Merge

src/share/classes/com/sun/rowset/RowSetResourceBundle.properties

 #
-# Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -140,7 +140,7 @@ syncrsimpl.valtores = Value to be resolved can either be in the database or in c
 #WebRowSetXmlReader exception
 wrsxmlreader.invalidcp = End of RowSet reached. Invalid cursor position
 wrsxmlreader.readxml = readXML : {0}
-wrsxmlreader.parseerr = ** Parsing Error : {0} , line : {0} , uri : {0}
+wrsxmlreader.parseerr = ** Parsing Error : {0} , line : {1} , uri : {2}
 
 #WebRowSetXmlWriter exceptions
 wrsxmlwriter.ioex = IOException : {0}
@@ -151,7 +151,7 @@ wsrxmlwriter.notproper = Not a proper type
 #XmlReaderContentHandler exceptions
 xmlrch.errmap = Error setting Map : {0}
 xmlrch.errmetadata = Error setting metadata : {0}
-xmlrch.errinsert = Error inserting values : {0}
+xmlrch.errinsertval = Error inserting values : {0}
 xmlrch.errconstr = Error constructing row : {0}
 xmlrch.errdel = Error deleting row : {0}
 xmlrch.errinsert = Error constructing insert row : {0}
@@ -161,7 +161,7 @@ xmlrch.errupdrow = Error updating row : {0}
 xmlrch.chars = characters :
 xmlrch.badvalue = Bad value ; non-nullable property
 xmlrch.badvalue1 = Bad value ; non-nullable metadata
-xmlrch.warning =  ** Warning : {0} , line : {0} , uri : {0}
+xmlrch.warning =  ** Warning : {0} , line : {1} , uri : {2}
 
 #RIOptimisticProvider Exceptions
 riop.locking = Locking classification is not supported

src/share/classes/com/sun/rowset/internal/XmlReaderContentHandler.java

@@ -738,7 +738,7 @@ public class XmlReaderContentHandler extends DefaultHandler {
                     // columnValue now need to be reset to the empty string
                     columnValue = "";
                 } catch (SQLException ex) {
-                    throw new SAXException(MessageFormat.format(resBundle.handleGetObject("xmlrch.errinsert").toString(), ex.getMessage()));
+                    throw new SAXException(MessageFormat.format(resBundle.handleGetObject("xmlrch.errinsertval").toString(), ex.getMessage()));
                 }
                 break;
             case RowTag:

src/share/classes/java/io/BufferedInputStream.java

@@ -395,7 +395,11 @@ class BufferedInputStream extends FilterInputStream {
      *                          or an I/O error occurs.
      */
     public synchronized int available() throws IOException {
-        return getInIfOpen().available() + (count - pos);
+        int n = count - pos;
+        int avail = getInIfOpen().available();
+        return n > (Integer.MAX_VALUE - avail)
+                    ? Integer.MAX_VALUE
+                    : n + avail;
     }
 
     /**

src/share/classes/java/io/PushbackInputStream.java

@@ -273,7 +273,11 @@ class PushbackInputStream extends FilterInputStream {
      */
     public int available() throws IOException {
         ensureOpen();
-        return (buf.length - pos) + super.available();
+        int n = buf.length - pos;
+        int avail = super.available();
+        return n > (Integer.MAX_VALUE - avail)
+                    ? Integer.MAX_VALUE
+                    : n + avail;
     }
 
     /**

src/share/classes/java/sql/SQLPermission.java

@@ -84,7 +84,7 @@ import java.security.*;
  *   {@code setJNDIContext} and {@code setLogger}</td>
  *   <td>Permits an application to specify the JNDI context from which the
  *   {@code SyncProvider} implementations can be retrieved from and the logging
- *   object to be used by the{@codeSyncProvider} implementation.</td>
+ *   object to be used by the {@code SyncProvider} implementation.</td>
  * </tr>
  *
  * <tr>

src/share/classes/sun/nio/cs/UTF_8.java

@@ -358,7 +358,7 @@ class UTF_8 extends Unicode
     private static class Encoder extends CharsetEncoder {
 
         private Encoder(Charset cs) {
-            super(cs, 1.1f, 4.0f);
+            super(cs, 1.1f, 3.0f);
         }
 
         public boolean canEncode(char c) {

src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java

@@ -250,16 +250,16 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
         else return null;
     }
 
-    Ticket readData() throws IOException, RealmException, KrbApErrException, Asn1Exception {
+    byte[] readData() throws IOException {
         int length;
         length = read(4);
-        if (length > 0) {
+        if (length == 0) {
+            return null;
+        } else {
             byte[] bytes = new byte[length];
             read(bytes, 0, length);
-            Ticket ticket = new Ticket(bytes);
-            return ticket;
+            return bytes;
         }
-        else return null;
     }
 
     boolean[] readFlags() throws IOException {
@@ -328,6 +328,17 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
         }
         return flags;
     }
+
+    /**
+     * Reads the next cred in stream.
+     * @return the next cred, null if ticket or second_ticket unparseable.
+     *
+     * Note: MIT krb5 1.8.1 might generate a config entry with server principal
+     * X-CACHECONF:/krb5_ccache_conf_data/fast_avail/krbtgt/REALM@REALM. The
+     * entry is used by KDC to inform the client that it support certain
+     * features. Its ticket is not a valid krb5 ticket and thus this method
+     * returns null.
+     */
     Credentials readCred(int version) throws IOException,RealmException, KrbApErrException, Asn1Exception {
         PrincipalName cpname = readPrincipal(version);
         if (DEBUG)
@@ -367,17 +378,17 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
         if (auData != null) {
             auData = new AuthorizationData(auDataEntry);
         }
-        Ticket ticket = readData();
-        if (DEBUG) {
-            System.out.println(">>>DEBUG <CCacheInputStream>");
-            if (ticket == null) {
-                System.out.println("///ticket is null");
-            }
+        byte[] ticketData = readData();
+        byte[] ticketData2 = readData();
+
+        try {
+            return new Credentials(cpname, spname, key, authtime, starttime,
+                endtime, renewTill, skey, tFlags,
+                addrs, auData,
+                ticketData != null ? new Ticket(ticketData) : null,
+                ticketData2 != null ? new Ticket(ticketData2) : null);
+        } catch (Exception e) {     // If any of new Ticket(*) fails.
+            return null;
         }
-        Ticket secTicket = readData();
-        Credentials cred = new Credentials(cpname, spname, key, authtime, starttime,
-                                           endtime, renewTill, skey, tFlags,
-                                           addrs, auData, ticket, secTicket);
-        return cred;
     }
 }

src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java

 /*
- * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -186,7 +186,10 @@ public class FileCredentialsCache extends CredentialsCache
         primaryRealm = primaryPrincipal.getRealm();
         credentialsList = new Vector<Credentials> ();
         while (cis.available() > 0) {
-            credentialsList.addElement(cis.readCred(version));
+            Credentials cred = cis.readCred(version);
+            if (cred != null) {
+                credentialsList.addElement(cred);
+            }
         }
         cis.close();
     }

src/share/classes/sun/security/ssl/Krb5Helper.java

@@ -10,7 +10,7 @@
  *
  * This code is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * version 2 for more details (a copy is included in the LICENSE file that
  * accompanied this code).
  *

src/share/classes/sun/security/ssl/Krb5Proxy.java

@@ -10,7 +10,7 @@
  *
  * This code is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * version 2 for more details (a copy is included in the LICENSE file that
  * accompanied this code).
  *

src/share/classes/sun/security/ssl/krb5/Krb5ProxyImpl.java

@@ -10,7 +10,7 @@
  *
  * This code is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * version 2 for more details (a copy is included in the LICENSE file that
  * accompanied this code).
  *

src/share/native/java/util/zip/zip_util.c

@@ -314,7 +314,7 @@ findEND(jzfile *zip, void *endbuf)
         if (pos < 0) {
             /* Pretend there are some NUL bytes before start of file */
             off = -pos;
-            memset(buf, '\0', off);
+            memset(buf, '\0', (size_t)off);
         }
 
         if (readFullyAt(zfd, buf + off, sizeof(buf) - off,
@@ -426,7 +426,7 @@ static int
 isMetaName(const char *name, int length)
 {
     const char *s;
-    if (length < sizeof("META-INF/") - 1)
+    if (length < (int)sizeof("META-INF/") - 1)
         return 0;
     for (s = "META-INF/"; *s != '\0'; s++) {
         char c = *name++;
@@ -912,7 +912,7 @@ readCENHeader(jzfile *zip, jlong cenpos, jint bufsize)
     ZFILE zfd = zip->zfd;
     char *cen;
     if (bufsize > zip->len - cenpos)
-        bufsize = zip->len - cenpos;
+        bufsize = (jint)(zip->len - cenpos);
     if ((cen = malloc(bufsize)) == NULL)       goto Catch;
     if (readFullyAt(zfd, cen, bufsize, cenpos) == -1)     goto Catch;
     censize = CENSIZE(cen);
@@ -1256,6 +1256,9 @@ ZIP_GetEntryDataOffset(jzfile *zip, jzentry *entry)
  * file had been previously locked with ZIP_Lock(). Returns the
  * number of bytes read, or -1 if an error occurred. If zip->msg != 0
  * then a zip error occurred and zip->msg contains the error text.
+ *
+ * The current implementation does not support reading an entry that
+ * has the size bigger than 2**32 bytes in ONE invocation.
  */
 jint
 ZIP_Read(jzfile *zip, jzentry *entry, jlong pos, void *buf, jint len)
@@ -1276,7 +1279,7 @@ ZIP_Read(jzfile *zip, jzentry *entry, jlong pos, void *buf, jint len)
     if (len <= 0)
         return 0;
     if (len > entry_size - pos)
-        len = entry_size - pos;
+        len = (jint)(entry_size - pos);
 
     /* Get file offset to start reading data */
     start = ZIP_GetEntryDataOffset(zip, entry);
@@ -1306,6 +1309,9 @@ ZIP_Read(jzfile *zip, jzentry *entry, jlong pos, void *buf, jint len)
  * from ZIP/JAR files specified in the class path. It is defined here
  * so that it can be dynamically loaded by the runtime if the zip library
  * is found.
+ *
+ * The current implementation does not support reading an entry that
+ * has the size bigger than 2**32 bytes in ONE invocation.
  */
 jboolean
 InflateFully(jzfile *zip, jzentry *entry, void *buf, char **msg)
@@ -1314,7 +1320,6 @@ InflateFully(jzfile *zip, jzentry *entry, void *buf, char **msg)
     char tmp[BUF_SIZE];
     jlong pos = 0;
     jlong count = entry->csize;
-    jboolean status;
 
     *msg = 0; /* Reset error message */
 
@@ -1330,10 +1335,10 @@ InflateFully(jzfile *zip, jzentry *entry, void *buf, char **msg)
     }
 
     strm.next_out = buf;
-    strm.avail_out = entry->size;
+    strm.avail_out = (uInt)entry->size;
 
     while (count > 0) {
-        jint n = count > (jlong)sizeof(tmp) ? (jint)sizeof(tmp) : count;
+        jint n = count > (jlong)sizeof(tmp) ? (jint)sizeof(tmp) : (jint)count;
         ZIP_Lock(zip);
         n = ZIP_Read(zip, entry, pos, tmp, n);
         ZIP_Unlock(zip);
@@ -1368,12 +1373,16 @@ InflateFully(jzfile *zip, jzentry *entry, void *buf, char **msg)
     return JNI_TRUE;
 }
 
+/*
+ * The current implementation does not support reading an entry that
+ * has the size bigger than 2**32 bytes in ONE invocation.
+ */
 jzentry * JNICALL
 ZIP_FindEntry(jzfile *zip, char *name, jint *sizeP, jint *nameLenP)
 {
     jzentry *entry = ZIP_GetEntry(zip, name, 0);
     if (entry) {
-        *sizeP = entry->size;
+        *sizeP = (jint)entry->size;
         *nameLenP = strlen(entry->name);
     }
     return entry;

src/share/native/java/util/zip/zlib-1.2.3/compress.c

@@ -75,7 +75,7 @@ int ZEXPORT compress2 (dest, destLen, source, sourceLen, level)
         deflateEnd(&stream);
         return err == Z_OK ? Z_BUF_ERROR : err;
     }
-    *destLen = stream.total_out;
+    *destLen = (uLong)stream.total_out;
 
     err = deflateEnd(&stream);
     return err;

src/share/native/java/util/zip/zlib-1.2.3/uncompr.c

@@ -78,7 +78,7 @@ int ZEXPORT uncompress (dest, destLen, source, sourceLen)
             return Z_DATA_ERROR;
         return err;
     }
-    *destLen = stream.total_out;
+    *destLen = (uLong)stream.total_out;
 
     err = inflateEnd(&stream);
     return err;

test/java/security/Security/ClassLoaderDeadlock/ClassLoaderDeadlock.sh

@@ -68,11 +68,10 @@ case "$OS" in
     ;;
 esac
 
-# remove old class files
 cd ${TESTCLASSES}${FILESEP}
-rm -f ClassLoaderDeadlock.class
-rm -rf provider
-mkdir provider
+if [ ! -d provider ] ; then
+    mkdir provider
+fi
 
 # compile the test program
 ${TESTJAVA}${FILESEP}bin${FILESEP}javac \
@@ -88,4 +87,11 @@ ${TESTJAVA}${FILESEP}bin${FILESEP}java \
 	-classpath "${TESTCLASSES}${PATHSEP}${TESTSRC}${FILESEP}Deadlock.jar" \
 	ClassLoaderDeadlock
 
-exit $?
+STATUS=$?
+
+# clean up
+rm -f 'ClassLoaderDeadlock.class' 'ClassLoaderDeadlock$1.class' \
+'ClassLoaderDeadlock$DelayClassLoader.class' \
+provider${FILESEP}HashProvider.class
+
+exit $STATUS

test/java/security/Security/ClassLoaderDeadlock/Deadlock2.sh

@@ -26,7 +26,6 @@
 
 # @test
 # @bug 6440846
-# @ignore until 6203816 is dealt with.
 # @summary make sure we do not deadlock between ExtClassLoader and AppClassLoader
 # @author Valerie Peng
 # @run shell/timeout=20 Deadlock2.sh
@@ -71,11 +70,14 @@ esac
 
 # remove old class files
 cd ${TESTCLASSES}
-rm -f Deadlock2*.class
 if [ -d testlib ] ; then
     rm -rf testlib
 fi
-cp -r ${TESTJAVA}${FILESEP}lib${FILESEP}ext testlib
+if [ -d ${TESTJAVA}${FILESEP}lib${FILESEP}ext ] ; then
+    cp -r ${TESTJAVA}${FILESEP}lib${FILESEP}ext testlib
+else
+    cp -r ${TESTJAVA}${FILESEP}jre${FILESEP}lib${FILESEP}ext testlib
+fi
 
 # compile and package the test program
 ${TESTJAVA}${FILESEP}bin${FILESEP}javac \

test/sun/security/krb5/UnknownCCEntry.java

+/*
+ * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+/*
+ * @test
+ * @bug 6979329
+ * @summary CCacheInputStream fails to read ticket cache files from Kerberos 1.8.1
+ */
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileOutputStream;
+import sun.security.krb5.internal.ccache.CCacheInputStream;
+import sun.security.krb5.internal.ccache.CredentialsCache;
+
+public class UnknownCCEntry {
+    public static void main(String[] args) throws Exception {
+        // This is a ccache file generated on a test machine:
+        // Default principal: dummy@MAX.LOCAL
+        // Valid starting     Expires            Service principal
+        // 08/24/10 10:37:28  08/25/10 10:37:28  krbtgt/MAX.LOCAL@MAX.LOCAL
+        // Flags: FI, Etype (skey, tkt): AES-128 CTS mode with 96-bit SHA-1
+        //        HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC
+        byte[] krb5cc = {
+            (byte)0x05, (byte)0x04, (byte)0x00, (byte)0x0C,
+            (byte)0x00, (byte)0x01, (byte)0x00, (byte)0x08,
+            (byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFA,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x09,
+            (byte)0x4D, (byte)0x41, (byte)0x58, (byte)0x2E,
+            (byte)0x4C, (byte)0x4F, (byte)0x43, (byte)0x41,
+            (byte)0x4C, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x05, (byte)0x64, (byte)0x75, (byte)0x6D,
+            (byte)0x6D, (byte)0x79, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x01, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x01, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x09, (byte)0x4D, (byte)0x41,
+            (byte)0x58, (byte)0x2E, (byte)0x4C, (byte)0x4F,
+            (byte)0x43, (byte)0x41, (byte)0x4C, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x05, (byte)0x64,
+            (byte)0x75, (byte)0x6D, (byte)0x6D, (byte)0x79,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x02,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x09,
+            (byte)0x4D, (byte)0x41, (byte)0x58, (byte)0x2E,
+            (byte)0x4C, (byte)0x4F, (byte)0x43, (byte)0x41,
+            (byte)0x4C, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x06, (byte)0x6B, (byte)0x72, (byte)0x62,
+            (byte)0x74, (byte)0x67, (byte)0x74, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x09, (byte)0x4D,
+            (byte)0x41, (byte)0x58, (byte)0x2E, (byte)0x4C,
+            (byte)0x4F, (byte)0x43, (byte)0x41, (byte)0x4C,
+            (byte)0x00, (byte)0x11, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x10, (byte)0x92, (byte)0x1D,
+            (byte)0x1A, (byte)0x0C, (byte)0x7F, (byte)0xB8,
+            (byte)0x01, (byte)0x2E, (byte)0xC9, (byte)0xF5,
+            (byte)0x7B, (byte)0x92, (byte)0x81, (byte)0xCA,
+            (byte)0x49, (byte)0xC5, (byte)0x4C, (byte)0x73,
+            (byte)0x30, (byte)0x68, (byte)0x4C, (byte)0x73,
+            (byte)0x30, (byte)0x68, (byte)0x4C, (byte)0x74,
+            (byte)0x81, (byte)0xE8, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x40,
+            (byte)0x41, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x01, (byte)0x29, (byte)0x61,
+            (byte)0x82, (byte)0x01, (byte)0x25, (byte)0x30,
+            (byte)0x82, (byte)0x01, (byte)0x21, (byte)0xA0,
+            (byte)0x03, (byte)0x02, (byte)0x01, (byte)0x05,
+            (byte)0xA1, (byte)0x0B, (byte)0x1B, (byte)0x09,
+            (byte)0x4D, (byte)0x41, (byte)0x58, (byte)0x2E,
+            (byte)0x4C, (byte)0x4F, (byte)0x43, (byte)0x41,
+            (byte)0x4C, (byte)0xA2, (byte)0x1E, (byte)0x30,
+            (byte)0x1C, (byte)0xA0, (byte)0x03, (byte)0x02,
+            (byte)0x01, (byte)0x00, (byte)0xA1, (byte)0x15,
+            (byte)0x30, (byte)0x13, (byte)0x1B, (byte)0x06,
+            (byte)0x6B, (byte)0x72, (byte)0x62, (byte)0x74,
+            (byte)0x67, (byte)0x74, (byte)0x1B, (byte)0x09,
+            (byte)0x4D, (byte)0x41, (byte)0x58, (byte)0x2E,
+            (byte)0x4C, (byte)0x4F, (byte)0x43, (byte)0x41,
+            (byte)0x4C, (byte)0xA3, (byte)0x81, (byte)0xEC,
+            (byte)0x30, (byte)0x81, (byte)0xE9, (byte)0xA0,
+            (byte)0x03, (byte)0x02, (byte)0x01, (byte)0x12,
+            (byte)0xA1, (byte)0x03, (byte)0x02, (byte)0x01,
+            (byte)0x01, (byte)0xA2, (byte)0x81, (byte)0xDC,
+            (byte)0x04, (byte)0x81, (byte)0xD9, (byte)0xFB,
+            (byte)0x4B, (byte)0xD2, (byte)0x55, (byte)0x33,
+            (byte)0xA8, (byte)0x1A, (byte)0xE6, (byte)0xB5,
+            (byte)0x3D, (byte)0x67, (byte)0x46, (byte)0x69,
+            (byte)0x6F, (byte)0x0A, (byte)0x64, (byte)0xE7,
+            (byte)0x3D, (byte)0xEF, (byte)0x22, (byte)0xBE,
+            (byte)0x81, (byte)0x32, (byte)0xF3, (byte)0x72,
+            (byte)0xB4, (byte)0x50, (byte)0xE3, (byte)0xC3,
+            (byte)0xDB, (byte)0xE5, (byte)0x38, (byte)0x3C,
+            (byte)0x60, (byte)0xC8, (byte)0x08, (byte)0x53,
+            (byte)0x44, (byte)0x6F, (byte)0xDF, (byte)0x55,
+            (byte)0x67, (byte)0x32, (byte)0x02, (byte)0xDD,
+            (byte)0x6B, (byte)0xFB, (byte)0x23, (byte)0x1A,
+            (byte)0x88, (byte)0x71, (byte)0xE0, (byte)0xF8,
+            (byte)0xBB, (byte)0x51, (byte)0x1E, (byte)0x76,
+            (byte)0xC9, (byte)0x1F, (byte)0x45, (byte)0x9B,
+            (byte)0xA0, (byte)0xA5, (byte)0x61, (byte)0x45,
+            (byte)0x9E, (byte)0x65, (byte)0xB8, (byte)0xD6,
+            (byte)0x0E, (byte)0x3C, (byte)0xD9, (byte)0x56,
+            (byte)0xD6, (byte)0xA6, (byte)0xDD, (byte)0x36,
+            (byte)0x21, (byte)0x25, (byte)0x0E, (byte)0xE6,
+            (byte)0xAD, (byte)0xA0, (byte)0x3A, (byte)0x9B,
+            (byte)0x21, (byte)0x87, (byte)0xE2, (byte)0xAF,
+            (byte)0x3A, (byte)0xEF, (byte)0x75, (byte)0x85,
+            (byte)0xA8, (byte)0xD7, (byte)0xE5, (byte)0x46,
+            (byte)0xD8, (byte)0x5C, (byte)0x17, (byte)0x4E,
+            (byte)0x64, (byte)0x51, (byte)0xDB, (byte)0x38,
+            (byte)0x8E, (byte)0x6B, (byte)0x02, (byte)0x05,
+            (byte)0x46, (byte)0x77, (byte)0xD0, (byte)0x75,
+            (byte)0x8A, (byte)0xE0, (byte)0x42, (byte)0x5E,
+            (byte)0x8D, (byte)0x49, (byte)0x86, (byte)0xDE,
+            (byte)0x6C, (byte)0xBC, (byte)0xAF, (byte)0x10,
+            (byte)0x9A, (byte)0x97, (byte)0x64, (byte)0xA6,
+            (byte)0xBD, (byte)0xDB, (byte)0x01, (byte)0x40,
+            (byte)0xA9, (byte)0x3D, (byte)0x74, (byte)0x99,
+            (byte)0xDC, (byte)0x63, (byte)0x34, (byte)0x40,
+            (byte)0x31, (byte)0x57, (byte)0xC7, (byte)0x70,
+            (byte)0x9F, (byte)0xCE, (byte)0xC6, (byte)0x7B,
+            (byte)0x00, (byte)0x5B, (byte)0x02, (byte)0x5C,
+            (byte)0xC7, (byte)0x81, (byte)0x40, (byte)0x4D,
+            (byte)0xA7, (byte)0xB1, (byte)0xD2, (byte)0xEA,
+            (byte)0x8E, (byte)0xEC, (byte)0xA0, (byte)0xB3,
+            (byte)0x03, (byte)0x29, (byte)0xB8, (byte)0x44,
+            (byte)0xD7, (byte)0xA1, (byte)0x2B, (byte)0x37,
+            (byte)0x9D, (byte)0x19, (byte)0x11, (byte)0x1D,
+            (byte)0x58, (byte)0xE8, (byte)0x06, (byte)0xE7,
+            (byte)0x06, (byte)0xE3, (byte)0xF7, (byte)0xEF,
+            (byte)0x05, (byte)0xA9, (byte)0x05, (byte)0x93,
+            (byte)0x42, (byte)0x94, (byte)0x5A, (byte)0xD6,
+            (byte)0xA0, (byte)0x24, (byte)0x3A, (byte)0x52,
+            (byte)0x92, (byte)0xA3, (byte)0x79, (byte)0x98,
+            (byte)0x3C, (byte)0x68, (byte)0x55, (byte)0x1B,
+            (byte)0x6A, (byte)0xC5, (byte)0x83, (byte)0x89,
+            (byte)0x5A, (byte)0x79, (byte)0x5C, (byte)0x52,
+            (byte)0xBA, (byte)0xB8, (byte)0xF7, (byte)0x72,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x09,
+            (byte)0x4D, (byte)0x41, (byte)0x58, (byte)0x2E,
+            (byte)0x4C, (byte)0x4F, (byte)0x43, (byte)0x41,
+            (byte)0x4C, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x05, (byte)0x64, (byte)0x75, (byte)0x6D,
+            (byte)0x6D, (byte)0x79, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x03, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x0C, (byte)0x58, (byte)0x2D,
+            (byte)0x43, (byte)0x41, (byte)0x43, (byte)0x48,
+            (byte)0x45, (byte)0x43, (byte)0x4F, (byte)0x4E,
+            (byte)0x46, (byte)0x3A, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x15, (byte)0x6B, (byte)0x72,
+            (byte)0x62, (byte)0x35, (byte)0x5F, (byte)0x63,
+            (byte)0x63, (byte)0x61, (byte)0x63, (byte)0x68,
+            (byte)0x65, (byte)0x5F, (byte)0x63, (byte)0x6F,
+            (byte)0x6E, (byte)0x66, (byte)0x5F, (byte)0x64,
+            (byte)0x61, (byte)0x74, (byte)0x61, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x0A, (byte)0x66,
+            (byte)0x61, (byte)0x73, (byte)0x74, (byte)0x5F,
+            (byte)0x61, (byte)0x76, (byte)0x61, (byte)0x69,
+            (byte)0x6C, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x1A, (byte)0x6B, (byte)0x72, (byte)0x62,
+            (byte)0x74, (byte)0x67, (byte)0x74, (byte)0x2F,
+            (byte)0x4D, (byte)0x41, (byte)0x58, (byte)0x2E,
+            (byte)0x4C, (byte)0x4F, (byte)0x43, (byte)0x41,
+            (byte)0x4C, (byte)0x40, (byte)0x4D, (byte)0x41,
+            (byte)0x58, (byte)0x2E, (byte)0x4C, (byte)0x4F,
+            (byte)0x43, (byte)0x41, (byte)0x4C, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x00, (byte)0x03, (byte)0x79, (byte)0x65,
+            (byte)0x73, (byte)0x00, (byte)0x00, (byte)0x00,
+            (byte)0x00,
+        };
+
+        File f = File.createTempFile("ccache", "cc", new File("."));
+        FileOutputStream fout = new FileOutputStream(f);
+        fout.write(krb5cc);
+        fout.close();
+
+        CredentialsCache cc = CredentialsCache.getInstance(f.getPath());
+        if (!cc.getDefaultCreds().getServicePrincipal().getNameStrings()[0]
+                .equals("krbtgt")) {
+            throw new Exception("No TGT found");
+        }
+    }
+}

test/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java

@@ -23,7 +23,7 @@
 
 /**
  * @test
- * @bug 4917233 6461727 6490213
+ * @bug 4917233 6461727 6490213 6720456
  * @summary test the KeyGenerator
  * @author Andreas Sterbenz
  * @library ..
@@ -104,7 +104,7 @@ public class TestKeyGenerator extends PKCS11Test {
         // Different PKCS11 impls have different ranges
         // of supported key sizes for variable-key-length
         // algorithms.
-        // Solaris> Blowfish: 32-128 bits, RC4: 8-128 bits
+        // Solaris> Blowfish: 32-128 or even 448 bits, RC4: 8-128 bits or as much as 2048 bits
         // NSS>     Blowfish: n/a,         RC4: 8-2048 bits
         // However, we explicitly disallowed key sizes less
         // than 40-bits.
@@ -114,8 +114,8 @@ public class TestKeyGenerator extends PKCS11Test {
         test("Blowfish", 32, p, TestResult.FAIL);
         test("Blowfish", 40, p, TestResult.PASS);
         test("Blowfish", 128, p, TestResult.PASS);
-        test("Blowfish", 136, p, TestResult.FAIL);
-        test("Blowfish", 448, p, TestResult.FAIL);
+        test("Blowfish", 136, p, TestResult.TBD);
+        test("Blowfish", 448, p, TestResult.TBD);
         test("Blowfish", 456, p, TestResult.FAIL);
 
         test("ARCFOUR", 0, p, TestResult.FAIL);
@@ -124,7 +124,7 @@ public class TestKeyGenerator extends PKCS11Test {
         test("ARCFOUR", 128, p, TestResult.PASS);
 
         if (p.getName().equals("SunPKCS11-Solaris")) {
-            test("ARCFOUR", 1024, p, TestResult.FAIL);
+            test("ARCFOUR", 1024, p, TestResult.TBD);
         } else if (p.getName().equals("SunPKCS11-NSS")) {
             test("ARCFOUR", 1024, p, TestResult.PASS);
             test("ARCFOUR", 2048, p, TestResult.PASS);