Merge

64410463 · lana · 442c804d · 9dd3acc1 · 64410463 · 64410463
8 changed file
--- a/.hgtags
+++ b/.hgtags
@@ -208,3 +208,4 @@ ac519af51769e92c51b597a730974e8607357709 jdk8-b83
 7b4721e4edb4e1c65e9c839a70d7cc67f81c7632 jdk8-b84
 296676d534c52888c36e305a2bf7f345c4ca70f8 jdk8-b85
 7989cd0cc3a9149864589438ee2c949015d8aa9a jdk8-b86
+d5228e624826a10ccc5b05f30ad8d839b58fe48d jdk8-b87
--- a/src/share/classes/sun/security/provider/certpath/CertPathHelper.java
+++ b/src/share/classes/sun/security/provider/certpath/CertPathHelper.java
@@ -64,7 +64,7 @@ public abstract class CertPathHelper {
        instance.implSetPathToNames(sel, names);
    }

-    static void setDateAndTime(X509CRLSelector sel, Date date, long skew) {
+    public static void setDateAndTime(X509CRLSelector sel, Date date, long skew) {
        instance.implSetDateAndTime(sel, date, skew);
    }
 }
--- a/src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java
+++ b/src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java
@@ -50,7 +50,7 @@ import sun.security.x509.*;
 * @author Sean Mullan
 * @since 1.4.2
 */
-class DistributionPointFetcher {
+public class DistributionPointFetcher {

    private static final Debug debug = Debug.getInstance("certpath");

@@ -66,13 +66,14 @@ class DistributionPointFetcher {
     * Return the X509CRLs matching this selector. The selector must be
     * an X509CRLSelector with certificateChecking set.
     */
-    static Collection<X509CRL> getCRLs(X509CRLSelector selector,
-                                       boolean signFlag, PublicKey prevKey,
-                                       String provider,
-                                       List<CertStore> certStores,
-                                       boolean[] reasonsMask,
-                                       Set<TrustAnchor> trustAnchors,
-                                       Date validity)
+    public static Collection<X509CRL> getCRLs(X509CRLSelector selector,
+                                              boolean signFlag,
+                                              PublicKey prevKey,
+                                              String provider,
+                                              List<CertStore> certStores,
+                                              boolean[] reasonsMask,
+                                              Set<TrustAnchor> trustAnchors,
+                                              Date validity)
        throws CertStoreException
    {
        X509Certificate cert = selector.getCertificateChecking();

--- a/src/share/classes/sun/security/provider/certpath/OCSP.java
+++ b/src/share/classes/sun/security/provider/certpath/OCSP.java
 /*
- * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -85,10 +85,9 @@ public final class OCSP {
     * value is negative, set the timeout length to the default.
     */
    private static int initializeTimeout() {
-        int tmp = java.security.AccessController.doPrivileged(
-                new GetIntegerAction("com.sun.security.ocsp.timeout",
-                                     DEFAULT_CONNECT_TIMEOUT));
-        if (tmp < 0) {
+        Integer tmp = java.security.AccessController.doPrivileged(
+                new GetIntegerAction("com.sun.security.ocsp.timeout"));
+        if (tmp == null || tmp < 0) {
            return DEFAULT_CONNECT_TIMEOUT;
        }
        // Convert to milliseconds, as the system property will be

--- a/src/share/classes/sun/security/provider/certpath/OCSPResponse.java
+++ b/src/share/classes/sun/security/provider/certpath/OCSPResponse.java
 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -43,6 +43,7 @@ import java.util.Map;
 import javax.security.auth.x500.X500Principal;

 import sun.misc.HexDumpEncoder;
+import sun.security.action.GetIntegerAction;
 import sun.security.x509.*;
 import sun.security.util.*;

@@ -144,9 +145,31 @@ public final class OCSPResponse {
    // Object identifier for the OCSPSigning key purpose
    private static final String KP_OCSP_SIGNING_OID = "1.3.6.1.5.5.7.3.9";

-    // Maximum clock skew in milliseconds (15 minutes) allowed when checking
-    // validity of OCSP responses
-    private static final long MAX_CLOCK_SKEW = 900000;
+    // Default maximum clock skew in milliseconds (15 minutes)
+    // allowed when checking validity of OCSP responses
+    private static final int DEFAULT_MAX_CLOCK_SKEW = 900000;
+
+    /**
+     * Integer value indicating the maximum allowable clock skew, in seconds,
+     * to be used for the OCSP check.
+     */
+    private static final int MAX_CLOCK_SKEW = initializeClockSkew();
+
+    /**
+     * Initialize the maximum allowable clock skew by getting the OCSP
+     * clock skew system property. If the property has not been set, or if its
+     * value is negative, set the skew to the default.
+     */
+    private static int initializeClockSkew() {
+        Integer tmp = java.security.AccessController.doPrivileged(
+                new GetIntegerAction("com.sun.security.ocsp.clockSkew"));
+        if (tmp == null || tmp < 0) {
+            return DEFAULT_MAX_CLOCK_SKEW;
+        }
+        // Convert to milliseconds, as the system property will be
+        // specified in seconds
+        return tmp * 1000;
+    }

    // an array of all of the CRLReasons (used in SingleResponse)
    private static CRLReason[] values = CRLReason.values();

--- a/src/share/classes/sun/security/provider/certpath/URICertStore.java
+++ b/src/share/classes/sun/security/provider/certpath/URICertStore.java
 /*
- * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -51,6 +51,7 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
 import java.util.Locale;
+import sun.security.action.GetIntegerAction;
 import sun.security.x509.AccessDescription;
 import sun.security.x509.GeneralNameInterface;
 import sun.security.x509.URIName;
@@ -121,6 +122,33 @@ class URICertStore extends CertStoreSpi {
    private CertStore ldapCertStore;
    private String ldapPath;

+    // Default maximum connect timeout in milliseconds (15 seconds)
+    // allowed when downloading CRLs
+    private static final int DEFAULT_CRL_CONNECT_TIMEOUT = 15000;
+
+    /**
+     * Integer value indicating the connect timeout, in seconds, to be
+     * used for the CRL download. A timeout of zero is interpreted as
+     * an infinite timeout.
+     */
+    private static final int CRL_CONNECT_TIMEOUT = initializeTimeout();
+
+    /**
+     * Initialize the timeout length by getting the CRL timeout
+     * system property. If the property has not been set, or if its
+     * value is negative, set the timeout length to the default.
+     */
+    private static int initializeTimeout() {
+        Integer tmp = java.security.AccessController.doPrivileged(
+                new GetIntegerAction("com.sun.security.crl.timeout"));
+        if (tmp == null || tmp < 0) {
+            return DEFAULT_CRL_CONNECT_TIMEOUT;
+        }
+        // Convert to milliseconds, as the system property will be
+        // specified in seconds
+        return tmp * 1000;
+    }
+
    /**
     * Creates a URICertStore.
     *
@@ -364,6 +392,7 @@ class URICertStore extends CertStoreSpi {
                connection.setIfModifiedSince(lastModified);
            }
            long oldLastModified = lastModified;
+            connection.setConnectTimeout(CRL_CONNECT_TIMEOUT);
            try (InputStream in = connection.getInputStream()) {
                lastModified = connection.getLastModified();
                if (oldLastModified != 0) {

--- a/test/java/lang/Runtime/exec/WinCommand.java
+++ b/test/java/lang/Runtime/exec/WinCommand.java
 /*
- * Copyright (c) 2004, 2013 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it

--- a/test/java/lang/reflect/Method/DefaultMethodModeling.java
+++ b/test/java/lang/reflect/Method/DefaultMethodModeling.java
 /*
- * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it