Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 de1bd584 编写于 作者: L lana
浏览文件
操作

Merge

上级 3bfada3e a8e71dd1
展开全部 隐藏空白更改
内联 并排
Showing with 1386 addition and 780 deletion
src/share/classes/com/sun/crypto/provider/RSACipher.java
浏览文件 @ de1bd584
/*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -39,6 +39,8 @@ import javax.crypto.spec.OAEPParameterSpec;
import sun.security.rsa.*;
import sun.security.jca.Providers;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
import sun.security.util.KeyUtil;
/**
* RSA cipher implementation. Supports RSA en/decryption and signing/verifying
......@@ -91,8 +93,8 @@ public final class RSACipher extends CipherSpi {
// padding object
private RSAPadding padding;
// cipher parameter for OAEP padding
private OAEPParameterSpec spec = null;
// cipher parameter for OAEP padding and TLS RSA premaster secret
private AlgorithmParameterSpec spec = null;
// buffer for the data
private byte[] buffer;
......@@ -110,6 +112,9 @@ public final class RSACipher extends CipherSpi {
// hash algorithm for OAEP
private String oaepHashAlgorithm = "SHA-1";
// the source of randomness
private SecureRandom random;
public RSACipher() {
paddingType = PAD_PKCS1;
}
......@@ -175,7 +180,7 @@ public final class RSACipher extends CipherSpi {
// see JCE spec
protected AlgorithmParameters engineGetParameters() {
if (spec != null) {
if (spec != null && spec instanceof OAEPParameterSpec) {
try {
AlgorithmParameters params =
AlgorithmParameters.getInstance("OAEP",
......@@ -276,8 +281,13 @@ public final class RSACipher extends CipherSpi {
buffer = new byte[n];
} else if (paddingType == PAD_PKCS1) {
if (params != null) {
throw new InvalidAlgorithmParameterException
("Parameters not supported");
if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) {
throw new InvalidAlgorithmParameterException(
"Parameters not supported");
}
spec = params;
this.random = random; // for TLS RSA premaster secret
}
int blockType = (mode <= MODE_DECRYPT) ? RSAPadding.PAD_BLOCKTYPE_2
: RSAPadding.PAD_BLOCKTYPE_1;
......@@ -293,19 +303,18 @@ public final class RSACipher extends CipherSpi {
throw new InvalidKeyException
("OAEP cannot be used to sign or verify signatures");
}
OAEPParameterSpec myParams;
if (params != null) {
if (!(params instanceof OAEPParameterSpec)) {
throw new InvalidAlgorithmParameterException
("Wrong Parameters for OAEP Padding");
}
myParams = (OAEPParameterSpec) params;
spec = params;
} else {
myParams = new OAEPParameterSpec(oaepHashAlgorithm, "MGF1",
spec = new OAEPParameterSpec(oaepHashAlgorithm, "MGF1",
MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT);
}
padding = RSAPadding.getInstance(RSAPadding.PAD_OAEP_MGF1, n,
random, myParams);
random, (OAEPParameterSpec)spec);
if (encrypt) {
int k = padding.getMaxDataSize();
buffer = new byte[k];
......@@ -420,17 +429,40 @@ public final class RSACipher extends CipherSpi {
if (wrappedKey.length > buffer.length) {
throw new InvalidKeyException("Key is too long for unwrapping");
}
boolean isTlsRsaPremasterSecret =
algorithm.equals("TlsRsaPremasterSecret");
Exception failover = null;
byte[] encoded = null;
update(wrappedKey, 0, wrappedKey.length);
try {
byte[] encoded = doFinal();
return ConstructKeys.constructKey(encoded, algorithm, type);
encoded = doFinal();
} catch (BadPaddingException e) {
// should not occur
throw new InvalidKeyException("Unwrapping failed", e);
if (isTlsRsaPremasterSecret) {
failover = e;
} else {
throw new InvalidKeyException("Unwrapping failed", e);
}
} catch (IllegalBlockSizeException e) {
// should not occur, handled with length check above
throw new InvalidKeyException("Unwrapping failed", e);
}
if (isTlsRsaPremasterSecret) {
if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) {
throw new IllegalStateException(
"No TlsRsaPremasterSecretParameterSpec specified");
}
// polish the TLS premaster secret
encoded = KeyUtil.checkTlsPreMasterSecretKey(
((TlsRsaPremasterSecretParameterSpec)spec).getClientVersion(),
((TlsRsaPremasterSecretParameterSpec)spec).getServerVersion(),
random, encoded, (failover != null));
}
return ConstructKeys.constructKey(encoded, algorithm, type);
}
// see JCE spec
......@@ -438,5 +470,4 @@ public final class RSACipher extends CipherSpi {
RSAKey rsaKey = RSAKeyFactory.toRSAKey(key);
return rsaKey.getModulus().bitLength();
}
}
src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java
浏览文件 @ de1bd584
/*
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -56,7 +56,7 @@ public final class TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
protected void engineInit(AlgorithmParameterSpec params,
SecureRandom random) throws InvalidAlgorithmParameterException {
if (params instanceof TlsRsaPremasterSecretParameterSpec == false) {
if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) {
throw new InvalidAlgorithmParameterException(MSG);
}
this.spec = (TlsRsaPremasterSecretParameterSpec)params;
......@@ -67,21 +67,20 @@ public final class TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
throw new InvalidParameterException(MSG);
}
// Only can be used in client side to generate TLS RSA premaster secret.
protected SecretKey engineGenerateKey() {
if (spec == null) {
throw new IllegalStateException(
"TlsRsaPremasterSecretGenerator must be initialized");
}
byte[] b = spec.getEncodedSecret();
if (b == null) {
if (random == null) {
random = new SecureRandom();
}
b = new byte[48];
random.nextBytes(b);
b[0] = (byte)spec.getMajorVersion();
b[1] = (byte)spec.getMinorVersion();
if (random == null) {
random = new SecureRandom();
}
byte[] b = new byte[48];
random.nextBytes(b);
b[0] = (byte)spec.getMajorVersion();
b[1] = (byte)spec.getMinorVersion();
return new SecretKeySpec(b, "TlsRsaPremasterSecret");
}
......
src/share/classes/javax/swing/JComponent.java
浏览文件 @ de1bd584
......@@ -3985,6 +3985,17 @@ public abstract class JComponent extends Container implements Serializable,
* @since 1.4
*/
public AccessibleKeyBinding getAccessibleKeyBinding() {
// Try to get the linked label's mnemonic if it exists
Object o = getClientProperty(JLabel.LABELED_BY_PROPERTY);
if (o instanceof Accessible){
AccessibleContext ac = ((Accessible) o).getAccessibleContext();
if (ac != null){
AccessibleComponent comp = ac.getAccessibleComponent();
if (! (comp instanceof AccessibleExtendedComponent))
return null;
return ((AccessibleExtendedComponent)comp).getAccessibleKeyBinding();
}
}
return null;
}
} // inner class AccessibleJComponent
......
src/share/classes/sun/net/InetAddressCachePolicy.java
浏览文件 @ de1bd584
......@@ -84,19 +84,31 @@ public final class InetAddressCachePolicy {
* Initialize
*/
static {
Integer tmp = null;
try {
tmp = new Integer(
java.security.AccessController.doPrivileged (
new PrivilegedAction<String>() {
public String run() {
return Security.getProperty(cachePolicyProp);
}
}));
} catch (NumberFormatException e) {
// ignore
}
Integer tmp = java.security.AccessController.doPrivileged(
new PrivilegedAction<Integer>() {
public Integer run() {
try {
String tmpString = Security.getProperty(cachePolicyProp);
if (tmpString != null) {
return Integer.valueOf(tmpString);
}
} catch (NumberFormatException ignored) {
// Ignore
}
try {
String tmpString = System.getProperty(cachePolicyPropFallback);
if (tmpString != null) {
return Integer.decode(tmpString);
}
} catch (NumberFormatException ignored) {
// Ignore
}
return null;
}
});
if (tmp != null) {
cachePolicy = tmp.intValue();
if (cachePolicy < 0) {
......@@ -104,35 +116,36 @@ public final class InetAddressCachePolicy {
}
propertySet = true;
} else {
tmp = java.security.AccessController.doPrivileged
(new sun.security.action.GetIntegerAction(cachePolicyPropFallback));
if (tmp != null) {
cachePolicy = tmp.intValue();
if (cachePolicy < 0) {
cachePolicy = FOREVER;
}
propertySet = true;
} else {
/* No properties defined for positive caching. If there is no
* security manager then use the default positive cache value.
*/
if (System.getSecurityManager() == null) {
cachePolicy = DEFAULT_POSITIVE;
}
/* No properties defined for positive caching. If there is no
* security manager then use the default positive cache value.
*/
if (System.getSecurityManager() == null) {
cachePolicy = DEFAULT_POSITIVE;
}
}
tmp = java.security.AccessController.doPrivileged (
new PrivilegedAction<Integer>() {
public Integer run() {
try {
String tmpString = Security.getProperty(negativeCachePolicyProp);
if (tmpString != null) {
return Integer.valueOf(tmpString);
}
} catch (NumberFormatException ignored) {
// Ignore
}
try {
tmp = new Integer(
java.security.AccessController.doPrivileged (
new PrivilegedAction<String>() {
public String run() {
return Security.getProperty(negativeCachePolicyProp);
}
}));
} catch (NumberFormatException e) {
// ignore
}
try {
String tmpString = System.getProperty(negativeCachePolicyPropFallback);
if (tmpString != null) {
return Integer.decode(tmpString);
}
} catch (NumberFormatException ignored) {
// Ignore
}
return null;
}
});
if (tmp != null) {
negativeCachePolicy = tmp.intValue();
......@@ -140,16 +153,6 @@ public final class InetAddressCachePolicy {
negativeCachePolicy = FOREVER;
}
propertyNegativeSet = true;
} else {
tmp = java.security.AccessController.doPrivileged
(new sun.security.action.GetIntegerAction(negativeCachePolicyPropFallback));
if (tmp != null) {
negativeCachePolicy = tmp.intValue();
if (negativeCachePolicy < 0) {
negativeCachePolicy = FOREVER;
}
propertyNegativeSet = true;
}
}
}
......
src/share/classes/sun/net/util/IPAddressUtil.java
浏览文件 @ de1bd584
......@@ -37,90 +37,73 @@ public class IPAddressUtil {
* @param src a String representing an IPv4 address in standard format
* @return a byte array representing the IPv4 numeric address
*/
@SuppressWarnings("fallthrough")
public static byte[] textToNumericFormatV4(String src)
{
if (src.length() == 0) {
return null;
}
byte[] res = new byte[INADDR4SZ];
String[] s = src.split("\\.", -1);
long val;
try {
switch(s.length) {
case 1:
/*
* When only one part is given, the value is stored directly in
* the network address without any byte rearrangement.
*/
val = Long.parseLong(s[0]);
if (val < 0 || val > 0xffffffffL)
return null;
res[0] = (byte) ((val >> 24) & 0xff);
res[1] = (byte) (((val & 0xffffff) >> 16) & 0xff);
res[2] = (byte) (((val & 0xffff) >> 8) & 0xff);
res[3] = (byte) (val & 0xff);
break;
case 2:
/*
* When a two part address is supplied, the last part is
* interpreted as a 24-bit quantity and placed in the right
* most three bytes of the network address. This makes the
* two part address format convenient for specifying Class A
* network addresses as net.host.
*/
long tmpValue = 0;
int currByte = 0;
val = Integer.parseInt(s[0]);
if (val < 0 || val > 0xff)
return null;
res[0] = (byte) (val & 0xff);
val = Integer.parseInt(s[1]);
if (val < 0 || val > 0xffffff)
int len = src.length();
if (len == 0 || len > 15) {
return null;
}
/*
* When only one part is given, the value is stored directly in
* the network address without any byte rearrangement.
*
* When a two part address is supplied, the last part is
* interpreted as a 24-bit quantity and placed in the right
* most three bytes of the network address. This makes the
* two part address format convenient for specifying Class A
* network addresses as net.host.
*
* When a three part address is specified, the last part is
* interpreted as a 16-bit quantity and placed in the right
* most two bytes of the network address. This makes the
* three part address format convenient for specifying
* Class B net- work addresses as 128.net.host.
*
* When four parts are specified, each is interpreted as a
* byte of data and assigned, from left to right, to the
* four bytes of an IPv4 address.
*
* We determine and parse the leading parts, if any, as single
* byte values in one pass directly into the resulting byte[],
* then the remainder is treated as a 8-to-32-bit entity and
* translated into the remaining bytes in the array.
*/
for (int i = 0; i < len; i++) {
char c = src.charAt(i);
if (c == '.') {
if (tmpValue < 0 || tmpValue > 0xff || currByte == 3) {
return null;
res[1] = (byte) ((val >> 16) & 0xff);
res[2] = (byte) (((val & 0xffff) >> 8) &0xff);
res[3] = (byte) (val & 0xff);
break;
case 3:
/*
* When a three part address is specified, the last part is
* interpreted as a 16-bit quantity and placed in the right
* most two bytes of the network address. This makes the
* three part address format convenient for specifying
* Class B net- work addresses as 128.net.host.
*/
for (int i = 0; i < 2; i++) {
val = Integer.parseInt(s[i]);
if (val < 0 || val > 0xff)
return null;
res[i] = (byte) (val & 0xff);
}
val = Integer.parseInt(s[2]);
if (val < 0 || val > 0xffff)
res[currByte++] = (byte) (tmpValue & 0xff);
tmpValue = 0;
} else {
int digit = Character.digit(c, 10);
if (digit < 0) {
return null;
res[2] = (byte) ((val >> 8) & 0xff);
res[3] = (byte) (val & 0xff);
break;
case 4:
/*
* When four parts are specified, each is interpreted as a
* byte of data and assigned, from left to right, to the
* four bytes of an IPv4 address.
*/
for (int i = 0; i < 4; i++) {
val = Integer.parseInt(s[i]);
if (val < 0 || val > 0xff)
return null;
res[i] = (byte) (val & 0xff);
}
break;
default:
return null;
tmpValue *= 10;
tmpValue += digit;
}
} catch(NumberFormatException e) {
}
if (tmpValue < 0 || tmpValue >= (1L << ((4 - currByte) * 8))) {
return null;
}
switch (currByte) {
case 0:
res[0] = (byte) ((tmpValue >> 24) & 0xff);
case 1:
res[1] = (byte) ((tmpValue >> 16) & 0xff);
case 2:
res[2] = (byte) ((tmpValue >> 8) & 0xff);
case 3:
res[3] = (byte) ((tmpValue >> 0) & 0xff);
}
return res;
}
......
src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java
浏览文件 @ de1bd584
......@@ -26,11 +26,11 @@
package sun.security.internal.spec;
import java.security.spec.AlgorithmParameterSpec;
import java.security.AccessController;
import java.security.PrivilegedAction;
/**
* Parameters for SSL/TLS RSA Premaster secret generation.
* This class is used by SSL/TLS client to initialize KeyGenerators of the
* type "TlsRsaPremasterSecret".
* Parameters for SSL/TLS RSA premaster secret.
*
* <p>Instances of this class are immutable.
*
......@@ -43,90 +43,108 @@ import java.security.spec.AlgorithmParameterSpec;
public class TlsRsaPremasterSecretParameterSpec
implements AlgorithmParameterSpec {
private final int majorVersion;
private final int minorVersion;
private final byte[] encodedSecret;
/*
* The TLS spec says that the version in the RSA premaster secret must
* be the maximum version supported by the client (i.e. the version it
* requested in its client hello version). However, we (and other
* implementations) used to send the active negotiated version. The
* system property below allows to toggle the behavior.
*/
private final static String PROP_NAME =
"com.sun.net.ssl.rsaPreMasterSecretFix";
/*
* Default is "false" (old behavior) for compatibility reasons in
* SSLv3/TLSv1. Later protocols (TLSv1.1+) do not use this property.
*/
private final static boolean rsaPreMasterSecretFix =
AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
public Boolean run() {
String value = System.getProperty(PROP_NAME);
if (value != null && value.equalsIgnoreCase("true")) {
return Boolean.TRUE;
}
return Boolean.FALSE;
}
});
private final int clientVersion;
private final int serverVersion;
/**
* Constructs a new TlsRsaPremasterSecretParameterSpec.
* <P>
* The version numbers will be placed inside the premaster secret to
* detect version rollbacks attacks as described in the TLS specification.
* Note that they do not indicate the protocol version negotiated for
* the handshake.
*
* @param majorVersion the major number of the protocol version
* @param minorVersion the minor number of the protocol version
* @param clientVersion the version of the TLS protocol by which the
* client wishes to communicate during this session
* @param serverVersion the negotiated version of the TLS protocol which
* contains the lower of that suggested by the client in the client
* hello and the highest supported by the server.
*
* @throws IllegalArgumentException if minorVersion or majorVersion are
* negative or larger than 255
* @throws IllegalArgumentException if clientVersion or serverVersion are
* negative or larger than (2^16 - 1)
*/
public TlsRsaPremasterSecretParameterSpec(int majorVersion,
int minorVersion) {
this.majorVersion =
TlsMasterSecretParameterSpec.checkVersion(majorVersion);
this.minorVersion =
TlsMasterSecretParameterSpec.checkVersion(minorVersion);
this.encodedSecret = null;
public TlsRsaPremasterSecretParameterSpec(
int clientVersion, int serverVersion) {
this.clientVersion = checkVersion(clientVersion);
this.serverVersion = checkVersion(serverVersion);
}
/**
* Constructs a new TlsRsaPremasterSecretParameterSpec.
* <P>
* The version numbers will be placed inside the premaster secret to
* detect version rollbacks attacks as described in the TLS specification.
* Note that they do not indicate the protocol version negotiated for
* the handshake.
* <P>
* Usually, the encoded secret key is a random number that acts as
* dummy pre_master_secret to avoid vulnerabilities described by
* section 7.4.7.1, RFC 5246.
*
* @param majorVersion the major number of the protocol version
* @param minorVersion the minor number of the protocol version
* @param encodedSecret the encoded secret key
* Returns the version of the TLS protocol by which the client wishes to
* communicate during this session.
*
* @throws IllegalArgumentException if minorVersion or majorVersion are
* negative or larger than 255, or encodedSecret is not exactly 48 bytes.
* @return the version of the TLS protocol in ClientHello message
*/
public TlsRsaPremasterSecretParameterSpec(int majorVersion,
int minorVersion, byte[] encodedSecret) {
this.majorVersion =
TlsMasterSecretParameterSpec.checkVersion(majorVersion);
this.minorVersion =
TlsMasterSecretParameterSpec.checkVersion(minorVersion);
if (encodedSecret == null || encodedSecret.length != 48) {
throw new IllegalArgumentException(
"Encoded secret is not exactly 48 bytes");
}
this.encodedSecret = encodedSecret.clone();
public int getClientVersion() {
return clientVersion;
}
/**
* Returns the major version.
* Returns the negotiated version of the TLS protocol which contains the
* lower of that suggested by the client in the client hello and the
* highest supported by the server.
*
* @return the major version.
* @return the negotiated version of the TLS protocol in ServerHello message
*/
public int getMajorVersion() {
return majorVersion;
public int getServerVersion() {
return serverVersion;
}
/**
* Returns the minor version.
* Returns the major version used in RSA premaster secret.
*
* @return the minor version.
* @return the major version used in RSA premaster secret.
*/
public int getMinorVersion() {
return minorVersion;
public int getMajorVersion() {
if (rsaPreMasterSecretFix || clientVersion >= 0x0302) {
// 0x0302: TLSv1.1
return (clientVersion >>> 8) & 0xFF;
}
return (serverVersion >>> 8) & 0xFF;
}
/**
* Returns the encoded secret.
* Returns the minor version used in RSA premaster secret.
*
* @return the encoded secret, may be null if no encoded secret.
* @return the minor version used in RSA premaster secret.
*/
public byte[] getEncodedSecret() {
return encodedSecret == null ? null : encodedSecret.clone();
public int getMinorVersion() {
if (rsaPreMasterSecretFix || clientVersion >= 0x0302) {
// 0x0302: TLSv1.1
return clientVersion & 0xFF;
}
return serverVersion & 0xFF;
}
private int checkVersion(int version) {
if ((version < 0) || (version > 0xFFFF)) {
throw new IllegalArgumentException(
"Version must be between 0 and 65,535");
}
return version;
}
}
src/share/classes/sun/security/pkcs11/P11RSACipher.java
浏览文件 @ de1bd584
......@@ -37,6 +37,8 @@ import javax.crypto.spec.*;
import static sun.security.pkcs11.TemplateManager.*;
import sun.security.pkcs11.wrapper.*;
import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
import sun.security.util.KeyUtil;
/**
* RSA Cipher implementation class. We currently only support
......@@ -102,6 +104,12 @@ final class P11RSACipher extends CipherSpi {
// maximum output size. this is the length of the key
private int outputSize;
// cipher parameter for TLS RSA premaster secret
private AlgorithmParameterSpec spec = null;
// the source of randomness
private SecureRandom random;
P11RSACipher(Token token, String algorithm, long mechanism)
throws PKCS11Exception {
super();
......@@ -165,8 +173,12 @@ final class P11RSACipher extends CipherSpi {
AlgorithmParameterSpec params, SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
if (params != null) {
throw new InvalidAlgorithmParameterException
("Parameters not supported");
if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) {
throw new InvalidAlgorithmParameterException(
"Parameters not supported");
}
spec = params;
this.random = random; // for TLS RSA premaster secret
}
implInit(opmode, key);
}
......@@ -176,8 +188,8 @@ final class P11RSACipher extends CipherSpi {
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
if (params != null) {
throw new InvalidAlgorithmParameterException
("Parameters not supported");
throw new InvalidAlgorithmParameterException(
"Parameters not supported");
}
implInit(opmode, key);
}
......@@ -452,21 +464,101 @@ final class P11RSACipher extends CipherSpi {
protected Key engineUnwrap(byte[] wrappedKey, String algorithm,
int type) throws InvalidKeyException, NoSuchAlgorithmException {
// XXX implement unwrap using C_Unwrap() for all keys
implInit(Cipher.DECRYPT_MODE, p11Key);
if (wrappedKey.length > maxInputSize) {
throw new InvalidKeyException("Key is too long for unwrapping");
boolean isTlsRsaPremasterSecret =
algorithm.equals("TlsRsaPremasterSecret");
Exception failover = null;
SecureRandom secureRandom = random;
if (secureRandom == null && isTlsRsaPremasterSecret) {
secureRandom = new SecureRandom();
}
implUpdate(wrappedKey, 0, wrappedKey.length);
try {
byte[] encoded = doFinal();
// Should C_Unwrap be preferred for non-TLS RSA premaster secret?
if (token.supportsRawSecretKeyImport()) {
// XXX implement unwrap using C_Unwrap() for all keys
implInit(Cipher.DECRYPT_MODE, p11Key);
if (wrappedKey.length > maxInputSize) {
throw new InvalidKeyException("Key is too long for unwrapping");
}
byte[] encoded = null;
implUpdate(wrappedKey, 0, wrappedKey.length);
try {
encoded = doFinal();
} catch (BadPaddingException e) {
if (isTlsRsaPremasterSecret) {
failover = e;
} else {
throw new InvalidKeyException("Unwrapping failed", e);
}
} catch (IllegalBlockSizeException e) {
// should not occur, handled with length check above
throw new InvalidKeyException("Unwrapping failed", e);
}
if (isTlsRsaPremasterSecret) {
if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) {
throw new IllegalStateException(
"No TlsRsaPremasterSecretParameterSpec specified");
}
// polish the TLS premaster secret
TlsRsaPremasterSecretParameterSpec psps =
(TlsRsaPremasterSecretParameterSpec)spec;
encoded = KeyUtil.checkTlsPreMasterSecretKey(
psps.getClientVersion(), psps.getServerVersion(),
secureRandom, encoded, (failover != null));
}
return ConstructKeys.constructKey(encoded, algorithm, type);
} catch (BadPaddingException e) {
// should not occur
throw new InvalidKeyException("Unwrapping failed", e);
} catch (IllegalBlockSizeException e) {
// should not occur, handled with length check above
throw new InvalidKeyException("Unwrapping failed", e);
} else {
Session s = null;
SecretKey secretKey = null;
try {
try {
s = token.getObjSession();
long keyType = CKK_GENERIC_SECRET;
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType),
};
attributes = token.getAttributes(
O_IMPORT, CKO_SECRET_KEY, keyType, attributes);
long keyID = token.p11.C_UnwrapKey(s.id(),
new CK_MECHANISM(mechanism), p11Key.keyID,
wrappedKey, attributes);
secretKey = P11Key.secretKey(s, keyID,
algorithm, 48 << 3, attributes);
} catch (PKCS11Exception e) {
if (isTlsRsaPremasterSecret) {
failover = e;
} else {
throw new InvalidKeyException("unwrap() failed", e);
}
}
if (isTlsRsaPremasterSecret) {
byte[] replacer = new byte[48];
if (failover == null) {
// Does smart compiler dispose this operation?
secureRandom.nextBytes(replacer);
}
TlsRsaPremasterSecretParameterSpec psps =
(TlsRsaPremasterSecretParameterSpec)spec;
// Please use the tricky failover and replacer byte array
// as the parameters so that smart compiler won't dispose
// the unused variable .
secretKey = polishPreMasterSecretKey(token, s,
failover, replacer, secretKey,
psps.getClientVersion(), psps.getServerVersion());
}
return secretKey;
} finally {
token.releaseSession(s);
}
}
}
......@@ -475,6 +567,34 @@ final class P11RSACipher extends CipherSpi {
int n = P11KeyFactory.convertKey(token, key, algorithm).length();
return n;
}
private static SecretKey polishPreMasterSecretKey(
Token token, Session session,
Exception failover, byte[] replacer, SecretKey secretKey,
int clientVersion, int serverVersion) {
if (failover != null) {
CK_VERSION version = new CK_VERSION(
(clientVersion >>> 8) & 0xFF, clientVersion & 0xFF);
try {
CK_ATTRIBUTE[] attributes = token.getAttributes(
O_GENERATE, CKO_SECRET_KEY,
CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
long keyID = token.p11.C_GenerateKey(session.id(),
// new CK_MECHANISM(CKM_TLS_PRE_MASTER_KEY_GEN, version),
new CK_MECHANISM(CKM_SSL3_PRE_MASTER_KEY_GEN, version),
attributes);
return P11Key.secretKey(session,
keyID, "TlsRsaPremasterSecret", 48 << 3, attributes);
} catch (PKCS11Exception e) {
throw new ProviderException(
"Could not generate premaster secret", e);
}
}
return secretKey;
}
}
final class ConstructKeys {
......
src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java
浏览文件 @ de1bd584
......@@ -73,7 +73,7 @@ final class P11TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
protected void engineInit(AlgorithmParameterSpec params,
SecureRandom random) throws InvalidAlgorithmParameterException {
if (params instanceof TlsRsaPremasterSecretParameterSpec == false) {
if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) {
throw new InvalidAlgorithmParameterException(MSG);
}
this.spec = (TlsRsaPremasterSecretParameterSpec)params;
......@@ -83,38 +83,32 @@ final class P11TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
throw new InvalidParameterException(MSG);
}
// Only can be used in client side to generate TLS RSA premaster secret.
protected SecretKey engineGenerateKey() {
if (spec == null) {
throw new IllegalStateException
("TlsRsaPremasterSecretGenerator must be initialized");
}
byte[] b = spec.getEncodedSecret();
if (b == null) {
CK_VERSION version = new CK_VERSION(
CK_VERSION version = new CK_VERSION(
spec.getMajorVersion(), spec.getMinorVersion());
Session session = null;
try {
session = token.getObjSession();
CK_ATTRIBUTE[] attributes = token.getAttributes(
O_GENERATE, CKO_SECRET_KEY,
CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
long keyID = token.p11.C_GenerateKey(session.id(),
new CK_MECHANISM(mechanism, version), attributes);
SecretKey key = P11Key.secretKey(session,
keyID, "TlsRsaPremasterSecret", 48 << 3, attributes);
return key;
} catch (PKCS11Exception e) {
throw new ProviderException(
"Could not generate premaster secret", e);
} finally {
token.releaseSession(session);
}
Session session = null;
try {
session = token.getObjSession();
CK_ATTRIBUTE[] attributes = token.getAttributes(
O_GENERATE, CKO_SECRET_KEY,
CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
long keyID = token.p11.C_GenerateKey(session.id(),
new CK_MECHANISM(mechanism, version), attributes);
SecretKey key = P11Key.secretKey(session,
keyID, "TlsRsaPremasterSecret", 48 << 3, attributes);
return key;
} catch (PKCS11Exception e) {
throw new ProviderException(
"Could not generate premaster secret", e);
} finally {
token.releaseSession(session);
}
// Won't worry, the TlsRsaPremasterSecret will be soon converted to
// TlsMasterSecret.
return new SecretKeySpec(b, "TlsRsaPremasterSecret");
}
}
src/share/classes/sun/security/pkcs11/Token.java
浏览文件 @ de1bd584
......@@ -36,6 +36,7 @@ import javax.security.auth.login.LoginException;
import sun.security.jca.JCAUtil;
import sun.security.pkcs11.wrapper.*;
import static sun.security.pkcs11.TemplateManager.*;
import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
/**
......@@ -122,6 +123,9 @@ class Token implements Serializable {
private final static CK_MECHANISM_INFO INVALID_MECH =
new CK_MECHANISM_INFO(0, 0, 0);
// flag indicating whether the token supports raw secret key material import
private Boolean supportsRawSecretKeyImport;
Token(SunPKCS11 provider) throws PKCS11Exception {
this.provider = provider;
this.removable = provider.removable;
......@@ -160,6 +164,36 @@ class Token implements Serializable {
return writeProtected;
}
// return whether the token supports raw secret key material import
boolean supportsRawSecretKeyImport() {
if (supportsRawSecretKeyImport == null) {
SecureRandom random = JCAUtil.getSecureRandom();
byte[] encoded = new byte[48];
random.nextBytes(encoded);
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[3];
attributes[0] = new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY);
attributes[1] = new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_GENERIC_SECRET);
attributes[2] = new CK_ATTRIBUTE(CKA_VALUE, encoded);
Session session = null;
try {
attributes = getAttributes(O_IMPORT,
CKO_SECRET_KEY, CKK_GENERIC_SECRET, attributes);
session = getObjSession();
long keyID = p11.C_CreateObject(session.id(), attributes);
supportsRawSecretKeyImport = Boolean.TRUE;
} catch (PKCS11Exception e) {
supportsRawSecretKeyImport = Boolean.FALSE;
} finally {
releaseSession(session);
}
}
return supportsRawSecretKeyImport;
}
// return whether we are logged in
// uses cached result if current. session is optional and may be null
boolean isLoggedIn(Session session) throws PKCS11Exception {
......
src/share/classes/sun/security/ssl/ByteBufferInputStream.java
浏览文件 @ de1bd584
/*
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -60,7 +60,8 @@ class ByteBufferInputStream extends InputStream {
if (bb.remaining() == 0) {
return -1;
}
return bb.get();
return (bb.get() & 0xFF); // need to be in the range 0 to 255
}
/**
......
src/share/classes/sun/security/ssl/EngineInputRecord.java
浏览文件 @ de1bd584
/*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -109,14 +109,8 @@ final class EngineInputRecord extends InputRecord {
ProtocolVersion recordVersion =
ProtocolVersion.valueOf(buf.get(pos + 1), buf.get(pos + 2));
// Check if too old (currently not possible)
// or if the major version does not match.
// The actual version negotiation is in the handshaker classes
if ((recordVersion.v < ProtocolVersion.MIN.v)
|| (recordVersion.major > ProtocolVersion.MAX.major)) {
throw new SSLException(
"Unsupported record version " + recordVersion);
}
// check the record version
checkRecordVersion(recordVersion, false);
/*
* Reasonably sure this is a V3, disable further checks.
......@@ -147,18 +141,8 @@ final class EngineInputRecord extends InputRecord {
ProtocolVersion recordVersion =
ProtocolVersion.valueOf(buf.get(pos + 3), buf.get(pos + 4));
// Check if too old (currently not possible)
// or if the major version does not match.
// The actual version negotiation is in the handshaker classes
if ((recordVersion.v < ProtocolVersion.MIN.v)
|| (recordVersion.major > ProtocolVersion.MAX.major)) {
// if it's not SSLv2, we're out of here.
if (recordVersion.v != ProtocolVersion.SSL20Hello.v) {
throw new SSLException(
"Unsupported record version " + recordVersion);
}
}
// check the record version
checkRecordVersion(recordVersion, true);
/*
* Client or Server Hello
......@@ -406,14 +390,9 @@ final class EngineInputRecord extends InputRecord {
ProtocolVersion recordVersion = ProtocolVersion.valueOf(
srcBB.get(srcPos + 1), srcBB.get(srcPos + 2));
// Check if too old (currently not possible)
// or if the major version does not match.
// The actual version negotiation is in the handshaker classes
if ((recordVersion.v < ProtocolVersion.MIN.v)
|| (recordVersion.major > ProtocolVersion.MAX.major)) {
throw new SSLException(
"Unsupported record version " + recordVersion);
}
// check the record version
checkRecordVersion(recordVersion, false);
/*
* It's really application data. How much to consume?
......
src/share/classes/sun/security/ssl/InputRecord.java
浏览文件 @ de1bd584
/*
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -533,20 +533,36 @@ class InputRecord extends ByteArrayInputStream implements Record {
}
}
/**
* Return true if the specified record protocol version is out of the
* range of the possible supported versions.
*/
static void checkRecordVersion(ProtocolVersion version,
boolean allowSSL20Hello) throws SSLException {
// Check if the record version is too old (currently not possible)
// or if the major version does not match.
//
// The actual version negotiation is in the handshaker classes
if ((version.v < ProtocolVersion.MIN.v) ||
((version.major & 0xFF) > (ProtocolVersion.MAX.major & 0xFF))) {
// if it's not SSLv2, we're out of here.
if (!allowSSL20Hello ||
(version.v != ProtocolVersion.SSL20Hello.v)) {
throw new SSLException("Unsupported record version " + version);
}
}
}
/**
* Read a SSL/TLS record. Throw an IOException if the format is invalid.
*/
private void readV3Record(InputStream s, OutputStream o)
throws IOException {
ProtocolVersion recordVersion = ProtocolVersion.valueOf(buf[1], buf[2]);
// Check if too old (currently not possible)
// or if the major version does not match.
// The actual version negotiation is in the handshaker classes
if ((recordVersion.v < ProtocolVersion.MIN.v)
|| (recordVersion.major > ProtocolVersion.MAX.major)) {
throw new SSLException(
"Unsupported record version " + recordVersion);
}
// check the record version
checkRecordVersion(recordVersion, false);
/*
* Get and check length, then the data.
......
src/share/classes/sun/security/ssl/ProtocolVersion.java
浏览文件 @ de1bd584
/*
* Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -101,7 +101,7 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> {
this.v = v;
this.name = name;
major = (byte)(v >>> 8);
minor = (byte)(v & 0xff);
minor = (byte)(v & 0xFF);
}
// private
......@@ -117,8 +117,8 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> {
} else if (v == SSL20Hello.v) {
return SSL20Hello;
} else {
int major = (v >>> 8) & 0xff;
int minor = v & 0xff;
int major = (v >>> 8) & 0xFF;
int minor = v & 0xFF;
return new ProtocolVersion(v, "Unknown-" + major + "." + minor);
}
}
......@@ -128,10 +128,7 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> {
* numbers. Never throws exceptions.
*/
public static ProtocolVersion valueOf(int major, int minor) {
major &= 0xff;
minor &= 0xff;
int v = (major << 8) | minor;
return valueOf(v);
return valueOf(((major & 0xFF) << 8) | (minor & 0xFF));
}
/**
......
src/share/classes/sun/security/ssl/RSAClientKeyExchange.java
浏览文件 @ de1bd584
......@@ -48,23 +48,6 @@ import sun.security.util.KeyUtil;
*/
final class RSAClientKeyExchange extends HandshakeMessage {
/**
* The TLS spec says that the version in the RSA premaster secret must
* be the maximum version supported by the client (i.e. the version it
* requested in its client hello version). However, we (and other
* implementations) used to send the active negotiated version. The
* system property below allows to toggle the behavior.
*/
private final static String PROP_NAME =
"com.sun.net.ssl.rsaPreMasterSecretFix";
/*
* Default is "false" (old behavior) for compatibility reasons in
* SSLv3/TLSv1. Later protocols (TLSv1.1+) do not use this property.
*/
private final static boolean rsaPreMasterSecretFix =
Debug.getBooleanProperty(PROP_NAME, false);
/*
* The following field values were encrypted with the server's public
* key (or temp key from server key exchange msg) and are presented
......@@ -88,22 +71,12 @@ final class RSAClientKeyExchange extends HandshakeMessage {
}
this.protocolVersion = protocolVersion;
int major, minor;
if (rsaPreMasterSecretFix || maxVersion.v >= ProtocolVersion.TLS11.v) {
major = maxVersion.major;
minor = maxVersion.minor;
} else {
major = protocolVersion.major;
minor = protocolVersion.minor;
}
try {
String s = ((protocolVersion.v >= ProtocolVersion.TLS12.v) ?
"SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
KeyGenerator kg = JsseJce.getKeyGenerator(s);
kg.init(new TlsRsaPremasterSecretParameterSpec(major, minor),
generator);
kg.init(new TlsRsaPremasterSecretParameterSpec(
maxVersion.v, protocolVersion.v), generator);
preMaster = kg.generateKey();
Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1);
......@@ -138,18 +111,16 @@ final class RSAClientKeyExchange extends HandshakeMessage {
}
}
Exception failover = null;
byte[] encoded = null;
try {
Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1);
// Cannot generate key here, please don't use Cipher.UNWRAP_MODE!
cipher.init(Cipher.DECRYPT_MODE, privateKey);
encoded = cipher.doFinal(encrypted);
} catch (BadPaddingException bpe) {
failover = bpe;
encoded = null;
} catch (IllegalBlockSizeException ibse) {
// the message it too big to process with RSA
cipher.init(Cipher.UNWRAP_MODE, privateKey,
new TlsRsaPremasterSecretParameterSpec(
maxVersion.v, currentVersion.v),
generator);
preMaster = (SecretKey)cipher.unwrap(encrypted,
"TlsRsaPremasterSecret", Cipher.SECRET_KEY);
} catch (InvalidKeyException ibk) {
// the message is too big to process with RSA
throw new SSLProtocolException(
"Unable to process PreMasterSecret, may be too big");
} catch (Exception e) {
......@@ -160,124 +131,6 @@ final class RSAClientKeyExchange extends HandshakeMessage {
}
throw new RuntimeException("Could not generate dummy secret", e);
}
// polish the premaster secret
preMaster = polishPreMasterSecretKey(
currentVersion, maxVersion, generator, encoded, failover);
}
/**
* To avoid vulnerabilities described by section 7.4.7.1, RFC 5246,
* treating incorrectly formatted message blocks and/or mismatched
* version numbers in a manner indistinguishable from correctly
* formatted RSA blocks.
*
* RFC 5246 describes the approach as :
*
* 1. Generate a string R of 48 random bytes
*
* 2. Decrypt the message to recover the plaintext M
*
* 3. If the PKCS#1 padding is not correct, or the length of message
* M is not exactly 48 bytes:
* pre_master_secret = R
* else If ClientHello.client_version <= TLS 1.0, and version
* number check is explicitly disabled:
* premaster secret = M
* else If M[0..1] != ClientHello.client_version:
* premaster secret = R
* else:
* premaster secret = M
*
* Note that #2 has completed before the call of this method.
*/
private SecretKey polishPreMasterSecretKey(ProtocolVersion currentVersion,
ProtocolVersion clientHelloVersion, SecureRandom generator,
byte[] encoded, Exception failoverException) {
this.protocolVersion = clientHelloVersion;
if (generator == null) {
generator = new SecureRandom();
}
byte[] random = new byte[48];
generator.nextBytes(random);
if (failoverException == null && encoded != null) {
// check the length
if (encoded.length != 48) {
if (debug != null && Debug.isOn("handshake")) {
System.out.println(
"incorrect length of premaster secret: " +
encoded.length);
}
return generatePreMasterSecret(
clientHelloVersion, random, generator);
}
if (clientHelloVersion.major != encoded[0] ||
clientHelloVersion.minor != encoded[1]) {
if (clientHelloVersion.v <= ProtocolVersion.TLS10.v &&
currentVersion.major == encoded[0] &&
currentVersion.minor == encoded[1]) {
/*
* For compatibility, we maintain the behavior that the
* version in pre_master_secret can be the negotiated
* version for TLS v1.0 and SSL v3.0.
*/
this.protocolVersion = currentVersion;
} else {
if (debug != null && Debug.isOn("handshake")) {
System.out.println("Mismatching Protocol Versions, " +
"ClientHello.client_version is " +
clientHelloVersion +
", while PreMasterSecret.client_version is " +
ProtocolVersion.valueOf(encoded[0], encoded[1]));
}
encoded = random;
}
}
return generatePreMasterSecret(
clientHelloVersion, encoded, generator);
}
if (debug != null && Debug.isOn("handshake") &&
failoverException != null) {
System.out.println("Error decrypting premaster secret:");
failoverException.printStackTrace(System.out);
}
return generatePreMasterSecret(clientHelloVersion, random, generator);
}
// generate a premaster secret with the specified version number
private static SecretKey generatePreMasterSecret(
ProtocolVersion version, byte[] encodedSecret,
SecureRandom generator) {
if (debug != null && Debug.isOn("handshake")) {
System.out.println("Generating a random fake premaster secret");
}
try {
String s = ((version.v >= ProtocolVersion.TLS12.v) ?
"SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
KeyGenerator kg = JsseJce.getKeyGenerator(s);
kg.init(new TlsRsaPremasterSecretParameterSpec(
version.major, version.minor, encodedSecret), generator);
return kg.generateKey();
} catch (InvalidAlgorithmParameterException |
NoSuchAlgorithmException iae) {
// unlikely to happen, otherwise, must be a provider exception
if (debug != null && Debug.isOn("handshake")) {
System.out.println("RSA premaster secret generation error:");
iae.printStackTrace(System.out);
}
throw new RuntimeException("Could not generate dummy secret", iae);
}
}
@Override
......
src/share/classes/sun/security/util/KeyUtil.java
浏览文件 @ de1bd584
/*
* Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -32,6 +32,7 @@ import java.security.InvalidKeyException;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey;
import java.security.interfaces.DSAKey;
import java.security.SecureRandom;
import java.security.spec.KeySpec;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHKey;
......@@ -156,6 +157,79 @@ public final class KeyUtil {
providerName.startsWith("SunPKCS11"));
}
/**
* Check the format of TLS PreMasterSecret.
* <P>
* To avoid vulnerabilities described by section 7.4.7.1, RFC 5246,
* treating incorrectly formatted message blocks and/or mismatched
* version numbers in a manner indistinguishable from correctly
* formatted RSA blocks.
*
* RFC 5246 describes the approach as :
*
* 1. Generate a string R of 48 random bytes
*
* 2. Decrypt the message to recover the plaintext M
*
* 3. If the PKCS#1 padding is not correct, or the length of message
* M is not exactly 48 bytes:
* pre_master_secret = R
* else If ClientHello.client_version <= TLS 1.0, and version
* number check is explicitly disabled:
* premaster secret = M
* else If M[0..1] != ClientHello.client_version:
* premaster secret = R
* else:
* premaster secret = M
*
* Note that #2 should have completed before the call to this method.
*
* @param clientVersion the version of the TLS protocol by which the
* client wishes to communicate during this session
* @param serverVersion the negotiated version of the TLS protocol which
* contains the lower of that suggested by the client in the client
* hello and the highest supported by the server.
* @param encoded the encoded key in its "RAW" encoding format
* @param isFailover whether or not the previous decryption of the
* encrypted PreMasterSecret message run into problem
* @return the polished PreMasterSecret key in its "RAW" encoding format
*/
public static byte[] checkTlsPreMasterSecretKey(
int clientVersion, int serverVersion, SecureRandom random,
byte[] encoded, boolean isFailOver) {
if (random == null) {
random = new SecureRandom();
}
byte[] replacer = new byte[48];
random.nextBytes(replacer);
if (!isFailOver && (encoded != null)) {
// check the length
if (encoded.length != 48) {
// private, don't need to clone the byte array.
return replacer;
}
int encodedVersion =
((encoded[0] & 0xFF) << 8) | (encoded[1] & 0xFF);
if (clientVersion != encodedVersion) {
if (clientVersion > 0x0301 || // 0x0301: TLSv1
serverVersion != encodedVersion) {
encoded = replacer;
} // Otherwise, For compatibility, we maintain the behavior
// that the version in pre_master_secret can be the
// negotiated version for TLS v1.0 and SSL v3.0.
}
// private, don't need to clone the byte array.
return encoded;
}
// private, don't need to clone the byte array.
return replacer;
}
/**
* Returns whether the Diffie-Hellman public key is valid or not.
*
......
src/solaris/native/sun/awt/awt_util.c
浏览文件 @ de1bd584
......@@ -62,7 +62,7 @@ static Atom decor_list[9];
#define MIN(a,b) ((a) < (b) ? (a) : (b))
#endif
void
jboolean
awtJNI_ThreadYield(JNIEnv *env) {
static jclass threadClass = NULL;
......@@ -76,7 +76,7 @@ awtJNI_ThreadYield(JNIEnv *env) {
Boolean err = FALSE;
if (threadClass == NULL) {
jclass tc = (*env)->FindClass(env, "java/lang/Thread");
CHECK_NULL(tc);
CHECK_NULL_RETURN(tc, JNI_FALSE);
threadClass = (*env)->NewGlobalRef(env, tc);
(*env)->DeleteLocalRef(env, tc);
if (threadClass != NULL) {
......@@ -92,10 +92,11 @@ awtJNI_ThreadYield(JNIEnv *env) {
err = TRUE;
}
if (err) {
return;
return JNI_FALSE;
}
} /* threadClass == NULL*/
(*env)->CallStaticVoidMethod(env, threadClass, yieldMethodID);
DASSERT(!((*env)->ExceptionOccurred(env)));
return JNI_TRUE;
} /* awtJNI_ThreadYield() */
src/solaris/native/sun/awt/awt_util.h
浏览文件 @ de1bd584
/*
* Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -78,7 +78,7 @@ struct DPos {
int32_t echoC;
};
extern void awtJNI_ThreadYield(JNIEnv *env);
extern jboolean awtJNI_ThreadYield(JNIEnv *env);
/*
* Functions for accessing fields by name and signature
......
src/solaris/native/sun/xawt/XToolkit.c
浏览文件 @ de1bd584
/*
* Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -40,6 +40,7 @@
#include "awt_Component.h"
#include "awt_MenuComponent.h"
#include "awt_Font.h"
#include "awt_util.h"
#include "sun_awt_X11_XToolkit.h"
#include "java_awt_SystemColor.h"
......@@ -76,6 +77,8 @@ struct MenuComponentIDs menuComponentIDs;
#ifndef HEADLESS
extern Display* awt_init_Display(JNIEnv *env, jobject this);
extern void freeNativeStringArray(char **array, long length);
extern char** stringArrayToNative(JNIEnv *env, jobjectArray array, jsize * ret_length);
struct XFontPeerIDs xFontPeerIDs;
......@@ -103,9 +106,11 @@ Java_sun_awt_X11_XToolkit_initIDs
(JNIEnv *env, jclass clazz)
{
jfieldID fid = (*env)->GetStaticFieldID(env, clazz, "numLockMask", "I");
CHECK_NULL(fid);
awt_NumLockMask = (*env)->GetStaticIntField(env, clazz, fid);
DTRACE_PRINTLN1("awt_NumLockMask = %u", awt_NumLockMask);
fid = (*env)->GetStaticFieldID(env, clazz, "modLockIsShiftLock", "I");
CHECK_NULL(fid);
awt_ModLockIsShiftLock = (*env)->GetStaticIntField(env, clazz, fid) != 0 ? True : False;
}
......@@ -173,21 +178,31 @@ Java_java_awt_Component_initIDs
componentIDs.x = (*env)->GetFieldID(env, cls, "x", "I");
CHECK_NULL(componentIDs.x);
componentIDs.y = (*env)->GetFieldID(env, cls, "y", "I");
CHECK_NULL(componentIDs.y);
componentIDs.width = (*env)->GetFieldID(env, cls, "width", "I");
CHECK_NULL(componentIDs.width);
componentIDs.height = (*env)->GetFieldID(env, cls, "height", "I");
CHECK_NULL(componentIDs.height);
componentIDs.isPacked = (*env)->GetFieldID(env, cls, "isPacked", "Z");
CHECK_NULL(componentIDs.isPacked);
componentIDs.peer =
(*env)->GetFieldID(env, cls, "peer", "Ljava/awt/peer/ComponentPeer;");
CHECK_NULL(componentIDs.peer);
componentIDs.background =
(*env)->GetFieldID(env, cls, "background", "Ljava/awt/Color;");
CHECK_NULL(componentIDs.background);
componentIDs.foreground =
(*env)->GetFieldID(env, cls, "foreground", "Ljava/awt/Color;");
CHECK_NULL(componentIDs.foreground);
componentIDs.graphicsConfig =
(*env)->GetFieldID(env, cls, "graphicsConfig",
"Ljava/awt/GraphicsConfiguration;");
CHECK_NULL(componentIDs.graphicsConfig);
componentIDs.name =
(*env)->GetFieldID(env, cls, "name", "Ljava/lang/String;");
CHECK_NULL(componentIDs.name);
/* Use _NoClientCode() methods for trusted methods, so that we
* know that we are not invoking client code on trusted threads
......@@ -195,19 +210,20 @@ Java_java_awt_Component_initIDs
componentIDs.getParent =
(*env)->GetMethodID(env, cls, "getParent_NoClientCode",
"()Ljava/awt/Container;");
CHECK_NULL(componentIDs.getParent);
componentIDs.getLocationOnScreen =
(*env)->GetMethodID(env, cls, "getLocationOnScreen_NoTreeLock",
"()Ljava/awt/Point;");
CHECK_NULL(componentIDs.getLocationOnScreen);
keyclass = (*env)->FindClass(env, "java/awt/event/KeyEvent");
if (JNU_IsNull(env, keyclass)) {
return;
}
CHECK_NULL(keyclass);
componentIDs.isProxyActive =
(*env)->GetFieldID(env, keyclass, "isProxyActive",
"Z");
CHECK_NULL(componentIDs.isProxyActive);
componentIDs.appContext =
(*env)->GetFieldID(env, cls, "appContext",
......@@ -339,7 +355,7 @@ JNIEXPORT void JNICALL Java_java_awt_Dialog_initIDs (JNIEnv *env, jclass cls)
static void waitForEvents(JNIEnv *, jlong);
static void awt_pipe_init();
static void processOneEvent(XtInputMask iMask);
static void performPoll(JNIEnv *, jlong);
static Boolean performPoll(JNIEnv *, jlong);
static void wakeUp();
static void update_poll_timeout(int timeout_control);
static uint32_t get_poll_timeout(jlong nextTaskTime);
......@@ -608,11 +624,13 @@ static uint32_t get_poll_timeout(jlong nextTaskTime)
*/
void
waitForEvents(JNIEnv *env, jlong nextTaskTime) {
performPoll(env, nextTaskTime);
if ((awt_next_flush_time > 0) && (awtJNI_TimeMillis() >= awt_next_flush_time)) {
XFlush(awt_display);
awt_last_flush_time = awt_next_flush_time;
awt_next_flush_time = 0LL;
if (performPoll(env, nextTaskTime)
&& (awt_next_flush_time > 0)
&& (awtJNI_TimeMillis() >= awt_next_flush_time)) {
XFlush(awt_display);
awt_last_flush_time = awt_next_flush_time;
awt_next_flush_time = 0LL;
}
} /* waitForEvents() */
......@@ -646,7 +664,7 @@ JNIEXPORT void JNICALL Java_sun_awt_X11_XToolkit_wakeup_1poll (JNIEnv *env, jcla
*
* The fdAWTPipe will be empty when this returns.
*/
static void
static Boolean
performPoll(JNIEnv *env, jlong nextTaskTime) {
static Bool pollFdsInited = False;
static char read_buf[AWT_POLL_BUFSIZE + 1]; /* dummy buf to empty pipe */
......@@ -673,7 +691,9 @@ performPoll(JNIEnv *env, jlong nextTaskTime) {
/* ACTUALLY DO THE POLL() */
if (timeout == 0) {
// be sure other threads get a chance
awtJNI_ThreadYield(env);
if (!awtJNI_ThreadYield(env)) {
return FALSE;
}
}
if (tracing) poll_sleep_time = awtJNI_TimeMillis();
......@@ -701,7 +721,7 @@ performPoll(JNIEnv *env, jlong nextTaskTime) {
update_poll_timeout(TIMEOUT_EVENTS);
PRINT2("performPoll(): TIMEOUT_EVENTS curPollTimeout = %ld \n", curPollTimeout);
}
return;
return TRUE;
} /* performPoll() */
......@@ -856,23 +876,25 @@ Java_sun_awt_motif_XsessionWMcommand(JNIEnv *env, jobject this,
xawt_root_window = get_xawt_root_shell(env);
if ( xawt_root_window == None ) {
JNU_ThrowNullPointerException(env, "AWT root shell is unrealized");
AWT_UNLOCK();
JNU_ThrowNullPointerException(env, "AWT root shell is unrealized");
return;
}
command = (char *) JNU_GetStringPlatformChars(env, jcommand, NULL);
c[0] = (char *)command;
status = XmbTextListToTextProperty(awt_display, c, 1,
XStdICCTextStyle, &text_prop);
if (status == Success || status > 0) {
XSetTextProperty(awt_display, xawt_root_window,
&text_prop, XA_WM_COMMAND);
if (text_prop.value != NULL)
XFree(text_prop.value);
if (command != NULL) {
c[0] = (char *)command;
status = XmbTextListToTextProperty(awt_display, c, 1,
XStdICCTextStyle, &text_prop);
if (status == Success || status > 0) {
XSetTextProperty(awt_display, xawt_root_window,
&text_prop, XA_WM_COMMAND);
if (text_prop.value != NULL)
XFree(text_prop.value);
}
JNU_ReleaseStringPlatformChars(env, jcommand, command);
}
JNU_ReleaseStringPlatformChars(env, jcommand, command);
AWT_UNLOCK();
}
......@@ -886,96 +908,56 @@ Java_sun_awt_motif_XsessionWMcommand(JNIEnv *env, jobject this,
* name. It's not! It's just a plain function.
*/
JNIEXPORT void JNICALL
Java_sun_awt_motif_XsessionWMcommand_New(JNIEnv *env, jobjectArray jargv)
Java_sun_awt_motif_XsessionWMcommand_New(JNIEnv *env, jobjectArray jarray)
{
static const char empty[] = "";
int argc;
const char **cargv;
jsize length;
char ** array;
XTextProperty text_prop;
int status;
int i;
Window xawt_root_window;
AWT_LOCK();
xawt_root_window = get_xawt_root_shell(env);
if (xawt_root_window == None) {
JNU_ThrowNullPointerException(env, "AWT root shell is unrealized");
AWT_UNLOCK();
JNU_ThrowNullPointerException(env, "AWT root shell is unrealized");
return;
}
argc = (int)(*env)->GetArrayLength(env, jargv);
if (argc == 0) {
AWT_UNLOCK();
return;
}
/* array of C strings */
cargv = (const char **)calloc(argc, sizeof(char *));
if (cargv == NULL) {
JNU_ThrowOutOfMemoryError(env, "Unable to allocate cargv");
AWT_UNLOCK();
return;
}
array = stringArrayToNative(env, jarray, &length);
/* fill C array with platform chars of java strings */
for (i = 0; i < argc; ++i) {
jstring js;
const char *cs;
cs = NULL;
js = (*env)->GetObjectArrayElement(env, jargv, i);
if (js != NULL) {
cs = JNU_GetStringPlatformChars(env, js, NULL);
}
if (cs == NULL) {
cs = empty;
}
cargv[i] = cs;
(*env)->DeleteLocalRef(env, js);
}
/* grr, X prototype doesn't declare cargv as const, thought it really is */
status = XmbTextListToTextProperty(awt_display, (char **)cargv, argc,
XStdICCTextStyle, &text_prop);
if (status < 0) {
switch (status) {
case XNoMemory:
JNU_ThrowOutOfMemoryError(env,
"XmbTextListToTextProperty: XNoMemory");
break;
case XLocaleNotSupported:
JNU_ThrowInternalError(env,
"XmbTextListToTextProperty: XLocaleNotSupported");
break;
case XConverterNotFound:
JNU_ThrowNullPointerException(env,
"XmbTextListToTextProperty: XConverterNotFound");
break;
default:
JNU_ThrowInternalError(env,
"XmbTextListToTextProperty: unknown error");
if (array != NULL) {
status = XmbTextListToTextProperty(awt_display, array, length,
XStdICCTextStyle, &text_prop);
if (status < 0) {
switch (status) {
case XNoMemory:
JNU_ThrowOutOfMemoryError(env,
"XmbTextListToTextProperty: XNoMemory");
break;
case XLocaleNotSupported:
JNU_ThrowInternalError(env,
"XmbTextListToTextProperty: XLocaleNotSupported");
break;
case XConverterNotFound:
JNU_ThrowNullPointerException(env,
"XmbTextListToTextProperty: XConverterNotFound");
break;
default:
JNU_ThrowInternalError(env,
"XmbTextListToTextProperty: unknown error");
}
} else {
XSetTextProperty(awt_display, xawt_root_window,
&text_prop, XA_WM_COMMAND);
}
} else {
XSetTextProperty(awt_display, xawt_root_window,
&text_prop, XA_WM_COMMAND);
}
for (i = 0; i < argc; ++i) {
jstring js;
if (cargv[i] == empty)
continue;
if (text_prop.value != NULL)
XFree(text_prop.value);
js = (*env)->GetObjectArrayElement(env, jargv, i);
JNU_ReleaseStringPlatformChars(env, js, cargv[i]);
(*env)->DeleteLocalRef(env, js);
freeNativeStringArray(array, length);
}
if (text_prop.value != NULL)
XFree(text_prop.value);
AWT_UNLOCK();
}
......
src/solaris/native/sun/xawt/XWindow.c
浏览文件 @ de1bd584
/*
* Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -1242,9 +1242,13 @@ Java_sun_awt_X11_XWindow_initIDs
{
char *ptr = NULL;
windowID = (*env)->GetFieldID(env, clazz, "window", "J");
CHECK_NULL(windowID);
targetID = (*env)->GetFieldID(env, clazz, "target", "Ljava/awt/Component;");
CHECK_NULL(targetID);
graphicsConfigID = (*env)->GetFieldID(env, clazz, "graphicsConfig", "Lsun/awt/X11GraphicsConfig;");
CHECK_NULL(graphicsConfigID);
drawStateID = (*env)->GetFieldID(env, clazz, "drawState", "I");
CHECK_NULL(drawStateID);
ptr = getenv("_AWT_USE_TYPE4_PATCH");
if( ptr != NULL && ptr[0] != 0 ) {
if( strncmp("true", ptr, 4) == 0 ) {
......
src/solaris/native/sun/xawt/awt_Desktop.c
浏览文件 @ de1bd584
/*
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -23,6 +23,7 @@
* questions.
*/
#include "jni_util.h"
#include "gtk2_interface.h"
#include "gnome_interface.h"
......@@ -65,6 +66,12 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XDesktopPeer_gnome_1url_1show
const gchar* url_c;
url_c = (char*)(*env)->GetByteArrayElements(env, url_j, NULL);
if (url_c == NULL) {
if (!(*env)->ExceptionCheck(env)) {
JNU_ThrowOutOfMemoryError(env, 0);
}
return JNI_FALSE;
}
if (gtk_has_been_loaded) {
fp_gdk_threads_enter();
......
src/windows/classes/sun/security/mscapi/RSACipher.java
浏览文件 @ de1bd584
......@@ -35,6 +35,8 @@ import javax.crypto.*;
import javax.crypto.spec.*;
import sun.security.rsa.RSAKeyFactory;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
import sun.security.util.KeyUtil;
/**
* RSA cipher implementation using the Microsoft Crypto API.
......@@ -92,9 +94,16 @@ public final class RSACipher extends CipherSpi {
// the public key, if we were initialized using a public key
private sun.security.mscapi.Key publicKey;
// the private key, if we were initialized using a private key
private sun.security.mscapi.Key privateKey;
// cipher parameter for TLS RSA premaster secret
private AlgorithmParameterSpec spec = null;
// the source of randomness
private SecureRandom random;
public RSACipher() {
paddingType = PAD_PKCS1;
}
......@@ -155,8 +164,12 @@ public final class RSACipher extends CipherSpi {
throws InvalidKeyException, InvalidAlgorithmParameterException {
if (params != null) {
throw new InvalidAlgorithmParameterException
("Parameters not supported");
if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) {
throw new InvalidAlgorithmParameterException(
"Parameters not supported");
}
spec = params;
this.random = random; // for TLS RSA premaster secret
}
init(opmode, key);
}
......@@ -356,39 +369,47 @@ public final class RSACipher extends CipherSpi {
}
// see JCE spec
protected java.security.Key engineUnwrap(byte[] wrappedKey, String algorithm,
protected java.security.Key engineUnwrap(byte[] wrappedKey,
String algorithm,
int type) throws InvalidKeyException, NoSuchAlgorithmException {
if (wrappedKey.length > buffer.length) {
throw new InvalidKeyException("Key is too long for unwrapping");
}
update(wrappedKey, 0, wrappedKey.length);
try {
byte[] encoding = doFinal();
switch (type) {
case Cipher.PUBLIC_KEY:
return constructPublicKey(encoding, algorithm);
case Cipher.PRIVATE_KEY:
return constructPrivateKey(encoding, algorithm);
case Cipher.SECRET_KEY:
return constructSecretKey(encoding, algorithm);
default:
throw new InvalidKeyException("Unknown key type " + type);
}
boolean isTlsRsaPremasterSecret =
algorithm.equals("TlsRsaPremasterSecret");
Exception failover = null;
byte[] encoded = null;
update(wrappedKey, 0, wrappedKey.length);
try {
encoded = doFinal();
} catch (BadPaddingException e) {
// should not occur
throw new InvalidKeyException("Unwrapping failed", e);
if (isTlsRsaPremasterSecret) {
failover = e;
} else {
throw new InvalidKeyException("Unwrapping failed", e);
}
} catch (IllegalBlockSizeException e) {
// should not occur, handled with length check above
throw new InvalidKeyException("Unwrapping failed", e);
}
if (isTlsRsaPremasterSecret) {
if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) {
throw new IllegalStateException(
"No TlsRsaPremasterSecretParameterSpec specified");
}
// polish the TLS premaster secret
encoded = KeyUtil.checkTlsPreMasterSecretKey(
((TlsRsaPremasterSecretParameterSpec)spec).getClientVersion(),
((TlsRsaPremasterSecretParameterSpec)spec).getServerVersion(),
random, encoded, (failover != null));
}
return constructKey(encoded, algorithm, type);
}
// see JCE spec
......@@ -452,6 +473,22 @@ public final class RSACipher extends CipherSpi {
return new SecretKeySpec(encodedKey, encodedKeyAlgorithm);
}
private static Key constructKey(byte[] encodedKey,
String encodedKeyAlgorithm,
int keyType) throws InvalidKeyException, NoSuchAlgorithmException {
switch (keyType) {
case Cipher.PUBLIC_KEY:
return constructPublicKey(encodedKey, encodedKeyAlgorithm);
case Cipher.PRIVATE_KEY:
return constructPrivateKey(encodedKey, encodedKeyAlgorithm);
case Cipher.SECRET_KEY:
return constructSecretKey(encodedKey, encodedKeyAlgorithm);
default:
throw new InvalidKeyException("Unknown key type " + keyType);
}
}
/*
* Encrypt/decrypt a data buffer using Microsoft Crypto API with HCRYPTKEY.
* It expects and returns ciphertext data in big-endian form.
......
src/windows/native/sun/windows/awt_Frame.cpp
浏览文件 @ de1bd584
/*
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -173,8 +173,11 @@ AwtFrame* AwtFrame::Create(jobject self, jobject parent)
BOOL isEmbeddedInstance = FALSE;
BOOL isEmbedded = FALSE;
cls = env->FindClass("sun/awt/EmbeddedFrame");
if (cls) {
isEmbeddedInstance = env->IsInstanceOf(target, cls);
} else {
throw std::bad_alloc();
}
INT_PTR handle;
if (isEmbeddedInstance) {
......@@ -189,6 +192,8 @@ AwtFrame* AwtFrame::Create(jobject self, jobject parent)
cls = env->FindClass("sun/awt/LightweightFrame");
if (cls) {
isLightweight = env->IsInstanceOf(target, cls);
} else {
throw std::bad_alloc();
}
frame->m_isLightweight = isLightweight;
......@@ -260,7 +265,11 @@ AwtFrame* AwtFrame::Create(jobject self, jobject parent)
// for input method windows, use minimal decorations
inputMethodWindowCls = env->FindClass("sun/awt/im/InputMethodWindow");
if ((inputMethodWindowCls != NULL) && env->IsInstanceOf(target, inputMethodWindowCls)) {
if (inputMethodWindowCls == NULL) {
throw std::bad_alloc();
}
if (env->IsInstanceOf(target, inputMethodWindowCls)) {
//for below-the-spot composition window, use no decoration
if (env->GetBooleanField(target, AwtFrame::undecoratedID) == JNI_TRUE){
exStyle = 0;
......@@ -1611,9 +1620,10 @@ Java_sun_awt_windows_WFramePeer_initIDs(JNIEnv *env, jclass cls)
TRY;
AwtFrame::setExtendedStateMID = env->GetMethodID(cls, "setExtendedState", "(I)V");
AwtFrame::getExtendedStateMID = env->GetMethodID(cls, "getExtendedState", "()I");
DASSERT(AwtFrame::setExtendedStateMID);
CHECK_NULL(AwtFrame::setExtendedStateMID);
AwtFrame::getExtendedStateMID = env->GetMethodID(cls, "getExtendedState", "()I");
DASSERT(AwtFrame::getExtendedStateMID);
CATCH_BAD_ALLOC;
......@@ -1786,35 +1796,6 @@ Java_sun_awt_windows_WFramePeer_pSetIMMOption(JNIEnv *env, jobject self,
} /* extern "C" */
/************************************************************************
* EmbeddedFrame native methods
*/
extern "C" {
/*
* Class: sun_awt_EmbeddedFrame
* Method: setPeer
* Signature: (Ljava/awt/peer/ComponentPeer;)V
*/
JNIEXPORT void JNICALL
Java_sun_awt_EmbeddedFrame_setPeer(JNIEnv *env, jobject self, jobject lpeer)
{
TRY;
jclass cls;
jfieldID fid;
cls = env->GetObjectClass(self);
fid = env->GetFieldID(cls, "peer", "Ljava/awt/peer/ComponentPeer;");
env->SetObjectField(self, fid, lpeer);
CATCH_BAD_ALLOC;
}
} /* extern "C" */
/************************************************************************
* WEmbeddedFrame native methods
*/
......@@ -1833,6 +1814,7 @@ Java_sun_awt_windows_WEmbeddedFrame_initIDs(JNIEnv *env, jclass cls)
AwtFrame::handleID = env->GetFieldID(cls, "handle", "J");
DASSERT(AwtFrame::handleID != NULL);
CHECK_NULL(AwtFrame::handleID);
AwtFrame::activateEmbeddingTopLevelMID = env->GetMethodID(cls, "activateEmbeddingTopLevel", "()V");
DASSERT(AwtFrame::activateEmbeddingTopLevelMID != NULL);
......
test/com/sun/crypto/provider/TLS/TestPremaster.java
浏览文件 @ de1bd584
......@@ -33,6 +33,7 @@ import java.security.Provider;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import java.util.Formatter;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
......@@ -52,27 +53,51 @@ public class TestPremaster {
System.out.println("OK: " + e);
}
test(kg, 3, 0);
test(kg, 3, 1);
test(kg, 3, 2);
test(kg, 4, 0);
int[] protocolVersions = {0x0300, 0x0301, 0x0302, 0x0400};
for (int clientVersion : protocolVersions) {
for (int serverVersion : protocolVersions) {
test(kg, clientVersion, serverVersion);
if (serverVersion >= clientVersion) {
break;
}
}
}
System.out.println("Done.");
}
private static void test(KeyGenerator kg, int major, int minor)
throws Exception {
private static void test(KeyGenerator kg,
int clientVersion, int serverVersion) throws Exception {
System.out.printf(
"Testing RSA pre-master secret key generation between " +
"client (0x%04X) and server(0x%04X)%n",
clientVersion, serverVersion);
kg.init(new TlsRsaPremasterSecretParameterSpec(
clientVersion, serverVersion));
kg.init(new TlsRsaPremasterSecretParameterSpec(major, minor));
SecretKey key = kg.generateKey();
byte[] encoded = key.getEncoded();
if (encoded.length != 48) {
throw new Exception("length: " + encoded.length);
}
if ((encoded[0] != major) || (encoded[1] != minor)) {
throw new Exception("version mismatch: " + encoded[0] +
"." + encoded[1]);
}
System.out.println("OK: " + major + "." + minor);
if (encoded != null) { // raw key material may be not extractable
if (encoded.length != 48) {
throw new Exception("length: " + encoded.length);
}
int v = versionOf(encoded[0], encoded[1]);
if (clientVersion != v) {
if (serverVersion != v || clientVersion >= 0x0302) {
throw new Exception(String.format(
"version mismatch: (0x%04X) rather than (0x%04X) " +
"is used in pre-master secret", v, clientVersion));
}
System.out.printf("Use compatible version (0x%04X)%n", v);
}
System.out.println("Passed, version matches!");
} else {
System.out.println("Raw key material is not extractable");
}
}
private static int versionOf(int major, int minor) {
return ((major & 0xFF) << 8) | (minor & 0xFF);
}
}
test/java/net/Inet4Address/DummyNameService.java 0 → 100644
浏览文件 @ de1bd584
/*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* A simple name service which throws an exception when invoked
*/
import java.net.UnknownHostException;
import java.net.InetAddress;
import sun.net.spi.nameservice.*;
import java.util.*;
public final class DummyNameService implements NameService {
public DummyNameService() throws Exception {
}
public InetAddress[] lookupAllHostAddr(String host) throws UnknownHostException {
throw new UnknownHostException("Dummy name service");
}
public String getHostByAddr(byte[] addr) throws UnknownHostException {
throw new UnknownHostException("Dummy name service");
}
}
test/java/net/Inet4Address/DummyNameServiceDescriptor.java 0 → 100644
浏览文件 @ de1bd584
/*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* Descriptor for the dummy name service
*/
import sun.net.spi.nameservice.*;
public final class DummyNameServiceDescriptor implements NameServiceDescriptor {
/**
* Create a new instance of the corresponding name service.
*/
public NameService createNameService() throws Exception {
return new DummyNameService();
}
/**
* Returns this service provider's name
*
*/
public String getProviderName() {
return "oracle";
}
/**
* Returns this name service type
* "dns" "nis" etc
*/
public String getType() {
return "dummy";
}
}
test/java/net/Inet4Address/META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor 0 → 100644
浏览文件 @ de1bd584
# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
DummyNameServiceDescriptor # name service provider descriptor
test/java/net/Inet4Address/textToNumericFormat.java
浏览文件 @ de1bd584
......@@ -25,8 +25,18 @@
* @test
* @bug 4749938
* @summary Bug in the parsing IPv4 literal addresses
* @compile -XDignore.symbol.file=true DummyNameService.java DummyNameServiceDescriptor.java
* @run main/othervm -Dsun.net.spi.nameservice.provider.1=dummy,oracle textToNumericFormat
*/
/**
* We use a dummy name service which throws UHE any time it is called.
* We do this because the "good" tests here should parse correctly
* without needing to call the name service, and the bad tests will
* not parse and then invoke the name service, where we expect
* the exception.
*/
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.*;
......@@ -34,19 +44,25 @@ import java.util.*;
public class textToNumericFormat {
public static void main(String[] args) throws UnknownHostException {
List goodList = new ArrayList();
List badList = new ArrayList();
List<String> goodList = new ArrayList<>();
List<String> badList = new ArrayList<>();
String goodAddrs[] = {
"224.0.1.0",
"238.255.255.255",
"239.255.255.255" };
"239.255.255.255",
"239.255.65535",
"239.16777215",
"4294967295" };
String badAddrs[] = {
"238.255.255.2550",
"256.255.255.255",
"238.255.2550.255",
"238.2550.255.255",
"2380.255.255.255"};
"2380.255.255.255",
"239.255.65536",
"239.16777216",
"4294967296" };
for (int i=0; i<goodAddrs.length; i++) {
try {
......
test/javax/net/ssl/SSLEngine/IllegalRecordVersion.java 0 → 100644
浏览文件 @ de1bd584
/*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
// This test case relies on updated static security property, no way to re-use
// security property in samevm/agentvm mode.
/*
* @test
* @bug 8042449
* @summary Issue for negative byte major record version
*
* @run main/othervm IllegalRecordVersion
*/
import javax.net.ssl.*;
import javax.net.ssl.SSLEngineResult.*;
import java.io.*;
import java.security.*;
import java.nio.*;
public class IllegalRecordVersion {
public static void main(String args[]) throws Exception {
SSLContext context = SSLContext.getDefault();
SSLEngine cliEngine = context.createSSLEngine();
cliEngine.setUseClientMode(true);
SSLEngine srvEngine = context.createSSLEngine();
srvEngine.setUseClientMode(false);
SSLSession session = cliEngine.getSession();
int netBufferMax = session.getPacketBufferSize();
int appBufferMax = session.getApplicationBufferSize();
ByteBuffer cliToSrv = ByteBuffer.allocateDirect(netBufferMax);
ByteBuffer srvIBuff = ByteBuffer.allocateDirect(appBufferMax + 50);
ByteBuffer cliOBuff = ByteBuffer.wrap("I'm client".getBytes());
System.out.println("client hello (record version(0xa9, 0xa2))");
SSLEngineResult cliRes = cliEngine.wrap(cliOBuff, cliToSrv);
System.out.println("Client wrap result: " + cliRes);
cliToSrv.flip();
if (cliToSrv.limit() > 5) {
cliToSrv.put(1, (byte)0xa9);
cliToSrv.put(2, (byte)0xa2);
}
try {
srvEngine.unwrap(cliToSrv, srvIBuff);
throw new Exception(
"Cannot catch the unsupported record version issue");
} catch (SSLException e) {
// get the expected exception
}
}
}
test/javax/swing/JTextField/8036819/bug8036819.java 0 → 100644
浏览文件 @ de1bd584
/*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @library ../../regtesthelpers
* @build Util
* @bug 8036819
* @summary JAB: mnemonics not read for textboxes
* @author Vivi An
* @run main bug8036819
*/
import javax.swing.*;
import javax.swing.event.*;
import java.awt.event.*;
import java.awt.*;
import sun.awt.SunToolkit;
import javax.accessibility.*;
public class bug8036819 {
public static volatile Boolean passed = false;
public static void main(String args[]) throws Throwable {
SwingUtilities.invokeAndWait(new Runnable() {
public void run() {
createAndShowGUI();
}
});
SunToolkit toolkit = (SunToolkit) Toolkit.getDefaultToolkit();
toolkit.realSync();
Robot robo = new Robot();
robo.setAutoDelay(300);
// Using mnemonic key to focus on the textfield
Util.hitMnemonics(robo, KeyEvent.VK_P);
toolkit.realSync();
if (!passed){
throw new RuntimeException("Test failed.");
}
}
private static void createAndShowGUI() {
JFrame mainFrame = new JFrame("bug 8036819");
JLabel usernameLabel = new JLabel("Username: ");
JTextField usernameField = new JTextField(20);
usernameLabel.setDisplayedMnemonic(KeyEvent.VK_U);
usernameLabel.setLabelFor(usernameField);
JLabel pwdLabel = new JLabel("Password: ");
JTextField pwdField = new JTextField(20);
pwdLabel.setDisplayedMnemonic(KeyEvent.VK_P);
pwdLabel.setLabelFor(pwdField);
pwdField.addKeyListener(
new KeyListener(){
@Override
public void keyPressed(KeyEvent keyEvent) {
}
@Override
public void keyTyped(KeyEvent keyEvent) {
}
@Override
public void keyReleased(KeyEvent keyEvent){
JComponent comp = (JComponent) pwdField;
AccessibleContext ac = comp.getAccessibleContext();
AccessibleExtendedComponent aec = (AccessibleExtendedComponent)ac.getAccessibleComponent();
AccessibleKeyBinding akb = aec.getAccessibleKeyBinding();
if (akb != null){
int count = akb.getAccessibleKeyBindingCount();
if (count != 1){
passed = false;
return;
}
// there is 1 accessible key for the text field
System.out.println("Retrieved AccessibleKeyBinding for textfield " + count);
// the key code is KeyEvent.VK_P
Object o = akb.getAccessibleKeyBinding(0);
if (o instanceof KeyStroke){
javax.swing.KeyStroke key = (javax.swing.KeyStroke)o;
System.out.println("keystroke is " + key.getKeyCode());
if (key.getKeyCode() == KeyEvent.VK_P)
passed = true;
}
}
}
}
);
mainFrame.getContentPane().add(usernameLabel);
mainFrame.getContentPane().add(usernameField);
mainFrame.getContentPane().add(pwdLabel);
mainFrame.getContentPane().add(pwdField);
mainFrame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
mainFrame.setLayout(new FlowLayout(FlowLayout.LEFT));
mainFrame.setSize(200, 200);
mainFrame.setLocation(200, 200);
mainFrame.setVisible(true);
mainFrame.toFront();
}
}
test/sun/security/pkcs11/fips/CipherTest.java
浏览文件 @ de1bd584
......@@ -472,8 +472,21 @@ public class CipherTest {
return false;
}
// No ECDH-capable certificate in key store. May restructure
// this in the future.
if (cipherSuite.contains("ECDHE_ECDSA") ||
cipherSuite.contains("ECDH_ECDSA") ||
cipherSuite.contains("ECDH_RSA")) {
System.out.println("Skipping unsupported test for " +
cipherSuite + " of " + protocol);
return false;
}
// skip SSLv2Hello protocol
if (protocol.equals("SSLv2Hello")) {
//
// skip TLSv1.2 protocol, we have not implement "SunTls12Prf" and
// SunTls12RsaPremasterSecret in SunPKCS11 provider
if (protocol.equals("SSLv2Hello") || protocol.equals("TLSv1.2")) {
System.out.println("Skipping unsupported test for " +
cipherSuite + " of " + protocol);
return false;
......
test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java
浏览文件 @ de1bd584
/*
* Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -23,7 +23,7 @@
/*
* @test
* @bug 6313675 6323647
* @bug 6313675 6323647 8028192
* @summary Verify that all ciphersuites work in FIPS mode
* @library ..
* @ignore JSSE supported cipher suites are changed with CR 6916074,
......@@ -44,9 +44,13 @@ public class ClientJSSEServerJSSE extends SecmodTest {
return;
}
if ("sparc".equals(System.getProperty("os.arch")) == false) {
// we have not updated other platforms with the proper NSS libraries yet
System.out.println("Test currently works only on solaris-sparc, skipping");
String arch = System.getProperty("os.arch");
if (!("sparc".equals(arch) || "sparcv9".equals(arch))) {
// we have not updated other platforms with the proper NSS
// libraries yet
System.out.println(
"Test currently works only on solaris-sparc " +
"and solaris-sparcv9. Skipping on " + arch);
return;
}
......
test/sun/security/pkcs11/tls/TestPremaster.java
浏览文件 @ de1bd584
......@@ -34,6 +34,7 @@ import java.security.Provider;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import java.util.Formatter;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
......@@ -59,27 +60,51 @@ public class TestPremaster extends PKCS11Test {
System.out.println("OK: " + e);
}
test(kg, 3, 0);
test(kg, 3, 1);
test(kg, 3, 2);
test(kg, 4, 0);
int[] protocolVersions = {0x0300, 0x0301, 0x0302, 0x0400};
for (int clientVersion : protocolVersions) {
for (int serverVersion : protocolVersions) {
test(kg, clientVersion, serverVersion);
if (serverVersion >= clientVersion) {
break;
}
}
}
System.out.println("Done.");
}
private static void test(KeyGenerator kg, int major, int minor)
throws Exception {
private static void test(KeyGenerator kg,
int clientVersion, int serverVersion) throws Exception {
kg.init(new TlsRsaPremasterSecretParameterSpec(major, minor));
System.out.printf(
"Testing RSA pre-master secret key generation between " +
"client (0x%04X) and server(0x%04X)%n",
clientVersion, serverVersion);
kg.init(new TlsRsaPremasterSecretParameterSpec(
clientVersion, serverVersion));
SecretKey key = kg.generateKey();
byte[] encoded = key.getEncoded();
if (encoded.length != 48) {
throw new Exception("length: " + encoded.length);
}
if ((encoded[0] != major) || (encoded[1] != minor)) {
throw new Exception("version mismatch: " + encoded[0] +
"." + encoded[1]);
}
System.out.println("OK: " + major + "." + minor);
if (encoded != null) { // raw key material may be not extractable
if (encoded.length != 48) {
throw new Exception("length: " + encoded.length);
}
int v = versionOf(encoded[0], encoded[1]);
if (clientVersion != v) {
if (serverVersion != v || clientVersion >= 0x0302) {
throw new Exception(String.format(
"version mismatch: (0x%04X) rather than (0x%04X) " +
"is used in pre-master secret", v, clientVersion));
}
System.out.printf("Use compatible version (0x%04X)%n", v);
}
System.out.println("Passed, version matches!");
} else {
System.out.println("Raw key material is not extractable");
}
}
private static int versionOf(int major, int minor) {
return ((major & 0xFF) << 8) | (minor & 0xFF);
}
}
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册