Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
13422679
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
13422679
编写于
11月 21, 2017
作者:
A
asaha
浏览文件
操作
浏览文件
下载
差异文件
Merge
上级
2193c2c7
caf7b0c5
变更
13
展开全部
隐藏空白更改
内联
并排
Showing
13 changed file
with
953 addition
and
53 deletion
+953
-53
src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java
...classes/com/sun/crypto/provider/DHParameterGenerator.java
+3
-0
src/share/classes/sun/net/www/protocol/http/spnego/NegotiateCallbackHandler.java
...et/www/protocol/http/spnego/NegotiateCallbackHandler.java
+17
-13
src/share/classes/sun/security/jgss/GSSUtil.java
src/share/classes/sun/security/jgss/GSSUtil.java
+10
-17
src/share/classes/sun/security/jgss/LoginConfigImpl.java
src/share/classes/sun/security/jgss/LoginConfigImpl.java
+17
-2
src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java
...es/sun/security/provider/certpath/ldap/LDAPCertStore.java
+54
-4
src/share/lib/security/java.security-aix
src/share/lib/security/java.security-aix
+1
-3
src/share/lib/security/java.security-linux
src/share/lib/security/java.security-linux
+1
-3
src/share/lib/security/java.security-macosx
src/share/lib/security/java.security-macosx
+1
-3
src/share/lib/security/java.security-solaris
src/share/lib/security/java.security-solaris
+1
-3
src/share/lib/security/java.security-windows
src/share/lib/security/java.security-windows
+1
-3
test/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java
...un/crypto/provider/KeyAgreement/SupportedDHParamGens.java
+2
-2
test/javax/net/ssl/templates/SSLSocketTemplate.java
test/javax/net/ssl/templates/SSLSocketTemplate.java
+844
-0
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/RSAExport.java
.../sun/net/ssl/internal/ssl/ClientHandshaker/RSAExport.java
+1
-0
未找到文件。
src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java
浏览文件 @
13422679
...
...
@@ -133,6 +133,9 @@ public final class DHParameterGenerator extends AlgorithmParameterGeneratorSpi {
@Override
protected
AlgorithmParameters
engineGenerateParameters
()
{
if
(
this
.
exponentSize
==
0
)
{
this
.
exponentSize
=
this
.
primeSize
-
1
;
}
if
(
random
==
null
)
{
random
=
SunJCE
.
getRandom
();
}
...
...
src/share/classes/sun/net/www/protocol/http/spnego/NegotiateCallbackHandler.java
浏览文件 @
13422679
/*
* Copyright (c) 2005, 201
0
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 201
7
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -35,6 +35,7 @@ import javax.security.auth.callback.NameCallback;
import
javax.security.auth.callback.PasswordCallback
;
import
javax.security.auth.callback.UnsupportedCallbackException
;
import
sun.net.www.protocol.http.HttpCallerInfo
;
import
sun.security.jgss.LoginConfigImpl
;
/**
* @since 1.6
...
...
@@ -61,18 +62,21 @@ public class NegotiateCallbackHandler implements CallbackHandler {
private
void
getAnswer
()
{
if
(!
answered
)
{
answered
=
true
;
PasswordAuthentication
passAuth
=
Authenticator
.
requestPasswordAuthentication
(
hci
.
host
,
hci
.
addr
,
hci
.
port
,
hci
.
protocol
,
hci
.
prompt
,
hci
.
scheme
,
hci
.
url
,
hci
.
authType
);
/**
* To be compatible with existing callback handler implementations,
* when the underlying Authenticator is canceled, username and
* password are assigned null. No exception is thrown.
*/
if
(
passAuth
!=
null
)
{
username
=
passAuth
.
getUserName
();
password
=
passAuth
.
getPassword
();
if
(
LoginConfigImpl
.
HTTP_USE_GLOBAL_CREDS
)
{
PasswordAuthentication
passAuth
=
Authenticator
.
requestPasswordAuthentication
(
hci
.
host
,
hci
.
addr
,
hci
.
port
,
hci
.
protocol
,
hci
.
prompt
,
hci
.
scheme
,
hci
.
url
,
hci
.
authType
);
/**
* To be compatible with existing callback handler implementations,
* when the underlying Authenticator is canceled, username and
* password are assigned null. No exception is thrown.
*/
if
(
passAuth
!=
null
)
{
username
=
passAuth
.
getUserName
();
password
=
passAuth
.
getPassword
();
}
}
}
}
...
...
src/share/classes/sun/security/jgss/GSSUtil.java
浏览文件 @
13422679
/*
* Copyright (c) 2000, 201
1
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 201
7
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -270,24 +270,17 @@ public class GSSUtil {
*/
public
static
boolean
useSubjectCredsOnly
(
GSSCaller
caller
)
{
// HTTP/SPNEGO doesn't use the standard JAAS framework. Instead, it
// uses the java.net.Authenticator style, therefore always return
// false here.
String
propValue
=
GetPropertyAction
.
privilegedGetProperty
(
"javax.security.auth.useSubjectCredsOnly"
);
// Invalid values should be ignored and the default assumed.
if
(
caller
instanceof
HttpCaller
)
{
return
false
;
// Default for HTTP/SPNEGO is false.
return
"true"
.
equalsIgnoreCase
(
propValue
);
}
else
{
// Default for JGSS is true.
return
!(
"false"
.
equalsIgnoreCase
(
propValue
));
}
/*
* Don't use GetBooleanAction because the default value in the JRE
* (when this is unset) has to treated as true.
*/
String
propValue
=
AccessController
.
doPrivileged
(
new
GetPropertyAction
(
"javax.security.auth.useSubjectCredsOnly"
,
"true"
));
/*
* This property has to be explicitly set to "false". Invalid
* values should be ignored and the default "true" assumed.
*/
return
(!
propValue
.
equalsIgnoreCase
(
"false"
));
}
/**
...
...
src/share/classes/sun/security/jgss/LoginConfigImpl.java
浏览文件 @
13422679
/*
* Copyright (c) 2005, 201
3
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 201
7
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -29,6 +29,7 @@ import java.util.HashMap;
import
javax.security.auth.login.AppConfigurationEntry
;
import
javax.security.auth.login.Configuration
;
import
org.ietf.jgss.Oid
;
import
sun.security.action.GetPropertyAction
;
/**
* A Configuration implementation especially designed for JGSS.
...
...
@@ -44,6 +45,16 @@ public class LoginConfigImpl extends Configuration {
private
static
final
sun
.
security
.
util
.
Debug
debug
=
sun
.
security
.
util
.
Debug
.
getInstance
(
"gssloginconfig"
,
"\t[GSS LoginConfigImpl]"
);
public
static
final
boolean
HTTP_USE_GLOBAL_CREDS
;
static
{
String
prop
=
GetPropertyAction
.
privilegedGetProperty
(
"http.use.global.creds"
);
//HTTP_USE_GLOBAL_CREDS = "true".equalsIgnoreCase(prop); // default false
HTTP_USE_GLOBAL_CREDS
=
!
"false"
.
equalsIgnoreCase
(
prop
);
// default true
}
/**
* A new instance of LoginConfigImpl must be created for each login request
* since it's only used by a single (caller, mech) pair
...
...
@@ -178,7 +189,11 @@ public class LoginConfigImpl extends Configuration {
options
.
put
(
"principal"
,
"*"
);
options
.
put
(
"isInitiator"
,
"false"
);
}
else
{
options
.
put
(
"useTicketCache"
,
"true"
);
if
(
caller
instanceof
HttpCaller
&&
!
HTTP_USE_GLOBAL_CREDS
)
{
options
.
put
(
"useTicketCache"
,
"false"
);
}
else
{
options
.
put
(
"useTicketCache"
,
"true"
);
}
options
.
put
(
"doNotPrompt"
,
"false"
);
}
return
new
AppConfigurationEntry
[]
{
...
...
src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java
浏览文件 @
13422679
...
...
@@ -31,6 +31,8 @@ import java.math.BigInteger;
import
java.net.URI
;
import
java.util.*
;
import
javax.naming.Context
;
import
javax.naming.CompositeName
;
import
javax.naming.InvalidNameException
;
import
javax.naming.NamingEnumeration
;
import
javax.naming.NamingException
;
import
javax.naming.NameNotFoundException
;
...
...
@@ -43,8 +45,10 @@ import javax.naming.directory.InitialDirContext;
import
java.security.*
;
import
java.security.cert.Certificate
;
import
java.security.cert.*
;
import
javax.naming.ldap.LdapContext
;
import
javax.security.auth.x500.X500Principal
;
import
com.sun.jndi.ldap.LdapReferralException
;
import
sun.misc.HexDumpEncoder
;
import
sun.security.provider.certpath.X509CertificatePair
;
import
sun.security.util.Cache
;
...
...
@@ -271,7 +275,7 @@ public final class LDAPCertStore extends CertStoreSpi {
*/
Hashtable
<?,?>
currentEnv
=
ctx
.
getEnvironment
();
if
(
currentEnv
.
get
(
Context
.
REFERRAL
)
==
null
)
{
ctx
.
addToEnvironment
(
Context
.
REFERRAL
,
"
follow-scheme
"
);
ctx
.
addToEnvironment
(
Context
.
REFERRAL
,
"
throw
"
);
}
}
catch
(
NamingException
e
)
{
if
(
debug
!=
null
)
{
...
...
@@ -308,11 +312,25 @@ public final class LDAPCertStore extends CertStoreSpi {
private
Map
<
String
,
byte
[][]>
valueMap
;
private
final
List
<
String
>
requestedAttributes
;
LDAPRequest
(
String
name
)
{
this
.
name
=
name
;
LDAPRequest
(
String
name
)
throws
CertStoreException
{
this
.
name
=
checkName
(
name
)
;
requestedAttributes
=
new
ArrayList
<>(
5
);
}
private
String
checkName
(
String
name
)
throws
CertStoreException
{
if
(
name
==
null
)
{
throw
new
CertStoreException
(
"Name absent"
);
}
try
{
if
(
new
CompositeName
(
name
).
size
()
>
1
)
{
throw
new
CertStoreException
(
"Invalid name: "
+
name
);
}
}
catch
(
InvalidNameException
ine
)
{
throw
new
CertStoreException
(
"Invalid name: "
+
name
,
ine
);
}
return
name
;
}
String
getName
()
{
return
name
;
}
...
...
@@ -327,7 +345,6 @@ public final class LDAPCertStore extends CertStoreSpi {
/**
* Gets one or more binary values from an attribute.
*
* @param name the location holding the attribute
* @param attrId the attribute identifier
* @return an array of binary values (byte arrays)
* @throws NamingException if a naming exception occurs
...
...
@@ -379,6 +396,39 @@ public final class LDAPCertStore extends CertStoreSpi {
Attributes
attrs
;
try
{
attrs
=
ctx
.
getAttributes
(
name
,
attrIds
);
}
catch
(
LdapReferralException
lre
)
{
// LdapCtx has a hopCount field to avoid infinite loop
while
(
true
)
{
try
{
String
newName
=
(
String
)
lre
.
getReferralInfo
();
URI
newUri
=
new
URI
(
newName
);
if
(!
newUri
.
getScheme
().
equalsIgnoreCase
(
"ldap"
))
{
throw
new
IllegalArgumentException
(
"Not LDAP"
);
}
String
newDn
=
newUri
.
getPath
();
if
(
newDn
!=
null
&&
newDn
.
charAt
(
0
)
==
'/'
)
{
newDn
=
newDn
.
substring
(
1
);
}
checkName
(
newDn
);
}
catch
(
Exception
e
)
{
throw
new
NamingException
(
"Cannot follow referral to "
+
lre
.
getReferralInfo
());
}
LdapContext
refCtx
=
(
LdapContext
)
lre
.
getReferralContext
();
// repeat the original operation at the new context
try
{
attrs
=
refCtx
.
getAttributes
(
name
,
attrIds
);
break
;
}
catch
(
LdapReferralException
re
)
{
lre
=
re
;
continue
;
}
finally
{
// Make sure we close referral context
refCtx
.
close
();
}
}
}
catch
(
NameNotFoundException
e
)
{
// name does not exist on this LDAP server
// treat same as not attributes found
...
...
src/share/lib/security/java.security-aix
浏览文件 @
13422679
...
...
@@ -620,7 +620,7 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224
EC keySize < 224
, DES40_CBC, RC4_40
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
...
...
@@ -674,8 +674,6 @@ jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
#
jdk.tls.legacyAlgorithms= \
K_NULL, C_NULL, M_NULL, \
DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
DH_RSA_EXPORT, RSA_EXPORT, \
DH_anon, ECDH_anon, \
RC4_128, RC4_40, DES_CBC, DES40_CBC, \
3DES_EDE_CBC
...
...
src/share/lib/security/java.security-linux
浏览文件 @
13422679
...
...
@@ -620,7 +620,7 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224
EC keySize < 224
, DES40_CBC, RC4_40
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
...
...
@@ -674,8 +674,6 @@ jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
#
jdk.tls.legacyAlgorithms= \
K_NULL, C_NULL, M_NULL, \
DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
DH_RSA_EXPORT, RSA_EXPORT, \
DH_anon, ECDH_anon, \
RC4_128, RC4_40, DES_CBC, DES40_CBC, \
3DES_EDE_CBC
...
...
src/share/lib/security/java.security-macosx
浏览文件 @
13422679
...
...
@@ -623,7 +623,7 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224
EC keySize < 224
, DES40_CBC, RC4_40
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
...
...
@@ -677,8 +677,6 @@ jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
#
jdk.tls.legacyAlgorithms= \
K_NULL, C_NULL, M_NULL, \
DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
DH_RSA_EXPORT, RSA_EXPORT, \
DH_anon, ECDH_anon, \
RC4_128, RC4_40, DES_CBC, DES40_CBC, \
3DES_EDE_CBC
...
...
src/share/lib/security/java.security-solaris
浏览文件 @
13422679
...
...
@@ -622,7 +622,7 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224
EC keySize < 224
, DES40_CBC, RC4_40
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
...
...
@@ -676,8 +676,6 @@ jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
#
jdk.tls.legacyAlgorithms= \
K_NULL, C_NULL, M_NULL, \
DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
DH_RSA_EXPORT, RSA_EXPORT, \
DH_anon, ECDH_anon, \
RC4_128, RC4_40, DES_CBC, DES40_CBC, \
3DES_EDE_CBC
...
...
src/share/lib/security/java.security-windows
浏览文件 @
13422679
...
...
@@ -623,7 +623,7 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224
EC keySize < 224
, DES40_CBC, RC4_40
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
...
...
@@ -677,8 +677,6 @@ jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
#
jdk.tls.legacyAlgorithms= \
K_NULL, C_NULL, M_NULL, \
DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
DH_RSA_EXPORT, RSA_EXPORT, \
DH_anon, ECDH_anon, \
RC4_128, RC4_40, DES_CBC, DES40_CBC, \
3DES_EDE_CBC
...
...
test/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java
浏览文件 @
13422679
...
...
@@ -29,8 +29,8 @@
* @run main/timeout=300 SupportedDHParamGens 768
* @run main/timeout=300 SupportedDHParamGens 832
* @run main/timeout=300 SupportedDHParamGens 1024
* @run main/timeout=
3
00 SupportedDHParamGens 2048
* @run main/timeout=
45
0 SupportedDHParamGens 3072
* @run main/timeout=
6
00 SupportedDHParamGens 2048
* @run main/timeout=
70
0 SupportedDHParamGens 3072
*/
import
java.math.BigInteger
;
...
...
test/javax/net/ssl/templates/SSLSocketTemplate.java
0 → 100644
浏览文件 @
13422679
此差异已折叠。
点击以展开。
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/RSAExport.java
浏览文件 @
13422679
...
...
@@ -419,6 +419,7 @@ public class RSAExport {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security
.
setProperty
(
"jdk.certpath.disabledAlgorithms"
,
"MD2"
);
Security
.
setProperty
(
"jdk.tls.disabledAlgorithms"
,
"MD2"
);
if
(
debug
)
System
.
setProperty
(
"javax.net.debug"
,
"all"
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录