Mercurial > hg > icedtea8-forest > jdk
changeset 14967:0a1dc6d7df21
Merge jdk8u292-b05
line wrap: on
line diff
--- a/.hgtags Fri Feb 05 20:19:32 2021 +0000 +++ b/.hgtags Mon Apr 19 04:23:30 2021 +0100 @@ -1157,3 +1157,9 @@ 6fe9792e7893a43c0718cf6d5082f62f9bc52787 jdk8u282-b08 6fe9792e7893a43c0718cf6d5082f62f9bc52787 jdk8u282-ga d8a3d99c03500de64183f959d6bd0bcb6429b64f icedtea-3.18.0 +78c875107d40690f05751ea7bf16cb7766edd51d jdk8u292-b00 +09d51037f62f6bf58581753efa2fdb7758e4fb45 jdk8u292-b01 +883f758c85ab2824e73594a8dcba87711d311646 jdk8u292-b02 +daac853357a501b21955518977d11b9121ff3197 jdk8u292-b03 +37cc96fde9118f2422db288dcecc4b3f51c1dacf jdk8u292-b04 +7c8bbbfe6acbe08eadae04e1ec46d94e9f98b743 jdk8u292-b05
--- a/THIRD_PARTY_README Fri Feb 05 20:19:32 2021 +0000 +++ b/THIRD_PARTY_README Mon Apr 19 04:23:30 2021 +0100 @@ -155,7 +155,7 @@ ------------------------------------------------------------------------------- %% This notice is provided with respect to CUP Parser Generator for -Java 0.10b, which may be included with JRE 8, JDK 8, and OpenJDK 8. +Java 0.11b, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE ---
--- a/make/data/lsrdata/language-subtag-registry.txt Fri Feb 05 20:19:32 2021 +0000 +++ b/make/data/lsrdata/language-subtag-registry.txt Mon Apr 19 04:23:30 2021 +0100 @@ -1,4 +1,4 @@ -File-Date: 2019-04-03 +File-Date: 2019-09-16 %% Type: language Subtag: aa @@ -2096,6 +2096,8 @@ Subtag: ais Description: Nataoran Amis Added: 2009-07-29 +Deprecated: 2019-04-16 +Comments: see ami, szy %% Type: language Subtag: ait @@ -2633,6 +2635,7 @@ Type: language Subtag: ant Description: Antakarinya +Description: Antikarinya Added: 2009-07-29 %% Type: language @@ -3094,6 +3097,8 @@ Subtag: asd Description: Asas Added: 2009-07-29 +Deprecated: 2019-04-16 +Preferred-Value: snz %% Type: language Subtag: ase @@ -4135,7 +4140,7 @@ %% Type: language Subtag: bck -Description: Bunaba +Description: Bunuba Added: 2009-07-29 %% Type: language @@ -6930,7 +6935,7 @@ %% Type: language Subtag: bym -Description: Bidyara +Description: Bidjara Added: 2009-07-29 %% Type: language @@ -7564,6 +7569,11 @@ Added: 2009-07-29 %% Type: language +Subtag: cey +Description: Ekai Chin +Added: 2019-04-16 +%% +Type: language Subtag: cfa Description: Dijim-Bwilim Added: 2009-07-29 @@ -9439,6 +9449,7 @@ Type: language Subtag: dif Description: Dieri +Description: Diyari Added: 2009-07-29 %% Type: language @@ -9515,6 +9526,8 @@ Subtag: dit Description: Dirari Added: 2009-07-29 +Deprecated: 2019-04-29 +Preferred-Value: dif %% Type: language Subtag: diu @@ -9560,6 +9573,7 @@ Type: language Subtag: djd Description: Djamindjung +Description: Ngaliwurru Added: 2009-07-29 %% Type: language @@ -9603,6 +9617,7 @@ %% Type: language Subtag: djn +Description: Jawoyn Description: Djauan Added: 2009-07-29 %% @@ -10191,6 +10206,8 @@ Subtag: dud Description: Hun-Saare Added: 2009-07-29 +Deprecated: 2019-04-16 +Comments: see uth, uss %% Type: language Subtag: due @@ -10382,6 +10399,7 @@ Type: language Subtag: dyn Description: Dyangadi +Description: Dhanggatti Added: 2009-07-29 %% Type: language @@ -10396,6 +10414,7 @@ %% Type: language Subtag: dyy +Description: Djabugay Description: Dyaabugay Added: 2009-07-29 %% @@ -11672,7 +11691,7 @@ %% Type: language Subtag: gbd -Description: Karadjeri +Description: Karajarri Added: 2009-07-29 %% Type: language @@ -12056,7 +12075,7 @@ %% Type: language Subtag: gge -Description: Guragone +Description: Gurr-goni Added: 2009-07-29 %% Type: language @@ -12169,7 +12188,7 @@ %% Type: language Subtag: gia -Description: Kitja +Description: Kija Added: 2009-07-29 %% Type: language @@ -12955,7 +12974,7 @@ %% Type: language Subtag: gue -Description: Gurinji +Description: Gurindji Added: 2009-07-29 %% Type: language @@ -15292,6 +15311,7 @@ Type: language Subtag: jay Description: Yan-nhangu +Description: Nhangu Added: 2009-07-29 %% Type: language @@ -15488,6 +15508,7 @@ %% Type: language Subtag: jig +Description: Jingulu Description: Djingili Added: 2009-07-29 %% @@ -17222,6 +17243,7 @@ Type: language Subtag: kkp Description: Gugubera +Description: Koko-Bera Added: 2009-07-29 %% Type: language @@ -17266,6 +17288,7 @@ %% Type: language Subtag: kky +Description: Guugu Yimidhirr Description: Guguyimidjir Added: 2009-07-29 %% @@ -18320,6 +18343,7 @@ Type: language Subtag: ktd Description: Kokata +Description: Kukatha Added: 2009-07-29 %% Type: language @@ -19341,6 +19365,7 @@ Subtag: lba Description: Lui Added: 2009-07-29 +Deprecated: 2019-04-16 %% Type: language Subtag: lbb @@ -19396,7 +19421,7 @@ %% Type: language Subtag: lbn -Description: Lamet +Description: Rmeet Added: 2009-07-29 %% Type: language @@ -19446,6 +19471,7 @@ %% Type: language Subtag: lby +Description: Lamalama Description: Lamu-Lamu Added: 2009-07-29 %% @@ -20162,6 +20188,8 @@ Subtag: llo Description: Khlor Added: 2009-07-29 +Deprecated: 2019-04-16 +Preferred-Value: ngt %% Type: language Subtag: llp @@ -20654,6 +20682,11 @@ Macrolanguage: luy %% Type: language +Subtag: lsn +Description: Tibetan Sign Language +Added: 2019-04-16 +%% +Type: language Subtag: lso Description: Laos Sign Language Added: 2009-07-29 @@ -20680,6 +20713,11 @@ Added: 2009-07-29 %% Type: language +Subtag: lsv +Description: Sivia Sign Language +Added: 2019-04-16 +%% +Type: language Subtag: lsy Description: Mauritian Sign Language Added: 2010-03-11 @@ -20848,6 +20886,11 @@ Added: 2009-07-29 %% Type: language +Subtag: lvi +Description: Lavi +Added: 2019-04-16 +%% +Type: language Subtag: lvk Description: Lavukaleve Added: 2009-07-29 @@ -21454,7 +21497,7 @@ %% Type: language Subtag: mec -Description: Mara +Description: Marra Added: 2009-07-29 %% Type: language @@ -21523,7 +21566,7 @@ %% Type: language Subtag: mep -Description: Miriwung +Description: Miriwoong Added: 2009-07-29 %% Type: language @@ -21660,7 +21703,7 @@ %% Type: language Subtag: mfr -Description: Marithiel +Description: Marrithiyel Added: 2009-07-29 %% Type: language @@ -22853,12 +22896,13 @@ %% Type: language Subtag: mpb +Description: Malak Malak Description: Mullukmulluk Added: 2009-07-29 %% Type: language Subtag: mpc -Description: Mangarayi +Description: Mangarrayi Added: 2009-07-29 %% Type: language @@ -22889,6 +22933,7 @@ Type: language Subtag: mpj Description: Martu Wangka +Description: Wangkajunga Added: 2009-07-29 %% Type: language @@ -24015,6 +24060,8 @@ Subtag: myd Description: Maramba Added: 2009-07-29 +Deprecated: 2019-04-16 +Preferred-Value: aog %% Type: language Subtag: mye @@ -24040,6 +24087,7 @@ Subtag: myi Description: Mina (India) Added: 2009-07-29 +Deprecated: 2019-04-16 %% Type: language Subtag: myj @@ -24375,7 +24423,7 @@ %% Type: language Subtag: nay -Description: Narrinyeri +Description: Ngarrindjeri Added: 2009-07-29 %% Type: language @@ -24432,7 +24480,7 @@ %% Type: language Subtag: nbj -Description: Ngarinman +Description: Ngarinyman Added: 2009-07-29 %% Type: language @@ -24467,7 +24515,7 @@ %% Type: language Subtag: nbr -Description: Numana-Nunku-Gbantu-Numbu +Description: Numana Added: 2009-07-29 %% Type: language @@ -24559,7 +24607,7 @@ %% Type: language Subtag: nck -Description: Nakara +Description: Na-kara Added: 2009-07-29 %% Type: language @@ -24931,7 +24979,7 @@ %% Type: language Subtag: ngh -Description: Nǀu +Description: Nǁng Added: 2009-07-29 %% Type: language @@ -25176,7 +25224,7 @@ %% Type: language Subtag: nig -Description: Ngalakan +Description: Ngalakgan Added: 2009-07-29 %% Type: language @@ -25798,6 +25846,8 @@ Subtag: nns Description: Ningye Added: 2009-07-29 +Deprecated: 2019-04-16 +Preferred-Value: nbr %% Type: language Subtag: nnt @@ -26658,7 +26708,7 @@ %% Type: language Subtag: nyh -Description: Nyigina +Description: Nyikina Added: 2009-07-29 %% Type: language @@ -26713,7 +26763,7 @@ %% Type: language Subtag: nys -Description: Nyunga +Description: Nyungar Added: 2009-07-29 %% Type: language @@ -28707,6 +28757,11 @@ Added: 2009-07-29 %% Type: language +Subtag: pnd +Description: Mpinda +Added: 2019-04-16 +%% +Type: language Subtag: pne Description: Western Penan Added: 2009-07-29 @@ -28794,6 +28849,7 @@ %% Type: language Subtag: pnw +Description: Banyjima Description: Panytyima Added: 2009-07-29 %% @@ -29251,7 +29307,8 @@ %% Type: language Subtag: pti -Description: Pintiini +Description: Pindiini +Description: Wangkatha Added: 2009-07-29 %% Type: language @@ -30133,6 +30190,7 @@ %% Type: language Subtag: ril +Description: Riang Lang Description: Riang (Myanmar) Added: 2009-07-29 %% @@ -30153,7 +30211,7 @@ %% Type: language Subtag: rit -Description: Ritarungo +Description: Ritharrngu Added: 2009-07-29 %% Type: language @@ -30219,7 +30277,7 @@ %% Type: language Subtag: rmb -Description: Rembarunga +Description: Rembarrnga Added: 2009-07-29 %% Type: language @@ -30641,6 +30699,7 @@ Type: language Subtag: rxw Description: Karuwali +Description: Garuwali Added: 2013-09-10 %% Type: language @@ -32206,7 +32265,7 @@ %% Type: language Subtag: snz -Description: Sinsauru +Description: Kou Added: 2009-07-29 %% Type: language @@ -32883,6 +32942,7 @@ Subtag: suj Description: Shubi Added: 2009-07-29 +Comments: see also xsj %% Type: language Subtag: suk @@ -33312,6 +33372,11 @@ Added: 2009-07-29 %% Type: language +Subtag: szy +Description: Sakizaya +Added: 2019-04-16 +%% +Type: language Subtag: taa Description: Lower Tanana Added: 2009-07-29 @@ -33465,6 +33530,7 @@ %% Type: language Subtag: tbh +Description: Dharawal Description: Thurawal Added: 2009-07-29 %% @@ -33644,6 +33710,7 @@ Type: language Subtag: tcs Description: Torres Strait Creole +Description: Yumplatok Added: 2009-07-29 %% Type: language @@ -34067,6 +34134,7 @@ %% Type: language Subtag: thd +Description: Kuuk Thaayorre Description: Thayore Added: 2009-07-29 %% @@ -34310,6 +34378,11 @@ Added: 2009-07-29 %% Type: language +Subtag: tjj +Description: Tjungundji +Added: 2019-04-16 +%% +Type: language Subtag: tjl Description: Tai Laing Added: 2012-08-12 @@ -34330,6 +34403,11 @@ Added: 2009-07-29 %% Type: language +Subtag: tjp +Description: Tjupany +Added: 2019-04-16 +%% +Type: language Subtag: tjs Description: Southern Tujia Added: 2009-07-29 @@ -35679,6 +35757,11 @@ Added: 2009-07-29 %% Type: language +Subtag: tvx +Description: Taivoan +Added: 2019-04-16 +%% +Type: language Subtag: tvy Description: Timor Pidgin Added: 2009-07-29 @@ -36230,7 +36313,7 @@ %% Type: language Subtag: ulk -Description: Meriam +Description: Meriam Mir Added: 2009-07-29 %% Type: language @@ -36280,6 +36363,7 @@ %% Type: language Subtag: umg +Description: Morrobalama Description: Umbuygamu Added: 2009-07-29 %% @@ -36550,6 +36634,11 @@ Added: 2009-07-29 %% Type: language +Subtag: uss +Description: us-Saare +Added: 2019-04-16 +%% +Type: language Subtag: usu Description: Uya Added: 2009-07-29 @@ -36565,6 +36654,11 @@ Added: 2009-07-29 %% Type: language +Subtag: uth +Description: ut-Hun +Added: 2019-04-16 +%% +Type: language Subtag: utp Description: Amba (Solomon Islands) Added: 2009-07-29 @@ -37178,7 +37272,7 @@ %% Type: language Subtag: waq -Description: Wageman +Description: Wagiman Added: 2009-07-29 %% Type: language @@ -37301,7 +37395,7 @@ %% Type: language Subtag: wbt -Description: Wanman +Description: Warnman Added: 2009-07-29 %% Type: language @@ -37448,6 +37542,7 @@ %% Type: language Subtag: wgg +Description: Wangkangurru Description: Wangganguru Added: 2009-07-29 %% @@ -37521,7 +37616,7 @@ %% Type: language Subtag: wig -Description: Wik-Ngathana +Description: Wik Ngathan Added: 2009-07-29 %% Type: language @@ -37625,6 +37720,11 @@ Added: 2009-07-29 %% Type: language +Subtag: wkr +Description: Keerray-Woorroong +Added: 2019-04-16 +%% +Type: language Subtag: wku Description: Kunduvadi Added: 2009-07-29 @@ -37857,10 +37957,12 @@ Type: language Subtag: wny Description: Wanyi +Description: Waanyi Added: 2012-08-12 %% Type: language Subtag: woa +Description: Kuwema Description: Tyaraity Added: 2009-07-29 %% @@ -37951,6 +38053,7 @@ %% Type: language Subtag: wrb +Description: Waluwarra Description: Warluwara Added: 2009-07-29 %% @@ -37962,11 +38065,12 @@ Type: language Subtag: wrg Description: Warungu +Description: Gudjal Added: 2009-07-29 %% Type: language Subtag: wrh -Description: Wiradhuri +Description: Wiradjuri Added: 2009-07-29 %% Type: language @@ -38439,6 +38543,7 @@ %% Type: language Subtag: xby +Description: Batjala Description: Batyala Added: 2013-09-10 %% @@ -38998,7 +39103,7 @@ %% Type: language Subtag: xmh -Description: Kuku-Muminh +Description: Kugu-Muminh Added: 2009-07-29 %% Type: language @@ -39423,8 +39528,7 @@ Subtag: xsj Description: Subi Added: 2009-07-29 -Deprecated: 2015-02-12 -Preferred-Value: suj +Comments: see also suj %% Type: language Subtag: xsl @@ -40258,6 +40362,7 @@ %% Type: language Subtag: yin +Description: Riang Lai Description: Yinchia Added: 2009-07-29 %% @@ -41562,12 +41667,13 @@ %% Type: language Subtag: zml -Description: Madngele +Description: Matngala Added: 2009-07-29 %% Type: language Subtag: zmm Description: Marimanindji +Description: Marramaninyshi Added: 2009-07-29 %% Type: language @@ -43019,6 +43125,13 @@ Prefix: sgn %% Type: extlang +Subtag: lsn +Description: Tibetan Sign Language +Added: 2019-04-16 +Preferred-Value: lsn +Prefix: sgn +%% +Type: extlang Subtag: lso Description: Laos Sign Language Added: 2009-07-29 @@ -43041,6 +43154,13 @@ Prefix: sgn %% Type: extlang +Subtag: lsv +Description: Sivia Sign Language +Added: 2019-04-16 +Preferred-Value: lsv +Prefix: sgn +%% +Type: extlang Subtag: lsy Description: Mauritian Sign Language Added: 2010-03-11 @@ -43966,6 +44086,11 @@ Added: 2005-10-16 %% Type: script +Subtag: Chrs +Description: Chorasmian +Added: 2019-09-11 +%% +Type: script Subtag: Cirt Description: Cirth Added: 2005-10-16 @@ -44002,6 +44127,11 @@ Added: 2005-10-16 %% Type: script +Subtag: Diak +Description: Dives Akuru +Added: 2019-09-11 +%% +Type: script Subtag: Dogr Description: Dogra Added: 2017-01-13 @@ -44839,6 +44969,11 @@ Added: 2005-10-16 %% Type: script +Subtag: Yezi +Description: Yezidi +Added: 2019-09-11 +%% +Type: script Subtag: Yiii Description: Yi Added: 2005-10-16 @@ -45683,7 +45818,7 @@ %% Type: region Subtag: MK -Description: The Former Yugoslav Republic of Macedonia +Description: North Macedonia Added: 2005-10-16 %% Type: region
--- a/make/lib/SoundLibraries.gmk Fri Feb 05 20:19:32 2021 +0000 +++ b/make/lib/SoundLibraries.gmk Mon Apr 19 04:23:30 2021 +0100 @@ -187,6 +187,10 @@ ifeq ($(OPENJDK_TARGET_CPU), ppc64le) LIBJSOUND_CFLAGS += -DX_ARCH=X_PPC64LE endif + + ifeq ($(OPENJDK_TARGET_CPU), aarch64) + LIBJSOUND_CFLAGS += -DX_ARCH=X_AARCH64 + endif endif LIBJSOUND_CFLAGS += -DEXTRA_SOUND_JNI_LIBS='"$(EXTRA_SOUND_JNI_LIBS)"'
--- a/src/linux/classes/jdk/internal/platform/cgroupv1/Metrics.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/linux/classes/jdk/internal/platform/cgroupv1/Metrics.java Mon Apr 19 04:23:30 2021 +0100 @@ -26,8 +26,8 @@ package jdk.internal.platform.cgroupv1; -import java.io.BufferedReader; import java.io.IOException; +import java.io.UncheckedIOException; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; @@ -36,8 +36,10 @@ import java.security.PrivilegedExceptionAction; import java.util.stream.Stream; +import jdk.internal.platform.cgroupv1.SubSystem.MemorySubSystem; + public class Metrics implements jdk.internal.platform.Metrics { - private SubSystem memory; + private MemorySubSystem memory; private SubSystem cpu; private SubSystem cpuacct; private SubSystem cpuset; @@ -84,6 +86,8 @@ } catch (IOException e) { return null; + } catch (UncheckedIOException e) { + return null; } /** @@ -118,6 +122,8 @@ } catch (IOException e) { return null; + } catch (UncheckedIOException e) { + return null; } // Return Metrics object if we found any subsystems. @@ -135,6 +141,8 @@ } catch (PrivilegedActionException e) { unwrapIOExceptionAndRethrow(e); throw new InternalError(e.getCause()); + } catch (UncheckedIOException e) { + throw e.getCause(); } } @@ -159,7 +167,7 @@ for (String subsystemName: subsystemNames) { switch (subsystemName) { case "memory": - metric.setMemorySubSystem(new SubSystem(mountentry[3], mountentry[4])); + metric.setMemorySubSystem(new MemorySubSystem(mountentry[3], mountentry[4])); break; case "cpuset": metric.setCpuSetSubSystem(new SubSystem(mountentry[3], mountentry[4])); @@ -184,50 +192,58 @@ * setSubSystemPath based on the contents of /proc/self/cgroup */ private static void setSubSystemPath(Metrics metric, String[] entry) { - String controller; - String base; - SubSystem subsystem = null; - SubSystem subsystem2 = null; - - controller = entry[1]; - base = entry[2]; + String controller = entry[1]; + String base = entry[2]; if (controller != null && base != null) { - switch (controller) { - case "memory": - subsystem = metric.MemorySubSystem(); - break; - case "cpuset": - subsystem = metric.CpuSetSubSystem(); - break; - case "cpu,cpuacct": - case "cpuacct,cpu": - subsystem = metric.CpuSubSystem(); - subsystem2 = metric.CpuAcctSubSystem(); - break; - case "cpuacct": - subsystem = metric.CpuAcctSubSystem(); - break; - case "cpu": - subsystem = metric.CpuSubSystem(); - break; - case "blkio": - subsystem = metric.BlkIOSubSystem(); - break; - // Ignore subsystems that we don't support - default: - break; + for (String cName: controller.split(",")) { + switch (cName) { + case "memory": + setPath(metric, metric.MemorySubSystem(), base); + break; + case "cpuset": + setPath(metric, metric.CpuSetSubSystem(), base); + break; + case "cpuacct": + setPath(metric, metric.CpuAcctSubSystem(), base); + break; + case "cpu": + setPath(metric, metric.CpuSubSystem(), base); + break; + case "blkio": + setPath(metric, metric.BlkIOSubSystem(), base); + break; + // Ignore subsystems that we don't support + default: + break; + } } } - - if (subsystem != null) { - subsystem.setPath(base); - metric.setActiveSubSystems(); - } - if (subsystem2 != null) { - subsystem2.setPath(base); - } } + private static void setPath(Metrics metric, SubSystem subsystem, String base) { + if (subsystem != null) { + subsystem.setPath(base); + if (subsystem instanceof MemorySubSystem) { + MemorySubSystem memorySubSystem = (MemorySubSystem)subsystem; + boolean isHierarchial = getHierarchical(memorySubSystem); + memorySubSystem.setHierarchical(isHierarchial); + boolean isSwapEnabled = getSwapEnabled(memorySubSystem); + memorySubSystem.setSwapEnabled(isSwapEnabled); + } + metric.setActiveSubSystems(); + } + } + + + private static boolean getHierarchical(MemorySubSystem subsystem) { + long hierarchical = SubSystem.getLongValue(subsystem, "memory.use_hierarchy"); + return hierarchical > 0; + } + + private static boolean getSwapEnabled(MemorySubSystem subsystem) { + long retval = SubSystem.getLongValue(subsystem, "memory.memsw.limit_in_bytes"); + return retval > 0; + } private void setActiveSubSystems() { activeSubSystems = true; @@ -237,7 +253,7 @@ return activeSubSystems; } - private void setMemorySubSystem(SubSystem memory) { + private void setMemorySubSystem(MemorySubSystem memory) { this.memory = memory; } @@ -392,9 +408,29 @@ public long getMemoryLimit() { long retval = SubSystem.getLongValue(memory, "memory.limit_in_bytes"); + if (retval > unlimited_minimum) { + if (memory.isHierarchical()) { + // memory.limit_in_bytes returned unlimited, attempt + // hierarchical memory limit + String match = "hierarchical_memory_limit"; + retval = SubSystem.getLongValueMatchingLine(memory, + "memory.stat", + match, + Metrics::convertHierachicalLimitLine); + } + } return retval > unlimited_minimum ? -1L : retval; } + public static long convertHierachicalLimitLine(String line) { + String[] tokens = line.split("\\s"); + if (tokens.length == 2) { + String strVal = tokens[1]; + return SubSystem.convertStringToLong(strVal); + } + return unlimited_minimum + 1; // unlimited + } + public long getMemoryMaxUsage() { return SubSystem.getLongValue(memory, "memory.max_usage_in_bytes"); } @@ -438,19 +474,42 @@ } public long getMemoryAndSwapFailCount() { + if (memory != null && !memory.isSwapEnabled()) { + return getMemoryFailCount(); + } return SubSystem.getLongValue(memory, "memory.memsw.failcnt"); } public long getMemoryAndSwapLimit() { + if (memory != null && !memory.isSwapEnabled()) { + return getMemoryLimit(); + } long retval = SubSystem.getLongValue(memory, "memory.memsw.limit_in_bytes"); + if (retval > unlimited_minimum) { + if (memory.isHierarchical()) { + // memory.memsw.limit_in_bytes returned unlimited, attempt + // hierarchical memory limit + String match = "hierarchical_memsw_limit"; + retval = SubSystem.getLongValueMatchingLine(memory, + "memory.stat", + match, + Metrics::convertHierachicalLimitLine); + } + } return retval > unlimited_minimum ? -1L : retval; } public long getMemoryAndSwapMaxUsage() { + if (memory != null && !memory.isSwapEnabled()) { + return getMemoryMaxUsage(); + } return SubSystem.getLongValue(memory, "memory.memsw.max_usage_in_bytes"); } public long getMemoryAndSwapUsage() { + if (memory != null && !memory.isSwapEnabled()) { + return getMemoryUsage(); + } return SubSystem.getLongValue(memory, "memory.memsw.usage_in_bytes"); }
--- a/src/linux/classes/jdk/internal/platform/cgroupv1/SubSystem.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/linux/classes/jdk/internal/platform/cgroupv1/SubSystem.java Mon Apr 19 04:23:30 2021 +0100 @@ -27,6 +27,7 @@ import java.io.BufferedReader; import java.io.IOException; +import java.io.UncheckedIOException; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; @@ -34,7 +35,9 @@ import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; import java.util.ArrayList; +import java.util.List; import java.util.Optional; +import java.util.function.Function; import java.util.stream.Stream; public class SubSystem { @@ -108,12 +111,49 @@ } catch (PrivilegedActionException e) { Metrics.unwrapIOExceptionAndRethrow(e); throw new InternalError(e.getCause()); + } catch (UncheckedIOException e) { + throw e.getCause(); + } + } + + public static long getLongValueMatchingLine(SubSystem subsystem, + String param, + String match, + Function<String, Long> conversion) { + long retval = Metrics.unlimited_minimum + 1; // default unlimited + try { + List<String> lines = subsystem.readMatchingLines(param); + for (String line: lines) { + if (line.contains(match)) { + retval = conversion.apply(line); + break; + } + } + } catch (IOException e) { + // Ignore. Default is unlimited. + } + return retval; + } + + private List<String> readMatchingLines(String param) throws IOException { + try { + PrivilegedExceptionAction<List<String>> pea = () -> + Files.readAllLines(Paths.get(path(), param)); + return AccessController.doPrivileged(pea); + } catch (PrivilegedActionException e) { + Metrics.unwrapIOExceptionAndRethrow(e); + throw new InternalError(e.getCause()); + } catch (UncheckedIOException e) { + throw e.getCause(); } } public static long getLongValue(SubSystem subsystem, String parm) { String strval = getStringValue(subsystem, parm); + return convertStringToLong(strval); + } + public static long convertStringToLong(String strval) { if (strval == null) return 0L; long retval = Long.parseLong(strval); @@ -158,8 +198,9 @@ .findFirst(); return result.isPresent() ? Long.parseLong(result.get()) : 0L; - } - catch (IOException e) { + } catch (IOException e) { + return 0L; + } catch (UncheckedIOException e) { return 0L; } } @@ -218,4 +259,31 @@ return ints; } + + public static class MemorySubSystem extends SubSystem { + + private boolean hierarchical; + private boolean swapenabled; + + public MemorySubSystem(String root, String mountPoint) { + super(root, mountPoint); + } + + boolean isHierarchical() { + return hierarchical; + } + + void setHierarchical(boolean hierarchical) { + this.hierarchical = hierarchical; + } + + boolean isSwapEnabled() { + return swapenabled; + } + + void setSwapEnabled(boolean swapenabled) { + this.swapenabled = swapenabled; + } + + } }
--- a/src/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java Mon Apr 19 04:23:30 2021 +0100 @@ -102,7 +102,8 @@ public static final String WINDOW_FADE_IN = "apple.awt._windowFadeIn"; public static final String WINDOW_FADE_OUT = "apple.awt._windowFadeOut"; public static final String WINDOW_FULLSCREENABLE = "apple.awt.fullscreenable"; - + public static final String WINDOW_FULL_CONTENT = "apple.awt.fullWindowContent"; + public static final String WINDOW_TRANSPARENT_TITLE_BAR = "apple.awt.transparentTitleBar"; // Yeah, I know. But it's easier to deal with ints from JNI static final int MODELESS = 0; @@ -129,8 +130,10 @@ static final int IS_DIALOG = 1 << 25; static final int IS_MODAL = 1 << 26; static final int IS_POPUP = 1 << 27; + static final int FULL_WINDOW_CONTENT = 1 << 14; - static final int _STYLE_PROP_BITMASK = DECORATED | TEXTURED | UNIFIED | UTILITY | HUD | SHEET | CLOSEABLE | MINIMIZABLE | RESIZABLE; + static final int _STYLE_PROP_BITMASK = DECORATED | TEXTURED | UNIFIED | UTILITY | HUD | SHEET | CLOSEABLE + | MINIMIZABLE | RESIZABLE | FULL_WINDOW_CONTENT; // corresponds to method-based properties static final int HAS_SHADOW = 1 << 10; @@ -141,8 +144,11 @@ static final int DRAGGABLE_BACKGROUND = 1 << 19; static final int DOCUMENT_MODIFIED = 1 << 21; static final int FULLSCREENABLE = 1 << 23; + static final int TRANSPARENT_TITLE_BAR = 1 << 18; - static final int _METHOD_PROP_BITMASK = RESIZABLE | HAS_SHADOW | ZOOMABLE | ALWAYS_ON_TOP | HIDES_ON_DEACTIVATE | DRAGGABLE_BACKGROUND | DOCUMENT_MODIFIED | FULLSCREENABLE; + static final int _METHOD_PROP_BITMASK = RESIZABLE | HAS_SHADOW | ZOOMABLE | ALWAYS_ON_TOP | HIDES_ON_DEACTIVATE + | DRAGGABLE_BACKGROUND | DOCUMENT_MODIFIED | FULLSCREENABLE + | TRANSPARENT_TITLE_BAR; // corresponds to callback-based properties static final int SHOULD_BECOME_KEY = 1 << 12; @@ -197,7 +203,19 @@ final String filename = ((java.io.File)value).getAbsolutePath(); c.execute(ptr->nativeSetNSWindowRepresentedFilename(ptr, filename)); - }} + }}, + new Property<CPlatformWindow>(WINDOW_FULL_CONTENT) { + public void applyProperty(final CPlatformWindow c, final Object value) { + boolean isFullWindowContent = Boolean.parseBoolean(value.toString()); + c.setStyleBits(FULL_WINDOW_CONTENT, isFullWindowContent); + } + }, + new Property<CPlatformWindow>(WINDOW_TRANSPARENT_TITLE_BAR) { + public void applyProperty(final CPlatformWindow c, final Object value) { + boolean isTransparentTitleBar = Boolean.parseBoolean(value.toString()); + c.setStyleBits(TRANSPARENT_TITLE_BAR, isTransparentTitleBar); + } + } }) { public CPlatformWindow convertJComponentToTarget(final JRootPane p) { Component root = SwingUtilities.getRoot(p); @@ -417,6 +435,16 @@ if (prop != null) { styleBits = SET(styleBits, DRAGGABLE_BACKGROUND, Boolean.parseBoolean(prop.toString())); } + + prop = rootpane.getClientProperty(WINDOW_FULL_CONTENT); + if (prop != null) { + styleBits = SET(styleBits, FULL_WINDOW_CONTENT, Boolean.parseBoolean(prop.toString())); + } + + prop = rootpane.getClientProperty(WINDOW_TRANSPARENT_TITLE_BAR); + if (prop != null) { + styleBits = SET(styleBits, TRANSPARENT_TITLE_BAR, Boolean.parseBoolean(prop.toString())); + } } if (isDialog) {
--- a/src/macosx/native/sun/awt/AWTWindow.m Fri Feb 05 20:19:32 2021 +0000 +++ b/src/macosx/native/sun/awt/AWTWindow.m Mon Apr 19 04:23:30 2021 +0100 @@ -202,9 +202,10 @@ NSUInteger type = 0; if (IS(styleBits, DECORATED)) { type |= NSTitledWindowMask; - if (IS(styleBits, CLOSEABLE)) type |= NSClosableWindowMask; - if (IS(styleBits, MINIMIZABLE)) type |= NSMiniaturizableWindowMask; - if (IS(styleBits, RESIZABLE)) type |= NSResizableWindowMask; + if (IS(styleBits, CLOSEABLE)) type |= NSClosableWindowMask; + if (IS(styleBits, MINIMIZABLE)) type |= NSMiniaturizableWindowMask; + if (IS(styleBits, RESIZABLE)) type |= NSResizableWindowMask; + if (IS(styleBits, FULL_WINDOW_CONTENT)) type |= NSFullSizeContentViewWindowMask; } else { type |= NSBorderlessWindowMask; } @@ -263,6 +264,9 @@ } } + if (IS(mask, TRANSPARENT_TITLE_BAR) && [self.nsWindow respondsToSelector:@selector(setTitlebarAppearsTransparent:)]) { + [self.nsWindow setTitlebarAppearsTransparent:IS(bits, TRANSPARENT_TITLE_BAR)]; + } } - (id) initWithPlatformWindow:(JNFWeakJObjectWrapper *)platformWindow @@ -1016,9 +1020,28 @@ AWTWindow *window = (AWTWindow*)[nsWindow delegate]; // scans the bit field, and only updates the values requested by the mask - // (this implicity handles the _CALLBACK_PROP_BITMASK case, since those are passive reads) + // (this implicitly handles the _CALLBACK_PROP_BITMASK case, since those are passive reads) jint newBits = window.styleBits & ~mask | bits & mask; + BOOL resized = NO; + + // Check for a change to the full window content view option. + // The content view must be resized first, otherwise the window will be resized to fit the existing + // content view. + if (IS(mask, FULL_WINDOW_CONTENT)) { + if (IS(newBits, FULL_WINDOW_CONTENT) != IS(window.styleBits, FULL_WINDOW_CONTENT)) { + NSRect frame = [nsWindow frame]; + NSUInteger styleMask = [AWTWindow styleMaskForStyleBits:newBits]; + NSRect screenContentRect = [NSWindow contentRectForFrameRect:frame styleMask:styleMask]; + NSRect contentFrame = NSMakeRect(screenContentRect.origin.x - frame.origin.x, + screenContentRect.origin.y - frame.origin.y, + screenContentRect.size.width, + screenContentRect.size.height); + nsWindow.contentView.frame = contentFrame; + resized = YES; + } + } + // resets the NSWindow's style mask if the mask intersects any of those bits if (mask & MASK(_STYLE_PROP_BITMASK)) { [nsWindow setStyleMask:[AWTWindow styleMaskForStyleBits:newBits]]; @@ -1030,6 +1053,10 @@ } window.styleBits = newBits; + + if (resized) { + [window _deliverMoveResizeEvent]; + } }]; JNF_COCOA_EXIT(env);
--- a/src/macosx/native/sun/font/AWTFont.m Fri Feb 05 20:19:32 2021 +0000 +++ b/src/macosx/native/sun/font/AWTFont.m Mon Apr 19 04:23:30 2021 +0100 @@ -97,11 +97,32 @@ [super finalize]; } +static NSString* uiName = nil; +static NSString* uiBoldName = nil; + + (AWTFont *) awtFontForName:(NSString *)name style:(int)style { // create font with family & size - NSFont *nsFont = [NSFont fontWithName:name size:1.0]; + NSFont *nsFont = nil; + + if ((uiName != nil && [name isEqualTo:uiName]) || + (uiBoldName != nil && [name isEqualTo:uiBoldName])) { + if (style & java_awt_Font_BOLD) { + nsFont = [NSFont boldSystemFontOfSize:1.0]; + } else { + nsFont = [NSFont systemFontOfSize:1.0]; + } +#ifdef DEBUG + NSLog(@"nsFont-name is : %@", nsFont.familyName); + NSLog(@"nsFont-family is : %@", nsFont.fontName); + NSLog(@"nsFont-desc-name is : %@", nsFont.fontDescriptor.postscriptName); +#endif + + + } else { + nsFont = [NSFont fontWithName:name size:1.0]; + } if (nsFont == nil) { // if can't get font of that name, substitute system default font @@ -193,7 +214,7 @@ return [sFontFamilyTable objectForKey:fontname]; } -static void addFont(CTFontUIFontType uiType, +static void addFont(CTFontUIFontType uiType, NSMutableArray *allFonts, NSMutableDictionary* fontFamilyTable) { @@ -219,6 +240,12 @@ CFRelease(font); return; } + if (uiType == kCTFontUIFontSystem) { + uiName = (NSString*)name; + } + if (uiType == kCTFontUIFontEmphasizedSystem) { + uiBoldName = (NSString*)name; + } [allFonts addObject:name]; [fontFamilyTable setObject:family forKey:name]; #ifdef DEBUG @@ -230,7 +257,7 @@ CFRelease(desc); CFRelease(font); } - + static NSArray* GetFilteredFonts() { @@ -273,7 +300,6 @@ */ addFont(kCTFontUIFontSystem, allFonts, fontFamilyTable); addFont(kCTFontUIFontEmphasizedSystem, allFonts, fontFamilyTable); - addFont(kCTFontUIFontUserFixedPitch, allFonts, fontFamilyTable); sFilteredFonts = allFonts; sFontFamilyTable = fontFamilyTable; @@ -661,7 +687,7 @@ NSLog(@"Font is : %@", (NSString*)fontname); #endif jstring jFontName = (jstring)JNFNSToJavaString(env, fontname); - (*env)->CallBooleanMethod(env, arrayListOfString, addMID, jFontName); + (*env)->CallBooleanMethod(env, arrayListOfString, addMID, jFontName); (*env)->DeleteLocalRef(env, jFontName); } }
--- a/src/share/classes/com/sun/java/swing/plaf/gtk/GTKPainter.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/com/sun/java/swing/plaf/gtk/GTKPainter.java Mon Apr 19 04:23:30 2021 +0100 @@ -185,6 +185,21 @@ } } + //This is workaround used to draw the highlight + // when the MENU or MenuItem is selected on some platforms + //This should be properly fixed by reading color from css + private void paintComponentBackground(SynthContext context, + Graphics g, int x, int y, + int w, int h) { + GTKStyle style = (GTKStyle) context.getStyle(); + Color highlightColor = + style.getGTKColor(GTKEngine.WidgetType.TEXT_AREA.ordinal(), + GTKLookAndFeel.synthStateToGTKStateType(SynthConstants.SELECTED).ordinal(), + ColorType.BACKGROUND.getID()); + g.setColor(highlightColor); + g.fillRect(x, y, w, h); + } + // // RADIO_BUTTON_MENU_ITEM // @@ -196,6 +211,10 @@ int gtkState = GTKLookAndFeel.synthStateToGTKState( id, context.getComponentState()); if (gtkState == SynthConstants.MOUSE_OVER) { + if (GTKLookAndFeel.is3()) { + paintComponentBackground(context, g, x, y, w, h); + return; + } synchronized (UNIXToolkit.GTK_LOCK) { if (! ENGINE.paintCachedImage(g, x, y, w, h, id)) { ShadowType shadow = (GTKLookAndFeel.is2_2() ? @@ -535,34 +554,6 @@ } } - private int getBrightness(Color c) { - return Math.max(c.getRed(), Math.max(c.getGreen(), c.getBlue())); - } - - private int getMaxColorDiff(Color c1, Color c2) { - return Math.max(Math.abs(c1.getRed() - c2.getRed()), - Math.max(Math.abs(c1.getGreen() - c2.getGreen()), - Math.abs(c1.getBlue() - c2.getBlue()))); - } - - private int scaleColorComponent(int color, double scaleFactor) { - return (int)(color + color * scaleFactor); - } - private Color deriveColor(Color originalColor, int originalBrightness, - int targetBrightness) { - int r, g, b; - if (originalBrightness == 0) { - r = g = b = targetBrightness; - } else { - double scaleFactor = (targetBrightness - originalBrightness) - / originalBrightness ; - r = scaleColorComponent(originalColor.getRed(), scaleFactor); - g = scaleColorComponent(originalColor.getGreen(), scaleFactor); - b = scaleColorComponent(originalColor.getBlue(), scaleFactor); - } - return new Color(r, g, b); - } - // // MENU // @@ -579,56 +570,9 @@ int gtkState = GTKLookAndFeel.synthStateToGTKState( context.getRegion(), context.getComponentState()); if (gtkState == SynthConstants.MOUSE_OVER) { - if (GTKLookAndFeel.is3() && context.getRegion() == Region.MENU) { - GTKStyle style = (GTKStyle)context.getStyle(); - Color highlightColor = style.getGTKColor( - GTKEngine.WidgetType.MENU_ITEM.ordinal(), - gtkState, ColorType.BACKGROUND.getID()); - Color backgroundColor = style.getGTKColor( - GTKEngine.WidgetType.MENU_BAR.ordinal(), - SynthConstants.ENABLED, ColorType.BACKGROUND.getID()); - - int minBrightness = 0, maxBrightness = 255; - int minBrightnessDifference = 100; - int actualBrightnessDifference = - getMaxColorDiff(highlightColor, backgroundColor); - if (actualBrightnessDifference < minBrightnessDifference) { - int highlightBrightness = - getBrightness(highlightColor); - int backgroundBrightness = - getBrightness(backgroundColor); - int originalHighlightBrightness = - highlightBrightness; - if (highlightBrightness >= backgroundBrightness) { - if (backgroundBrightness + minBrightnessDifference <= - maxBrightness) { - highlightBrightness = - backgroundBrightness + - minBrightnessDifference; - } else { - highlightBrightness = - backgroundBrightness - - minBrightnessDifference; - } - } else { - if (backgroundBrightness - minBrightnessDifference >= - minBrightness) { - highlightBrightness = - backgroundBrightness - - minBrightnessDifference; - } else { - highlightBrightness = - backgroundBrightness + - minBrightnessDifference; - } - } - - g.setColor(deriveColor(highlightColor, - originalHighlightBrightness, - highlightBrightness)); - g.fillRect(x, y, w, h); - return; - } + if (GTKLookAndFeel.is3()) { + paintComponentBackground(context, g, x, y, w, h); + return; } Region id = Region.MENU_ITEM; synchronized (UNIXToolkit.GTK_LOCK) {
--- a/src/share/classes/com/sun/media/sound/ModelByteBuffer.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/com/sun/media/sound/ModelByteBuffer.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -190,11 +190,13 @@ public void writeTo(OutputStream out) throws IOException { if (root.file != null && root.buffer == null) { - InputStream is = getInputStream(); - byte[] buff = new byte[1024]; - int ret; - while ((ret = is.read(buff)) != -1) - out.write(buff, 0, ret); + try (InputStream is = getInputStream()) { + byte[] buff = new byte[1024]; + int ret; + while ((ret = is.read(buff)) != -1) { + out.write(buff, 0, ret); + } + } } else out.write(array(), (int) arrayOffset(), (int) capacity()); }
--- a/src/share/classes/java/lang/ClassValue.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/java/lang/ClassValue.java Mon Apr 19 04:23:30 2021 +0100 @@ -30,6 +30,8 @@ import java.lang.ref.WeakReference; import java.util.concurrent.atomic.AtomicInteger; +import sun.misc.Unsafe; + import static java.lang.ClassValue.ClassValueMap.probeHomeLocation; import static java.lang.ClassValue.ClassValueMap.probeBackupLocations; @@ -370,15 +372,25 @@ } private static final Object CRITICAL_SECTION = new Object(); + private static final Unsafe UNSAFE = Unsafe.getUnsafe(); private static ClassValueMap initializeMap(Class<?> type) { ClassValueMap map; synchronized (CRITICAL_SECTION) { // private object to avoid deadlocks // happens about once per type - if ((map = type.classValueMap) == null) - type.classValueMap = map = new ClassValueMap(type); + if ((map = type.classValueMap) == null) { + map = new ClassValueMap(type); + // Place a Store fence after construction and before publishing to emulate + // ClassValueMap containing final fields. This ensures it can be + // published safely in the non-volatile field Class.classValueMap, + // since stores to the fields of ClassValueMap will not be reordered + // to occur after the store to the field type.classValueMap + UNSAFE.storeFence(); + + type.classValueMap = map; + } } - return map; - } + return map; + } static <T> Entry<T> makeEntry(Version<T> explicitVersion, T value) { // Note that explicitVersion might be different from this.version.
--- a/src/share/classes/javax/imageio/metadata/IIOMetadataNode.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/javax/imageio/metadata/IIOMetadataNode.java Mon Apr 19 04:23:30 2021 +0100 @@ -121,7 +121,7 @@ } public Node item(int index) { - if (index < 0 || index > nodes.size()) { + if (index < 0 || index >= nodes.size()) { return null; } return (Node)nodes.get(index); @@ -878,7 +878,7 @@ } private void getElementsByTagName(String name, List l) { - if (nodeName.equals(name)) { + if (nodeName.equals(name) || "*".equals(name)) { l.add(this); }
--- a/src/share/classes/javax/swing/plaf/basic/BasicComboBoxUI.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/javax/swing/plaf/basic/BasicComboBoxUI.java Mon Apr 19 04:23:30 2021 +0100 @@ -952,7 +952,7 @@ getDisplaySize(); if (sameBaseline) { Insets insets = c.getInsets(); - height = height - insets.top - insets.bottom; + height = Math.max(height - insets.top - insets.bottom, 0); if (!comboBox.isEditable()) { ListCellRenderer renderer = comboBox.getRenderer(); if (renderer == null) {
--- a/src/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -93,10 +93,16 @@ */ public void setNewClient (URL url, boolean useCache) throws IOException { + int readTimeout = getReadTimeout(); http = HttpsClient.New (getSSLSocketFactory(), url, getHostnameVerifier(), - useCache, this); + null, + -1, + useCache, + getConnectTimeout(), + this); + http.setReadTimeout(readTimeout); ((HttpsClient)http).afterConnect(); } @@ -146,10 +152,16 @@ boolean useCache) throws IOException { if (connected) return; + int readTimeout = getReadTimeout(); http = HttpsClient.New (getSSLSocketFactory(), url, getHostnameVerifier(), - proxyHost, proxyPort, useCache, this); + proxyHost, + proxyPort, + useCache, + getConnectTimeout(), + this); + http.setReadTimeout(readTimeout); connected = true; }
--- a/src/share/classes/sun/security/ec/CurveDB.java Fri Feb 05 20:19:32 2021 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,728 +0,0 @@ -/* - * Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.ec; - -import java.math.BigInteger; - -import java.security.spec.*; - -import java.util.*; -import java.util.regex.Pattern; - -import sun.security.util.ECUtil; - -/** - * Repository for well-known Elliptic Curve parameters. It is used by both - * the SunPKCS11 and SunJSSE code. - * - * @since 1.6 - * @author Andreas Sterbenz - */ -public class CurveDB { - private final static int P = 1; // prime curve - private final static int B = 2; // binary curve - private final static int PD = 5; // prime curve, mark as default - private final static int BD = 6; // binary curve, mark as default - - private static final Map<String,NamedCurve> oidMap = - new LinkedHashMap<String,NamedCurve>(); - private static final Map<String,NamedCurve> nameMap = - new HashMap<String,NamedCurve>(); - private static final Map<Integer,NamedCurve> lengthMap = - new HashMap<Integer,NamedCurve>(); - - private static Collection<? extends NamedCurve> specCollection; - - static final String SPLIT_PATTERN = ",|\\[|\\]"; - - // Used by SunECEntries - static Collection<? extends NamedCurve>getSupportedCurves() { - return specCollection; - } - - // Return a NamedCurve for the specified OID/name or null if unknown. - static NamedCurve lookup(String name) { - NamedCurve spec = oidMap.get(name); - if (spec != null) { - return spec; - } - - return nameMap.get(name); - } - - // Return EC parameters for the specified field size. If there are known - // NIST recommended parameters for the given length, they are returned. - // Otherwise, if there are multiple matches for the given size, an - // arbitrary one is returns. - // If no parameters are known, the method returns null. - // NOTE that this method returns both prime and binary curves. - static NamedCurve lookup(int length) { - return lengthMap.get(length); - } - - // Convert the given ECParameterSpec object to a NamedCurve object. - // If params does not represent a known named curve, return null. - static NamedCurve lookup(ECParameterSpec params) { - if ((params instanceof NamedCurve) || (params == null)) { - return (NamedCurve)params; - } - - // This is a hack to allow SunJSSE to work with 3rd party crypto - // providers for ECC and not just SunPKCS11. - // This can go away once we decide how to expose curve names in the - // public API. - // Note that it assumes that the 3rd party provider encodes named - // curves using the short form, not explicitly. If it did that, then - // the SunJSSE TLS ECC extensions are wrong, which could lead to - // interoperability problems. - int fieldSize = params.getCurve().getField().getFieldSize(); - for (NamedCurve namedCurve : specCollection) { - // ECParameterSpec does not define equals, so check all the - // components ourselves. - // Quick field size check first - if (namedCurve.getCurve().getField().getFieldSize() != fieldSize) { - continue; - } - if (ECUtil.equals(namedCurve, params)) { - // everything matches our named curve, return it - return namedCurve; - } - } - // no match found - return null; - } - - private static BigInteger bi(String s) { - return new BigInteger(s, 16); - } - - private static void add(String name, String soid, int type, String sfield, - String a, String b, String x, String y, String n, int h, - Pattern nameSplitPattern) { - BigInteger p = bi(sfield); - ECField field; - if ((type == P) || (type == PD)) { - field = new ECFieldFp(p); - } else if ((type == B) || (type == BD)) { - field = new ECFieldF2m(p.bitLength() - 1, p); - } else { - throw new RuntimeException("Invalid type: " + type); - } - - EllipticCurve curve = new EllipticCurve(field, bi(a), bi(b)); - ECPoint g = new ECPoint(bi(x), bi(y)); - - NamedCurve params = new NamedCurve(name, soid, curve, g, bi(n), h); - if (oidMap.put(soid, params) != null) { - throw new RuntimeException("Duplication oid: " + soid); - } - - String[] commonNames = nameSplitPattern.split(name); - for (String commonName : commonNames) { - if (nameMap.put(commonName.trim(), params) != null) { - throw new RuntimeException("Duplication name: " + commonName); - } - } - - int len = field.getFieldSize(); - if ((type == PD) || (type == BD) || (lengthMap.get(len) == null)) { - // add entry if none present for this field size or if - // the curve is marked as a default curve. - lengthMap.put(len, params); - } - } - - static { - Pattern nameSplitPattern = Pattern.compile(SPLIT_PATTERN); - - /* SEC2 prime curves */ - add("secp112r1", "1.3.132.0.6", P, - "DB7C2ABF62E35E668076BEAD208B", - "DB7C2ABF62E35E668076BEAD2088", - "659EF8BA043916EEDE8911702B22", - "09487239995A5EE76B55F9C2F098", - "A89CE5AF8724C0A23E0E0FF77500", - "DB7C2ABF62E35E7628DFAC6561C5", - 1, nameSplitPattern); - - add("secp112r2", "1.3.132.0.7", P, - "DB7C2ABF62E35E668076BEAD208B", - "6127C24C05F38A0AAAF65C0EF02C", - "51DEF1815DB5ED74FCC34C85D709", - "4BA30AB5E892B4E1649DD0928643", - "adcd46f5882e3747def36e956e97", - "36DF0AAFD8B8D7597CA10520D04B", - 4, nameSplitPattern); - - add("secp128r1", "1.3.132.0.28", P, - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", - "E87579C11079F43DD824993C2CEE5ED3", - "161FF7528B899B2D0C28607CA52C5B86", - "CF5AC8395BAFEB13C02DA292DDED7A83", - "FFFFFFFE0000000075A30D1B9038A115", - 1, nameSplitPattern); - - add("secp128r2", "1.3.132.0.29", P, - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", - "D6031998D1B3BBFEBF59CC9BBFF9AEE1", - "5EEEFCA380D02919DC2C6558BB6D8A5D", - "7B6AA5D85E572983E6FB32A7CDEBC140", - "27B6916A894D3AEE7106FE805FC34B44", - "3FFFFFFF7FFFFFFFBE0024720613B5A3", - 4, nameSplitPattern); - - add("secp160k1", "1.3.132.0.9", P, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", - "0000000000000000000000000000000000000000", - "0000000000000000000000000000000000000007", - "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", - "938CF935318FDCED6BC28286531733C3F03C4FEE", - "0100000000000000000001B8FA16DFAB9ACA16B6B3", - 1, nameSplitPattern); - - add("secp160r1", "1.3.132.0.8", P, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", - "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", - "4A96B5688EF573284664698968C38BB913CBFC82", - "23A628553168947D59DCC912042351377AC5FB32", - "0100000000000000000001F4C8F927AED3CA752257", - 1, nameSplitPattern); - - add("secp160r2", "1.3.132.0.30", P, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", - "B4E134D3FB59EB8BAB57274904664D5AF50388BA", - "52DCB034293A117E1F4FF11B30F7199D3144CE6D", - "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E", - "0100000000000000000000351EE786A818F3A1A16B", - 1, nameSplitPattern); - - add("secp192k1", "1.3.132.0.31", P, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", - "000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000003", - "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", - "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", - "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", - 1, nameSplitPattern); - - add("secp192r1 [NIST P-192, X9.62 prime192v1]", "1.2.840.10045.3.1.1", PD, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", - "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", - "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811", - "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", - 1, nameSplitPattern); - - add("secp224k1", "1.3.132.0.32", P, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", - "00000000000000000000000000000000000000000000000000000000", - "00000000000000000000000000000000000000000000000000000005", - "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", - "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", - "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", - 1, nameSplitPattern); - - add("secp224r1 [NIST P-224]", "1.3.132.0.33", PD, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", - "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", - "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", - "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", - 1, nameSplitPattern); - - add("secp256k1", "1.3.132.0.10", P, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", - "0000000000000000000000000000000000000000000000000000000000000000", - "0000000000000000000000000000000000000000000000000000000000000007", - "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", - "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", - 1, nameSplitPattern); - - add("secp256r1 [NIST P-256, X9.62 prime256v1]", "1.2.840.10045.3.1.7", PD, - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", - "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", - "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", - "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", - "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", - 1, nameSplitPattern); - - add("secp384r1 [NIST P-384]", "1.3.132.0.34", PD, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", - "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", - "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7", - "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", - 1, nameSplitPattern); - - add("secp521r1 [NIST P-521]", "1.3.132.0.35", PD, - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", - "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", - "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", - "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", - 1, nameSplitPattern); - - /* ANSI X9.62 prime curves */ - add("X9.62 prime192v2", "1.2.840.10045.3.1.2", P, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", - "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", - "6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15", - "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31", - 1, nameSplitPattern); - - add("X9.62 prime192v3", "1.2.840.10045.3.1.3", P, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", - "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", - "38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0", - "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13", - 1, nameSplitPattern); - - add("X9.62 prime239v1", "1.2.840.10045.3.1.4", P, - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", - "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", - "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", - "7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B", - 1, nameSplitPattern); - - add("X9.62 prime239v2", "1.2.840.10045.3.1.5", P, - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", - "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", - "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", - "5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA", - "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063", - 1, nameSplitPattern); - - add("X9.62 prime239v3", "1.2.840.10045.3.1.6", P, - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", - "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", - "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", - "1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551", - 1, nameSplitPattern); - - /* SEC2 binary curves */ - add("sect113r1", "1.3.132.0.4", B, - "020000000000000000000000000201", - "003088250CA6E7C7FE649CE85820F7", - "00E8BEE4D3E2260744188BE0E9C723", - "009D73616F35F4AB1407D73562C10F", - "00A52830277958EE84D1315ED31886", - "0100000000000000D9CCEC8A39E56F", - 2, nameSplitPattern); - - add("sect113r2", "1.3.132.0.5", B, - "020000000000000000000000000201", - "00689918DBEC7E5A0DD6DFC0AA55C7", - "0095E9A9EC9B297BD4BF36E059184F", - "01A57A6A7B26CA5EF52FCDB8164797", - "00B3ADC94ED1FE674C06E695BABA1D", - "010000000000000108789B2496AF93", - 2, nameSplitPattern); - - add("sect131r1", "1.3.132.0.22", B, - "080000000000000000000000000000010D", - "07A11B09A76B562144418FF3FF8C2570B8", - "0217C05610884B63B9C6C7291678F9D341", - "0081BAF91FDF9833C40F9C181343638399", - "078C6E7EA38C001F73C8134B1B4EF9E150", - "0400000000000000023123953A9464B54D", - 2, nameSplitPattern); - - add("sect131r2", "1.3.132.0.23", B, - "080000000000000000000000000000010D", - "03E5A88919D7CAFCBF415F07C2176573B2", - "04B8266A46C55657AC734CE38F018F2192", - "0356DCD8F2F95031AD652D23951BB366A8", - "0648F06D867940A5366D9E265DE9EB240F", - "0400000000000000016954A233049BA98F", - 2, nameSplitPattern); - - add("sect163k1 [NIST K-163]", "1.3.132.0.1", BD, - "0800000000000000000000000000000000000000C9", - "000000000000000000000000000000000000000001", - "000000000000000000000000000000000000000001", - "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", - "0289070FB05D38FF58321F2E800536D538CCDAA3D9", - "04000000000000000000020108A2E0CC0D99F8A5EF", - 2, nameSplitPattern); - - add("sect163r1", "1.3.132.0.2", B, - "0800000000000000000000000000000000000000C9", - "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2", - "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9", - "0369979697AB43897789566789567F787A7876A654", - "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883", - "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", - 2, nameSplitPattern); - - add("sect163r2 [NIST B-163]", "1.3.132.0.15", BD, - "0800000000000000000000000000000000000000C9", - "000000000000000000000000000000000000000001", - "020A601907B8C953CA1481EB10512F78744A3205FD", - "03F0EBA16286A2D57EA0991168D4994637E8343E36", - "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", - "040000000000000000000292FE77E70C12A4234C33", - 2, nameSplitPattern); - - add("sect193r1", "1.3.132.0.24", B, - "02000000000000000000000000000000000000000000008001", - "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01", - "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814", - "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1", - "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", - "01000000000000000000000000C7F34A778F443ACC920EBA49", - 2, nameSplitPattern); - - add("sect193r2", "1.3.132.0.25", B, - "02000000000000000000000000000000000000000000008001", - "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B", - "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE", - "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F", - "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", - "010000000000000000000000015AAB561B005413CCD4EE99D5", - 2, nameSplitPattern); - - add("sect233k1 [NIST K-233]", "1.3.132.0.26", BD, - "020000000000000000000000000000000000000004000000000000000001", - "000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000001", - "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", - "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", - "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", - 4, nameSplitPattern); - - add("sect233r1 [NIST B-233]", "1.3.132.0.27", B, - "020000000000000000000000000000000000000004000000000000000001", - "000000000000000000000000000000000000000000000000000000000001", - "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", - "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", - "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", - "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", - 2, nameSplitPattern); - - add("sect239k1", "1.3.132.0.3", B, - "800000000000000000004000000000000000000000000000000000000001", - "000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000001", - "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC", - "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", - "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", - 4, nameSplitPattern); - - add("sect283k1 [NIST K-283]", "1.3.132.0.16", BD, - "0800000000000000000000000000000000000000000000000000000000000000000010A1", - "000000000000000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000000000000000001", - "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836", - "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", - 4, nameSplitPattern); - - add("sect283r1 [NIST B-283]", "1.3.132.0.17", B, - "0800000000000000000000000000000000000000000000000000000000000000000010A1", - "000000000000000000000000000000000000000000000000000000000000000000000001", - "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", - "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053", - "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", - "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", - 2, nameSplitPattern); - - add("sect409k1 [NIST K-409]", "1.3.132.0.36", BD, - "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", - "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", - "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746", - "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", - "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", - 4, nameSplitPattern); - - add("sect409r1 [NIST B-409]", "1.3.132.0.37", B, - "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", - "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", - "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7", - "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", - "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", - 2, nameSplitPattern); - - add("sect571k1 [NIST K-571]", "1.3.132.0.38", BD, - "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", - "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972", - "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", - "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", - 4, nameSplitPattern); - - add("sect571r1 [NIST B-571]", "1.3.132.0.39", B, - "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", - "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", - "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19", - "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", - "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", - 2, nameSplitPattern); - - /* ANSI X9.62 binary curves */ - add("X9.62 c2tnb191v1", "1.2.840.10045.3.0.5", B, - "800000000000000000000000000000000000000000000201", - "2866537B676752636A68F56554E12640276B649EF7526267", - "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", - "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D", - "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB", - "40000000000000000000000004A20E90C39067C893BBB9A5", - 2, nameSplitPattern); - - add("X9.62 c2tnb191v2", "1.2.840.10045.3.0.6", B, - "800000000000000000000000000000000000000000000201", - "401028774D7777C7B7666D1366EA432071274F89FF01E718", - "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", - "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10", - "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A", - "20000000000000000000000050508CB89F652824E06B8173", - 4, nameSplitPattern); - - add("X9.62 c2tnb191v3", "1.2.840.10045.3.0.7", B, - "800000000000000000000000000000000000000000000201", - "6C01074756099122221056911C77D77E77A777E7E7E77FCB", - "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", - "375D4CE24FDE434489DE8746E71786015009E66E38A926DD", - "545A39176196575D985999366E6AD34CE0A77CD7127B06BE", - "155555555555555555555555610C0B196812BFB6288A3EA3", - 6, nameSplitPattern); - - add("X9.62 c2tnb239v1", "1.2.840.10045.3.0.11", B, - "800000000000000000000000000000000000000000000000001000000001", - "32010857077C5431123A46B808906756F543423E8D27877578125778AC76", - "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", - "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D", - "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305", - "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", - 4, nameSplitPattern); - - add("X9.62 c2tnb239v2", "1.2.840.10045.3.0.12", B, - "800000000000000000000000000000000000000000000000001000000001", - "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", - "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", - "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205", - "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833", - "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", - 6, nameSplitPattern); - - add("X9.62 c2tnb239v3", "1.2.840.10045.3.0.13", B, - "800000000000000000000000000000000000000000000000001000000001", - "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", - "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", - "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92", - "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461", - "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", - 0xA, nameSplitPattern); - - add("X9.62 c2tnb359v1", "1.2.840.10045.3.0.18", B, - "800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001", - "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557", - "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988", - "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097", - "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E4AE2DE211305A407104BD", - "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B", - 0x4C, nameSplitPattern); - - add("X9.62 c2tnb431r1", "1.2.840.10045.3.0.20", B, - "800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001", - "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F", - "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618", - "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7", - "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760", - "0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91", - 0x2760, nameSplitPattern); - - /* ANSI X9.62 binary curves from the 1998 standard but forbidden - * in the 2005 version of the standard. - * We don't register them but leave them here for the time being in - * case we need to support them after all. - */ -/* - add("X9.62 c2pnb163v1", "1.2.840.10045.3.0.1", B, - "080000000000000000000000000000000000000107", - "072546B5435234A422E0789675F432C89435DE5242", - "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", - "07AF69989546103D79329FCC3D74880F33BBE803CB", - "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F", - "0400000000000000000001E60FC8821CC74DAEAFC1", - 2, nameSplitPattern); - - add("X9.62 c2pnb163v2", "1.2.840.10045.3.0.2", B, - "080000000000000000000000000000000000000107", - "0108B39E77C4B108BED981ED0E890E117C511CF072", - "0667ACEB38AF4E488C407433FFAE4F1C811638DF20", - "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5", - "079F684DDF6684C5CD258B3890021B2386DFD19FC5", - "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", - 2, nameSplitPattern); - - add("X9.62 c2pnb163v3", "1.2.840.10045.3.0.3", B, - "080000000000000000000000000000000000000107", - "07A526C63D3E25A256A007699F5447E32AE456B50E", - "03F7061798EB99E238FD6F1BF95B48FEEB4854252B", - "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB", - "05B935590C155E17EA48EB3FF3718B893DF59A05D0", - "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", - 2, nameSplitPattern); - - add("X9.62 c2pnb176w1", "1.2.840.10045.3.0.4", B, - "0100000000000000000000000000000000080000000007", - "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", - "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", - "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798", - "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C", - "00010092537397ECA4F6145799D62B0A19CE06FE26AD", - 0xFF6E, nameSplitPattern); - - add("X9.62 c2pnb208w1", "1.2.840.10045.3.0.10", B, - "010000000000000000000000000000000800000000000000000007", - "0000000000000000000000000000000000000000000000000000", - "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", - "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A", - "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3", - "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", - 0xFE48, nameSplitPattern); - - add("X9.62 c2pnb272w1", "1.2.840.10045.3.0.16", B, - "010000000000000000000000000000000000000000000000000000010000000000000B", - "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", - "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", - "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D", - "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23", - "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", - 0xFF06, nameSplitPattern); - - add("X9.62 c2pnb304w1", "1.2.840.10045.3.0.17", B, - "010000000000000000000000000000000000000000000000000000000000000000000000000807", - "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681", - "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE", - "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614", - "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1B92C03B", - "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D", - 0xFE2E, nameSplitPattern); - - add("X9.62 c2pnb368w1", "1.2.840.10045.3.0.19", B, - "0100000000000000000000000000000000000000000000000000000000000000000000002000000000000000000007", - "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D", - "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A", - "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F", - "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855ADAA81E2A0750B80FDA2310", - "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967", - 0xFF70, nameSplitPattern); -*/ - - /* - * Brainpool curves (RFC 5639) - * (Twisted curves are not included) - */ - - add("brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1", P, - "E95E4A5F737059DC60DFC7AD95B3D8139515620F", - "340E7BE2A280EB74E2BE61BADA745D97E8F7C300", - "1E589A8595423412134FAA2DBDEC95C8D8675E58", - "BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3", - "1667CB477A1A8EC338F94741669C976316DA6321", - "E95E4A5F737059DC60DF5991D45029409E60FC09", - 1, nameSplitPattern); - - add("brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3", P, - "C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297", - "6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF", - "469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9", - "C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6", - "14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F", - "C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", - 1, nameSplitPattern); - - add("brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5", P, - "D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF", - "68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43", - "2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B", - "0D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D", - "58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD", - "D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", - 1, nameSplitPattern); - - add("brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", P, - "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", - "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", - "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", - "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", - "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", - "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", - 1, nameSplitPattern); - - add("brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9", P, - "D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27", - "3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4", - "520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6", - "43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611", - "14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1", - "D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", - 1, nameSplitPattern); - - add("brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", P, - "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", - "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826", - "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", - "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E", - "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", - "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", - 1, nameSplitPattern); - - add("brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", P, - "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", - "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA", - "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", - "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822", - "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", - "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", - 1, nameSplitPattern); - - specCollection = Collections.unmodifiableCollection(oidMap.values()); - } -}
--- a/src/share/classes/sun/security/ec/ECKeyPairGenerator.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ec/ECKeyPairGenerator.java Mon Apr 19 04:23:30 2021 +0100 @@ -35,7 +35,6 @@ import java.security.spec.InvalidParameterSpecException; import java.util.Optional; -import sun.security.ec.NamedCurve; import sun.security.jca.JCAUtil; import sun.security.util.ECUtil; import sun.security.util.math.*;
--- a/src/share/classes/sun/security/ec/ECParameters.java Fri Feb 05 20:19:32 2021 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,238 +0,0 @@ -/* - * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.ec; - -import java.io.IOException; - -import java.security.*; -import java.security.spec.*; - -import sun.security.util.*; - -/** - * This class implements encoding and decoding of Elliptic Curve parameters - * as specified in RFC 3279. - * - * However, only named curves are currently supported. - * - * ASN.1 from RFC 3279 follows. Note that X9.62 (2005) has added some additional - * options. - * - * <pre> - * EcpkParameters ::= CHOICE { - * ecParameters ECParameters, - * namedCurve OBJECT IDENTIFIER, - * implicitlyCA NULL } - * - * ECParameters ::= SEQUENCE { - * version ECPVer, -- version is always 1 - * fieldID FieldID, -- identifies the finite field over - * -- which the curve is defined - * curve Curve, -- coefficients a and b of the - * -- elliptic curve - * base ECPoint, -- specifies the base point P - * -- on the elliptic curve - * order INTEGER, -- the order n of the base point - * cofactor INTEGER OPTIONAL -- The integer h = #E(Fq)/n - * } - * - * ECPVer ::= INTEGER {ecpVer1(1)} - * - * Curve ::= SEQUENCE { - * a FieldElement, - * b FieldElement, - * seed BIT STRING OPTIONAL } - * - * FieldElement ::= OCTET STRING - * - * ECPoint ::= OCTET STRING - * </pre> - * - * @since 1.6 - * @author Andreas Sterbenz - */ -public final class ECParameters extends AlgorithmParametersSpi { - - // used by ECPublicKeyImpl and ECPrivateKeyImpl - static AlgorithmParameters getAlgorithmParameters(ECParameterSpec spec) - throws InvalidKeyException { - try { - AlgorithmParameters params = - AlgorithmParameters.getInstance("EC", "SunEC"); - params.init(spec); - return params; - } catch (GeneralSecurityException e) { - throw new InvalidKeyException("EC parameters error", e); - } - } - - /* - * The parameters these AlgorithmParameters object represents. - * Currently, it is always an instance of NamedCurve. - */ - private NamedCurve namedCurve; - - // A public constructor is required by AlgorithmParameters class. - public ECParameters() { - // empty - } - - // AlgorithmParameterSpi methods - - protected void engineInit(AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException { - - if (paramSpec == null) { - throw new InvalidParameterSpecException - ("paramSpec must not be null"); - } - - if (paramSpec instanceof NamedCurve) { - namedCurve = (NamedCurve)paramSpec; - return; - } - - if (paramSpec instanceof ECParameterSpec) { - namedCurve = CurveDB.lookup((ECParameterSpec)paramSpec); - } else if (paramSpec instanceof ECGenParameterSpec) { - String name = ((ECGenParameterSpec)paramSpec).getName(); - namedCurve = CurveDB.lookup(name); - } else if (paramSpec instanceof ECKeySizeParameterSpec) { - int keySize = ((ECKeySizeParameterSpec)paramSpec).getKeySize(); - namedCurve = CurveDB.lookup(keySize); - } else { - throw new InvalidParameterSpecException - ("Only ECParameterSpec and ECGenParameterSpec supported"); - } - - if (namedCurve == null) { - throw new InvalidParameterSpecException( - "Not a supported curve: " + paramSpec); - } - } - - protected void engineInit(byte[] params) throws IOException { - DerValue encodedParams = new DerValue(params); - if (encodedParams.tag == DerValue.tag_ObjectId) { - ObjectIdentifier oid = encodedParams.getOID(); - NamedCurve spec = CurveDB.lookup(oid.toString()); - if (spec == null) { - throw new IOException("Unknown named curve: " + oid); - } - - namedCurve = spec; - return; - } - - throw new IOException("Only named ECParameters supported"); - - // The code below is incomplete. - // It is left as a starting point for a complete parsing implementation. - -/* - if (encodedParams.tag != DerValue.tag_Sequence) { - throw new IOException("Unsupported EC parameters, tag: " + - encodedParams.tag); - } - - encodedParams.data.reset(); - - DerInputStream in = encodedParams.data; - - int version = in.getInteger(); - if (version != 1) { - throw new IOException("Unsupported EC parameters version: " + - version); - } - ECField field = parseField(in); - EllipticCurve curve = parseCurve(in, field); - ECPoint point = parsePoint(in, curve); - - BigInteger order = in.getBigInteger(); - int cofactor = 0; - - if (in.available() != 0) { - cofactor = in.getInteger(); - } - - // XXX HashAlgorithm optional - - if (encodedParams.data.available() != 0) { - throw new IOException("encoded params have " + - encodedParams.data.available() + - " extra bytes"); - } - - return new ECParameterSpec(curve, point, order, cofactor); -*/ - } - - protected void engineInit(byte[] params, String decodingMethod) - throws IOException { - engineInit(params); - } - - protected <T extends AlgorithmParameterSpec> T - engineGetParameterSpec(Class<T> spec) - throws InvalidParameterSpecException { - - if (spec.isAssignableFrom(ECParameterSpec.class)) { - return spec.cast(namedCurve); - } - - if (spec.isAssignableFrom(ECGenParameterSpec.class)) { - // Ensure the name is the Object ID - String name = namedCurve.getObjectId(); - return spec.cast(new ECGenParameterSpec(name)); - } - - if (spec.isAssignableFrom(ECKeySizeParameterSpec.class)) { - int keySize = namedCurve.getCurve().getField().getFieldSize(); - return spec.cast(new ECKeySizeParameterSpec(keySize)); - } - - throw new InvalidParameterSpecException( - "Only ECParameterSpec and ECGenParameterSpec supported"); - } - - protected byte[] engineGetEncoded() throws IOException { - return namedCurve.getEncoded(); - } - - protected byte[] engineGetEncoded(String encodingMethod) - throws IOException { - return engineGetEncoded(); - } - - protected String engineToString() { - if (namedCurve == null) { - return "Not initialized"; - } - - return namedCurve.toString(); - } -} -
--- a/src/share/classes/sun/security/ec/ECPrivateKeyImpl.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ec/ECPrivateKeyImpl.java Mon Apr 19 04:23:30 2021 +0100 @@ -32,7 +32,12 @@ import java.security.interfaces.*; import java.security.spec.*; -import sun.security.util.*; +import sun.security.util.ArrayUtil; +import sun.security.util.DerInputStream; +import sun.security.util.DerOutputStream; +import sun.security.util.DerValue; +import sun.security.util.ECParameters; +import sun.security.util.ECUtil; import sun.security.x509.AlgorithmId; import sun.security.pkcs.PKCS8Key;
--- a/src/share/classes/sun/security/ec/ECPublicKeyImpl.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ec/ECPublicKeyImpl.java Mon Apr 19 04:23:30 2021 +0100 @@ -31,7 +31,9 @@ import java.security.interfaces.*; import java.security.spec.*; -import sun.security.util.*; +import sun.security.util.ECParameters; +import sun.security.util.ECUtil; + import sun.security.x509.*; /**
--- a/src/share/classes/sun/security/ec/NamedCurve.java Fri Feb 05 20:19:32 2021 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,86 +0,0 @@ -/* - * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.ec; - -import java.io.IOException; -import java.math.BigInteger; - -import java.security.spec.*; - -import sun.security.util.DerOutputStream; -import sun.security.util.ObjectIdentifier; - - -/** - * Contains Elliptic Curve parameters. - * - * @since 1.6 - * @author Andreas Sterbenz - */ -class NamedCurve extends ECParameterSpec { - - // friendly name for toString() output - private final String name; - - // well known OID - private final String oid; - - // encoded form (as NamedCurve identified via OID) - private final byte[] encoded; - - NamedCurve(String name, String oid, EllipticCurve curve, - ECPoint g, BigInteger n, int h) { - super(curve, g, n, h); - this.name = name; - this.oid = oid; - - DerOutputStream out = new DerOutputStream(); - - try { - out.putOID(new ObjectIdentifier(oid)); - } catch (IOException e) { - throw new RuntimeException("Internal error", e); - } - - encoded = out.toByteArray(); - } - - String getName() { - return name; - } - - byte[] getEncoded() { - return encoded.clone(); - } - - String getObjectId() { - return oid; - } - - public String toString() { - return name + " (" + oid + ")"; - } -}
--- a/src/share/classes/sun/security/ec/SunECEntries.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ec/SunECEntries.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,8 @@ import java.util.Map; import java.util.regex.Pattern; +import sun.security.util.CurveDB; +import sun.security.util.NamedCurve; /** * Defines the entries of the SunEC provider. @@ -55,7 +57,7 @@ /* * Algorithm Parameter engine */ - map.put("AlgorithmParameters.EC", "sun.security.ec.ECParameters"); + map.put("AlgorithmParameters.EC", "sun.security.util.ECParameters"); map.put("Alg.Alias.AlgorithmParameters.EllipticCurve", "EC"); map.put("Alg.Alias.AlgorithmParameters.1.2.840.10045.2.1", "EC");
--- a/src/share/classes/sun/security/krb5/Config.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/krb5/Config.java Mon Apr 19 04:23:30 2021 +0100 @@ -146,8 +146,10 @@ * java.security.krb5.kdc not specified, error reading configuration file. */ - public static synchronized void refresh() throws KrbException { - singleton = new Config(); + public static void refresh() throws KrbException { + synchronized (Config.class) { + singleton = new Config(); + } KdcComm.initStatic(); EType.initStatic(); Checksum.initStatic();
--- a/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java Mon Apr 19 04:23:30 2021 +0100 @@ -165,7 +165,7 @@ String service, Credentials ccreds) throws KrbException, IOException { PrincipalName sname = new PrincipalName(service, - PrincipalName.KRB_NT_SRV_HST); + PrincipalName.KRB_NT_UNKNOWN); return serviceCreds(sname, ccreds); }
--- a/src/share/classes/sun/security/pkcs11/P11AEADCipher.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/pkcs11/P11AEADCipher.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2019, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -347,6 +347,13 @@ 0, buffer, 0, bufLen); } } catch (PKCS11Exception e) { + if (e.getErrorCode() == CKR_OPERATION_NOT_INITIALIZED) { + // Cancel Operation may be invoked after an error on a PKCS#11 + // call. If the operation inside the token was already cancelled, + // do not fail here. This is part of a defensive mechanism for + // PKCS#11 libraries that do not strictly follow the standard. + return; + } if (encrypt) { throw new ProviderException("Cancel failed", e); } @@ -614,6 +621,12 @@ } return k; } catch (PKCS11Exception e) { + // As per the PKCS#11 standard, C_Encrypt and C_Decrypt may only + // keep the operation active on CKR_BUFFER_TOO_SMALL errors or + // successful calls to determine the output length. However, + // these cases are not expected here because the output length + // is checked in the OpenJDK side before making the PKCS#11 call. + // Thus, doCancel can safely be 'false'. doCancel = false; handleException(e); throw new ProviderException("doFinal() failed", e); @@ -700,6 +713,12 @@ outBuffer.position(outBuffer.position() + k); return k; } catch (PKCS11Exception e) { + // As per the PKCS#11 standard, C_Encrypt and C_Decrypt may only + // keep the operation active on CKR_BUFFER_TOO_SMALL errors or + // successful calls to determine the output length. However, + // these cases are not expected here because the output length + // is checked in the OpenJDK side before making the PKCS#11 call. + // Thus, doCancel can safely be 'false'. doCancel = false; handleException(e); throw new ProviderException("doFinal() failed", e);
--- a/src/share/classes/sun/security/pkcs11/P11Cipher.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/pkcs11/P11Cipher.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -439,6 +439,13 @@ token.p11.C_DecryptFinal(session.id(), 0, buffer, 0, bufLen); } } catch (PKCS11Exception e) { + if (e.getErrorCode() == CKR_OPERATION_NOT_INITIALIZED) { + // Cancel Operation may be invoked after an error on a PKCS#11 + // call. If the operation inside the token was already cancelled, + // do not fail here. This is part of a defensive mechanism for + // PKCS#11 libraries that do not strictly follow the standard. + return; + } if (encrypt) { throw new ProviderException("Cancel failed", e); } @@ -628,7 +635,11 @@ throw (ShortBufferException) (new ShortBufferException().initCause(e)); } - reset(false); + // Some implementations such as the NSS Software Token do not + // cancel the operation upon a C_EncryptUpdate/C_DecryptUpdate + // failure (as required by the PKCS#11 standard). See JDK-8258833 + // for further information. + reset(true); throw new ProviderException("update() failed", e); } } @@ -746,7 +757,11 @@ throw (ShortBufferException) (new ShortBufferException().initCause(e)); } - reset(false); + // Some implementations such as the NSS Software Token do not + // cancel the operation upon a C_EncryptUpdate/C_DecryptUpdate + // failure (as required by the PKCS#11 standard). See JDK-8258833 + // for further information. + reset(true); throw new ProviderException("update() failed", e); } } @@ -770,9 +785,14 @@ 0, padBuffer, 0, actualPadLen, 0, out, outOfs, outLen); } + // Some implementations such as the NSS Software Token do not + // cancel the operation upon a C_EncryptUpdate failure (as + // required by the PKCS#11 standard). Cancel is not needed + // only after this point. See JDK-8258833 for further + // information. + doCancel = false; k += token.p11.C_EncryptFinal(session.id(), 0, out, (outOfs + k), (outLen - k)); - doCancel = false; } else { // Special handling to match SunJCE provider behavior if (bytesBuffered == 0 && padBufferLen == 0) { @@ -784,22 +804,26 @@ padBuffer, 0, padBufferLen, 0, padBuffer, 0, padBuffer.length); } + // Some implementations such as the NSS Software Token do not + // cancel the operation upon a C_DecryptUpdate failure (as + // required by the PKCS#11 standard). Cancel is not needed + // only after this point. See JDK-8258833 for further + // information. + doCancel = false; k += token.p11.C_DecryptFinal(session.id(), 0, padBuffer, k, padBuffer.length - k); - doCancel = false; int actualPadLen = paddingObj.unpad(padBuffer, k); k -= actualPadLen; System.arraycopy(padBuffer, 0, out, outOfs, k); } else { + doCancel = false; k = token.p11.C_DecryptFinal(session.id(), 0, out, outOfs, outLen); - doCancel = false; } } return k; } catch (PKCS11Exception e) { - doCancel = false; handleException(e); throw new ProviderException("doFinal() failed", e); } finally { @@ -845,9 +869,14 @@ 0, padBuffer, 0, actualPadLen, outAddr, outArray, outOfs, outLen); } + // Some implementations such as the NSS Software Token do not + // cancel the operation upon a C_EncryptUpdate failure (as + // required by the PKCS#11 standard). Cancel is not needed + // only after this point. See JDK-8258833 for further + // information. + doCancel = false; k += token.p11.C_EncryptFinal(session.id(), outAddr, outArray, (outOfs + k), (outLen - k)); - doCancel = false; } else { // Special handling to match SunJCE provider behavior if (bytesBuffered == 0 && padBufferLen == 0) { @@ -861,18 +890,23 @@ 0, padBuffer, 0, padBuffer.length); padBufferLen = 0; } + // Some implementations such as the NSS Software Token do not + // cancel the operation upon a C_DecryptUpdate failure (as + // required by the PKCS#11 standard). Cancel is not needed + // only after this point. See JDK-8258833 for further + // information. + doCancel = false; k += token.p11.C_DecryptFinal(session.id(), 0, padBuffer, k, padBuffer.length - k); - doCancel = false; int actualPadLen = paddingObj.unpad(padBuffer, k); k -= actualPadLen; outArray = padBuffer; outOfs = 0; } else { + doCancel = false; k = token.p11.C_DecryptFinal(session.id(), outAddr, outArray, outOfs, outLen); - doCancel = false; } } if ((!encrypt && paddingObj != null) || @@ -884,7 +918,6 @@ } return k; } catch (PKCS11Exception e) { - doCancel = false; handleException(e); throw new ProviderException("doFinal() failed", e); } finally {
--- a/src/share/classes/sun/security/pkcs11/P11KeyStore.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/pkcs11/P11KeyStore.java Mon Apr 19 04:23:30 2021 +0100 @@ -67,8 +67,6 @@ import sun.security.util.DerValue; import sun.security.util.ECUtil; -import sun.security.ec.ECParameters; - import sun.security.pkcs11.Secmod.*; import static sun.security.pkcs11.P11Util.*;
--- a/src/share/classes/sun/security/pkcs11/P11Mac.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/pkcs11/P11Mac.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -144,6 +144,13 @@ try { token.p11.C_SignFinal(session.id(), 0); } catch (PKCS11Exception e) { + if (e.getErrorCode() == CKR_OPERATION_NOT_INITIALIZED) { + // Cancel Operation may be invoked after an error on a PKCS#11 + // call. If the operation inside the token was already cancelled, + // do not fail here. This is part of a defensive mechanism for + // PKCS#11 libraries that do not strictly follow the standard. + return; + } throw new ProviderException("Cancel failed", e); } } @@ -206,6 +213,12 @@ ensureInitialized(); return token.p11.C_SignFinal(session.id(), 0); } catch (PKCS11Exception e) { + // As per the PKCS#11 standard, C_SignFinal may only + // keep the operation active on CKR_BUFFER_TOO_SMALL errors or + // successful calls to determine the output length. However, + // these cases are handled at OpenJDK's libj2pkcs11 native + // library. Thus, P11Mac::reset can be called with a 'false' + // doCancel argument from here. throw new ProviderException("doFinal() failed", e); } finally { reset(false);
--- a/src/share/classes/sun/security/pkcs11/P11PSSSignature.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/pkcs11/P11PSSSignature.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2019, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -271,6 +271,13 @@ } } } catch (PKCS11Exception e) { + if (e.getErrorCode() == CKR_OPERATION_NOT_INITIALIZED) { + // Cancel Operation may be invoked after an error on a PKCS#11 + // call. If the operation inside the token was already cancelled, + // do not fail here. This is part of a defensive mechanism for + // PKCS#11 libraries that do not strictly follow the standard. + return; + } if (mode == M_SIGN) { throw new ProviderException("cancel failed", e); } @@ -594,6 +601,11 @@ doCancel = false; return signature; } catch (PKCS11Exception pe) { + // As per the PKCS#11 standard, C_Sign and C_SignFinal may only + // keep the operation active on CKR_BUFFER_TOO_SMALL errors or + // successful calls to determine the output length. However, + // these cases are handled at OpenJDK's libj2pkcs11 native + // library. Thus, doCancel can safely be 'false' here. doCancel = false; throw new ProviderException(pe); } catch (ProviderException e) {
--- a/src/share/classes/sun/security/pkcs11/P11Signature.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/pkcs11/P11Signature.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -297,6 +297,13 @@ } } } catch (PKCS11Exception e) { + if (e.getErrorCode() == CKR_OPERATION_NOT_INITIALIZED) { + // Cancel Operation may be invoked after an error on a PKCS#11 + // call. If the operation inside the token was already cancelled, + // do not fail here. This is part of a defensive mechanism for + // PKCS#11 libraries that do not strictly follow the standard. + return; + } if (mode == M_VERIFY) { long errorCode = e.getErrorCode(); if ((errorCode == CKR_SIGNATURE_INVALID) || @@ -637,6 +644,11 @@ return signature; } } catch (PKCS11Exception e) { + // As per the PKCS#11 standard, C_Sign and C_SignFinal may only + // keep the operation active on CKR_BUFFER_TOO_SMALL errors or + // successful calls to determine the output length. However, + // these cases are handled at OpenJDK's libj2pkcs11 native + // library. Thus, doCancel can safely be 'false' here. doCancel = false; throw new ProviderException(e); } finally {
--- a/src/share/classes/sun/security/pkcs11/SunPKCS11.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/pkcs11/SunPKCS11.java Mon Apr 19 04:23:30 2021 +0100 @@ -622,7 +622,7 @@ // AlgorithmParameters for EC. // Only needed until we have an EC implementation in the SUN provider. - d(AGP, "EC", "sun.security.ec.ECParameters", + d(AGP, "EC", "sun.security.util.ECParameters", s("1.2.840.10045.2.1"), m(CKM_EC_KEY_PAIR_GEN, CKM_ECDH1_DERIVE, CKM_ECDSA, CKM_ECDSA_SHA1)); @@ -1102,7 +1102,7 @@ return token.getKeyStore(); } else if (type == AGP) { if (algorithm == "EC") { - return new sun.security.ec.ECParameters(); + return new sun.security.util.ECParameters(); } else if (algorithm == "GCM") { return new sun.security.util.GCMParameters(); } else {
--- a/src/share/classes/sun/security/ssl/CertSignAlgsExtension.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ssl/CertSignAlgsExtension.java Mon Apr 19 04:23:30 2021 +0100 @@ -101,6 +101,7 @@ if (chc.localSupportedSignAlgs == null) { chc.localSupportedSignAlgs = SignatureScheme.getSupportedAlgorithms( + chc.sslConfig, chc.algorithmConstraints, chc.activeProtocols); } @@ -194,6 +195,7 @@ // update the context List<SignatureScheme> schemes = SignatureScheme.getSupportedAlgorithms( + shc.sslConfig, shc.algorithmConstraints, shc.negotiatedProtocol, spec.signatureSchemes); shc.peerRequestedCertSignSchemes = schemes; @@ -248,7 +250,9 @@ protocols = Collections.unmodifiableList(protocols); List<SignatureScheme> sigAlgs = SignatureScheme.getSupportedAlgorithms( - shc.algorithmConstraints, protocols); + shc.sslConfig, + shc.algorithmConstraints, + protocols); int vectorLen = SignatureScheme.sizeInRecord() * sigAlgs.size(); byte[] extData = new byte[vectorLen + 2]; @@ -338,6 +342,7 @@ // update the context List<SignatureScheme> schemes = SignatureScheme.getSupportedAlgorithms( + chc.sslConfig, chc.algorithmConstraints, chc.negotiatedProtocol, spec.signatureSchemes); chc.peerRequestedCertSignSchemes = schemes;
--- a/src/share/classes/sun/security/ssl/CertificateRequest.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ssl/CertificateRequest.java Mon Apr 19 04:23:30 2021 +0100 @@ -601,6 +601,7 @@ if (shc.localSupportedSignAlgs == null) { shc.localSupportedSignAlgs = SignatureScheme.getSupportedAlgorithms( + shc.sslConfig, shc.algorithmConstraints, shc.activeProtocols); }
--- a/src/share/classes/sun/security/ssl/CipherSuite.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ssl/CipherSuite.java Mon Apr 19 04:23:30 2021 +0100 @@ -388,7 +388,7 @@ ProtocolVersion.PROTOCOLS_TO_TLS12, K_DH_ANON, B_RC4_128, M_MD5, H_SHA256), - // weak cipher suites obsoleted in TLS 1.2 [RFC 5246] + // Weak cipher suites obsoleted in TLS 1.2 [RFC 5246] SSL_RSA_WITH_DES_CBC_SHA( 0x0009, false, "SSL_RSA_WITH_DES_CBC_SHA", "TLS_RSA_WITH_DES_CBC_SHA", @@ -410,7 +410,7 @@ ProtocolVersion.PROTOCOLS_TO_11, K_DH_ANON, B_DES, M_SHA, H_NONE), - // weak cipher suites obsoleted in TLS 1.1 [RFC 4346] + // Weak cipher suites obsoleted in TLS 1.1 [RFC 4346] SSL_RSA_EXPORT_WITH_DES40_CBC_SHA( 0x0008, false, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", @@ -442,7 +442,7 @@ ProtocolVersion.PROTOCOLS_TO_10, K_DH_ANON, B_RC4_40, M_MD5, H_NONE), - // no traffic encryption cipher suites + // No traffic encryption cipher suites TLS_RSA_WITH_NULL_SHA256( 0x003B, false, "TLS_RSA_WITH_NULL_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, @@ -521,7 +521,7 @@ ProtocolVersion.PROTOCOLS_TO_10, K_KRB5_EXPORT, B_RC4_40, M_MD5, H_SHA256), - // Definition of the CipherSuites that are not supported but the names + // Definition of the cipher suites that are not supported but the names // are known. TLS_CHACHA20_POLY1305_SHA256( // TLS 1.3 "TLS_CHACHA20_POLY1305_SHA256", 0x1303), @@ -530,7 +530,7 @@ TLS_AES_128_CCM_8_SHA256( // TLS 1.3 "TLS_AES_128_CCM_8_SHA256", 0x1305), - // remaining unsupported ciphersuites defined in RFC2246. + // Remaining unsupported cipher suites defined in RFC2246. CS_0006("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006), CS_0007("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007), CS_000B("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b), @@ -540,18 +540,18 @@ CS_000F("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f), CS_0010("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010), - // SSL 3.0 Fortezza ciphersuites + // SSL 3.0 Fortezza cipher suites CS_001C("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c), CS_001D("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d), - // 1024/56 bit exportable ciphersuites from expired internet draft + // 1024/56 bit exportable cipher suites from expired internet draft CS_0062("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062), CS_0063("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063), CS_0064("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064), CS_0065("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065), CS_0066("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066), - // Netscape old and new SSL 3.0 FIPS ciphersuites + // Netscape old and new SSL 3.0 FIPS cipher suites // see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html CS_FFE0("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0), CS_FFE1("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1),
--- a/src/share/classes/sun/security/ssl/PreSharedKeyExtension.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ssl/PreSharedKeyExtension.java Mon Apr 19 04:23:30 2021 +0100 @@ -420,6 +420,7 @@ if (shc.localSupportedSignAlgs == null) { shc.localSupportedSignAlgs = SignatureScheme.getSupportedAlgorithms( + shc.sslConfig, shc.algorithmConstraints, shc.activeProtocols); }
--- a/src/share/classes/sun/security/ssl/SSLConfiguration.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ssl/SSLConfiguration.java Mon Apr 19 04:23:30 2021 +0100 @@ -29,8 +29,6 @@ import java.security.AccessController; import java.security.AlgorithmConstraints; import java.security.NoSuchAlgorithmException; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -45,6 +43,7 @@ import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLSocket; import sun.security.action.GetIntegerAction; +import sun.security.action.GetPropertyAction; import sun.security.ssl.SSLExtension.ClientExtensions; import sun.security.ssl.SSLExtension.ServerExtensions; @@ -64,6 +63,10 @@ boolean preferLocalCipherSuites; int maximumPacketSize = 0; + // The configured signature schemes for "signature_algorithms" and + // "signature_algorithms_cert" extensions + List<SignatureScheme> signatureSchemes; + // the maximum protocol version of enabled protocols ProtocolVersion maximumProtocolVersion; @@ -140,6 +143,9 @@ this.applicationProtocols = new String[0]; + this.signatureSchemes = isClientMode ? + CustomizedClientSignatureSchemes.signatureSchemes : + CustomizedServerSignatureSchemes.signatureSchemes; this.maximumProtocolVersion = ProtocolVersion.NONE; for (ProtocolVersion pv : enabledProtocols) { if (pv.compareTo(maximumProtocolVersion) > 0) { @@ -386,6 +392,15 @@ return extensions.toArray(new SSLExtension[0]); } + void toggleClientMode() { + this.isClientMode ^= true; + + // reset the signature schemes + this.signatureSchemes = isClientMode ? + CustomizedClientSignatureSchemes.signatureSchemes : + CustomizedServerSignatureSchemes.signatureSchemes; + } + @Override @SuppressWarnings({"unchecked", "CloneDeclaresCloneNotSupported"}) public Object clone() { @@ -405,4 +420,72 @@ return null; // unlikely } + + + // lazy initialization holder class idiom for static default parameters + // + // See Effective Java Second Edition: Item 71. + private static final class CustomizedClientSignatureSchemes { + private static List<SignatureScheme> signatureSchemes = + getCustomizedSignatureScheme("jdk.tls.client.SignatureSchemes"); + } + + // lazy initialization holder class idiom for static default parameters + // + // See Effective Java Second Edition: Item 71. + private static final class CustomizedServerSignatureSchemes { + private static List<SignatureScheme> signatureSchemes = + getCustomizedSignatureScheme("jdk.tls.server.SignatureSchemes"); + } + + /* + * Get the customized signature schemes specified by the given + * system property. + */ + private static List<SignatureScheme> getCustomizedSignatureScheme( + String propertyName) { + + String property = GetPropertyAction.privilegedGetProperty(propertyName); + if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) { + SSLLogger.fine( + "System property " + propertyName + " is set to '" + + property + "'"); + } + if (property != null && !property.isEmpty()) { + // remove double quote marks from beginning/end of the property + if (property.length() > 1 && property.charAt(0) == '"' && + property.charAt(property.length() - 1) == '"') { + property = property.substring(1, property.length() - 1); + } + } + + if (property != null && !property.isEmpty()) { + String[] signatureSchemeNames = property.split(","); + List<SignatureScheme> signatureSchemes = + new ArrayList<>(signatureSchemeNames.length); + for (int i = 0; i < signatureSchemeNames.length; i++) { + signatureSchemeNames[i] = signatureSchemeNames[i].trim(); + if (signatureSchemeNames[i].isEmpty()) { + continue; + } + + SignatureScheme scheme = + SignatureScheme.nameOf(signatureSchemeNames[i]); + if (scheme != null && scheme.isAvailable) { + signatureSchemes.add(scheme); + } else { + if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) { + SSLLogger.fine( + "The current installed providers do not " + + "support signature scheme: " + + signatureSchemeNames[i]); + } + } + } + + return signatureSchemes; + } + + return Collections.emptyList(); + } }
--- a/src/share/classes/sun/security/ssl/SSLContextImpl.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ssl/SSLContextImpl.java Mon Apr 19 04:23:30 2021 +0100 @@ -375,7 +375,7 @@ private static List<CipherSuite> getApplicableCipherSuites( Collection<CipherSuite> allowedCipherSuites, List<ProtocolVersion> protocols) { - TreeSet<CipherSuite> suites = new TreeSet<>(); + LinkedHashSet<CipherSuite> suites = new LinkedHashSet<>(); if (protocols != null && (!protocols.isEmpty())) { for (CipherSuite suite : allowedCipherSuites) { if (!suite.isAvailable()) {
--- a/src/share/classes/sun/security/ssl/SSLLogger.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ssl/SSLLogger.java Mon Apr 19 04:23:30 2021 +0100 @@ -387,7 +387,7 @@ for (int i=1; i<stElements.length; i++) { StackTraceElement ste = stElements[i]; if (!ste.getClassName().startsWith(SSLLogger.class.getName()) && - !ste.getClassName().startsWith("java.lang.System")) { + !ste.getClassName().startsWith(Logger.class.getName())) { return ste.getFileName() + ":" + ste.getLineNumber(); } }
--- a/src/share/classes/sun/security/ssl/SSLServerSocketImpl.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ssl/SSLServerSocketImpl.java Mon Apr 19 04:23:30 2021 +0100 @@ -62,7 +62,6 @@ super(); this.sslContext = sslContext; this.sslConfig = new SSLConfiguration(sslContext, false); - this.sslConfig.isClientMode = false; } SSLServerSocketImpl(SSLContextImpl sslContext, @@ -71,7 +70,6 @@ super(port, backlog); this.sslContext = sslContext; this.sslConfig = new SSLConfiguration(sslContext, false); - this.sslConfig.isClientMode = false; } SSLServerSocketImpl(SSLContextImpl sslContext, @@ -80,7 +78,6 @@ super(port, backlog, address); this.sslContext = sslContext; this.sslConfig = new SSLConfiguration(sslContext, false); - this.sslConfig.isClientMode = false; } @Override @@ -166,7 +163,7 @@ sslContext.getDefaultCipherSuites(!useClientMode); } - sslConfig.isClientMode = useClientMode; + sslConfig.toggleClientMode(); } }
--- a/src/share/classes/sun/security/ssl/SSLSocketImpl.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ssl/SSLSocketImpl.java Mon Apr 19 04:23:30 2021 +0100 @@ -38,6 +38,7 @@ import java.net.UnknownHostException; import java.nio.ByteBuffer; import java.util.List; +import java.util.concurrent.locks.ReentrantLock; import java.util.function.BiFunction; import javax.net.ssl.HandshakeCompletedListener; import javax.net.ssl.SSLException; @@ -83,6 +84,9 @@ private boolean isConnected = false; private volatile boolean tlsIsClosed = false; + private final ReentrantLock socketLock = new ReentrantLock(); + private final ReentrantLock handshakeLock = new ReentrantLock(); + /* * Is the local name service trustworthy? * @@ -291,14 +295,25 @@ } @Override - public synchronized String[] getEnabledCipherSuites() { - return CipherSuite.namesOf(conContext.sslConfig.enabledCipherSuites); + public String[] getEnabledCipherSuites() { + socketLock.lock(); + try { + return CipherSuite.namesOf( + conContext.sslConfig.enabledCipherSuites); + } finally { + socketLock.unlock(); + } } @Override - public synchronized void setEnabledCipherSuites(String[] suites) { - conContext.sslConfig.enabledCipherSuites = - CipherSuite.validValuesOf(suites); + public void setEnabledCipherSuites(String[] suites) { + socketLock.lock(); + try { + conContext.sslConfig.enabledCipherSuites = + CipherSuite.validValuesOf(suites); + } finally { + socketLock.unlock(); + } } @Override @@ -308,19 +323,29 @@ } @Override - public synchronized String[] getEnabledProtocols() { - return ProtocolVersion.toStringArray( - conContext.sslConfig.enabledProtocols); + public String[] getEnabledProtocols() { + socketLock.lock(); + try { + return ProtocolVersion.toStringArray( + conContext.sslConfig.enabledProtocols); + } finally { + socketLock.unlock(); + } } @Override - public synchronized void setEnabledProtocols(String[] protocols) { + public void setEnabledProtocols(String[] protocols) { if (protocols == null) { throw new IllegalArgumentException("Protocols cannot be null"); } - conContext.sslConfig.enabledProtocols = - ProtocolVersion.namesOf(protocols); + socketLock.lock(); + try { + conContext.sslConfig.enabledProtocols = + ProtocolVersion.namesOf(protocols); + } finally { + socketLock.unlock(); + } } @Override @@ -340,29 +365,44 @@ } @Override - public synchronized SSLSession getHandshakeSession() { - return conContext.handshakeContext == null ? - null : conContext.handshakeContext.handshakeSession; + public SSLSession getHandshakeSession() { + socketLock.lock(); + try { + return conContext.handshakeContext == null ? + null : conContext.handshakeContext.handshakeSession; + } finally { + socketLock.unlock(); + } } @Override - public synchronized void addHandshakeCompletedListener( + public void addHandshakeCompletedListener( HandshakeCompletedListener listener) { if (listener == null) { throw new IllegalArgumentException("listener is null"); } - conContext.sslConfig.addHandshakeCompletedListener(listener); + socketLock.lock(); + try { + conContext.sslConfig.addHandshakeCompletedListener(listener); + } finally { + socketLock.unlock(); + } } @Override - public synchronized void removeHandshakeCompletedListener( + public void removeHandshakeCompletedListener( HandshakeCompletedListener listener) { if (listener == null) { throw new IllegalArgumentException("listener is null"); } - conContext.sslConfig.removeHandshakeCompletedListener(listener); + socketLock.lock(); + try { + conContext.sslConfig.removeHandshakeCompletedListener(listener); + } finally { + socketLock.unlock(); + } } @Override @@ -376,7 +416,8 @@ throw new SocketException("Socket has been closed or broken"); } - synchronized (conContext) { // handshake lock + handshakeLock.lock(); + try { // double check the context status if (conContext.isBroken || conContext.isInboundClosed() || conContext.isOutboundClosed()) { @@ -399,53 +440,95 @@ } catch (Exception oe) { // including RuntimeException handleException(oe); } + } finally { + handshakeLock.unlock(); + } + } + + @Override + public void setUseClientMode(boolean mode) { + socketLock.lock(); + try { + conContext.setUseClientMode(mode); + } finally { + socketLock.unlock(); + } + } + + @Override + public boolean getUseClientMode() { + socketLock.lock(); + try { + return conContext.sslConfig.isClientMode; + } finally { + socketLock.unlock(); + } + } + + @Override + public void setNeedClientAuth(boolean need) { + socketLock.lock(); + try { + conContext.sslConfig.clientAuthType = + (need ? ClientAuthType.CLIENT_AUTH_REQUIRED : + ClientAuthType.CLIENT_AUTH_NONE); + } finally { + socketLock.unlock(); } } @Override - public synchronized void setUseClientMode(boolean mode) { - conContext.setUseClientMode(mode); + public boolean getNeedClientAuth() { + socketLock.lock(); + try { + return (conContext.sslConfig.clientAuthType == + ClientAuthType.CLIENT_AUTH_REQUIRED); + } finally { + socketLock.unlock(); + } } @Override - public synchronized boolean getUseClientMode() { - return conContext.sslConfig.isClientMode; - } - - @Override - public synchronized void setNeedClientAuth(boolean need) { - conContext.sslConfig.clientAuthType = - (need ? ClientAuthType.CLIENT_AUTH_REQUIRED : - ClientAuthType.CLIENT_AUTH_NONE); + public void setWantClientAuth(boolean want) { + socketLock.lock(); + try { + conContext.sslConfig.clientAuthType = + (want ? ClientAuthType.CLIENT_AUTH_REQUESTED : + ClientAuthType.CLIENT_AUTH_NONE); + } finally { + socketLock.unlock(); + } } @Override - public synchronized boolean getNeedClientAuth() { - return (conContext.sslConfig.clientAuthType == - ClientAuthType.CLIENT_AUTH_REQUIRED); - } - - @Override - public synchronized void setWantClientAuth(boolean want) { - conContext.sslConfig.clientAuthType = - (want ? ClientAuthType.CLIENT_AUTH_REQUESTED : - ClientAuthType.CLIENT_AUTH_NONE); + public boolean getWantClientAuth() { + socketLock.lock(); + try { + return (conContext.sslConfig.clientAuthType == + ClientAuthType.CLIENT_AUTH_REQUESTED); + } finally { + socketLock.unlock(); + } } @Override - public synchronized boolean getWantClientAuth() { - return (conContext.sslConfig.clientAuthType == - ClientAuthType.CLIENT_AUTH_REQUESTED); + public void setEnableSessionCreation(boolean flag) { + socketLock.lock(); + try { + conContext.sslConfig.enableSessionCreation = flag; + } finally { + socketLock.unlock(); + } } @Override - public synchronized void setEnableSessionCreation(boolean flag) { - conContext.sslConfig.enableSessionCreation = flag; - } - - @Override - public synchronized boolean getEnableSessionCreation() { - return conContext.sslConfig.enableSessionCreation; + public boolean getEnableSessionCreation() { + socketLock.lock(); + try { + return conContext.sslConfig.enableSessionCreation; + } finally { + socketLock.unlock(); + } } @Override @@ -581,6 +664,7 @@ * This method should only be called when the outbound has been closed, * but the inbound is still open. */ + @SuppressWarnings("try") private void bruteForceCloseInput( boolean hasCloseReceipt) throws IOException { if (hasCloseReceipt) { @@ -600,7 +684,12 @@ } } else { if (!conContext.isInboundClosed()) { - conContext.inputRecord.close(); + try (InputRecord ir = conContext.inputRecord) { + // Try the best to use up the input records and close the + // socket gracefully, without impact the performance too + // much. + appInput.deplete(); + } } if ((autoClose || !isLayered()) && !super.isInputShutdown()) { @@ -631,16 +720,17 @@ // Is it ready to close inbound? // // No need to throw exception if the initial handshake is not started. - if (checkCloseNotify && !conContext.isInputCloseNotified && - (conContext.isNegotiated || conContext.handshakeContext != null)) { - - throw conContext.fatal(Alert.INTERNAL_ERROR, + try { + if (checkCloseNotify && !conContext.isInputCloseNotified && + (conContext.isNegotiated || conContext.handshakeContext != null)) { + throw new SSLException( "closing inbound before receiving peer's close_notify"); - } - - conContext.closeInbound(); - if ((autoClose || !isLayered()) && !super.isInputShutdown()) { - super.shutdownInput(); + } + } finally { + conContext.closeInbound(); + if ((autoClose || !isLayered()) && !super.isInputShutdown()) { + super.shutdownInput(); + } } } @@ -675,20 +765,25 @@ } @Override - public synchronized InputStream getInputStream() throws IOException { - if (isClosed()) { - throw new SocketException("Socket is closed"); - } + public InputStream getInputStream() throws IOException { + socketLock.lock(); + try { + if (isClosed()) { + throw new SocketException("Socket is closed"); + } - if (!isConnected) { - throw new SocketException("Socket is not connected"); - } + if (!isConnected) { + throw new SocketException("Socket is not connected"); + } - if (conContext.isInboundClosed() || isInputShutdown()) { - throw new SocketException("Socket input is already shutdown"); + if (conContext.isInboundClosed() || isInputShutdown()) { + throw new SocketException("Socket input is already shutdown"); + } + + return appInput; + } finally { + socketLock.unlock(); } - - return appInput; } private void ensureNegotiated() throws IOException { @@ -697,7 +792,8 @@ return; } - synchronized (conContext) { // handshake lock + handshakeLock.lock(); + try { // double check the context status if (conContext.isNegotiated || conContext.isBroken || conContext.isInboundClosed() || @@ -706,6 +802,8 @@ } startHandshake(); + } finally { + handshakeLock.unlock(); } } @@ -723,6 +821,13 @@ // Is application data available in the stream? private volatile boolean appDataIsAvailable; + // reading lock + private final ReentrantLock readLock = new ReentrantLock(); + + // closing status + private volatile boolean isClosing; + private volatile boolean hasDepleted; + AppInputStream() { this.appDataIsAvailable = false; this.buffer = ByteBuffer.allocate(4096); @@ -768,8 +873,7 @@ * and returning "-1" on non-fault EOF status. */ @Override - public int read(byte[] b, int off, int len) - throws IOException { + public int read(byte[] b, int off, int len) throws IOException { if (b == null) { throw new NullPointerException("the target buffer is null"); } else if (off < 0 || len < 0 || len > b.length - off) { @@ -797,11 +901,40 @@ throw new SocketException("Connection or inbound has closed"); } + // Check if the input stream has been depleted. + // + // Note that the "hasDepleted" rather than the isClosing + // filed is checked here, in case the closing process is + // still in progress. + if (hasDepleted) { + if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { + SSLLogger.fine("The input stream has been depleted"); + } + + return -1; + } + // Read the available bytes at first. // // Note that the receiving and processing of post-handshake message // are also synchronized with the read lock. - synchronized (this) { + readLock.lock(); + try { + // Double check if the Socket is invalid (error or closed). + if (conContext.isBroken || conContext.isInboundClosed()) { + throw new SocketException( + "Connection or inbound has closed"); + } + + // Double check if the input stream has been depleted. + if (hasDepleted) { + if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { + SSLLogger.fine("The input stream is closing"); + } + + return -1; + } + int remains = available(); if (remains > 0) { int howmany = Math.min(remains, len); @@ -833,6 +966,18 @@ // dummy for compiler return -1; } + } finally { + // Check if the input stream is closing. + // + // If the deplete() did not hold the lock, clean up the + // input stream here. + try { + if (isClosing) { + readLockedDeplete(); + } + } finally { + readLock.unlock(); + } } } @@ -844,19 +989,24 @@ * things simpler. */ @Override - public synchronized long skip(long n) throws IOException { + public long skip(long n) throws IOException { // dummy array used to implement skip() byte[] skipArray = new byte[256]; + long skipped = 0; - long skipped = 0; - while (n > 0) { - int len = (int)Math.min(n, skipArray.length); - int r = read(skipArray, 0, len); - if (r <= 0) { - break; + readLock.lock(); + try { + while (n > 0) { + int len = (int)Math.min(n, skipArray.length); + int r = read(skipArray, 0, len); + if (r <= 0) { + break; + } + n -= r; + skipped += r; } - n -= r; - skipped += r; + } finally { + readLock.unlock(); } return skipped; @@ -899,23 +1049,78 @@ return false; } + + /** + * Try the best to use up the input records so as to close the + * socket gracefully, without impact the performance too much. + */ + private void deplete() { + if (conContext.isInboundClosed() || isClosing) { + return; + } + + isClosing = true; + if (readLock.tryLock()) { + try { + readLockedDeplete(); + } finally { + readLock.unlock(); + } + } + } + + /** + * Try to use up the input records. + * + * Please don't call this method unless the readLock is held by + * the current thread. + */ + private void readLockedDeplete() { + // double check + if (hasDepleted || conContext.isInboundClosed()) { + return; + } + + if (!(conContext.inputRecord instanceof SSLSocketInputRecord)) { + return; + } + + SSLSocketInputRecord socketInputRecord = + (SSLSocketInputRecord)conContext.inputRecord; + try { + socketInputRecord.deplete( + conContext.isNegotiated && (getSoTimeout() > 0)); + } catch (Exception ex) { + if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { + SSLLogger.warning( + "input stream close depletion failed", ex); + } + } finally { + hasDepleted = true; + } + } } @Override - public synchronized OutputStream getOutputStream() throws IOException { - if (isClosed()) { - throw new SocketException("Socket is closed"); - } + public OutputStream getOutputStream() throws IOException { + socketLock.lock(); + try { + if (isClosed()) { + throw new SocketException("Socket is closed"); + } - if (!isConnected) { - throw new SocketException("Socket is not connected"); - } + if (!isConnected) { + throw new SocketException("Socket is not connected"); + } - if (conContext.isOutboundDone() || isOutputShutdown()) { - throw new SocketException("Socket output is already shutdown"); + if (conContext.isOutboundDone() || isOutputShutdown()) { + throw new SocketException("Socket output is already shutdown"); + } + + return appOutput; + } finally { + socketLock.unlock(); } - - return appOutput; } @@ -975,9 +1180,11 @@ } catch (SSLHandshakeException she) { // may be record sequence number overflow throw conContext.fatal(Alert.HANDSHAKE_FAILURE, she); - } catch (IOException e) { - throw conContext.fatal(Alert.UNEXPECTED_MESSAGE, e); - } + } catch (SSLException ssle) { + throw conContext.fatal(Alert.UNEXPECTED_MESSAGE, ssle); + } // re-throw other IOException, which should be caused by + // the underlying plain socket and could be handled by + // applications (for example, re-try the connection). // Is the sequence number is nearly overflow, or has the key usage // limit been reached? @@ -1005,44 +1212,74 @@ } @Override - public synchronized SSLParameters getSSLParameters() { - return conContext.sslConfig.getSSLParameters(); - } - - @Override - public synchronized void setSSLParameters(SSLParameters params) { - conContext.sslConfig.setSSLParameters(params); - - if (conContext.sslConfig.maximumPacketSize != 0) { - conContext.outputRecord.changePacketSize( - conContext.sslConfig.maximumPacketSize); + public SSLParameters getSSLParameters() { + socketLock.lock(); + try { + return conContext.sslConfig.getSSLParameters(); + } finally { + socketLock.unlock(); } } @Override - public synchronized String getApplicationProtocol() { - return conContext.applicationProtocol; + public void setSSLParameters(SSLParameters params) { + socketLock.lock(); + try { + conContext.sslConfig.setSSLParameters(params); + + if (conContext.sslConfig.maximumPacketSize != 0) { + conContext.outputRecord.changePacketSize( + conContext.sslConfig.maximumPacketSize); + } + } finally { + socketLock.unlock(); + } } @Override - public synchronized String getHandshakeApplicationProtocol() { - if (conContext.handshakeContext != null) { - return conContext.handshakeContext.applicationProtocol; + public String getApplicationProtocol() { + socketLock.lock(); + try { + return conContext.applicationProtocol; + } finally { + socketLock.unlock(); + } + } + + @Override + public String getHandshakeApplicationProtocol() { + socketLock.lock(); + try { + if (conContext.handshakeContext != null) { + return conContext.handshakeContext.applicationProtocol; + } + } finally { + socketLock.unlock(); } return null; } @Override - public synchronized void setHandshakeApplicationProtocolSelector( + public void setHandshakeApplicationProtocolSelector( BiFunction<SSLSocket, List<String>, String> selector) { - conContext.sslConfig.socketAPSelector = selector; + socketLock.lock(); + try { + conContext.sslConfig.socketAPSelector = selector; + } finally { + socketLock.unlock(); + } } @Override - public synchronized BiFunction<SSLSocket, List<String>, String> + public BiFunction<SSLSocket, List<String>, String> getHandshakeApplicationProtocolSelector() { - return conContext.sslConfig.socketAPSelector; + socketLock.lock(); + try { + return conContext.sslConfig.socketAPSelector; + } finally { + socketLock.unlock(); + } } /** @@ -1112,8 +1349,11 @@ try { Plaintext plainText; - synchronized (this) { + socketLock.lock(); + try { plainText = decode(buffer); + } finally { + socketLock.unlock(); } if (plainText.contentType == ContentType.APPLICATION_DATA.id && buffer.position() > 0) { @@ -1192,27 +1432,33 @@ * * Called by connect, the layered constructor, and SSLServerSocket. */ - synchronized void doneConnect() throws IOException { - // In server mode, it is not necessary to set host and serverNames. - // Otherwise, would require a reverse DNS lookup to get the hostname. - if (peerHost == null || peerHost.isEmpty()) { - boolean useNameService = - trustNameService && conContext.sslConfig.isClientMode; - useImplicitHost(useNameService); - } else { - conContext.sslConfig.serverNames = - Utilities.addToSNIServerNameList( - conContext.sslConfig.serverNames, peerHost); + void doneConnect() throws IOException { + socketLock.lock(); + try { + // In server mode, it is not necessary to set host and serverNames. + // Otherwise, would require a reverse DNS lookup to get + // the hostname. + if (peerHost == null || peerHost.isEmpty()) { + boolean useNameService = + trustNameService && conContext.sslConfig.isClientMode; + useImplicitHost(useNameService); + } else { + conContext.sslConfig.serverNames = + Utilities.addToSNIServerNameList( + conContext.sslConfig.serverNames, peerHost); + } + + InputStream sockInput = super.getInputStream(); + conContext.inputRecord.setReceiverStream(sockInput); + + OutputStream sockOutput = super.getOutputStream(); + conContext.inputRecord.setDeliverStream(sockOutput); + conContext.outputRecord.setDeliverStream(sockOutput); + + this.isConnected = true; + } finally { + socketLock.unlock(); } - - InputStream sockInput = super.getInputStream(); - conContext.inputRecord.setReceiverStream(sockInput); - - OutputStream sockOutput = super.getOutputStream(); - conContext.inputRecord.setDeliverStream(sockOutput); - conContext.outputRecord.setDeliverStream(sockOutput); - - this.isConnected = true; } private void useImplicitHost(boolean useNameService) { @@ -1256,11 +1502,16 @@ // Please NOTE that this method MUST be called before calling to // SSLSocket.setSSLParameters(). Otherwise, the {@code host} parameter // may override SNIHostName in the customized server name indication. - public synchronized void setHost(String host) { - this.peerHost = host; - this.conContext.sslConfig.serverNames = - Utilities.addToSNIServerNameList( - conContext.sslConfig.serverNames, host); + public void setHost(String host) { + socketLock.lock(); + try { + this.peerHost = host; + this.conContext.sslConfig.serverNames = + Utilities.addToSNIServerNameList( + conContext.sslConfig.serverNames, host); + } finally { + socketLock.unlock(); + } } /**
--- a/src/share/classes/sun/security/ssl/SSLSocketInputRecord.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ssl/SSLSocketInputRecord.java Mon Apr 19 04:23:30 2021 +0100 @@ -472,4 +472,17 @@ return n; } + + // Try to use up the input stream without impact the performance too much. + void deplete(boolean tryToRead) throws IOException { + int remaining = is.available(); + if (tryToRead && (remaining == 0)) { + // try to wait and read one byte if no buffered input + is.read(); + } + + while ((remaining = is.available()) != 0) { + is.skip(remaining); + } + } }
--- a/src/share/classes/sun/security/ssl/SSLTransport.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ssl/SSLTransport.java Mon Apr 19 04:23:30 2021 +0100 @@ -28,6 +28,7 @@ import java.io.EOFException; import java.io.IOException; import java.nio.ByteBuffer; +import javax.crypto.AEADBadTagException; import javax.crypto.BadPaddingException; import javax.net.ssl.SSLHandshakeException; @@ -114,6 +115,8 @@ } throw context.fatal(Alert.UNEXPECTED_MESSAGE, unsoe); + } catch (AEADBadTagException bte) { + throw context.fatal(Alert.BAD_RECORD_MAC, bte); } catch (BadPaddingException bpe) { /* * The basic SSLv3 record protection involves (optional) @@ -121,9 +124,9 @@ * data origin authentication. We do them both here, and * throw a fatal alert if the integrity check fails. */ - Alert alert = (context.handshakeContext != null) ? - Alert.HANDSHAKE_FAILURE : - Alert.BAD_RECORD_MAC; + Alert alert = (context.handshakeContext != null) ? + Alert.HANDSHAKE_FAILURE : + Alert.BAD_RECORD_MAC; throw context.fatal(alert, bpe); } catch (SSLHandshakeException she) { // may be record sequence number overflow
--- a/src/share/classes/sun/security/ssl/ServerHello.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ssl/ServerHello.java Mon Apr 19 04:23:30 2021 +0100 @@ -276,6 +276,7 @@ if (shc.localSupportedSignAlgs == null) { shc.localSupportedSignAlgs = SignatureScheme.getSupportedAlgorithms( + shc.sslConfig, shc.algorithmConstraints, shc.activeProtocols); } @@ -504,6 +505,7 @@ if (shc.localSupportedSignAlgs == null) { shc.localSupportedSignAlgs = SignatureScheme.getSupportedAlgorithms( + shc.sslConfig, shc.algorithmConstraints, shc.activeProtocols); }
--- a/src/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java Mon Apr 19 04:23:30 2021 +0100 @@ -186,6 +186,7 @@ if (chc.localSupportedSignAlgs == null) { chc.localSupportedSignAlgs = SignatureScheme.getSupportedAlgorithms( + chc.sslConfig, chc.algorithmConstraints, chc.activeProtocols); } @@ -278,6 +279,7 @@ // update the context List<SignatureScheme> sss = SignatureScheme.getSupportedAlgorithms( + shc.sslConfig, shc.algorithmConstraints, shc.negotiatedProtocol, spec.signatureSchemes); shc.peerRequestedSignatureSchemes = sss; @@ -413,7 +415,9 @@ protocols = Collections.unmodifiableList(protocols); List<SignatureScheme> sigAlgs = SignatureScheme.getSupportedAlgorithms( - shc.algorithmConstraints, protocols); + shc.sslConfig, + shc.algorithmConstraints, + protocols); int vectorLen = SignatureScheme.sizeInRecord() * sigAlgs.size(); byte[] extData = new byte[vectorLen + 2]; @@ -512,6 +516,7 @@ // update the context List<SignatureScheme> sss = SignatureScheme.getSupportedAlgorithms( + chc.sslConfig, chc.algorithmConstraints, chc.negotiatedProtocol, spec.signatureSchemes); chc.peerRequestedSignatureSchemes = sss;
--- a/src/share/classes/sun/security/ssl/SignatureScheme.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ssl/SignatureScheme.java Mon Apr 19 04:23:30 2021 +0100 @@ -341,6 +341,17 @@ return signName + "_" + hashName; } + // Note: the signatureSchemeName is not case-sensitive. + static SignatureScheme nameOf(String signatureSchemeName) { + for (SignatureScheme ss: SignatureScheme.values()) { + if (ss.name.equalsIgnoreCase(signatureSchemeName)) { + return ss; + } + } + + return null; + } + // Return the size of a SignatureScheme structure in TLS record static int sizeInRecord() { return 2; @@ -349,11 +360,19 @@ // Get local supported algorithm collection complying to algorithm // constraints. static List<SignatureScheme> getSupportedAlgorithms( + SSLConfiguration config, AlgorithmConstraints constraints, List<ProtocolVersion> activeProtocols) { List<SignatureScheme> supported = new LinkedList<>(); for (SignatureScheme ss: SignatureScheme.values()) { - if (!ss.isAvailable) { + if (!ss.isAvailable || + (!config.signatureSchemes.isEmpty() && + !config.signatureSchemes.contains(ss))) { + if (SSLLogger.isOn && + SSLLogger.isOn("ssl,handshake,verbose")) { + SSLLogger.finest( + "Ignore unsupported signature scheme: " + ss.name); + } continue; } @@ -385,6 +404,7 @@ } static List<SignatureScheme> getSupportedAlgorithms( + SSLConfiguration config, AlgorithmConstraints constraints, ProtocolVersion protocolVersion, int[] algorithmIds) { List<SignatureScheme> supported = new LinkedList<>(); @@ -398,6 +418,8 @@ } } else if (ss.isAvailable && ss.supportedProtocols.contains(protocolVersion) && + (config.signatureSchemes.isEmpty() || + config.signatureSchemes.contains(ss)) && constraints.permits(SIGNATURE_PRIMITIVE_SET, ss.algorithm, null)) { supported.add(ss);
--- a/src/share/classes/sun/security/ssl/TransportContext.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/ssl/TransportContext.java Mon Apr 19 04:23:30 2021 +0100 @@ -426,7 +426,7 @@ sslContext.getDefaultCipherSuites(!useClientMode); } - sslConfig.isClientMode = useClientMode; + sslConfig.toggleClientMode(); } isUnsureMode = false;
--- a/src/share/classes/sun/security/tools/jarsigner/Main.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/tools/jarsigner/Main.java Mon Apr 19 04:23:30 2021 +0100 @@ -108,6 +108,10 @@ new DisabledAlgorithmConstraints( DisabledAlgorithmConstraints.PROPERTY_JAR_DISABLED_ALGS); + private static final DisabledAlgorithmConstraints LEGACY_CHECK = + new DisabledAlgorithmConstraints( + DisabledAlgorithmConstraints.PROPERTY_SECURITY_LEGACY_ALGS); + private static final Set<CryptoPrimitive> DIGEST_PRIMITIVE_SET = Collections .unmodifiableSet(EnumSet.of(CryptoPrimitive.MESSAGE_DIGEST)); private static final Set<CryptoPrimitive> SIG_PRIMITIVE_SET = Collections @@ -184,6 +188,11 @@ // If there is a time stamp block inside the PKCS7 block file boolean hasTimestampBlock = false; + private PublicKey weakPublicKey = null; + private boolean disabledAlgFound = false; + private String legacyDigestAlg = null; + private String legacyTsaDigestAlg = null; + private String legacySigAlg = null; // Severe warnings. @@ -194,7 +203,8 @@ // only tsaChainNotValidated is set, i.e. has no affect on hasExpiredCert, // notYetValidCert, or any badXyzUsage. - private int weakAlg = 0; // 1. digestalg, 2. sigalg, 4. tsadigestalg + private int legacyAlg = 0; // 1. digestalg, 2. sigalg, 4. tsadigestalg, 8. key + private int disabledAlg = 0; // 1. digestalg, 2. sigalg, 4. tsadigestalg, 8. key private boolean hasExpiredCert = false; private boolean hasExpiredTsaCert = false; private boolean notYetValidCert = false; @@ -211,8 +221,6 @@ private Throwable chainNotValidatedReason = null; private Throwable tsaChainNotValidatedReason = null; - private boolean seeWeak = false; - PKIXBuilderParameters pkixParameters; Set<X509Certificate> trustedCerts = new HashSet<>(); @@ -301,7 +309,7 @@ if (strict) { int exitCode = 0; - if (weakAlg != 0 || chainNotValidated || hasExpiredCert + if (disabledAlg != 0 || chainNotValidated || hasExpiredCert || hasExpiredTsaCert || notYetValidCert || signerSelfSigned) { exitCode |= 4; } @@ -838,7 +846,7 @@ } // Even if the verbose option is not specified, all out strings - // must be generated so seeWeak can be updated. + // must be generated so disabledAlgFound can be updated. if (!digestMap.isEmpty() || !sigMap.isEmpty() || !unparsableSignatures.isEmpty()) { @@ -882,21 +890,21 @@ history = String.format( rb.getString("history.with.ts"), signer.getSubjectX500Principal(), - withWeak(digestAlg, DIGEST_PRIMITIVE_SET), - withWeak(sigAlg, SIG_PRIMITIVE_SET), - withWeak(key), + verifyWithWeak(digestAlg, DIGEST_PRIMITIVE_SET, false), + verifyWithWeak(sigAlg, SIG_PRIMITIVE_SET, false), + verifyWithWeak(key), c, tsSigner.getSubjectX500Principal(), - withWeak(tsDigestAlg, DIGEST_PRIMITIVE_SET), - withWeak(tsSigAlg, SIG_PRIMITIVE_SET), - withWeak(tsKey)); + verifyWithWeak(tsDigestAlg, DIGEST_PRIMITIVE_SET, true), + verifyWithWeak(tsSigAlg, SIG_PRIMITIVE_SET, true), + verifyWithWeak(tsKey)); } else { history = String.format( rb.getString("history.without.ts"), signer.getSubjectX500Principal(), - withWeak(digestAlg, DIGEST_PRIMITIVE_SET), - withWeak(sigAlg, SIG_PRIMITIVE_SET), - withWeak(key)); + verifyWithWeak(digestAlg, DIGEST_PRIMITIVE_SET, false), + verifyWithWeak(sigAlg, SIG_PRIMITIVE_SET, false), + verifyWithWeak(key)); } } catch (Exception e) { // The only usage of sigNameMap, remember the name @@ -929,7 +937,7 @@ } if (!anySigned) { - if (seeWeak) { + if (disabledAlgFound) { if (verbose != null) { System.out.println(rb.getString("jar.treated.unsigned.see.weak.verbose")); System.out.println("\n " + @@ -972,8 +980,8 @@ if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType || notYetValidCert || chainNotValidated || hasExpiredCert || - hasUnsignedEntry || signerSelfSigned || (weakAlg != 0) || - aliasNotInStore || notSignedByAlias || + hasUnsignedEntry || signerSelfSigned || (legacyAlg != 0) || + (disabledAlg != 0) || aliasNotInStore || notSignedByAlias || tsaChainNotValidated || (hasExpiredTsaCert && !signerNotExpired)) { @@ -1055,28 +1063,75 @@ : "This.jar.contains.entries.whose.signer.certificate.is.self.signed.")); } - // weakAlg only detected in signing. The jar file is - // now simply treated unsigned in verifying. - if ((weakAlg & 1) == 1) { - errors.add(String.format( - rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."), - digestalg, "-digestalg")); - } + if (isSigning) { + if ((legacyAlg & 1) == 1) { + warnings.add(String.format( + rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update."), + digestalg, "-digestalg")); + } + + if ((disabledAlg & 1) == 1) { + errors.add(String.format( + rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk.and.is.disabled."), + digestalg, "-digestalg")); + } + + if ((legacyAlg & 2) == 2) { + warnings.add(String.format( + rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update."), + sigalg, "-sigalg")); + } + if ((disabledAlg & 2) == 2) { + errors.add(String.format( + rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk.and.is.disabled."), + sigalg, "-sigalg")); + } + + if ((legacyAlg & 4) == 4) { + warnings.add(String.format( + rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update."), + tSADigestAlg, "-tsadigestalg")); + } + if ((disabledAlg & 4) == 4) { + errors.add(String.format( + rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk.and.is.disabled."), + tSADigestAlg, "-tsadigestalg")); + } - if ((weakAlg & 2) == 2) { - errors.add(String.format( - rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."), - sigalg, "-sigalg")); - } - if ((weakAlg & 4) == 4) { - errors.add(String.format( - rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."), - tSADigestAlg, "-tsadigestalg")); - } - if ((weakAlg & 8) == 8) { - errors.add(String.format( - rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk."), - privateKey.getAlgorithm(), KeyUtil.getKeySize(privateKey))); + if ((legacyAlg & 8) == 8) { + warnings.add(String.format( + rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk..This.key.size.will.be.disabled.in.a.future.update."), + privateKey.getAlgorithm(), KeyUtil.getKeySize(privateKey))); + } + if ((disabledAlg & 8) == 8) { + errors.add(String.format( + rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk.and.is.disabled."), + privateKey.getAlgorithm(), KeyUtil.getKeySize(privateKey))); + } + } else { + if ((legacyAlg & 1) != 0) { + warnings.add(String.format( + rb.getString("The.digest.algorithm.1.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update."), + legacyDigestAlg)); + } + + if ((legacyAlg & 2) == 2) { + warnings.add(String.format( + rb.getString("The.signature.algorithm.1.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update."), + legacySigAlg)); + } + + if ((legacyAlg & 4) != 0) { + warnings.add(String.format( + rb.getString("The.digest.algorithm.1.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update."), + legacyTsaDigestAlg)); + } + + if ((legacyAlg & 8) == 8) { + warnings.add(String.format( + rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk..This.key.size.will.be.disabled.in.a.future.update."), + weakPublicKey.getAlgorithm(), KeyUtil.getKeySize(weakPublicKey))); + } } } else { result = rb.getString(isSigning ? "jar.signed." : "jar.verified."); @@ -1185,23 +1240,84 @@ } } - private String withWeak(String alg, Set<CryptoPrimitive> primitiveSet) { + private String verifyWithWeak(String alg, Set<CryptoPrimitive> primitiveSet, boolean tsa) { if (DISABLED_CHECK.permits(primitiveSet, alg, null)) { - return alg; + if (LEGACY_CHECK.permits(primitiveSet, alg, null)) { + return alg; + } else { + if (primitiveSet == SIG_PRIMITIVE_SET) { + legacyAlg |= 2; + legacySigAlg = alg; + } else { + if (tsa) { + legacyAlg |= 4; + legacyTsaDigestAlg = alg; + } else { + legacyAlg |= 1; + legacyDigestAlg = alg; + } + } + return String.format(rb.getString("with.weak"), alg); + } } else { - seeWeak = true; - return String.format(rb.getString("with.weak"), alg); + disabledAlgFound = true; + return String.format(rb.getString("with.disabled"), alg); } } - private String withWeak(PublicKey key) { + private String verifyWithWeak(PublicKey key) { + int kLen = KeyUtil.getKeySize(key); if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) { - return String.format( - rb.getString("key.bit"), KeyUtil.getKeySize(key)); + if (LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) { + if (kLen >= 0) { + return String.format(rb.getString("key.bit"), kLen); + } else { + return rb.getString("unknown.size"); + } + } else { + weakPublicKey = key; + legacyAlg |= 8; + return String.format(rb.getString("key.bit.weak"), kLen); + } } else { - seeWeak = true; - return String.format( - rb.getString("key.bit.weak"), KeyUtil.getKeySize(key)); + disabledAlgFound = true; + return String.format(rb.getString("key.bit.disabled"), kLen); + } + } + + private void checkWeakSign(String alg, Set<CryptoPrimitive> primitiveSet, boolean tsa) { + if (DISABLED_CHECK.permits(primitiveSet, alg, null)) { + if (!LEGACY_CHECK.permits(primitiveSet, alg, null)) { + if (primitiveSet == SIG_PRIMITIVE_SET) { + legacyAlg |= 2; + } else { + if (tsa) { + legacyAlg |= 4; + } else { + legacyAlg |= 1; + } + } + } + } else { + if (primitiveSet == SIG_PRIMITIVE_SET) { + disabledAlg |= 2; + } else { + if (tsa) { + disabledAlg |= 4; + } else { + disabledAlg |= 1; + } + } + } + } + + private void checkWeakSign(PrivateKey key) { + if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) { + if (!LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) { + legacyAlg |= 8; + } + } else { + disabledAlg |= 8; } } @@ -1426,22 +1542,18 @@ void signJar(String jarName, String alias, String[] args) throws Exception { - DisabledAlgorithmConstraints dac = - new DisabledAlgorithmConstraints( - DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS); - - if (digestalg != null && !dac.permits( - Collections.singleton(CryptoPrimitive.MESSAGE_DIGEST), digestalg, null)) { - weakAlg |= 1; + checkWeakSign(digestalg, DIGEST_PRIMITIVE_SET, false); + checkWeakSign(tSADigestAlg, DIGEST_PRIMITIVE_SET, true); + /* + * If no signature algorithm was specified, we choose a + * default that is compatible with the private key algorithm. + */ + if (sigalg == null) { + sigalg = getDefaultSignatureAlgorithm(privateKey); } - if (tSADigestAlg != null && !dac.permits( - Collections.singleton(CryptoPrimitive.MESSAGE_DIGEST), tSADigestAlg, null)) { - weakAlg |= 4; - } - if (sigalg != null && !dac.permits( - Collections.singleton(CryptoPrimitive.SIGNATURE), sigalg, null)) { - weakAlg |= 2; - } + checkWeakSign(sigalg, SIG_PRIMITIVE_SET, false); + + checkWeakSign(privateKey); boolean aliasUsed = false; X509Certificate tsaCert = null; @@ -1833,10 +1945,22 @@ } } } - displayMessagesAndResult(true); } + private static String getDefaultSignatureAlgorithm(PrivateKey privateKey) { + String keyAlgorithm = privateKey.getAlgorithm(); + if (keyAlgorithm.equalsIgnoreCase("DSA")) + return "SHA256withDSA"; + else if (keyAlgorithm.equalsIgnoreCase("RSA")) + return "SHA256withRSA"; + else if (keyAlgorithm.equalsIgnoreCase("EC")) + return "SHA256withECDSA"; + throw new RuntimeException("private key is not a DSA or " + + "RSA key"); + } + + /** * Find the length of header inside bs. The header is a multiple (>=0) * lines of attributes plus an empty line. The empty line is included @@ -2735,26 +2859,8 @@ } BigInteger serial = certChain[0].getSerialNumber(); - String signatureAlgorithm; + String signatureAlgorithm = sigalg; String keyAlgorithm = privateKey.getAlgorithm(); - /* - * If no signature algorithm was specified, we choose a - * default that is compatible with the private key algorithm. - */ - if (sigalg == null) { - - if (keyAlgorithm.equalsIgnoreCase("DSA")) - signatureAlgorithm = "SHA256withDSA"; - else if (keyAlgorithm.equalsIgnoreCase("RSA")) - signatureAlgorithm = "SHA256withRSA"; - else if (keyAlgorithm.equalsIgnoreCase("EC")) - signatureAlgorithm = "SHA256withECDSA"; - else - throw new RuntimeException("private key is not a DSA or " - + "RSA key"); - } else { - signatureAlgorithm = sigalg; - } // check common invalid key/signature algorithm combinations String sigAlgUpperCase = signatureAlgorithm.toUpperCase(Locale.ENGLISH);
--- a/src/share/classes/sun/security/tools/jarsigner/Resources.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/tools/jarsigner/Resources.java Mon Apr 19 04:23:30 2021 +0100 @@ -155,8 +155,11 @@ {"history.nobk", "- Missing block file for signature-related file META-INF/%s.SF"}, {"with.weak", "%s (weak)"}, + {"with.disabled", "%s (disabled)"}, {"key.bit", "%d-bit key"}, {"key.bit.weak", "%d-bit key (weak)"}, + {"key.bit.disabled", "%d-bit key (disabled)"}, + {"unknown.size", "unknown size"}, {"jarsigner.", "jarsigner: "}, {"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.", @@ -268,8 +271,18 @@ "The TSA certificate chain is invalid. Reason: %s"}, {"The.signer.s.certificate.is.self.signed.", "The signer's certificate is self-signed."}, - {"The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk.", - "The %1$s algorithm specified for the %2$s option is considered a security risk."}, + {"The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update.", + "The %1$s algorithm specified for the %2$s option is considered a security risk. This algorithm will be disabled in a future update."}, + {"The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk.and.is.disabled.", + "The %1$s algorithm specified for the %2$s option is considered a security risk and is disabled."}, + {"The.digest.algorithm.1.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update.", + "The %1$s digest algorithm is considered a security risk. This algorithm will be disabled in a future update."}, + {"The.signature.algorithm.1.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update.", + "The %1$s signature algorithm is considered a security risk. This algorithm will be disabled in a future update."}, + {"The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk..This.key.size.will.be.disabled.in.a.future.update.", + "The %1$s signing key has a keysize of %2$d which is considered a security risk. This key size will be disabled in a future update."}, + {"The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk.and.is.disabled.", + "The %1$s signing key has a keysize of %2$d which is considered a security risk and is disabled."}, {"This.jar.contains.entries.whose.certificate.chain.is.invalid.reason.1", "This jar contains entries whose certificate chain is invalid. Reason: %s"}, {"This.jar.contains.entries.whose.tsa.certificate.chain.is.invalid.reason.1",
--- a/src/share/classes/sun/security/tools/keytool/Main.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Main.java Mon Apr 19 04:23:30 2021 +0100 @@ -50,7 +50,9 @@ import java.security.cert.CRL; import java.security.cert.X509Certificate; import java.security.cert.CertificateException; +import java.security.interfaces.ECKey; import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.ECParameterSpec; import java.text.Collator; import java.text.MessageFormat; import java.util.*; @@ -71,6 +73,7 @@ import sun.security.util.DisabledAlgorithmConstraints; import sun.security.util.KeyUtil; +import sun.security.util.NamedCurve; import sun.security.util.ObjectIdentifier; import sun.security.pkcs10.PKCS10; import sun.security.pkcs10.PKCS10Attribute; @@ -182,6 +185,10 @@ new DisabledAlgorithmConstraints( DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS); + private static final DisabledAlgorithmConstraints LEGACY_CHECK = + new DisabledAlgorithmConstraints( + DisabledAlgorithmConstraints.PROPERTY_SECURITY_LEGACY_ALGS); + private static final Set<CryptoPrimitive> SIG_PRIMITIVE_SET = Collections .unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE)); @@ -1937,8 +1944,8 @@ } else { // Print the digest of the user cert only out.println - (rb.getString("Certificate.fingerprint.SHA1.") + - getCertFingerPrint("SHA1", chain[0])); + (rb.getString("Certificate.fingerprint.SHA.256.") + + getCertFingerPrint("SHA-256", chain[0])); checkWeak(label, chain[0]); } } @@ -1959,8 +1966,8 @@ out.println(cert.toString()); } else { out.println("trustedCertEntry, "); - out.println(rb.getString("Certificate.fingerprint.SHA1.") - + getCertFingerPrint("SHA1", cert)); + out.println(rb.getString("Certificate.fingerprint.SHA.256.") + + getCertFingerPrint("SHA-256", cert)); } checkWeak(label, cert); } else { @@ -3087,19 +3094,42 @@ private String withWeak(String alg) { if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, alg, null)) { - return alg; + if (LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, alg, null)) { + return alg; + } else { + return String.format(rb.getString("with.weak"), alg); + } } else { - return String.format(rb.getString("with.weak"), alg); + return String.format(rb.getString("with.disabled"), alg); } } + private String fullDisplayAlgName(Key key) { + String result = key.getAlgorithm(); + if (key instanceof ECKey) { + ECParameterSpec paramSpec = ((ECKey) key).getParams(); + if (paramSpec instanceof NamedCurve) { + result += " (" + paramSpec.toString().split(" ")[0] + ")"; + } + } + return result; + } + private String withWeak(PublicKey key) { + int kLen = KeyUtil.getKeySize(key); + String displayAlg = fullDisplayAlgName(key); if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) { - return String.format(rb.getString("key.bit"), - KeyUtil.getKeySize(key), key.getAlgorithm()); + if (LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) { + if (kLen >= 0) { + return String.format(rb.getString("key.bit"), kLen, displayAlg); + } else { + return String.format(rb.getString("unknown.size.1"), displayAlg); + } + } else { + return String.format(rb.getString("key.bit.weak"), kLen, displayAlg); + } } else { - return String.format(rb.getString("key.bit.weak"), - KeyUtil.getKeySize(key), key.getAlgorithm()); + return String.format(rb.getString("key.bit.disabled"), kLen, displayAlg); } } @@ -3109,23 +3139,6 @@ private void printX509Cert(X509Certificate cert, PrintStream out) throws Exception { - /* - out.println("Owner: " - + cert.getSubjectDN().toString() - + "\n" - + "Issuer: " - + cert.getIssuerDN().toString() - + "\n" - + "Serial number: " + cert.getSerialNumber().toString(16) - + "\n" - + "Valid from: " + cert.getNotBefore().toString() - + " until: " + cert.getNotAfter().toString() - + "\n" - + "Certificate fingerprints:\n" - + "\t MD5: " + getCertFingerPrint("MD5", cert) - + "\n" - + "\t SHA1: " + getCertFingerPrint("SHA1", cert)); - */ MessageFormat form = new MessageFormat (rb.getString(".PATTERN.printX509Cert.with.weak")); @@ -3140,8 +3153,7 @@ cert.getSerialNumber().toString(16), cert.getNotBefore().toString(), cert.getNotAfter().toString(), - getCertFingerPrint("MD5", cert), - getCertFingerPrint("SHA1", cert), + getCertFingerPrint("SHA-1", cert), getCertFingerPrint("SHA-256", cert), sigName, withWeak(pkey), @@ -4372,18 +4384,28 @@ } private void checkWeak(String label, String sigAlg, Key key) { - - if (sigAlg != null && !DISABLED_CHECK.permits( - SIG_PRIMITIVE_SET, sigAlg, null)) { - weakWarnings.add(String.format( - rb.getString("whose.sigalg.risk"), label, sigAlg)); + if (sigAlg != null) { + if (!DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, sigAlg, null)) { + weakWarnings.add(String.format( + rb.getString("whose.sigalg.disabled"), label, sigAlg)); + } else if (!LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, sigAlg, null)) { + weakWarnings.add(String.format( + rb.getString("whose.sigalg.weak"), label, sigAlg)); + } } - if (key != null && !DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) { - weakWarnings.add(String.format( - rb.getString("whose.key.risk"), - label, + + if (key != null) { + if (!DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) { + weakWarnings.add(String.format( + rb.getString("whose.key.disabled"), label, String.format(rb.getString("key.bit"), - KeyUtil.getKeySize(key), key.getAlgorithm()))); + KeyUtil.getKeySize(key), fullDisplayAlgName(key)))); + } else if (!LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) { + weakWarnings.add(String.format( + rb.getString("whose.key.weak"), label, + String.format(rb.getString("key.bit"), + KeyUtil.getKeySize(key), fullDisplayAlgName(key)))); + } } }
--- a/src/share/classes/sun/security/tools/keytool/Resources.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Resources.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -308,7 +308,7 @@ {"Entry.type.type.", "Entry type: {0}"}, {"Certificate.chain.length.", "Certificate chain length: "}, {"Certificate.i.1.", "Certificate[{0,number,integer}]:"}, - {"Certificate.fingerprint.SHA1.", "Certificate fingerprint (SHA1): "}, + {"Certificate.fingerprint.SHA.256.", "Certificate fingerprint (SHA-256): "}, {"Keystore.type.", "Keystore type: "}, {"Keystore.provider.", "Keystore provider: "}, {"Your.keystore.contains.keyStore.size.entry", @@ -445,16 +445,21 @@ {"alias.in.cacerts", "Issuer <%s> in cacerts"}, {"alias.in.keystore", "Issuer <%s>"}, {"with.weak", "%s (weak)"}, + {"with.disabled", "%s (disabled)"}, {"key.bit", "%1$d-bit %2$s key"}, {"key.bit.weak", "%1$d-bit %2$s key (weak)"}, + {"key.bit.disabled", "%1$d-bit %2$s key (disabled)"}, + {"unknown.size.1", "unknown size %s key"}, {".PATTERN.printX509Cert.with.weak", - "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\nSignature algorithm name: {8}\nSubject Public Key Algorithm: {9}\nVersion: {10}"}, + "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t SHA1: {5}\n\t SHA256: {6}\nSignature algorithm name: {7}\nSubject Public Key Algorithm: {8} ({9,number,#})\nVersion: {10}"}, {"PKCS.10.with.weak", "PKCS #10 Certificate Request (Version 1.0)\n" + "Subject: %1$s\nFormat: %2$s\nPublic Key: %3$s\nSignature algorithm: %4$s\n"}, {"verified.by.s.in.s.weak", "Verified by %1$s in %2$s with a %3$s"}, - {"whose.sigalg.risk", "%1$s uses the %2$s signature algorithm which is considered a security risk."}, - {"whose.key.risk", "%1$s uses a %2$s which is considered a security risk."}, + {"whose.sigalg.disabled", "%1$s uses the %2$s signature algorithm which is considered a security risk and is disabled."}, + {"whose.sigalg.weak", "%1$s uses the %2$s signature algorithm which is considered a security risk. This algorithm will be disabled in a future update."}, + {"whose.key.disabled", "%1$s uses a %2$s which is considered a security risk and is disabled."}, + {"whose.key.weak", "%1$s uses a %2$s which is considered a security risk. This key size will be disabled in a future update."}, {"jks.storetype.warning", "The %1$s keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using \"keytool -importkeystore -srckeystore %2$s -destkeystore %2$s -deststoretype pkcs12\"."}, {"migrate.keystore.warning", "Migrated \"%1$s\" to %4$s. The %2$s keystore is backed up as \"%3$s\"."}, {"backup.keystore.warning", "The original keystore \"%1$s\" is backed up as \"%3$s\"..."},
--- a/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,10 @@ import java.security.AlgorithmConstraints; import java.security.PrivilegedAction; import java.security.Security; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; import java.util.Set; /** @@ -44,7 +48,7 @@ } // Get algorithm constraints from the specified security property. - static String[] getAlgorithms(String propertyName) { + static List<String> getAlgorithms(String propertyName) { String property = AccessController.doPrivileged( new PrivilegedAction<String>() { @Override @@ -68,12 +72,12 @@ // map the disabled algorithms if (algorithmsInProperty == null) { - algorithmsInProperty = new String[0]; + return Collections.emptyList(); } - return algorithmsInProperty; + return new ArrayList<>(Arrays.asList(algorithmsInProperty)); } - static boolean checkAlgorithm(String[] algorithms, String algorithm, + static boolean checkAlgorithm(List<String> algorithms, String algorithm, AlgorithmDecomposer decomposer) { if (algorithm == null || algorithm.length() == 0) { throw new IllegalArgumentException("No algorithm name specified");
--- a/src/share/classes/sun/security/util/ConstraintsParameters.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/util/ConstraintsParameters.java Mon Apr 19 04:23:30 2021 +0100 @@ -31,6 +31,7 @@ import java.security.Key; import java.security.Timestamp; import java.security.cert.X509Certificate; +import java.security.interfaces.ECKey; import java.util.Date; /** @@ -49,8 +50,8 @@ private final String algorithm; // AlgorithmParameters to the algorithm being checked private final AlgorithmParameters algParams; - // Public Key being checked against constraints - private final Key publicKey; + // Key being checked against constraints + private final Key key; /* * New values that are checked against constraints that the current public @@ -66,6 +67,9 @@ // Timestamp of the signed JAR file private final Timestamp jarTimestamp; private final String variant; + // Named Curve + private final String[] curveStr; + private static final String[] EMPTYLIST = new String[0]; public ConstraintsParameters(X509Certificate c, boolean match, Date pkixdate, Timestamp jarTime, String variant) { @@ -76,14 +80,20 @@ this.variant = (variant == null ? Validator.VAR_GENERIC : variant); algorithm = null; algParams = null; - publicKey = null; + key = null; + if (c != null) { + curveStr = getNamedCurveFromKey(c.getPublicKey()); + } else { + curveStr = EMPTYLIST; + } } public ConstraintsParameters(String algorithm, AlgorithmParameters params, Key key, String variant) { this.algorithm = algorithm; algParams = params; - this.publicKey = key; + this.key = key; + curveStr = getNamedCurveFromKey(key); cert = null; trustedMatch = false; pkixDate = null; @@ -109,9 +119,10 @@ return algParams; } - public Key getPublicKey() { - return publicKey; + public Key getKey() { + return key; } + // Returns if the trust anchor has a match if anchor checking is enabled. public boolean isTrustedMatch() { return trustedMatch; @@ -132,4 +143,42 @@ public String getVariant() { return variant; } + + public String[] getNamedCurve() { + return curveStr; + } + + public static String[] getNamedCurveFromKey(Key key) { + if (key instanceof ECKey) { + NamedCurve nc = CurveDB.lookup(((ECKey)key).getParams()); + return (nc == null ? EMPTYLIST : CurveDB.getNamesByOID(nc.getObjectId())); + } else { + return EMPTYLIST; + } + } + + public String toString() { + StringBuilder s = new StringBuilder(); + s.append("Cert: "); + if (cert != null) { + s.append(cert.toString()); + s.append("\nSigAlgo: "); + s.append(cert.getSigAlgName()); + } else { + s.append("None"); + } + s.append("\nAlgParams: "); + if (getAlgParams() != null) { + getAlgParams().toString(); + } else { + s.append("None"); + } + s.append("\nNamedCurves: "); + for (String c : getNamedCurve()) { + s.append(c + " "); + } + s.append("\nVariant: " + getVariant()); + return s.toString(); + } + }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/util/CurveDB.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,747 @@ +/* + * Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.util; + +import java.math.BigInteger; + +import java.security.spec.*; + +import java.util.*; +import java.util.regex.Pattern; + +import sun.security.util.ECUtil; + +/** + * Repository for well-known Elliptic Curve parameters. It is used by both + * the SunPKCS11 and SunJSSE code. + * + * @since 1.6 + * @author Andreas Sterbenz + */ +public class CurveDB { + private final static int P = 1; // prime curve + private final static int B = 2; // binary curve + private final static int PD = 5; // prime curve, mark as default + private final static int BD = 6; // binary curve, mark as default + + private static final Map<String,NamedCurve> oidMap = + new LinkedHashMap<String,NamedCurve>(); + private static final Map<String,NamedCurve> nameMap = + new HashMap<String,NamedCurve>(); + private static final Map<Integer,NamedCurve> lengthMap = + new HashMap<Integer,NamedCurve>(); + + private static Collection<? extends NamedCurve> specCollection; + + public static final String SPLIT_PATTERN = ",|\\[|\\]"; + + // Used by SunECEntries + public static Collection<? extends NamedCurve>getSupportedCurves() { + return specCollection; + } + + // Return a NamedCurve for the specified OID/name or null if unknown. + static NamedCurve lookup(String name) { + NamedCurve spec = oidMap.get(name); + if (spec != null) { + return spec; + } + + return nameMap.get(name); + } + + // Return EC parameters for the specified field size. If there are known + // NIST recommended parameters for the given length, they are returned. + // Otherwise, if there are multiple matches for the given size, an + // arbitrary one is returns. + // If no parameters are known, the method returns null. + // NOTE that this method returns both prime and binary curves. + static NamedCurve lookup(int length) { + return lengthMap.get(length); + } + + // Convert the given ECParameterSpec object to a NamedCurve object. + // If params does not represent a known named curve, return null. + static NamedCurve lookup(ECParameterSpec params) { + if ((params instanceof NamedCurve) || (params == null)) { + return (NamedCurve)params; + } + + // This is a hack to allow SunJSSE to work with 3rd party crypto + // providers for ECC and not just SunPKCS11. + // This can go away once we decide how to expose curve names in the + // public API. + // Note that it assumes that the 3rd party provider encodes named + // curves using the short form, not explicitly. If it did that, then + // the SunJSSE TLS ECC extensions are wrong, which could lead to + // interoperability problems. + int fieldSize = params.getCurve().getField().getFieldSize(); + for (NamedCurve namedCurve : specCollection) { + // ECParameterSpec does not define equals, so check all the + // components ourselves. + // Quick field size check first + if (namedCurve.getCurve().getField().getFieldSize() != fieldSize) { + continue; + } + if (ECUtil.equals(namedCurve, params)) { + // everything matches our named curve, return it + return namedCurve; + } + } + // no match found + return null; + } + + private static BigInteger bi(String s) { + return new BigInteger(s, 16); + } + + private static void add(String name, String soid, int type, String sfield, + String a, String b, String x, String y, String n, int h, + Pattern nameSplitPattern) { + BigInteger p = bi(sfield); + ECField field; + if ((type == P) || (type == PD)) { + field = new ECFieldFp(p); + } else if ((type == B) || (type == BD)) { + field = new ECFieldF2m(p.bitLength() - 1, p); + } else { + throw new RuntimeException("Invalid type: " + type); + } + + EllipticCurve curve = new EllipticCurve(field, bi(a), bi(b)); + ECPoint g = new ECPoint(bi(x), bi(y)); + + NamedCurve params = new NamedCurve(name, soid, curve, g, bi(n), h); + if (oidMap.put(soid, params) != null) { + throw new RuntimeException("Duplication oid: " + soid); + } + + String[] commonNames = nameSplitPattern.split(name); + for (String commonName : commonNames) { + if (nameMap.put(commonName.trim(), params) != null) { + throw new RuntimeException("Duplication name: " + commonName); + } + } + + int len = field.getFieldSize(); + if ((type == PD) || (type == BD) || (lengthMap.get(len) == null)) { + // add entry if none present for this field size or if + // the curve is marked as a default curve. + lengthMap.put(len, params); + } + } + + private static class Holder { + private static final Pattern nameSplitPattern = Pattern.compile( + SPLIT_PATTERN); + } + + // Return all the names the EC curve could be using. + static String[] getNamesByOID(String oid) { + NamedCurve nc = oidMap.get(oid); + if (nc == null) { + return new String[0]; + } + String[] list = Holder.nameSplitPattern.split(nc.getName()); + int i = 0; + do { + list[i] = list[i].trim(); + } while (++i < list.length); + return list; + } + + static { + Pattern nameSplitPattern = Holder.nameSplitPattern; + + /* SEC2 prime curves */ + add("secp112r1", "1.3.132.0.6", P, + "DB7C2ABF62E35E668076BEAD208B", + "DB7C2ABF62E35E668076BEAD2088", + "659EF8BA043916EEDE8911702B22", + "09487239995A5EE76B55F9C2F098", + "A89CE5AF8724C0A23E0E0FF77500", + "DB7C2ABF62E35E7628DFAC6561C5", + 1, nameSplitPattern); + + add("secp112r2", "1.3.132.0.7", P, + "DB7C2ABF62E35E668076BEAD208B", + "6127C24C05F38A0AAAF65C0EF02C", + "51DEF1815DB5ED74FCC34C85D709", + "4BA30AB5E892B4E1649DD0928643", + "adcd46f5882e3747def36e956e97", + "36DF0AAFD8B8D7597CA10520D04B", + 4, nameSplitPattern); + + add("secp128r1", "1.3.132.0.28", P, + "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", + "E87579C11079F43DD824993C2CEE5ED3", + "161FF7528B899B2D0C28607CA52C5B86", + "CF5AC8395BAFEB13C02DA292DDED7A83", + "FFFFFFFE0000000075A30D1B9038A115", + 1, nameSplitPattern); + + add("secp128r2", "1.3.132.0.29", P, + "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", + "D6031998D1B3BBFEBF59CC9BBFF9AEE1", + "5EEEFCA380D02919DC2C6558BB6D8A5D", + "7B6AA5D85E572983E6FB32A7CDEBC140", + "27B6916A894D3AEE7106FE805FC34B44", + "3FFFFFFF7FFFFFFFBE0024720613B5A3", + 4, nameSplitPattern); + + add("secp160k1", "1.3.132.0.9", P, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", + "0000000000000000000000000000000000000000", + "0000000000000000000000000000000000000007", + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", + "938CF935318FDCED6BC28286531733C3F03C4FEE", + "0100000000000000000001B8FA16DFAB9ACA16B6B3", + 1, nameSplitPattern); + + add("secp160r1", "1.3.132.0.8", P, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", + "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", + "4A96B5688EF573284664698968C38BB913CBFC82", + "23A628553168947D59DCC912042351377AC5FB32", + "0100000000000000000001F4C8F927AED3CA752257", + 1, nameSplitPattern); + + add("secp160r2", "1.3.132.0.30", P, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", + "B4E134D3FB59EB8BAB57274904664D5AF50388BA", + "52DCB034293A117E1F4FF11B30F7199D3144CE6D", + "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E", + "0100000000000000000000351EE786A818F3A1A16B", + 1, nameSplitPattern); + + add("secp192k1", "1.3.132.0.31", P, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", + "000000000000000000000000000000000000000000000000", + "000000000000000000000000000000000000000000000003", + "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", + "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", + "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", + 1, nameSplitPattern); + + add("secp192r1 [NIST P-192, X9.62 prime192v1]", "1.2.840.10045.3.1.1", PD, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", + "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", + "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", + "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811", + "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", + 1, nameSplitPattern); + + add("secp224k1", "1.3.132.0.32", P, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", + "00000000000000000000000000000000000000000000000000000000", + "00000000000000000000000000000000000000000000000000000005", + "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", + "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", + "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", + 1, nameSplitPattern); + + add("secp224r1 [NIST P-224]", "1.3.132.0.33", PD, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", + "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", + "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", + 1, nameSplitPattern); + + add("secp256k1", "1.3.132.0.10", P, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", + "0000000000000000000000000000000000000000000000000000000000000000", + "0000000000000000000000000000000000000000000000000000000000000007", + "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", + "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", + 1, nameSplitPattern); + + add("secp256r1 [NIST P-256, X9.62 prime256v1]", "1.2.840.10045.3.1.7", PD, + "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", + "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", + "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", + 1, nameSplitPattern); + + add("secp384r1 [NIST P-384]", "1.3.132.0.34", PD, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", + "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", + "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7", + "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", + 1, nameSplitPattern); + + add("secp521r1 [NIST P-521]", "1.3.132.0.35", PD, + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", + "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", + "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", + "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", + 1, nameSplitPattern); + + /* ANSI X9.62 prime curves */ + add("X9.62 prime192v2", "1.2.840.10045.3.1.2", P, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", + "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", + "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", + "6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15", + "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31", + 1, nameSplitPattern); + + add("X9.62 prime192v3", "1.2.840.10045.3.1.3", P, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", + "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", + "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", + "38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0", + "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13", + 1, nameSplitPattern); + + add("X9.62 prime239v1", "1.2.840.10045.3.1.4", P, + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", + "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", + "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", + "7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE", + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B", + 1, nameSplitPattern); + + add("X9.62 prime239v2", "1.2.840.10045.3.1.5", P, + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", + "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", + "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", + "5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA", + "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063", + 1, nameSplitPattern); + + add("X9.62 prime239v3", "1.2.840.10045.3.1.6", P, + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", + "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", + "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", + "1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3", + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551", + 1, nameSplitPattern); + + /* SEC2 binary curves */ + add("sect113r1", "1.3.132.0.4", B, + "020000000000000000000000000201", + "003088250CA6E7C7FE649CE85820F7", + "00E8BEE4D3E2260744188BE0E9C723", + "009D73616F35F4AB1407D73562C10F", + "00A52830277958EE84D1315ED31886", + "0100000000000000D9CCEC8A39E56F", + 2, nameSplitPattern); + + add("sect113r2", "1.3.132.0.5", B, + "020000000000000000000000000201", + "00689918DBEC7E5A0DD6DFC0AA55C7", + "0095E9A9EC9B297BD4BF36E059184F", + "01A57A6A7B26CA5EF52FCDB8164797", + "00B3ADC94ED1FE674C06E695BABA1D", + "010000000000000108789B2496AF93", + 2, nameSplitPattern); + + add("sect131r1", "1.3.132.0.22", B, + "080000000000000000000000000000010D", + "07A11B09A76B562144418FF3FF8C2570B8", + "0217C05610884B63B9C6C7291678F9D341", + "0081BAF91FDF9833C40F9C181343638399", + "078C6E7EA38C001F73C8134B1B4EF9E150", + "0400000000000000023123953A9464B54D", + 2, nameSplitPattern); + + add("sect131r2", "1.3.132.0.23", B, + "080000000000000000000000000000010D", + "03E5A88919D7CAFCBF415F07C2176573B2", + "04B8266A46C55657AC734CE38F018F2192", + "0356DCD8F2F95031AD652D23951BB366A8", + "0648F06D867940A5366D9E265DE9EB240F", + "0400000000000000016954A233049BA98F", + 2, nameSplitPattern); + + add("sect163k1 [NIST K-163]", "1.3.132.0.1", BD, + "0800000000000000000000000000000000000000C9", + "000000000000000000000000000000000000000001", + "000000000000000000000000000000000000000001", + "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", + "0289070FB05D38FF58321F2E800536D538CCDAA3D9", + "04000000000000000000020108A2E0CC0D99F8A5EF", + 2, nameSplitPattern); + + add("sect163r1", "1.3.132.0.2", B, + "0800000000000000000000000000000000000000C9", + "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2", + "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9", + "0369979697AB43897789566789567F787A7876A654", + "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883", + "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", + 2, nameSplitPattern); + + add("sect163r2 [NIST B-163]", "1.3.132.0.15", BD, + "0800000000000000000000000000000000000000C9", + "000000000000000000000000000000000000000001", + "020A601907B8C953CA1481EB10512F78744A3205FD", + "03F0EBA16286A2D57EA0991168D4994637E8343E36", + "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", + "040000000000000000000292FE77E70C12A4234C33", + 2, nameSplitPattern); + + add("sect193r1", "1.3.132.0.24", B, + "02000000000000000000000000000000000000000000008001", + "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01", + "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814", + "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1", + "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", + "01000000000000000000000000C7F34A778F443ACC920EBA49", + 2, nameSplitPattern); + + add("sect193r2", "1.3.132.0.25", B, + "02000000000000000000000000000000000000000000008001", + "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B", + "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE", + "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F", + "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", + "010000000000000000000000015AAB561B005413CCD4EE99D5", + 2, nameSplitPattern); + + add("sect233k1 [NIST K-233]", "1.3.132.0.26", BD, + "020000000000000000000000000000000000000004000000000000000001", + "000000000000000000000000000000000000000000000000000000000000", + "000000000000000000000000000000000000000000000000000000000001", + "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", + "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", + "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", + 4, nameSplitPattern); + + add("sect233r1 [NIST B-233]", "1.3.132.0.27", B, + "020000000000000000000000000000000000000004000000000000000001", + "000000000000000000000000000000000000000000000000000000000001", + "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", + "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", + "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", + "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", + 2, nameSplitPattern); + + add("sect239k1", "1.3.132.0.3", B, + "800000000000000000004000000000000000000000000000000000000001", + "000000000000000000000000000000000000000000000000000000000000", + "000000000000000000000000000000000000000000000000000000000001", + "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC", + "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", + "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", + 4, nameSplitPattern); + + add("sect283k1 [NIST K-283]", "1.3.132.0.16", BD, + "0800000000000000000000000000000000000000000000000000000000000000000010A1", + "000000000000000000000000000000000000000000000000000000000000000000000000", + "000000000000000000000000000000000000000000000000000000000000000000000001", + "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836", + "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", + 4, nameSplitPattern); + + add("sect283r1 [NIST B-283]", "1.3.132.0.17", B, + "0800000000000000000000000000000000000000000000000000000000000000000010A1", + "000000000000000000000000000000000000000000000000000000000000000000000001", + "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", + "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053", + "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", + "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", + 2, nameSplitPattern); + + add("sect409k1 [NIST K-409]", "1.3.132.0.36", BD, + "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", + "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746", + "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", + "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", + 4, nameSplitPattern); + + add("sect409r1 [NIST B-409]", "1.3.132.0.37", B, + "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", + "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", + "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7", + "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", + "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", + 2, nameSplitPattern); + + add("sect571k1 [NIST K-571]", "1.3.132.0.38", BD, + "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", + "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972", + "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", + "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", + 4, nameSplitPattern); + + add("sect571r1 [NIST B-571]", "1.3.132.0.39", B, + "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", + "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", + "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19", + "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", + "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", + 2, nameSplitPattern); + + /* ANSI X9.62 binary curves */ + add("X9.62 c2tnb191v1", "1.2.840.10045.3.0.5", B, + "800000000000000000000000000000000000000000000201", + "2866537B676752636A68F56554E12640276B649EF7526267", + "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", + "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D", + "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB", + "40000000000000000000000004A20E90C39067C893BBB9A5", + 2, nameSplitPattern); + + add("X9.62 c2tnb191v2", "1.2.840.10045.3.0.6", B, + "800000000000000000000000000000000000000000000201", + "401028774D7777C7B7666D1366EA432071274F89FF01E718", + "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", + "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10", + "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A", + "20000000000000000000000050508CB89F652824E06B8173", + 4, nameSplitPattern); + + add("X9.62 c2tnb191v3", "1.2.840.10045.3.0.7", B, + "800000000000000000000000000000000000000000000201", + "6C01074756099122221056911C77D77E77A777E7E7E77FCB", + "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", + "375D4CE24FDE434489DE8746E71786015009E66E38A926DD", + "545A39176196575D985999366E6AD34CE0A77CD7127B06BE", + "155555555555555555555555610C0B196812BFB6288A3EA3", + 6, nameSplitPattern); + + add("X9.62 c2tnb239v1", "1.2.840.10045.3.0.11", B, + "800000000000000000000000000000000000000000000000001000000001", + "32010857077C5431123A46B808906756F543423E8D27877578125778AC76", + "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", + "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D", + "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305", + "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", + 4, nameSplitPattern); + + add("X9.62 c2tnb239v2", "1.2.840.10045.3.0.12", B, + "800000000000000000000000000000000000000000000000001000000001", + "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", + "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", + "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205", + "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833", + "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", + 6, nameSplitPattern); + + add("X9.62 c2tnb239v3", "1.2.840.10045.3.0.13", B, + "800000000000000000000000000000000000000000000000001000000001", + "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", + "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", + "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92", + "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461", + "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", + 0xA, nameSplitPattern); + + add("X9.62 c2tnb359v1", "1.2.840.10045.3.0.18", B, + "800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001", + "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557", + "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988", + "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097", + "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E4AE2DE211305A407104BD", + "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B", + 0x4C, nameSplitPattern); + + add("X9.62 c2tnb431r1", "1.2.840.10045.3.0.20", B, + "800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001", + "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F", + "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618", + "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7", + "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760", + "0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91", + 0x2760, nameSplitPattern); + + /* ANSI X9.62 binary curves from the 1998 standard but forbidden + * in the 2005 version of the standard. + * We don't register them but leave them here for the time being in + * case we need to support them after all. + */ +/* + add("X9.62 c2pnb163v1", "1.2.840.10045.3.0.1", B, + "080000000000000000000000000000000000000107", + "072546B5435234A422E0789675F432C89435DE5242", + "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", + "07AF69989546103D79329FCC3D74880F33BBE803CB", + "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F", + "0400000000000000000001E60FC8821CC74DAEAFC1", + 2, nameSplitPattern); + + add("X9.62 c2pnb163v2", "1.2.840.10045.3.0.2", B, + "080000000000000000000000000000000000000107", + "0108B39E77C4B108BED981ED0E890E117C511CF072", + "0667ACEB38AF4E488C407433FFAE4F1C811638DF20", + "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5", + "079F684DDF6684C5CD258B3890021B2386DFD19FC5", + "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", + 2, nameSplitPattern); + + add("X9.62 c2pnb163v3", "1.2.840.10045.3.0.3", B, + "080000000000000000000000000000000000000107", + "07A526C63D3E25A256A007699F5447E32AE456B50E", + "03F7061798EB99E238FD6F1BF95B48FEEB4854252B", + "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB", + "05B935590C155E17EA48EB3FF3718B893DF59A05D0", + "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", + 2, nameSplitPattern); + + add("X9.62 c2pnb176w1", "1.2.840.10045.3.0.4", B, + "0100000000000000000000000000000000080000000007", + "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", + "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", + "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798", + "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C", + "00010092537397ECA4F6145799D62B0A19CE06FE26AD", + 0xFF6E, nameSplitPattern); + + add("X9.62 c2pnb208w1", "1.2.840.10045.3.0.10", B, + "010000000000000000000000000000000800000000000000000007", + "0000000000000000000000000000000000000000000000000000", + "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", + "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A", + "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3", + "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", + 0xFE48, nameSplitPattern); + + add("X9.62 c2pnb272w1", "1.2.840.10045.3.0.16", B, + "010000000000000000000000000000000000000000000000000000010000000000000B", + "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", + "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", + "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D", + "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23", + "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", + 0xFF06, nameSplitPattern); + + add("X9.62 c2pnb304w1", "1.2.840.10045.3.0.17", B, + "010000000000000000000000000000000000000000000000000000000000000000000000000807", + "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681", + "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE", + "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614", + "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1B92C03B", + "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D", + 0xFE2E, nameSplitPattern); + + add("X9.62 c2pnb368w1", "1.2.840.10045.3.0.19", B, + "0100000000000000000000000000000000000000000000000000000000000000000000002000000000000000000007", + "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D", + "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A", + "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F", + "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855ADAA81E2A0750B80FDA2310", + "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967", + 0xFF70, nameSplitPattern); +*/ + + /* + * Brainpool curves (RFC 5639) + * (Twisted curves are not included) + */ + + add("brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1", P, + "E95E4A5F737059DC60DFC7AD95B3D8139515620F", + "340E7BE2A280EB74E2BE61BADA745D97E8F7C300", + "1E589A8595423412134FAA2DBDEC95C8D8675E58", + "BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3", + "1667CB477A1A8EC338F94741669C976316DA6321", + "E95E4A5F737059DC60DF5991D45029409E60FC09", + 1, nameSplitPattern); + + add("brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3", P, + "C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297", + "6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF", + "469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9", + "C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6", + "14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F", + "C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", + 1, nameSplitPattern); + + add("brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5", P, + "D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF", + "68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43", + "2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B", + "0D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D", + "58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD", + "D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", + 1, nameSplitPattern); + + add("brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", P, + "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", + "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", + "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", + "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", + "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", + "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", + 1, nameSplitPattern); + + add("brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9", P, + "D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27", + "3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4", + "520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6", + "43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611", + "14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1", + "D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", + 1, nameSplitPattern); + + add("brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", P, + "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", + "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826", + "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", + "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E", + "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", + "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", + 1, nameSplitPattern); + + add("brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", P, + "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", + "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA", + "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", + "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822", + "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", + "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", + 1, nameSplitPattern); + + specCollection = Collections.unmodifiableCollection(oidMap.values()); + } +}
--- a/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -60,19 +60,27 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints { private static final Debug debug = Debug.getInstance("certpath"); - // the known security property, jdk.certpath.disabledAlgorithms + // Disabled algorithm security property for certificate path public static final String PROPERTY_CERTPATH_DISABLED_ALGS = "jdk.certpath.disabledAlgorithms"; - // the known security property, jdk.tls.disabledAlgorithms + // Legacy algorithm security property for certificate path and jar + public static final String PROPERTY_SECURITY_LEGACY_ALGS = + "jdk.security.legacyAlgorithms"; + + // Disabled algorithm security property for TLS public static final String PROPERTY_TLS_DISABLED_ALGS = "jdk.tls.disabledAlgorithms"; - // the known security property, jdk.jar.disabledAlgorithms + // Disabled algorithm security property for jar public static final String PROPERTY_JAR_DISABLED_ALGS = "jdk.jar.disabledAlgorithms"; - private final String[] disabledAlgorithms; + // Property for disabled EC named curves + private static final String PROPERTY_DISABLED_EC_CURVES = + "jdk.disabled.namedCurves"; + + private final List<String> disabledAlgorithms; private final Constraints algorithmConstraints; /** @@ -97,6 +105,24 @@ AlgorithmDecomposer decomposer) { super(decomposer); disabledAlgorithms = getAlgorithms(propertyName); + + // Check for alias + int ecindex = -1, i = 0; + for (String s : disabledAlgorithms) { + if (s.regionMatches(true, 0,"include ", 0, 8)) { + if (s.regionMatches(true, 8, PROPERTY_DISABLED_EC_CURVES, 0, + PROPERTY_DISABLED_EC_CURVES.length())) { + ecindex = i; + break; + } + } + i++; + } + if (ecindex > -1) { + disabledAlgorithms.remove(ecindex); + disabledAlgorithms.addAll(ecindex, + getAlgorithms(PROPERTY_DISABLED_EC_CURVES)); + } algorithmConstraints = new Constraints(disabledAlgorithms); } @@ -164,6 +190,19 @@ public final void permits(String algorithm, ConstraintsParameters cp) throws CertPathValidatorException { + + // Check if named curves in the ConstraintParameters are disabled. + if (cp.getNamedCurve() != null) { + for (String curve : cp.getNamedCurve()) { + if (!checkAlgorithm(disabledAlgorithms, curve, decomposer)) { + throw new CertPathValidatorException( + "Algorithm constraints check failed on disabled " + + "algorithm: " + curve, + null, null, -1, BasicReason.ALGORITHM_CONSTRAINED); + } + } + } + algorithmConstraints.permits(algorithm, cp); } @@ -199,6 +238,13 @@ return false; } + // If this is an elliptic curve, check disabled the named curve. + for (String curve : ConstraintsParameters.getNamedCurveFromKey(key)) { + if (!permits(primitives, curve, null)) { + return false; + } + } + // check the key constraints return algorithmConstraints.permits(key); } @@ -230,7 +276,7 @@ "denyAfter\\s+(\\d{4})-(\\d{2})-(\\d{2})"); } - public Constraints(String[] constraintArray) { + public Constraints(List<String> constraintArray) { for (String constraintEntry : constraintArray) { if (constraintEntry == null || constraintEntry.isEmpty()) { continue; @@ -258,7 +304,9 @@ alias.toUpperCase(Locale.ENGLISH), constraintList); } - if (space <= 0) { + // If there is no whitespace, it is a algorithm name; however, + // if there is a whitespace, could be a multi-word EC curve too. + if (space <= 0 || CurveDB.lookup(constraintEntry) != null) { constraintList.add(new DisabledConstraint(algorithm)); continue; } @@ -357,7 +405,7 @@ for (Constraint constraint : list) { if (!constraint.permits(key)) { if (debug != null) { - debug.println("keySizeConstraint: failed key " + + debug.println("Constraints: failed key size" + "constraint check " + KeyUtil.getKeySize(key)); } return false; @@ -376,7 +424,7 @@ for (Constraint constraint : list) { if (!constraint.permits(aps)) { if (debug != null) { - debug.println("keySizeConstraint: failed algorithm " + + debug.println("Constraints: failed algorithm " + "parameters constraint check " + aps); } @@ -393,8 +441,7 @@ X509Certificate cert = cp.getCertificate(); if (debug != null) { - debug.println("Constraints.permits(): " + algorithm + - " Variant: " + cp.getVariant()); + debug.println("Constraints.permits(): " + cp.toString()); } // Get all signature algorithms to check for constraints @@ -408,8 +455,8 @@ if (cert != null) { algorithms.add(cert.getPublicKey().getAlgorithm()); } - if (cp.getPublicKey() != null) { - algorithms.add(cp.getPublicKey().getAlgorithm()); + if (cp.getKey() != null) { + algorithms.add(cp.getKey().getAlgorithm()); } // Check all applicable constraints for (String alg : algorithms) { @@ -548,10 +595,7 @@ * the constraint denies the operation. */ boolean next(Key key) { - if (nextConstraint != null && nextConstraint.permits(key)) { - return true; - } - return false; + return nextConstraint != null && nextConstraint.permits(key); } String extendedMsg(ConstraintsParameters cp) { @@ -803,8 +847,8 @@ public void permits(ConstraintsParameters cp) throws CertPathValidatorException { Key key = null; - if (cp.getPublicKey() != null) { - key = cp.getPublicKey(); + if (cp.getKey() != null) { + key = cp.getKey(); } else if (cp.getCertificate() != null) { key = cp.getCertificate().getPublicKey(); } @@ -904,4 +948,3 @@ } } } -
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/util/ECParameters.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,236 @@ +/* + * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.util; + +import java.io.IOException; + +import java.security.*; +import java.security.spec.*; + +/** + * This class implements encoding and decoding of Elliptic Curve parameters + * as specified in RFC 3279. + * + * However, only named curves are currently supported. + * + * ASN.1 from RFC 3279 follows. Note that X9.62 (2005) has added some additional + * options. + * + * <pre> + * EcpkParameters ::= CHOICE { + * ecParameters ECParameters, + * namedCurve OBJECT IDENTIFIER, + * implicitlyCA NULL } + * + * ECParameters ::= SEQUENCE { + * version ECPVer, -- version is always 1 + * fieldID FieldID, -- identifies the finite field over + * -- which the curve is defined + * curve Curve, -- coefficients a and b of the + * -- elliptic curve + * base ECPoint, -- specifies the base point P + * -- on the elliptic curve + * order INTEGER, -- the order n of the base point + * cofactor INTEGER OPTIONAL -- The integer h = #E(Fq)/n + * } + * + * ECPVer ::= INTEGER {ecpVer1(1)} + * + * Curve ::= SEQUENCE { + * a FieldElement, + * b FieldElement, + * seed BIT STRING OPTIONAL } + * + * FieldElement ::= OCTET STRING + * + * ECPoint ::= OCTET STRING + * </pre> + * + * @since 1.6 + * @author Andreas Sterbenz + */ +public final class ECParameters extends AlgorithmParametersSpi { + + // used by ECPublicKeyImpl and ECPrivateKeyImpl + public static AlgorithmParameters getAlgorithmParameters(ECParameterSpec spec) + throws InvalidKeyException { + try { + AlgorithmParameters params = + AlgorithmParameters.getInstance("EC", "SunEC"); + params.init(spec); + return params; + } catch (GeneralSecurityException e) { + throw new InvalidKeyException("EC parameters error", e); + } + } + + /* + * The parameters these AlgorithmParameters object represents. + * Currently, it is always an instance of NamedCurve. + */ + private NamedCurve namedCurve; + + // A public constructor is required by AlgorithmParameters class. + public ECParameters() { + // empty + } + + // AlgorithmParameterSpi methods + + protected void engineInit(AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException { + + if (paramSpec == null) { + throw new InvalidParameterSpecException + ("paramSpec must not be null"); + } + + if (paramSpec instanceof NamedCurve) { + namedCurve = (NamedCurve)paramSpec; + return; + } + + if (paramSpec instanceof ECParameterSpec) { + namedCurve = CurveDB.lookup((ECParameterSpec)paramSpec); + } else if (paramSpec instanceof ECGenParameterSpec) { + String name = ((ECGenParameterSpec)paramSpec).getName(); + namedCurve = CurveDB.lookup(name); + } else if (paramSpec instanceof ECKeySizeParameterSpec) { + int keySize = ((ECKeySizeParameterSpec)paramSpec).getKeySize(); + namedCurve = CurveDB.lookup(keySize); + } else { + throw new InvalidParameterSpecException + ("Only ECParameterSpec and ECGenParameterSpec supported"); + } + + if (namedCurve == null) { + throw new InvalidParameterSpecException( + "Not a supported curve: " + paramSpec); + } + } + + protected void engineInit(byte[] params) throws IOException { + DerValue encodedParams = new DerValue(params); + if (encodedParams.tag == DerValue.tag_ObjectId) { + ObjectIdentifier oid = encodedParams.getOID(); + NamedCurve spec = CurveDB.lookup(oid.toString()); + if (spec == null) { + throw new IOException("Unknown named curve: " + oid); + } + + namedCurve = spec; + return; + } + + throw new IOException("Only named ECParameters supported"); + + // The code below is incomplete. + // It is left as a starting point for a complete parsing implementation. + +/* + if (encodedParams.tag != DerValue.tag_Sequence) { + throw new IOException("Unsupported EC parameters, tag: " + + encodedParams.tag); + } + + encodedParams.data.reset(); + + DerInputStream in = encodedParams.data; + + int version = in.getInteger(); + if (version != 1) { + throw new IOException("Unsupported EC parameters version: " + + version); + } + ECField field = parseField(in); + EllipticCurve curve = parseCurve(in, field); + ECPoint point = parsePoint(in, curve); + + BigInteger order = in.getBigInteger(); + int cofactor = 0; + + if (in.available() != 0) { + cofactor = in.getInteger(); + } + + // XXX HashAlgorithm optional + + if (encodedParams.data.available() != 0) { + throw new IOException("encoded params have " + + encodedParams.data.available() + + " extra bytes"); + } + + return new ECParameterSpec(curve, point, order, cofactor); +*/ + } + + protected void engineInit(byte[] params, String decodingMethod) + throws IOException { + engineInit(params); + } + + protected <T extends AlgorithmParameterSpec> T + engineGetParameterSpec(Class<T> spec) + throws InvalidParameterSpecException { + + if (spec.isAssignableFrom(ECParameterSpec.class)) { + return spec.cast(namedCurve); + } + + if (spec.isAssignableFrom(ECGenParameterSpec.class)) { + // Ensure the name is the Object ID + String name = namedCurve.getObjectId(); + return spec.cast(new ECGenParameterSpec(name)); + } + + if (spec.isAssignableFrom(ECKeySizeParameterSpec.class)) { + int keySize = namedCurve.getCurve().getField().getFieldSize(); + return spec.cast(new ECKeySizeParameterSpec(keySize)); + } + + throw new InvalidParameterSpecException( + "Only ECParameterSpec and ECGenParameterSpec supported"); + } + + protected byte[] engineGetEncoded() throws IOException { + return namedCurve.getEncoded(); + } + + protected byte[] engineGetEncoded(String encodingMethod) + throws IOException { + return engineGetEncoded(); + } + + protected String engineToString() { + if (namedCurve == null) { + return "Not initialized"; + } + + return namedCurve.toString(); + } +} +
--- a/src/share/classes/sun/security/util/HostnameChecker.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/util/HostnameChecker.java Mon Apr 19 04:23:30 2021 +0100 @@ -96,6 +96,10 @@ */ public void match(String expectedName, X509Certificate cert, boolean chainsToPublicCA) throws CertificateException { + if (expectedName == null) { + throw new CertificateException("Hostname or IP address is " + + "undefined."); + } if (isIpAddress(expectedName)) { matchIP(expectedName, cert); } else {
--- a/src/share/classes/sun/security/util/LegacyAlgorithmConstraints.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/classes/sun/security/util/LegacyAlgorithmConstraints.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,8 +28,8 @@ import java.security.AlgorithmParameters; import java.security.CryptoPrimitive; import java.security.Key; +import java.util.List; import java.util.Set; -import static sun.security.util.AbstractAlgorithmConstraints.getAlgorithms; /** * Algorithm constraints for legacy algorithms. @@ -40,7 +40,7 @@ public final static String PROPERTY_TLS_LEGACY_ALGS = "jdk.tls.legacyAlgorithms"; - private final String[] legacyAlgorithms; + private final List<String> legacyAlgorithms; public LegacyAlgorithmConstraints(String propertyName, AlgorithmDecomposer decomposer) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/util/NamedCurve.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.util; + +import java.io.IOException; +import java.math.BigInteger; + +import java.security.spec.*; + + +/** + * Contains Elliptic Curve parameters. + * + * @since 1.6 + * @author Andreas Sterbenz + */ +public final class NamedCurve extends ECParameterSpec { + + // friendly name for toString() output + private final String name; + + // well known OID + private final String oid; + + // encoded form (as NamedCurve identified via OID) + private final byte[] encoded; + + NamedCurve(String name, String oid, EllipticCurve curve, + ECPoint g, BigInteger n, int h) { + super(curve, g, n, h); + this.name = name; + this.oid = oid; + + DerOutputStream out = new DerOutputStream(); + + try { + out.putOID(new ObjectIdentifier(oid)); + } catch (IOException e) { + throw new RuntimeException("Internal error", e); + } + + encoded = out.toByteArray(); + } + + public String getName() { + return name; + } + + public byte[] getEncoded() { + return encoded.clone(); + } + + public String getObjectId() { + return oid; + } + + public String toString() { + return name + " (" + oid + ")"; + } +}
--- a/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java Mon Apr 19 04:23:30 2021 +0100 @@ -83,7 +83,7 @@ private final ZipPath defaultdir; private boolean readOnly = false; private final Path zfpath; - private final ZipCoder zc; + final ZipCoder zc; // configurable by env map private final String defaultDir; // default dir for the file system @@ -183,7 +183,7 @@ } path = sb.toString(); } - return new ZipPath(this, getBytes(path)); + return new ZipPath(this, path); } @Override
--- a/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipPath.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipPath.java Mon Apr 19 04:23:30 2021 +0100 @@ -67,13 +67,28 @@ this(zfs, path, false); } - ZipPath(ZipFileSystem zfs, byte[] path, boolean normalized) - { + ZipPath(ZipFileSystem zfs, byte[] path, boolean normalized) { this.zfs = zfs; - if (normalized) + if (normalized) { this.path = path; - else + } else { + if (zfs.zc.isUTF8()) { + this.path = normalize(path); + } else { + // see normalize(String); + this.path = normalize(zfs.getString(path)); + } + } + } + + ZipPath(ZipFileSystem zfs, String path) { + this.zfs = zfs; + if (zfs.zc.isUTF8()) { + this.path = normalize(zfs.getBytes(path)); + } else { + // see normalize(String); this.path = normalize(path); + } } @Override @@ -478,6 +493,50 @@ return (m == to.length)? to : Arrays.copyOf(to, m); } + // if zfs is NOT in utf8, normalize the path as "String" + // to avoid incorrectly normalizing byte '0x5c' (as '\') + // to '/'. + private byte[] normalize(String path) { + int len = path.length(); + if (len == 0) + return new byte[0]; + char prevC = 0; + for (int i = 0; i < len; i++) { + char c = path.charAt(i); + if (c == '\\' || c == '\u0000') + return normalize(path, i, len); + if (c == '/' && prevC == '/') + return normalize(path, i - 1, len); + prevC = c; + } + if (len > 1 && prevC == '/') + path = path.substring(0, len - 1); + return zfs.getBytes(path); + } + + private byte[] normalize(String path, int off, int len) { + StringBuilder to = new StringBuilder(len); + to.append(path, 0, off); + int m = off; + char prevC = 0; + while (off < len) { + char c = path.charAt(off++); + if (c == '\\') + c = '/'; + if (c == '/' && prevC == '/') + continue; + if (c == '\u0000') + throw new InvalidPathException(path, + "Path: nul character not allowed"); + to.append(c); + prevC = c; + } + len = to.length(); + if (len > 1 && prevC == '/') + to.delete(len -1, len); + return zfs.getBytes(to.toString()); + } + // Remove DotSlash(./) and resolve DotDot (..) components private byte[] getResolved() { if (path.length == 0)
--- a/src/share/lib/security/java.security-aix Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/lib/security/java.security-aix Mon Apr 19 04:23:30 2021 +0100 @@ -459,6 +459,22 @@ sun.security.krb5.maxReferrals=5 # +# This property contains a list of disabled EC Named Curves that can be included +# in the jdk.[tls|certpath|jar].disabledAlgorithms properties. To include this +# list in any of the disabledAlgorithms properties, add the property name as +# an entry. +jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \ + secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, \ + secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, \ + sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, \ + sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, \ + sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, \ + X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, \ + X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, \ + X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1, \ + brainpoolP320r1, brainpoolP384r1, brainpoolP512r1 + +# # Algorithm restrictions for certification path (CertPath) processing # # In some environments, certain algorithms or key lengths may be undesirable @@ -472,7 +488,7 @@ # " DisabledAlgorithm { , DisabledAlgorithm } " # # DisabledAlgorithm: -# AlgorithmName [Constraint] { '&' Constraint } +# AlgorithmName [Constraint] { '&' Constraint } | IncludeProperty # # AlgorithmName: # (see below) @@ -499,6 +515,9 @@ # UsageConstraint: # usage [TLSServer] [TLSClient] [SignedJAR] # +# IncludeProperty: +# include <security property> +# # The "AlgorithmName" is the standard algorithm name of the disabled # algorithm. See "Java Cryptography Architecture Standard Algorithm Name # Documentation" for information about Standard Algorithm Names. Matching @@ -511,6 +530,14 @@ # that rely on DSA, such as NONEwithDSA, SHA1withDSA. However, the assertion # will not disable algorithms related to "ECDSA". # +# The "IncludeProperty" allows a implementation-defined security property that +# can be included in the disabledAlgorithms properties. These properties are +# to help manage common actions easier across multiple disabledAlgorithm +# properties. +# There is one defined security property: jdk.disabled.NamedCurves +# See the property for more specific details. +# +# # A "Constraint" defines restrictions on the keys and/or certificates for # a specified AlgorithmName: # @@ -583,7 +610,28 @@ # # jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ - RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 + RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \ + include jdk.disabled.namedCurves + +# +# Legacy algorithms for certification path (CertPath) processing and +# signed JAR files. +# +# In some environments, a certain algorithm or key length may be undesirable +# but is not yet disabled. +# +# Tools such as keytool and jarsigner may emit warnings when these legacy +# algorithms are used. See the man pages for those tools for more information. +# +# The syntax is the same as the "jdk.certpath.disabledAlgorithms" and +# "jdk.jar.disabledAlgorithms" security properties. +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. + +jdk.security.legacyAlgorithms=SHA1, \ + RSA keySize < 2048, DSA keySize < 2048 # # Algorithm restrictions for signed JAR files @@ -626,7 +674,8 @@ # # See "jdk.certpath.disabledAlgorithms" for syntax descriptions. # -jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024 +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ + DSA keySize < 1024, include jdk.disabled.namedCurves # # Algorithm restrictions for Secure Socket Layer/Transport Layer Security @@ -658,8 +707,9 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, 3DES_EDE_CBC, anon, NULL +jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ + DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ + include jdk.disabled.namedCurves # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation.
--- a/src/share/lib/security/java.security-linux Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/lib/security/java.security-linux Mon Apr 19 04:23:30 2021 +0100 @@ -459,6 +459,22 @@ sun.security.krb5.maxReferrals=5 # +# This property contains a list of disabled EC Named Curves that can be included +# in the jdk.[tls|certpath|jar].disabledAlgorithms properties. To include this +# list in any of the disabledAlgorithms properties, add the property name as +# an entry. +jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \ + secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, \ + secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, \ + sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, \ + sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, \ + sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, \ + X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, \ + X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, \ + X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1, \ + brainpoolP320r1, brainpoolP384r1, brainpoolP512r1 + +# # Algorithm restrictions for certification path (CertPath) processing # # In some environments, certain algorithms or key lengths may be undesirable @@ -472,7 +488,7 @@ # " DisabledAlgorithm { , DisabledAlgorithm } " # # DisabledAlgorithm: -# AlgorithmName [Constraint] { '&' Constraint } +# AlgorithmName [Constraint] { '&' Constraint } | IncludeProperty # # AlgorithmName: # (see below) @@ -499,6 +515,9 @@ # UsageConstraint: # usage [TLSServer] [TLSClient] [SignedJAR] # +# IncludeProperty: +# include <security property> +# # The "AlgorithmName" is the standard algorithm name of the disabled # algorithm. See "Java Cryptography Architecture Standard Algorithm Name # Documentation" for information about Standard Algorithm Names. Matching @@ -511,6 +530,14 @@ # that rely on DSA, such as NONEwithDSA, SHA1withDSA. However, the assertion # will not disable algorithms related to "ECDSA". # +# The "IncludeProperty" allows a implementation-defined security property that +# can be included in the disabledAlgorithms properties. These properties are +# to help manage common actions easier across multiple disabledAlgorithm +# properties. +# There is one defined security property: jdk.disabled.NamedCurves +# See the property for more specific details. +# +# # A "Constraint" defines restrictions on the keys and/or certificates for # a specified AlgorithmName: # @@ -583,7 +610,28 @@ # # jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ - RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 + RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \ + include jdk.disabled.namedCurves + +# +# Legacy algorithms for certification path (CertPath) processing and +# signed JAR files. +# +# In some environments, a certain algorithm or key length may be undesirable +# but is not yet disabled. +# +# Tools such as keytool and jarsigner may emit warnings when these legacy +# algorithms are used. See the man pages for those tools for more information. +# +# The syntax is the same as the "jdk.certpath.disabledAlgorithms" and +# "jdk.jar.disabledAlgorithms" security properties. +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. + +jdk.security.legacyAlgorithms=SHA1, \ + RSA keySize < 2048, DSA keySize < 2048 # # Algorithm restrictions for signed JAR files @@ -626,7 +674,8 @@ # # See "jdk.certpath.disabledAlgorithms" for syntax descriptions. # -jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024 +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ + DSA keySize < 1024, include jdk.disabled.namedCurves # # Algorithm restrictions for Secure Socket Layer/Transport Layer Security @@ -658,8 +707,9 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, 3DES_EDE_CBC, anon, NULL +jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ + DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ + include jdk.disabled.namedCurves # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation.
--- a/src/share/lib/security/java.security-macosx Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/lib/security/java.security-macosx Mon Apr 19 04:23:30 2021 +0100 @@ -462,6 +462,22 @@ sun.security.krb5.maxReferrals=5 # +# This property contains a list of disabled EC Named Curves that can be included +# in the jdk.[tls|certpath|jar].disabledAlgorithms properties. To include this +# list in any of the disabledAlgorithms properties, add the property name as +# an entry. +jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \ + secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, \ + secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, \ + sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, \ + sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, \ + sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, \ + X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, \ + X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, \ + X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1, \ + brainpoolP320r1, brainpoolP384r1, brainpoolP512r1 + +# # Algorithm restrictions for certification path (CertPath) processing # # In some environments, certain algorithms or key lengths may be undesirable @@ -475,7 +491,7 @@ # " DisabledAlgorithm { , DisabledAlgorithm } " # # DisabledAlgorithm: -# AlgorithmName [Constraint] { '&' Constraint } +# AlgorithmName [Constraint] { '&' Constraint } | IncludeProperty # # AlgorithmName: # (see below) @@ -502,6 +518,9 @@ # UsageConstraint: # usage [TLSServer] [TLSClient] [SignedJAR] # +# IncludeProperty: +# include <security property> +# # The "AlgorithmName" is the standard algorithm name of the disabled # algorithm. See "Java Cryptography Architecture Standard Algorithm Name # Documentation" for information about Standard Algorithm Names. Matching @@ -514,6 +533,14 @@ # that rely on DSA, such as NONEwithDSA, SHA1withDSA. However, the assertion # will not disable algorithms related to "ECDSA". # +# The "IncludeProperty" allows a implementation-defined security property that +# can be included in the disabledAlgorithms properties. These properties are +# to help manage common actions easier across multiple disabledAlgorithm +# properties. +# There is one defined security property: jdk.disabled.NamedCurves +# See the property for more specific details. +# +# # A "Constraint" defines restrictions on the keys and/or certificates for # a specified AlgorithmName: # @@ -586,7 +613,28 @@ # # jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ - RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 + RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \ + include jdk.disabled.namedCurves + +# +# Legacy algorithms for certification path (CertPath) processing and +# signed JAR files. +# +# In some environments, a certain algorithm or key length may be undesirable +# but is not yet disabled. +# +# Tools such as keytool and jarsigner may emit warnings when these legacy +# algorithms are used. See the man pages for those tools for more information. +# +# The syntax is the same as the "jdk.certpath.disabledAlgorithms" and +# "jdk.jar.disabledAlgorithms" security properties. +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. + +jdk.security.legacyAlgorithms=SHA1, \ + RSA keySize < 2048, DSA keySize < 2048 # # Algorithm restrictions for signed JAR files @@ -629,7 +677,8 @@ # # See "jdk.certpath.disabledAlgorithms" for syntax descriptions. # -jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024 +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ + DSA keySize < 1024, include jdk.disabled.namedCurves # # Algorithm restrictions for Secure Socket Layer/Transport Layer Security @@ -661,8 +710,9 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, 3DES_EDE_CBC, anon, NULL +jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ + DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ + include jdk.disabled.namedCurves # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation.
--- a/src/share/lib/security/java.security-solaris Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/lib/security/java.security-solaris Mon Apr 19 04:23:30 2021 +0100 @@ -460,6 +460,22 @@ sun.security.krb5.maxReferrals=5 # +# This property contains a list of disabled EC Named Curves that can be included +# in the jdk.[tls|certpath|jar].disabledAlgorithms properties. To include this +# list in any of the disabledAlgorithms properties, add the property name as +# an entry. +jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \ + secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, \ + secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, \ + sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, \ + sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, \ + sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, \ + X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, \ + X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, \ + X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1, \ + brainpoolP320r1, brainpoolP384r1, brainpoolP512r1 + +# # Algorithm restrictions for certification path (CertPath) processing # # In some environments, certain algorithms or key lengths may be undesirable @@ -473,7 +489,7 @@ # " DisabledAlgorithm { , DisabledAlgorithm } " # # DisabledAlgorithm: -# AlgorithmName [Constraint] { '&' Constraint } +# AlgorithmName [Constraint] { '&' Constraint } | IncludeProperty # # AlgorithmName: # (see below) @@ -500,6 +516,9 @@ # UsageConstraint: # usage [TLSServer] [TLSClient] [SignedJAR] # +# IncludeProperty: +# include <security property> +# # The "AlgorithmName" is the standard algorithm name of the disabled # algorithm. See "Java Cryptography Architecture Standard Algorithm Name # Documentation" for information about Standard Algorithm Names. Matching @@ -512,6 +531,14 @@ # that rely on DSA, such as NONEwithDSA, SHA1withDSA. However, the assertion # will not disable algorithms related to "ECDSA". # +# The "IncludeProperty" allows a implementation-defined security property that +# can be included in the disabledAlgorithms properties. These properties are +# to help manage common actions easier across multiple disabledAlgorithm +# properties. +# There is one defined security property: jdk.disabled.NamedCurves +# See the property for more specific details. +# +# # A "Constraint" defines restrictions on the keys and/or certificates for # a specified AlgorithmName: # @@ -584,7 +611,28 @@ # # jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ - RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 + RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \ + include jdk.disabled.namedCurves + +# +# Legacy algorithms for certification path (CertPath) processing and +# signed JAR files. +# +# In some environments, a certain algorithm or key length may be undesirable +# but is not yet disabled. +# +# Tools such as keytool and jarsigner may emit warnings when these legacy +# algorithms are used. See the man pages for those tools for more information. +# +# The syntax is the same as the "jdk.certpath.disabledAlgorithms" and +# "jdk.jar.disabledAlgorithms" security properties. +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. + +jdk.security.legacyAlgorithms=SHA1, \ + RSA keySize < 2048, DSA keySize < 2048 # # Algorithm restrictions for signed JAR files @@ -627,7 +675,8 @@ # # See "jdk.certpath.disabledAlgorithms" for syntax descriptions. # -jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024 +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ + DSA keySize < 1024, include jdk.disabled.namedCurves # # Algorithm restrictions for Secure Socket Layer/Transport Layer Security @@ -659,8 +708,9 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, 3DES_EDE_CBC, anon, NULL +jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ + DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ + include jdk.disabled.namedCurves # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation.
--- a/src/share/lib/security/java.security-windows Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/lib/security/java.security-windows Mon Apr 19 04:23:30 2021 +0100 @@ -462,6 +462,22 @@ sun.security.krb5.maxReferrals=5 # +# This property contains a list of disabled EC Named Curves that can be included +# in the jdk.[tls|certpath|jar].disabledAlgorithms properties. To include this +# list in any of the disabledAlgorithms properties, add the property name as +# an entry. +jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \ + secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, \ + secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, \ + sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, \ + sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, \ + sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, \ + X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, \ + X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, \ + X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1, \ + brainpoolP320r1, brainpoolP384r1, brainpoolP512r1 + +# # Algorithm restrictions for certification path (CertPath) processing # # In some environments, certain algorithms or key lengths may be undesirable @@ -475,7 +491,7 @@ # " DisabledAlgorithm { , DisabledAlgorithm } " # # DisabledAlgorithm: -# AlgorithmName [Constraint] { '&' Constraint } +# AlgorithmName [Constraint] { '&' Constraint } | IncludeProperty # # AlgorithmName: # (see below) @@ -502,6 +518,9 @@ # UsageConstraint: # usage [TLSServer] [TLSClient] [SignedJAR] # +# IncludeProperty: +# include <security property> +# # The "AlgorithmName" is the standard algorithm name of the disabled # algorithm. See "Java Cryptography Architecture Standard Algorithm Name # Documentation" for information about Standard Algorithm Names. Matching @@ -514,6 +533,14 @@ # that rely on DSA, such as NONEwithDSA, SHA1withDSA. However, the assertion # will not disable algorithms related to "ECDSA". # +# The "IncludeProperty" allows a implementation-defined security property that +# can be included in the disabledAlgorithms properties. These properties are +# to help manage common actions easier across multiple disabledAlgorithm +# properties. +# There is one defined security property: jdk.disabled.NamedCurves +# See the property for more specific details. +# +# # A "Constraint" defines restrictions on the keys and/or certificates for # a specified AlgorithmName: # @@ -586,7 +613,28 @@ # # jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ - RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 + RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \ + include jdk.disabled.namedCurves + +# +# Legacy algorithms for certification path (CertPath) processing and +# signed JAR files. +# +# In some environments, a certain algorithm or key length may be undesirable +# but is not yet disabled. +# +# Tools such as keytool and jarsigner may emit warnings when these legacy +# algorithms are used. See the man pages for those tools for more information. +# +# The syntax is the same as the "jdk.certpath.disabledAlgorithms" and +# "jdk.jar.disabledAlgorithms" security properties. +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. + +jdk.security.legacyAlgorithms=SHA1, \ + RSA keySize < 2048, DSA keySize < 2048 # # Algorithm restrictions for signed JAR files @@ -629,7 +677,8 @@ # # See "jdk.certpath.disabledAlgorithms" for syntax descriptions. # -jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024 +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ + DSA keySize < 1024, include jdk.disabled.namedCurves # # Algorithm restrictions for Secure Socket Layer/Transport Layer Security @@ -661,8 +710,9 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, 3DES_EDE_CBC, anon, NULL +jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ + DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ + include jdk.disabled.namedCurves # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation.
--- a/src/share/native/sun/font/freetypeScaler.c Fri Feb 05 20:19:32 2021 +0000 +++ b/src/share/native/sun/font/freetypeScaler.c Mon Apr 19 04:23:30 2021 +0100 @@ -271,7 +271,7 @@ const char* property = "interpreter-version"; /* If some one is setting this, don't override it */ - if (props != NULL && strstr(property, props)) { + if (props != NULL && strstr(props, property)) { return; } /*
--- a/src/solaris/classes/sun/awt/X11/XFramePeer.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/solaris/classes/sun/awt/X11/XFramePeer.java Mon Apr 19 04:23:30 2021 +0100 @@ -339,6 +339,13 @@ } } handleStateChange(old_state, state); + + // RepaintManager does not repaint iconified windows. Window needs to be + // repainted explicitly, when it is deiconified. + if (((changed & Frame.ICONIFIED) != 0) && + ((state & Frame.ICONIFIED) == 0)) { + repaint(); + } } // NOTE: This method may be called by privileged threads.
--- a/src/windows/classes/sun/awt/windows/WWindowPeer.java Fri Feb 05 20:19:32 2021 +0000 +++ b/src/windows/classes/sun/awt/windows/WWindowPeer.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -351,6 +351,40 @@ } } + private void notifyWindowStateChanged(int oldState, int newState) { + int changed = oldState ^ newState; + if (changed == 0) { + return; + } + if (log.isLoggable(PlatformLogger.Level.FINE)) { + log.fine("Reporting state change %x -> %x", oldState, newState); + } + + if (target instanceof Frame) { + // Sync target with peer. + AWTAccessor.getFrameAccessor().setExtendedState((Frame) target, + newState); + } + + // Report (de)iconification to old clients. + if ((changed & Frame.ICONIFIED) > 0) { + if ((newState & Frame.ICONIFIED) > 0) { + postEvent(new TimedWindowEvent((Window) target, + WindowEvent.WINDOW_ICONIFIED, null, 0, 0, + System.currentTimeMillis())); + } else { + postEvent(new TimedWindowEvent((Window) target, + WindowEvent.WINDOW_DEICONIFIED, null, 0, 0, + System.currentTimeMillis())); + } + } + + // New (since 1.4) state change event. + postEvent(new TimedWindowEvent((Window) target, + WindowEvent.WINDOW_STATE_CHANGED, null, oldState, newState, + System.currentTimeMillis())); + } + synchronized void addWindowListener(WindowListener l) { windowListener = AWTEventMulticaster.add(windowListener, l); }
--- a/src/windows/native/sun/bridge/WinAccessBridge.cpp Fri Feb 05 20:19:32 2021 +0000 +++ b/src/windows/native/sun/bridge/WinAccessBridge.cpp Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -168,7 +168,7 @@ * Our window proc * */ - BOOL CALLBACK AccessBridgeDialogProc(HWND hDlg, UINT message, UINT wParam, LONG lParam) { + BOOL CALLBACK AccessBridgeDialogProc(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam) { COPYDATASTRUCT *sentToUs; char *package; @@ -296,7 +296,7 @@ PrintDebugString("[INFO]: finished deleting eventHandler, messageQueue, and javaVMs"); PrintDebugString("[INFO]: GOODBYE CRUEL WORLD..."); - + finalizeFileLogger(); DestroyWindow(theDialogWindow); }
--- a/src/windows/native/sun/bridge/WinAccessBridge.h Fri Feb 05 20:19:32 2021 +0000 +++ b/src/windows/native/sun/bridge/WinAccessBridge.h Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -43,15 +43,10 @@ LPVOID lpvReserved); void AppendToCallOutput(char *s); BOOL CALLBACK AccessBridgeDialogProc(HWND hDlg, UINT message, - UINT wParam, LONG lParam); + WPARAM wParam, LPARAM lParam); HWND getTopLevelHWND(HWND descendent); } -LRESULT CALLBACK WinAccessBridgeWindowProc(HWND hWnd, UINT message, - UINT wParam, LONG lParam); - -BOOL CALLBACK DeleteItemProc(HWND hwndDlg, UINT message, WPARAM wParam, LPARAM lParam); - /** * The WinAccessBridge class. The core of the Windows AT AccessBridge dll */
--- a/src/windows/native/sun/windows/awt_Frame.cpp Fri Feb 05 20:19:32 2021 +0000 +++ b/src/windows/native/sun/windows/awt_Frame.cpp Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -99,7 +99,6 @@ jfieldID AwtFrame::undecoratedID; jmethodID AwtFrame::getExtendedStateMID; -jmethodID AwtFrame::setExtendedStateMID; jmethodID AwtFrame::activateEmbeddingTopLevelMID; jfieldID AwtFrame::isEmbeddedInIEID; @@ -811,13 +810,6 @@ } void -AwtFrame::SendWindowStateEvent(int oldState, int newState) -{ - SendWindowEvent(java_awt_event_WindowEvent_WINDOW_STATE_CHANGED, - NULL, oldState, newState); -} - -void AwtFrame::ClearMaximizedBounds() { m_maxBoundsSet = FALSE; @@ -955,24 +947,7 @@ jint changed = oldState ^ newState; if (changed != 0) { - DTRACE_PRINTLN2("AwtFrame::WmSize: reporting state change %x -> %x", - oldState, newState); - - // sync target with peer - JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2); - env->CallVoidMethod(GetPeer(env), AwtFrame::setExtendedStateMID, newState); - - // report (de)iconification to old clients - if (changed & java_awt_Frame_ICONIFIED) { - if (newState & java_awt_Frame_ICONIFIED) { - SendWindowEvent(java_awt_event_WindowEvent_WINDOW_ICONIFIED); - } else { - SendWindowEvent(java_awt_event_WindowEvent_WINDOW_DEICONIFIED); - } - } - - // New (since 1.4) state change event - SendWindowStateEvent(oldState, newState); + NotifyWindowStateChanged(oldState, newState); } // If window is in iconic state, do not send COMPONENT_RESIZED event @@ -1679,10 +1654,6 @@ { TRY; - AwtFrame::setExtendedStateMID = env->GetMethodID(cls, "setExtendedState", "(I)V"); - DASSERT(AwtFrame::setExtendedStateMID); - CHECK_NULL(AwtFrame::setExtendedStateMID); - AwtFrame::getExtendedStateMID = env->GetMethodID(cls, "getExtendedState", "()I"); DASSERT(AwtFrame::getExtendedStateMID);
--- a/src/windows/native/sun/windows/awt_Frame.h Fri Feb 05 20:19:32 2021 +0000 +++ b/src/windows/native/sun/windows/awt_Frame.h Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -54,7 +54,6 @@ /* sun.awt.windows.WEmbeddedFrame fields and method IDs */ static jfieldID handleID; - static jmethodID setExtendedStateMID; static jmethodID getExtendedStateMID; /* method id for WEmbeddedFrame.requestActivate() method */ @@ -88,8 +87,6 @@ INLINE BOOL isZoomed() { return m_zoomed; } INLINE void setZoomed(BOOL b) { m_zoomed = b; } - void SendWindowStateEvent(int oldState, int newState); - void Show(); INLINE void DrawMenuBar() { VERIFY(::DrawMenuBar(GetHWnd())); }
--- a/src/windows/native/sun/windows/awt_Toolkit.cpp Fri Feb 05 20:19:32 2021 +0000 +++ b/src/windows/native/sun/windows/awt_Toolkit.cpp Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -3143,10 +3143,22 @@ * instead of SendMessage(). */ LRESULT AwtToolkit::InvokeInputMethodFunction(UINT msg, WPARAM wParam, LPARAM lParam) { + /* + * DND runs on the main thread. So it is necessary to use SendMessage() to call an IME + * function once the DND is active; otherwise a hang is possible since DND may wait for + * the IME completion. + */ CriticalSection::Lock lock(m_inputMethodLock); - if (PostMessage(msg, wParam, lParam)) { - ::WaitForSingleObject(m_inputMethodWaitEvent, INFINITE); + if (isInDoDragDropLoop) { + SendMessage(msg, wParam, lParam); + ::ResetEvent(m_inputMethodWaitEvent); return m_inputMethodData; + } else { + if (PostMessage(msg, wParam, lParam)) { + ::WaitForSingleObject(m_inputMethodWaitEvent, INFINITE); + return m_inputMethodData; + } + return 0; } - return 0; } +
--- a/src/windows/native/sun/windows/awt_Window.cpp Fri Feb 05 20:19:32 2021 +0000 +++ b/src/windows/native/sun/windows/awt_Window.cpp Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -168,6 +168,7 @@ jfieldID AwtWindow::sysWID; jfieldID AwtWindow::sysHID; jfieldID AwtWindow::windowTypeID; +jmethodID AwtWindow::notifyWindowStateChangedMID; jmethodID AwtWindow::getWarningStringMID; jmethodID AwtWindow::calculateSecurityWarningPositionMID; @@ -1614,6 +1615,16 @@ env->DeleteLocalRef(event); } +void AwtWindow::NotifyWindowStateChanged(jint oldState, jint newState) +{ + JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2); + jobject peer = GetPeer(env); + if (peer != NULL) { + env->CallVoidMethod(peer, AwtWindow::notifyWindowStateChangedMID, + oldState, newState); + } +} + BOOL AwtWindow::AwtSetActiveWindow(BOOL isMouseEventCause, UINT hittest) { // We used to reject non mouse window activation if our app wasn't active. @@ -3230,6 +3241,11 @@ AwtWindow::windowTypeID = env->GetFieldID(cls, "windowType", "Ljava/awt/Window$Type;"); + AwtWindow::notifyWindowStateChangedMID = + env->GetMethodID(cls, "notifyWindowStateChanged", "(II)V"); + DASSERT(AwtWindow::notifyWindowStateChangedMID); + CHECK_NULL(AwtWindow::notifyWindowStateChangedMID); + CATCH_BAD_ALLOC; }
--- a/src/windows/native/sun/windows/awt_Window.h Fri Feb 05 20:19:32 2021 +0000 +++ b/src/windows/native/sun/windows/awt_Window.h Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -57,6 +57,7 @@ static jfieldID securityWarningWidthID; static jfieldID securityWarningHeightID; + /* sun.awt.windows.WWindowPeer field and method IDs */ // The coordinates at the peer. static jfieldID sysXID; static jfieldID sysYID; @@ -64,7 +65,9 @@ static jfieldID sysHID; static jfieldID windowTypeID; + static jmethodID notifyWindowStateChangedMID; + /* java.awt.Window method IDs */ static jmethodID getWarningStringMID; static jmethodID calculateSecurityWarningPositionMID; static jmethodID windowTypeNameMID; @@ -149,6 +152,7 @@ void SendComponentEvent(jint eventId); void SendWindowEvent(jint id, HWND opposite = NULL, jint oldState = 0, jint newState = 0); + void NotifyWindowStateChanged(jint oldState, jint newState); BOOL IsFocusableWindow();
--- a/test/ProblemList.txt Fri Feb 05 20:19:32 2021 +0000 +++ b/test/ProblemList.txt Mon Apr 19 04:23:30 2021 +0100 @@ -122,6 +122,12 @@ # jdk_beans +# 8060027 +java/beans/XMLEncoder/Test4903007.java generic-all +java/beans/XMLEncoder/java_awt_GridBagLayout.java generic-all +java/beans/XMLDecoder/8028054/TestConstructorFinder.java generic-all +java/beans/XMLDecoder/8028054/TestMethodFinder.java generic-all + ############################################################################ # jdk_lang @@ -332,6 +338,9 @@ javax/sound/sampled/Mixers/DisabledAssertionCrash.java 7067310 generic-all +# 8059743 +javax/sound/midi/Gervill/SoftProvider/GetDevice.java generic-all + ############################################################################ # jdk_swing
--- a/test/com/sun/java/swing/plaf/windows/Test8173145.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/com/sun/java/swing/plaf/windows/Test8173145.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,39 +22,56 @@ */ /* @test + @key headful @bug 8173145 + @requires (os.family == "windows") @summary Menu is activated after using mnemonic Alt/Key combination - @modules java.desktop/com.sun.java.swing.plaf.windows @run main Test8173145 */ -import java.awt.*; +import java.awt.AWTException; +import java.awt.Component; +import java.awt.KeyboardFocusManager; +import java.awt.Robot; import java.awt.event.KeyEvent; import java.lang.reflect.InvocationTargetException; -import javax.swing.*; +import javax.swing.JButton; +import javax.swing.JFrame; +import javax.swing.JMenu; +import javax.swing.JMenuBar; +import javax.swing.JMenuItem; +import javax.swing.JPanel; +import javax.swing.JTextField; +import javax.swing.SwingUtilities; +import javax.swing.UIManager; public class Test8173145 { private volatile static JButton btn; + private volatile static JFrame f; private volatile static boolean uiCreated; public static void main(String[] args) throws InvocationTargetException, InterruptedException, AWTException { - SwingUtilities.invokeAndWait(new Runnable() { - @Override - public void run() { - try { - uiCreated = createGUI(); - } catch (Exception e) { - e.printStackTrace(); + try { + SwingUtilities.invokeAndWait(new Runnable() { + @Override + public void run() { + try { + uiCreated = createGUI(); + } catch (Exception e) { + throw new RuntimeException(e); + } } - } - }); + }); - if (uiCreated) { - test(); - } else { - //no windows l&f, skip the test + if (uiCreated) { + test(); + } else { + //no windows l&f, skip the test + } + }finally { + SwingUtilities.invokeAndWait(() -> f.dispose()); } } @@ -65,13 +82,14 @@ } catch (AWTException e) { throw new RuntimeException(e); } - robot.setAutoDelay(100); + robot.setAutoDelay(150); robot.waitForIdle(); robot.keyPress(KeyEvent.VK_ALT); robot.keyPress(KeyEvent.VK_M); robot.keyRelease(KeyEvent.VK_M); robot.keyRelease(KeyEvent.VK_ALT); + robot.waitForIdle(); Component focusOwner = KeyboardFocusManager.getCurrentKeyboardFocusManager().getFocusOwner(); @@ -86,7 +104,7 @@ } catch (Exception e) { return false; } - JFrame f = new JFrame(); + f = new JFrame(); JPanel panel = new JPanel(); btn = new JButton("Mmmmm"); @@ -102,6 +120,7 @@ f.add(panel); f.pack(); f.setVisible(true); + f.setLocationRelativeTo(null); tf.requestFocus(); return true; }
--- a/test/demo/zipfs/ZFSTests.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/demo/zipfs/ZFSTests.java Mon Apr 19 04:23:30 2021 +0100 @@ -22,7 +22,7 @@ */ /* @test - @bug 7156873 8028480 8034773 + @bug 7156873 8028480 8034773 8061777 @summary ZipFileSystem regression tests */ @@ -38,6 +38,7 @@ public static void main(String[] args) throws Throwable { test7156873(); + test8061777(); testOpenOptions(); } @@ -57,6 +58,34 @@ } } + static void test8061777() throws Throwable { + Path path = Paths.get("file.zip"); + try { + URI uri = URI.create("jar:" + path.toUri()); + Map<String, Object> env = new HashMap<String, Object>(); + env.put("create", "true"); + env.put("encoding", "Shift_JIS"); + try (FileSystem fs = FileSystems.newFileSystem(uri, env)) { + FileSystemProvider fsp = fs.provider(); + Path p = fs.getPath("/\u8868\u7533.txt"); // 0x95 0x5c 0x90 0x5c + try (OutputStream os = fsp.newOutputStream(p)) { + os.write("Hello!".getBytes("ASCII")); + } + Path dir = fs.getPath("/"); + Files.list(dir) + .forEach( child -> { + System.out.println("child:" + child); + if (!child.toString().equals(p.toString())) + throw new RuntimeException("wrong path name created"); + }); + if (!"Hello!".equals(new String(Files.readAllBytes(p), "ASCII"))) + throw new RuntimeException("wrong content in newly created file"); + } + } finally { + Files.deleteIfExists(path); + } + } + static void testOpenOptions() throws Throwable { Path path = Paths.get("file.zip"); try {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/awt/Choice/PopdownGeneratesMouseEvents/PopdownGeneratesMouseEvents.html Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,45 @@ +<!-- + Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. + DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + + This code is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License version 2 only, as + published by the Free Software Foundation. + + This code is distributed in the hope that it will be useful, but WITHOUT + ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + version 2 for more details (a copy is included in the LICENSE file that + accompanied this code). + + You should have received a copy of the GNU General Public License version + 2 along with this work; if not, write to the Free Software Foundation, + Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + + Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + or visit www.oracle.com if you need additional information or have any + questions. +--> +<html> +<!-- + @test + @bug 6200670 + @summary MouseMoved events are triggered by Choice when mouse is moved outside the component, XToolkit + @library ../../regtesthelpers/ + @author andrei.dmitriev area=choice + @build Util + @run applet PopdownGeneratesMouseEvents.html + --> +<head> +<title> </title> +</head> +<body> + +<h1>PopdownGeneratesMouseEvents<br>Bug ID: 6200670 </h1> + +<p> This is an AUTOMATIC test, simply wait for completion </p> + +<APPLET CODE="PopdownGeneratesMouseEvents.class" WIDTH=200 HEIGHT=200></APPLET> +</body> +</html> +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/awt/Choice/PopdownGeneratesMouseEvents/PopdownGeneratesMouseEvents.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,138 @@ +/* + * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + test + @bug 6200670 + @summary MouseMoved events are triggered by Choice when mouse is moved outside the component, XToolkit + @library ../../regtesthelpers/ + @author andrei.dmitriev area=choice + @build Util + @run applet PopdownGeneratesMouseEvents.html +*/ + +import test.java.awt.regtesthelpers.Util; + +import java.applet.Applet; +import java.awt.*; +import java.awt.event.*; + +public class PopdownGeneratesMouseEvents extends Applet { + private volatile Robot robot; + private final Choice choice1 = new Choice(); + + private volatile MouseMotionHandler mmh; + + public void init() { + for (int i = 1; i < 10; i++) { + choice1.add("item-0" + i); + } + choice1.setForeground(Color.RED); + choice1.setBackground(Color.RED); + mmh = new MouseMotionHandler(); + choice1.addMouseMotionListener(mmh); + Button b1 = new Button("FirstButton"); + Button b2 = new Button("SecondButton"); + add(b1); + add(choice1); + add(b2); + setLayout (new FlowLayout()); + } + + public void start() { + setSize(300, 200); + setVisible(true); + validate(); + String toolkit = Toolkit.getDefaultToolkit().getClass().getName(); + + /* + * Choice should not generate MouseEvents outside of Choice + * Test for XAWT only. + */ + try{ + robot = new Robot(); + robot.setAutoWaitForIdle(true); + robot.setAutoDelay(50); + + if (toolkit.equals("sun.awt.X11.XToolkit")) { + testMouseMoveOutside(); + } else { + System.out.println("This test is for XToolkit only. Now using " + + toolkit + ". Automatically passed."); + return; + } + } catch (Throwable e) { + throw new RuntimeException("Test failed. Exception thrown: " + e); + } + System.out.println("Passed : Choice should not generate MouseEvents outside of Choice."); + } + + private void testMouseMoveOutside() { + waitForIdle(); + Point pt = choice1.getLocationOnScreen(); + robot.mouseMove(pt.x + choice1.getWidth() / 2, pt.y + choice1.getHeight() / 2); + waitForIdle(); + robot.mousePress(InputEvent.BUTTON1_MASK); + robot.mouseRelease(InputEvent.BUTTON1_MASK); + waitForIdle(); + + Color color = robot.getPixelColor(pt.x + choice1.getWidth() / 2, + pt.y + 3 * choice1.getHeight()); + if (!color.equals(Color.RED)) { + throw new RuntimeException("Choice wasn't opened with LEFTMOUSE button"); + } + + pt = getLocationOnScreen(); + robot.mouseMove(pt.x + getWidth() * 2, pt.y + getHeight() * 2); + mmh.testStarted = true; + + int x0 = pt.x + getWidth() * 3 / 2; + int y0 = pt.y + getHeight() * 3 / 2; + int x1 = pt.x + getWidth() * 2; + int y1 = pt.y + getHeight() * 2; + + Util.mouseMove(robot, new Point(x0, y0), new Point(x1, y0)); + Util.mouseMove(robot, new Point(x1, y0), new Point(x1, y1)); + + waitForIdle(); + //close opened choice + robot.keyPress(KeyEvent.VK_ESCAPE); + robot.keyRelease(KeyEvent.VK_ESCAPE); + } + + private void waitForIdle() { + Util.waitForIdle(robot); + robot.delay(500); + } +} + +class MouseMotionHandler extends MouseMotionAdapter { + public volatile boolean testStarted; + public void mouseMoved(MouseEvent ke) { + if (testStarted) { + throw new RuntimeException("Test failed: Choice generated MouseMove events while moving mouse outside of Choice"); + } + } + public void mouseDragged(MouseEvent ke) { + } +}
--- a/test/java/awt/FontClass/DebugFonts.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/awt/FontClass/DebugFonts.java Mon Apr 19 04:23:30 2021 +0100 @@ -23,7 +23,7 @@ /* * @test - * @bug 4956241 80769790 + * @bug 4956241 8076979 8080953 * @summary NPE debugging fonts * @run main/othervm DebugFonts */
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/awt/FullScreen/NonExistentDisplayModeTest/NonExistentDisplayModeTest.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,152 @@ +/* + * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.awt.DisplayMode; +import java.awt.Frame; +import java.awt.GraphicsDevice; +import java.util.ArrayList; +import java.util.Random; + +import static java.awt.DisplayMode.REFRESH_RATE_UNKNOWN; + +/** + * @test + * @bug 6430607 + * @summary Test that we throw an exception for incorrect display modes + * @author Dmitri.Trembovetski@Sun.COM area=FullScreen + * @run main/othervm NonExistentDisplayModeTest + * @run main/othervm -Dsun.java2d.noddraw=true NonExistentDisplayModeTest + * @run main/othervm -Dsun.java2d.opengl=true NonExistentDisplayModeTest + */ +public class NonExistentDisplayModeTest { + + public static void main(String[] args) { + new NonExistentDisplayModeTest().start(); + } + + private void start() { + Frame f = new Frame("Testing, please wait.."); + f.pack(); + GraphicsDevice gd = f.getGraphicsConfiguration().getDevice(); + if (!gd.isFullScreenSupported()) { + System.out.println("Exclusive FS mode not supported, test passed."); + f.dispose(); + return; + } + + gd.setFullScreenWindow(f); + if (!gd.isDisplayChangeSupported()) { + System.out.println("DisplayMode change not supported, test passed."); + f.dispose(); + return; + } + + DisplayMode dms[] = gd.getDisplayModes(); + ArrayList<DisplayMode> dmList = new ArrayList<DisplayMode>(dms.length); + for (DisplayMode dm : dms) { + dmList.add(dm); + } + + ArrayList<DisplayMode> nonExistentDms = createNonExistentDMList(dmList); + + for (DisplayMode dm : nonExistentDms) { + boolean exThrown = false; + try { + System.out.printf("Testing mode: (%4dx%4d) depth=%3d rate=%d\n", + dm.getWidth(), dm.getHeight(), + dm.getBitDepth(), dm.getRefreshRate()); + gd.setDisplayMode(dm); + } catch (IllegalArgumentException e) { + exThrown = true; + } + if (!exThrown) { + gd.setFullScreenWindow(null); + f.dispose(); + throw new + RuntimeException("Failed: No exception thrown for dm "+dm); + } + } + gd.setFullScreenWindow(null); + f.dispose(); + System.out.println("Test passed."); + } + + private static final Random rnd = new Random(); + private ArrayList<DisplayMode> + createNonExistentDMList(ArrayList<DisplayMode> dmList) + { + ArrayList<DisplayMode> newList = + new ArrayList<DisplayMode>(dmList.size()); + // vary one parameter at a time + int param = 0; + for (DisplayMode dm : dmList) { + param = ++param % 3; + switch (param) { + case 0: { + DisplayMode newDM = deriveSize(dm); + if (!dmList.contains(newDM)) { + newList.add(newDM); + } + break; + } + case 1: { + DisplayMode newDM = deriveDepth(dm); + if (!dmList.contains(newDM)) { + newList.add(newDM); + } + break; + } + case 2: { + if (dm.getRefreshRate() != REFRESH_RATE_UNKNOWN) { + DisplayMode newDM = deriveRR(dm); + if (!dmList.contains(newDM)) { + newList.add(newDM); + } + } + break; + } + } + } + return newList; + } + + private static DisplayMode deriveSize(DisplayMode dm) { + int w = dm.getWidth() / 7; + int h = dm.getHeight() / 3; + return new DisplayMode(w, h, dm.getBitDepth(), dm.getRefreshRate()); + } + private static DisplayMode deriveRR(DisplayMode dm) { + return new DisplayMode(dm.getWidth(), dm.getHeight(), + dm.getBitDepth(), 777); + } + private static DisplayMode deriveDepth(DisplayMode dm) { + int depth; + if (dm.getBitDepth() == DisplayMode.BIT_DEPTH_MULTI) { + depth = 77; + } else { + depth = DisplayMode.BIT_DEPTH_MULTI; + } + return new DisplayMode(dm.getWidth(), dm.getHeight(), + depth, dm.getRefreshRate()); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/awt/Window/FullWindowContentTest/FullWindowContentTest.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,212 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @key headful + * @bug 8211301 + * @summary [macosx] support full window content options + * @author Alan Snyder + * @run main FullWindowContentTest + * @requires (os.family == "mac") +*/ + +import java.awt.AWTException; +import java.awt.Color; +import java.awt.Rectangle; +import java.awt.Robot; +import java.awt.image.BufferedImage; +import java.lang.reflect.InvocationTargetException; +import javax.swing.JComponent; +import javax.swing.JFrame; +import javax.swing.JRootPane; +import javax.swing.SwingUtilities; + +public class FullWindowContentTest +{ + static FullWindowContentTest theTest; + private Robot robot; + private JFrame frame; + private JRootPane rootPane; + static boolean isTransparentSupported = getOSVersion() >= 1010; + + private int DELAY = 1000; + + public FullWindowContentTest() { + try { + robot = new Robot(); + } catch (AWTException ex) { + throw new RuntimeException(ex); + } + } + + public void performTest() { + + runSwing(() -> { + frame = new JFrame("Test"); + frame.setBounds(200, 200, 300, 100); + rootPane = frame.getRootPane(); + JComponent contentPane = (JComponent) frame.getContentPane(); + contentPane.setBackground(Color.RED); + rootPane.putClientProperty("apple.awt.fullWindowContent", true); + rootPane.putClientProperty("apple.awt.transparentTitleBar", true); + frame.setVisible(true); + }); + + robot.delay(DELAY); + checkTransparent(); + + runSwing(() -> rootPane.putClientProperty("apple.awt.transparentTitleBar", false)); + + robot.delay(DELAY); + checkTranslucent(); + + runSwing(() -> rootPane.putClientProperty("apple.awt.fullWindowContent", false)); + + robot.delay(DELAY); + checkNormal(); + + runSwing(() -> rootPane.putClientProperty("apple.awt.fullWindowContent", true)); + + robot.delay(DELAY); + checkTranslucent(); + + runSwing(() -> rootPane.putClientProperty("apple.awt.transparentTitleBar", true)); + + robot.delay(DELAY); + checkTransparent(); + + runSwing(() -> frame.dispose()); + + frame = null; + rootPane = null; + } + + private void checkTransparent() { + if (isTransparentSupported) { + Color c = getTestPixel(); + int delta = c.getRed() - c.getBlue(); + if (delta < 200) { + throw new RuntimeException("Test failed: did not find transparent title bar color"); + } + checkContent(); + } else { + checkTranslucent(); + } + } + + private void checkTranslucent() { + Color c = getTestPixel(); + int delta = c.getRed() - c.getBlue(); + if (delta < 50 || delta > 150) { + throw new RuntimeException("Test failed: did not find translucent title bar color"); + } + checkContent(); + } + + private void checkNormal() { + Color c = getTestPixel(); + int delta = c.getRed() - c.getBlue(); + if (delta < -50 || delta > 50) { + throw new RuntimeException("Test failed: did not find normal title bar color"); + } + checkContent(); + } + + private void checkContent() { + // Check the bottom of the content area to make sure the insets were changed. + Color c = getContentPixel(); + int delta = c.getRed() - c.getBlue(); + if (delta < 200) { + throw new RuntimeException("Test failed: did not find content color"); + } + } + + private Color getContentPixel() { + Rectangle bounds = frame.getBounds(); + Color c = robot.getPixelColor(bounds.x + 80, bounds.y + bounds.height - 10); + return c; + } + + private Color getTestPixel() { + Rectangle bounds = frame.getBounds(); + BufferedImage screenImage = robot.createScreenCapture(bounds); + int rgb = screenImage.getRGB(80, 10); + int red = (rgb >> 16) & 0xFF; + int green = (rgb >> 8) & 0xFF; + int blue = rgb & 0xFF; + Color c = new Color(red, green, blue); + + // Note: the following code returns significantly wrong values. + // For example, it returns 42 24 24 for a translucent red that should be more like 243 151 151. + +// Color c = robot.getPixelColor(bounds.x + 80, bounds.y + 10); + + return c; + } + + public void dispose() { + if (frame != null) { + frame.dispose(); + frame = null; + } + } + + private static int getOSVersion() { + String s = System.getProperty("os.version"); + int p = s.indexOf('.'); + int major = Integer.parseInt(s.substring(0, p)); + s = s.substring(p+1); + p = s.indexOf('.'); + int minor = Integer.parseInt(p >= 0 ? s.substring(0, p) : s); + return major * 100 + minor; + } + + private static void runSwing(Runnable r) { + try { + SwingUtilities.invokeAndWait(r); + } catch (InterruptedException e) { + } catch (InvocationTargetException e) { + throw new RuntimeException(e); + } + } + + public static void main(String[] args) { + if (!System.getProperty("os.name").contains("OS X")) { + System.out.println("This test is for MacOS only. Automatically passed on other platforms."); + return; + } + + try { + runSwing(() -> theTest = new FullWindowContentTest()); + theTest.performTest(); + ; + } finally { + if (theTest != null) { + runSwing(() -> theTest.dispose()); + } + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/awt/datatransfer/CustomClassLoaderTransferTest/AnotherInterface.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,3 @@ +import java.io.*; + +public interface AnotherInterface extends Serializable {}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/awt/datatransfer/CustomClassLoaderTransferTest/CustomClassLoaderTransferTest.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,63 @@ +/* + @test + @bug 4932376 + @summary verifies that data transfer within one JVM works correctly if + the transfer data was created with a custom class loader. + @author das@sparc.spb.su area=datatransfer + @library ../../regtesthelpers + @build TransferableList AnotherInterface CopyClassFile CustomClassLoaderTransferTest + @run main CopyClassFile -r ListInterface subdir/ + @run main CopyClassFile -r TransferableList subdir/ + @run main CustomClassLoaderTransferTest +*/ + +import java.awt.*; +import java.awt.datatransfer.*; +import java.io.*; +import java.net.URL; +import java.net.URLClassLoader; + +public class CustomClassLoaderTransferTest { + public static class DFTransferable implements Transferable { + private final DataFlavor df; + private final Object obj; + public DFTransferable(DataFlavor df, Object obj) { + this.df = df; + this.obj = obj; + } + + @Override + public Object getTransferData(DataFlavor flavor) + throws UnsupportedFlavorException, IOException { + if (df.equals(flavor)) { + return obj; + } else { + throw new UnsupportedFlavorException(flavor); + } + } + + @Override + public DataFlavor[] getTransferDataFlavors(){ + return new DataFlavor[] { df }; + } + + @Override + public boolean isDataFlavorSupported(DataFlavor flavor) { + return df.equals(flavor); + } + } + + public static void main(String[] args) throws Exception { + Clipboard c = Toolkit.getDefaultToolkit().getSystemClipboard(); + URL url = new File("./subdir/").toURL(); + ClassLoader classLoader = new URLClassLoader(new URL[] { url }, + CustomClassLoaderTransferTest.class.getClassLoader()); + Class clazz = Class.forName("TransferableList", true, classLoader); + DataFlavor df = new DataFlavor(clazz, "Transferable List"); + Object obj = clazz.newInstance(); + Transferable t = new DFTransferable(df, obj); + c.setContents(t, null); + Transferable ct = c.getContents(null); + ct.getTransferData(df); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/awt/datatransfer/CustomClassLoaderTransferTest/TransferableList.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,30 @@ +import java.io.Serializable; +import java.lang.reflect.InvocationHandler; +import java.lang.reflect.Method; +import java.lang.reflect.Proxy; +import java.util.ArrayList; + +public class TransferableList extends ArrayList { + private static class NullInvocationHandler implements InvocationHandler, Serializable { + public Object invoke(Object proxy, Method method, Object[] args) + throws Throwable { + throw new Error("UNIMPLEMENTED"); + } + } + + public TransferableList() { + try { + InvocationHandler handler = new NullInvocationHandler(); + Class<?> proxyClass = Proxy.getProxyClass( + ListInterface.class.getClassLoader(), + new Class[] { ListInterface.class, AnotherInterface.class }); + AnotherInterface obj = (AnotherInterface) proxyClass. + getConstructor(new Class[]{InvocationHandler.class}). + newInstance(handler); + } catch (Exception e) { + e.printStackTrace(); + } + } +} + +interface ListInterface extends Serializable {}
--- a/test/java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2016 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,7 +22,10 @@ */ /** - * @test @summary JVM crash if the frame is disposed in DropTargetListener + * @test + * @summary JVM crash if the frame is disposed in DropTargetListener + * @bug 8252470 + * @key headful * @author Petr Pchelko * @library ../../regtesthelpers * @build Util
--- a/test/java/awt/print/PrinterJob/PrintTextTest.html Fri Feb 05 20:19:32 2021 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,46 +0,0 @@ -<!-- - Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. - DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - - This code is free software; you can redistribute it and/or modify it - under the terms of the GNU General Public License version 2 only, as - published by the Free Software Foundation. - - This code is distributed in the hope that it will be useful, but WITHOUT - ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - version 2 for more details (a copy is included in the LICENSE file that - accompanied this code). - - You should have received a copy of the GNU General Public License version - 2 along with this work; if not, write to the Free Software Foundation, - Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - - Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - or visit www.oracle.com if you need additional information or have any - questions. ---> - -<html> -<body> -<applet code="PrintTextTest.class" width=400 height=100></applet> -This tests that printed text renders similarly to on-screen, -under a variety of APIs and graphics and font transforms -Print to your preferred printer. Collect the output. -Refer to the onscreen buttons to cycle through the on-screen -content -For each page, confirm that the printed content corresponds to -the on-screen rendering for that *same* page. -Some cases may look odd but its intentional. Verify -it looks the same on screen and on the printer. -Note that text does not scale linearly from screen to printer -so some differences are normal and not a bug. -The easiest way to spot real problems is to check that -any underlines are the same length as the underlined text -and that any rotations are the same in each case. -Note that each on-screen page is printed in both portrait -and landscape mode -So for example, Page 1/Portrait, and Page 1/Landscape when -rotated to view properly, should both match Page 1 on screen.; -</body> -</html>
--- a/test/java/awt/regtesthelpers/CopyClassFile.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/awt/regtesthelpers/CopyClassFile.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -39,6 +39,8 @@ * * @build CopyClassFile * @run main CopyClassFile package.class dest_directory + * + * In case the source file should be removed add -r option */ public class CopyClassFile { @@ -48,13 +50,17 @@ private static String className; private static String classFile; + private static boolean removeSource = false; + public static void main(String[] args) throws Exception { - if (args.length != 2) { + if (args.length < 2) { throw new IllegalArgumentException("Illegal usage: class name and destination directory should be specified"); } - destinationDir = args[1]; - className = args[0]; + int classNameIndex = parseOptions(args); + + className = args[classNameIndex]; + destinationDir = args[classNameIndex + 1]; classFile = className.replaceAll("\\.", File.separator) + ".class"; URL url = cl.getResource(classFile); @@ -69,6 +75,21 @@ Arrays.stream(files).forEach(CopyClassFile::copyFile); } + private static int parseOptions(String[] args) { + int optionsEnd = 0; + while (args[optionsEnd].startsWith("-")) { + switch (args[optionsEnd].substring(1)) { + case "r" : + removeSource = true; + break; + default: + throw new RuntimeException("Unrecognized option passed to CopyClassFile: " + args[optionsEnd]); + } + optionsEnd++; + } + return optionsEnd; + } + private static String cutPackageName(String className) { int dotIndex = className.lastIndexOf(".") + 1; if (dotIndex <= 0) { @@ -87,6 +108,11 @@ try (InputStream is = new FileInputStream(f)) { Files.copy(is, p, StandardCopyOption.REPLACE_EXISTING); } + + if (removeSource && !f.delete()) { + throw new RuntimeException("Failed to delete a file"); + } + } catch (IOException ex) { throw new RuntimeException("Could not copy file " + f, ex); }
--- a/test/java/beans/PropertyEditor/6380849/TestPropertyEditor.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/beans/PropertyEditor/6380849/TestPropertyEditor.java Mon Apr 19 04:23:30 2021 +0100 @@ -28,6 +28,7 @@ * @author Sergey Malenkov * @compile -XDignore.symbol.file TestPropertyEditor.java * @run main TestPropertyEditor + * @key headful */ import editors.SecondBeanEditor;
--- a/test/java/beans/PropertyEditor/TestColorClass.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/beans/PropertyEditor/TestColorClass.java Mon Apr 19 04:23:30 2021 +0100 @@ -26,6 +26,7 @@ * @bug 4506596 6258510 * @summary Tests PropertyEditor for value of type Color with security manager * @author Sergey Malenkov + * @key headful */ import java.awt.Color;
--- a/test/java/beans/PropertyEditor/TestColorClassJava.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/beans/PropertyEditor/TestColorClassJava.java Mon Apr 19 04:23:30 2021 +0100 @@ -26,6 +26,7 @@ * @bug 4506596 * @summary Tests PropertyEditor for value of type Color * @author Sergey Malenkov + * @key headful */ import java.awt.Color;
--- a/test/java/beans/PropertyEditor/TestColorClassNull.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/beans/PropertyEditor/TestColorClassNull.java Mon Apr 19 04:23:30 2021 +0100 @@ -26,6 +26,7 @@ * @bug 4506596 6498171 * @summary Tests PropertyEditor for null value of type Color * @author Sergey Malenkov + * @key headful */ import java.awt.Color;
--- a/test/java/beans/PropertyEditor/TestColorClassValue.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/beans/PropertyEditor/TestColorClassValue.java Mon Apr 19 04:23:30 2021 +0100 @@ -26,6 +26,7 @@ * @bug 4222827 4506596 * @summary Tests PropertyEditor for value of type Color * @author Sergey Malenkov + * @key headful */ import java.awt.Color;
--- a/test/java/beans/PropertyEditor/TestFontClass.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/beans/PropertyEditor/TestFontClass.java Mon Apr 19 04:23:30 2021 +0100 @@ -26,6 +26,7 @@ * @bug 4506596 6258510 6538853 * @summary Tests PropertyEditor for value of type Font with security manager * @author Sergey Malenkov + * @key headful */ import java.awt.Font;
--- a/test/java/beans/PropertyEditor/TestFontClassJava.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/beans/PropertyEditor/TestFontClassJava.java Mon Apr 19 04:23:30 2021 +0100 @@ -26,6 +26,7 @@ * @bug 4506596 6538853 * @summary Tests PropertyEditor for value of type Font * @author Sergey Malenkov + * @key headful */ import java.awt.Font;
--- a/test/java/beans/PropertyEditor/TestFontClassNull.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/beans/PropertyEditor/TestFontClassNull.java Mon Apr 19 04:23:30 2021 +0100 @@ -26,6 +26,7 @@ * @bug 4506596 6498171 6538853 * @summary Tests PropertyEditor for null value of type Font * @author Sergey Malenkov + * @key headful */ import java.awt.Font;
--- a/test/java/beans/PropertyEditor/TestFontClassValue.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/beans/PropertyEditor/TestFontClassValue.java Mon Apr 19 04:23:30 2021 +0100 @@ -26,6 +26,7 @@ * @bug 4222827 4506596 6538853 * @summary Tests PropertyEditor for value of type Font * @author Sergey Malenkov + * @key headful */ import java.awt.Font;
--- a/test/java/beans/XMLEncoder/java_awt_ScrollPane.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/beans/XMLEncoder/java_awt_ScrollPane.java Mon Apr 19 04:23:30 2021 +0100 @@ -25,6 +25,7 @@ * @test * @bug 6402062 6487891 * @summary Tests ScrollPane encoding + * @key headful * @author Sergey Malenkov */
--- a/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java Mon Apr 19 04:23:30 2021 +0100 @@ -33,11 +33,9 @@ import java.util.ArrayList; import java.util.List; import java.nio.file.Files; -import java.nio.file.LinkOption; import java.nio.file.Path; import java.nio.file.Paths; import java.nio.file.attribute.PosixFileAttributeView; -import java.util.stream.Stream; import org.testng.annotations.AfterClass; import org.testng.annotations.BeforeClass; @@ -163,34 +161,66 @@ tr.assertZero("Should still return 0"); } + private static boolean isWriteableDirectory(Path p) { + if (!Files.isDirectory(p)) { + return false; + } + Path test = p.resolve(Paths.get("test")); + try { + Files.createFile(test); + assertTrue(Files.exists(test)); + return true; + } catch (IOException e) { + assertFalse(Files.exists(test)); + return false; + } finally { + if (Files.exists(test)) { + try { + Files.delete(test); + } catch (IOException e) { + throw new Error(e); + } + } + } + } + @Test public void testDumpDirNotWritable() throws IOException { - if (! Files.getFileStore(Paths.get(".")) - .supportsFileAttributeView(PosixFileAttributeView.class)) { + if (!Files.getFileStore(Paths.get(".")) + .supportsFileAttributeView(PosixFileAttributeView.class)) { // No easy way to setup readonly directory without POSIX // We would like to skip the test with a cause with // throw new SkipException("Posix not supported"); // but jtreg will report failure so we just pass the test // which we can look at if jtreg changed its behavior + System.out.println("WARNING: POSIX is not supported. Skipping testDumpDirNotWritable test."); return; } Files.createDirectory(Paths.get("readOnly"), asFileAttribute(fromString("r-xr-xr-x"))); + try { + if (isWriteableDirectory(Paths.get("readOnly"))) { + // Skipping the test: it's allowed to write into read-only directory + // (e.g. current user is super user). + System.out.println("WARNING: readOnly directory is writeable. Skipping testDumpDirNotWritable test."); + return; + } - TestResult tr = doExec(JAVA_CMD.getAbsolutePath(), - "-cp", ".", - "-Djdk.internal.lambda.dumpProxyClasses=readOnly", - "-Djava.security.manager", - "com.example.TestLambda"); - assertEquals(tr.testOutput.stream() - .filter(s -> s.startsWith("WARNING")) - .peek(s -> assertTrue(s.contains("not writable"))) - .count(), - 1, "only show error once"); - tr.assertZero("Should still return 0"); - - TestUtil.removeAll(Paths.get("readOnly")); + TestResult tr = doExec(JAVA_CMD.getAbsolutePath(), + "-cp", ".", + "-Djdk.internal.lambda.dumpProxyClasses=readOnly", + "-Djava.security.manager", + "com.example.TestLambda"); + assertEquals(tr.testOutput.stream() + .filter(s -> s.startsWith("WARNING")) + .peek(s -> assertTrue(s.contains("not writable"))) + .count(), + 1, "only show error once"); + tr.assertZero("Should still return 0"); + } finally { + TestUtil.removeAll(Paths.get("readOnly")); + } } @Test
--- a/test/java/lang/ref/SoftReference/Pin.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/lang/ref/SoftReference/Pin.java Mon Apr 19 04:23:30 2021 +0100 @@ -76,6 +76,7 @@ Thread.sleep(100); // yield, for what it's worth } } catch (OutOfMemoryError e) { + chain = null; // Free memory for further work. System.err.println("Got OutOfMemoryError, as expected."); }
--- a/test/java/net/CookieHandler/CookieManagerTest.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/net/CookieHandler/CookieManagerTest.java Mon Apr 19 04:23:30 2021 +0100 @@ -25,6 +25,7 @@ * @test * @summary Unit test for java.net.CookieManager * @bug 6244040 7150552 7051862 + * @modules jdk.httpserver * @run main/othervm -ea CookieManagerTest * @author Edward Wang */ @@ -32,12 +33,31 @@ import com.sun.net.httpserver.*; import java.io.IOException; import java.net.*; +import static java.net.Proxy.NO_PROXY; public class CookieManagerTest { static CookieTransactionHandler httpTrans; static HttpServer server; + static final String hostAddress = getAddr(); + + /** Returns an IP literal suitable for use by the test. */ + static String getAddr() { + try { + InetAddress lh = InetAddress.getLocalHost(); + System.out.println("Trying: " + lh); + if (lh.isReachable(5_000)) { + System.out.println("Using: " + lh); + return lh.getHostAddress(); + } + } catch (IOException x) { + System.out.println("Debug: caught:" + x); + } + System.out.println("Using: \"127.0.0.1\""); + return "127.0.0.1"; + } + public static void main(String[] args) throws Exception { startHttpServer(); makeHttpCall(); @@ -78,8 +98,8 @@ public static void makeHttpCall() throws IOException { try { - System.out.println("http server listenining on: " - + server.getAddress().getPort()); + int port = server.getAddress().getPort(); + System.out.println("http server listenining on: " + port); // install CookieManager to use CookieHandler.setDefault(new CookieManager()); @@ -92,11 +112,12 @@ ((CookieManager)CookieHandler.getDefault()) .getCookieStore().removeAll(); URL url = new URL("http" , - InetAddress.getLocalHost().getHostAddress(), + hostAddress, server.getAddress().getPort(), CookieTransactionHandler.testCases[i][0] .serverPath); - HttpURLConnection uc = (HttpURLConnection)url.openConnection(); + System.out.println("Requesting " + url); + HttpURLConnection uc = (HttpURLConnection)url.openConnection(NO_PROXY); uc.getResponseCode(); uc.disconnect(); } @@ -116,8 +137,6 @@ // to send http request public static final int testCount = 6; - private String localHostAddr = "127.0.0.1"; - @Override public void handle(HttpExchange exchange) throws IOException { if (testDone < testCases[testcaseDone].length) { @@ -188,10 +207,8 @@ testCases = new CookieTestCase[testCount][]; testPolicies = new CookiePolicy[testCount]; - try { - localHostAddr = InetAddress.getLocalHost().getHostAddress(); - } catch (Exception ignored) { - }; + String localHostAddr = CookieManagerTest.hostAddress; + int count = 0; // an http session with Netscape cookies exchanged
--- a/test/java/net/HttpURLConnection/UnmodifiableMaps.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/net/HttpURLConnection/UnmodifiableMaps.java Mon Apr 19 04:23:30 2021 +0100 @@ -24,11 +24,11 @@ /** * @test * @bug 7128648 + * @modules jdk.httpserver * @summary HttpURLConnection.getHeaderFields should return an unmodifiable Map */ import java.io.IOException; -import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.URI; import java.net.HttpURLConnection; @@ -40,6 +40,7 @@ import com.sun.net.httpserver.HttpHandler; import com.sun.net.httpserver.HttpServer; import com.sun.net.httpserver.Headers; +import static java.net.Proxy.NO_PROXY; public class UnmodifiableMaps { @@ -47,8 +48,7 @@ HttpServer server = startHttpServer(); try { InetSocketAddress address = server.getAddress(); - URI uri = new URI("http://" + InetAddress.getLocalHost().getHostAddress() - + ":" + address.getPort() + "/foo"); + URI uri = new URI("http://localhost:" + address.getPort() + "/foo"); doClient(uri); } finally { server.stop(0); @@ -56,7 +56,7 @@ } void doClient(URI uri) throws Exception { - HttpURLConnection uc = (HttpURLConnection) uri.toURL().openConnection(); + HttpURLConnection uc = (HttpURLConnection) uri.toURL().openConnection(NO_PROXY); // Test1: getRequestProperties is unmodifiable System.out.println("Check getRequestProperties");
--- a/test/java/net/URLConnection/HandleContentTypeWithAttrs.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/net/URLConnection/HandleContentTypeWithAttrs.java Mon Apr 19 04:23:30 2021 +0100 @@ -31,6 +31,7 @@ import java.io.*; import sun.net.www.content.text.*; import sun.net.www.MessageHeader; +import static java.net.Proxy.NO_PROXY; public class HandleContentTypeWithAttrs { @@ -38,13 +39,11 @@ public HandleContentTypeWithAttrs (int port) throws Exception { - String localHostName = InetAddress.getLocalHost().getHostName(); - // Request echo.html from myHttpServer. // In the header of the response, we make // the content type have some attributes. - url = new URL("http://" + localHostName + ":" + port + "/echo.html"); - URLConnection urlConn = url.openConnection(); + url = new URL("http://localhost:" + port + "/echo.html"); + URLConnection urlConn = url.openConnection(NO_PROXY); // the method getContent() calls the method // getContentHandler(). With the fix, the method
--- a/test/java/nio/file/Files/probeContentType/Basic.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/nio/file/Files/probeContentType/Basic.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,14 +29,18 @@ * @run main/othervm Basic */ +import java.io.*; import java.nio.file.*; -import java.io.*; +import java.util.stream.Stream; /** - * Uses Files.probeContentType to probe html file and custom file type. + * Uses Files.probeContentType to probe html file, custom file type, and minimal + * set of file extension to content type mappings. */ +public class Basic { -public class Basic { + private static final boolean IS_UNIX = + ! System.getProperty("os.name").startsWith("Windows"); static Path createHtmlFile() throws IOException { Path file = Files.createTempFile("foo", ".html"); @@ -51,7 +55,58 @@ return Files.createTempFile("red", ".grape"); } + private static int checkContentTypes(String expected, String actual) { + assert expected != null; + assert actual != null; + + if (!expected.equals(actual)) { + if (IS_UNIX) { + Path userMimeTypes = + Paths.get(System.getProperty("user.home"), ".mime.types"); + if (!Files.exists(userMimeTypes)) { + System.out.println(userMimeTypes + " does not exist"); + } else if (!Files.isReadable(userMimeTypes)) { + System.out.println(userMimeTypes + " is not readable"); + } else { + System.out.println(userMimeTypes + " contents:"); + try (Stream<String> lines = Files.lines(userMimeTypes)) { + lines.forEach(System.out::println); + System.out.println(""); + } catch (IOException ioe) { + System.err.println("Problem reading " + + userMimeTypes); + } + } + + Path etcMimeTypes = Paths.get("/etc/mime.types"); + if (!Files.exists(etcMimeTypes)) { + System.out.println(etcMimeTypes + " does not exist"); + } else if (!Files.isReadable(etcMimeTypes)) { + System.out.println(etcMimeTypes + " is not readable"); + } else { + System.out.println(etcMimeTypes + " contents:"); + try (Stream<String> lines = Files.lines(etcMimeTypes)) { + lines.forEach(System.out::println); + System.out.println(""); + } catch (IOException ioe) { + System.err.println("Problem reading " + + etcMimeTypes); + } + } + } + + System.err.println("Expected \"" + expected + + "\" but obtained \"" + + actual + "\""); + + return 1; + } + + return 0; + } + public static void main(String[] args) throws IOException { + int failures = 0; // exercise default file type detector Path file = createHtmlFile(); @@ -60,8 +115,7 @@ if (type == null) { System.err.println("Content type cannot be determined - test skipped"); } else { - if (!type.equals("text/html")) - throw new RuntimeException("Unexpected type: " + type); + failures += checkContentTypes("text/html", type); } } finally { Files.delete(file); @@ -73,11 +127,13 @@ String type = Files.probeContentType(file); if (type == null) throw new RuntimeException("Custom file type detector not installed?"); - if (!type.equals("grape/unknown")) - throw new RuntimeException("Unexpected type: " + type); + failures += checkContentTypes("grape/unknown", type); } finally { Files.delete(file); } + if (failures > 0) { + throw new RuntimeException("Test failed!"); + } } }
--- a/test/java/util/Locale/Bug8040211.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/java/util/Locale/Bug8040211.java Mon Apr 19 04:23:30 2021 +0100 @@ -23,14 +23,16 @@ /* * @test - * @bug 8040211 8191404 8203872 8222980 + * @bug 8040211 8191404 8203872 8222980 8225435 * @summary Checks the IANA language subtag registry data update - * (LSR Revision: 2019-04-03) with Locale and Locale.LanguageRange + * (LSR Revision: 2019-09-16) with Locale and Locale.LanguageRange * class methods. * @run main Bug8040211 */ import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; import java.util.Iterator; import java.util.Locale; import java.util.List; @@ -42,6 +44,85 @@ static boolean err = false; + private static final String ACCEPT_LANGUAGE = + "Accept-Language: aam, adp, aog, aue, bcg, cey, cqu, dif, ema," + + " en-gb-oed, gti, kdz, koj, kwq, kxe, lii, lmm, lsn, lsv, lvi, mtm," + + " ngv, nns, oyb, phr, pnd, pub, snz, suj, szy,taj, tjj, tjp, tvx," + + " uss, uth, wkr;q=0.9, ar-hyw;q=0.8, yug;q=0.5, gfx;q=0.4"; + private static final List<LanguageRange> EXPECTED_RANGE_LIST = Collections.unmodifiableList( + Arrays.asList(new LanguageRange[] { + new LanguageRange("aam", 1.0), + new LanguageRange("aas", 1.0), + new LanguageRange("adp", 1.0), + new LanguageRange("dz", 1.0), + new LanguageRange("aog", 1.0), + new LanguageRange("myd", 1.0), + new LanguageRange("aue", 1.0), + new LanguageRange("ktz", 1.0), + new LanguageRange("bcg", 1.0), + new LanguageRange("bgm", 1.0), + new LanguageRange("cey", 1.0), + new LanguageRange("cqu", 1.0), + new LanguageRange("quh", 1.0), + new LanguageRange("dif", 1.0), + new LanguageRange("dit", 1.0), + new LanguageRange("ema", 1.0), + new LanguageRange("uok", 1.0), + new LanguageRange("en-gb-oed", 1.0), + new LanguageRange("en-gb-oxendict", 1.0), + new LanguageRange("gti", 1.0), + new LanguageRange("nyc", 1.0), + new LanguageRange("kdz", 1.0), + new LanguageRange("ncp", 1.0), + new LanguageRange("koj", 1.0), + new LanguageRange("kwv", 1.0), + new LanguageRange("kwq", 1.0), + new LanguageRange("yam", 1.0), + new LanguageRange("kxe", 1.0), + new LanguageRange("tvd", 1.0), + new LanguageRange("lii", 1.0), + new LanguageRange("raq", 1.0), + new LanguageRange("lmm", 1.0), + new LanguageRange("rmx", 1.0), + new LanguageRange("lsn", 1.0), + new LanguageRange("lsv", 1.0), + new LanguageRange("lvi", 1.0), + new LanguageRange("mtm", 1.0), + new LanguageRange("ymt", 1.0), + new LanguageRange("ngv", 1.0), + new LanguageRange("nnx", 1.0), + new LanguageRange("nns", 1.0), + new LanguageRange("nbr", 1.0), + new LanguageRange("oyb", 1.0), + new LanguageRange("thx", 1.0), + new LanguageRange("skk", 1.0), + new LanguageRange("jeg", 1.0), + new LanguageRange("phr", 1.0), + new LanguageRange("pmu", 1.0), + new LanguageRange("pnd", 1.0), + new LanguageRange("pub", 1.0), + new LanguageRange("puz", 1.0), + new LanguageRange("snz", 1.0), + new LanguageRange("asd", 1.0), + new LanguageRange("suj", 1.0), + new LanguageRange("szy", 1.0), + new LanguageRange("taj", 1.0), + new LanguageRange("tsf", 1.0), + new LanguageRange("tjj", 1.0), + new LanguageRange("tjp", 1.0), + new LanguageRange("tvx", 1.0), + new LanguageRange("uss", 1.0), + new LanguageRange("uth", 1.0), + new LanguageRange("wkr", 0.9), + new LanguageRange("ar-hyw", 0.8), + new LanguageRange("yug", 0.5), + new LanguageRange("yuu", 0.5), + new LanguageRange("gfx", 0.4), + new LanguageRange("oun", 0.4), + new LanguageRange("mwj", 0.4), + new LanguageRange("vaj", 0.4) + })); + public static void main(String[] args) { testLanguageRange(); testLocale(); @@ -66,70 +147,15 @@ private static void test_parse() { boolean error = false; - String str = "Accept-Language: aam, adp, aue, bcg, cqu, ema," - + " en-gb-oed, gti, kdz, koj, kwq, kxe, lii, lmm, mtm, ngv," - + " oyb, phr, pub, suj, taj;q=0.9, ar-hyw;q=0.8, yug;q=0.5, gfx;q=0.4"; - ArrayList<LanguageRange> expected = new ArrayList<>(); - expected.add(new LanguageRange("aam", 1.0)); - expected.add(new LanguageRange("aas", 1.0)); - expected.add(new LanguageRange("adp", 1.0)); - expected.add(new LanguageRange("dz", 1.0)); - expected.add(new LanguageRange("aue", 1.0)); - expected.add(new LanguageRange("ktz", 1.0)); - expected.add(new LanguageRange("bcg", 1.0)); - expected.add(new LanguageRange("bgm", 1.0)); - expected.add(new LanguageRange("cqu", 1.0)); - expected.add(new LanguageRange("quh", 1.0)); - expected.add(new LanguageRange("ema", 1.0)); - expected.add(new LanguageRange("uok", 1.0)); - expected.add(new LanguageRange("en-gb-oed", 1.0)); - expected.add(new LanguageRange("en-gb-oxendict", 1.0)); - expected.add(new LanguageRange("gti", 1.0)); - expected.add(new LanguageRange("nyc", 1.0)); - expected.add(new LanguageRange("kdz", 1.0)); - expected.add(new LanguageRange("ncp", 1.0)); - expected.add(new LanguageRange("koj", 1.0)); - expected.add(new LanguageRange("kwv", 1.0)); - expected.add(new LanguageRange("kwq", 1.0)); - expected.add(new LanguageRange("yam", 1.0)); - expected.add(new LanguageRange("kxe", 1.0)); - expected.add(new LanguageRange("tvd", 1.0)); - expected.add(new LanguageRange("lii", 1.0)); - expected.add(new LanguageRange("raq", 1.0)); - expected.add(new LanguageRange("lmm", 1.0)); - expected.add(new LanguageRange("rmx", 1.0)); - expected.add(new LanguageRange("mtm", 1.0)); - expected.add(new LanguageRange("ymt", 1.0)); - expected.add(new LanguageRange("ngv", 1.0)); - expected.add(new LanguageRange("nnx", 1.0)); - expected.add(new LanguageRange("oyb", 1.0)); - expected.add(new LanguageRange("thx", 1.0)); - expected.add(new LanguageRange("skk", 1.0)); - expected.add(new LanguageRange("jeg", 1.0)); - expected.add(new LanguageRange("phr", 1.0)); - expected.add(new LanguageRange("pmu", 1.0)); - expected.add(new LanguageRange("pub", 1.0)); - expected.add(new LanguageRange("puz", 1.0)); - expected.add(new LanguageRange("suj", 1.0)); - expected.add(new LanguageRange("xsj", 1.0)); - expected.add(new LanguageRange("taj", 0.9)); - expected.add(new LanguageRange("tsf", 0.9)); - expected.add(new LanguageRange("ar-hyw", 0.8)); - expected.add(new LanguageRange("yug", 0.5)); - expected.add(new LanguageRange("yuu", 0.5)); - expected.add(new LanguageRange("gfx", 0.4)); - expected.add(new LanguageRange("oun", 0.4)); - expected.add(new LanguageRange("mwj", 0.4)); - expected.add(new LanguageRange("vaj", 0.4)); - List<LanguageRange> got = LanguageRange.parse(str); - if (!areEqual(expected, got)) { + List<LanguageRange> got = LanguageRange.parse(ACCEPT_LANGUAGE); + if (!areEqual(EXPECTED_RANGE_LIST, got)) { error = true; System.err.println(" language parse() test failed."); } if (error) { err = true; - System.err.println(" test_parse() failed."); + System.out.println(" test_parse() failed."); } else { System.out.println(" test_parse() passed."); } @@ -152,7 +178,7 @@ + ", weight=" + lr.getWeight()); } - System.out.println(" Actual size=" + actualSize); + System.err.println(" Actual size=" + actualSize); for (LanguageRange lr : got) { System.err.println(" range=" + lr.getRange() + ", weight=" + lr.getWeight()); @@ -351,11 +377,11 @@ String tags, String expectedTags, String actualTags) { - System.out.println("\nIncorrect " + methodName + " result."); - System.out.println(" Priority list : " + priorityList); - System.out.println(" Language tags : " + tags); - System.out.println(" Expected value : " + expectedTags); - System.out.println(" Actual value : " + actualTags); + System.err.println("\nIncorrect " + methodName + " result."); + System.err.println(" Priority list : " + priorityList); + System.err.println(" Language tags : " + tags); + System.err.println(" Expected value : " + expectedTags); + System.err.println(" Actual value : " + actualTags); } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/imageio/metadata/GetElementsByTagNameTest.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8167281 + * @summary Test verifies that Element.getElementsByTagName("*") is not empty + * for valid image. + * @run main GetElementsByTagNameTest + */ + +import java.awt.image.BufferedImage; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import javax.imageio.ImageIO; +import javax.imageio.ImageReader; +import javax.imageio.metadata.IIOMetadata; +import javax.imageio.metadata.IIOMetadataFormatImpl; +import javax.imageio.stream.ImageInputStream; +import javax.imageio.stream.MemoryCacheImageInputStream; +import org.w3c.dom.Element; + +public class GetElementsByTagNameTest { + + public static void main(String[] args) throws IOException { + // Generate some trivial image and save it to a temporary array + ByteArrayOutputStream tmp = new ByteArrayOutputStream(); + ImageIO.write(new BufferedImage(1, 1, BufferedImage.TYPE_INT_RGB), + "gif", tmp); + + // Read the stream + ImageInputStream in = new MemoryCacheImageInputStream( + new ByteArrayInputStream(tmp.toByteArray())); + ImageReader reader = ImageIO.getImageReaders(in).next(); + reader.setInput(in); + + // Retrieve standard image metadata tree + IIOMetadata meta = reader.getImageMetadata(0); + if (meta == null || !meta.isStandardMetadataFormatSupported()) { + throw new Error("Test failure: Missing metadata"); + } + Element root = (Element) meta. + getAsTree(IIOMetadataFormatImpl.standardMetadataFormatName); + + // Test getElementsByTagName("*") + if (root.getElementsByTagName("*").getLength() == 0) { + throw new RuntimeException("getElementsByTagName(\"*\") returns" + + " nothing"); + } + } +} +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/imageio/metadata/NthItemNodeListTest.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,77 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8167281 + * @summary Test verifies that accessing nth item in NodeList doesn't throw + * IndexOutOfBoundsException. + * @run main NthItemNodeListTest + */ + +import java.awt.image.BufferedImage; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import javax.imageio.ImageIO; +import javax.imageio.ImageReader; +import javax.imageio.metadata.IIOMetadata; +import javax.imageio.metadata.IIOMetadataFormatImpl; +import javax.imageio.stream.ImageInputStream; +import javax.imageio.stream.MemoryCacheImageInputStream; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +public class NthItemNodeListTest { + + public static void main(String[] args) throws IOException { + // Generate some trivial image and save it to a temporary array + ByteArrayOutputStream tmp = new ByteArrayOutputStream(); + ImageIO.write(new BufferedImage(1, 1, BufferedImage.TYPE_INT_RGB), + "gif", tmp); + + // Read it back in + ImageInputStream in = new MemoryCacheImageInputStream( + new ByteArrayInputStream(tmp.toByteArray())); + ImageReader reader = ImageIO.getImageReaders(in).next(); + reader.setInput(in); + + // Retrieve standard image metadata tree + IIOMetadata meta = reader.getImageMetadata(0); + if (meta == null || !meta.isStandardMetadataFormatSupported()) { + throw new Error("Test failure: Missing metadata"); + } + Element root = (Element) meta. + getAsTree(IIOMetadataFormatImpl.standardMetadataFormatName); + + NodeList nodeList = root. + getElementsByTagName(root.getFirstChild().getNodeName()); + /* + * Accessing the nth node should return null and not throw + * IndexOutOfBoundsException. + */ + Node n = (nodeList.item(nodeList.getLength())); + } +} +
--- a/test/javax/imageio/stream/StreamFlush.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/imageio/stream/StreamFlush.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,6 +34,8 @@ import java.io.File; import java.io.FileOutputStream; import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.imageio.ImageIO; import javax.imageio.stream.ImageOutputStream; @@ -44,14 +46,20 @@ ImageIO.setUseCache(true); // Create a FileImageOutputStream from a FileOutputStream - File temp1 = File.createTempFile("imageio", ".tmp"); - temp1.deleteOnExit(); - ImageOutputStream fios = ImageIO.createImageOutputStream(temp1); + File temp1 = File.createTempFile("StreamFlush_fis_", ".tmp"); + // Create a FileCacheImageOutputStream from a BufferedOutputStream + File temp2 = File.createTempFile("StreamFlush_bos_", ".tmp"); + try (ImageOutputStream fios = ImageIO.createImageOutputStream(temp1); + FileOutputStream fos2 = new FileOutputStream(temp2)) { + test(temp1, fios, temp2, fos2); + } finally { + Files.delete(Paths.get(temp1.getAbsolutePath())); + Files.delete(Paths.get(temp2.getAbsolutePath())); + } + } - // Create a FileCacheImageOutputStream from a BufferedOutputStream - File temp2 = File.createTempFile("imageio", ".tmp"); - temp2.deleteOnExit(); - FileOutputStream fos2 = new FileOutputStream(temp2); + private static void test(File temp1, ImageOutputStream fios, File temp2, + FileOutputStream fos2) throws IOException { BufferedOutputStream bos = new BufferedOutputStream(fos2); ImageOutputStream fcios1 = ImageIO.createImageOutputStream(bos);
--- a/test/javax/net/ssl/SSLEngine/Arrays.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/net/ssl/SSLEngine/Arrays.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,7 @@ * @test * @bug 5019096 * @summary Add scatter/gather APIs for SSLEngine + * @library /lib/security * @run main/othervm Arrays SSL * @run main/othervm Arrays TLS * @run main/othervm Arrays SSLv3 @@ -182,6 +183,14 @@ private static String contextVersion; public static void main(String args[]) throws Exception { contextVersion = args[0]; + // Re-enable context version if it is disabled. + // If context version is SSLv3, TLSv1 needs to be re-enabled. + if (contextVersion.equals("SSLv3")) { + SecurityUtils.removeFromDisabledTlsAlgs("TLSv1"); + } else if (contextVersion.equals("TLSv1") || + contextVersion.equals("TLSv1.1")) { + SecurityUtils.removeFromDisabledTlsAlgs(contextVersion); + } Arrays test;
--- a/test/javax/net/ssl/TLS/TLSClientPropertyTest.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/net/ssl/TLS/TLSClientPropertyTest.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /* * @test - * @bug 8049432 8069038 8234723 + * @bug 8049432 8069038 8234723 8202343 * @summary New tests for TLS property jdk.tls.client.protocols * @summary javax/net/ssl/TLS/TLSClientPropertyTest.java needs to be * updated for JDK-8061210 @@ -71,7 +71,7 @@ } contextProtocol = null; expectedDefaultProtos = new String[] { - "TLSv1", "TLSv1.1", "TLSv1.2" + "TLSv1.2" }; break; case "SSLv3": @@ -82,26 +82,24 @@ case "TLSv1": contextProtocol = "TLSv1"; expectedDefaultProtos = new String[] { - "TLSv1" }; break; case "TLSv11": contextProtocol = "TLSv1.1"; expectedDefaultProtos = new String[] { - "TLSv1", "TLSv1.1" }; break; case "TLSv12": case "TLS": contextProtocol = "TLSv1.2"; expectedDefaultProtos = new String[] { - "TLSv1", "TLSv1.1", "TLSv1.2" + "TLSv1.2" }; break; case "TLSv13": contextProtocol = "TLSv1.3"; expectedDefaultProtos = new String[] { - "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" + "TLSv1.2", "TLSv1.3" }; break; case "WrongProperty":
--- a/test/javax/net/ssl/TLSv11/GenericBlockCipher.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/net/ssl/TLSv11/GenericBlockCipher.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,6 +27,7 @@ * @test * @bug 4873188 * @summary Support TLS 1.1 + * @library /lib/security * @run main/othervm GenericBlockCipher * * SunJSSE does not support dynamic system properties, no way to re-use @@ -160,6 +161,9 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // Re-enable TLSv1.1 since test depends on it. + SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); + String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + "/" + keyStoreFile;
--- a/test/javax/net/ssl/sanity/ciphersuites/CipherSuitesInOrder.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/net/ssl/sanity/ciphersuites/CipherSuitesInOrder.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,21 +28,21 @@ /* * @test - * @bug 7174244 - * @summary NPE in Krb5ProxyImpl.getServerKeys() - * @ignore the dependent implementation details are changed + * @bug 7174244 8234728 + * @summary Test for ciphersuites order * @run main/othervm CipherSuitesInOrder */ import java.util.*; import javax.net.ssl.*; -import java.security.Security; public class CipherSuitesInOrder { - // supported ciphersuites - private final static List<String> supportedCipherSuites = - Arrays.<String>asList( + // Supported ciphersuites + private final static List<String> supportedCipherSuites + = Arrays.<String>asList( + "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", @@ -152,19 +152,19 @@ ); private final static String[] protocols = { - "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" + "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" }; public static void main(String[] args) throws Exception { // show all of the supported cipher suites showSuites(supportedCipherSuites.toArray(new String[0]), - "All supported cipher suites"); + "All supported cipher suites"); for (String protocol : protocols) { System.out.println("//"); - System.out.println("// " + - "Testing for SSLContext of " + protocol); + System.out.println("// " + + "Testing for SSLContext of " + protocol); System.out.println("//"); checkForProtocols(protocol); } @@ -189,7 +189,6 @@ checkSuites(parameters.getCipherSuites(), "Supported cipher suites in SSLContext"); - // // Check the cipher suites order of SSLEngine // @@ -209,34 +208,34 @@ // Check the cipher suites order of SSLSocket // SSLSocketFactory factory = context.getSocketFactory(); - try (SSLSocket socket = (SSLSocket)factory.createSocket()) { + try (SSLSocket socket = (SSLSocket) factory.createSocket()) { // check the order of endabled cipher suites ciphers = socket.getEnabledCipherSuites(); checkSuites(ciphers, - "Enabled cipher suites in SSLSocket"); + "Enabled cipher suites in SSLSocket"); // check the order of supported cipher suites ciphers = socket.getSupportedCipherSuites(); checkSuites(ciphers, - "Supported cipher suites in SSLSocket"); + "Supported cipher suites in SSLSocket"); } // // Check the cipher suites order of SSLServerSocket // SSLServerSocketFactory serverFactory = context.getServerSocketFactory(); - try (SSLServerSocket serverSocket = - (SSLServerSocket)serverFactory.createServerSocket()) { + try (SSLServerSocket serverSocket + = (SSLServerSocket) serverFactory.createServerSocket()) { // check the order of endabled cipher suites ciphers = serverSocket.getEnabledCipherSuites(); checkSuites(ciphers, - "Enabled cipher suites in SSLServerSocket"); + "Enabled cipher suites in SSLServerSocket"); // check the order of supported cipher suites ciphers = serverSocket.getSupportedCipherSuites(); checkSuites(ciphers, - "Supported cipher suites in SSLServerSocket"); + "Supported cipher suites in SSLServerSocket"); } } @@ -250,7 +249,6 @@ if (index <= loc) { throw new RuntimeException(suite + " is not in order"); } - loc = index; } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,150 @@ +/* + * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +import java.util.Arrays; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLSocket; + +/* + * @test + * @bug 8234728 + * @library /javax/net/ssl/templates + * /javax/net/ssl/TLSCommon + * /lib/security + * @summary Test TLS ciphersuites order set through System properties + * @run main/othervm + * -Djdk.tls.client.cipherSuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384 + * -Djdk.tls.server.cipherSuites=TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256 + * -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3" + * SystemPropCipherSuitesOrder TLSv1.3 + * @run main/othervm + * -Djdk.tls.client.cipherSuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384 + * -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3" + * SystemPropCipherSuitesOrder TLSv1.3 + * @run main/othervm + * -Djdk.tls.server.cipherSuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384 + * -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3" + * SystemPropCipherSuitesOrder TLSv1.3 + * @run main/othervm + * -Djdk.tls.client.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + * -Djdk.tls.server.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + * SystemPropCipherSuitesOrder TLSv1.2 + * @run main/othervm + * -Djdk.tls.client.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + * SystemPropCipherSuitesOrder TLSv1.2 + * @run main/othervm + * -Djdk.tls.server.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + * SystemPropCipherSuitesOrder TLSv1.2 + * @run main/othervm + * -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA + * -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA + * SystemPropCipherSuitesOrder TLSv1.1 + * @run main/othervm + * -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA + * SystemPropCipherSuitesOrder TLSv1.1 + * @run main/othervm + * -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA + * SystemPropCipherSuitesOrder TLSv1.1 + * @run main/othervm + * -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA + * -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA + * SystemPropCipherSuitesOrder TLSv1 + * @run main/othervm + * -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA + * SystemPropCipherSuitesOrder TLSv1 + * @run main/othervm + * -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA + * SystemPropCipherSuitesOrder TLSv1 + */ +public class SystemPropCipherSuitesOrder extends SSLSocketTemplate { + + private final String protocol; + private static String[] servercipherSuites; + private static String[] clientcipherSuites; + + public static void main(String[] args) { + servercipherSuites + = toArray(System.getProperty("jdk.tls.server.cipherSuites")); + clientcipherSuites + = toArray(System.getProperty("jdk.tls.client.cipherSuites")); + System.out.printf("SYSTEM PROPERTIES: ServerProp:%s - ClientProp:%s%n", + Arrays.deepToString(servercipherSuites), + Arrays.deepToString(clientcipherSuites)); + + try { + new SystemPropCipherSuitesOrder(args[0]).run(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + private SystemPropCipherSuitesOrder(String protocol) { + this.protocol = protocol; + // Re-enable protocol if disabled. + if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) { + SecurityUtils.removeFromDisabledTlsAlgs(protocol); + } + } + + // Servers are configured before clients, increment test case after. + @Override + protected void configureClientSocket(SSLSocket socket) { + socket.setEnabledProtocols(new String[]{protocol}); + } + + @Override + protected void configureServerSocket(SSLServerSocket serverSocket) { + serverSocket.setEnabledProtocols(new String[]{protocol}); + } + + protected void runServerApplication(SSLSocket socket) throws Exception { + if (servercipherSuites != null) { + System.out.printf("SERVER: SystemProperty:%s - " + + "getEnabledCipherSuites:%s%n", + Arrays.deepToString(servercipherSuites), + Arrays.deepToString(socket.getEnabledCipherSuites())); + } + if (servercipherSuites != null && !Arrays.equals( + servercipherSuites, socket.getEnabledCipherSuites())) { + throw new RuntimeException("Unmatched server side CipherSuite order"); + } + super.runServerApplication(socket); + } + + protected void runClientApplication(SSLSocket socket) throws Exception { + if (clientcipherSuites != null) { + System.out.printf("CLIENT: SystemProperty:%s - " + + "getEnabledCipherSuites:%s%n", + Arrays.deepToString(clientcipherSuites), + Arrays.deepToString(socket.getEnabledCipherSuites())); + } + if (clientcipherSuites != null && !Arrays.equals(clientcipherSuites, + socket.getEnabledCipherSuites())) { + throw new RuntimeException("Unmatched client side CipherSuite order"); + } + super.runClientApplication(socket); + } + + private static String[] toArray(String prop) { + return (prop != null) ? prop.split(",") : null; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,189 @@ +/* + * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +import java.util.Arrays; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLSocket; + +/* + * @test + * @bug 8234728 + * @library /javax/net/ssl/templates + * /javax/net/ssl/TLSCommon + * /lib/security + * @summary Test TLS ciphersuites order. + * Parameter order: <protocol> <client cipher order> <server cipher order> + * @run main/othervm TLSCipherSuitesOrder TLSv13 ORDERED default + * @run main/othervm TLSCipherSuitesOrder TLSv13 UNORDERED default + * @run main/othervm TLSCipherSuitesOrder TLSv13 UNORDERED UNORDERED + * @run main/othervm TLSCipherSuitesOrder TLSv13 ORDERED ORDERED + * @run main/othervm TLSCipherSuitesOrder TLSv12 ORDERED default + * @run main/othervm TLSCipherSuitesOrder TLSv12 UNORDERED default + * @run main/othervm TLSCipherSuitesOrder TLSv12 UNORDERED UNORDERED + * @run main/othervm TLSCipherSuitesOrder TLSv12 ORDERED ORDERED + * @run main/othervm TLSCipherSuitesOrder TLSv11 ORDERED default + * @run main/othervm TLSCipherSuitesOrder TLSv11 UNORDERED default + * @run main/othervm TLSCipherSuitesOrder TLSv11 UNORDERED UNORDERED + * @run main/othervm TLSCipherSuitesOrder TLSv11 ORDERED ORDERED + * @run main/othervm TLSCipherSuitesOrder TLSv1 ORDERED default + * @run main/othervm TLSCipherSuitesOrder TLSv1 UNORDERED default + * @run main/othervm TLSCipherSuitesOrder TLSv1 UNORDERED UNORDERED + * @run main/othervm TLSCipherSuitesOrder TLSv1 ORDERED ORDERED + */ +public class TLSCipherSuitesOrder extends SSLSocketTemplate { + + private final String protocol; + private final String[] servercipherSuites; + private final String[] clientcipherSuites; + + public static void main(String[] args) { + PROTOCOL protocol = PROTOCOL.valueOf(args[0]); + try { + new TLSCipherSuitesOrder(protocol.getProtocol(), + protocol.getCipherSuite(args[1]), + protocol.getCipherSuite(args[2])).run(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + private TLSCipherSuitesOrder(String protocol, String[] clientcipherSuites, + String[] servercipherSuites) { + // Re-enable protocol if it is disabled. + if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) { + SecurityUtils.removeFromDisabledTlsAlgs(protocol); + } + this.protocol = protocol; + this.clientcipherSuites = clientcipherSuites; + this.servercipherSuites = servercipherSuites; + } + + // Servers are configured before clients, increment test case after. + @Override + protected void configureClientSocket(SSLSocket socket) { + socket.setEnabledProtocols(new String[]{protocol}); + if (clientcipherSuites != null) { + socket.setEnabledCipherSuites(clientcipherSuites); + } + } + + @Override + protected void configureServerSocket(SSLServerSocket serverSocket) { + serverSocket.setEnabledProtocols(new String[]{protocol}); + if (servercipherSuites != null) { + serverSocket.setEnabledCipherSuites(servercipherSuites); + } + } + + protected void runServerApplication(SSLSocket socket) throws Exception { + if (servercipherSuites != null) { + System.out.printf("SERVER: setEnabledCipherSuites:%s - " + + "getEnabledCipherSuites:%s%n", + Arrays.deepToString(servercipherSuites), + Arrays.deepToString(socket.getEnabledCipherSuites())); + } + if (servercipherSuites != null && !Arrays.equals(servercipherSuites, + socket.getEnabledCipherSuites())) { + throw new RuntimeException("Unmatched server side CipherSuite order"); + } + super.runServerApplication(socket); + } + + protected void runClientApplication(SSLSocket socket) throws Exception { + if (clientcipherSuites != null) { + System.out.printf("CLIENT: setEnabledCipherSuites:%s - " + + "getEnabledCipherSuites:%s%n", + Arrays.deepToString(clientcipherSuites), + Arrays.deepToString(socket.getEnabledCipherSuites())); + } + if (clientcipherSuites != null && !Arrays.equals( + clientcipherSuites, socket.getEnabledCipherSuites())) { + throw new RuntimeException("Unmatched client side CipherSuite order"); + } + super.runClientApplication(socket); + } + + enum PROTOCOL { + TLSv13("TLSv1.3", + new String[]{ + "TLS_AES_256_GCM_SHA384", + "TLS_AES_128_GCM_SHA256"}, + new String[]{ + "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384"}), + TLSv12("TLSv1.2", + new String[]{ + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}, + new String[]{ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}), + TLSv11("TLSv1.1", + new String[]{ + "TLS_RSA_WITH_AES_256_CBC_SHA", + "TLS_RSA_WITH_AES_128_CBC_SHA"}, + new String[]{ + "TLS_RSA_WITH_AES_128_CBC_SHA", + "TLS_RSA_WITH_AES_256_CBC_SHA"}), + TLSv1("TLSv1", + new String[]{ + "TLS_RSA_WITH_AES_256_CBC_SHA", + "TLS_RSA_WITH_AES_128_CBC_SHA"}, + new String[]{ + "TLS_RSA_WITH_AES_128_CBC_SHA", + "TLS_RSA_WITH_AES_256_CBC_SHA"}); + + String protocol; + String[] orderedCiphers; + String[] unOrderedCiphers; + + private PROTOCOL(String protocol, String[] orderedCiphers, + String[] unOrderedCiphers) { + this.protocol = protocol; + this.orderedCiphers = orderedCiphers; + this.unOrderedCiphers = unOrderedCiphers; + } + + public String getProtocol() { + return protocol; + } + + public String[] getOrderedCiphers() { + return orderedCiphers; + } + + public String[] getUnOrderedCiphers() { + return unOrderedCiphers; + } + + public String[] getCipherSuite(String order) { + switch (order) { + case "ORDERED": + return getOrderedCiphers(); + case "UNORDERED": + return getUnOrderedCiphers(); + default: + return null; + } + } + } +}
--- a/test/javax/net/ssl/templates/SSLSocketTemplate.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/net/ssl/templates/SSLSocketTemplate.java Mon Apr 19 04:23:30 2021 +0100 @@ -188,10 +188,15 @@ } /* + * Configure the client side socket. + */ + protected void configureClientSocket(SSLSocket socket) { + } + + /* * Configure the server side socket. */ protected void configureServerSocket(SSLServerSocket socket) { - } /* @@ -316,6 +321,7 @@ try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket()) { try { + configureClientSocket(sslSocket); sslSocket.connect( new InetSocketAddress("localhost", serverPort), 15000); } catch (IOException ioe) {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/GetInputStream.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/GetInputStream.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,7 +26,9 @@ import java.io.File; import java.io.FileOutputStream; -import java.io.IOException; +import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -52,13 +54,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception { @@ -74,7 +76,9 @@ buff = new ModelByteBuffer(test_byte_array); byte[] b = new byte[test_byte_array.length]; - buff.getInputStream().read(b); + try (InputStream is = buff.getInputStream()) { + is.read(b); + } for (int j = 0; j < b.length; j++) if(b[i] != test_byte_array[i]) throw new RuntimeException("Byte array compare fails!");
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/GetRoot.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/GetRoot.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,8 @@ import java.io.File; import java.io.FileOutputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -51,13 +53,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/Load.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/Load.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,7 +26,8 @@ import java.io.File; import java.io.FileOutputStream; -import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -52,13 +53,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/LoadAll.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/LoadAll.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,7 +26,8 @@ import java.io.File; import java.io.FileOutputStream; -import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Paths; import java.util.ArrayList; import java.util.List; @@ -54,13 +55,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferByteArray.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferByteArray.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,8 @@ import java.io.File; import java.io.FileOutputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -51,13 +53,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferByteArrayIntInt.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferByteArrayIntInt.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,8 @@ import java.io.File; import java.io.FileOutputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -51,13 +53,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferFile.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferFile.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,8 @@ import java.io.File; import java.io.FileOutputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -51,13 +53,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferFileLongLong.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferFileLongLong.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,8 @@ import java.io.File; import java.io.FileOutputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -51,13 +53,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Available.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Available.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,8 +26,9 @@ import java.io.File; import java.io.FileOutputStream; -import java.io.IOException; import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -53,13 +54,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Close.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Close.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,8 +26,9 @@ import java.io.File; import java.io.FileOutputStream; -import java.io.IOException; import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -53,13 +54,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/MarkReset.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/MarkReset.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,8 +26,9 @@ import java.io.File; import java.io.FileOutputStream; -import java.io.IOException; import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -53,13 +54,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/MarkSupported.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/MarkSupported.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,8 +26,9 @@ import java.io.File; import java.io.FileOutputStream; -import java.io.IOException; import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -53,13 +54,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Read.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Read.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,8 +26,9 @@ import java.io.File; import java.io.FileOutputStream; -import java.io.IOException; import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -53,13 +54,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/ReadByte.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/ReadByte.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,8 +26,9 @@ import java.io.File; import java.io.FileOutputStream; -import java.io.IOException; import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -53,13 +54,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/ReadByteIntInt.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/ReadByteIntInt.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,8 +26,9 @@ import java.io.File; import java.io.FileOutputStream; -import java.io.IOException; import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -53,13 +54,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Skip.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Skip.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,8 +26,9 @@ import java.io.File; import java.io.FileOutputStream; -import java.io.IOException; import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -53,13 +54,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/SubbufferLong.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/SubbufferLong.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,8 @@ import java.io.File; import java.io.FileOutputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -51,13 +53,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/SubbufferLongLong.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/SubbufferLongLong.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,8 @@ import java.io.File; import java.io.FileOutputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -51,13 +53,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/SubbufferLongLongBoolean.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/SubbufferLongLongBoolean.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,8 @@ import java.io.File; import java.io.FileOutputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -51,13 +53,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/Unload.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/Unload.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,7 +26,8 @@ import java.io.File; import java.io.FileOutputStream; -import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -52,13 +53,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/WriteTo.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/WriteTo.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,7 +27,9 @@ import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileOutputStream; -import java.io.IOException; +import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -53,13 +55,13 @@ test_byte_array = new byte[testarray.length*2]; AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(test_byte_array); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(test_byte_array); + } } static void tearDown() throws Exception { - if(!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBufferWavetable/OpenStream.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/Gervill/ModelByteBufferWavetable/OpenStream.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,6 +28,8 @@ import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileOutputStream; +import java.nio.file.Files; +import java.nio.file.Paths; import javax.sound.sampled.*; @@ -97,16 +99,15 @@ buffer_wave = new ModelByteBuffer(baos.toByteArray()); test_file = File.createTempFile("test", ".raw"); - FileOutputStream fos = new FileOutputStream(test_file); - fos.write(baos.toByteArray()); - fos.close(); + try (FileOutputStream fos = new FileOutputStream(test_file)) { + fos.write(baos.toByteArray()); + } buffer_wave_ondisk = new ModelByteBuffer(test_file); } static void tearDown() throws Exception { - if (!test_file.delete()) - test_file.deleteOnExit(); + Files.delete(Paths.get(test_file.getAbsolutePath())); } public static void testOpenStream(ModelByteBufferWavetable wavetable)
--- a/test/javax/sound/midi/MidiSystem/DefaultDevices.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/MidiSystem/DefaultDevices.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -39,7 +39,6 @@ * @bug 4776511 * @bug 4934509 * @bug 4938236 - * @modules java.desktop/com.sun.media.sound * @run main/timeout=600 DefaultDevices * @summary RFE: Setting the default MixerProvider */
--- a/test/javax/sound/midi/MidiSystem/DefaultProperties.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/MidiSystem/DefaultProperties.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,7 +31,6 @@ * @summary RFE: Setting the default MixerProvider. Test the retrieving and * parsing of properties. This is a part of the test for 4776511. * @run main/othervm DefaultProperties - * @modules java.desktop/com.sun.media.sound */ public class DefaultProperties {
--- a/test/javax/sound/midi/MidiSystem/ProviderCacheing.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/midi/MidiSystem/ProviderCacheing.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,7 +30,6 @@ * @bug 4776511 * @summary RFE: Setting the default MixerProvider. Test the cacheing of * providers. This is a part of the test for 4776511. - * @modules java.desktop/com.sun.media.sound */ public class ProviderCacheing {
--- a/test/javax/sound/midi/MidiSystem/testdata/lib/conf/sound.properties Fri Feb 05 20:19:32 2021 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,27 +0,0 @@ -# -# Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - -javax.sound.midi.Receiver=xyz#123 -javax.sound.midi.Transmitter=xyz#123 -javax.sound.midi.Sequencer=xyz#123 -javax.sound.midi.Synthesizer=xyz#123
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/sound/midi/MidiSystem/testdata/lib/sound.properties Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,27 @@ +# +# Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +javax.sound.midi.Receiver=xyz#123 +javax.sound.midi.Transmitter=xyz#123 +javax.sound.midi.Sequencer=xyz#123 +javax.sound.midi.Synthesizer=xyz#123
--- a/test/javax/sound/sampled/AudioSystem/DefaultMixers.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/sampled/AudioSystem/DefaultMixers.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,7 +41,6 @@ * @bug 4776511 * @summary RFE: Setting the default MixerProvider. Test the retrieving of lines * with defaut mixer properties. - * @modules java.desktop/com.sun.media.sound */ public class DefaultMixers {
--- a/test/javax/sound/sampled/AudioSystem/DefaultProperties.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/sampled/AudioSystem/DefaultProperties.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,7 +32,6 @@ * @run main/othervm DefaultProperties * @summary RFE: Setting the default MixerProvider. Test the retrieving and * parsing of properties. - * @modules java.desktop/com.sun.media.sound */ public class DefaultProperties {
--- a/test/javax/sound/sampled/AudioSystem/ProviderCacheing.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/sound/sampled/AudioSystem/ProviderCacheing.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,7 +29,6 @@ * @bug 4776511 * @summary RFE: Setting the default MixerProvider. Test the cacheing of * providers. - * @modules java.desktop/com.sun.media.sound */ public class ProviderCacheing {
--- a/test/javax/sound/sampled/AudioSystem/testdata/lib/conf/sound.properties Fri Feb 05 20:19:32 2021 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,27 +0,0 @@ -# -# Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - -javax.sound.sampled.SourceDataLine=xyz#123 -javax.sound.sampled.TargetDataLine=xyz#123 -javax.sound.sampled.Clip=xyz#123 -javax.sound.sampled.Port=xyz#123
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/sound/sampled/AudioSystem/testdata/lib/sound.properties Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,27 @@ +# +# Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +javax.sound.sampled.SourceDataLine=xyz#123 +javax.sound.sampled.TargetDataLine=xyz#123 +javax.sound.sampled.Clip=xyz#123 +javax.sound.sampled.Port=xyz#123
--- a/test/javax/swing/JComboBox/6632953/bug6632953.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/javax/swing/JComboBox/6632953/bug6632953.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015 Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,23 +22,39 @@ */ /* @test - * @bug 6632953 + * @bug 6632953 8078614 * @summary MetalComboBoxUI.getBaseline(JComponent, int, int) throws IAE for valid width/height * @author Alexander Potochkin */ - import javax.swing.JComboBox; +import javax.swing.SwingUtilities; +import javax.swing.UIManager; import javax.swing.plaf.metal.MetalComboBoxUI; public class bug6632953 { public static void main(String... args) throws Exception { - MetalComboBoxUI ui = new MetalComboBoxUI(); - ui.installUI(new JComboBox()); - ui.getBaseline(new JComboBox(), 0, 0); - ui.getBaseline(new JComboBox(), 1, 1); - ui.getBaseline(new JComboBox(), 2, 2); - ui.getBaseline(new JComboBox(), 3, 3); - ui.getBaseline(new JComboBox(), 4, 4); + SwingUtilities.invokeAndWait(new Runnable() { + + @Override + public void run() { + + for (UIManager.LookAndFeelInfo lafInfo + : UIManager.getInstalledLookAndFeels()) { + try { + UIManager.setLookAndFeel(lafInfo.getClassName()); + } catch (Exception e) { + throw new RuntimeException(e); + } + MetalComboBoxUI ui = new MetalComboBoxUI(); + ui.installUI(new JComboBox()); + ui.getBaseline(new JComboBox(), 0, 0); + ui.getBaseline(new JComboBox(), 1, 1); + ui.getBaseline(new JComboBox(), 2, 2); + ui.getBaseline(new JComboBox(), 3, 3); + ui.getBaseline(new JComboBox(), 4, 4); + } + } + }); } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/swing/JFrame/8255880/RepaintOnFrameIconifiedStateChangeTest.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,192 @@ +/* + * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* @test + @bug 8255880 + @key headful + @summary Swing components, whose internal state changed while a frame was + iconified, are not redrawn after the frame becomes deiconified. + */ + +import java.awt.AWTException; +import java.awt.Container; +import java.awt.Dimension; +import java.awt.FlowLayout; +import java.awt.Graphics; +import java.awt.Robot; +import java.awt.Toolkit; +import java.lang.reflect.InvocationTargetException; +import javax.swing.JButton; +import javax.swing.JComponent; +import javax.swing.JFrame; +import javax.swing.JLabel; +import javax.swing.SwingUtilities; +import javax.swing.UIManager; +import javax.swing.UnsupportedLookAndFeelException; +import javax.swing.plaf.metal.MetalLookAndFeel; + +public class RepaintOnFrameIconifiedStateChangeTest { + private static final String[][] strsForComps = new String[][] { + {"JLabel AAA", "JLabel BBB"}, + {"JButton AAA", "JButton BBB"}}; + private static final int lblIndex = 0; + private static final int btnIndex = 1; + + private static volatile JFrame frame; + private static volatile JLabel label; + private static volatile JButton button; + private static volatile JComponent[] comps = new JComponent[2]; + private static volatile boolean[] compRedrawn = new boolean[2]; + private static volatile boolean compRedrawnFlagCanBeSet = false; + + public static void main(String[] args) { + Toolkit toolkit = Toolkit.getDefaultToolkit(); + if (!toolkit.isFrameStateSupported(JFrame.ICONIFIED) || + !toolkit.isFrameStateSupported(JFrame.NORMAL)) { + System.out.println("ICONIFIED or NORMAL frame states are not" + + "supported by a toolkit."); + return; + } + + try { + SwingUtilities.invokeAndWait(new Runnable() { + @Override + public void run() { + System.out.println("Creating GUI..."); + createGUI(); + } + }); + Robot robot = new Robot(); + robot.delay(2000); + + SwingUtilities.invokeAndWait(new Runnable() { + @Override + public void run() { + System.out.println("Minimizing the frame..."); + frame.setExtendedState(JFrame.ICONIFIED); + } + }); + robot.delay(2000); + + SwingUtilities.invokeAndWait(new Runnable() { + @Override + public void run() { + System.out.println("Changing states of components..."); + label.setText(strsForComps[lblIndex][1]); + button.setText(strsForComps[btnIndex][1]); + } + }); + robot.delay(2000); + + SwingUtilities.invokeAndWait(new Runnable() { + @Override + public void run() { + System.out.println("Restoring the frame..."); + for (int i = 0; i < compRedrawn.length; i++) { + compRedrawn[i] = false; + } + compRedrawnFlagCanBeSet = true; + + frame.setExtendedState(JFrame.NORMAL); + frame.toFront(); + } + }); + robot.delay(2000); + + int notRedrawnCompsCount = 0; + for (int i = 0; i < compRedrawn.length; i++) { + if (!compRedrawn[i]) { + notRedrawnCompsCount++; + System.out.println(String.format( + "Not redrawn component #%d: '%s'", i, comps[i])); + } + } + if (notRedrawnCompsCount > 0) { + throw new RuntimeException(String.format( + "'%d' components were not redrawn.", + notRedrawnCompsCount)); + } + System.out.println("Test passed."); + } catch (InterruptedException | InvocationTargetException | + AWTException e) { + throw new RuntimeException(e); + } finally { + try { + SwingUtilities.invokeAndWait(new Runnable() { + @Override + public void run() { + if (frame != null) { + frame.dispose(); + frame = null; + } + } + }); + } catch (InterruptedException | InvocationTargetException e) { + throw new RuntimeException(e); + } + } + } + + private static void createGUI() { + if (!(UIManager.getLookAndFeel() instanceof MetalLookAndFeel)) { + try { + UIManager.setLookAndFeel(new MetalLookAndFeel()); + } catch (UnsupportedLookAndFeelException ulafe) { + throw new RuntimeException(ulafe); + } + } + + frame = new JFrame("RepaintOnFrameIconifiedStateChangeTest"); + frame.setDefaultCloseOperation(JFrame.DISPOSE_ON_CLOSE); + Container content = frame.getContentPane(); + content.setLayout(new FlowLayout()); + + comps[lblIndex] = label = new JLabel(strsForComps[lblIndex][0]) { + @Override + public void paint(Graphics g) { + super.paint(g); + if (compRedrawnFlagCanBeSet) { + compRedrawn[lblIndex] = true; + } + } + }; + label.setPreferredSize(new Dimension(150, 50)); + content.add(label); + + comps[btnIndex] = button = new JButton(strsForComps[btnIndex][0]) { + @Override + public void paint(Graphics g) { + super.paint(g); + if (compRedrawnFlagCanBeSet) { + compRedrawn[btnIndex] = true; + } + } + }; + button.setPreferredSize(new Dimension(200, 50)); + button.setFocusable(false); + content.add(button); + + frame.pack(); + frame.setVisible(true); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/swing/JMenu/JMenuSelectedColorTest.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,206 @@ +/* + * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @requires (os.family == "linux") + * @key headful + * @bug 8248637 + * @summary Tests selected JMenu and JMenuitem is properly highlighted in GTKL&F + * with gtk3 version + * @run main/othervm -Djdk.gtk.version=3 JMenuSelectedColorTest + */ + +import javax.swing.JFrame; +import javax.swing.JMenu; +import javax.swing.JMenuBar; +import javax.swing.JMenuItem; +import javax.swing.JPanel; +import javax.swing.SwingUtilities; +import javax.swing.UIManager; +import javax.swing.UnsupportedLookAndFeelException; +import java.awt.BorderLayout; +import java.awt.Color; +import java.awt.Component; +import java.awt.FlowLayout; +import java.awt.Point; +import java.awt.Rectangle; +import java.awt.Robot; +import java.awt.event.InputEvent; + +public class JMenuSelectedColorTest { + private static JFrame frame; + private static JMenu menu; + private static JMenuItem menuitem; + private static Point point; + private static Rectangle rect; + private static Robot robot; + private static final String GTK_LAF_CLASS = "GTKLookAndFeel"; + private static int minColorDifference = 100; + + private static void blockTillDisplayed(Component comp) { + Point p = null; + while (p == null) { + try { + p = comp.getLocationOnScreen(); + } catch (IllegalStateException e) { + try { + Thread.sleep(500); + } catch (InterruptedException ie) { + } + } + } + } + + private static int getMaxColorDiff(Color c1, Color c2) { + return Math.max(Math.abs(c1.getRed() - c2.getRed()), + Math.max(Math.abs(c1.getGreen() - c2.getGreen()), + Math.abs(c1.getBlue() - c2.getBlue()))); + } + + public static void main(String[] args) throws Exception { + if (!System.getProperty("os.name").startsWith("Linux")) { + System.out.println("This test is meant for Linux platform only"); + return; + } + + for (UIManager.LookAndFeelInfo lookAndFeelInfo : + UIManager.getInstalledLookAndFeels()) { + if (lookAndFeelInfo.getClassName().contains(GTK_LAF_CLASS)) { + try { + UIManager.setLookAndFeel(lookAndFeelInfo.getClassName()); + } catch (final UnsupportedLookAndFeelException ignored) { + System.out.println("GTK L&F could not be set, so this " + + "test can not be run in this scenario "); + return; + } + } + } + + robot = new Robot(); + robot.setAutoDelay(100); + + try { + SwingUtilities.invokeAndWait(new Runnable() { + public void run() { + menu = new JMenu(" ") ; + menuitem = new JMenuItem(" "); + menu.add(menuitem); + + JPanel panel = new JPanel(); + panel.setLayout(new BorderLayout()); + + JMenuBar menuBar = new JMenuBar(); + JPanel menuPanel = new JPanel(); + + menuPanel.setLayout(new FlowLayout()); + + menuBar.add(menu); + menuPanel.add(menuBar); + panel.add(menuPanel, BorderLayout.CENTER); + frame = new JFrame("JMenuSelectedColor"); + frame.add(panel); + frame.setSize(200, 200); + frame.setAlwaysOnTop(true); + frame.setLocationRelativeTo(null); + frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); + frame.setVisible(true); + } + }); + + robot.waitForIdle(); + robot.delay(500); + + blockTillDisplayed(menu); + SwingUtilities.invokeAndWait(() -> { + point = menu.getLocationOnScreen(); + rect = menu.getBounds(); + }); + robot.waitForIdle(); + robot.delay(500); + + Color backgroundColor = robot + .getPixelColor(point.x+rect.width/2, point.y+rect.height/2); + robot.waitForIdle(); + robot.delay(500); + + menu.setSelected(true); + robot.waitForIdle(); + robot.delay(500); + + Color highlightColor = robot + .getPixelColor(point.x+rect.width/2, point.y+rect.height/2); + robot.waitForIdle(); + robot.delay(500); + + int actualColorDifference = getMaxColorDiff(backgroundColor, highlightColor); + if (actualColorDifference < minColorDifference) { + throw new RuntimeException("The expected highlight color for " + + "Menu was not found"); + } + + robot.mouseMove(point.x + rect.width / 2, + point.y + rect.height / 2); + robot.waitForIdle(); + robot.delay(500); + + robot.mousePress(InputEvent.BUTTON1_DOWN_MASK); + robot.mouseRelease(InputEvent.BUTTON1_DOWN_MASK); + robot.waitForIdle(); + robot.delay(500); + + blockTillDisplayed(menuitem); + SwingUtilities.invokeAndWait(() -> { + point = menuitem.getLocationOnScreen(); + rect = menuitem.getBounds(); + }); + robot.waitForIdle(); + robot.delay(500); + + backgroundColor = robot + .getPixelColor(point.x+rect.width/2, point.y+rect.height/2); + robot.waitForIdle(); + robot.delay(500); + + robot.mouseMove(point.x + rect.width / 2, + point.y + rect.height / 2); + robot.waitForIdle(); + robot.delay(500); + + highlightColor = robot + .getPixelColor(point.x+rect.width/2, point.y+rect.height/2); + robot.waitForIdle(); + robot.delay(500); + + actualColorDifference = getMaxColorDiff(backgroundColor, highlightColor); + if (actualColorDifference < minColorDifference) { + throw new RuntimeException("The expected highlight color for " + + "Menuitem was not found"); + } + } finally { + if (frame != null) { + SwingUtilities.invokeAndWait(frame::dispose); + } + } + } +}
--- a/test/jdk/internal/platform/docker/MetricsMemoryTester.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/jdk/internal/platform/docker/MetricsMemoryTester.java Mon Apr 19 04:23:30 2021 +0100 @@ -61,26 +61,34 @@ } private static void testMemoryFailCount() { - long count = Metrics.systemMetrics().getMemoryFailCount(); + long memAndSwapLimit = Metrics.systemMetrics().getMemoryAndSwapLimit(); + long memLimit = Metrics.systemMetrics().getMemoryLimit(); + + // We need swap to execute this test or will SEGV + if (memAndSwapLimit <= memLimit) { + System.out.println("No swap memory limits, test case skipped"); + } else { + long count = Metrics.systemMetrics().getMemoryFailCount(); - // Allocate 512M of data - byte[][] bytes = new byte[64][]; - for (int i = 0; i < 64; i++) { - try { - bytes[i] = new byte[8 * 1024 * 1024]; - // Break out as soon as we see an increase in failcount - // to avoid getting killed by the OOM killer. - if (Metrics.systemMetrics().getMemoryFailCount() > count) { + // Allocate 512M of data + byte[][] bytes = new byte[64][]; + for (int i = 0; i < 64; i++) { + try { + bytes[i] = new byte[8 * 1024 * 1024]; + // Break out as soon as we see an increase in failcount + // to avoid getting killed by the OOM killer. + if (Metrics.systemMetrics().getMemoryFailCount() > count) { + break; + } + } catch (Error e) { // OOM error break; } - } catch (Error e) { // OOM error - break; } - } - if (Metrics.systemMetrics().getMemoryFailCount() <= count) { - throw new RuntimeException("Memory fail count : new : [" - + Metrics.systemMetrics().getMemoryFailCount() + "]" - + ", old : [" + count + "]"); + if (Metrics.systemMetrics().getMemoryFailCount() <= count) { + throw new RuntimeException("Memory fail count : new : [" + + Metrics.systemMetrics().getMemoryFailCount() + "]" + + ", old : [" + count + "]"); + } } System.out.println("TEST PASSED!!!"); } @@ -111,10 +119,12 @@ private static void testMemoryAndSwapLimit(String memory, String memAndSwap) { long expectedMem = getMemoryValue(memory); long expectedMemAndSwap = getMemoryValue(memAndSwap); + long actualMemAndSwap = Metrics.systemMetrics().getMemoryAndSwapLimit(); if (expectedMem != Metrics.systemMetrics().getMemoryLimit() - || expectedMemAndSwap != Metrics.systemMetrics().getMemoryAndSwapLimit()) { - System.err.println("Memory and swap limit not equal, expected : [" + || (expectedMemAndSwap != actualMemAndSwap + && expectedMem != actualMemAndSwap)) { + throw new RuntimeException("Memory and swap limit not equal, expected : [" + expectedMem + ", " + expectedMemAndSwap + "]" + ", got : [" + Metrics.systemMetrics().getMemoryLimit() + ", " + Metrics.systemMetrics().getMemoryAndSwapLimit() + "]");
--- a/test/jdk/internal/platform/docker/TestUseContainerSupport.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/jdk/internal/platform/docker/TestUseContainerSupport.java Mon Apr 19 04:23:30 2021 +0100 @@ -58,8 +58,7 @@ DockerRunOptions opts = new DockerRunOptions(imageName, "/jdk/bin/java", "CheckUseContainerSupport"); opts.addClassOptions(Boolean.valueOf(useContainerSupport).toString()); - opts.addDockerOpts("--memory", "200m") - .addDockerOpts("--volume", Utils.TEST_CLASSES + ":/test-classes/"); + opts.addDockerOpts("--volume", Utils.TEST_CLASSES + ":/test-classes/"); if (useContainerSupport) { opts.addJavaOpts("-XX:+UseContainerSupport"); } else {
--- a/test/jdk/jfr/event/os/TestCPUInformation.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/jdk/jfr/event/os/TestCPUInformation.java Mon Apr 19 04:23:30 2021 +0100 @@ -55,7 +55,7 @@ Events.assertField(event, "cores").atLeast(1); Events.assertField(event, "sockets").atLeast(1); Events.assertField(event, "cpu").containsAny("Intel", "AMD", "Unknown x86", "sparc", "ARM", "PPC", "PowerPC", "AArch64", "s390"); - Events.assertField(event, "description").containsAny("Intel", "AMD", "Unknown x86", "SPARC", "ARM", "PPC", "PowerPC", "AArch64", "zArch"); + Events.assertField(event, "description").containsAny("Intel", "AMD", "Unknown x86", "SPARC", "ARM", "PPC", "PowerPC", "AArch64", "s390"); } } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/lib/jdk/test/lib/Container.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2019, Red Hat Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +package jdk.test.lib; + +public class Container { + // Use this property to specify docker location on your system. + // E.g.: "/usr/local/bin/docker". We define this constant here so + // that it can be used in VMProps as well which checks docker support + // via this command + public static final String ENGINE_COMMAND = + System.getProperty("jdk.test.container.command", "docker"); +}
--- a/test/lib/jdk/test/lib/containers/cgroup/MetricsTester.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/lib/jdk/test/lib/containers/cgroup/MetricsTester.java Mon Apr 19 04:23:30 2021 +0100 @@ -291,29 +291,32 @@ } // Memory and Swap - oldVal = metrics.getMemoryAndSwapFailCount(); - newVal = getLongValueFromFile(SubSystem.MEMORY, "memory.memsw.failcnt"); - if (!compareWithErrorMargin(oldVal, newVal)) { - fail(SubSystem.MEMORY, "memory.memsw.failcnt", oldVal, newVal); - } + // Skip swap tests if no swap is configured. + if (metrics.getMemoryAndSwapLimit() > metrics.getMemoryLimit()) { + oldVal = metrics.getMemoryAndSwapFailCount(); + newVal = getLongValueFromFile(SubSystem.MEMORY, "memory.memsw.failcnt"); + if (!compareWithErrorMargin(oldVal, newVal)) { + fail(SubSystem.MEMORY, "memory.memsw.failcnt", oldVal, newVal); + } - oldVal = metrics.getMemoryAndSwapLimit(); - newVal = getLongValueFromFile(SubSystem.MEMORY, "memory.memsw.limit_in_bytes"); - newVal = newVal > unlimited_minimum ? -1L : newVal; - if (!compareWithErrorMargin(oldVal, newVal)) { - fail(SubSystem.MEMORY, "memory.memsw.limit_in_bytes", oldVal, newVal); - } + oldVal = metrics.getMemoryAndSwapLimit(); + newVal = getLongValueFromFile(SubSystem.MEMORY, "memory.memsw.limit_in_bytes"); + newVal = newVal > unlimited_minimum ? -1L : newVal; + if (!compareWithErrorMargin(oldVal, newVal)) { + fail(SubSystem.MEMORY, "memory.memsw.limit_in_bytes", oldVal, newVal); + } - oldVal = metrics.getMemoryAndSwapMaxUsage(); - newVal = getLongValueFromFile(SubSystem.MEMORY, "memory.memsw.max_usage_in_bytes"); - if (!compareWithErrorMargin(oldVal, newVal)) { - fail(SubSystem.MEMORY, "memory.memsw.max_usage_in_bytes", oldVal, newVal); - } + oldVal = metrics.getMemoryAndSwapMaxUsage(); + newVal = getLongValueFromFile(SubSystem.MEMORY, "memory.memsw.max_usage_in_bytes"); + if (!compareWithErrorMargin(oldVal, newVal)) { + fail(SubSystem.MEMORY, "memory.memsw.max_usage_in_bytes", oldVal, newVal); + } - oldVal = metrics.getMemoryAndSwapUsage(); - newVal = getLongValueFromFile(SubSystem.MEMORY, "memory.memsw.usage_in_bytes"); - if (!compareWithErrorMargin(oldVal, newVal)) { - fail(SubSystem.MEMORY, "memory.memsw.usage_in_bytes", oldVal, newVal); + oldVal = metrics.getMemoryAndSwapUsage(); + newVal = getLongValueFromFile(SubSystem.MEMORY, "memory.memsw.usage_in_bytes"); + if (!compareWithErrorMargin(oldVal, newVal)) { + fail(SubSystem.MEMORY, "memory.memsw.usage_in_bytes", oldVal, newVal); + } } oldVal = metrics.getMemorySoftLimit(); @@ -531,16 +534,20 @@ long newUsage = metrics.getCpuUsage(); long[] newPerCpu = metrics.getPerCpuUsage(); - if (newSysVal <= startSysVal) { + // system/user CPU usage counters may be slowly increasing. + // allow for equal values for a pass + if (newSysVal < startSysVal) { fail(SubSystem.CPU, "getCpuSystemUsage", newSysVal, startSysVal); } - if (newUserVal <= startUserVal) { + // system/user CPU usage counters may be slowly increasing. + // allow for equal values for a pass + if (newUserVal < startUserVal) { fail(SubSystem.CPU, "getCpuUserUsage", newUserVal, startUserVal); } if (newUsage <= startUsage) { - fail(SubSystem.CPU, "getCpuUserUsage", newUsage, startUsage); + fail(SubSystem.CPU, "getCpuUsage", newUsage, startUsage); } boolean success = false; @@ -559,19 +566,28 @@ Metrics metrics = Metrics.systemMetrics(); long memoryMaxUsage = metrics.getMemoryMaxUsage(); long memoryUsage = metrics.getMemoryUsage(); - - byte[] bb = new byte[64*1024*1024]; // 64M + long newMemoryMaxUsage = 0, newMemoryUsage = 0; - long newMemoryMaxUsage = metrics.getMemoryMaxUsage(); - long newMemoryUsage = metrics.getMemoryUsage(); + // allocate memory in a loop and check more than once for new values + // otherwise we might see seldom the effect of decreasing new memory values + // e.g. because the system could free up memory + byte[][] bytes = new byte[32][]; + for (int i = 0; i < 32; i++) { + bytes[i] = new byte[8*1024*1024]; + newMemoryUsage = metrics.getMemoryUsage(); + if (newMemoryUsage > memoryUsage) { + break; + } + } + newMemoryMaxUsage = metrics.getMemoryMaxUsage(); - if(newMemoryMaxUsage < memoryMaxUsage) { - fail(SubSystem.MEMORY, "getMemoryMaxUsage", newMemoryMaxUsage, - memoryMaxUsage); + if (newMemoryMaxUsage < memoryMaxUsage) { + fail(SubSystem.MEMORY, "getMemoryMaxUsage", memoryMaxUsage, + newMemoryMaxUsage); } - if(newMemoryUsage < memoryUsage) { - fail(SubSystem.MEMORY, "getMemoryUsage", newMemoryUsage, memoryUsage); + if (newMemoryUsage < memoryUsage) { + fail(SubSystem.MEMORY, "getMemoryUsage", memoryUsage, newMemoryUsage); } }
--- a/test/lib/jdk/test/lib/containers/docker/DockerTestUtils.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/lib/jdk/test/lib/containers/docker/DockerTestUtils.java Mon Apr 19 04:23:30 2021 +0100 @@ -36,6 +36,7 @@ import java.util.ArrayList; import java.util.Collections; import java.util.List; +import jdk.test.lib.Container; import jdk.test.lib.Utils; import jdk.test.lib.process.OutputAnalyzer; import jdk.test.lib.process.ProcessTools; @@ -46,11 +47,6 @@ private static boolean isDockerEngineAvailable = false; private static boolean wasDockerEngineChecked = false; - // Use this property to specify docker location on your system. - // E.g.: "/usr/local/bin/docker". - private static final String DOCKER_COMMAND = - System.getProperty("jdk.test.docker.command", "docker"); - // Set this property to true to retain image after test. By default // images are removed after test execution completes. // Retaining the image can be useful for diagnostics and image inspection. @@ -110,7 +106,7 @@ */ private static boolean isDockerEngineAvailableCheck() throws Exception { try { - execute(DOCKER_COMMAND, "ps") + execute(Container.ENGINE_COMMAND, "ps") .shouldHaveExitValue(0) .shouldContain("CONTAINER") .shouldContain("IMAGE"); @@ -173,9 +169,8 @@ DockerfileConfig.getBaseImageVersion()); // Build the docker - execute(DOCKER_COMMAND, "build", "--no-cache", "--tag", imageName, buildDir.toString()) - .shouldHaveExitValue(0) - .shouldContain("Successfully built"); + execute(Container.ENGINE_COMMAND, "build", "--no-cache", "--tag", imageName, buildDir.toString()) + .shouldHaveExitValue(0); } @@ -190,7 +185,7 @@ public static OutputAnalyzer dockerRunJava(DockerRunOptions opts) throws Exception { ArrayList<String> cmd = new ArrayList<>(); - cmd.add(DOCKER_COMMAND); + cmd.add(Container.ENGINE_COMMAND); cmd.add("run"); if (opts.tty) cmd.add("--tty=true"); @@ -220,7 +215,7 @@ * @throws Exception */ public static void removeDockerImage(String imageNameAndTag) throws Exception { - execute(DOCKER_COMMAND, "rmi", "--force", imageNameAndTag); + execute(Container.ENGINE_COMMAND, "rmi", "--force", imageNameAndTag); }
--- a/test/lib/security/SecurityUtils.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/lib/security/SecurityUtils.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,6 +24,11 @@ import java.io.File; import java.io.FileInputStream; import java.security.KeyStore; +import java.security.Security; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.stream.Collectors; /** * Common library for various security test helper functions. @@ -52,5 +57,25 @@ return ks; } + /** + * Removes the specified protocols from the jdk.tls.disabledAlgorithms + * security property. + */ + public static void removeFromDisabledTlsAlgs(String... protocols) { + List<String> protocolsList = Arrays.asList(protocols); + protocolsList = Collections.unmodifiableList(protocolsList); + removeFromDisabledAlgs("jdk.tls.disabledAlgorithms", + protocolsList); + } + + private static void removeFromDisabledAlgs(String prop, List<String> algs) { + String value = Security.getProperty(prop); + value = Arrays.stream(value.split(",")) + .map(s -> s.trim()) + .filter(s -> !algs.contains(s)) + .collect(Collectors.joining(",")); + Security.setProperty(prop, value); + } + private SecurityUtils() {} }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/java2d/OpenGL/CopyAreaOOB.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,146 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 6430601 + * @summary Verifies that copyArea() works properly when the + * destination parameters are outside the destination bounds. + * @run main/othervm CopyAreaOOB + * @run main/othervm -Dsun.java2d.opengl=True CopyAreaOOB + * @author campbelc + */ + +import java.awt.*; +import java.awt.image.*; + +public class CopyAreaOOB extends Canvas { + + private static boolean done; + + public void paint(Graphics g) { + synchronized (this) { + if (done) { + return; + } + } + + int w = getWidth(); + int h = getHeight(); + + Graphics2D g2d = (Graphics2D)g; + g2d.setColor(Color.black); + g2d.fillRect(0, 0, w, h); + + g2d.setColor(Color.green); + g2d.fillRect(0, 0, w, 10); + + g2d.setColor(Color.red); + g2d.fillRect(0, 10, 50, h-10); + + // copy the region such that part of it goes below the bottom of the + // destination surface + g2d.copyArea(0, 10, 50, h-10, 60, 10); + + Toolkit.getDefaultToolkit().sync(); + + synchronized (this) { + done = true; + notifyAll(); + } + } + + public Dimension getPreferredSize() { + return new Dimension(400, 400); + } + + private static void testRegion(BufferedImage bi, String name, + int x1, int y1, int x2, int y2, + int expected) + { + for (int y = y1; y < y2; y++) { + for (int x = x1; x < x2; x++) { + int actual = bi.getRGB(x, y); + if (actual != expected) { + throw new RuntimeException("Test failed for " + name + + " region at x="+x+" y="+y+ + " (expected="+ + Integer.toHexString(expected) + + " actual="+ + Integer.toHexString(actual) + + ")"); + } + } + } + } + + public static void main(String[] args) { + boolean show = (args.length == 1) && ("-show".equals(args[0])); + + CopyAreaOOB test = new CopyAreaOOB(); + Frame frame = new Frame(); + frame.setUndecorated(true); + frame.add(test); + frame.pack(); + frame.setLocationRelativeTo(null); + frame.setVisible(true); + + // Wait until the component's been painted + synchronized (test) { + while (!done) { + try { + test.wait(); + } catch (InterruptedException e) { + throw new RuntimeException("Failed: Interrupted"); + } + } + } + + try { + Thread.sleep(2000); + } catch (InterruptedException ex) {} + + // Grab the screen region + BufferedImage capture = null; + try { + Robot robot = new Robot(); + Point pt1 = test.getLocationOnScreen(); + Rectangle rect = new Rectangle(pt1.x, pt1.y, 400, 400); + capture = robot.createScreenCapture(rect); + } catch (Exception e) { + throw new RuntimeException("Problems creating Robot"); + } finally { + if (!show) { + frame.dispose(); + } + } + + // Test pixels + testRegion(capture, "green", 0, 0, 400, 10, 0xff00ff00); + testRegion(capture, "original red", 0, 10, 50, 400, 0xffff0000); + testRegion(capture, "background", 50, 10, 60, 400, 0xff000000); + testRegion(capture, "in-between", 60, 10, 110, 20, 0xff000000); + testRegion(capture, "copied red", 60, 20, 110, 400, 0xffff0000); + testRegion(capture, "background", 110, 10, 400, 400, 0xff000000); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/java2d/SunGraphics2D/EmptyClipRenderingTest.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,299 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.awt.AWTException; +import java.awt.Canvas; +import java.awt.Color; +import java.awt.Component; +import java.awt.Dimension; +import java.awt.Frame; +import java.awt.Graphics; +import java.awt.Graphics2D; +import java.awt.GraphicsConfiguration; +import java.awt.GraphicsEnvironment; +import java.awt.HeadlessException; +import java.awt.Rectangle; +import java.awt.Robot; +import java.awt.Toolkit; +import java.awt.event.WindowAdapter; +import java.awt.event.WindowEvent; +import java.awt.image.BufferedImage; +import java.awt.image.VolatileImage; +import java.io.File; +import java.io.IOException; +import java.util.HashSet; +import javax.imageio.ImageIO; +import sun.awt.ConstrainableGraphics; + +/** + * @test + * @bug 6335200 6419610 + * @summary Tests that we don't render anything if specific empty clip is set + * @author Dmitri.Trembovetski@Sun.COM: area=Graphics + * @run main EmptyClipRenderingTest + * @run main/othervm -Dsun.java2d.noddraw=true EmptyClipRenderingTest + * @run main/othervm -Dsun.java2d.pmoffscreen=true EmptyClipRenderingTest + * @run main/othervm -Dsun.java2d.opengl=true EmptyClipRenderingTest + */ +public class EmptyClipRenderingTest { + static final int IMG_W = 400; + static final int IMG_H = 400; + + // generated rectangles + static HashSet<Rectangle> rects; + + volatile boolean isActivated = false; + volatile boolean isPainted; + private static boolean showErrors = false; + + public EmptyClipRenderingTest() { + // initialize clip/render region rectangles + initClips(); + + HashSet<RuntimeException> errors = new HashSet<RuntimeException>(); + + BufferedImage screenResult = testOnscreen(); + try { + testResult(screenResult, "Screen"); + } catch (RuntimeException e) { + errors.add(e); + } + + BufferedImage destBI = + new BufferedImage(IMG_W, IMG_H, BufferedImage.TYPE_INT_RGB); + runTest((Graphics2D)destBI.getGraphics()); + try { + testResult(destBI, "BufferedImage"); + } catch (RuntimeException e) { + errors.add(e); + } + + GraphicsConfiguration gc = + GraphicsEnvironment.getLocalGraphicsEnvironment(). + getDefaultScreenDevice().getDefaultConfiguration(); + VolatileImage destVI = gc.createCompatibleVolatileImage(IMG_W, IMG_H); + destVI.validate(gc); + runTest((Graphics2D)destVI.getGraphics()); + try { + testResult(destVI.getSnapshot(), "VolatileImage"); + } catch (RuntimeException e) { + errors.add(e); + } + + if (errors.isEmpty()) { + System.err.println("Test PASSED."); + } else { + for (RuntimeException re : errors) { + re.printStackTrace(); + } + if (showErrors) { + System.err.println("Test FAILED: "+ errors.size() + + " subtest failures."); + } else { + throw new RuntimeException("Test FAILED: "+ errors.size() + + " subtest failures."); + } + } + } + + /** + * Recursively adds 4 new rectangles: two vertical and two horizontal + * based on the passed rectangle area. The area is then shrunk and the + * process repeated for smaller area. + */ + private static void add4Rects(HashSet<Rectangle> rects, Rectangle area) { + if (area.width < 10 || area.height < 10) { + rects.add(area); + return; + } + // two vertical rects + rects.add(new Rectangle(area.x, area.y, 5, area.height)); + rects.add(new Rectangle(area.x + area.width - 5, area.y, 5, area.height)); + // two horizontal rects + int width = area.width - 2*(5 + 1); + rects.add(new Rectangle(area.x+6, area.y, width, 5)); + rects.add(new Rectangle(area.x+6, area.y + area.height - 5, width, 5)); + // reduce the area and repeat + area.grow(-6, -6); + add4Rects(rects, area); + } + + /** + * Generate a bunch of non-intersecting rectangles + */ + private static void initClips() { + rects = new HashSet<Rectangle>(); + add4Rects(rects, new Rectangle(0, 0, IMG_W, IMG_H)); + System.err.println("Total number of test rects: " + rects.size()); + } + + /** + * Render the pattern to the screen, capture the output with robot and + * return it. + */ + private BufferedImage testOnscreen() throws HeadlessException { + final Canvas destComponent; + final Object lock = new Object(); + Frame f = new Frame("Test Frame"); + f.setUndecorated(true); + f.add(destComponent = new Canvas() { + public void paint(Graphics g) { + isPainted = true; + } + public Dimension getPreferredSize() { + return new Dimension(IMG_W, IMG_H); + } + }); + f.addWindowListener(new WindowAdapter() { + public void windowActivated(WindowEvent e) { + if (!isActivated) { + synchronized (lock) { + isActivated = true; + lock.notify(); + } + } + } + }); + f.pack(); + f.setLocationRelativeTo(null); + f.setVisible(true); + synchronized(lock) { + while (!isActivated) { + try { + lock.wait(100); + } catch (InterruptedException ex) { + ex.printStackTrace(); + } + } + } + Robot r; + try { + r = new Robot(); + } catch (AWTException ex) { + throw new RuntimeException("Can't create Robot"); + } + BufferedImage bi; + int attempt = 0; + do { + if (++attempt > 10) { + throw new RuntimeException("Too many attempts: " + attempt); + } + isPainted = false; + runTest((Graphics2D) destComponent.getGraphics()); + r.waitForIdle(); + Toolkit.getDefaultToolkit().sync(); + bi = r.createScreenCapture( + new Rectangle(destComponent.getLocationOnScreen().x, + destComponent.getLocationOnScreen().y, + destComponent.getWidth(), + destComponent.getHeight())); + } while (isPainted); + f.setVisible(false); + f.dispose(); + return bi; + } + + /** + * Run the test: cycle through all the rectangles, use one as clip and + * another as the area to render to. + * Set the clip in the same way Swing does it when repainting: + * first constrain the graphics to the damaged area, and repaint everything + */ + void runTest(Graphics2D destGraphics) { + destGraphics.setColor(Color.black); + destGraphics.fillRect(0, 0, IMG_W, IMG_H); + + destGraphics.setColor(Color.red); + for (Rectangle clip : rects) { + Graphics2D g2d = (Graphics2D)destGraphics.create(); + g2d.setColor(Color.red); + // mimic what swing does in BufferStrategyPaintManager + if (g2d instanceof ConstrainableGraphics) { + ((ConstrainableGraphics)g2d).constrain(clip.x, clip.y, + clip.width, clip.height); + } + g2d.setClip(clip); + + for (Rectangle renderRegion : rects) { + if (renderRegion != clip) { + // from CellRendererPane's paintComponent + Graphics2D rG = (Graphics2D) + g2d.create(renderRegion.x, renderRegion.y, + renderRegion.width, renderRegion.height); + rG.fillRect(0,0, renderRegion.width, renderRegion.height); + } + } + } + } + + void testResult(final BufferedImage bi, final String desc) { + for (int y = 0; y < bi.getHeight(); y++) { + for (int x = 0; x < bi.getWidth(); x++) { + if (bi.getRGB(x, y) != Color.black.getRGB()) { + if (showErrors) { + Frame f = new Frame("Error: " + desc); + f.add(new Component() { + public void paint(Graphics g) { + g.drawImage(bi, 0, 0, null); + } + public Dimension getPreferredSize() { + return new Dimension(bi.getWidth(), + bi.getHeight()); + } + }); + f.pack(); + f.setVisible(true); + } + try { + String fileName = + "EmptyClipRenderingTest_"+desc+"_res.png"; + System.out.println("Writing resulting image: "+fileName); + ImageIO.write(bi, "png", new File(fileName)); + } catch (IOException ex) { + ex.printStackTrace(); + } + throw new RuntimeException("Dest: "+desc+ + " was rendered to at x="+ + x + " y=" + y + + " pixel="+Integer.toHexString(bi.getRGB(x,y))); + } + } + } + } + + public static void main(String argv[]) { + for (String arg : argv) { + if (arg.equals("-show")) { + showErrors = true; + } else { + usage("Incorrect argument:" + arg); + } + } + new EmptyClipRenderingTest(); + } + + private static void usage(String string) { + System.out.println(string); + System.out.println("Usage: EmptyClipRenderingTest [-show]"); + } +}
--- a/test/sun/security/lib/cacerts/VerifyCACerts.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/lib/cacerts/VerifyCACerts.java Mon Apr 19 04:23:30 2021 +0100 @@ -27,7 +27,7 @@ * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 * 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136 * 8223499 8225392 8232019 8234245 8233223 8225068 8225069 8243321 8243320 - * 8225072 8258630 + * 8225072 8258630 8259312 * @summary Check root CA entries in cacerts file */ import java.io.ByteArrayInputStream; @@ -277,6 +277,8 @@ add("luxtrustglobalrootca [jdk]"); // Valid until: Wed Mar 17 11:33:33 PDT 2021 add("quovadisrootca [jdk]"); + // Valid until: Tue Apr 06 00:29:40 PDT 2021 + add("soneraclass2ca [jdk]"); } };
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/pkcs11/Cipher/CancelMultipart.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,188 @@ +/* + * Copyright (c) 2021, Red Hat, Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8258833 + * @library /lib/security .. + * @run main/othervm CancelMultipart + */ + +import java.lang.reflect.Field; +import java.nio.ByteBuffer; +import java.security.Key; +import java.security.Provider; +import java.security.ProviderException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.spec.SecretKeySpec; + +public class CancelMultipart extends PKCS11Test { + + private static Provider provider; + private static Key key; + + static { + key = new SecretKeySpec(new byte[16], "AES"); + } + + private static class SessionLeaker { + private LeakOperation op; + private LeakInputType type; + + SessionLeaker(LeakOperation op, LeakInputType type) { + this.op = op; + this.type = type; + } + + private void leakAndTry() throws Exception { + Cipher cipher = op.getCipher(); + try { + type.doOperation(cipher, + (op instanceof LeakDecrypt ? + LeakInputType.DECRYPT_MODE : + null)); + throw new Exception("PKCS11Exception expected, invalid block" + + "size"); + } catch (ProviderException | IllegalBlockSizeException e) { + // Exception expected - session returned to the SessionManager + // should be cancelled. That's what will be tested now. + } + + tryCipherInit(); + } + } + + private static interface LeakOperation { + Cipher getCipher() throws Exception; + } + + private static interface LeakInputType { + static int DECRYPT_MODE = 1; + void doOperation(Cipher cipher, int mode) throws Exception; + } + + private static class LeakDecrypt implements LeakOperation { + public Cipher getCipher() throws Exception { + Cipher cipher = Cipher.getInstance( + "AES/ECB/PKCS5Padding", provider); + cipher.init(Cipher.DECRYPT_MODE, key); + return cipher; + } + } + + private static class LeakByteBuffer implements LeakInputType { + public void doOperation(Cipher cipher, int mode) throws Exception { + if (mode == DECRYPT_MODE) { + cipher.update(ByteBuffer.allocate(1), ByteBuffer.allocate(1)); + cipher.doFinal(ByteBuffer.allocate(0), ByteBuffer.allocate(1)); + } + } + } + + private static class LeakByteArray implements LeakInputType { + public void doOperation(Cipher cipher, int mode) throws Exception { + if (mode == DECRYPT_MODE) { + cipher.update(new byte[1]); + cipher.doFinal(new byte[1], 0, 0); + } + } + } + + public static void main(String[] args) throws Exception { + main(new CancelMultipart(), args); + } + + @Override + public void main(Provider p) throws Exception { + init(p); + + // Try multiple paths: + + executeTest(new SessionLeaker(new LeakDecrypt(), new LeakByteArray()), + "P11Cipher::implDoFinal(byte[], int, int)"); + + executeTest(new SessionLeaker(new LeakDecrypt(), new LeakByteBuffer()), + "P11Cipher::implDoFinal(ByteBuffer)"); + + System.out.println("TEST PASS - OK"); + } + + private static void executeTest(SessionLeaker sl, String testName) + throws Exception { + try { + sl.leakAndTry(); + System.out.println(testName + ": OK"); + } catch (Exception e) { + System.out.println(testName + ": FAILED"); + throw e; + } + } + + private static void init(Provider p) throws Exception { + provider = p; + + // The max number of sessions is 2 because, in addition to the + // operation (i.e. PKCS11::getNativeKeyInfo), a session to hold + // the P11Key object is needed. + setMaxSessions(2); + } + + /* + * This method is intended to generate pression on the number of sessions + * to be used from the NSS Software Token, so sessions with (potentially) + * active operations are reused. + */ + private static void setMaxSessions(int maxSessions) throws Exception { + Field tokenField = Class.forName("sun.security.pkcs11.SunPKCS11") + .getDeclaredField("token"); + tokenField.setAccessible(true); + Field sessionManagerField = Class.forName("sun.security.pkcs11.Token") + .getDeclaredField("sessionManager"); + sessionManagerField.setAccessible(true); + Field maxSessionsField = Class.forName("sun.security.pkcs11.SessionManager") + .getDeclaredField("maxSessions"); + maxSessionsField.setAccessible(true); + Object sessionManagerObj = sessionManagerField.get( + tokenField.get(provider)); + maxSessionsField.setInt(sessionManagerObj, maxSessions); + } + + private static void tryCipherInit() throws Exception { + Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding", provider); + + // A CKR_OPERATION_ACTIVE error may be thrown if a session was + // returned to the Session Manager with an active operation, and + // we try to initialize the Cipher using it. + // + // Given that the maximum number of sessions was forced to 2, we know + // that the session to be used here was already used in a previous + // (failed) operation. Thus, the test asserts that the operation was + // properly cancelled. + cipher.init(Cipher.ENCRYPT_MODE, key); + + // If initialization passes, finish gracefully so other paths can + // be tested under the current maximum number of sessions. + cipher.doFinal(new byte[16], 0, 0); + } +}
--- a/test/sun/security/ssl/ClientHandshaker/LengthCheckTest.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/ssl/ClientHandshaker/LengthCheckTest.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ * @bug 8044860 * @summary Vectors and fixed length fields should be verified * for allowed sizes. + * @library /lib/security * @run main/othervm LengthCheckTest * @key randomness */ @@ -299,6 +300,9 @@ * Main entry point for this test. */ public static void main(String args[]) throws Exception { + // Re-enable TLSv1 since test depends on it. + SecurityUtils.removeFromDisabledTlsAlgs("TLSv1"); + List<LengthCheckTest> ccsTests = new ArrayList<>(); if (debug) {
--- a/test/sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,10 +22,13 @@ */ /* - * test + * @test * @bug 7126889 * @summary Incorrect SSLEngine debug output - * + * @library /lib /lib/security + * @run main DebugReportsOneExtraByte + */ +/* * Debug output was reporting n+1 bytes of data was written when it was * really was n. * @@ -75,6 +78,9 @@ import java.security.*; import java.nio.*; +import jdk.test.lib.process.OutputAnalyzer; +import jdk.test.lib.process.ProcessTools; + public class DebugReportsOneExtraByte { /* @@ -82,17 +88,6 @@ */ private static boolean logging = true; - /* - * Enables the JSSE system debugging system property: - * - * -Djavax.net.debug=all - * - * This gives a lot of low-level information about operations underway, - * including specific handshake messages, and might be best examined - * after gaining some familiarity with this application. - */ - private static boolean debug = false; - private SSLContext sslc; private SSLEngine clientEngine; // client Engine @@ -130,14 +125,21 @@ * Main entry point for this test. */ public static void main(String args[]) throws Exception { - if (debug) { - System.setProperty("javax.net.debug", "all"); - } + + if (args.length == 0) { + OutputAnalyzer output = ProcessTools.executeTestJvm( + "-Dtest.src=" + System.getProperty("test.src"), + "-Djavax.net.debug=all", "DebugReportsOneExtraByte", "p"); + output.shouldContain("WRITE: TLS10 application_data, length = 8"); - DebugReportsOneExtraByte test = new DebugReportsOneExtraByte(); - test.runTest(); + System.out.println("Test Passed."); + } else { + // Re-enable TLSv1 since test depends on it + SecurityUtils.removeFromDisabledTlsAlgs("TLSv1"); - System.out.println("Test Passed."); + DebugReportsOneExtraByte test = new DebugReportsOneExtraByte(); + test.runTest(); + } } /*
--- a/test/sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.sh Fri Feb 05 20:19:32 2021 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,81 +0,0 @@ -#! /bin/sh - -# -# Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - -# @test -# @bug 7126889 -# @summary Incorrect SSLEngine debug output -# -# ${TESTJAVA} is pointing to the JDK under test. -# -# set platform-dependent variables - -OS=`uname -s` -case "$OS" in - SunOS | Linux | Darwin | AIX ) - PS=":" - FS="/" - ;; - CYGWIN* ) - PS=";" - FS="/" - ;; - Windows* ) - PS=";" - FS="\\" - ;; - * ) - echo "Unrecognized system!" - exit 1; - ;; -esac - -${COMPILEJAVA}${FS}bin${FS}javac ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} -d . \ - ${TESTSRC}${FS}DebugReportsOneExtraByte.java - -STRING='WRITE: TLS10 application_data, length = 8' - -echo "Examining debug output for the string:" -echo "${STRING}" -echo "=========" - -${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} -Djavax.net.debug=all \ - -Dtest.src=${TESTSRC} \ - DebugReportsOneExtraByte 2>&1 | \ - grep "${STRING}" -RETVAL=$? - -echo "=========" - -if [ ${RETVAL} -ne 0 ]; then - echo "Did NOT see the expected debug output." - exit 1 -else - echo "Received the expected debug output." - exit 0 -fi -else - echo "Received the expected debug output." - exit 0 -fi
--- a/test/sun/security/ssl/HandshakeHash/DigestBase.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/ssl/HandshakeHash/DigestBase.java Mon Apr 19 04:23:30 2021 +0100 @@ -51,6 +51,11 @@ digest.reset(); } + @Override + protected int engineGetDigestLength() { + return digest.getDigestLength(); + } + public static final class MD5 extends DigestBase { public MD5() throws Exception { super("MD5", "SUN");
--- a/test/sun/security/ssl/HandshakeHash/HandshakeHashCloneExhaustion.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/ssl/HandshakeHash/HandshakeHashCloneExhaustion.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,12 +28,15 @@ /* * @test - * @bug 8148421 8193683 + * @bug 8148421 8193683 8234728 * @summary Transport Layer Security (TLS) Session Hash and Extended * Master Secret Extension * @summary Increase the number of clones in the CloneableDigest * @library /javax/net/ssl/templates + * @library /lib/security * @compile DigestBase.java + * @run main/othervm -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3" + * HandshakeHashCloneExhaustion TLSv1.3 TLS_AES_128_GCM_SHA256 * @run main/othervm HandshakeHashCloneExhaustion * TLSv1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 * @run main/othervm HandshakeHashCloneExhaustion @@ -77,6 +80,10 @@ protocol = new String [] { args[0] }; ciphersuite = new String[] { args[1] }; + // Re-enable TLSv1.1 when test depends on it. + if (protocol[0].equals("TLSv1.1")) { + SecurityUtils.removeFromDisabledTlsAlgs(protocol[0]); + } (new HandshakeHashCloneExhaustion()).run(); }
--- a/test/sun/security/ssl/SSLContextImpl/IllegalProtocolProperty.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/ssl/SSLContextImpl/IllegalProtocolProperty.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,6 +28,7 @@ * @test * @bug 7093640 * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE + * @library /lib/security * @run main/othervm -Djdk.tls.client.protocols="XSLv3,TLSv1" * IllegalProtocolProperty */ @@ -60,6 +61,9 @@ } public static void main(String[] args) throws Exception { + // Re-enable TLSv1 and TLSv1.1 since test depends on them. + SecurityUtils.removeFromDisabledTlsAlgs("TLSv1", "TLSv1.1"); + for (ContextVersion cv : ContextVersion.values()) { System.out.println("Checking SSLContext of " + cv.contextVersion);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/ssl/SSLContextImpl/SSLContextDefault.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,144 @@ +/* + * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + +/* + * @test + * @bug 8202343 + * @summary Check that SSLv3, TLSv1 and TLSv1.1 are disabled by default + * @run main/othervm SSLContextDefault + */ + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import javax.net.ssl.*; + +public class SSLContextDefault { + + private final static String[] protocols = { + "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" + }; + + private final static List<String> disabledProtocols = + Collections.unmodifiableList( + Arrays.asList("SSLv3", "TLSv1", "TLSv1.1")); + + public static void main(String[] args) throws Exception { + for (String protocol : protocols) { + System.out.println("//"); + System.out.println("// " + "Testing for SSLContext of " + + (protocol.isEmpty() ? "<default>" : protocol)); + System.out.println("//"); + checkForProtocols(protocol); + System.out.println(); + } + } + + public static void checkForProtocols(String protocol) throws Exception { + SSLContext context; + if (protocol.isEmpty()) { + context = SSLContext.getDefault(); + } else { + context = SSLContext.getInstance(protocol); + context.init(null, null, null); + } + + // check for the presence of supported protocols of SSLContext + SSLParameters parameters = context.getSupportedSSLParameters(); + checkProtocols(parameters.getProtocols(), + "Supported protocols in SSLContext", false); + + + // check for the presence of default protocols of SSLContext + parameters = context.getDefaultSSLParameters(); + checkProtocols(parameters.getProtocols(), + "Enabled protocols in SSLContext", true); + + // check for the presence of supported protocols of SSLEngine + SSLEngine engine = context.createSSLEngine(); + checkProtocols(engine.getSupportedProtocols(), + "Supported protocols in SSLEngine", false); + + // Check for the presence of default protocols of SSLEngine + checkProtocols(engine.getEnabledProtocols(), + "Enabled protocols in SSLEngine", true); + + SSLSocketFactory factory = context.getSocketFactory(); + try (SSLSocket socket = (SSLSocket)factory.createSocket()) { + // check for the presence of supported protocols of SSLSocket + checkProtocols(socket.getSupportedProtocols(), + "Supported cipher suites in SSLSocket", false); + + // Check for the presence of default protocols of SSLSocket + checkProtocols(socket.getEnabledProtocols(), + "Enabled protocols in SSLSocket", true); + } + + SSLServerSocketFactory serverFactory = context.getServerSocketFactory(); + try (SSLServerSocket serverSocket = + (SSLServerSocket)serverFactory.createServerSocket()) { + // check for the presence of supported protocols of SSLServerSocket + checkProtocols(serverSocket.getSupportedProtocols(), + "Supported cipher suites in SSLServerSocket", false); + + // Check for the presence of default protocols of SSLServerSocket + checkProtocols(serverSocket.getEnabledProtocols(), + "Enabled protocols in SSLServerSocket", true); + } + } + + private static void checkProtocols(String[] protocols, + String title, boolean disabled) throws Exception { + showProtocols(protocols, title); + + if (disabled) { + for (String protocol : protocols ) { + if (disabledProtocols.contains(protocol)) { + throw new Exception(protocol + + " should not be enabled by default"); + } + } + } else { + List<String> protocolsList = Collections.unmodifiableList( + Arrays.asList(protocols)); + for (String disabledProtocol : disabledProtocols) { + if (!protocolsList.contains(disabledProtocol)) { + throw new Exception(disabledProtocol + + " should be supported by default"); + } + } + } + } + + private static void showProtocols(String[] protocols, String title) { + System.out.println(title + "[" + protocols.length + "]:"); + for (String protocol : protocols) { + System.out.println(" " + protocol); + } + } +}
--- a/test/sun/security/ssl/SSLContextImpl/SSLContextVersion.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/ssl/SSLContextImpl/SSLContextVersion.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,7 @@ * @bug 6976117 * @summary SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets * without TLSv1.1 enabled + * @library /lib/security * @run main/othervm SSLContextVersion */ @@ -57,6 +58,9 @@ } public static void main(String[] args) throws Exception { + // Re-enable TLSv1 and TLSv1.1 since test depends on them. + SecurityUtils.removeFromDisabledTlsAlgs("TLSv1", "TLSv1.1"); + for (ContextVersion cv : ContextVersion.values()) { System.out.println("Checking SSLContext of " + cv.contextVersion); SSLContext context = SSLContext.getInstance(cv.contextVersion);
--- a/test/sun/security/ssl/SSLEngineImpl/EmptyExtensionData.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/ssl/SSLEngineImpl/EmptyExtensionData.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,6 +30,7 @@ * @test * @bug 6728126 * @summary Parsing Extensions in Client Hello message is done in a wrong way + * @library /lib/security * @run main/othervm EmptyExtensionData */ @@ -154,6 +155,8 @@ } public static void main(String args[]) throws Exception { + // Re-enable TLSv1 since test depends on it. + SecurityUtils.removeFromDisabledTlsAlgs("TLSv1"); SSLEngine ssle = createSSLEngine(keyFilename, trustFilename); runTest(ssle);
--- a/test/sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,6 +30,7 @@ * @test * @bug 7031830 * @summary bad_record_mac failure on TLSv1.2 enabled connection with SSLEngine + * @library /lib/security * @run main/othervm SSLEngineBadBufferArrayAccess */ @@ -158,6 +159,9 @@ System.setProperty("javax.net.debug", "all"); } + // Re-enable TLSv1 and TLSv1.1 since test depends on them. + SecurityUtils.removeFromDisabledTlsAlgs("TLSv1", "TLSv1.1"); + String [] protocols = new String [] { "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" };
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/ssl/SSLSocketImpl/SSLSocketBruceForceClose.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,147 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// +// Please run in othervm mode. SunJSSE does not support dynamic system +// properties, no way to re-use system properties in samevm/agentvm mode. +// + +/* + * @test + * @bug 8209333 + * @summary Socket reset issue for TLS 1.3 socket close + * @library /javax/net/ssl/templates + * @run main/othervm SSLSocketBruceForceClose + */ + +import javax.net.ssl.*; +import java.io.*; +import java.net.InetAddress; + +public class SSLSocketBruceForceClose implements SSLContextTemplate { + + public static void main(String[] args) throws Exception { + for (int i = 0; i<= 10; i++) { + System.err.println("==================================="); + System.err.println("loop " + i); + System.err.println("==================================="); + new SSLSocketBruceForceClose().test(); + } + } + + private void test() throws Exception { + SSLServerSocket listenSocket = null; + SSLSocket serverSocket = null; + ClientSocket clientSocket = null; + try { + SSLServerSocketFactory serversocketfactory = + createServerSSLContext().getServerSocketFactory(); + listenSocket = + (SSLServerSocket)serversocketfactory.createServerSocket(0); + listenSocket.setNeedClientAuth(false); + listenSocket.setEnableSessionCreation(true); + listenSocket.setUseClientMode(false); + + + System.err.println("Starting client"); + clientSocket = new ClientSocket(listenSocket.getLocalPort()); + clientSocket.start(); + + System.err.println("Accepting client requests"); + serverSocket = (SSLSocket) listenSocket.accept(); + + System.err.println("Reading data from client"); + BufferedReader serverReader = new BufferedReader( + new InputStreamReader(serverSocket.getInputStream())); + String data = serverReader.readLine(); + System.err.println("Received data from client: " + data); + + System.err.println("Reading more data from client"); + data = serverReader.readLine(); + System.err.println("Received data from client: " + data); + } finally { + if (listenSocket != null) { + listenSocket.close(); + } + + if (serverSocket != null) { + serverSocket.close(); + } + } + + if (clientSocket != null && clientSocket.clientException != null) { + throw clientSocket.clientException; + } + } + + private class ClientSocket extends Thread{ + int serverPort = 0; + Exception clientException; + + public ClientSocket(int serverPort) { + this.serverPort = serverPort; + } + + @Override + public void run() { + SSLSocket clientSocket = null; + String clientData = "Hi, I am client"; + try { + System.err.println( + "Connecting to server at port " + serverPort); + SSLSocketFactory sslSocketFactory = + createClientSSLContext().getSocketFactory(); + clientSocket = (SSLSocket)sslSocketFactory.createSocket( + InetAddress.getLocalHost(), serverPort); + clientSocket.setSoLinger(true, 3); + clientSocket.setSoTimeout(1000); + + + System.err.println("Sending data to server ..."); + + BufferedWriter os = new BufferedWriter( + new OutputStreamWriter(clientSocket.getOutputStream())); + os.write(clientData, 0, clientData.length()); + os.newLine(); + os.flush(); + + System.err.println("Sending more data to server ..."); + os.write(clientData, 0, clientData.length()); + os.newLine(); + os.flush(); + } catch (Exception e) { + clientException = e; + } finally { + if (clientSocket != null) { + try{ + clientSocket.close(); + System.err.println("client socket closed"); + } catch (IOException ioe) { + clientException = ioe; + } + } + } + } + } +} +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/ssl/SSLSocketImpl/SSLSocketClose.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,159 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// +// Please run in othervm mode. SunJSSE does not support dynamic system +// properties, no way to re-use system properties in samevm/agentvm mode. +// + +/* + * @test + * @bug 8209333 + * @summary Socket reset issue for TLS 1.3 socket close + * @library /javax/net/ssl/templates + * @run main/othervm SSLSocketClose + */ + +import javax.net.ssl.*; +import java.io.*; +import java.net.InetAddress; + +public class SSLSocketClose implements SSLContextTemplate { + + public static void main(String[] args) throws Exception { + for (int i = 0; i<= 10; i++) { + System.err.println("==================================="); + System.err.println("loop " + i); + System.err.println("==================================="); + new SSLSocketClose().test(); + } + } + + private void test() throws Exception { + SSLServerSocket listenSocket = null; + SSLSocket serverSocket = null; + ClientSocket clientSocket = null; + try { + SSLServerSocketFactory serversocketfactory = + createServerSSLContext().getServerSocketFactory(); + listenSocket = + (SSLServerSocket)serversocketfactory.createServerSocket(0); + listenSocket.setNeedClientAuth(false); + listenSocket.setEnableSessionCreation(true); + listenSocket.setUseClientMode(false); + + + System.err.println("Starting client"); + clientSocket = new ClientSocket(listenSocket.getLocalPort()); + clientSocket.start(); + + System.err.println("Accepting client requests"); + serverSocket = (SSLSocket) listenSocket.accept(); + + System.err.println("Reading data from client"); + BufferedReader serverReader = new BufferedReader( + new InputStreamReader(serverSocket.getInputStream())); + String data = serverReader.readLine(); + System.err.println("Received data from client: " + data); + + System.err.println("Sending data to client ..."); + String serverData = "Hi, I am server"; + BufferedWriter os = new BufferedWriter( + new OutputStreamWriter(serverSocket.getOutputStream())); + os.write(serverData, 0, serverData.length()); + os.newLine(); + os.flush(); + + System.err.println("Reading more data from client"); + data = serverReader.readLine(); + System.err.println("Received data from client: " + data); + } finally { + if (listenSocket != null) { + listenSocket.close(); + } + + if (serverSocket != null) { + serverSocket.close(); + } + } + + if (clientSocket != null && clientSocket.clientException != null) { + throw clientSocket.clientException; + } + } + + private class ClientSocket extends Thread{ + int serverPort = 0; + Exception clientException; + + public ClientSocket(int serverPort) { + this.serverPort = serverPort; + } + + @Override + public void run() { + SSLSocket clientSocket = null; + String clientData = "Hi, I am client"; + try { + System.err.println( + "Connecting to server at port " + serverPort); + SSLSocketFactory sslSocketFactory = + createClientSSLContext().getSocketFactory(); + clientSocket = (SSLSocket)sslSocketFactory.createSocket( + InetAddress.getLocalHost(), serverPort); + clientSocket.setSoLinger(true, 3); + + System.err.println("Sending data to server ..."); + + BufferedWriter os = new BufferedWriter( + new OutputStreamWriter(clientSocket.getOutputStream())); + os.write(clientData, 0, clientData.length()); + os.newLine(); + os.flush(); + + System.err.println("Reading data from server"); + BufferedReader is = new BufferedReader( + new InputStreamReader(clientSocket.getInputStream())); + String data = is.readLine(); + System.err.println("Received Data from server: " + data); + + System.err.println("Sending more data to server ..."); + os.write(clientData, 0, clientData.length()); + os.newLine(); + os.flush(); + } catch (Exception e) { + clientException = e; + } finally { + if (clientSocket != null) { + try{ + clientSocket.close(); + System.err.println("client socket closed"); + } catch (IOException ioe) { + clientException = ioe; + } + } + } + } + } +} +
--- a/test/sun/security/ssl/SSLSocketImpl/SSLSocketCloseHang.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/ssl/SSLSocketImpl/SSLSocketCloseHang.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,9 +23,10 @@ /* * @test - * @bug 8184328 + * @bug 8184328 8253368 * @summary JDK8u131-b34-socketRead0 hang at SSL read * @run main/othervm SSLSocketCloseHang + * @run main/othervm SSLSocketCloseHang shutdownInputTest */ import java.io.*; @@ -72,6 +73,8 @@ */ static boolean debug = false; + static boolean shutdownInputTest = false; + /* * If the client or server is doing some kind of object creation * that the other side depends on, and that thread prematurely @@ -145,7 +148,26 @@ Thread.sleep(500); System.err.println("Client closing: " + System.nanoTime()); - sslSocket.close(); + if (shutdownInputTest) { + try { + sslSocket.shutdownInput(); + } catch (SSLException e) { + if (!e.getMessage().contains + ("closing inbound before receiving peer's close_notify")) { + throw new RuntimeException("expected different exception message. " + + e.getMessage()); + } + } + if (!sslSocket.getSession().isValid()) { + throw new RuntimeException("expected session to remain valid"); + } + + } else { + sslSocket.close(); + } + + + clientClosed = true; System.err.println("Client closed: " + System.nanoTime()); } @@ -179,6 +201,8 @@ if (debug) System.setProperty("javax.net.debug", "all"); + shutdownInputTest = args.length > 0 ? true : false; + /* * Start the tests. */
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/ssl/SignatureScheme/CustomizedClientSchemes.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + +/* + * @test + * @bug 8242141 + * @summary New System Properties to configure the default signature schemes + * @library /javax/net/ssl/templates + * @run main/othervm CustomizedClientSchemes + */ + +import javax.net.ssl.SSLException; + +public class CustomizedClientSchemes extends SSLSocketTemplate { + + public static void main(String[] args) throws Exception { + System.setProperty("jdk.tls.client.SignatureSchemes", "rsa_pkcs1_sha1"); + + try { + new CustomizedClientSchemes().run(); + throw new Exception( + "The jdk.tls.client.SignatureSchemes System Property " + + "does not work"); + } catch (SSLException e) { + // Got the expected exception. + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/ssl/SignatureScheme/CustomizedServerSchemes.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + +/* + * @test + * @bug 8242141 + * @summary New System Properties to configure the default signature schemes + * @library /javax/net/ssl/templates + * @run main/othervm CustomizedServerSchemes + */ + +import javax.net.ssl.SSLException; + +public class CustomizedServerSchemes extends SSLSocketTemplate { + + public static void main(String[] args) throws Exception { + System.setProperty("jdk.tls.server.SignatureSchemes", "rsa_pkcs1_sha1"); + + try { + new CustomizedServerSchemes().run(); + throw new Exception( + "The jdk.tls.server.SignatureSchemes System Property " + + "does not work"); + } catch (SSLException e) { + // Got the expected exception. + } + } +}
--- a/test/sun/security/ssl/X509TrustManagerImpl/BasicConstraints.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/ssl/X509TrustManagerImpl/BasicConstraints.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -35,17 +35,14 @@ * @run main/othervm BasicConstraints SunX509 */ -import java.net.*; import java.util.*; import java.io.*; import javax.net.ssl.*; -import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.*; import java.security.spec.*; import java.security.interfaces.*; -import java.math.BigInteger; import java.util.Base64; @@ -70,93 +67,122 @@ // Certificate information: // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce // Validity - // Not Before: May 5 02:40:50 2012 GMT - // Not After : Apr 15 02:40:50 2033 GMT + // Not Before: Dec 20 13:13:44 2019 GMT + // Not After : Dec 17 13:13:44 2029 GMT // Subject: C=US, O=Java, OU=SunJSSE Test Serivce // X509v3 Subject Key Identifier: - // DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B + // 88:A7:8D:A1:4F:85:3C:9B:32:47:88:E8:74:81:65:45:00:DE:DD:45 // X509v3 Authority Key Identifier: - // keyid:DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B - // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce - // serial:00 + // keyid:88:A7:8D:A1:4F:85:3C:9B:32:47:88:E8:74:81:65:45:00:DE:DD:45 static String trusedCertStr = "-----BEGIN CERTIFICATE-----\n" + - "MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJVUzEN\n" + - "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" + - "MTIwNTA1MDI0MDUwWhcNMzMwNDE1MDI0MDUwWjA7MQswCQYDVQQGEwJVUzENMAsG\n" + - "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" + - "KoZIhvcNAQEBBQADgY0AMIGJAoGBANtiq0AIJK+iVRwFrqcD7fYXTCbMYC5Qz/k6\n" + - "AXBy7/1rI8wDhEJLE3m/+NSqiJwZcmdq2dNh/1fJFrwvzuURbc9+paOBWeHbN+Sc\n" + - "x3huw91oPZme385VpoK3G13rSE114S/rF4DM9mz4EStFhSHXATjtdbskNOAYGLTV\n" + - "x8uEy9GbAgMBAAGjgaUwgaIwHQYDVR0OBBYEFN1OjSoRwIMD8Kzror/58n3IaR+b\n" + - "MGMGA1UdIwRcMFqAFN1OjSoRwIMD8Kzror/58n3IaR+boT+kPTA7MQswCQYDVQQG\n" + - "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" + - "Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEC\n" + - "BQADgYEAjjkJesQrkbr36N40egybaIxw7RcqT6iy5fkAGS1JYlBDk8uSCK1o6bCH\n" + - "ls5EpYcGeEoabSS73WRdkO1lgeyWDduO4ef8cCCSpmpT6/YdZG0QS1PtcREeVig+\n" + - "Zr25jNemS4ADHX0aaXP4kiV/G80cR7nX5t5XCUm4bYdbwM07NgI=\n" + + "MIIDZDCCAkygAwIBAgIUSXd4x4/VUhfEFGgfxEt/BG2n8RIwDQYJKoZIhvcNAQEL\n" + + "BQAwOzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpT\n" + + "U0UgVGVzdCBTZXJpdmNlMB4XDTE5MTIyMDEzMTM0NFoXDTI5MTIxNzEzMTM0NFow\n" + + "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" + + "VGVzdCBTZXJpdmNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Cd4\n" + + "U//Y2P4vIu9BBGi+pm64YXYP2LNRNK/e5/nWWmNKJapCAYYda/FJClrbzpI/FgRU\n" + + "NLM9B4Uo065FRIrBi1vu8zyYgwT7UK0WsLwg6Z81KH50PfM0ClEx44tTqocYDc7C\n" + + "gsvbyIeTIbV9AnRlEnBA15WFJAJMTCglaNleXUZ9+A/tazRhHlsRp0Ob8j4tCMJa\n" + + "RDpGMYTy1XbG+WqC8wXP63a63cwjPrL5uzt/C4W1bgNBfTRwIHSUShNhfdc7ZJNS\n" + + "r2NFPcwodd7uVle5JePNag7oyhjOFFEaBGq21dl6/ozVRkqSWWAi1P7MRay9eYj3\n" + + "mLZiZaL6NlWxXnfzVwIDAQABo2AwXjAdBgNVHQ4EFgQUiKeNoU+FPJsyR4jodIFl\n" + + "RQDe3UUwHwYDVR0jBBgwFoAUiKeNoU+FPJsyR4jodIFlRQDe3UUwDwYDVR0TAQH/\n" + + "BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAI1Lgf1Sd/iR\n" + + "pXBW6OKE9Oa6WkZx/hKrtm3tw+m5OTU4veQijMPIIgnXw0QYXFMieWSjSz+OGq+v\n" + + "t5NJWj7afCOADrhswrfAY3q3XY9+HnoXv1OvANFhokos25w6fB9t0lrm5KR+3d8l\n" + + "RwQbxhr8I6tDn2pDExVXRe8k2PYqkabgG6IqPnLzt4iLhPx4ivzo4Zc+zfQZc672\n" + + "oyNJw2/iNufHRsoRa8QqHJM9vziYfChZqdSSlTiqaoyijT0Br6/2yyIKfjjt5Abt\n" + + "cwIDUWqQda62xV7ChkTh7ia3uvBXob2iiB0aI3gVTTqDfK9F5XXtW4BXfqx0hvwB\n" + + "6JzgmNyDQos=\n" + "-----END CERTIFICATE-----"; static String trustedPrivateKey = // Private key in the format of PKCS#8 - "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANtiq0AIJK+iVRwF\n" + - "rqcD7fYXTCbMYC5Qz/k6AXBy7/1rI8wDhEJLE3m/+NSqiJwZcmdq2dNh/1fJFrwv\n" + - "zuURbc9+paOBWeHbN+Scx3huw91oPZme385VpoK3G13rSE114S/rF4DM9mz4EStF\n" + - "hSHXATjtdbskNOAYGLTVx8uEy9GbAgMBAAECgYEA2VjHkIiA0ABjkX+PqKeb+VLb\n" + - "fxS7tSca5C8zfdRhLxAWRui0/3ihst0eCJNrBDuxvAOACovsDWyLuaUjtI2v2ysz\n" + - "vz6SPyGy82PhQOFzyKQuQ814N6EpothpiZzF0yFchfKIGhUsdY89UrGs9nM7m6NT\n" + - "rztYvgIu4avg2VPR2AECQQD+pFAqipR2BplQRIuuRSZfHRxvoEyDjT1xnHJsC6WP\n" + - "I5hCLghL91MhQGWbP4EJMKYQOTRVukWlcp2Kycpf+P5hAkEA3I43gmVUAPEdyZdY\n" + - "fatW7OaLlbbYJb6qEtpCZ1Rwe/BIvm6H6E3qSi/lpz7Ia7WDulpbF6BawHH3pRFq\n" + - "CUY5ewJBAP3pUDqrRpBN0jB0uSeDslhjSciQ+dqvSpZv3rSYBHUvlBJhnkpJiy37\n" + - "7ZUZhIxqYxyIPgRBolLwb+FFh7OdL+ECQCtldDic9WVmC+VheRDpCKZ+SlK/8lGi\n" + - "7VXeShiIvcU1JysJFoa35fSI7hf1O3wt7+hX5PqGG7Un94EsJwACKEcCQQC1TWt6\n" + - "ArKH6tRxKjOxFtqfs8fgEVYUaOr3j1jF4KBUuX2mtQtddZe3VfJ2wPsuKMMxmhkB\n" + - "e7xWWZnJsErt2e+E"; + "MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDUJ3hT/9jY/i8i\n" + + "70EEaL6mbrhhdg/Ys1E0r97n+dZaY0olqkIBhh1r8UkKWtvOkj8WBFQ0sz0HhSjT\n" + + "rkVEisGLW+7zPJiDBPtQrRawvCDpnzUofnQ98zQKUTHji1OqhxgNzsKCy9vIh5Mh\n" + + "tX0CdGUScEDXlYUkAkxMKCVo2V5dRn34D+1rNGEeWxGnQ5vyPi0IwlpEOkYxhPLV\n" + + "dsb5aoLzBc/rdrrdzCM+svm7O38LhbVuA0F9NHAgdJRKE2F91ztkk1KvY0U9zCh1\n" + + "3u5WV7kl481qDujKGM4UURoEarbV2Xr+jNVGSpJZYCLU/sxFrL15iPeYtmJlovo2\n" + + "VbFed/NXAgMBAAECggEAUZvlQ5q1VbNhenTCc+m+/NK2hncd3WQNJtFIU7/dXuO2\n" + + "0ApQXbmzc6RbTmppB2tmbRe5NJSGM3BbpiHxb05Y6TyyDEsQ98Vgz0Xl5pJXrsaZ\n" + + "cjxChtoY+KcHI9qikoRpElaoqBu3LcpJJLxlnB4eCxu3NbbEgneH1fvTeCO1kvcp\n" + + "i3DDdyfY7WB9RW1yWAveiuqvtnbsPfJJLKEhFvZL2ArYCRTm/oIw64yukNe/QLR5\n" + + "bGzEJMT2ZNQMld1f+CW9tOrUKrnnPCGfMa351T5we+8B6sujWfftPutgEVx5TmHs\n" + + "AOW1SntMapbgg46K9EC/C5YQa5D1aNOH9ZTEMkgUMQKBgQDrpPQIHFozeeyZ0iiq\n" + + "HtReLPcqpkwr/9ELc3SjgUypSvpu0l/m++um0yLinlXMn25km/BP6Mv3t/+1uzAc\n" + + "qpopkcyek8X1hzNRhDkWuMv4KDOKk5c6qLx8FGSm6q8PYm5KbsiyeCM7CJoeoqJ5\n" + + "74IZjOIw7UrYLckCb6W8xGQLIwKBgQDmew3vGRR3JmCCSumtJQOqhF6bBYrNb6Qc\n" + + "r4vrng+QhNIquwGqHKPorAI1J8J1jOS+dkDWTxSz2xQKQ83nsOspzVPskpDh5mWL\n" + + "gGk5QCkX87jFsXfhvZFLksZMbIdpWze997Zs2fe/PWfPaH6o3erqo2zAhQV0eA9q\n" + + "C7tfImREPQKBgQDi2Xq/8CN52M9IScQx+dnyC5Gqckt0NCKXxn8sBIa7l129oDMI\n" + + "187FXA8CYPEyOu14V5KiKvdos66s0daAUlB04lI8+v+g3ZYuzH50/FQHwxPTPUBi\n" + + "DRzeyncXJWiAA/8vErWM8hDgfOh5w5Fsl4EEfdcmyNm7gWA4Qyknr1ysRwKBgQDC\n" + + "JSPepUy09VHUTxA59nT5HRmoEeoTFRizxTfi2LkZrphuwCotxoRXiRUu+3f1lyJU\n" + + "Qb5qCCFTQ5bE8squgTwGcVxhajC66V3ePePlAuPatkWN2ek28X1DoLaDR+Rk3h69\n" + + "Wb2EQbNMl4grkUUoMA8jaVhBb4vhyQSK+qjyAUFerQKBgQDXZPuflfsjH/d/O2yw\n" + + "qZbssKe9AKORjv795teblAc3vmsSlNwwVnPdS2aq1LHyoNbetc/OaZV151hTQ/9z\n" + + "bsA48oOojgrDD07Ovg3uDcNEIufxR0aGeSSvqhElp1r7wAYj8bAr6W/RH6MS16WW\n" + + "dRd+PH6hsap8BD2RlVCnrT3vIQ=="; // Certificate information: // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce // Validity - // Not Before: May 5 02:40:53 2012 GMT - // Not After : Jan 21 02:40:53 2032 GMT + // Not Before: Dec 20 13:13:44 2019 GMT + // Not After : Dec 17 13:13:44 2029 GMT // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=casigner // X509v3 Subject Key Identifier: - // 13:07:E0:11:07:DB:EB:33:23:87:31:D0:DB:7E:16:56:BE:11:90:0A + // 4B:6D:B0:B0:E6:EF:45:15:35:B5:FC:6B:E2:C7:FC:A6:E6:C4:EC:95 // X509v3 Authority Key Identifier: - // keyid:DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B - // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce - // serial:00 + // keyid:88:A7:8D:A1:4F:85:3C:9B:32:47:88:E8:74:81:65:45:00:DE:DD:45 static String caSignerStr = "-----BEGIN CERTIFICATE-----\n" + - "MIICqDCCAhGgAwIBAgIBAjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" + - "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" + - "MTIwNTA1MDI0MDUzWhcNMzIwMTIxMDI0MDUzWjBOMQswCQYDVQQGEwJVUzENMAsG\n" + - "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxETAPBgNV\n" + - "BAMTCGNhc2lnbmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+x8+o7oM0\n" + - "ct/LZmZLXBL4CQ8jrULD5P7NtEW0hg/zxBFZfBHf+44Oo2eMPYZj+7xaREOH5BmV\n" + - "KRYlzRtONAaC5Ng4Mrm5UKNPcMIIUjUOvm7vWM4oSTMSfoEcSX+vp99uUAkw3w7Z\n" + - "+frYDm1M4At/j0b+lLij71GFN2L8drpgPQIDAQABo4GoMIGlMB0GA1UdDgQWBBQT\n" + - "B+ARB9vrMyOHMdDbfhZWvhGQCjBjBgNVHSMEXDBagBTdTo0qEcCDA/Cs66K/+fJ9\n" + - "yGkfm6E/pD0wOzELMAkGA1UEBhMCVVMxDTALBgNVBAoTBEphdmExHTAbBgNVBAsT\n" + - "FFN1bkpTU0UgVGVzdCBTZXJpdmNlggEAMBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYD\n" + - "VR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBAI+LXA/UCPkTANablUkt80JNPWsl\n" + - "pS4XLNgPxWaN0bkRDs5oI4ooWAz1rwpeJ/nfetOvWlpmrVjSeovBFja5Hl+dUHTf\n" + - "VfuyzkxXbhuNiJIpo1mVBpNsjwu9YRxuwX6UA2LTUQpgvtVJEE012x3zRvxBCbu2\n" + - "Y/v1R5fZ4c+hXDfC\n" + + "MIIDdzCCAl+gAwIBAgIUDYDCpVXk72hlpeNam094GPxl9Z0wDQYJKoZIhvcNAQEL\n" + + "BQAwOzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpT\n" + + "U0UgVGVzdCBTZXJpdmNlMB4XDTE5MTIyMDEzMTM0NFoXDTI5MTIxNzEzMTM0NFow\n" + + "TjELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" + + "VGVzdCBTZXJpdmNlMREwDwYDVQQDDAhjYXNpZ25lcjCCASIwDQYJKoZIhvcNAQEB\n" + + "BQADggEPADCCAQoCggEBAMC8Z4sqVbWWNp567w28MKN9bkE0rZzQLivLsiz7WYzg\n" + + "8LsUDhtGkxpAcoiMuxnkPWGgD3Xzdy/enVo/vn9lgw7LHWJ3+FeZt3eOnwFHTBu+\n" + + "srFrnf7iU7RLkAvl06lTYBWFx15Dv4PCgvqIC4eo1wAGDcKKOshwV5kdw8zBpkx3\n" + + "1jEkbpiuc0cxaNtdMYqmZrTY0wHVSdHGx02mGp9G3aCRSzXyXrr3uxInt5uW9JYR\n" + + "bDUGa2uD02jbxRSyIXyrSb2L8bRDNg6tLq+CG6blukcCLHF8D1n+jMes3yB/yA0N\n" + + "NGcbqmEPBVvVSP2c7Z/3JMCvHsrPkS1E2YPH1I0xL2sCAwEAAaNgMF4wHQYDVR0O\n" + + "BBYEFEttsLDm70UVNbX8a+LH/KbmxOyVMB8GA1UdIwQYMBaAFIinjaFPhTybMkeI\n" + + "6HSBZUUA3t1FMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3\n" + + "DQEBCwUAA4IBAQBpwrPMDlCvxRvv91w4oFYhYTV2zj9BecsYQPhbqG9zRiHrJoNE\n" + + "dDPxZQnjb3P5u2LAe7Cp+Nah1ZSvjnF1oVk7ct+Usz02InojHxN72xDsZOMLWuAN\n" + + "3CJhjGp6WyYUstRWybpiJzPehZdYfk+FaMxwM54REAiipDTFO07PZrj1h/aDQ0Tl\n" + + "7D6w2v1pz1IR/ctuij7sFReFvjFEE4JoTNjfqzNWO4ML1vDHVi5MHeBgUckujOrI\n" + + "P0QqaqP+xJIY+sRrzdckxSfS9AOOrJk2VXY8qEoxCN4wCvHJWuHEAF/Lm65d/hq3\n" + + "2Uh8P+QHLeuEwF8RoTpjiGM9dXvaqcQz7w5G\n" + "-----END CERTIFICATE-----"; static String caSignerPrivateKey = // Private key in the format of PKCS#8 - "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAL7Hz6jugzRy38tm\n" + - "ZktcEvgJDyOtQsPk/s20RbSGD/PEEVl8Ed/7jg6jZ4w9hmP7vFpEQ4fkGZUpFiXN\n" + - "G040BoLk2DgyublQo09wwghSNQ6+bu9YzihJMxJ+gRxJf6+n325QCTDfDtn5+tgO\n" + - "bUzgC3+PRv6UuKPvUYU3Yvx2umA9AgMBAAECgYBYvu30cW8LONyt62Zua9hPFTe7\n" + - "qt9B7QYyfkdmoG5PQMepTrOp84SzfoOukvgvDm0huFuJnSvhXQl2cCDhkgXskvFj\n" + - "Hh7KBCFViVXokGdq5YoS0/KYMyQV0TZfJUvILBl51uc4/siQ2tClC/N4sa+1JhgW\n" + - "a6dFGfRjiUKSSlmMwQJBAPWpIz3Q/c+DYMvoQr5OD8EaYwYIevlTdXb97RnJJh2b\n" + - "UnhB9jrqesJiHYVzPmP0ukyPOXOwlp2T5Am4Kw0LFOkCQQDGz150NoHOp28Mvyc4\n" + - "CTqz/zYzUhy2eCJESl196uyP4N65Y01VYQ3JDww4DlsXiU17tVSbgA9TCcfTYOzy\n" + - "vyw1AkARUky+1hafZCcWGZljK8PmnMKwsTZikCTvL/Zg5BMA8Wu+OQBwpQnk3OAy\n" + - "Aa87gw0DyvGFG8Vy9POWT9sRP1/JAkBqP0hrMvYMSs6+MSn0eHo2151PsAJIQcuO\n" + - "U2/Da1khSzu8N6WMi2GiobgV/RYRbf9KrY2ZzMZjykZQYOxAjopBAkEAghCu38cN\n" + - "aOsW6ueo24uzsWI1FTdE+qWNVEi3RSP120xXBCyhaBjIq4WVSlJK9K2aBaJpit3j\n" + - "iQ5tl6zrLlxQhg=="; + "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDAvGeLKlW1ljae\n" + + "eu8NvDCjfW5BNK2c0C4ry7Is+1mM4PC7FA4bRpMaQHKIjLsZ5D1hoA9183cv3p1a\n" + + "P75/ZYMOyx1id/hXmbd3jp8BR0wbvrKxa53+4lO0S5AL5dOpU2AVhcdeQ7+DwoL6\n" + + "iAuHqNcABg3CijrIcFeZHcPMwaZMd9YxJG6YrnNHMWjbXTGKpma02NMB1UnRxsdN\n" + + "phqfRt2gkUs18l6697sSJ7eblvSWEWw1Bmtrg9No28UUsiF8q0m9i/G0QzYOrS6v\n" + + "ghum5bpHAixxfA9Z/ozHrN8gf8gNDTRnG6phDwVb1Uj9nO2f9yTArx7Kz5EtRNmD\n" + + "x9SNMS9rAgMBAAECggEAZk6cF/8s5+sIqy9OXdgbaW1XbT1tOuQ23gCOX9o8Os/c\n" + + "eTG4GzpnM3QqV9l8J85D1uKD0nSeO8bLd/CGSlG0M9IVkwNjy/xIqyoFtUQHXmLn\n" + + "r84UXAv/qqDBoc8pf6RGSKZuodcMfgBuTlaQ6D3zgou0GiQN9//KP/jQyouwnr3A\n" + + "LyXQekxriwPuSYAPak8s5XLfugOebbSRm2UdGEgX3yrT9FVu9rtgeMKdRaCOU8T4\n" + + "G2UdpGaiDfm5yrR+2XEIv4oaH3WFxmmfQCxVcOFJ1iRvfKBbLb1UCgtJuCBD067y\n" + + "dq5PrwUTeAvd7hwZd0lxCSnWY7VvYFNr7iJfyElowQKBgQD8eosot+Th03hpkYDs\n" + + "BIVsw7oqhJmcrPV1bSZ+aQwqqrOGypNmb7nLGTC8Cj1sT+EzfGs7GqxiLOEn4NXr\n" + + "TYV//RUPBSEXVp2y+2dot1a9oq0BJ8FwGTYL0qSwJrIXJfkQFrYhVVz3JLIWJbwV\n" + + "cy4YCQr094BhXTS7joJOUDRsYwKBgQDDbI3Lv+bBK8lLfIBll1RY1k5Gqy/H+qxp\n" + + "sMN8FmadmIGzHhe9xml6b5EfAZphAUF4vZJhQXloT5Wm+NNIAf6X6dRjvzyw7N9B\n" + + "d48EFJF4ChqNGBocsQRNr2wPRzQ+k2caw9YyYMIjbhktDzO1U/FJGYW6/Vgr2v4K\n" + + "siROnXfLWQKBgBOVAZQP5z2opC8z7NbhZuPPrnG7xRpEw+jupUyqoxnwEWqD7bjF\n" + + "M5jQBFqhRLBQ5buTi9GSuQoIRxJLuuu8IH2TyH1YvX9M5YBLRXL2vVCJ/HcZeURT\n" + + "gECcfs92wNtQw6d+y3N8ZnB4tSNIm/Th8RJGKUZkp91lWECvxeWDDP3XAoGASfNq\n" + + "NRAJYlAPfGFAtTDu2i8+r79X9XUGiXg6gVp4umpbqkxY75eFkq9lWzZgFRVEkUwr\n" + + "eGIubyquluDSEw2uKg5yMMzNSqZYVY3IsOKXqbUpFvtn5jOWTU90tNNdEdD100sI\n" + + "Y0f6Ly4amNKH3rZFOERQNtJn6zCTsbh3xMgR7QECgYBhQTqxLU5eIu38MKobzRue\n" + + "RoUkMcoY3DePkKPSYjilFhkUDozIXf/xUGnB8kERZKO+44wUkuPGljiFL1/P/RO9\n" + + "zhHAV94Kw2ddtfxy05GVtUZ99miBmsMb2m8vumGJqfR8h2xpfc1Ra0zfrsPgLNru\n" + + "xDTDW+bNbM7XyPvg9mOf7Q=="; // Certificate information: // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=casigner @@ -165,129 +191,178 @@ // Not After : Jan 21 02:40:57 2032 GMT // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=certissuer // X509v3 Subject Key Identifier: - // 39:0E:C6:33:B1:50:BC:73:07:31:E5:D8:04:F7:BB:97:55:CF:9B:C8 + // B4:E8:EA:80:A9:2B:F5:62:B5:2C:A6:F8:FF:65:BC:CF:51:40:9C:15 // X509v3 Authority Key Identifier: - // keyid:13:07:E0:11:07:DB:EB:33:23:87:31:D0:DB:7E:16:56:BE:11:90:0A - // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce - // serial:02 + // keyid:4B:6D:B0:B0:E6:EF:45:15:35:B5:FC:6B:E2:C7:FC:A6:E6:C4:EC:95 static String certIssuerStr = "-----BEGIN CERTIFICATE-----\n" + - "MIICvjCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQQFADBOMQswCQYDVQQGEwJVUzEN\n" + - "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxETAP\n" + - "BgNVBAMTCGNhc2lnbmVyMB4XDTEyMDUwNTAyNDA1N1oXDTMyMDEyMTAyNDA1N1ow\n" + - "UDELMAkGA1UEBhMCVVMxDTALBgNVBAoTBEphdmExHTAbBgNVBAsTFFN1bkpTU0Ug\n" + - "VGVzdCBTZXJpdmNlMRMwEQYDVQQDEwpjZXJ0aXNzdWVyMIGfMA0GCSqGSIb3DQEB\n" + - "AQUAA4GNADCBiQKBgQCyz55zinU6kNL/LeiTNiBI0QWYmDG0YTotuC4D75liBNqs\n" + - "7Mmladsh2mTtQUAwmuGaGzaZV25a+cUax0DXZoyBwdbTI09u1bUYsZcaUUKbPoCC\n" + - "HH26e4jLFL4olW13Sv4ZAd57tIYevMw+Fp5f4fLPFGegCJTFlv2Qjpmic/cuvQID\n" + - "AQABo4GpMIGmMB0GA1UdDgQWBBQ5DsYzsVC8cwcx5dgE97uXVc+byDBjBgNVHSME\n" + - "XDBagBQTB+ARB9vrMyOHMdDbfhZWvhGQCqE/pD0wOzELMAkGA1UEBhMCVVMxDTAL\n" + - "BgNVBAoTBEphdmExHTAbBgNVBAsTFFN1bkpTU0UgVGVzdCBTZXJpdmNlggECMBMG\n" + - "A1UdEwEB/wQJMAcBAf8CAgQAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOB\n" + - "gQCQTagenCdClT98C+oTJGJrw/dUBD9K3tE6ZJKPMc/2bUia8G5ei1C0eXj4mWG2\n" + - "lu9umR6C90/A6qB050QB2h50qtqxSrkpu+ym1yypauZpg7U3nUY9wZWJNI1vqrQZ\n" + - "pqUMRcXY3iQIVKx+Qj+4/Za1wwFQzpEoGmqRW31V1SdMEw==\n" + + "MIIDjDCCAnSgAwIBAgIUJWLHjJR9tY2/5DX3iOcZ2JRKY8cwDQYJKoZIhvcNAQEL\n" + + "BQAwTjELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpT\n" + + "U0UgVGVzdCBTZXJpdmNlMREwDwYDVQQDDAhjYXNpZ25lcjAeFw0xOTEyMjAxMzEz\n" + + "NDVaFw0yOTEyMTcxMzEzNDVaMFAxCzAJBgNVBAYTAlVTMQ0wCwYDVQQKDARKYXZh\n" + + "MR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTETMBEGA1UEAwwKY2VydGlz\n" + + "c3VlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALWUNWnObPBso4vI\n" + + "VaSM+Oq1f3EsyrtJWqhu+EG/5UKEwYaNBs1A9u1zM5xc05y4wXJfFj755djtzfsz\n" + + "OFt1ke/hjhpYSf4DcSJfb99MBvHHXrmrEqIdsPYSaUqT9DrIi+L0z0Rdev++IQJj\n" + + "j9J213gpi18RNrQWl8Xn9mlkxhCjwj1GoFA6aF+9cvWX8uh2Vrl6Vm28hTKnmTad\n" + + "FB7nwDF4/mGuKVsiB+YTJJ/2Y6RpNqVF/Z6kET/BE0DtCLlKvY7iljbHc892YzI0\n" + + "vhxlo4lOB3J4NhsQxJbq+mIlbbqZr+p4WA8hdnwI4UlktI4S7fXQzhA51JHVjZyX\n" + + "f9XYTRUCAwEAAaNgMF4wHQYDVR0OBBYEFLTo6oCpK/VitSym+P9lvM9RQJwVMB8G\n" + + "A1UdIwQYMBaAFEttsLDm70UVNbX8a+LH/KbmxOyVMA8GA1UdEwEB/wQFMAMBAf8w\n" + + "CwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCGrjnGs23pQkQoUu8+C2y/\n" + + "OAT5k9uyPCcLxFPM+Hon5WI6DACxpj7mu2ekN0fswu6B7beQVygpnNSQFVqLrJw1\n" + + "daYdhTMzkNCkPk6q0cUmj5k94jfCHBl4jw+qoZiIehuR9qFHhpLkT4zMTkFof+P+\n" + + "Lfc92QJppUAOh3jTvHK01YwP2sxK3KXhcbofQnxGS4WHrqmmZC2YO/LQRoYDZdUY\n" + + "zr4da2aIg9CKrH2QWoMkDfRKkJvrU3/VhVfVWpNbXFE2xZXftQl3hpFCJ3FkpciA\n" + + "l3hKeq4byY3LXxhAClHpk1KkXJkMnQdOfA5aGekj/Cjuaz1/iKYAG2vRq7YcuM/o\n" + "-----END CERTIFICATE-----"; static String certIssuerPrivateKey = // Private key in the format of PKCS#8 - "MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBALLPnnOKdTqQ0v8t\n" + - "6JM2IEjRBZiYMbRhOi24LgPvmWIE2qzsyaVp2yHaZO1BQDCa4ZobNplXblr5xRrH\n" + - "QNdmjIHB1tMjT27VtRixlxpRQps+gIIcfbp7iMsUviiVbXdK/hkB3nu0hh68zD4W\n" + - "nl/h8s8UZ6AIlMWW/ZCOmaJz9y69AgMBAAECgYEAjtew2tgm4gxDojqIauF4VPM1\n" + - "pzsdqd1p3pAdomNLgrQiBLZ8N7oiph6TNb1EjA+OXc+ThFgF/oM9ZDD8qZZwcvjN\n" + - "qDZlpTkFs2TaGcyEZfUaMB45NHVs6Nn+pSkagSNwwy3xeyAct7sQEzGNTDlEwVv5\n" + - "7V9LQutQtBd6xT48KzkCQQDpNRfv2OFNG/6GtzJoO68oJhpnpl2MsYNi4ntRkre/\n" + - "6uXpiCYaDskcrPMRwOOs0m7mxG+Ev+uKnLnSoEMm1GCbAkEAxEmDtiD0Psb8Z9BL\n" + - "ZRb83Jqho3xe2MCAh3xUfz9b/Mhae9dZ44o4OCgQZuwvW1mczF0NtpgZl93BmYa2\n" + - "hTwHhwJBAKHrEj6ep/fA6x0gD2idoATRR94VfbiU+7NpqtO9ecVP0+gsdr/66hn1\n" + - "3yLBeZLh3MxvMTrLgkAQh1i9m0JXjOcCQQClLXAHHegrw+u3uNMZeKTFR+Lp3sk6\n" + - "AZSnbvr0Me9I45kxSeG81x3ENALJecvIRbrrRws5MvmmkNhQR8rkh8WVAkEAk6b+\n" + - "aVtmBgUaTS5+FFlHGHJY9HFrfT1a1C/dwyMuqlmbC3YsBmZaMOlKli5TXNybLff8\n" + - "5KMeGEpXMzgC7AscGA=="; + "MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC1lDVpzmzwbKOL\n" + + "yFWkjPjqtX9xLMq7SVqobvhBv+VChMGGjQbNQPbtczOcXNOcuMFyXxY++eXY7c37\n" + + "MzhbdZHv4Y4aWEn+A3EiX2/fTAbxx165qxKiHbD2EmlKk/Q6yIvi9M9EXXr/viEC\n" + + "Y4/Sdtd4KYtfETa0FpfF5/ZpZMYQo8I9RqBQOmhfvXL1l/Lodla5elZtvIUyp5k2\n" + + "nRQe58AxeP5hrilbIgfmEySf9mOkaTalRf2epBE/wRNA7Qi5Sr2O4pY2x3PPdmMy\n" + + "NL4cZaOJTgdyeDYbEMSW6vpiJW26ma/qeFgPIXZ8COFJZLSOEu310M4QOdSR1Y2c\n" + + "l3/V2E0VAgMBAAECggEBAJjfVrjl2kHwtSCSYchQB6FTfSBDnctgTrtP8iMo9FO0\n" + + "gVpOkVNtRndTbjhOzro7smIgPBJ5QlIIpErBLMmTinJza7gybNk2/KD7yKwuzgnw\n" + + "2IdoyB9E8B+8EHmBZzW2ck953KaqLUvzPsdMG2IOPAomr/gx/eRQwScVzBefiEGo\n" + + "sN+rGfUt/RNAHwWje1KuNDj21S84agQhN6hdYUnIMsvJLu/9mOwUb9ff+AzTUfFr\n" + + "zyx2MJL4Cx59DkUUMESCfinlHUc21llQjFWmX/zOoGY0X0qV/YM/GRsv1ZDFHw9o\n" + + "hQ6m8Ov7D9wB3TKZBI97sCyggjBfSeuYQlNbs99KWQECgYEA7IKNL0ME7FuIrKYu\n" + + "FCQ/Duz1N3oQXLzrTGKUSU1qSbrU2Jwk4SfJ8ZYCW1TP6vZkaQsTXmXun3yyCAqZ\n" + + "hcOtDBhI+b7Wpmmyf6nb83oYJtzHMRQZ5qS+9vOBfV9Uf1za8XI4p90EqkFHByCF\n" + + "tHfjVbjK39zN4CvaO3tqpOaYtL0CgYEAxIrTAhGWy9nBsxf8QeqDou0rV5Cw50Kl\n" + + "kQsE7KLmjvrMaFFpUc5lgWoC+pm/69VpNBUuN/38YozwxVjVi/nMJuuK150mhdWI\n" + + "B28FI7ORnFmVeSvTrP4mBX1ct2Tny9zpchXn3rpHR5NZUs7oBhjudHSfRMrHxeBs\n" + + "Kv2pr2s6uzkCgYAtrEh3iAm7WzHZpX3ghd9nknsIa5odTp5h8eeRAFI2Ss4vxneY\n" + + "w4ZMERwDZy1/wnVBk9H5uNWMFxiKVQGww0j3vPjawe/R0zeVT8gaDMn9N0WARNF7\n" + + "qPT3265196LptZTSa6xlPllYR6LfzXgEkeJk+3qyIIHheJZ8RikiDyYOQQKBgQC/\n" + + "rxlegiMNC4KDldf7vanGxAKqcz5lPbXWQOX7mGC+f9HNx+Cs3VxYHDltiXgJnOju\n" + + "191s1HRK9WR5REt5KhY2uzB9WxJQItJ5VYiwqhhQYXqLY/gdVv1kC0DayDndtMWk\n" + + "88JhklGkeAv83DikgbpGr9sJr6+oyFkWkLDmmfD82QKBgQCMgkZJzrdSNNlB0n5x\n" + + "xC3MzlsQ5aBJuUctnMfuyDi+11yLAuP1oLzGEJ7qEfFoGRO0V8zJWmHAfNhmVYEX\n" + + "ow5g0WbPT16GoRCiOAzq+ewH+TEELMF6HWqnDuTnCg28Jg0dw2kdVTqeyzKOQlLG\n" + + "ua9c2DY3PUTXQPNqLVhz+XxZKA=="; // Certificate information: // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=certissuer // Validity - // Not Before: May 5 02:41:01 2012 GMT - // Not After : Jan 21 02:41:01 2032 GMT + // Not Before: Dec 20 13:13:45 2019 GMT + // Not After : Dec 17 13:13:45 2029 GMT // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=localhost // X509v3 Subject Key Identifier: - // AD:C0:2C:4C:E4:C2:2E:A1:BB:5D:92:BE:66:E0:4E:E0:0D:2F:11:EF + // 46:FC:94:7A:61:6D:BF:5F:AE:D7:20:EC:BF:6A:74:2A:26:F1:D4:4C // X509v3 Authority Key Identifier: - // keyid:39:0E:C6:33:B1:50:BC:73:07:31:E5:D8:04:F7:BB:97:55:CF:9B:C8 + // keyid:B4:E8:EA:80:A9:2B:F5:62:B5:2C:A6:F8:FF:65:BC:CF:51:40:9C:15 static String serverCertStr = "-----BEGIN CERTIFICATE-----\n" + - "MIICjTCCAfagAwIBAgIBBDANBgkqhkiG9w0BAQQFADBQMQswCQYDVQQGEwJVUzEN\n" + - "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxEzAR\n" + - "BgNVBAMTCmNlcnRpc3N1ZXIwHhcNMTIwNTA1MDI0MTAxWhcNMzIwMTIxMDI0MTAx\n" + - "WjBPMQswCQYDVQQGEwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNT\n" + - "RSBUZXN0IFNlcml2Y2UxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0B\n" + - "AQEFAAOBjQAwgYkCgYEAvwaUd7wmBSKqycEstYLWD26vkU08DM39EtaT8wL9HnQ0\n" + - "fgPblwBFI4zdLa2cuYXRZcFUb04N8nrkcpR0D6kkE+AlFAoRWrrZF80B7JTbtEK4\n" + - "1PIeurihXvUT+4MpzGLOojIihMfvM4ufelblD56SInso4WFHm7t4qCln88J1gjkC\n" + - "AwEAAaN4MHYwCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBStwCxM5MIuobtdkr5m4E7g\n" + - "DS8R7zAfBgNVHSMEGDAWgBQ5DsYzsVC8cwcx5dgE97uXVc+byDAnBgNVHSUEIDAe\n" + - "BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDMA0GCSqGSIb3DQEBBAUAA4GB\n" + - "AGfwcfdvEG/nSCiAn2MGbYHp34mgF3OA1SJLWUW0LvWJhwm2cn4AXlSoyvbwrkaB\n" + - "IDDCwhJvvc0vUyL2kTx7sqVaFTq3mDs+ktlB/FfH0Pb+i8FE+g+7T42Iw/j0qxHL\n" + - "YmgbrjBQf5WYN1AvBE/rrPt9aOtS3UsqtVGW574b0shW\n" + + "MIIDfDCCAmSgAwIBAgIUHsJi1HTWpR3FCiOiG/qLK6BDluwwDQYJKoZIhvcNAQEL\n" + + "BQAwUDELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpT\n" + + "U0UgVGVzdCBTZXJpdmNlMRMwEQYDVQQDDApjZXJ0aXNzdWVyMB4XDTE5MTIyMDEz\n" + + "MTM0NVoXDTI5MTIxNzEzMTM0NVowTzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEph\n" + + "dmExHTAbBgNVBAsMFFN1bkpTU0UgVGVzdCBTZXJpdmNlMRIwEAYDVQQDDAlsb2Nh\n" + + "bGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaDgoxN2UQQero\n" + + "oBQ4JlQP1BFaZEtIkdIU2VJs4whz85J0LSB/68iEOS5e8wCz9wiQWr4isor7sl3e\n" + + "B2dnLGY28BthOTw2j/CYw/dRqyDbPZniooB233uLGarKjqQWXpRFQi6bgEQmNqWe\n" + + "C32w+V+Oq3CTkinwgPvA5mnSe0P8gpF9NLZBFn0TtxaY0bQIie2WNk/HjrVQIhq3\n" + + "qmG/zVxeBc3PVOOU/OKrwjHbim9YI+zdDRXjNm8siHi0RF2+fkxfyAm8Qg+mT8L4\n" + + "xdtr0a+eP4oIvkymRURxIrXNnvoX+MhYKSOQnizpW0NMOZ5L9nyw1cYX8j9Ed6eM\n" + + "kzxZwRrlAgMBAAGjTzBNMB0GA1UdDgQWBBRG/JR6YW2/X67XIOy/anQqJvHUTDAf\n" + + "BgNVHSMEGDAWgBS06OqAqSv1YrUspvj/ZbzPUUCcFTALBgNVHQ8EBAMCA+gwDQYJ\n" + + "KoZIhvcNAQELBQADggEBAGXHGefA1j136yenwK+j9K5VnG2kYGXCadi9bKtTXf/X\n" + + "6Xasb7QE2QWEIlq+78AaV9Dwc7qk1TuBsN05LbQUSe7h5UAfS4AZ5l/XSay2cxrZ\n" + + "TKoyuzh9kj38QkEBxZlrClyBzU8Mct0L9F8yEm4V7AqQOshn9gEQl9lzJUb2KHeZ\n" + + "AxblrQhPQDrWhmQjQkl/xaiOiU31sHKTnB/L2CKvJtmsKIyBdrQCQTlIOcRu4/PQ\n" + + "4z/sjecKP08Xkf5+p4RzPL+OZHkJoejSEjBndLC8BK9IZD94kHZYDz8ulWrQJ5Nr\n" + + "u/inkyf8NcG7zLBJJyuKfUXO/OzGPD5QMviVc+PCGTY=\n" + "-----END CERTIFICATE-----"; static String serverPrivateKey = // Private key in the format of PKCS#8 - "MIICdAIBADANBgkqhkiG9w0BAQEFAASCAl4wggJaAgEAAoGBAL8GlHe8JgUiqsnB\n" + - "LLWC1g9ur5FNPAzN/RLWk/MC/R50NH4D25cARSOM3S2tnLmF0WXBVG9ODfJ65HKU\n" + - "dA+pJBPgJRQKEVq62RfNAeyU27RCuNTyHrq4oV71E/uDKcxizqIyIoTH7zOLn3pW\n" + - "5Q+ekiJ7KOFhR5u7eKgpZ/PCdYI5AgMBAAECf3CscOYvFD3zNMnMJ5LomVqA7w3F\n" + - "gKYM2jlCWAH+wU41PMEXhW6Lujw92jgXL1o+lERwxFzirVdZJWZwKgUSvzP1G0h3\n" + - "fkucq1/UWnToK+8NSXNM/yS8hXbBgSEoJo5f7LKcIi1Ev6doBVofMxs+njzyWKbM\n" + - "Nb7rOLHadghoon0CQQDgQzbzzSN8Dc1YmmylhI5v+0sQRHH0DL7D24k4Weh4vInG\n" + - "EAbt4x8M7ZKEo8/dv0s4hbmNmAnJl93/RRxIyEqLAkEA2g87DiswSQam2pZ8GlrO\n" + - "+w4Qg9mH8uxx8ou2rl0XlHzH1XiTNbkjfY0EZoL7L31BHFk9n11Fb2P85g6ws+Hy\n" + - "ywJAM/xgyLNM/nzUlS128geAXUULaYH0SHaL4isJ7B4rXZGW/mrIsGxtzjlkNYsj\n" + - "rGujrD6TfNc5rZmexIXowJZtcQJBAIww+pCzZ4mrgx5JXWQ8OZHiiu+ZrPOa2+9J\n" + - "r5sOMpi+WGN/73S8oHqZbNjTINZ5OqEVJq8MchWZPQBTNXuQql0CQHEjUzzkCQa3\n" + - "j6JTa2KAdqyvLOx0XF9zcc1gA069uNQI2gPUHS8V215z57f/gMGnDNhVfLs/vMKz\n" + - "sFkVZ3zg7As="; + "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCaDgoxN2UQQero\n" + + "oBQ4JlQP1BFaZEtIkdIU2VJs4whz85J0LSB/68iEOS5e8wCz9wiQWr4isor7sl3e\n" + + "B2dnLGY28BthOTw2j/CYw/dRqyDbPZniooB233uLGarKjqQWXpRFQi6bgEQmNqWe\n" + + "C32w+V+Oq3CTkinwgPvA5mnSe0P8gpF9NLZBFn0TtxaY0bQIie2WNk/HjrVQIhq3\n" + + "qmG/zVxeBc3PVOOU/OKrwjHbim9YI+zdDRXjNm8siHi0RF2+fkxfyAm8Qg+mT8L4\n" + + "xdtr0a+eP4oIvkymRURxIrXNnvoX+MhYKSOQnizpW0NMOZ5L9nyw1cYX8j9Ed6eM\n" + + "kzxZwRrlAgMBAAECggEBAIPF4p36ni3r1H2q/+CPmHP5l+ZTx7mJUcOXqNOO11on\n" + + "TGyndRc2ncvMBYgeH8nQUrj3hY+0XQGyrmwOtTohVkVD2IevJ3wcX1asuU5YLMCb\n" + + "zpd3HJ+RxeFT0S12GZEw0W70j11ft+tf7wZjGd5ZUI1+w8rWyZz5F18HOBlcauj/\n" + + "iqMgrlVLZ7qXEb6WV9zP5hWx5nZwrnuuiM1zXLVuO9rg7qk+zCts2oyM8KRTfQIi\n" + + "Zo3VDO0nwnEoxxTQ/2g2g/jBJ1GiFygiFm/i2SHQOJgaFS3Y3InjWEAiINIsdMIt\n" + + "yZk6twMG6ODjy8agZ4LLhZSyCkC33AN7MIkSCtvFubkCgYEAyRm+yvYxwiHCzZV8\n" + + "LZNuBBRliujgG41iuyUyRVBSaMyJMNRoOMm8XwDOF1BA44YPz4yCkfiiEk2ub/f0\n" + + "hDhfBW3EWvYHrWkEbx9Th2YmFq20JlgcBGaM2TiiL+qx4ct687idPbJVZnwc4HtR\n" + + "Kc0eTwRlFsf2O3rwIy52mvIf/48CgYEAxBxsllVz7+/nm0UcxwHNDN+bPyDBxsu9\n" + + "QuSyR+zSnfcL6xaS4SClBLKxHSjbJ2Hi+UOXezO+eozDp/zEFI6BygNRKTaLTVKr\n" + + "ezk9rbyKydRIXNlxFoX07U0KlD4lCrbrpsvcO/OlzJe6q5R0B/CIQmx2Y4wlRrE/\n" + + "Tu+hsf3tBEsCgYBBltsKmXerKJW/tbS1rLMiM4DW6JNHiTqdbUlTIBpwwd0xBuYj\n" + + "N3Dvz3RoWC2Bx9TaTaq8b0p1C88MB+RBR51+SMnVHQ9t+KWQlLgKnj9oACmUpAIn\n" + + "UUc5BeaoGDUCPvqQCTOHzuVZsrs8YBwdtR/gh79sybU+ux8damcWrEfRcwKBgEsU\n" + + "HrZHLMWU8PROtz+w/tGI4aR/Y/A5m9F6QI6sqc10AQoVcFHj74km6Auj0pL3NK/9\n" + + "Ioc2Phwou9caO+8qx6GRN4cxrI8DsUbRmT1kSzYNoU56qILY8fXPYtdyGzhI41rN\n" + + "/RiupLD4/awmf21ytpfHcmOWCcdQoE4WC69a6VyVAoGAboeogM5/TRKj80rXfUH2\n" + + "lFZzgX246XGwNyOVVgOuv/Oxa61b5FeeCpnFQcjpZmC5vd63X3w7oYSDe2wUt+Wh\n" + + "LhYunmcCEj+yb3of33loQb/FM2OLW9UoQakB7ewio9vtw+BAnWxnHFkEaqdxMXpy\n" + + "TiSXLpQ1Q9GvDpzngDzJzzY="; // Certificate information: // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=certissuer // Validity - // Not Before: May 5 02:41:02 2012 GMT - // Not After : Jan 21 02:41:02 2032 GMT + // Not Before: Dec 20 14:21:29 2019 GMT + // Not After : Dec 17 14:21:29 2029 GMT // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=InterOp Tester // X509v3 Subject Key Identifier: - // 57:7D:E2:33:33:60:DF:DD:5E:ED:81:3F:EB:F2:1B:59:7F:50:9C:99 + // 1F:E4:C0:F5:B8:68:DB:D2:EB:9E:6F:BB:B5:9E:92:6D:BA:7D:97:3A // X509v3 Authority Key Identifier: - // keyid:39:0E:C6:33:B1:50:BC:73:07:31:E5:D8:04:F7:BB:97:55:CF:9B:C8 + // keyid:B4:E8:EA:80:A9:2B:F5:62:B5:2C:A6:F8:FF:65:BC:CF:51:40:9C:15 static String clientCertStr = "-----BEGIN CERTIFICATE-----\n" + - "MIICaTCCAdKgAwIBAgIBBTANBgkqhkiG9w0BAQQFADBQMQswCQYDVQQGEwJVUzEN\n" + - "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxEzAR\n" + - "BgNVBAMTCmNlcnRpc3N1ZXIwHhcNMTIwNTA1MDI0MTAyWhcNMzIwMTIxMDI0MTAy\n" + - "WjBUMQswCQYDVQQGEwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNT\n" + - "RSBUZXN0IFNlcml2Y2UxFzAVBgNVBAMTDkludGVyT3AgVGVzdGVyMIGfMA0GCSqG\n" + - "SIb3DQEBAQUAA4GNADCBiQKBgQC1pA71nDg1KhhnHjRdi/eVDUa7uFZAtN8R9huu\n" + - "pTwFoyqSX8lDMz8jDawOMmaI9dVZLjTh3hnf4KBEqQOearFVz45yBOjlgPLBuI4F\n" + - "D/ORhgmDaIu2NK+c1yj6YQlyiO0DPwh55GtPLVG3iuEpejU7gQyaMuTaddoXrO7s\n" + - "xwzanQIDAQABo08wTTALBgNVHQ8EBAMCA+gwHQYDVR0OBBYEFFd94jMzYN/dXu2B\n" + - "P+vyG1l/UJyZMB8GA1UdIwQYMBaAFDkOxjOxULxzBzHl2AT3u5dVz5vIMA0GCSqG\n" + - "SIb3DQEBBAUAA4GBAHTgB5W7wnl7Jnb4wNQcb6JdR8FRHIdslcRfnReFfZBHZZux\n" + - "ChpA1lf62KIzYohKoxQXXMul86vnVSHnXq5xctHEmxCBnALEnoAcCOv6wfWqEA7g\n" + - "2rX+ydmu+0ArbqKhSOypZ7K3ame0UOJJ6HDxdsgBYJuotmSou4KKq9e8GF+d\n" + + "MIIDgTCCAmmgAwIBAgIUHFQOStLURT5sQ57OWO2z8iNJ9P8wDQYJKoZIhvcNAQEL\n" + + "BQAwUDELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpT\n" + + "U0UgVGVzdCBTZXJpdmNlMRMwEQYDVQQDDApjZXJ0aXNzdWVyMB4XDTE5MTIyMDE0\n" + + "MjEyOVoXDTI5MTIxNzE0MjEyOVowVDELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEph\n" + + "dmExHTAbBgNVBAsMFFN1bkpTU0UgVGVzdCBTZXJpdmNlMRcwFQYDVQQDDA5JbnRl\n" + + "ck9wIFRlc3RlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMXA3NV+\n" + + "pDnwnQgXFQ7WeDtcTe4qDQV9tDj9cRZFqQXo94C30lkuXzdH761bZB84DESV0qLI\n" + + "k6/n+D9SOsg7SPe7uejG24rph/VpPANrPXo8jxwh/KW+8y0pYNigFUZDi+mEDAOG\n" + + "gyqaAbahQePDYTa09uY3MTTOcaUnKZEJkfVZnmrwmcH7qapCCz0N4Mv6Xddi87Fk\n" + + "j9R225XXW5ZZ+jwVGi1WubjxqLpbQo9VwdTgozBfxwzjQQWDOlUIics3RRaV4Yz0\n" + + "F3Sr4xZiq09O4x8ZT8jrQgduzVZhWjc7rHHbBeMmVBhOveSCvu54onZ2Y+G7+xU/\n" + + "Zc1Z6s2Wb5N2I40CAwEAAaNPME0wHQYDVR0OBBYEFB/kwPW4aNvS655vu7Wekm26\n" + + "fZc6MB8GA1UdIwQYMBaAFLTo6oCpK/VitSym+P9lvM9RQJwVMAsGA1UdDwQEAwID\n" + + "6DANBgkqhkiG9w0BAQsFAAOCAQEAdgWs2wVkPoOrShdYTJM2/v7sDYENCsj3VGEq\n" + + "NvTeL98FCjRZhRmozVi0mli6z2LjDM/858vZoJWDJ08O0XvhXT4yJWWHCJz4xTY1\n" + + "GBern25Y8VjZGUwAIzK3EDjYzJCZpbhBREF8XZx46OxHt04BKtQwJKBtpJ1/6bRS\n" + + "wvia3wGspFLW78P2Y5rFXzqptaqBD06Dcc4xBgvFLSocSKUzLc8BdNsixtPBQZNs\n" + + "l3X3TUNYoYW677E7EWO8NHUJg+2Qbpo11tkb0AyScSxOu2aHuPfYIchRZXnDdq20\n" + + "tL85OZz8ov7d2jVet/w7FD4M5XfcogsNtpX4kaMsctyvQbDYRA==\n" + "-----END CERTIFICATE-----"; static String clientPrivateKey = // Private key in the format of PKCS#8 - "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALWkDvWcODUqGGce\n" + - "NF2L95UNRru4VkC03xH2G66lPAWjKpJfyUMzPyMNrA4yZoj11VkuNOHeGd/goESp\n" + - "A55qsVXPjnIE6OWA8sG4jgUP85GGCYNoi7Y0r5zXKPphCXKI7QM/CHnka08tUbeK\n" + - "4Sl6NTuBDJoy5Np12hes7uzHDNqdAgMBAAECgYEAjLwygwapXjfhdHQoqpp6F9iT\n" + - "h3sKCVSaybXgOO75lHyZzZO9wv1/288KEm3mmBOxXEm6245UievnAYvaq/GKt93O\n" + - "pj2zRefBzZjGbz0v84fmna/MN6zUUYX1PcVRMKWLx9HKKmQihzwoXdBX0o9PPXdi\n" + - "LfzujNa/q8/mpI5PmEECQQDZwLSaL7OReWZTY4NoQuNzwhx5IKJUOtCFQfmHKZSW\n" + - "wtXntZf+E5W9tGaDY5wjpq5cilKDAHdEAlFWxDe1PoE1AkEA1YuTBpctOLBfquFn\n" + - "Y/S3lzGVlnIHDk3dj4bFglkoJ2bCdlwRNUyBSjAjBDcbYhper8S7GlEN5SiEdz9I\n" + - "3OjIyQJBAKEPMgYhZjYhjxf6sQV7A/VpC9pj0u1uGzGVXNUmYisorUKXRHa/UbBh\n" + - "MLnaAXE1Jh54iRMwUwbQmA0PUQ0T0EkCQQCcr6/umwhkWw2nHYK2Vf5LoudGn15M\n" + - "AZg7UsEjVnXfC0hOfllmCT+ohs96rVCbWAv33lsHAUg3x9YChV3aMbf5AkAj1kuV\n" + - "jUTgFKjediyQC6uof7YdLn+gQGiXK1XE0GBN4WMkzcLiS0jC+MFTgKfFnFdh9K0y\n" + - "fswYKdTA/o8RKaa5"; + "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDFwNzVfqQ58J0I\n" + + "FxUO1ng7XE3uKg0FfbQ4/XEWRakF6PeAt9JZLl83R++tW2QfOAxEldKiyJOv5/g/\n" + + "UjrIO0j3u7noxtuK6Yf1aTwDaz16PI8cIfylvvMtKWDYoBVGQ4vphAwDhoMqmgG2\n" + + "oUHjw2E2tPbmNzE0znGlJymRCZH1WZ5q8JnB+6mqQgs9DeDL+l3XYvOxZI/UdtuV\n" + + "11uWWfo8FRotVrm48ai6W0KPVcHU4KMwX8cM40EFgzpVCInLN0UWleGM9Bd0q+MW\n" + + "YqtPTuMfGU/I60IHbs1WYVo3O6xx2wXjJlQYTr3kgr7ueKJ2dmPhu/sVP2XNWerN\n" + + "lm+TdiONAgMBAAECggEBAK3PX8n+L1YFl9++efG6q55w+MX2C8/htn/IspbCz1a0\n" + + "dqWZ67YavfGWtqCGDTArUQ0PKj2NUdFwb48oNSY8hVvIkhR4hApKTAd1YRwYK8a+\n" + + "Z4JwlOERPidZkReVTF2fjN/IAc8vcSYGiq78eS85UL6Gu+OIayVgth5Ul4I1CSa8\n" + + "+b0n/RAI+yk2HxKlkq40Ofn0VWiGg1dLP2MPwwPNIk+w7nKUysfPmXCHfyBr+CZv\n" + + "1BQ0E/tVau9wsyCjO6wxFsAKteBGdYa0ToEeT0D8MEeY9leKhAAxRneBVCz9AfHj\n" + + "wMGYucxwL0cDLi1IjZB5wlvm5JPqNCKrkHE2XE+UyTkCgYEA/iNP11cqHNPItoXP\n" + + "D2wN4uX60kLNbzZ2dOF1ItybS8OcQvTxA1XulARiCVDIT/+QDETbDQclfhgMOfhe\n" + + "ZCdMrL5RG0YTwg9OGbLcA+8gqd9e/3gs9g8pWNdCfuGIwsnJbpO7iBoCBzHaHHJJ\n" + + "PbWDFS6jxvsqKIGPPwrhL9yp4VMCgYEAxzPKNLclBHorUs9rYRqiG9NTkLRNx4ll\n" + + "LUh0FBItOnG85BxkjQaIlzimNvXZEzZnpOtblugAszxFyq2KTEE9qeB/V3w3FkXi\n" + + "PSpDG5sdRHnl5Qu4PuQ9WsmN7g193tOEdtWQ4NKxPqlC72ehqVDOY7In2quYLUiq\n" + + "C377esv0658CgYAJ0I1N0LT0pg0zV1mWy+KBZ8ZXBnNunxjWDLr8XK62r1hCkbkZ\n" + + "GuF63+x1VaRWypTilGotR6BgDUezmW7zyTzB0xvIxN0QeozWmzy5/isxxEmj7h02\n" + + "Z4F+R9nukoE4nJhl59ivOenoIzm8LYG8m1zznXh/v8VyCQbiNWZa9dettwKBgQDB\n" + + "Yz4DP2noltJIaqXMd5a5fMe7y89Wz8Qx2g0XDy5pdtHygr37S0R/yrdS1AoR5Ndp\n" + + "/DPGpSVI3FLFGQUSUqQSr6fwvt6b+OxShRzxR/155P2TB3WvWNVXtiTb3q08Dgyj\n" + + "cWJdYS5BrwEUen8vaQt1LhgS6lOqYsjysCxkYm078QKBgEJuq4RzecgiGx8srWDb\n" + + "pQKpxrdEt82Y7OXLVj+W9vixcW/xUYhDYGsfdUigZoOjo4nV8KVmMbuI48PIYwnw\n" + + "haLwWrBWlki4x9MRwuZUdewOYoo7hDZToZmIDescdiwv8CA/Dg9kOX3YYLPW+cWl\n" + + "i1pnyMPaloBOhz3Y07sWXxCz"; static char passphrase[] = "passphrase".toCharArray(); @@ -312,7 +387,7 @@ SSLServerSocketFactory sslssf = context.getServerSocketFactory(); SSLServerSocket sslServerSocket = - (SSLServerSocket)sslssf.createServerSocket(serverPort); + (SSLServerSocket) sslssf.createServerSocket(serverPort); serverPort = sslServerSocket.getLocalPort(); SSLSocket sslSocket = null; try { @@ -356,8 +431,7 @@ SSLSocketFactory sslsf = context.getSocketFactory(); SSLSocket sslSocket = - (SSLSocket)sslsf.createSocket("localhost", serverPort); - sslSocket.setEnabledProtocols(new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" }); + (SSLSocket) sslsf.createSocket("localhost", serverPort); try { InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); @@ -458,16 +532,9 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty("jdk.certpath.disabledAlgorithms", - "MD2, RSA keySize < 1024"); - Security.setProperty("jdk.tls.disabledAlgorithms", - "SSLv3, RC4, DH keySize < 768"); - if (debug) System.setProperty("javax.net.debug", "all"); - /* * Get the customized arguments. */ @@ -561,5 +628,4 @@ doClientSide(); } } - }
--- a/test/sun/security/ssl/X509TrustManagerImpl/SelfIssuedCert.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/ssl/X509TrustManagerImpl/SelfIssuedCert.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -35,18 +35,14 @@ * @author Xuelei Fan */ -import java.net.*; -import java.util.*; import java.io.*; import javax.net.ssl.*; -import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.spec.*; import java.security.interfaces.*; -import java.math.BigInteger; import java.util.Base64; @@ -71,78 +67,95 @@ // Certificate information: // Issuer: C=US, O=Example, CN=localhost // Validity - // Not Before: May 25 00:35:58 2009 GMT - // Not After : May 5 00:35:58 2030 GMT + // Not Before: Dec 19 06:11:58 2019 GMT + // Not After : Dec 16 06:11:58 2029 GMT // Subject: C=US, O=Example, CN=localhost // X509v3 Subject Key Identifier: - // 56:AB:FE:15:4C:9C:4A:70:90:DC:0B:9B:EB:BE:DC:03:CC:7F:CE:CF + // 80:67:BA:EE:10:6A:E3:8E:3E:8E:F7:2D:90:B6:FD:F9:54:87:47:B1 // X509v3 Authority Key Identifier: - // keyid:56:AB:FE:15:4C:9C:4A:70:90:DC:0B:9B:EB:BE:DC:03:CC:7F:CE:CF - // DirName:/C=US/O=Example/CN=localhost - // serial:00 + // keyid:80:67:BA:EE:10:6A:E3:8E:3E:8E:F7:2D:90:B6:FD:F9:54:87:47:B1 static String trusedCertStr = "-----BEGIN CERTIFICATE-----\n" + - "MIICejCCAeOgAwIBAgIBADANBgkqhkiG9w0BAQQFADAzMQswCQYDVQQGEwJVUzEQ\n" + - "MA4GA1UEChMHRXhhbXBsZTESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTA5MDUyNTAw\n" + - "MDQ0M1oXDTMwMDUwNTAwMDQ0M1owMzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4\n" + - "YW1wbGUxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw\n" + - "gYkCgYEA0Wvh3FHYGQ3vvw59yTjUxT6QuY0fzwCGQTM9evXr/V9+pjWmaTkNDW+7\n" + - "S/LErlWz64gOWTgcMZN162sVgx4ct/q27brY+SlUO5eSud1fSac6SfefhOPBa965\n" + - "Xc4mnpDt5sgQPMDCuFK7Le6A+/S9J42BO2WYmNcmvcwWWrv+ehcCAwEAAaOBnTCB\n" + - "mjAdBgNVHQ4EFgQUq3q5fYEibdvLpab+JY4pmifj2vYwWwYDVR0jBFQwUoAUq3q5\n" + - "fYEibdvLpab+JY4pmifj2vahN6Q1MDMxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdF\n" + - "eGFtcGxlMRIwEAYDVQQDEwlsb2NhbGhvc3SCAQAwDwYDVR0TAQH/BAUwAwEB/zAL\n" + - "BgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEEBQADgYEAHL8BSwtX6s8WPPG2FbQBX+K8\n" + - "GquAyQNtgfJNm60B4i+fVBkJiQJtLmE0emvHx/3sIaHmB0Gd0HKnk/cIQXY304vr\n" + - "QpqwudKcIZuzmj+pa7807joV+WzRDVIlt4HpYg7tiUvEoyw+X8jwY2lgiGR7mWu6\n" + - "jQU8PN/06+qgtvSGFpo=\n" + + "MIIDRzCCAi+gAwIBAgIUFjy13iZYWMGQcGF4svfix/9q4dcwDQYJKoZIhvcNAQEL\n" + + "BQAwMzELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB0V4YW1wbGUxEjAQBgNVBAMMCWxv\n" + + "Y2FsaG9zdDAeFw0xOTEyMTkwNjExNThaFw0yOTEyMTYwNjExNThaMDMxCzAJBgNV\n" + + "BAYTAlVTMRAwDgYDVQQKDAdFeGFtcGxlMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEi\n" + + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy57BG8Dt+a4ZwWGM07f0z/mzK\n" + + "T/myXM4W//3pkZxO0+4oyYM7G8ks9O64NPpA0CpTPCpfY6dI1Y/kwBUdSoqx2D8t\n" + + "OEfHOat2/AQvvWmEChFH4ZmmQFkLXBy0ueDq0TJbEd94+WhL3q9bA4uqvBsuuaTt\n" + + "bX/GyOC52bpjg0TWY4BRdRVhveISZvqOCoqqJ1aPOnfxqySaZIC34q9gdUCUNxZD\n" + + "qjhuQF3Q0xYsNGZSUmnKj3/0GS600BwQPqSHy287Vda88NvqJGFS4DKrw3HV3Wsk\n" + + "IHGN+tzB5THBy70XrE+XIdXJ/I86q+FvNcTnJygn2nVNG4+vUhW8S3BzTiKPAgMB\n" + + "AAGjUzBRMB0GA1UdDgQWBBSAZ7ruEGrjjj6O9y2Qtv35VIdHsTAfBgNVHSMEGDAW\n" + + "gBSAZ7ruEGrjjj6O9y2Qtv35VIdHsTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3\n" + + "DQEBCwUAA4IBAQBX7icKmR/iUPJhfnvNHiqsyTIcowY3JSAJAyJFrViKx2tdo+qq\n" + + "yA+EUsZlZsCwhiiG4/SjFxgaAp0Z3BBmsO/njWUEx3/fSufTHcs0+fPNkFLru5Lr\n" + + "das4wW9Cv/wO4rz2L6qK/x7+r/wkPccaqxTpdZvXqDid2va5Lv3F7jOW5ns13piZ\n" + + "z571RCpmhGSytYKFrAOGoI4ZBWXrkCiYQZ8KvhdBQP/MNJM+e6ajtF27rK08XTao\n" + + "mW3FXfK6SjKQDGVwtNJ7M1qGutIpe0pNBGwvDpQuY2mk0Le46OXdaQ7AAzE+OnRJ\n" + + "1uRDV+p95MzhtolPgB3I8Rzyd23nfrx6uxMA\n" + "-----END CERTIFICATE-----"; // Certificate information: // Issuer: C=US, O=Example, CN=localhost // Validity - // Not Before: May 25 00:35:58 2009 GMT - // Not After : May 5 00:35:58 2030 GMT + // Not Before: Dec 19 06:12:04 2019 GMT + // Not After : Dec 16 06:12:04 2029 GMT // Subject: C=US, O=Example, CN=localhost // X509v3 Subject Key Identifier: - // 0D:30:76:22:D6:9D:75:EF:FD:83:50:31:18:08:83:CD:01:4E:6A:C4 + // 73:79:B7:73:F5:41:BB:3A:90:07:87:F2:CA:A5:B3:C3:45:E0:18:E0 // X509v3 Authority Key Identifier: - // keyid:56:AB:FE:15:4C:9C:4A:70:90:DC:0B:9B:EB:BE:DC:03:CC:7F:CE:CF - // DirName:/C=US/O=Example/CN=localhost - // serial:00 + // keyid:80:67:BA:EE:10:6A:E3:8E:3E:8E:F7:2D:90:B6:FD:F9:54:87:47:B1 static String targetCertStr = "-----BEGIN CERTIFICATE-----\n" + - "MIICaTCCAdKgAwIBAgIBAjANBgkqhkiG9w0BAQQFADAzMQswCQYDVQQGEwJVUzEQ\n" + - "MA4GA1UEChMHRXhhbXBsZTESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTA5MDUyNTAw\n" + - "MDQ0M1oXDTI5MDIwOTAwMDQ0M1owMzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4\n" + - "YW1wbGUxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw\n" + - "gYkCgYEAzmPahrH9LTQv3HEWsua+hIpzyU1ACooSd5BtDjc7XnVzSdGW8QD9R8EA\n" + - "xko7TvfJo6IH6wwgHBspySwsl+6xvHhbwQjgtWlT71ksrUbqcUzmvSvcycQYA8RC\n" + - "yk9HK5pEJQgSxldpR3Kmy0V6CHC4dCm15trnJYWisTuezY3fjXECAwEAAaOBjDCB\n" + - "iTAdBgNVHQ4EFgQUQkiWFRkjKsfwFo7UMQfGEzNNW60wWwYDVR0jBFQwUoAUq3q5\n" + - "fYEibdvLpab+JY4pmifj2vahN6Q1MDMxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdF\n" + - "eGFtcGxlMRIwEAYDVQQDEwlsb2NhbGhvc3SCAQAwCwYDVR0PBAQDAgPoMA0GCSqG\n" + - "SIb3DQEBBAUAA4GBAIMz7c1R+6KEO7FmH4rnv9XE62xkg03ff0vKXLZMjjs0CX2z\n" + - "ybRttuTFafHA6/JS+Wz0G83FCRVeiw2WPU6BweMwwejzzIrQ/K6mbp6w6sRFcbNa\n" + - "eLBtzkjEtI/htOSSq3/0mbKmWn5uVJckO4QiB8kUR4F7ngM9l1uuI46ZfUsk\n" + + "MIIDNjCCAh6gAwIBAgIURM+bID1TFw41Z/Vz9tPp7HzpH7QwDQYJKoZIhvcNAQEL\n" + + "BQAwMzELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB0V4YW1wbGUxEjAQBgNVBAMMCWxv\n" + + "Y2FsaG9zdDAeFw0xOTEyMTkwNjEyMDRaFw0yOTEyMTYwNjEyMDRaMDMxCzAJBgNV\n" + + "BAYTAlVTMRAwDgYDVQQKDAdFeGFtcGxlMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEi\n" + + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtxQXQdTlZNoASIE0TM+tgtUY3\n" + + "jnu0EymO+RGljOIFYhz2MxN0OQ5ABofxdIhbSqtoCO9HbsVWIPKOvbACoAJ4HjTV\n" + + "antLPlvCqbUoR96q6JWbnbQ6uZOsgiQTveQMhLJ+k9BehzcwKvwCFGNY3qW0xwUv\n" + + "mXKWRveRAbTOjZ3i1YzcmkLOwYaeyt2Al3jPCbZySUlB94NRRAQZ4RzqfuetAvEd\n" + + "LFW1fXNwL5bHE7JbJkWInciLOqHf5GuyXDjKE8Oz2/Ywv/5C2K2LtWa1g5jIEQtB\n" + + "cjRa9Cjwcrs8peisC5OmL5cbJweNKr6H0mrVR8KFdFHUmM5X4uSiOMVFr/rTAgMB\n" + + "AAGjQjBAMB0GA1UdDgQWBBRzebdz9UG7OpAHh/LKpbPDReAY4DAfBgNVHSMEGDAW\n" + + "gBSAZ7ruEGrjjj6O9y2Qtv35VIdHsTANBgkqhkiG9w0BAQsFAAOCAQEAZ/Ijlics\n" + + "YGCw9k4he3ZkNfqCPFTJKgkbTuM1Cy+aCXzhhdGKCZ2R0Xyi3ma3snwPtqHy5Aru\n" + + "WwoGssxL6S8+Pb/BPZ9OelU7lEmS69AeBKOHHIEs+wEi2oco8J+WU1O4zekP8Clv\n" + + "hHuwPhoL6g0aAUXAISaqYpHYC15oXGOJcC539kgv4VrL9UZJekxtDERUXKyzW+UC\n" + + "ZBPalts1zM5wD43+9PuoeLiPdvMg1kH4obJYnj23zej41iwqPOWhgm0NuGoJVjSg\n" + + "4YqtS1ePD/I2oRV0bu4P7Q72cMYdcFHfPDoe3vCcEMxUTgGBaoPHw9GwEeRoWn/L\n" + + "whBwzXBsD0aZqQ==\n" + "-----END CERTIFICATE-----"; // Private key in the format of PKCS#8 static String targetPrivateKey = - "MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBAM5j2oax/S00L9xx\n" + - "FrLmvoSKc8lNQAqKEneQbQ43O151c0nRlvEA/UfBAMZKO073yaOiB+sMIBwbKcks\n" + - "LJfusbx4W8EI4LVpU+9ZLK1G6nFM5r0r3MnEGAPEQspPRyuaRCUIEsZXaUdypstF\n" + - "eghwuHQpteba5yWForE7ns2N341xAgMBAAECgYEAgZ8k98OBhopoJMLBxso0jXmH\n" + - "Dr59oiDlSEJku7DkkIajSZFggyxj5lTI78BfT1FASozQ/EY5RG2q6LXdq+41oU/U\n" + - "JVEQWhdIE1mQDwE0vgaYdjzMaVIsC3cZYOCOmCYvNxCiTt7e/z8yBMmAE5udqJMB\n" + - "pim4WXDfpy0ssK81oCECQQDwMC4xu+kn0yD/Qyi9Zn26gIRDv4bjzDQoJfSvMhrY\n" + - "a4duxLzh9u4gCDd0+wHxpPQvNxGCk0c1JUxBJ2rb4G3HAkEA2/oVRV6+xiRXUnoo\n" + - "bdPEO27zEJmdpE42yU/JLIy6DPu2IUhEqY45fU2ZERmwMdhpiK/vsf/CZKJ2j/ZU\n" + - "PdMLBwJBAJIYTFDWAqjFpCGAASzLRZiGiW0H941h7Suqgp159ZhEN5mps1Yis47q\n" + - "UIkoEHOiKSD69vychsiNykcrKbVaWosCQQC1UrYX4Vo1r5z/EkyjAwzcxL68rzM/\n" + - "TW1hkU/NVg7CRvXBB3X5oY+H1t/WNauD2tRa5FMbESwmkbhTQIP+FikfAkEA4goD\n" + - "HCxUn0Z1OQq9QL6y1Yoof6sHxicUwABosuCLJnDJmA5vhpemvdXQTzFII8g1hyQf\n" + - "z1yyDoxhddcleKlJvQ=="; + "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCtxQXQdTlZNoAS\n" + + "IE0TM+tgtUY3jnu0EymO+RGljOIFYhz2MxN0OQ5ABofxdIhbSqtoCO9HbsVWIPKO\n" + + "vbACoAJ4HjTVantLPlvCqbUoR96q6JWbnbQ6uZOsgiQTveQMhLJ+k9BehzcwKvwC\n" + + "FGNY3qW0xwUvmXKWRveRAbTOjZ3i1YzcmkLOwYaeyt2Al3jPCbZySUlB94NRRAQZ\n" + + "4RzqfuetAvEdLFW1fXNwL5bHE7JbJkWInciLOqHf5GuyXDjKE8Oz2/Ywv/5C2K2L\n" + + "tWa1g5jIEQtBcjRa9Cjwcrs8peisC5OmL5cbJweNKr6H0mrVR8KFdFHUmM5X4uSi\n" + + "OMVFr/rTAgMBAAECggEAIFDvz+C9FZZJIxXWv6d8MrQDpvlckBSwOeKgIYWd0xp4\n" + + "AGFnUMn7mHSee40Mfs3YKrTeqw4yrN3bvigQv6w6SVR0xuvSmh+yuPUOt7sF8grn\n" + + "J9WgWvuANyjMxM8fxiQ3fcrHiYzj+pVD4K8h+rkNYB1THZMP+FqiV9lVYsR7hF+b\n" + + "1D967LB4oLmAaMExaSo23NZLGVTxZSxxGw6Qidz7CyKvIdVXnNIEzMnuXX60xiJm\n" + + "PnLyZUKDmlw5kI4KaDG+6OIOpDu2FGCFVLZmycs4Ri6h6xJp3jhKAVjCcZJUty80\n" + + "+rBfAx4BHfDrcgyEiTN7NA8gnnCzUc6uX6I/tm62gQKBgQDniWuFjSzhaAhj04+N\n" + + "vG8sQjfVmTbON6SfFfujR/Z57qamJ8zcS/REHfc5swdn9uUTJ2xoRRNCwKZyuMXo\n" + + "4B2/O9+sKfEPYGyjAyGo6E4rGLRNcw6Tb8hx/EFvfTOunwapynOJDDs2Z6FzWNIx\n" + + "x4+FHs9hStwL/OTdXF/OY2vGsQKBgQDAIR93LrCC6OpGi89/UDIwpT9pFLa8cvpr\n" + + "1MUNlHhcxQusPUgWT4pTucF/SQpPf77g3YNb5pt3DG0GELM8YAB0Uv9oZIWfJoFY\n" + + "ebYy6tMVxhHhT0OuryMj48BMHnQG78hq8+c0NnjK7jXV6t0iKjN8ANnFqAovm+U9\n" + + "VMobar5CwwKBgFCKN9GsCxmZg5meBQiLrKxbmGp/slXHe0cvcWoZ5T4C6wtPOu7C\n" + + "qQRs3AvBH+llM8gW5ZnbtVh6BSxQ498e3pof7K1JpaXwp7mIpFPKAy7wl/9872wP\n" + + "7UzhL63lgm3SuZGkb84TaCGDqOCj2/Ie9eibkA3K6YJuBPqPYHA9m0bxAoGARdcE\n" + + "iB9pvHyMRM6nw8DULciz7y+/aWtmSnJSmyggRKDAKIEyRiHtx5eblfhoDhQCv9zl\n" + + "1i9SzgivTOgfL1A6eg59l2YLCJpHpHDB4WppBt40O7HDialSXcZ5bXIYfTkGopI8\n" + + "tkciy6mh2jwA3F14z5fDkc0OvtWtlAjRWvwHY18CgYAPONVJtVFiMogBU5Iyv1LB\n" + + "oygn6AFvTI8Pjy2g5GsJBbRnKFjAJrP7HpgUxLdW+Mlnv3Xgtr/L6ep+VKoXTEwv\n" + + "Y83gliDwG2YRjaUbkMfQqcm20/Pi4XPwhy5pwTVsXVBfzKzqJjKAFk97BD9xCUIH\n" + + "FOGe+jaEsWvaEQrH5y17FQ=="; static char passphrase[] = "passphrase".toCharArray(); @@ -209,7 +222,6 @@ SSLSocket sslSocket = (SSLSocket)sslsf.createSocket("localhost", serverPort); - sslSocket.setEnabledProtocols(new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" }); InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); @@ -306,16 +318,9 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty("jdk.certpath.disabledAlgorithms", - "MD2, RSA keySize < 1024"); - Security.setProperty("jdk.tls.disabledAlgorithms", - "SSLv3, RC4, DH keySize < 768"); - if (debug) System.setProperty("javax.net.debug", "all"); - /* * Get the customized arguments. */
--- a/test/sun/security/tools/jarsigner/TimestampCheck.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/tools/jarsigner/TimestampCheck.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -67,7 +67,7 @@ /* * @test * @bug 6543842 6543440 6939248 8009636 8024302 8163304 8169911 8169688 8171121 - * 8180289 + * 8180289 8172404 * @summary checking response of timestamp * @modules java.base/sun.security.pkcs * java.base/sun.security.timestamp @@ -221,7 +221,8 @@ // Always use the same algorithm at timestamp signing // so it is different from the hash algorithm. - Signature sig = Signature.getInstance("SHA1withRSA"); + String sigAlg = "SHA256withRSA"; + Signature sig = Signature.getInstance(sigAlg); sig.initSign((PrivateKey)(ks.getKey( alias, "changeit".toCharArray()))); sig.update(tstInfo.toByteArray()); @@ -238,7 +239,9 @@ SignerInfo signerInfo = new SignerInfo( new X500Name(signer.getIssuerX500Principal().getName()), signer.getSerialNumber(), - AlgorithmId.get("SHA-1"), AlgorithmId.get("RSA"), sig.sign()); + AlgorithmId.get(AlgorithmId.getDigAlgFromSigAlg(sigAlg)), + AlgorithmId.get(AlgorithmId.getEncAlgFromSigAlg(sigAlg)), + sig.sign()); SignerInfo[] signerInfos = {signerInfo}; PKCS7 p7 = new PKCS7(algorithms, contentInfo, @@ -415,43 +418,107 @@ .shouldContain("TSAPolicyID changed in timestamp token") .shouldHaveExitValue(1); - sign("sha1alg", "-tsadigestalg", "SHA") + sign("sha384alg", "-tsadigestalg", "SHA-384") .shouldHaveExitValue(0); - checkTimestamp("sha1alg.jar", defaultPolicyId, "SHA-1"); + checkTimestamp("sha384alg.jar", defaultPolicyId, "SHA-384"); - sign("tsweak", "-digestalg", "MD5", + // Legacy algorithms + signVerbose(null, "unsigned.jar", "sha1alg.jar", "signer", + "-strict", "-digestalg", "SHA-1") + .shouldHaveExitValue(0) + .shouldContain("jar signed, with signer errors") + .shouldMatch("SHA-1.*-digestalg.*will be disabled"); + verify("sha1alg.jar", "-strict") + .shouldHaveExitValue(0) + .shouldContain("jar verified, with signer errors") + .shouldContain("SHA-1 digest algorithm is considered a security risk") + .shouldContain("This algorithm will be disabled in a future update") + .shouldNotContain("is disabled"); + + sign("sha1tsaalg", "-tsadigestalg", "SHA-1", "-strict") + .shouldHaveExitValue(0) + .shouldContain("jar signed, with signer errors") + .shouldMatch("SHA-1.*-tsadigestalg.*will be disabled") + .shouldNotContain("is disabled"); + verify("sha1tsaalg.jar", "-strict") + .shouldHaveExitValue(0) + .shouldContain("jar verified, with signer errors") + .shouldContain("SHA-1 digest algorithm is considered a security risk") + .shouldNotContain("is disabled"); + + // Disabled algorithms + sign("tsdisabled", "-digestalg", "MD5", "-sigalg", "MD5withRSA", "-tsadigestalg", "MD5") .shouldHaveExitValue(68) - .shouldContain("The timestamp is invalid. Without a valid timestamp"); - checkWeak("tsweak.jar"); + .shouldContain("The timestamp is invalid. Without a valid timestamp") + .shouldMatch("MD5.*-digestalg.*is disabled") + .shouldMatch("MD5.*-tsadigestalg.*is disabled") + .shouldMatch("MD5withRSA.*-sigalg.*is disabled"); + checkDisabled("tsdisabled.jar"); - signVerbose("tsweak", "unsigned.jar", "tsweak2.jar", "signer") + signVerbose("tsdisabled", "unsigned.jar", "tsdisabled2.jar", "signer") .shouldHaveExitValue(64) .shouldContain("The timestamp is invalid. Without a valid timestamp") .shouldContain("TSA certificate chain is invalid"); - // Weak timestamp is an error and jar treated unsigned - verify("tsweak2.jar", "-verbose") + // Disabled timestamp is an error and jar treated unsigned + verify("tsdisabled2.jar", "-verbose") .shouldHaveExitValue(16) .shouldContain("treated as unsigned") - .shouldMatch("Timestamp.*512.*weak"); + .shouldMatch("Timestamp.*512.*(disabled)"); + + // Algorithm used in signing is disabled + signVerbose("normal", "unsigned.jar", "halfDisabled.jar", "signer", + "-digestalg", "MD5") + .shouldContain("-digestalg option is considered a security risk and is disabled") + .shouldHaveExitValue(4); + checkHalfDisabled("halfDisabled.jar"); + + // sign with DSA key + signVerbose("normal", "unsigned.jar", "sign1.jar", "dsakey") + .shouldHaveExitValue(0); + + // sign with RSAkeysize < 1024 + signVerbose("normal", "sign1.jar", "sign2.jar", "disabledkeysize") + .shouldContain("Algorithm constraints check failed on keysize") + .shouldHaveExitValue(4); + checkMultiple("sign2.jar"); + + // Legacy algorithms + sign("tsweak", "-digestalg", "SHA1", + "-sigalg", "SHA1withRSA", "-tsadigestalg", "SHA1") + .shouldHaveExitValue(0) + .shouldMatch("SHA1.*-digestalg.*will be disabled") + .shouldMatch("SHA1.*-tsadigestalg.*will be disabled") + .shouldMatch("SHA1withRSA.*-sigalg.*will be disabled"); + checkWeak("tsweak.jar"); + + signVerbose("tsweak", "unsigned.jar", "tsweak2.jar", "signer") + .shouldHaveExitValue(0); + + verify("tsweak2.jar", "-verbose") + .shouldHaveExitValue(0) + .shouldContain("jar verified") + .shouldMatch("Timestamp.*1024.*(weak)"); // Algorithm used in signing is weak signVerbose("normal", "unsigned.jar", "halfWeak.jar", "signer", - "-digestalg", "MD5") - .shouldContain("-digestalg option is considered a security risk") - .shouldHaveExitValue(4); + "-digestalg", "SHA1") + .shouldContain("-digestalg option is considered a security risk.") + .shouldContain("This algorithm will be disabled in a future update.") + .shouldHaveExitValue(0); checkHalfWeak("halfWeak.jar"); // sign with DSA key signVerbose("normal", "unsigned.jar", "sign1.jar", "dsakey") .shouldHaveExitValue(0); - // sign with RSAkeysize < 1024 + // sign with RSAkeysize < 2048 signVerbose("normal", "sign1.jar", "sign2.jar", "weakkeysize") - .shouldContain("Algorithm constraints check failed on keysize") - .shouldHaveExitValue(4); - checkMultiple("sign2.jar"); + .shouldNotContain("Algorithm constraints check failed on keysize") + .shouldHaveExitValue(0); + checkMultipleWeak("sign2.jar"); + // 8191438: jarsigner should print when a timestamp will expire checkExpiration(); @@ -687,7 +754,7 @@ .shouldContain("re-run jarsigner with debug enabled"); } - static void checkWeak(String file) throws Exception { + static void checkDisabled(String file) throws Exception { verify(file) .shouldHaveExitValue(16) .shouldContain("treated as unsigned") @@ -697,11 +764,11 @@ .shouldHaveExitValue(16) .shouldContain("treated as unsigned") .shouldMatch("weak algorithm that is now disabled by") - .shouldMatch("Digest algorithm: .*weak") - .shouldMatch("Signature algorithm: .*weak") - .shouldMatch("Timestamp digest algorithm: .*weak") - .shouldNotMatch("Timestamp signature algorithm: .*weak.*weak") - .shouldMatch("Timestamp signature algorithm: .*key.*weak"); + .shouldMatch("Digest algorithm: .*(disabled)") + .shouldMatch("Signature algorithm: .*(disabled)") + .shouldMatch("Timestamp digest algorithm: .*(disabled)") + .shouldNotMatch("Timestamp signature algorithm: .*(weak).*(weak)") + .shouldMatch("Timestamp signature algorithm: .*key.*(disabled)"); verify(file, "-J-Djava.security.debug=jar") .shouldHaveExitValue(16) .shouldMatch("SignatureException:.*disabled"); @@ -709,19 +776,19 @@ static void checkHalfWeak(String file) throws Exception { verify(file) - .shouldHaveExitValue(16) - .shouldContain("treated as unsigned") - .shouldMatch("weak algorithm that is now disabled.") - .shouldMatch("Re-run jarsigner with the -verbose option for more details"); + .shouldHaveExitValue(0) + .shouldNotContain("treated as unsigned"); verify(file, "-verbose") - .shouldHaveExitValue(16) - .shouldContain("treated as unsigned") - .shouldMatch("weak algorithm that is now disabled by") - .shouldMatch("Digest algorithm: .*weak") - .shouldNotMatch("Signature algorithm: .*weak") - .shouldNotMatch("Timestamp digest algorithm: .*weak") - .shouldNotMatch("Timestamp signature algorithm: .*weak.*weak") - .shouldNotMatch("Timestamp signature algorithm: .*key.*weak"); + .shouldHaveExitValue(0) + .shouldNotContain("treated as unsigned") + .shouldMatch("Digest algorithm: .*(weak)") + .shouldNotMatch("Signature algorithm: .*(weak)") + .shouldNotMatch("Signature algorithm: .*(disabled)") + .shouldNotMatch("Timestamp digest algorithm: .*(weak)") + .shouldNotMatch("Timestamp signature algorithm: .*(weak).*(weak)") + .shouldNotMatch("Timestamp signature algorithm: .*(disabled).*(disabled)") + .shouldNotMatch("Timestamp signature algorithm: .*key.*(weak)") + .shouldNotMatch("Timestamp signature algorithm: .*key.*(disabled)"); } static void checkMultiple(String file) throws Exception { @@ -732,11 +799,73 @@ .shouldHaveExitValue(0) .shouldContain("jar verified") .shouldMatch("X.509.*CN=dsakey") - .shouldNotMatch("X.509.*CN=weakkeysize") + .shouldNotMatch("X.509.*CN=disabledkeysize") + .shouldMatch("Signed by .*CN=dsakey") + .shouldMatch("Signed by .*CN=disabledkeysize") + .shouldMatch("Signature algorithm: .*key.*(disabled)"); + } + + static void checkWeak(String file) throws Exception { + verify(file) + .shouldHaveExitValue(0) + .shouldNotContain("treated as unsigned"); + verify(file, "-verbose") + .shouldHaveExitValue(0) + .shouldNotContain("treated as unsigned") + .shouldMatch("Digest algorithm: .*(weak)") + .shouldMatch("Signature algorithm: .*(weak)") + .shouldMatch("Timestamp digest algorithm: .*(weak)") + .shouldNotMatch("Timestamp signature algorithm: .*(weak).*(weak)") + .shouldMatch("Timestamp signature algorithm: .*key.*(weak)"); + verify(file, "-J-Djava.security.debug=jar") + .shouldHaveExitValue(0) + .shouldNotMatch("SignatureException:.*disabled"); + + // keytool should print out warnings when reading or + // generating cert/cert req using legacy algorithms. + String sout = SecurityTools.keytool("-printcert -jarfile " + file) + .stderrShouldContain("The TSA certificate uses a 1024-bit RSA key" + + " which is considered a security risk." + + " This key size will be disabled in a future update.") + .getStdout(); + if (sout.indexOf("weak", sout.indexOf("Timestamp:")) < 0) { + throw new RuntimeException("timestamp not weak: " + sout); + } + } + + static void checkHalfDisabled(String file) throws Exception { + verify(file) + .shouldHaveExitValue(16) + .shouldContain("treated as unsigned") + .shouldMatch("weak algorithm that is now disabled.") + .shouldMatch("Re-run jarsigner with the -verbose option for more details"); + verify(file, "-verbose") + .shouldHaveExitValue(16) + .shouldContain("treated as unsigned") + .shouldMatch("weak algorithm that is now disabled by") + .shouldMatch("Digest algorithm: .*(disabled)") + .shouldNotMatch("Signature algorithm: .*(weak)") + .shouldNotMatch("Signature algorithm: .*(disabled)") + .shouldNotMatch("Timestamp digest algorithm: .*(disabled)") + .shouldNotMatch("Timestamp signature algorithm: .*(weak).*(weak)") + .shouldNotMatch("Timestamp signature algorithm: .*(disabled).*(disabled)") + .shouldNotMatch("Timestamp signature algorithm: .*key.*(weak)") + .shouldNotMatch("Timestamp signature algorithm: .*key.*(disabled)"); + } + + static void checkMultipleWeak(String file) throws Exception { + verify(file) + .shouldHaveExitValue(0) + .shouldContain("jar verified"); + verify(file, "-verbose", "-certs") + .shouldHaveExitValue(0) + .shouldContain("jar verified") + .shouldMatch("X.509.*CN=dsakey") + .shouldMatch("X.509.*CN=weakkeysize") .shouldMatch("Signed by .*CN=dsakey") .shouldMatch("Signed by .*CN=weakkeysize") - .shouldMatch("Signature algorithm: .*key.*weak"); - } + .shouldMatch("Signature algorithm: .*key.*(weak)"); + } static void checkTimestamp(String file, String policyId, String digestAlg) throws Exception { @@ -812,11 +941,13 @@ keytool("-alias signer -genkeypair -ext bc -dname CN=signer"); keytool("-alias oldsigner -genkeypair -dname CN=oldsigner"); keytool("-alias dsakey -genkeypair -keyalg DSA -dname CN=dsakey"); - keytool("-alias weakkeysize -genkeypair -keysize 512 -dname CN=weakkeysize"); + keytool("-alias weakkeysize -genkeypair -keysize 1024 -dname CN=weakkeysize"); + keytool("-alias disabledkeysize -genkeypair -keysize 512 -dname CN=disabledkeysize"); keytool("-alias badku -genkeypair -dname CN=badku"); keytool("-alias ts -genkeypair -dname CN=ts"); keytool("-alias tsold -genkeypair -dname CN=tsold"); - keytool("-alias tsweak -genkeypair -keysize 512 -dname CN=tsweak"); + keytool("-alias tsweak -genkeypair -keysize 1024 -dname CN=tsweak"); + keytool("-alias tsdisabled -genkeypair -keysize 512 -dname CN=tsdisabled"); keytool("-alias tsbad1 -genkeypair -dname CN=tsbad1"); keytool("-alias tsbad2 -genkeypair -dname CN=tsbad2"); keytool("-alias tsbad3 -genkeypair -dname CN=tsbad3"); @@ -840,6 +971,7 @@ gencert("oldsigner", "-startdate -30d -validity 20"); gencert("dsakey"); gencert("weakkeysize"); + gencert("disabledkeysize"); gencert("badku", "-ext ku:critical=keyAgreement"); gencert("ts", "-ext eku:critical=ts -validity 500"); @@ -872,6 +1004,7 @@ gencert("tsold", "-ext eku:critical=ts -startdate -40d -validity 500"); gencert("tsweak", "-ext eku:critical=ts"); + gencert("tsdisabled", "-ext eku:critical=ts"); gencert("tsbad1"); gencert("tsbad2", "-ext eku=ts"); gencert("tsbad3", "-ext eku:critical=cs");
--- a/test/sun/security/tools/jarsigner/TsacertOptionTest.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/tools/jarsigner/TsacertOptionTest.java Mon Apr 19 04:23:30 2021 +0100 @@ -146,7 +146,7 @@ // sign jar file // specify -tsadigestalg option because - // TSA server uses SHA-1 digest algorithm + // TSA server uses SHA-512 digest algorithm OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-J-Dhttp.proxyHost=", "-J-Dhttp.proxyPort=", @@ -157,7 +157,7 @@ "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, "-tsacert", TSA_KEY_ALIAS, - "-tsadigestalg", "SHA-1", + "-tsadigestalg", "SHA-512", UNSIGNED_JARFILE, SIGNING_KEY_ALIAS);
--- a/test/sun/security/tools/jarsigner/Warning.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/tools/jarsigner/Warning.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -72,12 +72,12 @@ .shouldNotContain("is self-signed"); run("jarsigner", "a.jar b -digestalg MD5") - .shouldContain("-digestalg option is considered a security risk."); + .shouldContain("-digestalg option is considered a security risk and is disabled."); run("jarsigner", "a.jar b -digestalg MD5 -strict") .shouldHaveExitValue(4) - .shouldContain("-digestalg option is considered a security risk."); + .shouldContain("-digestalg option is considered a security risk and is disabled."); run("jarsigner", "a.jar b -sigalg MD5withRSA") - .shouldContain("-sigalg option is considered a security risk"); + .shouldContain("-sigalg option is considered a security risk and is disabled."); issueCert("b", "-sigalg MD5withRSA"); run("jarsigner", "a.jar b")
--- a/test/sun/security/tools/jarsigner/concise_jarsigner.sh Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/tools/jarsigner/concise_jarsigner.sh Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ # -# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2009, 2020, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -44,13 +44,13 @@ ;; esac -# Choose 1024-bit RSA to make sure it runs fine and fast on all platforms. In +# Choose 2048-bit RSA to make sure it runs fine and fast on all platforms. In # fact, every keyalg/keysize combination is OK for this test. TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US" KS=js.ks -KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa -keysize 1024" +KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa -keysize 2048" JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}" JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -debug" JAVAC="$TESTJAVA${FS}bin${FS}javac ${TESTTOOLVMOPTS} ${TESTJAVACOPTS}"
--- a/test/sun/security/tools/jarsigner/ec.sh Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/tools/jarsigner/ec.sh Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ # -# Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2009, 2020, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -69,7 +69,7 @@ $KT -alias x -certreq | $KT -gencert -alias ca -validity 300 | $KT -import -alias x || exit 141 $JARSIGNER -keystore $KS -storepass changeit $JFILE a -debug -strict || exit 21 -$JARSIGNER -keystore $KS -storepass changeit $JFILE b -debug -strict -sigalg SHA1withECDSA || exit 22 +$JARSIGNER -keystore $KS -storepass changeit $JFILE b -debug -strict -sigalg SHA256withECDSA || exit 22 $JARSIGNER -keystore $KS -storepass changeit $JFILE c -debug -strict -sigalg SHA512withECDSA || exit 23 $JARSIGNER -keystore $KS -storepass changeit -verify $JFILE a -debug -strict || exit 31
--- a/test/sun/security/tools/jarsigner/nameclash.sh Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/tools/jarsigner/nameclash.sh Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ # -# Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2009, 2020, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -57,8 +57,8 @@ echo A > A $JAR cvf $JFILE A -$JARSIGNER -keystore $KS -storepass changeit $JFILE a -digestalg SHA1 || exit 1 -$JARSIGNER -keystore $KS -storepass changeit $JFILE b -digestalg SHA-1 || exit 2 +$JARSIGNER -keystore $KS -storepass changeit $JFILE a -digestalg SHA-256 || exit 1 +$JARSIGNER -keystore $KS -storepass changeit $JFILE b -digestalg SHA-256 || exit 2 $JARSIGNER -keystore $KS -verify -debug -strict $JFILE || exit 3
--- a/test/sun/security/tools/keytool/WeakAlg.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/sun/security/tools/keytool/WeakAlg.java Mon Apr 19 04:23:30 2021 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /* * @test - * @bug 8171319 8177569 8182879 + * @bug 8171319 8177569 8182879 8172404 * @summary keytool should print out warnings when reading or generating * cert/cert req using weak algorithms * @library /lib/testlibrary @@ -65,62 +65,63 @@ rm("ks"); + // Tests for "disabled" algorithms // -genkeypair, and -printcert, -list -alias, -exportcert // (w/ different formats) - checkGenKeyPair("a", "-keyalg RSA -sigalg MD5withRSA", "MD5withRSA"); - checkGenKeyPair("b", "-keyalg RSA -keysize 512", "512-bit RSA key"); - checkGenKeyPair("c", "-keyalg RSA", null); + checkDisabledGenKeyPair("a", "-keyalg RSA -sigalg MD5withRSA", "MD5withRSA"); + checkDisabledGenKeyPair("b", "-keyalg RSA -keysize 512", "512-bit RSA key"); + checkDisabledGenKeyPair("c", "-keyalg RSA", null); kt("-list") .shouldContain("Warning:") - .shouldMatch("<a>.*MD5withRSA.*risk") - .shouldMatch("<b>.*512-bit RSA key.*risk"); + .shouldMatch("<a>.*MD5withRSA.*is disabled") + .shouldMatch("<b>.*512-bit RSA key.*is disabled"); kt("-list -v") .shouldContain("Warning:") - .shouldMatch("<a>.*MD5withRSA.*risk") - .shouldContain("MD5withRSA (weak)") - .shouldMatch("<b>.*512-bit RSA key.*risk") - .shouldContain("512-bit RSA key (weak)"); + .shouldMatch("<a>.*MD5withRSA.*is disabled") + .shouldContain("MD5withRSA (disabled)") + .shouldMatch("<b>.*512-bit RSA key.*is disabled") + .shouldContain("512-bit RSA key (disabled)"); // Multiple warnings for multiple cert in -printcert // or -list or -exportcert // -certreq, -printcertreq, -gencert - checkCertReq("a", "", null); + checkDisabledCertReq("a", "", null); gencert("c-a", "") .shouldNotContain("Warning"); // new sigalg is not weak gencert("c-a", "-sigalg MD2withRSA") .shouldContain("Warning:") - .shouldMatch("The generated certificate.*MD2withRSA.*risk"); + .shouldMatch("The generated certificate.*MD2withRSA.*is disabled"); - checkCertReq("a", "-sigalg MD5withRSA", "MD5withRSA"); + checkDisabledCertReq("a", "-sigalg MD5withRSA", "MD5withRSA"); gencert("c-a", "") .shouldContain("Warning:") - .shouldMatch("The certificate request.*MD5withRSA.*risk"); + .shouldMatch("The certificate request.*MD5withRSA.*is disabled"); gencert("c-a", "-sigalg MD2withRSA") .shouldContain("Warning:") - .shouldMatch("The certificate request.*MD5withRSA.*risk") - .shouldMatch("The generated certificate.*MD2withRSA.*risk"); + .shouldMatch("The certificate request.*MD5withRSA.*is disabled") + .shouldMatch("The generated certificate.*MD2withRSA.*is disabled"); - checkCertReq("b", "", "512-bit RSA key"); + checkDisabledCertReq("b", "", "512-bit RSA key"); gencert("c-b", "") .shouldContain("Warning:") - .shouldMatch("The certificate request.*512-bit RSA key.*risk") - .shouldMatch("The generated certificate.*512-bit RSA key.*risk"); + .shouldMatch("The certificate request.*512-bit RSA key.*is disabled") + .shouldMatch("The generated certificate.*512-bit RSA key.*is disabled"); - checkCertReq("c", "", null); + checkDisabledCertReq("c", "", null); gencert("a-c", "") .shouldContain("Warning:") - .shouldMatch("The issuer.*MD5withRSA.*risk"); + .shouldMatch("The issuer.*MD5withRSA.*is disabled"); // but the new cert is not weak kt("-printcert -file a-c.cert") .shouldNotContain("Warning") - .shouldNotContain("weak"); + .shouldNotContain("(disabled)"); gencert("b-c", "") .shouldContain("Warning:") - .shouldMatch("The issuer.*512-bit RSA key.*risk"); + .shouldMatch("The issuer.*512-bit RSA key.*is disabled"); // -importcert checkImport(); @@ -130,10 +131,10 @@ // -gencrl, -printcrl - checkGenCRL("a", "", null); - checkGenCRL("a", "-sigalg MD5withRSA", "MD5withRSA"); - checkGenCRL("b", "", "512-bit RSA key"); - checkGenCRL("c", "", null); + checkDisabledGenCRL("a", "", null); + checkDisabledGenCRL("a", "-sigalg MD5withRSA", "MD5withRSA"); + checkDisabledGenCRL("b", "", "512-bit RSA key"); + checkDisabledGenCRL("c", "", null); kt("-delete -alias b"); kt("-printcrl -file b.crl") @@ -142,6 +143,78 @@ jksTypeCheck(); checkInplaceImportKeyStore(); + + rm("ks"); + + // Tests for "legacy" algorithms + // -genkeypair, and -printcert, -list -alias, -exportcert + // (w/ different formats) + checkWeakGenKeyPair("x", "-keyalg RSA -sigalg SHA1withRSA", "SHA1withRSA"); + checkWeakGenKeyPair("y", "-keyalg RSA -keysize 1024", "1024-bit RSA key"); + checkWeakGenKeyPair("z", "-keyalg RSA", null); + + kt("-list") + .shouldContain("Warning:") + .shouldMatch("<x>.*SHA1withRSA.*will be disabled") + .shouldMatch("<y>.*1024-bit RSA key.*will be disabled"); + kt("-list -v") + .shouldContain("Warning:") + .shouldMatch("<x>.*SHA1withRSA.*will be disabled") + .shouldContain("SHA1withRSA (weak)") + .shouldMatch("<y>.*1024-bit RSA key.*will be disabled") + .shouldContain("1024-bit RSA key (weak)"); + + // Multiple warnings for multiple cert in -printcert + // or -list or -exportcert + + // -certreq, -printcertreq, -gencert + checkWeakCertReq("x", "", null); + gencert("z-x", "") + .shouldNotContain("Warning"); // new sigalg is not weak + gencert("z-x", "-sigalg SHA1withRSA") + .shouldContain("Warning:") + .shouldMatch("The generated certificate.*SHA1withRSA.*will be disabled"); + + checkWeakCertReq("x", "-sigalg SHA1withRSA", "SHA1withRSA"); + gencert("z-x", "") + .shouldContain("Warning:") + .shouldMatch("The certificate request.*SHA1withRSA.*will be disabled"); + gencert("z-x", "-sigalg SHA1withRSA") + .shouldContain("Warning:") + .shouldMatch("The certificate request.*SHA1withRSA.*will be disabled") + .shouldMatch("The generated certificate.*SHA1withRSA.*will be disabled"); + + checkWeakCertReq("y", "", "1024-bit RSA key"); + gencert("z-y", "") + .shouldContain("Warning:") + .shouldMatch("The certificate request.*1024-bit RSA key.*will be disabled") + .shouldMatch("The generated certificate.*1024-bit RSA key.*will be disabled"); + + checkWeakCertReq("z", "", null); + gencert("x-z", "") + .shouldContain("Warning:") + .shouldMatch("The issuer.*SHA1withRSA.*will be disabled"); + + // but the new cert is not weak + kt("-printcert -file x-z.cert") + .shouldNotContain("Warning") + .shouldNotContain("weak"); + + gencert("y-z", "") + .shouldContain("Warning:") + .shouldMatch("The issuer.*1024-bit RSA key.*will be disabled"); + + // -gencrl, -printcrl + checkWeakGenCRL("x", "", null); + checkWeakGenCRL("x", "-sigalg SHA1withRSA", "SHA1withRSA"); + checkWeakGenCRL("y", "", "1024-bit RSA key"); + checkWeakGenCRL("z", "", null); + + kt("-delete -alias y"); + kt("-printcrl -file y.crl") + .shouldContain("WARNING: not verified"); + + jksTypeCheck(); } static void jksTypeCheck() throws Exception { @@ -217,12 +290,12 @@ importkeystore("ks", "ks2", "") .shouldContain("3 entries successfully imported") .shouldContain("Warning") - .shouldMatch("<b>.*512-bit RSA key.*risk") - .shouldMatch("<a>.*MD5withRSA.*risk"); + .shouldMatch("<b>.*512-bit RSA key.*is disabled") + .shouldMatch("<a>.*MD5withRSA.*is disabled"); importkeystore("ks", "ks3", "-srcalias a") .shouldContain("Warning") - .shouldMatch("<a>.*MD5withRSA.*risk"); + .shouldMatch("<a>.*MD5withRSA.*is disabled"); } static void checkInplaceImportKeyStore() throws Exception { @@ -305,11 +378,11 @@ kt("-importcert -alias d -file a.cert", "no") .shouldContain("Certificate already exists in keystore") .shouldContain("Warning") - .shouldMatch("The input.*MD5withRSA.*risk") + .shouldMatch("The input.*MD5withRSA.*is disabled") .shouldContain("Do you still want to add it?"); kt("-importcert -alias d -file a.cert -noprompt") .shouldContain("Warning") - .shouldMatch("The input.*MD5withRSA.*risk") + .shouldMatch("The input.*MD5withRSA.*is disabled") .shouldNotContain("[no]"); // cert is self-signed @@ -317,12 +390,12 @@ kt("-delete -alias d"); kt("-importcert -alias d -file a.cert", "no") .shouldContain("Warning") - .shouldContain("MD5withRSA (weak)") - .shouldMatch("The input.*MD5withRSA.*risk") + .shouldContain("MD5withRSA (disabled)") + .shouldMatch("The input.*MD5withRSA.*is disabled") .shouldContain("Trust this certificate?"); kt("-importcert -alias d -file a.cert -noprompt") .shouldContain("Warning") - .shouldMatch("The input.*MD5withRSA.*risk") + .shouldMatch("The input.*MD5withRSA.*is disabled") .shouldNotContain("[no]"); // JDK-8177569: no warning for sigalg of trusted cert @@ -358,13 +431,13 @@ // -printcert will always show warnings kt("-printcert -file ca.cert") - .shouldContain("name: " + weakSigAlgCA + " (weak)") + .shouldContain("name: " + weakSigAlgCA + " (disabled)") .shouldContain("Warning") - .shouldMatch("The certificate.*" + weakSigAlgCA + ".*risk"); + .shouldMatch("The certificate.*" + weakSigAlgCA + ".*is disabled"); kt("-printcert -file ca.cert -trustcacerts") // -trustcacerts useless - .shouldContain("name: " + weakSigAlgCA + " (weak)") + .shouldContain("name: " + weakSigAlgCA + " (disabled)") .shouldContain("Warning") - .shouldMatch("The certificate.*" + weakSigAlgCA + ".*risk"); + .shouldMatch("The certificate.*" + weakSigAlgCA + ".*is disabled"); // Importing with -trustcacerts ignore CA cert's sig alg kt("-delete -alias d"); @@ -379,13 +452,13 @@ // but not without -trustcacerts kt("-delete -alias d"); kt("-importcert -alias d -file ca.cert", "no") - .shouldContain("name: " + weakSigAlgCA + " (weak)") + .shouldContain("name: " + weakSigAlgCA + " (disabled)") .shouldContain("Warning") - .shouldMatch("The input.*" + weakSigAlgCA + ".*risk") + .shouldMatch("The input.*" + weakSigAlgCA + ".*is disabled") .shouldContain("Trust this certificate?"); kt("-importcert -alias d -file ca.cert -noprompt") .shouldContain("Warning") - .shouldMatch("The input.*" + weakSigAlgCA + ".*risk") + .shouldMatch("The input.*" + weakSigAlgCA + ".*is disabled") .shouldNotContain("[no]"); } @@ -395,8 +468,8 @@ gencert("c-b", ""); kt("-importcert -alias d -file c-b.cert") // weak only, no prompt .shouldContain("Warning") - .shouldNotContain("512-bit RSA key (weak)") - .shouldMatch("The input.*512-bit RSA key.*risk") + .shouldNotContain("512-bit RSA key (disabled)") + .shouldMatch("The input.*512-bit RSA key.*is disabled") .shouldNotContain("[no]"); kt("-delete -alias b"); @@ -405,12 +478,12 @@ kt("-importcert -alias d -file c-b.cert", "no") // weak and not trusted .shouldContain("Warning") - .shouldContain("512-bit RSA key (weak)") - .shouldMatch("The input.*512-bit RSA key.*risk") + .shouldContain("512-bit RSA key (disabled)") + .shouldMatch("The input.*512-bit RSA key.*is disabled") .shouldContain("Trust this certificate?"); kt("-importcert -alias d -file c-b.cert -noprompt") .shouldContain("Warning") - .shouldMatch("The input.*512-bit RSA key.*risk") + .shouldMatch("The input.*512-bit RSA key.*is disabled") .shouldNotContain("[no]"); // a non self-signed strong cert @@ -439,7 +512,7 @@ gencert("a-c", ""); kt("-importcert -alias c -file a-c.cert") .shouldContain("Warning") - .shouldMatch("Issuer <a>.*MD5withRSA.*risk"); + .shouldMatch("Issuer <a>.*MD5withRSA.*is disabled"); // JDK-8177569: no warning for sigalg of trusted cert reStore(); @@ -448,7 +521,7 @@ kt("-delete -alias a"); kt("-importcert -alias a -file a.cert -noprompt"); kt("-list -alias a -v") - .shouldNotContain("weak") + .shouldNotContain("disabled") .shouldNotContain("Warning"); // This time a is trusted and no warning on its weak sig alg kt("-importcert -alias c -file a-c.cert") @@ -463,16 +536,16 @@ cat("a-a-b-c.cert", "b-c.cert", "a-b.cert", "a.cert"); kt("-importcert -alias c -file a-a-b-c.cert") // only weak .shouldContain("Warning") - .shouldMatch("Reply #2 of 3.*512-bit RSA key.*risk") - .shouldMatch("Reply #3 of 3.*MD5withRSA.*risk") + .shouldMatch("Reply #2 of 3.*512-bit RSA key.*is disabled") + .shouldMatch("Reply #3 of 3.*MD5withRSA.*is disabled") .shouldNotContain("[no]"); // Without root cat("a-b-c.cert", "b-c.cert", "a-b.cert"); kt("-importcert -alias c -file a-b-c.cert") // only weak .shouldContain("Warning") - .shouldMatch("Reply #2 of 2.*512-bit RSA key.*risk") - .shouldMatch("Issuer <a>.*MD5withRSA.*risk") + .shouldMatch("Reply #2 of 2.*512-bit RSA key.*is disabled") + .shouldMatch("Issuer <a>.*MD5withRSA.*is disabled") .shouldNotContain("[no]"); reStore(); @@ -480,7 +553,7 @@ kt("-importcert -alias a -file b-a.cert") .shouldContain("Warning") - .shouldMatch("Issuer <b>.*512-bit RSA key.*risk") + .shouldMatch("Issuer <b>.*512-bit RSA key.*is disabled") .shouldNotContain("[no]"); kt("-importcert -alias a -file c-a.cert") @@ -488,7 +561,7 @@ kt("-importcert -alias b -file c-b.cert") .shouldContain("Warning") - .shouldMatch("The input.*512-bit RSA key.*risk") + .shouldMatch("The input.*512-bit RSA key.*is disabled") .shouldNotContain("[no]"); reStore(); @@ -498,25 +571,25 @@ kt("-printcert -file c-b-a.cert") .shouldContain("Warning") - .shouldMatch("The certificate #2 of 2.*512-bit RSA key.*risk"); + .shouldMatch("The certificate #2 of 2.*512-bit RSA key.*is disabled"); kt("-delete -alias b"); kt("-importcert -alias a -file c-b-a.cert") .shouldContain("Warning") - .shouldMatch("Reply #2 of 2.*512-bit RSA key.*risk") + .shouldMatch("Reply #2 of 2.*512-bit RSA key.*is disabled") .shouldNotContain("[no]"); kt("-delete -alias c"); kt("-importcert -alias a -file c-b-a.cert", "no") .shouldContain("Top-level certificate in reply:") - .shouldContain("512-bit RSA key (weak)") + .shouldContain("512-bit RSA key (disabled)") .shouldContain("Warning") - .shouldMatch("Reply #2 of 2.*512-bit RSA key.*risk") + .shouldMatch("Reply #2 of 2.*512-bit RSA key.*is disabled") .shouldContain("Install reply anyway?"); kt("-importcert -alias a -file c-b-a.cert -noprompt") .shouldContain("Warning") - .shouldMatch("Reply #2 of 2.*512-bit RSA key.*risk") + .shouldMatch("Reply #2 of 2.*512-bit RSA key.*is disabled") .shouldNotContain("[no]"); reStore(); @@ -535,7 +608,7 @@ System.out.println("> " + dest); } - static void checkGenCRL(String alias, String options, String bad) { + static void checkDisabledGenCRL(String alias, String options, String bad) { OutputAnalyzer oa = kt("-gencrl -alias " + alias + " -id 1 -file " + alias + ".crl " + options); @@ -543,23 +616,23 @@ oa.shouldNotContain("Warning"); } else { oa.shouldContain("Warning") - .shouldMatch("The generated CRL.*" + bad + ".*risk"); + .shouldMatch("The generated CRL.*" + bad + ".*is disabled"); } oa = kt("-printcrl -file " + alias + ".crl"); if (bad == null) { oa.shouldNotContain("Warning") .shouldContain("Verified by " + alias + " in keystore") - .shouldNotContain("(weak"); + .shouldNotContain("(disabled"); } else { oa.shouldContain("Warning:") - .shouldMatch("The CRL.*" + bad + ".*risk") + .shouldMatch("The CRL.*" + bad + ".*is disabled") .shouldContain("Verified by " + alias + " in keystore") - .shouldContain(bad + " (weak)"); + .shouldContain(bad + " (disabled)"); } } - static void checkCertReq( + static void checkDisabledCertReq( String alias, String options, String bad) { OutputAnalyzer oa = certreq(alias, options); @@ -567,21 +640,21 @@ oa.shouldNotContain("Warning"); } else { oa.shouldContain("Warning") - .shouldMatch("The generated certificate request.*" + bad + ".*risk"); + .shouldMatch("The generated certificate request.*" + bad + ".*is disabled"); } oa = kt("-printcertreq -file " + alias + ".req"); if (bad == null) { oa.shouldNotContain("Warning") - .shouldNotContain("(weak)"); + .shouldNotContain("(disabled)"); } else { oa.shouldContain("Warning") - .shouldMatch("The certificate request.*" + bad + ".*risk") - .shouldContain(bad + " (weak)"); + .shouldMatch("The certificate request.*" + bad + ".*is disabled") + .shouldContain(bad + " (disabled)"); } } - static void checkGenKeyPair( + static void checkDisabledGenKeyPair( String alias, String options, String bad) { OutputAnalyzer oa = genkeypair(alias, options); @@ -589,7 +662,7 @@ oa.shouldNotContain("Warning"); } else { oa.shouldContain("Warning") - .shouldMatch("The generated certificate.*" + bad + ".*risk"); + .shouldMatch("The generated certificate.*" + bad + ".*is disabled"); } oa = kt("-exportcert -alias " + alias + " -file " + alias + ".cert"); @@ -597,7 +670,7 @@ oa.shouldNotContain("Warning"); } else { oa.shouldContain("Warning") - .shouldMatch("The certificate.*" + bad + ".*risk"); + .shouldMatch("The certificate.*" + bad + ".*is disabled"); } oa = kt("-exportcert -rfc -alias " + alias + " -file " + alias + ".cert"); @@ -605,7 +678,7 @@ oa.shouldNotContain("Warning"); } else { oa.shouldContain("Warning") - .shouldMatch("The certificate.*" + bad + ".*risk"); + .shouldMatch("The certificate.*" + bad + ".*is disabled"); } oa = kt("-printcert -rfc -file " + alias + ".cert"); @@ -613,7 +686,7 @@ oa.shouldNotContain("Warning"); } else { oa.shouldContain("Warning") - .shouldMatch("The certificate.*" + bad + ".*risk"); + .shouldMatch("The certificate.*" + bad + ".*is disabled"); } oa = kt("-list -alias " + alias); @@ -621,7 +694,71 @@ oa.shouldNotContain("Warning"); } else { oa.shouldContain("Warning") - .shouldMatch("The certificate.*" + bad + ".*risk"); + .shouldMatch("The certificate.*" + bad + ".*is disabled"); + } + + // With cert content + + oa = kt("-printcert -file " + alias + ".cert"); + if (bad == null) { + oa.shouldNotContain("Warning"); + } else { + oa.shouldContain("Warning") + .shouldContain(bad + " (disabled)") + .shouldMatch("The certificate.*" + bad + ".*is disabled"); + } + + oa = kt("-list -v -alias " + alias); + if (bad == null) { + oa.shouldNotContain("Warning"); + } else { + oa.shouldContain("Warning") + .shouldContain(bad + " (disabled)") + .shouldMatch("The certificate.*" + bad + ".*is disabled"); + } + } + + static void checkWeakGenKeyPair( + String alias, String options, String bad) { + + OutputAnalyzer oa = genkeypair(alias, options); + if (bad == null) { + oa.shouldNotContain("Warning"); + } else { + oa.shouldContain("Warning") + .shouldMatch("The generated certificate.*" + bad + ".*will be disabled"); + } + + oa = kt("-exportcert -alias " + alias + " -file " + alias + ".cert"); + if (bad == null) { + oa.shouldNotContain("Warning"); + } else { + oa.shouldContain("Warning") + .shouldMatch("The certificate.*" + bad + ".*will be disabled"); + } + + oa = kt("-exportcert -rfc -alias " + alias + " -file " + alias + ".cert"); + if (bad == null) { + oa.shouldNotContain("Warning"); + } else { + oa.shouldContain("Warning") + .shouldMatch("The certificate.*" + bad + ".*will be disabled"); + } + + oa = kt("-printcert -rfc -file " + alias + ".cert"); + if (bad == null) { + oa.shouldNotContain("Warning"); + } else { + oa.shouldContain("Warning") + .shouldMatch("The certificate.*" + bad + ".*will be disabled"); + } + + oa = kt("-list -alias " + alias); + if (bad == null) { + oa.shouldNotContain("Warning"); + } else { + oa.shouldContain("Warning") + .shouldMatch("The certificate.*" + bad + ".*will be disabled"); } // With cert content @@ -632,7 +769,7 @@ } else { oa.shouldContain("Warning") .shouldContain(bad + " (weak)") - .shouldMatch("The certificate.*" + bad + ".*risk"); + .shouldMatch("The certificate.*" + bad + ".*will be disabled"); } oa = kt("-list -v -alias " + alias); @@ -641,7 +778,54 @@ } else { oa.shouldContain("Warning") .shouldContain(bad + " (weak)") - .shouldMatch("The certificate.*" + bad + ".*risk"); + .shouldMatch("The certificate.*" + bad + ".*will be disabled"); + } + } + + + static void checkWeakGenCRL(String alias, String options, String bad) { + + OutputAnalyzer oa = kt("-gencrl -alias " + alias + + " -id 1 -file " + alias + ".crl " + options); + if (bad == null) { + oa.shouldNotContain("Warning"); + } else { + oa.shouldContain("Warning") + .shouldMatch("The generated CRL.*" + bad + ".*will be disabled"); + } + + oa = kt("-printcrl -file " + alias + ".crl"); + if (bad == null) { + oa.shouldNotContain("Warning") + .shouldContain("Verified by " + alias + " in keystore") + .shouldNotContain("(weak"); + } else { + oa.shouldContain("Warning:") + .shouldMatch("The CRL.*" + bad + ".*will be disabled") + .shouldContain("Verified by " + alias + " in keystore") + .shouldContain(bad + " (weak)"); + } + } + + static void checkWeakCertReq( + String alias, String options, String bad) { + + OutputAnalyzer oa = certreq(alias, options); + if (bad == null) { + oa.shouldNotContain("Warning"); + } else { + oa.shouldContain("Warning") + .shouldMatch("The generated certificate request.*" + bad + ".*will be disabled"); + } + + oa = kt("-printcertreq -file " + alias + ".req"); + if (bad == null) { + oa.shouldNotContain("Warning") + .shouldNotContain("(weak)"); + } else { + oa.shouldContain("Warning") + .shouldMatch("The certificate request.*" + bad + ".*will be disabled") + .shouldContain(bad + " (weak)"); } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/util/HostnameMatcher/NullHostnameCheck.java Mon Apr 19 04:23:30 2021 +0100 @@ -0,0 +1,301 @@ +/* + * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLEngineResult; +import javax.net.ssl.SSLException; +import javax.net.ssl.SSLHandshakeException; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.io.ByteArrayInputStream; +import java.nio.ByteBuffer; +import java.security.KeyStore; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Base64; + +/* + * @test + * @bug 8211339 8234728 + * @summary Verify hostname returns an exception instead of null pointer when + * creating a new engine + * @library /lib/security + * @run main/othervm NullHostnameCheck TLSv1 + * @run main/othervm NullHostnameCheck TLSv1.1 + * @run main/othervm NullHostnameCheck TLSv1.2 + * @run main/othervm NullHostnameCheck TLSv1.3 + */ + + +public final class NullHostnameCheck { + + public static void main(String[] args) throws Exception { + String protocol = args[0]; + + // Re-enable TLSv1 or TLSv1.1 when test depends on it. + if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) { + SecurityUtils.removeFromDisabledTlsAlgs(protocol); + } + + KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + keyStore.load( + new ByteArrayInputStream(Base64.getDecoder(). + decode(keystoreB64)), + "123456".toCharArray()); + KeyManagerFactory kmf = KeyManagerFactory.getInstance( + KeyManagerFactory.getDefaultAlgorithm()); + kmf.init(keyStore, "123456".toCharArray()); + SSLContext serverCtx = SSLContext.getInstance(protocol); + serverCtx.init(kmf.getKeyManagers(), null, null); + SSLEngine serverEngine = serverCtx.createSSLEngine("localhost", -1); + serverEngine.setUseClientMode(false); + + SSLContext clientCtx = SSLContext.getInstance(protocol); + clientCtx.init(null, new TrustManager[] { + new X509TrustManager() { + @Override + public void checkClientTrusted( + X509Certificate[] x509Certificates, String s) { + } + + @Override + public void checkServerTrusted( + X509Certificate[] x509Certificates, String s) { + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + return new X509Certificate[0]; + } + } + }, null); + + SSLEngine clientEngine = clientCtx.createSSLEngine(); + clientEngine.setUseClientMode(true); + + SSLParameters sslParameters = clientEngine.getSSLParameters(); + sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); + clientEngine.setSSLParameters(sslParameters); + try { + handshake(clientEngine, serverEngine); + throw new Exception("Value was not null. Unexpected."); + } catch (SSLHandshakeException e) { + if (e.getCause() instanceof CertificateException) { + System.out.println("Correct Exception class thrown:\n\t" + + e.getMessage()); + return; + } + throw e; + } + } + + private static void handshake(SSLEngine clientEngine, + SSLEngine serverEngine) throws SSLException{ + ByteBuffer cTOs = ByteBuffer.allocate( + clientEngine.getSession().getPacketBufferSize()); + ByteBuffer sTOc = ByteBuffer.allocate( + serverEngine.getSession().getPacketBufferSize()); + + ByteBuffer serverAppReadBuffer = ByteBuffer.allocate( + serverEngine.getSession().getApplicationBufferSize()); + ByteBuffer clientAppReadBuffer = ByteBuffer.allocate( + clientEngine.getSession().getApplicationBufferSize()); + + clientEngine.beginHandshake(); + serverEngine.beginHandshake(); + + ByteBuffer empty = ByteBuffer.allocate(0); + + SSLEngineResult clientResult; + SSLEngineResult serverResult; + + boolean clientHandshakeFinished = false; + boolean serverHandshakeFinished = false; + + do { + if (!clientHandshakeFinished) { + clientResult = clientEngine.wrap(empty, cTOs); + runDelegatedTasks(clientResult, clientEngine); + + if (isHandshakeFinished(clientResult)) { + clientHandshakeFinished = true; + } + } + + if (!serverHandshakeFinished) { + serverResult = serverEngine.wrap(empty, sTOc); + runDelegatedTasks(serverResult, serverEngine); + + if (isHandshakeFinished(serverResult)) { + serverHandshakeFinished = true; + } + } + + cTOs.flip(); + sTOc.flip(); + + if (!clientHandshakeFinished) { + clientResult = clientEngine.unwrap(sTOc, clientAppReadBuffer); + + runDelegatedTasks(clientResult, clientEngine); + + if (isHandshakeFinished(clientResult)) { + clientHandshakeFinished = true; + } + } + + if (!serverHandshakeFinished) { + serverResult = serverEngine.unwrap(cTOs, serverAppReadBuffer); + runDelegatedTasks(serverResult, serverEngine); + + if (isHandshakeFinished(serverResult)) { + serverHandshakeFinished = true; + } + } + + sTOc.compact(); + cTOs.compact(); + } while (!clientHandshakeFinished || !serverHandshakeFinished); + } + + private static boolean isHandshakeFinished(SSLEngineResult result) { + return result.getHandshakeStatus() == + SSLEngineResult.HandshakeStatus.FINISHED; + } + + private static void runDelegatedTasks(SSLEngineResult result, + SSLEngine engine) { + if (result.getHandshakeStatus() == + SSLEngineResult.HandshakeStatus.NEED_TASK) { + for (;;) { + Runnable task = engine.getDelegatedTask(); + if (task == null) { + break; + } + task.run(); + } + } + } + + // Base64 of PKCS12 Keystore + /* + * Certificate + * "signature algorithm": "SHA384withRSA", + * "issuer" : "CN=test, OU=test, O=test, L=test, ST=test, C=test", + * "not before" : "2019-12-05 12:43:23.000 IST", + * "not after" : "2049-11-27 12:43:23.000 IST", + * "subject" : "CN=test, OU=test, O=test, L=test, ST=test, C=test", + * "subject public key" : "RSA", + */ + static final String keystoreB64 = + "MIIQZwIBAzCCECAGCSqGSIb3DQEHAaCCEBEEghANMIIQCTCCCeUGCSqGSIb3DQEHA" + + "aCCCdYEggnSMIIJzjCCCcoGCyqGSIb3DQEMCgECoIIJezCCCXcwKQYKKoZIhvcNAQ" + + "wBAzAbBBSaZBiYmowTxFT4KJxZhMHTVOC9OQIDAMNQBIIJSBnoVGtJKPsoiSU095y" + + "50x27NJQd727oJwMXqA8kdxCcE1tBowtO8P44ctSEvwJQlB7dR9PxHB6LcfCdMfpa" + + "GObVCH1/6jHzhRolI9JMAfXlvliAHKZSjuQd2USw1Y65/+0VYvKslXGU4hWhGQWh2" + + "ksUCBIIcC2A3sA3afF/JPrlfLCEbzYpcfAsv+Z7wEEr6YD11HIHfbOgu2/HU6phL2" + + "RMJDK9iLgP9mu6FzRFk+93BSguWXfbeJyPlzA8dcTzkXDyfVDx4Wd+UExWq0fx179" + + "b74MWkwEk76TowEkcGkrnugwOKnqBmyvmBkbl1827+ChZprZ3zGw69IkuRsdDSYGb" + + "IWVAB/psB0zX3TvsKHcraZm34oNJdSNpYrS0OWA8lSm5NdcfTzi6WLxWwxz55PvZg" + + "OP3pVyXmtAalyBujs6AOsLkJIMLGvWAYeD+72ook8fqpW7s5e/HA7MshXrlMMflpD" + + "m708kK5VnfdgzQsAGr6YfOYOKnyhoqskmzDYccuSz59owKiuGMgHpum0zVE8yyVwb" + + "esXfP3v7eiPuGvsxzq5DE6jaY4F+GoxdLbL4jDWocnWiZewnuYxQwd1vKIKTww/TG" + + "8RObPUEB38+/LNpgb7+5Oap45rujygiPFWD9+mTzKkLGkM6ItRo4qOwtKAqbjPIVk" + + "MDCovcr2TCrZfE8ZbQnU/q2LR5eC6ZpOMFNRZggm92n0+FmDuEKjR7lu2mQF4IDan" + + "SiYgS1+nBhfG9pcNP3yCpwoBHIImtZX5GObKqgvMqQ746KXhv40xwnNqXGypBNKYN" + + "jRJQmG2/m++2A6DUo+xCTNbD7g0pQbNOjKsGVMXUBTyDiyGqSUHH2EDxe37wcPVih" + + "ezcv5L1X48y3tSVD9czhjCDJ54sd0B3+LoEXs5/0xYmMvQ74zUx6iwE87FZ/duMbs" + + "N3dDWvIgqgjaoGnfRLy4lRRxYhn2/r1lesQtzNlZ3YkHZKmpgQkLm+yChFqxi7qm+" + + "ec/y+GSTm+ascK1ju1NG3f/SUdl7KqZ/J7DnDfQwyg7jiY+QOcr7UNRSeddQozxu7" + + "j07y/wiGX4z3+JSGBlnlWtOyLo5YERbheVHh1LfCSM4KQDcjxUnIlmsCqILwDYbVm" + + "aNJ3crkU22I5IVFcoF30v7gvMj4VFXcBYPCSJrkqNIIgZs6YPYwht3akquIz2ovXV" + + "CqD3TH527dBRAgpeZNs3/L8xCaYiHNUKXv9CRaHVQMTKk9zi3CTJoKo5TCsWR8l9h" + + "cJpcQnmNs5Jv9Jnq/zoet230r3iHkiGNAoXTlekqSER7vBVLHwPY7rogXP6WyAi67" + + "AYK/B5iVQcplEHs3n+MeZJgj9C7S0Zslxmym0mWw7l+4YjvyX+RGJVUvk+3TkWO8E" + + "WHKOX1+hQH9RBbcNqH4FeRZrh3P8wZQDMFfcr3vD0tLAnuqdMy+qAPA+kKWpu5K0D" + + "0W/ifEizq4Zf8VyzYU6UZaAQbloJadSkruXIwvUpHBZ+M8MHQ2AmRNd0vwyTBlhOI" + + "CzWU5E5OXtW/f5jA/ugl7PSqjwe5IYTsZaYstKqqZJMIPTzB/IxPtzVyoN15fG9GR" + + "kk43U6HPS9SdeVTGVmNLn6SM8keLo1yUh5BZ0J0b+K/7C1GfJeNxcv0lGpkrh5wWc" + + "ABzJ86+3daky6+aR6ldY2CF7mr/dcc3MnjgDNnx86wYIysC3HOkhgyIXD28+O1aTY" + + "oAvlmidNC9wb2/JJk7cHQatL02LG4/ql5GQ+dS1wOU7S1MVVGYDlZ7uiFmKPqC1Tv" + + "qVxQnBqPnggKSLWucVKFcjsvXKasMvRl99f4Y7qRAjgM6EHa7rNyWIflRe6ZLNBlj" + + "16mW293a4FL1jTosNlZoCN8xb1zDdb/NCISqkX6/sq7wDOn4t+m+78ckof4GNmTOM" + + "WSaRDJIuLM9c1stLHpcyif37oZum86FnB9Zw9qlQGdgLYnRPeZXV1rZuC1L9fugCN" + + "M4WcUQ20fmPOgyO4RGLsxCbZZJBJj0y7CAMthepMnzaEO9Z2O9BFaM4zpL2ng7GvO" + + "a26DQiHO5RFVjUpslUdmPuX7U5xkRfjJ025pqTvHVLfzWmsU53ZbkgiJ/0xxa1Emd" + + "5y0X2keTVfm7q5duNVVN1A6r50++RANI7NJaSLFTMm8Y5P79g4o7UmtCLSesUdTsF" + + "8swVR5slE3O7ErNr3drLfYVEF9FaB7vcuMDqxCNuahX8TCMJg0vqpO8+EXRNkieb9" + + "KSgcLD5WRjzGm7e/B5uACxWc50iY6lYvIVW5Itot95OHWZ5xdq3a3fIIb4MDQ2/nx" + + "lozhRHaHTBI9GAwy1/XcDJWMr+tI9rLGCB7hX8dVqNtYO93/oF3gvBiiNSw5qmUQ2" + + "qxepZEih5KfhHAVq44RbQMiBA5E2bVBisuNTPUAaA/Fzzsvky8vBq/M5usy8+RXj6" + + "m+mSZCUPpSTTunIUnu0bRLb2inccthEielCThk1FLKQCLSpsAo1h7kzuNJIeeJSCM" + + "cWXpZEURziXwE5KCl3jcY+dOLLMEI05F/UyRwZ/k1a2qW78Bc3DivIh2w/4ZBAS9q" + + "hERIY52y8VcnJ/+/7u45bnpIjkJShZTM1qmzgDCHQa/G5OpnqtI2nDPSNzOpTWA47" + + "6+AH0ZQoUKxHt6MJP3QLpnrw6xPSE2gR19KRvFZr0NtGJ+SPy418eFYMtJgPvOyI4" + + "XwYYCLrmMCkSGrqfbhwKK6rgYMVDg0fsBT1OAZGKD8QM51hXFt8p0HQS0UuddwCTA" + + "/KwyIt6Iw7Leb70yoTEJz3CVU4X4faohXV48gNtZhquawRDvqyBSFS5F8M4s/pJZK" + + "C5UY3MXifF1+LhSXjdQK7RwNs9XcCbIy+6Fi2wAKDX9MasXnzfzFVuQq1XtMoPVVS" + + "9gSqWXGbYuadDIto3gGIKUt3BT9nj/B0J/ENqlSsGsT0+fiya+p5thXOkI8r7X82P" + + "SxV0048QnP7cbuDG97AjOOAcEMsBdCrF3jWGYNd1nK7eKQ8DCrXEKoQhY0IY2sHpU" + + "5Cu24KW9M1RwIb/XtOEBun89edaKhfk1uDLlvgQ4huYDmfcu4Ebh6DRbHzwSNMK17" + + "qDgp8/mbAui0ATZBW7bTQNw3WMS0ltbdCj0ki28Udg1udYY6r6wwWkXE/mccgbXz0" + + "L3g72JfEIO/A56+rFubofZCHuf5AVkDE8MBcGCSqGSIb3DQEJFDEKHggAdABlAHMA" + + "dDAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNTc1NTMwMDAzMjk3MIIGHAYJKoZIhvcNA" + + "QcGoIIGDTCCBgkCAQAwggYCBgkqhkiG9w0BBwEwKQYKKoZIhvcNAQwBBjAbBBRZLo" + + "kYmrJuiANzYxRFL9HmSVKYhQIDAMNQgIIFyPEfYqIJqAd13B5D4EFLs7VrUNaWoeO" + + "XNRVl5da6N7gMlG5gVpPRjRUCHyaBB066ZdGEquwkidgCdIAfIolcnyGv7a7PZvZM" + + "bJ8AUXjkf9q7zp0Uwc0k4zQ3Nmev5QxSx+f33J+AOQT4T1CRMxwpNOwrtzRoNVZFD" + + "oTCnxHBdTvmbCcuMsHYZQk+vLQpud4dI1AKccExjOc86ZAne2Df37LHB/2gxElSOn" + + "G9VkdIlKHLPbrk4JNcNSZs3VOOi3tEwAlBx9Xllg95aH3ziBPYKgk/u6M567tEnoH" + + "PDiss9+WeNJP9Tgsc6WPu33GTNxtxSLx4mffR3x0upSbFvhIP4t07aCtOZVwD/Hdw" + + "VmptatFvVSMiQSM1vf89zjAvdK3UFXTr/jDze4tF35y/UTlor8sbINQy3dZCEpCim" + + "G1MfDdSG+K5BZoHTny5bG2YM8a9EHtmZfq4i3GJE85M652UVlVDgDnk+PhgyIFWuJ" + + "6KFgWjUWio6RRhRvcTCJbk5soV+IFa4BppNMako9W8B2UvqIIV2XrxvFEh4QFkpsW" + + "13qEUGp33qUkAPhuz/NJ4InVh29CGSBnoWprIL/dKwdbTGudlrjnMs6pwURmlWVcJ" + + "FuPJFsBpyCQEeAtKS7TXaVJOTkfHdX4tYgN5SxEA0EGoddrKgWu48Dj1u2oC7ruZ9" + + "6J0zznFIr4FzBobv/woWx66EnCWyQLqjSCxipYeer+7ARDmHwgyj+CvgMsfkLa1VL" + + "LhFDDj0Efdt9IdKj4Nnhh+r9WkNsr+HGiwSgCDn/Hk1AWSvlxxsqFrUBCi6NMSG2l" + + "sM4MzCTrT47dJDPS0go0jIS5E4o3Hc/GMUlhaQaQX8iYaZQk4k1/OsRDoui+FuViU" + + "wIVuAne6AQhgy+9KMzmcgByFxAAoo5b0fDy/PgSG+C3wSs6brFmJIOw1exUIf2E/m" + + "9ATce4vT3CYKLvhk6dmHDK5jSvTrBU4njGVEW8DlW+GSf8jqABDW/PcAf0Y6T0hqv" + + "zTuWlpxv2O3QLeVbDTrIEe1bgRz8HaaiHznXe8oUbCC1xw5FaSAjXJLX0mlKtQ48z" + + "xdimSM7B4Pa6iz2q0m8PRzPaad+VyqD3xp53FaR3K9vNT0PXQwJIDZzxl3gYFisbN" + + "1KxUDtppnkrBwQx9iPH7zQvbNTQiyoUYnF4sAkECIduh/K+ZIAM8zGJH7NTNIrkK/" + + "piehq5/fVAXCr/tdSWeg88gsn0HjNRChuqYz1yFBaQvgMLQ7h/C7k0GP/l2pcUxr8" + + "/zDkFr1FFiUN9e2E0nlCO/FUxFZ3PO25D0ZrjAN7h4WLCybClC+Fdy+RhLAtK7Vuz" + + "zHwBMPNMMvlreXrSv/EE/37oN5OqA8YrDlPpiDuETS6xPkwkJti/ifrwzvakhBUbB" + + "dVd0De2QNctDQBnCFVb1lybbUtSF1Ol5Klcjt7UhFyq0ZkoVXhP2YqEJ7yLOaIKCk" + + "AdjOwCtb01L83/LhounfQLxIG8S2SQwMyxYua6k9BpQLJA36y2uu4+3OZIO4JRura" + + "drfjN6hGkGam8EvxM8UwrC//TDOHJUEy3IgNV4B4EJWs9lFTL9PO+kBlRFSeL5Son" + + "jLB/qZC+i8ssJ8oFkIrl+X7rRcooosbVaNvFIR2FpGCdx8bGoFV6pkfwpJ0hO4dOP" + + "nzFm24vBa6UrftojK/z234/h3W0yZScR5CvoSoU+tn1+3G3Q6a4+hdMwF6WjyO3Ne" + + "xfMRSvMkAqOqHiptdnz7QDQ7LgGIF6igtGEIpKo4urPAg+RnwqKG6NIYOA32QmU35" + + "B4+EJhhYZNINZm0NR5ZM0t9BpUiv6DGl8yZiRX1x4Nu35CLlAT8hWSqgMpb8mw5SQ" + + "rQ4dNggVaJ9lO1j1G4hV6umuyX6L1wtOyeQ9aNg3hIZGLPe4pkzahqI2KKlPWpksm" + + "MJVIi5WmlvEmFC/UkkUUICjo3KzKPHq7bYmdmDDNLwf9jOeAfq/UNxu4nO8wPjAhM" + + "AkGBSsOAwIaBQAEFJrJtKCo0WZ7ewFOiudk30HHA6e0BBRXe6IQoFcDFIzKAyXokh" + + "y3daZV4AIDAYag"; +}
--- a/test/tools/launcher/Settings.java Fri Feb 05 20:19:32 2021 +0000 +++ b/test/tools/launcher/Settings.java Mon Apr 19 04:23:30 2021 +0100 @@ -65,6 +65,7 @@ private static final String VM_SETTINGS = "VM settings:"; private static final String PROP_SETTINGS = "Property settings:"; private static final String LOCALE_SETTINGS = "Locale settings:"; + private static final String STACKSIZE_SETTINGS = "Stack Size:"; private static final String SYSTEM_SETTINGS = "Operating System Metrics:"; static void containsAllOptions(TestResult tr) { @@ -80,10 +81,22 @@ String stackSize = "256"; // in kb if (getArch().equals("ppc64") || getArch().equals("ppc64le")) { stackSize = "800"; + } else if (getArch().equals("aarch64")) { + /* + * The max value of minimum stack size allowed for aarch64 can be estimated as + * such: suppose the vm page size is 64KB and the test runs with a debug build, + * the initial _java_thread_min_stack_allowed defined in os_linux_aarch64.cpp is + * 72K, stack guard zones could take 192KB, and the shadow zone needs 128KB, + * after aligning up all parts to the page size, the final size would be 448KB. + * See details in JDK-8163363 + */ + stackSize = "448"; } TestResult tr = null; tr = doExec(javaCmd, "-Xms64m", "-Xmx512m", "-Xss" + stackSize + "k", "-XshowSettings", "-jar", testJar.getAbsolutePath()); + // Check the stack size logs printed by -XshowSettings to verify -Xss meaningfully. + checkContains(tr, STACKSIZE_SETTINGS); containsAllOptions(tr); if (!tr.isOK()) { System.out.println(tr.status); @@ -91,6 +104,7 @@ } tr = doExec(javaCmd, "-Xms65536k", "-Xmx712m", "-Xss" + stackSize + "000", "-XshowSettings", "-jar", testJar.getAbsolutePath()); + checkContains(tr, STACKSIZE_SETTINGS); containsAllOptions(tr); if (!tr.isOK()) { System.out.println(tr.status);