Merge

837cb624 · michaelm · 2ab4f7dc · 04ae560f · 837cb624 · 837cb624
13 changed file
--- a/src/share/classes/com/sun/naming/internal/ResourceManager.java
+++ b/src/share/classes/com/sun/naming/internal/ResourceManager.java
@@ -25,11 +25,12 @@

 package com.sun.naming.internal;

-import java.applet.Applet;
 import java.io.InputStream;
 import java.io.IOException;
 import java.net.URL;
 import java.lang.ref.WeakReference;
+import java.lang.reflect.Method;
+import java.lang.reflect.InvocationTargetException;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.Hashtable;
@@ -112,6 +113,52 @@ public final class ResourceManager {
    private static final WeakHashMap urlFactoryCache = new WeakHashMap(11);
    private static final WeakReference NO_FACTORY = new WeakReference(null);

+    /**
+     * A class to allow JNDI properties be specified as applet parameters
+     * without creating a static dependency on java.applet.
+     */
+    private static class AppletParameter {
+        private static final Class<?> clazz = getClass("java.applet.Applet");
+        private static final Method getMethod =
+            getMethod(clazz, "getParameter", String.class);
+        private static Class<?> getClass(String name) {
+            try {
+                return Class.forName(name, true, null);
+            } catch (ClassNotFoundException e) {
+                return null;
+            }
+        }
+        private static Method getMethod(Class<?> clazz,
+                                        String name,
+                                        Class<?>... paramTypes)
+        {
+            if (clazz != null) {
+                try {
+                    return clazz.getMethod(name, paramTypes);
+                } catch (NoSuchMethodException e) {
+                    throw new AssertionError(e);
+                }
+            } else {
+                return null;
+            }
+        }
+
+        /**
+         * Returns the value of the applet's named parameter.
+         */
+        static Object get(Object applet, String name) {
+            // if clazz is null then applet cannot be an Applet.
+            if (clazz == null || !clazz.isInstance(applet))
+                throw new ClassCastException(applet.getClass().getName());
+            try {
+                return getMethod.invoke(applet, name);
+            } catch (InvocationTargetException e) {
+                throw new AssertionError(e);
+            } catch (IllegalAccessException iae) {
+                throw new AssertionError(iae);
+            }
+        }
+    }

    // There should be no instances of this class.
    private ResourceManager() {
@@ -143,7 +190,7 @@ public final class ResourceManager {
        if (env == null) {
            env = new Hashtable(11);
        }
-        Applet applet = (Applet)env.get(Context.APPLET);
+        Object applet = env.get(Context.APPLET);

        // Merge property values from env param, applet params, and system
        // properties.  The first value wins:  there's no concatenation of
@@ -157,7 +204,7 @@ public final class ResourceManager {
            Object val = env.get(props[i]);
            if (val == null) {
                if (applet != null) {
-                    val = applet.getParameter(props[i]);
+                    val = AppletParameter.get(applet, props[i]);
                }
                if (val == null) {
                    // Read system property.

--- a/src/share/classes/java/lang/Enum.java
+++ b/src/share/classes/java/lang/Enum.java
@@ -40,10 +40,17 @@ import java.io.ObjectStreamException;
 * Edition</i>, <a
 * href="http://java.sun.com/docs/books/jls/third_edition/html/classes.html#8.9">&sect;8.9</a>.
 *
+ * <p> Note that when using an enumeration type as the type of a set
+ * or as the type of the keys in a map, specialized and efficient
+ * {@linkplain java.util.EnumSet set} and {@linkplain
+ * java.util.EnumMap map} implementations are available.
+ *
 * @param <E> The enum type subclass
 * @author  Josh Bloch
 * @author  Neal Gafter
 * @see     Class#getEnumConstants()
+ * @see     java.util.EnumSet
+ * @see     java.util.EnumMap
 * @since   1.5
 */
 public abstract class Enum<E extends Enum<E>>

--- a/src/share/classes/java/lang/reflect/AccessibleObject.java
+++ b/src/share/classes/java/lang/reflect/AccessibleObject.java
@@ -44,6 +44,8 @@ import java.lang.annotation.Annotation;
 * as Java Object Serialization or other persistence mechanisms, to
 * manipulate objects in a manner that would normally be prohibited.
 *
+ * <p>By default, a reflected object is <em>not</em> accessible.
+ *
 * @see Field
 * @see Method
 * @see Constructor

--- a/src/share/classes/sun/security/provider/SunEntries.java
+++ b/src/share/classes/sun/security/provider/SunEntries.java
@@ -210,7 +210,7 @@ final class SunEntries {
         * CertStores
         */
        map.put("CertStore.LDAP",
-            "sun.security.provider.certpath.LDAPCertStore");
+            "sun.security.provider.certpath.ldap.LDAPCertStore");
        map.put("CertStore.LDAP LDAPSchema", "RFC2587");
        map.put("CertStore.Collection",
            "sun.security.provider.certpath.CollectionCertStore");

--- a/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java
+++ b/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package sun.security.provider.certpath;
+
+import java.net.URI;
+import java.util.Collection;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.cert.CertStore;
+import java.security.cert.X509CertSelector;
+import java.security.cert.X509CRLSelector;
+import javax.security.auth.x500.X500Principal;
+import java.io.IOException;
+
+/**
+ * Helper used by URICertStore when delegating to another CertStore to
+ * fetch certs and CRLs.
+ */
+
+public interface CertStoreHelper {
+
+    /**
+     * Returns a CertStore using the given URI as parameters.
+     */
+    CertStore getCertStore(URI uri)
+        throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;
+
+    /**
+     * Wraps an existing X509CertSelector when needing to avoid DN matching
+     * issues.
+     */
+    X509CertSelector wrap(X509CertSelector selector,
+                          X500Principal certSubject,
+                          String dn)
+        throws IOException;
+
+    /**
+     * Wraps an existing X509CRLSelector when needing to avoid DN matching
+     * issues.
+     */
+    X509CRLSelector wrap(X509CRLSelector selector,
+                         Collection<X500Principal> certIssuers,
+                         String dn)
+        throws IOException;
+}
--- a/src/share/classes/sun/security/provider/certpath/OCSP.java
+++ b/src/share/classes/sun/security/provider/certpath/OCSP.java
@@ -64,6 +64,8 @@ public final class OCSP {

    private static final Debug debug = Debug.getInstance("certpath");

+    private static final int CONNECT_TIMEOUT = 15000; // 15 seconds
+
    private OCSP() {}

    /**
@@ -176,6 +178,8 @@ public final class OCSP {
                debug.println("connecting to OCSP service at: " + url);
            }
            HttpURLConnection con = (HttpURLConnection)url.openConnection();
+            con.setConnectTimeout(CONNECT_TIMEOUT);
+            con.setReadTimeout(CONNECT_TIMEOUT);
            con.setDoOutput(true);
            con.setDoInput(true);
            con.setRequestMethod("POST");

--- a/src/share/classes/sun/security/provider/certpath/OCSPChecker.java
+++ b/src/share/classes/sun/security/provider/certpath/OCSPChecker.java
@@ -25,7 +25,6 @@

 package sun.security.provider.certpath;

-import java.io.IOException;
 import java.math.BigInteger;
 import java.util.*;
 import java.security.AccessController;
@@ -335,10 +334,11 @@ class OCSPChecker extends PKIXCertPathChecker {
                (issuerCert, currCertImpl.getSerialNumberObject());
            response = OCSP.check(Collections.singletonList(certId), uri,
                responderCert, pkixParams.getDate());
-        } catch (IOException ioe) {
-            // should allow this to pass if network failures are acceptable
+        } catch (Exception e) {
+            // Wrap all exceptions in CertPathValidatorException so that
+            // we can fallback to CRLs, if enabled.
            throw new CertPathValidatorException
-                ("Unable to send OCSP request", ioe);
+                ("Unable to send OCSP request", e);
        }

        RevocationStatus rs = (RevocationStatus) response.getSingleResponse(certId);

--- a/src/share/classes/sun/security/provider/certpath/URICertStore.java
+++ b/src/share/classes/sun/security/provider/certpath/URICertStore.java
@@ -30,6 +30,8 @@ import java.io.IOException;
 import java.net.HttpURLConnection;
 import java.net.URI;
 import java.net.URLConnection;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
@@ -120,6 +122,32 @@ class URICertStore extends CertStoreSpi {
    private CertStore ldapCertStore;
    private String ldapPath;

+    /**
+     * Holder class to lazily load LDAPCertStoreHelper if present.
+     */
+    private static class LDAP {
+        private static final String CERT_STORE_HELPER =
+            "sun.security.provider.certpath.ldap.LDAPCertStoreHelper";
+        private static final CertStoreHelper helper =
+            AccessController.doPrivileged(
+                new PrivilegedAction<CertStoreHelper>() {
+                    public CertStoreHelper run() {
+                        try {
+                            Class<?> c = Class.forName(CERT_STORE_HELPER, true, null);
+                            return (CertStoreHelper)c.newInstance();
+                        } catch (ClassNotFoundException cnf) {
+                            return null;
+                        } catch (InstantiationException e) {
+                            throw new AssertionError(e);
+                        } catch (IllegalAccessException e) {
+                            throw new AssertionError(e);
+                        }
+                    }});
+        static CertStoreHelper helper() {
+            return helper;
+        }
+    }
+
    /**
     * Creates a URICertStore.
     *
@@ -135,9 +163,10 @@ class URICertStore extends CertStoreSpi {
        this.uri = ((URICertStoreParameters) params).uri;
        // if ldap URI, use an LDAPCertStore to fetch certs and CRLs
        if (uri.getScheme().toLowerCase().equals("ldap")) {
+            if (LDAP.helper() == null)
+                throw new NoSuchAlgorithmException("LDAP not present");
            ldap = true;
-            ldapCertStore =
-                LDAPCertStore.getInstance(LDAPCertStore.getParameters(uri));
+            ldapCertStore = LDAP.helper().getCertStore(uri);
            ldapPath = uri.getPath();
            // strip off leading '/'
            if (ldapPath.charAt(0) == '/') {
@@ -219,8 +248,7 @@ class URICertStore extends CertStoreSpi {
        if (ldap) {
            X509CertSelector xsel = (X509CertSelector) selector;
            try {
-                xsel = new LDAPCertStore.LDAPCertSelector
-                    (xsel, xsel.getSubject(), ldapPath);
+                xsel = LDAP.helper().wrap(xsel, xsel.getSubject(), ldapPath);
            } catch (IOException ioe) {
                throw new CertStoreException(ioe);
            }
@@ -340,7 +368,7 @@ class URICertStore extends CertStoreSpi {
        if (ldap) {
            X509CRLSelector xsel = (X509CRLSelector) selector;
            try {
-                xsel = new LDAPCertStore.LDAPCRLSelector(xsel, null, ldapPath);
+                xsel = LDAP.helper().wrap(xsel, null, ldapPath);
            } catch (IOException ioe) {
                throw new CertStoreException(ioe);
            }

--- a/src/share/classes/sun/security/provider/certpath/LDAPCertStore.java
+++ b/src/share/classes/sun/security/provider/certpath/LDAPCertStore.java
@@ -23,7 +23,7 @@
 * have any questions.
 */

-package sun.security.provider.certpath;
+package sun.security.provider.certpath.ldap;

 import java.io.ByteArrayInputStream;
 import java.io.IOException;
@@ -46,6 +46,7 @@ import java.security.cert.*;
 import javax.security.auth.x500.X500Principal;

 import sun.misc.HexDumpEncoder;
+import sun.security.provider.certpath.X509CertificatePair;
 import sun.security.util.Cache;
 import sun.security.util.Debug;
 import sun.security.x509.X500Name;

--- a/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java
+++ b/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package sun.security.provider.certpath.ldap;
+
+import java.net.URI;
+import java.util.Collection;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.cert.CertStore;
+import java.security.cert.X509CertSelector;
+import java.security.cert.X509CRLSelector;
+import javax.security.auth.x500.X500Principal;
+import java.io.IOException;
+
+import sun.security.provider.certpath.CertStoreHelper;
+
+/**
+ * LDAP implementation of CertStoreHelper.
+ */
+
+public class LDAPCertStoreHelper
+    implements CertStoreHelper
+{
+    public LDAPCertStoreHelper() { }
+
+    @Override
+    public CertStore getCertStore(URI uri)
+        throws NoSuchAlgorithmException, InvalidAlgorithmParameterException
+    {
+        return LDAPCertStore.getInstance(LDAPCertStore.getParameters(uri));
+    }
+
+    @Override
+    public X509CertSelector wrap(X509CertSelector selector,
+                                 X500Principal certSubject,
+                                 String ldapDN)
+        throws IOException
+    {
+        return new LDAPCertStore.LDAPCertSelector(selector, certSubject, ldapDN);
+    }
+
+    @Override
+    public X509CRLSelector wrap(X509CRLSelector selector,
+                                Collection<X500Principal> certIssuers,
+                                String ldapDN)
+        throws IOException
+    {
+        return new LDAPCertStore.LDAPCRLSelector(selector, certIssuers, ldapDN);
+    }
+}
--- a/test/java/lang/management/RuntimeMXBean/GetSystemProperties.java
+++ b/test/java/lang/management/RuntimeMXBean/GetSystemProperties.java
@@ -49,6 +49,21 @@ public class GetSystemProperties {
    private static final String VALUE4 = "test.property.value4";

    public static void main(String[] argv) throws Exception {
+        // Save a copy of the original system properties
+        Properties props = System.getProperties();
+
+        try {
+            // replace the system Properties object for any modification
+            // in case jtreg caches a copy
+            System.setProperties(new Properties(props));
+            runTest();
+        } finally {
+            // restore original system properties
+            System.setProperties(props);
+        }
+    }
+
+    private static void runTest() throws Exception {
        RuntimeMXBean mbean = ManagementFactory.getRuntimeMXBean();

        // Print all system properties
@@ -88,7 +103,10 @@ public class GetSystemProperties {
        Map<String,String> props2 = mbean.getSystemProperties();
        // expect the system properties returned should be
        // same as the one before adding KEY3 and KEY4
-        props1.equals(props2);
+        if (!props1.equals(props2)) {
+            throw new RuntimeException("Two copies of system properties " +
+                "are expected to be equal");
+        }

        System.out.println("Test passed.");
    }

--- a/test/java/lang/management/RuntimeMXBean/PropertiesTest.java
+++ b/test/java/lang/management/RuntimeMXBean/PropertiesTest.java
@@ -40,8 +40,21 @@ import java.lang.management.RuntimeMXBean;
 public class PropertiesTest {
    private static int NUM_MYPROPS = 3;
    public static void main(String[] argv) throws Exception {
-        Properties sysProps = System.getProperties();
+        // Save a copy of the original system properties
+        Properties props = System.getProperties();

+        try {
+            // replace the system Properties object for any modification
+            // in case jtreg caches a copy
+            System.setProperties(new Properties(props));
+            runTest(props.size());
+        } finally {
+            // restore original system properties
+            System.setProperties(props);
+        }
+    }
+
+    private static void runTest(int sysPropsCount) throws Exception {
        // Create a new system properties using the old one
        // as the defaults
        Properties myProps = new Properties( System.getProperties() );
@@ -65,10 +78,10 @@ public class PropertiesTest {
            System.out.println(i++ + ": " + key + " : " + value);
        }

-        if (props.size() != NUM_MYPROPS + sysProps.size()) {
+        if (props.size() != NUM_MYPROPS + sysPropsCount) {
            throw new RuntimeException("Test Failed: " +
                "Expected number of properties = " +
-                NUM_MYPROPS + sysProps.size() +
+                NUM_MYPROPS + sysPropsCount +
                " but found = " + props.size());
        }
    }

--- a/test/java/lang/reflect/DefaultAccessibility.java
+++ b/test/java/lang/reflect/DefaultAccessibility.java
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6648344
+ * @summary Test that default accessibility is false
+ * @author Joseph D. Darcy
+ */
+
+import java.lang.reflect.*;
+
+public class DefaultAccessibility {
+    private DefaultAccessibility() {
+        super();
+    }
+
+    private static int f = 42;
+
+    public static void main(String... args) throws Exception {
+        Class<?> daClass = (new DefaultAccessibility()).getClass();
+
+        int elementCount = 0;
+        for(Constructor<?> ctor : daClass.getDeclaredConstructors()) {
+            elementCount++;
+            if (ctor.isAccessible())
+                throw new RuntimeException("Unexpected accessibility for constructor " +
+                                           ctor);
+        }
+
+        for(Method method : daClass.getDeclaredMethods()) {
+            elementCount++;
+            if (method.isAccessible())
+                throw new RuntimeException("Unexpected accessibility for method " +
+                                           method);
+        }
+
+        for(Field field : daClass.getDeclaredFields()) {
+            elementCount++;
+            if (field.isAccessible())
+                throw new RuntimeException("Unexpected accessibility for field " +
+                                           field);
+        }
+
+        if (elementCount < 3)
+            throw new RuntimeException("Expected at least three members; only found " +
+                                       elementCount);
+    }
+}