Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 d904de00 编写于 作者: A asaha
浏览文件
操作

Merge

上级 8587eb8d 2995aeea
隐藏空白更改
内联 并排
Showing with 3752 addition and 1149 deletion
.hgtags
浏览文件 @ d904de00
......@@ -710,3 +710,12 @@ c49f918efc4e6e2b8a1e771dba0c8de8d636660c jdk8u141-b06
9fd2a2019a5b7f35957c43c83eb00e1ae371a95e jdk8u141-b07
64261149b033dd6f625ccf7b4aaf7452baec82ef jdk8u141-b08
276269460238f84410a70ffe735db9cf78651b8f jdk8u141-b09
c92d704420d707d3016d8ee3a4239d1c57692ddd jdk8u141-b10
3237f27a9d22ee02d0bfbd6f662a4d948d25a74f jdk8u141-b11
2966589b3f330b6e676418b48d2960e294d35060 jdk8u141-b12
2966589b3f330b6e676418b48d2960e294d35060 jdk8u141-b12
0000000000000000000000000000000000000000 jdk8u141-b12
0000000000000000000000000000000000000000 jdk8u141-b12
996632997de8c889067dafd5a5827146e02c9130 jdk8u141-b12
c6bc194fedb63b20c45c793405d215d206fb4654 jdk8u141-b13
d630e23b8e36c2863225d7ae107c73a38d3e6102 jdk8u141-b14
THIRD_PARTY_README
浏览文件 @ d904de00
......@@ -285,13 +285,53 @@ You are receiving a copy of the Elliptic Curve Cryptography library in source
form with the JDK 8 and OpenJDK 8 source distributions, and as object code in
the JRE 8 & JDK 8 runtimes.
In the case of the JRE 8 & JDK 8 runtimes, the terms of the Oracle license do
In the case of the JRE & JDK runtimes, the terms of the Oracle license do
NOT apply to the Elliptic Curve Cryptography library; it is licensed under the
following license, separately from Oracle's JDK & JRE. If you do not wish to
install the Elliptic Curve Cryptography library, you may delete the library
named libsunec.so (on Solaris and Linux systems) or sunec.dll (on Windows
systems) from the JRE bin directory reserved for native libraries.
install the Elliptic Curve Cryptography library, you may delete the
Elliptic Curve Cryptography library:
- On Solaris and Linux systems: delete $(JAVA_HOME)/lib/libsunec.so
- On Windows systems: delete $(JAVA_HOME)\bin\sunec.dll
- On Mac systems, delete:
for JRE: /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/libsunec.dylib
for JDK: $(JAVA_HOME)/jre/lib/libsunec.dylib
Written Offer for ECC Source Code
For third party technology that you receive from Oracle in binary form
which is licensed under an open source license that gives you the right
to receive the source code for that binary, you can obtain a copy of
the applicable source code from this page:
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/tip/src/share/native/sun/security/ec/impl
If the source code for the technology was not provided to you with the
binary, you can also receive a copy of the source code on physical
media by submitting a written request to:
Oracle America, Inc.
Attn: Associate General Counsel,
Development and Engineering Legal
500 Oracle Parkway, 10th Floor
Redwood Shores, CA 94065
Or, you may send an email to Oracle using the form at:
http://www.oracle.com/goto/opensourcecode/request
Your request should include:
- The name of the component or binary file(s) for which you are requesting
the source code
- The name and version number of the Oracle product containing the binary
- The date you received the Oracle product
- Your name
- Your company name (if applicable)
- Your return mailing address and email and
- A telephone number in the event we need to reach you.
We may charge you a fee to cover the cost of physical media and processing.
Your request must be sent (i) within three (3) years of the date you
received the Oracle product that included the component or binary
file(s) that are the subject of your request, or (ii) in the case of
code licensed under the GPL v3, for as long as Oracle offers spare
parts or customer support for that product model.
--- begin of LICENSE ---
......@@ -870,63 +910,6 @@ IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
OF SUCH DAMAGE.
--- end of LICENSE ---
%% This notice is provided with respect to Dynalink library which is included
with the Nashorn technology.
--- begin of LICENSE ---
Copyright (c) 2009-2013, Attila Szegedi
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDER
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- end of LICENSE ---
%% This notice is provided with respect to Joni library which is included
with the Nashorn technology.
--- begin of LICENSE ---
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
--- end of LICENSE ---
-------------------------------------------------------------------------------
%% This notice is provided with respect to FontConfig 2.5, which may be
included with JRE 8, JDK 8, and OpenJDK 8 source distributions on
Linux and Solaris.
......@@ -952,6 +935,74 @@ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--- end of LICENSE ---
-------------------------------------------------------------------------------
%% This notice is provided with respect to freebXML Registry 3.0 & 3.1,
which may be included with JRE 8, JDK 8, and OpenJDK 8.
--- begin of LICENSE ---
freebxml: Copyright (c) 2001 freebxml.org. All rights reserved.
The names "The freebXML Registry Project" and "freebxml Software
Foundation" must not be used to endorse or promote products derived
from this software or be used in a product name without prior
written permission. For written permission, please contact
ebxmlrr-team@lists.sourceforge.net.
This software consists of voluntary contributions made by many individuals
on behalf of the the freebxml Software Foundation. For more information on
the freebxml Software Foundation, please see <http://www.freebxml.org/>.
This product includes software developed by the Apache Software Foundation
(http://www.apache.org/).
The freebxml License, Version 1.1 5
Copyright (c) 2001 freebxml.org. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
3. The end-user documentation included with the redistribution, if
any, must include the following acknowlegement:
"This product includes software developed by
freebxml.org (http://www.freebxml.org/)."
Alternately, this acknowlegement may appear in the software itself,
if and wherever such third-party acknowlegements normally appear.
4. The names "The freebXML Registry Project", "freebxml Software
Foundation" must not be used to endorse or promote products derived
from this software without prior written permission. For written
permission, please contact ebxmlrr-team@lists.sourceforge.net.
5. Products derived from this software may not be called "freebxml",
"freebXML Registry" nor may freebxml" appear in their names without
prior written permission of the freebxml Group.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE freebxml SOFTWARE FOUNDATION OR
ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
--- end of LICENSE ---
-------------------------------------------------------------------------------
......@@ -1083,6 +1134,47 @@ assumed by the product vendor.
--------------------------------------------------------------------------------
%% This notice is provided with respect to Jing 20030619, which may
be included with JRE 8, JDK 8, and OpenJDK 8.
--- begin of LICENSE ---
Copyright (c) 2001-2003 Thai Open Source Software Center Ltd All
rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
Neither the name of the Thai Open Source Software Center Ltd nor
the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
--- end of LICENSE ---
--------------------------------------------------------------------------------
%% This notice is provided with respect to Joni v1.1.9, which may be
included with JRE 8, JDK 8, and OpenJDK 8.
......@@ -1215,7 +1307,7 @@ included with JDK 8 and OpenJDK 8 source distributions.
-------------------------------------------------------------------------------
%% Portions Copyright Eastman Kodak Company 1992
%% Portions Copyright Eastman Kodak Company 1991-2003
-------------------------------------------------------------------------------
......@@ -1339,8 +1431,8 @@ December 22, 2014
-------------------------------------------------------------------------------
%% This notice is provided with respect to GIFLIB 5.1.1 & libungif 4.1.3, which may be
included with JRE 8, JDK 8, and OpenJDK 8.
%% This notice is provided with respect to GIFLIB 5.1.1 & libungif 4.1.3,
which may be included with JRE 8, JDK 8, and OpenJDK 8.
--- begin of LICENSE ---
......@@ -1972,67 +2064,45 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-------------------------------------------------------------------------------
%% This notice is provided with respect to SAX 2.0.1, which may be included
with JRE 8, JDK 8, and OpenJDK 8.
--- begin of LICENSE ---
SAX is free!
In fact, it's not possible to own a license to SAX, since it's been placed in
the public domain.
%% This notice is provided with respect to Relax NG Datatype 1.0, which
may be included with JRE 8, JDK 8, and OpenJDK 8.
No Warranty
--- begin of LICENSE ---
Because SAX is released to the public domain, there is no warranty for the
design or for the software implementation, to the extent permitted by
applicable law. Except when otherwise stated in writing the copyright holders
and/or other parties provide SAX "as is" without warranty of any kind, either
expressed or implied, including, but not limited to, the implied warranties
of merchantability and fitness for a particular purpose. The entire risk as
to the quality and performance of SAX is with you. Should SAX prove
defective, you assume the cost of all necessary servicing, repair or
correction.
In no event unless required by applicable law or agreed to in writing will
any copyright holder, or any other party who may modify and/or redistribute
SAX, be liable to you for damages, including any general, special, incidental
or consequential damages arising out of the use or inability to use SAX
(including but not limited to loss of data or data being rendered inaccurate
or losses sustained by you or third parties or a failure of the SAX to
operate with any other programs), even if such holder or other party has been
advised of the possibility of such damages.
Copyright Disclaimers
This page includes statements to that effect by David Megginson, who would
have been able to claim copyright for the original work. SAX 1.0
Version 1.0 of the Simple API for XML (SAX), created collectively by the
membership of the XML-DEV mailing list, is hereby released into the public
domain.
No one owns SAX: you may use it freely in both commercial and non-commercial
applications, bundle it with your software distribution, include it on a
CD-ROM, list the source code in a book, mirror the documentation at your own
web site, or use it in any other way you see fit.
David Megginson, sax@megginson.com
1998-05-11
SAX 2.0
Copyright (c) 2005, 2010 Thai Open Source Software Center Ltd
All rights reserved.
I hereby abandon any property rights to SAX 2.0 (the Simple API for XML), and
release all of the SAX 2.0 source code, compiled code, and documentation
contained in this distribution into the Public Domain. SAX comes with NO
WARRANTY or guarantee of fitness for any purpose.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
David Megginson, david@megginson.com
2000-05-05
Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
Neither the names of the copyright holders nor the names of its
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- end of LICENSE ---
--- end of LICENSE ---
-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
%% This notice is provided with respect to SoftFloat version 2b, which may be
included with JRE 8, JDK 8, and OpenJDK 8 on Linux/ARM.
......@@ -2518,58 +2588,66 @@ included with JRE 8, JDK 8, and OpenJDK 8 on Linux and Solaris.
--- begin of LICENSE ---
Licenses
The X.Org Foundation March 2004
1. Introduction
The X.org Foundation X Window System distribution is a compilation of code and
documentation from many sources. This document is intended primarily as a
guide to the licenses used in the distribution: you must check each file
and/or package for precise redistribution terms. None-the-less, this summary
may be useful to many users. No software incorporating the XFree86 1.1 license
has been incorporated.
This document is based on the compilation from XFree86.
2. XFree86 License
XFree86 code without an explicit copyright is covered by the following
copyright/license:
Copyright (C) 1994-2003 The XFree86 Project, Inc. All Rights Reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
This is the copyright for the files in src/solaris/native/sun/awt: list.h,
multiVis.h, wsutils.h, list.c, multiVis.c
Copyright (c) 1994 Hewlett-Packard Co.
Copyright (c) 1996 X Consortium
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
Except as contained in this notice, the name of the X Consortium shall
not be used in advertising or otherwise to promote the sale, use or
other dealings in this Software without prior written authorization
from the X Consortium.
___________________________
The files in motif/lib/Xm/util included this copyright:mkdirhier.man,
xmkmf.man, chownxterm.c, makeg.man, mergelib.cpp, lndir.man, makestrs.man,
checktree.c, lndir.c, makestrs.c
Copyright (c) 1993, 1994 X Consortium
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the "Software"),
to deal in the Software without restriction, including without limitation
the rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or sell copies of the Software, and to permit persons to whom the
Software furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
XFREE86 PROJECT BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Except as contained in this notice, the name of the XFree86 Project shall not
be used in advertising or otherwise to promote the sale, use or other dealings
in this Software without prior written authorization from the XFree86 Project.
3. Other Licenses
Portions of code are covered by the following licenses/copyrights. See
individual files for the copyright dates.
3.1. X/MIT Copyrights
3.1.1. X Consortium
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Copyright (C) <date> X Consortium
Except as contained in this notice, the name of the X Consortium shall not
be used in advertising or otherwise to promote the sale, use or other
dealing in this Software without prior written authorization from the
X Consortium.
_____________________________
Xmos_r.h:
/*
Copyright (c) 1996 X Consortium
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
......@@ -2578,741 +2656,153 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE X
CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Except as contained in this notice, the name of the X Consortium shall not be
used in advertising or otherwise to promote the sale, use or other dealings in
this Software without prior written authorization from the X Consortium.
X Window System is a trademark of X Consortium, Inc.
used in advertising or otherwise to promote the sale, use or other dealings
in this Software without prior written authorization from the X Consortium.
*/
3.1.2. The Open Group
_____________________________
Copyright notice for extutil.h:
Copyright 1989, 1998 The Open Group
Copyright <date> The Open Group
All Rights Reserved.
Permission to use, copy, modify, distribute, and sell this software and its
documentation for any purpose is hereby granted without fee, provided that the
above copyright notice appear in all copies and that both that copyright
notice and this permission notice appear in supporting documentation.
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Except as contained in this notice, the name of The Open Group shall not be
used in advertising or otherwise to promote the sale, use or other dealings in
this Software without prior written authorization from The Open Group. 3.2.
Berkeley-based copyrights:
o
3.2.1. General
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. The name of the author may not be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE. 3.2.2. UCB/LBL
Copyright (c) 1993 The Regents of the University of California. All rights
reserved.
This software was developed by the Computer Systems Engineering group at
Lawrence Berkeley Laboratory under DARPA contract BG 91-66 and contributed to
Berkeley.
All advertising materials mentioning features or use of this software must
display the following acknowledgement: This product includes software
developed by the University of California, Lawrence Berkeley Laboratory.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement: This product includes software
developed by the University of California, Berkeley and its contributors.
4. Neither the name of the University nor the names of its contributors may
be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 3.2.3. The
NetBSD Foundation, Inc.
Copyright (c) 2003 The NetBSD Foundation, Inc. All rights reserved.
This code is derived from software contributed to The NetBSD Foundation by Ben
Collver <collver1@attbi.com>
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement: This product includes software
developed by the NetBSD Foundation, Inc. and its contributors.
used in advertising or otherwise to promote the sale, use or other dealings
in this Software without prior written authorization from The Open Group.
*
* Author: Jim Fulton, MIT The Open Group
*
* Xlib Extension-Writing Utilities
*
* This package contains utilities for writing the client API for various
* protocol extensions. THESE INTERFACES ARE NOT PART OF THE X STANDARD AND
* ARE SUBJECT TO CHANGE!
*/
_____________________________
Copyright notice for HPkeysym.h:
/*
Copyright 1987, 1998 The Open Group
All Rights Reserved.
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
Except as contained in this notice, the name of The Open Group shall
not be used in advertising or otherwise to promote the sale, use or
other dealings in this Software without prior written authorization
from The Open Group.
Copyright 1987 by Digital Equipment Corporation, Maynard, Massachusetts,
All Rights Reserved
4. Neither the name of The NetBSD Foundation nor the names of its
contributors may be used to endorse or promote products derived from this
software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS ``AS
IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 3.2.4. Theodore
Ts'o.
Copyright Theodore Ts'o, 1994, 1995, 1996, 1997, 1998, 1999. All rights
reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
and the entire permission notice in its entirety, including the disclaimer
of warranties.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. he name of the author may not be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE, ALL OF WHICH ARE HEREBY DISCLAIMED. IN NO
EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE. 3.2.5. Theo de Raadt and Damien Miller
Copyright (c) 1995,1999 Theo de Raadt. All rights reserved. Copyright (c)
2001-2002 Damien Miller. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE. 3.2.6. Todd C. Miller
Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
Permission to use, copy, modify, and distribute this software for any purpose
with or without fee is hereby granted, provided that the above copyright
notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND TODD C. MILLER DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL TODD C. MILLER BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 3.2.7. Thomas
Winischhofer
Copyright (C) 2001-2004 Thomas Winischhofer
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the names of Hewlett Packard
or Digital not be
used in advertising or publicity pertaining to distribution of the
software without specific, written prior permission.
DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
SOFTWARE.
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
HEWLETT-PACKARD MAKES NO WARRANTY OF ANY KIND WITH REGARD
TO THIS SOFWARE, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. Hewlett-Packard shall not be liable for errors
contained herein or direct, indirect, special, incidental or
consequential damages in connection with the furnishing,
performance, or use of this material.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
*/
_____________________________________
Copyright notice in keysym2ucs.h:
3. The name of the author may not be used to endorse or promote products
derived from this software without specific prior written permission.
Copyright 1987, 1994, 1998 The Open Group
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESSED OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE. 3.3. NVIDIA Corp
Copyright (c) 1996 NVIDIA, Corp. All rights reserved.
Permission to use, copy, modify, distribute, and sell this software and its
documentation for any purpose is hereby granted without fee, provided that
the above copyright notice appear in all copies and that both that
copyright notice and this permission notice appear in supporting
documentation.
NOTICE TO USER: The source code is copyrighted under U.S. and international
laws. NVIDIA, Corp. of Sunnyvale, California owns the copyright and as design
patents pending on the design and interface of the NV chips. Users and
possessors of this source code are hereby granted a nonexclusive, royalty-free
copyright and design patent license to use this code in individual and
commercial software.
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
Any use of this source code must include, in the user documentation and
internal comments to the code, notices to the end user as follows:
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
Copyright (c) 1996 NVIDIA, Corp. NVIDIA design patents pending in the U.S. and
foreign countries.
Except as contained in this notice, the name of The Open Group shall
not be used in advertising or otherwise to promote the sale, use or
other dealings in this Software without prior written authorization
from The Open Group.
NVIDIA, CORP. MAKES NO REPRESENTATION ABOUT THE SUITABILITY OF THIS SOURCE
CODE FOR ANY PURPOSE. IT IS PROVIDED "AS IS" WITHOUT EXPRESS OR IMPLIED
WARRANTY OF ANY KIND. NVIDIA, CORP. DISCLAIMS ALL WARRANTIES WITH REGARD TO
THIS SOURCE CODE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL NVIDIA, CORP. BE LIABLE
FOR ANY SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, OR ANY
DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOURCE CODE. 3.4. GLX Public
License
GLX PUBLIC LICENSE (Version 1.0 (2/11/99)) ("License")
Subject to any third party claims, Silicon Graphics, Inc. ("SGI") hereby
grants permission to Recipient (defined below), under Recipient's copyrights
in the Original Software (defined below), to use, copy, modify, merge,
publish, distribute, sublicense and/or sell copies of Subject Software
(defined below), and to permit persons to whom the Subject Software is
furnished in accordance with this License to do the same, subject to all of
the following terms and conditions, which Recipient accepts by engaging in any
such use, copying, modifying, merging, publishing, distributing, sublicensing
or selling:
1. Definitions.
(a) "Original Software" means source code of computer software code which
is described in Exhibit A as Original Software.
(b) "Modifications" means any addition to or deletion from the substance
or structure of either the Original Software or any previous
Modifications. When Subject Software is released as a series of files, a
Modification means (i) any addition to or deletion from the contents of a
file containing Original Software or previous Modifications and (ii) any
new file that contains any part of the Original Code or previous
Modifications.
(c) "Subject Software" means the Original Software or Modifications or the
combination of the Original Software and Modifications, or portions of any
of the foregoing.
(d) "Recipient" means an individual or a legal entity exercising rights
under, and complying with all of the terms of, this License. For legal
entities, "Recipient" includes any entity which controls, is controlled
by, or is under common control with Recipient. For purposes of this
definition, "control" of an entity means (a) the power, direct or
indirect, to direct or manage such entity, or (b) ownership of fifty
percent (50%) or more of the outstanding shares or beneficial ownership of
such entity.
2. Redistribution of Source Code Subject to These Terms. Redistributions of
Subject Software in source code form must retain the notice set forth in
Exhibit A, below, in every file. A copy of this License must be included in
any documentation for such Subject Software where the recipients' rights
relating to Subject Software are described. Recipient may distribute the
source code version of Subject Software under a license of Recipient's choice,
which may contain terms different from this License, provided that (i)
Recipient is in compliance with the terms of this License, and (ii) the
license terms include this Section 2 and Sections 3, 4, 7, 8, 10, 12 and 13 of
this License, which terms may not be modified or superseded by any other terms
of such license. If Recipient distributes the source code version under a
different license Recipient must make it absolutely clear that any terms which
differ from this License are offered by Recipient alone, not by SGI. Recipient
hereby agrees to indemnify SGI for any liability incurred by SGI as a result
of any such terms Recipient offers.
3. Redistribution in Executable Form. The notice set forth in Exhibit A must
be conspicuously included in any notice in an executable version of Subject
Software, related documentation or collateral in which Recipient describes the
user's rights relating to the Subject Software. Recipient may distribute the
executable version of Subject Software under a license of Recipient's choice,
which may contain terms different from this License, provided that (i)
Recipient is in compliance with the terms of this License, and (ii) the
license terms include this Section 3 and Sections 4, 7, 8, 10, 12 and 13 of
this License, which terms may not be modified or superseded by any other terms
of such license. If Recipient distributes the executable version under a
different license Recipient must make it absolutely clear that any terms which
differ from this License are offered by Recipient alone, not by SGI. Recipient
hereby agrees to indemnify SGI for any liability incurred by SGI as a result
of any such terms Recipient offers.
4. Termination. This License and the rights granted hereunder will terminate
automatically if Recipient fails to comply with terms herein and fails to cure
such breach within 30 days of the breach. Any sublicense to the Subject
Software which is properly granted shall survive any termination of this
License absent termination by the terms of such sublicense. Provisions which,
by their nature, must remain in effect beyond the termination of this License
shall survive.
5. No Trademark Rights. This License does not grant any rights to use any
trade name, trademark or service mark whatsoever. No trade name, trademark or
service mark of SGI may be used to endorse or promote products derived from
the Subject Software without prior written permission of SGI.
6. No Other Rights. This License does not grant any rights with respect to the
OpenGL API or to any software or hardware implementation thereof or to any
other software whatsoever, nor shall any other rights or licenses not
expressly granted hereunder arise by implication, estoppel or otherwise with
respect to the Subject Software. Title to and ownership of the Original
Software at all times remains with SGI. All rights in the Original Software
not expressly granted under this License are reserved.
7. Compliance with Laws; Non-Infringement. Recipient shall comply with all
applicable laws and regulations in connection with use and distribution of the
Subject Software, including but not limited to, all export and import control
laws and regulations of the U.S. government and other countries. Recipient may
not distribute Subject Software that (i) in any way infringes (directly or
contributorily) the rights (including patent, copyright, trade secret,
trademark or other intellectual property rights of any kind) of any other
person or entity or (ii) breaches any representation or warranty, express,
implied or statutory, which under any applicable law it might be deemed to
have been distributed.
8. Claims of Infringement. If Recipient at any time has knowledge of any one
or more third party claims that reproduction, modification, use, distribution,
import or sale of Subject Software (including particular functionality or code
incorporated in Subject Software) infringes the third party's intellectual
property rights, Recipient must place in a well-identified web page bearing
the title "LEGAL" a description of each such claim and a description of the
party making each such claim in sufficient detail that a user of the Subject
Software will know whom to contact regarding the claim. Also, upon gaining
such knowledge of any such claim, Recipient must conspicuously include the URL
for such web page in the Exhibit A notice required under Sections 2 and 3,
above, and in the text of any related documentation, license agreement or
collateral in which Recipient describes end user's rights relating to the
Subject Software. If Recipient obtains such knowledge after it makes Subject
Software available to any other person or entity, Recipient shall take other
steps (such as notifying appropriate mailing lists or newsgroups) reasonably
calculated to inform those who received the Subject Software that new
knowledge has been obtained.
9. DISCLAIMER OF WARRANTY. SUBJECT SOFTWARE IS PROVIDED ON AN "AS IS" BASIS,
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, WARRANTIES THAT THE SUBJECT SOFTWARE IS FREE OF DEFECTS,
MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON- INFRINGING. SGI ASSUMES NO
RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE. SHOULD ANY SOFTWARE
PROVE DEFECTIVE IN ANY RESPECT, SGI ASSUMES NO COST OR LIABILITY FOR ANY
SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN
ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY SUBJECT SOFTWARE IS AUTHORIZED
HEREUNDER EXCEPT UNDER THIS DISCLAIMER.
10. LIMITATION OF LIABILITY. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY,
WHETHER TORT (INCLUDING, WITHOUT LIMITATION, NEGLIGENCE OR STRICT LIABILITY),
CONTRACT, OR OTHERWISE, SHALL SGI OR ANY SGI LICENSOR BE LIABLE FOR ANY
DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY
CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK
STOPPAGE, LOSS OF DATA, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER
COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF
THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY
TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SGI's NEGLIGENCE TO
THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT
ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO
THAT EXCLUSION AND LIMITATION MAY NOT APPLY TO RECIPIENT.
11. Indemnity. Recipient shall be solely responsible for damages arising,
directly or indirectly, out of its utilization of rights under this License.
Recipient will defend, indemnify and hold harmless Silicon Graphics, Inc. from
and against any loss, liability, damages, costs or expenses (including the
payment of reasonable attorneys fees) arising out of Recipient's use,
modification, reproduction and distribution of the Subject Software or out of
any representation or warranty made by Recipient.
12. U.S. Government End Users. The Subject Software is a "commercial item"
consisting of "commercial computer software" as such terms are defined in
title 48 of the Code of Federal Regulations and all U.S. Government End Users
acquire only the rights set forth in this License and are subject to the terms
of this License.
13. Miscellaneous. This License represents the complete agreement concerning
subject matter hereof. If any provision of this License is held to be
unenforceable, such provision shall be reformed so as to achieve as nearly as
possible the same economic effect as the original provision and the remainder
of this License will remain in effect. This License shall be governed by and
construed in accordance with the laws of the United States and the State of
California as applied to agreements entered into and to be performed entirely
within California between California residents. Any litigation relating to
this License shall be subject to the exclusive jurisdiction of the Federal
Courts of the Northern District of California (or, absent subject matter
jurisdiction in such courts, the courts of the State of California), with
venue lying exclusively in Santa Clara County, California, with the losing
party responsible for costs, including without limitation, court costs and
reasonable attorneys fees and expenses. The application of the United Nations
Convention on Contracts for the International Sale of Goods is expressly
excluded. Any law or regulation which provides that the language of a contract
shall be construed against the drafter shall not apply to this License.
Exhibit A
The contents of this file are subject to Sections 2, 3, 4, 7, 8, 10, 12 and 13
of the GLX Public License Version 1.0 (the "License"). You may not use this
file except in compliance with those sections of the License. You may obtain a
copy of the License at Silicon Graphics, Inc., attn: Legal Services, 2011 N.
Shoreline Blvd., Mountain View, CA 94043 or at
http://www.sgi.com/software/opensource/glx/license.html.
Software distributed under the License is distributed on an "AS IS" basis. ALL
WARRANTIES ARE DISCLAIMED, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED
WARRANTIES OF MERCHANTABILITY, OF FITNESS FOR A PARTICULAR PURPOSE OR OF NON-
INFRINGEMENT. See the License for the specific language governing rights and
limitations under the License.
The Original Software is GLX version 1.2 source code, released February, 1999.
The developer of the Original Software is Silicon Graphics, Inc. Those
portions of the Subject Software created by Silicon Graphics, Inc. are
Copyright (c) 1991-9 Silicon Graphics, Inc. All Rights Reserved. 3.5. CID
Font Code Public License
CID FONT CODE PUBLIC LICENSE (Version 1.0 (3/31/99))("License")
Subject to any applicable third party claims, Silicon Graphics, Inc. ("SGI")
hereby grants permission to Recipient (defined below), under SGI's copyrights
in the Original Software (defined below), to use, copy, modify, merge,
publish, distribute, sublicense and/or sell copies of Subject Software
(defined below) in both source code and executable form, and to permit persons
to whom the Subject Software is furnished in accordance with this License to
do the same, subject to all of the following terms and conditions, which
Recipient accepts by engaging in any such use, copying, modifying, merging,
publication, distributing, sublicensing or selling:
1. Definitions.
a. "Original Software" means source code of computer software code that is
described in Exhibit A as Original Software.
b. "Modifications" means any addition to or deletion from the substance or
structure of either the Original Software or any previous Modifications.
When Subject Software is released as a series of files, a Modification
means (i) any addition to or deletion from the contents of a file
containing Original Software or previous Modifications and (ii) any new
file that contains any part of the Original Code or previous
Modifications.
c. "Subject Software" means the Original Software or Modifications or the
combination of the Original Software and Modifications, or portions of any
of the foregoing.
d. "Recipient" means an individual or a legal entity exercising rights
under the terms of this License. For legal entities, "Recipient" includes
any entity that controls, is controlled by, or is under common control
with Recipient. For purposes of this definition, "control" of an entity
means (i) the power, direct or indirect, to direct or manage such entity,
or (ii) ownership of fifty percent (50%) or more of the outstanding shares
or beneficial ownership of such entity.
e. "Required Notice" means the notice set forth in Exhibit A to this
License.
f. "Accompanying Technology" means any software or other technology that
is not a Modification and that is distributed or made publicly available
by Recipient with the Subject Software. Separate software files that do
not contain any Original Software or any previous Modification shall not
be deemed a Modification, even if such software files are aggregated as
part of a product, or in any medium of storage, with any file that does
contain Original Software or any previous Modification.
2. License Terms. All distribution of the Subject Software must be made
subject to the terms of this License. A copy of this License and the Required
Notice must be included in any documentation for Subject Software where
Recipient's rights relating to Subject Software and/or any Accompanying
Technology are described. Distributions of Subject Software in source code
form must also include the Required Notice in every file distributed. In
addition, a ReadMe file entitled "Important Legal Notice" must be distributed
with each distribution of one or more files that incorporate Subject Software.
That file must be included with distributions made in both source code and
executable form. A copy of the License and the Required Notice must be
included in that file. Recipient may distribute Accompanying Technology under
a license of Recipient's choice, which may contain terms different from this
License, provided that (i) Recipient is in compliance with the terms of this
License, (ii) such other license terms do not modify or supersede the terms of
this License as applicable to the Subject Software, (iii) Recipient hereby
indemnifies SGI for any liability incurred by SGI as a result of the
distribution of Accompanying Technology or the use of other license terms.
3. Termination. This License and the rights granted hereunder will terminate
automatically if Recipient fails to comply with terms herein and fails to cure
such breach within 30 days of the breach. Any sublicense to the Subject
Software that is properly granted shall survive any termination of this
License absent termination by the terms of such sublicense. Provisions which,
by their nature, must remain in effect beyond the termination of this License
shall survive.
4. Trademark Rights. This License does not grant any rights to use any trade
name, trademark or service mark whatsoever. No trade name, trademark or
service mark of SGI may be used to endorse or promote products derived from or
incorporating any Subject Software without prior written permission of SGI.
5. No Other Rights. No rights or licenses not expressly granted hereunder
shall arise by implication, estoppel or otherwise. Title to and ownership of
the Original Software at all times remains with SGI. All rights in the
Original Software not expressly granted under this License are reserved.
6. Compliance with Laws; Non-Infringement. Recipient shall comply with all
applicable laws and regulations in connection with use and distribution of the
Subject Software, including but not limited to, all export and import control
laws and regulations of the U.S. government and other countries. Recipient may
not distribute Subject Software that (i) in any way infringes (directly or
contributorily) the rights (including patent, copyright, trade secret,
trademark or other intellectual property rights of any kind) of any other
person or entity, or (ii) breaches any representation or warranty, express,
implied or statutory, which under any applicable law it might be deemed to
have been distributed.
7. Claims of Infringement. If Recipient at any time has knowledge of any one
or more third party claims that reproduction, modification, use, distribution,
import or sale of Subject Software (including particular functionality or code
incorporated in Subject Software) infringes the third party's intellectual
property rights, Recipient must place in a well-identified web page bearing
the title "LEGAL" a description of each such claim and a description of the
party making each such claim in sufficient detail that a user of the Subject
Software will know whom to contact regarding the claim. Also, upon gaining
such knowledge of any such claim, Recipient must conspicuously include the URL
for such web page in the Required Notice, and in the text of any related
documentation, license agreement or collateral in which Recipient describes
end user's rights relating to the Subject Software. If Recipient obtains such
knowledge after it makes Subject Software available to any other person or
entity, Recipient shall take other steps (such as notifying appropriate
mailing lists or newsgroups) reasonably calculated to provide such knowledge
to those who received the Subject Software.
8. DISCLAIMER OF WARRANTY. SUBJECT SOFTWARE IS PROVIDED ON AN "AS IS" BASIS,
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, WARRANTIES THAT THE SUBJECT SOFTWARE IS FREE OF DEFECTS,
MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. SGI ASSUMES NO
RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE. SHOULD ANY SOFTWARE
PROVE DEFECTIVE IN ANY RESPECT, SGI ASSUMES NO COST OR LIABILITY FOR ANY
SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN
ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY SUBJECT SOFTWARE IS AUTHORIZED
HEREUNDER EXCEPT UNDER THIS DISCLAIMER.
9. LIMITATION OF LIABILITY. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY,
WHETHER TORT (INCLUDING, WITHOUT LIMITATION, NEGLIGENCE OR STRICT LIABILITY),
CONTRACT, OR OTHERWISE, SHALL SGI OR ANY SGI LICENSOR BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SUBJECT SOFTWARE OR
THE USE OR OTHER DEALINGS IN THE SUBJECT SOFTWARE. SOME JURISDICTIONS DO NOT
ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES, SO THIS EXCLUSION AND
LIMITATION MAY NOT APPLY TO RECIPIENT TO THE EXTENT SO DISALLOWED.
10. Indemnity. Recipient shall be solely responsible for damages arising,
directly or indirectly, out of its utilization of rights under this License.
Recipient will defend, indemnify and hold SGI and its successors and assigns
harmless from and against any loss, liability, damages, costs or expenses
(including the payment of reasonable attorneys fees) arising out of
(Recipient's use, modification, reproduction and distribution of the Subject
Software or out of any representation or warranty made by Recipient.
11. U.S. Government End Users. The Subject Software is a "commercial item"
consisting of "commercial computer software" as such terms are defined in
title 48 of the Code of Federal Regulations and all U.S. Government End Users
acquire only the rights set forth in this License and are subject to the terms
of this License.
12. Miscellaneous. This License represents the complete agreement concerning
subject matter hereof. If any provision of this License is held to be
unenforceable by any judicial or administrative authority having proper
jurisdiction with respect thereto, such provision shall be reformed so as to
achieve as nearly as possible the same economic effect as the original
provision and the remainder of this License will remain in effect. This
License shall be governed by and construed in accordance with the laws of the
United States and the State of California as applied to agreements entered
into and to be performed entirely within California between California
residents. Any litigation relating to this License shall be subject to the
exclusive jurisdiction of the Federal Courts of the Northern District of
California (or, absent subject matter jurisdiction in such courts, the courts
of the State of California), with venue lying exclusively in Santa Clara
County, California, with the losing party responsible for costs, including
without limitation, court costs and reasonable attorneys fees and expenses.
The application of the United Nations Convention on Contracts for the
International Sale of Goods is expressly excluded. Any law or regulation that
provides that the language of a contract shall be construed against the
drafter shall not apply to this License.
Exhibit A
Copyright (c) 1994-1999 Silicon Graphics, Inc.
The contents of this file are subject to the CID Font Code Public License
Version 1.0 (the "License"). You may not use this file except in compliance
with the License. You may obtain a copy of the License at Silicon Graphics,
Inc., attn: Legal Services, 2011 N. Shoreline Blvd., Mountain View, CA 94043
or at http://www.sgi.com/software/opensource/cid/license.html
Software distributed under the License is distributed on an "AS IS" basis. ALL
WARRANTIES ARE DISCLAIMED, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED
WARRANTIES OF MERCHANTABILITY, OF FITNESS FOR A PARTICULAR PURPOSE OR OF
NON-INFRINGEMENT. See the License for the specific language governing rights
and limitations under the License.
The Original Software (as defined in the License) is CID font code that was
developed by Silicon Graphics, Inc. Those portions of the Subject Software (as
defined in the License) that were created by Silicon Graphics, Inc. are
Copyright (c) 1994-1999 Silicon Graphics, Inc. All Rights Reserved.
[NOTE: When using this text in connection with Subject Software delivered
solely in object code form, Recipient may replace the words "this file" with
"this software" in both the first and second sentences.] 3.6. Bitstream Vera
Fonts Copyright
The fonts have a generous copyright, allowing derivative works (as long as
"Bitstream" or "Vera" are not in the names), and full redistribution (so long
as they are not *sold* by themselves). They can be be bundled, redistributed
and sold with any software.
The fonts are distributed under the following copyright:
Copyright (c) 2003 by Bitstream, Inc. All Rights Reserved. Bitstream Vera is a
trademark of Bitstream, Inc.
Permission is hereby granted, free of charge, to any person obtaining a copy
of the fonts accompanying this license ("Fonts") and associated documentation
files (the "Font Software"), to reproduce and distribute the Font Software,
including without limitation the rights to use, copy, merge, publish,
distribute, and/or sell copies of the Font Software, and to permit persons to
whom the Font Software is furnished to do so, subject to the following
conditions:
Copyright 1987 by Digital Equipment Corporation, Maynard, Massachusetts
The above copyright and trademark notices and this permission notice shall be
included in all copies of one or more of the Font Software typefaces.
The Font Software may be modified, altered, or added to, and in particular the
designs of glyphs or characters in the Fonts may be modified and additional
glyphs or characters may be added to the Fonts, only if the fonts are renamed
to names not containing either the words "Bitstream" or the word "Vera".
This License becomes null and void to the extent applicable to Fonts or Font
Software that has been modified and is distributed under the "Bitstream Vera"
names.
The Font Software may be sold as part of a larger software package but no copy
of one or more of the Font Software typefaces may be sold by itself.
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF COPYRIGHT, PATENT,
TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL BITSTREAM OR THE GNOME FOUNDATION
BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, INCLUDING ANY GENERAL,
SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF THE USE OR INABILITY TO
USE THE FONT SOFTWARE OR FROM OTHER DEALINGS IN THE FONT SOFTWARE.
Except as contained in this notice, the names of Gnome, the Gnome Foundation,
and Bitstream Inc., shall not be used in advertising or otherwise to promote
the sale, use or other dealings in this Font Software without prior written
authorization from the Gnome Foundation or Bitstream Inc., respectively. For
further information, contact: fonts at gnome dot org. 3.7. Bigelow & Holmes
Inc and URW++ GmbH Luxi font license
Luxi fonts copyright (c) 2001 by Bigelow & Holmes Inc. Luxi font instruction
code copyright (c) 2001 by URW++ GmbH. All Rights Reserved. Luxi is a
registered trademark of Bigelow & Holmes Inc.
All Rights Reserved
Permission is hereby granted, free of charge, to any person obtaining a copy
of these Fonts and associated documentation files (the "Font Software"), to
deal in the Font Software, including without limitation the rights to use,
copy, merge, publish, distribute, sublicense, and/or sell copies of the Font
Software, and to permit persons to whom the Font Software is furnished to do
so, subject to the following conditions:
The above copyright and trademark notices and this permission notice shall be
included in all copies of one or more of the Font Software.
The Font Software may not be modified, altered, or added to, and in particular
the designs of glyphs or characters in the Fonts may not be modified nor may
additional glyphs or characters be added to the Fonts. This License becomes
null and void when the Fonts or Font Software have been modified.
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF COPYRIGHT, PATENT,
TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL BIGELOW & HOLMES INC. OR URW++
GMBH. BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, INCLUDING ANY
GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, WHETHER IN
AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF THE USE OR
INABILITY TO USE THE FONT SOFTWARE OR FROM OTHER DEALINGS IN THE FONT
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the name of Digital not be
used in advertising or publicity pertaining to distribution of the
software without specific, written prior permission.
DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
SOFTWARE.
Except as contained in this notice, the names of Bigelow & Holmes Inc. and
URW++ GmbH. shall not be used in advertising or otherwise to promote the sale,
use or other dealings in this Font Software without prior written
authorization from Bigelow & Holmes Inc. and URW++ GmbH.
For further information, contact:
info@urwpp.de or design@bigelowandholmes.com
*/
--- end of LICENSE ---
......@@ -3325,7 +2815,7 @@ with JRE 8, JDK 8, and OpenJDK 8.
version 1.2.11, January 15th, 2017
Copyright (C) 1995-2013 Jean-loup Gailly and Mark Adler
Copyright (C) 1995-2017 Jean-loup Gailly and Mark Adler
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
......@@ -3361,7 +2851,6 @@ included with JRE 8, JDK 8, and OpenJDK 8.
Apache Xalan-Java 2.7.1
Apache Xerces Java 2.10.0
Apache XML Resolver 1.1
Dynalink 0.5
--- begin of LICENSE ---
......
make/GenerateClasses.gmk
浏览文件 @ d904de00
......@@ -78,13 +78,6 @@ $(eval $(call SetupRMICompilation,RMI_12, \
RUN_V12 := true))
GENCLASSES += $(RMI_12)
$(eval $(call SetupRMICompilation,RMI_11, \
CLASSES := sun.rmi.registry.RegistryImpl, \
CLASSES_DIR := $(CLASSES_DIR), \
STUB_CLASSES_DIR := $(STUB_CLASSES_DIR), \
RUN_V11 := true))
GENCLASSES += $(RMI_11)
# For RMI/IIOP call rmic a second time with -standardPackage option
# so that *_tie classes are generated in package without the prefix
# org.omg.stub (6375696)
......@@ -111,7 +104,7 @@ GENCLASSES += $(filter %.java, $(RMI_SRC))
##########################################################################################
$(RMI_12) $(RMI_11) $(RMI_IIOP) $(RMI_SRC): $(BUILD_BOOTSTRAP_RMIC)
$(RMI_12) $(RMI_IIOP) $(RMI_SRC): $(BUILD_BOOTSTRAP_RMIC)
$(RMIC_GENSRC_DIR)/_the.classes.removed: $(GENCLASSES)
$(FIND) $(RMIC_GENSRC_DIR) -name "*.class" $(FIND_DELETE)
......
src/share/classes/com/sun/accessibility/internal/resources/accessibility_sv.properties
浏览文件 @ d904de00
......@@ -93,7 +93,7 @@ pressed=nedtryckt
resizable=storleks\u00E4ndringsbar
selectable=valbar
selected=vald
showing=visas
showing=visar
singleline=en rad
transient=tillf\u00E4llig
visible=synlig
......
src/share/classes/com/sun/jndi/ldap/LdapClient.java
浏览文件 @ d904de00
/*
* Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -1233,6 +1233,7 @@ public final class LdapClient implements PooledConnection {
static final int LDAP_REF_FOLLOW = 0x01; // follow referrals
static final int LDAP_REF_THROW = 0x02; // throw referral ex.
static final int LDAP_REF_IGNORE = 0x03; // ignore referrals
static final int LDAP_REF_FOLLOW_SCHEME = 0x04; // follow referrals of the same scheme
static final String LDAP_URL = "ldap://"; // LDAPv3
static final String LDAPS_URL = "ldaps://"; // LDAPv3
......
src/share/classes/com/sun/jndi/ldap/LdapCtx.java
浏览文件 @ d904de00
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -2413,6 +2413,9 @@ final public class LdapCtx extends ComponentDirContext
// First determine the referral mode
if (ref != null) {
switch (ref) {
case "follow-scheme":
handleReferrals = LdapClient.LDAP_REF_FOLLOW_SCHEME;
break;
case "follow":
handleReferrals = LdapClient.LDAP_REF_FOLLOW;
break;
......@@ -2975,8 +2978,23 @@ final public class LdapCtx extends ComponentDirContext
r = new LdapReferralException(resolvedName, resolvedObj, remainName,
msg, envprops, fullDN, handleReferrals, reqCtls);
// only one set of URLs is present
r.setReferralInfo(res.referrals == null ? null :
res.referrals.elementAt(0), false);
Vector<String> refs;
if (res.referrals == null) {
refs = null;
} else if (handleReferrals == LdapClient.LDAP_REF_FOLLOW_SCHEME) {
refs = new Vector<>();
for (String s : res.referrals.elementAt(0)) {
if (s.startsWith("ldap:")) {
refs.add(s);
}
}
if (refs.isEmpty()) {
refs = null;
}
} else {
refs = res.referrals.elementAt(0);
}
r.setReferralInfo(refs, false);
if (hopCount > 1) {
r.setHopCount(hopCount);
......
src/share/classes/com/sun/jndi/ldap/LdapReferralException.java
浏览文件 @ d904de00
/*
* Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -117,7 +117,8 @@ final public class LdapReferralException extends
// If following referral, request controls are passed to referral ctx
this.reqCtls =
(handleReferrals == LdapClient.LDAP_REF_FOLLOW ? reqCtls : null);
(handleReferrals == LdapClient.LDAP_REF_FOLLOW ||
handleReferrals == LdapClient.LDAP_REF_FOLLOW_SCHEME ? reqCtls : null);
}
/**
......
src/share/classes/com/sun/management/HotSpotDiagnosticMXBean.java
浏览文件 @ d904de00
/*
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -63,9 +63,10 @@ public interface HotSpotDiagnosticMXBean extends PlatformManagedObject {
* @param outputFile the system-dependent filename
* @param live if <tt>true</tt> dump only <i>live</i> objects
* i.e. objects that are reachable from others
* @throws IOException if the <tt>outputFile</tt>
* @throws IOException if the <tt>outputFile</tt> already exists,
* cannot be created, opened, or written to.
* @throws UnsupportedOperationException if this operation is not supported.
* @throws IllegalArgumentException if <tt>outputFile</tt> does not end with ".hprof" suffix.
* @throws NullPointerException if <tt>outputFile</tt> is <tt>null</tt>.
* @throws SecurityException
* If a security manager exists and its {@link
......
src/share/classes/java/util/concurrent/ThreadPoolExecutor.java
浏览文件 @ d904de00
......@@ -1482,9 +1482,6 @@ public class ThreadPoolExecutor extends AbstractExecutorService {
/**
* Invokes {@code shutdown} when this executor is no longer
* referenced and it has no threads.
*
* <p>This method is invoked with privileges that are restricted by
* the security context of the caller that invokes the constructor.
*/
protected void finalize() {
SecurityManager sm = System.getSecurityManager();
......
src/share/classes/sun/awt/resources/awt_sv.properties
浏览文件 @ d904de00
......@@ -71,7 +71,7 @@ AWT.f21=F21
AWT.f22=F22
AWT.f23=F23
AWT.f24=F24
AWT.printScreen=Print Screen
AWT.printScreen=Sk\u00E4rmutskrift
AWT.insert=Insert
AWT.help=Hj\u00E4lp
AWT.windows=Windows
......
src/share/classes/sun/launcher/resources/launcher_es.properties
浏览文件 @ d904de00
#
# Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
......@@ -34,7 +34,7 @@ java.launcher.ergo.message1 =\ La VM por defecto es {0}
java.launcher.ergo.message2 =\ porque la ejecuci\u00F3n se est\u00E1 llevando a cabo en una m\u00E1quina de clase de servidor.\n
# Translators please note do not translate the options themselves
java.launcher.opt.footer =\ -cp <ruta de acceso de b\u00FAsqueda de clases de los directorios y los archivos zip/jar>\n -classpath <ruta de acceso de b\u00FAsqueda de clases de los directorios y los archivos zip/jar>\n Lista separada por {0} de directorios, archivos JAR\n y archivos ZIP para buscar archivos de clase.\n -D<nombre>=<valor>\n definir una propiedad del sistema\n -verbose:[class|gc|jni]\n activar la salida verbose\n -version imprimir la versi\u00F3n del producto y salir\n -version:<valor>\n Advertencia: Esta funci\u00F3n est\u00E1 anticuada y se eliminar\u00E1\n en una versi\u00F3n futura.\n es necesario que se ejecute la versi\u00F3n especificada\n -showversion imprimir la versi\u00F3n del producto y continuar\n -jre-restrict-search | -no-jre-restrict-search\n Advertencia: Esta funci\u00F3n est\u00E1 anticuada y se eliminar\u00E1\n en una versi\u00F3n futura.\n incluir/excluir JRE privados de usuario en la b\u00FAsqueda de versi\u00F3n\n -? -help imprimir este mensaje de ayuda\n -X imprimir la ayuda sobre las opciones que no sean est\u00E1ndar\n -ea[:<nombre_paquete>...|:<nombre_clase>]\n -enableassertions[:<nombre_paquete>...|:<nombre_clase>]\n activar afirmaciones con la granularidad especificada\n -da[:<nombre_paquete>...|:<nombre_clase>]\n -disableassertions[:<nombre_paquete>...|:<nombre_clase>]\n desactivar afirmaciones con la granularidad especificada\n -esa | -enablesystemassertions\n activar afirmaciones del sistema\n -dsa | -disablesystemassertions\n desactivar afirmaciones del sistema\n -agentlib:<nombre_bib>[=<opciones>]\n cargar la biblioteca de agente nativa <nombre_bib>, como -agentlib:hprof\n v\u00E9ase tambi\u00E9n -agentlib:jdwp=help y -agentlib:hprof=help\n -agentpath:<nombre_ruta_acceso>[=<opciones>]\n cargar biblioteca de agente nativa con el nombre de la ruta de acceso completa\n -javaagent:<ruta_acceso_jar>[=<opciones>]\n cargar agente de lenguaje de programaci\u00F3n Java, v\u00E9ase java.lang.instrument\n -splash:<ruta_acceso_imagen>\n mostrar una pantalla de presentaci\u00F3n con la imagen especificada\nConsulte http://www.oracle.com/technetwork/java/javase/documentation/index.html para obtener m\u00E1s informaci\u00F3n.
java.launcher.opt.footer =\ -cp <ruta de acceso de b\u00FAsqueda de clases de los directorios y los archivos zip/jar>\n -classpath <ruta de acceso de b\u00FAsqueda de clases de los directorios y los archivos zip/jar>\n Lista separada por {0} de directorios, archivos JAR\n y archivos ZIP para buscar archivos de clase.\n -D<nombre>=<valor>\n definir una propiedad del sistema\n -verbose:[class|gc|jni]\n activar la salida verbose\n -version imprimir la versi\u00F3n del producto y salir\n -version:<valor>\n Advertencia: Esta funci\u00F3n est\u00E1 anticuada y se eliminar\u00E1\n en una versi\u00F3n futura.\n es necesario que se ejecute la versi\u00F3n especificada\n -showversion imprimir la versi\u00F3n del producto y continuar\n -jre-restrict-search | -no-jre-restrict-search\n Advertencia: Esta funci\u00F3n est\u00E1 anticuada y se eliminar\u00E1\n en una versi\u00F3n futura.\n incluir/excluir JRE privados de usuario en la b\u00FAsqueda de versi\u00F3n\n -? -help imprimir este mensaje de ayuda\n -X imprimir la ayuda sobre las opciones que no sean est\u00E1ndar\n -ea[:<nombre paquete>...|:<nombre clase>]\n -enableassertions[:<nombre paquete>...|:<nombre clase>]\n activar afirmaciones con la granularidad especificada\n -da[:<nombre paquete>...|:<nombre clase>]\n -disableassertions[:<nombre paquete>...|:<nombre clase>]\n desactivar afirmaciones con la granularidad especificada\n -esa | -enablesystemassertions\n activar afirmaciones del sistema\n -dsa | -disablesystemassertions\n desactivar afirmaciones del sistema\n -agentlib:<nombre bib>[=<opciones>]\n cargar la biblioteca de agente nativa <nombre bib>, como -agentlib:hprof\n v\u00E9ase tambi\u00E9n -agentlib:jdwp=help y -agentlib:hprof=help\n -agentpath:<nombre ruta acceso>[=<opciones>]\n cargar biblioteca de agente nativa con el nombre de la ruta de acceso completa\n -javaagent:<ruta acceso jar>[=<opciones>]\n cargar agente de lenguaje de programaci\u00F3n Java, v\u00E9ase java.lang.instrument\n -splash:<ruta acceso imagen>\n mostrar una pantalla de presentaci\u00F3n con la imagen especificada\nConsulte http://www.oracle.com/technetwork/java/javase/documentation/index.html para obtener m\u00E1s informaci\u00F3n.
# Translators please note do not translate the options themselves
java.launcher.X.usage=\ -Xmixed ejecuci\u00F3n de modo mixto (por defecto)\n -Xint s\u00F3lo ejecuci\u00F3n de modo interpretado\n -Xbootclasspath:<directorios y archivos zip/jar separados por {0}>\n definir la ruta de acceso de b\u00FAsqueda para los recursos y clases de inicializaci\u00F3n de datos\n -Xbootclasspath/a:<directorios y archivos zip/jar separados por {0}>\n agregar al final de la ruta de acceso de la clase de inicializaci\u00F3n de datos\n -Xbootclasspath/p:<directorios y archivos zip/jar separados por {0}>\n anteponer a la ruta de acceso de la clase de inicializaci\u00F3n de datos\n -Xdiag mostrar mensajes de diagn\u00F3stico adicionales\n -Xnoclassgc desactivar la recolecci\u00F3n de basura de clases\n -Xincgc activar la recolecci\u00F3n de basura de clases\n -Xloggc:<archivo> registrar el estado de GC en un archivo con registros de hora\n -Xbatch desactivar compilaci\u00F3n en segundo plano\n -Xms<tama\u00F1o> definir tama\u00F1o de pila Java inicial\n -Xmx<tama\u00F1o> definir tama\u00F1o de pila Java m\u00E1ximo\n -Xss<tama\u00F1o> definir tama\u00F1o de la pila del thread de Java\n -Xprof datos de salida de creaci\u00F3n de perfil de CPU\n -Xfuture activar las comprobaciones m\u00E1s estrictas, anticip\u00E1ndose al futuro valor por defecto\n -Xrs reducir el uso de se\u00F1ales de sistema operativo por parte de Java/VM (consulte la documentaci\u00F3n)\n -Xcheck:jni realizar comprobaciones adicionales para las funciones de JNI\n -Xshare:off no intentar usar datos de clase compartidos\n -Xshare:auto usar datos de clase compartidos si es posible (valor por defecto)\n -Xshare:on es obligatorio el uso de datos de clase compartidos, de lo contrario se emitir\u00E1 un fallo.\n -XshowSettings mostrar todos los valores y continuar\n -XshowSettings:all\n mostrar todos los valores y continuar\n -XshowSettings:vm mostrar todos los valores de la VM y continuar\n -XshowSettings:properties\n mostrar todos los valores de las propiedades y continuar\n -XshowSettings:locale\n mostrar todos los valores relacionados con la configuraci\u00F3n regional y continuar\n\nLas opciones -X no son est\u00E1ndar, por lo que podr\u00EDan cambiarse sin previo aviso.\n
......
src/share/classes/sun/launcher/resources/launcher_sv.properties
浏览文件 @ d904de00
#
# Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
......@@ -37,7 +37,7 @@ java.launcher.ergo.message2 =\ eftersom du k\u00F6r en serverk
java.launcher.opt.footer =\ -cp <class search path of directories and zip/jar files>\n -classpath <class search path of directories and zip/jar files>\n En lista \u00F6ver kataloger, JAR-arkiv och och ZIP-arkiv\n f\u00F6r s\u00F6kning efter klassfiler avgr\u00E4nsad med {0}.\n -D<name>=<value>\n ange en systemegenskap\n -verbose:[class|gc|jni]\n aktivera utf\u00F6rliga utdata\n -version skriv ut produktversion och avsluta\n -version:<value>\n Varning: den h\u00E4r funktionen \u00E4r inaktuell och kommer\n att tas bort i en framtida utg\u00E5va.\n kr\u00E4v den angivna versionen f\u00F6r att k\u00F6ra\n -showversion skriv ut produktversion och forts\u00E4tt\n -jre-restrict-search | -no-jre-restrict-search\n Varning: den h\u00E4r funktionen \u00E4r inaktuell och kommer\n att tas bort i en framtida utg\u00E5va.\n inkludera/exkludera anv\u00E4ndarprivata JRE:er i versionss\u00F6kningen\n -? -help skriv ut det h\u00E4r hj\u00E4lpmeddelandet\n -X skriv ut hj\u00E4lp f\u00F6r icke-standardalternativ\n -ea[:<packagename>...|:<classname>]\n -enableassertions[:<packagename>...|:<classname>]\n aktivera verifieringar med den angivna detaljgraden\n -da[:<packagename>...|:<classname>]\n -disableassertions[:<packagename>...|:<classname>]\n avaktivera verifieringar med den angivna detaljgraden\n -esa | -enablesystemassertions\n aktivera systemverifieringar\n -dsa | -disablesystemassertions\n avaktivera systemverifieringar\n -agentlib:<libname>[=<options>]\n ladda det ursprungliga agentbiblioteket <libname>, t.ex. -agentlib:hprof\n se \u00E4ven -agentlib:jdwp=help och -agentlib:hprof=help\n -agentpath:<pathname>[=<options>]\n ladda det ursprungliga agentbiblioteket med det fullst\u00E4ndiga s\u00F6kv\u00E4gsnamnet\n -javaagent:<jarpath>[=<options>]\n ladda agenten f\u00F6r programmeringsspr\u00E5ket Java, se java.lang.instrument\n -splash:<imagepath>\n visa v\u00E4lkomstsk\u00E4rmen med den angivna bilden\nMer information finns p\u00E5 http://www.oracle.com/technetwork/java/javase/documentation/index.html.
# Translators please note do not translate the options themselves
java.launcher.X.usage=\ -Xmixed k\u00F6rning i blandat l\u00E4ge (standard)\n -Xint endast k\u00F6rning i tolkat l\u00E4ge\n -Xbootclasspath:<kataloger och zip-/jar-filer avgr\u00E4nsas med {0}>\n ange s\u00F6kv\u00E4g f\u00F6r programladdningsklasser och -resurser\n -Xbootclasspath/a:<kataloger och zip-/jar-filer avgr\u00E4nsas med {0}>\n l\u00E4gg till i slutet av programladdningsklassens s\u00F6kv\u00E4g\n -Xbootclasspath/p:<kataloger och zip-/jar-filer avgr\u00E4nsas med {0}>\n l\u00E4gg till i b\u00F6rjan av programladdningsklassens s\u00F6kv\u00E4g\n -Xdiag visa ytterligare diagnostiska meddelanden\n -Xnoclassgc avaktivera klassens skr\u00E4pinsamling\n -Xincgc aktivera inkrementell skr\u00E4pinsamling\n -Xloggc:<fil> logga GC-status till en fil med tidsst\u00E4mplar\n -Xbatch avaktivera bakgrundskompilering\n -Xms<storlek> ange ursprunglig storlek f\u00F6r Java-heap\n -Xmx<storlek> ange maximal storlek f\u00F6r Java-heap\n -Xss<storlek> ange storlek f\u00F6r java-tr\u00E5dsstack\n -Xprof utdata f\u00F6r processorprofilering\n -Xfuture aktivera str\u00E4ngaste kontroller, f\u00F6rv\u00E4ntad framtida standard\n -Xrs minska OS-signalanv\u00E4ndning av Java/VM (se dokumentation)\n -Xcheck:jni utf\u00F6r ytterligare kontroller f\u00F6r JNI-funktioner\n -Xshare:off anv\u00E4nd inte delade klassdata\n -Xshare:auto anv\u00E4nd delade klassdata om det g\u00E5r (standard)\n -Xshare:on kr\u00E4v att delade klassdata anv\u00E4nds, annars slutf\u00F6r inte.\n -XshowSettings visa alla inst\u00E4llningar och forts\u00E4tt\n -XshowSettings:all\n visa alla inst\u00E4llningar och forts\u00E4tt\n -XshowSettings:vm visa alla vm-relaterade inst\u00E4llningar och forts\u00E4tt\n -XshowSettings:properties\n visa alla egenskapsinst\u00E4llningar och forts\u00E4tt\n -XshowSettings:locale\n visa alla spr\u00E5krelaterade inst\u00E4llningar och forts\u00E4tt\n\n-X-alternativen \u00E4r inte standard och kan \u00E4ndras utan f\u00F6reg\u00E5ende meddelande.\n
java.launcher.X.usage=\ -Xmixed exekvering i blandat l\u00E4ge (standard)\n -Xint endast exekvering i tolkat l\u00E4ge\n -Xbootclasspath:<kataloger och zip-/jar-filer avgr\u00E4nsas med {0}>\n ange s\u00F6kv\u00E4g f\u00F6r programladdningsklasser och -resurser\n -Xbootclasspath/a:<kataloger och zip-/jar-filer avgr\u00E4nsas med {0}>\n l\u00E4gg till i slutet av programladdningsklassens s\u00F6kv\u00E4g\n -Xbootclasspath/p:<kataloger och zip-/jar-filer avgr\u00E4nsas med {0}>\n l\u00E4gg till i b\u00F6rjan av programladdningsklassens s\u00F6kv\u00E4g\n -Xdiag visa ytterligare diagnostiska meddelanden\n -Xnoclassgc avaktivera klassens skr\u00E4pinsamling\n -Xincgc aktivera inkrementell skr\u00E4pinsamling\n -Xloggc:<fil> logga GC-status till en fil med tidsst\u00E4mplar\n -Xbatch avaktivera bakgrundskompilering\n -Xms<storlek> ange ursprunglig storlek f\u00F6r Java-heap\n -Xmx<storlek> ange maximal storlek f\u00F6r Java-heap\n -Xss<storlek> ange storlek f\u00F6r java-tr\u00E5dsstack\n -Xprof utdata f\u00F6r processorprofilering\n -Xfuture aktivera str\u00E4ngaste kontroller, f\u00F6rv\u00E4ntad framtida standard\n -Xrs minska OS-signalanv\u00E4ndning av Java/VM (se dokumentation)\n -Xcheck:jni utf\u00F6r ytterligare kontroller f\u00F6r JNI-funktioner\n -Xshare:off anv\u00E4nd inte delade klassdata\n -Xshare:auto anv\u00E4nd delade klassdata om det g\u00E5r (standard)\n -Xshare:on kr\u00E4v att delade klassdata anv\u00E4nds, annars slutf\u00F6r inte.\n -XshowSettings visa alla inst\u00E4llningar och forts\u00E4tt\n -XshowSettings:all\n visa alla inst\u00E4llningar och forts\u00E4tt\n -XshowSettings:vm visa alla vm-relaterade inst\u00E4llningar och forts\u00E4tt\n -XshowSettings:properties\n visa alla egenskapsinst\u00E4llningar och forts\u00E4tt\n -XshowSettings:locale\n visa alla spr\u00E5krelaterade inst\u00E4llningar och forts\u00E4tt\n\n-X-alternativen \u00E4r inte standard och kan \u00E4ndras utan f\u00F6reg\u00E5ende meddelande.\n
# Translators please note do not translate the options themselves
java.launcher.X.macosx.usage=\nF\u00F6ljande alternativ \u00E4r specifika f\u00F6r Mac OS X:\n -XstartOnFirstThread\n k\u00F6r huvudmetoden() p\u00E5 den f\u00F6rsta (AppKit) tr\u00E5den\n -Xdock:name=<application name>"\n \u00E5sidosatt standardapplikationsnamn visas i docka\n -Xdock:icon=<path to icon file>\n \u00E5sidosatt standardikon visas i docka\n\n
......
src/share/classes/sun/management/HotSpotDiagnostic.java
浏览文件 @ d904de00
/*
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -32,6 +32,8 @@ import javax.management.ObjectName;
import com.sun.management.HotSpotDiagnosticMXBean;
import com.sun.management.VMOption;
import java.security.AccessController;
import java.security.PrivilegedAction;
/**
* Implementation of the diagnostic MBean for Hotspot VM.
......@@ -41,6 +43,14 @@ public class HotSpotDiagnostic implements HotSpotDiagnosticMXBean {
}
public void dumpHeap(String outputFile, boolean live) throws IOException {
String propertyName = "jdk.management.heapdump.allowAnyFileSuffix";
PrivilegedAction<Boolean> pa = () -> Boolean.parseBoolean(System.getProperty(propertyName, "false"));
boolean allowAnyFileSuffix = AccessController.doPrivileged(pa);
if (!allowAnyFileSuffix && !outputFile.endsWith(".hprof")) {
throw new IllegalArgumentException("heapdump file must have .hprof extention");
}
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkWrite(outputFile);
......
src/share/classes/sun/management/jmxremote/SingleEntryRegistry.java
浏览文件 @ d904de00
......@@ -32,6 +32,7 @@
package sun.management.jmxremote;
import sun.misc.ObjectInputFilter;
import java.rmi.AccessException;
import java.rmi.NotBoundException;
import java.rmi.Remote;
......@@ -56,7 +57,7 @@ public class SingleEntryRegistry extends RegistryImpl {
String name,
Remote object)
throws RemoteException {
super(port, csf, ssf);
super(port, csf, ssf, SingleEntryRegistry::singleRegistryFilter);
this.name = name;
this.object = object;
}
......@@ -84,6 +85,23 @@ public class SingleEntryRegistry extends RegistryImpl {
throw new AccessException("Cannot modify this registry");
}
/**
* ObjectInputFilter to check parameters to SingleEntryRegistry.
* Since it is a read-only Registry, no classes are accepted.
* String arguments are accepted without passing them to the serialFilter.
*
* @param info a reference to the serialization filter information
* @return Status.REJECTED if parameters are out of range
*/
private static ObjectInputFilter.Status singleRegistryFilter(ObjectInputFilter.FilterInfo info) {
return (info.serialClass() != null ||
info.depth() > 2 ||
info.references() > 4 ||
info.arrayLength() >= 0)
? ObjectInputFilter.Status.REJECTED
: ObjectInputFilter.Status.ALLOWED;
}
private final String name;
private final Remote object;
......
src/share/classes/sun/management/resources/agent_sv.properties
浏览文件 @ d904de00
#
#
# Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
......@@ -70,10 +70,10 @@ agent.err.invalid.option = Det angivna alternativet \u00E4r ogiltigt
agent.err.invalid.snmp.port = Ogiltigt com.sun.management.snmp.port-nummer
agent.err.invalid.snmp.trap.port = Ogiltigt com.sun.management.snmp.trap-nummer
agent.err.unknown.snmp.interface = Ok\u00E4nt SNMP-gr\u00E4nssnitt
agent.err.acl.file.notset = Ingen SNMP ACL-fil har angetts, men com.sun.management.snmp.acl=true
agent.err.acl.file.notfound = SNMP ACL-filen hittades inte
agent.err.acl.file.not.readable = SNMP ACL-filen \u00E4r inte l\u00E4sbar
agent.err.acl.file.read.failed = Kunde inte l\u00E4sa filen SNMP ACL
agent.err.acl.file.notset = Ingen SNMP \u00E5tkomstkontrollista-fil har angetts, men com.sun.management.snmp.acl=true
agent.err.acl.file.notfound = SNMP \u00E5tkomstkontrollista-filen hittades inte
agent.err.acl.file.not.readable = SNMP \u00E5tkomstkontrollista-filen \u00E4r inte l\u00E4sbar
agent.err.acl.file.read.failed = Kunde inte l\u00E4sa filen SNMP \u00E5tkomstkontrollista
agent.err.acl.file.access.notrestricted = L\u00E4sbeh\u00F6righeten f\u00F6r filen m\u00E5ste begr\u00E4nsas
agent.err.snmp.adaptor.start.failed = Kunde inte starta SNMP-adaptern med adressen
......@@ -85,7 +85,7 @@ jmxremote.ConnectorBootstrap.ready = JMX-anslutning redo p\u00E5: {0}
jmxremote.ConnectorBootstrap.password.readonly = L\u00E4sbeh\u00F6righeten f\u00F6r l\u00F6senordsfilen m\u00E5ste begr\u00E4nsas: {0}
jmxremote.ConnectorBootstrap.file.readonly = Fill\u00E4snings\u00E5tkomst m\u00E5ste begr\u00E4nsas {0}
jmxremote.AdaptorBootstrap.getTargetList.processing = ACL bearbetas
jmxremote.AdaptorBootstrap.getTargetList.processing = \u00E5tkomstkontrollista bearbetas
jmxremote.AdaptorBootstrap.getTargetList.adding = M\u00E5l l\u00E4ggs till: {0}
jmxremote.AdaptorBootstrap.getTargetList.starting = Adapterservern startas:
jmxremote.AdaptorBootstrap.getTargetList.initialize1 = Adaptern redo.
......
src/share/classes/sun/rmi/registry/RegistryImpl.java
浏览文件 @ d904de00
/*
* Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -69,6 +69,10 @@ import sun.rmi.transport.LiveRef;
* registry.
*
* The LocateRegistry class is used to obtain registry for different hosts.
* <p>
* The default RegistryImpl exported restricts access to clients on the local host
* for the methods {@link #bind}, {@link #rebind}, {@link #unbind} by checking
* the client host in the skeleton.
*
* @see java.rmi.registry.LocateRegistry
*/
......@@ -96,10 +100,10 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
private static final String REGISTRY_FILTER_PROPNAME = "sun.rmi.registry.registryFilter";
/** Registry max depth of remote invocations. **/
private static int REGISTRY_MAX_DEPTH = 5;
private static final int REGISTRY_MAX_DEPTH = 20;
/** Registry maximum array size in remote invocations. **/
private static int REGISTRY_MAX_ARRAY_SIZE = 10000;
private static final int REGISTRY_MAX_ARRAY_SIZE = 10000;
/**
* The registryFilter created from the value of the {@code "sun.rmi.registry.registryFilter"}
......@@ -136,6 +140,20 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
RMIClientSocketFactory csf,
RMIServerSocketFactory ssf)
throws RemoteException
{
this(port, csf, ssf, RegistryImpl::registryFilter);
}
/**
* Construct a new RegistryImpl on the specified port with the
* given custom socket factory pair and ObjectInputFilter.
*/
public RegistryImpl(int port,
RMIClientSocketFactory csf,
RMIServerSocketFactory ssf,
ObjectInputFilter serialFilter)
throws RemoteException
{
if (port == Registry.REGISTRY_PORT && System.getSecurityManager() != null) {
// grant permission for default port only.
......@@ -143,7 +161,7 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
public Void run() throws RemoteException {
LiveRef lref = new LiveRef(id, port, csf, ssf);
setup(new UnicastServerRef2(lref, RegistryImpl::registryFilter));
setup(new UnicastServerRef2(lref, serialFilter));
return null;
}
}, null, new SocketPermission("localhost:"+port, "listen,accept"));
......@@ -219,7 +237,8 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
public void bind(String name, Remote obj)
throws RemoteException, AlreadyBoundException, AccessException
{
checkAccess("Registry.bind");
// The access check preventing remote access is done in the skeleton
// and is not applicable to local access.
synchronized (bindings) {
Remote curr = bindings.get(name);
if (curr != null)
......@@ -236,7 +255,8 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
public void unbind(String name)
throws RemoteException, NotBoundException, AccessException
{
checkAccess("Registry.unbind");
// The access check preventing remote access is done in the skeleton
// and is not applicable to local access.
synchronized (bindings) {
Remote obj = bindings.get(name);
if (obj == null)
......@@ -252,7 +272,8 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
public void rebind(String name, Remote obj)
throws RemoteException, AccessException
{
checkAccess("Registry.rebind");
// The access check preventing remote access is done in the skeleton
// and is not applicable to local access.
bindings.put(name, obj);
}
......@@ -279,7 +300,6 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
* The client must be on same the same host as this server.
*/
public static void checkAccess(String op) throws AccessException {
try {
/*
* Get client host that this registry operation was made from.
......@@ -305,7 +325,7 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
if (clientHost.isAnyLocalAddress()) {
throw new AccessException(
"Registry." + op + " disallowed; origin unknown");
op + " disallowed; origin unknown");
}
try {
......@@ -328,7 +348,7 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
// must have been an IOException
throw new AccessException(
"Registry." + op + " disallowed; origin " +
op + " disallowed; origin " +
clientHost + " is non-local host");
}
}
......@@ -337,8 +357,7 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
* Local call from this VM: allow access.
*/
} catch (java.net.UnknownHostException ex) {
throw new AccessException("Registry." + op +
" disallowed; origin is unknown host");
throw new AccessException(op + " disallowed; origin is unknown host");
}
}
......
src/share/classes/sun/rmi/registry/RegistryImpl_Skel.java 0 → 100644
浏览文件 @ d904de00
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.rmi.registry;
import java.io.IOException;
import java.io.InputStream;
import java.rmi.AccessException;
import java.rmi.server.RemoteCall;
import sun.rmi.transport.Connection;
import sun.rmi.transport.StreamRemoteCall;
import sun.rmi.transport.tcp.TCPConnection;
/**
* Skeleton to dispatch RegistryImpl methods.
* Originally generated by RMIC but frozen to match the stubs.
*/
@SuppressWarnings({"deprecation", "serial"})
public final class RegistryImpl_Skel
implements java.rmi.server.Skeleton {
private static final java.rmi.server.Operation[] operations = {
new java.rmi.server.Operation("void bind(java.lang.String, java.rmi.Remote)"),
new java.rmi.server.Operation("java.lang.String list()[]"),
new java.rmi.server.Operation("java.rmi.Remote lookup(java.lang.String)"),
new java.rmi.server.Operation("void rebind(java.lang.String, java.rmi.Remote)"),
new java.rmi.server.Operation("void unbind(java.lang.String)")
};
private static final long interfaceHash = 4905912898345647071L;
public java.rmi.server.Operation[] getOperations() {
return operations.clone();
}
public void dispatch(java.rmi.Remote obj, java.rmi.server.RemoteCall call, int opnum, long hash)
throws java.lang.Exception {
if (hash != interfaceHash)
throw new java.rmi.server.SkeletonMismatchException("interface hash mismatch");
sun.rmi.registry.RegistryImpl server = (sun.rmi.registry.RegistryImpl) obj;
switch (opnum) {
case 0: // bind(String, Remote)
{
// Check access before reading the arguments
RegistryImpl.checkAccess("Registry.bind");
java.lang.String $param_String_1;
java.rmi.Remote $param_Remote_2;
try {
java.io.ObjectInput in = call.getInputStream();
$param_String_1 = (java.lang.String) in.readObject();
$param_Remote_2 = (java.rmi.Remote) in.readObject();
} catch (java.io.IOException | java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling arguments", e);
} finally {
call.releaseInputStream();
}
server.bind($param_String_1, $param_Remote_2);
try {
call.getResultStream(true);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling return", e);
}
break;
}
case 1: // list()
{
call.releaseInputStream();
java.lang.String[] $result = server.list();
try {
java.io.ObjectOutput out = call.getResultStream(true);
out.writeObject($result);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling return", e);
}
break;
}
case 2: // lookup(String)
{
java.lang.String $param_String_1;
try {
java.io.ObjectInput in = call.getInputStream();
$param_String_1 = (java.lang.String) in.readObject();
} catch (java.io.IOException | java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling arguments", e);
} finally {
call.releaseInputStream();
}
java.rmi.Remote $result = server.lookup($param_String_1);
try {
java.io.ObjectOutput out = call.getResultStream(true);
out.writeObject($result);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling return", e);
}
break;
}
case 3: // rebind(String, Remote)
{
// Check access before reading the arguments
RegistryImpl.checkAccess("Registry.rebind");
java.lang.String $param_String_1;
java.rmi.Remote $param_Remote_2;
try {
java.io.ObjectInput in = call.getInputStream();
$param_String_1 = (java.lang.String) in.readObject();
$param_Remote_2 = (java.rmi.Remote) in.readObject();
} catch (java.io.IOException | java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling arguments", e);
} finally {
call.releaseInputStream();
}
server.rebind($param_String_1, $param_Remote_2);
try {
call.getResultStream(true);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling return", e);
}
break;
}
case 4: // unbind(String)
{
// Check access before reading the arguments
RegistryImpl.checkAccess("Registry.unbind");
java.lang.String $param_String_1;
try {
java.io.ObjectInput in = call.getInputStream();
$param_String_1 = (java.lang.String) in.readObject();
} catch (java.io.IOException | java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling arguments", e);
} finally {
call.releaseInputStream();
}
server.unbind($param_String_1);
try {
call.getResultStream(true);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling return", e);
}
break;
}
default:
throw new java.rmi.UnmarshalException("invalid method number");
}
}
}
src/share/classes/sun/rmi/registry/RegistryImpl_Stub.java 0 → 100644
浏览文件 @ d904de00
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.rmi.registry;
/**
* Stubs to invoke RegistryImpl remote methods.
* Originally generated from RMIC but frozen to match RegistryImpl_Skel.
*/
@SuppressWarnings({"deprecation", "serial"})
public final class RegistryImpl_Stub
extends java.rmi.server.RemoteStub
implements java.rmi.registry.Registry, java.rmi.Remote {
private static final java.rmi.server.Operation[] operations = {
new java.rmi.server.Operation("void bind(java.lang.String, java.rmi.Remote)"),
new java.rmi.server.Operation("java.lang.String list()[]"),
new java.rmi.server.Operation("java.rmi.Remote lookup(java.lang.String)"),
new java.rmi.server.Operation("void rebind(java.lang.String, java.rmi.Remote)"),
new java.rmi.server.Operation("void unbind(java.lang.String)")
};
private static final long interfaceHash = 4905912898345647071L;
// constructors
public RegistryImpl_Stub() {
super();
}
public RegistryImpl_Stub(java.rmi.server.RemoteRef ref) {
super(ref);
}
// methods from remote interfaces
// implementation of bind(String, Remote)
public void bind(java.lang.String $param_String_1, java.rmi.Remote $param_Remote_2)
throws java.rmi.AccessException, java.rmi.AlreadyBoundException, java.rmi.RemoteException {
try {
java.rmi.server.RemoteCall call = ref.newCall((java.rmi.server.RemoteObject) this, operations, 0, interfaceHash);
try {
java.io.ObjectOutput out = call.getOutputStream();
out.writeObject($param_String_1);
out.writeObject($param_Remote_2);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling arguments", e);
}
ref.invoke(call);
ref.done(call);
} catch (java.lang.RuntimeException e) {
throw e;
} catch (java.rmi.RemoteException e) {
throw e;
} catch (java.rmi.AlreadyBoundException e) {
throw e;
} catch (java.lang.Exception e) {
throw new java.rmi.UnexpectedException("undeclared checked exception", e);
}
}
// implementation of list()
public java.lang.String[] list()
throws java.rmi.AccessException, java.rmi.RemoteException {
try {
java.rmi.server.RemoteCall call = ref.newCall((java.rmi.server.RemoteObject) this, operations, 1, interfaceHash);
ref.invoke(call);
java.lang.String[] $result;
try {
java.io.ObjectInput in = call.getInputStream();
$result = (java.lang.String[]) in.readObject();
} catch (java.io.IOException e) {
throw new java.rmi.UnmarshalException("error unmarshalling return", e);
} catch (java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling return", e);
} finally {
ref.done(call);
}
return $result;
} catch (java.lang.RuntimeException e) {
throw e;
} catch (java.rmi.RemoteException e) {
throw e;
} catch (java.lang.Exception e) {
throw new java.rmi.UnexpectedException("undeclared checked exception", e);
}
}
// implementation of lookup(String)
public java.rmi.Remote lookup(java.lang.String $param_String_1)
throws java.rmi.AccessException, java.rmi.NotBoundException, java.rmi.RemoteException {
try {
java.rmi.server.RemoteCall call = ref.newCall((java.rmi.server.RemoteObject) this, operations, 2, interfaceHash);
try {
java.io.ObjectOutput out = call.getOutputStream();
out.writeObject($param_String_1);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling arguments", e);
}
ref.invoke(call);
java.rmi.Remote $result;
try {
java.io.ObjectInput in = call.getInputStream();
$result = (java.rmi.Remote) in.readObject();
} catch (java.io.IOException e) {
throw new java.rmi.UnmarshalException("error unmarshalling return", e);
} catch (java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling return", e);
} finally {
ref.done(call);
}
return $result;
} catch (java.lang.RuntimeException e) {
throw e;
} catch (java.rmi.RemoteException e) {
throw e;
} catch (java.rmi.NotBoundException e) {
throw e;
} catch (java.lang.Exception e) {
throw new java.rmi.UnexpectedException("undeclared checked exception", e);
}
}
// implementation of rebind(String, Remote)
public void rebind(java.lang.String $param_String_1, java.rmi.Remote $param_Remote_2)
throws java.rmi.AccessException, java.rmi.RemoteException {
try {
java.rmi.server.RemoteCall call = ref.newCall((java.rmi.server.RemoteObject) this, operations, 3, interfaceHash);
try {
java.io.ObjectOutput out = call.getOutputStream();
out.writeObject($param_String_1);
out.writeObject($param_Remote_2);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling arguments", e);
}
ref.invoke(call);
ref.done(call);
} catch (java.lang.RuntimeException e) {
throw e;
} catch (java.rmi.RemoteException e) {
throw e;
} catch (java.lang.Exception e) {
throw new java.rmi.UnexpectedException("undeclared checked exception", e);
}
}
// implementation of unbind(String)
public void unbind(java.lang.String $param_String_1)
throws java.rmi.AccessException, java.rmi.NotBoundException, java.rmi.RemoteException {
try {
java.rmi.server.RemoteCall call = ref.newCall((java.rmi.server.RemoteObject) this, operations, 4, interfaceHash);
try {
java.io.ObjectOutput out = call.getOutputStream();
out.writeObject($param_String_1);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling arguments", e);
}
ref.invoke(call);
ref.done(call);
} catch (java.lang.RuntimeException e) {
throw e;
} catch (java.rmi.RemoteException e) {
throw e;
} catch (java.rmi.NotBoundException e) {
throw e;
} catch (java.lang.Exception e) {
throw new java.rmi.UnexpectedException("undeclared checked exception", e);
}
}
}
src/share/classes/sun/rmi/server/Activation.java
浏览文件 @ d904de00
......@@ -30,6 +30,7 @@ import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInput;
import java.io.ObjectInputStream;
import java.io.OutputStream;
import java.io.PrintStream;
......@@ -105,7 +106,6 @@ import sun.rmi.log.LogHandler;
import sun.rmi.log.ReliableLog;
import sun.rmi.registry.RegistryImpl;
import sun.rmi.runtime.NewThreadAction;
import sun.rmi.server.UnicastServerRef;
import sun.rmi.transport.LiveRef;
import sun.security.action.GetBooleanAction;
import sun.security.action.GetIntegerAction;
......@@ -345,6 +345,7 @@ public class Activation implements Serializable {
throw new AccessException(
"binding ActivationSystem is disallowed");
} else {
RegistryImpl.checkAccess("ActivationSystem.bind");
super.bind(name, obj);
}
}
......@@ -356,6 +357,7 @@ public class Activation implements Serializable {
throw new AccessException(
"unbinding ActivationSystem is disallowed");
} else {
RegistryImpl.checkAccess("ActivationSystem.unbind");
super.unbind(name);
}
}
......@@ -368,6 +370,7 @@ public class Activation implements Serializable {
throw new AccessException(
"binding ActivationSystem is disallowed");
} else {
RegistryImpl.checkAccess("ActivationSystem.rebind");
super.rebind(name, obj);
}
}
......@@ -458,6 +461,33 @@ public class Activation implements Serializable {
}
/**
* SameHostOnlyServerRef checks that access is from a local client
* before the parameters are deserialized. The unmarshalCustomCallData
* hook is used to check the network address of the caller
* with RegistryImpl.checkAccess().
* The kind of access is retained for an exception if one is thrown.
*/
static class SameHostOnlyServerRef extends UnicastServerRef {
private static final long serialVersionUID = 1234L;
private String accessKind; // an exception message
/**
* Construct a new SameHostOnlyServerRef from a LiveRef.
* @param lref a LiveRef
*/
SameHostOnlyServerRef(LiveRef lref, String accessKind) {
super(lref);
this.accessKind = accessKind;
}
@Override
protected void unmarshalCustomCallData(ObjectInput in) throws IOException, ClassNotFoundException {
RegistryImpl.checkAccess(accessKind);
super.unmarshalCustomCallData(in);
}
}
class ActivationSystemImpl
extends RemoteServer
implements ActivationSystem
......@@ -475,7 +505,8 @@ public class Activation implements Serializable {
* 'this' can be exported.
*/
LiveRef lref = new LiveRef(new ObjID(4), port, null, ssf);
UnicastServerRef uref = new UnicastServerRef(lref);
UnicastServerRef uref = new SameHostOnlyServerRef(lref,
"ActivationSystem.nonLocalAccess");
ref = uref;
uref.exportObject(this, null);
}
......@@ -484,8 +515,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownGroupException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.registerObject");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
ActivationGroupID groupID = desc.getGroupID();
ActivationID id = new ActivationID(activatorStub);
getGroupEntry(groupID).registerObject(id, desc, true);
......@@ -496,15 +527,18 @@ public class Activation implements Serializable {
throws ActivationException, UnknownObjectException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.unregisterObject");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
getGroupEntry(id).unregisterObject(id, true);
}
public ActivationGroupID registerGroup(ActivationGroupDesc desc)
throws ActivationException, RemoteException
{
Thread.dumpStack();
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.registerGroup");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
checkArgs(desc, null);
ActivationGroupID id = new ActivationGroupID(systemStub);
......@@ -521,7 +555,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownGroupException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.activeGroup");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
getGroupEntry(id).activeGroup(group, incarnation);
return monitor;
......@@ -531,7 +566,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownGroupException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.unregisterGroup");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
// remove entry before unregister so state is updated before
// logged
......@@ -543,7 +579,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownObjectException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.setActivationDesc");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
if (!getGroupID(id).equals(desc.getGroupID())) {
throw new ActivationException(
......@@ -557,8 +594,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownGroupException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess(
"ActivationSystem.setActivationGroupDesc");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
checkArgs(desc, null);
return getGroupEntry(id).setActivationGroupDesc(id, desc, true);
......@@ -568,7 +605,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownObjectException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.getActivationDesc");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
return getGroupEntry(id).getActivationDesc(id);
}
......@@ -577,8 +615,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownGroupException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess
("ActivationSystem.getActivationGroupDesc");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
return getGroupEntry(id).desc;
}
......@@ -588,7 +626,8 @@ public class Activation implements Serializable {
* the activation daemon and exits the activation daemon.
*/
public void shutdown() throws AccessException {
RegistryImpl.checkAccess("ActivationSystem.shutdown");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
Object lock = startupLock;
if (lock != null) {
......
src/share/classes/sun/rmi/server/UnicastServerRef.java
浏览文件 @ d904de00
......@@ -32,6 +32,7 @@ import java.io.ObjectOutput;
import java.io.ObjectStreamClass;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.rmi.AccessException;
import java.rmi.MarshalException;
import java.rmi.Remote;
import java.rmi.RemoteException;
......@@ -290,20 +291,25 @@ public class UnicastServerRef extends UnicastRef
try {
in = call.getInputStream();
num = in.readInt();
if (num >= 0) {
if (skel != null) {
oldDispatch(obj, call, num);
return;
} else {
throw new UnmarshalException(
"skeleton class not found but required " +
"for client version");
}
} catch (Exception readEx) {
throw new UnmarshalException("error unmarshalling call header",
readEx);
}
if (num >= 0) {
if (skel != null) {
oldDispatch(obj, call, num);
return;
} else {
throw new UnmarshalException(
"skeleton class not found but required " +
"for client version");
}
}
try {
op = in.readLong();
} catch (Exception readEx) {
throw new UnmarshalException("error unmarshalling call header",
readEx);
readEx);
}
/*
......@@ -331,6 +337,11 @@ public class UnicastServerRef extends UnicastRef
try {
unmarshalCustomCallData(in);
params = unmarshalParameters(obj, method, marshalStream);
} catch (AccessException aex) {
// For compatibility, AccessException is not wrapped in UnmarshalException
// disable saving any refs in the inputStream for GC
((StreamRemoteCall) call).discardPendingRefs();
throw aex;
} catch (java.io.IOException | ClassNotFoundException e) {
// disable saving any refs in the inputStream for GC
((StreamRemoteCall) call).discardPendingRefs();
......@@ -367,6 +378,7 @@ public class UnicastServerRef extends UnicastRef
*/
}
} catch (Throwable e) {
Throwable origEx = e;
logCallException(e);
ObjectOutput out = call.getResultStream(false);
......@@ -382,6 +394,12 @@ public class UnicastServerRef extends UnicastRef
clearStackTraces(e);
}
out.writeObject(e);
// AccessExceptions should cause Transport.serviceCall
// to flag the connection as unusable.
if (origEx instanceof AccessException) {
throw new IOException("Connection is not reusable", origEx);
}
} finally {
call.releaseInputStream(); // in case skeleton doesn't
call.releaseOutputStream();
......@@ -413,62 +431,41 @@ public class UnicastServerRef extends UnicastRef
* Handle server-side dispatch using the RMI 1.1 stub/skeleton
* protocol, given a non-negative operation number that has
* already been read from the call stream.
* Exceptions are handled by the caller to be sent to the remote client.
*
* @param obj the target remote object for the call
* @param call the "remote call" from which operation and
* method arguments can be obtained.
* @param op the operation number
* @exception IOException if unable to marshal return result or
* @throws Exception if unable to marshal return result or
* release input or output streams
*/
public void oldDispatch(Remote obj, RemoteCall call, int op)
throws IOException
private void oldDispatch(Remote obj, RemoteCall call, int op)
throws Exception
{
long hash; // hash for matching stub with skeleton
// read remote call header
ObjectInput in;
in = call.getInputStream();
try {
// read remote call header
ObjectInput in;
try {
in = call.getInputStream();
try {
Class<?> clazz = Class.forName("sun.rmi.transport.DGCImpl_Skel");
if (clazz.isAssignableFrom(skel.getClass())) {
((MarshalInputStream)in).useCodebaseOnly();
}
} catch (ClassNotFoundException ignore) { }
hash = in.readLong();
} catch (Exception readEx) {
throw new UnmarshalException("error unmarshalling call header",
readEx);
Class<?> clazz = Class.forName("sun.rmi.transport.DGCImpl_Skel");
if (clazz.isAssignableFrom(skel.getClass())) {
((MarshalInputStream)in).useCodebaseOnly();
}
} catch (ClassNotFoundException ignore) { }
// if calls are being logged, write out object id and operation
logCall(obj, skel.getOperations()[op]);
unmarshalCustomCallData(in);
// dispatch to skeleton for remote object
skel.dispatch(obj, call, op, hash);
} catch (Throwable e) {
logCallException(e);
ObjectOutput out = call.getResultStream(false);
if (e instanceof Error) {
e = new ServerError(
"Error occurred in server thread", (Error) e);
} else if (e instanceof RemoteException) {
e = new ServerException(
"RemoteException occurred in server thread",
(Exception) e);
}
if (suppressStackTraces) {
clearStackTraces(e);
}
out.writeObject(e);
} finally {
call.releaseInputStream(); // in case skeleton doesn't
call.releaseOutputStream();
try {
hash = in.readLong();
} catch (Exception ioe) {
throw new UnmarshalException("error unmarshalling call header", ioe);
}
// if calls are being logged, write out object id and operation
logCall(obj, skel.getOperations()[op]);
unmarshalCustomCallData(in);
// dispatch to skeleton for remote object
skel.dispatch(obj, call, op, hash);
}
/**
......
src/share/classes/sun/security/ec/ECDSASignature.java
浏览文件 @ d904de00
/*
* Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -287,11 +287,15 @@ abstract class ECDSASignature extends SignatureSpi {
}
random.nextBytes(seed);
try {
// random bits needed for timing countermeasures
int timingArgument = random.nextInt();
// values must be non-zero to enable countermeasures
timingArgument |= 1;
try {
return encodeSignature(
signDigest(getDigestValue(), s, encodedParams, seed));
signDigest(getDigestValue(), s, encodedParams, seed,
timingArgument));
} catch (GeneralSecurityException e) {
throw new SignatureException("Could not sign data", e);
}
......@@ -418,11 +422,19 @@ abstract class ECDSASignature extends SignatureSpi {
* @param s the private key's S value.
* @param encodedParams the curve's DER encoded object identifier.
* @param seed the random seed.
* @param timing When non-zero, the implmentation will use timing
* countermeasures to hide secrets from timing channels. The EC
* implementation will disable the countermeasures when this value is
* zero, because the underlying EC functions are shared by several
* crypto operations, some of which do not use the countermeasures.
* The high-order 31 bits must be uniformly random. The entropy from
* these bits is used by the countermeasures.
*
* @return byte[] the signature.
*/
private static native byte[] signDigest(byte[] digest, byte[] s,
byte[] encodedParams, byte[] seed) throws GeneralSecurityException;
byte[] encodedParams, byte[] seed, int timing)
throws GeneralSecurityException;
/**
* Verifies the signed digest using the public key.
......
src/share/classes/sun/security/provider/DSA.java
浏览文件 @ d904de00
/*
* Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -67,6 +67,13 @@ abstract class DSA extends SignatureSpi {
/* Are we debugging? */
private static final boolean debug = false;
/* The number of bits used in exponent blinding */
private static final int BLINDING_BITS = 7;
/* The constant component of the exponent blinding value */
private static final BigInteger BLINDING_CONSTANT =
BigInteger.valueOf(1 << BLINDING_BITS);
/* The parameter object */
private DSAParams params;
......@@ -312,8 +319,19 @@ abstract class DSA extends SignatureSpi {
return null;
}
private BigInteger generateR(BigInteger p, BigInteger q, BigInteger g,
BigInteger k) {
// exponent blinding to hide information from timing channel
SecureRandom random = getSigningRandom();
// start with a random blinding component
BigInteger blindingValue = new BigInteger(BLINDING_BITS, random);
// add the fixed blinding component
blindingValue = blindingValue.add(BLINDING_CONSTANT);
// replace k with a blinded value that is congruent (mod q)
k = k.add(q.multiply(blindingValue));
BigInteger temp = g.modPow(k, p);
return temp.mod(q);
}
......@@ -378,43 +396,8 @@ abstract class DSA extends SignatureSpi {
byte[] kValue = new byte[(q.bitLength() + 7)/8 + 8];
random.nextBytes(kValue);
BigInteger k = new BigInteger(1, kValue).mod(
return new BigInteger(1, kValue).mod(
q.subtract(BigInteger.ONE)).add(BigInteger.ONE);
// Using an equivalent exponent of fixed length (same as q or 1 bit
// less than q) to keep the kG timing relatively constant.
//
// Note that this is an extra step on top of the approach defined in
// FIPS 186-4 AppendixB.2.1 so as to make a fixed length K.
k = k.add(q).divide(BigInteger.valueOf(2));
// An alternative implementation based on FIPS 186-4 AppendixB2.2
// with fixed-length K.
//
// Please keep it here as we may need to switch to it in the future.
//
// SecureRandom random = getSigningRandom();
// byte[] kValue = new byte[(q.bitLength() + 7)/8];
// BigInteger d = q.subtract(BigInteger.TWO);
// BigInteger k;
// do {
// random.nextBytes(kValue);
// BigInteger c = new BigInteger(1, kValue);
// if (c.compareTo(d) <= 0) {
// k = c.add(BigInteger.ONE);
// // Using an equivalent exponent of fixed length to keep
// // the g^k timing relatively constant.
// //
// // Note that this is an extra step on top of the approach
// // defined in FIPS 186-4 AppendixB.2.2 so as to make a
// // fixed length K.
// if (k.bitLength() >= q.bitLength()) {
// break;
// }
// }
// } while (true);
return k;
}
// Use the application-specified SecureRandom Object if provided.
......
src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java
浏览文件 @ d904de00
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -265,7 +265,7 @@ public final class LDAPCertStore extends CertStoreSpi {
*/
Hashtable<?,?> currentEnv = ctx.getEnvironment();
if (currentEnv.get(Context.REFERRAL) == null) {
ctx.addToEnvironment(Context.REFERRAL, "follow");
ctx.addToEnvironment(Context.REFERRAL, "follow-scheme");
}
} catch (NamingException e) {
if (debug != null) {
......
src/share/classes/sun/security/tools/keytool/Resources_sv.java
浏览文件 @ d904de00
/*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -55,7 +55,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
{"Changes.an.entry.s.alias",
"\u00C4ndrar postalias"}, //-changealias
{"Deletes.an.entry",
"Tar bort post"}, //-delete
"Tar bort en post"}, //-delete
{"Exports.certificate",
"Exporterar certifikat"}, //-exportcert
{"Generates.a.key.pair",
......@@ -175,7 +175,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
{"validity.number.of.days",
"antal dagar f\u00F6r giltighet"}, //-validity
{"Serial.ID.of.cert.to.revoke",
"Seriellt id f\u00F6r certifikat som ska \u00E5terkallas"}, //-id
"Serienummer p\u00E5 certifikat som ska \u00E5terkallas"}, //-id
// keytool: Running part
{"keytool.error.", "nyckelverktygsfel: "},
{"Illegal.option.", "Otill\u00E5tet alternativ: "},
......@@ -266,7 +266,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
"Certifikatet har inte lagts till i nyckellagret"},
{".Storing.ksfname.", "[Lagrar {0}]"},
{"alias.has.no.public.key.certificate.",
"{0} saknar offentlig nyckel (certifikat)"},
"{0} saknar \u00F6ppen nyckel (certifikat)"},
{"Cannot.derive.signature.algorithm",
"Kan inte h\u00E4rleda signaturalgoritm"},
{"Alias.alias.does.not.exist",
......@@ -316,7 +316,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
{"Failed.to.parse.input", "Kunde inte tolka indata"},
{"Empty.input", "Inga indata"},
{"Not.X.509.certificate", "Inte ett X.509-certifikat"},
{"alias.has.no.public.key", "{0} saknar offentlig nyckel"},
{"alias.has.no.public.key", "{0} saknar \u00F6ppen nyckel"},
{"alias.has.no.X.509.certificate", "{0} saknar X.509-certifikat"},
{"New.certificate.self.signed.", "Nytt certifikat (sj\u00E4lvsignerat):"},
{"Reply.has.no.certificates", "Svaret saknar certifikat"},
......@@ -371,7 +371,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
{".WARNING.WARNING.WARNING.",
"***************** WARNING WARNING WARNING *****************"},
{"Signer.d.", "Signerare #%d:"},
{"Signer.d.", "Undertecknare %d:"},
{"Timestamp.", "Tidsst\u00E4mpel:"},
{"Signature.", "Signatur:"},
{"CRLs.", "CRL:er:"},
......@@ -386,7 +386,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
"* Integriteten f\u00F6r den information som lagras i srckeystore*\n* har INTE verifierats! Om du vill verifiera dess integritet *\n* m\u00E5ste du ange l\u00F6senordet f\u00F6r srckeystore. *"},
{"Certificate.reply.does.not.contain.public.key.for.alias.",
"Certifikatsvaret inneh\u00E5ller inte n\u00E5gon offentlig nyckel f\u00F6r <{0}>"},
"Certifikatsvaret inneh\u00E5ller inte n\u00E5gon \u00F6ppen nyckel f\u00F6r <{0}>"},
{"Incomplete.certificate.chain.in.reply",
"Ofullst\u00E4ndig certifikatskedja i svaret"},
{"Certificate.chain.in.reply.does.not.verify.",
......@@ -417,7 +417,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
{".Empty.value.", "(Tomt v\u00E4rde)"},
{"Extension.Request.", "Till\u00E4ggsbeg\u00E4ran:"},
{"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.",
"PKCS #10 certifikatbeg\u00E4ran (version 1.0)\n\u00C4mne: %s\nAllm\u00E4n nyckel: %s-format %s-nyckel\n"},
"PKCS #10 certifikatbeg\u00E4ran (version 1.0)\n\u00C4rende: %s\n\u00D6ppen nyckel: %s-format %s-nyckel\n"},
{"Unknown.keyUsage.type.", "Ok\u00E4nd keyUsage-typ: "},
{"Unknown.extendedkeyUsage.type.", "Ok\u00E4nd extendedkeyUsage-typ: "},
{"Unknown.AccessDescription.type.", "Ok\u00E4nd AccessDescription-typ: "},
......
src/share/classes/sun/security/tools/policytool/Resources_sv.java
浏览文件 @ d904de00
......@@ -35,7 +35,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
private static final Object[][] contents = {
{"NEWLINE", "\n"},
{"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.",
"Varning! Det finns ingen offentlig nyckel f\u00F6r aliaset {0}. Kontrollera att det aktuella nyckellagret \u00E4r korrekt konfigurerat."},
"Varning! Det finns ingen \u00F6ppen nyckel f\u00F6r aliaset {0}. Kontrollera att det aktuella nyckellagret \u00E4r korrekt konfigurerat."},
{"Warning.Class.not.found.class", "Varning! Klassen hittades inte: {0}"},
{"Warning.Invalid.argument.s.for.constructor.arg",
"Varning! Ogiltiga argument f\u00F6r konstruktor: {0}"},
......@@ -59,8 +59,8 @@ public class Resources_sv extends java.util.ListResourceBundle {
{"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes",
"Varning! Filnamnet kan inneh\u00E5lla omv\u00E4nda snedstreck inom citattecken. Citattecken kr\u00E4vs inte f\u00F6r omv\u00E4nda snedstreck (verktyget hanterar detta n\u00E4r policyinneh\u00E5llet skrivs till det best\u00E4ndiga lagret).\n\nKlicka p\u00E5 Beh\u00E5ll f\u00F6r att beh\u00E5lla det angivna namnet, eller klicka p\u00E5 Redigera f\u00F6r att \u00E4ndra det."},
{"Add.Public.Key.Alias", "L\u00E4gg till offentligt nyckelalias"},
{"Remove.Public.Key.Alias", "Ta bort offentligt nyckelalias"},
{"Add.Public.Key.Alias", "L\u00E4gg till alias till \u00F6ppen nyckel"},
{"Remove.Public.Key.Alias", "Ta bort alias f\u00F6r \u00F6ppen nyckel"},
{"File", "&Arkiv"},
{"KeyStore", "&KeyStore"},
{"Policy.File.", "Policyfil:"},
......@@ -136,7 +136,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
{"provider.name", "leverant\u00F6rsnamn"},
{"url", "url"},
{"method.list", "metodlista"},
{"request.headers.list", "beg\u00E4ranrubriklista"},
{"request.headers.list", "lista \u00F6ver beg\u00E4randehuvuden"},
{"Principal.List", "Lista \u00F6ver identitetshavare"},
{"Permission.List", "Beh\u00F6righetslista"},
{"Code.Base", "Kodbas"},
......
src/share/classes/sun/security/util/AuthResources_sv.java
浏览文件 @ d904de00
/*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -137,7 +137,7 @@ public class AuthResources_sv extends java.util.ListResourceBundle {
// provided.null.name is the NullPointerException message when a
// developer incorrectly passes a null name to the constructor of
// subclasses of java.security.Principal
{"provided.null.name", "angav null-namn"}
{"provided.null.name", "null-namn angavs"}
};
......
src/share/classes/sun/security/util/Resources_sv.java
浏览文件 @ d904de00
/*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -53,9 +53,9 @@ public class Resources_sv extends java.util.ListResourceBundle {
"CredOwner:\n\tIdentitetshavareklass = {0}\n\tIdentitetshavarenamn = {1}"},
// javax.security.auth.x500
{"provided.null.name", "angav null-namn"},
{"provided.null.keyword.map", "nullnyckelordsmappning tillhandah\u00F6lls"},
{"provided.null.OID.map", "null-OID-mappning tillhandah\u00F6lls"},
{"provided.null.name", "null-namn angavs"},
{"provided.null.keyword.map", "nullnyckelordsmappning angavs"},
{"provided.null.OID.map", "null-OID-mappning angavs"},
// javax.security.auth.Subject
{"NEWLINE", "\n"},
......@@ -73,7 +73,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
"\tPrivat inloggning \u00E4r inte tillg\u00E4nglig\n"},
{"Subject.is.read.only", "Innehavare \u00E4r skrivskyddad"},
{"attempting.to.add.an.object.which.is.not.an.instance.of.java.security.Principal.to.a.Subject.s.Principal.Set",
"f\u00F6rs\u00F6k att l\u00E4gga till ett objekt som inte \u00E4r en f\u00F6rekomst av java.security.Principal till en upps\u00E4ttning av identitetshavare"},
"f\u00F6rs\u00F6k att l\u00E4gga till ett objekt som inte \u00E4r en instans av java.security.Principal till ett subjekts upps\u00E4ttning av identitetshavare"},
{"attempting.to.add.an.object.which.is.not.an.instance.of.class",
"f\u00F6rs\u00F6ker l\u00E4gga till ett objekt som inte \u00E4r en instans av {0}"},
......@@ -84,11 +84,11 @@ public class Resources_sv extends java.util.ListResourceBundle {
{"Invalid.null.input.name", "Ogiltiga null-indata: namn"},
{"No.LoginModules.configured.for.name",
"Inga inloggningsmoduler har konfigurerats f\u00F6r {0}"},
{"invalid.null.Subject.provided", "ogiltig null-innehavare"},
{"invalid.null.Subject.provided", "ogiltig null-subjekt"},
{"invalid.null.CallbackHandler.provided",
"ogiltig null-CallbackHandler"},
{"null.subject.logout.called.before.login",
"null-innehavare - utloggning anropades f\u00F6re inloggning"},
"null-subjekt - utloggning anropades f\u00F6re inloggning"},
{"unable.to.instantiate.LoginModule.module.because.it.does.not.provide.a.no.argument.constructor",
"kan inte instansiera LoginModule, {0}, eftersom den inte tillhandah\u00E5ller n\u00E5gon icke-argumentskonstruktor"},
{"unable.to.instantiate.LoginModule",
......@@ -148,12 +148,12 @@ public class Resources_sv extends java.util.ListResourceBundle {
// sun.security.pkcs11.SunPKCS11
{"PKCS11.Token.providerName.Password.",
"PKCS11-tecken [{0}] L\u00F6senord: "},
"L\u00F6senord f\u00F6r PKCS11-token [{0}]: "},
/* --- DEPRECATED --- */
// javax.security.auth.Policy
{"unable.to.instantiate.Subject.based.policy",
"den innehavarbaserade policyn kan inte skapas"}
"kan inte instansiera subjektbaserad policy"}
};
......
src/share/native/sun/security/ec/ECC_JNI.cpp
浏览文件 @ d904de00
/*
* Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -190,7 +190,7 @@ cleanup:
*/
JNIEXPORT jbyteArray
JNICALL Java_sun_security_ec_ECDSASignature_signDigest
(JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed)
(JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
{
jbyte* pDigestBuffer = NULL;
jint jDigestLength = env->GetArrayLength(digest);
......@@ -250,7 +250,7 @@ JNICALL Java_sun_security_ec_ECDSASignature_signDigest
// Sign the digest (using the supplied seed)
if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item,
(unsigned char *) pSeedBuffer, jSeedLength, 0) != SECSuccess) {
(unsigned char *) pSeedBuffer, jSeedLength, 0, timing) != SECSuccess) {
ThrowException(env, KEY_EXCEPTION);
goto cleanup;
}
......
src/share/native/sun/security/ec/impl/ec.c
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -34,7 +34,7 @@
* Dr Vipul Gupta <vipul.gupta@sun.com> and
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: November 2016
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "mplogic.h"
......@@ -87,7 +87,7 @@ ec_point_at_infinity(SECItem *pointP)
*/
SECStatus
ec_points_mul(const ECParams *params, const mp_int *k1, const mp_int *k2,
const SECItem *pointP, SECItem *pointQ, int kmflag)
const SECItem *pointP, SECItem *pointQ, int kmflag, int timing)
{
mp_int Px, Py, Qx, Qy;
mp_int Gx, Gy, order, irreducible, a, b;
......@@ -199,9 +199,9 @@ ec_points_mul(const ECParams *params, const mp_int *k1, const mp_int *k2,
goto cleanup;
if ((k2 != NULL) && (pointP != NULL)) {
CHECK_MPI_OK( ECPoints_mul(group, k1, k2, &Px, &Py, &Qx, &Qy) );
CHECK_MPI_OK( ECPoints_mul(group, k1, k2, &Px, &Py, &Qx, &Qy, timing) );
} else {
CHECK_MPI_OK( ECPoints_mul(group, k1, NULL, NULL, NULL, &Qx, &Qy) );
CHECK_MPI_OK( ECPoints_mul(group, k1, NULL, NULL, NULL, &Qx, &Qy, timing) );
}
/* Construct the SECItem representation of point Q */
......@@ -332,7 +332,8 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
CHECK_MPI_OK( mp_read_unsigned_octets(&k, key->privateValue.data,
(mp_size) len) );
rv = ec_points_mul(ecParams, &k, NULL, NULL, &(key->publicValue), kmflag);
/* key generation does not support timing mitigation */
rv = ec_points_mul(ecParams, &k, NULL, NULL, &(key->publicValue), kmflag, /*timing*/ 0);
if (rv != SECSuccess) goto cleanup;
*privKey = key;
......@@ -609,7 +610,8 @@ ECDH_Derive(SECItem *publicValue,
}
/* Multiply our private key and peer's public point */
if ((ec_points_mul(ecParams, NULL, &k, publicValue, &pointQ, kmflag) != SECSuccess) ||
/* ECDH doesn't support timing mitigation */
if ((ec_points_mul(ecParams, NULL, &k, publicValue, &pointQ, kmflag, /*timing*/ 0) != SECSuccess) ||
ec_point_at_infinity(&pointQ))
goto cleanup;
......@@ -644,7 +646,8 @@ cleanup:
*/
SECStatus
ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
const SECItem *digest, const unsigned char *kb, const int kblen, int kmflag)
const SECItem *digest, const unsigned char *kb, const int kblen, int kmflag,
int timing)
{
SECStatus rv = SECFailure;
mp_int x1;
......@@ -713,16 +716,6 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
goto cleanup;
}
/*
* Using an equivalent exponent of fixed length (same as n or 1 bit less
* than n) to keep the kG timing relatively constant.
*
* Note that this is an extra step on top of the approach defined in
* ANSI X9.62 so as to make a fixed length K.
*/
CHECK_MPI_OK( mp_add(&k, &n, &k) );
CHECK_MPI_OK( mp_div_2(&k, &k) );
/*
** ANSI X9.62, Section 5.3.2, Step 2
**
......@@ -731,7 +724,7 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
kGpoint.len = 2*flen + 1;
kGpoint.data = PORT_Alloc(2*flen + 1, kmflag);
if ((kGpoint.data == NULL) ||
(ec_points_mul(ecParams, &k, NULL, NULL, &kGpoint, kmflag)
(ec_points_mul(ecParams, &k, NULL, NULL, &kGpoint, kmflag, timing)
!= SECSuccess))
goto cleanup;
......@@ -853,7 +846,7 @@ cleanup:
*/
SECStatus
ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest,
const unsigned char* random, int randomLen, int kmflag)
const unsigned char* random, int randomLen, int kmflag, int timing)
{
SECStatus rv = SECFailure;
int len;
......@@ -871,7 +864,7 @@ ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest,
if (kBytes == NULL) goto cleanup;
/* Generate ECDSA signature with the specified k value */
rv = ECDSA_SignDigestWithSeed(key, signature, digest, kBytes, len, kmflag);
rv = ECDSA_SignDigestWithSeed(key, signature, digest, kBytes, len, kmflag, timing);
cleanup:
if (kBytes) {
......@@ -1017,7 +1010,8 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
** Here, A = u1.G B = u2.Q and C = A + B
** If the result, C, is the point at infinity, reject the signature
*/
if (ec_points_mul(ecParams, &u1, &u2, &key->publicValue, &pointC, kmflag)
/* verification does not support timing mitigation */
if (ec_points_mul(ecParams, &u1, &u2, &key->publicValue, &pointC, kmflag, /*timing*/ 0)
!= SECSuccess) {
rv = SECFailure;
goto cleanup;
......
src/share/native/sun/security/ec/impl/ec2.h
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -33,6 +33,7 @@
* Contributor(s):
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#ifndef _EC2_H
......@@ -79,7 +80,7 @@ mp_err ec_GF2m_pt_mul_aff(const mp_int *n, const mp_int *px,
* determines the field GF2m. Uses Montgomery projective coordinates. */
mp_err ec_GF2m_pt_mul_mont(const mp_int *n, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group);
const ECGroup *group, int timing);
#ifdef ECL_ENABLE_GF2M_PROJ
/* Converts a point P(px, py) from affine coordinates to projective
......
src/share/native/sun/security/ec/impl/ec2_aff.c
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -33,6 +33,7 @@
* Contributor(s):
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "ec2.h"
......@@ -329,7 +330,8 @@ ec_GF2m_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group)
/* 4: Verify that the order of the curve times the publicValue
* is the point at infinity.
*/
MP_CHECKOK( ECPoint_mul(group, &group->order, px, py, &pxt, &pyt) );
/* timing mitigation is not supported */
MP_CHECKOK( ECPoint_mul(group, &group->order, px, py, &pxt, &pyt, /*timing*/ 0) );
if (ec_GF2m_pt_is_inf_aff(&pxt, &pyt) != MP_YES) {
res = MP_NO;
goto CLEANUP;
......
src/share/native/sun/security/ec/impl/ec2_mont.c
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -35,6 +35,7 @@
* Stephen Fung <fungstep@hotmail.com>, and
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories.
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "ec2.h"
......@@ -181,10 +182,12 @@ gf2m_Mxy(const mp_int *x, const mp_int *y, mp_int *x1, mp_int *z1,
/* Computes R = nP based on algorithm 2P of Lopex, J. and Dahab, R. "Fast
* multiplication on elliptic curves over GF(2^m) without
* precomputation". Elliptic curve points P and R can be identical. Uses
* Montgomery projective coordinates. */
* Montgomery projective coordinates. The timing parameter is ignored
* because this algorithm resists timing attacks by default. */
mp_err
ec_GF2m_pt_mul_mont(const mp_int *n, const mp_int *px, const mp_int *py,
mp_int *rx, mp_int *ry, const ECGroup *group)
mp_int *rx, mp_int *ry, const ECGroup *group,
int timing)
{
mp_err res = MP_OKAY;
mp_int x1, x2, z1, z2;
......
src/share/native/sun/security/ec/impl/ecc_impl.h
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -34,7 +34,7 @@
* Dr Vipul Gupta <vipul.gupta@sun.com> and
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: November 2013
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#ifndef _ECC_IMPL_H
......@@ -258,7 +258,7 @@ extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
const unsigned char* random, int randomlen, int);
/* This function has been modified to accept an array of random bytes */
extern SECStatus ECDSA_SignDigest(ECPrivateKey *, SECItem *, const SECItem *,
const unsigned char* random, int randomlen, int);
const unsigned char* random, int randomlen, int, int timing);
extern SECStatus ECDSA_VerifyDigest(ECPublicKey *, const SECItem *,
const SECItem *, int);
extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t,
......
src/share/native/sun/security/ec/impl/ecl-priv.h
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -34,6 +34,7 @@
* Stephen Fung <fungstep@hotmail.com> and
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#ifndef _ECL_PRIV_H
......@@ -193,12 +194,13 @@ struct ECGroupStr {
mp_int *ry, const ECGroup *group);
mp_err (*point_mul) (const mp_int *n, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group);
const ECGroup *group, int timing);
mp_err (*base_point_mul) (const mp_int *n, mp_int *rx, mp_int *ry,
const ECGroup *group);
mp_err (*points_mul) (const mp_int *k1, const mp_int *k2,
const mp_int *px, const mp_int *py, mp_int *rx,
mp_int *ry, const ECGroup *group);
mp_int *ry, const ECGroup *group,
int timing);
mp_err (*validate_point) (const mp_int *px, const mp_int *py, const ECGroup *group);
/* Extra storage for implementation-specific data. Any memory
* allocated to these extra fields will be cleared by extra_free. */
......@@ -262,10 +264,12 @@ void ec_GFp_extra_free_mont(GFMethod *meth);
/* point multiplication */
mp_err ec_pts_mul_basic(const mp_int *k1, const mp_int *k2,
const mp_int *px, const mp_int *py, mp_int *rx,
mp_int *ry, const ECGroup *group);
mp_int *ry, const ECGroup *group,
int timing);
mp_err ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2,
const mp_int *px, const mp_int *py, mp_int *rx,
mp_int *ry, const ECGroup *group);
mp_int *ry, const ECGroup *group,
int timing);
/* Computes the windowed non-adjacent-form (NAF) of a scalar. Out should
* be an array of signed char's to output to, bitsize should be the number
......
src/share/native/sun/security/ec/impl/ecl.h
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -33,6 +33,7 @@
* Contributor(s):
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#ifndef _ECL_H
......@@ -70,7 +71,8 @@ void EC_FreeCurveParams(ECCurveParams * params);
* of the group of points on the elliptic curve. Input and output values
* are assumed to be NOT field-encoded. */
mp_err ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
const mp_int *py, mp_int *qx, mp_int *qy);
const mp_int *py, mp_int *qx, mp_int *qy,
int timing);
/* Elliptic curve scalar-point multiplication. Computes Q(x, y) = k1 * G +
* k2 * P(x, y), where G is the generator (base point) of the group of
......@@ -78,7 +80,7 @@ mp_err ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
* be NOT field-encoded. */
mp_err ECPoints_mul(const ECGroup *group, const mp_int *k1,
const mp_int *k2, const mp_int *px, const mp_int *py,
mp_int *qx, mp_int *qy);
mp_int *qx, mp_int *qy, int timing);
/* Validates an EC public key as described in Section 5.2.2 of X9.62.
* Returns MP_YES if the public key is valid, MP_NO if the public key
......
src/share/native/sun/security/ec/impl/ecl_mult.c
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -49,7 +49,8 @@
* are assumed to be NOT field-encoded. */
mp_err
ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry)
const mp_int *py, mp_int *rx, mp_int *ry,
int timing)
{
mp_err res = MP_OKAY;
mp_int kt;
......@@ -74,15 +75,15 @@ ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
} else {
MP_CHECKOK(group->
point_mul(&kt, &group->genx, &group->geny, rx, ry,
group));
group, timing));
}
} else {
if (group->meth->field_enc) {
MP_CHECKOK(group->meth->field_enc(px, rx, group->meth));
MP_CHECKOK(group->meth->field_enc(py, ry, group->meth));
MP_CHECKOK(group->point_mul(&kt, rx, ry, rx, ry, group));
MP_CHECKOK(group->point_mul(&kt, rx, ry, rx, ry, group, timing));
} else {
MP_CHECKOK(group->point_mul(&kt, px, py, rx, ry, group));
MP_CHECKOK(group->point_mul(&kt, px, py, rx, ry, group, timing));
}
}
if (group->meth->field_dec) {
......@@ -104,7 +105,7 @@ ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
mp_err
ec_pts_mul_basic(const mp_int *k1, const mp_int *k2, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group)
const ECGroup *group, int timing)
{
mp_err res = MP_OKAY;
mp_int sx, sy;
......@@ -116,9 +117,9 @@ ec_pts_mul_basic(const mp_int *k1, const mp_int *k2, const mp_int *px,
/* if some arguments are not defined used ECPoint_mul */
if (k1 == NULL) {
return ECPoint_mul(group, k2, px, py, rx, ry);
return ECPoint_mul(group, k2, px, py, rx, ry, timing);
} else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
return ECPoint_mul(group, k1, NULL, NULL, rx, ry, timing);
}
MP_DIGITS(&sx) = 0;
......@@ -126,8 +127,8 @@ ec_pts_mul_basic(const mp_int *k1, const mp_int *k2, const mp_int *px,
MP_CHECKOK(mp_init(&sx, FLAG(k1)));
MP_CHECKOK(mp_init(&sy, FLAG(k1)));
MP_CHECKOK(ECPoint_mul(group, k1, NULL, NULL, &sx, &sy));
MP_CHECKOK(ECPoint_mul(group, k2, px, py, rx, ry));
MP_CHECKOK(ECPoint_mul(group, k1, NULL, NULL, &sx, &sy, timing));
MP_CHECKOK(ECPoint_mul(group, k2, px, py, rx, ry, timing));
if (group->meth->field_enc) {
MP_CHECKOK(group->meth->field_enc(&sx, &sx, group->meth));
......@@ -159,7 +160,7 @@ ec_pts_mul_basic(const mp_int *k1, const mp_int *k2, const mp_int *px,
mp_err
ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group)
const ECGroup *group, int timing)
{
mp_err res = MP_OKAY;
mp_int precomp[4][4][2];
......@@ -174,9 +175,9 @@ ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px,
/* if some arguments are not defined used ECPoint_mul */
if (k1 == NULL) {
return ECPoint_mul(group, k2, px, py, rx, ry);
return ECPoint_mul(group, k2, px, py, rx, ry, timing);
} else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
return ECPoint_mul(group, k1, NULL, NULL, rx, ry, timing);
}
/* initialize precomputation table */
......@@ -308,7 +309,8 @@ ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px,
* Input and output values are assumed to be NOT field-encoded. */
mp_err
ECPoints_mul(const ECGroup *group, const mp_int *k1, const mp_int *k2,
const mp_int *px, const mp_int *py, mp_int *rx, mp_int *ry)
const mp_int *px, const mp_int *py, mp_int *rx, mp_int *ry,
int timing)
{
mp_err res = MP_OKAY;
mp_int k1t, k2t;
......@@ -345,9 +347,9 @@ ECPoints_mul(const ECGroup *group, const mp_int *k1, const mp_int *k2,
/* if points_mul is defined, then use it */
if (group->points_mul) {
res = group->points_mul(k1p, k2p, px, py, rx, ry, group);
res = group->points_mul(k1p, k2p, px, py, rx, ry, group, timing);
} else {
res = ec_pts_mul_simul_w2(k1p, k2p, px, py, rx, ry, group);
res = ec_pts_mul_simul_w2(k1p, k2p, px, py, rx, ry, group, timing);
}
CLEANUP:
......
src/share/native/sun/security/ec/impl/ecp.h
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -33,6 +33,7 @@
* Contributor(s):
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#ifndef _ECP_H
......@@ -122,7 +123,7 @@ mp_err ec_GFp_pt_mul_jac(const mp_int *n, const mp_int *px,
mp_err
ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group);
const ECGroup *group, int timing);
/* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic
* curve points P and R can be identical. Uses mixed Modified-Jacobian
......@@ -131,9 +132,13 @@ mp_err
* returns output that is still field-encoded. Uses 5-bit window NAF
* method (algorithm 11) for scalar-point multiplication from Brown,
* Hankerson, Lopez, Menezes. Software Implementation of the NIST Elliptic
* Curves Over Prime Fields. */
* Curves Over Prime Fields. The implementation includes a countermeasure
* that attempts to hide the size of n from timing channels. This counter-
* measure is enabled using the timing argument. The high-rder bits of timing
* must be uniformly random in order for this countermeasure to work. */
mp_err
ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
mp_int *rx, mp_int *ry, const ECGroup *group);
mp_int *rx, mp_int *ry, const ECGroup *group,
int timing);
#endif /* _ECP_H */
src/share/native/sun/security/ec/impl/ecp_aff.c
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -38,6 +38,7 @@
* Nils Larsch <nla@trustcenter.de>, and
* Lenka Fibikova <fibikova@exp-math.uni-essen.de>, the OpenSSL Project
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "ecp.h"
......@@ -340,7 +341,8 @@ ec_GFp_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group)
/* 4: Verify that the order of the curve times the publicValue
* is the point at infinity.
*/
MP_CHECKOK( ECPoint_mul(group, &group->order, px, py, &pxt, &pyt) );
/* timing mitigation is not supported */
MP_CHECKOK( ECPoint_mul(group, &group->order, px, py, &pxt, &pyt, /*timing*/ 0) );
if (ec_GFp_pt_is_inf_aff(&pxt, &pyt) != MP_YES) {
res = MP_NO;
goto CLEANUP;
......
src/share/native/sun/security/ec/impl/ecp_jac.c
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -38,6 +38,7 @@
* Nils Larsch <nla@trustcenter.de>, and
* Lenka Fibikova <fibikova@exp-math.uni-essen.de>, the OpenSSL Project
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "ecp.h"
......@@ -180,6 +181,15 @@ ec_GFp_pt_add_jac_aff(const mp_int *px, const mp_int *py, const mp_int *pz,
MP_CHECKOK(group->meth->field_mul(&A, qx, &A, group->meth));
MP_CHECKOK(group->meth->field_mul(&B, qy, &B, group->meth));
/*
* Additional checks for point equality and point at infinity
*/
if (mp_cmp(px, &A) == 0 && mp_cmp(py, &B) == 0) {
/* POINT_DOUBLE(P) */
MP_CHECKOK(ec_GFp_pt_dbl_jac(px, py, pz, rx, ry, rz, group));
goto CLEANUP;
}
/* C = A - px, D = B - py */
MP_CHECKOK(group->meth->field_sub(&A, px, &C, group->meth));
MP_CHECKOK(group->meth->field_sub(&B, py, &D, group->meth));
......@@ -406,7 +416,7 @@ ec_GFp_pt_mul_jac(const mp_int *n, const mp_int *px, const mp_int *py,
mp_err
ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group)
const ECGroup *group, int timing)
{
mp_err res = MP_OKAY;
mp_int precomp[4][4][2];
......@@ -430,9 +440,9 @@ ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
/* if some arguments are not defined used ECPoint_mul */
if (k1 == NULL) {
return ECPoint_mul(group, k2, px, py, rx, ry);
return ECPoint_mul(group, k2, px, py, rx, ry, timing);
} else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
return ECPoint_mul(group, k1, NULL, NULL, rx, ry, timing);
}
/* initialize precomputation table */
......
src/share/native/sun/security/ec/impl/ecp_jm.c
浏览文件 @ d904de00
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -33,6 +33,7 @@
* Contributor(s):
* Stephen Fung <fungstep@hotmail.com>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "ecp.h"
......@@ -165,6 +166,16 @@ ec_GFp_pt_add_jm_aff(const mp_int *px, const mp_int *py, const mp_int *pz,
MP_CHECKOK(group->meth->field_mul(A, qx, A, group->meth));
MP_CHECKOK(group->meth->field_mul(B, qy, B, group->meth));
/*
* Additional checks for point equality and point at infinity
*/
if (mp_cmp(px, A) == 0 && mp_cmp(py, B) == 0) {
/* POINT_DOUBLE(P) */
MP_CHECKOK(ec_GFp_pt_dbl_jm(px, py, pz, paz4, rx, ry, rz, raz4,
scratch, group));
goto CLEANUP;
}
/* C = A - px, D = B - py */
MP_CHECKOK(group->meth->field_sub(A, px, C, group->meth));
MP_CHECKOK(group->meth->field_sub(B, py, D, group->meth));
......@@ -213,19 +224,23 @@ CLEANUP:
* Curves Over Prime Fields. */
mp_err
ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
mp_int *rx, mp_int *ry, const ECGroup *group)
mp_int *rx, mp_int *ry, const ECGroup *group,
int timing)
{
mp_err res = MP_OKAY;
mp_int precomp[16][2], rz, tpx, tpy;
mp_int raz4;
mp_int precomp[16][2], rz, tpx, tpy, tpz;
mp_int raz4, tpaz4;
mp_int scratch[MAX_SCRATCH];
signed char *naf = NULL;
int i, orderBitSize;
int numDoubles, numAdds, extraDoubles, extraAdds;
MP_DIGITS(&rz) = 0;
MP_DIGITS(&raz4) = 0;
MP_DIGITS(&tpx) = 0;
MP_DIGITS(&tpy) = 0;
MP_DIGITS(&tpz) = 0;
MP_DIGITS(&tpaz4) = 0;
for (i = 0; i < 16; i++) {
MP_DIGITS(&precomp[i][0]) = 0;
MP_DIGITS(&precomp[i][1]) = 0;
......@@ -239,7 +254,9 @@ ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
/* initialize precomputation table */
MP_CHECKOK(mp_init(&tpx, FLAG(n)));
MP_CHECKOK(mp_init(&tpy, FLAG(n)));;
MP_CHECKOK(mp_init(&tpy, FLAG(n)));
MP_CHECKOK(mp_init(&tpz, FLAG(n)));
MP_CHECKOK(mp_init(&tpaz4, FLAG(n)));
MP_CHECKOK(mp_init(&rz, FLAG(n)));
MP_CHECKOK(mp_init(&raz4, FLAG(n)));
......@@ -295,19 +312,64 @@ ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
/* Compute 5NAF */
ec_compute_wNAF(naf, orderBitSize, n, 5);
numAdds = 0;
numDoubles = orderBitSize;
/* wNAF method */
for (i = orderBitSize; i >= 0; i--) {
if (ec_GFp_pt_is_inf_jac(rx, ry, &rz) == MP_YES) {
numDoubles--;
}
/* R = 2R */
ec_GFp_pt_dbl_jm(rx, ry, &rz, &raz4, rx, ry, &rz,
&raz4, scratch, group);
if (naf[i] != 0) {
ec_GFp_pt_add_jm_aff(rx, ry, &rz, &raz4,
&precomp[(naf[i] + 15) / 2][0],
&precomp[(naf[i] + 15) / 2][1], rx, ry,
&rz, &raz4, scratch, group);
numAdds++;
}
}
/* extra operations to make timing less dependent on secrets */
if (timing) {
/* low-order bit of timing argument contains no entropy */
timing >>= 1;
MP_CHECKOK(ec_GFp_pt_set_inf_jac(&tpx, &tpy, &tpz));
mp_zero(&tpaz4);
/* Set the temp value to a non-infinite point */
ec_GFp_pt_add_jm_aff(&tpx, &tpy, &tpz, &tpaz4,
&precomp[8][0],
&precomp[8][1], &tpx, &tpy,
&tpz, &tpaz4, scratch, group);
/* two bits of extra adds */
extraAdds = timing & 0x3;
timing >>= 2;
/* Window size is 5, so the maximum number of additions is ceil(orderBitSize/5) */
/* This is the same as (orderBitSize + 4) / 5 */
for(i = numAdds; i <= (orderBitSize + 4) / 5 + extraAdds; i++) {
ec_GFp_pt_add_jm_aff(&tpx, &tpy, &tpz, &tpaz4,
&precomp[9 + (i % 3)][0],
&precomp[9 + (i % 3)][1], &tpx, &tpy,
&tpz, &tpaz4, scratch, group);
}
/* two bits of extra doubles */
extraDoubles = timing & 0x3;
timing >>= 2;
for(i = numDoubles; i <= orderBitSize + extraDoubles; i++) {
ec_GFp_pt_dbl_jm(&tpx, &tpy, &tpz, &tpaz4, &tpx, &tpy, &tpz,
&tpaz4, scratch, group);
}
}
/* convert result S to affine coordinates */
MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, group));
......@@ -321,6 +383,8 @@ ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
}
mp_clear(&tpx);
mp_clear(&tpy);
mp_clear(&tpz);
mp_clear(&tpaz4);
mp_clear(&rz);
mp_clear(&raz4);
#ifdef _KERNEL
......
src/windows/native/sun/windows/ShellFolder2.cpp
浏览文件 @ d904de00
/*
* Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -192,14 +192,19 @@ static BOOL initShellProcs()
static jstring jstringFromSTRRET(JNIEnv* env, LPITEMIDLIST pidl, STRRET* pStrret) {
switch (pStrret->uType) {
case STRRET_CSTR :
return JNU_NewStringPlatform(env, reinterpret_cast<const char*>(pStrret->cStr));
if (pStrret->cStr != NULL) {
return JNU_NewStringPlatform(env, reinterpret_cast<const char*>(pStrret->cStr));
}
break;
case STRRET_OFFSET :
// Note : this may need to be WCHAR instead
return JNU_NewStringPlatform(env,
(CHAR*)pidl + pStrret->uOffset);
case STRRET_WSTR :
return env->NewString(reinterpret_cast<const jchar*>(pStrret->pOleStr),
static_cast<jsize>(wcslen(pStrret->pOleStr)));
if (pStrret->pOleStr != NULL) {
return env->NewString(reinterpret_cast<const jchar*>(pStrret->pOleStr),
static_cast<jsize>(wcslen(pStrret->pOleStr)));
}
}
return NULL;
}
......
test/java/rmi/activation/nonLocalActivation/NonLocalActivationTest.java 0 → 100644
浏览文件 @ d904de00
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.net.InetAddress;
import java.rmi.AccessException;
import java.rmi.activation.ActivationSystem;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.util.Set;
import java.util.HashSet;
/*
* @test
* @bug 8174770
* @summary Verify that ActivationSystem rejects non-local access.
* The test is manual because the (non-local) host running rmid must be supplied as a property.
* @run main/manual/othervm -Dactivation.host=rmid-host NonLocalActivationTest
*/
/**
* Lookup the ActivationSystem on a different host and invoke its remote interface methods.
* They should all throw an exception, non-local access is prohibited.
*
* This test is a manual test and uses rmid running on a *different* host.
* The default port (1098) for the Activation System is ok and expected.
* Login or ssh to the different host and invoke {@code $JDK_HOME/bin/rmid}.
* It will not show any output.
*
* On the first host modify the @run command above to replace "rmid-host"
* with the hostname or IP address of the different host and run the test with jtreg.
*/
public class NonLocalActivationTest
{
public static void main(String[] args) throws Exception {
String host = System.getProperty("activation.host");
if (host == null || host.isEmpty()) {
throw new RuntimeException("Specify host with system property: -Dactivation.host=<host>");
}
// Check if running the test on a local system; it only applies to remote
String myHostName = InetAddress.getLocalHost().getHostName();
Set<InetAddress> myAddrs = new HashSet<>();
InetAddress[] myAddrsArr = InetAddress.getAllByName(myHostName);
for (InetAddress a : myAddrsArr) {
myAddrs.add(a);
}
Set<InetAddress> hostAddrs = new HashSet<>();
InetAddress[] hostAddrsArr = InetAddress.getAllByName(host);
for (InetAddress a : hostAddrsArr) {
hostAddrs.add(a);
}
if (hostAddrs.stream().anyMatch(i -> myAddrs.contains(i))
|| hostAddrs.stream().anyMatch(h -> h.isLoopbackAddress())) {
throw new RuntimeException("Error: property 'activation.host' must not be the local host%n");
}
// Locate the registry operated by the ActivationSystem
// Test SystemRegistryImpl
Registry registry = LocateRegistry.getRegistry(host, ActivationSystem.SYSTEM_PORT);
try {
// Verify it is an ActivationSystem registry
registry.lookup("java.rmi.activation.ActivationSystem");
} catch (Exception nf) {
throw new RuntimeException("Not a ActivationSystem registry, does not contain java.rmi.activation.ActivationSystem", nf);
}
try {
registry.bind("foo", null);
throw new RuntimeException("Remote access should not succeed for method: bind");
} catch (Exception e) {
assertIsAccessException(e, "Registry.bind");
}
try {
registry.rebind("foo", null);
throw new RuntimeException("Remote access should not succeed for method: rebind");
} catch (Exception e) {
assertIsAccessException(e, "Registry.rebind");
}
try {
registry.unbind("foo");
throw new RuntimeException("Remote access should not succeed for method: unbind");
} catch (Exception e) {
assertIsAccessException(e, "Registry.unbind");
}
// Locate the ActivationSystem on the specified host and default port.
// Test each of the ActivationSystem methods
ActivationSystem as = (ActivationSystem) registry.lookup("java.rmi.activation.ActivationSystem");
// Argument is not material, access check is before arg processing
try {
as.registerGroup(null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.getActivationDesc(null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.getActivationGroupDesc(null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.registerObject(null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.unregisterGroup(null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.unregisterObject(null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.setActivationDesc(null, null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.setActivationGroupDesc(null, null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
}
/**
* Check the exception chain for the expected AccessException and message.
* @param ex the exception from the remote invocation.
*/
private static void assertIsAccessException(Exception ex, String msg1) {
Throwable t = ex;
System.out.println();
while (!(t instanceof AccessException) && t.getCause() != null) {
t = t.getCause();
}
if (t instanceof AccessException) {
String msg = t.getMessage();
int asIndex = msg.indexOf(msg1);
int disallowIndex = msg.indexOf("disallowed");
int nonLocalHostIndex = msg.indexOf("non-local host");
if (asIndex < 0 ||
disallowIndex < 0 ||
nonLocalHostIndex < 0 ) {
throw new RuntimeException("exception message is malformed", t);
}
System.out.printf("Found expected AccessException: %s%n", t);
} else {
throw new RuntimeException("AccessException did not occur", ex);
}
}
}
test/java/rmi/registry/nonLocalRegistry/NonLocalRegistryTest.java 0 → 100644
浏览文件 @ d904de00
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.net.InetAddress;
import java.rmi.AccessException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.util.Set;
import java.util.HashSet;
/* @test
* @bug 8174770
* @summary Verify that Registry rejects non-local access for bind, unbind, rebind.
* The test is manual because the (non-local) host running rmiregistry must be supplied as a property.
* @run main/othervm/manual -Dregistry.host=rmi-registry-host NonLocalRegistryTest
*/
/**
* Verify that access checks for Registry.bind(), .rebind(), and .unbind()
* are prevented on remote access to the registry.
*
* This test is a manual test and uses a standard rmiregistry running
* on a *different* host.
* The test verifies that the access check is performed *before* the object to be
* bound or rebound is deserialized.
*
* Login or ssh to the different host and invoke {@code $JDK_HOME/bin/rmiregistry}.
* It will not show any output.
*
* On the first host modify the @run command above to replace "rmi-registry-host"
* with the hostname or IP address of the different host and run the test with jtreg.
*/
public class NonLocalRegistryTest {
public static void main(String[] args) throws Exception {
String host = System.getProperty("registry.host");
if (host == null || host.isEmpty()) {
throw new RuntimeException("Specify host with system property: -Dregistry.host=<host>");
}
// Check if running the test on a local system; it only applies to remote
String myHostName = InetAddress.getLocalHost().getHostName();
Set<InetAddress> myAddrs = new HashSet<>();
InetAddress[] myAddrsArr = InetAddress.getAllByName(myHostName);
for (InetAddress a : myAddrsArr) {
myAddrs.add(a);
}
Set<InetAddress> hostAddrs = new HashSet<>();
InetAddress[] hostAddrsArr = InetAddress.getAllByName(host);
for (InetAddress a : hostAddrsArr) {
hostAddrs.add(a);
}
if (hostAddrs.stream().anyMatch(i -> myAddrs.contains(i))
|| hostAddrs.stream().anyMatch(h -> h.isLoopbackAddress())) {
throw new RuntimeException("Error: property 'registry.host' must not be the local host%n");
}
Registry registry = LocateRegistry.getRegistry(host, Registry.REGISTRY_PORT);
try {
registry.bind("foo", null);
throw new RuntimeException("Remote access should not succeed for method: bind");
} catch (Exception e) {
assertIsAccessException(e);
}
try {
registry.rebind("foo", null);
throw new RuntimeException("Remote access should not succeed for method: rebind");
} catch (Exception e) {
assertIsAccessException(e);
}
try {
registry.unbind("foo");
throw new RuntimeException("Remote access should not succeed for method: unbind");
} catch (Exception e) {
assertIsAccessException(e);
}
}
/**
* Check the exception chain for the expected AccessException and message.
* @param ex the exception from the remote invocation.
*/
private static void assertIsAccessException(Throwable ex) {
Throwable t = ex;
while (!(t instanceof AccessException) && t.getCause() != null) {
t = t.getCause();
}
if (t instanceof AccessException) {
String msg = t.getMessage();
int asIndex = msg.indexOf("Registry");
int rrIndex = msg.indexOf("Registry.Registry"); // Obsolete error text
int disallowIndex = msg.indexOf("disallowed");
int nonLocalHostIndex = msg.indexOf("non-local host");
if (asIndex < 0 ||
rrIndex != -1 ||
disallowIndex < 0 ||
nonLocalHostIndex < 0 ) {
throw new RuntimeException("exception message is malformed", t);
}
System.out.printf("Found expected AccessException: %s%n%n", t);
} else {
throw new RuntimeException("AccessException did not occur when expected", ex);
}
}
}
test/java/rmi/registry/serialFilter/RegistryFilterTest.java
浏览文件 @ d904de00
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -21,24 +21,18 @@
* questions.
*/
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.rmi.AlreadyBoundException;
import java.rmi.MarshalledObject;
import java.rmi.NotBoundException;
import java.rmi.Remote;
import java.rmi.RemoteException;
import java.rmi.AlreadyBoundException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.util.Objects;
import java.security.Security;
import java.util.Objects;
import org.testng.Assert;
import org.testng.TestNG;
......@@ -57,7 +51,8 @@ import org.testng.annotations.Test;
* @summary Test filters for the RMI Registry
* @run testng/othervm RegistryFilterTest
* @run testng/othervm
* -Dsun.rmi.registry.registryFilter=!java.lang.Long;!RegistryFilterTest$RejectableClass
* -Dsun.rmi.registry.registryFilter=!java.lang.Long;!RegistryFilterTest$RejectableClass;maxdepth=19
* -Dtest.maxdepth=19
* RegistryFilterTest
* @run testng/othervm/policy=security.policy
* -Djava.security.properties=${test.src}/java.security-extra1
......@@ -68,6 +63,8 @@ public class RegistryFilterTest {
private static int port;
private static Registry registry;
static final int REGISTRY_MAX_DEPTH = 20;
static final int REGISTRY_MAX_ARRAY = 10000;
static final String registryFilter =
......@@ -125,7 +122,7 @@ public class RegistryFilterTest {
/*
* Test registry rejects an object with the max array size + 1.
* Test registry rejects an object with the max array size + 1.
*/
@Test(dataProvider="bindData")
public void simpleBind(String name, Remote obj, boolean blacklisted) throws RemoteException, AlreadyBoundException, NotBoundException {
......@@ -139,9 +136,9 @@ public class RegistryFilterTest {
}
/*
* Test registry rejects an object with a well known class
* if blacklisted in the security properties.
*/
* Test registry rejects an object with a well known class
* if blacklisted in the security properties.
*/
@Test
public void simpleRejectableClass() throws RemoteException, AlreadyBoundException, NotBoundException {
RejectableClass r1 = null;
......@@ -150,9 +147,46 @@ public class RegistryFilterTest {
r1 = new RejectableClass();
registry.bind(name, r1);
registry.unbind(name);
Assert.assertNull(registryFilter, "Registry filter should not have rejected");
Assert.assertNull(registryFilter, "Registry filter should have rejected");
} catch (Exception rex) {
Assert.assertNotNull(registryFilter, "Registry filter should have rejected");
Assert.assertNotNull(registryFilter, "Registry filter should not have rejected");
}
}
/*
* Test registry does not reject an object with depth at the built-in limit.
*/
@Test
public void simpleDepthBuiltinNonRejectable() throws RemoteException, AlreadyBoundException, NotBoundException {
int depthOverride = Integer.getInteger("test.maxdepth", REGISTRY_MAX_DEPTH);
depthOverride = Math.min(depthOverride, REGISTRY_MAX_DEPTH);
System.out.printf("overrideDepth: %d, filter: %s%n", depthOverride, registryFilter);
try {
String name = "reject2";
DepthRejectableClass r1 = DepthRejectableClass.create(depthOverride);
registry.bind(name, r1);
registry.unbind(name);
} catch (Exception rex) {
Assert.fail("Registry filter should not have rejected depth: "
+ depthOverride);
}
}
/*
* Test registry rejects an object with depth at the limit + 1.
*/
@Test
public void simpleDepthRejectable() throws RemoteException, AlreadyBoundException, NotBoundException {
int depthOverride = Integer.getInteger("test.maxdepth", REGISTRY_MAX_DEPTH);
depthOverride = Math.min(depthOverride, REGISTRY_MAX_DEPTH);
System.out.printf("overrideDepth: %d, filter: %s%n", depthOverride, registryFilter);
try {
String name = "reject3";
DepthRejectableClass r1 = DepthRejectableClass.create(depthOverride + 1);
registry.bind(name, r1);
Assert.fail("Registry filter should have rejected depth: " + depthOverride + 1);
} catch (Exception rex) {
// Rejection expected
}
}
......@@ -173,6 +207,7 @@ public class RegistryFilterTest {
return super.toString() + "//" + Objects.toString(obj);
}
}
/**
* A simple Serializable Remote object that is passed by value.
* It and its contents are checked by the Registry serial filter.
......@@ -183,4 +218,25 @@ public class RegistryFilterTest {
RejectableClass() {}
}
/**
* A simple Serializable Remote object that is passed by value.
* It and its contents are checked by the Registry serial filter.
*/
static class DepthRejectableClass implements Serializable, Remote {
private static final long serialVersionUID = 362498820763181264L;
private final DepthRejectableClass next;
private DepthRejectableClass(DepthRejectableClass next) {
this.next = next;
}
static DepthRejectableClass create(int depth) {
DepthRejectableClass next = new DepthRejectableClass(null);
for (int i = 1; i < depth; i++) {
next = new DepthRejectableClass(next);
}
return next;
}
}
}
test/javax/management/remote/nonLocalAccess/NonLocalJMXRemoteTest.java 0 → 100644
浏览文件 @ d904de00
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.net.InetAddress;
import java.rmi.AccessException;
import java.rmi.NotBoundException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.util.Set;
import java.util.HashSet;
/* @test
* @bug 8174770
* @summary Verify that JMX Registry rejects non-local access for bind, unbind, rebind.
* The test is manual because the (non-local) host and port running JMX must be supplied as properties.
* @run main/othervm/manual -Djmx-registry.host=jmx-registry-host -Djmx-registry.port=jmx-registry-port NonLocalJMXRemoteTest
*/
/**
* Verify that access checks for the Registry exported by JMX Registry.bind(),
* .rebind(), and .unbind() are prevented on remote access to the registry.
* The test verifies that the access check is performed *before* the object to be
* bound or rebound is deserialized.
* This tests the SingleEntryRegistry implemented by JMX.
* This test is a manual test and uses JMX running on a *different* host.
* JMX can be enabled in any Java runtime; for example:
* login or ssh to the different host and invoke rmiregistry with arguments below.
* It will not show any output.
* {@code $JDK_HOME/bin/rmiregistry \
* -J-Dcom.sun.management.jmxremote.port=8888 \
* -J-Dcom.sun.management.jmxremote.local.only=false \
* -J-Dcom.sun.management.jmxremote.ssl=false \
* -J-Dcom.sun.management.jmxremote.authenticate=false
* }
* On the first host modify the @run command above to replace "jmx-registry-host"
* with the hostname or IP address of the different host and run the test with jtreg.
*/
public class NonLocalJMXRemoteTest {
public static void main(String[] args) throws Exception {
String host = System.getProperty("jmx-registry.host");
if (host == null || host.isEmpty()) {
throw new RuntimeException("Specify host with system property: -Djmx-registry.host=<host>");
}
int port = Integer.getInteger("jmx-registry.port", -1);
if (port <= 0) {
throw new RuntimeException("Specify port with system property: -Djmx-registry.port=<port>");
}
// Check if running the test on a local system; it only applies to remote
String myHostName = InetAddress.getLocalHost().getHostName();
Set<InetAddress> myAddrs = new HashSet<>();
InetAddress[] myAddrsArr = InetAddress.getAllByName(myHostName);
for (InetAddress a : myAddrsArr) {
myAddrs.add(a);
}
Set<InetAddress> hostAddrs = new HashSet<>();
InetAddress[] hostAddrsArr = InetAddress.getAllByName(host);
for (InetAddress a : hostAddrsArr) {
hostAddrs.add(a);
}
if (hostAddrs.stream().anyMatch(i -> myAddrs.contains(i))
|| hostAddrs.stream().anyMatch(h -> h.isLoopbackAddress())) {
throw new RuntimeException("Error: property 'jmx-registry.host' must not be the local host%n");
}
Registry registry = LocateRegistry.getRegistry(host, port);
try {
// Verify it is a JMX Registry
registry.lookup("jmxrmi");
} catch (NotBoundException nf) {
throw new RuntimeException("Not a JMX registry, jmxrmi is not bound", nf);
}
try {
registry.bind("foo", null);
throw new RuntimeException("Remote access should not succeed for method: bind");
} catch (Exception e) {
assertIsAccessException(e);
}
try {
registry.rebind("foo", null);
throw new RuntimeException("Remote access should not succeed for method: rebind");
} catch (Exception e) {
assertIsAccessException(e);
}
try {
registry.unbind("foo");
throw new RuntimeException("Remote access should not succeed for method: unbind");
} catch (Exception e) {
assertIsAccessException(e);
}
}
/**
* Check the exception chain for the expected AccessException and message.
* @param ex the exception from the remote invocation.
*/
private static void assertIsAccessException(Throwable ex) {
Throwable t = ex;
while (!(t instanceof AccessException) && t.getCause() != null) {
t = t.getCause();
}
if (t instanceof AccessException) {
String msg = t.getMessage();
int asIndex = msg.indexOf("Registry");
int disallowIndex = msg.indexOf("disallowed");
int nonLocalHostIndex = msg.indexOf("non-local host");
if (asIndex < 0 ||
disallowIndex < 0 ||
nonLocalHostIndex < 0 ) {
throw new RuntimeException("exception message is malformed", t);
}
System.out.printf("Found expected AccessException: %s%n%n", t);
} else {
throw new RuntimeException("AccessException did not occur when expected", ex);
}
}
}
test/javax/swing/JFileChooser/GodMode/JFileChooserTest.java 0 → 100644
浏览文件 @ d904de00
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8179014
* @requires (os.family == "Windows")
* @summary Check if JFileChooser crashes with GodMode Directory.
* @run main/manual JFileChooserTest
*/
import java.awt.Color;
import java.awt.GridBagConstraints;
import java.awt.GridBagLayout;
import java.util.concurrent.CountDownLatch;
import javax.swing.JPanel;
import javax.swing.JTextArea;
import javax.swing.SwingUtilities;
import javax.swing.JButton;
import javax.swing.JFrame;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.util.concurrent.TimeUnit;
import javax.swing.JFileChooser;
import javax.swing.UIManager;
public class JFileChooserTest {
public static void main(String args[]) throws Exception {
final CountDownLatch latch = new CountDownLatch(1);
TestUI test = new TestUI(latch);
SwingUtilities.invokeAndWait(() -> {
try {
test.createUI();
} catch (Exception ex) {
throw new RuntimeException("Exception while creating UI");
}
});
boolean status = latch.await(5, TimeUnit.MINUTES);
if (!status) {
System.out.println("Test timed out.");
}
SwingUtilities.invokeAndWait(() -> {
try {
test.disposeUI();
} catch (Exception ex) {
throw new RuntimeException("Exception while disposing UI");
}
});
if (test.testResult == false) {
throw new RuntimeException("Test Failed.");
}
}
}
class TestUI {
private static JFrame mainFrame;
private static JPanel mainControlPanel;
private static JTextArea instructionTextArea;
private static JPanel resultButtonPanel;
private static JButton passButton;
private static JButton failButton;
private static GridBagLayout layout;
private final CountDownLatch latch;
public boolean testResult = false;
public TestUI(CountDownLatch latch) throws Exception {
this.latch = latch;
}
public final void createUI() throws Exception {
UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName());
mainFrame = new JFrame("JFileChooserTest");
layout = new GridBagLayout();
mainControlPanel = new JPanel(layout);
resultButtonPanel = new JPanel(layout);
GridBagConstraints gbc = new GridBagConstraints();
// Create Test instructions
String instructions
= "INSTRUCTIONS:"
+ "\n 1. Create a new folder on the desktop."
+ "\n 2. Rename the folder exactly as given below: "
+ "\n GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} "
+ "\n 3. Click on Launch Button. "
+ "\n Check if JFileChooser is launched successfully. "
+ "\n If yes, close the JFileChooser and click Pass, "
+ "\n else Fail. "
+ "\n 4. Delete the GodMode folder.";
instructionTextArea = new JTextArea();
instructionTextArea.setText(instructions);
instructionTextArea.setEnabled(false);
instructionTextArea.setDisabledTextColor(Color.black);
instructionTextArea.setBackground(Color.white);
gbc.gridx = 0;
gbc.gridy = 0;
gbc.fill = GridBagConstraints.HORIZONTAL;
mainControlPanel.add(instructionTextArea, gbc);
JButton launchButton = new JButton("Launch");
launchButton.setActionCommand("Launch");
launchButton.addActionListener((ActionEvent e) -> {
JFileChooser fileChooser = new JFileChooser();
fileChooser.showOpenDialog(null);
}
);
gbc.gridx = 0;
gbc.gridy = 1;
mainControlPanel.add(launchButton, gbc);
passButton = new JButton("Pass");
passButton.setActionCommand("Pass");
passButton.addActionListener((ActionEvent e) -> {
testResult = true;
mainFrame.dispose();
latch.countDown();
});
failButton = new JButton("Fail");
failButton.setActionCommand("Fail");
failButton.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
testResult = false;
mainFrame.dispose();
latch.countDown();
}
});
gbc.gridx = 0;
gbc.gridy = 0;
resultButtonPanel.add(passButton, gbc);
gbc.gridx = 1;
gbc.gridy = 0;
resultButtonPanel.add(failButton, gbc);
gbc.gridx = 0;
gbc.gridy = 2;
mainControlPanel.add(resultButtonPanel, gbc);
mainFrame.add(mainControlPanel);
mainFrame.pack();
mainFrame.setVisible(true);
}
public void disposeUI() {
mainFrame.setVisible(false);
mainFrame.dispose();
}
}
test/sun/security/ssl/CertPathRestrictions/JSSEClient.java 0 → 100644
浏览文件 @ d904de00
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
/*
* A SSL socket client.
*/
public class JSSEClient {
public static void main(String[] args) throws Exception {
System.out.println("Client: arguments=" + String.join("; ", args));
int port = Integer.valueOf(args[0]);
String[] trustNames = args[1].split(TLSRestrictions.DELIMITER);
String[] certNames = args[2].split(TLSRestrictions.DELIMITER);
String constraint = args[3];
TLSRestrictions.setConstraint("Client", constraint);
SSLContext context = TLSRestrictions.createSSLContext(
trustNames, certNames);
SSLSocketFactory socketFactory = context.getSocketFactory();
try (SSLSocket socket = (SSLSocket) socketFactory.createSocket()) {
socket.connect(new InetSocketAddress("localhost", port),
TLSRestrictions.TIMEOUT);
socket.setSoTimeout(TLSRestrictions.TIMEOUT);
System.out.println("Client: connected");
InputStream sslIS = socket.getInputStream();
OutputStream sslOS = socket.getOutputStream();
sslOS.write('C');
sslOS.flush();
sslIS.read();
System.out.println("Client: finished");
} catch (Exception e) {
throw new RuntimeException("Client: failed.", e);
}
}
}
test/sun/security/ssl/CertPathRestrictions/JSSEServer.java 0 → 100644
浏览文件 @ d904de00
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.InputStream;
import java.io.OutputStream;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
/*
* A SSL socket server.
*/
public class JSSEServer {
private SSLServerSocket server = null;
private Exception exception = null;
public JSSEServer(SSLContext context,
boolean needClientAuth) throws Exception {
SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
server = (SSLServerSocket) serverFactory.createServerSocket(0);
server.setSoTimeout(TLSRestrictions.TIMEOUT);
server.setNeedClientAuth(needClientAuth); // for dual authentication
System.out.println("Server: port=" + getPort());
}
public void start() {
new Thread(new Runnable() {
@Override
public void run() {
try {
System.out.println("Server: started");
try (SSLSocket socket = (SSLSocket) server.accept()) {
socket.setSoTimeout(TLSRestrictions.TIMEOUT);
InputStream sslIS = socket.getInputStream();
OutputStream sslOS = socket.getOutputStream();
sslIS.read();
sslOS.write('S');
sslOS.flush();
System.out.println("Server: finished");
}
} catch (Exception e) {
e.printStackTrace(System.out);
exception = e;
}
}
}).start();
}
public int getPort() {
return server.getLocalPort();
}
public Exception getException() {
return exception;
}
}
test/sun/security/ssl/CertPathRestrictions/TLSRestrictions.java 0 → 100644
浏览文件 @ d904de00
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.SocketTimeoutException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.stream.Collectors;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManagerFactory;
import jdk.testlibrary.OutputAnalyzer;
import jdk.testlibrary.ProcessTools;
/*
* @test
* @summary Verify the restrictions for certificate path on JSSE with custom trust store.
* @library /lib/testlibrary
* @compile JSSEClient.java
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions DEFAULT
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions C1
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions S1
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions C2
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions S2
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions C3
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions S3
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions C4
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions S4
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions C5
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions S5
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions C6
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions S6
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions C7
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions S7
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions C8
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions S8
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions C9
* @run main/othervm -Djava.security.debug=certpath TLSRestrictions S9
*/
public class TLSRestrictions {
private static final String TEST_CLASSES = System.getProperty("test.classes");
private static final char[] PASSWORD = "".toCharArray();
private static final String CERT_DIR = System.getProperty("cert.dir",
System.getProperty("test.src") + "/certs");
static final String PROP = "jdk.certpath.disabledAlgorithms";
static final String NOSHA1 = "MD2, MD5";
private static final String TLSSERVER = "SHA1 usage TLSServer";
private static final String TLSCLIENT = "SHA1 usage TLSClient";
static final String JDKCATLSSERVER = "SHA1 jdkCA & usage TLSServer";
static final String JDKCATLSCLIENT = "SHA1 jdkCA & usage TLSClient";
// This is a space holder in command arguments, and stands for none certificate.
static final String NONE_CERT = "NONE_CERT";
static final String DELIMITER = ",";
static final int TIMEOUT = 30000;
// It checks if java.security contains constraint "SHA1 jdkCA & usage TLSServer"
// for jdk.certpath.disabledAlgorithms by default.
private static void checkDefaultConstraint() {
System.out.println(
"Case: Checks the default value of jdk.certpath.disabledAlgorithms");
if (!Security.getProperty(PROP).contains(JDKCATLSSERVER)) {
throw new RuntimeException(String.format(
"%s doesn't contain constraint \"%s\", the real value is \"%s\".",
PROP, JDKCATLSSERVER, Security.getProperty(PROP)));
}
}
/*
* This method creates trust store and key store with specified certificates
* respectively. And then it creates SSL context with the stores.
* If trustNames contains NONE_CERT only, it does not create a custom trust
* store, but the default one in JDK.
*
* @param trustNames Trust anchors, which are used to create custom trust store.
* If null, no custom trust store is created and the default
* trust store in JDK is used.
* @param certNames Certificate chain, which is used to create key store.
* It cannot be null.
*/
static SSLContext createSSLContext(String[] trustNames,
String[] certNames) throws Exception {
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
TrustManagerFactory tmf = null;
if (trustNames != null && trustNames.length > 0
&& !trustNames[0].equals(NONE_CERT)) {
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(null, null);
for (int i = 0; i < trustNames.length; i++) {
try (InputStream is = new ByteArrayInputStream(
loadCert(trustNames[i]).getBytes())) {
Certificate trustCert = certFactory.generateCertificate(is);
trustStore.setCertificateEntry("trustCert-" + i, trustCert);
}
}
tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(trustStore);
}
Certificate[] certChain = new Certificate[certNames.length];
for (int i = 0; i < certNames.length; i++) {
try (InputStream is = new ByteArrayInputStream(
loadCert(certNames[i]).getBytes())) {
Certificate cert = certFactory.generateCertificate(is);
certChain[i] = cert;
}
}
PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(
Base64.getMimeDecoder().decode(loadPrivKey(certNames[0])));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey privKey = keyFactory.generatePrivate(privKeySpec);
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, null);
keyStore.setKeyEntry("keyCert", privKey, PASSWORD, certChain);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509");
kmf.init(keyStore, PASSWORD);
SSLContext context = SSLContext.getInstance("TLS");
context.init(kmf.getKeyManagers(),
tmf == null ? null : tmf.getTrustManagers(), null);
return context;
}
/*
* This method sets jdk.certpath.disabledAlgorithms, and then retrieves
* and prints its value.
*/
static void setConstraint(String side, String constraint) {
System.out.printf("%s: Old %s=%s%n", side, PROP,
Security.getProperty(PROP));
Security.setProperty(PROP, constraint);
System.out.printf("%s: New %s=%s%n", side, PROP,
Security.getProperty(PROP));
}
/*
* This method is used to run a variety of cases.
* It launches a server, and then takes a client to connect the server.
* Both of server and client use the same certificates.
*
* @param trustNames Trust anchors, which are used to create custom trust store.
* If null, the default trust store in JDK is used.
* @param certNames Certificate chain, which is used to create key store.
* It cannot be null. The first certificate is regarded as
* the end entity.
* @param serverConstraint jdk.certpath.disabledAlgorithms value on server side.
* @param clientConstraint jdk.certpath.disabledAlgorithms value on client side.
* @param needClientAuth If true, server side acquires client authentication;
* otherwise, false.
* @param pass If true, the connection should be blocked; otherwise, false.
*/
static void testConstraint(String[] trustNames, String[] certNames,
String serverConstraint, String clientConstraint,
boolean needClientAuth, boolean pass) throws Throwable {
String trustNameStr = trustNames == null ? ""
: String.join(DELIMITER, trustNames);
String certNameStr = certNames == null ? ""
: String.join(DELIMITER, certNames);
System.out.printf("Case:%n"
+ " trustNames=%s; certNames=%s%n"
+ " serverConstraint=%s; clientConstraint=%s%n"
+ " needClientAuth=%s%n"
+ " pass=%s%n%n",
trustNameStr, certNameStr,
serverConstraint, clientConstraint,
needClientAuth,
pass);
setConstraint("Server", serverConstraint);
JSSEServer server = new JSSEServer(
createSSLContext(trustNames, certNames),
needClientAuth);
int port = server.getPort();
server.start();
// Run client on another JVM so that its properties cannot be in conflict
// with server's.
OutputAnalyzer outputAnalyzer = ProcessTools.executeTestJvm(
"-Dcert.dir=" + CERT_DIR,
"-Djava.security.debug=certpath",
"-classpath",
TEST_CLASSES,
"JSSEClient",
port + "",
trustNameStr,
certNameStr,
clientConstraint);
int exitValue = outputAnalyzer.getExitValue();
String clientOut = outputAnalyzer.getOutput();
Exception serverException = server.getException();
if (serverException != null) {
System.out.println("Server: failed");
}
System.out.println("---------- Client output start ----------");
System.out.println(clientOut);
System.out.println("---------- Client output end ----------");
if (serverException instanceof SocketTimeoutException
|| clientOut.contains("SocketTimeoutException")) {
System.out.println("The communication gets timeout and skips the test.");
return;
}
if (pass) {
if (serverException != null || exitValue != 0) {
throw new RuntimeException(
"Unexpected failure. Operation was blocked.");
}
} else {
if (serverException == null && exitValue == 0) {
throw new RuntimeException(
"Unexpected pass. Operation was allowed.");
}
// The test may encounter non-SSL issues, like network problem.
if (!(serverException instanceof SSLHandshakeException
|| clientOut.contains("SSLHandshakeException"))) {
throw new RuntimeException("Failure with unexpected exception.");
}
}
}
/*
* This method is used to run a variety of cases, which don't require client
* authentication by default.
*/
static void testConstraint(String[] trustNames, String[] certNames,
String serverConstraint, String clientConstraint, boolean pass)
throws Throwable {
testConstraint(trustNames, certNames, serverConstraint, clientConstraint,
false, pass);
}
public static void main(String[] args) throws Throwable {
switch (args[0]) {
// Case DEFAULT only checks one of default settings for
// jdk.certpath.disabledAlgorithms in JDK/conf/security/java.security.
case "DEFAULT":
checkDefaultConstraint();
break;
// Cases C1 and S1 use SHA256 root CA in trust store,
// and use SHA256 end entity in key store.
// C1 only sets constraint "SHA1 usage TLSServer" on client side;
// S1 only sets constraint "SHA1 usage TLSClient" on server side with client auth.
// The connection of the both cases should not be blocked.
case "C1":
testConstraint(
new String[] { "ROOT_CA_SHA256" },
new String[] { "INTER_CA_SHA256-ROOT_CA_SHA256" },
NOSHA1,
TLSSERVER,
true);
break;
case "S1":
testConstraint(
new String[] { "ROOT_CA_SHA256" },
new String[] { "INTER_CA_SHA256-ROOT_CA_SHA256" },
TLSCLIENT,
NOSHA1,
true,
true);
break;
// Cases C2 and S2 use SHA256 root CA in trust store,
// and use SHA1 end entity in key store.
// C2 only sets constraint "SHA1 usage TLSServer" on client side;
// S2 only sets constraint "SHA1 usage TLSClient" on server side with client auth.
// The connection of the both cases should be blocked.
case "C2":
testConstraint(
new String[] { "ROOT_CA_SHA256" },
new String[] { "INTER_CA_SHA1-ROOT_CA_SHA256" },
NOSHA1,
TLSSERVER,
false);
break;
case "S2":
testConstraint(
new String[] { "ROOT_CA_SHA256" },
new String[] { "INTER_CA_SHA1-ROOT_CA_SHA256" },
TLSCLIENT,
NOSHA1,
true,
false);
break;
// Cases C3 and S3 use SHA1 root CA in trust store,
// and use SHA1 end entity in key store.
// C3 only sets constraint "SHA1 usage TLSServer" on client side;
// S3 only sets constraint "SHA1 usage TLSClient" on server side with client auth.
// The connection of the both cases should be blocked.
case "C3":
testConstraint(
new String[] { "ROOT_CA_SHA1" },
new String[] { "INTER_CA_SHA1-ROOT_CA_SHA1" },
NOSHA1,
TLSSERVER,
false);
break;
case "S3":
testConstraint(
new String[] { "ROOT_CA_SHA1" },
new String[] { "INTER_CA_SHA1-ROOT_CA_SHA1" },
TLSCLIENT,
NOSHA1,
true,
false);
break;
// Cases C4 and S4 use SHA1 root CA as trust store,
// and use SHA256 end entity in key store.
// C4 only sets constraint "SHA1 usage TLSServer" on client side;
// S4 only sets constraint "SHA1 usage TLSClient" on server side with client auth.
// The connection of the both cases should not be blocked.
case "C4":
testConstraint(
new String[] { "ROOT_CA_SHA1" },
new String[] { "INTER_CA_SHA256-ROOT_CA_SHA1" },
NOSHA1,
TLSSERVER,
true);
break;
case "S4":
testConstraint(
new String[] { "ROOT_CA_SHA1" },
new String[] { "INTER_CA_SHA256-ROOT_CA_SHA1" },
TLSCLIENT,
NOSHA1,
true,
true);
break;
// Cases C5 and S5 use SHA1 root CA in trust store,
// and use SHA256 intermediate CA and SHA256 end entity in key store.
// C5 only sets constraint "SHA1 usage TLSServer" on client side;
// S5 only sets constraint "SHA1 usage TLSClient" on server side with client auth.
// The connection of the both cases should not be blocked.
case "C5":
testConstraint(
new String[] { "ROOT_CA_SHA1" },
new String[] {
"END_ENTITY_SHA256-INTER_CA_SHA256-ROOT_CA_SHA1",
"INTER_CA_SHA256-ROOT_CA_SHA1" },
NOSHA1,
TLSSERVER,
true);
break;
case "S5":
testConstraint(
new String[] { "ROOT_CA_SHA1" },
new String[] {
"END_ENTITY_SHA256-INTER_CA_SHA256-ROOT_CA_SHA1",
"INTER_CA_SHA256-ROOT_CA_SHA1" },
TLSCLIENT,
NOSHA1,
true,
true);
break;
// Cases C6 and S6 use SHA1 root CA as trust store,
// and use SHA1 intermediate CA and SHA256 end entity in key store.
// C6 only sets constraint "SHA1 usage TLSServer" on client side;
// S6 only sets constraint "SHA1 usage TLSClient" on server side with client auth.
// The connection of the both cases should be blocked.
case "C6":
testConstraint(
new String[] { "ROOT_CA_SHA1" },
new String[] {
"END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA1",
"INTER_CA_SHA1-ROOT_CA_SHA1" },
NOSHA1,
TLSSERVER,
false);
break;
case "S6":
testConstraint(
new String[] { "ROOT_CA_SHA1" },
new String[] {
"END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA1",
"INTER_CA_SHA1-ROOT_CA_SHA1" },
TLSCLIENT,
NOSHA1,
true,
false);
break;
// Cases C7 and S7 use SHA256 root CA in trust store,
// and use SHA256 intermediate CA and SHA1 end entity in key store.
// C7 only sets constraint "SHA1 usage TLSServer" on client side;
// S7 only sets constraint "SHA1 usage TLSClient" on server side with client auth.
// The connection of the both cases should be blocked.
case "C7":
testConstraint(
new String[] { "ROOT_CA_SHA256" },
new String[] {
"END_ENTITY_SHA1-INTER_CA_SHA256-ROOT_CA_SHA256",
"INTER_CA_SHA256-ROOT_CA_SHA256" },
NOSHA1,
TLSSERVER,
false);
break;
case "S7":
testConstraint(
new String[] { "ROOT_CA_SHA256" },
new String[] {
"END_ENTITY_SHA1-INTER_CA_SHA256-ROOT_CA_SHA256",
"INTER_CA_SHA256-ROOT_CA_SHA256" },
TLSCLIENT,
NOSHA1,
true,
false);
break;
// Cases C8 and S8 use SHA256 root CA in trust store,
// and use SHA1 intermediate CA and SHA256 end entity in key store.
// C8 only sets constraint "SHA1 usage TLSServer" on client side;
// S8 only sets constraint "SHA1 usage TLSClient" on server side with client auth.
// The connection of the both cases should be blocked.
case "C8":
testConstraint(
new String[] { "ROOT_CA_SHA256" },
new String[] {
"END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA256",
"INTER_CA_SHA1-ROOT_CA_SHA256" },
NOSHA1,
TLSSERVER,
false);
break;
case "S8":
testConstraint(
new String[] { "ROOT_CA_SHA256" },
new String[] {
"END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA256",
"INTER_CA_SHA1-ROOT_CA_SHA256" },
TLSCLIENT,
NOSHA1,
true,
false);
break;
// Cases C9 and S9 use SHA256 root CA and SHA1 intermediate CA in trust store,
// and use SHA256 end entity in key store.
// C9 only sets constraint "SHA1 usage TLSServer" on client side;
// S9 only sets constraint "SHA1 usage TLSClient" on server side with client auth.
// The connection of the both cases should not be blocked.
case "C9":
testConstraint(
new String[] {
"ROOT_CA_SHA256",
"INTER_CA_SHA1-ROOT_CA_SHA256" },
new String[] {
"END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA256" },
NOSHA1,
TLSSERVER,
true);
break;
case "S9":
testConstraint(
new String[] {
"ROOT_CA_SHA256",
"INTER_CA_SHA1-ROOT_CA_SHA256" },
new String[] {
"END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA256" },
TLSCLIENT,
NOSHA1,
true,
true);
break;
}
System.out.println("Case passed");
System.out.println("========================================");
}
private static String loadCert(String certName) {
try {
Path certFilePath = Paths.get(CERT_DIR, certName + ".cer");
return String.join("\n",
Files.lines(certFilePath).filter((String line) -> {
return !line.startsWith("Certificate")
&& !line.startsWith(" ");
}).collect(Collectors.toList()));
} catch (IOException e) {
throw new RuntimeException("Load certificate failed", e);
}
}
private static String loadPrivKey(String certName) {
Path priveKeyFilePath = Paths.get(CERT_DIR, certName + "-PRIV.key");
try {
return new String(Files.readAllBytes(priveKeyFilePath));
} catch (IOException e) {
throw new RuntimeException("Load private key failed", e);
}
}
}
test/sun/security/ssl/CertPathRestrictions/certs/END_ENTITY_SHA1-INTER_CA_SHA256-ROOT_CA_SHA256-PRIV.key 0 → 100644
浏览文件 @ d904de00
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCYQDZxHxNJV8dQ
I6mfJjuIZxAe5CX9GCrS3Fajh5DXIQwdcvQ4s6YdKzwFn+8dUdspdNTnS+bWjfYw
0iAbsMt6L6ewutaZf6aufh1EBYiwNOvN8C8Cx0iiE8NiBo833AYWHKhDC4qu63QR
dYwb9j+Jg8t6p0lQ64sFLDN/RJOcWlaPQbJbSNBKePQR7WOFvdJgFAdQmQjL+ND6
PSui9QByyXQ+3nfs7ID4paUxYbCrJMh5/AJqaT04DYDEumfmURUn5+ZOIqmqvI2I
pNXN5gVzL3b8mM2WGr5dpRY5cZ1X//BQ91SNjrKNJlmKFr7nMCfAdzxIW4b/sArv
eYNE2Vy7AgMBAAECggEBAJNtkopFoiJiKnFypxyiJAG4cwbGu/ZxwX3/uLGPY3S9
3oJhvxVs+IzEQdHchempSwTAyizS9cuLGfs6bbcConZF0Sa0NXvb/SZ4npQwm6St
Ci2Xx530JWQ0qPyyB1r65rXguBp8AaXR/8msPqkQ8YOSqKWzea4u96Zhn9g8Koe6
AD/8FeSzJBDVbJ+C7jKX/7sKsHbYqulzLMQf0lqXFxpGW+5UJaozoQOWXnnmqU3T
0i4uaGUCXHbQM8eh3fvMFCU4UQMYVS1QOSvZJTnO5bSb8SqeQnCMnQ18ltq4sL43
qFsEcmAjrlhNoBwslqvfY1bX9NtXyFZ8PuD8OvoFxPkCgYEAxlVfD2qcrAoOcbDe
Em9hDVPizRuzGuCHi9K2YLDrLVDNd6NF3Pk65JiTsd1fA2AZdi+ljKGEwBhNFOyk
qwmK2K4sYy7zvyV3Blmwvyo7+OaeexYF8RIw5keGlRsgHTGarzlQAlJu91UmyAmE
C/99fZbSWo9QndJ0FVR6G3ti71UCgYEAxITBJqVtNFnv4PGdc3FNsYXlRQcSWjs9
/1lsppLQjC6HMsb6JpxYUF3D4oFiUESKe/9kZzl1H/65Cm2mYq8sj+7lug8P5tz7
DQa91dFM02r8JLO6TitSuZfbc0XH0K450ntuQlKX581icYSGBUwQHGApespuNVlh
Mg7CmwNse88CgYAienrhEjaUTdc++nFQoR4tE/UslPEo7fmCXCoqWvc3VIGzl6Ww
iX8seD3MwOAglRc4DYZpETcjsdXMmmrx9OG3U2gSAfqLszai2vq38N6mIWlRmn2D
8BaiIbMKvsFxccsjRQJctPnnc10fj0/uSgcFyy9cYOex2AEoKBxmJKgJVQKBgA0c
HhaJ6qMXbN1AwRQ2dsxk9kqIkjzavuQN/yWNncP8RqCojX+N5oZV+v9dSkW4jNSA
0R3hw2KDB60ea38h2IMxmLm0z4bDLyxLSta8w7dG59M6+i7EzRv8eXNTMGVHeiwE
d/KMt/2Kwgp4oMgxrtF1yM6cOoXslINWYL0emVoZAoGAcEKzO8LgPJsIVjRFz3ri
0AQqiXQzYek2WAXYhlQCvBVn8in3MYcxKhjA3Og3Lym0xvZ+/8SbII9QNaidbgIH
HDreeJW4KE5EfVnDaYcxwK/9LXZXndIxrpR0YKNSvZT7DuuQtFCoxJcASxb1k9Tc
5MPT+pyPL+9v2q56ry56qas=
test/sun/security/ssl/CertPathRestrictions/certs/END_ENTITY_SHA1-INTER_CA_SHA256-ROOT_CA_SHA256.cer 0 → 100644
浏览文件 @ d904de00
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
e8:33:78:c7:69:9c:28:c2
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=CA, L=City, O=Org, OU=Java, CN=INTER_CA_SHA256-ROOT_CA_SHA256
Validity
Not Before: Mar 30 04:51:07 2017 GMT
Not After : Mar 28 04:51:07 2027 GMT
Subject: C=US, ST=CA, L=City, O=Org, OU=Java, CN=END_ENTITY_SHA1-INTER_CA_SHA256-ROOT_CA_SHA256
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:98:40:36:71:1f:13:49:57:c7:50:23:a9:9f:26:
3b:88:67:10:1e:e4:25:fd:18:2a:d2:dc:56:a3:87:
90:d7:21:0c:1d:72:f4:38:b3:a6:1d:2b:3c:05:9f:
ef:1d:51:db:29:74:d4:e7:4b:e6:d6:8d:f6:30:d2:
20:1b:b0:cb:7a:2f:a7:b0:ba:d6:99:7f:a6:ae:7e:
1d:44:05:88:b0:34:eb:cd:f0:2f:02:c7:48:a2:13:
c3:62:06:8f:37:dc:06:16:1c:a8:43:0b:8a:ae:eb:
74:11:75:8c:1b:f6:3f:89:83:cb:7a:a7:49:50:eb:
8b:05:2c:33:7f:44:93:9c:5a:56:8f:41:b2:5b:48:
d0:4a:78:f4:11:ed:63:85:bd:d2:60:14:07:50:99:
08:cb:f8:d0:fa:3d:2b:a2:f5:00:72:c9:74:3e:de:
77:ec:ec:80:f8:a5:a5:31:61:b0:ab:24:c8:79:fc:
02:6a:69:3d:38:0d:80:c4:ba:67:e6:51:15:27:e7:
e6:4e:22:a9:aa:bc:8d:88:a4:d5:cd:e6:05:73:2f:
76:fc:98:cd:96:1a:be:5d:a5:16:39:71:9d:57:ff:
f0:50:f7:54:8d:8e:b2:8d:26:59:8a:16:be:e7:30:
27:c0:77:3c:48:5b:86:ff:b0:0a:ef:79:83:44:d9:
5c:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
DirName:/C=US/ST=CA/L=City/O=Org/OU=Java/CN=ROOT_CA_SHA256
serial:84:A1:70:1D:0A:92:D3:CC
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
22:63:2a:de:80:70:92:f7:53:e4:7f:ea:01:2b:13:b3:1b:02:
2e:10:b4:1d:b7:33:7f:6f:0d:88:46:5a:b8:db:83:95:77:e2:
db:da:2e:31:0a:85:c6:9a:75:84:ca:73:5c:be:e3:30:22:7e:
bc:60:43:49:7c:69:06:14:4a:89:e4:23:ca:25:99:85:d6:06:
16:d5:9e:a8:fd:25:43:88:07:12:0a:7e:de:24:33:71:ab:a4:
23:aa:4e:dc:0f:89:ef:a9:09:89:55:a1:1d:ee:48:35:ea:10:
42:ff:98:15:2a:e8:5c:46:e0:e4:4f:4c:b9:07:e0:da:08:6f:
ce:4a:fe:98:3e:ae:c5:e5:6a:6e:50:0f:2d:39:01:55:ed:59:
0b:65:30:54:e8:72:26:ee:9f:cf:3f:ce:6a:20:c8:87:c9:81:
bc:f8:b3:ec:77:bb:bc:5b:8c:3f:18:fd:08:76:ad:27:59:fc:
b8:74:96:0d:cd:ed:97:91:6b:95:89:3a:f3:78:de:9f:06:a6:
ce:36:01:f0:be:ae:d8:d6:c4:3d:51:8a:2a:e0:43:59:8c:b4:
eb:63:93:9d:53:72:f8:4b:a3:c7:4a:da:2e:56:33:b6:46:1b:
45:a8:23:1b:82:de:6d:4e:e0:18:cf:9b:ba:22:68:8b:8c:de:
6f:08:2d:bc
-----BEGIN CERTIFICATE-----
MIID/jCCAuagAwIBAgIJAOgzeMdpnCjCMA0GCSqGSIb3DQEBBQUAMG8xCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3Jn
MQ0wCwYDVQQLDARKYXZhMScwJQYDVQQDDB5JTlRFUl9DQV9TSEEyNTYtUk9PVF9D
QV9TSEEyNTYwHhcNMTcwMzMwMDQ1MTA3WhcNMjcwMzI4MDQ1MTA3WjB/MQswCQYD
VQQGEwJVUzELMAkGA1UECAwCQ0ExDTALBgNVBAcMBENpdHkxDDAKBgNVBAoMA09y
ZzENMAsGA1UECwwESmF2YTE3MDUGA1UEAwwuRU5EX0VOVElUWV9TSEExLUlOVEVS
X0NBX1NIQTI1Ni1ST09UX0NBX1NIQTI1NjCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJhANnEfE0lXx1AjqZ8mO4hnEB7kJf0YKtLcVqOHkNchDB1y9Diz
ph0rPAWf7x1R2yl01OdL5taN9jDSIBuwy3ovp7C61pl/pq5+HUQFiLA0683wLwLH
SKITw2IGjzfcBhYcqEMLiq7rdBF1jBv2P4mDy3qnSVDriwUsM39Ek5xaVo9BsltI
0Ep49BHtY4W90mAUB1CZCMv40Po9K6L1AHLJdD7ed+zsgPilpTFhsKskyHn8Ampp
PTgNgMS6Z+ZRFSfn5k4iqaq8jYik1c3mBXMvdvyYzZYavl2lFjlxnVf/8FD3VI2O
so0mWYoWvucwJ8B3PEhbhv+wCu95g0TZXLsCAwEAAaOBjDCBiTB5BgNVHSMEcjBw
oWOkYTBfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExDTALBgNVBAcMBENpdHkx
DDAKBgNVBAoMA09yZzENMAsGA1UECwwESmF2YTEXMBUGA1UEAwwOUk9PVF9DQV9T
SEEyNTaCCQCEoXAdCpLTzDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IB
AQAiYyregHCS91Pkf+oBKxOzGwIuELQdtzN/bw2IRlq424OVd+Lb2i4xCoXGmnWE
ynNcvuMwIn68YENJfGkGFEqJ5CPKJZmF1gYW1Z6o/SVDiAcSCn7eJDNxq6Qjqk7c
D4nvqQmJVaEd7kg16hBC/5gVKuhcRuDkT0y5B+DaCG/OSv6YPq7F5WpuUA8tOQFV
7VkLZTBU6HIm7p/PP85qIMiHyYG8+LPsd7u8W4w/GP0Idq0nWfy4dJYNze2XkWuV
iTrzeN6fBqbONgHwvq7Y1sQ9UYoq4ENZjLTrY5OdU3L4S6PHStouVjO2RhtFqCMb
gt5tTuAYz5u6ImiLjN5vCC28
-----END CERTIFICATE-----
test/sun/security/ssl/CertPathRestrictions/certs/END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA1-PRIV.key 0 → 100644
浏览文件 @ d904de00
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDaYlKNTU1iQes/
BtivvM1ixjCk1muM1RdMkJQItZB21y1kM1OLp3EmGKqVqwKbS5OTrMIxjPUwD9Ly
aRJMvSP1xve7zwmNXOngA8eukmQ2olQU58ble6IAHcj4qg7a38E1ITvDmAswhTzK
fI4Z6okLCjKfYafnfbi5JA+E6fiArB3zimjne+tiUNYZh2eYspsOOw6cmaLtIbMP
ZyXy4iP6OCNIikb08Da27zjVn04i1SeUEv1YFmn4B9GWcNLAXyM1LmCNi70+SATp
aZYRjr/BBR6LNZMBsNKJblWFXK3UtfYFiypyirgQjzPtLb1XsuMhfqMt8QZDh8n3
YvYTW59xAgMBAAECggEAb4NPdhnoDulsL5XWZf55vhtH0ZQv/Qz+xbj57myQJS8B
Xa4b1i8dRv/Hc3+MaDIyXHEWBGle9jjOVbwzfP4D88eyzrMMxKOSRTKI72qPQ5qm
ZrpnxNzZv0d2TQvBZCBnrzKWKu1joVYX0anCghdR/VIqwVoDe+Clx9xTFGLI4yKO
7v0dkr4Hxn3NT6bTV18V6PoGbUgIsmpNYQPFyUM/IHG2ewDffLP+tm7RsEfKYmcx
Hr70pmWBpM9hwTAC+uXHuNXnsX4IjEQOXmm4PJ/A/sm2Bad93SPwi15e29MV8YbO
vvirGLaepa7AUvqoK0DFNCLU6vCeFJ7DUZ/u2P8x8QKBgQDxNOWvy3EV4/P/ocSf
itMtXZWj4driT4vUGwFZWfr3CVpZVaUmqXYeVdzNGuoWlmXOiOAuOepnlA36FCb5
aGE4cq/hbdtbr+v6awEj5/A2me/ax1W1z6lD0pg0QJ7KvqFCBzVol5yTiWZKBVE+
jp2waPfes770AUHczw9KKvEGtQKBgQDnxxiZAxtoNmOaB/NZmPNBKvWDw858+QX2
+u/jEH3pW393tUnipgIoo6yvd6djhJ6/4ViOxdioMIQCBab/xuSB4lfQsrJsWvS9
uYB794s7CV2r3kUa3ux8wAovW6Fc369nD7JjUPX/Cq3zdlyTDt9LVLRCpZ6Li1xB
r0ZVlpgPTQKBgQCgKay+X0tW6sdxHfyOp8Lz46liaa1LCuDhVZE+wHXZpXc9zJXe
JzZMjF0SQGXh27n8O30IlOJmJrRlMw5yG/I6ZkUNXkIDDryVyom2SuOBjhPrZOMv
15UgeO0h/Sqzm4M+ccTwD4Qjn1+xlPhOnqpsoja8xQPtyAvwz/jqGbtz5QKBgH01
pSgj8Y5es3fmi6P/aInv9ynzgX0p2fsOnMEBi8Og1j+JBB0YqVni8crozNiKMGhg
CEM4xk41x1qASzMp8w/ngqEPqCu5BzXnHG3b0K9X4+6Q6KwXeZH6/IWQ7p8Jh+wZ
IrlcZ0gcMNSxQFmBU0eSvr6yUe/4nSIu2cQq0oKRAoGAUEFd0LxZw50BdCdpJlcQ
+oTbSUYQhAzPF2ybfR6i8IxXoOjVxpvRehlbwXIQV7XEqamXFTmBLIvuAlF1yWoH
hzxNJuEgPRTPztnHD6LVzvuf2ain+CFZuDrXBT2l8PyF9BNL4/DMRrbgdCxr9F0O
Ti0VJo1TRE8vVzUfVc9w1RI=
test/sun/security/ssl/CertPathRestrictions/certs/END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA1.cer 0 → 100644
浏览文件 @ d904de00
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
86:09:85:57:41:bf:86:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=City, O=Org, OU=Java, CN=INTER_CA_SHA1-ROOT_CA_SHA1
Validity
Not Before: Mar 30 04:51:06 2017 GMT
Not After : Mar 28 04:51:06 2027 GMT
Subject: C=US, ST=CA, L=City, O=Org, OU=Java, CN=END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:da:62:52:8d:4d:4d:62:41:eb:3f:06:d8:af:bc:
cd:62:c6:30:a4:d6:6b:8c:d5:17:4c:90:94:08:b5:
90:76:d7:2d:64:33:53:8b:a7:71:26:18:aa:95:ab:
02:9b:4b:93:93:ac:c2:31:8c:f5:30:0f:d2:f2:69:
12:4c:bd:23:f5:c6:f7:bb:cf:09:8d:5c:e9:e0:03:
c7:ae:92:64:36:a2:54:14:e7:c6:e5:7b:a2:00:1d:
c8:f8:aa:0e:da:df:c1:35:21:3b:c3:98:0b:30:85:
3c:ca:7c:8e:19:ea:89:0b:0a:32:9f:61:a7:e7:7d:
b8:b9:24:0f:84:e9:f8:80:ac:1d:f3:8a:68:e7:7b:
eb:62:50:d6:19:87:67:98:b2:9b:0e:3b:0e:9c:99:
a2:ed:21:b3:0f:67:25:f2:e2:23:fa:38:23:48:8a:
46:f4:f0:36:b6:ef:38:d5:9f:4e:22:d5:27:94:12:
fd:58:16:69:f8:07:d1:96:70:d2:c0:5f:23:35:2e:
60:8d:8b:bd:3e:48:04:e9:69:96:11:8e:bf:c1:05:
1e:8b:35:93:01:b0:d2:89:6e:55:85:5c:ad:d4:b5:
f6:05:8b:2a:72:8a:b8:10:8f:33:ed:2d:bd:57:b2:
e3:21:7e:a3:2d:f1:06:43:87:c9:f7:62:f6:13:5b:
9f:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
DirName:/C=US/ST=CA/L=City/O=Org/OU=Java/CN=ROOT_CA_SHA1
serial:8D:A0:D2:8A:EE:0B:CF:65
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
29:b0:10:dc:45:ee:68:77:5f:12:9b:fc:de:eb:70:41:2e:6a:
a2:5f:a9:cc:ca:97:24:01:4a:1d:c2:78:52:57:34:9c:83:7f:
60:f5:d9:68:a2:32:89:e9:d7:25:71:72:71:e5:76:e3:37:af:
41:25:cc:8b:a4:fd:81:ef:6b:15:2b:91:3c:68:a5:25:53:cf:
c1:b9:aa:49:b4:cd:e3:3c:a2:8e:38:ea:e8:51:7c:7b:92:41:
bd:a3:22:7d:97:59:ad:55:e2:7d:9d:6a:bb:1f:95:84:1c:50:
00:e9:6c:74:1d:bb:6c:07:ca:bc:6a:a2:dd:c1:66:37:64:bd:
fe:1a:c0:8c:a7:8c:a1:60:b8:c3:d2:5f:92:80:ee:ad:79:29:
f2:ad:e2:9f:74:39:bf:3b:a4:b6:25:2a:87:3f:36:49:b9:52:
fd:91:33:be:1d:41:a9:76:29:47:6e:c7:db:a8:ab:6e:78:91:
c0:13:56:1c:25:41:51:a7:64:4f:07:c0:2a:a8:80:63:8d:98:
e0:54:7d:a6:f4:22:6b:70:fa:1c:16:82:f4:07:2e:e1:ba:94:
96:ec:c7:9e:8e:0a:24:1e:a4:e9:c0:92:ca:bd:32:98:ef:1f:
e1:a6:e6:4d:1f:c5:68:1b:77:d0:e0:35:1a:a9:c9:ee:98:72:
7b:c3:e7:51
-----BEGIN CERTIFICATE-----
MIID9jCCAt6gAwIBAgIJAIYJhVdBv4ZlMA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3Jn
MQ0wCwYDVQQLDARKYXZhMSMwIQYDVQQDDBpJTlRFUl9DQV9TSEExLVJPT1RfQ0Ff
U0hBMTAeFw0xNzAzMzAwNDUxMDZaFw0yNzAzMjgwNDUxMDZaMH0xCzAJBgNVBAYT
AlVTMQswCQYDVQQIDAJDQTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3JnMQ0w
CwYDVQQLDARKYXZhMTUwMwYDVQQDDCxFTkRfRU5USVRZX1NIQTI1Ni1JTlRFUl9D
QV9TSEExLVJPT1RfQ0FfU0hBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANpiUo1NTWJB6z8G2K+8zWLGMKTWa4zVF0yQlAi1kHbXLWQzU4uncSYYqpWr
AptLk5OswjGM9TAP0vJpEky9I/XG97vPCY1c6eADx66SZDaiVBTnxuV7ogAdyPiq
DtrfwTUhO8OYCzCFPMp8jhnqiQsKMp9hp+d9uLkkD4Tp+ICsHfOKaOd762JQ1hmH
Z5iymw47DpyZou0hsw9nJfLiI/o4I0iKRvTwNrbvONWfTiLVJ5QS/VgWafgH0ZZw
0sBfIzUuYI2LvT5IBOlplhGOv8EFHos1kwGw0oluVYVcrdS19gWLKnKKuBCPM+0t
vVey4yF+oy3xBkOHyfdi9hNbn3ECAwEAAaOBijCBhzB3BgNVHSMEcDBuoWGkXzBd
MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExDTALBgNVBAcMBENpdHkxDDAKBgNV
BAoMA09yZzENMAsGA1UECwwESmF2YTEVMBMGA1UEAwwMUk9PVF9DQV9TSEExggkA
jaDSiu4Lz2UwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAKbAQ3EXu
aHdfEpv83utwQS5qol+pzMqXJAFKHcJ4Ulc0nIN/YPXZaKIyienXJXFyceV24zev
QSXMi6T9ge9rFSuRPGilJVPPwbmqSbTN4zyijjjq6FF8e5JBvaMifZdZrVXifZ1q
ux+VhBxQAOlsdB27bAfKvGqi3cFmN2S9/hrAjKeMoWC4w9JfkoDurXkp8q3in3Q5
vzuktiUqhz82SblS/ZEzvh1BqXYpR27H26irbniRwBNWHCVBUadkTwfAKqiAY42Y
4FR9pvQia3D6HBaC9Acu4bqUluzHno4KJB6k6cCSyr0ymO8f4abmTR/FaBt30OA1
GqnJ7phye8PnUQ==
-----END CERTIFICATE-----
test/sun/security/ssl/CertPathRestrictions/certs/END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA256-PRIV.key 0 → 100644
浏览文件 @ d904de00
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDaCsiXcNnu7WpV
t+FarvFhtaRr4RMQbKGhiIHi4aV0vqWmpX/eFde01eQZTZcPGJzEnjJrkyFo3Wbd
31bjBLpt40kkI7kbODHrA2L+vY/hoCQeXK8+BrGioX9qHOpD7OLI3Esm1+KDiPPK
w6qr9O9nS/fOID3zly92r+obY2ZuW6jQC0Yah3K9INrSIjH+rHXsmj2U5dCnktfi
LzRcocvqtQHASYXFXEhWr1TCMnSz7h+l07O5YgYpmhwkRIPCkcdP+9wGhO2eOJYU
kfaBteodDh7vHj2F+A6Lheosa4mi/nysyhQJl8uBFw97dqab9ul5Tb03iHmaY/q0
xJKcEohnAgMBAAECggEBAJsa6K6yHJWWVfo8IBb+M7+qExiat5ELdb8O+DaJBcYS
iIwPVvKI3zVIokZNp5OZkotbbcqQk0ehl7dlVM2RY30gHbuTne36/6eKdTV5a4y4
+niOviqFYH+sGpNFlnBTZtAzxVIQaJXhKmum3RYN2u/EXrdGwEsz1RO89/AbuZXu
VdtEKkjPHXrIjnBkiT4271sm3OiPwOe6g0NKBMJ4InTyB+YtpgxlXtF+vv5cv6Vt
ayT3sNsdsD8HLrenMmwv/k7nTYgNbhaJX2YCs9W7ZEscU2th6F7Cx6Z0z9h1SElC
+OKKhU6HnG/pWFMfWu80ZNjb3NTpXzTv4CLKjEYvz6ECgYEA8qEe+Ga7+XD0XwPB
bFjoKmhOQhv0VCIiu9RgvIxQn5DuGX4H2hO1GP8LYOQZBm25nICIa+DyDZEaFGgL
QgfPI4boK/rdV8syFTUNfw1Wq+W/pHhqzgUGHAnzRpX8jBQa9of14O+B7//ZFdGj
5nt0qFTOAgNGslXMvSicKD/g0mMCgYEA5g7MpMmZI8zPf/PKLBkrQegdX2TBBiI5
3KzvQuA29tEFdVwUIuhkgQkmy1u9Ujw0jZZ8NVBOsqfg7e7XkVr6/OF+MVWBjWl3
Jn3DMCHl/HCLIZ4ZOM6/ydIMpBX6Ii53nvpO6vxRaOUg2T2gVHadVjjQAN9Oj68r
TKUHfs4rTy0CgYB/g5QuQnfqKaYUxXmDQtqJZxYyAlUPXn1Yr85DaY75vYaVGTpx
L0hPIcNOIbLRQRt6l8aaw7cS0D6fmOrJwibn6f/dFVP8zwq8QIyeSFlTsERe4PZo
3hUO6V/UqgD3cZ2WEXB0zgtBIfpqUCpOeHWf/inivuwJz7PxegVP1fqHNwKBgA0p
CZHfqm/+1lvmcUlGg0/43D1JwTT9nju+dM1pkBtcZ6iIBOreSmmLQXnenJzorsTu
t9pA5s+XhOl3gUNiZfszVwmxb4DMaLF9/j1xovtm4L6ikaTLRvNfnbOBQlbUO6mP
fhY5KtsKSG/E87gBNQzqoRN7sr3Lcnmm8x/Q4W9dAoGAITDcOI7UgPcnKMO8JUI5
96Po3c/S7nBilVZRFOwjn0z6jrjzNTd+1IqkzIKBWfs5WlRkzXI6LPJVghwPUqUa
q2C/3hQATD3FchEIohLfd8bj/wObaZNlKJB59a1RjxRZxuVQl3jvovvpn/hdXuJB
nGIx7MryEG/yRpfrk2DL0bI=
test/sun/security/ssl/CertPathRestrictions/certs/END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA256.cer 0 → 100644
浏览文件 @ d904de00
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
9e:f7:d7:79:1c:06:83:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=City, O=Org, OU=Java, CN=INTER_CA_SHA1-ROOT_CA_SHA256
Validity
Not Before: Mar 30 04:51:05 2017 GMT
Not After : Mar 28 04:51:05 2027 GMT
Subject: C=US, ST=CA, L=City, O=Org, OU=Java, CN=END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA256-PRIV
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:da:0a:c8:97:70:d9:ee:ed:6a:55:b7:e1:5a:ae:
f1:61:b5:a4:6b:e1:13:10:6c:a1:a1:88:81:e2:e1:
a5:74:be:a5:a6:a5:7f:de:15:d7:b4:d5:e4:19:4d:
97:0f:18:9c:c4:9e:32:6b:93:21:68:dd:66:dd:df:
56:e3:04:ba:6d:e3:49:24:23:b9:1b:38:31:eb:03:
62:fe:bd:8f:e1:a0:24:1e:5c:af:3e:06:b1:a2:a1:
7f:6a:1c:ea:43:ec:e2:c8:dc:4b:26:d7:e2:83:88:
f3:ca:c3:aa:ab:f4:ef:67:4b:f7:ce:20:3d:f3:97:
2f:76:af:ea:1b:63:66:6e:5b:a8:d0:0b:46:1a:87:
72:bd:20:da:d2:22:31:fe:ac:75:ec:9a:3d:94:e5:
d0:a7:92:d7:e2:2f:34:5c:a1:cb:ea:b5:01:c0:49:
85:c5:5c:48:56:af:54:c2:32:74:b3:ee:1f:a5:d3:
b3:b9:62:06:29:9a:1c:24:44:83:c2:91:c7:4f:fb:
dc:06:84:ed:9e:38:96:14:91:f6:81:b5:ea:1d:0e:
1e:ef:1e:3d:85:f8:0e:8b:85:ea:2c:6b:89:a2:fe:
7c:ac:ca:14:09:97:cb:81:17:0f:7b:76:a6:9b:f6:
e9:79:4d:bd:37:88:79:9a:63:fa:b4:c4:92:9c:12:
88:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
DirName:/C=US/ST=CA/L=City/O=Org/OU=Java/CN=ROOT_CA_SHA256
serial:84:A1:70:1D:0A:92:D3:CD
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
89:84:ce:6d:80:83:e7:19:80:21:a5:d3:79:ac:c4:2f:5c:5f:
47:f1:1c:e7:40:2a:57:ec:76:01:a9:10:b6:a2:2b:1b:02:ac:
f7:46:b1:67:b3:36:0f:fa:f0:a3:40:c2:5a:38:00:67:a9:9d:
e8:59:be:2f:5b:d0:c6:6c:20:90:c0:3b:6b:af:75:8c:93:ac:
5a:1e:8b:66:2c:79:0b:6d:9d:0d:d3:68:b5:b6:df:d6:04:6b:
24:f7:5a:b9:f0:18:08:81:b1:50:1c:ac:1b:7a:b7:b8:d8:8e:
6f:15:78:7e:23:5f:41:5c:df:76:09:1a:67:36:15:35:6a:77:
36:09:19:50:12:6d:60:20:c1:7a:36:cb:4c:ee:a8:d7:b7:c7:
29:26:31:04:0a:44:48:25:be:dd:00:92:ea:8c:00:ee:b4:eb:
52:4a:da:47:97:d7:42:df:dd:7d:17:de:e3:a1:14:49:3b:2d:
aa:ac:e7:83:0f:c0:2d:3f:31:c5:af:bb:b1:1e:53:d1:a7:13:
55:e3:25:f6:67:95:a1:75:e9:b8:a1:81:eb:d0:de:8a:a3:af:
78:dc:d0:39:d0:e7:d6:61:9e:39:7b:8b:f9:ee:44:48:78:92:
e7:22:fa:9c:a4:d0:6b:2b:89:0a:fa:78:3d:7a:af:44:91:e5:
8a:40:2f:10
-----BEGIN CERTIFICATE-----
MIIEAjCCAuqgAwIBAgIJAJ7313kcBoPVMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3Jn
MQ0wCwYDVQQLDARKYXZhMSUwIwYDVQQDDBxJTlRFUl9DQV9TSEExLVJPT1RfQ0Ff
U0hBMjU2MB4XDTE3MDMzMDA0NTEwNVoXDTI3MDMyODA0NTEwNVowgYQxCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3Jn
MQ0wCwYDVQQLDARKYXZhMTwwOgYDVQQDDDNFTkRfRU5USVRZX1NIQTI1Ni1JTlRF
Ul9DQV9TSEExLVJPT1RfQ0FfU0hBMjU2LVBSSVYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaCsiXcNnu7WpVt+FarvFhtaRr4RMQbKGhiIHi4aV0vqWm
pX/eFde01eQZTZcPGJzEnjJrkyFo3Wbd31bjBLpt40kkI7kbODHrA2L+vY/hoCQe
XK8+BrGioX9qHOpD7OLI3Esm1+KDiPPKw6qr9O9nS/fOID3zly92r+obY2ZuW6jQ
C0Yah3K9INrSIjH+rHXsmj2U5dCnktfiLzRcocvqtQHASYXFXEhWr1TCMnSz7h+l
07O5YgYpmhwkRIPCkcdP+9wGhO2eOJYUkfaBteodDh7vHj2F+A6Lheosa4mi/nys
yhQJl8uBFw97dqab9ul5Tb03iHmaY/q0xJKcEohnAgMBAAGjgYwwgYkweQYDVR0j
BHIwcKFjpGEwXzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQ0wCwYDVQQHDARD
aXR5MQwwCgYDVQQKDANPcmcxDTALBgNVBAsMBEphdmExFzAVBgNVBAMMDlJPT1Rf
Q0FfU0hBMjU2ggkAhKFwHQqS080wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsF
AAOCAQEAiYTObYCD5xmAIaXTeazEL1xfR/Ec50AqV+x2AakQtqIrGwKs90axZ7M2
D/rwo0DCWjgAZ6md6Fm+L1vQxmwgkMA7a691jJOsWh6LZix5C22dDdNotbbf1gRr
JPdaufAYCIGxUBysG3q3uNiObxV4fiNfQVzfdgkaZzYVNWp3NgkZUBJtYCDBejbL
TO6o17fHKSYxBApESCW+3QCS6owA7rTrUkraR5fXQt/dfRfe46EUSTstqqzngw/A
LT8xxa+7sR5T0acTVeMl9meVoXXpuKGB69DeiqOveNzQOdDn1mGeOXuL+e5ESHiS
5yL6nKTQayuJCvp4PXqvRJHlikAvEA==
-----END CERTIFICATE-----
test/sun/security/ssl/CertPathRestrictions/certs/END_ENTITY_SHA256-INTER_CA_SHA256-ROOT_CA_SHA1-PRIV.key 0 → 100644
浏览文件 @ d904de00
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDHC0ieOFNTJjP+
HMlFQ/w50Hx/+FYh9z9w3i08dVvi8oEhGUop7fvsqEyuAj3U/BYG87Wsv27wfa9l
qSJRSgqUT3yI4jsMY/ozUInuKpp/yL97abyZVDUZc3diDZqryA/Qur8HNVLyA2hD
DA9x8Ioeu5EDFl7AeqV3jx+A8fbulwVeCa29GByVkWRUEVF/48a1jpazBf2YQvrm
5ElWoG8fuMrz6vgj+gYZYb1GPXmJQrtAIRp4Z1/AquPS4A/O21DnPLEM8WSw+rSC
KGGKMqefJw74zeVyPlOiOmjFTeNfeVDViQrDgU++CTDjFa8XhweU6v+MtY5Mmzmf
2AETGyd9AgMBAAECggEANCdMu8hebOcRsH+ybSfHKw7p0E4to3C5esV8bN8DWI/a
LeYGfL4SyIvAq8eClBAJZYDuFXmDhBgqoSSUDWCtLPc21lcQycpYgKGVwoX/PYRI
R/oIpNRfpW+P1G1kHaaqHjMQYr8iIK+r3gWG9n/kcPEMqhZudVitiopB4vODlDgf
OI0goNWwYOPzoBkJSBbgfYC7vSz0dg+j9ooYPDnyUnHjykhu95mkmBHYc/MVMP8s
ntFB5pgtWuLQATZImW4A1dtZiqCsF6APvJIQASxVq+wv3dwhejF9xMZR96QchVZJ
QvPOcH76njIH4fThb0e46Dn54+KBpCnveSnDtAz5sQKBgQD2u6gWOK/Z4VqGlff1
diLqzesdalCJhydKzOGRzRiJeW4E4MhEpUjIo44zPGkQ64zq6nefqIltdiaE7T9C
Fnyu/+vd0zE1v3Ipgv0wD3NgTj3gGrBwl2gkY5sfSbCR+8vS/DhRU+s3KN45m3s4
XfM27Uw/Zh/DFIe7jmGezfe/3wKBgQDOhRjDfxDDLCEXw4QFQb7Sp/43EGfoTd8h
m700T/QXUTGx6qRhzHF9mUVea7FT+3I6CEqYNnZtFlYsJlq1g457rnvUJnTjJZb7
wFl1h+u4u3IKo/lUUh2vD89PPOkMUF/uamJLh5jK7KNkOjwEDN2yPkRgaedY++nv
NBcUPpGUIwKBgEkFmOWauVC+hVA3qj8XS5Y6g08dW+CYA2T75faEwLJPIeSHsj2+
vR/EaB15z46WaApOgkDaXHHs+dF1dbdVeGlCjMgF7RZ/JoZqogxLRlZGUcG1pGpu
JQBACnTkFkHeR6CVzQUk1QRqL/rUrU8tXwHukRZiXxwZQ2Ka7QFW6+/5AoGAHGem
Dk2NyqppKtGTeP2f921vw7cX85WyWPcIwQc2NXbPdP8m+OSbv4CzT9dUHo75GQ5G
5ESpaTunQo9L7qdXk59eHMHlVdC3wYylQUsemtv9RYVkJ7rbplZwVx+zliP/7dTo
DCdsVozRtFlmI9B5Najm0rP+Q/jyJhpuCjTI5S0CgYEAsYcmFZZotwOyT4oJ/1Fu
BtSOsoxnCa1vPJTVXEoX3F28ZUP4X0iWgGDO1e3aoWWYxWusf1fUj9BWbVnbtJfb
gJ5JtQTAuMvmjCwFRWcBUytdxTUsWFbuDc5fw7DMW7YqjkCCISkd6Q8JyaFsJPy1
7uFzumBnFtZGUIo2w4l8yrQ=
test/sun/security/ssl/CertPathRestrictions/certs/END_ENTITY_SHA256-INTER_CA_SHA256-ROOT_CA_SHA1.cer 0 → 100644
浏览文件 @ d904de00
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
9e:b3:99:30:15:24:2c:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=City, O=Org, OU=Java, CN=INTER_CA_SHA256-ROOT_CA_SHA1
Validity
Not Before: Mar 30 04:51:06 2017 GMT
Not After : Mar 28 04:51:06 2027 GMT
Subject: C=US, ST=CA, L=City, O=Org, OU=Java, CN=END_ENTITY_SHA256-INTER_CA_SHA256-ROOT_CA_SHA1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c7:0b:48:9e:38:53:53:26:33:fe:1c:c9:45:43:
fc:39:d0:7c:7f:f8:56:21:f7:3f:70:de:2d:3c:75:
5b:e2:f2:81:21:19:4a:29:ed:fb:ec:a8:4c:ae:02:
3d:d4:fc:16:06:f3:b5:ac:bf:6e:f0:7d:af:65:a9:
22:51:4a:0a:94:4f:7c:88:e2:3b:0c:63:fa:33:50:
89:ee:2a:9a:7f:c8:bf:7b:69:bc:99:54:35:19:73:
77:62:0d:9a:ab:c8:0f:d0:ba:bf:07:35:52:f2:03:
68:43:0c:0f:71:f0:8a:1e:bb:91:03:16:5e:c0:7a:
a5:77:8f:1f:80:f1:f6:ee:97:05:5e:09:ad:bd:18:
1c:95:91:64:54:11:51:7f:e3:c6:b5:8e:96:b3:05:
fd:98:42:fa:e6:e4:49:56:a0:6f:1f:b8:ca:f3:ea:
f8:23:fa:06:19:61:bd:46:3d:79:89:42:bb:40:21:
1a:78:67:5f:c0:aa:e3:d2:e0:0f:ce:db:50:e7:3c:
b1:0c:f1:64:b0:fa:b4:82:28:61:8a:32:a7:9f:27:
0e:f8:cd:e5:72:3e:53:a2:3a:68:c5:4d:e3:5f:79:
50:d5:89:0a:c3:81:4f:be:09:30:e3:15:af:17:87:
07:94:ea:ff:8c:b5:8e:4c:9b:39:9f:d8:01:13:1b:
27:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
DirName:/C=US/ST=CA/L=City/O=Org/OU=Java/CN=ROOT_CA_SHA1
serial:8D:A0:D2:8A:EE:0B:CF:64
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
2b:43:e4:c1:37:36:00:a3:ed:25:15:c7:9f:6b:25:0e:24:cd:
1c:e8:d2:8c:a6:11:05:a9:2b:b5:dc:7b:fd:55:8e:be:1d:15:
d7:8b:a8:a6:44:cf:03:ba:ba:78:74:26:b9:19:11:c0:03:9b:
4d:2f:f9:f7:ea:da:a3:2f:82:f9:9e:d0:77:d6:bf:eb:fd:57:
c8:eb:03:54:0a:0c:2b:36:0c:e5:99:b7:93:4d:a9:9d:e9:50:
80:66:4e:73:c1:bd:83:13:09:ee:b9:01:62:ed:90:0e:4f:ff:
9d:92:f3:cd:db:1f:ba:da:fc:67:9d:cb:a0:09:99:8b:3e:ea:
9d:61:55:ac:6f:fb:11:5c:c0:fe:fb:ff:5b:15:7d:a7:c1:aa:
3a:cd:30:43:35:ea:44:8a:21:ae:9f:af:bc:5c:ae:3a:01:2c:
3b:eb:b6:8c:6a:e1:1c:4e:55:0a:84:5b:f8:68:71:aa:97:02:
9b:5d:c4:c9:42:df:19:91:28:4a:12:35:8d:2e:3d:10:ec:35:
8a:b1:d7:e0:e2:a6:f9:f6:47:4b:17:75:84:8e:2d:66:e8:74:
be:d6:27:6b:a2:28:23:26:41:70:92:c2:7c:50:e2:81:c9:e0:
10:84:5d:87:4f:db:93:ce:dd:09:d2:48:63:3d:53:66:31:64:
5a:13:b5:a6
-----BEGIN CERTIFICATE-----
MIID+jCCAuKgAwIBAgIJAJ6zmTAVJCxpMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3Jn
MQ0wCwYDVQQLDARKYXZhMSUwIwYDVQQDDBxJTlRFUl9DQV9TSEEyNTYtUk9PVF9D
QV9TSEExMB4XDTE3MDMzMDA0NTEwNloXDTI3MDMyODA0NTEwNlowfzELMAkGA1UE
BhMCVVMxCzAJBgNVBAgMAkNBMQ0wCwYDVQQHDARDaXR5MQwwCgYDVQQKDANPcmcx
DTALBgNVBAsMBEphdmExNzA1BgNVBAMMLkVORF9FTlRJVFlfU0hBMjU2LUlOVEVS
X0NBX1NIQTI1Ni1ST09UX0NBX1NIQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDHC0ieOFNTJjP+HMlFQ/w50Hx/+FYh9z9w3i08dVvi8oEhGUop7fvs
qEyuAj3U/BYG87Wsv27wfa9lqSJRSgqUT3yI4jsMY/ozUInuKpp/yL97abyZVDUZ
c3diDZqryA/Qur8HNVLyA2hDDA9x8Ioeu5EDFl7AeqV3jx+A8fbulwVeCa29GByV
kWRUEVF/48a1jpazBf2YQvrm5ElWoG8fuMrz6vgj+gYZYb1GPXmJQrtAIRp4Z1/A
quPS4A/O21DnPLEM8WSw+rSCKGGKMqefJw74zeVyPlOiOmjFTeNfeVDViQrDgU++
CTDjFa8XhweU6v+MtY5Mmzmf2AETGyd9AgMBAAGjgYowgYcwdwYDVR0jBHAwbqFh
pF8wXTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQ0wCwYDVQQHDARDaXR5MQww
CgYDVQQKDANPcmcxDTALBgNVBAsMBEphdmExFTATBgNVBAMMDFJPT1RfQ0FfU0hB
MYIJAI2g0oruC89kMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACtD
5ME3NgCj7SUVx59rJQ4kzRzo0oymEQWpK7Xce/1Vjr4dFdeLqKZEzwO6unh0JrkZ
EcADm00v+ffq2qMvgvme0HfWv+v9V8jrA1QKDCs2DOWZt5NNqZ3pUIBmTnPBvYMT
Ce65AWLtkA5P/52S883bH7ra/Gedy6AJmYs+6p1hVaxv+xFcwP77/1sVfafBqjrN
MEM16kSKIa6fr7xcrjoBLDvrtoxq4RxOVQqEW/hocaqXAptdxMlC3xmRKEoSNY0u
PRDsNYqx1+Dipvn2R0sXdYSOLWbodL7WJ2uiKCMmQXCSwnxQ4oHJ4BCEXYdP25PO
3QnSSGM9U2YxZFoTtaY=
-----END CERTIFICATE-----
test/sun/security/ssl/CertPathRestrictions/certs/END_ENTITY_SHA256-INTER_CA_SHA256-ROOT_CA_SHA256-PRIV.key 0 → 100644
浏览文件 @ d904de00
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDuH2+6I/ytoLeW
AG3J0xMQafYmxYDZNaDjiWBl7TGpL4TjRY84FuHI/G8ib0VY9DKtyUixm7qZev+b
ExrfQGk9ZV7Dn41uBvmGcUMSqwb0QV/5/hneP7/3EXhoWjsCFUe0r0zOgCM7O9+F
jUlSuxEHyaFE09PxWGVZpU4Yu71PeoI/JJGITV81o2Fst7Urz65NE5OWrvbO+pfD
EiRvjLv/uil7znYV28lCbH7U1K8q5nGVtnpgTguhGL6/N3lIgvxoBtoXEQwdMV59
APsH8anA19rHn5h/ZmknryxAs0c6Rg9Plo30MonIU/eAVZwNw8TczD276Rc02xnW
RmbmxToRAgMBAAECggEAbK3OWV9JWJlMkNqbQQzj247w+FsV5ozSZGbzpzFtg/Eb
Lns11XykCg4kTswIE4RIiQaf9efEb34yoL1Ee3YzUgEtEg2FCB2IzvJskV2ba+lW
e4uclNH1tDa2BLKB0f6SXoXPgUP8UHGQH60PNQIJ0MsWnoorZjBY+WQ305QD3/yB
fMonkjpWN+ZNTY8Y3vA2SsS4EoY0Ndy2FpmWPwKKMCcqXw6xzVjKvq+jpFfsGpcj
i3MlKsCG5koreWrXdyt28CVOc6eMW5rsJfAHRw+OSn7PdLaGyZCUUsFXCjG0Vq2G
YwuMfTJprrZk+lbi3XUXWk7XUEURB7Q4lIBxAcskAQKBgQD8pVj0OIsVHAGjQQ7C
ZAnxFlON7XX3fgPdLtil9c+a1GlcPA2K52fBp8YlKlAS4bmZIQHbbkEBjh8KfG1P
x7zBHoUXV8ruo/axzRPoeBVQat5NQKcKnlITrqdf8J3a+8iMxpMpd53h97HGiayq
W04ZQNf7wjXvR+pJVluTEaoVUQKBgQDxSLruMmCsYvD+sipaQ3rBEMIAI3kc7ctl
fEnipEk5wtPkKKldw+rvbh/AwY2i2JMUDcW92hkB5vCvbcKmCEkEO3FbawNkJnJi
qfwbvHP/fGThMV3gbWWF3GZvBKY2+toSa2rwoR5kYTT1e4+byk38NAp/HAItFHIT
DgAgMy6owQKBgQCjd8jKnBtBmVFl9B48oMXd+/gsCM0fSaXuYvVCzH17TJyvVRve
GEQGBSwrt+j/jpWsArNU602cV/y1qDSCPlZfDgRHSkK/jc9805hh/fCsi7kyevaZ
5D5vBb6+UM2Sdv8YNxPY7NB2+PFJ6KKTx2gM5uvYtZx4KivpL7souXE3QQKBgDxg
FZ5q7rPUIjepP13MyteqqNC+D51Eh4PCgP58W3JfpQPPhOnYj14QMVPbWuSnys3W
0Gc8PsuyDQHoti8znYm4khntAjE6SZ8Up+gM1P3WE6wh3Tq+RQwk5WDcSfcx+AVp
6Z2Cw4ccp9LRc1LpYXA9WW8LBCRhnFXWSAPGquNBAoGAdCsvFzSipQ5qxWPlClRM
lKqDdQheRl9IKCuImXZAvdX952VhmP7QV5PUwLV/CkVquvSdRSshrMO/fqFjfkjr
puajXghFXa+YppQW42tPYBmKDnNVgxW5d5sC62AYaykh2iNw3v4BJyN+MMmkSf0M
4/mKvs5m8N2OkOpY6r2wCp8=
test/sun/security/ssl/CertPathRestrictions/certs/END_ENTITY_SHA256-INTER_CA_SHA256-ROOT_CA_SHA256.cer 0 → 100644
浏览文件 @ d904de00
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
e8:33:78:c7:69:9c:28:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=City, O=Org, OU=Java, CN=INTER_CA_SHA256-ROOT_CA_SHA256
Validity
Not Before: Mar 30 04:51:04 2017 GMT
Not After : Mar 28 04:51:04 2027 GMT
Subject: C=US, ST=CA, L=City, O=Org, OU=Java, CN=END_ENTITY_SHA256-INTER_CA_SHA256-ROOT_CA_SHA256
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ee:1f:6f:ba:23:fc:ad:a0:b7:96:00:6d:c9:d3:
13:10:69:f6:26:c5:80:d9:35:a0:e3:89:60:65:ed:
31:a9:2f:84:e3:45:8f:38:16:e1:c8:fc:6f:22:6f:
45:58:f4:32:ad:c9:48:b1:9b:ba:99:7a:ff:9b:13:
1a:df:40:69:3d:65:5e:c3:9f:8d:6e:06:f9:86:71:
43:12:ab:06:f4:41:5f:f9:fe:19:de:3f:bf:f7:11:
78:68:5a:3b:02:15:47:b4:af:4c:ce:80:23:3b:3b:
df:85:8d:49:52:bb:11:07:c9:a1:44:d3:d3:f1:58:
65:59:a5:4e:18:bb:bd:4f:7a:82:3f:24:91:88:4d:
5f:35:a3:61:6c:b7:b5:2b:cf:ae:4d:13:93:96:ae:
f6:ce:fa:97:c3:12:24:6f:8c:bb:ff:ba:29:7b:ce:
76:15:db:c9:42:6c:7e:d4:d4:af:2a:e6:71:95:b6:
7a:60:4e:0b:a1:18:be:bf:37:79:48:82:fc:68:06:
da:17:11:0c:1d:31:5e:7d:00:fb:07:f1:a9:c0:d7:
da:c7:9f:98:7f:66:69:27:af:2c:40:b3:47:3a:46:
0f:4f:96:8d:f4:32:89:c8:53:f7:80:55:9c:0d:c3:
c4:dc:cc:3d:bb:e9:17:34:db:19:d6:46:66:e6:c5:
3a:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
DirName:/C=US/ST=CA/L=City/O=Org/OU=Java/CN=ROOT_CA_SHA256
serial:84:A1:70:1D:0A:92:D3:CC
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
1d:1a:87:7d:11:0e:cc:cd:7f:6c:ed:21:1a:2c:35:de:09:b8:
c4:cf:0c:31:00:3d:f5:bd:d4:6e:f0:4f:7e:c2:8d:d6:c5:28:
ed:38:9d:d7:52:32:e2:8d:7b:64:c8:1d:4e:69:7e:49:5f:e1:
5e:04:c7:d3:96:d2:63:ef:2c:35:4f:eb:08:2b:9d:b0:15:df:
33:d8:1c:59:8e:bb:f1:28:4f:f0:85:bb:3c:56:e1:86:a4:75:
2b:44:8a:1c:98:ae:94:f3:b6:76:a9:a3:e7:d6:bc:58:ef:fe:
32:11:6f:76:5b:85:f8:14:91:83:2c:b6:20:a5:48:48:8b:6e:
ee:a8:6c:2b:12:18:94:3e:59:5e:a6:66:53:dc:40:b2:da:fd:
a4:5f:16:35:b6:20:2b:31:86:9b:91:55:b2:35:63:d2:47:bd:
91:7e:43:bc:d6:0e:dc:95:1a:f0:8d:08:e5:66:cd:d1:0b:32:
d6:92:26:3e:78:e8:70:74:e1:14:64:b0:39:5d:7c:d0:28:23:
c7:83:53:02:90:fe:fc:9e:aa:9a:fb:c4:ef:9d:d5:22:f6:c1:
fd:e4:07:04:25:4f:8f:b2:13:6f:0d:51:cc:54:b4:38:d3:ac:
31:aa:94:c5:d0:c8:5a:58:35:13:87:3e:f6:74:26:8c:2b:7d:
6c:8e:36:a5
-----BEGIN CERTIFICATE-----
MIIEATCCAumgAwIBAgIJAOgzeMdpnCjBMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3Jn
MQ0wCwYDVQQLDARKYXZhMScwJQYDVQQDDB5JTlRFUl9DQV9TSEEyNTYtUk9PVF9D
QV9TSEEyNTYwHhcNMTcwMzMwMDQ1MTA0WhcNMjcwMzI4MDQ1MTA0WjCBgTELMAkG
A1UEBhMCVVMxCzAJBgNVBAgMAkNBMQ0wCwYDVQQHDARDaXR5MQwwCgYDVQQKDANP
cmcxDTALBgNVBAsMBEphdmExOTA3BgNVBAMMMEVORF9FTlRJVFlfU0hBMjU2LUlO
VEVSX0NBX1NIQTI1Ni1ST09UX0NBX1NIQTI1NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAO4fb7oj/K2gt5YAbcnTExBp9ibFgNk1oOOJYGXtMakvhONF
jzgW4cj8byJvRVj0Mq3JSLGbupl6/5sTGt9AaT1lXsOfjW4G+YZxQxKrBvRBX/n+
Gd4/v/cReGhaOwIVR7SvTM6AIzs734WNSVK7EQfJoUTT0/FYZVmlThi7vU96gj8k
kYhNXzWjYWy3tSvPrk0Tk5au9s76l8MSJG+Mu/+6KXvOdhXbyUJsftTUryrmcZW2
emBOC6EYvr83eUiC/GgG2hcRDB0xXn0A+wfxqcDX2sefmH9maSevLECzRzpGD0+W
jfQyichT94BVnA3DxNzMPbvpFzTbGdZGZubFOhECAwEAAaOBjDCBiTB5BgNVHSME
cjBwoWOkYTBfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExDTALBgNVBAcMBENp
dHkxDDAKBgNVBAoMA09yZzENMAsGA1UECwwESmF2YTEXMBUGA1UEAwwOUk9PVF9D
QV9TSEEyNTaCCQCEoXAdCpLTzDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA
A4IBAQAdGod9EQ7MzX9s7SEaLDXeCbjEzwwxAD31vdRu8E9+wo3WxSjtOJ3XUjLi
jXtkyB1OaX5JX+FeBMfTltJj7yw1T+sIK52wFd8z2BxZjrvxKE/whbs8VuGGpHUr
RIocmK6U87Z2qaPn1rxY7/4yEW92W4X4FJGDLLYgpUhIi27uqGwrEhiUPllepmZT
3ECy2v2kXxY1tiArMYabkVWyNWPSR72RfkO81g7clRrwjQjlZs3RCzLWkiY+eOhw
dOEUZLA5XXzQKCPHg1MCkP78nqqa+8TvndUi9sH95AcEJU+PshNvDVHMVLQ406wx
qpTF0MhaWDUThz72dCaMK31sjjal
-----END CERTIFICATE-----
test/sun/security/ssl/CertPathRestrictions/certs/INTER_CA_SHA1-ROOT_CA_SHA1-PRIV.key 0 → 100644
浏览文件 @ d904de00
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDX1pPNXGpnPQNc
x9ReXrjbcHkIoyXcdXbhO0TnUBV5aGJTEn5/meDsK76Y2KDVyU/EO2jXpaQ5QiGn
UzY6vKIn6boqTov4NLYwBsVPdAG/xZyr5q7p6bnJ8WRj40A2JeOeZ3FMglRtBCNg
rYeEC4MDp2F41OVxsJZ4huodq94arqhD/hjE40g06UNa0I+/2dIpI2cSamIC5b3L
/DK3ol+gIw/OOxMCgzAUSjeH6nTrrW1hUeSKx0NPGWRLWzLQ2yxhYcXlsedNuKHo
ux/p3EkGXoGPajK7s7IlKj9CPQYwlQez37jCLJGovArqTr/8hxfrKMdZOl5bp+6H
6uWh6af7AgMBAAECggEAXrUsM79qfRR7pjmVCTe9G6T1pwGXum3clSYhrPIqChTw
mA0Ubr9Bv7/OKVlc8ZIdKzj6Xy2yquFGzRopQIrHCIZ5htjieC4BB3/hEmUP42s9
vPxDIibJvD/s0hvEcD4d68LuJylFDHT1ZRWf0iQPAApxLckVSNa4n/hrQEvK8J+G
HIH8VATq9iHp/GQmmFB8b3ubqn46zDGqly14+TGP2KtVJlY9FuCpvmtZZZjJ+K09
vYM+BATwje6N6PqX5a3Z+NFC1NK9CmC+U6ECJ27uhySn8kvlU/i/SOAnrPftByO7
g7K8p2Qzq1LlVIUU/JTidNZGXTaTMOVg8eHLmyt92QKBgQD9a94rLqk9BUtVsTYa
AImt+KbUMB+Zi83cYDiCfNBkfIYw4dVUFJecmqZwg7IeqNwuSmXP41fASOvDel/L
8bOj/rPccVSG9pmU0ir5WK9n8zobogfAzvaFr8cmo+TVv0FOZZA8e/+UfVsiKAsW
3nwhwxN8ieILU1dtaNV1IfnAPwKBgQDaCM9URf+DFILI2WpuzKpk1loF6HrlklIn
+N0IFFcalqUpC8GhXTw7suypRBCZ+cp32h7WEcN9aHLMrnkDQP3bGTv53pJT5N9k
7nk9Bfrk0CJCxeMRKwtuMhLkOmT0eh2aB1lWR0owA5b1Gjtiz5kTW7NN2+paJCDz
SiDLVoFpRQKBgQCHvt0N4nuy/QACkd86BGm7b8LlTDXRCMsnrb73XqY9/VngG0gr
NrCTqV9YS6MAu1Dd1uo8djnN/QGU/xsLYpfoU4nCnk450SQpTH7Ke8/Rbb8FiECA
7hutNqAFuardOApiVRLy4zTfNFq5rBtsj5aMezMX9b/Ic0cUiyA0ExP1/wKBgQCp
SDvI34wRdqRQUtWa7xbAsdg1TBnXEjLtTAA4nKpAP4Q+CR2uLlhstW+fv/PvyIwV
X+mfJS2VubmgBzp3d0dhjAcP6mnL7yAvGiRRZ8ozSxG+rCuvEa+PQBuAzYHCeulu
xJPtM+56tt7GsDY5cpsT95eQNNWQZQqcOgqaNTDGzQKBgCmMwRP1HN0qUSSVO1d8
8N17OoZe5yntppEjesYQrLf4AEgPS3Qj8dv0qfe3z1B0gAKlG9+OR8cUBCMGVyum
b51SiSi3LSm1VeuMfT7JDMSxTkbaI5CY7v+/5yCRFqikgBtCkHM9m4K95d3dVDO8
JGrlKiKVIbu5LnQZMkPHRIEX
test/sun/security/ssl/CertPathRestrictions/certs/INTER_CA_SHA1-ROOT_CA_SHA1.cer 0 → 100644
浏览文件 @ d904de00
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
8d:a0:d2:8a:ee:0b:cf:65
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=CA, L=City, O=Org, OU=Java, CN=ROOT_CA_SHA1
Validity
Not Before: Mar 30 04:51:04 2017 GMT
Not After : Mar 28 04:51:04 2027 GMT
Subject: C=US, ST=CA, L=City, O=Org, OU=Java, CN=INTER_CA_SHA1-ROOT_CA_SHA1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d7:d6:93:cd:5c:6a:67:3d:03:5c:c7:d4:5e:5e:
b8:db:70:79:08:a3:25:dc:75:76:e1:3b:44:e7:50:
15:79:68:62:53:12:7e:7f:99:e0:ec:2b:be:98:d8:
a0:d5:c9:4f:c4:3b:68:d7:a5:a4:39:42:21:a7:53:
36:3a:bc:a2:27:e9:ba:2a:4e:8b:f8:34:b6:30:06:
c5:4f:74:01:bf:c5:9c:ab:e6:ae:e9:e9:b9:c9:f1:
64:63:e3:40:36:25:e3:9e:67:71:4c:82:54:6d:04:
23:60:ad:87:84:0b:83:03:a7:61:78:d4:e5:71:b0:
96:78:86:ea:1d:ab:de:1a:ae:a8:43:fe:18:c4:e3:
48:34:e9:43:5a:d0:8f:bf:d9:d2:29:23:67:12:6a:
62:02:e5:bd:cb:fc:32:b7:a2:5f:a0:23:0f:ce:3b:
13:02:83:30:14:4a:37:87:ea:74:eb:ad:6d:61:51:
e4:8a:c7:43:4f:19:64:4b:5b:32:d0:db:2c:61:61:
c5:e5:b1:e7:4d:b8:a1:e8:bb:1f:e9:dc:49:06:5e:
81:8f:6a:32:bb:b3:b2:25:2a:3f:42:3d:06:30:95:
07:b3:df:b8:c2:2c:91:a8:bc:0a:ea:4e:bf:fc:87:
17:eb:28:c7:59:3a:5e:5b:a7:ee:87:ea:e5:a1:e9:
a7:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
DirName:/C=US/ST=CA/L=City/O=Org/OU=Java/CN=ROOT_CA_SHA1
serial:F1:3B:B7:FB:28:3F:52:09
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
d3:ce:da:23:e1:7c:73:fb:7f:26:d7:a4:3c:7b:17:01:75:ce:
a5:bd:75:f1:65:1b:56:27:ae:f8:97:a6:c4:ca:94:93:c9:12:
bb:c7:ec:2b:d5:38:d5:43:3a:6c:c2:51:3a:79:2f:d7:4e:da:
2d:12:1f:b8:c2:4f:c8:ba:33:d3:f5:0c:78:cc:26:69:24:47:
3f:ed:17:a0:7f:d0:20:fe:11:ca:75:50:1a:61:e1:91:b5:fa:
91:04:e9:14:59:77:d4:29:0f:43:19:e0:dc:dd:a6:18:14:f4:
33:3e:f0:cb:36:7b:18:04:03:dd:be:35:41:c4:3e:65:d2:67:
44:73:ab:7f:d1:b9:26:7e:b3:1e:d0:e4:a4:52:83:60:a9:e6:
e1:bf:62:bb:9b:16:0c:97:ad:11:1a:2f:eb:92:ca:7e:98:15:
46:23:59:5d:26:d9:ec:57:85:51:5b:09:f1:9b:1b:d3:5d:53:
02:67:1a:e4:24:49:67:87:04:75:66:13:56:1b:8b:a1:08:de:
c8:4b:f8:87:73:6e:c2:31:ee:f6:32:14:45:32:a3:3f:e4:b1:
0f:23:28:29:b4:a3:86:65:4f:2e:57:ad:8f:44:77:f8:4b:ea:
7b:9d:8e:dc:cb:07:ee:b4:78:46:db:cd:12:eb:ad:ef:9b:8f:
22:ba:83:7b
-----BEGIN CERTIFICATE-----
MIID1jCCAr6gAwIBAgIJAI2g0oruC89lMA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3Jn
MQ0wCwYDVQQLDARKYXZhMRUwEwYDVQQDDAxST09UX0NBX1NIQTEwHhcNMTcwMzMw
MDQ1MTA0WhcNMjcwMzI4MDQ1MTA0WjBrMQswCQYDVQQGEwJVUzELMAkGA1UECAwC
Q0ExDTALBgNVBAcMBENpdHkxDDAKBgNVBAoMA09yZzENMAsGA1UECwwESmF2YTEj
MCEGA1UEAwwaSU5URVJfQ0FfU0hBMS1ST09UX0NBX1NIQTEwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDX1pPNXGpnPQNcx9ReXrjbcHkIoyXcdXbhO0Tn
UBV5aGJTEn5/meDsK76Y2KDVyU/EO2jXpaQ5QiGnUzY6vKIn6boqTov4NLYwBsVP
dAG/xZyr5q7p6bnJ8WRj40A2JeOeZ3FMglRtBCNgrYeEC4MDp2F41OVxsJZ4huod
q94arqhD/hjE40g06UNa0I+/2dIpI2cSamIC5b3L/DK3ol+gIw/OOxMCgzAUSjeH
6nTrrW1hUeSKx0NPGWRLWzLQ2yxhYcXlsedNuKHoux/p3EkGXoGPajK7s7IlKj9C
PQYwlQez37jCLJGovArqTr/8hxfrKMdZOl5bp+6H6uWh6af7AgMBAAGjgYowgYcw
dwYDVR0jBHAwbqFhpF8wXTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQ0wCwYD
VQQHDARDaXR5MQwwCgYDVQQKDANPcmcxDTALBgNVBAsMBEphdmExFTATBgNVBAMM
DFJPT1RfQ0FfU0hBMYIJAPE7t/soP1IJMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
AQEFBQADggEBANPO2iPhfHP7fybXpDx7FwF1zqW9dfFlG1YnrviXpsTKlJPJErvH
7CvVONVDOmzCUTp5L9dO2i0SH7jCT8i6M9P1DHjMJmkkRz/tF6B/0CD+Ecp1UBph
4ZG1+pEE6RRZd9QpD0MZ4NzdphgU9DM+8Ms2exgEA92+NUHEPmXSZ0Rzq3/RuSZ+
sx7Q5KRSg2Cp5uG/YrubFgyXrREaL+uSyn6YFUYjWV0m2exXhVFbCfGbG9NdUwJn
GuQkSWeHBHVmE1Ybi6EI3shL+IdzbsIx7vYyFEUyoz/ksQ8jKCm0o4ZlTy5XrY9E
d/hL6nudjtzLB+60eEbbzRLrre+bjyK6g3s=
-----END CERTIFICATE-----
test/sun/security/ssl/CertPathRestrictions/certs/INTER_CA_SHA1-ROOT_CA_SHA256-PRIV.key 0 → 100644
浏览文件 @ d904de00
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDWN68vV57EPqPZ
Dtvi2+NI4tfxUgkaWJXbqrLKuAJC8bff9edZpMXGAyqMpDDr7MAjs/3TDYpVaWYN
Id5iwqamImbBLYf/K0LOkaX6+TyogaqwwdNVryR5eYcGXEiJY1MJ2mgzCNeGJ091
4qwll3xkjAFolB6o9QoIbLB3cctl0vw6oAoi3TKWQxJ+UI6/uBotX5eQ9z1b/MDs
6PNXHB22jYAj4tOePMZxq7AVCwTFpWbHK8j5ftXxpVoU5ECNHfIAHLprJqc/lKdf
7rMyflbsjD8nV7TwY+FW7WfOQgiJhk0OK3VaBeSsovpOOwjS4Lpsazh3eUXeZJUk
lrYrMfI3AgMBAAECggEAEpXmNx9NAQ3GPXDSlw4o3AwCXEeXzpdc+SAIPxpT5+b8
4wt8tQRcvF9N88HTFMUHrpFRNlx4Ygyw8/a6SqtEtilJ7Py8TeE8/JsaYXn6T0xg
uNE4OrjlWzy2AFFFYdYiQDqYy8S6nkMO29V8xg4slrSm8qHXPyVzZ2O2s8ZFtWG+
ItAMb+Gv7FU2M4te/TwRnadljFAoyWry0XCXle1fN1Y3QJXtu3VDdmLmU0t+VGfa
wuZ5k0FIb9TFIQuxtgUNXJZmIjZw4Ych3luUc1bMSn9FPHeOzk8J3yo1tGqQu15M
KMLHxASTgt6opfhDbYIpD0fJJqCPdiJlMrqXHBPYwQKBgQDy8lrmsjBE97H0U2sS
tqlJq+7VOe2ien+z6seXFxd6XHBI8D/wTi2Q/7BpIGbpek3xc0ujxaFbcqo/RJZA
TUzYmc5leQLTwy4a54Neo33+sOuYPg8fQIMPT1OGa3DXv3EPSC8FdQrweNjn/bDX
YXbXJ2nKc3RgdTVehuMh6mw25wKBgQDhuitrTL3dlyHMGhO+djxW3cgjsUbJXQsK
1GnkGw5mzzL67M6ixw4WNxNJjuXEUI5Vat8iJzhZOA+Ae84DDbeN2FCM7UBpUsyB
9T9aApBYLLMflZhl4PXK/zkh1J9vA5NqqJbAcw6a5uH0kjtuJOSvP5CVQc2xsX9i
U9+eZesQMQKBgHo4Znasqg/oNIRf+vvdHOlNL8fhbqVQzzHqKSLfoRYTrwFirCfu
jInnuA4LGPrYZqHTiPgJEpX456EQli4fNUu6hNUTvdJe3LD4S2SvB1G8G6npfp4Q
TF7FX5W+M3S2gOBZRh6OtUQo56Y+QFr6U1kGIPiSgLeN/51gap/DWVF9AoGBAMmL
hMEloFF+Y/rtPbvNrkqRc+YKn32jyfw9dN7rGYzKbGaHkmjc+sLzIhGHubfzhWLX
Law9AJ8I4y6BXIx1bvMDtche/igMefV/mLUxnNhd8QG+fHhayJwcDlMamdBxjOqq
5Q+oq927UP0ipFXQMzAWvW3Hd3W1WlvdL8kqjxvBAoGBAMaZ9JZO48Zn17IUweZC
oVfM99YaHa+dm3L47PdQN6Ag6UjQ+sZ/6SLGIIg67SDhUQ+nuPCL8PH3Rf7PCuqW
oHW3F+44SIrVdLlMkWb444dxdP6Xvb9aOMpvopBDuvzYPR3xzZ202DZbZ0sIEVu8
8a+09JbRmEI2/Ee+em6a/Y4T
test/sun/security/ssl/CertPathRestrictions/certs/INTER_CA_SHA1-ROOT_CA_SHA256.cer 0 → 100644
浏览文件 @ d904de00
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
84:a1:70:1d:0a:92:d3:cd
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=CA, L=City, O=Org, OU=Java, CN=ROOT_CA_SHA256
Validity
Not Before: Mar 30 04:51:03 2017 GMT
Not After : Mar 28 04:51:03 2027 GMT
Subject: C=US, ST=CA, L=City, O=Org, OU=Java, CN=INTER_CA_SHA1-ROOT_CA_SHA256
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d6:37:af:2f:57:9e:c4:3e:a3:d9:0e:db:e2:db:
e3:48:e2:d7:f1:52:09:1a:58:95:db:aa:b2:ca:b8:
02:42:f1:b7:df:f5:e7:59:a4:c5:c6:03:2a:8c:a4:
30:eb:ec:c0:23:b3:fd:d3:0d:8a:55:69:66:0d:21:
de:62:c2:a6:a6:22:66:c1:2d:87:ff:2b:42:ce:91:
a5:fa:f9:3c:a8:81:aa:b0:c1:d3:55:af:24:79:79:
87:06:5c:48:89:63:53:09:da:68:33:08:d7:86:27:
4f:75:e2:ac:25:97:7c:64:8c:01:68:94:1e:a8:f5:
0a:08:6c:b0:77:71:cb:65:d2:fc:3a:a0:0a:22:dd:
32:96:43:12:7e:50:8e:bf:b8:1a:2d:5f:97:90:f7:
3d:5b:fc:c0:ec:e8:f3:57:1c:1d:b6:8d:80:23:e2:
d3:9e:3c:c6:71:ab:b0:15:0b:04:c5:a5:66:c7:2b:
c8:f9:7e:d5:f1:a5:5a:14:e4:40:8d:1d:f2:00:1c:
ba:6b:26:a7:3f:94:a7:5f:ee:b3:32:7e:56:ec:8c:
3f:27:57:b4:f0:63:e1:56:ed:67:ce:42:08:89:86:
4d:0e:2b:75:5a:05:e4:ac:a2:fa:4e:3b:08:d2:e0:
ba:6c:6b:38:77:79:45:de:64:95:24:96:b6:2b:31:
f2:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
DirName:/C=US/ST=CA/L=City/O=Org/OU=Java/CN=ROOT_CA_SHA256
serial:A3:52:9D:82:6F:DD:C6:1D
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
56:fb:b0:ab:a6:bb:3a:55:04:ed:5c:3b:ae:0c:0d:32:8f:aa:
ec:b7:24:2c:d5:37:b9:1f:91:64:21:c2:c0:6d:bc:d4:d4:5e:
e2:f1:12:ad:34:02:93:65:10:6c:93:93:2c:23:53:e8:ed:96:
c7:3b:6b:44:df:ff:24:8b:c1:cc:26:b2:1e:8f:26:66:34:3a:
bb:7d:ef:4e:a6:7e:b2:c8:93:c9:f7:46:5a:de:40:88:70:28:
c7:d1:fd:27:c3:99:fd:6a:a1:a5:e1:6d:c3:5a:bc:99:28:95:
e9:17:ed:a4:56:a5:04:ad:fb:74:a2:01:26:2a:5a:45:bc:7b:
0d:df:0c:41:79:8b:b4:15:50:cd:88:ce:f5:a7:ee:cb:d2:5b:
76:81:4c:1b:09:92:0e:e9:c6:42:df:b7:81:9e:89:3d:49:ed:
17:fa:d2:2f:bd:8b:74:d5:cb:ce:af:46:6a:74:b3:34:a0:c5:
a0:64:66:7a:80:59:15:1e:de:16:df:11:3d:1e:96:e2:e5:2d:
f1:4d:20:f3:f6:f1:19:aa:ac:f8:b4:6e:76:a0:26:6c:cd:90:
f2:23:35:a0:8b:c8:e8:5d:27:5d:34:d3:69:74:61:c5:ac:6a:
54:e9:86:8d:ca:ca:16:03:48:7f:cd:23:43:41:e2:77:3a:5d:
f2:3e:de:fa
-----BEGIN CERTIFICATE-----
MIID3DCCAsSgAwIBAgIJAIShcB0KktPNMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3Jn
MQ0wCwYDVQQLDARKYXZhMRcwFQYDVQQDDA5ST09UX0NBX1NIQTI1NjAeFw0xNzAz
MzAwNDUxMDNaFw0yNzAzMjgwNDUxMDNaMG0xCzAJBgNVBAYTAlVTMQswCQYDVQQI
DAJDQTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3JnMQ0wCwYDVQQLDARKYXZh
MSUwIwYDVQQDDBxJTlRFUl9DQV9TSEExLVJPT1RfQ0FfU0hBMjU2MIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jevL1eexD6j2Q7b4tvjSOLX8VIJGliV
26qyyrgCQvG33/XnWaTFxgMqjKQw6+zAI7P90w2KVWlmDSHeYsKmpiJmwS2H/ytC
zpGl+vk8qIGqsMHTVa8keXmHBlxIiWNTCdpoMwjXhidPdeKsJZd8ZIwBaJQeqPUK
CGywd3HLZdL8OqAKIt0ylkMSflCOv7gaLV+XkPc9W/zA7OjzVxwdto2AI+LTnjzG
cauwFQsExaVmxyvI+X7V8aVaFORAjR3yABy6ayanP5SnX+6zMn5W7Iw/J1e08GPh
Vu1nzkIIiYZNDit1WgXkrKL6TjsI0uC6bGs4d3lF3mSVJJa2KzHyNwIDAQABo4GM
MIGJMHkGA1UdIwRyMHChY6RhMF8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEN
MAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3JnMQ0wCwYDVQQLDARKYXZhMRcwFQYD
VQQDDA5ST09UX0NBX1NIQTI1NoIJAKNSnYJv3cYdMAwGA1UdEwQFMAMBAf8wDQYJ
KoZIhvcNAQEFBQADggEBAFb7sKumuzpVBO1cO64MDTKPquy3JCzVN7kfkWQhwsBt
vNTUXuLxEq00ApNlEGyTkywjU+jtlsc7a0Tf/ySLwcwmsh6PJmY0Ort9706mfrLI
k8n3RlreQIhwKMfR/SfDmf1qoaXhbcNavJkolekX7aRWpQSt+3SiASYqWkW8ew3f
DEF5i7QVUM2IzvWn7svSW3aBTBsJkg7pxkLft4GeiT1J7Rf60i+9i3TVy86vRmp0
szSgxaBkZnqAWRUe3hbfET0eluLlLfFNIPP28RmqrPi0bnagJmzNkPIjNaCLyOhd
J10002l0YcWsalTpho3KyhYDSH/NI0NB4nc6XfI+3vo=
-----END CERTIFICATE-----
test/sun/security/ssl/CertPathRestrictions/certs/INTER_CA_SHA256-ROOT_CA_SHA1-PRIV.key 0 → 100644
浏览文件 @ d904de00
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDh12cWta4H1sY6
KHyfvxSJk1JIUAe08JFmHwvO0Eb6LRmKrqwbXEyGs0CPGhMlnmxjvrfXbKkUjodY
9ByxSBa7zYaVdPDGKDQ3HvPxyjZ0npPrHDII2wR+0UOD0ftkDbPHWQFBsl0OY/sI
pRzihYRh8MwCrADdza3vHPrNBz2umuM5jnN20FVIGKhGMGbg5eackBmgvcaWT6BW
B67iYRWVRwLywdSE+imOIS4P7ivndBe1DlB+z4oBmbBwYkM+5WyR3yT4+stdByyn
naL+kExsC/TWDw+sE9TQUo2zqRbNI1j8UhBaQZz1pbX5YeGPTq/Z2J8EGvPxz6VY
PmkDyMl3AgMBAAECggEAKrlDKUqpZ5Y73di26smNKxGRqVhqfNJdz0HkS/We18kc
Yd31dR+a4oial/fI038K5ju4L6rAucDU3gEgRHFsy45v/Won+nS0nBDg+UbV0m4F
cZ7d4Er+qLcR3KgmtKDa98VgtXr2m7hSTypdMoUrrBOPpJnBeDRmyStkTtEl3Bfa
Fh72SZXNauGvB5+qrbPhls1HoWVbzZ3i6oUCBDrfmLD6G0ipGM+AQICmXjYX8OxT
Ye5u/6DU4TkWu5A6/1m0Q4clGZXSeMx2d4PkZ0jZKOXdhwvzAaGh7I0AkuA4ZlCj
slXENyAzQhm4EHHWxvld11e8oEh4DUfWtUXeLttawQKBgQDybE5gjAZdv+5BJXWV
l2G+zb5tKHWd0XQQ2epktX+i+iA5lA0bLkAA4rrmZVsDEc4D2yjINsopBHTjwvtV
F/LBBWIynm6MkIyjY6+0fBfoikz9ebKikuf1YRoRC5Dl0pd2Wa/ps2wowDbQnj3o
4e6x+z0WviyL+uRr1JyotR2J5wKBgQDufVw64Z6AdWThlnP8qXqW12QQBd5qChPr
fHJEkx0ViBoM97yalVzDssXn4X2ESVDqtsxH21SzKzDGzLoCG3PwCPgp9zWk9GS/
HfhXFzI3qHIlI+s6481vjqDnXtvJ7oHutxYkkYQXSMgC69jeRY0nW78Bz03BAYjQ
boRmeK1x8QKBgQDw9VBOTMADLUPvQwGGKAsC8VQHAgEuVcONAF0nrvPoFcA0GwGP
87+wYayuVy5IdckVMiBuKW91p7VbsjHJGd2zl9tMPwfY9dCkkvBRcEr/W4A9Llqt
l2GyF8smCB4FIfZkr67Xlvy54Jxbbf5RXUi5ZeUJlwuGM2IaACGa2zM6HwKBgEmW
iOTqRTwh/RTWlcd6jAcLQybmiLBzl53r8l5SfoDsVA14S8vvFoaUHRjlrRMqhDtI
WFQ7yzDVvOE6vpJz4hxIyDo6u2TAvG10U/Kbh7VA1qe7I5QyQmuPuPprfKocXB9K
gxyZggalQIIWP/6lu15PoupuCvHpBUw7LcNorSwhAoGAXXBcp4U369B3ld+M+hC9
G+2VttaC2917iqoM8R7WOiwez+10s+fNv89B6DjZxeX5haa7bbB+RvfqN8OysIRK
m0Bh4w6q/JuRydj9T5sJLk9oUrEFLncqihlNT+1WEwR5x50OODYjpHz1YORo5HzL
cnXKk8xTZFE7mXD1ZJoRLxc=
test/sun/security/ssl/CertPathRestrictions/certs/INTER_CA_SHA256-ROOT_CA_SHA1.cer 0 → 100644
浏览文件 @ d904de00
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
8d:a0:d2:8a:ee:0b:cf:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=City, O=Org, OU=Java, CN=ROOT_CA_SHA1
Validity
Not Before: Mar 30 04:51:03 2017 GMT
Not After : Mar 28 04:51:03 2027 GMT
Subject: C=US, ST=CA, L=City, O=Org, OU=Java, CN=INTER_CA_SHA256-ROOT_CA_SHA1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e1:d7:67:16:b5:ae:07:d6:c6:3a:28:7c:9f:bf:
14:89:93:52:48:50:07:b4:f0:91:66:1f:0b:ce:d0:
46:fa:2d:19:8a:ae:ac:1b:5c:4c:86:b3:40:8f:1a:
13:25:9e:6c:63:be:b7:d7:6c:a9:14:8e:87:58:f4:
1c:b1:48:16:bb:cd:86:95:74:f0:c6:28:34:37:1e:
f3:f1:ca:36:74:9e:93:eb:1c:32:08:db:04:7e:d1:
43:83:d1:fb:64:0d:b3:c7:59:01:41:b2:5d:0e:63:
fb:08:a5:1c:e2:85:84:61:f0:cc:02:ac:00:dd:cd:
ad:ef:1c:fa:cd:07:3d:ae:9a:e3:39:8e:73:76:d0:
55:48:18:a8:46:30:66:e0:e5:e6:9c:90:19:a0:bd:
c6:96:4f:a0:56:07:ae:e2:61:15:95:47:02:f2:c1:
d4:84:fa:29:8e:21:2e:0f:ee:2b:e7:74:17:b5:0e:
50:7e:cf:8a:01:99:b0:70:62:43:3e:e5:6c:91:df:
24:f8:fa:cb:5d:07:2c:a7:9d:a2:fe:90:4c:6c:0b:
f4:d6:0f:0f:ac:13:d4:d0:52:8d:b3:a9:16:cd:23:
58:fc:52:10:5a:41:9c:f5:a5:b5:f9:61:e1:8f:4e:
af:d9:d8:9f:04:1a:f3:f1:cf:a5:58:3e:69:03:c8:
c9:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
DirName:/C=US/ST=CA/L=City/O=Org/OU=Java/CN=ROOT_CA_SHA1
serial:F1:3B:B7:FB:28:3F:52:09
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
24:74:94:0a:7d:81:62:16:ed:4e:0f:e2:19:06:bd:8b:7a:e4:
35:63:4c:73:ec:3a:45:d7:2a:8c:80:e6:6b:d9:26:7d:78:9f:
6b:36:f9:fd:94:f7:ac:86:3c:0e:95:66:80:f3:0b:93:0f:44:
0a:05:76:d9:1d:c6:37:6f:ea:02:b9:29:e9:96:11:d1:e6:1e:
70:95:31:77:22:ed:3c:96:ad:9f:74:8c:41:f5:44:47:a2:4e:
d4:58:86:92:31:36:94:90:05:9d:94:16:8c:f8:c8:18:7b:45:
dc:49:45:53:63:06:bb:c6:a9:33:72:fe:48:7b:0e:21:89:e2:
6c:44:29:3c:10:65:c6:7d:8e:6c:cb:95:ea:a1:ae:3b:c1:12:
98:ce:b9:c8:98:12:0d:ac:a7:bd:31:cc:aa:ac:51:b4:a7:33:
5b:60:0d:d6:ed:e0:29:5a:29:f5:fc:e0:27:db:77:88:fd:59:
0c:02:70:d8:f4:1d:89:88:13:94:55:5b:77:a3:a6:8e:18:9a:
b8:82:5b:64:27:8c:ef:10:6a:df:ed:fd:a4:b5:2b:44:0f:5f:
89:08:15:48:df:b0:13:08:7c:08:cc:07:ea:b8:a6:17:ab:35:
65:07:2c:b9:ec:9a:d0:1f:e7:b9:a7:36:9e:24:f7:73:10:e0:
70:6c:78:6e
-----BEGIN CERTIFICATE-----
MIID2DCCAsCgAwIBAgIJAI2g0oruC89kMA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3Jn
MQ0wCwYDVQQLDARKYXZhMRUwEwYDVQQDDAxST09UX0NBX1NIQTEwHhcNMTcwMzMw
MDQ1MTAzWhcNMjcwMzI4MDQ1MTAzWjBtMQswCQYDVQQGEwJVUzELMAkGA1UECAwC
Q0ExDTALBgNVBAcMBENpdHkxDDAKBgNVBAoMA09yZzENMAsGA1UECwwESmF2YTEl
MCMGA1UEAwwcSU5URVJfQ0FfU0hBMjU2LVJPT1RfQ0FfU0hBMTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAOHXZxa1rgfWxjoofJ+/FImTUkhQB7TwkWYf
C87QRvotGYqurBtcTIazQI8aEyWebGO+t9dsqRSOh1j0HLFIFrvNhpV08MYoNDce
8/HKNnSek+scMgjbBH7RQ4PR+2QNs8dZAUGyXQ5j+wilHOKFhGHwzAKsAN3Nre8c
+s0HPa6a4zmOc3bQVUgYqEYwZuDl5pyQGaC9xpZPoFYHruJhFZVHAvLB1IT6KY4h
Lg/uK+d0F7UOUH7PigGZsHBiQz7lbJHfJPj6y10HLKedov6QTGwL9NYPD6wT1NBS
jbOpFs0jWPxSEFpBnPWltflh4Y9Or9nYnwQa8/HPpVg+aQPIyXcCAwEAAaOBijCB
hzB3BgNVHSMEcDBuoWGkXzBdMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExDTAL
BgNVBAcMBENpdHkxDDAKBgNVBAoMA09yZzENMAsGA1UECwwESmF2YTEVMBMGA1UE
AwwMUk9PVF9DQV9TSEExggkA8Tu3+yg/UgkwDAYDVR0TBAUwAwEB/zANBgkqhkiG
9w0BAQsFAAOCAQEAJHSUCn2BYhbtTg/iGQa9i3rkNWNMc+w6RdcqjIDma9kmfXif
azb5/ZT3rIY8DpVmgPMLkw9ECgV22R3GN2/qArkp6ZYR0eYecJUxdyLtPJatn3SM
QfVER6JO1FiGkjE2lJAFnZQWjPjIGHtF3ElFU2MGu8apM3L+SHsOIYnibEQpPBBl
xn2ObMuV6qGuO8ESmM65yJgSDaynvTHMqqxRtKczW2AN1u3gKVop9fzgJ9t3iP1Z
DAJw2PQdiYgTlFVbd6OmjhiauIJbZCeM7xBq3+39pLUrRA9fiQgVSN+wEwh8CMwH
6rimF6s1ZQcsueya0B/nuac2niT3cxDgcGx4bg==
-----END CERTIFICATE-----
test/sun/security/ssl/CertPathRestrictions/certs/INTER_CA_SHA256-ROOT_CA_SHA256-PRIV.key 0 → 100644
浏览文件 @ d904de00
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDbXbqJwTisc3wF
Z6MYWonNxMsWBfNfwFB/KLQfEfZ+phvReORvJZ5lVT/1gTVs5/QhREU0qW48OxyM
NXKgkcBZGLkRvVlDaOEcbTIDa4PYf7rnsTtU8DWYuyqqmeBnJ2ViKJ3ZGA750ctm
ZsDZlWdwE5iCqX3hA/pfHGu+CNiW2jWSulookdIPqdJeLiwgnntm5tZFxoZ9hD1h
J88iRqmqpS4joYXPxUNxfJ49Nx4iRfrx7HpyUVg3i5Q2q/AVuVSwbbPfNaQrG71V
EbK0K7EjtL8Gw8DCS8Gvr0ApIpabA644BueWA9skjns9lvfSuH76Y5e2nHGJiOz7
LWMFV24LAgMBAAECggEAD546u7gQCucl+1SHniJEEWxjcSv3SeftU0BYoqWqwRWe
gWl0Ch3Jizlollger6RME1pC+x7dBFjJDYp4oMn/wdgqxQKQKmZ7MITtvKSY/H8L
lZdevAtmJXud7AuMmIuLglOV+XDnEA5Jxv6l2Ff0x1v9zb+3gJ/B4aeqXBtRIFxD
CfCcvcN1Bl+jj2fvS8iRrqofGa6DGXZVZvtIVjIvJnR1YBVMVYBNs6kcscM5Nblr
PJFDDsg+Ph7hq5gpwj7pyb4e54sn06pdfBLgGkHJ82tCNkc+f4Ee2M7MoS//m4IC
ajV+xht4REHuB7h5GM50TF5Gziianyc3g8//M7sC8QKBgQD7tvSzJK1N0w9NPK1e
Q5zfEWxU1c7dJ/hr81OpvEzUut1vZeKT1mydtA0YJftDTFTXe5fsPKNTIrL4BWUw
PLa3jWQNNDSLDNhdoqKrno+017pD7+p8G8x3AfyHxn6x2Shoz0jHTnGf+Q0vnvdT
ZTFpWU+3J8Wp4+1Nx2lwGGEJXwKBgQDfGcnk/fTSs/QQNgzkC1HaQ35b66eEBwK3
yi8KNsNxDByvdYGxaK/tLRiZIsKMxAV+3jebfA4WSgDkenmzGLn4gYUr5gkkmEW5
irETT+HDK8LeM2iIbCROactwu3ytJrgpaoDXxRbDsGCUf98hjz1JDCR94wjGH78H
K3Pmbm6e1QKBgEIuTVIYj5RJrNlC3dZN8p3Xx+LaQER3cOJ5HIMhJhY8d2IFqLf0
BaTFJTg3LEP6esgZD82l988w7Vs2l+9B10yVWTv7gOEaZHzh+OEklGYY3jlkiANP
j8eudwX/02nRTcWY0mrMniVQZv4hTqfXkFFBkSr3wwmzCr6LcpZtYn4DAoGBAIEm
2bTBu1/aoxhbYd0GHI1g8x5dbm1E7bLdzZt5Fm00GMsOGFVOiEGiEJJeCAgbVh8a
n1BYYYNPtfKOYDNoxgfxWtmN4o8Xw41kl5vZa5VjmPyu//2xtNbb8dTCBKvsNUJs
kEfYpZQFX/O3jsFLvauy5tElhCfFqv2IjyC/nzQ9AoGBAJLCz62crl/AXqArSnAH
efX9ozrNMJMQDMDtw5xB/EqRMazmTlqkYr0H4iTS69QNAPr8czdmpY6uO6BRE9+/
f/tWZXQj7eT8pd1Dp2Ed1vHsOfiAUha0cYUMrqshsqKNXrCxl7144iRGZY7OjFI1
USqVVNaci2IrtW5+NGV62BYP
test/sun/security/ssl/CertPathRestrictions/certs/INTER_CA_SHA256-ROOT_CA_SHA256.cer 0 → 100644
浏览文件 @ d904de00
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
84:a1:70:1d:0a:92:d3:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=City, O=Org, OU=Java, CN=ROOT_CA_SHA256
Validity
Not Before: Mar 30 04:51:02 2017 GMT
Not After : Mar 28 04:51:02 2027 GMT
Subject: C=US, ST=CA, L=City, O=Org, OU=Java, CN=INTER_CA_SHA256-ROOT_CA_SHA256
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:db:5d:ba:89:c1:38:ac:73:7c:05:67:a3:18:5a:
89:cd:c4:cb:16:05:f3:5f:c0:50:7f:28:b4:1f:11:
f6:7e:a6:1b:d1:78:e4:6f:25:9e:65:55:3f:f5:81:
35:6c:e7:f4:21:44:45:34:a9:6e:3c:3b:1c:8c:35:
72:a0:91:c0:59:18:b9:11:bd:59:43:68:e1:1c:6d:
32:03:6b:83:d8:7f:ba:e7:b1:3b:54:f0:35:98:bb:
2a:aa:99:e0:67:27:65:62:28:9d:d9:18:0e:f9:d1:
cb:66:66:c0:d9:95:67:70:13:98:82:a9:7d:e1:03:
fa:5f:1c:6b:be:08:d8:96:da:35:92:ba:5a:28:91:
d2:0f:a9:d2:5e:2e:2c:20:9e:7b:66:e6:d6:45:c6:
86:7d:84:3d:61:27:cf:22:46:a9:aa:a5:2e:23:a1:
85:cf:c5:43:71:7c:9e:3d:37:1e:22:45:fa:f1:ec:
7a:72:51:58:37:8b:94:36:ab:f0:15:b9:54:b0:6d:
b3:df:35:a4:2b:1b:bd:55:11:b2:b4:2b:b1:23:b4:
bf:06:c3:c0:c2:4b:c1:af:af:40:29:22:96:9b:03:
ae:38:06:e7:96:03:db:24:8e:7b:3d:96:f7:d2:b8:
7e:fa:63:97:b6:9c:71:89:88:ec:fb:2d:63:05:57:
6e:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
DirName:/C=US/ST=CA/L=City/O=Org/OU=Java/CN=ROOT_CA_SHA256
serial:A3:52:9D:82:6F:DD:C6:1D
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
3f:f2:91:96:59:da:c1:8a:8c:4d:eb:25:1f:74:87:6f:fc:2e:
92:7e:44:ff:a7:0b:78:aa:6d:2b:fe:b8:0a:b9:e9:bc:19:87:
44:15:e1:3a:e4:54:e6:4b:54:3c:75:d9:f8:c9:07:83:74:f4:
4c:ab:e4:6b:19:64:b6:4b:69:44:6e:74:f6:66:cf:16:43:8f:
9c:cb:20:e4:7a:5e:78:13:00:6f:28:78:8d:c5:05:46:a9:92:
0f:d0:38:c3:8b:0e:39:d4:87:e9:ee:35:07:78:dd:1a:1a:8c:
3a:36:56:4e:3b:96:7a:d1:2c:29:95:06:29:ac:b2:f7:5c:fc:
09:1c:72:24:e2:9e:72:bf:60:3a:7a:9b:59:35:48:6a:d2:3e:
76:7f:ad:41:45:a5:6f:93:96:10:c4:4c:cf:3f:f1:1d:00:5f:
d1:60:f1:88:86:d8:ef:ff:72:63:8f:4c:df:9e:35:cb:17:2c:
16:7b:d4:6c:0e:67:b6:ee:bc:68:07:b0:99:df:c5:f3:88:28:
a1:46:bb:6d:f5:2c:45:6b:e9:90:c0:78:35:20:73:14:5a:d0:
a5:56:cb:04:f4:43:a7:cf:28:f5:a3:5b:ac:f2:a3:4c:f6:39:
3c:ef:f4:b1:42:20:8e:2a:14:0d:a1:b4:38:b2:f2:6c:14:33:
05:04:bb:a7
-----BEGIN CERTIFICATE-----
MIID3jCCAsagAwIBAgIJAIShcB0KktPMMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3Jn
MQ0wCwYDVQQLDARKYXZhMRcwFQYDVQQDDA5ST09UX0NBX1NIQTI1NjAeFw0xNzAz
MzAwNDUxMDJaFw0yNzAzMjgwNDUxMDJaMG8xCzAJBgNVBAYTAlVTMQswCQYDVQQI
DAJDQTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3JnMQ0wCwYDVQQLDARKYXZh
MScwJQYDVQQDDB5JTlRFUl9DQV9TSEEyNTYtUk9PVF9DQV9TSEEyNTYwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbXbqJwTisc3wFZ6MYWonNxMsWBfNf
wFB/KLQfEfZ+phvReORvJZ5lVT/1gTVs5/QhREU0qW48OxyMNXKgkcBZGLkRvVlD
aOEcbTIDa4PYf7rnsTtU8DWYuyqqmeBnJ2ViKJ3ZGA750ctmZsDZlWdwE5iCqX3h
A/pfHGu+CNiW2jWSulookdIPqdJeLiwgnntm5tZFxoZ9hD1hJ88iRqmqpS4joYXP
xUNxfJ49Nx4iRfrx7HpyUVg3i5Q2q/AVuVSwbbPfNaQrG71VEbK0K7EjtL8Gw8DC
S8Gvr0ApIpabA644BueWA9skjns9lvfSuH76Y5e2nHGJiOz7LWMFV24LAgMBAAGj
gYwwgYkweQYDVR0jBHIwcKFjpGEwXzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNB
MQ0wCwYDVQQHDARDaXR5MQwwCgYDVQQKDANPcmcxDTALBgNVBAsMBEphdmExFzAV
BgNVBAMMDlJPT1RfQ0FfU0hBMjU2ggkAo1Kdgm/dxh0wDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQsFAAOCAQEAP/KRllnawYqMTeslH3SHb/wukn5E/6cLeKptK/64
CrnpvBmHRBXhOuRU5ktUPHXZ+MkHg3T0TKvkaxlktktpRG509mbPFkOPnMsg5Hpe
eBMAbyh4jcUFRqmSD9A4w4sOOdSH6e41B3jdGhqMOjZWTjuWetEsKZUGKayy91z8
CRxyJOKecr9gOnqbWTVIatI+dn+tQUWlb5OWEMRMzz/xHQBf0WDxiIbY7/9yY49M
3541yxcsFnvUbA5ntu68aAewmd/F84gooUa7bfUsRWvpkMB4NSBzFFrQpVbLBPRD
p88o9aNbrPKjTPY5PO/0sUIgjioUDaG0OLLybBQzBQS7pw==
-----END CERTIFICATE-----
test/sun/security/ssl/CertPathRestrictions/certs/ROOT_CA_SHA1-PRIV.key 0 → 100644
浏览文件 @ d904de00
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDhROyqYZ5UdQJ0
xJdG4B+aXPHbIKV0w5AvJ7r4SuvIJ/4pEmV6fIU3+4CvN2sXKzW+0DppOBz99Oe6
19jfMAx5t0pKHkwh5J0bduLf1k83lm8CvoX1a9lYY6ER4Y8wWtTcHG016onl8Lxq
QVqlqbk9zsbNipvWxipIQOgzq7DmTXQ2Hrx0tg4DROlgwuarPBWcZjq6dG09nI0E
zSY/Wis619L/6sdCxGFhvnJ0YbULvIqdR2J638KEO+rx1RXD66Jqc0KhnGZLf7NT
YfTlY0zIMHE8oMkJPdH9tPKbyXMXhiG/u5x81RcJxT4gLi5fq2yrvMsaUC13bnJJ
npFNy6XTAgMBAAECggEAPS4h9Jg0jw2EUEBAMaCXFK5fhTrVlOO0Ggp5TgvTA3ZR
Ich8RQrih3TH2056yD0VCLC23HK/9Pz5npYWsW70RG5SP9UAqkfTn2znaxFiTF+P
4Lfr296hlc7hJOEUqXZRz0HtKzJ6pzd9hIIhY1K4G6A4AATAFFGXlC4Eolvj3Hf0
NgVFDYaFDEpEiin+fAsM5c1ZE0pxRZSVE5Emr9XvkvxLm5dK9lKOyyOQ+5RHhxQ6
J4n+6Ct0O+FkeP9u3jTMtew9gxTwvHSgkf05hSRoqgMKcusKpqhHp6E4mT7sus7q
AYzdv5sNIcx7PpojuHjploMH7ghhYxCmVOOFxXJ4CQKBgQD2naA8zZnh5BfbVC8p
C9A6HfwnZ7cCjGtL30y8fh8OAMHbdGE4JXlhifPgW7PDxZ0Yho4rYd9MxLVcGl+p
YPOKKcaKbzwdUJwZ4Zs1dJC+LTRqku6O3qlEofeojHN5IctLoLqDsiZBD7aT4l+O
wmAWqwLZZQtiFpA/jbCb/Qw7tQKBgQDp11rFSHLKuVdMuSnUon3WN6lj9WNM3KFy
C8R4EN/DTnuHrVL0MCff9eddBYvpQe0z/LA74oAD9fSjmtYe/24qIm2lAWVkwxBm
yyspUmOybU8Q3GN8xw1Vrwg8JR5JVAOwKHwCGmybT7Zs+9eJRONnnZ6nUbTQ94cP
sJVkyGUgZwKBgQCd/0CAk+xpl1tdbiLEtkfSZBF/IWhTXqkDM+2SuW6l5wBL29TJ
RuDsB5jR/Y4+96T86H++9XY9Va0nc9IjzvRYaQlE+ZzW3yUTQ8HPTn3JCWcSfE4Q
BEEHsojbWBhG28rGChRUeVceybVcK2SzLn6nJyqtIppXXkNOJDWoykcDHQKBgHzY
27+k1JTjq3ZtDaZXMvQiN7AEnYW17gRjv/uSlsVBq7ZelYGGDGQIeAQ0J+Tbq/cr
nDP80/hJYtnOmy9llL2uL/f+7NGFS8Z2Bo9DS7NBpQsNf5ho9fefQbhK4Qapcmak
1sCQtxec0XsSYpsJSphRkRkoCG/hGB0KXFi4nTVVAoGAJrrh1rG1UMXmFUpraXIy
Mc58lEYB87EkMOthyK8XklxLoYKPZlVS7AZZDtQMpRC6YnweiX6LmO4AamtlT71x
BzQgmwHn4wOaysDPHFuf5hNCobXJREoiNzHb4AcqiZ7SNAW5Jd+0/PSY47hrDnRy
wNFyg3O0k3kaXz5h3lVhxo4=
test/sun/security/ssl/CertPathRestrictions/certs/ROOT_CA_SHA1.cer 0 → 100644
浏览文件 @ d904de00
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f1:3b:b7:fb:28:3f:52:09
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=CA, L=City, O=Org, OU=Java, CN=ROOT_CA_SHA1
Validity
Not Before: Mar 30 04:51:01 2017 GMT
Not After : Mar 28 04:51:01 2027 GMT
Subject: C=US, ST=CA, L=City, O=Org, OU=Java, CN=ROOT_CA_SHA1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e1:44:ec:aa:61:9e:54:75:02:74:c4:97:46:e0:
1f:9a:5c:f1:db:20:a5:74:c3:90:2f:27:ba:f8:4a:
eb:c8:27:fe:29:12:65:7a:7c:85:37:fb:80:af:37:
6b:17:2b:35:be:d0:3a:69:38:1c:fd:f4:e7:ba:d7:
d8:df:30:0c:79:b7:4a:4a:1e:4c:21:e4:9d:1b:76:
e2:df:d6:4f:37:96:6f:02:be:85:f5:6b:d9:58:63:
a1:11:e1:8f:30:5a:d4:dc:1c:6d:35:ea:89:e5:f0:
bc:6a:41:5a:a5:a9:b9:3d:ce:c6:cd:8a:9b:d6:c6:
2a:48:40:e8:33:ab:b0:e6:4d:74:36:1e:bc:74:b6:
0e:03:44:e9:60:c2:e6:ab:3c:15:9c:66:3a:ba:74:
6d:3d:9c:8d:04:cd:26:3f:5a:2b:3a:d7:d2:ff:ea:
c7:42:c4:61:61:be:72:74:61:b5:0b:bc:8a:9d:47:
62:7a:df:c2:84:3b:ea:f1:d5:15:c3:eb:a2:6a:73:
42:a1:9c:66:4b:7f:b3:53:61:f4:e5:63:4c:c8:30:
71:3c:a0:c9:09:3d:d1:fd:b4:f2:9b:c9:73:17:86:
21:bf:bb:9c:7c:d5:17:09:c5:3e:20:2e:2e:5f:ab:
6c:ab:bc:cb:1a:50:2d:77:6e:72:49:9e:91:4d:cb:
a5:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
DirName:/C=US/ST=CA/L=City/O=Org/OU=Java/CN=ROOT_CA_SHA1
serial:F1:3B:B7:FB:28:3F:52:09
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
0b:be:7b:c7:53:14:87:37:02:66:37:f5:6f:38:3c:75:b3:72:
f6:f8:9c:77:4d:9a:e4:5c:23:3a:4a:5f:aa:6e:90:23:e9:b8:
48:fd:6d:e1:88:b5:a2:a5:0a:30:c0:7d:33:a8:6f:79:42:52:
80:f8:87:4b:2a:15:0a:ff:14:88:97:21:12:89:1c:d3:33:bf:
fa:4f:5e:68:9a:c6:69:2f:aa:1d:31:aa:80:f5:b0:d3:72:c9:
fa:ce:3b:5f:15:a6:61:e0:f1:d1:ab:e7:40:48:c1:d4:30:bd:
0a:13:37:0d:ea:ac:38:b2:af:1b:78:3a:29:53:ee:90:71:3b:
2b:a4:8b:16:e9:da:94:59:44:3d:7f:34:fb:0a:d1:6b:db:3d:
66:01:a6:0f:98:b5:cc:57:39:b9:09:f2:01:cc:e5:89:86:7d:
f2:9a:b2:ad:08:3d:da:05:f9:24:1e:30:98:cc:92:a9:4c:4a:
cf:a3:53:6e:7f:5e:db:aa:43:9c:ac:b1:b5:80:ab:7e:a3:89:
71:37:c2:4a:c1:16:9d:26:d5:70:89:8a:8e:a8:cb:40:3b:b8:
f0:d2:31:54:c2:1f:fc:24:5e:29:c1:5e:86:48:1e:83:4e:44:
30:ff:8d:46:47:b6:0e:9c:77:bf:ba:08:8b:bd:eb:b7:ca:45:
0a:e3:0c:ec
-----BEGIN CERTIFICATE-----
MIIDyDCCArCgAwIBAgIJAPE7t/soP1IJMA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3Jn
MQ0wCwYDVQQLDARKYXZhMRUwEwYDVQQDDAxST09UX0NBX1NIQTEwHhcNMTcwMzMw
MDQ1MTAxWhcNMjcwMzI4MDQ1MTAxWjBdMQswCQYDVQQGEwJVUzELMAkGA1UECAwC
Q0ExDTALBgNVBAcMBENpdHkxDDAKBgNVBAoMA09yZzENMAsGA1UECwwESmF2YTEV
MBMGA1UEAwwMUk9PVF9DQV9TSEExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA4UTsqmGeVHUCdMSXRuAfmlzx2yCldMOQLye6+ErryCf+KRJlenyFN/uA
rzdrFys1vtA6aTgc/fTnutfY3zAMebdKSh5MIeSdG3bi39ZPN5ZvAr6F9WvZWGOh
EeGPMFrU3BxtNeqJ5fC8akFapam5Pc7GzYqb1sYqSEDoM6uw5k10Nh68dLYOA0Tp
YMLmqzwVnGY6unRtPZyNBM0mP1orOtfS/+rHQsRhYb5ydGG1C7yKnUdiet/ChDvq
8dUVw+uianNCoZxmS3+zU2H05WNMyDBxPKDJCT3R/bTym8lzF4Yhv7ucfNUXCcU+
IC4uX6tsq7zLGlAtd25ySZ6RTcul0wIDAQABo4GKMIGHMHcGA1UdIwRwMG6hYaRf
MF0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UEBwwEQ2l0eTEMMAoG
A1UECgwDT3JnMQ0wCwYDVQQLDARKYXZhMRUwEwYDVQQDDAxST09UX0NBX1NIQTGC
CQDxO7f7KD9SCTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQALvnvH
UxSHNwJmN/VvODx1s3L2+Jx3TZrkXCM6Sl+qbpAj6bhI/W3hiLWipQowwH0zqG95
QlKA+IdLKhUK/xSIlyESiRzTM7/6T15omsZpL6odMaqA9bDTcsn6zjtfFaZh4PHR
q+dASMHUML0KEzcN6qw4sq8beDopU+6QcTsrpIsW6dqUWUQ9fzT7CtFr2z1mAaYP
mLXMVzm5CfIBzOWJhn3ymrKtCD3aBfkkHjCYzJKpTErPo1Nuf17bqkOcrLG1gKt+
o4lxN8JKwRadJtVwiYqOqMtAO7jw0jFUwh/8JF4pwV6GSB6DTkQw/41GR7YOnHe/
ugiLveu3ykUK4wzs
-----END CERTIFICATE-----
test/sun/security/ssl/CertPathRestrictions/certs/ROOT_CA_SHA256-PRIV.key 0 → 100644
浏览文件 @ d904de00
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2DzrIXts3huIs
dtX+ZbY6RR5/S4yXUs3jJXc4mbITLn7PO1QVBT528NZVOu6jUxXsPTpTg1jgresh
6Pcv1LNj7bP30uPXhmyawgQVUgLTGyU0+JWLJrpU7cEOTK4f/j58A+UHL255fM7T
B3EvIj2Ad1MAYwIvVZnAXPSFt72YGz15doYiewp8dTXcX4TsFisCbypFikWxpXIF
qjVqbAUx8fYgQxfPWFw4HbVvo3Nu1LqypswAfsmHd2v5nMv8wkAcPG5dIYHACN9r
kPLMoUNUcBLn6QdIUrhk7dldRlR0TWT+VtRLKVWlGkMk9rRK+RnskNSuPg8fjb/Y
gM0m5p0JAgMBAAECggEAPVk8cbClJjzpkhopWiRkF5abBEItCgD5KAXD+uqvuw77
5FEVsE+oEORvFSFasOaaiJTJRsMH/A4fIbojMZb3LEE5V9VUuZeumSevwI92LDUF
gKgTnGRcfanwWCU2t8kwvRGC57zv+Tg5aZskZMGg/901tvemENVDjjLEoxqbZNmX
WZnhB8XiPxl9K32K0l+qNW3HvKJ8lkaW0L6/4HWWU4rYwbc9TZpzHDOXhAICQB76
fCw4hcy1K6KjfGjfE/6afqMa76KSxxeCvUYorZlm2gk1WcEafkg9Jwzz2SWtsa8W
L+YzbTd1GE8Z9bDA88Dw3vgdC1Pt0ywX/fJ/GCDHUQKBgQDjNaW/enKYXGTsM5C1
I94OgSmgnjnjPZIBY0u89iCAf07ueqrNaLJgOEkGpCrLEa4tC2qc57ge1DO2rxTa
6RowUzqG3Oqdsq21QaQZAmjjDC5mXlYPRpWvWVjBRaIDKw9zAUg9qEy24e/pRjdP
cugR30d1OaxExdgoAt8iOqZ67wKBgQDNIPqF/+npd1UAqgdC9lOxnPQly1zjz/zY
jbeJeww9Ut9aCXj0+we4gKhD37d178y1H2QBod+IPpqQ/uZmbNmN5JP+MIk2kZKB
4jquQLa5jEc+y57h8UrWJBY+Ls7xiu/cw3aCAk0JaZRSrH/KzWE91x3s7o2yV43d
dMkRmTTHhwKBgQCHaq4C1WP/UvIDpSgWDe6HDoxU4nj16vheQ2Qcl0T/0OCmWg36
pu/JUUKU5rtqlHsO9cLxCVo/ZZH8y5TOdCfbrX8wafKbUqcdZKX9EeaZi+ULtiXs
rNEB1WqEpo/M+5kVnioENY6jYT2v9t14SK/wFvdr8pet1YzjK/L5X6NhmQKBgFK4
0u7I9k61Ve0vpEAH0FaXIgo/yZUBYkj+VZ62pYfxbKsFmObKeSGZmMHObVC9RMNi
BlV2LwvlmzWP5eA2U0GahWgDsMH10KxaTCnLZSTMgkq7mLYrNW/IG8Q14jScQAC6
PodNYD3EexEgCWUCkA19O885oKDkGAzPtOpI63TvAoGBAJvbKiJSFJNd3CIQlrOM
wNw+Sww+c2Qw4PZZvIJNzjWumjesfUsuAyySrO2nXPzzSOrh7dRW98suaFi1Mih6
ZwBpIll5VQsd2dwEa6vp6RFGWFNKPvDILEVgcCEOmckKRWDo+fb5bx2VHj1v4kfG
MHDqy8Y2ercsU0Z5mEN8bUD7
test/sun/security/ssl/CertPathRestrictions/certs/ROOT_CA_SHA256.cer 0 → 100644
浏览文件 @ d904de00
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
a3:52:9d:82:6f:dd:c6:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=City, O=Org, OU=Java, CN=ROOT_CA_SHA256
Validity
Not Before: Mar 30 04:51:01 2017 GMT
Not After : Mar 28 04:51:01 2027 GMT
Subject: C=US, ST=CA, L=City, O=Org, OU=Java, CN=ROOT_CA_SHA256
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b6:0f:3a:c8:5e:db:37:86:e2:2c:76:d5:fe:65:
b6:3a:45:1e:7f:4b:8c:97:52:cd:e3:25:77:38:99:
b2:13:2e:7e:cf:3b:54:15:05:3e:76:f0:d6:55:3a:
ee:a3:53:15:ec:3d:3a:53:83:58:e0:ad:eb:21:e8:
f7:2f:d4:b3:63:ed:b3:f7:d2:e3:d7:86:6c:9a:c2:
04:15:52:02:d3:1b:25:34:f8:95:8b:26:ba:54:ed:
c1:0e:4c:ae:1f:fe:3e:7c:03:e5:07:2f:6e:79:7c:
ce:d3:07:71:2f:22:3d:80:77:53:00:63:02:2f:55:
99:c0:5c:f4:85:b7:bd:98:1b:3d:79:76:86:22:7b:
0a:7c:75:35:dc:5f:84:ec:16:2b:02:6f:2a:45:8a:
45:b1:a5:72:05:aa:35:6a:6c:05:31:f1:f6:20:43:
17:cf:58:5c:38:1d:b5:6f:a3:73:6e:d4:ba:b2:a6:
cc:00:7e:c9:87:77:6b:f9:9c:cb:fc:c2:40:1c:3c:
6e:5d:21:81:c0:08:df:6b:90:f2:cc:a1:43:54:70:
12:e7:e9:07:48:52:b8:64:ed:d9:5d:46:54:74:4d:
64:fe:56:d4:4b:29:55:a5:1a:43:24:f6:b4:4a:f9:
19:ec:90:d4:ae:3e:0f:1f:8d:bf:d8:80:cd:26:e6:
9d:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
DirName:/C=US/ST=CA/L=City/O=Org/OU=Java/CN=ROOT_CA_SHA256
serial:A3:52:9D:82:6F:DD:C6:1D
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
6f:2f:a4:56:d5:58:6d:20:74:6b:66:b7:41:eb:c2:8c:56:2e:
1b:51:79:b0:07:a6:63:28:8b:20:40:b9:72:4b:f5:e0:6b:18:
39:5b:b4:ae:50:58:25:81:86:e3:19:ec:b1:dd:fb:5c:f5:d4:
a8:7d:a0:50:46:ac:1e:80:dc:cc:aa:0c:61:f8:a3:41:af:03:
35:a4:02:4f:23:c7:5c:36:26:90:fe:51:07:58:0f:e7:14:26:
34:c2:a7:bd:f2:34:33:cf:67:e4:2d:82:b6:e8:94:85:d6:8b:
01:6f:ba:3d:78:f6:db:3d:dc:ba:6e:6d:83:fa:ea:d0:60:ab:
1b:ad:9b:e2:ba:e3:e3:9f:26:5b:9a:c7:fb:9f:c1:7d:cc:0b:
cf:23:e0:ac:e1:e4:09:08:84:98:d4:6e:16:34:a5:5e:74:d5:
a8:61:e1:65:f7:9a:51:9f:f0:9f:86:65:ce:4f:b8:b6:64:7d:
86:62:21:ec:71:50:70:ca:6b:2e:74:12:51:b1:68:b0:4a:66:
19:60:e9:f8:b0:bf:6e:d8:ad:75:29:c3:31:13:73:01:3d:d5:
d4:5b:c2:60:bb:c4:c8:e6:29:cf:a3:49:65:8d:c2:1d:7d:c9:
75:33:9b:97:73:38:99:5c:7d:b3:9f:b0:be:0d:f4:6a:c6:19:
8d:98:a1:ca
-----BEGIN CERTIFICATE-----
MIIDzjCCAragAwIBAgIJAKNSnYJv3cYdMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3Jn
MQ0wCwYDVQQLDARKYXZhMRcwFQYDVQQDDA5ST09UX0NBX1NIQTI1NjAeFw0xNzAz
MzAwNDUxMDFaFw0yNzAzMjgwNDUxMDFaMF8xCzAJBgNVBAYTAlVTMQswCQYDVQQI
DAJDQTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3JnMQ0wCwYDVQQLDARKYXZh
MRcwFQYDVQQDDA5ST09UX0NBX1NIQTI1NjCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALYPOshe2zeG4ix21f5ltjpFHn9LjJdSzeMldziZshMufs87VBUF
Pnbw1lU67qNTFew9OlODWOCt6yHo9y/Us2Pts/fS49eGbJrCBBVSAtMbJTT4lYsm
ulTtwQ5Mrh/+PnwD5Qcvbnl8ztMHcS8iPYB3UwBjAi9VmcBc9IW3vZgbPXl2hiJ7
Cnx1NdxfhOwWKwJvKkWKRbGlcgWqNWpsBTHx9iBDF89YXDgdtW+jc27UurKmzAB+
yYd3a/mcy/zCQBw8bl0hgcAI32uQ8syhQ1RwEufpB0hSuGTt2V1GVHRNZP5W1Esp
VaUaQyT2tEr5GeyQ1K4+Dx+Nv9iAzSbmnQkCAwEAAaOBjDCBiTB5BgNVHSMEcjBw
oWOkYTBfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExDTALBgNVBAcMBENpdHkx
DDAKBgNVBAoMA09yZzENMAsGA1UECwwESmF2YTEXMBUGA1UEAwwOUk9PVF9DQV9T
SEEyNTaCCQCjUp2Cb93GHTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
AQBvL6RW1VhtIHRrZrdB68KMVi4bUXmwB6ZjKIsgQLlyS/Xgaxg5W7SuUFglgYbj
Geyx3ftc9dSofaBQRqwegNzMqgxh+KNBrwM1pAJPI8dcNiaQ/lEHWA/nFCY0wqe9
8jQzz2fkLYK26JSF1osBb7o9ePbbPdy6bm2D+urQYKsbrZviuuPjnyZbmsf7n8F9
zAvPI+Cs4eQJCISY1G4WNKVedNWoYeFl95pRn/CfhmXOT7i2ZH2GYiHscVBwymsu
dBJRsWiwSmYZYOn4sL9u2K11KcMxE3MBPdXUW8Jgu8TI5inPo0lljcIdfcl1M5uX
cziZXH2zn7C+DfRqxhmNmKHK
-----END CERTIFICATE-----
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册