Mercurial > hg > release > icedtea8-forest-3.0 > jdk
changeset 11454:075b7f37ec28
Merge
author | asaha |
---|---|
date | Thu, 16 Jul 2015 16:54:12 -0700 |
parents | eb78b3fdf14e (current diff) c00bcb8d4596 (diff) |
children | 9743f2e62694 |
files | .hgtags |
diffstat | 59 files changed, 1298 insertions(+), 302 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgtags Thu Jul 16 14:23:13 2015 -0700 +++ b/.hgtags Thu Jul 16 16:54:12 2015 -0700 @@ -406,6 +406,11 @@ 7087623dfa7033f8738d537864e4bac6b8528172 jdk8u45-b15 c7fbbf6133c339fb56f03241de28666774023d5d jdk8u45-b31 ea547c5a1217fe7916f366950d0e3156e4225aa5 jdk8u45-b32 +27836976c3157a90a9504eb2ec0de54b769b68b4 jdk8u45-b33 +98c0901da96579e1819e591c95d19066e0dad9b6 jdk8u45-b34 +c292ff6412c8d6a9fb258b72fcffada39aa556b1 jdk8u45-b35 +8027bdc8f3d28a0d734fc45a3b7b329c3632ea70 jdk8u45-b36 +a6665011c99f04656f827c883d96857ca2c17bee jdk8u45-b37 ac97b69b88e37c18c1b077be8b1f100b6803fea5 jdk8u51-b00 2e0732282470f7a02d57af5fc8542efa9db7b3e4 jdk8u51-b01 cc75137936f9a8e97017e7e18b1064b76238116f jdk8u51-b02 @@ -423,6 +428,7 @@ b7403e15864dc0c1f9740d66af91bddb3e2215e8 jdk8u51-b14 192bda44c0c463104c96058bb815a546b282ca43 jdk8u51-b15 ee86422973691bb7efae58d201e5a382ea0bb150 jdk8u51-b16 +f94ea276f608b22d78281d70361092ba4864038e jdk8u51-b31 5c31204d19e5976f025026db3d5c17331e8c44db jdk8u60-b00 c46daef6edb5385d11876ed40f292a4b62e96867 jdk8u60-b01 c10fd784956cc7099657181029ac3e790267b678 jdk8u60-b02 @@ -448,5 +454,11 @@ e9f82302d5fdef8a0976640e09363895e9dcde3c jdk8u60-b22 c4b37246b92736adf5f40c785aabb67a7d227245 jdk8u60-b23 d433f5fd8910bee1f2c295b65cf03977034fe0ea jdk8u60-b24 +286b9a885fcc6245fdf2b20697473ec3b35f2538 jdk8u65-b00 +80a796d0db958f49a4b0713818227eda8e5efbb9 jdk8u65-b01 +77d48e6d111faec236c8678997ae4311151cfee4 jdk8u65-b02 +3e3a22acc5be4eb4b860b4b4c0080473f5605988 jdk8u65-b03 +2a5f20c49ad1de765a8c26aab1e13aee8e53b5c6 jdk8u65-b04 +fe1c420a8982e58f6d49c50b729732d93f9682dd jdk8u65-b05 e9f82302d5fdef8a0976640e09363895e9dcde3c jdk8u66-b00 64d7bd4e98150447916f210e3bfd6875a4c2728a jdk8u66-b01
--- a/make/lib/Awt2dLibraries.gmk Thu Jul 16 14:23:13 2015 -0700 +++ b/make/lib/Awt2dLibraries.gmk Thu Jul 16 16:54:12 2015 -0700 @@ -674,6 +674,7 @@ LANG := C, \ OPTIMIZATION := HIGHEST, \ CFLAGS := $(filter-out -xc99=%none, $(CFLAGS_JDKLIB)) \ + -DCMS_DONT_USE_FAST_FLOOR \ $(SHARED_LIBRARY_FLAGS) \ -I$(JDK_TOPDIR)/src/share/native/sun/java2d \ -I$(JDK_TOPDIR)/src/share/native/sun/awt/debug, \
--- a/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java Thu Jul 16 16:54:12 2015 -0700 @@ -74,11 +74,14 @@ "TlsRsaPremasterSecretGenerator must be initialized"); } - if (random == null) { - random = new SecureRandom(); + byte[] b = spec.getEncodedSecret(); + if (b == null) { + if (random == null) { + random = new SecureRandom(); + } + b = new byte[48]; + random.nextBytes(b); } - byte[] b = new byte[48]; - random.nextBytes(b); b[0] = (byte)spec.getMajorVersion(); b[1] = (byte)spec.getMinorVersion();
--- a/src/share/classes/java/beans/PropertyDescriptor.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/java/beans/PropertyDescriptor.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,6 +28,7 @@ import java.lang.ref.Reference; import java.lang.reflect.Method; import java.lang.reflect.Constructor; +import sun.reflect.misc.ReflectUtil; /** * A PropertyDescriptor describes one property that a Java Bean @@ -426,8 +427,9 @@ public PropertyEditor createPropertyEditor(Object bean) { Object editor = null; - Class<?> cls = getPropertyEditorClass(); - if (cls != null) { + final Class<?> cls = getPropertyEditorClass(); + if (cls != null && PropertyEditor.class.isAssignableFrom(cls) + && ReflectUtil.isPackageAccessible(cls)) { Constructor<?> ctor = null; if (bean != null) { try {
--- a/src/share/classes/java/io/ObjectStreamClass.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/java/io/ObjectStreamClass.java Thu Jul 16 16:54:12 2015 -0700 @@ -189,6 +189,9 @@ /** superclass descriptor appearing in stream */ private ObjectStreamClass superDesc; + /** true if, and only if, the object has been correctly initialized */ + private boolean initialized; + /** * Initializes native code. */ @@ -266,6 +269,7 @@ if (cl == null) { return null; } + requireInitialized(); if (System.getSecurityManager() != null) { Class<?> caller = Reflection.getCallerClass(); if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), cl.getClassLoader())) { @@ -533,6 +537,7 @@ name, "unmatched serializable field(s) declared"); } } + initialized = true; } /** @@ -550,6 +555,14 @@ ObjectStreamClass superDesc) throws InvalidClassException { + ObjectStreamClass osc = null; + if (cl != null) { + osc = lookup(cl, true); + if (!osc.isProxy) { + throw new InvalidClassException( + "cannot bind proxy descriptor to a non-proxy class"); + } + } this.cl = cl; this.resolveEx = resolveEx; this.superDesc = superDesc; @@ -557,21 +570,17 @@ serializable = true; suid = Long.valueOf(0); fields = NO_FIELDS; - - if (cl != null) { - localDesc = lookup(cl, true); - if (!localDesc.isProxy) { - throw new InvalidClassException( - "cannot bind proxy descriptor to a non-proxy class"); - } + if (osc != null) { + localDesc = osc; name = localDesc.name; externalizable = localDesc.externalizable; - cons = localDesc.cons; writeReplaceMethod = localDesc.writeReplaceMethod; readResolveMethod = localDesc.readResolveMethod; deserializeEx = localDesc.deserializeEx; + cons = localDesc.cons; } fieldRefl = getReflector(fields, localDesc); + initialized = true; } /** @@ -583,11 +592,57 @@ ObjectStreamClass superDesc) throws InvalidClassException { + long suid = Long.valueOf(model.getSerialVersionUID()); + ObjectStreamClass osc = null; + if (cl != null) { + osc = lookup(cl, true); + if (osc.isProxy) { + throw new InvalidClassException( + "cannot bind non-proxy descriptor to a proxy class"); + } + if (model.isEnum != osc.isEnum) { + throw new InvalidClassException(model.isEnum ? + "cannot bind enum descriptor to a non-enum class" : + "cannot bind non-enum descriptor to an enum class"); + } + + if (model.serializable == osc.serializable && + !cl.isArray() && + suid != osc.getSerialVersionUID()) { + throw new InvalidClassException(osc.name, + "local class incompatible: " + + "stream classdesc serialVersionUID = " + suid + + ", local class serialVersionUID = " + + osc.getSerialVersionUID()); + } + + if (!classNamesEqual(model.name, osc.name)) { + throw new InvalidClassException(osc.name, + "local class name incompatible with stream class " + + "name \"" + model.name + "\""); + } + + if (!model.isEnum) { + if ((model.serializable == osc.serializable) && + (model.externalizable != osc.externalizable)) { + throw new InvalidClassException(osc.name, + "Serializable incompatible with Externalizable"); + } + + if ((model.serializable != osc.serializable) || + (model.externalizable != osc.externalizable) || + !(model.serializable || model.externalizable)) { + deserializeEx = new ExceptionInfo( + osc.name, "class invalid for deserialization"); + } + } + } + this.cl = cl; this.resolveEx = resolveEx; this.superDesc = superDesc; name = model.name; - suid = Long.valueOf(model.getSerialVersionUID()); + this.suid = suid; isProxy = false; isEnum = model.isEnum; serializable = model.serializable; @@ -598,53 +653,8 @@ primDataSize = model.primDataSize; numObjFields = model.numObjFields; - if (cl != null) { - localDesc = lookup(cl, true); - if (localDesc.isProxy) { - throw new InvalidClassException( - "cannot bind non-proxy descriptor to a proxy class"); - } - if (isEnum != localDesc.isEnum) { - throw new InvalidClassException(isEnum ? - "cannot bind enum descriptor to a non-enum class" : - "cannot bind non-enum descriptor to an enum class"); - } - - if (serializable == localDesc.serializable && - !cl.isArray() && - suid.longValue() != localDesc.getSerialVersionUID()) - { - throw new InvalidClassException(localDesc.name, - "local class incompatible: " + - "stream classdesc serialVersionUID = " + suid + - ", local class serialVersionUID = " + - localDesc.getSerialVersionUID()); - } - - if (!classNamesEqual(name, localDesc.name)) { - throw new InvalidClassException(localDesc.name, - "local class name incompatible with stream class " + - "name \"" + name + "\""); - } - - if (!isEnum) { - if ((serializable == localDesc.serializable) && - (externalizable != localDesc.externalizable)) - { - throw new InvalidClassException(localDesc.name, - "Serializable incompatible with Externalizable"); - } - - if ((serializable != localDesc.serializable) || - (externalizable != localDesc.externalizable) || - !(serializable || externalizable)) - { - deserializeEx = new ExceptionInfo( - localDesc.name, "class invalid for deserialization"); - } - } - - cons = localDesc.cons; + if (osc != null) { + localDesc = osc; writeObjectMethod = localDesc.writeObjectMethod; readObjectMethod = localDesc.readObjectMethod; readObjectNoDataMethod = localDesc.readObjectNoDataMethod; @@ -653,10 +663,13 @@ if (deserializeEx == null) { deserializeEx = localDesc.deserializeEx; } + cons = localDesc.cons; } + fieldRefl = getReflector(fields, localDesc); // reassign to matched fields so as to reflect local unshared settings fields = fieldRefl.getFields(); + initialized = true; } /** @@ -759,11 +772,20 @@ } /** + * Throws InternalError if not initialized. + */ + private final void requireInitialized() { + if (!initialized) + throw new InternalError("Unexpected call when not initialized"); + } + + /** * Throws an InvalidClassException if object instances referencing this * class descriptor should not be allowed to deserialize. This method does * not apply to deserialization of enum constants. */ void checkDeserialize() throws InvalidClassException { + requireInitialized(); if (deserializeEx != null) { throw deserializeEx.newInvalidClassException(); } @@ -775,6 +797,7 @@ * not apply to serialization of enum constants. */ void checkSerialize() throws InvalidClassException { + requireInitialized(); if (serializeEx != null) { throw serializeEx.newInvalidClassException(); } @@ -788,6 +811,7 @@ * does not apply to deserialization of enum constants. */ void checkDefaultSerialize() throws InvalidClassException { + requireInitialized(); if (defaultSerializeEx != null) { throw defaultSerializeEx.newInvalidClassException(); } @@ -799,6 +823,7 @@ * of the subclass descriptor's bound class. */ ObjectStreamClass getSuperDesc() { + requireInitialized(); return superDesc; } @@ -809,6 +834,7 @@ * associated with this descriptor. */ ObjectStreamClass getLocalDesc() { + requireInitialized(); return localDesc; } @@ -829,6 +855,7 @@ * types only. Returns matching field, or null if no match found. */ ObjectStreamField getField(String name, Class<?> type) { + requireInitialized(); for (int i = 0; i < fields.length; i++) { ObjectStreamField f = fields[i]; if (f.getName().equals(name)) { @@ -851,6 +878,7 @@ * otherwise. */ boolean isProxy() { + requireInitialized(); return isProxy; } @@ -859,6 +887,7 @@ * otherwise. */ boolean isEnum() { + requireInitialized(); return isEnum; } @@ -867,6 +896,7 @@ * otherwise. */ boolean isExternalizable() { + requireInitialized(); return externalizable; } @@ -875,6 +905,7 @@ * otherwise. */ boolean isSerializable() { + requireInitialized(); return serializable; } @@ -883,6 +914,7 @@ * has written its data in 1.2 (block data) format, false otherwise. */ boolean hasBlockExternalData() { + requireInitialized(); return hasBlockExternalData; } @@ -892,6 +924,7 @@ * writeObject() method, false otherwise. */ boolean hasWriteObjectData() { + requireInitialized(); return hasWriteObjectData; } @@ -903,6 +936,7 @@ * accessible no-arg constructor. Otherwise, returns false. */ boolean isInstantiable() { + requireInitialized(); return (cons != null); } @@ -912,6 +946,7 @@ * returns false. */ boolean hasWriteObjectMethod() { + requireInitialized(); return (writeObjectMethod != null); } @@ -921,6 +956,7 @@ * returns false. */ boolean hasReadObjectMethod() { + requireInitialized(); return (readObjectMethod != null); } @@ -930,6 +966,7 @@ * Otherwise, returns false. */ boolean hasReadObjectNoDataMethod() { + requireInitialized(); return (readObjectNoDataMethod != null); } @@ -938,6 +975,7 @@ * defines a conformant writeReplace method. Otherwise, returns false. */ boolean hasWriteReplaceMethod() { + requireInitialized(); return (writeReplaceMethod != null); } @@ -946,6 +984,7 @@ * defines a conformant readResolve method. Otherwise, returns false. */ boolean hasReadResolveMethod() { + requireInitialized(); return (readResolveMethod != null); } @@ -962,6 +1001,7 @@ throws InstantiationException, InvocationTargetException, UnsupportedOperationException { + requireInitialized(); if (cons != null) { try { return cons.newInstance(); @@ -983,6 +1023,7 @@ void invokeWriteObject(Object obj, ObjectOutputStream out) throws IOException, UnsupportedOperationException { + requireInitialized(); if (writeObjectMethod != null) { try { writeObjectMethod.invoke(obj, new Object[]{ out }); @@ -1012,6 +1053,7 @@ throws ClassNotFoundException, IOException, UnsupportedOperationException { + requireInitialized(); if (readObjectMethod != null) { try { readObjectMethod.invoke(obj, new Object[]{ in }); @@ -1042,6 +1084,7 @@ void invokeReadObjectNoData(Object obj) throws IOException, UnsupportedOperationException { + requireInitialized(); if (readObjectNoDataMethod != null) { try { readObjectNoDataMethod.invoke(obj, (Object[]) null); @@ -1070,6 +1113,7 @@ Object invokeWriteReplace(Object obj) throws IOException, UnsupportedOperationException { + requireInitialized(); if (writeReplaceMethod != null) { try { return writeReplaceMethod.invoke(obj, (Object[]) null); @@ -1099,6 +1143,7 @@ Object invokeReadResolve(Object obj) throws IOException, UnsupportedOperationException { + requireInitialized(); if (readResolveMethod != null) { try { return readResolveMethod.invoke(obj, (Object[]) null);
--- a/src/share/classes/javax/management/openmbean/OpenMBeanAttributeInfoSupport.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/javax/management/openmbean/OpenMBeanAttributeInfoSupport.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -45,7 +45,6 @@ import javax.management.ImmutableDescriptor; import javax.management.MBeanAttributeInfo; import com.sun.jmx.remote.util.EnvHelp; -import sun.reflect.misc.ConstructorUtil; import sun.reflect.misc.MethodUtil; import sun.reflect.misc.ReflectUtil; @@ -692,8 +691,9 @@ private static <T> T convertFromString(String s, OpenType<T> openType) { Class<T> c; try { - ReflectUtil.checkPackageAccess(openType.safeGetClassName()); - c = cast(Class.forName(openType.safeGetClassName())); + String className = openType.safeGetClassName(); + ReflectUtil.checkPackageAccess(className); + c = cast(Class.forName(className)); } catch (ClassNotFoundException e) { throw new NoClassDefFoundError(e.toString()); // can't happen }
--- a/src/share/classes/javax/security/auth/kerberos/KerberosPrincipal.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/javax/security/auth/kerberos/KerberosPrincipal.java Thu Jul 16 16:54:12 2015 -0700 @@ -112,18 +112,7 @@ * java.security.krb5.realm system property. */ public KerberosPrincipal(String name) { - - PrincipalName krb5Principal = null; - - try { - // Appends the default realm if it is missing - krb5Principal = new PrincipalName(name, KRB_NT_PRINCIPAL); - } catch (KrbException e) { - throw new IllegalArgumentException(e.getMessage()); - } - nameType = KRB_NT_PRINCIPAL; // default name type - fullName = krb5Principal.toString(); - realm = krb5Principal.getRealmString(); + this(name, KRB_NT_PRINCIPAL); } /** @@ -165,6 +154,20 @@ throw new IllegalArgumentException(e.getMessage()); } + // A ServicePermission with a principal in the deduced realm and + // any action must be granted if no realm is provided by caller. + if (krb5Principal.isRealmDeduced() && !Realm.AUTODEDUCEREALM) { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + try { + sm.checkPermission(new ServicePermission( + "@" + krb5Principal.getRealmAsString(), "-")); + } catch (SecurityException se) { + // Swallow the actual exception to hide info + throw new SecurityException("Cannot read realm info"); + } + } + } this.nameType = nameType; fullName = krb5Principal.toString(); realm = krb5Principal.getRealmString();
--- a/src/share/classes/javax/security/auth/kerberos/ServicePermission.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/javax/security/auth/kerberos/ServicePermission.java Thu Jul 16 16:54:12 2015 -0700 @@ -50,7 +50,7 @@ * used within. * <p> * The service principal name is the canonical name of the - * {@code KereberosPrincipal} supplying the service, that is + * {@code KerberosPrincipal} supplying the service, that is * the KerberosPrincipal represents a Kerberos service * principal. This name is treated in a case sensitive manner. * An asterisk may appear by itself, to signify any service principal. @@ -145,6 +145,9 @@ * @param action the action string */ public ServicePermission(String servicePrincipal, String action) { + // Note: servicePrincipal can be "@REALM" which means any principal in + // this realm implies it. action can be "-" which means any + // action implies it. super(servicePrincipal); init(servicePrincipal, getMask(action)); } @@ -188,7 +191,9 @@ boolean impliesIgnoreMask(ServicePermission p) { return ((this.getName().equals("*")) || - this.getName().equals(p.getName())); + this.getName().equals(p.getName()) || + (p.getName().startsWith("@") && + this.getName().endsWith(p.getName()))); } /** @@ -295,7 +300,10 @@ /** * Convert an action string to an integer actions mask. * - * @param action the action string + * Note: if action is "-", action will be NONE, which means any + * action implies it. + * + * @param action the action string. * @return the action mask */ private static int getMask(String action) { @@ -312,9 +320,11 @@ char[] a = action.toCharArray(); + if (a.length == 1 && a[0] == '-') { + return mask; + } + int i = a.length - 1; - if (i < 0) - return mask; while (i != -1) { char c; @@ -475,6 +485,17 @@ ServicePermission np = (ServicePermission) permission; int desired = np.getMask(); + + if (desired == 0) { + for (Permission p: perms) { + ServicePermission sp = (ServicePermission)p; + if (sp.impliesIgnoreMask(np)) { + return true; + } + } + return false; + } + int effective = 0; int needed = desired;
--- a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Thu Jul 16 16:54:12 2015 -0700 @@ -484,7 +484,8 @@ private void checkMessageHeader(String key, String value) { char LF = '\n'; int index = key.indexOf(LF); - if (index != -1) { + int index1 = key.indexOf(':'); + if (index != -1 || index1 != -1) { throw new IllegalArgumentException( "Illegal character(s) in message header field: " + key); }
--- a/src/share/classes/sun/rmi/transport/DGCClient.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/sun/rmi/transport/DGCClient.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ import java.lang.ref.PhantomReference; import java.lang.ref.ReferenceQueue; +import java.net.SocketPermission; import java.security.AccessController; import java.security.PrivilegedAction; import java.util.HashMap; @@ -46,6 +47,10 @@ import sun.rmi.server.Util; import sun.security.action.GetLongAction; +import java.security.AccessControlContext; +import java.security.Permissions; +import java.security.ProtectionDomain; + /** * DGCClient implements the client-side of the RMI distributed garbage * collection system. @@ -113,6 +118,18 @@ /** ObjID for server-side DGC object */ private static final ObjID dgcID = new ObjID(ObjID.DGC_ID); + /** + * An AccessControlContext with only socket permissions, + * suitable for an RMIClientSocketFactory. + */ + private static final AccessControlContext SOCKET_ACC; + static { + Permissions perms = new Permissions(); + perms.add(new SocketPermission("*", "connect,resolve")); + ProtectionDomain[] pd = { new ProtectionDomain(null, perms) }; + SOCKET_ACC = new AccessControlContext(pd); + } + /* * Disallow anyone from creating one of these. */ @@ -570,13 +587,20 @@ } } - if (needRenewal) { - makeDirtyCall(refsToDirty, sequenceNum); - } + boolean needRenewal_ = needRenewal; + Set<RefEntry> refsToDirty_ = refsToDirty; + long sequenceNum_ = sequenceNum; + AccessController.doPrivileged(new PrivilegedAction<Void>() { + public Void run() { + if (needRenewal_) { + makeDirtyCall(refsToDirty_, sequenceNum_); + } - if (!pendingCleans.isEmpty()) { - makeCleanCalls(); - } + if (!pendingCleans.isEmpty()) { + makeCleanCalls(); + } + return null; + }}, SOCKET_ACC); } while (!removed || !pendingCleans.isEmpty()); } }
--- a/src/share/classes/sun/rmi/transport/DGCImpl.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/sun/rmi/transport/DGCImpl.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,6 +24,7 @@ */ package sun.rmi.transport; +import java.net.SocketPermission; import java.rmi.Remote; import java.rmi.RemoteException; import java.rmi.dgc.DGC; @@ -33,8 +34,11 @@ import java.rmi.server.ObjID; import java.rmi.server.RemoteServer; import java.rmi.server.ServerNotActiveException; +import java.security.AccessControlContext; import java.security.AccessController; +import java.security.Permissions; import java.security.PrivilegedAction; +import java.security.ProtectionDomain; import java.util.ArrayList; import java.util.HashSet; import java.util.HashMap; @@ -296,8 +300,19 @@ Util.createProxy(DGCImpl.class, new UnicastRef(ref), true); disp.setSkeleton(dgc); - Target target = - new Target(dgc, disp, stub, dgcID, true); + + Permissions perms = new Permissions(); + perms.add(new SocketPermission("*", "accept,resolve")); + ProtectionDomain[] pd = { new ProtectionDomain(null, perms) }; + AccessControlContext acceptAcc = new AccessControlContext(pd); + + Target target = AccessController.doPrivileged( + new PrivilegedAction<Target>() { + public Target run() { + return new Target(dgc, disp, stub, dgcID, true); + } + }, acceptAcc); + ObjectTable.putTarget(target); } catch (RemoteException e) { throw new Error(
--- a/src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java Thu Jul 16 16:54:12 2015 -0700 @@ -43,6 +43,8 @@ public class TlsRsaPremasterSecretParameterSpec implements AlgorithmParameterSpec { + private final byte[] encodedSecret; + /* * The TLS spec says that the version in the RSA premaster secret must * be the maximum version supported by the client (i.e. the version it @@ -89,6 +91,33 @@ this.clientVersion = checkVersion(clientVersion); this.serverVersion = checkVersion(serverVersion); + this.encodedSecret = null; + } + + /** + * Constructs a new TlsRsaPremasterSecretParameterSpec. + * + * @param clientVersion the version of the TLS protocol by which the + * client wishes to communicate during this session + * @param serverVersion the negotiated version of the TLS protocol which + * contains the lower of that suggested by the client in the client + * hello and the highest supported by the server. + * @param encodedSecret the encoded secret key + * + * @throws IllegalArgumentException if clientVersion or serverVersion are + * negative or larger than (2^16 - 1) or if encodedSecret is not + * exactly 48 bytes + */ + public TlsRsaPremasterSecretParameterSpec( + int clientVersion, int serverVersion, byte[] encodedSecret) { + + this.clientVersion = checkVersion(clientVersion); + this.serverVersion = checkVersion(serverVersion); + if (encodedSecret == null || encodedSecret.length != 48) { + throw new IllegalArgumentException( + "Encoded secret is not exactly 48 bytes"); + } + this.encodedSecret = encodedSecret.clone(); } /** @@ -147,4 +176,13 @@ } return version; } + + /** + * Returns the encoded secret. + * + * @return the encoded secret, may be null if no encoded secret. + */ + public byte[] getEncodedSecret() { + return encodedSecret == null ? null : encodedSecret.clone(); + } }
--- a/src/share/classes/sun/security/jgss/krb5/Krb5NameElement.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/sun/security/jgss/krb5/Krb5NameElement.java Thu Jul 16 16:54:12 2015 -0700 @@ -28,7 +28,10 @@ import org.ietf.jgss.*; import sun.security.jgss.spi.*; import sun.security.krb5.PrincipalName; +import sun.security.krb5.Realm; import sun.security.krb5.KrbException; + +import javax.security.auth.kerberos.ServicePermission; import java.io.UnsupportedEncodingException; import java.net.InetAddress; import java.net.UnknownHostException; @@ -126,6 +129,18 @@ throw new GSSException(GSSException.BAD_NAME, -1, e.getMessage()); } + if (principalName.isRealmDeduced() && !Realm.AUTODEDUCEREALM) { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + try { + sm.checkPermission(new ServicePermission( + "@" + principalName.getRealmAsString(), "-")); + } catch (SecurityException se) { + // Do not chain the actual exception to hide info + throw new GSSException(GSSException.FAILURE); + } + } + } return new Krb5NameElement(principalName, gssNameStr, gssNameType); } @@ -198,7 +213,7 @@ * If either name denotes an anonymous principal, the call should * return false. * - * @param name to be compared with + * @param other to be compared with * @returns true if they both refer to the same entity, else false * @exception GSSException with major codes of BAD_NAMETYPE, * BAD_NAME, FAILURE
--- a/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java Thu Jul 16 16:54:12 2015 -0700 @@ -30,6 +30,7 @@ import java.security.Security; import java.io.IOException; import java.io.UnsupportedEncodingException; +import sun.security.krb5.Realm; import sun.security.jgss.GSSUtil; import sun.security.util.ObjectIdentifier; import sun.security.util.DerInputStream; @@ -38,6 +39,8 @@ import sun.security.jgss.GSSExceptionImpl; import sun.security.jgss.spi.GSSNameSpi; +import javax.security.auth.kerberos.ServicePermission; + /** * This class is essentially a wrapper class for the gss_name_t * structure of the native GSS library. @@ -150,6 +153,26 @@ pName = cStub.importName(name, nameType); setPrintables(); + SecurityManager sm = System.getSecurityManager(); + if (sm != null && !Realm.AUTODEDUCEREALM) { + String krbName = getKrbName(); + int atPos = krbName.lastIndexOf('@'); + if (atPos != -1) { + String atRealm = krbName.substring(atPos); + if (nameType.equals(GSSUtil.NT_GSS_KRB5_PRINCIPAL) + && new String(nameBytes).endsWith(atRealm)) { + // Created from Kerberos name with realm, no need to check + } else { + try { + sm.checkPermission(new ServicePermission(atRealm, "-")); + } catch (SecurityException se) { + // Do not chain the actual exception to hide info + throw new GSSException(GSSException.FAILURE); + } + } + } + } + SunNativeProvider.debug("Imported " + printableName + " w/ type " + printableType); }
--- a/src/share/classes/sun/security/krb5/KrbServiceLocator.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/sun/security/krb5/KrbServiceLocator.java Thu Jul 16 16:54:12 2015 -0700 @@ -25,6 +25,11 @@ package sun.security.krb5; +import sun.security.krb5.internal.Krb5; + +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.util.Arrays; import java.util.Hashtable; import java.util.Random; @@ -52,6 +57,8 @@ private static final Random random = new Random(); + private static final boolean DEBUG = Krb5.DEBUG; + private KrbServiceLocator() { } @@ -62,8 +69,7 @@ * Information on the mapping of DNS hostnames and domain names * to Kerberos realms is stored using DNS TXT records * - * @param domainName A string domain name. - * @param environment The possibly null environment of the context. + * @param realmName A string realm name. * @return An ordered list of hostports for the Kerberos service or null if * the service has not been located. */ @@ -81,8 +87,18 @@ if (!(ctx instanceof DirContext)) { return null; // cannot create a DNS context } - Attributes attrs = - ((DirContext)ctx).getAttributes(dnsUrl, SRV_TXT_ATTR); + Attributes attrs = null; + try { + // both connect and accept are needed since DNS is thru UDP + attrs = AccessController.doPrivileged( + (PrivilegedExceptionAction<Attributes>) + () -> ((DirContext)ctx).getAttributes( + dnsUrl, SRV_TXT_ATTR), + null, + new java.net.SocketPermission("*", "connect,accept")); + } catch (PrivilegedActionException e) { + throw (NamingException)e.getCause(); + } Attribute attr; if (attrs != null && ((attr = attrs.get(SRV_TXT)) != null)) { @@ -124,7 +140,8 @@ * Queries DNS for a list of KERBEROS Service Location Records (SRV) for a * given domain name. * - * @param domainName A string domain name. + * @param realmName A string realm name. + * @param protocol the protocol string, can be "_udp" or "_tcp" * @return An ordered list of hostports for the Kerberos service or null if * the service has not been located. */ @@ -142,8 +159,20 @@ if (!(ctx instanceof DirContext)) { return null; // cannot create a DNS context } - Attributes attrs = - ((DirContext)ctx).getAttributes(dnsUrl, SRV_RR_ATTR); + + Attributes attrs = null; + try { + // both connect and accept are needed since DNS is thru UDP + attrs = AccessController.doPrivileged( + (PrivilegedExceptionAction<Attributes>) + () -> ((DirContext)ctx).getAttributes( + dnsUrl, SRV_RR_ATTR), + null, + new java.net.SocketPermission("*", "connect,accept")); + } catch (PrivilegedActionException e) { + throw (NamingException)e.getCause(); + } + Attribute attr; if (attrs != null && ((attr = attrs.get(SRV_RR)) != null)) {
--- a/src/share/classes/sun/security/krb5/PrincipalName.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/sun/security/krb5/PrincipalName.java Thu Jul 16 16:54:12 2015 -0700 @@ -123,6 +123,13 @@ */ private final Realm nameRealm; // not null + + /** + * When constructing a PrincipalName, whether the realm is included in + * the input, or deduced from default realm or domain-realm mapping. + */ + private final boolean realmDeduced; + // cached default salt, not used in clone private transient String salt = null; @@ -143,6 +150,7 @@ this.nameType = nameType; this.nameStrings = nameStrings.clone(); this.nameRealm = nameRealm; + this.realmDeduced = false; } // This method is called by Windows NativeCred.c @@ -150,11 +158,6 @@ this(KRB_NT_UNKNOWN, nameParts, new Realm(realm)); } - public PrincipalName(String[] nameParts, int type) - throws IllegalArgumentException, RealmException { - this(type, nameParts, Realm.getDefault()); - } - // Validate a nameStrings argument private static void validateNameStrings(String[] ns) { if (ns == null) { @@ -226,7 +229,7 @@ * <a href="http://www.ietf.org/rfc/rfc4120.txt"> * http://www.ietf.org/rfc/rfc4120.txt</a>. * - * @param encoding a Der-encoded data. + * @param encoding DER-encoded PrincipalName (without Realm) * @param realm the realm for this name * @exception Asn1Exception if an error occurs while decoding * an ASN1 encoded data. @@ -240,6 +243,7 @@ if (realm == null) { throw new IllegalArgumentException("Null realm not allowed"); } + realmDeduced = false; nameRealm = realm; DerValue der; if (encoding == null) { @@ -394,6 +398,10 @@ if (realm == null) { realm = Realm.parseRealmAtSeparator(name); } + + // No realm info from parameter and string, must deduce later + realmDeduced = realm == null; + switch (type) { case KRB_NT_SRV_HST: if (nameParts.length >= 2) { @@ -413,8 +421,8 @@ hostName.toLowerCase(Locale.ENGLISH)+".")) { hostName = canonicalized; } - } catch (UnknownHostException e) { - // no canonicalization, use old + } catch (UnknownHostException | SecurityException e) { + // not canonicalized or no permission to do so, use old } nameParts[1] = hostName.toLowerCase(Locale.ENGLISH); } @@ -680,4 +688,7 @@ return result; } + public boolean isRealmDeduced() { + return realmDeduced; + } }
--- a/src/share/classes/sun/security/krb5/Realm.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/sun/security/krb5/Realm.java Thu Jul 16 16:54:12 2015 -0700 @@ -47,6 +47,12 @@ * This class is immutable. */ public class Realm implements Cloneable { + + public static final boolean AUTODEDUCEREALM = + java.security.AccessController.doPrivileged( + new sun.security.action.GetBooleanAction( + "sun.security.krb5.autodeducerealm")); + private final String realm; // not null nor empty public Realm(String name) throws RealmException {
--- a/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java Thu Jul 16 16:54:12 2015 -0700 @@ -146,8 +146,9 @@ } try { return new PrincipalName( + type, result.toArray(new String[result.size()]), - type); + Realm.getDefault()); } catch (RealmException re) { return null; }
--- a/src/share/classes/sun/security/provider/certpath/RevocationChecker.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/sun/security/provider/certpath/RevocationChecker.java Thu Jul 16 16:54:12 2015 -0700 @@ -1041,20 +1041,17 @@ boolean signFlag = true; List<? extends Certificate> cpList = cpbr.getCertPath().getCertificates(); - if (cpList.isEmpty()) { - return; - } try { - for (int i = cpList.size()-1; i >= 0; i-- ) { - X509Certificate cert = (X509Certificate)cpList.get(i); + for (int i = cpList.size() - 1; i >= 0; i--) { + X509Certificate cert = (X509Certificate) cpList.get(i); if (debug != null) { debug.println("RevocationChecker.buildToNewKey()" - + " index " + i + " checking " - + cert); + + " index " + i + " checking " + + cert); } checkCRLs(cert, prevKey2, null, signFlag, true, - stackedCerts, newAnchors); + stackedCerts, newAnchors); signFlag = certCanSignCrl(cert); prevKey2 = cert.getPublicKey(); } @@ -1073,8 +1070,10 @@ // If it doesn't check out, try to find a different key. // And if we can't find a key, then return false. PublicKey newKey = cpbr.getPublicKey(); + X509Certificate newCert = cpList.isEmpty() ? + null : (X509Certificate) cpList.get(0); try { - checkCRLs(currCert, newKey, (X509Certificate) cpList.get(0), + checkCRLs(currCert, newKey, newCert, true, false, null, params.trustAnchors()); // If that passed, the cert is OK! return;
--- a/src/share/classes/sun/security/ssl/ClientHandshaker.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/sun/security/ssl/ClientHandshaker.java Thu Jul 16 16:54:12 2015 -0700 @@ -620,6 +620,9 @@ } } else { // we wanted to resume, but the server refused + // + // Invalidate the session in case of reusing next time. + session.invalidate(); session = null; if (!enableNewSession) { throw new SSLException("New session creation is disabled");
--- a/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java Thu Jul 16 16:54:12 2015 -0700 @@ -111,14 +111,41 @@ } } + boolean needFailover = false; + byte[] encoded = null; try { Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1); - cipher.init(Cipher.UNWRAP_MODE, privateKey, - new TlsRsaPremasterSecretParameterSpec( - maxVersion.v, currentVersion.v), - generator); - preMaster = (SecretKey)cipher.unwrap(encrypted, - "TlsRsaPremasterSecret", Cipher.SECRET_KEY); + needFailover = !KeyUtil.isOracleJCEProvider( + cipher.getProvider().getName()); + if (needFailover) { + cipher.init(Cipher.DECRYPT_MODE, privateKey); + encoded = cipher.doFinal(encrypted); + encoded = KeyUtil.checkTlsPreMasterSecretKey( + maxVersion.v, currentVersion.v, + generator, encoded, false); + preMaster = generatePreMasterSecret( + maxVersion.v, currentVersion.v, + encoded, generator); + } else { + cipher.init(Cipher.UNWRAP_MODE, privateKey, + new TlsRsaPremasterSecretParameterSpec( + maxVersion.v, currentVersion.v), + generator); + preMaster = (SecretKey)cipher.unwrap(encrypted, + "TlsRsaPremasterSecret", Cipher.SECRET_KEY); + } + } catch (BadPaddingException bpe) { + if (needFailover) { + encoded = KeyUtil.checkTlsPreMasterSecretKey( + maxVersion.v, currentVersion.v, + generator, null, false); + preMaster = generatePreMasterSecret( + maxVersion.v, currentVersion.v, + encoded, generator); + } else { + // Otherwise, unlikely to happen + throw new RuntimeException("Unexpected exception", bpe); + } } catch (InvalidKeyException ibk) { // the message is too big to process with RSA throw new SSLProtocolException( @@ -133,6 +160,35 @@ } } + // generate a premaster secret with the specified version number + @SuppressWarnings("deprecation") + private static SecretKey generatePreMasterSecret( + int clientVersion, int serverVersion, + byte[] encodedSecret, SecureRandom generator) { + + if (debug != null && Debug.isOn("handshake")) { + System.out.println("Generating a premaster secret"); + } + + try { + String s = ((clientVersion >= ProtocolVersion.TLS12.v) ? + "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret"); + KeyGenerator kg = JsseJce.getKeyGenerator(s); + kg.init(new TlsRsaPremasterSecretParameterSpec( + clientVersion, serverVersion, encodedSecret), + generator); + return kg.generateKey(); + } catch (InvalidAlgorithmParameterException | + NoSuchAlgorithmException iae) { + // unlikely to happen, otherwise, must be a provider exception + if (debug != null && Debug.isOn("handshake")) { + System.out.println("RSA premaster secret generation error:"); + iae.printStackTrace(System.out); + } + throw new RuntimeException("Could not generate premaster secret", iae); + } + } + @Override int messageType() { return ht_client_key_exchange;
--- a/src/share/classes/sun/security/util/KeyUtil.java Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/classes/sun/security/util/KeyUtil.java Thu Jul 16 16:54:12 2015 -0700 @@ -144,8 +144,6 @@ /** * Returns whether the specified provider is Oracle provider or not. - * <P> - * Note that this method is only apply to SunJCE and SunPKCS11 at present. * * @param providerName * the provider name @@ -153,8 +151,11 @@ * {@code providerName} is Oracle provider */ public static final boolean isOracleJCEProvider(String providerName) { - return providerName != null && (providerName.equals("SunJCE") || - providerName.startsWith("SunPKCS11")); + return providerName != null && + (providerName.equals("SunJCE") || + providerName.equals("SunMSCAPI") || + providerName.equals("OracleUcrypto") || + providerName.startsWith("SunPKCS11")); } /**
--- a/src/share/lib/security/java.security-linux Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/lib/security/java.security-linux Thu Jul 16 16:54:12 2015 -0700 @@ -481,7 +481,7 @@ # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # # -jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 +jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing
--- a/src/share/lib/security/java.security-macosx Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/lib/security/java.security-macosx Thu Jul 16 16:54:12 2015 -0700 @@ -484,7 +484,7 @@ # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # # -jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 +jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing
--- a/src/share/lib/security/java.security-solaris Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/lib/security/java.security-solaris Thu Jul 16 16:54:12 2015 -0700 @@ -483,7 +483,7 @@ # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # # -jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 +jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing
--- a/src/share/lib/security/java.security-windows Thu Jul 16 14:23:13 2015 -0700 +++ b/src/share/lib/security/java.security-windows Thu Jul 16 16:54:12 2015 -0700 @@ -484,7 +484,7 @@ # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # # -jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 +jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing
--- a/src/windows/native/sun/bridge/AccessBridgeDebug.cpp Thu Jul 16 14:23:13 2015 -0700 +++ b/src/windows/native/sun/bridge/AccessBridgeDebug.cpp Thu Jul 16 16:54:12 2015 -0700 @@ -36,39 +36,6 @@ extern "C" { #endif -/** - * print a GetLastError message - */ -char *printError(char *msg) { - LPVOID lpMsgBuf = NULL; - static char retbuf[256]; - - if (msg != NULL) { - strncpy((char *)retbuf, msg, sizeof(retbuf)); - } - if (!FormatMessage( - FORMAT_MESSAGE_ALLOCATE_BUFFER | - FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, - NULL, - GetLastError(), - MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language - (LPTSTR) &lpMsgBuf, - 0, - NULL )) - { - PrintDebugString(" %s: FormatMessage failed", msg); - } else { - PrintDebugString(" %s: %s", msg, (char *)lpMsgBuf); - } - if (lpMsgBuf != NULL) { - strncat((char *)retbuf, ": ", sizeof(retbuf) - strlen(retbuf) - 1); - strncat((char *)retbuf, (char *)lpMsgBuf, sizeof(retbuf) - strlen(retbuf) - 1); - } - return (char *)retbuf; -} - - /** * Send debugging info to the appropriate place */
--- a/src/windows/native/sun/bridge/AccessBridgeDebug.h Thu Jul 16 14:23:13 2015 -0700 +++ b/src/windows/native/sun/bridge/AccessBridgeDebug.h Thu Jul 16 16:54:12 2015 -0700 @@ -49,7 +49,6 @@ extern "C" { #endif - char *printError(char *msg); void PrintDebugString(char *msg, ...); void PrintJavaDebugString(char *msg, ...); void wPrintJavaDebugString(wchar_t *msg, ...);
--- a/src/windows/native/sun/bridge/WinAccessBridge.cpp Thu Jul 16 14:23:13 2015 -0700 +++ b/src/windows/native/sun/bridge/WinAccessBridge.cpp Thu Jul 16 16:54:12 2015 -0700 @@ -262,34 +262,6 @@ theWindowsAccessBridge = this; isVMInstanceChainInUse = false; - - // notify the user if new JVMs are found - /* - newJVMs = (char **)malloc(MAX_NEW_JVMS_FOUND); - for (int i = 0; i < MAX_NEW_JVMS_FOUND; i++) { - newJVMs[i] = (char *)malloc(SHORT_STRING_SIZE); - newJVMs[i][0] = 0; - } - - BOOL newJ2SEFound = findNewJVMs(J2SE_REG_PATH, newJVMs); - BOOL newJ2REFound = TRUE; // findNewJVMs(J2RE_REG_PATH, newJVMs); - - if (newJ2SEFound || newJ2REFound) { - - int result = DialogBox(windowsInstance, - "FOUNDNEWJVMDIALOG", - NULL, - (DLGPROC)newJVMFoundDialogProc); - if (result < 0) { - printError("DialogBox failed"); - } - - PrintDebugString(" FOUNDNEWJVMDIALOG: result = %d", result); - - ShowWindow((HWND)result, SW_SHOW); - } - */ - ShowWindow(theDialogWindow, SW_SHOW); }
--- a/test/java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,6 +21,12 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * @bug 6852744 @@ -234,6 +240,10 @@ public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); X509CertSelector selector = generateSelector(args[0]);
--- a/test/java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,6 +21,12 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * @bug 6852744 @@ -277,6 +283,10 @@ public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); X509CertSelector selector = generateSelector(args[0]);
--- a/test/java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,6 +21,12 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * @bug 6852744 @@ -283,6 +289,10 @@ public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); X509CertSelector selector = generateSelector(args[0]);
--- a/test/java/security/cert/CertPathValidator/OCSP/AIACheck.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/java/security/cert/CertPathValidator/OCSP/AIACheck.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,12 +21,19 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * @bug 5072953 * @summary Verify that the URL for an OCSP responder can be extracted from a * certificate's AuthorityInfoAccess extension when OCSP certifiate * validation has been enabled. + * @run main/othervm AIACheck */ import java.io.*; @@ -51,6 +58,10 @@ } public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + X509Certificate aiaCert = loadCertificate("AIACert.pem"); X509Certificate rootCert = loadCertificate("RootCert.pem");
--- a/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,16 +21,24 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * @bug 6383095 * @summary CRL revoked certificate failures masked by OCSP failures - * + * @run main/othervm FailoverToCRL + * @author Xuelei Fan + */ + +/* * Note that the certificate validity is from Mar 16 14:55:35 2009 GMT to * Dec 1 14:55:35 2028 GMT, please update it with newer certificate if * expires. - * - * @author Xuelei Fan */ /* @@ -229,6 +237,10 @@ } public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPath path = generateCertificatePath(); Set<TrustAnchor> anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore();
--- a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevel.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevel.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,11 +21,18 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * * @bug 6720721 * @summary CRL check with circular depency support needed + * @run main/othervm CircularCRLOneLevel * @author Xuelei Fan */ @@ -158,6 +165,10 @@ } public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPath path = generateCertificatePath(); Set<TrustAnchor> anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore();
--- a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevelRevoked.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevelRevoked.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,11 +21,18 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * * @bug 6720721 * @summary CRL check with circular depency support needed + * @run main/othervm CircularCRLOneLevelRevoked * @author Xuelei Fan */ @@ -159,6 +166,10 @@ } public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPath path = generateCertificatePath(); Set<TrustAnchor> anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore();
--- a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,11 +21,18 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * * @bug 6720721 * @summary CRL check with circular depency support needed + * @run main/othervm CircularCRLTwoLevel * @author Xuelei Fan */ @@ -210,6 +217,10 @@ } public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPath path = generateCertificatePath(); Set<TrustAnchor> anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore();
--- a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,11 +21,18 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * * @bug 6720721 * @summary CRL check with circular depency support needed + * @run main/othervm CircularCRLTwoLevelRevoked * @author Xuelei Fan */ @@ -211,6 +218,10 @@ } public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPath path = generateCertificatePath(); Set<TrustAnchor> anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore();
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/xml/jaxp/transform/8079323/TemplatesTest.java Thu Jul 16 16:54:12 2015 -0700 @@ -0,0 +1,84 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8079323 + * @summary This file contains tests for Templates. + * @run testng/othervm TemplatesTest + */ + +import java.io.ByteArrayOutputStream; +import java.io.NotSerializableException; +import java.io.ObjectOutputStream; +import java.io.StringReader; +import javax.xml.transform.Templates; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.stream.StreamSource; +import org.testng.annotations.DataProvider; +import org.testng.annotations.Test; + +public class TemplatesTest { + + /** + * bug 8079323 Test Templates serialization + * <p> + * Serialization compatibility test: verify that serializing the Templates + * that contain auxiliary classes will result in a NotSerializableException + * due to the use of Xalan's non-serializable Hashtable. + * + * @param templates an instance of Templates + * @throws Exception as expected. + */ + @Test(dataProvider = "templates", expectedExceptions = NotSerializableException.class) + public void testSerialization(Templates templates) throws Exception { + Transformer xformer = templates.newTransformer(); + try (ByteArrayOutputStream byteOut = new ByteArrayOutputStream(); + ObjectOutputStream out = new ObjectOutputStream(byteOut);) { + out.writeObject(templates); + out.flush(); + } + } + + /* + * DataProvider: Templates + */ + @DataProvider(name = "templates") + Object[][] getTemplates() throws Exception { + return new Object[][]{{TransformerFactory.newInstance(). + newTemplates(new StreamSource(new StringReader(XSL)))}}; + } + + static final String XSL = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>" + + "<xsl:stylesheet version=\"1.0\"" + + " xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\">" + + "<xsl:variable name=\"validAffectsRelClasses\">" + + "</xsl:variable>" + + "<xsl:key name=\"UniqueAffectsRelObjects\"" + + " match=\"/ObjectSetRoot/Object[" + + " contains($validAffectsRelClasses, @Class)]\"" + + " use=\"not(@OBID=preceding-sibling::Object[" + + " contains($validAffectsRelClasses, @Class)]/@OBID)\"/>" + + "</xsl:stylesheet>"; +}
--- a/test/sun/security/krb5/auto/KDC.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/krb5/auto/KDC.java Thu Jul 16 16:54:12 2015 -0700 @@ -858,8 +858,9 @@ PrincipalName service = asReq.reqBody.sname; if (options.containsKey(KDC.Option.RESP_NT)) { - service = new PrincipalName(service.getNameStrings(), - (int)options.get(KDC.Option.RESP_NT)); + service = new PrincipalName((int)options.get(KDC.Option.RESP_NT), + service.getNameStrings(), + Realm.getDefault()); } try { System.out.println(realm + "> " + asReq.reqBody.cname +
--- a/test/sun/security/krb5/auto/SSL.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/krb5/auto/SSL.java Thu Jul 16 16:54:12 2015 -0700 @@ -77,7 +77,10 @@ return; } ServicePermission p = (ServicePermission)perm; - permChecks = permChecks + p.getActions().toUpperCase().charAt(0); + // ServicePermissions required to create GSSName are ignored + if (!p.getActions().isEmpty()) { + permChecks = permChecks + p.getActions().toUpperCase().charAt(0); + } } public static void main(String[] args) throws Exception {
--- a/test/sun/security/krb5/name/Constructors.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/krb5/name/Constructors.java Thu Jul 16 16:54:12 2015 -0700 @@ -40,22 +40,22 @@ // Good ones type = PrincipalName.KRB_NT_UNKNOWN; - checkName("a", type, "R", "R", "a"); - checkName("a@R2", type, "R", "R", "a"); - checkName("a/b", type, "R", "R", "a", "b"); - checkName("a/b@R2", type, "R", "R", "a", "b"); - checkName("a/b/c", type, "R", "R", "a", "b", "c"); - checkName("a/b/c@R2", type, "R", "R", "a", "b", "c"); + checkName("a", type, "R", "R", false, "a"); + checkName("a@R2", type, "R", "R", false, "a"); + checkName("a/b", type, "R", "R", false, "a", "b"); + checkName("a/b@R2", type, "R", "R", false, "a", "b"); + checkName("a/b/c", type, "R", "R", false, "a", "b", "c"); + checkName("a/b/c@R2", type, "R", "R", false, "a", "b", "c"); // Weird ones - checkName("a\\/b", type, "R", "R", "a/b"); - checkName("a\\/b\\/c", type, "R", "R", "a/b/c"); - checkName("a\\/b\\@R2", type, "R", "R", "a/b@R2"); + checkName("a\\/b", type, "R", "R", false, "a/b"); + checkName("a\\/b\\/c", type, "R", "R", false, "a/b/c"); + checkName("a\\/b\\@R2", type, "R", "R", false, "a/b@R2"); // Bad ones - checkName("a", type, "", null); - checkName("a/", type, "R", null); - checkName("/a", type, "R", null); - checkName("a//b", type, "R", null); - checkName("a@", type, null, null); + checkName("a", type, "", null, false); + checkName("a/", type, "R", null, false); + checkName("/a", type, "R", null, false); + checkName("a//b", type, "R", null, false); + checkName("a@", type, null, null, false); type = PrincipalName.KRB_NT_SRV_HST; // Part 2: on realm choices @@ -77,17 +77,17 @@ if (testNoDefaultDomain) { type = PrincipalName.KRB_NT_UNKNOWN; - checkName("a", type, "R1", "R1", "a"); // arg - checkName("a@R1", type, null, "R1", "a"); // or r in name - checkName("a@R2", type, "R1", "R1", "a"); // arg over r - checkName("a", type, null, null); // fail if none - checkName("a/b@R1", type, null, "R1", "a", "b"); + checkName("a", type, "R1", "R1", false, "a"); // arg + checkName("a@R1", type, null, "R1", false, "a"); // or r in name + checkName("a@R2", type, "R1", "R1", false, "a"); // arg over r + checkName("a", type, null, null, false); // fail if none + checkName("a/b@R1", type, null, "R1", false, "a", "b"); type = PrincipalName.KRB_NT_SRV_HST; // Let's pray "b.h" won't be canonicalized - checkName("a/b.h", type, "R1", "R1", "a", "b.h"); // arg - checkName("a/b.h@R1", type, null, "R1", "a", "b.h"); // or r in name - checkName("a/b.h@R1", type, "R2", "R2", "a", "b.h"); // arg over r - checkName("a/b.h", type, null, null); // fail if none + checkName("a/b.h", type, "R1", "R1", false, "a", "b.h"); // arg + checkName("a/b.h@R1", type, null, "R1", false, "a", "b.h"); // or r in name + checkName("a/b.h@R1", type, "R2", "R2", false, "a", "b.h"); // arg over r + checkName("a/b.h", type, null, null, false); // fail if none } // When there is default realm @@ -96,25 +96,25 @@ Config.refresh(); type = PrincipalName.KRB_NT_UNKNOWN; - checkName("a", type, "R1", "R1", "a"); // arg - checkName("a@R1", type, null, "R1", "a"); // or r in name - checkName("a@R2", type, "R1", "R1", "a"); // arg over r - checkName("a", type, null, "R", "a"); // default - checkName("a/b", type, null, "R", "a", "b"); + checkName("a", type, "R1", "R1", false, "a"); // arg + checkName("a@R1", type, null, "R1", false, "a"); // or r in name + checkName("a@R2", type, "R1", "R1", false, "a"); // arg over r + checkName("a", type, null, "R", true, "a"); // default + checkName("a/b", type, null, "R", true, "a", "b"); type = PrincipalName.KRB_NT_SRV_HST; - checkName("a/b.h3", type, "R1", "R1", "a", "b.h3"); // arg - checkName("a/b.h@R1", type, null, "R1", "a", "b.h"); // or r in name - checkName("a/b.h3@R2", type, "R1", "R1", "a", "b.h3"); // arg over r - checkName("a/b.h2", type, "R1", "R1", "a", "b.h2"); // arg over map - checkName("a/b.h2@R1", type, null, "R1", "a", "b.h2"); // r over map - checkName("a/b.h2", type, null, "R2", "a", "b.h2"); // map - checkName("a/b.h", type, null, "R", "a", "b.h"); // default + checkName("a/b.h3", type, "R1", "R1", false, "a", "b.h3"); // arg + checkName("a/b.h@R1", type, null, "R1", false, "a", "b.h"); // or r in name + checkName("a/b.h3@R2", type, "R1", "R1", false, "a", "b.h3"); // arg over r + checkName("a/b.h2", type, "R1", "R1", false, "a", "b.h2"); // arg over map + checkName("a/b.h2@R1", type, null, "R1", false, "a", "b.h2"); // r over map + checkName("a/b.h2", type, null, "R2", true, "a", "b.h2"); // map + checkName("a/b.h", type, null, "R", true, "a", "b.h"); // default } // Check if the creation matches the expected output. // Note: realm == null means creation failure static void checkName(String n, int t, String s, - String realm, String... parts) + String realm, boolean deduced, String... parts) throws Exception { PrincipalName pn = null; try { @@ -131,5 +131,8 @@ throw new Exception(pn.toString() + " vs " + Arrays.toString(parts) + "@" + realm); } + if (deduced != pn.isRealmDeduced()) { + throw new Exception("pn.realmDeduced is " + pn.isRealmDeduced()); + } } }
--- a/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Thu Jul 16 16:54:12 2015 -0700 @@ -58,6 +58,10 @@ public void main(Provider p) throws Exception { String testWithoutSunEC = System.getProperty("testWithoutSunEC"); + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (p.getService("KeyFactory", "EC") == null) { System.out.println("Provider does not support EC, skipping"); return;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/provider/certpath/DisabledAlgorithms/CPBuilderWithMD5.java Thu Jul 16 16:54:12 2015 -0700 @@ -0,0 +1,449 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// This test case relies on static security property, no way to re-use +// security property in samevm/agentvm mode. + +/** + * @test + * + * @bug 8030829 + * @summary Add MD5 to jdk.certpath.disabledAlgorithms security property + * + * @run main/othervm CPBuilderWithMD5 trustAnchor_SHA1withRSA_1024 0 true + * @run main/othervm CPBuilderWithMD5 trustAnchor_SHA1withRSA_512 0 true + * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_1024_1024 1 true + * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_1024_512 1 false + * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_512_1024 1 false + * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_512_512 1 false + * @run main/othervm CPBuilderWithMD5 intermediate_MD5withRSA_1024_1024 1 false + * @run main/othervm CPBuilderWithMD5 intermediate_MD5withRSA_1024_512 1 false + * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_1024_1024 2 true + * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_1024_512 2 false + * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_512_1024 2 false + * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_512_512 2 false + * @run main/othervm CPBuilderWithMD5 endentiry_MD5withRSA_1024_1024 2 false + * @run main/othervm CPBuilderWithMD5 endentiry_MD5withRSA_1024_512 2 false + * + * @author Xuelei Fan + */ + +/* + * The generate.sh was designed to generate MD2 signed certificates. The + * certificates used in this test are generated by an updated generate.sh that + * replacing MD2 with MD5 algorithm. + */ +import java.io.*; +import java.net.SocketException; +import java.util.*; +import java.security.Security; +import java.security.cert.*; +import sun.security.util.DerInputStream; + +public class CPBuilderWithMD5 { + + // SHA1withRSA 1024 + static String trustAnchor_SHA1withRSA_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA4NTFaFw0zNDEyMDgxMTA4NTFa\n" + + "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" + + "AQUAA4GNADCBiQKBgQDn3JSHACqi/bcohVy7eFqDs3L5ehnXmF9Jrg4rMRUeNrxA\n" + + "61F8bJ9JXx4j8WyqmT0TtokgXuqGxbsXRQVVw4AdXLF2PwCs/y+Y+AwU59uDHA3J\n" + + "AMk4VvjV9MB2Ea6YzuLnbbj/TNrfxB6LZ7KBvh0fYGt2T40yMvOvilU/f6e3zQID\n" + + "AQABo4GJMIGGMB0GA1UdDgQWBBSIxINDFVm8GpUz3v+BbWNmDEKP7TBHBgNVHSME\n" + + "QDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" + + "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" + + "DQYJKoZIhvcNAQEFBQADgYEAt0mYDXTpInrGvEOylIL2gx65A/bpdz9iDQsSs5sZ\n" + + "r3m0v9zJnzR8lRqN4GbaD1vrFdkUrIoObcvXjXitnf5QqDzmc9BbIYj83Ft8QSUj\n" + + "jCMy04EGT/7ATss4SiFEu6sJpmOBjsgH6wYuobR27wl/01XOu2CXUo3OOjgAoPBs\n" + + "QoQ=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 + static String trustAnchor_SHA1withRSA_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA4NTFaFw0zNDEyMDgxMTA4NTFa\n" + + "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB\n" + + "BQADSwAwSAJBANLqQkOpH7rBTo/a2ccYjJxvNib/Lxm6UXO1uAd/0AUzPWzJsOpB\n" + + "u2zyD26UYc0GNyXCkWMZ44FrtSQ8VI146j8CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU\n" + + "5PVLxBY//smN31jHb/MAmCEz5NIwRwYDVR0jBEAwPoAU5PVLxBY//smN31jHb/MA\n" + + "mCEz5NKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G\n" + + "A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAzF9E\n" + + "dXYPLqziCRY45IHCUtxaLjLQmwsjEu91TV4xyuuozGEumcqH7m6Hg6Ohnd1FGfsN\n" + + "X+vt1tdaDIu9+OzGjQ==\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 1024 + static String intermediate_SHA1withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICUDCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + + "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + + "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + + "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + + "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADgYEA0673aIUF2k20jkpR\n" + + "4USN9UkbfX57Uazhl4n765EeAiteWnTzKztISeH1GTrCw7bSl1r07aaflsnbKOHC\n" + + "RrL2RxbxNwQARvuuCxr664vXnsGrt86xA5F2iNF22uDM/5HA5sIfBmEk5xXSLrgH\n" + + "I7jOaYqAA1b8C+4DU2Z5ZgO4LOA=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 512 + static String intermediate_SHA1withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICDzCCAbmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + + "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + + "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + + "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + + "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBTk9UvEFj/+yY3fWMdv8wCYITPk0qEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADQQAihshnF7RWZ13tUGsH\n" + + "iM4i8HmBjw2+pwW/cs0E8BcycYEy3beWMcL1Np2yfOa/7K5ZvGPhe/piwzTel+Kt\n" + + "5VLm\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 1024 + static String intermediate_SHA1withRSA_512_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICDDCCAXWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK4h/iW3wt+ugR5ObWiFSl394UU/\n" + + "lWNm+N6UAgsBRhSzZz/Iof7xZTQI+usNXzOrTnU3+uZsMgokpjkrko1osxUCAwEA\n" + + "AaOBiTCBhjAdBgNVHQ4EFgQU88OD48Osuh7lJiLnhfMhrySqW8QwRwYDVR0jBEAw\n" + + "PoAUiMSDQxVZvBqVM97/gW1jZgxCj+2hI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + + "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" + + "CSqGSIb3DQEBBQUAA4GBAAHN8XUTT6asa1MvpfqAvKTH6tNrMOmzoFsUamPxSrUB\n" + + "tnBv/fa/E9+1QvQwl3g6luVXBkQf2/nVD0195IdkEuD/C6psuGKerXmiaRMv5Wcs\n" + + "B+8bTzhNxMzHKPZDJ8Tf/RD3XpPvtxw0T+I5xud68FH/WDhJtu7TiXPAhs7srtHt\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 512 + static String intermediate_SHA1withRSA_512_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIByzCCAXWgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK4h/iW3wt+ugR5ObWiFSl394UU/\n" + + "lWNm+N6UAgsBRhSzZz/Iof7xZTQI+usNXzOrTnU3+uZsMgokpjkrko1osxUCAwEA\n" + + "AaOBiTCBhjAdBgNVHQ4EFgQU88OD48Osuh7lJiLnhfMhrySqW8QwRwYDVR0jBEAw\n" + + "PoAU5PVLxBY//smN31jHb/MAmCEz5NKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + + "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" + + "CSqGSIb3DQEBBQUAA0EASLN+1/pfo+9ty5EaYkoPu4QeYGr+5wmXyDceiaED/Lok\n" + + "RdV0ZH0qwD4kiarlJssNOgMCk+2EzgvXcIhEMDa5hA==\n" + + "-----END CERTIFICATE-----"; + + // MD5withRSA 1024 signed with RSA 1024 + static String intermediate_MD5withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICUDCCAbmgAwIBAgIBBzANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + + "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + + "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + + "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + + "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEEBQADgYEAerx2je3FBVn2eoPs\n" + + "nTzLKILezqCTCO7mXWiyBidRhh4RGdM8JggMN5SRmuwRurxfYFgPfqmAenWtEFqO\n" + + "xZrTXQUvIrrEgpzqkfppFnkCh4kDsX4roD5Nho3J4MTBQkqE0r676Yq6Rp6cywCq\n" + + "CHQQztRGY7n/ZYRNJ3uzvuoT1tk=\n" + + "-----END CERTIFICATE-----"; + + // MD5withRSA 1024 signed with RSA 512 + static String intermediate_MD5withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICDzCCAbmgAwIBAgIBCDANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MTBaFw0zMzA5MTQxMTA5MTBa\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + + "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + + "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + + "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + + "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBTk9UvEFj/+yY3fWMdv8wCYITPk0qEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEEBQADQQA3XGQPNin8cDIsJ4vx\n" + + "tTxUO6XVJoWOdTsjwzlMrPmLvjJNZeXLtQe3pQu0vjgyUpQ59VYLW3qKN/LF3UH0\n" + + "Ep7V\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 1024 + static String endentiry_SHA1withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + + "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + + "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + + "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + + "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + + "8e7JW1tPUDAfBgNVHSMEGDAWgBQIsaDZL94kLug/A1N4EkNOA4z47DANBgkqhkiG\n" + + "9w0BAQUFAAOBgQB2RkWHOaL4WTOGoeTS4J4o9FW+4UXihbocdI/64rMExERjDkE/\n" + + "Jh31TEmatnP1gPrF1AfmqQPubqVSbRtCHrZF+Ilk6L6YeyRNzKvsLiMUtgrLYLas\n" + + "Vop0DFZxR02xHgaJdoJkcWBjNadb9zG7eZtt8OOOJ4lRwg02aLTy+WDqPA==\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 512 + static String endentiry_SHA1withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIB9jCCAaCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + + "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + + "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + + "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + + "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + + "8e7JW1tPUDAfBgNVHSMEGDAWgBTzw4Pjw6y6HuUmIueF8yGvJKpbxDANBgkqhkiG\n" + + "9w0BAQUFAANBAIapvjECUm4YD4O99G0v2SM17cKQzjZtSWkScS7FSk4sxS+dP3hM\n" + + "Qb2UpoRl6CGynhOVVy2G/VJN8BEqOfywj8k=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 1024 + static String endentiry_SHA1withRSA_512_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIB8zCCAVygAwIBAgIBBDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + + "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" + + "DQEBAQUAA0sAMEgCQQCngiNTE+qngHcfj2jUpdc82gCw+TFRjR7oMSdp7b/3NwpD\n" + + "E+11z9WspoXTDzvbKcGUH9svFl691NyY0ZUmf+4RAgMBAAGjTzBNMAsGA1UdDwQE\n" + + "AwID6DAdBgNVHQ4EFgQUK+oVsFTQbz08evgQZ5Sd82c2y4UwHwYDVR0jBBgwFoAU\n" + + "CLGg2S/eJC7oPwNTeBJDTgOM+OwwDQYJKoZIhvcNAQEFBQADgYEAMd/8XnjRz5jK\n" + + "nbss9DDQQC2mUuCbV/tGdke7eQ1DtBVZLBU6wDgisGr52sUXmyZIPmSVKpQqwCG5\n" + + "8cY5uQhaNwPtPmMMKXzX32zN9NhVkiDNceL+zHs3vdjD1i/QiUTST+NKfLYVb6dF\n" + + "YMG65lxe3gMVxMweiHSZSukmk1k3gUA=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 512 + static String endentiry_SHA1withRSA_512_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIBsjCCAVygAwIBAgIBBTANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + + "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" + + "DQEBAQUAA0sAMEgCQQCngiNTE+qngHcfj2jUpdc82gCw+TFRjR7oMSdp7b/3NwpD\n" + + "E+11z9WspoXTDzvbKcGUH9svFl691NyY0ZUmf+4RAgMBAAGjTzBNMAsGA1UdDwQE\n" + + "AwID6DAdBgNVHQ4EFgQUK+oVsFTQbz08evgQZ5Sd82c2y4UwHwYDVR0jBBgwFoAU\n" + + "88OD48Osuh7lJiLnhfMhrySqW8QwDQYJKoZIhvcNAQEFBQADQQB4xFWtC6ijDBIe\n" + + "/Gkf3B9+ycmP52pTPNiPwMS6u1a5vTRXMn5xRDexWfxJKJVZ2s9UR1jheZvWgPC8\n" + + "VUWO8bbG\n" + + "-----END CERTIFICATE-----"; + + // MD5withRSA 1024 signed with RSA 1024 + static String endentiry_MD5withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICNzCCAaCgAwIBAgIBBjANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + + "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + + "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + + "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + + "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + + "8e7JW1tPUDAfBgNVHSMEGDAWgBQIsaDZL94kLug/A1N4EkNOA4z47DANBgkqhkiG\n" + + "9w0BAQQFAAOBgQBCVn9/JQxsRTaKIKSrgB+KtEreat+33k3SXuJICuRxcmvjOXIx\n" + + "wSdq+mRCA+DpIPSNtgnDAUyipnyxRxpdmRRUHuRYpkALq4a5QtTJK0Y/CEMfsd2J\n" + + "Yd2zKcfynDLW6LVeNdtjlY7fTemJnbA/WImNhwyW55V9vbnk3J04EZN8jw==\n" + + "-----END CERTIFICATE-----"; + + // MD5withRSA 1024 signed with RSA 512 + static String endentiry_MD5withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIB9jCCAaCgAwIBAgIBBzANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + + "MTNaFw0zMzA5MTQxMTA5MTNaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + + "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + + "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + + "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + + "8e7JW1tPUDAfBgNVHSMEGDAWgBTzw4Pjw6y6HuUmIueF8yGvJKpbxDANBgkqhkiG\n" + + "9w0BAQQFAANBAAbZwmkqb6sfiiIxuLnj6PjhJsXGfvPomkkbLu5CapAMhen/p6ZG\n" + + "6vh69TbIsBR9UHu7qDyTl5Xax7bmYeW+sDQ=\n" + + "-----END CERTIFICATE-----"; + + static HashMap<String, String> certmap = new HashMap<String, String>(); + static { + certmap.put("trustAnchor_SHA1withRSA_1024", + trustAnchor_SHA1withRSA_1024); + certmap.put("trustAnchor_SHA1withRSA_512", + trustAnchor_SHA1withRSA_512); + certmap.put("intermediate_SHA1withRSA_1024_1024", + intermediate_SHA1withRSA_1024_1024); + certmap.put("intermediate_SHA1withRSA_1024_512", + intermediate_SHA1withRSA_1024_512); + certmap.put("intermediate_SHA1withRSA_512_1024", + intermediate_SHA1withRSA_512_1024); + certmap.put("intermediate_SHA1withRSA_512_512", + intermediate_SHA1withRSA_512_512); + certmap.put("intermediate_MD5withRSA_1024_1024", + intermediate_MD5withRSA_1024_1024); + certmap.put("intermediate_MD5withRSA_1024_512", + intermediate_MD5withRSA_1024_512); + certmap.put("endentiry_SHA1withRSA_1024_1024", + endentiry_SHA1withRSA_1024_1024); + certmap.put("endentiry_SHA1withRSA_1024_512", + endentiry_SHA1withRSA_1024_512); + certmap.put("endentiry_SHA1withRSA_512_1024", + endentiry_SHA1withRSA_512_1024); + certmap.put("endentiry_SHA1withRSA_512_512", + endentiry_SHA1withRSA_512_512); + certmap.put("endentiry_MD5withRSA_1024_1024", + endentiry_MD5withRSA_1024_1024); + certmap.put("endentiry_MD5withRSA_1024_512", + endentiry_MD5withRSA_1024_512); + } + + private static Set<TrustAnchor> generateTrustAnchors() + throws CertificateException { + // generate certificate from cert string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + HashSet<TrustAnchor> anchors = new HashSet<TrustAnchor>(); + + ByteArrayInputStream is = + new ByteArrayInputStream(trustAnchor_SHA1withRSA_1024.getBytes()); + Certificate cert = cf.generateCertificate(is); + TrustAnchor anchor = new TrustAnchor((X509Certificate)cert, null); + anchors.add(anchor); + + is = new ByteArrayInputStream(trustAnchor_SHA1withRSA_512.getBytes()); + cert = cf.generateCertificate(is); + anchor = new TrustAnchor((X509Certificate)cert, null); + anchors.add(anchor); + + return anchors; + } + + private static CertStore generateCertificateStore() throws Exception { + Collection entries = new HashSet(); + + // generate certificate from certificate string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + + for (String key : certmap.keySet()) { + String certStr = certmap.get(key); + ByteArrayInputStream is = + new ByteArrayInputStream(certStr.getBytes());; + Certificate cert = cf.generateCertificate(is); + entries.add(cert); + } + + return CertStore.getInstance("Collection", + new CollectionCertStoreParameters(entries)); + } + + private static X509CertSelector generateSelector(String name) + throws Exception { + X509CertSelector selector = new X509CertSelector(); + + String certStr = certmap.get(name); + if (certStr == null) { + return null; + } + + // generate certificate from certificate string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes()); + X509Certificate target = (X509Certificate)cf.generateCertificate(is); + + selector.setCertificate(target); + + return selector; + } + + private static boolean match(String name, Certificate cert) + throws Exception { + X509CertSelector selector = new X509CertSelector(); + + String certStr = certmap.get(name); + if (certStr == null) { + return false; + } + + // generate certificate from certificate string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes()); + X509Certificate target = (X509Certificate)cf.generateCertificate(is); + + return target.equals(cert); + } + + public static void main(String args[]) throws Exception { + CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); + + X509CertSelector selector = generateSelector(args[0]); + if (selector == null) { + // no target certificate, ignore it + return; + } + + Set<TrustAnchor> anchors = generateTrustAnchors(); + CertStore certs = generateCertificateStore(); + + PKIXBuilderParameters params = + new PKIXBuilderParameters(anchors, selector); + params.addCertStore(certs); + params.setRevocationEnabled(false); + params.setDate(new Date(114, 9, 1)); // 2014-09-01 + + boolean success = Boolean.valueOf(args[2]); + try { + PKIXCertPathBuilderResult result = + (PKIXCertPathBuilderResult)builder.build(params); + if (!success) { + throw new Exception("expected algorithm disabled exception"); + } + + int length = Integer.parseInt(args[1]); + List<? extends Certificate> path = + result.getCertPath().getCertificates(); + if (length != path.size()) { + throw new Exception("unexpected certification path length"); + } + + if (!path.isEmpty()) { // the target is not a trust anchor + if (!match(args[0], path.get(0))) { + throw new Exception("unexpected certificate"); + } + } + } catch (CertPathBuilderException cpbe) { + if (success) { + throw new Exception("unexpected exception", cpbe); + } else { + System.out.println("Get the expected exception " + cpbe); + } + } + } + +}
--- a/test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,15 +21,23 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /* * @test * @bug 7167988 * @summary PKIX CertPathBuilder in reverse mode doesn't work if more than * one trust anchor is specified + * @run main/othervm ReverseBuild */ import java.io.*; import java.util.*; import java.security.cert.*; +import java.security.Security; import sun.security.provider.certpath.SunCertPathBuilderParameters; @@ -279,6 +287,9 @@ public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); // generate certificate from cert string CertificateFactory cf = CertificateFactory.getInstance("X.509");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/MD2InTrustAnchor.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/MD2InTrustAnchor.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,13 +23,15 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 7113275 * @summary compatibility issue with MD2 trust anchor and old X509TrustManager - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @run main/othervm MD2InTrustAnchor PKIX TLSv1.1 * @run main/othervm MD2InTrustAnchor SunX509 TLSv1.1 * @run main/othervm MD2InTrustAnchor PKIX TLSv1.2 @@ -40,6 +42,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -283,6 +286,10 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,13 +23,15 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 7113275 * @summary compatibility issue with MD2 trust anchor and old X509TrustManager - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @run main/othervm TrustTrustedCert PKIX TLSv1.1 * @run main/othervm TrustTrustedCert SunX509 TLSv1.1 * @run main/othervm TrustTrustedCert PKIX TLSv1.2 @@ -336,6 +338,10 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509KeyManager/PreferredKey.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509KeyManager/PreferredKey.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,11 +21,18 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /* * @test * @bug 6302644 * @summary X509KeyManager implementation for NewSunX509 doesn't return most * preferable key + * @run main/othervm PreferredKey */ import java.io.*; import java.net.*; @@ -49,6 +56,10 @@ public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + KeyStore ks; KeyManagerFactory kmf; X509KeyManager km;
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,14 +21,16 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 7166570 * @summary JSSE certificate validation has started to fail for * certificate chains - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @run main/othervm BasicConstraints PKIX * @run main/othervm BasicConstraints SunX509 */ @@ -37,6 +39,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.*; @@ -454,6 +457,10 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,21 +21,23 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// /* * @test * @bug 6916074 * @summary Add support for TLS 1.2 * @run main/othervm PKIXExtendedTM - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. */ import java.net.*; import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -791,6 +793,10 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,15 +21,17 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 6822460 * @summary support self-issued certificate * @run main/othervm SelfIssuedCert PKIX * @run main/othervm SelfIssuedCert SunX509 - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -37,6 +39,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -302,6 +305,10 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,20 +21,23 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 6916074 * @summary Add support for TLS 1.2 * @run main/othervm SunX509ExtendedTM - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. */ import java.net.*; import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -792,6 +795,10 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,18 +21,21 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 6668231 * @summary Presence of a critical subjectAltName causes JSSE's SunX509 to * fail trusted checks * @run main/othervm CriticalSubjectAltName - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. - * * @author Xuelei Fan - * + */ + +/* * This test depends on binary keystore, crisubn.jks and trusted.jks. Because * JAVA keytool cannot generate X509 certificate with SubjectAltName extension, * the certificates are generated with openssl toolkits and then imported into @@ -47,6 +50,7 @@ import java.io.*; import java.net.*; import javax.net.ssl.*; +import java.security.Security; import java.security.cert.Certificate; public class CriticalSubjectAltName implements HostnameVerifier { @@ -154,6 +158,10 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + "/" + keyStoreFile;
--- a/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketSNISensitive.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketSNISensitive.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -44,6 +44,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -431,6 +432,10 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,15 +23,16 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 4873188 * @summary Support TLS 1.1 * @run main/othervm EmptyCertificateAuthorities - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. - * * @author Xuelei Fan */ @@ -228,6 +229,10 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + "/" + keyStoreFile;
--- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,13 +21,15 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* @test * @bug 6766775 * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 * @run main/othervm DNSIdentities - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -35,6 +37,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -743,6 +746,10 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,13 +21,15 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* @test * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 * @bug 6766775 * @run main/othervm IPAddressIPIdentities - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -35,6 +37,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -744,6 +747,10 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,13 +21,15 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* @test * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 * @bug 6766775 * @run main/othervm IPIdentities - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -35,6 +37,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -743,6 +746,10 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java Thu Jul 16 14:23:13 2015 -0700 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java Thu Jul 16 16:54:12 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,13 +21,15 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* @test * @bug 6766775 * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 * @run main/othervm Identities - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -35,6 +37,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -743,6 +746,10 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all");