Mercurial > hg > jdk9-shenandoah > jdk
changeset 12740:e77968f864eb
Merge
| author | amurillo |
|---|---|
| date | Tue, 15 Sep 2015 07:47:44 -0700 |
| parents | 7ecf45f5fa46 (current diff) afc55db01c8e (diff) |
| children | 27dfaac11928 |
| files | make/src/native/add_gnu_debuglink/add_gnu_debuglink.c make/src/native/fix_empty_sec_hdr_flags/fix_empty_sec_hdr_flags.c |
| diffstat | 27 files changed, 1594 insertions(+), 663 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgtags Thu Sep 10 14:55:20 2015 -0700 +++ b/.hgtags Tue Sep 15 07:47:44 2015 -0700 @@ -323,3 +323,4 @@ 0940ce86c614458f5bdd72278b190abbf36b7b45 jdk9-b78 d99c2ffdd0f15753e69126583688f2f075a0a5e8 jdk9-b79 4947810137ae53abba3028cc366af953d90fa81a jdk9-b80 +fdc13a2d32867ca3c57b7fa2620c6b59c83168cb jdk9-b81
--- a/make/Tools.gmk Thu Sep 10 14:55:20 2015 -0700 +++ b/make/Tools.gmk Tue Sep 15 07:47:44 2015 -0700 @@ -159,28 +159,6 @@ ########################################################################################## -# Tools needed on solaris because OBJCOPY is broken. - -ifeq ($(OPENJDK_TARGET_OS), solaris) - $(eval $(call SetupNativeCompilation,ADD_GNU_DEBUGLINK, \ - SRC := $(JDK_TOPDIR)/make/src/native/add_gnu_debuglink, \ - TOOLCHAIN := TOOLCHAIN_BUILD, \ - LDFLAGS := -lelf, \ - OBJECT_DIR := $(BUILDTOOLS_OUTPUTDIR)/objs/add_gnu_debuglink, \ - OUTPUT_DIR := $(BUILDTOOLS_OUTPUTDIR)/bin, \ - PROGRAM := add_gnu_debuglink)) - - $(eval $(call SetupNativeCompilation,FIX_EMPTY_SEC_HDR_FLAGS, \ - SRC := $(JDK_TOPDIR)/make/src/native/fix_empty_sec_hdr_flags, \ - TOOLCHAIN := TOOLCHAIN_BUILD, \ - LDFLAGS := -lelf, \ - OBJECT_DIR := $(BUILDTOOLS_OUTPUTDIR)/objs/fix_empty_sec_hdr_flags, \ - OUTPUT_DIR := $(BUILDTOOLS_OUTPUTDIR)/bin, \ - PROGRAM := fix_empty_sec_hdr_flags)) - - BUILD_TOOLS_JDK += $(ADD_GNU_DEBUGLINK) $(FIX_EMPTY_SEC_HDR_FLAGS) -endif - $(BUILD_TOOLS_JDK): $(BUILD_INTERIM_JIMAGE) $(COPY_JIMAGE_SERVICE_PROVIDER) java-tools: $(BUILD_TOOLS_JDK)
--- a/make/launcher/LauncherCommon.gmk Thu Sep 10 14:55:20 2015 -0700 +++ b/make/launcher/LauncherCommon.gmk Tue Sep 15 07:47:44 2015 -0700 @@ -28,9 +28,6 @@ # Prepare the find cache. $(eval $(call FillCacheFind, $(JDK_TOPDIR)/src/java.base/share/native/launcher)) -# Build tools -include Tools.gmk - # When building a legacy overlay image (on solaris 64 bit), the launchers # need to be built with a different rpath and a different output dir. ifeq ($(OVERLAY_IMAGES), true)
--- a/make/lib/LibCommon.gmk Thu Sep 10 14:55:20 2015 -0700 +++ b/make/lib/LibCommon.gmk Tue Sep 15 07:47:44 2015 -0700 @@ -27,9 +27,6 @@ include MakeBase.gmk include NativeCompilation.gmk -# Build tools -include Tools.gmk - GLOBAL_VERSION_INFO_RESOURCE := $(JDK_TOPDIR)/src/java.base/windows/native/common/version.rc # Absolute paths to lib files on windows for use in LDFLAGS. Should figure out a more
--- a/make/src/classes/build/tools/cldrconverter/ResourceBundleGenerator.java Thu Sep 10 14:55:20 2015 -0700 +++ b/make/src/classes/build/tools/cldrconverter/ResourceBundleGenerator.java Tue Sep 15 07:47:44 2015 -0700 @@ -266,22 +266,47 @@ out.println((CLDRConverter.isBaseModule ? "package sun.util.cldr;\n\n" : "package sun.util.resources.cldr.provider;\n\n") + "import java.util.HashMap;\n" + + "import java.util.Locale;\n" + "import java.util.Map;\n" - + "import java.util.ListResourceBundle;\n" + "import sun.util.locale.provider.LocaleProviderAdapter;\n" + "import sun.util.locale.provider.LocaleDataMetaInfo;\n"); - out.printf("public class %s extends ListResourceBundle implements LocaleDataMetaInfo {\n", className); - out.println(" @Override\n" + - " protected final Object[][] getContents() {\n" + - " final Object[][] data = new Object[][] {"); + out.printf("public class %s implements LocaleDataMetaInfo {\n", className); + out.println(" private static final Map<String, String> resourceNameToLocales = new HashMap<>();\n" + + (CLDRConverter.isBaseModule ? + " private static final Map<Locale, String[]> parentLocalesMap = new HashMap<>();\n\n" : "\n") + + " static {\n"); + for (String key : metaInfo.keySet()) { - out.printf(" { \"%s\",\n", key); - out.printf(" \"%s\" },\n", + if (key.startsWith(CLDRConverter.PARENT_LOCALE_PREFIX)) { + String parentTag = key.substring(CLDRConverter.PARENT_LOCALE_PREFIX.length()); + if ("root".equals(parentTag)) { + out.printf(" parentLocalesMap.put(Locale.ROOT,\n"); + } else { + out.printf(" parentLocalesMap.put(Locale.forLanguageTag(\"%s\"),\n", + parentTag); + } + String[] childlen = toLocaleList(metaInfo.get(key), true).split(" "); + out.printf(" new String[] {\n" + + " "); + int count = 0; + for (int i = 0; i < childlen.length; i++) { + String child = childlen[i]; + out.printf("\"%s\", ", child); + count += child.length() + 4; + if (i != childlen.length - 1 && count > 64) { + out.printf("\n "); + count = 0; + } + } + out.printf("\n });\n"); + } else { + out.printf(" resourceNameToLocales.put(\"%s\",\n", key); + out.printf(" \"%s\");\n", toLocaleList(key.equals("FormatData") ? metaInfo.get("AvailableLocales") : - metaInfo.get(key), - key.startsWith(CLDRConverter.PARENT_LOCALE_PREFIX))); + metaInfo.get(key), false)); + } } - out.println(" };\n return data;\n }\n\n"); + out.println(" }\n\n"); out.println(" @Override\n" + " public LocaleProviderAdapter.Type getType() {\n" + @@ -290,19 +315,13 @@ out.println(" @Override\n" + " public String availableLanguageTags(String category) {\n" + - " return getString(category);\n" + - " };\n\n"); + " return resourceNameToLocales.getOrDefault(category, \"\");\n" + + " }\n\n"); if (CLDRConverter.isBaseModule) { - out.printf(" public Map<String, String> parentLocales() {\n" + - " Map<String, String> ret = new HashMap<>();\n" + - " keySet().stream()\n" + - " .filter(key -> key.startsWith(\"%s\"))\n" + - " .forEach(key -> ret.put(key.substring(%d), getString(key)));\n" + - " return ret.isEmpty() ? null : ret;\n" + - " };\n}", - CLDRConverter.PARENT_LOCALE_PREFIX, - CLDRConverter.PARENT_LOCALE_PREFIX.length()); + out.printf(" public Map<Locale, String[]> parentLocales() {\n" + + " return parentLocalesMap;\n" + + " }\n}"); } else { out.println("}"); }
--- a/make/src/native/add_gnu_debuglink/add_gnu_debuglink.c Thu Sep 10 14:55:20 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,285 +0,0 @@ -/* - * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - * - */ - -/* - * Name: add_gnu_debuglink.c - * - * Description: Add a ".gnu_debuglink" section that refers to the specified - * debug_info_path to the specified ELF object. - * - * This program is adapted from the example program shown on the - * elf(3elf) man page and from code from the Solaris compiler - * driver. - */ - -/* - * needed to define SHF_EXCLUDE - */ -#define ELF_TARGET_ALL - -#include <fcntl.h> -#include <stdio.h> -#include <libelf.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -static void failure(void); -static unsigned int gnu_debuglink_crc32(unsigned int crc, unsigned char *buf, - size_t len); - -void -main(int argc, char ** argv) { - /* new ELF section name */ - static char SEC_NAME[] = ".gnu_debuglink"; - - unsigned char buffer[8 * 1024]; /* I/O buffer */ - int buffer_len; /* buffer length */ - char * debug_info_path; /* debug info path */ - void * ehdr; /* ELF header */ - Elf * elf; /* ELF descriptor */ - char * elf_ident; /* ELF identity string */ - char * elf_obj; /* elf_obj file */ - int fd; /* descriptor for files */ - unsigned int file_crc = 0; /* CRC for debug info file */ - int is_elfclass64; /* is an ELFCLASS64 file? */ - Elf_Data * link_dat; /* ELF data for new debug info link */ - Elf_Data * name_dat; /* ELF data for new section name */ - Elf_Scn * new_scn; /* new ELF section descriptor */ - void * new_shdr; /* new ELF section header */ - Elf_Scn * scn; /* ELF section descriptor */ - void * shdr; /* ELF section header */ - - if (argc != 3) { - (void) fprintf(stderr, "Usage: %s debug_info_path elf_obj\n", argv[0]); - exit(2); - } - - debug_info_path = argv[1]; /* save for later */ - if ((fd = open(debug_info_path, O_RDONLY)) == -1) { - (void) fprintf(stderr, "%s: cannot open file.\n", debug_info_path); - exit(3); - } - - (void) printf("Computing CRC for '%s'\n", debug_info_path); - (void) fflush(stdout); - /* compute CRC for the debug info file */ - for (;;) { - int len = read(fd, buffer, sizeof buffer); - if (len <= 0) { - break; - } - file_crc = gnu_debuglink_crc32(file_crc, buffer, len); - } - (void) close(fd); - - /* open the elf_obj */ - elf_obj = argv[2]; - if ((fd = open(elf_obj, O_RDWR)) == -1) { - (void) fprintf(stderr, "%s: cannot open file.\n", elf_obj); - exit(4); - } - - (void) printf("Opening '%s' for update\n", elf_obj); - (void) fflush(stdout); - (void) elf_version(EV_CURRENT); /* coordinate ELF versions */ - - /* obtain the ELF descriptors from the input file */ - if ((elf = elf_begin(fd, ELF_C_RDWR, NULL)) == NULL) { - failure(); - } - - /* determine if ELFCLASS64 or not? */ - elf_ident = elf_getident(elf, NULL); - is_elfclass64 = (elf_ident[EI_CLASS] == ELFCLASS64); - - /* get the ELF header */ - if (is_elfclass64) { - ehdr = elf64_getehdr(elf); - } else { - ehdr = elf32_getehdr(elf); - } - if (ehdr == NULL) { - failure(); - } - - /* get the ELF section descriptor */ - if (is_elfclass64) { - scn = elf_getscn(elf, ((Elf64_Ehdr *) ehdr)->e_shstrndx); - } else { - scn = elf_getscn(elf, ((Elf32_Ehdr *) ehdr)->e_shstrndx); - } - if (scn == NULL) { - failure(); - } - - /* get the section header */ - if (is_elfclass64) { - shdr = elf64_getshdr(scn); - } else { - shdr = elf32_getshdr(scn); - } - if (shdr == NULL) { - failure(); - } - - (void) printf("Adding ELF data for new section name\n"); - (void) fflush(stdout); - name_dat = elf_newdata(scn); - name_dat->d_buf = (void *) SEC_NAME; - if (is_elfclass64) { - name_dat->d_off = ((Elf64_Shdr *) shdr)->sh_size + 1; - } else { - name_dat->d_off = ((Elf32_Shdr *) shdr)->sh_size + 1; - } - name_dat->d_align = 1; - name_dat->d_size = strlen(SEC_NAME) + 1; - - new_scn = elf_newscn(elf); - - if (is_elfclass64) { - new_shdr = elf64_getshdr(new_scn); - ((Elf64_Shdr *) new_shdr)->sh_flags = SHF_EXCLUDE; - ((Elf64_Shdr *) new_shdr)->sh_type = SHT_PROGBITS; - ((Elf64_Shdr *) new_shdr)->sh_name = ((Elf64_Shdr *) shdr)->sh_size; - ((Elf64_Shdr *) new_shdr)->sh_addralign = 1; - ((Elf64_Shdr *) shdr)->sh_size += (strlen(SEC_NAME) + 1); - } else { - new_shdr = elf32_getshdr(new_scn); - ((Elf32_Shdr *) new_shdr)->sh_flags = SHF_EXCLUDE; - ((Elf32_Shdr *) new_shdr)->sh_type = SHT_PROGBITS; - ((Elf32_Shdr *) new_shdr)->sh_name = ((Elf32_Shdr *) shdr)->sh_size; - ((Elf32_Shdr *) new_shdr)->sh_addralign = 1; - ((Elf32_Shdr *) shdr)->sh_size += (strlen(SEC_NAME) + 1); - } - - (void) printf("Adding ELF data for debug_info_path value\n"); - (void) fflush(stdout); - (void) memset(buffer, 0, sizeof buffer); - buffer_len = strlen(debug_info_path) + 1; /* +1 for NUL */ - (void) strncpy((char *) buffer, debug_info_path, buffer_len); - if (buffer_len % 4 != 0) { - /* not on a 4 byte boundary so pad to the next one */ - buffer_len += (4 - buffer_len % 4); - } - /* save the CRC */ - (void) memcpy(&buffer[buffer_len], &file_crc, sizeof file_crc); - buffer_len += sizeof file_crc; - - link_dat = elf_newdata(new_scn); - link_dat->d_type = ELF_T_BYTE; - link_dat->d_size = buffer_len; - link_dat->d_buf = buffer; - link_dat->d_align = 1; - - (void) printf("Saving updates to '%s'\n", elf_obj); - (void) fflush(stdout); - (void) elf_update(elf, ELF_C_NULL); /* recalc ELF memory structures */ - (void) elf_update(elf, ELF_C_WRITE); /* write out changes to ELF obj */ - (void) elf_end(elf); /* done with ELF obj */ - (void) close(fd); - - (void) printf("Done updating '%s'\n", elf_obj); - (void) fflush(stdout); - exit(0); -} /* end main */ - - -static void -failure() { - (void) fprintf(stderr, "%s\n", elf_errmsg(elf_errno())); - exit(5); -} - - -/* - * The CRC used in gnu_debuglink, retrieved from - * http://sourceware.org/gdb/current/onlinedocs/gdb/Separate-Debug-Files.html#Separate-Debug-Files. - */ - -static unsigned int -gnu_debuglink_crc32(unsigned int crc, unsigned char *buf, size_t len) { - static const unsigned int crc32_table[256] = { - 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, - 0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, - 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, - 0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, - 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856, - 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, - 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, - 0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, - 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, - 0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a, - 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599, - 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, - 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, - 0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, - 0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, 0x9609a88e, - 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, - 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed, - 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, - 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, - 0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, - 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, - 0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5, - 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010, - 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, - 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, - 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, - 0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615, - 0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, - 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344, - 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, - 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, - 0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, - 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, - 0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c, - 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef, - 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, - 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, - 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, - 0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c, - 0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, - 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b, - 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, - 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, - 0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, - 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 0xa00ae278, - 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7, - 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66, - 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, - 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, - 0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, - 0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, - 0x2d02ef8d - }; - - unsigned char *end; - - crc = ~crc & 0xffffffff; - for (end = buf + len; buf < end; ++buf) { - crc = crc32_table[(crc ^ *buf) & 0xff] ^ (crc >> 8); - } - return ~crc & 0xffffffff; -}
--- a/make/src/native/fix_empty_sec_hdr_flags/fix_empty_sec_hdr_flags.c Thu Sep 10 14:55:20 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,181 +0,0 @@ -/* - * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - * - */ - -/* - * Name: fix_empty_sec_hdr_flags.c - * - * Description: Remove the SHF_ALLOC flag from "empty" section headers. - * An "empty" section header has sh_addr == 0 and sh_size == 0. - * - * This program is adapted from the example program shown on the - * elf(3elf) man page and from code from the Solaris compiler - * driver. - */ - -#include <fcntl.h> -#include <stdio.h> -#include <libelf.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -static void failure(void); - -void -main(int argc, char ** argv) { - void * ehdr; /* ELF header */ - unsigned int i; /* section counter */ - int fd; /* descriptor for file */ - Elf * elf; /* ELF descriptor */ - char * elf_ident; /* ELF identity string */ - char * elf_obj; /* elf_obj file */ - int fix_count; /* number of flags fixed */ - int is_elfclass64; /* is an ELFCLASS64 file? */ - Elf_Scn * scn; /* ELF section descriptor */ - void * shdr; /* ELF section header */ - Elf_Data * shstrtab; /* ELF section header string table */ - - if (argc != 2) { - (void) fprintf(stderr, "Usage: %s elf_obj\n", argv[0]); - exit(2); - } - - /* open the elf_obj */ - elf_obj = argv[1]; - if ((fd = open(elf_obj, O_RDWR)) == -1) { - (void) fprintf(stderr, "%s: cannot open file.\n", elf_obj); - exit(3); - } - - (void) printf("Opening '%s' for update\n", elf_obj); - (void) fflush(stdout); - (void) elf_version(EV_CURRENT); /* coordinate ELF versions */ - - /* obtain the ELF descriptors from the input file */ - if ((elf = elf_begin(fd, ELF_C_RDWR, NULL)) == NULL) { - failure(); - } - - /* determine if ELFCLASS64 or not? */ - elf_ident = elf_getident(elf, NULL); - is_elfclass64 = (elf_ident[EI_CLASS] == ELFCLASS64); - - /* get the ELF header */ - if (is_elfclass64) { - ehdr = elf64_getehdr(elf); - } else { - ehdr = elf32_getehdr(elf); - } - if (ehdr == NULL) { - failure(); - } - - /* get the ELF section descriptor */ - if (is_elfclass64) { - scn = elf_getscn(elf, ((Elf64_Ehdr *) ehdr)->e_shstrndx); - } else { - scn = elf_getscn(elf, ((Elf32_Ehdr *) ehdr)->e_shstrndx); - } - if (scn == NULL) { - failure(); - } - - /* get the section header string table */ - shstrtab = elf_getdata(scn, NULL); - if (shstrtab == NULL) { - failure(); - } - - fix_count = 0; - - /* traverse the sections of the input file */ - for (i = 1, scn = NULL; scn = elf_nextscn(elf, scn); i++) { - int has_flag_set; /* is SHF_ALLOC flag set? */ - int is_empty; /* is section empty? */ - char * name; /* short hand pointer */ - - /* get the section header */ - if (is_elfclass64) { - shdr = elf64_getshdr(scn); - } else { - shdr = elf32_getshdr(scn); - } - if (shdr == NULL) { - failure(); - } - - if (is_elfclass64) { - name = (char *)shstrtab->d_buf + ((Elf64_Shdr *) shdr)->sh_name; - } else { - name = (char *)shstrtab->d_buf + ((Elf32_Shdr *) shdr)->sh_name; - } - - if (is_elfclass64) { - has_flag_set = ((Elf64_Shdr *) shdr)->sh_flags & SHF_ALLOC; - is_empty = ((Elf64_Shdr *) shdr)->sh_addr == 0 && - ((Elf64_Shdr *) shdr)->sh_size == 0; - } else { - has_flag_set = ((Elf32_Shdr *) shdr)->sh_flags & SHF_ALLOC; - is_empty = ((Elf32_Shdr *) shdr)->sh_addr == 0 && - ((Elf32_Shdr *) shdr)->sh_size == 0; - } - - if (is_empty && has_flag_set) { - (void) printf("section[%u] '%s' is empty, " - "but SHF_ALLOC flag is set.\n", i, name); - (void) printf("Clearing the SHF_ALLOC flag.\n"); - - if (is_elfclass64) { - ((Elf64_Shdr *) shdr)->sh_flags &= ~SHF_ALLOC; - } else { - ((Elf32_Shdr *) shdr)->sh_flags &= ~SHF_ALLOC; - } - fix_count++; - } - } /* end for each ELF section */ - - if (fix_count > 0) { - (void) printf("Saving %d updates to '%s'\n", fix_count, elf_obj); - (void) fflush(stdout); - (void) elf_update(elf, ELF_C_NULL); /* recalc ELF memory structures */ - (void) elf_update(elf, ELF_C_WRITE); /* write out changes to ELF obj */ - } else { - (void) printf("No SHF_ALLOC flags needed to be cleared.\n"); - } - - (void) elf_end(elf); /* done with ELF obj */ - (void) close(fd); - - (void) printf("Done %s '%s'\n", - (fix_count > 0) ? "updating" : "with", elf_obj); - (void) fflush(stdout); - exit(0); -} /* end main */ - - -static void -failure() { - (void) fprintf(stderr, "%s\n", elf_errmsg(elf_errno())); - exit(6); -}
--- a/src/java.base/linux/native/libjava/ProcessHandleImpl_linux.c Thu Sep 10 14:55:20 2015 -0700 +++ b/src/java.base/linux/native/libjava/ProcessHandleImpl_linux.c Tue Sep 15 07:47:44 2015 -0700 @@ -141,17 +141,21 @@ struct stat stat_buf; /* + * Stat /proc/<pid> to get the user id + */ + snprintf(fn, sizeof fn, "/proc/%d", pid); + if (stat(fn, &stat_buf) == 0) { + unix_getUserInfo(env, jinfo, stat_buf.st_uid); + } + + /* * Try to open /proc/<pid>/cmdline */ - snprintf(fn, sizeof fn, "/proc/%d/cmdline", pid); + strncat(fn, "/cmdline", sizeof fn - strnlen(fn, sizeof fn) - 1); if ((fd = open(fn, O_RDONLY)) < 0) { return; } - if (fstat(fd, &stat_buf) == 0) { - unix_getUserInfo(env, jinfo, stat_buf.st_uid); - } - do { // Block to break out of on errors int i, truncated = 0; int count;
--- a/src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m Thu Sep 10 14:55:20 2015 -0700 +++ b/src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m Tue Sep 15 07:47:44 2015 -0700 @@ -508,7 +508,7 @@ SecKeychainRef defaultKeychain = NULL; SecKeychainCopyDefault(&defaultKeychain); - SecExternalItemType dataType = (isCertificate == JNI_TRUE ? kSecFormatX509Cert : kSecFormatWrappedPKCS8); + SecExternalFormat dataFormat = (isCertificate == JNI_TRUE ? kSecFormatX509Cert : kSecFormatWrappedPKCS8); // Convert the password obj into a CFStringRef that the keychain importer can use for encryption. SecKeyImportExportParameters paramBlock; @@ -533,7 +533,7 @@ paramBlock.keyUsage = CSSM_KEYUSE_ANY; paramBlock.keyAttributes = CSSM_KEYATTR_RETURN_DEFAULT; - err = SecKeychainItemImport(cfDataToImport, NULL, &dataType, NULL, + err = SecKeychainItemImport(cfDataToImport, NULL, &dataFormat, NULL, 0, ¶mBlock, defaultKeychain, &createdItems); if (err == noErr) {
--- a/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java Thu Sep 10 14:55:20 2015 -0700 +++ b/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java Tue Sep 15 07:47:44 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -864,7 +864,9 @@ if (computed[i] != actual[i]) { throw new IOException( "Keystore was tampered with, or " - + "password was incorrect"); + + "password was incorrect", + new UnrecoverableKeyException( + "Password verification failed")); } } }
--- a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java Thu Sep 10 14:55:20 2015 -0700 +++ b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java Tue Sep 15 07:47:44 2015 -0700 @@ -51,6 +51,8 @@ import java.util.*; import java.security.AlgorithmParameters; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; import javax.crypto.spec.PBEParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; @@ -2060,7 +2062,7 @@ } if (!MessageDigest.isEqual(macData.getDigest(), macResult)) { - throw new SecurityException("Failed PKCS12" + + throw new UnrecoverableKeyException("Failed PKCS12" + " integrity checking"); } } catch (Exception e) {
--- a/src/java.base/share/classes/sun/util/cldr/CLDRLocaleProviderAdapter.java Thu Sep 10 14:55:20 2015 -0700 +++ b/src/java.base/share/classes/sun/util/cldr/CLDRLocaleProviderAdapter.java Tue Sep 15 07:47:44 2015 -0700 @@ -41,6 +41,7 @@ import java.util.ServiceLoader; import java.util.Set; import java.util.StringTokenizer; +import java.util.stream.Stream; import sun.util.locale.provider.JRELocaleProviderAdapter; import sun.util.locale.provider.LocaleProviderAdapter; import sun.util.locale.provider.LocaleDataMetaInfo; @@ -148,11 +149,9 @@ private List<Locale> applyParentLocales(String baseName, List<Locale> candidates) { if (Objects.isNull(parentLocalesMap)) { Map<Locale, Locale> map = new HashMap<>(); - Map<String, String> parentLocales = baseMetaInfo.parentLocales(); - parentLocales.keySet().forEach(parent -> { - Arrays.asList(parentLocales.get(parent).split(" ")).stream().forEach(child -> { - map.put(Locale.forLanguageTag(child), - "root".equals(parent) ? Locale.ROOT : Locale.forLanguageTag(parent)); + baseMetaInfo.parentLocales().forEach((parent, children) -> { + Stream.of(children).forEach(child -> { + map.put(Locale.forLanguageTag(child), parent); }); }); parentLocalesMap = Collections.unmodifiableMap(map);
--- a/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11KeyStore.java Thu Sep 10 14:55:20 2015 -0700 +++ b/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11KeyStore.java Tue Sep 15 07:47:44 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -750,6 +750,21 @@ } else { login(new PasswordCallbackHandler(password)); } + } catch(LoginException e) { + Throwable cause = e.getCause(); + if (cause instanceof PKCS11Exception) { + PKCS11Exception pe = (PKCS11Exception) cause; + if (pe.getErrorCode() == CKR_PIN_INCORRECT) { + // if password is wrong, the cause of the IOException + // should be an UnrecoverableKeyException + throw new IOException("load failed", + new UnrecoverableKeyException().initCause(e)); + } + } + throw new IOException("load failed", e); + } + + try { if (mapLabels() == true) { // CKA_LABELs are shared by multiple certs writeDisabled = true; @@ -757,7 +772,7 @@ if (debug != null) { dumpTokenMap(); } - } catch (LoginException | KeyStoreException | PKCS11Exception e) { + } catch (KeyStoreException | PKCS11Exception e) { throw new IOException("load failed", e); } }
--- a/test/ProblemList.txt Thu Sep 10 14:55:20 2015 -0700 +++ b/test/ProblemList.txt Tue Sep 15 07:47:44 2015 -0700 @@ -133,9 +133,6 @@ # 8029891 java/lang/ClassLoader/deadlock/GetResource.java generic-all -# 8133552 -java/lang/ProcessHandle/InfoTest.java generic-all - ############################################################################ # jdk_instrument
--- a/test/java/lang/ProcessHandle/InfoTest.java Thu Sep 10 14:55:20 2015 -0700 +++ b/test/java/lang/ProcessHandle/InfoTest.java Tue Sep 15 07:47:44 2015 -0700 @@ -257,10 +257,15 @@ } } } - p1.waitFor(Utils.adjustTimeout(5), TimeUnit.SECONDS); + p1.sendAction("exit"); + Assert.assertTrue(p1.waitFor(Utils.adjustTimeout(30L), TimeUnit.SECONDS), + "timeout waiting for process to terminate"); } catch (IOException | InterruptedException ie) { ie.printStackTrace(System.out); Assert.fail("unexpected exception", ie); + } finally { + // Destroy any children that still exist + ProcessUtil.destroyProcessTree(ProcessHandle.current()); } } @@ -270,8 +275,9 @@ @Test public static void test3() { try { - for (int sleepTime : Arrays.asList(1, 2)) { + for (long sleepTime : Arrays.asList(Utils.adjustTimeout(30), Utils.adjustTimeout(32))) { Process p = spawn("sleep", String.valueOf(sleepTime)); + ProcessHandle.Info info = p.info(); System.out.printf(" info: %s%n", info); @@ -297,7 +303,9 @@ Assert.assertEquals(args[0], String.valueOf(sleepTime)); } } - Assert.assertTrue(p.waitFor(15, TimeUnit.SECONDS)); + p.destroy(); + Assert.assertTrue(p.waitFor(Utils.adjustTimeout(30), TimeUnit.SECONDS), + "timeout waiting for process to terminate"); } } catch (IOException | InterruptedException ex) { ex.printStackTrace(System.out);
--- a/test/java/security/KeyStore/TestKeyStoreBasic.java Thu Sep 10 14:55:20 2015 -0700 +++ b/test/java/security/KeyStore/TestKeyStoreBasic.java Tue Sep 15 07:47:44 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,36 +21,97 @@ * questions. */ -import static java.lang.System.out; - +import java.io.BufferedInputStream; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.io.InputStream; +import java.security.KeyFactory; import java.security.KeyStore; import java.security.KeyStoreException; -import java.security.Provider; -import java.security.Security; -import javax.crypto.SecretKey; -import javax.crypto.spec.SecretKeySpec; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateFactory; +import java.security.spec.KeySpec; +import java.security.spec.PKCS8EncodedKeySpec; +import java.util.Base64; /* * @test - * @bug 8048621 - * @summary Test the basic operations of KeyStore, provided by SunJCE (jceks), - * and SunPKCS11-Solaris(PKCS11KeyStore) + * @bug 8048621 8133090 + * @summary Test basic operations with keystores (jks, jceks, pkcs12) * @author Yu-Ching Valerie PENG */ +public class TestKeyStoreBasic { -public class TestKeyStoreBasic { + private static final String PRIVATE_KEY_PKCS8_BASE64 = "" + + "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCpyz97liuWPDYcLH9TX8BiT78o" + + "lCmAfmevvch6ncXUVuCzbdaKuKXwn4EVbDszsVJLoK5zdtP+X3iDhutj+IgKmLhuczF3M9VIcWr+" + + "JJUyTH4+3h/RT8cjCDZOmk9iXkb5ifruVsLqzb9g+Vp140Oz7leikne7KmclHvTfvFd0WDI7Gb9v" + + "o4f5rT717BXJ/n+M6pNk8DLpLiEu6eziYvXRv5x+t5Go3x0eCXdaxEQUf2j876Wfr2qHRJK7lDfF" + + "e1DDsMg/KpKGiILYZ+g2qtVMZSxtp5BZEtfB5qV/IE5kWO+mCIAGpXSZIdbERR6pZUq8GLEe1T9e" + + "+sO6H24w2F19AgMBAAECggEBAId/12187dO6wUPCjumuJA1QrrBnbKdKONyai36uoc1Od4s5QFj7" + + "+hEIeS7rbGNYQuBvnkgusAbzkW0FIpxpHce3EJez/emux6pEOKoP77BwMt9gy+txyu0+BHi91FQg" + + "AGvrnQDO5EYVY4Cz/WjOsJzKu8zVLg+DS0Toa2qRFwmUe9mVAXPNOCZ3Oae/Q6tCDsaINNw0fmjj" + + "jn6uohPbS+n6xENG3FkQXB36getXy310xTGED2J27cmAQH6gLR6Kl2iROzNPbbpBqbuemI9kbcld" + + "EwBS1jRfZWeaPstYA1niVrE9UgUBzemnoh4TDkG076sYthHMr5QFGjPswnwtJ4ECgYEA0sURQ5+v" + + "baH4tdaemI3qpnknXTlzSpuZZmAoyvY0Id0mlduwKwmZ3Y5989wHfnnhFfyNO4IkTKjI2Wp97qP5" + + "4eqUNpA7FtNU7KUzMcFDTtwtNZuRYMrKlqo2lLbA+gVrAYpYZFL4b7tcwtX4DnYorDsmude6W8sG" + + "4Mx2VdFJC9UCgYEAzjsdXCYH5doWUHb0dvn9ID7IikffEMRM720MRjrnnnVbpzx6ACntkPDNZg7p" + + "TRE/mx7iBz81ZaUWE+V0wd0JvCHEdpAz3mksyvDFhU4Bgs6xzf2pSul5muhsx3hHcvvPezz5Bnxs" + + "faJlzkxfwotyGmvWN15GA/pyfsZjsbbTpwkCgYAO6NnbysQCIV8SnegCKqfatt9N/O5m7LLhRxQb" + + "p2bwrlA4cZ34rWkw/w9x3LK7A6wkfgUPnJkswxPSLXJTG05l6M4rPfCwIKr1Qopojp9QSMr569NQ" + + "4YeLOOc7heIIzbFQHpU6I5Rncv2Q2sn9W+ZsqJKIuvX34FjQNiZ406EzMQKBgHSxOGS61D84DuZK" + + "2Ps1awhC3kB4eHzJRms3vflDPWoJJ+pSKwpKrzUTPHXiPBqyhtYkPGszVeiE6CAr9sv3YZnFVaBs" + + "6hyQUJsob+uE/w/gGvXe8VsFDx0bJOodYfhrCbTHBHWqE81nBcocpxayxsayfAzqWB3KKd0YLrMR" + + "K2PZAoGAcZa8915R2m0KZ6HVJUt/JDR85jCbN71kcVDFY2XSFkOJvOdFoHNfRckfLzjq9Y2MSSTV" + + "+QDWbDo2doUQCejJUTaN8nP79tfyir24X5uVPvQaeVoGTKYb+LfUqK0F60lStmjuddIGSZH55y3v" + + "+9XjmxbVERtd1lqgQg3VlmKlEXY="; + + /* + * Certificate: + * Data: + * Version: 3 (0x2) + * Serial Number: 7 (0x7) + * Signature Algorithm: sha512WithRSAEncryption + * Issuer: CN=Root + * Validity + * Not Before: Sep 1 18:03:59 2015 GMT + * Not After : Jan 17 18:03:59 2043 GMT + * Subject: CN=EE + */ + private static final String CERTIFICATE = "" + + "-----BEGIN CERTIFICATE-----\n" + + "MIIDHTCCAgWgAwIBAgIBBzANBgkqhkiG9w0BAQ0FADAPMQ0wCwYDVQQDDARSb290\n" + + "MB4XDTE1MDkwMTE4MDM1OVoXDTQzMDExNzE4MDM1OVowDTELMAkGA1UEAwwCRUUw\n" + + "ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpyz97liuWPDYcLH9TX8Bi\n" + + "T78olCmAfmevvch6ncXUVuCzbdaKuKXwn4EVbDszsVJLoK5zdtP+X3iDhutj+IgK\n" + + "mLhuczF3M9VIcWr+JJUyTH4+3h/RT8cjCDZOmk9iXkb5ifruVsLqzb9g+Vp140Oz\n" + + "7leikne7KmclHvTfvFd0WDI7Gb9vo4f5rT717BXJ/n+M6pNk8DLpLiEu6eziYvXR\n" + + "v5x+t5Go3x0eCXdaxEQUf2j876Wfr2qHRJK7lDfFe1DDsMg/KpKGiILYZ+g2qtVM\n" + + "ZSxtp5BZEtfB5qV/IE5kWO+mCIAGpXSZIdbERR6pZUq8GLEe1T9e+sO6H24w2F19\n" + + "AgMBAAGjgYUwgYIwNAYDVR0fBC0wKzApoCegJYYjbGRhcDovL2xkYXAuaG9zdC5m\n" + + "b3IuY3JsZHAvbWFpbi5jcmwwSgYIKwYBBQUHAQEEPjA8MDoGCCsGAQUFBzAChi5s\n" + + "ZGFwOi8vbGRhcC5ob3N0LmZvci5haWEvZGM9Um9vdD9jQUNlcnRpZmljYXRlMA0G\n" + + "CSqGSIb3DQEBDQUAA4IBAQBWDfZHpuUx0yn5d3+BuztFqoks1MkGdk+USlH0TB1/\n" + + "gWWBd+4S4PCKlpSur0gj2rMW4fP5HQfNlHci8JV8/bG4KuKRAXW56dg1818Hl3pc\n" + + "iIrUSRn8uUjH3p9qb+Rb/u3mmVQRyJjN2t/zceNsO8/+Dd808OB9aEwGs8lMT0nn\n" + + "ZYaaAqYz1GIY/Ecyx1vfEZEQ1ljo6i/r70C3igbypBUShxSiGsleiVTLOGNA+MN1\n" + + "/a/Qh0bkaQyTGqK3bwvzzMeQVqWu2EWTBD/PmND5ExkpRICdv8LBVXfLnpoBr4lL\n" + + "hnxn9+e0Ah+t8dS5EKfn44w5bI5PCu2bqxs6RCTxNjcY\n" + + "-----END CERTIFICATE-----\n"; + private static final char[] PASSWD2 = new char[] { 'b', 'o', 'r', 'e', 'd' }; - private static final char[] PASSWDK = new String("cannot be null") + private static final char[] PASSWDK = "cannot be null" .toCharArray(); private static final String[] KS_Type = { "jks", "jceks", "pkcs12", "PKCS11KeyStore" }; - private static final String[] PRO_TYPE = { + private static final String[] PROVIDERS = { "SUN", "SunJCE", "SunJSSE", "SunPKCS11-Solaris" }; private static final String ALIAS_HEAD = "test"; @@ -61,41 +122,58 @@ } public void run() throws Exception { - Provider[] providers = Security.getProviders(); - for (Provider p: providers) { - String prvName = p.getName(); - if (prvName.startsWith("SunJCE") - || prvName.startsWith("SunPKCS11-Solaris")) { - try { - runTest(p); - out.println("Test with provider " + p.getName() + "" - + " passed"); - } catch (java.security.KeyStoreException e) { - if (prvName.startsWith("SunPKCS11-Solaris")) { - out.println("KeyStoreException is expected " - + "PKCS11KeyStore is invalid keystore type."); - e.printStackTrace(); - } else { - throw e; - } + for (String provider : PROVIDERS) { + try { + runTest(provider); + System.out.println("Test with provider " + provider + "passed"); + } catch (java.security.KeyStoreException e) { + if (provider.equals("SunPKCS11-Solaris")) { + System.out.println("KeyStoreException is expected: " + + "PKCS11KeyStore is invalid keystore type: " + e); + } else { + throw e; + } + } catch (NoSuchProviderException e) { + String osName = System.getProperty("os.name"); + if (provider.equals("SunPKCS11-Solaris") + && !osName.equals("SunOS")) { + System.out.println("Skip SunPKCS11-Solaris provider on " + + osName); + } else { + throw e; } } } } - public void runTest(Provider p) throws Exception { - SecretKey key = new SecretKeySpec( - new String("No one knows").getBytes(), "PBE"); + public void runTest(String provider) throws Exception { + + // load private key + // all keystore types should support private keys + KeySpec spec = new PKCS8EncodedKeySpec( + Base64.getMimeDecoder().decode(PRIVATE_KEY_PKCS8_BASE64)); + PrivateKey privateKey = KeyFactory.getInstance("RSA") + .generatePrivate(spec); + + // load x509 certificate + Certificate cert; + try (InputStream is = new BufferedInputStream( + new ByteArrayInputStream(CERTIFICATE.getBytes()))) { + cert = CertificateFactory.getInstance("X.509") + .generateCertificate(is); + } + int numEntries = 5; - String proName = p.getName(); String type = null; - for (int i = 0; i < PRO_TYPE.length; i++) { - if (proName.compareTo(PRO_TYPE[i]) == 0) { + for (int i = 0; i < PROVIDERS.length; i++) { + if (provider.compareTo(PROVIDERS[i]) == 0) { type = KS_Type[i]; break; } } - KeyStore ks = KeyStore.getInstance(type, p); + + System.out.printf("Test %s provider and %s keystore%n", provider, type); + KeyStore ks = KeyStore.getInstance(type, provider); KeyStore ks2 = KeyStore.getInstance(type, ks.getProvider().getName()); // create an empty key store @@ -103,7 +181,8 @@ // store the secret keys for (int j = 0; j < numEntries; j++) { - ks.setKeyEntry(ALIAS_HEAD + j, key, PASSWDK, null); + ks.setKeyEntry(ALIAS_HEAD + j, privateKey, PASSWDK, + new Certificate[] { cert }); } // initialize the 2nd key store object with the 1st one @@ -134,13 +213,18 @@ throw new RuntimeException( "ERROR: passed the loading with incorrect password"); } catch (IOException ex) { + System.out.println("Expected exception: " + ex); + if (!causedBy(ex, UnrecoverableKeyException.class)) { + ex.printStackTrace(System.out); + throw new RuntimeException("Unexpected cause"); + } + System.out.println("Expected cause: " + + UnrecoverableKeyException.class.getName()); + bais.reset(); ks.load(bais, PASSWD2); bais.reset(); ks.load(bais, null); - } finally { - bais.close(); - baos.close(); } // check key store type @@ -158,7 +242,6 @@ private void checkType(KeyStore obj, String type) { if (!obj.getType().equals(type)) { throw new RuntimeException("ERROR: wrong key store type"); - } } @@ -168,7 +251,6 @@ if (!obj.containsAlias(ALIAS_HEAD + k)) { throw new RuntimeException("ERROR: alias (" + k + ") should exist"); - } } } @@ -176,16 +258,25 @@ // compare the creation dates - true if all the same private void compareCreationDate(KeyStore o1, KeyStore o2, int range) throws KeyStoreException { - boolean result = true; - String alias = null; + String alias; for (int k = 0; k < range; k++) { alias = ALIAS_HEAD + k; if (!o1.getCreationDate(alias).equals(o2.getCreationDate(alias))) { throw new RuntimeException("ERROR: entry creation time (" + k + ") differs"); - } } } + // checks if an exception was caused by specified exception class + private static boolean causedBy(Exception e, Class klass) { + Throwable cause = e; + while ((cause = cause.getCause()) != null) { + if (cause.getClass().equals(klass)) { + return true; + } + } + return false; + } + }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/security/cert/CertPathEncodingTest.java Tue Sep 15 07:47:44 2015 -0700 @@ -0,0 +1,253 @@ +/* + * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +import java.io.ByteArrayInputStream; +import java.security.cert.CertPath; +import java.security.cert.Certificate; +import java.security.cert.CertificateFactory; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Base64; +import java.util.List; + +/* + * @test + * @bug 8074931 + * @summary CertPathEncodingTest tests the ability of the CertPath and + * CertificateFactory to encode and decode CertPaths. + */ +public final class CertPathEncodingTest { + /* + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 935438132 (0x37c1a734) + Signature Algorithm: dsaWithSHA1 + Issuer: C=us, O=sun, OU=east, OU=bcn, CN=yassir + Validity + Not Before: Aug 23 19:55:32 1999 GMT + Not After : Aug 22 19:55:32 2000 GMT + Subject: C=us, O=sun, OU=east, OU=bcn + Subject Public Key Info: + Public Key Algorithm: dsaEncryption + pub: + 63:47:4f:f6:29:e5:98:a2:21:fd:da:97:9e:3f:ca: + b0:17:49:8d:8a:a7:06:0d:a6:78:97:39:59:33:72: + a2:a5:74:d5:3a:ef:e6:7c:07:d7:8e:8e:d1:66:73: + 99:14:04:96:f5:31:d6:72:ee:d2:53:f8:90:b5:f3: + c3:f1:64:ba:1a:9e:c0:0a:da:92:48:c5:d3:84:7e: + 48:09:66:d9:51:ba:74:56:5a:77:8a:8c:9a:9c:f6: + 84:12:61:12:51:dc:c6:4f:84:94:ec:cb:78:51:83: + 8c:20:8a:53:7b:d2:b6:36:df:50:35:95:1f:cb:50: + 55:8b:3f:fb:e2:77:cb + P: + 00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec: + e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6: + 51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf: + c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34: + 6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b: + 10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7: + c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35: + 54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef: + f2:22:03:19:9d:d1:48:01:c7 + Q: + 00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb: + 84:0b:f0:58:1c:f5 + G: + 00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8: + 57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d: + 07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10: + 81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09: + 32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3: + ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62: + f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89: + a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55: + 25:64:01:4c:3b:fe:cf:49:2a + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Key Encipherment, Certificate Sign + Signature Algorithm: dsaWithSHA1 + r: + 52:80:52:2b:2c:3d:02:66:58:b4:dc:ef:52:26:70: + 1b:53:ca:b3:7d + s: + 62:03:b2:ab:3e:18:2a:66:09:b6:ce:d4:05:a5:8e: + a5:7a:0d:55:67 + */ + private static final String cert1 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICzTCCAougAwIBAgIEN8GnNDALBgcqhkjOOAQDBQAwSTELMAkGA1UEBhMCdXMx\n" + + "DDAKBgNVBAoTA3N1bjENMAsGA1UECxMEZWFzdDEMMAoGA1UECxMDYmNuMQ8wDQYD\n" + + "VQQDEwZ5YXNzaXIwHhcNOTkwODIzMTk1NTMyWhcNMDAwODIyMTk1NTMyWjA4MQsw\n" + + "CQYDVQQGEwJ1czEMMAoGA1UEChMDc3VuMQ0wCwYDVQQLEwRlYXN0MQwwCgYDVQQL\n" + + "EwNiY24wggG1MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR\n" + + "t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZ\n" + + "UKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu\n" + + "K2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9\n" + + "3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgW\n" + + "E7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQ\n" + + "iaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBggACf2NHT/Yp5ZiiIf3al54/yrAX\n" + + "SY2KpwYNpniXOVkzcqKldNU67+Z8B9eOjtFmc5kUBJb1MdZy7tJT+JC188PxZLoa\n" + + "nsAK2pJIxdOEfkgJZtlRunRWWneKjJqc9oQSYRJR3MZPhJTsy3hRg4wgilN70rY2\n" + + "31A1lR/LUFWLP/vid8ujEzARMA8GA1UdDwEB/wQFAwMHpAAwCwYHKoZIzjgEAwUA\n" + + "Ay8AMCwCFFKAUissPQJmWLTc71ImcBtTyrN9AhRiA7KrPhgqZgm2ztQFpY6leg1V\n" + + "Zw==\n" + + "-----END CERTIFICATE-----\n" + + ""; + + /* + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 935095671 (0x37bc6d77) + Signature Algorithm: dsaWithSHA1 + Issuer: C=us, O=sun, OU=east, OU=bcn, CN=yassir + Validity + Not Before: Aug 19 20:47:51 1999 GMT + Not After : Aug 18 20:47:51 2000 GMT + Subject: C=us, O=sun, OU=east, OU=bcn, CN=yassir + Subject Public Key Info: + Public Key Algorithm: dsaEncryption + pub: + 0a:cc:a4:ec:d6:88:45:c2:24:6b:0d:78:f1:82:f3: + 5e:3e:31:5d:fb:64:d5:06:5e:39:16:f1:0a:85:d1: + ff:d1:a4:74:c5:e6:b0:ba:93:1c:ee:69:51:be:3b: + a6:66:44:50:b4:f0:5e:0e:dd:9f:08:71:fe:a1:91: + 2e:d4:9e:6b:b2:c0:82:3c:91:6c:18:b0:d9:bc:a3: + 48:91:3f:8b:59:01:61:00:02:ab:22:31:bc:7c:6c: + 0d:9f:ed:be:33:e6:5c:44:9e:62:30:95:f8:6d:22: + d7:e5:85:4c:b0:98:6e:ad:cc:ca:3b:ad:cb:fa:f7: + 9f:37:13:f7:ca:e2:22:ba + P: + 00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec: + e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6: + 51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf: + c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34: + 6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b: + 10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7: + c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35: + 54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef: + f2:22:03:19:9d:d1:48:01:c7 + Q: + 00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb: + 84:0b:f0:58:1c:f5 + G: + 00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8: + 57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d: + 07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10: + 81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09: + 32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3: + ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62: + f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89: + a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55: + 25:64:01:4c:3b:fe:cf:49:2a + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Key Encipherment, Certificate Sign + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:5 + Signature Algorithm: dsaWithSHA1 + r: + 2f:88:46:37:94:92:b2:02:07:5b:8d:76:e5:81:23: + 85:7f:bc:8d:b9 + s: + 00:8b:d7:41:fa:11:c7:ab:27:92:5d:0a:03:98:56: + 36:42:5f:f5:1f:9d + */ + private static final String cert2 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIC9TCCArKgAwIBAgIEN7xtdzALBgcqhkjOOAQDBQAwSTELMAkGA1UEBhMCdXMx\n" + + "DDAKBgNVBAoTA3N1bjENMAsGA1UECxMEZWFzdDEMMAoGA1UECxMDYmNuMQ8wDQYD\n" + + "VQQDEwZ5YXNzaXIwHhcNOTkwODE5MjA0NzUxWhcNMDAwODE4MjA0NzUxWjBJMQsw\n" + + "CQYDVQQGEwJ1czEMMAoGA1UEChMDc3VuMQ0wCwYDVQQLEwRlYXN0MQwwCgYDVQQL\n" + + "EwNiY24xDzANBgNVBAMTBnlhc3NpcjCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQD9\n" + + "f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2\n" + + "y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD\n" + + "9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLr\n" + + "hAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrU\n" + + "WU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6\n" + + "ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GEAAKB\n" + + "gArMpOzWiEXCJGsNePGC814+MV37ZNUGXjkW8QqF0f/RpHTF5rC6kxzuaVG+O6Zm\n" + + "RFC08F4O3Z8Icf6hkS7UnmuywII8kWwYsNm8o0iRP4tZAWEAAqsiMbx8bA2f7b4z\n" + + "5lxEnmIwlfhtItflhUywmG6tzMo7rcv69583E/fK4iK6oycwJTAPBgNVHQ8BAf8E\n" + + "BQMDB6QAMBIGA1UdEwEB/wQIMAYBAf8CAQUwCwYHKoZIzjgEAwUAAzAAMC0CFC+I\n" + + "RjeUkrICB1uNduWBI4V/vI25AhUAi9dB+hHHqyeSXQoDmFY2Ql/1H50=\n" + + "-----END CERTIFICATE-----\n" + + ""; + + private static final String pkcs7path = + "MIIF9QYJKoZIhvcNAQcCoIIF5jCCBeICAQExADALBgkqhkiG9w0BBwGgggXKMIICzTCCAougAwIB\n" + + "AgIEN8GnNDALBgcqhkjOOAQDBQAwSTELMAkGA1UEBhMCdXMxDDAKBgNVBAoTA3N1bjENMAsGA1UE\n" + + "CxMEZWFzdDEMMAoGA1UECxMDYmNuMQ8wDQYDVQQDEwZ5YXNzaXIwHhcNOTkwODIzMTk1NTMyWhcN\n" + + "MDAwODIyMTk1NTMyWjA4MQswCQYDVQQGEwJ1czEMMAoGA1UEChMDc3VuMQ0wCwYDVQQLEwRlYXN0\n" + + "MQwwCgYDVQQLEwNiY24wggG1MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR\n" + + "t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQ\n" + + "IsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCX\n" + + "YFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZ\n" + + "V4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7\n" + + "YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBggACf2NHT/Yp5ZiiIf3al54/\n" + + "yrAXSY2KpwYNpniXOVkzcqKldNU67+Z8B9eOjtFmc5kUBJb1MdZy7tJT+JC188PxZLoansAK2pJI\n" + + "xdOEfkgJZtlRunRWWneKjJqc9oQSYRJR3MZPhJTsy3hRg4wgilN70rY231A1lR/LUFWLP/vid8uj\n" + + "EzARMA8GA1UdDwEB/wQFAwMHpAAwCwYHKoZIzjgEAwUAAy8AMCwCFFKAUissPQJmWLTc71ImcBtT\n" + + "yrN9AhRiA7KrPhgqZgm2ztQFpY6leg1VZzCCAvUwggKyoAMCAQICBDe8bXcwCwYHKoZIzjgEAwUA\n" + + "MEkxCzAJBgNVBAYTAnVzMQwwCgYDVQQKEwNzdW4xDTALBgNVBAsTBGVhc3QxDDAKBgNVBAsTA2Jj\n" + + "bjEPMA0GA1UEAxMGeWFzc2lyMB4XDTk5MDgxOTIwNDc1MVoXDTAwMDgxODIwNDc1MVowSTELMAkG\n" + + "A1UEBhMCdXMxDDAKBgNVBAoTA3N1bjENMAsGA1UECxMEZWFzdDEMMAoGA1UECxMDYmNuMQ8wDQYD\n" + + "VQQDEwZ5YXNzaXIwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I8\n" + + "70QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJP\n" + + "u6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCP\n" + + "FSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV466\n" + + "1FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoB\n" + + "JDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYAKzKTs1ohFwiRrDXjxgvNe\n" + + "PjFd+2TVBl45FvEKhdH/0aR0xeawupMc7mlRvjumZkRQtPBeDt2fCHH+oZEu1J5rssCCPJFsGLDZ\n" + + "vKNIkT+LWQFhAAKrIjG8fGwNn+2+M+ZcRJ5iMJX4bSLX5YVMsJhurczKO63L+vefNxP3yuIiuqMn\n" + + "MCUwDwYDVR0PAQH/BAUDAwekADASBgNVHRMBAf8ECDAGAQH/AgEFMAsGByqGSM44BAMFAAMwADAt\n" + + "AhQviEY3lJKyAgdbjXblgSOFf7yNuQIVAIvXQfoRx6snkl0KA5hWNkJf9R+dMQA=\n" + + ""; + + // Runs test of CertPath encoding and decoding. + public static void main(String[] args) throws Exception { + // Make the CertPath whose encoded form has already been stored + CertificateFactory certFac = CertificateFactory.getInstance("X509"); + + final List<Certificate> certs = new ArrayList<>(); + certs.add(certFac.generateCertificate(new ByteArrayInputStream(cert1.getBytes()))); + certs.add(certFac.generateCertificate(new ByteArrayInputStream(cert2.getBytes()))); + + CertPath cp = certFac.generateCertPath(certs); + + // Get the encoded form of the CertPath we made + byte[] encoded = cp.getEncoded("PKCS7"); + + // check if it matches the encoded value + if (!Arrays.equals(encoded, Base64.getMimeDecoder().decode(pkcs7path.getBytes()))) { + throw new RuntimeException("PKCS#7 encoding doesn't match stored value"); + } + + // Generate a CertPath from the encoded value and check if it equals + // the CertPath generated from the certificates + CertPath decodedCP = certFac.generateCertPath(new ByteArrayInputStream(encoded), "PKCS7"); + if (!decodedCP.equals(cp)) { + throw new RuntimeException("CertPath decoded from PKCS#7 isn't equal to original"); + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/security/cert/X509CertSelectorTest.java Tue Sep 15 07:47:44 2015 -0700 @@ -0,0 +1,538 @@ +/* + * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +import static sun.security.x509.GeneralNameInterface.NAME_DIRECTORY; +import static sun.security.x509.NameConstraintsExtension.EXCLUDED_SUBTREES; +import static sun.security.x509.NameConstraintsExtension.PERMITTED_SUBTREES; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.math.BigInteger; +import java.security.GeneralSecurityException; +import java.security.KeyFactory; +import java.security.PublicKey; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509CertSelector; +import java.security.cert.X509Certificate; +import java.security.spec.X509EncodedKeySpec; +import java.util.Base64; +import java.util.Calendar; +import java.util.Date; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Set; + +import sun.security.util.DerInputStream; +import sun.security.util.DerOutputStream; +import sun.security.util.DerValue; +import sun.security.util.ObjectIdentifier; +import sun.security.x509.AlgorithmId; +import sun.security.x509.AuthorityKeyIdentifierExtension; +import sun.security.x509.CertificatePoliciesExtension; +import sun.security.x509.DNSName; +import sun.security.x509.GeneralName; +import sun.security.x509.GeneralNameInterface; +import sun.security.x509.GeneralNames; +import sun.security.x509.GeneralSubtree; +import sun.security.x509.GeneralSubtrees; +import sun.security.x509.KeyIdentifier; +import sun.security.x509.NameConstraintsExtension; +import sun.security.x509.PolicyInformation; +import sun.security.x509.PrivateKeyUsageExtension; +import sun.security.x509.SubjectAlternativeNameExtension; +import sun.security.x509.X500Name; + +/* + * @test + * @bug 8074931 + * @summary This class tests the X509CertSelector. The tests check particular criteria + * by setting them to a value that should match our test certificate and + * ensuring that they do match, then setting them to a value that should not + * match our test certificate and ensuring that they do not match. + * @modules java.base/sun.security.x509 + * java.base/sun.security.util + */ +public class X509CertSelectorTest { + /* + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 954172088 (0x38df82b8) + Signature Algorithm: dsaWithSHA1 + Issuer: C=us, O=sun, OU=testing + Validity + Not Before: Mar 27 15:48:08 2000 GMT + Not After : Jun 25 14:48:08 2000 GMT + Subject: C=us, O=sun, OU=testing, CN=mullan + Subject Public Key Info: + Public Key Algorithm: dsaEncryption + pub: 0 + P: 0 + Q: 0 + G: 0 + X509v3 extensions: + X509v3 Name Constraints: critical + 0D.B0@.>1.0...U....us1.0 + ..U. + ..sun1.0...U....testing1.0 + ..U....mullan + X509v3 Subject Key Identifier: + 56:E8:88:AE:9D:B5:3F:2B:CB:A0:4C:4B:E2:87:53:07:33:77:1B:DF + X509v3 Authority Key Identifier: + keyid:8E:DD:AF:6F:EE:02:12:F4:61:E9:2F:E3:64:1A:6F:71:32:25:20:C0 + + X509v3 Subject Alternative Name: + email:mullan@east.sun.com + X509v3 Private Key Usage Period: + Not Before: Jan 1 05:00:00 2000 GMT, Not After: Jan 1 05:00:00 2001 GMT + X509v3 Key Usage: critical + Digital Signature + X509v3 Certificate Policies: + 0$0\..*...0.0...+.......0.. + Testing... + Signature Algorithm: dsaWithSHA1 + r: + 44:c7:35:40:5d:6c:28:75:7f:73:b2:f8:0d:72:6c: + 09:65:b8:81:14 + s: + 76:79:f5:c7:37:3b:0d:9b:db:70:2f:20:80:36:e3: + 80:e8:a6:c6:71 + */ + private static final String testCert = + "-----BEGIN CERTIFICATE-----\n" + + "MIICLjCCAeygAwIBAgIEON+CuDALBgcqhkjOOAQDBQAwLTELMAkGA1UEBhMCdXMx\n" + + "DDAKBgNVBAoTA3N1bjEQMA4GA1UECxMHdGVzdGluZzAeFw0wMDAzMjcxNTQ4MDha\n" + + "Fw0wMDA2MjUxNDQ4MDhaMD4xCzAJBgNVBAYTAnVzMQwwCgYDVQQKEwNzdW4xEDAO\n" + + "BgNVBAsTB3Rlc3RpbmcxDzANBgNVBAMTBm11bGxhbjAcMBQGByqGSM44BAEwCQIB\n" + + "AAIBAAIBAAMEAAIBAKOCASMwggEfMFAGA1UdHgEB/wRGMESgQjBApD4xCzAJBgNV\n" + + "BAYTAnVzMQwwCgYDVQQKEwNzdW4xEDAOBgNVBAsTB3Rlc3RpbmcxDzANBgNVBAMT\n" + + "Bm11bGxhbjAdBgNVHQ4EFgQUVuiIrp21PyvLoExL4odTBzN3G98wHwYDVR0jBBgw\n" + + "FoAUjt2vb+4CEvRh6S/jZBpvcTIlIMAwHgYDVR0RBBcwFYETbXVsbGFuQGVhc3Qu\n" + + "c3VuLmNvbTArBgNVHRAEJDAigA8yMDAwMDEwMTA1MDAwMFqBDzIwMDEwMTAxMDUw\n" + + "MDAwWjAPBgNVHQ8BAf8EBQMDB4AAMC0GA1UdIAQmMCQwIgYEKoSAADAaMBgGCCsG\n" + + "AQUFBwICMAwSClRlc3RpbmcuLi4wCwYHKoZIzjgEAwUAAy8AMCwCFETHNUBdbCh1\n" + + "f3Oy+A1ybAlluIEUAhR2efXHNzsNm9twLyCANuOA6KbGcQ==\n" + + "-----END CERTIFICATE-----\n" + + ""; + + private static final String testKey = + "MIIBtjCCASsGByqGSM44BAEwggEeAoGBAIVWPEkcxbxhQRCqVzg55tNqbP5j0K4kdu4bkmXvfqC5\n" + + "+qA75DvnfzsOJseb+9AuKXWk/DvCzFDmrY1YaU3scZC3OQEO9lEO3F4VDKOaudY6OT1SI22pAIwz\n" + + "j5pvq+i7zOp4xUqkQUeh/4iQSfxOT5UrFGjkcbnbpVkCXD/GxAz7AhUAjtnm3dVIddUUHl6wxpZ7\n" + + "GcA6gSsCgYAf/PXzQtemgIDjpFrNNSgTEKkLposBXKatAM+gUKlMUjf8SQvquqPxDtRrscGjXkoL\n" + + "oTkaR7/akULYFpBvUcFkeIFiCnJg8M9XhCWdLvn9MPt+jR2oxookvCb9xLtD6WvIM/wd/nZ1iK4u\n" + + "iY1+q85xvns/Awbtwl7oZDAwE2TUKAOBhAACgYBDc9UZ+3xsZubUZvRG5cpyJceYpJp2exOPVJXn\n" + + "jR4CcR+cT9bAJpFSxqE/8KtNHXxHdu4f3DU67IMOVDpugzihyzXJvNm3w2H9x+6xczHG2wjvAJeh\n" + + "X62EWbUatxPXFAoVKZWuUbaYaZzdWBDtNRrCuKKsLo0GFy8g2BZISuD3jw==\n" + + ""; + + // Certificate to run tests on + private final X509Certificate cert; + + public static void main(String[] args) throws Exception { + X509CertSelectorTest test = new X509CertSelectorTest(); + test.doTest(); + } + + public X509CertSelectorTest() throws CertificateException, IOException { + cert = (X509Certificate) CertificateFactory.getInstance("X.509") + .generateCertificate(new ByteArrayInputStream(testCert.getBytes())); + } + + // Runs the test. + private void doTest() throws Exception { + System.out.println("START OF TESTS FOR " + "X509CertSelector"); + + testSerialNumber(); + testIssuer(); + testSubjectKeyIdentifier(); + testAuthorityKeyIdentifier(); + testCertificateValid(); + testPrivateKeyValid(); + testSubjectPublicKeyAlgID(); + testKeyUsage(); + testSubjectAltName(); + testPolicy(); + testPathToName(); + testSubject(); + testSubjectPublicKey(); + testNameConstraints(); + testBasicConstraints(); + testCertificate(); + } + + // Tests matching on the serial number contained in the certificate. + private void testSerialNumber() { + System.out.println("X.509 Certificate Match on serialNumber"); + // bad match + X509CertSelector selector = new X509CertSelector(); + selector.setSerialNumber(new BigInteger("999999999")); + checkMatch(selector, cert, false); + + // good match + selector.setSerialNumber(cert.getSerialNumber()); + checkMatch(selector, cert, true); + } + + // Tests matching on the issuer name contained in the certificate. + private void testIssuer() throws IOException { + System.out.println("X.509 Certificate Match on issuer"); + // bad match + X509CertSelector selector = new X509CertSelector(); + selector.setIssuer("ou=bogus,ou=east,o=sun,c=us"); + checkMatch(selector, cert, false); + + // good match + selector.setIssuer((cert.getIssuerX500Principal()).getName("RFC2253")); + checkMatch(selector, cert, true); + } + + /* + * Tests matching on the subject key identifier contained in the + * certificate. + */ + private void testSubjectKeyIdentifier() throws IOException { + System.out.println("X.509 Certificate Match on subjectKeyIdentifier"); + // bad match + X509CertSelector selector = new X509CertSelector(); + byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; + selector.setSubjectKeyIdentifier(b); + checkMatch(selector, cert, false); + + // good match + DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.14")); + byte[] encoded = in.getOctetString(); + selector.setSubjectKeyIdentifier(encoded); + checkMatch(selector, cert, true); + } + + /* + * Tests matching on the authority key identifier contained in the + * certificate. + */ + private void testAuthorityKeyIdentifier() throws IOException { + System.out.println("X.509 Certificate Match on authorityKeyIdentifier"); + // bad match + X509CertSelector selector = new X509CertSelector(); + byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; + AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null); + selector.setAuthorityKeyIdentifier(a.getExtensionValue()); + checkMatch(selector, cert, false); + + // good match + DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35")); + byte[] encoded = in.getOctetString(); + selector.setAuthorityKeyIdentifier(encoded); + checkMatch(selector, cert, true); + } + + /* + * Tests matching on the certificate validity component contained in the + * certificate. + */ + private void testCertificateValid() { + System.out.println("X.509 Certificate Match on certificateValid"); + // bad match + X509CertSelector selector = new X509CertSelector(); + Calendar cal = Calendar.getInstance(); + cal.set(1968, 12, 31); + selector.setCertificateValid(cal.getTime()); + checkMatch(selector, cert, false); + + // good match + selector.setCertificateValid(cert.getNotBefore()); + checkMatch(selector, cert, true); + } + + /* + * Tests matching on the private key validity component contained in the + * certificate. + */ + private void testPrivateKeyValid() throws IOException, CertificateException { + System.out.println("X.509 Certificate Match on privateKeyValid"); + // bad match + X509CertSelector selector = new X509CertSelector(); + Calendar cal = Calendar.getInstance(); + cal.set(1968, 12, 31); + selector.setPrivateKeyValid(cal.getTime()); + checkMatch(selector, cert, false); + + // good match + DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16")); + byte[] encoded = in.getOctetString(); + PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded); + Date validDate = (Date) ext.get(PrivateKeyUsageExtension.NOT_BEFORE); + selector.setPrivateKeyValid(validDate); + checkMatch(selector, cert, true); + + } + + private ObjectIdentifier getCertPubKeyAlgOID(X509Certificate xcert) throws IOException { + byte[] encodedKey = xcert.getPublicKey().getEncoded(); + DerValue val = new DerValue(encodedKey); + if (val.tag != DerValue.tag_Sequence) { + throw new RuntimeException("invalid key format"); + } + + return AlgorithmId.parse(val.data.getDerValue()).getOID(); + } + + /* + * Tests matching on the subject public key algorithm ID component contained + * in the certificate. + */ + private void testSubjectPublicKeyAlgID() throws IOException { + System.out.println("X.509 Certificate Match on subjectPublicKeyAlgID"); + // bad match + X509CertSelector selector = new X509CertSelector(); + selector.setSubjectPublicKeyAlgID("2.5.29.14"); + checkMatch(selector, cert, false); + + // good match + selector.setSubjectPublicKeyAlgID(getCertPubKeyAlgOID(cert).toString()); + checkMatch(selector, cert, true); + + } + + // Tests matching on the key usage extension contained in the certificate. + private void testKeyUsage() { + System.out.println("X.509 Certificate Match on keyUsage"); + // bad match + X509CertSelector selector = new X509CertSelector(); + boolean[] keyUsage = { true, false, true, false, true, false, true, false }; + selector.setKeyUsage(keyUsage); + System.out.println("Selector = " + selector.toString()); + checkMatch(selector, cert, false); + + // good match + selector.setKeyUsage(cert.getKeyUsage()); + System.out.println("Selector = " + selector.toString()); + checkMatch(selector, cert, true); + } + + /* + * Tests matching on the subject alternative name extension contained in the + * certificate. + */ + private void testSubjectAltName() throws IOException { + System.out.println("X.509 Certificate Match on subjectAltName"); + // bad match + X509CertSelector selector = new X509CertSelector(); + GeneralNameInterface dnsName = new DNSName("foo.com"); + DerOutputStream tmp = new DerOutputStream(); + dnsName.encode(tmp); + selector.addSubjectAlternativeName(2, tmp.toByteArray()); + checkMatch(selector, cert, false); + + // good match + DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17")); + byte[] encoded = in.getOctetString(); + SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded); + GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); + GeneralName name = (GeneralName) names.get(0); + selector.setSubjectAlternativeNames(null); + DerOutputStream tmp2 = new DerOutputStream(); + name.getName().encode(tmp2); + selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray()); + checkMatch(selector, cert, true); + + // good match 2 (matches at least one) + selector.setMatchAllSubjectAltNames(false); + selector.addSubjectAlternativeName(2, "foo.com"); + checkMatch(selector, cert, true); + } + + /* + * Tests matching on the policy constraints extension contained in the + * certificate. + */ + private void testPolicy() throws IOException { + System.out.println("X.509 Certificate Match on certificatePolicies"); + // test encoding of CertificatePoliciesExtension because we wrote the + // code + // bad match + X509CertSelector selector = new X509CertSelector(); + Set<String> s = new HashSet<>(); + s.add(new String("1.2.5.7.68")); + selector.setPolicy(s); + checkMatch(selector, cert, false); + + // good match + DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32")); + CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString()); + List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES); + // match on the first policy id + PolicyInformation policyInfo = (PolicyInformation) policies.get(0); + s.clear(); + s.add(policyInfo.getPolicyIdentifier().getIdentifier().toString()); + selector.setPolicy(s); + checkMatch(selector, cert, true); + } + + /* + * Tests matching on the name constraints extension contained in the + * certificate. + */ + private void testPathToName() throws IOException { + System.out.println("X.509 Certificate Match on pathToName"); + + X509CertSelector selector = null; + DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.30")); + byte[] encoded = in.getOctetString(); + NameConstraintsExtension ext = new NameConstraintsExtension(false, encoded); + GeneralSubtrees permitted = (GeneralSubtrees) ext.get(PERMITTED_SUBTREES); + GeneralSubtrees excluded = (GeneralSubtrees) ext.get(EXCLUDED_SUBTREES); + + // bad matches on pathToName within excluded subtrees + if (excluded != null) { + Iterator<GeneralSubtree> e = excluded.iterator(); + while (e.hasNext()) { + GeneralSubtree tree = e.next(); + if (tree.getName().getType() == NAME_DIRECTORY) { + X500Name excludedDN1 = new X500Name(tree.getName().toString()); + X500Name excludedDN2 = new X500Name("CN=Bogus, " + tree.getName().toString()); + DerOutputStream derDN1 = new DerOutputStream(); + DerOutputStream derDN2 = new DerOutputStream(); + excludedDN1.encode(derDN1); + excludedDN2.encode(derDN2); + selector = new X509CertSelector(); + selector.addPathToName(NAME_DIRECTORY, derDN1.toByteArray()); + checkMatch(selector, cert, false); + selector.setPathToNames(null); + selector.addPathToName(NAME_DIRECTORY, derDN2.toByteArray()); + checkMatch(selector, cert, false); + } + } + } + + // good matches on pathToName within permitted subtrees + if (permitted != null) { + Iterator<GeneralSubtree> e = permitted.iterator(); + while (e.hasNext()) { + GeneralSubtree tree = e.next(); + if (tree.getName().getType() == NAME_DIRECTORY) { + X500Name permittedDN1 = new X500Name(tree.getName().toString()); + X500Name permittedDN2 = new X500Name("CN=good, " + tree.getName().toString()); + DerOutputStream derDN1 = new DerOutputStream(); + DerOutputStream derDN2 = new DerOutputStream(); + permittedDN1.encode(derDN1); + permittedDN2.encode(derDN2); + selector = new X509CertSelector(); + selector.addPathToName(NAME_DIRECTORY, derDN1.toByteArray()); + checkMatch(selector, cert, true); + selector.setPathToNames(null); + selector.addPathToName(NAME_DIRECTORY, derDN2.toByteArray()); + checkMatch(selector, cert, true); + } + } + } + } + + // Tests matching on the subject name contained in the certificate. + private void testSubject() throws IOException { + System.out.println("X.509 Certificate Match on subject"); + // bad match + X509CertSelector selector = new X509CertSelector(); + selector.setSubject("ou=bogus,ou=east,o=sun,c=us"); + checkMatch(selector, cert, false); + + // good match + selector.setSubject(cert.getSubjectX500Principal().getName("RFC2253")); + checkMatch(selector, cert, true); + } + + // Tests matching on the subject public key contained in the certificate. + private void testSubjectPublicKey() throws IOException, GeneralSecurityException { + System.out.println("X.509 Certificate Match on subject public key"); + // bad match + X509CertSelector selector = new X509CertSelector(); + X509EncodedKeySpec keySpec = new X509EncodedKeySpec( + Base64.getMimeDecoder().decode(testKey.getBytes())); + KeyFactory keyFactory = KeyFactory.getInstance("DSA"); + PublicKey pubKey = keyFactory.generatePublic(keySpec); + selector.setSubjectPublicKey(pubKey); + checkMatch(selector, cert, false); + + // good match + selector.setSubjectPublicKey(cert.getPublicKey()); + checkMatch(selector, cert, true); + } + + // Tests matching on the name constraints contained in the certificate. + private void testNameConstraints() throws IOException { + System.out.println("X.509 Certificate Match on name constraints"); + // bad match + GeneralSubtrees subjectTree = new GeneralSubtrees(); + subjectTree.add(getGeneralSubtree((X500Name) cert.getSubjectDN())); + NameConstraintsExtension ext = new NameConstraintsExtension((GeneralSubtrees) null, subjectTree); + X509CertSelector selector = new X509CertSelector(); + selector.setNameConstraints(ext.getExtensionValue()); + checkMatch(selector, cert, false); + + // good match + ext = new NameConstraintsExtension(subjectTree, null); + selector.setNameConstraints(ext.getExtensionValue()); + checkMatch(selector, cert, true); + } + + // Tests matching on basic constraints. + private void testBasicConstraints() { + System.out.println("X.509 Certificate Match on basic constraints"); + // bad match + X509CertSelector selector = new X509CertSelector(); + int mpl = cert.getBasicConstraints(); + selector.setBasicConstraints(0); + checkMatch(selector, cert, false); + + // good match + selector.setBasicConstraints(mpl); + checkMatch(selector, cert, true); + } + + // Tests certificateEquals criterion + private void testCertificate() { + System.out.println("X.509 Certificate Match on certificateEquals criterion"); + + X509CertSelector selector = new X509CertSelector(); + // good match + selector.setCertificate(cert); + checkMatch(selector, cert, true); + } + + private void checkMatch(X509CertSelector selector, X509Certificate cert, boolean match) { + boolean result = selector.match(cert); + if (match != result) + throw new RuntimeException(selector + " match " + cert + " is " + result + ", but expect " + match); + } + + private static GeneralSubtree getGeneralSubtree(GeneralNameInterface gni) { + // Create a new GeneralSubtree with the specified name, 0 base, and + // unlimited length + GeneralName gn = new GeneralName(gni); + GeneralSubtree subTree = new GeneralSubtree(gn, 0, -1); + return subTree; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/krb5/auto/KrbTicket.java Tue Sep 15 07:47:44 2015 -0700 @@ -0,0 +1,146 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.nio.file.Files; +import java.nio.file.Paths; +import java.time.Instant; +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; +import javax.security.auth.RefreshFailedException; +import javax.security.auth.Subject; +import javax.security.auth.kerberos.KerberosTicket; +import javax.security.auth.login.LoginContext; + +/* + * @test + * @bug 6857795 8075299 + * @summary Checks Kerberos ticket properties + * @run main/othervm KrbTicket + */ +public class KrbTicket { + + private static final String REALM = "TEST.REALM"; + private static final String HOST = "localhost"; + private static final String USER = "TESTER"; + private static final String USER_PRINCIPAL = USER + "@" + REALM; + private static final String PASSWORD = "password"; + private static final String KRBTGT_PRINCIPAL = "krbtgt/" + REALM; + private static final String KRB5_CONF_FILENAME = "krb5.conf"; + private static final String JAAS_CONF = "jaas.conf"; + private static final long TICKET_LIFTETIME = 5 * 60 * 1000; // 5 mins + + public static void main(String[] args) throws Exception { + // define principals + Map<String, String> principals = new HashMap<>(); + principals.put(USER_PRINCIPAL, PASSWORD); + principals.put(KRBTGT_PRINCIPAL, null); + + System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME); + + // start a local KDC instance + KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null); + KDC.saveConfig(KRB5_CONF_FILENAME, kdc, + "forwardable = true", "proxiable = true"); + + // create JAAS config + Files.write(Paths.get(JAAS_CONF), Arrays.asList( + "Client {", + " com.sun.security.auth.module.Krb5LoginModule required;", + "};" + )); + System.setProperty("java.security.auth.login.config", JAAS_CONF); + System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); + + long startTime = Instant.now().getEpochSecond() * 1000; + + LoginContext lc = new LoginContext("Client", + new Helper.UserPasswordHandler(USER, PASSWORD)); + lc.login(); + + Subject subject = lc.getSubject(); + System.out.println("subject: " + subject); + + Set creds = subject.getPrivateCredentials( + KerberosTicket.class); + + if (creds.size() > 1) { + throw new RuntimeException("Multiple credintials found"); + } + + Object o = creds.iterator().next(); + if (!(o instanceof KerberosTicket)) { + throw new RuntimeException("Instance of KerberosTicket expected"); + } + KerberosTicket krbTkt = (KerberosTicket) o; + + System.out.println("forwardable = " + krbTkt.isForwardable()); + System.out.println("proxiable = " + krbTkt.isProxiable()); + System.out.println("renewable = " + krbTkt.isRenewable()); + System.out.println("current = " + krbTkt.isCurrent()); + + if (!krbTkt.isForwardable()) { + throw new RuntimeException("Forwardable ticket expected"); + } + + if (!krbTkt.isProxiable()) { + throw new RuntimeException("Proxiable ticket expected"); + } + + if (!krbTkt.isCurrent()) { + throw new RuntimeException("Ticket is not current"); + } + + if (krbTkt.isRenewable()) { + throw new RuntimeException("Not renewable ticket expected"); + } + try { + krbTkt.refresh(); + throw new RuntimeException( + "Expected RefreshFailedException not thrown"); + } catch(RefreshFailedException e) { + System.out.println("Expected exception: " + e); + } + + if (!checkTime(krbTkt, startTime)) { + throw new RuntimeException("Wrong ticket life time"); + } + + krbTkt.destroy(); + if (!krbTkt.isDestroyed()) { + throw new RuntimeException("Ticket not destroyed"); + } + + System.out.println("Test passed"); + } + + private static boolean checkTime(KerberosTicket krbTkt, long startTime) { + long ticketEndTime = krbTkt.getEndTime().getTime(); + long roughLifeTime = ticketEndTime - startTime; + System.out.println("start time = " + startTime); + System.out.println("end time = " + ticketEndTime); + System.out.println("rough life time = " + roughLifeTime); + return roughLifeTime >= TICKET_LIFTETIME; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/krb5/auto/tools/KinitConfPlusProps.java Tue Sep 15 07:47:44 2015 -0700 @@ -0,0 +1,188 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.io.File; +import java.net.PortUnreachableException; +import java.util.HashMap; +import java.util.Map; +import jdk.testlibrary.ProcessTools; +import jdk.testlibrary.OutputAnalyzer; + +/* + * @test + * @bug 6857795 8075299 + * @summary Checks if kinit uses both krb5 conf file and system properties + * @requires os.family == "windows" + * @library /lib/testlibrary + * @library /sun/security/krb5/auto + * @run main/othervm KinitConfPlusProps + */ +public class KinitConfPlusProps { + + private static final String KINIT = System.getProperty("java.home") + + File.separator + "bin" + File.separator + "kinit"; + private static final String KLIST = System.getProperty("java.home") + + File.separator + "bin" + File.separator + "klist"; + private static final String REALM = "REALM"; + private static final String ANOTHER_REALM = "ANOTHER.REALM"; + private static final String HOST = "localhost"; + private static final String CC_FILENAME = "krb5cc_test"; + private static final String USER = "TESTER"; + private static final String USER_PRINCIPAL = USER + "@" + REALM; + private static final String KRBTGT_PRINCIPAL = "krbtgt/" + REALM; + private static final String KEYTAB_FILE = "test.keytab"; + private static final String KRB5_CONF_FILENAME = "krb5.conf"; + + public static void main(String[] args) throws Exception { + // define principals + Map<String, String> principals = new HashMap<>(); + principals.put(USER_PRINCIPAL, null); + principals.put(KRBTGT_PRINCIPAL, null); + + System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME); + + // start a local KDC instance + KDC kdc = KDC.startKDC(HOST, null, REALM, principals, KEYTAB_FILE, + KDC.KtabMode.APPEND); + KDC.saveConfig(KRB5_CONF_FILENAME, kdc, + "forwardable = true", "proxiable = true"); + + boolean success = true; + + /* + * kinit should fail since java.security.krb5.kdc + * and java.security.krb5.realm properties override correct values + * in krb5 conf file + */ + String[] command = {KINIT, "-k", + "-J-Djava.security.krb5.realm=" + REALM, + "-J-Djava.security.krb5.kdc=" + HOST, // without port + "-J-Djava.security.krb5.conf=" + KRB5_CONF_FILENAME, + "-t", KEYTAB_FILE, + "-c", CC_FILENAME, + USER + }; + + try { + OutputAnalyzer out = ProcessTools.executeCommand(command); + out.shouldHaveExitValue(-1); + out.shouldContain(PortUnreachableException.class.getName()); + } catch(Throwable e) { + System.out.println("Unexpected exception: " + e); + e.printStackTrace(System.out); + success = false; + } + + /* + * kinit should succeed + * since realm should be picked up from principal name + */ + command = new String[] {KINIT, "-k", + "-J-Djava.security.krb5.realm=" + ANOTHER_REALM, + "-J-Djava.security.krb5.kdc=" + HOST, + "-J-Djava.security.krb5.conf=" + KRB5_CONF_FILENAME, + "-t", KEYTAB_FILE, + "-c", CC_FILENAME, + USER_PRINCIPAL + }; + + try { + OutputAnalyzer out = ProcessTools.executeCommand(command); + out.shouldHaveExitValue(0); + out.shouldContain(CC_FILENAME); + } catch(Throwable e) { + System.out.println("Unexpected exception: " + e); + e.printStackTrace(System.out); + success = false; + } + + success &= checkTicketFlags(); + + /* + * kinit should succeed + * since realm should be picked up from principal name, + * and other data should come from krb5 conf file + */ + command = new String[] {KINIT, "-k", + "-J-Djava.security.krb5.conf=" + KRB5_CONF_FILENAME, + "-t", KEYTAB_FILE, + "-c", CC_FILENAME, + USER_PRINCIPAL + }; + + try { + OutputAnalyzer out = ProcessTools.executeCommand(command); + out.shouldHaveExitValue(0); + out.shouldContain(CC_FILENAME); + } catch(Throwable e) { + System.out.println("Unexpected exception: " + e); + e.printStackTrace(System.out); + success = false; + } + + success &= checkTicketFlags(); + + // kinit should succeed even if a principal name doesn't have realm + command = new String[] {KINIT, "-k", + "-J-Djava.security.krb5.conf=" + KRB5_CONF_FILENAME, + "-t", KEYTAB_FILE, + "-c", CC_FILENAME, + USER + }; + + try { + OutputAnalyzer out = ProcessTools.executeCommand(command); + out.shouldHaveExitValue(0); + out.shouldContain(CC_FILENAME); + } catch(Throwable e) { + System.out.println("Unexpected exception: " + e); + e.printStackTrace(System.out); + success = false; + } + + success &= checkTicketFlags(); + + if (!success) { + throw new RuntimeException("At least one test case failed"); + } + System.out.println("Test passed"); + } + + // check if a ticket has forwardable and proxiable flags + private static boolean checkTicketFlags() { + String[] command = new String[] {KLIST, "-f", "-c", CC_FILENAME}; + + try { + OutputAnalyzer out = ProcessTools.executeCommand(command); + out.shouldHaveExitValue(0); + out.shouldContain("FORWARDABLE"); + out.shouldContain("PROXIABLE"); + } catch(Throwable e) { + System.out.println("Unexpected exception: " + e); + e.printStackTrace(System.out); + return false; + } + + return true; + } +}
--- a/test/sun/security/pkcs11/PKCS11Test.java Thu Sep 10 14:55:20 2015 -0700 +++ b/test/sun/security/pkcs11/PKCS11Test.java Tue Sep 15 07:47:44 2015 -0700 @@ -33,6 +33,8 @@ public abstract class PKCS11Test { + static final String PKCS11 = "PKCS11"; + // directory of the test source static final String BASE = System.getProperty("test.src", "."); @@ -644,4 +646,12 @@ return ""; } } + + static byte[] generateData(int length) { + byte data[] = new byte[length]; + for (int i=0; i<data.length; i++) { + data[i] = (byte) (i % 256); + } + return data; + } }
--- a/test/sun/security/pkcs11/Secmod/AddPrivateKey.java Thu Sep 10 14:55:20 2015 -0700 +++ b/test/sun/security/pkcs11/Secmod/AddPrivateKey.java Tue Sep 15 07:47:44 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,7 +28,6 @@ * @author Andreas Sterbenz * @library .. * @run main/othervm AddPrivateKey - * @key randomness */ import java.io.*; @@ -43,6 +42,13 @@ // all providers. public class AddPrivateKey extends SecmodTest { + private static final String ALIAS1 = "entry1"; + private static final String ALIAS2 = "entry2"; + private static final String ALIAS3 = "entry3"; + private static final int MAX_LINE = 85; + private static final int DATA_LENGTH = 4096; + private static final byte[] DATA = generateData(DATA_LENGTH); + public static void main(String[] args) throws Exception { if (initSecmod() == false) { return; @@ -57,7 +63,7 @@ System.out.println(); Security.addProvider(p); - KeyStore ks = KeyStore.getInstance("PKCS11", p); + KeyStore ks = KeyStore.getInstance(PKCS11, p); ks.load(null, password); for (String alias : aliases(ks)) { System.out.println("Deleting: " + alias); @@ -65,25 +71,28 @@ } KeyStore jks = KeyStore.getInstance("JKS"); - InputStream in = new FileInputStream(new File(BASE, "keystore.jks")); - char[] jkspass = "passphrase".toCharArray(); - jks.load(in, jkspass); - List<PrivateKeyEntry> entries = new ArrayList<PrivateKeyEntry>(); - for (String alias : Collections.list(jks.aliases())) { - if (jks.entryInstanceOf(alias, PrivateKeyEntry.class)) { - PrivateKeyEntry entry = (PrivateKeyEntry)jks.getEntry(alias, new PasswordProtection(jkspass)); - String algorithm = entry.getPrivateKey().getAlgorithm(); - System.out.println("-Entry " + alias + " (" + algorithm + ")"); - if ((supportsEC == false) && algorithm.equals("EC")) { - System.out.println("EC not supported by provider, skipping"); - continue; - } - if ((supportsEC == false) && algorithm.equals("DSA")) { - System.out.println("Provider does not appear to have CKA_NETSCAPE_DB fix, skipping"); - continue; - } - test(p, entry); - } // else ignore + try (InputStream in = new FileInputStream(BASE + SEP + "keystore.jks")) { + char[] jkspass = "passphrase".toCharArray(); + jks.load(in, jkspass); + for (String alias : Collections.list(jks.aliases())) { + if (jks.entryInstanceOf(alias, PrivateKeyEntry.class)) { + PrivateKeyEntry entry = (PrivateKeyEntry)jks.getEntry(alias, + new PasswordProtection(jkspass)); + String algorithm = entry.getPrivateKey().getAlgorithm(); + System.out.printf("-Entry %s (%s)%n", alias, algorithm); + if ((supportsEC == false) && algorithm.equals("EC")) { + System.out.println("EC not supported by provider, " + + "skipping"); + continue; + } + if ((supportsEC == false) && algorithm.equals("DSA")) { + System.out.println("Provider does not appear to have " + + "CKA_NETSCAPE_DB fix, skipping"); + continue; + } + test(p, entry); + } // else ignore + } } System.out.println("OK"); } @@ -92,10 +101,6 @@ return Collections.list(ks.aliases()); } - private final static String ALIAS1 = "entry1"; - private final static String ALIAS2 = "entry2"; - private final static String ALIAS3 = "entry3"; - private static void test(Provider p, PrivateKeyEntry entry) throws Exception { PrivateKey key = entry.getPrivateKey(); X509Certificate[] chain = (X509Certificate[])entry.getCertificateChain(); @@ -122,11 +127,8 @@ PrivateKey key2 = (PrivateKey)ks.getKey(ALIAS1, null); System.out.println(toString(key2)); - X509Certificate[] chain2 = (X509Certificate[])ks.getCertificateChain(ALIAS1); - // NSS makes token keys always sensitive, skip this check -// if (key.equals(key2) == false) { -// throw new Exception("key mismatch"); -// } + X509Certificate[] chain2 = + (X509Certificate[]) ks.getCertificateChain(ALIAS1); if (Arrays.equals(chain, chain2) == false) { throw new Exception("chain mismatch"); } @@ -154,7 +156,8 @@ PrivateKey key4 = (PrivateKey)ks.getKey(ALIAS2, null); System.out.println(toString(key4)); - X509Certificate[] chain4 = (X509Certificate[])ks.getCertificateChain(ALIAS2); + X509Certificate[] chain4 = (X509Certificate[]) + ks.getCertificateChain(ALIAS2); if (Arrays.equals(chain, chain4) == false) { throw new Exception("chain mismatch"); } @@ -172,7 +175,8 @@ PrivateKey key5 = (PrivateKey)ks.getKey(ALIAS3, null); System.out.println(toString(key5)); - X509Certificate[] chain5 = (X509Certificate[])ks.getCertificateChain(ALIAS3); + X509Certificate[] chain5 = (X509Certificate[]) + ks.getCertificateChain(ALIAS3); if (Arrays.equals(chain, chain5) == false) { throw new Exception("chain mismatch"); } @@ -186,24 +190,22 @@ System.out.println("OK"); } - private final static byte[] DATA = new byte[4096]; - - static { - Random random = new Random(); - random.nextBytes(DATA); - } - - private static void sign(Provider p, PrivateKey privateKey, PublicKey publicKey) throws Exception { + private static void sign(Provider p, PrivateKey privateKey, + PublicKey publicKey) throws Exception { String keyAlg = privateKey.getAlgorithm(); String alg; - if (keyAlg.equals("RSA")) { - alg = "SHA1withRSA"; - } else if (keyAlg.equals("DSA")) { - alg = "SHA1withDSA"; - } else if (keyAlg.equals("EC")) { - alg = "SHA1withECDSA"; - } else { - throw new Exception("Unknown algorithm " + keyAlg); + switch (keyAlg) { + case "RSA": + alg = "SHA1withRSA"; + break; + case "DSA": + alg = "SHA1withDSA"; + break; + case "EC": + alg = "SHA1withECDSA"; + break; + default: + throw new Exception("Unknown algorithm " + keyAlg); } Signature s = Signature.getInstance(alg, p); s.initSign(privateKey); @@ -217,8 +219,6 @@ } } - private final static int MAX_LINE = 85; - private static String toString(Object o) { String s = String.valueOf(o).split("\n")[0]; return (s.length() <= MAX_LINE) ? s : s.substring(0, MAX_LINE);
--- a/test/sun/security/pkcs11/Secmod/AddTrustedCert.java Thu Sep 10 14:55:20 2015 -0700 +++ b/test/sun/security/pkcs11/Secmod/AddTrustedCert.java Tue Sep 15 07:47:44 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -44,29 +44,47 @@ return; } - InputStream in = new FileInputStream(BASE + SEP + "anchor.cer"); - CertificateFactory factory = CertificateFactory.getInstance("X.509"); - X509Certificate cert = (X509Certificate)factory.generateCertificate(in); - in.close(); -// System.out.println(cert); + X509Certificate cert; + try (InputStream in = new FileInputStream(BASE + SEP + "anchor.cer")) { + CertificateFactory factory = + CertificateFactory.getInstance("X.509"); + cert = (X509Certificate)factory.generateCertificate(in); + } String configName = BASE + SEP + "nss.cfg"; Provider p = getSunPKCS11(configName); System.out.println(p); Security.addProvider(p); - KeyStore ks = KeyStore.getInstance("PKCS11", p); + KeyStore ks = KeyStore.getInstance(PKCS11, p); ks.load(null, password); - Collection<String> aliases = new TreeSet<String>(Collections.list(ks.aliases())); + Collection<String> aliases = new TreeSet<>(Collections.list( + ks.aliases())); System.out.println("entries: " + aliases.size()); System.out.println(aliases); int size1 = aliases.size(); String alias = "anchor"; - ks.setCertificateEntry(alias, cert); + if (ks.containsAlias(alias)) { + throw new Exception("Alias exists: " + alias); + } + ks.setCertificateEntry(alias, cert); + KeyStore.Entry first = ks.getEntry(alias, null); + System.out.println("first entry = " + first); + if (!ks.entryInstanceOf(alias, TrustedCertificateEntry.class)) { + throw new Exception("Unexpected first entry type: " + first); + } - aliases = new TreeSet<String>(Collections.list(ks.aliases())); + ks.setCertificateEntry(alias, cert); + KeyStore.Entry second = ks.getEntry(alias, null); + System.out.println("second entry = " + second); + if (!ks.entryInstanceOf(alias, TrustedCertificateEntry.class)) { + throw new Exception("Unexpected second entry type: " + + second); + } + + aliases = new TreeSet<>(Collections.list(ks.aliases())); System.out.println("entries: " + aliases.size()); System.out.println(aliases); int size2 = aliases.size(); @@ -79,8 +97,12 @@ throw new Exception("KeyStore returned incorrect certificate"); } + ks.deleteEntry(alias); + if (ks.containsAlias(alias)) { + throw new Exception("Alias still exists: " + alias); + } + System.out.println("OK"); - } }
--- a/test/sun/security/pkcs11/Secmod/Crypto.java Thu Sep 10 14:55:20 2015 -0700 +++ b/test/sun/security/pkcs11/Secmod/Crypto.java Tue Sep 15 07:47:44 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,11 +28,8 @@ * @author Andreas Sterbenz * @library .. * @run main/othervm Crypto - * @key randomness */ -import java.util.*; - import java.security.*; public class Crypto extends SecmodTest { @@ -51,9 +48,7 @@ System.out.println(kp.getPublic()); System.out.println(kp.getPrivate()); - SecureRandom random = new SecureRandom(); - byte[] data = new byte[2048]; - random.nextBytes(data); + byte[] data = generateData(2048); Signature sig = Signature.getInstance("SHA1withRSA", p); sig.initSign(kp.getPrivate());
--- a/test/sun/security/pkcs11/Secmod/GetPrivateKey.java Thu Sep 10 14:55:20 2015 -0700 +++ b/test/sun/security/pkcs11/Secmod/GetPrivateKey.java Tue Sep 15 07:47:44 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,11 +24,11 @@ /** * @test * @bug 6273877 6322208 6275523 - * @summary make sure we can access the NSS softtoken KeyStore and use a private key + * @summary make sure we can access the NSS softtoken KeyStore + * and use a private key * @author Andreas Sterbenz * @library .. * @run main/othervm GetPrivateKey - * @key randomness */ import java.util.*; @@ -49,18 +49,17 @@ System.out.println(p); Security.addProvider(p); - KeyStore ks = KeyStore.getInstance("PKCS11", p); + KeyStore ks = KeyStore.getInstance(PKCS11, p); ks.load(null, password); - Collection<String> aliases = new TreeSet<String>(Collections.list(ks.aliases())); + Collection<String> aliases = new TreeSet<>( + Collections.list(ks.aliases())); System.out.println("entries: " + aliases.size()); System.out.println(aliases); PrivateKey privateKey = (PrivateKey)ks.getKey(keyAlias, password); System.out.println(privateKey); - byte[] data = new byte[1024]; - Random random = new Random(); - random.nextBytes(data); + byte[] data = generateData(1024); System.out.println("Signing..."); Signature signature = Signature.getInstance("MD5withRSA"); @@ -68,7 +67,8 @@ signature.update(data); byte[] sig = signature.sign(); - X509Certificate[] chain = (X509Certificate[])ks.getCertificateChain(keyAlias); + X509Certificate[] chain = + (X509Certificate[]) ks.getCertificateChain(keyAlias); signature.initVerify(chain[0].getPublicKey()); signature.update(data); boolean ok = signature.verify(sig);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/pkcs11/Secmod/LoadKeystore.java Tue Sep 15 07:47:44 2015 -0700 @@ -0,0 +1,94 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.Provider; +import java.security.Security; +import java.security.UnrecoverableKeyException; +import java.util.Collections; + +/* + * @test + * @bug 8048622 8134232 + * @summary Checks that PKCS#11 keystore can't be loaded with wrong password + * @library ../ + * @run main/othervm LoadKeystore + */ +public class LoadKeystore extends SecmodTest { + + public static void main(String[] args) throws Exception { + if (!initSecmod()) { + return; + } + + String configName = BASE + SEP + "nss.cfg"; + Provider p = getSunPKCS11(configName); + + System.out.println("Add provider " + p); + System.out.println(); + Security.addProvider(p); + + try { + System.out.println("Load keystore with wrong type"); + KeyStore.getInstance("unknown", p); + throw new RuntimeException("Expected exception not thrown"); + } catch(KeyStoreException e) { + System.out.println("Expected exception: " + e); + } + + KeyStore ks = KeyStore.getInstance("PKCS11", p); + if (!"PKCS11".equals(ks.getType())) { + throw new RuntimeException("Unexpected keystore type: " + + ks.getType()); + } + if (!p.equals(ks.getProvider())) { + throw new RuntimeException("Unexpected keystore provider: " + + ks.getProvider()); + } + + try { + System.out.println("Load keystore with wrong password"); + ks.load(null, "wrong".toCharArray()); + throw new RuntimeException("Expected exception not thrown"); + } catch(IOException e) { + System.out.println("Expected exception: " + e); + Throwable cause = e.getCause(); + if (!(cause instanceof UnrecoverableKeyException)) { + e.printStackTrace(System.out); + throw new RuntimeException("Unexpected cause: " + cause); + } + System.out.println("Expected cause: " + cause); + } + + System.out.println("Load keystore with correct password"); + ks.load(null, password); + for (String alias : Collections.list(ks.aliases())) { + System.out.println("Alias: " + alias); + } + + System.out.println("Test passed"); + } + +}
--- a/test/sun/security/provider/KeyStore/DKSTest.java Thu Sep 10 14:55:20 2015 -0700 +++ b/test/sun/security/provider/KeyStore/DKSTest.java Tue Sep 15 07:47:44 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -60,8 +60,38 @@ new KeyStore.PasswordProtection("passphrase".toCharArray())); }}; + private static final Map<String, KeyStore.ProtectionParameter> + WRONG_PASSWORDS = new HashMap<String, KeyStore.ProtectionParameter>() {{ + put("policy_keystore", + new KeyStore.PasswordProtection( + "wrong".toCharArray())); + put("pw_keystore", + new KeyStore.PasswordProtection("wrong".toCharArray())); + put("eckeystore1", + new KeyStore.PasswordProtection("wrong".toCharArray())); + put("eckeystore2", + new KeyStore.PasswordProtection("wrong".toCharArray())); + }}; + public static void main(String[] args) throws Exception { /* + * domain keystore: keystores with wrong passwords + */ + try { + URI config = new URI(CONFIG + "#keystores"); + KeyStore ks = KeyStore.getInstance("DKS"); + ks.load(new DomainLoadStoreParameter(config, WRONG_PASSWORDS)); + throw new RuntimeException("Expected exception not thrown"); + } catch (IOException e) { + System.out.println("Expected exception: " + e); + if (!causedBy(e, UnrecoverableKeyException.class)) { + e.printStackTrace(System.out); + throw new RuntimeException("Unexpected cause"); + } + System.out.println("Expected cause: " + e); + } + + /* * domain keystore: system */ URI config = new URI(CONFIG + "#system"); @@ -182,4 +212,15 @@ return factory.generateCertificate(certStream); } } + + // checks if an exception was caused by specified exception class + private static boolean causedBy(Exception e, Class klass) { + Throwable cause = e; + while ((cause = cause.getCause()) != null) { + if (cause.getClass().equals(klass)) { + return true; + } + } + return false; + } }