Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
268b1c7d
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
268b1c7d
编写于
9月 16, 2008
作者:
W
wetmore
浏览文件
操作
浏览文件
下载
差异文件
Merge
上级
df1348e1
ee972fce
变更
24
隐藏空白更改
内联
并排
Showing
24 changed file
with
688 addition
and
108 deletion
+688
-108
src/share/classes/java/net/HttpCookie.java
src/share/classes/java/net/HttpCookie.java
+33
-0
src/share/classes/java/security/cert/CertPathValidatorException.java
...lasses/java/security/cert/CertPathValidatorException.java
+123
-9
src/share/classes/java/security/cert/PKIXReason.java
src/share/classes/java/security/cert/PKIXReason.java
+77
-0
src/share/classes/sun/net/httpserver/ChunkedOutputStream.java
...share/classes/sun/net/httpserver/ChunkedOutputStream.java
+5
-2
src/share/classes/sun/security/krb5/Config.java
src/share/classes/sun/security/krb5/Config.java
+1
-1
src/share/classes/sun/security/provider/certpath/BasicChecker.java
.../classes/sun/security/provider/certpath/BasicChecker.java
+27
-17
src/share/classes/sun/security/provider/certpath/ConstraintsChecker.java
...es/sun/security/provider/certpath/ConstraintsChecker.java
+10
-6
src/share/classes/sun/security/provider/certpath/CrlRevocationChecker.java
.../sun/security/provider/certpath/CrlRevocationChecker.java
+18
-11
src/share/classes/sun/security/provider/certpath/ForwardBuilder.java
...lasses/sun/security/provider/certpath/ForwardBuilder.java
+4
-2
src/share/classes/sun/security/provider/certpath/KeyChecker.java
...re/classes/sun/security/provider/certpath/KeyChecker.java
+8
-5
src/share/classes/sun/security/provider/certpath/OCSPChecker.java
...e/classes/sun/security/provider/certpath/OCSPChecker.java
+6
-4
src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
...sun/security/provider/certpath/PKIXCertPathValidator.java
+20
-19
src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java
...curity/provider/certpath/PKIXMasterCertPathValidator.java
+9
-6
src/share/classes/sun/security/provider/certpath/PolicyChecker.java
...classes/sun/security/provider/certpath/PolicyChecker.java
+13
-8
src/share/classes/sun/security/provider/certpath/ReverseBuilder.java
...lasses/sun/security/provider/certpath/ReverseBuilder.java
+10
-5
src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java
...es/sun/security/provider/certpath/SunCertPathBuilder.java
+7
-7
test/com/sun/net/httpserver/bugs/B6744329.java
test/com/sun/net/httpserver/bugs/B6744329.java
+106
-0
test/java/net/CookieHandler/TestHttpCookie.java
test/java/net/CookieHandler/TestHttpCookie.java
+18
-1
test/java/security/cert/CertPathValidator/nameConstraintsRFC822/ValidateCertPath.java
...PathValidator/nameConstraintsRFC822/ValidateCertPath.java
+7
-3
test/java/security/cert/CertPathValidatorException/ReasonTest.java
.../security/cert/CertPathValidatorException/ReasonTest.java
+67
-0
test/java/security/cert/CertPathValidatorException/Serial.java
...java/security/cert/CertPathValidatorException/Serial.java
+113
-0
test/java/security/cert/CertPathValidatorException/cert_file
test/java/security/cert/CertPathValidatorException/cert_file
+0
-0
test/java/security/cert/CertPathValidatorException/jdk6.serial
...java/security/cert/CertPathValidatorException/jdk6.serial
+0
-0
test/java/security/cert/PolicyNode/GetPolicyQualifiers.java
test/java/security/cert/PolicyNode/GetPolicyQualifiers.java
+6
-2
未找到文件。
src/share/classes/java/net/HttpCookie.java
浏览文件 @
268b1c7d
...
...
@@ -75,6 +75,7 @@ public final class HttpCookie implements Cloneable {
private
String
path
;
// Path=VALUE ... URLs that see the cookie
private
String
portlist
;
// Port[="portlist"] ... the port cookie may be returned to
private
boolean
secure
;
// Secure ... e.g. use SSL
private
boolean
httpOnly
;
// HttpOnly ... i.e. not accessible to scripts
private
int
version
=
1
;
// Version=1 ... RFC 2965 style
//
...
...
@@ -656,6 +657,32 @@ public final class HttpCookie implements Cloneable {
version
=
v
;
}
/**
* Returns {@code true} if this cookie contains the <i>HttpOnly</i>
* attribute. This means that the cookie should not be accessible to
* scripting engines, like javascript.
*
* @return {@code true} if this cookie should be considered http only.
* @see #setHttpOnly(boolean)
*/
public
boolean
isHttpOnly
()
{
return
httpOnly
;
}
/**
* Indicates whether the cookie should be considered HTTP Only. If set to
* {@code true} it means the cookie should not be accessible to scripting
* engines like javascript.
*
* @param httpOnly if {@code true} make the cookie HTTP only, i.e.
* only visible as part of an HTTP request.
* @see #isHttpOnly()
*/
public
void
setHttpOnly
(
boolean
httpOnly
)
{
this
.
httpOnly
=
httpOnly
;
}
/**
* The utility method to check whether a host name is in a domain
...
...
@@ -877,6 +904,7 @@ public final class HttpCookie implements Cloneable {
||
name
.
equalsIgnoreCase
(
"Port"
)
// rfc2965 only
||
name
.
equalsIgnoreCase
(
"Secure"
)
||
name
.
equalsIgnoreCase
(
"Version"
)
||
name
.
equalsIgnoreCase
(
"HttpOnly"
)
||
name
.
charAt
(
0
)
==
'$'
)
{
return
true
;
...
...
@@ -996,6 +1024,11 @@ public final class HttpCookie implements Cloneable {
cookie
.
setSecure
(
true
);
}
});
assignors
.
put
(
"httponly"
,
new
CookieAttributeAssignor
(){
public
void
assign
(
HttpCookie
cookie
,
String
attrName
,
String
attrValue
)
{
cookie
.
setHttpOnly
(
true
);
}
});
assignors
.
put
(
"version"
,
new
CookieAttributeAssignor
(){
public
void
assign
(
HttpCookie
cookie
,
String
attrName
,
String
attrValue
)
{
try
{
...
...
src/share/classes/java/security/cert/CertPathValidatorException.java
浏览文件 @
268b1c7d
/*
* Copyright 2000-200
5
Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-200
8
Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -25,6 +25,9 @@
package
java.security.cert
;
import
java.io.InvalidObjectException
;
import
java.io.IOException
;
import
java.io.ObjectInputStream
;
import
java.security.GeneralSecurityException
;
/**
...
...
@@ -36,10 +39,11 @@ import java.security.GeneralSecurityException;
* if any, that caused this exception to be thrown.
* <p>
* A <code>CertPathValidatorException</code> may also include the
* certification path that was being validated when the exception was thrown
* and the index of the certificate in the certification path that caused the
* exception to be thrown. Use the {@link #getCertPath getCertPath} and
* {@link #getIndex getIndex} methods to retrieve this information.
* certification path that was being validated when the exception was thrown,
* the index of the certificate in the certification path that caused the
* exception to be thrown, and the reason that caused the failure. Use the
* {@link #getCertPath getCertPath}, {@link #getIndex getIndex}, and
* {@link #getReason getReason} methods to retrieve this information.
*
* <p>
* <b>Concurrent Access</b>
...
...
@@ -71,12 +75,17 @@ public class CertPathValidatorException extends GeneralSecurityException {
*/
private
CertPath
certPath
;
/**
* @serial the reason the validation failed
*/
private
Reason
reason
=
BasicReason
.
UNSPECIFIED
;
/**
* Creates a <code>CertPathValidatorException</code> with
* no detail message.
*/
public
CertPathValidatorException
()
{
super
(
);
this
(
null
,
null
);
}
/**
...
...
@@ -87,7 +96,7 @@ public class CertPathValidatorException extends GeneralSecurityException {
* @param msg the detail message
*/
public
CertPathValidatorException
(
String
msg
)
{
super
(
msg
);
this
(
msg
,
null
);
}
/**
...
...
@@ -104,7 +113,7 @@ public class CertPathValidatorException extends GeneralSecurityException {
* permitted, and indicates that the cause is nonexistent or unknown.)
*/
public
CertPathValidatorException
(
Throwable
cause
)
{
super
(
cause
);
this
(
null
,
cause
);
}
/**
...
...
@@ -117,7 +126,7 @@ public class CertPathValidatorException extends GeneralSecurityException {
* permitted, and indicates that the cause is nonexistent or unknown.)
*/
public
CertPathValidatorException
(
String
msg
,
Throwable
cause
)
{
super
(
msg
,
cause
);
this
(
msg
,
cause
,
null
,
-
1
);
}
/**
...
...
@@ -139,6 +148,32 @@ public class CertPathValidatorException extends GeneralSecurityException {
*/
public
CertPathValidatorException
(
String
msg
,
Throwable
cause
,
CertPath
certPath
,
int
index
)
{
this
(
msg
,
cause
,
certPath
,
index
,
BasicReason
.
UNSPECIFIED
);
}
/**
* Creates a <code>CertPathValidatorException</code> with the specified
* detail message, cause, certification path, index, and reason.
*
* @param msg the detail message (or <code>null</code> if none)
* @param cause the cause (or <code>null</code> if none)
* @param certPath the certification path that was in the process of
* being validated when the error was encountered
* @param index the index of the certificate in the certification path
* that caused the error (or -1 if not applicable). Note that
* the list of certificates in a <code>CertPath</code> is zero based.
* @param reason the reason the validation failed
* @throws IndexOutOfBoundsException if the index is out of range
* <code>(index < -1 || (certPath != null && index >=
* certPath.getCertificates().size())</code>
* @throws IllegalArgumentException if <code>certPath</code> is
* <code>null</code> and <code>index</code> is not -1
* @throws NullPointerException if <code>reason</code> is <code>null</code>
*
* @since 1.7
*/
public
CertPathValidatorException
(
String
msg
,
Throwable
cause
,
CertPath
certPath
,
int
index
,
Reason
reason
)
{
super
(
msg
,
cause
);
if
(
certPath
==
null
&&
index
!=
-
1
)
{
throw
new
IllegalArgumentException
();
...
...
@@ -147,8 +182,12 @@ public class CertPathValidatorException extends GeneralSecurityException {
(
certPath
!=
null
&&
index
>=
certPath
.
getCertificates
().
size
()))
{
throw
new
IndexOutOfBoundsException
();
}
if
(
reason
==
null
)
{
throw
new
NullPointerException
(
"reason can't be null"
);
}
this
.
certPath
=
certPath
;
this
.
index
=
index
;
this
.
reason
=
reason
;
}
/**
...
...
@@ -174,4 +213,79 @@ public class CertPathValidatorException extends GeneralSecurityException {
return
this
.
index
;
}
/**
* Returns the reason that the validation failed. The reason is
* associated with the index of the certificate returned by
* {@link getIndex}.
*
* @return the reason that the validation failed, or
* <code>BasicReason.UNSPECIFIED</code> if a reason has not been
* specified
*
* @since 1.7
*/
public
Reason
getReason
()
{
return
this
.
reason
;
}
private
void
readObject
(
ObjectInputStream
stream
)
throws
ClassNotFoundException
,
IOException
{
stream
.
defaultReadObject
();
if
(
reason
==
null
)
{
reason
=
BasicReason
.
UNSPECIFIED
;
}
if
(
certPath
==
null
&&
index
!=
-
1
)
{
throw
new
InvalidObjectException
(
"certpath is null and index != -1"
);
}
if
(
index
<
-
1
||
(
certPath
!=
null
&&
index
>=
certPath
.
getCertificates
().
size
()))
{
throw
new
InvalidObjectException
(
"index out of range"
);
}
}
/**
* The reason the validation algorithm failed.
*
* @since 1.7
*/
public
static
interface
Reason
extends
java
.
io
.
Serializable
{
}
/**
* The BasicReason enumerates the potential reasons that a certification
* path of any type may be invalid.
*
* @since 1.7
*/
public
static
enum
BasicReason
implements
Reason
{
/**
* Unspecified reason.
*/
UNSPECIFIED
,
/**
* The certificate is expired.
*/
EXPIRED
,
/**
* The certificate is not yet valid.
*/
NOT_YET_VALID
,
/**
* The certificate is revoked.
*/
REVOKED
,
/**
* The revocation status of the certificate could not be determined.
*/
UNDETERMINED_REVOCATION_STATUS
,
/**
* The signature is invalid.
*/
INVALID_SIGNATURE
}
}
src/share/classes/java/security/cert/PKIXReason.java
0 → 100644
浏览文件 @
268b1c7d
/*
* Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Sun designates this
* particular file as subject to the "Classpath" exception as provided
* by Sun in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
package
java.security.cert
;
/**
* The <code>PKIXReason</code> enumerates the potential PKIX-specific reasons
* that an X.509 certification path may be invalid according to the PKIX
* (RFC 3280) standard. These reasons are in addition to those of the
* <code>CertPathValidatorException.BasicReason</code> enumeration.
*
* @since 1.7
*/
public
enum
PKIXReason
implements
CertPathValidatorException
.
Reason
{
/**
* The certificate does not chain correctly.
*/
NAME_CHAINING
,
/**
* The certificate's key usage is invalid.
*/
INVALID_KEY_USAGE
,
/**
* The policy constraints have been violated.
*/
INVALID_POLICY
,
/**
* No acceptable trust anchor found.
*/
NO_TRUST_ANCHOR
,
/**
* The certificate contains one or more unrecognized critical
* extensions.
*/
UNRECOGNIZED_CRIT_EXT
,
/**
* The certificate is not a CA certificate.
*/
NOT_CA_CERT
,
/**
* The path length constraint has been violated.
*/
PATH_TOO_LONG
,
/**
* The name constraints have been violated.
*/
INVALID_NAME
}
src/share/classes/sun/net/httpserver/ChunkedOutputStream.java
浏览文件 @
268b1c7d
...
...
@@ -73,6 +73,7 @@ class ChunkedOutputStream extends FilterOutputStream
if
(
count
==
CHUNK_SIZE
)
{
writeChunk
();
}
assert
count
<
CHUNK_SIZE
;
}
public
void
write
(
byte
[]
b
,
int
off
,
int
len
)
throws
IOException
{
...
...
@@ -86,20 +87,22 @@ class ChunkedOutputStream extends FilterOutputStream
writeChunk
();
len
-=
remain
;
off
+=
remain
;
while
(
len
>
CHUNK_SIZE
)
{
while
(
len
>
=
CHUNK_SIZE
)
{
System
.
arraycopy
(
b
,
off
,
buf
,
OFFSET
,
CHUNK_SIZE
);
len
-=
CHUNK_SIZE
;
off
+=
CHUNK_SIZE
;
count
=
CHUNK_SIZE
;
writeChunk
();
}
pos
=
OFFSET
;
}
if
(
len
>
0
)
{
System
.
arraycopy
(
b
,
off
,
buf
,
pos
,
len
);
count
+=
len
;
pos
+=
len
;
}
if
(
count
==
CHUNK_SIZE
)
{
writeChunk
();
}
}
/**
...
...
src/share/classes/sun/security/krb5/Config.java
浏览文件 @
268b1c7d
...
...
@@ -803,7 +803,7 @@ public class Config {
for
(
int
j
=
0
;
j
<
line
.
length
();
j
++)
{
if
(
line
.
charAt
(
j
)
==
'='
)
{
int
index
;
key
=
line
.
substring
(
0
,
j
-
1
).
trim
();
key
=
line
.
substring
(
0
,
j
).
trim
();
if
(!
exists
(
key
,
keyVector
))
{
keyVector
.
addElement
(
key
);
nameVector
=
new
Vector
<
String
>
();
...
...
src/share/classes/sun/security/provider/certpath/BasicChecker.java
浏览文件 @
268b1c7d
/*
* Copyright 2000-200
7
Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-200
8
Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -29,12 +29,18 @@ import java.math.BigInteger;
import
java.util.Collection
;
import
java.util.Date
;
import
java.util.Set
;
import
java.security.GeneralSecurityException
;
import
java.security.KeyFactory
;
import
java.security.PublicKey
;
import
java.security.SignatureException
;
import
java.security.cert.Certificate
;
import
java.security.cert.CertificateExpiredException
;
import
java.security.cert.CertificateNotYetValidException
;
import
java.security.cert.CertPathValidatorException
;
import
java.security.cert.CertPathValidatorException.BasicReason
;
import
java.security.cert.X509Certificate
;
import
java.security.cert.PKIXCertPathChecker
;
import
java.security.cert.
CertPathValidatorExcepti
on
;
import
java.security.cert.
PKIXReas
on
;
import
java.security.cert.TrustAnchor
;
import
java.security.interfaces.DSAParams
;
import
java.security.interfaces.DSAPublicKey
;
...
...
@@ -152,11 +158,11 @@ class BasicChecker extends PKIXCertPathChecker {
try
{
cert
.
verify
(
prevPubKey
,
sigProvider
);
}
catch
(
Exception
e
)
{
if
(
debug
!=
null
)
{
debug
.
println
(
e
.
getMessage
());
e
.
printStackTrace
(
);
}
}
catch
(
Signature
Exception
e
)
{
throw
new
CertPathValidatorException
(
msg
+
" check failed"
,
e
,
null
,
-
1
,
BasicReason
.
INVALID_SIGNATURE
);
}
catch
(
GeneralSecurityException
e
)
{
throw
new
CertPathValidatorException
(
msg
+
" check failed"
,
e
);
}
...
...
@@ -176,12 +182,12 @@ class BasicChecker extends PKIXCertPathChecker {
try
{
cert
.
checkValidity
(
date
);
}
catch
(
Exception
e
)
{
if
(
debug
!=
null
)
{
debug
.
println
(
e
.
getMessage
()
);
e
.
printStackTrace
();
}
throw
new
CertPathValidatorException
(
msg
+
" check failed"
,
e
);
}
catch
(
CertificateExpired
Exception
e
)
{
throw
new
CertPathValidatorException
(
msg
+
" check failed"
,
e
,
null
,
-
1
,
BasicReason
.
EXPIRED
);
}
catch
(
CertificateNotYetValidException
e
)
{
throw
new
CertPathValidatorException
(
msg
+
" check failed"
,
e
,
null
,
-
1
,
BasicReason
.
NOT_YET_VALID
);
}
if
(
debug
!=
null
)
...
...
@@ -204,12 +210,16 @@ class BasicChecker extends PKIXCertPathChecker {
// reject null or empty issuer DNs
if
(
X500Name
.
asX500Name
(
currIssuer
).
isEmpty
())
{
throw
new
CertPathValidatorException
(
msg
+
" check failed: "
+
"empty/null issuer DN in certificate is invalid"
);
throw
new
CertPathValidatorException
(
msg
+
" check failed: "
+
"empty/null issuer DN in certificate is invalid"
,
null
,
null
,
-
1
,
PKIXReason
.
NAME_CHAINING
);
}
if
(!(
currIssuer
.
equals
(
prevSubject
)))
{
throw
new
CertPathValidatorException
(
msg
+
" check failed"
);
throw
new
CertPathValidatorException
(
msg
+
" check failed"
,
null
,
null
,
-
1
,
PKIXReason
.
NAME_CHAINING
);
}
if
(
debug
!=
null
)
...
...
@@ -270,7 +280,7 @@ class BasicChecker extends PKIXCertPathChecker {
params
.
getQ
(),
params
.
getG
());
usableKey
=
kf
.
generatePublic
(
ks
);
}
catch
(
Exception
e
)
{
}
catch
(
GeneralSecurity
Exception
e
)
{
throw
new
CertPathValidatorException
(
"Unable to generate key with"
+
" inherited parameters: "
+
e
.
getMessage
(),
e
);
...
...
src/share/classes/sun/security/provider/certpath/ConstraintsChecker.java
浏览文件 @
268b1c7d
/*
* Copyright 2000-200
6
Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-200
8
Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -32,9 +32,10 @@ import java.util.HashSet;
import
java.io.IOException
;
import
java.security.cert.Certificate
;
import
java.security.cert.CertificateException
;
import
java.security.cert.CertPathValidatorException
;
import
java.security.cert.X509Certificate
;
import
java.security.cert.PKIXCertPathChecker
;
import
java.security.cert.
CertPathValidatorExcepti
on
;
import
java.security.cert.
PKIXReas
on
;
import
sun.security.util.Debug
;
import
sun.security.x509.PKIXExtensions
;
import
sun.security.x509.NameConstraintsExtension
;
...
...
@@ -147,7 +148,8 @@ class ConstraintsChecker extends PKIXCertPathChecker {
try
{
if
(!
prevNC
.
verify
(
currCert
))
{
throw
new
CertPathValidatorException
(
msg
+
" check failed"
);
throw
new
CertPathValidatorException
(
msg
+
" check failed"
,
null
,
null
,
-
1
,
PKIXReason
.
INVALID_NAME
);
}
}
catch
(
IOException
ioe
)
{
throw
new
CertPathValidatorException
(
ioe
);
...
...
@@ -228,8 +230,9 @@ class ConstraintsChecker extends PKIXCertPathChecker {
if
(
i
<
certPathLength
)
{
int
pathLenConstraint
=
currCert
.
getBasicConstraints
();
if
(
pathLenConstraint
==
-
1
)
{
throw
new
CertPathValidatorException
(
msg
+
" check failed: "
+
"this is not a CA certificate"
);
throw
new
CertPathValidatorException
(
msg
+
" check failed: this is not a CA certificate"
,
null
,
null
,
-
1
,
PKIXReason
.
NOT_CA_CERT
);
}
if
(!
X509CertImpl
.
isSelfIssued
(
currCert
))
{
...
...
@@ -237,7 +240,8 @@ class ConstraintsChecker extends PKIXCertPathChecker {
throw
new
CertPathValidatorException
(
msg
+
" check failed: pathLenConstraint violated - "
+
"this cert must be the last cert in the "
+
"certification path"
);
+
"certification path"
,
null
,
null
,
-
1
,
PKIXReason
.
PATH_TOO_LONG
);
}
maxPathLength
--;
}
...
...
src/share/classes/sun/security/provider/certpath/CrlRevocationChecker.java
浏览文件 @
268b1c7d
/*
* Copyright 2000-200
7
Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-200
8
Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -39,6 +39,7 @@ import java.security.InvalidAlgorithmParameterException;
import
java.security.NoSuchAlgorithmException
;
import
java.security.PublicKey
;
import
java.security.cert.*
;
import
java.security.cert.CertPathValidatorException.BasicReason
;
import
java.security.interfaces.DSAPublicKey
;
import
javax.security.auth.x500.X500Principal
;
import
sun.security.util.Debug
;
...
...
@@ -268,7 +269,8 @@ class CrlRevocationChecker extends PKIXCertPathChecker {
" circular dependency"
);
}
throw
new
CertPathValidatorException
(
"Could not determine revocation status"
);
(
"Could not determine revocation status"
,
null
,
null
,
-
1
,
BasicReason
.
UNDETERMINED_REVOCATION_STATUS
);
}
// init the state for this run
...
...
@@ -324,7 +326,8 @@ class CrlRevocationChecker extends PKIXCertPathChecker {
return
;
}
else
{
throw
new
CertPathValidatorException
(
"Could not determine revocation status"
);
(
"Could not determine revocation status"
,
null
,
null
,
-
1
,
BasicReason
.
UNDETERMINED_REVOCATION_STATUS
);
}
}
...
...
@@ -370,7 +373,8 @@ class CrlRevocationChecker extends PKIXCertPathChecker {
+
unresCritExts
);
}
throw
new
CertPathValidatorException
(
"Could not determine revocation status"
);
(
"Could not determine revocation status"
,
null
,
null
,
-
1
,
BasicReason
.
UNDETERMINED_REVOCATION_STATUS
);
}
}
...
...
@@ -378,10 +382,11 @@ class CrlRevocationChecker extends PKIXCertPathChecker {
if
(
reasonCode
==
null
)
{
reasonCode
=
CRLReason
.
UNSPECIFIED
;
}
throw
new
CertPathValidatorException
(
new
CertificateRevokedException
(
entry
.
getRevocationDate
(),
reasonCode
,
crl
.
getIssuerX500Principal
(),
entry
.
getExtensions
()));
Throwable
t
=
new
CertificateRevokedException
(
entry
.
getRevocationDate
(),
reasonCode
,
crl
.
getIssuerX500Principal
(),
entry
.
getExtensions
());
throw
new
CertPathValidatorException
(
t
.
getMessage
(),
t
,
null
,
-
1
,
BasicReason
.
REVOKED
);
}
}
}
...
...
@@ -428,7 +433,8 @@ class CrlRevocationChecker extends PKIXCertPathChecker {
" circular dependency"
);
}
throw
new
CertPathValidatorException
(
"Could not determine revocation status"
);
(
"Could not determine revocation status"
,
null
,
null
,
-
1
,
BasicReason
.
UNDETERMINED_REVOCATION_STATUS
);
}
// If prevKey wasn't trusted, maybe we just didn't have the right
...
...
@@ -617,7 +623,7 @@ class CrlRevocationChecker extends PKIXCertPathChecker {
return
;
}
catch
(
CertPathValidatorException
cpve
)
{
// If it is revoked, rethrow exception
if
(
cpve
.
get
Cause
()
instanceof
CertificateRevokedException
)
{
if
(
cpve
.
get
Reason
()
==
BasicReason
.
REVOKED
)
{
throw
cpve
;
}
// Otherwise, ignore the exception and
...
...
@@ -628,7 +634,8 @@ class CrlRevocationChecker extends PKIXCertPathChecker {
throw
new
CertPathValidatorException
(
iape
);
}
catch
(
CertPathBuilderException
cpbe
)
{
throw
new
CertPathValidatorException
(
"Could not determine revocation status"
,
cpbe
);
(
"Could not determine revocation status"
,
null
,
null
,
-
1
,
BasicReason
.
UNDETERMINED_REVOCATION_STATUS
);
}
}
}
...
...
src/share/classes/sun/security/provider/certpath/ForwardBuilder.java
浏览文件 @
268b1c7d
...
...
@@ -32,6 +32,7 @@ import java.security.GeneralSecurityException;
import
java.security.InvalidKeyException
;
import
java.security.cert.CertificateException
;
import
java.security.cert.CertPathValidatorException
;
import
java.security.cert.PKIXReason
;
import
java.security.cert.CertStore
;
import
java.security.cert.CertStoreException
;
import
java.security.cert.PKIXBuilderParameters
;
...
...
@@ -732,8 +733,9 @@ class ForwardBuilder extends Builder {
PKIXExtensions
.
ExtendedKeyUsage_Id
.
toString
());
if
(!
unresCritExts
.
isEmpty
())
throw
new
CertificateException
(
"Unrecognized critical "
+
"extension(s)"
);
throw
new
CertPathValidatorException
(
"Unrecognized critical extension(s)"
,
null
,
null
,
-
1
,
PKIXReason
.
UNRECOGNIZED_CRIT_EXT
);
}
}
...
...
src/share/classes/sun/security/provider/certpath/KeyChecker.java
浏览文件 @
268b1c7d
/*
* Copyright 2000-200
3
Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-200
8
Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -27,6 +27,7 @@ package sun.security.provider.certpath;
import
java.util.*
;
import
java.security.cert.*
;
import
java.security.cert.PKIXReason
;
import
sun.security.util.Debug
;
import
sun.security.x509.PKIXExtensions
;
...
...
@@ -75,11 +76,12 @@ class KeyChecker extends PKIXCertPathChecker {
if
(!
forward
)
{
remainingCerts
=
certPathLen
;
}
else
{
throw
new
CertPathValidatorException
(
"forward checking not supported"
);
throw
new
CertPathValidatorException
(
"forward checking not supported"
);
}
}
public
boolean
isForwardCheckingSupported
()
{
public
final
boolean
isForwardCheckingSupported
()
{
return
false
;
}
...
...
@@ -155,8 +157,9 @@ class KeyChecker extends PKIXCertPathChecker {
// throw an exception if the keyCertSign bit is not set
if
(!
keyUsageBits
[
keyCertSign
])
{
throw
new
CertPathValidatorException
(
msg
+
" check failed: "
+
"keyCertSign bit is not set"
);
throw
new
CertPathValidatorException
(
msg
+
" check failed: keyCertSign bit is not set"
,
null
,
null
,
-
1
,
PKIXReason
.
INVALID_KEY_USAGE
);
}
if
(
debug
!=
null
)
{
...
...
src/share/classes/sun/security/provider/certpath/OCSPChecker.java
浏览文件 @
268b1c7d
...
...
@@ -33,6 +33,7 @@ import java.security.Principal;
import
java.security.PrivilegedAction
;
import
java.security.Security
;
import
java.security.cert.*
;
import
java.security.cert.CertPathValidatorException.BasicReason
;
import
java.net.*
;
import
javax.security.auth.x500.X500Principal
;
...
...
@@ -381,17 +382,18 @@ class OCSPChecker extends PKIXCertPathChecker {
}
if
(
certOCSPStatus
==
OCSPResponse
.
CERT_STATUS_REVOKED
)
{
throw
new
CertPathValidatorException
(
new
CertificateRevokedException
(
Throwable
t
=
new
CertificateRevokedException
(
ocspResponse
.
getRevocationTime
(),
ocspResponse
.
getRevocationReason
(),
responderCert
.
getSubjectX500Principal
(),
ocspResponse
.
getSingleExtensions
()));
ocspResponse
.
getSingleExtensions
());
throw
new
CertPathValidatorException
(
t
.
getMessage
(),
t
,
null
,
-
1
,
BasicReason
.
REVOKED
);
}
else
if
(
certOCSPStatus
==
OCSPResponse
.
CERT_STATUS_UNKNOWN
)
{
throw
new
CertPathValidatorException
(
"Certificate's revocation status is unknown"
,
null
,
cp
,
remainingCerts
);
remainingCerts
,
BasicReason
.
UNDETERMINED_REVOCATION_STATUS
);
}
}
catch
(
Exception
e
)
{
throw
new
CertPathValidatorException
(
e
);
...
...
src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
浏览文件 @
268b1c7d
/*
* Copyright 2000-200
7
Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-200
8
Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -38,6 +38,7 @@ import java.security.cert.CertPathValidatorResult;
import
java.security.cert.PKIXCertPathChecker
;
import
java.security.cert.PKIXCertPathValidatorResult
;
import
java.security.cert.PKIXParameters
;
import
java.security.cert.PKIXReason
;
import
java.security.cert.PolicyNode
;
import
java.security.cert.TrustAnchor
;
import
java.security.cert.X509Certificate
;
...
...
@@ -47,7 +48,6 @@ import java.util.List;
import
java.util.ArrayList
;
import
java.util.Date
;
import
java.util.Set
;
import
java.util.HashSet
;
import
javax.security.auth.x500.X500Principal
;
import
sun.security.util.Debug
;
...
...
@@ -67,6 +67,7 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
private
List
<
PKIXCertPathChecker
>
userCheckers
;
private
String
sigProvider
;
private
BasicChecker
basicChecker
;
private
String
ocspProperty
;
/**
* Default constructor.
...
...
@@ -126,7 +127,7 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
// Must copy elements of certList into a new modifiable List before
// calling Collections.reverse().
List
<
X509Certificate
>
certList
=
new
ArrayList
<
X509Certificate
>
Array
List
<
X509Certificate
>
certList
=
new
ArrayList
<
X509Certificate
>
((
List
<
X509Certificate
>)
cp
.
getCertificates
());
if
(
debug
!=
null
)
{
if
(
certList
.
isEmpty
())
{
...
...
@@ -201,7 +202,8 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
}
// (b) otherwise, generate new exception
throw
new
CertPathValidatorException
(
"Path does not chain with any of the trust anchors"
);
(
"Path does not chain with any of the trust anchors"
,
null
,
null
,
-
1
,
PKIXReason
.
NO_TRUST_ANCHOR
);
}
/**
...
...
@@ -210,7 +212,6 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
*/
private
boolean
isWorthTrying
(
X509Certificate
trustedCert
,
X509Certificate
firstCert
)
throws
CertPathValidatorException
{
if
(
debug
!=
null
)
{
debug
.
println
(
"PKIXCertPathValidator.isWorthTrying() checking "
...
...
@@ -240,7 +241,6 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
* Internal method to setup the internal state
*/
private
void
populateVariables
(
PKIXParameters
pkixParam
)
throws
CertPathValidatorException
{
// default value for testDate is current time
testDate
=
pkixParam
.
getDate
();
...
...
@@ -250,6 +250,17 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
userCheckers
=
pkixParam
.
getCertPathCheckers
();
sigProvider
=
pkixParam
.
getSigProvider
();
if
(
pkixParam
.
isRevocationEnabled
())
{
// Examine OCSP security property
ocspProperty
=
AccessController
.
doPrivileged
(
new
PrivilegedAction
<
String
>()
{
public
String
run
()
{
return
Security
.
getProperty
(
OCSPChecker
.
OCSP_ENABLE_PROP
);
}
});
}
}
/**
...
...
@@ -259,12 +270,9 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
*/
private
PolicyNode
doValidate
(
TrustAnchor
anchor
,
CertPath
cpOriginal
,
List
<
X509Certificate
>
certList
,
PKIXParameters
pkixParam
,
Array
List
<
X509Certificate
>
certList
,
PKIXParameters
pkixParam
,
PolicyNodeImpl
rootNode
)
throws
CertPathValidatorException
{
List
<
PKIXCertPathChecker
>
certPathCheckers
=
new
ArrayList
<
PKIXCertPathChecker
>();
int
certPathLen
=
certList
.
size
();
basicChecker
=
new
BasicChecker
(
anchor
,
testDate
,
sigProvider
,
false
);
...
...
@@ -281,6 +289,8 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
pkixParam
.
getPolicyQualifiersRejected
(),
rootNode
);
ArrayList
<
PKIXCertPathChecker
>
certPathCheckers
=
new
ArrayList
<
PKIXCertPathChecker
>();
// add standard checkers that we will be using
certPathCheckers
.
add
(
keyChecker
);
certPathCheckers
.
add
(
constraintsChecker
);
...
...
@@ -290,15 +300,6 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
// only add a revocationChecker if revocation is enabled
if
(
pkixParam
.
isRevocationEnabled
())
{
// Examine OCSP security property
String
ocspProperty
=
AccessController
.
doPrivileged
(
new
PrivilegedAction
<
String
>()
{
public
String
run
()
{
return
Security
.
getProperty
(
OCSPChecker
.
OCSP_ENABLE_PROP
);
}
});
// Use OCSP if it has been enabled
if
(
"true"
.
equalsIgnoreCase
(
ocspProperty
))
{
OCSPChecker
ocspChecker
=
...
...
src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java
浏览文件 @
268b1c7d
/*
* Copyright 2000-200
6
Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-200
8
Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -30,11 +30,12 @@ import sun.security.util.Debug;
import
java.util.Collections
;
import
java.util.List
;
import
java.util.Set
;
import
java.
util.Iterator
;
import
java.
security.cert.CertificateRevokedException
;
import
java.security.cert.CertPath
;
import
java.security.cert.CertPathValidatorException
;
import
java.security.cert.Cert
ificateRevokedExcepti
on
;
import
java.security.cert.Cert
PathValidatorException.BasicReas
on
;
import
java.security.cert.PKIXCertPathChecker
;
import
java.security.cert.PKIXReason
;
import
java.security.cert.X509Certificate
;
/**
...
...
@@ -153,10 +154,11 @@ class PKIXMasterCertPathValidator {
*/
CertPathValidatorException
currentCause
=
new
CertPathValidatorException
(
cpve
.
getMessage
(),
cpve
.
getCause
(),
cpOriginal
,
cpSize
-
(
i
+
1
));
cpve
.
getCause
(),
cpOriginal
,
cpSize
-
(
i
+
1
),
cpve
.
getReason
());
// Check if OCSP has confirmed that the cert was revoked
if
(
cpve
.
get
Cause
()
instanceof
CertificateRevokedException
)
{
if
(
cpve
.
get
Reason
()
==
BasicReason
.
REVOKED
)
{
throw
currentCause
;
}
// Check if it is appropriate to failover
...
...
@@ -184,7 +186,8 @@ class PKIXMasterCertPathValidator {
debug
.
println
(
"checking for unresolvedCritExts"
);
if
(!
unresolvedCritExts
.
isEmpty
())
{
throw
new
CertPathValidatorException
(
"unrecognized "
+
"critical extension(s)"
,
null
,
cpOriginal
,
cpSize
-(
i
+
1
));
"critical extension(s)"
,
null
,
cpOriginal
,
cpSize
-(
i
+
1
),
PKIXReason
.
UNRECOGNIZED_CRIT_EXT
);
}
if
(
debug
!=
null
)
...
...
src/share/classes/sun/security/provider/certpath/PolicyChecker.java
浏览文件 @
268b1c7d
/*
* Copyright 2000-200
6
Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-200
8
Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -30,11 +30,12 @@ import java.io.IOException;
import
java.security.cert.Certificate
;
import
java.security.cert.CertificateException
;
import
java.security.cert.X509Certificate
;
import
java.security.cert.PKIXCertPathChecker
;
import
java.security.cert.CertPathValidatorException
;
import
java.security.cert.PKIXCertPathChecker
;
import
java.security.cert.PKIXReason
;
import
java.security.cert.PolicyNode
;
import
java.security.cert.PolicyQualifierInfo
;
import
java.security.cert.X509Certificate
;
import
sun.security.util.Debug
;
import
sun.security.x509.CertificatePoliciesExtension
;
...
...
@@ -482,8 +483,9 @@ class PolicyChecker extends PKIXCertPathChecker {
// the policyQualifiersRejected flag is set in the params
if
(!
pQuals
.
isEmpty
()
&&
rejectPolicyQualifiers
&&
policiesCritical
)
{
throw
new
CertPathValidatorException
(
"critical "
+
"policy qualifiers present in certificate"
);
throw
new
CertPathValidatorException
(
"critical policy qualifiers present in certificate"
,
null
,
null
,
-
1
,
PKIXReason
.
INVALID_POLICY
);
}
// PKIX: Section 6.1.3: Step (d)(1)(i)
...
...
@@ -567,7 +569,8 @@ class PolicyChecker extends PKIXCertPathChecker {
if
((
explicitPolicy
==
0
)
&&
(
rootNode
==
null
))
{
throw
new
CertPathValidatorException
(
"non-null policy tree required and policy tree is null"
);
(
"non-null policy tree required and policy tree is null"
,
null
,
null
,
-
1
,
PKIXReason
.
INVALID_POLICY
);
}
return
rootNode
;
...
...
@@ -776,12 +779,14 @@ class PolicyChecker extends PKIXCertPathChecker {
if
(
issuerDomain
.
equals
(
ANY_POLICY
))
{
throw
new
CertPathValidatorException
(
"encountered an issuerDomainPolicy of ANY_POLICY"
);
(
"encountered an issuerDomainPolicy of ANY_POLICY"
,
null
,
null
,
-
1
,
PKIXReason
.
INVALID_POLICY
);
}
if
(
subjectDomain
.
equals
(
ANY_POLICY
))
{
throw
new
CertPathValidatorException
(
"encountered a subjectDomainPolicy of ANY_POLICY"
);
(
"encountered a subjectDomainPolicy of ANY_POLICY"
,
null
,
null
,
-
1
,
PKIXReason
.
INVALID_POLICY
);
}
Set
<
PolicyNodeImpl
>
validNodes
=
...
...
src/share/classes/sun/security/provider/certpath/ReverseBuilder.java
浏览文件 @
268b1c7d
/*
* Copyright 2000-200
6
Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-200
8
Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -29,14 +29,15 @@ import java.io.IOException;
import
java.security.GeneralSecurityException
;
import
java.security.Principal
;
import
java.security.cert.CertificateException
;
import
java.security.cert.X509Certificate
;
import
java.security.cert.CertPathValidatorException
;
import
java.security.cert.CertStore
;
import
java.security.cert.CertStoreException
;
import
java.security.cert.PKIXBuilderParameters
;
import
java.security.cert.PKIXCertPathChecker
;
import
java.security.cert.PKIXParameters
;
import
java.security.cert.PKIXReason
;
import
java.security.cert.TrustAnchor
;
import
java.security.cert.X509Certificate
;
import
java.security.cert.X509CertSelector
;
import
java.util.ArrayList
;
import
java.util.Collection
;
...
...
@@ -402,7 +403,8 @@ class ReverseBuilder extends Builder {
*/
if
((
currentState
.
remainingCACerts
<=
0
)
&&
!
X509CertImpl
.
isSelfIssued
(
cert
))
{
throw
new
CertPathValidatorException
(
"pathLenConstraint violated, path too long"
);
(
"pathLenConstraint violated, path too long"
,
null
,
null
,
-
1
,
PKIXReason
.
PATH_TOO_LONG
);
}
/*
...
...
@@ -438,7 +440,8 @@ class ReverseBuilder extends Builder {
try
{
if
(!
currentState
.
nc
.
verify
(
cert
)){
throw
new
CertPathValidatorException
(
"name constraints check failed"
);
(
"name constraints check failed"
,
null
,
null
,
-
1
,
PKIXReason
.
INVALID_NAME
);
}
}
catch
(
IOException
ioe
){
throw
new
CertPathValidatorException
(
ioe
);
...
...
@@ -483,7 +486,9 @@ class ReverseBuilder extends Builder {
unresolvedCritExts
.
remove
(
PKIXExtensions
.
ExtendedKeyUsage_Id
.
toString
());
if
(!
unresolvedCritExts
.
isEmpty
())
throw
new
CertificateException
(
"Unrecognized critical extension(s)"
);
throw
new
CertPathValidatorException
(
"Unrecognized critical extension(s)"
,
null
,
null
,
-
1
,
PKIXReason
.
UNRECOGNIZED_CRIT_EXT
);
}
/*
...
...
src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java
浏览文件 @
268b1c7d
/*
* Copyright 2000-200
7
Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-200
8
Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -30,6 +30,9 @@ import java.security.GeneralSecurityException;
import
java.security.InvalidAlgorithmParameterException
;
import
java.security.Principal
;
import
java.security.PublicKey
;
import
java.security.cert.*
;
import
java.security.cert.PKIXReason
;
import
java.security.interfaces.DSAPublicKey
;
import
java.util.ArrayList
;
import
java.util.Collection
;
import
java.util.Collections
;
...
...
@@ -39,10 +42,6 @@ import java.util.Iterator;
import
java.util.List
;
import
java.util.LinkedList
;
import
java.util.Set
;
import
java.security.cert.*
;
import
java.security.interfaces.DSAPublicKey
;
import
javax.security.auth.x500.X500Principal
;
import
sun.security.x509.X500Name
;
...
...
@@ -565,8 +564,9 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
(
PKIXExtensions
.
ExtendedKeyUsage_Id
.
toString
());
if
(!
unresCritExts
.
isEmpty
())
{
throw
new
CertPathValidatorException
(
"unrecognized "
+
"critical extension(s)"
);
throw
new
CertPathValidatorException
(
"unrecognized critical extension(s)"
,
null
,
null
,
-
1
,
PKIXReason
.
UNRECOGNIZED_CRIT_EXT
);
}
}
}
...
...
test/com/sun/net/httpserver/bugs/B6744329.java
0 → 100644
浏览文件 @
268b1c7d
/*
* Copyright 2005-2006 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/**
* @test
* @bug B6744329
* @summary Exception in light weight Http server
*/
import
com.sun.net.httpserver.*
;
import
java.util.*
;
import
java.util.concurrent.*
;
import
java.io.*
;
import
java.net.*
;
import
java.security.*
;
import
java.security.cert.*
;
import
javax.net.ssl.*
;
public
class
B6744329
{
public
static
void
main
(
String
[]
args
)
throws
Exception
{
Handler
handler
=
new
Handler
();
InetSocketAddress
addr
=
new
InetSocketAddress
(
0
);
HttpServer
server
=
HttpServer
.
create
(
addr
,
0
);
HttpContext
ctx
=
server
.
createContext
(
"/test"
,
handler
);
ExecutorService
executor
=
Executors
.
newCachedThreadPool
();
server
.
setExecutor
(
executor
);
server
.
start
();
URL
url
=
new
URL
(
"http://localhost:"
+
server
.
getAddress
().
getPort
()+
"/test/foo.html"
);
HttpURLConnection
urlc
=
(
HttpURLConnection
)
url
.
openConnection
();
try
{
InputStream
is
=
urlc
.
getInputStream
();
int
c
=
0
;
while
(
is
.
read
()!=
-
1
)
{
c
++;
}
System
.
out
.
println
(
"OK"
);
}
catch
(
IOException
e
)
{
System
.
out
.
println
(
"exception"
);
error
=
true
;
}
server
.
stop
(
2
);
executor
.
shutdown
();
if
(
error
)
{
throw
new
RuntimeException
(
"Test failed"
);
}
}
public
static
boolean
error
=
false
;
/* this must be the same size as in ChunkedOutputStream.java
*/
final
static
int
CHUNK_SIZE
=
4096
;
static
class
Handler
implements
HttpHandler
{
int
invocation
=
1
;
public
void
handle
(
HttpExchange
t
)
throws
IOException
{
InputStream
is
=
t
.
getRequestBody
();
Headers
map
=
t
.
getRequestHeaders
();
Headers
rmap
=
t
.
getResponseHeaders
();
while
(
is
.
read
()
!=
-
1
)
;
is
.
close
();
/* chunked response */
t
.
sendResponseHeaders
(
200
,
0
);
OutputStream
os
=
t
.
getResponseBody
();
byte
[]
first
=
new
byte
[
CHUNK_SIZE
*
2
];
byte
[]
second
=
new
byte
[
2
];
os
.
write
(
first
);
os
.
write
(
'x'
);
os
.
write
(
'x'
);
/* An index out of bounds exception will be thrown
* below, which is caught by server, and connection
* will be closed. resulting in IOException to client
* - if bug present
*/
os
.
write
(
'x'
);
os
.
write
(
'x'
);
os
.
write
(
'x'
);
t
.
close
();
}
}
}
test/java/net/CookieHandler/TestHttpCookie.java
浏览文件 @
268b1c7d
...
...
@@ -24,7 +24,7 @@
/**
* @test
* @summary Unit test for java.net.HttpCookie
* @bug 6244040 6277796 6277801 6277808 6294071
* @bug 6244040 6277796 6277801 6277808 6294071
6692802
* @author Edward Wang
*/
...
...
@@ -178,6 +178,19 @@ public class TestHttpCookie {
}
TestHttpCookie
port
(
String
p
)
{
return
port
(
0
,
p
);
}
// check http only
TestHttpCookie
httpOnly
(
int
index
,
boolean
b
)
{
HttpCookie
cookie
=
cookies
.
get
(
index
);
if
(
cookie
==
null
||
b
!=
cookie
.
isHttpOnly
())
{
raiseError
(
"HttpOnly"
,
String
.
valueOf
(
cookie
.
isHttpOnly
()),
String
.
valueOf
(
b
));
}
return
this
;
}
TestHttpCookie
httpOnly
(
boolean
b
)
{
return
httpOnly
(
0
,
b
);
}
// check equality
static
void
eq
(
HttpCookie
ck1
,
HttpCookie
ck2
,
boolean
same
)
{
testCount
++;
...
...
@@ -362,6 +375,10 @@ public class TestHttpCookie {
}
catch
(
IllegalArgumentException
ignored
)
{
// expected exception; no-op
}
// CR 6692802: HttpOnly flag
test
(
"set-cookie: CUSTOMER=WILE_E_COYOTE;HttpOnly"
).
httpOnly
(
true
);
test
(
"set-cookie: CUSTOMER=WILE_E_COYOTE"
).
httpOnly
(
false
);
}
static
void
header
(
String
prompt
)
{
...
...
test/java/security/cert/CertPathValidator/nameConstraintsRFC822/ValidateCertPath.java
浏览文件 @
268b1c7d
/*
* Copyright 2002 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2002
-2008
Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -34,6 +34,7 @@ import java.io.InputStream;
import
java.io.IOException
;
import
java.security.cert.*
;
import
java.security.cert.PKIXReason
;
import
java.util.ArrayList
;
import
java.util.Collections
;
...
...
@@ -69,6 +70,9 @@ public final class ValidateCertPath {
validate
(
path
,
params
);
throw
new
Exception
(
"Successfully validated invalid path."
);
}
catch
(
CertPathValidatorException
e
)
{
if
(
e
.
getReason
()
!=
PKIXReason
.
INVALID_NAME
)
{
throw
new
Exception
(
"unexpected reason: "
+
e
.
getReason
());
}
System
.
out
.
println
(
"Path rejected as expected: "
+
e
);
}
}
...
...
@@ -86,14 +90,14 @@ public final class ValidateCertPath {
args
=
new
String
[]
{
"jane2jane.cer"
,
"jane2steve.cer"
,
"steve2tom.cer"
};
TrustAnchor
anchor
=
new
TrustAnchor
(
getCertFromFile
(
args
[
0
]),
null
);
List
list
=
new
ArrayList
();
List
<
X509Certificate
>
list
=
new
ArrayList
<
X509Certificate
>
();
for
(
int
i
=
1
;
i
<
args
.
length
;
i
++)
{
list
.
add
(
0
,
getCertFromFile
(
args
[
i
]));
}
CertificateFactory
cf
=
CertificateFactory
.
getInstance
(
"X509"
);
path
=
cf
.
generateCertPath
(
list
);
Set
anchors
=
Collections
.
singleton
(
anchor
);
Set
<
TrustAnchor
>
anchors
=
Collections
.
singleton
(
anchor
);
params
=
new
PKIXParameters
(
anchors
);
params
.
setRevocationEnabled
(
false
);
}
...
...
test/java/security/cert/CertPathValidatorException/ReasonTest.java
0 → 100644
浏览文件 @
268b1c7d
/*
* Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/*
* @test
* @bug 6465942
* @summary unit test for CertPathValidatorException.Reason
*/
import
java.security.cert.CertPathValidatorException
;
import
java.security.cert.CertPathValidatorException.BasicReason
;
public
class
ReasonTest
{
private
static
volatile
boolean
failed
=
false
;
public
static
void
main
(
String
[]
args
)
throws
Exception
{
// check that getReason returns UNSPECIFIED if reason not specified
CertPathValidatorException
cpve
=
new
CertPathValidatorException
(
"abc"
);
if
(
cpve
.
getReason
()
!=
BasicReason
.
UNSPECIFIED
)
{
failed
=
true
;
System
.
err
.
println
(
"FAILED: unexpected reason: "
+
cpve
.
getReason
());
}
// check that getReason returns specified reason
cpve
=
new
CertPathValidatorException
(
"abc"
,
null
,
null
,
-
1
,
BasicReason
.
REVOKED
);
if
(
cpve
.
getReason
()
!=
BasicReason
.
REVOKED
)
{
failed
=
true
;
System
.
err
.
println
(
"FAILED: unexpected reason: "
+
cpve
.
getReason
());
}
// check that ctor throws NPE when reason is null
try
{
cpve
=
new
CertPathValidatorException
(
"abc"
,
null
,
null
,
-
1
,
null
);
failed
=
true
;
System
.
err
.
println
(
"ctor did not throw NPE for null reason"
);
}
catch
(
Exception
e
)
{
if
(!(
e
instanceof
NullPointerException
))
{
failed
=
true
;
System
.
err
.
println
(
"FAILED: unexpected exception: "
+
e
);
}
}
if
(
failed
)
{
throw
new
Exception
(
"Some tests FAILED"
);
}
}
}
test/java/security/cert/CertPathValidatorException/Serial.java
0 → 100644
浏览文件 @
268b1c7d
/*
* Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/*
* @test
* @bug 6465942
* @summary Test deserialization of CertPathValidatorException
*/
import
java.io.ByteArrayInputStream
;
import
java.io.ByteArrayOutputStream
;
import
java.io.File
;
import
java.io.FileInputStream
;
//import java.io.FileOutputStream;
import
java.io.ObjectInputStream
;
import
java.io.ObjectOutputStream
;
import
java.security.cert.Certificate
;
import
java.security.cert.CertificateFactory
;
import
java.security.cert.CertPath
;
import
java.security.cert.CertPathValidatorException
;
import
java.security.cert.CertPathValidatorException.BasicReason
;
import
java.util.Collections
;
/**
* This class tests to see if CertPathValidatorException can be serialized and
* deserialized properly.
*/
public
class
Serial
{
private
static
volatile
boolean
failed
=
false
;
public
static
void
main
(
String
[]
args
)
throws
Exception
{
File
f
=
new
File
(
System
.
getProperty
(
"test.src"
,
"."
),
"cert_file"
);
FileInputStream
fis
=
new
FileInputStream
(
f
);
CertificateFactory
cf
=
CertificateFactory
.
getInstance
(
"X.509"
);
Certificate
c
=
cf
.
generateCertificate
(
fis
);
fis
.
close
();
CertPath
cp
=
cf
.
generateCertPath
(
Collections
.
singletonList
(
c
));
CertPathValidatorException
cpve1
=
new
CertPathValidatorException
(
"Test"
,
new
Exception
(
"Expired"
),
cp
,
0
,
BasicReason
.
EXPIRED
);
ByteArrayOutputStream
baos
=
new
ByteArrayOutputStream
();
// FileOutputStream fos = new FileOutputStream("jdk7.serial");
ObjectOutputStream
oos
=
new
ObjectOutputStream
(
baos
);
// ObjectOutputStream foos = new ObjectOutputStream(fos);
oos
.
writeObject
(
cpve1
);
// foos.writeObject(cpve1);
ByteArrayInputStream
bais
=
new
ByteArrayInputStream
(
baos
.
toByteArray
());
ObjectInputStream
ois
=
new
ObjectInputStream
(
bais
);
CertPathValidatorException
cpve2
=
(
CertPathValidatorException
)
ois
.
readObject
();
check
(!
cpve1
.
getMessage
().
equals
(
cpve2
.
getMessage
()),
"CertPathValidatorException messages not equal"
);
check
(!
cpve1
.
getCause
().
getMessage
().
equals
(
cpve2
.
getCause
().
getMessage
()),
"CertPathValidatorException causes not equal"
);
check
(!
cpve1
.
getCertPath
().
equals
(
cpve2
.
getCertPath
()),
"CertPathValidatorException certpaths not equal"
);
check
(
cpve1
.
getIndex
()
!=
cpve2
.
getIndex
(),
"CertPathValidatorException indexes not equal"
);
check
(
cpve1
.
getReason
()
!=
cpve2
.
getReason
(),
"CertPathValidatorException reasons not equal"
);
oos
.
close
();
ois
.
close
();
f
=
new
File
(
System
.
getProperty
(
"test.src"
,
"."
),
"jdk6.serial"
);
fis
=
new
FileInputStream
(
f
);
ois
=
new
ObjectInputStream
(
fis
);
cpve2
=
(
CertPathValidatorException
)
ois
.
readObject
();
check
(!
cpve1
.
getMessage
().
equals
(
cpve2
.
getMessage
()),
"CertPathValidatorException messages not equal"
);
check
(!
cpve1
.
getCause
().
getMessage
().
equals
(
cpve2
.
getCause
().
getMessage
()),
"CertPathValidatorException causes not equal"
);
check
(!
cpve1
.
getCertPath
().
equals
(
cpve2
.
getCertPath
()),
"CertPathValidatorException certpaths not equal"
);
check
(
cpve1
.
getIndex
()
!=
cpve2
.
getIndex
(),
"CertPathValidatorException indexes not equal"
);
// System.out.println(cpve2.getReason());
check
(
cpve2
.
getReason
()
!=
BasicReason
.
UNSPECIFIED
,
"CertPathValidatorException reasons not equal"
);
oos
.
close
();
ois
.
close
();
if
(
failed
)
{
throw
new
Exception
(
"Some tests FAILED"
);
}
}
private
static
void
check
(
boolean
expr
,
String
message
)
{
if
(
expr
)
{
failed
=
true
;
System
.
err
.
println
(
"FAILED: "
+
message
);
}
}
}
test/java/security/cert/CertPathValidatorException/cert_file
0 → 100644
浏览文件 @
268b1c7d
文件已添加
test/java/security/cert/CertPathValidatorException/jdk6.serial
0 → 100644
浏览文件 @
268b1c7d
文件已添加
test/java/security/cert/PolicyNode/GetPolicyQualifiers.java
浏览文件 @
268b1c7d
/*
* Copyright 2001 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2001
-2008
Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -74,6 +74,10 @@ public class GetPolicyQualifiers {
throw
new
Exception
(
"Validation of CertPath containing critical "
+
"qualifiers should have failed when policyQualifiersRejected "
+
"flag is true"
);
}
catch
(
CertPathValidatorException
cpve
)
{}
}
catch
(
CertPathValidatorException
cpve
)
{
if
(
cpve
.
getReason
()
!=
PKIXReason
.
INVALID_POLICY
)
{
throw
new
Exception
(
"unexpected reason: "
+
cpve
.
getReason
());
}
}
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录