Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 d904de00 编写于 作者: A asaha
浏览文件
操作

Merge

上级 8587eb8d 2995aeea
展开全部 隐藏空白更改
内联 并排
Showing with 3752 addition and 1149 deletion
.hgtags
浏览文件 @ d904de00
......@@ -710,3 +710,12 @@ c49f918efc4e6e2b8a1e771dba0c8de8d636660c jdk8u141-b06
9fd2a2019a5b7f35957c43c83eb00e1ae371a95e jdk8u141-b07
64261149b033dd6f625ccf7b4aaf7452baec82ef jdk8u141-b08
276269460238f84410a70ffe735db9cf78651b8f jdk8u141-b09
c92d704420d707d3016d8ee3a4239d1c57692ddd jdk8u141-b10
3237f27a9d22ee02d0bfbd6f662a4d948d25a74f jdk8u141-b11
2966589b3f330b6e676418b48d2960e294d35060 jdk8u141-b12
2966589b3f330b6e676418b48d2960e294d35060 jdk8u141-b12
0000000000000000000000000000000000000000 jdk8u141-b12
0000000000000000000000000000000000000000 jdk8u141-b12
996632997de8c889067dafd5a5827146e02c9130 jdk8u141-b12
c6bc194fedb63b20c45c793405d215d206fb4654 jdk8u141-b13
d630e23b8e36c2863225d7ae107c73a38d3e6102 jdk8u141-b14
THIRD_PARTY_README
浏览文件 @ d904de00
此差异已折叠。
make/GenerateClasses.gmk
浏览文件 @ d904de00
......@@ -78,13 +78,6 @@ $(eval $(call SetupRMICompilation,RMI_12, \
RUN_V12 := true))
GENCLASSES += $(RMI_12)
$(eval $(call SetupRMICompilation,RMI_11, \
CLASSES := sun.rmi.registry.RegistryImpl, \
CLASSES_DIR := $(CLASSES_DIR), \
STUB_CLASSES_DIR := $(STUB_CLASSES_DIR), \
RUN_V11 := true))
GENCLASSES += $(RMI_11)
# For RMI/IIOP call rmic a second time with -standardPackage option
# so that *_tie classes are generated in package without the prefix
# org.omg.stub (6375696)
......@@ -111,7 +104,7 @@ GENCLASSES += $(filter %.java, $(RMI_SRC))
##########################################################################################
$(RMI_12) $(RMI_11) $(RMI_IIOP) $(RMI_SRC): $(BUILD_BOOTSTRAP_RMIC)
$(RMI_12) $(RMI_IIOP) $(RMI_SRC): $(BUILD_BOOTSTRAP_RMIC)
$(RMIC_GENSRC_DIR)/_the.classes.removed: $(GENCLASSES)
$(FIND) $(RMIC_GENSRC_DIR) -name "*.class" $(FIND_DELETE)
......
src/share/classes/com/sun/accessibility/internal/resources/accessibility_sv.properties
浏览文件 @ d904de00
......@@ -93,7 +93,7 @@ pressed=nedtryckt
resizable=storleks\u00E4ndringsbar
selectable=valbar
selected=vald
showing=visas
showing=visar
singleline=en rad
transient=tillf\u00E4llig
visible=synlig
......
src/share/classes/com/sun/jndi/ldap/LdapClient.java
浏览文件 @ d904de00
/*
* Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -1233,6 +1233,7 @@ public final class LdapClient implements PooledConnection {
static final int LDAP_REF_FOLLOW = 0x01; // follow referrals
static final int LDAP_REF_THROW = 0x02; // throw referral ex.
static final int LDAP_REF_IGNORE = 0x03; // ignore referrals
static final int LDAP_REF_FOLLOW_SCHEME = 0x04; // follow referrals of the same scheme
static final String LDAP_URL = "ldap://"; // LDAPv3
static final String LDAPS_URL = "ldaps://"; // LDAPv3
......
src/share/classes/com/sun/jndi/ldap/LdapCtx.java
浏览文件 @ d904de00
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -2413,6 +2413,9 @@ final public class LdapCtx extends ComponentDirContext
// First determine the referral mode
if (ref != null) {
switch (ref) {
case "follow-scheme":
handleReferrals = LdapClient.LDAP_REF_FOLLOW_SCHEME;
break;
case "follow":
handleReferrals = LdapClient.LDAP_REF_FOLLOW;
break;
......@@ -2975,8 +2978,23 @@ final public class LdapCtx extends ComponentDirContext
r = new LdapReferralException(resolvedName, resolvedObj, remainName,
msg, envprops, fullDN, handleReferrals, reqCtls);
// only one set of URLs is present
r.setReferralInfo(res.referrals == null ? null :
res.referrals.elementAt(0), false);
Vector<String> refs;
if (res.referrals == null) {
refs = null;
} else if (handleReferrals == LdapClient.LDAP_REF_FOLLOW_SCHEME) {
refs = new Vector<>();
for (String s : res.referrals.elementAt(0)) {
if (s.startsWith("ldap:")) {
refs.add(s);
}
}
if (refs.isEmpty()) {
refs = null;
}
} else {
refs = res.referrals.elementAt(0);
}
r.setReferralInfo(refs, false);
if (hopCount > 1) {
r.setHopCount(hopCount);
......
src/share/classes/com/sun/jndi/ldap/LdapReferralException.java
浏览文件 @ d904de00
/*
* Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -117,7 +117,8 @@ final public class LdapReferralException extends
// If following referral, request controls are passed to referral ctx
this.reqCtls =
(handleReferrals == LdapClient.LDAP_REF_FOLLOW ? reqCtls : null);
(handleReferrals == LdapClient.LDAP_REF_FOLLOW ||
handleReferrals == LdapClient.LDAP_REF_FOLLOW_SCHEME ? reqCtls : null);
}
/**
......
src/share/classes/com/sun/management/HotSpotDiagnosticMXBean.java
浏览文件 @ d904de00
/*
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -63,9 +63,10 @@ public interface HotSpotDiagnosticMXBean extends PlatformManagedObject {
* @param outputFile the system-dependent filename
* @param live if <tt>true</tt> dump only <i>live</i> objects
* i.e. objects that are reachable from others
* @throws IOException if the <tt>outputFile</tt>
* @throws IOException if the <tt>outputFile</tt> already exists,
* cannot be created, opened, or written to.
* @throws UnsupportedOperationException if this operation is not supported.
* @throws IllegalArgumentException if <tt>outputFile</tt> does not end with ".hprof" suffix.
* @throws NullPointerException if <tt>outputFile</tt> is <tt>null</tt>.
* @throws SecurityException
* If a security manager exists and its {@link
......
src/share/classes/java/util/concurrent/ThreadPoolExecutor.java
浏览文件 @ d904de00
......@@ -1482,9 +1482,6 @@ public class ThreadPoolExecutor extends AbstractExecutorService {
/**
* Invokes {@code shutdown} when this executor is no longer
* referenced and it has no threads.
*
* <p>This method is invoked with privileges that are restricted by
* the security context of the caller that invokes the constructor.
*/
protected void finalize() {
SecurityManager sm = System.getSecurityManager();
......
src/share/classes/sun/awt/resources/awt_sv.properties
浏览文件 @ d904de00
......@@ -71,7 +71,7 @@ AWT.f21=F21
AWT.f22=F22
AWT.f23=F23
AWT.f24=F24
AWT.printScreen=Print Screen
AWT.printScreen=Sk\u00E4rmutskrift
AWT.insert=Insert
AWT.help=Hj\u00E4lp
AWT.windows=Windows
......
src/share/classes/sun/launcher/resources/launcher_es.properties
浏览文件 @ d904de00
#
# Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
......@@ -34,7 +34,7 @@ java.launcher.ergo.message1 =\ La VM por defecto es {0}
java.launcher.ergo.message2 =\ porque la ejecuci\u00F3n se est\u00E1 llevando a cabo en una m\u00E1quina de clase de servidor.\n
# Translators please note do not translate the options themselves
java.launcher.opt.footer =\ -cp <ruta de acceso de b\u00FAsqueda de clases de los directorios y los archivos zip/jar>\n -classpath <ruta de acceso de b\u00FAsqueda de clases de los directorios y los archivos zip/jar>\n Lista separada por {0} de directorios, archivos JAR\n y archivos ZIP para buscar archivos de clase.\n -D<nombre>=<valor>\n definir una propiedad del sistema\n -verbose:[class|gc|jni]\n activar la salida verbose\n -version imprimir la versi\u00F3n del producto y salir\n -version:<valor>\n Advertencia: Esta funci\u00F3n est\u00E1 anticuada y se eliminar\u00E1\n en una versi\u00F3n futura.\n es necesario que se ejecute la versi\u00F3n especificada\n -showversion imprimir la versi\u00F3n del producto y continuar\n -jre-restrict-search | -no-jre-restrict-search\n Advertencia: Esta funci\u00F3n est\u00E1 anticuada y se eliminar\u00E1\n en una versi\u00F3n futura.\n incluir/excluir JRE privados de usuario en la b\u00FAsqueda de versi\u00F3n\n -? -help imprimir este mensaje de ayuda\n -X imprimir la ayuda sobre las opciones que no sean est\u00E1ndar\n -ea[:<nombre_paquete>...|:<nombre_clase>]\n -enableassertions[:<nombre_paquete>...|:<nombre_clase>]\n activar afirmaciones con la granularidad especificada\n -da[:<nombre_paquete>...|:<nombre_clase>]\n -disableassertions[:<nombre_paquete>...|:<nombre_clase>]\n desactivar afirmaciones con la granularidad especificada\n -esa | -enablesystemassertions\n activar afirmaciones del sistema\n -dsa | -disablesystemassertions\n desactivar afirmaciones del sistema\n -agentlib:<nombre_bib>[=<opciones>]\n cargar la biblioteca de agente nativa <nombre_bib>, como -agentlib:hprof\n v\u00E9ase tambi\u00E9n -agentlib:jdwp=help y -agentlib:hprof=help\n -agentpath:<nombre_ruta_acceso>[=<opciones>]\n cargar biblioteca de agente nativa con el nombre de la ruta de acceso completa\n -javaagent:<ruta_acceso_jar>[=<opciones>]\n cargar agente de lenguaje de programaci\u00F3n Java, v\u00E9ase java.lang.instrument\n -splash:<ruta_acceso_imagen>\n mostrar una pantalla de presentaci\u00F3n con la imagen especificada\nConsulte http://www.oracle.com/technetwork/java/javase/documentation/index.html para obtener m\u00E1s informaci\u00F3n.
java.launcher.opt.footer =\ -cp <ruta de acceso de b\u00FAsqueda de clases de los directorios y los archivos zip/jar>\n -classpath <ruta de acceso de b\u00FAsqueda de clases de los directorios y los archivos zip/jar>\n Lista separada por {0} de directorios, archivos JAR\n y archivos ZIP para buscar archivos de clase.\n -D<nombre>=<valor>\n definir una propiedad del sistema\n -verbose:[class|gc|jni]\n activar la salida verbose\n -version imprimir la versi\u00F3n del producto y salir\n -version:<valor>\n Advertencia: Esta funci\u00F3n est\u00E1 anticuada y se eliminar\u00E1\n en una versi\u00F3n futura.\n es necesario que se ejecute la versi\u00F3n especificada\n -showversion imprimir la versi\u00F3n del producto y continuar\n -jre-restrict-search | -no-jre-restrict-search\n Advertencia: Esta funci\u00F3n est\u00E1 anticuada y se eliminar\u00E1\n en una versi\u00F3n futura.\n incluir/excluir JRE privados de usuario en la b\u00FAsqueda de versi\u00F3n\n -? -help imprimir este mensaje de ayuda\n -X imprimir la ayuda sobre las opciones que no sean est\u00E1ndar\n -ea[:<nombre paquete>...|:<nombre clase>]\n -enableassertions[:<nombre paquete>...|:<nombre clase>]\n activar afirmaciones con la granularidad especificada\n -da[:<nombre paquete>...|:<nombre clase>]\n -disableassertions[:<nombre paquete>...|:<nombre clase>]\n desactivar afirmaciones con la granularidad especificada\n -esa | -enablesystemassertions\n activar afirmaciones del sistema\n -dsa | -disablesystemassertions\n desactivar afirmaciones del sistema\n -agentlib:<nombre bib>[=<opciones>]\n cargar la biblioteca de agente nativa <nombre bib>, como -agentlib:hprof\n v\u00E9ase tambi\u00E9n -agentlib:jdwp=help y -agentlib:hprof=help\n -agentpath:<nombre ruta acceso>[=<opciones>]\n cargar biblioteca de agente nativa con el nombre de la ruta de acceso completa\n -javaagent:<ruta acceso jar>[=<opciones>]\n cargar agente de lenguaje de programaci\u00F3n Java, v\u00E9ase java.lang.instrument\n -splash:<ruta acceso imagen>\n mostrar una pantalla de presentaci\u00F3n con la imagen especificada\nConsulte http://www.oracle.com/technetwork/java/javase/documentation/index.html para obtener m\u00E1s informaci\u00F3n.
# Translators please note do not translate the options themselves
java.launcher.X.usage=\ -Xmixed ejecuci\u00F3n de modo mixto (por defecto)\n -Xint s\u00F3lo ejecuci\u00F3n de modo interpretado\n -Xbootclasspath:<directorios y archivos zip/jar separados por {0}>\n definir la ruta de acceso de b\u00FAsqueda para los recursos y clases de inicializaci\u00F3n de datos\n -Xbootclasspath/a:<directorios y archivos zip/jar separados por {0}>\n agregar al final de la ruta de acceso de la clase de inicializaci\u00F3n de datos\n -Xbootclasspath/p:<directorios y archivos zip/jar separados por {0}>\n anteponer a la ruta de acceso de la clase de inicializaci\u00F3n de datos\n -Xdiag mostrar mensajes de diagn\u00F3stico adicionales\n -Xnoclassgc desactivar la recolecci\u00F3n de basura de clases\n -Xincgc activar la recolecci\u00F3n de basura de clases\n -Xloggc:<archivo> registrar el estado de GC en un archivo con registros de hora\n -Xbatch desactivar compilaci\u00F3n en segundo plano\n -Xms<tama\u00F1o> definir tama\u00F1o de pila Java inicial\n -Xmx<tama\u00F1o> definir tama\u00F1o de pila Java m\u00E1ximo\n -Xss<tama\u00F1o> definir tama\u00F1o de la pila del thread de Java\n -Xprof datos de salida de creaci\u00F3n de perfil de CPU\n -Xfuture activar las comprobaciones m\u00E1s estrictas, anticip\u00E1ndose al futuro valor por defecto\n -Xrs reducir el uso de se\u00F1ales de sistema operativo por parte de Java/VM (consulte la documentaci\u00F3n)\n -Xcheck:jni realizar comprobaciones adicionales para las funciones de JNI\n -Xshare:off no intentar usar datos de clase compartidos\n -Xshare:auto usar datos de clase compartidos si es posible (valor por defecto)\n -Xshare:on es obligatorio el uso de datos de clase compartidos, de lo contrario se emitir\u00E1 un fallo.\n -XshowSettings mostrar todos los valores y continuar\n -XshowSettings:all\n mostrar todos los valores y continuar\n -XshowSettings:vm mostrar todos los valores de la VM y continuar\n -XshowSettings:properties\n mostrar todos los valores de las propiedades y continuar\n -XshowSettings:locale\n mostrar todos los valores relacionados con la configuraci\u00F3n regional y continuar\n\nLas opciones -X no son est\u00E1ndar, por lo que podr\u00EDan cambiarse sin previo aviso.\n
......
src/share/classes/sun/launcher/resources/launcher_sv.properties
浏览文件 @ d904de00
#
# Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
......@@ -37,7 +37,7 @@ java.launcher.ergo.message2 =\ eftersom du k\u00F6r en serverk
java.launcher.opt.footer =\ -cp <class search path of directories and zip/jar files>\n -classpath <class search path of directories and zip/jar files>\n En lista \u00F6ver kataloger, JAR-arkiv och och ZIP-arkiv\n f\u00F6r s\u00F6kning efter klassfiler avgr\u00E4nsad med {0}.\n -D<name>=<value>\n ange en systemegenskap\n -verbose:[class|gc|jni]\n aktivera utf\u00F6rliga utdata\n -version skriv ut produktversion och avsluta\n -version:<value>\n Varning: den h\u00E4r funktionen \u00E4r inaktuell och kommer\n att tas bort i en framtida utg\u00E5va.\n kr\u00E4v den angivna versionen f\u00F6r att k\u00F6ra\n -showversion skriv ut produktversion och forts\u00E4tt\n -jre-restrict-search | -no-jre-restrict-search\n Varning: den h\u00E4r funktionen \u00E4r inaktuell och kommer\n att tas bort i en framtida utg\u00E5va.\n inkludera/exkludera anv\u00E4ndarprivata JRE:er i versionss\u00F6kningen\n -? -help skriv ut det h\u00E4r hj\u00E4lpmeddelandet\n -X skriv ut hj\u00E4lp f\u00F6r icke-standardalternativ\n -ea[:<packagename>...|:<classname>]\n -enableassertions[:<packagename>...|:<classname>]\n aktivera verifieringar med den angivna detaljgraden\n -da[:<packagename>...|:<classname>]\n -disableassertions[:<packagename>...|:<classname>]\n avaktivera verifieringar med den angivna detaljgraden\n -esa | -enablesystemassertions\n aktivera systemverifieringar\n -dsa | -disablesystemassertions\n avaktivera systemverifieringar\n -agentlib:<libname>[=<options>]\n ladda det ursprungliga agentbiblioteket <libname>, t.ex. -agentlib:hprof\n se \u00E4ven -agentlib:jdwp=help och -agentlib:hprof=help\n -agentpath:<pathname>[=<options>]\n ladda det ursprungliga agentbiblioteket med det fullst\u00E4ndiga s\u00F6kv\u00E4gsnamnet\n -javaagent:<jarpath>[=<options>]\n ladda agenten f\u00F6r programmeringsspr\u00E5ket Java, se java.lang.instrument\n -splash:<imagepath>\n visa v\u00E4lkomstsk\u00E4rmen med den angivna bilden\nMer information finns p\u00E5 http://www.oracle.com/technetwork/java/javase/documentation/index.html.
# Translators please note do not translate the options themselves
java.launcher.X.usage=\ -Xmixed k\u00F6rning i blandat l\u00E4ge (standard)\n -Xint endast k\u00F6rning i tolkat l\u00E4ge\n -Xbootclasspath:<kataloger och zip-/jar-filer avgr\u00E4nsas med {0}>\n ange s\u00F6kv\u00E4g f\u00F6r programladdningsklasser och -resurser\n -Xbootclasspath/a:<kataloger och zip-/jar-filer avgr\u00E4nsas med {0}>\n l\u00E4gg till i slutet av programladdningsklassens s\u00F6kv\u00E4g\n -Xbootclasspath/p:<kataloger och zip-/jar-filer avgr\u00E4nsas med {0}>\n l\u00E4gg till i b\u00F6rjan av programladdningsklassens s\u00F6kv\u00E4g\n -Xdiag visa ytterligare diagnostiska meddelanden\n -Xnoclassgc avaktivera klassens skr\u00E4pinsamling\n -Xincgc aktivera inkrementell skr\u00E4pinsamling\n -Xloggc:<fil> logga GC-status till en fil med tidsst\u00E4mplar\n -Xbatch avaktivera bakgrundskompilering\n -Xms<storlek> ange ursprunglig storlek f\u00F6r Java-heap\n -Xmx<storlek> ange maximal storlek f\u00F6r Java-heap\n -Xss<storlek> ange storlek f\u00F6r java-tr\u00E5dsstack\n -Xprof utdata f\u00F6r processorprofilering\n -Xfuture aktivera str\u00E4ngaste kontroller, f\u00F6rv\u00E4ntad framtida standard\n -Xrs minska OS-signalanv\u00E4ndning av Java/VM (se dokumentation)\n -Xcheck:jni utf\u00F6r ytterligare kontroller f\u00F6r JNI-funktioner\n -Xshare:off anv\u00E4nd inte delade klassdata\n -Xshare:auto anv\u00E4nd delade klassdata om det g\u00E5r (standard)\n -Xshare:on kr\u00E4v att delade klassdata anv\u00E4nds, annars slutf\u00F6r inte.\n -XshowSettings visa alla inst\u00E4llningar och forts\u00E4tt\n -XshowSettings:all\n visa alla inst\u00E4llningar och forts\u00E4tt\n -XshowSettings:vm visa alla vm-relaterade inst\u00E4llningar och forts\u00E4tt\n -XshowSettings:properties\n visa alla egenskapsinst\u00E4llningar och forts\u00E4tt\n -XshowSettings:locale\n visa alla spr\u00E5krelaterade inst\u00E4llningar och forts\u00E4tt\n\n-X-alternativen \u00E4r inte standard och kan \u00E4ndras utan f\u00F6reg\u00E5ende meddelande.\n
java.launcher.X.usage=\ -Xmixed exekvering i blandat l\u00E4ge (standard)\n -Xint endast exekvering i tolkat l\u00E4ge\n -Xbootclasspath:<kataloger och zip-/jar-filer avgr\u00E4nsas med {0}>\n ange s\u00F6kv\u00E4g f\u00F6r programladdningsklasser och -resurser\n -Xbootclasspath/a:<kataloger och zip-/jar-filer avgr\u00E4nsas med {0}>\n l\u00E4gg till i slutet av programladdningsklassens s\u00F6kv\u00E4g\n -Xbootclasspath/p:<kataloger och zip-/jar-filer avgr\u00E4nsas med {0}>\n l\u00E4gg till i b\u00F6rjan av programladdningsklassens s\u00F6kv\u00E4g\n -Xdiag visa ytterligare diagnostiska meddelanden\n -Xnoclassgc avaktivera klassens skr\u00E4pinsamling\n -Xincgc aktivera inkrementell skr\u00E4pinsamling\n -Xloggc:<fil> logga GC-status till en fil med tidsst\u00E4mplar\n -Xbatch avaktivera bakgrundskompilering\n -Xms<storlek> ange ursprunglig storlek f\u00F6r Java-heap\n -Xmx<storlek> ange maximal storlek f\u00F6r Java-heap\n -Xss<storlek> ange storlek f\u00F6r java-tr\u00E5dsstack\n -Xprof utdata f\u00F6r processorprofilering\n -Xfuture aktivera str\u00E4ngaste kontroller, f\u00F6rv\u00E4ntad framtida standard\n -Xrs minska OS-signalanv\u00E4ndning av Java/VM (se dokumentation)\n -Xcheck:jni utf\u00F6r ytterligare kontroller f\u00F6r JNI-funktioner\n -Xshare:off anv\u00E4nd inte delade klassdata\n -Xshare:auto anv\u00E4nd delade klassdata om det g\u00E5r (standard)\n -Xshare:on kr\u00E4v att delade klassdata anv\u00E4nds, annars slutf\u00F6r inte.\n -XshowSettings visa alla inst\u00E4llningar och forts\u00E4tt\n -XshowSettings:all\n visa alla inst\u00E4llningar och forts\u00E4tt\n -XshowSettings:vm visa alla vm-relaterade inst\u00E4llningar och forts\u00E4tt\n -XshowSettings:properties\n visa alla egenskapsinst\u00E4llningar och forts\u00E4tt\n -XshowSettings:locale\n visa alla spr\u00E5krelaterade inst\u00E4llningar och forts\u00E4tt\n\n-X-alternativen \u00E4r inte standard och kan \u00E4ndras utan f\u00F6reg\u00E5ende meddelande.\n
# Translators please note do not translate the options themselves
java.launcher.X.macosx.usage=\nF\u00F6ljande alternativ \u00E4r specifika f\u00F6r Mac OS X:\n -XstartOnFirstThread\n k\u00F6r huvudmetoden() p\u00E5 den f\u00F6rsta (AppKit) tr\u00E5den\n -Xdock:name=<application name>"\n \u00E5sidosatt standardapplikationsnamn visas i docka\n -Xdock:icon=<path to icon file>\n \u00E5sidosatt standardikon visas i docka\n\n
......
src/share/classes/sun/management/HotSpotDiagnostic.java
浏览文件 @ d904de00
/*
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -32,6 +32,8 @@ import javax.management.ObjectName;
import com.sun.management.HotSpotDiagnosticMXBean;
import com.sun.management.VMOption;
import java.security.AccessController;
import java.security.PrivilegedAction;
/**
* Implementation of the diagnostic MBean for Hotspot VM.
......@@ -41,6 +43,14 @@ public class HotSpotDiagnostic implements HotSpotDiagnosticMXBean {
}
public void dumpHeap(String outputFile, boolean live) throws IOException {
String propertyName = "jdk.management.heapdump.allowAnyFileSuffix";
PrivilegedAction<Boolean> pa = () -> Boolean.parseBoolean(System.getProperty(propertyName, "false"));
boolean allowAnyFileSuffix = AccessController.doPrivileged(pa);
if (!allowAnyFileSuffix && !outputFile.endsWith(".hprof")) {
throw new IllegalArgumentException("heapdump file must have .hprof extention");
}
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkWrite(outputFile);
......
src/share/classes/sun/management/jmxremote/SingleEntryRegistry.java
浏览文件 @ d904de00
......@@ -32,6 +32,7 @@
package sun.management.jmxremote;
import sun.misc.ObjectInputFilter;
import java.rmi.AccessException;
import java.rmi.NotBoundException;
import java.rmi.Remote;
......@@ -56,7 +57,7 @@ public class SingleEntryRegistry extends RegistryImpl {
String name,
Remote object)
throws RemoteException {
super(port, csf, ssf);
super(port, csf, ssf, SingleEntryRegistry::singleRegistryFilter);
this.name = name;
this.object = object;
}
......@@ -84,6 +85,23 @@ public class SingleEntryRegistry extends RegistryImpl {
throw new AccessException("Cannot modify this registry");
}
/**
* ObjectInputFilter to check parameters to SingleEntryRegistry.
* Since it is a read-only Registry, no classes are accepted.
* String arguments are accepted without passing them to the serialFilter.
*
* @param info a reference to the serialization filter information
* @return Status.REJECTED if parameters are out of range
*/
private static ObjectInputFilter.Status singleRegistryFilter(ObjectInputFilter.FilterInfo info) {
return (info.serialClass() != null ||
info.depth() > 2 ||
info.references() > 4 ||
info.arrayLength() >= 0)
? ObjectInputFilter.Status.REJECTED
: ObjectInputFilter.Status.ALLOWED;
}
private final String name;
private final Remote object;
......
src/share/classes/sun/management/resources/agent_sv.properties
浏览文件 @ d904de00
#
#
# Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
......@@ -70,10 +70,10 @@ agent.err.invalid.option = Det angivna alternativet \u00E4r ogiltigt
agent.err.invalid.snmp.port = Ogiltigt com.sun.management.snmp.port-nummer
agent.err.invalid.snmp.trap.port = Ogiltigt com.sun.management.snmp.trap-nummer
agent.err.unknown.snmp.interface = Ok\u00E4nt SNMP-gr\u00E4nssnitt
agent.err.acl.file.notset = Ingen SNMP ACL-fil har angetts, men com.sun.management.snmp.acl=true
agent.err.acl.file.notfound = SNMP ACL-filen hittades inte
agent.err.acl.file.not.readable = SNMP ACL-filen \u00E4r inte l\u00E4sbar
agent.err.acl.file.read.failed = Kunde inte l\u00E4sa filen SNMP ACL
agent.err.acl.file.notset = Ingen SNMP \u00E5tkomstkontrollista-fil har angetts, men com.sun.management.snmp.acl=true
agent.err.acl.file.notfound = SNMP \u00E5tkomstkontrollista-filen hittades inte
agent.err.acl.file.not.readable = SNMP \u00E5tkomstkontrollista-filen \u00E4r inte l\u00E4sbar
agent.err.acl.file.read.failed = Kunde inte l\u00E4sa filen SNMP \u00E5tkomstkontrollista
agent.err.acl.file.access.notrestricted = L\u00E4sbeh\u00F6righeten f\u00F6r filen m\u00E5ste begr\u00E4nsas
agent.err.snmp.adaptor.start.failed = Kunde inte starta SNMP-adaptern med adressen
......@@ -85,7 +85,7 @@ jmxremote.ConnectorBootstrap.ready = JMX-anslutning redo p\u00E5: {0}
jmxremote.ConnectorBootstrap.password.readonly = L\u00E4sbeh\u00F6righeten f\u00F6r l\u00F6senordsfilen m\u00E5ste begr\u00E4nsas: {0}
jmxremote.ConnectorBootstrap.file.readonly = Fill\u00E4snings\u00E5tkomst m\u00E5ste begr\u00E4nsas {0}
jmxremote.AdaptorBootstrap.getTargetList.processing = ACL bearbetas
jmxremote.AdaptorBootstrap.getTargetList.processing = \u00E5tkomstkontrollista bearbetas
jmxremote.AdaptorBootstrap.getTargetList.adding = M\u00E5l l\u00E4ggs till: {0}
jmxremote.AdaptorBootstrap.getTargetList.starting = Adapterservern startas:
jmxremote.AdaptorBootstrap.getTargetList.initialize1 = Adaptern redo.
......
src/share/classes/sun/rmi/registry/RegistryImpl.java
浏览文件 @ d904de00
/*
* Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -69,6 +69,10 @@ import sun.rmi.transport.LiveRef;
* registry.
*
* The LocateRegistry class is used to obtain registry for different hosts.
* <p>
* The default RegistryImpl exported restricts access to clients on the local host
* for the methods {@link #bind}, {@link #rebind}, {@link #unbind} by checking
* the client host in the skeleton.
*
* @see java.rmi.registry.LocateRegistry
*/
......@@ -96,10 +100,10 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
private static final String REGISTRY_FILTER_PROPNAME = "sun.rmi.registry.registryFilter";
/** Registry max depth of remote invocations. **/
private static int REGISTRY_MAX_DEPTH = 5;
private static final int REGISTRY_MAX_DEPTH = 20;
/** Registry maximum array size in remote invocations. **/
private static int REGISTRY_MAX_ARRAY_SIZE = 10000;
private static final int REGISTRY_MAX_ARRAY_SIZE = 10000;
/**
* The registryFilter created from the value of the {@code "sun.rmi.registry.registryFilter"}
......@@ -136,6 +140,20 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
RMIClientSocketFactory csf,
RMIServerSocketFactory ssf)
throws RemoteException
{
this(port, csf, ssf, RegistryImpl::registryFilter);
}
/**
* Construct a new RegistryImpl on the specified port with the
* given custom socket factory pair and ObjectInputFilter.
*/
public RegistryImpl(int port,
RMIClientSocketFactory csf,
RMIServerSocketFactory ssf,
ObjectInputFilter serialFilter)
throws RemoteException
{
if (port == Registry.REGISTRY_PORT && System.getSecurityManager() != null) {
// grant permission for default port only.
......@@ -143,7 +161,7 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
public Void run() throws RemoteException {
LiveRef lref = new LiveRef(id, port, csf, ssf);
setup(new UnicastServerRef2(lref, RegistryImpl::registryFilter));
setup(new UnicastServerRef2(lref, serialFilter));
return null;
}
}, null, new SocketPermission("localhost:"+port, "listen,accept"));
......@@ -219,7 +237,8 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
public void bind(String name, Remote obj)
throws RemoteException, AlreadyBoundException, AccessException
{
checkAccess("Registry.bind");
// The access check preventing remote access is done in the skeleton
// and is not applicable to local access.
synchronized (bindings) {
Remote curr = bindings.get(name);
if (curr != null)
......@@ -236,7 +255,8 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
public void unbind(String name)
throws RemoteException, NotBoundException, AccessException
{
checkAccess("Registry.unbind");
// The access check preventing remote access is done in the skeleton
// and is not applicable to local access.
synchronized (bindings) {
Remote obj = bindings.get(name);
if (obj == null)
......@@ -252,7 +272,8 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
public void rebind(String name, Remote obj)
throws RemoteException, AccessException
{
checkAccess("Registry.rebind");
// The access check preventing remote access is done in the skeleton
// and is not applicable to local access.
bindings.put(name, obj);
}
......@@ -279,7 +300,6 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
* The client must be on same the same host as this server.
*/
public static void checkAccess(String op) throws AccessException {
try {
/*
* Get client host that this registry operation was made from.
......@@ -305,7 +325,7 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
if (clientHost.isAnyLocalAddress()) {
throw new AccessException(
"Registry." + op + " disallowed; origin unknown");
op + " disallowed; origin unknown");
}
try {
......@@ -328,7 +348,7 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
// must have been an IOException
throw new AccessException(
"Registry." + op + " disallowed; origin " +
op + " disallowed; origin " +
clientHost + " is non-local host");
}
}
......@@ -337,8 +357,7 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
* Local call from this VM: allow access.
*/
} catch (java.net.UnknownHostException ex) {
throw new AccessException("Registry." + op +
" disallowed; origin is unknown host");
throw new AccessException(op + " disallowed; origin is unknown host");
}
}
......
src/share/classes/sun/rmi/registry/RegistryImpl_Skel.java 0 → 100644
浏览文件 @ d904de00
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.rmi.registry;
import java.io.IOException;
import java.io.InputStream;
import java.rmi.AccessException;
import java.rmi.server.RemoteCall;
import sun.rmi.transport.Connection;
import sun.rmi.transport.StreamRemoteCall;
import sun.rmi.transport.tcp.TCPConnection;
/**
* Skeleton to dispatch RegistryImpl methods.
* Originally generated by RMIC but frozen to match the stubs.
*/
@SuppressWarnings({"deprecation", "serial"})
public final class RegistryImpl_Skel
implements java.rmi.server.Skeleton {
private static final java.rmi.server.Operation[] operations = {
new java.rmi.server.Operation("void bind(java.lang.String, java.rmi.Remote)"),
new java.rmi.server.Operation("java.lang.String list()[]"),
new java.rmi.server.Operation("java.rmi.Remote lookup(java.lang.String)"),
new java.rmi.server.Operation("void rebind(java.lang.String, java.rmi.Remote)"),
new java.rmi.server.Operation("void unbind(java.lang.String)")
};
private static final long interfaceHash = 4905912898345647071L;
public java.rmi.server.Operation[] getOperations() {
return operations.clone();
}
public void dispatch(java.rmi.Remote obj, java.rmi.server.RemoteCall call, int opnum, long hash)
throws java.lang.Exception {
if (hash != interfaceHash)
throw new java.rmi.server.SkeletonMismatchException("interface hash mismatch");
sun.rmi.registry.RegistryImpl server = (sun.rmi.registry.RegistryImpl) obj;
switch (opnum) {
case 0: // bind(String, Remote)
{
// Check access before reading the arguments
RegistryImpl.checkAccess("Registry.bind");
java.lang.String $param_String_1;
java.rmi.Remote $param_Remote_2;
try {
java.io.ObjectInput in = call.getInputStream();
$param_String_1 = (java.lang.String) in.readObject();
$param_Remote_2 = (java.rmi.Remote) in.readObject();
} catch (java.io.IOException | java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling arguments", e);
} finally {
call.releaseInputStream();
}
server.bind($param_String_1, $param_Remote_2);
try {
call.getResultStream(true);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling return", e);
}
break;
}
case 1: // list()
{
call.releaseInputStream();
java.lang.String[] $result = server.list();
try {
java.io.ObjectOutput out = call.getResultStream(true);
out.writeObject($result);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling return", e);
}
break;
}
case 2: // lookup(String)
{
java.lang.String $param_String_1;
try {
java.io.ObjectInput in = call.getInputStream();
$param_String_1 = (java.lang.String) in.readObject();
} catch (java.io.IOException | java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling arguments", e);
} finally {
call.releaseInputStream();
}
java.rmi.Remote $result = server.lookup($param_String_1);
try {
java.io.ObjectOutput out = call.getResultStream(true);
out.writeObject($result);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling return", e);
}
break;
}
case 3: // rebind(String, Remote)
{
// Check access before reading the arguments
RegistryImpl.checkAccess("Registry.rebind");
java.lang.String $param_String_1;
java.rmi.Remote $param_Remote_2;
try {
java.io.ObjectInput in = call.getInputStream();
$param_String_1 = (java.lang.String) in.readObject();
$param_Remote_2 = (java.rmi.Remote) in.readObject();
} catch (java.io.IOException | java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling arguments", e);
} finally {
call.releaseInputStream();
}
server.rebind($param_String_1, $param_Remote_2);
try {
call.getResultStream(true);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling return", e);
}
break;
}
case 4: // unbind(String)
{
// Check access before reading the arguments
RegistryImpl.checkAccess("Registry.unbind");
java.lang.String $param_String_1;
try {
java.io.ObjectInput in = call.getInputStream();
$param_String_1 = (java.lang.String) in.readObject();
} catch (java.io.IOException | java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling arguments", e);
} finally {
call.releaseInputStream();
}
server.unbind($param_String_1);
try {
call.getResultStream(true);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling return", e);
}
break;
}
default:
throw new java.rmi.UnmarshalException("invalid method number");
}
}
}
src/share/classes/sun/rmi/registry/RegistryImpl_Stub.java 0 → 100644
浏览文件 @ d904de00
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.rmi.registry;
/**
* Stubs to invoke RegistryImpl remote methods.
* Originally generated from RMIC but frozen to match RegistryImpl_Skel.
*/
@SuppressWarnings({"deprecation", "serial"})
public final class RegistryImpl_Stub
extends java.rmi.server.RemoteStub
implements java.rmi.registry.Registry, java.rmi.Remote {
private static final java.rmi.server.Operation[] operations = {
new java.rmi.server.Operation("void bind(java.lang.String, java.rmi.Remote)"),
new java.rmi.server.Operation("java.lang.String list()[]"),
new java.rmi.server.Operation("java.rmi.Remote lookup(java.lang.String)"),
new java.rmi.server.Operation("void rebind(java.lang.String, java.rmi.Remote)"),
new java.rmi.server.Operation("void unbind(java.lang.String)")
};
private static final long interfaceHash = 4905912898345647071L;
// constructors
public RegistryImpl_Stub() {
super();
}
public RegistryImpl_Stub(java.rmi.server.RemoteRef ref) {
super(ref);
}
// methods from remote interfaces
// implementation of bind(String, Remote)
public void bind(java.lang.String $param_String_1, java.rmi.Remote $param_Remote_2)
throws java.rmi.AccessException, java.rmi.AlreadyBoundException, java.rmi.RemoteException {
try {
java.rmi.server.RemoteCall call = ref.newCall((java.rmi.server.RemoteObject) this, operations, 0, interfaceHash);
try {
java.io.ObjectOutput out = call.getOutputStream();
out.writeObject($param_String_1);
out.writeObject($param_Remote_2);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling arguments", e);
}
ref.invoke(call);
ref.done(call);
} catch (java.lang.RuntimeException e) {
throw e;
} catch (java.rmi.RemoteException e) {
throw e;
} catch (java.rmi.AlreadyBoundException e) {
throw e;
} catch (java.lang.Exception e) {
throw new java.rmi.UnexpectedException("undeclared checked exception", e);
}
}
// implementation of list()
public java.lang.String[] list()
throws java.rmi.AccessException, java.rmi.RemoteException {
try {
java.rmi.server.RemoteCall call = ref.newCall((java.rmi.server.RemoteObject) this, operations, 1, interfaceHash);
ref.invoke(call);
java.lang.String[] $result;
try {
java.io.ObjectInput in = call.getInputStream();
$result = (java.lang.String[]) in.readObject();
} catch (java.io.IOException e) {
throw new java.rmi.UnmarshalException("error unmarshalling return", e);
} catch (java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling return", e);
} finally {
ref.done(call);
}
return $result;
} catch (java.lang.RuntimeException e) {
throw e;
} catch (java.rmi.RemoteException e) {
throw e;
} catch (java.lang.Exception e) {
throw new java.rmi.UnexpectedException("undeclared checked exception", e);
}
}
// implementation of lookup(String)
public java.rmi.Remote lookup(java.lang.String $param_String_1)
throws java.rmi.AccessException, java.rmi.NotBoundException, java.rmi.RemoteException {
try {
java.rmi.server.RemoteCall call = ref.newCall((java.rmi.server.RemoteObject) this, operations, 2, interfaceHash);
try {
java.io.ObjectOutput out = call.getOutputStream();
out.writeObject($param_String_1);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling arguments", e);
}
ref.invoke(call);
java.rmi.Remote $result;
try {
java.io.ObjectInput in = call.getInputStream();
$result = (java.rmi.Remote) in.readObject();
} catch (java.io.IOException e) {
throw new java.rmi.UnmarshalException("error unmarshalling return", e);
} catch (java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling return", e);
} finally {
ref.done(call);
}
return $result;
} catch (java.lang.RuntimeException e) {
throw e;
} catch (java.rmi.RemoteException e) {
throw e;
} catch (java.rmi.NotBoundException e) {
throw e;
} catch (java.lang.Exception e) {
throw new java.rmi.UnexpectedException("undeclared checked exception", e);
}
}
// implementation of rebind(String, Remote)
public void rebind(java.lang.String $param_String_1, java.rmi.Remote $param_Remote_2)
throws java.rmi.AccessException, java.rmi.RemoteException {
try {
java.rmi.server.RemoteCall call = ref.newCall((java.rmi.server.RemoteObject) this, operations, 3, interfaceHash);
try {
java.io.ObjectOutput out = call.getOutputStream();
out.writeObject($param_String_1);
out.writeObject($param_Remote_2);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling arguments", e);
}
ref.invoke(call);
ref.done(call);
} catch (java.lang.RuntimeException e) {
throw e;
} catch (java.rmi.RemoteException e) {
throw e;
} catch (java.lang.Exception e) {
throw new java.rmi.UnexpectedException("undeclared checked exception", e);
}
}
// implementation of unbind(String)
public void unbind(java.lang.String $param_String_1)
throws java.rmi.AccessException, java.rmi.NotBoundException, java.rmi.RemoteException {
try {
java.rmi.server.RemoteCall call = ref.newCall((java.rmi.server.RemoteObject) this, operations, 4, interfaceHash);
try {
java.io.ObjectOutput out = call.getOutputStream();
out.writeObject($param_String_1);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling arguments", e);
}
ref.invoke(call);
ref.done(call);
} catch (java.lang.RuntimeException e) {
throw e;
} catch (java.rmi.RemoteException e) {
throw e;
} catch (java.rmi.NotBoundException e) {
throw e;
} catch (java.lang.Exception e) {
throw new java.rmi.UnexpectedException("undeclared checked exception", e);
}
}
}
src/share/classes/sun/rmi/server/Activation.java
浏览文件 @ d904de00
......@@ -30,6 +30,7 @@ import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInput;
import java.io.ObjectInputStream;
import java.io.OutputStream;
import java.io.PrintStream;
......@@ -105,7 +106,6 @@ import sun.rmi.log.LogHandler;
import sun.rmi.log.ReliableLog;
import sun.rmi.registry.RegistryImpl;
import sun.rmi.runtime.NewThreadAction;
import sun.rmi.server.UnicastServerRef;
import sun.rmi.transport.LiveRef;
import sun.security.action.GetBooleanAction;
import sun.security.action.GetIntegerAction;
......@@ -345,6 +345,7 @@ public class Activation implements Serializable {
throw new AccessException(
"binding ActivationSystem is disallowed");
} else {
RegistryImpl.checkAccess("ActivationSystem.bind");
super.bind(name, obj);
}
}
......@@ -356,6 +357,7 @@ public class Activation implements Serializable {
throw new AccessException(
"unbinding ActivationSystem is disallowed");
} else {
RegistryImpl.checkAccess("ActivationSystem.unbind");
super.unbind(name);
}
}
......@@ -368,6 +370,7 @@ public class Activation implements Serializable {
throw new AccessException(
"binding ActivationSystem is disallowed");
} else {
RegistryImpl.checkAccess("ActivationSystem.rebind");
super.rebind(name, obj);
}
}
......@@ -458,6 +461,33 @@ public class Activation implements Serializable {
}
/**
* SameHostOnlyServerRef checks that access is from a local client
* before the parameters are deserialized. The unmarshalCustomCallData
* hook is used to check the network address of the caller
* with RegistryImpl.checkAccess().
* The kind of access is retained for an exception if one is thrown.
*/
static class SameHostOnlyServerRef extends UnicastServerRef {
private static final long serialVersionUID = 1234L;
private String accessKind; // an exception message
/**
* Construct a new SameHostOnlyServerRef from a LiveRef.
* @param lref a LiveRef
*/
SameHostOnlyServerRef(LiveRef lref, String accessKind) {
super(lref);
this.accessKind = accessKind;
}
@Override
protected void unmarshalCustomCallData(ObjectInput in) throws IOException, ClassNotFoundException {
RegistryImpl.checkAccess(accessKind);
super.unmarshalCustomCallData(in);
}
}
class ActivationSystemImpl
extends RemoteServer
implements ActivationSystem
......@@ -475,7 +505,8 @@ public class Activation implements Serializable {
* 'this' can be exported.
*/
LiveRef lref = new LiveRef(new ObjID(4), port, null, ssf);
UnicastServerRef uref = new UnicastServerRef(lref);
UnicastServerRef uref = new SameHostOnlyServerRef(lref,
"ActivationSystem.nonLocalAccess");
ref = uref;
uref.exportObject(this, null);
}
......@@ -484,8 +515,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownGroupException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.registerObject");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
ActivationGroupID groupID = desc.getGroupID();
ActivationID id = new ActivationID(activatorStub);
getGroupEntry(groupID).registerObject(id, desc, true);
......@@ -496,15 +527,18 @@ public class Activation implements Serializable {
throws ActivationException, UnknownObjectException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.unregisterObject");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
getGroupEntry(id).unregisterObject(id, true);
}
public ActivationGroupID registerGroup(ActivationGroupDesc desc)
throws ActivationException, RemoteException
{
Thread.dumpStack();
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.registerGroup");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
checkArgs(desc, null);
ActivationGroupID id = new ActivationGroupID(systemStub);
......@@ -521,7 +555,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownGroupException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.activeGroup");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
getGroupEntry(id).activeGroup(group, incarnation);
return monitor;
......@@ -531,7 +566,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownGroupException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.unregisterGroup");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
// remove entry before unregister so state is updated before
// logged
......@@ -543,7 +579,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownObjectException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.setActivationDesc");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
if (!getGroupID(id).equals(desc.getGroupID())) {
throw new ActivationException(
......@@ -557,8 +594,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownGroupException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess(
"ActivationSystem.setActivationGroupDesc");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
checkArgs(desc, null);
return getGroupEntry(id).setActivationGroupDesc(id, desc, true);
......@@ -568,7 +605,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownObjectException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.getActivationDesc");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
return getGroupEntry(id).getActivationDesc(id);
}
......@@ -577,8 +615,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownGroupException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess
("ActivationSystem.getActivationGroupDesc");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
return getGroupEntry(id).desc;
}
......@@ -588,7 +626,8 @@ public class Activation implements Serializable {
* the activation daemon and exits the activation daemon.
*/
public void shutdown() throws AccessException {
RegistryImpl.checkAccess("ActivationSystem.shutdown");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
Object lock = startupLock;
if (lock != null) {
......
src/share/classes/sun/rmi/server/UnicastServerRef.java
浏览文件 @ d904de00
......@@ -32,6 +32,7 @@ import java.io.ObjectOutput;
import java.io.ObjectStreamClass;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.rmi.AccessException;
import java.rmi.MarshalException;
import java.rmi.Remote;
import java.rmi.RemoteException;
......@@ -290,20 +291,25 @@ public class UnicastServerRef extends UnicastRef
try {
in = call.getInputStream();
num = in.readInt();
if (num >= 0) {
if (skel != null) {
oldDispatch(obj, call, num);
return;
} else {
throw new UnmarshalException(
"skeleton class not found but required " +
"for client version");
}
} catch (Exception readEx) {
throw new UnmarshalException("error unmarshalling call header",
readEx);
}
if (num >= 0) {
if (skel != null) {
oldDispatch(obj, call, num);
return;
} else {
throw new UnmarshalException(
"skeleton class not found but required " +
"for client version");
}
}
try {
op = in.readLong();
} catch (Exception readEx) {
throw new UnmarshalException("error unmarshalling call header",
readEx);
readEx);
}
/*
......@@ -331,6 +337,11 @@ public class UnicastServerRef extends UnicastRef
try {
unmarshalCustomCallData(in);
params = unmarshalParameters(obj, method, marshalStream);
} catch (AccessException aex) {
// For compatibility, AccessException is not wrapped in UnmarshalException
// disable saving any refs in the inputStream for GC
((StreamRemoteCall) call).discardPendingRefs();
throw aex;
} catch (java.io.IOException | ClassNotFoundException e) {
// disable saving any refs in the inputStream for GC
((StreamRemoteCall) call).discardPendingRefs();
......@@ -367,6 +378,7 @@ public class UnicastServerRef extends UnicastRef
*/
}
} catch (Throwable e) {
Throwable origEx = e;
logCallException(e);
ObjectOutput out = call.getResultStream(false);
......@@ -382,6 +394,12 @@ public class UnicastServerRef extends UnicastRef
clearStackTraces(e);
}
out.writeObject(e);
// AccessExceptions should cause Transport.serviceCall
// to flag the connection as unusable.
if (origEx instanceof AccessException) {
throw new IOException("Connection is not reusable", origEx);
}
} finally {
call.releaseInputStream(); // in case skeleton doesn't
call.releaseOutputStream();
......@@ -413,62 +431,41 @@ public class UnicastServerRef extends UnicastRef
* Handle server-side dispatch using the RMI 1.1 stub/skeleton
* protocol, given a non-negative operation number that has
* already been read from the call stream.
* Exceptions are handled by the caller to be sent to the remote client.
*
* @param obj the target remote object for the call
* @param call the "remote call" from which operation and
* method arguments can be obtained.
* @param op the operation number
* @exception IOException if unable to marshal return result or
* @throws Exception if unable to marshal return result or
* release input or output streams
*/
public void oldDispatch(Remote obj, RemoteCall call, int op)
throws IOException
private void oldDispatch(Remote obj, RemoteCall call, int op)
throws Exception
{
long hash; // hash for matching stub with skeleton
// read remote call header
ObjectInput in;
in = call.getInputStream();
try {
// read remote call header
ObjectInput in;
try {
in = call.getInputStream();
try {
Class<?> clazz = Class.forName("sun.rmi.transport.DGCImpl_Skel");
if (clazz.isAssignableFrom(skel.getClass())) {
((MarshalInputStream)in).useCodebaseOnly();
}
} catch (ClassNotFoundException ignore) { }
hash = in.readLong();
} catch (Exception readEx) {
throw new UnmarshalException("error unmarshalling call header",
readEx);
Class<?> clazz = Class.forName("sun.rmi.transport.DGCImpl_Skel");
if (clazz.isAssignableFrom(skel.getClass())) {
((MarshalInputStream)in).useCodebaseOnly();
}
} catch (ClassNotFoundException ignore) { }
// if calls are being logged, write out object id and operation
logCall(obj, skel.getOperations()[op]);
unmarshalCustomCallData(in);
// dispatch to skeleton for remote object
skel.dispatch(obj, call, op, hash);
} catch (Throwable e) {
logCallException(e);
ObjectOutput out = call.getResultStream(false);
if (e instanceof Error) {
e = new ServerError(
"Error occurred in server thread", (Error) e);
} else if (e instanceof RemoteException) {
e = new ServerException(
"RemoteException occurred in server thread",
(Exception) e);
}
if (suppressStackTraces) {
clearStackTraces(e);
}
out.writeObject(e);
} finally {
call.releaseInputStream(); // in case skeleton doesn't
call.releaseOutputStream();
try {
hash = in.readLong();
} catch (Exception ioe) {
throw new UnmarshalException("error unmarshalling call header", ioe);
}
// if calls are being logged, write out object id and operation
logCall(obj, skel.getOperations()[op]);
unmarshalCustomCallData(in);
// dispatch to skeleton for remote object
skel.dispatch(obj, call, op, hash);
}
/**
......
src/share/classes/sun/security/ec/ECDSASignature.java
浏览文件 @ d904de00
/*
* Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -287,11 +287,15 @@ abstract class ECDSASignature extends SignatureSpi {
}
random.nextBytes(seed);
try {
// random bits needed for timing countermeasures
int timingArgument = random.nextInt();
// values must be non-zero to enable countermeasures
timingArgument |= 1;
try {
return encodeSignature(
signDigest(getDigestValue(), s, encodedParams, seed));
signDigest(getDigestValue(), s, encodedParams, seed,
timingArgument));
} catch (GeneralSecurityException e) {
throw new SignatureException("Could not sign data", e);
}
......@@ -418,11 +422,19 @@ abstract class ECDSASignature extends SignatureSpi {
* @param s the private key's S value.
* @param encodedParams the curve's DER encoded object identifier.
* @param seed the random seed.
* @param timing When non-zero, the implmentation will use timing
* countermeasures to hide secrets from timing channels. The EC
* implementation will disable the countermeasures when this value is
* zero, because the underlying EC functions are shared by several
* crypto operations, some of which do not use the countermeasures.
* The high-order 31 bits must be uniformly random. The entropy from
* these bits is used by the countermeasures.
*
* @return byte[] the signature.
*/
private static native byte[] signDigest(byte[] digest, byte[] s,
byte[] encodedParams, byte[] seed) throws GeneralSecurityException;
byte[] encodedParams, byte[] seed, int timing)
throws GeneralSecurityException;
/**
* Verifies the signed digest using the public key.
......
src/share/classes/sun/security/provider/DSA.java
浏览文件 @ d904de00
/*
* Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -67,6 +67,13 @@ abstract class DSA extends SignatureSpi {
/* Are we debugging? */
private static final boolean debug = false;
/* The number of bits used in exponent blinding */
private static final int BLINDING_BITS = 7;
/* The constant component of the exponent blinding value */
private static final BigInteger BLINDING_CONSTANT =
BigInteger.valueOf(1 << BLINDING_BITS);
/* The parameter object */
private DSAParams params;
......@@ -312,8 +319,19 @@ abstract class DSA extends SignatureSpi {
return null;
}
private BigInteger generateR(BigInteger p, BigInteger q, BigInteger g,
BigInteger k) {
// exponent blinding to hide information from timing channel
SecureRandom random = getSigningRandom();
// start with a random blinding component
BigInteger blindingValue = new BigInteger(BLINDING_BITS, random);
// add the fixed blinding component
blindingValue = blindingValue.add(BLINDING_CONSTANT);
// replace k with a blinded value that is congruent (mod q)
k = k.add(q.multiply(blindingValue));
BigInteger temp = g.modPow(k, p);
return temp.mod(q);
}
......@@ -378,43 +396,8 @@ abstract class DSA extends SignatureSpi {
byte[] kValue = new byte[(q.bitLength() + 7)/8 + 8];
random.nextBytes(kValue);
BigInteger k = new BigInteger(1, kValue).mod(
return new BigInteger(1, kValue).mod(
q.subtract(BigInteger.ONE)).add(BigInteger.ONE);
// Using an equivalent exponent of fixed length (same as q or 1 bit
// less than q) to keep the kG timing relatively constant.
//
// Note that this is an extra step on top of the approach defined in
// FIPS 186-4 AppendixB.2.1 so as to make a fixed length K.
k = k.add(q).divide(BigInteger.valueOf(2));
// An alternative implementation based on FIPS 186-4 AppendixB2.2
// with fixed-length K.
//
// Please keep it here as we may need to switch to it in the future.
//
// SecureRandom random = getSigningRandom();
// byte[] kValue = new byte[(q.bitLength() + 7)/8];
// BigInteger d = q.subtract(BigInteger.TWO);
// BigInteger k;
// do {
// random.nextBytes(kValue);
// BigInteger c = new BigInteger(1, kValue);
// if (c.compareTo(d) <= 0) {
// k = c.add(BigInteger.ONE);
// // Using an equivalent exponent of fixed length to keep
// // the g^k timing relatively constant.
// //
// // Note that this is an extra step on top of the approach
// // defined in FIPS 186-4 AppendixB.2.2 so as to make a
// // fixed length K.
// if (k.bitLength() >= q.bitLength()) {
// break;
// }
// }
// } while (true);
return k;
}
// Use the application-specified SecureRandom Object if provided.
......
src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java
浏览文件 @ d904de00
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -265,7 +265,7 @@ public final class LDAPCertStore extends CertStoreSpi {
*/
Hashtable<?,?> currentEnv = ctx.getEnvironment();
if (currentEnv.get(Context.REFERRAL) == null) {
ctx.addToEnvironment(Context.REFERRAL, "follow");
ctx.addToEnvironment(Context.REFERRAL, "follow-scheme");
}
} catch (NamingException e) {
if (debug != null) {
......
src/share/classes/sun/security/tools/keytool/Resources_sv.java
浏览文件 @ d904de00
/*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -55,7 +55,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
{"Changes.an.entry.s.alias",
"\u00C4ndrar postalias"}, //-changealias
{"Deletes.an.entry",
"Tar bort post"}, //-delete
"Tar bort en post"}, //-delete
{"Exports.certificate",
"Exporterar certifikat"}, //-exportcert
{"Generates.a.key.pair",
......@@ -175,7 +175,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
{"validity.number.of.days",
"antal dagar f\u00F6r giltighet"}, //-validity
{"Serial.ID.of.cert.to.revoke",
"Seriellt id f\u00F6r certifikat som ska \u00E5terkallas"}, //-id
"Serienummer p\u00E5 certifikat som ska \u00E5terkallas"}, //-id
// keytool: Running part
{"keytool.error.", "nyckelverktygsfel: "},
{"Illegal.option.", "Otill\u00E5tet alternativ: "},
......@@ -266,7 +266,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
"Certifikatet har inte lagts till i nyckellagret"},
{".Storing.ksfname.", "[Lagrar {0}]"},
{"alias.has.no.public.key.certificate.",
"{0} saknar offentlig nyckel (certifikat)"},
"{0} saknar \u00F6ppen nyckel (certifikat)"},
{"Cannot.derive.signature.algorithm",
"Kan inte h\u00E4rleda signaturalgoritm"},
{"Alias.alias.does.not.exist",
......@@ -316,7 +316,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
{"Failed.to.parse.input", "Kunde inte tolka indata"},
{"Empty.input", "Inga indata"},
{"Not.X.509.certificate", "Inte ett X.509-certifikat"},
{"alias.has.no.public.key", "{0} saknar offentlig nyckel"},
{"alias.has.no.public.key", "{0} saknar \u00F6ppen nyckel"},
{"alias.has.no.X.509.certificate", "{0} saknar X.509-certifikat"},
{"New.certificate.self.signed.", "Nytt certifikat (sj\u00E4lvsignerat):"},
{"Reply.has.no.certificates", "Svaret saknar certifikat"},
......@@ -371,7 +371,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
{".WARNING.WARNING.WARNING.",
"***************** WARNING WARNING WARNING *****************"},
{"Signer.d.", "Signerare #%d:"},
{"Signer.d.", "Undertecknare %d:"},
{"Timestamp.", "Tidsst\u00E4mpel:"},
{"Signature.", "Signatur:"},
{"CRLs.", "CRL:er:"},
......@@ -386,7 +386,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
"* Integriteten f\u00F6r den information som lagras i srckeystore*\n* har INTE verifierats! Om du vill verifiera dess integritet *\n* m\u00E5ste du ange l\u00F6senordet f\u00F6r srckeystore. *"},
{"Certificate.reply.does.not.contain.public.key.for.alias.",
"Certifikatsvaret inneh\u00E5ller inte n\u00E5gon offentlig nyckel f\u00F6r <{0}>"},
"Certifikatsvaret inneh\u00E5ller inte n\u00E5gon \u00F6ppen nyckel f\u00F6r <{0}>"},
{"Incomplete.certificate.chain.in.reply",
"Ofullst\u00E4ndig certifikatskedja i svaret"},
{"Certificate.chain.in.reply.does.not.verify.",
......@@ -417,7 +417,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
{".Empty.value.", "(Tomt v\u00E4rde)"},
{"Extension.Request.", "Till\u00E4ggsbeg\u00E4ran:"},
{"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.",
"PKCS #10 certifikatbeg\u00E4ran (version 1.0)\n\u00C4mne: %s\nAllm\u00E4n nyckel: %s-format %s-nyckel\n"},
"PKCS #10 certifikatbeg\u00E4ran (version 1.0)\n\u00C4rende: %s\n\u00D6ppen nyckel: %s-format %s-nyckel\n"},
{"Unknown.keyUsage.type.", "Ok\u00E4nd keyUsage-typ: "},
{"Unknown.extendedkeyUsage.type.", "Ok\u00E4nd extendedkeyUsage-typ: "},
{"Unknown.AccessDescription.type.", "Ok\u00E4nd AccessDescription-typ: "},
......
src/share/classes/sun/security/tools/policytool/Resources_sv.java
浏览文件 @ d904de00
......@@ -35,7 +35,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
private static final Object[][] contents = {
{"NEWLINE", "\n"},
{"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.",
"Varning! Det finns ingen offentlig nyckel f\u00F6r aliaset {0}. Kontrollera att det aktuella nyckellagret \u00E4r korrekt konfigurerat."},
"Varning! Det finns ingen \u00F6ppen nyckel f\u00F6r aliaset {0}. Kontrollera att det aktuella nyckellagret \u00E4r korrekt konfigurerat."},
{"Warning.Class.not.found.class", "Varning! Klassen hittades inte: {0}"},
{"Warning.Invalid.argument.s.for.constructor.arg",
"Varning! Ogiltiga argument f\u00F6r konstruktor: {0}"},
......@@ -59,8 +59,8 @@ public class Resources_sv extends java.util.ListResourceBundle {
{"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes",
"Varning! Filnamnet kan inneh\u00E5lla omv\u00E4nda snedstreck inom citattecken. Citattecken kr\u00E4vs inte f\u00F6r omv\u00E4nda snedstreck (verktyget hanterar detta n\u00E4r policyinneh\u00E5llet skrivs till det best\u00E4ndiga lagret).\n\nKlicka p\u00E5 Beh\u00E5ll f\u00F6r att beh\u00E5lla det angivna namnet, eller klicka p\u00E5 Redigera f\u00F6r att \u00E4ndra det."},
{"Add.Public.Key.Alias", "L\u00E4gg till offentligt nyckelalias"},
{"Remove.Public.Key.Alias", "Ta bort offentligt nyckelalias"},
{"Add.Public.Key.Alias", "L\u00E4gg till alias till \u00F6ppen nyckel"},
{"Remove.Public.Key.Alias", "Ta bort alias f\u00F6r \u00F6ppen nyckel"},
{"File", "&Arkiv"},
{"KeyStore", "&KeyStore"},
{"Policy.File.", "Policyfil:"},
......@@ -136,7 +136,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
{"provider.name", "leverant\u00F6rsnamn"},
{"url", "url"},
{"method.list", "metodlista"},
{"request.headers.list", "beg\u00E4ranrubriklista"},
{"request.headers.list", "lista \u00F6ver beg\u00E4randehuvuden"},
{"Principal.List", "Lista \u00F6ver identitetshavare"},
{"Permission.List", "Beh\u00F6righetslista"},
{"Code.Base", "Kodbas"},
......
src/share/classes/sun/security/util/AuthResources_sv.java
浏览文件 @ d904de00
/*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -137,7 +137,7 @@ public class AuthResources_sv extends java.util.ListResourceBundle {
// provided.null.name is the NullPointerException message when a
// developer incorrectly passes a null name to the constructor of
// subclasses of java.security.Principal
{"provided.null.name", "angav null-namn"}
{"provided.null.name", "null-namn angavs"}
};
......
src/share/classes/sun/security/util/Resources_sv.java
浏览文件 @ d904de00
/*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -53,9 +53,9 @@ public class Resources_sv extends java.util.ListResourceBundle {
"CredOwner:\n\tIdentitetshavareklass = {0}\n\tIdentitetshavarenamn = {1}"},
// javax.security.auth.x500
{"provided.null.name", "angav null-namn"},
{"provided.null.keyword.map", "nullnyckelordsmappning tillhandah\u00F6lls"},
{"provided.null.OID.map", "null-OID-mappning tillhandah\u00F6lls"},
{"provided.null.name", "null-namn angavs"},
{"provided.null.keyword.map", "nullnyckelordsmappning angavs"},
{"provided.null.OID.map", "null-OID-mappning angavs"},
// javax.security.auth.Subject
{"NEWLINE", "\n"},
......@@ -73,7 +73,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
"\tPrivat inloggning \u00E4r inte tillg\u00E4nglig\n"},
{"Subject.is.read.only", "Innehavare \u00E4r skrivskyddad"},
{"attempting.to.add.an.object.which.is.not.an.instance.of.java.security.Principal.to.a.Subject.s.Principal.Set",
"f\u00F6rs\u00F6k att l\u00E4gga till ett objekt som inte \u00E4r en f\u00F6rekomst av java.security.Principal till en upps\u00E4ttning av identitetshavare"},
"f\u00F6rs\u00F6k att l\u00E4gga till ett objekt som inte \u00E4r en instans av java.security.Principal till ett subjekts upps\u00E4ttning av identitetshavare"},
{"attempting.to.add.an.object.which.is.not.an.instance.of.class",
"f\u00F6rs\u00F6ker l\u00E4gga till ett objekt som inte \u00E4r en instans av {0}"},
......@@ -84,11 +84,11 @@ public class Resources_sv extends java.util.ListResourceBundle {
{"Invalid.null.input.name", "Ogiltiga null-indata: namn"},
{"No.LoginModules.configured.for.name",
"Inga inloggningsmoduler har konfigurerats f\u00F6r {0}"},
{"invalid.null.Subject.provided", "ogiltig null-innehavare"},
{"invalid.null.Subject.provided", "ogiltig null-subjekt"},
{"invalid.null.CallbackHandler.provided",
"ogiltig null-CallbackHandler"},
{"null.subject.logout.called.before.login",
"null-innehavare - utloggning anropades f\u00F6re inloggning"},
"null-subjekt - utloggning anropades f\u00F6re inloggning"},
{"unable.to.instantiate.LoginModule.module.because.it.does.not.provide.a.no.argument.constructor",
"kan inte instansiera LoginModule, {0}, eftersom den inte tillhandah\u00E5ller n\u00E5gon icke-argumentskonstruktor"},
{"unable.to.instantiate.LoginModule",
......@@ -148,12 +148,12 @@ public class Resources_sv extends java.util.ListResourceBundle {
// sun.security.pkcs11.SunPKCS11
{"PKCS11.Token.providerName.Password.",
"PKCS11-tecken [{0}] L\u00F6senord: "},
"L\u00F6senord f\u00F6r PKCS11-token [{0}]: "},
/* --- DEPRECATED --- */
// javax.security.auth.Policy
{"unable.to.instantiate.Subject.based.policy",
"den innehavarbaserade policyn kan inte skapas"}
"kan inte instansiera subjektbaserad policy"}
};
......
src/share/native/sun/security/ec/ECC_JNI.cpp
浏览文件 @ d904de00
/*
* Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -190,7 +190,7 @@ cleanup:
*/
JNIEXPORT jbyteArray
JNICALL Java_sun_security_ec_ECDSASignature_signDigest
(JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed)
(JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
{
jbyte* pDigestBuffer = NULL;
jint jDigestLength = env->GetArrayLength(digest);
......@@ -250,7 +250,7 @@ JNICALL Java_sun_security_ec_ECDSASignature_signDigest
// Sign the digest (using the supplied seed)
if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item,
(unsigned char *) pSeedBuffer, jSeedLength, 0) != SECSuccess) {
(unsigned char *) pSeedBuffer, jSeedLength, 0, timing) != SECSuccess) {
ThrowException(env, KEY_EXCEPTION);
goto cleanup;
}
......
src/share/native/sun/security/ec/impl/ec.c
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -34,7 +34,7 @@
* Dr Vipul Gupta <vipul.gupta@sun.com> and
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: November 2016
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "mplogic.h"
......@@ -87,7 +87,7 @@ ec_point_at_infinity(SECItem *pointP)
*/
SECStatus
ec_points_mul(const ECParams *params, const mp_int *k1, const mp_int *k2,
const SECItem *pointP, SECItem *pointQ, int kmflag)
const SECItem *pointP, SECItem *pointQ, int kmflag, int timing)
{
mp_int Px, Py, Qx, Qy;
mp_int Gx, Gy, order, irreducible, a, b;
......@@ -199,9 +199,9 @@ ec_points_mul(const ECParams *params, const mp_int *k1, const mp_int *k2,
goto cleanup;
if ((k2 != NULL) && (pointP != NULL)) {
CHECK_MPI_OK( ECPoints_mul(group, k1, k2, &Px, &Py, &Qx, &Qy) );
CHECK_MPI_OK( ECPoints_mul(group, k1, k2, &Px, &Py, &Qx, &Qy, timing) );
} else {
CHECK_MPI_OK( ECPoints_mul(group, k1, NULL, NULL, NULL, &Qx, &Qy) );
CHECK_MPI_OK( ECPoints_mul(group, k1, NULL, NULL, NULL, &Qx, &Qy, timing) );
}
/* Construct the SECItem representation of point Q */
......@@ -332,7 +332,8 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
CHECK_MPI_OK( mp_read_unsigned_octets(&k, key->privateValue.data,
(mp_size) len) );
rv = ec_points_mul(ecParams, &k, NULL, NULL, &(key->publicValue), kmflag);
/* key generation does not support timing mitigation */
rv = ec_points_mul(ecParams, &k, NULL, NULL, &(key->publicValue), kmflag, /*timing*/ 0);
if (rv != SECSuccess) goto cleanup;
*privKey = key;
......@@ -609,7 +610,8 @@ ECDH_Derive(SECItem *publicValue,
}
/* Multiply our private key and peer's public point */
if ((ec_points_mul(ecParams, NULL, &k, publicValue, &pointQ, kmflag) != SECSuccess) ||
/* ECDH doesn't support timing mitigation */
if ((ec_points_mul(ecParams, NULL, &k, publicValue, &pointQ, kmflag, /*timing*/ 0) != SECSuccess) ||
ec_point_at_infinity(&pointQ))
goto cleanup;
......@@ -644,7 +646,8 @@ cleanup:
*/
SECStatus
ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
const SECItem *digest, const unsigned char *kb, const int kblen, int kmflag)
const SECItem *digest, const unsigned char *kb, const int kblen, int kmflag,
int timing)
{
SECStatus rv = SECFailure;
mp_int x1;
......@@ -713,16 +716,6 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
goto cleanup;
}
/*
* Using an equivalent exponent of fixed length (same as n or 1 bit less
* than n) to keep the kG timing relatively constant.
*
* Note that this is an extra step on top of the approach defined in
* ANSI X9.62 so as to make a fixed length K.
*/
CHECK_MPI_OK( mp_add(&k, &n, &k) );
CHECK_MPI_OK( mp_div_2(&k, &k) );
/*
** ANSI X9.62, Section 5.3.2, Step 2
**
......@@ -731,7 +724,7 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
kGpoint.len = 2*flen + 1;
kGpoint.data = PORT_Alloc(2*flen + 1, kmflag);
if ((kGpoint.data == NULL) ||
(ec_points_mul(ecParams, &k, NULL, NULL, &kGpoint, kmflag)
(ec_points_mul(ecParams, &k, NULL, NULL, &kGpoint, kmflag, timing)
!= SECSuccess))
goto cleanup;
......@@ -853,7 +846,7 @@ cleanup:
*/
SECStatus
ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest,
const unsigned char* random, int randomLen, int kmflag)
const unsigned char* random, int randomLen, int kmflag, int timing)
{
SECStatus rv = SECFailure;
int len;
......@@ -871,7 +864,7 @@ ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest,
if (kBytes == NULL) goto cleanup;
/* Generate ECDSA signature with the specified k value */
rv = ECDSA_SignDigestWithSeed(key, signature, digest, kBytes, len, kmflag);
rv = ECDSA_SignDigestWithSeed(key, signature, digest, kBytes, len, kmflag, timing);
cleanup:
if (kBytes) {
......@@ -1017,7 +1010,8 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
** Here, A = u1.G B = u2.Q and C = A + B
** If the result, C, is the point at infinity, reject the signature
*/
if (ec_points_mul(ecParams, &u1, &u2, &key->publicValue, &pointC, kmflag)
/* verification does not support timing mitigation */
if (ec_points_mul(ecParams, &u1, &u2, &key->publicValue, &pointC, kmflag, /*timing*/ 0)
!= SECSuccess) {
rv = SECFailure;
goto cleanup;
......
src/share/native/sun/security/ec/impl/ec2.h
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -33,6 +33,7 @@
* Contributor(s):
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#ifndef _EC2_H
......@@ -79,7 +80,7 @@ mp_err ec_GF2m_pt_mul_aff(const mp_int *n, const mp_int *px,
* determines the field GF2m. Uses Montgomery projective coordinates. */
mp_err ec_GF2m_pt_mul_mont(const mp_int *n, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group);
const ECGroup *group, int timing);
#ifdef ECL_ENABLE_GF2M_PROJ
/* Converts a point P(px, py) from affine coordinates to projective
......
src/share/native/sun/security/ec/impl/ec2_aff.c
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -33,6 +33,7 @@
* Contributor(s):
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "ec2.h"
......@@ -329,7 +330,8 @@ ec_GF2m_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group)
/* 4: Verify that the order of the curve times the publicValue
* is the point at infinity.
*/
MP_CHECKOK( ECPoint_mul(group, &group->order, px, py, &pxt, &pyt) );
/* timing mitigation is not supported */
MP_CHECKOK( ECPoint_mul(group, &group->order, px, py, &pxt, &pyt, /*timing*/ 0) );
if (ec_GF2m_pt_is_inf_aff(&pxt, &pyt) != MP_YES) {
res = MP_NO;
goto CLEANUP;
......
src/share/native/sun/security/ec/impl/ec2_mont.c
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -35,6 +35,7 @@
* Stephen Fung <fungstep@hotmail.com>, and
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories.
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "ec2.h"
......@@ -181,10 +182,12 @@ gf2m_Mxy(const mp_int *x, const mp_int *y, mp_int *x1, mp_int *z1,
/* Computes R = nP based on algorithm 2P of Lopex, J. and Dahab, R. "Fast
* multiplication on elliptic curves over GF(2^m) without
* precomputation". Elliptic curve points P and R can be identical. Uses
* Montgomery projective coordinates. */
* Montgomery projective coordinates. The timing parameter is ignored
* because this algorithm resists timing attacks by default. */
mp_err
ec_GF2m_pt_mul_mont(const mp_int *n, const mp_int *px, const mp_int *py,
mp_int *rx, mp_int *ry, const ECGroup *group)
mp_int *rx, mp_int *ry, const ECGroup *group,
int timing)
{
mp_err res = MP_OKAY;
mp_int x1, x2, z1, z2;
......
src/share/native/sun/security/ec/impl/ecc_impl.h
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -34,7 +34,7 @@
* Dr Vipul Gupta <vipul.gupta@sun.com> and
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: November 2013
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#ifndef _ECC_IMPL_H
......@@ -258,7 +258,7 @@ extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
const unsigned char* random, int randomlen, int);
/* This function has been modified to accept an array of random bytes */
extern SECStatus ECDSA_SignDigest(ECPrivateKey *, SECItem *, const SECItem *,
const unsigned char* random, int randomlen, int);
const unsigned char* random, int randomlen, int, int timing);
extern SECStatus ECDSA_VerifyDigest(ECPublicKey *, const SECItem *,
const SECItem *, int);
extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t,
......
src/share/native/sun/security/ec/impl/ecl-priv.h
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -34,6 +34,7 @@
* Stephen Fung <fungstep@hotmail.com> and
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#ifndef _ECL_PRIV_H
......@@ -193,12 +194,13 @@ struct ECGroupStr {
mp_int *ry, const ECGroup *group);
mp_err (*point_mul) (const mp_int *n, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group);
const ECGroup *group, int timing);
mp_err (*base_point_mul) (const mp_int *n, mp_int *rx, mp_int *ry,
const ECGroup *group);
mp_err (*points_mul) (const mp_int *k1, const mp_int *k2,
const mp_int *px, const mp_int *py, mp_int *rx,
mp_int *ry, const ECGroup *group);
mp_int *ry, const ECGroup *group,
int timing);
mp_err (*validate_point) (const mp_int *px, const mp_int *py, const ECGroup *group);
/* Extra storage for implementation-specific data. Any memory
* allocated to these extra fields will be cleared by extra_free. */
......@@ -262,10 +264,12 @@ void ec_GFp_extra_free_mont(GFMethod *meth);
/* point multiplication */
mp_err ec_pts_mul_basic(const mp_int *k1, const mp_int *k2,
const mp_int *px, const mp_int *py, mp_int *rx,
mp_int *ry, const ECGroup *group);
mp_int *ry, const ECGroup *group,
int timing);
mp_err ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2,
const mp_int *px, const mp_int *py, mp_int *rx,
mp_int *ry, const ECGroup *group);
mp_int *ry, const ECGroup *group,
int timing);
/* Computes the windowed non-adjacent-form (NAF) of a scalar. Out should
* be an array of signed char's to output to, bitsize should be the number
......
src/share/native/sun/security/ec/impl/ecl.h
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -33,6 +33,7 @@
* Contributor(s):
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#ifndef _ECL_H
......@@ -70,7 +71,8 @@ void EC_FreeCurveParams(ECCurveParams * params);
* of the group of points on the elliptic curve. Input and output values
* are assumed to be NOT field-encoded. */
mp_err ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
const mp_int *py, mp_int *qx, mp_int *qy);
const mp_int *py, mp_int *qx, mp_int *qy,
int timing);
/* Elliptic curve scalar-point multiplication. Computes Q(x, y) = k1 * G +
* k2 * P(x, y), where G is the generator (base point) of the group of
......@@ -78,7 +80,7 @@ mp_err ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
* be NOT field-encoded. */
mp_err ECPoints_mul(const ECGroup *group, const mp_int *k1,
const mp_int *k2, const mp_int *px, const mp_int *py,
mp_int *qx, mp_int *qy);
mp_int *qx, mp_int *qy, int timing);
/* Validates an EC public key as described in Section 5.2.2 of X9.62.
* Returns MP_YES if the public key is valid, MP_NO if the public key
......
src/share/native/sun/security/ec/impl/ecl_mult.c
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -49,7 +49,8 @@
* are assumed to be NOT field-encoded. */
mp_err
ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry)
const mp_int *py, mp_int *rx, mp_int *ry,
int timing)
{
mp_err res = MP_OKAY;
mp_int kt;
......@@ -74,15 +75,15 @@ ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
} else {
MP_CHECKOK(group->
point_mul(&kt, &group->genx, &group->geny, rx, ry,
group));
group, timing));
}
} else {
if (group->meth->field_enc) {
MP_CHECKOK(group->meth->field_enc(px, rx, group->meth));
MP_CHECKOK(group->meth->field_enc(py, ry, group->meth));
MP_CHECKOK(group->point_mul(&kt, rx, ry, rx, ry, group));
MP_CHECKOK(group->point_mul(&kt, rx, ry, rx, ry, group, timing));
} else {
MP_CHECKOK(group->point_mul(&kt, px, py, rx, ry, group));
MP_CHECKOK(group->point_mul(&kt, px, py, rx, ry, group, timing));
}
}
if (group->meth->field_dec) {
......@@ -104,7 +105,7 @@ ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
mp_err
ec_pts_mul_basic(const mp_int *k1, const mp_int *k2, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group)
const ECGroup *group, int timing)
{
mp_err res = MP_OKAY;
mp_int sx, sy;
......@@ -116,9 +117,9 @@ ec_pts_mul_basic(const mp_int *k1, const mp_int *k2, const mp_int *px,
/* if some arguments are not defined used ECPoint_mul */
if (k1 == NULL) {
return ECPoint_mul(group, k2, px, py, rx, ry);
return ECPoint_mul(group, k2, px, py, rx, ry, timing);
} else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
return ECPoint_mul(group, k1, NULL, NULL, rx, ry, timing);
}
MP_DIGITS(&sx) = 0;
......@@ -126,8 +127,8 @@ ec_pts_mul_basic(const mp_int *k1, const mp_int *k2, const mp_int *px,
MP_CHECKOK(mp_init(&sx, FLAG(k1)));
MP_CHECKOK(mp_init(&sy, FLAG(k1)));
MP_CHECKOK(ECPoint_mul(group, k1, NULL, NULL, &sx, &sy));
MP_CHECKOK(ECPoint_mul(group, k2, px, py, rx, ry));
MP_CHECKOK(ECPoint_mul(group, k1, NULL, NULL, &sx, &sy, timing));
MP_CHECKOK(ECPoint_mul(group, k2, px, py, rx, ry, timing));
if (group->meth->field_enc) {
MP_CHECKOK(group->meth->field_enc(&sx, &sx, group->meth));
......@@ -159,7 +160,7 @@ ec_pts_mul_basic(const mp_int *k1, const mp_int *k2, const mp_int *px,
mp_err
ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group)
const ECGroup *group, int timing)
{
mp_err res = MP_OKAY;
mp_int precomp[4][4][2];
......@@ -174,9 +175,9 @@ ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px,
/* if some arguments are not defined used ECPoint_mul */
if (k1 == NULL) {
return ECPoint_mul(group, k2, px, py, rx, ry);
return ECPoint_mul(group, k2, px, py, rx, ry, timing);
} else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
return ECPoint_mul(group, k1, NULL, NULL, rx, ry, timing);
}
/* initialize precomputation table */
......@@ -308,7 +309,8 @@ ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px,
* Input and output values are assumed to be NOT field-encoded. */
mp_err
ECPoints_mul(const ECGroup *group, const mp_int *k1, const mp_int *k2,
const mp_int *px, const mp_int *py, mp_int *rx, mp_int *ry)
const mp_int *px, const mp_int *py, mp_int *rx, mp_int *ry,
int timing)
{
mp_err res = MP_OKAY;
mp_int k1t, k2t;
......@@ -345,9 +347,9 @@ ECPoints_mul(const ECGroup *group, const mp_int *k1, const mp_int *k2,
/* if points_mul is defined, then use it */
if (group->points_mul) {
res = group->points_mul(k1p, k2p, px, py, rx, ry, group);
res = group->points_mul(k1p, k2p, px, py, rx, ry, group, timing);
} else {
res = ec_pts_mul_simul_w2(k1p, k2p, px, py, rx, ry, group);
res = ec_pts_mul_simul_w2(k1p, k2p, px, py, rx, ry, group, timing);
}
CLEANUP:
......
src/share/native/sun/security/ec/impl/ecp.h
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -33,6 +33,7 @@
* Contributor(s):
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#ifndef _ECP_H
......@@ -122,7 +123,7 @@ mp_err ec_GFp_pt_mul_jac(const mp_int *n, const mp_int *px,
mp_err
ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group);
const ECGroup *group, int timing);
/* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic
* curve points P and R can be identical. Uses mixed Modified-Jacobian
......@@ -131,9 +132,13 @@ mp_err
* returns output that is still field-encoded. Uses 5-bit window NAF
* method (algorithm 11) for scalar-point multiplication from Brown,
* Hankerson, Lopez, Menezes. Software Implementation of the NIST Elliptic
* Curves Over Prime Fields. */
* Curves Over Prime Fields. The implementation includes a countermeasure
* that attempts to hide the size of n from timing channels. This counter-
* measure is enabled using the timing argument. The high-rder bits of timing
* must be uniformly random in order for this countermeasure to work. */
mp_err
ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
mp_int *rx, mp_int *ry, const ECGroup *group);
mp_int *rx, mp_int *ry, const ECGroup *group,
int timing);
#endif /* _ECP_H */
src/share/native/sun/security/ec/impl/ecp_aff.c
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -38,6 +38,7 @@
* Nils Larsch <nla@trustcenter.de>, and
* Lenka Fibikova <fibikova@exp-math.uni-essen.de>, the OpenSSL Project
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "ecp.h"
......@@ -340,7 +341,8 @@ ec_GFp_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group)
/* 4: Verify that the order of the curve times the publicValue
* is the point at infinity.
*/
MP_CHECKOK( ECPoint_mul(group, &group->order, px, py, &pxt, &pyt) );
/* timing mitigation is not supported */
MP_CHECKOK( ECPoint_mul(group, &group->order, px, py, &pxt, &pyt, /*timing*/ 0) );
if (ec_GFp_pt_is_inf_aff(&pxt, &pyt) != MP_YES) {
res = MP_NO;
goto CLEANUP;
......
src/share/native/sun/security/ec/impl/ecp_jac.c
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -38,6 +38,7 @@
* Nils Larsch <nla@trustcenter.de>, and
* Lenka Fibikova <fibikova@exp-math.uni-essen.de>, the OpenSSL Project
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "ecp.h"
......@@ -180,6 +181,15 @@ ec_GFp_pt_add_jac_aff(const mp_int *px, const mp_int *py, const mp_int *pz,
MP_CHECKOK(group->meth->field_mul(&A, qx, &A, group->meth));
MP_CHECKOK(group->meth->field_mul(&B, qy, &B, group->meth));
/*
* Additional checks for point equality and point at infinity
*/
if (mp_cmp(px, &A) == 0 && mp_cmp(py, &B) == 0) {
/* POINT_DOUBLE(P) */
MP_CHECKOK(ec_GFp_pt_dbl_jac(px, py, pz, rx, ry, rz, group));
goto CLEANUP;
}
/* C = A - px, D = B - py */
MP_CHECKOK(group->meth->field_sub(&A, px, &C, group->meth));
MP_CHECKOK(group->meth->field_sub(&B, py, &D, group->meth));
......@@ -406,7 +416,7 @@ ec_GFp_pt_mul_jac(const mp_int *n, const mp_int *px, const mp_int *py,
mp_err
ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group)
const ECGroup *group, int timing)
{
mp_err res = MP_OKAY;
mp_int precomp[4][4][2];
......@@ -430,9 +440,9 @@ ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
/* if some arguments are not defined used ECPoint_mul */
if (k1 == NULL) {
return ECPoint_mul(group, k2, px, py, rx, ry);
return ECPoint_mul(group, k2, px, py, rx, ry, timing);
} else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
return ECPoint_mul(group, k1, NULL, NULL, rx, ry, timing);
}
/* initialize precomputation table */
......
src/share/native/sun/security/ec/impl/ecp_jm.c
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -33,6 +33,7 @@
* Contributor(s):
* Stephen Fung <fungstep@hotmail.com>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "ecp.h"
......@@ -165,6 +166,16 @@ ec_GFp_pt_add_jm_aff(const mp_int *px, const mp_int *py, const mp_int *pz,
MP_CHECKOK(group->meth->field_mul(A, qx, A, group->meth));
MP_CHECKOK(group->meth->field_mul(B, qy, B, group->meth));
/*
* Additional checks for point equality and point at infinity
*/
if (mp_cmp(px, A) == 0 && mp_cmp(py, B) == 0) {
/* POINT_DOUBLE(P) */
MP_CHECKOK(ec_GFp_pt_dbl_jm(px, py, pz, paz4, rx, ry, rz, raz4,
scratch, group));
goto CLEANUP;
}
/* C = A - px, D = B - py */
MP_CHECKOK(group->meth->field_sub(A, px, C, group->meth));
MP_CHECKOK(group->meth->field_sub(B, py, D, group->meth));
......@@ -213,19 +224,23 @@ CLEANUP:
* Curves Over Prime Fields. */
mp_err
ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
mp_int *rx, mp_int *ry, const ECGroup *group)
mp_int *rx, mp_int *ry, const ECGroup *group,
int timing)
{
mp_err res = MP_OKAY;
mp_int precomp[16][2], rz, tpx, tpy;
mp_int raz4;
mp_int precomp[16][2], rz, tpx, tpy, tpz;
mp_int raz4, tpaz4;
mp_int scratch[MAX_SCRATCH];
signed char *naf = NULL;
int i, orderBitSize;
int numDoubles, numAdds, extraDoubles, extraAdds;
MP_DIGITS(&rz) = 0;
MP_DIGITS(&raz4) = 0;
MP_DIGITS(&tpx) = 0;
MP_DIGITS(&tpy) = 0;
MP_DIGITS(&tpz) = 0;
MP_DIGITS(&tpaz4) = 0;
for (i = 0; i < 16; i++) {
MP_DIGITS(&precomp[i][0]) = 0;
MP_DIGITS(&precomp[i][1]) = 0;
......@@ -239,7 +254,9 @@ ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
/* initialize precomputation table */
MP_CHECKOK(mp_init(&tpx, FLAG(n)));
MP_CHECKOK(mp_init(&tpy, FLAG(n)));;
MP_CHECKOK(mp_init(&tpy, FLAG(n)));
MP_CHECKOK(mp_init(&tpz, FLAG(n)));
MP_CHECKOK(mp_init(&tpaz4, FLAG(n)));
MP_CHECKOK(mp_init(&rz, FLAG(n)));
MP_CHECKOK(mp_init(&raz4, FLAG(n)));
......@@ -295,19 +312,64 @@ ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
/* Compute 5NAF */
ec_compute_wNAF(naf, orderBitSize, n, 5);
numAdds = 0;
numDoubles = orderBitSize;
/* wNAF method */
for (i = orderBitSize; i >= 0; i--) {
if (ec_GFp_pt_is_inf_jac(rx, ry, &rz) == MP_YES) {
numDoubles--;
}
/* R = 2R */
ec_GFp_pt_dbl_jm(rx, ry, &rz, &raz4, rx, ry, &rz,
&raz4, scratch, group);
if (naf[i] != 0) {
ec_GFp_pt_add_jm_aff(rx, ry, &rz, &raz4,
&precomp[(naf[i] + 15) / 2][0],
&precomp[(naf[i] + 15) / 2][1], rx, ry,
&rz, &raz4, scratch, group);
numAdds++;
}
}
/* extra operations to make timing less dependent on secrets */
if (timing) {
/* low-order bit of timing argument contains no entropy */
timing >>= 1;
MP_CHECKOK(ec_GFp_pt_set_inf_jac(&tpx, &tpy, &tpz));
mp_zero(&tpaz4);
/* Set the temp value to a non-infinite point */
ec_GFp_pt_add_jm_aff(&tpx, &tpy, &tpz, &tpaz4,
&precomp[8][0],
&precomp[8][1], &tpx, &tpy,
&tpz, &tpaz4, scratch, group);
/* two bits of extra adds */
extraAdds = timing & 0x3;
timing >>= 2;
/* Window size is 5, so the maximum number of additions is ceil(orderBitSize/5) */
/* This is the same as (orderBitSize + 4) / 5 */
for(i = numAdds; i <= (orderBitSize + 4) / 5 + extraAdds; i++) {
ec_GFp_pt_add_jm_aff(&tpx, &tpy, &tpz, &tpaz4,
&precomp[9 + (i % 3)][0],
&precomp[9 + (i % 3)][1], &tpx, &tpy,
&tpz, &tpaz4, scratch, group);
}
/* two bits of extra doubles */
extraDoubles = timing & 0x3;
timing >>= 2;
for(i = numDoubles; i <= orderBitSize + extraDoubles; i++) {
ec_GFp_pt_dbl_jm(&tpx, &tpy, &tpz, &tpaz4, &tpx, &tpy, &tpz,
&tpaz4, scratch, group);
}
}
/* convert result S to affine coordinates */
MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, group));
......@@ -321,6 +383,8 @@ ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
}
mp_clear(&tpx);
mp_clear(&tpy);
mp_clear(&tpz);
mp_clear(&tpaz4);
mp_clear(&rz);
mp_clear(&raz4);
#ifdef _KERNEL
......
src/windows/native/sun/windows/ShellFolder2.cpp
浏览文件 @ d904de00
/*
* Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -192,14 +192,19 @@ static BOOL initShellProcs()
static jstring jstringFromSTRRET(JNIEnv* env, LPITEMIDLIST pidl, STRRET* pStrret) {
switch (pStrret->uType) {
case STRRET_CSTR :
return JNU_NewStringPlatform(env, reinterpret_cast<const char*>(pStrret->cStr));
if (pStrret->cStr != NULL) {
return JNU_NewStringPlatform(env, reinterpret_cast<const char*>(pStrret->cStr));
}
break;
case STRRET_OFFSET :
// Note : this may need to be WCHAR instead
return JNU_NewStringPlatform(env,
(CHAR*)pidl + pStrret->uOffset);
case STRRET_WSTR :
return env->NewString(reinterpret_cast<const jchar*>(pStrret->pOleStr),
static_cast<jsize>(wcslen(pStrret->pOleStr)));
if (pStrret->pOleStr != NULL) {
return env->NewString(reinterpret_cast<const jchar*>(pStrret->pOleStr),
static_cast<jsize>(wcslen(pStrret->pOleStr)));
}
}
return NULL;
}
......
test/java/rmi/activation/nonLocalActivation/NonLocalActivationTest.java 0 → 100644
浏览文件 @ d904de00
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.net.InetAddress;
import java.rmi.AccessException;
import java.rmi.activation.ActivationSystem;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.util.Set;
import java.util.HashSet;
/*
* @test
* @bug 8174770
* @summary Verify that ActivationSystem rejects non-local access.
* The test is manual because the (non-local) host running rmid must be supplied as a property.
* @run main/manual/othervm -Dactivation.host=rmid-host NonLocalActivationTest
*/
/**
* Lookup the ActivationSystem on a different host and invoke its remote interface methods.
* They should all throw an exception, non-local access is prohibited.
*
* This test is a manual test and uses rmid running on a *different* host.
* The default port (1098) for the Activation System is ok and expected.
* Login or ssh to the different host and invoke {@code $JDK_HOME/bin/rmid}.
* It will not show any output.
*
* On the first host modify the @run command above to replace "rmid-host"
* with the hostname or IP address of the different host and run the test with jtreg.
*/
public class NonLocalActivationTest
{
public static void main(String[] args) throws Exception {
String host = System.getProperty("activation.host");
if (host == null || host.isEmpty()) {
throw new RuntimeException("Specify host with system property: -Dactivation.host=<host>");
}
// Check if running the test on a local system; it only applies to remote
String myHostName = InetAddress.getLocalHost().getHostName();
Set<InetAddress> myAddrs = new HashSet<>();
InetAddress[] myAddrsArr = InetAddress.getAllByName(myHostName);
for (InetAddress a : myAddrsArr) {
myAddrs.add(a);
}
Set<InetAddress> hostAddrs = new HashSet<>();
InetAddress[] hostAddrsArr = InetAddress.getAllByName(host);
for (InetAddress a : hostAddrsArr) {
hostAddrs.add(a);
}
if (hostAddrs.stream().anyMatch(i -> myAddrs.contains(i))
|| hostAddrs.stream().anyMatch(h -> h.isLoopbackAddress())) {
throw new RuntimeException("Error: property 'activation.host' must not be the local host%n");
}
// Locate the registry operated by the ActivationSystem
// Test SystemRegistryImpl
Registry registry = LocateRegistry.getRegistry(host, ActivationSystem.SYSTEM_PORT);
try {
// Verify it is an ActivationSystem registry
registry.lookup("java.rmi.activation.ActivationSystem");
} catch (Exception nf) {
throw new RuntimeException("Not a ActivationSystem registry, does not contain java.rmi.activation.ActivationSystem", nf);
}
try {
registry.bind("foo", null);
throw new RuntimeException("Remote access should not succeed for method: bind");
} catch (Exception e) {
assertIsAccessException(e, "Registry.bind");
}
try {
registry.rebind("foo", null);
throw new RuntimeException("Remote access should not succeed for method: rebind");
} catch (Exception e) {
assertIsAccessException(e, "Registry.rebind");
}
try {
registry.unbind("foo");
throw new RuntimeException("Remote access should not succeed for method: unbind");
} catch (Exception e) {
assertIsAccessException(e, "Registry.unbind");
}
// Locate the ActivationSystem on the specified host and default port.
// Test each of the ActivationSystem methods
ActivationSystem as = (ActivationSystem) registry.lookup("java.rmi.activation.ActivationSystem");
// Argument is not material, access check is before arg processing
try {
as.registerGroup(null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.getActivationDesc(null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.getActivationGroupDesc(null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.registerObject(null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.unregisterGroup(null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.unregisterObject(null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.setActivationDesc(null, null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.setActivationGroupDesc(null, null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
}
/**
* Check the exception chain for the expected AccessException and message.
* @param ex the exception from the remote invocation.
*/
private static void assertIsAccessException(Exception ex, String msg1) {
Throwable t = ex;
System.out.println();
while (!(t instanceof AccessException) && t.getCause() != null) {
t = t.getCause();
}
if (t instanceof AccessException) {
String msg = t.getMessage();
int asIndex = msg.indexOf(msg1);
int disallowIndex = msg.indexOf("disallowed");
int nonLocalHostIndex = msg.indexOf("non-local host");
if (asIndex < 0 ||
disallowIndex < 0 ||
nonLocalHostIndex < 0 ) {
throw new RuntimeException("exception message is malformed", t);
}
System.out.printf("Found expected AccessException: %s%n", t);
} else {
throw new RuntimeException("AccessException did not occur", ex);
}
}
}
test/java/rmi/registry/nonLocalRegistry/NonLocalRegistryTest.java 0 → 100644
浏览文件 @ d904de00
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.net.InetAddress;
import java.rmi.AccessException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.util.Set;
import java.util.HashSet;
/* @test
* @bug 8174770
* @summary Verify that Registry rejects non-local access for bind, unbind, rebind.
* The test is manual because the (non-local) host running rmiregistry must be supplied as a property.
* @run main/othervm/manual -Dregistry.host=rmi-registry-host NonLocalRegistryTest
*/
/**
* Verify that access checks for Registry.bind(), .rebind(), and .unbind()
* are prevented on remote access to the registry.
*
* This test is a manual test and uses a standard rmiregistry running
* on a *different* host.
* The test verifies that the access check is performed *before* the object to be
* bound or rebound is deserialized.
*
* Login or ssh to the different host and invoke {@code $JDK_HOME/bin/rmiregistry}.
* It will not show any output.
*
* On the first host modify the @run command above to replace "rmi-registry-host"
* with the hostname or IP address of the different host and run the test with jtreg.
*/
public class NonLocalRegistryTest {
public static void main(String[] args) throws Exception {
String host = System.getProperty("registry.host");
if (host == null || host.isEmpty()) {
throw new RuntimeException("Specify host with system property: -Dregistry.host=<host>");
}
// Check if running the test on a local system; it only applies to remote
String myHostName = InetAddress.getLocalHost().getHostName();
Set<InetAddress> myAddrs = new HashSet<>();
InetAddress[] myAddrsArr = InetAddress.getAllByName(myHostName);
for (InetAddress a : myAddrsArr) {
myAddrs.add(a);
}
Set<InetAddress> hostAddrs = new HashSet<>();
InetAddress[] hostAddrsArr = InetAddress.getAllByName(host);
for (InetAddress a : hostAddrsArr) {
hostAddrs.add(a);
}
if (hostAddrs.stream().anyMatch(i -> myAddrs.contains(i))
|| hostAddrs.stream().anyMatch(h -> h.isLoopbackAddress())) {
throw new RuntimeException("Error: property 'registry.host' must not be the local host%n");
}
Registry registry = LocateRegistry.getRegistry(host, Registry.REGISTRY_PORT);
try {
registry.bind("foo", null);
throw new RuntimeException("Remote access should not succeed for method: bind");
} catch (Exception e) {
assertIsAccessException(e);
}
try {
registry.rebind("foo", null);
throw new RuntimeException("Remote access should not succeed for method: rebind");
} catch (Exception e) {
assertIsAccessException(e);
}
try {
registry.unbind("foo");
throw new RuntimeException("Remote access should not succeed for method: unbind");
} catch (Exception e) {
assertIsAccessException(e);
}
}
/**
* Check the exception chain for the expected AccessException and message.
* @param ex the exception from the remote invocation.
*/
private static void assertIsAccessException(Throwable ex) {
Throwable t = ex;
while (!(t instanceof AccessException) && t.getCause() != null) {
t = t.getCause();
}
if (t instanceof AccessException) {
String msg = t.getMessage();
int asIndex = msg.indexOf("Registry");
int rrIndex = msg.indexOf("Registry.Registry"); // Obsolete error text
int disallowIndex = msg.indexOf("disallowed");
int nonLocalHostIndex = msg.indexOf("non-local host");
if (asIndex < 0 ||
rrIndex != -1 ||
disallowIndex < 0 ||
nonLocalHostIndex < 0 ) {
throw new RuntimeException("exception message is malformed", t);
}
System.out.printf("Found expected AccessException: %s%n%n", t);
} else {
throw new RuntimeException("AccessException did not occur when expected", ex);
}
}
}
test/java/rmi/registry/serialFilter/RegistryFilterTest.java
浏览文件 @ d904de00
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -21,24 +21,18 @@
* questions.
*/
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.rmi.AlreadyBoundException;
import java.rmi.MarshalledObject;
import java.rmi.NotBoundException;
import java.rmi.Remote;
import java.rmi.RemoteException;
import java.rmi.AlreadyBoundException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.util.Objects;
import java.security.Security;
import java.util.Objects;
import org.testng.Assert;
import org.testng.TestNG;
......@@ -57,7 +51,8 @@ import org.testng.annotations.Test;
* @summary Test filters for the RMI Registry
* @run testng/othervm RegistryFilterTest
* @run testng/othervm
* -Dsun.rmi.registry.registryFilter=!java.lang.Long;!RegistryFilterTest$RejectableClass
* -Dsun.rmi.registry.registryFilter=!java.lang.Long;!RegistryFilterTest$RejectableClass;maxdepth=19
* -Dtest.maxdepth=19
* RegistryFilterTest
* @run testng/othervm/policy=security.policy
* -Djava.security.properties=${test.src}/java.security-extra1
......@@ -68,6 +63,8 @@ public class RegistryFilterTest {
private static int port;
private static Registry registry;
static final int REGISTRY_MAX_DEPTH = 20;
static final int REGISTRY_MAX_ARRAY = 10000;
static final String registryFilter =
......@@ -125,7 +122,7 @@ public class RegistryFilterTest {
/*
* Test registry rejects an object with the max array size + 1.
* Test registry rejects an object with the max array size + 1.
*/
@Test(dataProvider="bindData")
public void simpleBind(String name, Remote obj, boolean blacklisted) throws RemoteException, AlreadyBoundException, NotBoundException {
......@@ -139,9 +136,9 @@ public class RegistryFilterTest {
}
/*
* Test registry rejects an object with a well known class
* if blacklisted in the security properties.
*/
* Test registry rejects an object with a well known class
* if blacklisted in the security properties.
*/
@Test
public void simpleRejectableClass() throws RemoteException, AlreadyBoundException, NotBoundException {
RejectableClass r1 = null;
......@@ -150,9 +147,46 @@ public class RegistryFilterTest {
r1 = new RejectableClass();
registry.bind(name, r1);
registry.unbind(name);
Assert.assertNull(registryFilter, "Registry filter should not have rejected");
Assert.assertNull(registryFilter, "Registry filter should have rejected");
} catch (Exception rex) {
Assert.assertNotNull(registryFilter, "Registry filter should have rejected");
Assert.assertNotNull(registryFilter, "Registry filter should not have rejected");
}
}
/*
* Test registry does not reject an object with depth at the built-in limit.
*/
@Test
public void simpleDepthBuiltinNonRejectable() throws RemoteException, AlreadyBoundException, NotBoundException {
int depthOverride = Integer.getInteger("test.maxdepth", REGISTRY_MAX_DEPTH);
depthOverride = Math.min(depthOverride, REGISTRY_MAX_DEPTH);
System.out.printf("overrideDepth: %d, filter: %s%n", depthOverride, registryFilter);
try {
String name = "reject2";
DepthRejectableClass r1 = DepthRejectableClass.create(depthOverride);
registry.bind(name, r1);
registry.unbind(name);
} catch (Exception rex) {
Assert.fail("Registry filter should not have rejected depth: "
+ depthOverride);
}
}
/*
* Test registry rejects an object with depth at the limit + 1.
*/
@Test
public void simpleDepthRejectable() throws RemoteException, AlreadyBoundException, NotBoundException {
int depthOverride = Integer.getInteger("test.maxdepth", REGISTRY_MAX_DEPTH);
depthOverride = Math.min(depthOverride, REGISTRY_MAX_DEPTH);
System.out.printf("overrideDepth: %d, filter: %s%n", depthOverride, registryFilter);
try {
String name = "reject3";
DepthRejectableClass r1 = DepthRejectableClass.create(depthOverride + 1);
registry.bind(name, r1);
Assert.fail("Registry filter should have rejected depth: " + depthOverride + 1);
} catch (Exception rex) {
// Rejection expected
}
}
......@@ -173,6 +207,7 @@ public class RegistryFilterTest {
return super.toString() + "//" + Objects.toString(obj);
}
}
/**
* A simple Serializable Remote object that is passed by value.
* It and its contents are checked by the Registry serial filter.
......@@ -183,4 +218,25 @@ public class RegistryFilterTest {
RejectableClass() {}
}
/**
* A simple Serializable Remote object that is passed by value.
* It and its contents are checked by the Registry serial filter.
*/
static class DepthRejectableClass implements Serializable, Remote {
private static final long serialVersionUID = 362498820763181264L;
private final DepthRejectableClass next;
private DepthRejectableClass(DepthRejectableClass next) {
this.next = next;
}
static DepthRejectableClass create(int depth) {
DepthRejectableClass next = new DepthRejectableClass(null);
for (int i = 1; i < depth; i++) {
next = new DepthRejectableClass(next);
}
return next;
}
}
}
test/javax/management/remote/nonLocalAccess/NonLocalJMXRemoteTest.java 0 → 100644
浏览文件 @ d904de00
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.net.InetAddress;
import java.rmi.AccessException;
import java.rmi.NotBoundException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.util.Set;
import java.util.HashSet;
/* @test
* @bug 8174770
* @summary Verify that JMX Registry rejects non-local access for bind, unbind, rebind.
* The test is manual because the (non-local) host and port running JMX must be supplied as properties.
* @run main/othervm/manual -Djmx-registry.host=jmx-registry-host -Djmx-registry.port=jmx-registry-port NonLocalJMXRemoteTest
*/
/**
* Verify that access checks for the Registry exported by JMX Registry.bind(),
* .rebind(), and .unbind() are prevented on remote access to the registry.
* The test verifies that the access check is performed *before* the object to be
* bound or rebound is deserialized.
* This tests the SingleEntryRegistry implemented by JMX.
* This test is a manual test and uses JMX running on a *different* host.
* JMX can be enabled in any Java runtime; for example:
* login or ssh to the different host and invoke rmiregistry with arguments below.
* It will not show any output.
* {@code $JDK_HOME/bin/rmiregistry \
* -J-Dcom.sun.management.jmxremote.port=8888 \
* -J-Dcom.sun.management.jmxremote.local.only=false \
* -J-Dcom.sun.management.jmxremote.ssl=false \
* -J-Dcom.sun.management.jmxremote.authenticate=false
* }
* On the first host modify the @run command above to replace "jmx-registry-host"
* with the hostname or IP address of the different host and run the test with jtreg.
*/
public class NonLocalJMXRemoteTest {
public static void main(String[] args) throws Exception {
String host = System.getProperty("jmx-registry.host");
if (host == null || host.isEmpty()) {
throw new RuntimeException("Specify host with system property: -Djmx-registry.host=<host>");
}
int port = Integer.getInteger("jmx-registry.port", -1);
if (port <= 0) {
throw new RuntimeException("Specify port with system property: -Djmx-registry.port=<port>");
}
// Check if running the test on a local system; it only applies to remote
String myHostName = InetAddress.getLocalHost().getHostName();
Set<InetAddress> myAddrs = new HashSet<>();
InetAddress[] myAddrsArr = InetAddress.getAllByName(myHostName);
for (InetAddress a : myAddrsArr) {
myAddrs.add(a);
}
Set<InetAddress> hostAddrs = new HashSet<>();
InetAddress[] hostAddrsArr = InetAddress.getAllByName(host);
for (InetAddress a : hostAddrsArr) {
hostAddrs.add(a);
}
if (hostAddrs.stream().anyMatch(i -> myAddrs.contains(i))
|| hostAddrs.stream().anyMatch(h -> h.isLoopbackAddress())) {
throw new RuntimeException("Error: property 'jmx-registry.host' must not be the local host%n");
}
Registry registry = LocateRegistry.getRegistry(host, port);
try {
// Verify it is a JMX Registry
registry.lookup("jmxrmi");
} catch (NotBoundException nf) {
throw new RuntimeException("Not a JMX registry, jmxrmi is not bound", nf);
}
try {
registry.bind("foo", null);
throw new RuntimeException("Remote access should not succeed for method: bind");
} catch (Exception e) {
assertIsAccessException(e);
}
try {
registry.rebind("foo", null);
throw new RuntimeException("Remote access should not succeed for method: rebind");
} catch (Exception e) {
assertIsAccessException(e);
}
try {
registry.unbind("foo");
throw new RuntimeException("Remote access should not succeed for method: unbind");
} catch (Exception e) {
assertIsAccessException(e);
}
}
/**
* Check the exception chain for the expected AccessException and message.
* @param ex the exception from the remote invocation.
*/
private static void assertIsAccessException(Throwable ex) {
Throwable t = ex;
while (!(t instanceof AccessException) && t.getCause() != null) {
t = t.getCause();
}
if (t instanceof AccessException) {
String msg = t.getMessage();
int asIndex = msg.indexOf("Registry");
int disallowIndex = msg.indexOf("disallowed");
int nonLocalHostIndex = msg.indexOf("non-local host");
if (asIndex < 0 ||
disallowIndex < 0 ||
nonLocalHostIndex < 0 ) {
throw new RuntimeException("exception message is malformed", t);
}
System.out.printf("Found expected AccessException: %s%n%n", t);
} else {
throw new RuntimeException("AccessException did not occur when expected", ex);
}
}
}
test/javax/swing/JFileChooser/GodMode/JFileChooserTest.java 0 → 100644
浏览文件 @ d904de00
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8179014
* @requires (os.family == "Windows")
* @summary Check if JFileChooser crashes with GodMode Directory.
* @run main/manual JFileChooserTest
*/
import java.awt.Color;
import java.awt.GridBagConstraints;
import java.awt.GridBagLayout;
import java.util.concurrent.CountDownLatch;
import javax.swing.JPanel;
import javax.swing.JTextArea;
import javax.swing.SwingUtilities;
import javax.swing.JButton;
import javax.swing.JFrame;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.util.concurrent.TimeUnit;
import javax.swing.JFileChooser;
import javax.swing.UIManager;
public class JFileChooserTest {
public static void main(String args[]) throws Exception {
final CountDownLatch latch = new CountDownLatch(1);
TestUI test = new TestUI(latch);
SwingUtilities.invokeAndWait(() -> {
try {
test.createUI();
} catch (Exception ex) {
throw new RuntimeException("Exception while creating UI");
}
});
boolean status = latch.await(5, TimeUnit.MINUTES);
if (!status) {
System.out.println("Test timed out.");
}
SwingUtilities.invokeAndWait(() -> {
try {
test.disposeUI();
} catch (Exception ex) {
throw new RuntimeException("Exception while disposing UI");
}
});
if (test.testResult == false) {
throw new RuntimeException("Test Failed.");
}
}
}
class TestUI {
private static JFrame mainFrame;
private static JPanel mainControlPanel;
private static JTextArea instructionTextArea;
private static JPanel resultButtonPanel;
private static JButton passButton;
private static JButton failButton;
private static GridBagLayout layout;
private final CountDownLatch latch;
public boolean testResult = false;
public TestUI(CountDownLatch latch) throws Exception {
this.latch = latch;
}
public final void createUI() throws Exception {
UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName());
mainFrame = new JFrame("JFileChooserTest");
layout = new GridBagLayout();
mainControlPanel = new JPanel(layout);
resultButtonPanel = new JPanel(layout);
GridBagConstraints gbc = new GridBagConstraints();
// Create Test instructions
String instructions
= "INSTRUCTIONS:"
+ "\n 1. Create a new folder on the desktop."
+ "\n 2. Rename the folder exactly as given below: "
+ "\n GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} "
+ "\n 3. Click on Launch Button. "
+ "\n Check if JFileChooser is launched successfully. "
+ "\n If yes, close the JFileChooser and click Pass, "
+ "\n else Fail. "
+ "\n 4. Delete the GodMode folder.";
instructionTextArea = new JTextArea();
instructionTextArea.setText(instructions);
instructionTextArea.setEnabled(false);
instructionTextArea.setDisabledTextColor(Color.black);
instructionTextArea.setBackground(Color.white);
gbc.gridx = 0;
gbc.gridy = 0;
gbc.fill = GridBagConstraints.HORIZONTAL;
mainControlPanel.add(instructionTextArea, gbc);
JButton launchButton = new JButton("Launch");
launchButton.setActionCommand("Launch");
launchButton.addActionListener((ActionEvent e) -> {
JFileChooser fileChooser = new JFileChooser();
fileChooser.showOpenDialog(null);
}
);
gbc.gridx = 0;
gbc.gridy = 1;
mainControlPanel.add(launchButton, gbc);
passButton = new JButton("Pass");
passButton.setActionCommand("Pass");
passButton.addActionListener((ActionEvent e) -> {
testResult = true;
mainFrame.dispose();
latch.countDown();
});
failButton = new JButton("Fail");
failButton.setActionCommand("Fail");
failButton.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
testResult = false;
mainFrame.dispose();
latch.countDown();
}
});
gbc.gridx = 0;
gbc.gridy = 0;
resultButtonPanel.add(passButton, gbc);
gbc.gridx = 1;
gbc.gridy = 0;
resultButtonPanel.add(failButton, gbc);
gbc.gridx = 0;
gbc.gridy = 2;
mainControlPanel.add(resultButtonPanel, gbc);
mainFrame.add(mainControlPanel);
mainFrame.pack();
mainFrame.setVisible(true);
}
public void disposeUI() {
mainFrame.setVisible(false);
mainFrame.dispose();
}
}
test/sun/security/ssl/CertPathRestrictions/JSSEClient.java 0 → 100644
浏览文件 @ d904de00
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
/*
* A SSL socket client.
*/
public class JSSEClient {
public static void main(String[] args) throws Exception {
System.out.println("Client: arguments=" + String.join("; ", args));
int port = Integer.valueOf(args[0]);
String[] trustNames = args[1].split(TLSRestrictions.DELIMITER);
String[] certNames = args[2].split(TLSRestrictions.DELIMITER);
String constraint = args[3];
TLSRestrictions.setConstraint("Client", constraint);
SSLContext context = TLSRestrictions.createSSLContext(
trustNames, certNames);
SSLSocketFactory socketFactory = context.getSocketFactory();
try (SSLSocket socket = (SSLSocket) socketFactory.createSocket()) {
socket.connect(new InetSocketAddress("localhost", port),
TLSRestrictions.TIMEOUT);
socket.setSoTimeout(TLSRestrictions.TIMEOUT);
System.out.println("Client: connected");
InputStream sslIS = socket.getInputStream();
OutputStream sslOS = socket.getOutputStream();
sslOS.write('C');
sslOS.flush();
sslIS.read();
System.out.println("Client: finished");
} catch (Exception e) {
throw new RuntimeException("Client: failed.", e);
}
}
}
test/sun/security/ssl/CertPathRestrictions/JSSEServer.java 0 → 100644
浏览文件 @ d904de00
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.InputStream;
import java.io.OutputStream;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
/*
* A SSL socket server.
*/
public class JSSEServer {
private SSLServerSocket server = null;
private Exception exception = null;
public JSSEServer(SSLContext context,
boolean needClientAuth) throws Exception {
SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
server = (SSLServerSocket) serverFactory.createServerSocket(0);
server.setSoTimeout(TLSRestrictions.TIMEOUT);
server.setNeedClientAuth(needClientAuth); // for dual authentication
System.out.println("Server: port=" + getPort());
}
public void start() {
new Thread(new Runnable() {
@Override
public void run() {
try {
System.out.println("Server: started");
try (SSLSocket socket = (SSLSocket) server.accept()) {
socket.setSoTimeout(TLSRestrictions.TIMEOUT);
InputStream sslIS = socket.getInputStream();
OutputStream sslOS = socket.getOutputStream();
sslIS.read();
sslOS.write('S');
sslOS.flush();
System.out.println("Server: finished");
}
} catch (Exception e) {
e.printStackTrace(System.out);
exception = e;
}
}
}).start();
}
public int getPort() {
return server.getLocalPort();
}
public Exception getException() {
return exception;
}
}
test/sun/security/ssl/CertPathRestrictions/certs/END_ENTITY_SHA1-INTER_CA_SHA256-ROOT_CA_SHA256-PRIV.key 0 → 100644
浏览文件 @ d904de00
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCYQDZxHxNJV8dQ
I6mfJjuIZxAe5CX9GCrS3Fajh5DXIQwdcvQ4s6YdKzwFn+8dUdspdNTnS+bWjfYw
0iAbsMt6L6ewutaZf6aufh1EBYiwNOvN8C8Cx0iiE8NiBo833AYWHKhDC4qu63QR
dYwb9j+Jg8t6p0lQ64sFLDN/RJOcWlaPQbJbSNBKePQR7WOFvdJgFAdQmQjL+ND6
PSui9QByyXQ+3nfs7ID4paUxYbCrJMh5/AJqaT04DYDEumfmURUn5+ZOIqmqvI2I
pNXN5gVzL3b8mM2WGr5dpRY5cZ1X//BQ91SNjrKNJlmKFr7nMCfAdzxIW4b/sArv
eYNE2Vy7AgMBAAECggEBAJNtkopFoiJiKnFypxyiJAG4cwbGu/ZxwX3/uLGPY3S9
3oJhvxVs+IzEQdHchempSwTAyizS9cuLGfs6bbcConZF0Sa0NXvb/SZ4npQwm6St
Ci2Xx530JWQ0qPyyB1r65rXguBp8AaXR/8msPqkQ8YOSqKWzea4u96Zhn9g8Koe6
AD/8FeSzJBDVbJ+C7jKX/7sKsHbYqulzLMQf0lqXFxpGW+5UJaozoQOWXnnmqU3T
0i4uaGUCXHbQM8eh3fvMFCU4UQMYVS1QOSvZJTnO5bSb8SqeQnCMnQ18ltq4sL43
qFsEcmAjrlhNoBwslqvfY1bX9NtXyFZ8PuD8OvoFxPkCgYEAxlVfD2qcrAoOcbDe
Em9hDVPizRuzGuCHi9K2YLDrLVDNd6NF3Pk65JiTsd1fA2AZdi+ljKGEwBhNFOyk
qwmK2K4sYy7zvyV3Blmwvyo7+OaeexYF8RIw5keGlRsgHTGarzlQAlJu91UmyAmE
C/99fZbSWo9QndJ0FVR6G3ti71UCgYEAxITBJqVtNFnv4PGdc3FNsYXlRQcSWjs9
/1lsppLQjC6HMsb6JpxYUF3D4oFiUESKe/9kZzl1H/65Cm2mYq8sj+7lug8P5tz7
DQa91dFM02r8JLO6TitSuZfbc0XH0K450ntuQlKX581icYSGBUwQHGApespuNVlh
Mg7CmwNse88CgYAienrhEjaUTdc++nFQoR4tE/UslPEo7fmCXCoqWvc3VIGzl6Ww
iX8seD3MwOAglRc4DYZpETcjsdXMmmrx9OG3U2gSAfqLszai2vq38N6mIWlRmn2D
8BaiIbMKvsFxccsjRQJctPnnc10fj0/uSgcFyy9cYOex2AEoKBxmJKgJVQKBgA0c
HhaJ6qMXbN1AwRQ2dsxk9kqIkjzavuQN/yWNncP8RqCojX+N5oZV+v9dSkW4jNSA
0R3hw2KDB60ea38h2IMxmLm0z4bDLyxLSta8w7dG59M6+i7EzRv8eXNTMGVHeiwE
d/KMt/2Kwgp4oMgxrtF1yM6cOoXslINWYL0emVoZAoGAcEKzO8LgPJsIVjRFz3ri
0AQqiXQzYek2WAXYhlQCvBVn8in3MYcxKhjA3Og3Lym0xvZ+/8SbII9QNaidbgIH
HDreeJW4KE5EfVnDaYcxwK/9LXZXndIxrpR0YKNSvZT7DuuQtFCoxJcASxb1k9Tc
5MPT+pyPL+9v2q56ry56qas=
test/sun/security/ssl/CertPathRestrictions/certs/END_ENTITY_SHA1-INTER_CA_SHA256-ROOT_CA_SHA256.cer 0 → 100644
浏览文件 @ d904de00
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
e8:33:78:c7:69:9c:28:c2
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=CA, L=City, O=Org, OU=Java, CN=INTER_CA_SHA256-ROOT_CA_SHA256
Validity
Not Before: Mar 30 04:51:07 2017 GMT
Not After : Mar 28 04:51:07 2027 GMT
Subject: C=US, ST=CA, L=City, O=Org, OU=Java, CN=END_ENTITY_SHA1-INTER_CA_SHA256-ROOT_CA_SHA256
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:98:40:36:71:1f:13:49:57:c7:50:23:a9:9f:26:
3b:88:67:10:1e:e4:25:fd:18:2a:d2:dc:56:a3:87:
90:d7:21:0c:1d:72:f4:38:b3:a6:1d:2b:3c:05:9f:
ef:1d:51:db:29:74:d4:e7:4b:e6:d6:8d:f6:30:d2:
20:1b:b0:cb:7a:2f:a7:b0:ba:d6:99:7f:a6:ae:7e:
1d:44:05:88:b0:34:eb:cd:f0:2f:02:c7:48:a2:13:
c3:62:06:8f:37:dc:06:16:1c:a8:43:0b:8a:ae:eb:
74:11:75:8c:1b:f6:3f:89:83:cb:7a:a7:49:50:eb:
8b:05:2c:33:7f:44:93:9c:5a:56:8f:41:b2:5b:48:
d0:4a:78:f4:11:ed:63:85:bd:d2:60:14:07:50:99:
08:cb:f8:d0:fa:3d:2b:a2:f5:00:72:c9:74:3e:de:
77:ec:ec:80:f8:a5:a5:31:61:b0:ab:24:c8:79:fc:
02:6a:69:3d:38:0d:80:c4:ba:67:e6:51:15:27:e7:
e6:4e:22:a9:aa:bc:8d:88:a4:d5:cd:e6:05:73:2f:
76:fc:98:cd:96:1a:be:5d:a5:16:39:71:9d:57:ff:
f0:50:f7:54:8d:8e:b2:8d:26:59:8a:16:be:e7:30:
27:c0:77:3c:48:5b:86:ff:b0:0a:ef:79:83:44:d9:
5c:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
DirName:/C=US/ST=CA/L=City/O=Org/OU=Java/CN=ROOT_CA_SHA256
serial:84:A1:70:1D:0A:92:D3:CC
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
22:63:2a:de:80:70:92:f7:53:e4:7f:ea:01:2b:13:b3:1b:02:
2e:10:b4:1d:b7:33:7f:6f:0d:88:46:5a:b8:db:83:95:77:e2:
db:da:2e:31:0a:85:c6:9a:75:84:ca:73:5c:be:e3:30:22:7e:
bc:60:43:49:7c:69:06:14:4a:89:e4:23:ca:25:99:85:d6:06:
16:d5:9e:a8:fd:25:43:88:07:12:0a:7e:de:24:33:71:ab:a4:
23:aa:4e:dc:0f:89:ef:a9:09:89:55:a1:1d:ee:48:35:ea:10:
42:ff:98:15:2a:e8:5c:46:e0:e4:4f:4c:b9:07:e0:da:08:6f:
ce:4a:fe:98:3e:ae:c5:e5:6a:6e:50:0f:2d:39:01:55:ed:59:
0b:65:30:54:e8:72:26:ee:9f:cf:3f:ce:6a:20:c8:87:c9:81:
bc:f8:b3:ec:77:bb:bc:5b:8c:3f:18:fd:08:76:ad:27:59:fc:
b8:74:96:0d:cd:ed:97:91:6b:95:89:3a:f3:78:de:9f:06:a6:
ce:36:01:f0:be:ae:d8:d6:c4:3d:51:8a:2a:e0:43:59:8c:b4:
eb:63:93:9d:53:72:f8:4b:a3:c7:4a:da:2e:56:33:b6:46:1b:
45:a8:23:1b:82:de:6d:4e:e0:18:cf:9b:ba:22:68:8b:8c:de:
6f:08:2d:bc
-----BEGIN CERTIFICATE-----
MIID/jCCAuagAwIBAgIJAOgzeMdpnCjCMA0GCSqGSIb3DQEBBQUAMG8xCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3Jn
MQ0wCwYDVQQLDARKYXZhMScwJQYDVQQDDB5JTlRFUl9DQV9TSEEyNTYtUk9PVF9D
QV9TSEEyNTYwHhcNMTcwMzMwMDQ1MTA3WhcNMjcwMzI4MDQ1MTA3WjB/MQswCQYD
VQQGEwJVUzELMAkGA1UECAwCQ0ExDTALBgNVBAcMBENpdHkxDDAKBgNVBAoMA09y
ZzENMAsGA1UECwwESmF2YTE3MDUGA1UEAwwuRU5EX0VOVElUWV9TSEExLUlOVEVS
X0NBX1NIQTI1Ni1ST09UX0NBX1NIQTI1NjCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJhANnEfE0lXx1AjqZ8mO4hnEB7kJf0YKtLcVqOHkNchDB1y9Diz
ph0rPAWf7x1R2yl01OdL5taN9jDSIBuwy3ovp7C61pl/pq5+HUQFiLA0683wLwLH
SKITw2IGjzfcBhYcqEMLiq7rdBF1jBv2P4mDy3qnSVDriwUsM39Ek5xaVo9BsltI
0Ep49BHtY4W90mAUB1CZCMv40Po9K6L1AHLJdD7ed+zsgPilpTFhsKskyHn8Ampp
PTgNgMS6Z+ZRFSfn5k4iqaq8jYik1c3mBXMvdvyYzZYavl2lFjlxnVf/8FD3VI2O
so0mWYoWvucwJ8B3PEhbhv+wCu95g0TZXLsCAwEAAaOBjDCBiTB5BgNVHSMEcjBw
oWOkYTBfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExDTALBgNVBAcMBENpdHkx
DDAKBgNVBAoMA09yZzENMAsGA1UECwwESmF2YTEXMBUGA1UEAwwOUk9PVF9DQV9T
SEEyNTaCCQCEoXAdCpLTzDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IB
AQAiYyregHCS91Pkf+oBKxOzGwIuELQdtzN/bw2IRlq424OVd+Lb2i4xCoXGmnWE
ynNcvuMwIn68YENJfGkGFEqJ5CPKJZmF1gYW1Z6o/SVDiAcSCn7eJDNxq6Qjqk7c
D4nvqQmJVaEd7kg16hBC/5gVKuhcRuDkT0y5B+DaCG/OSv6YPq7F5WpuUA8tOQFV
7VkLZTBU6HIm7p/PP85qIMiHyYG8+LPsd7u8W4w/GP0Idq0nWfy4dJYNze2XkWuV
iTrzeN6fBqbONgHwvq7Y1sQ9UYoq4ENZjLTrY5OdU3L4S6PHStouVjO2RhtFqCMb
gt5tTuAYz5u6ImiLjN5vCC28
-----END CERTIFICATE-----
test/sun/security/ssl/CertPathRestrictions/certs/END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA1-PRIV.key 0 → 100644
浏览文件 @ d904de00
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDaYlKNTU1iQes/
BtivvM1ixjCk1muM1RdMkJQItZB21y1kM1OLp3EmGKqVqwKbS5OTrMIxjPUwD9Ly
aRJMvSP1xve7zwmNXOngA8eukmQ2olQU58ble6IAHcj4qg7a38E1ITvDmAswhTzK
fI4Z6okLCjKfYafnfbi5JA+E6fiArB3zimjne+tiUNYZh2eYspsOOw6cmaLtIbMP
ZyXy4iP6OCNIikb08Da27zjVn04i1SeUEv1YFmn4B9GWcNLAXyM1LmCNi70+SATp
aZYRjr/BBR6LNZMBsNKJblWFXK3UtfYFiypyirgQjzPtLb1XsuMhfqMt8QZDh8n3
YvYTW59xAgMBAAECggEAb4NPdhnoDulsL5XWZf55vhtH0ZQv/Qz+xbj57myQJS8B
Xa4b1i8dRv/Hc3+MaDIyXHEWBGle9jjOVbwzfP4D88eyzrMMxKOSRTKI72qPQ5qm
ZrpnxNzZv0d2TQvBZCBnrzKWKu1joVYX0anCghdR/VIqwVoDe+Clx9xTFGLI4yKO
7v0dkr4Hxn3NT6bTV18V6PoGbUgIsmpNYQPFyUM/IHG2ewDffLP+tm7RsEfKYmcx
Hr70pmWBpM9hwTAC+uXHuNXnsX4IjEQOXmm4PJ/A/sm2Bad93SPwi15e29MV8YbO
vvirGLaepa7AUvqoK0DFNCLU6vCeFJ7DUZ/u2P8x8QKBgQDxNOWvy3EV4/P/ocSf
itMtXZWj4driT4vUGwFZWfr3CVpZVaUmqXYeVdzNGuoWlmXOiOAuOepnlA36FCb5
aGE4cq/hbdtbr+v6awEj5/A2me/ax1W1z6lD0pg0QJ7KvqFCBzVol5yTiWZKBVE+
jp2waPfes770AUHczw9KKvEGtQKBgQDnxxiZAxtoNmOaB/NZmPNBKvWDw858+QX2
+u/jEH3pW393tUnipgIoo6yvd6djhJ6/4ViOxdioMIQCBab/xuSB4lfQsrJsWvS9
uYB794s7CV2r3kUa3ux8wAovW6Fc369nD7JjUPX/Cq3zdlyTDt9LVLRCpZ6Li1xB
r0ZVlpgPTQKBgQCgKay+X0tW6sdxHfyOp8Lz46liaa1LCuDhVZE+wHXZpXc9zJXe
JzZMjF0SQGXh27n8O30IlOJmJrRlMw5yG/I6ZkUNXkIDDryVyom2SuOBjhPrZOMv
15UgeO0h/Sqzm4M+ccTwD4Qjn1+xlPhOnqpsoja8xQPtyAvwz/jqGbtz5QKBgH01
pSgj8Y5es3fmi6P/aInv9ynzgX0p2fsOnMEBi8Og1j+JBB0YqVni8crozNiKMGhg
CEM4xk41x1qASzMp8w/ngqEPqCu5BzXnHG3b0K9X4+6Q6KwXeZH6/IWQ7p8Jh+wZ
IrlcZ0gcMNSxQFmBU0eSvr6yUe/4nSIu2cQq0oKRAoGAUEFd0LxZw50BdCdpJlcQ
+oTbSUYQhAzPF2ybfR6i8IxXoOjVxpvRehlbwXIQV7XEqamXFTmBLIvuAlF1yWoH
hzxNJuEgPRTPztnHD6LVzvuf2ain+CFZuDrXBT2l8PyF9BNL4/DMRrbgdCxr9F0O
Ti0VJo1TRE8vVzUfVc9w1RI=
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册