Mercurial > hg > icedtea8-forest > jdk
changeset 11528:e6d562c0f079 jdk8u66-b17
Merge
author | asaha |
---|---|
date | Tue, 06 Oct 2015 12:14:45 -0700 |
parents | 59be3fa710a6 (current diff) b3ce30db46ab (diff) |
children | fd2fe69089ac |
files | .hgtags make/CompileJavaClasses.gmk src/share/native/sun/nio/ch/genSocketOptionRegistry.c src/solaris/native/sun/nio/fs/genSolarisConstants.c src/solaris/native/sun/nio/fs/genUnixConstants.c test/sun/security/provider/certpath/DisabledAlgorithms/CPBuilderWithMD5.java |
diffstat | 39 files changed, 461 insertions(+), 1123 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgtags Mon Sep 28 15:06:22 2015 -0700 +++ b/.hgtags Tue Oct 06 12:14:45 2015 -0700 @@ -474,6 +474,7 @@ d26fd80f684d44fd9b16e84e585dda3757d4a19c jdk8u65-b14 64c3b5808a701b6328c18028d1c98bc41679f718 jdk8u65-b15 372d63c0daaff36677d40f5f05b051f5e4e9e4ea jdk8u65-b16 +14a4b0a9a0b7a3d06432b484f226c71920460808 jdk8u65-b17 e9f82302d5fdef8a0976640e09363895e9dcde3c jdk8u66-b00 64d7bd4e98150447916f210e3bfd6875a4c2728a jdk8u66-b01 d8210091911b14930192abd3138ee37c281fb632 jdk8u66-b02
--- a/make/CompileJavaClasses.gmk Mon Sep 28 15:06:22 2015 -0700 +++ b/make/CompileJavaClasses.gmk Tue Oct 06 12:14:45 2015 -0700 @@ -238,11 +238,6 @@ EXFILES += sun/nio/fs/PollingWatchService.java endif -# TODO: Fix when converting NIO -# Exclude *-linux-arm.java and *-linux-ppc.java from closed. -EXFILES += -linux-arm.java \ - -linux-ppc.java - ifeq ($(OPENJDK_TARGET_OS), windows) EXFILES += sun/nio/ch/AbstractPollSelectorImpl.java \ sun/nio/ch/PollSelectorProvider.java \
--- a/make/gensrc/GensrcMisc.gmk Mon Sep 28 15:06:22 2015 -0700 +++ b/make/gensrc/GensrcMisc.gmk Tue Oct 06 12:14:45 2015 -0700 @@ -64,9 +64,9 @@ GENSRC_MISC += $(JDK_OUTPUTDIR)/gensrc/sun/nio/ch/SocketOptionRegistry.java -GENSRC_SOR_SRC := $(JDK_TOPDIR)/src/share/native/sun/nio/ch +GENSRC_SOR_SRC := $(JDK_TOPDIR)/make/src/native/genconstants/ch GENSRC_SOR_SRC_FILE := genSocketOptionRegistry.c -GENSRC_SOR_BIN := $(JDK_OUTPUTDIR)/gensrc/genSocketOptionRegistry +GENSRC_SOR_BIN := $(JDK_OUTPUTDIR)/btnative/genSocketOptionRegistry SOR_COPYRIGHT_YEARS = $(shell $(CAT) $(GENSRC_SOR_SRC)/$(GENSRC_SOR_SRC_FILE) | \ $(NAWK) '/^.*Copyright.*Oracle/ { printf "%s %s",$$4,$$5 }') @@ -81,11 +81,9 @@ OUTPUT_DIR := $(GENSRC_SOR_BIN), \ PROGRAM := genSocketOptionRegistry)) -ifneq ($(wildcard $(JDK_TOPDIR)/src/closed/solaris/classes/sun/nio/ch/SocketOptionRegistry-$(OPENJDK_TARGET_OS)-$(OPENJDK_TARGET_CPU_ARCH).java), ) - HAS_SOCKET_OPTION_REGISTRY := true -endif +SOR_PREGEN_FILE := $(JDK_TOPDIR)/src/closed/solaris/classes/sun/nio/ch/SocketOptionRegistry-$(OPENJDK_TARGET_OS)-$(OPENJDK_TARGET_CPU_ARCH).java.template -ifneq ($(HAS_SOCKET_OPTION_REGISTRY), true) +ifeq ($(wildcard $(SOR_PREGEN_FILE)), ) $(JDK_OUTPUTDIR)/gensrc/sun/nio/ch/SocketOptionRegistry.java: $(BUILD_GENSRC_SOR_EXE) $(MKDIR) -p $(@D) $(RM) $@ $@.tmp @@ -93,7 +91,7 @@ $(BUILD_GENSRC_SOR_EXE) >> $@.tmp $(MV) $@.tmp $@ else - $(JDK_OUTPUTDIR)/gensrc/sun/nio/ch/SocketOptionRegistry.java: $(JDK_TOPDIR)/src/closed/solaris/classes/sun/nio/ch/SocketOptionRegistry-$(OPENJDK_TARGET_OS)-$(OPENJDK_TARGET_CPU_ARCH).java + $(JDK_OUTPUTDIR)/gensrc/sun/nio/ch/SocketOptionRegistry.java: $(SOR_PREGEN_FILE) $(call install-file) endif @@ -103,9 +101,9 @@ GENSRC_MISC += $(JDK_OUTPUTDIR)/gensrc/sun/nio/fs/UnixConstants.java - GENSRC_UC_SRC := $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/native/sun/nio/fs + GENSRC_UC_SRC := $(JDK_TOPDIR)/make/src/native/genconstants/fs GENSRC_UC_SRC_FILE := genUnixConstants.c - GENSRC_UC_BIN := $(JDK_OUTPUTDIR)/gensrc/genUnixConstants + GENSRC_UC_BIN := $(JDK_OUTPUTDIR)/btnative/genUnixConstants UC_COPYRIGHT_YEARS = $(shell $(CAT) $(GENSRC_UC_SRC)/$(GENSRC_UC_SRC_FILE) | \ $(NAWK) '/^.*Copyright.*Oracle/ { printf "%s %s",$$4,$$5 }') @@ -121,11 +119,9 @@ OUTPUT_DIR := $(GENSRC_UC_BIN), \ PROGRAM := genUnixConstants)) - ifneq ($(wildcard $(JDK_TOPDIR)/src/closed/solaris/classes/sun/nio/fs/UnixConstants-$(OPENJDK_TARGET_OS)-$(OPENJDK_TARGET_CPU_ARCH).java), ) - HAS_UNIX_CONSTANTS := true - endif + UC_PREGEN_FILE := $(JDK_TOPDIR)/src/closed/solaris/classes/sun/nio/fs/UnixConstants-$(OPENJDK_TARGET_OS)-$(OPENJDK_TARGET_CPU_ARCH).java.template - ifneq ($(HAS_UNIX_CONSTANTS), true) + ifeq ($(wildcard $(UC_PREGEN_FILE)), ) $(JDK_OUTPUTDIR)/gensrc/sun/nio/fs/UnixConstants.java: $(BUILD_GENSRC_UC_EXE) $(MKDIR) -p $(@D) $(RM) $@ $@.tmp @@ -133,7 +129,7 @@ $(BUILD_GENSRC_UC_EXE) >> $@.tmp $(MV) $@.tmp $@ else - $(JDK_OUTPUTDIR)/gensrc/sun/nio/fs/UnixConstants.java: $(JDK_TOPDIR)/src/closed/solaris/classes/sun/nio/fs/UnixConstants-$(OPENJDK_TARGET_OS)-$(OPENJDK_TARGET_CPU_ARCH).java + $(JDK_OUTPUTDIR)/gensrc/sun/nio/fs/UnixConstants.java: $(UC_PREGEN_FILE) $(call install-file) endif @@ -145,9 +141,9 @@ GENSRC_MISC += $(JDK_OUTPUTDIR)/gensrc/sun/nio/fs/SolarisConstants.java - GENSRC_SOL_SRC := $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/native/sun/nio/fs + GENSRC_SOL_SRC := $(JDK_TOPDIR)/make/src/native/genconstants/fs GENSRC_SOL_SRC_FILE := genSolarisConstants.c - GENSRC_SOL_BIN := $(JDK_OUTPUTDIR)/gensrc/genSolarisConstants + GENSRC_SOL_BIN := $(JDK_OUTPUTDIR)/btnative/genSolarisConstants SOL_COPYRIGHT_YEARS = $(shell $(CAT) $(GENSRC_SOL_SRC)/$(GENSRC_SOL_SRC_FILE) | \ $(NAWK) '/^.*Copyright.*Oracle/ { printf "%s %s",$$4,$$5 }')
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/make/src/native/genconstants/ch/genSocketOptionRegistry.c Tue Oct 06 12:14:45 2015 -0700 @@ -0,0 +1,131 @@ +/* + * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +#include <stdio.h> +#ifdef _WIN32 +#include <winsock2.h> +#include <ws2tcpip.h> +#else +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netinet/tcp.h> +#endif + +/** + * Generates sun.nio.ch.SocketOptionRegistry, a class that maps Java-level + * socket options to the platform specific level and option. + */ + +static void out(char* s) { + printf("%s\n", s); +} + +static void emit(const char *name, char * family, int level, int optname) { + printf(" map.put(new RegistryKey(%s, %s),", name, family); + printf(" new OptionKey(%d, %d));\n", level, optname); +} + +static void emit_unspec(const char *name, int level, int optname) { + emit(name, "Net.UNSPEC", level, optname); +} + +static void emit_inet(const char *name, int level, int optname) { + emit(name, "StandardProtocolFamily.INET", level, optname); +} + +static void emit_inet6(const char *name, int level, int optname) { + emit(name, "StandardProtocolFamily.INET6", level, optname); +} + +int main(int argc, const char* argv[]) { + out("// AUTOMATICALLY GENERATED FILE - DO NOT EDIT "); + out("package sun.nio.ch; "); + out("import java.net.SocketOption; "); + out("import java.net.StandardSocketOptions; "); + out("import java.net.ProtocolFamily; "); + out("import java.net.StandardProtocolFamily; "); + out("import java.util.Map; "); + out("import java.util.HashMap; "); + out("class SocketOptionRegistry { "); + out(" private SocketOptionRegistry() { } "); + out(" private static class RegistryKey { "); + out(" private final SocketOption<?> name; "); + out(" private final ProtocolFamily family; "); + out(" RegistryKey(SocketOption<?> name, ProtocolFamily family) { "); + out(" this.name = name; "); + out(" this.family = family; "); + out(" } "); + out(" public int hashCode() { "); + out(" return name.hashCode() + family.hashCode(); "); + out(" } "); + out(" public boolean equals(Object ob) { "); + out(" if (ob == null) return false; "); + out(" if (!(ob instanceof RegistryKey)) return false; "); + out(" RegistryKey other = (RegistryKey)ob; "); + out(" if (this.name != other.name) return false; "); + out(" if (this.family != other.family) return false; "); + out(" return true; "); + out(" } "); + out(" } "); + out(" private static class LazyInitialization { "); + out(" static final Map<RegistryKey,OptionKey> options = options(); "); + out(" private static Map<RegistryKey,OptionKey> options() { "); + out(" Map<RegistryKey,OptionKey> map = "); + out(" new HashMap<RegistryKey,OptionKey>(); "); + + emit_unspec("StandardSocketOptions.SO_BROADCAST", SOL_SOCKET, SO_BROADCAST); + emit_unspec("StandardSocketOptions.SO_KEEPALIVE", SOL_SOCKET, SO_KEEPALIVE); + emit_unspec("StandardSocketOptions.SO_LINGER", SOL_SOCKET, SO_LINGER); + emit_unspec("StandardSocketOptions.SO_SNDBUF", SOL_SOCKET, SO_SNDBUF); + emit_unspec("StandardSocketOptions.SO_RCVBUF", SOL_SOCKET, SO_RCVBUF); + emit_unspec("StandardSocketOptions.SO_REUSEADDR", SOL_SOCKET, SO_REUSEADDR); + emit_unspec("StandardSocketOptions.TCP_NODELAY", IPPROTO_TCP, TCP_NODELAY); + + emit_inet("StandardSocketOptions.IP_TOS", IPPROTO_IP, IP_TOS); + emit_inet("StandardSocketOptions.IP_MULTICAST_IF", IPPROTO_IP, IP_MULTICAST_IF); + emit_inet("StandardSocketOptions.IP_MULTICAST_TTL", IPPROTO_IP, IP_MULTICAST_TTL); + emit_inet("StandardSocketOptions.IP_MULTICAST_LOOP", IPPROTO_IP, IP_MULTICAST_LOOP); + +#ifdef AF_INET6 + emit_inet6("StandardSocketOptions.IP_TOS", IPPROTO_IPV6, IPV6_TCLASS); + emit_inet6("StandardSocketOptions.IP_MULTICAST_IF", IPPROTO_IPV6, IPV6_MULTICAST_IF); + emit_inet6("StandardSocketOptions.IP_MULTICAST_TTL", IPPROTO_IPV6, IPV6_MULTICAST_HOPS); + emit_inet6("StandardSocketOptions.IP_MULTICAST_LOOP", IPPROTO_IPV6, IPV6_MULTICAST_LOOP); +#endif + + emit_unspec("ExtendedSocketOption.SO_OOBINLINE", SOL_SOCKET, SO_OOBINLINE); + + out(" return map; "); + out(" } "); + out(" } "); + out(" public static OptionKey findOption(SocketOption<?> name, ProtocolFamily family) { "); + out(" RegistryKey key = new RegistryKey(name, family); "); + out(" return LazyInitialization.options.get(key); "); + out(" } "); + out("} "); + + return 0; +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/make/src/native/genconstants/fs/genSolarisConstants.c Tue Oct 06 12:14:45 2015 -0700 @@ -0,0 +1,105 @@ +/* + * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +#include <stdio.h> +#include <errno.h> +#include <unistd.h> +#include <sys/acl.h> +#include <fcntl.h> +#include <sys/stat.h> + +/** + * Generates sun.nio.fs.SolarisConstants + */ + +static void out(char* s) { + printf("%s\n", s); +} + +static void emit(char* name, int value) { + printf(" static final int %s = %d;\n", name, value); +} + +static void emitX(char* name, int value) { + printf(" static final int %s = 0x%x;\n", name, value); +} + +#define DEF(X) emit(#X, X); +#define DEFX(X) emitX(#X, X); + +int main(int argc, const char* argv[]) { + out("// AUTOMATICALLY GENERATED FILE - DO NOT EDIT "); + out("package sun.nio.fs; "); + out("class SolarisConstants { "); + out(" private SolarisConstants() { } "); + + // extended attributes + DEFX(O_XATTR); + DEF(_PC_XATTR_ENABLED); + + // ACL configuration + DEF(_PC_ACL_ENABLED); + DEFX(_ACL_ACE_ENABLED); + + // ACL commands + DEFX(ACE_GETACL); + DEFX(ACE_SETACL); + + // ACL mask/flags/types + emitX("ACE_ACCESS_ALLOWED_ACE_TYPE", 0x0000); + emitX("ACE_ACCESS_DENIED_ACE_TYPE", 0x0001); + emitX("ACE_SYSTEM_AUDIT_ACE_TYPE", 0x0002); + emitX("ACE_SYSTEM_ALARM_ACE_TYPE", 0x0003); + emitX("ACE_READ_DATA", 0x00000001); + emitX("ACE_LIST_DIRECTORY", 0x00000001); + emitX("ACE_WRITE_DATA", 0x00000002); + emitX("ACE_ADD_FILE", 0x00000002); + emitX("ACE_APPEND_DATA", 0x00000004); + emitX("ACE_ADD_SUBDIRECTORY", 0x00000004); + emitX("ACE_READ_NAMED_ATTRS", 0x00000008); + emitX("ACE_WRITE_NAMED_ATTRS", 0x00000010); + emitX("ACE_EXECUTE", 0x00000020); + emitX("ACE_DELETE_CHILD", 0x00000040); + emitX("ACE_READ_ATTRIBUTES", 0x00000080); + emitX("ACE_WRITE_ATTRIBUTES", 0x00000100); + emitX("ACE_DELETE", 0x00010000); + emitX("ACE_READ_ACL", 0x00020000); + emitX("ACE_WRITE_ACL", 0x00040000); + emitX("ACE_WRITE_OWNER", 0x00080000); + emitX("ACE_SYNCHRONIZE", 0x00100000); + emitX("ACE_FILE_INHERIT_ACE", 0x0001); + emitX("ACE_DIRECTORY_INHERIT_ACE", 0x0002); + emitX("ACE_NO_PROPAGATE_INHERIT_ACE", 0x0004); + emitX("ACE_INHERIT_ONLY_ACE", 0x0008); + emitX("ACE_SUCCESSFUL_ACCESS_ACE_FLAG", 0x0010); + emitX("ACE_FAILED_ACCESS_ACE_FLAG", 0x0020); + emitX("ACE_IDENTIFIER_GROUP", 0x0040); + emitX("ACE_OWNER", 0x1000); + emitX("ACE_GROUP", 0x2000); + emitX("ACE_EVERYONE", 0x4000); + + out("} "); + return 0; +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/make/src/native/genconstants/fs/genUnixConstants.c Tue Oct 06 12:14:45 2015 -0700 @@ -0,0 +1,141 @@ +/* + * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +#include <stdio.h> +#include <errno.h> +#include <unistd.h> +#include <fcntl.h> +#include <sys/stat.h> + +/** + * Generates sun.nio.fs.UnixConstants + */ + +static void out(char* s) { + printf("%s\n", s); +} + +static void emit(char* name, int value) { + printf(" static final int %s = %d;\n", name, value); +} + +static void emitX(char* name, int value) { + printf(" static final int %s = 0x%x;\n", name, value); +} + +#define DEF(X) emit(#X, X); +#define DEFX(X) emitX(#X, X); + +int main(int argc, const char* argv[]) { + out("// AUTOMATICALLY GENERATED FILE - DO NOT EDIT "); + out("package sun.nio.fs; "); + out("class UnixConstants { "); + out(" private UnixConstants() { } "); + + // open flags + DEF(O_RDONLY); + DEF(O_WRONLY); + DEF(O_RDWR); + DEFX(O_APPEND); + DEFX(O_CREAT); + DEFX(O_EXCL); + DEFX(O_TRUNC); + DEFX(O_SYNC); +#ifndef O_DSYNC + // At least FreeBSD doesn't define O_DSYNC + emit("O_DSYNC", O_SYNC); +#else + DEFX(O_DSYNC); +#endif +#ifdef O_NOFOLLOW + DEFX(O_NOFOLLOW); +#else + // not supported (dummy values will not be used at runtime). + emitX("O_NOFOLLOW", 0x0); +#endif + + // mode masks + emitX("S_IAMB", + (S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IWGRP|S_IXGRP|S_IROTH|S_IWOTH|S_IXOTH)); + DEF(S_IRUSR); + DEF(S_IWUSR); + DEF(S_IXUSR); + DEF(S_IRGRP); + DEF(S_IWGRP); + DEF(S_IXGRP); + DEF(S_IROTH); + DEF(S_IWOTH); + DEF(S_IXOTH); + DEFX(S_IFMT); + DEFX(S_IFREG); + DEFX(S_IFDIR); + DEFX(S_IFLNK); + DEFX(S_IFCHR); + DEFX(S_IFBLK); + DEFX(S_IFIFO); + + // access modes + DEF(R_OK); + DEF(W_OK); + DEF(X_OK); + DEF(F_OK); + + // errors + DEF(ENOENT); + DEF(EACCES); + DEF(EEXIST); + DEF(ENOTDIR); + DEF(EINVAL); + DEF(EXDEV); + DEF(EISDIR); + DEF(ENOTEMPTY); + DEF(ENOSPC); + DEF(EAGAIN); + DEF(ENOSYS); + DEF(ELOOP); + DEF(EROFS); +#ifndef ENODATA + // Only used in Linux java source, provide any value so it compiles + emit("ENODATA", ELAST); +#else + DEF(ENODATA); +#endif + DEF(ERANGE); + DEF(EMFILE); + + // flags used with openat/unlinkat/etc. +#if defined(AT_SYMLINK_NOFOLLOW) && defined(AT_REMOVEDIR) + DEFX(AT_SYMLINK_NOFOLLOW) + DEFX(AT_REMOVEDIR); +#else + // not supported (dummy values will not be used at runtime). + emitX("AT_SYMLINK_NOFOLLOW", 0x0); + emitX("AT_REMOVEDIR", 0x0); +#endif + + out("} "); + + return 0; +}
--- a/src/share/lib/security/java.security-aix Mon Sep 28 15:06:22 2015 -0700 +++ b/src/share/lib/security/java.security-aix Tue Oct 06 12:14:45 2015 -0700 @@ -481,7 +481,7 @@ # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # # -jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 +jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing
--- a/src/share/lib/security/java.security-linux Mon Sep 28 15:06:22 2015 -0700 +++ b/src/share/lib/security/java.security-linux Tue Oct 06 12:14:45 2015 -0700 @@ -481,7 +481,7 @@ # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # # -jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 +jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing
--- a/src/share/lib/security/java.security-macosx Mon Sep 28 15:06:22 2015 -0700 +++ b/src/share/lib/security/java.security-macosx Tue Oct 06 12:14:45 2015 -0700 @@ -484,7 +484,7 @@ # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # # -jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 +jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing
--- a/src/share/lib/security/java.security-solaris Mon Sep 28 15:06:22 2015 -0700 +++ b/src/share/lib/security/java.security-solaris Tue Oct 06 12:14:45 2015 -0700 @@ -483,7 +483,7 @@ # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # # -jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 +jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing
--- a/src/share/lib/security/java.security-windows Mon Sep 28 15:06:22 2015 -0700 +++ b/src/share/lib/security/java.security-windows Tue Oct 06 12:14:45 2015 -0700 @@ -484,7 +484,7 @@ # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # # -jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 +jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing
--- a/src/share/native/sun/nio/ch/genSocketOptionRegistry.c Mon Sep 28 15:06:22 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,131 +0,0 @@ -/* - * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -#include <stdio.h> -#ifdef _WIN32 -#include <winsock2.h> -#include <ws2tcpip.h> -#else -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <netinet/tcp.h> -#endif - -/** - * Generates sun.nio.ch.SocketOptionRegistry, a class that maps Java-level - * socket options to the platform specific level and option. - */ - -static void out(char* s) { - printf("%s\n", s); -} - -static void emit(const char *name, char * family, int level, int optname) { - printf(" map.put(new RegistryKey(%s, %s),", name, family); - printf(" new OptionKey(%d, %d));\n", level, optname); -} - -static void emit_unspec(const char *name, int level, int optname) { - emit(name, "Net.UNSPEC", level, optname); -} - -static void emit_inet(const char *name, int level, int optname) { - emit(name, "StandardProtocolFamily.INET", level, optname); -} - -static void emit_inet6(const char *name, int level, int optname) { - emit(name, "StandardProtocolFamily.INET6", level, optname); -} - -int main(int argc, const char* argv[]) { - out("// AUTOMATICALLY GENERATED FILE - DO NOT EDIT "); - out("package sun.nio.ch; "); - out("import java.net.SocketOption; "); - out("import java.net.StandardSocketOptions; "); - out("import java.net.ProtocolFamily; "); - out("import java.net.StandardProtocolFamily; "); - out("import java.util.Map; "); - out("import java.util.HashMap; "); - out("class SocketOptionRegistry { "); - out(" private SocketOptionRegistry() { } "); - out(" private static class RegistryKey { "); - out(" private final SocketOption<?> name; "); - out(" private final ProtocolFamily family; "); - out(" RegistryKey(SocketOption<?> name, ProtocolFamily family) { "); - out(" this.name = name; "); - out(" this.family = family; "); - out(" } "); - out(" public int hashCode() { "); - out(" return name.hashCode() + family.hashCode(); "); - out(" } "); - out(" public boolean equals(Object ob) { "); - out(" if (ob == null) return false; "); - out(" if (!(ob instanceof RegistryKey)) return false; "); - out(" RegistryKey other = (RegistryKey)ob; "); - out(" if (this.name != other.name) return false; "); - out(" if (this.family != other.family) return false; "); - out(" return true; "); - out(" } "); - out(" } "); - out(" private static class LazyInitialization { "); - out(" static final Map<RegistryKey,OptionKey> options = options(); "); - out(" private static Map<RegistryKey,OptionKey> options() { "); - out(" Map<RegistryKey,OptionKey> map = "); - out(" new HashMap<RegistryKey,OptionKey>(); "); - - emit_unspec("StandardSocketOptions.SO_BROADCAST", SOL_SOCKET, SO_BROADCAST); - emit_unspec("StandardSocketOptions.SO_KEEPALIVE", SOL_SOCKET, SO_KEEPALIVE); - emit_unspec("StandardSocketOptions.SO_LINGER", SOL_SOCKET, SO_LINGER); - emit_unspec("StandardSocketOptions.SO_SNDBUF", SOL_SOCKET, SO_SNDBUF); - emit_unspec("StandardSocketOptions.SO_RCVBUF", SOL_SOCKET, SO_RCVBUF); - emit_unspec("StandardSocketOptions.SO_REUSEADDR", SOL_SOCKET, SO_REUSEADDR); - emit_unspec("StandardSocketOptions.TCP_NODELAY", IPPROTO_TCP, TCP_NODELAY); - - emit_inet("StandardSocketOptions.IP_TOS", IPPROTO_IP, IP_TOS); - emit_inet("StandardSocketOptions.IP_MULTICAST_IF", IPPROTO_IP, IP_MULTICAST_IF); - emit_inet("StandardSocketOptions.IP_MULTICAST_TTL", IPPROTO_IP, IP_MULTICAST_TTL); - emit_inet("StandardSocketOptions.IP_MULTICAST_LOOP", IPPROTO_IP, IP_MULTICAST_LOOP); - -#ifdef AF_INET6 - emit_inet6("StandardSocketOptions.IP_TOS", IPPROTO_IPV6, IPV6_TCLASS); - emit_inet6("StandardSocketOptions.IP_MULTICAST_IF", IPPROTO_IPV6, IPV6_MULTICAST_IF); - emit_inet6("StandardSocketOptions.IP_MULTICAST_TTL", IPPROTO_IPV6, IPV6_MULTICAST_HOPS); - emit_inet6("StandardSocketOptions.IP_MULTICAST_LOOP", IPPROTO_IPV6, IPV6_MULTICAST_LOOP); -#endif - - emit_unspec("ExtendedSocketOption.SO_OOBINLINE", SOL_SOCKET, SO_OOBINLINE); - - out(" return map; "); - out(" } "); - out(" } "); - out(" public static OptionKey findOption(SocketOption<?> name, ProtocolFamily family) { "); - out(" RegistryKey key = new RegistryKey(name, family); "); - out(" return LazyInitialization.options.get(key); "); - out(" } "); - out("} "); - - return 0; -}
--- a/src/solaris/native/sun/nio/fs/genSolarisConstants.c Mon Sep 28 15:06:22 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,105 +0,0 @@ -/* - * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -#include <stdio.h> -#include <errno.h> -#include <unistd.h> -#include <sys/acl.h> -#include <fcntl.h> -#include <sys/stat.h> - -/** - * Generates sun.nio.fs.SolarisConstants - */ - -static void out(char* s) { - printf("%s\n", s); -} - -static void emit(char* name, int value) { - printf(" static final int %s = %d;\n", name, value); -} - -static void emitX(char* name, int value) { - printf(" static final int %s = 0x%x;\n", name, value); -} - -#define DEF(X) emit(#X, X); -#define DEFX(X) emitX(#X, X); - -int main(int argc, const char* argv[]) { - out("// AUTOMATICALLY GENERATED FILE - DO NOT EDIT "); - out("package sun.nio.fs; "); - out("class SolarisConstants { "); - out(" private SolarisConstants() { } "); - - // extended attributes - DEFX(O_XATTR); - DEF(_PC_XATTR_ENABLED); - - // ACL configuration - DEF(_PC_ACL_ENABLED); - DEFX(_ACL_ACE_ENABLED); - - // ACL commands - DEFX(ACE_GETACL); - DEFX(ACE_SETACL); - - // ACL mask/flags/types - emitX("ACE_ACCESS_ALLOWED_ACE_TYPE", 0x0000); - emitX("ACE_ACCESS_DENIED_ACE_TYPE", 0x0001); - emitX("ACE_SYSTEM_AUDIT_ACE_TYPE", 0x0002); - emitX("ACE_SYSTEM_ALARM_ACE_TYPE", 0x0003); - emitX("ACE_READ_DATA", 0x00000001); - emitX("ACE_LIST_DIRECTORY", 0x00000001); - emitX("ACE_WRITE_DATA", 0x00000002); - emitX("ACE_ADD_FILE", 0x00000002); - emitX("ACE_APPEND_DATA", 0x00000004); - emitX("ACE_ADD_SUBDIRECTORY", 0x00000004); - emitX("ACE_READ_NAMED_ATTRS", 0x00000008); - emitX("ACE_WRITE_NAMED_ATTRS", 0x00000010); - emitX("ACE_EXECUTE", 0x00000020); - emitX("ACE_DELETE_CHILD", 0x00000040); - emitX("ACE_READ_ATTRIBUTES", 0x00000080); - emitX("ACE_WRITE_ATTRIBUTES", 0x00000100); - emitX("ACE_DELETE", 0x00010000); - emitX("ACE_READ_ACL", 0x00020000); - emitX("ACE_WRITE_ACL", 0x00040000); - emitX("ACE_WRITE_OWNER", 0x00080000); - emitX("ACE_SYNCHRONIZE", 0x00100000); - emitX("ACE_FILE_INHERIT_ACE", 0x0001); - emitX("ACE_DIRECTORY_INHERIT_ACE", 0x0002); - emitX("ACE_NO_PROPAGATE_INHERIT_ACE", 0x0004); - emitX("ACE_INHERIT_ONLY_ACE", 0x0008); - emitX("ACE_SUCCESSFUL_ACCESS_ACE_FLAG", 0x0010); - emitX("ACE_FAILED_ACCESS_ACE_FLAG", 0x0020); - emitX("ACE_IDENTIFIER_GROUP", 0x0040); - emitX("ACE_OWNER", 0x1000); - emitX("ACE_GROUP", 0x2000); - emitX("ACE_EVERYONE", 0x4000); - - out("} "); - return 0; -}
--- a/src/solaris/native/sun/nio/fs/genUnixConstants.c Mon Sep 28 15:06:22 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,141 +0,0 @@ -/* - * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -#include <stdio.h> -#include <errno.h> -#include <unistd.h> -#include <fcntl.h> -#include <sys/stat.h> - -/** - * Generates sun.nio.fs.UnixConstants - */ - -static void out(char* s) { - printf("%s\n", s); -} - -static void emit(char* name, int value) { - printf(" static final int %s = %d;\n", name, value); -} - -static void emitX(char* name, int value) { - printf(" static final int %s = 0x%x;\n", name, value); -} - -#define DEF(X) emit(#X, X); -#define DEFX(X) emitX(#X, X); - -int main(int argc, const char* argv[]) { - out("// AUTOMATICALLY GENERATED FILE - DO NOT EDIT "); - out("package sun.nio.fs; "); - out("class UnixConstants { "); - out(" private UnixConstants() { } "); - - // open flags - DEF(O_RDONLY); - DEF(O_WRONLY); - DEF(O_RDWR); - DEFX(O_APPEND); - DEFX(O_CREAT); - DEFX(O_EXCL); - DEFX(O_TRUNC); - DEFX(O_SYNC); -#ifndef O_DSYNC - // At least FreeBSD doesn't define O_DSYNC - emit("O_DSYNC", O_SYNC); -#else - DEFX(O_DSYNC); -#endif -#ifdef O_NOFOLLOW - DEFX(O_NOFOLLOW); -#else - // not supported (dummy values will not be used at runtime). - emitX("O_NOFOLLOW", 0x0); -#endif - - // mode masks - emitX("S_IAMB", - (S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IWGRP|S_IXGRP|S_IROTH|S_IWOTH|S_IXOTH)); - DEF(S_IRUSR); - DEF(S_IWUSR); - DEF(S_IXUSR); - DEF(S_IRGRP); - DEF(S_IWGRP); - DEF(S_IXGRP); - DEF(S_IROTH); - DEF(S_IWOTH); - DEF(S_IXOTH); - DEFX(S_IFMT); - DEFX(S_IFREG); - DEFX(S_IFDIR); - DEFX(S_IFLNK); - DEFX(S_IFCHR); - DEFX(S_IFBLK); - DEFX(S_IFIFO); - - // access modes - DEF(R_OK); - DEF(W_OK); - DEF(X_OK); - DEF(F_OK); - - // errors - DEF(ENOENT); - DEF(EACCES); - DEF(EEXIST); - DEF(ENOTDIR); - DEF(EINVAL); - DEF(EXDEV); - DEF(EISDIR); - DEF(ENOTEMPTY); - DEF(ENOSPC); - DEF(EAGAIN); - DEF(ENOSYS); - DEF(ELOOP); - DEF(EROFS); -#ifndef ENODATA - // Only used in Linux java source, provide any value so it compiles - emit("ENODATA", ELAST); -#else - DEF(ENODATA); -#endif - DEF(ERANGE); - DEF(EMFILE); - - // flags used with openat/unlinkat/etc. -#if defined(AT_SYMLINK_NOFOLLOW) && defined(AT_REMOVEDIR) - DEFX(AT_SYMLINK_NOFOLLOW) - DEFX(AT_REMOVEDIR); -#else - // not supported (dummy values will not be used at runtime). - emitX("AT_SYMLINK_NOFOLLOW", 0x0); - emitX("AT_REMOVEDIR", 0x0); -#endif - - out("} "); - - return 0; -}
--- a/test/java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,12 +21,6 @@ * questions. */ -// -// Security properties, once set, cannot revert to unset. To avoid -// conflicts with tests running in the same VM isolate this test by -// running it in otherVM mode. -// - /** * @test * @bug 6852744 @@ -240,10 +234,6 @@ public static void main(String[] args) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); X509CertSelector selector = generateSelector(args[0]);
--- a/test/java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,12 +21,6 @@ * questions. */ -// -// Security properties, once set, cannot revert to unset. To avoid -// conflicts with tests running in the same VM isolate this test by -// running it in otherVM mode. -// - /** * @test * @bug 6852744 @@ -283,10 +277,6 @@ public static void main(String[] args) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); X509CertSelector selector = generateSelector(args[0]);
--- a/test/java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,12 +21,6 @@ * questions. */ -// -// Security properties, once set, cannot revert to unset. To avoid -// conflicts with tests running in the same VM isolate this test by -// running it in otherVM mode. -// - /** * @test * @bug 6852744 @@ -289,10 +283,6 @@ public static void main(String[] args) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); X509CertSelector selector = generateSelector(args[0]);
--- a/test/java/security/cert/CertPathValidator/OCSP/AIACheck.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/java/security/cert/CertPathValidator/OCSP/AIACheck.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,19 +21,12 @@ * questions. */ -// -// Security properties, once set, cannot revert to unset. To avoid -// conflicts with tests running in the same VM isolate this test by -// running it in otherVM mode. -// - /** * @test * @bug 5072953 * @summary Verify that the URL for an OCSP responder can be extracted from a * certificate's AuthorityInfoAccess extension when OCSP certifiate * validation has been enabled. - * @run main/othervm AIACheck */ import java.io.*; @@ -58,10 +51,6 @@ } public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - X509Certificate aiaCert = loadCertificate("AIACert.pem"); X509Certificate rootCert = loadCertificate("RootCert.pem");
--- a/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,24 +21,16 @@ * questions. */ -// -// Security properties, once set, cannot revert to unset. To avoid -// conflicts with tests running in the same VM isolate this test by -// running it in otherVM mode. -// - /** * @test * @bug 6383095 * @summary CRL revoked certificate failures masked by OCSP failures - * @run main/othervm FailoverToCRL - * @author Xuelei Fan - */ - -/* + * * Note that the certificate validity is from Mar 16 14:55:35 2009 GMT to * Dec 1 14:55:35 2028 GMT, please update it with newer certificate if * expires. + * + * @author Xuelei Fan */ /* @@ -237,10 +229,6 @@ } public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - CertPath path = generateCertificatePath(); Set<TrustAnchor> anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore();
--- a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevel.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevel.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,18 +21,11 @@ * questions. */ -// -// Security properties, once set, cannot revert to unset. To avoid -// conflicts with tests running in the same VM isolate this test by -// running it in otherVM mode. -// - /** * @test * * @bug 6720721 * @summary CRL check with circular depency support needed - * @run main/othervm CircularCRLOneLevel * @author Xuelei Fan */ @@ -165,10 +158,6 @@ } public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - CertPath path = generateCertificatePath(); Set<TrustAnchor> anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore();
--- a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevelRevoked.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevelRevoked.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,18 +21,11 @@ * questions. */ -// -// Security properties, once set, cannot revert to unset. To avoid -// conflicts with tests running in the same VM isolate this test by -// running it in otherVM mode. -// - /** * @test * * @bug 6720721 * @summary CRL check with circular depency support needed - * @run main/othervm CircularCRLOneLevelRevoked * @author Xuelei Fan */ @@ -166,10 +159,6 @@ } public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - CertPath path = generateCertificatePath(); Set<TrustAnchor> anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore();
--- a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,18 +21,11 @@ * questions. */ -// -// Security properties, once set, cannot revert to unset. To avoid -// conflicts with tests running in the same VM isolate this test by -// running it in otherVM mode. -// - /** * @test * * @bug 6720721 * @summary CRL check with circular depency support needed - * @run main/othervm CircularCRLTwoLevel * @author Xuelei Fan */ @@ -217,10 +210,6 @@ } public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - CertPath path = generateCertificatePath(); Set<TrustAnchor> anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore();
--- a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,18 +21,11 @@ * questions. */ -// -// Security properties, once set, cannot revert to unset. To avoid -// conflicts with tests running in the same VM isolate this test by -// running it in otherVM mode. -// - /** * @test * * @bug 6720721 * @summary CRL check with circular depency support needed - * @run main/othervm CircularCRLTwoLevelRevoked * @author Xuelei Fan */ @@ -218,10 +211,6 @@ } public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - CertPath path = generateCertificatePath(); Set<TrustAnchor> anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore();
--- a/test/sun/security/provider/certpath/DisabledAlgorithms/CPBuilderWithMD5.java Mon Sep 28 15:06:22 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,449 +0,0 @@ -/* - * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -// This test case relies on static security property, no way to re-use -// security property in samevm/agentvm mode. - -/** - * @test - * - * @bug 8030829 - * @summary Add MD5 to jdk.certpath.disabledAlgorithms security property - * - * @run main/othervm CPBuilderWithMD5 trustAnchor_SHA1withRSA_1024 0 true - * @run main/othervm CPBuilderWithMD5 trustAnchor_SHA1withRSA_512 0 true - * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_1024_1024 1 true - * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_1024_512 1 false - * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_512_1024 1 false - * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_512_512 1 false - * @run main/othervm CPBuilderWithMD5 intermediate_MD5withRSA_1024_1024 1 false - * @run main/othervm CPBuilderWithMD5 intermediate_MD5withRSA_1024_512 1 false - * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_1024_1024 2 true - * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_1024_512 2 false - * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_512_1024 2 false - * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_512_512 2 false - * @run main/othervm CPBuilderWithMD5 endentiry_MD5withRSA_1024_1024 2 false - * @run main/othervm CPBuilderWithMD5 endentiry_MD5withRSA_1024_512 2 false - * - * @author Xuelei Fan - */ - -/* - * The generate.sh was designed to generate MD2 signed certificates. The - * certificates used in this test are generated by an updated generate.sh that - * replacing MD2 with MD5 algorithm. - */ -import java.io.*; -import java.net.SocketException; -import java.util.*; -import java.security.Security; -import java.security.cert.*; -import sun.security.util.DerInputStream; - -public class CPBuilderWithMD5 { - - // SHA1withRSA 1024 - static String trustAnchor_SHA1withRSA_1024 = - "-----BEGIN CERTIFICATE-----\n" + - "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + - "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA4NTFaFw0zNDEyMDgxMTA4NTFa\n" + - "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" + - "AQUAA4GNADCBiQKBgQDn3JSHACqi/bcohVy7eFqDs3L5ehnXmF9Jrg4rMRUeNrxA\n" + - "61F8bJ9JXx4j8WyqmT0TtokgXuqGxbsXRQVVw4AdXLF2PwCs/y+Y+AwU59uDHA3J\n" + - "AMk4VvjV9MB2Ea6YzuLnbbj/TNrfxB6LZ7KBvh0fYGt2T40yMvOvilU/f6e3zQID\n" + - "AQABo4GJMIGGMB0GA1UdDgQWBBSIxINDFVm8GpUz3v+BbWNmDEKP7TBHBgNVHSME\n" + - "QDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" + - "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" + - "DQYJKoZIhvcNAQEFBQADgYEAt0mYDXTpInrGvEOylIL2gx65A/bpdz9iDQsSs5sZ\n" + - "r3m0v9zJnzR8lRqN4GbaD1vrFdkUrIoObcvXjXitnf5QqDzmc9BbIYj83Ft8QSUj\n" + - "jCMy04EGT/7ATss4SiFEu6sJpmOBjsgH6wYuobR27wl/01XOu2CXUo3OOjgAoPBs\n" + - "QoQ=\n" + - "-----END CERTIFICATE-----"; - - // SHA1withRSA 512 - static String trustAnchor_SHA1withRSA_512 = - "-----BEGIN CERTIFICATE-----\n" + - "MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + - "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA4NTFaFw0zNDEyMDgxMTA4NTFa\n" + - "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB\n" + - "BQADSwAwSAJBANLqQkOpH7rBTo/a2ccYjJxvNib/Lxm6UXO1uAd/0AUzPWzJsOpB\n" + - "u2zyD26UYc0GNyXCkWMZ44FrtSQ8VI146j8CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU\n" + - "5PVLxBY//smN31jHb/MAmCEz5NIwRwYDVR0jBEAwPoAU5PVLxBY//smN31jHb/MA\n" + - "mCEz5NKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G\n" + - "A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAzF9E\n" + - "dXYPLqziCRY45IHCUtxaLjLQmwsjEu91TV4xyuuozGEumcqH7m6Hg6Ohnd1FGfsN\n" + - "X+vt1tdaDIu9+OzGjQ==\n" + - "-----END CERTIFICATE-----"; - - // SHA1withRSA 1024 signed with RSA 1024 - static String intermediate_SHA1withRSA_1024_1024 = - "-----BEGIN CERTIFICATE-----\n" + - "MIICUDCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + - "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + - "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + - "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + - "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + - "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + - "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + - "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEw\n" + - "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + - "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADgYEA0673aIUF2k20jkpR\n" + - "4USN9UkbfX57Uazhl4n765EeAiteWnTzKztISeH1GTrCw7bSl1r07aaflsnbKOHC\n" + - "RrL2RxbxNwQARvuuCxr664vXnsGrt86xA5F2iNF22uDM/5HA5sIfBmEk5xXSLrgH\n" + - "I7jOaYqAA1b8C+4DU2Z5ZgO4LOA=\n" + - "-----END CERTIFICATE-----"; - - // SHA1withRSA 1024 signed with RSA 512 - static String intermediate_SHA1withRSA_1024_512 = - "-----BEGIN CERTIFICATE-----\n" + - "MIICDzCCAbmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + - "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + - "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + - "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + - "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + - "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + - "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + - "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBTk9UvEFj/+yY3fWMdv8wCYITPk0qEjpCEw\n" + - "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + - "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADQQAihshnF7RWZ13tUGsH\n" + - "iM4i8HmBjw2+pwW/cs0E8BcycYEy3beWMcL1Np2yfOa/7K5ZvGPhe/piwzTel+Kt\n" + - "5VLm\n" + - "-----END CERTIFICATE-----"; - - // SHA1withRSA 512 signed with RSA 1024 - static String intermediate_SHA1withRSA_512_1024 = - "-----BEGIN CERTIFICATE-----\n" + - "MIICDDCCAXWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + - "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + - "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + - "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK4h/iW3wt+ugR5ObWiFSl394UU/\n" + - "lWNm+N6UAgsBRhSzZz/Iof7xZTQI+usNXzOrTnU3+uZsMgokpjkrko1osxUCAwEA\n" + - "AaOBiTCBhjAdBgNVHQ4EFgQU88OD48Osuh7lJiLnhfMhrySqW8QwRwYDVR0jBEAw\n" + - "PoAUiMSDQxVZvBqVM97/gW1jZgxCj+2hI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + - "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" + - "CSqGSIb3DQEBBQUAA4GBAAHN8XUTT6asa1MvpfqAvKTH6tNrMOmzoFsUamPxSrUB\n" + - "tnBv/fa/E9+1QvQwl3g6luVXBkQf2/nVD0195IdkEuD/C6psuGKerXmiaRMv5Wcs\n" + - "B+8bTzhNxMzHKPZDJ8Tf/RD3XpPvtxw0T+I5xud68FH/WDhJtu7TiXPAhs7srtHt\n" + - "-----END CERTIFICATE-----"; - - // SHA1withRSA 512 signed with RSA 512 - static String intermediate_SHA1withRSA_512_512 = - "-----BEGIN CERTIFICATE-----\n" + - "MIIByzCCAXWgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + - "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + - "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + - "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK4h/iW3wt+ugR5ObWiFSl394UU/\n" + - "lWNm+N6UAgsBRhSzZz/Iof7xZTQI+usNXzOrTnU3+uZsMgokpjkrko1osxUCAwEA\n" + - "AaOBiTCBhjAdBgNVHQ4EFgQU88OD48Osuh7lJiLnhfMhrySqW8QwRwYDVR0jBEAw\n" + - "PoAU5PVLxBY//smN31jHb/MAmCEz5NKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + - "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" + - "CSqGSIb3DQEBBQUAA0EASLN+1/pfo+9ty5EaYkoPu4QeYGr+5wmXyDceiaED/Lok\n" + - "RdV0ZH0qwD4kiarlJssNOgMCk+2EzgvXcIhEMDa5hA==\n" + - "-----END CERTIFICATE-----"; - - // MD5withRSA 1024 signed with RSA 1024 - static String intermediate_MD5withRSA_1024_1024 = - "-----BEGIN CERTIFICATE-----\n" + - "MIICUDCCAbmgAwIBAgIBBzANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" + - "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + - "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + - "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + - "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + - "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + - "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + - "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEw\n" + - "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + - "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEEBQADgYEAerx2je3FBVn2eoPs\n" + - "nTzLKILezqCTCO7mXWiyBidRhh4RGdM8JggMN5SRmuwRurxfYFgPfqmAenWtEFqO\n" + - "xZrTXQUvIrrEgpzqkfppFnkCh4kDsX4roD5Nho3J4MTBQkqE0r676Yq6Rp6cywCq\n" + - "CHQQztRGY7n/ZYRNJ3uzvuoT1tk=\n" + - "-----END CERTIFICATE-----"; - - // MD5withRSA 1024 signed with RSA 512 - static String intermediate_MD5withRSA_1024_512 = - "-----BEGIN CERTIFICATE-----\n" + - "MIICDzCCAbmgAwIBAgIBCDANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" + - "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MTBaFw0zMzA5MTQxMTA5MTBa\n" + - "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + - "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + - "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + - "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + - "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + - "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBTk9UvEFj/+yY3fWMdv8wCYITPk0qEjpCEw\n" + - "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + - "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEEBQADQQA3XGQPNin8cDIsJ4vx\n" + - "tTxUO6XVJoWOdTsjwzlMrPmLvjJNZeXLtQe3pQu0vjgyUpQ59VYLW3qKN/LF3UH0\n" + - "Ep7V\n" + - "-----END CERTIFICATE-----"; - - // SHA1withRSA 1024 signed with RSA 1024 - static String endentiry_SHA1withRSA_1024_1024 = - "-----BEGIN CERTIFICATE-----\n" + - "MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + - "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + - "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + - "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + - "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + - "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + - "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + - "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + - "8e7JW1tPUDAfBgNVHSMEGDAWgBQIsaDZL94kLug/A1N4EkNOA4z47DANBgkqhkiG\n" + - "9w0BAQUFAAOBgQB2RkWHOaL4WTOGoeTS4J4o9FW+4UXihbocdI/64rMExERjDkE/\n" + - "Jh31TEmatnP1gPrF1AfmqQPubqVSbRtCHrZF+Ilk6L6YeyRNzKvsLiMUtgrLYLas\n" + - "Vop0DFZxR02xHgaJdoJkcWBjNadb9zG7eZtt8OOOJ4lRwg02aLTy+WDqPA==\n" + - "-----END CERTIFICATE-----"; - - // SHA1withRSA 1024 signed with RSA 512 - static String endentiry_SHA1withRSA_1024_512 = - "-----BEGIN CERTIFICATE-----\n" + - "MIIB9jCCAaCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + - "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + - "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + - "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + - "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + - "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + - "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + - "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + - "8e7JW1tPUDAfBgNVHSMEGDAWgBTzw4Pjw6y6HuUmIueF8yGvJKpbxDANBgkqhkiG\n" + - "9w0BAQUFAANBAIapvjECUm4YD4O99G0v2SM17cKQzjZtSWkScS7FSk4sxS+dP3hM\n" + - "Qb2UpoRl6CGynhOVVy2G/VJN8BEqOfywj8k=\n" + - "-----END CERTIFICATE-----"; - - // SHA1withRSA 512 signed with RSA 1024 - static String endentiry_SHA1withRSA_512_1024 = - "-----BEGIN CERTIFICATE-----\n" + - "MIIB8zCCAVygAwIBAgIBBDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + - "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + - "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + - "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" + - "DQEBAQUAA0sAMEgCQQCngiNTE+qngHcfj2jUpdc82gCw+TFRjR7oMSdp7b/3NwpD\n" + - "E+11z9WspoXTDzvbKcGUH9svFl691NyY0ZUmf+4RAgMBAAGjTzBNMAsGA1UdDwQE\n" + - "AwID6DAdBgNVHQ4EFgQUK+oVsFTQbz08evgQZ5Sd82c2y4UwHwYDVR0jBBgwFoAU\n" + - "CLGg2S/eJC7oPwNTeBJDTgOM+OwwDQYJKoZIhvcNAQEFBQADgYEAMd/8XnjRz5jK\n" + - "nbss9DDQQC2mUuCbV/tGdke7eQ1DtBVZLBU6wDgisGr52sUXmyZIPmSVKpQqwCG5\n" + - "8cY5uQhaNwPtPmMMKXzX32zN9NhVkiDNceL+zHs3vdjD1i/QiUTST+NKfLYVb6dF\n" + - "YMG65lxe3gMVxMweiHSZSukmk1k3gUA=\n" + - "-----END CERTIFICATE-----"; - - // SHA1withRSA 512 signed with RSA 512 - static String endentiry_SHA1withRSA_512_512 = - "-----BEGIN CERTIFICATE-----\n" + - "MIIBsjCCAVygAwIBAgIBBTANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + - "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + - "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + - "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" + - "DQEBAQUAA0sAMEgCQQCngiNTE+qngHcfj2jUpdc82gCw+TFRjR7oMSdp7b/3NwpD\n" + - "E+11z9WspoXTDzvbKcGUH9svFl691NyY0ZUmf+4RAgMBAAGjTzBNMAsGA1UdDwQE\n" + - "AwID6DAdBgNVHQ4EFgQUK+oVsFTQbz08evgQZ5Sd82c2y4UwHwYDVR0jBBgwFoAU\n" + - "88OD48Osuh7lJiLnhfMhrySqW8QwDQYJKoZIhvcNAQEFBQADQQB4xFWtC6ijDBIe\n" + - "/Gkf3B9+ycmP52pTPNiPwMS6u1a5vTRXMn5xRDexWfxJKJVZ2s9UR1jheZvWgPC8\n" + - "VUWO8bbG\n" + - "-----END CERTIFICATE-----"; - - // MD5withRSA 1024 signed with RSA 1024 - static String endentiry_MD5withRSA_1024_1024 = - "-----BEGIN CERTIFICATE-----\n" + - "MIICNzCCAaCgAwIBAgIBBjANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJVUzEQ\n" + - "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + - "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + - "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + - "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + - "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + - "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + - "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + - "8e7JW1tPUDAfBgNVHSMEGDAWgBQIsaDZL94kLug/A1N4EkNOA4z47DANBgkqhkiG\n" + - "9w0BAQQFAAOBgQBCVn9/JQxsRTaKIKSrgB+KtEreat+33k3SXuJICuRxcmvjOXIx\n" + - "wSdq+mRCA+DpIPSNtgnDAUyipnyxRxpdmRRUHuRYpkALq4a5QtTJK0Y/CEMfsd2J\n" + - "Yd2zKcfynDLW6LVeNdtjlY7fTemJnbA/WImNhwyW55V9vbnk3J04EZN8jw==\n" + - "-----END CERTIFICATE-----"; - - // MD5withRSA 1024 signed with RSA 512 - static String endentiry_MD5withRSA_1024_512 = - "-----BEGIN CERTIFICATE-----\n" + - "MIIB9jCCAaCgAwIBAgIBBzANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJVUzEQ\n" + - "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + - "MTNaFw0zMzA5MTQxMTA5MTNaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + - "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + - "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + - "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + - "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + - "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + - "8e7JW1tPUDAfBgNVHSMEGDAWgBTzw4Pjw6y6HuUmIueF8yGvJKpbxDANBgkqhkiG\n" + - "9w0BAQQFAANBAAbZwmkqb6sfiiIxuLnj6PjhJsXGfvPomkkbLu5CapAMhen/p6ZG\n" + - "6vh69TbIsBR9UHu7qDyTl5Xax7bmYeW+sDQ=\n" + - "-----END CERTIFICATE-----"; - - static HashMap<String, String> certmap = new HashMap<String, String>(); - static { - certmap.put("trustAnchor_SHA1withRSA_1024", - trustAnchor_SHA1withRSA_1024); - certmap.put("trustAnchor_SHA1withRSA_512", - trustAnchor_SHA1withRSA_512); - certmap.put("intermediate_SHA1withRSA_1024_1024", - intermediate_SHA1withRSA_1024_1024); - certmap.put("intermediate_SHA1withRSA_1024_512", - intermediate_SHA1withRSA_1024_512); - certmap.put("intermediate_SHA1withRSA_512_1024", - intermediate_SHA1withRSA_512_1024); - certmap.put("intermediate_SHA1withRSA_512_512", - intermediate_SHA1withRSA_512_512); - certmap.put("intermediate_MD5withRSA_1024_1024", - intermediate_MD5withRSA_1024_1024); - certmap.put("intermediate_MD5withRSA_1024_512", - intermediate_MD5withRSA_1024_512); - certmap.put("endentiry_SHA1withRSA_1024_1024", - endentiry_SHA1withRSA_1024_1024); - certmap.put("endentiry_SHA1withRSA_1024_512", - endentiry_SHA1withRSA_1024_512); - certmap.put("endentiry_SHA1withRSA_512_1024", - endentiry_SHA1withRSA_512_1024); - certmap.put("endentiry_SHA1withRSA_512_512", - endentiry_SHA1withRSA_512_512); - certmap.put("endentiry_MD5withRSA_1024_1024", - endentiry_MD5withRSA_1024_1024); - certmap.put("endentiry_MD5withRSA_1024_512", - endentiry_MD5withRSA_1024_512); - } - - private static Set<TrustAnchor> generateTrustAnchors() - throws CertificateException { - // generate certificate from cert string - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - HashSet<TrustAnchor> anchors = new HashSet<TrustAnchor>(); - - ByteArrayInputStream is = - new ByteArrayInputStream(trustAnchor_SHA1withRSA_1024.getBytes()); - Certificate cert = cf.generateCertificate(is); - TrustAnchor anchor = new TrustAnchor((X509Certificate)cert, null); - anchors.add(anchor); - - is = new ByteArrayInputStream(trustAnchor_SHA1withRSA_512.getBytes()); - cert = cf.generateCertificate(is); - anchor = new TrustAnchor((X509Certificate)cert, null); - anchors.add(anchor); - - return anchors; - } - - private static CertStore generateCertificateStore() throws Exception { - Collection entries = new HashSet(); - - // generate certificate from certificate string - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - - for (String key : certmap.keySet()) { - String certStr = certmap.get(key); - ByteArrayInputStream is = - new ByteArrayInputStream(certStr.getBytes());; - Certificate cert = cf.generateCertificate(is); - entries.add(cert); - } - - return CertStore.getInstance("Collection", - new CollectionCertStoreParameters(entries)); - } - - private static X509CertSelector generateSelector(String name) - throws Exception { - X509CertSelector selector = new X509CertSelector(); - - String certStr = certmap.get(name); - if (certStr == null) { - return null; - } - - // generate certificate from certificate string - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes()); - X509Certificate target = (X509Certificate)cf.generateCertificate(is); - - selector.setCertificate(target); - - return selector; - } - - private static boolean match(String name, Certificate cert) - throws Exception { - X509CertSelector selector = new X509CertSelector(); - - String certStr = certmap.get(name); - if (certStr == null) { - return false; - } - - // generate certificate from certificate string - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes()); - X509Certificate target = (X509Certificate)cf.generateCertificate(is); - - return target.equals(cert); - } - - public static void main(String args[]) throws Exception { - CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); - - X509CertSelector selector = generateSelector(args[0]); - if (selector == null) { - // no target certificate, ignore it - return; - } - - Set<TrustAnchor> anchors = generateTrustAnchors(); - CertStore certs = generateCertificateStore(); - - PKIXBuilderParameters params = - new PKIXBuilderParameters(anchors, selector); - params.addCertStore(certs); - params.setRevocationEnabled(false); - params.setDate(new Date(114, 9, 1)); // 2014-09-01 - - boolean success = Boolean.valueOf(args[2]); - try { - PKIXCertPathBuilderResult result = - (PKIXCertPathBuilderResult)builder.build(params); - if (!success) { - throw new Exception("expected algorithm disabled exception"); - } - - int length = Integer.parseInt(args[1]); - List<? extends Certificate> path = - result.getCertPath().getCertificates(); - if (length != path.size()) { - throw new Exception("unexpected certification path length"); - } - - if (!path.isEmpty()) { // the target is not a trust anchor - if (!match(args[0], path.get(0))) { - throw new Exception("unexpected certificate"); - } - } - } catch (CertPathBuilderException cpbe) { - if (success) { - throw new Exception("unexpected exception", cpbe); - } else { - System.out.println("Get the expected exception " + cpbe); - } - } - } - -}
--- a/test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,23 +21,15 @@ * questions. */ -// -// Security properties, once set, cannot revert to unset. To avoid -// conflicts with tests running in the same VM isolate this test by -// running it in otherVM mode. -// - /* * @test * @bug 7167988 * @summary PKIX CertPathBuilder in reverse mode doesn't work if more than * one trust anchor is specified - * @run main/othervm ReverseBuild */ import java.io.*; import java.util.*; import java.security.cert.*; -import java.security.Security; import sun.security.provider.certpath.SunCertPathBuilderParameters; @@ -287,9 +279,6 @@ public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); // generate certificate from cert string CertificateFactory cf = CertificateFactory.getInstance("X.509");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/MD2InTrustAnchor.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/MD2InTrustAnchor.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,15 +23,13 @@ * questions. */ -// -// SunJSSE does not support dynamic system properties, no way to re-use -// system properties in samevm/agentvm mode. -// - /* * @test * @bug 7113275 * @summary compatibility issue with MD2 trust anchor and old X509TrustManager + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. * @run main/othervm MD2InTrustAnchor PKIX TLSv1.1 * @run main/othervm MD2InTrustAnchor SunX509 TLSv1.1 * @run main/othervm MD2InTrustAnchor PKIX TLSv1.2 @@ -42,7 +40,6 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; -import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -286,10 +283,6 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,15 +23,13 @@ * questions. */ -// -// SunJSSE does not support dynamic system properties, no way to re-use -// system properties in samevm/agentvm mode. -// - /* * @test * @bug 7113275 * @summary compatibility issue with MD2 trust anchor and old X509TrustManager + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. * @run main/othervm TrustTrustedCert PKIX TLSv1.1 * @run main/othervm TrustTrustedCert SunX509 TLSv1.1 * @run main/othervm TrustTrustedCert PKIX TLSv1.2 @@ -338,10 +336,6 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509KeyManager/PreferredKey.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509KeyManager/PreferredKey.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,18 +21,11 @@ * questions. */ -// -// Security properties, once set, cannot revert to unset. To avoid -// conflicts with tests running in the same VM isolate this test by -// running it in otherVM mode. -// - /* * @test * @bug 6302644 * @summary X509KeyManager implementation for NewSunX509 doesn't return most * preferable key - * @run main/othervm PreferredKey */ import java.io.*; import java.net.*; @@ -56,10 +49,6 @@ public static void main(String[] args) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - KeyStore ks; KeyManagerFactory kmf; X509KeyManager km;
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,16 +21,14 @@ * questions. */ -// -// SunJSSE does not support dynamic system properties, no way to re-use -// system properties in samevm/agentvm mode. -// - /* * @test * @bug 7166570 * @summary JSSE certificate validation has started to fail for * certificate chains + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. * @run main/othervm BasicConstraints PKIX * @run main/othervm BasicConstraints SunX509 */ @@ -39,7 +37,6 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; -import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.*; @@ -457,10 +454,6 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,23 +21,21 @@ * questions. */ -// -// SunJSSE does not support dynamic system properties, no way to re-use -// system properties in samevm/agentvm mode. -// /* * @test * @bug 6916074 * @summary Add support for TLS 1.2 * @run main/othervm PKIXExtendedTM + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. */ import java.net.*; import java.util.*; import java.io.*; import javax.net.ssl.*; -import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -793,10 +791,6 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,17 +21,15 @@ * questions. */ -// -// SunJSSE does not support dynamic system properties, no way to re-use -// system properties in samevm/agentvm mode. -// - /* * @test * @bug 6822460 * @summary support self-issued certificate * @run main/othervm SelfIssuedCert PKIX * @run main/othervm SelfIssuedCert SunX509 + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -39,7 +37,6 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; -import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -305,10 +302,6 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,23 +21,20 @@ * questions. */ -// -// SunJSSE does not support dynamic system properties, no way to re-use -// system properties in samevm/agentvm mode. -// - /* * @test * @bug 6916074 * @summary Add support for TLS 1.2 * @run main/othervm SunX509ExtendedTM + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. */ import java.net.*; import java.util.*; import java.io.*; import javax.net.ssl.*; -import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -795,10 +792,6 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,21 +21,18 @@ * questions. */ -// -// SunJSSE does not support dynamic system properties, no way to re-use -// system properties in samevm/agentvm mode. -// - /* * @test * @bug 6668231 * @summary Presence of a critical subjectAltName causes JSSE's SunX509 to * fail trusted checks * @run main/othervm CriticalSubjectAltName + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. + * * @author Xuelei Fan - */ - -/* + * * This test depends on binary keystore, crisubn.jks and trusted.jks. Because * JAVA keytool cannot generate X509 certificate with SubjectAltName extension, * the certificates are generated with openssl toolkits and then imported into @@ -50,7 +47,6 @@ import java.io.*; import java.net.*; import javax.net.ssl.*; -import java.security.Security; import java.security.cert.Certificate; public class CriticalSubjectAltName implements HostnameVerifier { @@ -158,10 +154,6 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + "/" + keyStoreFile;
--- a/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketSNISensitive.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketSNISensitive.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -44,7 +44,6 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; -import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -432,10 +431,6 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,16 +23,15 @@ * questions. */ -// -// SunJSSE does not support dynamic system properties, no way to re-use -// system properties in samevm/agentvm mode. -// - /* * @test * @bug 4873188 * @summary Support TLS 1.1 * @run main/othervm EmptyCertificateAuthorities + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. + * * @author Xuelei Fan */ @@ -229,10 +228,6 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + "/" + keyStoreFile;
--- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,15 +21,13 @@ * questions. */ -// -// SunJSSE does not support dynamic system properties, no way to re-use -// system properties in samevm/agentvm mode. -// - /* @test * @bug 6766775 * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 * @run main/othervm DNSIdentities + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -37,7 +35,6 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; -import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -746,10 +743,6 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,15 +21,13 @@ * questions. */ -// -// SunJSSE does not support dynamic system properties, no way to re-use -// system properties in samevm/agentvm mode. -// - /* @test * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 * @bug 6766775 * @run main/othervm IPAddressIPIdentities + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -37,7 +35,6 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; -import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -747,10 +744,6 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,15 +21,13 @@ * questions. */ -// -// SunJSSE does not support dynamic system properties, no way to re-use -// system properties in samevm/agentvm mode. -// - /* @test * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 * @bug 6766775 * @run main/othervm IPIdentities + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -37,7 +35,6 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; -import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -746,10 +743,6 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java Mon Sep 28 15:06:22 2015 -0700 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java Tue Oct 06 12:14:45 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,15 +21,13 @@ * questions. */ -// -// SunJSSE does not support dynamic system properties, no way to re-use -// system properties in samevm/agentvm mode. -// - /* @test * @bug 6766775 * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 * @run main/othervm Identities + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -37,7 +35,6 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; -import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -746,10 +743,6 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - if (debug) System.setProperty("javax.net.debug", "all");