Merge
diff --git a/.hgtags b/.hgtags
index 587a5d6..cbaf59b 100644
--- a/.hgtags
+++ b/.hgtags
@@ -312,6 +312,8 @@
dfb9f24d56b51e5a2ca26e77fc69a2464d51a4d3 jdk8u20-b24
dfb9f24d56b51e5a2ca26e77fc69a2464d51a4d3 jdk8u20-b25
dd229c5f57bff4e75a70908294a13072b9a48385 jdk8u20-b26
+684a13a7d2ccc91d2ad709ecad1fddbcc992ee5a jdk8u20-b31
+eb459e6ac74a7db7b49393e470d04b6d854dfa89 jdk8u20-b32
abca9f6f1a10e9f91b2538bbe7870f54f550d986 jdk8u25-b00
7d0627679c9fdeaaaa9fe15c7cc11af0763621ec jdk8u25-b01
b0277ec994b751ebb761814675352506cd56bcd6 jdk8u25-b02
@@ -334,6 +336,18 @@
d067890f970f3a712f870f6311d20f3359b6eaf0 jdk8u25-b16
67b22a82345bfa1ae1492679bdf3c4d54f4eacde jdk8u25-b17
a4e88eaf15ea0569f3275a807a976fe0e04a086c jdk8u25-b18
+556c79ef8a1d2fa38f79b3d3e102e80e0b0c9731 jdk8u25-b31
+f935349e2c065487c745bc41f81ddc7869bd2d2d jdk8u31-b00
+caebf6158e9d522df41a2c89a1602e5013bac401 jdk8u31-b01
+b1cef4d76664564732004cf3aedb0cbaa1972683 jdk8u31-b02
+649c7ba692012fd93c532fea133cf14785674387 jdk8u31-b03
+ab6aa5ee3897ebfe4a04722a594fb2cecd6f3bef jdk8u31-b04
+1e79baf89075967bddc64921d2680d8c1123f654 jdk8u31-b05
+b6aeaae6dd9d3a17564130af142b4734c643267e jdk8u31-b06
+34a484abc5d5391623294743d15e234a99d04dd7 jdk8u31-b07
+ca1adc7c848370dda8dbf9e3a970c3e6427fb05b jdk8u31-b08
+1c0cc3bbe07d52906d7ffbb72fa4733c327f1326 jdk8u31-b09
+291505d802d9075e227f9ee865a67234e1d737cf jdk8u31-b10
e6ed015afbbf3459ba3297e270b4f3170e989c80 jdk8u40-b00
6e223d48080ef40f4ec11ecbcd19b4a20813b9eb jdk8u40-b01
4797cd0713b44b009525f1276d571ade7e24f3f5 jdk8u40-b02
diff --git a/src/share/classes/com/sun/java/swing/plaf/windows/WindowsFileChooserUI.java b/src/share/classes/com/sun/java/swing/plaf/windows/WindowsFileChooserUI.java
index 48b5010..b22ebf9 100644
--- a/src/share/classes/com/sun/java/swing/plaf/windows/WindowsFileChooserUI.java
+++ b/src/share/classes/com/sun/java/swing/plaf/windows/WindowsFileChooserUI.java
@@ -1067,16 +1067,9 @@
directories.clear();
- File[] baseFolders;
- if (useShellFolder) {
- baseFolders = AccessController.doPrivileged(new PrivilegedAction<File[]>() {
- public File[] run() {
- return (File[]) ShellFolder.get("fileChooserComboBoxFolders");
- }
- });
- } else {
- baseFolders = fsv.getRoots();
- }
+ File[] baseFolders = (useShellFolder)
+ ? (File[]) ShellFolder.get("fileChooserComboBoxFolders")
+ : fsv.getRoots();
directories.addAll(Arrays.asList(baseFolders));
// Get the canonical (full) path. This has the side
diff --git a/src/share/classes/com/sun/jndi/ldap/BerDecoder.java b/src/share/classes/com/sun/jndi/ldap/BerDecoder.java
index 103ce47..9feefb4 100644
--- a/src/share/classes/com/sun/jndi/ldap/BerDecoder.java
+++ b/src/share/classes/com/sun/jndi/ldap/BerDecoder.java
@@ -95,6 +95,9 @@
for( int i = 0; i < lengthbyte; i++) {
retval = (retval << 8) + (buf[offset++] & 0xff);
}
+ if (retval < 0) {
+ throw new DecodeException("Invalid length bytes");
+ }
return retval;
} else {
return lengthbyte;
diff --git a/src/share/classes/java/lang/ClassLoader.java b/src/share/classes/java/lang/ClassLoader.java
index 875f5ec..8bde2f6 100644
--- a/src/share/classes/java/lang/ClassLoader.java
+++ b/src/share/classes/java/lang/ClassLoader.java
@@ -1365,7 +1365,10 @@
return null;
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- checkClassLoaderPermission(this, Reflection.getCallerClass());
+ // Check access to the parent class loader
+ // If the caller's class loader is same as this class loader,
+ // permission check is performed.
+ checkClassLoaderPermission(parent, Reflection.getCallerClass());
}
return parent;
}
@@ -1508,6 +1511,11 @@
return caller.getClassLoader0();
}
+ /*
+ * Checks RuntimePermission("getClassLoader") permission
+ * if caller's class loader is not null and caller's class loader
+ * is not the same as or an ancestor of the given cl argument.
+ */
static void checkClassLoaderPermission(ClassLoader cl, Class<?> caller) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
diff --git a/src/share/classes/java/net/MulticastSocket.java b/src/share/classes/java/net/MulticastSocket.java
index 1d42dfe..40013f7 100644
--- a/src/share/classes/java/net/MulticastSocket.java
+++ b/src/share/classes/java/net/MulticastSocket.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -569,7 +569,7 @@
public NetworkInterface getNetworkInterface() throws SocketException {
NetworkInterface ni
= (NetworkInterface)getImpl().getOption(SocketOptions.IP_MULTICAST_IF2);
- if (ni.getIndex() == 0) {
+ if ((ni.getIndex() == 0) || (ni.getIndex() == -1)) {
InetAddress[] addrs = new InetAddress[1];
addrs[0] = InetAddress.anyLocalAddress();
return new NetworkInterface(addrs[0].getHostName(), 0, addrs);
diff --git a/src/share/classes/javax/swing/plaf/metal/MetalFileChooserUI.java b/src/share/classes/javax/swing/plaf/metal/MetalFileChooserUI.java
index 677d1f8..ddc70c9 100644
--- a/src/share/classes/javax/swing/plaf/metal/MetalFileChooserUI.java
+++ b/src/share/classes/javax/swing/plaf/metal/MetalFileChooserUI.java
@@ -941,16 +941,9 @@
directories.clear();
- File[] baseFolders;
- if (useShellFolder) {
- baseFolders = AccessController.doPrivileged(new PrivilegedAction<File[]>() {
- public File[] run() {
- return (File[]) ShellFolder.get("fileChooserComboBoxFolders");
- }
- });
- } else {
- baseFolders = fsv.getRoots();
- }
+ File[] baseFolders = (useShellFolder)
+ ? (File[]) ShellFolder.get("fileChooserComboBoxFolders")
+ : fsv.getRoots();
directories.addAll(Arrays.asList(baseFolders));
// Get the canonical (full) path. This has the side
diff --git a/src/share/classes/sun/awt/resources/awt_ja.properties b/src/share/classes/sun/awt/resources/awt_ja.properties
index 7c0e702..41cf3b8 100644
--- a/src/share/classes/sun/awt/resources/awt_ja.properties
+++ b/src/share/classes/sun/awt/resources/awt_ja.properties
@@ -176,8 +176,8 @@
AWT.InputMethodLanguage.ja=\u65E5\u672C\u8A9E
AWT.InputMethodLanguage.ko=\u97D3\u56FD\u8A9E
AWT.InputMethodLanguage.zh=\u4E2D\u56FD\u8A9E
-AWT.InputMethodLanguage.zh_CN=\u4E2D\u56FD\u8A9E(\u7C21\u4F53\u5B57)
-AWT.InputMethodLanguage.zh_TW=\u4E2D\u56FD\u8A9E(\u7E41\u4F53\u5B57)
+AWT.InputMethodLanguage.zh_CN=\u7C21\u4F53\u5B57\u4E2D\u56FD\u8A9E
+AWT.InputMethodLanguage.zh_TW=\u7E41\u4F53\u5B57\u4E2D\u56FD\u8A9E
AWT.InputMethodCreationFailed={0}\u3092\u4F5C\u6210\u3067\u304D\u307E\u305B\u3093\u3067\u3057\u305F\u3002\u7406\u7531: {1}
# Property to select between on-the-spot and below-the-spot
diff --git a/src/share/classes/sun/launcher/resources/launcher_de.properties b/src/share/classes/sun/launcher/resources/launcher_de.properties
index 347975c..ea02694 100644
--- a/src/share/classes/sun/launcher/resources/launcher_de.properties
+++ b/src/share/classes/sun/launcher/resources/launcher_de.properties
@@ -34,7 +34,7 @@
java.launcher.ergo.message2 =\ weil die Ausf\u00FChrung auf einem Server-Class-Rechner erfolgt.\n
# Translators please note do not translate the options themselves
-java.launcher.opt.footer =\ -cp <Klassensuchpfad von Verzeichnissen und ZIP-/JAR-Dateien>\n -classpath <Klassensuchpfad von Verzeichnissen und ZIP-/JAR-Dateien>\n Eine durch {0} getrennte Liste mit Verzeichnissen, JAR-Archiven\n und ZIP-Archiven zur Suche nach Klassendateien.\n -D<name>=<value>\n Legt eine Systemeigenschaft fest\n -verbose:[class|gc|jni]\n Aktiviert die Verbose-Ausgabe\n -version Druckt Produktversion und beendet das Programm\n -version:<value>\n Erfordert die angegebene Version zur Ausf\u00FChrung\n -showversion Druckt Produktversion und f\u00E4hrt fort\n -jre-restrict-search | -no-jre-restrict-search\n Bezieht private JREs des Benutzers in Versionssuche ein bzw. schlie\u00DFt sie aus\n -? -help Druckt diese Hilfemeldung\n -X Druckt Hilfe zu Nicht-Standardoptionen\n -ea[:<packagename>...|:<classname>]\n -enableassertions[:<packagename>...|:<classname>]\n Aktiviert Assertionen mit angegebener Granularit\u00E4t\n -da[:<packagename>...|:<classname>]\n -disableassertions[:<packagename>...|:<classname>]\n Deaktiviert Assertionen mit angegebener Granularit\u00E4t\n -esa | -enablesystemassertions\n Aktiviert Systemassertionen\n -dsa | -disablesystemassertions\n Deaktiviert Systemassertionen\n -agentlib:<libname>[=<options>]\n L\u00E4dt native Agent Library <libname>, z.B. -agentlib:hprof\n siehe auch -agentlib:jdwp=help und -agentlib:hprof=help\n -agentpath:<pathname>[=<options>]\n L\u00E4dt native Agent Library nach vollem Pfadnamen\n -javaagent:<jarpath>[=<options>]\n L\u00E4dt Java-Programmiersprachen-Agent, siehe java.lang.instrument\n -splash:<imagepath>\n Zeigt Startbildschirm mit angegebenem Bild\nWeitere Einzelheiten finden Sie unter http://www.oracle.com/technetwork/java/javase/documentation/index.html
+java.launcher.opt.footer =\ -cp <Klassensuchpfad von Verzeichnissen und ZIP-/JAR-Dateien>\n -classpath <Klassensuchpfad von Verzeichnissen und ZIP-/JAR-Dateien>\n Eine durch {0} getrennte Liste mit Verzeichnissen, JAR-Archiven\n und ZIP-Archiven zur Suche nach Klassendateien.\n -D<name>=<value>\n Legt eine Systemeigenschaft fest\n -verbose:[class|gc|jni]\n Aktiviert die Verbose-Ausgabe\n -version Druckt Produktversion und beendet das Programm\n -version:<value>\n Erfordert die angegebene Version zur Ausf\u00FChrung\n -showversion Druckt Produktversion und f\u00E4hrt fort\n -jre-restrict-search | -no-jre-restrict-search\n Bezieht private JREs des Benutzers in Versionssuche ein bzw. schlie\u00DFt sie aus\n -? -help Druckt diese Hilfemeldung\n -X Druckt Hilfe zu Nicht-Standardoptionen\n -ea[:<packagename>...|:<classname>]\n -enableassertions[:<packagename>...|:<classname>]\n Aktiviert Assertions mit angegebener Granularit\u00E4t\n -da[:<packagename>...|:<classname>]\n -disableassertions[:<packagename>...|:<classname>]\n Deaktiviert Assertions mit angegebener Granularit\u00E4t\n -esa | -enablesystemassertions\n Aktiviert Systemassertionen\n -dsa | -disablesystemassertions\n Deaktiviert Systemassertionen\n -agentlib:<libname>[=<options>]\n L\u00E4dt native Agent Library <libname>, z.B. -agentlib:hprof\n siehe auch -agentlib:jdwp=help und -agentlib:hprof=help\n -agentpath:<pathname>[=<options>]\n L\u00E4dt native Agent Library nach vollem Pfadnamen\n -javaagent:<jarpath>[=<options>]\n L\u00E4dt Java-Programmiersprachen-Agent, siehe java.lang.instrument\n -splash:<imagepath>\n Zeigt Startbildschirm mit angegebenem Bild\nWeitere Einzelheiten finden Sie unter http://www.oracle.com/technetwork/java/javase/documentation/index.html
# Translators please note do not translate the options themselves
java.launcher.X.usage=\ -Xmixed Ausf\u00FChrung im gemischten Modus (Standard)\n -Xint Nur Ausf\u00FChrung im interpretierten Modus\n -Xbootclasspath:<Verzeichnisse und ZIP-/JAR-Dateien durch {0} getrennt>\n Legt Suchpfad f\u00FCr Bootstrap-Klassen und Ressourcen fest\n -Xbootclasspath/a:<Verzeichnisse und ZIP-/JAR-Dateien durch {0} getrennt>\n H\u00E4ngt an das Ende des Bootstrap Classpath an\n -Xbootclasspath/p:<Verzeichnisse und ZIP-/JAR-Dateien durch {0} getrennt>\n Stellt Bootstrap Classpath voran\n -Xdiag Zeigt zus\u00E4tzliche Diagnosemeldungen an\n -Xnoclassgc Deaktiviert Klassen-Garbage Collection\n -Xincgc Aktiviert inkrementelle Garbage Collection\n -Xloggc:<file> Loggt GC-Status in einer Datei mit Zeitstempeln\n -Xbatch Deaktiviert Hintergrundkompilierung\n -Xms<size> Legt anf\u00E4ngliche Java Heap-Gr\u00F6\u00DFe fest\n -Xmx<size> Legt maximale Java Heap-Gr\u00F6\u00DFe fest\n -Xss<size> Legt Java-Threadstackgr\u00F6\u00DFe fest\n -Xprof Gibt CPU-Profiling-Daten aus\n -Xfuture Aktiviert strengste Pr\u00FCfungen, antizipiert zuk\u00FCnftigen Standardwert\n -Xrs Reduziert Verwendung von BS-Signalen durch Java/VM (siehe Dokumentation)\n -Xcheck:jni F\u00FChrt zus\u00E4tzliche Pr\u00FCfungen f\u00FCr JNI-Funktionen durch\n -Xshare:off Kein Versuch, gemeinsame Klassendaten zu verwenden\n -Xshare:auto Verwendet gemeinsame Klassendaten, wenn m\u00F6glich (Standard)\n -Xshare:on Erfordert die Verwendung gemeinsamer Klassendaten, sonst verl\u00E4uft der Vorgang nicht erfolgreich.\n -XshowSettings Zeigt alle Einstellungen und f\u00E4hrt fort\n -XshowSettings:all\n Zeigt alle Einstellungen und f\u00E4hrt fort\n -XshowSettings:vm Zeigt alle VM-bezogenen Einstellungen und f\u00E4hrt fort\n -XshowSettings:properties\n Zeigt alle Eigenschaftseinstellungen und f\u00E4hrt fort\n -XshowSettings:locale\n Zeigt alle gebietsschemabezogenen Einstellungen und f\u00E4hrt fort\n\nDie -X-Optionen sind keine Standardoptionen und k\u00F6nnen ohne Vorank\u00FCndigung ge\u00E4ndert werden.\n
diff --git a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
index 6197861..77c2e88 100644
--- a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
+++ b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
@@ -336,6 +336,7 @@
/* try auth without calling Authenticator. Used for transparent NTLM authentication */
private boolean tryTransparentNTLMServer = true;
private boolean tryTransparentNTLMProxy = true;
+ private boolean useProxyResponseCode = false;
/* Used by Windows specific code */
private Object authObj;
@@ -2243,6 +2244,14 @@
if (tryTransparentNTLMProxy) {
tryTransparentNTLMProxy =
NTLMAuthenticationProxy.supportsTransparentAuth;
+ /* If the platform supports transparent authentication
+ * then normally it's ok to do transparent auth to a proxy
+ * because we generally trust proxies (chosen by the user)
+ * But not in the case of 305 response where the server
+ * chose it. */
+ if (tryTransparentNTLMProxy && useProxyResponseCode) {
+ tryTransparentNTLMProxy = false;
+ }
}
a = null;
if (tryTransparentNTLMProxy) {
@@ -2614,6 +2623,10 @@
requests.set(0, method + " " + getRequestURI()+" " +
httpVersion, null);
connected = true;
+ // need to remember this in case NTLM proxy authentication gets
+ // used. We can't use transparent authentication when user
+ // doesn't know about proxy.
+ useProxyResponseCode = true;
} else {
// maintain previous headers, just change the name
// of the file we're getting
diff --git a/src/share/classes/sun/rmi/transport/Transport.java b/src/share/classes/sun/rmi/transport/Transport.java
index 217c936..2fa3f50 100644
--- a/src/share/classes/sun/rmi/transport/Transport.java
+++ b/src/share/classes/sun/rmi/transport/Transport.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -37,6 +37,10 @@
import java.rmi.server.RemoteServer;
import java.rmi.server.ServerNotActiveException;
import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.Permissions;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
import sun.rmi.runtime.Log;
import sun.rmi.server.Dispatcher;
import sun.rmi.server.UnicastServerRef;
@@ -68,6 +72,15 @@
/** ObjID for DGCImpl */
private static final ObjID dgcID = new ObjID(ObjID.DGC_ID);
+ /** AccessControlContext for setting context ClassLoader */
+ private static final AccessControlContext SETCCL_ACC;
+ static {
+ Permissions perms = new Permissions();
+ perms.add(new RuntimePermission("setContextClassLoader"));
+ ProtectionDomain[] pd = { new ProtectionDomain(null, perms) };
+ SETCCL_ACC = new AccessControlContext(pd);
+ }
+
/**
* Returns a <I>Channel</I> that generates connections to the
* endpoint <I>ep</I>. A Channel is an object that creates and
@@ -117,6 +130,16 @@
protected abstract void checkAcceptPermission(AccessControlContext acc);
/**
+ * Sets the context class loader for the current thread.
+ */
+ private static void setContextClassLoader(ClassLoader ccl) {
+ AccessController.doPrivileged((PrivilegedAction<Void>)() -> {
+ Thread.currentThread().setContextClassLoader(ccl);
+ return null;
+ }, SETCCL_ACC);
+ }
+
+ /**
* Service an incoming remote call. When a message arrives on the
* connection indicating the beginning of a remote call, the
* threads are required to call the <I>serviceCall</I> method of
@@ -164,11 +187,10 @@
target.getAccessControlContext();
ClassLoader ccl = target.getContextClassLoader();
- Thread t = Thread.currentThread();
- ClassLoader savedCcl = t.getContextClassLoader();
+ ClassLoader savedCcl = Thread.currentThread().getContextClassLoader();
try {
- t.setContextClassLoader(ccl);
+ setContextClassLoader(ccl);
currentTransport.set(this);
try {
java.security.AccessController.doPrivileged(
@@ -183,7 +205,7 @@
throw (IOException) pae.getException();
}
} finally {
- t.setContextClassLoader(savedCcl);
+ setContextClassLoader(savedCcl);
currentTransport.set(null);
}
diff --git a/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java b/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java
index 24655c2..790e7ac 100644
--- a/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java
+++ b/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -49,6 +49,9 @@
import java.rmi.server.UID;
import java.security.AccessControlContext;
import java.security.AccessController;
+import java.security.Permissions;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.LinkedList;
import java.util.List;
@@ -123,6 +126,14 @@
private static final ThreadLocal<ConnectionHandler>
threadConnectionHandler = new ThreadLocal<>();
+ /** an AccessControlContext with no permissions */
+ private static final AccessControlContext NOPERMS_ACC;
+ static {
+ Permissions perms = new Permissions();
+ ProtectionDomain[] pd = { new ProtectionDomain(null, perms) };
+ NOPERMS_ACC = new AccessControlContext(pd);
+ }
+
/** endpoints for this transport */
private final LinkedList<TCPEndpoint> epList;
/** number of objects exported on this transport */
@@ -668,7 +679,10 @@
t.setName("RMI TCP Connection(" +
connectionCount.incrementAndGet() +
")-" + remoteHost);
- run0();
+ AccessController.doPrivileged((PrivilegedAction<Void>)() -> {
+ run0();
+ return null;
+ }, NOPERMS_ACC);
} finally {
t.setName(name);
}
diff --git a/src/share/classes/sun/security/jgss/GSSHeader.java b/src/share/classes/sun/security/jgss/GSSHeader.java
index 2eec4b4..fc34eae 100644
--- a/src/share/classes/sun/security/jgss/GSSHeader.java
+++ b/src/share/classes/sun/security/jgss/GSSHeader.java
@@ -270,6 +270,9 @@
value <<= 8;
value += 0x0ff & in.read();
}
+ if (value < 0) {
+ throw new IOException("Invalid length bytes");
+ }
}
return value;
}
diff --git a/src/share/classes/sun/security/jgss/GSSNameImpl.java b/src/share/classes/sun/security/jgss/GSSNameImpl.java
index 4c44ff4..93ca085 100644
--- a/src/share/classes/sun/security/jgss/GSSNameImpl.java
+++ b/src/share/classes/sun/security/jgss/GSSNameImpl.java
@@ -257,10 +257,10 @@
((0xFF & bytes[pos++]) << 16) |
((0xFF & bytes[pos++]) << 8) |
(0xFF & bytes[pos++]));
- if (pos > bytes.length - mechPortionLen) {
- throw new GSSExceptionImpl(GSSException.BAD_NAME,
- "Exported name mech name is corrupted!");
- }
+ if (mechPortionLen < 0 || pos > bytes.length - mechPortionLen) {
+ throw new GSSExceptionImpl(GSSException.BAD_NAME,
+ "Exported name mech name is corrupted!");
+ }
byte[] mechPortion = new byte[mechPortionLen];
System.arraycopy(bytes, pos, mechPortion, 0, mechPortionLen);
diff --git a/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java b/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java
index b98dcea..46f895b 100644
--- a/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java
+++ b/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java
@@ -233,6 +233,9 @@
((0xFF & nameVal[pos++]) << 16) |
((0xFF & nameVal[pos++]) << 8) |
(0xFF & nameVal[pos++]));
+ if (mechPortionLen < 0) {
+ throw new GSSException(GSSException.BAD_NAME);
+ }
byte[] mechPortion = new byte[mechPortionLen];
System.arraycopy(nameVal, pos, mechPortion, 0, mechPortionLen);
return mechPortion;
diff --git a/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java b/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java
index e7707e8..8ca6e11 100644
--- a/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java
+++ b/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java
@@ -118,7 +118,7 @@
} else {
type = read(4);
}
- length = read(4);
+ length = readLength4();
List<String> result = new ArrayList<String>();
/*
* DCE includes the principal's realm in the count; the new format
@@ -127,7 +127,7 @@
if (version == KRB5_FCC_FVNO_1)
length--;
for (int i = 0; i <= length; i++) {
- namelength = read(4);
+ namelength = readLength4();
byte[] bytes = IOUtils.readFully(this, namelength, true);
result.add(new String(bytes));
}
@@ -184,7 +184,7 @@
keyType = read(2);
if (version == KRB5_FCC_FVNO_3)
read(2); /* keytype recorded twice in fvno 3 */
- keyLen = read(4);
+ keyLen = readLength4();
byte[] bytes = IOUtils.readFully(this, keyLen, true);
return new EncryptionKey(bytes, keyType, new Integer(version));
}
@@ -207,12 +207,12 @@
HostAddress[] readAddr() throws IOException, KrbApErrException {
int numAddrs, addrType, addrLength;
- numAddrs = read(4);
+ numAddrs = readLength4();
if (numAddrs > 0) {
List<HostAddress> addrs = new ArrayList<>();
for (int i = 0; i < numAddrs; i++) {
addrType = read(2);
- addrLength = read(4);
+ addrLength = readLength4();
if (!(addrLength == 4 || addrLength == 16)) {
if (DEBUG) {
System.out.println("Incorrect address format.");
@@ -231,13 +231,13 @@
AuthorizationDataEntry[] readAuth() throws IOException {
int num, adtype, adlength;
- num = read(4);
+ num = readLength4();
if (num > 0) {
List<AuthorizationDataEntry> auData = new ArrayList<>();
byte[] data = null;
for (int i = 0; i < num; i++) {
adtype = read(2);
- adlength = read(4);
+ adlength = readLength4();
data = IOUtils.readFully(this, adlength, true);
auData.add(new AuthorizationDataEntry(adtype, data));
}
@@ -248,7 +248,7 @@
byte[] readData() throws IOException {
int length;
- length = read(4);
+ length = readLength4();
if (length == 0) {
return null;
} else {
diff --git a/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java b/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java
index cf7257f..05ed6a2 100644
--- a/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java
+++ b/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java
@@ -151,43 +151,43 @@
synchronized void init(PrincipalName principal, String name)
throws IOException, KrbException {
primaryPrincipal = principal;
- CCacheOutputStream cos =
- new CCacheOutputStream(new FileOutputStream(name));
- version = KRB5_FCC_FVNO_3;
- cos.writeHeader(primaryPrincipal, version);
- cos.close();
+ try (FileOutputStream fos = new FileOutputStream(name);
+ CCacheOutputStream cos = new CCacheOutputStream(fos)) {
+ version = KRB5_FCC_FVNO_3;
+ cos.writeHeader(primaryPrincipal, version);
+ }
load(name);
}
synchronized void load(String name) throws IOException, KrbException {
PrincipalName p;
- CCacheInputStream cis =
- new CCacheInputStream(new FileInputStream(name));
- version = cis.readVersion();
- if (version == KRB5_FCC_FVNO_4) {
- tag = cis.readTag();
- } else {
- tag = null;
- if (version == KRB5_FCC_FVNO_1 || version == KRB5_FCC_FVNO_2) {
- cis.setNativeByteOrder();
+ try (FileInputStream fis = new FileInputStream(name);
+ CCacheInputStream cis = new CCacheInputStream(fis)) {
+ version = cis.readVersion();
+ if (version == KRB5_FCC_FVNO_4) {
+ tag = cis.readTag();
+ } else {
+ tag = null;
+ if (version == KRB5_FCC_FVNO_1 || version == KRB5_FCC_FVNO_2) {
+ cis.setNativeByteOrder();
+ }
}
- }
- p = cis.readPrincipal(version);
+ p = cis.readPrincipal(version);
- if (primaryPrincipal != null) {
- if (!(primaryPrincipal.match(p))) {
- throw new IOException("Primary principals don't match.");
- }
- } else
- primaryPrincipal = p;
- credentialsList = new Vector<Credentials> ();
- while (cis.available() > 0) {
- Credentials cred = cis.readCred(version);
- if (cred != null) {
- credentialsList.addElement(cred);
+ if (primaryPrincipal != null) {
+ if (!(primaryPrincipal.match(p))) {
+ throw new IOException("Primary principals don't match.");
+ }
+ } else
+ primaryPrincipal = p;
+ credentialsList = new Vector<Credentials>();
+ while (cis.available() > 0) {
+ Credentials cred = cis.readCred(version);
+ if (cred != null) {
+ credentialsList.addElement(cred);
+ }
}
}
- cis.close();
}
@@ -246,16 +246,16 @@
* Saves the credentials cache file to the disk.
*/
public synchronized void save() throws IOException, Asn1Exception {
- CCacheOutputStream cos
- = new CCacheOutputStream(new FileOutputStream(cacheName));
- cos.writeHeader(primaryPrincipal, version);
- Credentials[] tmp = null;
- if ((tmp = getCredsList()) != null) {
- for (int i = 0; i < tmp.length; i++) {
- cos.addCreds(tmp[i]);
+ try (FileOutputStream fos = new FileOutputStream(cacheName);
+ CCacheOutputStream cos = new CCacheOutputStream(fos)) {
+ cos.writeHeader(primaryPrincipal, version);
+ Credentials[] tmp = null;
+ if ((tmp = getCredsList()) != null) {
+ for (int i = 0; i < tmp.length; i++) {
+ cos.addCreds(tmp[i]);
+ }
}
}
- cos.close();
}
boolean match(String[] s1, String[] s2) {
diff --git a/src/share/classes/sun/security/krb5/internal/util/KrbDataInputStream.java b/src/share/classes/sun/security/krb5/internal/util/KrbDataInputStream.java
index b005730..d7a531b 100644
--- a/src/share/classes/sun/security/krb5/internal/util/KrbDataInputStream.java
+++ b/src/share/classes/sun/security/krb5/internal/util/KrbDataInputStream.java
@@ -56,15 +56,33 @@
public KrbDataInputStream(InputStream is){
super(is);
}
+
+ /**
+ * Reads a length value which is represented in 4 bytes from
+ * this input stream. The value must be positive.
+ * @return the length value represented by this byte array.
+ * @throws IOException if there are not enough bytes or it represents
+ * a negative value
+ */
+ final public int readLength4() throws IOException {
+ int len = read(4);
+ if (len < 0) {
+ throw new IOException("Invalid encoding");
+ }
+ return len;
+ }
+
/**
* Reads up to the specific number of bytes from this input stream.
* @param num the number of bytes to be read.
* @return the int value of this byte array.
- * @exception IOException.
+ * @throws IOException if there are not enough bytes
*/
- public int read(int num) throws IOException{
+ public int read(int num) throws IOException {
byte[] bytes = new byte[num];
- read(bytes, 0, num);
+ if (read(bytes, 0, num) != num) {
+ throw new IOException("Premature end of stream reached");
+ }
int result = 0;
for (int i = 0; i < num; i++) {
if (bigEndian) {
diff --git a/src/share/classes/sun/security/ssl/ClientHandshaker.java b/src/share/classes/sun/security/ssl/ClientHandshaker.java
index 5108528..5e253a7 100644
--- a/src/share/classes/sun/security/ssl/ClientHandshaker.java
+++ b/src/share/classes/sun/security/ssl/ClientHandshaker.java
@@ -345,6 +345,13 @@
break;
case HandshakeMessage.ht_finished:
+ // A ChangeCipherSpec record must have been received prior to
+ // reception of the Finished message (RFC 5246, 7.4.9).
+ if (!receivedChangeCipherSpec()) {
+ fatalSE(Alerts.alert_handshake_failure,
+ "Received Finished message before ChangeCipherSpec");
+ }
+
this.serverFinished(
new Finished(protocolVersion, input, cipherSuite));
break;
diff --git a/src/share/classes/sun/security/ssl/Handshaker.java b/src/share/classes/sun/security/ssl/Handshaker.java
index 80c2a51..7bda564 100644
--- a/src/share/classes/sun/security/ssl/Handshaker.java
+++ b/src/share/classes/sun/security/ssl/Handshaker.java
@@ -66,27 +66,27 @@
ProtocolVersion protocolVersion;
// the currently active protocol version during a renegotiation
- ProtocolVersion activeProtocolVersion;
+ ProtocolVersion activeProtocolVersion;
// security parameters for secure renegotiation.
- boolean secureRenegotiation;
- byte[] clientVerifyData;
- byte[] serverVerifyData;
+ boolean secureRenegotiation;
+ byte[] clientVerifyData;
+ byte[] serverVerifyData;
// Is it an initial negotiation or a renegotiation?
- boolean isInitialHandshake;
+ boolean isInitialHandshake;
// List of enabled protocols
- private ProtocolList enabledProtocols;
+ private ProtocolList enabledProtocols;
// List of enabled CipherSuites
- private CipherSuiteList enabledCipherSuites;
+ private CipherSuiteList enabledCipherSuites;
// The endpoint identification protocol
- String identificationProtocol;
+ String identificationProtocol;
// The cryptographic algorithm constraints
- private AlgorithmConstraints algorithmConstraints = null;
+ private AlgorithmConstraints algorithmConstraints = null;
// Local supported signature and algorithms
Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs;
@@ -95,15 +95,13 @@
Collection<SignatureAndHashAlgorithm> peerSupportedSignAlgs;
/*
-
- /*
* List of active protocols
*
* Active protocols is a subset of enabled protocols, and will
* contain only those protocols that have vaild cipher suites
* enabled.
*/
- private ProtocolList activeProtocols;
+ private ProtocolList activeProtocols;
/*
* List of active cipher suites
@@ -111,39 +109,41 @@
* Active cipher suites is a subset of enabled cipher suites, and will
* contain only those cipher suites available for the active protocols.
*/
- private CipherSuiteList activeCipherSuites;
+ private CipherSuiteList activeCipherSuites;
// The server name indication and matchers
- List<SNIServerName> serverNames =
- Collections.<SNIServerName>emptyList();
- Collection<SNIMatcher> sniMatchers =
- Collections.<SNIMatcher>emptyList();
+ List<SNIServerName> serverNames = Collections.<SNIServerName>emptyList();
+ Collection<SNIMatcher> sniMatchers = Collections.<SNIMatcher>emptyList();
- private boolean isClient;
- private boolean needCertVerify;
+ private boolean isClient;
+ private boolean needCertVerify;
- SSLSocketImpl conn = null;
- SSLEngineImpl engine = null;
+ SSLSocketImpl conn = null;
+ SSLEngineImpl engine = null;
- HandshakeHash handshakeHash;
- HandshakeInStream input;
- HandshakeOutStream output;
- int state;
- SSLContextImpl sslContext;
- RandomCookie clnt_random, svr_random;
- SSLSessionImpl session;
+ HandshakeHash handshakeHash;
+ HandshakeInStream input;
+ HandshakeOutStream output;
+ int state;
+ SSLContextImpl sslContext;
+ RandomCookie clnt_random, svr_random;
+ SSLSessionImpl session;
// current CipherSuite. Never null, initially SSL_NULL_WITH_NULL_NULL
- CipherSuite cipherSuite;
+ CipherSuite cipherSuite;
// current key exchange. Never null, initially K_NULL
- KeyExchange keyExchange;
+ KeyExchange keyExchange;
- /* True if this session is being resumed (fast handshake) */
- boolean resumingSession;
+ // True if this session is being resumed (fast handshake)
+ boolean resumingSession;
- /* True if it's OK to start a new SSL session */
- boolean enableNewSession;
+ // True if it's OK to start a new SSL session
+ boolean enableNewSession;
+
+ // True if session keys have been calculated and the caller may receive
+ // and process a ChangeCipherSpec message
+ private boolean sessKeysCalculated;
// Whether local cipher suites preference should be honored during
// handshaking?
@@ -176,7 +176,7 @@
// here instead of using this lock. Consider changing.
private Object thrownLock = new Object();
- /* Class and subclass dynamic debugging support */
+ // Class and subclass dynamic debugging support
static final Debug debug = Debug.getInstance("ssl");
// By default, disable the unsafe legacy session renegotiation
@@ -253,6 +253,7 @@
this.serverVerifyData = serverVerifyData;
enableNewSession = true;
invalidated = false;
+ sessKeysCalculated = false;
setCipherSuite(CipherSuite.C_NULL);
setEnabledProtocols(enabledProtocols);
@@ -359,6 +360,14 @@
}
}
+ final boolean receivedChangeCipherSpec() {
+ if (conn != null) {
+ return conn.receivedChangeCipherSpec();
+ } else {
+ return engine.receivedChangeCipherSpec();
+ }
+ }
+
String getEndpointIdentificationAlgorithmSE() {
SSLParameters paras;
if (conn != null) {
@@ -491,7 +500,9 @@
if (activeProtocols.collection().isEmpty() ||
activeProtocols.max.v == ProtocolVersion.NONE.v) {
- throw new SSLHandshakeException("No appropriate protocol");
+ throw new SSLHandshakeException(
+ "No appropriate protocol (protocol is disabled or " +
+ "cipher suites are inappropriate)");
}
if (activeCipherSuites == null) {
@@ -1224,6 +1235,10 @@
throw new ProviderException(e);
}
+ // Mark a flag that allows outside entities (like SSLSocket/SSLEngine)
+ // determine if a ChangeCipherSpec message could be processed.
+ sessKeysCalculated = true;
+
//
// Dump the connection keys as they're generated.
//
@@ -1278,6 +1293,15 @@
}
}
+ /**
+ * Return whether or not the Handshaker has derived session keys for
+ * this handshake. This is used for determining readiness to process
+ * an incoming ChangeCipherSpec message.
+ */
+ boolean sessionKeysCalculated() {
+ return sessKeysCalculated;
+ }
+
private static void printHex(HexDumpEncoder dump, byte[] bytes) {
if (bytes == null) {
System.out.println("(key bytes not available)");
diff --git a/src/share/classes/sun/security/ssl/ProtocolVersion.java b/src/share/classes/sun/security/ssl/ProtocolVersion.java
index fb47641..879d0f0 100644
--- a/src/share/classes/sun/security/ssl/ProtocolVersion.java
+++ b/src/share/classes/sun/security/ssl/ProtocolVersion.java
@@ -25,6 +25,9 @@
package sun.security.ssl;
+import java.util.*;
+import java.security.CryptoPrimitive;
+
/**
* Type safe enum for an SSL/TLS protocol version. Instances are obtained
* using the static factory methods or by referencing the static members
@@ -86,6 +89,11 @@
// Default version for hello messages (SSLv2Hello)
final static ProtocolVersion DEFAULT_HELLO = FIPS ? TLS10 : SSL30;
+ // Available protocols
+ //
+ // Including all supported protocols except the disabled ones.
+ final static Set<ProtocolVersion> availableProtocols;
+
// version in 16 bit MSB format as it appears in records and
// messages, i.e. 0x0301 for TLS 1.0
public final int v;
@@ -96,6 +104,24 @@
// name used in JSSE (e.g. TLSv1 for TLS 1.0)
final String name;
+ // Initialize the available protocols.
+ static {
+ Set<ProtocolVersion> protocols = new HashSet<>(5);
+
+ ProtocolVersion[] pvs = new ProtocolVersion[] {
+ SSL20Hello, SSL30, TLS10, TLS11, TLS12};
+ for (ProtocolVersion p : pvs) {
+ if (SSLAlgorithmConstraints.DEFAULT_SSL_ONLY.permits(
+ EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
+ p.name, null)) {
+ protocols.add(p);
+ }
+ }
+
+ availableProtocols =
+ Collections.<ProtocolVersion>unmodifiableSet(protocols);
+ }
+
// private
private ProtocolVersion(int v, String name) {
this.v = v;
diff --git a/src/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java b/src/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
index d62641b..1a8a973 100644
--- a/src/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
+++ b/src/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
@@ -55,6 +55,14 @@
private boolean enabledX509DisabledAlgConstraints = true;
+ // the default algorithm constraints
+ final static AlgorithmConstraints DEFAULT =
+ new SSLAlgorithmConstraints(null);
+
+ // the default SSL only algorithm constraints
+ final static AlgorithmConstraints DEFAULT_SSL_ONLY =
+ new SSLAlgorithmConstraints((SSLSocket)null, false);
+
SSLAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
userAlgConstraints = algorithmConstraints;
}
diff --git a/src/share/classes/sun/security/ssl/SSLContextImpl.java b/src/share/classes/sun/security/ssl/SSLContextImpl.java
index 8f8fb4d..b00a26d 100644
--- a/src/share/classes/sun/security/ssl/SSLContextImpl.java
+++ b/src/share/classes/sun/security/ssl/SSLContextImpl.java
@@ -52,10 +52,6 @@
private X509TrustManager trustManager;
private SecureRandom secureRandom;
- // The default algrithm constraints
- private AlgorithmConstraints defaultAlgorithmConstraints =
- new SSLAlgorithmConstraints(null);
-
// supported and default protocols
private ProtocolList defaultServerProtocolList;
private ProtocolList defaultClientProtocolList;
@@ -350,7 +346,7 @@
if (suite.isAvailable() &&
suite.obsoleted > protocols.min.v &&
suite.supported <= protocols.max.v) {
- if (defaultAlgorithmConstraints.permits(
+ if (SSLAlgorithmConstraints.DEFAULT.permits(
EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
suite.name, null)) {
suites.add(suite);
@@ -431,11 +427,16 @@
*/
private abstract static class AbstractSSLContext extends SSLContextImpl {
// parameters
- private final static SSLParameters defaultServerSSLParams;
- private final static SSLParameters supportedSSLParams;
+ private static final SSLParameters defaultServerSSLParams;
+ private static final SSLParameters supportedSSLParams;
static {
+ // supported SSL parameters
supportedSSLParams = new SSLParameters();
+
+ // candidates for available protocols
+ ProtocolVersion[] candidates;
+
if (SunJSSE.isFIPS()) {
supportedSSLParams.setProtocols(new String[] {
ProtocolVersion.TLS10.name,
@@ -443,7 +444,11 @@
ProtocolVersion.TLS12.name
});
- defaultServerSSLParams = supportedSSLParams;
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.TLS10,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS12
+ };
} else {
supportedSSLParams.setProtocols(new String[] {
ProtocolVersion.SSL20Hello.name,
@@ -453,8 +458,18 @@
ProtocolVersion.TLS12.name
});
- defaultServerSSLParams = supportedSSLParams;
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.SSL20Hello,
+ ProtocolVersion.SSL30,
+ ProtocolVersion.TLS10,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS12
+ };
}
+
+ defaultServerSSLParams = new SSLParameters();
+ defaultServerSSLParams.setProtocols(
+ getAvailableProtocols(candidates).toArray(new String[0]));
}
@Override
@@ -466,6 +481,22 @@
SSLParameters getSupportedSSLParams() {
return supportedSSLParams;
}
+
+ static List<String> getAvailableProtocols(
+ ProtocolVersion[] protocolCandidates) {
+
+ List<String> availableProtocols = Collections.<String>emptyList();
+ if (protocolCandidates != null && protocolCandidates.length != 0) {
+ availableProtocols = new ArrayList<>(protocolCandidates.length);
+ for (ProtocolVersion p : protocolCandidates) {
+ if (ProtocolVersion.availableProtocols.contains(p)) {
+ availableProtocols.add(p.name);
+ }
+ }
+ }
+
+ return availableProtocols;
+ }
}
/*
@@ -474,21 +505,25 @@
* @see SSLContext
*/
public static final class TLS10Context extends AbstractSSLContext {
- private final static SSLParameters defaultClientSSLParams;
+ private static final SSLParameters defaultClientSSLParams;
static {
- defaultClientSSLParams = new SSLParameters();
+ // candidates for available protocols
+ ProtocolVersion[] candidates;
if (SunJSSE.isFIPS()) {
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.TLS10.name
- });
-
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.TLS10
+ };
} else {
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.SSL30.name,
- ProtocolVersion.TLS10.name
- });
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.SSL30,
+ ProtocolVersion.TLS10
+ };
}
+
+ defaultClientSSLParams = new SSLParameters();
+ defaultClientSSLParams.setProtocols(
+ getAvailableProtocols(candidates).toArray(new String[0]));
}
@Override
@@ -503,23 +538,27 @@
* @see SSLContext
*/
public static final class TLS11Context extends AbstractSSLContext {
- private final static SSLParameters defaultClientSSLParams;
+ private static final SSLParameters defaultClientSSLParams;
static {
- defaultClientSSLParams = new SSLParameters();
+ // candidates for available protocols
+ ProtocolVersion[] candidates;
if (SunJSSE.isFIPS()) {
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name
- });
-
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.TLS10,
+ ProtocolVersion.TLS11
+ };
} else {
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.SSL30.name,
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name
- });
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.SSL30,
+ ProtocolVersion.TLS10,
+ ProtocolVersion.TLS11
+ };
}
+
+ defaultClientSSLParams = new SSLParameters();
+ defaultClientSSLParams.setProtocols(
+ getAvailableProtocols(candidates).toArray(new String[0]));
}
@Override
@@ -534,25 +573,29 @@
* @see SSLContext
*/
public static final class TLS12Context extends AbstractSSLContext {
- private final static SSLParameters defaultClientSSLParams;
+ private static final SSLParameters defaultClientSSLParams;
static {
- defaultClientSSLParams = new SSLParameters();
+ // candidates for available protocols
+ ProtocolVersion[] candidates;
if (SunJSSE.isFIPS()) {
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name,
- ProtocolVersion.TLS12.name
- });
-
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.TLS10,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS12
+ };
} else {
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.SSL30.name,
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name,
- ProtocolVersion.TLS12.name
- });
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.SSL30,
+ ProtocolVersion.TLS10,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS12
+ };
}
+
+ defaultClientSSLParams = new SSLParameters();
+ defaultClientSSLParams.setProtocols(
+ getAvailableProtocols(candidates).toArray(new String[0]));
}
@Override
@@ -567,8 +610,8 @@
* @see SSLContext
*/
private static class CustomizedSSLContext extends AbstractSSLContext {
- private final static String PROPERTY_NAME = "jdk.tls.client.protocols";
- private final static SSLParameters defaultClientSSLParams;
+ private static final String PROPERTY_NAME = "jdk.tls.client.protocols";
+ private static final SSLParameters defaultClientSSLParams;
private static IllegalArgumentException reservedException = null;
// Don't want a java.lang.LinkageError for illegal system property.
@@ -578,60 +621,74 @@
// the provider service. Instead, let's handle the initialization
// exception in constructor.
static {
+ // candidates for available protocols
+ ProtocolVersion[] candidates;
+
String property = AccessController.doPrivileged(
new GetPropertyAction(PROPERTY_NAME));
- defaultClientSSLParams = new SSLParameters();
if (property == null || property.length() == 0) {
// the default enabled client TLS protocols
if (SunJSSE.isFIPS()) {
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name,
- ProtocolVersion.TLS12.name
- });
-
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.TLS10,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS12
+ };
} else {
- defaultClientSSLParams.setProtocols(new String[] {
- ProtocolVersion.SSL30.name,
- ProtocolVersion.TLS10.name,
- ProtocolVersion.TLS11.name,
- ProtocolVersion.TLS12.name
- });
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.SSL30,
+ ProtocolVersion.TLS10,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS12
+ };
}
} else {
// remove double quote marks from beginning/end of the property
- if (property.charAt(0) == '"' &&
+ if (property.length() > 1 && property.charAt(0) == '"' &&
property.charAt(property.length() - 1) == '"') {
property = property.substring(1, property.length() - 1);
}
- String[] protocols = property.split(",");
+ String[] protocols = null;
+ if (property != null && property.length() != 0) {
+ protocols = property.split(",");
+ } else {
+ reservedException = new IllegalArgumentException(
+ "No protocol specified in " +
+ PROPERTY_NAME + " system property");
+ protocols = new String[0];
+ }
+
+ candidates = new ProtocolVersion[protocols.length];
for (int i = 0; i < protocols.length; i++) {
protocols[i] = protocols[i].trim();
// Is it a supported protocol name?
try {
- ProtocolVersion.valueOf(protocols[i]);
+ candidates[i] = ProtocolVersion.valueOf(protocols[i]);
} catch (IllegalArgumentException iae) {
reservedException = new IllegalArgumentException(
- PROPERTY_NAME + ": " + protocols[i] +
- " is not a standard SSL protocol name", iae);
+ PROPERTY_NAME + ": " + protocols[i] +
+ " is not a standard SSL/TLS protocol name", iae);
+ break;
}
}
if ((reservedException == null) && SunJSSE.isFIPS()) {
- for (String protocol : protocols) {
- if (ProtocolVersion.SSL20Hello.name.equals(protocol) ||
- ProtocolVersion.SSL30.name.equals(protocol)) {
+ for (ProtocolVersion protocolVersion : candidates) {
+ if (ProtocolVersion.SSL20Hello.v == protocolVersion.v ||
+ ProtocolVersion.SSL30.v == protocolVersion.v) {
reservedException = new IllegalArgumentException(
- PROPERTY_NAME + ": " + protocol +
+ PROPERTY_NAME + ": " + protocolVersion +
" is not FIPS compliant");
}
}
}
+ }
- if (reservedException == null) {
- defaultClientSSLParams.setProtocols(protocols);
- }
+ defaultClientSSLParams = new SSLParameters();
+ if (reservedException == null) {
+ defaultClientSSLParams.setProtocols(
+ getAvailableProtocols(candidates).toArray(new String[0]));
}
}
diff --git a/src/share/classes/sun/security/ssl/SSLEngineImpl.java b/src/share/classes/sun/security/ssl/SSLEngineImpl.java
index 7a71a0e..e021d8e 100644
--- a/src/share/classes/sun/security/ssl/SSLEngineImpl.java
+++ b/src/share/classes/sun/security/ssl/SSLEngineImpl.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -212,6 +212,11 @@
static final byte clauth_required = 2;
/*
+ * Flag indicating that the engine has received a ChangeCipherSpec message.
+ */
+ private boolean receivedCCS;
+
+ /*
* Flag indicating if the next record we receive MUST be a Finished
* message. Temporarily set during the handshake to ensure that
* a change cipher spec message is followed by a finished message.
@@ -372,6 +377,7 @@
*/
roleIsServer = true;
connectionState = cs_START;
+ receivedCCS = false;
// default server name indication
serverNames =
@@ -1021,6 +1027,7 @@
if (handshaker.invalidated) {
handshaker = null;
+ receivedCCS = false;
// if state is cs_RENEGOTIATE, revert it to cs_DATA
if (connectionState == cs_RENEGOTIATE) {
connectionState = cs_DATA;
@@ -1039,6 +1046,7 @@
}
handshaker = null;
connectionState = cs_DATA;
+ receivedCCS = false;
// No handshakeListeners here. That's a
// SSLSocket thing.
@@ -1078,13 +1086,25 @@
case Record.ct_change_cipher_spec:
if ((connectionState != cs_HANDSHAKE
&& connectionState != cs_RENEGOTIATE)
- || inputRecord.available() != 1
- || inputRecord.read() != 1) {
+ || !handshaker.sessionKeysCalculated()
+ || receivedCCS) {
+ // For the CCS message arriving in the wrong state
fatal(Alerts.alert_unexpected_message,
- "illegal change cipher spec msg, state = "
- + connectionState);
+ "illegal change cipher spec msg, conn state = "
+ + connectionState + ", handshake state = "
+ + handshaker.state);
+ } else if (inputRecord.available() != 1
+ || inputRecord.read() != 1) {
+ // For structural/content issues with the CCS
+ fatal(Alerts.alert_unexpected_message,
+ "Malformed change cipher spec msg");
}
+ // Once we've received CCS, update the flag.
+ // If the remote endpoint sends it again in this handshake
+ // we won't process it.
+ receivedCCS = true;
+
//
// The first message after a change_cipher_spec
// record MUST be a "Finished" handshake record,
@@ -2120,6 +2140,14 @@
}
}
+ /*
+ * Returns a boolean indicating whether the ChangeCipherSpec message
+ * has been received for this handshake.
+ */
+ boolean receivedChangeCipherSpec() {
+ return receivedCCS;
+ }
+
/**
* Returns a printable representation of this end of the connection.
*/
diff --git a/src/share/classes/sun/security/ssl/SSLSocketImpl.java b/src/share/classes/sun/security/ssl/SSLSocketImpl.java
index 395a366..7b91f3e 100644
--- a/src/share/classes/sun/security/ssl/SSLSocketImpl.java
+++ b/src/share/classes/sun/security/ssl/SSLSocketImpl.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -172,6 +172,12 @@
private volatile int connectionState;
/*
+ * Flag indicating that the engine's handshaker has done the necessary
+ * steps so the engine may process a ChangeCipherSpec message.
+ */
+ private boolean receivedCCS;
+
+ /*
* Flag indicating if the next record we receive MUST be a Finished
* message. Temporarily set during the handshake to ensure that
* a change cipher spec message is followed by a finished message.
@@ -587,6 +593,7 @@
*/
roleIsServer = isServer;
connectionState = cs_START;
+ receivedCCS = false;
/*
* default read and write side cipher and MAC support
@@ -1045,6 +1052,7 @@
if (handshaker.invalidated) {
handshaker = null;
+ receivedCCS = false;
// if state is cs_RENEGOTIATE, revert it to cs_DATA
if (connectionState == cs_RENEGOTIATE) {
connectionState = cs_DATA;
@@ -1060,6 +1068,7 @@
handshakeSession = null;
handshaker = null;
connectionState = cs_DATA;
+ receivedCCS = false;
//
// Tell folk about handshake completion, but do
@@ -1107,13 +1116,24 @@
case Record.ct_change_cipher_spec:
if ((connectionState != cs_HANDSHAKE
&& connectionState != cs_RENEGOTIATE)
- || r.available() != 1
- || r.read() != 1) {
+ || !handshaker.sessionKeysCalculated()
+ || receivedCCS) {
+ // For the CCS message arriving in the wrong state
fatal(Alerts.alert_unexpected_message,
- "illegal change cipher spec msg, state = "
- + connectionState);
+ "illegal change cipher spec msg, conn state = "
+ + connectionState + ", handshake state = "
+ + handshaker.state);
+ } else if (r.available() != 1 || r.read() != 1) {
+ // For structural/content issues with the CCS
+ fatal(Alerts.alert_unexpected_message,
+ "Malformed change cipher spec msg");
}
+ // Once we've received CCS, update the flag.
+ // If the remote endpoint sends it again in this handshake
+ // we won't process it.
+ receivedCCS = true;
+
//
// The first message after a change_cipher_spec
// record MUST be a "Finished" handshake record,
@@ -2550,6 +2570,14 @@
}
}
+ /*
+ * Returns a boolean indicating whether the ChangeCipherSpec message
+ * has been received for this handshake.
+ */
+ boolean receivedChangeCipherSpec() {
+ return receivedCCS;
+ }
+
//
// We allocate a separate thread to deliver handshake completion
// events. This ensures that the notifications don't block the
diff --git a/src/share/classes/sun/security/ssl/ServerHandshaker.java b/src/share/classes/sun/security/ssl/ServerHandshaker.java
index 85c1b4d..37babc7 100644
--- a/src/share/classes/sun/security/ssl/ServerHandshaker.java
+++ b/src/share/classes/sun/security/ssl/ServerHandshaker.java
@@ -287,6 +287,13 @@
break;
case HandshakeMessage.ht_finished:
+ // A ChangeCipherSpec record must have been received prior to
+ // reception of the Finished message (RFC 5246, 7.4.9).
+ if (!receivedChangeCipherSpec()) {
+ fatalSE(Alerts.alert_handshake_failure,
+ "Received Finished message before ChangeCipherSpec");
+ }
+
this.clientFinished(
new Finished(protocolVersion, input, cipherSuite));
break;
diff --git a/src/share/classes/sun/security/util/DerIndefLenConverter.java b/src/share/classes/sun/security/util/DerIndefLenConverter.java
index 6635137..cbd5ecc 100644
--- a/src/share/classes/sun/security/util/DerIndefLenConverter.java
+++ b/src/share/classes/sun/security/util/DerIndefLenConverter.java
@@ -156,12 +156,18 @@
}
if (isLongForm(lenByte)) {
lenByte &= LEN_MASK;
- if (lenByte > 4)
+ if (lenByte > 4) {
throw new IOException("Too much data");
- if ((dataSize - dataPos) < (lenByte + 1))
+ }
+ if ((dataSize - dataPos) < (lenByte + 1)) {
throw new IOException("Too little data");
- for (int i = 0; i < lenByte; i++)
+ }
+ for (int i = 0; i < lenByte; i++) {
curLen = (curLen << 8) + (data[dataPos++] & 0xff);
+ }
+ if (curLen < 0) {
+ throw new IOException("Invalid length bytes");
+ }
} else {
curLen = (lenByte & LEN_MASK);
}
@@ -188,10 +194,15 @@
}
if (isLongForm(lenByte)) {
lenByte &= LEN_MASK;
- for (int i = 0; i < lenByte; i++)
+ for (int i = 0; i < lenByte; i++) {
curLen = (curLen << 8) + (data[dataPos++] & 0xff);
- } else
+ }
+ if (curLen < 0) {
+ throw new IOException("Invalid length bytes");
+ }
+ } else {
curLen = (lenByte & LEN_MASK);
+ }
writeLength(curLen);
writeValue(curLen);
}
diff --git a/src/share/classes/sun/security/util/DerInputStream.java b/src/share/classes/sun/security/util/DerInputStream.java
index e0f77ee..fc4aee8 100644
--- a/src/share/classes/sun/security/util/DerInputStream.java
+++ b/src/share/classes/sun/security/util/DerInputStream.java
@@ -566,6 +566,10 @@
value <<= 8;
value += 0x0ff & in.read();
}
+ if (value < 0) {
+ throw new IOException("DerInputStream.getLength(): "
+ + "Invalid length bytes");
+ }
}
return value;
}
diff --git a/src/share/classes/sun/swing/FilePane.java b/src/share/classes/sun/swing/FilePane.java
index 6cf3c4d..9ae60b5 100644
--- a/src/share/classes/sun/swing/FilePane.java
+++ b/src/share/classes/sun/swing/FilePane.java
@@ -1979,20 +1979,24 @@
return false;
}
- if (f instanceof ShellFolder) {
- return f.canWrite();
- } else {
- if (usesShellFolder(getFileChooser())) {
- try {
- return ShellFolder.getShellFolder(f).canWrite();
- } catch (FileNotFoundException ex) {
- // File doesn't exist
- return false;
- }
- } else {
- // Ordinary file
+ try {
+ if (f instanceof ShellFolder) {
return f.canWrite();
+ } else {
+ if (usesShellFolder(getFileChooser())) {
+ try {
+ return ShellFolder.getShellFolder(f).canWrite();
+ } catch (FileNotFoundException ex) {
+ // File doesn't exist
+ return false;
+ }
+ } else {
+ // Ordinary file
+ return f.canWrite();
+ }
}
+ } catch (SecurityException e) {
+ return false;
}
}
diff --git a/src/share/classes/sun/swing/WindowsPlacesBar.java b/src/share/classes/sun/swing/WindowsPlacesBar.java
index 8b033ca..2a69329 100644
--- a/src/share/classes/sun/swing/WindowsPlacesBar.java
+++ b/src/share/classes/sun/swing/WindowsPlacesBar.java
@@ -81,11 +81,7 @@
setBackground(bgColor);
FileSystemView fsv = fc.getFileSystemView();
- files = AccessController.doPrivileged(new PrivilegedAction<File[]>() {
- public File[] run() {
- return (File[]) ShellFolder.get("fileChooserShortcutPanelFolders");
- }
- });
+ files = (File[]) ShellFolder.get("fileChooserShortcutPanelFolders");
buttons = new JToggleButton[files.length];
buttonGroup = new ButtonGroup();
diff --git a/src/share/classes/sun/swing/plaf/synth/SynthFileChooserUIImpl.java b/src/share/classes/sun/swing/plaf/synth/SynthFileChooserUIImpl.java
index 3779207..047952c 100644
--- a/src/share/classes/sun/swing/plaf/synth/SynthFileChooserUIImpl.java
+++ b/src/share/classes/sun/swing/plaf/synth/SynthFileChooserUIImpl.java
@@ -769,16 +769,9 @@
fireIntervalRemoved(this, 0, oldSize);
}
- File[] baseFolders;
- if (useShellFolder) {
- baseFolders = AccessController.doPrivileged(new PrivilegedAction<File[]>() {
- public File[] run() {
- return (File[]) ShellFolder.get("fileChooserComboBoxFolders");
- }
- });
- } else {
- baseFolders = fsv.getRoots();
- }
+ File[] baseFolders = (useShellFolder)
+ ? (File[]) ShellFolder.get("fileChooserComboBoxFolders")
+ : fsv.getRoots();
directories.addAll(Arrays.asList(baseFolders));
// Get the canonical (full) path. This has the side
diff --git a/src/share/lib/security/java.security-aix b/src/share/lib/security/java.security-aix
index d31a1e3..81ce1d7 100644
--- a/src/share/lib/security/java.security-aix
+++ b/src/share/lib/security/java.security-aix
@@ -210,8 +210,8 @@
org.jcp.xml.dsig.internal.,\
jdk.internal.,\
jdk.nashorn.internal.,\
- jdk.nashorn.tools.
-
+ jdk.nashorn.tools.,\
+ com.sun.activation.registries.
#
# List of comma-separated packages that start with or equal this string
@@ -257,8 +257,8 @@
org.jcp.xml.dsig.internal.,\
jdk.internal.,\
jdk.nashorn.internal.,\
- jdk.nashorn.tools.
-
+ jdk.nashorn.tools.,\
+ com.sun.activation.registries.
#
# Determines whether this properties file can be appended to
@@ -479,8 +479,12 @@
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
-# algorithms during SSL/TLS security parameters negotiation, including cipher
-# suites selection, peer authentication and key exchange mechanisms.
+# algorithms during SSL/TLS security parameters negotiation, including
+# protocol version negotiation, cipher suites selection, peer authentication
+# and key exchange mechanisms.
+#
+# Disabled algorithms will not be negotiated for SSL/TLS connections, even
+# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
@@ -495,4 +499,5 @@
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
-# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
+# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
+jdk.tls.disabledAlgorithms=SSLv3
diff --git a/src/share/lib/security/java.security-linux b/src/share/lib/security/java.security-linux
index bb71a15..81ce1d7 100644
--- a/src/share/lib/security/java.security-linux
+++ b/src/share/lib/security/java.security-linux
@@ -479,8 +479,12 @@
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
-# algorithms during SSL/TLS security parameters negotiation, including cipher
-# suites selection, peer authentication and key exchange mechanisms.
+# algorithms during SSL/TLS security parameters negotiation, including
+# protocol version negotiation, cipher suites selection, peer authentication
+# and key exchange mechanisms.
+#
+# Disabled algorithms will not be negotiated for SSL/TLS connections, even
+# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
@@ -495,4 +499,5 @@
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
-# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
+# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
+jdk.tls.disabledAlgorithms=SSLv3
diff --git a/src/share/lib/security/java.security-macosx b/src/share/lib/security/java.security-macosx
index 78eeb8e..d72511b 100644
--- a/src/share/lib/security/java.security-macosx
+++ b/src/share/lib/security/java.security-macosx
@@ -482,8 +482,12 @@
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
-# algorithms during SSL/TLS security parameters negotiation, including cipher
-# suites selection, peer authentication and key exchange mechanisms.
+# algorithms during SSL/TLS security parameters negotiation, including
+# protocol version negotiation, cipher suites selection, peer authentication
+# and key exchange mechanisms.
+#
+# Disabled algorithms will not be negotiated for SSL/TLS connections, even
+# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
@@ -498,4 +502,5 @@
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
-# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
+# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
+jdk.tls.disabledAlgorithms=SSLv3
diff --git a/src/share/lib/security/java.security-solaris b/src/share/lib/security/java.security-solaris
index e153e15..92d0358 100644
--- a/src/share/lib/security/java.security-solaris
+++ b/src/share/lib/security/java.security-solaris
@@ -481,8 +481,12 @@
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
-# algorithms during SSL/TLS security parameters negotiation, including cipher
-# suites selection, peer authentication and key exchange mechanisms.
+# algorithms during SSL/TLS security parameters negotiation, including
+# protocol version negotiation, cipher suites selection, peer authentication
+# and key exchange mechanisms.
+#
+# Disabled algorithms will not be negotiated for SSL/TLS connections, even
+# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
@@ -497,4 +501,5 @@
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
-# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
+# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
+jdk.tls.disabledAlgorithms=SSLv3
diff --git a/src/share/lib/security/java.security-windows b/src/share/lib/security/java.security-windows
index e10b953..41907ee 100644
--- a/src/share/lib/security/java.security-windows
+++ b/src/share/lib/security/java.security-windows
@@ -482,8 +482,12 @@
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
-# algorithms during SSL/TLS security parameters negotiation, including cipher
-# suites selection, peer authentication and key exchange mechanisms.
+# algorithms during SSL/TLS security parameters negotiation, including
+# protocol version negotiation, cipher suites selection, peer authentication
+# and key exchange mechanisms.
+#
+# Disabled algorithms will not be negotiated for SSL/TLS connections, even
+# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
@@ -498,4 +502,5 @@
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
-# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
+# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
+jdk.tls.disabledAlgorithms=SSLv3
diff --git a/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp b/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp
index e985b81..cbee0ba 100644
--- a/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp
+++ b/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp
@@ -583,6 +583,8 @@
LEReferenceTo<ChainSubClassRuleTable>
chainSubClassRuleTable(chainSubClassSetTable, success, chainSubClassRuleTableOffset);
le_uint16 backtrackGlyphCount = SWAPW(chainSubClassRuleTable->backtrackGlyphCount);
+ LEReferenceToArrayOf<le_uint16> backtrackClassArray(base, success, chainSubClassRuleTable->backtrackClassArray, backtrackGlyphCount);
+ if( LE_FAILURE(success) ) { return 0; }
le_uint16 inputGlyphCount = SWAPW(chainSubClassRuleTable->backtrackClassArray[backtrackGlyphCount]) - 1;
LEReferenceToArrayOf<le_uint16> inputClassArray(base, success, &chainSubClassRuleTable->backtrackClassArray[backtrackGlyphCount + 1],inputGlyphCount+2); // +2 for the lookaheadGlyphCount count
le_uint16 lookaheadGlyphCount = SWAPW(inputClassArray.getObject(inputGlyphCount, success));
@@ -599,8 +601,6 @@
}
tempIterator.prev();
- LEReferenceToArrayOf<le_uint16> backtrackClassArray(base, success, chainSubClassRuleTable->backtrackClassArray, backtrackGlyphCount);
- if( LE_FAILURE(success) ) { return 0; }
if (! matchGlyphClasses(backtrackClassArray, backtrackGlyphCount,
&tempIterator, backtrackClassDefinitionTable, success, TRUE)) {
continue;
diff --git a/src/share/native/sun/font/layout/CursiveAttachmentSubtables.cpp b/src/share/native/sun/font/layout/CursiveAttachmentSubtables.cpp
index 6358328..f2c9f95 100644
--- a/src/share/native/sun/font/layout/CursiveAttachmentSubtables.cpp
+++ b/src/share/native/sun/font/layout/CursiveAttachmentSubtables.cpp
@@ -45,6 +45,9 @@
le_int32 coverageIndex = getGlyphCoverage(base, glyphID, success);
le_uint16 eeCount = SWAPW(entryExitCount);
+ LEReferenceToArrayOf<EntryExitRecord>
+ entryExitRecordsArrayRef(base, success, entryExitRecords, coverageIndex);
+
if (coverageIndex < 0 || coverageIndex >= eeCount || LE_FAILURE(success)) {
glyphIterator->setCursiveGlyph();
return 0;
diff --git a/src/share/native/sun/font/layout/Features.cpp b/src/share/native/sun/font/layout/Features.cpp
index b44ae2e..6c6bcc8 100644
--- a/src/share/native/sun/font/layout/Features.cpp
+++ b/src/share/native/sun/font/layout/Features.cpp
@@ -40,6 +40,9 @@
LEReferenceTo<FeatureTable> FeatureListTable::getFeatureTable(const LETableReference &base, le_uint16 featureIndex, LETag *featureTag, LEErrorCode &success) const
{
+ LEReferenceToArrayOf<FeatureRecord>
+ featureRecordArrayRef(base, success, featureRecordArray, featureIndex);
+
if (featureIndex >= SWAPW(featureCount) || LE_FAILURE(success)) {
return LEReferenceTo<FeatureTable>();
}
diff --git a/src/share/native/sun/font/layout/LETableReference.h b/src/share/native/sun/font/layout/LETableReference.h
index ea12c18..6afd3c1 100644
--- a/src/share/native/sun/font/layout/LETableReference.h
+++ b/src/share/native/sun/font/layout/LETableReference.h
@@ -470,7 +470,12 @@
#endif
const T& getObject(le_uint32 i, LEErrorCode &success) const {
- return *getAlias(i,success);
+ const T *ret = getAlias(i, success);
+ if (LE_FAILURE(success) || ret==NULL) {
+ return *(new T(0));
+ } else {
+ return *ret;
+ }
}
/**
diff --git a/src/share/native/sun/font/layout/LigatureSubstSubtables.cpp b/src/share/native/sun/font/layout/LigatureSubstSubtables.cpp
index 9e7120e..8e0e7cd 100644
--- a/src/share/native/sun/font/layout/LigatureSubstSubtables.cpp
+++ b/src/share/native/sun/font/layout/LigatureSubstSubtables.cpp
@@ -64,6 +64,9 @@
LEReferenceTo<LigatureTable> ligTable(ligSetTable, success, ligTableOffset);
if(LE_FAILURE(success)) { return 0; }
le_uint16 compCount = SWAPW(ligTable->compCount) - 1;
+ LEReferenceToArrayOf<TTGlyphID>
+ componentArrayRef(base, success, ligTable->componentArray, compCount);
+ if (LE_FAILURE(success)) { return 0; }
le_int32 startPosition = glyphIterator->getCurrStreamPosition();
TTGlyphID ligGlyph = SWAPW(ligTable->ligGlyph);
le_uint16 comp;
diff --git a/src/share/native/sun/font/layout/MultipleSubstSubtables.cpp b/src/share/native/sun/font/layout/MultipleSubstSubtables.cpp
index 5ff16fe..5ed9a3a 100644
--- a/src/share/native/sun/font/layout/MultipleSubstSubtables.cpp
+++ b/src/share/native/sun/font/layout/MultipleSubstSubtables.cpp
@@ -61,6 +61,8 @@
le_int32 coverageIndex = getGlyphCoverage(base, glyph, success);
le_uint16 seqCount = SWAPW(sequenceCount);
+ LEReferenceToArrayOf<Offset>
+ sequenceTableOffsetArrayRef(base, success, sequenceTableOffsetArray, seqCount);
if (LE_FAILURE(success)) {
return 0;
diff --git a/src/solaris/native/java/net/NetworkInterface.c b/src/solaris/native/java/net/NetworkInterface.c
index 7ee0c38..09ab89c 100644
--- a/src/solaris/native/java/net/NetworkInterface.c
+++ b/src/solaris/native/java/net/NetworkInterface.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -570,9 +570,14 @@
jboolean isCopy;
int ret = -1;
int sock;
- const char* name_utf;
+ const char* name_utf = NULL;
- name_utf = (*env)->GetStringUTFChars(env, name, &isCopy);
+ if (name != NULL) {
+ name_utf = (*env)->GetStringUTFChars(env, name, &isCopy);
+ } else {
+ JNU_ThrowNullPointerException(env, "network interface name is NULL");
+ return ret;
+ }
if (name_utf == NULL) {
if (!(*env)->ExceptionCheck(env))
JNU_ThrowOutOfMemoryError(env, NULL);
@@ -600,7 +605,12 @@
const char* name_utf;
int flags = 0;
- name_utf = (*env)->GetStringUTFChars(env, name, &isCopy);
+ if (name != NULL) {
+ name_utf = (*env)->GetStringUTFChars(env, name, &isCopy);
+ } else {
+ JNU_ThrowNullPointerException(env, "network interface name is NULL");
+ return -1;
+ }
if (name_utf == NULL) {
if (!(*env)->ExceptionCheck(env))
JNU_ThrowOutOfMemoryError(env, NULL);
@@ -1474,7 +1484,12 @@
struct ifreq if2;
memset((char *) &if2, 0, sizeof(if2));
- strcpy(if2.ifr_name, ifname);
+ if (ifname != NULL) {
+ strcpy(if2.ifr_name, ifname);
+ } else {
+ JNU_ThrowNullPointerException(env, "network interface name is NULL");
+ return -1;
+ }
if (ioctl(sock, SIOCGIFMTU, (char *)&if2) < 0) {
NET_ThrowByNameWithLastError(env, JNU_JAVANETPKG "SocketException", "IOCTL SIOCGIFMTU failed");
diff --git a/src/solaris/native/java/net/PlainDatagramSocketImpl.c b/src/solaris/native/java/net/PlainDatagramSocketImpl.c
index 86c3a70..0a8a3a4 100644
--- a/src/solaris/native/java/net/PlainDatagramSocketImpl.c
+++ b/src/solaris/native/java/net/PlainDatagramSocketImpl.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1474,10 +1474,12 @@
static jmethodID ni_ctrID;
static jfieldID ni_indexID;
static jfieldID ni_addrsID;
+ static jfieldID ni_nameID;
jobjectArray addrArray;
jobject addr;
jobject ni;
+ jobject ni_name;
struct in_addr in;
struct in_addr *inP = ∈
@@ -1527,6 +1529,8 @@
ni_addrsID = (*env)->GetFieldID(env, c, "addrs",
"[Ljava/net/InetAddress;");
CHECK_NULL_RETURN(ni_addrsID, NULL);
+ ni_nameID = (*env)->GetFieldID(env, c,"name", "Ljava/lang/String;");
+ CHECK_NULL_RETURN(ni_nameID, NULL);
ni_class = (*env)->NewGlobalRef(env, c);
CHECK_NULL_RETURN(ni_class, NULL);
}
@@ -1548,6 +1552,10 @@
CHECK_NULL_RETURN(addrArray, NULL);
(*env)->SetObjectArrayElement(env, addrArray, 0, addr);
(*env)->SetObjectField(env, ni, ni_addrsID, addrArray);
+ ni_name = (*env)->NewStringUTF(env, "");
+ if (ni_name != NULL) {
+ (*env)->SetObjectField(env, ni, ni_nameID, ni_name);
+ }
return ni;
}
@@ -1564,14 +1572,16 @@
static jfieldID ni_indexID;
static jfieldID ni_addrsID;
static jclass ia_class;
+ static jfieldID ni_nameID;
static jmethodID ia_anyLocalAddressID;
- int index;
+ int index = 0;
int len = sizeof(index);
jobjectArray addrArray;
jobject addr;
jobject ni;
+ jobject ni_name;
if (JVM_GetSockOpt(fd, IPPROTO_IPV6, IPV6_MULTICAST_IF,
(char*)&index, &len) < 0) {
@@ -1600,6 +1610,8 @@
"anyLocalAddress",
"()Ljava/net/InetAddress;");
CHECK_NULL_RETURN(ia_anyLocalAddressID, NULL);
+ ni_nameID = (*env)->GetFieldID(env, c,"name", "Ljava/lang/String;");
+ CHECK_NULL_RETURN(ni_nameID, NULL);
ni_class = (*env)->NewGlobalRef(env, c);
CHECK_NULL_RETURN(ni_class, NULL);
}
@@ -1660,6 +1672,10 @@
CHECK_NULL_RETURN(addrArray, NULL);
(*env)->SetObjectArrayElement(env, addrArray, 0, addr);
(*env)->SetObjectField(env, ni, ni_addrsID, addrArray);
+ ni_name = (*env)->NewStringUTF(env, "");
+ if (ni_name != NULL) {
+ (*env)->SetObjectField(env, ni, ni_nameID, ni_name);
+ }
return ni;
}
#endif
diff --git a/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java b/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java
index 41ba690..0a0c3fb 100644
--- a/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java
+++ b/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java
@@ -36,6 +36,7 @@
import java.util.*;
import java.util.List;
import java.util.concurrent.*;
+import java.util.stream.Stream;
import static sun.awt.shell.Win32ShellFolder2.*;
import sun.awt.OSInfo;
@@ -251,7 +252,7 @@
if (file == null) {
file = getDesktop();
}
- return file;
+ return checkFile(file);
} else if (key.equals("roots")) {
// Should be "History" and "Desktop" ?
if (roots == null) {
@@ -262,11 +263,11 @@
roots = (File[])super.get(key);
}
}
- return roots;
+ return checkFiles(roots);
} else if (key.equals("fileChooserComboBoxFolders")) {
Win32ShellFolder2 desktop = getDesktop();
- if (desktop != null) {
+ if (desktop != null && checkFile(desktop) != null) {
ArrayList<File> folders = new ArrayList<File>();
Win32ShellFolder2 drives = getDrives();
@@ -277,7 +278,7 @@
folders.add(desktop);
// Add all second level folders
- File[] secondLevelFolders = desktop.listFiles();
+ File[] secondLevelFolders = checkFiles(desktop.listFiles());
Arrays.sort(secondLevelFolders);
for (File secondLevelFolder : secondLevelFolders) {
Win32ShellFolder2 folder = (Win32ShellFolder2) secondLevelFolder;
@@ -285,7 +286,7 @@
folders.add(folder);
// Add third level for "My Computer"
if (folder.equals(drives)) {
- File[] thirdLevelFolders = folder.listFiles();
+ File[] thirdLevelFolders = checkFiles(folder.listFiles());
if (thirdLevelFolders != null && thirdLevelFolders.length > 0) {
List<File> thirdLevelFoldersList = Arrays.asList(thirdLevelFolders);
@@ -295,7 +296,7 @@
}
}
}
- return folders.toArray(new File[folders.size()]);
+ return checkFiles(folders);
} else {
return super.get(key);
}
@@ -332,7 +333,7 @@
}
}
}
- return folders.toArray(new File[folders.size()]);
+ return checkFiles(folders);
} else if (key.startsWith("fileChooserIcon ")) {
String name = key.substring(key.indexOf(" ") + 1);
@@ -378,6 +379,41 @@
return null;
}
+ private File checkFile(File file) {
+ SecurityManager sm = System.getSecurityManager();
+ return (sm == null || file == null) ? file : checkFile(file, sm);
+ }
+
+ private File checkFile(File file, SecurityManager sm) {
+ try {
+ sm.checkRead(file.getPath());
+ return file;
+ } catch (SecurityException se) {
+ return null;
+ }
+ }
+
+ private File[] checkFiles(File[] files) {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null || files == null || files.length == 0) {
+ return files;
+ }
+ return checkFiles(Arrays.stream(files), sm);
+ }
+
+ private File[] checkFiles(List<File> files) {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null || files.isEmpty()) {
+ return files.toArray(new File[files.size()]);
+ }
+ return checkFiles(files.stream(), sm);
+ }
+
+ private File[] checkFiles(Stream<File> filesStream, SecurityManager sm) {
+ return filesStream.filter((file) -> checkFile(file, sm) != null)
+ .toArray(File[]::new);
+ }
+
/**
* Does <code>dir</code> represent a "computer" such as a node on the network, or
* "My Computer" on the desktop.
diff --git a/test/javax/swing/JFileChooser/8062561/bug8062561.java b/test/javax/swing/JFileChooser/8062561/bug8062561.java
new file mode 100644
index 0000000..3802de3
--- /dev/null
+++ b/test/javax/swing/JFileChooser/8062561/bug8062561.java
@@ -0,0 +1,210 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.awt.Robot;
+import java.awt.event.KeyEvent;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.PrintWriter;
+import java.util.concurrent.TimeUnit;
+import javax.swing.JFileChooser;
+import javax.swing.SwingUtilities;
+import javax.swing.filechooser.FileSystemView;
+import sun.awt.OSInfo;
+
+/**
+ * @test
+ * @bug 8062561
+ * @summary File system view returns null default directory
+ * @run main/othervm bug8062561 GENERATE_POLICY
+ * @run main/othervm/policy=security.policy bug8062561 CHECK_DEFAULT_DIR run
+ */
+public class bug8062561 {
+
+ private static final String POLICY_FILE = "security2.policy";
+ private static volatile boolean fileChooserIsShown = false;
+
+ public static void main(String[] args) throws Exception {
+
+ String test = args[0];
+
+ switch (test) {
+ case "GENERATE_POLICY":
+ generatePolicyFile();
+ break;
+ case "CHECK_DEFAULT_DIR":
+ checkDefaultDirectory();
+ break;
+ case "CHECK_FILE_CHOOSER":
+ checkFileChooser();
+ break;
+ default:
+ throw new RuntimeException("Wrong argument!");
+ }
+ }
+
+ private static void checkDefaultDirectory() {
+ if (System.getSecurityManager() == null) {
+ throw new RuntimeException("Security manager is not set!");
+ }
+
+ File defaultDirectory = FileSystemView.getFileSystemView().
+ getDefaultDirectory();
+ if (defaultDirectory != null) {
+ throw new RuntimeException("File system default directory is null!");
+ }
+ }
+ private static volatile JFileChooser fileChooser;
+
+ private static void checkFileChooser() throws Exception {
+ if (System.getSecurityManager() == null) {
+ throw new RuntimeException("Security manager is not set!");
+ }
+
+ Robot robot = new Robot();
+ robot.setAutoDelay(50);
+
+ SwingUtilities.invokeLater(new Runnable() {
+
+ public void run() {
+ fileChooser = new JFileChooser();
+ fileChooser.showOpenDialog(null);
+ fileChooserIsShown = true;
+ System.out.println("Start file chooser: " + fileChooserIsShown);
+ }
+ });
+
+ long time = System.currentTimeMillis();
+ while (fileChooser == null) {
+ if (System.currentTimeMillis() - time >= 10000) {
+ throw new RuntimeException("FileChoser is not shown!");
+ }
+ Thread.sleep(500);
+ }
+
+ Thread.sleep(500);
+ robot.keyPress(KeyEvent.VK_ESCAPE);
+ robot.keyRelease(KeyEvent.VK_ESCAPE);
+ System.exit(0);
+ }
+
+ private static void generatePolicyFile() throws Exception {
+ if (System.getSecurityManager() != null) {
+ throw new RuntimeException("Security manager should be null!");
+ }
+
+ if (!OSInfo.getOSType().equals(OSInfo.OSType.WINDOWS)) {
+ return;
+ }
+
+ File defaultDirectory = FileSystemView.getFileSystemView().
+ getDefaultDirectory();
+
+ if (defaultDirectory == null) {
+ throw new RuntimeException("Default directory is null!");
+ }
+
+ File policyFile = new File(POLICY_FILE);
+ if (!policyFile.exists()) {
+ policyFile.createNewFile();
+ }
+
+ try (PrintWriter writer = new PrintWriter(policyFile, "UTF-8")) {
+ writer.println("grant {");
+ String documents = defaultDirectory.getCanonicalPath();
+ documents = documents.replace('\\', '/');
+ // Documents permission
+ writer.print(" permission java.io.FilePermission");
+ writer.print(" \"" + documents + "\",");
+ writer.println(" \"read\";");
+ // Desktop permission
+ writer.print(" permission java.io.FilePermission");
+ writer.print(" \"" + documents.replace("Documents", "Desktop") + "\",");
+ writer.println(" \"read\";");
+ // robot permission // "java.awt.AWTPermission" "createRobot"
+ writer.print(" permission java.awt.AWTPermission");
+ writer.println(" \"createRobot\";");
+ writer.println("};");
+ }
+
+ performTest();
+ }
+
+ private static void performTest() throws Exception {
+ String javaPath = System.getProperty("java.home", "");
+ String command = javaPath + File.separator + "bin" + File.separator + "java"
+ + " -Djava.security.manager -Djava.security.policy=" + POLICY_FILE
+ + " bug8062561 CHECK_FILE_CHOOSER";
+ System.out.println(command);
+ boolean processExit = false;
+
+ Process process = Runtime.getRuntime().exec(command);
+
+ try {
+ processExit = process.waitFor(20, TimeUnit.SECONDS);
+ } catch (IllegalThreadStateException e) {
+ throw new RuntimeException(e);
+ }
+ System.out.println("[RESULT] : "
+ + "The sub process has cleanly exited : PASS");
+
+ InputStream errorStream = process.getErrorStream();
+ System.out.println("========= Child process stderr ========");
+ boolean exception = dumpStream(errorStream);
+ if (exception) {
+ throw new RuntimeException("[RESULT] :"
+ + " Exception in child process : FAIL");
+ }
+ System.out.println("=======================================");
+
+ InputStream processInputStream = process.getInputStream();
+ System.out.println("========= Child process output ========");
+ dumpStream(processInputStream);
+ System.out.println("=======================================");
+
+ if (!processExit) {
+ process.destroy();
+ throw new RuntimeException("[RESULT] : "
+ + "The sub process has not exited : FAIL");
+ }
+ }
+
+ public static boolean dumpStream(InputStream in) throws IOException {
+ String tempString;
+ int count = in.available();
+ boolean exception = false;
+ while (count > 0) {
+ byte[] b = new byte[count];
+ in.read(b);
+ tempString = new String(b);
+ if (!exception) {
+ exception = tempString.indexOf("Exception") != -1;
+ }
+ System.out.println(tempString);
+ count = in.available();
+ }
+
+ return exception;
+ }
+}
diff --git a/test/javax/swing/JFileChooser/8062561/security.policy b/test/javax/swing/JFileChooser/8062561/security.policy
new file mode 100644
index 0000000..50d3e10
--- /dev/null
+++ b/test/javax/swing/JFileChooser/8062561/security.policy
@@ -0,0 +1,4 @@
+grant {
+
+ permission java.util.PropertyPermission "user.home", "read";
+};
diff --git a/test/javax/swing/JFileChooser/8062561/security2.policy b/test/javax/swing/JFileChooser/8062561/security2.policy
new file mode 100644
index 0000000..30de1d0
--- /dev/null
+++ b/test/javax/swing/JFileChooser/8062561/security2.policy
@@ -0,0 +1 @@
+// Autogenerated file
\ No newline at end of file
diff --git a/test/sun/security/ec/TestEC.java b/test/sun/security/ec/TestEC.java
index 155e06a..1542c7d 100644
--- a/test/sun/security/ec/TestEC.java
+++ b/test/sun/security/ec/TestEC.java
@@ -68,6 +68,10 @@
}
public static void main0(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
Provider p = Security.getProvider("SunEC");
if (p == null) {
diff --git a/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java b/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
index 2788f03..d6d788a 100644
--- a/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
+++ b/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
@@ -43,6 +43,10 @@
private static String[] cmdArgs;
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
cmdArgs = args;
main(new ClientJSSEServerJSSE());
}
diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ProtocolVersion/HttpsProtocols.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ProtocolVersion/HttpsProtocols.java
index bcdc16d..78774f7 100644
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ProtocolVersion/HttpsProtocols.java
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ProtocolVersion/HttpsProtocols.java
@@ -32,6 +32,7 @@
import java.io.*;
import java.net.*;
import javax.net.ssl.*;
+import java.security.Security;
public class HttpsProtocols implements HostnameVerifier {
@@ -177,6 +178,10 @@
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + keyStoreFile;
diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/CustomizedDefaultProtocols.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/CustomizedDefaultProtocols.java
index 3045064..9505b58 100644
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/CustomizedDefaultProtocols.java
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/CustomizedDefaultProtocols.java
@@ -35,6 +35,7 @@
import javax.net.*;
import javax.net.ssl.*;
import java.util.Arrays;
+import java.security.Security;
public class CustomizedDefaultProtocols {
static enum ContextVersion {
@@ -93,6 +94,10 @@
}
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion);
diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/DefaultEnabledProtocols.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/DefaultEnabledProtocols.java
index 20381c6..3915d22 100644
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/DefaultEnabledProtocols.java
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/DefaultEnabledProtocols.java
@@ -34,6 +34,7 @@
import javax.net.*;
import javax.net.ssl.*;
import java.util.Arrays;
+import java.security.Security;
public class DefaultEnabledProtocols {
static enum ContextVersion {
@@ -92,6 +93,10 @@
}
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion);
diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/NoOldVersionContext.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/NoOldVersionContext.java
index d7b1abd..dd85c22 100644
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/NoOldVersionContext.java
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/NoOldVersionContext.java
@@ -35,6 +35,7 @@
import javax.net.*;
import javax.net.ssl.*;
import java.util.Arrays;
+import java.security.Security;
public class NoOldVersionContext {
static enum ContextVersion {
@@ -93,6 +94,10 @@
}
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion);
diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/DelegatedTaskWrongException.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/DelegatedTaskWrongException.java
index 06366eb..7d57c3f 100644
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/DelegatedTaskWrongException.java
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/DelegatedTaskWrongException.java
@@ -115,6 +115,9 @@
}
public static void main(String args[]) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
DelegatedTaskWrongException test;
diff --git a/test/sun/security/ssl/javax/net/ssl/NewAPIs/testEnabledProtocols.java b/test/sun/security/ssl/javax/net/ssl/NewAPIs/testEnabledProtocols.java
index 5774049..9aa1859 100644
--- a/test/sun/security/ssl/javax/net/ssl/NewAPIs/testEnabledProtocols.java
+++ b/test/sun/security/ssl/javax/net/ssl/NewAPIs/testEnabledProtocols.java
@@ -21,6 +21,11 @@
* questions.
*/
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
/*
* @test
* @bug 4416068 4478803 4479736
@@ -31,9 +36,6 @@
* 4701722 protocol mismatch exceptions should be consistent between
* SSLv3 and TLSv1
* @run main/othervm testEnabledProtocols
- *
- * SunJSSE does not support dynamic system properties, no way to re-use
- * system properties in samevm/agentvm mode.
* @author Ram Marti
*/
@@ -120,6 +122,10 @@
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + keyStoreFile;
diff --git a/test/sun/security/ssl/javax/net/ssl/ServerName/SSLEngineExplorer.java b/test/sun/security/ssl/javax/net/ssl/ServerName/SSLEngineExplorer.java
index 2cd4635..f84b15b 100644
--- a/test/sun/security/ssl/javax/net/ssl/ServerName/SSLEngineExplorer.java
+++ b/test/sun/security/ssl/javax/net/ssl/ServerName/SSLEngineExplorer.java
@@ -44,6 +44,7 @@
import java.net.*;
import java.util.*;
import java.nio.channels.*;
+import java.security.Security;
public class SSLEngineExplorer extends SSLEngineService {
@@ -231,6 +232,10 @@
volatile int serverPort = 0;
public static void main(String args[]) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
if (debug)
System.setProperty("javax.net.debug", "all");
diff --git a/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketExplorer.java b/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketExplorer.java
index 27e2b6a..f35cf0d 100644
--- a/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketExplorer.java
+++ b/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketExplorer.java
@@ -45,6 +45,7 @@
import java.util.*;
import java.net.*;
import javax.net.ssl.*;
+import java.security.Security;
public class SSLSocketExplorer {
@@ -224,6 +225,10 @@
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + keyStoreFile;
diff --git a/test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java b/test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java
index 953d2ea..e83a6b4 100644
--- a/test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java
+++ b/test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java
@@ -29,9 +29,15 @@
* @run main/othervm/timeout=300 ClientJSSEServerJSSE
*/
+import java.security.Security;
+
public class ClientJSSEServerJSSE {
public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
CipherTest.main(new JSSEFactory(), args);
}