Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 6
Star 2
Fork 0
D
dragonwell8_jdk
提交 a71380fd 编写于 作者: L lana
浏览文件
操作

Merge

上级 e43fa947 c60c8a3f
展开全部 隐藏空白更改
内联 并排
Showing with 2833 addition and 204 deletion
.hgtags
浏览文件 @ a71380fd
......@@ -148,3 +148,4 @@ dda27c73d8db4a9c7a23872b6f0c5106edcb2021 jdk8-b22
34029a0c69bba882264a29fc822f8283fd15f104 jdk8-b24
ec17fbe5b8fbc52da070eec43b4711d9354b2ab8 jdk8-b25
5aca406e87cb9144a9405be312dadd728a9c6fe2 jdk8-b26
c68342532e2e7deb3a25fc04ed3e4c142278f747 jdk8-b27
make/java/java/FILES_java.gmk
浏览文件 @ a71380fd
......@@ -474,6 +474,7 @@ JAVA_JAVA_java = \
sun/misc/MessageUtils.java \
sun/misc/GC.java \
sun/misc/Service.java \
sun/misc/JavaAWTAccess.java \
sun/misc/JavaLangAccess.java \
sun/misc/JavaIOAccess.java \
sun/misc/JavaIOFileDescriptorAccess.java \
......
src/share/classes/com/sun/media/sound/DirectAudioDevice.java
浏览文件 @ a71380fd
......@@ -736,7 +736,7 @@ class DirectAudioDevice extends AbstractMixer {
if (off < 0) {
throw new ArrayIndexOutOfBoundsException(off);
}
if (off + len > b.length) {
if ((long)off + (long)len > (long)b.length) {
throw new ArrayIndexOutOfBoundsException(b.length);
}
......@@ -964,7 +964,7 @@ class DirectAudioDevice extends AbstractMixer {
if (off < 0) {
throw new ArrayIndexOutOfBoundsException(off);
}
if (off + len > b.length) {
if ((long)off + (long)len > (long)b.length) {
throw new ArrayIndexOutOfBoundsException(b.length);
}
if (!isActive() && doIO) {
......
src/share/classes/com/sun/media/sound/SoftMixingSourceDataLine.java
浏览文件 @ a71380fd
......@@ -130,6 +130,12 @@ public class SoftMixingSourceDataLine extends SoftMixingDataLine implements
if (len % framesize != 0)
throw new IllegalArgumentException(
"Number of bytes does not represent an integral number of sample frames.");
if (off < 0) {
throw new ArrayIndexOutOfBoundsException(off);
}
if ((long)off + (long)len > (long)b.length) {
throw new ArrayIndexOutOfBoundsException(b.length);
}
byte[] buff = cycling_buffer;
int buff_len = cycling_buffer.length;
......
src/share/classes/java/io/ObjectStreamClass.java
浏览文件 @ a71380fd
......@@ -123,14 +123,39 @@ public class ObjectStreamClass implements Serializable {
*/
private boolean hasBlockExternalData = true;
/**
* Contains information about InvalidClassException instances to be thrown
* when attempting operations on an invalid class. Note that instances of
* this class are immutable and are potentially shared among
* ObjectStreamClass instances.
*/
private static class ExceptionInfo {
private final String className;
private final String message;
ExceptionInfo(String cn, String msg) {
className = cn;
message = msg;
}
/**
* Returns (does not throw) an InvalidClassException instance created
* from the information in this object, suitable for being thrown by
* the caller.
*/
InvalidClassException newInvalidClassException() {
return new InvalidClassException(className, message);
}
}
/** exception (if any) thrown while attempting to resolve class */
private ClassNotFoundException resolveEx;
/** exception (if any) to throw if non-enum deserialization attempted */
private InvalidClassException deserializeEx;
private ExceptionInfo deserializeEx;
/** exception (if any) to throw if non-enum serialization attempted */
private InvalidClassException serializeEx;
private ExceptionInfo serializeEx;
/** exception (if any) to throw if default serialization attempted */
private InvalidClassException defaultSerializeEx;
private ExceptionInfo defaultSerializeEx;
/** serializable fields */
private ObjectStreamField[] fields;
......@@ -444,7 +469,8 @@ public class ObjectStreamClass implements Serializable {
fields = getSerialFields(cl);
computeFieldOffsets();
} catch (InvalidClassException e) {
serializeEx = deserializeEx = e;
serializeEx = deserializeEx =
new ExceptionInfo(e.classname, e.getMessage());
fields = NO_FIELDS;
}
......@@ -483,15 +509,14 @@ public class ObjectStreamClass implements Serializable {
if (deserializeEx == null) {
if (isEnum) {
deserializeEx = new InvalidClassException(name, "enum type");
deserializeEx = new ExceptionInfo(name, "enum type");
} else if (cons == null) {
deserializeEx = new InvalidClassException(
name, "no valid constructor");
deserializeEx = new ExceptionInfo(name, "no valid constructor");
}
}
for (int i = 0; i < fields.length; i++) {
if (fields[i].getField() == null) {
defaultSerializeEx = new InvalidClassException(
defaultSerializeEx = new ExceptionInfo(
name, "unmatched serializable field(s) declared");
}
}
......@@ -601,8 +626,8 @@ public class ObjectStreamClass implements Serializable {
(externalizable != localDesc.externalizable) ||
!(serializable || externalizable))
{
deserializeEx = new InvalidClassException(localDesc.name,
"class invalid for deserialization");
deserializeEx = new ExceptionInfo(
localDesc.name, "class invalid for deserialization");
}
}
......@@ -727,11 +752,7 @@ public class ObjectStreamClass implements Serializable {
*/
void checkDeserialize() throws InvalidClassException {
if (deserializeEx != null) {
InvalidClassException ice =
new InvalidClassException(deserializeEx.classname,
deserializeEx.getMessage());
ice.initCause(deserializeEx);
throw ice;
throw deserializeEx.newInvalidClassException();
}
}
......@@ -742,11 +763,7 @@ public class ObjectStreamClass implements Serializable {
*/
void checkSerialize() throws InvalidClassException {
if (serializeEx != null) {
InvalidClassException ice =
new InvalidClassException(serializeEx.classname,
serializeEx.getMessage());
ice.initCause(serializeEx);
throw ice;
throw serializeEx.newInvalidClassException();
}
}
......@@ -759,11 +776,7 @@ public class ObjectStreamClass implements Serializable {
*/
void checkDefaultSerialize() throws InvalidClassException {
if (defaultSerializeEx != null) {
InvalidClassException ice =
new InvalidClassException(defaultSerializeEx.classname,
defaultSerializeEx.getMessage());
ice.initCause(defaultSerializeEx);
throw ice;
throw defaultSerializeEx.newInvalidClassException();
}
}
......
src/share/classes/java/util/TimeZone.java
浏览文件 @ a71380fd
......@@ -43,6 +43,8 @@ import java.lang.ref.SoftReference;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.concurrent.ConcurrentHashMap;
import sun.misc.SharedSecrets;
import sun.misc.JavaAWTAccess;
import sun.security.action.GetPropertyAction;
import sun.util.TimeZoneNameUtility;
import sun.util.calendar.ZoneInfo;
......@@ -615,7 +617,7 @@ abstract public class TimeZone implements Serializable, Cloneable {
* method doesn't create a clone.
*/
static TimeZone getDefaultRef() {
TimeZone defaultZone = defaultZoneTL.get();
TimeZone defaultZone = getDefaultInAppContext();
if (defaultZone == null) {
defaultZone = defaultTimeZone;
if (defaultZone == null) {
......@@ -706,10 +708,65 @@ abstract public class TimeZone implements Serializable, Cloneable {
if (hasPermission()) {
synchronized (TimeZone.class) {
defaultTimeZone = zone;
defaultZoneTL.set(null);
setDefaultInAppContext(null);
}
} else {
defaultZoneTL.set(zone);
setDefaultInAppContext(zone);
}
}
/**
* Returns the default TimeZone in an AppContext if any AppContext
* has ever used. null is returned if any AppContext hasn't been
* used or if the AppContext doesn't have the default TimeZone.
*/
private synchronized static TimeZone getDefaultInAppContext() {
// JavaAWTAccess provides access implementation-private methods without using reflection.
JavaAWTAccess javaAWTAccess = SharedSecrets.getJavaAWTAccess();
// Note that javaAWTAccess may be null if sun.awt.AppContext class hasn't
// been loaded. If so, it implies that AWTSecurityManager is not our
// SecurityManager and we can use a local static variable.
// This works around a build time issue.
if (javaAWTAccess == null) {
return mainAppContextDefault;
} else {
if (!javaAWTAccess.isDisposed()) {
TimeZone tz = (TimeZone)
javaAWTAccess.get(TimeZone.class);
if (tz == null && javaAWTAccess.isMainAppContext()) {
return mainAppContextDefault;
} else {
return tz;
}
}
}
return null;
}
/**
* Sets the default TimeZone in the AppContext to the given
* tz. null is handled special: do nothing if any AppContext
* hasn't been used, remove the default TimeZone in the
* AppContext otherwise.
*/
private synchronized static void setDefaultInAppContext(TimeZone tz) {
// JavaAWTAccess provides access implementation-private methods without using reflection.
JavaAWTAccess javaAWTAccess = SharedSecrets.getJavaAWTAccess();
// Note that javaAWTAccess may be null if sun.awt.AppContext class hasn't
// been loaded. If so, it implies that AWTSecurityManager is not our
// SecurityManager and we can use a local static variable.
// This works around a build time issue.
if (javaAWTAccess == null) {
mainAppContextDefault = tz;
} else {
if (!javaAWTAccess.isDisposed()) {
javaAWTAccess.put(TimeZone.class, tz);
if (javaAWTAccess.isMainAppContext()) {
mainAppContextDefault = null;
}
}
}
}
......@@ -760,12 +817,13 @@ abstract public class TimeZone implements Serializable, Cloneable {
*/
private String ID;
private static volatile TimeZone defaultTimeZone;
private static final InheritableThreadLocal<TimeZone> defaultZoneTL
= new InheritableThreadLocal<TimeZone>();
static final String GMT_ID = "GMT";
private static final int GMT_ID_LENGTH = 3;
// a static TimeZone we can reference if no AppContext is in place
private static TimeZone mainAppContextDefault;
/**
* Parses a custom time zone identifier and returns a corresponding zone.
* This method doesn't support the RFC 822 time zone format. (e.g., +hhmm)
......
src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java
浏览文件 @ a71380fd
......@@ -34,8 +34,10 @@
*/
package java.util.concurrent.atomic;
import java.lang.reflect.Array;
import java.util.Arrays;
import sun.misc.Unsafe;
import java.util.*;
/**
* An array of object references in which elements may be updated
......@@ -49,13 +51,23 @@ import java.util.*;
public class AtomicReferenceArray<E> implements java.io.Serializable {
private static final long serialVersionUID = -6209656149925076980L;
private static final Unsafe unsafe = Unsafe.getUnsafe();
private static final int base = unsafe.arrayBaseOffset(Object[].class);
private static final Unsafe unsafe;
private static final int base;
private static final int shift;
private final Object[] array;
private static final long arrayFieldOffset;
private final Object[] array; // must have exact type Object[]
static {
int scale = unsafe.arrayIndexScale(Object[].class);
int scale;
try {
unsafe = Unsafe.getUnsafe();
arrayFieldOffset = unsafe.objectFieldOffset
(AtomicReferenceArray.class.getDeclaredField("array"));
base = unsafe.arrayBaseOffset(Object[].class);
scale = unsafe.arrayIndexScale(Object[].class);
} catch (Exception e) {
throw new Error(e);
}
if ((scale & (scale - 1)) != 0)
throw new Error("data type scale not a power of two");
shift = 31 - Integer.numberOfLeadingZeros(scale);
......@@ -91,7 +103,7 @@ public class AtomicReferenceArray<E> implements java.io.Serializable {
*/
public AtomicReferenceArray(E[] array) {
// Visibility guaranteed by final field guarantees
this.array = array.clone();
this.array = Arrays.copyOf(array, array.length, Object[].class);
}
/**
......@@ -197,7 +209,7 @@ public class AtomicReferenceArray<E> implements java.io.Serializable {
* @return the String representation of the current values of array
*/
public String toString() {
int iMax = array.length - 1;
int iMax = array.length - 1;
if (iMax == -1)
return "[]";
......@@ -211,4 +223,19 @@ public class AtomicReferenceArray<E> implements java.io.Serializable {
}
}
/**
* Reconstitutes the instance from a stream (that is, deserializes it).
* @param s the stream
*/
private void readObject(java.io.ObjectInputStream s)
throws java.io.IOException, ClassNotFoundException {
// Note: This must be changed if any additional fields are defined
Object a = s.readFields().get("array", null);
if (a == null || !a.getClass().isArray())
throw new java.io.InvalidObjectException("Not array type");
if (a.getClass() != Object[].class)
a = Arrays.copyOf((Object[])a, Array.getLength(a), Object[].class);
unsafe.putObjectVolatile(this, arrayFieldOffset, a);
}
}
src/share/classes/sun/awt/AppContext.java
浏览文件 @ a71380fd
......@@ -787,6 +787,27 @@ public final class AppContext {
}
return changeSupport.getPropertyChangeListeners(propertyName);
}
// Set up JavaAWTAccess in SharedSecrets
static {
sun.misc.SharedSecrets.setJavaAWTAccess(new sun.misc.JavaAWTAccess() {
public Object get(Object key) {
return getAppContext().get(key);
}
public void put(Object key, Object value) {
getAppContext().put(key, value);
}
public void remove(Object key) {
getAppContext().remove(key);
}
public boolean isDisposed() {
return getAppContext().isDisposed();
}
public boolean isMainAppContext() {
return (numAppContexts == 1);
}
});
}
}
final class MostRecentKeyValue {
......
src/share/classes/sun/java2d/SunGraphics2D.java
浏览文件 @ a71380fd
......@@ -370,6 +370,17 @@ public final class SunGraphics2D
}
public void validatePipe() {
/* This workaround is for the situation when we update the Pipelines
* for invalid SurfaceData and run further code when the current
* pipeline doesn't support the type of new SurfaceData created during
* the current pipeline's work (in place of the invalid SurfaceData).
* Usually SurfaceData and Pipelines are repaired (through revalidateAll)
* and called again in the exception handlers */
if (!surfaceData.isValid()) {
throw new InvalidPipeException("attempt to validate Pipe with invalid SurfaceData");
}
surfaceData.validatePipe(this);
}
......@@ -1804,7 +1815,12 @@ public final class SunGraphics2D
width += x;
height += y;
}
if (!getCompClip().intersectsQuickCheckXYXY(x, y, width, height)) {
try {
if (!getCompClip().intersectsQuickCheckXYXY(x, y, width, height)) {
return false;
}
} catch (InvalidPipeException e) {
return false;
}
// REMIND: We could go one step further here and examine the
......@@ -1988,8 +2004,8 @@ public final class SunGraphics2D
try {
doCopyArea(x, y, w, h, dx, dy);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
doCopyArea(x, y, w, h, dx, dy);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2120,8 +2136,8 @@ public final class SunGraphics2D
try {
drawpipe.drawLine(this, x1, y1, x2, y2);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
drawpipe.drawLine(this, x1, y1, x2, y2);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2137,8 +2153,8 @@ public final class SunGraphics2D
try {
drawpipe.drawRoundRect(this, x, y, w, h, arcW, arcH);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
drawpipe.drawRoundRect(this, x, y, w, h, arcW, arcH);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2154,8 +2170,8 @@ public final class SunGraphics2D
try {
fillpipe.fillRoundRect(this, x, y, w, h, arcW, arcH);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
fillpipe.fillRoundRect(this, x, y, w, h, arcW, arcH);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2171,8 +2187,8 @@ public final class SunGraphics2D
try {
drawpipe.drawOval(this, x, y, w, h);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
drawpipe.drawOval(this, x, y, w, h);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2188,8 +2204,8 @@ public final class SunGraphics2D
try {
fillpipe.fillOval(this, x, y, w, h);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
fillpipe.fillOval(this, x, y, w, h);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2206,8 +2222,8 @@ public final class SunGraphics2D
try {
drawpipe.drawArc(this, x, y, w, h, startAngl, arcAngl);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
drawpipe.drawArc(this, x, y, w, h, startAngl, arcAngl);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2224,8 +2240,8 @@ public final class SunGraphics2D
try {
fillpipe.fillArc(this, x, y, w, h, startAngl, arcAngl);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
fillpipe.fillArc(this, x, y, w, h, startAngl, arcAngl);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2241,8 +2257,8 @@ public final class SunGraphics2D
try {
drawpipe.drawPolyline(this, xPoints, yPoints, nPoints);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
drawpipe.drawPolyline(this, xPoints, yPoints, nPoints);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2258,8 +2274,8 @@ public final class SunGraphics2D
try {
drawpipe.drawPolygon(this, xPoints, yPoints, nPoints);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
drawpipe.drawPolygon(this, xPoints, yPoints, nPoints);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2275,8 +2291,8 @@ public final class SunGraphics2D
try {
fillpipe.fillPolygon(this, xPoints, yPoints, nPoints);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
fillpipe.fillPolygon(this, xPoints, yPoints, nPoints);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2292,8 +2308,8 @@ public final class SunGraphics2D
try {
drawpipe.drawRect(this, x, y, w, h);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
drawpipe.drawRect(this, x, y, w, h);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2309,8 +2325,8 @@ public final class SunGraphics2D
try {
fillpipe.fillRect(this, x, y, w, h);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
fillpipe.fillRect(this, x, y, w, h);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2358,7 +2374,6 @@ public final class SunGraphics2D
Paint p = paint;
setComposite(AlphaComposite.Src);
setColor(getBackground());
validatePipe();
fillRect(x, y, w, h);
setPaint(p);
setComposite(c);
......@@ -2382,8 +2397,8 @@ public final class SunGraphics2D
try {
shapepipe.draw(this, s);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
shapepipe.draw(this, s);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2412,8 +2427,8 @@ public final class SunGraphics2D
try {
shapepipe.fill(this, s);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
shapepipe.fill(this, s);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2560,10 +2575,17 @@ public final class SunGraphics2D
// Include padding for interpolation/antialiasing if necessary
int pad = isIntegerTranslate ? 0 : 3;
Region clip;
try {
clip = getCompClip();
} catch (InvalidPipeException e) {
return;
}
// Determine the region of the image that may contribute to
// the clipped drawing area
Rectangle region = getImageRegion(img,
getCompClip(),
clip,
transform,
xform,
pad, pad);
......@@ -2806,8 +2828,8 @@ public final class SunGraphics2D
try {
textpipe.drawString(this, str, x, y);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
textpipe.drawString(this, str, x, y);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2835,8 +2857,8 @@ public final class SunGraphics2D
try {
textpipe.drawString(this, str, x, y);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
textpipe.drawString(this, str, x, y);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2881,8 +2903,8 @@ public final class SunGraphics2D
try {
textpipe.drawGlyphVector(this, gv, x, y);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
textpipe.drawGlyphVector(this, gv, x, y);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2914,8 +2936,8 @@ public final class SunGraphics2D
try {
textpipe.drawChars(this, data, offset, length, x, y);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
textpipe.drawChars(this, data, offset, length, x, y);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2951,8 +2973,8 @@ public final class SunGraphics2D
try {
textpipe.drawChars(this, chData, 0, length, x, y);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
textpipe.drawChars(this, chData, 0, length, x, y);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -2988,8 +3010,8 @@ public final class SunGraphics2D
return imagepipe.copyImage(this, img, dx, dy, sx, sy,
width, height, bgcolor, observer);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
return imagepipe.copyImage(this, img, dx, dy, sx, sy,
width, height, bgcolor, observer);
} catch (InvalidPipeException e2) {
......@@ -3025,8 +3047,8 @@ public final class SunGraphics2D
return imagepipe.scaleImage(this, img, x, y, width, height,
bg, observer);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
return imagepipe.scaleImage(this, img, x, y, width, height,
bg, observer);
} catch (InvalidPipeException e2) {
......@@ -3061,8 +3083,8 @@ public final class SunGraphics2D
try {
return imagepipe.copyImage(this, img, x, y, bg, observer);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
return imagepipe.copyImage(this, img, x, y, bg, observer);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -3138,8 +3160,8 @@ public final class SunGraphics2D
sx1, sy1, sx2, sy2, bgcolor,
observer);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
return imagepipe.scaleImage(this, img, dx1, dy1, dx2, dy2,
sx1, sy1, sx2, sy2, bgcolor,
observer);
......@@ -3187,8 +3209,8 @@ public final class SunGraphics2D
try {
return imagepipe.transformImage(this, img, xform, observer);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
return imagepipe.transformImage(this, img, xform, observer);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......@@ -3213,8 +3235,8 @@ public final class SunGraphics2D
try {
imagepipe.transformImage(this, bImg, op, x, y);
} catch (InvalidPipeException e) {
revalidateAll();
try {
revalidateAll();
imagepipe.transformImage(this, bImg, op, x, y);
} catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to
......
src/share/classes/sun/java2d/opengl/OGLRenderer.java
浏览文件 @ a71380fd
......@@ -27,6 +27,7 @@ package sun.java2d.opengl;
import java.awt.Transparency;
import java.awt.geom.Path2D;
import sun.java2d.InvalidPipeException;
import sun.java2d.SunGraphics2D;
import sun.java2d.loops.GraphicsPrimitive;
import sun.java2d.pipe.BufferedRenderPipe;
......@@ -46,7 +47,12 @@ class OGLRenderer extends BufferedRenderPipe {
int ctxflags =
sg2d.paint.getTransparency() == Transparency.OPAQUE ?
OGLContext.SRC_IS_OPAQUE : OGLContext.NO_CONTEXT_FLAGS;
OGLSurfaceData dstData = (OGLSurfaceData)sg2d.surfaceData;
OGLSurfaceData dstData;
try {
dstData = (OGLSurfaceData)sg2d.surfaceData;
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
OGLContext.validateContext(dstData, dstData,
sg2d.getCompClip(), sg2d.composite,
null, sg2d.paint, sg2d, ctxflags);
......@@ -55,7 +61,12 @@ class OGLRenderer extends BufferedRenderPipe {
@Override
protected void validateContextAA(SunGraphics2D sg2d) {
int ctxflags = OGLContext.NO_CONTEXT_FLAGS;
OGLSurfaceData dstData = (OGLSurfaceData)sg2d.surfaceData;
OGLSurfaceData dstData;
try {
dstData = (OGLSurfaceData)sg2d.surfaceData;
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
OGLContext.validateContext(dstData, dstData,
sg2d.getCompClip(), sg2d.composite,
null, sg2d.paint, sg2d, ctxflags);
......@@ -69,7 +80,12 @@ class OGLRenderer extends BufferedRenderPipe {
int ctxflags =
sg2d.surfaceData.getTransparency() == Transparency.OPAQUE ?
OGLContext.SRC_IS_OPAQUE : OGLContext.NO_CONTEXT_FLAGS;
OGLSurfaceData dstData = (OGLSurfaceData)sg2d.surfaceData;
OGLSurfaceData dstData;
try {
dstData = (OGLSurfaceData)sg2d.surfaceData;
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
OGLContext.validateContext(dstData, dstData,
sg2d.getCompClip(), sg2d.composite,
null, null, null, ctxflags);
......
src/share/classes/sun/java2d/pipe/BufferedContext.java
浏览文件 @ a71380fd
......@@ -111,6 +111,8 @@ public abstract class BufferedContext {
*
* Note: must be called while the RenderQueue lock is held.
*
* It's assumed that the type of surfaces has been checked by the Renderer
*
* @throws InvalidPipeException if either src or dest surface is not valid
* or lost
* @see RenderQueue#lock
......@@ -135,6 +137,8 @@ public abstract class BufferedContext {
*
* Note: must be called while the RenderQueue lock is held.
*
* It's assumed that the type of surfaces has been checked by the Renderer
*
* @throws InvalidPipeException if the surface is not valid
* or lost
* @see RenderQueue#lock
......@@ -160,6 +164,8 @@ public abstract class BufferedContext {
*
* Note: must be called while the RenderQueue lock is held.
*
* It's assumed that the type of surfaces has been checked by the Renderer
*
* @throws InvalidPipeException if either src or dest surface is not valid
* or lost
*/
......
src/share/classes/sun/misc/JavaAWTAccess.java 0 → 100644
浏览文件 @ a71380fd
/*
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.misc;
public interface JavaAWTAccess {
public Object get(Object key);
public void put(Object key, Object value);
public void remove(Object key);
public boolean isDisposed();
public boolean isMainAppContext();
}
src/share/classes/sun/misc/SharedSecrets.java
浏览文件 @ a71380fd
......@@ -52,6 +52,7 @@ public class SharedSecrets {
private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess;
private static JavaSecurityProtectionDomainAccess javaSecurityProtectionDomainAccess;
private static JavaSecurityAccess javaSecurityAccess;
private static JavaAWTAccess javaAWTAccess;
public static JavaUtilJarAccess javaUtilJarAccess() {
if (javaUtilJarAccess == null) {
......@@ -150,4 +151,14 @@ public class SharedSecrets {
}
return javaSecurityAccess;
}
public static void setJavaAWTAccess(JavaAWTAccess jaa) {
javaAWTAccess = jaa;
}
public static JavaAWTAccess getJavaAWTAccess() {
// this may return null in which case calling code needs to
// provision for.
return javaAWTAccess;
}
}
src/share/classes/sun/net/httpserver/Request.java
浏览文件 @ a71380fd
......@@ -200,6 +200,13 @@ class Request {
v = new String();
else
v = String.copyValueOf(s, keyend, len - keyend);
if (hdrs.size() >= ServerConfig.getMaxReqHeaders()) {
throw new IOException("Maximum number of request headers (" +
"sun.net.httpserver.maxReqHeaders) exceeded, " +
ServerConfig.getMaxReqHeaders() + ".");
}
hdrs.add (k,v);
len = 0;
}
......
src/share/classes/sun/net/httpserver/ServerConfig.java
浏览文件 @ a71380fd
/*
* Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -35,32 +35,33 @@ import java.security.PrivilegedAction;
class ServerConfig {
static int clockTick;
static final int DEFAULT_CLOCK_TICK = 10000 ; // 10 sec.
private static final int DEFAULT_CLOCK_TICK = 10000 ; // 10 sec.
/* These values must be a reasonable multiple of clockTick */
static final long DEFAULT_IDLE_INTERVAL = 30 ; // 5 min
static final int DEFAULT_MAX_IDLE_CONNECTIONS = 200 ;
static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever
static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever
static final long DEFAULT_TIMER_MILLIS = 1000;
static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024;
static long idleInterval;
static long drainAmount; // max # of bytes to drain from an inputstream
static int maxIdleConnections;
private static final long DEFAULT_IDLE_INTERVAL = 30 ; // 5 min
private static final int DEFAULT_MAX_IDLE_CONNECTIONS = 200 ;
private static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever
private static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever
private static final long DEFAULT_TIMER_MILLIS = 1000;
private static final int DEFAULT_MAX_REQ_HEADERS = 200;
private static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024;
private static int clockTick;
private static long idleInterval;
// The maximum number of bytes to drain from an inputstream
private static long drainAmount;
private static int maxIdleConnections;
// The maximum number of request headers allowable
private static int maxReqHeaders;
// max time a request or response is allowed to take
static long maxReqTime;
static long maxRspTime;
static long timerMillis;
static boolean debug;
private static long maxReqTime;
private static long maxRspTime;
private static long timerMillis;
private static boolean debug;
// the value of the TCP_NODELAY socket-level option
static boolean noDelay;
private static boolean noDelay;
static {
java.security.AccessController.doPrivileged(
......@@ -80,6 +81,10 @@ class ServerConfig {
drainAmount = Long.getLong("sun.net.httpserver.drainAmount",
DEFAULT_DRAIN_AMOUNT);
maxReqHeaders = Integer.getInteger(
"sun.net.httpserver.maxReqHeaders",
DEFAULT_MAX_REQ_HEADERS);
maxReqTime = Long.getLong("sun.net.httpserver.maxReqTime",
DEFAULT_MAX_REQ_TIME);
......@@ -99,8 +104,7 @@ class ServerConfig {
}
static void checkLegacyProperties (final Logger logger) {
static void checkLegacyProperties(final Logger logger) {
// legacy properties that are no longer used
// print a warning to logger if they are set.
......@@ -137,35 +141,39 @@ class ServerConfig {
);
}
static boolean debugEnabled () {
static boolean debugEnabled() {
return debug;
}
static long getIdleInterval () {
static long getIdleInterval() {
return idleInterval;
}
static int getClockTick () {
static int getClockTick() {
return clockTick;
}
static int getMaxIdleConnections () {
static int getMaxIdleConnections() {
return maxIdleConnections;
}
static long getDrainAmount () {
static long getDrainAmount() {
return drainAmount;
}
static long getMaxReqTime () {
static int getMaxReqHeaders() {
return maxReqHeaders;
}
static long getMaxReqTime() {
return maxReqTime;
}
static long getMaxRspTime () {
static long getMaxRspTime() {
return maxRspTime;
}
static long getTimerMillis () {
static long getTimerMillis() {
return timerMillis;
}
......
src/share/classes/sun/security/provider/certpath/ForwardBuilder.java
浏览文件 @ a71380fd
/*
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -661,7 +661,10 @@ class ForwardBuilder extends Builder {
+ "\n Subject: " + cert.getSubjectX500Principal() + ")");
}
ForwardState currState = (ForwardState) currentState;
ForwardState currState = (ForwardState)currentState;
// Don't bother to verify untrusted certificate more.
currState.untrustedChecker.check(cert, Collections.<String>emptySet());
/*
* check for looping - abort a loop if
......
src/share/classes/sun/security/provider/certpath/ForwardState.java
浏览文件 @ a71380fd
/*
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -79,6 +79,9 @@ class ForwardState implements State {
/* the checker used for revocation status */
public CrlRevocationChecker crlChecker;
/* the untrusted certificates checker */
UntrustedChecker untrustedChecker;
/* The list of user-defined checkers that support forward checking */
ArrayList<PKIXCertPathChecker> forwardCheckers;
......
src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
浏览文件 @ a71380fd
/*
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -314,10 +314,12 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
pkixParam.isAnyPolicyInhibited(),
pkixParam.getPolicyQualifiersRejected(),
rootNode);
UntrustedChecker untrustedChecker = new UntrustedChecker();
ArrayList<PKIXCertPathChecker> certPathCheckers =
new ArrayList<PKIXCertPathChecker>();
// add standard checkers that we will be using
certPathCheckers.add(untrustedChecker);
certPathCheckers.add(algorithmChecker);
certPathCheckers.add(keyChecker);
certPathCheckers.add(constraintsChecker);
......
src/share/classes/sun/security/provider/certpath/ReverseBuilder.java
浏览文件 @ a71380fd
/*
* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -347,6 +347,10 @@ class ReverseBuilder extends Builder {
return;
}
// Don't bother to verify untrusted certificate more.
currentState.untrustedChecker.check(cert,
Collections.<String>emptySet());
/*
* check for looping - abort a loop if
* ((we encounter the same certificate twice) AND
......
src/share/classes/sun/security/provider/certpath/ReverseState.java
浏览文件 @ a71380fd
/*
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -99,6 +99,9 @@ class ReverseState implements State {
/* the algorithm checker */
AlgorithmChecker algorithmChecker;
/* the untrusted certificates checker */
UntrustedChecker untrustedChecker;
/* the trust anchor used to validate the path */
TrustAnchor trustAnchor;
......
src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java
浏览文件 @ a71380fd
/*
* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -284,6 +284,7 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
Iterator<TrustAnchor> iter = buildParams.getTrustAnchors().iterator();
while (iter.hasNext()) {
TrustAnchor anchor = iter.next();
/* check if anchor satisfies target constraints */
if (anchorIsTarget(anchor, targetSel)) {
this.trustAnchor = anchor;
......@@ -303,6 +304,7 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
currentState.crlChecker =
new CrlRevocationChecker(null, buildParams, null, onlyEECert);
currentState.algorithmChecker = new AlgorithmChecker(anchor);
currentState.untrustedChecker = new UntrustedChecker();
try {
depthFirstSearchReverse(null, currentState,
new ReverseBuilder(buildParams, targetSubjectDN), adjacencyList,
......@@ -349,6 +351,7 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
// init the crl checker
currentState.crlChecker
= new CrlRevocationChecker(null, buildParams, null, onlyEECert);
currentState.untrustedChecker = new UntrustedChecker();
depthFirstSearchForward(targetSubjectDN, currentState,
new ForwardBuilder
......@@ -645,8 +648,8 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
vertex.setIndex(adjList.size() - 1);
/* recursively search for matching certs at next dN */
depthFirstSearchForward(cert.getIssuerX500Principal(), nextState, builder,
adjList, certPathList);
depthFirstSearchForward(cert.getIssuerX500Principal(),
nextState, builder, adjList, certPathList);
/*
* If path has been completed, return ASAP!
......
src/share/classes/sun/security/provider/certpath/UntrustedChecker.java 0 → 100644
浏览文件 @ a71380fd
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.provider.certpath;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.cert.CertPathValidatorException;
import java.security.cert.PKIXCertPathChecker;
import java.util.Set;
import java.util.Collection;
import sun.security.util.Debug;
import sun.security.util.UntrustedCertificates;
/**
* A <code>PKIXCertPathChecker</code> implementation to check whether a
* specified certificate is distrusted.
*
* @see PKIXCertPathChecker
* @see PKIXParameters
*/
final public class UntrustedChecker extends PKIXCertPathChecker {
private static final Debug debug = Debug.getInstance("certpath");
/**
* Default Constructor
*/
public UntrustedChecker() {
// blank
}
@Override
public void init(boolean forward) throws CertPathValidatorException {
// Note that this class supports both forward and reverse modes.
}
@Override
public boolean isForwardCheckingSupported() {
// Note that this class supports both forward and reverse modes.
return true;
}
@Override
public Set<String> getSupportedExtensions() {
return null;
}
@Override
public void check(Certificate cert,
Collection<String> unresolvedCritExts)
throws CertPathValidatorException {
X509Certificate currCert = (X509Certificate)cert;
if (UntrustedCertificates.isUntrusted(currCert)) {
if (debug != null) {
debug.println("UntrustedChecker: untrusted certificate " +
currCert.getSubjectX500Principal());
}
throw new CertPathValidatorException(
"Untrusted certificate: " + currCert.getSubjectX500Principal());
}
}
}
src/share/classes/sun/security/validator/SimpleValidator.java
浏览文件 @ a71380fd
/*
* Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -40,6 +40,7 @@ import sun.security.util.DerInputStream;
import sun.security.util.ObjectIdentifier;
import sun.security.provider.certpath.AlgorithmChecker;
import sun.security.provider.certpath.UntrustedChecker;
/**
* A simple validator implementation. It is based on code from the JSSE
......@@ -137,6 +138,9 @@ public final class SimpleValidator extends Validator {
date = new Date();
}
// create distrusted certificates checker
UntrustedChecker untrustedChecker = new UntrustedChecker();
// create default algorithm constraints checker
TrustAnchor anchor = new TrustAnchor(chain[chain.length - 1], null);
AlgorithmChecker defaultAlgChecker = new AlgorithmChecker(anchor);
......@@ -154,6 +158,17 @@ public final class SimpleValidator extends Validator {
X509Certificate issuerCert = chain[i + 1];
X509Certificate cert = chain[i];
// check untrusted certificate
try {
// Untrusted checker does not care about the unresolved
// critical extensions.
untrustedChecker.check(cert, Collections.<String>emptySet());
} catch (CertPathValidatorException cpve) {
throw new ValidatorException(
"Untrusted certificate: " + cert.getSubjectX500Principal(),
ValidatorException.T_UNTRUSTED_CERT, cert, cpve);
}
// check certificate algorithm
try {
// Algorithm checker does not care about the unresolved
......
src/share/classes/sun/security/validator/ValidatorException.java
浏览文件 @ a71380fd
/*
* Copyright (c) 2002, 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -58,6 +58,9 @@ public class ValidatorException extends CertificateException {
public final static Object T_ALGORITHM_DISABLED =
"Certificate signature algorithm disabled";
public final static Object T_UNTRUSTED_CERT =
"Untrusted certificate";
private Object type;
private X509Certificate cert;
......
src/share/native/java/util/zip/zip_util.c
浏览文件 @ a71380fd
......@@ -521,7 +521,7 @@ countCENHeaders(unsigned char *beg, unsigned char *end)
{
jint count = 0;
ptrdiff_t i;
for (i = 0; i + CENHDR < end - beg; i += CENSIZE(beg + i))
for (i = 0; i + CENHDR <= end - beg; i += CENSIZE(beg + i))
count++;
return count;
}
......
src/windows/classes/sun/java2d/d3d/D3DRenderer.java
浏览文件 @ a71380fd
......@@ -27,6 +27,7 @@ package sun.java2d.d3d;
import java.awt.Transparency;
import java.awt.geom.Path2D;
import sun.java2d.InvalidPipeException;
import sun.java2d.SunGraphics2D;
import sun.java2d.loops.GraphicsPrimitive;
import sun.java2d.pipe.BufferedPaints;
......@@ -47,7 +48,12 @@ class D3DRenderer extends BufferedRenderPipe {
int ctxflags =
sg2d.paint.getTransparency() == Transparency.OPAQUE ?
D3DContext.SRC_IS_OPAQUE : D3DContext.NO_CONTEXT_FLAGS;
D3DSurfaceData dstData = (D3DSurfaceData)sg2d.surfaceData;
D3DSurfaceData dstData;
try {
dstData = (D3DSurfaceData)sg2d.surfaceData;
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
D3DContext.validateContext(dstData, dstData,
sg2d.getCompClip(), sg2d.composite,
null, sg2d.paint, sg2d, ctxflags);
......@@ -56,7 +62,12 @@ class D3DRenderer extends BufferedRenderPipe {
@Override
protected void validateContextAA(SunGraphics2D sg2d) {
int ctxflags = D3DContext.NO_CONTEXT_FLAGS;
D3DSurfaceData dstData = (D3DSurfaceData)sg2d.surfaceData;
D3DSurfaceData dstData;
try {
dstData = (D3DSurfaceData)sg2d.surfaceData;
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
D3DContext.validateContext(dstData, dstData,
sg2d.getCompClip(), sg2d.composite,
null, sg2d.paint, sg2d, ctxflags);
......@@ -70,7 +81,12 @@ class D3DRenderer extends BufferedRenderPipe {
int ctxflags =
sg2d.surfaceData.getTransparency() == Transparency.OPAQUE ?
D3DContext.SRC_IS_OPAQUE : D3DContext.NO_CONTEXT_FLAGS;
D3DSurfaceData dstData = (D3DSurfaceData)sg2d.surfaceData;
D3DSurfaceData dstData;
try {
dstData = (D3DSurfaceData)sg2d.surfaceData;
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
D3DContext.validateContext(dstData, dstData,
sg2d.getCompClip(), sg2d.composite,
null, null, null, ctxflags);
......
src/windows/classes/sun/java2d/windows/GDIRenderer.java
浏览文件 @ a71380fd
......@@ -29,6 +29,7 @@ import java.awt.Composite;
import java.awt.Shape;
import java.awt.geom.Path2D;
import java.awt.geom.PathIterator;
import sun.java2d.InvalidPipeException;
import sun.java2d.SunGraphics2D;
import sun.java2d.SurfaceData;
import sun.java2d.pipe.Region;
......@@ -45,7 +46,7 @@ public class GDIRenderer implements
PixelFillPipe,
ShapeDrawPipe
{
native void doDrawLine(SurfaceData sData,
native void doDrawLine(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int x1, int y1, int x2, int y2);
......@@ -54,24 +55,32 @@ public class GDIRenderer implements
{
int transx = sg2d.transX;
int transy = sg2d.transY;
doDrawLine(sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x1+transx, y1+transy, x2+transx, y2+transy);
try {
doDrawLine((GDIWindowSurfaceData)sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x1+transx, y1+transy, x2+transx, y2+transy);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
}
native void doDrawRect(SurfaceData sData,
native void doDrawRect(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int x, int y, int w, int h);
public void drawRect(SunGraphics2D sg2d,
int x, int y, int width, int height)
{
doDrawRect(sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height);
try {
doDrawRect((GDIWindowSurfaceData)sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
}
native void doDrawRoundRect(SurfaceData sData,
native void doDrawRoundRect(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int x, int y, int w, int h,
int arcW, int arcH);
......@@ -80,25 +89,33 @@ public class GDIRenderer implements
int x, int y, int width, int height,
int arcWidth, int arcHeight)
{
doDrawRoundRect(sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height,
arcWidth, arcHeight);
try {
doDrawRoundRect((GDIWindowSurfaceData)sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height,
arcWidth, arcHeight);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
}
native void doDrawOval(SurfaceData sData,
native void doDrawOval(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int x, int y, int w, int h);
public void drawOval(SunGraphics2D sg2d,
int x, int y, int width, int height)
{
doDrawOval(sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height);
try {
doDrawOval((GDIWindowSurfaceData)sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
}
native void doDrawArc(SurfaceData sData,
native void doDrawArc(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int x, int y, int w, int h,
int angleStart, int angleExtent);
......@@ -107,13 +124,17 @@ public class GDIRenderer implements
int x, int y, int width, int height,
int startAngle, int arcAngle)
{
doDrawArc(sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height,
startAngle, arcAngle);
try {
doDrawArc((GDIWindowSurfaceData)sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height,
startAngle, arcAngle);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
}
native void doDrawPoly(SurfaceData sData,
native void doDrawPoly(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int transx, int transy,
int[] xpoints, int[] ypoints,
......@@ -123,33 +144,45 @@ public class GDIRenderer implements
int xpoints[], int ypoints[],
int npoints)
{
doDrawPoly(sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
sg2d.transX, sg2d.transY, xpoints, ypoints, npoints, false);
try {
doDrawPoly((GDIWindowSurfaceData)sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
sg2d.transX, sg2d.transY, xpoints, ypoints, npoints, false);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
}
public void drawPolygon(SunGraphics2D sg2d,
int xpoints[], int ypoints[],
int npoints)
{
doDrawPoly(sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
sg2d.transX, sg2d.transY, xpoints, ypoints, npoints, true);
try {
doDrawPoly((GDIWindowSurfaceData)sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
sg2d.transX, sg2d.transY, xpoints, ypoints, npoints, true);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
}
native void doFillRect(SurfaceData sData,
native void doFillRect(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int x, int y, int w, int h);
public void fillRect(SunGraphics2D sg2d,
int x, int y, int width, int height)
{
doFillRect(sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height);
try {
doFillRect((GDIWindowSurfaceData)sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
}
native void doFillRoundRect(SurfaceData sData,
native void doFillRoundRect(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int x, int y, int w, int h,
int arcW, int arcH);
......@@ -158,25 +191,33 @@ public class GDIRenderer implements
int x, int y, int width, int height,
int arcWidth, int arcHeight)
{
doFillRoundRect(sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height,
arcWidth, arcHeight);
try {
doFillRoundRect((GDIWindowSurfaceData)sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height,
arcWidth, arcHeight);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
}
native void doFillOval(SurfaceData sData,
native void doFillOval(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int x, int y, int w, int h);
public void fillOval(SunGraphics2D sg2d,
int x, int y, int width, int height)
{
doFillOval(sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height);
try {
doFillOval((GDIWindowSurfaceData)sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
}
native void doFillArc(SurfaceData sData,
native void doFillArc(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int x, int y, int w, int h,
int angleStart, int angleExtent);
......@@ -185,13 +226,17 @@ public class GDIRenderer implements
int x, int y, int width, int height,
int startAngle, int arcAngle)
{
doFillArc(sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height,
startAngle, arcAngle);
try {
doFillArc((GDIWindowSurfaceData)sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height,
startAngle, arcAngle);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
}
native void doFillPoly(SurfaceData sData,
native void doFillPoly(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int transx, int transy,
int[] xpoints, int[] ypoints,
......@@ -201,12 +246,16 @@ public class GDIRenderer implements
int xpoints[], int ypoints[],
int npoints)
{
doFillPoly(sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
sg2d.transX, sg2d.transY, xpoints, ypoints, npoints);
try {
doFillPoly((GDIWindowSurfaceData)sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
sg2d.transX, sg2d.transY, xpoints, ypoints, npoints);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
}
native void doShape(SurfaceData sData,
native void doShape(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int transX, int transY,
Path2D.Float p2df, boolean isfill);
......@@ -228,9 +277,13 @@ public class GDIRenderer implements
transX = 0;
transY = 0;
}
doShape(sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
transX, transY, p2df, isfill);
try {
doShape((GDIWindowSurfaceData)sg2d.surfaceData,
sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
transX, transY, p2df, isfill);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
}
// REMIND: This is just a hack to get WIDE lines to honor the
......@@ -239,7 +292,12 @@ public class GDIRenderer implements
// method that could be filled by the doShape method more quickly.
public void doFillSpans(SunGraphics2D sg2d, SpanIterator si) {
int box[] = new int[4];
SurfaceData sd = sg2d.surfaceData;
GDIWindowSurfaceData sd;
try {
sd = (GDIWindowSurfaceData)sg2d.surfaceData;
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
Region clip = sg2d.getCompClip();
Composite comp = sg2d.composite;
int eargb = sg2d.eargb;
......@@ -268,7 +326,7 @@ public class GDIRenderer implements
doShape(sg2d, s, true);
}
public native void devCopyArea(SurfaceData sData,
public native void devCopyArea(GDIWindowSurfaceData sData,
int srcx, int srcy,
int dx, int dy,
int w, int h);
......@@ -278,21 +336,21 @@ public class GDIRenderer implements
}
public static class Tracer extends GDIRenderer {
void doDrawLine(SurfaceData sData,
void doDrawLine(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int x1, int y1, int x2, int y2)
{
GraphicsPrimitive.tracePrimitive("GDIDrawLine");
super.doDrawLine(sData, clip, comp, color, x1, y1, x2, y2);
}
void doDrawRect(SurfaceData sData,
void doDrawRect(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int x, int y, int w, int h)
{
GraphicsPrimitive.tracePrimitive("GDIDrawRect");
super.doDrawRect(sData, clip, comp, color, x, y, w, h);
}
void doDrawRoundRect(SurfaceData sData,
void doDrawRoundRect(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int x, int y, int w, int h,
int arcW, int arcH)
......@@ -301,14 +359,14 @@ public class GDIRenderer implements
super.doDrawRoundRect(sData, clip, comp, color,
x, y, w, h, arcW, arcH);
}
void doDrawOval(SurfaceData sData,
void doDrawOval(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int x, int y, int w, int h)
{
GraphicsPrimitive.tracePrimitive("GDIDrawOval");
super.doDrawOval(sData, clip, comp, color, x, y, w, h);
}
void doDrawArc(SurfaceData sData,
void doDrawArc(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int x, int y, int w, int h,
int angleStart, int angleExtent)
......@@ -317,7 +375,7 @@ public class GDIRenderer implements
super.doDrawArc(sData, clip, comp, color, x, y, w, h,
angleStart, angleExtent);
}
void doDrawPoly(SurfaceData sData,
void doDrawPoly(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int transx, int transy,
int[] xpoints, int[] ypoints,
......@@ -327,14 +385,14 @@ public class GDIRenderer implements
super.doDrawPoly(sData, clip, comp, color, transx, transy,
xpoints, ypoints, npoints, isclosed);
}
void doFillRect(SurfaceData sData,
void doFillRect(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int x, int y, int w, int h)
{
GraphicsPrimitive.tracePrimitive("GDIFillRect");
super.doFillRect(sData, clip, comp, color, x, y, w, h);
}
void doFillRoundRect(SurfaceData sData,
void doFillRoundRect(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int x, int y, int w, int h,
int arcW, int arcH)
......@@ -343,14 +401,14 @@ public class GDIRenderer implements
super.doFillRoundRect(sData, clip, comp, color,
x, y, w, h, arcW, arcH);
}
void doFillOval(SurfaceData sData,
void doFillOval(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int x, int y, int w, int h)
{
GraphicsPrimitive.tracePrimitive("GDIFillOval");
super.doFillOval(sData, clip, comp, color, x, y, w, h);
}
void doFillArc(SurfaceData sData,
void doFillArc(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int x, int y, int w, int h,
int angleStart, int angleExtent)
......@@ -359,7 +417,7 @@ public class GDIRenderer implements
super.doFillArc(sData, clip, comp, color, x, y, w, h,
angleStart, angleExtent);
}
void doFillPoly(SurfaceData sData,
void doFillPoly(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int transx, int transy,
int[] xpoints, int[] ypoints,
......@@ -369,7 +427,7 @@ public class GDIRenderer implements
super.doFillPoly(sData, clip, comp, color, transx, transy,
xpoints, ypoints, npoints);
}
void doShape(SurfaceData sData,
void doShape(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color,
int transX, int transY,
Path2D.Float p2df, boolean isfill)
......@@ -380,7 +438,7 @@ public class GDIRenderer implements
super.doShape(sData, clip, comp, color,
transX, transY, p2df, isfill);
}
public void devCopyArea(SurfaceData sData,
public void devCopyArea(GDIWindowSurfaceData sData,
int srcx, int srcy,
int dx, int dy,
int w, int h)
......
src/windows/native/sun/java2d/windows/GDIRenderer.cpp
浏览文件 @ a71380fd
......@@ -117,7 +117,7 @@ static POINT *TransformPoly(jint *xpoints, jint *ypoints,
/*
* Class: sun_java2d_windows_GDIRenderer
* Method: doDrawLine
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
* Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
*/
JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doDrawLine
......@@ -164,7 +164,7 @@ Java_sun_java2d_windows_GDIRenderer_doDrawLine
/*
* Class: sun_java2d_windows_GDIRenderer
* Method: doDrawRect
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
* Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
*/
JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doDrawRect
......@@ -209,7 +209,7 @@ Java_sun_java2d_windows_GDIRenderer_doDrawRect
/*
* Class: sun_java2d_windows_GDIRenderer
* Method: doDrawRoundRect
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
* Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
*/
JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doDrawRoundRect
......@@ -253,7 +253,7 @@ Java_sun_java2d_windows_GDIRenderer_doDrawRoundRect
/*
* Class: sun_java2d_windows_GDIRenderer
* Method: doDrawOval
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
* Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
*/
JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doDrawOval
......@@ -291,7 +291,7 @@ Java_sun_java2d_windows_GDIRenderer_doDrawOval
/*
* Class: sun_java2d_windows_GDIRenderer
* Method: doDrawArc
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
* Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
*/
JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doDrawArc
......@@ -347,7 +347,7 @@ Java_sun_java2d_windows_GDIRenderer_doDrawArc
/*
* Class: sun_java2d_windows_GDIRenderer
* Method: doDrawPoly
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;III[I[IIZ)V
* Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;III[I[IIZ)V
*/
JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doDrawPoly
......@@ -412,7 +412,7 @@ Java_sun_java2d_windows_GDIRenderer_doDrawPoly
/*
* Class: sun_java2d_windows_GDIRenderer
* Method: doFillRect
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
* Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
*/
JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doFillRect
......@@ -445,7 +445,7 @@ Java_sun_java2d_windows_GDIRenderer_doFillRect
/*
* Class: sun_java2d_windows_GDIRenderer
* Method: doFillRoundRect
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
* Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
*/
JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doFillRoundRect
......@@ -488,7 +488,7 @@ Java_sun_java2d_windows_GDIRenderer_doFillRoundRect
/*
* Class: sun_java2d_windows_GDIRenderer
* Method: doFillOval
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
* Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
*/
JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doFillOval
......@@ -555,7 +555,7 @@ Java_sun_java2d_windows_GDIRenderer_doFillOval
/*
* Class: sun_java2d_windows_GDIRenderer
* Method: doFillArc
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
* Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
*/
JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doFillArc
......@@ -615,7 +615,7 @@ Java_sun_java2d_windows_GDIRenderer_doFillArc
/*
* Class: sun_java2d_windows_GDIRenderer
* Method: doFillPoly
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;III[I[II)V
* Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;III[I[II)V
*/
JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doFillPoly
......@@ -680,7 +680,7 @@ Java_sun_java2d_windows_GDIRenderer_doFillPoly
/*
* Class: sun_java2d_windows_GDIRenderer
* Method: doShape
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;
* Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;
* Ljava/awt/Composite;IIILjava/awt/geom/Path2D.Float;Z)V
*/
JNIEXPORT void JNICALL
......@@ -863,7 +863,7 @@ INLINE BOOL RectInMonitorRect(RECT *rCheck, RECT *rContainer)
/*
* Class: sun_java2d_windows_GDIRenderer
* Method: devCopyArea
* Signature: (Lsun/awt/windows/SurfaceData;IIIIII)V
* Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;IIIIII)V
*/
JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_devCopyArea
......
test/java/io/Serializable/expectedStackTrace/ExpectedStackTrace.java
浏览文件 @ a71380fd
......@@ -22,7 +22,7 @@
*/
/* @test
* @bug 6317435
* @bug 6317435 7110700
* @summary Verify that stack trace contains a proper cause of
* InvalidClassException (methods: checkSerialize,
* checkDeserialize or checkDefaultSerialize)
......@@ -59,7 +59,7 @@ public class ExpectedStackTrace {
private static final String SER_METHOD_NAME = "checkSerializable";
public static final void main(String[] args) throws Exception {
System.err.println("\nRegression test for CR6317435");
System.err.println("\nRegression test for CRs 6317435, 7110700");
checkSerializable(getObject());
}
......@@ -99,9 +99,12 @@ public class ExpectedStackTrace {
}
}
if (found) {
if (ex.getCause() != null) {
throw new Error("\nTest for CR 7110700 FAILED");
}
System.err.println("\nTEST PASSED");
} else {
throw new Error();
throw new Error("\nTest for CR 6317435 FAILED");
}
}
}
......
test/javax/sound/sampled/DataLine/DataLine_ArrayIndexOutOfBounds.java 0 → 100644
浏览文件 @ a71380fd
/**
* @test
* @bug 7088367
* @summary SourceDataLine.write and TargetDataLine.read don't throw ArrayIndexOutOfBoundsException
* @author Alex Menkov
*/
import javax.sound.sampled.AudioSystem;
import javax.sound.sampled.DataLine;
import javax.sound.sampled.Line;
import javax.sound.sampled.LineUnavailableException;
import javax.sound.sampled.Mixer;
import javax.sound.sampled.SourceDataLine;
import javax.sound.sampled.TargetDataLine;
public class DataLine_ArrayIndexOutOfBounds {
static int total = 0;
static int failed = 0;
// shared buffer for all tests
static final byte[] buffer = new byte[5000000];
// the class describes different test scenarios (buffer properties)
static abstract class Scenario {
abstract int getBufferOffset(DataLine line);
abstract int getBufferLength(DataLine line);
}
// scenarios to tests
static Scenario[] scenarios = new Scenario[]{
new Scenario() {
public String toString() {
return "offset is near Integer.MAX_VALUE";
}
public int getBufferOffset(DataLine line) {
return Integer.MAX_VALUE - 4096;
}
public int getBufferLength(DataLine line) {
return 65536;
}
},
new Scenario() {
public String toString() {
return "offset is less than buffer.length, length is large";
}
int getBufferOffset(DataLine line) {
return buffer.length / 10;
}
int getBufferLength(DataLine line) {
return Integer.MAX_VALUE - getBufferOffset(line) + 4096;
}
}
};
public static void main(String[] args) throws Exception {
Mixer.Info[] infos = AudioSystem.getMixerInfo();
log("" + infos.length + " mixers detected");
for (int i=0; i<infos.length; i++) {
Mixer mixer = AudioSystem.getMixer(infos[i]);
log("Mixer " + (i+1) + ": " + infos[i]);
try {
mixer.open();
for (Scenario scenario: scenarios) {
testSDL(mixer, scenario);
testTDL(mixer, scenario);
}
mixer.close();
} catch (LineUnavailableException ex) {
log("LineUnavailableException: " + ex);
}
}
if (failed == 0) {
log("PASSED (" + total + " tests)");
} else {
log("FAILED (" + failed + " of " + total + " tests)");
throw new Exception("Test FAILED");
}
}
final static int STOPPER_DELAY = 5000; // 1 sec
static class AsyncLineStopper implements Runnable {
private final DataLine line;
private final long delayMS; // delay before stop the line
private final Thread thread;
private final Object readyEvent = new Object();
private final Object startEvent = new Object();
public AsyncLineStopper(DataLine line, long delayMS) {
this.line = line;
this.delayMS = delayMS;
thread = new Thread(this);
thread.setDaemon(true);
// starts the thread and waits until it becomes ready
synchronized (readyEvent) {
thread.start();
try {
readyEvent.wait();
} catch (InterruptedException ex) { }
}
}
// makes the delay and then stops the line
public void schedule() {
synchronized(startEvent) {
startEvent.notifyAll();
}
}
// force stop/close the line
public void force() {
thread.interrupt();
try {
thread.join();
} catch (InterruptedException ex) {
log("join exception: " + ex);
}
}
// Runnable implementation
public void run() {
try {
synchronized(readyEvent) {
readyEvent.notifyAll();
}
synchronized(startEvent) {
startEvent.wait();
}
// delay
Thread.sleep(delayMS);
} catch (InterruptedException ex) {
log(" AsyncLineStopper has been interrupted: " + ex);
}
// and flush
log(" stop...");
line.stop();
log(" close...");
line.close();
}
}
static void testSDL(Mixer mixer, Scenario scenario) {
log(" Testing SDL (scenario: " + scenario + ")...");
Line.Info linfo = new Line.Info(SourceDataLine.class);
SourceDataLine line = null;
try {
line = (SourceDataLine)mixer.getLine(linfo);
log(" got line: " + line);
log(" open...");
line.open();
} catch (IllegalArgumentException ex) {
log(" unsupported (IllegalArgumentException)");
return;
} catch (LineUnavailableException ex) {
log(" unavailable: " + ex);
return;
}
total++;
log(" start...");
line.start();
AsyncLineStopper lineStopper = new AsyncLineStopper(line, STOPPER_DELAY);
int offset = scenario.getBufferOffset(line);
int len = scenario.getBufferLength(line);
// ensure len represents integral number of frames
len -= len % line.getFormat().getFrameSize();
log(" write...");
lineStopper.schedule();
try {
line.write(buffer, offset, len);
log(" ERROR: didn't get ArrayIndexOutOfBoundsException");
failed++;
} catch (ArrayIndexOutOfBoundsException ex) {
log(" OK: got ArrayIndexOutOfBoundsException: " + ex);
}
lineStopper.force();
}
static void testTDL(Mixer mixer, Scenario scenario) {
log(" Testing TDL (scenario: " + scenario + ")...");
Line.Info linfo = new Line.Info(TargetDataLine.class);
TargetDataLine line = null;
try {
line = (TargetDataLine)mixer.getLine(linfo);
log(" got line: " + line);
log(" open...");
line.open();
} catch (IllegalArgumentException ex) {
log(" unsupported (IllegalArgumentException)");
return;
} catch (LineUnavailableException ex) {
log(" unavailable: " + ex);
return;
}
total++;
log(" start...");
line.start();
AsyncLineStopper lineStopper = new AsyncLineStopper(line, STOPPER_DELAY);
int offset = scenario.getBufferOffset(line);
int len = scenario.getBufferLength(line);
// ensure len represents integral number of frames
len -= len % line.getFormat().getFrameSize();
log(" read...");
try {
line.read(buffer, offset, len);
log(" ERROR: didn't get ArrayIndexOutOfBoundsException");
failed++;
} catch (ArrayIndexOutOfBoundsException ex) {
log(" OK: got ArrayIndexOutOfBoundsException: " + ex);
}
lineStopper.force();
}
static void log(String s) {
System.out.println(s);
System.out.flush();
}
}
test/sun/security/provider/certpath/X509CertPath/ForwardBuildCompromised.java 0 → 100644
浏览文件 @ a71380fd
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 7123519
* @summary Problem with java/classes_security
*/
import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.KeyStore;
import java.security.cert.*;
import java.security.spec.*;
import java.security.interfaces.*;
public class ForwardBuildCompromised {
// DigiNotar Root CA, untrusted root certificate
static String trustedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\n" +
"MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\n" +
"ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\n" +
"b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\n" +
"bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\n" +
"U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\n" +
"A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\n" +
"I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\n" +
"wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\n" +
"AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\n" +
"oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\n" +
"BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\n" +
"dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\n" +
"MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\n" +
"b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\n" +
"dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\n" +
"MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\n" +
"E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\n" +
"MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\n" +
"hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\n" +
"95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\n" +
"2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\n" +
"-----END CERTIFICATE-----";
// DigiNotar Root CA, untrusted cross-certificate
static String untrustedCrossCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" +
"MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" +
"EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" +
"hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" +
"ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" +
"OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" +
"hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" +
"gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" +
"IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" +
"BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" +
"Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" +
"5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" +
"DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" +
"9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" +
"7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" +
"ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" +
"BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" +
"BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" +
"VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" +
"bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" +
"A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" +
"BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" +
"xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" +
"ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" +
"ZFdYf+hthc3m6IcJ\n" +
"-----END CERTIFICATE-----";
// DigiNotar Root CA, compromised certificate
static String compromisedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
"Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
"HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES\n" +
"MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg\n" +
"MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB\n" +
"AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B\n" +
"8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY\n" +
"tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl\n" +
"HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj\n" +
"zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU\n" +
"JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM\n" +
"ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv\n" +
"a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p\n" +
"K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi\n" +
"puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT\n" +
"yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO\n" +
"owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV\n" +
"HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC\n" +
"jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy\n" +
"fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo\n" +
"Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo\n" +
"M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM\n" +
"Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed\n" +
"2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH\n" +
"/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl\n" +
"nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE\n" +
"O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU\n" +
"9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9\n" +
"j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr\n" +
"-----END CERTIFICATE-----";
// DigiNotar Public CA 2025, intermediate certificate
static String intermediateCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIGAzCCA+ugAwIBAgIQHn16Uz1FMEGWQA9xSB9FBDANBgkqhkiG9w0BAQUFADBf\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
"Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
"HhcNMDYwMjA2MTYwNzAyWhcNMjUwMzI4MTYwNzAyWjBmMQswCQYDVQQGEwJOTDES\n" +
"MBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdpTm90YXIgUHVibGljIENB\n" +
"IDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5vdGFyLm5sMIIBIjANBgkq\n" +
"hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/2eu/I5fMG8lbvPph3e8zfJpZQtg/72\n" +
"Yx29+ivtKehiF6A3n785XyoY6IT3vlCrhy1CbMOY3M0x1n4YQlv17B0XZ/DqHyBA\n" +
"SQvnDNbkM9j4NoSy/sRtGsP6PetIFFjrhE9whZuvuSUC1PY4PruEEJp8zOCx4+wU\n" +
"Zt9xvjy4Xra+bSia5rwccQ/R5FYTGKrYCthOy9C9ud5Fhd++rlVhgdA/78w+Cs2s\n" +
"xS4i0MAxG75P3/e/bATJKepbydHdDjkyz9o3RW/wdPUXhzEw4EwUjYg6XJrDzMad\n" +
"6aL9M/eaxDjgz6o48EaWRDrGptaE2uJRuErVz7oOO0p/wYKq/BU+/wIDAQABo4IB\n" +
"sjCCAa4wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vdmFsaWRh\n" +
"dGlvbi5kaWdpbm90YXIubmwwHwYDVR0jBBgwFoAUiGi/4I41xDs4a2L3KDuEgcgM\n" +
"100wEgYDVR0TAQH/BAgwBgEB/wIBADCBxgYDVR0gBIG+MIG7MIG4Bg5ghBABh2kB\n" +
"AQEBBQIGBDCBpTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpbm90YXIubmwv\n" +
"Y3BzMHoGCCsGAQUFBwICMG4abENvbmRpdGlvbnMsIGFzIG1lbnRpb25lZCBvbiBv\n" +
"dXIgd2Vic2l0ZSAod3d3LmRpZ2lub3Rhci5ubCksIGFyZSBhcHBsaWNhYmxlIHRv\n" +
"IGFsbCBvdXIgcHJvZHVjdHMgYW5kIHNlcnZpY2VzLjBDBgNVHR8EPDA6MDigNqA0\n" +
"hjJodHRwOi8vc2VydmljZS5kaWdpbm90YXIubmwvY3JsL3Jvb3QvbGF0ZXN0Q1JM\n" +
"LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFN8zwK+S/jf8ttgWFtDZsZHV\n" +
"+m6lMA0GCSqGSIb3DQEBBQUAA4ICAQCfV1rmBd9QStEyQ40lT0tqby0/3ez0STuJ\n" +
"ESBQLQD56XYdb4VFSuqA6xTtiuSVHLoiv2xyISN9FvX3A5VtifkJ00JEaLQJiSsE\n" +
"wGDkYGl1DT7SsqtAVKdMAuCM+e0j0/RV3hZ6kcrM7/wFccHwM+/TiurR9lgZDzB4\n" +
"a7++A4XrYyKx9vc9ZwBEnD1nrAe7++gg9cuZgP7e+QL0FBHMjpw+gnCDjr2dzBZC\n" +
"4r+b8SOqlbPRPexBuNghlc7PfcPIyFis2LJXDRMWiAd3TcfdALwRsuKMR/T+cwyr\n" +
"asy69OEGHplLT57otQ524BDctDXNzlH9bHEh52QzqkWvIDqs42910IUy1nYNPIUG\n" +
"yYJV/T7H8Jb6vfMZWe47iUFvtNZCi8+b542gRUwdi+ca+hGviBC9Qr4Wv1pl7CBQ\n" +
"Hy1axTkHiQawUo/hgmoetCpftugl9yJTfvsBorUV1ZMxn9B1JLSGtWnbUsFRla7G\n" +
"fNa0IsUkzmmha8XCzvNu0d1PDGtcQyUqmDOE1Hx4cIBeuF8ipuIXkrVCr9zAZ4ZC\n" +
"hgz6aA1gDTW8whSRJqYEYEQ0pcMEFLyXE+Nz3O8NinO2AuxqKhjMk13203xA7lPY\n" +
"MnBQ0v7S3qqbp/pvPMiUhOz/VaYted6QmOY5EATBnFiLCuw87JXoAyp382eJ3WX1\n" +
"hOiR4IX9Tg==\n" +
"-----END CERTIFICATE-----";
// The fraudulent certificate issued by above compromised CA
static String targetCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp\n" +
"Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v\n" +
"dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE\n" +
"BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp\n" +
"ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j\n" +
"b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS\n" +
"CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q\n" +
"7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD\n" +
"ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x\n" +
"OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8\n" +
"vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2\n" +
"EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0\n" +
"dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43\n" +
"/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH\n" +
"aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u\n" +
"bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u\n" +
"IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg\n" +
"dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8\n" +
"oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s\n" +
"YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn\n" +
"b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG\n" +
"9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH\n" +
"UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB\n" +
"pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM\n" +
"FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum\n" +
"U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK\n" +
"baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==\n" +
"-----END CERTIFICATE-----";
public static void main(String args[]) throws Exception {
Exception reservedException = null;
try {
build();
} catch (CertPathBuilderException cpbe) {
reservedException = cpbe;
}
if (reservedException == null) {
throw new Exception("Unable to block fraudulent certificate");
}
System.out.println(
"The expected untrusted cert exception: " + reservedException);
}
private static X509CertSelector generateSelector() throws Exception {
// generate certificate from cert strings
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate target = null;
try (ByteArrayInputStream is =
new ByteArrayInputStream(targetCertStr.getBytes())) {
target = (X509Certificate)cf.generateCertificate(is);
}
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(target);
return selector;
}
private static CertStore generateCertificateStore() throws Exception {
// generate certificate from cert strings
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// generate certification path
Set<Certificate> entries = new HashSet();
try (ByteArrayInputStream is =
new ByteArrayInputStream(targetCertStr.getBytes())) {
entries.add(cf.generateCertificate(is));
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(intermediateCertStr.getBytes())) {
entries.add(cf.generateCertificate(is));
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(compromisedCertStr.getBytes())) {
entries.add(cf.generateCertificate(is));
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(untrustedCrossCertStr.getBytes())) {
entries.add(cf.generateCertificate(is));
}
return CertStore.getInstance("Collection",
new CollectionCertStoreParameters(entries));
}
private static Set<TrustAnchor> generateTrustAnchors()
throws CertificateException, IOException {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate trustedCert = null;
try (ByteArrayInputStream is =
new ByteArrayInputStream(trustedCertStr.getBytes())) {
trustedCert = cf.generateCertificate(is);
}
// generate a trust anchor
TrustAnchor anchor =
new TrustAnchor((X509Certificate)trustedCert, null);
return Collections.singleton(anchor);
}
private static void build() throws Exception {
X509CertSelector selector = generateSelector();
Set<TrustAnchor> anchors = generateTrustAnchors();
CertStore certs = generateCertificateStore();
PKIXBuilderParameters params =
new PKIXBuilderParameters(anchors, selector);
params.addCertStore(certs);
params.setRevocationEnabled(false);
params.setDate(new Date(111, 11, 25)); // 2011-12-25
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
PKIXCertPathBuilderResult result =
(PKIXCertPathBuilderResult)builder.build(params);
}
}
test/sun/security/provider/certpath/X509CertPath/ReverseBuildCompromised.java 0 → 100644
浏览文件 @ a71380fd
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 7123519
* @summary Problem with java/classes_security
*/
import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.KeyStore;
import java.security.cert.*;
import java.security.spec.*;
import java.security.interfaces.*;
import sun.security.provider.certpath.SunCertPathBuilderParameters;
public class ReverseBuildCompromised {
// DigiNotar Root CA, untrusted root certificate
static String trustedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\n" +
"MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\n" +
"ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\n" +
"b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\n" +
"bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\n" +
"U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\n" +
"A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\n" +
"I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\n" +
"wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\n" +
"AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\n" +
"oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\n" +
"BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\n" +
"dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\n" +
"MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\n" +
"b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\n" +
"dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\n" +
"MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\n" +
"E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\n" +
"MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\n" +
"hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\n" +
"95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\n" +
"2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\n" +
"-----END CERTIFICATE-----";
// DigiNotar Root CA, untrusted cross-certificate
static String untrustedCrossCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" +
"MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" +
"EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" +
"hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" +
"ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" +
"OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" +
"hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" +
"gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" +
"IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" +
"BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" +
"Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" +
"5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" +
"DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" +
"9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" +
"7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" +
"ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" +
"BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" +
"BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" +
"VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" +
"bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" +
"A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" +
"BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" +
"xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" +
"ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" +
"ZFdYf+hthc3m6IcJ\n" +
"-----END CERTIFICATE-----";
// DigiNotar Root CA, compromised certificate
static String compromisedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
"Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
"HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES\n" +
"MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg\n" +
"MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB\n" +
"AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B\n" +
"8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY\n" +
"tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl\n" +
"HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj\n" +
"zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU\n" +
"JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM\n" +
"ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv\n" +
"a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p\n" +
"K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi\n" +
"puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT\n" +
"yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO\n" +
"owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV\n" +
"HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC\n" +
"jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy\n" +
"fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo\n" +
"Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo\n" +
"M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM\n" +
"Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed\n" +
"2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH\n" +
"/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl\n" +
"nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE\n" +
"O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU\n" +
"9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9\n" +
"j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr\n" +
"-----END CERTIFICATE-----";
// DigiNotar Public CA 2025, intermediate certificate
static String intermediateCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIGAzCCA+ugAwIBAgIQHn16Uz1FMEGWQA9xSB9FBDANBgkqhkiG9w0BAQUFADBf\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
"Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
"HhcNMDYwMjA2MTYwNzAyWhcNMjUwMzI4MTYwNzAyWjBmMQswCQYDVQQGEwJOTDES\n" +
"MBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdpTm90YXIgUHVibGljIENB\n" +
"IDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5vdGFyLm5sMIIBIjANBgkq\n" +
"hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/2eu/I5fMG8lbvPph3e8zfJpZQtg/72\n" +
"Yx29+ivtKehiF6A3n785XyoY6IT3vlCrhy1CbMOY3M0x1n4YQlv17B0XZ/DqHyBA\n" +
"SQvnDNbkM9j4NoSy/sRtGsP6PetIFFjrhE9whZuvuSUC1PY4PruEEJp8zOCx4+wU\n" +
"Zt9xvjy4Xra+bSia5rwccQ/R5FYTGKrYCthOy9C9ud5Fhd++rlVhgdA/78w+Cs2s\n" +
"xS4i0MAxG75P3/e/bATJKepbydHdDjkyz9o3RW/wdPUXhzEw4EwUjYg6XJrDzMad\n" +
"6aL9M/eaxDjgz6o48EaWRDrGptaE2uJRuErVz7oOO0p/wYKq/BU+/wIDAQABo4IB\n" +
"sjCCAa4wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vdmFsaWRh\n" +
"dGlvbi5kaWdpbm90YXIubmwwHwYDVR0jBBgwFoAUiGi/4I41xDs4a2L3KDuEgcgM\n" +
"100wEgYDVR0TAQH/BAgwBgEB/wIBADCBxgYDVR0gBIG+MIG7MIG4Bg5ghBABh2kB\n" +
"AQEBBQIGBDCBpTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpbm90YXIubmwv\n" +
"Y3BzMHoGCCsGAQUFBwICMG4abENvbmRpdGlvbnMsIGFzIG1lbnRpb25lZCBvbiBv\n" +
"dXIgd2Vic2l0ZSAod3d3LmRpZ2lub3Rhci5ubCksIGFyZSBhcHBsaWNhYmxlIHRv\n" +
"IGFsbCBvdXIgcHJvZHVjdHMgYW5kIHNlcnZpY2VzLjBDBgNVHR8EPDA6MDigNqA0\n" +
"hjJodHRwOi8vc2VydmljZS5kaWdpbm90YXIubmwvY3JsL3Jvb3QvbGF0ZXN0Q1JM\n" +
"LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFN8zwK+S/jf8ttgWFtDZsZHV\n" +
"+m6lMA0GCSqGSIb3DQEBBQUAA4ICAQCfV1rmBd9QStEyQ40lT0tqby0/3ez0STuJ\n" +
"ESBQLQD56XYdb4VFSuqA6xTtiuSVHLoiv2xyISN9FvX3A5VtifkJ00JEaLQJiSsE\n" +
"wGDkYGl1DT7SsqtAVKdMAuCM+e0j0/RV3hZ6kcrM7/wFccHwM+/TiurR9lgZDzB4\n" +
"a7++A4XrYyKx9vc9ZwBEnD1nrAe7++gg9cuZgP7e+QL0FBHMjpw+gnCDjr2dzBZC\n" +
"4r+b8SOqlbPRPexBuNghlc7PfcPIyFis2LJXDRMWiAd3TcfdALwRsuKMR/T+cwyr\n" +
"asy69OEGHplLT57otQ524BDctDXNzlH9bHEh52QzqkWvIDqs42910IUy1nYNPIUG\n" +
"yYJV/T7H8Jb6vfMZWe47iUFvtNZCi8+b542gRUwdi+ca+hGviBC9Qr4Wv1pl7CBQ\n" +
"Hy1axTkHiQawUo/hgmoetCpftugl9yJTfvsBorUV1ZMxn9B1JLSGtWnbUsFRla7G\n" +
"fNa0IsUkzmmha8XCzvNu0d1PDGtcQyUqmDOE1Hx4cIBeuF8ipuIXkrVCr9zAZ4ZC\n" +
"hgz6aA1gDTW8whSRJqYEYEQ0pcMEFLyXE+Nz3O8NinO2AuxqKhjMk13203xA7lPY\n" +
"MnBQ0v7S3qqbp/pvPMiUhOz/VaYted6QmOY5EATBnFiLCuw87JXoAyp382eJ3WX1\n" +
"hOiR4IX9Tg==\n" +
"-----END CERTIFICATE-----";
// The fraudulent certificate issued by above compromised CA
static String targetCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp\n" +
"Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v\n" +
"dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE\n" +
"BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp\n" +
"ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j\n" +
"b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS\n" +
"CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q\n" +
"7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD\n" +
"ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x\n" +
"OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8\n" +
"vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2\n" +
"EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0\n" +
"dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43\n" +
"/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH\n" +
"aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u\n" +
"bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u\n" +
"IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg\n" +
"dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8\n" +
"oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s\n" +
"YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn\n" +
"b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG\n" +
"9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH\n" +
"UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB\n" +
"pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM\n" +
"FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum\n" +
"U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK\n" +
"baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==\n" +
"-----END CERTIFICATE-----";
public static void main(String args[]) throws Exception {
Exception reservedException = null;
try {
build();
} catch (CertPathBuilderException cpbe) {
reservedException = cpbe;
}
if (reservedException == null) {
throw new Exception("Unable to block fraudulent certificate");
}
System.out.println(
"The expected untrusted cert exception: " + reservedException);
}
private static X509CertSelector generateSelector() throws Exception {
// generate certificate from cert strings
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate target = null;
try (ByteArrayInputStream is =
new ByteArrayInputStream(targetCertStr.getBytes())) {
target = (X509Certificate)cf.generateCertificate(is);
}
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(target);
selector.setSubject(target.getSubjectX500Principal());
return selector;
}
private static CertStore generateCertificateStore() throws Exception {
// generate certificate from cert strings
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// generate certification path
Set<Certificate> entries = new HashSet();
try (ByteArrayInputStream is =
new ByteArrayInputStream(targetCertStr.getBytes())) {
entries.add(cf.generateCertificate(is));
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(intermediateCertStr.getBytes())) {
entries.add(cf.generateCertificate(is));
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(compromisedCertStr.getBytes())) {
entries.add(cf.generateCertificate(is));
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(untrustedCrossCertStr.getBytes())) {
entries.add(cf.generateCertificate(is));
}
return CertStore.getInstance("Collection",
new CollectionCertStoreParameters(entries));
}
private static Set<TrustAnchor> generateTrustAnchors()
throws CertificateException, IOException {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate trustedCert = null;
try (ByteArrayInputStream is =
new ByteArrayInputStream(trustedCertStr.getBytes())) {
trustedCert = cf.generateCertificate(is);
}
// generate a trust anchor
TrustAnchor anchor =
new TrustAnchor((X509Certificate)trustedCert, null);
return Collections.singleton(anchor);
}
private static void build() throws Exception {
X509CertSelector selector = generateSelector();
Set<TrustAnchor> anchors = generateTrustAnchors();
CertStore certs = generateCertificateStore();
SunCertPathBuilderParameters params =
new SunCertPathBuilderParameters(anchors, selector);
params.setBuildForward(false);
params.addCertStore(certs);
params.setRevocationEnabled(false);
params.setDate(new Date(111, 11, 25)); // 2011-12-25
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
PKIXCertPathBuilderResult result =
(PKIXCertPathBuilderResult)builder.build(params);
}
}
test/sun/security/provider/certpath/X509CertPath/ValidateCompromised.java 0 → 100644
浏览文件 @ a71380fd
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 7123519
* @summary Problem with java/classes_security
*/
import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.KeyStore;
import java.security.cert.*;
import java.security.spec.*;
import java.security.interfaces.*;
public class ValidateCompromised {
// DigiNotar Root CA, untrusted root certificate
static String trustedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\n" +
"MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\n" +
"ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\n" +
"b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\n" +
"bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\n" +
"U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\n" +
"A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\n" +
"I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\n" +
"wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\n" +
"AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\n" +
"oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\n" +
"BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\n" +
"dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\n" +
"MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\n" +
"b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\n" +
"dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\n" +
"MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\n" +
"E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\n" +
"MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\n" +
"hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\n" +
"95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\n" +
"2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\n" +
"-----END CERTIFICATE-----";
// DigiNotar Root CA, untrusted cross-certificate
static String untrustedCrossCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" +
"MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" +
"EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" +
"hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" +
"ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" +
"OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" +
"hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" +
"gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" +
"IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" +
"BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" +
"Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" +
"5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" +
"DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" +
"9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" +
"7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" +
"ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" +
"BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" +
"BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" +
"VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" +
"bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" +
"A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" +
"BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" +
"xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" +
"ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" +
"ZFdYf+hthc3m6IcJ\n" +
"-----END CERTIFICATE-----";
// DigiNotar Root CA, compromised certificate
static String compromisedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
"Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
"HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES\n" +
"MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg\n" +
"MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB\n" +
"AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B\n" +
"8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY\n" +
"tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl\n" +
"HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj\n" +
"zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU\n" +
"JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM\n" +
"ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv\n" +
"a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p\n" +
"K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi\n" +
"puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT\n" +
"yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO\n" +
"owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV\n" +
"HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC\n" +
"jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy\n" +
"fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo\n" +
"Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo\n" +
"M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM\n" +
"Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed\n" +
"2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH\n" +
"/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl\n" +
"nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE\n" +
"O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU\n" +
"9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9\n" +
"j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr\n" +
"-----END CERTIFICATE-----";
// DigiNotar Public CA 2025, intermediate certificate
static String intermediateCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIGAzCCA+ugAwIBAgIQHn16Uz1FMEGWQA9xSB9FBDANBgkqhkiG9w0BAQUFADBf\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
"Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
"HhcNMDYwMjA2MTYwNzAyWhcNMjUwMzI4MTYwNzAyWjBmMQswCQYDVQQGEwJOTDES\n" +
"MBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdpTm90YXIgUHVibGljIENB\n" +
"IDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5vdGFyLm5sMIIBIjANBgkq\n" +
"hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/2eu/I5fMG8lbvPph3e8zfJpZQtg/72\n" +
"Yx29+ivtKehiF6A3n785XyoY6IT3vlCrhy1CbMOY3M0x1n4YQlv17B0XZ/DqHyBA\n" +
"SQvnDNbkM9j4NoSy/sRtGsP6PetIFFjrhE9whZuvuSUC1PY4PruEEJp8zOCx4+wU\n" +
"Zt9xvjy4Xra+bSia5rwccQ/R5FYTGKrYCthOy9C9ud5Fhd++rlVhgdA/78w+Cs2s\n" +
"xS4i0MAxG75P3/e/bATJKepbydHdDjkyz9o3RW/wdPUXhzEw4EwUjYg6XJrDzMad\n" +
"6aL9M/eaxDjgz6o48EaWRDrGptaE2uJRuErVz7oOO0p/wYKq/BU+/wIDAQABo4IB\n" +
"sjCCAa4wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vdmFsaWRh\n" +
"dGlvbi5kaWdpbm90YXIubmwwHwYDVR0jBBgwFoAUiGi/4I41xDs4a2L3KDuEgcgM\n" +
"100wEgYDVR0TAQH/BAgwBgEB/wIBADCBxgYDVR0gBIG+MIG7MIG4Bg5ghBABh2kB\n" +
"AQEBBQIGBDCBpTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpbm90YXIubmwv\n" +
"Y3BzMHoGCCsGAQUFBwICMG4abENvbmRpdGlvbnMsIGFzIG1lbnRpb25lZCBvbiBv\n" +
"dXIgd2Vic2l0ZSAod3d3LmRpZ2lub3Rhci5ubCksIGFyZSBhcHBsaWNhYmxlIHRv\n" +
"IGFsbCBvdXIgcHJvZHVjdHMgYW5kIHNlcnZpY2VzLjBDBgNVHR8EPDA6MDigNqA0\n" +
"hjJodHRwOi8vc2VydmljZS5kaWdpbm90YXIubmwvY3JsL3Jvb3QvbGF0ZXN0Q1JM\n" +
"LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFN8zwK+S/jf8ttgWFtDZsZHV\n" +
"+m6lMA0GCSqGSIb3DQEBBQUAA4ICAQCfV1rmBd9QStEyQ40lT0tqby0/3ez0STuJ\n" +
"ESBQLQD56XYdb4VFSuqA6xTtiuSVHLoiv2xyISN9FvX3A5VtifkJ00JEaLQJiSsE\n" +
"wGDkYGl1DT7SsqtAVKdMAuCM+e0j0/RV3hZ6kcrM7/wFccHwM+/TiurR9lgZDzB4\n" +
"a7++A4XrYyKx9vc9ZwBEnD1nrAe7++gg9cuZgP7e+QL0FBHMjpw+gnCDjr2dzBZC\n" +
"4r+b8SOqlbPRPexBuNghlc7PfcPIyFis2LJXDRMWiAd3TcfdALwRsuKMR/T+cwyr\n" +
"asy69OEGHplLT57otQ524BDctDXNzlH9bHEh52QzqkWvIDqs42910IUy1nYNPIUG\n" +
"yYJV/T7H8Jb6vfMZWe47iUFvtNZCi8+b542gRUwdi+ca+hGviBC9Qr4Wv1pl7CBQ\n" +
"Hy1axTkHiQawUo/hgmoetCpftugl9yJTfvsBorUV1ZMxn9B1JLSGtWnbUsFRla7G\n" +
"fNa0IsUkzmmha8XCzvNu0d1PDGtcQyUqmDOE1Hx4cIBeuF8ipuIXkrVCr9zAZ4ZC\n" +
"hgz6aA1gDTW8whSRJqYEYEQ0pcMEFLyXE+Nz3O8NinO2AuxqKhjMk13203xA7lPY\n" +
"MnBQ0v7S3qqbp/pvPMiUhOz/VaYted6QmOY5EATBnFiLCuw87JXoAyp382eJ3WX1\n" +
"hOiR4IX9Tg==\n" +
"-----END CERTIFICATE-----";
// The fraudulent certificate issued by above compromised CA
static String targetCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp\n" +
"Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v\n" +
"dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE\n" +
"BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp\n" +
"ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j\n" +
"b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS\n" +
"CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q\n" +
"7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD\n" +
"ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x\n" +
"OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8\n" +
"vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2\n" +
"EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0\n" +
"dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43\n" +
"/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH\n" +
"aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u\n" +
"bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u\n" +
"IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg\n" +
"dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8\n" +
"oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s\n" +
"YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn\n" +
"b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG\n" +
"9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH\n" +
"UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB\n" +
"pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM\n" +
"FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum\n" +
"U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK\n" +
"baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==\n" +
"-----END CERTIFICATE-----";
public static void main(String args[]) throws Exception {
Exception reservedException = null;
try {
validate();
} catch (CertPathValidatorException cpve) {
reservedException = cpve;
}
if (reservedException == null) {
throw new Exception("Unable to block fraudulent certificate");
}
System.out.println(
"The expected untrusted cert exception: " + reservedException);
}
private static CertPath generateCertificatePath()
throws CertificateException, IOException {
// generate certificate from cert strings
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// generate certification path
List<Certificate> list = new ArrayList();
try (ByteArrayInputStream is =
new ByteArrayInputStream(targetCertStr.getBytes())) {
list.add(cf.generateCertificate(is));
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(intermediateCertStr.getBytes())) {
list.add(cf.generateCertificate(is));
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(compromisedCertStr.getBytes())) {
list.add(cf.generateCertificate(is));
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(untrustedCrossCertStr.getBytes())) {
list.add(cf.generateCertificate(is));
}
return cf.generateCertPath(list);
}
private static Set<TrustAnchor> generateTrustAnchors()
throws CertificateException, IOException {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate trustedCert = null;
try (ByteArrayInputStream is =
new ByteArrayInputStream(trustedCertStr.getBytes())) {
trustedCert = cf.generateCertificate(is);
}
// generate a trust anchor
TrustAnchor anchor =
new TrustAnchor((X509Certificate)trustedCert, null);
return Collections.singleton(anchor);
}
private static void validate()
throws CertPathValidatorException, Exception {
CertPath path = generateCertificatePath();
Set<TrustAnchor> anchors = generateTrustAnchors();
PKIXParameters params = new PKIXParameters(anchors);
// disable certificate revocation checking
params.setRevocationEnabled(false);
// set the validation time
params.setDate(new Date(111, 11, 25)); // 2011-12-25
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
validator.validate(path, params);
}
}
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/ComodoHacker.java 0 → 100644
浏览文件 @ a71380fd
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 7123519
* @summary Problem with java/classes_security
* @run main/othervm ComodoHacker PKIX
* @run main/othervm ComodoHacker SunX509
*/
import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
import java.security.spec.*;
import java.security.interfaces.*;
public class ComodoHacker {
// DigiNotar Root CA, untrusted root certificate
static String trustedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\n" +
"MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\n" +
"ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\n" +
"b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\n" +
"bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\n" +
"U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\n" +
"A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\n" +
"I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\n" +
"wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\n" +
"AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\n" +
"oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\n" +
"BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\n" +
"dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\n" +
"MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\n" +
"b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\n" +
"dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\n" +
"MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\n" +
"E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\n" +
"MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\n" +
"hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\n" +
"95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\n" +
"2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\n" +
"-----END CERTIFICATE-----";
// DigiNotar Root CA, untrusted cross-certificate
static String untrustedCrossCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" +
"MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" +
"EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" +
"hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" +
"ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" +
"OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" +
"hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" +
"gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" +
"IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" +
"BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" +
"Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" +
"5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" +
"DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" +
"9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" +
"7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" +
"ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" +
"BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" +
"BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" +
"VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" +
"bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" +
"A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" +
"BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" +
"xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" +
"ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" +
"ZFdYf+hthc3m6IcJ\n" +
"-----END CERTIFICATE-----";
// DigiNotar Root CA, compromised certificate
static String compromisedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
"Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
"HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES\n" +
"MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg\n" +
"MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB\n" +
"AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B\n" +
"8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY\n" +
"tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl\n" +
"HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj\n" +
"zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU\n" +
"JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM\n" +
"ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv\n" +
"a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p\n" +
"K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi\n" +
"puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT\n" +
"yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO\n" +
"owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV\n" +
"HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC\n" +
"jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy\n" +
"fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo\n" +
"Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo\n" +
"M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM\n" +
"Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed\n" +
"2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH\n" +
"/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl\n" +
"nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE\n" +
"O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU\n" +
"9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9\n" +
"j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr\n" +
"-----END CERTIFICATE-----";
// DigiNotar Public CA 2025, intermediate certificate
static String intermediateCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIGAzCCA+ugAwIBAgIQHn16Uz1FMEGWQA9xSB9FBDANBgkqhkiG9w0BAQUFADBf\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
"Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
"HhcNMDYwMjA2MTYwNzAyWhcNMjUwMzI4MTYwNzAyWjBmMQswCQYDVQQGEwJOTDES\n" +
"MBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdpTm90YXIgUHVibGljIENB\n" +
"IDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5vdGFyLm5sMIIBIjANBgkq\n" +
"hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/2eu/I5fMG8lbvPph3e8zfJpZQtg/72\n" +
"Yx29+ivtKehiF6A3n785XyoY6IT3vlCrhy1CbMOY3M0x1n4YQlv17B0XZ/DqHyBA\n" +
"SQvnDNbkM9j4NoSy/sRtGsP6PetIFFjrhE9whZuvuSUC1PY4PruEEJp8zOCx4+wU\n" +
"Zt9xvjy4Xra+bSia5rwccQ/R5FYTGKrYCthOy9C9ud5Fhd++rlVhgdA/78w+Cs2s\n" +
"xS4i0MAxG75P3/e/bATJKepbydHdDjkyz9o3RW/wdPUXhzEw4EwUjYg6XJrDzMad\n" +
"6aL9M/eaxDjgz6o48EaWRDrGptaE2uJRuErVz7oOO0p/wYKq/BU+/wIDAQABo4IB\n" +
"sjCCAa4wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vdmFsaWRh\n" +
"dGlvbi5kaWdpbm90YXIubmwwHwYDVR0jBBgwFoAUiGi/4I41xDs4a2L3KDuEgcgM\n" +
"100wEgYDVR0TAQH/BAgwBgEB/wIBADCBxgYDVR0gBIG+MIG7MIG4Bg5ghBABh2kB\n" +
"AQEBBQIGBDCBpTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpbm90YXIubmwv\n" +
"Y3BzMHoGCCsGAQUFBwICMG4abENvbmRpdGlvbnMsIGFzIG1lbnRpb25lZCBvbiBv\n" +
"dXIgd2Vic2l0ZSAod3d3LmRpZ2lub3Rhci5ubCksIGFyZSBhcHBsaWNhYmxlIHRv\n" +
"IGFsbCBvdXIgcHJvZHVjdHMgYW5kIHNlcnZpY2VzLjBDBgNVHR8EPDA6MDigNqA0\n" +
"hjJodHRwOi8vc2VydmljZS5kaWdpbm90YXIubmwvY3JsL3Jvb3QvbGF0ZXN0Q1JM\n" +
"LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFN8zwK+S/jf8ttgWFtDZsZHV\n" +
"+m6lMA0GCSqGSIb3DQEBBQUAA4ICAQCfV1rmBd9QStEyQ40lT0tqby0/3ez0STuJ\n" +
"ESBQLQD56XYdb4VFSuqA6xTtiuSVHLoiv2xyISN9FvX3A5VtifkJ00JEaLQJiSsE\n" +
"wGDkYGl1DT7SsqtAVKdMAuCM+e0j0/RV3hZ6kcrM7/wFccHwM+/TiurR9lgZDzB4\n" +
"a7++A4XrYyKx9vc9ZwBEnD1nrAe7++gg9cuZgP7e+QL0FBHMjpw+gnCDjr2dzBZC\n" +
"4r+b8SOqlbPRPexBuNghlc7PfcPIyFis2LJXDRMWiAd3TcfdALwRsuKMR/T+cwyr\n" +
"asy69OEGHplLT57otQ524BDctDXNzlH9bHEh52QzqkWvIDqs42910IUy1nYNPIUG\n" +
"yYJV/T7H8Jb6vfMZWe47iUFvtNZCi8+b542gRUwdi+ca+hGviBC9Qr4Wv1pl7CBQ\n" +
"Hy1axTkHiQawUo/hgmoetCpftugl9yJTfvsBorUV1ZMxn9B1JLSGtWnbUsFRla7G\n" +
"fNa0IsUkzmmha8XCzvNu0d1PDGtcQyUqmDOE1Hx4cIBeuF8ipuIXkrVCr9zAZ4ZC\n" +
"hgz6aA1gDTW8whSRJqYEYEQ0pcMEFLyXE+Nz3O8NinO2AuxqKhjMk13203xA7lPY\n" +
"MnBQ0v7S3qqbp/pvPMiUhOz/VaYted6QmOY5EATBnFiLCuw87JXoAyp382eJ3WX1\n" +
"hOiR4IX9Tg==\n" +
"-----END CERTIFICATE-----";
// The fraudulent certificate issued by above compromised CA
static String targetCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp\n" +
"Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v\n" +
"dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE\n" +
"BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp\n" +
"ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j\n" +
"b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS\n" +
"CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q\n" +
"7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD\n" +
"ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x\n" +
"OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8\n" +
"vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2\n" +
"EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0\n" +
"dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43\n" +
"/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH\n" +
"aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u\n" +
"bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u\n" +
"IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg\n" +
"dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8\n" +
"oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s\n" +
"YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn\n" +
"b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG\n" +
"9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH\n" +
"UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB\n" +
"pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM\n" +
"FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum\n" +
"U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK\n" +
"baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==\n" +
"-----END CERTIFICATE-----";
private static String tmAlgorithm; // trust manager
public static void main(String args[]) throws Exception {
// Get the customized arguments.
parseArguments(args);
X509TrustManager tm = getTrustManager();
X509Certificate[] chain = getFraudulentChain();
Exception reservedException = null;
try {
tm.checkClientTrusted(chain, "RSA");
} catch (CertificateException ce) {
reservedException = ce;
}
if (reservedException == null) {
throw new Exception("Unable to block fraudulent certificate");
}
reservedException = null;
try {
tm.checkServerTrusted(chain, "RSA");
} catch (CertificateException ce) {
reservedException = ce;
}
if (reservedException == null) {
throw new Exception("Unable to block fraudulent certificate");
}
System.out.println(
"The expected untrusted cert exception: " + reservedException);
}
private static void parseArguments(String[] args) {
tmAlgorithm = args[0];
}
private static X509TrustManager getTrustManager() throws Exception {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// create a key store
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
// import the trusted cert
try (ByteArrayInputStream is =
new ByteArrayInputStream(trustedCertStr.getBytes())) {
Certificate trustedCert = cf.generateCertificate(is);
ks.setCertificateEntry("RSA Export Signer", trustedCert);
}
// create the trust manager
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlgorithm);
tmf.init(ks);
return (X509TrustManager)tmf.getTrustManagers()[0];
}
private static X509Certificate[] getFraudulentChain() throws Exception {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate[] chain = new X509Certificate[4];
try (ByteArrayInputStream is =
new ByteArrayInputStream(targetCertStr.getBytes())) {
chain[0] = (X509Certificate)cf.generateCertificate(is);
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(intermediateCertStr.getBytes())) {
chain[1] = (X509Certificate)cf.generateCertificate(is);
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(compromisedCertStr.getBytes())) {
chain[2] = (X509Certificate)cf.generateCertificate(is);
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(untrustedCrossCertStr.getBytes())) {
chain[3] = (X509Certificate)cf.generateCertificate(is);
}
return chain;
}
}
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册