Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 6965:ba16240d53b8
Merge
author | asaha |
---|---|
date | Tue, 30 Apr 2013 14:30:07 -0700 |
parents | c4b57ff3d99e (current diff) 11616f222415 (diff) |
children | cea62063a49e |
files | |
diffstat | 9 files changed, 116 insertions(+), 63 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgtags Tue Feb 12 16:11:40 2013 +0400 +++ b/.hgtags Tue Apr 30 14:30:07 2013 -0700 @@ -272,3 +272,4 @@ 5748526c96f0d3fd5771b72a81fcd61f4e23b0d8 jdk7u25-b06 fe514475bc17355f5f0a8dc7dd423d0043ed5326 jdk7u25-b07 f8373784a79eba32b47e655cc5880f594a12423c jdk7u25-b08 +023297d5b047c0b6c54869d6514fa3c1427c206c jdk7u25-b09
--- a/src/share/classes/sun/security/provider/certpath/CertPathHelper.java Tue Feb 12 16:11:40 2013 +0400 +++ b/src/share/classes/sun/security/provider/certpath/CertPathHelper.java Tue Apr 30 14:30:07 2013 -0700 @@ -64,7 +64,7 @@ instance.implSetPathToNames(sel, names); } - static void setDateAndTime(X509CRLSelector sel, Date date, long skew) { + public static void setDateAndTime(X509CRLSelector sel, Date date, long skew) { instance.implSetDateAndTime(sel, date, skew); } }
--- a/src/share/classes/sun/security/provider/certpath/CrlRevocationChecker.java Tue Feb 12 16:11:40 2013 +0400 +++ b/src/share/classes/sun/security/provider/certpath/CrlRevocationChecker.java Tue Apr 30 14:30:07 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -308,11 +308,9 @@ mPossibleCRLs.add((X509CRL)crl); } } - DistributionPointFetcher store = - DistributionPointFetcher.getInstance(); // all CRLs returned by the DP Fetcher have also been verified - mApprovedCRLs.addAll(store.getCRLs(sel, signFlag, prevKey, - mSigProvider, mStores, reasonsMask, trustAnchors, + mApprovedCRLs.addAll(DistributionPointFetcher.getCRLs(sel, signFlag, + prevKey, mSigProvider, mStores, reasonsMask, trustAnchors, mParams.getDate())); } catch (Exception e) { if (debug != null) { @@ -762,14 +760,12 @@ CRLDistributionPointsExtension.POINTS); } Set<X509CRL> results = new HashSet<X509CRL>(); - DistributionPointFetcher dpf = - DistributionPointFetcher.getInstance(); for (Iterator<DistributionPoint> t = points.iterator(); t.hasNext() && !Arrays.equals(reasonsMask, ALL_REASONS); ) { DistributionPoint point = t.next(); for (X509CRL crl : crls) { - if (dpf.verifyCRL(certImpl, point, crl, reasonsMask, - signFlag, prevKey, mSigProvider, + if (DistributionPointFetcher.verifyCRL(certImpl, point, crl, + reasonsMask, signFlag, prevKey, mSigProvider, trustAnchors, mStores, mParams.getDate())) { results.add(crl); }
--- a/src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java Tue Feb 12 16:11:40 2013 +0400 +++ b/src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java Tue Apr 30 14:30:07 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -50,7 +50,7 @@ * @author Sean Mullan * @since 1.4.2 */ -class DistributionPointFetcher { +public class DistributionPointFetcher { private static final Debug debug = Debug.getInstance("certpath"); @@ -65,34 +65,28 @@ private final static boolean USE_CRLDP = AccessController.doPrivileged (new GetBooleanAction("com.sun.security.enableCRLDP")); - // singleton instance - private static final DistributionPointFetcher INSTANCE = - new DistributionPointFetcher(); - /** * Private instantiation only. */ private DistributionPointFetcher() {} /** - * Return a DistributionPointFetcher instance. - */ - static DistributionPointFetcher getInstance() { - return INSTANCE; - } - - /** * Return the X509CRLs matching this selector. The selector must be * an X509CRLSelector with certificateChecking set. * * If CRLDP support is disabled, this method always returns an * empty set. */ - Collection<X509CRL> getCRLs(X509CRLSelector selector, boolean signFlag, - PublicKey prevKey, String provider, List<CertStore> certStores, - boolean[] reasonsMask, Set<TrustAnchor> trustAnchors, - Date validity) throws CertStoreException { - + public static Collection<X509CRL> getCRLs(X509CRLSelector selector, + boolean signFlag, + PublicKey prevKey, + String provider, + List<CertStore> certStores, + boolean[] reasonsMask, + Set<TrustAnchor> trustAnchors, + Date validity) + throws CertStoreException + { if (USE_CRLDP == false) { return Collections.emptySet(); } @@ -140,7 +134,7 @@ * Download CRLs from the given distribution point, verify and return them. * See the top of the class for current limitations. */ - private Collection<X509CRL> getCRLs(X509CRLSelector selector, + private static Collection<X509CRL> getCRLs(X509CRLSelector selector, X509CertImpl certImpl, DistributionPoint point, boolean[] reasonsMask, boolean signFlag, PublicKey prevKey, String provider, List<CertStore> certStores, Set<TrustAnchor> trustAnchors, @@ -214,7 +208,7 @@ /** * Download CRL from given URI. */ - private X509CRL getCRL(URIName name) { + private static X509CRL getCRL(URIName name) { URI uri = name.getURI(); if (debug != null) { debug.println("Trying to fetch CRL from DP " + uri); @@ -240,7 +234,7 @@ /** * Fetch CRLs from certStores. */ - private Collection<X509CRL> getCRLs(X500Name name, + private static Collection<X509CRL> getCRLs(X500Name name, X500Principal certIssuer, List<CertStore> certStores) { if (debug != null) { @@ -285,7 +279,7 @@ * certification path should be determined * @return true if ok, false if not */ - boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point, + static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point, X509CRL crl, boolean[] reasonsMask, boolean signFlag, PublicKey prevKey, String provider, Set<TrustAnchor> trustAnchors, List<CertStore> certStores, @@ -670,7 +664,7 @@ * Append relative name to the issuer name and return a new * GeneralNames object. */ - private GeneralNames getFullNames(X500Name issuer, RDN rdn) + private static GeneralNames getFullNames(X500Name issuer, RDN rdn) throws IOException { List<RDN> rdns = new ArrayList<RDN>(issuer.rdns()); rdns.add(rdn);
--- a/src/share/classes/sun/security/provider/certpath/OCSP.java Tue Feb 12 16:11:40 2013 +0400 +++ b/src/share/classes/sun/security/provider/certpath/OCSP.java Tue Apr 30 14:30:07 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -42,6 +42,7 @@ import java.util.Map; import static sun.security.provider.certpath.OCSPResponse.*; +import sun.security.action.GetIntegerAction; import sun.security.util.Debug; import sun.security.x509.AccessDescription; import sun.security.x509.AuthorityInfoAccessExtension; @@ -64,7 +65,30 @@ private static final Debug debug = Debug.getInstance("certpath"); - private static final int CONNECT_TIMEOUT = 15000; // 15 seconds + private static final int DEFAULT_CONNECT_TIMEOUT = 15000; + + /** + * Integer value indicating the timeout length, in seconds, to be + * used for the OCSP check. A timeout of zero is interpreted as + * an infinite timeout. + */ + private static final int CONNECT_TIMEOUT = initializeTimeout(); + + /** + * Initialize the timeout length by getting the OCSP timeout + * system property. If the property has not been set, or if its + * value is negative, set the timeout length to the default. + */ + private static int initializeTimeout() { + Integer tmp = java.security.AccessController.doPrivileged( + new GetIntegerAction("com.sun.security.ocsp.timeout")); + if (tmp == null || tmp < 0) { + tmp = DEFAULT_CONNECT_TIMEOUT; + } + // Convert to milliseconds, as the system property will be + // specified in seconds + return tmp * 1000; + } private OCSP() {}
--- a/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Tue Feb 12 16:11:40 2013 +0400 +++ b/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Tue Apr 30 14:30:07 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,6 +41,7 @@ import java.util.List; import java.util.Map; import sun.misc.HexDumpEncoder; +import sun.security.action.GetIntegerAction; import sun.security.x509.*; import sun.security.util.*; @@ -148,9 +149,31 @@ private final ResponseStatus responseStatus; private final Map<CertId, SingleResponse> singleResponseMap; - // Maximum clock skew in milliseconds (15 minutes) allowed when checking - // validity of OCSP responses - private static final long MAX_CLOCK_SKEW = 900000; + // Default maximum clock skew in milliseconds (15 minutes) + // allowed when checking validity of OCSP responses + private static final int DEFAULT_MAX_CLOCK_SKEW = 900000; + + /** + * Integer value indicating the maximum allowable clock skew, in seconds, + * to be used for the OCSP check. + */ + private static final int MAX_CLOCK_SKEW = initializeClockSkew(); + + /** + * Initialize the maximum allowable clock skew by getting the OCSP + * clock skew system property. If the property has not been set, or if its + * value is negative, set the skew to the default. + */ + private static int initializeClockSkew() { + Integer tmp = java.security.AccessController.doPrivileged( + new GetIntegerAction("com.sun.security.ocsp.clockSkew")); + if (tmp == null || tmp < 0) { + return DEFAULT_MAX_CLOCK_SKEW; + } + // Convert to milliseconds, as the system property will be + // specified in seconds + return tmp * 1000; + } // an array of all of the CRLReasons (used in SingleResponse) private static CRLReason[] values = CRLReason.values();
--- a/src/share/classes/sun/security/provider/certpath/URICertStore.java Tue Feb 12 16:11:40 2013 +0400 +++ b/src/share/classes/sun/security/provider/certpath/URICertStore.java Tue Apr 30 14:30:07 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -53,6 +53,7 @@ import java.util.Collections; import java.util.List; import java.util.Locale; +import sun.security.action.GetIntegerAction; import sun.security.x509.AccessDescription; import sun.security.x509.GeneralNameInterface; import sun.security.x509.URIName; @@ -149,6 +150,33 @@ } } + // Default maximum connect timeout in milliseconds (15 seconds) + // allowed when downloading CRLs + private static final int DEFAULT_CRL_CONNECT_TIMEOUT = 15000; + + /** + * Integer value indicating the connect timeout, in seconds, to be + * used for the CRL download. A timeout of zero is interpreted as + * an infinite timeout. + */ + private static final int CRL_CONNECT_TIMEOUT = initializeTimeout(); + + /** + * Initialize the timeout length by getting the CRL timeout + * system property. If the property has not been set, or if its + * value is negative, set the timeout length to the default. + */ + private static int initializeTimeout() { + Integer tmp = java.security.AccessController.doPrivileged( + new GetIntegerAction("com.sun.security.crl.timeout")); + if (tmp == null || tmp < 0) { + return DEFAULT_CRL_CONNECT_TIMEOUT; + } + // Convert to milliseconds, as the system property will be + // specified in seconds + return tmp * 1000; + } + /** * Creates a URICertStore. * @@ -395,6 +423,7 @@ if (lastModified != 0) { connection.setIfModifiedSince(lastModified); } + connection.setConnectTimeout(CRL_CONNECT_TIMEOUT); in = connection.getInputStream(); long oldLastModified = lastModified; lastModified = connection.getLastModified();
--- a/test/com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java Tue Feb 12 16:11:40 2013 +0400 +++ b/test/com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java Tue Apr 30 14:30:07 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,7 +24,7 @@ /** * @test * @author Sean Mullan - * @bug 6461674 + * @bug 6461674 8009217 * @compile -XDignore.symbol.file ClassLoaderTest.java MyTransform.java * @run main ClassLoaderTest * @summary Ensure Transform.register works with transform implementations @@ -43,13 +43,12 @@ public static void main(String[] args) throws Exception { - Transform.init(); File file = new File(BASE); URL[] urls = new URL[1]; urls[0] = file.toURI().toURL(); URLClassLoader ucl = new URLClassLoader(urls); - Class c = ucl.loadClass("MyTransform"); - Constructor cons = c.getConstructor(); + Class<?> c = ucl.loadClass("MyTransform"); + Constructor<?> cons = c.getConstructor(new Class[] {}); Object o = cons.newInstance(); // Apache code swallows the ClassNotFoundExc, so we need to // check if the Transform has already been registered by registering
--- a/test/com/sun/org/apache/xml/internal/security/transforms/MyTransform.java Tue Feb 12 16:11:40 2013 +0400 +++ b/test/com/sun/org/apache/xml/internal/security/transforms/MyTransform.java Tue Apr 30 14:30:07 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,13 +21,8 @@ * questions. */ -import java.io.IOException; -import javax.xml.parsers.ParserConfigurationException; -import org.xml.sax.SAXException; -import com.sun.org.apache.xml.internal.security.c14n.*; -import com.sun.org.apache.xml.internal.security.exceptions.*; -import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput; -import com.sun.org.apache.xml.internal.security.transforms.*; +import com.sun.org.apache.xml.internal.security.transforms.Transform; +import com.sun.org.apache.xml.internal.security.transforms.TransformSpi; public class MyTransform extends TransformSpi { @@ -37,21 +32,13 @@ public MyTransform() { try { System.out.println("Registering Transform"); - Transform.init(); Transform.register(URI, "MyTransform"); - } catch (AlgorithmAlreadyRegisteredException e) { - // should not occur, so ignore + } catch (Exception e) { + e.printStackTrace(); } } protected String engineGetURI() { return URI; } - - protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input) - throws IOException, CanonicalizationException, - InvalidCanonicalizerException, TransformationException, - ParserConfigurationException, SAXException { - throw new TransformationException("Unsupported Operation"); - } }