Mercurial > hg > openjdk > jdk9 > jdk
changeset 10372:a31efe49556a jdk9-b25
Merge
author | lana |
---|---|
date | Wed, 30 Jul 2014 11:49:59 -0700 |
parents | fdf4cac36ef0 (current diff) 87fac66a55b4 (diff) |
children | ae38245f7a8b |
files | src/share/classes/sun/security/ec/CurveDB.java src/share/classes/sun/security/ec/ECParameters.java src/share/classes/sun/security/ec/NamedCurve.java test/sun/security/krb5/auto/KerberosHashEqualsTest.java test/sun/security/tools/keytool/weaksize.sh |
diffstat | 66 files changed, 3189 insertions(+), 1535 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java Wed Jul 30 11:49:59 2014 -0700 @@ -55,7 +55,6 @@ * Returns the CORBA object reference associated with a Remote * object by using the javax.rmi.CORBA package. *<p> - * Use reflection to avoid hard dependencies on javax.rmi.CORBA package. * This method effective does the following: *<blockquote><pre> * java.lang.Object stub;
--- a/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java Wed Jul 30 11:49:59 2014 -0700 @@ -33,7 +33,10 @@ import java.util.*; import javax.security.auth.*; -import javax.security.auth.kerberos.*; +import javax.security.auth.kerberos.KerberosTicket; +import javax.security.auth.kerberos.KerberosPrincipal; +import javax.security.auth.kerberos.KerberosKey; +import javax.security.auth.kerberos.KeyTab; import javax.security.auth.callback.*; import javax.security.auth.login.*; import javax.security.auth.spi.*;
--- a/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java Wed Jul 30 11:49:59 2014 -0700 @@ -36,33 +36,7 @@ public interface ExtendedGSSContext extends GSSContext { /** * Return the mechanism-specific attribute associated with {@code type}. - * <br><br> - * For each supported attribute type, the type for the output are - * defined below. - * <ol> - * <li>{@code KRB5_GET_TKT_FLAGS}: - * the returned object is a boolean array for the service ticket flags, - * which is long enough to contain all true bits. This means if - * the user wants to get the <em>n</em>'th bit but the length of the - * returned array is less than <em>n</em>, it is regarded as false. - * <li>{@code KRB5_GET_SESSION_KEY}: - * the returned object is an instance of {@link java.security.Key}, - * which has the following properties: - * <ul> - * <li>Algorithm: enctype as a string, where - * enctype is defined in RFC 3961, section 8. - * <li>Format: "RAW" - * <li>Encoded form: the raw key bytes, not in any ASN.1 encoding - * </ul> - * <li>{@code KRB5_GET_AUTHZ_DATA}: - * the returned object is an array of - * {@link com.sun.security.jgss.AuthorizationDataEntry}, or null if the - * optional field is missing in the service ticket. - * <li>{@code KRB5_GET_AUTHTIME}: - * the returned object is a String object in the standard KerberosTime - * format defined in RFC 4120 5.2.3 - * </ol> - * + * <p> * If there is a security manager, an {@link InquireSecContextPermission} * with the name {@code type.mech} must be granted. Otherwise, this could * result in a {@link SecurityException}.<p> @@ -97,6 +71,7 @@ * @throws SecurityException if a security manager exists and a proper * {@link InquireSecContextPermission} is not granted. * @see InquireSecContextPermission + * @see InquireType */ public Object inquireSecContext(InquireType type) throws GSSException;
--- a/src/share/classes/com/sun/security/jgss/InquireType.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/com/sun/security/jgss/InquireType.java Wed Jul 30 11:49:59 2014 -0700 @@ -32,13 +32,38 @@ @jdk.Exported public enum InquireType { /** - * Attribute type for retrieving the session key of an - * established Kerberos 5 security context. + * Attribute type for retrieving the session key of an established + * Kerberos 5 security context. The returned object is an instance of + * {@link java.security.Key}, which has the following properties: + * <ul> + * <li>Algorithm: enctype as a string, where + * enctype is defined in RFC 3961, section 8. + * <li>Format: "RAW" + * <li>Encoded form: the raw key bytes, not in any ASN.1 encoding + * </ul> + * @deprecated as of 1.9, replaced by {@link #KRB5_GET_SESSION_KEY_EX} + * which returns an instance of + * {@link sun.security.jgss.krb5.Krb5Context.EncryptionKey} + * that implements the {@link javax.crypto.SecretKey} interface and + * has similar methods with {@link javax.security.auth.kerberos.KerberosKey}. */ + @Deprecated KRB5_GET_SESSION_KEY, /** + * Attribute type for retrieving the session key of an + * established Kerberos 5 security context. The return value is an + * instance of {@link javax.security.auth.kerberos.EncryptionKey}. + * + * @since 1.9 + */ + KRB5_GET_SESSION_KEY_EX, + /** * Attribute type for retrieving the service ticket flags of an - * established Kerberos 5 security context. + * established Kerberos 5 security context. The returned object is + * a boolean array for the service ticket flags, which is long enough + * to contain all true bits. This means if the user wants to get the + * <em>n</em>'th bit but the length of the returned array is less than + * <em>n</em>, it is regarded as false. */ KRB5_GET_TKT_FLAGS, /** @@ -49,7 +74,17 @@ KRB5_GET_AUTHZ_DATA, /** * Attribute type for retrieving the authtime in the service ticket - * of an established Kerberos 5 security context. + * of an established Kerberos 5 security context. The returned object + * is a String object in the standard KerberosTime format defined in + * RFC 4120 Section 5.2.3. */ - KRB5_GET_AUTHTIME + KRB5_GET_AUTHTIME, + /** + * Attribute type for retrieving the KRB_CRED message that an initiator + * is about to send to an acceptor. The return type is an instance of + * {@link javax.security.auth.kerberos.KerberosCredMessage}. + * + * @since 1.9 + */ + KRB5_GET_KRB_CRED, }
--- a/src/share/classes/java/lang/Integer.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/java/lang/Integer.java Wed Jul 30 11:49:59 2014 -0700 @@ -26,6 +26,7 @@ package java.lang; import java.lang.annotation.Native; +import java.util.Objects; /** * The {@code Integer} class wraps a value of the primitive type @@ -319,24 +320,27 @@ } /** - * Format a long (treated as unsigned) into a character buffer. + * Format an {@code int} (treated as unsigned) into a character buffer. If + * {@code len} exceeds the formatted ASCII representation of {@code val}, + * {@code buf} will be padded with leading zeroes. + * * @param val the unsigned int to format * @param shift the log2 of the base to format in (4 for hex, 3 for octal, 1 for binary) * @param buf the character buffer to write to * @param offset the offset in the destination buffer to start at * @param len the number of characters to write - * @return the lowest character location used */ - static int formatUnsignedInt(int val, int shift, char[] buf, int offset, int len) { - int charPos = len; + static void formatUnsignedInt(int val, int shift, char[] buf, int offset, int len) { + // assert shift > 0 && shift <=5 : "Illegal shift value"; + // assert offset >= 0 && offset < buf.length : "illegal offset"; + // assert len > 0 && (offset + len) <= buf.length : "illegal length"; + int charPos = offset + len; int radix = 1 << shift; int mask = radix - 1; do { - buf[offset + --charPos] = Integer.digits[val & mask]; + buf[--charPos] = Integer.digits[val & mask]; val >>>= shift; - } while (val != 0 && charPos > 0); - - return charPos; + } while (charPos > offset); } final static char [] DigitTens = { @@ -549,12 +553,9 @@ " greater than Character.MAX_RADIX"); } - int result = 0; boolean negative = false; int i = 0, len = s.length(); int limit = -Integer.MAX_VALUE; - int multmin; - int digit; if (len > 0) { char firstChar = s.charAt(0); @@ -562,21 +563,21 @@ if (firstChar == '-') { negative = true; limit = Integer.MIN_VALUE; - } else if (firstChar != '+') + } else if (firstChar != '+') { throw NumberFormatException.forInputString(s); + } - if (len == 1) // Cannot have lone "+" or "-" + if (len == 1) { // Cannot have lone "+" or "-" throw NumberFormatException.forInputString(s); + } i++; } - multmin = limit / radix; + int multmin = limit / radix; + int result = 0; while (i < len) { // Accumulating negatively avoids surprises near MAX_VALUE - digit = Character.digit(s.charAt(i++),radix); - if (digit < 0) { - throw NumberFormatException.forInputString(s); - } - if (result < multmin) { + int digit = Character.digit(s.charAt(i++), radix); + if (digit < 0 || result < multmin) { throw NumberFormatException.forInputString(s); } result *= radix; @@ -585,10 +586,126 @@ } result -= digit; } + return negative ? result : -result; } else { throw NumberFormatException.forInputString(s); } - return negative ? result : -result; + } + + /** + * Parses the {@link CharSequence} argument as a signed {@code int} in the + * specified {@code radix}, beginning at the specified {@code beginIndex} + * and extending to the end of the sequence. + * + * <p>The method does not take steps to guard against the + * {@code CharSequence} being mutated while parsing. + * + * @param s the {@code CharSequence} containing the {@code int} + * representation to be parsed + * @param radix the radix to be used while parsing {@code s}. + * @param beginIndex the beginning index, inclusive. + * @return the signed {@code int} represented by the subsequence in + * the specified radix. + * @throws NullPointerException if {@code s} is null. + * @throws IndexOutOfBoundsException if {@code beginIndex} is + * negative, or if {@code beginIndex} is greater than + * {@code s.length()}. + * @throws NumberFormatException if the {@code CharSequence} does not + * contain a parsable {@code int} in the specified + * {@code radix}, or if {@code radix} is either smaller than + * {@link java.lang.Character#MIN_RADIX} or larger than + * {@link java.lang.Character#MAX_RADIX}. + * @since 1.9 + */ + public static int parseInt(CharSequence s, int radix, int beginIndex) + throws NumberFormatException { + // forces an implicit null check of s + return parseInt(s, radix, beginIndex, s.length()); + } + + /** + * Parses the {@link CharSequence} argument as a signed {@code int} in the + * specified {@code radix}, beginning at the specified {@code beginIndex} + * and extending to {@code endIndex - 1}. + * + * <p>The method does not take steps to guard against the + * {@code CharSequence} being mutated while parsing. + * + * @param s the {@code CharSequence} containing the {@code int} + * representation to be parsed + * @param radix the radix to be used while parsing {@code s}. + * @param beginIndex the beginning index, inclusive. + * @param endIndex the ending index, exclusive. + * @return the signed {@code int} represented by the subsequence in + * the specified radix. + * @throws NullPointerException if {@code s} is null. + * @throws IndexOutOfBoundsException if {@code beginIndex} is + * negative, or if {@code beginIndex} is greater than + * {@code endIndex} or if {@code endIndex} is greater than + * {@code s.length()}. + * @throws NumberFormatException if the {@code CharSequence} does not + * contain a parsable {@code int} in the specified + * {@code radix}, or if {@code radix} is either smaller than + * {@link java.lang.Character#MIN_RADIX} or larger than + * {@link java.lang.Character#MAX_RADIX}. + * @since 1.9 + */ + public static int parseInt(CharSequence s, int radix, int beginIndex, int endIndex) + throws NumberFormatException { + s = Objects.requireNonNull(s); + + if (beginIndex < 0 || beginIndex > endIndex || endIndex > s.length()) { + throw new IndexOutOfBoundsException(); + } + if (radix < Character.MIN_RADIX) { + throw new NumberFormatException("radix " + radix + + " less than Character.MIN_RADIX"); + } + if (radix > Character.MAX_RADIX) { + throw new NumberFormatException("radix " + radix + + " greater than Character.MAX_RADIX"); + } + + boolean negative = false; + int i = beginIndex; + int limit = -Integer.MAX_VALUE; + + if (i < endIndex) { + char firstChar = s.charAt(i); + if (firstChar < '0') { // Possible leading "+" or "-" + if (firstChar == '-') { + negative = true; + limit = Integer.MIN_VALUE; + } else if (firstChar != '+') { + throw NumberFormatException.forCharSequence(s, beginIndex, + endIndex, i); + } + i++; + if (i == endIndex) { // Cannot have lone "+" or "-" + throw NumberFormatException.forCharSequence(s, beginIndex, + endIndex, i); + } + } + int multmin = limit / radix; + int result = 0; + while (i < endIndex) { + // Accumulating negatively avoids surprises near MAX_VALUE + int digit = Character.digit(s.charAt(i++), radix); + if (digit < 0 || result < multmin) { + throw NumberFormatException.forCharSequence(s, beginIndex, + endIndex, i); + } + result *= radix; + if (result < limit + digit) { + throw NumberFormatException.forCharSequence(s, beginIndex, + endIndex, i); + } + result -= digit; + } + return negative ? result : -result; + } else { + throw NumberFormatException.forInputString(""); + } } /** @@ -689,6 +806,99 @@ } /** + * Parses the {@link CharSequence} argument as an unsigned {@code int} in + * the specified {@code radix}, beginning at the specified + * {@code beginIndex} and extending to the end of the sequence. + * + * <p>The method does not take steps to guard against the + * {@code CharSequence} being mutated while parsing. + * + * @param s the {@code CharSequence} containing the unsigned + * {@code int} representation to be parsed + * @param radix the radix to be used while parsing {@code s}. + * @param beginIndex the beginning index, inclusive. + * @return the unsigned {@code int} represented by the subsequence in + * the specified radix. + * @throws NullPointerException if {@code s} is null. + * @throws IndexOutOfBoundsException if {@code beginIndex} is + * negative, or if {@code beginIndex} is greater than + * {@code s.length()}. + * @throws NumberFormatException if the {@code CharSequence} does not + * contain a parsable unsigned {@code int} in the specified + * {@code radix}, or if {@code radix} is either smaller than + * {@link java.lang.Character#MIN_RADIX} or larger than + * {@link java.lang.Character#MAX_RADIX}. + * @since 1.9 + */ + public static int parseUnsignedInt(CharSequence s, int radix, int beginIndex) + throws NumberFormatException { + // forces an implicit null check of s + return parseUnsignedInt(s, radix, beginIndex, s.length()); + } + + /** + * Parses the {@link CharSequence} argument as an unsigned {@code int} in + * the specified {@code radix}, beginning at the specified + * {@code beginIndex} and extending to {@code endIndex - 1}. + * + * <p>The method does not take steps to guard against the + * {@code CharSequence} being mutated while parsing. + * + * @param s the {@code CharSequence} containing the unsigned + * {@code int} representation to be parsed + * @param radix the radix to be used while parsing {@code s}. + * @param beginIndex the beginning index, inclusive. + * @param endIndex the ending index, exclusive. + * @return the unsigned {@code int} represented by the subsequence in + * the specified radix. + * @throws NullPointerException if {@code s} is null. + * @throws IndexOutOfBoundsException if {@code beginIndex} is + * negative, or if {@code beginIndex} is greater than + * {@code endIndex} or if {@code endIndex} is greater than + * {@code s.length()}. + * @throws NumberFormatException if the {@code CharSequence} does not + * contain a parsable unsigned {@code int} in the specified + * {@code radix}, or if {@code radix} is either smaller than + * {@link java.lang.Character#MIN_RADIX} or larger than + * {@link java.lang.Character#MAX_RADIX}. + * @since 1.9 + */ + public static int parseUnsignedInt(CharSequence s, int radix, int beginIndex, int endIndex) + throws NumberFormatException { + s = Objects.requireNonNull(s); + + if (beginIndex < 0 || beginIndex > endIndex || endIndex > s.length()) { + throw new IndexOutOfBoundsException(); + } + int start = beginIndex, len = endIndex - beginIndex; + + if (len > 0) { + char firstChar = s.charAt(start); + if (firstChar == '-') { + throw new + NumberFormatException(String.format("Illegal leading minus sign " + + "on unsigned string %s.", s)); + } else { + if (len <= 5 || // Integer.MAX_VALUE in Character.MAX_RADIX is 6 digits + (radix == 10 && len <= 9)) { // Integer.MAX_VALUE in base 10 is 10 digits + return parseInt(s, radix, start, start + len); + } else { + long ell = Long.parseLong(s, radix, start, start + len); + if ((ell & 0xffff_ffff_0000_0000L) == 0) { + return (int) ell; + } else { + throw new + NumberFormatException(String.format("String value %s exceeds " + + "range of unsigned int.", s)); + } + } + } + } else { + throw new NumberFormatException(""); + } + } + + /** * Parses the string argument as an unsigned decimal integer. The * characters in the string must all be decimal digits, except * that the first character may be an an ASCII plus sign {@code
--- a/src/share/classes/java/lang/Long.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/java/lang/Long.java Wed Jul 30 11:49:59 2014 -0700 @@ -27,6 +27,7 @@ import java.lang.annotation.Native; import java.math.*; +import java.util.Objects; /** @@ -360,24 +361,27 @@ } /** - * Format a long (treated as unsigned) into a character buffer. + * Format a long (treated as unsigned) into a character buffer. If + * {@code len} exceeds the formatted ASCII representation of {@code val}, + * {@code buf} will be padded with leading zeroes. + * * @param val the unsigned long to format * @param shift the log2 of the base to format in (4 for hex, 3 for octal, 1 for binary) * @param buf the character buffer to write to * @param offset the offset in the destination buffer to start at * @param len the number of characters to write - * @return the lowest character location used */ - static int formatUnsignedLong(long val, int shift, char[] buf, int offset, int len) { - int charPos = len; + static void formatUnsignedLong(long val, int shift, char[] buf, int offset, int len) { + // assert shift > 0 && shift <=5 : "Illegal shift value"; + // assert offset >= 0 && offset < buf.length : "illegal offset"; + // assert len > 0 && (offset + len) <= buf.length : "illegal length"; + int charPos = offset + len; int radix = 1 << shift; int mask = radix - 1; do { - buf[offset + --charPos] = Integer.digits[((int) val) & mask]; + buf[--charPos] = Integer.digits[((int) val) & mask]; val >>>= shift; - } while (val != 0 && charPos > 0); - - return charPos; + } while (charPos > offset); } /** @@ -561,12 +565,9 @@ " greater than Character.MAX_RADIX"); } - long result = 0; boolean negative = false; int i = 0, len = s.length(); long limit = -Long.MAX_VALUE; - long multmin; - int digit; if (len > 0) { char firstChar = s.charAt(0); @@ -574,21 +575,21 @@ if (firstChar == '-') { negative = true; limit = Long.MIN_VALUE; - } else if (firstChar != '+') + } else if (firstChar != '+') { throw NumberFormatException.forInputString(s); + } - if (len == 1) // Cannot have lone "+" or "-" + if (len == 1) { // Cannot have lone "+" or "-" throw NumberFormatException.forInputString(s); + } i++; } - multmin = limit / radix; + long multmin = limit / radix; + long result = 0; while (i < len) { // Accumulating negatively avoids surprises near MAX_VALUE - digit = Character.digit(s.charAt(i++),radix); - if (digit < 0) { - throw NumberFormatException.forInputString(s); - } - if (result < multmin) { + int digit = Character.digit(s.charAt(i++),radix); + if (digit < 0 || result < multmin) { throw NumberFormatException.forInputString(s); } result *= radix; @@ -597,10 +598,126 @@ } result -= digit; } + return negative ? result : -result; } else { throw NumberFormatException.forInputString(s); } - return negative ? result : -result; + } + + /** + * Parses the {@link CharSequence} argument as a signed {@code long} in + * the specified {@code radix}, beginning at the specified {@code beginIndex} + * and extending to the end of the sequence. + * + * <p>The method does not take steps to guard against the + * {@code CharSequence} being mutated while parsing. + * + * @param s the {@code CharSequence} containing the {@code long} + * representation to be parsed + * @param radix the radix to be used while parsing {@code s}. + * @param beginIndex the beginning index, inclusive. + * @return the signed {@code long} represented by the subsequence in + * the specified radix. + * @throws NullPointerException if {@code s} is null. + * @throws IndexOutOfBoundsException if {@code beginIndex} is + * negative, or if {@code beginIndex} is greater than + * {@code s.length()}. + * @throws NumberFormatException if the {@code CharSequence} does not + * contain a parsable {@code long} in the specified + * {@code radix}, or if {@code radix} is either smaller than + * {@link java.lang.Character#MIN_RADIX} or larger than + * {@link java.lang.Character#MAX_RADIX}. + * @since 1.9 + */ + public static long parseLong(CharSequence s, int radix, int beginIndex) + throws NumberFormatException { + // forces a null check of s + return parseLong(s, radix, beginIndex, s.length()); + } + + /** + * Parses the {@link CharSequence} argument as a signed {@code long} in + * the specified {@code radix}, beginning at the specified + * {@code beginIndex} and extending to {@code endIndex - 1}. + * + * <p>The method does not take steps to guard against the + * {@code CharSequence} being mutated while parsing. + * + * @param s the {@code CharSequence} containing the {@code long} + * representation to be parsed + * @param radix the radix to be used while parsing {@code s}. + * @param beginIndex the beginning index, inclusive. + * @param endIndex the ending index, exclusive. + * @return the signed {@code long} represented by the subsequence in + * the specified radix. + * @throws NullPointerException if {@code s} is null. + * @throws IndexOutOfBoundsException if {@code beginIndex} is + * negative, or if {@code beginIndex} is greater than + * {@code endIndex} or if {@code endIndex} is greater than + * {@code s.length()}. + * @throws NumberFormatException if the {@code CharSequence} does not + * contain a parsable {@code int} in the specified + * {@code radix}, or if {@code radix} is either smaller than + * {@link java.lang.Character#MIN_RADIX} or larger than + * {@link java.lang.Character#MAX_RADIX}. + * @since 1.9 + */ + public static long parseLong(CharSequence s, int radix, int beginIndex, int endIndex) + throws NumberFormatException { + s = Objects.requireNonNull(s); + + if (beginIndex < 0 || beginIndex > endIndex || endIndex > s.length()) { + throw new IndexOutOfBoundsException(); + } + if (radix < Character.MIN_RADIX) { + throw new NumberFormatException("radix " + radix + + " less than Character.MIN_RADIX"); + } + if (radix > Character.MAX_RADIX) { + throw new NumberFormatException("radix " + radix + + " greater than Character.MAX_RADIX"); + } + + boolean negative = false; + int i = beginIndex; + long limit = -Long.MAX_VALUE; + + if (i < endIndex) { + char firstChar = s.charAt(i); + if (firstChar < '0') { // Possible leading "+" or "-" + if (firstChar == '-') { + negative = true; + limit = Long.MIN_VALUE; + } else if (firstChar != '+') { + throw NumberFormatException.forCharSequence(s, beginIndex, + endIndex, i); + } + i++; + } + if (i >= endIndex) { // Cannot have lone "+", "-" or "" + throw NumberFormatException.forCharSequence(s, beginIndex, + endIndex, i); + } + long multmin = limit / radix; + long result = 0; + while (i < endIndex) { + // Accumulating negatively avoids surprises near MAX_VALUE + int digit = Character.digit(s.charAt(i++), radix); + if (digit < 0 || result < multmin) { + throw NumberFormatException.forCharSequence(s, beginIndex, + endIndex, i); + } + result *= radix; + if (result < limit + digit) { + throw NumberFormatException.forCharSequence(s, beginIndex, + endIndex, i); + } + result -= digit; + } + return negative ? result : -result; + } else { + throw new NumberFormatException(""); + } } /** @@ -694,7 +811,7 @@ } // No need for range checks on len due to testing above. - long first = parseLong(s.substring(0, len - 1), radix); + long first = parseLong(s, radix, 0, len - 1); int second = Character.digit(s.charAt(len - 1), radix); if (second < 0) { throw new NumberFormatException("Bad digit at end of " + s); @@ -764,6 +881,155 @@ } /** + * Parses the {@link CharSequence} argument as an unsigned {@code long} in + * the specified {@code radix}, beginning at the specified + * {@code beginIndex} and extending to the end of the sequence. + * + * <p>The method does not take steps to guard against the + * {@code CharSequence} being mutated while parsing. + * + * @param s the {@code CharSequence} containing the unsigned + * {@code long} representation to be parsed + * @param radix the radix to be used while parsing {@code s}. + * @param beginIndex the beginning index, inclusive. + * @return the unsigned {@code long} represented by the subsequence in + * the specified radix. + * @throws NullPointerException if {@code s} is null. + * @throws IndexOutOfBoundsException if {@code beginIndex} is + * negative, or if {@code beginIndex} is greater than + * {@code s.length()}. + * @throws NumberFormatException if the {@code CharSequence} does not + * contain a parsable unsigned {@code long} in the specified + * {@code radix}, or if {@code radix} is either smaller than + * {@link java.lang.Character#MIN_RADIX} or larger than + * {@link java.lang.Character#MAX_RADIX}. + * @since 1.9 + */ + public static long parseUnsignedLong(CharSequence s, int radix, int beginIndex) + throws NumberFormatException { + // forces a null check of s + return parseUnsignedLong(s, radix, beginIndex, s.length()); + } + + /** + * Parses the {@link CharSequence} argument as an unsigned {@code long} in + * the specified {@code radix}, beginning at the specified + * {@code beginIndex} and extending to {@code endIndex - 1}. + * + * <p>The method does not take steps to guard against the + * {@code CharSequence} being mutated while parsing. + * + * @param s the {@code CharSequence} containing the unsigned + * {@code long} representation to be parsed + * @param radix the radix to be used while parsing {@code s}. + * @param beginIndex the beginning index, inclusive. + * @param endIndex the ending index, exclusive. + * @return the unsigned {@code long} represented by the subsequence in + * the specified radix. + * @throws NullPointerException if {@code s} is null. + * @throws IndexOutOfBoundsException if {@code beginIndex} is + * negative, or if {@code beginIndex} is greater than + * {@code endIndex} or if {@code endIndex} is greater than + * {@code s.length()}. + * @throws NumberFormatException if the {@code CharSequence} does not + * contain a parsable unsigned {@code long} in the specified + * {@code radix}, or if {@code radix} is either smaller than + * {@link java.lang.Character#MIN_RADIX} or larger than + * {@link java.lang.Character#MAX_RADIX}. + * @since 1.9 + */ + public static long parseUnsignedLong(CharSequence s, int radix, int beginIndex, int endIndex) + throws NumberFormatException { + s = Objects.requireNonNull(s); + + if (beginIndex < 0 || beginIndex > endIndex || endIndex > s.length()) { + throw new IndexOutOfBoundsException(); + } + int start = beginIndex, len = endIndex - beginIndex; + + if (len > 0) { + char firstChar = s.charAt(start); + if (firstChar == '-') { + throw new NumberFormatException(String.format("Illegal leading minus sign " + + "on unsigned string %s.", s.subSequence(start, start + len))); + } else { + if (len <= 12 || // Long.MAX_VALUE in Character.MAX_RADIX is 13 digits + (radix == 10 && len <= 18) ) { // Long.MAX_VALUE in base 10 is 19 digits + return parseLong(s, radix, start, start + len); + } + + // No need for range checks on end due to testing above. + long first = parseLong(s, radix, start, start + len - 1); + int second = Character.digit(s.charAt(start + len - 1), radix); + if (second < 0) { + throw new NumberFormatException("Bad digit at end of " + + s.subSequence(start, start + len)); + } + long result = first * radix + second; + + /* + * Test leftmost bits of multiprecision extension of first*radix + * for overflow. The number of bits needed is defined by + * GUARD_BIT = ceil(log2(Character.MAX_RADIX)) + 1 = 7. Then + * int guard = radix*(int)(first >>> (64 - GUARD_BIT)) and + * overflow is tested by splitting guard in the ranges + * guard < 92, 92 <= guard < 128, and 128 <= guard, where + * 92 = 128 - Character.MAX_RADIX. Note that guard cannot take + * on a value which does not include a prime factor in the legal + * radix range. + */ + int guard = radix * (int) (first >>> 57); + if (guard >= 128 || + (result >= 0 && guard >= 128 - Character.MAX_RADIX)) { + /* + * For purposes of exposition, the programmatic statements + * below should be taken to be multi-precision, i.e., not + * subject to overflow. + * + * A) Condition guard >= 128: + * If guard >= 128 then first*radix >= 2^7 * 2^57 = 2^64 + * hence always overflow. + * + * B) Condition guard < 92: + * Define left7 = first >>> 57. + * Given first = (left7 * 2^57) + (first & (2^57 - 1)) then + * result <= (radix*left7)*2^57 + radix*(2^57 - 1) + second. + * Thus if radix*left7 < 92, radix <= 36, and second < 36, + * then result < 92*2^57 + 36*(2^57 - 1) + 36 = 2^64 hence + * never overflow. + * + * C) Condition 92 <= guard < 128: + * first*radix + second >= radix*left7*2^57 + second + * so that first*radix + second >= 92*2^57 + 0 > 2^63 + * + * D) Condition guard < 128: + * radix*first <= (radix*left7) * 2^57 + radix*(2^57 - 1) + * so + * radix*first + second <= (radix*left7) * 2^57 + radix*(2^57 - 1) + 36 + * thus + * radix*first + second < 128 * 2^57 + 36*2^57 - radix + 36 + * whence + * radix*first + second < 2^64 + 2^6*2^57 = 2^64 + 2^63 + * + * E) Conditions C, D, and result >= 0: + * C and D combined imply the mathematical result + * 2^63 < first*radix + second < 2^64 + 2^63. The lower + * bound is therefore negative as a signed long, but the + * upper bound is too small to overflow again after the + * signed long overflows to positive above 2^64 - 1. Hence + * result >= 0 implies overflow given C and D. + */ + throw new NumberFormatException(String.format("String value %s exceeds " + + "range of unsigned long.", s.subSequence(start, start + len))); + } + return result; + } + } else { + throw NumberFormatException.forInputString(""); + } + } + + /** * Parses the string argument as an unsigned decimal {@code long}. The * characters in the string must all be decimal digits, except * that the first character may be an an ASCII plus sign {@code
--- a/src/share/classes/java/lang/NumberFormatException.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/java/lang/NumberFormatException.java Wed Jul 30 11:49:59 2014 -0700 @@ -56,7 +56,7 @@ } /** - * Factory method for making a <code>NumberFormatException</code> + * Factory method for making a {@code NumberFormatException} * given the specified input which caused the error. * * @param s the input causing the error @@ -64,4 +64,20 @@ static NumberFormatException forInputString(String s) { return new NumberFormatException("For input string: \"" + s + "\""); } + + /** + * Factory method for making a {@code NumberFormatException} + * given the specified input which caused the error. + * + * @param s the input causing the error + * @param beginIndex the beginning index, inclusive. + * @param endIndex the ending index, exclusive. + * @param errorIndex the index of the first error in s + */ + static NumberFormatException forCharSequence(CharSequence s, + int beginIndex, int endIndex, int errorIndex) { + return new NumberFormatException("Error at index " + + (errorIndex - beginIndex) + " in: \"" + + s.subSequence(beginIndex, endIndex) + "\""); + } }
--- a/src/share/classes/java/lang/String.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/java/lang/String.java Wed Jul 30 11:49:59 2014 -0700 @@ -2580,7 +2580,8 @@ } for (int i = first; i < len; i++) { int cp = (int)value[i]; - if (cp == '\u03A3') { // GREEK CAPITAL LETTER SIGMA + if (cp == '\u03A3' || // GREEK CAPITAL LETTER SIGMA + Character.isSurrogate((char)cp)) { return toLowerCaseEx(result, i, locale, false); } if (cp == '\u0130') { // LATIN CAPITAL LETTER I WITH DOT ABOVE @@ -2742,7 +2743,11 @@ return toUpperCaseEx(result, first, locale, false); } for (int i = first; i < len; i++) { - int cp = Character.toUpperCaseEx((int)value[i]); + int cp = (int)value[i]; + if (Character.isSurrogate((char)cp)) { + return toUpperCaseEx(result, i, locale, false); + } + cp = Character.toUpperCaseEx(cp); if (!Character.isBmpCodePoint(cp)) { // Character.ERROR is not bmp return toUpperCaseEx(result, i, locale, false); }
--- a/src/share/classes/java/lang/System.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/java/lang/System.java Wed Jul 30 11:49:59 2014 -0700 @@ -1263,6 +1263,12 @@ public void invokeFinalize(Object o) throws Throwable { o.finalize(); } + public void formatUnsignedLong(long val, int shift, char[] buf, int offset, int len) { + Long.formatUnsignedLong(val, shift, buf, offset, len); + } + public void formatUnsignedInt(int val, int shift, char[] buf, int offset, int len) { + Integer.formatUnsignedInt(val, shift, buf, offset, len); + } }); } }
--- a/src/share/classes/java/nio/StringCharBuffer.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/java/nio/StringCharBuffer.java Wed Jul 30 11:49:59 2014 -0700 @@ -100,7 +100,7 @@ } final String toString(int start, int end) { - return str.toString().substring(start + offset, end + offset); + return str.subSequence(start + offset, end + offset).toString(); } public final CharBuffer subSequence(int start, int end) {
--- a/src/share/classes/java/util/UUID.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/java/util/UUID.java Wed Jul 30 11:49:59 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,6 +27,9 @@ import java.security.*; +import sun.misc.JavaLangAccess; +import sun.misc.SharedSecrets; + /** * A class that represents an immutable universally unique identifier (UUID). * A UUID represents a 128-bit value. @@ -88,6 +91,8 @@ */ private final long leastSigBits; + private static final JavaLangAccess jla = SharedSecrets.getJavaLangAccess(); + /* * The random number generator used by this class to create random * based UUIDs. In a holder class to defer initialization until needed. @@ -189,21 +194,35 @@ * */ public static UUID fromString(String name) { - String[] components = name.split("-"); - if (components.length != 5) - throw new IllegalArgumentException("Invalid UUID string: "+name); - for (int i=0; i<5; i++) - components[i] = "0x"+components[i]; + if (name.length() > 36) { + throw new IllegalArgumentException("UUID string too large"); + } + + int dash1 = name.indexOf('-', 0); + int dash2 = name.indexOf('-', dash1 + 1); + int dash3 = name.indexOf('-', dash2 + 1); + int dash4 = name.indexOf('-', dash3 + 1); + int dash5 = name.indexOf('-', dash4 + 1); - long mostSigBits = Long.decode(components[0]).longValue(); + // For any valid input, dash1 through dash4 will be positive and dash5 + // negative, but it's enough to check dash4 and dash5: + // - if dash1 is -1, dash4 will be -1 + // - if dash1 is positive but dash2 is -1, dash4 will be -1 + // - if dash1 and dash2 is positive, dash3 will be -1, dash4 will be + // positive, but so will dash5 + if (dash4 < 0 || dash5 >= 0) { + throw new IllegalArgumentException("Invalid UUID string: " + name); + } + + long mostSigBits = Long.parseLong(name, 16, 0, dash1) & 0xffffffffL; mostSigBits <<= 16; - mostSigBits |= Long.decode(components[1]).longValue(); + mostSigBits |= Long.parseLong(name, 16, dash1 + 1, dash2) & 0xffffL; mostSigBits <<= 16; - mostSigBits |= Long.decode(components[2]).longValue(); + mostSigBits |= Long.parseLong(name, 16, dash2 + 1, dash3) & 0xffffL; - long leastSigBits = Long.decode(components[3]).longValue(); + long leastSigBits = Long.parseLong(name, 16, dash3 + 1, dash4) & 0xffffL; leastSigBits <<= 48; - leastSigBits |= Long.decode(components[4]).longValue(); + leastSigBits |= Long.parseLong(name, 16, dash4 + 1) & 0xffffffffffffL; return new UUID(mostSigBits, leastSigBits); } @@ -373,17 +392,17 @@ * @return A string representation of this {@code UUID} */ public String toString() { - return (digits(mostSigBits >> 32, 8) + "-" + - digits(mostSigBits >> 16, 4) + "-" + - digits(mostSigBits, 4) + "-" + - digits(leastSigBits >> 48, 4) + "-" + - digits(leastSigBits, 12)); - } - - /** Returns val represented by the specified number of hex digits. */ - private static String digits(long val, int digits) { - long hi = 1L << (digits * 4); - return Long.toHexString(hi | (val & (hi - 1))).substring(1); + char[] chars = new char[36]; + jla.formatUnsignedLong(mostSigBits >> 32, 4, chars, 0, 8); + chars[8] = '-'; + jla.formatUnsignedLong(mostSigBits >> 16, 4, chars, 9, 4); + chars[13] = '-'; + jla.formatUnsignedLong(mostSigBits, 4, chars, 14, 4); + chars[18] = '-'; + jla.formatUnsignedLong(leastSigBits >> 48, 4, chars, 19, 4); + chars[23] = '-'; + jla.formatUnsignedLong(leastSigBits, 4, chars, 24, 12); + return jla.newStringUnsafe(chars); } /**
--- a/src/share/classes/java/util/package.html Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/java/util/package.html Wed Jul 30 11:49:59 2014 -0700 @@ -43,7 +43,7 @@ <h2>Related Documentation</h2> For overviews, tutorials, examples, guides, and tool documentation, please see: <ul> - <li><a href="http://www.java.sun.com/docs/books/tutorial/collections/"> + <li><a href="http://docs.oracle.com/javase/tutorial/collections/index.html"> <b>Collections Framework Tutorial</b></a> <li><a href="../../../technotes/guides/collections/designfaq.html"><b>Collections
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/javax/security/auth/kerberos/EncryptionKey.java Wed Jul 30 11:49:59 2014 -0700 @@ -0,0 +1,208 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package javax.security.auth.kerberos; + +import java.util.Arrays; +import java.util.Objects; +import javax.crypto.SecretKey; +import javax.security.auth.DestroyFailedException; + +/** + * This class encapsulates an EncryptionKey used in Kerberos.<p> + * + * An EncryptionKey is defined in Section 4.2.9 of the Kerberos Protocol + * Specification (<a href=http://www.ietf.org/rfc/rfc4120.txt>RFC 4120</a>) as: + * <pre> + * EncryptionKey ::= SEQUENCE { + * keytype [0] Int32 -- actually encryption type --, + * keyvalue [1] OCTET STRING + * } + * </pre> + * The key material of an {@code EncryptionKey} is defined as the value + * of the {@code keyValue} above.<p> + * + * @since 1.9 + */ +public final class EncryptionKey implements SecretKey { + + private static final long serialVersionUID = 9L; + + /** + * {@code KeyImpl} is serialized by writing out the ASN.1 encoded bytes + * of the encryption key. + * + * @serial + */ + final private KeyImpl key; + + private transient boolean destroyed = false; + + /** + * Constructs a {@code EncryptionKey} from the given bytes and + * the key type. + * <p> + * The contents of the byte array are copied; subsequent modification of + * the byte array does not affect the newly created key. + * + * @param keyBytes the key material for the key + * @param keyType the key type for the key as defined by the + * Kerberos protocol specification. + * @throws NullPointerException if keyBytes is null + */ + public EncryptionKey(byte[] keyBytes, int keyType) { + key = new KeyImpl(Objects.requireNonNull(keyBytes), keyType); + } + + /** + * Returns the key type for this key. + * + * @return the key type. + * @throws IllegalStateException if the key is destroyed + */ + public int getKeyType() { + // KeyImpl already checked if destroyed + return key.getKeyType(); + } + + /* + * Methods from java.security.Key + */ + + /** + * Returns the standard algorithm name for this key. The algorithm names + * are the encryption type string defined on the IANA + * <a href="https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#kerberos-parameters-1">Kerberos Encryption Type Numbers</a> + * page. + * <p> + * This method can return the following value not defined on the IANA page: + * <ol> + * <li>none: for etype equal to 0</li> + * <li>unknown: for etype greater than 0 but unsupported by + * the implementation</li> + * <li>private: for etype smaller than 0</li> + * </ol> + * + * @return the name of the algorithm associated with this key. + * @throws IllegalStateException if the key is destroyed + */ + @Override + public String getAlgorithm() { + // KeyImpl already checked if destroyed + return key.getAlgorithm(); + } + + /** + * Returns the name of the encoding format for this key. + * + * @return the String "RAW" + * @throws IllegalStateException if the key is destroyed + */ + @Override + public String getFormat() { + // KeyImpl already checked if destroyed + return key.getFormat(); + } + + /** + * Returns the key material of this key. + * + * @return a newly allocated byte array that contains the key material + * @throws IllegalStateException if the key is destroyed + */ + @Override + public byte[] getEncoded() { + // KeyImpl already checked if destroyed + return key.getEncoded(); + } + + /** + * Destroys this key by clearing out the key material of this key. + * + * @throws DestroyFailedException if some error occurs while destorying + * this key. + */ + @Override + public void destroy() throws DestroyFailedException { + if (!destroyed) { + key.destroy(); + destroyed = true; + } + } + + + @Override + public boolean isDestroyed() { + return destroyed; + } + + @Override + public String toString() { + if (destroyed) { + return "Destroyed EncryptionKey"; + } + return "key " + key.toString(); + } + + @Override + public int hashCode() { + int result = 17; + if (isDestroyed()) { + return result; + } + result = 37 * result + Arrays.hashCode(getEncoded()); + return 37 * result + getKeyType(); + } + + /** + * Compares the specified Object with this key for equality. + * Returns true if the given object is also a + * {@code EncryptionKey} and the two + * {@code EncryptionKey} instances are equivalent. + * + * @param other the Object to compare to + * @return true if the specified object is equal to this EncryptionKey, + * false otherwise. NOTE: Returns false if either of the EncryptionKey + * objects has been destroyed. + */ + @Override + public boolean equals(Object other) { + + if (other == this) + return true; + + if (! (other instanceof EncryptionKey)) { + return false; + } + + EncryptionKey otherKey = ((EncryptionKey) other); + if (isDestroyed() || otherKey.isDestroyed()) { + return false; + } + + return getKeyType() == otherKey.getKeyType() + && Arrays.equals(getEncoded(), otherKey.getEncoded()); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/javax/security/auth/kerberos/KerberosCredMessage.java Wed Jul 30 11:49:59 2014 -0700 @@ -0,0 +1,171 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package javax.security.auth.kerberos; + +import javax.security.auth.Destroyable; +import java.util.Arrays; +import java.util.Base64; +import java.util.Objects; + +/** + * This class encapsulates a Kerberos 5 KRB_CRED message which can be used to + * send Kerberos credentials from one principal to another.<p> + * + * A KRB_CRED message is defined in Section 5.8.1 of the Kerberos Protocol + * Specification (<a href=http://www.ietf.org/rfc/rfc4120.txt>RFC 4120</a>) as: + * <pre> + * KRB-CRED ::= [APPLICATION 22] SEQUENCE { + * pvno [0] INTEGER (5), + * msg-type [1] INTEGER (22), + * tickets [2] SEQUENCE OF Ticket, + * enc-part [3] EncryptedData -- EncKrbCredPart + * } + * </pre><p> + * + * @since 1.9 + */ +public final class KerberosCredMessage implements Destroyable { + + final private KerberosPrincipal sender; + final private KerberosPrincipal recipient; + final private byte[] message; + + private boolean destroyed = false; + + /** + * Constructs a {@code KerberosCredMessage} object. + * <p> + * The contents of the {@code message} argument are copied; subsequent + * modification of the byte array does not affect the newly created object. + * + * @param sender the sender of the message + * @param recipient the recipient of the message + * @param message the DER encoded KRB_CRED message + * @throws NullPointerException if any of sender, recipient + * or message is null + */ + public KerberosCredMessage(KerberosPrincipal sender, + KerberosPrincipal recipient, + byte[] message) { + this.sender = Objects.requireNonNull(sender); + this.recipient = Objects.requireNonNull(recipient); + this.message = Objects.requireNonNull(message).clone(); + } + + /** + * Returns the DER encoded form of the KRB_CRED message. + * + * @return a newly allocated byte array that contains the encoded form + * @throws IllegalStateException if the object is destroyed + */ + public byte[] getEncoded() { + if (destroyed) { + throw new IllegalStateException("This object is no longer valid"); + } + return message.clone(); + } + + /** + * Returns the sender of this message. + * + * @return the sender + * @throws IllegalStateException if the object is destroyed + */ + public KerberosPrincipal getSender() { + if (destroyed) { + throw new IllegalStateException("This object is no longer valid"); + } + return sender; + } + + /** + * Returns the recipient of this message. + * + * @return the recipient + * @throws IllegalStateException if the object is destroyed + */ + public KerberosPrincipal getRecipient() { + if (destroyed) { + throw new IllegalStateException("This object is no longer valid"); + } + return recipient; + } + + /** + * Destroys this object by clearing out the message. + */ + @Override + public void destroy() { + if (!destroyed) { + Arrays.fill(message, (byte)0); + destroyed = true; + } + } + + @Override + public boolean isDestroyed() { + return destroyed; + } + + @Override + public String toString() { + if (destroyed) { + return "Destroyed KerberosCredMessage"; + } else { + return "KRB_CRED from " + sender + " to " + recipient + ":\n" + + Base64.getUrlEncoder().encodeToString(message); + } + } + + @Override + public int hashCode() { + if (isDestroyed()) { + return -1; + } else { + return Objects.hash(sender, recipient, Arrays.hashCode(message)); + } + } + + @Override + public boolean equals(Object other) { + if (other == this) { + return true; + } + + if (! (other instanceof KerberosCredMessage)) { + return false; + } + + KerberosCredMessage otherMessage = ((KerberosCredMessage) other); + if (isDestroyed() || otherMessage.isDestroyed()) { + return false; + } + + return Objects.equals(sender, otherMessage.sender) + && Objects.equals(recipient, otherMessage.recipient) + && Arrays.equals(message, otherMessage.message); + } +}
--- a/src/share/classes/javax/security/auth/kerberos/KerberosKey.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/javax/security/auth/kerberos/KerberosKey.java Wed Jul 30 11:49:59 2014 -0700 @@ -27,13 +27,27 @@ import java.util.Arrays; import javax.crypto.SecretKey; -import javax.security.auth.Destroyable; import javax.security.auth.DestroyFailedException; /** * This class encapsulates a long term secret key for a Kerberos * principal.<p> * + * A {@code KerberosKey} object includes an EncryptionKey, a + * {@link KerberosPrincipal} as its owner, and the version number + * of the key.<p> + * + * An EncryptionKey is defined in Section 4.2.9 of the Kerberos Protocol + * Specification (<a href=http://www.ietf.org/rfc/rfc4120.txt>RFC 4120</a>) as: + * <pre> + * EncryptionKey ::= SEQUENCE { + * keytype [0] Int32 -- actually encryption type --, + * keyvalue [1] OCTET STRING + * } + * </pre> + * The key material of a {@code KerberosKey} is defined as the value + * of the {@code keyValue} above.<p> + * * All Kerberos JAAS login modules that obtain a principal's password and * generate the secret key from it should use this class. * Sometimes, such as when authenticating a server in @@ -70,7 +84,7 @@ * @author Mayank Upadhyay * @since 1.4 */ -public class KerberosKey implements SecretKey, Destroyable { +public class KerberosKey implements SecretKey { private static final long serialVersionUID = -4625402278148246993L; @@ -89,15 +103,8 @@ private final int versionNum; /** - * {@code KeyImpl} is serialized by writing out the ASN1 Encoded bytes + * {@code KeyImpl} is serialized by writing out the ASN.1 encoded bytes * of the encryption key. - * The ASN1 encoding is defined in RFC4120 and as follows: - * <pre> - * EncryptionKey ::= SEQUENCE { - * keytype [0] Int32 -- actually encryption type --, - * keyvalue [1] OCTET STRING - * } - * </pre> * * @serial */ @@ -111,7 +118,7 @@ * key information from a Kerberos "keytab". * * @param principal the principal that this secret key belongs to - * @param keyBytes the raw bytes for the secret key + * @param keyBytes the key material for the secret key * @param keyType the key type for the secret key as defined by the * Kerberos protocol specification. * @param versionNum the version number of this secret key @@ -153,10 +160,12 @@ * Returns the principal that this key belongs to. * * @return the principal this key belongs to. + * @throws IllegalStateException if the key is destroyed */ public final KerberosPrincipal getPrincipal() { - if (destroyed) + if (destroyed) { throw new IllegalStateException("This key is no longer valid"); + } return principal; } @@ -164,10 +173,12 @@ * Returns the key version number. * * @return the key version number. + * @throws IllegalStateException if the key is destroyed */ public final int getVersionNumber() { - if (destroyed) + if (destroyed) { throw new IllegalStateException("This key is no longer valid"); + } return versionNum; } @@ -175,10 +186,10 @@ * Returns the key type for this long-term key. * * @return the key type. + * @throws IllegalStateException if the key is destroyed */ public final int getKeyType() { - if (destroyed) - throw new IllegalStateException("This key is no longer valid"); + // KeyImpl already checked if destroyed return key.getKeyType(); } @@ -201,10 +212,10 @@ * </ol> * * @return the name of the algorithm associated with this key. + * @throws IllegalStateException if the key is destroyed */ public final String getAlgorithm() { - if (destroyed) - throw new IllegalStateException("This key is no longer valid"); + // KeyImpl already checked if destroyed return key.getAlgorithm(); } @@ -212,10 +223,10 @@ * Returns the name of the encoding format for this secret key. * * @return the String "RAW" + * @throws IllegalStateException if the key is destroyed */ public final String getFormat() { - if (destroyed) - throw new IllegalStateException("This key is no longer valid"); + // KeyImpl already checked if destroyed return key.getFormat(); } @@ -223,16 +234,15 @@ * Returns the key material of this secret key. * * @return the key material + * @throws IllegalStateException if the key is destroyed */ public final byte[] getEncoded() { - if (destroyed) - throw new IllegalStateException("This key is no longer valid"); + // KeyImpl already checked if destroyed return key.getEncoded(); } /** - * Destroys this key. A call to any of its other methods after this - * will cause an IllegalStateException to be thrown. + * Destroys this key by clearing out the key material of this secret key. * * @throws DestroyFailedException if some error occurs while destorying * this key. @@ -253,9 +263,9 @@ public String toString() { if (destroyed) { - return "Destroyed Principal"; + return "Destroyed KerberosKey"; } - return "Kerberos Principal " + principal.toString() + + return "Kerberos Principal " + principal + "Key Version " + versionNum + "key " + key.toString(); } @@ -293,8 +303,9 @@ */ public boolean equals(Object other) { - if (other == this) + if (other == this) { return true; + } if (! (other instanceof KerberosKey)) { return false;
--- a/src/share/classes/javax/security/auth/kerberos/KerberosTicket.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/javax/security/auth/kerberos/KerberosTicket.java Wed Jul 30 11:49:59 2014 -0700 @@ -35,9 +35,6 @@ import javax.security.auth.RefreshFailedException; import javax.security.auth.DestroyFailedException; import sun.misc.HexDumpEncoder; -import sun.security.krb5.EncryptionKey; -import sun.security.krb5.Asn1Exception; -import sun.security.util.*; /** * This class encapsulates a Kerberos ticket and associated @@ -253,9 +250,10 @@ Date endTime, Date renewTill, InetAddress[] clientAddresses) { - if (sessionKey == null) - throw new IllegalArgumentException("Session key for ticket" - + " cannot be null"); + if (sessionKey == null) { + throw new IllegalArgumentException("Session key for ticket" + + " cannot be null"); + } init(asn1Encoding, client, server, new KeyImpl(sessionKey, keyType), flags, authTime, startTime, endTime, renewTill, clientAddresses); @@ -271,41 +269,46 @@ Date endTime, Date renewTill, InetAddress[] clientAddresses) { - if (asn1Encoding == null) - throw new IllegalArgumentException("ASN.1 encoding of ticket" - + " cannot be null"); + if (asn1Encoding == null) { + throw new IllegalArgumentException("ASN.1 encoding of ticket" + + " cannot be null"); + } this.asn1Encoding = asn1Encoding.clone(); - if (client == null) - throw new IllegalArgumentException("Client name in ticket" - + " cannot be null"); + if (client == null) { + throw new IllegalArgumentException("Client name in ticket" + + " cannot be null"); + } this.client = client; - if (server == null) - throw new IllegalArgumentException("Server name in ticket" - + " cannot be null"); + if (server == null) { + throw new IllegalArgumentException("Server name in ticket" + + " cannot be null"); + } this.server = server; // Caller needs to make sure `sessionKey` will not be null this.sessionKey = sessionKey; if (flags != null) { - if (flags.length >= NUM_FLAGS) - this.flags = flags.clone(); - else { + if (flags.length >= NUM_FLAGS) { + this.flags = flags.clone(); + } else { this.flags = new boolean[NUM_FLAGS]; // Fill in whatever we have - for (int i = 0; i < flags.length; i++) + for (int i = 0; i < flags.length; i++) { this.flags[i] = flags[i]; + } } - } else - this.flags = new boolean[NUM_FLAGS]; + } else { + this.flags = new boolean[NUM_FLAGS]; + } if (this.flags[RENEWABLE_TICKET_FLAG]) { - if (renewTill == null) - throw new IllegalArgumentException("The renewable period " + if (renewTill == null) { + throw new IllegalArgumentException("The renewable period " + "end time cannot be null for renewable tickets."); - + } this.renewTill = new Date(renewTill.getTime()); } @@ -318,13 +321,15 @@ this.startTime = this.authTime; } - if (endTime == null) - throw new IllegalArgumentException("End time for ticket validity" - + " cannot be null"); + if (endTime == null) { + throw new IllegalArgumentException("End time for ticket validity" + + " cannot be null"); + } this.endTime = new Date(endTime.getTime()); - if (clientAddresses != null) - this.clientAddresses = clientAddresses.clone(); + if (clientAddresses != null) { + this.clientAddresses = clientAddresses.clone(); + } } /** @@ -346,14 +351,17 @@ } /** - * Returns the session key associated with this ticket. + * Returns the session key associated with this ticket. The return value + * is always a {@link EncryptionKey} object. * * @return the session key. */ public final SecretKey getSessionKey() { - if (destroyed) + if (destroyed) { throw new IllegalStateException("This ticket is no longer valid"); - return sessionKey; + } + return new EncryptionKey( + sessionKey.getEncoded(), sessionKey.getKeyType()); } /** @@ -366,8 +374,9 @@ * @see #getSessionKey() */ public final int getSessionKeyType() { - if (destroyed) + if (destroyed) { throw new IllegalStateException("This ticket is no longer valid"); + } return sessionKey.getKeyType(); } @@ -508,8 +517,9 @@ * @return an ASN.1 encoding of the entire ticket. */ public final byte[] getEncoded() { - if (destroyed) + if (destroyed) { throw new IllegalStateException("This ticket is no longer valid"); + } return asn1Encoding.clone(); } @@ -539,16 +549,17 @@ */ public void refresh() throws RefreshFailedException { - if (destroyed) + if (destroyed) { throw new RefreshFailedException("A destroyed ticket " - + "cannot be renewd."); - - if (!isRenewable()) + + "cannot be renewd."); + } + if (!isRenewable()) { throw new RefreshFailedException("This ticket is not renewable"); - - if (System.currentTimeMillis() > getRenewTill().getTime()) + } + if (System.currentTimeMillis() > getRenewTill().getTime()) { throw new RefreshFailedException("This ticket is past " - + "its last renewal time."); + + "its last renewal time."); + } Throwable e = null; sun.security.krb5.Credentials krb5Creds = null; @@ -634,8 +645,9 @@ } public String toString() { - if (destroyed) - throw new IllegalStateException("This ticket is no longer valid"); + if (destroyed) { + return "Destroyed KerberosTicket"; + } StringBuilder caddrString = new StringBuilder(); if (clientAddresses != null) { for (int i = 0; i < clientAddresses.length; i++) { @@ -715,8 +727,9 @@ */ public boolean equals(Object other) { - if (other == this) + if (other == this) { return true; + } if (! (other instanceof KerberosTicket)) { return false; @@ -731,7 +744,7 @@ !endTime.equals(otherTicket.getEndTime()) || !server.equals(otherTicket.getServer()) || !client.equals(otherTicket.getClient()) || - !sessionKey.equals(otherTicket.getSessionKey()) || + !sessionKey.equals(otherTicket.sessionKey) || !Arrays.equals(clientAddresses, otherTicket.getClientAddresses()) || !Arrays.equals(flags, otherTicket.getFlags())) { return false; @@ -739,35 +752,41 @@ // authTime may be null if (authTime == null) { - if (otherTicket.getAuthTime() != null) + if (otherTicket.getAuthTime() != null) { return false; + } } else { - if (!authTime.equals(otherTicket.getAuthTime())) + if (!authTime.equals(otherTicket.getAuthTime())) { return false; + } } // startTime may be null if (startTime == null) { - if (otherTicket.getStartTime() != null) + if (otherTicket.getStartTime() != null) { return false; + } } else { - if (!startTime.equals(otherTicket.getStartTime())) + if (!startTime.equals(otherTicket.getStartTime())) { return false; + } } if (renewTill == null) { - if (otherTicket.getRenewTill() != null) + if (otherTicket.getRenewTill() != null) { return false; + } } else { - if (!renewTill.equals(otherTicket.getRenewTill())) + if (!renewTill.equals(otherTicket.getRenewTill())) { return false; + } } return true; } private void readObject(ObjectInputStream s) - throws IOException, ClassNotFoundException { + throws IOException, ClassNotFoundException { s.defaultReadObject(); if (sessionKey == null) { throw new InvalidObjectException("Session key cannot be null");
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java Wed Jul 30 11:49:59 2014 -0700 @@ -364,7 +364,7 @@ } void getMethods() throws ClassNotFoundException, NoSuchMethodException { - Class<?> c = Class.forName("sun.security.ec.ECParameters"); + Class<?> c = Class.forName("sun.security.util.ECParameters"); Class<?>[] params = new Class<?>[] { ECPoint.class, EllipticCurve.class }; encodePoint = c.getMethod("encodePoint", params); @@ -372,7 +372,7 @@ getCurveName = c.getMethod("getCurveName", params); params = new Class<?>[] { byte[].class, EllipticCurve.class }; decodePoint = c.getMethod("decodePoint", params); - c = Class.forName("sun.security.ec.NamedCurve"); + c = Class.forName("sun.security.util.NamedCurve"); params = new Class<?>[] { String.class }; getECParameterSpec = c.getMethod("getECParameterSpec", params); } @@ -477,7 +477,7 @@ throw new MarshalException(ite); } /* - ecPoint = sun.security.ec.ECParameters.decodePoint( + ecPoint = sun.security.util.ECParameters.decodePoint( Base64.decode(curElem), ecParams.getCurve()); */ ECPublicKeySpec spec = new ECPublicKeySpec(ecPoint, ecParams);
--- a/src/share/classes/sun/misc/JavaLangAccess.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/sun/misc/JavaLangAccess.java Wed Jul 30 11:49:59 2014 -0700 @@ -132,4 +132,14 @@ * Invokes the finalize method of the given object. */ void invokeFinalize(Object o) throws Throwable; + + /** + * Invokes Long.formatUnsignedLong(long val, int shift, char[] buf, int offset, int len) + */ + void formatUnsignedLong(long val, int shift, char[] buf, int offset, int len); + + /** + * Invokes Integer.formatUnsignedInt(long val, int shift, char[] buf, int offset, int len) + */ + void formatUnsignedInt(int val, int shift, char[] buf, int offset, int len); }
--- a/src/share/classes/sun/nio/cs/ext/ExtendedCharsets.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/sun/nio/cs/ext/ExtendedCharsets.java Wed Jul 30 11:49:59 2014 -0700 @@ -1173,8 +1173,7 @@ if (!sun.misc.VM.isBooted()) return; - String map = AccessController.doPrivileged( - (PrivilegedAction<String>) () -> System.getProperty("sun.nio.cs.map")); + String map = getProperty("sun.nio.cs.map"); boolean sjisIsMS932 = false; boolean iso2022jpIsMS50221 = false; boolean iso2022jpIsMS50220 = false; @@ -1294,8 +1293,7 @@ } } - String osName = AccessController.doPrivileged( - (PrivilegedAction<String>) () -> System.getProperty("os.name")); + String osName = getProperty("os.name"); if ("SunOS".equals(osName) || "Linux".equals(osName) || "AIX".equals(osName) || osName.contains("OS X")) { charset("x-COMPOUND_TEXT", "COMPOUND_TEXT", @@ -1308,6 +1306,18 @@ initialized = true; } + private static String getProperty(String key) { + // this method may be called during initialization of + // system class loader and thus not using lambda + return AccessController.doPrivileged( + new PrivilegedAction<String>() { + @Override + public String run() { + return System.getProperty(key); + } + }); + } + public static String[] aliasesFor(String charsetName) { if (instance == null) return null;
--- a/src/share/classes/sun/security/ec/CurveDB.java Fri Jul 25 15:38:10 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,669 +0,0 @@ -/* - * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.ec; - -import java.math.BigInteger; - -import java.security.spec.*; - -import java.util.*; -import java.util.regex.Pattern; - -/** - * Repository for well-known Elliptic Curve parameters. It is used by both - * the SunPKCS11 and SunJSSE code. - * - * @since 1.6 - * @author Andreas Sterbenz - */ -public class CurveDB { - private final static int P = 1; // prime curve - private final static int B = 2; // binary curve - private final static int PD = 5; // prime curve, mark as default - private final static int BD = 6; // binary curve, mark as default - - private static final Map<String,NamedCurve> oidMap = - new LinkedHashMap<String,NamedCurve>(); - private static final Map<String,NamedCurve> nameMap = - new HashMap<String,NamedCurve>(); - private static final Map<Integer,NamedCurve> lengthMap = - new HashMap<Integer,NamedCurve>(); - - private static Collection<? extends NamedCurve> specCollection; - - static final String SPLIT_PATTERN = ",|\\[|\\]"; - - // Used by SunECEntries - static Collection<? extends NamedCurve>getSupportedCurves() { - return specCollection; - } - - // Return a NamedCurve for the specified OID/name or null if unknown. - static NamedCurve lookup(String name) { - NamedCurve spec = oidMap.get(name); - if (spec != null) { - return spec; - } - - return nameMap.get(name); - } - - // Return EC parameters for the specified field size. If there are known - // NIST recommended parameters for the given length, they are returned. - // Otherwise, if there are multiple matches for the given size, an - // arbitrary one is returns. - // If no parameters are known, the method returns null. - // NOTE that this method returns both prime and binary curves. - static NamedCurve lookup(int length) { - return lengthMap.get(length); - } - - // Convert the given ECParameterSpec object to a NamedCurve object. - // If params does not represent a known named curve, return null. - static NamedCurve lookup(ECParameterSpec params) { - if ((params instanceof NamedCurve) || (params == null)) { - return (NamedCurve)params; - } - - // This is a hack to allow SunJSSE to work with 3rd party crypto - // providers for ECC and not just SunPKCS11. - // This can go away once we decide how to expose curve names in the - // public API. - // Note that it assumes that the 3rd party provider encodes named - // curves using the short form, not explicitly. If it did that, then - // the SunJSSE TLS ECC extensions are wrong, which could lead to - // interoperability problems. - int fieldSize = params.getCurve().getField().getFieldSize(); - for (NamedCurve namedCurve : specCollection) { - // ECParameterSpec does not define equals, so check all the - // components ourselves. - // Quick field size check first - if (namedCurve.getCurve().getField().getFieldSize() != fieldSize) { - continue; - } - if (namedCurve.getCurve().equals(params.getCurve()) == false) { - continue; - } - if (namedCurve.getGenerator().equals(params.getGenerator()) == - false) { - continue; - } - if (namedCurve.getOrder().equals(params.getOrder()) == false) { - continue; - } - if (namedCurve.getCofactor() != params.getCofactor()) { - continue; - } - // everything matches our named curve, return it - return namedCurve; - } - // no match found - return null; - } - - private static BigInteger bi(String s) { - return new BigInteger(s, 16); - } - - private static void add(String name, String soid, int type, String sfield, - String a, String b, String x, String y, String n, int h, - Pattern nameSplitPattern) { - BigInteger p = bi(sfield); - ECField field; - if ((type == P) || (type == PD)) { - field = new ECFieldFp(p); - } else if ((type == B) || (type == BD)) { - field = new ECFieldF2m(p.bitLength() - 1, p); - } else { - throw new RuntimeException("Invalid type: " + type); - } - - EllipticCurve curve = new EllipticCurve(field, bi(a), bi(b)); - ECPoint g = new ECPoint(bi(x), bi(y)); - - NamedCurve params = new NamedCurve(name, soid, curve, g, bi(n), h); - if (oidMap.put(soid, params) != null) { - throw new RuntimeException("Duplication oid: " + soid); - } - - String[] commonNames = nameSplitPattern.split(name); - for (String commonName : commonNames) { - if (nameMap.put(commonName.trim(), params) != null) { - throw new RuntimeException("Duplication name: " + commonName); - } - } - - int len = field.getFieldSize(); - if ((type == PD) || (type == BD) || (lengthMap.get(len) == null)) { - // add entry if none present for this field size or if - // the curve is marked as a default curve. - lengthMap.put(len, params); - } - } - - static { - Pattern nameSplitPattern = Pattern.compile(SPLIT_PATTERN); - - /* SEC2 prime curves */ - add("secp112r1", "1.3.132.0.6", P, - "DB7C2ABF62E35E668076BEAD208B", - "DB7C2ABF62E35E668076BEAD2088", - "659EF8BA043916EEDE8911702B22", - "09487239995A5EE76B55F9C2F098", - "A89CE5AF8724C0A23E0E0FF77500", - "DB7C2ABF62E35E7628DFAC6561C5", - 1, nameSplitPattern); - - add("secp112r2", "1.3.132.0.7", P, - "DB7C2ABF62E35E668076BEAD208B", - "6127C24C05F38A0AAAF65C0EF02C", - "51DEF1815DB5ED74FCC34C85D709", - "4BA30AB5E892B4E1649DD0928643", - "adcd46f5882e3747def36e956e97", - "36DF0AAFD8B8D7597CA10520D04B", - 4, nameSplitPattern); - - add("secp128r1", "1.3.132.0.28", P, - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", - "E87579C11079F43DD824993C2CEE5ED3", - "161FF7528B899B2D0C28607CA52C5B86", - "CF5AC8395BAFEB13C02DA292DDED7A83", - "FFFFFFFE0000000075A30D1B9038A115", - 1, nameSplitPattern); - - add("secp128r2", "1.3.132.0.29", P, - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", - "D6031998D1B3BBFEBF59CC9BBFF9AEE1", - "5EEEFCA380D02919DC2C6558BB6D8A5D", - "7B6AA5D85E572983E6FB32A7CDEBC140", - "27B6916A894D3AEE7106FE805FC34B44", - "3FFFFFFF7FFFFFFFBE0024720613B5A3", - 4, nameSplitPattern); - - add("secp160k1", "1.3.132.0.9", P, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", - "0000000000000000000000000000000000000000", - "0000000000000000000000000000000000000007", - "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", - "938CF935318FDCED6BC28286531733C3F03C4FEE", - "0100000000000000000001B8FA16DFAB9ACA16B6B3", - 1, nameSplitPattern); - - add("secp160r1", "1.3.132.0.8", P, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", - "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", - "4A96B5688EF573284664698968C38BB913CBFC82", - "23A628553168947D59DCC912042351377AC5FB32", - "0100000000000000000001F4C8F927AED3CA752257", - 1, nameSplitPattern); - - add("secp160r2", "1.3.132.0.30", P, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", - "B4E134D3FB59EB8BAB57274904664D5AF50388BA", - "52DCB034293A117E1F4FF11B30F7199D3144CE6D", - "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E", - "0100000000000000000000351EE786A818F3A1A16B", - 1, nameSplitPattern); - - add("secp192k1", "1.3.132.0.31", P, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", - "000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000003", - "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", - "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", - "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", - 1, nameSplitPattern); - - add("secp192r1 [NIST P-192, X9.62 prime192v1]", "1.2.840.10045.3.1.1", PD, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", - "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", - "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811", - "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", - 1, nameSplitPattern); - - add("secp224k1", "1.3.132.0.32", P, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", - "00000000000000000000000000000000000000000000000000000000", - "00000000000000000000000000000000000000000000000000000005", - "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", - "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", - "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", - 1, nameSplitPattern); - - add("secp224r1 [NIST P-224]", "1.3.132.0.33", PD, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", - "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", - "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", - "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", - 1, nameSplitPattern); - - add("secp256k1", "1.3.132.0.10", P, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", - "0000000000000000000000000000000000000000000000000000000000000000", - "0000000000000000000000000000000000000000000000000000000000000007", - "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", - "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", - 1, nameSplitPattern); - - add("secp256r1 [NIST P-256, X9.62 prime256v1]", "1.2.840.10045.3.1.7", PD, - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", - "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", - "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", - "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", - "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", - 1, nameSplitPattern); - - add("secp384r1 [NIST P-384]", "1.3.132.0.34", PD, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", - "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", - "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7", - "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", - 1, nameSplitPattern); - - add("secp521r1 [NIST P-521]", "1.3.132.0.35", PD, - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", - "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", - "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", - "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", - 1, nameSplitPattern); - - /* ANSI X9.62 prime curves */ - add("X9.62 prime192v2", "1.2.840.10045.3.1.2", P, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", - "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", - "6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15", - "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31", - 1, nameSplitPattern); - - add("X9.62 prime192v3", "1.2.840.10045.3.1.3", P, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", - "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", - "38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0", - "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13", - 1, nameSplitPattern); - - add("X9.62 prime239v1", "1.2.840.10045.3.1.4", P, - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", - "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", - "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", - "7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B", - 1, nameSplitPattern); - - add("X9.62 prime239v2", "1.2.840.10045.3.1.5", P, - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", - "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", - "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", - "5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA", - "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063", - 1, nameSplitPattern); - - add("X9.62 prime239v3", "1.2.840.10045.3.1.6", P, - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", - "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", - "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", - "1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551", - 1, nameSplitPattern); - - /* SEC2 binary curves */ - add("sect113r1", "1.3.132.0.4", B, - "020000000000000000000000000201", - "003088250CA6E7C7FE649CE85820F7", - "00E8BEE4D3E2260744188BE0E9C723", - "009D73616F35F4AB1407D73562C10F", - "00A52830277958EE84D1315ED31886", - "0100000000000000D9CCEC8A39E56F", - 2, nameSplitPattern); - - add("sect113r2", "1.3.132.0.5", B, - "020000000000000000000000000201", - "00689918DBEC7E5A0DD6DFC0AA55C7", - "0095E9A9EC9B297BD4BF36E059184F", - "01A57A6A7B26CA5EF52FCDB8164797", - "00B3ADC94ED1FE674C06E695BABA1D", - "010000000000000108789B2496AF93", - 2, nameSplitPattern); - - add("sect131r1", "1.3.132.0.22", B, - "080000000000000000000000000000010D", - "07A11B09A76B562144418FF3FF8C2570B8", - "0217C05610884B63B9C6C7291678F9D341", - "0081BAF91FDF9833C40F9C181343638399", - "078C6E7EA38C001F73C8134B1B4EF9E150", - "0400000000000000023123953A9464B54D", - 2, nameSplitPattern); - - add("sect131r2", "1.3.132.0.23", B, - "080000000000000000000000000000010D", - "03E5A88919D7CAFCBF415F07C2176573B2", - "04B8266A46C55657AC734CE38F018F2192", - "0356DCD8F2F95031AD652D23951BB366A8", - "0648F06D867940A5366D9E265DE9EB240F", - "0400000000000000016954A233049BA98F", - 2, nameSplitPattern); - - add("sect163k1 [NIST K-163]", "1.3.132.0.1", BD, - "0800000000000000000000000000000000000000C9", - "000000000000000000000000000000000000000001", - "000000000000000000000000000000000000000001", - "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", - "0289070FB05D38FF58321F2E800536D538CCDAA3D9", - "04000000000000000000020108A2E0CC0D99F8A5EF", - 2, nameSplitPattern); - - add("sect163r1", "1.3.132.0.2", B, - "0800000000000000000000000000000000000000C9", - "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2", - "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9", - "0369979697AB43897789566789567F787A7876A654", - "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883", - "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", - 2, nameSplitPattern); - - add("sect163r2 [NIST B-163]", "1.3.132.0.15", BD, - "0800000000000000000000000000000000000000C9", - "000000000000000000000000000000000000000001", - "020A601907B8C953CA1481EB10512F78744A3205FD", - "03F0EBA16286A2D57EA0991168D4994637E8343E36", - "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", - "040000000000000000000292FE77E70C12A4234C33", - 2, nameSplitPattern); - - add("sect193r1", "1.3.132.0.24", B, - "02000000000000000000000000000000000000000000008001", - "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01", - "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814", - "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1", - "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", - "01000000000000000000000000C7F34A778F443ACC920EBA49", - 2, nameSplitPattern); - - add("sect193r2", "1.3.132.0.25", B, - "02000000000000000000000000000000000000000000008001", - "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B", - "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE", - "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F", - "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", - "010000000000000000000000015AAB561B005413CCD4EE99D5", - 2, nameSplitPattern); - - add("sect233k1 [NIST K-233]", "1.3.132.0.26", BD, - "020000000000000000000000000000000000000004000000000000000001", - "000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000001", - "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", - "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", - "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", - 4, nameSplitPattern); - - add("sect233r1 [NIST B-233]", "1.3.132.0.27", B, - "020000000000000000000000000000000000000004000000000000000001", - "000000000000000000000000000000000000000000000000000000000001", - "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", - "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", - "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", - "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", - 2, nameSplitPattern); - - add("sect239k1", "1.3.132.0.3", B, - "800000000000000000004000000000000000000000000000000000000001", - "000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000001", - "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC", - "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", - "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", - 4, nameSplitPattern); - - add("sect283k1 [NIST K-283]", "1.3.132.0.16", BD, - "0800000000000000000000000000000000000000000000000000000000000000000010A1", - "000000000000000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000000000000000001", - "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836", - "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", - 4, nameSplitPattern); - - add("sect283r1 [NIST B-283]", "1.3.132.0.17", B, - "0800000000000000000000000000000000000000000000000000000000000000000010A1", - "000000000000000000000000000000000000000000000000000000000000000000000001", - "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", - "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053", - "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", - "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", - 2, nameSplitPattern); - - add("sect409k1 [NIST K-409]", "1.3.132.0.36", BD, - "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", - "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", - "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746", - "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", - "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", - 4, nameSplitPattern); - - add("sect409r1 [NIST B-409]", "1.3.132.0.37", B, - "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", - "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", - "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7", - "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", - "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", - 2, nameSplitPattern); - - add("sect571k1 [NIST K-571]", "1.3.132.0.38", BD, - "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", - "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972", - "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", - "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", - 4, nameSplitPattern); - - add("sect571r1 [NIST B-571]", "1.3.132.0.39", B, - "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", - "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", - "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19", - "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", - "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", - 2, nameSplitPattern); - - /* ANSI X9.62 binary curves */ - add("X9.62 c2tnb191v1", "1.2.840.10045.3.0.5", B, - "800000000000000000000000000000000000000000000201", - "2866537B676752636A68F56554E12640276B649EF7526267", - "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", - "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D", - "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB", - "40000000000000000000000004A20E90C39067C893BBB9A5", - 2, nameSplitPattern); - - add("X9.62 c2tnb191v2", "1.2.840.10045.3.0.6", B, - "800000000000000000000000000000000000000000000201", - "401028774D7777C7B7666D1366EA432071274F89FF01E718", - "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", - "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10", - "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A", - "20000000000000000000000050508CB89F652824E06B8173", - 4, nameSplitPattern); - - add("X9.62 c2tnb191v3", "1.2.840.10045.3.0.7", B, - "800000000000000000000000000000000000000000000201", - "6C01074756099122221056911C77D77E77A777E7E7E77FCB", - "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", - "375D4CE24FDE434489DE8746E71786015009E66E38A926DD", - "545A39176196575D985999366E6AD34CE0A77CD7127B06BE", - "155555555555555555555555610C0B196812BFB6288A3EA3", - 6, nameSplitPattern); - - add("X9.62 c2tnb239v1", "1.2.840.10045.3.0.11", B, - "800000000000000000000000000000000000000000000000001000000001", - "32010857077C5431123A46B808906756F543423E8D27877578125778AC76", - "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", - "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D", - "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305", - "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", - 4, nameSplitPattern); - - add("X9.62 c2tnb239v2", "1.2.840.10045.3.0.12", B, - "800000000000000000000000000000000000000000000000001000000001", - "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", - "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", - "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205", - "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833", - "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", - 6, nameSplitPattern); - - add("X9.62 c2tnb239v3", "1.2.840.10045.3.0.13", B, - "800000000000000000000000000000000000000000000000001000000001", - "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", - "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", - "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92", - "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461", - "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", - 0xA, nameSplitPattern); - - add("X9.62 c2tnb359v1", "1.2.840.10045.3.0.18", B, - "800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001", - "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557", - "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988", - "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097", - "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E4AE2DE211305A407104BD", - "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B", - 0x4C, nameSplitPattern); - - add("X9.62 c2tnb431r1", "1.2.840.10045.3.0.20", B, - "800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001", - "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F", - "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618", - "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7", - "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760", - "0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91", - 0x2760, nameSplitPattern); - - /* ANSI X9.62 binary curves from the 1998 standard but forbidden - * in the 2005 version of the standard. - * We don't register them but leave them here for the time being in - * case we need to support them after all. - */ -/* - add("X9.62 c2pnb163v1", "1.2.840.10045.3.0.1", B, - "080000000000000000000000000000000000000107", - "072546B5435234A422E0789675F432C89435DE5242", - "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", - "07AF69989546103D79329FCC3D74880F33BBE803CB", - "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F", - "0400000000000000000001E60FC8821CC74DAEAFC1", - 2, nameSplitPattern); - - add("X9.62 c2pnb163v2", "1.2.840.10045.3.0.2", B, - "080000000000000000000000000000000000000107", - "0108B39E77C4B108BED981ED0E890E117C511CF072", - "0667ACEB38AF4E488C407433FFAE4F1C811638DF20", - "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5", - "079F684DDF6684C5CD258B3890021B2386DFD19FC5", - "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", - 2, nameSplitPattern); - - add("X9.62 c2pnb163v3", "1.2.840.10045.3.0.3", B, - "080000000000000000000000000000000000000107", - "07A526C63D3E25A256A007699F5447E32AE456B50E", - "03F7061798EB99E238FD6F1BF95B48FEEB4854252B", - "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB", - "05B935590C155E17EA48EB3FF3718B893DF59A05D0", - "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", - 2, nameSplitPattern); - - add("X9.62 c2pnb176w1", "1.2.840.10045.3.0.4", B, - "0100000000000000000000000000000000080000000007", - "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", - "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", - "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798", - "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C", - "00010092537397ECA4F6145799D62B0A19CE06FE26AD", - 0xFF6E, nameSplitPattern); - - add("X9.62 c2pnb208w1", "1.2.840.10045.3.0.10", B, - "010000000000000000000000000000000800000000000000000007", - "0000000000000000000000000000000000000000000000000000", - "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", - "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A", - "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3", - "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", - 0xFE48, nameSplitPattern); - - add("X9.62 c2pnb272w1", "1.2.840.10045.3.0.16", B, - "010000000000000000000000000000000000000000000000000000010000000000000B", - "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", - "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", - "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D", - "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23", - "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", - 0xFF06, nameSplitPattern); - - add("X9.62 c2pnb304w1", "1.2.840.10045.3.0.17", B, - "010000000000000000000000000000000000000000000000000000000000000000000000000807", - "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681", - "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE", - "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614", - "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1B92C03B", - "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D", - 0xFE2E, nameSplitPattern); - - add("X9.62 c2pnb368w1", "1.2.840.10045.3.0.19", B, - "0100000000000000000000000000000000000000000000000000000000000000000000002000000000000000000007", - "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D", - "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A", - "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F", - "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855ADAA81E2A0750B80FDA2310", - "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967", - 0xFF70, nameSplitPattern); -*/ - - specCollection = Collections.unmodifiableCollection(oidMap.values()); - } -}
--- a/src/share/classes/sun/security/ec/ECKeyPairGenerator.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/sun/security/ec/ECKeyPairGenerator.java Wed Jul 30 11:49:59 2014 -0700 @@ -32,11 +32,10 @@ import java.security.spec.ECParameterSpec; import java.security.spec.ECPoint; -import sun.security.ec.NamedCurve; -import sun.security.ec.ECParameters; import sun.security.ec.ECPrivateKeyImpl; import sun.security.ec.ECPublicKeyImpl; import sun.security.jca.JCAUtil; +import sun.security.util.ECParameters; import sun.security.util.ECUtil; /**
--- a/src/share/classes/sun/security/ec/ECParameters.java Fri Jul 25 15:38:10 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,238 +0,0 @@ -/* - * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.ec; - -import java.io.IOException; - -import java.security.*; -import java.security.spec.*; - -import sun.security.util.*; - -/** - * This class implements encoding and decoding of Elliptic Curve parameters - * as specified in RFC 3279. - * - * However, only named curves are currently supported. - * - * ASN.1 from RFC 3279 follows. Note that X9.62 (2005) has added some additional - * options. - * - * <pre> - * EcpkParameters ::= CHOICE { - * ecParameters ECParameters, - * namedCurve OBJECT IDENTIFIER, - * implicitlyCA NULL } - * - * ECParameters ::= SEQUENCE { - * version ECPVer, -- version is always 1 - * fieldID FieldID, -- identifies the finite field over - * -- which the curve is defined - * curve Curve, -- coefficients a and b of the - * -- elliptic curve - * base ECPoint, -- specifies the base point P - * -- on the elliptic curve - * order INTEGER, -- the order n of the base point - * cofactor INTEGER OPTIONAL -- The integer h = #E(Fq)/n - * } - * - * ECPVer ::= INTEGER {ecpVer1(1)} - * - * Curve ::= SEQUENCE { - * a FieldElement, - * b FieldElement, - * seed BIT STRING OPTIONAL } - * - * FieldElement ::= OCTET STRING - * - * ECPoint ::= OCTET STRING - * </pre> - * - * @since 1.6 - * @author Andreas Sterbenz - */ -public final class ECParameters extends AlgorithmParametersSpi { - - // used by ECPublicKeyImpl and ECPrivateKeyImpl - static AlgorithmParameters getAlgorithmParameters(ECParameterSpec spec) - throws InvalidKeyException { - try { - AlgorithmParameters params = - AlgorithmParameters.getInstance("EC", "SunEC"); - params.init(spec); - return params; - } catch (GeneralSecurityException e) { - throw new InvalidKeyException("EC parameters error", e); - } - } - - /* - * The parameters these AlgorithmParameters object represents. - * Currently, it is always an instance of NamedCurve. - */ - private NamedCurve namedCurve; - - // A public constructor is required by AlgorithmParameters class. - public ECParameters() { - // empty - } - - // AlgorithmParameterSpi methods - - protected void engineInit(AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException { - - if (paramSpec == null) { - throw new InvalidParameterSpecException - ("paramSpec must not be null"); - } - - if (paramSpec instanceof NamedCurve) { - namedCurve = (NamedCurve)paramSpec; - return; - } - - if (paramSpec instanceof ECParameterSpec) { - namedCurve = CurveDB.lookup((ECParameterSpec)paramSpec); - } else if (paramSpec instanceof ECGenParameterSpec) { - String name = ((ECGenParameterSpec)paramSpec).getName(); - namedCurve = CurveDB.lookup(name); - } else if (paramSpec instanceof ECKeySizeParameterSpec) { - int keySize = ((ECKeySizeParameterSpec)paramSpec).getKeySize(); - namedCurve = CurveDB.lookup(keySize); - } else { - throw new InvalidParameterSpecException - ("Only ECParameterSpec and ECGenParameterSpec supported"); - } - - if (namedCurve == null) { - throw new InvalidParameterSpecException( - "Not a supported curve: " + paramSpec); - } - } - - protected void engineInit(byte[] params) throws IOException { - DerValue encodedParams = new DerValue(params); - if (encodedParams.tag == DerValue.tag_ObjectId) { - ObjectIdentifier oid = encodedParams.getOID(); - NamedCurve spec = CurveDB.lookup(oid.toString()); - if (spec == null) { - throw new IOException("Unknown named curve: " + oid); - } - - namedCurve = spec; - return; - } - - throw new IOException("Only named ECParameters supported"); - - // The code below is incomplete. - // It is left as a starting point for a complete parsing implementation. - -/* - if (encodedParams.tag != DerValue.tag_Sequence) { - throw new IOException("Unsupported EC parameters, tag: " + - encodedParams.tag); - } - - encodedParams.data.reset(); - - DerInputStream in = encodedParams.data; - - int version = in.getInteger(); - if (version != 1) { - throw new IOException("Unsupported EC parameters version: " + - version); - } - ECField field = parseField(in); - EllipticCurve curve = parseCurve(in, field); - ECPoint point = parsePoint(in, curve); - - BigInteger order = in.getBigInteger(); - int cofactor = 0; - - if (in.available() != 0) { - cofactor = in.getInteger(); - } - - // XXX HashAlgorithm optional - - if (encodedParams.data.available() != 0) { - throw new IOException("encoded params have " + - encodedParams.data.available() + - " extra bytes"); - } - - return new ECParameterSpec(curve, point, order, cofactor); -*/ - } - - protected void engineInit(byte[] params, String decodingMethod) - throws IOException { - engineInit(params); - } - - protected <T extends AlgorithmParameterSpec> T - engineGetParameterSpec(Class<T> spec) - throws InvalidParameterSpecException { - - if (spec.isAssignableFrom(ECParameterSpec.class)) { - return spec.cast(namedCurve); - } - - if (spec.isAssignableFrom(ECGenParameterSpec.class)) { - // Ensure the name is the Object ID - String name = namedCurve.getObjectId(); - return spec.cast(new ECGenParameterSpec(name)); - } - - if (spec.isAssignableFrom(ECKeySizeParameterSpec.class)) { - int keySize = namedCurve.getCurve().getField().getFieldSize(); - return spec.cast(new ECKeySizeParameterSpec(keySize)); - } - - throw new InvalidParameterSpecException( - "Only ECParameterSpec and ECGenParameterSpec supported"); - } - - protected byte[] engineGetEncoded() throws IOException { - return namedCurve.getEncoded(); - } - - protected byte[] engineGetEncoded(String encodingMethod) - throws IOException { - return engineGetEncoded(); - } - - protected String engineToString() { - if (namedCurve == null) { - return "Not initialized"; - } - - return namedCurve.toString(); - } -} -
--- a/src/share/classes/sun/security/ec/ECPrivateKeyImpl.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/sun/security/ec/ECPrivateKeyImpl.java Wed Jul 30 11:49:59 2014 -0700 @@ -32,7 +32,11 @@ import java.security.interfaces.*; import java.security.spec.*; -import sun.security.util.*; +import sun.security.util.DerInputStream; +import sun.security.util.DerOutputStream; +import sun.security.util.DerValue; +import sun.security.util.ECParameters; +import sun.security.util.ECUtil; import sun.security.x509.AlgorithmId; import sun.security.pkcs.PKCS8Key;
--- a/src/share/classes/sun/security/ec/ECPublicKeyImpl.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/sun/security/ec/ECPublicKeyImpl.java Wed Jul 30 11:49:59 2014 -0700 @@ -31,7 +31,9 @@ import java.security.interfaces.*; import java.security.spec.*; -import sun.security.util.*; +import sun.security.util.ECParameters; +import sun.security.util.ECUtil; + import sun.security.x509.*; /**
--- a/src/share/classes/sun/security/ec/NamedCurve.java Fri Jul 25 15:38:10 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,86 +0,0 @@ -/* - * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.ec; - -import java.io.IOException; -import java.math.BigInteger; - -import java.security.spec.*; - -import sun.security.util.DerOutputStream; -import sun.security.util.ObjectIdentifier; - - -/** - * Contains Elliptic Curve parameters. - * - * @since 1.6 - * @author Andreas Sterbenz - */ -class NamedCurve extends ECParameterSpec { - - // friendly name for toString() output - private final String name; - - // well known OID - private final String oid; - - // encoded form (as NamedCurve identified via OID) - private final byte[] encoded; - - NamedCurve(String name, String oid, EllipticCurve curve, - ECPoint g, BigInteger n, int h) { - super(curve, g, n, h); - this.name = name; - this.oid = oid; - - DerOutputStream out = new DerOutputStream(); - - try { - out.putOID(new ObjectIdentifier(oid)); - } catch (IOException e) { - throw new RuntimeException("Internal error", e); - } - - encoded = out.toByteArray(); - } - - String getName() { - return name; - } - - byte[] getEncoded() { - return encoded.clone(); - } - - String getObjectId() { - return oid; - } - - public String toString() { - return name + " (" + oid + ")"; - } -}
--- a/src/share/classes/sun/security/ec/SunECEntries.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/sun/security/ec/SunECEntries.java Wed Jul 30 11:49:59 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,8 @@ import java.util.Map; import java.util.regex.Pattern; +import sun.security.util.CurveDB; +import sun.security.util.NamedCurve; /** * Defines the entries of the SunEC provider. @@ -55,7 +57,7 @@ /* * Algorithm Parameter engine */ - map.put("AlgorithmParameters.EC", "sun.security.ec.ECParameters"); + map.put("AlgorithmParameters.EC", "sun.security.util.ECParameters"); map.put("Alg.Alias.AlgorithmParameters.EllipticCurve", "EC"); map.put("Alg.Alias.AlgorithmParameters.1.2.840.10045.2.1", "EC");
--- a/src/share/classes/sun/security/jgss/krb5/Krb5Context.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/sun/security/jgss/krb5/Krb5Context.java Wed Jul 30 11:49:59 2014 -0700 @@ -40,11 +40,13 @@ import java.security.AccessController; import java.security.AccessControlContext; import java.security.Key; +import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; -import java.security.PrivilegedActionException; -import javax.crypto.Cipher; import javax.security.auth.Subject; -import javax.security.auth.kerberos.*; +import javax.security.auth.kerberos.ServicePermission; +import javax.security.auth.kerberos.KerberosCredMessage; +import javax.security.auth.kerberos.KerberosPrincipal; +import javax.security.auth.kerberos.KerberosTicket; import sun.security.krb5.internal.Ticket; /** @@ -118,6 +120,7 @@ // XXX See if the required info from these can be extracted and // stored elsewhere + private Credentials tgt; private Credentials serviceCreds; private KrbApReq apReq; Ticket serviceTicket; @@ -616,7 +619,6 @@ "No TGT available"); } myName = (Krb5NameElement) myCred.getName(); - Credentials tgt; final Krb5ProxyCredential second; if (myCred instanceof Krb5InitCredential) { second = null; @@ -750,7 +752,6 @@ // No need to write anything; // just validate the incoming token new AcceptSecContextToken(this, serviceCreds, apReq, is); - serviceCreds = null; apReq = null; state = STATE_DONE; } else { @@ -1304,6 +1305,9 @@ public final void dispose() throws GSSException { state = STATE_DELETED; delegatedCred = null; + tgt = null; + serviceCreds = null; + key = null; } public final Provider getProvider() { @@ -1424,6 +1428,9 @@ switch (type) { case KRB5_GET_SESSION_KEY: return new KerberosSessionKey(key); + case KRB5_GET_SESSION_KEY_EX: + return new javax.security.auth.kerberos.EncryptionKey( + key.getBytes(), key.getEType()); case KRB5_GET_TKT_FLAGS: return tktFlags.clone(); case KRB5_GET_AUTHZ_DATA: @@ -1435,6 +1442,26 @@ } case KRB5_GET_AUTHTIME: return authTime; + case KRB5_GET_KRB_CRED: + if (!isInitiator()) { + throw new GSSException(GSSException.UNAVAILABLE, -1, + "KRB_CRED not available on acceptor side."); + } + KerberosPrincipal sender = new KerberosPrincipal( + myName.getKrb5PrincipalName().getName()); + KerberosPrincipal recipient = new KerberosPrincipal( + peerName.getKrb5PrincipalName().getName()); + try { + byte[] krbCred = new KrbCred(tgt, serviceCreds, key) + .getMessage(); + return new KerberosCredMessage( + sender, recipient, krbCred); + } catch (KrbException | IOException e) { + GSSException gsse = new GSSException(GSSException.UNAVAILABLE, -1, + "KRB_CRED not generated correctly."); + gsse.initCause(e); + throw gsse; + } } throw new GSSException(GSSException.UNAVAILABLE, -1, "Inquire type not supported."); @@ -1456,4 +1483,5 @@ public void setAuthzData(com.sun.security.jgss.AuthorizationDataEntry[] authzData) { this.authzData = authzData; } + }
--- a/src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java Wed Jul 30 11:49:59 2014 -0700 @@ -29,8 +29,8 @@ import sun.security.jgss.GSSCaller; import sun.security.jgss.spi.*; import sun.security.krb5.*; -import sun.security.krb5.Config; -import javax.security.auth.kerberos.*; +import javax.security.auth.kerberos.KerberosTicket; +import javax.security.auth.kerberos.KerberosPrincipal; import java.net.InetAddress; import java.io.IOException; import java.util.Date;
--- a/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java Wed Jul 30 11:49:59 2014 -0700 @@ -523,13 +523,6 @@ valid = false; } - // get the mechanism token - byte[] mechToken = initToken.getMechToken(); - if (mechToken == null) { - throw new GSSException(GSSException.FAILURE, -1, - "mechToken is missing"); - } - /* * Select the best match between the list of mechs * that the initiator requested and the list that @@ -545,7 +538,19 @@ internal_mech = mech_wanted; // get the token for mechanism - byte[] accept_token = GSS_acceptSecContext(mechToken); + byte[] accept_token; + + if (mechList[0].equals(mech_wanted)) { + // get the mechanism token + byte[] mechToken = initToken.getMechToken(); + if (mechToken == null) { + throw new GSSException(GSSException.FAILURE, -1, + "mechToken is missing"); + } + accept_token = GSS_acceptSecContext(mechToken); + } else { + accept_token = null; + } // verify MIC if (!GSSUtil.useMSInterop() && valid) { @@ -594,9 +599,27 @@ retVal = targToken.getEncoded(); } else if (state == STATE_IN_PROCESS) { + // read data + byte[] token = new byte[is.available()]; + SpNegoToken.readFully(is, token); + if (DEBUG) { + System.out.println("SpNegoContext.acceptSecContext: " + + "receiving token = " + + SpNegoToken.getHexBytes(token)); + } + + // read the SPNEGO token + // token will be validated when parsing + NegTokenTarg inputToken = new NegTokenTarg(token); + + if (DEBUG) { + System.out.println("SpNegoContext.acceptSecContext: " + + "received token of type = " + + SpNegoToken.getTokenName(inputToken.getType())); + } + // read the token - byte[] client_token = new byte[is.available()]; - SpNegoToken.readFully(is, client_token); + byte[] client_token = inputToken.getResponseToken(); byte[] accept_token = GSS_acceptSecContext(client_token); if (accept_token == null) { valid = false; @@ -1055,7 +1078,7 @@ * This is only valid on the acceptor side of the context. * @return GSSCredentialSpi object for the delegated credential * @exception GSSException - * @see GSSContext#getDelegCredState + * @see GSSContext#getCredDelegState */ public final GSSCredentialSpi getDelegCred() throws GSSException { if (state != STATE_IN_PROCESS && state != STATE_DONE)
--- a/src/share/classes/sun/security/pkcs11/P11KeyStore.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/sun/security/pkcs11/P11KeyStore.java Wed Jul 30 11:49:59 2014 -0700 @@ -67,8 +67,6 @@ import sun.security.util.DerValue; import sun.security.util.ECUtil; -import sun.security.ec.ECParameters; - import sun.security.pkcs11.Secmod.*; import static sun.security.pkcs11.P11Util.*;
--- a/src/share/classes/sun/security/pkcs11/SunPKCS11.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/sun/security/pkcs11/SunPKCS11.java Wed Jul 30 11:49:59 2014 -0700 @@ -593,7 +593,7 @@ // AlgorithmParameters for EC. // Only needed until we have an EC implementation in the SUN provider. - d(AGP, "EC", "sun.security.ec.ECParameters", + d(AGP, "EC", "sun.security.util.ECParameters", s("1.2.840.10045.2.1"), m(CKM_EC_KEY_PAIR_GEN, CKM_ECDH1_DERIVE, CKM_ECDSA, CKM_ECDSA_SHA1)); @@ -1032,7 +1032,7 @@ } else if (type == KS) { return token.getKeyStore(); } else if (type == AGP) { - return new sun.security.ec.ECParameters(); + return new sun.security.util.ECParameters(); } else { throw new NoSuchAlgorithmException("Unknown type: " + type); }
--- a/src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java Fri Jul 25 15:38:10 2014 -0700 +++ b/src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java Wed Jul 30 11:49:59 2014 -0700 @@ -176,7 +176,7 @@ private final static int ARBITRARY_PRIME = 0xff01; private final static int ARBITRARY_CHAR2 = 0xff02; - // See sun.security.ec.NamedCurve for the OIDs + // See sun.security.util.NamedCurve for the OIDs private final static String[] NAMED_CURVE_OID_TABLE = new String[] { null, // (0) unused "1.3.132.0.1", // (1) sect163k1, NIST K-163
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/util/CurveDB.java Wed Jul 30 11:49:59 2014 -0700 @@ -0,0 +1,669 @@ +/* + * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.util; + +import java.math.BigInteger; + +import java.security.spec.*; + +import java.util.*; +import java.util.regex.Pattern; + +/** + * Repository for well-known Elliptic Curve parameters. It is used by both + * the SunPKCS11 and SunJSSE code. + * + * @since 1.6 + * @author Andreas Sterbenz + */ +public class CurveDB { + private final static int P = 1; // prime curve + private final static int B = 2; // binary curve + private final static int PD = 5; // prime curve, mark as default + private final static int BD = 6; // binary curve, mark as default + + private static final Map<String,NamedCurve> oidMap = + new LinkedHashMap<String,NamedCurve>(); + private static final Map<String,NamedCurve> nameMap = + new HashMap<String,NamedCurve>(); + private static final Map<Integer,NamedCurve> lengthMap = + new HashMap<Integer,NamedCurve>(); + + private static Collection<? extends NamedCurve> specCollection; + + public static final String SPLIT_PATTERN = ",|\\[|\\]"; + + // Used by SunECEntries + public static Collection<? extends NamedCurve>getSupportedCurves() { + return specCollection; + } + + // Return a NamedCurve for the specified OID/name or null if unknown. + static NamedCurve lookup(String name) { + NamedCurve spec = oidMap.get(name); + if (spec != null) { + return spec; + } + + return nameMap.get(name); + } + + // Return EC parameters for the specified field size. If there are known + // NIST recommended parameters for the given length, they are returned. + // Otherwise, if there are multiple matches for the given size, an + // arbitrary one is returns. + // If no parameters are known, the method returns null. + // NOTE that this method returns both prime and binary curves. + static NamedCurve lookup(int length) { + return lengthMap.get(length); + } + + // Convert the given ECParameterSpec object to a NamedCurve object. + // If params does not represent a known named curve, return null. + static NamedCurve lookup(ECParameterSpec params) { + if ((params instanceof NamedCurve) || (params == null)) { + return (NamedCurve)params; + } + + // This is a hack to allow SunJSSE to work with 3rd party crypto + // providers for ECC and not just SunPKCS11. + // This can go away once we decide how to expose curve names in the + // public API. + // Note that it assumes that the 3rd party provider encodes named + // curves using the short form, not explicitly. If it did that, then + // the SunJSSE TLS ECC extensions are wrong, which could lead to + // interoperability problems. + int fieldSize = params.getCurve().getField().getFieldSize(); + for (NamedCurve namedCurve : specCollection) { + // ECParameterSpec does not define equals, so check all the + // components ourselves. + // Quick field size check first + if (namedCurve.getCurve().getField().getFieldSize() != fieldSize) { + continue; + } + if (namedCurve.getCurve().equals(params.getCurve()) == false) { + continue; + } + if (namedCurve.getGenerator().equals(params.getGenerator()) == + false) { + continue; + } + if (namedCurve.getOrder().equals(params.getOrder()) == false) { + continue; + } + if (namedCurve.getCofactor() != params.getCofactor()) { + continue; + } + // everything matches our named curve, return it + return namedCurve; + } + // no match found + return null; + } + + private static BigInteger bi(String s) { + return new BigInteger(s, 16); + } + + private static void add(String name, String soid, int type, String sfield, + String a, String b, String x, String y, String n, int h, + Pattern nameSplitPattern) { + BigInteger p = bi(sfield); + ECField field; + if ((type == P) || (type == PD)) { + field = new ECFieldFp(p); + } else if ((type == B) || (type == BD)) { + field = new ECFieldF2m(p.bitLength() - 1, p); + } else { + throw new RuntimeException("Invalid type: " + type); + } + + EllipticCurve curve = new EllipticCurve(field, bi(a), bi(b)); + ECPoint g = new ECPoint(bi(x), bi(y)); + + NamedCurve params = new NamedCurve(name, soid, curve, g, bi(n), h); + if (oidMap.put(soid, params) != null) { + throw new RuntimeException("Duplication oid: " + soid); + } + + String[] commonNames = nameSplitPattern.split(name); + for (String commonName : commonNames) { + if (nameMap.put(commonName.trim(), params) != null) { + throw new RuntimeException("Duplication name: " + commonName); + } + } + + int len = field.getFieldSize(); + if ((type == PD) || (type == BD) || (lengthMap.get(len) == null)) { + // add entry if none present for this field size or if + // the curve is marked as a default curve. + lengthMap.put(len, params); + } + } + + static { + Pattern nameSplitPattern = Pattern.compile(SPLIT_PATTERN); + + /* SEC2 prime curves */ + add("secp112r1", "1.3.132.0.6", P, + "DB7C2ABF62E35E668076BEAD208B", + "DB7C2ABF62E35E668076BEAD2088", + "659EF8BA043916EEDE8911702B22", + "09487239995A5EE76B55F9C2F098", + "A89CE5AF8724C0A23E0E0FF77500", + "DB7C2ABF62E35E7628DFAC6561C5", + 1, nameSplitPattern); + + add("secp112r2", "1.3.132.0.7", P, + "DB7C2ABF62E35E668076BEAD208B", + "6127C24C05F38A0AAAF65C0EF02C", + "51DEF1815DB5ED74FCC34C85D709", + "4BA30AB5E892B4E1649DD0928643", + "adcd46f5882e3747def36e956e97", + "36DF0AAFD8B8D7597CA10520D04B", + 4, nameSplitPattern); + + add("secp128r1", "1.3.132.0.28", P, + "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", + "E87579C11079F43DD824993C2CEE5ED3", + "161FF7528B899B2D0C28607CA52C5B86", + "CF5AC8395BAFEB13C02DA292DDED7A83", + "FFFFFFFE0000000075A30D1B9038A115", + 1, nameSplitPattern); + + add("secp128r2", "1.3.132.0.29", P, + "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", + "D6031998D1B3BBFEBF59CC9BBFF9AEE1", + "5EEEFCA380D02919DC2C6558BB6D8A5D", + "7B6AA5D85E572983E6FB32A7CDEBC140", + "27B6916A894D3AEE7106FE805FC34B44", + "3FFFFFFF7FFFFFFFBE0024720613B5A3", + 4, nameSplitPattern); + + add("secp160k1", "1.3.132.0.9", P, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", + "0000000000000000000000000000000000000000", + "0000000000000000000000000000000000000007", + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", + "938CF935318FDCED6BC28286531733C3F03C4FEE", + "0100000000000000000001B8FA16DFAB9ACA16B6B3", + 1, nameSplitPattern); + + add("secp160r1", "1.3.132.0.8", P, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", + "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", + "4A96B5688EF573284664698968C38BB913CBFC82", + "23A628553168947D59DCC912042351377AC5FB32", + "0100000000000000000001F4C8F927AED3CA752257", + 1, nameSplitPattern); + + add("secp160r2", "1.3.132.0.30", P, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", + "B4E134D3FB59EB8BAB57274904664D5AF50388BA", + "52DCB034293A117E1F4FF11B30F7199D3144CE6D", + "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E", + "0100000000000000000000351EE786A818F3A1A16B", + 1, nameSplitPattern); + + add("secp192k1", "1.3.132.0.31", P, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", + "000000000000000000000000000000000000000000000000", + "000000000000000000000000000000000000000000000003", + "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", + "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", + "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", + 1, nameSplitPattern); + + add("secp192r1 [NIST P-192, X9.62 prime192v1]", "1.2.840.10045.3.1.1", PD, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", + "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", + "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", + "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811", + "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", + 1, nameSplitPattern); + + add("secp224k1", "1.3.132.0.32", P, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", + "00000000000000000000000000000000000000000000000000000000", + "00000000000000000000000000000000000000000000000000000005", + "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", + "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", + "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", + 1, nameSplitPattern); + + add("secp224r1 [NIST P-224]", "1.3.132.0.33", PD, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", + "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", + "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", + 1, nameSplitPattern); + + add("secp256k1", "1.3.132.0.10", P, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", + "0000000000000000000000000000000000000000000000000000000000000000", + "0000000000000000000000000000000000000000000000000000000000000007", + "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", + "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", + 1, nameSplitPattern); + + add("secp256r1 [NIST P-256, X9.62 prime256v1]", "1.2.840.10045.3.1.7", PD, + "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", + "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", + "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", + 1, nameSplitPattern); + + add("secp384r1 [NIST P-384]", "1.3.132.0.34", PD, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", + "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", + "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7", + "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", + 1, nameSplitPattern); + + add("secp521r1 [NIST P-521]", "1.3.132.0.35", PD, + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", + "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", + "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", + "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", + 1, nameSplitPattern); + + /* ANSI X9.62 prime curves */ + add("X9.62 prime192v2", "1.2.840.10045.3.1.2", P, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", + "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", + "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", + "6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15", + "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31", + 1, nameSplitPattern); + + add("X9.62 prime192v3", "1.2.840.10045.3.1.3", P, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", + "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", + "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", + "38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0", + "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13", + 1, nameSplitPattern); + + add("X9.62 prime239v1", "1.2.840.10045.3.1.4", P, + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", + "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", + "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", + "7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE", + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B", + 1, nameSplitPattern); + + add("X9.62 prime239v2", "1.2.840.10045.3.1.5", P, + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", + "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", + "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", + "5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA", + "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063", + 1, nameSplitPattern); + + add("X9.62 prime239v3", "1.2.840.10045.3.1.6", P, + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", + "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", + "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", + "1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3", + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551", + 1, nameSplitPattern); + + /* SEC2 binary curves */ + add("sect113r1", "1.3.132.0.4", B, + "020000000000000000000000000201", + "003088250CA6E7C7FE649CE85820F7", + "00E8BEE4D3E2260744188BE0E9C723", + "009D73616F35F4AB1407D73562C10F", + "00A52830277958EE84D1315ED31886", + "0100000000000000D9CCEC8A39E56F", + 2, nameSplitPattern); + + add("sect113r2", "1.3.132.0.5", B, + "020000000000000000000000000201", + "00689918DBEC7E5A0DD6DFC0AA55C7", + "0095E9A9EC9B297BD4BF36E059184F", + "01A57A6A7B26CA5EF52FCDB8164797", + "00B3ADC94ED1FE674C06E695BABA1D", + "010000000000000108789B2496AF93", + 2, nameSplitPattern); + + add("sect131r1", "1.3.132.0.22", B, + "080000000000000000000000000000010D", + "07A11B09A76B562144418FF3FF8C2570B8", + "0217C05610884B63B9C6C7291678F9D341", + "0081BAF91FDF9833C40F9C181343638399", + "078C6E7EA38C001F73C8134B1B4EF9E150", + "0400000000000000023123953A9464B54D", + 2, nameSplitPattern); + + add("sect131r2", "1.3.132.0.23", B, + "080000000000000000000000000000010D", + "03E5A88919D7CAFCBF415F07C2176573B2", + "04B8266A46C55657AC734CE38F018F2192", + "0356DCD8F2F95031AD652D23951BB366A8", + "0648F06D867940A5366D9E265DE9EB240F", + "0400000000000000016954A233049BA98F", + 2, nameSplitPattern); + + add("sect163k1 [NIST K-163]", "1.3.132.0.1", BD, + "0800000000000000000000000000000000000000C9", + "000000000000000000000000000000000000000001", + "000000000000000000000000000000000000000001", + "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", + "0289070FB05D38FF58321F2E800536D538CCDAA3D9", + "04000000000000000000020108A2E0CC0D99F8A5EF", + 2, nameSplitPattern); + + add("sect163r1", "1.3.132.0.2", B, + "0800000000000000000000000000000000000000C9", + "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2", + "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9", + "0369979697AB43897789566789567F787A7876A654", + "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883", + "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", + 2, nameSplitPattern); + + add("sect163r2 [NIST B-163]", "1.3.132.0.15", BD, + "0800000000000000000000000000000000000000C9", + "000000000000000000000000000000000000000001", + "020A601907B8C953CA1481EB10512F78744A3205FD", + "03F0EBA16286A2D57EA0991168D4994637E8343E36", + "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", + "040000000000000000000292FE77E70C12A4234C33", + 2, nameSplitPattern); + + add("sect193r1", "1.3.132.0.24", B, + "02000000000000000000000000000000000000000000008001", + "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01", + "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814", + "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1", + "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", + "01000000000000000000000000C7F34A778F443ACC920EBA49", + 2, nameSplitPattern); + + add("sect193r2", "1.3.132.0.25", B, + "02000000000000000000000000000000000000000000008001", + "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B", + "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE", + "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F", + "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", + "010000000000000000000000015AAB561B005413CCD4EE99D5", + 2, nameSplitPattern); + + add("sect233k1 [NIST K-233]", "1.3.132.0.26", BD, + "020000000000000000000000000000000000000004000000000000000001", + "000000000000000000000000000000000000000000000000000000000000", + "000000000000000000000000000000000000000000000000000000000001", + "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", + "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", + "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", + 4, nameSplitPattern); + + add("sect233r1 [NIST B-233]", "1.3.132.0.27", B, + "020000000000000000000000000000000000000004000000000000000001", + "000000000000000000000000000000000000000000000000000000000001", + "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", + "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", + "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", + "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", + 2, nameSplitPattern); + + add("sect239k1", "1.3.132.0.3", B, + "800000000000000000004000000000000000000000000000000000000001", + "000000000000000000000000000000000000000000000000000000000000", + "000000000000000000000000000000000000000000000000000000000001", + "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC", + "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", + "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", + 4, nameSplitPattern); + + add("sect283k1 [NIST K-283]", "1.3.132.0.16", BD, + "0800000000000000000000000000000000000000000000000000000000000000000010A1", + "000000000000000000000000000000000000000000000000000000000000000000000000", + "000000000000000000000000000000000000000000000000000000000000000000000001", + "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836", + "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", + 4, nameSplitPattern); + + add("sect283r1 [NIST B-283]", "1.3.132.0.17", B, + "0800000000000000000000000000000000000000000000000000000000000000000010A1", + "000000000000000000000000000000000000000000000000000000000000000000000001", + "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", + "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053", + "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", + "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", + 2, nameSplitPattern); + + add("sect409k1 [NIST K-409]", "1.3.132.0.36", BD, + "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", + "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746", + "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", + "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", + 4, nameSplitPattern); + + add("sect409r1 [NIST B-409]", "1.3.132.0.37", B, + "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", + "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", + "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7", + "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", + "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", + 2, nameSplitPattern); + + add("sect571k1 [NIST K-571]", "1.3.132.0.38", BD, + "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", + "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972", + "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", + "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", + 4, nameSplitPattern); + + add("sect571r1 [NIST B-571]", "1.3.132.0.39", B, + "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", + "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", + "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19", + "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", + "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", + 2, nameSplitPattern); + + /* ANSI X9.62 binary curves */ + add("X9.62 c2tnb191v1", "1.2.840.10045.3.0.5", B, + "800000000000000000000000000000000000000000000201", + "2866537B676752636A68F56554E12640276B649EF7526267", + "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", + "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D", + "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB", + "40000000000000000000000004A20E90C39067C893BBB9A5", + 2, nameSplitPattern); + + add("X9.62 c2tnb191v2", "1.2.840.10045.3.0.6", B, + "800000000000000000000000000000000000000000000201", + "401028774D7777C7B7666D1366EA432071274F89FF01E718", + "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", + "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10", + "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A", + "20000000000000000000000050508CB89F652824E06B8173", + 4, nameSplitPattern); + + add("X9.62 c2tnb191v3", "1.2.840.10045.3.0.7", B, + "800000000000000000000000000000000000000000000201", + "6C01074756099122221056911C77D77E77A777E7E7E77FCB", + "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", + "375D4CE24FDE434489DE8746E71786015009E66E38A926DD", + "545A39176196575D985999366E6AD34CE0A77CD7127B06BE", + "155555555555555555555555610C0B196812BFB6288A3EA3", + 6, nameSplitPattern); + + add("X9.62 c2tnb239v1", "1.2.840.10045.3.0.11", B, + "800000000000000000000000000000000000000000000000001000000001", + "32010857077C5431123A46B808906756F543423E8D27877578125778AC76", + "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", + "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D", + "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305", + "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", + 4, nameSplitPattern); + + add("X9.62 c2tnb239v2", "1.2.840.10045.3.0.12", B, + "800000000000000000000000000000000000000000000000001000000001", + "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", + "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", + "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205", + "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833", + "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", + 6, nameSplitPattern); + + add("X9.62 c2tnb239v3", "1.2.840.10045.3.0.13", B, + "800000000000000000000000000000000000000000000000001000000001", + "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", + "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", + "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92", + "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461", + "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", + 0xA, nameSplitPattern); + + add("X9.62 c2tnb359v1", "1.2.840.10045.3.0.18", B, + "800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001", + "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557", + "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988", + "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097", + "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E4AE2DE211305A407104BD", + "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B", + 0x4C, nameSplitPattern); + + add("X9.62 c2tnb431r1", "1.2.840.10045.3.0.20", B, + "800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001", + "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F", + "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618", + "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7", + "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760", + "0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91", + 0x2760, nameSplitPattern); + + /* ANSI X9.62 binary curves from the 1998 standard but forbidden + * in the 2005 version of the standard. + * We don't register them but leave them here for the time being in + * case we need to support them after all. + */ +/* + add("X9.62 c2pnb163v1", "1.2.840.10045.3.0.1", B, + "080000000000000000000000000000000000000107", + "072546B5435234A422E0789675F432C89435DE5242", + "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", + "07AF69989546103D79329FCC3D74880F33BBE803CB", + "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F", + "0400000000000000000001E60FC8821CC74DAEAFC1", + 2, nameSplitPattern); + + add("X9.62 c2pnb163v2", "1.2.840.10045.3.0.2", B, + "080000000000000000000000000000000000000107", + "0108B39E77C4B108BED981ED0E890E117C511CF072", + "0667ACEB38AF4E488C407433FFAE4F1C811638DF20", + "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5", + "079F684DDF6684C5CD258B3890021B2386DFD19FC5", + "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", + 2, nameSplitPattern); + + add("X9.62 c2pnb163v3", "1.2.840.10045.3.0.3", B, + "080000000000000000000000000000000000000107", + "07A526C63D3E25A256A007699F5447E32AE456B50E", + "03F7061798EB99E238FD6F1BF95B48FEEB4854252B", + "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB", + "05B935590C155E17EA48EB3FF3718B893DF59A05D0", + "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", + 2, nameSplitPattern); + + add("X9.62 c2pnb176w1", "1.2.840.10045.3.0.4", B, + "0100000000000000000000000000000000080000000007", + "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", + "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", + "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798", + "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C", + "00010092537397ECA4F6145799D62B0A19CE06FE26AD", + 0xFF6E, nameSplitPattern); + + add("X9.62 c2pnb208w1", "1.2.840.10045.3.0.10", B, + "010000000000000000000000000000000800000000000000000007", + "0000000000000000000000000000000000000000000000000000", + "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", + "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A", + "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3", + "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", + 0xFE48, nameSplitPattern); + + add("X9.62 c2pnb272w1", "1.2.840.10045.3.0.16", B, + "010000000000000000000000000000000000000000000000000000010000000000000B", + "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", + "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", + "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D", + "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23", + "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", + 0xFF06, nameSplitPattern); + + add("X9.62 c2pnb304w1", "1.2.840.10045.3.0.17", B, + "010000000000000000000000000000000000000000000000000000000000000000000000000807", + "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681", + "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE", + "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614", + "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1B92C03B", + "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D", + 0xFE2E, nameSplitPattern); + + add("X9.62 c2pnb368w1", "1.2.840.10045.3.0.19", B, + "0100000000000000000000000000000000000000000000000000000000000000000000002000000000000000000007", + "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D", + "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A", + "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F", + "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855ADAA81E2A0750B80FDA2310", + "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967", + 0xFF70, nameSplitPattern); +*/ + + specCollection = Collections.unmodifiableCollection(oidMap.values()); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/util/ECParameters.java Wed Jul 30 11:49:59 2014 -0700 @@ -0,0 +1,236 @@ +/* + * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.util; + +import java.io.IOException; + +import java.security.*; +import java.security.spec.*; + +/** + * This class implements encoding and decoding of Elliptic Curve parameters + * as specified in RFC 3279. + * + * However, only named curves are currently supported. + * + * ASN.1 from RFC 3279 follows. Note that X9.62 (2005) has added some additional + * options. + * + * <pre> + * EcpkParameters ::= CHOICE { + * ecParameters ECParameters, + * namedCurve OBJECT IDENTIFIER, + * implicitlyCA NULL } + * + * ECParameters ::= SEQUENCE { + * version ECPVer, -- version is always 1 + * fieldID FieldID, -- identifies the finite field over + * -- which the curve is defined + * curve Curve, -- coefficients a and b of the + * -- elliptic curve + * base ECPoint, -- specifies the base point P + * -- on the elliptic curve + * order INTEGER, -- the order n of the base point + * cofactor INTEGER OPTIONAL -- The integer h = #E(Fq)/n + * } + * + * ECPVer ::= INTEGER {ecpVer1(1)} + * + * Curve ::= SEQUENCE { + * a FieldElement, + * b FieldElement, + * seed BIT STRING OPTIONAL } + * + * FieldElement ::= OCTET STRING + * + * ECPoint ::= OCTET STRING + * </pre> + * + * @since 1.6 + * @author Andreas Sterbenz + */ +public final class ECParameters extends AlgorithmParametersSpi { + + // used by ECPublicKeyImpl and ECPrivateKeyImpl + public static AlgorithmParameters getAlgorithmParameters(ECParameterSpec spec) + throws InvalidKeyException { + try { + AlgorithmParameters params = + AlgorithmParameters.getInstance("EC", "SunEC"); + params.init(spec); + return params; + } catch (GeneralSecurityException e) { + throw new InvalidKeyException("EC parameters error", e); + } + } + + /* + * The parameters these AlgorithmParameters object represents. + * Currently, it is always an instance of NamedCurve. + */ + private NamedCurve namedCurve; + + // A public constructor is required by AlgorithmParameters class. + public ECParameters() { + // empty + } + + // AlgorithmParameterSpi methods + + protected void engineInit(AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException { + + if (paramSpec == null) { + throw new InvalidParameterSpecException + ("paramSpec must not be null"); + } + + if (paramSpec instanceof NamedCurve) { + namedCurve = (NamedCurve)paramSpec; + return; + } + + if (paramSpec instanceof ECParameterSpec) { + namedCurve = CurveDB.lookup((ECParameterSpec)paramSpec); + } else if (paramSpec instanceof ECGenParameterSpec) { + String name = ((ECGenParameterSpec)paramSpec).getName(); + namedCurve = CurveDB.lookup(name); + } else if (paramSpec instanceof ECKeySizeParameterSpec) { + int keySize = ((ECKeySizeParameterSpec)paramSpec).getKeySize(); + namedCurve = CurveDB.lookup(keySize); + } else { + throw new InvalidParameterSpecException + ("Only ECParameterSpec and ECGenParameterSpec supported"); + } + + if (namedCurve == null) { + throw new InvalidParameterSpecException( + "Not a supported curve: " + paramSpec); + } + } + + protected void engineInit(byte[] params) throws IOException { + DerValue encodedParams = new DerValue(params); + if (encodedParams.tag == DerValue.tag_ObjectId) { + ObjectIdentifier oid = encodedParams.getOID(); + NamedCurve spec = CurveDB.lookup(oid.toString()); + if (spec == null) { + throw new IOException("Unknown named curve: " + oid); + } + + namedCurve = spec; + return; + } + + throw new IOException("Only named ECParameters supported"); + + // The code below is incomplete. + // It is left as a starting point for a complete parsing implementation. + +/* + if (encodedParams.tag != DerValue.tag_Sequence) { + throw new IOException("Unsupported EC parameters, tag: " + + encodedParams.tag); + } + + encodedParams.data.reset(); + + DerInputStream in = encodedParams.data; + + int version = in.getInteger(); + if (version != 1) { + throw new IOException("Unsupported EC parameters version: " + + version); + } + ECField field = parseField(in); + EllipticCurve curve = parseCurve(in, field); + ECPoint point = parsePoint(in, curve); + + BigInteger order = in.getBigInteger(); + int cofactor = 0; + + if (in.available() != 0) { + cofactor = in.getInteger(); + } + + // XXX HashAlgorithm optional + + if (encodedParams.data.available() != 0) { + throw new IOException("encoded params have " + + encodedParams.data.available() + + " extra bytes"); + } + + return new ECParameterSpec(curve, point, order, cofactor); +*/ + } + + protected void engineInit(byte[] params, String decodingMethod) + throws IOException { + engineInit(params); + } + + protected <T extends AlgorithmParameterSpec> T + engineGetParameterSpec(Class<T> spec) + throws InvalidParameterSpecException { + + if (spec.isAssignableFrom(ECParameterSpec.class)) { + return spec.cast(namedCurve); + } + + if (spec.isAssignableFrom(ECGenParameterSpec.class)) { + // Ensure the name is the Object ID + String name = namedCurve.getObjectId(); + return spec.cast(new ECGenParameterSpec(name)); + } + + if (spec.isAssignableFrom(ECKeySizeParameterSpec.class)) { + int keySize = namedCurve.getCurve().getField().getFieldSize(); + return spec.cast(new ECKeySizeParameterSpec(keySize)); + } + + throw new InvalidParameterSpecException( + "Only ECParameterSpec and ECGenParameterSpec supported"); + } + + protected byte[] engineGetEncoded() throws IOException { + return namedCurve.getEncoded(); + } + + protected byte[] engineGetEncoded(String encodingMethod) + throws IOException { + return engineGetEncoded(); + } + + protected String engineToString() { + if (namedCurve == null) { + return "Not initialized"; + } + + return namedCurve.toString(); + } +} +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/util/NamedCurve.java Wed Jul 30 11:49:59 2014 -0700 @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.util; + +import java.io.IOException; +import java.math.BigInteger; + +import java.security.spec.*; + + +/** + * Contains Elliptic Curve parameters. + * + * @since 1.6 + * @author Andreas Sterbenz + */ +public final class NamedCurve extends ECParameterSpec { + + // friendly name for toString() output + private final String name; + + // well known OID + private final String oid; + + // encoded form (as NamedCurve identified via OID) + private final byte[] encoded; + + NamedCurve(String name, String oid, EllipticCurve curve, + ECPoint g, BigInteger n, int h) { + super(curve, g, n, h); + this.name = name; + this.oid = oid; + + DerOutputStream out = new DerOutputStream(); + + try { + out.putOID(new ObjectIdentifier(oid)); + } catch (IOException e) { + throw new RuntimeException("Internal error", e); + } + + encoded = out.toByteArray(); + } + + public String getName() { + return name; + } + + public byte[] getEncoded() { + return encoded.clone(); + } + + public String getObjectId() { + return oid; + } + + public String toString() { + return name + " (" + oid + ")"; + } +}
--- a/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c Fri Jul 25 15:38:10 2014 -0700 +++ b/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c Wed Jul 30 11:49:59 2014 -0700 @@ -388,6 +388,7 @@ if (argsLen > 0) { if (argsLen > MAX_ARGS) { JNU_ThrowInternalError(env, "Too many arguments"); + return; } for (i=0; i<argsLen; i++) { jobject obj = (*env)->GetObjectArrayElement(env, args, i); @@ -423,6 +424,8 @@ stubLen = (DWORD)(*env)->GetArrayLength(env, stub); stubCode = (*env)->GetByteArrayElements(env, stub, &isCopy); + if ((*env)->ExceptionOccurred(env)) return; + pCode = (PDWORD) VirtualAllocEx( hProcess, 0, stubLen, MEM_COMMIT, PAGE_EXECUTE_READWRITE ); if (pCode == NULL) { JNU_ThrowIOExceptionWithLastError(env, "VirtualAllocEx failed"); @@ -592,6 +595,8 @@ cstr[0] = '\0'; } else { str = JNU_GetStringPlatformChars(env, jstr, &isCopy); + if ((*env)->ExceptionOccurred(env)) return; + strncpy(cstr, str, len); cstr[len-1] = '\0'; if (isCopy) {
--- a/test/java/lang/Integer/ParsingTest.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/java/lang/Integer/ParsingTest.java Wed Jul 30 11:49:59 2014 -0700 @@ -23,29 +23,37 @@ /* * @test - * @bug 5017980 6576055 + * @bug 5017980 6576055 8041972 * @summary Test parsing methods * @author Joseph D. Darcy */ +import java.lang.IllegalArgumentException; +import java.lang.IndexOutOfBoundsException; +import java.lang.NullPointerException; +import java.lang.RuntimeException; /** - * There are six methods in java.lang.Integer which transform strings + * There are eight methods in java.lang.Integer which transform strings * into an int or Integer value: * * public Integer(String s) * public static Integer decode(String nm) + * public static int parseInt(CharSequence s, int radix, int beginIndex, int endIndex) + * public static int parseInt(CharSequence s, int radix, int beginIndex) * public static int parseInt(String s, int radix) * public static int parseInt(String s) * public static Integer valueOf(String s, int radix) * public static Integer valueOf(String s) * * Besides decode, all the methods and constructor call down into - * parseInt(String, int) to do the actual work. Therefore, the - * behavior of parseInt(String, int) will be tested here. + * parseInt(CharSequence, int, int, int) to do the actual work. Therefore, the + * behavior of parseInt(CharSequence, int, int, int) will be tested here. + * */ public class ParsingTest { + public static void main(String... argv) { check("+100", +100); check("-100", -100); @@ -55,10 +63,14 @@ check("+00000", 0); check("-00000", 0); + check("+00000", 0, 0, 6); + check("-00000", 0, 0, 6); + check("0", 0); check("1", 1); check("9", 9); + checkFailure(""); checkFailure("\u0000"); checkFailure("\u002f"); checkFailure("+"); @@ -72,12 +84,45 @@ checkFailure("+-6"); checkFailure("-+6"); checkFailure("*100"); + + check("test-00000", 0, 4, 10); + check("test-12345", -12345, 4, 10); + check("xx12345yy", 12345, 2, 7); + + checkNumberFormatException("", 10, 0); + checkNumberFormatException("100", 10, 3); + checkNumberFormatException("+1000000", 10, 8); + checkNumberFormatException("-1000000", 10, 8); + + checkNumberFormatException("", 10, 0, 0); + checkNumberFormatException("+-6", 10, 0, 3); + checkNumberFormatException("1000000", 10, 7); + checkNumberFormatException("1000000", 10, 7, 7); + checkNumberFormatException("1000000", Character.MAX_RADIX + 1, 0, 2); + checkNumberFormatException("1000000", Character.MIN_RADIX - 1, 0, 2); + + checkIndexOutOfBoundsException("1000000", 10, 8); + checkIndexOutOfBoundsException("1000000", 10, -1); + checkIndexOutOfBoundsException("1000000", 10, 10, 4); + checkIndexOutOfBoundsException("1000000", Character.MAX_RADIX + 1, -1, 2); + checkIndexOutOfBoundsException("1000000", Character.MIN_RADIX - 1, -1, 2); + checkIndexOutOfBoundsException("1000000", Character.MAX_RADIX + 1, 10, 2); + checkIndexOutOfBoundsException("1000000", Character.MIN_RADIX - 1, 10, 2); + checkIndexOutOfBoundsException("-1", 10, 0, 3); + checkIndexOutOfBoundsException("-1", 10, 2, 3); + checkIndexOutOfBoundsException("-1", 10, -1, 2); + + checkNull(10, 0, 1); + checkNull(10, -1, 0); + checkNull(10, 0, 0); + checkNull(10, 0, -1); + checkNull(-1, -1, -1); } private static void check(String val, int expected) { int n = Integer.parseInt(val); if (n != expected) - throw new RuntimeException("Integer.parsedInt failed. String:" + + throw new RuntimeException("Integer.parseInt failed. String:" + val + " Result:" + n); } @@ -91,4 +136,71 @@ ; // Expected } } + + private static void checkNumberFormatException(String val, int radix, int start) { + int n = 0; + try { + n = Integer.parseInt(val, radix, start); + System.err.println("parseInt(" + val + ", " + radix + ", " + start + + ") incorrectly returned " + n); + throw new RuntimeException(); + } catch (NumberFormatException nfe) { + ; // Expected + } + } + + private static void checkNumberFormatException(String val, int radix, int start, int end) { + int n = 0; + try { + n = Integer.parseInt(val, radix, start, end); + System.err.println("parseInt(" + val + ", " + radix + ", " + start + ", " + end + + ") incorrectly returned " + n); + throw new RuntimeException(); + } catch (NumberFormatException nfe) { + ; // Expected + } + } + + private static void checkIndexOutOfBoundsException(String val, int radix, int start) { + int n = 0; + try { + n = Integer.parseInt(val, radix, start); + System.err.println("parseInt(" + val + ", " + radix + ", " + start + + ") incorrectly returned " + n); + throw new RuntimeException(); + } catch (IndexOutOfBoundsException ioob) { + ; // Expected + } + } + + private static void checkIndexOutOfBoundsException(String val, int radix, int start, int end) { + int n = 0; + try { + n = Integer.parseInt(val, radix, start, end); + System.err.println("parseInt(" + val + ", " + radix + ", " + start + ", " + end + + ") incorrectly returned " + n); + throw new RuntimeException(); + } catch (IndexOutOfBoundsException ioob) { + ; // Expected + } + } + + private static void checkNull(int radix, int start, int end) { + int n = 0; + try { + n = Integer.parseInt(null, 10, start, end); + System.err.println("parseInt(null, " + radix + ", " + start + ", " + end + + ") incorrectly returned " + n); + throw new RuntimeException(); + } catch (NullPointerException npe) { + ; // Expected + } + } + + private static void check(String val, int expected, int start, int end) { + int n = Integer.parseInt(val, 10, start, end); + if (n != expected) + throw new RuntimeException("Integer.parsedInt failed. String:" + + val + ", start: " + start + ", end: " + end + " Result:" + n); + } }
--- a/test/java/lang/Long/ParsingTest.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/java/lang/Long/ParsingTest.java Wed Jul 30 11:49:59 2014 -0700 @@ -23,29 +23,31 @@ /* * @test - * @bug 5017980 6576055 + * @bug 5017980 6576055 8041972 * @summary Test parsing methods * @author Joseph D. Darcy */ - /** - * There are six methods in java.lang.Long which transform strings + * There are eight methods in java.lang.Long which transform strings * into a long or Long value: * * public Long(String s) * public static Long decode(String nm) + * public static long parseLong(CharSequence s, int radix, int beginIndex, int endIndex) + * public static long parseLong(CharSequence s, int radix, int beginIndex) * public static long parseLong(String s, int radix) * public static long parseLong(String s) * public static Long valueOf(String s, int radix) * public static Long valueOf(String s) * * Besides decode, all the methods and constructor call down into - * parseLong(String, int) to do the actual work. Therefore, the - * behavior of parseLong(String, int) will be tested here. + * parseLong(CharSequence, int, int, int) to do the actual work. Therefore, the + * behavior of parseLong(CharSequence, int, int, int) will be tested here. */ public class ParsingTest { + public static void main(String... argv) { check("+100", +100L); check("-100", -100L); @@ -59,6 +61,7 @@ check("1", 1L); check("9", 9L); + checkFailure(""); checkFailure("\u0000"); checkFailure("\u002f"); checkFailure("+"); @@ -72,12 +75,44 @@ checkFailure("+-6"); checkFailure("-+6"); checkFailure("*100"); + + check("test-00000", 0L, 4, 10); + check("test-12345", -12345L, 4, 10); + check("xx12345yy", 12345L, 2, 7); + check("xx123456789012345yy", 123456789012345L, 2, 17); + + checkNumberFormatException("100", 10, 3); + checkNumberFormatException("", 10, 0); + checkNumberFormatException("+1000000", 10, 8); + checkNumberFormatException("-1000000", 10, 8); + + checkNumberFormatException("", 10, 0, 0); + checkNumberFormatException("+-6", 10, 0, 3); + checkNumberFormatException("1000000", 10, 7, 7); + checkNumberFormatException("1000000", Character.MAX_RADIX + 1, 0, 2); + checkNumberFormatException("1000000", Character.MIN_RADIX - 1, 0, 2); + + checkIndexOutOfBoundsException("", 10, 1, 1); + checkIndexOutOfBoundsException("1000000", 10, 10, 4); + checkIndexOutOfBoundsException("1000000", Character.MAX_RADIX + 1, 10, 2); + checkIndexOutOfBoundsException("1000000", Character.MIN_RADIX - 1, 10, 2); + checkIndexOutOfBoundsException("1000000", Character.MAX_RADIX + 1, -1, 2); + checkIndexOutOfBoundsException("1000000", Character.MIN_RADIX - 1, -1, 2); + checkIndexOutOfBoundsException("-1", 10, 0, 3); + checkIndexOutOfBoundsException("-1", 10, 2, 3); + checkIndexOutOfBoundsException("-1", 10, -1, 2); + + checkNull(10, 0, 1); + checkNull(10, -1, 0); + checkNull(10, 0, 0); + checkNull(10, 0, -1); + checkNull(-1, -1, -1); } private static void check(String val, long expected) { long n = Long.parseLong(val); if (n != expected) - throw new RuntimeException("Long.parsedLong failed. String:" + + throw new RuntimeException("Long.parseLong failed. String:" + val + " Result:" + n); } @@ -91,4 +126,71 @@ ; // Expected } } + + private static void checkNumberFormatException(String val, int radix, int start) { + int n = 0; + try { + n = Integer.parseInt(val, radix, start); + System.err.println("parseInt(" + val + ", " + radix + ", " + start + + ") incorrectly returned " + n); + throw new RuntimeException(); + } catch (NumberFormatException nfe) { + ; // Expected + } + } + + private static void checkNumberFormatException(String val, int radix, int start, int end) { + long n = 0; + try { + n = Long.parseLong(val, radix, start, end); + System.err.println("parseInt(" + val + ", " + radix + ", " + start + ", " + end + + ") incorrectly returned " + n); + throw new RuntimeException(); + } catch (NumberFormatException nfe) { + ; // Expected + } + } + + private static void checkIndexOutOfBoundsException(String val, int radix, int start) { + int n = 0; + try { + n = Integer.parseInt(val, radix, start); + System.err.println("parseInt(" + val + ", " + radix + ", " + start + + ") incorrectly returned " + n); + throw new RuntimeException(); + } catch (IndexOutOfBoundsException ioob) { + ; // Expected + } + } + + private static void checkIndexOutOfBoundsException(String val, int radix, int start, int end) { + long n = 0; + try { + n = Long.parseLong(val, radix, start, end); + System.err.println("parseInt(" + val + ", " + radix + ", " + start + ", " + end + + ") incorrectly returned " + n); + throw new RuntimeException(); + } catch (IndexOutOfBoundsException ioob) { + ; // Expected + } + } + + private static void checkNull(int radix, int start, int end) { + long n = 0; + try { + n = Long.parseLong(null, 10, start, end); + System.err.println("parseInt(null, " + radix + ", " + start + ", " + end + + ") incorrectly returned " + n); + throw new RuntimeException(); + } catch (NullPointerException npe) { + ; // Expected + } + } + + private static void check(String val, long expected, int start, int end) { + long n = Long.parseLong(val, 10, start, end); + if (n != expected) + throw new RuntimeException("Long.parseLong failed. String:" + + val + ", start: " + start + ", end: " + end + " Result:" + n); + } }
--- a/test/java/lang/String/ToLowerCase.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/java/lang/String/ToLowerCase.java Wed Jul 30 11:49:59 2014 -0700 @@ -23,7 +23,7 @@ /* @test - @bug 4217441 4533872 4900935 8020037 8032012 8041791 + @bug 4217441 4533872 4900935 8020037 8032012 8041791 8042589 @summary toLowerCase should lower-case Greek Sigma correctly depending on the context (final/non-final). Also it should handle Locale specific (lt, tr, and az) lowercasings and supplementary @@ -106,6 +106,12 @@ // invalid code point tests: test("\uD800\uD800\uD801A\uDC00\uDC00\uDC00B", Locale.US, "\uD800\uD800\uD801a\uDC00\uDC00\uDC00b"); + // lower/uppercase + surrogates + test("a\uD801\uDC1c", Locale.ROOT, "a\uD801\uDC44"); + test("A\uD801\uDC1c", Locale.ROOT, "a\uD801\uDC44"); + test("a\uD801\uDC00\uD801\uDC01\uD801\uDC02", Locale.US, "a\uD801\uDC28\uD801\uDC29\uD801\uDC2A"); + test("A\uD801\uDC00\uD801\uDC01\uD801\uDC02", Locale.US, "a\uD801\uDC28\uD801\uDC29\uD801\uDC2A"); + // test bmp + supp1 StringBuilder src = new StringBuilder(0x20000); StringBuilder exp = new StringBuilder(0x20000);
--- a/test/java/lang/String/ToUpperCase.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/java/lang/String/ToUpperCase.java Wed Jul 30 11:49:59 2014 -0700 @@ -23,7 +23,7 @@ /* @test - @bug 4219630 4304573 4533872 4900935 + @bug 4219630 4304573 4533872 4900935 8042589 @summary toUpperCase should upper-case German sharp s correctly even if it's the only character in the string. should also uppercase all of the 1:M char mappings correctly. Also it should handle @@ -91,6 +91,12 @@ test("\uD801\uDC28a\uD801\uDC29b\uD801\uDC2Ac", Locale.US, "\uD801\uDC00A\uD801\uDC01B\uD801\uDC02C"); // invalid code point tests: test("\uD800\uD800\uD801a\uDC00\uDC00\uDC00b", Locale.US, "\uD800\uD800\uD801A\uDC00\uDC00\uDC00B"); + + // lower/uppercase + surrogates + test("a\uD801\uDC44", Locale.ROOT, "A\uD801\uDC1c"); + test("A\uD801\uDC44", Locale.ROOT, "A\uD801\uDC1c"); + test("a\uD801\uDC28\uD801\uDC29\uD801\uDC2A", Locale.US, "A\uD801\uDC00\uD801\uDC01\uD801\uDC02"); + test("A\uD801\uDC28a\uD801\uDC29b\uD801\uDC2Ac", Locale.US, "A\uD801\uDC00A\uD801\uDC01B\uD801\uDC02C"); } static void test(String in, Locale locale, String expected) {
--- a/test/java/net/MulticastSocket/TestInterfaces.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/java/net/MulticastSocket/TestInterfaces.java Wed Jul 30 11:49:59 2014 -0700 @@ -28,6 +28,8 @@ * same InetAddress set by MulticastSocket.setInterface */ import java.net.*; +import java.util.Arrays; +import java.util.Collections; import java.util.Enumeration; import java.io.IOException; @@ -47,6 +49,7 @@ /* * Test MulticastSocket.getInterface */ + System.out.println("Testing network interface " + ni); Enumeration addrs = ni.getInetAddresses(); while (addrs.hasMoreElements()) { InetAddress ia = (InetAddress)addrs.nextElement(); @@ -64,6 +67,8 @@ InetAddress curr = soc.getInterface(); if (!curr.equals(ia)) { + System.err.println("NetworkInterface under test " + ni); + displayInterfaceInformation(ni); System.err.println("MulticastSocket.getInterface returned: " + curr); System.err.println("Failed! Expected: " + ia); failures++; @@ -96,6 +101,10 @@ if (!curr.equals(ni)) { System.err.println("MulticastSocket.getNetworkInterface returned: " + curr); System.err.println("Failed! Expected: " + ni); + System.err.println("NetworkInterface details for curr variable "); + displayInterfaceInformation(curr); + System.err.println("NetworkInterface details for ni variable "); + displayInterfaceInformation(ni) ; failures++; } else { System.out.println("Passed."); @@ -110,4 +119,23 @@ } + static void displayInterfaceInformation(NetworkInterface netint) throws SocketException { + System.err.println("Display name: " + netint.getDisplayName()); + System.err.println("Name: " + netint.getName()); + Enumeration<InetAddress> inetAddresses = netint.getInetAddresses(); + + for (InetAddress inetAddress : Collections.list(inetAddresses)) + System.err.println("InetAddress: " + inetAddress); + + System.err.println("Up? " + netint.isUp()); + System.err.println("Loopback? " + netint.isLoopback()); + System.err.println("PointToPoint? " + netint.isPointToPoint()); + System.err.println("Supports multicast? " + netint.supportsMulticast()); + System.err.println("Virtual? " + netint.isVirtual()); + System.err.println("Hardware address: " + + Arrays.toString(netint.getHardwareAddress())); + System.err.println("MTU: " + netint.getMTU()); + System.err.println("Index: " + netint.getIndex()); + System.err.println(); + } }
--- a/test/java/util/UUID/UUIDTest.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/java/util/UUID/UUIDTest.java Wed Jul 30 11:49:59 2014 -0700 @@ -96,6 +96,23 @@ if (!u1.equals(u2)) throw new Exception("UUID -> string -> UUID failed"); } + + testFromStringError("-0"); + testFromStringError("x"); + testFromStringError("----"); + testFromStringError("-0-0-0-0"); + testFromStringError("0-0-0-0-"); + testFromStringError("0-0-0-0-0-"); + testFromStringError("0-0-0-0-x"); + } + + private static void testFromStringError(String str) { + try { + UUID test = UUID.fromString(str); + throw new RuntimeException("Should have thrown IAE"); + } catch (IllegalArgumentException iae) { + // pass + } } private static void versionTest() throws Exception {
--- a/test/javax/security/auth/kerberos/KerberosHashEqualsTest.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/javax/security/auth/kerberos/KerberosHashEqualsTest.java Wed Jul 30 11:49:59 2014 -0700 @@ -33,9 +33,7 @@ import java.net.InetAddress; import java.util.Date; -import javax.security.auth.kerberos.KerberosKey; -import javax.security.auth.kerberos.KerberosPrincipal; -import javax.security.auth.kerberos.KerberosTicket; +import javax.security.auth.kerberos.*; public class KerberosHashEqualsTest { public static void main(String[] args) throws Exception { @@ -66,28 +64,67 @@ k2.destroy(); checkNotSame(k1, k2); - - // destroyed keys doesn't equal to each other checkNotSame(k2, k1); checkSame(k2, k2); + k1.destroy(); + checkNotSame(k1, k2); + + // Destroyed key has string and hashCode + k1.toString(); k1.hashCode(); + // a little different + k1 = new KerberosKey(newKP("A"), "pass".getBytes(), 1, 1); k2 = new KerberosKey(newKP("B"), "pass".getBytes(), 1, 1); checkNotSame(k1, k2); + k2 = new KerberosKey(newKP("A"), "ssap".getBytes(), 1, 1); checkNotSame(k1, k2); + k2 = new KerberosKey(newKP("A"), "pass".getBytes(), 2, 1); checkNotSame(k1, k2); + k2 = new KerberosKey(newKP("A"), "pass".getBytes(), 1, 2); checkNotSame(k1, k2); + // Null k1 = new KerberosKey(null, "pass".getBytes(), 1, 2); checkNotSame(k1, k2); // null to non-null k2 = new KerberosKey(null, "pass".getBytes(), 1, 2); checkSame(k1, k2); // null to null + // Even key with null principal has a string and hashCode + k1.toString(); k1.hashCode(); + checkNotSame(k1, "Another Object"); + EncryptionKey e1, e2; + e1 = new EncryptionKey("pass".getBytes(), 1); + e2 = new EncryptionKey("pass".getBytes(), 1); + checkSame(e1, e1); // me to me + checkSame(e1, e2); // same + + e2.destroy(); + checkNotSame(e1, e2); + checkNotSame(e2, e1); + checkSame(e2, e2); + + e1.destroy(); + checkNotSame(e1, e2); + + // Destroyed key has string and hashCode + e1.toString(); e1.hashCode(); + + // a little different + e1 = new EncryptionKey("pass".getBytes(), 1); + e2 = new EncryptionKey("ssap".getBytes(), 1); + checkNotSame(e1, e2); + + e2 = new EncryptionKey("pass".getBytes(), 2); + checkNotSame(e1, e2); + + checkNotSame(e1, "Another Object"); + KerberosTicket t1, t2; t1 = new KerberosTicket("asn1".getBytes(), newKP("client"), newKP("server"), "pass".getBytes(), 1, new boolean[] {true, true}, new Date(0), new Date(0), new Date(0), new Date(0), null); t2 = new KerberosTicket("asn1".getBytes(), newKP("client"), newKP("server"), "pass".getBytes(), 1, new boolean[] {true, true}, new Date(0), new Date(0), new Date(0), new Date(0), null); @@ -120,6 +157,7 @@ t2.destroy(); checkNotSame(t1, t2); + t2.hashCode(); t2.toString(); // destroyed tickets doesn't equal to each other checkNotSame(t2, t1); @@ -130,6 +168,37 @@ checkNotSame(t1, t2); // renewtill is useful checkNotSame(t1, "Another Object"); + + KerberosCredMessage m1, m2; + m1 = new KerberosCredMessage(newKP("C"), newKP("S"), "message".getBytes()); + m2 = new KerberosCredMessage(newKP("C"), newKP("S"), "message".getBytes()); + checkSame(m1, m1); // me to me + checkSame(m1, m2); // same + + m2.destroy(); + checkNotSame(m1, m2); + checkNotSame(m2, m1); + checkSame(m2, m2); + + m1.destroy(); + checkNotSame(m1, m2); + + // Destroyed message has string and hashCode + m1.toString(); m1.hashCode(); + + // a little different + m1 = new KerberosCredMessage(newKP("C"), newKP("S"), "message".getBytes()); + m2 = new KerberosCredMessage(newKP("A"), newKP("S"), "message".getBytes()); + checkNotSame(m1, m2); + + m2 = new KerberosCredMessage(newKP("C"), newKP("B"), "message".getBytes()); + checkNotSame(m1, m2); + + m1 = new KerberosCredMessage(newKP("C"), newKP("S"), "hello".getBytes()); + checkNotSame(m1, m2); + + checkNotSame(m1, "Another Object"); + System.out.println("Good!"); }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/security/auth/kerberos/KerberosNullsAndDestroyTest.java Wed Jul 30 11:49:59 2014 -0700 @@ -0,0 +1,92 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043071 + * @summary Expose session key and KRB_CRED through extended GSS-API + */ + +import javax.security.auth.kerberos.*; +import java.util.function.Supplier; + +public class KerberosNullsAndDestroyTest { + + public static void main(String[] args) throws Exception { + + KerberosPrincipal c = new KerberosPrincipal("me@HERE"); + KerberosPrincipal s = new KerberosPrincipal("you@THERE"); + + // These object constructions should throw NullPointerException + checkNPE(() -> new KerberosKey(c, null, 17, 1)); + checkNPE(() -> new EncryptionKey(null, 17)); + checkNPE(() -> new KerberosCredMessage(null, s, new byte[1])); + checkNPE(() -> new KerberosCredMessage(c, null, new byte[1])); + checkNPE(() -> new KerberosCredMessage(c, s, null)); + + KerberosKey k1 = new KerberosKey(c, new byte[16], 17, 1); + EncryptionKey k2 = new EncryptionKey(new byte[16], 17); + KerberosCredMessage m = new KerberosCredMessage(c, s, new byte[1]); + + // These get calls should throw IllegalStateException + k1.destroy(); + checkISE(() -> k1.getAlgorithm()); + checkISE(() -> k1.getEncoded()); + checkISE(() -> k1.getFormat()); + checkISE(() -> k1.getKeyType()); + checkISE(() -> k1.getPrincipal()); + checkISE(() -> k1.getVersionNumber()); + + k2.destroy(); + checkISE(() -> k2.getAlgorithm()); + checkISE(() -> k2.getEncoded()); + checkISE(() -> k2.getFormat()); + checkISE(() -> k2.getKeyType()); + + m.destroy(); + checkISE(() -> m.getSender()); + checkISE(() -> m.getRecipient()); + checkISE(() -> m.getEncoded()); + } + + static void checkNPE(Supplier<?> f) throws Exception { + check(f, NullPointerException.class); + } + + static void checkISE(Supplier<?> f) throws Exception { + check(f, IllegalStateException.class); + } + + static void check(Supplier<?> f, Class<? extends Exception> type) throws Exception { + try { + f.get(); + } catch (Exception e) { + if (e.getClass() != type) { + throw e; + } else { + return; + } + } + throw new Exception("Should fail"); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/xml/bind/xjc/8029837/PreParseGrammarTest.java Wed Jul 30 11:49:59 2014 -0700 @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8029837 + * @summary Test simulates the partial call to xjc ant task that fails with + * NullPointer exception + * @run main/othervm PreParseGrammarTest + */ + +import com.sun.org.apache.xerces.internal.parsers.XMLGrammarPreparser; +import com.sun.org.apache.xerces.internal.xni.XNIException; +import com.sun.org.apache.xerces.internal.xni.grammars.Grammar; +import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription; +import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource; +import java.io.BufferedInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; + +public class PreParseGrammarTest { + + public static void main(String[] args) throws FileNotFoundException, XNIException, IOException { + File xsdf = new File(System.getProperty("test.src", ".") + "/test.xsd"); + InputStream is = new BufferedInputStream(new FileInputStream(xsdf)); + XMLInputSource xis = new XMLInputSource(null, null, null, is, null); + XMLGrammarPreparser gp = new XMLGrammarPreparser(); + gp.registerPreparser(XMLGrammarDescription.XML_SCHEMA, null); + //The NullPointerException is observed on next call during ant task + // execution + Grammar res = gp.preparseGrammar(XMLGrammarDescription.XML_SCHEMA, xis); + System.out.println("Grammar preparsed successfully:" + res); + return; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/xml/bind/xjc/8029837/test.xsd Wed Jul 30 11:49:59 2014 -0700 @@ -0,0 +1,4 @@ +<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"> + <xsd:element name="root"> + </xsd:element> +</xsd:schema>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/misc/JavaLangAccess/FormatUnsigned.java Wed Jul 30 11:49:59 2014 -0700 @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import sun.misc.JavaLangAccess; +import sun.misc.SharedSecrets; + +/* + * @test + * @summary Test JavaLangAccess.formatUnsignedInt/-Long + * @bug 8050114 + */ +public class FormatUnsigned { + + static final JavaLangAccess jla = SharedSecrets.getJavaLangAccess(); + + public static void testFormatUnsignedInt() { + testFormatUnsignedInt("7fffffff", Integer.MAX_VALUE, 8, 4, 0, 8); + testFormatUnsignedInt("80000000", Integer.MIN_VALUE, 8, 4, 0, 8); + testFormatUnsignedInt("4711", 04711, 4, 3, 0, 4); + testFormatUnsignedInt("4711", 0x4711, 4, 4, 0, 4); + testFormatUnsignedInt("1010", 0b1010, 4, 1, 0, 4); + testFormatUnsignedInt("00001010", 0b1010, 8, 1, 0, 8); + testFormatUnsignedInt("\u0000\u000000001010", 0b1010, 10, 1, 2, 8); + } + + public static void testFormatUnsignedLong() { + testFormatUnsignedLong("7fffffffffffffff", Long.MAX_VALUE, 16, 4, 0, 16); + testFormatUnsignedLong("8000000000000000", Long.MIN_VALUE, 16, 4, 0, 16); + testFormatUnsignedLong("4711", 04711L, 4, 3, 0, 4); + testFormatUnsignedLong("4711", 0x4711L, 4, 4, 0, 4); + testFormatUnsignedLong("1010", 0b1010L, 4, 1, 0, 4); + testFormatUnsignedLong("00001010", 0b1010L, 8, 1, 0, 8); + testFormatUnsignedLong("\u0000\u000000001010", 0b1010L, 10, 1, 2, 8); + } + + public static void testFormatUnsignedInt(String expected, int value, int arraySize, int shift, int offset, int length) { + char[] chars = new char[arraySize]; + jla.formatUnsignedInt(value, shift, chars, offset, length); + String s = new String(chars); + if (!expected.equals(s)) { + throw new Error(s + " should be equal to expected " + expected); + } + } + + public static void testFormatUnsignedLong(String expected, long value, int arraySize, int shift, int offset, int length) { + char[] chars = new char[arraySize]; + jla.formatUnsignedLong(value, shift, chars, offset, length); + String s = new String(chars); + if (!expected.equals(s)) { + throw new Error(s + " should be equal to expected " + expected); + } + } + + public static void main(String[] args) { + testFormatUnsignedInt(); + testFormatUnsignedLong(); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/jgss/spnego/NotPreferredMech.java Wed Jul 30 11:49:59 2014 -0700 @@ -0,0 +1,100 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8048194 + * @run main/othervm NotPreferredMech + * @summary GSSContext.acceptSecContext fails when a supported mech is not initiator preferred + */ + +import org.ietf.jgss.*; +import sun.security.jgss.*; +import sun.security.jgss.spnego.NegTokenInit; +import sun.security.jgss.spnego.NegTokenTarg; +import sun.security.util.BitArray; +import sun.security.util.DerOutputStream; +import sun.security.util.DerValue; +import sun.security.util.ObjectIdentifier; + +import java.io.ByteArrayOutputStream; +import java.lang.reflect.Constructor; +import java.lang.reflect.Method; + +public class NotPreferredMech { + + public static void main(String[] argv) throws Exception { + + // Generates a NegTokenInit mechTypes field, with an + // unsupported mech as the preferred. + DerOutputStream mech = new DerOutputStream(); + mech.write(new Oid("1.2.3.4").getDER()); + mech.write(GSSUtil.GSS_KRB5_MECH_OID.getDER()); + DerOutputStream mechTypeList = new DerOutputStream(); + mechTypeList.write(DerValue.tag_Sequence, mech); + + // Generates a NegTokenInit mechToken field for 1.2.3.4 mech + GSSHeader h1 = new GSSHeader(new ObjectIdentifier("1.2.3.4"), 1); + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + h1.encode(bout); + bout.write(new byte[1]); + + // Generates the NegTokenInit token + Constructor<NegTokenInit> ctor = NegTokenInit.class.getDeclaredConstructor( + byte[].class, BitArray.class, byte[].class, byte[].class); + ctor.setAccessible(true); + NegTokenInit initToken = ctor.newInstance( + mechTypeList.toByteArray(), + new BitArray(0), + bout.toByteArray(), + null); + Method m = Class.forName("sun.security.jgss.spnego.SpNegoToken") + .getDeclaredMethod("getEncoded"); + m.setAccessible(true); + byte[] spnegoToken = (byte[])m.invoke(initToken); + + // and wraps it into a GSSToken + GSSHeader h = new GSSHeader( + new ObjectIdentifier(GSSUtil.GSS_SPNEGO_MECH_OID.toString()), + spnegoToken.length); + bout = new ByteArrayOutputStream(); + h.encode(bout); + bout.write(spnegoToken); + byte[] token = bout.toByteArray(); + + // and feeds it to a GSS acceptor + GSSManager man = GSSManager.getInstance(); + GSSContext ctxt = man.createContext((GSSCredential) null); + token = ctxt.acceptSecContext(token, 0, token.length); + NegTokenTarg targ = new NegTokenTarg(token); + + // Make sure it's a GO-ON message + Method m2 = NegTokenTarg.class.getDeclaredMethod("getNegotiatedResult"); + m2.setAccessible(true); + int negResult = (int)m2.invoke(targ); + + if (negResult != 1 /* ACCEPT_INCOMPLETE */) { + throw new Exception("Not a continue"); + } + } +}
--- a/test/sun/security/krb5/auto/Context.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/sun/security/krb5/auto/Context.java Wed Jul 30 11:49:59 2014 -0700 @@ -26,9 +26,11 @@ import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; import java.util.Arrays; +import java.util.Base64; import java.util.HashMap; import java.util.Map; import javax.security.auth.Subject; +import javax.security.auth.kerberos.KerberosCredMessage; import javax.security.auth.kerberos.KerberosKey; import javax.security.auth.kerberos.KerberosTicket; import javax.security.auth.login.LoginContext; @@ -86,7 +88,6 @@ /** * Using the delegated credentials from a previous acceptor - * @param c */ public Context delegated() throws Exception { Context out = new Context(); @@ -177,7 +178,6 @@ /** * Logins with username/keytab as an existing Subject. The * same subject can be used multiple times to simulate multiple logins. - * @param s existing subject */ public static Context fromUserKtab( String user, String ktab, boolean storeKey) throws Exception { @@ -411,6 +411,12 @@ Key k = (Key)ex.inquireSecContext( InquireType.KRB5_GET_SESSION_KEY); if (k == null) { + throw new Exception("(Old) Session key cannot be null"); + } + System.out.println("(Old) Session key is: " + k); + Key k2 = (Key)ex.inquireSecContext( + InquireType.KRB5_GET_SESSION_KEY_EX); + if (k2 == null) { throw new Exception("Session key cannot be null"); } System.out.println("Session key is: " + k); @@ -431,6 +437,19 @@ InquireType.KRB5_GET_AUTHZ_DATA); System.out.println("AuthzData is: " + Arrays.toString(ad)); } + try { + KerberosCredMessage tok = (KerberosCredMessage)ex.inquireSecContext( + InquireType.KRB5_GET_KRB_CRED); + System.out.println("KRB_CRED is " + + (tok == null?"not ":"") + "available"); + if (tok != null) { + System.out.println("From " + tok.getSender() + " to " + + tok.getRecipient()); + System.out.println(Base64.getEncoder().encodeToString(tok.getEncoded())); + } + } catch (Exception e) { + System.out.println("KRB_CRED is not available: " + e); + } } } }
--- a/test/sun/security/krb5/auto/KerberosHashEqualsTest.java Fri Jul 25 15:38:10 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,174 +0,0 @@ -/* - * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 4641821 - * @run main/othervm KerberosHashEqualsTest - * @summary hashCode() and equals() for KerberosKey and KerberosTicket - */ - -import java.net.InetAddress; -import java.util.Date; -import javax.security.auth.kerberos.KerberosKey; -import javax.security.auth.kerberos.KerberosPrincipal; -import javax.security.auth.kerberos.KerberosTicket; - -public class KerberosHashEqualsTest { - public static void main(String[] args) throws Exception { - new OneKDC(null); - new KerberosHashEqualsTest().check(); - } - - void checkSame(Object o1, Object o2) { - if(!o1.equals(o2)) { - throw new RuntimeException("equals() fails"); - } - if(o1.hashCode() != o2.hashCode()) { - throw new RuntimeException("hashCode() not same"); - } - } - - void checkNotSame(Object o1, Object o2) { - if(o1.equals(o2)) { - throw new RuntimeException("equals() succeeds"); - } - } - - void check() throws Exception { - - // The key part: - // new KerberosKey(principal, bytes, keyType, version) - - KerberosKey k1, k2; - KerberosPrincipal CLIENT = new KerberosPrincipal("client"); - KerberosPrincipal SERVER = new KerberosPrincipal("server"); - byte[] PASS = "pass".getBytes(); - - k1 = new KerberosKey(CLIENT, PASS, 1, 1); - k2 = new KerberosKey(CLIENT, PASS, 1, 1); - checkSame(k1, k1); // me is me - checkSame(k1, k2); // same - - // A destroyed key doesn't equal to any key - k2.destroy(); - checkNotSame(k1, k2); - checkNotSame(k2, k1); - k1.destroy(); - checkNotSame(k1, k2); // even if they are both destroyed - checkNotSame(k2, k1); - checkSame(k2, k2); - - // a little difference means not equal - k1 = new KerberosKey(CLIENT, PASS, 1, 1); - k2 = new KerberosKey(SERVER, PASS, 1, 1); - checkNotSame(k1, k2); // Different principal name - - k2 = new KerberosKey(CLIENT, "ssap".getBytes(), 1, 1); - checkNotSame(k1, k2); // Different password - - k2 = new KerberosKey(CLIENT, PASS, 2, 1); - checkNotSame(k1, k2); // Different keytype - - k2 = new KerberosKey(CLIENT, PASS, 1, 2); - checkNotSame(k1, k2); // Different version - - k2 = new KerberosKey(null, PASS, 1, 2); - checkNotSame(k1, k2); // null is not non-null - - k1 = new KerberosKey(null, PASS, 1, 2); - checkSame(k1, k2); // null is null - - checkNotSame(k1, "Another Object"); - - // The ticket part: - // new KerberosTicket(asn1 bytes, client, server, session key, type, flags, - // auth, start, end, renewUntil times, address) - - KerberosTicket t1, t2; - - byte[] ASN1 = "asn1".getBytes(); - boolean[] FORWARDABLE = new boolean[] {true, true}; - boolean[] ALLTRUE = new boolean[] {true, true, true, true, true, true, true, true, true, true}; - Date D0 = new Date(0); - - t1 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null); - t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null); - checkSame(t1, t1); - checkSame(t1, t2); - - // destroyed tickets doesn't equal to each other - t1.destroy(); - checkNotSame(t1, t2); - checkNotSame(t2, t1); - - t2.destroy(); - checkNotSame(t1, t2); // even if they are both destroyed - checkNotSame(t2, t1); - - checkSame(t2, t2); // unless they are the same object - - // a little difference means not equal - t1 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null); - t2 = new KerberosTicket("asn11".getBytes(), CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null); - checkNotSame(t1, t2); // Different ASN1 encoding - - t2 = new KerberosTicket(ASN1, new KerberosPrincipal("client1"), SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null); - checkNotSame(t1, t2); // Different client - - t2 = new KerberosTicket(ASN1, CLIENT, new KerberosPrincipal("server1"), PASS, 1, FORWARDABLE, D0, D0, D0, D0, null); - checkNotSame(t1, t2); // Different server - - t2 = new KerberosTicket(ASN1, CLIENT, SERVER, "pass1".getBytes(), 1, FORWARDABLE, D0, D0, D0, D0, null); - checkNotSame(t1, t2); // Different session key - - t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 2, FORWARDABLE, D0, D0, D0, D0, null); - checkNotSame(t1, t2); // Different key type - - t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, new boolean[] {true, false}, D0, D0, D0, D0, null); - checkNotSame(t1, t2); // Different flags, not FORWARDABLE - - t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, new Date(1), D0, D0, D0, null); - checkNotSame(t1, t2); // Different authtime - - t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, new Date(1), D0, D0, null); - checkNotSame(t1, t2); // Different starttime - - t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, new Date(1), D0, null); - checkNotSame(t1, t2); // Different endtime - - t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, new InetAddress[2]); - checkNotSame(t1, t2); // Different client addresses - - t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, new Date(1), null); - t1 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, new Date(2), null); - checkSame(t1, t2); // renewtill is ignored when RENEWABLE ticket flag is not set. - - t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, ALLTRUE, D0, D0, D0, new Date(1), null); - t1 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, ALLTRUE, D0, D0, D0, new Date(2), null); - checkNotSame(t1, t2); // renewtill is used when RENEWABLE is set. - - checkNotSame(t1, "Another Object"); - System.out.println("Good!"); - } -}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/krb5/auto/NewInquireTypes.java Wed Jul 30 11:49:59 2014 -0700 @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043071 + * @summary Expose session key and KRB_CRED through extended GSS-API + * @compile -XDignore.symbol.file NewInquireTypes.java + * @run main/othervm NewInquireTypes + */ + +import com.sun.security.jgss.InquireType; +import sun.security.jgss.GSSUtil; +import sun.security.krb5.internal.KRBCred; +import sun.security.krb5.internal.crypto.KeyUsage; + +import javax.security.auth.kerberos.KerberosCredMessage; +import javax.security.auth.kerberos.EncryptionKey; + +public class NewInquireTypes { + + public static void main(String[] args) throws Exception { + + new OneKDC(null).writeJAASConf(); + + Context c, s; + c = Context.fromJAAS("client"); + s = Context.fromJAAS("server"); + + c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); + s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); + + Context.handshake(c, s); + + EncryptionKey key = (EncryptionKey) + c.x().inquireSecContext(InquireType.KRB5_GET_SESSION_KEY_EX); + KerberosCredMessage cred = (KerberosCredMessage) + c.x().inquireSecContext(InquireType.KRB5_GET_KRB_CRED); + + // Confirm the KRB_CRED message is encrypted with the session key. + new KRBCred(cred.getEncoded()).encPart.decrypt( + new sun.security.krb5.EncryptionKey(key.getKeyType(), key.getEncoded()), + KeyUsage.KU_ENC_KRB_CRED_PART); + } +}
--- a/test/sun/security/smartcardio/TestAll.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/sun/security/smartcardio/TestAll.java Wed Jul 30 11:49:59 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,7 +26,7 @@ // Because all the tests are marked @ignore as they require special hardware, // we cannot use jtreg to do this. -import java.lang.reflect.*; +import java.lang.reflect.Method; public class TestAll {
--- a/test/sun/security/smartcardio/TestChannel.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/sun/security/smartcardio/TestChannel.java Wed Jul 30 11:49:59 2014 -0700 @@ -31,10 +31,10 @@ // This test requires special hardware. -import java.io.*; -import java.util.*; - -import javax.smartcardio.*; +import javax.smartcardio.Card; +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardTerminal; +import javax.smartcardio.CommandAPDU; public class TestChannel extends Utils { @@ -95,7 +95,7 @@ } // disconnect - card.disconnect(false); + card.disconnect(true); System.out.println("OK."); }
--- a/test/sun/security/smartcardio/TestConnect.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/sun/security/smartcardio/TestConnect.java Wed Jul 30 11:49:59 2014 -0700 @@ -31,10 +31,11 @@ // This test requires special hardware. -import java.io.*; -import java.util.*; - -import javax.smartcardio.*; +import java.util.List; +import javax.smartcardio.TerminalFactory; +import javax.smartcardio.Card; +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardTerminal; public class TestConnect extends Utils { @@ -63,7 +64,7 @@ throw new Exception("Not T=0 protocol"); } transmit(card); - card.disconnect(false); + card.disconnect(true); try { transmit(card); @@ -96,7 +97,7 @@ throw new Exception("Not T=0 protocol"); } transmit(card); - card.disconnect(true); + card.disconnect(false); card = terminal.connect("*"); System.out.println("card: " + card); @@ -105,7 +106,6 @@ } transmit(card); card.disconnect(true); - card.disconnect(true); System.out.println("OK."); }
--- a/test/sun/security/smartcardio/TestConnectAgain.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/sun/security/smartcardio/TestConnectAgain.java Wed Jul 30 11:49:59 2014 -0700 @@ -31,10 +31,10 @@ // This test requires special hardware. -import java.io.*; -import java.util.*; - -import javax.smartcardio.*; +import javax.smartcardio.Card; +import javax.smartcardio.CardException; +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardTerminal; public class TestConnectAgain extends Utils { @@ -95,7 +95,7 @@ } // disconnect - card.disconnect(false); + card.disconnect(true); System.out.println("OK."); }
--- a/test/sun/security/smartcardio/TestControl.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/sun/security/smartcardio/TestControl.java Wed Jul 30 11:49:59 2014 -0700 @@ -31,10 +31,9 @@ // This test requires special hardware. -import java.io.*; -import java.util.*; - -import javax.smartcardio.*; +import javax.smartcardio.Card; +import javax.smartcardio.CardException; +import javax.smartcardio.CardTerminal; public class TestControl extends Utils { @@ -68,7 +67,7 @@ } // disconnect - card.disconnect(false); + card.disconnect(true); System.out.println("OK."); }
--- a/test/sun/security/smartcardio/TestDefault.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/sun/security/smartcardio/TestDefault.java Wed Jul 30 11:49:59 2014 -0700 @@ -31,10 +31,9 @@ // This test requires special hardware. -import java.io.*; -import java.util.*; - -import javax.smartcardio.*; +import java.util.List; +import javax.smartcardio.CardTerminal; +import javax.smartcardio.TerminalFactory; public class TestDefault {
--- a/test/sun/security/smartcardio/TestExclusive.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/sun/security/smartcardio/TestExclusive.java Wed Jul 30 11:49:59 2014 -0700 @@ -31,10 +31,11 @@ // This test requires special hardware. -import java.io.*; -import java.util.*; - -import javax.smartcardio.*; +import javax.smartcardio.Card; +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardException; +import javax.smartcardio.CardTerminal; +import javax.smartcardio.CommandAPDU; public class TestExclusive extends Utils { @@ -84,9 +85,9 @@ Thread.sleep(1000); // disconnect - card.disconnect(false); + card.disconnect(true); - if (otherOK == false) { + if (! otherOK) { throw new Exception("Secondary thread failed"); }
--- a/test/sun/security/smartcardio/TestMultiplePresent.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/sun/security/smartcardio/TestMultiplePresent.java Wed Jul 30 11:49:59 2014 -0700 @@ -31,10 +31,10 @@ // This test requires special hardware. -import java.io.*; -import java.util.*; - -import javax.smartcardio.*; +import java.util.List; +import javax.smartcardio.CardTerminal; +import javax.smartcardio.CardTerminals; +import javax.smartcardio.TerminalFactory; import static javax.smartcardio.CardTerminals.State.*; public class TestMultiplePresent {
--- a/test/sun/security/smartcardio/TestPresent.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/sun/security/smartcardio/TestPresent.java Wed Jul 30 11:49:59 2014 -0700 @@ -31,10 +31,9 @@ // This test requires special hardware. -import java.io.*; -import java.util.*; - -import javax.smartcardio.*; +import java.util.List; +import javax.smartcardio.CardTerminal; +import javax.smartcardio.TerminalFactory; public class TestPresent {
--- a/test/sun/security/smartcardio/TestTransmit.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/sun/security/smartcardio/TestTransmit.java Wed Jul 30 11:49:59 2014 -0700 @@ -31,10 +31,16 @@ // This test requires special hardware. -import java.io.*; -import java.util.*; - -import javax.smartcardio.*; +import java.io.BufferedReader; +import java.io.ByteArrayOutputStream; +import java.io.FileReader; +import java.io.IOException; +import java.io.StringReader; +import javax.smartcardio.Card; +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardTerminal; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; public class TestTransmit extends Utils { @@ -79,7 +85,7 @@ } // disconnect - card.disconnect(false); + card.disconnect(true); System.out.println("OK."); }
--- a/test/sun/security/smartcardio/Utils.java Fri Jul 25 15:38:10 2014 -0700 +++ b/test/sun/security/smartcardio/Utils.java Wed Jul 30 11:49:59 2014 -0700 @@ -24,10 +24,16 @@ // common utility functions for the PC/SC tests -import javax.smartcardio.*; - -import java.io.*; -import java.util.*; +import java.io.StringReader; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.util.Arrays; +import java.util.List; +import javax.smartcardio.CardTerminal; +import javax.smartcardio.CardChannel; +import javax.smartcardio.ResponseAPDU; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.TerminalFactory; public class Utils {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/default_options.sh Wed Jul 30 11:49:59 2014 -0700 @@ -0,0 +1,64 @@ +# +# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +# @test +# @bug 8049834 +# @summary Two security tools tests do not run with only JRE +# + +if [ "${TESTJAVA}" = "" ] ; then + JAVAC_CMD=`which javac` + TESTJAVA=`dirname $JAVAC_CMD`/.. +fi + +KS=ks +KEYTOOL="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS}" +JAR="$TESTJAVA/bin/jar ${TESTTOOLVMOPTS}" +JARSIGNER="$TESTJAVA/bin/jarsigner ${TESTTOOLVMOPTS}" + +rm $KS 2> /dev/null + +PASS=changeit +export PASS + +$KEYTOOL -genkeypair -dname CN=A -alias a \ + -storepass:env PASS -keypass:env PASS -keystore $KS \ + -keyalg rsa || exit 1 + +cat <<EOF > js.conf +jarsigner.all = -keystore \${user.dir}/$KS -storepass:env PASS -debug -strict +jarsigner.sign = -digestalg SHA1 +jarsigner.verify = -verbose:summary + +EOF + +$JAR cvf a.jar ks js.conf + +$JARSIGNER -conf js.conf a.jar a || exit 21 +$JARSIGNER -conf js.conf -verify a.jar > jarsigner.out || exit 22 +grep "and 1 more" jarsigner.out || exit 23 +$JAR xvf a.jar META-INF/MANIFEST.MF +grep "SHA1-Digest" META-INF/MANIFEST.MF || exit 24 + +echo Done +exit 0
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/weaksize.sh Wed Jul 30 11:49:59 2014 -0700 @@ -0,0 +1,60 @@ +# +# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +# @test +# @bug 8044755 +# @summary Add a test for algorithm constraints check in jarsigner +# + +if [ "${TESTJAVA}" = "" ] ; then + JAVAC_CMD=`which javac` + TESTJAVA=`dirname $JAVAC_CMD`/.. +fi + +# The sigalg used is MD2withRSA, which is obsolete. + +KT="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS} -keystore ks + -storepass changeit -keypass changeit + -keyalg rsa -sigalg MD2withRSA -debug" +JS="$TESTJAVA/bin/jarsigner ${TESTTOOLVMOPTS} -keystore ks + -storepass changeit -strict -debug" +JAR="$TESTJAVA/bin/jar ${TESTTOOLVMOPTS}" + +rm ks 2> /dev/null + +$KT -genkeypair -alias ca -dname CN=CA -ext bc +$KT -genkeypair -alias signer -dname CN=Signer + +$KT -certreq -alias signer | \ + $KT -gencert -alias ca -ext ku=dS -rfc | \ + $KT -importcert -alias signer + +$JAR cvf a.jar ks + +# We always trust a TrustedCertificateEntry +$JS a.jar ca || exit 1 + +# An end-entity cert must follow algorithm constraints +$JS a.jar signer && exit 2 + +exit 0
--- a/test/sun/security/tools/keytool/default_options.sh Fri Jul 25 15:38:10 2014 -0700 +++ b/test/sun/security/tools/keytool/default_options.sh Wed Jul 30 11:49:59 2014 -0700 @@ -33,16 +33,12 @@ KS=ks KEYTOOL="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS}" -JAR="$TESTJAVA/bin/jar ${TESTTOOLVMOPTS}" -JARSIGNER="$TESTJAVA/bin/jarsigner ${TESTTOOLVMOPTS}" rm $KS 2> /dev/null PASS=changeit export PASS -# keytool - cat <<EOF > kt.conf # A Pre-configured options file keytool.all = -storepass:env PASS -keypass:env PASS -keystore \${user.dir}/$KS -debug @@ -69,23 +65,6 @@ # Single-valued option on command line overrides again $KEYTOOL -conf kt.conf -delete -alias b -keystore $KS || exit 17 -# jarsigner - -cat <<EOF > js.conf -jarsigner.all = -keystore \${user.dir}/$KS -storepass:env PASS -debug -strict -jarsigner.sign = -digestalg SHA1 -jarsigner.verify = -verbose:summary - -EOF - -$JAR cvf a.jar ks js.conf kt.conf - -$JARSIGNER -conf js.conf a.jar a || exit 21 -$JARSIGNER -conf js.conf -verify a.jar > jarsigner.out || exit 22 -grep "and 2 more" jarsigner.out || exit 23 -$JAR xvf a.jar META-INF/MANIFEST.MF -grep "SHA1-Digest" META-INF/MANIFEST.MF || exit 24 - # Error cases # File does not exist
--- a/test/sun/security/tools/keytool/weaksize.sh Fri Jul 25 15:38:10 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,60 +0,0 @@ -# -# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - -# @test -# @bug 8044755 -# @summary Add a test for algorithm constraints check in jarsigner -# - -if [ "${TESTJAVA}" = "" ] ; then - JAVAC_CMD=`which javac` - TESTJAVA=`dirname $JAVAC_CMD`/.. -fi - -# The sigalg used is MD2withRSA, which is obsolete. - -KT="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS} -keystore ks - -storepass changeit -keypass changeit - -keyalg rsa -sigalg MD2withRSA -debug" -JS="$TESTJAVA/bin/jarsigner ${TESTTOOLVMOPTS} -keystore ks - -storepass changeit -strict -debug" -JAR="$TESTJAVA/bin/jar ${TESTTOOLVMOPTS}" - -rm ks 2> /dev/null - -$KT -genkeypair -alias ca -dname CN=CA -ext bc -$KT -genkeypair -alias signer -dname CN=Signer - -$KT -certreq -alias signer | \ - $KT -gencert -alias ca -ext ku=dS -rfc | \ - $KT -importcert -alias signer - -$JAR cvf a.jar ks - -# We always trust a TrustedCertificateEntry -$JS a.jar ca || exit 1 - -# An end-entity cert must follow algorithm constraints -$JS a.jar signer && exit 2 - -exit 0