Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
02c7944c
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
3
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
02c7944c
编写于
9月 26, 2012
作者:
X
xuelei
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
7200295: CertificateRequest message is wrapping when using large numbers of Certs
Reviewed-by: wetmore
上级
a5090fc4
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
430 addition
and
4 deletion
+430
-4
src/share/classes/sun/security/ssl/HandshakeMessage.java
src/share/classes/sun/security/ssl/HandshakeMessage.java
+2
-2
src/share/classes/sun/security/ssl/HandshakeOutStream.java
src/share/classes/sun/security/ssl/HandshakeOutStream.java
+19
-1
src/share/classes/sun/security/ssl/Record.java
src/share/classes/sun/security/ssl/Record.java
+7
-1
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/CertRequestOverflow.java
...nternal/ssl/X509TrustManagerImpl/CertRequestOverflow.java
+402
-0
未找到文件。
src/share/classes/sun/security/ssl/HandshakeMessage.java
浏览文件 @
02c7944c
/*
* Copyright (c) 1996, 201
1
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 201
2
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -132,7 +132,7 @@ public abstract class HandshakeMessage {
*/
final
void
write
(
HandshakeOutStream
s
)
throws
IOException
{
int
len
=
messageLength
();
if
(
len
>
(
1
<<
24
)
)
{
if
(
len
>
=
Record
.
OVERFLOW_OF_INT24
)
{
throw
new
SSLException
(
"Handshake message too big"
+
", type = "
+
messageType
()
+
", len = "
+
len
);
}
...
...
src/share/classes/sun/security/ssl/HandshakeOutStream.java
浏览文件 @
02c7944c
/*
* Copyright (c) 1996, 20
09
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 20
12
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -153,10 +153,12 @@ public class HandshakeOutStream extends OutputStream {
*/
void
putInt8
(
int
i
)
throws
IOException
{
checkOverflow
(
i
,
Record
.
OVERFLOW_OF_INT08
);
r
.
write
(
i
);
}
void
putInt16
(
int
i
)
throws
IOException
{
checkOverflow
(
i
,
Record
.
OVERFLOW_OF_INT16
);
if
(
r
.
availableDataBytes
()
<
2
)
{
flush
();
}
...
...
@@ -165,6 +167,7 @@ public class HandshakeOutStream extends OutputStream {
}
void
putInt24
(
int
i
)
throws
IOException
{
checkOverflow
(
i
,
Record
.
OVERFLOW_OF_INT24
);
if
(
r
.
availableDataBytes
()
<
3
)
{
flush
();
}
...
...
@@ -191,6 +194,8 @@ public class HandshakeOutStream extends OutputStream {
if
(
b
==
null
)
{
putInt8
(
0
);
return
;
}
else
{
checkOverflow
(
b
.
length
,
Record
.
OVERFLOW_OF_INT08
);
}
putInt8
(
b
.
length
);
write
(
b
,
0
,
b
.
length
);
...
...
@@ -200,6 +205,8 @@ public class HandshakeOutStream extends OutputStream {
if
(
b
==
null
)
{
putInt16
(
0
);
return
;
}
else
{
checkOverflow
(
b
.
length
,
Record
.
OVERFLOW_OF_INT16
);
}
putInt16
(
b
.
length
);
write
(
b
,
0
,
b
.
length
);
...
...
@@ -209,8 +216,19 @@ public class HandshakeOutStream extends OutputStream {
if
(
b
==
null
)
{
putInt24
(
0
);
return
;
}
else
{
checkOverflow
(
b
.
length
,
Record
.
OVERFLOW_OF_INT24
);
}
putInt24
(
b
.
length
);
write
(
b
,
0
,
b
.
length
);
}
private
void
checkOverflow
(
int
length
,
int
overflow
)
{
if
(
length
>=
overflow
)
{
// internal_error alert will be triggered
throw
new
RuntimeException
(
"Field length overflow, the field length ("
+
length
+
") should be less than "
+
overflow
);
}
}
}
src/share/classes/sun/security/ssl/Record.java
浏览文件 @
02c7944c
/*
* Copyright (c) 1996, 201
1
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 201
2
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -110,4 +110,10 @@ interface Record {
+
maxPadding
// padding
+
trailerSize
;
// MAC
/*
* The overflow values of integers of 8, 16 and 24 bits.
*/
static
final
int
OVERFLOW_OF_INT08
=
(
1
<<
8
);
static
final
int
OVERFLOW_OF_INT16
=
(
1
<<
16
);
static
final
int
OVERFLOW_OF_INT24
=
(
1
<<
24
);
}
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/CertRequestOverflow.java
0 → 100644
浏览文件 @
02c7944c
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/*
* @test
* @bug 7200295
* @summary CertificateRequest message is wrapping when using large
* numbers of Certs
* @run main/othervm CertRequestOverflow
*/
import
java.io.*
;
import
java.net.*
;
import
java.util.*
;
import
javax.net.ssl.*
;
import
java.security.cert.*
;
import
java.security.*
;
public
class
CertRequestOverflow
{
/*
* =============================================================
* Set the various variables needed for the tests, then
* specify what tests to run on each side.
*/
/*
* Should we run the client or server in a separate thread?
* Both sides can throw exceptions, but do you have a preference
* as to which side should be the main thread.
*/
static
boolean
separateServerThread
=
false
;
/*
* Where do we find the keystores?
*/
static
String
pathToStores
=
"../../../../../../../etc"
;
static
String
keyStoreFile
=
"keystore"
;
static
String
trustStoreFile
=
"truststore"
;
static
String
passwd
=
"passphrase"
;
private
final
static
char
[]
cpasswd
=
"passphrase"
.
toCharArray
();
/*
* Is the server ready to serve?
*/
volatile
static
boolean
serverReady
=
false
;
/*
* Turn on SSL debugging?
*/
static
boolean
debug
=
false
;
/*
* If the client or server is doing some kind of object creation
* that the other side depends on, and that thread prematurely
* exits, you may experience a hang. The test harness will
* terminate all hung threads after its timeout has expired,
* currently 3 minutes by default, but you might try to be
* smart about it....
*/
/*
* Define the server side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void
doServerSide
()
throws
Exception
{
SSLServerSocketFactory
sslssf
=
getContext
(
true
).
getServerSocketFactory
();
SSLServerSocket
sslServerSocket
=
(
SSLServerSocket
)
sslssf
.
createServerSocket
(
serverPort
);
serverPort
=
sslServerSocket
.
getLocalPort
();
// enable endpoint identification
// ignore, we may test the feature when known how to parse client
// hostname
//SSLParameters params = sslServerSocket.getSSLParameters();
//params.setEndpointIdentificationAlgorithm("HTTPS");
//sslServerSocket.setSSLParameters(params);
/*
* Signal Client, we're ready for his connect.
*/
serverReady
=
true
;
SSLSocket
sslSocket
=
(
SSLSocket
)
sslServerSocket
.
accept
();
sslSocket
.
setNeedClientAuth
(
true
);
InputStream
sslIS
=
sslSocket
.
getInputStream
();
OutputStream
sslOS
=
sslSocket
.
getOutputStream
();
try
{
sslIS
.
read
();
sslOS
.
write
(
85
);
sslOS
.
flush
();
throw
new
Exception
(
"SERVER TEST FAILED! "
+
"It is expected to fail with field length overflow"
);
}
catch
(
SSLException
ssle
)
{
Throwable
cause
=
ssle
.
getCause
();
if
(!(
cause
instanceof
RuntimeException
))
{
System
.
out
.
println
(
"We are expecting a RuntimeException!"
);
throw
ssle
;
}
System
.
out
.
println
(
"The expected exception! "
+
ssle
);
}
finally
{
sslSocket
.
close
();
}
System
.
out
.
println
(
"SERVER TEST PASSED!"
);
}
/*
* Define the client side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void
doClientSide
()
throws
Exception
{
/*
* Wait for server to get started.
*/
while
(!
serverReady
)
{
Thread
.
sleep
(
50
);
}
SSLSocketFactory
sslsf
=
getContext
(
false
).
getSocketFactory
();
SSLSocket
sslSocket
=
(
SSLSocket
)
sslsf
.
createSocket
(
"localhost"
,
serverPort
);
// enable endpoint identification
SSLParameters
params
=
sslSocket
.
getSSLParameters
();
params
.
setEndpointIdentificationAlgorithm
(
"HTTPS"
);
sslSocket
.
setSSLParameters
(
params
);
InputStream
sslIS
=
sslSocket
.
getInputStream
();
OutputStream
sslOS
=
sslSocket
.
getOutputStream
();
try
{
sslOS
.
write
(
280
);
sslOS
.
flush
();
sslIS
.
read
();
}
catch
(
SSLException
ssle
)
{
System
.
out
.
println
(
"An expected exception!"
);
}
finally
{
sslSocket
.
close
();
}
}
MyExtendedX509TM
serverTM
;
MyExtendedX509TM
clientTM
;
private
SSLContext
getContext
(
boolean
server
)
throws
Exception
{
String
keyFilename
=
System
.
getProperty
(
"test.src"
,
"./"
)
+
"/"
+
pathToStores
+
"/"
+
keyStoreFile
;
String
trustFilename
=
System
.
getProperty
(
"test.src"
,
"./"
)
+
"/"
+
pathToStores
+
"/"
+
trustStoreFile
;
KeyManagerFactory
kmf
=
KeyManagerFactory
.
getInstance
(
"SunX509"
);
KeyStore
ks
=
KeyStore
.
getInstance
(
"JKS"
);
ks
.
load
(
new
FileInputStream
(
keyFilename
),
cpasswd
);
kmf
.
init
(
ks
,
cpasswd
);
TrustManagerFactory
tmf
=
TrustManagerFactory
.
getInstance
(
"SunX509"
);
KeyStore
ts
=
KeyStore
.
getInstance
(
"JKS"
);
ts
.
load
(
new
FileInputStream
(
trustFilename
),
cpasswd
);
tmf
.
init
(
ts
);
TrustManager
tms
[]
=
tmf
.
getTrustManagers
();
if
(
tms
==
null
||
tms
.
length
==
0
)
{
throw
new
Exception
(
"unexpected trust manager implementation"
);
}
else
{
if
(!(
tms
[
0
]
instanceof
X509TrustManager
))
{
throw
new
Exception
(
"unexpected trust manager implementation: "
+
tms
[
0
].
getClass
().
getCanonicalName
());
}
}
if
(
server
)
{
serverTM
=
new
MyExtendedX509TM
((
X509TrustManager
)
tms
[
0
]);
tms
=
new
TrustManager
[]
{
serverTM
};
}
else
{
clientTM
=
new
MyExtendedX509TM
((
X509TrustManager
)
tms
[
0
]);
tms
=
new
TrustManager
[]
{
clientTM
};
}
SSLContext
ctx
=
SSLContext
.
getInstance
(
"TLS"
);
ctx
.
init
(
kmf
.
getKeyManagers
(),
tms
,
null
);
return
ctx
;
}
static
class
MyExtendedX509TM
extends
X509ExtendedTrustManager
implements
X509TrustManager
{
X509TrustManager
tm
;
boolean
clientChecked
;
boolean
serverChecked
;
MyExtendedX509TM
(
X509TrustManager
tm
)
{
clientChecked
=
false
;
serverChecked
=
false
;
this
.
tm
=
tm
;
}
public
boolean
wasClientChecked
()
{
return
clientChecked
;
}
public
boolean
wasServerChecked
()
{
return
serverChecked
;
}
public
void
checkClientTrusted
(
X509Certificate
chain
[],
String
authType
)
throws
CertificateException
{
tm
.
checkClientTrusted
(
chain
,
authType
);
}
public
void
checkServerTrusted
(
X509Certificate
chain
[],
String
authType
)
throws
CertificateException
{
tm
.
checkServerTrusted
(
chain
,
authType
);
}
public
X509Certificate
[]
getAcceptedIssuers
()
{
// (hack code) increase the size of the returned array to make a
// overflow CertificateRequest.
List
<
X509Certificate
>
issuersList
=
new
LinkedList
<>();
X509Certificate
[]
issuers
=
tm
.
getAcceptedIssuers
();
for
(
int
i
=
0
;
i
<
800
;
i
+=
issuers
.
length
)
{
for
(
X509Certificate
issuer
:
issuers
)
{
issuersList
.
add
(
issuer
);
}
}
return
issuersList
.
toArray
(
issuers
);
}
public
void
checkClientTrusted
(
X509Certificate
[]
chain
,
String
authType
,
Socket
socket
)
throws
CertificateException
{
clientChecked
=
true
;
tm
.
checkClientTrusted
(
chain
,
authType
);
}
public
void
checkServerTrusted
(
X509Certificate
[]
chain
,
String
authType
,
Socket
socket
)
throws
CertificateException
{
serverChecked
=
true
;
tm
.
checkServerTrusted
(
chain
,
authType
);
}
public
void
checkClientTrusted
(
X509Certificate
[]
chain
,
String
authType
,
SSLEngine
engine
)
throws
CertificateException
{
clientChecked
=
true
;
tm
.
checkClientTrusted
(
chain
,
authType
);
}
public
void
checkServerTrusted
(
X509Certificate
[]
chain
,
String
authType
,
SSLEngine
engine
)
throws
CertificateException
{
serverChecked
=
true
;
tm
.
checkServerTrusted
(
chain
,
authType
);
}
}
/*
* =============================================================
* The remainder is just support stuff
*/
// use any free port by default
volatile
int
serverPort
=
0
;
volatile
Exception
serverException
=
null
;
volatile
Exception
clientException
=
null
;
public
static
void
main
(
String
[]
args
)
throws
Exception
{
if
(
debug
)
System
.
setProperty
(
"javax.net.debug"
,
"all"
);
/*
* Start the tests.
*/
new
CertRequestOverflow
();
}
Thread
clientThread
=
null
;
Thread
serverThread
=
null
;
/*
* Primary constructor, used to drive remainder of the test.
*
* Fork off the other side, then do your work.
*/
CertRequestOverflow
()
throws
Exception
{
if
(
separateServerThread
)
{
startServer
(
true
);
startClient
(
false
);
}
else
{
startClient
(
true
);
startServer
(
false
);
}
/*
* Wait for other side to close down.
*/
if
(
separateServerThread
)
{
serverThread
.
join
();
}
else
{
clientThread
.
join
();
}
/*
* When we get here, the test is pretty much over.
*
* If the main thread excepted, that propagates back
* immediately. If the other thread threw an exception, we
* should report back.
*/
if
(
serverException
!=
null
)
throw
serverException
;
if
(
clientException
!=
null
)
throw
clientException
;
}
void
startServer
(
boolean
newThread
)
throws
Exception
{
if
(
newThread
)
{
serverThread
=
new
Thread
()
{
public
void
run
()
{
try
{
doServerSide
();
}
catch
(
Exception
e
)
{
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System
.
err
.
println
(
"Server died..."
);
serverReady
=
true
;
serverException
=
e
;
}
}
};
serverThread
.
start
();
}
else
{
doServerSide
();
}
}
void
startClient
(
boolean
newThread
)
throws
Exception
{
if
(
newThread
)
{
clientThread
=
new
Thread
()
{
public
void
run
()
{
try
{
doClientSide
();
}
catch
(
Exception
e
)
{
/*
* Our client thread just died.
*/
System
.
err
.
println
(
"Client died..."
);
clientException
=
e
;
}
}
};
clientThread
.
start
();
}
else
{
doClientSide
();
}
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录