mirror of
https://github.com/JetBrains/JetBrainsRuntime.git
synced 2025-12-06 17:39:40 +01:00
Compare commits
146 Commits
moklev-fix
...
jdk-11.0.1
| Author | SHA1 | Date | |
|---|---|---|---|
|
35d6a546eb | ||
|
bc0239c6ec | ||
|
0864917e44 | ||
|
|
718875c2a0 | ||
|
|
11f58b066b | ||
|
1ec7dbab23 | ||
|
2a08c06eea | ||
|
|
3e4a033294 | ||
|
|
4f8dc731e6 | ||
|
5bc98172e3 | ||
|
|
9a0ec1951e | ||
|
|
c468ecccc5 | ||
|
|
19b176af8b | ||
|
|
e45543c23a | ||
|
|
ffd27904be | ||
|
5acf946102 | ||
|
|
5dbc1f256b | ||
|
9bb8753635 | ||
|
|
79cea41ed2 | ||
|
e6d27ec718 | ||
|
feecbd5dbf | ||
|
|
4cf12330c4 | ||
|
|
944408c6e0 | ||
|
|
33f575c516 | ||
|
|
db32e3bfba | ||
|
0eddb97c97 | ||
|
1cadcd04e0 | ||
|
|
3fc4e0d6eb | ||
|
|
68011884ec | ||
|
|
fefb969cdd | ||
|
0ec4029c81 | ||
|
7d10c5bc0a | ||
|
|
bbc1638ce1 | ||
|
b0aa15b85b | ||
|
|
8834452005 | ||
|
79312ec17e | ||
|
|
753d040785 | ||
|
|
d096187121 | ||
|
1358a2751f | ||
|
652376d5b3 | ||
|
|
e14a40d164 | ||
|
cafbdc6174 | ||
|
|
40ea8e5cb4 | ||
|
|
d391f7c63d | ||
|
|
01487e8643 | ||
|
|
1719aeb5d2 | ||
|
|
e44f85ab5d | ||
|
80c8967c03 | ||
|
|
876915c6a1 | ||
|
4d127a6a46 | ||
|
|
e67726a839 | ||
|
be9e8a5340 | ||
|
|
06668fe36f | ||
|
|
1a89bb119d | ||
|
|
bd79a86b01 | ||
|
|
b2cdea89f5 | ||
|
9949620e45 | ||
|
|
29ab806ba6 | ||
|
c1d9c2e3b2 | ||
|
|
b436cdd69c | ||
|
|
1de01cb219 | ||
|
|
fd5e84d8e6 | ||
|
|
5ad959f728 | ||
|
af0a5af68c | ||
|
|
5ed03602e6 | ||
|
|
4b39e7d090 | ||
|
|
a39af74e4d | ||
|
|
53e7770fd1 | ||
|
|
7fa51274b9 | ||
|
|
821b7ac2b5 | ||
|
|
4e78cdbda6 | ||
|
|
7918702d81 | ||
|
1039ff757d | ||
|
|
330ed9959b | ||
|
|
6578fdad34 | ||
|
|
abad9ccee2 | ||
|
|
afdeae0362 | ||
|
|
8f99a3be7a | ||
|
|
979f5b2e7b | ||
|
b339e2c59e | ||
|
|
a50090c047 | ||
|
|
30093a30d3 | ||
|
92b911a7c0 | ||
|
|
163e61b805 | ||
|
|
5d366027d5 | ||
|
|
18052b1b57 | ||
|
|
c86b339f4f | ||
|
|
8cf5449fd9 | ||
|
8cdeecd144 | ||
|
|
3480143685 | ||
|
|
9f3116100a | ||
|
|
e6b4cdadc5 | ||
|
|
ae11b1005a | ||
|
|
7bdb63c235 | ||
|
0ad11db552 | ||
|
|
be113a79eb | ||
|
|
703ff0db40 | ||
|
|
131a9af96d | ||
|
|
9f32083fd9 | ||
|
f6eb5b3fa4 | ||
|
|
8ce607d540 | ||
|
|
042ea6250a | ||
|
|
6a7ab7a4d3 | ||
|
|
6d35589509 | ||
|
|
4a501d5aea | ||
|
|
59af29a2a0 | ||
|
|
249afa3d2e | ||
|
|
d0e2d0d885 | ||
|
|
35865af26a | ||
|
|
c9091dafe3 | ||
|
b6016a59f3 | ||
|
269168158d | ||
|
|
249af9e46c | ||
|
|
b1402be6d5 | ||
|
|
8da8d21484 | ||
|
|
f650e1150e | ||
|
|
338baa118e | ||
|
|
45cc4bb387 | ||
|
5e0c918e7b | ||
|
|
a92a9b0df5 | ||
|
|
831ce3cd26 | ||
|
|
075c1d5096 | ||
|
|
a650cb0e62 | ||
|
c27e9c11b6 | ||
|
|
adf91e8e2b | ||
|
f43f7a9777 | ||
|
|
5d636b506a | ||
|
|
edb89345ec | ||
|
|
201ecd476d | ||
|
5e38ddc11e | ||
|
|
2b9ab70dc0 | ||
|
|
f3f1c8c20e | ||
|
|
ba9e2c55e0 | ||
|
|
175027bed8 | ||
|
30f1e924b5 | ||
|
|
703f347ee8 | ||
|
|
7310129200 | ||
|
|
2aacf785b4 | ||
|
|
36e583d2b6 | ||
|
|
e0cceee495 | ||
|
8da4947343 | ||
|
17c42c34ad | ||
|
f258e9a659 | ||
|
|
1dbfde12af | ||
|
|
1ccdc3374a | ||
|
da30b2b421 |
12
.hgtags
12
.hgtags
@@ -502,3 +502,15 @@ ea900a7dc7d77dee30865c60eabd87fc24b1037c jdk-11+24
|
||||
945ba9278a272a5477ffb1b3ea1b04174fed8036 jdk-11+26
|
||||
9d7d74c6f2cbe522e39fa22dc557fdd3f79b32ad jdk-11+27
|
||||
76072a077ee1d815152d45d1692c4b36c53c5c49 jdk-11+28
|
||||
1353ec839c82de926bfacd2c7976b6b652d4afb0 jdk-11.0.1+1
|
||||
781b5d8f2f75ae4dfdafc85630e5dbd31e324ed1 jdk-11.0.1+3
|
||||
fc55f0667af5ea3b21e40a59e2a88b1b82e65e62 jdk-11.0.1+2
|
||||
c01cc45790f871adec30acc90742b521d57a2fff jdk-11.0.1+0
|
||||
b5b1dd7e6f9d86aedf7141e9279342fae257bd67 jdk-11.0.1+4
|
||||
d6efeebf554c918bfab50f89939eb11121e18432 jdk-11.0.1+5
|
||||
db768cfe2141b3eb9ef53d7104002a0532c8c977 jdk-11.0.1+6
|
||||
88a221c0bad0cee441767106776628550d660a82 jdk-11.0.1+7
|
||||
c2b23a17d3ff92235aed8e8d04642d7a6eaecf54 jdk-11.0.1+8
|
||||
adb9933aa8c68e6dec6b441133f3955fe7366206 jdk-11.0.1+9
|
||||
a86e14193fc8ea98835fd3e2f867447164c7af53 jdk-11.0.1+10
|
||||
0343f9aacae2d4a9e6df4e61087837166a6a477c jdk-11.0.1+11
|
||||
|
||||
@@ -27,9 +27,9 @@
|
||||
|
||||
DEFAULT_VERSION_FEATURE=11
|
||||
DEFAULT_VERSION_INTERIM=0
|
||||
DEFAULT_VERSION_UPDATE=0
|
||||
DEFAULT_VERSION_UPDATE=1
|
||||
DEFAULT_VERSION_PATCH=0
|
||||
DEFAULT_VERSION_DATE=2018-09-25
|
||||
DEFAULT_VERSION_DATE=2018-10-16
|
||||
DEFAULT_VERSION_CLASSFILE_MAJOR=55 # "`$EXPR $DEFAULT_VERSION_FEATURE + 44`"
|
||||
DEFAULT_VERSION_CLASSFILE_MINOR=0
|
||||
DEFAULT_ACCEPTABLE_BOOT_VERSIONS="10 11"
|
||||
|
||||
@@ -987,68 +987,68 @@ void LinkResolver::resolve_field(fieldDescriptor& fd,
|
||||
THROW_MSG(vmSymbols::java_lang_NoSuchFieldError(), field->as_C_string());
|
||||
}
|
||||
|
||||
if (!link_info.check_access())
|
||||
// Access checking may be turned off when calling from within the VM.
|
||||
return;
|
||||
|
||||
// check access
|
||||
// Access checking may be turned off when calling from within the VM.
|
||||
Klass* current_klass = link_info.current_klass();
|
||||
check_field_accessability(current_klass, resolved_klass, sel_klass, fd, CHECK);
|
||||
if (link_info.check_access()) {
|
||||
|
||||
// check for errors
|
||||
if (is_static != fd.is_static()) {
|
||||
ResourceMark rm(THREAD);
|
||||
char msg[200];
|
||||
jio_snprintf(msg, sizeof(msg), "Expected %s field %s.%s", is_static ? "static" : "non-static", resolved_klass->external_name(), fd.name()->as_C_string());
|
||||
THROW_MSG(vmSymbols::java_lang_IncompatibleClassChangeError(), msg);
|
||||
}
|
||||
// check access
|
||||
check_field_accessability(current_klass, resolved_klass, sel_klass, fd, CHECK);
|
||||
|
||||
// A final field can be modified only
|
||||
// (1) by methods declared in the class declaring the field and
|
||||
// (2) by the <clinit> method (in case of a static field)
|
||||
// or by the <init> method (in case of an instance field).
|
||||
if (is_put && fd.access_flags().is_final()) {
|
||||
ResourceMark rm(THREAD);
|
||||
stringStream ss;
|
||||
|
||||
if (sel_klass != current_klass) {
|
||||
ss.print("Update to %s final field %s.%s attempted from a different class (%s) than the field's declaring class",
|
||||
is_static ? "static" : "non-static", resolved_klass->external_name(), fd.name()->as_C_string(),
|
||||
current_klass->external_name());
|
||||
THROW_MSG(vmSymbols::java_lang_IllegalAccessError(), ss.as_string());
|
||||
// check for errors
|
||||
if (is_static != fd.is_static()) {
|
||||
ResourceMark rm(THREAD);
|
||||
char msg[200];
|
||||
jio_snprintf(msg, sizeof(msg), "Expected %s field %s.%s", is_static ? "static" : "non-static", resolved_klass->external_name(), fd.name()->as_C_string());
|
||||
THROW_MSG(vmSymbols::java_lang_IncompatibleClassChangeError(), msg);
|
||||
}
|
||||
|
||||
if (fd.constants()->pool_holder()->major_version() >= 53) {
|
||||
methodHandle m = link_info.current_method();
|
||||
assert(!m.is_null(), "information about the current method must be available for 'put' bytecodes");
|
||||
bool is_initialized_static_final_update = (byte == Bytecodes::_putstatic &&
|
||||
fd.is_static() &&
|
||||
!m()->is_static_initializer());
|
||||
bool is_initialized_instance_final_update = ((byte == Bytecodes::_putfield || byte == Bytecodes::_nofast_putfield) &&
|
||||
!fd.is_static() &&
|
||||
!m->is_object_initializer());
|
||||
// A final field can be modified only
|
||||
// (1) by methods declared in the class declaring the field and
|
||||
// (2) by the <clinit> method (in case of a static field)
|
||||
// or by the <init> method (in case of an instance field).
|
||||
if (is_put && fd.access_flags().is_final()) {
|
||||
ResourceMark rm(THREAD);
|
||||
stringStream ss;
|
||||
|
||||
if (is_initialized_static_final_update || is_initialized_instance_final_update) {
|
||||
ss.print("Update to %s final field %s.%s attempted from a different method (%s) than the initializer method %s ",
|
||||
if (sel_klass != current_klass) {
|
||||
ss.print("Update to %s final field %s.%s attempted from a different class (%s) than the field's declaring class",
|
||||
is_static ? "static" : "non-static", resolved_klass->external_name(), fd.name()->as_C_string(),
|
||||
m()->name()->as_C_string(),
|
||||
is_static ? "<clinit>" : "<init>");
|
||||
current_klass->external_name());
|
||||
THROW_MSG(vmSymbols::java_lang_IllegalAccessError(), ss.as_string());
|
||||
}
|
||||
|
||||
if (fd.constants()->pool_holder()->major_version() >= 53) {
|
||||
methodHandle m = link_info.current_method();
|
||||
assert(!m.is_null(), "information about the current method must be available for 'put' bytecodes");
|
||||
bool is_initialized_static_final_update = (byte == Bytecodes::_putstatic &&
|
||||
fd.is_static() &&
|
||||
!m()->is_static_initializer());
|
||||
bool is_initialized_instance_final_update = ((byte == Bytecodes::_putfield || byte == Bytecodes::_nofast_putfield) &&
|
||||
!fd.is_static() &&
|
||||
!m->is_object_initializer());
|
||||
|
||||
if (is_initialized_static_final_update || is_initialized_instance_final_update) {
|
||||
ss.print("Update to %s final field %s.%s attempted from a different method (%s) than the initializer method %s ",
|
||||
is_static ? "static" : "non-static", resolved_klass->external_name(), fd.name()->as_C_string(),
|
||||
m()->name()->as_C_string(),
|
||||
is_static ? "<clinit>" : "<init>");
|
||||
THROW_MSG(vmSymbols::java_lang_IllegalAccessError(), ss.as_string());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// initialize resolved_klass if necessary
|
||||
// note 1: the klass which declared the field must be initialized (i.e, sel_klass)
|
||||
// according to the newest JVM spec (5.5, p.170) - was bug (gri 7/28/99)
|
||||
//
|
||||
// note 2: we don't want to force initialization if we are just checking
|
||||
// if the field access is legal; e.g., during compilation
|
||||
if (is_static && initialize_class) {
|
||||
sel_klass->initialize(CHECK);
|
||||
}
|
||||
}
|
||||
|
||||
// initialize resolved_klass if necessary
|
||||
// note 1: the klass which declared the field must be initialized (i.e, sel_klass)
|
||||
// according to the newest JVM spec (5.5, p.170) - was bug (gri 7/28/99)
|
||||
//
|
||||
// note 2: we don't want to force initialization if we are just checking
|
||||
// if the field access is legal; e.g., during compilation
|
||||
if (is_static && initialize_class) {
|
||||
sel_klass->initialize(CHECK);
|
||||
}
|
||||
|
||||
if (sel_klass != current_klass) {
|
||||
if ((sel_klass != current_klass) && (current_klass != NULL)) {
|
||||
check_field_loader_constraints(field, sig, current_klass, sel_klass, CHECK);
|
||||
}
|
||||
|
||||
|
||||
@@ -69,10 +69,13 @@ abstract class AbstractStringBuilder implements Appendable, CharSequence {
|
||||
*/
|
||||
int count;
|
||||
|
||||
private static final byte[] EMPTYVALUE = new byte[0];
|
||||
|
||||
/**
|
||||
* This no-arg constructor is necessary for serialization of subclasses.
|
||||
*/
|
||||
AbstractStringBuilder() {
|
||||
value = EMPTYVALUE;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1995, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1995, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -35,6 +35,7 @@ import java.io.FileNotFoundException;
|
||||
import java.io.ObjectStreamException;
|
||||
import java.io.ObjectStreamField;
|
||||
import java.io.IOException;
|
||||
import java.io.InvalidObjectException;
|
||||
import java.io.ObjectInputStream;
|
||||
import java.io.ObjectInputStream.GetField;
|
||||
import java.io.ObjectOutputStream;
|
||||
@@ -1728,8 +1729,11 @@ class InetAddress implements java.io.Serializable {
|
||||
}
|
||||
GetField gf = s.readFields();
|
||||
String host = (String)gf.get("hostName", null);
|
||||
int address= gf.get("address", 0);
|
||||
int family= gf.get("family", 0);
|
||||
int address = gf.get("address", 0);
|
||||
int family = gf.get("family", 0);
|
||||
if (family != IPv4 && family != IPv6) {
|
||||
throw new InvalidObjectException("invalid address family type: " + family);
|
||||
}
|
||||
InetAddressHolder h = new InetAddressHolder(host, address, family);
|
||||
UNSAFE.putObject(this, FIELDS_OFFSET, h);
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -321,8 +321,20 @@ public final class NetworkInterface {
|
||||
if (addr == null) {
|
||||
throw new NullPointerException();
|
||||
}
|
||||
if (!(addr instanceof Inet4Address || addr instanceof Inet6Address)) {
|
||||
throw new IllegalArgumentException ("invalid address type");
|
||||
if (addr instanceof Inet4Address) {
|
||||
Inet4Address inet4Address = (Inet4Address) addr;
|
||||
if (inet4Address.holder.family != InetAddress.IPv4) {
|
||||
throw new IllegalArgumentException("invalid family type: "
|
||||
+ inet4Address.holder.family);
|
||||
}
|
||||
} else if (addr instanceof Inet6Address) {
|
||||
Inet6Address inet6Address = (Inet6Address) addr;
|
||||
if (inet6Address.holder.family != InetAddress.IPv6) {
|
||||
throw new IllegalArgumentException("invalid family type: "
|
||||
+ inet6Address.holder.family);
|
||||
}
|
||||
} else {
|
||||
throw new IllegalArgumentException("invalid address type: " + addr);
|
||||
}
|
||||
return getByInetAddress0(addr);
|
||||
}
|
||||
|
||||
@@ -570,13 +570,13 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
|
||||
* @spec JPMS
|
||||
*/
|
||||
protected Package definePackage(String name, Manifest man, URL url) {
|
||||
String path = name.replace('.', '/').concat("/");
|
||||
String specTitle = null, specVersion = null, specVendor = null;
|
||||
String implTitle = null, implVersion = null, implVendor = null;
|
||||
String sealed = null;
|
||||
URL sealBase = null;
|
||||
|
||||
Attributes attr = man.getAttributes(path);
|
||||
Attributes attr = SharedSecrets.javaUtilJarAccess()
|
||||
.getTrustedAttributes(man, name.replace('.', '/').concat("/"));
|
||||
if (attr != null) {
|
||||
specTitle = attr.getValue(Name.SPECIFICATION_TITLE);
|
||||
specVersion = attr.getValue(Name.SPECIFICATION_VERSION);
|
||||
@@ -620,10 +620,12 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
|
||||
/*
|
||||
* Returns true if the specified package name is sealed according to the
|
||||
* given manifest.
|
||||
*
|
||||
* @throws SecurityException if the package name is untrusted in the manifest
|
||||
*/
|
||||
private boolean isSealed(String name, Manifest man) {
|
||||
String path = name.replace('.', '/').concat("/");
|
||||
Attributes attr = man.getAttributes(path);
|
||||
Attributes attr = SharedSecrets.javaUtilJarAccess()
|
||||
.getTrustedAttributes(man, name.replace('.', '/').concat("/"));
|
||||
String sealed = null;
|
||||
if (attr != null) {
|
||||
sealed = attr.getValue(Name.SEALED);
|
||||
|
||||
@@ -417,10 +417,10 @@ class JarFile extends ZipFile {
|
||||
if (manEntry != null) {
|
||||
if (verify) {
|
||||
byte[] b = getBytes(manEntry);
|
||||
man = new Manifest(new ByteArrayInputStream(b));
|
||||
if (!jvInitialized) {
|
||||
jv = new JarVerifier(b);
|
||||
}
|
||||
man = new Manifest(jv, new ByteArrayInputStream(b));
|
||||
} else {
|
||||
man = new Manifest(super.getInputStream(manEntry));
|
||||
}
|
||||
@@ -1010,29 +1010,13 @@ class JarFile extends ZipFile {
|
||||
int i = match(MULTIRELEASE_CHARS, b, MULTIRELEASE_LASTOCC,
|
||||
MULTIRELEASE_OPTOSFT);
|
||||
if (i != -1) {
|
||||
i += MULTIRELEASE_CHARS.length;
|
||||
if (i < b.length) {
|
||||
byte c = b[i++];
|
||||
// Check that the value is followed by a newline
|
||||
// and does not have a continuation
|
||||
if (c == '\n' &&
|
||||
(i == b.length || b[i] != ' ')) {
|
||||
isMultiRelease = true;
|
||||
} else if (c == '\r') {
|
||||
if (i == b.length) {
|
||||
isMultiRelease = true;
|
||||
} else {
|
||||
c = b[i++];
|
||||
if (c == '\n') {
|
||||
if (i == b.length || b[i] != ' ') {
|
||||
isMultiRelease = true;
|
||||
}
|
||||
} else if (c != ' ') {
|
||||
isMultiRelease = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// Read the main attributes of the manifest
|
||||
byte[] lbuf = new byte[512];
|
||||
Attributes attr = new Attributes();
|
||||
attr.read(new Manifest.FastInputStream(
|
||||
new ByteArrayInputStream(b)), lbuf);
|
||||
isMultiRelease = Boolean.parseBoolean(
|
||||
attr.getValue(Attributes.Name.MULTI_RELEASE));
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1040,7 +1024,7 @@ class JarFile extends ZipFile {
|
||||
}
|
||||
}
|
||||
|
||||
private synchronized void ensureInitialization() {
|
||||
synchronized void ensureInitialization() {
|
||||
try {
|
||||
maybeInstantiateVerifier();
|
||||
} catch (IOException e) {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -858,4 +858,24 @@ class JarVerifier {
|
||||
static CodeSource getUnsignedCS(URL url) {
|
||||
return new VerifierCodeSource(null, url, (java.security.cert.Certificate[]) null);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns whether the name is trusted. Used by
|
||||
* {@link Manifest#getTrustedAttributes(String)}.
|
||||
*/
|
||||
boolean isTrustedManifestEntry(String name) {
|
||||
// How many signers? MANIFEST.MF is always verified
|
||||
CodeSigner[] forMan = verifiedSigners.get(JarFile.MANIFEST_NAME);
|
||||
if (forMan == null) {
|
||||
return true;
|
||||
}
|
||||
// Check sigFileSigners first, because we are mainly dealing with
|
||||
// non-file entries which will stay in sigFileSigners forever.
|
||||
CodeSigner[] forName = sigFileSigners.get(name);
|
||||
if (forName == null) {
|
||||
forName = verifiedSigners.get(name);
|
||||
}
|
||||
// Returns trusted if all signers sign the entry
|
||||
return forName != null && forName.length == forMan.length;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -60,4 +60,12 @@ class JavaUtilJarAccessImpl implements JavaUtilJarAccess {
|
||||
public List<Object> getManifestDigests(JarFile jar) {
|
||||
return jar.getManifestDigests();
|
||||
}
|
||||
|
||||
public Attributes getTrustedAttributes(Manifest man, String name) {
|
||||
return man.getTrustedAttributes(name);
|
||||
}
|
||||
|
||||
public void ensureInitialization(JarFile jar) {
|
||||
jar.ensureInitialization();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -32,7 +32,6 @@ import java.io.OutputStream;
|
||||
import java.io.IOException;
|
||||
import java.util.Map;
|
||||
import java.util.HashMap;
|
||||
import java.util.Iterator;
|
||||
|
||||
/**
|
||||
* The Manifest class is used to maintain Manifest entry names and their
|
||||
@@ -48,15 +47,19 @@ import java.util.Iterator;
|
||||
*/
|
||||
public class Manifest implements Cloneable {
|
||||
// manifest main attributes
|
||||
private Attributes attr = new Attributes();
|
||||
private final Attributes attr = new Attributes();
|
||||
|
||||
// manifest entries
|
||||
private Map<String, Attributes> entries = new HashMap<>();
|
||||
private final Map<String, Attributes> entries = new HashMap<>();
|
||||
|
||||
// associated JarVerifier, not null when called by JarFile::getManifest.
|
||||
private final JarVerifier jv;
|
||||
|
||||
/**
|
||||
* Constructs a new, empty Manifest.
|
||||
*/
|
||||
public Manifest() {
|
||||
jv = null;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -66,7 +69,16 @@ public class Manifest implements Cloneable {
|
||||
* @throws IOException if an I/O error has occurred
|
||||
*/
|
||||
public Manifest(InputStream is) throws IOException {
|
||||
this(null, is);
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructs a new Manifest from the specified input stream
|
||||
* and associates it with a JarVerifier.
|
||||
*/
|
||||
Manifest(JarVerifier jv, InputStream is) throws IOException {
|
||||
read(is);
|
||||
this.jv = jv;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -77,6 +89,7 @@ public class Manifest implements Cloneable {
|
||||
public Manifest(Manifest man) {
|
||||
attr.putAll(man.getMainAttributes());
|
||||
entries.putAll(man.getEntries());
|
||||
jv = man.jv;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -126,6 +139,27 @@ public class Manifest implements Cloneable {
|
||||
return getEntries().get(name);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the Attributes for the specified entry name, if trusted.
|
||||
*
|
||||
* @param name entry name
|
||||
* @return returns the same result as {@link #getAttributes(String)}
|
||||
* @throws SecurityException if the associated jar is signed but this entry
|
||||
* has been modified after signing (i.e. the section in the manifest
|
||||
* does not exist in SF files of all signers).
|
||||
*/
|
||||
Attributes getTrustedAttributes(String name) {
|
||||
// Note: Before the verification of MANIFEST.MF/.SF/.RSA files is done,
|
||||
// jv.isTrustedManifestEntry() isn't able to detect MANIFEST.MF change.
|
||||
// Users of this method should call SharedSecrets.javaUtilJarAccess()
|
||||
// .ensureInitialization() first.
|
||||
Attributes result = getAttributes(name);
|
||||
if (result != null && jv != null && ! jv.isTrustedManifestEntry(name)) {
|
||||
throw new SecurityException("Untrusted manifest entry: " + name);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
/**
|
||||
* Clears the main Attributes as well as the entries in this Manifest.
|
||||
*/
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -50,6 +50,13 @@ import javax.crypto.IllegalBlockSizeException;
|
||||
* that are not thrown by its ancestor classes. In particular, the
|
||||
* <code>skip</code> method skips, and the <code>available</code>
|
||||
* method counts only data that have been processed by the encapsulated Cipher.
|
||||
* This class may catch BadPaddingException and other exceptions thrown by
|
||||
* failed integrity checks during decryption. These exceptions are not
|
||||
* re-thrown, so the client may not be informed that integrity checks
|
||||
* failed. Because of this behavior, this class may not be suitable
|
||||
* for use with decryption in an authenticated mode of operation (e.g. GCM).
|
||||
* Applications that require authenticated encryption can use the Cipher API
|
||||
* directly as an alternative to using this class.
|
||||
*
|
||||
* <p> It is crucial for a programmer using this class not to use
|
||||
* methods that are not defined or overriden in this class (such as a
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2011, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -120,7 +120,7 @@ public class GCMParameterSpec implements AlgorithmParameterSpec {
|
||||
|
||||
// Input sanity check
|
||||
if ((src == null) ||(len < 0) || (offset < 0)
|
||||
|| ((len + offset) > src.length)) {
|
||||
|| (len > (src.length - offset))) {
|
||||
throw new IllegalArgumentException("Invalid buffer arguments");
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -60,6 +60,7 @@ import java.util.jar.Attributes;
|
||||
import java.util.jar.Manifest;
|
||||
import java.util.stream.Stream;
|
||||
|
||||
import jdk.internal.misc.SharedSecrets;
|
||||
import jdk.internal.misc.VM;
|
||||
import jdk.internal.module.ModulePatcher.PatchedModuleReader;
|
||||
import jdk.internal.module.Resources;
|
||||
@@ -862,7 +863,8 @@ public class BuiltinClassLoader
|
||||
* Manifest are used to get the package version and sealing information.
|
||||
*
|
||||
* @throws IllegalArgumentException if the package name duplicates an
|
||||
* existing package either in this class loader or one of its ancestors
|
||||
* existing package either in this class loader or one of its ancestors
|
||||
* @throws SecurityException if the package name is untrusted in the manifest
|
||||
*/
|
||||
private Package definePackage(String pn, Manifest man, URL url) {
|
||||
String specTitle = null;
|
||||
@@ -875,7 +877,8 @@ public class BuiltinClassLoader
|
||||
URL sealBase = null;
|
||||
|
||||
if (man != null) {
|
||||
Attributes attr = man.getAttributes(pn.replace('.', '/').concat("/"));
|
||||
Attributes attr = SharedSecrets.javaUtilJarAccess()
|
||||
.getTrustedAttributes(man, pn.replace('.', '/').concat("/"));
|
||||
if (attr != null) {
|
||||
specTitle = attr.getValue(Attributes.Name.SPECIFICATION_TITLE);
|
||||
specVersion = attr.getValue(Attributes.Name.SPECIFICATION_VERSION);
|
||||
@@ -921,10 +924,12 @@ public class BuiltinClassLoader
|
||||
/**
|
||||
* Returns {@code true} if the specified package name is sealed according to
|
||||
* the given manifest.
|
||||
*
|
||||
* @throws SecurityException if the package name is untrusted in the manifest
|
||||
*/
|
||||
private boolean isSealed(String pn, Manifest man) {
|
||||
String path = pn.replace('.', '/').concat("/");
|
||||
Attributes attr = man.getAttributes(path);
|
||||
Attributes attr = SharedSecrets.javaUtilJarAccess()
|
||||
.getTrustedAttributes(man, pn.replace('.', '/').concat("/"));
|
||||
String sealed = null;
|
||||
if (attr != null)
|
||||
sealed = attr.getValue(Attributes.Name.SEALED);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -34,6 +34,7 @@ import java.io.InputStream;
|
||||
import java.net.HttpURLConnection;
|
||||
import java.net.JarURLConnection;
|
||||
import java.net.MalformedURLException;
|
||||
import java.net.URI;
|
||||
import java.net.URL;
|
||||
import java.net.URLConnection;
|
||||
import java.net.URLStreamHandler;
|
||||
@@ -88,6 +89,8 @@ public class URLClassPath {
|
||||
private static final boolean DEBUG;
|
||||
private static final boolean DISABLE_JAR_CHECKING;
|
||||
private static final boolean DISABLE_ACC_CHECKING;
|
||||
private static final boolean DISABLE_CP_URL_CHECK;
|
||||
private static final boolean DEBUG_CP_URL_CHECK;
|
||||
|
||||
static {
|
||||
Properties props = GetPropertyAction.privilegedGetProperties();
|
||||
@@ -98,6 +101,12 @@ public class URLClassPath {
|
||||
|
||||
p = props.getProperty("jdk.net.URLClassPath.disableRestrictedPermissions");
|
||||
DISABLE_ACC_CHECKING = p != null ? p.equals("true") || p.equals("") : false;
|
||||
|
||||
// This property will be removed in a later release
|
||||
p = props.getProperty("jdk.net.URLClassPath.disableClassPathURLCheck");
|
||||
|
||||
DISABLE_CP_URL_CHECK = p != null ? p.equals("true") || p.isEmpty() : false;
|
||||
DEBUG_CP_URL_CHECK = "debug".equals(p);
|
||||
}
|
||||
|
||||
/* The original search path of URLs. */
|
||||
@@ -857,8 +866,10 @@ public class URLClassPath {
|
||||
{ return jar.getInputStream(entry); }
|
||||
public int getContentLength()
|
||||
{ return (int)entry.getSize(); }
|
||||
public Manifest getManifest() throws IOException
|
||||
{ return jar.getManifest(); };
|
||||
public Manifest getManifest() throws IOException {
|
||||
SharedSecrets.javaUtilJarAccess().ensureInitialization(jar);
|
||||
return jar.getManifest();
|
||||
}
|
||||
public Certificate[] getCertificates()
|
||||
{ return entry.getCertificates(); };
|
||||
public CodeSigner[] getCodeSigners()
|
||||
@@ -1081,11 +1092,51 @@ public class URLClassPath {
|
||||
int i = 0;
|
||||
while (st.hasMoreTokens()) {
|
||||
String path = st.nextToken();
|
||||
urls[i] = new URL(base, path);
|
||||
i++;
|
||||
URL url = DISABLE_CP_URL_CHECK ? new URL(base, path) : safeResolve(base, path);
|
||||
if (url != null) {
|
||||
urls[i] = url;
|
||||
i++;
|
||||
}
|
||||
}
|
||||
if (i == 0) {
|
||||
urls = null;
|
||||
} else if (i != urls.length) {
|
||||
// Truncate nulls from end of array
|
||||
urls = Arrays.copyOf(urls, i);
|
||||
}
|
||||
return urls;
|
||||
}
|
||||
|
||||
/*
|
||||
* Return a URL for the given path resolved against the base URL, or
|
||||
* null if the resulting URL is invalid.
|
||||
*/
|
||||
static URL safeResolve(URL base, String path) {
|
||||
String child = path.replace(File.separatorChar, '/');
|
||||
try {
|
||||
if (!URI.create(child).isAbsolute()) {
|
||||
URL url = new URL(base, child);
|
||||
if (base.getProtocol().equalsIgnoreCase("file")) {
|
||||
return url;
|
||||
} else {
|
||||
String bp = base.getPath();
|
||||
String urlp = url.getPath();
|
||||
int pos = bp.lastIndexOf('/');
|
||||
if (pos == -1) {
|
||||
pos = bp.length() - 1;
|
||||
}
|
||||
if (urlp.regionMatches(0, bp, 0, pos + 1)
|
||||
&& urlp.indexOf("..", pos) == -1) {
|
||||
return url;
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch (MalformedURLException | IllegalArgumentException e) {}
|
||||
if (DEBUG_CP_URL_CHECK) {
|
||||
System.err.println("Class-Path entry: \"" + path + "\" ignored in JAR file " + base);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -30,8 +30,10 @@ import java.net.URL;
|
||||
import java.security.CodeSource;
|
||||
import java.util.Enumeration;
|
||||
import java.util.List;
|
||||
import java.util.jar.Attributes;
|
||||
import java.util.jar.JarEntry;
|
||||
import java.util.jar.JarFile;
|
||||
import java.util.jar.Manifest;
|
||||
|
||||
public interface JavaUtilJarAccess {
|
||||
public boolean jarFileHasClassPathAttribute(JarFile jar) throws IOException;
|
||||
@@ -41,4 +43,6 @@ public interface JavaUtilJarAccess {
|
||||
public Enumeration<JarEntry> entries2(JarFile jar);
|
||||
public void setEagerValidation(JarFile jar, boolean eager);
|
||||
public List<Object> getManifestDigests(JarFile jar);
|
||||
public Attributes getTrustedAttributes(Manifest man, String name);
|
||||
public void ensureInitialization(JarFile jar);
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1995, 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1995, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -2725,6 +2725,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||
// doesn't know about proxy.
|
||||
useProxyResponseCode = true;
|
||||
} else {
|
||||
final URL prevURL = url;
|
||||
|
||||
// maintain previous headers, just change the name
|
||||
// of the file we're getting
|
||||
url = locUrl;
|
||||
@@ -2753,6 +2755,14 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||
poster = null;
|
||||
if (!checkReuseConnection())
|
||||
connect();
|
||||
|
||||
if (!sameDestination(prevURL, url)) {
|
||||
// Ensures pre-redirect user-set cookie will not be reset.
|
||||
// CookieHandler, if any, will be queried to determine
|
||||
// cookies for redirected URL, if any.
|
||||
userCookies = null;
|
||||
userCookies2 = null;
|
||||
}
|
||||
} else {
|
||||
if (!checkReuseConnection())
|
||||
connect();
|
||||
@@ -2775,11 +2785,52 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||
}
|
||||
requests.set("Host", host);
|
||||
}
|
||||
|
||||
if (!sameDestination(prevURL, url)) {
|
||||
// Redirecting to a different destination will drop any
|
||||
// security-sensitive headers, regardless of whether
|
||||
// they are user-set or not. CookieHandler, if any, will be
|
||||
// queried to determine cookies for redirected URL, if any.
|
||||
userCookies = null;
|
||||
userCookies2 = null;
|
||||
requests.remove("Cookie");
|
||||
requests.remove("Cookie2");
|
||||
requests.remove("Authorization");
|
||||
|
||||
// check for preemptive authorization
|
||||
AuthenticationInfo sauth =
|
||||
AuthenticationInfo.getServerAuth(url, getAuthenticatorKey());
|
||||
if (sauth != null && sauth.supportsPreemptiveAuthorization() ) {
|
||||
// Sets "Authorization"
|
||||
requests.setIfNotSet(sauth.getHeaderName(), sauth.getHeaderValue(url,method));
|
||||
currentServerCredentials = sauth;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/* Returns true iff the given URLs have the same host and effective port. */
|
||||
private static boolean sameDestination(URL firstURL, URL secondURL) {
|
||||
assert firstURL.getProtocol().equalsIgnoreCase(secondURL.getProtocol()):
|
||||
"protocols not equal: " + firstURL + " - " + secondURL;
|
||||
|
||||
if (!firstURL.getHost().equalsIgnoreCase(secondURL.getHost()))
|
||||
return false;
|
||||
|
||||
int firstPort = firstURL.getPort();
|
||||
if (firstPort == -1)
|
||||
firstPort = firstURL.getDefaultPort();
|
||||
int secondPort = secondURL.getPort();
|
||||
if (secondPort == -1)
|
||||
secondPort = secondURL.getDefaultPort();
|
||||
if (firstPort != secondPort)
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/* dummy byte buffer for reading off socket prior to closing */
|
||||
byte[] cdata = new byte [128];
|
||||
|
||||
|
||||
@@ -435,12 +435,12 @@ enum CipherSuite {
|
||||
0x0003, false, "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
|
||||
"TLS_RSA_EXPORT_WITH_RC4_40_MD5",
|
||||
ProtocolVersion.PROTOCOLS_TO_10,
|
||||
K_RSA_EXPORT, B_DES_40, M_MD5, H_NONE),
|
||||
K_RSA_EXPORT, B_RC4_40, M_MD5, H_NONE),
|
||||
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5(
|
||||
0x0017, false, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
|
||||
"TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",
|
||||
ProtocolVersion.PROTOCOLS_TO_10,
|
||||
K_DH_ANON, B_DES_40, M_MD5, H_NONE),
|
||||
K_DH_ANON, B_RC4_40, M_MD5, H_NONE),
|
||||
|
||||
// no traffic encryption cipher suites
|
||||
TLS_RSA_WITH_NULL_SHA256(
|
||||
|
||||
@@ -35,6 +35,7 @@ import java.util.Collections;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
import java.util.Objects;
|
||||
import javax.net.ssl.SSLException;
|
||||
import javax.net.ssl.SSLHandshakeException;
|
||||
import javax.net.ssl.SSLPeerUnverifiedException;
|
||||
@@ -510,6 +511,23 @@ final class ClientHello {
|
||||
}
|
||||
}
|
||||
|
||||
// ensure that the endpoint identification algorithm matches the
|
||||
// one in the session
|
||||
String identityAlg = chc.sslConfig.identificationProtocol;
|
||||
if (session != null && identityAlg != null) {
|
||||
String sessionIdentityAlg =
|
||||
session.getIdentificationProtocol();
|
||||
if (!Objects.equals(identityAlg, sessionIdentityAlg)) {
|
||||
if (SSLLogger.isOn &&
|
||||
SSLLogger.isOn("ssl,handshake,verbose")) {
|
||||
SSLLogger.finest("Can't resume, endpoint id" +
|
||||
" algorithm does not match, requested: " +
|
||||
identityAlg + ", cached: " + sessionIdentityAlg);
|
||||
}
|
||||
session = null;
|
||||
}
|
||||
}
|
||||
|
||||
if (session != null) {
|
||||
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
|
||||
SSLLogger.finest("Try resuming session", session);
|
||||
@@ -1011,6 +1029,23 @@ final class ClientHello {
|
||||
}
|
||||
}
|
||||
|
||||
// ensure that the endpoint identification algorithm matches the
|
||||
// one in the session
|
||||
String identityAlg = shc.sslConfig.identificationProtocol;
|
||||
if (resumingSession && identityAlg != null) {
|
||||
String sessionIdentityAlg =
|
||||
previous.getIdentificationProtocol();
|
||||
if (!Objects.equals(identityAlg, sessionIdentityAlg)) {
|
||||
if (SSLLogger.isOn &&
|
||||
SSLLogger.isOn("ssl,handshake,verbose")) {
|
||||
SSLLogger.finest("Can't resume, endpoint id" +
|
||||
" algorithm does not match, requested: " +
|
||||
identityAlg + ", cached: " + sessionIdentityAlg);
|
||||
}
|
||||
resumingSession = false;
|
||||
}
|
||||
}
|
||||
|
||||
// So far so good. Note that the handshake extensions may reset
|
||||
// the resuming options later.
|
||||
shc.isResumption = resumingSession;
|
||||
|
||||
@@ -32,6 +32,7 @@ import java.util.List;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Locale;
|
||||
import java.util.Arrays;
|
||||
import java.util.Objects;
|
||||
import java.util.Optional;
|
||||
import java.util.Collection;
|
||||
import javax.crypto.Mac;
|
||||
@@ -443,6 +444,23 @@ final class PreSharedKeyExtension {
|
||||
}
|
||||
}
|
||||
|
||||
// ensure that the endpoint identification algorithm matches the
|
||||
// one in the session
|
||||
String identityAlg = shc.sslConfig.identificationProtocol;
|
||||
if (result && identityAlg != null) {
|
||||
String sessionIdentityAlg = s.getIdentificationProtocol();
|
||||
if (!Objects.equals(identityAlg, sessionIdentityAlg)) {
|
||||
if (SSLLogger.isOn &&
|
||||
SSLLogger.isOn("ssl,handshake,verbose")) {
|
||||
|
||||
SSLLogger.finest("Can't resume, endpoint id" +
|
||||
" algorithm does not match, requested: " +
|
||||
identityAlg + ", cached: " + sessionIdentityAlg);
|
||||
}
|
||||
result = false;
|
||||
}
|
||||
}
|
||||
|
||||
// Ensure cipher suite can be negotiated
|
||||
if (result && (!shc.isNegotiable(s.getSuite()) ||
|
||||
!clientHello.cipherSuites.contains(s.getSuite()))) {
|
||||
|
||||
@@ -132,6 +132,10 @@ final class SSLSessionImpl extends ExtendedSSLSession {
|
||||
// Counter used to create unique nonces in NewSessionTicket
|
||||
private BigInteger ticketNonceCounter = BigInteger.ONE;
|
||||
|
||||
// The endpoint identification algorithm used to check certificates
|
||||
// in this session.
|
||||
private final String identificationProtocol;
|
||||
|
||||
/*
|
||||
* Create a new non-rejoinable session, using the default (null)
|
||||
* cipher spec. This constructor returns a session which could
|
||||
@@ -149,6 +153,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
|
||||
this.requestedServerNames = Collections.<SNIServerName>emptyList();
|
||||
this.useExtendedMasterSecret = false;
|
||||
this.creationTime = System.currentTimeMillis();
|
||||
this.identificationProtocol = null;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -198,6 +203,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
|
||||
(!hc.negotiatedProtocol.useTLS13PlusSpec());
|
||||
}
|
||||
this.creationTime = creationTime;
|
||||
this.identificationProtocol = hc.sslConfig.identificationProtocol;
|
||||
|
||||
if (SSLLogger.isOn && SSLLogger.isOn("session")) {
|
||||
SSLLogger.finest("Session initialized: " + this);
|
||||
@@ -259,6 +265,10 @@ final class SSLSessionImpl extends ExtendedSSLSession {
|
||||
return ticketAgeAdd;
|
||||
}
|
||||
|
||||
String getIdentificationProtocol() {
|
||||
return this.identificationProtocol;
|
||||
}
|
||||
|
||||
/*
|
||||
* Get the PSK identity. Take care not to use it in multiple connections.
|
||||
*/
|
||||
|
||||
@@ -525,7 +525,7 @@ final class SignatureAlgorithmsExtension {
|
||||
// signatures appearing in certificates.
|
||||
SignatureSchemesSpec certSpec =
|
||||
(SignatureSchemesSpec)chc.handshakeExtensions.get(
|
||||
SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT);
|
||||
SSLExtension.CR_SIGNATURE_ALGORITHMS_CERT);
|
||||
if (certSpec == null) {
|
||||
chc.peerRequestedCertSignSchemes = sss;
|
||||
chc.handshakeSession.setPeerSupportedSignatureAlgorithms(sss);
|
||||
|
||||
@@ -27,7 +27,6 @@ package sun.security.ssl;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.security.AccessController;
|
||||
import java.security.AlgorithmConstraints;
|
||||
import java.security.AlgorithmParameters;
|
||||
import java.security.CryptoPrimitive;
|
||||
@@ -482,8 +481,8 @@ final class SupportedGroupsExtension {
|
||||
//
|
||||
// If the System Property is not defined or the value is empty, the
|
||||
// default groups and preferences will be used.
|
||||
String property = AccessController.doPrivileged(
|
||||
new GetPropertyAction("jdk.tls.namedGroups"));
|
||||
String property = GetPropertyAction
|
||||
.privilegedGetProperty("jdk.tls.namedGroups");
|
||||
if (property != null && property.length() != 0) {
|
||||
// remove double quote marks from beginning/end of the property
|
||||
if (property.length() > 1 && property.charAt(0) == '"' &&
|
||||
@@ -672,6 +671,11 @@ final class SupportedGroupsExtension {
|
||||
}
|
||||
|
||||
AlgorithmParameters params = namedGroupParams.get(namedGroup);
|
||||
if (params == null) {
|
||||
throw new RuntimeException(
|
||||
"Not a supported EC named group: " + namedGroup);
|
||||
}
|
||||
|
||||
try {
|
||||
return params.getParameterSpec(ECGenParameterSpec.class);
|
||||
} catch (InvalidParameterSpecException ipse) {
|
||||
@@ -687,6 +691,11 @@ final class SupportedGroupsExtension {
|
||||
}
|
||||
|
||||
AlgorithmParameters params = namedGroupParams.get(namedGroup);
|
||||
if (params == null) {
|
||||
throw new RuntimeException(
|
||||
"Not a supported DH named group: " + namedGroup);
|
||||
}
|
||||
|
||||
try {
|
||||
return params.getParameterSpec(DHParameterSpec.class);
|
||||
} catch (InvalidParameterSpecException ipse) {
|
||||
@@ -739,7 +748,7 @@ final class SupportedGroupsExtension {
|
||||
namedGroupParams.get(namedGroup));
|
||||
}
|
||||
|
||||
// Is there any supported group permitted by the constraints?
|
||||
// Is the named group supported?
|
||||
static boolean isSupported(NamedGroup namedGroup) {
|
||||
for (NamedGroup group : supportedNamedGroups) {
|
||||
if (namedGroup.id == group.id) {
|
||||
@@ -757,6 +766,7 @@ final class SupportedGroupsExtension {
|
||||
for (NamedGroup namedGroup : requestedNamedGroups) {
|
||||
if ((namedGroup.type == type) &&
|
||||
namedGroup.isAvailable(negotiatedProtocol) &&
|
||||
isSupported(namedGroup) &&
|
||||
constraints.permits(
|
||||
EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
|
||||
namedGroup.algorithm,
|
||||
|
||||
@@ -675,8 +675,8 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
|
||||
#
|
||||
# Example:
|
||||
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
|
||||
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
|
||||
EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
|
||||
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
|
||||
EC keySize < 224, 3DES_EDE_CBC
|
||||
|
||||
#
|
||||
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
|
||||
|
||||
Binary file not shown.
@@ -211,11 +211,7 @@ throwFileNotFoundException(JNIEnv *env, jstring path)
|
||||
|
||||
n = getLastErrorString(buf, sizeof(buf));
|
||||
if (n > 0) {
|
||||
#ifdef WIN32
|
||||
why = (*env)->NewStringUTF(env, buf);
|
||||
#else
|
||||
why = JNU_NewStringPlatform(env, buf);
|
||||
#endif
|
||||
CHECK_NULL(why);
|
||||
}
|
||||
x = JNU_NewObjectByName(env,
|
||||
|
||||
@@ -331,9 +331,16 @@ JNIEXPORT jobject JNICALL Java_java_net_NetworkInterface_getByInetAddress0
|
||||
netif *ifs, *curr;
|
||||
jobject obj = NULL;
|
||||
jboolean match = JNI_FALSE;
|
||||
int family = (getInetAddress_family(env, iaObj) == java_net_InetAddress_IPv4) ?
|
||||
AF_INET : AF_INET6;
|
||||
int family = getInetAddress_family(env, iaObj);
|
||||
JNU_CHECK_EXCEPTION_RETURN(env, NULL);
|
||||
|
||||
if (family == java_net_InetAddress_IPv4) {
|
||||
family = AF_INET;
|
||||
} else if (family == java_net_InetAddress_IPv6) {
|
||||
family = AF_INET6;
|
||||
} else {
|
||||
return NULL; // Invalid family
|
||||
}
|
||||
ifs = enumInterfaces(env);
|
||||
if (ifs == NULL) {
|
||||
return NULL;
|
||||
@@ -351,7 +358,9 @@ JNIEXPORT jobject JNICALL Java_java_net_NetworkInterface_getByInetAddress0
|
||||
int address1 = htonl(
|
||||
((struct sockaddr_in *)addrP->addr)->sin_addr.s_addr);
|
||||
int address2 = getInetAddress_addr(env, iaObj);
|
||||
JNU_CHECK_EXCEPTION_RETURN(env, NULL);
|
||||
if ((*env)->ExceptionCheck(env)) {
|
||||
goto cleanup;
|
||||
}
|
||||
if (address1 == address2) {
|
||||
match = JNI_TRUE;
|
||||
break;
|
||||
@@ -397,6 +406,7 @@ JNIEXPORT jobject JNICALL Java_java_net_NetworkInterface_getByInetAddress0
|
||||
obj = createNetworkInterface(env, curr);
|
||||
}
|
||||
|
||||
cleanup:
|
||||
// release the interface list
|
||||
freeif(ifs);
|
||||
|
||||
|
||||
@@ -280,6 +280,7 @@ int enumInterfaces(JNIEnv *env, netif **netifPP)
|
||||
if (curr->name == NULL || curr->displayName == NULL) {
|
||||
if (curr->name) free(curr->name);
|
||||
if (curr->displayName) free(curr->displayName);
|
||||
free(curr);
|
||||
curr = NULL;
|
||||
}
|
||||
}
|
||||
@@ -586,7 +587,10 @@ jobject createNetworkInterface
|
||||
/* default ctor will set family to AF_INET */
|
||||
|
||||
setInetAddress_addr(env, iaObj, ntohl(addrs->addr.sa4.sin_addr.s_addr));
|
||||
JNU_CHECK_EXCEPTION_RETURN(env, NULL);
|
||||
if ((*env)->ExceptionCheck(env)) {
|
||||
free_netaddr(netaddrP);
|
||||
return NULL;
|
||||
}
|
||||
if (addrs->mask != -1) {
|
||||
ibObj = (*env)->NewObject(env, ni_ibcls, ni_ibctrID);
|
||||
if (ibObj == NULL) {
|
||||
@@ -600,7 +604,10 @@ jobject createNetworkInterface
|
||||
return NULL;
|
||||
}
|
||||
setInetAddress_addr(env, ia2Obj, ntohl(addrs->brdcast.sa4.sin_addr.s_addr));
|
||||
JNU_CHECK_EXCEPTION_RETURN(env, NULL);
|
||||
if ((*env)->ExceptionCheck(env)) {
|
||||
free_netaddr(netaddrP);
|
||||
return NULL;
|
||||
}
|
||||
(*env)->SetObjectField(env, ibObj, ni_ibbroadcastID, ia2Obj);
|
||||
(*env)->SetShortField(env, ibObj, ni_ibmaskID, addrs->mask);
|
||||
(*env)->SetObjectArrayElement(env, bindsArr, bind_index++, ibObj);
|
||||
@@ -611,6 +618,7 @@ jobject createNetworkInterface
|
||||
if (iaObj) {
|
||||
jboolean ret = setInet6Address_ipaddress(env, iaObj, (jbyte *)&(addrs->addr.sa6.sin6_addr.s6_addr));
|
||||
if (ret == JNI_FALSE) {
|
||||
free_netaddr(netaddrP);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
@@ -521,8 +521,9 @@ static jobject createNetworkInterfaceXP(JNIEnv *env, netif *ifs)
|
||||
jobjectArray addrArr, bindsArr, childArr;
|
||||
netaddr *addrs;
|
||||
jint addr_index;
|
||||
int netaddrCount=ifs->naddrs;
|
||||
netaddr *netaddrP=ifs->addrs;
|
||||
int netaddrCount = ifs->naddrs;
|
||||
netaddr *netaddrP = ifs->addrs;
|
||||
netaddr *netaddrPToFree = NULL;
|
||||
jint bind_index;
|
||||
|
||||
/*
|
||||
@@ -553,21 +554,23 @@ static jobject createNetworkInterfaceXP(JNIEnv *env, netif *ifs)
|
||||
* Note that 0 is a valid number of addresses.
|
||||
*/
|
||||
if (netaddrCount < 0) {
|
||||
netaddrCount = enumAddresses_win(env, ifs, &netaddrP);
|
||||
netaddrCount = enumAddresses_win(env, ifs, &netaddrPToFree);
|
||||
if (netaddrCount == -1) {
|
||||
return NULL;
|
||||
}
|
||||
netaddrP = netaddrPToFree;
|
||||
}
|
||||
|
||||
addrArr = (*env)->NewObjectArray(env, netaddrCount, ia_class, NULL);
|
||||
if (addrArr == NULL) {
|
||||
free_netaddr(netaddrPToFree);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
bindsArr = (*env)->NewObjectArray(env, netaddrCount, ni_ibcls, NULL);
|
||||
if (bindsArr == NULL) {
|
||||
free_netaddr(netaddrP);
|
||||
return NULL;
|
||||
free_netaddr(netaddrPToFree);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
addrs = netaddrP;
|
||||
@@ -579,25 +582,32 @@ static jobject createNetworkInterfaceXP(JNIEnv *env, netif *ifs)
|
||||
if (addrs->addr.sa.sa_family == AF_INET) {
|
||||
iaObj = (*env)->NewObject(env, ia4_class, ia4_ctrID);
|
||||
if (iaObj == NULL) {
|
||||
free_netaddr(netaddrPToFree);
|
||||
return NULL;
|
||||
}
|
||||
/* default ctor will set family to AF_INET */
|
||||
|
||||
setInetAddress_addr(env, iaObj, ntohl(addrs->addr.sa4.sin_addr.s_addr));
|
||||
JNU_CHECK_EXCEPTION_RETURN(env, NULL);
|
||||
if ((*env)->ExceptionCheck(env)) {
|
||||
free_netaddr(netaddrPToFree);
|
||||
return NULL;
|
||||
}
|
||||
ibObj = (*env)->NewObject(env, ni_ibcls, ni_ibctrID);
|
||||
if (ibObj == NULL) {
|
||||
free_netaddr(netaddrP);
|
||||
return NULL;
|
||||
free_netaddr(netaddrPToFree);
|
||||
return NULL;
|
||||
}
|
||||
(*env)->SetObjectField(env, ibObj, ni_ibaddressID, iaObj);
|
||||
ia2Obj = (*env)->NewObject(env, ia4_class, ia4_ctrID);
|
||||
if (ia2Obj == NULL) {
|
||||
free_netaddr(netaddrP);
|
||||
return NULL;
|
||||
free_netaddr(netaddrPToFree);
|
||||
return NULL;
|
||||
}
|
||||
setInetAddress_addr(env, ia2Obj, ntohl(addrs->brdcast.sa4.sin_addr.s_addr));
|
||||
JNU_CHECK_EXCEPTION_RETURN(env, NULL);
|
||||
if ((*env)->ExceptionCheck(env)) {
|
||||
free_netaddr(netaddrPToFree);
|
||||
return NULL;
|
||||
}
|
||||
(*env)->SetObjectField(env, ibObj, ni_ibbroadcastID, ia2Obj);
|
||||
(*env)->SetShortField(env, ibObj, ni_ibmaskID, addrs->mask);
|
||||
(*env)->SetObjectArrayElement(env, bindsArr, bind_index++, ibObj);
|
||||
@@ -606,10 +616,12 @@ static jobject createNetworkInterfaceXP(JNIEnv *env, netif *ifs)
|
||||
jboolean ret;
|
||||
iaObj = (*env)->NewObject(env, ia6_class, ia6_ctrID);
|
||||
if (iaObj == NULL) {
|
||||
free_netaddr(netaddrPToFree);
|
||||
return NULL;
|
||||
}
|
||||
ret = setInet6Address_ipaddress(env, iaObj, (jbyte *)&(addrs->addr.sa6.sin6_addr.s6_addr));
|
||||
if (ret == JNI_FALSE) {
|
||||
free_netaddr(netaddrPToFree);
|
||||
return NULL;
|
||||
}
|
||||
scope = addrs->addr.sa6.sin6_scope_id;
|
||||
@@ -619,8 +631,8 @@ static jobject createNetworkInterfaceXP(JNIEnv *env, netif *ifs)
|
||||
}
|
||||
ibObj = (*env)->NewObject(env, ni_ibcls, ni_ibctrID);
|
||||
if (ibObj == NULL) {
|
||||
free_netaddr(netaddrP);
|
||||
return NULL;
|
||||
free_netaddr(netaddrPToFree);
|
||||
return NULL;
|
||||
}
|
||||
(*env)->SetObjectField(env, ibObj, ni_ibaddressID, iaObj);
|
||||
(*env)->SetShortField(env, ibObj, ni_ibmaskID, addrs->mask);
|
||||
@@ -633,6 +645,8 @@ static jobject createNetworkInterfaceXP(JNIEnv *env, netif *ifs)
|
||||
(*env)->SetObjectField(env, netifObj, ni_addrsID, addrArr);
|
||||
(*env)->SetObjectField(env, netifObj, ni_bindsID, bindsArr);
|
||||
|
||||
free_netaddr(netaddrPToFree);
|
||||
|
||||
/*
|
||||
* Windows doesn't have virtual interfaces, so child array
|
||||
* is always empty.
|
||||
@@ -672,7 +686,7 @@ JNIEXPORT jobject JNICALL Java_java_net_NetworkInterface_getByName0_XP
|
||||
}
|
||||
|
||||
/* if found create a NetworkInterface */
|
||||
if (curr != NULL) {;
|
||||
if (curr != NULL) {
|
||||
netifObj = createNetworkInterfaceXP(env, curr);
|
||||
}
|
||||
|
||||
@@ -799,6 +813,7 @@ JNIEXPORT jobjectArray JNICALL Java_java_net_NetworkInterface_getAll_XP
|
||||
/* allocate a NetworkInterface array */
|
||||
netIFArr = (*env)->NewObjectArray(env, count, cls, NULL);
|
||||
if (netIFArr == NULL) {
|
||||
free_netif(ifList);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -813,6 +828,7 @@ JNIEXPORT jobjectArray JNICALL Java_java_net_NetworkInterface_getAll_XP
|
||||
|
||||
netifObj = createNetworkInterfaceXP(env, curr);
|
||||
if (netifObj == NULL) {
|
||||
free_netif(ifList);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
@@ -736,7 +736,7 @@ final class Win32ShellFolder2 extends ShellFolder {
|
||||
}
|
||||
|
||||
try {
|
||||
return invoke(new Callable<File[]>() {
|
||||
File[] files = invoke(new Callable<File[]>() {
|
||||
public File[] call() throws InterruptedException {
|
||||
if (!isDirectory()) {
|
||||
return null;
|
||||
@@ -791,6 +791,8 @@ final class Win32ShellFolder2 extends ShellFolder {
|
||||
: list.toArray(new ShellFolder[list.size()]);
|
||||
}
|
||||
}, InterruptedException.class);
|
||||
|
||||
return Win32ShellFolderManager2.checkFiles(files);
|
||||
} catch (InterruptedException e) {
|
||||
return new File[0];
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -387,21 +387,30 @@ final class Win32ShellFolderManager2 extends ShellFolderManager {
|
||||
return null;
|
||||
}
|
||||
|
||||
private File checkFile(File file) {
|
||||
private static File checkFile(File file) {
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
return (sm == null || file == null) ? file : checkFile(file, sm);
|
||||
}
|
||||
|
||||
private File checkFile(File file, SecurityManager sm) {
|
||||
private static File checkFile(File file, SecurityManager sm) {
|
||||
try {
|
||||
sm.checkRead(file.getPath());
|
||||
|
||||
if (file instanceof Win32ShellFolder2) {
|
||||
Win32ShellFolder2 f = (Win32ShellFolder2)file;
|
||||
if (f.isLink()) {
|
||||
Win32ShellFolder2 link = (Win32ShellFolder2)f.getLinkLocation();
|
||||
if (link != null)
|
||||
sm.checkRead(link.getPath());
|
||||
}
|
||||
}
|
||||
return file;
|
||||
} catch (SecurityException se) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
private File[] checkFiles(File[] files) {
|
||||
static File[] checkFiles(File[] files) {
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm == null || files == null || files.length == 0) {
|
||||
return files;
|
||||
@@ -409,7 +418,7 @@ final class Win32ShellFolderManager2 extends ShellFolderManager {
|
||||
return checkFiles(Arrays.stream(files), sm);
|
||||
}
|
||||
|
||||
private File[] checkFiles(List<File> files) {
|
||||
private static File[] checkFiles(List<File> files) {
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm == null || files.isEmpty()) {
|
||||
return files.toArray(new File[files.size()]);
|
||||
@@ -417,7 +426,7 @@ final class Win32ShellFolderManager2 extends ShellFolderManager {
|
||||
return checkFiles(files.stream(), sm);
|
||||
}
|
||||
|
||||
private File[] checkFiles(Stream<File> filesStream, SecurityManager sm) {
|
||||
private static File[] checkFiles(Stream<File> filesStream, SecurityManager sm) {
|
||||
return filesStream.filter((file) -> checkFile(file, sm) != null)
|
||||
.toArray(File[]::new);
|
||||
}
|
||||
|
||||
@@ -252,7 +252,7 @@ INT32 MIDI_IN_GetNumDevices() {
|
||||
}
|
||||
|
||||
INT32 getMidiInCaps(INT32 deviceID, MIDIINCAPSW* caps, INT32* err) {
|
||||
(*err) = midiInGetDevCapsW(deviceID, caps, sizeof(MIDIINCAPS));
|
||||
(*err) = midiInGetDevCapsW(deviceID, caps, sizeof(MIDIINCAPSW));
|
||||
return ((*err) == MMSYSERR_NOERROR);
|
||||
}
|
||||
|
||||
@@ -260,6 +260,7 @@ INT32 MIDI_IN_GetDeviceName(INT32 deviceID, char *name, UINT32 nameLength) {
|
||||
MIDIINCAPSW midiInCaps;
|
||||
INT32 err;
|
||||
|
||||
memset(&midiInCaps, 0, sizeof(midiInCaps));
|
||||
if (getMidiInCaps(deviceID, &midiInCaps, &err)) {
|
||||
UnicodeToUTF8AndCopy(name, midiInCaps.szPname, nameLength);
|
||||
return MIDI_SUCCESS;
|
||||
@@ -284,6 +285,7 @@ INT32 MIDI_IN_GetDeviceVersion(INT32 deviceID, char *name, UINT32 nameLength) {
|
||||
MIDIINCAPSW midiInCaps;
|
||||
INT32 err = MIDI_NOT_SUPPORTED;
|
||||
|
||||
memset(&midiInCaps, 0, sizeof(midiInCaps));
|
||||
if (getMidiInCaps(deviceID, &midiInCaps, &err) && (nameLength>7)) {
|
||||
sprintf(name, "%d.%d", (midiInCaps.vDriverVersion & 0xFF00) >> 8, midiInCaps.vDriverVersion & 0xFF);
|
||||
return MIDI_SUCCESS;
|
||||
|
||||
@@ -70,12 +70,13 @@ INT32 MIDI_OUT_GetNumDevices() {
|
||||
|
||||
|
||||
INT32 getMidiOutCaps(INT32 deviceID, MIDIOUTCAPSW* caps, INT32* err) {
|
||||
UINT_PTR id;
|
||||
if (deviceID == 0) {
|
||||
deviceID = MIDI_MAPPER;
|
||||
id = MIDI_MAPPER;
|
||||
} else {
|
||||
deviceID--;
|
||||
id = (UINT_PTR)(deviceID-1);
|
||||
}
|
||||
(*err) = (INT32) midiOutGetDevCapsW(deviceID, caps, sizeof(MIDIOUTCAPS));
|
||||
(*err) = (INT32) midiOutGetDevCapsW(id, caps, sizeof(MIDIOUTCAPSW));
|
||||
return ((*err) == MMSYSERR_NOERROR);
|
||||
}
|
||||
|
||||
@@ -84,6 +85,7 @@ INT32 MIDI_OUT_GetDeviceName(INT32 deviceID, char *name, UINT32 nameLength) {
|
||||
MIDIOUTCAPSW midiOutCaps;
|
||||
INT32 err;
|
||||
|
||||
memset(&midiOutCaps, 0, sizeof(midiOutCaps));
|
||||
if (getMidiOutCaps(deviceID, &midiOutCaps, &err)) {
|
||||
UnicodeToUTF8AndCopy(name, midiOutCaps.szPname, nameLength);
|
||||
return MIDI_SUCCESS;
|
||||
@@ -103,6 +105,7 @@ INT32 MIDI_OUT_GetDeviceDescription(INT32 deviceID, char *name, UINT32 nameLengt
|
||||
char *desc;
|
||||
INT32 err;
|
||||
|
||||
memset(&midiOutCaps, 0, sizeof(midiOutCaps));
|
||||
if (getMidiOutCaps(deviceID, &midiOutCaps, &err)) {
|
||||
int tech = (int)midiOutCaps.wTechnology;
|
||||
switch(tech) {
|
||||
@@ -139,6 +142,7 @@ INT32 MIDI_OUT_GetDeviceVersion(INT32 deviceID, char *name, UINT32 nameLength) {
|
||||
MIDIOUTCAPSW midiOutCaps;
|
||||
INT32 err;
|
||||
|
||||
memset(&midiOutCaps, 0, sizeof(midiOutCaps));
|
||||
if (getMidiOutCaps(deviceID, &midiOutCaps, &err) && nameLength>7) {
|
||||
sprintf(name, "%d.%d", (midiOutCaps.vDriverVersion & 0xFF00) >> 8, midiOutCaps.vDriverVersion & 0xFF);
|
||||
return MIDI_SUCCESS;
|
||||
|
||||
@@ -357,7 +357,7 @@ int lineHasControls(HMIXER handle, MIXERLINE* line, MIXERLINECONTROLS* controls)
|
||||
|
||||
INT32 PORT_GetPortMixerDescription(INT32 mixerIndex, PortMixerDescription* description) {
|
||||
MIXERCAPSW mixerCaps;
|
||||
if (mixerGetDevCapsW(mixerIndex, &mixerCaps, sizeof(MIXERCAPS)) == MMSYSERR_NOERROR) {
|
||||
if (mixerGetDevCapsW(mixerIndex, &mixerCaps, sizeof(MIXERCAPSW)) == MMSYSERR_NOERROR) {
|
||||
UnicodeToUTF8AndCopy(description->name, mixerCaps.szPname, PORT_STRING_LENGTH);
|
||||
sprintf(description->version, "%d.%d", (mixerCaps.vDriverVersion & 0xFF00) >> 8, mixerCaps.vDriverVersion & 0xFF);
|
||||
strncpy(description->description, "Port Mixer", PORT_STRING_LENGTH-1);
|
||||
@@ -368,9 +368,9 @@ INT32 PORT_GetPortMixerDescription(INT32 mixerIndex, PortMixerDescription* descr
|
||||
|
||||
int getDestinationCount(HMIXER handle) {
|
||||
int ret = 0;
|
||||
MIXERCAPS mixerCaps;
|
||||
MIXERCAPSW mixerCaps;
|
||||
|
||||
if (mixerGetDevCaps((UINT_PTR) handle, &mixerCaps, sizeof(MIXERCAPS)) == MMSYSERR_NOERROR) {
|
||||
if (mixerGetDevCapsW((UINT_PTR) handle, &mixerCaps, sizeof(MIXERCAPSW)) == MMSYSERR_NOERROR) {
|
||||
ret = mixerCaps.cDestinations;
|
||||
}
|
||||
return ret;
|
||||
|
||||
@@ -337,17 +337,17 @@ public final class Connection implements Runnable {
|
||||
// then reset the timeout.
|
||||
if (socket instanceof SSLSocket) {
|
||||
SSLSocket sslSocket = (SSLSocket) socket;
|
||||
int socketTimeout = sslSocket.getSoTimeout();
|
||||
if (!IS_HOSTNAME_VERIFICATION_DISABLED) {
|
||||
SSLParameters param = sslSocket.getSSLParameters();
|
||||
param.setEndpointIdentificationAlgorithm("LDAPS");
|
||||
sslSocket.setSSLParameters(param);
|
||||
}
|
||||
if (connectTimeout > 0) {
|
||||
int socketTimeout = sslSocket.getSoTimeout();
|
||||
sslSocket.setSoTimeout(connectTimeout); // reuse full timeout value
|
||||
sslSocket.startHandshake();
|
||||
sslSocket.setSoTimeout(socketTimeout);
|
||||
}
|
||||
sslSocket.startHandshake();
|
||||
sslSocket.setSoTimeout(socketTimeout);
|
||||
}
|
||||
return socket;
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -53,6 +53,20 @@ import java.util.*;
|
||||
public final class VersionHelper {
|
||||
private static final VersionHelper helper = new VersionHelper();
|
||||
|
||||
/**
|
||||
* Determines whether classes may be loaded from an arbitrary URL code base.
|
||||
*/
|
||||
private static final boolean TRUST_URL_CODE_BASE;
|
||||
|
||||
static {
|
||||
// System property to control whether classes may be loaded from an
|
||||
// arbitrary URL code base
|
||||
PrivilegedAction<String> act
|
||||
= () -> System.getProperty("com.sun.jndi.ldap.object.trustURLCodebase", "false");
|
||||
String trust = AccessController.doPrivileged(act);
|
||||
TRUST_URL_CODE_BASE = "true".equalsIgnoreCase(trust);
|
||||
}
|
||||
|
||||
final static String[] PROPS = new String[]{
|
||||
javax.naming.Context.INITIAL_CONTEXT_FACTORY,
|
||||
javax.naming.Context.OBJECT_FACTORIES,
|
||||
@@ -88,12 +102,14 @@ public final class VersionHelper {
|
||||
*/
|
||||
public Class<?> loadClass(String className, String codebase)
|
||||
throws ClassNotFoundException, MalformedURLException {
|
||||
|
||||
ClassLoader parent = getContextClassLoader();
|
||||
ClassLoader cl =
|
||||
URLClassLoader.newInstance(getUrlArray(codebase), parent);
|
||||
|
||||
return loadClass(className, cl);
|
||||
if (TRUST_URL_CODE_BASE) {
|
||||
ClassLoader parent = getContextClassLoader();
|
||||
ClassLoader cl
|
||||
= URLClassLoader.newInstance(getUrlArray(codebase), parent);
|
||||
return loadClass(className, cl);
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2004, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -190,6 +190,7 @@ import jdk.xml.internal.SecuritySupport;
|
||||
* @author Sunitha Reddy
|
||||
* @see javax.xml.datatype.Duration
|
||||
* @since 1.5
|
||||
* @LastModified: June 2018
|
||||
*/
|
||||
|
||||
public class XMLGregorianCalendarImpl
|
||||
@@ -2755,7 +2756,7 @@ public class XMLGregorianCalendarImpl
|
||||
if ((fractional.compareTo(DECIMAL_ZERO) < 0) ||
|
||||
(fractional.compareTo(DECIMAL_ONE) > 0)) {
|
||||
throw new IllegalArgumentException(DatatypeMessageFormatter.formatMessage(null,
|
||||
"InvalidFractional", new Object[]{fractional}));
|
||||
"InvalidFractional", new Object[]{fractional.toString()}));
|
||||
}
|
||||
}
|
||||
this.fractionalSecond = fractional;
|
||||
|
||||
@@ -311,6 +311,9 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_mscapi_PRNG_generateSeed
|
||||
}
|
||||
|
||||
result = env->NewByteArray(length);
|
||||
if (result == NULL) {
|
||||
__leave;
|
||||
}
|
||||
env->SetByteArrayRegion(result, 0, length, (jbyte*) pbData);
|
||||
|
||||
} else { // length == 0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2010, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -1601,13 +1601,14 @@ public final class Global extends Scope {
|
||||
}
|
||||
}
|
||||
|
||||
switch (nameStr) {
|
||||
case "context":
|
||||
if ("context".equals(nameStr)) {
|
||||
return sctxt;
|
||||
case "engine":
|
||||
return global.engine;
|
||||
default:
|
||||
break;
|
||||
} else if ("engine".equals(nameStr)) {
|
||||
// expose "engine" variable only when there is no security manager
|
||||
// or when no class filter is set.
|
||||
if (System.getSecurityManager() == null || global.getClassFilter() == null) {
|
||||
return global.engine;
|
||||
}
|
||||
}
|
||||
|
||||
if (self == UNDEFINED) {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -23,7 +23,7 @@
|
||||
|
||||
/*
|
||||
* @test
|
||||
* @bug 8132734 8144062 8165723
|
||||
* @bug 8132734 8144062 8165723 8199172
|
||||
* @summary Test the extended API and the aliasing additions in JarFile that
|
||||
* support multi-release jar files
|
||||
* @library /lib/testlibrary/java/util/jar /test/lib
|
||||
@@ -100,16 +100,30 @@ public class MultiReleaseJarAPI {
|
||||
testCustomMultiReleaseValue("true", true);
|
||||
testCustomMultiReleaseValue("true\r\nOther: value", true);
|
||||
testCustomMultiReleaseValue("true\nOther: value", true);
|
||||
testCustomMultiReleaseValue("true\rOther: value", true);
|
||||
// JDK-8200530: '\r' support in Manifest/Attributes will be addressed separately
|
||||
// testCustomMultiReleaseValue("true\rOther: value", true);
|
||||
|
||||
testCustomMultiReleaseValue("false", false);
|
||||
testCustomMultiReleaseValue(" true", false);
|
||||
testCustomMultiReleaseValue("true ", false);
|
||||
testCustomMultiReleaseValue("true\n ", false);
|
||||
testCustomMultiReleaseValue("true\r ", false);
|
||||
testCustomMultiReleaseValue("true\n true", false);
|
||||
|
||||
// JDK-8200530: '\r' support in Manifest/Attributes will be addressed separately
|
||||
testCustomMultiReleaseValue("true\r true", false);
|
||||
testCustomMultiReleaseValue("true\r\n true", false);
|
||||
|
||||
// "Multi-Release: true/false" not in main attributes
|
||||
testCustomMultiReleaseValue("\r\n\r\nName: test\r\nMulti-Release: true\r\n",
|
||||
false);
|
||||
testCustomMultiReleaseValue("\n\nName: entryname\nMulti-Release: true\n",
|
||||
false);
|
||||
testCustomMultiReleaseValue("EndOfMainAttr: whatever\r\n" +
|
||||
"\r\nName: entryname\r\nMulti-Release: true\r\n",
|
||||
false);
|
||||
testCustomMultiReleaseValue("EndOfMainAttr: whatever\r\n" +
|
||||
"\nName: entryname\nMulti-Release: true\n",
|
||||
false);
|
||||
|
||||
// generate "random" Strings to use as extra attributes, and
|
||||
// verify that Multi-Release: true is always properly matched
|
||||
for (int i = 0; i < 100; i++) {
|
||||
|
||||
@@ -25,7 +25,7 @@
|
||||
/**
|
||||
* @test
|
||||
* @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 8209452
|
||||
* 8209506
|
||||
* 8209506 8210432
|
||||
* @summary Check root CA entries in cacerts file
|
||||
*/
|
||||
import java.io.File;
|
||||
@@ -42,7 +42,7 @@ public class VerifyCACerts {
|
||||
+ File.separator + "security" + File.separator + "cacerts";
|
||||
|
||||
// The numbers of certs now.
|
||||
private static final int COUNT = 92;
|
||||
private static final int COUNT = 93;
|
||||
|
||||
// map of cert alias to SHA-256 fingerprint
|
||||
private static final Map<String, String> FINGERPRINT_MAP
|
||||
@@ -232,6 +232,8 @@ public class VerifyCACerts {
|
||||
"BE:C9:49:11:C2:95:56:76:DB:6C:0A:55:09:86:D7:6E:3B:A0:05:66:7C:44:2C:97:62:B4:FB:B7:73:DE:22:8C");
|
||||
put("globalsignr2ca [jdk]",
|
||||
"CA:42:DD:41:74:5F:D0:B8:1E:B9:02:36:2C:F9:D8:BF:71:9D:A1:BD:1B:1E:FC:94:6F:5B:4C:99:F4:2C:1B:9E");
|
||||
put("teliasonerarootcav1 [jdk]",
|
||||
"DD:69:36:FE:21:F8:F0:77:C1:23:A1:A5:21:C1:22:24:F7:22:55:B7:3E:03:A7:26:06:93:E8:A2:4B:0F:A3:89");
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
@@ -142,6 +142,12 @@ public class CreateMultiReleaseTestJars {
|
||||
}
|
||||
|
||||
public void buildSignedMultiReleaseJar() throws Exception {
|
||||
buildSignedMultiReleaseJar("multi-release.jar", "signed-multi-release.jar");
|
||||
}
|
||||
|
||||
public void buildSignedMultiReleaseJar(String multiReleaseJar,
|
||||
String signedMultiReleaseJar) throws Exception
|
||||
{
|
||||
String testsrc = System.getProperty("test.src",".");
|
||||
String testdir = findTestDir(testsrc);
|
||||
String keystore = testdir + "/sun/security/tools/jarsigner/JarSigning.keystore";
|
||||
@@ -155,8 +161,8 @@ public class CreateMultiReleaseTestJars {
|
||||
CertPath cp = CertificateFactory.getInstance("X.509")
|
||||
.generateCertPath(Arrays.asList(ks.getCertificateChain("b")));
|
||||
JarSigner js = new JarSigner.Builder(pkb, cp).build();
|
||||
try (ZipFile in = new ZipFile("multi-release.jar");
|
||||
FileOutputStream os = new FileOutputStream("signed-multi-release.jar"))
|
||||
try (ZipFile in = new ZipFile(multiReleaseJar);
|
||||
FileOutputStream os = new FileOutputStream(signedMultiReleaseJar))
|
||||
{
|
||||
js.sign(in, os);
|
||||
}
|
||||
|
||||
@@ -0,0 +1,195 @@
|
||||
/*
|
||||
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
/*
|
||||
* @test
|
||||
* @bug 8210432
|
||||
* @summary Interoperability tests with TeliaSonera Root CA v1
|
||||
* @build ValidatePathWithParams
|
||||
* @run main/othervm -Djava.security.debug=certpath TeliaSoneraCA OCSP
|
||||
* @run main/othervm -Djava.security.debug=certpath TeliaSoneraCA CRL
|
||||
*/
|
||||
|
||||
/*
|
||||
* Obtain TLS test artifacts for TeliaSonera Root CA v1 from:
|
||||
*
|
||||
* Valid TLS Certificates:
|
||||
* https://juolukka.cover.sonera.net:10443/
|
||||
*
|
||||
* Revoked TLS Certificates:
|
||||
* https://juolukka.cover.sonera.net:10444/
|
||||
*/
|
||||
public class TeliaSoneraCA {
|
||||
|
||||
// Owner: CN=TeliaSonera Server CA v2, O=TeliaSonera, C=FI
|
||||
// Issuer: CN=TeliaSonera Root CA v1, O=TeliaSonera
|
||||
private static final String INT = "-----BEGIN CERTIFICATE-----\n"
|
||||
+ "MIIHHjCCBQagAwIBAgIQTEYq9tv794BPhMF8/qlytjANBgkqhkiG9w0BAQsFADA3\n"
|
||||
+ "MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9v\n"
|
||||
+ "dCBDQSB2MTAeFw0xNDEwMTYwODA5NTdaFw0zMjEwMTYwNTA0MDBaMEYxCzAJBgNV\n"
|
||||
+ "BAYTAkZJMRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEhMB8GA1UEAwwYVGVsaWFTb25l\n"
|
||||
+ "cmEgU2VydmVyIENBIHYyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n"
|
||||
+ "rwQN5rfRLbVAiYWLJF9SI4YLm8oqrtf8OjGybgoLyiMIo8nhY/atuGRFWCQNOnUK\n"
|
||||
+ "caZn29C360PlC5yYrsrSHuouROisqHSJcgA7HvV+37Rcry7daeDj6rfyx4yI5dmj\n"
|
||||
+ "LwHkK0j1NzhX1JxFDgPeLNuebgzv/j8OfRhYK/BttpystC4Zgm3gZheKDjYsDS5D\n"
|
||||
+ "gjffuOysP3vewrcuw0EIZFx+HawuwNBLq4tMf4VSitYDHJSLIM2TeXZGGY5slTbT\n"
|
||||
+ "yLnrU5mIzG9WKqxyy7qHuFw1JtlAXkCLmUEVaF9M+dRPiGIjlDrpBgbDD9mT2CSk\n"
|
||||
+ "V/XG1696/voY5xB8KNIC1cOSmSO7kdJyR5tWiDIJiwMXrTwG+kZiqlbcKDsZeJ9p\n"
|
||||
+ "5bZxXO0pEpde3wgEYRvFr5Cx4vcz4h5pom9coJOCW9tqXU43KcueTrt4Ks9f92q1\n"
|
||||
+ "ehjyEnCh0BCdrjUOXsUtFosm9qxJnDwVlThYhS9EHuCTNBgj1Yxj6A+8fwwJP9DN\n"
|
||||
+ "CbWQx5afT+h+9FNDNRC/nEcesP1Yh9s15Se270pQW0CejUNziYG7Dft7T+PVH/fU\n"
|
||||
+ "zaWU8g0tJjtuQgiCWVqw4WkUmYY2S0R89zAotcpz2mvNO8ma2iJbubHi3c0ULfHH\n"
|
||||
+ "nkWKsdpzZmK4N0Wi6/V5yWdmL5RFkFecL8r7+9OtCB0CAwEAAaOCAhUwggIRMIGK\n"
|
||||
+ "BggrBgEFBQcBAQR+MHwwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnRydXN0LnRl\n"
|
||||
+ "bGlhc29uZXJhLmNvbTBLBggrBgEFBQcwAoY/aHR0cDovL3JlcG9zaXRvcnkudHJ1\n"
|
||||
+ "c3QudGVsaWFzb25lcmEuY29tL3RlbGlhc29uZXJhcm9vdGNhdjEuY2VyMBIGA1Ud\n"
|
||||
+ "EwEB/wQIMAYBAf8CAQAwVQYDVR0gBE4wTDBKBgwrBgEEAYIPAgMBAQIwOjA4Bggr\n"
|
||||
+ "BgEFBQcCARYsaHR0cHM6Ly9yZXBvc2l0b3J5LnRydXN0LnRlbGlhc29uZXJhLmNv\n"
|
||||
+ "bS9DUFMwDgYDVR0PAQH/BAQDAgEGMIHGBgNVHR8Egb4wgbswQKA+oDyGOmh0dHA6\n"
|
||||
+ "Ly9jcmwtMy50cnVzdC50ZWxpYXNvbmVyYS5jb20vdGVsaWFzb25lcmFyb290Y2F2\n"
|
||||
+ "MS5jcmwwd6B1oHOGcWxkYXA6Ly9jcmwtMS50cnVzdC50ZWxpYXNvbmVyYS5jb20v\n"
|
||||
+ "Y249VGVsaWFTb25lcmElMjBSb290JTIwQ0ElMjB2MSxvPVRlbGlhU29uZXJhP2Nl\n"
|
||||
+ "cnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q7YmluYXJ5MB0GA1UdDgQWBBQvSTwpT9cH\n"
|
||||
+ "JfnGjNVk9WY9EoMilTAfBgNVHSMEGDAWgBTwj1k4ALP1j5qWDNXr+nuqF+gTEjAN\n"
|
||||
+ "BgkqhkiG9w0BAQsFAAOCAgEAg9EVFW6ioZ2ctrX8KqvW9XPYZR01yNgqlO7pwBWf\n"
|
||||
+ "HzuBCbUdyVzumfQnU24Sce92oMtEfyuxIOmhvoXU7LpnYlH3Q29UGP5dL0D3edGz\n"
|
||||
+ "HeU6Tf8bkcOEHtnTrkd+y+rfFSDWYl9r1y993NAcrBHhroQCE53mlrO7TjXa3zDq\n"
|
||||
+ "6LGR8T8VgvGw0IBz6mzAks0wMYB0b4uREPmWXi+m+RqG3lnpl+eBzz6YVLkxIYMq\n"
|
||||
+ "QIXJIBsu4/ybmadsfdql6E8Lo3dKVD4UG10mtd+iPbJiBiW/a9VbEe3NVKIv4H2y\n"
|
||||
+ "HqYcxDXAeUI66E3K2cjCmKoQaa0Ywt02ikZFd0v1OWNPS7YWbEJWkVR1PcPMESK9\n"
|
||||
+ "6HKI4xhG2tJesmXjQ8q8aSx2u79Zts3ewjKqTmurf6FXW3u9TpSCUe6Drr/3X7Ve\n"
|
||||
+ "nBy4M0sLwCecD/L9gjTa+EItQTYzCkpxiMO49tQdX/BpwgWju4Kg3qkaBNTzvSlk\n"
|
||||
+ "gdnRJqCUkVuzwK4yBqUoyRz3prlhvvRGdZJKf6IXRDhncpey5pm0PQYQ4cArx7Go\n"
|
||||
+ "AaAKz0ZTHOKjnM2KIdUhBJQybL7oPklSfkeMWoUoYED6R4YMTt/JXX4ixEb5DgDJ\n"
|
||||
+ "0F+bNcF7qGrJTkTx0Ccy4BuuY05hJckd72E7WdmjN7DDeosghgWZNV/6D7N5tfxo\n"
|
||||
+ "nlU=\n"
|
||||
+ "-----END CERTIFICATE-----";
|
||||
|
||||
// Owner: CN=juolukka.cover.sonera.net, OU=security, O=Telia Finland Oyj, L=helsinki, C=FI
|
||||
// Issuer: CN=TeliaSonera Server CA v2, O=TeliaSonera, C=FI
|
||||
private static final String VALID = "-----BEGIN CERTIFICATE-----\n" +
|
||||
"MIIHiDCCBXCgAwIBAgIPAWOq14hk136UDQY3WSjLMA0GCSqGSIb3DQEBCwUAMEYx\n" +
|
||||
"CzAJBgNVBAYTAkZJMRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEhMB8GA1UEAwwYVGVs\n" +
|
||||
"aWFTb25lcmEgU2VydmVyIENBIHYyMB4XDTE4MDUyOTA3NDA0MVoXDTE5MDUyOTA3\n" +
|
||||
"NDA0MVowczELMAkGA1UEBhMCRkkxETAPBgNVBAcMCGhlbHNpbmtpMRowGAYDVQQK\n" +
|
||||
"DBFUZWxpYSBGaW5sYW5kIE95ajERMA8GA1UECwwIc2VjdXJpdHkxIjAgBgNVBAMM\n" +
|
||||
"GWp1b2x1a2thLmNvdmVyLnNvbmVyYS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IB\n" +
|
||||
"DwAwggEKAoIBAQDLks9F8ZUqV9G4jn3fY234OX09Dmqqtuk0qAmjWpF0JAn2o64t\n" +
|
||||
"whVxFLx9e2IwUPTQgyo6FwRsiT19m99BhgxYnJOxVRwURxSL3mqlV9gX4oFMmT4O\n" +
|
||||
"EOYEjaJXi8ne1pJX80y2hVQ48XqgODnKdKZVwa5YoeWZQJiaq+C5JkMDN8qzpiyQ\n" +
|
||||
"X3EfJspLkKy2E+UVxWmfnyf0v70ES9TQ8qgxwvsf7LRZ8Jixq7TTO5VbqWsdBvJC\n" +
|
||||
"9Zm2aBOYJ7ptSZQ5YDfeUJG2c9S/zFmngoPnTrvAZwUeU3YTrbdZQy899ZOatWac\n" +
|
||||
"6lHUYU2EagEmbj/jtIvJ6wMbzhleIXRQFWibAgMBAAGjggNEMIIDQDAfBgNVHSME\n" +
|
||||
"GDAWgBQvSTwpT9cHJfnGjNVk9WY9EoMilTAdBgNVHQ4EFgQUbMozh4osL4gFJvb5\n" +
|
||||
"baELpQSKEhIwDgYDVR0PAQH/BAQDAgSwME4GA1UdIARHMEUwQwYGZ4EMAQICMDkw\n" +
|
||||
"NwYIKwYBBQUHAgEWK2h0dHA6Ly9yZXBvc2l0b3J5LnRydXN0LnRlbGlhc29uZXJh\n" +
|
||||
"LmNvbS9DUFMwJAYDVR0RBB0wG4IZanVvbHVra2EuY292ZXIuc29uZXJhLm5ldDBN\n" +
|
||||
"BgNVHR8ERjBEMEKgQKA+hjxodHRwOi8vY3JsLTMudHJ1c3QudGVsaWFzb25lcmEu\n" +
|
||||
"Y29tL3RlbGlhc29uZXJhc2VydmVyY2F2Mi5jcmwwHQYDVR0lBBYwFAYIKwYBBQUH\n" +
|
||||
"AwIGCCsGAQUFBwMBMIGGBggrBgEFBQcBAQR6MHgwJwYIKwYBBQUHMAGGG2h0dHA6\n" +
|
||||
"Ly9vY3NwLnRydXN0LnRlbGlhLmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL3JlcG9z\n" +
|
||||
"aXRvcnkudHJ1c3QudGVsaWFzb25lcmEuY29tL3RlbGlhc29uZXJhc2VydmVyY2F2\n" +
|
||||
"Mi5jZXIwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AG9Tdqwx8DEZ2JkApFEV\n" +
|
||||
"/3cVHBHZAsEAKQaNsgiaN9kTAAABY6rXpS0AAAQDAEcwRQIgfMLEFYxQcncL3am/\n" +
|
||||
"W2x7DMZ1+Vh1tDLw/0qIQB40VBQCIQC1eyF8Q6CcQs+gIgzpy7OiZSosSlykyOgW\n" +
|
||||
"qHkj/0UPygB3AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABY6rX\n" +
|
||||
"pLEAAAQDAEgwRgIhAJxveFVsFrfttSJIxHsMPAvvevptaV2CxsGwubAi8wDDAiEA\n" +
|
||||
"jNbbYfUiYtmQ5v4yc6T+GcixztNIlMzQ7OTK+u9zqSoAdgBVgdTCFpA2AUrqC5tX\n" +
|
||||
"PFPwwOQ4eHAlCBcvo6odBxPTDAAAAWOq16YXAAAEAwBHMEUCIQCCkCL2zn/AoMVI\n" +
|
||||
"BdsoJelUBLsAnQ+GlIafiyZYcCwhBAIgdsFM05eNmL5hfn3+WtfgmipwcK1qp7kO\n" +
|
||||
"ONzO69aqrnEwDQYJKoZIhvcNAQELBQADggIBAIl5UWSwCXF85+2lU6t89K7I4TvZ\n" +
|
||||
"Ggof0NLngea9qxBq00opfnl9i2LPRnsjh9s3iA29i2daTEuJn3qt3Ygcm27Jd7WM\n" +
|
||||
"5StcxQ483GAaL5s5m2QqkZB8eLfez3tIyCMGCAyixBDNRNPVI4xZr6sSOenWtipo\n" +
|
||||
"gMt+/gvRIMdMT79IXPFz4W9RWCwnfJNOlfH2OkS3KZYaPSaEvs6sfMW1DDZosrBy\n" +
|
||||
"6F+DITPLllOVSE4+PTxvXLKVy+srFwF1VocQXKkWMHQ7AfWNnOGzb7B1qg7gsw0n\n" +
|
||||
"axqinyCjkhMpHpcVtmD9Pi15HLFDIy9yI2S+FHJQfhUSmM/LdCWzQpnee6/Wo+uw\n" +
|
||||
"p0Jg2v6v9GGaqfpuiVJPFN9dOv3OjMU7DL5lgMRWFRo2T8+wBHXDyBhT0W0y5kRJ\n" +
|
||||
"eWA7t6CnkziHuaOihZAHUH3nn5exjqUFVS0ThbF6hxN7HAlq/xIbTKlZjkLlc14W\n" +
|
||||
"fB8vkxJyy/tgBZ4dCj9Y1Y32d4eFT5JZJgqgkN59SmX56BswNXncGrk/vWZFFx+g\n" +
|
||||
"9dgb8QSe8KseD1iSLc7SsqVDv8NPYdaI3eZ90W8Wv0/CDls321O6UbAmURzQwFGB\n" +
|
||||
"w8WnteoVBi6Wf6M1TxIfJsXBYeIN0BB6AYc8cmZIOtx2C8aH4JJT45MyFnBv3ac5\n" +
|
||||
"Ahs9pGn/+K+5yb2e\n" +
|
||||
"-----END CERTIFICATE-----";
|
||||
|
||||
// Owner: CN=juolukka.cover.sonera.net, OU=Security, O=TeliaSonera Finland, L=Helsinki, C=FI
|
||||
// Issuer: CN=TeliaSonera Server CA v2, O=TeliaSonera, C=FI
|
||||
private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" +
|
||||
"MIIGEDCCA/igAwIBAgIRAKWJTjs6v04ZTyb2wJxfnJswDQYJKoZIhvcNAQELBQAw\n" +
|
||||
"RjELMAkGA1UEBhMCRkkxFDASBgNVBAoMC1RlbGlhU29uZXJhMSEwHwYDVQQDDBhU\n" +
|
||||
"ZWxpYVNvbmVyYSBTZXJ2ZXIgQ0EgdjIwHhcNMTYxMjIzMDcwMTQ2WhcNMTkxMjIz\n" +
|
||||
"MDcwMTQ2WjB1MQswCQYDVQQGEwJGSTERMA8GA1UEBwwISGVsc2lua2kxHDAaBgNV\n" +
|
||||
"BAoME1RlbGlhU29uZXJhIEZpbmxhbmQxETAPBgNVBAsMCFNlY3VyaXR5MSIwIAYD\n" +
|
||||
"VQQDDBlqdW9sdWtrYS5jb3Zlci5zb25lcmEubmV0MIIBIjANBgkqhkiG9w0BAQEF\n" +
|
||||
"AAOCAQ8AMIIBCgKCAQEAt2u92TgTFdm1OEfmWFPe+ESBi+2ox4y1EDoin8RydMyO\n" +
|
||||
"DI6+0HHnKfDZa1YViI5b6MLJKWIAyUszAg5hc0S3upElfSsBvUW6zuQTxMi2vTYE\n" +
|
||||
"4tcqwIEyCUaiv4wC+DuO5CyGR32yR6HB/W5Ny200dPs2SO03ESEJ+LH4Tw5AI8JJ\n" +
|
||||
"UZHW+lA+yUHnlc3q47svpbspjt0C/THyukd1hbXTBB0mPXqPux+ClvtZBWUJb7ti\n" +
|
||||
"1cPfcCNd79KRObzcgxqcOIaUFz4LjjKezhzVSL7tJOANOHZ09qDeOAkk/X9POx4h\n" +
|
||||
"a5XyWfH1zaQ0QlZ2mKBeHebCIJkgTZZVipagRVOgcwIDAQABo4IByDCCAcQwgY0G\n" +
|
||||
"CCsGAQUFBwEBBIGAMH4wLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnRydXN0LnRl\n" +
|
||||
"bGlhc29uZXJhLmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL3JlcG9zaXRvcnkudHJ1\n" +
|
||||
"c3QudGVsaWFzb25lcmEuY29tL3RlbGlhc29uZXJhc2VydmVyY2F2Mi5jZXIwHwYD\n" +
|
||||
"VR0jBBgwFoAUL0k8KU/XByX5xozVZPVmPRKDIpUwTgYDVR0gBEcwRTBDBgZngQwB\n" +
|
||||
"AgIwOTA3BggrBgEFBQcCARYraHR0cDovL3JlcG9zaXRvcnkudHJ1c3QudGVsaWFz\n" +
|
||||
"b25lcmEuY29tL0NQUzBNBgNVHR8ERjBEMEKgQKA+hjxodHRwOi8vY3JsLTMudHJ1\n" +
|
||||
"c3QudGVsaWFzb25lcmEuY29tL3RlbGlhc29uZXJhc2VydmVyY2F2Mi5jcmwwHQYD\n" +
|
||||
"VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIEsDAkBgNV\n" +
|
||||
"HREEHTAbghlqdW9sdWtrYS5jb3Zlci5zb25lcmEubmV0MB0GA1UdDgQWBBSa+vJH\n" +
|
||||
"I6Lt9Aqw5ondhoZu4/IJezANBgkqhkiG9w0BAQsFAAOCAgEASRK1l1MZb/IRlyi+\n" +
|
||||
"XjfZcxJdFuNzW2kpZstW6Ni2XiD3p7aROBfDFtu7GajzZHb6p76auDb4NwJgeE/3\n" +
|
||||
"6gnXoIK00HwpF2RAhxDpkF8r3q0jSqGhSv/xz9Nx7JBzgqfSw3Ha4ohioIed3uc+\n" +
|
||||
"nMDyvVenio4GYgtxIIubSybCxMv/lBA/S4daIVCYK3VOoBbM2F36ecAKvRU5vIWM\n" +
|
||||
"urXsfANL3u4qgJpaM0DclzFsOkVsRPffzToko/Nr6pGXYjt47IzTRlwLMnLehoZW\n" +
|
||||
"ZZMGMVVOlR7XGf81UjWB6OsKeoQ4FWgcb/rIJcZusm+LqvnsCHuC3gtuC2nGA7lr\n" +
|
||||
"fseUlG7QZN9/QfUIyvL69wAzeVj1cUcd7GHcAH9DyZJfI8orv4PyUvitDdgISkFu\n" +
|
||||
"GZ562O7cGmCv00/6I4t0z9wZal8a5lRDoKXAYy+u/adrO1JjLwi11y/DTw9LQ7sJ\n" +
|
||||
"gVP/v2GsI0ajF9A6z33UHN9uxXZVmQNvOiMkcJiGLovFgu5zxoAg2W3pHjbBbeL8\n" +
|
||||
"v5MPqgsKafgzaSRtXBBvaISHi9hhRR8v/qSwO3NyLm8uAhQD4x+OPHrmQ/s16j45\n" +
|
||||
"Ib53UHj1k6byXGUqDgzFBsmEPV6Shf2C4/HcRHpAX8wQx3xVwDtRzDpNUR6vnNfi\n" +
|
||||
"PwzRU1xsQKd8llmgl4l+fYV0tBA=\n" +
|
||||
"-----END CERTIFICATE-----";
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
|
||||
ValidatePathWithParams pathValidator = new ValidatePathWithParams(null);
|
||||
|
||||
if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) {
|
||||
pathValidator.enableCRLCheck();
|
||||
} else {
|
||||
// OCSP check by default
|
||||
pathValidator.enableOCSPCheck();
|
||||
}
|
||||
|
||||
// Validate valid
|
||||
pathValidator.validate(new String[]{VALID, INT},
|
||||
ValidatePathWithParams.Status.GOOD, null, System.out);
|
||||
|
||||
// Validate Revoked
|
||||
pathValidator.validate(new String[]{REVOKED, INT},
|
||||
ValidatePathWithParams.Status.REVOKED,
|
||||
"Thu Dec 22 23:14:55 PST 2016", System.out);
|
||||
|
||||
// reset validation date back to current date
|
||||
pathValidator.resetValidationDate();
|
||||
}
|
||||
}
|
||||
346
test/jdk/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java
Normal file
346
test/jdk/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java
Normal file
@@ -0,0 +1,346 @@
|
||||
/*
|
||||
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
/*
|
||||
* @test
|
||||
* @bug 8208350
|
||||
* @summary Disable all DES cipher suites
|
||||
* @run main/othervm NoDesRC4CiphSuite
|
||||
*/
|
||||
|
||||
/*
|
||||
* SunJSSE does not support dynamic system properties, no way to re-use
|
||||
* system properties in samevm/agentvm mode.
|
||||
*/
|
||||
|
||||
import java.security.Security;
|
||||
import javax.net.ssl.*;
|
||||
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
|
||||
import java.io.IOException;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.util.List;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
|
||||
public class NoDesRC4CiphSuite {
|
||||
|
||||
private static final boolean DEBUG = false;
|
||||
|
||||
private static final byte RECTYPE_HS = 0x16;
|
||||
private static final byte HSMSG_CLIHELLO = 0x01;
|
||||
|
||||
// These are some groups of Cipher Suites by names and IDs
|
||||
private static final List<Integer> DES_CS_LIST = Arrays.asList(
|
||||
0x0009, 0x0015, 0x0012, 0x001A, 0x0008, 0x0014, 0x0011, 0x0019
|
||||
);
|
||||
private static final String[] DES_CS_LIST_NAMES = new String[] {
|
||||
"SSL_RSA_WITH_DES_CBC_SHA",
|
||||
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
|
||||
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
|
||||
"SSL_DH_anon_WITH_DES_CBC_SHA",
|
||||
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
||||
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
||||
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
|
||||
"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"
|
||||
};
|
||||
private static final List<Integer> RC4_CS_LIST = Arrays.asList(
|
||||
0xC007, 0xC011, 0x0005, 0xC002, 0xC00C, 0x0004, 0xC016, 0x0018,
|
||||
0x0003, 0x0017
|
||||
);
|
||||
private static final String[] RC4_CS_LIST_NAMES = new String[] {
|
||||
"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
|
||||
"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
|
||||
"SSL_RSA_WITH_RC4_128_SHA",
|
||||
"TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
|
||||
"TLS_ECDH_RSA_WITH_RC4_128_SHA",
|
||||
"SSL_RSA_WITH_RC4_128_MD5",
|
||||
"TLS_ECDH_anon_WITH_RC4_128_SHA",
|
||||
"SSL_DH_anon_WITH_RC4_128_MD5",
|
||||
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
|
||||
"SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"
|
||||
};
|
||||
|
||||
private static final ByteBuffer CLIOUTBUF =
|
||||
ByteBuffer.wrap("Client Side".getBytes());
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
boolean allGood = true;
|
||||
String disAlg = Security.getProperty("jdk.tls.disabledAlgorithms");
|
||||
System.err.println("Disabled Algs: " + disAlg);
|
||||
|
||||
// Disabled DES tests
|
||||
allGood &= testDefaultCase(DES_CS_LIST);
|
||||
allGood &= testEngAddDisabled(DES_CS_LIST_NAMES, DES_CS_LIST);
|
||||
allGood &= testEngOnlyDisabled(DES_CS_LIST_NAMES);
|
||||
|
||||
// Disabled RC4 tests
|
||||
allGood &= testDefaultCase(RC4_CS_LIST);
|
||||
allGood &= testEngAddDisabled(RC4_CS_LIST_NAMES, RC4_CS_LIST);
|
||||
allGood &= testEngOnlyDisabled(RC4_CS_LIST_NAMES);
|
||||
|
||||
if (allGood) {
|
||||
System.err.println("All tests passed");
|
||||
} else {
|
||||
throw new RuntimeException("One or more tests failed");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Create an engine with the default set of cipher suites enabled and make
|
||||
* sure none of the disabled suites are present in the client hello.
|
||||
*
|
||||
* @param disabledSuiteIds the {@code List} of disabled cipher suite IDs
|
||||
* to be checked for.
|
||||
*
|
||||
* @return true if the test passed (No disabled suites), false otherwise
|
||||
*/
|
||||
private static boolean testDefaultCase(List<Integer> disabledSuiteIds)
|
||||
throws Exception {
|
||||
System.err.println("\nTest: Default SSLEngine suite set");
|
||||
SSLEngine ssle = makeEngine();
|
||||
if (DEBUG) {
|
||||
listCiphers("Suite set upon creation", ssle);
|
||||
}
|
||||
SSLEngineResult clientResult;
|
||||
ByteBuffer cTOs = makeClientBuf(ssle);
|
||||
clientResult = ssle.wrap(CLIOUTBUF, cTOs);
|
||||
if (DEBUG) {
|
||||
dumpResult("ClientHello: ", clientResult);
|
||||
}
|
||||
cTOs.flip();
|
||||
boolean foundSuite = areSuitesPresentCH(cTOs, disabledSuiteIds);
|
||||
if (foundSuite) {
|
||||
System.err.println("FAIL: Found disabled suites!");
|
||||
return false;
|
||||
} else {
|
||||
System.err.println("PASS: No disabled suites found.");
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Create an engine and set only disabled cipher suites.
|
||||
* The engine should not create the client hello message since the only
|
||||
* available suites to assert in the client hello are disabled ones.
|
||||
*
|
||||
* @param disabledSuiteNames an array of cipher suite names that
|
||||
* should be disabled cipher suites.
|
||||
*
|
||||
* @return true if the engine throws SSLHandshakeException during client
|
||||
* hello creation, false otherwise.
|
||||
*/
|
||||
private static boolean testEngOnlyDisabled(String[] disabledSuiteNames)
|
||||
throws Exception {
|
||||
System.err.println(
|
||||
"\nTest: SSLEngine configured with only disabled suites");
|
||||
try {
|
||||
SSLEngine ssle = makeEngine();
|
||||
ssle.setEnabledCipherSuites(disabledSuiteNames);
|
||||
if (DEBUG) {
|
||||
listCiphers("Suite set upon creation", ssle);
|
||||
}
|
||||
SSLEngineResult clientResult;
|
||||
ByteBuffer cTOs = makeClientBuf(ssle);
|
||||
clientResult = ssle.wrap(CLIOUTBUF, cTOs);
|
||||
if (DEBUG) {
|
||||
dumpResult("ClientHello: ", clientResult);
|
||||
}
|
||||
cTOs.flip();
|
||||
} catch (SSLHandshakeException shse) {
|
||||
System.err.println("PASS: Caught expected exception: " + shse);
|
||||
return true;
|
||||
}
|
||||
System.err.println("FAIL: Expected SSLHandshakeException not thrown");
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create an engine and add some disabled suites to the default
|
||||
* set of cipher suites. Make sure none of the disabled suites show up
|
||||
* in the client hello even though they were explicitly added.
|
||||
*
|
||||
* @param disabledSuiteNames an array of cipher suite names that
|
||||
* should be disabled cipher suites.
|
||||
* @param disabledIds the {@code List} of disabled cipher suite IDs
|
||||
* to be checked for.
|
||||
*
|
||||
* @return true if the test passed (No disabled suites), false otherwise
|
||||
*/
|
||||
private static boolean testEngAddDisabled(String[] disabledNames,
|
||||
List<Integer> disabledIds) throws Exception {
|
||||
System.err.println("\nTest: SSLEngine with disabled suites added");
|
||||
SSLEngine ssle = makeEngine();
|
||||
|
||||
// Add disabled suites to the existing engine's set of enabled suites
|
||||
String[] initialSuites = ssle.getEnabledCipherSuites();
|
||||
String[] plusDisSuites = Arrays.copyOf(initialSuites,
|
||||
initialSuites.length + disabledNames.length);
|
||||
System.arraycopy(disabledNames, 0, plusDisSuites,
|
||||
initialSuites.length, disabledNames.length);
|
||||
ssle.setEnabledCipherSuites(plusDisSuites);
|
||||
|
||||
if (DEBUG) {
|
||||
listCiphers("Suite set upon creation", ssle);
|
||||
}
|
||||
SSLEngineResult clientResult;
|
||||
ByteBuffer cTOs = makeClientBuf(ssle);
|
||||
clientResult = ssle.wrap(CLIOUTBUF, cTOs);
|
||||
if (DEBUG) {
|
||||
dumpResult("ClientHello: ", clientResult);
|
||||
}
|
||||
cTOs.flip();
|
||||
boolean foundDisabled = areSuitesPresentCH(cTOs, disabledIds);
|
||||
if (foundDisabled) {
|
||||
System.err.println("FAIL: Found disabled suites!");
|
||||
return false;
|
||||
} else {
|
||||
System.err.println("PASS: No disabled suites found.");
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
private static SSLEngine makeEngine() throws GeneralSecurityException {
|
||||
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
|
||||
ctx.init(null, null, null);
|
||||
return ctx.createSSLEngine();
|
||||
}
|
||||
|
||||
private static ByteBuffer makeClientBuf(SSLEngine ssle) {
|
||||
ssle.setUseClientMode(true);
|
||||
ssle.setNeedClientAuth(false);
|
||||
SSLSession sess = ssle.getSession();
|
||||
ByteBuffer cTOs = ByteBuffer.allocateDirect(sess.getPacketBufferSize());
|
||||
return cTOs;
|
||||
}
|
||||
|
||||
private static void listCiphers(String prefix, SSLEngine ssle) {
|
||||
System.err.println(prefix + "\n---------------");
|
||||
String[] suites = ssle.getEnabledCipherSuites();
|
||||
for (String suite : suites) {
|
||||
System.err.println(suite);
|
||||
}
|
||||
System.err.println("---------------");
|
||||
}
|
||||
|
||||
/**
|
||||
* Walk a TLS 1.2 or earlier ClientHello looking for any of the suites
|
||||
* in the suiteIdList.
|
||||
*
|
||||
* @param clientHello a ByteBuffer containing the ClientHello message as
|
||||
* a complete TLS record. The position of the buffer should be
|
||||
* at the first byte of the TLS record header.
|
||||
* @param suiteIdList a List of integer values corresponding to
|
||||
* TLS cipher suite identifiers.
|
||||
*
|
||||
* @return true if at least one of the suites in {@code suiteIdList}
|
||||
* is found in the ClientHello's cipher suite list
|
||||
*
|
||||
* @throws IOException if the data in the {@code clientHello}
|
||||
* buffer is not a TLS handshake message or is not a client hello.
|
||||
*/
|
||||
private static boolean areSuitesPresentCH(ByteBuffer clientHello,
|
||||
List<Integer> suiteIdList) throws IOException {
|
||||
byte val;
|
||||
|
||||
// Process the TLS Record
|
||||
val = clientHello.get();
|
||||
if (val != RECTYPE_HS) {
|
||||
throw new IOException(
|
||||
"Not a handshake record, type = " + val);
|
||||
}
|
||||
|
||||
// Just skip over the version and length
|
||||
clientHello.position(clientHello.position() + 4);
|
||||
|
||||
// Check the handshake message type
|
||||
val = clientHello.get();
|
||||
if (val != HSMSG_CLIHELLO) {
|
||||
throw new IOException(
|
||||
"Not a ClientHello handshake message, type = " + val);
|
||||
}
|
||||
|
||||
// Skip over the length
|
||||
clientHello.position(clientHello.position() + 3);
|
||||
|
||||
// Skip over the protocol version (2) and random (32);
|
||||
clientHello.position(clientHello.position() + 34);
|
||||
|
||||
// Skip past the session ID (variable length <= 32)
|
||||
int len = Byte.toUnsignedInt(clientHello.get());
|
||||
if (len > 32) {
|
||||
throw new IOException("Session ID is too large, len = " + len);
|
||||
}
|
||||
clientHello.position(clientHello.position() + len);
|
||||
|
||||
// Finally, we are at the cipher suites. Walk the list and place them
|
||||
// into a List.
|
||||
int csLen = Short.toUnsignedInt(clientHello.getShort());
|
||||
if (csLen % 2 != 0) {
|
||||
throw new IOException("CipherSuite length is invalid, len = " +
|
||||
csLen);
|
||||
}
|
||||
int csCount = csLen / 2;
|
||||
List<Integer> csSuiteList = new ArrayList<>(csCount);
|
||||
log("Found following suite IDs in hello:");
|
||||
for (int i = 0; i < csCount; i++) {
|
||||
int curSuite = Short.toUnsignedInt(clientHello.getShort());
|
||||
log(String.format("Suite ID: 0x%04x", curSuite));
|
||||
csSuiteList.add(curSuite);
|
||||
}
|
||||
|
||||
// Now check to see if any of the suites passed in match what is in
|
||||
// the suite list.
|
||||
boolean foundMatch = false;
|
||||
for (Integer cs : suiteIdList) {
|
||||
if (csSuiteList.contains(cs)) {
|
||||
System.err.format("Found match for suite ID 0x%04x\n", cs);
|
||||
foundMatch = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// We don't care about the rest of the ClientHello message.
|
||||
// Rewind and return whether we found a match or not.
|
||||
clientHello.rewind();
|
||||
return foundMatch;
|
||||
}
|
||||
|
||||
private static void dumpResult(String str, SSLEngineResult result) {
|
||||
System.err.println("The format of the SSLEngineResult is: \n" +
|
||||
"\t\"getStatus() / getHandshakeStatus()\" +\n" +
|
||||
"\t\"bytesConsumed() / bytesProduced()\"\n");
|
||||
HandshakeStatus hsStatus = result.getHandshakeStatus();
|
||||
System.err.println(str + result.getStatus() + "/" + hsStatus + ", " +
|
||||
result.bytesConsumed() + "/" + result.bytesProduced() + " bytes");
|
||||
if (hsStatus == HandshakeStatus.FINISHED) {
|
||||
System.err.println("\t...ready for application data");
|
||||
}
|
||||
}
|
||||
|
||||
private static void log(String str) {
|
||||
if (DEBUG) {
|
||||
System.err.println(str);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -31,47 +31,47 @@
|
||||
* @run main/othervm
|
||||
* CustomizedCipherSuites Default true
|
||||
* TLS_RSA_WITH_AES_128_CBC_SHA
|
||||
* SSL_RSA_WITH_DES_CBC_SHA
|
||||
* TLS_ECDH_anon_WITH_AES_128_CBC_SHA
|
||||
* @run main/othervm
|
||||
* -Djdk.tls.client.cipherSuites="unknown"
|
||||
* CustomizedCipherSuites Default true
|
||||
* TLS_RSA_WITH_AES_128_CBC_SHA
|
||||
* SSL_RSA_WITH_DES_CBC_SHA
|
||||
* TLS_ECDH_anon_WITH_AES_128_CBC_SHA
|
||||
* @run main/othervm
|
||||
* -Djdk.tls.client.cipherSuites=""
|
||||
* CustomizedCipherSuites Default true
|
||||
* TLS_RSA_WITH_AES_128_CBC_SHA
|
||||
* SSL_RSA_WITH_DES_CBC_SHA
|
||||
* TLS_ECDH_anon_WITH_AES_128_CBC_SHA
|
||||
* @run main/othervm
|
||||
* -Djdk.tls.client.cipherSuites="SSL_RSA_WITH_DES_CBC_SHA"
|
||||
* -Djdk.tls.client.cipherSuites="TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
|
||||
* CustomizedCipherSuites Default true
|
||||
* SSL_RSA_WITH_DES_CBC_SHA
|
||||
* TLS_ECDH_anon_WITH_AES_128_CBC_SHA
|
||||
* TLS_RSA_WITH_AES_128_CBC_SHA
|
||||
* @run main/othervm
|
||||
* -Djdk.tls.server.cipherSuites="SSL_RSA_WITH_DES_CBC_SHA"
|
||||
* -Djdk.tls.server.cipherSuites="TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
|
||||
* CustomizedCipherSuites Default false
|
||||
* SSL_RSA_WITH_DES_CBC_SHA
|
||||
* TLS_ECDH_anon_WITH_AES_128_CBC_SHA
|
||||
* TLS_RSA_WITH_AES_128_CBC_SHA
|
||||
* @run main/othervm
|
||||
* -Djdk.tls.client.cipherSuites="TLS_RSA_WITH_AES_128_CBC_SHA,unknown,SSL_RSA_WITH_DES_CBC_SHA"
|
||||
* -Djdk.tls.client.cipherSuites="TLS_RSA_WITH_AES_128_CBC_SHA,unknown,TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
|
||||
* CustomizedCipherSuites Default true
|
||||
* SSL_RSA_WITH_DES_CBC_SHA
|
||||
* TLS_ECDH_anon_WITH_AES_128_CBC_SHA
|
||||
* ""
|
||||
* @run main/othervm
|
||||
* -Djdk.tls.server.cipherSuites="TLS_RSA_WITH_AES_128_CBC_SHA,unknown,SSL_RSA_WITH_DES_CBC_SHA"
|
||||
* -Djdk.tls.server.cipherSuites="TLS_RSA_WITH_AES_128_CBC_SHA,unknown,TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
|
||||
* CustomizedCipherSuites Default false
|
||||
* TLS_RSA_WITH_AES_128_CBC_SHA
|
||||
* ""
|
||||
* @run main/othervm
|
||||
* -Djdk.tls.server.cipherSuites="SSL_RSA_WITH_DES_CBC_SHA"
|
||||
* -Djdk.tls.server.cipherSuites="TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
|
||||
* CustomizedCipherSuites Default true
|
||||
* TLS_RSA_WITH_AES_128_CBC_SHA
|
||||
* SSL_RSA_WITH_DES_CBC_SHA
|
||||
* TLS_ECDH_anon_WITH_AES_128_CBC_SHA
|
||||
* @run main/othervm
|
||||
* -Djdk.tls.client.cipherSuites="SSL_RSA_WITH_DES_CBC_SHA"
|
||||
* -Djdk.tls.client.cipherSuites="TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
|
||||
* CustomizedCipherSuites Default false
|
||||
* TLS_RSA_WITH_AES_128_CBC_SHA
|
||||
* SSL_RSA_WITH_DES_CBC_SHA
|
||||
* TLS_ECDH_anon_WITH_AES_128_CBC_SHA
|
||||
*/
|
||||
|
||||
import javax.net.ssl.*;
|
||||
@@ -79,7 +79,7 @@ import javax.net.ssl.*;
|
||||
/**
|
||||
* Test the customized default cipher suites.
|
||||
*
|
||||
* This test is based on the behavior that SSL_RSA_WITH_DES_CBC_SHA is
|
||||
* This test is based on the behavior that TLS_ECDH_anon_WITH_AES_128_CBC_SHA is
|
||||
* disabled by default, and TLS_RSA_WITH_AES_128_CBC_SHA is enabled by
|
||||
* default in JDK. If the behavior is changed in the future, please
|
||||
* update the test cases above accordingly.
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
package jdk.test.lib.util;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.FileNotFoundException;
|
||||
import java.io.FileOutputStream;
|
||||
@@ -126,6 +127,11 @@ public final class JarUtils {
|
||||
changes = new HashMap<>(changes);
|
||||
|
||||
System.out.printf("Creating %s from %s...\n", dest, src);
|
||||
|
||||
if (dest.equals(src)) {
|
||||
throw new IOException("src and dest cannot be the same");
|
||||
}
|
||||
|
||||
try (JarOutputStream jos = new JarOutputStream(
|
||||
new FileOutputStream(dest))) {
|
||||
|
||||
@@ -153,6 +159,22 @@ public final class JarUtils {
|
||||
System.out.println();
|
||||
}
|
||||
|
||||
/**
|
||||
* Update the Manifest inside a jar.
|
||||
*
|
||||
* @param src the original jar file name
|
||||
* @param dest the new jar file name
|
||||
* @param man the Manifest
|
||||
*
|
||||
* @throws IOException
|
||||
*/
|
||||
public static void updateManifest(String src, String dest, Manifest man)
|
||||
throws IOException {
|
||||
ByteArrayOutputStream bout = new ByteArrayOutputStream();
|
||||
man.write(bout);
|
||||
updateJar(src, dest, Map.of(JarFile.MANIFEST_NAME, bout.toByteArray()));
|
||||
}
|
||||
|
||||
private static void updateEntry(JarOutputStream jos, String name, Object content)
|
||||
throws IOException {
|
||||
if (content instanceof Boolean) {
|
||||
|
||||
Reference in New Issue
Block a user