Merge

src/share/classes/java/net/Inet6Address.java

@@ -25,12 +25,9 @@
 
 package java.net;
 
-import java.security.AccessController;
 import java.io.ObjectInputStream;
 import java.io.IOException;
-import java.io.ObjectStreamException;
 import java.io.InvalidObjectException;
-import sun.security.action.*;
 import java.util.Enumeration;
 
 /**
@@ -358,13 +355,13 @@ class Inet6Address extends InetAddress {
     }
 
     private int deriveNumericScope (NetworkInterface ifc) throws UnknownHostException {
-        Enumeration addresses = ifc.getInetAddresses();
+        Enumeration<InetAddress> addresses = ifc.getInetAddresses();
         while (addresses.hasMoreElements()) {
-            InetAddress address = (InetAddress)addresses.nextElement();
-            if (!(address instanceof Inet6Address)) {
+            InetAddress addr = addresses.nextElement();
+            if (!(addr instanceof Inet6Address)) {
                 continue;
             }
-            Inet6Address ia6_addr = (Inet6Address)address;
+            Inet6Address ia6_addr = (Inet6Address)addr;
             /* check if site or link local prefixes match */
             if (!differentLocalAddressTypes(ia6_addr)){
                 /* type not the same, so carry on searching */
@@ -377,22 +374,22 @@ class Inet6Address extends InetAddress {
     }
 
     private int deriveNumericScope (String ifname) throws UnknownHostException {
-        Enumeration en;
+        Enumeration<NetworkInterface> en;
         try {
             en = NetworkInterface.getNetworkInterfaces();
         } catch (SocketException e) {
             throw new UnknownHostException ("could not enumerate local network interfaces");
         }
         while (en.hasMoreElements()) {
-            NetworkInterface ifc = (NetworkInterface)en.nextElement();
+            NetworkInterface ifc = en.nextElement();
             if (ifc.getName().equals (ifname)) {
                 Enumeration addresses = ifc.getInetAddresses();
                 while (addresses.hasMoreElements()) {
-                    InetAddress address = (InetAddress)addresses.nextElement();
-                    if (!(address instanceof Inet6Address)) {
+                    InetAddress addr = (InetAddress)addresses.nextElement();
+                    if (!(addr instanceof Inet6Address)) {
                         continue;
                     }
-                    Inet6Address ia6_addr = (Inet6Address)address;
+                    Inet6Address ia6_addr = (Inet6Address)addr;
                     /* check if site or link local prefixes match */
                     if (!differentLocalAddressTypes(ia6_addr)){
                         /* type not the same, so carry on searching */
@@ -420,21 +417,22 @@ class Inet6Address extends InetAddress {
         if (ifname != null && !"".equals (ifname)) {
             try {
                 scope_ifname = NetworkInterface.getByName(ifname);
-                try {
-                    scope_id = deriveNumericScope (scope_ifname);
-                } catch (UnknownHostException e) {
-                    // should not happen
-                    assert false;
+                if (scope_ifname == null) {
+                    /* the interface does not exist on this system, so we clear
+                     * the scope information completely */
+                    scope_id_set = false;
+                    scope_ifname_set = false;
+                    scope_id = 0;
+                } else {
+                    try {
+                        scope_id = deriveNumericScope (scope_ifname);
+                    } catch (UnknownHostException e) {
+                        // should not happen
+                        assert false;
+                    }
                 }
             } catch (SocketException e) {}
 
-            if (scope_ifname == null) {
-                /* the interface does not exist on this system, so we clear
-                 * the scope information completely */
-                scope_id_set = false;
-                scope_ifname_set = false;
-                scope_id = 0;
-            }
         }
         /* if ifname was not supplied, then the numeric info is used */
 
@@ -460,6 +458,7 @@ class Inet6Address extends InetAddress {
      * an IP multicast address
      * @since JDK1.1
      */
+    @Override
     public boolean isMulticastAddress() {
         return ((ipaddress[0] & 0xff) == 0xff);
     }
@@ -470,6 +469,7 @@ class Inet6Address extends InetAddress {
      *         a wildcard address.
      * @since 1.4
      */
+    @Override
     public boolean isAnyLocalAddress() {
         byte test = 0x00;
         for (int i = 0; i < INADDRSZ; i++) {
@@ -485,6 +485,7 @@ class Inet6Address extends InetAddress {
      * a loopback address; or false otherwise.
      * @since 1.4
      */
+    @Override
     public boolean isLoopbackAddress() {
         byte test = 0x00;
         for (int i = 0; i < 15; i++) {
@@ -500,6 +501,7 @@ class Inet6Address extends InetAddress {
      * a link local address; or false if address is not a link local unicast address.
      * @since 1.4
      */
+    @Override
     public boolean isLinkLocalAddress() {
         return ((ipaddress[0] & 0xff) == 0xfe
                 && (ipaddress[1] & 0xc0) == 0x80);
@@ -512,6 +514,7 @@ class Inet6Address extends InetAddress {
      * a site local address; or false if address is not a site local unicast address.
      * @since 1.4
      */
+    @Override
     public boolean isSiteLocalAddress() {
         return ((ipaddress[0] & 0xff) == 0xfe
                 && (ipaddress[1] & 0xc0) == 0xc0);
@@ -525,6 +528,7 @@ class Inet6Address extends InetAddress {
      *         of global scope or it is not a multicast address
      * @since 1.4
      */
+    @Override
     public boolean isMCGlobal() {
         return ((ipaddress[0] & 0xff) == 0xff
                 && (ipaddress[1] & 0x0f) == 0x0e);
@@ -538,6 +542,7 @@ class Inet6Address extends InetAddress {
      *         of node-local scope or it is not a multicast address
      * @since 1.4
      */
+    @Override
     public boolean isMCNodeLocal() {
         return ((ipaddress[0] & 0xff) == 0xff
                 && (ipaddress[1] & 0x0f) == 0x01);
@@ -551,6 +556,7 @@ class Inet6Address extends InetAddress {
      *         of link-local scope or it is not a multicast address
      * @since 1.4
      */
+    @Override
     public boolean isMCLinkLocal() {
         return ((ipaddress[0] & 0xff) == 0xff
                 && (ipaddress[1] & 0x0f) == 0x02);
@@ -564,6 +570,7 @@ class Inet6Address extends InetAddress {
      *         of site-local scope or it is not a multicast address
      * @since 1.4
      */
+    @Override
     public boolean isMCSiteLocal() {
         return ((ipaddress[0] & 0xff) == 0xff
                 && (ipaddress[1] & 0x0f) == 0x05);
@@ -578,6 +585,7 @@ class Inet6Address extends InetAddress {
      *         or it is not a multicast address
      * @since 1.4
      */
+    @Override
     public boolean isMCOrgLocal() {
         return ((ipaddress[0] & 0xff) == 0xff
                 && (ipaddress[1] & 0x0f) == 0x08);
@@ -590,6 +598,7 @@ class Inet6Address extends InetAddress {
      *
      * @return  the raw IP address of this object.
      */
+    @Override
     public byte[] getAddress() {
         return ipaddress.clone();
     }
@@ -624,6 +633,7 @@ class Inet6Address extends InetAddress {
      *
      * @return  the raw IP address in a string format.
      */
+    @Override
     public String getHostAddress() {
         String s = numericToTextFormat(ipaddress);
         if (scope_ifname_set) { /* must check this first */
@@ -639,6 +649,7 @@ class Inet6Address extends InetAddress {
      *
      * @return  a hash code value for this IP address.
      */
+    @Override
     public int hashCode() {
         if (ipaddress != null) {
 
@@ -677,6 +688,7 @@ class Inet6Address extends InetAddress {
      *          <code>false</code> otherwise.
      * @see     java.net.InetAddress#getAddress()
      */
+    @Override
     public boolean equals(Object obj) {
         if (obj == null ||
             !(obj instanceof Inet6Address))

src/share/classes/sun/net/ftp/FtpClient.java

@@ -352,6 +352,9 @@ public class FtpClient extends TransferProtocolClient {
                 s = new Socket(Proxy.NO_PROXY);
         } else
             s = new Socket();
+        // Bind the socket to the same address as the control channel. This
+        // is needed in case of multi-homed systems.
+        s.bind(new InetSocketAddress(serverSocket.getLocalAddress(),0));
         if (connectTimeout >= 0) {
             s.connect(dest, connectTimeout);
         } else {
@@ -417,8 +420,10 @@ public class FtpClient extends TransferProtocolClient {
             // since we can't accept a connection through SOCKS (yet)
             // throw an exception
             throw new FtpProtocolException("Passive mode failed");
-        } else
-            portSocket = new ServerSocket(0, 1);
+        }
+        // Bind the ServerSocket to the same address as the control channel
+        // This is needed for multi-homed systems
+        portSocket = new ServerSocket(0, 1, serverSocket.getLocalAddress());
         try {
             myAddress = portSocket.getInetAddress();
             if (myAddress.isAnyLocalAddress())

src/share/classes/sun/net/httpserver/ServerImpl.java

@@ -120,14 +120,8 @@ class ServerImpl implements TimeSource {
         if (executor == null) {
             executor = new DefaultExecutor();
         }
+        Thread t = new Thread (dispatcher);
         started = true;
-        final Dispatcher d = dispatcher;
-        Thread t = AccessController.doPrivileged(new PrivilegedAction<Thread>() {
-            public Thread run() {
-                Thread t = new Thread (d);
-                return t;
-            }
-        });
         t.start();
     }
 
@@ -355,10 +349,8 @@ class ServerImpl implements TimeSource {
                             }
                         }
                     }
-                } catch (CancelledKeyException  e) {
+                } catch (Exception e) {
                     logger.log (Level.FINER, "Dispatcher (3)", e);
-                } catch (IOException e) {
-                    logger.log (Level.FINER, "Dispatcher (4)", e);
                 }
             }
         }
@@ -370,10 +362,10 @@ class ServerImpl implements TimeSource {
                 Exchange t = new Exchange (chan, protocol, conn);
                 executor.execute (t);
             } catch (HttpError e1) {
-                logger.log (Level.FINER, "Dispatcher (5)", e1);
+                logger.log (Level.FINER, "Dispatcher (4)", e1);
                 conn.close();
             } catch (IOException e) {
-                logger.log (Level.FINER, "Dispatcher (6)", e);
+                logger.log (Level.FINER, "Dispatcher (5)", e);
                 conn.close();
             }
         }

src/share/classes/sun/security/tools/KeyTool.java

 /*
- * Copyright 1997-2006 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2008 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,35 +26,23 @@
 package sun.security.tools;
 
 import java.io.*;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.InvalidParameterException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
 import java.security.Key;
 import java.security.PublicKey;
 import java.security.PrivateKey;
 import java.security.Security;
 import java.security.Signature;
-import java.security.SignatureException;
 import java.security.UnrecoverableEntryException;
 import java.security.UnrecoverableKeyException;
 import java.security.Principal;
 import java.security.Provider;
 import java.security.Identity;
-import java.security.Signer;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.security.cert.CertificateException;
-import java.security.interfaces.DSAParams;
-import java.security.interfaces.DSAPrivateKey;
-import java.security.interfaces.DSAPublicKey;
-import java.security.interfaces.RSAPrivateCrtKey;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
 import java.text.Collator;
 import java.text.MessageFormat;
 import java.util.*;
@@ -62,7 +50,6 @@ import java.lang.reflect.Constructor;
 import java.net.URL;
 import java.net.URLClassLoader;
 
-import sun.misc.BASE64Decoder;
 import sun.misc.BASE64Encoder;
 import sun.security.util.ObjectIdentifier;
 import sun.security.pkcs.PKCS10;
@@ -72,11 +59,16 @@ import sun.security.provider.SystemIdentity;
 import sun.security.provider.X509Factory;
 import sun.security.util.DerOutputStream;
 import sun.security.util.Password;
-import sun.security.util.Resources;
 import sun.security.util.PathList;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
 import sun.security.x509.*;
 
 import static java.security.KeyStore.*;
@@ -132,6 +124,7 @@ public final class KeyTool {
     private String ksfname = null;
     private File ksfile = null;
     private InputStream ksStream = null; // keystore stream
+    private String sslserver = null;
     private KeyStore keyStore = null;
     private boolean token = false;
     private boolean nullStream = false;
@@ -347,6 +340,9 @@ public final class KeyTool {
             } else if (collator.compare(flags, "-file") == 0) {
                 if (++i == args.length) errorNeedArgument(flags);
                 filename = args[i];
+            } else if (collator.compare(flags, "-sslserver") == 0) {
+                if (++i == args.length) errorNeedArgument(flags);
+                sslserver = args[i];
             } else if (collator.compare(flags, "-srckeystore") == 0) {
                 if (++i == args.length) errorNeedArgument(flags);
                 srcksfname = args[i];
@@ -924,17 +920,7 @@ public final class KeyTool {
                 doPrintEntries(out);
             }
         } else if (command == PRINTCERT) {
-            InputStream inStream = System.in;
-            if (filename != null) {
-                inStream = new FileInputStream(filename);
-            }
-            try {
-                doPrintCert(inStream, out);
-            } finally {
-                if (inStream != System.in) {
-                    inStream.close();
-                }
-            }
+            doPrintCert(out);
         } else if (command == SELFCERT) {
             doSelfCert(alias, dname, sigAlgName);
             kssave = true;
@@ -1744,7 +1730,7 @@ public final class KeyTool {
      * Reads a certificate (or certificate chain) and prints its contents in
      * a human readbable format.
      */
-    private void doPrintCert(InputStream in, PrintStream out)
+    private void printCertFromStream(InputStream in, PrintStream out)
         throws Exception
     {
         Collection<? extends Certificate> c = null;
@@ -1770,13 +1756,98 @@ public final class KeyTool {
                 Object[] source = {new Integer(i + 1)};
                 out.println(form.format(source));
             }
-            printX509Cert(x509Cert, out);
+            if (rfc) dumpCert(x509Cert, out);
+            else printX509Cert(x509Cert, out);
             if (i < (certs.length-1)) {
                 out.println();
             }
         }
     }
 
+    private void doPrintCert(final PrintStream out) throws Exception {
+        if (sslserver != null) {
+            SSLContext sc = SSLContext.getInstance("SSL");
+            final boolean[] certPrinted = new boolean[1];
+            sc.init(null, new TrustManager[] {
+                new X509TrustManager() {
+
+                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+                        return null;
+                    }
+
+                    public void checkClientTrusted(
+                        java.security.cert.X509Certificate[] certs, String authType) {
+                    }
+
+                    public void checkServerTrusted(
+                            java.security.cert.X509Certificate[] certs, String authType) {
+                        for (int i=0; i<certs.length; i++) {
+                            X509Certificate cert = certs[i];
+                            try {
+                                if (rfc) {
+                                    dumpCert(cert, out);
+                                } else {
+                                    out.println("Certificate #" + i);
+                                    out.println("====================================");
+                                    printX509Cert(cert, out);
+                                    out.println();
+                                }
+                            } catch (Exception e) {
+                                if (debug) {
+                                    e.printStackTrace();
+                                }
+                            }
+                        }
+
+                        // Set to true where there's something to print
+                        if (certs.length > 0) {
+                            certPrinted[0] = true;
+                        }
+                    }
+                }
+            }, null);
+            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+            HttpsURLConnection.setDefaultHostnameVerifier(
+                    new HostnameVerifier() {
+                        public boolean verify(String hostname, SSLSession session) {
+                            return true;
+                        }
+                    });
+            // HTTPS instead of raw SSL, so that -Dhttps.proxyHost and
+            // -Dhttps.proxyPort can be used. Since we only go through
+            // the handshake process, an HTTPS server is not needed.
+            // This program should be able to deal with any SSL-based
+            // network service.
+            Exception ex = null;
+            try {
+                new URL("https://" + sslserver).openConnection().connect();
+            } catch (Exception e) {
+                ex = e;
+            }
+            // If the certs are not printed out, we consider it an error even
+            // if the URL connection is successful.
+            if (!certPrinted[0]) {
+                Exception e = new Exception(
+                        rb.getString("No certificate from the SSL server"));
+                if (ex != null) {
+                    e.initCause(ex);
+                }
+                throw e;
+            }
+        } else {
+            InputStream inStream = System.in;
+            if (filename != null) {
+                inStream = new FileInputStream(filename);
+            }
+            try {
+                printCertFromStream(inStream, out);
+            } finally {
+                if (inStream != System.in) {
+                    inStream.close();
+                }
+            }
+        }
+    }
     /**
      * Creates a self-signed certificate, and stores it as a single-element
      * certificate chain.
@@ -3127,7 +3198,7 @@ public final class KeyTool {
         System.err.println();
 
         System.err.println(rb.getString
-                ("-printcert   [-v] [-file <cert_file>]"));
+                ("-printcert   [-v] [-rfc] [-file <cert_file> | -sslserver <host[:port]>]"));
         System.err.println();
 
         System.err.println(rb.getString

src/share/classes/sun/security/util/Resources.java

 /*
- * Copyright 2000-2005 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2000-2008 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -386,8 +386,10 @@ public class Resources extends java.util.ListResourceBundle {
         {"\t     [-alias <alias>]", "\t     [-alias <alias>]"},
         /** rest is same as -certreq starting from -keystore **/
 
-        {"-printcert   [-v] [-file <cert_file>]",
-                "-printcert   [-v] [-file <cert_file>]"},
+        {"-printcert   [-v] [-rfc] [-file <cert_file> | -sslserver <host[:port]>]",
+                "-printcert   [-v] [-rfc] [-file <cert_file> | -sslserver <host[:port]>]"},
+        {"No certificate from the SSL server",
+                "No certificate from the SSL server"},
 
         //{"-selfcert    [-v] [-protected]",
         //      "-selfcert    [-v] [-protected]"},

src/windows/native/java/net/NetworkInterface.h

@@ -26,6 +26,7 @@
 #ifndef NETWORK_INTERFACE_H
 #define NETWORK_INTERFACE_H
 
+#include <iphlpapi.h>
 #include "net_util.h"
 
 /*
@@ -86,6 +87,12 @@ extern jfieldID ni_ibaddressID;     /* InterfaceAddress.address */
 extern jfieldID ni_ibbroadcastID;   /* InterfaceAddress.broadcast */
 extern jfieldID ni_ibmaskID;        /* InterfaceAddress.maskLength */
 
+/* We have included iphlpapi.h which includes iptypes.h which has the definition
+ * for MAX_ADAPTER_DESCRIPTION_LENGTH (along with the other definitions in this
+ * ifndef block). Therefore if MAX_ADAPTER_DESCRIPTION_LENGTH is defined we can
+ * be sure that the other definitions are also defined */
+#ifndef MAX_ADAPTER_DESCRIPTION_LENGTH
+
 /*
  * Following includes come from iptypes.h
  */
@@ -372,6 +379,7 @@ typedef struct {
     UINT EnableProxy;
     UINT EnableDns;
 } FIXED_INFO, *PFIXED_INFO;
+#endif /*!MAX_ADAPTER_DESCRIPTION_LENGTH*/
 
 #ifndef IP_INTERFACE_NAME_INFO_DEFINED
 #define IP_INTERFACE_NAME_INFO_DEFINED

test/java/net/Inet6Address/serialize/Readme.txt

+This test uses 2 binary data files that were each created by serializing an Inet6Address instance.
+In both cases this has to do with the tricky issue of scopes in serialized addresses.
+
+serial1.4.2.ser: Was created by serializing an Inet6Address (::1) with J2SE 1.4.2 and is used to check for backward compatibility.
+
+serial-bge0.ser: Was created on a Sparc workstation because it has an uncommon interface name ('bge0') which is useful for the test.

test/java/net/Inet6Address/serialize/Serialize.java

@@ -24,7 +24,9 @@
 /**
  * @test
  * @bug 4921029
+ * @bug 6656849
  * @summary  java.net.Inet6Address fails to be serialized with IPv6 support
+ * @summary  NullPointerException thrown while de-serializing IPV6 Address.
  */
 
 import java.net.*;
@@ -76,11 +78,20 @@ public class Serialize {
 
          System.out.println(nobj);
 
-        // create an address with an unlikely numeric scope_id
-        if (!test ((Inet6Address)InetAddress.getByName ("fe80::1%99"))) {
-            throw new RuntimeException ("test failed on fe80::1%99");
-        }
+         // create an address with an unlikely numeric scope_id
+         if (!test ((Inet6Address)InetAddress.getByName ("fe80::1%99"))) {
+             throw new RuntimeException ("test failed on fe80::1%99");
+         }
 
+         // Deserialize an Inet6 address with a named interface
+         file = new File (System.getProperty("test.src"), "serial-bge0.ser");
+         ois = new ObjectInputStream(new FileInputStream(file));
+         try {
+             nobj = (Inet6Address) ois.readObject();
+         } catch (NullPointerException e) {
+             throw new RuntimeException("6656849 Not fixed: NullPointer when deserializing");
+         }
+         System.out.println(nobj);
          System.out.println("All tests passed");
      }
 
@@ -97,8 +108,5 @@ public class Serialize {
          } else {
              return false;
          }
-
-
      }
-
  }

test/sun/security/tools/keytool/PrintSSL.java

+/*
+ * Copyright 2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+// Read printssl.sh, this Java program starts an SSL server
+
+import java.net.ServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocket;
+
+public class PrintSSL {
+    public static void main(String[] args) throws Exception {
+        System.setProperty("javax.net.ssl.keyStorePassword", "passphrase");
+        System.setProperty("javax.net.ssl.keyStore",
+                System.getProperty("test.src", "./") + "/../../ssl/etc/keystore");
+        SSLServerSocketFactory sslssf =
+                (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
+        final ServerSocket server = sslssf.createServerSocket(0);
+        System.out.println(server.getLocalPort());
+        System.out.flush();
+        Thread t = new Thread() {
+            public void run() {
+                try {
+                    Thread.sleep(30000);
+                    server.close();
+                } catch (Exception e) {
+                    ;
+                }
+                throw new RuntimeException("Timeout");
+            }
+        };
+        t.setDaemon(true);
+        t.start();
+        ((SSLSocket)server.accept()).startHandshake();
+    }
+}

test/sun/security/tools/keytool/printssl.sh

+#
+# Copyright 2008 Sun Microsystems, Inc.  All Rights Reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+# CA 95054 USA or visit www.sun.com if you need additional information or
+# have any questions.
+#
+
+# @test
+# @bug 6480981
+# @summary keytool should be able to import certificates from remote SSL servers
+
+if [ "${TESTSRC}" = "" ] ; then
+  TESTSRC="."
+fi
+if [ "${TESTJAVA}" = "" ] ; then
+  echo "TESTJAVA not set.  Test cannot execute."
+  echo "FAILED!!!"
+  exit 1
+fi
+
+# set platform-dependent variables
+OS=`uname -s`
+case "$OS" in
+  SunOS | Linux )
+    FS="/"
+    ;;
+  Windows_* )
+    FS="\\"
+    ;;
+  * )
+    echo "Unrecognized operating system!"
+    exit 1;
+    ;;
+esac
+
+${TESTJAVA}${FS}bin${FS}javac -d . ${TESTSRC}${FS}PrintSSL.java || exit 10
+${TESTJAVA}${FS}bin${FS}java -Dtest.src=$TESTSRC PrintSSL | ( read PORT; ${TESTJAVA}${FS}bin${FS}keytool -printcert -sslserver localhost:$PORT )
+status=$?
+
+rm PrintSSL*.class
+
+exit $status