $sleepcmd - runToBkpt ; $sleepcmd - cmd next ; $sleepcmd - cmd next ; $sleepcmd - cmd locals ; $sleepcmd + cmd stop at badscope:4 ; $sleepcmd + runToBkpt ; $sleepcmd + cmd next ; $sleepcmd + cmd next ; $sleepcmd + cmd locals ; $sleepcmd cmd cont } @@ -71,7 +71,7 @@ for ii in . $TESTSRC $TESTSRC/.. ; do if [ -r "$ii/ShellScaffold.sh" ] ; then - . $ii/ShellScaffold.sh + . $ii/ShellScaffold.sh break fi done
--- a/test/com/sun/jdi/PrivateTransportTest.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/com/sun/jdi/PrivateTransportTest.sh Sat Sep 10 22:36:17 2016 +0100 @@ -67,9 +67,9 @@ # is given on the command line, tell the user that and use a default. # THIS IS THE JDK BEING TESTED. if [ -n "$1" ] ; then - TESTJAVA=$1 + TESTJAVA=$1 else - TESTJAVA=$JAVA_HOME + TESTJAVA=$JAVA_HOME fi TESTSRC=. TESTCLASSES=. @@ -123,7 +123,7 @@ esac libloc=${jreloc}/lib/${libarch} ;; - Linux) + Linux|AIX) xx=`find ${jreloc}/lib -name libdt_socket.so` libloc=`dirname ${xx}` ;; @@ -182,13 +182,23 @@ echo cp ${libloc}/libdt_socket.so ${fullpath} cp ${libloc}/libdt_socket.so ${fullpath} # make sure we can find libraries in current directory - if [ "${LD_LIBRARY_PATH}" = "" ] ; then - LD_LIBRARY_PATH=${libdir} + if [ "$os" = "AIX" ] ; then + if [ "${LIBPATH}" = "" ] ; then + LIBPATH=${libdir} + else + LIBPATH=${LIBPATH}:${libdir} + fi + export LIBPATH + echo LIBPATH=${LIBPATH} else - LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:${libdir} + if [ "${LD_LIBRARY_PATH}" = "" ] ; then + LD_LIBRARY_PATH=${libdir} + else + LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:${libdir} + fi + export LD_LIBRARY_PATH + echo LD_LIBRARY_PATH=${LD_LIBRARY_PATH} fi - export LD_LIBRARY_PATH - echo LD_LIBRARY_PATH=${LD_LIBRARY_PATH} else echo "cannot find dt_socket in ${libloc} for ${private_transport}" fail "cannot find dt_socket in ${libloc} for ${private_transport}"
--- a/test/com/sun/jdi/RedefineFinal.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/com/sun/jdi/RedefineFinal.sh Sat Sep 10 22:36:17 2016 +0100 @@ -42,15 +42,15 @@ public final class $1 { public int m1(int i) { - // @1 uncomment System.out.println("I'm here"); - return m2(i, 1000); + // @1 uncomment System.out.println("I'm here"); + return m2(i, 1000); } public int m2(int i, int j) { - if (i < 0 || j < 0) { // @1 breakpoint + if (i < 0 || j < 0) { // @1 breakpoint throw new IllegalArgumentException(); - } - return i+j; + } + return i+j; } $1() { @@ -59,7 +59,7 @@ } public static void main(String args[]) { - new $1(); + new $1(); } } EOF
--- a/test/com/sun/jdi/RedefineIntConstantToLong.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/com/sun/jdi/RedefineIntConstantToLong.sh Sat Sep 10 22:36:17 2016 +0100 @@ -44,18 +44,18 @@ public long m1(int i) { long r=0; r = m2(i * 2); // @1 commentout - // @1 uncomment r =m2(i * 2L); + // @1 uncomment r =m2(i * 2L); return r; } public long m2(int j) { - System.out.println(System.getProperty("line.separator") + + System.out.println(System.getProperty("line.separator") + "**** public long m2(int j) with value: " + j); return j; } public long m2(long j) { - System.out.println(System.getProperty("line.separator") + + System.out.println(System.getProperty("line.separator") + "**** public long m2(long j) with value: " + j); return j; } @@ -66,7 +66,7 @@ r1 = m1(1000); r2 = 0; // @1 breakpoint r2 = m1(1000); - if (r1 != r2) { // @1 breakpoint + if (r1 != r2) { // @1 breakpoint throw new Exception("FAILURE: Expected value: " + r1 + " Actual value: " + r2); } else { System.out.println("SUCCESS: Expected value: " + r1 + " Actual value: " + r2); @@ -74,7 +74,7 @@ } public static void main(String args[]) throws Exception { - new $1().doit(); + new $1().doit(); } } EOF
--- a/test/com/sun/jdi/ShellScaffold.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/com/sun/jdi/ShellScaffold.sh Sat Sep 10 22:36:17 2016 +0100 @@ -43,11 +43,11 @@ # in your java file # classname=<classnam> Omit this to use the default class name, 'shtest'. -# compileOptions=<string> compile options for at least the first compile, +# compileOptions=<string> compile options for at least the first compile, # eg, compileOptions=-g # compileOptions2=<string> Options for the 2nd, ..., compile. compileOptions1 # is used if this is not set. To use no compile -# options for the 2nd ... compiles, do +# options for the 2nd ... compiles, do # compileOptions2=none # # mode=-Xcomp or mode=-Xint to run in these modes. These should not @@ -88,12 +88,12 @@ # # The only other tag supported is @1 breakpoint. The setbkpts function # sets bkpts at all lines that contain this string. -# +# # Currently, all these tags are start with @1. It is envisioned that this script # could be ehanced to allow multiple cycles of redefines by allowing # @2, @3, ... tags. IE, processing the @i tags in the ith version of # the file will produce the i+1th version of the file. -# +# # There are problem with jtreg leaving behind orphan java and jdb processes # when this script is run. Sometimes, on some platforms, it just doesn't # get them all killed properly. @@ -110,7 +110,7 @@ # # mks 6.2a on win 98 presents two problems: # $! returns the PID as a negative number whereas ps returns -# it in the form 0xFFF.... This means our trick of +# it in the form 0xFFF.... This means our trick of # of using $! to get the PIDs of the jdb and debuggee processes # doesn't work. This will cause some error cases to fail # with a jtreg timeout instead of failing more gracefully. @@ -167,7 +167,7 @@ # then use ps to find the cygwin pid to be killed. # The form of a ps output line is # ^ ddddd dddd dddd dddd.* - # where the 4th digits are the win pid and the first + # where the 4th digits are the win pid and the first # are the cygwin pid. if [ -r "$jdk/bin/$jstack" ] ; then winPid=`$jdk/bin/jps -v | $grep -i $str | sed -e 's@ .*@@'` @@ -181,7 +181,7 @@ awk '{print $1}' | tr '\n\r' ' '` fi else - # Well, too bad - we can't find what to kill. + # Well, too bad - we can't find what to kill. toBeKilled= fi fi @@ -190,35 +190,31 @@ echo "$1: kill -9 $toBeKilled" >& 2 kill -9 $toBeKilled fi -} +} findPid() { # Return 0 if $1 is the pid of a running process. - if [ -z "$isWin98" ] ; then - if [ "$osname" = SunOS ] ; then - # Solaris and OpenSolaris use pgrep and not ps in psCmd - findPidCmd="$psCmd" - elif [ "$osname" = AIX ] ; then - findPidCmd="$psCmd" - else + case "$osname" in + SunOS | AIX) + $psCmd | $grep '^ *'"$1 " > $devnull 2>&1 + res=$? + ;; + Windows* | CYGWIN*) + # Don't use ps on cygwin since it sometimes misses + # some processes (!). + tasklist /NH | $grep " $1 " > $devnull 2>&1 + res=$? + ;; + *) # Never use plain 'ps', which requires a "controlling terminal" # and will fail with a "ps: no controlling terminal" error. # Running under 'rsh' will cause this ps error. - # cygwin ps puts an I in column 1 for some reason. - findPidCmd="$psCmd -e" - fi - $findPidCmd | $grep '^I* *'"$1 " > $devnull 2>&1 - return $? - fi - - # mks 6.2a on win98 has $! getting a negative - # number and in ps, it shows up as 0x... - # Thus, we can't search in ps output for - # PIDs gotten via $! - # We don't know if it is running or not - assume it is. - # We don't really care about win98 anymore. - return 0 + $psCmd -e | $grep '^ *'"$1 " > $devnull 2>&1 + res=$? + ;; + esac + return $res } setup() @@ -245,20 +241,13 @@ echo "--Error: TESTJAVA must be defined as the pathname of a jdk to test." exit 1 fi - + ulimitCmd= osname=`uname -s` - isWin98= isCygwin= case "$osname" in - Windows* | CYGWIN*) + Windows* | CYGWIN*) devnull=NUL - if [ "$osname" = Windows_98 -o "$osname" = Windows_ME ]; then - isWin98=1 - debuggeeKeyword='we_cant_kill_debuggees_on_win98' - jdbKeyword='jdb\.exe' - fi - case "$osname" in CYGWIN*) isCygwin=1 @@ -295,7 +284,7 @@ psCmd=ps jstack=jstack.exe ;; - SunOS | Linux | Darwin | AIX ) + SunOS | Linux | Darwin | AIX) transport=dt_socket address= devnull=/dev/null @@ -373,12 +362,12 @@ ####################################################3 ####################################################3 ####################################################3 -# sol: this gets all processes killed but +# sol: this gets all processes killed but # no jstack # linux same as above # win mks: No dice; processes still running trap "cleanup" 0 1 2 3 4 6 9 10 15 - + jdbOptions="$jdbOptions -J-D${jdbKeyword}" } @@ -397,7 +386,7 @@ cp $classname.java.1 $classname.java echo "--Compiling first version of `pwd`/$classname.java with options: $compileOptions" # Result is in $pkgSlash$classname.class - + if [ -z "$javacCmd" ] ; then javacCmd=$jdk/bin/javac fi @@ -435,7 +424,7 @@ if [ $? = 0 ] ; then break fi - echo + echo echo "--Compiling second version of `pwd`/$classname.java with $compileOptions" $javacCmd $compileOptions -d . $classname.java if [ $? != 0 ] ; then @@ -464,7 +453,7 @@ if [ $? = 0 ] ; then break fi - echo + echo echo "--Compiling third version of `pwd`/$classname.java with $compileOptions" $javacCmd $compileOptions -d . $classname.java if [ $? != 0 ] ; then @@ -490,7 +479,7 @@ if [ $? = 0 ] ; then break fi - echo + echo echo "--Compiling fourth version of `pwd`/$classname.java with $compileOptions" $javacCmd $compileOptions -d . $classname.java if [ $? != 0 ] ; then @@ -523,7 +512,7 @@ # If it ever becomes necessary to send a jdb command before # a main[10] form of prompt appears, then this # code will have to be modified. -cmd() +cmd() { if [ $1 = quit -o -r "$failFile" ] ; then # if jdb got a cont cmd that caused the debuggee @@ -540,21 +529,21 @@ # in the pipeline. exit 1 fi - + # $jdbOutFile always exists here and is non empty - # because after starting jdb, we waited + # because after starting jdb, we waited # for the prompt. fileSize=`wc -c $jdbOutFile | awk '{ print $1 }'` echo "--Sending cmd: " $* >&2 # jjh: We have a few intermittent failures here. # It is as if every so often, jdb doesn't - # get the first cmd that is sent to it here. + # get the first cmd that is sent to it here. # (actually, I have seen it get the first cmd ok, # but then not get some subsequent cmd). # It seems like jdb really doesn't get the cmd; jdb's response # does not appear in the jxdboutput file. It contains: - # main[1] + # main[1] # The application has been disconnected # Is it possible @@ -569,7 +558,7 @@ # msg output below after the timeout. # And, we know jdb is started because the main[1] output is in the .jtr # file. And, we wouldn't have gotten here if mydojdbcmds hadn't - # seen the ]. + # seen the ]. echo $* # Now we have to wait for the next jdb prompt. We wait for a pattern @@ -605,7 +594,7 @@ # i.e., the > prompt comes out AFTER the prompt we we need to wait for. # # So, how do we know when the next prompt has appeared?? - # 1. Search for + # 1. Search for # main[89] $ # This will handle cases 1, 2, 3 # 2. This leaves cases 4 and 5. @@ -715,7 +704,7 @@ allowExit="$3" myCount=0 timeLimit=40 # wait a max of this many secs for a response from a jdb command - while [ 1 = 1 ] ; do + while [ 1 = 1 ] ; do if [ -r $jdbOutFile ] ; then # Something here causes jdb to complain about Unrecognized cmd on x86. tail -$nlines $jdbOutFile | $grep -s "$1" > $devnull 2>&1 @@ -723,27 +712,27 @@ # Found desired string break fi - fi - tail -2 $jdbOutFile | $grep -s "The application exited" > $devnull 2>&1 - if [ $? = 0 ] ; then + fi + tail -2 $jdbOutFile | $grep -s "The application exited" > $devnull 2>&1 + if [ $? = 0 ] ; then # Found 'The application exited' if [ ! -z "$allowExit" ] ; then break fi # Otherwise, it is an error if we don't find $1 - if [ -r $jdbOutFile ] ; then - tail -$nlines $jdbOutFile | $grep -s "$1" > $devnull 2>&1 + if [ -r $jdbOutFile ] ; then + tail -$nlines $jdbOutFile | $grep -s "$1" > $devnull 2>&1 if [ $? = 0 ] ; then - break - fi - fi - dofail "Waited for jdb msg $1, but it never appeared" - fi + break + fi + fi + dofail "Waited for jdb msg $1, but it never appeared" + fi sleep ${sleep_seconds} findPid $topPid if [ $? != 0 ] ; then - # Top process is dead. We better die too + echo "--Top process ($topPid) is dead. We better die too" >&2 dojstack exit 1 fi @@ -788,7 +777,7 @@ } -redefineClass() +redefineClass() { if [ -z "$1" ] ; then vers=2 @@ -796,7 +785,7 @@ vers=`echo $1 | sed -e 's/@//'` vers=`expr $vers + 1` fi - + cmd redefine $pkgDot$classname $tmpFileDir/vers$vers/$classname.class cp $tmpFileDir/$classname.java.$vers \ @@ -853,7 +842,7 @@ if [ -r $TESTCLASSES/../@debuggeeVMOptions ] ; then args=`cat $TESTCLASSES/../@debuggeeVMOptions` fi - + if [ ! -z "$args" ] ; then echo "--Starting debuggee with args from @debuggeeVMOptions: $args" else @@ -931,12 +920,6 @@ if [ $? != 0 ] ; then break fi - if [ ! -z "$isWin98" ] ; then - $psCmd | $grep -i 'JDB\.EXE' >$devnull 2>&1 - if [ $? != 0 ] ; then - break; - fi - fi $grep -s 'Input stream closed' $jdbOutFile > $devnull 2>&1 if [ $? = 0 ] ; then #something went wrong @@ -970,7 +953,7 @@ theCmd="tail -$3" fi - case "$2" in + case "$2" in *\>*) # Target string contains a '>' so we better not ignore it $theCmd $1 | $grep -s "$2" > $devnull 2>&1 @@ -1006,6 +989,50 @@ return $stat } +# $1 is the filename, $2 is the regexp to match and return, +# $3 is the number of lines to search (from the end) +matchRegexp() +{ + if [ -z "$3" ] ; then + theCmd=cat + else + theCmd="tail -$3" + fi + + case "$2" in + *\>*) + # Target string contains a '>' so we better not ignore it + res=`$theCmd $1 | sed -e "$2"` + ;; + *) + # Target string does not contain a '>'. + # NOTE: if $1 does not end with a new line, piping it to sed + # doesn't include the chars on the last line. Detect this + # case, and add a new line. + theFile="$1" + if [ `tail -1 "$theFile" | wc -l | sed -e 's@ @@g'` = 0 ] ; then + # The target file doesn't end with a new line so we have + # add one to a copy of the target file so the sed command + # below can filter that last line. + cp "$theFile" "$theFile.tmp" + theFile="$theFile.tmp" + echo >> "$theFile" + fi + + # See bug 6220903. Sometimes the jdb prompt chars ('> ') can + # get interleaved in the target file which can keep us from + # matching the target string. + res=`$theCmd "$theFile" | sed -e 's@> @@g' -e 's@>@@g' \ + | sed -e "$2"` + if [ "$theFile" != "$1" ]; then + # remove the copy of the target file + rm -f "$theFile" + fi + unset theFile + esac + return $res +} + # $1 is the filename, $2 is the string to look for, # $3 is the number of lines to search (from the end) failIfPresent() @@ -1060,6 +1087,14 @@ failIfPresent $debuggeeOutFile "$1" $2 } +# match and return the output from the regexp $1 in the debuggee output +# $2 is the number of lines to search (from the end) +debuggeeMatchRegexp() +{ + matchRegexp $debuggeeOutFile "$1" $2 +} + + # This should really be named 'done' instead of pass. pass() { @@ -1084,7 +1119,7 @@ runitAfterSetup() { docompile - startJdb + startJdb startDebuggee waitForFinish
--- a/test/com/sun/jdi/StringConvertTest.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/com/sun/jdi/StringConvertTest.sh Sat Sep 10 22:36:17 2016 +0100 @@ -23,7 +23,7 @@ # questions. # -# @test @(#)StringConvertTest.sh 1.6 03/04/09 +# @test # @bug 4511950 4843082 # @summary 1. jdb's expression evaluation doesn't perform string conversion properly # 2. TTY: run on expression evaluation
--- a/test/com/sun/jdi/SuspendNoFlagTest.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/com/sun/jdi/SuspendNoFlagTest.sh Sat Sep 10 22:36:17 2016 +0100 @@ -68,9 +68,9 @@ # is given on the command line, tell the user that and use a default. # THIS IS THE JDK BEING TESTED. if [ -n "$1" ] ; then - TESTJAVA=$1 + TESTJAVA=$1 else - TESTJAVA=$JAVA_HOME + TESTJAVA=$JAVA_HOME fi TESTSRC=. TESTCLASSES=.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/io/ObjectInputStream/TestObjectStreamClass.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,84 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* @test + * @bug 8135043 + * @summary ObjectStreamClass.getField(String) too restrictive + */ + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.io.ObjectStreamClass; +import java.io.Serializable; + +public class TestObjectStreamClass { + + public static void main(String[] args) throws Exception { + ByteArrayOutputStream byteOutput = new ByteArrayOutputStream(); + ObjectOutputStream output = new ObjectOutputStream(byteOutput); + output.writeObject(new TestClass()); + + ByteArrayInputStream bais = new ByteArrayInputStream(byteOutput.toByteArray()); + TestObjectInputStream input = new TestObjectInputStream(bais); + input.readObject(); + + ObjectStreamClass osc = input.getDescriptor(); + + // All OSC public API methods should complete without throwing. + osc.getName(); + osc.forClass(); + osc.getField("str"); + osc.getFields(); + osc.getSerialVersionUID(); + osc.toString(); + } + + static class TestClass implements Serializable { + String str = "hello world"; + } + + static class TestObjectInputStream extends ObjectInputStream { + private ObjectStreamClass objectStreamClass; + + public TestObjectInputStream(InputStream in) throws IOException { + super(in); + } + + public ObjectStreamClass getDescriptor() + throws IOException, ClassNotFoundException + { + return objectStreamClass; + } + + public ObjectStreamClass readClassDescriptor() + throws IOException, ClassNotFoundException + { + objectStreamClass = super.readClassDescriptor(); + return objectStreamClass; + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/lang/invoke/ProtectedMethodHandleTest.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,193 @@ +/* + * Copyright 2015 Google, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* @test + * @summary check that a MethodHandle can not be used to call a protected interface method + */ + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.lang.invoke.MethodHandle; +import java.lang.invoke.MethodHandles; +import java.lang.invoke.MethodType; +import java.nio.charset.StandardCharsets; +import java.security.AllPermission; +import java.security.Permissions; +import java.security.ProtectionDomain; +import java.util.Arrays; +import java.util.HashMap; + +/** + * Tests that a MethodHandle for an interface method (which is necessarily public) cannot be used + * to access a protected method with the same signature. The specific exploit works like this. + * We make a subclass of ClassLoader that implements an interface with a public method matching + * the protected {@link ClassLoader#defineClass(String, byte[], int, int, ProtectionDomain)} method. + * We make a MethodHandle for the interface method, and invoke {@code ClassLoader.defineClass} + * through it. That should not work, of course, but when this test was written it did. + * + * <p>A fair amount of trickery is needed for this test to work. Our subclass of + * ClassLoader cannot be written to implement an interface with the {@code defineClass} method. + * The compiler will reject that, because the method is public and abstract in the interface, but + * its implementation, inherited from {@code ClassLoader}, is protected and final. So we write + * the interface with a method called {@code defineClazz}, and we use a second ClassLoader which + * rewrites the method name to be {@code defineClass}. + * + * @author emcmanus@google.com (Eamonn McManus) + */ +public class ProtectedMethodHandleTest { + /** + * The interface that redefines the {@code defineClass} method from ClassLoader. As explained + * above, this will be rewritten during class loading so that the spelling is indeed + * defineClass and not defineClazz. + */ + public interface DefineClass { + Class<?> defineClazz( + String name, byte[] b, int off, int len, ProtectionDomain protectionDomain); + } + + /** + * If the exploit works, this class will be loaded with a ProtectionDomain + * that has AllPermission. + */ + public static class VanillaClass { + } + + /** + * Loads the class-file bytes of the given class using the standard getResourceAsStream trick. + */ + static byte[] loadClassBytes(Class<?> c) { + String resourceName = c.getName().replace('.', '/') + ".class"; + try (ByteArrayOutputStream baos = new ByteArrayOutputStream(); + InputStream inputStream = ProtectedMethodHandleTest.class.getClassLoader() + .getResourceAsStream(resourceName)) { + if (inputStream == null) { + throw new RuntimeException("No such resource: " + resourceName); + } + int b; + while ((b = inputStream.read()) >= 0) { + baos.write(b); + } + baos.flush(); + return baos.toByteArray(); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + + /** + * The bytes of every class that we are interested in loading explicitly. This is public because + * it will be accessed from classes loaded by a different loader. + */ + public static final HashMap<String, byte[]> CLASS_BYTES = new HashMap<>(); + + /** + * The loader that launches the exploit code. We use {@link TweakLoader} below to make a copy + * of this class where the DefineClass interface contains a method called {@code defineClass} + * with the same signature as a method from {@code ClassLoader}. + */ + public static class Loader extends ClassLoader implements Runnable, DefineClass { + @Override + public void run() { + try { + doHack(); + throw new RuntimeException("Should have got an exception, but did not."); + } catch (IllegalAccessError expected) { + // Catch and silently swallow the desired IllegalAccessError. + } catch (NullPointerException npe) { + // An otherwise unpatched JDK7 may instead throw an NPE at the + // invoke in doHack below. Though the behavior is confusing, and not + // the preferred exception, it is indicative that the hole is closed. + } catch (Throwable t) { + // Don't catch anything else + throw new RuntimeException(t); + } + } + + private void doHack() throws Throwable { + MethodType methodType = MethodType.methodType( + Class.class, String.class, byte[].class, int.class, int.class, ProtectionDomain.class); + MethodHandle defineClass = MethodHandles.lookup() + .findVirtual(DefineClass.class, "defineClass", methodType) + .bindTo(this); + Permissions allPermissions = new Permissions(); + allPermissions.add(new AllPermission()); + ProtectionDomain protectionDomain = new ProtectionDomain(null, allPermissions); + byte[] vanillaClassBytes = CLASS_BYTES.get(VanillaClass.class.getName()); + Class<?> vanillaClassClass = (Class<?>) defineClass.invoke( + VanillaClass.class.getName(), + vanillaClassBytes, + 0, + vanillaClassBytes.length, + protectionDomain); + // If we have reached this point then the exploit has succeeded: we have called defineClass + // with a ProtectionDomain, and got back a Class that has AllPermission. + } + + // This method is only defined so that this class will compile. It is never called. + @Override + public Class<?> defineClazz(String name, byte[] b, int off, int len, + ProtectionDomain protectionDomain) { + throw new UnsupportedOperationException(); + } + } + + /** + * A ClassLoader that loads the classes in {@link #CLASS_BYTES} using the bytes there, and + * delegates all other class loading to its parent. Additionally, it rewrites the method + * {@link DefineClass#defineClazz} so it is called {@code defineClass}. + */ + public static class TweakLoader extends ClassLoader { + @Override + protected Class<?> loadClass(String name, boolean resolve) throws ClassNotFoundException { + byte[] bytes = CLASS_BYTES.get(name); + if (bytes == null) { + return Class.forName(name, resolve, getParent()); + } + if (name.equals(DefineClass.class.getName())) { + byte[] defineClazz = "defineClazz".getBytes(StandardCharsets.UTF_8); + int defineClazzLength = defineClazz.length; + for (int i = 0; i < bytes.length - defineClazzLength; i++) { + if (Arrays.equals(defineClazz, Arrays.copyOfRange(bytes, i, i + defineClazzLength))) { + bytes[i + defineClazzLength - 1] = 's'; + bytes[i + defineClazzLength - 2] = 's'; + } + } + } + Class<?> defineClassClass = defineClass(name, bytes, 0, bytes.length); + return defineClassClass; + } + } + + public static void main(String[] args) throws Exception { + CLASS_BYTES.put(VanillaClass.class.getName(), loadClassBytes(VanillaClass.class)); + CLASS_BYTES.put(DefineClass.class.getName(), loadClassBytes(DefineClass.class)); + CLASS_BYTES.put(Loader.class.getName(), loadClassBytes(Loader.class)); + + // Get a version of Loader where the DefineClass interface has a method defineClass. + Class<?> loaderClass = Class.forName(Loader.class.getName(), false, new TweakLoader()); + + Runnable loader = (Runnable) loaderClass.newInstance(); + loader.run(); + } +}
--- a/test/java/net/DatagramSocket/Send12k.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/java/net/DatagramSocket/Send12k.java Sat Sep 10 22:36:17 2016 +0100 @@ -53,7 +53,7 @@ boolean sendOkay = true; try { s1.send(p1); - } catch (SocketException e) { + } catch (IOException e) { /* * Prior to merlin a send of > 12k to loopback address * would fail silently.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/nio/channels/Pipe/PipeInterrupt.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* @test + * @bug 8002306 + * @summary Ensure that a Pipe can open even if its thread has already + * been interrupted. + * @author Dan Xu + */ + +import java.io.IOException; +import java.nio.channels.Pipe; + + +public class PipeInterrupt { + + private Exception exc = null; + + public static void main(String[] args) throws Exception { + PipeInterrupt instance = new PipeInterrupt(); + instance.test(); + } + + public void test() throws Exception { + + Thread tester = new Thread("PipeTester") { + private Pipe testPipe = null; + + @Override + public void run() { + for (;;) { + boolean interrupted = this.isInterrupted(); + try { + testPipe = Pipe.open(); + close(); + if (interrupted) { + if (!this.isInterrupted()) + exc = new RuntimeException("interrupt status reset"); + break; + } + } catch (IOException ioe) { + exc = ioe; + } + } + } + + private void close() throws IOException { + if (testPipe != null) { + testPipe.sink().close(); + testPipe.source().close(); + } + } + }; + + tester.start(); + Thread.sleep(200); + tester.interrupt(); + tester.join(); + + if (exc != null) + throw exc; + } +}
--- a/test/java/nio/channels/ServerSocketChannel/AdaptServerSocket.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/java/nio/channels/ServerSocketChannel/AdaptServerSocket.java Sat Sep 10 22:36:17 2016 +0100 @@ -123,7 +123,7 @@ public static void main(String[] args) throws Exception { test(0, 0, false); - test(50, 500, false); + test(50, 5000, false); test(500, 50, true); }
--- a/test/java/nio/file/Files/SBC.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/java/nio/file/Files/SBC.java Sat Sep 10 22:36:17 2016 +0100 @@ -235,7 +235,7 @@ try { Files.newByteChannel(link, READ, LinkOption.NOFOLLOW_LINKS); throw new RuntimeException(); - } catch (IOException x) { + } catch (IOException | UnsupportedOperationException x) { } finally { TestUtil.deleteUnchecked(link); }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/security/AccessController/LimitedDoPrivileged.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,222 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8014097 + * @summary Test the limited privilege scope version of doPrivileged + */ + +import java.security.*; +import java.util.*; + +import sun.misc.JavaSecurityAccess; +import sun.misc.SharedSecrets; + +public class LimitedDoPrivileged { + /* + * Test variations of doPrivileged() and doPrivileged() with a limited privilege scope + * in a sandbox with the usual default permission to read the system properties for the + * file and path separators. + * + * By passing in an "assigned" AccessControlContext that has + * no default permissions we can test how code privileges are being scoped. + */ + + private static final ProtectionDomain domain = + new ProtectionDomain(null, null, null, null); + private static final AccessControlContext acc = + new AccessControlContext(new ProtectionDomain[] { domain }); + private static final PropertyPermission pathPerm = + new PropertyPermission("path.separator", "read"); + private static final PropertyPermission filePerm = + new PropertyPermission("file.separator", "read"); + private static final JavaSecurityAccess access = + SharedSecrets.getJavaSecurityAccess(); + + public static void main(String[] args) throws Exception { + + /* + * Verify that we have the usual default property read permission. + */ + AccessController.getContext().checkPermission(filePerm); + AccessController.getContext().checkPermission(pathPerm); + System.out.println("test 1 passed"); + + /* + * Inject the "no permission" AccessControlContext. + */ + access.doPrivileged(new PrivilegedAction<Void>() { + public Void run() { + + /* + * Verify that we no longer have the "file.separator" permission. + */ + try { + AccessController.getContext().checkPermission(pathPerm); + } catch (AccessControlException ace) { + System.out.println("test 2 passed"); + } + + /* + * Verify that we can give ourselves limited privilege to read + * any system property starting with "path.". + */ + access.doPrivileged + (new PrivilegedAction<Void>() { + public Void run() { + AccessController.getContext().checkPermission(pathPerm); + return null; + } + }, null, new PropertyPermission("path.*", "read")); + System.out.println("test 3 passed"); + + /* + * Verify that if we give ourselves limited privilege to read + * any system property starting with "path." it won't give us the + * the ability to read "file.separator". + */ + try { + access.doPrivileged + (new PrivilegedAction<Void>() { + public Void run() { + AccessController.getContext().checkPermission(filePerm); + return null; + } + }, null, new PropertyPermission("path.*", "read")); + } catch (AccessControlException ace) { + System.out.println("test 4 passed"); + } + + /* + * Verify that capturing and passing in the context with no default + * system property permission grants will prevent access that succeeded + * earlier without the context assignment. + */ + final AccessControlContext context = AccessController.getContext(); + try { + access.doPrivileged + (new PrivilegedAction<Void>() { + public Void run() { + AccessController.getContext().checkPermission(pathPerm); + return null; + } + }, context, new PropertyPermission("path.*", "read")); + } catch (AccessControlException ace) { + System.out.println("test 5 passed"); + } + + /* + * Verify that we can give ourselves full privilege to read + * any system property starting with "path.". + */ + AccessController.doPrivileged + (new PrivilegedAction<Void>() { + public Void run() { + AccessController.getContext().checkPermission(pathPerm); + return null; + } + }); + System.out.println("test 6 passed"); + + /* + * Verify that capturing and passing in the context with no default + * system property permission grants will prevent access that succeeded + * earlier without the context assignment. + */ + try { + access.doPrivileged + (new PrivilegedAction<Void>() { + public Void run() { + AccessController.getContext().checkPermission(pathPerm); + return null; + } + }, context); + } catch (AccessControlException ace) { + System.out.println("test 7 passed"); + } + + /* + * Verify that we can give ourselves limited privilege to read + * any system property starting with "path." when a limited + * privilege scope context is captured and passed to a regular + * doPrivileged() as an assigned context. + */ + access.doPrivileged + (new PrivilegedAction<Void>() { + public Void run() { + + /* + * Capture the limited privilege scope and inject it into the + * regular doPrivileged(). + */ + final AccessControlContext limitedContext = AccessController.getContext(); + access.doPrivileged + (new PrivilegedAction<Void>() { + public Void run() { + AccessController.getContext().checkPermission(pathPerm); + return null; + } + }, limitedContext); + return null; + } + }, null, new PropertyPermission("path.*", "read")); + System.out.println("test 8 passed"); + + /* + * Verify that we can give ourselves limited privilege to read + * any system property starting with "path." it won't give us the + * the ability to read "file.separator" when a limited + * privilege scope context is captured and passed to a regular + * doPrivileged() as an assigned context. + */ + access.doPrivileged + (new PrivilegedAction<Void>() { + public Void run() { + + /* + * Capture the limited privilege scope and inject it into the + * regular doPrivileged(). + */ + final AccessControlContext limitedContext = AccessController.getContext(); + try { + access.doPrivileged + (new PrivilegedAction<Void>() { + public Void run() { + AccessController.getContext().checkPermission(filePerm); + return null; + } + }, limitedContext); + } catch (AccessControlException ace) { + System.out.println("test 9 passed"); + } + return null; + } + }, null, new PropertyPermission("path.*", "read")); + + return null; + } + }, acc); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/security/ProtectionDomain/PreserveCombinerTest.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.DomainCombiner; +import java.security.PrivilegedAction; +import java.security.ProtectionDomain; +import sun.misc.SharedSecrets; + +/* + * @test + * @bug 8064331 + * @summary Make sure that JavaSecurityAccess.doIntersectionPrivilege() + * is not dropping the information about the domain combiner of + * the stack ACC + */ + +public class PreserveCombinerTest { + public static void main(String[]args) throws Exception { + final DomainCombiner dc = new DomainCombiner() { + @Override + public ProtectionDomain[] combine(ProtectionDomain[] currentDomains, ProtectionDomain[] assignedDomains) { + return currentDomains; // basically a no-op + } + }; + + // Get an instance of the saved ACC + AccessControlContext saved = AccessController.getContext(); + // Simulate the stack ACC with a DomainCombiner attached + AccessControlContext stack = new AccessControlContext(AccessController.getContext(), dc); + + // Now try to run JavaSecurityAccess.doIntersectionPrivilege() and assert + // whether the DomainCombiner from the stack ACC is preserved + boolean ret = SharedSecrets.getJavaSecurityAccess().doIntersectionPrivilege(new PrivilegedAction<Boolean>() { + @Override + public Boolean run() { + return dc == AccessController.getContext().getDomainCombiner(); + } + }, stack, saved); + + if (!ret) { + System.exit(1); + } + } +} +
--- a/test/java/security/Signature/TestInitSignWithMyOwnRandom.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/java/security/Signature/TestInitSignWithMyOwnRandom.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -55,9 +55,9 @@ int count = 0; - public int nextInt() { + @Override + public void nextBytes(byte[] rs) { count++; - return 0; } public boolean isUsed() {
--- a/test/java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,6 +21,12 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * @bug 6852744 @@ -234,6 +240,10 @@ public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); X509CertSelector selector = generateSelector(args[0]);
--- a/test/java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,6 +21,12 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * @bug 6852744 @@ -277,6 +283,10 @@ public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); X509CertSelector selector = generateSelector(args[0]);
--- a/test/java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,6 +21,12 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * @bug 6852744 @@ -283,6 +289,10 @@ public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); X509CertSelector selector = generateSelector(args[0]);
--- a/test/java/security/cert/CertPathValidator/OCSP/AIACheck.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/java/security/cert/CertPathValidator/OCSP/AIACheck.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,12 +21,19 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * @bug 5072953 * @summary Verify that the URL for an OCSP responder can be extracted from a * certificate's AuthorityInfoAccess extension when OCSP certifiate * validation has been enabled. + * @run main/othervm AIACheck */ import java.io.*; @@ -51,6 +58,10 @@ } public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + X509Certificate aiaCert = loadCertificate("AIACert.pem"); X509Certificate rootCert = loadCertificate("RootCert.pem");
--- a/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,16 +21,24 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * @bug 6383095 * @summary CRL revoked certificate failures masked by OCSP failures - * + * @run main/othervm FailoverToCRL + * @author Xuelei Fan + */ + +/* * Note that the certificate validity is from Mar 16 14:55:35 2009 GMT to * Dec 1 14:55:35 2028 GMT, please update it with newer certificate if * expires. - * - * @author Xuelei Fan */ /* @@ -229,6 +237,10 @@ } public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPath path = generateCertificatePath(); Set<TrustAnchor> anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore();
--- a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevel.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevel.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,11 +21,18 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * * @bug 6720721 * @summary CRL check with circular depency support needed + * @run main/othervm CircularCRLOneLevel * @author Xuelei Fan */ @@ -158,6 +165,10 @@ } public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPath path = generateCertificatePath(); Set<TrustAnchor> anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore();
--- a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevelRevoked.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevelRevoked.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,11 +21,18 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * * @bug 6720721 * @summary CRL check with circular depency support needed + * @run main/othervm CircularCRLOneLevelRevoked * @author Xuelei Fan */ @@ -159,6 +166,10 @@ } public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPath path = generateCertificatePath(); Set<TrustAnchor> anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore();
--- a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,11 +21,18 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * * @bug 6720721 * @summary CRL check with circular depency support needed + * @run main/othervm CircularCRLTwoLevel * @author Xuelei Fan */ @@ -210,6 +217,10 @@ } public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPath path = generateCertificatePath(); Set<TrustAnchor> anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore();
--- a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,11 +21,18 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * * @bug 6720721 * @summary CRL check with circular depency support needed + * @run main/othervm CircularCRLTwoLevelRevoked * @author Xuelei Fan */ @@ -211,6 +218,10 @@ } public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPath path = generateCertificatePath(); Set<TrustAnchor> anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore();
--- a/test/java/util/logging/AnonLoggerWeakRefLeak.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/java/util/logging/AnonLoggerWeakRefLeak.sh Sat Sep 10 22:36:17 2016 +0100 @@ -83,9 +83,9 @@ fi if [ "$status" != 0 ]; then - echo "ERROR: 'jmap $jmap_option' is not supported so this test" - echo "ERROR: cannot work reliably. Aborting!" - exit 2 + echo "WARNING: 'jmap $jmap_option' is not supported on this platform" + echo "WARNING: so this test cannot work reliably. Aborting!" + exit 0 fi fi
--- a/test/java/util/logging/LoggerWeakRefLeak.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/java/util/logging/LoggerWeakRefLeak.sh Sat Sep 10 22:36:17 2016 +0100 @@ -83,9 +83,9 @@ fi if [ "$status" != 0 ]; then - echo "ERROR: 'jmap $jmap_option' is not supported so this test" - echo "ERROR: cannot work reliably. Aborting!" - exit 2 + echo "WARNING: 'jmap $jmap_option' is not supported on this platform" + echo "WARNING: so this test cannot work reliably. Aborting!" + exit 0 fi fi
--- a/test/java/util/regex/RegExTest.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/java/util/regex/RegExTest.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,7 +32,7 @@ * 4872664 4803179 4892980 4900747 4945394 4938995 4979006 4994840 4997476 * 5013885 5003322 4988891 5098443 5110268 6173522 4829857 5027748 6376940 * 6358731 6178785 6284152 6231989 6497148 6486934 6233084 6504326 6635133 - * 6350801 6676425 6878475 6919132 6931676 6948903 7014645 7039066 + * 6350801 6676425 6878475 6919132 6931676 6948903 7014645 7039066 6854417 */ import java.util.regex.*; @@ -3019,15 +3019,26 @@ // Create a short pattern to search for int patternLength = generator.nextInt(7) + 4; StringBuffer patternBuffer = new StringBuffer(patternLength); - for (int x=0; x<patternLength; x++) { - int ch = baseCharacter + generator.nextInt(26); - if (Character.isSupplementaryCodePoint(ch)) { - patternBuffer.append(Character.toChars(ch)); - } else { - patternBuffer.append((char)ch); + String pattern; + retry: for (;;) { + for (int x=0; x<patternLength; x++) { + int ch = baseCharacter + generator.nextInt(26); + if (Character.isSupplementaryCodePoint(ch)) { + patternBuffer.append(Character.toChars(ch)); + } else { + patternBuffer.append((char)ch); + } } + pattern = patternBuffer.toString(); + + // Avoid patterns that start and end with the same substring + // See JDK-6854417 + for (int x=1; x <patternLength; x++) { + if (pattern.startsWith(pattern.substring(x))) + continue retry; + } + break; } - String pattern = patternBuffer.toString(); Pattern p = Pattern.compile(pattern); // Create a buffer with random ASCII chars that does
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/management/remote/mandatory/connection/Name.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2016, Red Hat Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +public class Name implements NameMBean { + + private String firstName; + private String lastName; + + @Override + public String getFirstName() { + return firstName; + } + + @Override + public void setFirstName(String firstName) { + this.firstName = firstName; + } + + @Override + public String getLastName() { + return lastName; + } + + @Override + public void setLastName(String lastName) { + this.lastName = lastName; + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/management/remote/mandatory/connection/NameMBean.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2016, Red Hat Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +public interface NameMBean { + + String getFirstName(); + void setFirstName(String firstName); + + String getLastName(); + void setLastName(String lastName); +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/management/remote/mandatory/connection/RMIConnectorLogAttributesTest.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,163 @@ +/* + * Copyright (c) 2016, Red Hat Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.io.IOException; +import java.lang.management.ManagementFactory; +import java.net.ServerSocket; +import java.rmi.registry.LocateRegistry; +import java.util.HashMap; +import java.util.Map; +import java.util.logging.Level; +import java.util.logging.Logger; + +import javax.management.Attribute; +import javax.management.AttributeList; +import javax.management.AttributeNotFoundException; +import javax.management.InstanceAlreadyExistsException; +import javax.management.InstanceNotFoundException; +import javax.management.InvalidAttributeValueException; +import javax.management.MBeanException; +import javax.management.MBeanRegistrationException; +import javax.management.MBeanServer; +import javax.management.MBeanServerConnection; +import javax.management.MalformedObjectNameException; +import javax.management.NotCompliantMBeanException; +import javax.management.ObjectName; +import javax.management.ReflectionException; +import javax.management.remote.JMXConnector; +import javax.management.remote.JMXConnectorFactory; +import javax.management.remote.JMXConnectorServer; +import javax.management.remote.JMXConnectorServerFactory; +import javax.management.remote.JMXServiceURL; + +/** + * @test + * @bug 8147857 + * @summary Tests whether RMIConnector logs attribute names correctly. + * @author Severin Gehwolf + */ +public class RMIConnectorLogAttributesTest { + + private static final String ILLEGAL = ", FirstName[LastName]"; + private static final Logger logger = Logger.getLogger("javax.management.remote.rmi"); + private static final String ANY_NAME = "foo"; + private static final TestLogHandler handler; + static { + handler = new TestLogHandler(ILLEGAL); + handler.setLevel(Level.FINEST); + logger.setLevel(Level.ALL); + logger.addHandler(handler); + } + + private JMXConnectorServer startServer(int rmiPort) throws Exception { + System.out.println("DEBUG: Create RMI registry on port " + rmiPort); + LocateRegistry.createRegistry(rmiPort); + + MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); + + HashMap<String,Object> env = new HashMap<String,Object>(); + + JMXServiceURL url = + new JMXServiceURL("service:jmx:rmi:///jndi/rmi://127.0.0.1:" + rmiPort + "/jmxrmi"); + JMXConnectorServer cs = + JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs); + + cs.start(); + System.out.println("DEBUG: Started the RMI connector server"); + return cs; + } + + private int findPort() { + for (int i = 13333; i < 13333 + 100; i++) { + try { + ServerSocket socket = new ServerSocket(i); + socket.close(); + return i; + } catch (IOException e) { + continue; + } + } + return -1; + } + + private void runTest() { + int rmiPort = findPort(); + if (rmiPort == -1) { + throw new RuntimeException("Test failed. No available port"); + } + JMXConnectorServer server = null; + try { + server = startServer(rmiPort); + JMXConnector connector = connectToServer(server); + doTest(connector); + } catch (Exception e) { + throw new RuntimeException("Test failed unexpectedly", e); + } finally { + if (server != null) { + try { + server.stop(); + } catch (IOException e) { + // ignore + } + } + } + } + + private JMXConnector connectToServer(JMXConnectorServer server) throws IOException, MalformedObjectNameException, NullPointerException, InstanceAlreadyExistsException, MBeanRegistrationException, NotCompliantMBeanException, ReflectionException, MBeanException { + JMXServiceURL url = server.getAddress(); + Map<String, Object> env = new HashMap<String, Object>(); + JMXConnector connector = JMXConnectorFactory.connect(url, env); + + System.out.println("DEBUG: Client connected to RMI at: " + url); + + return connector; + } + + private void doTest(JMXConnector connector) throws IOException, + MalformedObjectNameException, ReflectionException, + InstanceAlreadyExistsException, MBeanRegistrationException, + MBeanException, NotCompliantMBeanException, InstanceNotFoundException, AttributeNotFoundException, InvalidAttributeValueException { + MBeanServerConnection mbsc = connector.getMBeanServerConnection(); + + + ObjectName objName = new ObjectName("com.redhat.test.jmx:type=NameMBean"); + System.out.println("DEBUG: Calling createMBean"); + mbsc.createMBean(Name.class.getName(), objName); + + System.out.println("DEBUG: Calling setAttributes"); + AttributeList attList = new AttributeList(); + attList.add(new Attribute("FirstName", ANY_NAME)); + attList.add(new Attribute("LastName", ANY_NAME)); + mbsc.setAttributes(objName, attList); + } + + public static void main(String[] args) throws Exception { + RMIConnectorLogAttributesTest test = new RMIConnectorLogAttributesTest(); + test.runTest(); + if (handler.testFailed()) { + throw new RuntimeException("Test failed. Logged incorrect: '" + ILLEGAL + "'"); + } + System.out.println("Test passed!"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/management/remote/mandatory/connection/TestLogHandler.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2016, Red Hat Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.util.logging.Handler; +import java.util.logging.LogRecord; + +public class TestLogHandler extends Handler { + + private final String illegal; + private boolean testFailed; + + public TestLogHandler(String illegal) { + this.illegal = illegal; + this.testFailed = false; + } + + @Override + public void publish(LogRecord record) { + String msg = record.getMessage(); + String method = record.getSourceMethodName(); + String className = record.getSourceClassName(); + if (msg.contains(illegal)) { + testFailed = true; + } + if (msg.contains("attribute names=")) { + System.err.println("LOG: " + className + "." + method + ": " + msg); + } + } + + @Override + public void flush() { + // nothing + } + + @Override + public void close() throws SecurityException { + // nothing + } + + public boolean testFailed() { + return testFailed; + } + +}
--- a/test/javax/security/auth/SubjectDomainCombiner/Optimize.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/javax/security/auth/SubjectDomainCombiner/Optimize.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,13 +37,16 @@ ProtectionDomain pd1 = new ProtectionDomain( new CodeSource(null, (java.security.cert.Certificate[]) null), - new Permissions()); + new Permissions(), + null, null); ProtectionDomain pd2 = new ProtectionDomain( new CodeSource(null, (java.security.cert.Certificate[]) null), - new Permissions()); + new Permissions(), + null, null); ProtectionDomain pd3 = new ProtectionDomain( new CodeSource(null, (java.security.cert.Certificate[]) null), - new Permissions()); + new Permissions(), + null, null); ProtectionDomain[] current = new ProtectionDomain[] {pd1, pd2}; ProtectionDomain[] assigned = new ProtectionDomain[] {pd3, pd2};
--- a/test/sun/misc/Version/Version.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/misc/Version/Version.java Sat Sep 10 22:36:17 2016 +0100 @@ -114,7 +114,7 @@ regex += "([0-9]{1,2})"; // micro regex += ")?"; // micro is optional regex += "(_"; - regex += "([0-9]{2})"; // update + regex += "([0-9]{2,3})"; // update regex += "([a-z])?"; // special char (optional) regex += ")?"; // _uu[c] is optional regex += ".*"; // -<identifier> @@ -132,33 +132,38 @@ build = Integer.parseInt(m.group(9)); VersionInfo vi = new VersionInfo(major, minor, micro, update, special, build); - System.out.printf("newVersionInfo: input=%s output=%s\n", version, vi); + System.out.printf("jdkVersionInfo: input=%s output=%s\n", version, vi); return vi; } private static VersionInfo jvmVersionInfo(String version) throws Exception { - // valid format of the version string is: - // <major>.<minor>-bxx[-<identifier>][-<debug_flavor>] - int major = 0; - int minor = 0; - int build = 0; + try { + // valid format of the version string is: + // <major>.<minor>-bxx[-<identifier>][-<debug_flavor>] + int major = 0; + int minor = 0; + int build = 0; - String regex = "^([0-9]{1,2})"; // major - regex += "\\."; // separator - regex += "([0-9]{1,2})"; // minor - regex += "(\\-b([0-9]{1,3}))"; // JVM -bxx - regex += ".*"; + String regex = "^([0-9]{1,2})"; // major + regex += "\\."; // separator + regex += "([0-9]{1,3})"; // minor + regex += "(\\-b([0-9]{1,3}))"; // JVM -bxx + regex += ".*"; - Pattern p = Pattern.compile(regex); - Matcher m = p.matcher(version); - m.matches(); + Pattern p = Pattern.compile(regex); + Matcher m = p.matcher(version); + m.matches(); + + major = Integer.parseInt(m.group(1)); + minor = Integer.parseInt(m.group(2)); + build = Integer.parseInt(m.group(4)); - major = Integer.parseInt(m.group(1)); - minor = Integer.parseInt(m.group(2)); - build = Integer.parseInt(m.group(4)); - - VersionInfo vi = new VersionInfo(major, minor, 0, 0, "", build); - System.out.printf("newVersionInfo: input=%s output=%s\n", version, vi); - return vi; + VersionInfo vi = new VersionInfo(major, minor, 0, 0, "", build); + System.out.printf("jvmVersionInfo: input=%s output=%s\n", version, vi); + return vi; + } catch (IllegalStateException e) { + // local builds may also follow the jdkVersionInfo format + return jdkVersionInfo(version); + } } }
--- a/test/sun/rmi/rmic/newrmic/equivalence/batch.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/rmi/rmic/newrmic/equivalence/batch.sh Sat Sep 10 22:36:17 2016 +0100 @@ -61,13 +61,13 @@ set -ex -${TESTJAVA}/bin/rmic -keep -nowrite -v1.1 -d $refv11dir -classpath "$@" -${TESTJAVA}/bin/rmic -keep -nowrite -vcompat -d $refvcompatdir -classpath "$@" -${TESTJAVA}/bin/rmic -keep -v1.2 -d $refv12dir -classpath "$@" +${TESTJAVA}/bin/rmic -keep -nowrite -v1.1 -d $refv11dir -classpath "$@" +${TESTJAVA}/bin/rmic -keep -nowrite -vcompat -d $refvcompatdir -classpath "$@" +${TESTJAVA}/bin/rmic -keep -nowrite -v1.2 -d $refv12dir -classpath "$@" -${TESTJAVA}/bin/rmic -Xnew -nowrite -keep -v1.1 -d $newv11dir -classpath "$@" -${TESTJAVA}/bin/rmic -Xnew -nowrite -keep -vcompat -d $newvcompatdir -classpath "$@" -${TESTJAVA}/bin/rmic -Xnew -keep -v1.2 -d $newv12dir -classpath "$@" +${TESTJAVA}/bin/rmic -Xnew -keep -nowrite -v1.1 -d $newv11dir -classpath "$@" +${TESTJAVA}/bin/rmic -Xnew -keep -nowrite -vcompat -d $newvcompatdir -classpath "$@" +${TESTJAVA}/bin/rmic -Xnew -keep -nowrite -v1.2 -d $newv12dir -classpath "$@" set +ex
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/jgss/GssMemoryIssues.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8028780 + * @summary JDK KRB5 module throws OutOfMemoryError when CCache is corrupt + * @run main/othervm -Xmx8m GssMemoryIssues + */ + +import org.ietf.jgss.GSSException; +import org.ietf.jgss.GSSManager; +import org.ietf.jgss.GSSName; + +public class GssMemoryIssues { + + public static void main(String[] argv) throws Exception { + GSSManager man = GSSManager.getInstance(); + String s = "me@REALM"; + GSSName name = man.createName(s, GSSName.NT_USER_NAME); + byte[] exported = name.export(); + // Offset of the length of the mech name. Length in big endian + int lenOffset = exported.length - s.length() - 4; + // Make it huge + exported[lenOffset] = 0x7f; + try { + man.createName(exported, GSSName.NT_EXPORT_NAME); + } catch (GSSException gsse) { + System.out.println(gsse); + } + } +}
--- a/test/sun/security/krb5/ServiceNameClone.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,41 +0,0 @@ -/* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ -/* - * @test - * @bug 6856069 - * @summary PrincipalName.clone() does not invoke super.clone() - */ - -import sun.security.krb5.ServiceName; - -public class ServiceNameClone { - public static void main(String[] args) throws Exception { - ServiceName sn = new ServiceName("me@HERE"); - if (sn.clone().getClass() != ServiceName.class) { - throw new Exception("ServiceName's clone is not a ServiceName"); - } - if (!sn.clone().equals(sn)) { - throw new Exception("ServiceName's clone changed"); - } - } -}
--- a/test/sun/security/krb5/TimeInCCache.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,94 +0,0 @@ -/* - * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ -/* - * @test - * @bug 6590930 - * @run main/othervm TimeInCCache - * @summary read/write does not match for ccache - */ - -import java.io.ByteArrayInputStream; -import java.lang.reflect.Field; -import java.lang.reflect.Method; -import sun.security.krb5.internal.ccache.CCacheInputStream; -import sun.security.krb5.internal.ccache.Credentials; - -public class TimeInCCache { - public static void main(String[] args) throws Exception { - // A trivial cache file, with startdate and renewTill being zero. - // The endtime is set to sometime in year 2022, so that isValid() - // will always check starttime. - byte[] ccache = new byte[]{ - 5, 4, 0, 12, 0, 1, 0, 8, -1, -1, -1, 19, -1, -2, 89, 51, - 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 10, 77, 65, 88, 73, - 46, 76, 79, 67, 65, 76, 0, 0, 0, 5, 100, 117, 109, 109, 121, 0, - 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 10, 77, 65, 88, 73, 46, - 76, 79, 67, 65, 76, 0, 0, 0, 5, 100, 117, 109, 109, 121, 0, 0, - 0, 0, 0, 0, 0, 2, 0, 0, 0, 10, 77, 65, 88, 73, 46, 76, - 79, 67, 65, 76, 0, 0, 0, 6, 107, 114, 98, 116, 103, 116, 0, 0, - 0, 10, 77, 65, 88, 73, 46, 76, 79, 67, 65, 76, 0, 17, 0, 0, - 0, 16, -78, -85, -90, -50, -68, 115, 68, 8, -39, -109, 91, 61, -17, -27, - -122, -120, 71, 69, 16, -121, 0, 0, 0, 0, 98, 69, 16, -121, 0, 0, - 0, 0, 0, 64, -32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1, 0, 97, -127, -3, 48, -127, -6, -96, 3, 2, 1, 5, -95, 12, - 27, 10, 77, 65, 88, 73, 46, 76, 79, 67, 65, 76, -94, 31, 48, 29, - -96, 3, 2, 1, 0, -95, 22, 48, 20, 27, 6, 107, 114, 98, 116, 103, - 116, 27, 10, 77, 65, 88, 73, 46, 76, 79, 67, 65, 76, -93, -127, -61, - 48, -127, -64, -96, 3, 2, 1, 17, -95, 3, 2, 1, 1, -94, -127, -77, - 4, -127, -80, 43, 65, -66, 34, 21, -34, 37, 35, 32, 50, -14, 122, 77, - -3, -29, 37, 99, 50, 125, -43, -96, -78, 85, 23, 41, -80, 68, 2, -109, - -27, 38, -41, -72, -32, 127, 63, -76, -22, 81, 33, -114, -30, 104, 125, -81, - -29, 70, -25, 23, 100, -75, -25, 62, -120, -78, -61, -100, -74, 50, -117, -127, - -16, 79, -106, 62, -39, 91, 100, -10, 23, -88, -18, -47, 51, -19, 113, 18, - 98, -101, 31, 98, 22, -81, 11, -41, -42, 67, 87, 92, -2, 42, -54, 79, - 49, -90, 43, -37, 90, -102, 125, 62, -88, -77, 100, 102, 23, -57, -51, 38, - 68, -44, -57, -102, 103, -6, 85, -58, 74, -117, -87, 67, -103, -36, 110, -122, - 115, 12, 118, -106, -114, -51, 79, 68, 32, -91, -53, -5, -51, 89, 72, 70, - 123, -12, -95, 9, 40, -30, -117, 74, 77, 38, 91, 126, -82, 17, 98, 98, - -49, 78, 36, 36, 103, -76, -100, -23, 118, -92, -8, 80, 103, -23, -98, 56, - 21, 65, -77, 0, 0, 0, 0 - }; - System.setProperty("sun.security.krb5.debug", "true"); // test code changes in DEBUG - CCacheInputStream cis = new CCacheInputStream(new ByteArrayInputStream(ccache)); - cis.readVersion(); - cis.readTag(); - cis.readPrincipal(0x504); - Method m = CCacheInputStream.class.getDeclaredMethod("readCred", Integer.TYPE); - m.setAccessible(true); - Credentials c = (Credentials) m.invoke(cis, new Integer(0x504)); - sun.security.krb5.Credentials cc = c.setKrbCreds(); - - // 1. Make sure starttime is still null - if (cc.getStartTime() != null) { - throw new Exception("Fail, starttime should be zero here"); - } - - // 2. Make sure renewTill is still null - if (cc.getRenewTill() != null) { - throw new Exception("Fail, renewTill should be zero here"); - } - - // 3. Make sure isValid works - c.isValid(); - } -}
--- a/test/sun/security/krb5/auto/KDC.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/krb5/auto/KDC.java Sat Sep 10 22:36:17 2016 +0100 @@ -647,9 +647,8 @@ TGSReq tgsReq = new TGSReq(in); PrincipalName service = tgsReq.reqBody.sname; if (options.containsKey(KDC.Option.RESP_NT)) { - service = new PrincipalName(service.getNameStrings(), - (int)options.get(KDC.Option.RESP_NT)); - service.setRealm(service.getRealm()); + service = new PrincipalName((int)options.get(KDC.Option.RESP_NT), + service.getNameStrings(), service.getRealm()); } try { System.out.println(realm + "> " + tgsReq.reqBody.cname + @@ -673,7 +672,6 @@ EncryptedData ed = apReq.authenticator; tkt = apReq.ticket; int te = tkt.encPart.getEType(); - tkt.sname.setRealm(tkt.realm); EncryptionKey kkey = keyForUser(tkt.sname, te, true); byte[] bb = tkt.encPart.decrypt(kkey, KeyUsage.KU_TICKET); DerInputStream derIn = new DerInputStream(bb); @@ -731,7 +729,6 @@ EncTicketPart enc = new EncTicketPart( tFlags, key, - etp.crealm, etp.cname, new TransitedEncoding(1, new byte[0]), // TODO new KerberosTime(new Date()), @@ -747,7 +744,6 @@ throw new KrbException(Krb5.KDC_ERR_SUMTYPE_NOSUPP); // TODO } Ticket t = new Ticket( - body.crealm, service, new EncryptedData(skey, enc.asn1Encode(), KeyUsage.KU_TICKET) ); @@ -763,7 +759,6 @@ new KerberosTime(new Date()), body.from, till, body.rtime, - body.crealm, service, body.addresses != null // always set caddr ? body.addresses @@ -772,7 +767,6 @@ ); EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_TGS_REP_PART_SESSKEY); TGSRep tgsRep = new TGSRep(null, - etp.crealm, etp.cname, t, edata); @@ -794,8 +788,8 @@ new KerberosTime(new Date()), 0, ke.returnCode(), - body.crealm, body.cname, - new Realm(getRealm()), service, + body.cname, + service, KrbException.errorMessage(ke.returnCode()), null); } @@ -816,9 +810,9 @@ PrincipalName service = asReq.reqBody.sname; if (options.containsKey(KDC.Option.RESP_NT)) { - service = new PrincipalName(service.getNameStrings(), - (int)options.get(KDC.Option.RESP_NT)); - service.setRealm(service.getRealm()); + service = new PrincipalName((int)options.get(KDC.Option.RESP_NT), + service.getNameStrings(), + Realm.getDefault()); } try { System.out.println(realm + "> " + asReq.reqBody.cname + @@ -826,7 +820,6 @@ service); KDCReqBody body = asReq.reqBody; - body.cname.setRealm(getRealm()); eTypes = KDCReqBodyDotEType(body); int eType = eTypes[0]; @@ -1009,7 +1002,6 @@ EncTicketPart enc = new EncTicketPart( tFlags, key, - body.crealm, body.cname, new TransitedEncoding(1, new byte[0]), new KerberosTime(new Date()), @@ -1018,7 +1010,6 @@ body.addresses, null); Ticket t = new Ticket( - body.crealm, service, new EncryptedData(skey, enc.asn1Encode(), KeyUsage.KU_TICKET) ); @@ -1034,14 +1025,12 @@ new KerberosTime(new Date()), body.from, till, body.rtime, - body.crealm, service, body.addresses ); EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_AS_REP_PART); ASRep asRep = new ASRep( outPAs.toArray(new PAData[outPAs.size()]), - body.crealm, body.cname, t, edata); @@ -1062,7 +1051,6 @@ asRep.encKDCRepPart = enc_part; sun.security.krb5.internal.ccache.Credentials credentials = new sun.security.krb5.internal.ccache.Credentials(asRep); - asReq.reqBody.cname.setRealm(getRealm()); CredentialsCache cache = CredentialsCache.create(asReq.reqBody.cname, ccache); if (cache == null) { @@ -1098,8 +1086,8 @@ new KerberosTime(new Date()), 0, ke.returnCode(), - body.crealm, body.cname, - new Realm(getRealm()), service, + body.cname, + service, KrbException.errorMessage(ke.returnCode()), eData); }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/krb5/ccache/CorruptedCC.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8028780 + * @summary JDK KRB5 module throws OutOfMemoryError when CCache is corrupt + * @run main/othervm -Xmx8m CorruptedCC + */ +import java.nio.file.Files; +import java.nio.file.Paths; +import sun.security.krb5.internal.ccache.CredentialsCache; + +public class CorruptedCC { + public static void main(String[] args) throws Exception { + for (int i=0; i<TimeInCCache.ccache.length; i++) { + byte old = TimeInCCache.ccache[i]; + TimeInCCache.ccache[i] = 0x7f; + Files.write(Paths.get("tmpcc"), TimeInCCache.ccache); + // The next line will return null for I/O issues. That's OK. + CredentialsCache.getInstance("tmpcc"); + TimeInCCache.ccache[i] = old; + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/krb5/ccache/TimeInCCache.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,106 @@ +/* + * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +/* + * @test + * @bug 6590930 + * @run main/othervm TimeInCCache + * @summary read/write does not match for ccache + */ + +import java.io.ByteArrayInputStream; +import java.lang.reflect.Field; +import java.lang.reflect.Method; +import java.nio.file.Files; +import java.nio.file.Paths; + +import sun.security.krb5.internal.ccache.CCacheInputStream; +import sun.security.krb5.internal.ccache.Credentials; + +public class TimeInCCache { + // Attention: this field is also used by CorruptedCC.java test + public static byte[] ccache; + + static { + // A trivial cache file, with startdate and renewTill being zero. + // The endtime is set to sometime in year 2022, so that isValid() + // will always check starttime. + String var = + /*0000*/ "05 04 00 0C 00 01 00 08 FF FF FF 13 FF FE 59 33 " + + /*0010*/ "00 00 00 01 00 00 00 01 00 00 00 0A 4D 41 58 49 " + + /*0020*/ "2E 4C 4F 43 41 4C 00 00 00 05 64 75 6D 6D 79 00 " + + /*0030*/ "00 00 01 00 00 00 01 00 00 00 0A 4D 41 58 49 2E " + + /*0040*/ "4C 4F 43 41 4C 00 00 00 05 64 75 6D 6D 79 00 00 " + + /*0050*/ "00 00 00 00 00 02 00 00 00 0A 4D 41 58 49 2E 4C " + + /*0060*/ "4F 43 41 4C 00 00 00 06 6B 72 62 74 67 74 00 00 " + + /*0070*/ "00 0A 4D 41 58 49 2E 4C 4F 43 41 4C 00 11 00 00 " + + /*0080*/ "00 10 B2 AB A6 CE BC 73 44 08 D9 93 5B 3D EF E5 " + + /*0090*/ "86 88 47 45 10 87 00 00 00 00 62 45 10 87 00 00 " + + /*00A0*/ "00 00 00 40 E0 00 00 00 00 00 00 00 00 00 00 00 " + + /*00B0*/ "00 01 00 61 81 FD 30 81 FA A0 03 02 01 05 A1 0C " + + /*00C0*/ "1B 0A 4D 41 58 49 2E 4C 4F 43 41 4C A2 1F 30 1D " + + /*00D0*/ "A0 03 02 01 00 A1 16 30 14 1B 06 6B 72 62 74 67 " + + /*00E0*/ "74 1B 0A 4D 41 58 49 2E 4C 4F 43 41 4C A3 81 C3 " + + /*00F0*/ "30 81 C0 A0 03 02 01 11 A1 03 02 01 01 A2 81 B3 " + + /*0100*/ "04 81 B0 2B 41 BE 22 15 DE 25 23 20 32 F2 7A 4D " + + /*0110*/ "FD E3 25 63 32 7D D5 A0 B2 55 17 29 B0 44 02 93 " + + /*0120*/ "E5 26 D7 B8 E0 7F 3F B4 EA 51 21 8E E2 68 7D AF " + + /*0130*/ "E3 46 E7 17 64 B5 E7 3E 88 B2 C3 9C B6 32 8B 81 " + + /*0140*/ "F0 4F 96 3E D9 5B 64 F6 17 A8 EE D1 33 ED 71 12 " + + /*0150*/ "62 9B 1F 62 16 AF 0B D7 D6 43 57 5C FE 2A CA 4F " + + /*0160*/ "31 A6 2B DB 5A 9A 7D 3E A8 B3 64 66 17 C7 CD 26 " + + /*0170*/ "44 D4 C7 9A 67 FA 55 C6 4A 8B A9 43 99 DC 6E 86 " + + /*0180*/ "73 0C 76 96 8E CD 4F 44 20 A5 CB FB CD 59 48 46 " + + /*0190*/ "7B F4 A1 09 28 E2 8B 4A 4D 26 5B 7E AE 11 62 62 " + + /*01A0*/ "CF 4E 24 24 67 B4 9C E9 76 A4 F8 50 67 E9 9E 38 " + + /*01B0*/ "15 41 B3 00 00 00 00 "; + ccache = new byte[var.length()/3]; + for (int i=0; i<ccache.length; i++) { + ccache[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue(); + } + } + + public static void main(String[] args) throws Exception { + System.setProperty("sun.security.krb5.debug", "true"); // test code changes in DEBUG + CCacheInputStream cis = new CCacheInputStream(new ByteArrayInputStream(ccache)); + cis.readVersion(); + cis.readTag(); + cis.readPrincipal(0x504); + Method m = CCacheInputStream.class.getDeclaredMethod("readCred", Integer.TYPE); + m.setAccessible(true); + Credentials c = (Credentials) m.invoke(cis, new Integer(0x504)); + sun.security.krb5.Credentials cc = c.setKrbCreds(); + + // 1. Make sure starttime is still null + if (cc.getStartTime() != null) { + throw new Exception("Fail, starttime should be zero here"); + } + + // 2. Make sure renewTill is still null + if (cc.getRenewTill() != null) { + throw new Exception("Fail, renewTill should be zero here"); + } + + // 3. Make sure isValid works + c.isValid(); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/krb5/name/Constructors.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,138 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +/* + * @test + * @bug 6966259 + * @summary Make PrincipalName and Realm immutable + * @run main/othervm Constructors + */ + +import java.util.Arrays; +import sun.security.krb5.*; + +public class Constructors { + public static void main(String[] args) throws Exception { + + int type; + boolean testNoDefaultDomain; + + // Part 1: on format + + // Good ones + type = PrincipalName.KRB_NT_UNKNOWN; + checkName("a", type, "R", "R", false, "a"); + checkName("a@R2", type, "R", "R", false, "a"); + checkName("a/b", type, "R", "R", false, "a", "b"); + checkName("a/b@R2", type, "R", "R", false, "a", "b"); + checkName("a/b/c", type, "R", "R", false, "a", "b", "c"); + checkName("a/b/c@R2", type, "R", "R", false, "a", "b", "c"); + // Weird ones + checkName("a\\/b", type, "R", "R", false, "a/b"); + checkName("a\\/b\\/c", type, "R", "R", false, "a/b/c"); + checkName("a\\/b\\@R2", type, "R", "R", false, "a/b@R2"); + // Bad ones + checkName("a", type, "", null, false); + checkName("a/", type, "R", null, false); + checkName("/a", type, "R", null, false); + checkName("a//b", type, "R", null, false); + checkName("a@", type, null, null, false); + type = PrincipalName.KRB_NT_SRV_HST; + + // Part 2: on realm choices + + // When there is no default realm + System.setProperty("java.security.krb5.conf", + System.getProperty("test.src", ".") + "/empty.conf"); + Config.refresh(); + + // A Windows client login to AD always has a default realm + try { + Realm r = Realm.getDefault(); + System.out.println("testNoDefaultDomain = false. Realm is " + r); + testNoDefaultDomain = false; + } catch (RealmException re) { + // Great. This is what we expected + testNoDefaultDomain = true; + } + + if (testNoDefaultDomain) { + type = PrincipalName.KRB_NT_UNKNOWN; + checkName("a", type, "R1", "R1", false, "a"); // arg + checkName("a@R1", type, null, "R1", false, "a"); // or r in name + checkName("a@R2", type, "R1", "R1", false, "a"); // arg over r + checkName("a", type, null, null, false); // fail if none + checkName("a/b@R1", type, null, "R1", false, "a", "b"); + type = PrincipalName.KRB_NT_SRV_HST; + // Let's pray "b.h" won't be canonicalized + checkName("a/b.h", type, "R1", "R1", false, "a", "b.h"); // arg + checkName("a/b.h@R1", type, null, "R1", false, "a", "b.h"); // or r in name + checkName("a/b.h@R1", type, "R2", "R2", false, "a", "b.h"); // arg over r + checkName("a/b.h", type, null, null, false); // fail if none + } + + // When there is default realm + System.setProperty("java.security.krb5.conf", + System.getProperty("test.src", ".") + "/krb5.conf"); + Config.refresh(); + + type = PrincipalName.KRB_NT_UNKNOWN; + checkName("a", type, "R1", "R1", false, "a"); // arg + checkName("a@R1", type, null, "R1", false, "a"); // or r in name + checkName("a@R2", type, "R1", "R1", false, "a"); // arg over r + checkName("a", type, null, "R", true, "a"); // default + checkName("a/b", type, null, "R", true, "a", "b"); + type = PrincipalName.KRB_NT_SRV_HST; + checkName("a/b.h3", type, "R1", "R1", false, "a", "b.h3"); // arg + checkName("a/b.h@R1", type, null, "R1", false, "a", "b.h"); // or r in name + checkName("a/b.h3@R2", type, "R1", "R1", false, "a", "b.h3"); // arg over r + checkName("a/b.h2", type, "R1", "R1", false, "a", "b.h2"); // arg over map + checkName("a/b.h2@R1", type, null, "R1", false, "a", "b.h2"); // r over map + checkName("a/b.h2", type, null, "R2", true, "a", "b.h2"); // map + checkName("a/b.h", type, null, "R", true, "a", "b.h"); // default + } + + // Check if the creation matches the expected output. + // Note: realm == null means creation failure + static void checkName(String n, int t, String s, + String realm, boolean deduced, String... parts) + throws Exception { + PrincipalName pn = null; + try { + pn = new PrincipalName(n, t, s); + } catch (Exception e) { + if (realm == null) { + return; // This is expected + } else { + throw e; + } + } + if (!pn.getRealmAsString().equals(realm) + || !Arrays.equals(pn.getNameStrings(), parts)) { + throw new Exception(pn.toString() + " vs " + + Arrays.toString(parts) + "@" + realm); + } + if (deduced != pn.isRealmDeduced()) { + throw new Exception("pn.realmDeduced is " + pn.isRealmDeduced()); + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/krb5/name/empty.conf Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,2 @@ +[libdefaults] +dns_fallback = false
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/krb5/name/krb5.conf Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,10 @@ +[libdefaults] +default_realm = R + +[realms] +R = { + kdc = kdc +} + +[domain_realm] +.h2 = R2
--- a/test/sun/security/mscapi/AccessKeyStore.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/mscapi/AccessKeyStore.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -36,17 +36,6 @@ public static void main(String[] args) throws Exception { - // Check if the provider is available - try { - Class.forName("sun.security.mscapi.SunMSCAPI"); - - } catch (Exception e) { - System.out.println( - "The SunMSCAPI provider is not available on this platform: " + - e); - return; - } - // Check that a security manager has been installed if (System.getSecurityManager() == null) { throw new Exception("A security manager has not been installed"); @@ -86,8 +75,8 @@ } int i = 0; - for (Enumeration e = keyStore.aliases(); e.hasMoreElements(); ) { - String alias = (String) e.nextElement(); + for (Enumeration<String> e = keyStore.aliases(); e.hasMoreElements(); ) { + String alias = e.nextElement(); displayEntry(keyStore, alias, i++); } }
--- a/test/sun/security/mscapi/AccessKeyStore.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/mscapi/AccessKeyStore.sh Sat Sep 10 22:36:17 2016 +0100 @@ -1,7 +1,7 @@ #!/bin/sh # -# Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ # @test # @bug 6324295 6931562 +# @requires os.family == "windows" # @run shell AccessKeyStore.sh # @summary Confirm that permission must be granted to access keystores.
--- a/test/sun/security/mscapi/IsSunMSCAPIAvailable.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/mscapi/IsSunMSCAPIAvailable.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,16 +33,6 @@ public static void main(String[] args) throws Exception { - // Check if the provider is available - try { - Class.forName("sun.security.mscapi.SunMSCAPI"); - - } catch (Exception e) { - System.out.println( - "The SunMSCAPI provider is not available on this platform"); - return; - } - // Dynamically register the SunMSCAPI provider Security.addProvider(new sun.security.mscapi.SunMSCAPI()); @@ -58,7 +48,6 @@ /* * Secure Random */ - SecureRandom random = SecureRandom.getInstance("Windows-PRNG", p); System.out.println(" Windows-PRNG is implemented by: " + random.getClass().getName());
--- a/test/sun/security/mscapi/IsSunMSCAPIAvailable.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/mscapi/IsSunMSCAPIAvailable.sh Sat Sep 10 22:36:17 2016 +0100 @@ -1,7 +1,7 @@ #!/bin/sh # -# Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ # @test # @bug 6318171 6931562 +# @requires os.family == "windows" # @run shell IsSunMSCAPIAvailable.sh # @summary Basic test of the Microsoft CryptoAPI provider.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/mscapi/IterateWindowsRootStore.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,130 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.io.InputStream; +import java.security.KeyStore; +import java.security.Provider; +import java.security.Security; +import java.security.cert.CRL; +import java.security.cert.CRLException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactorySpi; +import java.util.Collection; +import java.util.Enumeration; + +/* + * @test + * @bug 8139436 + * @summary This test validates an iteration over the Windows-ROOT certificate store + * and retrieving all certificates. + * Bug 8139436 reports an issue when 3rd party JCE providers would throw exceptions + * upon creating Certificate objects. + * This would for instance happen when using IAIK 3.15 and Elliptic Curve certificates + * are contained in the Windows-ROOT certificate store. + * The test uses a simple dummy provider which just throws Exceptions in its CertificateFactory. + * To test an external provider, you can use property sun.security.mscapi.testprovider and + * set it to the provider class name which has to be constructible by a constructor without + * arguments. The provider jar has to be added to the classpath. + * E.g. run jtreg with -javaoption:-Dsun.security.mscapi.testprovider=iaik.security.provider.IAIK and + * -cpa:<path to iaik_jce.jar> + * + * @requires os.family == "windows" + * @author Christoph Langer + * @run main IterateWindowsRootStore + */ +public class IterateWindowsRootStore { + public static class TestFactory extends CertificateFactorySpi { + @Override + public Certificate engineGenerateCertificate(InputStream inStream) throws CertificateException { + throw new CertificateException("unimplemented"); + } + + @Override + public Collection<? extends Certificate> engineGenerateCertificates(InputStream inStream) throws CertificateException { + throw new CertificateException("unimplemented"); + } + + @Override + public CRL engineGenerateCRL(InputStream inStream) throws CRLException { + throw new CRLException("unimplemented"); + } + + @Override + public Collection<? extends CRL> engineGenerateCRLs(InputStream inStream) throws CRLException { + throw new CRLException("unimplemented"); + } + } + + public static class TestProvider extends Provider { + private static final long serialVersionUID = 1L; + + public TestProvider() { + super("TestProvider", 0.1, "Test provider for IterateWindowsRootStore"); + + /* + * Certificates + */ + this.put("CertificateFactory.X.509", "IterateWindowsRootStore$TestFactory"); + this.put("Alg.Alias.CertificateFactory.X509", "X.509"); + } + } + + public static void main(String[] args) throws Exception { + // Try to register a JCE provider from property sun.security.mscapi.testprovider in the first slot + // otherwise register a dummy provider which would provoke the issue of bug 8139436 + boolean providerPrepended = false; + String testprovider = System.getProperty("sun.security.mscapi.testprovider"); + if (testprovider != null && !testprovider.isEmpty()) { + try { + System.out.println("Trying to prepend external JCE provider " + testprovider); + Class<?> providerclass = Class.forName(testprovider); + Object provider = providerclass.newInstance(); + Security.insertProviderAt((Provider)provider, 1); + } catch (Exception e) { + System.out.println("Could not load JCE provider " + testprovider +". Exception is:"); + e.printStackTrace(System.out); + } + providerPrepended = true; + System.out.println("Sucessfully prepended JCE provider " + testprovider); + } + if (!providerPrepended) { + System.out.println("Trying to prepend dummy JCE provider"); + Security.insertProviderAt(new TestProvider(), 1); + System.out.println("Sucessfully prepended dummy JCE provider"); + } + + // load Windows-ROOT KeyStore + KeyStore keyStore = KeyStore.getInstance("Windows-ROOT", "SunMSCAPI"); + keyStore.load(null, null); + + // iterate KeyStore + Enumeration<String> aliases = keyStore.aliases(); + while (aliases.hasMoreElements()) { + String alias = aliases.nextElement(); + System.out.print("Reading certificate for alias: " + alias + "..."); + keyStore.getCertificate(alias); + System.out.println(" done."); + } + } +}
--- a/test/sun/security/mscapi/KeyStoreCompatibilityMode.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/mscapi/KeyStoreCompatibilityMode.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -38,17 +38,6 @@ public static void main(String[] args) throws Exception { - // Check if the provider is available - try { - Class.forName("sun.security.mscapi.SunMSCAPI"); - - } catch (Exception e) { - System.out.println( - "The SunMSCAPI provider is not available on this platform: " + - e); - return; - } - if (args.length > 0 && "-disable".equals(args[0])) { mode = false; } else {
--- a/test/sun/security/mscapi/KeyStoreCompatibilityMode.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/mscapi/KeyStoreCompatibilityMode.sh Sat Sep 10 22:36:17 2016 +0100 @@ -1,7 +1,7 @@ #!/bin/sh # -# Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -23,9 +23,9 @@ # questions. # - # @test # @bug 6324294 6931562 +# @requires os.family == "windows" # @run shell KeyStoreCompatibilityMode.sh # @summary Confirm that a null stream or password is not permitted when # compatibility mode is enabled (and vice versa).
--- a/test/sun/security/mscapi/KeytoolChangeAlias.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/mscapi/KeytoolChangeAlias.sh Sat Sep 10 22:36:17 2016 +0100 @@ -1,7 +1,7 @@ #!/bin/sh # -# Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ # @test # @bug 6415696 6931562 +# @requires os.family == "windows" # @run shell KeytoolChangeAlias.sh # @summary Test "keytool -changealias" using the Microsoft CryptoAPI provider.
--- a/test/sun/security/mscapi/PrngSlow.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/mscapi/PrngSlow.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2015 Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,6 +24,7 @@ /** * @test * @bug 6449335 + * @requires os.family == "windows" * @summary MSCAPI's PRNG is too slow */ @@ -33,23 +34,15 @@ public static void main(String[] args) throws Exception { double t = 0.0; - try { - SecureRandom sr = null; - sr = SecureRandom.getInstance("PRNG", "SunMSCAPI"); - long start = System.nanoTime(); - int x = 0; - for(int i = 0; i < 10000; i++) { - if (i % 100 == 0) System.err.print("."); - if (sr.nextBoolean()) x++; - }; - t = (System.nanoTime() - start) / 1000000000.0; - System.err.println("\nSpend " + t + " seconds"); - } catch (Exception e) { - // Not supported here, maybe not a Win32 - System.err.println("Cannot find PRNG for SunMSCAPI or other mysterious bugs"); - e.printStackTrace(); - return; - } + SecureRandom sr = null; + sr = SecureRandom.getInstance("Windows-PRNG", "SunMSCAPI"); + long start = System.nanoTime(); + for (int i = 0; i < 10000; i++) { + if (i % 100 == 0) System.err.print("."); + sr.nextBoolean(); + }; + t = (System.nanoTime() - start) / 1000000000.0; + System.err.println("\nSpend " + t + " seconds"); if (t > 5) throw new RuntimeException("Still too slow"); }
--- a/test/sun/security/mscapi/PublicKeyInterop.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/mscapi/PublicKeyInterop.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -38,8 +38,6 @@ public class PublicKeyInterop { public static void main(String[] arg) throws Exception { - PrivateKey privKey = null; - Certificate cert = null; KeyStore ks = KeyStore.getInstance("Windows-MY"); ks.load(null, null); System.out.println("Loaded keystore: Windows-MY");
--- a/test/sun/security/mscapi/PublicKeyInterop.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/mscapi/PublicKeyInterop.sh Sat Sep 10 22:36:17 2016 +0100 @@ -1,7 +1,7 @@ #!/bin/sh # -# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2011, 2015 Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,7 @@ # @test # @bug 6888925 +# @requires os.family == "windows" # @run shell PublicKeyInterop.sh # @summary SunMSCAPI's Cipher can't use RSA public keys obtained from other # sources.
--- a/test/sun/security/mscapi/RSAEncryptDecrypt.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/mscapi/RSAEncryptDecrypt.sh Sat Sep 10 22:36:17 2016 +0100 @@ -1,7 +1,7 @@ #!/bin/sh # -# Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,7 @@ # @test # @bug 6457422 6931562 +# @requires os.family == "windows" # @run shell RSAEncryptDecrypt.sh # @summary Confirm that plaintext can be encrypted and then decrypted using the # RSA cipher in the SunMSCAPI crypto provider. NOTE: The RSA cipher is
--- a/test/sun/security/mscapi/ShortRSAKey1024.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/mscapi/ShortRSAKey1024.sh Sat Sep 10 22:36:17 2016 +0100 @@ -1,7 +1,7 @@ #!/bin/sh # -# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -27,6 +27,7 @@ # @test # @bug 7106773 # @summary 512 bits RSA key cannot work with SHA384 and SHA512 +# @requires os.family == "windows" # @run shell ShortRSAKey1024.sh 1024 # @run shell ShortRSAKey1024.sh 768 # @run shell ShortRSAKey1024.sh 512
--- a/test/sun/security/mscapi/ShortRSAKeyWithinTLS.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/mscapi/ShortRSAKeyWithinTLS.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,12 +22,9 @@ */ import java.io.*; -import java.net.*; -import java.util.*; import java.security.*; import javax.net.*; import javax.net.ssl.*; -import java.lang.reflect.*; import sun.security.util.KeyUtil;
--- a/test/sun/security/mscapi/SignUsingNONEwithRSA.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/mscapi/SignUsingNONEwithRSA.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -124,12 +124,12 @@ ks.load(null, null); System.out.println("Loaded keystore: Windows-MY"); - Enumeration e = ks.aliases(); + Enumeration<String> e = ks.aliases(); PrivateKey privateKey = null; PublicKey publicKey = null; while (e.hasMoreElements()) { - String alias = (String) e.nextElement(); + String alias = e.nextElement(); if (alias.equals("6578658")) { System.out.println("Loaded entry: " + alias); privateKey = (PrivateKey) ks.getKey(alias, null);
--- a/test/sun/security/mscapi/SignUsingNONEwithRSA.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/mscapi/SignUsingNONEwithRSA.sh Sat Sep 10 22:36:17 2016 +0100 @@ -1,7 +1,7 @@ #!/bin/sh # -# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ # @test # @bug 6578658 +# @requires os.family == "windows" # @run shell SignUsingNONEwithRSA.sh # @summary Sign using the NONEwithRSA signature algorithm from SunMSCAPI
--- a/test/sun/security/mscapi/SignUsingSHA2withRSA.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/mscapi/SignUsingSHA2withRSA.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -58,12 +58,12 @@ ks.load(null, null); System.out.println("Loaded keystore: Windows-MY"); - Enumeration e = ks.aliases(); + Enumeration<String> e = ks.aliases(); PrivateKey privateKey = null; PublicKey publicKey = null; while (e.hasMoreElements()) { - String alias = (String) e.nextElement(); + String alias = e.nextElement(); if (alias.equals("6753664")) { System.out.println("Loaded entry: " + alias); privateKey = (PrivateKey) ks.getKey(alias, null);
--- a/test/sun/security/mscapi/SignUsingSHA2withRSA.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/mscapi/SignUsingSHA2withRSA.sh Sat Sep 10 22:36:17 2016 +0100 @@ -1,7 +1,7 @@ #!/bin/sh # -# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ # @test # @bug 6753664 +# @requires os.family == "windows" # @run shell SignUsingSHA2withRSA.sh # @summary Support SHA256 (and higher) in SunMSCAPI
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/mscapi/SmallPrimeExponentP.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import sun.security.tools.keytool.CertAndKeyGen; +import sun.security.x509.X500Name; + +import java.security.KeyStore; +import java.security.SecureRandom; +import java.security.cert.X509Certificate; +import java.security.interfaces.RSAPrivateCrtKey; + +/* + * @test + * @bug 8023546 + * @summary sun/security/mscapi/ShortRSAKey1024.sh fails intermittently + * @requires os.family == "windows" + */ +public class SmallPrimeExponentP { + + public static void main(String argv[]) throws Exception { + + String osName = System.getProperty("os.name"); + if (!osName.startsWith("Windows")) { + System.out.println("Not windows"); + return; + } + KeyStore ks = KeyStore.getInstance("Windows-MY"); + ks.load(null, null); + CertAndKeyGen ckg = new CertAndKeyGen("RSA", "SHA1withRSA"); + ckg.setRandom(new SecureRandom()); + boolean see63 = false, see65 = false; + while (!see63 || !see65) { + ckg.generate(1024); + RSAPrivateCrtKey k = (RSAPrivateCrtKey) ckg.getPrivateKey(); + int len = k.getPrimeExponentP().toByteArray().length; + if (len == 63 || len == 65) { + if (len == 63) { + if (see63) continue; + else see63 = true; + } + if (len == 65) { + if (see65) continue; + else see65 = true; + } + System.err.print(len); + ks.setKeyEntry("anything", k, null, new X509Certificate[]{ + ckg.getSelfCertificate(new X500Name("CN=Me"), 1000) + }); + } + System.err.print('.'); + } + ks.store(null, null); + } +}
--- a/test/sun/security/pkcs12/PKCS12SameKeyId.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/pkcs12/PKCS12SameKeyId.java Sat Sep 10 22:36:17 2016 +0100 @@ -25,6 +25,8 @@ * @test * @bug 6958026 * @summary Problem with PKCS12 keystore + * @compile -XDignore.symbol.file PKCS12SameKeyId.java + * @run main PKCS12SameKeyId */ import java.io.File; @@ -40,7 +42,6 @@ import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.PBEParameterSpec; import sun.security.pkcs.EncryptedPrivateKeyInfo; -import sun.security.tools.KeyTool; import sun.security.util.ObjectIdentifier; import sun.security.x509.AlgorithmId; import sun.security.x509.X500Name; @@ -61,7 +62,7 @@ String cmd = "-keystore " + JKSFILE + " -storepass changeit -keypass changeit -keyalg rsa " + "-genkeypair -alias p" + i + " -dname CN=" + i; - KeyTool.main(cmd.split(" ")); + sun.security.tools.keytool.Main.main(cmd.split(" ")); } // Prepare EncryptedPrivateKeyInfo parameters, copied from various
--- a/test/sun/security/provider/DSA/TestAlgParameterGenerator.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/provider/DSA/TestAlgParameterGenerator.java Sat Sep 10 22:36:17 2016 +0100 @@ -31,6 +31,8 @@ import java.security.spec.*; import java.security.interfaces.*; +import sun.security.spec.DSAGenParameterSpec; + public class TestAlgParameterGenerator { private static void checkParamStrength(AlgorithmParameters param,
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/provider/certpath/DisabledAlgorithms/CPBuilderWithMD5.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,449 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// This test case relies on static security property, no way to re-use +// security property in samevm/agentvm mode. + +/** + * @test + * + * @bug 8141287 + * @summary Add MD5 to jdk.certpath.disabledAlgorithms security property + * + * @run main/othervm CPBuilderWithMD5 trustAnchor_SHA1withRSA_1024 0 true + * @run main/othervm CPBuilderWithMD5 trustAnchor_SHA1withRSA_512 0 true + * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_1024_1024 1 true + * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_1024_512 1 false + * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_512_1024 1 false + * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_512_512 1 false + * @run main/othervm CPBuilderWithMD5 intermediate_MD5withRSA_1024_1024 1 false + * @run main/othervm CPBuilderWithMD5 intermediate_MD5withRSA_1024_512 1 false + * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_1024_1024 2 true + * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_1024_512 2 false + * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_512_1024 2 false + * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_512_512 2 false + * @run main/othervm CPBuilderWithMD5 endentiry_MD5withRSA_1024_1024 2 false + * @run main/othervm CPBuilderWithMD5 endentiry_MD5withRSA_1024_512 2 false + * + * @author Xuelei Fan + */ + +/* + * The generate.sh was designed to generate MD2 signed certificates. The + * certificates used in this test are generated by an updated generate.sh that + * replacing MD2 with MD5 algorithm. + */ +import java.io.*; +import java.net.SocketException; +import java.util.*; +import java.security.Security; +import java.security.cert.*; +import sun.security.util.DerInputStream; + +public class CPBuilderWithMD5 { + + // SHA1withRSA 1024 + static String trustAnchor_SHA1withRSA_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA4NTFaFw0zNDEyMDgxMTA4NTFa\n" + + "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" + + "AQUAA4GNADCBiQKBgQDn3JSHACqi/bcohVy7eFqDs3L5ehnXmF9Jrg4rMRUeNrxA\n" + + "61F8bJ9JXx4j8WyqmT0TtokgXuqGxbsXRQVVw4AdXLF2PwCs/y+Y+AwU59uDHA3J\n" + + "AMk4VvjV9MB2Ea6YzuLnbbj/TNrfxB6LZ7KBvh0fYGt2T40yMvOvilU/f6e3zQID\n" + + "AQABo4GJMIGGMB0GA1UdDgQWBBSIxINDFVm8GpUz3v+BbWNmDEKP7TBHBgNVHSME\n" + + "QDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" + + "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" + + "DQYJKoZIhvcNAQEFBQADgYEAt0mYDXTpInrGvEOylIL2gx65A/bpdz9iDQsSs5sZ\n" + + "r3m0v9zJnzR8lRqN4GbaD1vrFdkUrIoObcvXjXitnf5QqDzmc9BbIYj83Ft8QSUj\n" + + "jCMy04EGT/7ATss4SiFEu6sJpmOBjsgH6wYuobR27wl/01XOu2CXUo3OOjgAoPBs\n" + + "QoQ=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 + static String trustAnchor_SHA1withRSA_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA4NTFaFw0zNDEyMDgxMTA4NTFa\n" + + "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB\n" + + "BQADSwAwSAJBANLqQkOpH7rBTo/a2ccYjJxvNib/Lxm6UXO1uAd/0AUzPWzJsOpB\n" + + "u2zyD26UYc0GNyXCkWMZ44FrtSQ8VI146j8CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU\n" + + "5PVLxBY//smN31jHb/MAmCEz5NIwRwYDVR0jBEAwPoAU5PVLxBY//smN31jHb/MA\n" + + "mCEz5NKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G\n" + + "A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAzF9E\n" + + "dXYPLqziCRY45IHCUtxaLjLQmwsjEu91TV4xyuuozGEumcqH7m6Hg6Ohnd1FGfsN\n" + + "X+vt1tdaDIu9+OzGjQ==\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 1024 + static String intermediate_SHA1withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICUDCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + + "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + + "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + + "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + + "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADgYEA0673aIUF2k20jkpR\n" + + "4USN9UkbfX57Uazhl4n765EeAiteWnTzKztISeH1GTrCw7bSl1r07aaflsnbKOHC\n" + + "RrL2RxbxNwQARvuuCxr664vXnsGrt86xA5F2iNF22uDM/5HA5sIfBmEk5xXSLrgH\n" + + "I7jOaYqAA1b8C+4DU2Z5ZgO4LOA=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 512 + static String intermediate_SHA1withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICDzCCAbmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + + "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + + "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + + "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + + "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBTk9UvEFj/+yY3fWMdv8wCYITPk0qEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADQQAihshnF7RWZ13tUGsH\n" + + "iM4i8HmBjw2+pwW/cs0E8BcycYEy3beWMcL1Np2yfOa/7K5ZvGPhe/piwzTel+Kt\n" + + "5VLm\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 1024 + static String intermediate_SHA1withRSA_512_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICDDCCAXWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK4h/iW3wt+ugR5ObWiFSl394UU/\n" + + "lWNm+N6UAgsBRhSzZz/Iof7xZTQI+usNXzOrTnU3+uZsMgokpjkrko1osxUCAwEA\n" + + "AaOBiTCBhjAdBgNVHQ4EFgQU88OD48Osuh7lJiLnhfMhrySqW8QwRwYDVR0jBEAw\n" + + "PoAUiMSDQxVZvBqVM97/gW1jZgxCj+2hI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + + "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" + + "CSqGSIb3DQEBBQUAA4GBAAHN8XUTT6asa1MvpfqAvKTH6tNrMOmzoFsUamPxSrUB\n" + + "tnBv/fa/E9+1QvQwl3g6luVXBkQf2/nVD0195IdkEuD/C6psuGKerXmiaRMv5Wcs\n" + + "B+8bTzhNxMzHKPZDJ8Tf/RD3XpPvtxw0T+I5xud68FH/WDhJtu7TiXPAhs7srtHt\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 512 + static String intermediate_SHA1withRSA_512_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIByzCCAXWgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK4h/iW3wt+ugR5ObWiFSl394UU/\n" + + "lWNm+N6UAgsBRhSzZz/Iof7xZTQI+usNXzOrTnU3+uZsMgokpjkrko1osxUCAwEA\n" + + "AaOBiTCBhjAdBgNVHQ4EFgQU88OD48Osuh7lJiLnhfMhrySqW8QwRwYDVR0jBEAw\n" + + "PoAU5PVLxBY//smN31jHb/MAmCEz5NKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + + "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" + + "CSqGSIb3DQEBBQUAA0EASLN+1/pfo+9ty5EaYkoPu4QeYGr+5wmXyDceiaED/Lok\n" + + "RdV0ZH0qwD4kiarlJssNOgMCk+2EzgvXcIhEMDa5hA==\n" + + "-----END CERTIFICATE-----"; + + // MD5withRSA 1024 signed with RSA 1024 + static String intermediate_MD5withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICUDCCAbmgAwIBAgIBBzANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + + "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + + "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + + "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + + "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEEBQADgYEAerx2je3FBVn2eoPs\n" + + "nTzLKILezqCTCO7mXWiyBidRhh4RGdM8JggMN5SRmuwRurxfYFgPfqmAenWtEFqO\n" + + "xZrTXQUvIrrEgpzqkfppFnkCh4kDsX4roD5Nho3J4MTBQkqE0r676Yq6Rp6cywCq\n" + + "CHQQztRGY7n/ZYRNJ3uzvuoT1tk=\n" + + "-----END CERTIFICATE-----"; + + // MD5withRSA 1024 signed with RSA 512 + static String intermediate_MD5withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICDzCCAbmgAwIBAgIBCDANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MTBaFw0zMzA5MTQxMTA5MTBa\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + + "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + + "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + + "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + + "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBTk9UvEFj/+yY3fWMdv8wCYITPk0qEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEEBQADQQA3XGQPNin8cDIsJ4vx\n" + + "tTxUO6XVJoWOdTsjwzlMrPmLvjJNZeXLtQe3pQu0vjgyUpQ59VYLW3qKN/LF3UH0\n" + + "Ep7V\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 1024 + static String endentiry_SHA1withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + + "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + + "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + + "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + + "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + + "8e7JW1tPUDAfBgNVHSMEGDAWgBQIsaDZL94kLug/A1N4EkNOA4z47DANBgkqhkiG\n" + + "9w0BAQUFAAOBgQB2RkWHOaL4WTOGoeTS4J4o9FW+4UXihbocdI/64rMExERjDkE/\n" + + "Jh31TEmatnP1gPrF1AfmqQPubqVSbRtCHrZF+Ilk6L6YeyRNzKvsLiMUtgrLYLas\n" + + "Vop0DFZxR02xHgaJdoJkcWBjNadb9zG7eZtt8OOOJ4lRwg02aLTy+WDqPA==\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 512 + static String endentiry_SHA1withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIB9jCCAaCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + + "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + + "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + + "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + + "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + + "8e7JW1tPUDAfBgNVHSMEGDAWgBTzw4Pjw6y6HuUmIueF8yGvJKpbxDANBgkqhkiG\n" + + "9w0BAQUFAANBAIapvjECUm4YD4O99G0v2SM17cKQzjZtSWkScS7FSk4sxS+dP3hM\n" + + "Qb2UpoRl6CGynhOVVy2G/VJN8BEqOfywj8k=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 1024 + static String endentiry_SHA1withRSA_512_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIB8zCCAVygAwIBAgIBBDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + + "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" + + "DQEBAQUAA0sAMEgCQQCngiNTE+qngHcfj2jUpdc82gCw+TFRjR7oMSdp7b/3NwpD\n" + + "E+11z9WspoXTDzvbKcGUH9svFl691NyY0ZUmf+4RAgMBAAGjTzBNMAsGA1UdDwQE\n" + + "AwID6DAdBgNVHQ4EFgQUK+oVsFTQbz08evgQZ5Sd82c2y4UwHwYDVR0jBBgwFoAU\n" + + "CLGg2S/eJC7oPwNTeBJDTgOM+OwwDQYJKoZIhvcNAQEFBQADgYEAMd/8XnjRz5jK\n" + + "nbss9DDQQC2mUuCbV/tGdke7eQ1DtBVZLBU6wDgisGr52sUXmyZIPmSVKpQqwCG5\n" + + "8cY5uQhaNwPtPmMMKXzX32zN9NhVkiDNceL+zHs3vdjD1i/QiUTST+NKfLYVb6dF\n" + + "YMG65lxe3gMVxMweiHSZSukmk1k3gUA=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 512 + static String endentiry_SHA1withRSA_512_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIBsjCCAVygAwIBAgIBBTANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + + "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" + + "DQEBAQUAA0sAMEgCQQCngiNTE+qngHcfj2jUpdc82gCw+TFRjR7oMSdp7b/3NwpD\n" + + "E+11z9WspoXTDzvbKcGUH9svFl691NyY0ZUmf+4RAgMBAAGjTzBNMAsGA1UdDwQE\n" + + "AwID6DAdBgNVHQ4EFgQUK+oVsFTQbz08evgQZ5Sd82c2y4UwHwYDVR0jBBgwFoAU\n" + + "88OD48Osuh7lJiLnhfMhrySqW8QwDQYJKoZIhvcNAQEFBQADQQB4xFWtC6ijDBIe\n" + + "/Gkf3B9+ycmP52pTPNiPwMS6u1a5vTRXMn5xRDexWfxJKJVZ2s9UR1jheZvWgPC8\n" + + "VUWO8bbG\n" + + "-----END CERTIFICATE-----"; + + // MD5withRSA 1024 signed with RSA 1024 + static String endentiry_MD5withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICNzCCAaCgAwIBAgIBBjANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + + "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + + "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + + "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + + "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + + "8e7JW1tPUDAfBgNVHSMEGDAWgBQIsaDZL94kLug/A1N4EkNOA4z47DANBgkqhkiG\n" + + "9w0BAQQFAAOBgQBCVn9/JQxsRTaKIKSrgB+KtEreat+33k3SXuJICuRxcmvjOXIx\n" + + "wSdq+mRCA+DpIPSNtgnDAUyipnyxRxpdmRRUHuRYpkALq4a5QtTJK0Y/CEMfsd2J\n" + + "Yd2zKcfynDLW6LVeNdtjlY7fTemJnbA/WImNhwyW55V9vbnk3J04EZN8jw==\n" + + "-----END CERTIFICATE-----"; + + // MD5withRSA 1024 signed with RSA 512 + static String endentiry_MD5withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIB9jCCAaCgAwIBAgIBBzANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + + "MTNaFw0zMzA5MTQxMTA5MTNaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + + "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + + "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + + "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + + "8e7JW1tPUDAfBgNVHSMEGDAWgBTzw4Pjw6y6HuUmIueF8yGvJKpbxDANBgkqhkiG\n" + + "9w0BAQQFAANBAAbZwmkqb6sfiiIxuLnj6PjhJsXGfvPomkkbLu5CapAMhen/p6ZG\n" + + "6vh69TbIsBR9UHu7qDyTl5Xax7bmYeW+sDQ=\n" + + "-----END CERTIFICATE-----"; + + static HashMap<String, String> certmap = new HashMap<String, String>(); + static { + certmap.put("trustAnchor_SHA1withRSA_1024", + trustAnchor_SHA1withRSA_1024); + certmap.put("trustAnchor_SHA1withRSA_512", + trustAnchor_SHA1withRSA_512); + certmap.put("intermediate_SHA1withRSA_1024_1024", + intermediate_SHA1withRSA_1024_1024); + certmap.put("intermediate_SHA1withRSA_1024_512", + intermediate_SHA1withRSA_1024_512); + certmap.put("intermediate_SHA1withRSA_512_1024", + intermediate_SHA1withRSA_512_1024); + certmap.put("intermediate_SHA1withRSA_512_512", + intermediate_SHA1withRSA_512_512); + certmap.put("intermediate_MD5withRSA_1024_1024", + intermediate_MD5withRSA_1024_1024); + certmap.put("intermediate_MD5withRSA_1024_512", + intermediate_MD5withRSA_1024_512); + certmap.put("endentiry_SHA1withRSA_1024_1024", + endentiry_SHA1withRSA_1024_1024); + certmap.put("endentiry_SHA1withRSA_1024_512", + endentiry_SHA1withRSA_1024_512); + certmap.put("endentiry_SHA1withRSA_512_1024", + endentiry_SHA1withRSA_512_1024); + certmap.put("endentiry_SHA1withRSA_512_512", + endentiry_SHA1withRSA_512_512); + certmap.put("endentiry_MD5withRSA_1024_1024", + endentiry_MD5withRSA_1024_1024); + certmap.put("endentiry_MD5withRSA_1024_512", + endentiry_MD5withRSA_1024_512); + } + + private static Set<TrustAnchor> generateTrustAnchors() + throws CertificateException { + // generate certificate from cert string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + HashSet<TrustAnchor> anchors = new HashSet<TrustAnchor>(); + + ByteArrayInputStream is = + new ByteArrayInputStream(trustAnchor_SHA1withRSA_1024.getBytes()); + Certificate cert = cf.generateCertificate(is); + TrustAnchor anchor = new TrustAnchor((X509Certificate)cert, null); + anchors.add(anchor); + + is = new ByteArrayInputStream(trustAnchor_SHA1withRSA_512.getBytes()); + cert = cf.generateCertificate(is); + anchor = new TrustAnchor((X509Certificate)cert, null); + anchors.add(anchor); + + return anchors; + } + + private static CertStore generateCertificateStore() throws Exception { + Collection entries = new HashSet(); + + // generate certificate from certificate string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + + for (String key : certmap.keySet()) { + String certStr = certmap.get(key); + ByteArrayInputStream is = + new ByteArrayInputStream(certStr.getBytes());; + Certificate cert = cf.generateCertificate(is); + entries.add(cert); + } + + return CertStore.getInstance("Collection", + new CollectionCertStoreParameters(entries)); + } + + private static X509CertSelector generateSelector(String name) + throws Exception { + X509CertSelector selector = new X509CertSelector(); + + String certStr = certmap.get(name); + if (certStr == null) { + return null; + } + + // generate certificate from certificate string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes()); + X509Certificate target = (X509Certificate)cf.generateCertificate(is); + + selector.setCertificate(target); + + return selector; + } + + private static boolean match(String name, Certificate cert) + throws Exception { + X509CertSelector selector = new X509CertSelector(); + + String certStr = certmap.get(name); + if (certStr == null) { + return false; + } + + // generate certificate from certificate string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes()); + X509Certificate target = (X509Certificate)cf.generateCertificate(is); + + return target.equals(cert); + } + + public static void main(String args[]) throws Exception { + CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); + + X509CertSelector selector = generateSelector(args[0]); + if (selector == null) { + // no target certificate, ignore it + return; + } + + Set<TrustAnchor> anchors = generateTrustAnchors(); + CertStore certs = generateCertificateStore(); + + PKIXBuilderParameters params = + new PKIXBuilderParameters(anchors, selector); + params.addCertStore(certs); + params.setRevocationEnabled(false); + params.setDate(new Date(114, 9, 1)); // 2014-09-01 + + boolean success = Boolean.valueOf(args[2]); + try { + PKIXCertPathBuilderResult result = + (PKIXCertPathBuilderResult)builder.build(params); + if (!success) { + throw new Exception("expected algorithm disabled exception"); + } + + int length = Integer.parseInt(args[1]); + List<? extends Certificate> path = + result.getCertPath().getCertificates(); + if (length != path.size()) { + throw new Exception("unexpected certification path length"); + } + + if (!path.isEmpty()) { // the target is not a trust anchor + if (!match(args[0], path.get(0))) { + throw new Exception("unexpected certificate"); + } + } + } catch (CertPathBuilderException cpbe) { + if (success) { + throw new Exception("unexpected exception", cpbe); + } else { + System.out.println("Get the expected exception " + cpbe); + } + } + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,349 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 7167988 + * @summary PKIX CertPathBuilder in reverse mode doesn't work if more than + * one trust anchor is specified + * @run main/othervm ReverseBuild + */ +import java.io.*; +import java.util.*; +import java.security.cert.*; + +import sun.security.provider.certpath.SunCertPathBuilderParameters; + +public class ReverseBuild { + // Certificate information: + // Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org + // Validity + // Not Before: Dec 8 02:43:36 2008 GMT + // Not After : Aug 25 02:43:36 2028 GMT + // Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org + // X509v3 Subject Key Identifier: + // FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 + // X509v3 Authority Key Identifier: + // keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 + // DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org + // serial:00 + static String NoiceTrusedCertStr = + "-----BEGIN CERTIFICATE-----\n" + + "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + + "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + + "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" + + "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + + "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" + + "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" + + "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" + + "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" + + "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" + + "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" + + "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" + + "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" + + "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" + + "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" + + "6Mvf0r1PNTY2hwTJLJmKtg==\n" + + "-----END CERTIFICATE-----"; + + // Certificate information: + // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce + // Validity + // Not Before: Aug 19 01:52:19 2011 GMT + // Not After : Jul 29 01:52:19 2032 GMT + // Subject: C=US, O=Java, OU=SunJSSE Test Serivce + + // X509v3 Subject Key Identifier: + // B9:7C:D5:D9:DF:A7:4C:03:AE:FD:0E:27:5B:31:95:6C:C7:F3:75:E1 + // X509v3 Authority Key Identifier: + // keyid:B9:7C:D5:D9:DF:A7:4C:03:AE:FD:0E:27:5B:31:95:6C:C7:F3:75:E1 + // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce + // serial:00 + static String NoiceTrusedCertStr_2nd = + "-----BEGIN CERTIFICATE-----\n" + + "MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" + + "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" + + "MTEwODE5MDE1MjE5WhcNMzIwNzI5MDE1MjE5WjA7MQswCQYDVQQGEwJVUzENMAsG\n" + + "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" + + "KoZIhvcNAQEBBQADgY0AMIGJAoGBAM8orG08DtF98TMSscjGsidd1ZoN4jiDpi8U\n" + + "ICz+9dMm1qM1d7O2T+KH3/mxyox7Rc2ZVSCaUD0a3CkhPMnlAx8V4u0H+E9sqso6\n" + + "iDW3JpOyzMExvZiRgRG/3nvp55RMIUV4vEHOZ1QbhuqG4ebN0Vz2DkRft7+flthf\n" + + "vDld6f5JAgMBAAGjgaUwgaIwHQYDVR0OBBYEFLl81dnfp0wDrv0OJ1sxlWzH83Xh\n" + + "MGMGA1UdIwRcMFqAFLl81dnfp0wDrv0OJ1sxlWzH83XhoT+kPTA7MQswCQYDVQQG\n" + + "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" + + "Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEE\n" + + "BQADgYEALlgaH1gWtoBZ84EW8Hu6YtGLQ/L9zIFmHonUPZwn3Pr//icR9Sqhc3/l\n" + + "pVTxOINuFHLRz4BBtEylzRIOPzK3tg8XwuLb1zd0db90x3KBCiAL6E6cklGEPwLe\n" + + "XYMHDn9eDsaq861Tzn6ZwzMgw04zotPMoZN0mVd/3Qca8UJFucE=\n" + + "-----END CERTIFICATE-----"; + + + // Certificate information: + // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce + // Validity + // Not Before: May 5 02:40:50 2012 GMT + // Not After : Apr 15 02:40:50 2033 GMT + // Subject: C=US, O=Java, OU=SunJSSE Test Serivce + // X509v3 Subject Key Identifier: + // DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B + // X509v3 Authority Key Identifier: + // keyid:DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B + // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce + // serial:00 + static String trustedCertStr = + "-----BEGIN CERTIFICATE-----\n" + + "MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJVUzEN\n" + + "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" + + "MTIwNTA1MDI0MDUwWhcNMzMwNDE1MDI0MDUwWjA7MQswCQYDVQQGEwJVUzENMAsG\n" + + "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" + + "KoZIhvcNAQEBBQADgY0AMIGJAoGBANtiq0AIJK+iVRwFrqcD7fYXTCbMYC5Qz/k6\n" + + "AXBy7/1rI8wDhEJLE3m/+NSqiJwZcmdq2dNh/1fJFrwvzuURbc9+paOBWeHbN+Sc\n" + + "x3huw91oPZme385VpoK3G13rSE114S/rF4DM9mz4EStFhSHXATjtdbskNOAYGLTV\n" + + "x8uEy9GbAgMBAAGjgaUwgaIwHQYDVR0OBBYEFN1OjSoRwIMD8Kzror/58n3IaR+b\n" + + "MGMGA1UdIwRcMFqAFN1OjSoRwIMD8Kzror/58n3IaR+boT+kPTA7MQswCQYDVQQG\n" + + "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" + + "Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEC\n" + + "BQADgYEAjjkJesQrkbr36N40egybaIxw7RcqT6iy5fkAGS1JYlBDk8uSCK1o6bCH\n" + + "ls5EpYcGeEoabSS73WRdkO1lgeyWDduO4ef8cCCSpmpT6/YdZG0QS1PtcREeVig+\n" + + "Zr25jNemS4ADHX0aaXP4kiV/G80cR7nX5t5XCUm4bYdbwM07NgI=\n" + + "-----END CERTIFICATE-----"; + static String trustedPrivateKey = // Private key in the format of PKCS#8 + "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANtiq0AIJK+iVRwF\n" + + "rqcD7fYXTCbMYC5Qz/k6AXBy7/1rI8wDhEJLE3m/+NSqiJwZcmdq2dNh/1fJFrwv\n" + + "zuURbc9+paOBWeHbN+Scx3huw91oPZme385VpoK3G13rSE114S/rF4DM9mz4EStF\n" + + "hSHXATjtdbskNOAYGLTVx8uEy9GbAgMBAAECgYEA2VjHkIiA0ABjkX+PqKeb+VLb\n" + + "fxS7tSca5C8zfdRhLxAWRui0/3ihst0eCJNrBDuxvAOACovsDWyLuaUjtI2v2ysz\n" + + "vz6SPyGy82PhQOFzyKQuQ814N6EpothpiZzF0yFchfKIGhUsdY89UrGs9nM7m6NT\n" + + "rztYvgIu4avg2VPR2AECQQD+pFAqipR2BplQRIuuRSZfHRxvoEyDjT1xnHJsC6WP\n" + + "I5hCLghL91MhQGWbP4EJMKYQOTRVukWlcp2Kycpf+P5hAkEA3I43gmVUAPEdyZdY\n" + + "fatW7OaLlbbYJb6qEtpCZ1Rwe/BIvm6H6E3qSi/lpz7Ia7WDulpbF6BawHH3pRFq\n" + + "CUY5ewJBAP3pUDqrRpBN0jB0uSeDslhjSciQ+dqvSpZv3rSYBHUvlBJhnkpJiy37\n" + + "7ZUZhIxqYxyIPgRBolLwb+FFh7OdL+ECQCtldDic9WVmC+VheRDpCKZ+SlK/8lGi\n" + + "7VXeShiIvcU1JysJFoa35fSI7hf1O3wt7+hX5PqGG7Un94EsJwACKEcCQQC1TWt6\n" + + "ArKH6tRxKjOxFtqfs8fgEVYUaOr3j1jF4KBUuX2mtQtddZe3VfJ2wPsuKMMxmhkB\n" + + "e7xWWZnJsErt2e+E"; + + // Certificate information: + // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce + // Validity + // Not Before: May 5 02:40:53 2012 GMT + // Not After : Jan 21 02:40:53 2032 GMT + // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=casigner + // X509v3 Subject Key Identifier: + // 13:07:E0:11:07:DB:EB:33:23:87:31:D0:DB:7E:16:56:BE:11:90:0A + // X509v3 Authority Key Identifier: + // keyid:DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B + // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce + // serial:00 + static String caSignerStr = + "-----BEGIN CERTIFICATE-----\n" + + "MIICqDCCAhGgAwIBAgIBAjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" + + "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" + + "MTIwNTA1MDI0MDUzWhcNMzIwMTIxMDI0MDUzWjBOMQswCQYDVQQGEwJVUzENMAsG\n" + + "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxETAPBgNV\n" + + "BAMTCGNhc2lnbmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+x8+o7oM0\n" + + "ct/LZmZLXBL4CQ8jrULD5P7NtEW0hg/zxBFZfBHf+44Oo2eMPYZj+7xaREOH5BmV\n" + + "KRYlzRtONAaC5Ng4Mrm5UKNPcMIIUjUOvm7vWM4oSTMSfoEcSX+vp99uUAkw3w7Z\n" + + "+frYDm1M4At/j0b+lLij71GFN2L8drpgPQIDAQABo4GoMIGlMB0GA1UdDgQWBBQT\n" + + "B+ARB9vrMyOHMdDbfhZWvhGQCjBjBgNVHSMEXDBagBTdTo0qEcCDA/Cs66K/+fJ9\n" + + "yGkfm6E/pD0wOzELMAkGA1UEBhMCVVMxDTALBgNVBAoTBEphdmExHTAbBgNVBAsT\n" + + "FFN1bkpTU0UgVGVzdCBTZXJpdmNlggEAMBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYD\n" + + "VR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBAI+LXA/UCPkTANablUkt80JNPWsl\n" + + "pS4XLNgPxWaN0bkRDs5oI4ooWAz1rwpeJ/nfetOvWlpmrVjSeovBFja5Hl+dUHTf\n" + + "VfuyzkxXbhuNiJIpo1mVBpNsjwu9YRxuwX6UA2LTUQpgvtVJEE012x3zRvxBCbu2\n" + + "Y/v1R5fZ4c+hXDfC\n" + + "-----END CERTIFICATE-----"; + static String caSignerPrivateKey = // Private key in the format of PKCS#8 + "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAL7Hz6jugzRy38tm\n" + + "ZktcEvgJDyOtQsPk/s20RbSGD/PEEVl8Ed/7jg6jZ4w9hmP7vFpEQ4fkGZUpFiXN\n" + + "G040BoLk2DgyublQo09wwghSNQ6+bu9YzihJMxJ+gRxJf6+n325QCTDfDtn5+tgO\n" + + "bUzgC3+PRv6UuKPvUYU3Yvx2umA9AgMBAAECgYBYvu30cW8LONyt62Zua9hPFTe7\n" + + "qt9B7QYyfkdmoG5PQMepTrOp84SzfoOukvgvDm0huFuJnSvhXQl2cCDhkgXskvFj\n" + + "Hh7KBCFViVXokGdq5YoS0/KYMyQV0TZfJUvILBl51uc4/siQ2tClC/N4sa+1JhgW\n" + + "a6dFGfRjiUKSSlmMwQJBAPWpIz3Q/c+DYMvoQr5OD8EaYwYIevlTdXb97RnJJh2b\n" + + "UnhB9jrqesJiHYVzPmP0ukyPOXOwlp2T5Am4Kw0LFOkCQQDGz150NoHOp28Mvyc4\n" + + "CTqz/zYzUhy2eCJESl196uyP4N65Y01VYQ3JDww4DlsXiU17tVSbgA9TCcfTYOzy\n" + + "vyw1AkARUky+1hafZCcWGZljK8PmnMKwsTZikCTvL/Zg5BMA8Wu+OQBwpQnk3OAy\n" + + "Aa87gw0DyvGFG8Vy9POWT9sRP1/JAkBqP0hrMvYMSs6+MSn0eHo2151PsAJIQcuO\n" + + "U2/Da1khSzu8N6WMi2GiobgV/RYRbf9KrY2ZzMZjykZQYOxAjopBAkEAghCu38cN\n" + + "aOsW6ueo24uzsWI1FTdE+qWNVEi3RSP120xXBCyhaBjIq4WVSlJK9K2aBaJpit3j\n" + + "iQ5tl6zrLlxQhg=="; + + // Certificate information: + // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=casigner + // Validity + // Not Before: May 5 02:40:57 2012 GMT + // Not After : Jan 21 02:40:57 2032 GMT + // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=certissuer + // X509v3 Subject Key Identifier: + // 39:0E:C6:33:B1:50:BC:73:07:31:E5:D8:04:F7:BB:97:55:CF:9B:C8 + // X509v3 Authority Key Identifier: + // keyid:13:07:E0:11:07:DB:EB:33:23:87:31:D0:DB:7E:16:56:BE:11:90:0A + // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce + // serial:02 + static String certIssuerStr = + "-----BEGIN CERTIFICATE-----\n" + + "MIICvjCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQQFADBOMQswCQYDVQQGEwJVUzEN\n" + + "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxETAP\n" + + "BgNVBAMTCGNhc2lnbmVyMB4XDTEyMDUwNTAyNDA1N1oXDTMyMDEyMTAyNDA1N1ow\n" + + "UDELMAkGA1UEBhMCVVMxDTALBgNVBAoTBEphdmExHTAbBgNVBAsTFFN1bkpTU0Ug\n" + + "VGVzdCBTZXJpdmNlMRMwEQYDVQQDEwpjZXJ0aXNzdWVyMIGfMA0GCSqGSIb3DQEB\n" + + "AQUAA4GNADCBiQKBgQCyz55zinU6kNL/LeiTNiBI0QWYmDG0YTotuC4D75liBNqs\n" + + "7Mmladsh2mTtQUAwmuGaGzaZV25a+cUax0DXZoyBwdbTI09u1bUYsZcaUUKbPoCC\n" + + "HH26e4jLFL4olW13Sv4ZAd57tIYevMw+Fp5f4fLPFGegCJTFlv2Qjpmic/cuvQID\n" + + "AQABo4GpMIGmMB0GA1UdDgQWBBQ5DsYzsVC8cwcx5dgE97uXVc+byDBjBgNVHSME\n" + + "XDBagBQTB+ARB9vrMyOHMdDbfhZWvhGQCqE/pD0wOzELMAkGA1UEBhMCVVMxDTAL\n" + + "BgNVBAoTBEphdmExHTAbBgNVBAsTFFN1bkpTU0UgVGVzdCBTZXJpdmNlggECMBMG\n" + + "A1UdEwEB/wQJMAcBAf8CAgQAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOB\n" + + "gQCQTagenCdClT98C+oTJGJrw/dUBD9K3tE6ZJKPMc/2bUia8G5ei1C0eXj4mWG2\n" + + "lu9umR6C90/A6qB050QB2h50qtqxSrkpu+ym1yypauZpg7U3nUY9wZWJNI1vqrQZ\n" + + "pqUMRcXY3iQIVKx+Qj+4/Za1wwFQzpEoGmqRW31V1SdMEw==\n" + + "-----END CERTIFICATE-----"; + static String certIssuerPrivateKey = // Private key in the format of PKCS#8 + "MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBALLPnnOKdTqQ0v8t\n" + + "6JM2IEjRBZiYMbRhOi24LgPvmWIE2qzsyaVp2yHaZO1BQDCa4ZobNplXblr5xRrH\n" + + "QNdmjIHB1tMjT27VtRixlxpRQps+gIIcfbp7iMsUviiVbXdK/hkB3nu0hh68zD4W\n" + + "nl/h8s8UZ6AIlMWW/ZCOmaJz9y69AgMBAAECgYEAjtew2tgm4gxDojqIauF4VPM1\n" + + "pzsdqd1p3pAdomNLgrQiBLZ8N7oiph6TNb1EjA+OXc+ThFgF/oM9ZDD8qZZwcvjN\n" + + "qDZlpTkFs2TaGcyEZfUaMB45NHVs6Nn+pSkagSNwwy3xeyAct7sQEzGNTDlEwVv5\n" + + "7V9LQutQtBd6xT48KzkCQQDpNRfv2OFNG/6GtzJoO68oJhpnpl2MsYNi4ntRkre/\n" + + "6uXpiCYaDskcrPMRwOOs0m7mxG+Ev+uKnLnSoEMm1GCbAkEAxEmDtiD0Psb8Z9BL\n" + + "ZRb83Jqho3xe2MCAh3xUfz9b/Mhae9dZ44o4OCgQZuwvW1mczF0NtpgZl93BmYa2\n" + + "hTwHhwJBAKHrEj6ep/fA6x0gD2idoATRR94VfbiU+7NpqtO9ecVP0+gsdr/66hn1\n" + + "3yLBeZLh3MxvMTrLgkAQh1i9m0JXjOcCQQClLXAHHegrw+u3uNMZeKTFR+Lp3sk6\n" + + "AZSnbvr0Me9I45kxSeG81x3ENALJecvIRbrrRws5MvmmkNhQR8rkh8WVAkEAk6b+\n" + + "aVtmBgUaTS5+FFlHGHJY9HFrfT1a1C/dwyMuqlmbC3YsBmZaMOlKli5TXNybLff8\n" + + "5KMeGEpXMzgC7AscGA=="; + + // Certificate information: + // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=certissuer + // Validity + // Not Before: May 5 02:41:01 2012 GMT + // Not After : Jan 21 02:41:01 2032 GMT + // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=localhost + // X509v3 Subject Key Identifier: + // AD:C0:2C:4C:E4:C2:2E:A1:BB:5D:92:BE:66:E0:4E:E0:0D:2F:11:EF + // X509v3 Authority Key Identifier: + // keyid:39:0E:C6:33:B1:50:BC:73:07:31:E5:D8:04:F7:BB:97:55:CF:9B:C8 + static String targetCertStr = + "-----BEGIN CERTIFICATE-----\n" + + "MIICjTCCAfagAwIBAgIBBDANBgkqhkiG9w0BAQQFADBQMQswCQYDVQQGEwJVUzEN\n" + + "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxEzAR\n" + + "BgNVBAMTCmNlcnRpc3N1ZXIwHhcNMTIwNTA1MDI0MTAxWhcNMzIwMTIxMDI0MTAx\n" + + "WjBPMQswCQYDVQQGEwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNT\n" + + "RSBUZXN0IFNlcml2Y2UxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0B\n" + + "AQEFAAOBjQAwgYkCgYEAvwaUd7wmBSKqycEstYLWD26vkU08DM39EtaT8wL9HnQ0\n" + + "fgPblwBFI4zdLa2cuYXRZcFUb04N8nrkcpR0D6kkE+AlFAoRWrrZF80B7JTbtEK4\n" + + "1PIeurihXvUT+4MpzGLOojIihMfvM4ufelblD56SInso4WFHm7t4qCln88J1gjkC\n" + + "AwEAAaN4MHYwCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBStwCxM5MIuobtdkr5m4E7g\n" + + "DS8R7zAfBgNVHSMEGDAWgBQ5DsYzsVC8cwcx5dgE97uXVc+byDAnBgNVHSUEIDAe\n" + + "BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDMA0GCSqGSIb3DQEBBAUAA4GB\n" + + "AGfwcfdvEG/nSCiAn2MGbYHp34mgF3OA1SJLWUW0LvWJhwm2cn4AXlSoyvbwrkaB\n" + + "IDDCwhJvvc0vUyL2kTx7sqVaFTq3mDs+ktlB/FfH0Pb+i8FE+g+7T42Iw/j0qxHL\n" + + "YmgbrjBQf5WYN1AvBE/rrPt9aOtS3UsqtVGW574b0shW\n" + + "-----END CERTIFICATE-----"; + static String targetPrivateKey = // Private key in the format of PKCS#8 + "MIICdAIBADANBgkqhkiG9w0BAQEFAASCAl4wggJaAgEAAoGBAL8GlHe8JgUiqsnB\n" + + "LLWC1g9ur5FNPAzN/RLWk/MC/R50NH4D25cARSOM3S2tnLmF0WXBVG9ODfJ65HKU\n" + + "dA+pJBPgJRQKEVq62RfNAeyU27RCuNTyHrq4oV71E/uDKcxizqIyIoTH7zOLn3pW\n" + + "5Q+ekiJ7KOFhR5u7eKgpZ/PCdYI5AgMBAAECf3CscOYvFD3zNMnMJ5LomVqA7w3F\n" + + "gKYM2jlCWAH+wU41PMEXhW6Lujw92jgXL1o+lERwxFzirVdZJWZwKgUSvzP1G0h3\n" + + "fkucq1/UWnToK+8NSXNM/yS8hXbBgSEoJo5f7LKcIi1Ev6doBVofMxs+njzyWKbM\n" + + "Nb7rOLHadghoon0CQQDgQzbzzSN8Dc1YmmylhI5v+0sQRHH0DL7D24k4Weh4vInG\n" + + "EAbt4x8M7ZKEo8/dv0s4hbmNmAnJl93/RRxIyEqLAkEA2g87DiswSQam2pZ8GlrO\n" + + "+w4Qg9mH8uxx8ou2rl0XlHzH1XiTNbkjfY0EZoL7L31BHFk9n11Fb2P85g6ws+Hy\n" + + "ywJAM/xgyLNM/nzUlS128geAXUULaYH0SHaL4isJ7B4rXZGW/mrIsGxtzjlkNYsj\n" + + "rGujrD6TfNc5rZmexIXowJZtcQJBAIww+pCzZ4mrgx5JXWQ8OZHiiu+ZrPOa2+9J\n" + + "r5sOMpi+WGN/73S8oHqZbNjTINZ5OqEVJq8MchWZPQBTNXuQql0CQHEjUzzkCQa3\n" + + "j6JTa2KAdqyvLOx0XF9zcc1gA069uNQI2gPUHS8V215z57f/gMGnDNhVfLs/vMKz\n" + + "sFkVZ3zg7As="; + + + public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + java.security.Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + + // generate certificate from cert string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + + // create a set of trust anchors + LinkedHashSet<TrustAnchor> trustAnchors = new LinkedHashSet<>(); + + ByteArrayInputStream is = + new ByteArrayInputStream(NoiceTrusedCertStr.getBytes()); + Certificate trustedCert = cf.generateCertificate(is); + is.close(); + TrustAnchor anchor = + new TrustAnchor((X509Certificate)trustedCert, null); + trustAnchors.add(anchor); + + is = new ByteArrayInputStream(trustedCertStr.getBytes()); + trustedCert = cf.generateCertificate(is); + is.close(); + anchor = new TrustAnchor((X509Certificate)trustedCert, null); + trustAnchors.add(anchor); + + is = new ByteArrayInputStream(NoiceTrusedCertStr_2nd.getBytes()); + trustedCert = cf.generateCertificate(is); + is.close(); + anchor = new TrustAnchor((X509Certificate)trustedCert, null); + trustAnchors.add(anchor); + + // create a list of certificates + List<Certificate> chainList = new ArrayList<>(); + + is = new ByteArrayInputStream(targetCertStr.getBytes()); + Certificate cert = cf.generateCertificate(is); + is.close(); + chainList.add(cert); + + is = new ByteArrayInputStream(certIssuerStr.getBytes()); + cert = cf.generateCertificate(is); + is.close(); + chainList.add(cert); + + is = new ByteArrayInputStream(caSignerStr.getBytes()); + cert = cf.generateCertificate(is); + is.close(); + chainList.add(cert); + + // create a certificate selector + X509CertSelector xcs = new X509CertSelector(); + X509Certificate eeCert = (X509Certificate)chainList.get(0); + xcs.setSubject(eeCert.getSubjectX500Principal()); + + // reverse build + SunCertPathBuilderParameters params = + new SunCertPathBuilderParameters(trustAnchors, xcs); + params.setBuildForward(false); + params.setRevocationEnabled(false); + + CollectionCertStoreParameters ccsp = + new CollectionCertStoreParameters(chainList); + params.addCertStore(CertStore.getInstance("Collection", ccsp)); + + CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX"); + CertPathBuilderResult res = cpb.build(params); + } +}
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/MD2InTrustAnchor.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/MD2InTrustAnchor.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,13 +23,15 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 7113275 * @summary compatibility issue with MD2 trust anchor and old X509TrustManager - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @run main/othervm MD2InTrustAnchor PKIX TLSv1.1 * @run main/othervm MD2InTrustAnchor SunX509 TLSv1.1 * @run main/othervm MD2InTrustAnchor PKIX TLSv1.2 @@ -40,6 +42,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -284,6 +287,12 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,13 +23,15 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 7113275 * @summary compatibility issue with MD2 trust anchor and old X509TrustManager - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @run main/othervm TrustTrustedCert PKIX TLSv1.1 * @run main/othervm TrustTrustedCert SunX509 TLSv1.1 * @run main/othervm TrustTrustedCert PKIX TLSv1.2 @@ -336,6 +338,12 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509KeyManager/PreferredKey.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509KeyManager/PreferredKey.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,11 +21,18 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /* * @test * @bug 6302644 * @summary X509KeyManager implementation for NewSunX509 doesn't return most * preferable key + * @run main/othervm PreferredKey */ import java.io.*; import java.net.*; @@ -49,6 +56,12 @@ public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + KeyStore ks; KeyManagerFactory kmf; X509KeyManager km;
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,14 +21,16 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 7166570 * @summary JSSE certificate validation has started to fail for * certificate chains - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @run main/othervm BasicConstraints PKIX * @run main/othervm BasicConstraints SunX509 */ @@ -37,6 +39,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.*; @@ -454,6 +457,12 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -39,6 +39,7 @@ import javax.net.ssl.*; import java.security.KeyStore; import java.security.KeyFactory; +import java.security.Security; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.spec.*; @@ -792,6 +793,12 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -39,6 +39,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -304,6 +305,12 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -39,6 +39,7 @@ import javax.net.ssl.*; import java.security.KeyStore; import java.security.KeyFactory; +import java.security.Security; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.spec.*; @@ -794,6 +795,12 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,7 +33,9 @@ * fail trusted checks * @run main/othervm CriticalSubjectAltName * @author Xuelei Fan - * + */ + +/* * This test depends on binary keystore, crisubn.jks and trusted.jks. Because * JAVA keytool cannot generate X509 certificate with SubjectAltName extension, * the certificates are generated with openssl toolkits and then imported into @@ -48,6 +50,7 @@ import java.io.*; import java.net.*; import javax.net.ssl.*; +import java.security.Security; import java.security.cert.Certificate; public class CriticalSubjectAltName implements HostnameVerifier { @@ -155,6 +158,12 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + "/" + keyStoreFile;
--- a/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLCtxAccessToSessCtx.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLCtxAccessToSessCtx.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,6 +37,7 @@ import java.net.*; import javax.net.ssl.*; import java.util.*; +import java.util.concurrent.atomic.AtomicInteger; import java.security.KeyStore; public class SSLCtxAccessToSessCtx { @@ -65,7 +66,7 @@ /* * Is the server ready to serve? */ - volatile static boolean serverReady = false; + AtomicInteger serverReady = new AtomicInteger(1); // only one port now /* * Turn on SSL debugging? @@ -91,12 +92,13 @@ SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort); - serverPorts[createdPorts++] = sslServerSocket.getLocalPort(); + int slot = createdPorts.getAndIncrement(); + serverPorts[slot] = sslServerSocket.getLocalPort(); /* * Signal Client, we're ready for his connect. */ - serverReady = true; + serverReady.getAndDecrement(); int read = 0; SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); InputStream sslIS = sslSocket.getInputStream(); @@ -123,7 +125,7 @@ /* * Wait for server to get started. */ - while (!serverReady) { + while (serverReady.get() > 0) { Thread.sleep(50); } /* @@ -153,8 +155,8 @@ * The remainder is just support stuff */ - volatile int serverPorts[] = new int[]{0}; - volatile int createdPorts = 0; + int serverPorts[] = new int[]{0}; // only one port at present + AtomicInteger createdPorts = new AtomicInteger(0); static SSLServerSocketFactory sslssf; static SSLSocketFactory sslsf; static SSLContext sslctx; @@ -257,14 +259,20 @@ */ System.err.println("Server died..."); e.printStackTrace(); - serverReady = true; + serverReady.set(0); serverException = e; } } }; serverThread.start(); } else { - doServerSide(port); + try { + doServerSide(port); + } catch (Exception e) { + serverException = e; + } finally { + serverReady.set(0); + } } } @@ -286,7 +294,11 @@ }; clientThread.start(); } else { - doClientSide(); + try { + doClientSide(); + } catch (Exception e) { + clientException = e; + } } } }
--- a/test/sun/security/ssl/javax/net/ssl/NewAPIs/SessionCacheSizeTests.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/javax/net/ssl/NewAPIs/SessionCacheSizeTests.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,7 +28,7 @@ /* * @test - * @bug 4366807 + * @bug 4366807 * @summary Need new APIs to get/set session timeout and session cache size. * @run main/othervm SessionCacheSizeTests */ @@ -108,34 +108,47 @@ void doServerSide(int serverPort, int serverConns) throws Exception { - SSLServerSocket sslServerSocket = - (SSLServerSocket) sslssf.createServerSocket(serverPort); - serverPorts[createdPorts++] = sslServerSocket.getLocalPort(); + try (SSLServerSocket sslServerSocket = + (SSLServerSocket) sslssf.createServerSocket(serverPort)) { + + // timeout to accept a connection + sslServerSocket.setSoTimeout(45000); + + // make sure createdPorts++ is atomic + synchronized(serverPorts) { + serverPorts[createdPorts++] = sslServerSocket.getLocalPort(); + + /* + * Signal Client, we're ready for his connect. + */ + if (createdPorts == serverPorts.length) { + serverReady = true; + } + } + int read = 0; + int nConnections = 0; - /* - * Signal Client, we're ready for his connect. - */ - serverReady = true; - int read = 0; - int nConnections = 0; - /* - * Divide the max connections among the available server ports. - * The use of more than one server port ensures creation of more - * than one session. - */ - SSLSession sessions [] = new SSLSession [serverConns]; - SSLSessionContext sessCtx = sslctx.getServerSessionContext(); + /* + * Divide the max connections among the available server ports. + * The use of more than one server port ensures creation of more + * than one session. + */ + SSLSession sessions [] = new SSLSession [serverConns]; + SSLSessionContext sessCtx = sslctx.getServerSessionContext(); - while (nConnections < serverConns) { - SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); - InputStream sslIS = sslSocket.getInputStream(); - OutputStream sslOS = sslSocket.getOutputStream(); - read = sslIS.read(); - sessions[nConnections] = sslSocket.getSession(); - sslOS.write(85); - sslOS.flush(); - sslSocket.close(); - nConnections++; + while (nConnections < serverConns) { + try (SSLSocket sslSocket = + (SSLSocket)sslServerSocket.accept()) { + sslSocket.setSoTimeout(90000); // timeout to read + InputStream sslIS = sslSocket.getInputStream(); + OutputStream sslOS = sslSocket.getOutputStream(); + read = sslIS.read(); + sessions[nConnections] = sslSocket.getSession(); + sslOS.write(85); + sslOS.flush(); + nConnections++; + } + } } } @@ -261,8 +274,8 @@ * Using four ports (one per each connection), we are able to create * alteast four sessions. */ - volatile int serverPorts[] = new int[]{0, 0, 0, 0}; - volatile int createdPorts = 0; + int serverPorts[] = new int[]{0, 0, 0, 0}; // MAX_ACTIVE_CONNECTIONS: 4 + int createdPorts = 0; static SSLServerSocketFactory sslssf; static SSLSocketFactory sslsf; static SSLContext sslctx; @@ -312,7 +325,6 @@ * Fork off the other side, then do your work. */ SessionCacheSizeTests() throws Exception { - /* * create the SSLServerSocket and SSLSocket factories */ @@ -325,46 +337,87 @@ int serverConns = MAX_ACTIVE_CONNECTIONS / (serverPorts.length); int remainingConns = MAX_ACTIVE_CONNECTIONS % (serverPorts.length); - if (separateServerThread) { - for (int i = 0; i < serverPorts.length; i++) { - - // distribute remaining connections among the available ports - if (i < remainingConns) - startServer(serverPorts[i], (serverConns + 1), true); - else - startServer(serverPorts[i], serverConns, true); + Exception startException = null; + try { + if (separateServerThread) { + for (int i = 0; i < serverPorts.length; i++) { + // distribute remaining connections among the + // available ports + if (i < remainingConns) + startServer(serverPorts[i], (serverConns + 1), true); + else + startServer(serverPorts[i], serverConns, true); + } + startClient(false); + } else { + startClient(true); + for (int i = 0; i < serverPorts.length; i++) { + if (i < remainingConns) + startServer(serverPorts[i], (serverConns + 1), false); + else + startServer(serverPorts[i], serverConns, false); + } } - startClient(false); - } else { - startClient(true); - for (int i = 0; i < serverPorts.length; i++) { - if (i < remainingConns) - startServer(serverPorts[i], (serverConns + 1), false); - else - startServer(serverPorts[i], serverConns, false); - } + } catch (Exception e) { + startException = e; } /* * Wait for other side to close down. */ if (separateServerThread) { - serverThread.join(); + if (serverThread != null) { + serverThread.join(); + } } else { - clientThread.join(); + if (clientThread != null) { + clientThread.join(); + } } /* * When we get here, the test is pretty much over. - * - * If the main thread excepted, that propagates back - * immediately. If the other thread threw an exception, we - * should report back. + */ + Exception local; + Exception remote; + + if (separateServerThread) { + remote = serverException; + local = clientException; + } else { + remote = clientException; + local = serverException; + } + + Exception exception = null; + + /* + * Check various exception conditions. */ - if (serverException != null) - throw serverException; - if (clientException != null) - throw clientException; + if ((local != null) && (remote != null)) { + // If both failed, return the curthread's exception. + local.initCause(remote); + exception = local; + } else if (local != null) { + exception = local; + } else if (remote != null) { + exception = remote; + } else if (startException != null) { + exception = startException; + } + + /* + * If there was an exception *AND* a startException, + * output it. + */ + if (exception != null) { + if (exception != startException && startException != null) { + exception.addSuppressed(startException); + } + throw exception; + } + + // Fall-through: no exception to throw! } void startServer(final int port, final int nConns, @@ -389,7 +442,13 @@ }; serverThread.start(); } else { - doServerSide(port, nConns); + try { + doServerSide(port, nConns); + } catch (Exception e) { + serverException = e; + } finally { + serverReady = true; + } } } @@ -411,7 +470,11 @@ }; clientThread.start(); } else { - doClientSide(); + try { + doClientSide(); + } catch (Exception e) { + clientException = e; + } } } }
--- a/test/sun/security/ssl/javax/net/ssl/NewAPIs/SessionTimeOutTests.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/javax/net/ssl/NewAPIs/SessionTimeOutTests.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -38,6 +38,7 @@ import javax.net.ssl.*; import java.util.*; import java.security.*; +import java.util.concurrent.atomic.AtomicInteger; /** * Session reuse time-out tests cover the cases below: @@ -81,7 +82,7 @@ /* * Is the server ready to serve? */ - volatile static int serverReady = PORTS; + AtomicInteger serverReady = new AtomicInteger(PORTS); /* * Turn on SSL debugging? @@ -100,7 +101,7 @@ /* * Define the server side of the test. * - * If the server prematurely exits, serverReady will be set to true + * If the server prematurely exits, serverReady will be set to zero * to avoid infinite hangs. */ @@ -113,12 +114,13 @@ SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort); - serverPorts[createdPorts++] = sslServerSocket.getLocalPort(); + int slot = createdPorts.getAndIncrement(); + serverPorts[slot] = sslServerSocket.getLocalPort(); /* * Signal Client, we're ready for his connect. */ - serverReady--; + serverReady.getAndDecrement(); int read = 0; int nConnections = 0; SSLSession sessions [] = new SSLSession [serverConns]; @@ -139,7 +141,7 @@ /* * Define the client side of the test. * - * If the server prematurely exits, serverReady will be set to true + * If the server prematurely exits, serverReady will be set to zero * to avoid infinite hangs. */ void doClientSide() throws Exception { @@ -147,7 +149,7 @@ /* * Wait for server to get started. */ - while (serverReady > 0) { + while (serverReady.get() > 0) { Thread.sleep(50); } @@ -265,7 +267,7 @@ for (int i = 0; i < nConnections; i++) { sslSockets[i].close(); } - System.out.println("----------------------------------------" + System.out.println("----------------------------------------" + "-----------------------"); System.out.println("Session timeout test passed"); } @@ -289,8 +291,8 @@ * The remainder is just support stuff */ - volatile int serverPorts[] = new int[PORTS]; - volatile int createdPorts = 0; + int serverPorts[] = new int[PORTS]; + AtomicInteger createdPorts = new AtomicInteger(0); static SSLServerSocketFactory sslssf; static SSLSocketFactory sslsf; static SSLContext sslctx; @@ -350,45 +352,88 @@ int serverConns = MAX_ACTIVE_CONNECTIONS / (serverPorts.length); int remainingConns = MAX_ACTIVE_CONNECTIONS % (serverPorts.length); - if (separateServerThread) { - for (int i = 0; i < serverPorts.length; i++) { - // distribute remaining connections among the available ports - if (i < remainingConns) - startServer(serverPorts[i], (serverConns + 1), true); - else - startServer(serverPorts[i], serverConns, true); + Exception startException = null; + try { + if (separateServerThread) { + for (int i = 0; i < serverPorts.length; i++) { + // distribute remaining connections among the + // vailable ports + if (i < remainingConns) + startServer(serverPorts[i], (serverConns + 1), true); + else + startServer(serverPorts[i], serverConns, true); + } + startClient(false); + } else { + startClient(true); + for (int i = 0; i < serverPorts.length; i++) { + if (i < remainingConns) + startServer(serverPorts[i], (serverConns + 1), false); + else + startServer(serverPorts[i], serverConns, false); + } } - startClient(false); - } else { - startClient(true); - for (int i = 0; i < serverPorts.length; i++) { - if (i < remainingConns) - startServer(serverPorts[i], (serverConns + 1), false); - else - startServer(serverPorts[i], serverConns, false); - } + } catch (Exception e) { + startException = e; } /* * Wait for other side to close down. */ if (separateServerThread) { - serverThread.join(); + if (serverThread != null) { + serverThread.join(); + } } else { - clientThread.join(); + if (clientThread != null) { + clientThread.join(); + } } /* * When we get here, the test is pretty much over. - * - * If the main thread excepted, that propagates back - * immediately. If the other thread threw an exception, we - * should report back. + * Which side threw the error? + */ + Exception local; + Exception remote; + + if (separateServerThread) { + remote = serverException; + local = clientException; + } else { + remote = clientException; + local = serverException; + } + + Exception exception = null; + + /* + * Check various exception conditions. */ - if (serverException != null) - throw serverException; - if (clientException != null) - throw clientException; + if ((local != null) && (remote != null)) { + // If both failed, return the curthread's exception. + local.initCause(remote); + exception = local; + } else if (local != null) { + exception = local; + } else if (remote != null) { + exception = remote; + } else if (startException != null) { + exception = startException; + } + + /* + * If there was an exception *AND* a startException, + * output it. + */ + if (exception != null) { + if (exception != startException && startException != null) { + exception.addSuppressed(startException); + } + throw exception; + } + + // Fall-through: no exception to throw! } void startServer(final int port, final int nConns, @@ -406,14 +451,20 @@ */ System.err.println("Server died..."); e.printStackTrace(); - serverReady = 0; + serverReady.set(0); serverException = e; } } }; serverThread.start(); } else { - doServerSide(port, nConns); + try { + doServerSide(port, nConns); + } catch (Exception e) { + serverException = e; + } finally { + serverReady.set(0); + } } } @@ -435,7 +486,11 @@ }; clientThread.start(); } else { - doClientSide(); + try { + doClientSide(); + } catch (Exception e) { + clientException = e; + } } } }
--- a/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -229,6 +229,12 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + "/" + keyStoreFile;
--- a/test/sun/security/ssl/javax/net/ssl/TLSv12/ShortRSAKey512.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/javax/net/ssl/TLSv12/ShortRSAKey512.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -282,6 +282,8 @@ // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/CookieHttpsClientTest.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/CookieHttpsClientTest.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,6 +21,9 @@ * questions. */ +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. + /* * @test * @bug 7129083 @@ -182,10 +185,10 @@ public static void main(String args[]) throws Exception { String keyFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + + System.getProperty("test.src", ".") + "/" + pathToStores + "/" + keyStoreFile; String trustFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + + System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; System.setProperty("javax.net.ssl.keyStore", keyFilename); @@ -201,40 +204,83 @@ Thread clientThread = null; Thread serverThread = null; + /* * Primary constructor, used to drive remainder of the test. * * Fork off the other side, then do your work. */ CookieHttpsClientTest() throws Exception { - if (separateServerThread) { - startServer(true); - startClient(false); - } else { - startClient(true); - startServer(false); + Exception startException = null; + try { + if (separateServerThread) { + startServer(true); + startClient(false); + } else { + startClient(true); + startServer(false); + } + } catch (Exception e) { + startException = e; } /* * Wait for other side to close down. */ if (separateServerThread) { - serverThread.join(); + if (serverThread != null) { + serverThread.join(); + } } else { - clientThread.join(); + if (clientThread != null) { + clientThread.join(); + } } /* * When we get here, the test is pretty much over. - * - * If the main thread excepted, that propagates back - * immediately. If the other thread threw an exception, we - * should report back. + * Which side threw the error? + */ + Exception local; + Exception remote; + + if (separateServerThread) { + remote = serverException; + local = clientException; + } else { + remote = clientException; + local = serverException; + } + + Exception exception = null; + + /* + * Check various exception conditions. */ - if (serverException != null) - throw serverException; - if (clientException != null) - throw clientException; + if ((local != null) && (remote != null)) { + // If both failed, return the curthread's exception. + local.initCause(remote); + exception = local; + } else if (local != null) { + exception = local; + } else if (remote != null) { + exception = remote; + } else if (startException != null) { + exception = startException; + } + + /* + * If there was an exception *AND* a startException, + * output it. + */ + if (exception != null) { + if (exception != startException) { + exception.addSuppressed(startException); + } + throw exception; + } + + // Fall-through: no exception to throw! } void startServer(boolean newThread) throws Exception { @@ -257,7 +303,13 @@ }; serverThread.start(); } else { - doServerSide(); + try { + doServerSide(); + } catch (Exception e) { + serverException = e; + } finally { + serverReady = true; + } } } @@ -273,12 +325,16 @@ */ System.err.println("Client died..."); clientException = e; - } + } } }; clientThread.start(); } else { - doClientSide(); + try { + doClientSide(); + } catch (Exception e) { + clientException = e; + } } } }
--- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,6 +37,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -745,6 +746,12 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,6 +37,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -746,6 +747,12 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,6 +37,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -745,6 +746,12 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,6 +37,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -745,6 +746,12 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/templates/SSLEngineTemplate.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/templates/SSLEngineTemplate.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/ssl/templates/SSLSocketSSLEngineTemplate.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,490 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 7105780 + * @summary Add SSLSocket client/SSLEngine server to templates directory. + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. + * + * @run main/othervm SSLSocketSSLEngineTemplate + */ + +/** + * A SSLSocket/SSLEngine interop test case. This is not the way to + * code SSLEngine-based servers, but works for what we need to do here, + * which is to make sure that SSLEngine/SSLSockets can talk to each other. + * SSLEngines can use direct or indirect buffers, and different code + * is used to get at the buffer contents internally, so we test that here. + * + * The test creates one SSLSocket (client) and one SSLEngine (server). + * The SSLSocket talks to a raw ServerSocket, and the server code + * does the translation between byte [] and ByteBuffers that the SSLEngine + * can use. The "transport" layer consists of a Socket Input/OutputStream + * and two byte buffers for the SSLEngines: think of them + * as directly connected pipes. + * + * Again, this is a *very* simple example: real code will be much more + * involved. For example, different threading and I/O models could be + * used, transport mechanisms could close unexpectedly, and so on. + * + * When this application runs, notice that several messages + * (wrap/unwrap) pass before any application data is consumed or + * produced. (For more information, please see the SSL/TLS + * specifications.) There may several steps for a successful handshake, + * so it's typical to see the following series of operations: + * + * client server message + * ====== ====== ======= + * write() ... ClientHello + * ... unwrap() ClientHello + * ... wrap() ServerHello/Certificate + * read() ... ServerHello/Certificate + * write() ... ClientKeyExchange + * write() ... ChangeCipherSpec + * write() ... Finished + * ... unwrap() ClientKeyExchange + * ... unwrap() ChangeCipherSpec + * ... unwrap() Finished + * ... wrap() ChangeCipherSpec + * ... wrap() Finished + * read() ... ChangeCipherSpec + * read() ... Finished + */ +import javax.net.ssl.*; +import javax.net.ssl.SSLEngineResult.*; +import java.io.*; +import java.net.*; +import java.security.*; +import java.nio.*; + +public class SSLSocketSSLEngineTemplate { + + /* + * Enables logging of the SSL/TLS operations. + */ + private static boolean logging = true; + + /* + * Enables the JSSE system debugging system property: + * + * -Djavax.net.debug=all + * + * This gives a lot of low-level information about operations underway, + * including specific handshake messages, and might be best examined + * after gaining some familiarity with this application. + */ + private static boolean debug = false; + private SSLContext sslc; + private SSLEngine serverEngine; // server-side SSLEngine + private SSLSocket sslSocket; // client-side socket + private ServerSocket serverSocket; // server-side Socket, generates the... + private Socket socket; // server-side socket that will read + + private final byte[] serverMsg = + "Hi there Client, I'm a Server.".getBytes(); + private final byte[] clientMsg = + "Hello Server, I'm a Client! Pleased to meet you!".getBytes(); + + private ByteBuffer serverOut; // write side of serverEngine + private ByteBuffer serverIn; // read side of serverEngine + + private volatile Exception clientException; + private volatile Exception serverException; + + /* + * For data transport, this example uses local ByteBuffers. + */ + private ByteBuffer cTOs; // "reliable" transport client->server + private ByteBuffer sTOc; // "reliable" transport server->client + + /* + * The following is to set up the keystores/trust material. + */ + private static final String pathToStores = "../etc/"; + private static final String keyStoreFile = "keystore"; + private static final String trustStoreFile = "truststore"; + private static final String passwd = "passphrase"; + private static String keyFilename = + System.getProperty("test.src", ".") + "/" + pathToStores + + "/" + keyStoreFile; + private static String trustFilename = + System.getProperty("test.src", ".") + "/" + pathToStores + + "/" + trustStoreFile; + + /* + * Main entry point for this test. + */ + public static void main(String args[]) throws Exception { + if (debug) { + System.setProperty("javax.net.debug", "all"); + } + + String [] protocols = new String [] { + "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" }; + + for (String protocol : protocols) { + log("Testing " + protocol); + /* + * Run the tests with direct and indirect buffers. + */ + SSLSocketSSLEngineTemplate test = + new SSLSocketSSLEngineTemplate(protocol); + test.runTest(true); + test.runTest(false); + } + + System.out.println("Test Passed."); + } + + /* + * Create an initialized SSLContext to use for these tests. + */ + public SSLSocketSSLEngineTemplate(String protocol) throws Exception { + + KeyStore ks = KeyStore.getInstance("JKS"); + KeyStore ts = KeyStore.getInstance("JKS"); + + char[] passphrase = "passphrase".toCharArray(); + + ks.load(new FileInputStream(keyFilename), passphrase); + ts.load(new FileInputStream(trustFilename), passphrase); + + KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); + kmf.init(ks, passphrase); + + TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); + tmf.init(ts); + + SSLContext sslCtx = SSLContext.getInstance(protocol); + + sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); + + sslc = sslCtx; + } + + /* + * Run the test. + * + * Sit in a tight loop, with the server engine calling wrap/unwrap + * regardless of whether data is available or not. We do this until + * we get the application data. Then we shutdown and go to the next one. + * + * The main loop handles all of the I/O phases of the SSLEngine's + * lifetime: + * + * initial handshaking + * application data transfer + * engine closing + * + * One could easily separate these phases into separate + * sections of code. + */ + private void runTest(boolean direct) throws Exception { + boolean serverClose = direct; + + serverSocket = new ServerSocket(0); + int port = serverSocket.getLocalPort(); + Thread thread = createClientThread(port, serverClose); + + socket = serverSocket.accept(); + socket.setSoTimeout(500); + serverSocket.close(); + + createSSLEngine(); + createBuffers(direct); + + try { + boolean closed = false; + + InputStream is = socket.getInputStream(); + OutputStream os = socket.getOutputStream(); + + SSLEngineResult serverResult; // results from last operation + + /* + * Examining the SSLEngineResults could be much more involved, + * and may alter the overall flow of the application. + * + * For example, if we received a BUFFER_OVERFLOW when trying + * to write to the output pipe, we could reallocate a larger + * pipe, but instead we wait for the peer to drain it. + */ + byte[] inbound = new byte[8192]; + byte[] outbound = new byte[8192]; + + while (!isEngineClosed(serverEngine)) { + int len = 0; + + // Inbound data + log("================"); + + // Read from the Client side. + try { + len = is.read(inbound); + if (len == -1) { + throw new Exception("Unexpected EOF"); + } + cTOs.put(inbound, 0, len); + } catch (SocketTimeoutException ste) { + // swallow. Nothing yet, probably waiting on us. + } + + cTOs.flip(); + + serverResult = serverEngine.unwrap(cTOs, serverIn); + log("server unwrap: ", serverResult); + runDelegatedTasks(serverResult, serverEngine); + cTOs.compact(); + + // Outbound data + log("----"); + + serverResult = serverEngine.wrap(serverOut, sTOc); + log("server wrap: ", serverResult); + runDelegatedTasks(serverResult, serverEngine); + + sTOc.flip(); + + if ((len = sTOc.remaining()) != 0) { + sTOc.get(outbound, 0, len); + os.write(outbound, 0, len); + // Give the other side a chance to process + } + + sTOc.compact(); + + if (!closed && (serverOut.remaining() == 0)) { + closed = true; + + /* + * We'll alternate initiatating the shutdown. + * When the server initiates, it will take one more + * loop, but tests the orderly shutdown. + */ + if (serverClose) { + serverEngine.closeOutbound(); + } + serverIn.flip(); + + /* + * A sanity check to ensure we got what was sent. + */ + if (serverIn.remaining() != clientMsg.length) { + throw new Exception("Client: Data length error"); + } + + for (int i = 0; i < clientMsg.length; i++) { + if (clientMsg[i] != serverIn.get()) { + throw new Exception("Client: Data content error"); + } + } + serverIn.compact(); + } + } + return; + } catch (Exception e) { + serverException = e; + } finally { + if (socket != null) { + socket.close(); + } + + // Wait for the client to join up with us. + if (thread != null) { + thread.join(); + } + + if (serverException != null) { + if (clientException != null) { + serverException.initCause(clientException); + } + throw serverException; + } + if (clientException != null) { + if (serverException != null) { + clientException.initCause(serverException); + } + throw clientException; + } + } + } + + /* + * Create a client thread which does simple SSLSocket operations. + * We'll write and read one data packet. + */ + private Thread createClientThread(final int port, + final boolean serverClose) throws Exception { + + Thread t = new Thread("ClientThread") { + + @Override + public void run() { + try { + Thread.sleep(1000); // Give server time to finish setup. + + sslSocket = (SSLSocket) sslc.getSocketFactory(). + createSocket("localhost", port); + OutputStream os = sslSocket.getOutputStream(); + InputStream is = sslSocket.getInputStream(); + + // write(byte[]) goes in one shot. + os.write(clientMsg); + + byte[] inbound = new byte[2048]; + int pos = 0; + + int len; +done: + while ((len = is.read(inbound, pos, 2048 - pos)) != -1) { + pos += len; + // Let the client do the closing. + if ((pos == serverMsg.length) && !serverClose) { + sslSocket.close(); + break done; + } + } + + if (pos != serverMsg.length) { + throw new Exception("Client: Data length error"); + } + + for (int i = 0; i < serverMsg.length; i++) { + if (inbound[i] != serverMsg[i]) { + throw new Exception("Client: Data content error"); + } + } + } catch (Exception e) { + clientException = e; + } + } + }; + t.start(); + return t; + } + + /* + * Using the SSLContext created during object creation, + * create/configure the SSLEngines we'll use for this test. + */ + private void createSSLEngine() throws Exception { + /* + * Configure the serverEngine to act as a server in the SSL/TLS + * handshake. + */ + serverEngine = sslc.createSSLEngine(); + serverEngine.setUseClientMode(false); + serverEngine.getNeedClientAuth(); + } + + /* + * Create and size the buffers appropriately. + */ + private void createBuffers(boolean direct) { + + SSLSession session = serverEngine.getSession(); + int appBufferMax = session.getApplicationBufferSize(); + int netBufferMax = session.getPacketBufferSize(); + + /* + * We'll make the input buffers a bit bigger than the max needed + * size, so that unwrap()s following a successful data transfer + * won't generate BUFFER_OVERFLOWS. + * + * We'll use a mix of direct and indirect ByteBuffers for + * tutorial purposes only. In reality, only use direct + * ByteBuffers when they give a clear performance enhancement. + */ + if (direct) { + serverIn = ByteBuffer.allocateDirect(appBufferMax + 50); + cTOs = ByteBuffer.allocateDirect(netBufferMax); + sTOc = ByteBuffer.allocateDirect(netBufferMax); + } else { + serverIn = ByteBuffer.allocate(appBufferMax + 50); + cTOs = ByteBuffer.allocate(netBufferMax); + sTOc = ByteBuffer.allocate(netBufferMax); + } + + serverOut = ByteBuffer.wrap(serverMsg); + } + + /* + * If the result indicates that we have outstanding tasks to do, + * go ahead and run them in this thread. + */ + private static void runDelegatedTasks(SSLEngineResult result, + SSLEngine engine) throws Exception { + + if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { + Runnable runnable; + while ((runnable = engine.getDelegatedTask()) != null) { + log("\trunning delegated task..."); + runnable.run(); + } + HandshakeStatus hsStatus = engine.getHandshakeStatus(); + if (hsStatus == HandshakeStatus.NEED_TASK) { + throw new Exception( + "handshake shouldn't need additional tasks"); + } + log("\tnew HandshakeStatus: " + hsStatus); + } + } + + private static boolean isEngineClosed(SSLEngine engine) { + return (engine.isOutboundDone() && engine.isInboundDone()); + } + + /* + * Logging code + */ + private static boolean resultOnce = true; + + private static void log(String str, SSLEngineResult result) { + if (!logging) { + return; + } + if (resultOnce) { + resultOnce = false; + System.out.println("The format of the SSLEngineResult is: \n" + + "\t\"getStatus() / getHandshakeStatus()\" +\n" + + "\t\"bytesConsumed() / bytesProduced()\"\n"); + } + HandshakeStatus hsStatus = result.getHandshakeStatus(); + log(str + + result.getStatus() + "/" + hsStatus + ", " + + result.bytesConsumed() + "/" + result.bytesProduced() + + " bytes"); + if (hsStatus == HandshakeStatus.FINISHED) { + log("\t...ready for application data"); + } + } + + private static void log(String str) { + if (logging) { + System.out.println(str); + } + } +}
--- a/test/sun/security/ssl/templates/SSLSocketTemplate.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/ssl/templates/SSLSocketTemplate.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -182,6 +182,7 @@ * Fork off the other side, then do your work. */ SSLSocketTemplate() throws Exception { + Exception startException = null; try { if (separateServerThread) { startServer(true); @@ -191,16 +192,20 @@ startServer(false); } } catch (Exception e) { - // swallow for now. Show later + startException = e; } /* * Wait for other side to close down. */ if (separateServerThread) { - serverThread.join(); + if (serverThread != null) { + serverThread.join(); + } } else { - clientThread.join(); + if (clientThread != null) { + clientThread.join(); + } } /* @@ -209,36 +214,44 @@ */ Exception local; Exception remote; - String whichRemote; if (separateServerThread) { remote = serverException; local = clientException; - whichRemote = "server"; } else { remote = clientException; local = serverException; - whichRemote = "client"; + } + + Exception exception = null; + + /* + * Check various exception conditions. + */ + if ((local != null) && (remote != null)) { + // If both failed, return the curthread's exception. + local.initCause(remote); + exception = local; + } else if (local != null) { + exception = local; + } else if (remote != null) { + exception = remote; + } else if (startException != null) { + exception = startException; } /* - * If both failed, return the curthread's exception, but also - * print the remote side Exception + * If there was an exception *AND* a startException, + * output it. */ - if ((local != null) && (remote != null)) { - System.out.println(whichRemote + " also threw:"); - remote.printStackTrace(); - System.out.println(); - throw local; + if (exception != null) { + if (exception != startException && startException != null) { + exception.addSuppressed(startException); + } + throw exception; } - if (remote != null) { - throw remote; - } - - if (local != null) { - throw local; - } + // Fall-through: no exception to throw! } void startServer(boolean newThread) throws Exception {
--- a/test/sun/security/tools/jarsigner/JarSigningNonAscii.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/tools/jarsigner/JarSigningNonAscii.java Sat Sep 10 22:36:17 2016 +0100 @@ -62,7 +62,7 @@ "-signedJar", signedJar, unsignedJar, "b" }; - JarSigner.main(jsArgs); + sun.security.tools.jarsigner.Main.main(jsArgs); // verify the signed jar file
--- a/test/sun/security/tools/jarsigner/LargeJarEntry.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/tools/jarsigner/LargeJarEntry.java Sat Sep 10 22:36:17 2016 +0100 @@ -35,7 +35,6 @@ import java.util.jar.JarEntry; import java.util.jar.JarOutputStream; import java.util.zip.CRC32; -import sun.security.tools.JarSigner; public class LargeJarEntry { @@ -73,7 +72,7 @@ jarName, "b" }; // now, try to sign it try { - JarSigner.main(jsArgs); + sun.security.tools.jarsigner.Main.main(jsArgs); } catch (OutOfMemoryError err) { throw new Exception("Test failed with OutOfMemoryError", err); } finally {
--- a/test/sun/security/tools/jarsigner/TimestampCheck.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/tools/jarsigner/TimestampCheck.java Sat Sep 10 22:36:17 2016 +0100 @@ -24,10 +24,9 @@ import com.sun.net.httpserver.*; import java.io.BufferedReader; import java.io.ByteArrayOutputStream; -import java.io.File; import java.io.FileInputStream; -import java.io.FileOutputStream; import java.io.IOException; +import java.io.InputStream; import java.io.InputStreamReader; import java.io.OutputStream; import java.math.BigInteger; @@ -38,9 +37,15 @@ import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.Calendar; +import java.util.jar.JarEntry; +import java.util.jar.JarFile; + +import sun.misc.IOUtils; import sun.security.pkcs.ContentInfo; import sun.security.pkcs.PKCS7; +import sun.security.pkcs.PKCS9Attribute; import sun.security.pkcs.SignerInfo; +import sun.security.timestamp.TimestampToken; import sun.security.util.DerOutputStream; import sun.security.util.DerValue; import sun.security.util.ObjectIdentifier; @@ -51,6 +56,8 @@ static final String TSKS = "tsks"; static final String JAR = "old.jar"; + static final String defaultPolicyId = "2.3.4.5"; + static class Handler implements HttpHandler { public void handle(HttpExchange t) throws IOException { int len = 0; @@ -94,6 +101,11 @@ * 6: extension is missing * 7: extension is non-critical * 8: extension does not have timestamping + * 9: no cert in response + * 10: normal + * 11: always return default policy id + * 12: normal + * otherwise: normal * @returns the signed */ byte[] sign(byte[] input, int path) throws Exception { @@ -106,6 +118,7 @@ messageImprint.data.getDerValue()); System.err.println("AlgorithmId: " + aid); + ObjectIdentifier policyId = new ObjectIdentifier(defaultPolicyId); BigInteger nonce = null; while (value.data.available() > 0) { DerValue v = value.data.getDerValue(); @@ -114,6 +127,9 @@ System.err.println("nonce: " + nonce); } else if (v.tag == DerValue.tag_Boolean) { System.err.println("certReq: " + v.getBoolean()); + } else if (v.tag == DerValue.tag_ObjectId) { + policyId = v.getOID(); + System.err.println("PolicyID: " + policyId); } } @@ -127,6 +143,10 @@ if (path == 7) alias = "tsbad2"; if (path == 8) alias = "tsbad3"; + if (path == 11) { + policyId = new ObjectIdentifier(defaultPolicyId); + } + DerOutputStream statusInfo = new DerOutputStream(); statusInfo.putInteger(0); DerOutputStream statusStrings = new DerOutputStream(); @@ -153,7 +173,7 @@ DerOutputStream tst = new DerOutputStream(); tst.putInteger(1); - tst.putOID(new ObjectIdentifier("1.2.3.4")); // policy + tst.putOID(policyId); if (path != 3 && path != 4) { tst.putDerValue(messageImprint); @@ -263,13 +283,43 @@ jarsigner(cmd, 7, false); // tsbad2 jarsigner(cmd, 8, false); // tsbad3 jarsigner(cmd, 9, false); // no cert in timestamp + jarsigner(cmd + " -tsapolicyid 1.2.3.4", 10, true); + checkTimestamp("new_10.jar", "1.2.3.4", "SHA-256"); + jarsigner(cmd + " -tsapolicyid 1.2.3.5", 11, false); + jarsigner(cmd + " -tsadigestalg SHA", 12, true); + checkTimestamp("new_12.jar", defaultPolicyId, "SHA-1"); } else { // Run as a standalone server System.err.println("Press Enter to quit server"); System.in.read(); } } finally { server.stop(0); - new File("x.jar").delete(); + } + } + + static void checkTimestamp(String file, String policyId, String digestAlg) + throws Exception { + try (JarFile jf = new JarFile(file)) { + JarEntry je = jf.getJarEntry("META-INF/OLD.RSA"); + try (InputStream is = jf.getInputStream(je)) { + byte[] content = IOUtils.readFully(is, -1, true); + PKCS7 p7 = new PKCS7(content); + SignerInfo[] si = p7.getSignerInfos(); + if (si == null || si.length == 0) { + throw new Exception("Not signed"); + } + PKCS9Attribute p9 = si[0].getUnauthenticatedAttributes() + .getAttribute(PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID); + PKCS7 tsToken = new PKCS7((byte[]) p9.getValue()); + TimestampToken tt = + new TimestampToken(tsToken.getContentInfo().getData()); + if (!tt.getHashAlgorithm().toString().equals(digestAlg)) { + throw new Exception("Digest alg different"); + } + if (!tt.getPolicyID().equals(policyId)) { + throw new Exception("policyId different"); + } + } } }
--- a/test/sun/security/tools/jarsigner/ts.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/tools/jarsigner/ts.sh Sat Sep 10 22:36:17 2016 +0100 @@ -22,7 +22,7 @@ # # @test -# @bug 6543842 6543440 6939248 8024302 +# @bug 6543842 6543440 6939248 8009636 8024302 # @summary checking response of timestamp # # @run shell/timeout=600 ts.sh @@ -86,6 +86,6 @@ $KT -alias ca -gencert -ext eku:critical=cs | \ $KT -alias tsbad3 -importcert -$JAVAC -d . ${TESTSRC}/TimestampCheck.java +$JAVAC -XDignore.symbol.file -d . ${TESTSRC}/TimestampCheck.java $JAVA TimestampCheck
--- a/test/sun/security/tools/keytool/CloseFile.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/tools/keytool/CloseFile.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,12 +26,13 @@ * @bug 6489721 * @summary keytool has not closed several file streams * @author weijun.wang + * @compile -XDignore.symbol.file CloseFile.java + * @run main CloseFile * * This test is only useful on Windows, which fails before the fix and succeeds * after it. On other platforms, it always passes. */ -import sun.security.tools.KeyTool; import java.io.*; public class CloseFile { @@ -58,7 +59,7 @@ } static void run(String s) throws Exception { - KeyTool.main((s+" -debug -keyalg rsa").split(" ")); + sun.security.tools.keytool.Main.main((s+" -debug -keyalg rsa").split(" ")); } static void remove(String filename, boolean check) { new File(filename).delete();
--- a/test/sun/security/tools/keytool/KeyToolTest.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/tools/keytool/KeyToolTest.java Sat Sep 10 22:36:17 2016 +0100 @@ -56,7 +56,6 @@ */ import java.security.KeyStore; -import sun.security.tools.KeyTool; import sun.security.x509.*; import java.io.*; import java.security.KeyPairGenerator; @@ -149,12 +148,13 @@ System.setOut(new PrintStream(b1)); System.setErr(new PrintStream(b2)); - // since System.in is overrided, the KeyTool.main() method will + // since System.in is overrided, the + // sun.security.tools.keytool.Main.main() method will // never block at user input - // use -debug so that KeyTool.main() will throw an Exception + // use -debug so that main() will throw an Exception // instead of calling System.exit() - KeyTool.main(("-debug "+cmd).split("\\s+")); + sun.security.tools.keytool.Main.main(("-debug "+cmd).split("\\s+")); } finally { out = b1.toString(); err = b2.toString();
--- a/test/sun/security/tools/keytool/NewSize7.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/tools/keytool/NewSize7.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,8 @@ * @test * @bug 6561126 * @summary keytool should use larger default keysize for keypairs + * @compile -XDignore.symbol.file NewSize7.java + * @run main NewSize7 */ import java.io.File; @@ -34,13 +36,13 @@ import java.security.KeyStore; import java.security.cert.X509Certificate; import java.security.interfaces.RSAPublicKey; -import sun.security.tools.KeyTool; public class NewSize7 { public static void main(String[] args) throws Exception { String FILE = "newsize7-ks"; new File(FILE).delete(); - KeyTool.main(("-debug -genkeypair -keystore " + FILE + + sun.security.tools.keytool.Main.main(("-debug -genkeypair -keystore " + + FILE + " -alias a -dname cn=c -storepass changeit" + " -keypass changeit -keyalg rsa").split(" ")); KeyStore ks = KeyStore.getInstance("JKS");
--- a/test/sun/security/tools/keytool/StartDateTest.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/tools/keytool/StartDateTest.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,8 @@ * @test * @bug 6468285 * @summary keytool ability to backdate self-signed certificates to compensate for clock skew + * @compile -XDignore.symbol.file StartDateTest.java + * @run main StartDateTest */ import java.io.File; @@ -35,7 +37,6 @@ import java.util.Calendar; import java.util.Date; import java.util.GregorianCalendar; -import sun.security.tools.KeyTool; public class StartDateTest { public static void main(String[] args) throws Exception { @@ -66,7 +67,8 @@ new File("jks").delete(); // Part 2: Test format - Method m = KeyTool.class.getDeclaredMethod("getStartDate", String.class); + Method m = sun.security.tools.keytool.Main.class.getDeclaredMethod( + "getStartDate", String.class); m.setAccessible(true); for (String s: new String[] { null, //NOW! @@ -127,7 +129,7 @@ } static void run(String s) throws Exception { - KeyTool.main((s+" -debug").split(" ")); + sun.security.tools.keytool.Main.main((s+" -debug").split(" ")); } static Date getIssueDate() throws Exception {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/keytool/UnknownAndUnparseable.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 7192202 + * @summary Make sure keytool prints both unknown and unparseable extensions + * @compile -XDignore.symbol.file UnknownAndUnparseable.java + * @run main UnknownAndUnparseable + */ + +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.PrintStream; +import sun.security.x509.PKIXExtensions; + +public class UnknownAndUnparseable { + public static void main(String[] args) throws Exception { + + String s = "-keystore ks -storepass changeit -keypass changeit -debug "; + new File("ks").delete(); + + // Create a cert with an unknown extension: 1.2.3.4, and an invalid + // KeyUsage extension + String genkey = s + + "-genkeypair -alias a -dname CN=A -ext 1.2.3.4=1234 " + + "-ext " + PKIXExtensions.KeyUsage_Id.toString() + "=5678"; + sun.security.tools.keytool.Main.main(genkey.split(" ")); + + // Get the list output to a string + String list = s + "-list -v"; + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + PrintStream oldOut = System.out; + System.setOut(new PrintStream(bout)); + sun.security.tools.keytool.Main.main(list.split(" ")); + System.setOut(oldOut); + String out = bout.toString(); + System.out.println(out); + + if (!out.contains("1.2.3.4")) { + throw new Exception("Unknown extension 1.2.3.4 is not listed"); + } + if (!out.contains("0000: 12 34")) { + throw new Exception("Unknown extension 1.2.3.4 has no content"); + } + if (!out.contains("Unparseable KeyUsage")) { + throw new Exception("Unparseable KeyUsage is not listed"); + } + if (!out.contains("0000: 56 78")) { + throw new Exception("Unparseable KeyUsage has no content"); + } + } +}
--- a/test/sun/security/tools/keytool/autotest.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/tools/keytool/autotest.sh Sat Sep 10 22:36:17 2016 +0100 @@ -41,36 +41,35 @@ exit 1 fi +find_one() { + for TARGET_FILE in $@; do + if [ -e "$TARGET_FILE" ]; then + echo $TARGET_FILE + return + fi + done +} + # set platform-dependent variables OS=`uname -s` case "$OS" in SunOS ) FS="/" - LIBNAME=libsoftokn3.so - ARCH=`isainfo` - case "$ARCH" in - sparc* ) - NSSDIR="/usr/lib/mps" - ;; - * ) - echo "Will not run test on: Solaris ${ARCH}" - exit 0; - ;; - esac + LIBNAME="/usr/lib/mps/libsoftokn3.so" ;; Linux ) - LIBNAME=libsoftokn3.so - ARCH=`uname -m` FS="/" - case "$ARCH" in - i[3-6]86 ) - NSSDIR="/usr/lib" - ;; - * ) - echo "Will not run test on: Linux ${ARCH}" - exit 0; - ;; - esac + ${TESTJAVA}${FS}bin${FS}java -XshowSettings:properties -version 2> allprop + cat allprop | grep os.arch | grep 64 + if [ "$?" != "0" ]; then + LIBNAME=`find_one \ + "/usr/lib/libsoftokn3.so" \ + "/usr/lib/i386-linux-gnu/nss/libsoftokn3.so"` + else + LIBNAME=`find_one \ + "/usr/lib64/libsoftokn3.so" \ + "/usr/lib/x86_64-linux-gnu/nss/libsoftokn3.so"` + fi ;; * ) echo "Will not run test on: ${OS}" @@ -78,7 +77,13 @@ ;; esac -${TESTJAVA}${FS}bin${FS}javac -d . ${TESTSRC}${FS}KeyToolTest.java || exit 10 +if [ "$LIBNAME" = "" ]; then + echo "Cannot find libsoftokn3.so" + exit 1 +fi + +${TESTJAVA}${FS}bin${FS}javac -d . -XDignore.symbol.file \ + ${TESTSRC}${FS}KeyToolTest.java || exit 10 NSS=${TESTSRC}${FS}..${FS}..${FS}pkcs11${FS}nss @@ -91,7 +96,7 @@ chmod u+w cert8.db echo | ${TESTJAVA}${FS}bin${FS}java -Dnss \ - -Dnss.lib=${NSSDIR}${FS}${LIBNAME} \ + -Dnss.lib=${LIBNAME} \ KeyToolTest status=$? @@ -105,4 +110,3 @@ rm TestException.class exit $status -
--- a/test/sun/security/tools/keytool/standard.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/tools/keytool/standard.sh Sat Sep 10 22:36:17 2016 +0100 @@ -56,7 +56,7 @@ ;; esac -${TESTJAVA}${FS}bin${FS}javac -d . ${TESTSRC}${FS}KeyToolTest.java || exit 10 +${TESTJAVA}${FS}bin${FS}javac -d . -XDignore.symbol.file ${TESTSRC}${FS}KeyToolTest.java || exit 10 echo | ${TESTJAVA}${FS}bin${FS}java -Dfile KeyToolTest status=$?
--- a/test/sun/security/util/BigInt/BigIntEqualsHashCode.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,46 +0,0 @@ -/* - * Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @author Gary Ellison - * @bug 4170635 - * @summary Verify equals()/hashCode() contract honored - */ - -import java.io.*; -import sun.security.util.*; - - -public class BigIntEqualsHashCode { - public static void main(String[] args) throws Exception { - BigInt bi1 = new BigInt(12345678); - BigInt bi2 = new BigInt(12345678); - - if ( (bi1.equals(bi2)) == (bi1.hashCode()==bi2.hashCode()) ) - System.out.println("PASSED"); - else - throw new Exception ("FAILED equals()/hashCode() contract"); - - } -}
--- a/test/sun/security/util/Resources/Format.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/util/Resources/Format.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -150,7 +150,7 @@ s.getPrivateCredentials().add(new Format()); System.out.println("Test 12, s.toString() = " + s.toString()); } catch (Exception e) { - throw new SecurityException("test 12 failed: e.toString()"); + throw new SecurityException("test 12 failed: e.toString()", e); } try {
--- a/test/sun/security/util/Resources/NewNamesFormat.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/util/Resources/NewNamesFormat.java Sat Sep 10 22:36:17 2016 +0100 @@ -40,7 +40,9 @@ public static void main(String[] args) throws Exception { checkRes("sun.security.util.Resources"); checkRes("sun.security.util.AuthResources"); - checkRes("sun.security.tools.JarSignerResources"); + checkRes("sun.security.tools.jarsigner.Resources"); + checkRes("sun.security.tools.keytool.Resources"); + checkRes("sun.security.tools.policytool.Resources"); } private static void checkRes(String resName) throws Exception {
--- a/test/sun/security/util/Resources/NewResourcesNames.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/util/Resources/NewResourcesNames.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -59,7 +59,9 @@ static int MAXLEN = 127; static String[] resources = { - "sun/security/tools/JarSignerResources.java", + "sun/security/tools/jarsigner/Resources.java", + "sun/security/tools/keytool/Resources.java", + "sun/security/tools/policytool/Resources.java", "sun/security/util/Resources.java", "sun/security/util/AuthResources.java", }; @@ -94,7 +96,7 @@ // // This means a " exists right after getString(. Sometimes you see // - // Working on sun/security/tools/KeyTool.java + // Working on sun/security/tools/keytool/Main.java // BAD!! pmatch != match: 212 != 209 // Working on sun/security/provider/PolicyFile.java // BAD!! pmatch != match: 14 != 10 @@ -165,7 +167,7 @@ Set<String> names = new HashSet<String>(); - String file = "sun/security/tools/KeyTool.java"; + String file = "sun/security/tools/keytool/Main.java"; System.err.println("Working on " + file); File origFile = new File(file); File tmpFile = new File(file + ".tmp");
--- a/test/sun/security/x509/AlgorithmId/NonStandardNames.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/security/x509/AlgorithmId/NonStandardNames.java Sat Sep 10 22:36:17 2016 +0100 @@ -25,6 +25,8 @@ * @test * @bug 7180907 * @summary Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes + * @compile -XDignore.symbol.file NonStandardNames.java + * @run main NonStandardNames */ import java.security.MessageDigest; @@ -35,7 +37,7 @@ import sun.security.pkcs.PKCS9Attribute; import sun.security.pkcs.PKCS9Attributes; import sun.security.pkcs.SignerInfo; -import sun.security.x509.CertAndKeyGen; +import sun.security.tools.keytool.CertAndKeyGen; import sun.security.x509.AlgorithmId; import sun.security.x509.X500Name;
--- a/test/sun/tools/common/CommonSetup.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/tools/common/CommonSetup.sh Sat Sep 10 22:36:17 2016 +0100 @@ -47,6 +47,7 @@ # isLinux - true if OS is Linux # isSolaris - true if OS is Solaris # isWindows - true if OS is Windows +# isAIX - true if OS is AIX if [ -z "${TESTJAVA}" ]; then @@ -81,6 +82,7 @@ isSolaris=false isUnknownOS=false isWindows=false +isAIX=false OS=`uname -s` @@ -107,6 +109,10 @@ OS="Solaris" isSolaris=true ;; + AIX ) + OS="AIX" + isAIX=true + ;; Windows* ) OS="Windows" PATTERN_EOL='[ ]*$'
--- a/test/sun/tools/jconsole/ResourceCheckTest.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/tools/jconsole/ResourceCheckTest.sh Sat Sep 10 22:36:17 2016 +0100 @@ -54,7 +54,7 @@ OS=`uname -s` case "$OS" in - SunOS | Linux | Darwin) + SunOS | Linux | Darwin | AIX) PATHSEP=":" ;;
--- a/test/sun/tools/jinfo/Basic.sh Fri Jul 29 04:24:21 2016 +0100 +++ b/test/sun/tools/jinfo/Basic.sh Sat Sep 10 22:36:17 2016 +0100 @@ -44,8 +44,11 @@ failed=0 -# Skip SA options for now, see 7175133 -runSA=false +runSA=true + +if [ $isMacos = true -o $isAIX = true -o `uname -m` = ppc64 ]; then + runSA=false +fi if [ $isLinux = true ]; then # Some Linux systems disable non-child ptrace (see 7050524)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/tools/launcher/ChangeDataModel.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 4894330 4810347 6277269 + * @compile -XDignore.symbol.file ChangeDataModel.java + * @run main ChangeDataModel + * @summary Verify -d32 and -d64 options are accepted(rejected) on all platforms + * @author Joseph D. Darcy, ksrini + */ +import java.io.File; +import java.util.HashMap; +import java.util.Map; + +public class ChangeDataModel extends TestHelper { + private static final File TestJar = new File("test" + JAR_FILE_EXT); + private static final String OPT_PREFIX = "ARCH_OPT:"; + + public static void main(String... args) throws Exception { + String[] code = { + " public static void main(String argv[]) {", + " System.out.println(\"" + OPT_PREFIX + "-d\" + System.getProperty(\"sun.arch.data.model\", \"none\"));", + " }", + }; + createJar(TestJar, code); + + // verify if data model flag for default data model is accepted + if (is32Bit) { + checkAcceptance(javaCmd, "-d32"); + } else if (is64Bit) { + checkAcceptance(javaCmd, "-d64"); + } else { + throw new Error("unsupported data model"); + } + + // test dual mode systems + if (isDualMode) { + // albeit dual mode we may not have the 64 bit components present + if (dualModePresent()) { + // 32-bit -> 64-bit + checkExecCount(javaCmd, "-d64"); + // 64-bit -> 32-bit + checkExecCount(java64Cmd, "-d32"); + + checkAcceptance(javaCmd, "-d64"); + checkAcceptance(java64Cmd, "-d32"); + } else { + System.out.println("Warning: no 64-bit components found;" + + " only one data model tested."); + } + } else { + // Negative tests: ensure that non-dual mode systems reject the + // complementary (other) data model + if (is32Bit) { + checkRejection(javaCmd, "-d64"); + } else if (is64Bit) { + checkRejection(javaCmd, "-d32"); + } else { + throw new Error("unsupported data model"); + } + } + } + + static void checkExecCount(String cmd, String dmodel) { + Map<String, String> envMap = new HashMap<>(); + envMap.put(JLDEBUG_KEY, "true"); + TestResult tr = doExec(envMap, javaCmd, "-d64", + "-jar", TestJar.getAbsolutePath()); + int count = 0; + for (String x : tr.testOutput) { + if (x.contains(EXPECTED_MARKER)) { + count++; + if (count > 1) { + System.out.println(tr); + throw new RuntimeException("Maximum exec count of 1 execeeded"); + } + } + } + } + + static void checkAcceptance(String cmd, String dmodel) { + TestResult tr = doExec(cmd, dmodel, "-jar", TestJar.getAbsolutePath()); + if (!tr.contains(OPT_PREFIX + dmodel)) { + System.out.println(tr); + String message = "Data model flag " + dmodel + + " not accepted or had improper effect."; + throw new RuntimeException(message); + } + } + + static void checkRejection(String cmd, String dmodel) { + TestResult tr = doExec(cmd, dmodel, "-jar", TestJar.getAbsolutePath()); + if (tr.contains(OPT_PREFIX + dmodel)) { + System.out.println(tr); + String message = "Data model flag " + dmodel + " was accepted."; + throw new RuntimeException(message); + } + } +}
--- a/test/tools/launcher/ChangeDataModel.sh Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,269 +0,0 @@ -# -# Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - -# @test -# @bug 4894330 4810347 6277269 -# @run shell ChangeDataModel.sh -# @summary Verify -d32 and -d64 options are accepted(rejected) on all platforms -# @author Joseph D. Darcy - -OS=`uname -s`; - -# To remove CR from output, needed for java apps in CYGWIN, harmless otherwise -SED_CR="sed -e s@\\r@@g" - -case "$OS" in - Windows* | CYGWIN* ) - PATHSEP=";" - ;; - - * ) - PATHSEP=":" - ;; -esac - -# Verify directory context variables are set -if [ "${TESTJAVA}" = "" ] -then - echo "TESTJAVA not set. Test cannot execute. Failed." - exit 1 -fi - -if [ "${TESTSRC}" = "" ] -then - echo "TESTSRC not set. Test cannot execute. Failed." - exit 1 -fi - -if [ "${TESTCLASSES}" = "" ] -then - echo "TESTCLASSES not set. Test cannot execute. Failed." - exit 1 -fi - -# Construct paths to default Java executables -JAVA="$TESTJAVA/bin/java -classpath $TESTCLASSES${PATHSEP}." -JAVAC="$TESTJAVA/bin/javac" - - -# Create our little Java test on the fly -( printf "public class GetDataModel {" - printf " public static void main(String argv[]) {" - printf " System.out.println(System.getProperty(\"sun.arch.data.model\", \"none\"));" - printf " }" - printf "}" -) > GetDataModel.java - -$JAVAC GetDataModel.java - - -# All preconditions are met; run the tests. - - -# Verify data model flag for default data model is accepted - -DM=`$JAVA GetDataModel | ${SED_CR}` -case "$DM" in - 32 ) - DM2=`${JAVA} -d32 GetDataModel | ${SED_CR}` - if [ "${DM2}" != "32" ] - then - echo "Data model flag -d32 not accepted or had improper effect." - exit 1 - fi - ;; - - 64 ) - DM2=`${JAVA} -d64 GetDataModel | ${SED_CR}` - if [ "${DM2}" != "64" ] - then - echo "Data model flag -d64 not accepted or had improper effect." - exit 1 - fi - ;; - - * ) - echo "Unrecognized data model: $DM" - exit 1 - ;; -esac - -# Determine if platform might be dual-mode capable. - -case "$OS" in - SunOS ) - # ARCH should be sparc or i386 - ARCH=`uname -p` - case "${ARCH}" in - sparc ) - DUALMODE=true - PATH64=sparcv9 - ;; - - i386 ) - DUALMODE=true - PATH64=amd64 - ;; - - * ) - DUALMODE=false - ;; - esac - ;; - - - Linux ) - # ARCH should be ia64, x86_64, or i*86 - ARCH=`uname -m` - case "${ARCH}" in - ia64 ) - DUALMODE=false - ;; - - x86_64 ) - DUALMODE=true - PATH64=amd64 - ;; - - * ) - DUALMODE=false; - ;; - esac - ;; - - Windows* | CYGWIN* ) - ARCH=`uname -m` - case "${ARCH}" in - * ) - DUALMODE=false; - ;; - esac - ;; - - Darwin ) - ARCH=`uname -m` - case "${ARCH}" in - * ) - DUALMODE=false; - ;; - esac - ;; - - * ) - echo "Warning: unknown environment." - DUALMODE=false - ;; -esac - -if [ "${DUALMODE}" = "true" ] -then - # Construct path to 64-bit Java executable, might not exist - JAVA64FILE="${TESTJAVA}/bin/${PATH64}/java" - JAVA64="${JAVA64FILE} -classpath ${TESTCLASSES}${PATHSEP}." - - if [ -f ${JAVA64FILE} ]; then - # Verify that, at least on Solaris, only one exec is - # used to change data models - if [ "${OS}" = "SunOS" ] - then - rm -f truss.out - truss -texec ${JAVA} -d64 GetDataModel > /dev/null 2> truss.out - execCount=`grep -c execve truss.out` - if [ "${execCount}" -gt 2 ] - then - echo "Maximum exec count of 2 exceeded: got $execCount." - exit 1 - fi - - rm -f truss.out - truss -texec ${JAVA64} -d32 GetDataModel > /dev/null 2> truss.out - execCount=`grep -c execve truss.out` - if [ "${execCount}" -gt 2 ] - then - echo "Maximum exec count of 2 exceeded: got $execCount." - exit 1 - fi - fi - - DM2=`${JAVA} -d64 GetDataModel` - if [ "${DM2}" != "64" ] - then - echo "Data model flag -d64 not accepted or had improper effect." - exit 1 - fi - - DM2=`${JAVA64} GetDataModel` - if [ "${DM2}" != "64" ] - then - echo "Improper data model returned." - exit 1 - fi - - DM2=`${JAVA64} -d64 GetDataModel` - if [ "${DM2}" != "64" ] - then - echo "Data model flag -d64 not accepted or had improper effect." - exit 1 - fi - - DM2=`${JAVA64} -d32 GetDataModel` - if [ "${DM2}" != "32" ] - then - echo "Data model flag -d32 not accepted or had improper effect." - exit 1 - fi - - else - echo "Warning: no 64-bit components found; only one data model tested." - fi -else -# Negative tests for non-dual mode platforms to ensure the other data model is -# rejected - DM=`$JAVA GetDataModel | ${SED_CR}` - case "$DM" in - 32 ) - DM2=`${JAVA} -d64 GetDataModel | ${SED_CR}` - if [ "x${DM2}" != "x" ] - then - echo "Data model flag -d64 was accepted." - exit 1 - fi - ;; - - 64 ) - DM2=`${JAVA} -d32 GetDataModel | ${SED_CR}` - if [ "x${DM2}" != "x" ] - then - echo "Data model flag -d32 was accepted." - exit 1 - fi - ;; - - * ) - echo "Unrecognized data model: $DM" - exit 1 - ;; - esac -fi - -exit 0;
--- a/test/tools/launcher/CreatePlatformFile.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,83 +0,0 @@ -/* - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * - * - * This class is used by test i18nTest.sh - * - * Class to create various i18n Hello World Java source files using - * the platform's default encoding of a non-ASCII name; create plain - * ASCII Hello World if the platform's default is charset is US-ASCII. - */ - -import java.io.PrintWriter; -import java.io.FileOutputStream; - -public class CreatePlatformFile { - public static void main(String argv[]) { - String fileSep = System.getProperty("file.separator"); - String defaultEncoding = System.getProperty("file.encoding"); - - if(defaultEncoding == null) { - System.err.println("Default encoding not found; Error."); - return; - } - - if (defaultEncoding.equals("Cp1252") ) { - // "HelloWorld" with an accented e - String fileName = "i18nH\u00e9lloWorld.java"; - try { - PrintWriter pw = new PrintWriter(new FileOutputStream("."+fileSep+fileName)); - pw.println("public class i18nH\u00e9lloWorld {"); - pw.println(" public static void main(String [] argv) {"); - pw.println(" System.out.println(\"Hello Cp1252 World\");"); - pw.println(" }"); - pw.println("}"); - pw.flush(); - pw.close(); - } - catch (java.io.FileNotFoundException e) { - System.err.println("Problem opening file; test fails"); - } - - } else { - // ASCII "HelloWorld" - String fileName = "i18nHelloWorld.java"; - try { - PrintWriter pw = new PrintWriter(new FileOutputStream("."+fileSep+fileName)); - pw.println("public class i18nHelloWorld {"); - pw.println(" public static void main(String [] argv) {"); - pw.println(" System.out.println(\"Warning: US-ASCII assumed; filenames with\");"); - pw.println(" System.out.println(\"non-ASCII characters will not be tested\");"); - pw.println(" }"); - pw.println("}"); - pw.flush(); - pw.close(); - } - catch (java.io.FileNotFoundException e) { - System.err.println("Problem opening file; test fails"); - } - } - } -}
--- a/test/tools/launcher/ExecutionEnvironment.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/tools/launcher/ExecutionEnvironment.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,8 +25,8 @@ * @test * @bug 4780570 4731671 6354700 6367077 6670965 4882974 * @summary Checks for LD_LIBRARY_PATH and execution on *nixes - * @compile -XDignore.symbol.file ExecutionEnvironment.java TestHelper.java - * @run main ExecutionEnvironment + * @compile -XDignore.symbol.file ExecutionEnvironment.java + * @run main/othervm ExecutionEnvironment */ /* @@ -46,6 +46,7 @@ * b. LD_LIBRARY_PATH32 is ignored if set * 5. no extra symlink exists on Solaris ie. * jre/lib/$arch/libjvm.so -> client/libjvm.so + * 6. we also test to ensure the 64-bit isadir exists and contains appropriate links. * TODO: * a. perhaps we need to add a test to audit all environment variables are * in pristine condition after the launch, there may be a few that the @@ -54,16 +55,24 @@ */ import java.io.File; import java.io.FileNotFoundException; +import java.io.IOException; +import java.nio.file.DirectoryStream; +import java.nio.file.Files; +import java.nio.file.Path; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; +import static java.nio.file.LinkOption.*; +import java.util.regex.Pattern; -public class ExecutionEnvironment { +public class ExecutionEnvironment extends TestHelper { static final String LD_LIBRARY_PATH = TestHelper.isMacOSX ? "DYLD_LIBRARY_PATH" - : "LD_LIBRARY_PATH"; + : TestHelper.isAIX + ? "LIBPATH" + : "LD_LIBRARY_PATH"; static final String LD_LIBRARY_PATH_32 = LD_LIBRARY_PATH + "_32"; static final String LD_LIBRARY_PATH_64 = LD_LIBRARY_PATH + "_64"; @@ -72,9 +81,6 @@ static final String LD_LIBRARY_PATH_32_VALUE = "/Lawrence/Of/Arabia"; static final String LD_LIBRARY_PATH_64_VALUE = "/A/Passage/To/India"; - static final String JLDEBUG_KEY = "_JAVA_LAUNCHER_DEBUG"; - static final String EXPECTED_MARKER = "TRACER_MARKER:About to EXEC"; - static final String[] LD_PATH_STRINGS = { LD_LIBRARY_PATH + "=" + LD_LIBRARY_PATH_VALUE, LD_LIBRARY_PATH_32 + "=" + LD_LIBRARY_PATH_32_VALUE, @@ -83,16 +89,17 @@ static final File testJarFile = new File("EcoFriendly.jar"); - static int errors = 0; - static int passes = 0; - - static final String LIBJVM = TestHelper.isWindows + static final String LIBJVM = isWindows ? "jvm.dll" : "libjvm" + (TestHelper.isMacOSX ? ".dylib" : ".so"); + public ExecutionEnvironment() { + createTestJar(); + } + static void createTestJar() { try { - List<String> codeList = new ArrayList<String>(); + List<String> codeList = new ArrayList<>(); codeList.add("static void printValue(String name, boolean property) {\n"); codeList.add(" String value = (property) ? System.getProperty(name) : System.getenv(name);\n"); codeList.add(" System.out.println(name + \"=\" + value);\n"); @@ -109,41 +116,51 @@ codeList.add(" printValue(\"" + LD_LIBRARY_PATH_64 + "\", false);\n"); codeList.add("}\n"); String[] clist = new String[codeList.size()]; - TestHelper.createJar(testJarFile, codeList.toArray(clist)); + createJar(testJarFile, codeList.toArray(clist)); } catch (FileNotFoundException fnfe) { throw new RuntimeException(fnfe); } } - + private void flagError(TestResult tr, String message) { + System.err.println(tr); + throw new RuntimeException(message); + } /* * tests if the launcher pollutes the LD_LIBRARY_PATH variables ie. there * should not be any new variables or pollution/mutations of any kind, the * environment should be pristine. */ - private static void ensureEcoFriendly() { - TestHelper.TestResult tr = null; + @Test + void testEcoFriendly() { + TestResult tr = null; - Map<String, String> env = new HashMap<String, String>(); + Map<String, String> env = new HashMap<>(); for (String x : LD_PATH_STRINGS) { String pairs[] = x.split("="); env.put(pairs[0], pairs[1]); } - tr = TestHelper.doExec(env, TestHelper.javaCmd, "-jar", - testJarFile.getAbsolutePath()); + tr = doExec(env, javaCmd, "-jar", testJarFile.getAbsolutePath()); if (!tr.isNotZeroOutput()) { - System.out.println(tr); - throw new RuntimeException("Error: No output at all. Did the test execute ?"); + flagError(tr, "Error: No output at all. Did the test execute ?"); } for (String x : LD_PATH_STRINGS) { if (!tr.contains(x)) { - System.out.println("FAIL: did not get <" + x + ">"); - System.out.println(tr); - errors++; - } else { - passes++; + if (TestHelper.isAIX && x.startsWith(LD_LIBRARY_PATH)) { + // AIX does not support the '-rpath' linker options so the + // launchers have to prepend the jdk library path to 'LIBPATH'. + String aixLibPath = LD_LIBRARY_PATH + "=" + + System.getenv(LD_LIBRARY_PATH) + + System.getProperty("path.separator") + LD_LIBRARY_PATH_VALUE; + if (!tr.matches(aixLibPath)) { + flagError(tr, "FAIL: did not get <" + aixLibPath + ">"); + } + } + else { + flagError(tr, "FAIL: did not get <" + x + ">"); + } } } } @@ -152,20 +169,15 @@ * ensures that there are no execs as long as we are in the same * data model */ - static void ensureNoExec() { - Map<String, String> env = new HashMap<String, String>(); + @Test + void testNoExec() { + Map<String, String> env = new HashMap<>(); env.put(JLDEBUG_KEY, "true"); - TestHelper.TestResult tr = - TestHelper.doExec(env, TestHelper.javaCmd, "-version"); + TestResult tr = doExec(env, javaCmd, "-version"); if (tr.testOutput.contains(EXPECTED_MARKER)) { - System.out.println("FAIL: EnsureNoExecs: found expected warning <" + - EXPECTED_MARKER + + flagError(tr, "testNoExec: found warning <" + EXPECTED_MARKER + "> the process execing ?"); - errors++; - } else { - passes++; } - return; } /* @@ -178,27 +190,25 @@ * For Solaris 64-bit * * The LD_LIBRARY_PATH_64 should override LD_LIBRARY_PATH if specified */ - - static void verifyJavaLibraryPath() { - TestHelper.TestResult tr = null; + @Test + void testJavaLibraryPath() { + TestResult tr = null; - Map<String, String> env = new HashMap<String, String>(); + Map<String, String> env = new HashMap<>(); - if (TestHelper.isLinux || TestHelper.isMacOSX) { + if (isLinux || isMacOSX || isAIX) { for (String x : LD_PATH_STRINGS) { String pairs[] = x.split("="); env.put(pairs[0], pairs[1]); } - tr = TestHelper.doExec(env, TestHelper.javaCmd, "-jar", - testJarFile.getAbsolutePath()); + tr = doExec(env, javaCmd, "-jar", testJarFile.getAbsolutePath()); verifyJavaLibraryPathGeneric(tr); - } else { + } else { // Solaris // no override env.clear(); env.put(LD_LIBRARY_PATH, LD_LIBRARY_PATH_VALUE); - tr = TestHelper.doExec(env, TestHelper.javaCmd, "-jar", - testJarFile.getAbsolutePath()); + tr = doExec(env, javaCmd, "-jar", testJarFile.getAbsolutePath()); verifyJavaLibraryPathGeneric(tr); env.clear(); @@ -210,86 +220,72 @@ // verify the override occurs, since we know the invocation always // uses by default is 32-bit, therefore we also set the test // expectation to be the same. - tr = TestHelper.doExec(env, TestHelper.javaCmd, "-jar", - testJarFile.getAbsolutePath()); + tr = doExec(env, javaCmd, "-jar", testJarFile.getAbsolutePath()); verifyJavaLibraryPathOverride(tr, true); // try changing the model from 32 to 64 bit - if (TestHelper.dualModePresent() && TestHelper.is32Bit) { + if (dualModePresent() && is32Bit) { // verify the override occurs env.clear(); for (String x : LD_PATH_STRINGS) { String pairs[] = x.split("="); env.put(pairs[0], pairs[1]); } - tr = TestHelper.doExec(env, TestHelper.javaCmd, "-d64", "-jar", + tr = doExec(env, javaCmd, "-d64", "-jar", testJarFile.getAbsolutePath()); verifyJavaLibraryPathOverride(tr, false); // no override env.clear(); env.put(LD_LIBRARY_PATH, LD_LIBRARY_PATH_VALUE); - tr = TestHelper.doExec(env, TestHelper.javaCmd, "-jar", + tr = doExec(env, javaCmd, "-jar", testJarFile.getAbsolutePath()); verifyJavaLibraryPathGeneric(tr); } // try changing the model from 64 to 32 bit - if (TestHelper.java64Cmd != null && TestHelper.is64Bit) { + if (java64Cmd != null && is64Bit) { // verify the override occurs env.clear(); for (String x : LD_PATH_STRINGS) { String pairs[] = x.split("="); env.put(pairs[0], pairs[1]); } - tr = TestHelper.doExec(env, TestHelper.java64Cmd, "-d32", "-jar", + tr = doExec(env, java64Cmd, "-d32", "-jar", testJarFile.getAbsolutePath()); verifyJavaLibraryPathOverride(tr, true); // no override env.clear(); env.put(LD_LIBRARY_PATH, LD_LIBRARY_PATH_VALUE); - tr = TestHelper.doExec(env, TestHelper.java64Cmd, "-d32", "-jar", + tr = doExec(env, java64Cmd, "-d32", "-jar", testJarFile.getAbsolutePath()); verifyJavaLibraryPathGeneric(tr); } } } - private static void verifyJavaLibraryPathGeneric(TestHelper.TestResult tr) { + private void verifyJavaLibraryPathGeneric(TestResult tr) { if (!tr.matches("java.library.path=.*" + LD_LIBRARY_PATH_VALUE + ".*")) { - System.out.print("FAIL: verifyJavaLibraryPath: "); - System.out.println(" java.library.path does not contain " + + flagError(tr, "testJavaLibraryPath: java.library.path does not contain " + LD_LIBRARY_PATH_VALUE); - System.out.println(tr); - errors++; - } else { - passes++; } } - private static void verifyJavaLibraryPathOverride(TestHelper.TestResult tr, + private void verifyJavaLibraryPathOverride(TestResult tr, boolean is32Bit) { // make sure the 32/64 bit value exists if (!tr.matches("java.library.path=.*" + (is32Bit ? LD_LIBRARY_PATH_32_VALUE : LD_LIBRARY_PATH_64_VALUE) + ".*")) { - System.out.print("FAIL: verifyJavaLibraryPathOverride: "); - System.out.println(" java.library.path does not contain " + + flagError(tr, "verifyJavaLibraryPathOverride: " + + " java.library.path does not contain " + (is32Bit ? LD_LIBRARY_PATH_32_VALUE : LD_LIBRARY_PATH_64_VALUE)); - System.out.println(tr); - errors++; - } else { - passes++; + } // make sure the generic value is absent - if (tr.matches("java.library.path=.*" + LD_LIBRARY_PATH_VALUE + ".*")) { - System.out.print("FAIL: verifyJavaLibraryPathOverride: "); - System.out.println(" java.library.path contains " + - LD_LIBRARY_PATH_VALUE); - System.out.println(tr); - errors++; - } else { - passes++; + if (!tr.notMatches("java.library.path=.*" + LD_LIBRARY_PATH_VALUE + ".*")) { + flagError(tr, "verifyJavaLibraryPathOverride: " + + " java.library.path contains " + LD_LIBRARY_PATH_VALUE); } } @@ -297,68 +293,96 @@ * ensures we have indeed exec'ed the correct vm of choice, all VMs support * -server, however 32-bit VMs support -client and -server. */ - static void verifyVmSelection() { + @Test + void testVmSelection() { - TestHelper.TestResult tr = null; + TestResult tr = null; - if (TestHelper.is32Bit) { - tr = TestHelper.doExec(TestHelper.javaCmd, "-client", "-version"); + if (is32Bit) { + tr = doExec(javaCmd, "-client", "-version"); if (!tr.matches(".*Client VM.*")) { - System.out.println("FAIL: the expected vm -client did launch"); - System.out.println(tr); - errors++; - } else { - passes++; + flagError(tr, "the expected vm -client did not launch"); } } - tr = TestHelper.doExec(TestHelper.javaCmd, "-server", "-version"); + tr = doExec(javaCmd, "-server", "-version"); if (!tr.matches(".*Server VM.*")) { - System.out.println("FAIL: the expected vm -server did launch"); - System.out.println(tr); - errors++; - } else { - passes++; + flagError(tr, "the expected vm -server did not launch"); } } /* * checks to see there is no extra libjvm.so than needed */ - static void verifyNoSymLink() { - if (TestHelper.is64Bit) { + @Test + void testNoSymLink() { + if (is64Bit) { return; } File symLink = null; - String libPathPrefix = TestHelper.isSDK ? "jre/lib" : "/lib"; - symLink = new File(TestHelper.JAVAHOME, libPathPrefix + - TestHelper.getJreArch() + "/" + LIBJVM); + String libPathPrefix = isSDK ? "jre/lib" : "/lib"; + symLink = new File(JAVAHOME, libPathPrefix + + getJreArch() + "/" + LIBJVM); if (symLink.exists()) { - System.out.println("FAIL: The symlink exists " + - symLink.getAbsolutePath()); - errors++; - } else { - passes++; + throw new RuntimeException("symlink exists " + symLink.getAbsolutePath()); } } + /* + * verify if all the symlinks in the images are created correctly, + * only on solaris, this test works only on images. + */ + @Test + void testSymLinks() throws Exception { + if (!isSolaris) + return; + verifySymLinks(JAVA_BIN); + verifySymLinks(JAVA_JRE_BIN); + } + // exclude non-consequential binaries or scripts co-packaged in other + // build phases + private final String excludeRE = + ".*jvisualvm.*" + + "|.*javaws.*" + + "|.*ControlPanel.*" + + "|.*java-rmi.cgi" + + "|.*jcontrol.*"; + private final Pattern symlinkExcludes = Pattern.compile(excludeRE); + + private void verifySymLinks(String bindir) throws IOException { + File binDir = new File(bindir); + System.err.println("verifying links in: " + bindir); + File isaDir = new File(binDir, getArch()).getAbsoluteFile(); + if (!isaDir.exists()) { + throw new RuntimeException("dir: " + isaDir + " does not exist"); + } + try (DirectoryStream<Path> ds = Files.newDirectoryStream(binDir.toPath())) { + for (Path p : ds) { + if (symlinkExcludes.matcher(p.toString()).matches() || + Files.isDirectory(p, NOFOLLOW_LINKS)) { + continue; + } + Path link = new File(isaDir, p.getFileName().toString()).toPath(); + if (Files.isSymbolicLink(link)) { + Path target = Files.readSymbolicLink(link); + if (target.startsWith("..") && p.endsWith(target.getFileName())) { + // System.out.println(target + " OK"); + continue; + } + System.err.println("target:" + target); + System.err.println("file:" + p); + } + throw new RuntimeException("could not find link to " + p); + } + } + + } public static void main(String... args) throws Exception { - if (TestHelper.isWindows) { - System.out.println("Warning: noop on windows"); + if (isWindows) { + System.err.println("Warning: test not applicable to windows"); return; } - // create our test jar first - createTestJar(); - ensureNoExec(); - verifyVmSelection(); - ensureEcoFriendly(); - verifyJavaLibraryPath(); - verifyNoSymLink(); - if (errors > 0) { - throw new Exception("ExecutionEnvironment: FAIL: with " + - errors + " errors and passes " + passes ); - } else { - System.out.println("ExecutionEnvironment: PASS " + passes); - } + ExecutionEnvironment ee = new ExecutionEnvironment(); + ee.run(args); } }
--- a/test/tools/launcher/I18NJarTest.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/tools/launcher/I18NJarTest.java Sat Sep 10 22:36:17 2016 +0100 @@ -26,7 +26,7 @@ * @bug 7125442 * @summary ensures a jar path as well as a class located in a path containing * unicode characters are launched. - * @compile -XDignore.symbol.file I18NJarTest.java TestHelper.java + * @compile -XDignore.symbol.file I18NJarTest.java * @run main/othervm I18NJarTest */ import java.io.File; @@ -48,7 +48,7 @@ * in its own VM (othervm mode), such that the ensuing tests can run unperturbed, * regardless of the outcome. */ -public class I18NJarTest { +public class I18NJarTest extends TestHelper { private static final File cwd = new File("."); private static final File dir = new File("\uFF66\uFF67\uFF68\uFF69"); private static final String encoding = System.getProperty("sun.jnu.encoding", ""); @@ -89,7 +89,7 @@ } dir.mkdir(); File dirfile = new File(dir, "foo.jar"); - TestHelper.createJar(dirfile, + createJar(dirfile, "public static void main(String... args) {", "System.out.println(\"Hello World\");", "System.exit(0);", @@ -97,22 +97,20 @@ // remove the class files, to ensure that the class is indeed picked up // from the jar file and not from ambient classpath. - File[] classFiles = cwd.listFiles(TestHelper.createFilter(TestHelper.CLASS_FILE_EXT)); + File[] classFiles = cwd.listFiles(createFilter(CLASS_FILE_EXT)); for (File f : classFiles) { f.delete(); } // test with a jar file - TestHelper.TestResult tr = TestHelper.doExec(TestHelper.javaCmd, - "-jar", dirfile.getAbsolutePath()); + TestResult tr = doExec(javaCmd, "-jar", dirfile.getAbsolutePath()); System.out.println(tr); if (!tr.isOK()) { throw new RuntimeException("TEST FAILED"); } // test the same class but by specifying it as a classpath - tr = TestHelper.doExec(TestHelper.javaCmd, "-cp", - dirfile.getAbsolutePath(), "Foo"); + tr = doExec(javaCmd, "-cp", dirfile.getAbsolutePath(), "Foo"); System.out.println(tr); if (!tr.isOK()) { throw new RuntimeException("TEST FAILED");
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/tools/launcher/I18NTest.java Sat Sep 10 22:36:17 2016 +0100 @@ -0,0 +1,89 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 4761384 + * @compile -XDignore.symbol.file I18NTest.java + * @run main I18NTest + * @summary Test to see if class files with non-ASCII characters can be run + * @author Joseph D. Darcy, Kumar Srinivasan + */ + + +import java.util.ArrayList; +import java.io.File; +import java.util.List; + +public class I18NTest extends TestHelper { + static String fileName = null; + public static void main(String... args) throws Exception { + String defaultEncoding = System.getProperty("file.encoding"); + if (defaultEncoding == null) { + System.err.println("Default encoding not found; Error."); + return; + } + if (!defaultEncoding.equals("Cp1252")) { + System.err.println("Warning: required encoding not found, test skipped."); + return; + } + // for some reason the shell test version insisted on cleaning out the + // directory, likely being pedantic. + File cwd = new File("."); + for (File f : cwd.listFiles(createFilter(CLASS_FILE_EXT))) { + f.delete(); + } + for (File f : cwd.listFiles(createFilter(JAVA_FILE_EXT))) { + f.delete(); + } + createPlatformFile(); + + // compile the generate code using the javac compiler vs. the api, to + // as a bonus point to see if the argument is passed correctly + TestResult tr = null; + tr = doExec(javacCmd, fileName + JAVA_FILE_EXT); + if (!tr.isOK()) { + System.out.println(tr); + throw new Error("compilation failed..."); + } + tr = doExec(javaCmd, "-cp", ".", fileName); + if (!tr.isOK()) { + System.out.println(tr); + throw new RuntimeException("run failed with encoding " + defaultEncoding); + } + } + + public static void createPlatformFile() throws Exception { + List<String> buffer = new ArrayList<>(); + // "HelloWorld" with an accented e + fileName = "i18nH\u00e9lloWorld"; + buffer.clear(); + buffer.add("public class i18nH\u00e9lloWorld {"); + buffer.add(" public static void main(String [] argv) {"); + buffer.add(" System.out.println(\"Hello Cp1252 World\");"); + buffer.add(" }"); + buffer.add("}"); + File outFile = new File(fileName + JAVA_FILE_EXT); + createFile(outFile, buffer); + } +}
--- a/test/tools/launcher/MiscTests.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/tools/launcher/MiscTests.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,7 +25,7 @@ * @test * @bug 6856415 * @summary Miscellaneous tests, Exceptions - * @compile -XDignore.symbol.file MiscTests.java TestHelper.java + * @compile -XDignore.symbol.file MiscTests.java * @run main MiscTests */ @@ -33,12 +33,12 @@ import java.io.File; import java.io.FileNotFoundException; -public class MiscTests { +public class MiscTests extends TestHelper { // 6856415: Checks to ensure that proper exceptions are thrown by java static void test6856415() { // No pkcs library on win-x64, so we bail out. - if (TestHelper.is64Bit && TestHelper.isWindows) { + if (is64Bit && isWindows) { return; } StringBuilder sb = new StringBuilder(); @@ -49,11 +49,11 @@ File testJar = new File("Foo.jar"); testJar.delete(); try { - TestHelper.createJar(testJar, sb.toString()); + createJar(testJar, sb.toString()); } catch (FileNotFoundException fnfe) { throw new RuntimeException(fnfe); } - TestHelper.TestResult tr = TestHelper.doExec(TestHelper.javaCmd, + TestResult tr = doExec(javaCmd, "-Djava.security.manager", "-jar", testJar.getName(), "foo.bak"); for (String s : tr.testOutput) { System.out.println(s); @@ -67,8 +67,8 @@ public static void main(String... args) { test6856415(); - if (TestHelper.testExitValue != 0) { - throw new Error(TestHelper.testExitValue + " tests failed"); + if (testExitValue != 0) { + throw new Error(testExitValue + " tests failed"); } } }
--- a/test/tools/launcher/Settings.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/tools/launcher/Settings.java Sat Sep 10 22:36:17 2016 +0100 @@ -27,11 +27,11 @@ * @test * @bug 6994753 7123582 * @summary tests -XshowSettings options - * @compile -XDignore.symbol.file Settings.java TestHelper.java + * @compile -XDignore.symbol.file Settings.java * @run main Settings * @author ksrini */ -public class Settings { +public class Settings extends TestHelper { private static File testJar = null; static void init() throws IOException { @@ -45,17 +45,17 @@ tsrc.append(" System.out.println(x);\n"); tsrc.append(" }\n"); tsrc.append("}\n"); - TestHelper.createJar(testJar, tsrc.toString()); + createJar(testJar, tsrc.toString()); } - static void checkContains(TestHelper.TestResult tr, String str) { + static void checkContains(TestResult tr, String str) { if (!tr.contains(str)) { System.out.println(tr); throw new RuntimeException(str + " not found"); } } - static void checkNoContains(TestHelper.TestResult tr, String str) { + static void checkNoContains(TestResult tr, String str) { if (tr.contains(str)) { System.out.println(tr.status); throw new RuntimeException(str + " found"); @@ -66,23 +66,27 @@ private static final String PROP_SETTINGS = "Property settings:"; private static final String LOCALE_SETTINGS = "Locale settings:"; - static void containsAllOptions(TestHelper.TestResult tr) { + static void containsAllOptions(TestResult tr) { checkContains(tr, VM_SETTINGS); checkContains(tr, PROP_SETTINGS); checkContains(tr, LOCALE_SETTINGS); } static void runTestOptionDefault() throws IOException { - TestHelper.TestResult tr = null; - tr = TestHelper.doExec(TestHelper.javaCmd, "-Xms64m", "-Xmx512m", - "-Xss256k", "-XshowSettings", "-jar", testJar.getAbsolutePath()); + String stackSize = "256"; // in kb + if (getArch().equals("ppc64")) { + stackSize = "800"; + } + TestResult tr = null; + tr = doExec(javaCmd, "-Xms64m", "-Xmx512m", + "-Xss" + stackSize + "k", "-XshowSettings", "-jar", testJar.getAbsolutePath()); containsAllOptions(tr); if (!tr.isOK()) { System.out.println(tr.status); throw new RuntimeException("test fails"); } - tr = TestHelper.doExec(TestHelper.javaCmd, "-Xms65536k", "-Xmx712m", - "-Xss256000", "-XshowSettings", "-jar", testJar.getAbsolutePath()); + tr = doExec(javaCmd, "-Xms65536k", "-Xmx712m", + "-Xss" + stackSize + "000", "-XshowSettings", "-jar", testJar.getAbsolutePath()); containsAllOptions(tr); if (!tr.isOK()) { System.out.println(tr.status); @@ -92,38 +96,38 @@ static void runTestOptionAll() throws IOException { init(); - TestHelper.TestResult tr = null; - tr = TestHelper.doExec(TestHelper.javaCmd, "-XshowSettings:all"); + TestResult tr = null; + tr = doExec(javaCmd, "-XshowSettings:all"); containsAllOptions(tr); } static void runTestOptionVM() throws IOException { - TestHelper.TestResult tr = null; - tr = TestHelper.doExec(TestHelper.javaCmd, "-XshowSettings:vm"); + TestResult tr = null; + tr = doExec(javaCmd, "-XshowSettings:vm"); checkContains(tr, VM_SETTINGS); checkNoContains(tr, PROP_SETTINGS); checkNoContains(tr, LOCALE_SETTINGS); } static void runTestOptionProperty() throws IOException { - TestHelper.TestResult tr = null; - tr = TestHelper.doExec(TestHelper.javaCmd, "-XshowSettings:properties"); + TestResult tr = null; + tr = doExec(javaCmd, "-XshowSettings:properties"); checkNoContains(tr, VM_SETTINGS); checkContains(tr, PROP_SETTINGS); checkNoContains(tr, LOCALE_SETTINGS); } static void runTestOptionLocale() throws IOException { - TestHelper.TestResult tr = null; - tr = TestHelper.doExec(TestHelper.javaCmd, "-XshowSettings:locale"); + TestResult tr = null; + tr = doExec(javaCmd, "-XshowSettings:locale"); checkNoContains(tr, VM_SETTINGS); checkNoContains(tr, PROP_SETTINGS); checkContains(tr, LOCALE_SETTINGS); } static void runTestBadOptions() throws IOException { - TestHelper.TestResult tr = null; - tr = TestHelper.doExec(TestHelper.javaCmd, "-XshowSettingsBadOption"); + TestResult tr = null; + tr = doExec(javaCmd, "-XshowSettingsBadOption"); checkNoContains(tr, VM_SETTINGS); checkNoContains(tr, PROP_SETTINGS); checkNoContains(tr, LOCALE_SETTINGS); @@ -131,8 +135,8 @@ } static void runTest7123582() throws IOException { - TestHelper.TestResult tr = null; - tr = TestHelper.doExec(TestHelper.javaCmd, "-XshowSettings", "-version"); + TestResult tr = null; + tr = doExec(javaCmd, "-XshowSettings", "-version"); if (!tr.isOK()) { System.out.println(tr.status); throw new RuntimeException("test fails");
--- a/test/tools/launcher/SomeException.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,32 +0,0 @@ -/* - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * - * - * Used by unresolvedExceptions.sh - */ - -public class SomeException extends RuntimeException { - -}
--- a/test/tools/launcher/Test7029048.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/tools/launcher/Test7029048.java Sat Sep 10 22:36:17 2016 +0100 @@ -25,7 +25,7 @@ * @test * @bug 7029048 * @summary Checks for LD_LIBRARY_PATH on *nixes - * @compile -XDignore.symbol.file ExecutionEnvironment.java TestHelper.java Test7029048.java + * @compile -XDignore.symbol.file ExecutionEnvironment.java Test7029048.java * @run main Test7029048 */ @@ -42,7 +42,7 @@ import java.util.List; import java.util.Map; -public class Test7029048 { +public class Test7029048 extends TestHelper { static int passes = 0; static int errors = 0; @@ -62,7 +62,7 @@ private static final File dstLibDir = new File("lib"); private static final File dstLibArchDir = - new File(dstLibDir, TestHelper.getJreArch()); + new File(dstLibDir, getJreArch()); private static final File dstServerDir = new File(dstLibArchDir, "server"); private static final File dstServerLibjvm = new File(dstServerDir, LIBJVM); @@ -78,8 +78,8 @@ private static final Map<String, String> env = new HashMap<>(); static { - if (TestHelper.isDualMode) { - dstOtherArchDir = new File(dstLibDir, TestHelper.getComplementaryJreArch()); + if (isDualMode) { + dstOtherArchDir = new File(dstLibDir, getComplementaryJreArch()); dstOtherServerDir = new File(dstOtherArchDir, "server"); dstOtherServerLibjvm = new File(dstOtherServerDir, LIBJVM); } else { @@ -106,10 +106,10 @@ List<String> cmdsList = new ArrayList<>(); // only for a dual-mode system - if (want64 && TestHelper.isDualMode) { - cmdsList.add(TestHelper.java64Cmd); + if (want64 && isDualMode) { + cmdsList.add(java64Cmd); } else { - cmdsList.add(TestHelper.javaCmd); // a 32-bit java command for all + cmdsList.add(javaCmd); // a 32-bit java command for all } /* @@ -127,18 +127,18 @@ cmdsList.add("-jar"); cmdsList.add(ExecutionEnvironment.testJarFile.getAbsolutePath()); String[] cmds = new String[cmdsList.size()]; - TestHelper.TestResult tr = TestHelper.doExec(env, cmdsList.toArray(cmds)); + TestResult tr = doExec(env, cmdsList.toArray(cmds)); analyze(tr, nLLPComponents, caseID); } // no cross launch, ie. no change to the data model. static void run(Map<String, String> env, int nLLPComponents, String caseID) throws IOException { - boolean want32 = TestHelper.is32Bit; + boolean want32 = is32Bit; run(want32, null, env, nLLPComponents, caseID); } - static void analyze(TestHelper.TestResult tr, int nLLPComponents, String caseID) { + static void analyze(TestResult tr, int nLLPComponents, String caseID) { String envValue = getValue(LD_LIBRARY_PATH, tr.testOutput); /* * the envValue can never be null, since the test code should always @@ -189,12 +189,12 @@ switch (v) { case LLP_SET_WITH_JVM: // copy the files into the directory structures - TestHelper.copyFile(srcLibjvmSo, dstServerLibjvm); + copyFile(srcLibjvmSo, dstServerLibjvm); // does not matter if it is client or a server - TestHelper.copyFile(srcLibjvmSo, dstClientLibjvm); + copyFile(srcLibjvmSo, dstClientLibjvm); // does not matter if the arch do not match either - if (TestHelper.isDualMode) { - TestHelper.copyFile(srcLibjvmSo, dstOtherServerLibjvm); + if (isDualMode) { + copyFile(srcLibjvmSo, dstOtherServerLibjvm); } desc = "LD_LIBRARY_PATH should be set"; break; @@ -211,7 +211,7 @@ Files.deleteIfExists(dstServerLibjvm.toPath()); } - if (TestHelper.isDualMode) { + if (isDualMode) { if (!dstOtherServerDir.exists()) { Files.createDirectories(dstOtherServerDir.toPath()); } else { @@ -223,7 +223,7 @@ break; case LLP_SET_NON_EXISTENT_PATH: if (dstLibDir.exists()) { - TestHelper.recursiveDelete(dstLibDir); + recursiveDelete(dstLibDir); } desc = "LD_LIBRARY_PATH should not be set"; break; @@ -245,18 +245,18 @@ env.put(LD_LIBRARY_PATH, dstClientDir.getAbsolutePath()); run(env, v.value + 1, "Case 2: " + desc); - if (!TestHelper.isDualMode) { + if (!isDualMode) { continue; // nothing more to do for Linux } // Tests applicable only to solaris. // initialize test variables for dual mode operations - final File dst32ServerDir = TestHelper.is32Bit + final File dst32ServerDir = is32Bit ? dstServerDir : dstOtherServerDir; - final File dst64ServerDir = TestHelper.is64Bit + final File dst64ServerDir = is64Bit ? dstServerDir : dstOtherServerDir; @@ -268,7 +268,7 @@ env.clear(); env.put(LD_LIBRARY_PATH_32, dst32ServerDir.getAbsolutePath()); env.put(LD_LIBRARY_PATH_64, dst64ServerDir.getAbsolutePath()); - run(TestHelper.is32Bit, null, env, v.value + 1, "Case 3: " + desc); + run(is32Bit, null, env, v.value + 1, "Case 3: " + desc); /* * Case 4: we are in dual mode environment, running 64-bit then @@ -276,7 +276,7 @@ * java32 -d64, LLP_64 is relevant, LLP_32 is ignored * java64 -d32, LLP_32 is relevant, LLP_64 is ignored */ - if (TestHelper.dualModePresent()) { + if (dualModePresent()) { run(true, "-d64", env, v.value + 1, "Case 4A: " + desc); run(false,"-d32", env, v.value + 1, "Case 4B: " + desc); } @@ -285,7 +285,7 @@ } public static void main(String... args) throws Exception { - if (TestHelper.isWindows || TestHelper.isMacOSX) { + if (isWindows || isMacOSX) { System.out.println("Note: applicable on neither Windows nor MacOSX"); return; } @@ -297,13 +297,13 @@ if (errors > 0) { throw new Exception("Test7029048: FAIL: with " + errors + " errors and passes " + passes); - } else if (TestHelper.dualModePresent() && passes < 15) { + } else if (dualModePresent() && passes < 15) { throw new Exception("Test7029048: FAIL: " + "all tests did not run, expected " + 15 + " got " + passes); - } else if (TestHelper.isSolaris && passes < 9) { + } else if (isSolaris && passes < 9) { throw new Exception("Test7029048: FAIL: " + "all tests did not run, expected " + 9 + " got " + passes); - } else if (TestHelper.isLinux && passes < 6) { + } else if (isLinux && passes < 6) { throw new Exception("Test7029048: FAIL: " + "all tests did not run, expected " + 6 + " got " + passes); } else {
--- a/test/tools/launcher/TestHelper.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/tools/launcher/TestHelper.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,6 +21,8 @@ * questions. */ +import java.io.OutputStream; +import java.io.InputStream; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; @@ -64,6 +66,7 @@ static final String JAVAHOME = System.getProperty("java.home"); static final String JAVA_BIN; + static final String JAVA_JRE_BIN; static final boolean isSDK = JAVAHOME.endsWith("jre"); static final String javaCmd; static final String javawCmd; @@ -86,6 +89,8 @@ System.getProperty("os.name", "unknown").startsWith("SunOS"); static final boolean isLinux = System.getProperty("os.name", "unknown").startsWith("Linux"); + static final boolean isAIX = + System.getProperty("os.name", "unknown").startsWith("AIX"); static final boolean isDualMode = isSolaris; static final boolean isSparc = System.getProperty("os.arch").startsWith("sparc"); @@ -122,9 +127,12 @@ throw new RuntimeException("arch model is not 32 or 64 bit ?"); } compiler = ToolProvider.getSystemJavaCompiler(); - File binDir = (isSDK) ? new File((new File(JAVAHOME)).getParentFile(), "bin") - : new File(JAVAHOME, "bin"); + File binDir = (isSDK) + ? new File((new File(JAVAHOME)).getParentFile(), "bin") + : new File(JAVAHOME, "bin"); JAVA_BIN = binDir.getAbsolutePath(); + JAVA_JRE_BIN = new File((new File(JAVAHOME)).getParentFile(), + (isSDK) ? "jre/bin" : "bin").getAbsolutePath(); File javaCmdFile = (isWindows) ? new File(binDir, "java.exe") : new File(binDir, "java"); @@ -190,9 +198,15 @@ System.out.println(m.getName() + ": OK"); passed++; System.out.printf("Passed: %d, Failed: %d, ExitValue: %d%n", - passed, failed, testExitValue); + passed, failed, testExitValue); } catch (Throwable ex) { - System.out.printf("Test %s failed: %s %n", m, ex.getCause()); + System.out.printf("Test %s failed: %s %n", m, ex); + System.out.println("----begin detailed exceptions----"); + ex.printStackTrace(System.out); + for (Throwable t : ex.getSuppressed()) { + t.printStackTrace(System.out); + } + System.out.println("----end detailed exceptions----"); failed++; } } @@ -221,6 +235,13 @@ String arch = System.getProperty("os.arch"); return arch.equals("x86") ? "i386" : arch; } + static String getArch() { + return System.getProperty("os.arch"); + } + static File getClassFile(File javaFile) { + String s = javaFile.getAbsolutePath().replace(JAVA_FILE_EXT, CLASS_FILE_EXT); + return new File(s); + } /* * get the complementary jre arch ie. if sparc then return sparcv9 and @@ -243,6 +264,16 @@ return null; } + static File getJavaFile(File classFile) { + String s = classFile.getAbsolutePath().replace(CLASS_FILE_EXT, JAVA_FILE_EXT); + return new File(s); + } + + static String baseName(File f) { + String s = f.getName(); + return s.substring(0, s.indexOf(".")); + } + /* * A convenience method to create a jar with jar file name and defs */ @@ -324,6 +355,15 @@ } } + static void copyStream(InputStream in, OutputStream out) throws IOException { + byte[] buf = new byte[8192]; + int n = in.read(buf); + while (n > 0) { + out.write(buf, 0, n); + n = in.read(buf); + } + } + static void copyFile(File src, File dst) throws IOException { Path parent = dst.toPath().getParent(); if (parent != null) { @@ -578,6 +618,16 @@ return false; } + boolean notContains(String str) { + for (String x : testOutput) { + if (x.contains(str)) { + appendError("string <" + str + "> found"); + return false; + } + } + return true; + } + boolean matches(String stringToMatch) { for (String x : testOutput) { if (x.matches(stringToMatch)) { @@ -587,6 +637,16 @@ appendError("string <" + stringToMatch + "> not found"); return false; } + + boolean notMatches(String stringToMatch) { + for (String x : testOutput) { + if (!x.matches(stringToMatch)) { + return true; + } + } + appendError("string <" + stringToMatch + "> found"); + return false; + } } /** * Indicates that the annotated method is a test method.
--- a/test/tools/launcher/UnicodeCleanup.java Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - - -/* - * - * - * Used by UnicodeTest.sh. - * - * Recursively deletes the given file/directory and its contents. - * Equivalent to "rm -rf args...", but on NT-based Windows can - * handle files with full Unicode names inside the given directories - * while shells are generally limited to names using the system encoding. - * - * @author Norbert Lindenberg - */ - - - -import java.io.File; - -public class UnicodeCleanup { - - public static void main(String[] args) { - - for (int i = 0; i < args.length; i++) { - delete(new File(args[i])); - } - } - - private static void delete(File file) { - // paranoia is healthy in rm -rf - String name = file.toString(); - if (name.equals(".") || name.equals("..") || - name.endsWith(File.separator + ".") || - name.endsWith(File.separator + "..")) { - throw new RuntimeException("too risky to process: " + name); - } - if (file.isDirectory()) { - File[] contents = file.listFiles(); - for (int i = 0; i < contents.length; i++) { - delete(contents[i]); - } - } - if (!file.delete()) { - throw new RuntimeException("Unable to delete " + file); - } - } -}
--- a/test/tools/launcher/UnicodeTest.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/tools/launcher/UnicodeTest.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2012, 2012 Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,12 +21,18 @@ * questions. */ +/* + * @test + * @bug 5030265 + * @compile -XDignore.symbol.file UnicodeTest.java + * @run main/othervm UnicodeTest + * @summary Verify that the J2RE can handle all legal Unicode characters + * in class names unless limited by the file system encoding + * or the encoding used for command line arguments. + * @author Norbert Lindenberg, ksrini + */ /* - * - * - * Used by UnicodeTest.sh. - * * This class creates Java source files using Unicode characters * that test the limits of what's possible * - in situations where the platform encoding imposes limits @@ -35,38 +41,126 @@ * (file system access in UTF-8 locales and on Windows 2000++, * jar file contents) * - * @author Norbert Lindenberg + * This test needs to be run in othervm as the locale is reset. */ - - +import java.io.File; import java.io.FileOutputStream; import java.io.OutputStreamWriter; import java.nio.charset.Charset; import java.util.Locale; -public class UnicodeTest { +public class UnicodeTest extends TestHelper { + static final File UnicodeTestSrc = new File("UnicodeTest-src"); + static final File UnicodeTestClasses = new File("UnicodeTest-classes"); + static final String UnicodeTestJarName = "UnicodeTest" + JAR_FILE_EXT; + static final File UnicodeTestJar = new File(UnicodeTestJarName); + static final File SolarisUnicodeTestJar = new File(TEST_SOURCES_DIR, + UnicodeTestJarName); + + /* + * the main method is a port of the shell based test to a java, this + * eliminates the need for MKS on windows, thus we can rely on consistent + * results regardless of the shell being used. + */ + public static void main(String... args) throws Exception { + System.out.println("creating test source files"); + UnicodeTestSrc.mkdirs(); + UnicodeTestClasses.mkdirs(); + String classname = generateSources(); + File javaFile = new File(UnicodeTestSrc, classname + JAVA_FILE_EXT); + System.out.println("building test apps"); + compile("-encoding", "UTF-8", + "-sourcepath", UnicodeTestSrc.getAbsolutePath(), + "-d", UnicodeTestClasses.getAbsolutePath(), + javaFile.getAbsolutePath()); + + createJar("-cvfm", UnicodeTestJar.getAbsolutePath(), + new File(UnicodeTestSrc, "MANIFEST.MF").getAbsolutePath(), + "-C", UnicodeTestClasses.getAbsolutePath(), "."); + + if (!UnicodeTestJar.exists()) { + throw new Error("failed to create " + UnicodeTestJar.getAbsolutePath()); + } + + System.out.println("running test app using class file"); + TestResult tr = doExec(javaCmd, + "-cp", UnicodeTestClasses.getAbsolutePath(), classname); + if (!tr.isOK()) { + System.out.println(tr); + throw new RuntimeException("test fails"); + } + + System.out.println("delete generated files with non-ASCII names"); + recursiveDelete(UnicodeTestSrc); + recursiveDelete(UnicodeTestClasses); + + /* + * test in whatever the default locale is + */ + runJarTests(); - public static void main(String[] args) throws Exception { + /* + * if the Japanese locale is available, test in that locale as well + */ + if (setLocale(Locale.JAPANESE)) { + runJarTests(); + } + + /* + * if we can switch to a C locale, then test whether jar files with + * non-ASCII characters in the manifest still work in this crippled + * environment + */ + if (setLocale(Locale.ENGLISH)) { + runJarTests(); + } + // thats it we are outta here + } + + static void runJarTests() { + System.out.println("running test app using newly built jar file in " + + Locale.getDefault()); + runTest(UnicodeTestJar); + System.out.println("running test app using jar file " + + "(built with Solaris UTF-8 locale) in " + Locale.getDefault()); + runTest(SolarisUnicodeTestJar); + } + + static void runTest(File testJar) { + TestResult tr = doExec(javaCmd, "-jar", testJar.getAbsolutePath()); + if (!tr.isOK()) { + System.out.println(tr); + throw new RuntimeException("test fails"); + } + } + + static boolean setLocale(Locale desired) { + if (Locale.getDefault().equals(desired)) { + return true; // already set nothing more + } + for (Locale l : Locale.getAvailableLocales()) { + if (l == desired) { + Locale.setDefault(l); + return true; + } + } + return false; + } + + static String generateSources() throws Exception { String commandLineClassNameSuffix = commandLineClassNameSuffix(); String commandLineClassName = "ClassA" + commandLineClassNameSuffix; - String manifestClassName; - if (hasUnicodeFileSystem()) { - manifestClassName = "ClassB" + unicode; - } else { - manifestClassName = "ClassB" + commandLineClassNameSuffix; - } + String manifestClassName = "ClassB" + + (hasUnicodeFileSystem() ? unicode : commandLineClassNameSuffix); generateSource(commandLineClassName, manifestClassName); generateSource(manifestClassName, commandLineClassName); generateManifest(manifestClassName); - - System.out.println(commandLineClassName); + return commandLineClassName; } - private static final String fileSeparator = System.getProperty("file.separator"); - private static final String osName = System.getProperty("os.name"); private static final String defaultEncoding = Charset.defaultCharset().name(); // language names taken from java.util.Locale.getDisplayLanguage for the respective language @@ -132,12 +226,7 @@ { "tis-620", thai, null }, }; - int column; - if (osName.startsWith("Windows")) { - column = 2; - } else { - column = 1; - } + int column = isWindows ? 2 : 1; for (int i = 0; i < names.length; i++) { if (names[i][0].equalsIgnoreCase(defaultEncoding)) { return names[i][column]; @@ -147,17 +236,12 @@ } private static boolean hasUnicodeFileSystem() { - if (osName.startsWith("Windows")) { - return ! osName.startsWith("Windows 9") && - ! osName.equals("Windows Me"); - } else { - return defaultEncoding.equalsIgnoreCase("UTF-8"); - } + return (isWindows) ? true : defaultEncoding.equalsIgnoreCase("UTF-8"); } private static void generateSource(String thisClass, String otherClass) throws Exception { - String fileName = "UnicodeTest-src" + fileSeparator + thisClass + ".java"; - OutputStreamWriter out = new OutputStreamWriter(new FileOutputStream(fileName), "UTF-8"); + File file = new File(UnicodeTestSrc, thisClass + JAVA_FILE_EXT); + OutputStreamWriter out = new OutputStreamWriter(new FileOutputStream(file), "UTF-8"); out.write("public class " + thisClass + " {\n"); out.write(" public static void main(String[] args) {\n"); out.write(" if (!" + otherClass + "." + otherClass.toLowerCase() + "().equals(\"" + otherClass + "\")) {\n"); @@ -172,8 +256,8 @@ } private static void generateManifest(String mainClass) throws Exception { - String fileName = "UnicodeTest-src" + fileSeparator + "MANIFEST.MF"; - FileOutputStream out = new FileOutputStream(fileName); + File file = new File(UnicodeTestSrc, "MANIFEST.MF"); + FileOutputStream out = new FileOutputStream(file); out.write("Manifest-Version: 1.0\n".getBytes("UTF-8")); // Header lines are limited to 72 bytes. // The manifest spec doesn't say we have to break at character boundaries,
--- a/test/tools/launcher/UnicodeTest.sh Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,106 +0,0 @@ -# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. - -# @test -# @bug 5030265 -# @summary Verify that the J2RE can handle all legal Unicode characters -# in class names unless limited by the file system encoding -# or the encoding used for command line arguments. -# @author Norbert Lindenberg - - -# Verify directory context variables are set -if [ "${TESTJAVA}" = "" ] -then - echo "TESTJAVA not set. Test cannot execute. Failed." - exit 1 -fi - -if [ "${TESTSRC}" = "" ] -then - echo "TESTSRC not set. Test cannot execute. Failed." - exit 1 -fi - -if [ "${TESTCLASSES}" = "" ] -then - echo "TESTCLASSES not set. Test cannot execute. Failed." - exit 1 -fi - -JAVAC="${TESTJAVA}"/bin/javac -JAVA="${TESTJAVA}"/bin/java -JAR="${TESTJAVA}"/bin/jar - -mkdir UnicodeTest-src UnicodeTest-classes - -echo "creating test source files" -"$JAVAC" -d . "${TESTSRC}"/UnicodeTest.java -if [ "`uname -s | grep CYGWIN`" != "" ] ; then - CLASS_NAME=`"$JAVA" UnicodeTest | sed -e 's@\\r@@g' ` -else - CLASS_NAME=`"$JAVA" UnicodeTest` -fi - -if [ "$CLASS_NAME" = "" ] -then - echo "CLASS_NAME not generated. Test failed." - exit 1 -fi - -echo "building test apps" -"$JAVAC" -encoding UTF-8 -sourcepath UnicodeTest-src \ - -d UnicodeTest-classes UnicodeTest-src/"${CLASS_NAME}".java || exit 1 -"$JAR" -cvfm UnicodeTest.jar UnicodeTest-src/MANIFEST.MF \ - -C UnicodeTest-classes . || exit 1 - -echo "running test app using class file" -"$JAVA" -classpath UnicodeTest-classes "$CLASS_NAME" || exit 1 - -echo "delete generated files with non-ASCII names" -# do it now because on Unix they may not be accessible when locale changes -# do it in Java because shells on Windows can't handle full Unicode -"$JAVAC" -d . "${TESTSRC}"/UnicodeCleanup.java || exit 1 -"$JAVA" UnicodeCleanup UnicodeTest-src UnicodeTest-classes || exit 1 - -echo "running test app using newly built jar file" -"$JAVA" -jar UnicodeTest.jar || exit 1 - -echo "running test app using jar file built in Solaris UTF-8 locale" -"$JAVA" -jar "${TESTSRC}"/UnicodeTest.jar || exit 1 - -# if we can switch to a C locale, then test whether jar files with -# non-ASCII characters in the manifest still work in this crippled -# environment -if test -n "`locale -a 2>/dev/null | grep '^C$'`" -then - LC_ALL=C - export LC_ALL - - echo "running test app using newly built jar file in C locale" - "$JAVA" -jar UnicodeTest.jar || exit 1 - - echo "running test app using premade jar file in C locale" - "$JAVA" -jar "${TESTSRC}"/UnicodeTest.jar || exit 1 -fi - -exit 0 -
--- a/test/tools/launcher/UnresolvedExceptions.java Fri Jul 29 04:24:21 2016 +0100 +++ b/test/tools/launcher/UnresolvedExceptions.java Sat Sep 10 22:36:17 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,15 +22,39 @@ */ /* - * - * - * Used by unresolvedExceptions.sh + * @test + * @bug 4529320 + * @compile -XDignore.symbol.file UnresolvedExceptions.java + * @run main UnresolvedExceptions + * @summary Verifying jvm won't segv if exception not available + * @author Joseph D. Darcy, ksrini */ -public class UnresolvedExceptions { - public static void main(String[] argv) throws SomeException { - // main is invoked from a shell so calling exit won't stop all - // tests. - System.exit(0); +import java.io.File; +import java.util.ArrayList; +import java.util.List; + + +public class UnresolvedExceptions extends TestHelper { + + public static void main(String... args) throws Exception { + final String fname = "Foo"; + List<String> buffer = new ArrayList<>(); + buffer.add("public class " + fname + " {"); + buffer.add(" public static void main(String[] argv) throws " + + "Foo.SomeException {"); + buffer.add(" System.exit(0);"); + buffer.add(" }"); + buffer.add(" static class SomeException extends RuntimeException{}"); + buffer.add("}"); + + File testJavaFile = new File("Foo" + JAVA_FILE_EXT); + createFile(testJavaFile, buffer); + compile(testJavaFile.getName()); + TestResult tr = doExec(javaCmd, "-cp", ".", fname); + if (!tr.isOK()) { + System.out.println(tr); + throw new RuntimeException("java -cp ... failed"); } } +}
--- a/test/tools/launcher/deleteI18n.sh Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,54 +0,0 @@ -# -# Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - -# -# -# This file is used by test i18nTest.sh; this file is called to use -# shell globbing to delete Java source and class files whose names -# include non-ASCII characters. - - -# Verify directory context variables are set -if [ "${TESTJAVA}" = "" ] -then - echo "TESTJAVA not set. Test cannot execute. Failed." - exit 1 -fi - -if [ "${TESTSRC}" = "" ] -then - echo "TESTSRC not set. Test cannot execute. Failed." - exit 1 -fi - - -if [ "${TESTCLASSES}" = "" ] -then - echo "TESTCLASSES not set. Test cannot execute. Failed." - exit 1 -fi - -rm -f i18n*.java -rm -f i18n*.class - -
--- a/test/tools/launcher/i18nTest.sh Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,82 +0,0 @@ -# -# Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - -# @test -# @bug 4761384 -# @run shell deleteI18n.sh -# @build CreatePlatformFile -# @run main CreatePlatformFile -# @run shell i18nTest.sh -# @summary Test to see if class files with non-ASCII characters can be run -# @author Joseph D. Darcy - - -# Verify directory context variables are set -if [ "${TESTJAVA}" = "" ] -then - echo "TESTJAVA not set. Test cannot execute. Failed." - exit 1 -fi - -if [ "${TESTSRC}" = "" ] -then - echo "TESTSRC not set. Test cannot execute. Failed." - exit 1 -fi - - -if [ "${TESTCLASSES}" = "" ] -then - echo "TESTCLASSES not set. Test cannot execute. Failed." - exit 1 -fi - -JAVAC="${TESTJAVA}/bin/javac -d . " -JAVA="${TESTJAVA}/bin/java -classpath . " - -NAME=`ls i18n*.java | sed s/.java//` -echo $NAME -$JAVAC ${NAME}.java - -RESULT=$? -case "$RESULT" in - 0 ) - ;; - - * ) - echo "Compile of i18n*.java failed." - exit 1 -esac - -$JAVA ${NAME} -RESULT=$? - -case "$RESULT" in - 0 ) - exit 0; - ;; - - * ) - echo "Class $NAME did not run successfully." - exit 1 -esac
--- a/test/tools/launcher/unresolvedExceptions.sh Fri Jul 29 04:24:21 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,65 +0,0 @@ -# -# Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - -# @test -# @bug 4529320 -# @build SomeException -# @build UnresolvedExceptions -# @clean SomeException -# @run shell/timeout=60 unresolvedExceptions.sh -# @summary Verifying jvm won't segv if exception not available -# @author Joseph D. Darcy - -# Verify directory context variables are set -if [ "${TESTJAVA}" = "" ] -then - echo "TESTJAVA not set. Test cannot execute. Failed." - exit 1 -fi - -if [ "${TESTSRC}" = "" ] -then - echo "TESTSRC not set. Test cannot execute. Failed." - exit 1 -fi - - -if [ "${TESTCLASSES}" = "" ] -then - echo "TESTCLASSES not set. Test cannot execute. Failed." - exit 1 -fi - -JAVA="${TESTJAVA}/bin/java" - -$JAVA -classpath ${TESTCLASSES} UnresolvedExceptions -RESULT=$? - -case "$RESULT" in - 0 | 1 ) - exit 0; - ;; - - * ) - exit 1 -esac