Mercurial > hg > openjdk > jdk9 > jdk
changeset 11807:49118e68fbd4 jdk9-b62
Merge
| author | lana |
|---|---|
| date | Thu, 23 Apr 2015 16:10:19 -0700 |
| parents | c0ed608fc7d2 (current diff) 0f3007a3ce63 (diff) |
| children | c6c154e99ead f31efd159c33 |
| files | src/java.base/share/classes/sun/security/provider/certpath/ReverseBuilder.java src/java.base/share/classes/sun/security/provider/certpath/ReverseState.java src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilderParameters.java test/sun/security/provider/certpath/ReverseBuilder/BuildPath.java test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java test/sun/security/provider/certpath/ReverseBuilder/mgrM2leadMA test/sun/security/provider/certpath/ReverseBuilder/mgrM2mgrM test/sun/security/provider/certpath/ReverseBuilder/mgrM2prjM test/sun/security/provider/certpath/ReverseBuilder/mgrMcrl test/sun/security/provider/certpath/ReverseBuilder/prjM2divE test/sun/security/provider/certpath/ReverseBuilder/prjM2mgrM test/sun/security/provider/certpath/ReverseBuilder/prjMcrl |
| diffstat | 152 files changed, 1314 insertions(+), 2098 deletions(-) [+] |
line wrap: on
line diff
--- a/make/src/classes/build/tools/module/ext.modules Thu Apr 23 10:43:35 2015 -0700 +++ b/make/src/classes/build/tools/module/ext.modules Thu Apr 23 16:10:19 2015 -0700 @@ -12,4 +12,5 @@ jdk.localedata jdk.naming.dns jdk.scripting.nashorn +jdk.xml.dom jdk.zipfs
--- a/src/java.base/linux/classes/sun/nio/ch/EPollPort.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/linux/classes/sun/nio/ch/EPollPort.java Thu Apr 23 16:10:19 2015 -0700 @@ -105,7 +105,7 @@ // create the queue and offer the special event to ensure that the first // threads polls - this.queue = new ArrayBlockingQueue<Event>(MAX_EPOLL_EVENTS); + this.queue = new ArrayBlockingQueue<>(MAX_EPOLL_EVENTS); this.queue.offer(NEED_TO_POLL); }
--- a/src/java.base/linux/classes/sun/nio/fs/LinuxNativeDispatcher.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/linux/classes/sun/nio/fs/LinuxNativeDispatcher.java Thu Apr 23 16:10:19 2015 -0700 @@ -121,7 +121,7 @@ private static native void init(); static { - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { System.loadLibrary("nio"); return null;
--- a/src/java.base/linux/classes/sun/nio/fs/LinuxWatchService.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/linux/classes/sun/nio/fs/LinuxWatchService.java Thu Apr 23 16:10:19 2015 -0700 @@ -190,7 +190,7 @@ this.watcher = watcher; this.ifd = ifd; this.socketpair = sp; - this.wdToKey = new HashMap<Integer,LinuxWatchKey>(); + this.wdToKey = new HashMap<>(); this.address = unsafe.allocateMemory(BUFFER_SIZE); } @@ -457,7 +457,7 @@ private static native int poll(int fd1, int fd2) throws UnixException; static { - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { System.loadLibrary("nio"); return null;
--- a/src/java.base/linux/classes/sun/nio/fs/MagicFileTypeDetector.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/linux/classes/sun/nio/fs/MagicFileTypeDetector.java Thu Apr 23 16:10:19 2015 -0700 @@ -68,7 +68,7 @@ private static native byte[] probe0(long pathAddress); static { - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Void run() { System.loadLibrary("nio");
--- a/src/java.base/share/classes/com/sun/java/util/jar/pack/NativeUnpack.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/com/sun/java/util/jar/pack/NativeUnpack.java Thu Apr 23 16:10:19 2015 -0700 @@ -87,7 +87,7 @@ // If loading from stand alone build uncomment this. // System.loadLibrary("unpack"); java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<Void>() { + new java.security.PrivilegedAction<>() { public Void run() { System.loadLibrary("unpack"); return null;
--- a/src/java.base/share/classes/com/sun/java/util/jar/pack/Package.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/com/sun/java/util/jar/pack/Package.java Thu Apr 23 16:10:19 2015 -0700 @@ -1210,7 +1210,7 @@ // This keeps files of similar format near each other. // Put class files at the end, keeping their fixed order. // Be sure the JAR file's required manifest stays at the front. (4893051) - Collections.sort(files, new Comparator<File>() { + Collections.sort(files, new Comparator<>() { public int compare(File r0, File r1) { // Get the file name. String f0 = r0.nameString;
--- a/src/java.base/share/classes/com/sun/java/util/jar/pack/PackageReader.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/com/sun/java/util/jar/pack/PackageReader.java Thu Apr 23 16:10:19 2015 -0700 @@ -1151,7 +1151,7 @@ return -1; } - Comparator<Entry> entryOutputOrder = new Comparator<Entry>() { + Comparator<Entry> entryOutputOrder = new Comparator<>() { public int compare(Entry e0, Entry e1) { int k0 = getOutputIndex(e0); int k1 = getOutputIndex(e1);
--- a/src/java.base/share/classes/com/sun/java/util/jar/pack/PackageWriter.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/com/sun/java/util/jar/pack/PackageWriter.java Thu Apr 23 16:10:19 2015 -0700 @@ -829,7 +829,7 @@ maxFlags = new int[ATTR_CONTEXT_LIMIT]; allLayouts = new FixedList<>(ATTR_CONTEXT_LIMIT); for (int i = 0; i < ATTR_CONTEXT_LIMIT; i++) { - allLayouts.set(i, new HashMap<Attribute.Layout, int[]>()); + allLayouts.set(i, new HashMap<>()); } // Collect maxFlags and allLayouts. for (Class cls : pkg.classes) { @@ -892,7 +892,7 @@ // Sort by count, most frequent first. // Predefs. participate in this sort, though it does not matter. Arrays.sort(layoutsAndCounts, - new Comparator<Map.Entry<Attribute.Layout, int[]>>() { + new Comparator<>() { public int compare(Map.Entry<Attribute.Layout, int[]> e0, Map.Entry<Attribute.Layout, int[]> e1) { // Primary sort key is count, reversed. @@ -1010,7 +1010,7 @@ int numAttrDefs = defList.size(); Object[][] defs = new Object[numAttrDefs][]; defList.toArray(defs); - Arrays.sort(defs, new Comparator<Object[]>() { + Arrays.sort(defs, new Comparator<>() { public int compare(Object[] a0, Object[] a1) { // Primary sort key is attr def header. @SuppressWarnings("unchecked")
--- a/src/java.base/share/classes/java/io/ExpiringCache.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/io/ExpiringCache.java Thu Apr 23 16:10:19 2015 -0700 @@ -64,7 +64,7 @@ @SuppressWarnings("serial") ExpiringCache(long millisUntilExpiration) { this.millisUntilExpiration = millisUntilExpiration; - map = new LinkedHashMap<String,Entry>() { + map = new LinkedHashMap<>() { protected boolean removeEldestEntry(Map.Entry<String,Entry> eldest) { return size() > MAX_ENTRIES; }
--- a/src/java.base/share/classes/java/io/FilePermission.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/io/FilePermission.java Thu Apr 23 16:10:19 2015 -0700 @@ -201,7 +201,7 @@ } // store only the canonical cpath if possible - cpath = AccessController.doPrivileged(new PrivilegedAction<String>() { + cpath = AccessController.doPrivileged(new PrivilegedAction<>() { public String run() { try { String path = cpath;
--- a/src/java.base/share/classes/java/io/ObjectInputStream.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/io/ObjectInputStream.java Thu Apr 23 16:10:19 2015 -0700 @@ -1263,7 +1263,7 @@ */ private static boolean auditSubclass(final Class<?> subcl) { Boolean result = AccessController.doPrivileged( - new PrivilegedAction<Boolean>() { + new PrivilegedAction<>() { public Boolean run() { for (Class<?> cl = subcl; cl != ObjectInputStream.class; @@ -2255,7 +2255,7 @@ try { while (list != null) { AccessController.doPrivileged( - new PrivilegedExceptionAction<Void>() + new PrivilegedExceptionAction<>() { public Void run() throws InvalidObjectException { list.obj.validateObject();
--- a/src/java.base/share/classes/java/io/ObjectOutputStream.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/io/ObjectOutputStream.java Thu Apr 23 16:10:19 2015 -0700 @@ -1066,7 +1066,7 @@ */ private static boolean auditSubclass(final Class<?> subcl) { Boolean result = AccessController.doPrivileged( - new PrivilegedAction<Boolean>() { + new PrivilegedAction<>() { public Boolean run() { for (Class<?> cl = subcl; cl != ObjectOutputStream.class;
--- a/src/java.base/share/classes/java/io/ObjectStreamClass.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/io/ObjectStreamClass.java Thu Apr 23 16:10:19 2015 -0700 @@ -367,7 +367,7 @@ entry = th; } if (future.set(entry)) { - Caches.localDescs.put(key, new SoftReference<Object>(entry)); + Caches.localDescs.put(key, new SoftReference<>(entry)); } else { // nested lookup call already set future entry = future.get(); @@ -430,7 +430,7 @@ } if (interrupted) { AccessController.doPrivileged( - new PrivilegedAction<Void>() { + new PrivilegedAction<>() { public Void run() { Thread.currentThread().interrupt(); return null; @@ -465,7 +465,7 @@ localDesc = this; if (serializable) { - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { if (isEnum) { suid = Long.valueOf(0); @@ -1733,7 +1733,7 @@ for (int i = 0; i < fields.length; i++) { fieldSigs[i] = new MemberSignature(fields[i]); } - Arrays.sort(fieldSigs, new Comparator<MemberSignature>() { + Arrays.sort(fieldSigs, new Comparator<>() { public int compare(MemberSignature ms1, MemberSignature ms2) { return ms1.name.compareTo(ms2.name); } @@ -1764,7 +1764,7 @@ for (int i = 0; i < cons.length; i++) { consSigs[i] = new MemberSignature(cons[i]); } - Arrays.sort(consSigs, new Comparator<MemberSignature>() { + Arrays.sort(consSigs, new Comparator<>() { public int compare(MemberSignature ms1, MemberSignature ms2) { return ms1.signature.compareTo(ms2.signature); } @@ -1787,7 +1787,7 @@ for (int i = 0; i < methods.length; i++) { methSigs[i] = new MemberSignature(methods[i]); } - Arrays.sort(methSigs, new Comparator<MemberSignature>() { + Arrays.sort(methSigs, new Comparator<>() { public int compare(MemberSignature ms1, MemberSignature ms2) { int comp = ms1.name.compareTo(ms2.name); if (comp == 0) { @@ -2164,7 +2164,7 @@ entry = th; } future.set(entry); - Caches.reflectors.put(key, new SoftReference<Object>(entry)); + Caches.reflectors.put(key, new SoftReference<>(entry)); } if (entry instanceof FieldReflector) {
--- a/src/java.base/share/classes/java/lang/CharacterName.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/lang/CharacterName.java Thu Apr 23 16:10:19 2015 -0700 @@ -45,7 +45,7 @@ DataInputStream dis = null; try { dis = new DataInputStream(new InflaterInputStream( - AccessController.doPrivileged(new PrivilegedAction<InputStream>() + AccessController.doPrivileged(new PrivilegedAction<>() { public InputStream run() { return getClass().getResourceAsStream("uniName.dat");
--- a/src/java.base/share/classes/java/lang/Class.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/lang/Class.java Thu Apr 23 16:10:19 2015 -0700 @@ -437,7 +437,7 @@ // (the stack depth is wrong for the Constructor's // security check to work) java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<Void>() { + new java.security.PrivilegedAction<>() { public Void run() { c.setAccessible(true); return null; @@ -1068,7 +1068,7 @@ Reflection.getCallerClass(), true); // Client is ok to access declared methods but j.l.Class might not be. Method[] candidates = AccessController.doPrivileged( - new PrivilegedAction<Method[]>() { + new PrivilegedAction<>() { @Override public Method[] run() { return enclosingCandidate.getDeclaredMethods(); @@ -1228,7 +1228,7 @@ Reflection.getCallerClass(), true); // Client is ok to access declared methods but j.l.Class might not be. Constructor<?>[] candidates = AccessController.doPrivileged( - new PrivilegedAction<Constructor<?>[]>() { + new PrivilegedAction<>() { @Override public Constructor<?>[] run() { return enclosingCandidate.getDeclaredConstructors(); @@ -1542,7 +1542,7 @@ // has already been ok'd by the SecurityManager. return java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<Class<?>[]>() { + new java.security.PrivilegedAction<>() { public Class<?>[] run() { List<Class<?>> list = new ArrayList<>(); Class<?> currentClass = Class.this; @@ -3293,7 +3293,7 @@ private static boolean initted = false; private static void checkInitted() { if (initted) return; - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { // Tests to ensure the system properties table is fully // initialized. This is needed because reflection code is @@ -3349,7 +3349,7 @@ try { final Method values = getMethod("values"); java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<Void>() { + new java.security.PrivilegedAction<>() { public Void run() { values.setAccessible(true); return null;
--- a/src/java.base/share/classes/java/lang/ClassLoader.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/lang/ClassLoader.java Thu Apr 23 16:10:19 2015 -0700 @@ -496,7 +496,7 @@ final String name = cls.getName(); final int i = name.lastIndexOf('.'); if (i != -1) { - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { sm.checkPackageAccess(name.substring(0, i)); return null; @@ -1265,7 +1265,7 @@ { final Enumeration<Resource> e = getBootstrapClassPath().getResources(name); - return new Enumeration<URL> () { + return new Enumeration<> () { public URL nextElement() { return e.nextElement().getURL(); } @@ -1867,7 +1867,7 @@ boolean isBuiltin = (name != null); if (!isBuiltin) { name = AccessController.doPrivileged( - new PrivilegedAction<String>() { + new PrivilegedAction<>() { public String run() { try { return file.exists() ? file.getCanonicalPath() : null;
--- a/src/java.base/share/classes/java/lang/Package.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/lang/Package.java Thu Apr 23 16:10:19 2015 -0700 @@ -595,7 +595,7 @@ CachedManifest(final String fileName) { this.fileName = fileName; - this.url = AccessController.doPrivileged(new PrivilegedAction<URL>() { + this.url = AccessController.doPrivileged(new PrivilegedAction<>() { public URL run() { final File file = new File(fileName); if (file.isFile()) { @@ -626,7 +626,7 @@ if (m != null) { return m; } - m = AccessController.doPrivileged(new PrivilegedAction<Manifest>() { + m = AccessController.doPrivileged(new PrivilegedAction<>() { public Manifest run() { try (FileInputStream fis = new FileInputStream(fileName); JarInputStream jis = new JarInputStream(fis, false)) {
--- a/src/java.base/share/classes/java/lang/SecurityManager.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/lang/SecurityManager.java Thu Apr 23 16:10:19 2015 -0700 @@ -1455,7 +1455,7 @@ if (!packageAccessValid) { String tmpPropertyStr = AccessController.doPrivileged( - new PrivilegedAction<String>() { + new PrivilegedAction<>() { public String run() { return java.security.Security.getProperty( "package.access"); @@ -1524,7 +1524,7 @@ if (!packageDefinitionValid) { String tmpPropertyStr = AccessController.doPrivileged( - new PrivilegedAction<String>() { + new PrivilegedAction<>() { public String run() { return java.security.Security.getProperty( "package.definition");
--- a/src/java.base/share/classes/java/lang/StringBuffer.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/lang/StringBuffer.java Thu Apr 23 16:10:19 2015 -0700 @@ -206,6 +206,7 @@ } /** + * @throws IndexOutOfBoundsException {@inheritDoc} * @since 1.5 */ @Override @@ -214,6 +215,7 @@ } /** + * @throws IndexOutOfBoundsException {@inheritDoc} * @since 1.5 */ @Override @@ -222,6 +224,7 @@ } /** + * @throws IndexOutOfBoundsException {@inheritDoc} * @since 1.5 */ @Override @@ -230,6 +233,7 @@ } /** + * @throws IndexOutOfBoundsException {@inheritDoc} * @since 1.5 */ @Override
--- a/src/java.base/share/classes/java/lang/System.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/lang/System.java Thu Apr 23 16:10:19 2015 -0700 @@ -309,7 +309,7 @@ // calls the installed security manager's checkPermission method // which will loop infinitely if there is a non-system class // (in this case: the new security manager class) on the stack). - AccessController.doPrivileged(new PrivilegedAction<Object>() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Object run() { s.getClass().getProtectionDomain().implies (SecurityConstants.ALL_PERMISSION);
--- a/src/java.base/share/classes/java/lang/Thread.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/lang/Thread.java Thu Apr 23 16:10:19 2015 -0700 @@ -1661,7 +1661,7 @@ */ private static boolean auditSubclass(final Class<?> subcl) { Boolean result = AccessController.doPrivileged( - new PrivilegedAction<Boolean>() { + new PrivilegedAction<>() { public Boolean run() { for (Class<?> cl = subcl; cl != Thread.class;
--- a/src/java.base/share/classes/java/lang/invoke/InfoFromMemberName.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/lang/invoke/InfoFromMemberName.java Thu Apr 23 16:10:19 2015 -0700 @@ -87,7 +87,7 @@ // For more information see comments on {@link MethodHandleNatives#linkMethod}. throw new IllegalArgumentException("cannot reflect signature polymorphic method"); } - Member mem = AccessController.doPrivileged(new PrivilegedAction<Member>() { + Member mem = AccessController.doPrivileged(new PrivilegedAction<>() { public Member run() { try { return reflectUnchecked();
--- a/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java Thu Apr 23 16:10:19 2015 -0700 @@ -194,7 +194,7 @@ final Class<?> innerClass = spinInnerClass(); if (invokedType.parameterCount() == 0) { final Constructor<?>[] ctrs = AccessController.doPrivileged( - new PrivilegedAction<Constructor<?>[]>() { + new PrivilegedAction<>() { @Override public Constructor<?>[] run() { Constructor<?>[] ctrs = innerClass.getDeclaredConstructors(); @@ -311,7 +311,7 @@ // If requested, dump out to a file for debugging purposes if (dumper != null) { - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Void run() { dumper.dumpClass(lambdaClassName, classBytes);
--- a/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java Thu Apr 23 16:10:19 2015 -0700 @@ -167,7 +167,7 @@ static void maybeDump(final String className, final byte[] classFile) { if (DUMP_CLASS_FILES) { java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<Void>() { + new java.security.PrivilegedAction<>() { public Void run() { try { String dumpName = className;
--- a/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java Thu Apr 23 16:10:19 2015 -0700 @@ -51,7 +51,7 @@ private static final int MAX_ARITY; static { final Object[] values = { 255 }; - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Void run() { values[0] = Integer.getInteger(MethodHandleImpl.class.getName()+".MAX_ARITY", 255); @@ -1234,7 +1234,7 @@ private static final byte[] T_BYTES; static { final Object[] values = {null}; - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { try { Class<T> tClass = T.class;
--- a/src/java.base/share/classes/java/lang/invoke/MethodHandleProxies.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/lang/invoke/MethodHandleProxies.java Thu Apr 23 16:10:19 2015 -0700 @@ -199,7 +199,7 @@ // sun.invoke.WrapperInstance is a restricted interface not accessible // by any non-null class loader. final ClassLoader loader = proxyLoader; - proxy = AccessController.doPrivileged(new PrivilegedAction<Object>() { + proxy = AccessController.doPrivileged(new PrivilegedAction<>() { public Object run() { return Proxy.newProxyInstance( loader,
--- a/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java Thu Apr 23 16:10:19 2015 -0700 @@ -53,7 +53,7 @@ static { final Object[] values = new Object[9]; - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { values[0] = Boolean.getBoolean("java.lang.invoke.MethodHandle.DEBUG_NAMES"); values[1] = Boolean.getBoolean("java.lang.invoke.MethodHandle.DUMP_CLASS_FILES");
--- a/src/java.base/share/classes/java/lang/invoke/ProxyClassesDumper.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/lang/invoke/ProxyClassesDumper.java Thu Apr 23 16:10:19 2015 -0700 @@ -64,7 +64,7 @@ try { path = path.trim(); final Path dir = Paths.get(path.length() == 0 ? "." : path); - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Void run() { validateDumpDir(dir);
--- a/src/java.base/share/classes/java/lang/invoke/SerializedLambda.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/lang/invoke/SerializedLambda.java Thu Apr 23 16:10:19 2015 -0700 @@ -218,7 +218,7 @@ private Object readResolve() throws ReflectiveOperationException { try { - Method deserialize = AccessController.doPrivileged(new PrivilegedExceptionAction<Method>() { + Method deserialize = AccessController.doPrivileged(new PrivilegedExceptionAction<>() { @Override public Method run() throws Exception { Method m = capturingClass.getDeclaredMethod("$deserializeLambda$", SerializedLambda.class);
--- a/src/java.base/share/classes/java/lang/ref/Finalizer.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/lang/ref/Finalizer.java Thu Apr 23 16:10:19 2015 -0700 @@ -121,7 +121,7 @@ */ private static void forkSecondaryFinalizer(final Runnable proc) { AccessController.doPrivileged( - new PrivilegedAction<Void>() { + new PrivilegedAction<>() { public Void run() { ThreadGroup tg = Thread.currentThread().getThreadGroup(); for (ThreadGroup tgn = tg;
--- a/src/java.base/share/classes/java/lang/reflect/Proxy.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/lang/reflect/Proxy.java Thu Apr 23 16:10:19 2015 -0700 @@ -728,7 +728,7 @@ final Constructor<?> cons = cl.getConstructor(constructorParams); if (!Modifier.isPublic(cl.getModifiers())) { - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { cons.setAccessible(true); return null;
--- a/src/java.base/share/classes/java/net/AbstractPlainDatagramSocketImpl.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/net/AbstractPlainDatagramSocketImpl.java Thu Apr 23 16:10:19 2015 -0700 @@ -62,7 +62,7 @@ */ static { java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<Void>() { + new java.security.PrivilegedAction<>() { public Void run() { System.loadLibrary("net"); return null;
--- a/src/java.base/share/classes/java/net/AbstractPlainSocketImpl.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/net/AbstractPlainSocketImpl.java Thu Apr 23 16:10:19 2015 -0700 @@ -79,7 +79,7 @@ */ static { java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<Void>() { + new java.security.PrivilegedAction<>() { public Void run() { System.loadLibrary("net"); return null;
--- a/src/java.base/share/classes/java/net/CookieManager.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/net/CookieManager.java Thu Apr 23 16:10:19 2015 -0700 @@ -201,14 +201,13 @@ throw new IllegalArgumentException("Argument is null"); } - Map<String, List<String>> cookieMap = - new java.util.HashMap<String, List<String>>(); + Map<String, List<String>> cookieMap = new java.util.HashMap<>(); // if there's no default CookieStore, no way for us to get any cookie if (cookieJar == null) return Collections.unmodifiableMap(cookieMap); boolean secureLink = "https".equalsIgnoreCase(uri.getScheme()); - List<HttpCookie> cookies = new java.util.ArrayList<HttpCookie>(); + List<HttpCookie> cookies = new java.util.ArrayList<>(); String path = uri.getPath(); if (path == null || path.isEmpty()) { path = "/"; @@ -411,7 +410,7 @@ private List<String> sortByPath(List<HttpCookie> cookies) { Collections.sort(cookies, new CookiePathComparator()); - List<String> cookieHeader = new java.util.ArrayList<String>(); + List<String> cookieHeader = new java.util.ArrayList<>(); for (HttpCookie cookie : cookies) { // Netscape cookie spec and RFC 2965 have different format of Cookie // header; RFC 2965 requires a leading $Version="1" string while Netscape
--- a/src/java.base/share/classes/java/net/DatagramPacket.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/net/DatagramPacket.java Thu Apr 23 16:10:19 2015 -0700 @@ -47,7 +47,7 @@ */ static { java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<Void>() { + new java.security.PrivilegedAction<>() { public Void run() { System.loadLibrary("net"); return null;
--- a/src/java.base/share/classes/java/net/DatagramSocket.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/net/DatagramSocket.java Thu Apr 23 16:10:19 2015 -0700 @@ -308,7 +308,7 @@ // getDeclaredMethod, therefore we need permission to access the member try { AccessController.doPrivileged( - new PrivilegedExceptionAction<Void>() { + new PrivilegedExceptionAction<>() { public Void run() throws NoSuchMethodException { Class<?>[] cl = new Class<?>[1]; cl[0] = DatagramPacket.class;
--- a/src/java.base/share/classes/java/net/HttpConnectSocketImpl.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/net/HttpConnectSocketImpl.java Thu Apr 23 16:10:19 2015 -0700 @@ -64,7 +64,7 @@ serverSocketField = netClientClazz.getDeclaredField("serverSocket"); java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<Void>() { + new java.security.PrivilegedAction<>() { public Void run() { httpField.setAccessible(true); serverSocketField.setAccessible(true); @@ -146,7 +146,7 @@ { try { return java.security.AccessController.doPrivileged( - new java.security.PrivilegedExceptionAction<Socket>() { + new java.security.PrivilegedExceptionAction<>() { public Socket run() throws IOException { return doTunnel(urlString, timeout); }
--- a/src/java.base/share/classes/java/net/HttpCookie.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/net/HttpCookie.java Thu Apr 23 16:10:19 2015 -0700 @@ -1125,7 +1125,7 @@ * @return list of strings; never null */ private static List<String> splitMultiCookies(String header) { - List<String> cookies = new java.util.ArrayList<String>(); + List<String> cookies = new java.util.ArrayList<>(); int quoteCount = 0; int p, q;
--- a/src/java.base/share/classes/java/net/IDN.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/net/IDN.java Thu Apr 23 16:10:19 2015 -0700 @@ -228,7 +228,7 @@ try { final String IDN_PROFILE = "uidna.spp"; if (System.getSecurityManager() != null) { - stream = AccessController.doPrivileged(new PrivilegedAction<InputStream>() { + stream = AccessController.doPrivileged(new PrivilegedAction<>() { public InputStream run() { return StringPrep.class.getResourceAsStream(IDN_PROFILE); }
--- a/src/java.base/share/classes/java/net/InMemoryCookieStore.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/net/InMemoryCookieStore.java Thu Apr 23 16:10:19 2015 -0700 @@ -62,9 +62,9 @@ * The default ctor */ public InMemoryCookieStore() { - cookieJar = new ArrayList<HttpCookie>(); - domainIndex = new HashMap<String, List<HttpCookie>>(); - uriIndex = new HashMap<URI, List<HttpCookie>>(); + cookieJar = new ArrayList<>(); + domainIndex = new HashMap<>(); + uriIndex = new HashMap<>(); lock = new ReentrantLock(false); } @@ -115,7 +115,7 @@ throw new NullPointerException("uri is null"); } - List<HttpCookie> cookies = new ArrayList<HttpCookie>(); + List<HttpCookie> cookies = new ArrayList<>(); boolean secureLink = "https".equalsIgnoreCase(uri.getScheme()); lock.lock(); try { @@ -157,7 +157,7 @@ * of this cookie store. */ public List<URI> getURIs() { - List<URI> uris = new ArrayList<URI>(); + List<URI> uris = new ArrayList<>(); lock.lock(); try { @@ -281,7 +281,7 @@ String host, boolean secureLink) { // Use a separate list to handle cookies that need to be removed so // that there is no conflict with iterators. - ArrayList<HttpCookie> toRemove = new ArrayList<HttpCookie>(); + ArrayList<HttpCookie> toRemove = new ArrayList<>(); for (Map.Entry<String, List<HttpCookie>> entry : cookieIndex.entrySet()) { String domain = entry.getKey(); List<HttpCookie> lst = entry.getValue(); @@ -368,7 +368,7 @@ cookies.add(cookie); } else { - cookies = new ArrayList<HttpCookie>(); + cookies = new ArrayList<>(); cookies.add(cookie); indexStore.put(index, cookies); }
--- a/src/java.base/share/classes/java/net/InetAddress.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/net/InetAddress.java Thu Apr 23 16:10:19 2015 -0700 @@ -270,7 +270,7 @@ preferIPv6Address = java.security.AccessController.doPrivileged( new GetBooleanAction("java.net.preferIPv6Addresses")).booleanValue(); AccessController.doPrivileged( - new java.security.PrivilegedAction<Void>() { + new java.security.PrivilegedAction<>() { public Void run() { System.loadLibrary("net"); return null; @@ -852,7 +852,7 @@ final String providerName = provider; try { nameService = java.security.AccessController.doPrivileged( - new java.security.PrivilegedExceptionAction<NameService>() { + new java.security.PrivilegedExceptionAction<>() { public NameService run() { Iterator<NameServiceDescriptor> itr = ServiceLoader.load(NameServiceDescriptor.class) @@ -892,7 +892,7 @@ String provider = null;; String propPrefix = "sun.net.spi.nameservice.provider."; int n = 1; - nameServices = new ArrayList<NameService>(); + nameServices = new ArrayList<>(); provider = AccessController.doPrivileged( new GetPropertyAction(propPrefix + n)); while (provider != null) {
--- a/src/java.base/share/classes/java/net/NetworkInterface.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/net/NetworkInterface.java Thu Apr 23 16:10:19 2015 -0700 @@ -54,7 +54,7 @@ static { AccessController.doPrivileged( - new java.security.PrivilegedAction<Void>() { + new java.security.PrivilegedAction<>() { public Void run() { System.loadLibrary("net"); return null; @@ -167,7 +167,7 @@ * @since 1.6 */ public java.util.List<InterfaceAddress> getInterfaceAddresses() { - java.util.List<InterfaceAddress> lst = new java.util.ArrayList<InterfaceAddress>(1); + java.util.List<InterfaceAddress> lst = new java.util.ArrayList<>(1); SecurityManager sec = System.getSecurityManager(); for (int j=0; j<bindings.length; j++) { try { @@ -346,7 +346,7 @@ if (netifs == null) return null; - return new Enumeration<NetworkInterface>() { + return new Enumeration<>() { private int i = 0; public NetworkInterface nextElement() { if (netifs != null && i < netifs.length) {
--- a/src/java.base/share/classes/java/net/Socket.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/net/Socket.java Thu Apr 23 16:10:19 2015 -0700 @@ -470,7 +470,7 @@ // getDeclaredMethod, therefore we need permission to access the member oldImpl = AccessController.doPrivileged - (new PrivilegedAction<Boolean>() { + (new PrivilegedAction<>() { public Boolean run() { Class<?> clazz = impl.getClass(); while (true) { @@ -911,7 +911,7 @@ InputStream is = null; try { is = AccessController.doPrivileged( - new PrivilegedExceptionAction<InputStream>() { + new PrivilegedExceptionAction<>() { public InputStream run() throws IOException { return impl.getInputStream(); } @@ -951,7 +951,7 @@ OutputStream os = null; try { os = AccessController.doPrivileged( - new PrivilegedExceptionAction<OutputStream>() { + new PrivilegedExceptionAction<>() { public OutputStream run() throws IOException { return impl.getOutputStream(); }
--- a/src/java.base/share/classes/java/net/SocketPermission.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/net/SocketPermission.java Thu Apr 23 16:10:19 2015 -0700 @@ -1194,7 +1194,7 @@ */ private static int initEphemeralPorts(String suffix, int defval) { return AccessController.doPrivileged( - new PrivilegedAction<Integer>(){ + new PrivilegedAction<>(){ public Integer run() { int val = Integer.getInteger( "jdk.net.ephemeralPortRange."+suffix, -1 @@ -1328,7 +1328,7 @@ */ public SocketPermissionCollection() { - perms = new ArrayList<SocketPermission>(); + perms = new ArrayList<>(); } /** @@ -1466,7 +1466,7 @@ // Get the one we want @SuppressWarnings("unchecked") Vector<SocketPermission> permissions = (Vector<SocketPermission>)gfields.get("permissions", null); - perms = new ArrayList<SocketPermission>(permissions.size()); + perms = new ArrayList<>(permissions.size()); perms.addAll(permissions); } }
--- a/src/java.base/share/classes/java/net/SocksSocketImpl.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/net/SocksSocketImpl.java Thu Apr 23 16:10:19 2015 -0700 @@ -82,7 +82,7 @@ { try { AccessController.doPrivileged( - new java.security.PrivilegedExceptionAction<Void>() { + new java.security.PrivilegedExceptionAction<>() { public Void run() throws IOException { superConnectServer(host, port, timeout); cmdIn = getInputStream(); @@ -157,7 +157,7 @@ final InetAddress addr = InetAddress.getByName(server); PasswordAuthentication pw = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<PasswordAuthentication>() { + new java.security.PrivilegedAction<>() { public PasswordAuthentication run() { return Authenticator.requestPasswordAuthentication( server, addr, serverPort, "SOCKS5", "SOCKS authentication", null); @@ -351,7 +351,7 @@ // server is not null only when the socket was created with a // specified proxy in which case it does bypass the ProxySelector ProxySelector sel = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<ProxySelector>() { + new java.security.PrivilegedAction<>() { public ProxySelector run() { return ProxySelector.getDefault(); } @@ -595,7 +595,7 @@ InetAddress naddr = baddr; if (naddr.isAnyLocalAddress()) { naddr = AccessController.doPrivileged( - new PrivilegedAction<InetAddress>() { + new PrivilegedAction<>() { public InetAddress run() { return cmdsock.getLocalAddress(); @@ -671,7 +671,7 @@ // server is not null only when the socket was created with a // specified proxy in which case it does bypass the ProxySelector ProxySelector sel = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<ProxySelector>() { + new java.security.PrivilegedAction<>() { public ProxySelector run() { return ProxySelector.getDefault(); } @@ -724,7 +724,7 @@ // Connects to the SOCKS server try { AccessController.doPrivileged( - new PrivilegedExceptionAction<Void>() { + new PrivilegedExceptionAction<>() { public Void run() throws Exception { cmdsock = new Socket(new PlainSocketImpl()); cmdsock.connect(new InetSocketAddress(server, serverPort)); @@ -755,7 +755,7 @@ } else { try { AccessController.doPrivileged( - new PrivilegedExceptionAction<Void>() { + new PrivilegedExceptionAction<>() { public Void run() throws Exception { cmdsock = new Socket(new PlainSocketImpl()); cmdsock.connect(new InetSocketAddress(server, serverPort));
--- a/src/java.base/share/classes/java/net/URL.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/net/URL.java Thu Apr 23 16:10:19 2015 -0700 @@ -268,6 +268,23 @@ * createURLStreamHandler} method of each provider, if instantiated, is * invoked, with the protocol string, until a provider returns non-null, * or all providers have been exhausted. + * <li>If the previous step fails to find a protocol handler, the + * constructor reads the value of the system property: + * <blockquote>{@code + * java.protocol.handler.pkgs + * }</blockquote> + * If the value of that system property is not {@code null}, + * it is interpreted as a list of packages separated by a vertical + * slash character '{@code |}'. The constructor tries to load + * the class named: + * <blockquote>{@code + * <package>.<protocol>.Handler + * }</blockquote> + * where {@code <package>} is replaced by the name of the package + * and {@code <protocol>} is replaced by the name of the protocol. + * If this class does not exist, or if the class exists but it is not + * a subclass of {@code URLStreamHandler}, then the next package + * in the list is tried. * <li>If the previous step fails to find a protocol handler, then the * constructor tries to load a built-in protocol handler. * If this class does not exist, or if the class exists but it is not a @@ -1139,8 +1156,41 @@ } } + private static URLStreamHandler lookupViaProperty(String protocol) { + String packagePrefixList = java.security.AccessController.doPrivileged( + new PrivilegedAction<>() { + public String run() { + return System.getProperty(protocolPathProp, ""); + } + }); + String[] packagePrefixes = packagePrefixList.split("\\|"); + + URLStreamHandler handler = null; + for (int i=0; handler == null && i<packagePrefixes.length; i++) { + String packagePrefix = packagePrefixes[i].trim(); + try { + String clsName = packagePrefix + "." + protocol + ".Handler"; + Class<?> cls = null; + try { + cls = Class.forName(clsName); + } catch (ClassNotFoundException e) { + ClassLoader cl = ClassLoader.getSystemClassLoader(); + if (cl != null) { + cls = cl.loadClass(clsName); + } + } + if (cls != null) { + handler = (URLStreamHandler)cls.newInstance(); + } + } catch (Exception e) { + // any number of exceptions can get thrown here + } + } + return handler; + } + private static Iterator<URLStreamHandlerProvider> providers() { - return new Iterator<URLStreamHandlerProvider>() { + return new Iterator<>() { ClassLoader cl = ClassLoader.getSystemClassLoader(); ServiceLoader<URLStreamHandlerProvider> sl = @@ -1193,7 +1243,7 @@ gate.set(gate); try { return AccessController.doPrivileged( - new PrivilegedAction<URLStreamHandler>() { + new PrivilegedAction<>() { public URLStreamHandler run() { Iterator<URLStreamHandlerProvider> itr = providers(); while (itr.hasNext()) { @@ -1251,6 +1301,10 @@ if (handler == null && !protocol.equalsIgnoreCase("jar")) { handler = lookupViaProviders(protocol); } + + if (handler == null) { + handler = lookupViaProperty(protocol); + } } synchronized (streamHandlerLock) {
--- a/src/java.base/share/classes/java/net/URLClassLoader.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/net/URLClassLoader.java Thu Apr 23 16:10:19 2015 -0700 @@ -359,7 +359,7 @@ final Class<?> result; try { result = AccessController.doPrivileged( - new PrivilegedExceptionAction<Class<?>>() { + new PrivilegedExceptionAction<>() { public Class<?> run() throws ClassNotFoundException { String path = name.replace('.', '/').concat(".class"); Resource res = ucp.getResource(path, false); @@ -564,7 +564,7 @@ * The same restriction to finding classes applies to resources */ URL url = AccessController.doPrivileged( - new PrivilegedAction<URL>() { + new PrivilegedAction<>() { public URL run() { return ucp.findResource(name, true); } @@ -587,7 +587,7 @@ { final Enumeration<URL> e = ucp.findResources(name, true); - return new Enumeration<URL>() { + return new Enumeration<>() { private URL url = null; private boolean next() { @@ -596,7 +596,7 @@ } do { URL u = AccessController.doPrivileged( - new PrivilegedAction<URL>() { + new PrivilegedAction<>() { public URL run() { if (!e.hasMoreElements()) return null; @@ -704,7 +704,7 @@ final SecurityManager sm = System.getSecurityManager(); if (sm != null) { final Permission fp = p; - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() throws SecurityException { sm.checkPermission(fp); return null; @@ -735,7 +735,7 @@ final AccessControlContext acc = AccessController.getContext(); // Need a privileged block to create the class loader URLClassLoader ucl = AccessController.doPrivileged( - new PrivilegedAction<URLClassLoader>() { + new PrivilegedAction<>() { public URLClassLoader run() { return new FactoryURLClassLoader(urls, parent, acc); } @@ -760,7 +760,7 @@ final AccessControlContext acc = AccessController.getContext(); // Need a privileged block to create the class loader URLClassLoader ucl = AccessController.doPrivileged( - new PrivilegedAction<URLClassLoader>() { + new PrivilegedAction<>() { public URLClassLoader run() { return new FactoryURLClassLoader(urls, acc); }
--- a/src/java.base/share/classes/java/nio/channels/AsynchronousFileChannel.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/nio/channels/AsynchronousFileChannel.java Thu Apr 23 16:10:19 2015 -0700 @@ -296,7 +296,7 @@ public static AsynchronousFileChannel open(Path file, OpenOption... options) throws IOException { - Set<OpenOption> set = new HashSet<OpenOption>(options.length); + Set<OpenOption> set = new HashSet<>(options.length); Collections.addAll(set, options); return open(file, set, null, NO_ATTRIBUTES); }
--- a/src/java.base/share/classes/java/nio/channels/FileChannel.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/nio/channels/FileChannel.java Thu Apr 23 16:10:19 2015 -0700 @@ -330,7 +330,7 @@ public static FileChannel open(Path path, OpenOption... options) throws IOException { - Set<OpenOption> set = new HashSet<OpenOption>(options.length); + Set<OpenOption> set = new HashSet<>(options.length); Collections.addAll(set, options); return open(path, set, NO_ATTRIBUTES); }
--- a/src/java.base/share/classes/java/nio/channels/spi/AsynchronousChannelProvider.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/nio/channels/spi/AsynchronousChannelProvider.java Thu Apr 23 16:10:19 2015 -0700 @@ -76,7 +76,7 @@ private static AsynchronousChannelProvider load() { return AccessController - .doPrivileged(new PrivilegedAction<AsynchronousChannelProvider>() { + .doPrivileged(new PrivilegedAction<>() { public AsynchronousChannelProvider run() { AsynchronousChannelProvider p; p = loadProviderFromProperty();
--- a/src/java.base/share/classes/java/nio/channels/spi/SelectorProvider.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/nio/channels/spi/SelectorProvider.java Thu Apr 23 16:10:19 2015 -0700 @@ -172,7 +172,7 @@ if (provider != null) return provider; return AccessController.doPrivileged( - new PrivilegedAction<SelectorProvider>() { + new PrivilegedAction<>() { public SelectorProvider run() { if (loadProviderFromProperty()) return provider;
--- a/src/java.base/share/classes/java/nio/charset/Charset.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/nio/charset/Charset.java Thu Apr 23 16:10:19 2015 -0700 @@ -335,7 +335,7 @@ // thrown. Should be invoked with full privileges. // private static Iterator<CharsetProvider> providers() { - return new Iterator<CharsetProvider>() { + return new Iterator<>() { ClassLoader cl = ClassLoader.getSystemClassLoader(); ServiceLoader<CharsetProvider> sl = @@ -404,7 +404,7 @@ gate.set(gate); return AccessController.doPrivileged( - new PrivilegedAction<Charset>() { + new PrivilegedAction<>() { public Charset run() { for (Iterator<CharsetProvider> i = providers(); i.hasNext();) { @@ -428,7 +428,7 @@ // returns ExtendedProvider, if installed private static CharsetProvider extendedProvider() { return AccessController.doPrivileged( - new PrivilegedAction<CharsetProvider>() { + new PrivilegedAction<>() { public CharsetProvider run() { try { Class<?> epc @@ -570,10 +570,10 @@ */ public static SortedMap<String,Charset> availableCharsets() { return AccessController.doPrivileged( - new PrivilegedAction<SortedMap<String,Charset>>() { + new PrivilegedAction<>() { public SortedMap<String,Charset> run() { TreeMap<String,Charset> m = - new TreeMap<String,Charset>( + new TreeMap<>( ASCIICaseInsensitiveComparator.CASE_INSENSITIVE_ORDER); put(standardProvider.charsets(), m); CharsetProvider ecp = ExtendedProviderHolder.extendedProvider; @@ -663,7 +663,7 @@ if (aliasSet != null) return aliasSet; int n = aliases.length; - HashSet<String> hs = new HashSet<String>(n); + HashSet<String> hs = new HashSet<>(n); for (int i = 0; i < n; i++) hs.add(aliases[i]); aliasSet = Collections.unmodifiableSet(hs);
--- a/src/java.base/share/classes/java/nio/charset/CoderResult.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/nio/charset/CoderResult.java Thu Apr 23 16:10:19 2015 -0700 @@ -204,13 +204,13 @@ WeakReference<CoderResult> w; CoderResult e = null; if (cache == null) { - cache = new HashMap<Integer,WeakReference<CoderResult>>(); + cache = new HashMap<>(); } else if ((w = cache.get(k)) != null) { e = w.get(); } if (e == null) { e = create(len); - cache.put(k, new WeakReference<CoderResult>(e)); + cache.put(k, new WeakReference<>(e)); } return e; }
--- a/src/java.base/share/classes/java/nio/file/FileSystems.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/nio/file/FileSystems.java Thu Apr 23 16:10:19 2015 -0700 @@ -93,7 +93,7 @@ private static FileSystem defaultFileSystem() { // load default provider FileSystemProvider provider = AccessController - .doPrivileged(new PrivilegedAction<FileSystemProvider>() { + .doPrivileged(new PrivilegedAction<>() { public FileSystemProvider run() { return getDefaultProvider(); }
--- a/src/java.base/share/classes/java/nio/file/Files.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/nio/file/Files.java Thu Apr 23 16:10:19 2015 -0700 @@ -402,7 +402,7 @@ public static SeekableByteChannel newByteChannel(Path path, OpenOption... options) throws IOException { - Set<OpenOption> set = new HashSet<OpenOption>(options.length); + Set<OpenOption> set = new HashSet<>(options.length); Collections.addAll(set, options); return newByteChannel(path, set); } @@ -516,7 +516,7 @@ // create a matcher and return a filter that uses it. FileSystem fs = dir.getFileSystem(); final PathMatcher matcher = fs.getPathMatcher("glob:" + glob); - DirectoryStream.Filter<Path> filter = new DirectoryStream.Filter<Path>() { + DirectoryStream.Filter<Path> filter = new DirectoryStream.Filter<>() { @Override public boolean accept(Path entry) { return matcher.matches(entry.getFileName()); @@ -1541,7 +1541,7 @@ // creates the default file type detector private static FileTypeDetector createDefaultFileTypeDetector() { return AccessController - .doPrivileged(new PrivilegedAction<FileTypeDetector>() { + .doPrivileged(new PrivilegedAction<>() { @Override public FileTypeDetector run() { return sun.nio.fs.DefaultFileTypeDetector.create(); }}); @@ -1550,7 +1550,7 @@ // loads all installed file type detectors private static List<FileTypeDetector> loadInstalledDetectors() { return AccessController - .doPrivileged(new PrivilegedAction<List<FileTypeDetector>>() { + .doPrivileged(new PrivilegedAction<>() { @Override public List<FileTypeDetector> run() { List<FileTypeDetector> list = new ArrayList<>(); ServiceLoader<FileTypeDetector> loader = ServiceLoader @@ -3468,7 +3468,7 @@ final Iterator<Path> delegate = ds.iterator(); // Re-wrap DirectoryIteratorException to UncheckedIOException - Iterator<Path> iterator = new Iterator<Path>() { + Iterator<Path> iterator = new Iterator<>() { @Override public boolean hasNext() { try {
--- a/src/java.base/share/classes/java/nio/file/Path.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/nio/file/Path.java Thu Apr 23 16:10:19 2015 -0700 @@ -801,7 +801,7 @@ */ @Override default Iterator<Path> iterator() { - return new Iterator<Path>() { + return new Iterator<>() { private int i = 0; @Override
--- a/src/java.base/share/classes/java/nio/file/attribute/AclEntry.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/nio/file/attribute/AclEntry.java Thu Apr 23 16:10:19 2015 -0700 @@ -306,7 +306,7 @@ * @return the permissions component */ public Set<AclEntryPermission> permissions() { - return new HashSet<AclEntryPermission>(perms); + return new HashSet<>(perms); } /** @@ -317,7 +317,7 @@ * @return the flags component */ public Set<AclEntryFlag> flags() { - return new HashSet<AclEntryFlag>(flags); + return new HashSet<>(flags); } /**
--- a/src/java.base/share/classes/java/nio/file/attribute/PosixFilePermissions.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/nio/file/attribute/PosixFilePermissions.java Thu Apr 23 16:10:19 2015 -0700 @@ -160,13 +160,13 @@ { // copy set and check for nulls (CCE will be thrown if an element is not // a PosixFilePermission) - perms = new HashSet<PosixFilePermission>(perms); + perms = new HashSet<>(perms); for (PosixFilePermission p: perms) { if (p == null) throw new NullPointerException(); } final Set<PosixFilePermission> value = perms; - return new FileAttribute<Set<PosixFilePermission>>() { + return new FileAttribute<>() { @Override public String name() { return "posix:permissions";
--- a/src/java.base/share/classes/java/nio/file/spi/FileSystemProvider.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/nio/file/spi/FileSystemProvider.java Thu Apr 23 16:10:19 2015 -0700 @@ -110,7 +110,7 @@ // loads all installed providers private static List<FileSystemProvider> loadInstalledProviders() { - List<FileSystemProvider> list = new ArrayList<FileSystemProvider>(); + List<FileSystemProvider> list = new ArrayList<>(); ServiceLoader<FileSystemProvider> sl = ServiceLoader .load(FileSystemProvider.class, ClassLoader.getSystemClassLoader()); @@ -163,7 +163,7 @@ loadingProviders = true; List<FileSystemProvider> list = AccessController - .doPrivileged(new PrivilegedAction<List<FileSystemProvider>>() { + .doPrivileged(new PrivilegedAction<>() { @Override public List<FileSystemProvider> run() { return loadInstalledProviders(); @@ -419,7 +419,7 @@ throws IOException { int len = options.length; - Set<OpenOption> opts = new HashSet<OpenOption>(len + 3); + Set<OpenOption> opts = new HashSet<>(len + 3); if (len == 0) { opts.add(StandardOpenOption.CREATE); opts.add(StandardOpenOption.TRUNCATE_EXISTING);
--- a/src/java.base/share/classes/java/time/format/DateTimeParseContext.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/time/format/DateTimeParseContext.java Thu Apr 23 16:10:19 2015 -0700 @@ -399,7 +399,7 @@ */ void addChronoChangedListener(Consumer<Chronology> listener) { if (chronoListeners == null) { - chronoListeners = new ArrayList<Consumer<Chronology>>(); + chronoListeners = new ArrayList<>(); } chronoListeners.add(listener); }
--- a/src/java.base/share/classes/java/time/zone/ZoneRulesProvider.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/time/zone/ZoneRulesProvider.java Thu Apr 23 16:10:19 2015 -0700 @@ -141,7 +141,7 @@ // if the property java.time.zone.DefaultZoneRulesProvider is // set then its value is the class name of the default provider final List<ZoneRulesProvider> loaded = new ArrayList<>(); - AccessController.doPrivileged(new PrivilegedAction<Object>() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Object run() { String prop = System.getProperty("java.time.zone.DefaultZoneRulesProvider"); if (prop != null) {
--- a/src/java.base/share/classes/java/util/Calendar.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/util/Calendar.java Thu Apr 23 16:10:19 2015 -0700 @@ -3579,7 +3579,7 @@ ZoneInfo zi = null; try { zi = AccessController.doPrivileged( - new PrivilegedExceptionAction<ZoneInfo>() { + new PrivilegedExceptionAction<>() { @Override public ZoneInfo run() throws Exception { return (ZoneInfo) input.readObject();
--- a/src/java.base/share/classes/java/util/Currency.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/util/Currency.java Thu Apr 23 16:10:19 2015 -0700 @@ -212,7 +212,7 @@ private static final int VALID_FORMAT_VERSION = 2; static { - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Void run() { try {
--- a/src/java.base/share/classes/java/util/ResourceBundle.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/util/ResourceBundle.java Thu Apr 23 16:10:19 2015 -0700 @@ -2655,7 +2655,7 @@ InputStream stream = null; try { stream = AccessController.doPrivileged( - new PrivilegedExceptionAction<InputStream>() { + new PrivilegedExceptionAction<>() { public InputStream run() throws IOException { InputStream is = null; if (reloadFlag) {
--- a/src/java.base/share/classes/java/util/TimeZone.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/util/TimeZone.java Thu Apr 23 16:10:19 2015 -0700 @@ -678,7 +678,7 @@ assert tz != null; final String id = zoneID; - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Void run() { System.setProperty("user.timezone", id);
--- a/src/java.base/share/classes/java/util/jar/JarFile.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/util/jar/JarFile.java Thu Apr 23 16:10:19 2015 -0700 @@ -593,7 +593,7 @@ if (includeUnsigned) { return unsignedEntryNames(); } else { - return new Enumeration<String>() { + return new Enumeration<>() { public boolean hasMoreElements() { return false; @@ -619,7 +619,7 @@ // screen out entries which are never signed final Enumeration<? extends ZipEntry> enum_ = super.entries(); - return new Enumeration<JarEntry>() { + return new Enumeration<>() { ZipEntry entry; @@ -669,7 +669,7 @@ private Enumeration<String> unsignedEntryNames() { final Enumeration<JarEntry> entries = entries(); - return new Enumeration<String>() { + return new Enumeration<>() { String name;
--- a/src/java.base/share/classes/java/util/jar/JarVerifier.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/java/util/jar/JarVerifier.java Thu Apr 23 16:10:19 2015 -0700 @@ -684,7 +684,7 @@ final List<CodeSigner[]> signersReq = req; final Enumeration<String> enum2 = (matchUnsigned) ? unsignedEntryNames(jar) : emptyEnumeration; - return new Enumeration<String>() { + return new Enumeration<>() { String name; @@ -726,7 +726,7 @@ final Map<String, CodeSigner[]> map = new HashMap<>(); map.putAll(signerMap()); final Enumeration<? extends ZipEntry> enum_ = e; - return new Enumeration<JarEntry>() { + return new Enumeration<>() { Enumeration<String> signers = null; JarEntry entry; @@ -786,7 +786,7 @@ private Enumeration<String> unsignedEntryNames(JarFile jar) { final Map<String, CodeSigner[]> map = signerMap(); final Enumeration<JarEntry> entries = jar.entries(); - return new Enumeration<String>() { + return new Enumeration<>() { String name;
--- a/src/java.base/share/classes/sun/misc/Cleaner.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/misc/Cleaner.java Thu Apr 23 16:10:19 2015 -0700 @@ -142,7 +142,7 @@ try { thunk.run(); } catch (final Throwable x) { - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { if (System.err != null) new Error("Cleaner terminated abnormally", x)
--- a/src/java.base/share/classes/sun/misc/URLClassPath.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/misc/URLClassPath.java Thu Apr 23 16:10:19 2015 -0700 @@ -97,16 +97,16 @@ } /* The original search path of URLs. */ - private ArrayList<URL> path = new ArrayList<URL>(); + private ArrayList<URL> path = new ArrayList<>(); /* The stack of unopened URLs */ - Stack<URL> urls = new Stack<URL>(); + Stack<URL> urls = new Stack<>(); /* The resulting search path of Loaders */ - ArrayList<Loader> loaders = new ArrayList<Loader>(); + ArrayList<Loader> loaders = new ArrayList<>(); /* Map of each URL opened to its corresponding Loader */ - HashMap<String, Loader> lmap = new HashMap<String, Loader>(); + HashMap<String, Loader> lmap = new HashMap<>(); /* The jar protocol handler to use when creating new URLs */ private URLStreamHandler jarHandler; @@ -142,7 +142,7 @@ if (closed) { return Collections.emptyList(); } - List<IOException> result = new LinkedList<IOException>(); + List<IOException> result = new LinkedList<>(); for (Loader loader : loaders) { try { loader.close(); @@ -234,7 +234,7 @@ */ public Enumeration<URL> findResources(final String name, final boolean check) { - return new Enumeration<URL>() { + return new Enumeration<>() { private int index = 0; private URL url = null; @@ -281,7 +281,7 @@ */ public Enumeration<Resource> getResources(final String name, final boolean check) { - return new Enumeration<Resource>() { + return new Enumeration<>() { private int index = 0; private Resource res = null; @@ -374,7 +374,7 @@ private Loader getLoader(final URL url) throws IOException { try { return java.security.AccessController.doPrivileged( - new java.security.PrivilegedExceptionAction<Loader>() { + new java.security.PrivilegedExceptionAction<>() { public Loader run() throws IOException { String file = url.getFile(); if (file != null && file.endsWith("/")) { @@ -689,7 +689,7 @@ if (jar == null) { try { java.security.AccessController.doPrivileged( - new java.security.PrivilegedExceptionAction<Void>() { + new java.security.PrivilegedExceptionAction<>() { public Void run() throws IOException { if (DEBUG) { System.err.println("Opening " + csu); @@ -870,7 +870,7 @@ if (index == null) return null; - HashSet<String> visited = new HashSet<String>(); + HashSet<String> visited = new HashSet<>(); return getResource(name, check, visited); } @@ -912,7 +912,7 @@ * before */ newLoader = AccessController.doPrivileged( - new PrivilegedExceptionAction<JarLoader>() { + new PrivilegedExceptionAction<>() { public JarLoader run() throws IOException { return new JarLoader(url, handler, lmap);
--- a/src/java.base/share/classes/sun/net/NetworkClient.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/net/NetworkClient.java Thu Apr 23 16:10:19 2015 -0700 @@ -69,7 +69,7 @@ final String encs[] = { null }; AccessController.doPrivileged( - new PrivilegedAction<Void>() { + new PrivilegedAction<>() { public Void run() { vals[0] = Integer.getInteger("sun.net.client.defaultReadTimeout", 0).intValue(); vals[1] = Integer.getInteger("sun.net.client.defaultConnectTimeout", 0).intValue(); @@ -154,7 +154,7 @@ if (proxy != null) { if (proxy.type() == Proxy.Type.SOCKS) { s = AccessController.doPrivileged( - new PrivilegedAction<Socket>() { + new PrivilegedAction<>() { public Socket run() { return new Socket(proxy); }}); @@ -201,7 +201,7 @@ if (serverSocket == null) throw new IOException("not connected"); return AccessController.doPrivileged( - new PrivilegedAction<InetAddress>() { + new PrivilegedAction<>() { public InetAddress run() { return serverSocket.getLocalAddress();
--- a/src/java.base/share/classes/sun/net/ProgressMonitor.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/net/ProgressMonitor.java Thu Apr 23 16:10:19 2015 -0700 @@ -64,7 +64,7 @@ * Return a snapshot of the ProgressSource list */ public ArrayList<ProgressSource> getProgressSources() { - ArrayList<ProgressSource> snapshot = new ArrayList<ProgressSource>(); + ArrayList<ProgressSource> snapshot = new ArrayList<>(); try { synchronized(progressSourceList) { @@ -114,7 +114,7 @@ if (progressListenerList.size() > 0) { // Notify progress listener if there is progress change - ArrayList<ProgressListener> listeners = new ArrayList<ProgressListener>(); + ArrayList<ProgressListener> listeners = new ArrayList<>(); // Copy progress listeners to another list to avoid holding locks synchronized(progressListenerList) { @@ -151,7 +151,7 @@ if (progressListenerList.size() > 0) { // Notify progress listener if there is progress change - ArrayList<ProgressListener> listeners = new ArrayList<ProgressListener>(); + ArrayList<ProgressListener> listeners = new ArrayList<>(); // Copy progress listeners to another list to avoid holding locks synchronized(progressListenerList) { @@ -183,7 +183,7 @@ if (progressListenerList.size() > 0) { // Notify progress listener if there is progress change - ArrayList<ProgressListener> listeners = new ArrayList<ProgressListener>(); + ArrayList<ProgressListener> listeners = new ArrayList<>(); // Copy progress listeners to another list to avoid holding locks synchronized(progressListenerList) {
--- a/src/java.base/share/classes/sun/net/www/MessageHeader.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/net/www/MessageHeader.java Thu Apr 23 16:10:19 2015 -0700 @@ -244,7 +244,7 @@ public synchronized Map<String, List<String>> filterAndAddHeaders( String[] excludeList, Map<String, List<String>> include) { boolean skipIt = false; - Map<String, List<String>> m = new HashMap<String, List<String>>(); + Map<String, List<String>> m = new HashMap<>(); for (int i = nkeys; --i >= 0;) { if (excludeList != null) { // check if the key is in the excludeList. @@ -260,7 +260,7 @@ if (!skipIt) { List<String> l = m.get(keys[i]); if (l == null) { - l = new ArrayList<String>(); + l = new ArrayList<>(); m.put(keys[i], l); } l.add(values[i]); @@ -274,7 +274,7 @@ for (Map.Entry<String,List<String>> entry: include.entrySet()) { List<String> l = m.get(entry.getKey()); if (l == null) { - l = new ArrayList<String>(); + l = new ArrayList<>(); m.put(entry.getKey(), l); } l.addAll(entry.getValue());
--- a/src/java.base/share/classes/sun/net/www/http/HttpCapture.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/net/www/http/HttpCapture.java Thu Apr 23 16:10:19 2015 -0700 @@ -64,7 +64,7 @@ private static synchronized void init() { initialized = true; String rulesFile = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<String>() { + new java.security.PrivilegedAction<>() { public String run() { return NetProperties.get("sun.net.http.captureRules"); } @@ -85,8 +85,8 @@ String[] s = line.split(","); if (s.length == 2) { if (patterns == null) { - patterns = new ArrayList<Pattern>(); - capFiles = new ArrayList<String>(); + patterns = new ArrayList<>(); + capFiles = new ArrayList<>(); } patterns.add(Pattern.compile(s[0].trim())); capFiles.add(s[1].trim());
--- a/src/java.base/share/classes/sun/net/www/http/HttpClient.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/net/www/http/HttpClient.java Thu Apr 23 16:10:19 2015 -0700 @@ -479,7 +479,7 @@ { try { java.security.AccessController.doPrivileged( - new java.security.PrivilegedExceptionAction<Void>() { + new java.security.PrivilegedExceptionAction<>() { public Void run() throws IOException { openServer(server.getHostString(), server.getPort()); return null;
--- a/src/java.base/share/classes/sun/net/www/http/KeepAliveCache.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/net/www/http/KeepAliveCache.java Thu Apr 23 16:10:19 2015 -0700 @@ -94,7 +94,7 @@ */ final KeepAliveCache cache = this; java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<Void>() { + new java.security.PrivilegedAction<>() { public Void run() { keepAliveTimer = new InnocuousThread(cache, "Keep-Alive-Timer"); keepAliveTimer.setDaemon(true); @@ -178,7 +178,7 @@ long currentTime = System.currentTimeMillis(); ArrayList<KeepAliveKey> keysToRemove - = new ArrayList<KeepAliveKey>(); + = new ArrayList<>(); for (KeepAliveKey key : keySet()) { ClientVector v = get(key);
--- a/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java Thu Apr 23 16:10:19 2015 -0700 @@ -122,7 +122,7 @@ this.dontUseNegotiate = dontUseNegotiate; rsp = response; this.hdrname = hdrname; - schemes = new HashMap<String,SchemeMapValue>(); + schemes = new HashMap<>(); parse(); }
--- a/src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java Thu Apr 23 16:10:19 2015 -0700 @@ -62,7 +62,7 @@ static { Boolean b = AccessController.doPrivileged( - new PrivilegedAction<Boolean>() { + new PrivilegedAction<>() { public Boolean run() { return NetProperties.getBoolean(compatPropName); }
--- a/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Thu Apr 23 16:10:19 2015 -0700 @@ -244,7 +244,7 @@ new sun.security.action.GetBooleanAction( "sun.net.http.allowRestrictedHeaders")).booleanValue(); if (!allowRestrictedHeaders) { - restrictedHeaderSet = new HashSet<String>(restrictedHeaders.length); + restrictedHeaderSet = new HashSet<>(restrictedHeaders.length); for (int i=0; i < restrictedHeaders.length; i++) { restrictedHeaderSet.add(restrictedHeaders[i].toLowerCase()); } @@ -413,7 +413,7 @@ final URL url, final RequestorType authType) { return java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<PasswordAuthentication>() { + new java.security.PrivilegedAction<>() { public PasswordAuthentication run() { if (logger.isLoggable(PlatformLogger.Level.FINEST)) { logger.finest("Requesting Authentication: host =" + host + " url = " + url); @@ -817,14 +817,14 @@ } catch (SecurityException se) { /* swallow exception */ } } else { cookieHandler = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<CookieHandler>() { + new java.security.PrivilegedAction<>() { public CookieHandler run() { return CookieHandler.getDefault(); } }); } cacheHandler = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<ResponseCache>() { + new java.security.PrivilegedAction<>() { public ResponseCache run() { return ResponseCache.getDefault(); } @@ -909,7 +909,7 @@ final boolean result[] = {false}; java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<Void>() { + new java.security.PrivilegedAction<>() { public Void run() { try { InetAddress a1 = InetAddress.getByName(h1); @@ -954,7 +954,7 @@ try { // lookup hostname and use IP address if available host = AccessController.doPrivileged( - new PrivilegedExceptionAction<String>() { + new PrivilegedExceptionAction<>() { public String run() throws IOException { InetAddress addr = InetAddress.getByName(hostarg); return addr.getHostAddress(); @@ -984,7 +984,7 @@ if (p != null) { try { AccessController.doPrivileged( - new PrivilegedExceptionAction<Void>() { + new PrivilegedExceptionAction<>() { public Void run() throws IOException { plainConnect0(); return null; @@ -1086,7 +1086,7 @@ */ ProxySelector sel = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<ProxySelector>() { + new java.security.PrivilegedAction<>() { public ProxySelector run() { return ProxySelector.getDefault(); } @@ -1245,7 +1245,7 @@ if (p != null) { try { return AccessController.doPrivileged( - new PrivilegedExceptionAction<OutputStream>() { + new PrivilegedExceptionAction<>() { public OutputStream run() throws IOException { return getOutputStream0(); } @@ -1423,7 +1423,7 @@ if (p != null) { try { return AccessController.doPrivileged( - new PrivilegedExceptionAction<InputStream>() { + new PrivilegedExceptionAction<>() { public InputStream run() throws IOException { return getInputStream0(); } @@ -1877,7 +1877,7 @@ final Object[] args = { rememberedException.getMessage() }; IOException chainedException = java.security.AccessController.doPrivileged( - new java.security.PrivilegedExceptionAction<IOException>() { + new java.security.PrivilegedExceptionAction<>() { public IOException run() throws Exception { return (IOException) rememberedException.getClass() @@ -2204,7 +2204,7 @@ try { final String finalHost = host; addr = java.security.AccessController.doPrivileged( - new java.security.PrivilegedExceptionAction<InetAddress>() { + new java.security.PrivilegedExceptionAction<>() { public InetAddress run() throws java.net.UnknownHostException { return InetAddress.getByName(finalHost); @@ -2566,7 +2566,7 @@ if (p != null) { try { return AccessController.doPrivileged( - new PrivilegedExceptionAction<Boolean>() { + new PrivilegedExceptionAction<>() { public Boolean run() throws IOException { return followRedirect0(loc, stat, locUrl0); }
--- a/src/java.base/share/classes/sun/net/www/protocol/jar/URLJarFile.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/net/www/protocol/jar/URLJarFile.java Thu Apr 23 16:10:19 2015 -0700 @@ -213,7 +213,7 @@ /* get the stream before asserting privileges */ try (final InputStream in = url.openConnection().getInputStream()) { result = AccessController.doPrivileged( - new PrivilegedExceptionAction<JarFile>() { + new PrivilegedExceptionAction<>() { public JarFile run() throws IOException { Path tmpFile = Files.createTempFile("jar_cache", null); try {
--- a/src/java.base/share/classes/sun/nio/ch/AsynchronousChannelGroupImpl.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/nio/ch/AsynchronousChannelGroupImpl.java Thu Apr 23 16:10:19 2015 -0700 @@ -76,7 +76,7 @@ this.pool = pool; if (pool.isFixedThreadPool()) { - taskQueue = new ConcurrentLinkedQueue<Runnable>(); + taskQueue = new ConcurrentLinkedQueue<>(); } else { taskQueue = null; // not used } @@ -115,7 +115,7 @@ } private void startInternalThread(final Runnable task) { - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Void run() { // internal threads should not be visible to application so @@ -246,7 +246,7 @@ abstract void shutdownHandlerTasks(); private void shutdownExecutors() { - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { pool.executor().shutdown(); timeoutExecutor.shutdown(); @@ -323,7 +323,7 @@ task = new Runnable() { @Override public void run() { - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Void run() { delegate.run();
--- a/src/java.base/share/classes/sun/nio/ch/AsynchronousServerSocketChannelImpl.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/nio/ch/AsynchronousServerSocketChannelImpl.java Thu Apr 23 16:10:19 2015 -0700 @@ -228,7 +228,7 @@ static final Set<SocketOption<?>> defaultOptions = defaultOptions(); private static Set<SocketOption<?>> defaultOptions() { - HashSet<SocketOption<?>> set = new HashSet<SocketOption<?>>(2); + HashSet<SocketOption<?>> set = new HashSet<>(2); set.add(StandardSocketOptions.SO_RCVBUF); set.add(StandardSocketOptions.SO_REUSEADDR); return Collections.unmodifiableSet(set);
--- a/src/java.base/share/classes/sun/nio/ch/AsynchronousSocketChannelImpl.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/nio/ch/AsynchronousSocketChannelImpl.java Thu Apr 23 16:10:19 2015 -0700 @@ -503,7 +503,7 @@ static final Set<SocketOption<?>> defaultOptions = defaultOptions(); private static Set<SocketOption<?>> defaultOptions() { - HashSet<SocketOption<?>> set = new HashSet<SocketOption<?>>(5); + HashSet<SocketOption<?>> set = new HashSet<>(5); set.add(StandardSocketOptions.SO_SNDBUF); set.add(StandardSocketOptions.SO_RCVBUF); set.add(StandardSocketOptions.SO_KEEPALIVE);
--- a/src/java.base/share/classes/sun/nio/ch/DatagramChannelImpl.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/nio/ch/DatagramChannelImpl.java Thu Apr 23 16:10:19 2015 -0700 @@ -294,7 +294,7 @@ static final Set<SocketOption<?>> defaultOptions = defaultOptions(); private static Set<SocketOption<?>> defaultOptions() { - HashSet<SocketOption<?>> set = new HashSet<SocketOption<?>>(8); + HashSet<SocketOption<?>> set = new HashSet<>(8); set.add(StandardSocketOptions.SO_SNDBUF); set.add(StandardSocketOptions.SO_RCVBUF); set.add(StandardSocketOptions.SO_REUSEADDR);
--- a/src/java.base/share/classes/sun/nio/ch/MembershipKeyImpl.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/nio/ch/MembershipKeyImpl.java Thu Apr 23 16:10:19 2015 -0700 @@ -184,7 +184,7 @@ // created blocked set if required and add source address if (blockedSet == null) - blockedSet = new HashSet<InetAddress>(); + blockedSet = new HashSet<>(); blockedSet.add(toBlock); } return this;
--- a/src/java.base/share/classes/sun/nio/ch/MembershipRegistry.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/nio/ch/MembershipRegistry.java Thu Apr 23 16:10:19 2015 -0700 @@ -84,13 +84,13 @@ InetAddress group = key.group(); List<MembershipKeyImpl> keys; if (groups == null) { - groups = new HashMap<InetAddress,List<MembershipKeyImpl>>(); + groups = new HashMap<>(); keys = null; } else { keys = groups.get(group); } if (keys == null) { - keys = new LinkedList<MembershipKeyImpl>(); + keys = new LinkedList<>(); groups.put(group, keys); } keys.add(key);
--- a/src/java.base/share/classes/sun/nio/ch/SelectorImpl.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/nio/ch/SelectorImpl.java Thu Apr 23 16:10:19 2015 -0700 @@ -52,8 +52,8 @@ protected SelectorImpl(SelectorProvider sp) { super(sp); - keys = new HashSet<SelectionKey>(); - selectedKeys = new HashSet<SelectionKey>(); + keys = new HashSet<>(); + selectedKeys = new HashSet<>(); if (Util.atBugLevel("1.4")) { publicKeys = keys; publicSelectedKeys = selectedKeys;
--- a/src/java.base/share/classes/sun/nio/ch/ServerSocketChannelImpl.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/nio/ch/ServerSocketChannelImpl.java Thu Apr 23 16:10:19 2015 -0700 @@ -182,7 +182,7 @@ static final Set<SocketOption<?>> defaultOptions = defaultOptions(); private static Set<SocketOption<?>> defaultOptions() { - HashSet<SocketOption<?>> set = new HashSet<SocketOption<?>>(2); + HashSet<SocketOption<?>> set = new HashSet<>(2); set.add(StandardSocketOptions.SO_RCVBUF); set.add(StandardSocketOptions.SO_REUSEADDR); set.add(StandardSocketOptions.IP_TOS);
--- a/src/java.base/share/classes/sun/nio/ch/SocketChannelImpl.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/nio/ch/SocketChannelImpl.java Thu Apr 23 16:10:19 2015 -0700 @@ -229,7 +229,7 @@ static final Set<SocketOption<?>> defaultOptions = defaultOptions(); private static Set<SocketOption<?>> defaultOptions() { - HashSet<SocketOption<?>> set = new HashSet<SocketOption<?>>(8); + HashSet<SocketOption<?>> set = new HashSet<>(8); set.add(StandardSocketOptions.SO_SNDBUF); set.add(StandardSocketOptions.SO_RCVBUF); set.add(StandardSocketOptions.SO_KEEPALIVE);
--- a/src/java.base/share/classes/sun/nio/cs/CharsetMapping.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/nio/cs/CharsetMapping.java Thu Apr 23 16:10:19 2015 -0700 @@ -135,7 +135,7 @@ // init the CharsetMapping object from the .dat binary file public static CharsetMapping get(final InputStream is) { - return AccessController.doPrivileged(new PrivilegedAction<CharsetMapping>() { + return AccessController.doPrivileged(new PrivilegedAction<>() { public CharsetMapping run() { return new CharsetMapping().load(is); }
--- a/src/java.base/share/classes/sun/nio/fs/AbstractPoller.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/nio/fs/AbstractPoller.java Thu Apr 23 16:10:19 2015 -0700 @@ -48,7 +48,7 @@ private boolean shutdown; protected AbstractPoller() { - this.requestList = new LinkedList<Request>(); + this.requestList = new LinkedList<>(); this.shutdown = false; } @@ -57,7 +57,7 @@ */ public void start() { final Runnable thisRunnable = this; - AccessController.doPrivileged(new PrivilegedAction<Object>() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Object run() { Thread thr = new ManagedLocalsThread(thisRunnable);
--- a/src/java.base/share/classes/sun/nio/fs/AbstractWatchKey.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/nio/fs/AbstractWatchKey.java Thu Apr 23 16:10:19 2015 -0700 @@ -70,8 +70,8 @@ this.watcher = watcher; this.dir = dir; this.state = State.READY; - this.events = new ArrayList<WatchEvent<?>>(); - this.lastModifyEvents = new HashMap<Object,WatchEvent<?>>(); + this.events = new ArrayList<>(); + this.lastModifyEvents = new HashMap<>(); } final AbstractWatchService watcher() { @@ -146,7 +146,7 @@ // non-repeated event Event<Object> ev = - new Event<Object>((WatchEvent.Kind<Object>)kind, context); + new Event<>((WatchEvent.Kind<Object>)kind, context); if (isModify) { lastModifyEvents.put(context, ev); } else if (kind == StandardWatchEventKinds.OVERFLOW) { @@ -163,7 +163,7 @@ public final List<WatchEvent<?>> pollEvents() { synchronized (this) { List<WatchEvent<?>> result = events; - events = new ArrayList<WatchEvent<?>>(); + events = new ArrayList<>(); lastModifyEvents.clear(); return result; }
--- a/src/java.base/share/classes/sun/reflect/ReflectionFactory.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/reflect/ReflectionFactory.java Thu Apr 23 16:10:19 2015 -0700 @@ -375,7 +375,7 @@ private static void checkInitted() { if (initted) return; AccessController.doPrivileged( - new PrivilegedAction<Void>() { + new PrivilegedAction<>() { public Void run() { // Tests to ensure the system properties table is fully // initialized. This is needed because reflection code is
--- a/src/java.base/share/classes/sun/reflect/annotation/AnnotationType.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/reflect/annotation/AnnotationType.java Thu Apr 23 16:10:19 2015 -0700 @@ -106,16 +106,16 @@ throw new IllegalArgumentException("Not an annotation type"); Method[] methods = - AccessController.doPrivileged(new PrivilegedAction<Method[]>() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Method[] run() { // Initialize memberTypes and defaultValues return annotationClass.getDeclaredMethods(); } }); - memberTypes = new HashMap<String,Class<?>>(methods.length+1, 1.0f); - memberDefaults = new HashMap<String, Object>(0); - members = new HashMap<String, Method>(methods.length+1, 1.0f); + memberTypes = new HashMap<>(methods.length+1, 1.0f); + memberDefaults = new HashMap<>(0); + members = new HashMap<>(methods.length+1, 1.0f); for (Method method : methods) { if (method.getParameterTypes().length != 0)
--- a/src/java.base/share/classes/sun/security/provider/certpath/Builder.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/security/provider/certpath/Builder.java Thu Apr 23 16:10:19 2015 -0700 @@ -102,8 +102,8 @@ /** * Verifies whether the input certificate completes the path. - * When building forward, a trust anchor will complete the path. - * When building reverse, the target certificate will complete the path. + * When building in the forward direction, a trust anchor will + * complete the path. * * @param cert the certificate to test * @return a boolean value indicating whether the cert completes the path.
--- a/src/java.base/share/classes/sun/security/provider/certpath/PKIX.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/security/provider/certpath/PKIX.java Thu Apr 23 16:10:19 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,7 +25,6 @@ package sun.security.provider.certpath; import java.security.InvalidAlgorithmParameterException; -import java.security.KeyStore; import java.security.PublicKey; import java.security.cert.*; import java.security.interfaces.DSAPublicKey; @@ -194,7 +193,6 @@ static class BuilderParams extends ValidatorParams { private PKIXBuilderParameters params; - private boolean buildForward = true; private List<CertStore> stores; private X500Principal targetSubject; @@ -213,10 +211,6 @@ + "targetCertConstraints parameter must be an " + "X509CertSelector"); } - if (params instanceof SunCertPathBuilderParameters) { - buildForward = - ((SunCertPathBuilderParameters)params).getBuildForward(); - } this.params = params; this.targetSubject = getTargetSubject( certStores(), (X509CertSelector)targetCertConstraints()); @@ -230,7 +224,6 @@ return stores; } int maxPathLength() { return params.getMaxPathLength(); } - boolean buildForward() { return buildForward; } PKIXBuilderParameters params() { return params; } X500Principal targetSubject() { return targetSubject; }
--- a/src/java.base/share/classes/sun/security/provider/certpath/ReverseBuilder.java Thu Apr 23 10:43:35 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,551 +0,0 @@ -/* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.provider.certpath; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.security.Principal; -import java.security.cert.CertificateException; -import java.security.cert.CertPathValidatorException; -import java.security.cert.CertStore; -import java.security.cert.CertStoreException; -import java.security.cert.PKIXBuilderParameters; -import java.security.cert.PKIXCertPathChecker; -import java.security.cert.PKIXParameters; -import java.security.cert.PKIXReason; -import java.security.cert.TrustAnchor; -import java.security.cert.X509Certificate; -import java.security.cert.X509CertSelector; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.Comparator; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.LinkedList; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import sun.security.provider.certpath.PKIX.BuilderParams; -import sun.security.util.Debug; -import sun.security.x509.Extension; -import static sun.security.x509.PKIXExtensions.*; -import sun.security.x509.X500Name; -import sun.security.x509.X509CertImpl; -import sun.security.x509.PolicyMappingsExtension; - -/** - * This class represents a reverse builder, which is able to retrieve - * matching certificates from CertStores and verify a particular certificate - * against a ReverseState. - * - * @since 1.4 - * @author Sean Mullan - * @author Yassir Elley - */ - -class ReverseBuilder extends Builder { - - private Debug debug = Debug.getInstance("certpath"); - - private final Set<String> initPolicies; - - /** - * Initialize the builder with the input parameters. - * - * @param params the parameter set used to build a certification path - */ - ReverseBuilder(BuilderParams buildParams) { - super(buildParams); - - Set<String> initialPolicies = buildParams.initialPolicies(); - initPolicies = new HashSet<String>(); - if (initialPolicies.isEmpty()) { - // if no initialPolicies are specified by user, set - // initPolicies to be anyPolicy by default - initPolicies.add(PolicyChecker.ANY_POLICY); - } else { - initPolicies.addAll(initialPolicies); - } - } - - /** - * Retrieves all certs from the specified CertStores that satisfy the - * requirements specified in the parameters and the current - * PKIX state (name constraints, policy constraints, etc). - * - * @param currentState the current state. - * Must be an instance of <code>ReverseState</code> - * @param certStores list of CertStores - */ - @Override - Collection<X509Certificate> getMatchingCerts - (State currState, List<CertStore> certStores) - throws CertStoreException, CertificateException, IOException - { - ReverseState currentState = (ReverseState) currState; - - if (debug != null) - debug.println("In ReverseBuilder.getMatchingCerts."); - - /* - * The last certificate could be an EE or a CA certificate - * (we may be building a partial certification path or - * establishing trust in a CA). - * - * Try the EE certs before the CA certs. It will be more - * common to build a path to an end entity. - */ - Collection<X509Certificate> certs = - getMatchingEECerts(currentState, certStores); - certs.addAll(getMatchingCACerts(currentState, certStores)); - - return certs; - } - - /* - * Retrieves all end-entity certificates which satisfy constraints - * and requirements specified in the parameters and PKIX state. - */ - private Collection<X509Certificate> getMatchingEECerts - (ReverseState currentState, List<CertStore> certStores) - throws CertStoreException, CertificateException, IOException { - - /* - * Compose a CertSelector to filter out - * certs which do not satisfy requirements. - * - * First, retrieve clone of current target cert constraints, and - * then add more selection criteria based on current validation state. - */ - X509CertSelector sel = (X509CertSelector) targetCertConstraints.clone(); - - /* - * Match on issuer (subject of previous cert) - */ - sel.setIssuer(currentState.subjectDN); - - /* - * Match on certificate validity date. - */ - sel.setCertificateValid(buildParams.date()); - - /* - * Policy processing optimizations - */ - if (currentState.explicitPolicy == 0) - sel.setPolicy(getMatchingPolicies()); - - /* - * If previous cert has a subject key identifier extension, - * use it to match on authority key identifier extension. - */ - /*if (currentState.subjKeyId != null) { - AuthorityKeyIdentifierExtension authKeyId = new AuthorityKeyIdentifierExtension( - (KeyIdentifier) currentState.subjKeyId.get(SubjectKeyIdentifierExtension.KEY_ID), - null, null); - sel.setAuthorityKeyIdentifier(authKeyId.getExtensionValue()); - }*/ - - /* - * Require EE certs - */ - sel.setBasicConstraints(-2); - - /* Retrieve matching certs from CertStores */ - HashSet<X509Certificate> eeCerts = new HashSet<>(); - addMatchingCerts(sel, certStores, eeCerts, true); - - if (debug != null) { - debug.println("ReverseBuilder.getMatchingEECerts got " - + eeCerts.size() + " certs."); - } - return eeCerts; - } - - /* - * Retrieves all CA certificates which satisfy constraints - * and requirements specified in the parameters and PKIX state. - */ - private Collection<X509Certificate> getMatchingCACerts - (ReverseState currentState, List<CertStore> certStores) - throws CertificateException, CertStoreException, IOException { - - /* - * Compose a CertSelector to filter out - * certs which do not satisfy requirements. - */ - X509CertSelector sel = new X509CertSelector(); - - /* - * Match on issuer (subject of previous cert) - */ - sel.setIssuer(currentState.subjectDN); - - /* - * Match on certificate validity date. - */ - sel.setCertificateValid(buildParams.date()); - - /* - * Match on target subject name (checks that current cert's - * name constraints permit it to certify target). - * (4 is the integer type for DIRECTORY name). - */ - byte[] subject = targetCertConstraints.getSubjectAsBytes(); - if (subject != null) { - sel.addPathToName(4, subject); - } else { - X509Certificate cert = targetCertConstraints.getCertificate(); - if (cert != null) { - sel.addPathToName(4, - cert.getSubjectX500Principal().getEncoded()); - } - } - - /* - * Policy processing optimizations - */ - if (currentState.explicitPolicy == 0) - sel.setPolicy(getMatchingPolicies()); - - /* - * If previous cert has a subject key identifier extension, - * use it to match on authority key identifier extension. - */ - /*if (currentState.subjKeyId != null) { - AuthorityKeyIdentifierExtension authKeyId = new AuthorityKeyIdentifierExtension( - (KeyIdentifier) currentState.subjKeyId.get(SubjectKeyIdentifierExtension.KEY_ID), - null, null); - sel.setAuthorityKeyIdentifier(authKeyId.getExtensionValue()); - }*/ - - /* - * Require CA certs - */ - sel.setBasicConstraints(0); - - /* Retrieve matching certs from CertStores */ - ArrayList<X509Certificate> reverseCerts = new ArrayList<>(); - addMatchingCerts(sel, certStores, reverseCerts, true); - - /* Sort remaining certs using name constraints */ - Collections.sort(reverseCerts, new PKIXCertComparator()); - - if (debug != null) - debug.println("ReverseBuilder.getMatchingCACerts got " + - reverseCerts.size() + " certs."); - return reverseCerts; - } - - /* - * This inner class compares 2 PKIX certificates according to which - * should be tried first when building a path to the target. For - * now, the algorithm is to look at name constraints in each cert and those - * which constrain the path closer to the target should be - * ranked higher. Later, we may want to consider other components, - * such as key identifiers. - */ - class PKIXCertComparator implements Comparator<X509Certificate> { - - private Debug debug = Debug.getInstance("certpath"); - - @Override - public int compare(X509Certificate cert1, X509Certificate cert2) { - - /* - * if either cert certifies the target, always - * put at head of list. - */ - X500Principal targetSubject = buildParams.targetSubject(); - if (cert1.getSubjectX500Principal().equals(targetSubject)) { - return -1; - } - if (cert2.getSubjectX500Principal().equals(targetSubject)) { - return 1; - } - - int targetDist1; - int targetDist2; - try { - X500Name targetSubjectName = X500Name.asX500Name(targetSubject); - targetDist1 = Builder.targetDistance( - null, cert1, targetSubjectName); - targetDist2 = Builder.targetDistance( - null, cert2, targetSubjectName); - } catch (IOException e) { - if (debug != null) { - debug.println("IOException in call to Builder.targetDistance"); - e.printStackTrace(); - } - throw new ClassCastException - ("Invalid target subject distinguished name"); - } - - if (targetDist1 == targetDist2) - return 0; - - if (targetDist1 == -1) - return 1; - - if (targetDist1 < targetDist2) - return -1; - - return 1; - } - } - - /** - * Verifies a matching certificate. - * - * This method executes any of the validation steps in the PKIX path validation - * algorithm which were not satisfied via filtering out non-compliant - * certificates with certificate matching rules. - * - * If the last certificate is being verified (the one whose subject - * matches the target subject, then the steps in Section 6.1.4 of the - * Certification Path Validation algorithm are NOT executed, - * regardless of whether or not the last cert is an end-entity - * cert or not. This allows callers to certify CA certs as - * well as EE certs. - * - * @param cert the certificate to be verified - * @param currentState the current state against which the cert is verified - * @param certPathList the certPathList generated thus far - */ - @Override - void verifyCert(X509Certificate cert, State currState, - List<X509Certificate> certPathList) - throws GeneralSecurityException - { - if (debug != null) { - debug.println("ReverseBuilder.verifyCert(SN: " - + Debug.toHexString(cert.getSerialNumber()) - + "\n Subject: " + cert.getSubjectX500Principal() + ")"); - } - - ReverseState currentState = (ReverseState) currState; - - /* we don't perform any validation of the trusted cert */ - if (currentState.isInitial()) { - return; - } - - // Don't bother to verify untrusted certificate more. - currentState.untrustedChecker.check(cert, - Collections.<String>emptySet()); - - /* - * check for looping - abort a loop if - * ((we encounter the same certificate twice) AND - * ((policyMappingInhibited = true) OR (no policy mapping - * extensions can be found between the occurrences of the same - * certificate))) - * in order to facilitate the check to see if there are - * any policy mapping extensions found between the occurrences - * of the same certificate, we reverse the certpathlist first - */ - if ((certPathList != null) && (!certPathList.isEmpty())) { - List<X509Certificate> reverseCertList = new ArrayList<>(); - for (X509Certificate c : certPathList) { - reverseCertList.add(0, c); - } - - boolean policyMappingFound = false; - for (X509Certificate cpListCert : reverseCertList) { - X509CertImpl cpListCertImpl = X509CertImpl.toImpl(cpListCert); - PolicyMappingsExtension policyMappingsExt = - cpListCertImpl.getPolicyMappingsExtension(); - if (policyMappingsExt != null) { - policyMappingFound = true; - } - if (debug != null) - debug.println("policyMappingFound = " + policyMappingFound); - if (cert.equals(cpListCert)) { - if ((buildParams.policyMappingInhibited()) || - (!policyMappingFound)){ - if (debug != null) - debug.println("loop detected!!"); - throw new CertPathValidatorException("loop detected"); - } - } - } - } - - /* check if target cert */ - boolean finalCert = cert.getSubjectX500Principal().equals(buildParams.targetSubject()); - - /* check if CA cert */ - boolean caCert = (cert.getBasicConstraints() != -1 ? true : false); - - /* if there are more certs to follow, verify certain constraints */ - if (!finalCert) { - - /* check if CA cert */ - if (!caCert) - throw new CertPathValidatorException("cert is NOT a CA cert"); - - /* If the certificate was not self-issued, verify that - * remainingCerts is greater than zero - */ - if ((currentState.remainingCACerts <= 0) && !X509CertImpl.isSelfIssued(cert)) { - throw new CertPathValidatorException - ("pathLenConstraint violated, path too long", null, - null, -1, PKIXReason.PATH_TOO_LONG); - } - - /* - * Check keyUsage extension (only if CA cert and not final cert) - */ - KeyChecker.verifyCAKeyUsage(cert); - - } else { - - /* - * If final cert, check that it satisfies specified target - * constraints - */ - if (targetCertConstraints.match(cert) == false) { - throw new CertPathValidatorException("target certificate " + - "constraints check failed"); - } - } - - /* - * Check revocation. - */ - if (buildParams.revocationEnabled() && currentState.revChecker != null) { - currentState.revChecker.check(cert, Collections.<String>emptySet()); - } - - /* Check name constraints if this is not a self-issued cert */ - if (finalCert || !X509CertImpl.isSelfIssued(cert)){ - if (currentState.nc != null) { - try { - if (!currentState.nc.verify(cert)){ - throw new CertPathValidatorException - ("name constraints check failed", null, null, -1, - PKIXReason.INVALID_NAME); - } - } catch (IOException ioe) { - throw new CertPathValidatorException(ioe); - } - } - } - - /* - * Check policy - */ - X509CertImpl certImpl = X509CertImpl.toImpl(cert); - currentState.rootNode = PolicyChecker.processPolicies - (currentState.certIndex, initPolicies, - currentState.explicitPolicy, currentState.policyMapping, - currentState.inhibitAnyPolicy, - buildParams.policyQualifiersRejected(), currentState.rootNode, - certImpl, finalCert); - - /* - * Check CRITICAL private extensions - */ - Set<String> unresolvedCritExts = cert.getCriticalExtensionOIDs(); - if (unresolvedCritExts == null) { - unresolvedCritExts = Collections.<String>emptySet(); - } - - /* - * Check that the signature algorithm is not disabled. - */ - currentState.algorithmChecker.check(cert, unresolvedCritExts); - - for (PKIXCertPathChecker checker : currentState.userCheckers) { - checker.check(cert, unresolvedCritExts); - } - - /* - * Look at the remaining extensions and remove any ones we have - * already checked. If there are any left, throw an exception! - */ - if (!unresolvedCritExts.isEmpty()) { - unresolvedCritExts.remove(BasicConstraints_Id.toString()); - unresolvedCritExts.remove(NameConstraints_Id.toString()); - unresolvedCritExts.remove(CertificatePolicies_Id.toString()); - unresolvedCritExts.remove(PolicyMappings_Id.toString()); - unresolvedCritExts.remove(PolicyConstraints_Id.toString()); - unresolvedCritExts.remove(InhibitAnyPolicy_Id.toString()); - unresolvedCritExts.remove(SubjectAlternativeName_Id.toString()); - unresolvedCritExts.remove(KeyUsage_Id.toString()); - unresolvedCritExts.remove(ExtendedKeyUsage_Id.toString()); - - if (!unresolvedCritExts.isEmpty()) - throw new CertPathValidatorException - ("Unrecognized critical extension(s)", null, null, -1, - PKIXReason.UNRECOGNIZED_CRIT_EXT); - } - - /* - * Check signature. - */ - if (buildParams.sigProvider() != null) { - cert.verify(currentState.pubKey, buildParams.sigProvider()); - } else { - cert.verify(currentState.pubKey); - } - } - - /** - * Verifies whether the input certificate completes the path. - * This checks whether the cert is the target certificate. - * - * @param cert the certificate to test - * @return a boolean value indicating whether the cert completes the path. - */ - @Override - boolean isPathCompleted(X509Certificate cert) { - return cert.getSubjectX500Principal().equals(buildParams.targetSubject()); - } - - /** Adds the certificate to the certPathList - * - * @param cert the certificate to be added - * @param certPathList the certification path list - */ - @Override - void addCertToPath(X509Certificate cert, - LinkedList<X509Certificate> certPathList) { - certPathList.addLast(cert); - } - - /** Removes final certificate from the certPathList - * - * @param certPathList the certification path list - */ - @Override - void removeFinalCertFromPath(LinkedList<X509Certificate> certPathList) { - certPathList.removeLast(); - } -}
--- a/src/java.base/share/classes/sun/security/provider/certpath/ReverseState.java Thu Apr 23 10:43:35 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,406 +0,0 @@ -/* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.provider.certpath; - -import java.io.IOException; -import java.security.PublicKey; -import java.security.cert.CertificateException; -import java.security.cert.CertPathValidatorException; -import java.security.cert.PKIXCertPathChecker; -import java.security.cert.PKIXRevocationChecker; -import java.security.cert.TrustAnchor; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.List; -import java.util.ListIterator; -import java.util.Set; -import javax.security.auth.x500.X500Principal; - -import sun.security.provider.certpath.PKIX.BuilderParams; -import sun.security.util.Debug; -import sun.security.x509.NameConstraintsExtension; -import sun.security.x509.SubjectKeyIdentifierExtension; -import sun.security.x509.X509CertImpl; - -/** - * A specification of a reverse PKIX validation state - * which is initialized by each build and updated each time a - * certificate is added to the current path. - * @since 1.4 - * @author Sean Mullan - * @author Yassir Elley - */ - -class ReverseState implements State { - - private static final Debug debug = Debug.getInstance("certpath"); - - /* The subject DN of the last cert in the path */ - X500Principal subjectDN; - - /* The subject public key of the last cert */ - PublicKey pubKey; - - /* The subject key identifier extension (if any) of the last cert */ - SubjectKeyIdentifierExtension subjKeyId; - - /* The PKIX constrained/excluded subtrees state variable */ - NameConstraintsExtension nc; - - /* The PKIX explicit policy, policy mapping, and inhibit_any-policy - state variables */ - int explicitPolicy; - int policyMapping; - int inhibitAnyPolicy; - int certIndex; - PolicyNodeImpl rootNode; - - /* The number of remaining CA certs which may follow in the path. - * -1: previous cert was an EE cert - * 0: only EE certs may follow. - * >0 and <Integer.MAX_VALUE:no more than this number of CA certs may follow - * Integer.MAX_VALUE: unlimited - */ - int remainingCACerts; - - /* The list of user-defined checkers retrieved from the PKIXParameters - * instance */ - ArrayList<PKIXCertPathChecker> userCheckers; - - /* Flag indicating if state is initial (path is just starting) */ - private boolean init = true; - - /* the checker used for revocation status */ - RevocationChecker revChecker; - - /* the algorithm checker */ - AlgorithmChecker algorithmChecker; - - /* the untrusted certificates checker */ - UntrustedChecker untrustedChecker; - - /* the trust anchor used to validate the path */ - TrustAnchor trustAnchor; - - /* Flag indicating if current cert can vouch for the CRL for - * the next cert - */ - boolean crlSign = true; - - /** - * Returns a boolean flag indicating if the state is initial - * (just starting) - * - * @return boolean flag indicating if the state is initial (just starting) - */ - @Override - public boolean isInitial() { - return init; - } - - /** - * Display state for debugging purposes - */ - @Override - public String toString() { - StringBuilder sb = new StringBuilder(); - sb.append("State ["); - sb.append("\n subjectDN of last cert: ").append(subjectDN); - sb.append("\n subjectKeyIdentifier: ").append - (String.valueOf(subjKeyId)); - sb.append("\n nameConstraints: ").append(String.valueOf(nc)); - sb.append("\n certIndex: ").append(certIndex); - sb.append("\n explicitPolicy: ").append(explicitPolicy); - sb.append("\n policyMapping: ").append(policyMapping); - sb.append("\n inhibitAnyPolicy: ").append(inhibitAnyPolicy); - sb.append("\n rootNode: ").append(rootNode); - sb.append("\n remainingCACerts: ").append(remainingCACerts); - sb.append("\n crlSign: ").append(crlSign); - sb.append("\n init: ").append(init); - sb.append("\n]\n"); - return sb.toString(); - } - - /** - * Initialize the state. - * - * @param buildParams builder parameters - */ - public void initState(BuilderParams buildParams) - throws CertPathValidatorException - { - /* - * Initialize number of remainingCACerts. - * Note that -1 maxPathLen implies unlimited. - * 0 implies only an EE cert is acceptable. - */ - int maxPathLen = buildParams.maxPathLength(); - remainingCACerts = (maxPathLen == -1) ? Integer.MAX_VALUE - : maxPathLen; - - /* Initialize explicit policy state variable */ - if (buildParams.explicitPolicyRequired()) { - explicitPolicy = 0; - } else { - // unconstrained if maxPathLen is -1, - // otherwise, we want to initialize this to the value of the - // longest possible path + 1 (i.e. maxpathlen + finalcert + 1) - explicitPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2; - } - - /* Initialize policy mapping state variable */ - if (buildParams.policyMappingInhibited()) { - policyMapping = 0; - } else { - policyMapping = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2; - } - - /* Initialize inhibit any policy state variable */ - if (buildParams.anyPolicyInhibited()) { - inhibitAnyPolicy = 0; - } else { - inhibitAnyPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2; - } - - /* Initialize certIndex */ - certIndex = 1; - - /* Initialize policy tree */ - Set<String> initExpPolSet = new HashSet<>(1); - initExpPolSet.add(PolicyChecker.ANY_POLICY); - - rootNode = new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null, - false, initExpPolSet, false); - - /* - * Initialize each user-defined checker - * Shallow copy the checkers - */ - userCheckers = new ArrayList<>(buildParams.certPathCheckers()); - /* initialize each checker (just in case) */ - for (PKIXCertPathChecker checker : userCheckers) { - checker.init(false); - } - - /* Start by trusting the cert to sign CRLs */ - crlSign = true; - - init = true; - } - - /** - * Update the state with the specified trust anchor. - * - * @param anchor the most-trusted CA - * @param buildParams builder parameters - */ - public void updateState(TrustAnchor anchor, BuilderParams buildParams) - throws CertificateException, IOException, CertPathValidatorException - { - trustAnchor = anchor; - X509Certificate trustedCert = anchor.getTrustedCert(); - if (trustedCert != null) { - updateState(trustedCert); - } else { - X500Principal caName = anchor.getCA(); - updateState(anchor.getCAPublicKey(), caName); - } - - // The user specified AlgorithmChecker and RevocationChecker may not be - // able to set the trust anchor until now. - boolean revCheckerAdded = false; - for (PKIXCertPathChecker checker : userCheckers) { - if (checker instanceof AlgorithmChecker) { - ((AlgorithmChecker)checker).trySetTrustAnchor(anchor); - } else if (checker instanceof PKIXRevocationChecker) { - if (revCheckerAdded) { - throw new CertPathValidatorException( - "Only one PKIXRevocationChecker can be specified"); - } - // if it's our own, initialize it - if (checker instanceof RevocationChecker) { - ((RevocationChecker)checker).init(anchor, buildParams); - } - ((PKIXRevocationChecker)checker).init(false); - revCheckerAdded = true; - } - } - - // only create a RevocationChecker if revocation is enabled and - // a PKIXRevocationChecker has not already been added - if (buildParams.revocationEnabled() && !revCheckerAdded) { - revChecker = new RevocationChecker(anchor, buildParams); - revChecker.init(false); - } - - init = false; - } - - /** - * Update the state. This method is used when the most-trusted CA is - * a trusted public-key and caName, instead of a trusted cert. - * - * @param pubKey the public key of the trusted CA - * @param subjectDN the subject distinguished name of the trusted CA - */ - private void updateState(PublicKey pubKey, X500Principal subjectDN) { - - /* update subject DN */ - this.subjectDN = subjectDN; - - /* update subject public key */ - this.pubKey = pubKey; - } - - /** - * Update the state with the next certificate added to the path. - * - * @param cert the certificate which is used to update the state - */ - public void updateState(X509Certificate cert) - throws CertificateException, IOException, CertPathValidatorException { - - if (cert == null) { - return; - } - - /* update subject DN */ - subjectDN = cert.getSubjectX500Principal(); - - /* check for key needing to inherit alg parameters */ - X509CertImpl icert = X509CertImpl.toImpl(cert); - PublicKey newKey = cert.getPublicKey(); - if (PKIX.isDSAPublicKeyWithoutParams(newKey)) { - newKey = BasicChecker.makeInheritedParamsKey(newKey, pubKey); - } - - /* update subject public key */ - pubKey = newKey; - - /* - * if this is a trusted cert (init == true), then we - * don't update any of the remaining fields - */ - if (init) { - init = false; - return; - } - - /* update subject key identifier */ - subjKeyId = icert.getSubjectKeyIdentifierExtension(); - - /* update crlSign */ - crlSign = RevocationChecker.certCanSignCrl(cert); - - /* update current name constraints */ - if (nc != null) { - nc.merge(icert.getNameConstraintsExtension()); - } else { - nc = icert.getNameConstraintsExtension(); - if (nc != null) { - // Make sure we do a clone here, because we're probably - // going to modify this object later and we don't want to - // be sharing it with a Certificate object! - nc = (NameConstraintsExtension) nc.clone(); - } - } - - /* update policy state variables */ - explicitPolicy = - PolicyChecker.mergeExplicitPolicy(explicitPolicy, icert, false); - policyMapping = - PolicyChecker.mergePolicyMapping(policyMapping, icert); - inhibitAnyPolicy = - PolicyChecker.mergeInhibitAnyPolicy(inhibitAnyPolicy, icert); - certIndex++; - - /* - * Update remaining CA certs - */ - remainingCACerts = - ConstraintsChecker.mergeBasicConstraints(cert, remainingCACerts); - - init = false; - } - - /** - * Returns a boolean flag indicating if a key lacking necessary key - * algorithm parameters has been encountered. - * - * @return boolean flag indicating if key lacking parameters encountered. - */ - @Override - public boolean keyParamsNeeded() { - /* when building in reverse, we immediately get parameters needed - * or else throw an exception - */ - return false; - } - - /* - * Clone current state. The state is cloned as each cert is - * added to the path. This is necessary if backtracking occurs, - * and a prior state needs to be restored. - * - * Note that this is a SMART clone. Not all fields are fully copied, - * because some of them (e.g., subjKeyId) will - * not have their contents modified by subsequent calls to updateState. - */ - @Override - @SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly - public Object clone() { - try { - ReverseState clonedState = (ReverseState) super.clone(); - - /* clone checkers, if cloneable */ - clonedState.userCheckers = - (ArrayList<PKIXCertPathChecker>)userCheckers.clone(); - ListIterator<PKIXCertPathChecker> li = - clonedState.userCheckers.listIterator(); - while (li.hasNext()) { - PKIXCertPathChecker checker = li.next(); - if (checker instanceof Cloneable) { - li.set((PKIXCertPathChecker)checker.clone()); - } - } - - /* make copy of name constraints */ - if (nc != null) { - clonedState.nc = (NameConstraintsExtension) nc.clone(); - } - - /* make copy of policy tree */ - if (rootNode != null) { - clonedState.rootNode = rootNode.copyTree(); - } - - return clonedState; - } catch (CloneNotSupportedException e) { - throw new InternalError(e.toString(), e); - } - } -}
--- a/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java Thu Apr 23 16:10:19 2015 -0700 @@ -35,8 +35,6 @@ import java.util.ArrayList; import java.util.Collection; import java.util.Collections; -import java.util.HashSet; -import java.util.Iterator; import java.util.List; import java.util.LinkedList; import java.util.Set; @@ -47,8 +45,7 @@ import sun.security.util.Debug; /** - * This class is able to build certification paths in either the forward - * or reverse directions. + * This class builds certification paths in the forward direction. * * <p> If successful, it returns a certification path which has successfully * satisfied all the constraints and requirements specified in the @@ -102,10 +99,8 @@ /** * Attempts to build a certification path using the Sun build * algorithm from a trusted anchor(s) to a target subject, which must both - * be specified in the input parameter set. By default, this method will - * attempt to build in the forward direction. In order to build in the - * reverse direction, the caller needs to pass in an instance of - * SunCertPathBuilderParameters with the buildForward flag set to false. + * be specified in the input parameter set. This method will + * attempt to build in the forward direction: from the target to the CA. * * <p>The certification path that is constructed is validated * according to the PKIX specification. @@ -162,11 +157,7 @@ policyTreeResult = null; LinkedList<X509Certificate> certPathList = new LinkedList<>(); try { - if (buildParams.buildForward()) { - buildForward(adjList, certPathList, searchAllCertStores); - } else { - buildReverse(adjList, certPathList); - } + buildForward(adjList, certPathList, searchAllCertStores); } catch (GeneralSecurityException | IOException e) { if (debug != null) { debug.println("SunCertPathBuilder.engineBuild() exception in " @@ -210,81 +201,6 @@ } /* - * Private build reverse method. - */ - private void buildReverse(List<List<Vertex>> adjacencyList, - LinkedList<X509Certificate> certPathList) - throws GeneralSecurityException, IOException - { - if (debug != null) { - debug.println("SunCertPathBuilder.buildReverse()..."); - debug.println("SunCertPathBuilder.buildReverse() InitialPolicies: " - + buildParams.initialPolicies()); - } - - ReverseState currentState = new ReverseState(); - /* Initialize adjacency list */ - adjacencyList.clear(); - adjacencyList.add(new LinkedList<Vertex>()); - - /* - * Perform a search using each trust anchor, until a valid - * path is found - */ - Iterator<TrustAnchor> iter = buildParams.trustAnchors().iterator(); - while (iter.hasNext()) { - TrustAnchor anchor = iter.next(); - - /* check if anchor satisfies target constraints */ - if (anchorIsTarget(anchor, buildParams.targetCertConstraints())) { - this.trustAnchor = anchor; - this.pathCompleted = true; - this.finalPublicKey = anchor.getTrustedCert().getPublicKey(); - break; - } - - // skip anchor if it contains a DSA key with no DSA params - X509Certificate trustedCert = anchor.getTrustedCert(); - PublicKey pubKey = trustedCert != null ? trustedCert.getPublicKey() - : anchor.getCAPublicKey(); - - if (PKIX.isDSAPublicKeyWithoutParams(pubKey)) { - continue; - } - - /* Initialize current state */ - currentState.initState(buildParams); - currentState.updateState(anchor, buildParams); - - currentState.algorithmChecker = new AlgorithmChecker(anchor); - currentState.untrustedChecker = new UntrustedChecker(); - try { - depthFirstSearchReverse(null, currentState, - new ReverseBuilder(buildParams), - adjacencyList, certPathList); - } catch (GeneralSecurityException | IOException e) { - // continue on error if more anchors to try - if (iter.hasNext()) - continue; - else - throw e; - } - - // break out of loop if search is successful - if (pathCompleted) { - break; - } - } - - if (debug != null) { - debug.println("SunCertPathBuilder.buildReverse() returned from " - + "depthFirstSearchReverse()"); - debug.println("SunCertPathBuilder.buildReverse() " - + "certPathList.size: " + certPathList.size()); - } - } - - /* * Private build forward method. */ private void buildForward(List<List<Vertex>> adjacencyList, @@ -632,147 +548,6 @@ } /* - * This method performs a depth first search for a certification - * path while building reverse which meets the requirements set in - * the parameters object. - * It uses an adjacency list to store all certificates which were - * tried (i.e. at one time added to the path - they may not end up in - * the final path if backtracking occurs). This information can - * be used later to debug or demo the build. - * - * See "Data Structure and Algorithms, by Aho, Hopcroft, and Ullman" - * for an explanation of the DFS algorithm. - * - * @param dN the distinguished name being currently searched for certs - * @param currentState the current PKIX validation state - */ - private void depthFirstSearchReverse(X500Principal dN, - ReverseState currentState, - ReverseBuilder builder, - List<List<Vertex>> adjList, - LinkedList<X509Certificate> cpList) - throws GeneralSecurityException, IOException - { - if (debug != null) - debug.println("SunCertPathBuilder.depthFirstSearchReverse(" + dN - + ", " + currentState.toString() + ")"); - - /* - * Find all the certificates issued by dN which - * satisfy the PKIX certification path constraints. - */ - Collection<X509Certificate> certs = - builder.getMatchingCerts(currentState, buildParams.certStores()); - List<Vertex> vertices = addVertices(certs, adjList); - if (debug != null) - debug.println("SunCertPathBuilder.depthFirstSearchReverse(): " - + "certs.size=" + vertices.size()); - - /* - * For each cert in the collection, verify anything - * that hasn't been checked yet (signature, revocation, etc) - * and check for loops. Call depthFirstSearchReverse() - * recursively for each good cert. - */ - for (Vertex vertex : vertices) { - /** - * Restore state to currentState each time through the loop. - * This is important because some of the user-defined - * checkers modify the state, which MUST be restored if - * the cert eventually fails to lead to the target and - * the next matching cert is tried. - */ - ReverseState nextState = (ReverseState) currentState.clone(); - X509Certificate cert = vertex.getCertificate(); - try { - builder.verifyCert(cert, nextState, cpList); - } catch (GeneralSecurityException gse) { - if (debug != null) - debug.println("SunCertPathBuilder.depthFirstSearchReverse()" - + ": validation failed: " + gse); - vertex.setThrowable(gse); - continue; - } - - /* - * Certificate is good, add it to the path (if it isn't a - * self-signed cert) and update state - */ - if (!currentState.isInitial()) - builder.addCertToPath(cert, cpList); - // save trust anchor - this.trustAnchor = currentState.trustAnchor; - - /* - * Check if path is completed, return ASAP if so. - */ - if (builder.isPathCompleted(cert)) { - if (debug != null) - debug.println("SunCertPathBuilder.depthFirstSearchReverse()" - + ": path completed!"); - pathCompleted = true; - - PolicyNodeImpl rootNode = nextState.rootNode; - - if (rootNode == null) - policyTreeResult = null; - else { - policyTreeResult = rootNode.copyTree(); - ((PolicyNodeImpl)policyTreeResult).setImmutable(); - } - - /* - * Extract and save the final target public key - */ - finalPublicKey = cert.getPublicKey(); - if (PKIX.isDSAPublicKeyWithoutParams(finalPublicKey)) { - finalPublicKey = - BasicChecker.makeInheritedParamsKey - (finalPublicKey, currentState.pubKey); - } - - return; - } - - /* Update the PKIX state */ - nextState.updateState(cert); - - /* - * Append an entry for cert in adjacency list and - * set index for current vertex. - */ - adjList.add(new LinkedList<Vertex>()); - vertex.setIndex(adjList.size() - 1); - - /* recursively search for matching certs at next dN */ - depthFirstSearchReverse(cert.getSubjectX500Principal(), nextState, - builder, adjList, cpList); - - /* - * If path has been completed, return ASAP! - */ - if (pathCompleted) { - return; - } else { - /* - * If we get here, it means we have searched all possible - * certs issued by the dN w/o finding any matching certs. This - * means we have to backtrack to the previous cert in the path - * and try some other paths. - */ - if (debug != null) - debug.println("SunCertPathBuilder.depthFirstSearchReverse()" - + ": backtracking"); - if (!currentState.isInitial()) - builder.removeFinalCertFromPath(cpList); - } - } - if (debug != null) - debug.println("SunCertPathBuilder.depthFirstSearchReverse() all " - + "certs in this adjacency list checked"); - } - - /* * Adds a collection of matching certificates to the * adjacency list. */
--- a/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilderParameters.java Thu Apr 23 10:43:35 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,131 +0,0 @@ -/* - * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.provider.certpath; - -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.cert.*; -import java.util.Set; - -/** - * This class specifies the set of parameters used as input for the Sun - * certification path build algorithm. It is identical to PKIXBuilderParameters - * with the addition of a <code>buildForward</code> parameter which allows - * the caller to specify whether or not the path should be constructed in - * the forward direction. - * - * The default for the <code>buildForward</code> parameter is - * true, which means that the build algorithm should construct paths - * from the target subject back to the trusted anchor. - * - * @since 1.4 - * @author Sean Mullan - * @author Yassir Elley - */ -public class SunCertPathBuilderParameters extends PKIXBuilderParameters { - - private boolean buildForward = true; - - /** - * Creates an instance of <code>SunCertPathBuilderParameters</code> with the - * specified parameter values. - * - * @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s - * @param targetConstraints a <code>CertSelector</code> specifying the - * constraints on the target certificate - * @throws InvalidAlgorithmParameterException if the specified - * <code>Set</code> is empty <code>(trustAnchors.isEmpty() == true)</code> - * @throws NullPointerException if the specified <code>Set</code> is - * <code>null</code> - * @throws ClassCastException if any of the elements in the <code>Set</code> - * are not of type <code>java.security.cert.TrustAnchor</code> - */ - public SunCertPathBuilderParameters(Set<TrustAnchor> trustAnchors, - CertSelector targetConstraints) throws InvalidAlgorithmParameterException - { - super(trustAnchors, targetConstraints); - setBuildForward(true); - } - - /** - * Creates an instance of <code>SunCertPathBuilderParameters</code> that - * uses the specified <code>KeyStore</code> to populate the set - * of most-trusted CA certificates. - * - * @param keystore A keystore from which the set of most-trusted - * CA certificates will be populated. - * @param targetConstraints a <code>CertSelector</code> specifying the - * constraints on the target certificate - * @throws KeyStoreException if the keystore has not been initialized. - * @throws InvalidAlgorithmParameterException if the keystore does - * not contain at least one trusted certificate entry - * @throws NullPointerException if the keystore is <code>null</code> - */ - public SunCertPathBuilderParameters(KeyStore keystore, - CertSelector targetConstraints) - throws KeyStoreException, InvalidAlgorithmParameterException - { - super(keystore, targetConstraints); - setBuildForward(true); - } - - /** - * Returns the value of the buildForward flag. - * - * @return the value of the buildForward flag - */ - public boolean getBuildForward() { - return this.buildForward; - } - - /** - * Sets the value of the buildForward flag. If true, paths - * are built from the target subject to the trusted anchor. - * If false, paths are built from the trusted anchor to the - * target subject. The default value if not specified is true. - * - * @param buildForward the value of the buildForward flag - */ - public void setBuildForward(boolean buildForward) { - this.buildForward = buildForward; - } - - /** - * Returns a formatted string describing the parameters. - * - * @return a formatted string describing the parameters. - */ - @Override - public String toString() { - StringBuilder sb = new StringBuilder(); - sb.append("[\n"); - sb.append(super.toString()); - sb.append(" Build Forward Flag: " + String.valueOf(buildForward) + "\n"); - sb.append("]\n"); - return sb.toString(); - } -}
--- a/src/java.base/share/classes/sun/util/PreHashedMap.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/util/PreHashedMap.java Thu Apr 23 16:10:19 2015 -0700 @@ -166,14 +166,14 @@ } public Set<String> keySet() { - return new AbstractSet<String> () { + return new AbstractSet<> () { public int size() { return size; } public Iterator<String> iterator() { - return new Iterator<String>() { + return new Iterator<>() { private int i = -1; Object[] a = null; String cur = null;
--- a/src/java.base/share/classes/sun/util/logging/PlatformLogger.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/util/logging/PlatformLogger.java Thu Apr 23 16:10:19 2015 -0700 @@ -161,7 +161,7 @@ private static boolean loggingEnabled; static { loggingEnabled = AccessController.doPrivileged( - new PrivilegedAction<Boolean>() { + new PrivilegedAction<>() { public Boolean run() { String cname = System.getProperty("java.util.logging.config.class"); String fname = System.getProperty("java.util.logging.config.file");
--- a/src/java.base/share/classes/sun/util/resources/LocaleData.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/util/resources/LocaleData.java Thu Apr 23 16:10:19 2015 -0700 @@ -159,7 +159,7 @@ } public static ResourceBundle getBundle(final String baseName, final Locale locale) { - return AccessController.doPrivileged(new PrivilegedAction<ResourceBundle>() { + return AccessController.doPrivileged(new PrivilegedAction<>() { @Override public ResourceBundle run() { return ResourceBundle @@ -169,7 +169,7 @@ } private static OpenListResourceBundle getSupplementary(final String baseName, final Locale locale) { - return AccessController.doPrivileged(new PrivilegedAction<OpenListResourceBundle>() { + return AccessController.doPrivileged(new PrivilegedAction<>() { @Override public OpenListResourceBundle run() { OpenListResourceBundle rb = null;
--- a/src/java.base/share/classes/sun/util/resources/ParallelListResourceBundle.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/share/classes/sun/util/resources/ParallelListResourceBundle.java Thu Apr 23 16:10:19 2015 -0700 @@ -213,7 +213,7 @@ if (parent == null) { return set.iterator(); } - return new Iterator<String>() { + return new Iterator<>() { private Iterator<String> itr = set.iterator(); private boolean usingParent;
--- a/src/java.base/unix/classes/java/lang/ProcessEnvironment.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/unix/classes/java/lang/ProcessEnvironment.java Thu Apr 23 16:10:19 2015 -0700 @@ -99,7 +99,7 @@ /* Only for use by Runtime.exec(...String[]envp...) */ static Map<String,String> emptyEnvironment(int capacity) { - return new StringEnvironment(new HashMap<Variable,Value>(capacity)); + return new StringEnvironment(new HashMap<>(capacity)); } private static native byte[][] environ();
--- a/src/java.base/unix/classes/sun/net/PortConfig.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/unix/classes/sun/net/PortConfig.java Thu Apr 23 16:10:19 2015 -0700 @@ -42,7 +42,7 @@ static { AccessController.doPrivileged( - new java.security.PrivilegedAction<Void>() { + new java.security.PrivilegedAction<>() { public Void run() { System.loadLibrary("net"); String os = System.getProperty("os.name");
--- a/src/java.base/unix/classes/sun/net/dns/ResolverConfigurationImpl.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/unix/classes/sun/net/dns/ResolverConfigurationImpl.java Thu Apr 23 16:10:19 2015 -0700 @@ -85,6 +85,15 @@ if (val.charAt(0) == '#' || val.charAt(0) == ';') { break; } + if ("nameserver".equals(keyword)) { + if (val.indexOf(':') >= 0 && + val.indexOf('.') < 0 && // skip for IPv4 literals with port + val.indexOf('[') < 0 && + val.indexOf(']') < 0 ) { + // IPv6 literal, in non-BSD-style. + val = "[" + val + "]"; + } + } ll.add(val); if (--maxvalues == 0) { break; @@ -122,7 +131,7 @@ // get the name servers from /etc/resolv.conf nameservers = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<LinkedList<String>>() { + new java.security.PrivilegedAction<>() { public LinkedList<String> run() { // typically MAXNS is 3 but we've picked 5 here // to allow for additional servers if required. @@ -147,7 +156,7 @@ // first try the search keyword in /etc/resolv.conf sl = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<LinkedList<String>>() { + new java.security.PrivilegedAction<>() { public LinkedList<String> run() { LinkedList<String> ll; @@ -173,7 +182,7 @@ String localDomain = localDomain0(); if (localDomain != null && localDomain.length() > 0) { - sl = new LinkedList<String>(); + sl = new LinkedList<>(); sl.add(localDomain); return sl; } @@ -181,7 +190,7 @@ // try domain keyword in /etc/resolv.conf sl = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<LinkedList<String>>() { + new java.security.PrivilegedAction<>() { public LinkedList<String> run() { LinkedList<String> ll; @@ -251,7 +260,7 @@ static { java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<Void>() { + new java.security.PrivilegedAction<>() { public Void run() { System.loadLibrary("net"); return null;
--- a/src/java.base/unix/classes/sun/net/sdp/SdpProvider.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/unix/classes/sun/net/sdp/SdpProvider.java Thu Apr 23 16:10:19 2015 -0700 @@ -198,7 +198,7 @@ { Scanner scanner = new Scanner(new File(file)); try { - List<Rule> result = new ArrayList<Rule>(); + List<Rule> result = new ArrayList<>(); while (scanner.hasNextLine()) { String line = scanner.nextLine().trim();
--- a/src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java Thu Apr 23 16:10:19 2015 -0700 @@ -95,7 +95,7 @@ private void init0() { hostname = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<String>() { + new java.security.PrivilegedAction<>() { public String run() { String localhost; try {
--- a/src/java.base/unix/classes/sun/nio/ch/UnixAsynchronousServerSocketChannelImpl.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/unix/classes/sun/nio/ch/UnixAsynchronousServerSocketChannelImpl.java Thu Apr 23 16:10:19 2015 -0700 @@ -216,7 +216,7 @@ // permission check must always be in initiator's context try { if (acc != null) { - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { SecurityManager sm = System.getSecurityManager(); if (sm != null) { @@ -287,7 +287,7 @@ synchronized (updateLock) { if (handler == null) { this.acceptHandler = null; - result = new PendingFuture<AsynchronousSocketChannel,Object>(this); + result = new PendingFuture<>(this); this.acceptFuture = result; } else { this.acceptHandler = handler;
--- a/src/java.base/unix/classes/sun/nio/fs/GnomeFileTypeDetector.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/unix/classes/sun/nio/fs/GnomeFileTypeDetector.java Thu Apr 23 16:10:19 2015 -0700 @@ -93,7 +93,7 @@ private static native byte[] probeUsingGnomeVfs(long pathAddress); static { - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { System.loadLibrary("nio"); return null;
--- a/src/java.base/unix/classes/sun/nio/fs/MimeTypesFileTypeDetector.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/unix/classes/sun/nio/fs/MimeTypesFileTypeDetector.java Thu Apr 23 16:10:19 2015 -0700 @@ -106,7 +106,7 @@ synchronized (this) { if (!loaded) { List<String> lines = AccessController.doPrivileged( - new PrivilegedAction<List<String>>() { + new PrivilegedAction<>() { @Override public List<String> run() { try {
--- a/src/java.base/unix/classes/sun/nio/fs/UnixCopyFile.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/unix/classes/sun/nio/fs/UnixCopyFile.java Thu Apr 23 16:10:19 2015 -0700 @@ -606,7 +606,7 @@ throws UnixException; static { - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Void run() { System.loadLibrary("nio");
--- a/src/java.base/unix/classes/sun/nio/fs/UnixFileStore.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/unix/classes/sun/nio/fs/UnixFileStore.java Thu Apr 23 16:10:19 2015 -0700 @@ -222,7 +222,7 @@ synchronized (loadLock) { if (props == null) { props = AccessController.doPrivileged( - new PrivilegedAction<Properties>() { + new PrivilegedAction<>() { @Override public Properties run() { return loadProperties();
--- a/src/java.base/unix/classes/sun/nio/fs/UnixFileSystem.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/unix/classes/sun/nio/fs/UnixFileSystem.java Thu Apr 23 16:10:19 2015 -0700 @@ -152,7 +152,7 @@ public final Iterable<Path> getRootDirectories() { final List<Path> allowedList = Collections.unmodifiableList(Arrays.asList((Path)rootDirectory)); - return new Iterable<Path>() { + return new Iterable<>() { public Iterator<Path> iterator() { try { SecurityManager sm = System.getSecurityManager(); @@ -254,7 +254,7 @@ return Collections.emptyList(); } } - return new Iterable<FileStore>() { + return new Iterable<>() { public Iterator<FileStore> iterator() { return new FileStoreIterator(); }
--- a/src/java.base/unix/classes/sun/nio/fs/UnixNativeDispatcher.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/unix/classes/sun/nio/fs/UnixNativeDispatcher.java Thu Apr 23 16:10:19 2015 -0700 @@ -568,7 +568,7 @@ private static native int init(); static { - AccessController.doPrivileged(new PrivilegedAction<Void>() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { System.loadLibrary("nio"); return null;
--- a/src/java.base/unix/classes/sun/nio/fs/UnixPath.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.base/unix/classes/sun/nio/fs/UnixPath.java Thu Apr 23 16:10:19 2015 -0700 @@ -121,7 +121,7 @@ ce = Util.jnuEncoding().newEncoder() .onMalformedInput(CodingErrorAction.REPORT) .onUnmappableCharacter(CodingErrorAction.REPORT); - encoder.set(new SoftReference<CharsetEncoder>(ce)); + encoder.set(new SoftReference<>(ce)); } char[] ca = fs.normalizeNativePath(input.toCharArray());
--- a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapURL.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapURL.java Thu Apr 23 16:10:19 2015 -0700 @@ -26,9 +26,6 @@ package com.sun.jndi.ldap; import javax.naming.*; -import javax.naming.directory.*; -import javax.naming.spi.*; -import java.net.URL; import java.net.MalformedURLException; import java.io.UnsupportedEncodingException; import java.util.StringTokenizer; @@ -211,43 +208,52 @@ // query begins with a '?' or is null - if (query == null) { + if (query == null || query.length() < 2) { + return; + } + + int currentIndex = 1; + int nextQmark; + int endIndex; + + // attributes: + nextQmark = query.indexOf('?', currentIndex); + endIndex = nextQmark == -1 ? query.length() : nextQmark; + if (endIndex - currentIndex > 0) { + attributes = query.substring(currentIndex, endIndex); + } + currentIndex = endIndex + 1; + if (currentIndex >= query.length()) { return; } - int qmark2 = query.indexOf('?', 1); - - if (qmark2 < 0) { - attributes = query.substring(1); + // scope: + nextQmark = query.indexOf('?', currentIndex); + endIndex = nextQmark == -1 ? query.length() : nextQmark; + if (endIndex - currentIndex > 0) { + scope = query.substring(currentIndex, endIndex); + } + currentIndex = endIndex + 1; + if (currentIndex >= query.length()) { return; - } else if (qmark2 != 1) { - attributes = query.substring(1, qmark2); } - int qmark3 = query.indexOf('?', qmark2 + 1); - - if (qmark3 < 0) { - scope = query.substring(qmark2 + 1); + // filter: + nextQmark = query.indexOf('?', currentIndex); + endIndex = nextQmark == -1 ? query.length() : nextQmark; + if (endIndex - currentIndex > 0) { + filter = query.substring(currentIndex, endIndex); + filter = UrlUtil.decode(filter, "UTF8"); + } + currentIndex = endIndex + 1; + if (currentIndex >= query.length()) { return; - } else if (qmark3 != qmark2 + 1) { - scope = query.substring(qmark2 + 1, qmark3); } - int qmark4 = query.indexOf('?', qmark3 + 1); - - if (qmark4 < 0) { - filter = query.substring(qmark3 + 1); - } else { - if (qmark4 != qmark3 + 1) { - filter = query.substring(qmark3 + 1, qmark4); - } - extensions = query.substring(qmark4 + 1); - if (extensions.length() > 0) { - extensions = UrlUtil.decode(extensions, "UTF8"); - } - } - if (filter != null && filter.length() > 0) { - filter = UrlUtil.decode(filter, "UTF8"); + // extensions: + if (query.length() - currentIndex > 0) { + extensions = query.substring(currentIndex); + extensions = UrlUtil.decode(extensions, "UTF8"); } }
--- a/src/java.security.jgss/share/classes/org/ietf/jgss/GSSCredential.java Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.security.jgss/share/classes/org/ietf/jgss/GSSCredential.java Thu Apr 23 16:10:19 2015 -0700 @@ -35,7 +35,7 @@ * may be used to perform context initiation, acceptance, or both.<p> * * Credentials are instantiated using one of the - * <code>createCredential</code> methods in the {@link GSSManager + * {@code createCredential} methods in the {@link GSSManager * GSSManager} class. GSS-API credential creation is not * intended to provide a "login to the network" function, as such a * function would involve the creation of new credentials rather than @@ -75,7 +75,7 @@ * * Oid [] mechs = cred.getMechs(); * if (mechs != null) { - * for (int i = 0; i < mechs.length; i++) + * for (int i = 0; i{@literal <} mechs.length; i++) * System.out.println(mechs[i].toString()); * } * @@ -297,8 +297,8 @@ * with a variety of clients using different security mechanisms.<p> * * This routine adds the new credential element "in-place". To add the - * element in a new credential, first call <code>clone</code> to obtain a - * copy of this credential, then call its <code>add</code> method.<p> + * element in a new credential, first call {@code clone} to obtain a + * copy of this credential, then call its {@code add} method.<p> * * As always, GSS-API implementations must impose a local access-control * policy on callers to prevent unauthorized callers from acquiring @@ -311,7 +311,7 @@ * getRemainingAcceptLifetime} on the credential. * * @param name the name of the principal for whom this credential is to - * be acquired. Use <code>null</code> to specify the default + * be acquired. Use {@code null} to specify the default * principal. * @param initLifetime the number of seconds that the credential element * should remain valid for initiating of security contexts. Use {@link @@ -354,8 +354,8 @@ * object. The two credentials must be acquired over the same * mechanisms and must refer to the same principal. * - * @return <code>true</code> if the two GSSCredentials assert the same - * entity; <code>false</code> otherwise. + * @return {@code true} if the two GSSCredentials assert the same + * entity; {@code false} otherwise. * @param another another GSSCredential for comparison to this one */ public boolean equals(Object another);
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/dom/package.html Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/dom/package.html Thu Apr 23 16:10:19 2015 -0700 @@ -44,11 +44,7 @@ RFC 3275: XML-Signature Syntax and Processing</a> </ul> -<p> -<dl> -<dt><b>Since:</b></dt> - <dd>1.6</dd> -</dl> +@since 1.6 </body> </html>
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/dom/package.html Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/dom/package.html Thu Apr 23 16:10:19 2015 -0700 @@ -44,11 +44,7 @@ RFC 3275: XML-Signature Syntax and Processing</a> </ul> -<p> -<dl> -<dt><b>Since:</b></dt> - <dd>1.6</dd> -</dl> +@since 1.6 </body> </html>
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/keyinfo/package.html Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/keyinfo/package.html Thu Apr 23 16:10:19 2015 -0700 @@ -55,11 +55,7 @@ RFC 3275: XML-Signature Syntax and Processing</a> </ul> -<p> -<dl> -<dt><b>Since:</b></dt> - <dd>1.6</dd> -</dl> +@since 1.6 </body> </html>
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/package.html Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/package.html Thu Apr 23 16:10:19 2015 -0700 @@ -65,11 +65,7 @@ RFC 3275: XML-Signature Syntax and Processing</a> </ul> -<p> -<dl> -<dt><b>Since:</b></dt> - <dd>1.6</dd> -</dl> +@since 1.6 </body> </html>
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/package.html Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/package.html Thu Apr 23 16:10:19 2015 -0700 @@ -49,11 +49,7 @@ XPath Filter 2.0 Transform Algorithm: W3C Recommendation</a> </ul> -<p> -<dl> -<dt><b>Since:</b></dt> - <dd>1.6</dd> -</dl> +@since 1.6 </body> </html>
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/package.html Thu Apr 23 10:43:35 2015 -0700 +++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/package.html Thu Apr 23 16:10:19 2015 -0700 @@ -42,11 +42,7 @@ RFC 3275: XML-Signature Syntax and Processing</a> </ul> -<p> -<dl> -<dt><b>Since:</b></dt> - <dd>1.6</dd> -</dl> +@since 1.6 </body> </html>
--- a/test/com/sun/jdi/JdbReadTwiceTest.sh Thu Apr 23 10:43:35 2015 -0700 +++ b/test/com/sun/jdi/JdbReadTwiceTest.sh Thu Apr 23 16:10:19 2015 -0700 @@ -206,39 +206,6 @@ echo echo "+++++++++++++++++++++++++++++++++++" -echo "Read an unreadable file - verify the read fails." - -canMakeUnreadable=No -id > $HOME/jdb.ini -if chmod a-r $HOME/jdb.ini -then - grep -q 'uid=0(' $HOME/jdb.ini 2> /dev/null - case $? in - 0) - echo "Error! Can't make file unreadable running as root" - ;; - 1) - echo "Error! Can't make file unreadable for some other reason (windows?)" - ;; - *) - echo "OK. the file is unreadable" - canMakeUnreadable=Yes - ;; - esac -else - echo "Error! Can't create or chmod file" -fi - -if [ "$canMakeUnreadable" = "Yes" ] -then - doit - failIfNot 1 "open: $HOME/jdb.ini" -fi -clean - - -echo -echo "+++++++++++++++++++++++++++++++++++" echo "Read a directory - verify the read fails" # If the file (IE. directory) exists, we try to read it. The # read will fail.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/com/sun/jndi/dns/IPv6NameserverPlatformParsingTest.java Thu Apr 23 16:10:19 2015 -0700 @@ -0,0 +1,104 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.lang.reflect.Field; +import java.util.Hashtable; + +import javax.naming.Context; +import javax.naming.NamingException; +import javax.naming.spi.NamingManager; + +import com.sun.jndi.dns.DnsContext; + +/** + * @test + * @bug 6991580 + * @summary IPv6 Nameservers in resolv.conf throws NumberFormatException + * @run main/manual IPv6NameserverPlatformParsingTest + * + * In order to run this test be sure to place, for example, the following + * snippet into your platform's {@code /etc/resolv.conf}: + * <pre> + * nameserver 127.0.0.1 + * nameserver 2001:4860:4860::8888 + * nameserver [::1]:5353 + * nameserver 127.0.0.1:5353 + * </pre> + * + * Then, run this test as manual jtreg test. + * + * @author Severin Gehwolf + * + */ +public class IPv6NameserverPlatformParsingTest { + + private static boolean foundIPv6 = false; + + public static void main(String[] args) { + Hashtable<String, String> env = new Hashtable<>(); + env.put(Context.INITIAL_CONTEXT_FACTORY, com.sun.jndi.dns.DnsContextFactory.class.getName()); + + String[] servers; + try { + Context ctx = NamingManager.getInitialContext(env); + if (!com.sun.jndi.dns.DnsContextFactory.platformServersAvailable()) { + throw new RuntimeException("FAIL: no platform servers available, test does not make sense"); + } + DnsContext context = (DnsContext)ctx; + servers = getServersFromContext(context); + } catch (NamingException e) { + throw new RuntimeException(e); + } + for (String server: servers) { + System.out.println("DEBUG: 'nameserver = " + server + "'"); + if (server.indexOf(':') >= 0 && server.indexOf('.') < 0) { + System.out.println("DEBUG: ==> Found IPv6 address in servers list: " + server); + foundIPv6 = true; + } + } + try { + new com.sun.jndi.dns.DnsClient(servers, 100, 1); + } catch (NumberFormatException e) { + throw new RuntimeException("FAIL: Tried to parse non-[]-encapsulated IPv6 address.", e); + } catch (Exception e) { + throw new RuntimeException("ERROR: Something unexpected happened."); + } + if (!foundIPv6) { + // This is a manual test, since it requires changing /etc/resolv.conf on Linux/Unix + // platforms. See comment as to how to run this test. + throw new RuntimeException("ERROR: No IPv6 address returned from platform."); + } + System.out.println("PASS: Found IPv6 address and DnsClient parsed it correctly."); + } + + private static String[] getServersFromContext(DnsContext context) { + try { + Field serversField = DnsContext.class.getDeclaredField("servers"); + serversField.setAccessible(true); + return (String[])serversField.get(context); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/com/sun/jndi/ldap/LdapURLOptionalFields.java Thu Apr 23 16:10:19 2015 -0700 @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2015, Red Hat, Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8074761 + * @summary RFC-2255 allows attribute, scope and filter to be empty. + */ + +import com.sun.jndi.ldap.LdapURL; + +public class LdapURLOptionalFields { + + private static final String[] TEST_URLS = { + "ldap://localhost:10389/ou=RefPeople,dc=example,dc=com", + "ldap://localhost:10389/ou=RefPeople,dc=example,dc=com?", + "ldap://localhost:10389/ou=RefPeople,dc=example,dc=com??", + "ldap://localhost:10389/ou=RefPeople,dc=example,dc=com???", + "ldap://localhost:10389/ou=RefPeople,dc=example,dc=com????" + }; + + public static void main(String[] args) throws Exception { + for (int i = 0; i < TEST_URLS.length; i++) { + String url = TEST_URLS[i]; + checkEmptyAttributes(url); + } + } + + private static void checkEmptyAttributes(String urlString) throws Exception { + LdapURL url = new LdapURL(urlString); + if (url.getAttributes() != null) { + throw new Exception("Expected null attributes for url: '" + urlString + "'"); + } + if (url.getScope() != null) { + throw new Exception("Expected null scope for url: '" + urlString + "'"); + } + if (url.getFilter() != null) { + throw new Exception("Expected null filter for url: '" + urlString + "'"); + } + } + +}
--- a/test/com/sun/security/auth/login/ConfigFile/InconsistentError.java Thu Apr 23 10:43:35 2015 -0700 +++ b/test/com/sun/security/auth/login/ConfigFile/InconsistentError.java Thu Apr 23 16:10:19 2015 -0700 @@ -26,6 +26,7 @@ * @bug 4406033 * @summary ConfigFile throws an inconsistent error message * when the configuration file is not found + * @run main/othervm -Duser.language=en InconsistentError */ import com.sun.security.auth.login.*;
--- a/test/com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java Thu Apr 23 10:43:35 2015 -0700 +++ b/test/com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java Thu Apr 23 16:10:19 2015 -0700 @@ -25,6 +25,7 @@ * @test * @bug 4919147 * @summary Support for token-based KeyStores + * @run main/othervm -Duser.language=en OptionTest */ import java.io.File;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/net/URL/HandlersPkgPrefix/HandlersPkgPrefix.java Thu Apr 23 16:10:19 2015 -0700 @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.net.MalformedURLException; +import java.net.URL; +import java.util.function.Consumer; + +/* + * @test + * @bug 8075139 + * @summary Basic test for java.protocol.handler.pkgs + * @compile handlers/foo/Handler.java handlers/bar/Handler.java HandlersPkgPrefix.java + * @run main/othervm HandlersPkgPrefix + */ + +public class HandlersPkgPrefix { + static final Consumer<Result> KNOWN = r -> { + if (r.exception != null) + throw new RuntimeException("Unexpected exception " + r.exception); + String p = r.url.getProtocol(); + if (!r.protocol.equals(p)) + throw new RuntimeException("Expected:" + r.protocol + ", got:" + p); + }; + static final Consumer<Result> UNKNOWN = r -> { + if (r.url != null) + throw new RuntimeException("Unexpected url:" + r.url); + if (!(r.exception instanceof MalformedURLException)) + throw new RuntimeException("Expected MalformedURLException, got:" + + r.exception); + }; + + public static void main(String[] args) { + withPrefix("unknown", "", UNKNOWN); + withPrefix("unknown", "handlers", UNKNOWN); + + withPrefix("foo", "", UNKNOWN); + withPrefix("foo", "xxx|yyy|zzz", UNKNOWN); + withPrefix("foo", "||||", UNKNOWN); + withPrefix("foo", "|a|b|c|handlers", KNOWN); + + withPrefix("bar", "", UNKNOWN); + withPrefix("bar", "x.y.z|y.y.y|z.z.z", UNKNOWN); + withPrefix("bar", " x.y.z | y.y.y | z.z.z| | ", UNKNOWN); + withPrefix("bar", "| a | b | c | handlers | d | e", KNOWN); + } + + static void withPrefix(String protocol, String pkgPrefix, + Consumer<Result> resultChecker) { + System.out.println("Testing, " + protocol + ", " + pkgPrefix); + + // The long standing implementation behavior is that the + // property is read multiple times, not cached. + System.setProperty("java.protocol.handler.pkgs", pkgPrefix); + URL url = null; + Exception exception = null; + try { + url = new URL(protocol + "://"); + } catch (MalformedURLException x) { + exception = x; + } + resultChecker.accept(new Result(protocol, url, exception)); + } + + static class Result { + final String protocol; + final URL url; + final Exception exception; + Result(String protocol, URL url, Exception exception) { + this.protocol = protocol; + this.url = url; + this.exception = exception; + } + } +} +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/net/URL/HandlersPkgPrefix/handlers/bar/Handler.java Thu Apr 23 16:10:19 2015 -0700 @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package handlers.bar; + +import java.io.IOException; +import java.net.URL; +import java.net.URLConnection; +import java.net.URLStreamHandler; + +public class Handler extends URLStreamHandler { + @Override + protected URLConnection openConnection(URL u) throws IOException { + return null; + } +} +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/net/URL/HandlersPkgPrefix/handlers/foo/Handler.java Thu Apr 23 16:10:19 2015 -0700 @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package handlers.foo; + +import java.io.IOException; +import java.net.URL; +import java.net.URLConnection; +import java.net.URLStreamHandler; + +public class Handler extends URLStreamHandler { + @Override + protected URLConnection openConnection(URL u) throws IOException { + return null; + } +} +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/security/auth/login/LoginContext/CustomLoginModule.java Thu Apr 23 16:10:19 2015 -0700 @@ -0,0 +1,275 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.io.IOException; +import java.security.Principal; +import java.util.Arrays; +import java.util.Locale; +import java.util.Map; +import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.ChoiceCallback; +import javax.security.auth.callback.ConfirmationCallback; +import javax.security.auth.callback.LanguageCallback; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.TextInputCallback; +import javax.security.auth.callback.TextOutputCallback; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.login.FailedLoginException; +import javax.security.auth.login.LoginException; +import javax.security.auth.spi.LoginModule; + +public class CustomLoginModule implements LoginModule { + + static final String HELLO = "Hello"; + + private Subject subject; + private CallbackHandler callbackHandler; + private boolean loginSucceeded = false; + private String username; + private char[] password; + + /* + * Initialize this LoginModule. + */ + @Override + public void initialize(Subject subject, CallbackHandler callbackHandler, + Map<String, ?> sharedState, Map<String, ?> options) { + this.subject = subject; + this.callbackHandler = callbackHandler; + + // check if custom parameter is passed from comfiguration + if (options == null) { + throw new RuntimeException("options is null"); + } + + // read username/password from configuration + Object o = options.get("username"); + if (o == null) { + throw new RuntimeException("Custom parameter not passed"); + } + if (!(o instanceof String)) { + throw new RuntimeException("Password is not a string"); + } + username = (String) o; + + o = options.get("password"); + if (o == null) { + throw new RuntimeException("Custom parameter not passed"); + } + if (!(o instanceof String)) { + throw new RuntimeException("Password is not a string"); + } + password = ((String) o).toCharArray(); + } + + /* + * Authenticate the user. + */ + @Override + public boolean login() throws LoginException { + // prompt for a user name and password + if (callbackHandler == null) { + throw new LoginException("No CallbackHandler available"); + } + + // standard callbacks + NameCallback name = new NameCallback("username: ", "default"); + PasswordCallback passwd = new PasswordCallback("password: ", false); + + LanguageCallback language = new LanguageCallback(); + + TextOutputCallback error = new TextOutputCallback( + TextOutputCallback.ERROR, "This is an error"); + TextOutputCallback warning = new TextOutputCallback( + TextOutputCallback.WARNING, "This is a warning"); + TextOutputCallback info = new TextOutputCallback( + TextOutputCallback.INFORMATION, "This is a FYI"); + + TextInputCallback text = new TextInputCallback("Please type " + HELLO, + "Bye"); + + ChoiceCallback choice = new ChoiceCallback("Choice: ", + new String[] { "pass", "fail" }, 1, true); + + ConfirmationCallback confirmation = new ConfirmationCallback( + "confirmation: ", ConfirmationCallback.INFORMATION, + ConfirmationCallback.YES_NO_OPTION, ConfirmationCallback.NO); + + CustomCallback custom = new CustomCallback(); + + Callback[] callbacks = new Callback[] { + choice, info, warning, error, name, passwd, text, language, + confirmation, custom + }; + + boolean uce = false; + try { + callbackHandler.handle(callbacks); + } catch (UnsupportedCallbackException e) { + Callback callback = e.getCallback(); + if (custom.equals(callback)) { + uce = true; + System.out.println("CustomLoginModule: " + + "custom callback not supported as expected"); + } else { + throw new LoginException("Unsupported callback: " + callback); + } + } catch (IOException ioe) { + throw new LoginException(ioe.toString()); + } + + if (!uce) { + throw new RuntimeException("UnsupportedCallbackException " + + "not thrown"); + } + + if (!HELLO.equals(text.getText())) { + System.out.println("Text: " + text.getText()); + throw new FailedLoginException("No hello"); + } + + if (!Locale.GERMANY.equals(language.getLocale())) { + System.out.println("Selected locale: " + language.getLocale()); + throw new FailedLoginException("Achtung bitte"); + } + + String readUsername = name.getName(); + char[] readPassword = passwd.getPassword(); + if (readPassword == null) { + // treat a NULL password as an empty password + readPassword = new char[0]; + } + passwd.clearPassword(); + + // verify the username/password + if (!username.equals(readUsername) + || !Arrays.equals(password, readPassword)) { + loginSucceeded = false; + throw new FailedLoginException("Username/password is not correct"); + } + + // check chosen option + int[] selected = choice.getSelectedIndexes(); + if (selected == null || selected.length == 0) { + throw new FailedLoginException("Nothing selected"); + } + + if (selected[0] != 0) { + throw new FailedLoginException("Wrong choice: " + selected[0]); + } + + // check confirmation + if (confirmation.getSelectedIndex() != ConfirmationCallback.YES) { + throw new FailedLoginException("Not confirmed: " + + confirmation.getSelectedIndex()); + } + + loginSucceeded = true; + System.out.println("CustomLoginModule: authentication succeeded"); + return true; + } + + /* + * This method is called if the LoginContext's overall authentication + * succeeded. + */ + @Override + public boolean commit() throws LoginException { + if (loginSucceeded) { + // add a Principal to the Subject + Principal principal = new TestPrincipal(username); + if (!subject.getPrincipals().contains(principal)) { + subject.getPrincipals().add(principal); + } + return true; + } + + return false; + } + + /* + * This method is called if the LoginContext's overall authentication + * failed. + */ + @Override + public boolean abort() throws LoginException { + loginSucceeded = false; + return true; + } + + /* + * Logout the user. + */ + @Override + public boolean logout() throws LoginException { + loginSucceeded = false; + boolean removed = subject.getPrincipals().remove( + new TestPrincipal(username)); + if (!removed) { + throw new LoginException("Coundn't remove a principal: " + + username); + } + return true; + } + + static class TestPrincipal implements Principal { + + private final String name; + + public TestPrincipal(String name) { + this.name = name; + } + + @Override + public String getName() { + return name; + } + + @Override + public String toString() { + return("TestPrincipal [name =" + name + "]"); + } + + @Override + public int hashCode() { + return name.hashCode(); + } + + @Override + public boolean equals(Object o) { + if (o == null) { + return false; + } + if (!(o instanceof TestPrincipal)) { + return false; + } + TestPrincipal other = (TestPrincipal) o; + return name != null ? name.equals(other.name) : other.name == null; + } + } + + static class CustomCallback implements Callback {} +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/security/auth/login/LoginContext/SharedState.java Thu Apr 23 16:10:19 2015 -0700 @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.util.Map; +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; +import javax.security.auth.spi.LoginModule; + +/** + * @test + * @bug 8048138 + * @summary Check if shared state is passed to login module + * @run main/othervm SharedState + */ +public class SharedState { + + static final String NAME = "name"; + static final String VALUE = "shared"; + + public static void main(String[] args) throws LoginException { + System.setProperty("java.security.auth.login.config", + System.getProperty("test.src") + + System.getProperty("file.separator") + + "shared.config"); + + new LoginContext("SharedState").login(); + } + + public static abstract class Module implements LoginModule { + + @Override + public boolean login() throws LoginException { + return true; + } + + @Override + public boolean commit() throws LoginException { + return true; + } + + @Override + public boolean abort() throws LoginException { + return true; + } + + @Override + public boolean logout() throws LoginException { + return true; + } + } + + public static class FirstModule extends Module { + + @Override + public void initialize(Subject subject, CallbackHandler callbackHandler, + Map<String,?> sharedState, Map<String,?> options) { + ((Map)sharedState).put(NAME, VALUE); + } + + } + + public static class SecondModule extends Module { + + @Override + public void initialize(Subject subject, CallbackHandler callbackHandler, + Map<String,?> sharedState, Map<String,?> options) { + // check shared object + Object shared = sharedState.get(NAME); + if (!VALUE.equals(shared)) { + throw new RuntimeException("Unexpected shared object: " + + shared); + } + } + + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/security/auth/login/LoginContext/StandardCallbacks.java Thu Apr 23 16:10:19 2015 -0700 @@ -0,0 +1,189 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.security.Principal; +import java.util.Arrays; +import java.util.Locale; +import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.ChoiceCallback; +import javax.security.auth.callback.ConfirmationCallback; +import javax.security.auth.callback.LanguageCallback; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.TextInputCallback; +import javax.security.auth.callback.TextOutputCallback; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; + +/* + * @test + * @bug 8048138 + * @summary Checks if JAAS login works fine with standard callbacks + * @compile DefaultHandlerModule.java + * @run main/othervm StandardCallbacks + */ +public class StandardCallbacks { + + private static final String USERNAME = "username"; + private static final char[] PASSWORD = "password".toCharArray(); + + public static void main(String[] args) throws LoginException { + System.setProperty("java.security.auth.login.config", + System.getProperty("test.src") + + System.getProperty("file.separator") + + "custom.config"); + + CustomCallbackHandler handler = new CustomCallbackHandler(USERNAME); + LoginContext context = new LoginContext("StandardCallbacks", handler); + + handler.setPassword(PASSWORD); + System.out.println("Try to login with correct password, " + + "successful authentication is expected"); + context.login(); + System.out.println("Authentication succeeded!"); + + Subject subject = context.getSubject(); + System.out.println("Authenticated user has the following principals [" + + subject.getPrincipals().size() + " ]:"); + boolean found = true; + for (Principal principal : subject.getPrincipals()) { + System.out.println("principal: " + principal); + if (principal instanceof CustomLoginModule.TestPrincipal) { + CustomLoginModule.TestPrincipal testPrincipal = + (CustomLoginModule.TestPrincipal) principal; + if (USERNAME.equals(testPrincipal.getName())) { + System.out.println("Found test principal: " + + testPrincipal); + found = true; + break; + } + } + } + + if (!found) { + throw new RuntimeException("TestPrincipal not found"); + } + + // check if all expected text output callbacks have been called + if (!handler.info) { + throw new RuntimeException("TextOutputCallback.INFO not called"); + } + + if (!handler.warning) { + throw new RuntimeException("TextOutputCallback.WARNING not called"); + } + + if (!handler.error) { + throw new RuntimeException("TextOutputCallback.ERROR not called"); + } + + System.out.println("Authenticated user has the following public " + + "credentials [" + subject.getPublicCredentials().size() + + "]:"); + subject.getPublicCredentials().stream(). + forEach((o) -> { + System.out.println("public credential: " + o); + }); + + context.logout(); + + System.out.println("Test passed"); + } + + private static class CustomCallbackHandler implements CallbackHandler { + + private final String username; + private char[] password; + private boolean info = false; + private boolean warning = false; + private boolean error = false; + + CustomCallbackHandler(String username) { + this.username = username; + } + + void setPassword(char[] password) { + this.password = password; + } + + @Override + public void handle(Callback[] callbacks) + throws UnsupportedCallbackException { + for (Callback callback : callbacks) { + if (callback instanceof TextOutputCallback) { + TextOutputCallback toc = (TextOutputCallback) callback; + switch (toc.getMessageType()) { + case TextOutputCallback.INFORMATION: + System.out.println("INFO: " + toc.getMessage()); + info = true; + break; + case TextOutputCallback.ERROR: + System.out.println("ERROR: " + toc.getMessage()); + error = true; + break; + case TextOutputCallback.WARNING: + System.out.println("WARNING: " + toc.getMessage()); + warning = true; + break; + default: + throw new UnsupportedCallbackException(toc, + "Unsupported message type: " + + toc.getMessageType()); + } + } else if (callback instanceof TextInputCallback) { + TextInputCallback tic = (TextInputCallback) callback; + System.out.println(tic.getPrompt()); + tic.setText(CustomLoginModule.HELLO); + } else if (callback instanceof LanguageCallback) { + LanguageCallback lc = (LanguageCallback) callback; + lc.setLocale(Locale.GERMANY); + } else if (callback instanceof ConfirmationCallback) { + ConfirmationCallback cc = (ConfirmationCallback) callback; + System.out.println(cc.getPrompt()); + cc.setSelectedIndex(ConfirmationCallback.YES); + } else if (callback instanceof ChoiceCallback) { + ChoiceCallback cc = (ChoiceCallback) callback; + System.out.println(cc.getPrompt() + + Arrays.toString(cc.getChoices())); + cc.setSelectedIndex(0); + } else if (callback instanceof NameCallback) { + NameCallback nc = (NameCallback) callback; + System.out.println(nc.getPrompt()); + nc.setName(username); + } else if (callback instanceof PasswordCallback) { + PasswordCallback pc = (PasswordCallback) callback; + System.out.println(pc.getPrompt()); + pc.setPassword(password); + } else { + throw new UnsupportedCallbackException(callback, + "Unknown callback"); + } + } + } + + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/security/auth/login/LoginContext/custom.config Thu Apr 23 16:10:19 2015 -0700 @@ -0,0 +1,4 @@ +StandardCallbacks { + DefaultHandlerModule required; + CustomLoginModule required username="username" password="password"; +};
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/security/auth/login/LoginContext/shared.config Thu Apr 23 16:10:19 2015 -0700 @@ -0,0 +1,4 @@ +SharedState { + SharedState$FirstModule required; + SharedState$SecondModule required; +}; \ No newline at end of file
--- a/test/javax/xml/ws/8046817/GenerateEnumSchema.java Thu Apr 23 10:43:35 2015 -0700 +++ b/test/javax/xml/ws/8046817/GenerateEnumSchema.java Thu Apr 23 16:10:19 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,57 +23,83 @@ /* * @test - * @bug 8046817 - * @summary schemagen fails to generate xsd for enum types + * @bug 8046817 8073357 + * @summary schemagen fails to generate xsd for enum types. + * Check that order of Enum values is preserved. * @run main/othervm GenerateEnumSchema */ import java.io.BufferedReader; import java.io.File; -import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStreamReader; +import java.nio.file.Files; import java.nio.file.Paths; -import java.util.Scanner; +import java.util.stream.Collectors; public class GenerateEnumSchema { private static final String SCHEMA_OUTPUT_FILENAME = "schema1.xsd"; private static final File schemaOutputFile = new File(SCHEMA_OUTPUT_FILENAME); + private static final String[] expectedEnums = { + "\"FIRST\"", "\"ONE\"", "\"TWO\"", "\"THREE\"", + "\"FOUR\"", "\"FIVE\"", "\"SIX\"", "\"LAST\""}; + private static String schemaContent = ""; - public static void main(String[] args) throws Exception, IOException { + public static void main(String[] args) throws Exception { + //Check schema generation for class type runSchemaGen("TestClassType.java"); checkIfSchemaGenerated(); + readSchemaContent(); checkSchemaContent("<xs:complexType name=\"testClassType\">"); checkSchemaContent("<xs:element name=\"a\" type=\"xs:int\"/>"); - schemaOutputFile.delete(); + //Check schema generation for enum type runSchemaGen("TestEnumType.java"); checkIfSchemaGenerated(); + readSchemaContent(); + //Check if Enum type schema is generated checkSchemaContent("<xs:simpleType name=\"testEnumType\">"); - checkSchemaContent("<xs:enumeration value=\"ONE\"/>"); - checkSchemaContent("<xs:enumeration value=\"TWO\"/>"); - checkSchemaContent("<xs:enumeration value=\"THREE\"/>"); + //Check the sequence of enum values order + checkEnumOrder(); schemaOutputFile.delete(); } + // Check if schema file successfully generated by schemagen private static void checkIfSchemaGenerated() { if (!schemaOutputFile.exists()) { throw new RuntimeException("FAIL:" + SCHEMA_OUTPUT_FILENAME + " was not generated by schemagen tool"); } } - private static void checkSchemaContent(String exp_token) throws FileNotFoundException { - System.out.print("Check if generated schema contains '" + exp_token + "' string: "); - try (Scanner scanner = new Scanner(schemaOutputFile)) { - if (scanner.findWithinHorizon(exp_token, 0) != null) { - System.out.println("OK"); - return; - } + //Read schema content from file + private static void readSchemaContent() throws Exception { + schemaContent = Files.lines(schemaOutputFile.toPath()).collect(Collectors.joining("")); + } + + // Check if schema file contains specific string + private static void checkSchemaContent(String expContent) { + System.out.print("Check if generated schema contains '" + expContent + "' string: "); + if (schemaContent.contains(expContent)) { + System.out.println("OK"); + return; } System.out.println("FAIL"); - throw new RuntimeException("The '" + exp_token + "' is not found in generated schema"); + throw new RuntimeException("The '" + expContent + "' is not found in generated schema"); + } + // Check if the generated schema contains all enum constants + // and their order is preserved + private static void checkEnumOrder() throws Exception { + int prevElem = -1; + for (String elem : expectedEnums) { + int curElem = schemaContent.indexOf(elem); + System.out.println(elem + " position = " + curElem); + if (curElem < prevElem) { + throw new RuntimeException("FAIL: Enum values order is incorrect or " + elem + " element is not found"); + } + prevElem = curElem; + } } private static String getClassFilePath(String filename) {
--- a/test/javax/xml/ws/8046817/TestEnumType.java Thu Apr 23 10:43:35 2015 -0700 +++ b/test/javax/xml/ws/8046817/TestEnumType.java Thu Apr 23 16:10:19 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,5 +25,5 @@ @XmlEnum(String.class) public enum TestEnumType { - ONE, TWO, THREE + FIRST, ONE, TWO, THREE, FOUR, FIVE, SIX, LAST }
--- a/test/sun/management/jmxremote/bootstrap/RmiSslBootstrapTest.sh Thu Apr 23 10:43:35 2015 -0700 +++ b/test/sun/management/jmxremote/bootstrap/RmiSslBootstrapTest.sh Thu Apr 23 16:10:19 2015 -0700 @@ -1,5 +1,5 @@ # -# Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,7 @@ # @library /lib/testlibrary # @build jdk.testlibrary.* TestLogger Utils RmiBootstrapTest # @run shell/timeout=300 RmiSslBootstrapTest.sh +# @ignore 8077924 # Define the Java class test name TESTCLASS="RmiBootstrapTest"
--- a/test/sun/security/pkcs11/sslecc/CipherTest.java Thu Apr 23 10:43:35 2015 -0700 +++ b/test/sun/security/pkcs11/sslecc/CipherTest.java Thu Apr 23 16:10:19 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -45,7 +45,7 @@ public class CipherTest { // use any available port for the server socket - static int serverPort = 0; + static volatile int serverPort = 0; final int THREADS;
--- a/test/sun/security/pkcs11/sslecc/JSSEServer.java Thu Apr 23 10:43:35 2015 -0700 +++ b/test/sun/security/pkcs11/sslecc/JSSEServer.java Thu Apr 23 16:10:19 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -42,7 +42,7 @@ serverContext.init(new KeyManager[] {cipherTest.keyManager}, new TrustManager[] {cipherTest.trustManager}, cipherTest.secureRandom); SSLServerSocketFactory factory = (SSLServerSocketFactory)serverContext.getServerSocketFactory(); - serverSocket = (SSLServerSocket)factory.createServerSocket(cipherTest.serverPort); + serverSocket = (SSLServerSocket)factory.createServerSocket(0); cipherTest.serverPort = serverSocket.getLocalPort(); serverSocket.setEnabledCipherSuites(factory.getSupportedCipherSuites()); serverSocket.setWantClientAuth(true);
--- a/test/sun/security/provider/certpath/ReverseBuilder/BuildPath.java Thu Apr 23 10:43:35 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,58 +0,0 @@ -/* - * Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/** - * @test - * @bug 6511784 - * @summary Make sure that building a path to a CRL issuer works in the - * reverse direction - * @library ../../../../../java/security/testlibrary - * @build CertUtils - * @run main BuildPath - */ -import java.security.cert.*; -import java.util.Collections; -import sun.security.provider.certpath.SunCertPathBuilderParameters; - -public class BuildPath { - - public static void main(String[] args) throws Exception { - - TrustAnchor anchor = - new TrustAnchor(CertUtils.getCertFromFile("mgrM2mgrM"), null); - X509Certificate target = CertUtils.getCertFromFile("mgrM2leadMA"); - X509CertSelector xcs = new X509CertSelector(); - xcs.setSubject("CN=leadMA,CN=mgrM,OU=prjM,OU=divE,OU=Comp,O=sun,C=us"); - xcs.setCertificate(target); - SunCertPathBuilderParameters params = - new SunCertPathBuilderParameters(Collections.singleton(anchor),xcs); - params.setBuildForward(false); - CertStore cs = CertUtils.createStore(new String[] - {"mgrM2prjM", "prjM2mgrM", "prjM2divE", "mgrM2leadMA" }); - params.addCertStore(cs); - CertStore cs2 = CertUtils.createCRLStore - (new String[] {"mgrMcrl", "prjMcrl"}); - params.addCertStore(cs2); - PKIXCertPathBuilderResult res = CertUtils.build(params); - } -}
--- a/test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java Thu Apr 23 10:43:35 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,356 +0,0 @@ -/* - * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -// -// Security properties, once set, cannot revert to unset. To avoid -// conflicts with tests running in the same VM isolate this test by -// running it in otherVM mode. -// - -/* - * @test - * @bug 7167988 - * @summary PKIX CertPathBuilder in reverse mode doesn't work if more than - * one trust anchor is specified - * @run main/othervm ReverseBuild - */ -import java.io.*; -import java.util.*; -import java.security.cert.*; -import java.security.Security; - -import sun.security.provider.certpath.SunCertPathBuilderParameters; - -public class ReverseBuild { - // Certificate information: - // Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org - // Validity - // Not Before: Dec 8 02:43:36 2008 GMT - // Not After : Aug 25 02:43:36 2028 GMT - // Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org - // X509v3 Subject Key Identifier: - // FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 - // X509v3 Authority Key Identifier: - // keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 - // DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org - // serial:00 - static String NoiceTrusedCertStr = - "-----BEGIN CERTIFICATE-----\n" + - "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + - "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + - "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" + - "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + - "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" + - "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" + - "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" + - "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" + - "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" + - "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" + - "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" + - "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" + - "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" + - "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" + - "6Mvf0r1PNTY2hwTJLJmKtg==\n" + - "-----END CERTIFICATE-----"; - - // Certificate information: - // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce - // Validity - // Not Before: Aug 19 01:52:19 2011 GMT - // Not After : Jul 29 01:52:19 2032 GMT - // Subject: C=US, O=Java, OU=SunJSSE Test Serivce - - // X509v3 Subject Key Identifier: - // B9:7C:D5:D9:DF:A7:4C:03:AE:FD:0E:27:5B:31:95:6C:C7:F3:75:E1 - // X509v3 Authority Key Identifier: - // keyid:B9:7C:D5:D9:DF:A7:4C:03:AE:FD:0E:27:5B:31:95:6C:C7:F3:75:E1 - // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce - // serial:00 - static String NoiceTrusedCertStr_2nd = - "-----BEGIN CERTIFICATE-----\n" + - "MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" + - "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" + - "MTEwODE5MDE1MjE5WhcNMzIwNzI5MDE1MjE5WjA7MQswCQYDVQQGEwJVUzENMAsG\n" + - "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" + - "KoZIhvcNAQEBBQADgY0AMIGJAoGBAM8orG08DtF98TMSscjGsidd1ZoN4jiDpi8U\n" + - "ICz+9dMm1qM1d7O2T+KH3/mxyox7Rc2ZVSCaUD0a3CkhPMnlAx8V4u0H+E9sqso6\n" + - "iDW3JpOyzMExvZiRgRG/3nvp55RMIUV4vEHOZ1QbhuqG4ebN0Vz2DkRft7+flthf\n" + - "vDld6f5JAgMBAAGjgaUwgaIwHQYDVR0OBBYEFLl81dnfp0wDrv0OJ1sxlWzH83Xh\n" + - "MGMGA1UdIwRcMFqAFLl81dnfp0wDrv0OJ1sxlWzH83XhoT+kPTA7MQswCQYDVQQG\n" + - "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" + - "Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEE\n" + - "BQADgYEALlgaH1gWtoBZ84EW8Hu6YtGLQ/L9zIFmHonUPZwn3Pr//icR9Sqhc3/l\n" + - "pVTxOINuFHLRz4BBtEylzRIOPzK3tg8XwuLb1zd0db90x3KBCiAL6E6cklGEPwLe\n" + - "XYMHDn9eDsaq861Tzn6ZwzMgw04zotPMoZN0mVd/3Qca8UJFucE=\n" + - "-----END CERTIFICATE-----"; - - - // Certificate information: - // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce - // Validity - // Not Before: May 5 02:40:50 2012 GMT - // Not After : Apr 15 02:40:50 2033 GMT - // Subject: C=US, O=Java, OU=SunJSSE Test Serivce - // X509v3 Subject Key Identifier: - // DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B - // X509v3 Authority Key Identifier: - // keyid:DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B - // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce - // serial:00 - static String trustedCertStr = - "-----BEGIN CERTIFICATE-----\n" + - "MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJVUzEN\n" + - "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" + - "MTIwNTA1MDI0MDUwWhcNMzMwNDE1MDI0MDUwWjA7MQswCQYDVQQGEwJVUzENMAsG\n" + - "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" + - "KoZIhvcNAQEBBQADgY0AMIGJAoGBANtiq0AIJK+iVRwFrqcD7fYXTCbMYC5Qz/k6\n" + - "AXBy7/1rI8wDhEJLE3m/+NSqiJwZcmdq2dNh/1fJFrwvzuURbc9+paOBWeHbN+Sc\n" + - "x3huw91oPZme385VpoK3G13rSE114S/rF4DM9mz4EStFhSHXATjtdbskNOAYGLTV\n" + - "x8uEy9GbAgMBAAGjgaUwgaIwHQYDVR0OBBYEFN1OjSoRwIMD8Kzror/58n3IaR+b\n" + - "MGMGA1UdIwRcMFqAFN1OjSoRwIMD8Kzror/58n3IaR+boT+kPTA7MQswCQYDVQQG\n" + - "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" + - "Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEC\n" + - "BQADgYEAjjkJesQrkbr36N40egybaIxw7RcqT6iy5fkAGS1JYlBDk8uSCK1o6bCH\n" + - "ls5EpYcGeEoabSS73WRdkO1lgeyWDduO4ef8cCCSpmpT6/YdZG0QS1PtcREeVig+\n" + - "Zr25jNemS4ADHX0aaXP4kiV/G80cR7nX5t5XCUm4bYdbwM07NgI=\n" + - "-----END CERTIFICATE-----"; - static String trustedPrivateKey = // Private key in the format of PKCS#8 - "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANtiq0AIJK+iVRwF\n" + - "rqcD7fYXTCbMYC5Qz/k6AXBy7/1rI8wDhEJLE3m/+NSqiJwZcmdq2dNh/1fJFrwv\n" + - "zuURbc9+paOBWeHbN+Scx3huw91oPZme385VpoK3G13rSE114S/rF4DM9mz4EStF\n" + - "hSHXATjtdbskNOAYGLTVx8uEy9GbAgMBAAECgYEA2VjHkIiA0ABjkX+PqKeb+VLb\n" + - "fxS7tSca5C8zfdRhLxAWRui0/3ihst0eCJNrBDuxvAOACovsDWyLuaUjtI2v2ysz\n" + - "vz6SPyGy82PhQOFzyKQuQ814N6EpothpiZzF0yFchfKIGhUsdY89UrGs9nM7m6NT\n" + - "rztYvgIu4avg2VPR2AECQQD+pFAqipR2BplQRIuuRSZfHRxvoEyDjT1xnHJsC6WP\n" + - "I5hCLghL91MhQGWbP4EJMKYQOTRVukWlcp2Kycpf+P5hAkEA3I43gmVUAPEdyZdY\n" + - "fatW7OaLlbbYJb6qEtpCZ1Rwe/BIvm6H6E3qSi/lpz7Ia7WDulpbF6BawHH3pRFq\n" + - "CUY5ewJBAP3pUDqrRpBN0jB0uSeDslhjSciQ+dqvSpZv3rSYBHUvlBJhnkpJiy37\n" + - "7ZUZhIxqYxyIPgRBolLwb+FFh7OdL+ECQCtldDic9WVmC+VheRDpCKZ+SlK/8lGi\n" + - "7VXeShiIvcU1JysJFoa35fSI7hf1O3wt7+hX5PqGG7Un94EsJwACKEcCQQC1TWt6\n" + - "ArKH6tRxKjOxFtqfs8fgEVYUaOr3j1jF4KBUuX2mtQtddZe3VfJ2wPsuKMMxmhkB\n" + - "e7xWWZnJsErt2e+E"; - - // Certificate information: - // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce - // Validity - // Not Before: May 5 02:40:53 2012 GMT - // Not After : Jan 21 02:40:53 2032 GMT - // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=casigner - // X509v3 Subject Key Identifier: - // 13:07:E0:11:07:DB:EB:33:23:87:31:D0:DB:7E:16:56:BE:11:90:0A - // X509v3 Authority Key Identifier: - // keyid:DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B - // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce - // serial:00 - static String caSignerStr = - "-----BEGIN CERTIFICATE-----\n" + - "MIICqDCCAhGgAwIBAgIBAjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" + - "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" + - "MTIwNTA1MDI0MDUzWhcNMzIwMTIxMDI0MDUzWjBOMQswCQYDVQQGEwJVUzENMAsG\n" + - "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxETAPBgNV\n" + - "BAMTCGNhc2lnbmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+x8+o7oM0\n" + - "ct/LZmZLXBL4CQ8jrULD5P7NtEW0hg/zxBFZfBHf+44Oo2eMPYZj+7xaREOH5BmV\n" + - "KRYlzRtONAaC5Ng4Mrm5UKNPcMIIUjUOvm7vWM4oSTMSfoEcSX+vp99uUAkw3w7Z\n" + - "+frYDm1M4At/j0b+lLij71GFN2L8drpgPQIDAQABo4GoMIGlMB0GA1UdDgQWBBQT\n" + - "B+ARB9vrMyOHMdDbfhZWvhGQCjBjBgNVHSMEXDBagBTdTo0qEcCDA/Cs66K/+fJ9\n" + - "yGkfm6E/pD0wOzELMAkGA1UEBhMCVVMxDTALBgNVBAoTBEphdmExHTAbBgNVBAsT\n" + - "FFN1bkpTU0UgVGVzdCBTZXJpdmNlggEAMBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYD\n" + - "VR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBAI+LXA/UCPkTANablUkt80JNPWsl\n" + - "pS4XLNgPxWaN0bkRDs5oI4ooWAz1rwpeJ/nfetOvWlpmrVjSeovBFja5Hl+dUHTf\n" + - "VfuyzkxXbhuNiJIpo1mVBpNsjwu9YRxuwX6UA2LTUQpgvtVJEE012x3zRvxBCbu2\n" + - "Y/v1R5fZ4c+hXDfC\n" + - "-----END CERTIFICATE-----"; - static String caSignerPrivateKey = // Private key in the format of PKCS#8 - "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAL7Hz6jugzRy38tm\n" + - "ZktcEvgJDyOtQsPk/s20RbSGD/PEEVl8Ed/7jg6jZ4w9hmP7vFpEQ4fkGZUpFiXN\n" + - "G040BoLk2DgyublQo09wwghSNQ6+bu9YzihJMxJ+gRxJf6+n325QCTDfDtn5+tgO\n" + - "bUzgC3+PRv6UuKPvUYU3Yvx2umA9AgMBAAECgYBYvu30cW8LONyt62Zua9hPFTe7\n" + - "qt9B7QYyfkdmoG5PQMepTrOp84SzfoOukvgvDm0huFuJnSvhXQl2cCDhkgXskvFj\n" + - "Hh7KBCFViVXokGdq5YoS0/KYMyQV0TZfJUvILBl51uc4/siQ2tClC/N4sa+1JhgW\n" + - "a6dFGfRjiUKSSlmMwQJBAPWpIz3Q/c+DYMvoQr5OD8EaYwYIevlTdXb97RnJJh2b\n" + - "UnhB9jrqesJiHYVzPmP0ukyPOXOwlp2T5Am4Kw0LFOkCQQDGz150NoHOp28Mvyc4\n" + - "CTqz/zYzUhy2eCJESl196uyP4N65Y01VYQ3JDww4DlsXiU17tVSbgA9TCcfTYOzy\n" + - "vyw1AkARUky+1hafZCcWGZljK8PmnMKwsTZikCTvL/Zg5BMA8Wu+OQBwpQnk3OAy\n" + - "Aa87gw0DyvGFG8Vy9POWT9sRP1/JAkBqP0hrMvYMSs6+MSn0eHo2151PsAJIQcuO\n" + - "U2/Da1khSzu8N6WMi2GiobgV/RYRbf9KrY2ZzMZjykZQYOxAjopBAkEAghCu38cN\n" + - "aOsW6ueo24uzsWI1FTdE+qWNVEi3RSP120xXBCyhaBjIq4WVSlJK9K2aBaJpit3j\n" + - "iQ5tl6zrLlxQhg=="; - - // Certificate information: - // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=casigner - // Validity - // Not Before: May 5 02:40:57 2012 GMT - // Not After : Jan 21 02:40:57 2032 GMT - // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=certissuer - // X509v3 Subject Key Identifier: - // 39:0E:C6:33:B1:50:BC:73:07:31:E5:D8:04:F7:BB:97:55:CF:9B:C8 - // X509v3 Authority Key Identifier: - // keyid:13:07:E0:11:07:DB:EB:33:23:87:31:D0:DB:7E:16:56:BE:11:90:0A - // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce - // serial:02 - static String certIssuerStr = - "-----BEGIN CERTIFICATE-----\n" + - "MIICvjCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQQFADBOMQswCQYDVQQGEwJVUzEN\n" + - "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxETAP\n" + - "BgNVBAMTCGNhc2lnbmVyMB4XDTEyMDUwNTAyNDA1N1oXDTMyMDEyMTAyNDA1N1ow\n" + - "UDELMAkGA1UEBhMCVVMxDTALBgNVBAoTBEphdmExHTAbBgNVBAsTFFN1bkpTU0Ug\n" + - "VGVzdCBTZXJpdmNlMRMwEQYDVQQDEwpjZXJ0aXNzdWVyMIGfMA0GCSqGSIb3DQEB\n" + - "AQUAA4GNADCBiQKBgQCyz55zinU6kNL/LeiTNiBI0QWYmDG0YTotuC4D75liBNqs\n" + - "7Mmladsh2mTtQUAwmuGaGzaZV25a+cUax0DXZoyBwdbTI09u1bUYsZcaUUKbPoCC\n" + - "HH26e4jLFL4olW13Sv4ZAd57tIYevMw+Fp5f4fLPFGegCJTFlv2Qjpmic/cuvQID\n" + - "AQABo4GpMIGmMB0GA1UdDgQWBBQ5DsYzsVC8cwcx5dgE97uXVc+byDBjBgNVHSME\n" + - "XDBagBQTB+ARB9vrMyOHMdDbfhZWvhGQCqE/pD0wOzELMAkGA1UEBhMCVVMxDTAL\n" + - "BgNVBAoTBEphdmExHTAbBgNVBAsTFFN1bkpTU0UgVGVzdCBTZXJpdmNlggECMBMG\n" + - "A1UdEwEB/wQJMAcBAf8CAgQAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOB\n" + - "gQCQTagenCdClT98C+oTJGJrw/dUBD9K3tE6ZJKPMc/2bUia8G5ei1C0eXj4mWG2\n" + - "lu9umR6C90/A6qB050QB2h50qtqxSrkpu+ym1yypauZpg7U3nUY9wZWJNI1vqrQZ\n" + - "pqUMRcXY3iQIVKx+Qj+4/Za1wwFQzpEoGmqRW31V1SdMEw==\n" + - "-----END CERTIFICATE-----"; - static String certIssuerPrivateKey = // Private key in the format of PKCS#8 - "MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBALLPnnOKdTqQ0v8t\n" + - "6JM2IEjRBZiYMbRhOi24LgPvmWIE2qzsyaVp2yHaZO1BQDCa4ZobNplXblr5xRrH\n" + - "QNdmjIHB1tMjT27VtRixlxpRQps+gIIcfbp7iMsUviiVbXdK/hkB3nu0hh68zD4W\n" + - "nl/h8s8UZ6AIlMWW/ZCOmaJz9y69AgMBAAECgYEAjtew2tgm4gxDojqIauF4VPM1\n" + - "pzsdqd1p3pAdomNLgrQiBLZ8N7oiph6TNb1EjA+OXc+ThFgF/oM9ZDD8qZZwcvjN\n" + - "qDZlpTkFs2TaGcyEZfUaMB45NHVs6Nn+pSkagSNwwy3xeyAct7sQEzGNTDlEwVv5\n" + - "7V9LQutQtBd6xT48KzkCQQDpNRfv2OFNG/6GtzJoO68oJhpnpl2MsYNi4ntRkre/\n" + - "6uXpiCYaDskcrPMRwOOs0m7mxG+Ev+uKnLnSoEMm1GCbAkEAxEmDtiD0Psb8Z9BL\n" + - "ZRb83Jqho3xe2MCAh3xUfz9b/Mhae9dZ44o4OCgQZuwvW1mczF0NtpgZl93BmYa2\n" + - "hTwHhwJBAKHrEj6ep/fA6x0gD2idoATRR94VfbiU+7NpqtO9ecVP0+gsdr/66hn1\n" + - "3yLBeZLh3MxvMTrLgkAQh1i9m0JXjOcCQQClLXAHHegrw+u3uNMZeKTFR+Lp3sk6\n" + - "AZSnbvr0Me9I45kxSeG81x3ENALJecvIRbrrRws5MvmmkNhQR8rkh8WVAkEAk6b+\n" + - "aVtmBgUaTS5+FFlHGHJY9HFrfT1a1C/dwyMuqlmbC3YsBmZaMOlKli5TXNybLff8\n" + - "5KMeGEpXMzgC7AscGA=="; - - // Certificate information: - // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=certissuer - // Validity - // Not Before: May 5 02:41:01 2012 GMT - // Not After : Jan 21 02:41:01 2032 GMT - // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=localhost - // X509v3 Subject Key Identifier: - // AD:C0:2C:4C:E4:C2:2E:A1:BB:5D:92:BE:66:E0:4E:E0:0D:2F:11:EF - // X509v3 Authority Key Identifier: - // keyid:39:0E:C6:33:B1:50:BC:73:07:31:E5:D8:04:F7:BB:97:55:CF:9B:C8 - static String targetCertStr = - "-----BEGIN CERTIFICATE-----\n" + - "MIICjTCCAfagAwIBAgIBBDANBgkqhkiG9w0BAQQFADBQMQswCQYDVQQGEwJVUzEN\n" + - "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxEzAR\n" + - "BgNVBAMTCmNlcnRpc3N1ZXIwHhcNMTIwNTA1MDI0MTAxWhcNMzIwMTIxMDI0MTAx\n" + - "WjBPMQswCQYDVQQGEwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNT\n" + - "RSBUZXN0IFNlcml2Y2UxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0B\n" + - "AQEFAAOBjQAwgYkCgYEAvwaUd7wmBSKqycEstYLWD26vkU08DM39EtaT8wL9HnQ0\n" + - "fgPblwBFI4zdLa2cuYXRZcFUb04N8nrkcpR0D6kkE+AlFAoRWrrZF80B7JTbtEK4\n" + - "1PIeurihXvUT+4MpzGLOojIihMfvM4ufelblD56SInso4WFHm7t4qCln88J1gjkC\n" + - "AwEAAaN4MHYwCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBStwCxM5MIuobtdkr5m4E7g\n" + - "DS8R7zAfBgNVHSMEGDAWgBQ5DsYzsVC8cwcx5dgE97uXVc+byDAnBgNVHSUEIDAe\n" + - "BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDMA0GCSqGSIb3DQEBBAUAA4GB\n" + - "AGfwcfdvEG/nSCiAn2MGbYHp34mgF3OA1SJLWUW0LvWJhwm2cn4AXlSoyvbwrkaB\n" + - "IDDCwhJvvc0vUyL2kTx7sqVaFTq3mDs+ktlB/FfH0Pb+i8FE+g+7T42Iw/j0qxHL\n" + - "YmgbrjBQf5WYN1AvBE/rrPt9aOtS3UsqtVGW574b0shW\n" + - "-----END CERTIFICATE-----"; - static String targetPrivateKey = // Private key in the format of PKCS#8 - "MIICdAIBADANBgkqhkiG9w0BAQEFAASCAl4wggJaAgEAAoGBAL8GlHe8JgUiqsnB\n" + - "LLWC1g9ur5FNPAzN/RLWk/MC/R50NH4D25cARSOM3S2tnLmF0WXBVG9ODfJ65HKU\n" + - "dA+pJBPgJRQKEVq62RfNAeyU27RCuNTyHrq4oV71E/uDKcxizqIyIoTH7zOLn3pW\n" + - "5Q+ekiJ7KOFhR5u7eKgpZ/PCdYI5AgMBAAECf3CscOYvFD3zNMnMJ5LomVqA7w3F\n" + - "gKYM2jlCWAH+wU41PMEXhW6Lujw92jgXL1o+lERwxFzirVdZJWZwKgUSvzP1G0h3\n" + - "fkucq1/UWnToK+8NSXNM/yS8hXbBgSEoJo5f7LKcIi1Ev6doBVofMxs+njzyWKbM\n" + - "Nb7rOLHadghoon0CQQDgQzbzzSN8Dc1YmmylhI5v+0sQRHH0DL7D24k4Weh4vInG\n" + - "EAbt4x8M7ZKEo8/dv0s4hbmNmAnJl93/RRxIyEqLAkEA2g87DiswSQam2pZ8GlrO\n" + - "+w4Qg9mH8uxx8ou2rl0XlHzH1XiTNbkjfY0EZoL7L31BHFk9n11Fb2P85g6ws+Hy\n" + - "ywJAM/xgyLNM/nzUlS128geAXUULaYH0SHaL4isJ7B4rXZGW/mrIsGxtzjlkNYsj\n" + - "rGujrD6TfNc5rZmexIXowJZtcQJBAIww+pCzZ4mrgx5JXWQ8OZHiiu+ZrPOa2+9J\n" + - "r5sOMpi+WGN/73S8oHqZbNjTINZ5OqEVJq8MchWZPQBTNXuQql0CQHEjUzzkCQa3\n" + - "j6JTa2KAdqyvLOx0XF9zcc1gA069uNQI2gPUHS8V215z57f/gMGnDNhVfLs/vMKz\n" + - "sFkVZ3zg7As="; - - - public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - - // generate certificate from cert string - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - - // create a set of trust anchors - LinkedHashSet<TrustAnchor> trustAnchors = new LinkedHashSet<>(); - - ByteArrayInputStream is = - new ByteArrayInputStream(NoiceTrusedCertStr.getBytes()); - Certificate trustedCert = cf.generateCertificate(is); - is.close(); - TrustAnchor anchor = - new TrustAnchor((X509Certificate)trustedCert, null); - trustAnchors.add(anchor); - - is = new ByteArrayInputStream(trustedCertStr.getBytes()); - trustedCert = cf.generateCertificate(is); - is.close(); - anchor = new TrustAnchor((X509Certificate)trustedCert, null); - trustAnchors.add(anchor); - - is = new ByteArrayInputStream(NoiceTrusedCertStr_2nd.getBytes()); - trustedCert = cf.generateCertificate(is); - is.close(); - anchor = new TrustAnchor((X509Certificate)trustedCert, null); - trustAnchors.add(anchor); - - // create a list of certificates - List<Certificate> chainList = new ArrayList<>(); - - is = new ByteArrayInputStream(targetCertStr.getBytes()); - Certificate cert = cf.generateCertificate(is); - is.close(); - chainList.add(cert); - - is = new ByteArrayInputStream(certIssuerStr.getBytes()); - cert = cf.generateCertificate(is); - is.close(); - chainList.add(cert); - - is = new ByteArrayInputStream(caSignerStr.getBytes()); - cert = cf.generateCertificate(is); - is.close(); - chainList.add(cert); - - // create a certificate selector - X509CertSelector xcs = new X509CertSelector(); - X509Certificate eeCert = (X509Certificate)chainList.get(0); - xcs.setSubject(eeCert.getSubjectX500Principal()); - - // reverse build - SunCertPathBuilderParameters params = - new SunCertPathBuilderParameters(trustAnchors, xcs); - params.setBuildForward(false); - params.setRevocationEnabled(false); - - CollectionCertStoreParameters ccsp = - new CollectionCertStoreParameters(chainList); - params.addCertStore(CertStore.getInstance("Collection", ccsp)); - - CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX"); - CertPathBuilderResult res = cpb.build(params); - } -}