Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 fe91df36 编写于 作者: T tbell
浏览文件
操作

Merge

上级 3ba18d7c e5eab637
隐藏空白更改
内联 并排
Showing with 1586 addition and 317 deletion
src/share/classes/com/sun/jmx/mbeanserver/Introspector.java
浏览文件 @ fe91df36
......@@ -26,6 +26,7 @@
package com.sun.jmx.mbeanserver;
import java.lang.annotation.Annotation;
import java.lang.ref.SoftReference;
import java.lang.reflect.AnnotatedElement;
import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
......@@ -33,8 +34,13 @@ import java.lang.reflect.Modifier;
import java.lang.reflect.Proxy;
import java.lang.reflect.UndeclaredThrowableException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.LinkedList;
import java.util.Locale;
import java.util.Map;
import java.util.WeakHashMap;
import javax.management.Descriptor;
import javax.management.DescriptorKey;
......@@ -506,11 +512,25 @@ public class Introspector {
} else {
// Java Beans introspection
//
BeanInfo bi = java.beans.Introspector.getBeanInfo(complex.getClass());
PropertyDescriptor[] pds = bi.getPropertyDescriptors();
for (PropertyDescriptor pd : pds)
if (pd.getName().equals(element))
return pd.getReadMethod().invoke(complex);
Class<?> clazz = complex.getClass();
Method readMethod = null;
if (BeansHelper.isAvailable()) {
Object bi = BeansHelper.getBeanInfo(clazz);
Object[] pds = BeansHelper.getPropertyDescriptors(bi);
for (Object pd: pds) {
if (BeansHelper.getPropertyName(pd).equals(element)) {
readMethod = BeansHelper.getReadMethod(pd);
break;
}
}
} else {
// Java Beans not available so use simple introspection
// to locate method
readMethod = SimpleIntrospector.getReadMethod(clazz, element);
}
if (readMethod != null)
return readMethod.invoke(complex);
throw new AttributeNotFoundException(
"Could not find the getter method for the property " +
element + " using the Java Beans introspector");
......@@ -524,4 +544,235 @@ public class Introspector {
new AttributeNotFoundException(e.getMessage()), e);
}
}
/**
* A simple introspector that uses reflection to analyze a class and
* identify its "getter" methods. This class is intended for use only when
* Java Beans is not present (which implies that there isn't explicit
* information about the bean available).
*/
private static class SimpleIntrospector {
private SimpleIntrospector() { }
private static final String GET_METHOD_PREFIX = "get";
private static final String IS_METHOD_PREFIX = "is";
// cache to avoid repeated lookups
private static final Map<Class<?>,SoftReference<List<Method>>> cache =
Collections.synchronizedMap(
new WeakHashMap<Class<?>,SoftReference<List<Method>>> ());
/**
* Returns the list of methods cached for the given class, or {@code null}
* if not cached.
*/
private static List<Method> getCachedMethods(Class<?> clazz) {
// return cached methods if possible
SoftReference<List<Method>> ref = cache.get(clazz);
if (ref != null) {
List<Method> cached = ref.get();
if (cached != null)
return cached;
}
return null;
}
/**
* Returns {@code true} if the given method is a "getter" method (where
* "getter" method is a public method of the form getXXX or "boolean
* isXXX")
*/
static boolean isReadMethod(Method method) {
// ignore static methods
int modifiers = method.getModifiers();
if (Modifier.isStatic(modifiers))
return false;
String name = method.getName();
Class<?>[] paramTypes = method.getParameterTypes();
int paramCount = paramTypes.length;
if (paramCount == 0 && name.length() > 2) {
// boolean isXXX()
if (name.startsWith(IS_METHOD_PREFIX))
return (method.getReturnType() == boolean.class);
// getXXX()
if (name.length() > 3 && name.startsWith(GET_METHOD_PREFIX))
return (method.getReturnType() != void.class);
}
return false;
}
/**
* Returns the list of "getter" methods for the given class. The list
* is ordered so that isXXX methods appear before getXXX methods - this
* is for compatability with the JavaBeans Introspector.
*/
static List<Method> getReadMethods(Class<?> clazz) {
// return cached result if available
List<Method> cachedResult = getCachedMethods(clazz);
if (cachedResult != null)
return cachedResult;
// get list of public methods, filtering out methods that have
// been overridden to return a more specific type.
List<Method> methods =
StandardMBeanIntrospector.getInstance().getMethods(clazz);
methods = MBeanAnalyzer.eliminateCovariantMethods(methods);
// filter out the non-getter methods
List<Method> result = new LinkedList<Method>();
for (Method m: methods) {
if (isReadMethod(m)) {
// favor isXXX over getXXX
if (m.getName().startsWith(IS_METHOD_PREFIX)) {
result.add(0, m);
} else {
result.add(m);
}
}
}
// add result to cache
cache.put(clazz, new SoftReference<List<Method>>(result));
return result;
}
/**
* Returns the "getter" to read the given property from the given class or
* {@code null} if no method is found.
*/
static Method getReadMethod(Class<?> clazz, String property) {
// first character in uppercase (compatability with JavaBeans)
property = property.substring(0, 1).toUpperCase(Locale.ENGLISH) +
property.substring(1);
String getMethod = GET_METHOD_PREFIX + property;
String isMethod = IS_METHOD_PREFIX + property;
for (Method m: getReadMethods(clazz)) {
String name = m.getName();
if (name.equals(isMethod) || name.equals(getMethod)) {
return m;
}
}
return null;
}
}
/**
* A class that provides access to the JavaBeans Introspector and
* PropertyDescriptors without creating a static dependency on java.beans.
*/
private static class BeansHelper {
private static final Class<?> introspectorClass =
getClass("java.beans.Introspector");
private static final Class<?> beanInfoClass =
(introspectorClass == null) ? null : getClass("java.beans.BeanInfo");
private static final Class<?> getPropertyDescriptorClass =
(beanInfoClass == null) ? null : getClass("java.beans.PropertyDescriptor");
private static final Method getBeanInfo =
getMethod(introspectorClass, "getBeanInfo", Class.class);
private static final Method getPropertyDescriptors =
getMethod(beanInfoClass, "getPropertyDescriptors");
private static final Method getPropertyName =
getMethod(getPropertyDescriptorClass, "getName");
private static final Method getReadMethod =
getMethod(getPropertyDescriptorClass, "getReadMethod");
private static Class<?> getClass(String name) {
try {
return Class.forName(name, true, null);
} catch (ClassNotFoundException e) {
return null;
}
}
private static Method getMethod(Class<?> clazz,
String name,
Class<?>... paramTypes)
{
if (clazz != null) {
try {
return clazz.getMethod(name, paramTypes);
} catch (NoSuchMethodException e) {
throw new AssertionError(e);
}
} else {
return null;
}
}
private BeansHelper() { }
/**
* Returns {@code true} if java.beans is available.
*/
static boolean isAvailable() {
return introspectorClass != null;
}
/**
* Invokes java.beans.Introspector.getBeanInfo(Class)
*/
static Object getBeanInfo(Class<?> clazz) throws Exception {
try {
return getBeanInfo.invoke(null, clazz);
} catch (InvocationTargetException e) {
Throwable cause = e.getCause();
if (cause instanceof Exception)
throw (Exception)cause;
throw new AssertionError(e);
} catch (IllegalAccessException iae) {
throw new AssertionError(iae);
}
}
/**
* Invokes java.beans.BeanInfo.getPropertyDescriptors()
*/
static Object[] getPropertyDescriptors(Object bi) {
try {
return (Object[])getPropertyDescriptors.invoke(bi);
} catch (InvocationTargetException e) {
Throwable cause = e.getCause();
if (cause instanceof RuntimeException)
throw (RuntimeException)cause;
throw new AssertionError(e);
} catch (IllegalAccessException iae) {
throw new AssertionError(iae);
}
}
/**
* Invokes java.beans.PropertyDescriptor.getName()
*/
static String getPropertyName(Object pd) {
try {
return (String)getPropertyName.invoke(pd);
} catch (InvocationTargetException e) {
Throwable cause = e.getCause();
if (cause instanceof RuntimeException)
throw (RuntimeException)cause;
throw new AssertionError(e);
} catch (IllegalAccessException iae) {
throw new AssertionError(iae);
}
}
/**
* Invokes java.beans.PropertyDescriptor.getReadMethod()
*/
static Method getReadMethod(Object pd) {
try {
return (Method)getReadMethod.invoke(pd);
} catch (InvocationTargetException e) {
Throwable cause = e.getCause();
if (cause instanceof RuntimeException)
throw (RuntimeException)cause;
throw new AssertionError(e);
} catch (IllegalAccessException iae) {
throw new AssertionError(iae);
}
}
}
}
src/share/classes/com/sun/jmx/mbeanserver/MBeanIntrospector.java
浏览文件 @ fe91df36
......@@ -175,7 +175,7 @@ abstract class MBeanIntrospector<M> {
/**
* Get the methods to be analyzed to build the MBean interface.
*/
List<Method> getMethods(final Class<?> mbeanType) throws Exception {
List<Method> getMethods(final Class<?> mbeanType) {
return Arrays.asList(mbeanType.getMethods());
}
......
src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java
浏览文件 @ fe91df36
......@@ -99,4 +99,58 @@ public interface ExtendedGSSContext extends GSSContext {
*/
public Object inquireSecContext(InquireType type)
throws GSSException;
/**
* Requests that the delegation policy be respected. When a true value is
* requested, the underlying context would use the delegation policy
* defined by the environment as a hint to determine whether credentials
* delegation should be performed. This request can only be made on the
* context initiator's side and it has to be done prior to the first
* call to <code>initSecContext</code>.
* <p>
* When this flag is false, delegation will only be tried when the
* {@link GSSContext#requestCredDeleg(boolean) credentials delegation flag}
* is true.
* <p>
* When this flag is true but the
* {@link GSSContext#requestCredDeleg(boolean) credentials delegation flag}
* is false, delegation will be only tried if the delegation policy permits
* delegation.
* <p>
* When both this flag and the
* {@link GSSContext#requestCredDeleg(boolean) credentials delegation flag}
* are true, delegation will be always tried. However, if the delegation
* policy does not permit delegation, the value of
* {@link #getDelegPolicyState} will be false, even
* if delegation is performed successfully.
* <p>
* In any case, if the delegation is not successful, the value returned
* by {@link GSSContext#getCredDelegState()} is false, and the value
* returned by {@link #getDelegPolicyState()} is also false.
* <p>
* Not all mechanisms support delegation policy. Therefore, the
* application should check to see if the request was honored with the
* {@link #getDelegPolicyState() getDelegPolicyState} method. When
* delegation policy is not supported, <code>requestDelegPolicy</code>
* should return silently without throwing an exception.
* <p>
* Note: for the Kerberos 5 mechanism, the delegation policy is expressed
* through the OK-AS-DELEGATE flag in the service ticket. When it's true,
* the KDC permits delegation to the target server. In a cross-realm
* environment, in order for delegation be permitted, all cross-realm TGTs
* on the authentication path must also have the OK-AS-DELAGATE flags set.
* @param state true if the policy should be respected
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public void requestDelegPolicy(boolean state) throws GSSException;
/**
* Returns the delegation policy response. Called after a security context
* is established. This method can be only called on the initiator's side.
* See {@link ExtendedGSSContext#requestDelegPolicy}.
* @return the delegation policy response
*/
public boolean getDelegPolicyState();
}
src/share/classes/com/sun/tools/hat/internal/model/JavaStatic.java
浏览文件 @ fe91df36
......@@ -57,7 +57,10 @@ public class JavaStatic {
id = ((JavaObjectRef)value).getId();
}
value = value.dereference(snapshot, field);
if (value.isHeapAllocated()) {
if (value.isHeapAllocated() &&
clazz.getLoader() == snapshot.getNullThing()) {
// static fields are only roots if they are in classes
// loaded by the root classloader.
JavaHeapObject ho = (JavaHeapObject) value;
String s = "Static reference from " + clazz.getName()
+ "." + field.getName();
......
src/share/classes/com/sun/tracing/ProviderFactory.java
浏览文件 @ fe91df36
......@@ -4,7 +4,10 @@ package com.sun.tracing;
import java.util.HashSet;
import java.io.PrintStream;
import java.lang.reflect.Field;
import java.util.logging.Logger;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import sun.security.action.GetPropertyAction;
import sun.tracing.NullProviderFactory;
import sun.tracing.PrintStreamProviderFactory;
......@@ -52,23 +55,17 @@ public abstract class ProviderFactory {
HashSet<ProviderFactory> factories = new HashSet<ProviderFactory>();
// Try to instantiate a DTraceProviderFactory
String prop = null;
try { prop = System.getProperty("com.sun.tracing.dtrace"); }
catch (java.security.AccessControlException e) {
Logger.getAnonymousLogger().fine(
"Cannot access property com.sun.tracing.dtrace");
}
String prop = AccessController.doPrivileged(
new GetPropertyAction("com.sun.tracing.dtrace"));
if ( (prop == null || !prop.equals("disable")) &&
DTraceProviderFactory.isSupported() ) {
factories.add(new DTraceProviderFactory());
}
// Try to instantiate an output stream factory
try { prop = System.getProperty("sun.tracing.stream"); }
catch (java.security.AccessControlException e) {
Logger.getAnonymousLogger().fine(
"Cannot access property sun.tracing.stream");
}
prop = AccessController.doPrivileged(
new GetPropertyAction("sun.tracing.stream"));
if (prop != null) {
for (String spec : prop.split(",")) {
PrintStream ps = getPrintStreamFromSpec(spec);
......@@ -89,22 +86,29 @@ public abstract class ProviderFactory {
}
}
private static PrintStream getPrintStreamFromSpec(String spec) {
private static PrintStream getPrintStreamFromSpec(final String spec) {
try {
// spec is in the form of <class>.<field>, where <class> is
// a fully specified class name, and <field> is a static member
// in that class. The <field> must be a 'PrintStream' or subtype
// in order to be used.
int fieldpos = spec.lastIndexOf('.');
Class<?> cls = Class.forName(spec.substring(0, fieldpos));
Field f = cls.getField(spec.substring(fieldpos + 1));
Class<?> fieldType = f.getType();
final int fieldpos = spec.lastIndexOf('.');
final Class<?> cls = Class.forName(spec.substring(0, fieldpos));
Field f = AccessController.doPrivileged(new PrivilegedExceptionAction<Field>() {
public Field run() throws NoSuchFieldException {
return cls.getField(spec.substring(fieldpos + 1));
}
});
return (PrintStream)f.get(null);
} catch (Exception e) {
Logger.getAnonymousLogger().warning(
"Could not parse sun.tracing.stream property: " + e);
} catch (ClassNotFoundException e) {
throw new AssertionError(e);
} catch (IllegalAccessException e) {
throw new AssertionError(e);
} catch (PrivilegedActionException e) {
throw new AssertionError(e);
}
return null;
}
}
src/share/classes/java/net/CookieManager.java
浏览文件 @ fe91df36
......@@ -30,6 +30,7 @@ import java.util.List;
import java.util.Collections;
import java.util.Comparator;
import java.io.IOException;
import sun.util.logging.PlatformLogger;
/**
* CookieManager provides a concrete implementation of {@link CookieHandler},
......@@ -263,6 +264,7 @@ public class CookieManager extends CookieHandler
if (cookieJar == null)
return;
PlatformLogger logger = PlatformLogger.getLogger("java.net.CookieManager");
for (String headerKey : responseHeaders.keySet()) {
// RFC 2965 3.2.2, key must be 'Set-Cookie2'
// we also accept 'Set-Cookie' here for backward compatibility
......@@ -277,7 +279,16 @@ public class CookieManager extends CookieHandler
for (String headerValue : responseHeaders.get(headerKey)) {
try {
List<HttpCookie> cookies = HttpCookie.parse(headerValue);
List<HttpCookie> cookies;
try {
cookies = HttpCookie.parse(headerValue);
} catch (IllegalArgumentException e) {
// Bogus header, make an empty list and log the error
cookies = java.util.Collections.EMPTY_LIST;
if (logger.isLoggable(PlatformLogger.SEVERE)) {
logger.severe("Invalid cookie for " + uri + ": " + headerValue);
}
}
for (HttpCookie cookie : cookies) {
if (cookie.getPath() == null) {
// If no path is specified, then by default
......
src/share/classes/java/net/HttpCookie.java
浏览文件 @ fe91df36
......@@ -1036,7 +1036,7 @@ public final class HttpCookie implements Cloneable {
int version = Integer.parseInt(attrValue);
cookie.setVersion(version);
} catch (NumberFormatException ignored) {
throw new IllegalArgumentException("Illegal cookie version attribute");
// Just ignore bogus version, it will default to 0 or 1
}
}
});
......@@ -1147,12 +1147,15 @@ public final class HttpCookie implements Cloneable {
}
private static String stripOffSurroundingQuote(String str) {
if (str != null && str.length() > 0 &&
if (str != null && str.length() > 2 &&
str.charAt(0) == '"' && str.charAt(str.length() - 1) == '"') {
return str.substring(1, str.length() - 1);
} else {
return str;
}
if (str != null && str.length() > 2 &&
str.charAt(0) == '\'' && str.charAt(str.length() - 1) == '\'') {
return str.substring(1, str.length() - 1);
}
return str;
}
private static boolean equalsIgnoreCase(String s, String t) {
......
src/share/classes/javax/security/auth/Subject.java
浏览文件 @ fe91df36
......@@ -40,7 +40,6 @@ import java.security.PrivilegedExceptionAction;
import java.security.PrivilegedActionException;
import java.security.ProtectionDomain;
import sun.security.util.ResourcesMgr;
import sun.security.util.SecurityConstants;
/**
* <p> A <code>Subject</code> represents a grouping of related information
......@@ -239,7 +238,7 @@ public final class Subject implements java.io.Serializable {
public void setReadOnly() {
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new AuthPermission("setReadOnly"));
sm.checkPermission(AuthPermissionHolder.SET_READ_ONLY_PERMISSION);
}
this.readOnly = true;
......@@ -285,7 +284,7 @@ public final class Subject implements java.io.Serializable {
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new AuthPermission("getSubject"));
sm.checkPermission(AuthPermissionHolder.GET_SUBJECT_PERMISSION);
}
if (acc == null) {
......@@ -343,7 +342,7 @@ public final class Subject implements java.io.Serializable {
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(SecurityConstants.DO_AS_PERMISSION);
sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION);
}
if (action == null)
throw new NullPointerException
......@@ -402,7 +401,7 @@ public final class Subject implements java.io.Serializable {
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(SecurityConstants.DO_AS_PERMISSION);
sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION);
}
if (action == null)
......@@ -456,7 +455,7 @@ public final class Subject implements java.io.Serializable {
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(SecurityConstants.DO_AS_PRIVILEGED_PERMISSION);
sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION);
}
if (action == null)
......@@ -520,7 +519,7 @@ public final class Subject implements java.io.Serializable {
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(SecurityConstants.DO_AS_PRIVILEGED_PERMISSION);
sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION);
}
if (action == null)
......@@ -1044,16 +1043,13 @@ public final class Subject implements java.io.Serializable {
if (sm != null) {
switch (which) {
case Subject.PRINCIPAL_SET:
sm.checkPermission(new AuthPermission
("modifyPrincipals"));
sm.checkPermission(AuthPermissionHolder.MODIFY_PRINCIPALS_PERMISSION);
break;
case Subject.PUB_CREDENTIAL_SET:
sm.checkPermission(new AuthPermission
("modifyPublicCredentials"));
sm.checkPermission(AuthPermissionHolder.MODIFY_PUBLIC_CREDENTIALS_PERMISSION);
break;
default:
sm.checkPermission(new AuthPermission
("modifyPrivateCredentials"));
sm.checkPermission(AuthPermissionHolder.MODIFY_PRIVATE_CREDENTIALS_PERMISSION);
break;
}
}
......@@ -1073,16 +1069,13 @@ public final class Subject implements java.io.Serializable {
if (sm != null) {
switch (which) {
case Subject.PRINCIPAL_SET:
sm.checkPermission
(new AuthPermission("modifyPrincipals"));
sm.checkPermission(AuthPermissionHolder.MODIFY_PRINCIPALS_PERMISSION);
break;
case Subject.PUB_CREDENTIAL_SET:
sm.checkPermission
(new AuthPermission("modifyPublicCredentials"));
sm.checkPermission(AuthPermissionHolder.MODIFY_PUBLIC_CREDENTIALS_PERMISSION);
break;
default:
sm.checkPermission
(new AuthPermission("modifyPrivateCredentials"));
sm.checkPermission(AuthPermissionHolder.MODIFY_PRIVATE_CREDENTIALS_PERMISSION);
break;
}
}
......@@ -1405,4 +1398,27 @@ public final class Subject implements java.io.Serializable {
return set.add(o);
}
}
static class AuthPermissionHolder {
static final AuthPermission DO_AS_PERMISSION =
new AuthPermission("doAs");
static final AuthPermission DO_AS_PRIVILEGED_PERMISSION =
new AuthPermission("doAsPrivileged");
static final AuthPermission SET_READ_ONLY_PERMISSION =
new AuthPermission("setReadOnly");
static final AuthPermission GET_SUBJECT_PERMISSION =
new AuthPermission("getSubject");
static final AuthPermission MODIFY_PRINCIPALS_PERMISSION =
new AuthPermission("modifyPrincipals");
static final AuthPermission MODIFY_PUBLIC_CREDENTIALS_PERMISSION =
new AuthPermission("modifyPublicCredentials");
static final AuthPermission MODIFY_PRIVATE_CREDENTIALS_PERMISSION =
new AuthPermission("modifyPrivateCredentials");
}
}
src/share/classes/org/ietf/jgss/GSSContext.java
浏览文件 @ fe91df36
/*
* Copyright 2000-2001 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -678,7 +678,7 @@ public interface GSSContext {
* are not definitive then the method will attempt to treat all
* available bytes as part of the token.<p>
*
* Other than the possible blocking behaviour described above, this
* Other than the possible blocking behavior described above, this
* method is equivalent to the byte array based {@link #unwrap(byte[],
* int, int, MessageProp) unwrap} method.<p>
*
......@@ -826,7 +826,7 @@ public interface GSSContext {
* are not definitive then the method will attempt to treat all
* available bytes as part of the token.<p>
*
* Other than the possible blocking behaviour described above, this
* Other than the possible blocking behavior described above, this
* method is equivalent to the byte array based {@link #verifyMIC(byte[],
* int, int, byte[], int, int, MessageProp) verifyMIC} method.<p>
*
......@@ -917,7 +917,7 @@ public interface GSSContext {
* getMutualAuthState} method.<p>
*
* @param state a boolean value indicating whether mutual
* authentication shouls be used or not.
* authentication should be used or not.
* @see #getMutualAuthState()
*
* @throws GSSException containing the following
......@@ -928,7 +928,7 @@ public interface GSSContext {
/**
* Requests that replay detection be enabled for the
* per-message security services after context establishemnt. This
* per-message security services after context establishment. This
* request can only be made on the context initiator's side and it has
* to be done prior to the first call to
* <code>initSecContext</code>. During context establishment replay
......@@ -958,7 +958,7 @@ public interface GSSContext {
/**
* Requests that sequence checking be enabled for the
* per-message security services after context establishemnt. This
* per-message security services after context establishment. This
* request can only be made on the context initiator's side and it has
* to be done prior to the first call to
* <code>initSecContext</code>. During context establishment sequence
......
src/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java
浏览文件 @ fe91df36
......@@ -25,6 +25,7 @@
package sun.net.www.protocol.http.spnego;
import com.sun.security.jgss.ExtendedGSSContext;
import java.io.IOException;
import org.ietf.jgss.GSSContext;
......@@ -100,15 +101,10 @@ public class NegotiatorImpl extends Negotiator {
null,
GSSContext.DEFAULT_LIFETIME);
// In order to support credential delegation in HTTP/SPNEGO,
// we always request it before initSecContext. The current
// implementation will check the OK-AS-DELEGATE flag inside
// the service ticket of the web server, and only enable
// delegation when this flag is set. This check is only
// performed when the GSS caller is CALLER_HTTP_NEGOTIATE,
// so all other normal GSS-API calls are not affected.
context.requestCredDeleg(true);
// Always respect delegation policy in HTTP/SPNEGO.
if (context instanceof ExtendedGSSContext) {
((ExtendedGSSContext)context).requestDelegPolicy(true);
}
oneToken = context.initSecContext(new byte[0], 0, 0);
}
......
src/share/classes/sun/security/jgss/GSSContextImpl.java
浏览文件 @ fe91df36
......@@ -89,7 +89,8 @@ import com.sun.security.jgss.*;
*/
class GSSContextImpl implements ExtendedGSSContext {
private GSSManagerImpl gssManager = null;
private final GSSManagerImpl gssManager;
private final boolean initiator;
// private flags for the context state
private static final int PRE_INIT = 1;
......@@ -99,14 +100,12 @@ class GSSContextImpl implements ExtendedGSSContext {
// instance variables
private int currentState = PRE_INIT;
private boolean initiator;
private GSSContextSpi mechCtxt = null;
private Oid mechOid = null;
private ObjectIdentifier objId = null;
private GSSCredentialImpl myCred = null;
private GSSCredentialImpl delegCred = null;
private GSSNameImpl srcName = null;
private GSSNameImpl targName = null;
......@@ -121,6 +120,7 @@ class GSSContextImpl implements ExtendedGSSContext {
private boolean reqSequenceDetState = true;
private boolean reqCredDelegState = false;
private boolean reqAnonState = false;
private boolean reqDelegPolicyState = false;
/**
* Creates a GSSContextImp on the context initiator's side.
......@@ -221,6 +221,7 @@ class GSSContextImpl implements ExtendedGSSContext {
mechCtxt.requestSequenceDet(reqSequenceDetState);
mechCtxt.requestAnonymity(reqAnonState);
mechCtxt.setChannelBinding(channelBindings);
mechCtxt.requestDelegPolicy(reqDelegPolicyState);
objId = new ObjectIdentifier(mechOid.toString());
......@@ -465,42 +466,42 @@ class GSSContextImpl implements ExtendedGSSContext {
}
public void requestMutualAuth(boolean state) throws GSSException {
if (mechCtxt == null)
if (mechCtxt == null && initiator)
reqMutualAuthState = state;
}
public void requestReplayDet(boolean state) throws GSSException {
if (mechCtxt == null)
if (mechCtxt == null && initiator)
reqReplayDetState = state;
}
public void requestSequenceDet(boolean state) throws GSSException {
if (mechCtxt == null)
if (mechCtxt == null && initiator)
reqSequenceDetState = state;
}
public void requestCredDeleg(boolean state) throws GSSException {
if (mechCtxt == null)
if (mechCtxt == null && initiator)
reqCredDelegState = state;
}
public void requestAnonymity(boolean state) throws GSSException {
if (mechCtxt == null)
if (mechCtxt == null && initiator)
reqAnonState = state;
}
public void requestConf(boolean state) throws GSSException {
if (mechCtxt == null)
if (mechCtxt == null && initiator)
reqConfState = state;
}
public void requestInteg(boolean state) throws GSSException {
if (mechCtxt == null)
if (mechCtxt == null && initiator)
reqIntegState = state;
}
public void requestLifetime(int lifetime) throws GSSException {
if (mechCtxt == null)
if (mechCtxt == null && initiator)
reqLifetime = lifetime;
}
......@@ -630,6 +631,8 @@ class GSSContextImpl implements ExtendedGSSContext {
targName = null;
}
// ExtendedGSSContext methods:
@Override
public Object inquireSecContext(InquireType type) throws GSSException {
SecurityManager security = System.getSecurityManager();
......@@ -641,4 +644,18 @@ class GSSContextImpl implements ExtendedGSSContext {
}
return mechCtxt.inquireSecContext(type);
}
@Override
public void requestDelegPolicy(boolean state) throws GSSException {
if (mechCtxt == null && initiator)
reqDelegPolicyState = state;
}
@Override
public boolean getDelegPolicyState() {
if (mechCtxt != null)
return mechCtxt.getDelegPolicyState();
else
return reqDelegPolicyState;
}
}
src/share/classes/sun/security/jgss/krb5/InitialToken.java
浏览文件 @ fe91df36
......@@ -85,32 +85,39 @@ abstract class InitialToken extends Krb5Token {
int size = CHECKSUM_LENGTH_SIZE + CHECKSUM_BINDINGS_SIZE +
CHECKSUM_FLAGS_SIZE;
if (!tgt.isForwardable()) {
context.setCredDelegState(false);
context.setDelegPolicyState(false);
} else if (context.getCredDelegState()) {
if (context.getDelegPolicyState()) {
if (!serviceTicket.checkDelegate()) {
// delegation not permitted by server policy, mark it
context.setDelegPolicyState(false);
}
}
} else if (context.getDelegPolicyState()) {
if (serviceTicket.checkDelegate()) {
context.setCredDelegState(true);
} else {
context.setDelegPolicyState(false);
}
}
if (context.getCredDelegState()) {
if (context.getCaller() instanceof HttpCaller &&
!serviceTicket.getFlags()[Krb5.TKT_OPTS_DELEGATE]) {
// When the caller is HTTP/SPNEGO and OK-AS-DELEGATE
// is not present in the service ticket, delegation
// is disabled.
context.setCredDelegState(false);
} else if (!tgt.isForwardable()) {
// XXX log this resetting of delegation state
context.setCredDelegState(false);
KrbCred krbCred = null;
CipherHelper cipherHelper =
context.getCipherHelper(serviceTicket.getSessionKey());
if (useNullKey(cipherHelper)) {
krbCred = new KrbCred(tgt, serviceTicket,
EncryptionKey.NULL_KEY);
} else {
KrbCred krbCred = null;
CipherHelper cipherHelper =
context.getCipherHelper(serviceTicket.getSessionKey());
if (useNullKey(cipherHelper)) {
krbCred = new KrbCred(tgt, serviceTicket,
EncryptionKey.NULL_KEY);
} else {
krbCred = new KrbCred(tgt, serviceTicket,
serviceTicket.getSessionKey());
}
krbCredMessage = krbCred.getMessage();
size += CHECKSUM_DELEG_OPT_SIZE +
CHECKSUM_DELEG_LGTH_SIZE +
krbCredMessage.length;
krbCred = new KrbCred(tgt, serviceTicket,
serviceTicket.getSessionKey());
}
krbCredMessage = krbCred.getMessage();
size += CHECKSUM_DELEG_OPT_SIZE +
CHECKSUM_DELEG_LGTH_SIZE +
krbCredMessage.length;
}
checksumBytes = new byte[size];
......@@ -296,6 +303,7 @@ abstract class InitialToken extends Krb5Token {
return delegCreds;
}
// Only called by acceptor
public void setContextFlags(Krb5Context context) {
// default for cred delegation is false
if ((flags & CHECKSUM_DELEG_FLAG) > 0)
......
src/share/classes/sun/security/jgss/krb5/Krb5Context.java
浏览文件 @ fe91df36
......@@ -78,6 +78,7 @@ class Krb5Context implements GSSContextSpi {
private boolean sequenceDetState = true;
private boolean confState = true;
private boolean integState = true;
private boolean delegPolicyState = false;
private int mySeqNumber;
private int peerSeqNumber;
......@@ -299,6 +300,21 @@ class Krb5Context implements GSSContextSpi {
return sequenceDetState || replayDetState;
}
/**
* Requests that the deleg policy be respected.
*/
public final void requestDelegPolicy(boolean value) {
if (state == STATE_NEW && isInitiator())
delegPolicyState = value;
}
/**
* Is deleg policy respected?
*/
public final boolean getDelegPolicyState() {
return delegPolicyState;
}
/*
* Anonymity is a little different in that after an application
* requests anonymity it will want to know whether the mechanism
......@@ -422,6 +438,10 @@ class Krb5Context implements GSSContextSpi {
integState = state;
}
final void setDelegPolicyState(boolean state) {
delegPolicyState = state;
}
/**
* Sets the channel bindings to be used during context
* establishment.
......
src/share/classes/sun/security/jgss/spi/GSSContextSpi.java
浏览文件 @ fe91df36
......@@ -124,6 +124,8 @@ public interface GSSContextSpi {
public void requestInteg(boolean state) throws GSSException;
public void requestDelegPolicy(boolean state) throws GSSException;
public void setChannelBinding(ChannelBinding cb) throws GSSException;
public boolean getCredDelegState();
......@@ -136,6 +138,8 @@ public interface GSSContextSpi {
public boolean getAnonymityState();
public boolean getDelegPolicyState();
public boolean isTransferable() throws GSSException;
public boolean isProtReady();
......
src/share/classes/sun/security/jgss/spnego/SpNegoContext.java
浏览文件 @ fe91df36
......@@ -63,6 +63,7 @@ public class SpNegoContext implements GSSContextSpi {
private boolean sequenceDetState = true;
private boolean confState = true;
private boolean integState = true;
private boolean delegPolicyState = false;
private GSSNameSpi peerName = null;
private GSSNameSpi myName = null;
......@@ -153,6 +154,14 @@ public class SpNegoContext implements GSSContextSpi {
integState = value;
}
/**
* Requests that deleg policy be respected.
*/
public final void requestDelegPolicy(boolean value) throws GSSException {
if (state == STATE_NEW && isInitiator())
delegPolicyState = value;
}
/**
* Is integrity available?
*/
......@@ -160,6 +169,19 @@ public class SpNegoContext implements GSSContextSpi {
return integState;
}
/**
* Is deleg policy respected?
*/
public final boolean getDelegPolicyState() {
if (isInitiator() && mechContext != null &&
mechContext instanceof ExtendedGSSContext &&
(state == STATE_IN_PROCESS || state == STATE_DONE)) {
return ((ExtendedGSSContext)mechContext).getDelegPolicyState();
} else {
return delegPolicyState;
}
}
/**
* Requests that credential delegation be done during context
* establishment.
......@@ -173,7 +195,7 @@ public class SpNegoContext implements GSSContextSpi {
* Is credential delegation enabled?
*/
public final boolean getCredDelegState() {
if (mechContext != null &&
if (isInitiator() && mechContext != null &&
(state == STATE_IN_PROCESS || state == STATE_DONE)) {
return mechContext.getCredDelegState();
} else {
......@@ -201,30 +223,6 @@ public class SpNegoContext implements GSSContextSpi {
return mutualAuthState;
}
final void setCredDelegState(boolean state) {
credDelegState = state;
}
final void setMutualAuthState(boolean state) {
mutualAuthState = state;
}
final void setReplayDetState(boolean state) {
replayDetState = state;
}
final void setSequenceDetState(boolean state) {
sequenceDetState = state;
}
final void setConfState(boolean state) {
confState = state;
}
final void setIntegState(boolean state) {
integState = state;
}
/**
* Returns the mechanism oid.
*
......@@ -319,14 +317,9 @@ public class SpNegoContext implements GSSContextSpi {
mechToken = GSS_initSecContext(null);
errorCode = GSSException.DEFECTIVE_TOKEN;
byte[] micToken = null;
if (!GSSUtil.useMSInterop()) {
// calculate MIC only in normal mode
micToken = generateMechListMIC(DER_mechTypes);
}
// generate SPNEGO token
initToken = new NegTokenInit(DER_mechTypes, getContextFlags(),
mechToken, micToken);
mechToken, null);
if (DEBUG) {
System.out.println("SpNegoContext.initSecContext: " +
"sending token of type = " +
......@@ -585,15 +578,9 @@ public class SpNegoContext implements GSSContextSpi {
"negotiated result = " + negoResult);
}
// calculate MIC only in normal mode
byte[] micToken = null;
if (!GSSUtil.useMSInterop() && valid) {
micToken = generateMechListMIC(DER_mechTypes);
}
// generate SPNEGO token
NegTokenTarg targToken = new NegTokenTarg(negoResult.ordinal(),
mech_wanted, accept_token, micToken);
mech_wanted, accept_token, null);
if (DEBUG) {
System.out.println("SpNegoContext.acceptSecContext: " +
"sending token of type = " +
......@@ -653,6 +640,10 @@ public class SpNegoContext implements GSSContextSpi {
throw gssException;
}
if (state == STATE_DONE) {
// now set the context flags for acceptor
setContextFlags();
}
return retVal;
}
......@@ -703,36 +694,39 @@ public class SpNegoContext implements GSSContextSpi {
return out;
}
// Only called on acceptor side. On the initiator side, most flags
// are already set at request. For those that might get chanegd,
// state from mech below is used.
private void setContextFlags() {
if (mechContext != null) {
// default for cred delegation is false
if (mechContext.getCredDelegState()) {
setCredDelegState(true);
credDelegState = true;
}
// default for the following are true
if (!mechContext.getMutualAuthState()) {
setMutualAuthState(false);
mutualAuthState = false;
}
if (!mechContext.getReplayDetState()) {
setReplayDetState(false);
replayDetState = false;
}
if (!mechContext.getSequenceDetState()) {
setSequenceDetState(false);
sequenceDetState = false;
}
if (!mechContext.getIntegState()) {
setIntegState(false);
integState = false;
}
if (!mechContext.getConfState()) {
setConfState(false);
confState = false;
}
}
}
/**
* generate MIC on mechList
* generate MIC on mechList. Not used at the moment.
*/
private byte[] generateMechListMIC(byte[] mechTypes)
/*private byte[] generateMechListMIC(byte[] mechTypes)
throws GSSException {
// sanity check the required input
......@@ -769,7 +763,7 @@ public class SpNegoContext implements GSSContextSpi {
}
}
return mic;
}
}*/
/**
* verify MIC on MechList
......@@ -837,6 +831,10 @@ public class SpNegoContext implements GSSContextSpi {
mechContext.requestMutualAuth(mutualAuthState);
mechContext.requestReplayDet(replayDetState);
mechContext.requestSequenceDet(sequenceDetState);
if (mechContext instanceof ExtendedGSSContext) {
((ExtendedGSSContext)mechContext).requestDelegPolicy(
delegPolicyState);
}
}
// pass token
......@@ -1202,5 +1200,5 @@ public class SpNegoContext implements GSSContextSpi {
"inquireSecContext not supported by underlying mech.");
}
}
}
src/share/classes/sun/security/jgss/spnego/SpNegoMechFactory.java
浏览文件 @ fe91df36
......@@ -57,6 +57,12 @@ public final class SpNegoMechFactory implements MechanismFactory {
GSSName.NT_HOSTBASED_SERVICE,
GSSName.NT_EXPORT_NAME};
// The default underlying mech of SPNEGO, must not be SPNEGO itself.
private static final Oid DEFAULT_SPNEGO_MECH_OID =
ProviderList.DEFAULT_MECH_OID.equals(GSS_SPNEGO_MECH_OID)?
GSSUtil.GSS_KRB5_MECH_OID:
ProviderList.DEFAULT_MECH_OID;
// Use an instance of a GSSManager whose provider list
// does not include native provider
final GSSManagerImpl manager;
......@@ -100,18 +106,27 @@ public final class SpNegoMechFactory implements MechanismFactory {
availableMechs[j++] = mechs[i];
}
}
// Move the preferred mech to first place
for (int i=0; i<availableMechs.length; i++) {
if (availableMechs[i].equals(DEFAULT_SPNEGO_MECH_OID)) {
if (i != 0) {
availableMechs[i] = availableMechs[0];
availableMechs[0] = DEFAULT_SPNEGO_MECH_OID;
}
break;
}
}
}
public GSSNameSpi getNameElement(String nameStr, Oid nameType)
throws GSSException {
// get NameElement for the default Mechanism
return manager.getNameElement(nameStr, nameType, null);
throws GSSException {
return manager.getNameElement(
nameStr, nameType, DEFAULT_SPNEGO_MECH_OID);
}
public GSSNameSpi getNameElement(byte[] name, Oid nameType)
throws GSSException {
// get NameElement for the default Mechanism
return manager.getNameElement(name, nameType, null);
throws GSSException {
return manager.getNameElement(name, nameType, DEFAULT_SPNEGO_MECH_OID);
}
public GSSCredentialSpi getCredentialElement(GSSNameSpi name,
......
src/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java
浏览文件 @ fe91df36
......@@ -549,6 +549,9 @@ class NativeGSSContext implements GSSContextSpi {
public void requestInteg(boolean state) throws GSSException {
changeFlags(GSS_C_INTEG_FLAG, state);
}
public void requestDelegPolicy(boolean state) throws GSSException {
// Not supported, ignore
}
public void requestLifetime(int lifetime) throws GSSException {
if (isInitiator && pContext == 0) {
this.lifetime = lifetime;
......@@ -590,6 +593,9 @@ class NativeGSSContext implements GSSContextSpi {
public boolean getIntegState() {
return checkFlags(GSS_C_INTEG_FLAG);
}
public boolean getDelegPolicyState() {
return false;
}
public int getLifetime() {
return cStub.getContextTime(pContext);
}
......
src/share/classes/sun/security/krb5/Credentials.java
浏览文件 @ fe91df36
......@@ -234,7 +234,19 @@ public class Credentials {
* @return true if OK-AS_DELEGATE flag is set, otherwise, return false.
*/
public boolean checkDelegate() {
return (flags.get(Krb5.TKT_OPTS_DELEGATE));
return flags.get(Krb5.TKT_OPTS_DELEGATE);
}
/**
* Reset TKT_OPTS_DELEGATE to false, called at credentials acquirement
* when one of the cross-realm TGTs does not have the OK-AS-DELEGATE
* flag set. This info must be preservable and restorable through
* the Krb5Util.credsToTicket/ticketToCreds() methods so that even if
* the service ticket is cached it still remembers the cross-realm
* authentication result.
*/
public void resetDelegate() {
flags.set(Krb5.TKT_OPTS_DELEGATE, false);
}
public Credentials renew() throws KrbException, IOException {
......
src/share/classes/sun/security/krb5/internal/CredentialsUtil.java
浏览文件 @ fe91df36
/*
* Portions Copyright 2001-2004 Sun Microsystems, Inc. All Rights Reserved.
* Portions Copyright 2001-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -117,6 +117,7 @@ rs.
// Get a list of realms to traverse
String[] realms = Realm.getRealmsList(localRealm, serviceRealm);
boolean okAsDelegate = true;
if (realms == null || realms.length == 0)
{
......@@ -194,6 +195,15 @@ rs.
*/
newTgtRealm = newTgt.getServer().getInstanceComponent();
if (okAsDelegate && !newTgt.checkDelegate()) {
if (DEBUG)
{
System.out.println(">>> Credentials acquireServiceCreds: " +
"global OK-AS-DELEGATE turned off at " +
newTgt.getServer());
}
okAsDelegate = false;
}
if (DEBUG)
{
......@@ -283,6 +293,9 @@ rs.
System.out.println(">>> Credentials acquireServiceCreds: returning creds:");
Credentials.printDebug(theCreds);
}
if (!okAsDelegate) {
theCreds.resetDelegate();
}
return theCreds;
}
throw new KrbApErrException(Krb5.KRB_AP_ERR_GEN_CRED,
......
src/share/classes/sun/security/provider/certpath/OCSPChecker.java
浏览文件 @ fe91df36
......@@ -335,10 +335,13 @@ class OCSPChecker extends PKIXCertPathChecker {
response = OCSP.check(Collections.singletonList(certId), uri,
responderCert, pkixParams.getDate());
} catch (Exception e) {
// Wrap all exceptions in CertPathValidatorException so that
// we can fallback to CRLs, if enabled.
throw new CertPathValidatorException
("Unable to send OCSP request", e);
if (e instanceof CertPathValidatorException) {
throw (CertPathValidatorException) e;
} else {
// Wrap exceptions in CertPathValidatorException so that
// we can fallback to CRLs, if enabled.
throw new CertPathValidatorException(e);
}
}
RevocationStatus rs = (RevocationStatus) response.getSingleResponse(certId);
......
src/share/classes/sun/security/util/SecurityConstants.java
浏览文件 @ fe91df36
......@@ -33,7 +33,6 @@ import java.security.Permission;
import java.security.BasicPermission;
import java.security.SecurityPermission;
import java.security.AllPermission;
import javax.security.auth.AuthPermission;
/**
* Permission constants and string constants used to create permissions
......@@ -259,12 +258,4 @@ public final class SecurityConstants {
// java.lang.SecurityManager
public static final SocketPermission LOCAL_LISTEN_PERMISSION =
new SocketPermission("localhost:1024-", SOCKET_LISTEN_ACTION);
// javax.security.auth.Subject
public static final AuthPermission DO_AS_PERMISSION =
new AuthPermission("doAs");
// javax.security.auth.Subject
public static final AuthPermission DO_AS_PRIVILEGED_PERMISSION =
new AuthPermission("doAsPrivileged");
}
src/share/classes/sun/security/validator/PKIXValidator.java
浏览文件 @ fe91df36
......@@ -150,9 +150,17 @@ public final class PKIXValidator extends Validator {
("null or zero-length certificate chain");
}
if (TRY_VALIDATOR) {
// check if chain contains trust anchor
// check that chain is in correct order and check if chain contains
// trust anchor
X500Principal prevIssuer = null;
for (int i = 0; i < chain.length; i++) {
if (trustedCerts.contains(chain[i])) {
X509Certificate cert = chain[i];
if (i != 0 &&
!cert.getSubjectX500Principal().equals(prevIssuer)) {
// chain is not ordered correctly, call builder instead
return doBuild(chain, otherCerts);
}
if (trustedCerts.contains(cert)) {
if (i == 0) {
return new X509Certificate[] {chain[0]};
}
......@@ -161,6 +169,7 @@ public final class PKIXValidator extends Validator {
System.arraycopy(chain, 0, newChain, 0, i);
return doValidate(newChain);
}
prevIssuer = cert.getIssuerX500Principal();
}
// apparently issued by trust anchor?
......@@ -303,5 +312,4 @@ public final class PKIXValidator extends Validator {
("PKIX path building failed: " + e.toString(), e);
}
}
}
src/share/classes/sun/tracing/MultiplexProviderFactory.java
浏览文件 @ fe91df36
......@@ -30,7 +30,6 @@ import java.lang.reflect.InvocationTargetException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import java.util.logging.Logger;
import com.sun.tracing.ProviderFactory;
import com.sun.tracing.Provider;
......@@ -65,13 +64,7 @@ public class MultiplexProviderFactory extends ProviderFactory {
providers.add(factory.createProvider(cls));
}
MultiplexProvider provider = new MultiplexProvider(cls, providers);
try {
provider.init();
} catch (Exception e) {
// Probably a permission problem (can't get declared members)
Logger.getAnonymousLogger().warning(
"Could not initialize tracing provider: " + e.getMessage());
}
provider.init();
return provider.newProxyInstance();
}
}
......
src/share/classes/sun/tracing/NullProviderFactory.java
浏览文件 @ fe91df36
......@@ -26,7 +26,6 @@
package sun.tracing;
import java.lang.reflect.Method;
import java.util.logging.Logger;
import com.sun.tracing.ProviderFactory;
import com.sun.tracing.Provider;
......@@ -53,13 +52,7 @@ public class NullProviderFactory extends ProviderFactory {
*/
public <T extends Provider> T createProvider(Class<T> cls) {
NullProvider provider = new NullProvider(cls);
try {
provider.init();
} catch (Exception e) {
// Probably a permission problem (can't get declared members)
Logger.getAnonymousLogger().warning(
"Could not initialize tracing provider: " + e.getMessage());
}
provider.init();
return provider.newProxyInstance();
}
}
......
src/share/classes/sun/tracing/PrintStreamProviderFactory.java
浏览文件 @ fe91df36
......@@ -28,7 +28,6 @@ package sun.tracing;
import java.lang.reflect.Method;
import java.io.PrintStream;
import java.util.HashMap;
import java.util.logging.Logger;
import com.sun.tracing.ProviderFactory;
import com.sun.tracing.Provider;
......@@ -54,13 +53,7 @@ public class PrintStreamProviderFactory extends ProviderFactory {
public <T extends Provider> T createProvider(Class<T> cls) {
PrintStreamProvider provider = new PrintStreamProvider(cls, stream);
try {
provider.init();
} catch (Exception e) {
// Probably a permission problem (can't get declared members)
Logger.getAnonymousLogger().warning(
"Could not initialize tracing provider: " + e.getMessage());
}
provider.init();
return provider.newProxyInstance();
}
}
......
src/share/classes/sun/tracing/ProviderSkeleton.java
浏览文件 @ fe91df36
......@@ -32,6 +32,8 @@ import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.AnnotatedElement;
import java.lang.annotation.Annotation;
import java.util.HashMap;
import java.security.AccessController;
import java.security.PrivilegedAction;
import com.sun.tracing.Provider;
import com.sun.tracing.Probe;
......@@ -99,7 +101,13 @@ public abstract class ProviderSkeleton implements InvocationHandler, Provider {
* It is up to the factory implementations to call this after construction.
*/
public void init() {
for (Method m : providerType.getDeclaredMethods()) {
Method[] methods = AccessController.doPrivileged(new PrivilegedAction<Method[]>() {
public Method[] run() {
return providerType.getDeclaredMethods();
}
});
for (Method m : methods) {
if ( m.getReturnType() != Void.TYPE ) {
throw new IllegalArgumentException(
"Return value of method is not void");
......
src/share/classes/sun/tracing/dtrace/DTraceProviderFactory.java
浏览文件 @ fe91df36
......@@ -29,7 +29,6 @@ import java.util.Map;
import java.util.Set;
import java.util.HashMap;
import java.util.HashSet;
import java.util.logging.Logger;
import java.security.Permission;
import com.sun.tracing.ProviderFactory;
......@@ -80,15 +79,8 @@ public final class DTraceProviderFactory extends ProviderFactory {
DTraceProvider jsdt = new DTraceProvider(cls);
T proxy = jsdt.newProxyInstance();
jsdt.setProxy(proxy);
try {
jsdt.init();
new Activation(jsdt.getModuleName(), new DTraceProvider[] { jsdt });
} catch (Exception e) {
// Probably a permission problem (can't get declared members)
Logger.getAnonymousLogger().warning(
"Could not initialize tracing provider: " + e.getMessage());
jsdt.dispose();
}
jsdt.init();
new Activation(jsdt.getModuleName(), new DTraceProvider[] { jsdt });
return proxy;
}
......
test/Makefile
浏览文件 @ fe91df36
......@@ -337,9 +337,11 @@ clean:
# jtreg tests
# Expect JT_HOME to be set for jtreg tests. (home for jtreg)
JT_HOME = $(SLASH_JAVA)/re/jtreg/4.0/promoted/latest/binaries/jtreg
ifdef JPRT_JTREG_HOME
JT_HOME = $(JPRT_JTREG_HOME)
ifndef JT_HOME
JT_HOME = $(SLASH_JAVA)/re/jtreg/4.0/promoted/latest/binaries/jtreg
ifdef JPRT_JTREG_HOME
JT_HOME = $(JPRT_JTREG_HOME)
endif
endif
# Expect JPRT to set TESTDIRS to the jtreg test dirs
......@@ -361,21 +363,22 @@ endif
# Some tests annoy me and fail frequently
PROBLEM_LIST=ProblemList.txt
PROBLEM_LISTS=$(PROBLEM_LIST) $(wildcard closed/$(PROBLEM_LIST))
EXCLUDELIST=$(ABS_TEST_OUTPUT_DIR)/excludelist.txt
# Create exclude list for this platform and arch
ifdef NO_EXCLUDES
$(EXCLUDELIST): $(PROBLEM_LIST) $(TESTDIRS)
$(EXCLUDELIST): $(PROBLEM_LISTS) $(TESTDIRS)
@$(ECHO) "NOTHING_EXCLUDED" > $@
else
$(EXCLUDELIST): $(PROBLEM_LIST) $(TESTDIRS)
$(EXCLUDELIST): $(PROBLEM_LISTS) $(TESTDIRS)
@$(RM) $@ $@.temp1 $@.temp2
@( ( $(EGREP) -- '$(OS_NAME)-all' $< ) ;\
( $(EGREP) -- '$(OS_NAME)-$(OS_ARCH)' $< ) ;\
( $(EGREP) -- '$(OS_NAME)-$(OS_VERSION)' $< ) ;\
( $(EGREP) -- 'generic-$(OS_ARCH)' $< ) ;\
( $(EGREP) -- 'generic-all' $< ) ;\
( $(ECHO) "#") ;\
@(($(CAT) $(PROBLEM_LISTS) | $(EGREP) -- '$(OS_NAME)-all' ) ;\
($(CAT) $(PROBLEM_LISTS) | $(EGREP) -- '$(OS_NAME)-$(OS_ARCH)' ) ;\
($(CAT) $(PROBLEM_LISTS) | $(EGREP) -- '$(OS_NAME)-$(OS_VERSION)') ;\
($(CAT) $(PROBLEM_LISTS) | $(EGREP) -- 'generic-$(OS_ARCH)' ) ;\
($(CAT) $(PROBLEM_LISTS) | $(EGREP) -- 'generic-all' ) ;\
($(ECHO) "#") ;\
) | $(SED) -e 's@^[\ ]*@@' \
| $(EGREP) -v '^#' > $@.temp1
@for tdir in $(TESTDIRS) ; do \
......@@ -386,14 +389,18 @@ $(EXCLUDELIST): $(PROBLEM_LIST) $(TESTDIRS)
@$(ECHO) "Excluding list contains `$(EXPAND) $@ | $(WC) -l` items"
endif
# Select list of directories that exist
define TestDirs
$(foreach i,$1,$(wildcard ${i})) $(foreach i,$1,$(wildcard closed/${i}))
endef
# Running batches of tests with or without samevm
define RunSamevmBatch
$(ECHO) "Running tests in samevm mode: $?"
$(MAKE) TESTDIRS="$?" USE_JTREG_SAMEVM=true UNIQUE_DIR=$@ jtreg_tests
$(ECHO) "Running tests in samevm mode: $(call TestDirs, $?)"
$(MAKE) TESTDIRS="$(call TestDirs, $?)" USE_JTREG_SAMEVM=true UNIQUE_DIR=$@ jtreg_tests
endef
define RunOthervmBatch
$(ECHO) "Running tests in othervm mode: $?"
$(MAKE) TESTDIRS="$?" USE_JTREG_SAMEVM=false UNIQUE_DIR=$@ jtreg_tests
$(ECHO) "Running tests in othervm mode: $(call TestDirs, $?)"
$(MAKE) TESTDIRS="$(call TestDirs, $?)" USE_JTREG_SAMEVM=false UNIQUE_DIR=$@ jtreg_tests
endef
define SummaryInfo
$(ECHO) "Summary for: $?"
......@@ -428,6 +435,9 @@ JDK_ALL_TARGETS += jdk_beans3
jdk_beans3: java/beans/XMLEncoder
$(call RunOthervmBatch)
jdk_beans: jdk_beans1 jdk_beans2 jdk_beans3
@$(SummaryInfo)
# Stable samevm testruns (minus items from PROBLEM_LIST)
JDK_ALL_TARGETS += jdk_io
jdk_io: java/io
......@@ -450,6 +460,9 @@ JDK_ALL_TARGETS += jdk_management2
jdk_management2: com/sun/jmx com/sun/management sun/management
$(call RunOthervmBatch)
jdk_management: jdk_management1 jdk_management2
@$(SummaryInfo)
# Stable samevm testruns (minus items from PROBLEM_LIST)
JDK_ALL_TARGETS += jdk_math
jdk_math: java/math
......@@ -482,6 +495,9 @@ JDK_ALL_TARGETS += jdk_nio3
jdk_nio3: com/sun/nio sun/nio
$(call RunOthervmBatch)
jdk_nio: jdk_nio1 jdk_nio2 jdk_nio3
@$(SummaryInfo)
# Stable othervm testruns (minus items from PROBLEM_LIST)
# Using samevm has serious problems with these tests
JDK_ALL_TARGETS += jdk_rmi
......@@ -502,6 +518,9 @@ JDK_ALL_TARGETS += jdk_security3
jdk_security3: com/sun/security lib/security javax/security sun/security
$(call RunOthervmBatch)
jdk_security: jdk_security1 jdk_security2 jdk_security3
@$(SummaryInfo)
# Stable othervm testruns (minus items from PROBLEM_LIST)
# Using samevm has problems, and doesn't help performance as much as others.
JDK_ALL_TARGETS += jdk_swing
......@@ -517,11 +536,14 @@ jdk_text: java/text sun/text
# Using samevm has serious problems with these tests
JDK_ALL_TARGETS += jdk_tools1
jdk_tools1: com/sun/jdi
$(call RunOthervmBatch)
$(call RunSamevmBatch)
JDK_ALL_TARGETS += jdk_tools2
jdk_tools2: com/sun/tools sun/jvmstat sun/tools tools vm com/sun/servicetag com/sun/tracing
$(call RunOthervmBatch)
jdk_tools: jdk_tools1 jdk_tools2
@$(SummaryInfo)
# Stable samevm testruns (minus items from PROBLEM_LIST)
JDK_ALL_TARGETS += jdk_util
jdk_util: java/util sun/util
......
test/ProblemList.txt
浏览文件 @ fe91df36
......@@ -344,6 +344,9 @@ java/io/StreamTokenizer/Comment.java generic-all
# Some of these tests (like java/lang/management) may just need to be marked
# othervm, but that is partially speculation.
# Samevm failure on OpenSolaris, security manager?
java/lang/ClassLoader/UninitializedParent.java generic-all
# Times out on solaris 10 sparc
java/lang/ClassLoader/Assert.java generic-all
......@@ -538,6 +541,18 @@ javax/imageio/plugins/jpeg/ReadAsGrayTest.java generic-all
# Missing close on file wbmp*, windows samevm
javax/imageio/plugins/wbmp/CanDecodeTest.java generic-all
# Failures on OpenSolaris, cannot read input files? samevm issues?
javax/imageio/metadata/BooleanAttributes.java generic-all
javax/imageio/plugins/bmp/BMPSubsamplingTest.java generic-all
javax/imageio/plugins/bmp/TopDownTest.java generic-all
javax/imageio/plugins/gif/EncodeSubImageTest.java generic-all
javax/imageio/plugins/gif/GifTransparencyTest.java generic-all
javax/imageio/plugins/png/GrayPngTest.java generic-all
javax/imageio/plugins/png/ItxtUtf8Test.java generic-all
javax/imageio/plugins/png/MergeStdCommentTest.java generic-all
javax/imageio/plugins/png/ShortHistogramTest.java generic-all
javax/imageio/plugins/shared/BitDepth.java generic-all
# Exclude all javax/print tests, even if they passed, they may need samevm work
# Times out on solaris-sparc, sparcv9, x64 -server, some on i586 -client
......@@ -1073,9 +1088,6 @@ java/text/Bidi/Bug6665028.java linux-x64
# So most if not all tools tests are now being run with "othervm" mode.
# Some of these tools tests have a tendency to use fixed ports, bad idea.
# Solaris 10 client x86, java.lang.IndexOutOfBoundsException resumer Interrupted
com/sun/jdi/SimulResumerTest.java generic-all
# Output of jps differs from expected output.
# Invalid argument count on solaris-sparc and x64
sun/tools/jstatd/jstatdPort.sh generic-all
......@@ -1090,9 +1102,6 @@ sun/tools/jps/jps-m_2.sh generic-all
# Server name error, port 2098 problem?
sun/tools/jstatd/jstatdServerName.sh generic-all
# Solaris, handshake failed, othervm mode
com/sun/jdi/RedefineException.sh generic-all
# These tests fail on solaris sparc, all the time
com/sun/servicetag/DeleteServiceTag.java generic-all
com/sun/servicetag/DuplicateNotFound.java generic-all
......@@ -1117,9 +1126,6 @@ sun/jvmstat/monitor/MonitoredVm/CR6672135.java generic-all
# Unexpected Monitor Exception, solaris sparc -client
sun/jvmstat/monitor/MonitoredVm/MonitorVmStartTerminate.sh generic-all
# Probably should be samevm, but seem to cause errors even in othervm at times
sun/tools/jhat/HatHeapDump1Test.java generic-all
# Problems on windows, jmap.exe hangs? (these run jmap)
sun/tools/jmap/Basic.sh windows-all
......@@ -1129,9 +1135,6 @@ sun/tools/jstatd/jstatdDefaults.sh solaris-all
# Solaris sparcv9, jps output does not match, x64 different
sun/tools/jstatd/jstatdExternalRegistry.sh solaris-all
# Probably should be samevm, but seem to cause errors even in othervm at times
sun/tools/native2ascii/NativeErrors.java generic-all
# Solaris 10 sparc 32bit -client, java.lang.AssertionError: Some tests failed
tools/jar/JarEntryTime.java generic-all
......
test/com/sun/jdi/BadHandshakeTest.java
浏览文件 @ fe91df36
......@@ -112,6 +112,8 @@ public class BadHandshakeTest {
String arch = System.getProperty("os.arch");
if (arch.equals("sparcv9")) {
exe += "sparcv9/java";
} else if (arch.equals("amd64")) {
exe += "amd64/java";
} else {
exe += "java";
}
......
test/com/sun/jdi/DoubleAgentTest.java
浏览文件 @ fe91df36
......@@ -94,6 +94,8 @@ public class DoubleAgentTest {
String arch = System.getProperty("os.arch");
if (arch.equals("sparcv9")) {
exe += "sparcv9/java";
} else if (arch.equals("amd64")) {
exe += "amd64/java";
} else {
exe += "java";
}
......
test/com/sun/jdi/ExclusiveBind.java
浏览文件 @ fe91df36
......@@ -101,6 +101,8 @@ public class ExclusiveBind {
String arch = System.getProperty("os.arch");
if (arch.equals("sparcv9")) {
exe += "sparcv9/java";
} else if (arch.equals("amd64")) {
exe += "amd64/java";
} else {
exe += "java";
}
......
test/com/sun/jdi/JITDebug.sh
浏览文件 @ fe91df36
......@@ -103,10 +103,10 @@ if [ -z "${TESTJAVA}" ] ; then
#if running standalone (no test harness of any kind), compile the
#support files and the test case
${TESTJAVA}/bin/javac -d ${TESTCLASSES} \
-classpath "$TESTJAVA/lib/tools.jar${PATHSEP}." \
-classpath "$TESTJAVA/lib/tools.jar${PATHSEP}${TESTSRC}" \
TestScaffold.java VMConnection.java TargetListener.java TargetAdapter.java
${TESTJAVA}/bin/javac -d ${TESTCLASSES} \
-classpath "$TESTJAVA/lib/tools.jar${PATHSEP}." -g \
-classpath "$TESTJAVA/lib/tools.jar${PATHSEP}${TESTSRC}" -g \
JITDebug.java
fi
echo "JDK under test is: $TESTJAVA"
......
test/com/sun/jdi/RepStep.java
浏览文件 @ fe91df36
......@@ -29,7 +29,7 @@
* @run compile -g RepStepTarg.java
* @run build VMConnection RepStep
*
* @run main RepStep
* @run main/othervm RepStep
*
* @summary RepStep detects missed step events due to lack of
* frame pop events (in back-end).
......
test/com/sun/jdi/RunToExit.java
浏览文件 @ fe91df36
......@@ -26,7 +26,7 @@
* @summary Test that with server=y, when VM runs to System.exit() no error happens
*
* @build VMConnection RunToExit Exit0
* @run main RunToExit
* @run main/othervm RunToExit
*/
import java.io.InputStream;
import java.io.IOException;
......@@ -117,6 +117,8 @@ public class RunToExit {
String arch = System.getProperty("os.arch");
if (arch.equals("sparcv9")) {
exe += "sparcv9/java";
} else if (arch.equals("amd64")) {
exe += "amd64/java";
} else {
exe += "java";
}
......
test/com/sun/jdi/ShellScaffold.sh
浏览文件 @ fe91df36
#!/bin/sh
#
# Copyright 2002-2005 Sun Microsystems, Inc. All Rights Reserved.
# Copyright 2002-2009 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
......@@ -194,7 +194,7 @@ findPid()
# Return 0 if $1 is the pid of a running process.
if [ -z "$isWin98" ] ; then
if [ "$osname" = SunOS ] ; then
#Solaris and OpenSolaris use pgrep and not ps in psCmd
# Solaris and OpenSolaris use pgrep and not ps in psCmd
findPidCmd="$psCmd"
else
# Never use plain 'ps', which requires a "controlling terminal"
......@@ -298,15 +298,15 @@ EOF
# On linux, core files take a long time, and can leave
# zombie processes
if [ "$osname" = SunOS ] ; then
#Experiments show Solaris '/usr/ucb/ps -axwww' and
#'/usr/bin/pgrep -f -l' provide the same small amount of the
#argv string (PRARGSZ=80 in /usr/include/sys/procfs.h)
# 1) This seems to have been working OK in ShellScaffold.
# 2) OpenSolaris does not provide /usr/ucb/ps, so use pgrep
# instead
#The alternative would be to use /usr/bin/pargs [pid] to get
#all the args for a process, splice them back into one
#long string, then grep.
# Experiments show Solaris '/usr/ucb/ps -axwww' and
# '/usr/bin/pgrep -f -l' provide the same small amount of the
# argv string (PRARGSZ=80 in /usr/include/sys/procfs.h)
# 1) This seems to have been working OK in ShellScaffold.
# 2) OpenSolaris does not provide /usr/ucb/ps, so use pgrep
# instead
# The alternative would be to use /usr/bin/pargs [pid] to get
# all the args for a process, splice them back into one
# long string, then grep.
UU=`/usr/xpg4/bin/id -u -n`
psCmd="pgrep -f -l -U $UU"
else
......@@ -519,7 +519,7 @@ cmd()
# if jdb got a cont cmd that caused the debuggee
# to run to completion, jdb can be gone before
# we get here.
echo quit >& 2
echo "--Sending cmd: quit" >& 2
echo quit
# See 6562090. Maybe there is a way that the exit
# can cause jdb to not get the quit.
......@@ -531,7 +531,7 @@ cmd()
# because after starting jdb, we waited
# for the prompt.
fileSize=`wc -c $jdbOutFile | awk '{ print $1 }'`
echo $* >&2
echo "--Sending cmd: " $* >&2
# jjh: We have a few intermittent failures here.
# It is as if every so often, jdb doesn't
......@@ -558,12 +558,85 @@ cmd()
# seen the ].
echo $*
# wait for jdb output to appear
# Now we have to wait for the next jdb prompt. We wait for a pattern
# to appear in the last line of jdb output. Normally, the prompt is
#
# 1) ^main[89] @
#
# where ^ means start of line, and @ means end of file with no end of line
# and 89 is the current command counter. But we have complications e.g.,
# the following jdb output can appear:
#
# 2) a[89] = 10
#
# The above form is an array assignment and not a prompt.
#
# 3) ^main[89] main[89] ...
#
# This occurs if the next cmd is one that causes no jdb output, e.g.,
# 'trace methods'.
#
# 4) ^main[89] [main[89]] .... > @
#
# jdb prints a > as a prompt after something like a cont.
# Thus, even though the above is the last 'line' in the file, it
# isn't the next prompt we are waiting for after the cont completes.
# HOWEVER, sometimes we see this for a cont command:
#
# ^main[89] $
# <lines output for hitting a bkpt>
#
# 5) ^main[89] > @
#
# i.e., the > prompt comes out AFTER the prompt we we need to wait for.
#
# So, how do we know when the next prompt has appeared??
# 1. Search for
# main[89] $
# This will handle cases 1, 2, 3
# 2. This leaves cases 4 and 5.
#
# What if we wait for 4 more chars to appear and then search for
#
# main[89] [>]$
#
# on the last line?
#
# a. if we are currently at
#
# ^main[89] main[89] @
#
# and a 'trace methods comes in, we will wait until at least
#
# ^main[89] main[89] main@
#
# and then the search will find the new prompt when it completes.
#
# b. if we are currently at
#
# ^main[89] main[89] @
#
# and the first form of cont comes in, then we will see
#
# ^main[89] main[89] > $
# ^x@
#
# where x is the first char of the msg output when the bkpt is hit
# and we will start our search, which will find the prompt
# when it comes out after the bkpt output, with or without the
# trailing >
#
# wait for 4 new chars to appear in the jdb output
count=0
desiredFileSize=`expr $fileSize + 4`
msg1=`echo At start: cmd/size/waiting : $* / $fileSize / \`date\``
while [ 1 = 1 ] ; do
newFileSize=`wc -c $jdbOutFile | awk '{ print $1 } '`
if [ "$fileSize" != "$newFileSize" ] ; then
#echo jj: desired = $desiredFileSize, new = $newFileSize >& 2
done=`expr $newFileSize \>= $desiredFileSize`
if [ $done = 1 ] ; then
break
fi
sleep ${sleep_seconds}
......@@ -573,14 +646,19 @@ cmd()
echo "--DEBUG: jdb $$ didn't responded to command in $count secs: $*" >& 2
echo "--DEBUG:" $msg1 >& 2
echo "--DEBUG: "done size/waiting : / $newFileSize / `date` >& 2
$psCmd | sed -e '/com.sun.javatest/d' -e '/nsk/d' >& 2
echo "-- $jdbOutFile follows-------------------------------" >& 2
cat $jdbOutFile >& 2
echo "------------------------------------------" >& 2
dojstack
#$psCmd | sed -e '/com.sun.javatest/d' -e '/nsk/d' >& 2
if [ $count = 60 ] ; then
dofail "jdb never responded to command: $*"
fi
fi
done
waitForJdbMsg '^.*\[[0-9]*\] $' 1 allowExit
# Note that this assumes just these chars in thread names.
waitForJdbMsg '[a-zA-Z0-9_-][a-zA-Z0-9_-]*\[[1-9][0-9]*\] [ >]*$' \
1 allowExit
}
setBkpts()
......@@ -596,15 +674,19 @@ setBkpts()
runToBkpt()
{
cmd run
# Don't need to do this - the above waits for the next prompt which comes out
# AFTER the Breakpoint hit message.
# Wait for jdb to hit the bkpt
waitForJdbMsg "Breakpoint hit" 5
#waitForJdbMsg "Breakpoint hit" 5
}
contToBkpt()
{
cmd cont
# Don't need to do this - the above waits for the next prompt which comes out
# AFTER the Breakpoint hit message.
# Wait for jdb to hit the bkpt
waitForJdbMsg "Breakpoint hit" 5
#waitForJdbMsg "Breakpoint hit" 5
}
......@@ -618,7 +700,7 @@ waitForJdbMsg()
nlines=$2
allowExit="$3"
myCount=0
timeLimit=40 # wait a max of 40 secs for a response from a jdb command
timeLimit=40 # wait a max of this many secs for a response from a jdb command
while [ 1 = 1 ] ; do
if [ -r $jdbOutFile ] ; then
# Something here causes jdb to complain about Unrecognized cmd on x86.
......@@ -654,8 +736,11 @@ waitForJdbMsg()
myCount=`expr $myCount + ${sleep_seconds}`
if [ $myCount -gt $timeLimit ] ; then
echo "--Fail: waitForJdbMsg timed out after $timeLimit seconds, looking for /$1/, in $nlines lines; exitting" >> $failFile
echo "vv jdbOutFile vvvvvvvvvvvvvvvvvvvvvvvvvvvv" >& 2
cat $jdbOutFile >& 2
echo "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^" >& 2
dojstack
echo "--Fail: waitForJdbMsg timed out after $timeLimit seconds; exitting" >> $failFile
exit 1
fi
done
......@@ -865,35 +950,29 @@ grepForString()
# get inserted into the string we are searching for
# so ignore those chars.
if [ -z "$3" ] ; then
case "$2" in
*\>*)
# Target string contains a > so we better
# not ignore it
$grep -s "$2" $1 > $devnull 2>&1
stat=$?
;;
*)
# Target string does not contain a >.
# Ignore > and '> ' in the file.
cat $1 | sed -e 's@> @@g' -e 's@>@@g' | $grep -s "$2" > $devnull 2>&1
stat=$?
esac
theCmd=cat
else
case "$2" in
*\>*)
# Target string contains a > so we better
# not ignore it
tail -$3 $1 | $grep -s "$2" > $devnull 2>&1
stat=$?
;;
*)
# Target string does not contain a >.
# Ignore > and '> ' in the file.
tail -$3 $1 | sed -e 's@> @@g' -e 's@>@@g' | $grep -s "$2" > $devnull 2>&1
stat=$?
;;
esac
theCmd="tail -$3"
fi
case "$2" in
*\>*)
# Target string contains a > so we better
# not ignore it
$theCmd $1 | $grep -s "$2" > $devnull 2>&1
return $?
;;
esac
# Target string does not contain a >.
# Ignore > and '> ' in the file.
# NOTE: if $1 does not end with a new line, piping it to sed doesn't include the
# chars on the last line. Detect this case, and add a new line.
cp $1 $1.tmp
if [ `tail -1 $1.tmp | wc -l | sed -e 's@ @@g'` = 0 ] ; then
echo >> $1.tmp
fi
$theCmd $1.tmp | sed -e 's@> @@g' -e 's@>@@g' | $grep -s "$2" > $devnull 2>&1
stat=$?
rm -f $1.tmp
return $stat
}
......
test/com/sun/jdi/SimulResumerTest.java
浏览文件 @ fe91df36
......@@ -30,7 +30,7 @@
*
* @run build TestScaffold VMConnection TargetListener TargetAdapter
* @run compile -g SimulResumerTest.java
* @run main SimulResumerTest
* @run main/othervm SimulResumerTest
*/
import com.sun.jdi.*;
import com.sun.jdi.event.*;
......
test/com/sun/jdi/Solaris32AndSolaris64Test.sh
浏览文件 @ fe91df36
......@@ -164,10 +164,10 @@ fi
if [ -n "${STANDALONE}" ] ; then
#if running standalone, compile the support files
${TESTJAVA}/bin/javac -d ${TESTCLASSES} \
-classpath "$TESTJAVA/lib/tools.jar${PATHSEP}." \
-classpath "$TESTJAVA/lib/tools.jar${PATHSEP}${TESTSRC}" \
TestScaffold.java VMConnection.java TargetListener.java TargetAdapter.java
${TESTJAVA}/bin/javac -d ${TESTCLASSES} \
-classpath "$TESTJAVA/lib/tools.jar${PATHSEP}." -g \
-classpath "$TESTJAVA/lib/tools.jar${PATHSEP}${TESTSRC}" -g \
FetchLocals.java DataModelTest.java
fi
......
test/com/sun/jdi/VMConnection.java
浏览文件 @ fe91df36
......@@ -57,6 +57,7 @@ class VMConnection {
if (testClasses == null) {
return retVal;
}
retVal += "-classpath " + testClasses + " ";
File myFile = new File(testClasses, "@debuggeeVMOptions");
if (!myFile.canRead()) {
......@@ -97,7 +98,7 @@ class VMConnection {
if (line.length() != 0 && !line.startsWith("#")) {
System.out.println("-- Added debuggeeVM options from file " +
wholePath + ": " + line);
retVal = line;
retVal += line;
break;
}
// Else, read he next line.
......
test/com/sun/jdi/connect/spi/DebugUsingCustomConnector.java
浏览文件 @ fe91df36
......@@ -28,7 +28,7 @@
* This tests launches a debuggee using a custom LaunchingConnector.
*
* @build DebugUsingCustomConnector SimpleLaunchingConnector Foo NullTransportService
* @run main DebugUsingCustomConnector
* @run main/othervm DebugUsingCustomConnector
*/
import com.sun.jdi.*;
import com.sun.jdi.connect.*;
......
test/com/sun/jdi/connect/spi/GeneratedConnectors.java
浏览文件 @ fe91df36
......@@ -31,7 +31,7 @@
* created and that they have an "address" argument.
*
* @build GeneratedConnectors NullTransportService
* @run main GeneratedConnectors
* @run main/othervm GeneratedConnectors
*/
import com.sun.jdi.*;
......
test/com/sun/jdi/connect/spi/SimpleLaunchingConnector.java
浏览文件 @ fe91df36
......@@ -147,11 +147,15 @@ public class SimpleLaunchingConnector implements LaunchingConnector {
String arch = System.getProperty("os.arch");
if (arch.equals("sparcv9")) {
exe += "sparcv9/java";
} else if (arch.equals("amd64")) {
exe += "amd64/java";
} else {
exe += "java";
}
String cmd = exe + " -Xdebug -Xrunjdwp:transport=dt_socket,timeout=15000,address=" +
key.address() + "" + className;
key.address() +
" -classpath " + System.getProperty("test.classes") +
" " + className;
Process process = Runtime.getRuntime().exec(cmd);
Connection conn = ts.accept(key, 30*1000, 9*1000);
ts.stopListening(key);
......
test/com/sun/jdi/redefine/RedefineTest.java
浏览文件 @ fe91df36
......@@ -34,7 +34,7 @@
* @run build TestScaffold VMConnection TargetListener TargetAdapter
* @run compile -g RedefineTest.java
* @run shell RedefineSetUp.sh
* @run main RedefineTest
* @run main/othervm RedefineTest
*/
import com.sun.jdi.*;
import com.sun.jdi.event.*;
......
test/com/sun/tracing/BasicWithSecurityMgr.java 0 → 100644
浏览文件 @ fe91df36
/*
* Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/**
* @test
* @bug 6899605
* @summary Basic unit test for tracing framework with security manager
* enabled
*/
import com.sun.tracing.*;
import java.lang.reflect.Method;
@ProviderName("NamedProvider")
interface BasicProvider extends Provider {
void plainProbe();
void probeWithArgs(int a, float f, String s, Long l);
@ProbeName("namedProbe") void probeWithName();
void overloadedProbe();
void overloadedProbe(int i);
}
interface InvalidProvider extends Provider {
int nonVoidProbe();
}
public class BasicWithSecurityMgr {
public static ProviderFactory factory;
public static BasicProvider bp;
public static void main(String[] args) throws Exception {
// enable security manager
System.setSecurityManager(new SecurityManager());
factory = ProviderFactory.getDefaultFactory();
if (factory != null) {
bp = factory.createProvider(BasicProvider.class);
}
testProviderFactory();
testProbe();
testProvider();
}
static void fail(String s) throws Exception {
throw new Exception(s);
}
static void testProviderFactory() throws Exception {
if (factory == null) {
fail("ProviderFactory.getDefaultFactory: Did not create factory");
}
if (bp == null) {
fail("ProviderFactory.createProvider: Did not create provider");
}
try {
factory.createProvider(null);
fail("ProviderFactory.createProvider: Did not throw NPE for null");
} catch (NullPointerException e) {}
try {
factory.createProvider(InvalidProvider.class);
fail("Factory.createProvider: Should error with non-void probes");
} catch (IllegalArgumentException e) {}
}
public static void testProvider() throws Exception {
// These just shouldn't throw any exeptions:
bp.plainProbe();
bp.probeWithArgs(42, (float)3.14, "spam", new Long(2L));
bp.probeWithArgs(42, (float)3.14, null, null);
bp.probeWithName();
bp.overloadedProbe();
bp.overloadedProbe(42);
Method m = BasicProvider.class.getMethod("plainProbe");
Probe p = bp.getProbe(m);
if (p == null) {
fail("Provider.getProbe: Did not return probe");
}
Method m2 = BasicWithSecurityMgr.class.getMethod("testProvider");
p = bp.getProbe(m2);
if (p != null) {
fail("Provider.getProbe: Got probe with invalid spec");
}
bp.dispose();
// These just shouldn't throw any exeptions:
bp.plainProbe();
bp.probeWithArgs(42, (float)3.14, "spam", new Long(2L));
bp.probeWithArgs(42, (float)3.14, null, null);
bp.probeWithName();
bp.overloadedProbe();
bp.overloadedProbe(42);
if (bp.getProbe(m) != null) {
fail("Provider.getProbe: Should return null after dispose()");
}
bp.dispose(); // just to make sure nothing bad happens
}
static void testProbe() throws Exception {
Method m = BasicProvider.class.getMethod("plainProbe");
Probe p = bp.getProbe(m);
p.isEnabled(); // just make sure it doesn't do anything bad
p.trigger();
try {
p.trigger(0);
fail("Probe.trigger: too many arguments not caught");
} catch (IllegalArgumentException e) {}
p = bp.getProbe(BasicProvider.class.getMethod(
"probeWithArgs", int.class, float.class, String.class, Long.class));
try {
p.trigger();
fail("Probe.trigger: too few arguments not caught");
} catch (IllegalArgumentException e) {}
try {
p.trigger((float)3.14, (float)3.14, "", new Long(0L));
fail("Probe.trigger: wrong type primitive arguments not caught");
} catch (IllegalArgumentException e) {}
}
}
test/java/net/CookieHandler/TestHttpCookie.java
浏览文件 @ fe91df36
......@@ -24,7 +24,7 @@
/**
* @test
* @summary Unit test for java.net.HttpCookie
* @bug 6244040 6277796 6277801 6277808 6294071 6692802 6790677
* @bug 6244040 6277796 6277801 6277808 6294071 6692802 6790677 6901170
* @author Edward Wang
*/
......@@ -335,6 +335,9 @@ public class TestHttpCookie {
// bug 6277801
test("set-cookie: CUSTOMER=WILE_E_COYOTE; path=/; expires=Wednesday, 09-Nov-99 23:12:40 GMT; path=\"/acme\"")
.n("CUSTOMER").v("WILE_E_COYOTE").p("/").ver(0);
// bug 6901170
test("set-cookie: CUSTOMER=WILE_E_COYOTE; version='1'").ver(1);
}
static void misc() {
......
test/sun/security/jgss/spnego/NoSpnegoAsDefMech.java 0 → 100644
浏览文件 @ fe91df36
/*
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/*
* @test
* @bug 6770883
* @summary Infinite loop if SPNEGO specified as sun.security.jgss.mechanism
*/
import org.ietf.jgss.*;
import sun.security.jgss.*;
public class NoSpnegoAsDefMech {
public static void main(String[] argv) throws Exception {
System.setProperty("sun.security.jgss.mechanism", GSSUtil.GSS_SPNEGO_MECH_OID.toString());
try {
GSSManager.getInstance().createName("service@host", GSSName.NT_HOSTBASED_SERVICE, new Oid("1.3.6.1.5.5.2"));
} catch (GSSException e) {
// This is OK, for example, krb5.conf is missing or other problems
}
}
}
test/sun/security/krb5/auto/Context.java
浏览文件 @ fe91df36
......@@ -72,7 +72,7 @@ import com.sun.security.jgss.AuthorizationDataEntry;
public class Context {
private Subject s;
private GSSContext x;
private ExtendedGSSContext x;
private boolean f; // context established?
private String name;
private GSSCredential cred; // see static method delegated().
......@@ -147,8 +147,8 @@ public class Context {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.x = m.createContext(
target.indexOf('@') < 0 ?
me.x = (ExtendedGSSContext)m.createContext(
target.indexOf('@') < 0 ?
m.createName(target, null) :
m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
mech,
......@@ -170,7 +170,7 @@ public class Context {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.x = m.createContext(m.createCredential(
me.x = (ExtendedGSSContext)m.createContext(m.createCredential(
null,
GSSCredential.INDEFINITE_LIFETIME,
mech,
......@@ -193,7 +193,7 @@ public class Context {
*
* @return the GSSContext object
*/
public GSSContext x() {
public ExtendedGSSContext x() {
return x;
}
......@@ -255,6 +255,11 @@ public class Context {
if (x.getSequenceDetState()) {
sb.append("seq det, ");
}
if (x instanceof ExtendedGSSContext) {
if (((ExtendedGSSContext)x).getDelegPolicyState()) {
sb.append("deleg policy, ");
}
}
System.out.println("Context status of " + name + ": " + sb.toString());
System.out.println(x.getSrcName() + " -> " + x.getTargName());
} catch (Exception e) {
......
test/sun/security/krb5/auto/KDC.java
浏览文件 @ fe91df36
......@@ -63,6 +63,14 @@ import sun.security.util.DerValue;
* settings after calling a KDC method, call <code>Config.refresh()</code> to
* make sure your changes are reflected in the <code>Config</code> object.
* </ol>
* System properties recognized:
* <ul>
* <li>test.kdc.save.ccache
* </ul>
* Support policies:
* <ul>
* <li>ok-as-delegate
* </ul>
* Issues and TODOs:
* <ol>
* <li> Generates krb5.conf to be used on another machine, currently the kdc is
......@@ -151,7 +159,7 @@ public class KDC {
* A standalone KDC server.
*/
public static void main(String[] args) throws Exception {
KDC kdc = create("RABBIT.HOLE", "kdc.rabbit,hole", 0, false);
KDC kdc = create("RABBIT.HOLE", "kdc.rabbit.hole", 0, false);
kdc.addPrincipal("dummy", "bogus".toCharArray());
kdc.addPrincipal("foo", "bar".toCharArray());
kdc.addPrincipalRandKey("krbtgt/RABBIT.HOLE");
......@@ -426,14 +434,17 @@ public class KDC {
* @throws sun.security.krb5.KrbException when the principal is not inside
* the database.
*/
private char[] getPassword(PrincipalName p) throws KrbException {
private char[] getPassword(PrincipalName p, boolean server)
throws KrbException {
String pn = p.toString();
if (p.getRealmString() == null) {
pn = pn + "@" + getRealm();
}
char[] pass = passwords.get(pn);
if (pass == null) {
throw new KrbException(Krb5.KDC_ERR_C_PRINCIPAL_UNKNOWN);
throw new KrbException(server?
Krb5.KDC_ERR_S_PRINCIPAL_UNKNOWN:
Krb5.KDC_ERR_C_PRINCIPAL_UNKNOWN);
}
return pass;
}
......@@ -457,10 +468,12 @@ public class KDC {
* Returns the key for a given principal of the given encryption type
* @param p the principal
* @param etype the encryption type
* @param server looking for a server principal?
* @return the key
* @throws sun.security.krb5.KrbException for unknown/unsupported etype
*/
private EncryptionKey keyForUser(PrincipalName p, int etype) throws KrbException {
private EncryptionKey keyForUser(PrincipalName p, int etype, boolean server)
throws KrbException {
try {
// Do not call EncryptionKey.acquireSecretKeys(), otherwise
// the krb5.conf config file would be loaded.
......@@ -469,22 +482,71 @@ public class KDC {
Integer kvno = null;
// For service whose password ending with a number, use it as kvno
if (p.toString().indexOf('/') >= 0) {
char[] pass = getPassword(p);
char[] pass = getPassword(p, server);
if (Character.isDigit(pass[pass.length-1])) {
kvno = pass[pass.length-1] - '0';
}
}
return new EncryptionKey((byte[]) stringToKey.invoke(
null, getPassword(p), getSalt(p), null, etype),
null, getPassword(p, server), getSalt(p), null, etype),
etype, kvno);
} catch (InvocationTargetException ex) {
KrbException ke = (KrbException)ex.getCause();
throw ke;
} catch (KrbException ke) {
throw ke;
} catch (Exception e) {
throw new RuntimeException(e); // should not happen
}
}
private Map<String,String> policies = new HashMap<String,String>();
public void setPolicy(String rule, String value) {
if (value == null) {
policies.remove(rule);
} else {
policies.put(rule, value);
}
}
/**
* If the provided client/server pair matches a rule
*
* A system property named test.kdc.policy.RULE will be consulted.
* If it's unset, returns false. If its value is "", any pair is
* matched. Otherwise, it should contains the server name matched.
*
* TODO: client name is not used currently.
*
* @param c client name
* @param s server name
* @param rule rule name
* @return if a match is found
*/
private boolean configMatch(String c, String s, String rule) {
String policy = policies.get(rule);
boolean result = false;
if (policy == null) {
result = false;
} else if (policy.length() == 0) {
result = true;
} else {
String[] names = policy.split("\\s+");
for (String name: names) {
if (name.equals(s)) {
result = true;
break;
}
}
}
if (result) {
System.out.printf(">>>> Policy match result (%s vs %s on %s) %b\n",
c, s, rule, result);
}
return result;
}
/**
* Processes an incoming request and generates a response.
* @param in the request
......@@ -530,7 +592,7 @@ public class KDC {
tkt = apReq.ticket;
etype = tkt.encPart.getEType();
tkt.sname.setRealm(tkt.realm);
EncryptionKey kkey = keyForUser(tkt.sname, etype);
EncryptionKey kkey = keyForUser(tkt.sname, etype, true);
byte[] bb = tkt.encPart.decrypt(kkey, KeyUsage.KU_TICKET);
DerInputStream derIn = new DerInputStream(bb);
DerValue der = derIn.getDerValue();
......@@ -541,7 +603,7 @@ public class KDC {
throw new KrbException(Krb5.KDC_ERR_PADATA_TYPE_NOSUPP);
}
}
EncryptionKey skey = keyForUser(body.sname, etype);
EncryptionKey skey = keyForUser(body.sname, etype, true);
if (skey == null) {
throw new KrbException(Krb5.KDC_ERR_SUMTYPE_NOSUPP); // TODO
}
......@@ -581,6 +643,10 @@ public class KDC {
if (body.kdcOptions.get(KDCOptions.ALLOW_POSTDATE)) {
bFlags[Krb5.TKT_OPTS_MAY_POSTDATE] = true;
}
if (configMatch("", body.sname.getNameString(), "ok-as-delegate")) {
bFlags[Krb5.TKT_OPTS_DELEGATE] = true;
}
bFlags[Krb5.TKT_OPTS_INITIAL] = true;
TicketFlags tFlags = new TicketFlags(bFlags);
......@@ -671,8 +737,8 @@ public class KDC {
eTypes = (int[])f.get(body);
int eType = eTypes[0];
EncryptionKey ckey = keyForUser(body.cname, eType);
EncryptionKey skey = keyForUser(body.sname, eType);
EncryptionKey ckey = keyForUser(body.cname, eType, false);
EncryptionKey skey = keyForUser(body.sname, eType, true);
if (ckey == null) {
throw new KrbException(Krb5.KDC_ERR_ETYPE_NOSUPP);
}
......
test/sun/security/krb5/auto/OkAsDelegate.java 0 → 100644
浏览文件 @ fe91df36
/*
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
import com.sun.security.jgss.ExtendedGSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;
import sun.security.jgss.GSSUtil;
import sun.security.krb5.Config;
public class OkAsDelegate {
public static void main(String[] args)
throws Exception {
OkAsDelegate ok = new OkAsDelegate();
ok.go(
Boolean.valueOf(args[0]), // FORWARDABLE in krb5.conf on?
Boolean.valueOf(args[1]), // requestDelegState
Boolean.valueOf(args[2]), // requestDelegPolicyState
Boolean.valueOf(args[3]), // DelegState in response
Boolean.valueOf(args[4]), // DelegPolicyState in response
Boolean.valueOf(args[5]) // getDelegCred OK?
);
}
void go(
boolean forwardable,
boolean requestDelegState,
boolean requestDelegPolicyState,
boolean delegState,
boolean delegPolicyState,
boolean delegated
) throws Exception {
OneKDC kdc = new OneKDC(null);
kdc.setPolicy("ok-as-delegate",
System.getProperty("test.kdc.policy.ok-as-delegate"));
kdc.writeJAASConf();
if (!forwardable) {
// The default OneKDC always includes "forwardable = true"
// in krb5.conf, override it.
KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
"default_keytab_name = " + OneKDC.KTAB);
Config.refresh();
}
Context c, s;
c = Context.fromJAAS("client");
s = Context.fromJAAS("server");
Oid mech = GSSUtil.GSS_KRB5_MECH_OID;
if (System.getProperty("test.spnego") != null) {
mech = GSSUtil.GSS_SPNEGO_MECH_OID;
}
c.startAsClient(OneKDC.SERVER, mech);
ExtendedGSSContext cx = (ExtendedGSSContext)c.x();
cx.requestCredDeleg(requestDelegState);
cx.requestDelegPolicy(requestDelegPolicyState);
s.startAsServer(mech);
ExtendedGSSContext sx = (ExtendedGSSContext)s.x();
Context.handshake(c, s);
if (cx.getCredDelegState() != delegState) {
throw new Exception("Initiator cred state error");
}
if (sx.getCredDelegState() != delegState) {
throw new Exception("Acceptor cred state error");
}
if (cx.getDelegPolicyState() != delegPolicyState) {
throw new Exception("Initiator cred policy state error");
}
GSSCredential cred = null;
try {
cred = s.x().getDelegCred();
} catch (GSSException e) {
// leave cred as null
}
if (delegated != (cred != null)) {
throw new Exception("get cred error");
}
}
}
test/sun/security/krb5/auto/OkAsDelegateXRealm.java 0 → 100644
浏览文件 @ fe91df36
/*
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
import com.sun.security.jgss.ExtendedGSSContext;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.Security;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import sun.security.jgss.GSSUtil;
import sun.security.krb5.Config;
public class OkAsDelegateXRealm implements CallbackHandler {
/**
* @param args boolean if the program should succeed
*/
public static void main(String[] args)
throws Exception {
// Create and start the KDCs. Here we have 3 realms: R1, R2 and R3.
// R1 is trusted by R2, and R2 trusted by R3.
KDC kdc1 = KDC.create("R1");
kdc1.setPolicy("ok-as-delegate",
System.getProperty("test.kdc.policy.ok-as-delegate"));
kdc1.addPrincipal("dummy", "bogus".toCharArray());
kdc1.addPrincipalRandKey("krbtgt/R1");
kdc1.addPrincipal("krbtgt/R2@R1", "r1->r2".toCharArray());
KDC kdc2 = KDC.create("R2");
kdc2.setPolicy("ok-as-delegate",
System.getProperty("test.kdc.policy.ok-as-delegate"));
kdc2.addPrincipalRandKey("krbtgt/R2");
kdc2.addPrincipal("krbtgt/R2@R1", "r1->r2".toCharArray());
kdc2.addPrincipal("krbtgt/R3@R2", "r2->r3".toCharArray());
KDC kdc3 = KDC.create("R3");
kdc3.setPolicy("ok-as-delegate",
System.getProperty("test.kdc.policy.ok-as-delegate"));
kdc3.addPrincipalRandKey("krbtgt/R3");
kdc3.addPrincipal("krbtgt/R3@R2", "r2->r3".toCharArray());
kdc3.addPrincipalRandKey("host/host.r3.local");
KDC.saveConfig("krb5-localkdc.conf", kdc1, kdc2, kdc3,
"forwardable=true",
"[capaths]",
"R1 = {",
" R2 = .",
" R3 = R2",
"}",
"[domain_realm]",
".r3.local=R3"
);
System.setProperty("java.security.krb5.conf", "krb5-localkdc.conf");
kdc3.writeKtab("localkdc.ktab");
FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
// Defines the client and server on R1 and R3 respectively.
fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
" com.sun.security.auth.module.Krb5LoginModule\n" +
" required\n" +
" principal=dummy\n" +
" doNotPrompt=false\n" +
" useTicketCache=false\n" +
" ;\n};\n" +
"com.sun.security.jgss.krb5.accept {\n" +
" com.sun.security.auth.module.Krb5LoginModule required\n" +
" principal=\"host/host.r3.local@R3\"\n" +
" useKeyTab=true\n" +
" keyTab=localkdc.ktab\n" +
" isInitiator=false\n" +
" storeKey=true;\n};\n" +
"\n").getBytes());
fos.close();
Security.setProperty("auth.login.defaultCallbackHandler",
"OkAsDelegateXRealm");
System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
new File("krb5-localkdc.conf").deleteOnExit();
new File("localkdc.ktab").deleteOnExit();
new File("jaas-localkdc.conf").deleteOnExit();
Config.refresh();
Context c = Context.fromJAAS("com.sun.security.jgss.krb5.initiate");
Context s = Context.fromJAAS("com.sun.security.jgss.krb5.accept");
// Test twice. The frist time the whole cross realm process is tried,
// the second time the cached service ticket is used. This is to make sure
// the behaviors are the same, especailly for the case when one of the
// cross-realm TGTs does not have OK-AS-DELEGATE on.
for (int i=0; i<2; i++) {
c.startAsClient("host@host.r3.local", GSSUtil.GSS_KRB5_MECH_OID);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
c.x().requestDelegPolicy(true);
Context.handshake(c, s);
boolean succeed = true;
try {
s.x().getDelegCred();
} catch (GSSException gsse) {
succeed = false;
}
if (succeed != Boolean.parseBoolean(args[0])) {
throw new Exception("Test fail at round #" + i);
}
}
}
@Override
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
((NameCallback) callback).setName("dummy");
}
if (callback instanceof PasswordCallback) {
((PasswordCallback) callback).setPassword("bogus".toCharArray());
}
}
}
}
test/sun/security/krb5/auto/ok-as-delegate-xrealm.sh 0 → 100644
浏览文件 @ fe91df36
#
# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
# CA 95054 USA or visit www.sun.com if you need additional information or
# have any questions.
#
# @test
# @bug 6853328
# @summary Support OK-AS-DELEGATE flag
# @run shell/timeout=600 ok-as-delegate-xrealm.sh
#
if [ "${TESTSRC}" = "" ] ; then
TESTSRC=`dirname $0`
fi
if [ "${TESTJAVA}" = "" ] ; then
JAVAC_CMD=`which javac`
TESTJAVA=`dirname $JAVAC_CMD`/..
fi
# set platform-dependent variables
OS=`uname -s`
case "$OS" in
Windows_* )
FS="\\"
SEP=";"
;;
CYGWIN* )
FS="/"
SEP=";"
;;
* )
FS="/"
SEP=":"
;;
esac
${TESTJAVA}${FS}bin${FS}javac -XDignore.symbol.file -d . \
${TESTSRC}${FS}OkAsDelegateXRealm.java \
${TESTSRC}${FS}KDC.java \
${TESTSRC}${FS}OneKDC.java \
${TESTSRC}${FS}Action.java \
${TESTSRC}${FS}Context.java \
|| exit 10
# Add $TESTSRC to classpath so that customized nameservice can be used
J="${TESTJAVA}${FS}bin${FS}java -cp $TESTSRC${SEP}."
# KDC no OK-AS-DELEGATE, fail
$J OkAsDelegateXRealm false || exit 1
# KDC set OK-AS-DELEGATE for all, succeed
$J -Dtest.kdc.policy.ok-as-delegate OkAsDelegateXRealm true || exit 2
# KDC set OK-AS-DELEGATE for host/host.r3.local only, fail
$J -Dtest.kdc.policy.ok-as-delegate=host/host.r3.local OkAsDelegateXRealm false || exit 3
# KDC set OK-AS-DELEGATE for all, succeed
$J "-Dtest.kdc.policy.ok-as-delegate=host/host.r3.local krbtgt/R2 krbtgt/R3" OkAsDelegateXRealm true || exit 4
exit 0
test/sun/security/krb5/auto/ok-as-delegate.sh 0 → 100644
浏览文件 @ fe91df36
#
# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
# CA 95054 USA or visit www.sun.com if you need additional information or
# have any questions.
#
# @test
# @bug 6853328
# @summary Support OK-AS-DELEGATE flag
# @run shell/timeout=600 ok-as-delegate.sh
#
if [ "${TESTSRC}" = "" ] ; then
TESTSRC=`dirname $0`
fi
if [ "${TESTJAVA}" = "" ] ; then
JAVAC_CMD=`which javac`
TESTJAVA=`dirname $JAVAC_CMD`/..
fi
# set platform-dependent variables
OS=`uname -s`
case "$OS" in
Windows_* )
FS="\\"
SEP=";"
;;
CYGWIN* )
FS="/"
SEP=";"
;;
* )
FS="/"
SEP=":"
;;
esac
${TESTJAVA}${FS}bin${FS}javac -XDignore.symbol.file -d . \
${TESTSRC}${FS}OkAsDelegate.java \
${TESTSRC}${FS}KDC.java \
${TESTSRC}${FS}OneKDC.java \
${TESTSRC}${FS}Action.java \
${TESTSRC}${FS}Context.java \
|| exit 10
# Testing Kerberos 5
# Add $TESTSRC to classpath so that customized nameservice can be used
J="${TESTJAVA}${FS}bin${FS}java -cp $TESTSRC${SEP}. OkAsDelegate"
JOK="${TESTJAVA}${FS}bin${FS}java -cp $TESTSRC${SEP}. -Dtest.kdc.policy.ok-as-delegate OkAsDelegate"
# FORWARDABLE ticket not allowed, always fail
$J false true true false false false || exit 1
# Service ticket no OK-AS-DELEGATE
# Request nothing, gain nothing
$J true false false false false false || exit 2
# Request deleg policy, gain nothing
$J true false true false false false || exit 3
# Request deleg, granted
$J true true false true false true || exit 4
# Request deleg and deleg policy, granted, with info not by policy
$J true true true true false true || exit 5
# Service ticket has OK-AS-DELEGATE
# Request deleg policy, granted
$JOK true false true true true true || exit 6
# Request deleg and deleg policy, granted, with info by policy
$JOK true true true true true true || exit 7
# Testing SPNEGO
# Add $TESTSRC to classpath so that customized nameservice can be used
J="${TESTJAVA}${FS}bin${FS}java -cp $TESTSRC${SEP}. -Dtest.spnego OkAsDelegate"
JOK="${TESTJAVA}${FS}bin${FS}java -cp $TESTSRC${SEP}. -Dtest.spnego -Dtest.kdc.policy.ok-as-delegate OkAsDelegate"
# FORWARDABLE ticket not allowed, always fail
$J false true true false false false || exit 11
# Service ticket no OK-AS-DELEGATE
# Request nothing, gain nothing
$J true false false false false false || exit 12
# Request deleg policy, gain nothing
$J true false true false false false || exit 13
# Request deleg, granted
$J true true false true false true || exit 14
# Request deleg and deleg policy, granted, with info not by policy
$J true true true true false true || exit 15
# Service ticket has OK-AS-DELEGATE
# Request deleg policy, granted
$JOK true false true true true true || exit 16
# Request deleg and deleg policy, granted, with info by policy
$JOK true true true true true true || exit 17
exit 0
test/sun/tools/jhat/HatRun.java
浏览文件 @ fe91df36
......@@ -186,11 +186,13 @@ public class HatRun {
*/
int nvm_options = 0;
if ( vm_options != null ) nvm_options = vm_options.length;
String cmd[] = new String[1 + (d64?1:0) + 5 + nvm_options];
String cmd[] = new String[1 + (d64?1:0) + 7 + nvm_options];
int i,j;
i = 0;
cmd[i++] = java;
cmd[i++] = "-cp";
cmd[i++] = cdir;
cmd[i++] = "-Dtest.classes=" + cdir;
if ( d64 ) {
cmd[i++] = "-d64";
......
test/sun/tools/native2ascii/NativeErrors.java
浏览文件 @ fe91df36
......@@ -59,15 +59,28 @@ public class NativeErrors {
in = new BufferedReader(new InputStreamReader(p.getInputStream()));
checkResult(in, "err.bad.arg");
command = getComString("test123");
File f0 = new File(System.getProperty("test.src", "."), "test123");
String path0 = f0.getPath();
if ( f0.exists() ) {
throw new Error("Input file should not exist: " + path0);
}
command = getComString(path0);
p = Runtime.getRuntime().exec(command);
in = new BufferedReader(new InputStreamReader(p.getInputStream()));
checkResult(in, "err.cannot.read");
File f1 = new File(System.getProperty("test.src", "."), "test1");
File f2 = new File(System.getProperty("test.src", "."), "test2");
File f2 = File.createTempFile("test2", ".tmp");
String path1 = f1.getPath();
String path2 = f2.getPath();
if ( !f1.exists() ) {
throw new Error("Missing input file: " + path1);
}
if ( !f2.setWritable(false) ) {
throw new Error("Output file cannot be made read only: " + path2);
}
f2.deleteOnExit();
command = getComString(path1, path2);
p = Runtime.getRuntime().exec(command);
......@@ -80,7 +93,9 @@ public class NativeErrors {
throws Exception {
String errorReceived;
errorReceived = in.readLine();
assert errorReceived != null : "First readline cannot be null";
errorExpected = rsrc.getString(errorExpected);
assert errorExpected != null : "Expected message cannot be null";
StringBuffer error = new StringBuffer(errorExpected);
int start = errorExpected.indexOf("{0}");
if (start >= 0) {
......@@ -128,6 +143,7 @@ public class NativeErrors {
f = new File(path);
if (!f.exists())
throw new RuntimeException("Cannot find native2ascii at "+path);
System.out.println("Using native2ascii at "+path);
}
return path;
}
......
test/sun/tools/native2ascii/test2 已删除 100644 → 0
浏览文件 @ 3ba18d7c
This file exists as a non-writable placeholder for NativeErrors.java
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册