Mercurial > hg > icedtea7-forest > jdk
changeset 7724:bc7f9d966c1d jdk7u80-b01
Merge
author | lana |
---|---|
date | Tue, 03 Jun 2014 10:00:37 -0700 |
parents | 77d727e6ba38 (current diff) 7522a66a366a (diff) |
children | 7d19b2cfc55f 92efbbbea98b 145669a86b1d 639c541e83e7 |
files | |
diffstat | 52 files changed, 1769 insertions(+), 562 deletions(-) [+] |
line wrap: on
line diff
--- a/make/common/Defs-linux.gmk Tue May 20 12:34:17 2014 -0700 +++ b/make/common/Defs-linux.gmk Tue Jun 03 10:00:37 2014 -0700 @@ -191,9 +191,9 @@ CFLAGS_REQUIRED_amd64 += -fno-omit-frame-pointer -D_LITTLE_ENDIAN CFLAGS_REQUIRED_i586 += -fno-omit-frame-pointer -D_LITTLE_ENDIAN CFLAGS_REQUIRED_ia64 += -fno-omit-frame-pointer -D_LITTLE_ENDIAN -CFLAGS_REQUIRED_sparcv9 += -m64 -mcpu=v9 +CFLAGS_REQUIRED_sparcv9 += -m64 -mcpu=v9 -D_BIG_ENDIAN LDFLAGS_COMMON_sparcv9 += -m64 -mcpu=v9 -CFLAGS_REQUIRED_sparc += -m32 -mcpu=v9 +CFLAGS_REQUIRED_sparc += -m32 -mcpu=v9 -D_BIG_ENDIAN LDFLAGS_COMMON_sparc += -m32 -mcpu=v9 CFLAGS_REQUIRED_arm += -fsigned-char -D_LITTLE_ENDIAN CFLAGS_REQUIRED_ppc += -fsigned-char -D_BIG_ENDIAN
--- a/make/sun/javazic/tzdata/VERSION Tue May 20 12:34:17 2014 -0700 +++ b/make/sun/javazic/tzdata/VERSION Tue Jun 03 10:00:37 2014 -0700 @@ -21,4 +21,4 @@ # or visit www.oracle.com if you need additional information or have any # questions. # -tzdata2014b +tzdata2014c
--- a/make/sun/javazic/tzdata/africa Tue May 20 12:34:17 2014 -0700 +++ b/make/sun/javazic/tzdata/africa Tue Jun 03 10:00:37 2014 -0700 @@ -358,11 +358,54 @@ # http://www.worldtimezone.com/dst_news/dst_news_egypt02.html # </a> +# From Ahmad El-Dardiry (2014-05-07): +# Egypt is to change back to Daylight system on May 15 +# http://english.ahram.org.eg/NewsContent/1/64/100735/Egypt/Politics-/Egypts-government-to-reapply-daylight-saving-time-.aspx + +# From Gunther Vermier (2015-05-13): +# our Egypt office confirms that the change will be at 15 May "midnight" (24:00) + +# From Paul Eggert (2014-05-13): +# Sarah El Deeb and Lee Keath of AP report that the Egyptian government says +# the change is because of blackouts in Cairo, even though Ahram Online (cited +# above) says DST had no affect on electricity consumption. The AP story says +# DST will not be observed during Ramadan. There is no information about when +# DST will end. See: +# http://abcnews.go.com/International/wireStory/el-sissi-pushes-egyptians-line-23614833 +# +# For now, guess that later transitions will use 2010's rules, and that +# Egypt will agree with Morocco (see below) about the date Ramadan starts and +# ends, though (unlike Morocco) it will switch at 00:00 standard time. In +# Egypt the spring-forward transitions are removed for 2020-2022, when the +# guessed spring-forward date falls during the estimated Ramadan, and all +# transitions removed for 2023-2038, where the estimated Ramadan falls entirely +# outside the guessed daylight-saving time. Ramadan intrudes on the guessed +# DST starting in 2039, but that's beyond our somewhat-arbitrary cutoff. + Rule Egypt 2008 only - Aug lastThu 23:00s 0 - Rule Egypt 2009 only - Aug 20 23:00s 0 - Rule Egypt 2010 only - Aug 11 0:00 0 - Rule Egypt 2010 only - Sep 10 0:00 1:00 S Rule Egypt 2010 only - Sep lastThu 23:00s 0 - +Rule Egypt 2014 only - May 15 24:00 1:00 S +Rule Egypt 2014 only - Jun 29 0:00s 0 - +Rule Egypt 2014 only - Jul 29 0:00s 1:00 S +Rule Egypt 2014 max - Sep lastThu 23:00s 0 - +Rule Egypt 2015 2019 - Apr lastFri 0:00s 1:00 S +Rule Egypt 2015 only - Jun 18 0:00s 0 - +Rule Egypt 2015 only - Jul 18 0:00s 1:00 S +Rule Egypt 2016 only - Jun 7 0:00s 0 - +Rule Egypt 2016 only - Jul 7 0:00s 1:00 S +Rule Egypt 2017 only - May 27 0:00s 0 - +Rule Egypt 2017 only - Jun 26 0:00s 1:00 S +Rule Egypt 2018 only - May 16 0:00s 0 - +Rule Egypt 2018 only - Jun 15 0:00s 1:00 S +Rule Egypt 2019 only - May 6 0:00s 0 - +Rule Egypt 2019 only - Jun 5 0:00s 1:00 S +Rule Egypt 2020 only - May 24 0:00s 1:00 S +Rule Egypt 2021 only - May 13 0:00s 1:00 S +Rule Egypt 2022 only - May 3 0:00s 1:00 S +Rule Egypt 2023 max - Apr lastFri 0:00s 1:00 S # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Africa/Cairo 2:05:09 - LMT 1900 Oct
--- a/make/sun/javazic/tzdata/asia Tue May 20 12:34:17 2014 -0700 +++ b/make/sun/javazic/tzdata/asia Tue Jun 03 10:00:37 2014 -0700 @@ -1370,22 +1370,6 @@ # "Jordan will switch to winter time on Friday, October 27". # -# From Phil Pizzey (2009-04-02): -# ...I think I may have spotted an error in the timezone data for -# Jordan. -# The current (2009d) asia file shows Jordan going to daylight -# saving -# time on the last Thursday in March. -# -# Rule Jordan 2000 max - Mar lastThu 0:00s 1:00 S -# -# However timeanddate.com, which I usually find reliable, shows Jordan -# going to daylight saving time on the last Friday in March since 2002. -# Please see -# <a href="http://www.timeanddate.com/worldclock/timezone.html?n=11"> -# http://www.timeanddate.com/worldclock/timezone.html?n=11 -# </a> - # From Steffen Thorsen (2009-04-02): # This single one might be good enough, (2009-03-24, Arabic): # <a href="http://petra.gov.jo/Artical.aspx?Lng=2&Section=8&Artical=95279">
--- a/make/sun/javazic/tzdata/europe Tue May 20 12:34:17 2014 -0700 +++ b/make/sun/javazic/tzdata/europe Tue Jun 03 10:00:37 2014 -0700 @@ -2989,6 +2989,10 @@ # From Alexander Krivenyshev (2014-03-17): # time change at 2:00 (2am) on March 30, 2014 # http://vz.ru/news/2014/3/17/677464.html +# From Paul Eggert (2014-03-30): +# Simferopol and Sevastopol reportedly changed their central town clocks +# late the previous day, but this appears to have been ceremonial +# and the discrepancies are small enough to not worry about. 2:00 EU EE%sT 2014 Mar 30 2:00 4:00 - MSK
--- a/src/macosx/classes/sun/lwawt/macosx/CEmbeddedFrame.java Tue May 20 12:34:17 2014 -0700 +++ b/src/macosx/classes/sun/lwawt/macosx/CEmbeddedFrame.java Tue Jun 03 10:00:37 2014 -0700 @@ -98,7 +98,8 @@ public void handleKeyEvent(int eventType, int modifierFlags, String characters, String charsIgnoringMods, boolean isRepeat, short keyCode, boolean needsKeyTyped) { - responder.handleKeyEvent(eventType, modifierFlags, charsIgnoringMods, keyCode, needsKeyTyped, isRepeat); + responder.handleKeyEvent(eventType, modifierFlags, characters, charsIgnoringMods, + keyCode, needsKeyTyped, isRepeat); } // REMIND: delete this method once 'deploy' changes for 7156194 is pushed
--- a/src/macosx/classes/sun/lwawt/macosx/CPlatformResponder.java Tue May 20 12:34:17 2014 -0700 +++ b/src/macosx/classes/sun/lwawt/macosx/CPlatformResponder.java Tue Jun 03 10:00:37 2014 -0700 @@ -126,7 +126,7 @@ /** * Handles key events. */ - void handleKeyEvent(int eventType, int modifierFlags, String chars, + void handleKeyEvent(int eventType, int modifierFlags, String chars, String charsIgnoringModifiers, short keyCode, boolean needsKeyTyped, boolean needsKeyReleased) { boolean isFlagsChangedEvent = isNpapiCallback ? (eventType == CocoaConstants.NPCocoaEventFlagsChanged) : @@ -154,7 +154,10 @@ testChar = chars.charAt(0); } - int[] in = new int[] {testChar, isDeadChar ? 1 : 0, modifierFlags, keyCode}; + char testCharIgnoringModifiers = charsIgnoringModifiers != null && charsIgnoringModifiers.length() > 0 ? + charsIgnoringModifiers.charAt(0) : KeyEvent.CHAR_UNDEFINED; + + int[] in = new int[] {testCharIgnoringModifiers, isDeadChar ? 1 : 0, modifierFlags, keyCode}; int[] out = new int[3]; // [jkeyCode, jkeyLocation, deadChar] postsTyped = NSEvent.nsToJavaKeyInfo(in, out);
--- a/src/macosx/classes/sun/lwawt/macosx/CPlatformView.java Tue May 20 12:34:17 2014 -0700 +++ b/src/macosx/classes/sun/lwawt/macosx/CPlatformView.java Tue Jun 03 10:00:37 2014 -0700 @@ -227,7 +227,7 @@ } private void deliverKeyEvent(NSEvent event) { - responder.handleKeyEvent(event.getType(), event.getModifierFlags(), + responder.handleKeyEvent(event.getType(), event.getModifierFlags(), event.getCharacters(), event.getCharactersIgnoringModifiers(), event.getKeyCode(), true, false); }
--- a/src/macosx/classes/sun/lwawt/macosx/event/NSEvent.java Tue May 20 12:34:17 2014 -0700 +++ b/src/macosx/classes/sun/lwawt/macosx/event/NSEvent.java Tue Jun 03 10:00:37 2014 -0700 @@ -48,12 +48,14 @@ // Key event information private short keyCode; + private String characters; private String charactersIgnoringModifiers; - public NSEvent(int type, int modifierFlags, short keyCode, String charactersIgnoringModifiers) { + public NSEvent(int type, int modifierFlags, short keyCode, String characters, String charactersIgnoringModifiers) { this.type = type; this.modifierFlags = modifierFlags; this.keyCode = keyCode; + this.characters = characters; this.charactersIgnoringModifiers = charactersIgnoringModifiers; } @@ -120,12 +122,16 @@ return charactersIgnoringModifiers; } + public String getCharacters() { + return characters; + } + @Override public String toString() { return "NSEvent[" + getType() + " ," + getModifierFlags() + " ," + getClickCount() + " ," + getButtonNumber() + " ," + getX() + " ," + getY() + " ," + getAbsX() + " ," + getAbsY()+ " ," + getKeyCode() + " ," - + getCharactersIgnoringModifiers() + "]"; + + getCharacters() + " ," + getCharactersIgnoringModifiers() + "]"; } /*
--- a/src/macosx/native/sun/awt/AWTView.m Tue May 20 12:34:17 2014 -0700 +++ b/src/macosx/native/sun/awt/AWTView.m Tue Jun 03 10:00:37 2014 -0700 @@ -421,17 +421,20 @@ JNIEnv *env = [ThreadUtilities getJNIEnv]; jstring characters = NULL; + jstring charactersIgnoringModifiers = NULL; if ([event type] != NSFlagsChanged) { characters = JNFNSToJavaString(env, [event characters]); + charactersIgnoringModifiers = JNFNSToJavaString(env, [event charactersIgnoringModifiers]); } static JNF_CLASS_CACHE(jc_NSEvent, "sun/lwawt/macosx/event/NSEvent"); - static JNF_CTOR_CACHE(jctor_NSEvent, jc_NSEvent, "(IISLjava/lang/String;)V"); + static JNF_CTOR_CACHE(jctor_NSEvent, jc_NSEvent, "(IISLjava/lang/String;Ljava/lang/String;)V"); jobject jevent = JNFNewObject(env, jctor_NSEvent, [event type], [event modifierFlags], [event keyCode], - characters); + characters, + charactersIgnoringModifiers); static JNF_CLASS_CACHE(jc_PlatformView, "sun/lwawt/macosx/CPlatformView"); static JNF_MEMBER_CACHE(jm_deliverKeyEvent, jc_PlatformView,
--- a/src/share/classes/com/sun/crypto/provider/RSACipher.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/com/sun/crypto/provider/RSACipher.java Tue Jun 03 10:00:37 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -39,6 +39,8 @@ import sun.security.rsa.*; import sun.security.jca.Providers; +import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; +import sun.security.util.KeyUtil; /** * RSA cipher implementation. Supports RSA en/decryption and signing/verifying @@ -91,8 +93,8 @@ // padding object private RSAPadding padding; - // cipher parameter for OAEP padding - private OAEPParameterSpec spec = null; + // cipher parameter for OAEP padding and TLS RSA premaster secret + private AlgorithmParameterSpec spec = null; // buffer for the data private byte[] buffer; @@ -110,6 +112,9 @@ // hash algorithm for OAEP private String oaepHashAlgorithm = "SHA-1"; + // the source of randomness + private SecureRandom random; + public RSACipher() { paddingType = PAD_PKCS1; } @@ -175,7 +180,7 @@ // see JCE spec protected AlgorithmParameters engineGetParameters() { - if (spec != null) { + if (spec != null && spec instanceof OAEPParameterSpec) { try { AlgorithmParameters params = AlgorithmParameters.getInstance("OAEP", "SunJCE"); @@ -278,8 +283,13 @@ buffer = new byte[n]; } else if (paddingType == PAD_PKCS1) { if (params != null) { - throw new InvalidAlgorithmParameterException - ("Parameters not supported"); + if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) { + throw new InvalidAlgorithmParameterException( + "Parameters not supported"); + } + + spec = params; + this.random = random; // for TLS RSA premaster secret } int blockType = (mode <= MODE_DECRYPT) ? RSAPadding.PAD_BLOCKTYPE_2 : RSAPadding.PAD_BLOCKTYPE_1; @@ -295,19 +305,18 @@ throw new InvalidKeyException ("OAEP cannot be used to sign or verify signatures"); } - OAEPParameterSpec myParams; if (params != null) { if (!(params instanceof OAEPParameterSpec)) { throw new InvalidAlgorithmParameterException ("Wrong Parameters for OAEP Padding"); } - myParams = (OAEPParameterSpec) params; + spec = params; } else { - myParams = new OAEPParameterSpec(oaepHashAlgorithm, "MGF1", + spec = new OAEPParameterSpec(oaepHashAlgorithm, "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); } padding = RSAPadding.getInstance(RSAPadding.PAD_OAEP_MGF1, n, - random, myParams); + random, (OAEPParameterSpec)spec); if (encrypt) { int k = padding.getMaxDataSize(); buffer = new byte[k]; @@ -422,17 +431,40 @@ if (wrappedKey.length > buffer.length) { throw new InvalidKeyException("Key is too long for unwrapping"); } + + boolean isTlsRsaPremasterSecret = + algorithm.equals("TlsRsaPremasterSecret"); + Exception failover = null; + byte[] encoded = null; + update(wrappedKey, 0, wrappedKey.length); try { - byte[] encoded = doFinal(); - return ConstructKeys.constructKey(encoded, algorithm, type); + encoded = doFinal(); } catch (BadPaddingException e) { - // should not occur - throw new InvalidKeyException("Unwrapping failed", e); + if (isTlsRsaPremasterSecret) { + failover = e; + } else { + throw new InvalidKeyException("Unwrapping failed", e); + } } catch (IllegalBlockSizeException e) { // should not occur, handled with length check above throw new InvalidKeyException("Unwrapping failed", e); } + + if (isTlsRsaPremasterSecret) { + if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) { + throw new IllegalStateException( + "No TlsRsaPremasterSecretParameterSpec specified"); + } + + // polish the TLS premaster secret + encoded = KeyUtil.checkTlsPreMasterSecretKey( + ((TlsRsaPremasterSecretParameterSpec)spec).getClientVersion(), + ((TlsRsaPremasterSecretParameterSpec)spec).getServerVersion(), + random, encoded, (failover != null)); + } + + return ConstructKeys.constructKey(encoded, algorithm, type); } // see JCE spec @@ -440,5 +472,4 @@ RSAKey rsaKey = RSAKeyFactory.toRSAKey(key); return rsaKey.getModulus().bitLength(); } - }
--- a/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java Tue Jun 03 10:00:37 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -56,7 +56,7 @@ protected void engineInit(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException { - if (params instanceof TlsRsaPremasterSecretParameterSpec == false) { + if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) { throw new InvalidAlgorithmParameterException(MSG); } this.spec = (TlsRsaPremasterSecretParameterSpec)params; @@ -67,21 +67,20 @@ throw new InvalidParameterException(MSG); } + // Only can be used in client side to generate TLS RSA premaster secret. protected SecretKey engineGenerateKey() { if (spec == null) { throw new IllegalStateException( "TlsRsaPremasterSecretGenerator must be initialized"); } - byte[] b = spec.getEncodedSecret(); - if (b == null) { - if (random == null) { - random = new SecureRandom(); - } - b = new byte[48]; - random.nextBytes(b); - b[0] = (byte)spec.getMajorVersion(); - b[1] = (byte)spec.getMinorVersion(); + + if (random == null) { + random = new SecureRandom(); } + byte[] b = new byte[48]; + random.nextBytes(b); + b[0] = (byte)spec.getMajorVersion(); + b[1] = (byte)spec.getMinorVersion(); return new SecretKeySpec(b, "TlsRsaPremasterSecret"); }
--- a/src/share/classes/com/sun/jndi/ldap/Connection.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/com/sun/jndi/ldap/Connection.java Tue Jun 03 10:00:37 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -464,10 +464,10 @@ // will be woken up before readTimeout only if reply is // available ldr.wait(readTimeout); - waited = true; } else { ldr.wait(15 * 1000); // 15 second timeout } + waited = true; } else { break; } @@ -479,7 +479,7 @@ } if ((rber == null) && waited) { - removeRequest(ldr); + abandonRequest(ldr, null); throw new NamingException("LDAP response read timed out, timeout used:" + readTimeout + "ms." );
--- a/src/share/classes/java/beans/IndexedPropertyDescriptor.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/java/beans/IndexedPropertyDescriptor.java Tue Jun 03 10:00:37 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,8 +41,8 @@ public class IndexedPropertyDescriptor extends PropertyDescriptor { private Reference<Class> indexedPropertyTypeRef; - private Reference<Method> indexedReadMethodRef; - private Reference<Method> indexedWriteMethodRef; + private final MethodRef indexedReadMethodRef = new MethodRef(); + private final MethodRef indexedWriteMethodRef = new MethodRef(); private String indexedReadMethodName; private String indexedWriteMethodName; @@ -173,11 +173,11 @@ * May return null if the property isn't indexed or is write-only. */ public synchronized Method getIndexedReadMethod() { - Method indexedReadMethod = getIndexedReadMethod0(); + Method indexedReadMethod = this.indexedReadMethodRef.get(); if (indexedReadMethod == null) { Class cls = getClass0(); if (cls == null || - (indexedReadMethodName == null && indexedReadMethodRef == null)) { + (indexedReadMethodName == null && !this.indexedReadMethodRef.isSet())) { // the Indexed readMethod was explicitly set to null. return null; } @@ -213,20 +213,19 @@ // the indexed property type is set by the reader. setIndexedPropertyType(findIndexedPropertyType(readMethod, - getIndexedWriteMethod0())); + this.indexedWriteMethodRef.get())); setIndexedReadMethod0(readMethod); } private void setIndexedReadMethod0(Method readMethod) { + this.indexedReadMethodRef.set(readMethod); if (readMethod == null) { indexedReadMethodName = null; - indexedReadMethodRef = null; return; } setClass0(readMethod.getDeclaringClass()); indexedReadMethodName = readMethod.getName(); - this.indexedReadMethodRef = getSoftReference(readMethod); setTransient(readMethod.getAnnotation(Transient.class)); } @@ -239,11 +238,11 @@ * May return null if the property isn't indexed or is read-only. */ public synchronized Method getIndexedWriteMethod() { - Method indexedWriteMethod = getIndexedWriteMethod0(); + Method indexedWriteMethod = this.indexedWriteMethodRef.get(); if (indexedWriteMethod == null) { Class cls = getClass0(); if (cls == null || - (indexedWriteMethodName == null && indexedWriteMethodRef == null)) { + (indexedWriteMethodName == null && !this.indexedWriteMethodRef.isSet())) { // the Indexed writeMethod was explicitly set to null. return null; } @@ -297,15 +296,14 @@ } private void setIndexedWriteMethod0(Method writeMethod) { + this.indexedWriteMethodRef.set(writeMethod); if (writeMethod == null) { indexedWriteMethodName = null; - indexedWriteMethodRef = null; return; } setClass0(writeMethod.getDeclaringClass()); indexedWriteMethodName = writeMethod.getName(); - this.indexedWriteMethodRef = getSoftReference(writeMethod); setTransient(writeMethod.getAnnotation(Transient.class)); } @@ -345,18 +343,6 @@ : null; } - private Method getIndexedReadMethod0() { - return (this.indexedReadMethodRef != null) - ? this.indexedReadMethodRef.get() - : null; - } - - private Method getIndexedWriteMethod0() { - return (this.indexedWriteMethodRef != null) - ? this.indexedWriteMethodRef.get() - : null; - } - private Class findIndexedPropertyType(Method indexedReadMethod, Method indexedWriteMethod) throws IntrospectionException { @@ -488,8 +474,8 @@ */ IndexedPropertyDescriptor(IndexedPropertyDescriptor old) { super(old); - indexedReadMethodRef = old.indexedReadMethodRef; - indexedWriteMethodRef = old.indexedWriteMethodRef; + this.indexedReadMethodRef.set(old.indexedReadMethodRef.get()); + this.indexedWriteMethodRef.set(old.indexedWriteMethodRef.get()); indexedPropertyTypeRef = old.indexedPropertyTypeRef; indexedWriteMethodName = old.indexedWriteMethodName; indexedReadMethodName = old.indexedReadMethodName; @@ -498,7 +484,7 @@ void updateGenericsFor(Class<?> type) { super.updateGenericsFor(type); try { - setIndexedPropertyType(findIndexedPropertyType(getIndexedReadMethod0(), getIndexedWriteMethod0())); + setIndexedPropertyType(findIndexedPropertyType(this.indexedReadMethodRef.get(), this.indexedWriteMethodRef.get())); } catch (IntrospectionException exception) { setIndexedPropertyType(null); @@ -528,7 +514,7 @@ void appendTo(StringBuilder sb) { super.appendTo(sb); appendTo(sb, "indexedPropertyType", this.indexedPropertyTypeRef); - appendTo(sb, "indexedReadMethod", this.indexedReadMethodRef); - appendTo(sb, "indexedWriteMethod", this.indexedWriteMethodRef); + appendTo(sb, "indexedReadMethod", this.indexedReadMethodRef.get()); + appendTo(sb, "indexedWriteMethod", this.indexedWriteMethodRef.get()); } }
--- a/src/share/classes/java/beans/MethodDescriptor.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/java/beans/MethodDescriptor.java Tue Jun 03 10:00:37 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -38,7 +38,7 @@ public class MethodDescriptor extends FeatureDescriptor { - private Reference<Method> methodRef; + private final MethodRef methodRef = new MethodRef(); private String[] paramNames; @@ -79,7 +79,7 @@ * @return The low-level description of the method */ public synchronized Method getMethod() { - Method method = getMethod0(); + Method method = this.methodRef.get(); if (method == null) { Class cls = getClass0(); String name = getName(); @@ -112,13 +112,7 @@ setClass0(method.getDeclaringClass()); } setParams(getParameterTypes(getClass0(), method)); - this.methodRef = getSoftReference(method); - } - - private Method getMethod0() { - return (this.methodRef != null) - ? this.methodRef.get() - : null; + this.methodRef.set(method); } private synchronized void setParams(Class[] param) { @@ -173,12 +167,10 @@ */ MethodDescriptor(MethodDescriptor x, MethodDescriptor y) { - super(x,y); + super(x, y); - methodRef = x.methodRef; - if (y.methodRef != null) { - methodRef = y.methodRef; - } + Method method = y.methodRef.get(); + this.methodRef.set(null != method ? method : x.methodRef.get()); params = x.params; if (y.params != null) { params = y.params; @@ -201,7 +193,7 @@ MethodDescriptor(MethodDescriptor old) { super(old); - methodRef = old.methodRef; + this.methodRef.set(old.getMethod()); params = old.params; paramNames = old.paramNames; @@ -215,7 +207,7 @@ } void appendTo(StringBuilder sb) { - appendTo(sb, "method", this.methodRef); + appendTo(sb, "method", this.methodRef.get()); if (this.parameterDescriptors != null) { sb.append("; parameterDescriptors={"); for (ParameterDescriptor pd : this.parameterDescriptors) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/java/beans/MethodRef.java Tue Jun 03 10:00:37 2014 -0700 @@ -0,0 +1,87 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package java.beans; + +import java.lang.ref.SoftReference; +import java.lang.ref.WeakReference; +import java.lang.reflect.Method; + +import static sun.reflect.misc.ReflectUtil.isPackageAccessible; + +final class MethodRef { + private String signature; + private SoftReference<Method> methodRef; + private WeakReference<Class<?>> typeRef; + + void set(Method method) { + if (method == null) { + this.signature = null; + this.methodRef = null; + this.typeRef = null; + } + else { + this.signature = method.toGenericString(); + this.methodRef = new SoftReference<>(method); + this.typeRef = new WeakReference<Class<?>>(method.getDeclaringClass()); + } + } + + boolean isSet() { + return this.methodRef != null; + } + + Method get() { + if (this.methodRef == null) { + return null; + } + Method method = this.methodRef.get(); + if (method == null) { + method = find(this.typeRef.get(), this.signature); + if (method == null) { + this.signature = null; + this.methodRef = null; + this.typeRef = null; + } + else { + this.methodRef = new SoftReference<>(method); + } + } + return isPackageAccessible(method.getDeclaringClass()) ? method : null; + } + + private static Method find(Class<?> type, String signature) { + if (type != null) { + for (Method method : type.getMethods()) { + if (type.equals(method.getDeclaringClass())) { + if (method.toGenericString().equals(signature)) { + return method; + } + } + } + } + return null; + } +}
--- a/src/share/classes/java/beans/PropertyDescriptor.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/java/beans/PropertyDescriptor.java Tue Jun 03 10:00:37 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -36,8 +36,8 @@ public class PropertyDescriptor extends FeatureDescriptor { private Reference<Class> propertyTypeRef; - private Reference<Method> readMethodRef; - private Reference<Method> writeMethodRef; + private final MethodRef readMethodRef = new MethodRef(); + private final MethodRef writeMethodRef = new MethodRef(); private Reference<Class> propertyEditorClassRef; private boolean bound; @@ -68,8 +68,8 @@ public PropertyDescriptor(String propertyName, Class<?> beanClass) throws IntrospectionException { this(propertyName, beanClass, - Introspector.IS_PREFIX + NameGenerator.capitalize(propertyName), - Introspector.SET_PREFIX + NameGenerator.capitalize(propertyName)); + Introspector.IS_PREFIX + NameGenerator.capitalize(propertyName), + Introspector.SET_PREFIX + NameGenerator.capitalize(propertyName)); } /** @@ -203,10 +203,10 @@ * May return null if the property can't be read. */ public synchronized Method getReadMethod() { - Method readMethod = getReadMethod0(); + Method readMethod = this.readMethodRef.get(); if (readMethod == null) { Class cls = getClass0(); - if (cls == null || (readMethodName == null && readMethodRef == null)) { + if (cls == null || (readMethodName == null && !this.readMethodRef.isSet())) { // The read method was explicitly set to null. return null; } @@ -246,17 +246,16 @@ */ public synchronized void setReadMethod(Method readMethod) throws IntrospectionException { + this.readMethodRef.set(readMethod); if (readMethod == null) { readMethodName = null; - readMethodRef = null; return; } // The property type is determined by the read method. - setPropertyType(findPropertyType(readMethod, getWriteMethod0())); + setPropertyType(findPropertyType(readMethod, this.writeMethodRef.get())); setClass0(readMethod.getDeclaringClass()); readMethodName = readMethod.getName(); - this.readMethodRef = getSoftReference(readMethod); setTransient(readMethod.getAnnotation(Transient.class)); } @@ -267,10 +266,10 @@ * May return null if the property can't be written. */ public synchronized Method getWriteMethod() { - Method writeMethod = getWriteMethod0(); + Method writeMethod = this.writeMethodRef.get(); if (writeMethod == null) { Class cls = getClass0(); - if (cls == null || (writeMethodName == null && writeMethodRef == null)) { + if (cls == null || (writeMethodName == null && !this.writeMethodRef.isSet())) { // The write method was explicitly set to null. return null; } @@ -316,9 +315,9 @@ */ public synchronized void setWriteMethod(Method writeMethod) throws IntrospectionException { + this.writeMethodRef.set(writeMethod); if (writeMethod == null) { writeMethodName = null; - writeMethodRef = null; return; } // Set the property type - which validates the method @@ -326,22 +325,9 @@ setClass0(writeMethod.getDeclaringClass()); writeMethodName = writeMethod.getName(); - this.writeMethodRef = getSoftReference(writeMethod); setTransient(writeMethod.getAnnotation(Transient.class)); } - private Method getReadMethod0() { - return (this.readMethodRef != null) - ? this.readMethodRef.get() - : null; - } - - private Method getWriteMethod0() { - return (this.writeMethodRef != null) - ? this.writeMethodRef.get() - : null; - } - /** * Overridden to ensure that a super class doesn't take precedent */ @@ -618,8 +604,8 @@ PropertyDescriptor(PropertyDescriptor old) { super(old); propertyTypeRef = old.propertyTypeRef; - readMethodRef = old.readMethodRef; - writeMethodRef = old.writeMethodRef; + this.readMethodRef.set(old.readMethodRef.get()); + this.writeMethodRef.set(old.writeMethodRef.get()); propertyEditorClassRef = old.propertyEditorClassRef; writeMethodName = old.writeMethodName; @@ -633,7 +619,7 @@ void updateGenericsFor(Class<?> type) { setClass0(type); try { - setPropertyType(findPropertyType(getReadMethod0(), getWriteMethod0())); + setPropertyType(findPropertyType(this.readMethodRef.get(), this.writeMethodRef.get())); } catch (IntrospectionException exception) { setPropertyType(null); @@ -724,8 +710,8 @@ appendTo(sb, "constrained", this.constrained); appendTo(sb, "propertyEditorClass", this.propertyEditorClassRef); appendTo(sb, "propertyType", this.propertyTypeRef); - appendTo(sb, "readMethod", this.readMethodRef); - appendTo(sb, "writeMethod", this.writeMethodRef); + appendTo(sb, "readMethod", this.readMethodRef.get()); + appendTo(sb, "writeMethod", this.writeMethodRef.get()); } private boolean isAssignable(Method m1, Method m2) {
--- a/src/share/classes/java/lang/ClassValue.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/java/lang/ClassValue.java Tue Jun 03 10:00:37 2014 -0700 @@ -489,9 +489,18 @@ /** Remove an entry. */ synchronized void removeEntry(ClassValue<?> classValue) { - // make all cache elements for this guy go stale: - if (remove(classValue.identity) != null) { + Entry<?> e = remove(classValue.identity); + if (e == null) { + // Uninitialized, and no pending calls to computeValue. No change. + } else if (e.isPromise()) { + // State is uninitialized, with a pending call to finishEntry. + // Since remove is a no-op in such a state, keep the promise + // by putting it back into the map. + put(classValue.identity, e); + } else { + // In an initialized state. Bump forward, and de-initialize. classValue.bumpVersion(); + // Make all cache elements for this guy go stale. removeStaleEntries(classValue); } }
--- a/src/share/classes/javax/crypto/JceSecurity.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/javax/crypto/JceSecurity.java Tue Jun 03 10:00:37 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -216,26 +216,28 @@ private static final Map codeBaseCacheRef = new WeakHashMap(); /* - * Retuns the CodeBase for the given class. + * Returns the CodeBase for the given class. */ static URL getCodeBase(final Class clazz) { - URL url = (URL)codeBaseCacheRef.get(clazz); - if (url == null) { - url = (URL)AccessController.doPrivileged(new PrivilegedAction() { - public Object run() { - ProtectionDomain pd = clazz.getProtectionDomain(); - if (pd != null) { - CodeSource cs = pd.getCodeSource(); - if (cs != null) { - return cs.getLocation(); + synchronized (codeBaseCacheRef) { + URL url = (URL)codeBaseCacheRef.get(clazz); + if (url == null) { + url = (URL)AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + ProtectionDomain pd = clazz.getProtectionDomain(); + if (pd != null) { + CodeSource cs = pd.getCodeSource(); + if (cs != null) { + return cs.getLocation(); + } } + return NULL_URL; } - return NULL_URL; - } - }); - codeBaseCacheRef.put(clazz, url); + }); + codeBaseCacheRef.put(clazz, url); + } + return (url == NULL_URL) ? null : url; } - return (url == NULL_URL) ? null : url; } private static void setupJurisdictionPolicies() throws Exception {
--- a/src/share/classes/javax/swing/JPopupMenu.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/javax/swing/JPopupMenu.java Tue Jun 03 10:00:37 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -735,7 +735,7 @@ if (pref == null || pref.width != getWidth() || pref.height != getHeight()) { - popup = getPopup(); + showPopup(); } else { validate(); } @@ -786,7 +786,7 @@ if(b) { firePopupMenuWillBecomeVisible(); - popup = getPopup(); + showPopup(); firePropertyChange("visible", Boolean.FALSE, Boolean.TRUE); @@ -804,7 +804,7 @@ } /** - * Returns a <code>Popup</code> instance from the + * Retrieves <code>Popup</code> instance from the * <code>PopupMenuUI</code> that has had <code>show</code> invoked on * it. If the current <code>popup</code> is non-null, * this will invoke <code>dispose</code> of it, and then @@ -813,7 +813,7 @@ * This does NOT fire any events, it is up the caller to dispatch * the necessary events. */ - private Popup getPopup() { + private void showPopup() { Popup oldPopup = popup; if (oldPopup != null) { @@ -837,8 +837,8 @@ desiredLocationY); popupFactory.setPopupType(PopupFactory.LIGHT_WEIGHT_POPUP); + popup = newPopup; newPopup.show(); - return newPopup; } /** @@ -867,7 +867,7 @@ desiredLocationX = x; desiredLocationY = y; if(popup != null && (x != oldX || y != oldY)) { - popup = getPopup(); + showPopup(); } } @@ -1024,7 +1024,7 @@ Dimension newSize = getPreferredSize(); if (!oldSize.equals(newSize)) { - popup = getPopup(); + showPopup(); } } }
--- a/src/share/classes/javax/swing/plaf/nimbus/skin.laf Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/javax/swing/plaf/nimbus/skin.laf Tue Jun 03 10:00:37 2014 -0700 @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- - Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved. DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. This code is free software; you can redistribute it and/or modify it @@ -13424,10 +13424,10 @@ <state stateKeys="Selected"> <style> <textForeground> - <matte red="255" green="255" blue="255" alpha="255" uiDefaultParentName="nimbusLightBackground" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0" uiResource="false"/> + <matte red="255" green="255" blue="255" alpha="255" uiDefaultParentName="nimbusLightBackground" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0"/> </textForeground> <textBackground> - <matte red="57" green="105" blue="138" alpha="255" uiDefaultParentName="nimbusSelectionBackground" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0" uiResource="false"/> + <matte red="57" green="105" blue="138" alpha="255" uiDefaultParentName="nimbusSelectionBackground" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0"/> </textBackground> <background/> <inherit-textForeground>false</inherit-textForeground> @@ -13453,7 +13453,7 @@ <style> <textForeground/> <textBackground> - <matte red="57" green="105" blue="138" alpha="255" uiDefaultParentName="nimbusSelectionBackground" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0" uiResource="false"/> + <matte red="57" green="105" blue="138" alpha="255" uiDefaultParentName="nimbusSelectionBackground" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0"/> </textBackground> <background/> <inherit-textBackground>false</inherit-textBackground> @@ -13477,7 +13477,7 @@ <state stateKeys="Disabled"> <style> <textForeground> - <matte red="142" green="143" blue="145" alpha="255" uiDefaultParentName="nimbusDisabledText" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0" uiResource="false"/> + <matte red="142" green="143" blue="145" alpha="255" uiDefaultParentName="nimbusDisabledText" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0"/> </textForeground> <textBackground/> <background/> @@ -13520,7 +13520,7 @@ </textForeground> <textBackground/> <background> - <matte red="57" green="105" blue="138" alpha="255" uiDefaultParentName="nimbusSelectionBackground" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0" uiResource="false"/> + <matte red="57" green="105" blue="138" alpha="255" uiDefaultParentName="nimbusSelectionBackground" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0"/> </background> <inherit-textForeground>false</inherit-textForeground> <inherit-background>false</inherit-background>
--- a/src/share/classes/sun/awt/image/ByteBandedRaster.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/sun/awt/image/ByteBandedRaster.java Tue Jun 03 10:00:37 2014 -0700 @@ -755,10 +755,22 @@ + scanlineStride); } - for (int i = 0; i < data.length; i++) { - if (scanlineStride > data[i].length) { - throw new RasterFormatException("Incorrect scanline stride: " - + scanlineStride); + if ((long)minX - sampleModelTranslateX < 0 || + (long)minY - sampleModelTranslateY < 0) { + + throw new RasterFormatException("Incorrect origin/translate: (" + + minX + ", " + minY + ") / (" + + sampleModelTranslateX + ", " + sampleModelTranslateY + ")"); + } + + + if (height > 1 || minY - sampleModelTranslateY > 0) { + // buffer should contain at least one scanline + for (int i = 0; i < data.length; i++) { + if (scanlineStride > data[i].length) { + throw new RasterFormatException("Incorrect scanline stride: " + + scanlineStride); + } } }
--- a/src/share/classes/sun/awt/image/ByteComponentRaster.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/sun/awt/image/ByteComponentRaster.java Tue Jun 03 10:00:37 2014 -0700 @@ -885,15 +885,31 @@ } } + if ((long)minX - sampleModelTranslateX < 0 || + (long)minY - sampleModelTranslateY < 0) { + + throw new RasterFormatException("Incorrect origin/translate: (" + + minX + ", " + minY + ") / (" + + sampleModelTranslateX + ", " + sampleModelTranslateY + ")"); + } + // we can be sure that width and height are greater than 0 if (scanlineStride < 0 || - scanlineStride > (Integer.MAX_VALUE / height) || - scanlineStride > data.length) + scanlineStride > (Integer.MAX_VALUE / height)) { // integer overflow throw new RasterFormatException("Incorrect scanline stride: " + scanlineStride); } + + if (height > 1 || minY - sampleModelTranslateY > 0) { + // buffer should contain at least one scanline + if (scanlineStride > data.length) { + throw new RasterFormatException("Incorrect scanline stride: " + + scanlineStride); + } + } + int lastScanOffset = (height - 1) * scanlineStride; if (pixelStride < 0 ||
--- a/src/share/classes/sun/awt/image/BytePackedRaster.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/sun/awt/image/BytePackedRaster.java Tue Jun 03 10:00:37 2014 -0700 @@ -1386,13 +1386,28 @@ throw new RasterFormatException("Invalid raster dimension"); } + if ((long)minX - sampleModelTranslateX < 0 || + (long)minY - sampleModelTranslateY < 0) { + + throw new RasterFormatException("Incorrect origin/translate: (" + + minX + ", " + minY + ") / (" + + sampleModelTranslateX + ", " + sampleModelTranslateY + ")"); + } + if (scanlineStride < 0 || - scanlineStride > (Integer.MAX_VALUE / height) || - scanlineStride > data.length) + scanlineStride > (Integer.MAX_VALUE / height)) { throw new RasterFormatException("Invalid scanline stride"); } + if (height > 1 || minY - sampleModelTranslateY > 0) { + // buffer should contain at least one scanline + if (scanlineStride > data.length) { + throw new RasterFormatException("Incorrect scanline stride: " + + scanlineStride); + } + } + int lastbit = (dataBitOffset + (height-1) * scanlineStride * 8 + (width-1) * pixelBitStride
--- a/src/share/classes/sun/awt/image/FileImageSource.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/sun/awt/image/FileImageSource.java Tue Jun 03 10:00:37 2014 -0700 @@ -48,6 +48,10 @@ } protected ImageDecoder getDecoder() { + if (imagefile == null) { + return null; + } + InputStream is; try { is = new BufferedInputStream(new FileInputStream(imagefile));
--- a/src/share/classes/sun/awt/image/IntegerComponentRaster.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/sun/awt/image/IntegerComponentRaster.java Tue Jun 03 10:00:37 2014 -0700 @@ -654,15 +654,31 @@ ") must be >= 0"); } + if ((long)minX - sampleModelTranslateX < 0 || + (long)minY - sampleModelTranslateY < 0) { + + throw new RasterFormatException("Incorrect origin/translate: (" + + minX + ", " + minY + ") / (" + + sampleModelTranslateX + ", " + sampleModelTranslateY + ")"); + } + // we can be sure that width and height are greater than 0 if (scanlineStride < 0 || - scanlineStride > (Integer.MAX_VALUE / height) || - scanlineStride > data.length) + scanlineStride > (Integer.MAX_VALUE / height)) { // integer overflow throw new RasterFormatException("Incorrect scanline stride: " + scanlineStride); } + + if (height > 1 || minY - sampleModelTranslateY > 0) { + // buffer should contain at least one scanline + if (scanlineStride > data.length) { + throw new RasterFormatException("Incorrect scanline stride: " + + scanlineStride); + } + } + int lastScanOffset = (height - 1) * scanlineStride; if (pixelStride < 0 ||
--- a/src/share/classes/sun/awt/image/ShortBandedRaster.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/sun/awt/image/ShortBandedRaster.java Tue Jun 03 10:00:37 2014 -0700 @@ -754,10 +754,21 @@ + scanlineStride); } - for (int i = 0; i < data.length; i++) { - if (scanlineStride > data[i].length) { - throw new RasterFormatException("Incorrect scanline stride: " - + scanlineStride); + if ((long)minX - sampleModelTranslateX < 0 || + (long)minY - sampleModelTranslateY < 0) { + + throw new RasterFormatException("Incorrect origin/translate: (" + + minX + ", " + minY + ") / (" + + sampleModelTranslateX + ", " + sampleModelTranslateY + ")"); + } + + if (height > 1 || minY - sampleModelTranslateY > 0) { + // buffer should contain at least one scanline + for (int i = 0; i < data.length; i++) { + if (scanlineStride > data[i].length) { + throw new RasterFormatException("Incorrect scanline stride: " + + scanlineStride); + } } }
--- a/src/share/classes/sun/awt/image/ShortComponentRaster.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/sun/awt/image/ShortComponentRaster.java Tue Jun 03 10:00:37 2014 -0700 @@ -819,15 +819,31 @@ } } + if ((long)minX - sampleModelTranslateX < 0 || + (long)minY - sampleModelTranslateY < 0) { + + throw new RasterFormatException("Incorrect origin/translate: (" + + minX + ", " + minY + ") / (" + + sampleModelTranslateX + ", " + sampleModelTranslateY + ")"); + } + // we can be sure that width and height are greater than 0 if (scanlineStride < 0 || - scanlineStride > (Integer.MAX_VALUE / height) || - scanlineStride > data.length) + scanlineStride > (Integer.MAX_VALUE / height)) { // integer overflow throw new RasterFormatException("Incorrect scanline stride: " + scanlineStride); } + + if (height > 1 || minY - sampleModelTranslateY > 0) { + // buffer should contain at least one scanline + if (scanlineStride > data.length) { + throw new RasterFormatException("Incorrect scanline stride: " + + scanlineStride); + } + } + int lastScanOffset = (height - 1) * scanlineStride; if (pixelStride < 0 ||
--- a/src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java Tue Jun 03 10:00:37 2014 -0700 @@ -26,11 +26,11 @@ package sun.security.internal.spec; import java.security.spec.AlgorithmParameterSpec; +import java.security.AccessController; +import java.security.PrivilegedAction; /** - * Parameters for SSL/TLS RSA Premaster secret generation. - * This class is used by SSL/TLS client to initialize KeyGenerators of the - * type "TlsRsaPremasterSecret". + * Parameters for SSL/TLS RSA premaster secret. * * <p>Instances of this class are immutable. * @@ -43,90 +43,108 @@ public class TlsRsaPremasterSecretParameterSpec implements AlgorithmParameterSpec { - private final int majorVersion; - private final int minorVersion; - private final byte[] encodedSecret; + /* + * The TLS spec says that the version in the RSA premaster secret must + * be the maximum version supported by the client (i.e. the version it + * requested in its client hello version). However, we (and other + * implementations) used to send the active negotiated version. The + * system property below allows to toggle the behavior. + */ + private final static String PROP_NAME = + "com.sun.net.ssl.rsaPreMasterSecretFix"; - /** - * Constructs a new TlsRsaPremasterSecretParameterSpec. - * <P> - * The version numbers will be placed inside the premaster secret to - * detect version rollbacks attacks as described in the TLS specification. - * Note that they do not indicate the protocol version negotiated for - * the handshake. - * - * @param majorVersion the major number of the protocol version - * @param minorVersion the minor number of the protocol version - * - * @throws IllegalArgumentException if minorVersion or majorVersion are - * negative or larger than 255 + /* + * Default is "false" (old behavior) for compatibility reasons in + * SSLv3/TLSv1. Later protocols (TLSv1.1+) do not use this property. */ - public TlsRsaPremasterSecretParameterSpec(int majorVersion, - int minorVersion) { - this.majorVersion = - TlsMasterSecretParameterSpec.checkVersion(majorVersion); - this.minorVersion = - TlsMasterSecretParameterSpec.checkVersion(minorVersion); - this.encodedSecret = null; - } + private final static boolean rsaPreMasterSecretFix = + AccessController.doPrivileged(new PrivilegedAction<Boolean>() { + public Boolean run() { + String value = System.getProperty(PROP_NAME); + if (value != null && value.equalsIgnoreCase("true")) { + return Boolean.TRUE; + } + + return Boolean.FALSE; + } + }); + + private final int clientVersion; + private final int serverVersion; /** * Constructs a new TlsRsaPremasterSecretParameterSpec. - * <P> - * The version numbers will be placed inside the premaster secret to - * detect version rollbacks attacks as described in the TLS specification. - * Note that they do not indicate the protocol version negotiated for - * the handshake. - * <P> - * Usually, the encoded secret key is a random number that acts as - * dummy pre_master_secret to avoid vulnerabilities described by - * section 7.4.7.1, RFC 5246. * - * @param majorVersion the major number of the protocol version - * @param minorVersion the minor number of the protocol version - * @param encodedSecret the encoded secret key + * @param clientVersion the version of the TLS protocol by which the + * client wishes to communicate during this session + * @param serverVersion the negotiated version of the TLS protocol which + * contains the lower of that suggested by the client in the client + * hello and the highest supported by the server. * - * @throws IllegalArgumentException if minorVersion or majorVersion are - * negative or larger than 255, or encodedSecret is not exactly 48 bytes. + * @throws IllegalArgumentException if clientVersion or serverVersion are + * negative or larger than (2^16 - 1) */ - public TlsRsaPremasterSecretParameterSpec(int majorVersion, - int minorVersion, byte[] encodedSecret) { - this.majorVersion = - TlsMasterSecretParameterSpec.checkVersion(majorVersion); - this.minorVersion = - TlsMasterSecretParameterSpec.checkVersion(minorVersion); + public TlsRsaPremasterSecretParameterSpec( + int clientVersion, int serverVersion) { + + this.clientVersion = checkVersion(clientVersion); + this.serverVersion = checkVersion(serverVersion); + } - if (encodedSecret == null || encodedSecret.length != 48) { - throw new IllegalArgumentException( - "Encoded secret is not exactly 48 bytes"); - } - this.encodedSecret = encodedSecret.clone(); + /** + * Returns the version of the TLS protocol by which the client wishes to + * communicate during this session. + * + * @return the version of the TLS protocol in ClientHello message + */ + public int getClientVersion() { + return clientVersion; } /** - * Returns the major version. + * Returns the negotiated version of the TLS protocol which contains the + * lower of that suggested by the client in the client hello and the + * highest supported by the server. * - * @return the major version. + * @return the negotiated version of the TLS protocol in ServerHello message */ - public int getMajorVersion() { - return majorVersion; + public int getServerVersion() { + return serverVersion; } /** - * Returns the minor version. + * Returns the major version used in RSA premaster secret. * - * @return the minor version. + * @return the major version used in RSA premaster secret. */ - public int getMinorVersion() { - return minorVersion; + public int getMajorVersion() { + if (rsaPreMasterSecretFix || clientVersion >= 0x0302) { + // 0x0302: TLSv1.1 + return (clientVersion >>> 8) & 0xFF; + } + + return (serverVersion >>> 8) & 0xFF; } /** - * Returns the encoded secret. + * Returns the minor version used in RSA premaster secret. * - * @return the encoded secret, may be null if no encoded secret. + * @return the minor version used in RSA premaster secret. */ - public byte[] getEncodedSecret() { - return encodedSecret == null ? null : encodedSecret.clone(); + public int getMinorVersion() { + if (rsaPreMasterSecretFix || clientVersion >= 0x0302) { + // 0x0302: TLSv1.1 + return clientVersion & 0xFF; + } + + return serverVersion & 0xFF; + } + + private int checkVersion(int version) { + if ((version < 0) || (version > 0xFFFF)) { + throw new IllegalArgumentException( + "Version must be between 0 and 65,535"); + } + return version; } }
--- a/src/share/classes/sun/security/pkcs11/P11RSACipher.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/sun/security/pkcs11/P11RSACipher.java Tue Jun 03 10:00:37 2014 -0700 @@ -37,6 +37,8 @@ import static sun.security.pkcs11.TemplateManager.*; import sun.security.pkcs11.wrapper.*; import static sun.security.pkcs11.wrapper.PKCS11Constants.*; +import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; +import sun.security.util.KeyUtil; /** * RSA Cipher implementation class. We currently only support @@ -102,6 +104,12 @@ // maximum output size. this is the length of the key private int outputSize; + // cipher parameter for TLS RSA premaster secret + private AlgorithmParameterSpec spec = null; + + // the source of randomness + private SecureRandom random; + P11RSACipher(Token token, String algorithm, long mechanism) throws PKCS11Exception { super(); @@ -165,8 +173,12 @@ AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { if (params != null) { - throw new InvalidAlgorithmParameterException - ("Parameters not supported"); + if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) { + throw new InvalidAlgorithmParameterException( + "Parameters not supported"); + } + spec = params; + this.random = random; // for TLS RSA premaster secret } implInit(opmode, key); } @@ -176,8 +188,8 @@ SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { if (params != null) { - throw new InvalidAlgorithmParameterException - ("Parameters not supported"); + throw new InvalidAlgorithmParameterException( + "Parameters not supported"); } implInit(opmode, key); } @@ -452,21 +464,101 @@ protected Key engineUnwrap(byte[] wrappedKey, String algorithm, int type) throws InvalidKeyException, NoSuchAlgorithmException { - // XXX implement unwrap using C_Unwrap() for all keys - implInit(Cipher.DECRYPT_MODE, p11Key); - if (wrappedKey.length > maxInputSize) { - throw new InvalidKeyException("Key is too long for unwrapping"); + boolean isTlsRsaPremasterSecret = + algorithm.equals("TlsRsaPremasterSecret"); + Exception failover = null; + + SecureRandom secureRandom = random; + if (secureRandom == null && isTlsRsaPremasterSecret) { + secureRandom = new SecureRandom(); } - implUpdate(wrappedKey, 0, wrappedKey.length); - try { - byte[] encoded = doFinal(); + + // Should C_Unwrap be preferred for non-TLS RSA premaster secret? + if (token.supportsRawSecretKeyImport()) { + // XXX implement unwrap using C_Unwrap() for all keys + implInit(Cipher.DECRYPT_MODE, p11Key); + if (wrappedKey.length > maxInputSize) { + throw new InvalidKeyException("Key is too long for unwrapping"); + } + + byte[] encoded = null; + implUpdate(wrappedKey, 0, wrappedKey.length); + try { + encoded = doFinal(); + } catch (BadPaddingException e) { + if (isTlsRsaPremasterSecret) { + failover = e; + } else { + throw new InvalidKeyException("Unwrapping failed", e); + } + } catch (IllegalBlockSizeException e) { + // should not occur, handled with length check above + throw new InvalidKeyException("Unwrapping failed", e); + } + + if (isTlsRsaPremasterSecret) { + if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) { + throw new IllegalStateException( + "No TlsRsaPremasterSecretParameterSpec specified"); + } + + // polish the TLS premaster secret + TlsRsaPremasterSecretParameterSpec psps = + (TlsRsaPremasterSecretParameterSpec)spec; + encoded = KeyUtil.checkTlsPreMasterSecretKey( + psps.getClientVersion(), psps.getServerVersion(), + secureRandom, encoded, (failover != null)); + } + return ConstructKeys.constructKey(encoded, algorithm, type); - } catch (BadPaddingException e) { - // should not occur - throw new InvalidKeyException("Unwrapping failed", e); - } catch (IllegalBlockSizeException e) { - // should not occur, handled with length check above - throw new InvalidKeyException("Unwrapping failed", e); + } else { + Session s = null; + SecretKey secretKey = null; + try { + try { + s = token.getObjSession(); + long keyType = CKK_GENERIC_SECRET; + CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { + new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY), + new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType), + }; + attributes = token.getAttributes( + O_IMPORT, CKO_SECRET_KEY, keyType, attributes); + long keyID = token.p11.C_UnwrapKey(s.id(), + new CK_MECHANISM(mechanism), p11Key.keyID, + wrappedKey, attributes); + secretKey = P11Key.secretKey(s, keyID, + algorithm, 48 << 3, attributes); + } catch (PKCS11Exception e) { + if (isTlsRsaPremasterSecret) { + failover = e; + } else { + throw new InvalidKeyException("unwrap() failed", e); + } + } + + if (isTlsRsaPremasterSecret) { + byte[] replacer = new byte[48]; + if (failover == null) { + // Does smart compiler dispose this operation? + secureRandom.nextBytes(replacer); + } + + TlsRsaPremasterSecretParameterSpec psps = + (TlsRsaPremasterSecretParameterSpec)spec; + + // Please use the tricky failover and replacer byte array + // as the parameters so that smart compiler won't dispose + // the unused variable . + secretKey = polishPreMasterSecretKey(token, s, + failover, replacer, secretKey, + psps.getClientVersion(), psps.getServerVersion()); + } + + return secretKey; + } finally { + token.releaseSession(s); + } } } @@ -475,6 +567,34 @@ int n = P11KeyFactory.convertKey(token, key, algorithm).length(); return n; } + + private static SecretKey polishPreMasterSecretKey( + Token token, Session session, + Exception failover, byte[] replacer, SecretKey secretKey, + int clientVersion, int serverVersion) { + + if (failover != null) { + CK_VERSION version = new CK_VERSION( + (clientVersion >>> 8) & 0xFF, clientVersion & 0xFF); + try { + CK_ATTRIBUTE[] attributes = token.getAttributes( + O_GENERATE, CKO_SECRET_KEY, + CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); + long keyID = token.p11.C_GenerateKey(session.id(), + // new CK_MECHANISM(CKM_TLS_PRE_MASTER_KEY_GEN, version), + new CK_MECHANISM(CKM_SSL3_PRE_MASTER_KEY_GEN, version), + attributes); + return P11Key.secretKey(session, + keyID, "TlsRsaPremasterSecret", 48 << 3, attributes); + } catch (PKCS11Exception e) { + throw new ProviderException( + "Could not generate premaster secret", e); + } + } + + return secretKey; + } + } final class ConstructKeys {
--- a/src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java Tue Jun 03 10:00:37 2014 -0700 @@ -73,7 +73,7 @@ protected void engineInit(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException { - if (params instanceof TlsRsaPremasterSecretParameterSpec == false) { + if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) { throw new InvalidAlgorithmParameterException(MSG); } this.spec = (TlsRsaPremasterSecretParameterSpec)params; @@ -83,38 +83,32 @@ throw new InvalidParameterException(MSG); } + // Only can be used in client side to generate TLS RSA premaster secret. protected SecretKey engineGenerateKey() { if (spec == null) { throw new IllegalStateException ("TlsRsaPremasterSecretGenerator must be initialized"); } - byte[] b = spec.getEncodedSecret(); - if (b == null) { - CK_VERSION version = new CK_VERSION( + CK_VERSION version = new CK_VERSION( spec.getMajorVersion(), spec.getMinorVersion()); - Session session = null; - try { - session = token.getObjSession(); - CK_ATTRIBUTE[] attributes = token.getAttributes( - O_GENERATE, CKO_SECRET_KEY, - CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); - long keyID = token.p11.C_GenerateKey(session.id(), - new CK_MECHANISM(mechanism, version), attributes); - SecretKey key = P11Key.secretKey(session, - keyID, "TlsRsaPremasterSecret", 48 << 3, attributes); - return key; - } catch (PKCS11Exception e) { - throw new ProviderException( - "Could not generate premaster secret", e); - } finally { - token.releaseSession(session); - } + Session session = null; + try { + session = token.getObjSession(); + CK_ATTRIBUTE[] attributes = token.getAttributes( + O_GENERATE, CKO_SECRET_KEY, + CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); + long keyID = token.p11.C_GenerateKey(session.id(), + new CK_MECHANISM(mechanism, version), attributes); + SecretKey key = P11Key.secretKey(session, + keyID, "TlsRsaPremasterSecret", 48 << 3, attributes); + return key; + } catch (PKCS11Exception e) { + throw new ProviderException( + "Could not generate premaster secret", e); + } finally { + token.releaseSession(session); } - - // Won't worry, the TlsRsaPremasterSecret will be soon converted to - // TlsMasterSecret. - return new SecretKeySpec(b, "TlsRsaPremasterSecret"); } }
--- a/src/share/classes/sun/security/pkcs11/Token.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/sun/security/pkcs11/Token.java Tue Jun 03 10:00:37 2014 -0700 @@ -35,6 +35,7 @@ import sun.security.jca.JCAUtil; import sun.security.pkcs11.wrapper.*; +import static sun.security.pkcs11.TemplateManager.*; import static sun.security.pkcs11.wrapper.PKCS11Constants.*; /** @@ -121,6 +122,9 @@ private final static CK_MECHANISM_INFO INVALID_MECH = new CK_MECHANISM_INFO(0, 0, 0); + // flag indicating whether the token supports raw secret key material import + private Boolean supportsRawSecretKeyImport; + Token(SunPKCS11 provider) throws PKCS11Exception { this.provider = provider; this.removable = provider.removable; @@ -159,6 +163,36 @@ return writeProtected; } + // return whether the token supports raw secret key material import + boolean supportsRawSecretKeyImport() { + if (supportsRawSecretKeyImport == null) { + SecureRandom random = JCAUtil.getSecureRandom(); + byte[] encoded = new byte[48]; + random.nextBytes(encoded); + + CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[3]; + attributes[0] = new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY); + attributes[1] = new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_GENERIC_SECRET); + attributes[2] = new CK_ATTRIBUTE(CKA_VALUE, encoded); + + Session session = null; + try { + attributes = getAttributes(O_IMPORT, + CKO_SECRET_KEY, CKK_GENERIC_SECRET, attributes); + session = getObjSession(); + long keyID = p11.C_CreateObject(session.id(), attributes); + + supportsRawSecretKeyImport = Boolean.TRUE; + } catch (PKCS11Exception e) { + supportsRawSecretKeyImport = Boolean.FALSE; + } finally { + releaseSession(session); + } + } + + return supportsRawSecretKeyImport; + } + // return whether we are logged in // uses cached result if current. session is optional and may be null boolean isLoggedIn(Session session) throws PKCS11Exception {
--- a/src/share/classes/sun/security/smartcardio/CardImpl.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/sun/security/smartcardio/CardImpl.java Tue Jun 03 10:00:37 2014 -0700 @@ -246,7 +246,7 @@ } checkExclusive(); try { - SCardDisconnect(cardId, (reset ? SCARD_LEAVE_CARD : SCARD_RESET_CARD)); + SCardDisconnect(cardId, (reset ? SCARD_RESET_CARD : SCARD_LEAVE_CARD)); } catch (PCSCException e) { throw new CardException("disconnect() failed", e); } finally {
--- a/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java Tue Jun 03 10:00:37 2014 -0700 @@ -50,23 +50,6 @@ */ final class RSAClientKeyExchange extends HandshakeMessage { - /** - * The TLS spec says that the version in the RSA premaster secret must - * be the maximum version supported by the client (i.e. the version it - * requested in its client hello version). However, we (and other - * implementations) used to send the active negotiated version. The - * system property below allows to toggle the behavior. - */ - private final static String PROP_NAME = - "com.sun.net.ssl.rsaPreMasterSecretFix"; - - /* - * Default is "false" (old behavior) for compatibility reasons in - * SSLv3/TLSv1. Later protocols (TLSv1.1+) do not use this property. - */ - private final static boolean rsaPreMasterSecretFix = - Debug.getBooleanProperty(PROP_NAME, false); - /* * The following field values were encrypted with the server's public * key (or temp key from server key exchange msg) and are presented @@ -90,22 +73,12 @@ } this.protocolVersion = protocolVersion; - int major, minor; - - if (rsaPreMasterSecretFix || maxVersion.v >= ProtocolVersion.TLS11.v) { - major = maxVersion.major; - minor = maxVersion.minor; - } else { - major = protocolVersion.major; - minor = protocolVersion.minor; - } - try { String s = ((protocolVersion.v >= ProtocolVersion.TLS12.v) ? "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret"); KeyGenerator kg = JsseJce.getKeyGenerator(s); - kg.init(new TlsRsaPremasterSecretParameterSpec(major, minor), - generator); + kg.init(new TlsRsaPremasterSecretParameterSpec( + maxVersion.v, protocolVersion.v), generator); preMaster = kg.generateKey(); Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1); @@ -140,18 +113,17 @@ } } - Exception failover = null; - byte[] encoded = null; try { Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1); // Cannot generate key here, please don't use Cipher.UNWRAP_MODE! - cipher.init(Cipher.DECRYPT_MODE, privateKey); - encoded = cipher.doFinal(encrypted); - } catch (BadPaddingException bpe) { - failover = bpe; - encoded = null; - } catch (IllegalBlockSizeException ibse) { - // the message it too big to process with RSA + cipher.init(Cipher.UNWRAP_MODE, privateKey, + new TlsRsaPremasterSecretParameterSpec( + maxVersion.v, currentVersion.v), + generator); + preMaster = (SecretKey)cipher.unwrap(encrypted, + "TlsRsaPremasterSecret", Cipher.SECRET_KEY); + } catch (InvalidKeyException ibk) { + // the message is too big to process with RSA throw new SSLProtocolException( "Unable to process PreMasterSecret, may be too big"); } catch (Exception e) { @@ -162,124 +134,6 @@ } throw new RuntimeException("Could not generate dummy secret", e); } - - // polish the premaster secret - preMaster = polishPreMasterSecretKey( - currentVersion, maxVersion, generator, encoded, failover); - } - - /** - * To avoid vulnerabilities described by section 7.4.7.1, RFC 5246, - * treating incorrectly formatted message blocks and/or mismatched - * version numbers in a manner indistinguishable from correctly - * formatted RSA blocks. - * - * RFC 5246 describes the approach as : - * - * 1. Generate a string R of 48 random bytes - * - * 2. Decrypt the message to recover the plaintext M - * - * 3. If the PKCS#1 padding is not correct, or the length of message - * M is not exactly 48 bytes: - * pre_master_secret = R - * else If ClientHello.client_version <= TLS 1.0, and version - * number check is explicitly disabled: - * premaster secret = M - * else If M[0..1] != ClientHello.client_version: - * premaster secret = R - * else: - * premaster secret = M - * - * Note that #2 has completed before the call of this method. - */ - private SecretKey polishPreMasterSecretKey(ProtocolVersion currentVersion, - ProtocolVersion clientHelloVersion, SecureRandom generator, - byte[] encoded, Exception failoverException) { - - this.protocolVersion = clientHelloVersion; - if (generator == null) { - generator = new SecureRandom(); - } - byte[] random = new byte[48]; - generator.nextBytes(random); - - if (failoverException == null && encoded != null) { - // check the length - if (encoded.length != 48) { - if (debug != null && Debug.isOn("handshake")) { - System.out.println( - "incorrect length of premaster secret: " + - encoded.length); - } - - return generatePreMasterSecret( - clientHelloVersion, random, generator); - } - - if (clientHelloVersion.major != encoded[0] || - clientHelloVersion.minor != encoded[1]) { - - if (clientHelloVersion.v <= ProtocolVersion.TLS10.v && - currentVersion.major == encoded[0] && - currentVersion.minor == encoded[1]) { - /* - * For compatibility, we maintain the behavior that the - * version in pre_master_secret can be the negotiated - * version for TLS v1.0 and SSL v3.0. - */ - this.protocolVersion = currentVersion; - } else { - if (debug != null && Debug.isOn("handshake")) { - System.out.println("Mismatching Protocol Versions, " + - "ClientHello.client_version is " + - clientHelloVersion + - ", while PreMasterSecret.client_version is " + - ProtocolVersion.valueOf(encoded[0], encoded[1])); - } - - encoded = random; - } - } - - return generatePreMasterSecret( - clientHelloVersion, encoded, generator); - } - - if (debug != null && Debug.isOn("handshake") && - failoverException != null) { - System.out.println("Error decrypting premaster secret:"); - failoverException.printStackTrace(System.out); - } - - return generatePreMasterSecret(clientHelloVersion, random, generator); - } - - // generate a premaster secret with the specified version number - private static SecretKey generatePreMasterSecret( - ProtocolVersion version, byte[] encodedSecret, - SecureRandom generator) { - - if (debug != null && Debug.isOn("handshake")) { - System.out.println("Generating a random fake premaster secret"); - } - - try { - String s = ((version.v >= ProtocolVersion.TLS12.v) ? - "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret"); - KeyGenerator kg = JsseJce.getKeyGenerator(s); - kg.init(new TlsRsaPremasterSecretParameterSpec( - version.major, version.minor, encodedSecret), generator); - return kg.generateKey(); - } catch (InvalidAlgorithmParameterException | - NoSuchAlgorithmException iae) { - // unlikely to happen, otherwise, must be a provider exception - if (debug != null && Debug.isOn("handshake")) { - System.out.println("RSA premaster secret generation error:"); - iae.printStackTrace(System.out); - } - throw new RuntimeException("Could not generate dummy secret", iae); - } } @Override
--- a/src/share/classes/sun/security/util/KeyUtil.java Tue May 20 12:34:17 2014 -0700 +++ b/src/share/classes/sun/security/util/KeyUtil.java Tue Jun 03 10:00:37 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,6 +32,7 @@ import java.security.interfaces.ECKey; import java.security.interfaces.RSAKey; import java.security.interfaces.DSAKey; +import java.security.SecureRandom; import java.security.spec.KeySpec; import javax.crypto.SecretKey; import javax.crypto.interfaces.DHKey; @@ -157,6 +158,79 @@ } /** + * Check the format of TLS PreMasterSecret. + * <P> + * To avoid vulnerabilities described by section 7.4.7.1, RFC 5246, + * treating incorrectly formatted message blocks and/or mismatched + * version numbers in a manner indistinguishable from correctly + * formatted RSA blocks. + * + * RFC 5246 describes the approach as : + * + * 1. Generate a string R of 48 random bytes + * + * 2. Decrypt the message to recover the plaintext M + * + * 3. If the PKCS#1 padding is not correct, or the length of message + * M is not exactly 48 bytes: + * pre_master_secret = R + * else If ClientHello.client_version <= TLS 1.0, and version + * number check is explicitly disabled: + * premaster secret = M + * else If M[0..1] != ClientHello.client_version: + * premaster secret = R + * else: + * premaster secret = M + * + * Note that #2 should have completed before the call to this method. + * + * @param clientVersion the version of the TLS protocol by which the + * client wishes to communicate during this session + * @param serverVersion the negotiated version of the TLS protocol which + * contains the lower of that suggested by the client in the client + * hello and the highest supported by the server. + * @param encoded the encoded key in its "RAW" encoding format + * @param isFailover whether or not the previous decryption of the + * encrypted PreMasterSecret message run into problem + * @return the polished PreMasterSecret key in its "RAW" encoding format + */ + public static byte[] checkTlsPreMasterSecretKey( + int clientVersion, int serverVersion, SecureRandom random, + byte[] encoded, boolean isFailOver) { + + if (random == null) { + random = new SecureRandom(); + } + byte[] replacer = new byte[48]; + random.nextBytes(replacer); + + if (!isFailOver && (encoded != null)) { + // check the length + if (encoded.length != 48) { + // private, don't need to clone the byte array. + return replacer; + } + + int encodedVersion = + ((encoded[0] & 0xFF) << 8) | (encoded[1] & 0xFF); + if (clientVersion != encodedVersion) { + if (clientVersion > 0x0301 || // 0x0301: TLSv1 + serverVersion != encodedVersion) { + encoded = replacer; + } // Otherwise, For compatibility, we maintain the behavior + // that the version in pre_master_secret can be the + // negotiated version for TLS v1.0 and SSL v3.0. + } + + // private, don't need to clone the byte array. + return encoded; + } + + // private, don't need to clone the byte array. + return replacer; + } + + /** * Returns whether the Diffie-Hellman public key is valid or not. * * Per RFC 2631 and NIST SP800-56A, the following algorithm is used to
--- a/src/share/native/sun/security/smartcardio/pcsc.c Tue May 20 12:34:17 2014 -0700 +++ b/src/share/native/sun/security/smartcardio/pcsc.c Tue Jun 03 10:00:37 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -64,17 +64,32 @@ #define J2PCSC_EXCEPTION_NAME "sun/security/smartcardio/PCSCException" +void throwOutOfMemoryError(JNIEnv *env, const char *msg) { + jclass cls = (*env)->FindClass(env, "java/lang/OutOfMemoryError"); + + if (cls != NULL) /* Otherwise an exception has already been thrown */ + (*env)->ThrowNew(env, cls, msg); + +} + void throwPCSCException(JNIEnv* env, LONG code) { jclass pcscClass; jmethodID constructor; jthrowable pcscException; pcscClass = (*env)->FindClass(env, J2PCSC_EXCEPTION_NAME); - assert(pcscClass != NULL); + if (pcscClass == NULL) { + return; + } constructor = (*env)->GetMethodID(env, pcscClass, "<init>", "(I)V"); - assert(constructor != NULL); - pcscException = (jthrowable) (*env)->NewObject(env, pcscClass, constructor, (jint)code); - (*env)->Throw(env, pcscException); + if (constructor == NULL) { + return; + } + pcscException = (jthrowable) (*env)->NewObject(env, pcscClass, + constructor, (jint)code); + if (pcscException != NULL) { + (*env)->Throw(env, pcscException); + } } jboolean handleRV(JNIEnv* env, LONG code) { @@ -93,7 +108,7 @@ JNIEXPORT jlong JNICALL Java_sun_security_smartcardio_PCSC_SCardEstablishContext (JNIEnv *env, jclass thisClass, jint dwScope) { - SCARDCONTEXT context; + SCARDCONTEXT context = 0; LONG rv; dprintf("-establishContext\n"); rv = CALL_SCardEstablishContext(dwScope, NULL, NULL, &context); @@ -110,7 +125,7 @@ jobjectArray pcsc_multi2jstring(JNIEnv *env, char *spec) { jobjectArray result; jclass stringClass; - char *cp, **tab; + char *cp, **tab = NULL; jstring js; int cnt = 0; @@ -121,6 +136,10 @@ } tab = (char **)malloc(cnt * sizeof(char *)); + if (tab == NULL) { + throwOutOfMemoryError(env, NULL); + return NULL; + } cnt = 0; cp = spec; @@ -130,12 +149,26 @@ } stringClass = (*env)->FindClass(env, "java/lang/String"); - assert(stringClass != NULL); + if (stringClass == NULL) { + free(tab); + return NULL; + } result = (*env)->NewObjectArray(env, cnt, stringClass, NULL); - while (cnt-- > 0) { - js = (*env)->NewStringUTF(env, tab[cnt]); - (*env)->SetObjectArrayElement(env, result, cnt, js); + if (result != NULL) { + while (cnt-- > 0) { + js = (*env)->NewStringUTF(env, tab[cnt]); + if ((*env)->ExceptionCheck(env)) { + free(tab); + return NULL; + } + (*env)->SetObjectArrayElement(env, result, cnt, js); + if ((*env)->ExceptionCheck(env)) { + free(tab); + return NULL; + } + (*env)->DeleteLocalRef(env, js); + } } free(tab); return result; @@ -146,8 +179,8 @@ { SCARDCONTEXT context = (SCARDCONTEXT)jContext; LONG rv; - LPTSTR mszReaders; - DWORD size; + LPTSTR mszReaders = NULL; + DWORD size = 0; jobjectArray result; dprintf1("-context: %x\n", context); @@ -157,13 +190,20 @@ } dprintf1("-size: %d\n", size); - mszReaders = malloc(size); - rv = CALL_SCardListReaders(context, NULL, mszReaders, &size); - if (handleRV(env, rv)) { - free(mszReaders); - return NULL; + if (size) { + mszReaders = malloc(size); + if (mszReaders == NULL) { + throwOutOfMemoryError(env, NULL); + return NULL; + } + + rv = CALL_SCardListReaders(context, NULL, mszReaders, &size); + if (handleRV(env, rv)) { + free(mszReaders); + return NULL; + } + dprintf1("-String: %s\n", mszReaders); } - dprintf1("-String: %s\n", mszReaders); result = pcsc_multi2jstring(env, mszReaders); free(mszReaders); @@ -177,10 +217,13 @@ SCARDCONTEXT context = (SCARDCONTEXT)jContext; LONG rv; LPCTSTR readerName; - SCARDHANDLE card; - DWORD proto; + SCARDHANDLE card = 0; + DWORD proto = 0; readerName = (*env)->GetStringUTFChars(env, jReaderName, NULL); + if (readerName == NULL) { + return 0; + } rv = CALL_SCardConnect(context, readerName, jShareMode, jPreferredProtocols, &card, &proto); (*env)->ReleaseStringUTFChars(env, jReaderName, readerName); dprintf1("-cardhandle: %x\n", card); @@ -210,6 +253,9 @@ sendPci.cbPciLength = sizeof(SCARD_IO_REQUEST); sbuf = (unsigned char *) ((*env)->GetByteArrayElements(env, jBuf, NULL)); + if (sbuf == NULL) { + return NULL; + } rv = CALL_SCardTransmit(card, &sendPci, sbuf + ofs, len, NULL, rbuf, &rlen); (*env)->ReleaseByteArrayElements(env, jBuf, (jbyte *)sbuf, JNI_ABORT); @@ -218,7 +264,12 @@ } jOut = (*env)->NewByteArray(env, rlen); - (*env)->SetByteArrayRegion(env, jOut, 0, rlen, (jbyte *)rbuf); + if (jOut != NULL) { + (*env)->SetByteArrayRegion(env, jOut, 0, rlen, (jbyte *)rbuf); + if ((*env)->ExceptionCheck(env)) { + return NULL; + } + } return jOut; } @@ -231,10 +282,10 @@ DWORD readerLen = READERNAME_BUFFER_SIZE; unsigned char atr[ATR_BUFFER_SIZE]; DWORD atrLen = ATR_BUFFER_SIZE; - DWORD state; - DWORD protocol; + DWORD state = 0; + DWORD protocol = 0; jbyteArray jArray; - jbyte tmp; + jbyte status[2]; rv = CALL_SCardStatus(card, readerName, &readerLen, &state, &protocol, atr, &atrLen); if (handleRV(env, rv)) { @@ -245,13 +296,19 @@ dprintf1("-protocol: %d\n", protocol); jArray = (*env)->NewByteArray(env, atrLen); + if (jArray == NULL) { + return NULL; + } (*env)->SetByteArrayRegion(env, jArray, 0, atrLen, (jbyte *)atr); - - tmp = (jbyte)state; - (*env)->SetByteArrayRegion(env, jStatus, 0, 1, &tmp); - tmp = (jbyte)protocol; - (*env)->SetByteArrayRegion(env, jStatus, 1, 1, &tmp); - + if ((*env)->ExceptionCheck(env)) { + return NULL; + } + status[0] = (jbyte) state; + status[1] = (jbyte) protocol; + (*env)->SetByteArrayRegion(env, jStatus, 0, 2, status); + if ((*env)->ExceptionCheck(env)) { + return NULL; + } return jArray; } @@ -274,36 +331,78 @@ SCARDCONTEXT context = (SCARDCONTEXT)jContext; LONG rv; int readers = (*env)->GetArrayLength(env, jReaderNames); - SCARD_READERSTATE *readerState = malloc(readers * sizeof(SCARD_READERSTATE)); + SCARD_READERSTATE *readerState; int i; - jintArray jEventState; - int *currentState = (*env)->GetIntArrayElements(env, jCurrentState, NULL); + jintArray jEventState = NULL; + int *currentState = NULL; + const char *readerName; + + readerState = calloc(readers, sizeof(SCARD_READERSTATE)); + if (readerState == NULL && readers > 0) { + throwOutOfMemoryError(env, NULL); + return NULL; + } + + currentState = (*env)->GetIntArrayElements(env, jCurrentState, NULL); + if (currentState == NULL) { + free(readerState); + return NULL; + } + + for (i = 0; i < readers; i++) { + readerState[i].szReader = NULL; + } for (i = 0; i < readers; i++) { jobject jReaderName = (*env)->GetObjectArrayElement(env, jReaderNames, i); - readerState[i].szReader = (*env)->GetStringUTFChars(env, jReaderName, NULL); + if ((*env)->ExceptionCheck(env)) { + goto cleanup; + } + readerName = (*env)->GetStringUTFChars(env, jReaderName, NULL); + if (readerName == NULL) { + goto cleanup; + } + readerState[i].szReader = strdup(readerName); + (*env)->ReleaseStringUTFChars(env, jReaderName, readerName); + if (readerState[i].szReader == NULL) { + throwOutOfMemoryError(env, NULL); + goto cleanup; + } readerState[i].pvUserData = NULL; readerState[i].dwCurrentState = currentState[i]; readerState[i].dwEventState = SCARD_STATE_UNAWARE; readerState[i].cbAtr = 0; + (*env)->DeleteLocalRef(env, jReaderName); } - (*env)->ReleaseIntArrayElements(env, jCurrentState, currentState, JNI_ABORT); - rv = CALL_SCardGetStatusChange(context, (DWORD)jTimeout, readerState, readers); + if (readers > 0) { + rv = CALL_SCardGetStatusChange(context, (DWORD)jTimeout, readerState, readers); + if (handleRV(env, rv)) { + goto cleanup; + } + } jEventState = (*env)->NewIntArray(env, readers); + if (jEventState == NULL) { + goto cleanup; + } for (i = 0; i < readers; i++) { jint eventStateTmp; - jobject jReaderName = (*env)->GetObjectArrayElement(env, jReaderNames, i); dprintf3("-reader status %s: 0x%X, 0x%X\n", readerState[i].szReader, readerState[i].dwCurrentState, readerState[i].dwEventState); - (*env)->ReleaseStringUTFChars(env, jReaderName, readerState[i].szReader); eventStateTmp = (jint)readerState[i].dwEventState; (*env)->SetIntArrayRegion(env, jEventState, i, 1, &eventStateTmp); + if ((*env)->ExceptionCheck(env)) { + jEventState = NULL; + goto cleanup; + } + } +cleanup: + (*env)->ReleaseIntArrayElements(env, jCurrentState, currentState, JNI_ABORT); + for (i = 0; i < readers; i++) { + free((char *)readerState[i].szReader); } free(readerState); - - handleRV(env, rv); return jEventState; } @@ -336,13 +435,18 @@ { SCARDHANDLE card = (SCARDHANDLE)jCard; LONG rv; - jbyte* sendBuffer = (*env)->GetByteArrayElements(env, jSendBuffer, NULL); + jbyte* sendBuffer; jint sendBufferLength = (*env)->GetArrayLength(env, jSendBuffer); jbyte receiveBuffer[MAX_STACK_BUFFER_SIZE]; jint receiveBufferLength = MAX_STACK_BUFFER_SIZE; ULONG returnedLength = 0; jbyteArray jReceiveBuffer; + sendBuffer = (*env)->GetByteArrayElements(env, jSendBuffer, NULL); + if (sendBuffer == NULL) { + return NULL; + } + #ifdef J2PCSC_DEBUG { int k; @@ -375,7 +479,12 @@ #endif jReceiveBuffer = (*env)->NewByteArray(env, returnedLength); + if (jReceiveBuffer == NULL) { + return NULL; + } (*env)->SetByteArrayRegion(env, jReceiveBuffer, 0, returnedLength, receiveBuffer); - + if ((*env)->ExceptionCheck(env)) { + return NULL; + } return jReceiveBuffer; }
--- a/src/solaris/classes/sun/nio/fs/UnixPath.java Tue May 20 12:34:17 2014 -0700 +++ b/src/solaris/classes/sun/nio/fs/UnixPath.java Tue Jun 03 10:00:37 2014 -0700 @@ -482,7 +482,7 @@ @Override public Path normalize() { final int count = getNameCount(); - if (count == 0) + if (count == 0 || isEmpty()) return this; boolean[] ignore = new boolean[count]; // true => ignore name
--- a/src/solaris/native/sun/security/smartcardio/MUSCLE/pcsclite.h Tue May 20 12:34:17 2014 -0700 +++ b/src/solaris/native/sun/security/smartcardio/MUSCLE/pcsclite.h Tue Jun 03 10:00:37 2014 -0700 @@ -62,6 +62,8 @@ #define MAX_ATR_SIZE 33 /* Maximum ATR size */ +#ifndef __APPLE__ + typedef struct { const char *szReader; @@ -73,6 +75,23 @@ } SCARD_READERSTATE_A; +#else // __APPLE__ + +#pragma pack(1) +typedef struct +{ + const char *szReader; + void *pvUserData; + uint32_t dwCurrentState; + uint32_t dwEventState; + uint32_t cbAtr; + unsigned char rgbAtr[MAX_ATR_SIZE]; +} +SCARD_READERSTATE_A; +#pragma pack() + +#endif // __APPLE__ + typedef SCARD_READERSTATE_A SCARD_READERSTATE, *PSCARD_READERSTATE_A, *LPSCARD_READERSTATE_A;
--- a/src/solaris/native/sun/security/smartcardio/pcsc_md.c Tue May 20 12:34:17 2014 -0700 +++ b/src/solaris/native/sun/security/smartcardio/pcsc_md.c Tue Jun 03 10:00:37 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,8 +32,6 @@ #include <winscard.h> -#include <jni_util.h> - #include "sun_security_smartcardio_PlatformPCSC.h" #include "pcsc_md.h" @@ -50,12 +48,40 @@ FPTR_SCardEndTransaction scardEndTransaction; FPTR_SCardControl scardControl; +/* + * Throws a Java Exception by name + */ +void throwByName(JNIEnv *env, const char *name, const char *msg) +{ + jclass cls = (*env)->FindClass(env, name); + + if (cls != 0) /* Otherwise an exception has already been thrown */ + (*env)->ThrowNew(env, cls, msg); +} + +/* + * Throws java.lang.NullPointerException + */ +void throwNullPointerException(JNIEnv *env, const char *msg) +{ + throwByName(env, "java/lang/NullPointerException", msg); +} + +/* + * Throws java.io.IOException + */ +void throwIOException(JNIEnv *env, const char *msg) +{ + throwByName(env, "java/io/IOException", msg); +} + + void *findFunction(JNIEnv *env, void *hModule, char *functionName) { void *fAddress = dlsym(hModule, functionName); if (fAddress == NULL) { char errorMessage[256]; snprintf(errorMessage, sizeof(errorMessage), "Symbol not found: %s", functionName); - JNU_ThrowNullPointerException(env, errorMessage); + throwNullPointerException(env, errorMessage); return NULL; } return fAddress; @@ -64,21 +90,56 @@ JNIEXPORT void JNICALL Java_sun_security_smartcardio_PlatformPCSC_initialize (JNIEnv *env, jclass thisClass, jstring jLibName) { const char *libName = (*env)->GetStringUTFChars(env, jLibName, NULL); + if (libName == NULL) { + throwNullPointerException(env, "PCSC library name is null"); + return; + } hModule = dlopen(libName, RTLD_LAZY); (*env)->ReleaseStringUTFChars(env, jLibName, libName); if (hModule == NULL) { - JNU_ThrowIOException(env, dlerror()); + throwIOException(env, dlerror()); return; } scardEstablishContext = (FPTR_SCardEstablishContext)findFunction(env, hModule, "SCardEstablishContext"); + if ((*env)->ExceptionCheck(env)) { + return; + } scardConnect = (FPTR_SCardConnect) findFunction(env, hModule, "SCardConnect"); + if ((*env)->ExceptionCheck(env)) { + return; + } scardDisconnect = (FPTR_SCardDisconnect) findFunction(env, hModule, "SCardDisconnect"); + if ((*env)->ExceptionCheck(env)) { + return; + } scardStatus = (FPTR_SCardStatus) findFunction(env, hModule, "SCardStatus"); + if ((*env)->ExceptionCheck(env)) { + return; + } scardGetStatusChange = (FPTR_SCardGetStatusChange) findFunction(env, hModule, "SCardGetStatusChange"); + if ((*env)->ExceptionCheck(env)) { + return; + } scardTransmit = (FPTR_SCardTransmit) findFunction(env, hModule, "SCardTransmit"); + if ((*env)->ExceptionCheck(env)) { + return; + } scardListReaders = (FPTR_SCardListReaders) findFunction(env, hModule, "SCardListReaders"); + if ((*env)->ExceptionCheck(env)) { + return; + } scardBeginTransaction = (FPTR_SCardBeginTransaction)findFunction(env, hModule, "SCardBeginTransaction"); + if ((*env)->ExceptionCheck(env)) { + return; + } scardEndTransaction = (FPTR_SCardEndTransaction) findFunction(env, hModule, "SCardEndTransaction"); + if ((*env)->ExceptionCheck(env)) { + return; + } +#ifndef __APPLE__ scardControl = (FPTR_SCardControl) findFunction(env, hModule, "SCardControl"); +#else + scardControl = (FPTR_SCardControl) findFunction(env, hModule, "SCardControl132"); +#endif // __APPLE__ }
--- a/src/windows/classes/sun/security/mscapi/RSACipher.java Tue May 20 12:34:17 2014 -0700 +++ b/src/windows/classes/sun/security/mscapi/RSACipher.java Tue Jun 03 10:00:37 2014 -0700 @@ -35,6 +35,8 @@ import javax.crypto.spec.*; import sun.security.rsa.RSAKeyFactory; +import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; +import sun.security.util.KeyUtil; /** * RSA cipher implementation using the Microsoft Crypto API. @@ -92,9 +94,16 @@ // the public key, if we were initialized using a public key private sun.security.mscapi.Key publicKey; + // the private key, if we were initialized using a private key private sun.security.mscapi.Key privateKey; + // cipher parameter for TLS RSA premaster secret + private AlgorithmParameterSpec spec = null; + + // the source of randomness + private SecureRandom random; + public RSACipher() { paddingType = PAD_PKCS1; } @@ -155,8 +164,12 @@ throws InvalidKeyException, InvalidAlgorithmParameterException { if (params != null) { - throw new InvalidAlgorithmParameterException - ("Parameters not supported"); + if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) { + throw new InvalidAlgorithmParameterException( + "Parameters not supported"); + } + spec = params; + this.random = random; // for TLS RSA premaster secret } init(opmode, key); } @@ -356,39 +369,47 @@ } // see JCE spec - protected java.security.Key engineUnwrap(byte[] wrappedKey, String algorithm, + protected java.security.Key engineUnwrap(byte[] wrappedKey, + String algorithm, int type) throws InvalidKeyException, NoSuchAlgorithmException { if (wrappedKey.length > buffer.length) { throw new InvalidKeyException("Key is too long for unwrapping"); } - update(wrappedKey, 0, wrappedKey.length); - try { - byte[] encoding = doFinal(); - - switch (type) { - case Cipher.PUBLIC_KEY: - return constructPublicKey(encoding, algorithm); - - case Cipher.PRIVATE_KEY: - return constructPrivateKey(encoding, algorithm); + boolean isTlsRsaPremasterSecret = + algorithm.equals("TlsRsaPremasterSecret"); + Exception failover = null; + byte[] encoded = null; - case Cipher.SECRET_KEY: - return constructSecretKey(encoding, algorithm); - - default: - throw new InvalidKeyException("Unknown key type " + type); + update(wrappedKey, 0, wrappedKey.length); + try { + encoded = doFinal(); + } catch (BadPaddingException e) { + if (isTlsRsaPremasterSecret) { + failover = e; + } else { + throw new InvalidKeyException("Unwrapping failed", e); } - - } catch (BadPaddingException e) { - // should not occur - throw new InvalidKeyException("Unwrapping failed", e); - } catch (IllegalBlockSizeException e) { // should not occur, handled with length check above throw new InvalidKeyException("Unwrapping failed", e); } + + if (isTlsRsaPremasterSecret) { + if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) { + throw new IllegalStateException( + "No TlsRsaPremasterSecretParameterSpec specified"); + } + + // polish the TLS premaster secret + encoded = KeyUtil.checkTlsPreMasterSecretKey( + ((TlsRsaPremasterSecretParameterSpec)spec).getClientVersion(), + ((TlsRsaPremasterSecretParameterSpec)spec).getServerVersion(), + random, encoded, (failover != null)); + } + + return constructKey(encoded, algorithm, type); } // see JCE spec @@ -452,6 +473,22 @@ return new SecretKeySpec(encodedKey, encodedKeyAlgorithm); } + private static Key constructKey(byte[] encodedKey, + String encodedKeyAlgorithm, + int keyType) throws InvalidKeyException, NoSuchAlgorithmException { + + switch (keyType) { + case Cipher.PUBLIC_KEY: + return constructPublicKey(encodedKey, encodedKeyAlgorithm); + case Cipher.PRIVATE_KEY: + return constructPrivateKey(encodedKey, encodedKeyAlgorithm); + case Cipher.SECRET_KEY: + return constructSecretKey(encodedKey, encodedKeyAlgorithm); + default: + throw new InvalidKeyException("Unknown key type " + keyType); + } + } + /* * Encrypt/decrypt a data buffer using Microsoft Crypto API with HCRYPTKEY. * It expects and returns ciphertext data in big-endian form.
--- a/test/com/sun/crypto/provider/TLS/TestPremaster.java Tue May 20 12:34:17 2014 -0700 +++ b/test/com/sun/crypto/provider/TLS/TestPremaster.java Tue Jun 03 10:00:37 2014 -0700 @@ -33,6 +33,7 @@ import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; +import java.util.Formatter; import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; @@ -52,27 +53,51 @@ System.out.println("OK: " + e); } - test(kg, 3, 0); - test(kg, 3, 1); - test(kg, 3, 2); - test(kg, 4, 0); + int[] protocolVersions = {0x0300, 0x0301, 0x0302, 0x0400}; + for (int clientVersion : protocolVersions) { + for (int serverVersion : protocolVersions) { + test(kg, clientVersion, serverVersion); + if (serverVersion >= clientVersion) { + break; + } + } + } System.out.println("Done."); } - private static void test(KeyGenerator kg, int major, int minor) - throws Exception { + private static void test(KeyGenerator kg, + int clientVersion, int serverVersion) throws Exception { - kg.init(new TlsRsaPremasterSecretParameterSpec(major, minor)); + System.out.printf( + "Testing RSA pre-master secret key generation between " + + "client (0x%04X) and server(0x%04X)%n", + clientVersion, serverVersion); + kg.init(new TlsRsaPremasterSecretParameterSpec( + clientVersion, serverVersion)); + SecretKey key = kg.generateKey(); byte[] encoded = key.getEncoded(); - if (encoded.length != 48) { - throw new Exception("length: " + encoded.length); - } - if ((encoded[0] != major) || (encoded[1] != minor)) { - throw new Exception("version mismatch: " + encoded[0] + - "." + encoded[1]); - } - System.out.println("OK: " + major + "." + minor); + if (encoded != null) { // raw key material may be not extractable + if (encoded.length != 48) { + throw new Exception("length: " + encoded.length); + } + int v = versionOf(encoded[0], encoded[1]); + if (clientVersion != v) { + if (serverVersion != v || clientVersion >= 0x0302) { + throw new Exception(String.format( + "version mismatch: (0x%04X) rather than (0x%04X) " + + "is used in pre-master secret", v, clientVersion)); + } + System.out.printf("Use compatible version (0x%04X)%n", v); + } + System.out.println("Passed, version matches!"); + } else { + System.out.println("Raw key material is not extractable"); + } + } + + private static int versionOf(int major, int minor) { + return ((major & 0xFF) << 8) | (minor & 0xFF); } }
--- a/test/com/sun/jndi/ldap/LdapTimeoutTest.java Tue May 20 12:34:17 2014 -0700 +++ b/test/com/sun/jndi/ldap/LdapTimeoutTest.java Tue Jun 03 10:00:37 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -64,11 +64,12 @@ env.put(Context.SECURITY_PRINCIPAL, "user"); env.put(Context.SECURITY_CREDENTIALS, "password"); - env.put("com.sun.jndi.ldap.connect.timeout", "10"); - env.put("com.sun.jndi.ldap.read.timeout", "3000"); - InitialContext ctx = null; try { + new LdapTimeoutTest().deadServerNoTimeout(env); + + env.put("com.sun.jndi.ldap.connect.timeout", "10"); + env.put("com.sun.jndi.ldap.read.timeout", "3000"); new LdapTimeoutTest().ldapReadTimeoutTest(env, false); new LdapTimeoutTest().ldapReadTimeoutTest(env, true); new LdapTimeoutTest().simpleAuthConnectTest(env); @@ -84,7 +85,7 @@ void ldapReadTimeoutTest(Hashtable env, boolean ssl) { InitialContext ctx = null; if (ssl) env.put(Context.SECURITY_PROTOCOL, "ssl"); - ScheduledFuture killer = killSwitch(); + ScheduledFuture killer = killSwitch(5000); long start = System.nanoTime(); try { ctx = new InitialDirContext(env); @@ -112,7 +113,7 @@ void simpleAuthConnectTest(Hashtable env) { InitialContext ctx = null; - ScheduledFuture killer = killSwitch(); + ScheduledFuture killer = killSwitch(5000); long start = System.nanoTime(); try { ctx = new InitialDirContext(env); @@ -139,6 +140,32 @@ } } + void deadServerNoTimeout(Hashtable env) { + InitialContext ctx = null; + ScheduledFuture killer = killSwitch(30000); + long start = System.nanoTime(); + try { + ctx = new InitialDirContext(env); + SearchControls scl = new SearchControls(); + scl.setSearchScope(SearchControls.SUBTREE_SCOPE); + NamingEnumeration<SearchResult> answer = ((InitialDirContext)ctx) + .search("ou=People,o=JNDITutorial", "(objectClass=*)", scl); + // shouldn't reach here + fail(); + } catch (NamingException e) { + long end = System.nanoTime(); + if (TimeUnit.NANOSECONDS.toMillis(end - start) < 14000) { + System.err.println("fail: timeout should be at least 15 seconds, actual time: " + + TimeUnit.NANOSECONDS.toMillis(end - start)); + fail(); + } else { + pass(); + } + } finally { + if (!shutItDown(killer, ctx)) fail(); + } + } + boolean shutItDown(ScheduledFuture killer, InitialContext ctx) { killer.cancel(true); try { @@ -149,15 +176,15 @@ } } - ScheduledFuture killSwitch() { + ScheduledFuture killSwitch(int ms) { final Thread current = Thread.currentThread(); return LdapTimeoutTest.pool.schedule(new Callable<Void>() { public Void call() throws Exception { System.err.println("Fail: killSwitch()"); - current.interrupt(); + System.exit(0); return null; } - }, 5000, TimeUnit.MILLISECONDS); + }, ms, TimeUnit.MILLISECONDS); } static class Server extends Thread {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/awt/image/ImageIconHang.java Tue Jun 03 10:00:37 2014 -0700 @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.awt.*; + +/* + * @test + * @bug 8032788 + * @summary Checks that null filename argument is processed correctly + * + * @run main ImageIconHang + */ +public class ImageIconHang { + public static void main(String[] args) throws Exception { + Image image = Toolkit.getDefaultToolkit().getImage((String) null); + MediaTracker mt = new MediaTracker(new Component() {}); + mt.addImage(image, 1); + mt.waitForID(1, 5000); + + int status = mt.statusID(1, false); + + System.out.println("Status: " + status); + + if (status != MediaTracker.ERRORED) { + throw new RuntimeException("MediaTracker.waitForID() hung."); + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/beans/Introspector/Test7172865.java Tue Jun 03 10:00:37 2014 -0700 @@ -0,0 +1,162 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.beans.IndexedPropertyDescriptor; +import java.beans.MethodDescriptor; +import java.beans.PropertyDescriptor; + +/* + * @test + * @bug 7172854 7172865 + * @summary Tests that cached methods are not lost + * @author Sergey Malenkov + */ + +public class Test7172865 { + public static void main(String[] args) throws Exception { + int errors = 0; + + MethodDescriptor md = new MethodDescriptor(Test7172865.class.getMethod("getGood")); + + errors += test(PropertyDescriptor.class, "good", true); + PropertyDescriptor pdGoodString = new PropertyDescriptor("good", Test7172865.class, "getGood", "setGood"); + PropertyDescriptor pdGoodMethod = new PropertyDescriptor("good", + Test7172865.class.getMethod("getGood"), + Test7172865.class.getMethod("setGood", args.getClass())); + + errors += test(PropertyDescriptor.class, "bad", false); + PropertyDescriptor pdBadString = new PropertyDescriptor("bad", Test7172865.class, "getBad", null); + PropertyDescriptor pdBadMethod = new PropertyDescriptor("bad", + Test7172865.class.getMethod("getBad"), + Test7172865.class.getMethod("setBad", args.getClass())); + + errors += test(IndexedPropertyDescriptor.class, "good", true); + IndexedPropertyDescriptor ipdGoodString = new IndexedPropertyDescriptor("good", Test7172865.class, "getGood", "setGood", "getGood", "setGood"); + IndexedPropertyDescriptor ipdGoodMethod = new IndexedPropertyDescriptor("good", + Test7172865.class.getMethod("getGood"), + Test7172865.class.getMethod("setGood", args.getClass()), + Test7172865.class.getMethod("getGood", Integer.TYPE), + Test7172865.class.getMethod("setGood", Integer.TYPE, String.class)); + + errors += test(IndexedPropertyDescriptor.class, "bad", false); + IndexedPropertyDescriptor ipdBadString = new IndexedPropertyDescriptor("bad", Test7172865.class, "getBad", null, "getBad", null); + IndexedPropertyDescriptor ipdBadMethod = new IndexedPropertyDescriptor("bad", + Test7172865.class.getMethod("getBad"), + Test7172865.class.getMethod("setBad", args.getClass()), + Test7172865.class.getMethod("getBad", Integer.TYPE), + Test7172865.class.getMethod("setBad", Integer.TYPE, String.class)); + + for (int i = 1; i <= 2; i++) { + System.out.println("STEP: " + i); + errors += test("md", null != md.getMethod()); + + errors += test("pdGoodString", pdGoodString, true, true); + errors += test("pdGoodMethod", pdGoodMethod, true, true); + + errors += test("pdBadString", pdBadString, true, false); + errors += test("pdBadMethod", pdBadMethod, true, true); + + errors += test("ipdGoodString", ipdGoodString, true, true, true, true); + errors += test("ipdGoodMethod", ipdGoodMethod, true, true, true, true); + + errors += test("ipdBadString", ipdBadString, true, false, true, false); + errors += test("ipdBadMethod", ipdBadMethod, true, true, true, true); + + try { + int[] array = new int[1024]; + while (true) { + array = new int[array.length << 1]; + } + } + catch (OutOfMemoryError error) { + System.gc(); + } + } + if (errors > 0) { + throw new Error("found " + errors + " errors"); + } + } + + private static int test(Class<?> type, String property, boolean value) { + String message = type.getSimpleName() + "(" + property + ") "; + try { + type.getConstructor(String.class, Class.class).newInstance(property, Test7172865.class); + message += "passed"; + } + catch (Exception exception) { + message += "failed"; + value = !value; + } + if (value) { + message += " as expected"; + } + System.out.println(message); + return value ? 0 : 1; + } + + private static int test(String message, boolean value) { + System.out.println(message + ": " + (value ? "passed" : "failed")); + return value ? 0 : 1; + } + + private static int test(String message, PropertyDescriptor pd, boolean rm, boolean wm) { + return test(message + ".Read", rm == (null != pd.getReadMethod())) + + test(message + ".Write", wm == (null != pd.getWriteMethod())); + } + + private static int test(String message, IndexedPropertyDescriptor ipd, boolean rm, boolean wm, boolean irm, boolean iwm) { + return test(message, ipd, rm, wm) + + test(message + ".IndexedRead", irm == (null != ipd.getIndexedReadMethod())) + + test(message + ".IndexedWrite", iwm == (null != ipd.getIndexedWriteMethod())); + } + + public String[] getGood() { + return null; + } + + public String getGood(int index) { + return null; + } + + public void setGood(String[] good) { + } + + public void setGood(int index, String value) { + } + + public String[] getBad() { + return null; + } + + public String getBad(int index) { + return null; + } + + public Test7172865 setBad(String[] bad) { + return null; + } + + public Test7172865 setBad(int index, String value) { + return null; + } +}
--- a/test/java/nio/file/Path/PathOps.java Tue May 20 12:34:17 2014 -0700 +++ b/test/java/nio/file/Path/PathOps.java Tue Jun 03 10:00:37 2014 -0700 @@ -22,7 +22,7 @@ */ /* @test - * @bug 4313887 6838333 6925932 7006126 + * @bug 4313887 6838333 6925932 7006126 8037945 * @summary Unit test for java.nio.file.Path path operations */ @@ -899,6 +899,8 @@ .normalize("foo"); test("/foo") .normalize("/foo"); + test("") + .normalize(""); test(".") .normalize(""); test("..")
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/swing/JPopupMenu/7160604/bug7160604.html Tue Jun 03 10:00:37 2014 -0700 @@ -0,0 +1,30 @@ +<!-- + Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + + This code is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License version 2 only, as + published by the Free Software Foundation. + + This code is distributed in the hope that it will be useful, but WITHOUT + ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + version 2 for more details (a copy is included in the LICENSE file that + accompanied this code). + + You should have received a copy of the GNU General Public License version + 2 along with this work; if not, write to the Free Software Foundation, + Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + + Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + or visit www.oracle.com if you need additional information or have any + questions. +--> + +<html> +<body> +<applet code="bug7160604.class" width=400 height=100></applet> +Click on the top-bar and combo-box more than once. +Make sure popup menu and drop-down list have a border and their items are drawn properly. +</body> +</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/swing/JPopupMenu/7160604/bug7160604.java Tue Jun 03 10:00:37 2014 -0700 @@ -0,0 +1,90 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* @test + @bug 7160604 + @summary Using non-opaque windows - popups are initially not painted correctly + @author Oleg Pekhovskiy + @run applet/manual=yesno bug7160604.html +*/ + +import javax.swing.AbstractAction; +import javax.swing.BorderFactory; +import javax.swing.JApplet; +import javax.swing.JComboBox; +import javax.swing.JLabel; +import javax.swing.JMenuItem; +import javax.swing.JPanel; +import javax.swing.JPopupMenu; +import javax.swing.JWindow; +import javax.swing.SwingUtilities; +import java.awt.BorderLayout; +import java.awt.Color; +import java.awt.event.ActionEvent; +import java.awt.event.MouseAdapter; +import java.awt.event.MouseEvent; + +public class bug7160604 extends JApplet { + + public void init() { + SwingUtilities.invokeLater(new Runnable() { + @Override + public void run() { + final JWindow window = new JWindow(); + window.setLocation(200, 200); + window.setSize(300, 300); + + final JLabel label = new JLabel("...click to invoke JPopupMenu"); + label.setOpaque(true); + final JPanel contentPane = new JPanel(new BorderLayout()); + contentPane.setBorder(BorderFactory.createLineBorder(Color.RED)); + window.setContentPane(contentPane); + contentPane.add(label, BorderLayout.NORTH); + + final JComboBox comboBox = new JComboBox(new Object[]{"1", "2", "3", "4"}); + contentPane.add(comboBox, BorderLayout.SOUTH); + + final JPopupMenu jPopupMenu = new JPopupMenu(); + + jPopupMenu.add("string"); + jPopupMenu.add(new AbstractAction("action") { + @Override + public void actionPerformed(final ActionEvent e) { + } + }); + jPopupMenu.add(new JLabel("label")); + jPopupMenu.add(new JMenuItem("MenuItem")); + label.addMouseListener(new MouseAdapter() { + @Override + public void mouseReleased(final MouseEvent e) { + jPopupMenu.show(label, 0, 0); + } + }); + + window.setBackground(new Color(0, 0, 0, 0)); + + window.setVisible(true); + } + }); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/swing/plaf/nimbus/8041725/bug8041725.java Tue Jun 03 10:00:37 2014 -0700 @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* @test + @bug 8041725 + @summary JList selection colors are not UIResource instances in Nimbus L&F + @author Anton Litvinov +*/ + +import java.awt.*; +import javax.swing.*; +import javax.swing.plaf.*; +import javax.swing.plaf.nimbus.*; + +public class bug8041725 { + public static void main(String[] args) throws Exception { + UIManager.setLookAndFeel(new NimbusLookAndFeel()); + SwingUtilities.invokeAndWait(new Runnable() { + @Override + public void run() { + JFrame frame = new JFrame("bug8041725"); + frame.setSize(200, 200); + JList list = new JList(new String[]{"Item1", "Item2", "Item3"}); + frame.getContentPane().add(list); + frame.pack(); + frame.setVisible(true); + + System.err.println("Test #1: No items are selected, list is enabled."); + testSelectionColors(list); + + System.err.println("Test #2: No items are selected, list is disabled."); + list.setEnabled(false); + testSelectionColors(list); + + System.err.println("Test #3: One item is selected, list is disabled."); + list.setSelectedIndex(0); + testSelectionColors(list); + + System.err.println("Test #4: One item is selected, list is enabled."); + list.setEnabled(true); + testSelectionColors(list); + + frame.dispose(); + } + }); + } + + private static void testSelectionColors(JList list) { + Color selBackColor = list.getSelectionBackground(); + if (!(selBackColor instanceof UIResource)) { + throw new RuntimeException(String.format( + "JList.getSelectionBackground() returned instance of '%s' instead of UIResource.", + selBackColor.getClass())); + } + Color selForeColor = list.getSelectionForeground(); + if (!(selForeColor instanceof UIResource)) { + throw new RuntimeException(String.format( + "JList.getSelectionForeground() returned instance of '%s' instead of UIResource.", + selForeColor.getClass())); + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/awt/image/bug8038000.java Tue Jun 03 10:00:37 2014 -0700 @@ -0,0 +1,153 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8038000 + * + * @summary Verifies that we could create different type of Rasters with height 1 + * and strideline which exceeds raster width. + * Also checks that a set of RasterOp work correctly with such kind of Rasters. + * + * @run main bug8038000 + */ + +import java.awt.*; +import java.awt.color.ColorSpace; +import java.awt.geom.AffineTransform; +import java.awt.image.*; +import java.util.Arrays; + +public class bug8038000 { + + public static void main(String[] args) throws Exception { + new bug8038000().checkOps(); + + // No exceptions - Passed + } + + private void checkOps() throws Exception { + + RasterOp[] ops = new RasterOp[] { + new ColorConvertOp(ColorSpace.getInstance(ColorSpace.CS_sRGB), + ColorSpace.getInstance(ColorSpace.CS_LINEAR_RGB), null), + new AffineTransformOp(AffineTransform.getScaleInstance(1, 1.1), null) + }; + + + for (RasterOp op: ops) { + // Banded rasters + checkOp(Raster.createBandedRaster(DataBuffer.TYPE_BYTE, 10, 1, 10, + new int[] {0, 1, 2}, new int[]{2,1,0}, null), + Raster.createBandedRaster(DataBuffer.TYPE_BYTE, 10, 1, 1001, + new int[] {0, 1, 2}, new int[]{2,1,0}, null), op); + checkOp(Raster.createBandedRaster(DataBuffer.TYPE_USHORT, 10, 1, 10, + new int[] {0, 1, 2}, new int[]{2,1,0}, null), + Raster.createBandedRaster(DataBuffer.TYPE_USHORT, 10, 1, 1001, + new int[] {0, 1, 2}, new int[]{2,1,0}, null), op); + checkOp(Raster.createBandedRaster(DataBuffer.TYPE_INT, 10, 1, 10, + new int[] {0, 1, 2}, new int[]{2,1,0}, null), + Raster.createBandedRaster(DataBuffer.TYPE_INT, 10, 1, 1001, + new int[] {0, 1, 2}, new int[]{2,1,0}, null), op); + + // Interleaved rasters + checkOp(Raster.createInterleavedRaster(DataBuffer.TYPE_BYTE, + 10, 1, 30, 3, new int[]{0, 1, 2}, null), + Raster.createInterleavedRaster(DataBuffer.TYPE_BYTE, + 10, 1, 1001, 3, new int[]{0, 1, 2}, null), + op); + + checkOp(Raster.createInterleavedRaster(DataBuffer.TYPE_USHORT, + 10, 1, 30, 3, new int[]{0, 1, 2}, null), + Raster.createInterleavedRaster(DataBuffer.TYPE_USHORT, + 10, 1, 1001, 3, new int[]{0, 1, 2}, null), + op); + + // Packed rasters + checkOp(Raster.createPackedRaster(new DataBufferByte(10), 10, 1, 10, + new int[] {0x01, 0x02, 0x04}, null), + Raster.createPackedRaster(new DataBufferByte(10), 10, 1, 2000, + new int[] {0x01, 0x02, 0x04}, null), + op); + checkOp(Raster.createPackedRaster(new DataBufferInt(10), 10, 1, 10, + new int[] {0xff0000, 0x00ff00, 0x0000ff}, null), + Raster.createPackedRaster(new DataBufferInt(10), 10, 1, 20, + new int[] {0xff0000, 0x00ff00, 0x0000ff}, null), + op); + + } + } + + /** + * Takes two identical rasters (identical with the exception of scanline stride) + * fills their pixels with identical data, applies the RasterOp to both rasters + * and checks that the result is the same + */ + private void checkOp(WritableRaster wr1, WritableRaster wr2, RasterOp op) { + System.out.println("Checking " + op + " with rasters: \n " + wr1 + + "\n " + wr2); + try { + WritableRaster r1 = op.filter(fillRaster(wr1), null); + WritableRaster r2 = op.filter(fillRaster(wr2), null); + compareRasters(r1, r2); + } catch (ImagingOpException e) { + System.out.println(" Skip: Op is not supported: " + e); + } + } + + private WritableRaster fillRaster(WritableRaster wr) { + int c = 0; + for(int x = wr.getMinX(); x < wr.getMinX() + wr.getWidth(); x++) { + for(int y = wr.getMinY(); y < wr.getMinY() + wr.getHeight(); y++) { + for (int b = 0; b < wr.getNumBands(); b++) { + wr.setSample(x, y, b, c++); + } + } + } + return wr; + } + + private void compareRasters(Raster r1, Raster r2) { + Rectangle bounds = r1.getBounds(); + if (!bounds.equals(r2.getBounds())) { + throw new RuntimeException("Bounds differ."); + } + + if (r1.getNumBands() != r2.getNumBands()) { + throw new RuntimeException("Bands differ."); + } + + int[] b1 = new int[r1.getNumBands()]; + int[] b2 = new int[r1.getNumBands()]; + + for (int x = (int) bounds.getX(); x < bounds.getMaxX(); x++) { + for (int y = (int) bounds.getY(); y < bounds.getMaxY(); y++) { + r1.getPixel(x,y, b1); + r2.getPixel(x,y, b2); + if (!Arrays.equals(b1, b2)) { + throw new RuntimeException("Pixels differ."); + } + } + } + } +}
--- a/test/sun/security/pkcs11/fips/CipherTest.java Tue May 20 12:34:17 2014 -0700 +++ b/test/sun/security/pkcs11/fips/CipherTest.java Tue Jun 03 10:00:37 2014 -0700 @@ -458,8 +458,21 @@ return false; } + // No ECDH-capable certificate in key store. May restructure + // this in the future. + if (cipherSuite.contains("ECDHE_ECDSA") || + cipherSuite.contains("ECDH_ECDSA") || + cipherSuite.contains("ECDH_RSA")) { + System.out.println("Skipping unsupported test for " + + cipherSuite + " of " + protocol); + return false; + } + // skip SSLv2Hello protocol - if (protocol.equals("SSLv2Hello")) { + // + // skip TLSv1.2 protocol, we have not implement "SunTls12Prf" and + // SunTls12RsaPremasterSecret in SunPKCS11 provider + if (protocol.equals("SSLv2Hello") || protocol.equals("TLSv1.2")) { System.out.println("Skipping unsupported test for " + cipherSuite + " of " + protocol); return false;
--- a/test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java Tue May 20 12:34:17 2014 -0700 +++ b/test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java Tue Jun 03 10:00:37 2014 -0700 @@ -23,7 +23,7 @@ /* * @test - * @bug 6313675 6323647 + * @bug 6313675 6323647 8028192 * @summary Verify that all ciphersuites work in FIPS mode * @library .. * @ignore JSSE supported cipher suites are changed with CR 6916074, @@ -44,9 +44,13 @@ return; } - if ("sparc".equals(System.getProperty("os.arch")) == false) { - // we have not updated other platforms with the proper NSS libraries yet - System.out.println("Test currently works only on solaris-sparc, skipping"); + String arch = System.getProperty("os.arch"); + if (!("sparc".equals(arch) || "sparcv9".equals(arch))) { + // we have not updated other platforms with the proper NSS + // libraries yet + System.out.println( + "Test currently works only on solaris-sparc " + + "and solaris-sparcv9. Skipping on " + arch); return; }
--- a/test/sun/security/pkcs11/tls/TestPremaster.java Tue May 20 12:34:17 2014 -0700 +++ b/test/sun/security/pkcs11/tls/TestPremaster.java Tue Jun 03 10:00:37 2014 -0700 @@ -34,6 +34,7 @@ import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; +import java.util.Formatter; import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; @@ -59,27 +60,51 @@ System.out.println("OK: " + e); } - test(kg, 3, 0); - test(kg, 3, 1); - test(kg, 3, 2); - test(kg, 4, 0); + int[] protocolVersions = {0x0300, 0x0301, 0x0302, 0x0400}; + for (int clientVersion : protocolVersions) { + for (int serverVersion : protocolVersions) { + test(kg, clientVersion, serverVersion); + if (serverVersion >= clientVersion) { + break; + } + } + } System.out.println("Done."); } - private static void test(KeyGenerator kg, int major, int minor) - throws Exception { + private static void test(KeyGenerator kg, + int clientVersion, int serverVersion) throws Exception { - kg.init(new TlsRsaPremasterSecretParameterSpec(major, minor)); + System.out.printf( + "Testing RSA pre-master secret key generation between " + + "client (0x%04X) and server(0x%04X)%n", + clientVersion, serverVersion); + kg.init(new TlsRsaPremasterSecretParameterSpec( + clientVersion, serverVersion)); SecretKey key = kg.generateKey(); byte[] encoded = key.getEncoded(); - if (encoded.length != 48) { - throw new Exception("length: " + encoded.length); - } - if ((encoded[0] != major) || (encoded[1] != minor)) { - throw new Exception("version mismatch: " + encoded[0] + - "." + encoded[1]); - } - System.out.println("OK: " + major + "." + minor); + if (encoded != null) { // raw key material may be not extractable + if (encoded.length != 48) { + throw new Exception("length: " + encoded.length); + } + int v = versionOf(encoded[0], encoded[1]); + if (clientVersion != v) { + if (serverVersion != v || clientVersion >= 0x0302) { + throw new Exception(String.format( + "version mismatch: (0x%04X) rather than (0x%04X) " + + "is used in pre-master secret", v, clientVersion)); + } + System.out.printf("Use compatible version (0x%04X)%n", v); + } + System.out.println("Passed, version matches!"); + } else { + System.out.println("Raw key material is not extractable"); + } } + + private static int versionOf(int major, int minor) { + return ((major & 0xFF) << 8) | (minor & 0xFF); + } + }