提交 d599234b 编写于 作者: W wetmore

Merge

......@@ -43,7 +43,7 @@ import sun.security.util.SecurityConstants;
* CookieHandler.getDefault().
*
* For more information on HTTP state management, see <a
* href="http://www.ietf.org/rfc/rfc2965.txt""><i>RFC&nbsp;2965: HTTP
* href="http://www.ietf.org/rfc/rfc2965.txt"><i>RFC&nbsp;2965: HTTP
* State Management Mechanism</i></a>
*
* @author Yingxian Wang
......
......@@ -52,7 +52,7 @@ import sun.security.util.SecurityConstants;
* protocol is allowed to use a cached response.
*
* For more information on HTTP caching, see <a
* href="http://www.ietf.org/rfc/rfc2616.txt""><i>RFC&nbsp;2616: Hypertext
* href="http://www.ietf.org/rfc/rfc2616.txt"><i>RFC&nbsp;2616: Hypertext
* Transfer Protocol -- HTTP/1.1</i></a>
*
* @author Yingxian Wang
......
......@@ -49,7 +49,7 @@ import java.lang.NullPointerException; // for javadoc
*
* <p> Aside from some minor deviations noted below, an instance of this
* class represents a URI reference as defined by
* <a href="http://www.ietf.org/rfc/rfc2396.txt""><i>RFC&nbsp;2396: Uniform
* <a href="http://www.ietf.org/rfc/rfc2396.txt"><i>RFC&nbsp;2396: Uniform
* Resource Identifiers (URI): Generic Syntax</i></a>, amended by <a
* href="http://www.ietf.org/rfc/rfc2732.txt"><i>RFC&nbsp;2732: Format for
* Literal IPv6 Addresses in URLs</i></a>. The Literal IPv6 address format
......@@ -461,7 +461,7 @@ import java.lang.NullPointerException; // for javadoc
* transformation format of ISO 10646</i></a>, <br><a
* href="http://www.ietf.org/rfc/rfc2373.txt"><i>RFC&nbsp;2373: IPv6 Addressing
* Architecture</i></a>, <br><a
* href="http://www.ietf.org/rfc/rfc2396.txt""><i>RFC&nbsp;2396: Uniform
* href="http://www.ietf.org/rfc/rfc2396.txt"><i>RFC&nbsp;2396: Uniform
* Resource Identifiers (URI): Generic Syntax</i></a>, <br><a
* href="http://www.ietf.org/rfc/rfc2732.txt"><i>RFC&nbsp;2732: Format for
* Literal IPv6 Addresses in URLs</i></a>, <br><a
......
......@@ -66,7 +66,7 @@ import sun.security.util.SecurityConstants;
* </pre></blockquote>
* <p>
* The syntax of <code>URL</code> is defined by <a
* href="http://www.ietf.org/rfc/rfc2396.txt""><i>RFC&nbsp;2396: Uniform
* href="http://www.ietf.org/rfc/rfc2396.txt"><i>RFC&nbsp;2396: Uniform
* Resource Identifiers (URI): Generic Syntax</i></a>, amended by <a
* href="http://www.ietf.org/rfc/rfc2732.txt"><i>RFC&nbsp;2732: Format for
* Literal IPv6 Addresses in URLs</i></a>. The Literal IPv6 address format
......
......@@ -32,6 +32,7 @@ import java.security.*;
import java.util.*;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECParameterSpec;
import java.security.cert.X509Certificate;
......@@ -147,8 +148,33 @@ final class ClientHandshaker extends Handshaker {
case HandshakeMessage.ht_server_key_exchange:
serverKeyExchangeReceived = true;
switch (keyExchange) {
case K_RSA:
case K_RSA_EXPORT:
/**
* The server key exchange message is sent by the server only
* when the server certificate message does not contain the
* proper amount of data to allow the client to exchange a
* premaster secret, such as when RSA_EXPORT is used and the
* public key in the server certificate is longer than 512 bits.
*/
if (serverKey == null) {
throw new SSLProtocolException
("Server did not send certificate message");
}
if (!(serverKey instanceof RSAPublicKey)) {
throw new SSLProtocolException("Protocol violation:" +
" the certificate type must be appropriate for the" +
" selected cipher suite's key exchange algorithm");
}
if (JsseJce.getRSAKeyLength(serverKey) <= 512) {
throw new SSLProtocolException("Protocol violation:" +
" server sent a server key exchange message for" +
" key exchange " + keyExchange +
" when the public key in the server certificate" +
" is less than or equal to 512 bits in length");
}
try {
this.serverKeyExchange(new RSA_ServerKeyExchange(input));
} catch (GeneralSecurityException e) {
......@@ -180,6 +206,9 @@ final class ClientHandshaker extends Handshaker {
throwSSLException("Server key", e);
}
break;
case K_RSA:
case K_DH_RSA:
case K_DH_DSS:
case K_ECDH_ECDSA:
case K_ECDH_RSA:
throw new SSLProtocolException("Protocol violation: server sent"
......@@ -580,6 +609,16 @@ final class ClientHandshaker extends Handshaker {
case K_RSA:
case K_RSA_EXPORT:
if (serverKey == null) {
throw new SSLProtocolException
("Server did not send certificate message");
}
if (!(serverKey instanceof RSAPublicKey)) {
throw new SSLProtocolException
("Server certificate does not include an RSA key");
}
/*
* For RSA key exchange, we randomly generate a new
* pre-master secret and encrypt it with the server's
......@@ -588,8 +627,29 @@ final class ClientHandshaker extends Handshaker {
* it's a performance speedup not to do that until
* the client's waiting for the server response, but
* more of a speedup for the D-H case.
*
* If the RSA_EXPORT scheme is active, when the public
* key in the server certificate is less than or equal
* to 512 bits in length, use the cert's public key,
* otherwise, the ephemeral one.
*/
PublicKey key = (keyExchange == K_RSA) ? serverKey : ephemeralServerKey;
PublicKey key;
if (keyExchange == K_RSA) {
key = serverKey;
} else { // K_RSA_EXPORT
if (JsseJce.getRSAKeyLength(serverKey) <= 512) {
// extraneous ephemeralServerKey check done
// above in processMessage()
key = serverKey;
} else {
if (ephemeralServerKey == null) {
throw new SSLProtocolException("Server did not send" +
" a RSA_EXPORT Server Key Exchange message");
}
key = ephemeralServerKey;
}
}
m2 = new RSAClientKeyExchange(protocolVersion, maxProtocolVersion,
sslContext.getSecureRandom(), key);
break;
......
......@@ -4104,7 +4104,7 @@ class RuntimePerm extends Perm {
"getClassLoader",
"setContextClassLoader",
"enableContextClassLoaderOverride",
"setSecurityManage",
"setSecurityManager",
"createSecurityManager",
"getenv.<" +
PolicyTool.rb.getString("environment variable name") + ">",
......
......@@ -138,7 +138,6 @@ JNIEXPORT jobjectArray JNICALL
Java_java_net_Inet4AddressImpl_lookupAllHostAddr(JNIEnv *env, jobject this,
jstring host) {
const char *hostname;
jobject name;
jobjectArray ret = 0;
struct hostent res, *hp = 0;
char buf[HENT_BUF_SIZE];
......@@ -210,12 +209,6 @@ Java_java_net_Inet4AddressImpl_lookupAllHostAddr(JNIEnv *env, jobject this,
addrp++;
}
name = (*env)->NewStringUTF(env, hostname);
if (IS_NULL(name)) {
goto cleanupAndReturn;
}
ret = (*env)->NewObjectArray(env, i, ni_iacls, NULL);
if (IS_NULL(ret)) {
/* we may have memory to free at the end of this */
......@@ -231,7 +224,7 @@ Java_java_net_Inet4AddressImpl_lookupAllHostAddr(JNIEnv *env, jobject this,
}
(*env)->SetIntField(env, iaObj, ni_iaaddressID,
ntohl((*addrp)->s_addr));
(*env)->SetObjectField(env, iaObj, ni_iahostID, name);
(*env)->SetObjectField(env, iaObj, ni_iahostID, host);
(*env)->SetObjectArrayElement(env, ret, i, iaObj);
addrp++;
i++;
......
......@@ -142,7 +142,6 @@ Java_java_net_Inet6AddressImpl_lookupAllHostAddr(JNIEnv *env, jobject this,
jstring host) {
const char *hostname;
jobjectArray ret = 0;
jobject name;
int retLen = 0;
jclass byteArrayCls;
jboolean preferIPv6Address;
......@@ -310,11 +309,6 @@ Java_java_net_Inet6AddressImpl_lookupAllHostAddr(JNIEnv *env, jobject this,
inet6Index = inetCount;
}
name = (*env)->NewStringUTF(env, hostname);
if (IS_NULL(name)) {
ret = NULL;
goto cleanupAndReturn;
}
while (iterator != NULL) {
if (iterator->ai_family == AF_INET) {
jobject iaObj = (*env)->NewObject(env, ni_ia4cls, ni_ia4ctrID);
......@@ -324,7 +318,7 @@ Java_java_net_Inet6AddressImpl_lookupAllHostAddr(JNIEnv *env, jobject this,
}
(*env)->SetIntField(env, iaObj, ni_iaaddressID,
ntohl(((struct sockaddr_in*)iterator->ai_addr)->sin_addr.s_addr));
(*env)->SetObjectField(env, iaObj, ni_iahostID, name);
(*env)->SetObjectField(env, iaObj, ni_iahostID, host);
(*env)->SetObjectArrayElement(env, ret, inetIndex, iaObj);
inetIndex++;
} else if (iterator->ai_family == AF_INET6) {
......@@ -355,7 +349,7 @@ Java_java_net_Inet6AddressImpl_lookupAllHostAddr(JNIEnv *env, jobject this,
(*env)->SetBooleanField(env, iaObj, ia6_scopeidsetID, JNI_TRUE);
}
(*env)->SetObjectField(env, iaObj, ni_ia6ipaddressID, ipaddress);
(*env)->SetObjectField(env, iaObj, ni_iahostID, name);
(*env)->SetObjectField(env, iaObj, ni_iahostID, host);
(*env)->SetObjectArrayElement(env, ret, inet6Index, iaObj);
inet6Index++;
}
......
......@@ -1117,9 +1117,33 @@ static short getFlags(JNIEnv *env, jstring name) {
if (ioctl(sock, SIOCGIFFLAGS, (char *)&if2) >= 0) {
ret = if2.ifr_flags;
} else {
#if defined(__solaris__) && defined(AF_INET6)
/* Try with an IPv6 socket in case the interface has only IPv6 addresses assigned to it */
struct lifreq lifr;
close(sock);
sock = JVM_Socket(AF_INET6, SOCK_DGRAM, 0);
if (sock < 0) {
(*env)->ReleaseStringUTFChars(env, name, name_utf);
NET_ThrowByNameWithLastError(env, JNU_JAVANETPKG "SocketException",
"Socket creation failed");
return -1;
}
memset((caddr_t)&lifr, 0, sizeof(lifr));
strcpy((caddr_t)&(lifr.lifr_name), name_utf);
if (ioctl(sock, SIOCGLIFFLAGS, (char *)&lifr) >= 0) {
ret = lifr.lifr_flags;
} else {
NET_ThrowByNameWithLastError(env, JNU_JAVANETPKG "SocketException",
"IOCTL failed");
}
#else
NET_ThrowByNameWithLastError(env, JNU_JAVANETPKG "SocketException",
"IOCTL failed");
ret = -1;
#endif
}
close(sock);
/* release the UTF string and interface list */
......@@ -1481,12 +1505,27 @@ JNIEXPORT jint JNICALL Java_java_net_NetworkInterface_getMTU0(JNIEnv *env, jclas
struct lifreq lifr;
memset((caddr_t)&lifr, 0, sizeof(lifr));
strcpy((caddr_t)&(lifr.lifr_name), name_utf);
if (ioctl(sock, SIOCGLIFMTU, (caddr_t)&lifr) >= 0) {
ret = lifr.lifr_mtu;
} else {
/* Try wIth an IPv6 socket in case the interface has only IPv6 addresses assigned to it */
close(sock);
sock = JVM_Socket(AF_INET6, SOCK_DGRAM, 0);
if (sock < 0) {
(*env)->ReleaseStringUTFChars(env, name, name_utf);
NET_ThrowByNameWithLastError(env, JNU_JAVANETPKG "SocketException",
"Socket creation failed");
return -1;
}
if (ioctl(sock, SIOCGLIFMTU, (caddr_t)&lifr) >= 0) {
ret = lifr.lifr_mtu;
} else {
NET_ThrowByNameWithLastError(env, JNU_JAVANETPKG "SocketException",
"IOCTL failed");
}
}
#endif
close(sock);
}
......
......@@ -95,94 +95,24 @@ static int marker_fd = -1;
*/
static int getMarkerFD()
{
int server_fd, child_fd, connect_fd;
SOCKADDR him;
int type, len, port;
int sv[2];
type = AF_INET;
#ifdef AF_INET6
if (ipv6_available()) {
type = AF_INET6;
}
#endif
/*
* Create listener on any port
*/
server_fd = JVM_Socket(type, SOCK_STREAM, 0);
if (server_fd < 0) {
#ifdef AF_UNIX
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) == -1) {
return -1;
}
if (JVM_Listen(server_fd, 1) == -1) {
JVM_SocketClose(server_fd);
return -1;
}
len = SOCKADDR_LEN;
if (JVM_GetSockName(server_fd, (struct sockaddr *)&him, &len) == -1) {
JVM_SocketClose(server_fd);
return -1;
}
port = NET_GetPortFromSockaddr((struct sockaddr *)&him);
/*
* Establish connection from client socket.
* Server is bound to 0.0.0.0/X or ::/X
* We connect to 127.0.0.1/X or ::1/X
*/
#ifdef AF_INET6
if (ipv6_available()) {
struct sockaddr_in6 *him6 = (struct sockaddr_in6 *)&him;
jbyte caddr[16];
memset((char *) caddr, 0, 16);
caddr[15] = 1;
memset((char *)him6, 0, sizeof(struct sockaddr_in6));
memcpy((void *)&(him6->sin6_addr), caddr, sizeof(struct in6_addr) );
him6->sin6_port = htons((short) port);
him6->sin6_family = AF_INET6;
len = sizeof(struct sockaddr_in6) ;
} else
#endif /* AF_INET6 */
{
struct sockaddr_in *him4 = (struct sockaddr_in*)&him;
memset((char *) him4, 0, sizeof(struct sockaddr_in));
him4->sin_port = htons((short) port);
him4->sin_addr.s_addr = (uint32_t) htonl(0x7f000001);
him4->sin_family = AF_INET;
len = sizeof(struct sockaddr_in);
}
connect_fd = JVM_Socket(type, SOCK_STREAM, 0);
if (connect_fd < 0) {
JVM_SocketClose(server_fd);
return -1;
}
if (JVM_Connect(connect_fd, (struct sockaddr *) &him, len) == -1) {
JVM_SocketClose(server_fd);
JVM_SocketClose(connect_fd);
return -1;
}
/*
* Server accepts connection - do in in non-blocking mode to avoid
* hanging if there's an error (should never happen!!!)
*/
SET_NONBLOCKING(server_fd);
len = SOCKADDR_LEN;
child_fd = JVM_Accept(server_fd, (struct sockaddr *)&him, (jint *)&len);
if (child_fd == -1) {
JVM_SocketClose(server_fd);
JVM_SocketClose(connect_fd);
#else
return -1;
}
#endif
/*
* Finally shutdown connect_fd (any reads to this fd will get
* Finally shutdown sv[0] (any reads to this fd will get
* EOF; any writes will get an error).
*/
JVM_SocketShutdown(connect_fd, 2);
JVM_SocketClose(child_fd);
JVM_SocketClose(server_fd);
JVM_SocketShutdown(sv[0], 2);
JVM_SocketClose(sv[1]);
return connect_fd;
return sv[0];
}
......@@ -1087,7 +1017,7 @@ Java_java_net_PlainSocketImpl_socketGetOption(JNIEnv *env, jobject this,
*/
if (cmd == java_net_SocketOptions_SO_BINDADDR) {
SOCKADDR him;
int len = 0;
socklen_t len = 0;
int port;
jobject iaObj;
jclass iaCntrClass;
......
......@@ -137,7 +137,6 @@ JNIEXPORT jobjectArray JNICALL
Java_java_net_Inet4AddressImpl_lookupAllHostAddr(JNIEnv *env, jobject this,
jstring host) {
const char *hostname;
jobject name;
struct hostent *hp;
unsigned int addr[4];
......@@ -229,10 +228,6 @@ Java_java_net_Inet4AddressImpl_lookupAllHostAddr(JNIEnv *env, jobject this,
addrp++;
}
name = (*env)->NewStringUTF(env, hostname);
if (IS_NULL(name)) {
goto cleanupAndReturn;
}
ret = (*env)->NewObjectArray(env, i, ni_iacls, NULL);
if (IS_NULL(ret)) {
......@@ -249,7 +244,7 @@ Java_java_net_Inet4AddressImpl_lookupAllHostAddr(JNIEnv *env, jobject this,
}
(*env)->SetIntField(env, iaObj, ni_iaaddressID,
ntohl((*addrp)->s_addr));
(*env)->SetObjectField(env, iaObj, ni_iahostID, name);
(*env)->SetObjectField(env, iaObj, ni_iahostID, host);
(*env)->SetObjectArrayElement(env, ret, i, iaObj);
addrp++;
i++;
......
......@@ -86,7 +86,6 @@ JNIEXPORT jobjectArray JNICALL
Java_java_net_Inet6AddressImpl_lookupAllHostAddr(JNIEnv *env, jobject this,
jstring host) {
const char *hostname;
jobject name;
jobjectArray ret = 0;
int retLen = 0;
jboolean preferIPv6Address;
......@@ -237,12 +236,6 @@ Java_java_net_Inet6AddressImpl_lookupAllHostAddr(JNIEnv *env, jobject this,
inet6Index = inetCount;
}
name = (*env)->NewStringUTF(env, hostname);
if (IS_NULL(name)) {
ret = NULL;
goto cleanupAndReturn;
}
while (iterator != NULL) {
if (iterator->ai_family == AF_INET) {
jobject iaObj = (*env)->NewObject(env, ni_ia4cls, ni_ia4ctrID);
......@@ -252,7 +245,7 @@ Java_java_net_Inet6AddressImpl_lookupAllHostAddr(JNIEnv *env, jobject this,
}
(*env)->SetIntField(env, iaObj, ni_iaaddressID,
ntohl(((struct sockaddr_in*)iterator->ai_addr)->sin_addr.s_addr));
(*env)->SetObjectField(env, iaObj, ni_iahostID, name);
(*env)->SetObjectField(env, iaObj, ni_iahostID, host);
(*env)->SetObjectArrayElement(env, ret, inetIndex, iaObj);
inetIndex ++;
} else if (iterator->ai_family == AF_INET6) {
......@@ -276,7 +269,7 @@ Java_java_net_Inet6AddressImpl_lookupAllHostAddr(JNIEnv *env, jobject this,
(*env)->SetBooleanField(env, iaObj, ia6_scopeidsetID, JNI_TRUE);
}
(*env)->SetObjectField(env, iaObj, ni_ia6ipaddressID, ipaddress);
(*env)->SetObjectField(env, iaObj, ni_iahostID, name);
(*env)->SetObjectField(env, iaObj, ni_iahostID, host);
(*env)->SetObjectArrayElement(env, ret, inet6Index, iaObj);
inet6Index ++;
}
......
......@@ -30,7 +30,7 @@
#
# @run shell/manual console.sh
if [ "$ALT_PASS" == "" ]; then
if [ "$ALT_PASS" = "" ]; then
export PASS=äöäöäöäö
else
export PASS=$ALT_PASS
......@@ -87,3 +87,6 @@ echo $PASS| $J5/bin/keytool -keystore kkk -genkey -dname CN=olala
$JM/bin/keytool -keystore kkk -list
echo $PASS| $J5/bin/keytool -keystore kkk -list
echo $PASS| $JM/bin/keytool -keystore kkk -list
rm kkk
exit 0
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册