Merge
diff --git a/.hgtags b/.hgtags
index 7dbae85..f3835a8 100644
--- a/.hgtags
+++ b/.hgtags
@@ -406,6 +406,10 @@
7087623dfa7033f8738d537864e4bac6b8528172 jdk8u45-b15
c7fbbf6133c339fb56f03241de28666774023d5d jdk8u45-b31
ea547c5a1217fe7916f366950d0e3156e4225aa5 jdk8u45-b32
+27836976c3157a90a9504eb2ec0de54b769b68b4 jdk8u45-b33
+98c0901da96579e1819e591c95d19066e0dad9b6 jdk8u45-b34
+c292ff6412c8d6a9fb258b72fcffada39aa556b1 jdk8u45-b35
+8027bdc8f3d28a0d734fc45a3b7b329c3632ea70 jdk8u45-b36
ac97b69b88e37c18c1b077be8b1f100b6803fea5 jdk8u51-b00
2e0732282470f7a02d57af5fc8542efa9db7b3e4 jdk8u51-b01
cc75137936f9a8e97017e7e18b1064b76238116f jdk8u51-b02
@@ -444,3 +448,5 @@
57336c319de8a141d0bcd04265ce36734fb51380 jdk8u60-b18
b2c55ff77112321472ec97c3a6931a999837d183 jdk8u60-b19
cc6c74b164dfd0636d9dba8f9865baa18a6f2338 jdk8u60-b20
+286b9a885fcc6245fdf2b20697473ec3b35f2538 jdk8u65-b00
+80a796d0db958f49a4b0713818227eda8e5efbb9 jdk8u65-b01
diff --git a/src/share/classes/java/beans/PropertyDescriptor.java b/src/share/classes/java/beans/PropertyDescriptor.java
index 07149f9..687fff5 100644
--- a/src/share/classes/java/beans/PropertyDescriptor.java
+++ b/src/share/classes/java/beans/PropertyDescriptor.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,6 +28,7 @@
import java.lang.ref.Reference;
import java.lang.reflect.Method;
import java.lang.reflect.Constructor;
+import sun.reflect.misc.ReflectUtil;
/**
* A PropertyDescriptor describes one property that a Java Bean
@@ -426,8 +427,9 @@
public PropertyEditor createPropertyEditor(Object bean) {
Object editor = null;
- Class<?> cls = getPropertyEditorClass();
- if (cls != null) {
+ final Class<?> cls = getPropertyEditorClass();
+ if (cls != null && PropertyEditor.class.isAssignableFrom(cls)
+ && ReflectUtil.isPackageAccessible(cls)) {
Constructor<?> ctor = null;
if (bean != null) {
try {
diff --git a/src/share/classes/javax/management/openmbean/OpenMBeanAttributeInfoSupport.java b/src/share/classes/javax/management/openmbean/OpenMBeanAttributeInfoSupport.java
index 9f0c052..8cd314f 100644
--- a/src/share/classes/javax/management/openmbean/OpenMBeanAttributeInfoSupport.java
+++ b/src/share/classes/javax/management/openmbean/OpenMBeanAttributeInfoSupport.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,6 @@
import javax.management.ImmutableDescriptor;
import javax.management.MBeanAttributeInfo;
import com.sun.jmx.remote.util.EnvHelp;
-import sun.reflect.misc.ConstructorUtil;
import sun.reflect.misc.MethodUtil;
import sun.reflect.misc.ReflectUtil;
@@ -692,8 +691,9 @@
private static <T> T convertFromString(String s, OpenType<T> openType) {
Class<T> c;
try {
- ReflectUtil.checkPackageAccess(openType.safeGetClassName());
- c = cast(Class.forName(openType.safeGetClassName()));
+ String className = openType.safeGetClassName();
+ ReflectUtil.checkPackageAccess(className);
+ c = cast(Class.forName(className));
} catch (ClassNotFoundException e) {
throw new NoClassDefFoundError(e.toString()); // can't happen
}
diff --git a/src/share/classes/javax/security/auth/kerberos/KerberosPrincipal.java b/src/share/classes/javax/security/auth/kerberos/KerberosPrincipal.java
index 1c03380..308b619 100644
--- a/src/share/classes/javax/security/auth/kerberos/KerberosPrincipal.java
+++ b/src/share/classes/javax/security/auth/kerberos/KerberosPrincipal.java
@@ -112,18 +112,7 @@
* java.security.krb5.realm system property.
*/
public KerberosPrincipal(String name) {
-
- PrincipalName krb5Principal = null;
-
- try {
- // Appends the default realm if it is missing
- krb5Principal = new PrincipalName(name, KRB_NT_PRINCIPAL);
- } catch (KrbException e) {
- throw new IllegalArgumentException(e.getMessage());
- }
- nameType = KRB_NT_PRINCIPAL; // default name type
- fullName = krb5Principal.toString();
- realm = krb5Principal.getRealmString();
+ this(name, KRB_NT_PRINCIPAL);
}
/**
@@ -165,6 +154,20 @@
throw new IllegalArgumentException(e.getMessage());
}
+ // A ServicePermission with a principal in the deduced realm and
+ // any action must be granted if no realm is provided by caller.
+ if (krb5Principal.isRealmDeduced() && !Realm.AUTODEDUCEREALM) {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ try {
+ sm.checkPermission(new ServicePermission(
+ "@" + krb5Principal.getRealmAsString(), "-"));
+ } catch (SecurityException se) {
+ // Swallow the actual exception to hide info
+ throw new SecurityException("Cannot read realm info");
+ }
+ }
+ }
this.nameType = nameType;
fullName = krb5Principal.toString();
realm = krb5Principal.getRealmString();
diff --git a/src/share/classes/javax/security/auth/kerberos/ServicePermission.java b/src/share/classes/javax/security/auth/kerberos/ServicePermission.java
index 893284e..6207102 100644
--- a/src/share/classes/javax/security/auth/kerberos/ServicePermission.java
+++ b/src/share/classes/javax/security/auth/kerberos/ServicePermission.java
@@ -50,7 +50,7 @@
* used within.
* <p>
* The service principal name is the canonical name of the
- * {@code KereberosPrincipal} supplying the service, that is
+ * {@code KerberosPrincipal} supplying the service, that is
* the KerberosPrincipal represents a Kerberos service
* principal. This name is treated in a case sensitive manner.
* An asterisk may appear by itself, to signify any service principal.
@@ -145,6 +145,9 @@
* @param action the action string
*/
public ServicePermission(String servicePrincipal, String action) {
+ // Note: servicePrincipal can be "@REALM" which means any principal in
+ // this realm implies it. action can be "-" which means any
+ // action implies it.
super(servicePrincipal);
init(servicePrincipal, getMask(action));
}
@@ -188,7 +191,9 @@
boolean impliesIgnoreMask(ServicePermission p) {
return ((this.getName().equals("*")) ||
- this.getName().equals(p.getName()));
+ this.getName().equals(p.getName()) ||
+ (p.getName().startsWith("@") &&
+ this.getName().endsWith(p.getName())));
}
/**
@@ -295,7 +300,10 @@
/**
* Convert an action string to an integer actions mask.
*
- * @param action the action string
+ * Note: if action is "-", action will be NONE, which means any
+ * action implies it.
+ *
+ * @param action the action string.
* @return the action mask
*/
private static int getMask(String action) {
@@ -312,9 +320,11 @@
char[] a = action.toCharArray();
- int i = a.length - 1;
- if (i < 0)
+ if (a.length == 1 && a[0] == '-') {
return mask;
+ }
+
+ int i = a.length - 1;
while (i != -1) {
char c;
@@ -475,6 +485,17 @@
ServicePermission np = (ServicePermission) permission;
int desired = np.getMask();
+
+ if (desired == 0) {
+ for (Permission p: perms) {
+ ServicePermission sp = (ServicePermission)p;
+ if (sp.impliesIgnoreMask(np)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
int effective = 0;
int needed = desired;
diff --git a/src/share/classes/sun/awt/SunToolkit.java b/src/share/classes/sun/awt/SunToolkit.java
index 737c8c6..6269645 100644
--- a/src/share/classes/sun/awt/SunToolkit.java
+++ b/src/share/classes/sun/awt/SunToolkit.java
@@ -715,16 +715,19 @@
}
- static final SoftCache imgCache = new SoftCache();
+ static final SoftCache fileImgCache = new SoftCache();
+
+ static final SoftCache urlImgCache = new SoftCache();
static Image getImageFromHash(Toolkit tk, URL url) {
checkPermissions(url);
- synchronized (imgCache) {
- Image img = (Image)imgCache.get(url);
+ synchronized (urlImgCache) {
+ String key = url.toString();
+ Image img = (Image)urlImgCache.get(key);
if (img == null) {
try {
img = tk.createImage(new URLImageSource(url));
- imgCache.put(url, img);
+ urlImgCache.put(key, img);
} catch (Exception e) {
}
}
@@ -735,12 +738,12 @@
static Image getImageFromHash(Toolkit tk,
String filename) {
checkPermissions(filename);
- synchronized (imgCache) {
- Image img = (Image)imgCache.get(filename);
+ synchronized (fileImgCache) {
+ Image img = (Image)fileImgCache.get(filename);
if (img == null) {
try {
img = tk.createImage(new FileImageSource(filename));
- imgCache.put(filename, img);
+ fileImgCache.put(filename, img);
} catch (Exception e) {
}
}
@@ -758,28 +761,29 @@
protected Image getImageWithResolutionVariant(String fileName,
String resolutionVariantName) {
- synchronized (imgCache) {
+ synchronized (fileImgCache) {
Image image = getImageFromHash(this, fileName);
if (image instanceof MultiResolutionImage) {
return image;
}
Image resolutionVariant = getImageFromHash(this, resolutionVariantName);
image = createImageWithResolutionVariant(image, resolutionVariant);
- imgCache.put(fileName, image);
+ fileImgCache.put(fileName, image);
return image;
}
}
protected Image getImageWithResolutionVariant(URL url,
URL resolutionVariantURL) {
- synchronized (imgCache) {
+ synchronized (urlImgCache) {
Image image = getImageFromHash(this, url);
if (image instanceof MultiResolutionImage) {
return image;
}
Image resolutionVariant = getImageFromHash(this, resolutionVariantURL);
image = createImageWithResolutionVariant(image, resolutionVariant);
- imgCache.put(url, image);
+ String key = url.toString();
+ urlImgCache.put(key, image);
return image;
}
}
@@ -884,8 +888,13 @@
return null;
}
- protected static boolean imageCached(Object key) {
- return imgCache.containsKey(key);
+ protected static boolean imageCached(String fileName) {
+ return fileImgCache.containsKey(fileName);
+ }
+
+ protected static boolean imageCached(URL url) {
+ String key = url.toString();
+ return urlImgCache.containsKey(key);
}
protected static boolean imageExists(String filename) {
diff --git a/src/share/classes/sun/rmi/transport/DGCClient.java b/src/share/classes/sun/rmi/transport/DGCClient.java
index 74586d7..10a0bcd 100644
--- a/src/share/classes/sun/rmi/transport/DGCClient.java
+++ b/src/share/classes/sun/rmi/transport/DGCClient.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
import java.lang.ref.PhantomReference;
import java.lang.ref.ReferenceQueue;
+import java.net.SocketPermission;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashMap;
@@ -46,6 +47,10 @@
import sun.rmi.server.Util;
import sun.security.action.GetLongAction;
+import java.security.AccessControlContext;
+import java.security.Permissions;
+import java.security.ProtectionDomain;
+
/**
* DGCClient implements the client-side of the RMI distributed garbage
* collection system.
@@ -113,6 +118,18 @@
/** ObjID for server-side DGC object */
private static final ObjID dgcID = new ObjID(ObjID.DGC_ID);
+ /**
+ * An AccessControlContext with only socket permissions,
+ * suitable for an RMIClientSocketFactory.
+ */
+ private static final AccessControlContext SOCKET_ACC;
+ static {
+ Permissions perms = new Permissions();
+ perms.add(new SocketPermission("*", "connect,resolve"));
+ ProtectionDomain[] pd = { new ProtectionDomain(null, perms) };
+ SOCKET_ACC = new AccessControlContext(pd);
+ }
+
/*
* Disallow anyone from creating one of these.
*/
@@ -570,13 +587,20 @@
}
}
- if (needRenewal) {
- makeDirtyCall(refsToDirty, sequenceNum);
- }
+ boolean needRenewal_ = needRenewal;
+ Set<RefEntry> refsToDirty_ = refsToDirty;
+ long sequenceNum_ = sequenceNum;
+ AccessController.doPrivileged(new PrivilegedAction<Void>() {
+ public Void run() {
+ if (needRenewal_) {
+ makeDirtyCall(refsToDirty_, sequenceNum_);
+ }
- if (!pendingCleans.isEmpty()) {
- makeCleanCalls();
- }
+ if (!pendingCleans.isEmpty()) {
+ makeCleanCalls();
+ }
+ return null;
+ }}, SOCKET_ACC);
} while (!removed || !pendingCleans.isEmpty());
}
}
diff --git a/src/share/classes/sun/security/jgss/krb5/Krb5NameElement.java b/src/share/classes/sun/security/jgss/krb5/Krb5NameElement.java
index e06ca3e..8d2c1af 100644
--- a/src/share/classes/sun/security/jgss/krb5/Krb5NameElement.java
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5NameElement.java
@@ -28,7 +28,10 @@
import org.ietf.jgss.*;
import sun.security.jgss.spi.*;
import sun.security.krb5.PrincipalName;
+import sun.security.krb5.Realm;
import sun.security.krb5.KrbException;
+
+import javax.security.auth.kerberos.ServicePermission;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.UnknownHostException;
@@ -126,6 +129,18 @@
throw new GSSException(GSSException.BAD_NAME, -1, e.getMessage());
}
+ if (principalName.isRealmDeduced() && !Realm.AUTODEDUCEREALM) {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ try {
+ sm.checkPermission(new ServicePermission(
+ "@" + principalName.getRealmAsString(), "-"));
+ } catch (SecurityException se) {
+ // Do not chain the actual exception to hide info
+ throw new GSSException(GSSException.FAILURE);
+ }
+ }
+ }
return new Krb5NameElement(principalName, gssNameStr, gssNameType);
}
@@ -198,7 +213,7 @@
* If either name denotes an anonymous principal, the call should
* return false.
*
- * @param name to be compared with
+ * @param other to be compared with
* @returns true if they both refer to the same entity, else false
* @exception GSSException with major codes of BAD_NAMETYPE,
* BAD_NAME, FAILURE
diff --git a/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java b/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java
index 46f895b..387284b 100644
--- a/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java
+++ b/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java
@@ -30,6 +30,7 @@
import java.security.Security;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
+import sun.security.krb5.Realm;
import sun.security.jgss.GSSUtil;
import sun.security.util.ObjectIdentifier;
import sun.security.util.DerInputStream;
@@ -38,6 +39,8 @@
import sun.security.jgss.GSSExceptionImpl;
import sun.security.jgss.spi.GSSNameSpi;
+import javax.security.auth.kerberos.ServicePermission;
+
/**
* This class is essentially a wrapper class for the gss_name_t
* structure of the native GSS library.
@@ -150,6 +153,26 @@
pName = cStub.importName(name, nameType);
setPrintables();
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null && !Realm.AUTODEDUCEREALM) {
+ String krbName = getKrbName();
+ int atPos = krbName.lastIndexOf('@');
+ if (atPos != -1) {
+ String atRealm = krbName.substring(atPos);
+ if (nameType.equals(GSSUtil.NT_GSS_KRB5_PRINCIPAL)
+ && new String(nameBytes).endsWith(atRealm)) {
+ // Created from Kerberos name with realm, no need to check
+ } else {
+ try {
+ sm.checkPermission(new ServicePermission(atRealm, "-"));
+ } catch (SecurityException se) {
+ // Do not chain the actual exception to hide info
+ throw new GSSException(GSSException.FAILURE);
+ }
+ }
+ }
+ }
+
SunNativeProvider.debug("Imported " + printableName + " w/ type " +
printableType);
}
diff --git a/src/share/classes/sun/security/krb5/KrbServiceLocator.java b/src/share/classes/sun/security/krb5/KrbServiceLocator.java
index fa557c3..b6bc8fd 100644
--- a/src/share/classes/sun/security/krb5/KrbServiceLocator.java
+++ b/src/share/classes/sun/security/krb5/KrbServiceLocator.java
@@ -25,6 +25,11 @@
package sun.security.krb5;
+import sun.security.krb5.internal.Krb5;
+
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.Random;
@@ -52,6 +57,8 @@
private static final Random random = new Random();
+ private static final boolean DEBUG = Krb5.DEBUG;
+
private KrbServiceLocator() {
}
@@ -62,8 +69,7 @@
* Information on the mapping of DNS hostnames and domain names
* to Kerberos realms is stored using DNS TXT records
*
- * @param domainName A string domain name.
- * @param environment The possibly null environment of the context.
+ * @param realmName A string realm name.
* @return An ordered list of hostports for the Kerberos service or null if
* the service has not been located.
*/
@@ -81,8 +87,18 @@
if (!(ctx instanceof DirContext)) {
return null; // cannot create a DNS context
}
- Attributes attrs =
- ((DirContext)ctx).getAttributes(dnsUrl, SRV_TXT_ATTR);
+ Attributes attrs = null;
+ try {
+ // both connect and accept are needed since DNS is thru UDP
+ attrs = AccessController.doPrivileged(
+ (PrivilegedExceptionAction<Attributes>)
+ () -> ((DirContext)ctx).getAttributes(
+ dnsUrl, SRV_TXT_ATTR),
+ null,
+ new java.net.SocketPermission("*", "connect,accept"));
+ } catch (PrivilegedActionException e) {
+ throw (NamingException)e.getCause();
+ }
Attribute attr;
if (attrs != null && ((attr = attrs.get(SRV_TXT)) != null)) {
@@ -124,7 +140,8 @@
* Queries DNS for a list of KERBEROS Service Location Records (SRV) for a
* given domain name.
*
- * @param domainName A string domain name.
+ * @param realmName A string realm name.
+ * @param protocol the protocol string, can be "_udp" or "_tcp"
* @return An ordered list of hostports for the Kerberos service or null if
* the service has not been located.
*/
@@ -142,8 +159,20 @@
if (!(ctx instanceof DirContext)) {
return null; // cannot create a DNS context
}
- Attributes attrs =
- ((DirContext)ctx).getAttributes(dnsUrl, SRV_RR_ATTR);
+
+ Attributes attrs = null;
+ try {
+ // both connect and accept are needed since DNS is thru UDP
+ attrs = AccessController.doPrivileged(
+ (PrivilegedExceptionAction<Attributes>)
+ () -> ((DirContext)ctx).getAttributes(
+ dnsUrl, SRV_RR_ATTR),
+ null,
+ new java.net.SocketPermission("*", "connect,accept"));
+ } catch (PrivilegedActionException e) {
+ throw (NamingException)e.getCause();
+ }
+
Attribute attr;
if (attrs != null && ((attr = attrs.get(SRV_RR)) != null)) {
diff --git a/src/share/classes/sun/security/krb5/PrincipalName.java b/src/share/classes/sun/security/krb5/PrincipalName.java
index 669544d..885e13c 100644
--- a/src/share/classes/sun/security/krb5/PrincipalName.java
+++ b/src/share/classes/sun/security/krb5/PrincipalName.java
@@ -123,6 +123,13 @@
*/
private final Realm nameRealm; // not null
+
+ /**
+ * When constructing a PrincipalName, whether the realm is included in
+ * the input, or deduced from default realm or domain-realm mapping.
+ */
+ private final boolean realmDeduced;
+
// cached default salt, not used in clone
private transient String salt = null;
@@ -143,6 +150,7 @@
this.nameType = nameType;
this.nameStrings = nameStrings.clone();
this.nameRealm = nameRealm;
+ this.realmDeduced = false;
}
// This method is called by Windows NativeCred.c
@@ -150,11 +158,6 @@
this(KRB_NT_UNKNOWN, nameParts, new Realm(realm));
}
- public PrincipalName(String[] nameParts, int type)
- throws IllegalArgumentException, RealmException {
- this(type, nameParts, Realm.getDefault());
- }
-
// Validate a nameStrings argument
private static void validateNameStrings(String[] ns) {
if (ns == null) {
@@ -226,7 +229,7 @@
* <a href="http://www.ietf.org/rfc/rfc4120.txt">
* http://www.ietf.org/rfc/rfc4120.txt</a>.
*
- * @param encoding a Der-encoded data.
+ * @param encoding DER-encoded PrincipalName (without Realm)
* @param realm the realm for this name
* @exception Asn1Exception if an error occurs while decoding
* an ASN1 encoded data.
@@ -240,6 +243,7 @@
if (realm == null) {
throw new IllegalArgumentException("Null realm not allowed");
}
+ realmDeduced = false;
nameRealm = realm;
DerValue der;
if (encoding == null) {
@@ -394,6 +398,10 @@
if (realm == null) {
realm = Realm.parseRealmAtSeparator(name);
}
+
+ // No realm info from parameter and string, must deduce later
+ realmDeduced = realm == null;
+
switch (type) {
case KRB_NT_SRV_HST:
if (nameParts.length >= 2) {
@@ -413,8 +421,8 @@
hostName.toLowerCase(Locale.ENGLISH)+".")) {
hostName = canonicalized;
}
- } catch (UnknownHostException e) {
- // no canonicalization, use old
+ } catch (UnknownHostException | SecurityException e) {
+ // not canonicalized or no permission to do so, use old
}
nameParts[1] = hostName.toLowerCase(Locale.ENGLISH);
}
@@ -680,4 +688,7 @@
return result;
}
+ public boolean isRealmDeduced() {
+ return realmDeduced;
+ }
}
diff --git a/src/share/classes/sun/security/krb5/Realm.java b/src/share/classes/sun/security/krb5/Realm.java
index 65f1f6f..99dd090 100644
--- a/src/share/classes/sun/security/krb5/Realm.java
+++ b/src/share/classes/sun/security/krb5/Realm.java
@@ -47,6 +47,12 @@
* This class is immutable.
*/
public class Realm implements Cloneable {
+
+ public static final boolean AUTODEDUCEREALM =
+ java.security.AccessController.doPrivileged(
+ new sun.security.action.GetBooleanAction(
+ "sun.security.krb5.autodeducerealm"));
+
private final String realm; // not null nor empty
public Realm(String name) throws RealmException {
diff --git a/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java b/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java
index 8ca6e11..a15e4aa 100644
--- a/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java
+++ b/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java
@@ -146,8 +146,9 @@
}
try {
return new PrincipalName(
+ type,
result.toArray(new String[result.size()]),
- type);
+ Realm.getDefault());
} catch (RealmException re) {
return null;
}
diff --git a/test/javax/xml/jaxp/transform/8079323/TemplatesTest.java b/test/javax/xml/jaxp/transform/8079323/TemplatesTest.java
new file mode 100644
index 0000000..a2e9f08
--- /dev/null
+++ b/test/javax/xml/jaxp/transform/8079323/TemplatesTest.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8079323
+ * @summary This file contains tests for Templates.
+ * @run testng/othervm TemplatesTest
+ */
+
+import java.io.ByteArrayOutputStream;
+import java.io.NotSerializableException;
+import java.io.ObjectOutputStream;
+import java.io.StringReader;
+import javax.xml.transform.Templates;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.stream.StreamSource;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+
+public class TemplatesTest {
+
+ /**
+ * bug 8079323 Test Templates serialization
+ * <p>
+ * Serialization compatibility test: verify that serializing the Templates
+ * that contain auxiliary classes will result in a NotSerializableException
+ * due to the use of Xalan's non-serializable Hashtable.
+ *
+ * @param templates an instance of Templates
+ * @throws Exception as expected.
+ */
+ @Test(dataProvider = "templates", expectedExceptions = NotSerializableException.class)
+ public void testSerialization(Templates templates) throws Exception {
+ Transformer xformer = templates.newTransformer();
+ try (ByteArrayOutputStream byteOut = new ByteArrayOutputStream();
+ ObjectOutputStream out = new ObjectOutputStream(byteOut);) {
+ out.writeObject(templates);
+ out.flush();
+ }
+ }
+
+ /*
+ * DataProvider: Templates
+ */
+ @DataProvider(name = "templates")
+ Object[][] getTemplates() throws Exception {
+ return new Object[][]{{TransformerFactory.newInstance().
+ newTemplates(new StreamSource(new StringReader(XSL)))}};
+ }
+
+ static final String XSL = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>"
+ + "<xsl:stylesheet version=\"1.0\""
+ + " xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\">"
+ + "<xsl:variable name=\"validAffectsRelClasses\">"
+ + "</xsl:variable>"
+ + "<xsl:key name=\"UniqueAffectsRelObjects\""
+ + " match=\"/ObjectSetRoot/Object["
+ + " contains($validAffectsRelClasses, @Class)]\""
+ + " use=\"not(@OBID=preceding-sibling::Object["
+ + " contains($validAffectsRelClasses, @Class)]/@OBID)\"/>"
+ + "</xsl:stylesheet>";
+}
diff --git a/test/sun/security/krb5/auto/KDC.java b/test/sun/security/krb5/auto/KDC.java
index 686e238..e3d63d0 100644
--- a/test/sun/security/krb5/auto/KDC.java
+++ b/test/sun/security/krb5/auto/KDC.java
@@ -858,8 +858,9 @@
PrincipalName service = asReq.reqBody.sname;
if (options.containsKey(KDC.Option.RESP_NT)) {
- service = new PrincipalName(service.getNameStrings(),
- (int)options.get(KDC.Option.RESP_NT));
+ service = new PrincipalName((int)options.get(KDC.Option.RESP_NT),
+ service.getNameStrings(),
+ Realm.getDefault());
}
try {
System.out.println(realm + "> " + asReq.reqBody.cname +
diff --git a/test/sun/security/krb5/auto/SSL.java b/test/sun/security/krb5/auto/SSL.java
index c72fc16..5605df1 100644
--- a/test/sun/security/krb5/auto/SSL.java
+++ b/test/sun/security/krb5/auto/SSL.java
@@ -77,7 +77,10 @@
return;
}
ServicePermission p = (ServicePermission)perm;
- permChecks = permChecks + p.getActions().toUpperCase().charAt(0);
+ // ServicePermissions required to create GSSName are ignored
+ if (!p.getActions().isEmpty()) {
+ permChecks = permChecks + p.getActions().toUpperCase().charAt(0);
+ }
}
public static void main(String[] args) throws Exception {
diff --git a/test/sun/security/krb5/name/Constructors.java b/test/sun/security/krb5/name/Constructors.java
index 71243e7..f6df007 100644
--- a/test/sun/security/krb5/name/Constructors.java
+++ b/test/sun/security/krb5/name/Constructors.java
@@ -40,22 +40,22 @@
// Good ones
type = PrincipalName.KRB_NT_UNKNOWN;
- checkName("a", type, "R", "R", "a");
- checkName("a@R2", type, "R", "R", "a");
- checkName("a/b", type, "R", "R", "a", "b");
- checkName("a/b@R2", type, "R", "R", "a", "b");
- checkName("a/b/c", type, "R", "R", "a", "b", "c");
- checkName("a/b/c@R2", type, "R", "R", "a", "b", "c");
+ checkName("a", type, "R", "R", false, "a");
+ checkName("a@R2", type, "R", "R", false, "a");
+ checkName("a/b", type, "R", "R", false, "a", "b");
+ checkName("a/b@R2", type, "R", "R", false, "a", "b");
+ checkName("a/b/c", type, "R", "R", false, "a", "b", "c");
+ checkName("a/b/c@R2", type, "R", "R", false, "a", "b", "c");
// Weird ones
- checkName("a\\/b", type, "R", "R", "a/b");
- checkName("a\\/b\\/c", type, "R", "R", "a/b/c");
- checkName("a\\/b\\@R2", type, "R", "R", "a/b@R2");
+ checkName("a\\/b", type, "R", "R", false, "a/b");
+ checkName("a\\/b\\/c", type, "R", "R", false, "a/b/c");
+ checkName("a\\/b\\@R2", type, "R", "R", false, "a/b@R2");
// Bad ones
- checkName("a", type, "", null);
- checkName("a/", type, "R", null);
- checkName("/a", type, "R", null);
- checkName("a//b", type, "R", null);
- checkName("a@", type, null, null);
+ checkName("a", type, "", null, false);
+ checkName("a/", type, "R", null, false);
+ checkName("/a", type, "R", null, false);
+ checkName("a//b", type, "R", null, false);
+ checkName("a@", type, null, null, false);
type = PrincipalName.KRB_NT_SRV_HST;
// Part 2: on realm choices
@@ -77,17 +77,17 @@
if (testNoDefaultDomain) {
type = PrincipalName.KRB_NT_UNKNOWN;
- checkName("a", type, "R1", "R1", "a"); // arg
- checkName("a@R1", type, null, "R1", "a"); // or r in name
- checkName("a@R2", type, "R1", "R1", "a"); // arg over r
- checkName("a", type, null, null); // fail if none
- checkName("a/b@R1", type, null, "R1", "a", "b");
+ checkName("a", type, "R1", "R1", false, "a"); // arg
+ checkName("a@R1", type, null, "R1", false, "a"); // or r in name
+ checkName("a@R2", type, "R1", "R1", false, "a"); // arg over r
+ checkName("a", type, null, null, false); // fail if none
+ checkName("a/b@R1", type, null, "R1", false, "a", "b");
type = PrincipalName.KRB_NT_SRV_HST;
// Let's pray "b.h" won't be canonicalized
- checkName("a/b.h", type, "R1", "R1", "a", "b.h"); // arg
- checkName("a/b.h@R1", type, null, "R1", "a", "b.h"); // or r in name
- checkName("a/b.h@R1", type, "R2", "R2", "a", "b.h"); // arg over r
- checkName("a/b.h", type, null, null); // fail if none
+ checkName("a/b.h", type, "R1", "R1", false, "a", "b.h"); // arg
+ checkName("a/b.h@R1", type, null, "R1", false, "a", "b.h"); // or r in name
+ checkName("a/b.h@R1", type, "R2", "R2", false, "a", "b.h"); // arg over r
+ checkName("a/b.h", type, null, null, false); // fail if none
}
// When there is default realm
@@ -96,25 +96,25 @@
Config.refresh();
type = PrincipalName.KRB_NT_UNKNOWN;
- checkName("a", type, "R1", "R1", "a"); // arg
- checkName("a@R1", type, null, "R1", "a"); // or r in name
- checkName("a@R2", type, "R1", "R1", "a"); // arg over r
- checkName("a", type, null, "R", "a"); // default
- checkName("a/b", type, null, "R", "a", "b");
+ checkName("a", type, "R1", "R1", false, "a"); // arg
+ checkName("a@R1", type, null, "R1", false, "a"); // or r in name
+ checkName("a@R2", type, "R1", "R1", false, "a"); // arg over r
+ checkName("a", type, null, "R", true, "a"); // default
+ checkName("a/b", type, null, "R", true, "a", "b");
type = PrincipalName.KRB_NT_SRV_HST;
- checkName("a/b.h3", type, "R1", "R1", "a", "b.h3"); // arg
- checkName("a/b.h@R1", type, null, "R1", "a", "b.h"); // or r in name
- checkName("a/b.h3@R2", type, "R1", "R1", "a", "b.h3"); // arg over r
- checkName("a/b.h2", type, "R1", "R1", "a", "b.h2"); // arg over map
- checkName("a/b.h2@R1", type, null, "R1", "a", "b.h2"); // r over map
- checkName("a/b.h2", type, null, "R2", "a", "b.h2"); // map
- checkName("a/b.h", type, null, "R", "a", "b.h"); // default
+ checkName("a/b.h3", type, "R1", "R1", false, "a", "b.h3"); // arg
+ checkName("a/b.h@R1", type, null, "R1", false, "a", "b.h"); // or r in name
+ checkName("a/b.h3@R2", type, "R1", "R1", false, "a", "b.h3"); // arg over r
+ checkName("a/b.h2", type, "R1", "R1", false, "a", "b.h2"); // arg over map
+ checkName("a/b.h2@R1", type, null, "R1", false, "a", "b.h2"); // r over map
+ checkName("a/b.h2", type, null, "R2", true, "a", "b.h2"); // map
+ checkName("a/b.h", type, null, "R", true, "a", "b.h"); // default
}
// Check if the creation matches the expected output.
// Note: realm == null means creation failure
static void checkName(String n, int t, String s,
- String realm, String... parts)
+ String realm, boolean deduced, String... parts)
throws Exception {
PrincipalName pn = null;
try {
@@ -131,5 +131,8 @@
throw new Exception(pn.toString() + " vs "
+ Arrays.toString(parts) + "@" + realm);
}
+ if (deduced != pn.isRealmDeduced()) {
+ throw new Exception("pn.realmDeduced is " + pn.isRealmDeduced());
+ }
}
}