ojluni: tidy up ojluni files
Deleted files that are not being compiled
Added script to check that the files under ojluni/src/main/java
are the same as mentioned in the mk file.
Test: make
Bug: 29631070
Change-Id: Id1a62f7fbc52569ba5c8287571ae325d989bb5ad
diff --git a/check-ojluni-files b/check-ojluni-files
new file mode 100755
index 0000000..c0066fc
--- /dev/null
+++ b/check-ojluni-files
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+
+# Copyright (C) 2016 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+##### Script to check whether the files openjdk_java_files.mk match
+##### those in the corresponding directory.
+COMMAND='diff <(for i in $(openjdk_java_files); do echo "\$$i"; done | sort) '
+COMMAND=${COMMAND}'<( find ojluni/src/main/java -type f | grep '\''\.java$$'\'' | sort )'
+
+# Need to do it this nasty way (creating a Makefile on the fly and
+# executing the bash command inside it) as to read the openjdk_java_files
+# variable from an .mk file.
+make -s -f <(cat <<EOF
+include openjdk_java_files.mk
+check_openjdk_java_files: ; /bin/bash -c "$COMMAND"
+EOF)
+
+if [ $? -eq 0 ]; then
+ echo 'No differences found'
+else
+ echo 'Differences found'
+ exit 1
+fi
+
diff --git a/ojluni/src/main/java/sun/nio/ch/DevPollArrayWrapper.java b/ojluni/src/main/java/sun/nio/ch/DevPollArrayWrapper.java
deleted file mode 100755
index 3151b22..0000000
--- a/ojluni/src/main/java/sun/nio/ch/DevPollArrayWrapper.java
+++ /dev/null
@@ -1,319 +0,0 @@
-/*
- * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.nio.ch;
-
-import java.io.IOException;
-import java.util.BitSet;
-import java.util.Map;
-import java.util.HashMap;
-
-
-/**
- * Manipulates a native array of pollfd structs on Solaris:
- *
- * typedef struct pollfd {
- * int fd;
- * short events;
- * short revents;
- * } pollfd_t;
- *
- * @author Mike McCloskey
- * @since 1.4
- */
-
-class DevPollArrayWrapper {
-
- // Event masks
- static final short POLLIN = 0x0001;
- static final short POLLPRI = 0x0002;
- static final short POLLOUT = 0x0004;
- static final short POLLRDNORM = 0x0040;
- static final short POLLWRNORM = POLLOUT;
- static final short POLLRDBAND = 0x0080;
- static final short POLLWRBAND = 0x0100;
- static final short POLLNORM = POLLRDNORM;
- static final short POLLERR = 0x0008;
- static final short POLLHUP = 0x0010;
- static final short POLLNVAL = 0x0020;
- static final short POLLREMOVE = 0x0800;
- static final short POLLCONN = POLLOUT;
-
- // Miscellaneous constants
- static final short SIZE_POLLFD = 8;
- static final short FD_OFFSET = 0;
- static final short EVENT_OFFSET = 4;
- static final short REVENT_OFFSET = 6;
-
- // Special value to indicate that an update should be ignored
- static final byte IGNORE = (byte)-1;
-
- // Maximum number of open file descriptors
- static final int OPEN_MAX = IOUtil.fdLimit();
-
- // Number of pollfd structures to create.
- // dpwrite/ioctl(DP_POLL) allows up to OPEN_MAX-1
- static final int NUM_POLLFDS = Math.min(OPEN_MAX-1, 8192);
-
- // Initial size of arrays for fd registration changes
- private final int INITIAL_PENDING_UPDATE_SIZE = 64;
-
- // maximum size of updatesLow
- private final int MAX_UPDATE_ARRAY_SIZE = Math.min(OPEN_MAX, 64*1024);
-
- // The pollfd array for results from devpoll driver
- private final AllocatedNativeObject pollArray;
-
- // Base address of the native pollArray
- private final long pollArrayAddress;
-
- // The fd of the devpoll driver
- private int wfd;
-
- // The fd of the interrupt line going out
- private int outgoingInterruptFD;
-
- // The fd of the interrupt line coming in
- private int incomingInterruptFD;
-
- // The index of the interrupt FD
- private int interruptedIndex;
-
- // Number of updated pollfd entries
- int updated;
-
- // object to synchronize fd registration changes
- private final Object updateLock = new Object();
-
- // number of file descriptors with registration changes pending
- private int updateCount;
-
- // file descriptors with registration changes pending
- private int[] updateDescriptors = new int[INITIAL_PENDING_UPDATE_SIZE];
-
- // events for file descriptors with registration changes pending, indexed
- // by file descriptor and stored as bytes for efficiency reasons. For
- // file descriptors higher than MAX_UPDATE_ARRAY_SIZE (unlimited case at
- // least then the update is stored in a map.
- private final byte[] eventsLow = new byte[MAX_UPDATE_ARRAY_SIZE];
- private Map<Integer,Byte> eventsHigh;
-
- // Used by release and updateRegistrations to track whether a file
- // descriptor is registered with /dev/poll.
- private final BitSet registered = new BitSet();
-
- DevPollArrayWrapper() {
- int allocationSize = NUM_POLLFDS * SIZE_POLLFD;
- pollArray = new AllocatedNativeObject(allocationSize, true);
- pollArrayAddress = pollArray.address();
- wfd = init();
- if (OPEN_MAX > MAX_UPDATE_ARRAY_SIZE)
- eventsHigh = new HashMap<>();
- }
-
- void initInterrupt(int fd0, int fd1) {
- outgoingInterruptFD = fd1;
- incomingInterruptFD = fd0;
- register(wfd, fd0, POLLIN);
- }
-
- void putReventOps(int i, int revent) {
- int offset = SIZE_POLLFD * i + REVENT_OFFSET;
- pollArray.putShort(offset, (short)revent);
- }
-
- int getEventOps(int i) {
- int offset = SIZE_POLLFD * i + EVENT_OFFSET;
- return pollArray.getShort(offset);
- }
-
- int getReventOps(int i) {
- int offset = SIZE_POLLFD * i + REVENT_OFFSET;
- return pollArray.getShort(offset);
- }
-
- int getDescriptor(int i) {
- int offset = SIZE_POLLFD * i + FD_OFFSET;
- return pollArray.getInt(offset);
- }
-
- private void setUpdateEvents(int fd, byte events) {
- if (fd < MAX_UPDATE_ARRAY_SIZE) {
- eventsLow[fd] = events;
- } else {
- eventsHigh.put(Integer.valueOf(fd), Byte.valueOf(events));
- }
- }
-
- private byte getUpdateEvents(int fd) {
- if (fd < MAX_UPDATE_ARRAY_SIZE) {
- return eventsLow[fd];
- } else {
- Byte result = eventsHigh.get(Integer.valueOf(fd));
- // result should never be null
- return result.byteValue();
- }
- }
-
- void setInterest(int fd, int mask) {
- synchronized (updateLock) {
- // record the file descriptor and events, expanding the
- // respective arrays first if necessary.
- int oldCapacity = updateDescriptors.length;
- if (updateCount == oldCapacity) {
- int newCapacity = oldCapacity + INITIAL_PENDING_UPDATE_SIZE;
- int[] newDescriptors = new int[newCapacity];
- System.arraycopy(updateDescriptors, 0, newDescriptors, 0, oldCapacity);
- updateDescriptors = newDescriptors;
- }
- updateDescriptors[updateCount++] = fd;
-
- // events are stored as bytes for efficiency reasons
- byte b = (byte)mask;
- assert (b == mask) && (b != IGNORE);
- setUpdateEvents(fd, b);
- }
- }
-
- void release(int fd) {
- synchronized (updateLock) {
- // ignore any pending update for this file descriptor
- setUpdateEvents(fd, IGNORE);
-
- // remove from /dev/poll
- if (registered.get(fd)) {
- register(wfd, fd, POLLREMOVE);
- registered.clear(fd);
- }
- }
- }
-
- void closeDevPollFD() throws IOException {
- FileDispatcherImpl.closeIntFD(wfd);
- pollArray.free();
- }
-
- int poll(long timeout) throws IOException {
- updateRegistrations();
- updated = poll0(pollArrayAddress, NUM_POLLFDS, timeout, wfd);
- for (int i=0; i<updated; i++) {
- if (getDescriptor(i) == incomingInterruptFD) {
- interruptedIndex = i;
- interrupted = true;
- break;
- }
- }
- return updated;
- }
-
- void updateRegistrations() throws IOException {
- synchronized (updateLock) {
- // Populate pollfd array with updated masks
- int j = 0;
- int index = 0;
- while (j < updateCount) {
- int fd = updateDescriptors[j];
- short events = getUpdateEvents(fd);
- boolean wasRegistered = registered.get(fd);
-
- // events = 0 => POLLREMOVE or do-nothing
- if (events != IGNORE) {
- if (events == 0) {
- if (wasRegistered) {
- events = POLLREMOVE;
- registered.clear(fd);
- } else {
- events = IGNORE;
- }
- } else {
- if (!wasRegistered) {
- registered.set(fd);
- }
- }
- }
-
- // populate pollfd array with updated event
- if (events != IGNORE) {
- // insert POLLREMOVE if changing events
- if (wasRegistered && events != POLLREMOVE) {
- putPollFD(pollArray, index, fd, POLLREMOVE);
- index++;
- }
- putPollFD(pollArray, index, fd, events);
- index++;
- if (index >= (NUM_POLLFDS-1)) {
- registerMultiple(wfd, pollArray.address(), index);
- index = 0;
- }
-
- // events for this fd now up to date
- setUpdateEvents(fd, IGNORE);
- }
- j++;
- }
-
- // write any remaining updates
- if (index > 0)
- registerMultiple(wfd, pollArray.address(), index);
-
- updateCount = 0;
- }
- }
-
- private void putPollFD(AllocatedNativeObject array, int index, int fd,
- short event)
- {
- int structIndex = SIZE_POLLFD * index;
- array.putInt(structIndex + FD_OFFSET, fd);
- array.putShort(structIndex + EVENT_OFFSET, event);
- array.putShort(structIndex + REVENT_OFFSET, (short)0);
- }
-
- boolean interrupted = false;
-
- public void interrupt() {
- interrupt(outgoingInterruptFD);
- }
-
- public int interruptedIndex() {
- return interruptedIndex;
- }
-
- boolean interrupted() {
- return interrupted;
- }
-
- void clearInterrupted() {
- interrupted = false;
- }
-
- private native int init();
- private native void register(int wfd, int fd, int mask);
- private native void registerMultiple(int wfd, long address, int len)
- throws IOException;
- private native int poll0(long pollAddress, int numfds, long timeout,
- int wfd);
- private static native void interrupt(int fd);
-}
diff --git a/ojluni/src/main/java/sun/nio/ch/DevPollSelectorImpl.java b/ojluni/src/main/java/sun/nio/ch/DevPollSelectorImpl.java
deleted file mode 100755
index 047d6f9..0000000
--- a/ojluni/src/main/java/sun/nio/ch/DevPollSelectorImpl.java
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.nio.ch;
-
-import java.io.IOException;
-import java.nio.channels.*;
-import java.nio.channels.spi.*;
-import java.util.*;
-import sun.misc.*;
-
-
-/**
- * An implementation of Selector for Solaris.
- */
-class DevPollSelectorImpl
- extends SelectorImpl
-{
-
- // File descriptors used for interrupt
- protected int fd0;
- protected int fd1;
-
- // The poll object
- DevPollArrayWrapper pollWrapper;
-
- // Maps from file descriptors to keys
- private Map<Integer,SelectionKeyImpl> fdToKey;
-
- // True if this Selector has been closed
- private boolean closed = false;
-
- // Lock for close/cleanup
- private Object closeLock = new Object();
-
- // Lock for interrupt triggering and clearing
- private Object interruptLock = new Object();
- private boolean interruptTriggered = false;
-
- /**
- * Package private constructor called by factory method in
- * the abstract superclass Selector.
- */
- DevPollSelectorImpl(SelectorProvider sp) {
- super(sp);
- long pipeFds = IOUtil.makePipe(false);
- fd0 = (int) (pipeFds >>> 32);
- fd1 = (int) pipeFds;
- pollWrapper = new DevPollArrayWrapper();
- pollWrapper.initInterrupt(fd0, fd1);
- fdToKey = new HashMap<Integer,SelectionKeyImpl>();
- }
-
- protected int doSelect(long timeout)
- throws IOException
- {
- if (closed)
- throw new ClosedSelectorException();
- processDeregisterQueue();
- try {
- begin();
- pollWrapper.poll(timeout);
- } finally {
- end();
- }
- processDeregisterQueue();
- int numKeysUpdated = updateSelectedKeys();
- if (pollWrapper.interrupted()) {
- // Clear the wakeup pipe
- pollWrapper.putReventOps(pollWrapper.interruptedIndex(), 0);
- synchronized (interruptLock) {
- pollWrapper.clearInterrupted();
- IOUtil.drain(fd0);
- interruptTriggered = false;
- }
- }
- return numKeysUpdated;
- }
-
- /**
- * Update the keys whose fd's have been selected by the devpoll
- * driver. Add the ready keys to the ready queue.
- */
- private int updateSelectedKeys() {
- int entries = pollWrapper.updated;
- int numKeysUpdated = 0;
- for (int i=0; i<entries; i++) {
- int nextFD = pollWrapper.getDescriptor(i);
- SelectionKeyImpl ski = fdToKey.get(Integer.valueOf(nextFD));
- // ski is null in the case of an interrupt
- if (ski != null) {
- int rOps = pollWrapper.getReventOps(i);
- if (selectedKeys.contains(ski)) {
- if (ski.channel.translateAndSetReadyOps(rOps, ski)) {
- numKeysUpdated++;
- }
- } else {
- ski.channel.translateAndSetReadyOps(rOps, ski);
- if ((ski.nioReadyOps() & ski.nioInterestOps()) != 0) {
- selectedKeys.add(ski);
- numKeysUpdated++;
- }
- }
- }
- }
- return numKeysUpdated;
- }
-
- protected void implClose() throws IOException {
- if (closed)
- return;
- closed = true;
-
- // prevent further wakeup
- synchronized (interruptLock) {
- interruptTriggered = true;
- }
-
- FileDispatcherImpl.closeIntFD(fd0);
- FileDispatcherImpl.closeIntFD(fd1);
-
- pollWrapper.release(fd0);
- pollWrapper.closeDevPollFD();
- selectedKeys = null;
-
- // Deregister channels
- Iterator<SelectionKey> i = keys.iterator();
- while (i.hasNext()) {
- SelectionKeyImpl ski = (SelectionKeyImpl)i.next();
- deregister(ski);
- SelectableChannel selch = ski.channel();
- if (!selch.isOpen() && !selch.isRegistered())
- ((SelChImpl)selch).kill();
- i.remove();
- }
- fd0 = -1;
- fd1 = -1;
- }
-
- protected void implRegister(SelectionKeyImpl ski) {
- int fd = IOUtil.fdVal(ski.channel.getFD());
- fdToKey.put(Integer.valueOf(fd), ski);
- keys.add(ski);
- }
-
- protected void implDereg(SelectionKeyImpl ski) throws IOException {
- int i = ski.getIndex();
- assert (i >= 0);
- int fd = ski.channel.getFDVal();
- fdToKey.remove(Integer.valueOf(fd));
- pollWrapper.release(fd);
- ski.setIndex(-1);
- keys.remove(ski);
- selectedKeys.remove(ski);
- deregister((AbstractSelectionKey)ski);
- SelectableChannel selch = ski.channel();
- if (!selch.isOpen() && !selch.isRegistered())
- ((SelChImpl)selch).kill();
- }
-
- void putEventOps(SelectionKeyImpl sk, int ops) {
- if (closed)
- throw new ClosedSelectorException();
- int fd = IOUtil.fdVal(sk.channel.getFD());
- pollWrapper.setInterest(fd, ops);
- }
-
- public Selector wakeup() {
- synchronized (interruptLock) {
- if (!interruptTriggered) {
- pollWrapper.interrupt();
- interruptTriggered = true;
- }
- }
- return this;
- }
-}
diff --git a/ojluni/src/main/java/sun/nio/ch/DevPollSelectorProvider.java b/ojluni/src/main/java/sun/nio/ch/DevPollSelectorProvider.java
deleted file mode 100755
index dbd6170..0000000
--- a/ojluni/src/main/java/sun/nio/ch/DevPollSelectorProvider.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (c) 2001, 2003, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.nio.ch;
-
-import java.io.IOException;
-import java.nio.channels.*;
-import java.nio.channels.spi.*;
-
-public class DevPollSelectorProvider
- extends SelectorProviderImpl
-{
- public AbstractSelector openSelector() throws IOException {
- return new DevPollSelectorImpl(this);
- }
-
- public Channel inheritedChannel() throws IOException {
- return InheritedChannel.getChannel();
- }
-}
diff --git a/ojluni/src/main/java/sun/security/provider/certpath/CollectionCertStore.java b/ojluni/src/main/java/sun/security/provider/certpath/CollectionCertStore.java
deleted file mode 100644
index f991434..0000000
--- a/ojluni/src/main/java/sun/security/provider/certpath/CollectionCertStore.java
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.provider.certpath;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.cert.Certificate;
-import java.security.cert.CRL;
-import java.util.Collection;
-import java.util.ConcurrentModificationException;
-import java.util.HashSet;
-import java.security.cert.CertSelector;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreException;
-import java.security.cert.CertStoreParameters;
-import java.security.cert.CollectionCertStoreParameters;
-import java.security.cert.CRLSelector;
-import java.security.cert.CertStoreSpi;
-
-/**
- * A <code>CertStore</code> that retrieves <code>Certificates</code> and
- * <code>CRL</code>s from a <code>Collection</code>.
- * <p>
- * Before calling the {@link #engineGetCertificates engineGetCertificates} or
- * {@link #engineGetCRLs engineGetCRLs} methods, the
- * {@link #CollectionCertStore(CertStoreParameters)
- * CollectionCertStore(CertStoreParameters)} constructor is called to
- * create the <code>CertStore</code> and establish the
- * <code>Collection</code> from which <code>Certificate</code>s and
- * <code>CRL</code>s will be retrieved. If the specified
- * <code>Collection</code> contains an object that is not a
- * <code>Certificate</code> or <code>CRL</code>, that object will be
- * ignored.
- * <p>
- * <b>Concurrent Access</b>
- * <p>
- * As described in the javadoc for <code>CertStoreSpi</code>, the
- * <code>engineGetCertificates</code> and <code>engineGetCRLs</code> methods
- * must be thread-safe. That is, multiple threads may concurrently
- * invoke these methods on a single <code>CollectionCertStore</code>
- * object (or more than one) with no ill effects.
- * <p>
- * This is achieved by requiring that the <code>Collection</code> passed to
- * the {@link #CollectionCertStore(CertStoreParameters)
- * CollectionCertStore(CertStoreParameters)} constructor (via the
- * <code>CollectionCertStoreParameters</code> object) must have fail-fast
- * iterators. Simultaneous modifications to the <code>Collection</code> can thus be
- * detected and certificate or CRL retrieval can be retried. The fact that
- * <code>Certificate</code>s and <code>CRL</code>s must be thread-safe is also
- * essential.
- *
- * @see java.security.cert.CertStore
- *
- * @since 1.4
- * @author Steve Hanna
- */
-public class CollectionCertStore extends CertStoreSpi {
-
- private Collection<?> coll;
-
- /**
- * Creates a <code>CertStore</code> with the specified parameters.
- * For this class, the parameters object must be an instance of
- * <code>CollectionCertStoreParameters</code>. The <code>Collection</code>
- * included in the <code>CollectionCertStoreParameters</code> object
- * must be thread-safe.
- *
- * @param params the algorithm parameters
- * @exception InvalidAlgorithmParameterException if params is not an
- * instance of <code>CollectionCertStoreParameters</code>
- */
- public CollectionCertStore(CertStoreParameters params)
- throws InvalidAlgorithmParameterException
- {
- super(params);
- if (!(params instanceof CollectionCertStoreParameters))
- throw new InvalidAlgorithmParameterException(
- "parameters must be CollectionCertStoreParameters");
- coll = ((CollectionCertStoreParameters) params).getCollection();
- }
-
- /**
- * Returns a <code>Collection</code> of <code>Certificate</code>s that
- * match the specified selector. If no <code>Certificate</code>s
- * match the selector, an empty <code>Collection</code> will be returned.
- *
- * @param selector a <code>CertSelector</code> used to select which
- * <code>Certificate</code>s should be returned. Specify <code>null</code>
- * to return all <code>Certificate</code>s.
- * @return a <code>Collection</code> of <code>Certificate</code>s that
- * match the specified selector
- * @throws CertStoreException if an exception occurs
- */
- @Override
- public Collection<Certificate> engineGetCertificates
- (CertSelector selector) throws CertStoreException {
- if (coll == null) {
- throw new CertStoreException("Collection is null");
- }
- // Tolerate a few ConcurrentModificationExceptions
- for (int c = 0; c < 10; c++) {
- try {
- HashSet<Certificate> result = new HashSet<>();
- if (selector != null) {
- for (Object o : coll) {
- if ((o instanceof Certificate) &&
- selector.match((Certificate) o))
- result.add((Certificate)o);
- }
- } else {
- for (Object o : coll) {
- if (o instanceof Certificate)
- result.add((Certificate)o);
- }
- }
- return(result);
- } catch (ConcurrentModificationException e) { }
- }
- throw new ConcurrentModificationException("Too many "
- + "ConcurrentModificationExceptions");
- }
-
- /**
- * Returns a <code>Collection</code> of <code>CRL</code>s that
- * match the specified selector. If no <code>CRL</code>s
- * match the selector, an empty <code>Collection</code> will be returned.
- *
- * @param selector a <code>CRLSelector</code> used to select which
- * <code>CRL</code>s should be returned. Specify <code>null</code>
- * to return all <code>CRL</code>s.
- * @return a <code>Collection</code> of <code>CRL</code>s that
- * match the specified selector
- * @throws CertStoreException if an exception occurs
- */
- @Override
- public Collection<CRL> engineGetCRLs(CRLSelector selector)
- throws CertStoreException
- {
- if (coll == null)
- throw new CertStoreException("Collection is null");
-
- // Tolerate a few ConcurrentModificationExceptions
- for (int c = 0; c < 10; c++) {
- try {
- HashSet<CRL> result = new HashSet<>();
- if (selector != null) {
- for (Object o : coll) {
- if ((o instanceof CRL) && selector.match((CRL) o))
- result.add((CRL)o);
- }
- } else {
- for (Object o : coll) {
- if (o instanceof CRL)
- result.add((CRL)o);
- }
- }
- return result;
- } catch (ConcurrentModificationException e) { }
- }
- throw new ConcurrentModificationException("Too many "
- + "ConcurrentModificationExceptions");
- }
-}
diff --git a/ojluni/src/main/java/sun/security/provider/certpath/IndexedCollectionCertStore.java b/ojluni/src/main/java/sun/security/provider/certpath/IndexedCollectionCertStore.java
deleted file mode 100644
index 64fcc56..0000000
--- a/ojluni/src/main/java/sun/security/provider/certpath/IndexedCollectionCertStore.java
+++ /dev/null
@@ -1,424 +0,0 @@
-/*
- * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.provider.certpath;
-
-import java.util.*;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.cert.*;
-
-import javax.security.auth.x500.X500Principal;
-
-/**
- * A <code>CertStore</code> that retrieves <code>Certificates</code> and
- * <code>CRL</code>s from a <code>Collection</code>.
- * <p>
- * This implementation is functionally equivalent to CollectionCertStore
- * with two differences:
- * <ol>
- * <li>Upon construction, the elements in the specified Collection are
- * partially indexed. X509Certificates are indexed by subject, X509CRLs
- * by issuer, non-X509 Certificates and CRLs are copied without indexing,
- * other objects are ignored. This increases CertStore construction time
- * but allows significant speedups for searches which specify the indexed
- * attributes, in particular for large Collections (reduction from linear
- * time to effectively constant time). Searches for non-indexed queries
- * are as fast (or marginally faster) than for the standard
- * CollectionCertStore. Certificate subjects and CRL issuers
- * were found to be specified in most searches used internally by the
- * CertPath provider. Additional attributes could indexed if there are
- * queries that justify the effort.
- *
- * <li>Changes to the specified Collection after construction time are
- * not detected and ignored. This is because there is no way to efficiently
- * detect if a Collection has been modified, a full traversal would be
- * required. That would degrade lookup performance to linear time and
- * eliminated the benefit of indexing. We may fix this via the introduction
- * of new public APIs in the future.
- * </ol>
- * <p>
- * Before calling the {@link #engineGetCertificates engineGetCertificates} or
- * {@link #engineGetCRLs engineGetCRLs} methods, the
- * {@link #CollectionCertStore(CertStoreParameters)
- * CollectionCertStore(CertStoreParameters)} constructor is called to
- * create the <code>CertStore</code> and establish the
- * <code>Collection</code> from which <code>Certificate</code>s and
- * <code>CRL</code>s will be retrieved. If the specified
- * <code>Collection</code> contains an object that is not a
- * <code>Certificate</code> or <code>CRL</code>, that object will be
- * ignored.
- * <p>
- * <b>Concurrent Access</b>
- * <p>
- * As described in the javadoc for <code>CertStoreSpi</code>, the
- * <code>engineGetCertificates</code> and <code>engineGetCRLs</code> methods
- * must be thread-safe. That is, multiple threads may concurrently
- * invoke these methods on a single <code>CollectionCertStore</code>
- * object (or more than one) with no ill effects.
- * <p>
- * This is achieved by requiring that the <code>Collection</code> passed to
- * the {@link #CollectionCertStore(CertStoreParameters)
- * CollectionCertStore(CertStoreParameters)} constructor (via the
- * <code>CollectionCertStoreParameters</code> object) must have fail-fast
- * iterators. Simultaneous modifications to the <code>Collection</code> can thus be
- * detected and certificate or CRL retrieval can be retried. The fact that
- * <code>Certificate</code>s and <code>CRL</code>s must be thread-safe is also
- * essential.
- *
- * @see java.security.cert.CertStore
- * @see CollectionCertStore
- *
- * @author Andreas Sterbenz
- */
-public class IndexedCollectionCertStore extends CertStoreSpi {
-
- /**
- * Map X500Principal(subject) -> X509Certificate | List of X509Certificate
- */
- private Map<X500Principal, Object> certSubjects;
- /**
- * Map X500Principal(issuer) -> X509CRL | List of X509CRL
- */
- private Map<X500Principal, Object> crlIssuers;
- /**
- * Sets of non-X509 certificates and CRLs
- */
- private Set<Certificate> otherCertificates;
- private Set<CRL> otherCRLs;
-
- /**
- * Creates a <code>CertStore</code> with the specified parameters.
- * For this class, the parameters object must be an instance of
- * <code>CollectionCertStoreParameters</code>.
- *
- * @param params the algorithm parameters
- * @exception InvalidAlgorithmParameterException if params is not an
- * instance of <code>CollectionCertStoreParameters</code>
- */
- public IndexedCollectionCertStore(CertStoreParameters params)
- throws InvalidAlgorithmParameterException {
- super(params);
- if (!(params instanceof CollectionCertStoreParameters)) {
- throw new InvalidAlgorithmParameterException(
- "parameters must be CollectionCertStoreParameters");
- }
- Collection<?> coll = ((CollectionCertStoreParameters)params).getCollection();
- if (coll == null) {
- throw new InvalidAlgorithmParameterException
- ("Collection must not be null");
- }
- buildIndex(coll);
- }
-
- /**
- * Index the specified Collection copying all references to Certificates
- * and CRLs.
- */
- private void buildIndex(Collection<?> coll) {
- certSubjects = new HashMap<X500Principal, Object>();
- crlIssuers = new HashMap<X500Principal, Object>();
- otherCertificates = null;
- otherCRLs = null;
- for (Object obj : coll) {
- if (obj instanceof X509Certificate) {
- indexCertificate((X509Certificate)obj);
- } else if (obj instanceof X509CRL) {
- indexCRL((X509CRL)obj);
- } else if (obj instanceof Certificate) {
- if (otherCertificates == null) {
- otherCertificates = new HashSet<Certificate>();
- }
- otherCertificates.add((Certificate)obj);
- } else if (obj instanceof CRL) {
- if (otherCRLs == null) {
- otherCRLs = new HashSet<CRL>();
- }
- otherCRLs.add((CRL)obj);
- } else {
- // ignore
- }
- }
- if (otherCertificates == null) {
- otherCertificates = Collections.<Certificate>emptySet();
- }
- if (otherCRLs == null) {
- otherCRLs = Collections.<CRL>emptySet();
- }
- }
-
- /**
- * Add an X509Certificate to the index.
- */
- private void indexCertificate(X509Certificate cert) {
- X500Principal subject = cert.getSubjectX500Principal();
- Object oldEntry = certSubjects.put(subject, cert);
- if (oldEntry != null) { // assume this is unlikely
- if (oldEntry instanceof X509Certificate) {
- if (cert.equals(oldEntry)) {
- return;
- }
- List<X509Certificate> list = new ArrayList<>(2);
- list.add(cert);
- list.add((X509Certificate)oldEntry);
- certSubjects.put(subject, list);
- } else {
- @SuppressWarnings("unchecked") // See certSubjects javadoc.
- List<X509Certificate> list = (List<X509Certificate>)oldEntry;
- if (list.contains(cert) == false) {
- list.add(cert);
- }
- certSubjects.put(subject, list);
- }
- }
- }
-
- /**
- * Add an X509CRL to the index.
- */
- private void indexCRL(X509CRL crl) {
- X500Principal issuer = crl.getIssuerX500Principal();
- Object oldEntry = crlIssuers.put(issuer, crl);
- if (oldEntry != null) { // assume this is unlikely
- if (oldEntry instanceof X509CRL) {
- if (crl.equals(oldEntry)) {
- return;
- }
- List<X509CRL> list = new ArrayList<>(2);
- list.add(crl);
- list.add((X509CRL)oldEntry);
- crlIssuers.put(issuer, list);
- } else {
- // See crlIssuers javadoc.
- @SuppressWarnings("unchecked")
- List<X509CRL> list = (List<X509CRL>)oldEntry;
- if (list.contains(crl) == false) {
- list.add(crl);
- }
- crlIssuers.put(issuer, list);
- }
- }
- }
-
- /**
- * Returns a <code>Collection</code> of <code>Certificate</code>s that
- * match the specified selector. If no <code>Certificate</code>s
- * match the selector, an empty <code>Collection</code> will be returned.
- *
- * @param selector a <code>CertSelector</code> used to select which
- * <code>Certificate</code>s should be returned. Specify <code>null</code>
- * to return all <code>Certificate</code>s.
- * @return a <code>Collection</code> of <code>Certificate</code>s that
- * match the specified selector
- * @throws CertStoreException if an exception occurs
- */
- @Override
- public Collection<? extends Certificate> engineGetCertificates(CertSelector selector)
- throws CertStoreException {
-
- // no selector means match all
- if (selector == null) {
- Set<Certificate> matches = new HashSet<>();
- matchX509Certs(new X509CertSelector(), matches);
- matches.addAll(otherCertificates);
- return matches;
- }
-
- if (selector instanceof X509CertSelector == false) {
- Set<Certificate> matches = new HashSet<>();
- matchX509Certs(selector, matches);
- for (Certificate cert : otherCertificates) {
- if (selector.match(cert)) {
- matches.add(cert);
- }
- }
- return matches;
- }
-
- if (certSubjects.isEmpty()) {
- return Collections.<X509Certificate>emptySet();
- }
- X509CertSelector x509Selector = (X509CertSelector)selector;
- // see if the subject is specified
- X500Principal subject;
- X509Certificate matchCert = x509Selector.getCertificate();
- if (matchCert != null) {
- subject = matchCert.getSubjectX500Principal();
- } else {
- subject = x509Selector.getSubject();
- }
- if (subject != null) {
- // yes, narrow down candidates to indexed possibilities
- Object entry = certSubjects.get(subject);
- if (entry == null) {
- return Collections.<X509Certificate>emptySet();
- }
- if (entry instanceof X509Certificate) {
- X509Certificate x509Entry = (X509Certificate)entry;
- if (x509Selector.match(x509Entry)) {
- return Collections.singleton(x509Entry);
- } else {
- return Collections.<X509Certificate>emptySet();
- }
- } else {
- // See certSubjects javadoc.
- @SuppressWarnings("unchecked")
- List<X509Certificate> list = (List<X509Certificate>)entry;
- Set<X509Certificate> matches = new HashSet<>(16);
- for (X509Certificate cert : list) {
- if (x509Selector.match(cert)) {
- matches.add(cert);
- }
- }
- return matches;
- }
- }
- // cannot use index, iterate all
- Set<Certificate> matches = new HashSet<>(16);
- matchX509Certs(x509Selector, matches);
- return matches;
- }
-
- /**
- * Iterate through all the X509Certificates and add matches to the
- * collection.
- */
- private void matchX509Certs(CertSelector selector,
- Collection<Certificate> matches) {
-
- for (Object obj : certSubjects.values()) {
- if (obj instanceof X509Certificate) {
- X509Certificate cert = (X509Certificate)obj;
- if (selector.match(cert)) {
- matches.add(cert);
- }
- } else {
- // See certSubjects javadoc.
- @SuppressWarnings("unchecked")
- List<X509Certificate> list = (List<X509Certificate>)obj;
- for (X509Certificate cert : list) {
- if (selector.match(cert)) {
- matches.add(cert);
- }
- }
- }
- }
- }
-
- /**
- * Returns a <code>Collection</code> of <code>CRL</code>s that
- * match the specified selector. If no <code>CRL</code>s
- * match the selector, an empty <code>Collection</code> will be returned.
- *
- * @param selector a <code>CRLSelector</code> used to select which
- * <code>CRL</code>s should be returned. Specify <code>null</code>
- * to return all <code>CRL</code>s.
- * @return a <code>Collection</code> of <code>CRL</code>s that
- * match the specified selector
- * @throws CertStoreException if an exception occurs
- */
- @Override
- public Collection<CRL> engineGetCRLs(CRLSelector selector)
- throws CertStoreException {
-
- if (selector == null) {
- Set<CRL> matches = new HashSet<>();
- matchX509CRLs(new X509CRLSelector(), matches);
- matches.addAll(otherCRLs);
- return matches;
- }
-
- if (selector instanceof X509CRLSelector == false) {
- Set<CRL> matches = new HashSet<>();
- matchX509CRLs(selector, matches);
- for (CRL crl : otherCRLs) {
- if (selector.match(crl)) {
- matches.add(crl);
- }
- }
- return matches;
- }
-
- if (crlIssuers.isEmpty()) {
- return Collections.<CRL>emptySet();
- }
- X509CRLSelector x509Selector = (X509CRLSelector)selector;
- // see if the issuer is specified
- Collection<X500Principal> issuers = x509Selector.getIssuers();
- if (issuers != null) {
- HashSet<CRL> matches = new HashSet<>(16);
- for (X500Principal issuer : issuers) {
- Object entry = crlIssuers.get(issuer);
- if (entry == null) {
- // empty
- } else if (entry instanceof X509CRL) {
- X509CRL crl = (X509CRL)entry;
- if (x509Selector.match(crl)) {
- matches.add(crl);
- }
- } else { // List
- // See crlIssuers javadoc.
- @SuppressWarnings("unchecked")
- List<X509CRL> list = (List<X509CRL>)entry;
- for (X509CRL crl : list) {
- if (x509Selector.match(crl)) {
- matches.add(crl);
- }
- }
- }
- }
- return matches;
- }
- // cannot use index, iterate all
- Set<CRL> matches = new HashSet<>(16);
- matchX509CRLs(x509Selector, matches);
- return matches;
- }
-
- /**
- * Iterate through all the X509CRLs and add matches to the
- * collection.
- */
- private void matchX509CRLs(CRLSelector selector, Collection<CRL> matches) {
- for (Object obj : crlIssuers.values()) {
- if (obj instanceof X509CRL) {
- X509CRL crl = (X509CRL)obj;
- if (selector.match(crl)) {
- matches.add(crl);
- }
- } else {
- // See crlIssuers javadoc.
- @SuppressWarnings("unchecked")
- List<X509CRL> list = (List<X509CRL>)obj;
- for (X509CRL crl : list) {
- if (selector.match(crl)) {
- matches.add(crl);
- }
- }
- }
- }
- }
-
-}
diff --git a/ojluni/src/main/java/sun/security/provider/certpath/ldap/LDAPCertStore.java b/ojluni/src/main/java/sun/security/provider/certpath/ldap/LDAPCertStore.java
deleted file mode 100644
index 5a24a69..0000000
--- a/ojluni/src/main/java/sun/security/provider/certpath/ldap/LDAPCertStore.java
+++ /dev/null
@@ -1,1086 +0,0 @@
-/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.provider.certpath.ldap;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.net.URI;
-import java.util.*;
-import javax.naming.Context;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.NameNotFoundException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttributes;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.InitialDirContext;
-
-import java.security.*;
-import java.security.cert.Certificate;
-import java.security.cert.*;
-import javax.security.auth.x500.X500Principal;
-
-import sun.misc.HexDumpEncoder;
-import sun.security.provider.certpath.X509CertificatePair;
-import sun.security.util.Cache;
-import sun.security.util.Debug;
-import sun.security.x509.X500Name;
-import sun.security.action.GetBooleanAction;
-import sun.security.action.GetPropertyAction;
-
-/**
- * A <code>CertStore</code> that retrieves <code>Certificates</code> and
- * <code>CRL</code>s from an LDAP directory, using the PKIX LDAP V2 Schema
- * (RFC 2587):
- * <a href="http://www.ietf.org/rfc/rfc2587.txt">
- * http://www.ietf.org/rfc/rfc2587.txt</a>.
- * <p>
- * Before calling the {@link #engineGetCertificates engineGetCertificates} or
- * {@link #engineGetCRLs engineGetCRLs} methods, the
- * {@link #LDAPCertStore(CertStoreParameters)
- * LDAPCertStore(CertStoreParameters)} constructor is called to create the
- * <code>CertStore</code> and establish the DNS name and port of the LDAP
- * server from which <code>Certificate</code>s and <code>CRL</code>s will be
- * retrieved.
- * <p>
- * <b>Concurrent Access</b>
- * <p>
- * As described in the javadoc for <code>CertStoreSpi</code>, the
- * <code>engineGetCertificates</code> and <code>engineGetCRLs</code> methods
- * must be thread-safe. That is, multiple threads may concurrently
- * invoke these methods on a single <code>LDAPCertStore</code> object
- * (or more than one) with no ill effects. This allows a
- * <code>CertPathBuilder</code> to search for a CRL while simultaneously
- * searching for further certificates, for instance.
- * <p>
- * This is achieved by adding the <code>synchronized</code> keyword to the
- * <code>engineGetCertificates</code> and <code>engineGetCRLs</code> methods.
- * <p>
- * This classes uses caching and requests multiple attributes at once to
- * minimize LDAP round trips. The cache is associated with the CertStore
- * instance. It uses soft references to hold the values to minimize impact
- * on footprint and currently has a maximum size of 750 attributes and a
- * 30 second default lifetime.
- * <p>
- * We always request CA certificates, cross certificate pairs, and ARLs in
- * a single LDAP request when any one of them is needed. The reason is that
- * we typically need all of them anyway and requesting them in one go can
- * reduce the number of requests to a third. Even if we don't need them,
- * these attributes are typically small enough not to cause a noticeable
- * overhead. In addition, when the prefetchCRLs flag is true, we also request
- * the full CRLs. It is currently false initially but set to true once any
- * request for an ARL to the server returns an null value. The reason is
- * that CRLs could be rather large but are rarely used. This implementation
- * should improve performance in most cases.
- *
- * @see java.security.cert.CertStore
- *
- * @since 1.4
- * @author Steve Hanna
- * @author Andreas Sterbenz
- */
-public final class LDAPCertStore extends CertStoreSpi {
-
- private static final Debug debug = Debug.getInstance("certpath");
-
- private final static boolean DEBUG = false;
-
- /**
- * LDAP attribute identifiers.
- */
- private static final String USER_CERT = "userCertificate;binary";
- private static final String CA_CERT = "cACertificate;binary";
- private static final String CROSS_CERT = "crossCertificatePair;binary";
- private static final String CRL = "certificateRevocationList;binary";
- private static final String ARL = "authorityRevocationList;binary";
- private static final String DELTA_CRL = "deltaRevocationList;binary";
-
- // Constants for various empty values
- private final static String[] STRING0 = new String[0];
-
- private final static byte[][] BB0 = new byte[0][];
-
- private final static Attributes EMPTY_ATTRIBUTES = new BasicAttributes();
-
- // cache related constants
- private final static int DEFAULT_CACHE_SIZE = 750;
- private final static int DEFAULT_CACHE_LIFETIME = 30;
-
- private final static int LIFETIME;
-
- private final static String PROP_LIFETIME =
- "sun.security.certpath.ldap.cache.lifetime";
-
- /*
- * Internal system property, that when set to "true", disables the
- * JNDI application resource files lookup to prevent recursion issues
- * when validating signed JARs with LDAP URLs in certificates.
- */
- private final static String PROP_DISABLE_APP_RESOURCE_FILES =
- "sun.security.certpath.ldap.disable.app.resource.files";
-
- static {
- String s = AccessController.doPrivileged(
- new GetPropertyAction(PROP_LIFETIME));
- if (s != null) {
- LIFETIME = Integer.parseInt(s); // throws NumberFormatException
- } else {
- LIFETIME = DEFAULT_CACHE_LIFETIME;
- }
- }
-
- /**
- * The CertificateFactory used to decode certificates from
- * their binary stored form.
- */
- private CertificateFactory cf;
- /**
- * The JNDI directory context.
- */
- private DirContext ctx;
-
- /**
- * Flag indicating whether we should prefetch CRLs.
- */
- private boolean prefetchCRLs = false;
-
- private final Cache<String, byte[][]> valueCache;
-
- private int cacheHits = 0;
- private int cacheMisses = 0;
- private int requests = 0;
-
- /**
- * Creates a <code>CertStore</code> with the specified parameters.
- * For this class, the parameters object must be an instance of
- * <code>LDAPCertStoreParameters</code>.
- *
- * @param params the algorithm parameters
- * @exception InvalidAlgorithmParameterException if params is not an
- * instance of <code>LDAPCertStoreParameters</code>
- */
- public LDAPCertStore(CertStoreParameters params)
- throws InvalidAlgorithmParameterException {
- super(params);
- if (!(params instanceof LDAPCertStoreParameters))
- throw new InvalidAlgorithmParameterException(
- "parameters must be LDAPCertStoreParameters");
-
- LDAPCertStoreParameters lparams = (LDAPCertStoreParameters) params;
-
- // Create InitialDirContext needed to communicate with the server
- createInitialDirContext(lparams.getServerName(), lparams.getPort());
-
- // Create CertificateFactory for use later on
- try {
- cf = CertificateFactory.getInstance("X.509");
- } catch (CertificateException e) {
- throw new InvalidAlgorithmParameterException(
- "unable to create CertificateFactory for X.509");
- }
- if (LIFETIME == 0) {
- valueCache = Cache.newNullCache();
- } else if (LIFETIME < 0) {
- valueCache = Cache.newSoftMemoryCache(DEFAULT_CACHE_SIZE);
- } else {
- valueCache = Cache.newSoftMemoryCache(DEFAULT_CACHE_SIZE, LIFETIME);
- }
- }
-
- /**
- * Returns an LDAP CertStore. This method consults a cache of
- * CertStores (shared per JVM) using the LDAP server/port as a key.
- */
- private static final Cache<LDAPCertStoreParameters, CertStore>
- certStoreCache = Cache.newSoftMemoryCache(185);
- static synchronized CertStore getInstance(LDAPCertStoreParameters params)
- throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
- CertStore lcs = certStoreCache.get(params);
- if (lcs == null) {
- lcs = CertStore.getInstance("LDAP", params);
- certStoreCache.put(params, lcs);
- } else {
- if (debug != null) {
- debug.println("LDAPCertStore.getInstance: cache hit");
- }
- }
- return lcs;
- }
-
- /**
- * Create InitialDirContext.
- *
- * @param server Server DNS name hosting LDAP service
- * @param port Port at which server listens for requests
- * @throws InvalidAlgorithmParameterException if creation fails
- */
- private void createInitialDirContext(String server, int port)
- throws InvalidAlgorithmParameterException {
- String url = "ldap://" + server + ":" + port;
- Hashtable<String,Object> env = new Hashtable<>();
- env.put(Context.INITIAL_CONTEXT_FACTORY,
- "com.sun.jndi.ldap.LdapCtxFactory");
- env.put(Context.PROVIDER_URL, url);
-
- // If property is set to true, disable application resource file lookup.
- boolean disableAppResourceFiles = AccessController.doPrivileged(
- new GetBooleanAction(PROP_DISABLE_APP_RESOURCE_FILES));
- if (disableAppResourceFiles) {
- if (debug != null) {
- debug.println("LDAPCertStore disabling app resource files");
- }
- env.put("com.sun.naming.disable.app.resource.files", "true");
- }
-
- try {
- ctx = new InitialDirContext(env);
- /*
- * By default, follow referrals unless application has
- * overridden property in an application resource file.
- */
- Hashtable<?,?> currentEnv = ctx.getEnvironment();
- if (currentEnv.get(Context.REFERRAL) == null) {
- ctx.addToEnvironment(Context.REFERRAL, "follow");
- }
- } catch (NamingException e) {
- if (debug != null) {
- debug.println("LDAPCertStore.engineInit about to throw "
- + "InvalidAlgorithmParameterException");
- e.printStackTrace();
- }
- Exception ee = new InvalidAlgorithmParameterException
- ("unable to create InitialDirContext using supplied parameters");
- ee.initCause(e);
- throw (InvalidAlgorithmParameterException)ee;
- }
- }
-
- /**
- * Private class encapsulating the actual LDAP operations and cache
- * handling. Use:
- *
- * LDAPRequest request = new LDAPRequest(dn);
- * request.addRequestedAttribute(CROSS_CERT);
- * request.addRequestedAttribute(CA_CERT);
- * byte[][] crossValues = request.getValues(CROSS_CERT);
- * byte[][] caValues = request.getValues(CA_CERT);
- *
- * At most one LDAP request is sent for each instance created. If all
- * getValues() calls can be satisfied from the cache, no request
- * is sent at all. If a request is sent, all requested attributes
- * are always added to the cache irrespective of whether the getValues()
- * method is called.
- */
- private class LDAPRequest {
-
- private final String name;
- private Map<String, byte[][]> valueMap;
- private final List<String> requestedAttributes;
-
- LDAPRequest(String name) {
- this.name = name;
- requestedAttributes = new ArrayList<>(5);
- }
-
- String getName() {
- return name;
- }
-
- void addRequestedAttribute(String attrId) {
- if (valueMap != null) {
- throw new IllegalStateException("Request already sent");
- }
- requestedAttributes.add(attrId);
- }
-
- /**
- * Gets one or more binary values from an attribute.
- *
- * @param name the location holding the attribute
- * @param attrId the attribute identifier
- * @return an array of binary values (byte arrays)
- * @throws NamingException if a naming exception occurs
- */
- byte[][] getValues(String attrId) throws NamingException {
- if (DEBUG && ((cacheHits + cacheMisses) % 50 == 0)) {
- System.out.println("Cache hits: " + cacheHits + "; misses: "
- + cacheMisses);
- }
- String cacheKey = name + "|" + attrId;
- byte[][] values = valueCache.get(cacheKey);
- if (values != null) {
- cacheHits++;
- return values;
- }
- cacheMisses++;
- Map<String, byte[][]> attrs = getValueMap();
- values = attrs.get(attrId);
- return values;
- }
-
- /**
- * Get a map containing the values for this request. The first time
- * this method is called on an object, the LDAP request is sent,
- * the results parsed and added to a private map and also to the
- * cache of this LDAPCertStore. Subsequent calls return the private
- * map immediately.
- *
- * The map contains an entry for each requested attribute. The
- * attribute name is the key, values are byte[][]. If there are no
- * values for that attribute, values are byte[0][].
- *
- * @return the value Map
- * @throws NamingException if a naming exception occurs
- */
- private Map<String, byte[][]> getValueMap() throws NamingException {
- if (valueMap != null) {
- return valueMap;
- }
- if (DEBUG) {
- System.out.println("Request: " + name + ":" + requestedAttributes);
- requests++;
- if (requests % 5 == 0) {
- System.out.println("LDAP requests: " + requests);
- }
- }
- valueMap = new HashMap<>(8);
- String[] attrIds = requestedAttributes.toArray(STRING0);
- Attributes attrs;
- try {
- attrs = ctx.getAttributes(name, attrIds);
- } catch (NameNotFoundException e) {
- // name does not exist on this LDAP server
- // treat same as not attributes found
- attrs = EMPTY_ATTRIBUTES;
- }
- for (String attrId : requestedAttributes) {
- Attribute attr = attrs.get(attrId);
- byte[][] values = getAttributeValues(attr);
- cacheAttribute(attrId, values);
- valueMap.put(attrId, values);
- }
- return valueMap;
- }
-
- /**
- * Add the values to the cache.
- */
- private void cacheAttribute(String attrId, byte[][] values) {
- String cacheKey = name + "|" + attrId;
- valueCache.put(cacheKey, values);
- }
-
- /**
- * Get the values for the given attribute. If the attribute is null
- * or does not contain any values, a zero length byte array is
- * returned. NOTE that it is assumed that all values are byte arrays.
- */
- private byte[][] getAttributeValues(Attribute attr)
- throws NamingException {
- byte[][] values;
- if (attr == null) {
- values = BB0;
- } else {
- values = new byte[attr.size()][];
- int i = 0;
- NamingEnumeration<?> enum_ = attr.getAll();
- while (enum_.hasMore()) {
- Object obj = enum_.next();
- if (debug != null) {
- if (obj instanceof String) {
- debug.println("LDAPCertStore.getAttrValues() "
- + "enum.next is a string!: " + obj);
- }
- }
- byte[] value = (byte[])obj;
- values[i++] = value;
- }
- }
- return values;
- }
-
- }
-
- /*
- * Gets certificates from an attribute id and location in the LDAP
- * directory. Returns a Collection containing only the Certificates that
- * match the specified CertSelector.
- *
- * @param name the location holding the attribute
- * @param id the attribute identifier
- * @param sel a CertSelector that the Certificates must match
- * @return a Collection of Certificates found
- * @throws CertStoreException if an exception occurs
- */
- private Collection<X509Certificate> getCertificates(LDAPRequest request,
- String id, X509CertSelector sel) throws CertStoreException {
-
- /* fetch encoded certs from storage */
- byte[][] encodedCert;
- try {
- encodedCert = request.getValues(id);
- } catch (NamingException namingEx) {
- throw new CertStoreException(namingEx);
- }
-
- int n = encodedCert.length;
- if (n == 0) {
- return Collections.emptySet();
- }
-
- List<X509Certificate> certs = new ArrayList<>(n);
- /* decode certs and check if they satisfy selector */
- for (int i = 0; i < n; i++) {
- ByteArrayInputStream bais = new ByteArrayInputStream(encodedCert[i]);
- try {
- Certificate cert = cf.generateCertificate(bais);
- if (sel.match(cert)) {
- certs.add((X509Certificate)cert);
- }
- } catch (CertificateException e) {
- if (debug != null) {
- debug.println("LDAPCertStore.getCertificates() encountered "
- + "exception while parsing cert, skipping the bad data: ");
- HexDumpEncoder encoder = new HexDumpEncoder();
- debug.println(
- "[ " + encoder.encodeBuffer(encodedCert[i]) + " ]");
- }
- }
- }
-
- return certs;
- }
-
- /*
- * Gets certificate pairs from an attribute id and location in the LDAP
- * directory.
- *
- * @param name the location holding the attribute
- * @param id the attribute identifier
- * @return a Collection of X509CertificatePairs found
- * @throws CertStoreException if an exception occurs
- */
- private Collection<X509CertificatePair> getCertPairs(
- LDAPRequest request, String id) throws CertStoreException {
-
- /* fetch the encoded cert pairs from storage */
- byte[][] encodedCertPair;
- try {
- encodedCertPair = request.getValues(id);
- } catch (NamingException namingEx) {
- throw new CertStoreException(namingEx);
- }
-
- int n = encodedCertPair.length;
- if (n == 0) {
- return Collections.emptySet();
- }
-
- List<X509CertificatePair> certPairs = new ArrayList<>(n);
- /* decode each cert pair and add it to the Collection */
- for (int i = 0; i < n; i++) {
- try {
- X509CertificatePair certPair =
- X509CertificatePair.generateCertificatePair(encodedCertPair[i]);
- certPairs.add(certPair);
- } catch (CertificateException e) {
- if (debug != null) {
- debug.println(
- "LDAPCertStore.getCertPairs() encountered exception "
- + "while parsing cert, skipping the bad data: ");
- HexDumpEncoder encoder = new HexDumpEncoder();
- debug.println(
- "[ " + encoder.encodeBuffer(encodedCertPair[i]) + " ]");
- }
- }
- }
-
- return certPairs;
- }
-
- /*
- * Looks at certificate pairs stored in the crossCertificatePair attribute
- * at the specified location in the LDAP directory. Returns a Collection
- * containing all Certificates stored in the forward component that match
- * the forward CertSelector and all Certificates stored in the reverse
- * component that match the reverse CertSelector.
- * <p>
- * If either forward or reverse is null, all certificates from the
- * corresponding component will be rejected.
- *
- * @param name the location to look in
- * @param forward the forward CertSelector (or null)
- * @param reverse the reverse CertSelector (or null)
- * @return a Collection of Certificates found
- * @throws CertStoreException if an exception occurs
- */
- private Collection<X509Certificate> getMatchingCrossCerts(
- LDAPRequest request, X509CertSelector forward,
- X509CertSelector reverse)
- throws CertStoreException {
- // Get the cert pairs
- Collection<X509CertificatePair> certPairs =
- getCertPairs(request, CROSS_CERT);
-
- // Find Certificates that match and put them in a list
- ArrayList<X509Certificate> matchingCerts = new ArrayList<>();
- for (X509CertificatePair certPair : certPairs) {
- X509Certificate cert;
- if (forward != null) {
- cert = certPair.getForward();
- if ((cert != null) && forward.match(cert)) {
- matchingCerts.add(cert);
- }
- }
- if (reverse != null) {
- cert = certPair.getReverse();
- if ((cert != null) && reverse.match(cert)) {
- matchingCerts.add(cert);
- }
- }
- }
- return matchingCerts;
- }
-
- /**
- * Returns a <code>Collection</code> of <code>Certificate</code>s that
- * match the specified selector. If no <code>Certificate</code>s
- * match the selector, an empty <code>Collection</code> will be returned.
- * <p>
- * It is not practical to search every entry in the LDAP database for
- * matching <code>Certificate</code>s. Instead, the <code>CertSelector</code>
- * is examined in order to determine where matching <code>Certificate</code>s
- * are likely to be found (according to the PKIX LDAPv2 schema, RFC 2587).
- * If the subject is specified, its directory entry is searched. If the
- * issuer is specified, its directory entry is searched. If neither the
- * subject nor the issuer are specified (or the selector is not an
- * <code>X509CertSelector</code>), a <code>CertStoreException</code> is
- * thrown.
- *
- * @param selector a <code>CertSelector</code> used to select which
- * <code>Certificate</code>s should be returned.
- * @return a <code>Collection</code> of <code>Certificate</code>s that
- * match the specified selector
- * @throws CertStoreException if an exception occurs
- */
- public synchronized Collection<X509Certificate> engineGetCertificates
- (CertSelector selector) throws CertStoreException {
- if (debug != null) {
- debug.println("LDAPCertStore.engineGetCertificates() selector: "
- + String.valueOf(selector));
- }
-
- if (selector == null) {
- selector = new X509CertSelector();
- }
- if (!(selector instanceof X509CertSelector)) {
- throw new CertStoreException("LDAPCertStore needs an X509CertSelector " +
- "to find certs");
- }
- X509CertSelector xsel = (X509CertSelector) selector;
- int basicConstraints = xsel.getBasicConstraints();
- String subject = xsel.getSubjectAsString();
- String issuer = xsel.getIssuerAsString();
- HashSet<X509Certificate> certs = new HashSet<>();
- if (debug != null) {
- debug.println("LDAPCertStore.engineGetCertificates() basicConstraints: "
- + basicConstraints);
- }
-
- // basicConstraints:
- // -2: only EE certs accepted
- // -1: no check is done
- // 0: any CA certificate accepted
- // >1: certificate's basicConstraints extension pathlen must match
- if (subject != null) {
- if (debug != null) {
- debug.println("LDAPCertStore.engineGetCertificates() "
- + "subject is not null");
- }
- LDAPRequest request = new LDAPRequest(subject);
- if (basicConstraints > -2) {
- request.addRequestedAttribute(CROSS_CERT);
- request.addRequestedAttribute(CA_CERT);
- request.addRequestedAttribute(ARL);
- if (prefetchCRLs) {
- request.addRequestedAttribute(CRL);
- }
- }
- if (basicConstraints < 0) {
- request.addRequestedAttribute(USER_CERT);
- }
-
- if (basicConstraints > -2) {
- certs.addAll(getMatchingCrossCerts(request, xsel, null));
- if (debug != null) {
- debug.println("LDAPCertStore.engineGetCertificates() after "
- + "getMatchingCrossCerts(subject,xsel,null),certs.size(): "
- + certs.size());
- }
- certs.addAll(getCertificates(request, CA_CERT, xsel));
- if (debug != null) {
- debug.println("LDAPCertStore.engineGetCertificates() after "
- + "getCertificates(subject,CA_CERT,xsel),certs.size(): "
- + certs.size());
- }
- }
- if (basicConstraints < 0) {
- certs.addAll(getCertificates(request, USER_CERT, xsel));
- if (debug != null) {
- debug.println("LDAPCertStore.engineGetCertificates() after "
- + "getCertificates(subject,USER_CERT, xsel),certs.size(): "
- + certs.size());
- }
- }
- } else {
- if (debug != null) {
- debug.println
- ("LDAPCertStore.engineGetCertificates() subject is null");
- }
- if (basicConstraints == -2) {
- throw new CertStoreException("need subject to find EE certs");
- }
- if (issuer == null) {
- throw new CertStoreException("need subject or issuer to find certs");
- }
- }
- if (debug != null) {
- debug.println("LDAPCertStore.engineGetCertificates() about to "
- + "getMatchingCrossCerts...");
- }
- if ((issuer != null) && (basicConstraints > -2)) {
- LDAPRequest request = new LDAPRequest(issuer);
- request.addRequestedAttribute(CROSS_CERT);
- request.addRequestedAttribute(CA_CERT);
- request.addRequestedAttribute(ARL);
- if (prefetchCRLs) {
- request.addRequestedAttribute(CRL);
- }
-
- certs.addAll(getMatchingCrossCerts(request, null, xsel));
- if (debug != null) {
- debug.println("LDAPCertStore.engineGetCertificates() after "
- + "getMatchingCrossCerts(issuer,null,xsel),certs.size(): "
- + certs.size());
- }
- certs.addAll(getCertificates(request, CA_CERT, xsel));
- if (debug != null) {
- debug.println("LDAPCertStore.engineGetCertificates() after "
- + "getCertificates(issuer,CA_CERT,xsel),certs.size(): "
- + certs.size());
- }
- }
- if (debug != null) {
- debug.println("LDAPCertStore.engineGetCertificates() returning certs");
- }
- return certs;
- }
-
- /*
- * Gets CRLs from an attribute id and location in the LDAP directory.
- * Returns a Collection containing only the CRLs that match the
- * specified CRLSelector.
- *
- * @param name the location holding the attribute
- * @param id the attribute identifier
- * @param sel a CRLSelector that the CRLs must match
- * @return a Collection of CRLs found
- * @throws CertStoreException if an exception occurs
- */
- private Collection<X509CRL> getCRLs(LDAPRequest request, String id,
- X509CRLSelector sel) throws CertStoreException {
-
- /* fetch the encoded crls from storage */
- byte[][] encodedCRL;
- try {
- encodedCRL = request.getValues(id);
- } catch (NamingException namingEx) {
- throw new CertStoreException(namingEx);
- }
-
- int n = encodedCRL.length;
- if (n == 0) {
- return Collections.emptySet();
- }
-
- List<X509CRL> crls = new ArrayList<>(n);
- /* decode each crl and check if it matches selector */
- for (int i = 0; i < n; i++) {
- try {
- CRL crl = cf.generateCRL(new ByteArrayInputStream(encodedCRL[i]));
- if (sel.match(crl)) {
- crls.add((X509CRL)crl);
- }
- } catch (CRLException e) {
- if (debug != null) {
- debug.println("LDAPCertStore.getCRLs() encountered exception"
- + " while parsing CRL, skipping the bad data: ");
- HexDumpEncoder encoder = new HexDumpEncoder();
- debug.println("[ " + encoder.encodeBuffer(encodedCRL[i]) + " ]");
- }
- }
- }
-
- return crls;
- }
-
- /**
- * Returns a <code>Collection</code> of <code>CRL</code>s that
- * match the specified selector. If no <code>CRL</code>s
- * match the selector, an empty <code>Collection</code> will be returned.
- * <p>
- * It is not practical to search every entry in the LDAP database for
- * matching <code>CRL</code>s. Instead, the <code>CRLSelector</code>
- * is examined in order to determine where matching <code>CRL</code>s
- * are likely to be found (according to the PKIX LDAPv2 schema, RFC 2587).
- * If issuerNames or certChecking are specified, the issuer's directory
- * entry is searched. If neither issuerNames or certChecking are specified
- * (or the selector is not an <code>X509CRLSelector</code>), a
- * <code>CertStoreException</code> is thrown.
- *
- * @param selector A <code>CRLSelector</code> used to select which
- * <code>CRL</code>s should be returned. Specify <code>null</code>
- * to return all <code>CRL</code>s.
- * @return A <code>Collection</code> of <code>CRL</code>s that
- * match the specified selector
- * @throws CertStoreException if an exception occurs
- */
- public synchronized Collection<X509CRL> engineGetCRLs(CRLSelector selector)
- throws CertStoreException {
- if (debug != null) {
- debug.println("LDAPCertStore.engineGetCRLs() selector: "
- + selector);
- }
- // Set up selector and collection to hold CRLs
- if (selector == null) {
- selector = new X509CRLSelector();
- }
- if (!(selector instanceof X509CRLSelector)) {
- throw new CertStoreException("need X509CRLSelector to find CRLs");
- }
- X509CRLSelector xsel = (X509CRLSelector) selector;
- HashSet<X509CRL> crls = new HashSet<>();
-
- // Look in directory entry for issuer of cert we're checking.
- Collection<Object> issuerNames;
- X509Certificate certChecking = xsel.getCertificateChecking();
- if (certChecking != null) {
- issuerNames = new HashSet<>();
- X500Principal issuer = certChecking.getIssuerX500Principal();
- issuerNames.add(issuer.getName(X500Principal.RFC2253));
- } else {
- // But if we don't know which cert we're checking, try the directory
- // entries of all acceptable CRL issuers
- issuerNames = xsel.getIssuerNames();
- if (issuerNames == null) {
- throw new CertStoreException("need issuerNames or certChecking to "
- + "find CRLs");
- }
- }
- for (Object nameObject : issuerNames) {
- String issuerName;
- if (nameObject instanceof byte[]) {
- try {
- X500Principal issuer = new X500Principal((byte[])nameObject);
- issuerName = issuer.getName(X500Principal.RFC2253);
- } catch (IllegalArgumentException e) {
- continue;
- }
- } else {
- issuerName = (String)nameObject;
- }
- // If all we want is CA certs, try to get the (probably shorter) ARL
- Collection<X509CRL> entryCRLs = Collections.emptySet();
- if (certChecking == null || certChecking.getBasicConstraints() != -1) {
- LDAPRequest request = new LDAPRequest(issuerName);
- request.addRequestedAttribute(CROSS_CERT);
- request.addRequestedAttribute(CA_CERT);
- request.addRequestedAttribute(ARL);
- if (prefetchCRLs) {
- request.addRequestedAttribute(CRL);
- }
- try {
- entryCRLs = getCRLs(request, ARL, xsel);
- if (entryCRLs.isEmpty()) {
- // no ARLs found. We assume that means that there are
- // no ARLs on this server at all and prefetch the CRLs.
- prefetchCRLs = true;
- } else {
- crls.addAll(entryCRLs);
- }
- } catch (CertStoreException e) {
- if (debug != null) {
- debug.println("LDAPCertStore.engineGetCRLs non-fatal error "
- + "retrieving ARLs:" + e);
- e.printStackTrace();
- }
- }
- }
- // Otherwise, get the CRL
- // if certChecking is null, we don't know if we should look in ARL or CRL
- // attribute, so check both for matching CRLs.
- if (entryCRLs.isEmpty() || certChecking == null) {
- LDAPRequest request = new LDAPRequest(issuerName);
- request.addRequestedAttribute(CRL);
- entryCRLs = getCRLs(request, CRL, xsel);
- crls.addAll(entryCRLs);
- }
- }
- return crls;
- }
-
- // converts an LDAP URI into LDAPCertStoreParameters
- static LDAPCertStoreParameters getParameters(URI uri) {
- String host = uri.getHost();
- if (host == null) {
- return new SunLDAPCertStoreParameters();
- } else {
- int port = uri.getPort();
- return (port == -1
- ? new SunLDAPCertStoreParameters(host)
- : new SunLDAPCertStoreParameters(host, port));
- }
- }
-
- /*
- * Subclass of LDAPCertStoreParameters with overridden equals/hashCode
- * methods. This is necessary because the parameters are used as
- * keys in the LDAPCertStore cache.
- */
- private static class SunLDAPCertStoreParameters
- extends LDAPCertStoreParameters {
-
- private volatile int hashCode = 0;
-
- SunLDAPCertStoreParameters(String serverName, int port) {
- super(serverName, port);
- }
- SunLDAPCertStoreParameters(String serverName) {
- super(serverName);
- }
- SunLDAPCertStoreParameters() {
- super();
- }
- public boolean equals(Object obj) {
- if (!(obj instanceof LDAPCertStoreParameters)) {
- return false;
- }
- LDAPCertStoreParameters params = (LDAPCertStoreParameters) obj;
- return (getPort() == params.getPort() &&
- getServerName().equalsIgnoreCase(params.getServerName()));
- }
- public int hashCode() {
- if (hashCode == 0) {
- int result = 17;
- result = 37*result + getPort();
- result = 37*result +
- getServerName().toLowerCase(Locale.ENGLISH).hashCode();
- hashCode = result;
- }
- return hashCode;
- }
- }
-
- /*
- * This inner class wraps an existing X509CertSelector and adds
- * additional criteria to match on when the certificate's subject is
- * different than the LDAP Distinguished Name entry. The LDAPCertStore
- * implementation uses the subject DN as the directory entry for
- * looking up certificates. This can be problematic if the certificates
- * that you want to fetch have a different subject DN than the entry
- * where they are stored. You could set the selector's subject to the
- * LDAP DN entry, but then the resulting match would fail to find the
- * desired certificates because the subject DNs would not match. This
- * class avoids that problem by introducing a certSubject which should
- * be set to the certificate's subject DN when it is different than
- * the LDAP DN.
- */
- static class LDAPCertSelector extends X509CertSelector {
-
- private X500Principal certSubject;
- private X509CertSelector selector;
- private X500Principal subject;
-
- /**
- * Creates an LDAPCertSelector.
- *
- * @param selector the X509CertSelector to wrap
- * @param certSubject the subject DN of the certificate that you want
- * to retrieve via LDAP
- * @param ldapDN the LDAP DN where the certificate is stored
- */
- LDAPCertSelector(X509CertSelector selector, X500Principal certSubject,
- String ldapDN) throws IOException {
- this.selector = selector == null ? new X509CertSelector() : selector;
- this.certSubject = certSubject;
- this.subject = new X500Name(ldapDN).asX500Principal();
- }
-
- // we only override the get (accessor methods) since the set methods
- // will not be invoked by the code that uses this LDAPCertSelector.
- public X509Certificate getCertificate() {
- return selector.getCertificate();
- }
- public BigInteger getSerialNumber() {
- return selector.getSerialNumber();
- }
- public X500Principal getIssuer() {
- return selector.getIssuer();
- }
- public String getIssuerAsString() {
- return selector.getIssuerAsString();
- }
- public byte[] getIssuerAsBytes() throws IOException {
- return selector.getIssuerAsBytes();
- }
- public X500Principal getSubject() {
- // return the ldap DN
- return subject;
- }
- public String getSubjectAsString() {
- // return the ldap DN
- return subject.getName();
- }
- public byte[] getSubjectAsBytes() throws IOException {
- // return the encoded ldap DN
- return subject.getEncoded();
- }
- public byte[] getSubjectKeyIdentifier() {
- return selector.getSubjectKeyIdentifier();
- }
- public byte[] getAuthorityKeyIdentifier() {
- return selector.getAuthorityKeyIdentifier();
- }
- public Date getCertificateValid() {
- return selector.getCertificateValid();
- }
- public Date getPrivateKeyValid() {
- return selector.getPrivateKeyValid();
- }
- public String getSubjectPublicKeyAlgID() {
- return selector.getSubjectPublicKeyAlgID();
- }
- public PublicKey getSubjectPublicKey() {
- return selector.getSubjectPublicKey();
- }
- public boolean[] getKeyUsage() {
- return selector.getKeyUsage();
- }
- public Set<String> getExtendedKeyUsage() {
- return selector.getExtendedKeyUsage();
- }
- public boolean getMatchAllSubjectAltNames() {
- return selector.getMatchAllSubjectAltNames();
- }
- public Collection<List<?>> getSubjectAlternativeNames() {
- return selector.getSubjectAlternativeNames();
- }
- public byte[] getNameConstraints() {
- return selector.getNameConstraints();
- }
- public int getBasicConstraints() {
- return selector.getBasicConstraints();
- }
- public Set<String> getPolicy() {
- return selector.getPolicy();
- }
- public Collection<List<?>> getPathToNames() {
- return selector.getPathToNames();
- }
-
- public boolean match(Certificate cert) {
- // temporarily set the subject criterion to the certSubject
- // so that match will not reject the desired certificates
- selector.setSubject(certSubject);
- boolean match = selector.match(cert);
- selector.setSubject(subject);
- return match;
- }
- }
-
- /**
- * This class has the same purpose as LDAPCertSelector except it is for
- * X.509 CRLs.
- */
- static class LDAPCRLSelector extends X509CRLSelector {
-
- private X509CRLSelector selector;
- private Collection<X500Principal> certIssuers;
- private Collection<X500Principal> issuers;
- private HashSet<Object> issuerNames;
-
- /**
- * Creates an LDAPCRLSelector.
- *
- * @param selector the X509CRLSelector to wrap
- * @param certIssuers the issuer DNs of the CRLs that you want
- * to retrieve via LDAP
- * @param ldapDN the LDAP DN where the CRL is stored
- */
- LDAPCRLSelector(X509CRLSelector selector,
- Collection<X500Principal> certIssuers, String ldapDN)
- throws IOException {
- this.selector = selector == null ? new X509CRLSelector() : selector;
- this.certIssuers = certIssuers;
- issuerNames = new HashSet<>();
- issuerNames.add(ldapDN);
- issuers = new HashSet<>();
- issuers.add(new X500Name(ldapDN).asX500Principal());
- }
- // we only override the get (accessor methods) since the set methods
- // will not be invoked by the code that uses this LDAPCRLSelector.
- public Collection<X500Principal> getIssuers() {
- // return the ldap DN
- return Collections.unmodifiableCollection(issuers);
- }
- public Collection<Object> getIssuerNames() {
- // return the ldap DN
- return Collections.unmodifiableCollection(issuerNames);
- }
- public BigInteger getMinCRL() {
- return selector.getMinCRL();
- }
- public BigInteger getMaxCRL() {
- return selector.getMaxCRL();
- }
- public Date getDateAndTime() {
- return selector.getDateAndTime();
- }
- public X509Certificate getCertificateChecking() {
- return selector.getCertificateChecking();
- }
- public boolean match(CRL crl) {
- // temporarily set the issuer criterion to the certIssuers
- // so that match will not reject the desired CRL
- selector.setIssuers(certIssuers);
- boolean match = selector.match(crl);
- selector.setIssuers(issuers);
- return match;
- }
- }
-}
diff --git a/ojluni/src/main/java/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java b/ojluni/src/main/java/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java
deleted file mode 100644
index 8e6899b..0000000
--- a/ojluni/src/main/java/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.provider.certpath.ldap;
-
-import java.io.IOException;
-import java.net.URI;
-import java.util.Collection;
-import java.security.NoSuchAlgorithmException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreException;
-import java.security.cert.X509CertSelector;
-import java.security.cert.X509CRLSelector;
-import javax.naming.CommunicationException;
-import javax.naming.ServiceUnavailableException;
-import javax.security.auth.x500.X500Principal;
-
-import sun.security.provider.certpath.CertStoreHelper;
-
-/**
- * LDAP implementation of CertStoreHelper.
- */
-
-public final class LDAPCertStoreHelper
- extends CertStoreHelper
-{
- @Override
- public CertStore getCertStore(URI uri)
- throws NoSuchAlgorithmException, InvalidAlgorithmParameterException
- {
- return LDAPCertStore.getInstance(LDAPCertStore.getParameters(uri));
- }
-
- @Override
- public X509CertSelector wrap(X509CertSelector selector,
- X500Principal certSubject,
- String ldapDN)
- throws IOException
- {
- return new LDAPCertStore.LDAPCertSelector(selector, certSubject, ldapDN);
- }
-
- @Override
- public X509CRLSelector wrap(X509CRLSelector selector,
- Collection<X500Principal> certIssuers,
- String ldapDN)
- throws IOException
- {
- return new LDAPCertStore.LDAPCRLSelector(selector, certIssuers, ldapDN);
- }
-
- @Override
- public boolean isCausedByNetworkIssue(CertStoreException e) {
- Throwable t = e.getCause();
- return (t != null && (t instanceof ServiceUnavailableException ||
- t instanceof CommunicationException));
- }
-}
diff --git a/openjdk_java_files.mk b/openjdk_java_files.mk
index 9d18407..688dd5d 100644
--- a/openjdk_java_files.mk
+++ b/openjdk_java_files.mk
@@ -1244,7 +1244,6 @@
ojluni/src/main/java/sun/net/www/http/PosterOutputStream.java \
ojluni/src/main/java/sun/net/www/protocol/file/FileURLConnection.java \
ojluni/src/main/java/sun/net/www/protocol/file/Handler.java \
- ojluni/src/main/java/sun/net/www/protocol/file/Handler.java \
ojluni/src/main/java/sun/net/www/protocol/ftp/FtpURLConnection.java \
ojluni/src/main/java/sun/net/www/protocol/ftp/Handler.java \
ojluni/src/main/java/sun/net/www/protocol/http/AuthCache.java \