Mercurial > hg > icedtea8-forest > jdk
changeset 12227:0cc71de3df18 icedtea-3.2.0
Merge jdk8u111-b14
line wrap: on
line diff
--- a/.hgtags Thu Nov 03 02:53:25 2016 +0000 +++ b/.hgtags Thu Nov 03 18:13:23 2016 +0000 @@ -619,6 +619,9 @@ ee0b65b8fd106e7180785b00ddc2567d29388361 icedtea-3.1.0pre04 4f06a20cdc59ce9742e6538ff4b9040baba0778a jdk8u92-b14 5875e297cfcf18304b4b062dc44fa9be312ad6e8 jdk8u92-b31 +ed69541ce48b38bf0830c762f353e4379ce43630 jdk8u92-b32 +739b1dc838cdf73c7e16bacb5ce4d1c4534c7d76 jdk8u92-b33 +1f29ae07173450d753189e5aa9d8bb46fb2f5982 jdk8u92-b34 f6cc9dbb5db5883385c91bb71ca02081220aaf3d jdk8u81-b00 00f8f39308687cde45f23282871c46cc6c2f10b3 jdk8u101-b01 6042757c329b1b96fa6bc931e09306794f5c50c0 jdk8u101-b02 @@ -657,3 +660,19 @@ 901ecf04370c7c03c61e22ab87a266c355baff54 jdk8u102-b13 30e3b600c82978ab75d89b10b03059aa1620bc52 icedtea-3.2.0pre02 32c84f7d918fdb8e501f5a512c8804305ec88286 icedtea-3.2.0pre03 +48c99b42383912886c005891c04b5f599adf6722 jdk8u102-b14 +222d3ac3aa1f99f16e31c1c4a10f916ce83ff759 jdk8u102-b31 +ebc56c2e803597ef409a5296addc986b390d934d jdk8u111-b00 +c4f03717831993e4658b8366810ca4682ece952d jdk8u111-b01 +de1d09f09e571e38afdf1fb72984ec210e7c19e6 jdk8u111-b02 +1818c0df435a5e4b8b18dd82de38a03f30714d55 jdk8u111-b03 +710f0c95444deb36b422f449f422d925a72f6b2c jdk8u111-b04 +d689f7b806c89e535f784ba94bea1ae129ee0f19 jdk8u111-b05 +6c822cce832523a5aee9632e28065f0c302187ed jdk8u111-b06 +1afe84012d643b4092dbf25f1cbb761508c19ed2 jdk8u111-b07 +9760ea9a63c0d48956392256bb7769ab40f2a2f7 jdk8u111-b08 +c959cff8f7accc5dc2a334a977a95fe1dcb9e812 jdk8u111-b09 +1f15a299d2bf9a8bed33a2bdf36745c8238aafbb jdk8u111-b10 +28e488c17b7a276e9ce00a0488bbc53094294e14 jdk8u111-b11 +b1304d71a2ec04ae6fa0a46120a5beba40a6f5ba jdk8u111-b12 +3f1a07c3a600abdc2eb204f9b67984e6b920846e jdk8u111-b13
--- a/make/data/tzdata/VERSION Thu Nov 03 02:53:25 2016 +0000 +++ b/make/data/tzdata/VERSION Thu Nov 03 18:13:23 2016 +0000 @@ -21,4 +21,4 @@ # or visit www.oracle.com if you need additional information or have any # questions. # -tzdata2016d +tzdata2016f
--- a/make/data/tzdata/africa Thu Nov 03 02:53:25 2016 +0000 +++ b/make/data/tzdata/africa Thu Nov 03 18:13:23 2016 +0000 @@ -366,6 +366,12 @@ # decision to abandon DST permanently. See Ahram Online 2015-04-24. # http://english.ahram.org.eg/NewsContent/1/64/128509/Egypt/Politics-/Sisi-cancels-daylight-saving-time-in-Egypt.aspx +# From Steffen Thorsen (2016-04-29): +# Egypt will have DST from July 7 until the end of October.... +# http://english.ahram.org.eg/NewsContentP/1/204655/Egypt/Daylight-savings-time-returning-to-Egypt-on--July.aspx +# From Mina Samuel (2016-07-04): +# Egyptian government took the decision to cancel the DST, + Rule Egypt 2008 only - Aug lastThu 24:00 0 - Rule Egypt 2009 only - Aug 20 24:00 0 - Rule Egypt 2010 only - Aug 10 24:00 0 - @@ -881,11 +887,11 @@ Rule Morocco 2010 only - May 2 0:00 1:00 S Rule Morocco 2010 only - Aug 8 0:00 0 - Rule Morocco 2011 only - Apr 3 0:00 1:00 S -Rule Morocco 2011 only - Jul 31 0 0 - +Rule Morocco 2011 only - Jul 31 0:00 0 - Rule Morocco 2012 2013 - Apr lastSun 2:00 1:00 S -Rule Morocco 2012 only - Sep 30 3:00 0 - Rule Morocco 2012 only - Jul 20 3:00 0 - Rule Morocco 2012 only - Aug 20 2:00 1:00 S +Rule Morocco 2012 only - Sep 30 3:00 0 - Rule Morocco 2013 only - Jul 7 3:00 0 - Rule Morocco 2013 only - Aug 10 2:00 1:00 S Rule Morocco 2013 max - Oct lastSun 3:00 0 -
--- a/make/data/tzdata/antarctica Thu Nov 03 02:53:25 2016 +0000 +++ b/make/data/tzdata/antarctica Thu Nov 03 18:13:23 2016 +0000 @@ -36,7 +36,7 @@ # # Except for the French entries, # I made up all time zone abbreviations mentioned here; corrections welcome! -# FORMAT is 'zzz' and GMTOFF is 0 for locations while uninhabited. +# FORMAT is '-00' and GMTOFF is 0 for locations while uninhabited. # Argentina - year-round bases # Belgrano II, Confin Coast, -770227-0343737, since 1972-02-05 @@ -90,22 +90,22 @@ # http://www.timeanddate.com/news/time/antartica-time-changes-2010.html # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Antarctica/Casey 0 - zzz 1969 +Zone Antarctica/Casey 0 - -00 1969 8:00 - AWST 2009 Oct 18 2:00 # Australian Western Std Time 11:00 - CAST 2010 Mar 5 2:00 # Casey Time 8:00 - AWST 2011 Oct 28 2:00 11:00 - CAST 2012 Feb 21 17:00u 8:00 - AWST -Zone Antarctica/Davis 0 - zzz 1957 Jan 13 +Zone Antarctica/Davis 0 - -00 1957 Jan 13 7:00 - DAVT 1964 Nov # Davis Time - 0 - zzz 1969 Feb + 0 - -00 1969 Feb 7:00 - DAVT 2009 Oct 18 2:00 5:00 - DAVT 2010 Mar 10 20:00u 7:00 - DAVT 2011 Oct 28 2:00 5:00 - DAVT 2012 Feb 21 20:00u 7:00 - DAVT -Zone Antarctica/Mawson 0 - zzz 1954 Feb 13 +Zone Antarctica/Mawson 0 - -00 1954 Feb 13 6:00 - MAWT 2009 Oct 18 2:00 # Mawson Time 5:00 - MAWT # References: @@ -160,7 +160,7 @@ # fishing stations operated variously 1819/1931 # # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Indian/Kerguelen 0 - zzz 1950 # Port-aux-Français +Zone Indian/Kerguelen 0 - -00 1950 # Port-aux-Français 5:00 - TFT # ISO code TF Time # # year-round base in the main continent @@ -171,9 +171,9 @@ # It was destroyed by fire on 1952-01-14. # # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Antarctica/DumontDUrville 0 - zzz 1947 +Zone Antarctica/DumontDUrville 0 - -00 1947 10:00 - PMT 1952 Jan 14 # Port-Martin Time - 0 - zzz 1956 Nov + 0 - -00 1956 Nov 10:00 - DDUT # Dumont-d'Urville Time # France & Italy - year-round base @@ -199,7 +199,7 @@ # was established on 1957-01-29. Since Syowa station is still the main # station of Japan, it's appropriate for the principal location. # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Antarctica/Syowa 0 - zzz 1957 Jan 29 +Zone Antarctica/Syowa 0 - -00 1957 Jan 29 3:00 - SYOT # Syowa Time # See: # NIPR Antarctic Research Activities (1999-08-17) @@ -249,7 +249,7 @@ # Remove the following line when uncommenting the above '#Rule' lines. Rule Troll 2004 max - Oct lastSun 1:00u 0:00 UTC # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Antarctica/Troll 0 - zzz 2005 Feb 12 +Zone Antarctica/Troll 0 - -00 2005 Feb 12 0:00 Troll %s # Poland - year-round base @@ -290,7 +290,7 @@ # happened to be during their visit. So we still don't really know what time # it is at Vostok. But we'll guess UTC+6. # -Zone Antarctica/Vostok 0 - zzz 1957 Dec 16 +Zone Antarctica/Vostok 0 - -00 1957 Dec 16 6:00 - VOST # Vostok time # S Africa - year-round bases @@ -323,7 +323,7 @@ # <http://webexhibits.org/daylightsaving/g.html> says Rothera is -03 all year. # # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Antarctica/Rothera 0 - zzz 1976 Dec 1 +Zone Antarctica/Rothera 0 - -00 1976 Dec 1 -3:00 - ROTT # Rothera time # Uruguay - year round base
--- a/make/data/tzdata/asia Thu Nov 03 02:53:25 2016 +0000 +++ b/make/data/tzdata/asia Thu Nov 03 18:13:23 2016 +0000 @@ -169,7 +169,7 @@ 3:00 - BAKT 1957 Mar # Baku Time 4:00 RussiaAsia BAK%sT 1991 Mar 31 2:00s 3:00 1:00 BAKST 1991 Aug 30 # independence - 3:00 RussiaAsia AZ%sT 1992 Sep lastSat 23:00 + 3:00 RussiaAsia AZ%sT 1992 Sep lastSun 2:00s 4:00 - AZT 1996 # Azerbaijan Time 4:00 EUAsia AZ%sT 1997 4:00 Azer AZ%sT
--- a/make/data/tzdata/australasia Thu Nov 03 02:53:25 2016 +0000 +++ b/make/data/tzdata/australasia Thu Nov 03 18:13:23 2016 +0000 @@ -266,11 +266,11 @@ # will produce a binary file with an [A]EST-type as the first 32-bit type; # this is required for correct handling of times before 1916 by # pre-2013 versions of localtime. -Zone Antarctica/Macquarie 0 - zzz 1899 Nov +Zone Antarctica/Macquarie 0 - -00 1899 Nov 10:00 - AEST 1916 Oct 1 2:00 10:00 1:00 AEDT 1917 Feb 10:00 Aus AE%sT 1919 Apr 1 0:00s - 0 - zzz 1948 Mar 25 + 0 - -00 1948 Mar 25 10:00 Aus AE%sT 1967 10:00 AT AE%sT 2010 Apr 4 3:00 11:00 - MIST # Macquarie I Standard Time
--- a/make/data/tzdata/europe Thu Nov 03 02:53:25 2016 +0000 +++ b/make/data/tzdata/europe Thu Nov 03 18:13:23 2016 +0000 @@ -778,6 +778,14 @@ 1:00 EU CE%sT # Belarus +# +# From Stepan Golosunov (2016-07-02): +# http://www.lawbelarus.com/repub/sub30/texf9611.htm +# (Act of the Cabinet of Ministers of the Republic of Belarus from +# 1992-03-25 No. 157) ... says clocks were to be moved forward at 2:00 +# on last Sunday of March and backward at 3:00 on last Sunday of September +# (the same as previous USSR and contemporary Russian regulations). +# # From Yauhen Kharuzhy (2011-09-16): # By latest Belarus government act Europe/Minsk timezone was changed to # GMT+3 without DST (was GMT+2 with DST). @@ -801,9 +809,6 @@ 1:00 C-Eur CE%sT 1944 Jul 3 3:00 Russia MSK/MSD 1990 3:00 - MSK 1991 Mar 31 2:00s - 2:00 1:00 EEST 1991 Sep 29 2:00s - 2:00 - EET 1992 Mar 29 0:00s - 2:00 1:00 EEST 1992 Sep 27 0:00s 2:00 Russia EE%sT 2011 Mar 27 2:00s 3:00 - FET 2014 Oct 26 1:00s 3:00 - MSK @@ -2746,14 +2751,22 @@ # Asia/Novosibirsk covers: # 54 RU-NVS Novosibirsk Oblast +# From Stepan Golosunov (2016-05-30): +# http://asozd2.duma.gov.ru/main.nsf/(Spravka)?OpenAgent&RN=1085784-6 +# moves Novosibirsk oblast from UTC+6 to UTC+7. +# From Stepan Golosunov (2016-07-04): +# The law was signed yesterday and published today on +# http://publication.pravo.gov.ru/Document/View/0001201607040064 + Zone Asia/Novosibirsk 5:31:40 - LMT 1919 Dec 14 6:00 - 6:00 - NOVT 1930 Jun 21 # Novosibirsk Time - 7:00 Russia NOV%sT 1991 Mar 31 2:00s - 6:00 Russia NOV%sT 1992 Jan 19 2:00s - 7:00 Russia NOV%sT 1993 May 23 # say Shanks & P. - 6:00 Russia NOV%sT 2011 Mar 27 2:00s - 7:00 - NOVT 2014 Oct 26 2:00s - 6:00 - NOVT + 6:00 - +06 1930 Jun 21 + 7:00 Russia +07/+08 1991 Mar 31 2:00s + 6:00 Russia +06/+07 1992 Jan 19 2:00s + 7:00 Russia +07/+08 1993 May 23 # say Shanks & P. + 6:00 Russia +06/+07 2011 Mar 27 2:00s + 7:00 - +07 2014 Oct 26 2:00s + 6:00 - +06 2016 Jul 24 2:00s + 7:00 - +07 # From Paul Eggert (2016-03-18): # Asia/Tomsk covers: @@ -2794,6 +2807,9 @@ # approved by the Federation Council on 2016-04-20, signed by the President and # published as a law around 2016-04-26. +# From Matt Johnson (2016-04-26): +# http://publication.pravo.gov.ru/Document/View/0001201604260048 + Zone Asia/Tomsk 5:39:51 - LMT 1919 Dec 22 6:00 - +06 1930 Jun 21 7:00 Russia +07/+08 1991 Mar 31 2:00s @@ -2833,14 +2849,12 @@ # realigning itself with KRAT. Zone Asia/Novokuznetsk 5:48:48 - LMT 1924 May 1 - 6:00 - KRAT 1930 Jun 21 # Krasnoyarsk Time - 7:00 Russia KRA%sT 1991 Mar 31 2:00s - 6:00 Russia KRA%sT 1992 Jan 19 2:00s - 7:00 Russia KRA%sT 2010 Mar 28 2:00s - 6:00 Russia NOV%sT 2011 Mar 27 2:00s # Novosibirsk - 7:00 - NOVT 2014 Oct 26 2:00s - 7:00 - KRAT # Krasnoyarsk Time - + 6:00 - +06 1930 Jun 21 + 7:00 Russia +07/+08 1991 Mar 31 2:00s + 6:00 Russia +06/+07 1992 Jan 19 2:00s + 7:00 Russia +07/+08 2010 Mar 28 2:00s + 6:00 Russia +06/+07 2011 Mar 27 2:00s + 7:00 - +07 # From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2001-08-25): # Asia/Krasnoyarsk covers...
--- a/make/data/tzdata/northamerica Thu Nov 03 02:53:25 2016 +0000 +++ b/make/data/tzdata/northamerica Thu Nov 03 18:13:23 2016 +0000 @@ -2214,39 +2214,39 @@ Rule NT_YK 1987 2006 - Apr Sun>=1 2:00 1:00 D # Zone NAME GMTOFF RULES FORMAT [UNTIL] # aka Panniqtuuq -Zone America/Pangnirtung 0 - zzz 1921 # trading post est. +Zone America/Pangnirtung 0 - -00 1921 # trading post est. -4:00 NT_YK A%sT 1995 Apr Sun>=1 2:00 -5:00 Canada E%sT 1999 Oct 31 2:00 -6:00 Canada C%sT 2000 Oct 29 2:00 -5:00 Canada E%sT # formerly Frobisher Bay -Zone America/Iqaluit 0 - zzz 1942 Aug # Frobisher Bay est. +Zone America/Iqaluit 0 - -00 1942 Aug # Frobisher Bay est. -5:00 NT_YK E%sT 1999 Oct 31 2:00 -6:00 Canada C%sT 2000 Oct 29 2:00 -5:00 Canada E%sT # aka Qausuittuq -Zone America/Resolute 0 - zzz 1947 Aug 31 # Resolute founded +Zone America/Resolute 0 - -00 1947 Aug 31 # Resolute founded -6:00 NT_YK C%sT 2000 Oct 29 2:00 -5:00 - EST 2001 Apr 1 3:00 -6:00 Canada C%sT 2006 Oct 29 2:00 -5:00 - EST 2007 Mar 11 3:00 -6:00 Canada C%sT # aka Kangiqiniq -Zone America/Rankin_Inlet 0 - zzz 1957 # Rankin Inlet founded +Zone America/Rankin_Inlet 0 - -00 1957 # Rankin Inlet founded -6:00 NT_YK C%sT 2000 Oct 29 2:00 -5:00 - EST 2001 Apr 1 3:00 -6:00 Canada C%sT # aka Iqaluktuuttiaq -Zone America/Cambridge_Bay 0 - zzz 1920 # trading post est.? +Zone America/Cambridge_Bay 0 - -00 1920 # trading post est.? -7:00 NT_YK M%sT 1999 Oct 31 2:00 -6:00 Canada C%sT 2000 Oct 29 2:00 -5:00 - EST 2000 Nov 5 0:00 -6:00 - CST 2001 Apr 1 3:00 -7:00 Canada M%sT -Zone America/Yellowknife 0 - zzz 1935 # Yellowknife founded? +Zone America/Yellowknife 0 - -00 1935 # Yellowknife founded? -7:00 NT_YK M%sT 1980 -7:00 Canada M%sT -Zone America/Inuvik 0 - zzz 1953 # Inuvik founded +Zone America/Inuvik 0 - -00 1953 # Inuvik founded -8:00 NT_YK P%sT 1979 Apr lastSun 2:00 -7:00 NT_YK M%sT 1980 -7:00 Canada M%sT
--- a/make/data/tzdata/southamerica Thu Nov 03 02:53:25 2016 +0000 +++ b/make/data/tzdata/southamerica Thu Nov 03 18:13:23 2016 +0000 @@ -1332,7 +1332,7 @@ # Palmer used to be supplied from Argentina. # # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Antarctica/Palmer 0 - zzz 1965 +Zone Antarctica/Palmer 0 - -00 1965 -4:00 Arg AR%sT 1969 Oct 5 -3:00 Arg AR%sT 1982 May -4:00 Chile CL%sT @@ -1782,16 +1782,16 @@ # https://actualidad.rt.com/actualidad/204758-venezuela-modificar-huso-horario-sequia-elnino # # From Paul Eggert (2016-04-15): -# Clocks advance 30 minutes on 2016-05-01 at 02:30. See: -# Barboza AD. Huso horario en Venezuela volverá a 4 horas menos con -# respecto al "Greenwich". Panorama 2016-04-15 12:20 -0430. -# http://www.panorama.com.ve/ciudad/Huso-horario-en-Venezuela-volvera-a-4-horas-menos-con-respecto-al-Greenwich-20160415-0032.html -# +# Clocks advance 30 minutes on 2016-05-01 at 02:30.... # "'Venezuela's new time-zone: hours without light, hours without water, -# hours of presidential broadcasts, hours of lines," quipped comedian -# Jean Mary Curro ...". See: Cawthorne A, Kai D. Venezuela scraps +# hours of presidential broadcasts, hours of lines,' quipped comedian +# Jean Mary Curró ...". See: Cawthorne A, Kai D. Venezuela scraps # half-hour time difference set by Chavez. Reuters 2016-04-15 14:50 -0400 # http://www.reuters.com/article/us-venezuela-timezone-idUSKCN0XC2BE +# +# From Matt Johnson (2016-04-20): +# ... published in the official Gazette [2016-04-18], here: +# http://historico.tsj.gob.ve/gaceta_ext/abril/1842016/E-1842016-4551.pdf # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone America/Caracas -4:27:44 - LMT 1890
--- a/make/mapfiles/libjava/mapfile-vers Thu Nov 03 02:53:25 2016 +0000 +++ b/make/mapfiles/libjava/mapfile-vers Thu Nov 03 18:13:23 2016 +0000 @@ -56,6 +56,7 @@ JNU_ThrowArrayIndexOutOfBoundsException; JNU_ThrowByName; JNU_ThrowByNameWithLastError; + JNU_ThrowByNameWithMessageAndLastError; JNU_ThrowClassNotFoundException; JNU_ThrowIllegalAccessError; JNU_ThrowIllegalAccessException;
--- a/src/macosx/native/com/sun/media/sound/PLATFORM_API_MacOSX_PCM.cpp Thu Nov 03 02:53:25 2016 +0000 +++ b/src/macosx/native/com/sun/media/sound/PLATFORM_API_MacOSX_PCM.cpp Thu Nov 03 18:13:23 2016 +0000 @@ -817,6 +817,10 @@ ERROR1("<<DAUDIO_Open: ERROR: unsupported encoding (%d)\n", encoding); return NULL; } + if (channels <= 0) { + ERROR1("<<DAUDIO_Open: ERROR: Invalid number of channels=%d!\n", channels); + return NULL; + } OSX_DirectAudioDevice *device = new OSX_DirectAudioDevice();
--- a/src/share/back/debugLoop.c Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/back/debugLoop.c Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -229,6 +229,20 @@ if (rc != 0 || (rc == 0 && packet.type.cmd.len == 0)) { shouldListen = JNI_FALSE; notifyTransportError(); + } else if (packet.type.cmd.flags != JDWPTRANSPORT_FLAGS_NONE) { + /* + * Close the connection when we get a jdwpCmdPacket with an + * invalid flags field value. This is a protocol violation + * so we drop the connection. Also this could be a web + * browser generating an HTTP request that passes the JDWP + * handshake. HTTP requests requires that everything be in + * the ASCII printable range so a flags value of + * JDWPTRANSPORT_FLAGS_NONE(0) cannot be generated via HTTP. + */ + ERROR_MESSAGE(("Received jdwpPacket with flags != 0x%d (actual=0x%x) when a jdwpCmdPacket was expected.", + JDWPTRANSPORT_FLAGS_NONE, packet.type.cmd.flags)); + shouldListen = JNI_FALSE; + notifyTransportError(); } else { cmd = &packet.type.cmd;
--- a/src/share/classes/com/sun/java/util/jar/pack/DriverResource_ja.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/com/sun/java/util/jar/pack/DriverResource_ja.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -61,8 +61,8 @@ "\u4F7F\u7528\u65B9\u6CD5: pack200 [-opt... | --option=value]... x.pack[.gz] y.jar", "", "\u5727\u7E2E\u30AA\u30D7\u30B7\u30E7\u30F3", - " -g\u3001--no-gzip \u30D7\u30EC\u30FC\u30F3\u306A*.pack\u30D5\u30A1\u30A4\u30EB\u3092\u5727\u7E2E\u305B\u305A\u306B\u51FA\u529B\u3057\u307E\u3059", - " --gzip (\u30C7\u30D5\u30A9\u30EB\u30C8)\u5727\u7E2E\u51FA\u529B\u3092gzip\u3067\u5F8C\u51E6\u7406\u3057\u307E\u3059", + " -g\u3001--no-gzip \u5727\u7E2E\u305B\u305A\u306B\u30D7\u30EC\u30FC\u30F3\u306A*.pack\u30D5\u30A1\u30A4\u30EB\u3092\u51FA\u529B\u3057\u307E\u3059", + " --gzip (\u30C7\u30D5\u30A9\u30EB\u30C8) pack\u51FA\u529B\u3092gzip\u3067\u5F8C\u51E6\u7406\u3057\u307E\u3059", " -G\u3001--strip-debug \u5727\u7E2E\u4E2D\u306B\u30C7\u30D0\u30C3\u30B0\u5C5E\u6027\u3092\u524A\u9664\u3057\u307E\u3059", " -O\u3001--no-keep-file-order \u30D5\u30A1\u30A4\u30EB\u306E\u9806\u5E8F\u4ED8\u3051\u60C5\u5831\u3092\u8EE2\u9001\u3057\u307E\u305B\u3093", " --keep-file-order (\u30C7\u30D5\u30A9\u30EB\u30C8)\u5165\u529B\u30D5\u30A1\u30A4\u30EB\u306E\u9806\u5E8F\u4ED8\u3051\u3092\u4FDD\u6301\u3057\u307E\u3059",
--- a/src/share/classes/com/sun/jmx/remote/util/ClassLoaderWithRepository.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/com/sun/jmx/remote/util/ClassLoaderWithRepository.java Thu Nov 03 18:13:23 2016 +0000 @@ -39,8 +39,9 @@ } protected Class<?> findClass(String name) throws ClassNotFoundException { + Class<?> cls; try { - return repository.loadClass(name); + cls = repository.loadClass(name); } catch (ClassNotFoundException cne) { if (cl2 != null) { return cl2.loadClass(name); @@ -48,6 +49,15 @@ throw cne; } } + + if(!cls.getName().equals(name)){ + if (cl2 != null) { + return cl2.loadClass(name); + } else { + throw new ClassNotFoundException(name); + } + } + return cls; } private ClassLoaderRepository repository;
--- a/src/share/classes/javax/swing/JEditorPane.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/javax/swing/JEditorPane.java Thu Nov 03 18:13:23 2016 +0000 @@ -24,7 +24,6 @@ */ package javax.swing; -import sun.swing.SwingUtilities2; import java.awt.*; import java.lang.reflect.*; @@ -1242,7 +1241,11 @@ */ public static void registerEditorKitForContentType(String type, String classname, ClassLoader loader) { getKitTypeRegistry().put(type, classname); - getKitLoaderRegistry().put(type, loader); + if (loader != null) { + getKitLoaderRegistry().put(type, loader); + } else { + getKitLoaderRegistry().remove(type); + } getKitRegisty().remove(type); }
--- a/src/share/classes/sun/awt/image/SunVolatileImage.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/awt/image/SunVolatileImage.java Thu Nov 03 18:13:23 2016 +0000 @@ -70,6 +70,10 @@ { this.comp = comp; this.graphicsConfig = graphicsConfig; + if (width <= 0 || height <= 0) { + throw new IllegalArgumentException("Width (" + width + ")" + + " and height (" + height + ") cannot be <= 0"); + } this.width = width; this.height = height; this.forcedAccelSurfaceType = accType;
--- a/src/share/classes/sun/launcher/resources/launcher_zh_TW.properties Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/launcher/resources/launcher_zh_TW.properties Thu Nov 03 18:13:23 2016 +0000 @@ -34,7 +34,7 @@ java.launcher.ergo.message2 =\ \u56E0\u70BA\u60A8\u6B63\u5728\u4F3A\u670D\u5668\u985E\u5225\u6A5F\u5668\u4E0A\u57F7\u884C\u3002\n # Translators please note do not translate the options themselves -java.launcher.opt.footer =\ -cp <class search path of directories and zip/jar files>\n -classpath <class search path of directories and zip/jar files>\n \u4F7F\u7528 {0} \u5340\u9694\u7684\u76EE\u9304\u3001JAR \u5B58\u6A94\u4EE5\u53CA\n ZIP \u5B58\u6A94\u6E05\u55AE\u4F86\u641C\u5C0B\u985E\u5225\u6A94\u6848\u3002\n -D<name>=<value>\n \u8A2D\u5B9A\u7CFB\u7D71\u5C6C\u6027\n -verbose:[class|gc|jni]\n \u555F\u7528\u8A73\u7D30\u8CC7\u8A0A\u8F38\u51FA\n -version \u5217\u5370\u7522\u54C1\u7248\u672C\u4E26\u7D50\u675F\n -version:<value>\n \u8B66\u544A: \u6B64\u529F\u80FD\u5DF2\u4E0D\u518D\u4F7F\u7528\uFF0C\u5C07\u6703\u5F9E\n \u672A\u4F86\u7248\u672C\u4E2D\u79FB\u9664\u3002\n \u9700\u8981\u6307\u5B9A\u7684\u7248\u672C\u624D\u80FD\u57F7\u884C\n -showversion \u5217\u5370\u7522\u54C1\u7248\u672C\u4E26\u7E7C\u7E8C\n -jre-restrict-search | -no-jre-restrict-search\n \u8B66\u544A: \u6B64\u529F\u80FD\u5DF2\u4E0D\u518D\u4F7F\u7528\uFF0C\u5C07\u6703\u5F9E\n \u672A\u4F86\u7248\u672C\u4E2D\u79FB\u9664\u3002\n \u5728\u7248\u672C\u641C\u5C0B\u4E2D\u5305\u62EC/\u6392\u9664\u4F7F\u7528\u8005\u5C08\u7528 JRE\n -? -help \u5217\u5370\u6B64\u8AAA\u660E\u8A0A\u606F\n -X \u5217\u5370\u975E\u6A19\u6E96\u9078\u9805\u7684\u8AAA\u660E\n -ea[:<packagename>...|:<classname>]\n -enableassertions[:<packagename>...|:<classname>]\n \u555F\u7528\u542B\u6307\u5B9A\u8A73\u7D30\u7A0B\u5EA6\u7684\u5BA3\u544A\n -da[:<packagename>...|:<classname>]\n -disableassertions[:<packagename>...|:<classname>]\n \u505C\u7528\u542B\u6307\u5B9A\u8A73\u7D30\u7A0B\u5EA6\u7684\u5BA3\u544A\n -esa | -enablesystemassertions\n \u555F\u7528\u7CFB\u7D71\u5BA3\u544A\n -dsa | -disablesystemassertions\n \u505C\u7528\u7CFB\u7D71\u5BA3\u544A\n -agentlib:<libname>[=<options>]\n \u8F09\u5165\u539F\u751F\u4EE3\u7406\u7A0B\u5F0F\u7A0B\u5F0F\u5EAB <libname>\uFF0C\u4F8B\u5982 -agentlib:hprof\n \u53E6\u8ACB\u53C3\u95B1 -agentlib:jdwp=help \u8207 -agentlib:hprof=help\n -agentpath:<pathname>[=<options>]\n \u4F7F\u7528\u5B8C\u6574\u8DEF\u5F91\u540D\u7A31\u8F09\u5165\u539F\u751F\u4EE3\u7406\u7A0B\u5F0F\u7A0B\u5F0F\u5EAB\n -javaagent:<jarpath>[=<options>]\n \u8F09\u5165 Java \u7A0B\u5F0F\u8A9E\u8A00\u4EE3\u7406\u7A0B\u5F0F\uFF0C\u8ACB\u53C3\u95B1 java.lang.instrument\n -splash:<imagepath>\n \u986F\u793A\u6307\u5B9A\u5F71\u50CF\u7684\u8EDF\u9AD4\u8CC7\u8A0A\u756B\u9762\n\u8ACB\u53C3\u95B1 http://www.oracle.com/technetwork/java/javase/documentation/index.html \u66B8\u89E3\u8A73\u7D30\u8CC7\u8A0A\u3002 +java.launcher.opt.footer =\ -cp <\u76EE\u9304\u53CA zip/jar \u6A94\u6848\u7684\u985E\u5225\u641C\u5C0B\u8DEF\u5F91>\n -classpath <\u76EE\u9304\u53CA zip/jar \u6A94\u6848\u7684\u985E\u5225\u641C\u5C0B\u8DEF\u5F91>\n \u4F7F\u7528 {0} \u5340\u9694\u7684\u76EE\u9304\u3001JAR \u5B58\u6A94\u4EE5\u53CA ZIP \u5B58\u6A94\u6E05\u55AE\u4F86\u641C\u5C0B\u985E\u5225\u6A94\u6848\u3002\n -D<name>=<value>\n \u8A2D\u5B9A\u7CFB\u7D71\u5C6C\u6027\n -verbose:[class|gc|jni]\n \u555F\u7528\u8A73\u7D30\u8CC7\u8A0A\u8F38\u51FA\n -version \u5217\u5370\u7522\u54C1\u7248\u672C\u4E26\u7D50\u675F\n -version:<value>\n \u8B66\u544A: \u6B64\u529F\u80FD\u5DF2\u4E0D\u518D\u4F7F\u7528\uFF0C\u5C07\u6703\u5F9E\u672A\u4F86\u7248\u672C\u4E2D\u79FB\u9664\u3002\n \u9700\u8981\u6307\u5B9A\u7684\u7248\u672C\u624D\u80FD\u57F7\u884C\n -showversion \u5217\u5370\u7522\u54C1\u7248\u672C\u4E26\u7E7C\u7E8C\n -jre-restrict-search | -no-jre-restrict-search\n \u8B66\u544A: \u6B64\u529F\u80FD\u5DF2\u4E0D\u518D\u4F7F\u7528\uFF0C\u5C07\u6703\u5F9E\u672A\u4F86\u7248\u672C\u4E2D\u79FB\u9664\u3002\n \u5728\u7248\u672C\u641C\u5C0B\u4E2D\u5305\u62EC/\u6392\u9664\u4F7F\u7528\u8005\u5C08\u7528 JRE\n -? -help \u5217\u5370\u6B64\u8AAA\u660E\u8A0A\u606F\n -X \u5217\u5370\u975E\u6A19\u6E96\u9078\u9805\u7684\u8AAA\u660E\n -ea[:<packagename>...|:<classname>]\n -enableassertions[:<packagename>...|:<classname>]\n \u555F\u7528\u542B\u6307\u5B9A\u8A73\u7D30\u7A0B\u5EA6\u7684\u5BA3\u544A\n -da[:<packagename>...|:<classname>]\n -disableassertions[:<packagename>...|:<classname>]\n \u505C\u7528\u542B\u6307\u5B9A\u8A73\u7D30\u7A0B\u5EA6\u7684\u5BA3\u544A\n -esa | -enablesystemassertions\n \u555F\u7528\u7CFB\u7D71\u5BA3\u544A\n -dsa | -disablesystemassertions\n \u505C\u7528\u7CFB\u7D71\u5BA3\u544A\n -agentlib:<libname>[=<options>]\n \u8F09\u5165\u539F\u751F\u4EE3\u7406\u7A0B\u5F0F\u7A0B\u5F0F\u5EAB <libname>\uFF0C\u4F8B\u5982 -agentlib:hprof\n \u53E6\u8ACB\u53C3\u95B1 -agentlib:jdwp=help \u8207 -agentlib:hprof=help\n -agentpath:<pathname>[=<options>]\n \u4F7F\u7528\u5B8C\u6574\u8DEF\u5F91\u540D\u7A31\u8F09\u5165\u539F\u751F\u4EE3\u7406\u7A0B\u5F0F\u7A0B\u5F0F\u5EAB\n -javaagent:<jarpath>[=<options>]\n \u8F09\u5165 Java \u7A0B\u5F0F\u8A9E\u8A00\u4EE3\u7406\u7A0B\u5F0F\uFF0C\u8ACB\u53C3\u95B1 java.lang.instrument\n -splash:<imagepath>\n \u986F\u793A\u6307\u5B9A\u5F71\u50CF\u7684\u8EDF\u9AD4\u8CC7\u8A0A\u756B\u9762\n\u8ACB\u53C3\u95B1 http://www.oracle.com/technetwork/java/javase/documentation/index.html \u66B8\u89E3\u8A73\u7D30\u8CC7\u8A0A\u3002 # Translators please note do not translate the options themselves java.launcher.X.usage=\ -Xmixed \u6DF7\u5408\u6A21\u5F0F\u57F7\u884C (\u9810\u8A2D)\n -Xint \u50C5\u9650\u89E3\u8B6F\u6A21\u5F0F\u57F7\u884C\n -Xbootclasspath:<\u4EE5 {0} \u5206\u9694\u7684\u76EE\u9304\u548C zip/jar \u6A94\u6848>\n \u8A2D\u5B9A\u555F\u52D5\u5B89\u88DD\u985E\u5225\u548C\u8CC7\u6E90\u7684\u641C\u5C0B\u8DEF\u5F91\n -Xbootclasspath/a:<\u4EE5 {0} \u5206\u9694\u7684\u76EE\u9304\u548C zip/jar \u6A94\u6848>\n \u9644\u52A0\u5728\u555F\u52D5\u5B89\u88DD\u985E\u5225\u8DEF\u5F91\u7684\u7D50\u5C3E\n -Xbootclasspath/p:<\u4EE5 {0} \u5206\u9694\u7684\u76EE\u9304\u548C zip/jar \u6A94\u6848>\n \u9644\u52A0\u5728\u555F\u52D5\u5B89\u88DD\u985E\u5225\u8DEF\u5F91\u7684\u524D\u9762\n -Xdiag \u986F\u793A\u5176\u4ED6\u7684\u8A3A\u65B7\u8A0A\u606F\n -Xnoclassgc \u505C\u7528\u985E\u5225\u8CC7\u6E90\u56DE\u6536\n -Xincgc \u555F\u7528\u6F38\u9032\u8CC7\u6E90\u56DE\u6536\n -Xloggc:<file> \u5229\u7528\u6642\u6233\u5C07 GC \u72C0\u614B\u8A18\u9304\u81F3\u6A94\u6848\u4E2D\n -Xbatch \u505C\u7528\u80CC\u666F\u7DE8\u8B6F\n -Xms<size> \u8A2D\u5B9A\u8D77\u59CB Java \u5806\u96C6\u5927\u5C0F\n -Xmx<size> \u8A2D\u5B9A Java \u5806\u96C6\u5927\u5C0F\u4E0A\u9650\n -Xss<size> \u8A2D\u5B9A Java \u57F7\u884C\u7DD2\u5806\u758A\u5927\u5C0F\n -Xprof \u8F38\u51FA CPU \u5206\u6790\u8CC7\u6599\n -Xfuture \u555F\u7528\u6700\u56B4\u683C\u7684\u6AA2\u67E5\uFF0C\u9810\u5148\u4F5C\u70BA\u5C07\u4F86\u7684\u9810\u8A2D\n -Xrs \u6E1B\u5C11 Java/VM \u4F7F\u7528\u4F5C\u696D\u7CFB\u7D71\u4FE1\u865F (\u8ACB\u53C3\u95B1\u6587\u4EF6)\n -Xcheck:jni \u57F7\u884C\u5176\u4ED6\u7684 JNI \u51FD\u6578\u6AA2\u67E5\n -Xshare:off \u4E0D\u5617\u8A66\u4F7F\u7528\u5171\u7528\u985E\u5225\u8CC7\u6599\n -Xshare:auto \u5118\u53EF\u80FD\u4F7F\u7528\u5171\u7528\u985E\u5225\u8CC7\u6599 (\u9810\u8A2D)\n -Xshare:on \u9700\u8981\u4F7F\u7528\u5171\u7528\u985E\u5225\u8CC7\u6599\uFF0C\u5426\u5247\u5931\u6557\u3002\n -XshowSettings \u986F\u793A\u6240\u6709\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\n -XshowSettings:all\n \u986F\u793A\u6240\u6709\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\n -XshowSettings:vm \u986F\u793A\u6240\u6709 VM \u76F8\u95DC\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\n -XshowSettings:properties\n \u986F\u793A\u6240\u6709\u5C6C\u6027\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\n -XshowSettings:locale\n \u986F\u793A\u6240\u6709\u5730\u5340\u8A2D\u5B9A\u76F8\u95DC\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\n\n -X \u9078\u9805\u4E0D\u662F\u6A19\u6E96\u9078\u9805\uFF0C\u82E5\u6709\u8B8A\u66F4\u4E0D\u53E6\u884C\u901A\u77E5\u3002\n
--- a/src/share/classes/sun/misc/resources/Messages.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/misc/resources/Messages.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,21 +32,19 @@ * @author Michael Colburn */ -public class Messages extends java.util.ListResourceBundle { +public final class Messages extends java.util.ListResourceBundle { /** * Returns the contents of this <code>ResourceBundle</code>. * <p> * @return the contents of this <code>ResourceBundle</code>. */ - public Object[][] getContents() { - return contents; + protected Object[][] getContents() { + return new Object[][]{ + {"optpkg.versionerror", "ERROR: Invalid version format used in {0} JAR file. Check the documentation for the supported version format."}, + {"optpkg.attributeerror", "ERROR: The required {0} JAR manifest attribute is not set in {1} JAR file."}, + {"optpkg.attributeserror", "ERROR: Some required JAR manifest attributes are not set in {0} JAR file."} + }; } - private static final Object[][] contents = { - { "optpkg.versionerror", "ERROR: Invalid version format used in {0} JAR file. Check the documentation for the supported version format." }, - { "optpkg.attributeerror", "ERROR: The required {0} JAR manifest attribute is not set in {1} JAR file." }, - { "optpkg.attributeserror", "ERROR: Some required JAR manifest attributes are not set in {0} JAR file." } - }; - }
--- a/src/share/classes/sun/misc/resources/Messages_de.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/misc/resources/Messages_de.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,21 +32,19 @@ * @author Michael Colburn */ -public class Messages_de extends java.util.ListResourceBundle { +public final class Messages_de extends java.util.ListResourceBundle { /** * Returns the contents of this <code>ResourceBundle</code>. * <p> * @return the contents of this <code>ResourceBundle</code>. */ - public Object[][] getContents() { - return contents; + protected Object[][] getContents() { + return new Object[][]{ + {"optpkg.versionerror", "ERROR: In JAR-Datei {0} wurde ein ung\u00FCltiges Versionsformat verwendet. Pr\u00FCfen Sie in der Dokumentation, welches Versionsformat unterst\u00FCtzt wird."}, + {"optpkg.attributeerror", "ERROR: In JAR-Datei {1} ist das erforderliche JAR-Manifestattribut {0} nicht festgelegt."}, + {"optpkg.attributeserror", "ERROR: In JAR-Datei {0} sind einige erforderliche JAR-Manifestattribute nicht festgelegt."} + }; } - private static final Object[][] contents = { - { "optpkg.versionerror", "ERROR: In JAR-Datei {0} wurde ein ung\u00FCltiges Versionsformat verwendet. Pr\u00FCfen Sie in der Dokumentation, welches Versionsformat unterst\u00FCtzt wird." }, - { "optpkg.attributeerror", "ERROR: In JAR-Datei {1} ist das erforderliche JAR-Manifestattribut {0} nicht festgelegt." }, - { "optpkg.attributeserror", "ERROR: In JAR-Datei {0} sind einige erforderliche JAR-Manifestattribute nicht festgelegt." } - }; - }
--- a/src/share/classes/sun/misc/resources/Messages_es.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/misc/resources/Messages_es.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,21 +32,19 @@ * @author Michael Colburn */ -public class Messages_es extends java.util.ListResourceBundle { +public final class Messages_es extends java.util.ListResourceBundle { /** * Returns the contents of this <code>ResourceBundle</code>. * <p> * @return the contents of this <code>ResourceBundle</code>. */ - public Object[][] getContents() { - return contents; + protected Object[][] getContents() { + return new Object[][]{ + {"optpkg.versionerror", "ERROR: el formato del archivo JAR {0} pertenece a una versi\u00F3n no v\u00E1lida. Busque en la documentaci\u00F3n el formato de una versi\u00F3n soportada."}, + {"optpkg.attributeerror", "ERROR: el atributo obligatorio JAR manifest {0} no est\u00E1 definido en el archivo JAR {1}."}, + {"optpkg.attributeserror", "ERROR: algunos atributos obligatorios JAR manifest no est\u00E1n definidos en el archivo JAR {0}."} + }; } - private static final Object[][] contents = { - { "optpkg.versionerror", "ERROR: el formato del archivo JAR {0} pertenece a una versi\u00F3n no v\u00E1lida. Busque en la documentaci\u00F3n el formato de una versi\u00F3n soportada." }, - { "optpkg.attributeerror", "ERROR: el atributo obligatorio JAR manifest {0} no est\u00E1 definido en el archivo JAR {1}." }, - { "optpkg.attributeserror", "ERROR: algunos atributos obligatorios JAR manifest no est\u00E1n definidos en el archivo JAR {0}." } - }; - }
--- a/src/share/classes/sun/misc/resources/Messages_fr.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/misc/resources/Messages_fr.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,21 +32,19 @@ * @author Michael Colburn */ -public class Messages_fr extends java.util.ListResourceBundle { +public final class Messages_fr extends java.util.ListResourceBundle { /** * Returns the contents of this <code>ResourceBundle</code>. * <p> * @return the contents of this <code>ResourceBundle</code>. */ - public Object[][] getContents() { - return contents; + protected Object[][] getContents() { + return new Object[][]{ + {"optpkg.versionerror", "ERREUR\u00A0: le format de version utilis\u00E9 pour le fichier JAR {0} n''est pas valide. Pour conna\u00EEtre le format de version pris en charge, consultez la documentation."}, + {"optpkg.attributeerror", "ERREUR\u00A0: l''attribut manifest JAR {0} obligatoire n''est pas d\u00E9fini dans le fichier JAR {1}."}, + {"optpkg.attributeserror", "ERREUR\u00A0: certains attributs manifest JAR obligatoires ne sont pas d\u00E9finis dans le fichier JAR {0}."} + }; } - private static final Object[][] contents = { - { "optpkg.versionerror", "ERREUR\u00A0: le format de version utilis\u00E9 pour le fichier JAR {0} n''est pas valide. Pour conna\u00EEtre le format de version pris en charge, consultez la documentation." }, - { "optpkg.attributeerror", "ERREUR\u00A0: l''attribut manifest JAR {0} obligatoire n''est pas d\u00E9fini dans le fichier JAR {1}." }, - { "optpkg.attributeserror", "ERREUR\u00A0: certains attributs manifest JAR obligatoires ne sont pas d\u00E9finis dans le fichier JAR {0}." } - }; - }
--- a/src/share/classes/sun/misc/resources/Messages_it.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/misc/resources/Messages_it.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,21 +32,19 @@ * @author Michael Colburn */ -public class Messages_it extends java.util.ListResourceBundle { +public final class Messages_it extends java.util.ListResourceBundle { /** * Returns the contents of this <code>ResourceBundle</code>. * <p> * @return the contents of this <code>ResourceBundle</code>. */ - public Object[][] getContents() { - return contents; + protected Object[][] getContents() { + return new Object[][]{ + {"optpkg.versionerror", "ERRORE: Formato versione non valido nel file JAR {0}. Verificare nella documentazione il formato della versione supportato."}, + {"optpkg.attributeerror", "ERRORE: L''attributo manifest JAR {0} richiesto non \u00E8 impostato nel file JAR {1}."}, + {"optpkg.attributeserror", "ERRORE: Alcuni attributi manifesti JAR obbligatori non sono impostati nel file JAR {0}."} + }; } - private static final Object[][] contents = { - { "optpkg.versionerror", "ERRORE: Formato versione non valido nel file JAR {0}. Verificare nella documentazione il formato della versione supportato." }, - { "optpkg.attributeerror", "ERRORE: L''attributo manifest JAR {0} richiesto non \u00E8 impostato nel file JAR {1}." }, - { "optpkg.attributeserror", "ERRORE: Alcuni attributi manifesti JAR obbligatori non sono impostati nel file JAR {0}." } - }; - }
--- a/src/share/classes/sun/misc/resources/Messages_ja.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/misc/resources/Messages_ja.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,21 +32,19 @@ * @author Michael Colburn */ -public class Messages_ja extends java.util.ListResourceBundle { +public final class Messages_ja extends java.util.ListResourceBundle { /** * Returns the contents of this <code>ResourceBundle</code>. * <p> * @return the contents of this <code>ResourceBundle</code>. */ - public Object[][] getContents() { - return contents; + protected Object[][] getContents() { + return new Object[][]{ + {"optpkg.versionerror", "\u30A8\u30E9\u30FC: JAR\u30D5\u30A1\u30A4\u30EB{0}\u3067\u7121\u52B9\u306A\u30D0\u30FC\u30B8\u30E7\u30F3\u5F62\u5F0F\u304C\u4F7F\u7528\u3055\u308C\u3066\u3044\u307E\u3059\u3002\u30B5\u30DD\u30FC\u30C8\u3055\u308C\u308B\u30D0\u30FC\u30B8\u30E7\u30F3\u5F62\u5F0F\u306B\u3064\u3044\u3066\u306E\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u3092\u53C2\u7167\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, + {"optpkg.attributeerror", "\u30A8\u30E9\u30FC: \u5FC5\u8981\u306AJAR\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u5C5E\u6027{0}\u304CJAR\u30D5\u30A1\u30A4\u30EB{1}\u306B\u8A2D\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002"}, + {"optpkg.attributeserror", "\u30A8\u30E9\u30FC: \u8907\u6570\u306E\u5FC5\u8981\u306AJAR\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u5C5E\u6027\u304CJAR\u30D5\u30A1\u30A4\u30EB{0}\u306B\u8A2D\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002"} + }; } - private static final Object[][] contents = { - { "optpkg.versionerror", "\u30A8\u30E9\u30FC: JAR\u30D5\u30A1\u30A4\u30EB{0}\u3067\u7121\u52B9\u306A\u30D0\u30FC\u30B8\u30E7\u30F3\u5F62\u5F0F\u304C\u4F7F\u7528\u3055\u308C\u3066\u3044\u307E\u3059\u3002\u30B5\u30DD\u30FC\u30C8\u3055\u308C\u308B\u30D0\u30FC\u30B8\u30E7\u30F3\u5F62\u5F0F\u306B\u3064\u3044\u3066\u306E\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u3092\u53C2\u7167\u3057\u3066\u304F\u3060\u3055\u3044\u3002" }, - { "optpkg.attributeerror", "\u30A8\u30E9\u30FC: \u5FC5\u8981\u306AJAR\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u5C5E\u6027{0}\u304CJAR\u30D5\u30A1\u30A4\u30EB{1}\u306B\u8A2D\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002" }, - { "optpkg.attributeserror", "\u30A8\u30E9\u30FC: \u8907\u6570\u306E\u5FC5\u8981\u306AJAR\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u5C5E\u6027\u304CJAR\u30D5\u30A1\u30A4\u30EB{0}\u306B\u8A2D\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002" } - }; - }
--- a/src/share/classes/sun/misc/resources/Messages_ko.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/misc/resources/Messages_ko.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,21 +32,19 @@ * @author Michael Colburn */ -public class Messages_ko extends java.util.ListResourceBundle { +public final class Messages_ko extends java.util.ListResourceBundle { /** * Returns the contents of this <code>ResourceBundle</code>. * <p> * @return the contents of this <code>ResourceBundle</code>. */ - public Object[][] getContents() { - return contents; + protected Object[][] getContents() { + return new Object[][]{ + {"optpkg.versionerror", "\uC624\uB958: {0} JAR \uD30C\uC77C\uC5D0 \uBD80\uC801\uD569\uD55C \uBC84\uC804 \uD615\uC2DD\uC774 \uC0AC\uC6A9\uB418\uC5C8\uC2B5\uB2C8\uB2E4. \uC124\uBA85\uC11C\uC5D0\uC11C \uC9C0\uC6D0\uB418\uB294 \uBC84\uC804 \uD615\uC2DD\uC744 \uD655\uC778\uD558\uC2ED\uC2DC\uC624."}, + {"optpkg.attributeerror", "\uC624\uB958: \uD544\uC694\uD55C {0} JAR manifest \uC18D\uC131\uC774 {1} JAR \uD30C\uC77C\uC5D0 \uC124\uC815\uB418\uC5B4 \uC788\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4."}, + {"optpkg.attributeserror", "\uC624\uB958: \uD544\uC694\uD55C \uC77C\uBD80 JAR manifest \uC18D\uC131\uC774 {0} JAR \uD30C\uC77C\uC5D0 \uC124\uC815\uB418\uC5B4 \uC788\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4."} + }; } - private static final Object[][] contents = { - { "optpkg.versionerror", "\uC624\uB958: {0} JAR \uD30C\uC77C\uC5D0 \uBD80\uC801\uD569\uD55C \uBC84\uC804 \uD615\uC2DD\uC774 \uC0AC\uC6A9\uB418\uC5C8\uC2B5\uB2C8\uB2E4. \uC124\uBA85\uC11C\uC5D0\uC11C \uC9C0\uC6D0\uB418\uB294 \uBC84\uC804 \uD615\uC2DD\uC744 \uD655\uC778\uD558\uC2ED\uC2DC\uC624." }, - { "optpkg.attributeerror", "\uC624\uB958: \uD544\uC694\uD55C {0} JAR manifest \uC18D\uC131\uC774 {1} JAR \uD30C\uC77C\uC5D0 \uC124\uC815\uB418\uC5B4 \uC788\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4." }, - { "optpkg.attributeserror", "\uC624\uB958: \uD544\uC694\uD55C \uC77C\uBD80 JAR manifest \uC18D\uC131\uC774 {0} JAR \uD30C\uC77C\uC5D0 \uC124\uC815\uB418\uC5B4 \uC788\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4." } - }; - }
--- a/src/share/classes/sun/misc/resources/Messages_pt_BR.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/misc/resources/Messages_pt_BR.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,21 +32,19 @@ * @author Michael Colburn */ -public class Messages_pt_BR extends java.util.ListResourceBundle { +public final class Messages_pt_BR extends java.util.ListResourceBundle { /** * Returns the contents of this <code>ResourceBundle</code>. * <p> * @return the contents of this <code>ResourceBundle</code>. */ - public Object[][] getContents() { - return contents; + protected Object[][] getContents() { + return new Object[][]{ + {"optpkg.versionerror", "ERRO: formato de vers\u00E3o inv\u00E1lido usado no arquivo JAR {0}. Verifique a documenta\u00E7\u00E3o para obter o formato de vers\u00E3o suportado."}, + {"optpkg.attributeerror", "ERRO: o atributo de manifesto JAR {0} necess\u00E1rio n\u00E3o est\u00E1 definido no arquivo JAR {1}."}, + {"optpkg.attributeserror", "ERRO: alguns atributos de manifesto JAR necess\u00E1rios n\u00E3o est\u00E3o definidos no arquivo JAR {0}."} + }; } - private static final Object[][] contents = { - { "optpkg.versionerror", "ERRO: formato de vers\u00E3o inv\u00E1lido usado no arquivo JAR {0}. Verifique a documenta\u00E7\u00E3o para obter o formato de vers\u00E3o suportado." }, - { "optpkg.attributeerror", "ERRO: o atributo de manifesto JAR {0} necess\u00E1rio n\u00E3o est\u00E1 definido no arquivo JAR {1}." }, - { "optpkg.attributeserror", "ERRO: alguns atributos de manifesto JAR necess\u00E1rios n\u00E3o est\u00E3o definidos no arquivo JAR {0}." } - }; - }
--- a/src/share/classes/sun/misc/resources/Messages_sv.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/misc/resources/Messages_sv.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,21 +32,19 @@ * @author Michael Colburn */ -public class Messages_sv extends java.util.ListResourceBundle { +public final class Messages_sv extends java.util.ListResourceBundle { /** * Returns the contents of this <code>ResourceBundle</code>. * <p> * @return the contents of this <code>ResourceBundle</code>. */ - public Object[][] getContents() { - return contents; + protected Object[][] getContents() { + return new Object[][]{ + {"optpkg.versionerror", "FEL: Ogiltigt versionsformat i {0} JAR-fil. Kontrollera i dokumentationen vilket versionsformat som st\u00F6ds."}, + {"optpkg.attributeerror", "FEL: Obligatoriskt JAR manifest-attribut {0} \u00E4r inte inst\u00E4llt i {1} JAR-filen."}, + {"optpkg.attributeserror", "FEL: Vissa obligatoriska JAR manifest-attribut \u00E4r inte inst\u00E4llda i {0} JAR-filen."} + }; } - private static final Object[][] contents = { - { "optpkg.versionerror", "FEL: Ogiltigt versionsformat i {0} JAR-fil. Kontrollera i dokumentationen vilket versionsformat som st\u00F6ds." }, - { "optpkg.attributeerror", "FEL: Obligatoriskt JAR manifest-attribut {0} \u00E4r inte inst\u00E4llt i {1} JAR-filen." }, - { "optpkg.attributeserror", "FEL: Vissa obligatoriska JAR manifest-attribut \u00E4r inte inst\u00E4llda i {0} JAR-filen." } - }; - }
--- a/src/share/classes/sun/misc/resources/Messages_zh_CN.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/misc/resources/Messages_zh_CN.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,21 +32,19 @@ * @author Michael Colburn */ -public class Messages_zh_CN extends java.util.ListResourceBundle { +public final class Messages_zh_CN extends java.util.ListResourceBundle { /** * Returns the contents of this <code>ResourceBundle</code>. * <p> * @return the contents of this <code>ResourceBundle</code>. */ - public Object[][] getContents() { - return contents; + protected Object[][] getContents() { + return new Object[][]{ + {"optpkg.versionerror", "\u9519\u8BEF: {0} JAR \u6587\u4EF6\u4E2D\u4F7F\u7528\u7684\u7248\u672C\u683C\u5F0F\u65E0\u6548\u3002\u8BF7\u68C0\u67E5\u6587\u6863\u4EE5\u4E86\u89E3\u652F\u6301\u7684\u7248\u672C\u683C\u5F0F\u3002"}, + {"optpkg.attributeerror", "\u9519\u8BEF: \u5FC5\u8981\u7684{0} JAR \u6E05\u5355\u5C5E\u6027\u672A\u5728{1} JAR \u6587\u4EF6\u4E2D\u8BBE\u7F6E\u3002"}, + {"optpkg.attributeserror", "\u9519\u8BEF: \u67D0\u4E9B\u5FC5\u8981\u7684 JAR \u6E05\u5355\u5C5E\u6027\u672A\u5728{0} JAR \u6587\u4EF6\u4E2D\u8BBE\u7F6E\u3002"} + }; } - private static final Object[][] contents = { - { "optpkg.versionerror", "\u9519\u8BEF: {0} JAR \u6587\u4EF6\u4E2D\u4F7F\u7528\u7684\u7248\u672C\u683C\u5F0F\u65E0\u6548\u3002\u8BF7\u68C0\u67E5\u6587\u6863\u4EE5\u4E86\u89E3\u652F\u6301\u7684\u7248\u672C\u683C\u5F0F\u3002" }, - { "optpkg.attributeerror", "\u9519\u8BEF: \u5FC5\u8981\u7684{0} JAR \u6E05\u5355\u5C5E\u6027\u672A\u5728{1} JAR \u6587\u4EF6\u4E2D\u8BBE\u7F6E\u3002" }, - { "optpkg.attributeserror", "\u9519\u8BEF: \u67D0\u4E9B\u5FC5\u8981\u7684 JAR \u6E05\u5355\u5C5E\u6027\u672A\u5728{0} JAR \u6587\u4EF6\u4E2D\u8BBE\u7F6E\u3002" } - }; - }
--- a/src/share/classes/sun/misc/resources/Messages_zh_TW.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/misc/resources/Messages_zh_TW.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,21 +32,19 @@ * @author Michael Colburn */ -public class Messages_zh_TW extends java.util.ListResourceBundle { +public final class Messages_zh_TW extends java.util.ListResourceBundle { /** * Returns the contents of this <code>ResourceBundle</code>. * <p> * @return the contents of this <code>ResourceBundle</code>. */ - public Object[][] getContents() { - return contents; + protected Object[][] getContents() { + return new Object[][]{ + {"optpkg.versionerror", "\u932F\u8AA4: {0} JAR \u6A94\u4F7F\u7528\u4E86\u7121\u6548\u7684\u7248\u672C\u683C\u5F0F\u3002\u8ACB\u6AA2\u67E5\u6587\u4EF6\uFF0C\u4EE5\u7372\u5F97\u652F\u63F4\u7684\u7248\u672C\u683C\u5F0F\u3002"}, + {"optpkg.attributeerror", "\u932F\u8AA4: {1} JAR \u6A94\u4E2D\u672A\u8A2D\u5B9A\u5FC5\u8981\u7684 {0} JAR \u8CC7\u8A0A\u6E05\u55AE\u5C6C\u6027\u3002"}, + {"optpkg.attributeserror", "\u932F\u8AA4: {0} JAR \u6A94\u4E2D\u672A\u8A2D\u5B9A\u67D0\u4E9B\u5FC5\u8981\u7684 JAR \u8CC7\u8A0A\u6E05\u55AE\u5C6C\u6027\u3002"} + }; } - private static final Object[][] contents = { - { "optpkg.versionerror", "\u932F\u8AA4: {0} JAR \u6A94\u4F7F\u7528\u4E86\u7121\u6548\u7684\u7248\u672C\u683C\u5F0F\u3002\u8ACB\u6AA2\u67E5\u6587\u4EF6\uFF0C\u4EE5\u7372\u5F97\u652F\u63F4\u7684\u7248\u672C\u683C\u5F0F\u3002" }, - { "optpkg.attributeerror", "\u932F\u8AA4: {1} JAR \u6A94\u4E2D\u672A\u8A2D\u5B9A\u5FC5\u8981\u7684 {0} JAR \u8CC7\u8A0A\u6E05\u55AE\u5C6C\u6027\u3002" }, - { "optpkg.attributeserror", "\u932F\u8AA4: {0} JAR \u6A94\u4E2D\u672A\u8A2D\u5B9A\u67D0\u4E9B\u5FC5\u8981\u7684 JAR \u8CC7\u8A0A\u6E05\u55AE\u5C6C\u6027\u3002" } - }; - }
--- a/src/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java Thu Nov 03 18:13:23 2016 +0000 @@ -26,8 +26,10 @@ package sun.net.www.protocol.http; import sun.net.www.*; +import java.util.Collections; import java.util.Iterator; import java.util.HashMap; +import java.util.Set; /** * This class is used to parse the information in WWW-Authenticate: and Proxy-Authenticate: @@ -66,8 +68,8 @@ * -Dhttp.auth.preference="scheme" * * which in this case, specifies that "scheme" should be used as the auth scheme when offered - * disregarding the default prioritisation. If scheme is not offered then the default priority - * is used. + * disregarding the default prioritisation. If scheme is not offered, or explicitly + * disabled, by {@code disabledSchemes}, then the default priority is used. * * Attention: when http.auth.preference is set as SPNEGO or Kerberos, it's actually "Negotiate * with SPNEGO" or "Negotiate with Kerberos", which means the user will prefer the Negotiate @@ -113,17 +115,32 @@ String hdrname; // Name of the header to look for /** - * parse a set of authentication headers and choose the preferred scheme - * that we support for a given host + * Parses a set of authentication headers and chooses the preferred scheme + * that is supported for a given host. */ public AuthenticationHeader (String hdrname, MessageHeader response, HttpCallerInfo hci, boolean dontUseNegotiate) { + this(hdrname, response, hci, dontUseNegotiate, Collections.emptySet()); + } + + /** + * Parses a set of authentication headers and chooses the preferred scheme + * that is supported for a given host. + * + * <p> The {@code disabledSchemes} parameter is a, possibly empty, set of + * authentication schemes that are disabled. + */ + public AuthenticationHeader(String hdrname, + MessageHeader response, + HttpCallerInfo hci, + boolean dontUseNegotiate, + Set<String> disabledSchemes) { this.hci = hci; this.dontUseNegotiate = dontUseNegotiate; - rsp = response; + this.rsp = response; this.hdrname = hdrname; - schemes = new HashMap<String,SchemeMapValue>(); - parse(); + this.schemes = new HashMap<>(); + parse(disabledSchemes); } public HttpCallerInfo getHttpCallerInfo() { @@ -143,10 +160,11 @@ * then the last one will be used. The * preferred scheme that we support will be used. */ - private void parse () { + private void parse(Set<String> disabledSchemes) { Iterator<String> iter = rsp.multiValueIterator(hdrname); while (iter.hasNext()) { String raw = iter.next(); + // HeaderParser lower cases everything, so can be used case-insensitively HeaderParser hp = new HeaderParser(raw); Iterator<String> keys = hp.keys(); int i, lastSchemeIndex; @@ -156,7 +174,8 @@ if (lastSchemeIndex != -1) { HeaderParser hpn = hp.subsequence (lastSchemeIndex, i); String scheme = hpn.findKey(0); - schemes.put (scheme, new SchemeMapValue (hpn, raw)); + if (!disabledSchemes.contains(scheme)) + schemes.put (scheme, new SchemeMapValue (hpn, raw)); } lastSchemeIndex = i; } @@ -164,7 +183,8 @@ if (i > lastSchemeIndex) { HeaderParser hpn = hp.subsequence (lastSchemeIndex, i); String scheme = hpn.findKey(0); - schemes.put(scheme, new SchemeMapValue (hpn, raw)); + if (!disabledSchemes.contains(scheme)) + schemes.put(scheme, new SchemeMapValue (hpn, raw)); } }
--- a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Thu Nov 03 18:13:23 2016 +0000 @@ -25,6 +25,7 @@ package sun.net.www.protocol.http; +import java.security.PrivilegedAction; import java.util.Arrays; import java.net.URL; import java.net.URLConnection; @@ -104,6 +105,14 @@ static final boolean validateProxy; static final boolean validateServer; + /** A, possibly empty, set of authentication schemes that are disabled + * when proxying plain HTTP ( not HTTPS ). */ + static final Set<String> disabledProxyingSchemes; + + /** A, possibly empty, set of authentication schemes that are disabled + * when setting up a tunnel for HTTPS ( HTTP CONNECT ). */ + static final Set<String> disabledTunnelingSchemes; + private StreamingOutputStream strOutputStream; private final static String RETRY_MSG1 = "cannot retry due to proxy authentication, in streaming mode"; @@ -201,6 +210,22 @@ "Via" }; + private static String getNetProperty(String name) { + PrivilegedAction<String> pa = () -> NetProperties.get(name); + return AccessController.doPrivileged(pa); + } + + private static Set<String> schemesListToSet(String list) { + if (list == null || list.isEmpty()) + return Collections.emptySet(); + + Set<String> s = new HashSet<>(); + String[] parts = list.split("\\s*,\\s*"); + for (String part : parts) + s.add(part.toLowerCase(Locale.ROOT)); + return s; + } + static { maxRedirects = java.security.AccessController.doPrivileged( new sun.security.action.GetIntegerAction( @@ -215,6 +240,14 @@ agent = agent + " Java/"+version; } userAgent = agent; + + // A set of net properties to control the use of authentication schemes + // when proxing/tunneling. + String p = getNetProperty("jdk.http.auth.tunneling.disabledSchemes"); + disabledTunnelingSchemes = schemesListToSet(p); + p = getNetProperty("jdk.http.auth.proxying.disabledSchemes"); + disabledProxyingSchemes = schemesListToSet(p); + validateProxy = java.security.AccessController.doPrivileged( new sun.security.action.GetBooleanAction( "http.auth.digest.validateProxy")).booleanValue(); @@ -1586,10 +1619,13 @@ // altered in similar ways. AuthenticationHeader authhdr = new AuthenticationHeader ( - "Proxy-Authenticate", responses, - new HttpCallerInfo(url, http.getProxyHostUsed(), + "Proxy-Authenticate", + responses, + new HttpCallerInfo(url, + http.getProxyHostUsed(), http.getProxyPortUsed()), - dontUseNegotiate + dontUseNegotiate, + disabledProxyingSchemes ); if (!doingNTLMp2ndStage) { @@ -2036,10 +2072,13 @@ } AuthenticationHeader authhdr = new AuthenticationHeader ( - "Proxy-Authenticate", responses, - new HttpCallerInfo(url, http.getProxyHostUsed(), + "Proxy-Authenticate", + responses, + new HttpCallerInfo(url, + http.getProxyHostUsed(), http.getProxyPortUsed()), - dontUseNegotiate + dontUseNegotiate, + disabledTunnelingSchemes ); if (!doingNTLMp2ndStage) { proxyAuthentication =
--- a/src/share/classes/sun/security/ec/CurveDB.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/security/ec/CurveDB.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -664,6 +664,74 @@ 0xFF70, nameSplitPattern); */ + /* + * Brainpool curves (RFC 5639) + * (Twisted curves are not included) + */ + + add("brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1", P, + "E95E4A5F737059DC60DFC7AD95B3D8139515620F", + "340E7BE2A280EB74E2BE61BADA745D97E8F7C300", + "1E589A8595423412134FAA2DBDEC95C8D8675E58", + "BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3", + "1667CB477A1A8EC338F94741669C976316DA6321", + "E95E4A5F737059DC60DF5991D45029409E60FC09", + 1, nameSplitPattern); + + add("brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3", P, + "C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297", + "6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF", + "469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9", + "C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6", + "14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F", + "C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", + 1, nameSplitPattern); + + add("brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5", P, + "D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF", + "68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43", + "2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B", + "0D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D", + "58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD", + "D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", + 1, nameSplitPattern); + + add("brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", P, + "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", + "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", + "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", + "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", + "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", + "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", + 1, nameSplitPattern); + + add("brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9", P, + "D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27", + "3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4", + "520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6", + "43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611", + "14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1", + "D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", + 1, nameSplitPattern); + + add("brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", P, + "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", + "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826", + "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", + "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E", + "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", + "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", + 1, nameSplitPattern); + + add("brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", P, + "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", + "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA", + "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", + "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822", + "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", + "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", + 1, nameSplitPattern); + specCollection = Collections.unmodifiableCollection(oidMap.values()); } }
--- a/src/share/classes/sun/security/pkcs/SignerInfo.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/security/pkcs/SignerInfo.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,20 +28,38 @@ import java.io.OutputStream; import java.io.IOException; import java.math.BigInteger; +import java.security.CryptoPrimitive; +import java.security.InvalidKeyException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.Principal; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; +import java.security.Timestamp; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.CertPath; import java.security.cert.X509Certificate; -import java.security.*; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; +import java.util.EnumSet; +import java.util.Set; +import sun.misc.HexDumpEncoder; import sun.security.timestamp.TimestampToken; -import sun.security.util.*; +import sun.security.util.Debug; +import sun.security.util.DerEncoder; +import sun.security.util.DerInputStream; +import sun.security.util.DerOutputStream; +import sun.security.util.DerValue; +import sun.security.util.DisabledAlgorithmConstraints; +import sun.security.util.KeyUtil; +import sun.security.util.ObjectIdentifier; import sun.security.x509.AlgorithmId; import sun.security.x509.X500Name; import sun.security.x509.KeyUsageExtension; -import sun.misc.HexDumpEncoder; /** * A SignerInfo, as defined in PKCS#7's signedData type. @@ -50,6 +68,17 @@ */ public class SignerInfo implements DerEncoder { + // Digest and Signature restrictions + private static final Set<CryptoPrimitive> DIGEST_PRIMITIVE_SET = + Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.MESSAGE_DIGEST)); + + private static final Set<CryptoPrimitive> SIG_PRIMITIVE_SET = + Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE)); + + private static final DisabledAlgorithmConstraints JAR_DISABLED_CHECK = + new DisabledAlgorithmConstraints( + DisabledAlgorithmConstraints.PROPERTY_JAR_DISABLED_ALGS); + BigInteger version; X500Name issuerName; BigInteger certificateSerialNumber; @@ -318,6 +347,13 @@ if (messageDigest == null) // fail if there is no message digest return null; + // check that algorithm is not restricted + if (!JAR_DISABLED_CHECK.permits(DIGEST_PRIMITIVE_SET, + digestAlgname, null)) { + throw new SignatureException("Digest check failed. " + + "Disabled algorithm used: " + digestAlgname); + } + MessageDigest md = MessageDigest.getInstance(digestAlgname); byte[] computedMessageDigest = md.digest(data); @@ -349,12 +385,26 @@ String algname = AlgorithmId.makeSigAlg( digestAlgname, encryptionAlgname); - Signature sig = Signature.getInstance(algname); + // check that algorithm is not restricted + if (!JAR_DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, algname, null)) { + throw new SignatureException("Signature check failed. " + + "Disabled algorithm used: " + algname); + } + X509Certificate cert = getCertificate(block); - + PublicKey key = cert.getPublicKey(); if (cert == null) { return null; } + + // check if the public key is restricted + if (!JAR_DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) { + throw new SignatureException("Public key check failed. " + + "Disabled key used: " + + KeyUtil.getKeySize(key) + " bit " + + key.getAlgorithm()); + } + if (cert.hasUnsupportedCriticalExtension()) { throw new SignatureException("Certificate has unsupported " + "critical extension(s)"); @@ -391,11 +441,9 @@ } } - PublicKey key = cert.getPublicKey(); + Signature sig = Signature.getInstance(algname); sig.initVerify(key); - sig.update(dataSigned); - if (sig.verify(encryptedDigest)) { return this; } @@ -515,9 +563,16 @@ */ private void verifyTimestamp(TimestampToken token) throws NoSuchAlgorithmException, SignatureException { + String digestAlgname = token.getHashAlgorithm().getName(); + // check that algorithm is not restricted + if (!JAR_DISABLED_CHECK.permits(DIGEST_PRIMITIVE_SET, digestAlgname, + null)) { + throw new SignatureException("Timestamp token digest check failed. " + + "Disabled algorithm used: " + digestAlgname); + } MessageDigest md = - MessageDigest.getInstance(token.getHashAlgorithm().getName()); + MessageDigest.getInstance(digestAlgname); if (!Arrays.equals(token.getHashedMessage(), md.digest(encryptedDigest))) {
--- a/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -816,18 +816,22 @@ /** * Verifies whether the input certificate completes the path. - * Checks the cert against each trust anchor that was specified, in order, - * and returns true as soon as it finds a valid anchor. - * Returns true if the cert matches a trust anchor specified as a - * certificate or if the cert verifies with a trust anchor that - * was specified as a trusted {pubkey, caname} pair. Returns false if none - * of the trust anchors are valid for this cert. + * First checks the cert against each trust anchor that was specified, + * in order, and returns true if the cert matches the trust anchor + * specified as a certificate or has the same key and subject of an anchor + * specified as a trusted {pubkey, caname} pair. + * If no match has been found, does a second check of the cert against + * anchors specified as a trusted {pubkey, caname} pair to see if the cert + * was issued by that anchor. + * Returns false if none of the trust anchors are valid for this cert. * * @param cert the certificate to test * @return a boolean value indicating whether the cert completes the path. */ @Override boolean isPathCompleted(X509Certificate cert) { + List<TrustAnchor> otherAnchors = new ArrayList<>(); + // first, check if cert is already trusted for (TrustAnchor anchor : trustAnchors) { if (anchor.getTrustedCert() != null) { if (cert.equals(anchor.getTrustedCert())) { @@ -849,7 +853,12 @@ } // else, it is a self-issued certificate of the anchor } - + otherAnchors.add(anchor); + } + // next, check if cert is issued by anchor specified by key/name + for (TrustAnchor anchor : otherAnchors) { + X500Principal principal = anchor.getCA(); + PublicKey publicKey = anchor.getCAPublicKey(); // Check subject/issuer name chaining if (principal == null || !principal.equals(cert.getIssuerX500Principal())) {
--- a/src/share/classes/sun/security/tools/jarsigner/Main.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/security/tools/jarsigner/Main.java Thu Nov 03 18:13:23 2016 +0000 @@ -603,6 +603,7 @@ } Manifest man = jf.getManifest(); + boolean hasSignature = false; // The map to record display info, only used when -verbose provided // key: signer info string @@ -618,6 +619,10 @@ while (e.hasMoreElements()) { JarEntry je = e.nextElement(); String name = je.getName(); + + hasSignature = hasSignature + || SignatureFileVerifier.isBlockOrSF(name); + CodeSigner[] signers = je.getCodeSigners(); boolean isSigned = (signers != null); anySigned |= isSigned; @@ -757,8 +762,11 @@ System.out.println(rb.getString("no.manifest.")); if (!anySigned) { - System.out.println(rb.getString( - "jar.is.unsigned.signatures.missing.or.not.parsable.")); + if (hasSignature) { + System.out.println(rb.getString("jar.treated.unsigned")); + } else { + System.out.println(rb.getString("jar.is.unsigned")); + } } else { boolean warningAppeared = false; boolean errorAppeared = false;
--- a/src/share/classes/sun/security/tools/jarsigner/Resources.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/security/tools/jarsigner/Resources.java Thu Nov 03 18:13:23 2016 +0000 @@ -135,8 +135,10 @@ {"no.manifest.", "no manifest."}, {".Signature.related.entries.","(Signature related entries)"}, {".Unsigned.entries.", "(Unsigned entries)"}, - {"jar.is.unsigned.signatures.missing.or.not.parsable.", - "jar is unsigned. (signatures missing or not parsable)"}, + {"jar.is.unsigned", + "jar is unsigned."}, + {"jar.treated.unsigned", + "Signature not parsable or verifiable. The jar will be treated as unsigned. The jar may have been signed with a weak algorithm that is now disabled. For more information, rerun jarsigner with debug enabled (-J-Djava.security.debug=jar)."}, {"jar.signed.", "jar signed."}, {"jar.signed.with.signer.errors.", "jar signed, with signer errors."}, {"jar.verified.", "jar verified."},
--- a/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java Thu Nov 03 18:13:23 2016 +0000 @@ -48,8 +48,12 @@ private static void loadAlgorithmsMap(Map<String, String[]> algorithmsMap, String propertyName) { String property = AccessController.doPrivileged( - (PrivilegedAction<String>) () -> Security.getProperty( - propertyName)); + new PrivilegedAction<String>() { + @Override + public String run() { + return Security.getProperty(propertyName); + } + }); String[] algorithmsInProperty = null; if (property != null && !property.isEmpty()) {
--- a/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Thu Nov 03 18:13:23 2016 +0000 @@ -58,6 +58,10 @@ private final static Map<String, KeySizeConstraints> keySizeConstraintsMap = new HashMap<>(); + // the known security property, jdk.jar.disabledAlgorithms + public static final String PROPERTY_JAR_DISABLED_ALGS = + "jdk.jar.disabledAlgorithms"; + private final String[] disabledAlgorithms; private final KeySizeConstraints keySizeConstraints; @@ -71,6 +75,14 @@ this(propertyName, new AlgorithmDecomposer()); } + /** + * Initialize algorithm constraints with the specified security property + * for a specific usage type. + * + * @param propertyName the security property name that define the disabled + * algorithm constraints + * @param decomposer an alternate AlgorithmDecomposer. + */ public DisabledAlgorithmConstraints(String propertyName, AlgorithmDecomposer decomposer) { super(decomposer);
--- a/src/share/classes/sun/security/util/SignatureFileVerifier.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/classes/sun/security/util/SignatureFileVerifier.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,26 +25,49 @@ package sun.security.util; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.security.CodeSigner; +import java.security.CryptoPrimitive; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.SignatureException; import java.security.cert.CertPath; import java.security.cert.X509Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; -import java.security.*; -import java.io.*; -import java.util.*; -import java.util.jar.*; - -import sun.security.pkcs.*; +import java.util.ArrayList; import java.util.Base64; +import java.util.Collections; +import java.util.EnumSet; +import java.util.HashMap; +import java.util.Hashtable; +import java.util.Iterator; +import java.util.List; +import java.util.Locale; +import java.util.Map; +import java.util.Set; +import java.util.jar.Attributes; +import java.util.jar.JarException; +import java.util.jar.JarFile; +import java.util.jar.Manifest; import sun.security.jca.Providers; +import sun.security.pkcs.PKCS7; +import sun.security.pkcs.SignerInfo; public class SignatureFileVerifier { /* Are we debugging ? */ private static final Debug debug = Debug.getInstance("jar"); - /* cache of CodeSigner objects */ + private static final Set<CryptoPrimitive> DIGEST_PRIMITIVE_SET = + Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.MESSAGE_DIGEST)); + + private static final DisabledAlgorithmConstraints JAR_DISABLED_CHECK = + new DisabledAlgorithmConstraints( + DisabledAlgorithmConstraints.PROPERTY_JAR_DISABLED_ALGS); + private ArrayList<CodeSigner[]> signerCache; private static final String ATTR_DIGEST = @@ -200,8 +223,15 @@ /** get digest from cache */ - private MessageDigest getDigest(String algorithm) - { + private MessageDigest getDigest(String algorithm) throws SignatureException { + // check that algorithm is not restricted + if (!JAR_DISABLED_CHECK.permits(DIGEST_PRIMITIVE_SET, algorithm, null)) { + SignatureException e = + new SignatureException("SignatureFile check failed. " + + "Disabled algorithm used: " + algorithm); + throw e; + } + if (createdDigests == null) createdDigests = new HashMap<String, MessageDigest>(); @@ -321,7 +351,7 @@ private boolean verifyManifestHash(Manifest sf, ManifestDigester md, List<Object> manifestDigests) - throws IOException + throws IOException, SignatureException { Attributes mattr = sf.getMainAttributes(); boolean manifestSigned = false; @@ -365,7 +395,7 @@ private boolean verifyManifestMainAttrs(Manifest sf, ManifestDigester md) - throws IOException + throws IOException, SignatureException { Attributes mattr = sf.getMainAttributes(); boolean attrsVerified = true; @@ -431,14 +461,14 @@ private boolean verifySection(Attributes sfAttr, String name, ManifestDigester md) - throws IOException + throws IOException, SignatureException { boolean oneDigestVerified = false; ManifestDigester.Entry mde = md.get(name,block.isOldStyle()); if (mde == null) { throw new SecurityException( - "no manifiest section for signature file entry "+name); + "no manifest section for signature file entry "+name); } if (sfAttr != null) {
--- a/src/share/javavm/export/jdwpTransport.h Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/javavm/export/jdwpTransport.h Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -96,6 +96,11 @@ */ enum { + /* + * If additional flags are added that apply to jdwpCmdPacket, + * then debugLoop.c: reader() will need to be updated to + * accept more than JDWPTRANSPORT_FLAGS_NONE. + */ JDWPTRANSPORT_FLAGS_NONE = 0x0, JDWPTRANSPORT_FLAGS_REPLY = 0x80 };
--- a/src/share/lib/net.properties Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/lib/net.properties Thu Nov 03 18:13:23 2016 +0000 @@ -72,3 +72,30 @@ # value is 10). # http.KeepAlive.remainingData=512 # http.KeepAlive.queuedConnections=10 + +# Authentication Scheme restrictions for HTTP and HTTPS. +# +# In some environments certain authentication schemes may be undesirable +# when proxying HTTP or HTTPS. For example, "Basic" results in effectively the +# cleartext transmission of the user's password over the physical network. +# This section describes the mechanism for disabling authentication schemes +# based on the scheme name. Disabled schemes will be treated as if they are not +# supported by the implementation. +# +# The 'jdk.http.auth.tunneling.disabledSchemes' property lists the authentication +# schemes that will be disabled when tunneling HTTPS over a proxy, HTTP CONNECT. +# The 'jdk.http.auth.proxying.disabledSchemes' property lists the authentication +# schemes that will be disabled when proxying HTTP. +# +# In both cases the property is a comma-separated list of, case-insensitive, +# authentication scheme names, as defined by their relevant RFCs. An +# implementation may, but is not required to, support common schemes whose names +# include: 'Basic', 'Digest', 'NTLM', 'Kerberos', 'Negotiate'. A scheme that +# is not known, or not supported, by the implementation is ignored. +# +# Note: This property is currently used by the JDK Reference implementation. It +# is not guaranteed to be examined and used by other implementations. +# +#jdk.http.auth.proxying.disabledSchemes= +jdk.http.auth.tunneling.disabledSchemes=Basic +
--- a/src/share/lib/security/java.security-aix Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/lib/security/java.security-aix Thu Nov 03 18:13:23 2016 +0000 @@ -631,3 +631,40 @@ # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} + +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
--- a/src/share/lib/security/java.security-linux Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/lib/security/java.security-linux Thu Nov 03 18:13:23 2016 +0000 @@ -631,3 +631,40 @@ # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} + +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
--- a/src/share/lib/security/java.security-macosx Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/lib/security/java.security-macosx Thu Nov 03 18:13:23 2016 +0000 @@ -634,3 +634,40 @@ # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} + +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
--- a/src/share/lib/security/java.security-solaris Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/lib/security/java.security-solaris Thu Nov 03 18:13:23 2016 +0000 @@ -633,3 +633,40 @@ # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} + +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
--- a/src/share/lib/security/java.security-windows Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/lib/security/java.security-windows Thu Nov 03 18:13:23 2016 +0000 @@ -634,3 +634,40 @@ # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} + +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
--- a/src/share/native/com/sun/java/util/jar/pack/unpack.cpp Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/native/com/sun/java/util/jar/pack/unpack.cpp Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -171,7 +171,10 @@ const char* utf8String() { assert(tagMatches(CONSTANT_Utf8)); - assert(value.b.len == strlen((const char*)value.b.ptr)); + if (value.b.len != strlen((const char*)value.b.ptr)) { + unpack_abort("bad utf8 encoding"); + // and fall through + } return (const char*)value.b.ptr; } @@ -1316,10 +1319,10 @@ CHECK; int nc = 0; - for ( const char* ncp = form.utf8String() ; *ncp; ncp++) { - if (*ncp == 'L') nc++; + for (int j = 0; j < (int)form.value.b.len; j++) { + int c = form.value.b.ptr[j]; + if (c == 'L') nc++; } - ncTotal += nc; e.refs = U_NEW(entry*, cpMap[i].nrefs = 1 + nc); CHECK; @@ -2826,6 +2829,7 @@ } assert(!b.le_bci || prevBCI == (int)to_bci(prevBII)); + CHECK; switch (b.le_len) { case 0: break; case 1: putu1(x); break; @@ -4022,6 +4026,10 @@ uint len = bcimap.length(); uint* map = (uint*) bcimap.base(); assert(len > 0); // must be initialized before using to_bci + if (len == 0) { + abort("bad bcimap"); + return 0; + } if (bii < len) return map[bii]; // Else it's a fractional or out-of-range BCI. @@ -4044,6 +4052,7 @@ break; case 8: // (8) [PH] putu2(to_bci(code_StackMapTable_P.getInt())); + CHECK; break; } } @@ -4091,6 +4100,7 @@ CHECK; for (int curIP = 0; ; curIP++) { + CHECK; int curPC = (int)(wpoffset() - codeBase); bcimap.add(curPC); ensure_put_space(10); // covers most instrs w/o further bounds check @@ -4332,6 +4342,7 @@ int curIP = code_fixup_source.get(i); int destIP = curIP + bc_label.getInt(); int span = to_bci(destIP) - to_bci(curIP); + CHECK; switch (type) { case 2: putu2_at(bp, (ushort)span); break; case 4: putu4_at(bp, span); break; @@ -4528,11 +4539,13 @@ if (tag <= 127) { // (64-127) [(2)] if (tag >= 64) put_stackmap_type(); + CHECK_0; } else if (tag <= 251) { // (247) [(1)(2)] // (248-251) [(1)] if (tag >= 247) putu2(code_StackMapTable_offset.getInt()); if (tag == 247) put_stackmap_type(); + CHECK_0; } else if (tag <= 254) { // (252) [(1)(2)] // (253) [(1)(2)(2)] @@ -4559,6 +4572,7 @@ putu2(count = code_LineNumberTable_N.getInt()); for (j = 0; j < count; j++) { putu2(to_bci(code_LineNumberTable_bci_P.getInt())); + CHECK_0; putu2(code_LineNumberTable_line.getInt()); } break; @@ -4569,9 +4583,11 @@ for (j = 0; j < count; j++) { int bii = code_LocalVariableTable_bci_P.getInt(); int bci = to_bci(bii); + CHECK_0; putu2(bci); bii += code_LocalVariableTable_span_O.getInt(); putu2(to_bci(bii) - bci); + CHECK_0; putref(code_LocalVariableTable_name_RU.getRefN()); CHECK_0; putref(code_LocalVariableTable_type_RS.getRefN()); @@ -4586,9 +4602,11 @@ for (j = 0; j < count; j++) { int bii = code_LocalVariableTypeTable_bci_P.getInt(); int bci = to_bci(bii); + CHECK_0; putu2(bci); bii += code_LocalVariableTypeTable_span_O.getInt(); putu2(to_bci(bii) - bci); + CHECK_0; putref(code_LocalVariableTypeTable_name_RU.getRefN()); CHECK_0; putref(code_LocalVariableTypeTable_type_RS.getRefN()); @@ -5032,6 +5050,7 @@ entry* e = file_name.getRef(); CHECK_0; cur_file.name = e->utf8String(); + CHECK_0; bool haveLongSize = (testBit(archive_options, AO_HAVE_FILE_SIZE_HI)); cur_file.size = file_size_hi.getLong(file_size_lo, haveLongSize); if (testBit(archive_options, AO_HAVE_FILE_MODTIME))
--- a/src/share/native/com/sun/java/util/jar/pack/zip.cpp Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/native/com/sun/java/util/jar/pack/zip.cpp Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -435,7 +435,7 @@ struct tm* s = gmtime_r(&t, &sbuf); if (s == NULL) { fprintf(u->errstrm, "Error: gmtime failure, invalid input archive\n"); - exit(2); + exit(-1); } modtime_cache = modtime; dostime_cache = dostime(s->tm_year + 1900, s->tm_mon + 1, s->tm_mday,
--- a/src/share/native/common/check_code.c Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/native/common/check_code.c Thu Nov 03 18:13:23 2016 +0000 @@ -1286,14 +1286,13 @@ case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial: case JVM_OPC_invokestatic: - case JVM_OPC_invokedynamic: case JVM_OPC_invokeinterface: { /* Make sure the constant pool item is the right type. */ int key = (code[offset + 1] << 8) + code[offset + 2]; const char *methodname; jclass cb = context->class; fullinfo_type clazz_info; - int is_constructor, is_internal, is_invokedynamic; + int is_constructor, is_internal; int kind; switch (opcode ) { @@ -1302,9 +1301,6 @@ ? (1 << JVM_CONSTANT_Methodref) : ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref))); break; - case JVM_OPC_invokedynamic: - kind = 1 << JVM_CONSTANT_NameAndType; - break; case JVM_OPC_invokeinterface: kind = 1 << JVM_CONSTANT_InterfaceMethodref; break; @@ -1312,7 +1308,6 @@ kind = 1 << JVM_CONSTANT_Methodref; } - is_invokedynamic = opcode == JVM_OPC_invokedynamic; /* Make sure the constant pool item is the right type. */ verify_constant_pool_type(context, key, kind); methodname = JVM_GetCPMethodNameUTF(env, cb, key); @@ -1321,11 +1316,8 @@ is_internal = methodname[0] == '<'; pop_and_free(context); - if (is_invokedynamic) - clazz_info = context->object_info; // anything will do - else - clazz_info = cp_index_to_class_fullinfo(context, key, - JVM_CONSTANT_Methodref); + clazz_info = cp_index_to_class_fullinfo(context, key, + JVM_CONSTANT_Methodref); this_idata->operand.i = key; this_idata->operand2.fi = clazz_info; if (is_constructor) { @@ -1380,17 +1372,15 @@ "Fourth operand byte of invokeinterface must be zero"); } pop_and_free(context); - } else if (opcode == JVM_OPC_invokedynamic) { - if (code[offset + 3] != 0 || code[offset + 4] != 0) { - CCerror(context, - "Third and fourth operand bytes of invokedynamic must be zero"); - } } else if (opcode == JVM_OPC_invokevirtual || opcode == JVM_OPC_invokespecial) set_protected(context, inumber, key, opcode); break; } + case JVM_OPC_invokedynamic: + CCerror(context, + "invokedynamic bytecode is not supported in this class file version"); case JVM_OPC_instanceof: case JVM_OPC_checkcast: @@ -2071,7 +2061,6 @@ case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial: case JVM_OPC_invokeinit: /* invokespecial call to <init> */ - case JVM_OPC_invokedynamic: case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: { /* The top stuff on the stack depends on the method signature */ int operand = this_idata->operand.i; @@ -2087,8 +2076,7 @@ print_formatted_methodname(context, operand); } #endif - if (opcode != JVM_OPC_invokestatic && - opcode != JVM_OPC_invokedynamic) + if (opcode != JVM_OPC_invokestatic) /* First, push the object */ *ip++ = (opcode == JVM_OPC_invokeinit ? '@' : 'A'); for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) { @@ -2373,7 +2361,6 @@ case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial: case JVM_OPC_invokeinit: - case JVM_OPC_invokedynamic: case JVM_OPC_invokeinterface: case JVM_OPC_invokestatic: { int operand = this_idata->operand.i; const char *signature = @@ -2383,8 +2370,7 @@ int item; const char *p; check_and_push(context, signature, VM_STRING_UTF); - if (opcode == JVM_OPC_invokestatic || - opcode == JVM_OPC_invokedynamic) { + if (opcode == JVM_OPC_invokestatic) { item = 0; } else if (opcode == JVM_OPC_invokeinit) { fullinfo_type init_type = this_idata->operand2.fi; @@ -2781,7 +2767,6 @@ case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial: case JVM_OPC_invokeinit: - case JVM_OPC_invokedynamic: case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: { /* Look to signature to determine correct result. */ int operand = this_idata->operand.i;
--- a/src/share/native/common/jni_util.c Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/native/common/jni_util.c Thu Nov 03 18:13:23 2016 +0000 @@ -148,6 +148,61 @@ } +/* + * Throw an exception by name, using a given message and the string + * returned by getLastErrorString to construct the detail string. + */ +JNIEXPORT void JNICALL +JNU_ThrowByNameWithMessageAndLastError + (JNIEnv *env, const char *name, const char *message) +{ + char buf[256]; + size_t n = getLastErrorString(buf, sizeof(buf)); + size_t messagelen = message == NULL ? 0 : strlen(message); + + if (n > 0) { + jstring s = JNU_NewStringPlatform(env, buf); + if (s != NULL) { + jobject x = NULL; + if (messagelen) { + jstring s2 = NULL; + size_t messageextlen = messagelen + 4; + char *str1 = (char *)malloc((messageextlen) * sizeof(char)); + if (str1 == 0) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } + jio_snprintf(str1, messageextlen, " (%s)", message); + s2 = (*env)->NewStringUTF(env, str1); + free(str1); + if (s2 != NULL) { + jstring s3 = JNU_CallMethodByName( + env, NULL, s, "concat", + "(Ljava/lang/String;)Ljava/lang/String;", + s2).l; + (*env)->DeleteLocalRef(env, s2); + if (s3 != NULL) { + (*env)->DeleteLocalRef(env, s); + s = s3; + } + } + } + x = JNU_NewObjectByName(env, name, "(Ljava/lang/String;)V", s); + if (x != NULL) { + (*env)->Throw(env, x); + } + } + } + + if (!(*env)->ExceptionOccurred(env)) { + if (messagelen) { + JNU_ThrowByName(env, name, message); + } else { + JNU_ThrowByName(env, name, "no further information"); + } + } +} + /* Throw an exception by name, using the string returned by * JVM_LastErrorString for the detail string. If the last-error * string is NULL, use the given default detail string.
--- a/src/share/native/common/jni_util.h Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/native/common/jni_util.h Thu Nov 03 18:13:23 2016 +0000 @@ -105,6 +105,13 @@ JNU_ThrowByNameWithLastError(JNIEnv *env, const char *name, const char *defaultMessage); +/* Throw an exception by name, using a given message and the string + * returned by getLastErrorString to construct the detail string. + */ +JNIEXPORT void JNICALL +JNU_ThrowByNameWithMessageAndLastError + (JNIEnv *env, const char *name, const char *message); + /* Throw an IOException, using the last-error string for the detail * string. If the last-error string is NULL, use the given default * detail string.
--- a/src/share/native/sun/font/layout/ContextualGlyphSubstProc.cpp Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/native/sun/font/layout/ContextualGlyphSubstProc.cpp Thu Nov 03 18:13:23 2016 +0000 @@ -46,6 +46,7 @@ ContextualGlyphSubstitutionProcessor::ContextualGlyphSubstitutionProcessor(const LEReferenceTo<MorphSubtableHeader> &morphSubtableHeader, LEErrorCode &success) : StateTableProcessor(morphSubtableHeader, success), entryTable(), contextualGlyphSubstitutionHeader(morphSubtableHeader, success) { + if (LE_FAILURE(success)) return; contextualGlyphSubstitutionHeader.orphan(); substitutionTableOffset = SWAPW(contextualGlyphSubstitutionHeader->substitutionTableOffset); @@ -66,10 +67,10 @@ markGlyph = 0; } -ByteOffset ContextualGlyphSubstitutionProcessor::processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index) +ByteOffset ContextualGlyphSubstitutionProcessor::processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index, LEErrorCode &success) { - LEErrorCode success = LE_NO_ERROR; const ContextualGlyphSubstitutionStateEntry *entry = entryTable.getAlias(index, success); + if (LE_FAILURE(success)) return 0; ByteOffset newState = SWAPW(entry->newStateOffset); le_int16 flags = SWAPW(entry->flags); WordOffset markOffset = SWAPW(entry->markOffset);
--- a/src/share/native/sun/font/layout/ContextualGlyphSubstProc.h Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/native/sun/font/layout/ContextualGlyphSubstProc.h Thu Nov 03 18:13:23 2016 +0000 @@ -52,7 +52,7 @@ public: virtual void beginStateTable(); - virtual ByteOffset processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index); + virtual ByteOffset processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index, LEErrorCode &success); virtual void endStateTable();
--- a/src/share/native/sun/font/layout/IndicRearrangementProcessor.cpp Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/native/sun/font/layout/IndicRearrangementProcessor.cpp Thu Nov 03 18:13:23 2016 +0000 @@ -63,10 +63,10 @@ lastGlyph = 0; } -ByteOffset IndicRearrangementProcessor::processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index) +ByteOffset IndicRearrangementProcessor::processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index, LEErrorCode &success) { - LEErrorCode success = LE_NO_ERROR; // todo- make a param? - const IndicRearrangementStateEntry *entry = entryTable.getAlias(index,success); + const IndicRearrangementStateEntry *entry = entryTable.getAlias(index, success); + if (LE_FAILURE(success)) return 0; ByteOffset newState = SWAPW(entry->newStateOffset); IndicRearrangementFlags flags = (IndicRearrangementFlags) SWAPW(entry->flags);
--- a/src/share/native/sun/font/layout/IndicRearrangementProcessor.h Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/native/sun/font/layout/IndicRearrangementProcessor.h Thu Nov 03 18:13:23 2016 +0000 @@ -52,7 +52,7 @@ public: virtual void beginStateTable(); - virtual ByteOffset processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index); + virtual ByteOffset processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index, LEErrorCode &success); virtual void endStateTable();
--- a/src/share/native/sun/font/layout/LigatureSubstProc.cpp Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/native/sun/font/layout/LigatureSubstProc.cpp Thu Nov 03 18:13:23 2016 +0000 @@ -67,9 +67,8 @@ m = -1; } -ByteOffset LigatureSubstitutionProcessor::processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index) +ByteOffset LigatureSubstitutionProcessor::processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index, LEErrorCode &success) { - LEErrorCode success = LE_NO_ERROR; const LigatureSubstitutionStateEntry *entry = entryTable.getAlias(index, success); if (LE_FAILURE(success)) { currGlyph++;
--- a/src/share/native/sun/font/layout/LigatureSubstProc.h Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/native/sun/font/layout/LigatureSubstProc.h Thu Nov 03 18:13:23 2016 +0000 @@ -54,7 +54,7 @@ public: virtual void beginStateTable(); - virtual ByteOffset processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index); + virtual ByteOffset processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index, LEErrorCode &success); virtual void endStateTable();
--- a/src/share/native/sun/font/layout/StateTableProcessor.cpp Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/native/sun/font/layout/StateTableProcessor.cpp Thu Nov 03 18:13:23 2016 +0000 @@ -81,6 +81,7 @@ while (currGlyph <= glyphCount) { if(LE_STATE_PATIENCE_DECR()) break; // patience exceeded. + if (LE_FAILURE(success)) break; ClassCode classCode = classCodeOOB; if (currGlyph == glyphCount) { // XXX: How do we handle EOT vs. EOL? @@ -100,7 +101,7 @@ EntryTableIndex entryTableIndex = stateArray.getObject((le_uint8)classCode, success); if (LE_FAILURE(success)) { break; } LE_STATE_PATIENCE_CURR(le_int32, currGlyph); - currentState = processStateEntry(glyphStorage, currGlyph, entryTableIndex); + currentState = processStateEntry(glyphStorage, currGlyph, entryTableIndex, success); LE_STATE_PATIENCE_INCR(currGlyph); }
--- a/src/share/native/sun/font/layout/StateTableProcessor.h Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/native/sun/font/layout/StateTableProcessor.h Thu Nov 03 18:13:23 2016 +0000 @@ -53,7 +53,7 @@ virtual void beginStateTable() = 0; - virtual ByteOffset processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index) = 0; + virtual ByteOffset processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index, LEErrorCode &success) = 0; virtual void endStateTable() = 0;
--- a/src/share/native/sun/java2d/cmm/lcms/cmsintrp.c Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/native/sun/java2d/cmm/lcms/cmsintrp.c Thu Nov 03 18:13:23 2016 +0000 @@ -244,7 +244,7 @@ // To prevent out of bounds indexing cmsINLINE cmsFloat32Number fclamp(cmsFloat32Number v) { - return v < 0.0f ? 0.0f : (v > 1.0f ? 1.0f : v); + return v < 0.0f || v != v ? 0.0f : (v > 1.0f ? 1.0f : v); } // Floating-point version of 1D interpolation
--- a/src/share/native/sun/java2d/cmm/lcms/cmsio0.c Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/native/sun/java2d/cmm/lcms/cmsio0.c Thu Nov 03 18:13:23 2016 +0000 @@ -1516,6 +1516,13 @@ // If the element is already in memory, return the pointer if (Icc -> TagPtrs[n]) { + if (Icc -> TagTypeHandlers[n] == NULL) goto Error; + BaseType = Icc -> TagTypeHandlers[n]->Signature; + if (BaseType == 0) goto Error; + TagDescriptor = _cmsGetTagDescriptor(Icc-> ContextID, sig); + if (TagDescriptor == NULL) goto Error; + if (!IsTypeSupported(TagDescriptor, BaseType)) goto Error; + if (Icc ->TagSaveAsRaw[n]) goto Error; // We don't support read raw tags as cooked _cmsUnlockMutex(Icc->ContextID, Icc ->UsrMutex);
--- a/src/share/native/sun/java2d/cmm/lcms/cmstypes.c Thu Nov 03 02:53:25 2016 +0000 +++ b/src/share/native/sun/java2d/cmm/lcms/cmstypes.c Thu Nov 03 18:13:23 2016 +0000 @@ -4306,7 +4306,10 @@ // Copy MAX_INPUT_DIMENSIONS at most. Expand to cmsUInt32Number nMaxGrids = InputChans > MAX_INPUT_DIMENSIONS ? MAX_INPUT_DIMENSIONS : InputChans; - for (i=0; i < nMaxGrids; i++) GridPoints[i] = (cmsUInt32Number) Dimensions8[i]; + for (i=0; i < nMaxGrids; i++) { + if (Dimensions8[i] == 1) goto Error; // Impossible value, 0 for no CLUT and then 2 at least + GridPoints[i] = (cmsUInt32Number)Dimensions8[i]; + } // Allocate the true CLUT mpe = cmsStageAllocCLutFloatGranular(self ->ContextID, GridPoints, InputChans, OutputChans, NULL);
--- a/src/solaris/classes/sun/awt/X11GraphicsConfig.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/solaris/classes/sun/awt/X11GraphicsConfig.java Thu Nov 03 18:13:23 2016 +0000 @@ -455,8 +455,12 @@ public VolatileImage createBackBufferImage(Component target, long backBuffer) { + // it is possible for the component to have size 0x0, adjust it to + // be at least 1x1 to avoid IAE + int w = Math.max(1, target.getWidth()); + int h = Math.max(1, target.getHeight()); return new SunVolatileImage(target, - target.getWidth(), target.getHeight(), + w, h, Long.valueOf(backBuffer)); }
--- a/src/solaris/classes/sun/java2d/x11/X11SurfaceDataProxy.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/solaris/classes/sun/java2d/x11/X11SurfaceDataProxy.java Thu Nov 03 18:13:23 2016 +0000 @@ -102,10 +102,13 @@ int w, int h) { if (cachedData == null) { - // Bitmask will be created lazily during the blit phase - cachedData = X11SurfaceData.createData(x11gc, w, h, - x11gc.getColorModel(), - null, 0, getTransparency()); + try { + // Bitmask will be created lazily during the blit phase + cachedData = X11SurfaceData.createData(x11gc, w, h, + x11gc.getColorModel(), + null, 0, getTransparency()); + } catch (OutOfMemoryError oome) { + } } return cachedData; }
--- a/src/solaris/classes/sun/java2d/xr/XRPMBlitLoops.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/solaris/classes/sun/java2d/xr/XRPMBlitLoops.java Thu Nov 03 18:13:23 2016 +0000 @@ -134,6 +134,9 @@ vImg = (SunVolatileImage) dst.getGraphicsConfig().createCompatibleVolatileImage(w, h, src.getTransparency()); vImg.setAccelerationPriority(1.0f); + if (!(vImg.getDestSurface() instanceof XRSurfaceData)) { + throw new InvalidPipeException("Could not create XRSurfaceData"); + } if (src.getTransparency() == SurfaceData.OPAQUE) { rgbTmpPM = new WeakReference<SunVolatileImage>(vImg); } else {
--- a/src/solaris/classes/sun/java2d/xr/XRSurfaceDataProxy.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/solaris/classes/sun/java2d/xr/XRSurfaceDataProxy.java Thu Nov 03 18:13:23 2016 +0000 @@ -59,9 +59,12 @@ public SurfaceData validateSurfaceData(SurfaceData srcData, SurfaceData cachedData, int w, int h) { if (cachedData == null) { - cachedData = XRSurfaceData.createData(xrgc, w, h, - xrgc.getColorModel(), null, 0, - getTransparency(), true); + try { + cachedData = XRSurfaceData.createData(xrgc, w, h, + xrgc.getColorModel(), null, 0, + getTransparency(), true); + } catch (OutOfMemoryError oome) { + } } return cachedData; }
--- a/src/solaris/native/com/sun/media/sound/PLATFORM_API_BsdOS_ALSA_PCM.c Thu Nov 03 02:53:25 2016 +0000 +++ b/src/solaris/native/com/sun/media/sound/PLATFORM_API_BsdOS_ALSA_PCM.c Thu Nov 03 18:13:23 2016 +0000 @@ -434,7 +434,10 @@ snd_output_stdio_attach(&ALSA_OUTPUT, stdout, 0); } #endif - + if (channels <= 0) { + ERROR1("ERROR: Invalid number of channels=%d!\n", channels); + return NULL; + } info = (AlsaPcmInfo*) malloc(sizeof(AlsaPcmInfo)); if (!info) { ERROR0("Out of memory\n");
--- a/src/solaris/native/com/sun/media/sound/PLATFORM_API_LinuxOS_ALSA_PCM.c Thu Nov 03 02:53:25 2016 +0000 +++ b/src/solaris/native/com/sun/media/sound/PLATFORM_API_LinuxOS_ALSA_PCM.c Thu Nov 03 18:13:23 2016 +0000 @@ -434,7 +434,10 @@ snd_output_stdio_attach(&ALSA_OUTPUT, stdout, 0); } #endif - + if (channels <= 0) { + ERROR1("ERROR: Invalid number of channels=%d!\n", channels); + return NULL; + } info = (AlsaPcmInfo*) malloc(sizeof(AlsaPcmInfo)); if (!info) { ERROR0("Out of memory\n");
--- a/src/solaris/native/com/sun/media/sound/PLATFORM_API_SolarisOS_PCM.c Thu Nov 03 02:53:25 2016 +0000 +++ b/src/solaris/native/com/sun/media/sound/PLATFORM_API_SolarisOS_PCM.c Thu Nov 03 18:13:23 2016 +0000 @@ -182,6 +182,10 @@ ERROR1(" DAUDIO_Open: invalid encoding %d\n", (int) encoding); return NULL; } + if (channels <= 0) { + ERROR1(" DAUDIO_Open: Invalid number of channels=%d!\n", channels); + return NULL; + } info = (SolPcmInfo*) malloc(sizeof(SolPcmInfo)); if (!info) {
--- a/src/solaris/native/java/net/net_util_md.c Thu Nov 03 02:53:25 2016 +0000 +++ b/src/solaris/native/java/net/net_util_md.c Thu Nov 03 18:13:23 2016 +0000 @@ -106,6 +106,8 @@ int getDefaultScopeID(JNIEnv *env) { static jclass ni_class = NULL; static jfieldID ni_defaultIndexID; + int defaultIndex = 0; + if (ni_class == NULL) { jclass c = (*env)->FindClass(env, "java/net/NetworkInterface"); CHECK_NULL_RETURN(c, 0); @@ -116,7 +118,6 @@ CHECK_NULL_RETURN(ni_defaultIndexID, 0); ni_class = c; } - int defaultIndex = 0; defaultIndex = (*env)->GetStaticIntField(env, ni_class, ni_defaultIndexID); return defaultIndex; @@ -257,9 +258,7 @@ void NET_ThrowByNameWithLastError(JNIEnv *env, const char *name, const char *defaultDetail) { - char errmsg[255]; - sprintf(errmsg, "errno: %d, error: %s\n", errno, defaultDetail); - JNU_ThrowByNameWithLastError(env, name, errmsg); + JNU_ThrowByNameWithMessageAndLastError(env, name, defaultDetail); } void
--- a/src/solaris/native/sun/java2d/x11/X11SurfaceData.c Thu Nov 03 02:53:25 2016 +0000 +++ b/src/solaris/native/sun/java2d/x11/X11SurfaceData.c Thu Nov 03 18:13:23 2016 +0000 @@ -438,6 +438,15 @@ xsdo->drawable = drawable; xsdo->isPixmap = JNI_FALSE; } else { + /* + * width , height must be nonzero otherwise XCreatePixmap + * generates BadValue in error_handler + */ + if (width <= 0 || height <= 0 || width > 32767 || height > 32767) { + JNU_ThrowOutOfMemoryError(env, + "Can't create offscreen surface"); + return JNI_FALSE; + } xsdo->isPixmap = JNI_TRUE; /* REMIND: workaround for bug 4420220 on pgx32 boards: don't use DGA with pixmaps unless USE_DGA_PIXMAPS is set.
--- a/src/windows/classes/sun/awt/windows/WFramePeer.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/windows/classes/sun/awt/windows/WFramePeer.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -153,6 +153,19 @@ @Override public void setMenuBar(MenuBar mb) { WMenuBarPeer mbPeer = (WMenuBarPeer) WToolkit.targetToPeer(mb); + if (mbPeer != null) { + if (mbPeer.framePeer != this) { + mb.removeNotify(); + mb.addNotify(); + mbPeer = (WMenuBarPeer) WToolkit.targetToPeer(mb); + if (mbPeer != null && mbPeer.framePeer != this) { + throw new IllegalStateException("Wrong parent peer"); + } + } + if (mbPeer != null) { + addChildPeer(mbPeer); + } + } setMenuBar0(mbPeer); updateInsets(insets_); }
--- a/src/windows/classes/sun/awt/windows/WMenuBarPeer.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/windows/classes/sun/awt/windows/WMenuBarPeer.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,6 +31,8 @@ // MenuBarPeer implementation + final WFramePeer framePeer; + @Override public native void addMenu(Menu m); @Override @@ -44,8 +46,11 @@ // Toolkit & peer internals WMenuBarPeer(MenuBar target) { this.target = target; - WFramePeer framePeer = (WFramePeer) + framePeer = (WFramePeer) WToolkit.targetToPeer(target.getParent()); + if (framePeer != null) { + framePeer.addChildPeer(this); + } create(framePeer); // fix for 5088782: check if menu object is created successfully checkMenuCreation();
--- a/src/windows/classes/sun/awt/windows/WMenuItemPeer.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/windows/classes/sun/awt/windows/WMenuItemPeer.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -107,6 +107,7 @@ this.target = target; this.parent = (WMenuPeer) WToolkit.targetToPeer(target.getParent()); this.isCheckbox = isCheckbox; + parent.addChildPeer(this); create(parent); // fix for 5088782: check if menu object is created successfully checkMenuCreation();
--- a/src/windows/classes/sun/awt/windows/WMenuPeer.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/windows/classes/sun/awt/windows/WMenuPeer.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -51,10 +51,12 @@ if (parent instanceof MenuBar) { WMenuBarPeer mbPeer = (WMenuBarPeer) WToolkit.targetToPeer(parent); this.parent = mbPeer; + mbPeer.addChildPeer(this); createMenu(mbPeer); } else if (parent instanceof Menu) { this.parent = (WMenuPeer) WToolkit.targetToPeer(parent); + this.parent.addChildPeer(this); createSubMenu(this.parent); } else {
--- a/src/windows/classes/sun/awt/windows/WObjectPeer.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/windows/classes/sun/awt/windows/WObjectPeer.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,6 +24,9 @@ */ package sun.awt.windows; +import java.util.Map; +import java.util.WeakHashMap; + abstract class WObjectPeer { static { @@ -45,6 +48,8 @@ // used to synchronize the state of this peer private final Object stateLock = new Object(); + private volatile Map<WObjectPeer, WObjectPeer> childPeers; + public static WObjectPeer getPeerForTarget(Object t) { WObjectPeer peer = (WObjectPeer) WToolkit.targetToPeer(t); return peer; @@ -77,6 +82,9 @@ } if (call_disposeImpl) { + if (childPeers != null) { + disposeChildPeers(); + } disposeImpl(); } } @@ -88,4 +96,33 @@ * Initialize JNI field and method IDs */ private static native void initIDs(); + + // if a child peer existence depends on this peer, add it to this collection + final void addChildPeer(WObjectPeer child) { + synchronized (getStateLock()) { + if (childPeers == null) { + childPeers = new WeakHashMap<>(); + } + if (isDisposed()) { + throw new IllegalStateException("Parent peer is disposed"); + } + childPeers.put(child, this); + } + } + + // called to dispose dependent child peers + private void disposeChildPeers() { + synchronized (getStateLock()) { + for (WObjectPeer child : childPeers.keySet()) { + if (child != null) { + try { + child.dispose(); + } + catch (Exception e) { + // ignored + } + } + } + } + } }
--- a/src/windows/classes/sun/awt/windows/WPopupMenuPeer.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/windows/classes/sun/awt/windows/WPopupMenuPeer.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -58,6 +58,7 @@ parent = WToolkit.getNativeContainer((Component)parent); parentPeer = (WComponentPeer) WToolkit.targetToPeer(parent); } + parentPeer.addChildPeer(this); createMenu(parentPeer); // fix for 5088782: check if menu object is created successfully checkMenuCreation();
--- a/src/windows/classes/sun/java2d/opengl/WGLGraphicsConfig.java Thu Nov 03 02:53:25 2016 +0000 +++ b/src/windows/classes/sun/java2d/opengl/WGLGraphicsConfig.java Thu Nov 03 18:13:23 2016 +0000 @@ -323,8 +323,12 @@ @Override public VolatileImage createBackBuffer(WComponentPeer peer) { Component target = (Component)peer.getTarget(); + // it is possible for the component to have size 0x0, adjust it to + // be at least 1x1 to avoid IAE + int w = Math.max(1, target.getWidth()); + int h = Math.max(1, target.getHeight()); return new SunVolatileImage(target, - target.getWidth(), target.getHeight(), + w, h, Boolean.TRUE); }
--- a/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_DirectSound.cpp Thu Nov 03 02:53:25 2016 +0000 +++ b/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_DirectSound.cpp Thu Nov 03 18:13:23 2016 +0000 @@ -859,6 +859,10 @@ ERROR1("DAUDIO_Open: ERROR: cannot open the device with encoding=%d!\n", encoding); return NULL; } + if (channels <= 0) { + ERROR1("DAUDIO_Open: ERROR: Invalid number of channels=%d!\n", channels); + return NULL; + } if (sampleSizeInBits > 8 && #ifdef _LITTLE_ENDIAN isBigEndian
--- a/src/windows/native/java/net/net_util_md.c Thu Nov 03 02:53:25 2016 +0000 +++ b/src/windows/native/java/net/net_util_md.c Thu Nov 03 18:13:23 2016 +0000 @@ -218,9 +218,7 @@ void NET_ThrowByNameWithLastError(JNIEnv *env, const char *name, const char *defaultDetail) { - char errmsg[255]; - sprintf(errmsg, "errno: %d, error: %s\n", WSAGetLastError(), defaultDetail); - JNU_ThrowByNameWithLastError(env, name, errmsg); + JNU_ThrowByNameWithMessageAndLastError(env, name, defaultDetail); } jfieldID
--- a/src/windows/native/sun/windows/awt_Font.cpp Thu Nov 03 02:53:25 2016 +0000 +++ b/src/windows/native/sun/windows/awt_Font.cpp Thu Nov 03 18:13:23 2016 +0000 @@ -640,7 +640,7 @@ int AwtFont::getFontDescriptorNumber(JNIEnv *env, jobject font, jobject fontDescriptor) { - int i, num; + int i, num = 0; jobject refFontDescriptor; jobjectArray array;
--- a/src/windows/native/sun/windows/awt_Frame.cpp Thu Nov 03 02:53:25 2016 +0000 +++ b/src/windows/native/sun/windows/awt_Frame.cpp Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1113,11 +1113,19 @@ void AwtFrame::SetMenuBar(AwtMenuBar* mb) { + if (menuBar) { + menuBar->SetFrame(NULL); + } menuBar = mb; if (mb == NULL) { // Remove existing menu bar, if any. ::SetMenu(GetHWnd(), NULL); } else { + AwtFrame* oldFrame = menuBar->GetFrame(); + if (oldFrame && oldFrame != this) { + oldFrame->SetMenuBar(NULL); + } + menuBar->SetFrame(this); if (menuBar->GetHMenu() != NULL) { ::SetMenu(GetHWnd(), menuBar->GetHMenu()); }
--- a/src/windows/native/sun/windows/awt_MenuBar.cpp Thu Nov 03 02:53:25 2016 +0000 +++ b/src/windows/native/sun/windows/awt_MenuBar.cpp Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -58,6 +58,9 @@ void AwtMenuBar::Dispose() { + if (m_frame != NULL && m_frame->GetMenuBar() == this) { + m_frame->SetMenuBar(NULL); + } m_frame = NULL; AwtMenu::Dispose();
--- a/src/windows/native/sun/windows/awt_MenuBar.h Thu Nov 03 02:53:25 2016 +0000 +++ b/src/windows/native/sun/windows/awt_MenuBar.h Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -63,6 +63,9 @@ virtual AwtMenuBar* GetMenuBar() { return this; } INLINE AwtFrame* GetFrame() { return m_frame; } + INLINE void SetFrame(AwtFrame* frame) { + m_frame = frame; + } virtual HWND GetOwnerHWnd(); virtual void RedrawMenuBar();
--- a/test/ProblemList.txt Thu Nov 03 02:53:25 2016 +0000 +++ b/test/ProblemList.txt Thu Nov 03 18:13:23 2016 +0000 @@ -234,6 +234,9 @@ java/security/KeyPairGenerator/SolarisShortDSA.java solaris-all sun/security/tools/keytool/standard.sh solaris-all +# 8026393 +sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java generic-all + ############################################################################ # jdk_sound
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/awt/image/VolatileImage/VolatileImageBug.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +import java.awt.GraphicsConfiguration; +import java.awt.GraphicsEnvironment; +import java.awt.image.VolatileImage; + +/** + * @test + * @bug 8140530 + * @run main VolatileImageBug + * @summary Creating volatileimage(0,0) should throw IAE + */ +public class VolatileImageBug { + public static void main(String[] args) { + + boolean iaeThrown = false; + GraphicsEnvironment ge = GraphicsEnvironment. + getLocalGraphicsEnvironment(); + GraphicsConfiguration gc = ge.getDefaultScreenDevice(). + getDefaultConfiguration(); + try { + VolatileImage volatileImage = gc.createCompatibleVolatileImage(0, 0); + } catch (IllegalArgumentException iae) { + iaeThrown = true; + } + if (!iaeThrown) { + throw new RuntimeException ("IllegalArgumentException not thrown " + + "for createCompatibleVolatileImage(0,0)"); + } + } +} +
--- a/test/javax/crypto/SecretKeyFactory/FailOverTest.sh Thu Nov 03 02:53:25 2016 +0000 +++ b/test/javax/crypto/SecretKeyFactory/FailOverTest.sh Thu Nov 03 18:13:23 2016 +0000 @@ -88,6 +88,7 @@ ${TESTJAVA}${FS}bin${FS}java \ ${TESTVMOPTS} \ + -Djava.security.properties=${TESTSRC}${FS}security.properties \ -classpath "${TESTSRC}${FS}P1.jar${PS}${TESTSRC}${FS}P2.jar${PS}." \ FailOverTest result=$?
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/crypto/SecretKeyFactory/security.properties Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,26 @@ +# +# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +jdk.security.provider.preferred= +jdk.jar.disabledAlgorithms= +
--- a/test/javax/security/auth/Subject/doAs/NestedActions.java Thu Nov 03 02:53:25 2016 +0000 +++ b/test/javax/security/auth/Subject/doAs/NestedActions.java Thu Nov 03 18:13:23 2016 +0000 @@ -23,6 +23,7 @@ */ import jdk.testlibrary.ProcessTools; +import jdk.testlibrary.JarUtils; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; @@ -35,6 +36,7 @@ import java.util.jar.JarEntry; import java.util.jar.JarOutputStream; import java.util.jar.Manifest; +import java.nio.file.Paths; /** * @test @@ -99,7 +101,7 @@ public static void main(String[] args) throws IOException { if (args.length > 0) { if ("jar".equals(args[0]) && args.length > 2) { - createJar(args[1], + JarUtils.createJar(args[1], Paths.get(TEST_CLASSES + FS), Arrays.copyOfRange(args, 2, args.length)); } else { runJava(args); @@ -109,24 +111,7 @@ } } - static void createJar(String dest, String... files) throws IOException { - System.out.println("Create " + dest + " with the following content:"); - try (JarOutputStream jos = new JarOutputStream( - new FileOutputStream(dest), new Manifest())) { - for (String file : files) { - System.out.println(" " + file); - jos.putNextEntry(new JarEntry(file)); - try (FileInputStream fis = new FileInputStream( - TEST_CLASSES + FS + file)) { - byte[] buffer = new byte[1024]; - int read; - while ((read = fis.read(buffer, 0, buffer.length)) > 0) { - jos.write(buffer, 0, read); - } - } - } - } - } + static void runJava(String[] args) { if (args == null || args.length < 3) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/swing/JEditorPane/6882559/bug6882559.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* @test + @bug 6882559 + @summary new JEditorPane("text/plain","") fails for null context class loader + @author Mikhail Cherkasov + @run main bug6882559 +*/ + +import javax.swing.*; + + +public class bug6882559 { + public static void main(String[] args) throws Exception { + SwingUtilities.invokeAndWait(() -> { + Thread.currentThread().setContextClassLoader(null); + new javax.swing.JEditorPane("text/plain", ""); + }); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/swing/JEditorPane/8158734/bug8158734.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,115 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* @test + @bug 8158734 + @summary JEditorPane.createEditorKitForContentType throws NPE after 6882559 + @author Mikhail Cherkasov + @run main bug8158734 +*/ + +import javax.swing.*; +import javax.swing.text.*; +import java.io.*; +import java.lang.reflect.InvocationTargetException; + + +public class bug8158734 { + + public static final String TYPE = "test/test"; + public static final String TYPE_2 = "test2/test2"; + + static boolean myClassloaderWasUsed = false; + + static class MyEditorKit extends EditorKit { + @Override + public String getContentType() { + return null; + } + + @Override + public ViewFactory getViewFactory() { + return null; + } + + @Override + public Action[] getActions() { + return new Action[0]; + } + + @Override + public Caret createCaret() { + return null; + } + + @Override + public Document createDefaultDocument() { + return null; + } + + @Override + public void read(InputStream in, Document doc, int pos) throws IOException, BadLocationException { + } + + @Override + public void write(OutputStream out, Document doc, int pos, int len) throws IOException, BadLocationException { + + } + + @Override + public void read(Reader in, Document doc, int pos) throws IOException, BadLocationException { + } + + @Override + public void write(Writer out, Document doc, int pos, int len) throws IOException, BadLocationException { + } + } + + static class MyClassloader extends ClassLoader { + @Override + public Class<?> loadClass(String name) throws ClassNotFoundException { + myClassloaderWasUsed = true; + return super.loadClass(name); + } + } + + public static void main(String[] args) throws InvocationTargetException, InterruptedException { + SwingUtilities.invokeAndWait(new Runnable() { + @Override + public void run() { + JEditorPane c = new JEditorPane(); + c.setContentType(TYPE); + + final MyClassloader loader = new MyClassloader(); + JEditorPane.registerEditorKitForContentType(TYPE_2, MyEditorKit.class.getName(), loader); + JEditorPane.registerEditorKitForContentType(TYPE_2, MyEditorKit.class.getName(), null); + JEditorPane.createEditorKitForContentType(TYPE_2); + + if (myClassloaderWasUsed) { + throw new RuntimeException("Class loader has not been removed for '" + TYPE_2 + "' type"); + } + } + }); + + } +} \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/lib/testlibrary/jdk/testlibrary/JarUtils.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,136 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package jdk.testlibrary; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.nio.file.Path; +import java.util.ArrayList; +import java.util.Enumeration; +import java.util.List; +import java.util.jar.JarEntry; +import java.util.jar.JarFile; +import java.util.jar.JarOutputStream; +import java.util.jar.Manifest; + +/** + * Common library for various test jar file utility functions. + */ +public final class JarUtils { + + + /** + * Create jar file with specified files from specified location. + */ + public static void createJar(String dest, Path filesLocation, + String... fileNames) throws IOException { + try (JarOutputStream jos = new JarOutputStream( + new FileOutputStream(dest), new Manifest())) { + for (String fileName : fileNames) { + System.out.println(String.format("Adding %s to %s", + fileName, dest)); + + // add an archive entry, and write a file + jos.putNextEntry(new JarEntry(fileName)); + File file; + if (filesLocation != null) { + file = filesLocation.resolve(fileName).toFile(); + } else { + file = new File(fileName); + } + try (FileInputStream fis = new FileInputStream(file)) { + Utils.transferBetweenStreams(fis, jos); + } + } + } + System.out.println(); + } + + /** + * Create jar file with specified files from current directory. + */ + public static void createJar(String dest, String... files) + throws IOException { + createJar(dest, null, files); + } + + /** + * Add specified files to existing jar file. + */ + public static void updateJar(String src, String dest, String... files) + throws IOException { + try (JarOutputStream jos = new JarOutputStream( + new FileOutputStream(dest))) { + + // copy each old entry into destination unless the entry name + // is in the updated list + List<String> updatedFiles = new ArrayList<>(); + try (JarFile srcJarFile = new JarFile(src)) { + Enumeration<JarEntry> entries = srcJarFile.entries(); + while (entries.hasMoreElements()) { + JarEntry entry = entries.nextElement(); + String name = entry.getName(); + boolean found = false; + for (String file : files) { + if (name.equals(file)) { + updatedFiles.add(file); + found = true; + break; + } + } + + if (found) { + System.out.println(String.format("Updating %s with %s", + dest, name)); + jos.putNextEntry(new JarEntry(name)); + try (FileInputStream fis = new FileInputStream(name)) { + Utils.transferBetweenStreams(fis, jos); + } + } else { + System.out.println(String.format("Copying %s to %s", + name, dest)); + jos.putNextEntry(entry); + Utils.transferBetweenStreams(srcJarFile. + getInputStream(entry), jos); + } + } + } + + // append new files + for (String file : files) { + if (!updatedFiles.contains(file)) { + System.out.println(String.format("Adding %s with %s", + dest, file)); + jos.putNextEntry(new JarEntry(file)); + try (FileInputStream fis = new FileInputStream(file)) { + Utils.transferBetweenStreams(fis, jos); + } + } + } + } + System.out.println(); + } +} \ No newline at end of file
--- a/test/lib/testlibrary/jdk/testlibrary/OutputAnalyzer.java Thu Nov 03 02:53:25 2016 +0000 +++ b/test/lib/testlibrary/jdk/testlibrary/OutputAnalyzer.java Thu Nov 03 18:13:23 2016 +0000 @@ -90,13 +90,14 @@ * @throws RuntimeException * If the string was not found */ - public void shouldContain(String expectedString) { + public OutputAnalyzer shouldContain(String expectedString) { if (!stdout.contains(expectedString) && !stderr.contains(expectedString)) { reportDiagnosticSummary(); throw new RuntimeException("'" + expectedString + "' missing from stdout/stderr \n"); } + return this; } /** @@ -107,12 +108,13 @@ * @throws RuntimeException * If the string was not found */ - public void stdoutShouldContain(String expectedString) { + public OutputAnalyzer stdoutShouldContain(String expectedString) { if (!stdout.contains(expectedString)) { reportDiagnosticSummary(); throw new RuntimeException("'" + expectedString + "' missing from stdout \n"); } + return this; } /** @@ -123,24 +125,25 @@ * @throws RuntimeException * If the string was not found */ - public void stderrShouldContain(String expectedString) { + public OutputAnalyzer stderrShouldContain(String expectedString) { if (!stderr.contains(expectedString)) { reportDiagnosticSummary(); throw new RuntimeException("'" + expectedString + "' missing from stderr \n"); } + return this; } /** * Verify that the stdout and stderr contents of output buffer does not * contain the string * - * @param expectedString + * @param notExpectedString * String that the buffer should not contain * @throws RuntimeException * If the string was found */ - public void shouldNotContain(String notExpectedString) { + public OutputAnalyzer shouldNotContain(String notExpectedString) { if (stdout.contains(notExpectedString)) { reportDiagnosticSummary(); throw new RuntimeException("'" + notExpectedString @@ -151,23 +154,25 @@ throw new RuntimeException("'" + notExpectedString + "' found in stderr \n"); } + return this; } /** * Verify that the stdout contents of output buffer does not contain the * string * - * @param expectedString + * @param notExpectedString * String that the buffer should not contain * @throws RuntimeException * If the string was found */ - public void stdoutShouldNotContain(String notExpectedString) { + public OutputAnalyzer stdoutShouldNotContain(String notExpectedString) { if (stdout.contains(notExpectedString)) { reportDiagnosticSummary(); throw new RuntimeException("'" + notExpectedString + "' found in stdout \n"); } + return this; } /** @@ -195,7 +200,7 @@ * @throws RuntimeException * If the pattern was not found */ - public void shouldMatch(String pattern) { + public OutputAnalyzer shouldMatch(String pattern) { Matcher stdoutMatcher = Pattern.compile(pattern, Pattern.MULTILINE) .matcher(stdout); Matcher stderrMatcher = Pattern.compile(pattern, Pattern.MULTILINE) @@ -205,6 +210,7 @@ throw new RuntimeException("'" + pattern + "' missing from stdout/stderr \n"); } + return this; } /** @@ -214,7 +220,7 @@ * @throws RuntimeException * If the pattern was not found */ - public void stdoutShouldMatch(String pattern) { + public OutputAnalyzer stdoutShouldMatch(String pattern) { Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher( stdout); if (!matcher.find()) { @@ -222,6 +228,7 @@ throw new RuntimeException("'" + pattern + "' missing from stdout \n"); } + return this; } /** @@ -231,7 +238,7 @@ * @throws RuntimeException * If the pattern was not found */ - public void stderrShouldMatch(String pattern) { + public OutputAnalyzer stderrShouldMatch(String pattern) { Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher( stderr); if (!matcher.find()) { @@ -239,6 +246,7 @@ throw new RuntimeException("'" + pattern + "' missing from stderr \n"); } + return this; } /** @@ -249,7 +257,7 @@ * @throws RuntimeException * If the pattern was found */ - public void shouldNotMatch(String pattern) { + public OutputAnalyzer shouldNotMatch(String pattern) { Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher( stdout); if (matcher.find()) { @@ -263,6 +271,7 @@ throw new RuntimeException("'" + pattern + "' found in stderr: '" + matcher.group() + "' \n"); } + return this; } /** @@ -273,13 +282,14 @@ * @throws RuntimeException * If the pattern was found */ - public void stdoutShouldNotMatch(String pattern) { + public OutputAnalyzer stdoutShouldNotMatch(String pattern) { Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher( stdout); if (matcher.find()) { reportDiagnosticSummary(); throw new RuntimeException("'" + pattern + "' found in stdout \n"); } + return this; } /** @@ -290,13 +300,14 @@ * @throws RuntimeException * If the pattern was found */ - public void stderrShouldNotMatch(String pattern) { + public OutputAnalyzer stderrShouldNotMatch(String pattern) { Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher( stderr); if (matcher.find()) { reportDiagnosticSummary(); throw new RuntimeException("'" + pattern + "' found in stderr \n"); } + return this; } /** @@ -344,12 +355,13 @@ * If the exit value from the process did not match the expected * value */ - public void shouldHaveExitValue(int expectedExitValue) { + public OutputAnalyzer shouldHaveExitValue(int expectedExitValue) { if (getExitValue() != expectedExitValue) { reportDiagnosticSummary(); throw new RuntimeException("Expected to get exit value of [" + expectedExitValue + "]\n"); } + return this; } /** @@ -357,11 +369,12 @@ * - standard input produced by the process under test - standard output - * exit code Note: the command line is printed by the ProcessTools */ - private void reportDiagnosticSummary() { + private OutputAnalyzer reportDiagnosticSummary() { String msg = " stdout: [" + stdout + "];\n" + " stderr: [" + stderr + "]\n" + " exitValue = " + getExitValue() + "\n"; System.err.println(msg); + return this; } /**
--- a/test/lib/testlibrary/jdk/testlibrary/Utils.java Thu Nov 03 02:53:25 2016 +0000 +++ b/test/lib/testlibrary/jdk/testlibrary/Utils.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,8 @@ import java.io.File; import java.io.FileReader; import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; import java.net.InetAddress; import java.net.ServerSocket; import java.net.UnknownHostException; @@ -332,4 +334,43 @@ } return null; } + + private static final int BUFFER_SIZE = 1024; + + /** + * Reads all bytes from the input stream and writes the bytes to the + * given output stream in the order that they are read. On return, the + * input stream will be at end of stream. This method does not close either + * stream. + * <p> + * This method may block indefinitely reading from the input stream, or + * writing to the output stream. The behavior for the case where the input + * and/or output stream is <i>asynchronously closed</i>, or the thread + * interrupted during the transfer, is highly input and output stream + * specific, and therefore not specified. + * <p> + * If an I/O error occurs reading from the input stream or writing to the + * output stream, then it may do so after some bytes have been read or + * written. Consequently the input stream may not be at end of stream and + * one, or both, streams may be in an inconsistent state. It is strongly + * recommended that both streams be promptly closed if an I/O error occurs. + * + * @param in the input stream, non-null + * @param out the output stream, non-null + * @return the number of bytes transferred + * @throws IOException if an I/O error occurs when reading or writing + * @throws NullPointerException if {@code in} or {@code out} is {@code null} + * + */ + public static long transferBetweenStreams(InputStream in, OutputStream out) + throws IOException { + long transferred = 0; + byte[] buffer = new byte[BUFFER_SIZE]; + int read; + while ((read = in.read(buffer, 0, BUFFER_SIZE)) >= 0) { + out.write(buffer, 0, read); + transferred += read; + } + return transferred; + } }
--- a/test/sun/security/pkcs/pkcs7/PKCS7VerifyTest.java Thu Nov 03 02:53:25 2016 +0000 +++ b/test/sun/security/pkcs/pkcs7/PKCS7VerifyTest.java Thu Nov 03 18:13:23 2016 +0000 @@ -26,8 +26,8 @@ * @bug 8048357 * @summary Read signed data in one or more PKCS7 objects from individual files, * verify SignerInfos and certificate chain. - * @run main PKCS7VerifyTest PKCS7TEST.DSA.base64 - * @run main PKCS7VerifyTest PKCS7TEST.DSA.base64 PKCS7TEST.SF + * @run main/othervm -Djava.security.properties=${test.src}/reenable.jar.alg.props PKCS7VerifyTest PKCS7TEST.DSA.base64 + * @run main/othervm -Djava.security.properties=${test.src}/reenable.jar.alg.props PKCS7VerifyTest PKCS7TEST.DSA.base64 PKCS7TEST.SF */ import java.io.ByteArrayInputStream; import java.io.File; @@ -35,6 +35,7 @@ import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +import java.security.Security; import java.security.cert.X509Certificate; import java.util.Base64; import java.util.HashMap;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/pkcs/pkcs7/reenable.jar.alg.props Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,24 @@ +# +# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +jdk.jar.disabledAlgorithms=
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/OriginServer.java Thu Nov 03 02:53:25 2016 +0000 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/OriginServer.java Thu Nov 03 18:13:23 2016 +0000 @@ -36,10 +36,12 @@ * Http get request in both clear and secure channel */ -public abstract class OriginServer implements Runnable { +public abstract class OriginServer implements Runnable, Closeable { private ServerSocket server = null; Exception serverException = null; + private volatile boolean closed; + /** * Constructs a OriginServer based on ss and * obtains a response data's bytecodes using the method @@ -53,6 +55,14 @@ throw serverException; } + @Override + public void close() throws IOException { + if (closed) + return; + closed = true; + server.close(); + } + /** * Returns an array of bytes containing the bytes for * the data sent in the response.
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/ProxyAuthTest.java Thu Nov 03 02:53:25 2016 +0000 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/ProxyAuthTest.java Thu Nov 03 18:13:23 2016 +0000 @@ -23,21 +23,30 @@ /* * @test - * @bug 4323990 4413069 + * @bug 4323990 4413069 8160838 * @summary HttpsURLConnection doesn't send Proxy-Authorization on CONNECT * Incorrect checking of proxy server response - * @run main/othervm ProxyAuthTest - * - * No way to reserve and restore java.lang.Authenticator, need to run this - * test in othervm mode. + * @run main/othervm ProxyAuthTest fail + * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Basic ProxyAuthTest fail + * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Basic, ProxyAuthTest fail + * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=BAsIc ProxyAuthTest fail + * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Basic,Digest ProxyAuthTest fail + * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Unknown,bAsIc ProxyAuthTest fail + * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes= ProxyAuthTest succeed + * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Digest,NTLM,Negotiate ProxyAuthTest succeed + * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=UNKNOWN,notKnown ProxyAuthTest succeed */ +// No way to reserve and restore java.lang.Authenticator, as well as read-once +// system properties, so this tests needs to run in othervm mode. + import java.io.*; import java.net.*; import java.security.KeyStore; import javax.net.*; import javax.net.ssl.*; import java.security.cert.*; +import static java.nio.charset.StandardCharsets.US_ASCII; /* * ProxyAuthTest.java -- includes a simple server that can serve @@ -74,7 +83,7 @@ */ public byte[] getBytes() { return "Proxy authentication for tunneling succeeded ..". - getBytes(); + getBytes(US_ASCII); } } @@ -82,6 +91,13 @@ * Main method to create the server and the client */ public static void main(String args[]) throws Exception { + boolean expectSuccess; + if (args[0].equals("succeed")) { + expectSuccess = true; + } else { + expectSuccess = false; + } + String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + "/" + keyStoreFile; @@ -98,12 +114,13 @@ /* * setup the server */ + Closeable server; try { ServerSocketFactory ssf = ProxyAuthTest.getServerSocketFactory(useSSL); ServerSocket ss = ssf.createServerSocket(serverPort); serverPort = ss.getLocalPort(); - new TestServer(ss); + server = new TestServer(ss); } catch (Exception e) { System.out.println("Server side failed:" + e.getMessage()); @@ -112,10 +129,28 @@ // trigger the client try { doClientSide(); - } catch (Exception e) { + if (!expectSuccess) { + throw new RuntimeException( + "Expected exception/failure to connect, but succeeded."); + } + } catch (IOException e) { + if (expectSuccess) { System.out.println("Client side failed: " + e.getMessage()); throw e; } + + if (! (e.getMessage().contains("Unable to tunnel through proxy") && + e.getMessage().contains("407")) ) { + throw new RuntimeException( + "Expected exception about cannot tunnel, 407, etc, but got", e); + } else { + // Informative + System.out.println("Caught expected exception: " + e.getMessage()); + } + } finally { + if (server != null) + server.close(); + } } private static ServerSocketFactory getServerSocketFactory @@ -144,11 +179,11 @@ } } - static void doClientSide() throws Exception { + static void doClientSide() throws IOException { /* * setup up a proxy with authentication information */ - setupProxy(); + ProxyTunnelServer ps = setupProxy(); /* * we want to avoid URLspoofCheck failures in cases where the cert @@ -156,18 +191,28 @@ */ HttpsURLConnection.setDefaultHostnameVerifier( new NameVerifier()); + + InetSocketAddress paddr = new InetSocketAddress("localhost", ps.getPort()); + Proxy proxy = new Proxy(Proxy.Type.HTTP, paddr); + URL url = new URL("https://" + "localhost:" + serverPort + "/index.html"); BufferedReader in = null; + HttpsURLConnection uc = (HttpsURLConnection) url.openConnection(proxy); try { - in = new BufferedReader(new InputStreamReader( - url.openStream())); + in = new BufferedReader(new InputStreamReader(uc.getInputStream())); String inputLine; System.out.print("Client recieved from the server: "); while ((inputLine = in.readLine()) != null) System.out.println(inputLine); in.close(); - } catch (SSLException e) { + } catch (IOException e) { + // Assert that the error stream is not accessible from the failed + // tunnel setup. + if (uc.getErrorStream() != null) { + throw new RuntimeException("Unexpected error stream."); + } + if (in != null) in.close(); throw e; @@ -180,7 +225,7 @@ } } - static void setupProxy() throws IOException { + static ProxyTunnelServer setupProxy() throws IOException { ProxyTunnelServer pserver = new ProxyTunnelServer(); /* * register a system wide authenticator and setup the proxy for @@ -193,9 +238,7 @@ pserver.setUserAuth("Test", "test123"); pserver.start(); - System.setProperty("https.proxyHost", "localhost"); - System.setProperty("https.proxyPort", String.valueOf( - pserver.getPort())); + return pserver; } public static class TestAuthenticator extends Authenticator { @@ -206,3 +249,4 @@ } } } +
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/ProxyTunnelServer.java Thu Nov 03 02:53:25 2016 +0000 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/ProxyTunnelServer.java Thu Nov 03 18:13:23 2016 +0000 @@ -65,6 +65,7 @@ ss = (ServerSocket) ServerSocketFactory.getDefault(). createServerSocket(0); } + setDaemon(true); } public void needUserAuth(boolean auth) { @@ -211,6 +212,7 @@ this.sockOut = sockOut; input = sockIn.getInputStream(); output = sockOut.getOutputStream(); + setDaemon(true); } public void run() {
--- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxyWithAuth.sh Thu Nov 03 02:53:25 2016 +0000 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxyWithAuth.sh Thu Nov 03 18:13:23 2016 +0000 @@ -53,5 +53,7 @@ ${COMPILEJAVA}${FS}bin${FS}javac ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} -d . ${TESTSRC}${FS}OriginServer.java \ ${TESTSRC}${FS}ProxyTunnelServer.java \ ${TESTSRC}${FS}PostThruProxyWithAuth.java -${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} PostThruProxyWithAuth ${HOSTNAME} ${TESTSRC} +${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} \ + -Djdk.http.auth.tunneling.disabledSchemes= \ + PostThruProxyWithAuth ${HOSTNAME} ${TESTSRC} exit
--- a/test/sun/security/tools/jarsigner/JarSigningNonAscii.java Thu Nov 03 02:53:25 2016 +0000 +++ b/test/sun/security/tools/jarsigner/JarSigningNonAscii.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,10 +25,12 @@ * @test * @bug 4924188 * @summary sign a JAR file that has entry names with non-ASCII characters. + * @run main/othervm -Djava.security.properties=${test.src}/reenable.jar.alg.props JarSigningNonAscii */ import sun.security.tools.*; import java.io.*; +import java.security.Security; import java.util.*; import java.util.jar.*; import java.security.cert.Certificate;
--- a/test/sun/security/tools/jarsigner/TimestampCheck.java Thu Nov 03 02:53:25 2016 +0000 +++ b/test/sun/security/tools/jarsigner/TimestampCheck.java Thu Nov 03 18:13:23 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -58,7 +58,12 @@ static final String defaultPolicyId = "2.3.4.5"; - static class Handler implements HttpHandler { + static class Handler implements HttpHandler, AutoCloseable { + + private final HttpServer httpServer; + private final String keystore; + + @Override public void handle(HttpExchange t) throws IOException { int len = 0; for (String h: t.getRequestHeaders().keySet()) { @@ -136,7 +141,9 @@ // Write TSResponse System.err.println("\nResponse\n==================="); KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(new FileInputStream(TSKS), "changeit".toCharArray()); + try (FileInputStream fis = new FileInputStream(keystore)) { + ks.load(fis, "changeit".toCharArray()); + } String alias = "ts"; if (path == 6) alias = "tsbad1"; @@ -240,35 +247,72 @@ return out.toByteArray(); } - } - public static void main(String[] args) throws Exception { - - Handler h = new Handler(); - HttpServer server = HttpServer.create(new InetSocketAddress(0), 0); - int port = server.getAddress().getPort(); - HttpContext ctx = server.createContext("/", h); - server.start(); + private Handler(HttpServer httpServer, String keystore) { + this.httpServer = httpServer; + this.keystore = keystore; + } - String cmd = null; - // Use -J-Djava.security.egd=file:/dev/./urandom to speed up - // nonce generation in timestamping request. Not avaibale on - // Windows and defaults to thread seed generator, not too bad. - if (System.getProperty("java.home").endsWith("jre")) { - cmd = System.getProperty("java.home") + "/../bin/jarsigner" + - " -J-Djava.security.egd=file:/dev/./urandom" + - " -debug -keystore " + TSKS + " -storepass changeit" + - " -tsa http://localhost:" + port + "/%d" + - " -signedjar new_%d.jar " + JAR + " old"; - } else { - cmd = System.getProperty("java.home") + "/bin/jarsigner" + - " -J-Djava.security.egd=file:/dev/./urandom" + - " -debug -keystore " + TSKS + " -storepass changeit" + - " -tsa http://localhost:" + port + "/%d" + - " -signedjar new_%d.jar " + JAR + " old"; + /** + * Initialize TSA instance. + * + * Extended Key Info extension of certificate that is used for + * signing TSA responses should contain timeStamping value. + */ + static Handler init(int port, String keystore) throws IOException { + HttpServer httpServer = HttpServer.create( + new InetSocketAddress(port), 0); + Handler tsa = new Handler(httpServer, keystore); + httpServer.createContext("/", tsa); + return tsa; + } + + /** + * Start TSA service. + */ + void start() { + httpServer.start(); } - try { + /** + * Stop TSA service. + */ + void stop() { + httpServer.stop(0); + } + + /** + * Return server port number. + */ + int getPort() { + return httpServer.getAddress().getPort(); + } + + @Override + public void close() throws Exception { + stop(); + } + } + public static void main(String[] args) throws Exception { + try (Handler tsa = Handler.init(0, TSKS);) { + tsa.start(); + int port = tsa.getPort(); + + String cmd; + // Use -J-Djava.security.egd=file:/dev/./urandom to speed up + // nonce generation in timestamping request. Not avaibale on + // Windows and defaults to thread seed generator, not too bad. + if (System.getProperty("java.home").endsWith("jre")) { + cmd = System.getProperty("java.home") + "/../bin/jarsigner"; + } else { + cmd = System.getProperty("java.home") + "/bin/jarsigner"; + } + + cmd += " -J-Djava.security.egd=file:/dev/./urandom" + + " -debug -keystore " + TSKS + " -storepass changeit" + + " -tsa http://localhost:" + port + "/%d" + + " -signedjar new_%d.jar " + JAR + " old"; + if (args.length == 0) { // Run this test jarsigner(cmd, 0, true); // Success, normal call jarsigner(cmd, 1, false); // These 4 should fail @@ -289,8 +333,6 @@ System.err.println("Press Enter to quit server"); System.in.read(); } - } finally { - server.stop(0); } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/TsacertOptionTest.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,147 @@ +/* + * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import jdk.testlibrary.OutputAnalyzer; +import jdk.testlibrary.ProcessTools; +import jdk.testlibrary.JarUtils; + +/** + * @test + * @bug 8024302 8026037 + * @summary The test signs and verifies a jar file with -tsacert option + * @library /lib/testlibrary + * @run main TsacertOptionTest + */ +public class TsacertOptionTest { + + private static final String FS = System.getProperty("file.separator"); + private static final String JAVA_HOME = System.getProperty("test.jdk"); + private static final String KEYTOOL = JAVA_HOME + FS + "bin" + FS + + "keytool"; + private static final String JARSIGNER = JAVA_HOME + FS + "bin" + FS + + "jarsigner"; + private static final String UNSIGNED_JARFILE = "unsigned.jar"; + private static final String SIGNED_JARFILE = "signed.jar"; + private static final String FILENAME = TsacertOptionTest.class.getName() + + ".txt"; + private static final String PASSWORD = "changeit"; + private static final String KEYSTORE = "ks.jks"; + private static final String SIGNING_KEY_ALIAS = "sign_alias"; + private static final String TSA_KEY_ALIAS = "ts"; + private static final String KEY_ALG = "RSA"; + private static final int KEY_SIZE = 2048; + private static final int VALIDITY = 365; + private static final String WARNING = "Warning:"; + private static final String JAR_SIGNED = "jar signed."; + private static final String JAR_VERIFIED = "jar verified."; + + /** + * The test signs and verifies a jar file with -tsacert option, + * and checks that no warning was shown. + * A certificate that is addressed in -tsacert option contains URL to TSA + * in Subject Information Access extension. + */ + public static void main(String[] args) throws Throwable { + TsacertOptionTest test = new TsacertOptionTest(); + test.start(); + } + + void start() throws Throwable { + // create a jar file that contains one file + Utils.createFiles(FILENAME); + JarUtils.createJar(UNSIGNED_JARFILE, FILENAME); + + // look for free network port for TSA service + int port = jdk.testlibrary.Utils.getFreePort(); + String host = jdk.testlibrary.Utils.getHostname(); + String tsaUrl = "http://" + host + ":" + port; + + // create key pair for jar signing + ProcessTools.executeCommand(KEYTOOL, + "-genkey", + "-alias", SIGNING_KEY_ALIAS, + "-keyalg", KEY_ALG, + "-keysize", Integer.toString(KEY_SIZE), + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-dname", "CN=Test", + "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + + // create key pair for TSA service + // SubjectInfoAccess extension contains URL to TSA service + ProcessTools.executeCommand(KEYTOOL, + "-genkey", + "-v", + "-alias", TSA_KEY_ALIAS, + "-keyalg", KEY_ALG, + "-keysize", Integer.toString(KEY_SIZE), + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-dname", "CN=TSA", + "-ext", "ExtendedkeyUsage:critical=timeStamping", + "-ext", "SubjectInfoAccess=timeStamping:URI:" + tsaUrl, + "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + + try (TimestampCheck.Handler tsa = TimestampCheck.Handler.init(port, + KEYSTORE);) { + + // start TSA + tsa.start(); + + // sign jar file + // specify -tsadigestalg option because + // TSA server uses SHA-1 digest algorithm + OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verbose", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-signedjar", SIGNED_JARFILE, + "-tsacert", TSA_KEY_ALIAS, + "-tsadigestalg", "SHA-1", + UNSIGNED_JARFILE, + SIGNING_KEY_ALIAS); + + analyzer.shouldHaveExitValue(0); + analyzer.stdoutShouldNotContain(WARNING); + analyzer.shouldContain(JAR_SIGNED); + + // verify signed jar + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verbose", + "-verify", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + SIGNED_JARFILE); + + analyzer.shouldHaveExitValue(0); + analyzer.stdoutShouldNotContain(WARNING); + analyzer.shouldContain(JAR_VERIFIED); + } + + System.out.println("Test passed"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/Utils.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.io.File; +import java.io.IOException; + +/** + * Helper class. + */ +public class Utils { + + static void createFiles(String... filenames) throws IOException { + for (String filename : filenames) { + new File(filename).createNewFile(); + } + } + +} +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/reenable.jar.alg.props Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,24 @@ +# +# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +jdk.jar.disabledAlgorithms=
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/AliasNotInStoreTest.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,149 @@ +/* + * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import jdk.testlibrary.OutputAnalyzer; +import jdk.testlibrary.ProcessTools; +import jdk.testlibrary.JarUtils; + +/** + * @test + * @bug 8024302 8026037 + * @summary Test for aliasNotInStore warning + * @library /lib/testlibrary ../ + * @run main AliasNotInStoreTest + */ +public class AliasNotInStoreTest extends Test { + + /** + * The test signs and verifies a jar that contains signed entries + * that are not signed by any alias in keystore (aliasNotInStore). + * Warning message is expected. + */ + public static void main(String[] args) throws Throwable { + AliasNotInStoreTest test = new AliasNotInStoreTest(); + test.start(); + } + + private void start() throws Throwable { + Utils.createFiles(FIRST_FILE, SECOND_FILE); + System.out.println(String.format("Create a %s that contains %s", + new Object[]{UNSIGNED_JARFILE, FIRST_FILE})); + JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); + + // create first key pair for signing + ProcessTools.executeCommand(KEYTOOL, + "-genkey", + "-alias", FIRST_KEY_ALIAS, + "-keyalg", KEY_ALG, + "-keysize", Integer.toString(KEY_SIZE), + "-keystore", BOTH_KEYS_KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-dname", "CN=First", + "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + + // create second key pair for signing + ProcessTools.executeCommand(KEYTOOL, + "-genkey", + "-alias", SECOND_KEY_ALIAS, + "-keyalg", KEY_ALG, + "-keysize", Integer.toString(KEY_SIZE), + "-keystore", BOTH_KEYS_KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-dname", "CN=Second", + "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + + // sign jar with first key + OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, + "-keystore", BOTH_KEYS_KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-signedjar", SIGNED_JARFILE, + UNSIGNED_JARFILE, + FIRST_KEY_ALIAS); + + checkSigning(analyzer); + + System.out.println(String.format("Copy %s to %s, and add %s", + new Object[] {SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, + SECOND_FILE})); + + JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE); + + // sign jar with second key + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-keystore", BOTH_KEYS_KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + UPDATED_SIGNED_JARFILE, + SECOND_KEY_ALIAS); + + checkSigning(analyzer); + + // create keystore that contains only first key + ProcessTools.executeCommand(KEYTOOL, + "-importkeystore", + "-srckeystore", BOTH_KEYS_KEYSTORE, + "-srcalias", FIRST_KEY_ALIAS, + "-srcstorepass", PASSWORD, + "-srckeypass", PASSWORD, + "-destkeystore", FIRST_KEY_KEYSTORE, + "-destalias", FIRST_KEY_ALIAS, + "-deststorepass", PASSWORD, + "-destkeypass", PASSWORD).shouldHaveExitValue(0); + + // verify jar with keystore that contains only first key in strict mode, + // so there is signed entry (FirstClass.class) that is not signed + // by any alias in the keystore + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-verbose", + "-keystore", FIRST_KEY_KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + UPDATED_SIGNED_JARFILE); + + checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING, + ALIAS_NOT_IN_STORE_VERIFYING_WARNING); + + // verify jar with keystore that contains only first key in strict mode + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-verbose", + "-strict", + "-keystore", FIRST_KEY_KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + UPDATED_SIGNED_JARFILE); + + int expectedExitCode = ALIAS_NOT_IN_STORE_EXIT_CODE + + CHAIN_NOT_VALIDATED_EXIT_CODE; + checkVerifying(analyzer, expectedExitCode, + CHAIN_NOT_VALIDATED_VERIFYING_WARNING, + ALIAS_NOT_IN_STORE_VERIFYING_WARNING); + + System.out.println("Test passed"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/BadExtendedKeyUsageTest.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,106 @@ +/* + * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import jdk.testlibrary.OutputAnalyzer; +import jdk.testlibrary.ProcessTools; +import jdk.testlibrary.JarUtils; + +/** + * @test + * @bug 8024302 8026037 + * @summary Test for badExtendedKeyUsage warning + * @library /lib/testlibrary ../ + * @run main BadExtendedKeyUsageTest + */ +public class BadExtendedKeyUsageTest extends Test { + + /** + * The test signs and verifies a jar that contains entries + * whose signer certificate's ExtendedKeyUsage extension + * doesn't allow code signing (badExtendedKeyUsage). + * Warning message is expected. + */ + public static void main(String[] args) throws Throwable { + BadExtendedKeyUsageTest test = new BadExtendedKeyUsageTest(); + test.start(); + } + + private void start() throws Throwable { + // create a jar file that contains one class file + Utils.createFiles(FIRST_FILE); + JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); + + // create a certificate whose signer certificate's + // ExtendedKeyUsage extension doesn't allow code signing + ProcessTools.executeCommand(KEYTOOL, + "-genkey", + "-alias", KEY_ALIAS, + "-keyalg", KEY_ALG, + "-keysize", Integer.toString(KEY_SIZE), + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-dname", "CN=Test", + "-ext", "ExtendedkeyUsage=serverAuth", + "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + + // sign jar + OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verbose", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-signedjar", SIGNED_JARFILE, + UNSIGNED_JARFILE, + KEY_ALIAS); + + checkSigning(analyzer, BAD_EXTENDED_KEY_USAGE_SIGNING_WARNING); + + // verify signed jar + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-verbose", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + SIGNED_JARFILE); + + checkVerifying(analyzer, 0, BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING); + + // verity signed jar in strict mode + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-verbose", + "-strict", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + SIGNED_JARFILE); + + checkVerifying(analyzer, BAD_EXTENDED_KEY_USAGE_EXIT_CODE, + BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING); + + System.out.println("Test passed"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,107 @@ +/* + * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import jdk.testlibrary.OutputAnalyzer; +import jdk.testlibrary.ProcessTools; +import jdk.testlibrary.JarUtils; + +/** + * @test + * @bug 8024302 8026037 + * @summary Test for badKeyUsage warning + * @library /lib/testlibrary ../ + * @ignore until 8026393 is fixed + * @run main BadKeyUsageTest + */ +public class BadKeyUsageTest extends Test { + + /** + * The test signs and verifies a jar that contains entries + * whose signer certificate's KeyUsage extension + * doesn't allow code signing (badKeyUsage). + * Warning message is expected. + */ + public static void main(String[] args) throws Throwable { + BadKeyUsageTest test = new BadKeyUsageTest(); + test.start(); + } + + private void start() throws Throwable { + // create a jar file that contains one class file + Utils.createFiles(FIRST_FILE); + JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); + + // create a certificate whose signer certificate's KeyUsage extension + // doesn't allow code signing + ProcessTools.executeCommand(KEYTOOL, + "-genkey", + "-alias", KEY_ALIAS, + "-keyalg", KEY_ALG, + "-keysize", Integer.toString(KEY_SIZE), + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-dname", "CN=Test", + "-ext", "KeyUsage=keyAgreement", + "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + + // sign jar + OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verbose", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-signedjar", SIGNED_JARFILE, + UNSIGNED_JARFILE, + KEY_ALIAS); + + checkSigning(analyzer, BAD_KEY_USAGE_SIGNING_WARNING); + + // verify signed jar + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-verbose", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + SIGNED_JARFILE); + + checkVerifying(analyzer, 0, BAD_KEY_USAGE_VERIFYING_WARNING); + + // verify signed jar in strict mode + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-verbose", + "-strict", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + SIGNED_JARFILE); + + checkVerifying(analyzer, BAD_KEY_USAGE_EXIT_CODE, + BAD_KEY_USAGE_VERIFYING_WARNING); + + System.out.println("Test passed"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/BadNetscapeCertTypeTest.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import jdk.testlibrary.OutputAnalyzer; +import jdk.testlibrary.ProcessTools; +import jdk.testlibrary.JarUtils; + +import java.nio.file.Files; +import java.nio.file.Paths; +import java.util.Base64; + +/** + * @test + * @bug 8024302 8026037 + * @summary Test for badNetscapeCertType warning + * @library /lib/testlibrary ../ + * @run main BadNetscapeCertTypeTest + */ +public class BadNetscapeCertTypeTest extends Test { + + private static final String NETSCAPE_KEYSTORE_BASE64 = TEST_SOURCES + FS + + "bad_netscape_cert_type.jks.base64"; + + private static final String NETSCAPE_KEYSTORE + = "bad_netscape_cert_type.jks"; + + /** + * The test signs and verifies a jar that contains entries + * whose signer certificate's NetscapeCertType extension + * doesn't allow code signing (badNetscapeCertType). + * Warning message is expected. + * Run bad_netscape_cert_type.sh script to create bad_netscape_cert_type.jks + */ + public static void main(String[] args) throws Throwable { + + Files.write(Paths.get(NETSCAPE_KEYSTORE), + Base64.getMimeDecoder().decode( + Files.readAllBytes(Paths.get(NETSCAPE_KEYSTORE_BASE64)))); + + BadNetscapeCertTypeTest test = new BadNetscapeCertTypeTest(); + test.start(); + } + + private void start() throws Throwable { + // create a jar file that contains one class file + Utils.createFiles(FIRST_FILE); + JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); + + // sign jar + OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verbose", + "-keystore", NETSCAPE_KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-signedjar", SIGNED_JARFILE, + UNSIGNED_JARFILE, + KEY_ALIAS); + + checkSigning(analyzer, BAD_NETSCAPE_CERT_TYPE_SIGNING_WARNING); + + // verify signed jar + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-verbose", + "-keystore", NETSCAPE_KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + SIGNED_JARFILE); + + checkVerifying(analyzer, 0, BAD_NETSCAPE_CERT_TYPE_VERIFYING_WARNING); + + // verify signed jar in strict mode + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-verbose", + "-strict", + "-keystore", NETSCAPE_KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + SIGNED_JARFILE); + + checkVerifying(analyzer, BAD_NETSCAPE_CERT_TYPE_EXIT_CODE, + BAD_NETSCAPE_CERT_TYPE_VERIFYING_WARNING); + + System.out.println("Test passed"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/ChainNotValidatedTest.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,180 @@ +/* + * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.io.File; +import jdk.testlibrary.OutputAnalyzer; +import jdk.testlibrary.ProcessTools; +import jdk.testlibrary.JarUtils; + +/** + * @test + * @bug 8024302 8026037 + * @summary Test for chainNotValidated warning + * @library /lib/testlibrary ../ + * @run main ChainNotValidatedTest + */ +public class ChainNotValidatedTest extends Test { + + private static final String CHAIN = "chain"; + + /** + * The test signs and verifies a jar that contains entries + * whose cert chain can't be correctly validated (chainNotValidated). + * Warning message is expected. + */ + public static void main(String[] args) throws Throwable { + ChainNotValidatedTest test = new ChainNotValidatedTest(); + test.start(); + } + + private void start() throws Throwable { + // create a jar file that contains one class file + Utils.createFiles(FIRST_FILE); + JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); + + // create self-signed certificate whose BasicConstraints extension + // is set to false, so the certificate may not be used + // as a parent certificate (certpath validation should fail) + ProcessTools.executeCommand(KEYTOOL, + "-genkeypair", + "-alias", CA_KEY_ALIAS, + "-keyalg", KEY_ALG, + "-keysize", Integer.toString(KEY_SIZE), + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-dname", "CN=CA", + "-ext", "BasicConstraints:critical=ca:false", + "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + + // create a certificate that is signed by self-signed certificate + // despite of it may not be used as a parent certificate + // (certpath validation should fail) + ProcessTools.executeCommand(KEYTOOL, + "-genkeypair", + "-alias", KEY_ALIAS, + "-keyalg", KEY_ALG, + "-keysize", Integer.toString(KEY_SIZE), + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-dname", "CN=Test", + "-ext", "BasicConstraints:critical=ca:false", + "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + + ProcessTools.executeCommand(KEYTOOL, + "-certreq", + "-alias", KEY_ALIAS, + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-file", CERT_REQUEST_FILENAME).shouldHaveExitValue(0); + + ProcessTools.executeCommand(KEYTOOL, + "-gencert", + "-alias", CA_KEY_ALIAS, + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-infile", CERT_REQUEST_FILENAME, + "-validity", Integer.toString(VALIDITY), + "-outfile", CERT_FILENAME).shouldHaveExitValue(0); + + ProcessTools.executeCommand(KEYTOOL, + "-importcert", + "-alias", KEY_ALIAS, + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-file", CERT_FILENAME).shouldHaveExitValue(0); + + ProcessBuilder pb = new ProcessBuilder(KEYTOOL, + "-export", + "-rfc", + "-alias", KEY_ALIAS, + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD); + pb.redirectOutput(ProcessBuilder.Redirect.appendTo(new File(CHAIN))); + ProcessTools.executeCommand(pb).shouldHaveExitValue(0); + + pb = new ProcessBuilder(KEYTOOL, + "-export", + "-rfc", + "-alias", CA_KEY_ALIAS, + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD); + pb.redirectOutput(ProcessBuilder.Redirect.appendTo(new File(CHAIN))); + ProcessTools.executeCommand(pb).shouldHaveExitValue(0); + + // remove CA certificate + ProcessTools.executeCommand(KEYTOOL, + "-delete", + "-alias", CA_KEY_ALIAS, + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD).shouldHaveExitValue(0); + + // sign jar + OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-certchain", CHAIN, + "-signedjar", SIGNED_JARFILE, + UNSIGNED_JARFILE, + KEY_ALIAS); + + checkSigning(analyzer, CHAIN_NOT_VALIDATED_SIGNING_WARNING); + + // verify signed jar + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-verbose", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-certchain", CHAIN, + SIGNED_JARFILE); + + checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING); + + // verify signed jar in strict mode + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-verbose", + "-strict", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-certchain", CHAIN, + SIGNED_JARFILE); + + checkVerifying(analyzer, CHAIN_NOT_VALIDATED_EXIT_CODE, + CHAIN_NOT_VALIDATED_VERIFYING_WARNING); + + System.out.println("Test passed"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/HasExpiredCertTest.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,104 @@ +/* + * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import jdk.testlibrary.OutputAnalyzer; +import jdk.testlibrary.ProcessTools; +import jdk.testlibrary.JarUtils; + +/** + * @test + * @bug 8024302 8026037 + * @summary Test for hasExpiredCert warning + * @library /lib/testlibrary ../ + * @run main HasExpiredCertTest + */ +public class HasExpiredCertTest extends Test { + + static final int SHORT_VALIDITY = 365; + + /** + * The test signs and verifies a jar that contains entries + * whose signer certificate has expired (hasExpiredCert). + * Warning message is expected. + */ + public static void main(String[] args) throws Throwable { + HasExpiredCertTest test = new HasExpiredCertTest(); + test.start(); + } + + private void start() throws Throwable { + // create a jar file that contains one class file + Utils.createFiles(FIRST_FILE); + JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); + + // create key pair for jar signing + ProcessTools.executeCommand(KEYTOOL, + "-genkey", + "-alias", KEY_ALIAS, + "-keyalg", KEY_ALG, + "-keysize", Integer.toString(KEY_SIZE), + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-dname", "CN=Test", + "-startdate", "-" + SHORT_VALIDITY * 2 + "d", + "-validity", Integer.toString(SHORT_VALIDITY)) + .shouldHaveExitValue(0); + + // sign jar + OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-signedjar", SIGNED_JARFILE, + UNSIGNED_JARFILE, + KEY_ALIAS); + + checkSigning(analyzer, HAS_EXPIRED_CERT_SIGNING_WARNING); + + // verify signed jar + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-verbose", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + SIGNED_JARFILE); + + checkVerifying(analyzer, 0, HAS_EXPIRED_CERT_VERIFYING_WARNING); + + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-strict", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + SIGNED_JARFILE); + + checkVerifying(analyzer, HAS_EXPIRED_CERT_EXIT_CODE, + HAS_EXPIRED_CERT_VERIFYING_WARNING); + + System.out.println("Test passed"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/HasExpiringCertTest.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,107 @@ +/* + * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import jdk.testlibrary.OutputAnalyzer; +import jdk.testlibrary.ProcessTools; +import jdk.testlibrary.JarUtils; + +/** + * @test + * @bug 8024302 8026037 + * @summary Test for hasExpiringCert warning + * @library /lib/testlibrary ../ + * @run main HasExpiringCertTest + */ +public class HasExpiringCertTest extends Test { + + static final int SHORT_VALIDITY = 90; // less than 6 month + + /** + * The test signs and verifies a jar that contains entries + * whose signer certificate will expire within six months (hasExpiringCert). + * Warning message is expected. + */ + public static void main(String[] args) throws Throwable { + HasExpiringCertTest test = new HasExpiringCertTest(); + test.start(); + } + + private void start() throws Throwable { + // create a jar file that contains one class file + Utils.createFiles(FIRST_FILE); + JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); + + // create key pair for jar signing + ProcessTools.executeCommand(KEYTOOL, + "-genkey", + "-alias", KEY_ALIAS, + "-keyalg", KEY_ALG, + "-keysize", Integer.toString(KEY_SIZE), + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-dname", "CN=Test", + "-validity", Integer.toString(SHORT_VALIDITY)) + .shouldHaveExitValue(0); + + // sign jar + OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, + "-keystore", KEYSTORE, + "-verbose", + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-signedjar", SIGNED_JARFILE, + UNSIGNED_JARFILE, + KEY_ALIAS); + + checkSigning(analyzer, HAS_EXPIRING_CERT_SIGNING_WARNING); + + // verify signed jar + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-verbose", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + SIGNED_JARFILE, + KEY_ALIAS); + + checkVerifying(analyzer, 0, HAS_EXPIRING_CERT_VERIFYING_WARNING); + + // verify signed jar in strict mode + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-verbose", + "-strict", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + SIGNED_JARFILE, + KEY_ALIAS); + + checkVerifying(analyzer, 0, HAS_EXPIRING_CERT_VERIFYING_WARNING); + + System.out.println("Test passed"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/HasUnsignedEntryTest.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,111 @@ +/* + * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import jdk.testlibrary.OutputAnalyzer; +import jdk.testlibrary.ProcessTools; +import jdk.testlibrary.JarUtils; + +/** + * @test + * @bug 8024302 8026037 + * @summary Test for hasUnsignedEntry warning + * @library /lib/testlibrary ../ + * @run main HasUnsignedEntryTest + */ +public class HasUnsignedEntryTest extends Test { + + /** + * The test signs and verifies a jar that contains unsigned entries + * which have not been integrity-checked (hasUnsignedEntry). + * Warning message is expected. + */ + public static void main(String[] args) throws Throwable { + HasUnsignedEntryTest test = new HasUnsignedEntryTest(); + test.start(); + } + + private void start() throws Throwable { + System.out.println(String.format("Create a %s that contains %s", + UNSIGNED_JARFILE, FIRST_FILE)); + Utils.createFiles(FIRST_FILE, SECOND_FILE); + JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); + + // create key pair for signing + ProcessTools.executeCommand(KEYTOOL, + "-genkey", + "-alias", KEY_ALIAS, + "-keyalg", KEY_ALG, + "-keysize", Integer.toString(KEY_SIZE), + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-dname", "CN=Test", + "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + + // sign jar + OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verbose", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-signedjar", SIGNED_JARFILE, + UNSIGNED_JARFILE, + KEY_ALIAS); + + checkSigning(analyzer); + + System.out.println(String.format("Copy %s to %s, and add %s.class, " + + "so it contains unsigned entry", + new Object[]{SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, + SECOND_FILE})); + + JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE); + + // verify jar + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-verbose", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + UPDATED_SIGNED_JARFILE); + + checkVerifying(analyzer, 0, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING); + + // verify jar in strict mode + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-verbose", + "-strict", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + UPDATED_SIGNED_JARFILE); + + checkVerifying(analyzer, HAS_UNSIGNED_ENTRY_EXIT_CODE, + HAS_UNSIGNED_ENTRY_VERIFYING_WARNING); + + System.out.println("Test passed"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/MultipleWarningsTest.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,169 @@ +/* + * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import jdk.testlibrary.OutputAnalyzer; +import jdk.testlibrary.ProcessTools; +import jdk.testlibrary.JarUtils; + +/** + * @test + * @bug 8024302 8026037 + * @summary Checks if jarsigner prints appropriate warnings + * @library /lib/testlibrary ../ + * @run main MultipleWarningsTest + */ +public class MultipleWarningsTest extends Test { + + /** + * The test signs and verifies a jar that: + * - contains entries whose signer certificate has expired + * - contains entries whose signer certificate's ExtendedKeyUsage + * extension doesn't allow code signing + * - contains unsigned entries which have not been integrity-checked + * - contains signed entries which are not signed by the specified alias + * Warning messages are expected. + */ + public static void main(String[] args) throws Throwable { + MultipleWarningsTest test = new MultipleWarningsTest(); + test.start(); + } + + private void start() throws Throwable { + Utils.createFiles(FIRST_FILE, SECOND_FILE); + + // create a jar file that contains one class file + JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); + + // create first expired certificate + // whose ExtendedKeyUsage extension does not allow code signing + ProcessTools.executeCommand(KEYTOOL, + "-genkey", + "-alias", FIRST_KEY_ALIAS, + "-keyalg", KEY_ALG, + "-keysize", Integer.toString(KEY_SIZE), + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-dname", "CN=First", + "-ext", "ExtendedkeyUsage=serverAuth", + "-startdate", "-" + VALIDITY * 2 + "d", + "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + + // create second expired certificate + // whose KeyUsage extension does not allow code signing + ProcessTools.executeCommand(KEYTOOL, + "-genkey", + "-alias", SECOND_KEY_ALIAS, + "-keyalg", KEY_ALG, + "-keysize", Integer.toString(KEY_SIZE), + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-dname", "CN=Second", + "-ext", "ExtendedkeyUsage=serverAuth", + "-startdate", "-" + VALIDITY * 2 + "d", + "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + + // sign jar with first key + OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-signedjar", SIGNED_JARFILE, + UNSIGNED_JARFILE, + FIRST_KEY_ALIAS); + + checkSigning(analyzer, HAS_EXPIRED_CERT_SIGNING_WARNING, + BAD_EXTENDED_KEY_USAGE_SIGNING_WARNING); + + // add a second class to created jar, so it contains unsigned entry + JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE); + + // verify jar with second key + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + UPDATED_SIGNED_JARFILE, + SECOND_KEY_ALIAS); + + checkVerifying(analyzer, 0, BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING, + HAS_EXPIRED_CERT_VERIFYING_WARNING, + HAS_UNSIGNED_ENTRY_VERIFYING_WARNING, + NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING); + + // verify jar with second key in strict mode + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-strict", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + UPDATED_SIGNED_JARFILE, + SECOND_KEY_ALIAS); + + int expectedExitCode = HAS_EXPIRED_CERT_EXIT_CODE + + BAD_EXTENDED_KEY_USAGE_EXIT_CODE + + HAS_UNSIGNED_ENTRY_EXIT_CODE + + NOT_SIGNED_BY_ALIAS_EXIT_CODE; + checkVerifying(analyzer, expectedExitCode, + BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING, + HAS_EXPIRED_CERT_VERIFYING_WARNING, + HAS_UNSIGNED_ENTRY_VERIFYING_WARNING, + NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING); + + // verify jar with non-exisiting alias + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + UPDATED_SIGNED_JARFILE, + "bogus"); + + checkVerifying(analyzer, 0, BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING, + HAS_EXPIRED_CERT_VERIFYING_WARNING, + HAS_UNSIGNED_ENTRY_VERIFYING_WARNING, + NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING); + + // verify jar with non-exisiting alias in strict mode + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-strict", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + UPDATED_SIGNED_JARFILE, + "bogus"); + + checkVerifying(analyzer, expectedExitCode, + BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING, + HAS_EXPIRED_CERT_VERIFYING_WARNING, + HAS_UNSIGNED_ENTRY_VERIFYING_WARNING, + NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING); + + System.out.println("Test passed"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/NoTimestampTest.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,114 @@ +/* + * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.util.Date; +import jdk.testlibrary.OutputAnalyzer; +import jdk.testlibrary.ProcessTools; +import jdk.testlibrary.JarUtils; + +/** + * @test + * @bug 8024302 8026037 + * @summary Checks warnings if -tsa and -tsacert options are not specified + * @library /lib/testlibrary ../ + * @run main NoTimestampTest + */ +public class NoTimestampTest extends Test { + + /** + * The test signs and verifies a jar file without -tsa and -tsacert options, + * and checks that proper warnings are shown. + */ + public static void main(String[] args) throws Throwable { + NoTimestampTest test = new NoTimestampTest(); + test.start(); + } + + private void start() throws Throwable { + String timezone = System.getProperty("user.timezone"); + System.out.println(String.format("Timezone = %s", timezone)); + + // create a jar file that contains one class file + Utils.createFiles(FIRST_FILE); + JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); + + // calculate certificate expiration date + Date expirationDate = new Date(System.currentTimeMillis() + VALIDITY + * 24 * 60 * 60 * 1000L); + + // create key pair + ProcessTools.executeCommand(KEYTOOL, + "-genkey", + "-alias", KEY_ALIAS, + "-keyalg", KEY_ALG, + "-keysize", Integer.toString(KEY_SIZE), + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-dname", "CN=Test", + "-validity", Integer.toString(VALIDITY)); + + // sign jar file + OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, + "-J-Duser.timezone=" + timezone, + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-signedjar", SIGNED_JARFILE, + UNSIGNED_JARFILE, + KEY_ALIAS); + + String warning = String.format(NO_TIMESTAMP_SIGNING_WARN_TEMPLATE, + expirationDate); + checkSigning(analyzer, warning); + + // verify signed jar + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-J-Duser.timezone=" + timezone, + "-verify", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + SIGNED_JARFILE, + KEY_ALIAS); + + warning = String.format(NO_TIMESTAMP_VERIFYING_WARN_TEMPLATE, expirationDate); + checkVerifying(analyzer, 0, warning); + + // verify signed jar in strict mode + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-J-Duser.timezone=" + timezone, + "-verify", + "-strict", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + SIGNED_JARFILE, + KEY_ALIAS); + + checkVerifying(analyzer, 0, warning); + + System.out.println("Test passed"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/NotSignedByAliasTest.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,138 @@ +/* + * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import jdk.testlibrary.OutputAnalyzer; +import jdk.testlibrary.ProcessTools; +import jdk.testlibrary.JarUtils; + +/** + * @test + * @bug 8024302 8026037 + * @summary Test for notSignedByAlias warning + * @library /lib/testlibrary ../ + * @run main NotSignedByAliasTest + */ +public class NotSignedByAliasTest extends Test { + + /** + * The test signs and verifies a jar that contains signed entries + * which are not signed by the specified alias(es) (notSignedByAlias). + * Warning message is expected. + */ + public static void main(String[] args) throws Throwable { + NotSignedByAliasTest test = new NotSignedByAliasTest(); + test.start(); + } + + protected void start() throws Throwable { + // create a jar file that contains one class file + Utils.createFiles(FIRST_FILE); + JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); + + // create first key pair for signing + ProcessTools.executeCommand(KEYTOOL, + "-genkey", + "-alias", FIRST_KEY_ALIAS, + "-keyalg", KEY_ALG, + "-keysize", Integer.toString(KEY_SIZE), + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-dname", "CN=First", + "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + + // create first key pair for signing + ProcessTools.executeCommand(KEYTOOL, + "-genkey", + "-alias", SECOND_KEY_ALIAS, + "-keyalg", KEY_ALG, + "-keysize", Integer.toString(KEY_SIZE), + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-dname", "CN=Second", + "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + + // sign jar with first key + OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-signedjar", SIGNED_JARFILE, + UNSIGNED_JARFILE, + FIRST_KEY_ALIAS); + + checkSigning(analyzer); + + // verify jar with second key + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + SIGNED_JARFILE, + SECOND_KEY_ALIAS); + + checkVerifying(analyzer, 0, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING); + + // verify jar with second key in strict mode + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-strict", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + SIGNED_JARFILE, + SECOND_KEY_ALIAS); + + checkVerifying(analyzer, NOT_SIGNED_BY_ALIAS_EXIT_CODE, + NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING); + + // verify jar with non-existing alias + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + SIGNED_JARFILE, + "bogus"); + + checkVerifying(analyzer, 0, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING); + + // verify jar with non-existing alias in strict mode + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-strict", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + SIGNED_JARFILE, + "bogus"); + + checkVerifying(analyzer, NOT_SIGNED_BY_ALIAS_EXIT_CODE, + NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING); + + System.out.println("Test passed"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/NotYetValidCertTest.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,105 @@ +/* + * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import jdk.testlibrary.OutputAnalyzer; +import jdk.testlibrary.ProcessTools; +import jdk.testlibrary.JarUtils; + +/** + * @test + * @bug 8024302 8026037 + * @summary Test for notYetValidCert warning + * @library /lib/testlibrary ../ + * @run main NotYetValidCertTest + */ +public class NotYetValidCertTest extends Test { + + /** + * The test signs and verifies a jar that contains entries + * whose signer certificate is not yet valid (notYetValidCert). + * Warning message is expected. + */ + public static void main(String[] args) throws Throwable { + NotYetValidCertTest test = new NotYetValidCertTest(); + test.start(); + } + + protected void start() throws Throwable { + // create a jar file that contains one class file + Utils.createFiles(FIRST_FILE); + JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); + + // create certificate that will be valid only tomorrow + ProcessTools.executeCommand(KEYTOOL, + "-genkey", + "-alias", KEY_ALIAS, + "-keyalg", KEY_ALG, + "-keysize", Integer.toString(KEY_SIZE), + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-dname", "CN=Test", + "-startdate", "+1d", + "-validity", Integer.toString(VALIDITY)); + + // sign jar + OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-signedjar", SIGNED_JARFILE, + UNSIGNED_JARFILE, + KEY_ALIAS); + + checkSigning(analyzer, NOT_YET_VALID_CERT_SIGNING_WARNING); + + // verify signed jar + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-verbose", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + SIGNED_JARFILE, + KEY_ALIAS); + + checkVerifying(analyzer, 0, NOT_YET_VALID_CERT_VERIFYING_WARNING); + + // verify jar in strict mode + analyzer = ProcessTools.executeCommand(JARSIGNER, + "-verify", + "-verbose", + "-strict", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + SIGNED_JARFILE, + KEY_ALIAS); + + checkVerifying(analyzer, HAS_EXPIRED_CERT_EXIT_CODE, + NOT_YET_VALID_CERT_VERIFYING_WARNING); + + System.out.println("Test passed"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/Test.java Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,200 @@ +/* + * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import jdk.testlibrary.OutputAnalyzer; +import jdk.testlibrary.ProcessTools; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +/** + * Base class. + */ +public abstract class Test { + + static final String TEST_SOURCES = System.getProperty("test.src", "."); + static final String TEST_CLASSES = System.getProperty("test.classes"); + static final String FS = System.getProperty("file.separator"); + static final String JAVA_HOME = System.getProperty("test.jdk"); + static final String KEYTOOL = JAVA_HOME + FS + "bin" + FS + "keytool"; + static final String JARSIGNER = JAVA_HOME + FS + "bin" + FS + "jarsigner"; + static final String UNSIGNED_JARFILE = "unsigned.jar"; + static final String SIGNED_JARFILE = "signed.jar"; + static final String UPDATED_SIGNED_JARFILE = "updated_signed.jar"; + static final String FIRST_FILE = "first.txt"; + static final String SECOND_FILE = "second.txt"; + static final String PASSWORD = "password"; + static final String BOTH_KEYS_KEYSTORE = "both_keys.jks"; + static final String FIRST_KEY_KEYSTORE = "first_key.jks"; + static final String KEYSTORE = "keystore.jks"; + static final String FIRST_KEY_ALIAS = "first"; + static final String SECOND_KEY_ALIAS = "second"; + static final String KEY_ALG = "RSA"; + static final String KEY_ALIAS = "alias"; + static final String CERT_REQUEST_FILENAME = "test.req"; + static final String CERT_FILENAME = "test.crt"; + static final String CA_KEY_ALIAS = "ca"; + static final int KEY_SIZE = 2048; + static final int TIMEOUT = 6 * 60 * 1000; // in millis + static final int VALIDITY = 365; + + static final String WARNING = "Warning:"; + + static final String CHAIN_NOT_VALIDATED_VERIFYING_WARNING + = "This jar contains entries " + + "whose certificate chain is not validated."; + + static final String ALIAS_NOT_IN_STORE_VERIFYING_WARNING + = "This jar contains signed entries " + + "that are not signed by alias in this keystore."; + + static final String BAD_EXTENDED_KEY_USAGE_SIGNING_WARNING + = "The signer certificate's ExtendedKeyUsage extension " + + "doesn't allow code signing."; + + static final String BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING + = "This jar contains entries whose signer certificate's " + + "ExtendedKeyUsage extension doesn't allow code signing."; + + static final String BAD_KEY_USAGE_SIGNING_WARNING + = "The signer certificate's KeyUsage extension " + + "doesn't allow code signing."; + + static final String BAD_KEY_USAGE_VERIFYING_WARNING + = "This jar contains entries whose signer certificate's KeyUsage " + + "extension doesn't allow code signing."; + + static final String BAD_NETSCAPE_CERT_TYPE_SIGNING_WARNING + = "The signer certificate's NetscapeCertType extension " + + "doesn't allow code signing."; + + static final String BAD_NETSCAPE_CERT_TYPE_VERIFYING_WARNING + = "This jar contains entries " + + "whose signer certificate's NetscapeCertType extension " + + "doesn't allow code signing."; + + static final String CHAIN_NOT_VALIDATED_SIGNING_WARNING + = "The signer's certificate chain is not validated."; + + static final String HAS_EXPIRING_CERT_SIGNING_WARNING + = "The signer certificate will expire within six months."; + + static final String HAS_EXPIRING_CERT_VERIFYING_WARNING + = "This jar contains entries " + + "whose signer certificate will expire within six months."; + + static final String HAS_EXPIRED_CERT_SIGNING_WARNING + = "The signer certificate has expired."; + + static final String HAS_EXPIRED_CERT_VERIFYING_WARNING + = "This jar contains entries whose signer certificate has expired."; + + static final String HAS_UNSIGNED_ENTRY_VERIFYING_WARNING + = "This jar contains unsigned entries " + + "which have not been integrity-checked."; + + static final String NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING + = "This jar contains signed entries " + + "which are not signed by the specified alias(es)."; + + static final String NO_TIMESTAMP_SIGNING_WARN_TEMPLATE + = "No -tsa or -tsacert is provided " + + "and this jar is not timestamped. " + + "Without a timestamp, users may not be able to validate this jar " + + "after the signer certificate's expiration date " + + "(%1$tY-%1$tm-%1$td) or after any future revocation date."; + + static final String NO_TIMESTAMP_VERIFYING_WARN_TEMPLATE + = "This jar contains signatures that does not include a timestamp. " + + "Without a timestamp, users may not be able to validate this jar " + + "after the signer certificate's expiration date " + + "(%1$tY-%1$tm-%1$td) or after any future revocation date."; + + static final String NOT_YET_VALID_CERT_SIGNING_WARNING + = "The signer certificate is not yet valid."; + + static final String NOT_YET_VALID_CERT_VERIFYING_WARNING + = "This jar contains entries " + + "whose signer certificate is not yet valid."; + + static final String JAR_SIGNED = "jar signed."; + + static final String JAR_VERIFIED = "jar verified."; + + static final String JAR_VERIFIED_WITH_SIGNER_ERRORS + = "jar verified, with signer errors."; + + static final int CHAIN_NOT_VALIDATED_EXIT_CODE = 4; + static final int HAS_EXPIRED_CERT_EXIT_CODE = 4; + static final int BAD_KEY_USAGE_EXIT_CODE = 8; + static final int BAD_EXTENDED_KEY_USAGE_EXIT_CODE = 8; + static final int BAD_NETSCAPE_CERT_TYPE_EXIT_CODE = 8; + static final int HAS_UNSIGNED_ENTRY_EXIT_CODE = 16; + static final int ALIAS_NOT_IN_STORE_EXIT_CODE = 32; + static final int NOT_SIGNED_BY_ALIAS_EXIT_CODE = 32; + + protected void checkVerifying(OutputAnalyzer analyzer, int expectedExitCode, + String... warnings) { + analyzer.shouldHaveExitValue(expectedExitCode); + for (String warning : warnings) { + analyzer.shouldContain(warning); + } + if (warnings.length > 0) { + analyzer.shouldContain(WARNING); + } + if (expectedExitCode == 0) { + analyzer.shouldContain(JAR_VERIFIED); + } else { + analyzer.shouldContain(JAR_VERIFIED_WITH_SIGNER_ERRORS); + } + } + + protected void checkSigning(OutputAnalyzer analyzer, String... warnings) { + analyzer.shouldHaveExitValue(0); + for (String warning : warnings) { + analyzer.shouldContain(warning); + } + if (warnings.length > 0) { + analyzer.shouldContain(WARNING); + } + analyzer.shouldContain(JAR_SIGNED); + } + + protected OutputAnalyzer keytool(String... cmd) throws Throwable { + return tool(KEYTOOL, cmd); + } + + protected OutputAnalyzer jarsigner(String... cmd) throws Throwable { + return tool(JARSIGNER, cmd); + } + + private OutputAnalyzer tool(String tool, String... args) throws Throwable { + List<String> cmd = new ArrayList<>(); + cmd.add(tool); + cmd.add("-J-Duser.language=en"); + cmd.add("-J-Duser.country=US"); + cmd.addAll(Arrays.asList(args)); + return ProcessTools.executeCommand(cmd.toArray(new String[cmd.size()])); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.jks.base64 Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,26 @@ +/u3+7QAAAAIAAAABAAAAAQAFYWxpYXMAAAFBpkwW0gAAAr0wggK5MA4GCisGAQQB +KgIRAQEFAASCAqWkGJ3PPjYmWNKrV23Y1u413RMAkrRZ+1OLWYRcQt4jtxtIyEH5 +Ho5b9dy9XN9FBKlTOD4c2Pc1T43BLKXeuLu3uLLeIxgXFt0z9CLyGwdYZZ751kXr +DQ99qY6aNQUO6SeE4Wdty0KPAqid6ZJ8bF7T6wsTZSvNhaBRzyFydEfG7bbUYjOl +mWC44nlsu6VEU3o9RQpcm1gIMwradOaIVT/HoB2bKmAv8gHqI6kreiEZwTdZkSAI +IRi2vt1RPllXt5hgjDxUfZe8XOYYweR4Vt2/jVuKLJ80DNTu/9SeUD88zQAz53k4 +r3nRhv6TRcPm6tV/Fh92XLHiskL+TAzTfm+bUAudPCCVxN+yRtxvAgA+UhdV/SuM +Zn5F6nrmP+YJG1hmprgCJIJJaCEXa9RXYC+vIVpO0WVNRuGlGm+/1afnOuQC8Wss +ShXwjkaqTwAhqBFq7eYmmP8BK3gflYrt2zDLXvhl4ndVvMhMthFJ3ZvLh2LWpqLI +/n8EMCf8US3lIEFk9DTHBZjffiHkqK2e7+FXEpG3xrgE6ZYLMdbd5Pb3YjZfhQx+ +ZTtiEFzYSaEGhacek/m7dRq1qmwgFsytng2OdWZe2ln8LJY0odr1dGUfJHfgafvi +tlfbkg/rgjONtwliChDggbkUwnerrj/D/zrdEufUvfyltSshhHXRNDD3fH6spmEk +hHKgxEc4yvxqJxzdMGtuib355aSfNegyl+GsnsKzXQCVEK2h3BLTQObzaD+8NZ12 +LQHvbrCiaS34vxJ3rEC+a+SW7itZp0aCdXMWdMJNkRKqyLBD3vG3zN05sN3XrhEM +8BRT020TWY00tbVFbbBFheYLQRgTjrQtr0Yt6UHWBZc4N20crDLcSH5gqcCOVpla +1Y2uqFEn8yqrGRwn/kgfNgAAAAEABVguNTA5AAABtTCCAbEwggEaoAMCAQICCQDH +cEuVvzCuqzANBgkqhkiG9w0BAQUFADAPMQ0wCwYDVQQDDARUZXN0MB4XDTEzMTAx +MTA2NTUwNloXDTIzMTAwOTA2NTUwNlowDzENMAsGA1UEAwwEVGVzdDCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEA8hOfp2Dcnvt//ZZQAja9TRiwKqXVS+TiYE3S +gngCBjIi+YYdo0DsUeO5MBfE6uvCWOr5lwAR/u1iaJOhIoGJDiGoPasZlt+yIgtR +LzA7j2q+1q6kcwiVxfikI3aUgHV/QsybTriT4Bf7TQNKtJG23MQa4sD7+PjtCWD7 +p3cHTfkCAwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgeAMA0GCSqGSIb3DQEBBQUA +A4GBAKoDlTJ8wLRA7G8XdGm4gv733n1cSQzlkcsjfOO6/mA5Jvu8tyFNq9HTf9AT +VXbrbGcUYJjhzSSY3w5apXK1kXyqTB1LUNEJ45WnmciqSSecVTpJz9TuegyoX0Zf +HScSgqfDmjqoiiFiNCgn3ZEJ85ykGvoFYGH+php+BVi3S0bj5E/jRpyV3vNnii/S +wJDSAXF6bYU=
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.sh Thu Nov 03 18:13:23 2016 +0000 @@ -0,0 +1,48 @@ +# +# Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +#!/bin/sh + +# This script creates JKS keystore with a certificate +# that contains Netscape Certificate Type extension +# that does not allow code signing +# The keystore is used by BadNetscapeCertTypeTest.java test + +rm -rf keystore.jks +echo "nsCertType = client" > ext.cfg + +openssl req -new -out cert.req -keyout key.pem -days 3650 \ + -passin pass:password -passout pass:password -subj "/CN=Test" +openssl x509 -in cert.req -out cert.pem -req -signkey key.pem -days 3650 \ + -passin pass:password -extfile ext.cfg +openssl pkcs12 -export -in cert.pem -inkey key.pem -out keystore.p12 \ + -passin pass:password -passout pass:password -name alias + +${JAVA_HOME}/bin/keytool -importkeystore \ + -srckeystore keystore.p12 -srcstoretype pkcs12 \ + -srcstorepass password -alias alias \ + -destkeystore bad_netscape_cert_type.jks -deststoretype jks \ + -deststorepass password -destalias alias \ + +openssl base64 < bad_netscape_cert_type.jks > bad_netscape_cert_type.jks.base64 +rm -rf cert.req key.pem cert.pem keystore.p12 ext.cfg bad_netscape_cert_type.jks
--- a/test/sun/util/calendar/zi/tzdata/VERSION Thu Nov 03 02:53:25 2016 +0000 +++ b/test/sun/util/calendar/zi/tzdata/VERSION Thu Nov 03 18:13:23 2016 +0000 @@ -21,4 +21,4 @@ # or visit www.oracle.com if you need additional information or have any # questions. # -tzdata2016d +tzdata2016f
--- a/test/sun/util/calendar/zi/tzdata/africa Thu Nov 03 02:53:25 2016 +0000 +++ b/test/sun/util/calendar/zi/tzdata/africa Thu Nov 03 18:13:23 2016 +0000 @@ -366,6 +366,12 @@ # decision to abandon DST permanently. See Ahram Online 2015-04-24. # http://english.ahram.org.eg/NewsContent/1/64/128509/Egypt/Politics-/Sisi-cancels-daylight-saving-time-in-Egypt.aspx +# From Steffen Thorsen (2016-04-29): +# Egypt will have DST from July 7 until the end of October.... +# http://english.ahram.org.eg/NewsContentP/1/204655/Egypt/Daylight-savings-time-returning-to-Egypt-on--July.aspx +# From Mina Samuel (2016-07-04): +# Egyptian government took the decision to cancel the DST, + Rule Egypt 2008 only - Aug lastThu 24:00 0 - Rule Egypt 2009 only - Aug 20 24:00 0 - Rule Egypt 2010 only - Aug 10 24:00 0 - @@ -881,11 +887,11 @@ Rule Morocco 2010 only - May 2 0:00 1:00 S Rule Morocco 2010 only - Aug 8 0:00 0 - Rule Morocco 2011 only - Apr 3 0:00 1:00 S -Rule Morocco 2011 only - Jul 31 0 0 - +Rule Morocco 2011 only - Jul 31 0:00 0 - Rule Morocco 2012 2013 - Apr lastSun 2:00 1:00 S -Rule Morocco 2012 only - Sep 30 3:00 0 - Rule Morocco 2012 only - Jul 20 3:00 0 - Rule Morocco 2012 only - Aug 20 2:00 1:00 S +Rule Morocco 2012 only - Sep 30 3:00 0 - Rule Morocco 2013 only - Jul 7 3:00 0 - Rule Morocco 2013 only - Aug 10 2:00 1:00 S Rule Morocco 2013 max - Oct lastSun 3:00 0 -
--- a/test/sun/util/calendar/zi/tzdata/antarctica Thu Nov 03 02:53:25 2016 +0000 +++ b/test/sun/util/calendar/zi/tzdata/antarctica Thu Nov 03 18:13:23 2016 +0000 @@ -36,7 +36,7 @@ # # Except for the French entries, # I made up all time zone abbreviations mentioned here; corrections welcome! -# FORMAT is 'zzz' and GMTOFF is 0 for locations while uninhabited. +# FORMAT is '-00' and GMTOFF is 0 for locations while uninhabited. # Argentina - year-round bases # Belgrano II, Confin Coast, -770227-0343737, since 1972-02-05 @@ -90,22 +90,22 @@ # http://www.timeanddate.com/news/time/antartica-time-changes-2010.html # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Antarctica/Casey 0 - zzz 1969 +Zone Antarctica/Casey 0 - -00 1969 8:00 - AWST 2009 Oct 18 2:00 # Australian Western Std Time 11:00 - CAST 2010 Mar 5 2:00 # Casey Time 8:00 - AWST 2011 Oct 28 2:00 11:00 - CAST 2012 Feb 21 17:00u 8:00 - AWST -Zone Antarctica/Davis 0 - zzz 1957 Jan 13 +Zone Antarctica/Davis 0 - -00 1957 Jan 13 7:00 - DAVT 1964 Nov # Davis Time - 0 - zzz 1969 Feb + 0 - -00 1969 Feb 7:00 - DAVT 2009 Oct 18 2:00 5:00 - DAVT 2010 Mar 10 20:00u 7:00 - DAVT 2011 Oct 28 2:00 5:00 - DAVT 2012 Feb 21 20:00u 7:00 - DAVT -Zone Antarctica/Mawson 0 - zzz 1954 Feb 13 +Zone Antarctica/Mawson 0 - -00 1954 Feb 13 6:00 - MAWT 2009 Oct 18 2:00 # Mawson Time 5:00 - MAWT # References: @@ -160,7 +160,7 @@ # fishing stations operated variously 1819/1931 # # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Indian/Kerguelen 0 - zzz 1950 # Port-aux-Français +Zone Indian/Kerguelen 0 - -00 1950 # Port-aux-Français 5:00 - TFT # ISO code TF Time # # year-round base in the main continent @@ -171,9 +171,9 @@ # It was destroyed by fire on 1952-01-14. # # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Antarctica/DumontDUrville 0 - zzz 1947 +Zone Antarctica/DumontDUrville 0 - -00 1947 10:00 - PMT 1952 Jan 14 # Port-Martin Time - 0 - zzz 1956 Nov + 0 - -00 1956 Nov 10:00 - DDUT # Dumont-d'Urville Time # France & Italy - year-round base @@ -199,7 +199,7 @@ # was established on 1957-01-29. Since Syowa station is still the main # station of Japan, it's appropriate for the principal location. # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Antarctica/Syowa 0 - zzz 1957 Jan 29 +Zone Antarctica/Syowa 0 - -00 1957 Jan 29 3:00 - SYOT # Syowa Time # See: # NIPR Antarctic Research Activities (1999-08-17) @@ -249,7 +249,7 @@ # Remove the following line when uncommenting the above '#Rule' lines. Rule Troll 2004 max - Oct lastSun 1:00u 0:00 UTC # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Antarctica/Troll 0 - zzz 2005 Feb 12 +Zone Antarctica/Troll 0 - -00 2005 Feb 12 0:00 Troll %s # Poland - year-round base @@ -290,7 +290,7 @@ # happened to be during their visit. So we still don't really know what time # it is at Vostok. But we'll guess UTC+6. # -Zone Antarctica/Vostok 0 - zzz 1957 Dec 16 +Zone Antarctica/Vostok 0 - -00 1957 Dec 16 6:00 - VOST # Vostok time # S Africa - year-round bases @@ -323,7 +323,7 @@ # <http://webexhibits.org/daylightsaving/g.html> says Rothera is -03 all year. # # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Antarctica/Rothera 0 - zzz 1976 Dec 1 +Zone Antarctica/Rothera 0 - -00 1976 Dec 1 -3:00 - ROTT # Rothera time # Uruguay - year round base
--- a/test/sun/util/calendar/zi/tzdata/asia Thu Nov 03 02:53:25 2016 +0000 +++ b/test/sun/util/calendar/zi/tzdata/asia Thu Nov 03 18:13:23 2016 +0000 @@ -169,7 +169,7 @@ 3:00 - BAKT 1957 Mar # Baku Time 4:00 RussiaAsia BAK%sT 1991 Mar 31 2:00s 3:00 1:00 BAKST 1991 Aug 30 # independence - 3:00 RussiaAsia AZ%sT 1992 Sep lastSat 23:00 + 3:00 RussiaAsia AZ%sT 1992 Sep lastSun 2:00s 4:00 - AZT 1996 # Azerbaijan Time 4:00 EUAsia AZ%sT 1997 4:00 Azer AZ%sT
--- a/test/sun/util/calendar/zi/tzdata/australasia Thu Nov 03 02:53:25 2016 +0000 +++ b/test/sun/util/calendar/zi/tzdata/australasia Thu Nov 03 18:13:23 2016 +0000 @@ -266,11 +266,11 @@ # will produce a binary file with an [A]EST-type as the first 32-bit type; # this is required for correct handling of times before 1916 by # pre-2013 versions of localtime. -Zone Antarctica/Macquarie 0 - zzz 1899 Nov +Zone Antarctica/Macquarie 0 - -00 1899 Nov 10:00 - AEST 1916 Oct 1 2:00 10:00 1:00 AEDT 1917 Feb 10:00 Aus AE%sT 1919 Apr 1 0:00s - 0 - zzz 1948 Mar 25 + 0 - -00 1948 Mar 25 10:00 Aus AE%sT 1967 10:00 AT AE%sT 2010 Apr 4 3:00 11:00 - MIST # Macquarie I Standard Time
--- a/test/sun/util/calendar/zi/tzdata/europe Thu Nov 03 02:53:25 2016 +0000 +++ b/test/sun/util/calendar/zi/tzdata/europe Thu Nov 03 18:13:23 2016 +0000 @@ -778,6 +778,14 @@ 1:00 EU CE%sT # Belarus +# +# From Stepan Golosunov (2016-07-02): +# http://www.lawbelarus.com/repub/sub30/texf9611.htm +# (Act of the Cabinet of Ministers of the Republic of Belarus from +# 1992-03-25 No. 157) ... says clocks were to be moved forward at 2:00 +# on last Sunday of March and backward at 3:00 on last Sunday of September +# (the same as previous USSR and contemporary Russian regulations). +# # From Yauhen Kharuzhy (2011-09-16): # By latest Belarus government act Europe/Minsk timezone was changed to # GMT+3 without DST (was GMT+2 with DST). @@ -801,9 +809,6 @@ 1:00 C-Eur CE%sT 1944 Jul 3 3:00 Russia MSK/MSD 1990 3:00 - MSK 1991 Mar 31 2:00s - 2:00 1:00 EEST 1991 Sep 29 2:00s - 2:00 - EET 1992 Mar 29 0:00s - 2:00 1:00 EEST 1992 Sep 27 0:00s 2:00 Russia EE%sT 2011 Mar 27 2:00s 3:00 - FET 2014 Oct 26 1:00s 3:00 - MSK @@ -2746,14 +2751,22 @@ # Asia/Novosibirsk covers: # 54 RU-NVS Novosibirsk Oblast +# From Stepan Golosunov (2016-05-30): +# http://asozd2.duma.gov.ru/main.nsf/(Spravka)?OpenAgent&RN=1085784-6 +# moves Novosibirsk oblast from UTC+6 to UTC+7. +# From Stepan Golosunov (2016-07-04): +# The law was signed yesterday and published today on +# http://publication.pravo.gov.ru/Document/View/0001201607040064 + Zone Asia/Novosibirsk 5:31:40 - LMT 1919 Dec 14 6:00 - 6:00 - NOVT 1930 Jun 21 # Novosibirsk Time - 7:00 Russia NOV%sT 1991 Mar 31 2:00s - 6:00 Russia NOV%sT 1992 Jan 19 2:00s - 7:00 Russia NOV%sT 1993 May 23 # say Shanks & P. - 6:00 Russia NOV%sT 2011 Mar 27 2:00s - 7:00 - NOVT 2014 Oct 26 2:00s - 6:00 - NOVT + 6:00 - +06 1930 Jun 21 + 7:00 Russia +07/+08 1991 Mar 31 2:00s + 6:00 Russia +06/+07 1992 Jan 19 2:00s + 7:00 Russia +07/+08 1993 May 23 # say Shanks & P. + 6:00 Russia +06/+07 2011 Mar 27 2:00s + 7:00 - +07 2014 Oct 26 2:00s + 6:00 - +06 2016 Jul 24 2:00s + 7:00 - +07 # From Paul Eggert (2016-03-18): # Asia/Tomsk covers: @@ -2794,6 +2807,9 @@ # approved by the Federation Council on 2016-04-20, signed by the President and # published as a law around 2016-04-26. +# From Matt Johnson (2016-04-26): +# http://publication.pravo.gov.ru/Document/View/0001201604260048 + Zone Asia/Tomsk 5:39:51 - LMT 1919 Dec 22 6:00 - +06 1930 Jun 21 7:00 Russia +07/+08 1991 Mar 31 2:00s @@ -2833,14 +2849,12 @@ # realigning itself with KRAT. Zone Asia/Novokuznetsk 5:48:48 - LMT 1924 May 1 - 6:00 - KRAT 1930 Jun 21 # Krasnoyarsk Time - 7:00 Russia KRA%sT 1991 Mar 31 2:00s - 6:00 Russia KRA%sT 1992 Jan 19 2:00s - 7:00 Russia KRA%sT 2010 Mar 28 2:00s - 6:00 Russia NOV%sT 2011 Mar 27 2:00s # Novosibirsk - 7:00 - NOVT 2014 Oct 26 2:00s - 7:00 - KRAT # Krasnoyarsk Time - + 6:00 - +06 1930 Jun 21 + 7:00 Russia +07/+08 1991 Mar 31 2:00s + 6:00 Russia +06/+07 1992 Jan 19 2:00s + 7:00 Russia +07/+08 2010 Mar 28 2:00s + 6:00 Russia +06/+07 2011 Mar 27 2:00s + 7:00 - +07 # From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2001-08-25): # Asia/Krasnoyarsk covers...
--- a/test/sun/util/calendar/zi/tzdata/northamerica Thu Nov 03 02:53:25 2016 +0000 +++ b/test/sun/util/calendar/zi/tzdata/northamerica Thu Nov 03 18:13:23 2016 +0000 @@ -2214,39 +2214,39 @@ Rule NT_YK 1987 2006 - Apr Sun>=1 2:00 1:00 D # Zone NAME GMTOFF RULES FORMAT [UNTIL] # aka Panniqtuuq -Zone America/Pangnirtung 0 - zzz 1921 # trading post est. +Zone America/Pangnirtung 0 - -00 1921 # trading post est. -4:00 NT_YK A%sT 1995 Apr Sun>=1 2:00 -5:00 Canada E%sT 1999 Oct 31 2:00 -6:00 Canada C%sT 2000 Oct 29 2:00 -5:00 Canada E%sT # formerly Frobisher Bay -Zone America/Iqaluit 0 - zzz 1942 Aug # Frobisher Bay est. +Zone America/Iqaluit 0 - -00 1942 Aug # Frobisher Bay est. -5:00 NT_YK E%sT 1999 Oct 31 2:00 -6:00 Canada C%sT 2000 Oct 29 2:00 -5:00 Canada E%sT # aka Qausuittuq -Zone America/Resolute 0 - zzz 1947 Aug 31 # Resolute founded +Zone America/Resolute 0 - -00 1947 Aug 31 # Resolute founded -6:00 NT_YK C%sT 2000 Oct 29 2:00 -5:00 - EST 2001 Apr 1 3:00 -6:00 Canada C%sT 2006 Oct 29 2:00 -5:00 - EST 2007 Mar 11 3:00 -6:00 Canada C%sT # aka Kangiqiniq -Zone America/Rankin_Inlet 0 - zzz 1957 # Rankin Inlet founded +Zone America/Rankin_Inlet 0 - -00 1957 # Rankin Inlet founded -6:00 NT_YK C%sT 2000 Oct 29 2:00 -5:00 - EST 2001 Apr 1 3:00 -6:00 Canada C%sT # aka Iqaluktuuttiaq -Zone America/Cambridge_Bay 0 - zzz 1920 # trading post est.? +Zone America/Cambridge_Bay 0 - -00 1920 # trading post est.? -7:00 NT_YK M%sT 1999 Oct 31 2:00 -6:00 Canada C%sT 2000 Oct 29 2:00 -5:00 - EST 2000 Nov 5 0:00 -6:00 - CST 2001 Apr 1 3:00 -7:00 Canada M%sT -Zone America/Yellowknife 0 - zzz 1935 # Yellowknife founded? +Zone America/Yellowknife 0 - -00 1935 # Yellowknife founded? -7:00 NT_YK M%sT 1980 -7:00 Canada M%sT -Zone America/Inuvik 0 - zzz 1953 # Inuvik founded +Zone America/Inuvik 0 - -00 1953 # Inuvik founded -8:00 NT_YK P%sT 1979 Apr lastSun 2:00 -7:00 NT_YK M%sT 1980 -7:00 Canada M%sT
--- a/test/sun/util/calendar/zi/tzdata/southamerica Thu Nov 03 02:53:25 2016 +0000 +++ b/test/sun/util/calendar/zi/tzdata/southamerica Thu Nov 03 18:13:23 2016 +0000 @@ -1332,7 +1332,7 @@ # Palmer used to be supplied from Argentina. # # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Antarctica/Palmer 0 - zzz 1965 +Zone Antarctica/Palmer 0 - -00 1965 -4:00 Arg AR%sT 1969 Oct 5 -3:00 Arg AR%sT 1982 May -4:00 Chile CL%sT @@ -1782,16 +1782,16 @@ # https://actualidad.rt.com/actualidad/204758-venezuela-modificar-huso-horario-sequia-elnino # # From Paul Eggert (2016-04-15): -# Clocks advance 30 minutes on 2016-05-01 at 02:30. See: -# Barboza AD. Huso horario en Venezuela volverá a 4 horas menos con -# respecto al "Greenwich". Panorama 2016-04-15 12:20 -0430. -# http://www.panorama.com.ve/ciudad/Huso-horario-en-Venezuela-volvera-a-4-horas-menos-con-respecto-al-Greenwich-20160415-0032.html -# +# Clocks advance 30 minutes on 2016-05-01 at 02:30.... # "'Venezuela's new time-zone: hours without light, hours without water, -# hours of presidential broadcasts, hours of lines," quipped comedian -# Jean Mary Curro ...". See: Cawthorne A, Kai D. Venezuela scraps +# hours of presidential broadcasts, hours of lines,' quipped comedian +# Jean Mary Curró ...". See: Cawthorne A, Kai D. Venezuela scraps # half-hour time difference set by Chavez. Reuters 2016-04-15 14:50 -0400 # http://www.reuters.com/article/us-venezuela-timezone-idUSKCN0XC2BE +# +# From Matt Johnson (2016-04-20): +# ... published in the official Gazette [2016-04-18], here: +# http://historico.tsj.gob.ve/gaceta_ext/abril/1842016/E-1842016-4551.pdf # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone America/Caracas -4:27:44 - LMT 1890