Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk

体验新版 GitCode,发现更多精彩内容 >>

提交 0bde254d 编写于 作者: W weijun
浏览文件
操作

6813340: X509Factory should not depend on is.available()==0 

Reviewed-by: xuelei
上级 d876c863
隐藏空白更改
内联 并排
Showing with 410 addition and 354 deletion
src/share/classes/sun/security/provider/X509Factory.java
浏览文件 @ 0bde254d
/* /*
* Copyright 1998-2009 Sun Microsystems, Inc. All Rights Reserved. * Copyright 1998-2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -26,7 +26,6 @@ ...@@ -26,7 +26,6 @@
package sun.security.provider; package sun.security.provider;
import java.io.*; import java.io.*;
import java.util.Collection;
import java.util.*; import java.util.*;
import java.security.cert.*; import java.security.cert.*;
import sun.security.x509.X509CertImpl; import sun.security.x509.X509CertImpl;
...@@ -37,6 +36,7 @@ import sun.security.provider.certpath.X509CertificatePair; ...@@ -37,6 +36,7 @@ import sun.security.provider.certpath.X509CertificatePair;
import sun.security.util.DerValue; import sun.security.util.DerValue;
import sun.security.util.Cache; import sun.security.util.Cache;
import sun.misc.BASE64Decoder; import sun.misc.BASE64Decoder;
import sun.security.pkcs.ParsingException;
/** /**
* This class defines a certificate factory for X.509 v3 certificates & * This class defines a certificate factory for X.509 v3 certificates &
...@@ -62,10 +62,6 @@ public class X509Factory extends CertificateFactorySpi { ...@@ -62,10 +62,6 @@ public class X509Factory extends CertificateFactorySpi {
public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
public static final String END_CERT = "-----END CERTIFICATE-----"; public static final String END_CERT = "-----END CERTIFICATE-----";
private static final int defaultExpectedLineLength = 80;
private static final char[] endBoundary = "-----END".toCharArray();
private static final int ENC_MAX_LENGTH = 4096 * 1024; // 4 MB MAX private static final int ENC_MAX_LENGTH = 4096 * 1024; // 4 MB MAX
private static final Cache certCache = Cache.newSoftMemoryCache(750); private static final Cache certCache = Cache.newSoftMemoryCache(750);
...@@ -92,13 +88,7 @@ public class X509Factory extends CertificateFactorySpi { ...@@ -92,13 +88,7 @@ public class X509Factory extends CertificateFactorySpi {
throw new CertificateException("Missing input stream"); throw new CertificateException("Missing input stream");
} }
try { try {
if (is.markSupported() == false) { byte[] encoding = readOneBlock(is);
// consume the entire input stream
byte[] totalBytes;
totalBytes = getTotalBytes(new BufferedInputStream(is));
is = new ByteArrayInputStream(totalBytes);
}
byte[] encoding = readSequence(is);
if (encoding != null) { if (encoding != null) {
X509CertImpl cert = (X509CertImpl)getFromCache(certCache, encoding); X509CertImpl cert = (X509CertImpl)getFromCache(certCache, encoding);
if (cert != null) { if (cert != null) {
...@@ -108,19 +98,7 @@ public class X509Factory extends CertificateFactorySpi { ...@@ -108,19 +98,7 @@ public class X509Factory extends CertificateFactorySpi {
addToCache(certCache, cert.getEncodedInternal(), cert); addToCache(certCache, cert.getEncodedInternal(), cert);
return cert; return cert;
} else { } else {
X509CertImpl cert; throw new IOException("Empty input");
// determine if binary or Base64 encoding. If Base64 encoding,
// the certificate must be bounded at the beginning by
// "-----BEGIN".
if (isBase64(is)) {
// Base64
byte[] data = base64_to_binary(is);
cert = new X509CertImpl(data);
} else {
// binary
cert = new X509CertImpl(new DerValue(is));
}
return intern(cert);
} }
} catch (IOException ioe) { } catch (IOException ioe) {
throw (CertificateException)new CertificateException throw (CertificateException)new CertificateException
...@@ -128,74 +106,22 @@ public class X509Factory extends CertificateFactorySpi { ...@@ -128,74 +106,22 @@ public class X509Factory extends CertificateFactorySpi {
} }
} }
/**
* Read a DER SEQUENCE from an InputStream and return the encoding.
* If data does not represent a SEQUENCE, it uses indefinite length
* encoding, or is longer than ENC_MAX_LENGTH, the stream is reset
* and this method returns null.
*/
private static byte[] readSequence(InputStream in) throws IOException {
in.mark(ENC_MAX_LENGTH);
byte[] b = new byte[4];
int i = readFully(in, b, 0, b.length);
if ((i != b.length) || (b[0] != 0x30)) { // first byte must be SEQUENCE
in.reset();
return null;
}
i = b[1] & 0xff;
int totalLength;
if (i < 0x80) {
int valueLength = i;
totalLength = valueLength + 2;
} else if (i == 0x81) {
int valueLength = b[2] & 0xff;
totalLength = valueLength + 3;
} else if (i == 0x82) {
int valueLength = ((b[2] & 0xff) << 8) | (b[3] & 0xff);
totalLength = valueLength + 4;
} else { // ignore longer length forms
in.reset();
return null;
}
if (totalLength > ENC_MAX_LENGTH) {
in.reset();
return null;
}
byte[] encoding = new byte[totalLength];
if( totalLength < b.length ) {
in.reset();
i = readFully(in, encoding, 0, totalLength);
if( i != totalLength ) {
in.reset();
return null;
}
} else {
System.arraycopy(b, 0, encoding, 0, b.length);
int n = totalLength - b.length;
i = readFully(in, encoding, b.length, n);
if (i != n) {
in.reset();
return null;
}
}
return encoding;
}
/** /**
* Read from the stream until length bytes have been read or EOF has * Read from the stream until length bytes have been read or EOF has
* been reached. Return the number of bytes actually read. * been reached. Return the number of bytes actually read.
*/ */
private static int readFully(InputStream in, byte[] buffer, int offset, private static int readFully(InputStream in, ByteArrayOutputStream bout,
int length) throws IOException { int length) throws IOException {
int read = 0; int read = 0;
byte[] buffer = new byte[2048];
while (length > 0) { while (length > 0) {
int n = in.read(buffer, offset, length); int n = in.read(buffer, 0, length<2048?length:2048);
if (n <= 0) { if (n <= 0) {
break; break;
} }
bout.write(buffer, 0, n);
read += n; read += n;
length -= n; length -= n;
offset += n;
} }
return read; return read;
} }
...@@ -309,21 +235,11 @@ public class X509Factory extends CertificateFactorySpi { ...@@ -309,21 +235,11 @@ public class X509Factory extends CertificateFactorySpi {
throw new CertificateException("Missing input stream"); throw new CertificateException("Missing input stream");
} }
try { try {
if (inStream.markSupported() == false) { byte[] encoding = readOneBlock(inStream);
// consume the entire input stream if (encoding != null) {
byte[] totalBytes; return new X509CertPath(new ByteArrayInputStream(encoding));
totalBytes = getTotalBytes(new BufferedInputStream(inStream));
inStream = new ByteArrayInputStream(totalBytes);
}
// determine if binary or Base64 encoding. If Base64 encoding,
// each certificate must be bounded at the beginning by
// "-----BEGIN".
if (isBase64(inStream)) {
// Base64
byte[] data = base64_to_binary(inStream);
return new X509CertPath(new ByteArrayInputStream(data));
} else { } else {
return new X509CertPath(inStream); throw new IOException("Empty input");
} }
} catch (IOException ioe) { } catch (IOException ioe) {
throw new CertificateException(ioe.getMessage()); throw new CertificateException(ioe.getMessage());
...@@ -350,21 +266,11 @@ public class X509Factory extends CertificateFactorySpi { ...@@ -350,21 +266,11 @@ public class X509Factory extends CertificateFactorySpi {
throw new CertificateException("Missing input stream"); throw new CertificateException("Missing input stream");
} }
try { try {
if (inStream.markSupported() == false) { byte[] data = readOneBlock(inStream);
// consume the entire input stream if (data != null) {
byte[] totalBytes;
totalBytes = getTotalBytes(new BufferedInputStream(inStream));
inStream = new ByteArrayInputStream(totalBytes);
}
// determine if binary or Base64 encoding. If Base64 encoding,
// each certificate must be bounded at the beginning by
// "-----BEGIN".
if (isBase64(inStream)) {
// Base64
byte[] data = base64_to_binary(inStream);
return new X509CertPath(new ByteArrayInputStream(data), encoding); return new X509CertPath(new ByteArrayInputStream(data), encoding);
} else { } else {
return(new X509CertPath(inStream, encoding)); throw new IOException("Empty input");
} }
} catch (IOException ioe) { } catch (IOException ioe) {
throw new CertificateException(ioe.getMessage()); throw new CertificateException(ioe.getMessage());
...@@ -426,11 +332,6 @@ public class X509Factory extends CertificateFactorySpi { ...@@ -426,11 +332,6 @@ public class X509Factory extends CertificateFactorySpi {
throw new CertificateException("Missing input stream"); throw new CertificateException("Missing input stream");
} }
try { try {
if (is.markSupported() == false) {
// consume the entire input stream
is = new ByteArrayInputStream
(getTotalBytes(new BufferedInputStream(is)));
}
return parseX509orPKCS7Cert(is); return parseX509orPKCS7Cert(is);
} catch (IOException ioe) { } catch (IOException ioe) {
throw new CertificateException(ioe); throw new CertificateException(ioe);
...@@ -458,13 +359,7 @@ public class X509Factory extends CertificateFactorySpi { ...@@ -458,13 +359,7 @@ public class X509Factory extends CertificateFactorySpi {
throw new CRLException("Missing input stream"); throw new CRLException("Missing input stream");
} }
try { try {
if (is.markSupported() == false) { byte[] encoding = readOneBlock(is);
// consume the entire input stream
byte[] totalBytes;
totalBytes = getTotalBytes(new BufferedInputStream(is));
is = new ByteArrayInputStream(totalBytes);
}
byte[] encoding = readSequence(is);
if (encoding != null) { if (encoding != null) {
X509CRLImpl crl = (X509CRLImpl)getFromCache(crlCache, encoding); X509CRLImpl crl = (X509CRLImpl)getFromCache(crlCache, encoding);
if (crl != null) { if (crl != null) {
...@@ -474,19 +369,7 @@ public class X509Factory extends CertificateFactorySpi { ...@@ -474,19 +369,7 @@ public class X509Factory extends CertificateFactorySpi {
addToCache(crlCache, crl.getEncodedInternal(), crl); addToCache(crlCache, crl.getEncodedInternal(), crl);
return crl; return crl;
} else { } else {
X509CRLImpl crl; throw new IOException("Empty input");
// determine if binary or Base64 encoding. If Base64 encoding,
// the CRL must be bounded at the beginning by
// "-----BEGIN".
if (isBase64(is)) {
// Base64
byte[] data = base64_to_binary(is);
crl = new X509CRLImpl(data);
} else {
// binary
crl = new X509CRLImpl(new DerValue(is));
}
return intern(crl);
} }
} catch (IOException ioe) { } catch (IOException ioe) {
throw new CRLException(ioe.getMessage()); throw new CRLException(ioe.getMessage());
...@@ -504,19 +387,13 @@ public class X509Factory extends CertificateFactorySpi { ...@@ -504,19 +387,13 @@ public class X509Factory extends CertificateFactorySpi {
* *
* @exception CRLException on parsing errors. * @exception CRLException on parsing errors.
*/ */
public Collection<? extends java.security.cert.CRL> engineGenerateCRLs(InputStream public Collection<? extends java.security.cert.CRL> engineGenerateCRLs(
is) InputStream is) throws CRLException
throws CRLException
{ {
if (is == null) { if (is == null) {
throw new CRLException("Missing input stream"); throw new CRLException("Missing input stream");
} }
try { try {
if (is.markSupported() == false) {
// consume the entire input stream
is = new ByteArrayInputStream
(getTotalBytes(new BufferedInputStream(is)));
}
return parseX509orPKCS7CRL(is); return parseX509orPKCS7CRL(is);
} catch (IOException ioe) { } catch (IOException ioe) {
throw new CRLException(ioe.getMessage()); throw new CRLException(ioe.getMessage());
...@@ -533,42 +410,25 @@ is) ...@@ -533,42 +410,25 @@ is)
throws CertificateException, IOException throws CertificateException, IOException
{ {
Collection<X509CertImpl> coll = new ArrayList<X509CertImpl>(); Collection<X509CertImpl> coll = new ArrayList<X509CertImpl>();
boolean first = true; byte[] data = readOneBlock(is);
while (is.available() != 0) { if (data == null) {
// determine if binary or Base64 encoding. If Base64 encoding, return new ArrayList<X509CertImpl>(0);
// each certificate must be bounded at the beginning by }
// "-----BEGIN". try {
InputStream is2 = is; PKCS7 pkcs7 = new PKCS7(data);
if (isBase64(is2)) { X509Certificate[] certs = pkcs7.getCertificates();
// Base64 // certs are optional in PKCS #7
is2 = new ByteArrayInputStream(base64_to_binary(is2)); if (certs != null) {
return Arrays.asList(certs);
} else {
// no crls provided
return new ArrayList<X509Certificate>(0);
} }
if (first) } catch (ParsingException e) {
is2.mark(is2.available()); while (data != null) {
try { coll.add(new X509CertImpl(data));
// treat as X.509 cert data = readOneBlock(is);
coll.add(intern(new X509CertImpl(new DerValue(is2))));
} catch (CertificateException e) {
Throwable cause = e.getCause();
// only treat as PKCS#7 if this is the first cert parsed
// and the root cause of the decoding failure is an IOException
if (first && cause != null && (cause instanceof IOException)) {
// treat as PKCS#7
is2.reset();
PKCS7 pkcs7 = new PKCS7(is2);
X509Certificate[] certs = pkcs7.getCertificates();
// certs are optional in PKCS #7
if (certs != null) {
return Arrays.asList(certs);
} else {
// no certs provided
return new ArrayList<X509Certificate>(0);
}
} else {
throw e;
}
} }
first = false;
} }
return coll; return coll;
} }
...@@ -583,162 +443,215 @@ is) ...@@ -583,162 +443,215 @@ is)
throws CRLException, IOException throws CRLException, IOException
{ {
Collection<X509CRLImpl> coll = new ArrayList<X509CRLImpl>(); Collection<X509CRLImpl> coll = new ArrayList<X509CRLImpl>();
boolean first = true; byte[] data = readOneBlock(is);
while (is.available() != 0) { if (data == null) {
// determine if binary or Base64 encoding. If Base64 encoding, return new ArrayList<X509CRL>(0);
// the CRL must be bounded at the beginning by }
// "-----BEGIN". try {
InputStream is2 = is; PKCS7 pkcs7 = new PKCS7(data);
if (isBase64(is)) { X509CRL[] crls = pkcs7.getCRLs();
// Base64 // CRLs are optional in PKCS #7
is2 = new ByteArrayInputStream(base64_to_binary(is2)); if (crls != null) {
return Arrays.asList(crls);
} else {
// no crls provided
return new ArrayList<X509CRL>(0);
} }
if (first) } catch (ParsingException e) {
is2.mark(is2.available()); while (data != null) {
try { coll.add(new X509CRLImpl(data));
// treat as X.509 CRL data = readOneBlock(is);
coll.add(new X509CRLImpl(is2));
} catch (CRLException e) {
// only treat as PKCS#7 if this is the first CRL parsed
if (first) {
is2.reset();
PKCS7 pkcs7 = new PKCS7(is2);
X509CRL[] crls = pkcs7.getCRLs();
// CRLs are optional in PKCS #7
if (crls != null) {
return Arrays.asList(crls);
} else {
// no crls provided
return new ArrayList<X509CRL>(0);
}
}
} }
first = false;
} }
return coll; return coll;
} }
/* /**
* Converts a Base64-encoded X.509 certificate or X.509 CRL or PKCS#7 data * Returns an ASN.1 SEQUENCE from a stream, which might be a BER-encoded
* to binary encoding. * binary block or a PEM-style BASE64-encoded ASCII data. In the latter
* In all cases, the data must be bounded at the beginning by * case, it's de-BASE64'ed before return.
* "-----BEGIN", and must be bounded at the end by "-----END". *
* After the reading, the input stream pointer is after the BER block, or
* after the newline character after the -----END SOMETHING----- line.
*
* @param is the InputStream
* @returns byte block or null if end of stream
* @throws IOException If any parsing error
*/ */
private byte[] base64_to_binary(InputStream is) private static byte[] readOneBlock(InputStream is) throws IOException {
throws IOException
{
long len = 0; // total length of base64 encoding, including boundaries
is.mark(is.available());
BufferedInputStream bufin = new BufferedInputStream(is); // The first character of a BLOCK.
BufferedReader br = int c = is.read();
new BufferedReader(new InputStreamReader(bufin, "ASCII")); if (c == -1) {
return null;
// First read all of the data that is found between
// the "-----BEGIN" and "-----END" boundaries into a buffer.
String temp;
while (true) {
temp=readLine(br);
if (temp == null) {
throw new IOException("Unsupported encoding");
}
len += temp.length();
if (temp.startsWith("-----BEGIN")) {
break;
}
}
StringBuffer strBuf = new StringBuffer();
while ((temp=readLine(br))!=null && !temp.startsWith("-----END")) {
strBuf.append(temp);
} }
if (temp == null) { if (c == DerValue.tag_Sequence) {
throw new IOException("Unsupported encoding"); ByteArrayOutputStream bout = new ByteArrayOutputStream(2048);
bout.write(c);
readBERInternal(is, bout, c);
return bout.toByteArray();
} else { } else {
len += temp.length(); // Read BASE64 encoded data, might skip info at the beginning
} char[] data = new char[2048];
int pos = 0;
// consume only as much as was needed
len += strBuf.length(); // Step 1: Read until header is found
is.reset(); int hyphen = (c=='-') ? 1: 0; // count of consequent hyphens
is.skip(len); int last = (c=='-') ? -1: c; // the char before hyphen
while (true) {
int next = is.read();
if (next == -1) {
// We accept useless data after the last block,
// say, empty lines.
return null;
}
if (next == '-') {
hyphen++;
} else {
hyphen = 0;
last = next;
}
if (hyphen == 5 && (last==-1 || last=='\r' || last=='\n')) {
break;
}
}
// Now, that data is supposed to be a single X.509 certificate or // Step 2: Read the rest of header, determine the line end
// X.509 CRL or PKCS#7 formatted data... Base64 encoded. int end;
// Decode into binary and return the result. while (true) {
BASE64Decoder decoder = new BASE64Decoder(); int next = is.read();
return decoder.decodeBuffer(strBuf.toString()); if (next == -1) {
} throw new IOException("Incomplete data");
}
if (next == '\n') {
end = '\n';
break;
}
if (next == '\r') {
next = is.read();
if (next == -1) {
throw new IOException("Incomplete data");
}
if (next == '\n') {
end = '\n';
} else {
end = '\r';
data[pos++] = (char)next;
}
break;
}
}
/* // Step 3: Read the data
* Reads the entire input stream into a byte array. while (true) {
*/ int next = is.read();
private byte[] getTotalBytes(InputStream is) throws IOException { if (next == -1) {
byte[] buffer = new byte[8192]; throw new IOException("Incomplete data");
ByteArrayOutputStream baos = new ByteArrayOutputStream(2048); }
int n; if (next != '-') {
baos.reset(); data[pos++] = (char)next;
while ((n = is.read(buffer, 0, buffer.length)) != -1) { if (pos >= data.length) {
baos.write(buffer, 0, n); data = Arrays.copyOf(data, data.length+1024);
} }
return baos.toByteArray(); } else {
} break;
}
}
/* // Step 4: Consume the footer
* Determines if input is binary or Base64 encoded. while (true) {
*/ int next = is.read();
private boolean isBase64(InputStream is) throws IOException { // Add next == '\n' for maximum safety, in case endline
if (is.available() >= 1) { // is not consistent.
is.mark(1); if (next == -1 || next == end || next == '\n') {
int c1 = is.read(); break;
is.reset(); }
if (c1 != DerValue.tag_Sequence) {
return true;
} else {
return false;
} }
} else {
return false; BASE64Decoder decoder = new BASE64Decoder();
return decoder.decodeBuffer(new String(data, 0, pos));
} }
} }
/* /**
* Read a line of text. A line is considered to be terminated by any one * Read one BER data block. This method is aware of indefinite-length BER
* of a line feed ('\n'), a carriage return ('\r'), a carriage return * encoding and will read all of the sub-sections in a recursive way
* followed immediately by a linefeed, or an end-of-certificate marker.
* *
* @return A String containing the contents of the line, including * @param is Read from this InputStream
* any line-termination characters, or null if the end of the * @param bout Write into this OutputStream
* stream has been reached. * @param tag Tag already read (-1 mean not read)
* @returns The current tag, used to check EOC in indefinite-length BER
* @throws IOException Any parsing error
*/ */
private String readLine(BufferedReader br) throws IOException { private static int readBERInternal(InputStream is,
int c; ByteArrayOutputStream bout, int tag) throws IOException {
int i = 0;
boolean isMatch = true; if (tag == -1) { // Not read before the call, read now
boolean matched = false; tag = is.read();
StringBuffer sb = new StringBuffer(defaultExpectedLineLength); if (tag == -1) {
do { throw new IOException("BER/DER tag info absent");
c = br.read(); }
if (isMatch && (i < endBoundary.length)) { if ((tag & 0x1f) == 0x1f) {
isMatch = ((char)c != endBoundary[i++]) ? false : true; throw new IOException("Multi octets tag not supported");
} }
if (!matched) bout.write(tag);
matched = (isMatch && (i == endBoundary.length)); }
sb.append((char)c);
} while ((c != -1) && (c != '\n') && (c != '\r'));
if (!matched && c == -1) { int n = is.read();
return null; if (n == -1) {
throw new IOException("BER/DER length info ansent");
} }
if (c == '\r') { bout.write(n);
br.mark(1);
int c2 = br.read(); int length;
if (c2 == '\n') {
sb.append((char)c); if (n == 0x80) { // Indefinite-length encoding
} else { if ((tag & 0x20) != 0x20) {
br.reset(); throw new IOException(
"Non constructed encoding must have definite length");
}
while (true) {
int subTag = readBERInternal(is, bout, -1);
if (subTag == 0) { // EOC, end of indefinite-length section
break;
}
}
} else {
if (n < 0x80) {
length = n;
} else if (n == 0x81) {
length = is.read();
if (length == -1) {
throw new IOException("Incomplete BER/DER length info");
}
bout.write(length);
} else if (n == 0x82) {
int highByte = is.read();
int lowByte = is.read();
if (lowByte == -1) {
throw new IOException("Incomplete BER/DER length info");
}
bout.write(highByte);
bout.write(lowByte);
length = (highByte << 8) | lowByte;
} else if (n == 0x83) {
int highByte = is.read();
int midByte = is.read();
int lowByte = is.read();
if (lowByte == -1) {
throw new IOException("Incomplete BER/DER length info");
}
bout.write(highByte);
bout.write(midByte);
bout.write(lowByte);
length = (highByte << 16) | (midByte << 8) | lowByte;
} else { // ignore longer length forms
throw new IOException("Invalid BER/DER data (too huge?)");
}
if (readFully(is, bout, length) != length) {
throw new IOException("Incomplete BER/DER data");
} }
} }
return sb.toString(); return tag;
} }
} }
src/share/classes/sun/security/tools/KeyTool.java
浏览文件 @ 0bde254d
...@@ -977,46 +977,35 @@ public final class KeyTool { ...@@ -977,46 +977,35 @@ public final class KeyTool {
if (filename != null) { if (filename != null) {
inStream = new FileInputStream(filename); inStream = new FileInputStream(filename);
} }
// Read the full stream before feeding to X509Factory, String importAlias = (alias!=null)?alias:keyAlias;
// otherwise, keytool -gencert | keytool -importcert
// might not work properly, since -gencert is slow
// and there's no data in the pipe at the beginning.
ByteArrayOutputStream bout = new ByteArrayOutputStream();
try { try {
byte[] b = new byte[4096]; if (keyStore.entryInstanceOf(
while (true) { importAlias, KeyStore.PrivateKeyEntry.class)) {
int len = inStream.read(b); kssave = installReply(importAlias, inStream);
if (len < 0) break; if (kssave) {
bout.write(b, 0, len); System.err.println(rb.getString
("Certificate reply was installed in keystore"));
} else {
System.err.println(rb.getString
("Certificate reply was not installed in keystore"));
}
} else if (!keyStore.containsAlias(importAlias) ||
keyStore.entryInstanceOf(importAlias,
KeyStore.TrustedCertificateEntry.class)) {
kssave = addTrustedCert(importAlias, inStream);
if (kssave) {
System.err.println(rb.getString
("Certificate was added to keystore"));
} else {
System.err.println(rb.getString
("Certificate was not added to keystore"));
}
} }
} finally { } finally {
if (inStream != System.in) { if (inStream != System.in) {
inStream.close(); inStream.close();
} }
} }
inStream = new ByteArrayInputStream(bout.toByteArray());
String importAlias = (alias!=null)?alias:keyAlias;
if (keyStore.entryInstanceOf(importAlias, KeyStore.PrivateKeyEntry.class)) {
kssave = installReply(importAlias, inStream);
if (kssave) {
System.err.println(rb.getString
("Certificate reply was installed in keystore"));
} else {
System.err.println(rb.getString
("Certificate reply was not installed in keystore"));
}
} else if (!keyStore.containsAlias(importAlias) ||
keyStore.entryInstanceOf(importAlias,
KeyStore.TrustedCertificateEntry.class)) {
kssave = addTrustedCert(importAlias, inStream);
if (kssave) {
System.err.println(rb.getString
("Certificate was added to keystore"));
} else {
System.err.println(rb.getString
("Certificate was not added to keystore"));
}
}
} else if (command == IMPORTKEYSTORE) { } else if (command == IMPORTKEYSTORE) {
doImportKeyStore(); doImportKeyStore();
kssave = true; kssave = true;
...@@ -2149,18 +2138,7 @@ public final class KeyTool { ...@@ -2149,18 +2138,7 @@ public final class KeyTool {
inStream = new FileInputStream(filename); inStream = new FileInputStream(filename);
} }
try { try {
// Read the full stream before feeding to X509Factory, printCertFromStream(inStream, out);
// otherwise, keytool -gencert | keytool -printcert
// might not work properly, since -gencert is slow
// and there's no data in the pipe at the beginning.
ByteArrayOutputStream bout = new ByteArrayOutputStream();
byte[] b = new byte[4096];
while (true) {
int len = inStream.read(b);
if (len < 0) break;
bout.write(b, 0, len);
}
printCertFromStream(new ByteArrayInputStream(bout.toByteArray()), out);
} finally { } finally {
if (inStream != System.in) { if (inStream != System.in) {
inStream.close(); inStream.close();
......
test/java/security/cert/CertificateFactory/ReturnStream.java 0 → 100644
浏览文件 @ 0bde254d
/*
* Copyright 2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/*
* @test
* @bug 6813340
* @summary X509Factory should not depend on is.available()==0
*/
import java.io.*;
import java.security.cert.*;
/**
* Tests ol'Mac style file, end witha single '\r'
*/
public class ReturnStream {
public static void main(String[] args) throws Exception {
FileInputStream fin = new FileInputStream(new File(new File(
System.getProperty("test.src", "."), "openssl"), "pem"));
byte[] buffer = new byte[4096];
int size = 0;
while (true) {
int len = fin.read(buffer, size, 4096-size);
if (len < 0) break;
size += len;
}
fin.close();
// Make a copy
System.arraycopy(buffer, 0, buffer, size, size);
size += size;
// Create a ol'Mac style file.
for (int i=0; i<size; i++) {
if (buffer[i] == '\n') buffer[i] = '\r';
}
CertificateFactory factory = CertificateFactory.getInstance("X.509");
if (factory.generateCertificates(
new ByteArrayInputStream(buffer, 0, size)).size() != 2) {
throw new Exception("Cert not OK");
}
}
}
test/java/security/cert/CertificateFactory/SlowStream.java 0 → 100644
浏览文件 @ 0bde254d
/*
* Copyright 2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
import java.io.*;
import java.security.cert.*;
class SlowStreamReader {
public static void main(String[] args) throws Exception {
CertificateFactory factory = CertificateFactory.getInstance("X.509");
if (factory.generateCertificates(System.in).size() != 5) {
throw new Exception("Not all certs read");
}
}
}
class SlowStreamWriter {
public static void main(String[] args) throws Exception {
for (int i=0; i<5; i++) {
FileInputStream fin = new FileInputStream(new File(new File(
System.getProperty("test.src", "."), "openssl"), "pem"));
byte[] buffer = new byte[4096];
while (true) {
int len = fin.read(buffer);
if (len < 0) break;
System.out.write(buffer, 0, len);
}
Thread.sleep(2000);
}
}
}
test/java/security/cert/CertificateFactory/slowstream.sh 0 → 100644
浏览文件 @ 0bde254d
#
# Copyright 2010 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
# CA 95054 USA or visit www.sun.com if you need additional information or
# have any questions.
#
# @test
# @bug 6813340
# @summary X509Factory should not depend on is.available()==0
if [ "${TESTSRC}" = "" ] ; then
TESTSRC="."
fi
if [ "${TESTJAVA}" = "" ] ; then
echo "TESTJAVA not set. Test cannot execute."
echo "FAILED!!!"
exit 1
fi
# set platform-dependent variables
OS=`uname -s`
case "$OS" in
Windows_* )
FS="\\"
;;
* )
FS="/"
;;
esac
${TESTJAVA}${FS}bin${FS}javac -d . ${TESTSRC}${FS}SlowStream.java
${TESTJAVA}${FS}bin${FS}java -Dtest.src=${TESTSRC} SlowStreamWriter | \
${TESTJAVA}${FS}bin${FS}java SlowStreamReader
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册