Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
ebb250fc
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
ebb250fc
编写于
2月 14, 2020
作者:
A
andrew
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8225392: Comparison builds are failing due to cacerts file
Reviewed-by: shade
上级
d3243e3e
变更
4
显示空白变更内容
内联
并排
Showing
4 changed file
with
187 addition
and
17 deletion
+187
-17
make/src/classes/build/tools/generatecacerts/GenerateCacerts.java
.../classes/build/tools/generatecacerts/GenerateCacerts.java
+102
-11
src/share/classes/sun/security/tools/keytool/Main.java
src/share/classes/sun/security/tools/keytool/Main.java
+3
-3
test/sun/security/lib/cacerts/VerifyCACerts.java
test/sun/security/lib/cacerts/VerifyCACerts.java
+18
-3
test/sun/security/tools/keytool/ListOrder.java
test/sun/security/tools/keytool/ListOrder.java
+64
-0
未找到文件。
make/src/classes/build/tools/generatecacerts/GenerateCacerts.java
浏览文件 @
ebb250fc
...
...
@@ -25,14 +25,25 @@
package
build.tools.generatecacerts
;
import
java.io.DataOutputStream
;
import
java.io.FileOutputStream
;
import
java.io.IOException
;
import
java.io.InputStream
;
import
java.io.OutputStream
;
import
java.io.UnsupportedEncodingException
;
import
java.nio.file.DirectoryStream
;
import
java.nio.file.Files
;
import
java.nio.file.Path
;
import
java.nio.file.Paths
;
import
java.security.KeyStore
;
import
java.security.DigestOutputStream
;
import
java.security.MessageDigest
;
import
java.security.NoSuchAlgorithmException
;
import
java.security.cert.CertificateException
;
import
java.security.cert.CertificateFactory
;
import
java.security.cert.X509Certificate
;
import
java.util.Arrays
;
import
java.util.SortedSet
;
import
java.util.TreeSet
;
/**
* Generate cacerts
...
...
@@ -41,22 +52,102 @@ import java.security.cert.CertificateFactory;
*/
public
class
GenerateCacerts
{
public
static
void
main
(
String
[]
args
)
throws
Exception
{
KeyStore
ks
=
KeyStore
.
getInstance
(
"JKS"
);
ks
.
load
(
null
,
null
);
try
(
FileOutputStream
fos
=
new
FileOutputStream
(
args
[
1
]))
{
store
(
args
[
0
],
fos
,
"changeit"
.
toCharArray
());
}
}
// The following code is copied from JavaKeyStore.java.
private
static
final
int
MAGIC
=
0xfeedfeed
;
private
static
final
int
VERSION_2
=
0x02
;
// This method is a simplified version of JavaKeyStore::engineStore.
// A new "dir" argument is added. All cert names in "dir" is collected into
// a sorted array. Each cert is stored with a creation date set to its
// notBefore value. Thus the output is determined as long as the certs
// are the same.
public
static
void
store
(
String
dir
,
OutputStream
stream
,
char
[]
password
)
throws
IOException
,
NoSuchAlgorithmException
,
CertificateException
{
byte
[]
encoded
;
// the certificate encoding
CertificateFactory
cf
=
CertificateFactory
.
getInstance
(
"X509"
);
try
(
DirectoryStream
<
Path
>
ds
=
Files
.
newDirectoryStream
(
Paths
.
get
(
args
[
0
])))
{
MessageDigest
md
=
getPreKeyedHash
(
password
);
DataOutputStream
dos
=
new
DataOutputStream
(
new
DigestOutputStream
(
stream
,
md
));
dos
.
writeInt
(
MAGIC
);
// always write the latest version
dos
.
writeInt
(
VERSION_2
);
// All file names in dir sorted.
// README is excluded. Name starting with "." excluded.
SortedSet
<
String
>
entries
=
new
TreeSet
<
String
>();
try
(
DirectoryStream
<
Path
>
ds
=
Files
.
newDirectoryStream
(
Paths
.
get
(
dir
)))
{
for
(
Path
p
:
ds
)
{
String
fName
=
p
.
getFileName
().
toString
();
if
(!
fName
.
equals
(
"README"
))
{
String
alias
=
fName
+
" [jdk]"
;
try
(
InputStream
fis
=
Files
.
newInputStream
(
p
))
{
ks
.
setCertificateEntry
(
alias
,
cf
.
generateCertificate
(
fis
));
if
(!
fName
.
equals
(
"README"
)
&&
!
fName
.
startsWith
(
"."
))
{
entries
.
add
(
fName
);
}
}
}
dos
.
writeInt
(
entries
.
size
());
for
(
String
entry
:
entries
)
{
String
alias
=
entry
+
" [jdk]"
;
X509Certificate
cert
;
try
(
InputStream
fis
=
Files
.
newInputStream
(
Paths
.
get
(
dir
,
entry
)))
{
cert
=
(
X509Certificate
)
cf
.
generateCertificate
(
fis
);
}
try
(
FileOutputStream
fos
=
new
FileOutputStream
(
args
[
1
]))
{
ks
.
store
(
fos
,
"changeit"
.
toCharArray
());
dos
.
writeInt
(
2
);
// Write the alias
dos
.
writeUTF
(
alias
);
// Write the (entry creation) date, which is notBefore of the cert
dos
.
writeLong
(
cert
.
getNotBefore
().
getTime
());
// Write the trusted certificate
encoded
=
cert
.
getEncoded
();
dos
.
writeUTF
(
cert
.
getType
());
dos
.
writeInt
(
encoded
.
length
);
dos
.
write
(
encoded
);
}
/*
* Write the keyed hash which is used to detect tampering with
* the keystore (such as deleting or modifying key or
* certificate entries).
*/
byte
[]
digest
=
md
.
digest
();
dos
.
write
(
digest
);
dos
.
flush
();
}
private
static
MessageDigest
getPreKeyedHash
(
char
[]
password
)
throws
NoSuchAlgorithmException
,
UnsupportedEncodingException
{
MessageDigest
md
=
MessageDigest
.
getInstance
(
"SHA"
);
byte
[]
passwdBytes
=
convertToBytes
(
password
);
md
.
update
(
passwdBytes
);
Arrays
.
fill
(
passwdBytes
,
(
byte
)
0x00
);
md
.
update
(
"Mighty Aphrodite"
.
getBytes
(
"UTF8"
));
return
md
;
}
private
static
byte
[]
convertToBytes
(
char
[]
password
)
{
int
i
,
j
;
byte
[]
passwdBytes
=
new
byte
[
password
.
length
*
2
];
for
(
i
=
0
,
j
=
0
;
i
<
password
.
length
;
i
++)
{
passwdBytes
[
j
++]
=
(
byte
)(
password
[
i
]
>>
8
);
passwdBytes
[
j
++]
=
(
byte
)
password
[
i
];
}
return
passwdBytes
;
}
}
src/share/classes/sun/security/tools/keytool/Main.java
浏览文件 @
ebb250fc
...
...
@@ -2246,9 +2246,9 @@ public final class Main {
out
.
println
(
form
.
format
(
source
));
out
.
println
();
for
(
Enumeration
<
String
>
e
=
keyStore
.
aliases
(
);
e
.
hasMoreElements
();
)
{
String
alias
=
e
.
nextElement
();
List
<
String
>
aliases
=
Collections
.
list
(
keyStore
.
aliases
()
);
aliases
.
sort
(
String:
:
compareTo
);
for
(
String
alias
:
aliases
)
{
doPrintEntry
(
"<"
+
alias
+
">"
,
alias
,
out
);
if
(
verbose
||
rfc
)
{
out
.
println
(
rb
.
getString
(
"NEWLINE"
));
...
...
test/sun/security/lib/cacerts/VerifyCACerts.java
浏览文件 @
ebb250fc
...
...
@@ -26,11 +26,13 @@
* @test
* @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779
* 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136
* 8223499
* 8223499
8225392
* @summary Check root CA entries in cacerts file
*/
import
java.io.ByteArrayInputStream
;
import
java.io.File
;
import
java.io.FileInputStream
;
import
java.nio.file.Files
;
import
java.nio.file.Paths
;
import
java.security.KeyStore
;
import
java.security.MessageDigest
;
import
java.security.cert.Certificate
;
...
...
@@ -52,6 +54,11 @@ public class VerifyCACerts {
// The numbers of certs now.
private
static
final
int
COUNT
=
88
;
// SHA-256 of cacerts, can be generated with
// shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
private
static
final
String
CHECKSUM
=
"4E:21:94:7C:1D:49:28:BB:34:B0:40:DF:AE:19:B4:41:C6:B5:8A:EE:EB:D5:DE:B4:EF:07:AF:63:18:73:A6:FE"
;
// map of cert alias to SHA-256 fingerprint
@SuppressWarnings
(
"serial"
)
private
static
final
Map
<
String
,
String
>
FINGERPRINT_MAP
...
...
@@ -256,8 +263,16 @@ public class VerifyCACerts {
public
static
void
main
(
String
[]
args
)
throws
Exception
{
System
.
out
.
println
(
"cacerts file: "
+
CACERTS
);
md
=
MessageDigest
.
getInstance
(
"SHA-256"
);
byte
[]
data
=
Files
.
readAllBytes
(
Paths
.
get
(
CACERTS
));
String
checksum
=
toHexString
(
md
.
digest
(
data
));
if
(!
checksum
.
equals
(
CHECKSUM
))
{
atLeastOneFailed
=
true
;
System
.
err
.
println
(
"ERROR: wrong checksum\n"
+
checksum
);
}
KeyStore
ks
=
KeyStore
.
getInstance
(
"JKS"
);
ks
.
load
(
new
FileInputStream
(
CACERTS
),
"changeit"
.
toCharArray
());
ks
.
load
(
new
ByteArrayInputStream
(
data
),
"changeit"
.
toCharArray
());
// check the count of certs inside
if
(
ks
.
size
()
!=
COUNT
)
{
...
...
test/sun/security/tools/keytool/ListOrder.java
0 → 100644
浏览文件 @
ebb250fc
/*
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* @test
* @bug 8225392
* @summary Comparison builds are failing due to cacerts file
* @library /lib/testlibrary
*/
import
jdk.testlibrary.SecurityTools
;
import
java.util.Random
;
public
class
ListOrder
{
public
static
void
main
(
String
[]
args
)
throws
Throwable
{
Random
rand
=
new
Random
();
for
(
int
i
=
0
;
i
<
10
;
i
++)
{
gen
(
String
.
format
(
"a%02d"
,
rand
.
nextInt
(
100
)));
}
String
last
=
""
;
for
(
String
line
:
SecurityTools
.
keytool
(
"-keystore ks -storepass changeit -list"
).
asLines
())
{
if
(
line
.
contains
(
"PrivateKeyEntry"
))
{
// This is the line starting with the alias
System
.
out
.
println
(
line
);
if
(
line
.
compareTo
(
last
)
<=
0
)
{
throw
new
RuntimeException
(
"Not ordered"
);
}
else
{
last
=
line
;
}
}
}
}
static
void
gen
(
String
a
)
throws
Exception
{
// Do not check result, there might be duplicated alias(es).
SecurityTools
.
keytool
(
"-keystore ks -storepass changeit "
+
"-keyalg ec -genkeypair -alias "
+
a
+
" -dname CN="
+
a
);
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录