提交 768cc7e0 编写于 作者: A asaha

Merge

......@@ -710,6 +710,8 @@ c92d704420d707d3016d8ee3a4239d1c57692ddd jdk8u141-b10
c6bc194fedb63b20c45c793405d215d206fb4654 jdk8u141-b13
d630e23b8e36c2863225d7ae107c73a38d3e6102 jdk8u141-b14
2ea94405100763c772ab3989200115d7a23c7532 jdk8u141-b15
b64b1dfdbe7cfe3859f1023c0f1fb0216bce4ae7 jdk8u144-b00
d2744852f3e64f7b0ba54f3a64ed5e2107e6ee68 jdk8u144-b01
072e084bceeedeb75467e40ca77786ac9ef5227a jdk8u151-b00
5b0fa6e004312a5910a6a70e4fbc0f00a678e650 jdk8u151-b01
bd40efd56b4544ff9048d2f7be4cf108b281a6f3 jdk8u151-b02
......
/*
* Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -38,6 +38,7 @@ import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.AlgorithmParameters;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.crypto.Cipher;
......@@ -74,6 +75,8 @@ final class KeyProtector {
// keys in the keystore implementation that comes with JDK 1.2)
private static final String KEY_PROTECTOR_OID = "1.3.6.1.4.1.42.2.17.1.1";
private static final int MAX_ITERATION_COUNT = 5000000;
private static final int ITERATION_COUNT = 200000;
private static final int SALT_LEN = 20; // the salt length
private static final int DIGEST_LEN = 20;
......@@ -100,7 +103,7 @@ final class KeyProtector {
SunJCE.getRandom().nextBytes(salt);
// create PBE parameters from salt and iteration count
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
......@@ -155,6 +158,9 @@ final class KeyProtector {
pbeParams.init(encodedParams);
PBEParameterSpec pbeSpec =
pbeParams.getParameterSpec(PBEParameterSpec.class);
if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
throw new IOException("PBE iteration count too large");
}
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
......@@ -285,7 +291,7 @@ final class KeyProtector {
SunJCE.getRandom().nextBytes(salt);
// create PBE parameters from salt and iteration count
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
......@@ -326,6 +332,15 @@ final class KeyProtector {
throw new UnrecoverableKeyException("Cannot get " +
"algorithm parameters");
}
PBEParameterSpec pbeSpec;
try {
pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
throw new IOException("Invalid PBE algorithm parameters");
}
if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
throw new IOException("PBE iteration count too large");
}
PBEWithMD5AndTripleDESCipher cipherSpi;
cipherSpi = new PBEWithMD5AndTripleDESCipher();
Cipher cipher = new CipherForKeyProtector(cipherSpi,
......
......@@ -284,7 +284,7 @@ final class PBES1Core {
for (i=0; i<2; i++) {
byte tmp = salt[i];
salt[i] = salt[3-i];
salt[3-1] = tmp;
salt[3-i] = tmp;
}
}
......
/*
* Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -41,6 +41,7 @@ package java.util;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.IOException;
import java.io.InvalidObjectException;
import sun.util.calendar.CalendarSystem;
import sun.util.calendar.CalendarUtils;
import sun.util.calendar.BaseCalendar;
......@@ -1278,6 +1279,9 @@ public class SimpleTimeZone extends TimeZone {
*/
private int serialVersionOnStream = currentSerialVersion;
// Maximum number of rules.
private static final int MAX_RULE_NUM = 6;
synchronized private void invalidateCache() {
cacheYear = startYear - 1;
cacheStart = cacheEnd = 0;
......@@ -1569,7 +1573,7 @@ public class SimpleTimeZone extends TimeZone {
*/
private byte[] packRules()
{
byte[] rules = new byte[6];
byte[] rules = new byte[MAX_RULE_NUM];
rules[0] = (byte)startDay;
rules[1] = (byte)startDayOfWeek;
rules[2] = (byte)endDay;
......@@ -1594,7 +1598,7 @@ public class SimpleTimeZone extends TimeZone {
endDayOfWeek = rules[3];
// As of serial version 2, include time modes
if (rules.length >= 6) {
if (rules.length >= MAX_RULE_NUM) {
startTimeMode = rules[4];
endTimeMode = rules[5];
}
......@@ -1691,9 +1695,13 @@ public class SimpleTimeZone extends TimeZone {
// store the actual rules (which have not be made compatible with 1.1)
// in the optional area. Read them in here and parse them.
int length = stream.readInt();
byte[] rules = new byte[length];
stream.readFully(rules);
unpackRules(rules);
if (length <= MAX_RULE_NUM) {
byte[] rules = new byte[length];
stream.readFully(rules);
unpackRules(rules);
} else {
throw new InvalidObjectException("Too many rules: " + length);
}
}
if (serialVersionOnStream >= 2) {
......
......@@ -90,12 +90,18 @@ class ZipFile implements ZipConstants, Closeable {
private static final boolean usemmap;
private static final boolean ensuretrailingslash;
static {
// A system prpperty to disable mmap use to avoid vm crash when
// in-use zip file is accidently overwritten by others.
String prop = sun.misc.VM.getSavedProperty("sun.zip.disableMemoryMapping");
usemmap = (prop == null ||
!(prop.length() == 0 || prop.equalsIgnoreCase("true")));
// see getEntry() for details
prop = sun.misc.VM.getSavedProperty("jdk.util.zip.ensureTrailingSlash");
ensuretrailingslash = prop == null || !prop.equalsIgnoreCase("false");
}
/**
......@@ -309,7 +315,16 @@ class ZipFile implements ZipConstants, Closeable {
ensureOpen();
jzentry = getEntry(jzfile, zc.getBytes(name), true);
if (jzentry != 0) {
ZipEntry ze = getZipEntry(name, jzentry);
// If no entry is found for the specified 'name' and
// the 'name' does not end with a forward slash '/',
// the implementation tries to find the entry with a
// slash '/' appended to the end of the 'name', before
// returning null. When such entry is found, the name
// that actually is found (with a slash '/' attached)
// is used
// (disabled if jdk.util.zip.ensureTrailingSlash=false)
ZipEntry ze = ensuretrailingslash ? getZipEntry(null, jzentry)
: getZipEntry(name, jzentry);
freeEntry(jzfile, jzentry);
return ze;
}
......@@ -560,7 +575,9 @@ class ZipFile implements ZipConstants, Closeable {
e.name = name;
} else {
byte[] bname = getEntryBytes(jzentry, JZENTRY_NAME);
if (!zc.isUTF8() && (e.flag & EFS) != 0) {
if (bname == null) {
e.name = ""; // length 0 empty name
} else if (!zc.isUTF8() && (e.flag & EFS) != 0) {
e.name = zc.toStringUTF8(bname, bname.length);
} else {
e.name = zc.toString(bname, bname.length);
......
/*
* Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -46,11 +46,13 @@ import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.*;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
......@@ -136,6 +138,11 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
"keystore.PKCS12.keyProtectionAlgorithm"
};
private static final int MAX_ITERATION_COUNT = 5000000;
private static final int PBE_ITERATION_COUNT = 50000; // default
private static final int MAC_ITERATION_COUNT = 100000; // default
private static final int SALT_LEN = 20;
// friendlyName, localKeyId, trustedKeyUsage
private static final String[] CORE_ATTRIBUTES = {
"1.2.840.113549.1.9.20",
......@@ -181,8 +188,6 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
private static ObjectIdentifier[] AnyUsage;
private int counter = 0;
private static final int iterationCount = 1024;
private static final int SALT_LEN = 20;
// private key count
// Note: This is a workaround to allow null localKeyID attribute
......@@ -316,6 +321,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
byte[] encryptedKey;
AlgorithmParameters algParams;
ObjectIdentifier algOid;
try {
// get the encrypted private key
EncryptedPrivateKeyInfo encrInfo =
......@@ -336,7 +342,24 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
throw uke;
}
try {
try {
PBEParameterSpec pbeSpec;
int ic = 0;
if (algParams != null) {
try {
pbeSpec =
algParams.getParameterSpec(PBEParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
throw new IOException("Invalid PBE algorithm parameters");
}
ic = pbeSpec.getIterationCount();
if (ic > MAX_ITERATION_COUNT) {
throw new IOException("PBE iteration count too large");
}
}
byte[] keyInfo;
while (true) {
try {
......@@ -376,9 +399,10 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
key = kfac.generatePrivate(kspec);
if (debug != null) {
debug.println("Retrieved a protected private key (" +
key.getClass().getName() + ") at alias '" + alias +
"'");
debug.println("Retrieved a protected private key at alias" +
" '" + alias + "' (" +
new AlgorithmId(algOid).getName() +
" iterations: " + ic + ")");
}
// decode secret key
......@@ -399,9 +423,10 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
}
if (debug != null) {
debug.println("Retrieved a protected secret key (" +
key.getClass().getName() + ") at alias '" + alias +
"'");
debug.println("Retrieved a protected secret key at alias " +
"'" + alias + "' (" +
new AlgorithmId(algOid).getName() +
" iterations: " + ic + ")");
}
}
} catch (Exception e) {
......@@ -576,9 +601,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
(key.getFormat().equals("PKCS8"))) {
if (debug != null) {
debug.println("Setting a protected private key (" +
key.getClass().getName() + ") at alias '" + alias +
"'");
debug.println(
"Setting a protected private key at alias '" +
alias + "'");
}
// Encrypt the private key
......@@ -624,9 +649,8 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
encryptPrivateKey(pkcs8.toByteArray(), passwordProtection);
if (debug != null) {
debug.println("Setting a protected secret key (" +
key.getClass().getName() + ") at alias '" + alias +
"'");
debug.println("Setting a protected secret key at alias '" +
alias + "'");
}
secretKeyCount++;
entry = keyEntry;
......@@ -744,19 +768,19 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
/*
* Generate PBE Algorithm Parameters
*/
private AlgorithmParameters getAlgorithmParameters(String algorithm)
private AlgorithmParameters getPBEAlgorithmParameters(String algorithm)
throws IOException
{
AlgorithmParameters algParams = null;
// create PBE parameters from salt and iteration count
PBEParameterSpec paramSpec =
new PBEParameterSpec(getSalt(), iterationCount);
new PBEParameterSpec(getSalt(), PBE_ITERATION_COUNT);
try {
algParams = AlgorithmParameters.getInstance(algorithm);
algParams.init(paramSpec);
} catch (Exception e) {
throw new IOException("getAlgorithmParameters failed: " +
throw new IOException("getPBEAlgorithmParameters failed: " +
e.getMessage(), e);
}
return algParams;
......@@ -842,7 +866,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
algParams = AlgorithmParameters.getInstance(algorithm);
algParams.init(algParamSpec);
} else {
algParams = getAlgorithmParameters(algorithm);
algParams = getPBEAlgorithmParameters(algorithm);
}
} else {
// Check default key protection algorithm for PKCS12 keystores
......@@ -862,7 +886,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
if (algorithm == null || algorithm.isEmpty()) {
algorithm = "PBEWithSHA1AndDESede";
}
algParams = getAlgorithmParameters(algorithm);
algParams = getPBEAlgorithmParameters(algorithm);
}
ObjectIdentifier pbeOID = mapPBEAlgorithmToOID(algorithm);
......@@ -1170,7 +1194,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
if (debug != null) {
debug.println("Storing " + (privateKeyCount + secretKeyCount) +
" protected key(s) in a PKCS#7 data content-type");
" protected key(s) in a PKCS#7 data");
}
byte[] safeContentData = createSafeContent();
......@@ -1183,7 +1207,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
if (debug != null) {
debug.println("Storing " + certificateCount +
" certificate(s) in a PKCS#7 encryptedData content-type");
" certificate(s) in a PKCS#7 encryptedData");
}
byte[] encrData = createEncryptedData(password);
......@@ -1454,7 +1478,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
// generate MAC (MAC key is generated within JCE)
Mac m = Mac.getInstance("HmacPBESHA1");
PBEParameterSpec params =
new PBEParameterSpec(salt, iterationCount);
new PBEParameterSpec(salt, MAC_ITERATION_COUNT);
SecretKey key = getPBEKey(passwd);
m.init(key, params);
m.update(data);
......@@ -1462,7 +1486,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
// encode as MacData
MacData macData = new MacData(algName, macResult, salt,
iterationCount);
MAC_ITERATION_COUNT);
DerOutputStream bytes = new DerOutputStream();
bytes.write(macData.getEncoded());
mData = bytes.toByteArray();
......@@ -1839,7 +1863,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
// create AlgorithmParameters
AlgorithmParameters algParams =
getAlgorithmParameters("PBEWithSHA1AndRC2_40");
getPBEAlgorithmParameters("PBEWithSHA1AndRC2_40");
DerOutputStream bytes = new DerOutputStream();
AlgorithmId algId =
new AlgorithmId(pbeWithSHAAnd40BitRC2CBC_OID, algParams);
......@@ -1959,7 +1983,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
if (contentType.equals((Object)ContentInfo.DATA_OID)) {
if (debug != null) {
debug.println("Loading PKCS#7 data content-type");
debug.println("Loading PKCS#7 data");
}
safeContentsData = safeContents.getData();
......@@ -1968,15 +1992,11 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
if (debug != null) {
debug.println("Warning: skipping PKCS#7 encryptedData" +
" content-type - no password was supplied");
" - no password was supplied");
}
continue;
}
if (debug != null) {
debug.println("Loading PKCS#7 encryptedData content-type");
}
DerInputStream edi =
safeContents.getContent().toDerInputStream();
int edVersion = edi.getInteger();
......@@ -1997,6 +2017,30 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
ObjectIdentifier algOid = in.getOID();
AlgorithmParameters algParams = parseAlgParameters(algOid, in);
PBEParameterSpec pbeSpec;
int ic = 0;
if (algParams != null) {
try {
pbeSpec =
algParams.getParameterSpec(PBEParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
throw new IOException(
"Invalid PBE algorithm parameters");
}
ic = pbeSpec.getIterationCount();
if (ic > MAX_ITERATION_COUNT) {
throw new IOException("PBE iteration count too large");
}
}
if (debug != null) {
debug.println("Loading PKCS#7 encryptedData " +
"(" + new AlgorithmId(algOid).getName() +
" iterations: " + ic + ")");
}
while (true) {
try {
// Use JCE
......@@ -2027,8 +2071,15 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
// The MacData is optional.
if (password != null && s.available() > 0) {
MacData macData = new MacData(s);
try {
MacData macData = new MacData(s);
int ic = macData.getIterations();
try {
if (ic > MAX_ITERATION_COUNT) {
throw new InvalidAlgorithmParameterException(
"MAC iteration count too large: " + ic);
}
String algName =
macData.getDigestAlgName().toUpperCase(Locale.ENGLISH);
......@@ -2038,8 +2089,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
// generate MAC (MAC key is created within JCE)
Mac m = Mac.getInstance("HmacPBE" + algName);
PBEParameterSpec params =
new PBEParameterSpec(macData.getSalt(),
macData.getIterations());
new PBEParameterSpec(macData.getSalt(), ic);
SecretKey key = getPBEKey(password);
m.init(key, params);
m.update(authSafeData);
......@@ -2047,16 +2097,16 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
if (debug != null) {
debug.println("Checking keystore integrity " +
"(MAC algorithm: " + m.getAlgorithm() + ")");
"(" + m.getAlgorithm() + " iterations: " + ic + ")");
}
if (!MessageDigest.isEqual(macData.getDigest(), macResult)) {
throw new UnrecoverableKeyException("Failed PKCS12" +
" integrity checking");
}
} catch (Exception e) {
} catch (Exception e) {
throw new IOException("Integrity check failed: " + e, e);
}
}
}
/*
......
/*
* Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -22,8 +22,11 @@
*/
/* @test
@bug 4241361 4842702 4985614 6646605 5032358 6923692
@summary Make sure we can read a zip file.
* @bug 4241361 4842702 4985614 6646605 5032358 6923692 6233323 8144977 8184993
* @summary Make sure we can read a zip file.
* @run main/othervm ReadZip
* @run main/othervm -Djdk.util.zip.ensureTrailingSlash=true ReadZip
* @run main/othervm -Djdk.util.zip.ensureTrailingSlash=false ReadZip
*/
import java.io.*;
......@@ -103,6 +106,45 @@ public class ReadZip {
newZip.delete();
}
// Read directory entry
try {
try (FileOutputStream fos = new FileOutputStream(newZip);
ZipOutputStream zos = new ZipOutputStream(fos))
{
ZipEntry ze = new ZipEntry("directory/");
zos.putNextEntry(ze);
zos.closeEntry();
}
try (ZipFile zf = new ZipFile(newZip)) {
ZipEntry ze = zf.getEntry("directory/");
if (ze == null || !ze.isDirectory())
throw new RuntimeException("read entry \"directory/\" failed");
try (InputStream is = zf.getInputStream(ze)) {
is.available();
} catch (Exception x) {
x.printStackTrace();
}
ze = zf.getEntry("directory");
boolean legacyBehavior =
System.getProperty("jdk.util.zip.ensureTrailingSlash", "true")
.equalsIgnoreCase("false");
if (ze == null || (!legacyBehavior && !ze.isDirectory()))
throw new RuntimeException("read entry \"directory\" failed");
try (InputStream is = zf.getInputStream(ze)) {
is.available();
} catch (Exception x) {
x.printStackTrace();
}
}
} finally {
newZip.delete();
}
// Throw a FNF exception when read a non-existing zip file
try { unreached (new ZipFile(
new File(System.getProperty("test.src", "."),
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册