Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 de1bd584 编写于 作者: L lana
浏览文件
操作

Merge

上级 3bfada3e a8e71dd1
展开全部 隐藏空白更改
内联 并排
Showing with 1386 addition and 780 deletion
src/share/classes/com/sun/crypto/provider/RSACipher.java
浏览文件 @ de1bd584
/* /*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -39,6 +39,8 @@ import javax.crypto.spec.OAEPParameterSpec; ...@@ -39,6 +39,8 @@ import javax.crypto.spec.OAEPParameterSpec;
import sun.security.rsa.*; import sun.security.rsa.*;
import sun.security.jca.Providers; import sun.security.jca.Providers;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
import sun.security.util.KeyUtil;
/** /**
* RSA cipher implementation. Supports RSA en/decryption and signing/verifying * RSA cipher implementation. Supports RSA en/decryption and signing/verifying
...@@ -91,8 +93,8 @@ public final class RSACipher extends CipherSpi { ...@@ -91,8 +93,8 @@ public final class RSACipher extends CipherSpi {
// padding object // padding object
private RSAPadding padding; private RSAPadding padding;
// cipher parameter for OAEP padding // cipher parameter for OAEP padding and TLS RSA premaster secret
private OAEPParameterSpec spec = null; private AlgorithmParameterSpec spec = null;
// buffer for the data // buffer for the data
private byte[] buffer; private byte[] buffer;
...@@ -110,6 +112,9 @@ public final class RSACipher extends CipherSpi { ...@@ -110,6 +112,9 @@ public final class RSACipher extends CipherSpi {
// hash algorithm for OAEP // hash algorithm for OAEP
private String oaepHashAlgorithm = "SHA-1"; private String oaepHashAlgorithm = "SHA-1";
// the source of randomness
private SecureRandom random;
public RSACipher() { public RSACipher() {
paddingType = PAD_PKCS1; paddingType = PAD_PKCS1;
} }
...@@ -175,7 +180,7 @@ public final class RSACipher extends CipherSpi { ...@@ -175,7 +180,7 @@ public final class RSACipher extends CipherSpi {
// see JCE spec // see JCE spec
protected AlgorithmParameters engineGetParameters() { protected AlgorithmParameters engineGetParameters() {
if (spec != null) { if (spec != null && spec instanceof OAEPParameterSpec) {
try { try {
AlgorithmParameters params = AlgorithmParameters params =
AlgorithmParameters.getInstance("OAEP", AlgorithmParameters.getInstance("OAEP",
...@@ -276,8 +281,13 @@ public final class RSACipher extends CipherSpi { ...@@ -276,8 +281,13 @@ public final class RSACipher extends CipherSpi {
buffer = new byte[n]; buffer = new byte[n];
} else if (paddingType == PAD_PKCS1) { } else if (paddingType == PAD_PKCS1) {
if (params != null) { if (params != null) {
throw new InvalidAlgorithmParameterException if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) {
("Parameters not supported"); throw new InvalidAlgorithmParameterException(
"Parameters not supported");
}
spec = params;
this.random = random; // for TLS RSA premaster secret
} }
int blockType = (mode <= MODE_DECRYPT) ? RSAPadding.PAD_BLOCKTYPE_2 int blockType = (mode <= MODE_DECRYPT) ? RSAPadding.PAD_BLOCKTYPE_2
: RSAPadding.PAD_BLOCKTYPE_1; : RSAPadding.PAD_BLOCKTYPE_1;
...@@ -293,19 +303,18 @@ public final class RSACipher extends CipherSpi { ...@@ -293,19 +303,18 @@ public final class RSACipher extends CipherSpi {
throw new InvalidKeyException throw new InvalidKeyException
("OAEP cannot be used to sign or verify signatures"); ("OAEP cannot be used to sign or verify signatures");
} }
OAEPParameterSpec myParams;
if (params != null) { if (params != null) {
if (!(params instanceof OAEPParameterSpec)) { if (!(params instanceof OAEPParameterSpec)) {
throw new InvalidAlgorithmParameterException throw new InvalidAlgorithmParameterException
("Wrong Parameters for OAEP Padding"); ("Wrong Parameters for OAEP Padding");
} }
myParams = (OAEPParameterSpec) params; spec = params;
} else { } else {
myParams = new OAEPParameterSpec(oaepHashAlgorithm, "MGF1", spec = new OAEPParameterSpec(oaepHashAlgorithm, "MGF1",
MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT);
} }
padding = RSAPadding.getInstance(RSAPadding.PAD_OAEP_MGF1, n, padding = RSAPadding.getInstance(RSAPadding.PAD_OAEP_MGF1, n,
random, myParams); random, (OAEPParameterSpec)spec);
if (encrypt) { if (encrypt) {
int k = padding.getMaxDataSize(); int k = padding.getMaxDataSize();
buffer = new byte[k]; buffer = new byte[k];
...@@ -420,17 +429,40 @@ public final class RSACipher extends CipherSpi { ...@@ -420,17 +429,40 @@ public final class RSACipher extends CipherSpi {
if (wrappedKey.length > buffer.length) { if (wrappedKey.length > buffer.length) {
throw new InvalidKeyException("Key is too long for unwrapping"); throw new InvalidKeyException("Key is too long for unwrapping");
} }
boolean isTlsRsaPremasterSecret =
algorithm.equals("TlsRsaPremasterSecret");
Exception failover = null;
byte[] encoded = null;
update(wrappedKey, 0, wrappedKey.length); update(wrappedKey, 0, wrappedKey.length);
try { try {
byte[] encoded = doFinal(); encoded = doFinal();
return ConstructKeys.constructKey(encoded, algorithm, type);
} catch (BadPaddingException e) { } catch (BadPaddingException e) {
// should not occur if (isTlsRsaPremasterSecret) {
throw new InvalidKeyException("Unwrapping failed", e); failover = e;
} else {
throw new InvalidKeyException("Unwrapping failed", e);
}
} catch (IllegalBlockSizeException e) { } catch (IllegalBlockSizeException e) {
// should not occur, handled with length check above // should not occur, handled with length check above
throw new InvalidKeyException("Unwrapping failed", e); throw new InvalidKeyException("Unwrapping failed", e);
} }
if (isTlsRsaPremasterSecret) {
if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) {
throw new IllegalStateException(
"No TlsRsaPremasterSecretParameterSpec specified");
}
// polish the TLS premaster secret
encoded = KeyUtil.checkTlsPreMasterSecretKey(
((TlsRsaPremasterSecretParameterSpec)spec).getClientVersion(),
((TlsRsaPremasterSecretParameterSpec)spec).getServerVersion(),
random, encoded, (failover != null));
}
return ConstructKeys.constructKey(encoded, algorithm, type);
} }
// see JCE spec // see JCE spec
...@@ -438,5 +470,4 @@ public final class RSACipher extends CipherSpi { ...@@ -438,5 +470,4 @@ public final class RSACipher extends CipherSpi {
RSAKey rsaKey = RSAKeyFactory.toRSAKey(key); RSAKey rsaKey = RSAKeyFactory.toRSAKey(key);
return rsaKey.getModulus().bitLength(); return rsaKey.getModulus().bitLength();
} }
} }
src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java
浏览文件 @ de1bd584
/* /*
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -56,7 +56,7 @@ public final class TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi { ...@@ -56,7 +56,7 @@ public final class TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
protected void engineInit(AlgorithmParameterSpec params, protected void engineInit(AlgorithmParameterSpec params,
SecureRandom random) throws InvalidAlgorithmParameterException { SecureRandom random) throws InvalidAlgorithmParameterException {
if (params instanceof TlsRsaPremasterSecretParameterSpec == false) { if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) {
throw new InvalidAlgorithmParameterException(MSG); throw new InvalidAlgorithmParameterException(MSG);
} }
this.spec = (TlsRsaPremasterSecretParameterSpec)params; this.spec = (TlsRsaPremasterSecretParameterSpec)params;
...@@ -67,21 +67,20 @@ public final class TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi { ...@@ -67,21 +67,20 @@ public final class TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
throw new InvalidParameterException(MSG); throw new InvalidParameterException(MSG);
} }
// Only can be used in client side to generate TLS RSA premaster secret.
protected SecretKey engineGenerateKey() { protected SecretKey engineGenerateKey() {
if (spec == null) { if (spec == null) {
throw new IllegalStateException( throw new IllegalStateException(
"TlsRsaPremasterSecretGenerator must be initialized"); "TlsRsaPremasterSecretGenerator must be initialized");
} }
byte[] b = spec.getEncodedSecret();
if (b == null) { if (random == null) {
if (random == null) { random = new SecureRandom();
random = new SecureRandom();
}
b = new byte[48];
random.nextBytes(b);
b[0] = (byte)spec.getMajorVersion();
b[1] = (byte)spec.getMinorVersion();
} }
byte[] b = new byte[48];
random.nextBytes(b);
b[0] = (byte)spec.getMajorVersion();
b[1] = (byte)spec.getMinorVersion();
return new SecretKeySpec(b, "TlsRsaPremasterSecret"); return new SecretKeySpec(b, "TlsRsaPremasterSecret");
} }
......
src/share/classes/javax/swing/JComponent.java
浏览文件 @ de1bd584
...@@ -3985,6 +3985,17 @@ public abstract class JComponent extends Container implements Serializable, ...@@ -3985,6 +3985,17 @@ public abstract class JComponent extends Container implements Serializable,
* @since 1.4 * @since 1.4
*/ */
public AccessibleKeyBinding getAccessibleKeyBinding() { public AccessibleKeyBinding getAccessibleKeyBinding() {
// Try to get the linked label's mnemonic if it exists
Object o = getClientProperty(JLabel.LABELED_BY_PROPERTY);
if (o instanceof Accessible){
AccessibleContext ac = ((Accessible) o).getAccessibleContext();
if (ac != null){
AccessibleComponent comp = ac.getAccessibleComponent();
if (! (comp instanceof AccessibleExtendedComponent))
return null;
return ((AccessibleExtendedComponent)comp).getAccessibleKeyBinding();
}
}
return null; return null;
} }
} // inner class AccessibleJComponent } // inner class AccessibleJComponent
......
src/share/classes/sun/net/InetAddressCachePolicy.java
浏览文件 @ de1bd584
...@@ -84,19 +84,31 @@ public final class InetAddressCachePolicy { ...@@ -84,19 +84,31 @@ public final class InetAddressCachePolicy {
* Initialize * Initialize
*/ */
static { static {
Integer tmp = null;
Integer tmp = java.security.AccessController.doPrivileged(
try { new PrivilegedAction<Integer>() {
tmp = new Integer( public Integer run() {
java.security.AccessController.doPrivileged ( try {
new PrivilegedAction<String>() { String tmpString = Security.getProperty(cachePolicyProp);
public String run() { if (tmpString != null) {
return Security.getProperty(cachePolicyProp); return Integer.valueOf(tmpString);
} }
})); } catch (NumberFormatException ignored) {
} catch (NumberFormatException e) { // Ignore
// ignore }
}
try {
String tmpString = System.getProperty(cachePolicyPropFallback);
if (tmpString != null) {
return Integer.decode(tmpString);
}
} catch (NumberFormatException ignored) {
// Ignore
}
return null;
}
});
if (tmp != null) { if (tmp != null) {
cachePolicy = tmp.intValue(); cachePolicy = tmp.intValue();
if (cachePolicy < 0) { if (cachePolicy < 0) {
...@@ -104,35 +116,36 @@ public final class InetAddressCachePolicy { ...@@ -104,35 +116,36 @@ public final class InetAddressCachePolicy {
} }
propertySet = true; propertySet = true;
} else { } else {
tmp = java.security.AccessController.doPrivileged /* No properties defined for positive caching. If there is no
(new sun.security.action.GetIntegerAction(cachePolicyPropFallback)); * security manager then use the default positive cache value.
if (tmp != null) { */
cachePolicy = tmp.intValue(); if (System.getSecurityManager() == null) {
if (cachePolicy < 0) { cachePolicy = DEFAULT_POSITIVE;
cachePolicy = FOREVER;
}
propertySet = true;
} else {
/* No properties defined for positive caching. If there is no
* security manager then use the default positive cache value.
*/
if (System.getSecurityManager() == null) {
cachePolicy = DEFAULT_POSITIVE;
}
} }
} }
tmp = java.security.AccessController.doPrivileged (
new PrivilegedAction<Integer>() {
public Integer run() {
try {
String tmpString = Security.getProperty(negativeCachePolicyProp);
if (tmpString != null) {
return Integer.valueOf(tmpString);
}
} catch (NumberFormatException ignored) {
// Ignore
}
try { try {
tmp = new Integer( String tmpString = System.getProperty(negativeCachePolicyPropFallback);
java.security.AccessController.doPrivileged ( if (tmpString != null) {
new PrivilegedAction<String>() { return Integer.decode(tmpString);
public String run() { }
return Security.getProperty(negativeCachePolicyProp); } catch (NumberFormatException ignored) {
} // Ignore
})); }
} catch (NumberFormatException e) { return null;
// ignore }
} });
if (tmp != null) { if (tmp != null) {
negativeCachePolicy = tmp.intValue(); negativeCachePolicy = tmp.intValue();
...@@ -140,16 +153,6 @@ public final class InetAddressCachePolicy { ...@@ -140,16 +153,6 @@ public final class InetAddressCachePolicy {
negativeCachePolicy = FOREVER; negativeCachePolicy = FOREVER;
} }
propertyNegativeSet = true; propertyNegativeSet = true;
} else {
tmp = java.security.AccessController.doPrivileged
(new sun.security.action.GetIntegerAction(negativeCachePolicyPropFallback));
if (tmp != null) {
negativeCachePolicy = tmp.intValue();
if (negativeCachePolicy < 0) {
negativeCachePolicy = FOREVER;
}
propertyNegativeSet = true;
}
} }
} }
......
src/share/classes/sun/net/util/IPAddressUtil.java
浏览文件 @ de1bd584
...@@ -37,90 +37,73 @@ public class IPAddressUtil { ...@@ -37,90 +37,73 @@ public class IPAddressUtil {
* @param src a String representing an IPv4 address in standard format * @param src a String representing an IPv4 address in standard format
* @return a byte array representing the IPv4 numeric address * @return a byte array representing the IPv4 numeric address
*/ */
@SuppressWarnings("fallthrough")
public static byte[] textToNumericFormatV4(String src) public static byte[] textToNumericFormatV4(String src)
{ {
if (src.length() == 0) {
return null;
}
byte[] res = new byte[INADDR4SZ]; byte[] res = new byte[INADDR4SZ];
String[] s = src.split("\\.", -1);
long val;
try {
switch(s.length) {
case 1:
/*
* When only one part is given, the value is stored directly in
* the network address without any byte rearrangement.
*/
val = Long.parseLong(s[0]); long tmpValue = 0;
if (val < 0 || val > 0xffffffffL) int currByte = 0;
return null;
res[0] = (byte) ((val >> 24) & 0xff);
res[1] = (byte) (((val & 0xffffff) >> 16) & 0xff);
res[2] = (byte) (((val & 0xffff) >> 8) & 0xff);
res[3] = (byte) (val & 0xff);
break;
case 2:
/*
* When a two part address is supplied, the last part is
* interpreted as a 24-bit quantity and placed in the right
* most three bytes of the network address. This makes the
* two part address format convenient for specifying Class A
* network addresses as net.host.
*/
val = Integer.parseInt(s[0]); int len = src.length();
if (val < 0 || val > 0xff) if (len == 0 || len > 15) {
return null; return null;
res[0] = (byte) (val & 0xff); }
val = Integer.parseInt(s[1]); /*
if (val < 0 || val > 0xffffff) * When only one part is given, the value is stored directly in
* the network address without any byte rearrangement.
*
* When a two part address is supplied, the last part is
* interpreted as a 24-bit quantity and placed in the right
* most three bytes of the network address. This makes the
* two part address format convenient for specifying Class A
* network addresses as net.host.
*
* When a three part address is specified, the last part is
* interpreted as a 16-bit quantity and placed in the right
* most two bytes of the network address. This makes the
* three part address format convenient for specifying
* Class B net- work addresses as 128.net.host.
*
* When four parts are specified, each is interpreted as a
* byte of data and assigned, from left to right, to the
* four bytes of an IPv4 address.
*
* We determine and parse the leading parts, if any, as single
* byte values in one pass directly into the resulting byte[],
* then the remainder is treated as a 8-to-32-bit entity and
* translated into the remaining bytes in the array.
*/
for (int i = 0; i < len; i++) {
char c = src.charAt(i);
if (c == '.') {
if (tmpValue < 0 || tmpValue > 0xff || currByte == 3) {
return null; return null;
res[1] = (byte) ((val >> 16) & 0xff);
res[2] = (byte) (((val & 0xffff) >> 8) &0xff);
res[3] = (byte) (val & 0xff);
break;
case 3:
/*
* When a three part address is specified, the last part is
* interpreted as a 16-bit quantity and placed in the right
* most two bytes of the network address. This makes the
* three part address format convenient for specifying
* Class B net- work addresses as 128.net.host.
*/
for (int i = 0; i < 2; i++) {
val = Integer.parseInt(s[i]);
if (val < 0 || val > 0xff)
return null;
res[i] = (byte) (val & 0xff);
} }
val = Integer.parseInt(s[2]); res[currByte++] = (byte) (tmpValue & 0xff);
if (val < 0 || val > 0xffff) tmpValue = 0;
} else {
int digit = Character.digit(c, 10);
if (digit < 0) {
return null; return null;
res[2] = (byte) ((val >> 8) & 0xff);
res[3] = (byte) (val & 0xff);
break;
case 4:
/*
* When four parts are specified, each is interpreted as a
* byte of data and assigned, from left to right, to the
* four bytes of an IPv4 address.
*/
for (int i = 0; i < 4; i++) {
val = Integer.parseInt(s[i]);
if (val < 0 || val > 0xff)
return null;
res[i] = (byte) (val & 0xff);
} }
break; tmpValue *= 10;
default: tmpValue += digit;
return null;
} }
} catch(NumberFormatException e) { }
if (tmpValue < 0 || tmpValue >= (1L << ((4 - currByte) * 8))) {
return null; return null;
} }
switch (currByte) {
case 0:
res[0] = (byte) ((tmpValue >> 24) & 0xff);
case 1:
res[1] = (byte) ((tmpValue >> 16) & 0xff);
case 2:
res[2] = (byte) ((tmpValue >> 8) & 0xff);
case 3:
res[3] = (byte) ((tmpValue >> 0) & 0xff);
}
return res; return res;
} }
......
src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java
浏览文件 @ de1bd584
...@@ -26,11 +26,11 @@ ...@@ -26,11 +26,11 @@
package sun.security.internal.spec; package sun.security.internal.spec;
import java.security.spec.AlgorithmParameterSpec; import java.security.spec.AlgorithmParameterSpec;
import java.security.AccessController;
import java.security.PrivilegedAction;
/** /**
* Parameters for SSL/TLS RSA Premaster secret generation. * Parameters for SSL/TLS RSA premaster secret.
* This class is used by SSL/TLS client to initialize KeyGenerators of the
* type "TlsRsaPremasterSecret".
* *
* <p>Instances of this class are immutable. * <p>Instances of this class are immutable.
* *
...@@ -43,90 +43,108 @@ import java.security.spec.AlgorithmParameterSpec; ...@@ -43,90 +43,108 @@ import java.security.spec.AlgorithmParameterSpec;
public class TlsRsaPremasterSecretParameterSpec public class TlsRsaPremasterSecretParameterSpec
implements AlgorithmParameterSpec { implements AlgorithmParameterSpec {
private final int majorVersion; /*
private final int minorVersion; * The TLS spec says that the version in the RSA premaster secret must
private final byte[] encodedSecret; * be the maximum version supported by the client (i.e. the version it
* requested in its client hello version). However, we (and other
* implementations) used to send the active negotiated version. The
* system property below allows to toggle the behavior.
*/
private final static String PROP_NAME =
"com.sun.net.ssl.rsaPreMasterSecretFix";
/*
* Default is "false" (old behavior) for compatibility reasons in
* SSLv3/TLSv1. Later protocols (TLSv1.1+) do not use this property.
*/
private final static boolean rsaPreMasterSecretFix =
AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
public Boolean run() {
String value = System.getProperty(PROP_NAME);
if (value != null && value.equalsIgnoreCase("true")) {
return Boolean.TRUE;
}
return Boolean.FALSE;
}
});
private final int clientVersion;
private final int serverVersion;
/** /**
* Constructs a new TlsRsaPremasterSecretParameterSpec. * Constructs a new TlsRsaPremasterSecretParameterSpec.
* <P>
* The version numbers will be placed inside the premaster secret to
* detect version rollbacks attacks as described in the TLS specification.
* Note that they do not indicate the protocol version negotiated for
* the handshake.
* *
* @param majorVersion the major number of the protocol version * @param clientVersion the version of the TLS protocol by which the
* @param minorVersion the minor number of the protocol version * client wishes to communicate during this session
* @param serverVersion the negotiated version of the TLS protocol which
* contains the lower of that suggested by the client in the client
* hello and the highest supported by the server.
* *
* @throws IllegalArgumentException if minorVersion or majorVersion are * @throws IllegalArgumentException if clientVersion or serverVersion are
* negative or larger than 255 * negative or larger than (2^16 - 1)
*/ */
public TlsRsaPremasterSecretParameterSpec(int majorVersion, public TlsRsaPremasterSecretParameterSpec(
int minorVersion) { int clientVersion, int serverVersion) {
this.majorVersion =
TlsMasterSecretParameterSpec.checkVersion(majorVersion); this.clientVersion = checkVersion(clientVersion);
this.minorVersion = this.serverVersion = checkVersion(serverVersion);
TlsMasterSecretParameterSpec.checkVersion(minorVersion);
this.encodedSecret = null;
} }
/** /**
* Constructs a new TlsRsaPremasterSecretParameterSpec. * Returns the version of the TLS protocol by which the client wishes to
* <P> * communicate during this session.
* The version numbers will be placed inside the premaster secret to
* detect version rollbacks attacks as described in the TLS specification.
* Note that they do not indicate the protocol version negotiated for
* the handshake.
* <P>
* Usually, the encoded secret key is a random number that acts as
* dummy pre_master_secret to avoid vulnerabilities described by
* section 7.4.7.1, RFC 5246.
*
* @param majorVersion the major number of the protocol version
* @param minorVersion the minor number of the protocol version
* @param encodedSecret the encoded secret key
* *
* @throws IllegalArgumentException if minorVersion or majorVersion are * @return the version of the TLS protocol in ClientHello message
* negative or larger than 255, or encodedSecret is not exactly 48 bytes.
*/ */
public TlsRsaPremasterSecretParameterSpec(int majorVersion, public int getClientVersion() {
int minorVersion, byte[] encodedSecret) { return clientVersion;
this.majorVersion =
TlsMasterSecretParameterSpec.checkVersion(majorVersion);
this.minorVersion =
TlsMasterSecretParameterSpec.checkVersion(minorVersion);
if (encodedSecret == null || encodedSecret.length != 48) {
throw new IllegalArgumentException(
"Encoded secret is not exactly 48 bytes");
}
this.encodedSecret = encodedSecret.clone();
} }
/** /**
* Returns the major version. * Returns the negotiated version of the TLS protocol which contains the
* lower of that suggested by the client in the client hello and the
* highest supported by the server.
* *
* @return the major version. * @return the negotiated version of the TLS protocol in ServerHello message
*/ */
public int getMajorVersion() { public int getServerVersion() {
return majorVersion; return serverVersion;
} }
/** /**
* Returns the minor version. * Returns the major version used in RSA premaster secret.
* *
* @return the minor version. * @return the major version used in RSA premaster secret.
*/ */
public int getMinorVersion() { public int getMajorVersion() {
return minorVersion; if (rsaPreMasterSecretFix || clientVersion >= 0x0302) {
// 0x0302: TLSv1.1
return (clientVersion >>> 8) & 0xFF;
}
return (serverVersion >>> 8) & 0xFF;
} }
/** /**
* Returns the encoded secret. * Returns the minor version used in RSA premaster secret.
* *
* @return the encoded secret, may be null if no encoded secret. * @return the minor version used in RSA premaster secret.
*/ */
public byte[] getEncodedSecret() { public int getMinorVersion() {
return encodedSecret == null ? null : encodedSecret.clone(); if (rsaPreMasterSecretFix || clientVersion >= 0x0302) {
// 0x0302: TLSv1.1
return clientVersion & 0xFF;
}
return serverVersion & 0xFF;
}
private int checkVersion(int version) {
if ((version < 0) || (version > 0xFFFF)) {
throw new IllegalArgumentException(
"Version must be between 0 and 65,535");
}
return version;
} }
} }
src/share/classes/sun/security/pkcs11/P11RSACipher.java
浏览文件 @ de1bd584
...@@ -37,6 +37,8 @@ import javax.crypto.spec.*; ...@@ -37,6 +37,8 @@ import javax.crypto.spec.*;
import static sun.security.pkcs11.TemplateManager.*; import static sun.security.pkcs11.TemplateManager.*;
import sun.security.pkcs11.wrapper.*; import sun.security.pkcs11.wrapper.*;
import static sun.security.pkcs11.wrapper.PKCS11Constants.*; import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
import sun.security.util.KeyUtil;
/** /**
* RSA Cipher implementation class. We currently only support * RSA Cipher implementation class. We currently only support
...@@ -102,6 +104,12 @@ final class P11RSACipher extends CipherSpi { ...@@ -102,6 +104,12 @@ final class P11RSACipher extends CipherSpi {
// maximum output size. this is the length of the key // maximum output size. this is the length of the key
private int outputSize; private int outputSize;
// cipher parameter for TLS RSA premaster secret
private AlgorithmParameterSpec spec = null;
// the source of randomness
private SecureRandom random;
P11RSACipher(Token token, String algorithm, long mechanism) P11RSACipher(Token token, String algorithm, long mechanism)
throws PKCS11Exception { throws PKCS11Exception {
super(); super();
...@@ -165,8 +173,12 @@ final class P11RSACipher extends CipherSpi { ...@@ -165,8 +173,12 @@ final class P11RSACipher extends CipherSpi {
AlgorithmParameterSpec params, SecureRandom random) AlgorithmParameterSpec params, SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException { throws InvalidKeyException, InvalidAlgorithmParameterException {
if (params != null) { if (params != null) {
throw new InvalidAlgorithmParameterException if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) {
("Parameters not supported"); throw new InvalidAlgorithmParameterException(
"Parameters not supported");
}
spec = params;
this.random = random; // for TLS RSA premaster secret
} }
implInit(opmode, key); implInit(opmode, key);
} }
...@@ -176,8 +188,8 @@ final class P11RSACipher extends CipherSpi { ...@@ -176,8 +188,8 @@ final class P11RSACipher extends CipherSpi {
SecureRandom random) SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException { throws InvalidKeyException, InvalidAlgorithmParameterException {
if (params != null) { if (params != null) {
throw new InvalidAlgorithmParameterException throw new InvalidAlgorithmParameterException(
("Parameters not supported"); "Parameters not supported");
} }
implInit(opmode, key); implInit(opmode, key);
} }
...@@ -452,21 +464,101 @@ final class P11RSACipher extends CipherSpi { ...@@ -452,21 +464,101 @@ final class P11RSACipher extends CipherSpi {
protected Key engineUnwrap(byte[] wrappedKey, String algorithm, protected Key engineUnwrap(byte[] wrappedKey, String algorithm,
int type) throws InvalidKeyException, NoSuchAlgorithmException { int type) throws InvalidKeyException, NoSuchAlgorithmException {
// XXX implement unwrap using C_Unwrap() for all keys boolean isTlsRsaPremasterSecret =
implInit(Cipher.DECRYPT_MODE, p11Key); algorithm.equals("TlsRsaPremasterSecret");
if (wrappedKey.length > maxInputSize) { Exception failover = null;
throw new InvalidKeyException("Key is too long for unwrapping");
SecureRandom secureRandom = random;
if (secureRandom == null && isTlsRsaPremasterSecret) {
secureRandom = new SecureRandom();
} }
implUpdate(wrappedKey, 0, wrappedKey.length);
try { // Should C_Unwrap be preferred for non-TLS RSA premaster secret?
byte[] encoded = doFinal(); if (token.supportsRawSecretKeyImport()) {
// XXX implement unwrap using C_Unwrap() for all keys
implInit(Cipher.DECRYPT_MODE, p11Key);
if (wrappedKey.length > maxInputSize) {
throw new InvalidKeyException("Key is too long for unwrapping");
}
byte[] encoded = null;
implUpdate(wrappedKey, 0, wrappedKey.length);
try {
encoded = doFinal();
} catch (BadPaddingException e) {
if (isTlsRsaPremasterSecret) {
failover = e;
} else {
throw new InvalidKeyException("Unwrapping failed", e);
}
} catch (IllegalBlockSizeException e) {
// should not occur, handled with length check above
throw new InvalidKeyException("Unwrapping failed", e);
}
if (isTlsRsaPremasterSecret) {
if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) {
throw new IllegalStateException(
"No TlsRsaPremasterSecretParameterSpec specified");
}
// polish the TLS premaster secret
TlsRsaPremasterSecretParameterSpec psps =
(TlsRsaPremasterSecretParameterSpec)spec;
encoded = KeyUtil.checkTlsPreMasterSecretKey(
psps.getClientVersion(), psps.getServerVersion(),
secureRandom, encoded, (failover != null));
}
return ConstructKeys.constructKey(encoded, algorithm, type); return ConstructKeys.constructKey(encoded, algorithm, type);
} catch (BadPaddingException e) { } else {
// should not occur Session s = null;
throw new InvalidKeyException("Unwrapping failed", e); SecretKey secretKey = null;
} catch (IllegalBlockSizeException e) { try {
// should not occur, handled with length check above try {
throw new InvalidKeyException("Unwrapping failed", e); s = token.getObjSession();
long keyType = CKK_GENERIC_SECRET;
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType),
};
attributes = token.getAttributes(
O_IMPORT, CKO_SECRET_KEY, keyType, attributes);
long keyID = token.p11.C_UnwrapKey(s.id(),
new CK_MECHANISM(mechanism), p11Key.keyID,
wrappedKey, attributes);
secretKey = P11Key.secretKey(s, keyID,
algorithm, 48 << 3, attributes);
} catch (PKCS11Exception e) {
if (isTlsRsaPremasterSecret) {
failover = e;
} else {
throw new InvalidKeyException("unwrap() failed", e);
}
}
if (isTlsRsaPremasterSecret) {
byte[] replacer = new byte[48];
if (failover == null) {
// Does smart compiler dispose this operation?
secureRandom.nextBytes(replacer);
}
TlsRsaPremasterSecretParameterSpec psps =
(TlsRsaPremasterSecretParameterSpec)spec;
// Please use the tricky failover and replacer byte array
// as the parameters so that smart compiler won't dispose
// the unused variable .
secretKey = polishPreMasterSecretKey(token, s,
failover, replacer, secretKey,
psps.getClientVersion(), psps.getServerVersion());
}
return secretKey;
} finally {
token.releaseSession(s);
}
} }
} }
...@@ -475,6 +567,34 @@ final class P11RSACipher extends CipherSpi { ...@@ -475,6 +567,34 @@ final class P11RSACipher extends CipherSpi {
int n = P11KeyFactory.convertKey(token, key, algorithm).length(); int n = P11KeyFactory.convertKey(token, key, algorithm).length();
return n; return n;
} }
private static SecretKey polishPreMasterSecretKey(
Token token, Session session,
Exception failover, byte[] replacer, SecretKey secretKey,
int clientVersion, int serverVersion) {
if (failover != null) {
CK_VERSION version = new CK_VERSION(
(clientVersion >>> 8) & 0xFF, clientVersion & 0xFF);
try {
CK_ATTRIBUTE[] attributes = token.getAttributes(
O_GENERATE, CKO_SECRET_KEY,
CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
long keyID = token.p11.C_GenerateKey(session.id(),
// new CK_MECHANISM(CKM_TLS_PRE_MASTER_KEY_GEN, version),
new CK_MECHANISM(CKM_SSL3_PRE_MASTER_KEY_GEN, version),
attributes);
return P11Key.secretKey(session,
keyID, "TlsRsaPremasterSecret", 48 << 3, attributes);
} catch (PKCS11Exception e) {
throw new ProviderException(
"Could not generate premaster secret", e);
}
}
return secretKey;
}
} }
final class ConstructKeys { final class ConstructKeys {
......
src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java
浏览文件 @ de1bd584
...@@ -73,7 +73,7 @@ final class P11TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi { ...@@ -73,7 +73,7 @@ final class P11TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
protected void engineInit(AlgorithmParameterSpec params, protected void engineInit(AlgorithmParameterSpec params,
SecureRandom random) throws InvalidAlgorithmParameterException { SecureRandom random) throws InvalidAlgorithmParameterException {
if (params instanceof TlsRsaPremasterSecretParameterSpec == false) { if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) {
throw new InvalidAlgorithmParameterException(MSG); throw new InvalidAlgorithmParameterException(MSG);
} }
this.spec = (TlsRsaPremasterSecretParameterSpec)params; this.spec = (TlsRsaPremasterSecretParameterSpec)params;
...@@ -83,38 +83,32 @@ final class P11TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi { ...@@ -83,38 +83,32 @@ final class P11TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
throw new InvalidParameterException(MSG); throw new InvalidParameterException(MSG);
} }
// Only can be used in client side to generate TLS RSA premaster secret.
protected SecretKey engineGenerateKey() { protected SecretKey engineGenerateKey() {
if (spec == null) { if (spec == null) {
throw new IllegalStateException throw new IllegalStateException
("TlsRsaPremasterSecretGenerator must be initialized"); ("TlsRsaPremasterSecretGenerator must be initialized");
} }
byte[] b = spec.getEncodedSecret(); CK_VERSION version = new CK_VERSION(
if (b == null) {
CK_VERSION version = new CK_VERSION(
spec.getMajorVersion(), spec.getMinorVersion()); spec.getMajorVersion(), spec.getMinorVersion());
Session session = null; Session session = null;
try { try {
session = token.getObjSession(); session = token.getObjSession();
CK_ATTRIBUTE[] attributes = token.getAttributes( CK_ATTRIBUTE[] attributes = token.getAttributes(
O_GENERATE, CKO_SECRET_KEY, O_GENERATE, CKO_SECRET_KEY,
CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
long keyID = token.p11.C_GenerateKey(session.id(), long keyID = token.p11.C_GenerateKey(session.id(),
new CK_MECHANISM(mechanism, version), attributes); new CK_MECHANISM(mechanism, version), attributes);
SecretKey key = P11Key.secretKey(session, SecretKey key = P11Key.secretKey(session,
keyID, "TlsRsaPremasterSecret", 48 << 3, attributes); keyID, "TlsRsaPremasterSecret", 48 << 3, attributes);
return key; return key;
} catch (PKCS11Exception e) { } catch (PKCS11Exception e) {
throw new ProviderException( throw new ProviderException(
"Could not generate premaster secret", e); "Could not generate premaster secret", e);
} finally { } finally {
token.releaseSession(session); token.releaseSession(session);
}
} }
// Won't worry, the TlsRsaPremasterSecret will be soon converted to
// TlsMasterSecret.
return new SecretKeySpec(b, "TlsRsaPremasterSecret");
} }
} }
src/share/classes/sun/security/pkcs11/Token.java
浏览文件 @ de1bd584
...@@ -36,6 +36,7 @@ import javax.security.auth.login.LoginException; ...@@ -36,6 +36,7 @@ import javax.security.auth.login.LoginException;
import sun.security.jca.JCAUtil; import sun.security.jca.JCAUtil;
import sun.security.pkcs11.wrapper.*; import sun.security.pkcs11.wrapper.*;
import static sun.security.pkcs11.TemplateManager.*;
import static sun.security.pkcs11.wrapper.PKCS11Constants.*; import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
/** /**
...@@ -122,6 +123,9 @@ class Token implements Serializable { ...@@ -122,6 +123,9 @@ class Token implements Serializable {
private final static CK_MECHANISM_INFO INVALID_MECH = private final static CK_MECHANISM_INFO INVALID_MECH =
new CK_MECHANISM_INFO(0, 0, 0); new CK_MECHANISM_INFO(0, 0, 0);
// flag indicating whether the token supports raw secret key material import
private Boolean supportsRawSecretKeyImport;
Token(SunPKCS11 provider) throws PKCS11Exception { Token(SunPKCS11 provider) throws PKCS11Exception {
this.provider = provider; this.provider = provider;
this.removable = provider.removable; this.removable = provider.removable;
...@@ -160,6 +164,36 @@ class Token implements Serializable { ...@@ -160,6 +164,36 @@ class Token implements Serializable {
return writeProtected; return writeProtected;
} }
// return whether the token supports raw secret key material import
boolean supportsRawSecretKeyImport() {
if (supportsRawSecretKeyImport == null) {
SecureRandom random = JCAUtil.getSecureRandom();
byte[] encoded = new byte[48];
random.nextBytes(encoded);
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[3];
attributes[0] = new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY);
attributes[1] = new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_GENERIC_SECRET);
attributes[2] = new CK_ATTRIBUTE(CKA_VALUE, encoded);
Session session = null;
try {
attributes = getAttributes(O_IMPORT,
CKO_SECRET_KEY, CKK_GENERIC_SECRET, attributes);
session = getObjSession();
long keyID = p11.C_CreateObject(session.id(), attributes);
supportsRawSecretKeyImport = Boolean.TRUE;
} catch (PKCS11Exception e) {
supportsRawSecretKeyImport = Boolean.FALSE;
} finally {
releaseSession(session);
}
}
return supportsRawSecretKeyImport;
}
// return whether we are logged in // return whether we are logged in
// uses cached result if current. session is optional and may be null // uses cached result if current. session is optional and may be null
boolean isLoggedIn(Session session) throws PKCS11Exception { boolean isLoggedIn(Session session) throws PKCS11Exception {
......
src/share/classes/sun/security/ssl/ByteBufferInputStream.java
浏览文件 @ de1bd584
/* /*
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -60,7 +60,8 @@ class ByteBufferInputStream extends InputStream { ...@@ -60,7 +60,8 @@ class ByteBufferInputStream extends InputStream {
if (bb.remaining() == 0) { if (bb.remaining() == 0) {
return -1; return -1;
} }
return bb.get();
return (bb.get() & 0xFF); // need to be in the range 0 to 255
} }
/** /**
......
src/share/classes/sun/security/ssl/EngineInputRecord.java
浏览文件 @ de1bd584
/* /*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -109,14 +109,8 @@ final class EngineInputRecord extends InputRecord { ...@@ -109,14 +109,8 @@ final class EngineInputRecord extends InputRecord {
ProtocolVersion recordVersion = ProtocolVersion recordVersion =
ProtocolVersion.valueOf(buf.get(pos + 1), buf.get(pos + 2)); ProtocolVersion.valueOf(buf.get(pos + 1), buf.get(pos + 2));
// Check if too old (currently not possible) // check the record version
// or if the major version does not match. checkRecordVersion(recordVersion, false);
// The actual version negotiation is in the handshaker classes
if ((recordVersion.v < ProtocolVersion.MIN.v)
|| (recordVersion.major > ProtocolVersion.MAX.major)) {
throw new SSLException(
"Unsupported record version " + recordVersion);
}
/* /*
* Reasonably sure this is a V3, disable further checks. * Reasonably sure this is a V3, disable further checks.
...@@ -147,18 +141,8 @@ final class EngineInputRecord extends InputRecord { ...@@ -147,18 +141,8 @@ final class EngineInputRecord extends InputRecord {
ProtocolVersion recordVersion = ProtocolVersion recordVersion =
ProtocolVersion.valueOf(buf.get(pos + 3), buf.get(pos + 4)); ProtocolVersion.valueOf(buf.get(pos + 3), buf.get(pos + 4));
// Check if too old (currently not possible) // check the record version
// or if the major version does not match. checkRecordVersion(recordVersion, true);
// The actual version negotiation is in the handshaker classes
if ((recordVersion.v < ProtocolVersion.MIN.v)
|| (recordVersion.major > ProtocolVersion.MAX.major)) {
// if it's not SSLv2, we're out of here.
if (recordVersion.v != ProtocolVersion.SSL20Hello.v) {
throw new SSLException(
"Unsupported record version " + recordVersion);
}
}
/* /*
* Client or Server Hello * Client or Server Hello
...@@ -406,14 +390,9 @@ final class EngineInputRecord extends InputRecord { ...@@ -406,14 +390,9 @@ final class EngineInputRecord extends InputRecord {
ProtocolVersion recordVersion = ProtocolVersion.valueOf( ProtocolVersion recordVersion = ProtocolVersion.valueOf(
srcBB.get(srcPos + 1), srcBB.get(srcPos + 2)); srcBB.get(srcPos + 1), srcBB.get(srcPos + 2));
// Check if too old (currently not possible)
// or if the major version does not match. // check the record version
// The actual version negotiation is in the handshaker classes checkRecordVersion(recordVersion, false);
if ((recordVersion.v < ProtocolVersion.MIN.v)
|| (recordVersion.major > ProtocolVersion.MAX.major)) {
throw new SSLException(
"Unsupported record version " + recordVersion);
}
/* /*
* It's really application data. How much to consume? * It's really application data. How much to consume?
......
src/share/classes/sun/security/ssl/InputRecord.java
浏览文件 @ de1bd584
/* /*
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -533,20 +533,36 @@ class InputRecord extends ByteArrayInputStream implements Record { ...@@ -533,20 +533,36 @@ class InputRecord extends ByteArrayInputStream implements Record {
} }
} }
/**
* Return true if the specified record protocol version is out of the
* range of the possible supported versions.
*/
static void checkRecordVersion(ProtocolVersion version,
boolean allowSSL20Hello) throws SSLException {
// Check if the record version is too old (currently not possible)
// or if the major version does not match.
//
// The actual version negotiation is in the handshaker classes
if ((version.v < ProtocolVersion.MIN.v) ||
((version.major & 0xFF) > (ProtocolVersion.MAX.major & 0xFF))) {
// if it's not SSLv2, we're out of here.
if (!allowSSL20Hello ||
(version.v != ProtocolVersion.SSL20Hello.v)) {
throw new SSLException("Unsupported record version " + version);
}
}
}
/** /**
* Read a SSL/TLS record. Throw an IOException if the format is invalid. * Read a SSL/TLS record. Throw an IOException if the format is invalid.
*/ */
private void readV3Record(InputStream s, OutputStream o) private void readV3Record(InputStream s, OutputStream o)
throws IOException { throws IOException {
ProtocolVersion recordVersion = ProtocolVersion.valueOf(buf[1], buf[2]); ProtocolVersion recordVersion = ProtocolVersion.valueOf(buf[1], buf[2]);
// Check if too old (currently not possible)
// or if the major version does not match. // check the record version
// The actual version negotiation is in the handshaker classes checkRecordVersion(recordVersion, false);
if ((recordVersion.v < ProtocolVersion.MIN.v)
|| (recordVersion.major > ProtocolVersion.MAX.major)) {
throw new SSLException(
"Unsupported record version " + recordVersion);
}
/* /*
* Get and check length, then the data. * Get and check length, then the data.
......
src/share/classes/sun/security/ssl/ProtocolVersion.java
浏览文件 @ de1bd584
/* /*
* Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -101,7 +101,7 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> { ...@@ -101,7 +101,7 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> {
this.v = v; this.v = v;
this.name = name; this.name = name;
major = (byte)(v >>> 8); major = (byte)(v >>> 8);
minor = (byte)(v & 0xff); minor = (byte)(v & 0xFF);
} }
// private // private
...@@ -117,8 +117,8 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> { ...@@ -117,8 +117,8 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> {
} else if (v == SSL20Hello.v) { } else if (v == SSL20Hello.v) {
return SSL20Hello; return SSL20Hello;
} else { } else {
int major = (v >>> 8) & 0xff; int major = (v >>> 8) & 0xFF;
int minor = v & 0xff; int minor = v & 0xFF;
return new ProtocolVersion(v, "Unknown-" + major + "." + minor); return new ProtocolVersion(v, "Unknown-" + major + "." + minor);
} }
} }
...@@ -128,10 +128,7 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> { ...@@ -128,10 +128,7 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> {
* numbers. Never throws exceptions. * numbers. Never throws exceptions.
*/ */
public static ProtocolVersion valueOf(int major, int minor) { public static ProtocolVersion valueOf(int major, int minor) {
major &= 0xff; return valueOf(((major & 0xFF) << 8) | (minor & 0xFF));
minor &= 0xff;
int v = (major << 8) | minor;
return valueOf(v);
} }
/** /**
......
src/share/classes/sun/security/ssl/RSAClientKeyExchange.java
浏览文件 @ de1bd584
...@@ -48,23 +48,6 @@ import sun.security.util.KeyUtil; ...@@ -48,23 +48,6 @@ import sun.security.util.KeyUtil;
*/ */
final class RSAClientKeyExchange extends HandshakeMessage { final class RSAClientKeyExchange extends HandshakeMessage {
/**
* The TLS spec says that the version in the RSA premaster secret must
* be the maximum version supported by the client (i.e. the version it
* requested in its client hello version). However, we (and other
* implementations) used to send the active negotiated version. The
* system property below allows to toggle the behavior.
*/
private final static String PROP_NAME =
"com.sun.net.ssl.rsaPreMasterSecretFix";
/*
* Default is "false" (old behavior) for compatibility reasons in
* SSLv3/TLSv1. Later protocols (TLSv1.1+) do not use this property.
*/
private final static boolean rsaPreMasterSecretFix =
Debug.getBooleanProperty(PROP_NAME, false);
/* /*
* The following field values were encrypted with the server's public * The following field values were encrypted with the server's public
* key (or temp key from server key exchange msg) and are presented * key (or temp key from server key exchange msg) and are presented
...@@ -88,22 +71,12 @@ final class RSAClientKeyExchange extends HandshakeMessage { ...@@ -88,22 +71,12 @@ final class RSAClientKeyExchange extends HandshakeMessage {
} }
this.protocolVersion = protocolVersion; this.protocolVersion = protocolVersion;
int major, minor;
if (rsaPreMasterSecretFix || maxVersion.v >= ProtocolVersion.TLS11.v) {
major = maxVersion.major;
minor = maxVersion.minor;
} else {
major = protocolVersion.major;
minor = protocolVersion.minor;
}
try { try {
String s = ((protocolVersion.v >= ProtocolVersion.TLS12.v) ? String s = ((protocolVersion.v >= ProtocolVersion.TLS12.v) ?
"SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret"); "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
KeyGenerator kg = JsseJce.getKeyGenerator(s); KeyGenerator kg = JsseJce.getKeyGenerator(s);
kg.init(new TlsRsaPremasterSecretParameterSpec(major, minor), kg.init(new TlsRsaPremasterSecretParameterSpec(
generator); maxVersion.v, protocolVersion.v), generator);
preMaster = kg.generateKey(); preMaster = kg.generateKey();
Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1); Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1);
...@@ -138,18 +111,16 @@ final class RSAClientKeyExchange extends HandshakeMessage { ...@@ -138,18 +111,16 @@ final class RSAClientKeyExchange extends HandshakeMessage {
} }
} }
Exception failover = null;
byte[] encoded = null;
try { try {
Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1); Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1);
// Cannot generate key here, please don't use Cipher.UNWRAP_MODE! cipher.init(Cipher.UNWRAP_MODE, privateKey,
cipher.init(Cipher.DECRYPT_MODE, privateKey); new TlsRsaPremasterSecretParameterSpec(
encoded = cipher.doFinal(encrypted); maxVersion.v, currentVersion.v),
} catch (BadPaddingException bpe) { generator);
failover = bpe; preMaster = (SecretKey)cipher.unwrap(encrypted,
encoded = null; "TlsRsaPremasterSecret", Cipher.SECRET_KEY);
} catch (IllegalBlockSizeException ibse) { } catch (InvalidKeyException ibk) {
// the message it too big to process with RSA // the message is too big to process with RSA
throw new SSLProtocolException( throw new SSLProtocolException(
"Unable to process PreMasterSecret, may be too big"); "Unable to process PreMasterSecret, may be too big");
} catch (Exception e) { } catch (Exception e) {
...@@ -160,124 +131,6 @@ final class RSAClientKeyExchange extends HandshakeMessage { ...@@ -160,124 +131,6 @@ final class RSAClientKeyExchange extends HandshakeMessage {
} }
throw new RuntimeException("Could not generate dummy secret", e); throw new RuntimeException("Could not generate dummy secret", e);
} }
// polish the premaster secret
preMaster = polishPreMasterSecretKey(
currentVersion, maxVersion, generator, encoded, failover);
}
/**
* To avoid vulnerabilities described by section 7.4.7.1, RFC 5246,
* treating incorrectly formatted message blocks and/or mismatched
* version numbers in a manner indistinguishable from correctly
* formatted RSA blocks.
*
* RFC 5246 describes the approach as :
*
* 1. Generate a string R of 48 random bytes
*
* 2. Decrypt the message to recover the plaintext M
*
* 3. If the PKCS#1 padding is not correct, or the length of message
* M is not exactly 48 bytes:
* pre_master_secret = R
* else If ClientHello.client_version <= TLS 1.0, and version
* number check is explicitly disabled:
* premaster secret = M
* else If M[0..1] != ClientHello.client_version:
* premaster secret = R
* else:
* premaster secret = M
*
* Note that #2 has completed before the call of this method.
*/
private SecretKey polishPreMasterSecretKey(ProtocolVersion currentVersion,
ProtocolVersion clientHelloVersion, SecureRandom generator,
byte[] encoded, Exception failoverException) {
this.protocolVersion = clientHelloVersion;
if (generator == null) {
generator = new SecureRandom();
}
byte[] random = new byte[48];
generator.nextBytes(random);
if (failoverException == null && encoded != null) {
// check the length
if (encoded.length != 48) {
if (debug != null && Debug.isOn("handshake")) {
System.out.println(
"incorrect length of premaster secret: " +
encoded.length);
}
return generatePreMasterSecret(
clientHelloVersion, random, generator);
}
if (clientHelloVersion.major != encoded[0] ||
clientHelloVersion.minor != encoded[1]) {
if (clientHelloVersion.v <= ProtocolVersion.TLS10.v &&
currentVersion.major == encoded[0] &&
currentVersion.minor == encoded[1]) {
/*
* For compatibility, we maintain the behavior that the
* version in pre_master_secret can be the negotiated
* version for TLS v1.0 and SSL v3.0.
*/
this.protocolVersion = currentVersion;
} else {
if (debug != null && Debug.isOn("handshake")) {
System.out.println("Mismatching Protocol Versions, " +
"ClientHello.client_version is " +
clientHelloVersion +
", while PreMasterSecret.client_version is " +
ProtocolVersion.valueOf(encoded[0], encoded[1]));
}
encoded = random;
}
}
return generatePreMasterSecret(
clientHelloVersion, encoded, generator);
}
if (debug != null && Debug.isOn("handshake") &&
failoverException != null) {
System.out.println("Error decrypting premaster secret:");
failoverException.printStackTrace(System.out);
}
return generatePreMasterSecret(clientHelloVersion, random, generator);
}
// generate a premaster secret with the specified version number
private static SecretKey generatePreMasterSecret(
ProtocolVersion version, byte[] encodedSecret,
SecureRandom generator) {
if (debug != null && Debug.isOn("handshake")) {
System.out.println("Generating a random fake premaster secret");
}
try {
String s = ((version.v >= ProtocolVersion.TLS12.v) ?
"SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
KeyGenerator kg = JsseJce.getKeyGenerator(s);
kg.init(new TlsRsaPremasterSecretParameterSpec(
version.major, version.minor, encodedSecret), generator);
return kg.generateKey();
} catch (InvalidAlgorithmParameterException |
NoSuchAlgorithmException iae) {
// unlikely to happen, otherwise, must be a provider exception
if (debug != null && Debug.isOn("handshake")) {
System.out.println("RSA premaster secret generation error:");
iae.printStackTrace(System.out);
}
throw new RuntimeException("Could not generate dummy secret", iae);
}
} }
@Override @Override
......
src/share/classes/sun/security/util/KeyUtil.java
浏览文件 @ de1bd584
/* /*
* Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -32,6 +32,7 @@ import java.security.InvalidKeyException; ...@@ -32,6 +32,7 @@ import java.security.InvalidKeyException;
import java.security.interfaces.ECKey; import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey; import java.security.interfaces.RSAKey;
import java.security.interfaces.DSAKey; import java.security.interfaces.DSAKey;
import java.security.SecureRandom;
import java.security.spec.KeySpec; import java.security.spec.KeySpec;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHKey; import javax.crypto.interfaces.DHKey;
...@@ -156,6 +157,79 @@ public final class KeyUtil { ...@@ -156,6 +157,79 @@ public final class KeyUtil {
providerName.startsWith("SunPKCS11")); providerName.startsWith("SunPKCS11"));
} }
/**
* Check the format of TLS PreMasterSecret.
* <P>
* To avoid vulnerabilities described by section 7.4.7.1, RFC 5246,
* treating incorrectly formatted message blocks and/or mismatched
* version numbers in a manner indistinguishable from correctly
* formatted RSA blocks.
*
* RFC 5246 describes the approach as :
*
* 1. Generate a string R of 48 random bytes
*
* 2. Decrypt the message to recover the plaintext M
*
* 3. If the PKCS#1 padding is not correct, or the length of message
* M is not exactly 48 bytes:
* pre_master_secret = R
* else If ClientHello.client_version <= TLS 1.0, and version
* number check is explicitly disabled:
* premaster secret = M
* else If M[0..1] != ClientHello.client_version:
* premaster secret = R
* else:
* premaster secret = M
*
* Note that #2 should have completed before the call to this method.
*
* @param clientVersion the version of the TLS protocol by which the
* client wishes to communicate during this session
* @param serverVersion the negotiated version of the TLS protocol which
* contains the lower of that suggested by the client in the client
* hello and the highest supported by the server.
* @param encoded the encoded key in its "RAW" encoding format
* @param isFailover whether or not the previous decryption of the
* encrypted PreMasterSecret message run into problem
* @return the polished PreMasterSecret key in its "RAW" encoding format
*/
public static byte[] checkTlsPreMasterSecretKey(
int clientVersion, int serverVersion, SecureRandom random,
byte[] encoded, boolean isFailOver) {
if (random == null) {
random = new SecureRandom();
}
byte[] replacer = new byte[48];
random.nextBytes(replacer);
if (!isFailOver && (encoded != null)) {
// check the length
if (encoded.length != 48) {
// private, don't need to clone the byte array.
return replacer;
}
int encodedVersion =
((encoded[0] & 0xFF) << 8) | (encoded[1] & 0xFF);
if (clientVersion != encodedVersion) {
if (clientVersion > 0x0301 || // 0x0301: TLSv1
serverVersion != encodedVersion) {
encoded = replacer;
} // Otherwise, For compatibility, we maintain the behavior
// that the version in pre_master_secret can be the
// negotiated version for TLS v1.0 and SSL v3.0.
}
// private, don't need to clone the byte array.
return encoded;
}
// private, don't need to clone the byte array.
return replacer;
}
/** /**
* Returns whether the Diffie-Hellman public key is valid or not. * Returns whether the Diffie-Hellman public key is valid or not.
* *
......
src/solaris/native/sun/awt/awt_util.c
浏览文件 @ de1bd584
...@@ -62,7 +62,7 @@ static Atom decor_list[9]; ...@@ -62,7 +62,7 @@ static Atom decor_list[9];
#define MIN(a,b) ((a) < (b) ? (a) : (b)) #define MIN(a,b) ((a) < (b) ? (a) : (b))
#endif #endif
void jboolean
awtJNI_ThreadYield(JNIEnv *env) { awtJNI_ThreadYield(JNIEnv *env) {
static jclass threadClass = NULL; static jclass threadClass = NULL;
...@@ -76,7 +76,7 @@ awtJNI_ThreadYield(JNIEnv *env) { ...@@ -76,7 +76,7 @@ awtJNI_ThreadYield(JNIEnv *env) {
Boolean err = FALSE; Boolean err = FALSE;
if (threadClass == NULL) { if (threadClass == NULL) {
jclass tc = (*env)->FindClass(env, "java/lang/Thread"); jclass tc = (*env)->FindClass(env, "java/lang/Thread");
CHECK_NULL(tc); CHECK_NULL_RETURN(tc, JNI_FALSE);
threadClass = (*env)->NewGlobalRef(env, tc); threadClass = (*env)->NewGlobalRef(env, tc);
(*env)->DeleteLocalRef(env, tc); (*env)->DeleteLocalRef(env, tc);
if (threadClass != NULL) { if (threadClass != NULL) {
...@@ -92,10 +92,11 @@ awtJNI_ThreadYield(JNIEnv *env) { ...@@ -92,10 +92,11 @@ awtJNI_ThreadYield(JNIEnv *env) {
err = TRUE; err = TRUE;
} }
if (err) { if (err) {
return; return JNI_FALSE;
} }
} /* threadClass == NULL*/ } /* threadClass == NULL*/
(*env)->CallStaticVoidMethod(env, threadClass, yieldMethodID); (*env)->CallStaticVoidMethod(env, threadClass, yieldMethodID);
DASSERT(!((*env)->ExceptionOccurred(env))); DASSERT(!((*env)->ExceptionOccurred(env)));
return JNI_TRUE;
} /* awtJNI_ThreadYield() */ } /* awtJNI_ThreadYield() */
src/solaris/native/sun/awt/awt_util.h
浏览文件 @ de1bd584
/* /*
* Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -78,7 +78,7 @@ struct DPos { ...@@ -78,7 +78,7 @@ struct DPos {
int32_t echoC; int32_t echoC;
}; };
extern void awtJNI_ThreadYield(JNIEnv *env); extern jboolean awtJNI_ThreadYield(JNIEnv *env);
/* /*
* Functions for accessing fields by name and signature * Functions for accessing fields by name and signature
......
src/solaris/native/sun/xawt/XToolkit.c
浏览文件 @ de1bd584
/* /*
* Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -40,6 +40,7 @@ ...@@ -40,6 +40,7 @@
#include "awt_Component.h" #include "awt_Component.h"
#include "awt_MenuComponent.h" #include "awt_MenuComponent.h"
#include "awt_Font.h" #include "awt_Font.h"
#include "awt_util.h"
#include "sun_awt_X11_XToolkit.h" #include "sun_awt_X11_XToolkit.h"
#include "java_awt_SystemColor.h" #include "java_awt_SystemColor.h"
...@@ -76,6 +77,8 @@ struct MenuComponentIDs menuComponentIDs; ...@@ -76,6 +77,8 @@ struct MenuComponentIDs menuComponentIDs;
#ifndef HEADLESS #ifndef HEADLESS
extern Display* awt_init_Display(JNIEnv *env, jobject this); extern Display* awt_init_Display(JNIEnv *env, jobject this);
extern void freeNativeStringArray(char **array, long length);
extern char** stringArrayToNative(JNIEnv *env, jobjectArray array, jsize * ret_length);
struct XFontPeerIDs xFontPeerIDs; struct XFontPeerIDs xFontPeerIDs;
...@@ -103,9 +106,11 @@ Java_sun_awt_X11_XToolkit_initIDs ...@@ -103,9 +106,11 @@ Java_sun_awt_X11_XToolkit_initIDs
(JNIEnv *env, jclass clazz) (JNIEnv *env, jclass clazz)
{ {
jfieldID fid = (*env)->GetStaticFieldID(env, clazz, "numLockMask", "I"); jfieldID fid = (*env)->GetStaticFieldID(env, clazz, "numLockMask", "I");
CHECK_NULL(fid);
awt_NumLockMask = (*env)->GetStaticIntField(env, clazz, fid); awt_NumLockMask = (*env)->GetStaticIntField(env, clazz, fid);
DTRACE_PRINTLN1("awt_NumLockMask = %u", awt_NumLockMask); DTRACE_PRINTLN1("awt_NumLockMask = %u", awt_NumLockMask);
fid = (*env)->GetStaticFieldID(env, clazz, "modLockIsShiftLock", "I"); fid = (*env)->GetStaticFieldID(env, clazz, "modLockIsShiftLock", "I");
CHECK_NULL(fid);
awt_ModLockIsShiftLock = (*env)->GetStaticIntField(env, clazz, fid) != 0 ? True : False; awt_ModLockIsShiftLock = (*env)->GetStaticIntField(env, clazz, fid) != 0 ? True : False;
} }
...@@ -173,21 +178,31 @@ Java_java_awt_Component_initIDs ...@@ -173,21 +178,31 @@ Java_java_awt_Component_initIDs
componentIDs.x = (*env)->GetFieldID(env, cls, "x", "I"); componentIDs.x = (*env)->GetFieldID(env, cls, "x", "I");
CHECK_NULL(componentIDs.x);
componentIDs.y = (*env)->GetFieldID(env, cls, "y", "I"); componentIDs.y = (*env)->GetFieldID(env, cls, "y", "I");
CHECK_NULL(componentIDs.y);
componentIDs.width = (*env)->GetFieldID(env, cls, "width", "I"); componentIDs.width = (*env)->GetFieldID(env, cls, "width", "I");
CHECK_NULL(componentIDs.width);
componentIDs.height = (*env)->GetFieldID(env, cls, "height", "I"); componentIDs.height = (*env)->GetFieldID(env, cls, "height", "I");
CHECK_NULL(componentIDs.height);
componentIDs.isPacked = (*env)->GetFieldID(env, cls, "isPacked", "Z"); componentIDs.isPacked = (*env)->GetFieldID(env, cls, "isPacked", "Z");
CHECK_NULL(componentIDs.isPacked);
componentIDs.peer = componentIDs.peer =
(*env)->GetFieldID(env, cls, "peer", "Ljava/awt/peer/ComponentPeer;"); (*env)->GetFieldID(env, cls, "peer", "Ljava/awt/peer/ComponentPeer;");
CHECK_NULL(componentIDs.peer);
componentIDs.background = componentIDs.background =
(*env)->GetFieldID(env, cls, "background", "Ljava/awt/Color;"); (*env)->GetFieldID(env, cls, "background", "Ljava/awt/Color;");
CHECK_NULL(componentIDs.background);
componentIDs.foreground = componentIDs.foreground =
(*env)->GetFieldID(env, cls, "foreground", "Ljava/awt/Color;"); (*env)->GetFieldID(env, cls, "foreground", "Ljava/awt/Color;");
CHECK_NULL(componentIDs.foreground);
componentIDs.graphicsConfig = componentIDs.graphicsConfig =
(*env)->GetFieldID(env, cls, "graphicsConfig", (*env)->GetFieldID(env, cls, "graphicsConfig",
"Ljava/awt/GraphicsConfiguration;"); "Ljava/awt/GraphicsConfiguration;");
CHECK_NULL(componentIDs.graphicsConfig);
componentIDs.name = componentIDs.name =
(*env)->GetFieldID(env, cls, "name", "Ljava/lang/String;"); (*env)->GetFieldID(env, cls, "name", "Ljava/lang/String;");
CHECK_NULL(componentIDs.name);
/* Use _NoClientCode() methods for trusted methods, so that we /* Use _NoClientCode() methods for trusted methods, so that we
* know that we are not invoking client code on trusted threads * know that we are not invoking client code on trusted threads
...@@ -195,19 +210,20 @@ Java_java_awt_Component_initIDs ...@@ -195,19 +210,20 @@ Java_java_awt_Component_initIDs
componentIDs.getParent = componentIDs.getParent =
(*env)->GetMethodID(env, cls, "getParent_NoClientCode", (*env)->GetMethodID(env, cls, "getParent_NoClientCode",
"()Ljava/awt/Container;"); "()Ljava/awt/Container;");
CHECK_NULL(componentIDs.getParent);
componentIDs.getLocationOnScreen = componentIDs.getLocationOnScreen =
(*env)->GetMethodID(env, cls, "getLocationOnScreen_NoTreeLock", (*env)->GetMethodID(env, cls, "getLocationOnScreen_NoTreeLock",
"()Ljava/awt/Point;"); "()Ljava/awt/Point;");
CHECK_NULL(componentIDs.getLocationOnScreen);
keyclass = (*env)->FindClass(env, "java/awt/event/KeyEvent"); keyclass = (*env)->FindClass(env, "java/awt/event/KeyEvent");
if (JNU_IsNull(env, keyclass)) { CHECK_NULL(keyclass);
return;
}
componentIDs.isProxyActive = componentIDs.isProxyActive =
(*env)->GetFieldID(env, keyclass, "isProxyActive", (*env)->GetFieldID(env, keyclass, "isProxyActive",
"Z"); "Z");
CHECK_NULL(componentIDs.isProxyActive);
componentIDs.appContext = componentIDs.appContext =
(*env)->GetFieldID(env, cls, "appContext", (*env)->GetFieldID(env, cls, "appContext",
...@@ -339,7 +355,7 @@ JNIEXPORT void JNICALL Java_java_awt_Dialog_initIDs (JNIEnv *env, jclass cls) ...@@ -339,7 +355,7 @@ JNIEXPORT void JNICALL Java_java_awt_Dialog_initIDs (JNIEnv *env, jclass cls)
static void waitForEvents(JNIEnv *, jlong); static void waitForEvents(JNIEnv *, jlong);
static void awt_pipe_init(); static void awt_pipe_init();
static void processOneEvent(XtInputMask iMask); static void processOneEvent(XtInputMask iMask);
static void performPoll(JNIEnv *, jlong); static Boolean performPoll(JNIEnv *, jlong);
static void wakeUp(); static void wakeUp();
static void update_poll_timeout(int timeout_control); static void update_poll_timeout(int timeout_control);
static uint32_t get_poll_timeout(jlong nextTaskTime); static uint32_t get_poll_timeout(jlong nextTaskTime);
...@@ -608,11 +624,13 @@ static uint32_t get_poll_timeout(jlong nextTaskTime) ...@@ -608,11 +624,13 @@ static uint32_t get_poll_timeout(jlong nextTaskTime)
*/ */
void void
waitForEvents(JNIEnv *env, jlong nextTaskTime) { waitForEvents(JNIEnv *env, jlong nextTaskTime) {
performPoll(env, nextTaskTime); if (performPoll(env, nextTaskTime)
if ((awt_next_flush_time > 0) && (awtJNI_TimeMillis() >= awt_next_flush_time)) { && (awt_next_flush_time > 0)
XFlush(awt_display); && (awtJNI_TimeMillis() >= awt_next_flush_time)) {
awt_last_flush_time = awt_next_flush_time;
awt_next_flush_time = 0LL; XFlush(awt_display);
awt_last_flush_time = awt_next_flush_time;
awt_next_flush_time = 0LL;
} }
} /* waitForEvents() */ } /* waitForEvents() */
...@@ -646,7 +664,7 @@ JNIEXPORT void JNICALL Java_sun_awt_X11_XToolkit_wakeup_1poll (JNIEnv *env, jcla ...@@ -646,7 +664,7 @@ JNIEXPORT void JNICALL Java_sun_awt_X11_XToolkit_wakeup_1poll (JNIEnv *env, jcla
* *
* The fdAWTPipe will be empty when this returns. * The fdAWTPipe will be empty when this returns.
*/ */
static void static Boolean
performPoll(JNIEnv *env, jlong nextTaskTime) { performPoll(JNIEnv *env, jlong nextTaskTime) {
static Bool pollFdsInited = False; static Bool pollFdsInited = False;
static char read_buf[AWT_POLL_BUFSIZE + 1]; /* dummy buf to empty pipe */ static char read_buf[AWT_POLL_BUFSIZE + 1]; /* dummy buf to empty pipe */
...@@ -673,7 +691,9 @@ performPoll(JNIEnv *env, jlong nextTaskTime) { ...@@ -673,7 +691,9 @@ performPoll(JNIEnv *env, jlong nextTaskTime) {
/* ACTUALLY DO THE POLL() */ /* ACTUALLY DO THE POLL() */
if (timeout == 0) { if (timeout == 0) {
// be sure other threads get a chance // be sure other threads get a chance
awtJNI_ThreadYield(env); if (!awtJNI_ThreadYield(env)) {
return FALSE;
}
} }
if (tracing) poll_sleep_time = awtJNI_TimeMillis(); if (tracing) poll_sleep_time = awtJNI_TimeMillis();
...@@ -701,7 +721,7 @@ performPoll(JNIEnv *env, jlong nextTaskTime) { ...@@ -701,7 +721,7 @@ performPoll(JNIEnv *env, jlong nextTaskTime) {
update_poll_timeout(TIMEOUT_EVENTS); update_poll_timeout(TIMEOUT_EVENTS);
PRINT2("performPoll(): TIMEOUT_EVENTS curPollTimeout = %ld \n", curPollTimeout); PRINT2("performPoll(): TIMEOUT_EVENTS curPollTimeout = %ld \n", curPollTimeout);
} }
return; return TRUE;
} /* performPoll() */ } /* performPoll() */
...@@ -856,23 +876,25 @@ Java_sun_awt_motif_XsessionWMcommand(JNIEnv *env, jobject this, ...@@ -856,23 +876,25 @@ Java_sun_awt_motif_XsessionWMcommand(JNIEnv *env, jobject this,
xawt_root_window = get_xawt_root_shell(env); xawt_root_window = get_xawt_root_shell(env);
if ( xawt_root_window == None ) { if ( xawt_root_window == None ) {
JNU_ThrowNullPointerException(env, "AWT root shell is unrealized");
AWT_UNLOCK(); AWT_UNLOCK();
JNU_ThrowNullPointerException(env, "AWT root shell is unrealized");
return; return;
} }
command = (char *) JNU_GetStringPlatformChars(env, jcommand, NULL); command = (char *) JNU_GetStringPlatformChars(env, jcommand, NULL);
c[0] = (char *)command; if (command != NULL) {
status = XmbTextListToTextProperty(awt_display, c, 1, c[0] = (char *)command;
XStdICCTextStyle, &text_prop); status = XmbTextListToTextProperty(awt_display, c, 1,
XStdICCTextStyle, &text_prop);
if (status == Success || status > 0) {
XSetTextProperty(awt_display, xawt_root_window, if (status == Success || status > 0) {
&text_prop, XA_WM_COMMAND); XSetTextProperty(awt_display, xawt_root_window,
if (text_prop.value != NULL) &text_prop, XA_WM_COMMAND);
XFree(text_prop.value); if (text_prop.value != NULL)
XFree(text_prop.value);
}
JNU_ReleaseStringPlatformChars(env, jcommand, command);
} }
JNU_ReleaseStringPlatformChars(env, jcommand, command);
AWT_UNLOCK(); AWT_UNLOCK();
} }
...@@ -886,96 +908,56 @@ Java_sun_awt_motif_XsessionWMcommand(JNIEnv *env, jobject this, ...@@ -886,96 +908,56 @@ Java_sun_awt_motif_XsessionWMcommand(JNIEnv *env, jobject this,
* name. It's not! It's just a plain function. * name. It's not! It's just a plain function.
*/ */
JNIEXPORT void JNICALL JNIEXPORT void JNICALL
Java_sun_awt_motif_XsessionWMcommand_New(JNIEnv *env, jobjectArray jargv) Java_sun_awt_motif_XsessionWMcommand_New(JNIEnv *env, jobjectArray jarray)
{ {
static const char empty[] = ""; jsize length;
char ** array;
int argc;
const char **cargv;
XTextProperty text_prop; XTextProperty text_prop;
int status; int status;
int i;
Window xawt_root_window; Window xawt_root_window;
AWT_LOCK(); AWT_LOCK();
xawt_root_window = get_xawt_root_shell(env); xawt_root_window = get_xawt_root_shell(env);
if (xawt_root_window == None) { if (xawt_root_window == None) {
JNU_ThrowNullPointerException(env, "AWT root shell is unrealized");
AWT_UNLOCK(); AWT_UNLOCK();
JNU_ThrowNullPointerException(env, "AWT root shell is unrealized");
return; return;
} }
argc = (int)(*env)->GetArrayLength(env, jargv); array = stringArrayToNative(env, jarray, &length);
if (argc == 0) {
AWT_UNLOCK();
return;
}
/* array of C strings */
cargv = (const char **)calloc(argc, sizeof(char *));
if (cargv == NULL) {
JNU_ThrowOutOfMemoryError(env, "Unable to allocate cargv");
AWT_UNLOCK();
return;
}
/* fill C array with platform chars of java strings */ if (array != NULL) {
for (i = 0; i < argc; ++i) { status = XmbTextListToTextProperty(awt_display, array, length,
jstring js; XStdICCTextStyle, &text_prop);
const char *cs; if (status < 0) {
switch (status) {
cs = NULL; case XNoMemory:
js = (*env)->GetObjectArrayElement(env, jargv, i); JNU_ThrowOutOfMemoryError(env,
if (js != NULL) { "XmbTextListToTextProperty: XNoMemory");
cs = JNU_GetStringPlatformChars(env, js, NULL); break;
} case XLocaleNotSupported:
if (cs == NULL) { JNU_ThrowInternalError(env,
cs = empty; "XmbTextListToTextProperty: XLocaleNotSupported");
} break;
cargv[i] = cs; case XConverterNotFound:
(*env)->DeleteLocalRef(env, js); JNU_ThrowNullPointerException(env,
} "XmbTextListToTextProperty: XConverterNotFound");
break;
/* grr, X prototype doesn't declare cargv as const, thought it really is */ default:
status = XmbTextListToTextProperty(awt_display, (char **)cargv, argc, JNU_ThrowInternalError(env,
XStdICCTextStyle, &text_prop); "XmbTextListToTextProperty: unknown error");
if (status < 0) { }
switch (status) { } else {
case XNoMemory: XSetTextProperty(awt_display, xawt_root_window,
JNU_ThrowOutOfMemoryError(env, &text_prop, XA_WM_COMMAND);
"XmbTextListToTextProperty: XNoMemory");
break;
case XLocaleNotSupported:
JNU_ThrowInternalError(env,
"XmbTextListToTextProperty: XLocaleNotSupported");
break;
case XConverterNotFound:
JNU_ThrowNullPointerException(env,
"XmbTextListToTextProperty: XConverterNotFound");
break;
default:
JNU_ThrowInternalError(env,
"XmbTextListToTextProperty: unknown error");
} }
} else {
XSetTextProperty(awt_display, xawt_root_window, if (text_prop.value != NULL)
&text_prop, XA_WM_COMMAND); XFree(text_prop.value);
}
for (i = 0; i < argc; ++i) {
jstring js;
if (cargv[i] == empty)
continue;
js = (*env)->GetObjectArrayElement(env, jargv, i); freeNativeStringArray(array, length);
JNU_ReleaseStringPlatformChars(env, js, cargv[i]);
(*env)->DeleteLocalRef(env, js);
} }
if (text_prop.value != NULL)
XFree(text_prop.value);
AWT_UNLOCK(); AWT_UNLOCK();
} }
......
src/solaris/native/sun/xawt/XWindow.c
浏览文件 @ de1bd584
/* /*
* Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -1242,9 +1242,13 @@ Java_sun_awt_X11_XWindow_initIDs ...@@ -1242,9 +1242,13 @@ Java_sun_awt_X11_XWindow_initIDs
{ {
char *ptr = NULL; char *ptr = NULL;
windowID = (*env)->GetFieldID(env, clazz, "window", "J"); windowID = (*env)->GetFieldID(env, clazz, "window", "J");
CHECK_NULL(windowID);
targetID = (*env)->GetFieldID(env, clazz, "target", "Ljava/awt/Component;"); targetID = (*env)->GetFieldID(env, clazz, "target", "Ljava/awt/Component;");
CHECK_NULL(targetID);
graphicsConfigID = (*env)->GetFieldID(env, clazz, "graphicsConfig", "Lsun/awt/X11GraphicsConfig;"); graphicsConfigID = (*env)->GetFieldID(env, clazz, "graphicsConfig", "Lsun/awt/X11GraphicsConfig;");
CHECK_NULL(graphicsConfigID);
drawStateID = (*env)->GetFieldID(env, clazz, "drawState", "I"); drawStateID = (*env)->GetFieldID(env, clazz, "drawState", "I");
CHECK_NULL(drawStateID);
ptr = getenv("_AWT_USE_TYPE4_PATCH"); ptr = getenv("_AWT_USE_TYPE4_PATCH");
if( ptr != NULL && ptr[0] != 0 ) { if( ptr != NULL && ptr[0] != 0 ) {
if( strncmp("true", ptr, 4) == 0 ) { if( strncmp("true", ptr, 4) == 0 ) {
......
src/solaris/native/sun/xawt/awt_Desktop.c
浏览文件 @ de1bd584
/* /*
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -23,6 +23,7 @@ ...@@ -23,6 +23,7 @@
* questions. * questions.
*/ */
#include "jni_util.h"
#include "gtk2_interface.h" #include "gtk2_interface.h"
#include "gnome_interface.h" #include "gnome_interface.h"
...@@ -65,6 +66,12 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XDesktopPeer_gnome_1url_1show ...@@ -65,6 +66,12 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XDesktopPeer_gnome_1url_1show
const gchar* url_c; const gchar* url_c;
url_c = (char*)(*env)->GetByteArrayElements(env, url_j, NULL); url_c = (char*)(*env)->GetByteArrayElements(env, url_j, NULL);
if (url_c == NULL) {
if (!(*env)->ExceptionCheck(env)) {
JNU_ThrowOutOfMemoryError(env, 0);
}
return JNI_FALSE;
}
if (gtk_has_been_loaded) { if (gtk_has_been_loaded) {
fp_gdk_threads_enter(); fp_gdk_threads_enter();
......
src/windows/classes/sun/security/mscapi/RSACipher.java
浏览文件 @ de1bd584
...@@ -35,6 +35,8 @@ import javax.crypto.*; ...@@ -35,6 +35,8 @@ import javax.crypto.*;
import javax.crypto.spec.*; import javax.crypto.spec.*;
import sun.security.rsa.RSAKeyFactory; import sun.security.rsa.RSAKeyFactory;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
import sun.security.util.KeyUtil;
/** /**
* RSA cipher implementation using the Microsoft Crypto API. * RSA cipher implementation using the Microsoft Crypto API.
...@@ -92,9 +94,16 @@ public final class RSACipher extends CipherSpi { ...@@ -92,9 +94,16 @@ public final class RSACipher extends CipherSpi {
// the public key, if we were initialized using a public key // the public key, if we were initialized using a public key
private sun.security.mscapi.Key publicKey; private sun.security.mscapi.Key publicKey;
// the private key, if we were initialized using a private key // the private key, if we were initialized using a private key
private sun.security.mscapi.Key privateKey; private sun.security.mscapi.Key privateKey;
// cipher parameter for TLS RSA premaster secret
private AlgorithmParameterSpec spec = null;
// the source of randomness
private SecureRandom random;
public RSACipher() { public RSACipher() {
paddingType = PAD_PKCS1; paddingType = PAD_PKCS1;
} }
...@@ -155,8 +164,12 @@ public final class RSACipher extends CipherSpi { ...@@ -155,8 +164,12 @@ public final class RSACipher extends CipherSpi {
throws InvalidKeyException, InvalidAlgorithmParameterException { throws InvalidKeyException, InvalidAlgorithmParameterException {
if (params != null) { if (params != null) {
throw new InvalidAlgorithmParameterException if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) {
("Parameters not supported"); throw new InvalidAlgorithmParameterException(
"Parameters not supported");
}
spec = params;
this.random = random; // for TLS RSA premaster secret
} }
init(opmode, key); init(opmode, key);
} }
...@@ -356,39 +369,47 @@ public final class RSACipher extends CipherSpi { ...@@ -356,39 +369,47 @@ public final class RSACipher extends CipherSpi {
} }
// see JCE spec // see JCE spec
protected java.security.Key engineUnwrap(byte[] wrappedKey, String algorithm, protected java.security.Key engineUnwrap(byte[] wrappedKey,
String algorithm,
int type) throws InvalidKeyException, NoSuchAlgorithmException { int type) throws InvalidKeyException, NoSuchAlgorithmException {
if (wrappedKey.length > buffer.length) { if (wrappedKey.length > buffer.length) {
throw new InvalidKeyException("Key is too long for unwrapping"); throw new InvalidKeyException("Key is too long for unwrapping");
} }
update(wrappedKey, 0, wrappedKey.length);
try { boolean isTlsRsaPremasterSecret =
byte[] encoding = doFinal(); algorithm.equals("TlsRsaPremasterSecret");
Exception failover = null;
switch (type) { byte[] encoded = null;
case Cipher.PUBLIC_KEY:
return constructPublicKey(encoding, algorithm);
case Cipher.PRIVATE_KEY:
return constructPrivateKey(encoding, algorithm);
case Cipher.SECRET_KEY:
return constructSecretKey(encoding, algorithm);
default:
throw new InvalidKeyException("Unknown key type " + type);
}
update(wrappedKey, 0, wrappedKey.length);
try {
encoded = doFinal();
} catch (BadPaddingException e) { } catch (BadPaddingException e) {
// should not occur if (isTlsRsaPremasterSecret) {
throw new InvalidKeyException("Unwrapping failed", e); failover = e;
} else {
throw new InvalidKeyException("Unwrapping failed", e);
}
} catch (IllegalBlockSizeException e) { } catch (IllegalBlockSizeException e) {
// should not occur, handled with length check above // should not occur, handled with length check above
throw new InvalidKeyException("Unwrapping failed", e); throw new InvalidKeyException("Unwrapping failed", e);
} }
if (isTlsRsaPremasterSecret) {
if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) {
throw new IllegalStateException(
"No TlsRsaPremasterSecretParameterSpec specified");
}
// polish the TLS premaster secret
encoded = KeyUtil.checkTlsPreMasterSecretKey(
((TlsRsaPremasterSecretParameterSpec)spec).getClientVersion(),
((TlsRsaPremasterSecretParameterSpec)spec).getServerVersion(),
random, encoded, (failover != null));
}
return constructKey(encoded, algorithm, type);
} }
// see JCE spec // see JCE spec
...@@ -452,6 +473,22 @@ public final class RSACipher extends CipherSpi { ...@@ -452,6 +473,22 @@ public final class RSACipher extends CipherSpi {
return new SecretKeySpec(encodedKey, encodedKeyAlgorithm); return new SecretKeySpec(encodedKey, encodedKeyAlgorithm);
} }
private static Key constructKey(byte[] encodedKey,
String encodedKeyAlgorithm,
int keyType) throws InvalidKeyException, NoSuchAlgorithmException {
switch (keyType) {
case Cipher.PUBLIC_KEY:
return constructPublicKey(encodedKey, encodedKeyAlgorithm);
case Cipher.PRIVATE_KEY:
return constructPrivateKey(encodedKey, encodedKeyAlgorithm);
case Cipher.SECRET_KEY:
return constructSecretKey(encodedKey, encodedKeyAlgorithm);
default:
throw new InvalidKeyException("Unknown key type " + keyType);
}
}
/* /*
* Encrypt/decrypt a data buffer using Microsoft Crypto API with HCRYPTKEY. * Encrypt/decrypt a data buffer using Microsoft Crypto API with HCRYPTKEY.
* It expects and returns ciphertext data in big-endian form. * It expects and returns ciphertext data in big-endian form.
......
src/windows/native/sun/windows/awt_Frame.cpp
浏览文件 @ de1bd584
/* /*
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -173,8 +173,11 @@ AwtFrame* AwtFrame::Create(jobject self, jobject parent) ...@@ -173,8 +173,11 @@ AwtFrame* AwtFrame::Create(jobject self, jobject parent)
BOOL isEmbeddedInstance = FALSE; BOOL isEmbeddedInstance = FALSE;
BOOL isEmbedded = FALSE; BOOL isEmbedded = FALSE;
cls = env->FindClass("sun/awt/EmbeddedFrame"); cls = env->FindClass("sun/awt/EmbeddedFrame");
if (cls) { if (cls) {
isEmbeddedInstance = env->IsInstanceOf(target, cls); isEmbeddedInstance = env->IsInstanceOf(target, cls);
} else {
throw std::bad_alloc();
} }
INT_PTR handle; INT_PTR handle;
if (isEmbeddedInstance) { if (isEmbeddedInstance) {
...@@ -189,6 +192,8 @@ AwtFrame* AwtFrame::Create(jobject self, jobject parent) ...@@ -189,6 +192,8 @@ AwtFrame* AwtFrame::Create(jobject self, jobject parent)
cls = env->FindClass("sun/awt/LightweightFrame"); cls = env->FindClass("sun/awt/LightweightFrame");
if (cls) { if (cls) {
isLightweight = env->IsInstanceOf(target, cls); isLightweight = env->IsInstanceOf(target, cls);
} else {
throw std::bad_alloc();
} }
frame->m_isLightweight = isLightweight; frame->m_isLightweight = isLightweight;
...@@ -260,7 +265,11 @@ AwtFrame* AwtFrame::Create(jobject self, jobject parent) ...@@ -260,7 +265,11 @@ AwtFrame* AwtFrame::Create(jobject self, jobject parent)
// for input method windows, use minimal decorations // for input method windows, use minimal decorations
inputMethodWindowCls = env->FindClass("sun/awt/im/InputMethodWindow"); inputMethodWindowCls = env->FindClass("sun/awt/im/InputMethodWindow");
if ((inputMethodWindowCls != NULL) && env->IsInstanceOf(target, inputMethodWindowCls)) { if (inputMethodWindowCls == NULL) {
throw std::bad_alloc();
}
if (env->IsInstanceOf(target, inputMethodWindowCls)) {
//for below-the-spot composition window, use no decoration //for below-the-spot composition window, use no decoration
if (env->GetBooleanField(target, AwtFrame::undecoratedID) == JNI_TRUE){ if (env->GetBooleanField(target, AwtFrame::undecoratedID) == JNI_TRUE){
exStyle = 0; exStyle = 0;
...@@ -1611,9 +1620,10 @@ Java_sun_awt_windows_WFramePeer_initIDs(JNIEnv *env, jclass cls) ...@@ -1611,9 +1620,10 @@ Java_sun_awt_windows_WFramePeer_initIDs(JNIEnv *env, jclass cls)
TRY; TRY;
AwtFrame::setExtendedStateMID = env->GetMethodID(cls, "setExtendedState", "(I)V"); AwtFrame::setExtendedStateMID = env->GetMethodID(cls, "setExtendedState", "(I)V");
AwtFrame::getExtendedStateMID = env->GetMethodID(cls, "getExtendedState", "()I");
DASSERT(AwtFrame::setExtendedStateMID); DASSERT(AwtFrame::setExtendedStateMID);
CHECK_NULL(AwtFrame::setExtendedStateMID);
AwtFrame::getExtendedStateMID = env->GetMethodID(cls, "getExtendedState", "()I");
DASSERT(AwtFrame::getExtendedStateMID); DASSERT(AwtFrame::getExtendedStateMID);
CATCH_BAD_ALLOC; CATCH_BAD_ALLOC;
...@@ -1786,35 +1796,6 @@ Java_sun_awt_windows_WFramePeer_pSetIMMOption(JNIEnv *env, jobject self, ...@@ -1786,35 +1796,6 @@ Java_sun_awt_windows_WFramePeer_pSetIMMOption(JNIEnv *env, jobject self,
} /* extern "C" */ } /* extern "C" */
/************************************************************************
* EmbeddedFrame native methods
*/
extern "C" {
/*
* Class: sun_awt_EmbeddedFrame
* Method: setPeer
* Signature: (Ljava/awt/peer/ComponentPeer;)V
*/
JNIEXPORT void JNICALL
Java_sun_awt_EmbeddedFrame_setPeer(JNIEnv *env, jobject self, jobject lpeer)
{
TRY;
jclass cls;
jfieldID fid;
cls = env->GetObjectClass(self);
fid = env->GetFieldID(cls, "peer", "Ljava/awt/peer/ComponentPeer;");
env->SetObjectField(self, fid, lpeer);
CATCH_BAD_ALLOC;
}
} /* extern "C" */
/************************************************************************ /************************************************************************
* WEmbeddedFrame native methods * WEmbeddedFrame native methods
*/ */
...@@ -1833,6 +1814,7 @@ Java_sun_awt_windows_WEmbeddedFrame_initIDs(JNIEnv *env, jclass cls) ...@@ -1833,6 +1814,7 @@ Java_sun_awt_windows_WEmbeddedFrame_initIDs(JNIEnv *env, jclass cls)
AwtFrame::handleID = env->GetFieldID(cls, "handle", "J"); AwtFrame::handleID = env->GetFieldID(cls, "handle", "J");
DASSERT(AwtFrame::handleID != NULL); DASSERT(AwtFrame::handleID != NULL);
CHECK_NULL(AwtFrame::handleID);
AwtFrame::activateEmbeddingTopLevelMID = env->GetMethodID(cls, "activateEmbeddingTopLevel", "()V"); AwtFrame::activateEmbeddingTopLevelMID = env->GetMethodID(cls, "activateEmbeddingTopLevel", "()V");
DASSERT(AwtFrame::activateEmbeddingTopLevelMID != NULL); DASSERT(AwtFrame::activateEmbeddingTopLevelMID != NULL);
......
test/com/sun/crypto/provider/TLS/TestPremaster.java
浏览文件 @ de1bd584
...@@ -33,6 +33,7 @@ import java.security.Provider; ...@@ -33,6 +33,7 @@ import java.security.Provider;
import javax.crypto.KeyGenerator; import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
import java.util.Formatter;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
...@@ -52,27 +53,51 @@ public class TestPremaster { ...@@ -52,27 +53,51 @@ public class TestPremaster {
System.out.println("OK: " + e); System.out.println("OK: " + e);
} }
test(kg, 3, 0); int[] protocolVersions = {0x0300, 0x0301, 0x0302, 0x0400};
test(kg, 3, 1); for (int clientVersion : protocolVersions) {
test(kg, 3, 2); for (int serverVersion : protocolVersions) {
test(kg, 4, 0); test(kg, clientVersion, serverVersion);
if (serverVersion >= clientVersion) {
break;
}
}
}
System.out.println("Done."); System.out.println("Done.");
} }
private static void test(KeyGenerator kg, int major, int minor) private static void test(KeyGenerator kg,
throws Exception { int clientVersion, int serverVersion) throws Exception {
System.out.printf(
"Testing RSA pre-master secret key generation between " +
"client (0x%04X) and server(0x%04X)%n",
clientVersion, serverVersion);
kg.init(new TlsRsaPremasterSecretParameterSpec(
clientVersion, serverVersion));
kg.init(new TlsRsaPremasterSecretParameterSpec(major, minor));
SecretKey key = kg.generateKey(); SecretKey key = kg.generateKey();
byte[] encoded = key.getEncoded(); byte[] encoded = key.getEncoded();
if (encoded.length != 48) { if (encoded != null) { // raw key material may be not extractable
throw new Exception("length: " + encoded.length); if (encoded.length != 48) {
} throw new Exception("length: " + encoded.length);
if ((encoded[0] != major) || (encoded[1] != minor)) { }
throw new Exception("version mismatch: " + encoded[0] + int v = versionOf(encoded[0], encoded[1]);
"." + encoded[1]); if (clientVersion != v) {
} if (serverVersion != v || clientVersion >= 0x0302) {
System.out.println("OK: " + major + "." + minor); throw new Exception(String.format(
"version mismatch: (0x%04X) rather than (0x%04X) " +
"is used in pre-master secret", v, clientVersion));
}
System.out.printf("Use compatible version (0x%04X)%n", v);
}
System.out.println("Passed, version matches!");
} else {
System.out.println("Raw key material is not extractable");
}
}
private static int versionOf(int major, int minor) {
return ((major & 0xFF) << 8) | (minor & 0xFF);
} }
} }
test/java/net/Inet4Address/DummyNameService.java 0 → 100644
浏览文件 @ de1bd584
/*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* A simple name service which throws an exception when invoked
*/
import java.net.UnknownHostException;
import java.net.InetAddress;
import sun.net.spi.nameservice.*;
import java.util.*;
public final class DummyNameService implements NameService {
public DummyNameService() throws Exception {
}
public InetAddress[] lookupAllHostAddr(String host) throws UnknownHostException {
throw new UnknownHostException("Dummy name service");
}
public String getHostByAddr(byte[] addr) throws UnknownHostException {
throw new UnknownHostException("Dummy name service");
}
}
test/java/net/Inet4Address/DummyNameServiceDescriptor.java 0 → 100644
浏览文件 @ de1bd584
/*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* Descriptor for the dummy name service
*/
import sun.net.spi.nameservice.*;
public final class DummyNameServiceDescriptor implements NameServiceDescriptor {
/**
* Create a new instance of the corresponding name service.
*/
public NameService createNameService() throws Exception {
return new DummyNameService();
}
/**
* Returns this service provider's name
*
*/
public String getProviderName() {
return "oracle";
}
/**
* Returns this name service type
* "dns" "nis" etc
*/
public String getType() {
return "dummy";
}
}
test/java/net/Inet4Address/META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor 0 → 100644
浏览文件 @ de1bd584
# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
DummyNameServiceDescriptor # name service provider descriptor
test/java/net/Inet4Address/textToNumericFormat.java
浏览文件 @ de1bd584
...@@ -25,8 +25,18 @@ ...@@ -25,8 +25,18 @@
* @test * @test
* @bug 4749938 * @bug 4749938
* @summary Bug in the parsing IPv4 literal addresses * @summary Bug in the parsing IPv4 literal addresses
* @compile -XDignore.symbol.file=true DummyNameService.java DummyNameServiceDescriptor.java
* @run main/othervm -Dsun.net.spi.nameservice.provider.1=dummy,oracle textToNumericFormat
*/ */
/**
* We use a dummy name service which throws UHE any time it is called.
* We do this because the "good" tests here should parse correctly
* without needing to call the name service, and the bad tests will
* not parse and then invoke the name service, where we expect
* the exception.
*/
import java.net.InetAddress; import java.net.InetAddress;
import java.net.UnknownHostException; import java.net.UnknownHostException;
import java.util.*; import java.util.*;
...@@ -34,19 +44,25 @@ import java.util.*; ...@@ -34,19 +44,25 @@ import java.util.*;
public class textToNumericFormat { public class textToNumericFormat {
public static void main(String[] args) throws UnknownHostException { public static void main(String[] args) throws UnknownHostException {
List goodList = new ArrayList(); List<String> goodList = new ArrayList<>();
List badList = new ArrayList(); List<String> badList = new ArrayList<>();
String goodAddrs[] = { String goodAddrs[] = {
"224.0.1.0", "224.0.1.0",
"238.255.255.255", "238.255.255.255",
"239.255.255.255" }; "239.255.255.255",
"239.255.65535",
"239.16777215",
"4294967295" };
String badAddrs[] = { String badAddrs[] = {
"238.255.255.2550", "238.255.255.2550",
"256.255.255.255", "256.255.255.255",
"238.255.2550.255", "238.255.2550.255",
"238.2550.255.255", "238.2550.255.255",
"2380.255.255.255"}; "2380.255.255.255",
"239.255.65536",
"239.16777216",
"4294967296" };
for (int i=0; i<goodAddrs.length; i++) { for (int i=0; i<goodAddrs.length; i++) {
try { try {
......
test/javax/net/ssl/SSLEngine/IllegalRecordVersion.java 0 → 100644
浏览文件 @ de1bd584
/*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
// This test case relies on updated static security property, no way to re-use
// security property in samevm/agentvm mode.
/*
* @test
* @bug 8042449
* @summary Issue for negative byte major record version
*
* @run main/othervm IllegalRecordVersion
*/
import javax.net.ssl.*;
import javax.net.ssl.SSLEngineResult.*;
import java.io.*;
import java.security.*;
import java.nio.*;
public class IllegalRecordVersion {
public static void main(String args[]) throws Exception {
SSLContext context = SSLContext.getDefault();
SSLEngine cliEngine = context.createSSLEngine();
cliEngine.setUseClientMode(true);
SSLEngine srvEngine = context.createSSLEngine();
srvEngine.setUseClientMode(false);
SSLSession session = cliEngine.getSession();
int netBufferMax = session.getPacketBufferSize();
int appBufferMax = session.getApplicationBufferSize();
ByteBuffer cliToSrv = ByteBuffer.allocateDirect(netBufferMax);
ByteBuffer srvIBuff = ByteBuffer.allocateDirect(appBufferMax + 50);
ByteBuffer cliOBuff = ByteBuffer.wrap("I'm client".getBytes());
System.out.println("client hello (record version(0xa9, 0xa2))");
SSLEngineResult cliRes = cliEngine.wrap(cliOBuff, cliToSrv);
System.out.println("Client wrap result: " + cliRes);
cliToSrv.flip();
if (cliToSrv.limit() > 5) {
cliToSrv.put(1, (byte)0xa9);
cliToSrv.put(2, (byte)0xa2);
}
try {
srvEngine.unwrap(cliToSrv, srvIBuff);
throw new Exception(
"Cannot catch the unsupported record version issue");
} catch (SSLException e) {
// get the expected exception
}
}
}
test/javax/swing/JTextField/8036819/bug8036819.java 0 → 100644
浏览文件 @ de1bd584
/*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @library ../../regtesthelpers
* @build Util
* @bug 8036819
* @summary JAB: mnemonics not read for textboxes
* @author Vivi An
* @run main bug8036819
*/
import javax.swing.*;
import javax.swing.event.*;
import java.awt.event.*;
import java.awt.*;
import sun.awt.SunToolkit;
import javax.accessibility.*;
public class bug8036819 {
public static volatile Boolean passed = false;
public static void main(String args[]) throws Throwable {
SwingUtilities.invokeAndWait(new Runnable() {
public void run() {
createAndShowGUI();
}
});
SunToolkit toolkit = (SunToolkit) Toolkit.getDefaultToolkit();
toolkit.realSync();
Robot robo = new Robot();
robo.setAutoDelay(300);
// Using mnemonic key to focus on the textfield
Util.hitMnemonics(robo, KeyEvent.VK_P);
toolkit.realSync();
if (!passed){
throw new RuntimeException("Test failed.");
}
}
private static void createAndShowGUI() {
JFrame mainFrame = new JFrame("bug 8036819");
JLabel usernameLabel = new JLabel("Username: ");
JTextField usernameField = new JTextField(20);
usernameLabel.setDisplayedMnemonic(KeyEvent.VK_U);
usernameLabel.setLabelFor(usernameField);
JLabel pwdLabel = new JLabel("Password: ");
JTextField pwdField = new JTextField(20);
pwdLabel.setDisplayedMnemonic(KeyEvent.VK_P);
pwdLabel.setLabelFor(pwdField);
pwdField.addKeyListener(
new KeyListener(){
@Override
public void keyPressed(KeyEvent keyEvent) {
}
@Override
public void keyTyped(KeyEvent keyEvent) {
}
@Override
public void keyReleased(KeyEvent keyEvent){
JComponent comp = (JComponent) pwdField;
AccessibleContext ac = comp.getAccessibleContext();
AccessibleExtendedComponent aec = (AccessibleExtendedComponent)ac.getAccessibleComponent();
AccessibleKeyBinding akb = aec.getAccessibleKeyBinding();
if (akb != null){
int count = akb.getAccessibleKeyBindingCount();
if (count != 1){
passed = false;
return;
}
// there is 1 accessible key for the text field
System.out.println("Retrieved AccessibleKeyBinding for textfield " + count);
// the key code is KeyEvent.VK_P
Object o = akb.getAccessibleKeyBinding(0);
if (o instanceof KeyStroke){
javax.swing.KeyStroke key = (javax.swing.KeyStroke)o;
System.out.println("keystroke is " + key.getKeyCode());
if (key.getKeyCode() == KeyEvent.VK_P)
passed = true;
}
}
}
}
);
mainFrame.getContentPane().add(usernameLabel);
mainFrame.getContentPane().add(usernameField);
mainFrame.getContentPane().add(pwdLabel);
mainFrame.getContentPane().add(pwdField);
mainFrame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
mainFrame.setLayout(new FlowLayout(FlowLayout.LEFT));
mainFrame.setSize(200, 200);
mainFrame.setLocation(200, 200);
mainFrame.setVisible(true);
mainFrame.toFront();
}
}
test/sun/security/pkcs11/fips/CipherTest.java
浏览文件 @ de1bd584
...@@ -472,8 +472,21 @@ public class CipherTest { ...@@ -472,8 +472,21 @@ public class CipherTest {
return false; return false;
} }
// No ECDH-capable certificate in key store. May restructure
// this in the future.
if (cipherSuite.contains("ECDHE_ECDSA") ||
cipherSuite.contains("ECDH_ECDSA") ||
cipherSuite.contains("ECDH_RSA")) {
System.out.println("Skipping unsupported test for " +
cipherSuite + " of " + protocol);
return false;
}
// skip SSLv2Hello protocol // skip SSLv2Hello protocol
if (protocol.equals("SSLv2Hello")) { //
// skip TLSv1.2 protocol, we have not implement "SunTls12Prf" and
// SunTls12RsaPremasterSecret in SunPKCS11 provider
if (protocol.equals("SSLv2Hello") || protocol.equals("TLSv1.2")) {
System.out.println("Skipping unsupported test for " + System.out.println("Skipping unsupported test for " +
cipherSuite + " of " + protocol); cipherSuite + " of " + protocol);
return false; return false;
......
test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java
浏览文件 @ de1bd584
/* /*
* Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -23,7 +23,7 @@ ...@@ -23,7 +23,7 @@
/* /*
* @test * @test
* @bug 6313675 6323647 * @bug 6313675 6323647 8028192
* @summary Verify that all ciphersuites work in FIPS mode * @summary Verify that all ciphersuites work in FIPS mode
* @library .. * @library ..
* @ignore JSSE supported cipher suites are changed with CR 6916074, * @ignore JSSE supported cipher suites are changed with CR 6916074,
...@@ -44,9 +44,13 @@ public class ClientJSSEServerJSSE extends SecmodTest { ...@@ -44,9 +44,13 @@ public class ClientJSSEServerJSSE extends SecmodTest {
return; return;
} }
if ("sparc".equals(System.getProperty("os.arch")) == false) { String arch = System.getProperty("os.arch");
// we have not updated other platforms with the proper NSS libraries yet if (!("sparc".equals(arch) || "sparcv9".equals(arch))) {
System.out.println("Test currently works only on solaris-sparc, skipping"); // we have not updated other platforms with the proper NSS
// libraries yet
System.out.println(
"Test currently works only on solaris-sparc " +
"and solaris-sparcv9. Skipping on " + arch);
return; return;
} }
......
test/sun/security/pkcs11/tls/TestPremaster.java
浏览文件 @ de1bd584
...@@ -34,6 +34,7 @@ import java.security.Provider; ...@@ -34,6 +34,7 @@ import java.security.Provider;
import javax.crypto.KeyGenerator; import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
import java.util.Formatter;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
...@@ -59,27 +60,51 @@ public class TestPremaster extends PKCS11Test { ...@@ -59,27 +60,51 @@ public class TestPremaster extends PKCS11Test {
System.out.println("OK: " + e); System.out.println("OK: " + e);
} }
test(kg, 3, 0); int[] protocolVersions = {0x0300, 0x0301, 0x0302, 0x0400};
test(kg, 3, 1); for (int clientVersion : protocolVersions) {
test(kg, 3, 2); for (int serverVersion : protocolVersions) {
test(kg, 4, 0); test(kg, clientVersion, serverVersion);
if (serverVersion >= clientVersion) {
break;
}
}
}
System.out.println("Done."); System.out.println("Done.");
} }
private static void test(KeyGenerator kg, int major, int minor) private static void test(KeyGenerator kg,
throws Exception { int clientVersion, int serverVersion) throws Exception {
kg.init(new TlsRsaPremasterSecretParameterSpec(major, minor)); System.out.printf(
"Testing RSA pre-master secret key generation between " +
"client (0x%04X) and server(0x%04X)%n",
clientVersion, serverVersion);
kg.init(new TlsRsaPremasterSecretParameterSpec(
clientVersion, serverVersion));
SecretKey key = kg.generateKey(); SecretKey key = kg.generateKey();
byte[] encoded = key.getEncoded(); byte[] encoded = key.getEncoded();
if (encoded.length != 48) { if (encoded != null) { // raw key material may be not extractable
throw new Exception("length: " + encoded.length); if (encoded.length != 48) {
} throw new Exception("length: " + encoded.length);
if ((encoded[0] != major) || (encoded[1] != minor)) { }
throw new Exception("version mismatch: " + encoded[0] + int v = versionOf(encoded[0], encoded[1]);
"." + encoded[1]); if (clientVersion != v) {
} if (serverVersion != v || clientVersion >= 0x0302) {
System.out.println("OK: " + major + "." + minor); throw new Exception(String.format(
"version mismatch: (0x%04X) rather than (0x%04X) " +
"is used in pre-master secret", v, clientVersion));
}
System.out.printf("Use compatible version (0x%04X)%n", v);
}
System.out.println("Passed, version matches!");
} else {
System.out.println("Raw key material is not extractable");
}
} }
private static int versionOf(int major, int minor) {
return ((major & 0xFF) << 8) | (minor & 0xFF);
}
} }
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册