infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-02-24 09:10:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge

Browse Source
This commit is contained in:
Lana Steuck 2012-11-09 14:46:34 -08:00
commit 324f3fc04f
165 changed files with 7831 additions and 1230 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
jdk/make/common/shared/Defs-control.gmk
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 1995, 2011, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 1995, 2012, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@ -88,9 +88,9 @@ ABS_TEMP_DIR = $(ABS_OUTPUTDIR)/tmp
dummy := $(shell $(MKDIR) -p $(TEMP_DIR))
# The language version we want for this jdk build
SOURCE_LANGUAGE_VERSION=7
SOURCE_LANGUAGE_VERSION=8
# The class version we want for this jdk build
TARGET_CLASS_VERSION=7
TARGET_CLASS_VERSION=8
# The MESSAGE, WARNING and ERROR files are used to store sanity check and
# source check messages, warnings and errors.

4
jdk/make/common/shared/Defs-java.gmk
View File

@ -143,12 +143,12 @@ ifeq ($(wildcard $(SHARE_SRC)/classes/javax/crypto/Cipher.java),)
endif
# Add the source level
SOURCE_LANGUAGE_VERSION = 7
SOURCE_LANGUAGE_VERSION = 8
LANGUAGE_VERSION = -source $(SOURCE_LANGUAGE_VERSION)
JAVACFLAGS += $(LANGUAGE_VERSION)
# Add the class version we want
TARGET_CLASS_VERSION = 7
TARGET_CLASS_VERSION = 8
CLASS_VERSION = -target $(TARGET_CLASS_VERSION)
JAVACFLAGS += $(CLASS_VERSION)
JAVACFLAGS += -encoding ascii

6
jdk/make/java/invoke/Makefile
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@ -36,7 +36,7 @@ FILES_java = \
# The sources built here use new language syntax to generate
# method handle calls. Let's be sure we are using that format.
LANGUAGE_VERSION = -source 7
CLASS_VERSION = -target 7
LANGUAGE_VERSION = -source 8
CLASS_VERSION = -target 8
include $(BUILDDIR)/common/Classes.gmk

2
jdk/make/sun/javazic/tzdata/VERSION
View File

@ -21,4 +21,4 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
tzdata2012c
tzdata2012i

49
jdk/make/sun/javazic/tzdata/africa
View File

@ -260,7 +260,7 @@ Rule Egypt 2006 only - Sep 21 23:00s 0 -
# I received a mail from an airline which says that the daylight
# saving time in Egypt will end in the night of 2007-09-06 to 2007-09-07.
# From Jesper Norgaard Welen (2007-08-15): [The following agree:]
# http://www.nentjes.info/Bill/bill5.htm
# http://www.nentjes.info/Bill/bill5.htm
# http://www.timeanddate.com/worldclock/city.html?n=53
# From Steffen Thorsen (2007-09-04): The official information...:
# http://www.sis.gov.eg/En/EgyptOnline/Miscellaneous/000002/0207000000000000001580.htm
@ -314,18 +314,18 @@ Rule Egypt 2007 only - Sep Thu>=1 23:00s 0 -
# in September.
# From Steffen Thorsen (2009-08-11):
# We have been able to confirm the August change with the Egyptian Cabinet
# We have been able to confirm the August change with the Egyptian Cabinet
# Information and Decision Support Center:
# <a href="http://www.timeanddate.com/news/time/egypt-dst-ends-2009.html">
# http://www.timeanddate.com/news/time/egypt-dst-ends-2009.html
# </a>
#
#
# The Middle East News Agency
# <a href="http://www.mena.org.eg/index.aspx">
# http://www.mena.org.eg/index.aspx
# </a>
# also reports "Egypt starts winter time on August 21"
# today in article numbered "71, 11/08/2009 12:25 GMT."
# today in article numbered "71, 11/08/2009 12:25 GMT."
# Only the title above is available without a subscription to their service,
# and can be found by searching for "winter" in their search engine
# (at least today).
@ -504,7 +504,7 @@ Zone Africa/Nouakchott -1:03:48 - LMT 1912
# From Steffen Thorsen (2008-06-25):
# Mauritius plans to observe DST from 2008-11-01 to 2009-03-31 on a trial
# basis....
# It seems that Mauritius observed daylight saving time from 1982-10-10 to
# It seems that Mauritius observed daylight saving time from 1982-10-10 to
# 1983-03-20 as well, but that was not successful....
# http://www.timeanddate.com/news/time/mauritius-daylight-saving-time.html
@ -528,12 +528,12 @@ Zone Africa/Nouakchott -1:03:48 - LMT 1912
# than previously announced (2008-11-01 to 2009-03-31). The new start
# date is 2008-10-26 at 02:00 and the new end date is 2009-03-27 (no time
# given, but it is probably at either 2 or 3 wall clock time).
#
# A little strange though, since the article says that they moved the date
# to align itself with Europe and USA which also change time on that date,
# but that means they have not paid attention to what happened in
# USA/Canada last year (DST ends first Sunday in November). I also wonder
# why that they end on a Friday, instead of aligning with Europe which
#
# A little strange though, since the article says that they moved the date
# to align itself with Europe and USA which also change time on that date,
# but that means they have not paid attention to what happened in
# USA/Canada last year (DST ends first Sunday in November). I also wonder
# why that they end on a Friday, instead of aligning with Europe which
# changes two days later.
# From Alex Krivenyshev (2008-07-11):
@ -592,7 +592,7 @@ Zone Africa/Nouakchott -1:03:48 - LMT 1912
# </a>
# From Arthur David Olson (2009-07-11):
# The "mauritius-dst-will-not-repeat" wrapup includes this:
# The "mauritius-dst-will-not-repeat" wrapup includes this:
# "The trial ended on March 29, 2009, when the clocks moved back by one hour
# at 2am (or 02:00) local time..."
@ -686,8 +686,8 @@ Zone Indian/Mayotte 3:00:56 - LMT 1911 Jul # Mamoutzou
# XXX--guess that it is only Morocco for now; guess only 2008 for now.
# From Steffen Thorsen (2008-08-27):
# Morocco will change the clocks back on the midnight between August 31
# and September 1. They originally planned to observe DST to near the end
# Morocco will change the clocks back on the midnight between August 31
# and September 1. They originally planned to observe DST to near the end
# of September:
#
# One article about it (in French):
@ -821,6 +821,23 @@ Zone Indian/Mayotte 3:00:56 - LMT 1911 Jul # Mamoutzou
# "...&agrave; partir du dernier dimance d'avril et non fins mars,
# comme annonc&eacute; pr&eacute;c&eacute;demment."
# From Milamber Space Network (2012-07-17):
# The official return to GMT is announced by the Moroccan government:
# <a href="http://www.mmsp.gov.ma/fr/actualites.aspx?id=288">
# http://www.mmsp.gov.ma/fr/actualites.aspx?id=288 [in French]
# </a>
#
# Google translation, lightly edited:
# Back to the standard time of the Kingdom (GMT)
# Pursuant to Decree No. 2-12-126 issued on 26 Jumada (I) 1433 (April 18,
# 2012) and in accordance with the order of Mr. President of the
# Government No. 3-47-12 issued on 24 Sha'ban (11 July 2012), the Ministry
# of Public Service and Administration Modernization announces the return
# of the legal time of the Kingdom (GMT) from Friday, July 20, 2012 until
# Monday, August 20, 2012. So the time will be delayed by 60 minutes from
# 3:00 am Friday, July 20, 2012 and will again be advanced by 60 minutes
# August 20, 2012 from 2:00 am.
# RULE NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Morocco 1939 only - Sep 12 0:00 1:00 S
@ -848,6 +865,8 @@ Rule Morocco 2011 only - Apr 3 0:00 1:00 S
Rule Morocco 2011 only - Jul 31 0 0 -
Rule Morocco 2012 max - Apr lastSun 2:00 1:00 S
Rule Morocco 2012 max - Sep lastSun 3:00 0 -
Rule Morocco 2012 only - Jul 20 3:00 0 -
Rule Morocco 2012 only - Aug 20 2:00 1:00 S
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Africa/Casablanca -0:30:20 - LMT 1913 Oct 26
@ -876,7 +895,7 @@ Zone Africa/Maputo 2:10:20 - LMT 1903 Mar
# Forecasting Riaan van Zyl explained that the far eastern parts of
# the country are close to 40 minutes earlier in sunrise than the rest
# of the country.
#
#
# From Paul Eggert (2007-03-31):
# Apparently the Caprivi Strip informally observes Botswana time, but
# we have no details. In the meantime people there can use Africa/Gaborone.

174
jdk/make/sun/javazic/tzdata/asia
View File

@ -124,7 +124,7 @@ Zone Asia/Kabul 4:36:48 - LMT 1890
# From Alexander Krivenyshev (2012-02-10):
# According to News Armenia, on Feb 9, 2012,
# http://newsarmenia.ru/society/20120209/42609695.html
#
#
# The Armenia National Assembly adopted final reading of Amendments to the
# Law "On procedure of calculation time on the territory of the Republic of
# Armenia" according to which Armenia [is] abolishing Daylight Saving Time.
@ -204,15 +204,15 @@ Zone Asia/Bahrain 3:22:20 - LMT 1920 # Al Manamah
# </a>
# From A. N. M. Kamrus Saadat (2009-06-15):
# Finally we've got the official mail regarding DST start time where DST start
# time is mentioned as Jun 19 2009, 23:00 from BTRC (Bangladesh
# Telecommunication Regulatory Commission).
# Finally we've got the official mail regarding DST start time where DST start
# time is mentioned as Jun 19 2009, 23:00 from BTRC (Bangladesh
# Telecommunication Regulatory Commission).
#
# No DST end date has been announced yet.
# From Alexander Krivenyshev (2009-09-25):
# Bangladesh won't go back to Standard Time from October 1, 2009,
# instead it will continue DST measure till the cabinet makes a fresh decision.
# Bangladesh won't go back to Standard Time from October 1, 2009,
# instead it will continue DST measure till the cabinet makes a fresh decision.
#
# Following report by same newspaper-"The Daily Star Friday":
# "DST change awaits cabinet decision-Clock won't go back by 1-hr from Oct 1"
@ -226,8 +226,8 @@ Zone Asia/Bahrain 3:22:20 - LMT 1920 # Al Manamah
# From Steffen Thorsen (2009-10-13):
# IANS (Indo-Asian News Service) now reports:
# Bangladesh has decided that the clock advanced by an hour to make
# maximum use of daylight hours as an energy saving measure would
# Bangladesh has decided that the clock advanced by an hour to make
# maximum use of daylight hours as an energy saving measure would
# "continue for an indefinite period."
#
# One of many places where it is published:
@ -255,7 +255,7 @@ Zone Asia/Bahrain 3:22:20 - LMT 1920 # Al Manamah
# From Alexander Krivenyshev (2010-03-22):
# According to Bangladesh newspaper "The Daily Star,"
# Cabinet cancels Daylight Saving Time
# Cabinet cancels Daylight Saving Time
# <a href="http://www.thedailystar.net/newDesign/latest_news.php?nid=22817">
# http://www.thedailystar.net/newDesign/latest_news.php?nid=22817
# </a>
@ -383,11 +383,11 @@ Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D
# observing daylight saving time in 1986.
#
# From Thomas S. Mullaney (2008-02-11):
# I think you're combining two subjects that need to treated
# separately: daylight savings (which, you're correct, wasn't
# implemented until the 1980s) and the unified time zone centered near
# Beijing (which was implemented in 1949). Briefly, there was also a
# "Lhasa Time" in Tibet and "Urumqi Time" in Xinjiang. The first was
# I think you're combining two subjects that need to treated
# separately: daylight savings (which, you're correct, wasn't
# implemented until the 1980s) and the unified time zone centered near
# Beijing (which was implemented in 1949). Briefly, there was also a
# "Lhasa Time" in Tibet and "Urumqi Time" in Xinjiang. The first was
# ceased, and the second eventually recognized (again, in the 1980s).
#
# From Paul Eggert (2008-06-30):
@ -524,7 +524,7 @@ Zone Asia/Kashgar 5:03:56 - LMT 1928 # or Kashi or Kaxgar
# as of 2009-10-28:
# Year Period
# 1941 1 Apr to 30 Sep
# 1942 Whole year
# 1942 Whole year
# 1943 Whole year
# 1944 Whole year
# 1945 Whole year
@ -615,16 +615,16 @@ Zone Asia/Hong_Kong 7:36:36 - LMT 1904 Oct 30
# From Arthur David Olson (2010-04-07):
# Here's Google's translation of the table at the bottom of the "summert.htm" page:
# Decade Name Start and end date
# Republic of China 34 years to 40 years (AD 1945-1951 years) Summer Time May 1 to September 30
# 41 years of the Republic of China (AD 1952) Daylight Saving Time March 1 to October 31
# Republic of China 42 years to 43 years (AD 1953-1954 years) Daylight Saving Time April 1 to October 31
# In the 44 years to 45 years (AD 1955-1956 years) Daylight Saving Time April 1 to September 30
# Republic of China 46 years to 48 years (AD 1957-1959) Summer Time April 1 to September 30
# Republic of China 49 years to 50 years (AD 1960-1961) Summer Time June 1 to September 30
# Republic of China 51 years to 62 years (AD 1962-1973 years) Stop Summer Time
# Republic of China 63 years to 64 years (1974-1975 AD) Daylight Saving Time April 1 to September 30
# Republic of China 65 years to 67 years (1976-1978 AD) Stop Daylight Saving Time
# Republic of China 68 years (AD 1979) Daylight Saving Time July 1 to September 30
# Republic of China 34 years to 40 years (AD 1945-1951 years) Summer Time May 1 to September 30
# 41 years of the Republic of China (AD 1952) Daylight Saving Time March 1 to October 31
# Republic of China 42 years to 43 years (AD 1953-1954 years) Daylight Saving Time April 1 to October 31
# In the 44 years to 45 years (AD 1955-1956 years) Daylight Saving Time April 1 to September 30
# Republic of China 46 years to 48 years (AD 1957-1959) Summer Time April 1 to September 30
# Republic of China 49 years to 50 years (AD 1960-1961) Summer Time June 1 to September 30
# Republic of China 51 years to 62 years (AD 1962-1973 years) Stop Summer Time
# Republic of China 63 years to 64 years (1974-1975 AD) Daylight Saving Time April 1 to September 30
# Republic of China 65 years to 67 years (1976-1978 AD) Stop Daylight Saving Time
# Republic of China 68 years (AD 1979) Daylight Saving Time July 1 to September 30
# Republic of China since 69 years (AD 1980) Stop Daylight Saving Time
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
@ -1193,15 +1193,15 @@ Rule Zion 2004 only - Sep 22 1:00 0 S
#
# ftp://ftp.cs.huji.ac.il/pub/tz/announcements/2005+beyond.ps
# From Paul Eggert (2005-02-22):
# From Paul Eggert (2012-10-26):
# I used Ephraim Silverberg's dst-israel.el program
# <ftp://ftp.cs.huji.ac.il/pub/tz/software/dst-israel.el> (2005-02-20)
# along with Ed Reingold's cal-hebrew in GNU Emacs 21.4,
# to generate the transitions in this list.
# to generate the transitions from 2005 through 2012.
# (I replaced "lastFri" with "Fri>=26" by hand.)
# The spring transitions below all correspond to the following Rule:
# The spring transitions all correspond to the following Rule:
#
# Rule Zion 2005 max - Mar Fri>=26 2:00 1:00 D
# Rule Zion 2005 2012 - Mar Fri>=26 2:00 1:00 D
#
# but older zic implementations (e.g., Solaris 8) do not support
# "Fri>=26" to mean April 1 in years like 2005, so for now we list the
@ -1218,39 +1218,36 @@ Rule Zion 2009 only - Sep 27 2:00 0 S
Rule Zion 2010 only - Sep 12 2:00 0 S
Rule Zion 2011 only - Apr 1 2:00 1:00 D
Rule Zion 2011 only - Oct 2 2:00 0 S
Rule Zion 2012 2015 - Mar Fri>=26 2:00 1:00 D
Rule Zion 2012 only - Mar Fri>=26 2:00 1:00 D
Rule Zion 2012 only - Sep 23 2:00 0 S
Rule Zion 2013 only - Sep 8 2:00 0 S
Rule Zion 2014 only - Sep 28 2:00 0 S
Rule Zion 2015 only - Sep 20 2:00 0 S
Rule Zion 2016 only - Apr 1 2:00 1:00 D
Rule Zion 2016 only - Oct 9 2:00 0 S
Rule Zion 2017 2021 - Mar Fri>=26 2:00 1:00 D
Rule Zion 2017 only - Sep 24 2:00 0 S
Rule Zion 2018 only - Sep 16 2:00 0 S
Rule Zion 2019 only - Oct 6 2:00 0 S
Rule Zion 2020 only - Sep 27 2:00 0 S
Rule Zion 2021 only - Sep 12 2:00 0 S
Rule Zion 2022 only - Apr 1 2:00 1:00 D
Rule Zion 2022 only - Oct 2 2:00 0 S
Rule Zion 2023 2032 - Mar Fri>=26 2:00 1:00 D
Rule Zion 2023 only - Sep 24 2:00 0 S
Rule Zion 2024 only - Oct 6 2:00 0 S
Rule Zion 2025 only - Sep 28 2:00 0 S
Rule Zion 2026 only - Sep 20 2:00 0 S
Rule Zion 2027 only - Oct 10 2:00 0 S
Rule Zion 2028 only - Sep 24 2:00 0 S
Rule Zion 2029 only - Sep 16 2:00 0 S
Rule Zion 2030 only - Oct 6 2:00 0 S
Rule Zion 2031 only - Sep 21 2:00 0 S
Rule Zion 2032 only - Sep 12 2:00 0 S
Rule Zion 2033 only - Apr 1 2:00 1:00 D
Rule Zion 2033 only - Oct 2 2:00 0 S
Rule Zion 2034 2037 - Mar Fri>=26 2:00 1:00 D
Rule Zion 2034 only - Sep 17 2:00 0 S
Rule Zion 2035 only - Oct 7 2:00 0 S
Rule Zion 2036 only - Sep 28 2:00 0 S
Rule Zion 2037 only - Sep 13 2:00 0 S
# From Ephraim Silverberg (2012-10-18):
# Yesterday, the Interior Ministry Committee, after more than a year
# past, approved sending the proposed June 2011 changes to the Time
# Decree Law back to the Knesset for second and third (final) votes
# before the upcoming elections on Jan. 22, 2013. Hence, although the
# changes are not yet law, they are expected to be so before February 2013.
#
# As of 2013, DST starts at 02:00 on the Friday before the last Sunday in March.
# DST ends at 02:00 on the first Sunday after October 1, unless it occurs on the
# second day of the Jewish Rosh Hashana holiday, in which case DST ends a day
# later (i.e. at 02:00 the first Monday after October 2).
# [Rosh Hashana holidays are factored in until 2100.]
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Zion 2013 max - Mar Fri>=23 2:00 1:00 D
Rule Zion 2013 2026 - Oct Sun>=2 2:00 0 S
Rule Zion 2027 only - Oct Mon>=3 2:00 0 S
Rule Zion 2028 max - Oct Sun>=2 2:00 0 S
# The following rules are commented out for now, as they break older
# versions of zic that support only signed 32-bit timestamps, i.e.,
# through 2038-01-19 03:14:07 UTC.
#Rule Zion 2028 2053 - Oct Sun>=2 2:00 0 S
#Rule Zion 2054 only - Oct Mon>=3 2:00 0 S
#Rule Zion 2055 2080 - Oct Sun>=2 2:00 0 S
#Rule Zion 2081 only - Oct Mon>=3 2:00 0 S
#Rule Zion 2082 max - Oct Sun>=2 2:00 0 S
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Jerusalem 2:20:56 - LMT 1880
@ -1385,6 +1382,16 @@ Zone Asia/Tokyo 9:18:59 - LMT 1887 Dec 31 15:00u
# From Arthur David Olson (2009-04-06):
# We still have Jordan switching to DST on Thursdays in 2000 and 2001.
# From Steffen Thorsen (2012-10-25):
# Yesterday the government in Jordan announced that they will not
# switch back to standard time this winter, so the will stay on DST
# until about the same time next year (at least).
# http://www.petra.gov.jo/Public_News/Nws_NewsDetails.aspx?NewsID=88950
#
# From Paul Eggert (2012-10-25):
# For now, assume this is just a one-year measure. If it becomes
# permanent, we should move Jordan from EET to AST effective tomorrow.
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Jordan 1973 only - Jun 6 0:00 1:00 S
Rule Jordan 1973 1975 - Oct 1 0:00 0 -
@ -1413,7 +1420,8 @@ Rule Jordan 2002 max - Mar lastThu 24:00 1:00 S
Rule Jordan 2003 only - Oct 24 0:00s 0 -
Rule Jordan 2004 only - Oct 15 0:00s 0 -
Rule Jordan 2005 only - Sep lastFri 0:00s 0 -
Rule Jordan 2006 max - Oct lastFri 0:00s 0 -
Rule Jordan 2006 2011 - Oct lastFri 0:00s 0 -
Rule Jordan 2013 max - Oct lastFri 0:00s 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Amman 2:23:44 - LMT 1931
2:00 Jordan EE%sT
@ -1858,15 +1866,15 @@ Zone Asia/Muscat 3:54:20 - LMT 1920
# shown 8 per cent higher consumption of electricity.
# From Alex Krivenyshev (2008-05-15):
#
# Here is an article that Pakistan plan to introduce Daylight Saving Time
#
# Here is an article that Pakistan plan to introduce Daylight Saving Time
# on June 1, 2008 for 3 months.
#
# "... The federal cabinet on Wednesday announced a new conservation plan to help
# reduce load shedding by approving the closure of commercial centres at 9pm and
# moving clocks forward by one hour for the next three months.
#
# "... The federal cabinet on Wednesday announced a new conservation plan to help
# reduce load shedding by approving the closure of commercial centres at 9pm and
# moving clocks forward by one hour for the next three months.
# ...."
#
#
# <a href="http://www.worldtimezone.net/dst_news/dst_news_pakistan01.html">
# http://www.worldtimezone.net/dst_news/dst_news_pakistan01.html
# </a>
@ -1926,7 +1934,7 @@ Zone Asia/Muscat 3:54:20 - LMT 1920
# Government has decided to restore the previous time by moving the
# clocks backward by one hour from October 1. A formal announcement to
# this effect will be made after the Prime Minister grants approval in
# this regard."
# this regard."
# <a href="http://www.thenews.com.pk/updates.asp?id=87168">
# http://www.thenews.com.pk/updates.asp?id=87168
# </a>
@ -2222,7 +2230,7 @@ Zone Asia/Karachi 4:28:12 - LMT 1907
# <a href="http://www.maannews.net/eng/ViewDetails.aspx?ID=306795">
# http://www.maannews.net/eng/ViewDetails.aspx?ID=306795
# </a>
# the clocks were set back one hour at 2010-08-11 00:00:00 local time in
# the clocks were set back one hour at 2010-08-11 00:00:00 local time in
# Gaza and the West Bank.
# Some more background info:
# <a href="http://www.timeanddate.com/news/time/westbank-gaza-end-dst-2010.html">
@ -2261,7 +2269,7 @@ Zone Asia/Karachi 4:28:12 - LMT 1907
# The rules for Egypt are stolen from the `africa' file.
# From Steffen Thorsen (2011-09-30):
# West Bank did end Daylight Saving Time this morning/midnight (2011-09-30
# West Bank did end Daylight Saving Time this morning/midnight (2011-09-30
# 00:00).
# So West Bank and Gaza now have the same time again.
#
@ -2316,6 +2324,8 @@ Rule Palestine 2010 only - Aug 11 0:00 0 -
# From Arthur David Olson (2011-09-20):
# 2011 transitions per http://www.timeanddate.com as of 2011-09-20.
# From Paul Eggert (2012-10-12):
# 2012 transitions per http://www.timeanddate.com as of 2012-10-12.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Gaza 2:17:52 - LMT 1900 Oct
@ -2326,7 +2336,7 @@ Zone Asia/Gaza 2:17:52 - LMT 1900 Oct
2:00 Palestine EE%sT 2011 Apr 2 12:01
2:00 1:00 EEST 2011 Aug 1
2:00 - EET 2012 Mar 30
2:00 1:00 EEST 2012 Sep 28
2:00 1:00 EEST 2012 Sep 21 1:00
2:00 - EET
Zone Asia/Hebron 2:20:23 - LMT 1900 Oct
@ -2341,7 +2351,7 @@ Zone Asia/Hebron 2:20:23 - LMT 1900 Oct
2:00 - EET 2011 Aug 30
2:00 1:00 EEST 2011 Sep 30 3:00
2:00 - EET 2012 Mar 30
2:00 1:00 EEST 2012 Sep 28 3:00
2:00 1:00 EEST 2012 Sep 21 1:00
2:00 - EET
# Paracel Is
@ -2535,19 +2545,19 @@ Rule Syria 2007 only - Mar lastFri 0:00 1:00 S
# having it between Wednesday and Thursday (two workdays in Syria) since the
# weekend in Syria is not Saturday and Sunday, but Friday and Saturday. So now
# it is implemented at midnight of the last workday before weekend...
#
#
# From Steffen Thorsen (2007-10-27):
# Jesper Norgaard Welen wrote:
#
#
# > "Winter local time in Syria will be observed at midnight of Thursday 1
# > November 2007, and the clock will be put back 1 hour."
#
#
# I found confirmation on this in this gov.sy-article (Arabic):
# http://wehda.alwehda.gov.sy/_print_veiw.asp?FileName=12521710520070926111247
#
#
# which using Google's translate tools says:
# Council of Ministers also approved the commencement of work on
# identifying the winter time as of Friday, 2/11/2007 where the 60th
# Council of Ministers also approved the commencement of work on
# identifying the winter time as of Friday, 2/11/2007 where the 60th
# minute delay at midnight Thursday 1/11/2007.
Rule Syria 2007 only - Nov Fri>=1 0:00 0 -
@ -2613,8 +2623,8 @@ Rule Syria 2007 only - Nov Fri>=1 0:00 0 -
# </a>
# From Steffen Thorsen (2009-10-27):
# The Syrian Arab News Network on 2009-09-29 reported that Syria will
# revert back to winter (standard) time on midnight between Thursday
# The Syrian Arab News Network on 2009-09-29 reported that Syria will
# revert back to winter (standard) time on midnight between Thursday
# 2009-10-29 and Friday 2009-10-30:
# <a href="http://www.sana.sy/ara/2/2009/09/29/247012.htm">
# http://www.sana.sy/ara/2/2009/09/29/247012.htm (Arabic)

91
jdk/make/sun/javazic/tzdata/australasia
View File

@ -306,9 +306,9 @@ Zone Indian/Cocos 6:27:40 - LMT 1900
# </a>
# From Alexander Krivenyshev (2010-10-24):
# According to Radio Fiji and Fiji Times online, Fiji will end DST 3
# According to Radio Fiji and Fiji Times online, Fiji will end DST 3
# weeks earlier than expected - on March 6, 2011, not March 27, 2011...
# Here is confirmation from Government of the Republic of the Fiji Islands,
# Here is confirmation from Government of the Republic of the Fiji Islands,
# Ministry of Information (fiji.gov.fj) web site:
# <a href="http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=2608:daylight-savings&catid=71:press-releases&Itemid=155">
# http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=2608:daylight-savings&catid=71:press-releases&Itemid=155
@ -319,15 +319,15 @@ Zone Indian/Cocos 6:27:40 - LMT 1900
# </a>
# From Steffen Thorsen (2011-10-03):
# Now the dates have been confirmed, and at least our start date
# Now the dates have been confirmed, and at least our start date
# assumption was correct (end date was one week wrong).
#
# <a href="http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155">
# www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155
# </a>
# which says
# Members of the public are reminded to change their time to one hour in
# advance at 2am to 3am on October 23, 2011 and one hour back at 3am to
# Members of the public are reminded to change their time to one hour in
# advance at 2am to 3am on October 23, 2011 and one hour back at 3am to
# 2am on February 26 next year.
# From Ken Rylander (2011-10-24)
@ -344,15 +344,23 @@ Zone Indian/Cocos 6:27:40 - LMT 1900
# The commencement of daylight saving will remain unchanged and start
# on the 23rd of October, 2011.
# From the Fiji Government Online Portal (2012-08-21) via Steffen Thorsen:
# The Minister for Labour, Industrial Relations and Employment Mr Jone Usamate
# today confirmed that Fiji will start daylight savings at 2 am on Sunday 21st
# October 2012 and end at 3 am on Sunday 20th January 2013.
# http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=6702&catid=71&Itemid=155
#
# From Paul Eggert (2012-08-31):
# For now, guess a pattern of the penultimate Sundays in October and January.
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Fiji 1998 1999 - Nov Sun>=1 2:00 1:00 S
Rule Fiji 1999 2000 - Feb lastSun 3:00 0 -
Rule Fiji 2009 only - Nov 29 2:00 1:00 S
Rule Fiji 2010 only - Mar lastSun 3:00 0 -
Rule Fiji 2010 only - Oct 24 2:00 1:00 S
Rule Fiji 2010 max - Oct Sun>=18 2:00 1:00 S
Rule Fiji 2011 only - Mar Sun>=1 3:00 0 -
Rule Fiji 2011 only - Oct 23 2:00 1:00 S
Rule Fiji 2012 only - Jan 22 3:00 0 -
Rule Fiji 2012 max - Jan Sun>=18 3:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Pacific/Fiji 11:53:40 - LMT 1915 Oct 26 # Suva
12:00 Fiji FJ%sT # Fiji Time
@ -581,7 +589,7 @@ Zone Pacific/Pago_Pago 12:37:12 - LMT 1879 Jul 5
# From David Zuelke (2011-05-09):
# Subject: Samoa to move timezone from east to west of international date line
#
#
# <a href="http://www.morningstar.co.uk/uk/markets/newsfeeditem.aspx?id=138501958347963">
# http://www.morningstar.co.uk/uk/markets/newsfeeditem.aspx?id=138501958347963
# </a>
@ -643,6 +651,23 @@ Zone Pacific/Pago_Pago 12:37:12 - LMT 1879 Jul 5
# Although Samoa has used Daylight Saving Time in the 2010-2011 and 2011-2012
# seasons, there is not yet any indication that this trend will continue on
# a regular basis. For now, we have explicitly listed the transitions below.
#
# From Nicky (2012-09-10):
# Daylight Saving Time commences on Sunday 30th September 2012 and
# ends on Sunday 7th of April 2013.
#
# Please find link below for more information.
# http://www.mcil.gov.ws/mcil_publications.html
#
# That publication also includes dates for Summer of 2013/4 as well
# which give the impression of a pattern in selecting dates for the
# future, so for now, we will guess this will continue.
# Western Samoa
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule WS 2012 max - Sep lastSun 3:00 1 D
Rule WS 2012 max - Apr Sun>=1 4:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Pacific/Apia 12:33:04 - LMT 1879 Jul 5
-11:26:56 - LMT 1911
-11:30 - SAMT 1950 # Samoa Time
@ -650,8 +675,8 @@ Zone Pacific/Apia 12:33:04 - LMT 1879 Jul 5
-11:00 1:00 WSDT 2011 Apr 2 4:00
-11:00 - WST 2011 Sep 24 3:00
-11:00 1:00 WSDT 2011 Dec 30
13:00 1:00 WSDT 2012 Apr 1 4:00
13:00 - WST
13:00 1:00 WSDT 2012 Apr Sun>=1 4:00
13:00 WS WS%sT
# Solomon Is
# excludes Bougainville, for which see Papua New Guinea
@ -663,25 +688,25 @@ Zone Pacific/Guadalcanal 10:39:48 - LMT 1912 Oct # Honiara
#
# From Gwillim Law (2011-12-29)
# A correspondent informed me that Tokelau, like Samoa, will be skipping
# December 31 this year, thereby changing its time zone from UTC-10 to
# UTC+14. When I tried to verify this statement, I found a confirming
# article in Time magazine online
# <a href="http://www.time.com/time/world/article/0,8599,2103243,00.html">
# (http://www.time.com/time/world/article/0,8599,2103243,00.html).
# </a>
# December 31 this year ...
#
# From Jonathan Leffler (2011-12-29)
# Information from the BBC to the same effect:
# <a href="http://www.bbc.co.uk/news/world-asia-16351377">
# http://www.bbc.co.uk/news/world-asia-16351377
# </a>
# From Steffen Thorsen (2012-07-25)
# ... we double checked by calling hotels and offices based in Tokelau asking
# about the time there, and they all told a time that agrees with UTC+13....
# Shanks says UTC-10 from 1901 [but] ... there is a good chance the change
# actually was to UTC-11 back then.
#
# Patch supplied by Tim Parenti (2011-12-29)
# From Paul Eggert (2012-07-25)
# A Google Books snippet of Appendix to the Journals of the House of
# Representatives of New Zealand, Session 1948,
# <http://books.google.com/books?id=ZaVCAQAAIAAJ>, page 65, says Tokelau
# was "11 hours slow on G.M.T." Go with Thorsen and assume Shanks & Pottenger
# are off by an hour starting in 1901.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Pacific/Fakaofo -11:24:56 - LMT 1901
-10:00 - TKT 2011 Dec 30 # Tokelau Time
14:00 - TKT
-11:00 - TKT 2011 Dec 30 # Tokelau Time
13:00 - TKT
# Tonga
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
@ -1362,22 +1387,22 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901
# See "southeast Australia" above for 2008 and later.
# From Steffen Thorsen (2009-04-28):
# According to the official press release, South Australia's extended daylight
# saving period will continue with the same rules as used during the 2008-2009
# According to the official press release, South Australia's extended daylight
# saving period will continue with the same rules as used during the 2008-2009
# summer (southern hemisphere).
#
#
# From
# <a href="http://www.safework.sa.gov.au/uploaded_files/DaylightDatesSet.pdf">
# http://www.safework.sa.gov.au/uploaded_files/DaylightDatesSet.pdf
# </a>
# The extended daylight saving period that South Australia has been trialling
# The extended daylight saving period that South Australia has been trialling
# for over the last year is now set to be ongoing.
# Daylight saving will continue to start on the first Sunday in October each
# Daylight saving will continue to start on the first Sunday in October each
# year and finish on the first Sunday in April the following year.
# Industrial Relations Minister, Paul Caica, says this provides South Australia
# with a consistent half hour time difference with NSW, Victoria, Tasmania and
# Industrial Relations Minister, Paul Caica, says this provides South Australia
# with a consistent half hour time difference with NSW, Victoria, Tasmania and
# the ACT for all 52 weeks of the year...
#
#
# We have a wrap-up here:
# <a href="http://www.timeanddate.com/news/time/south-australia-extends-dst.html">
# http://www.timeanddate.com/news/time/south-australia-extends-dst.html

14
jdk/make/sun/javazic/tzdata/europe
View File

@ -597,12 +597,12 @@ Rule Russia 1996 2010 - Oct lastSun 2:00s 0 -
# According to Kremlin press service, Russian President Dmitry Medvedev
# signed a federal law "On calculation of time" on June 9, 2011.
# According to the law Russia is abolishing daylight saving time.
#
# Medvedev signed a law "On the Calculation of Time" (in russian):
#
# Medvedev signed a law "On the Calculation of Time" (in russian):
# <a href="http://bmockbe.ru/events/?ID=7583">
# http://bmockbe.ru/events/?ID=7583
# </a>
#
#
# Medvedev signed a law on the calculation of the time (in russian):
# <a href="http://www.regnum.ru/news/polit/1413906.html">
# http://www.regnum.ru/news/polit/1413906.html
@ -1710,7 +1710,7 @@ Zone Europe/Malta 0:58:04 - LMT 1893 Nov 2 0:00s # Valletta
# From Alexander Krivenyshev (2011-10-26)
# NO need to divide Moldova into two timezones at this point.
# As of today, Transnistria (Pridnestrovie)- Tiraspol reversed its own
# decision to abolish DST this winter.
# decision to abolish DST this winter.
# Following Moldova and neighboring Ukraine- Transnistria (Pridnestrovie)-
# Tiraspol will go back to winter time on October 30, 2011.
# News from Moldova (in russian):
@ -2600,11 +2600,11 @@ Zone Europe/Zurich 0:34:08 - LMT 1848 Sep 12
# http://www.alomaliye.com/bkk_2002_3769.htm
# From G&ouml;kdeniz Karada&#x011f; (2011-03-10):
#
#
# According to the articles linked below, Turkey will change into summer
# time zone (GMT+3) on March 28, 2011 at 3:00 a.m. instead of March 27.
# This change is due to a nationwide exam on 27th.
#
#
# <a href="http://www.worldbulletin.net/?aType=haber&ArticleID=70872">
# http://www.worldbulletin.net/?aType=haber&ArticleID=70872
# </a>
@ -2721,7 +2721,7 @@ Link Europe/Istanbul Asia/Istanbul # Istanbul is in both continents.
# time this year after all.
#
# From Udo Schwedt (2011-10-18):
# As far as I understand, the recent change to the Ukranian time zone
# As far as I understand, the recent change to the Ukranian time zone
# (Europe/Kiev) to introduce permanent daylight saving time (similar
# to Russia) was reverted today:
#

6
jdk/make/sun/javazic/tzdata/leapseconds
View File

@ -100,8 +100,8 @@ Leap 2012 Jun 30 23:59:60 + S
#
#
# A positive leap second will be introduced at the end of June 2012.
# The sequence of dates of the UTC second markers will be:
#
# The sequence of dates of the UTC second markers will be:
#
# 2012 June 30, 23h 59m 59s
# 2012 June 30, 23h 59m 60s
# 2012 July 1, 0h 0m 0s
@ -118,6 +118,6 @@ Leap 2012 Jun 30 23:59:60 + S
#
#
# Daniel GAMBIS
# Head
# Head
# Earth Orientation Center of IERS
# Observatoire de Paris, France

33
jdk/make/sun/javazic/tzdata/northamerica
View File

@ -501,7 +501,7 @@ Zone America/Juneau 15:02:19 - LMT 1867 Oct 18
-8:00 US P%sT 1946
-8:00 - PST 1969
-8:00 US P%sT 1980 Apr 27 2:00
-9:00 US Y%sT 1980 Oct 26 2:00
-9:00 US Y%sT 1980 Oct 26 2:00
-8:00 US P%sT 1983 Oct 30 2:00
-9:00 US Y%sT 1983 Nov 30
-9:00 US AK%sT
@ -1866,7 +1866,7 @@ Zone America/Edmonton -7:33:52 - LMT 1906 Sep
# Here is a summary of the three clock change events in Creston's history:
# 1. 1884 or 1885: adoption of Mountain Standard Time (GMT-7)
# Exact date unknown
# 2. Oct 1916: switch to Pacific Standard Time (GMT-8)
# 2. Oct 1916: switch to Pacific Standard Time (GMT-8)
# Exact date in October unknown; Sunday October 1 is a reasonable guess.
# 3. June 1918: switch to Pacific Daylight Time (GMT-7)
# Exact date in June unknown; Sunday June 2 is a reasonable guess.
@ -2696,20 +2696,20 @@ Zone America/Costa_Rica -5:36:20 - LMT 1890 # San Jose
# except that it switches at midnight standard time as usual.
#
# From Steffen Thorsen (2007-10-25):
# Carlos Alberto Fonseca Arauz informed me that Cuba will end DST one week
# Carlos Alberto Fonseca Arauz informed me that Cuba will end DST one week
# earlier - on the last Sunday of October, just like in 2006.
#
#
# He supplied these references:
#
#
# http://www.prensalatina.com.mx/article.asp?ID=%7B4CC32C1B-A9F7-42FB-8A07-8631AFC923AF%7D&language=ES
# http://actualidad.terra.es/sociedad/articulo/cuba_llama_ahorrar_energia_cambio_1957044.htm
#
#
# From Alex Kryvenishev (2007-10-25):
# Here is also article from Granma (Cuba):
#
#
# [Regira] el Horario Normal desde el [proximo] domingo 28 de octubre
# http://www.granma.cubaweb.cu/2007/10/24/nacional/artic07.html
#
#
# http://www.worldtimezone.com/dst_news/dst_news_cuba03.html
# From Arthur David Olson (2008-03-09):
@ -2793,7 +2793,7 @@ Zone America/Costa_Rica -5:36:20 - LMT 1890 # San Jose
# </a>
#
# From Steffen Thorsen (2011-10-30)
# Cuba will end DST two weeks later this year. Instead of going back
# Cuba will end DST two weeks later this year. Instead of going back
# tonight, it has been delayed to 2011-11-13 at 01:00.
#
# One source (Spanish)
@ -2805,11 +2805,11 @@ Zone America/Costa_Rica -5:36:20 - LMT 1890 # San Jose
# <a href="http://www.timeanddate.com/news/time/cuba-time-changes-2011.html">
# http://www.timeanddate.com/news/time/cuba-time-changes-2011.html
# </a>
#
#
# From Steffen Thorsen (2012-03-01)
# According to Radio Reloj, Cuba will start DST on Midnight between March
# According to Radio Reloj, Cuba will start DST on Midnight between March
# 31 and April 1.
#
#
# Radio Reloj has the following info (Spanish):
# <a href="http://www.radioreloj.cu/index.php/noticias-radio-reloj/71-miscelaneas/7529-cuba-aplicara-el-horario-de-verano-desde-el-1-de-abril">
# http://www.radioreloj.cu/index.php/noticias-radio-reloj/71-miscelaneas/7529-cuba-aplicara-el-horario-de-verano-desde-el-1-de-abril
@ -2820,6 +2820,13 @@ Zone America/Costa_Rica -5:36:20 - LMT 1890 # San Jose
# http://www.timeanddate.com/news/time/cuba-starts-dst-2012.html
# </a>
# From Steffen Thorsen (2012-11-03):
# Radio Reloj and many other sources report that Cuba is changing back
# to standard time on 2012-11-04:
# http://www.radioreloj.cu/index.php/noticias-radio-reloj/36-nacionales/9961-regira-horario-normal-en-cuba-desde-el-domingo-cuatro-de-noviembre
# From Paul Eggert (2012-11-03):
# For now, assume the future rule is first Sunday in November.
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Cuba 1928 only - Jun 10 0:00 1:00 D
Rule Cuba 1928 only - Oct 10 0:00 0 S
@ -2857,7 +2864,7 @@ Rule Cuba 2009 2010 - Mar Sun>=8 0:00s 1:00 D
Rule Cuba 2011 only - Mar Sun>=15 0:00s 1:00 D
Rule Cuba 2011 only - Nov 13 0:00s 0 S
Rule Cuba 2012 only - Apr 1 0:00s 1:00 D
Rule Cuba 2012 max - Oct lastSun 0:00s 0 S
Rule Cuba 2012 max - Nov Sun>=1 0:00s 0 S
Rule Cuba 2013 max - Mar Sun>=8 0:00s 1:00 D
# Zone NAME GMTOFF RULES FORMAT [UNTIL]

33
jdk/make/sun/javazic/tzdata/southamerica
View File

@ -254,7 +254,7 @@ Rule Arg 2000 only - Mar 3 0:00 0 -
Rule Arg 2007 only - Dec 30 0:00 1:00 S
Rule Arg 2008 2009 - Mar Sun>=15 0:00 0 -
Rule Arg 2008 only - Oct Sun>=15 0:00 1:00 S
# From Mariano Absatz (2004-05-21):
# Today it was officially published that the Province of Mendoza is changing
# its timezone this winter... starting tomorrow night....
@ -344,9 +344,9 @@ Rule Arg 2008 only - Oct Sun>=15 0:00 1:00 S
# confirms what Alex Krivenyshev has earlier sent to the tz
# emailing list about that San Luis plans to return to standard
# time much earlier than the rest of the country. It also
# confirms that upon request the provinces San Juan and Mendoza
# refused to follow San Luis in this change.
#
# confirms that upon request the provinces San Juan and Mendoza
# refused to follow San Luis in this change.
#
# The change is supposed to take place Monday the 21.st at 0:00
# hours. As far as I understand it if this goes ahead, we need
# a new timezone for San Luis (although there are also documented
@ -408,7 +408,7 @@ Rule Arg 2008 only - Oct Sun>=15 0:00 1:00 S
# <a href="http://www.lanacion.com.ar/nota.asp?nota_id=1107912">
# http://www.lanacion.com.ar/nota.asp?nota_id=1107912
# </a>
#
#
# The press release says:
# (...) anunció que el próximo domingo a las 00:00 los puntanos deberán
# atrasar una hora sus relojes.
@ -822,8 +822,8 @@ Zone America/La_Paz -4:32:36 - LMT 1890
#
# From Alexander Krivenyshev (2011-10-04):
# State Bahia will return to Daylight savings time this year after 8 years off.
# The announcement was made by Governor Jaques Wagner in an interview to a
# television station in Salvador.
# The announcement was made by Governor Jaques Wagner in an interview to a
# television station in Salvador.
# In Portuguese:
# <a href="http://g1.globo.com/bahia/noticia/2011/10/governador-jaques-wagner-confirma-horario-de-verao-na-bahia.html">
@ -852,6 +852,15 @@ Zone America/La_Paz -4:32:36 - LMT 1890
# http://www.in.gov.br/visualiza/index.jsp?data=13/10/2011&jornal=1000&pagina=6&totalArquivos=6
# </a>
# From Kelley Cook (2012-10-16):
# The governor of state of Bahia in Brazil announced on Thursday that
# due to public pressure, he is reversing the DST policy they implemented
# last year and will not be going to Summer Time on October 21st....
# http://www.correio24horas.com.br/r/artigo/apos-pressoes-wagner-suspende-horario-de-verao-na-bahia
# From Rodrigo Severo (2012-10-16):
# Tocantins state will have DST.
# http://noticias.terra.com.br/brasil/noticias/0,,OI6232536-EI306.html
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
# Decree <a href="http://pcdsh01.on.br/HV20466.htm">20,466</a> (1931-10-01)
@ -1071,7 +1080,8 @@ Zone America/Araguaina -3:12:48 - LMT 1914
-3:00 Brazil BR%sT 1990 Sep 17
-3:00 - BRT 1995 Sep 14
-3:00 Brazil BR%sT 2003 Sep 24
-3:00 - BRT
-3:00 - BRT 2012 Oct 21
-3:00 Brazil BR%sT
#
# Alagoas (AL), Sergipe (SE)
Zone America/Maceio -2:22:52 - LMT 1914
@ -1090,7 +1100,8 @@ Zone America/Maceio -2:22:52 - LMT 1914
Zone America/Bahia -2:34:04 - LMT 1914
-3:00 Brazil BR%sT 2003 Sep 24
-3:00 - BRT 2011 Oct 16
-3:00 Brazil BR%sT
-3:00 Brazil BR%sT 2012 Oct 21
-3:00 - BRT
#
# Goias (GO), Distrito Federal (DF), Minas Gerais (MG),
# Espirito Santo (ES), Rio de Janeiro (RJ), Sao Paulo (SP), Parana (PR),
@ -1182,7 +1193,7 @@ Zone America/Rio_Branco -4:31:12 - LMT 1914
# Due to drought, Chile extends Daylight Time in three weeks. This
# is one-time change (Saturday 3/29 at 24:00 for America/Santiago
# and Saturday 3/29 at 22:00 for Pacific/Easter)
# The Supreme Decree is located at
# The Supreme Decree is located at
# <a href="http://www.shoa.cl/servicios/supremo316.pdf">
# http://www.shoa.cl/servicios/supremo316.pdf
# </a>
@ -1193,7 +1204,7 @@ Zone America/Rio_Branco -4:31:12 - LMT 1914
# From Jose Miguel Garrido (2008-03-05):
# ...
# You could see the announces of the change on
# You could see the announces of the change on
# <a href="http://www.shoa.cl/noticias/2008/04hora/hora.htm">
# http://www.shoa.cl/noticias/2008/04hora/hora.htm
# </a>.

4
jdk/make/tools/GenerateCharacter/CharacterData01.java.template
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -311,6 +311,8 @@ class CharacterData01 extends CharacterData {
case 0x011063: retval = 90; break; // BRAHMI NUMBER NINETY
case 0x011064: retval = 100; break; // BRAHMI NUMBER ONE HUNDRED
case 0x011065: retval = 1000; break; // BRAHMI NUMBER ONE THOUSAND
case 0x012432: retval = 216000; break; // CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS DISH
case 0x012433: retval = 432000; break; // CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS MIN
case 0x01D36C: retval = 40; break; // COUNTING ROD TENS DIGIT FOUR
case 0x01D36D: retval = 50; break; // COUNTING ROD TENS DIGIT FIVE
case 0x01D36E: retval = 60; break; // COUNTING ROD TENS DIGIT SIX

6
jdk/make/tools/UnicodeData/PropList.txt
View File

@ -1,8 +1,8 @@
# PropList-6.1.0.txt
# Date: 2011-11-30, 01:49:54 GMT [MD]
# PropList-6.2.0.txt
# Date: 2012-05-23, 20:34:59 GMT [MD]
#
# Unicode Character Database
# Copyright (c) 1991-2011 Unicode, Inc.
# Copyright (c) 1991-2012 Unicode, Inc.
# For terms of use, see http://www.unicode.org/terms_of_use.html
# For documentation, see http://www.unicode.org/reports/tr44/

17
jdk/make/tools/UnicodeData/Scripts.txt
View File

@ -1,8 +1,8 @@
# Scripts-6.1.0.txt
# Date: 2011-11-27, 05:10:50 GMT [MD]
# Scripts-6.2.0.txt
# Date: 2012-06-04, 17:21:29 GMT [MD]
#
# Unicode Character Database
# Copyright (c) 1991-2011 Unicode, Inc.
# Copyright (c) 1991-2012 Unicode, Inc.
# For terms of use, see http://www.unicode.org/terms_of_use.html
# For documentation, see http://www.unicode.org/reports/tr44/
@ -146,7 +146,7 @@
208A..208C ; Common # Sm [3] SUBSCRIPT PLUS SIGN..SUBSCRIPT EQUALS SIGN
208D ; Common # Ps SUBSCRIPT LEFT PARENTHESIS
208E ; Common # Pe SUBSCRIPT RIGHT PARENTHESIS
20A0..20B9 ; Common # Sc [26] EURO-CURRENCY SIGN..INDIAN RUPEE SIGN
20A0..20BA ; Common # Sc [27] EURO-CURRENCY SIGN..TURKISH LIRA SIGN
2100..2101 ; Common # So [2] ACCOUNT OF..ADDRESSED TO THE SUBJECT
2102 ; Common # L& DOUBLE-STRUCK CAPITAL C
2103..2106 ; Common # So [4] DEGREE CELSIUS..CADA UNA
@ -576,7 +576,7 @@ FFFC..FFFD ; Common # So [2] OBJECT REPLACEMENT CHARACTER..REPLACEMENT CHAR
E0001 ; Common # Cf LANGUAGE TAG
E0020..E007F ; Common # Cf [96] TAG SPACE..CANCEL TAG
# Total code points: 6412
# Total code points: 6413
# ================================================
@ -760,7 +760,7 @@ FB46..FB4F ; Hebrew # Lo [10] HEBREW LETTER TSADI WITH DAGESH..HEBREW LIGATU
061E ; Arabic # Po ARABIC TRIPLE DOT PUNCTUATION MARK
0620..063F ; Arabic # Lo [32] ARABIC LETTER KASHMIRI YEH..ARABIC LETTER FARSI YEH WITH THREE DOTS ABOVE
0641..064A ; Arabic # Lo [10] ARABIC LETTER FEH..ARABIC LETTER YEH
0656..065E ; Arabic # Mn [9] ARABIC SUBSCRIPT ALEF..ARABIC FATHA WITH TWO DOTS
0656..065F ; Arabic # Mn [10] ARABIC SUBSCRIPT ALEF..ARABIC WAVY HAMZA BELOW
066A..066D ; Arabic # Po [4] ARABIC PERCENT SIGN..ARABIC FIVE POINTED STAR
066E..066F ; Arabic # Lo [2] ARABIC LETTER DOTLESS BEH..ARABIC LETTER DOTLESS QAF
0671..06D3 ; Arabic # Lo [99] ARABIC LETTER ALEF WASLA..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE
@ -827,7 +827,7 @@ FE76..FEFC ; Arabic # Lo [135] ARABIC FATHA ISOLATED FORM..ARABIC LIGATURE LA
1EEAB..1EEBB ; Arabic # Lo [17] ARABIC MATHEMATICAL DOUBLE-STRUCK LAM..ARABIC MATHEMATICAL DOUBLE-STRUCK GHAIN
1EEF0..1EEF1 ; Arabic # Sm [2] ARABIC MATHEMATICAL OPERATOR MEEM WITH HAH WITH TATWEEL..ARABIC MATHEMATICAL OPERATOR HAH WITH DAL
# Total code points: 1234
# Total code points: 1235
# ================================================
@ -1477,7 +1477,6 @@ A490..A4C6 ; Yi # So [55] YI RADICAL QOT..YI RADICAL KE
0300..036F ; Inherited # Mn [112] COMBINING GRAVE ACCENT..COMBINING LATIN SMALL LETTER X
0485..0486 ; Inherited # Mn [2] COMBINING CYRILLIC DASIA PNEUMATA..COMBINING CYRILLIC PSILI PNEUMATA
064B..0655 ; Inherited # Mn [11] ARABIC FATHATAN..ARABIC HAMZA BELOW
065F ; Inherited # Mn ARABIC WAVY HAMZA BELOW
0670 ; Inherited # Mn ARABIC LETTER SUPERSCRIPT ALEF
0951..0952 ; Inherited # Mn [2] DEVANAGARI STRESS SIGN UDATTA..DEVANAGARI STRESS SIGN ANUDATTA
1CD0..1CD2 ; Inherited # Mn [3] VEDIC TONE KARSHANA..VEDIC TONE PRENKHA
@ -1504,7 +1503,7 @@ FE20..FE26 ; Inherited # Mn [7] COMBINING LIGATURE LEFT HALF..COMBINING CON
1D1AA..1D1AD ; Inherited # Mn [4] MUSICAL SYMBOL COMBINING DOWN BOW..MUSICAL SYMBOL COMBINING SNAP PIZZICATO
E0100..E01EF ; Inherited # Mn [240] VARIATION SELECTOR-17..VARIATION SELECTOR-256
# Total code points: 524
# Total code points: 523
# ================================================

6
jdk/make/tools/UnicodeData/SpecialCasing.txt
View File

@ -1,8 +1,8 @@
# SpecialCasing-6.1.0.txt
# Date: 2011-11-27, 05:10:51 GMT [MD]
# SpecialCasing-6.2.0.txt
# Date: 2012-05-23, 20:35:15 GMT [MD]
#
# Unicode Character Database
# Copyright (c) 1991-2011 Unicode, Inc.
# Copyright (c) 1991-2012 Unicode, Inc.
# For terms of use, see http://www.unicode.org/terms_of_use.html
# For documentation, see http://www.unicode.org/reports/tr44/
#

9
jdk/make/tools/UnicodeData/UnicodeData.txt
View File

@ -7190,6 +7190,7 @@
20B7;SPESMILO SIGN;Sc;0;ET;;;;;N;;;;;
20B8;TENGE SIGN;Sc;0;ET;;;;;N;;;;;
20B9;INDIAN RUPEE SIGN;Sc;0;ET;;;;;N;;;;;
20BA;TURKISH LIRA SIGN;Sc;0;ET;;;;;N;;;;;
20D0;COMBINING LEFT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING LEFT HARPOON ABOVE;;;;
20D1;COMBINING RIGHT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING RIGHT HARPOON ABOVE;;;;
20D2;COMBINING LONG VERTICAL LINE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING LONG VERTICAL BAR OVERLAY;;;;
@ -18703,8 +18704,8 @@ FFFD;REPLACEMENT CHARACTER;So;0;ON;;;;;N;;;;;
1242F;CUNEIFORM NUMERIC SIGN THREE SHARU VARIANT FORM;Nl;0;L;;;;3;N;;;;;
12430;CUNEIFORM NUMERIC SIGN FOUR SHARU;Nl;0;L;;;;4;N;;;;;
12431;CUNEIFORM NUMERIC SIGN FIVE SHARU;Nl;0;L;;;;5;N;;;;;
12432;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS DISH;Nl;0;L;;;;;N;;;;;
12433;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS MIN;Nl;0;L;;;;;N;;;;;
12432;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS DISH;Nl;0;L;;;;216000;N;;;;;
12433;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS MIN;Nl;0;L;;;;432000;N;;;;;
12434;CUNEIFORM NUMERIC SIGN ONE BURU;Nl;0;L;;;;1;N;;;;;
12435;CUNEIFORM NUMERIC SIGN TWO BURU;Nl;0;L;;;;2;N;;;;;
12436;CUNEIFORM NUMERIC SIGN THREE BURU;Nl;0;L;;;;3;N;;;;;
@ -18739,8 +18740,8 @@ FFFD;REPLACEMENT CHARACTER;So;0;ON;;;;;N;;;;;
12453;CUNEIFORM NUMERIC SIGN FOUR BAN2 VARIANT FORM;Nl;0;L;;;;4;N;;;;;
12454;CUNEIFORM NUMERIC SIGN FIVE BAN2;Nl;0;L;;;;5;N;;;;;
12455;CUNEIFORM NUMERIC SIGN FIVE BAN2 VARIANT FORM;Nl;0;L;;;;5;N;;;;;
12456;CUNEIFORM NUMERIC SIGN NIGIDAMIN;Nl;0;L;;;;;N;;;;;
12457;CUNEIFORM NUMERIC SIGN NIGIDAESH;Nl;0;L;;;;;N;;;;;
12456;CUNEIFORM NUMERIC SIGN NIGIDAMIN;Nl;0;L;;;;-1;N;;;;;
12457;CUNEIFORM NUMERIC SIGN NIGIDAESH;Nl;0;L;;;;-1;N;;;;;
12458;CUNEIFORM NUMERIC SIGN ONE ESHE3;Nl;0;L;;;;1;N;;;;;
12459;CUNEIFORM NUMERIC SIGN TWO ESHE3;Nl;0;L;;;;2;N;;;;;
1245A;CUNEIFORM NUMERIC SIGN ONE THIRD DISH;Nl;0;L;;;;1/3;N;;;;;

2
jdk/make/tools/UnicodeData/VERSION
View File

@ -1 +1 @@
6.1.0
6.2.0

2
jdk/makefiles/GendataTimeZone.gmk
View File

@ -26,7 +26,7 @@
GENDATA_TIMEZONE :=
# TODO: read from make/sun/javazic/tzdata/VERSION
GENDATA_TIMEZONE_VERSION := tzdata2012c
GENDATA_TIMEZONE_VERSION := tzdata2012i
GENDATA_TIMEZONE_DST := $(JDK_OUTPUTDIR)/lib/zi
GENDATA_TIMEZONE_TMP := $(JDK_OUTPUTDIR)/gendata_timezone

2
jdk/makefiles/Setup.gmk
View File

@ -45,7 +45,7 @@ $(eval $(call SetupJavaCompiler,GENERATE_JDKBYTECODE,\
JVM:=$(JAVA),\
JAVAC:=$(JAVAC_JARS),\
JAVAH:=$(JAVAH_JARS),\
FLAGS:=-bootclasspath $(JDK_OUTPUTDIR)/classes -source 7 -target 7 -encoding ascii -XDignore.symbol.file=true $(DISABLE_WARNINGS),\
FLAGS:=-bootclasspath $(JDK_OUTPUTDIR)/classes -source 8 -target 8 -encoding ascii -XDignore.symbol.file=true $(DISABLE_WARNINGS),\
SERVER_DIR:=$(SJAVAC_SERVER_DIR),\
SERVER_JVM:=$(SJAVAC_SERVER_JAVA)))

107
jdk/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -55,12 +55,25 @@ abstract class PBEKeyFactory extends SecretKeyFactorySpi {
}
static {
validTypes = new HashSet<String>(4);
validTypes = new HashSet<String>(17);
validTypes.add("PBEWithMD5AndDES".toUpperCase());
validTypes.add("PBEWithSHA1AndDESede".toUpperCase());
validTypes.add("PBEWithSHA1AndRC2_40".toUpperCase());
validTypes.add("PBEWithSHA1AndRC2_128".toUpperCase());
validTypes.add("PBEWithSHA1AndRC4_40".toUpperCase());
validTypes.add("PBEWithSHA1AndRC4_128".toUpperCase());
// Proprietary algorithm.
validTypes.add("PBEWithMD5AndTripleDES".toUpperCase());
validTypes.add("PBEWithHmacSHA1AndAES_128".toUpperCase());
validTypes.add("PBEWithHmacSHA224AndAES_128".toUpperCase());
validTypes.add("PBEWithHmacSHA256AndAES_128".toUpperCase());
validTypes.add("PBEWithHmacSHA384AndAES_128".toUpperCase());
validTypes.add("PBEWithHmacSHA512AndAES_128".toUpperCase());
validTypes.add("PBEWithHmacSHA1AndAES_256".toUpperCase());
validTypes.add("PBEWithHmacSHA224AndAES_256".toUpperCase());
validTypes.add("PBEWithHmacSHA256AndAES_256".toUpperCase());
validTypes.add("PBEWithHmacSHA384AndAES_256".toUpperCase());
validTypes.add("PBEWithHmacSHA512AndAES_256".toUpperCase());
}
public static final class PBEWithMD5AndDES
@ -84,6 +97,27 @@ abstract class PBEKeyFactory extends SecretKeyFactorySpi {
}
}
public static final class PBEWithSHA1AndRC2_128
extends PBEKeyFactory {
public PBEWithSHA1AndRC2_128() {
super("PBEWithSHA1AndRC2_128");
}
}
public static final class PBEWithSHA1AndRC4_40
extends PBEKeyFactory {
public PBEWithSHA1AndRC4_40() {
super("PBEWithSHA1AndRC4_40");
}
}
public static final class PBEWithSHA1AndRC4_128
extends PBEKeyFactory {
public PBEWithSHA1AndRC4_128() {
super("PBEWithSHA1AndRC4_128");
}
}
/*
* Private proprietary algorithm for supporting JCEKS.
*/
@ -94,6 +128,75 @@ abstract class PBEKeyFactory extends SecretKeyFactorySpi {
}
}
public static final class PBEWithHmacSHA1AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA1AndAES_128() {
super("PBEWithHmacSHA1AndAES_128");
}
}
public static final class PBEWithHmacSHA224AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA224AndAES_128() {
super("PBEWithHmacSHA224AndAES_128");
}
}
public static final class PBEWithHmacSHA256AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA256AndAES_128() {
super("PBEWithHmacSHA256AndAES_128");
}
}
public static final class PBEWithHmacSHA384AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA384AndAES_128() {
super("PBEWithHmacSHA384AndAES_128");
}
}
public static final class PBEWithHmacSHA512AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA512AndAES_128() {
super("PBEWithHmacSHA512AndAES_128");
}
}
public static final class PBEWithHmacSHA1AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA1AndAES_256() {
super("PBEWithHmacSHA1AndAES_256");
}
}
public static final class PBEWithHmacSHA224AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA224AndAES_256() {
super("PBEWithHmacSHA224AndAES_256");
}
}
public static final class PBEWithHmacSHA256AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA256AndAES_256() {
super("PBEWithHmacSHA256AndAES_256");
}
}
public static final class PBEWithHmacSHA384AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA384AndAES_256() {
super("PBEWithHmacSHA384AndAES_256");
}
}
public static final class PBEWithHmacSHA512AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA512AndAES_256() {
super("PBEWithHmacSHA512AndAES_256");
}
}
/**
* Generates a <code>SecretKey</code> object from the provided key

9
jdk/src/share/classes/com/sun/crypto/provider/PBEParameters.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -57,6 +57,9 @@ public final class PBEParameters extends AlgorithmParametersSpi {
// the iteration count
private int iCount = 0;
// the cipher parameter
private AlgorithmParameterSpec cipherParam = null;
protected void engineInit(AlgorithmParameterSpec paramSpec)
throws InvalidParameterSpecException
{
@ -66,6 +69,7 @@ public final class PBEParameters extends AlgorithmParametersSpi {
}
this.salt = ((PBEParameterSpec)paramSpec).getSalt().clone();
this.iCount = ((PBEParameterSpec)paramSpec).getIterationCount();
this.cipherParam = ((PBEParameterSpec)paramSpec).getParameterSpec();
}
protected void engineInit(byte[] encoded)
@ -102,7 +106,8 @@ public final class PBEParameters extends AlgorithmParametersSpi {
throws InvalidParameterSpecException
{
if (PBEParameterSpec.class.isAssignableFrom(paramSpec)) {
return paramSpec.cast(new PBEParameterSpec(this.salt, this.iCount));
return paramSpec.cast(
new PBEParameterSpec(this.salt, this.iCount, this.cipherParam));
} else {
throw new InvalidParameterSpecException
("Inappropriate parameter specification");

539
jdk/src/share/classes/com/sun/crypto/provider/PBES1Core.java Normal file
View File

@ -0,0 +1,539 @@
/*
* Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.crypto.provider;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
/**
* This class represents password-based encryption as defined by the PKCS #5
* standard.
*
* @author Jan Luehe
*
*
* @see javax.crypto.Cipher
*/
final class PBES1Core {
// the encapsulated DES cipher
private CipherCore cipher;
private MessageDigest md;
private int blkSize;
private String algo = null;
private byte[] salt = null;
private int iCount = 10;
/**
* Creates an instance of PBE Cipher using the specified CipherSpi
* instance.
*
*/
PBES1Core(String cipherAlg) throws NoSuchAlgorithmException,
NoSuchPaddingException {
algo = cipherAlg;
if (algo.equals("DES")) {
cipher = new CipherCore(new DESCrypt(),
DESConstants.DES_BLOCK_SIZE);
} else if (algo.equals("DESede")) {
cipher = new CipherCore(new DESedeCrypt(),
DESConstants.DES_BLOCK_SIZE);
} else {
throw new NoSuchAlgorithmException("No Cipher implementation " +
"for PBEWithMD5And" + algo);
}
cipher.setMode("CBC");
cipher.setPadding("PKCS5Padding");
// get instance of MD5
md = MessageDigest.getInstance("MD5");
}
/**
* Sets the mode of this cipher. This algorithm can only be run in CBC
* mode.
*
* @param mode the cipher mode
*
* @exception NoSuchAlgorithmException if the requested cipher mode is
* invalid
*/
void setMode(String mode) throws NoSuchAlgorithmException {
cipher.setMode(mode);
}
/**
* Sets the padding mechanism of this cipher. This algorithm only uses
* PKCS #5 padding.
*
* @param padding the padding mechanism
*
* @exception NoSuchPaddingException if the requested padding mechanism
* is invalid
*/
void setPadding(String paddingScheme) throws NoSuchPaddingException {
cipher.setPadding(paddingScheme);
}
/**
* Returns the block size (in bytes).
*
* @return the block size (in bytes)
*/
int getBlockSize() {
return DESConstants.DES_BLOCK_SIZE;
}
/**
* Returns the length in bytes that an output buffer would need to be in
* order to hold the result of the next <code>update</code> or
* <code>doFinal</code> operation, given the input length
* <code>inputLen</code> (in bytes).
*
* <p>This call takes into account any unprocessed (buffered) data from a
* previous <code>update</code> call, and padding.
*
* <p>The actual output length of the next <code>update</code> or
* <code>doFinal</code> call may be smaller than the length returned by
* this method.
*
* @param inputLen the input length (in bytes)
*
* @return the required output buffer size (in bytes)
*
*/
int getOutputSize(int inputLen) {
return cipher.getOutputSize(inputLen);
}
/**
* Returns the initialization vector (IV) in a new buffer.
*
* <p> This is useful in the case where a random IV has been created
* (see <a href = "#init">init</a>),
* or in the context of password-based encryption or
* decryption, where the IV is derived from a user-supplied password.
*
* @return the initialization vector in a new buffer, or null if the
* underlying algorithm does not use an IV, or if the IV has not yet
* been set.
*/
byte[] getIV() {
return cipher.getIV();
}
/**
* Returns the parameters used with this cipher.
*
* <p>The returned parameters may be the same that were used to initialize
* this cipher, or may contain the default set of parameters or a set of
* randomly generated parameters used by the underlying cipher
* implementation (provided that the underlying cipher implementation
* uses a default set of parameters or creates new parameters if it needs
* parameters but was not initialized with any).
*
* @return the parameters used with this cipher, or null if this cipher
* does not use any parameters.
*/
AlgorithmParameters getParameters() {
AlgorithmParameters params = null;
if (salt == null) {
salt = new byte[8];
SunJCE.RANDOM.nextBytes(salt);
}
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount);
try {
params = AlgorithmParameters.getInstance("PBEWithMD5And" +
(algo.equalsIgnoreCase("DES")? "DES":"TripleDES"), "SunJCE");
} catch (NoSuchAlgorithmException nsae) {
// should never happen
throw new RuntimeException("SunJCE called, but not configured");
} catch (NoSuchProviderException nspe) {
// should never happen
throw new RuntimeException("SunJCE called, but not configured");
}
try {
params.init(pbeSpec);
} catch (InvalidParameterSpecException ipse) {
// should never happen
throw new RuntimeException("PBEParameterSpec not supported");
}
return params;
}
/**
* Initializes this cipher with a key, a set of
* algorithm parameters, and a source of randomness.
* The cipher is initialized for one of the following four operations:
* encryption, decryption, key wrapping or key unwrapping, depending on
* the value of <code>opmode</code>.
*
* <p>If this cipher (including its underlying feedback or padding scheme)
* requires any random bytes, it will get them from <code>random</code>.
*
* @param opmode the operation mode of this cipher (this is one of
* the following:
* <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>),
* <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
* @param key the encryption key
* @param params the algorithm parameters
* @param random the source of randomness
*
* @exception InvalidKeyException if the given key is inappropriate for
* initializing this cipher
* @exception InvalidAlgorithmParameterException if the given algorithm
* parameters are inappropriate for this cipher
*/
void init(int opmode, Key key, AlgorithmParameterSpec params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
if (((opmode == Cipher.DECRYPT_MODE) ||
(opmode == Cipher.UNWRAP_MODE)) && (params == null)) {
throw new InvalidAlgorithmParameterException("Parameters "
+ "missing");
}
if ((key == null) ||
(key.getEncoded() == null) ||
!(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
throw new InvalidKeyException("Missing password");
}
if (params == null) {
// create random salt and use default iteration count
salt = new byte[8];
random.nextBytes(salt);
} else {
if (!(params instanceof PBEParameterSpec)) {
throw new InvalidAlgorithmParameterException
("Wrong parameter type: PBE expected");
}
salt = ((PBEParameterSpec) params).getSalt();
// salt must be 8 bytes long (by definition)
if (salt.length != 8) {
throw new InvalidAlgorithmParameterException
("Salt must be 8 bytes long");
}
iCount = ((PBEParameterSpec) params).getIterationCount();
if (iCount <= 0) {
throw new InvalidAlgorithmParameterException
("IterationCount must be a positive number");
}
}
byte[] derivedKey = deriveCipherKey(key);
// use all but the last 8 bytes as the key value
SecretKeySpec cipherKey = new SecretKeySpec(derivedKey, 0,
derivedKey.length-8, algo);
// use the last 8 bytes as the IV
IvParameterSpec ivSpec = new IvParameterSpec(derivedKey,
derivedKey.length-8,
8);
// initialize the underlying cipher
cipher.init(opmode, cipherKey, ivSpec, random);
}
private byte[] deriveCipherKey(Key key) {
byte[] result = null;
byte[] passwdBytes = key.getEncoded();
if (algo.equals("DES")) {
// P || S (password concatenated with salt)
byte[] concat = new byte[passwdBytes.length + salt.length];
System.arraycopy(passwdBytes, 0, concat, 0, passwdBytes.length);
java.util.Arrays.fill(passwdBytes, (byte)0x00);
System.arraycopy(salt, 0, concat, passwdBytes.length, salt.length);
// digest P || S with c iterations
byte[] toBeHashed = concat;
for (int i = 0; i < iCount; i++) {
md.update(toBeHashed);
toBeHashed = md.digest(); // this resets the digest
}
java.util.Arrays.fill(concat, (byte)0x00);
result = toBeHashed;
} else if (algo.equals("DESede")) {
// if the 2 salt halves are the same, invert one of them
int i;
for (i=0; i<4; i++) {
if (salt[i] != salt[i+4])
break;
}
if (i==4) { // same, invert 1st half
for (i=0; i<2; i++) {
byte tmp = salt[i];
salt[i] = salt[3-i];
salt[3-1] = tmp;
}
}
// Now digest each half (concatenated with password). For each
// half, go through the loop as many times as specified by the
// iteration count parameter (inner for loop).
// Concatenate the output from each digest round with the
// password, and use the result as the input to the next digest
// operation.
byte[] kBytes = null;
IvParameterSpec iv = null;
byte[] toBeHashed = null;
result = new byte[DESedeKeySpec.DES_EDE_KEY_LEN +
DESConstants.DES_BLOCK_SIZE];
for (i = 0; i < 2; i++) {
toBeHashed = new byte[salt.length/2];
System.arraycopy(salt, i*(salt.length/2), toBeHashed, 0,
toBeHashed.length);
for (int j=0; j < iCount; j++) {
md.update(toBeHashed);
md.update(passwdBytes);
toBeHashed = md.digest(); // this resets the digest
}
System.arraycopy(toBeHashed, 0, result, i*16,
toBeHashed.length);
}
}
return result;
}
void init(int opmode, Key key, AlgorithmParameters params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
PBEParameterSpec pbeSpec = null;
if (params != null) {
try {
pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
throw new InvalidAlgorithmParameterException("Wrong parameter "
+ "type: PBE "
+ "expected");
}
}
init(opmode, key, pbeSpec, random);
}
/**
* Continues a multiple-part encryption or decryption operation
* (depending on how this cipher was initialized), processing another data
* part.
*
* <p>The first <code>inputLen</code> bytes in the <code>input</code>
* buffer, starting at <code>inputOffset</code>, are processed, and the
* result is stored in a new buffer.
*
* @param input the input buffer
* @param inputOffset the offset in <code>input</code> where the input
* starts
* @param inputLen the input length
*
* @return the new buffer with the result
*
*/
byte[] update(byte[] input, int inputOffset, int inputLen) {
return cipher.update(input, inputOffset, inputLen);
}
/**
* Continues a multiple-part encryption or decryption operation
* (depending on how this cipher was initialized), processing another data
* part.
*
* <p>The first <code>inputLen</code> bytes in the <code>input</code>
* buffer, starting at <code>inputOffset</code>, are processed, and the
* result is stored in the <code>output</code> buffer, starting at
* <code>outputOffset</code>.
*
* @param input the input buffer
* @param inputOffset the offset in <code>input</code> where the input
* starts
* @param inputLen the input length
* @param output the buffer for the result
* @param outputOffset the offset in <code>output</code> where the result
* is stored
*
* @return the number of bytes stored in <code>output</code>
*
* @exception ShortBufferException if the given output buffer is too small
* to hold the result
*/
int update(byte[] input, int inputOffset, int inputLen,
byte[] output, int outputOffset)
throws ShortBufferException {
return cipher.update(input, inputOffset, inputLen,
output, outputOffset);
}
/**
* Encrypts or decrypts data in a single-part operation,
* or finishes a multiple-part operation.
* The data is encrypted or decrypted, depending on how this cipher was
* initialized.
*
* <p>The first <code>inputLen</code> bytes in the <code>input</code>
* buffer, starting at <code>inputOffset</code>, and any input bytes that
* may have been buffered during a previous <code>update</code> operation,
* are processed, with padding (if requested) being applied.
* The result is stored in a new buffer.
*
* <p>The cipher is reset to its initial state (uninitialized) after this
* call.
*
* @param input the input buffer
* @param inputOffset the offset in <code>input</code> where the input
* starts
* @param inputLen the input length
*
* @return the new buffer with the result
*
* @exception IllegalBlockSizeException if this cipher is a block cipher,
* no padding has been requested (only in encryption mode), and the total
* input length of the data processed by this cipher is not a multiple of
* block size
* @exception BadPaddingException if decrypting and padding is choosen,
* but the last input data does not have proper padding bytes.
*/
byte[] doFinal(byte[] input, int inputOffset, int inputLen)
throws IllegalBlockSizeException, BadPaddingException {
return cipher.doFinal(input, inputOffset, inputLen);
}
/**
* Encrypts or decrypts data in a single-part operation,
* or finishes a multiple-part operation.
* The data is encrypted or decrypted, depending on how this cipher was
* initialized.
*
* <p>The first <code>inputLen</code> bytes in the <code>input</code>
* buffer, starting at <code>inputOffset</code>, and any input bytes that
* may have been buffered during a previous <code>update</code> operation,
* are processed, with padding (if requested) being applied.
* The result is stored in the <code>output</code> buffer, starting at
* <code>outputOffset</code>.
*
* <p>The cipher is reset to its initial state (uninitialized) after this
* call.
*
* @param input the input buffer
* @param inputOffset the offset in <code>input</code> where the input
* starts
* @param inputLen the input length
* @param output the buffer for the result
* @param outputOffset the offset in <code>output</code> where the result
* is stored
*
* @return the number of bytes stored in <code>output</code>
*
* @exception IllegalBlockSizeException if this cipher is a block cipher,
* no padding has been requested (only in encryption mode), and the total
* input length of the data processed by this cipher is not a multiple of
* block size
* @exception ShortBufferException if the given output buffer is too small
* to hold the result
* @exception BadPaddingException if decrypting and padding is choosen,
* but the last input data does not have proper padding bytes.
*/
int doFinal(byte[] input, int inputOffset, int inputLen,
byte[] output, int outputOffset)
throws ShortBufferException, IllegalBlockSizeException,
BadPaddingException {
return cipher.doFinal(input, inputOffset, inputLen,
output, outputOffset);
}
/**
* Wrap a key.
*
* @param key the key to be wrapped.
*
* @return the wrapped key.
*
* @exception IllegalBlockSizeException if this cipher is a block
* cipher, no padding has been requested, and the length of the
* encoding of the key to be wrapped is not a
* multiple of the block size.
*
* @exception InvalidKeyException if it is impossible or unsafe to
* wrap the key with this cipher (e.g., a hardware protected key is
* being passed to a software only cipher).
*/
byte[] wrap(Key key)
throws IllegalBlockSizeException, InvalidKeyException {
byte[] result = null;
try {
byte[] encodedKey = key.getEncoded();
if ((encodedKey == null) || (encodedKey.length == 0)) {
throw new InvalidKeyException("Cannot get an encoding of " +
"the key to be wrapped");
}
result = doFinal(encodedKey, 0, encodedKey.length);
} catch (BadPaddingException e) {
// Should never happen
}
return result;
}
/**
* Unwrap a previously wrapped key.
*
* @param wrappedKey the key to be unwrapped.
*
* @param wrappedKeyAlgorithm the algorithm the wrapped key is for.
*
* @param wrappedKeyType the type of the wrapped key.
* This is one of <code>Cipher.SECRET_KEY</code>,
* <code>Cipher.PRIVATE_KEY</code>, or <code>Cipher.PUBLIC_KEY</code>.
*
* @return the unwrapped key.
*
* @exception NoSuchAlgorithmException if no installed providers
* can create keys of type <code>wrappedKeyType</code> for the
* <code>wrappedKeyAlgorithm</code>.
*
* @exception InvalidKeyException if <code>wrappedKey</code> does not
* represent a wrapped key of type <code>wrappedKeyType</code> for
* the <code>wrappedKeyAlgorithm</code>.
*/
Key unwrap(byte[] wrappedKey,
String wrappedKeyAlgorithm,
int wrappedKeyType)
throws InvalidKeyException, NoSuchAlgorithmException {
byte[] encodedKey;
try {
encodedKey = doFinal(wrappedKey, 0, wrappedKey.length);
} catch (BadPaddingException ePadding) {
throw new InvalidKeyException("The wrapped key is not padded " +
"correctly");
} catch (IllegalBlockSizeException eBlockSize) {
throw new InvalidKeyException("The wrapped key does not have " +
"the correct length");
}
return ConstructKeys.constructKey(encodedKey, wrappedKeyAlgorithm,
wrappedKeyType);
}
}

421
jdk/src/share/classes/com/sun/crypto/provider/PBES2Core.java Normal file
View File

@ -0,0 +1,421 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.crypto.provider;
import java.io.UnsupportedEncodingException;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.interfaces.*;
import javax.crypto.spec.*;
/**
* This class represents password-based encryption as defined by the PKCS #5
* standard.
* These algorithms implement PBE with HmacSHA1/HmacSHA2-family and AES-CBC.
* Padding is done as described in PKCS #5.
*
* @author Jan Luehe
*
*
* @see javax.crypto.Cipher
*/
abstract class PBES2Core extends CipherSpi {
private static final int DEFAULT_SALT_LENGTH = 20;
private static final int DEFAULT_COUNT = 4096;
// the encapsulated cipher
private final CipherCore cipher;
private final int keyLength; // in bits
private final int blkSize; // in bits
private final PBKDF2Core kdf;
private final String pbeAlgo;
private final String cipherAlgo;
private int iCount = DEFAULT_COUNT;
private byte[] salt = null;
private IvParameterSpec ivSpec = null;
/**
* Creates an instance of PBE Scheme 2 according to the selected
* password-based key derivation function and encryption scheme.
*/
PBES2Core(String kdfAlgo, String cipherAlgo, int keySize)
throws NoSuchAlgorithmException, NoSuchPaddingException {
this.cipherAlgo = cipherAlgo;
keyLength = keySize * 8;
pbeAlgo = "PBEWith" + kdfAlgo + "And" + cipherAlgo + "_" + keyLength;
if (cipherAlgo.equals("AES")) {
blkSize = AESConstants.AES_BLOCK_SIZE;
cipher = new CipherCore(new AESCrypt(), blkSize);
switch(kdfAlgo) {
case "HmacSHA1":
kdf = new PBKDF2Core.HmacSHA1();
break;
case "HmacSHA224":
kdf = new PBKDF2Core.HmacSHA224();
break;
case "HmacSHA256":
kdf = new PBKDF2Core.HmacSHA256();
break;
case "HmacSHA384":
kdf = new PBKDF2Core.HmacSHA384();
break;
case "HmacSHA512":
kdf = new PBKDF2Core.HmacSHA512();
break;
default:
throw new NoSuchAlgorithmException(
"No Cipher implementation for " + kdfAlgo);
}
} else {
throw new NoSuchAlgorithmException("No Cipher implementation for " +
pbeAlgo);
}
cipher.setMode("CBC");
cipher.setPadding("PKCS5Padding");
}
protected void engineSetMode(String mode) throws NoSuchAlgorithmException {
if ((mode != null) && (!mode.equalsIgnoreCase("CBC"))) {
throw new NoSuchAlgorithmException("Invalid cipher mode: " + mode);
}
}
protected void engineSetPadding(String paddingScheme)
throws NoSuchPaddingException {
if ((paddingScheme != null) &&
(!paddingScheme.equalsIgnoreCase("PKCS5Padding"))) {
throw new NoSuchPaddingException("Invalid padding scheme: " +
paddingScheme);
}
}
protected int engineGetBlockSize() {
return blkSize;
}
protected int engineGetOutputSize(int inputLen) {
return cipher.getOutputSize(inputLen);
}
protected byte[] engineGetIV() {
return cipher.getIV();
}
protected AlgorithmParameters engineGetParameters() {
AlgorithmParameters params = null;
if (salt == null) {
// generate random salt and use default iteration count
salt = new byte[DEFAULT_SALT_LENGTH];
SunJCE.RANDOM.nextBytes(salt);
iCount = DEFAULT_COUNT;
}
if (ivSpec == null) {
// generate random IV
byte[] ivBytes = new byte[blkSize];
SunJCE.RANDOM.nextBytes(ivBytes);
ivSpec = new IvParameterSpec(ivBytes);
}
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount, ivSpec);
try {
params = AlgorithmParameters.getInstance(pbeAlgo, "SunJCE");
} catch (NoSuchAlgorithmException nsae) {
// should never happen
throw new RuntimeException("SunJCE called, but not configured");
} catch (NoSuchProviderException nspe) {
// should never happen
throw new RuntimeException("SunJCE called, but not configured");
}
try {
params.init(pbeSpec);
} catch (InvalidParameterSpecException ipse) {
// should never happen
throw new RuntimeException("PBEParameterSpec not supported");
}
return params;
}
protected void engineInit(int opmode, Key key, SecureRandom random)
throws InvalidKeyException {
try {
engineInit(opmode, key, (AlgorithmParameterSpec) null, random);
} catch (InvalidAlgorithmParameterException ie) {
InvalidKeyException ike =
new InvalidKeyException("requires PBE parameters");
ike.initCause(ie);
throw ike;
}
}
protected void engineInit(int opmode, Key key,
AlgorithmParameterSpec params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
if ((key == null) ||
(key.getEncoded() == null) ||
!(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
throw new InvalidKeyException("Missing password");
}
// TBD: consolidate the salt, ic and IV parameter checks below
// Extract salt and iteration count from the key, if present
if (key instanceof javax.crypto.interfaces.PBEKey) {
salt = ((javax.crypto.interfaces.PBEKey)key).getSalt();
if (salt != null && salt.length < 8) {
throw new InvalidAlgorithmParameterException(
"Salt must be at least 8 bytes long");
}
iCount = ((javax.crypto.interfaces.PBEKey)key).getIterationCount();
if (iCount == 0) {
iCount = DEFAULT_COUNT;
} else if (iCount < 0) {
throw new InvalidAlgorithmParameterException(
"Iteration count must be a positive number");
}
}
// Extract salt, iteration count and IV from the params, if present
if (params == null) {
if (salt == null) {
// generate random salt and use default iteration count
salt = new byte[DEFAULT_SALT_LENGTH];
random.nextBytes(salt);
iCount = DEFAULT_COUNT;
}
if ((opmode == Cipher.ENCRYPT_MODE) ||
(opmode == Cipher.WRAP_MODE)) {
// generate random IV
byte[] ivBytes = new byte[blkSize];
random.nextBytes(ivBytes);
ivSpec = new IvParameterSpec(ivBytes);
}
} else {
if (!(params instanceof PBEParameterSpec)) {
throw new InvalidAlgorithmParameterException
("Wrong parameter type: PBE expected");
}
// salt and iteration count from the params take precedence
byte[] specSalt = ((PBEParameterSpec) params).getSalt();
if (specSalt != null && specSalt.length < 8) {
throw new InvalidAlgorithmParameterException(
"Salt must be at least 8 bytes long");
}
salt = specSalt;
int specICount = ((PBEParameterSpec) params).getIterationCount();
if (specICount == 0) {
specICount = DEFAULT_COUNT;
} else if (specICount < 0) {
throw new InvalidAlgorithmParameterException(
"Iteration count must be a positive number");
}
iCount = specICount;
AlgorithmParameterSpec specParams =
((PBEParameterSpec) params).getParameterSpec();
if (specParams != null) {
if (specParams instanceof IvParameterSpec) {
ivSpec = (IvParameterSpec)specParams;
} else {
throw new InvalidAlgorithmParameterException(
"Wrong parameter type: IV expected");
}
} else if ((opmode == Cipher.ENCRYPT_MODE) ||
(opmode == Cipher.WRAP_MODE)) {
// generate random IV
byte[] ivBytes = new byte[blkSize];
random.nextBytes(ivBytes);
ivSpec = new IvParameterSpec(ivBytes);
} else {
throw new InvalidAlgorithmParameterException(
"Missing parameter type: IV expected");
}
}
SecretKeySpec cipherKey = null;
byte[] derivedKey = null;
byte[] passwdBytes = key.getEncoded();
char[] passwdChars = new char[passwdBytes.length];
for (int i=0; i<passwdChars.length; i++)
passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
PBEKeySpec pbeSpec =
new PBEKeySpec(passwdChars, salt, iCount, blkSize * 8);
// password char[] was cloned in PBEKeySpec constructor,
// so we can zero it out here
java.util.Arrays.fill(passwdChars, ' ');
java.util.Arrays.fill(passwdBytes, (byte)0x00);
SecretKey s = null;
try {
s = kdf.engineGenerateSecret(pbeSpec);
} catch (InvalidKeySpecException ikse) {
InvalidKeyException ike =
new InvalidKeyException("Cannot construct PBE key");
ike.initCause(ikse);
throw ike;
}
derivedKey = s.getEncoded();
cipherKey = new SecretKeySpec(derivedKey, cipherAlgo);
// initialize the underlying cipher
cipher.init(opmode, cipherKey, ivSpec, random);
}
protected void engineInit(int opmode, Key key, AlgorithmParameters params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
AlgorithmParameterSpec pbeSpec = null;
if (params != null) {
try {
pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
throw new InvalidAlgorithmParameterException(
"Wrong parameter type: PBE expected");
}
}
engineInit(opmode, key, pbeSpec, random);
}
protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen) {
return cipher.update(input, inputOffset, inputLen);
}
protected int engineUpdate(byte[] input, int inputOffset, int inputLen,
byte[] output, int outputOffset)
throws ShortBufferException {
return cipher.update(input, inputOffset, inputLen,
output, outputOffset);
}
protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
throws IllegalBlockSizeException, BadPaddingException {
return cipher.doFinal(input, inputOffset, inputLen);
}
protected int engineDoFinal(byte[] input, int inputOffset, int inputLen,
byte[] output, int outputOffset)
throws ShortBufferException, IllegalBlockSizeException,
BadPaddingException {
return cipher.doFinal(input, inputOffset, inputLen,
output, outputOffset);
}
protected int engineGetKeySize(Key key) throws InvalidKeyException {
return keyLength;
}
protected byte[] engineWrap(Key key)
throws IllegalBlockSizeException, InvalidKeyException {
return cipher.wrap(key);
}
protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm,
int wrappedKeyType)
throws InvalidKeyException, NoSuchAlgorithmException {
byte[] encodedKey;
return cipher.unwrap(wrappedKey, wrappedKeyAlgorithm,
wrappedKeyType);
}
public static final class HmacSHA1AndAES_128 extends PBES2Core {
public HmacSHA1AndAES_128()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA1", "AES", 16);
}
}
public static final class HmacSHA224AndAES_128 extends PBES2Core {
public HmacSHA224AndAES_128()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA224", "AES", 16);
}
}
public static final class HmacSHA256AndAES_128 extends PBES2Core {
public HmacSHA256AndAES_128()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA256", "AES", 16);
}
}
public static final class HmacSHA384AndAES_128 extends PBES2Core {
public HmacSHA384AndAES_128()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA384", "AES", 16);
}
}
public static final class HmacSHA512AndAES_128 extends PBES2Core {
public HmacSHA512AndAES_128()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA512", "AES", 16);
}
}
public static final class HmacSHA1AndAES_256 extends PBES2Core {
public HmacSHA1AndAES_256()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA1", "AES", 32);
}
}
public static final class HmacSHA224AndAES_256 extends PBES2Core {
public HmacSHA224AndAES_256()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA224", "AES", 32);
}
}
public static final class HmacSHA256AndAES_256 extends PBES2Core {
public HmacSHA256AndAES_256()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA256", "AES", 32);
}
}
public static final class HmacSHA384AndAES_256 extends PBES2Core {
public HmacSHA384AndAES_256()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA384", "AES", 32);
}
}
public static final class HmacSHA512AndAES_256 extends PBES2Core {
public HmacSHA512AndAES_256()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA512", "AES", 32);
}
}
}

522
jdk/src/share/classes/com/sun/crypto/provider/PBES2Parameters.java Normal file
View File

@ -0,0 +1,522 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.crypto.provider;
import java.io.*;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.AlgorithmParametersSpi;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEParameterSpec;
import sun.misc.HexDumpEncoder;
import sun.security.util.*;
/**
* This class implements the parameter set used with password-based
* encryption scheme 2 (PBES2), which is defined in PKCS#5 as follows:
*
* <pre>
* -- PBES2
*
* PBES2Algorithms ALGORITHM-IDENTIFIER ::=
* { {PBES2-params IDENTIFIED BY id-PBES2}, ...}
*
* id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
*
* PBES2-params ::= SEQUENCE {
* keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
* encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} }
*
* PBES2-KDFs ALGORITHM-IDENTIFIER ::=
* { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }
*
* PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
*
* -- PBKDF2
*
* PBKDF2Algorithms ALGORITHM-IDENTIFIER ::=
* { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ...}
*
* id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
*
* PBKDF2-params ::= SEQUENCE {
* salt CHOICE {
* specified OCTET STRING,
* otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
* },
* iterationCount INTEGER (1..MAX),
* keyLength INTEGER (1..MAX) OPTIONAL,
* prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
* }
*
* PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... }
*
* PBKDF2-PRFs ALGORITHM-IDENTIFIER ::= {
* {NULL IDENTIFIED BY id-hmacWithSHA1} |
* {NULL IDENTIFIED BY id-hmacWithSHA224} |
* {NULL IDENTIFIED BY id-hmacWithSHA256} |
* {NULL IDENTIFIED BY id-hmacWithSHA384} |
* {NULL IDENTIFIED BY id-hmacWithSHA512}, ... }
*
* algid-hmacWithSHA1 AlgorithmIdentifier {{PBKDF2-PRFs}} ::=
* {algorithm id-hmacWithSHA1, parameters NULL : NULL}
*
* id-hmacWithSHA1 OBJECT IDENTIFIER ::= {digestAlgorithm 7}
*
* PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
*
* </pre>
*/
abstract class PBES2Parameters extends AlgorithmParametersSpi {
private static final int pkcs5PBKDF2[] =
{1, 2, 840, 113549, 1, 5, 12};
private static final int pkcs5PBES2[] =
{1, 2, 840, 113549, 1, 5, 13};
private static final int hmacWithSHA1[] =
{1, 2, 840, 113549, 2, 7};
private static final int hmacWithSHA224[] =
{1, 2, 840, 113549, 2, 8};
private static final int hmacWithSHA256[] =
{1, 2, 840, 113549, 2, 9};
private static final int hmacWithSHA384[] =
{1, 2, 840, 113549, 2, 10};
private static final int hmacWithSHA512[] =
{1, 2, 840, 113549, 2, 11};
private static final int aes128CBC[] =
{2, 16, 840, 1, 101, 3, 4, 1, 2};
private static final int aes192CBC[] =
{2, 16, 840, 1, 101, 3, 4, 1, 22};
private static final int aes256CBC[] =
{2, 16, 840, 1, 101, 3, 4, 1, 42};
private static ObjectIdentifier pkcs5PBKDF2_OID;
private static ObjectIdentifier pkcs5PBES2_OID;
private static ObjectIdentifier hmacWithSHA1_OID;
private static ObjectIdentifier hmacWithSHA224_OID;
private static ObjectIdentifier hmacWithSHA256_OID;
private static ObjectIdentifier hmacWithSHA384_OID;
private static ObjectIdentifier hmacWithSHA512_OID;
private static ObjectIdentifier aes128CBC_OID;
private static ObjectIdentifier aes192CBC_OID;
private static ObjectIdentifier aes256CBC_OID;
static {
try {
pkcs5PBKDF2_OID = new ObjectIdentifier(pkcs5PBKDF2);
pkcs5PBES2_OID = new ObjectIdentifier(pkcs5PBES2);
hmacWithSHA1_OID = new ObjectIdentifier(hmacWithSHA1);
hmacWithSHA224_OID = new ObjectIdentifier(hmacWithSHA224);
hmacWithSHA256_OID = new ObjectIdentifier(hmacWithSHA256);
hmacWithSHA384_OID = new ObjectIdentifier(hmacWithSHA384);
hmacWithSHA512_OID = new ObjectIdentifier(hmacWithSHA512);
aes128CBC_OID = new ObjectIdentifier(aes128CBC);
aes192CBC_OID = new ObjectIdentifier(aes192CBC);
aes256CBC_OID = new ObjectIdentifier(aes256CBC);
} catch (IOException ioe) {
// should not happen
}
}
// the PBES2 algorithm name
private String pbes2AlgorithmName = null;
// the salt
private byte[] salt = null;
// the iteration count
private int iCount = 0;
// the cipher parameter
private AlgorithmParameterSpec cipherParam = null;
// the key derivation function (default is HmacSHA1)
private ObjectIdentifier kdfAlgo_OID = hmacWithSHA1_OID;
// the encryption function
private ObjectIdentifier cipherAlgo_OID = null;
// the cipher keysize (in bits)
private int keysize = -1;
PBES2Parameters() {
// KDF, encryption & keysize values are set later, in engineInit(byte[])
}
PBES2Parameters(String pbes2AlgorithmName) throws NoSuchAlgorithmException {
int and;
String kdfAlgo = null;
String cipherAlgo = null;
// Extract the KDF and encryption algorithm names
this.pbes2AlgorithmName = pbes2AlgorithmName;
if (pbes2AlgorithmName.startsWith("PBEWith") &&
(and = pbes2AlgorithmName.indexOf("And", 7 + 1)) > 0) {
kdfAlgo = pbes2AlgorithmName.substring(7, and);
cipherAlgo = pbes2AlgorithmName.substring(and + 3);
// Check for keysize
int underscore;
if ((underscore = cipherAlgo.indexOf('_')) > 0) {
int slash;
if ((slash = cipherAlgo.indexOf('/', underscore + 1)) > 0) {
keysize =
Integer.parseInt(cipherAlgo.substring(underscore + 1,
slash));
} else {
keysize =
Integer.parseInt(cipherAlgo.substring(underscore + 1));
}
cipherAlgo = cipherAlgo.substring(0, underscore);
}
} else {
throw new NoSuchAlgorithmException("No crypto implementation for " +
pbes2AlgorithmName);
}
switch (kdfAlgo) {
case "HmacSHA1":
kdfAlgo_OID = hmacWithSHA1_OID;
break;
case "HmacSHA224":
kdfAlgo_OID = hmacWithSHA224_OID;
break;
case "HmacSHA256":
kdfAlgo_OID = hmacWithSHA256_OID;
break;
case "HmacSHA384":
kdfAlgo_OID = hmacWithSHA384_OID;
break;
case "HmacSHA512":
kdfAlgo_OID = hmacWithSHA512_OID;
break;
default:
throw new NoSuchAlgorithmException(
"No crypto implementation for " + kdfAlgo);
}
if (cipherAlgo.equals("AES")) {
this.keysize = keysize;
switch (keysize) {
case 128:
cipherAlgo_OID = aes128CBC_OID;
break;
case 256:
cipherAlgo_OID = aes256CBC_OID;
break;
default:
throw new NoSuchAlgorithmException(
"No Cipher implementation for " + keysize + "-bit " +
cipherAlgo);
}
} else {
throw new NoSuchAlgorithmException("No Cipher implementation for " +
cipherAlgo);
}
}
protected void engineInit(AlgorithmParameterSpec paramSpec)
throws InvalidParameterSpecException
{
if (!(paramSpec instanceof PBEParameterSpec)) {
throw new InvalidParameterSpecException
("Inappropriate parameter specification");
}
this.salt = ((PBEParameterSpec)paramSpec).getSalt().clone();
this.iCount = ((PBEParameterSpec)paramSpec).getIterationCount();
this.cipherParam = ((PBEParameterSpec)paramSpec).getParameterSpec();
}
protected void engineInit(byte[] encoded)
throws IOException
{
String kdfAlgo = null;
String cipherAlgo = null;
DerValue pBES2Algorithms = new DerValue(encoded);
if (pBES2Algorithms.tag != DerValue.tag_Sequence) {
throw new IOException("PBE parameter parsing error: "
+ "not an ASN.1 SEQUENCE tag");
}
if (!pkcs5PBES2_OID.equals(pBES2Algorithms.data.getOID())) {
throw new IOException("PBE parameter parsing error: "
+ "expecting the object identifier for PBES2");
}
if (pBES2Algorithms.tag != DerValue.tag_Sequence) {
throw new IOException("PBE parameter parsing error: "
+ "not an ASN.1 SEQUENCE tag");
}
DerValue pBES2_params = pBES2Algorithms.data.getDerValue();
if (pBES2_params.tag != DerValue.tag_Sequence) {
throw new IOException("PBE parameter parsing error: "
+ "not an ASN.1 SEQUENCE tag");
}
kdfAlgo = parseKDF(pBES2_params.data.getDerValue());
if (pBES2_params.tag != DerValue.tag_Sequence) {
throw new IOException("PBE parameter parsing error: "
+ "not an ASN.1 SEQUENCE tag");
}
cipherAlgo = parseES(pBES2_params.data.getDerValue());
pbes2AlgorithmName = new StringBuilder().append("PBEWith")
.append(kdfAlgo).append("And").append(cipherAlgo).toString();
}
private String parseKDF(DerValue keyDerivationFunc) throws IOException {
String kdfAlgo = null;
if (!pkcs5PBKDF2_OID.equals(keyDerivationFunc.data.getOID())) {
throw new IOException("PBE parameter parsing error: "
+ "expecting the object identifier for PBKDF2");
}
if (keyDerivationFunc.tag != DerValue.tag_Sequence) {
throw new IOException("PBE parameter parsing error: "
+ "not an ASN.1 SEQUENCE tag");
}
DerValue pBKDF2_params = keyDerivationFunc.data.getDerValue();
if (pBKDF2_params.tag != DerValue.tag_Sequence) {
throw new IOException("PBE parameter parsing error: "
+ "not an ASN.1 SEQUENCE tag");
}
DerValue specified = pBKDF2_params.data.getDerValue();
// the 'specified' ASN.1 CHOICE for 'salt' is supported
if (specified.tag == DerValue.tag_OctetString) {
salt = specified.getOctetString();
} else {
// the 'otherSource' ASN.1 CHOICE for 'salt' is not supported
throw new IOException("PBE parameter parsing error: "
+ "not an ASN.1 OCTET STRING tag");
}
iCount = pBKDF2_params.data.getInteger();
DerValue keyLength = pBKDF2_params.data.getDerValue();
if (keyLength.tag == DerValue.tag_Integer) {
keysize = keyLength.getInteger() * 8; // keysize (in bits)
}
if (pBKDF2_params.tag == DerValue.tag_Sequence) {
DerValue prf = pBKDF2_params.data.getDerValue();
kdfAlgo_OID = prf.data.getOID();
if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA1";
} else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA224";
} else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA256";
} else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA384";
} else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA512";
} else {
throw new IOException("PBE parameter parsing error: "
+ "expecting the object identifier for a HmacSHA key "
+ "derivation function");
}
if (prf.data.available() != 0) {
// parameter is 'NULL' for all HmacSHA KDFs
DerValue parameter = prf.data.getDerValue();
if (parameter.tag != DerValue.tag_Null) {
throw new IOException("PBE parameter parsing error: "
+ "not an ASN.1 NULL tag");
}
}
}
return kdfAlgo;
}
private String parseES(DerValue encryptionScheme) throws IOException {
String cipherAlgo = null;
cipherAlgo_OID = encryptionScheme.data.getOID();
if (aes128CBC_OID.equals(cipherAlgo_OID)) {
cipherAlgo = "AES_128";
// parameter is AES-IV 'OCTET STRING (SIZE(16))'
cipherParam =
new IvParameterSpec(encryptionScheme.data.getOctetString());
keysize = 128;
} else if (aes256CBC_OID.equals(cipherAlgo_OID)) {
cipherAlgo = "AES_256";
// parameter is AES-IV 'OCTET STRING (SIZE(16))'
cipherParam =
new IvParameterSpec(encryptionScheme.data.getOctetString());
keysize = 256;
} else {
throw new IOException("PBE parameter parsing error: "
+ "expecting the object identifier for AES cipher");
}
return cipherAlgo;
}
protected void engineInit(byte[] encoded, String decodingMethod)
throws IOException
{
engineInit(encoded);
}
protected <T extends AlgorithmParameterSpec>
T engineGetParameterSpec(Class<T> paramSpec)
throws InvalidParameterSpecException
{
if (PBEParameterSpec.class.isAssignableFrom(paramSpec)) {
return paramSpec.cast(
new PBEParameterSpec(this.salt, this.iCount, this.cipherParam));
} else {
throw new InvalidParameterSpecException
("Inappropriate parameter specification");
}
}
protected byte[] engineGetEncoded() throws IOException {
DerOutputStream out = new DerOutputStream();
DerOutputStream pBES2Algorithms = new DerOutputStream();
pBES2Algorithms.putOID(pkcs5PBES2_OID);
DerOutputStream pBES2_params = new DerOutputStream();
DerOutputStream keyDerivationFunc = new DerOutputStream();
keyDerivationFunc.putOID(pkcs5PBKDF2_OID);
DerOutputStream pBKDF2_params = new DerOutputStream();
pBKDF2_params.putOctetString(salt); // choice: 'specified OCTET STRING'
pBKDF2_params.putInteger(iCount);
pBKDF2_params.putInteger(keysize / 8); // derived key length (in octets)
DerOutputStream prf = new DerOutputStream();
// algorithm is id-hmacWithSHA1/SHA224/SHA256/SHA384/SHA512
prf.putOID(kdfAlgo_OID);
// parameters is 'NULL'
prf.putNull();
pBKDF2_params.write(DerValue.tag_Sequence, prf);
keyDerivationFunc.write(DerValue.tag_Sequence, pBKDF2_params);
pBES2_params.write(DerValue.tag_Sequence, keyDerivationFunc);
DerOutputStream encryptionScheme = new DerOutputStream();
// algorithm is id-aes128-CBC or id-aes256-CBC
encryptionScheme.putOID(cipherAlgo_OID);
// parameters is 'AES-IV ::= OCTET STRING (SIZE(16))'
if (cipherParam != null && cipherParam instanceof IvParameterSpec) {
encryptionScheme.putOctetString(
((IvParameterSpec)cipherParam).getIV());
} else {
throw new IOException("Wrong parameter type: IV expected");
}
pBES2_params.write(DerValue.tag_Sequence, encryptionScheme);
pBES2Algorithms.write(DerValue.tag_Sequence, pBES2_params);
out.write(DerValue.tag_Sequence, pBES2Algorithms);
return out.toByteArray();
}
protected byte[] engineGetEncoded(String encodingMethod)
throws IOException
{
return engineGetEncoded();
}
/*
* Returns a formatted string describing the parameters.
*
* The algorithn name pattern is: "PBEWith<prf>And<encryption>"
* where <prf> is one of: HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384,
* or HmacSHA512, and <encryption> is AES with a keysize suffix.
*/
protected String engineToString() {
return pbes2AlgorithmName;
}
public static final class General extends PBES2Parameters {
public General() throws NoSuchAlgorithmException {
super();
}
}
public static final class HmacSHA1AndAES_128 extends PBES2Parameters {
public HmacSHA1AndAES_128() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA1AndAES_128");
}
}
public static final class HmacSHA224AndAES_128 extends PBES2Parameters {
public HmacSHA224AndAES_128() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA224AndAES_128");
}
}
public static final class HmacSHA256AndAES_128 extends PBES2Parameters {
public HmacSHA256AndAES_128() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA256AndAES_128");
}
}
public static final class HmacSHA384AndAES_128 extends PBES2Parameters {
public HmacSHA384AndAES_128() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA384AndAES_128");
}
}
public static final class HmacSHA512AndAES_128 extends PBES2Parameters {
public HmacSHA512AndAES_128() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA512AndAES_128");
}
}
public static final class HmacSHA1AndAES_256 extends PBES2Parameters {
public HmacSHA1AndAES_256() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA1AndAES_256");
}
}
public static final class HmacSHA224AndAES_256 extends PBES2Parameters {
public HmacSHA224AndAES_256() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA224AndAES_256");
}
}
public static final class HmacSHA256AndAES_256 extends PBES2Parameters {
public HmacSHA256AndAES_256() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA256AndAES_256");
}
}
public static final class HmacSHA384AndAES_256 extends PBES2Parameters {
public HmacSHA384AndAES_256() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA384AndAES_256");
}
}
public static final class HmacSHA512AndAES_256 extends PBES2Parameters {
public HmacSHA512AndAES_256() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA512AndAES_256");
}
}
}

6
jdk/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -45,7 +45,7 @@ import javax.crypto.spec.*;
public final class PBEWithMD5AndDESCipher extends CipherSpi {
// the encapsulated DES cipher
private PBECipherCore core;
private PBES1Core core;
/**
* Creates an instance of this cipher, and initializes its mode (CBC) and
@ -58,7 +58,7 @@ public final class PBEWithMD5AndDESCipher extends CipherSpi {
*/
public PBEWithMD5AndDESCipher()
throws NoSuchAlgorithmException, NoSuchPaddingException {
core = new PBECipherCore("DES");
core = new PBES1Core("DES");
}
/**

6
jdk/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -55,7 +55,7 @@ import javax.crypto.spec.*;
*/
public final class PBEWithMD5AndTripleDESCipher extends CipherSpi {
private PBECipherCore core;
private PBES1Core core;
/**
* Creates an instance of this cipher, and initializes its mode (CBC) and
@ -70,7 +70,7 @@ public final class PBEWithMD5AndTripleDESCipher extends CipherSpi {
throws NoSuchAlgorithmException, NoSuchPaddingException
{
// set the encapsulated cipher to do triple DES
core = new PBECipherCore("DESede");
core = new PBES1Core("DESede");
}
/**

182
jdk/src/share/classes/com/sun/crypto/provider/PBKDF2Core.java Normal file
View File

@ -0,0 +1,182 @@
/*
* Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.crypto.provider;
import java.security.InvalidKeyException;
import java.security.spec.KeySpec;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactorySpi;
import javax.crypto.spec.PBEKeySpec;
/**
* This class implements a key factory for PBE keys derived using
* PBKDF2 with HmacSHA1/HmacSHA224/HmacSHA256/HmacSHA384/HmacSHA512
* pseudo random function (PRF) as defined in PKCS#5 v2.1.
*
* @author Valerie Peng
*
*/
abstract class PBKDF2Core extends SecretKeyFactorySpi {
private final String prfAlgo;
PBKDF2Core(String prfAlgo) {
this.prfAlgo = prfAlgo;
}
/**
* Generates a <code>SecretKey</code> object from the provided key
* specification (key material).
*
* @param keySpec the specification (key material) of the secret key
*
* @return the secret key
*
* @exception InvalidKeySpecException if the given key specification
* is inappropriate for this key factory to produce a public key.
*/
protected SecretKey engineGenerateSecret(KeySpec keySpec)
throws InvalidKeySpecException
{
if (!(keySpec instanceof PBEKeySpec)) {
throw new InvalidKeySpecException("Invalid key spec");
}
PBEKeySpec ks = (PBEKeySpec) keySpec;
return new PBKDF2KeyImpl(ks, prfAlgo);
}
/**
* Returns a specification (key material) of the given key
* in the requested format.
*
* @param key the key
*
* @param keySpec the requested format in which the key material shall be
* returned
*
* @return the underlying key specification (key material) in the
* requested format
*
* @exception InvalidKeySpecException if the requested key
* specification is inappropriate for the given key, or the
* given key cannot be processed (e.g., the given key has an
* unrecognized algorithm or format).
*/
protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpecCl)
throws InvalidKeySpecException {
if (key instanceof javax.crypto.interfaces.PBEKey) {
// Check if requested key spec is amongst the valid ones
if ((keySpecCl != null)
&& PBEKeySpec.class.isAssignableFrom(keySpecCl)) {
javax.crypto.interfaces.PBEKey pKey =
(javax.crypto.interfaces.PBEKey) key;
return new PBEKeySpec
(pKey.getPassword(), pKey.getSalt(),
pKey.getIterationCount(), pKey.getEncoded().length*8);
} else {
throw new InvalidKeySpecException("Invalid key spec");
}
} else {
throw new InvalidKeySpecException("Invalid key " +
"format/algorithm");
}
}
/**
* Translates a <code>SecretKey</code> object, whose provider may be
* unknown or potentially untrusted, into a corresponding
* <code>SecretKey</code> object of this key factory.
*
* @param key the key whose provider is unknown or untrusted
*
* @return the translated key
*
* @exception InvalidKeyException if the given key cannot be processed by
* this key factory.
*/
protected SecretKey engineTranslateKey(SecretKey key)
throws InvalidKeyException {
if ((key != null) &&
(key.getAlgorithm().equalsIgnoreCase("PBKDF2With" + prfAlgo)) &&
(key.getFormat().equalsIgnoreCase("RAW"))) {
// Check if key originates from this factory
if (key instanceof com.sun.crypto.provider.PBKDF2KeyImpl) {
return key;
}
// Check if key implements the PBEKey
if (key instanceof javax.crypto.interfaces.PBEKey) {
javax.crypto.interfaces.PBEKey pKey =
(javax.crypto.interfaces.PBEKey) key;
try {
PBEKeySpec spec =
new PBEKeySpec(pKey.getPassword(),
pKey.getSalt(),
pKey.getIterationCount(),
pKey.getEncoded().length*8);
return new PBKDF2KeyImpl(spec, prfAlgo);
} catch (InvalidKeySpecException re) {
InvalidKeyException ike = new InvalidKeyException
("Invalid key component(s)");
ike.initCause(re);
throw ike;
}
}
}
throw new InvalidKeyException("Invalid key format/algorithm");
}
public static final class HmacSHA1 extends PBKDF2Core {
public HmacSHA1() {
super("HmacSHA1");
}
}
public static final class HmacSHA224 extends PBKDF2Core {
public HmacSHA224() {
super("HmacSHA224");
}
}
public static final class HmacSHA256 extends PBKDF2Core {
public HmacSHA256() {
super("HmacSHA256");
}
}
public static final class HmacSHA384 extends PBKDF2Core {
public HmacSHA384() {
super("HmacSHA384");
}
}
public static final class HmacSHA512 extends PBKDF2Core {
public HmacSHA512() {
super("HmacSHA512");
}
}
}

216
jdk/src/share/classes/com/sun/crypto/provider/PBMAC1Core.java Normal file
View File

@ -0,0 +1,216 @@
/*
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.crypto.provider;
import java.util.Arrays;
import java.nio.ByteBuffer;
import javax.crypto.MacSpi;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import java.security.*;
import java.security.spec.*;
/**
* This is an implementation of the PBMAC1 algorithms as defined
* in PKCS#5 v2.1 standard.
*/
abstract class PBMAC1Core extends HmacCore {
private static final int DEFAULT_SALT_LENGTH = 20;
private static final int DEFAULT_COUNT = 4096;
private final String kdfAlgo;
private final String hashAlgo;
private final PBKDF2Core kdf;
private final int blockLength; // in octets
/**
* Creates an instance of PBMAC1 according to the selected
* password-based key derivation function.
*/
PBMAC1Core(String kdfAlgo, String hashAlgo, int blockLength)
throws NoSuchAlgorithmException {
super(hashAlgo, blockLength);
this.kdfAlgo = kdfAlgo;
this.hashAlgo = hashAlgo;
this.blockLength = blockLength;
switch(kdfAlgo) {
case "HmacSHA1":
kdf = new PBKDF2Core.HmacSHA1();
break;
case "HmacSHA224":
kdf = new PBKDF2Core.HmacSHA224();
break;
case "HmacSHA256":
kdf = new PBKDF2Core.HmacSHA256();
break;
case "HmacSHA384":
kdf = new PBKDF2Core.HmacSHA384();
break;
case "HmacSHA512":
kdf = new PBKDF2Core.HmacSHA512();
break;
default:
throw new NoSuchAlgorithmException(
"No MAC implementation for " + kdfAlgo);
}
}
/**
* Initializes the HMAC with the given secret key and algorithm parameters.
*
* @param key the secret key.
* @param params the algorithm parameters.
*
* @exception InvalidKeyException if the given key is inappropriate for
* initializing this MAC.
* @exception InvalidAlgorithmParameterException if the given algorithm
* parameters are inappropriate for this MAC.
*/
protected void engineInit(Key key, AlgorithmParameterSpec params)
throws InvalidKeyException, InvalidAlgorithmParameterException {
char[] passwdChars;
byte[] salt = null;
int iCount = 0;
if (key instanceof javax.crypto.interfaces.PBEKey) {
javax.crypto.interfaces.PBEKey pbeKey =
(javax.crypto.interfaces.PBEKey) key;
passwdChars = pbeKey.getPassword();
salt = pbeKey.getSalt(); // maybe null if unspecified
iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
} else if (key instanceof SecretKey) {
byte[] passwdBytes = key.getEncoded();
if ((passwdBytes == null) ||
!(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
throw new InvalidKeyException("Missing password");
}
passwdChars = new char[passwdBytes.length];
for (int i=0; i<passwdChars.length; i++) {
passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
}
} else {
throw new InvalidKeyException("SecretKey of PBE type required");
}
if (params == null) {
// generate default for salt and iteration count if necessary
if (salt == null) {
salt = new byte[DEFAULT_SALT_LENGTH];
SunJCE.RANDOM.nextBytes(salt);
}
if (iCount == 0) iCount = DEFAULT_COUNT;
} else if (!(params instanceof PBEParameterSpec)) {
throw new InvalidAlgorithmParameterException
("PBEParameterSpec type required");
} else {
PBEParameterSpec pbeParams = (PBEParameterSpec) params;
// make sure the parameter values are consistent
if (salt != null) {
if (!Arrays.equals(salt, pbeParams.getSalt())) {
throw new InvalidAlgorithmParameterException
("Inconsistent value of salt between key and params");
}
} else {
salt = pbeParams.getSalt();
}
if (iCount != 0) {
if (iCount != pbeParams.getIterationCount()) {
throw new InvalidAlgorithmParameterException
("Different iteration count between key and params");
}
} else {
iCount = pbeParams.getIterationCount();
}
}
// For security purpose, we need to enforce a minimum length
// for salt; just require the minimum salt length to be 8-byte
// which is what PKCS#5 recommends and openssl does.
if (salt.length < 8) {
throw new InvalidAlgorithmParameterException
("Salt must be at least 8 bytes long");
}
if (iCount <= 0) {
throw new InvalidAlgorithmParameterException
("IterationCount must be a positive number");
}
PBEKeySpec pbeSpec =
new PBEKeySpec(passwdChars, salt, iCount, blockLength);
// password char[] was cloned in PBEKeySpec constructor,
// so we can zero it out here
java.util.Arrays.fill(passwdChars, ' ');
SecretKey s = null;
try {
s = kdf.engineGenerateSecret(pbeSpec);
} catch (InvalidKeySpecException ikse) {
InvalidKeyException ike =
new InvalidKeyException("Cannot construct PBE key");
ike.initCause(ikse);
throw ike;
}
byte[] derivedKey = s.getEncoded();
SecretKey cipherKey = new SecretKeySpec(derivedKey, kdfAlgo);
super.engineInit(cipherKey, null);
}
public static final class HmacSHA1 extends PBMAC1Core {
public HmacSHA1() throws NoSuchAlgorithmException {
super("HmacSHA1", "SHA1", 64);
}
}
public static final class HmacSHA224 extends PBMAC1Core {
public HmacSHA224() throws NoSuchAlgorithmException {
super("HmacSHA224", "SHA-224", 64);
}
}
public static final class HmacSHA256 extends PBMAC1Core {
public HmacSHA256() throws NoSuchAlgorithmException {
super("HmacSHA256", "SHA-256", 64);
}
}
public static final class HmacSHA384 extends PBMAC1Core {
public HmacSHA384() throws NoSuchAlgorithmException {
super("HmacSHA384", "SHA-384", 128);
}
}
public static final class HmacSHA512 extends PBMAC1Core {
public HmacSHA512() throws NoSuchAlgorithmException {
super("HmacSHA512", "SHA-512", 128);
}
}
}

361
jdk/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java
View File

@ -35,19 +35,24 @@ import javax.crypto.spec.*;
/**
* This class implements password-base encryption algorithm with
* SHA1 digest and the following Ciphers in CBC mode
* SHA1 digest and the following Ciphers (in CBC mode, where applicable):
* - DESede cipher and
* - RC2 Cipher with 40-bit effective key length
* - RC2 Cipher with 40-bit or 128-bit effective key length and
* - RC4 Cipher with 40-bit or 128-bit effective key length
* as defined by PKCS #12 version 1.0 standard.
*
* @author Valerie Peng
* @see javax.crypto.CipherSpi
*/
final class PKCS12PBECipherCore {
// TBD: replace CipherCore with a CipherSpi object to simplify maintenance
private CipherCore cipher;
private int blockSize;
private int keySize;
private String algo = null;
private String pbeAlgo = null;
private byte[] salt = null;
private int iCount = 0;
@ -58,8 +63,16 @@ final class PKCS12PBECipherCore {
static final int CIPHER_IV = 2;
static final int MAC_KEY = 3;
// Uses default hash algorithm (SHA-1)
static byte[] derive(char[] chars, byte[] salt,
int ic, int n, int type) {
return derive(chars, salt, ic, n, type, "SHA-1", 64);
}
// Uses supplied hash algorithm
static byte[] derive(char[] chars, byte[] salt, int ic, int n, int type,
String hashAlgo, int blockLength) {
// Add in trailing NULL terminator. Special case:
// no terminator if password is "\0".
int length = chars.length*2;
@ -75,21 +88,23 @@ final class PKCS12PBECipherCore {
passwd[j] = (byte) ((chars[i] >>> 8) & 0xFF);
passwd[j+1] = (byte) (chars[i] & 0xFF);
}
int v = 512 / 8;
int u = 160 / 8;
int c = roundup(n, u) / u;
byte[] D = new byte[v];
int s = roundup(salt.length, v);
int p = roundup(passwd.length, v);
byte[] I = new byte[s + p];
byte[] key = new byte[n];
Arrays.fill(D, (byte)type);
concat(salt, I, 0, s);
concat(passwd, I, s, p);
try {
MessageDigest sha = MessageDigest.getInstance("SHA1");
MessageDigest sha = MessageDigest.getInstance(hashAlgo);
int v = blockLength;
int u = sha.getDigestLength();
int c = roundup(n, u) / u;
byte[] D = new byte[v];
int s = roundup(salt.length, v);
int p = roundup(passwd.length, v);
byte[] I = new byte[s + p];
Arrays.fill(D, (byte)type);
concat(salt, I, 0, s);
concat(passwd, I, s, p);
byte[] Ai;
byte[] B = new byte[v];
byte[] tmp = new byte[v];
@ -150,23 +165,30 @@ final class PKCS12PBECipherCore {
PKCS12PBECipherCore(String symmCipherAlg, int defKeySize)
throws NoSuchAlgorithmException {
algo = symmCipherAlg;
SymmetricCipher symmCipher = null;
if (algo.equals("DESede")) {
symmCipher = new DESedeCrypt();
} else if (algo.equals("RC2")) {
symmCipher = new RC2Crypt();
if (algo.equals("RC4")) {
pbeAlgo = "PBEWithSHA1AndRC4_" + defKeySize * 8;
} else {
throw new NoSuchAlgorithmException("No Cipher implementation " +
SymmetricCipher symmCipher = null;
if (algo.equals("DESede")) {
symmCipher = new DESedeCrypt();
pbeAlgo = "PBEWithSHA1AndDESede";
} else if (algo.equals("RC2")) {
symmCipher = new RC2Crypt();
pbeAlgo = "PBEWithSHA1AndRC2_" + defKeySize * 8;
} else {
throw new NoSuchAlgorithmException("No Cipher implementation " +
"for PBEWithSHA1And" + algo);
}
blockSize = symmCipher.getBlockSize();
cipher = new CipherCore(symmCipher, blockSize);
cipher.setMode("CBC");
try {
cipher.setPadding("PKCS5Padding");
} catch (NoSuchPaddingException nspe) {
// should not happen
}
blockSize = symmCipher.getBlockSize();
cipher = new CipherCore(symmCipher, blockSize);
cipher.setMode("CBC");
try {
cipher.setPadding("PKCS5Padding");
} catch (NoSuchPaddingException nspe) {
// should not happen
}
}
keySize = defKeySize;
}
@ -210,8 +232,7 @@ final class PKCS12PBECipherCore {
}
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount);
try {
params = AlgorithmParameters.getInstance("PBEWithSHA1And" +
(algo.equalsIgnoreCase("RC2")?"RC2_40":algo), "SunJCE");
params = AlgorithmParameters.getInstance(pbeAlgo, "SunJCE");
} catch (GeneralSecurityException gse) {
// should never happen
throw new RuntimeException(
@ -229,6 +250,13 @@ final class PKCS12PBECipherCore {
void implInit(int opmode, Key key, AlgorithmParameterSpec params,
SecureRandom random) throws InvalidKeyException,
InvalidAlgorithmParameterException {
implInit(opmode, key, params, random, null);
}
void implInit(int opmode, Key key, AlgorithmParameterSpec params,
SecureRandom random, CipherSpi cipherImpl)
throws InvalidKeyException,
InvalidAlgorithmParameterException {
char[] passwdChars = null;
salt = null;
iCount = 0;
@ -309,17 +337,29 @@ final class PKCS12PBECipherCore {
byte[] derivedKey = derive(passwdChars, salt, iCount,
keySize, CIPHER_KEY);
SecretKey cipherKey = new SecretKeySpec(derivedKey, algo);
byte[] derivedIv = derive(passwdChars, salt, iCount, 8,
CIPHER_IV);
IvParameterSpec ivSpec = new IvParameterSpec(derivedIv, 0, 8);
// initialize the underlying cipher
cipher.init(opmode, cipherKey, ivSpec, random);
if (cipherImpl != null && cipherImpl instanceof ARCFOURCipher) {
((ARCFOURCipher)cipherImpl).engineInit(opmode, cipherKey, random);
} else {
byte[] derivedIv = derive(passwdChars, salt, iCount, 8,
CIPHER_IV);
IvParameterSpec ivSpec = new IvParameterSpec(derivedIv, 0, 8);
// initialize the underlying cipher
cipher.init(opmode, cipherKey, ivSpec, random);
}
}
void implInit(int opmode, Key key, AlgorithmParameters params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
implInit(opmode, key, params, random, null);
}
void implInit(int opmode, Key key, AlgorithmParameters params,
SecureRandom random, CipherSpi cipherImpl)
throws InvalidKeyException, InvalidAlgorithmParameterException {
AlgorithmParameterSpec paramSpec = null;
if (params != null) {
try {
@ -329,13 +369,19 @@ final class PKCS12PBECipherCore {
"requires PBE parameters");
}
}
implInit(opmode, key, paramSpec, random);
implInit(opmode, key, paramSpec, random, cipherImpl);
}
void implInit(int opmode, Key key, SecureRandom random)
throws InvalidKeyException {
implInit(opmode, key, random, null);
}
void implInit(int opmode, Key key, SecureRandom random,
CipherSpi cipherImpl) throws InvalidKeyException {
try {
implInit(opmode, key, (AlgorithmParameterSpec) null, random);
implInit(opmode, key, (AlgorithmParameterSpec) null, random,
cipherImpl);
} catch (InvalidAlgorithmParameterException iape) {
throw new InvalidKeyException("requires PBE parameters");
}
@ -526,4 +572,245 @@ final class PKCS12PBECipherCore {
return core.implWrap(key);
}
}
public static final class PBEWithSHA1AndRC2_128 extends CipherSpi {
private final PKCS12PBECipherCore core;
public PBEWithSHA1AndRC2_128() throws NoSuchAlgorithmException {
core = new PKCS12PBECipherCore("RC2", 16);
}
protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
throws IllegalBlockSizeException, BadPaddingException {
return core.implDoFinal(in, inOff, inLen);
}
protected int engineDoFinal(byte[] in, int inOff, int inLen,
byte[] out, int outOff)
throws ShortBufferException, IllegalBlockSizeException,
BadPaddingException {
return core.implDoFinal(in, inOff, inLen, out, outOff);
}
protected int engineGetBlockSize() {
return core.implGetBlockSize();
}
protected byte[] engineGetIV() {
return core.implGetIV();
}
protected int engineGetKeySize(Key key) throws InvalidKeyException {
return core.implGetKeySize(key);
}
protected int engineGetOutputSize(int inLen) {
return core.implGetOutputSize(inLen);
}
protected AlgorithmParameters engineGetParameters() {
return core.implGetParameters();
}
protected void engineInit(int opmode, Key key,
AlgorithmParameterSpec params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
core.implInit(opmode, key, params, random);
}
protected void engineInit(int opmode, Key key,
AlgorithmParameters params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
core.implInit(opmode, key, params, random);
}
protected void engineInit(int opmode, Key key, SecureRandom random)
throws InvalidKeyException {
core.implInit(opmode, key, random);
}
protected void engineSetMode(String mode)
throws NoSuchAlgorithmException {
core.implSetMode(mode);
}
protected void engineSetPadding(String paddingScheme)
throws NoSuchPaddingException {
core.implSetPadding(paddingScheme);
}
protected Key engineUnwrap(byte[] wrappedKey,
String wrappedKeyAlgorithm,
int wrappedKeyType)
throws InvalidKeyException, NoSuchAlgorithmException {
return core.implUnwrap(wrappedKey, wrappedKeyAlgorithm,
wrappedKeyType);
}
protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
return core.implUpdate(in, inOff, inLen);
}
protected int engineUpdate(byte[] in, int inOff, int inLen,
byte[] out, int outOff)
throws ShortBufferException {
return core.implUpdate(in, inOff, inLen, out, outOff);
}
protected byte[] engineWrap(Key key)
throws IllegalBlockSizeException, InvalidKeyException {
return core.implWrap(key);
}
}
public static final class PBEWithSHA1AndRC4_40 extends CipherSpi {
private static final int RC4_KEYSIZE = 5;
private final PKCS12PBECipherCore core;
private final ARCFOURCipher cipher;
public PBEWithSHA1AndRC4_40() throws NoSuchAlgorithmException {
core = new PKCS12PBECipherCore("RC4", RC4_KEYSIZE);
cipher = new ARCFOURCipher();
}
protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
throws IllegalBlockSizeException, BadPaddingException {
return cipher.engineDoFinal(in, inOff, inLen);
}
protected int engineDoFinal(byte[] in, int inOff, int inLen,
byte[] out, int outOff)
throws ShortBufferException, IllegalBlockSizeException,
BadPaddingException {
return cipher.engineDoFinal(in, inOff, inLen, out, outOff);
}
protected int engineGetBlockSize() {
return cipher.engineGetBlockSize();
}
protected byte[] engineGetIV() {
return cipher.engineGetIV();
}
protected int engineGetKeySize(Key key) throws InvalidKeyException {
return RC4_KEYSIZE;
}
protected int engineGetOutputSize(int inLen) {
return cipher.engineGetOutputSize(inLen);
}
protected AlgorithmParameters engineGetParameters() {
return core.implGetParameters();
}
protected void engineInit(int opmode, Key key,
AlgorithmParameterSpec params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
core.implInit(opmode, key, params, random, cipher);
}
protected void engineInit(int opmode, Key key,
AlgorithmParameters params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
core.implInit(opmode, key, params, random, cipher);
}
protected void engineInit(int opmode, Key key, SecureRandom random)
throws InvalidKeyException {
core.implInit(opmode, key, random, cipher);
}
protected void engineSetMode(String mode)
throws NoSuchAlgorithmException {
if (mode.equalsIgnoreCase("ECB") == false) {
throw new NoSuchAlgorithmException("Unsupported mode " + mode);
}
}
protected void engineSetPadding(String paddingScheme)
throws NoSuchPaddingException {
if (paddingScheme.equalsIgnoreCase("NoPadding") == false) {
throw new NoSuchPaddingException("Padding must be NoPadding");
}
}
protected Key engineUnwrap(byte[] wrappedKey,
String wrappedKeyAlgorithm,
int wrappedKeyType)
throws InvalidKeyException, NoSuchAlgorithmException {
return cipher.engineUnwrap(wrappedKey, wrappedKeyAlgorithm,
wrappedKeyType);
}
protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
return cipher.engineUpdate(in, inOff, inLen);
}
protected int engineUpdate(byte[] in, int inOff, int inLen,
byte[] out, int outOff)
throws ShortBufferException {
return cipher.engineUpdate(in, inOff, inLen, out, outOff);
}
protected byte[] engineWrap(Key key)
throws IllegalBlockSizeException, InvalidKeyException {
return cipher.engineWrap(key);
}
}
public static final class PBEWithSHA1AndRC4_128 extends CipherSpi {
private static final int RC4_KEYSIZE = 16;
private final PKCS12PBECipherCore core;
private final ARCFOURCipher cipher;
public PBEWithSHA1AndRC4_128() throws NoSuchAlgorithmException {
core = new PKCS12PBECipherCore("RC4", RC4_KEYSIZE);
cipher = new ARCFOURCipher();
}
protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
throws IllegalBlockSizeException, BadPaddingException {
return cipher.engineDoFinal(in, inOff, inLen);
}
protected int engineDoFinal(byte[] in, int inOff, int inLen,
byte[] out, int outOff)
throws ShortBufferException, IllegalBlockSizeException,
BadPaddingException {
return cipher.engineDoFinal(in, inOff, inLen, out, outOff);
}
protected int engineGetBlockSize() {
return cipher.engineGetBlockSize();
}
protected byte[] engineGetIV() {
return cipher.engineGetIV();
}
protected int engineGetKeySize(Key key) throws InvalidKeyException {
return RC4_KEYSIZE;
}
protected int engineGetOutputSize(int inLen) {
return cipher.engineGetOutputSize(inLen);
}
protected AlgorithmParameters engineGetParameters() {
return core.implGetParameters();
}
protected void engineInit(int opmode, Key key,
AlgorithmParameterSpec params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
core.implInit(opmode, key, params, random, cipher);
}
protected void engineInit(int opmode, Key key,
AlgorithmParameters params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
core.implInit(opmode, key, params, random, cipher);
}
protected void engineInit(int opmode, Key key, SecureRandom random)
throws InvalidKeyException {
core.implInit(opmode, key, random, cipher);
}
protected void engineSetMode(String mode)
throws NoSuchAlgorithmException {
if (mode.equalsIgnoreCase("ECB") == false) {
throw new NoSuchAlgorithmException("Unsupported mode " + mode);
}
}
protected void engineSetPadding(String paddingScheme)
throws NoSuchPaddingException {
if (paddingScheme.equalsIgnoreCase("NoPadding") == false) {
throw new NoSuchPaddingException("Padding must be NoPadding");
}
}
protected Key engineUnwrap(byte[] wrappedKey,
String wrappedKeyAlgorithm,
int wrappedKeyType)
throws InvalidKeyException, NoSuchAlgorithmException {
return cipher.engineUnwrap(wrappedKey, wrappedKeyAlgorithm,
wrappedKeyType);
}
protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
return cipher.engineUpdate(in, inOff, inLen);
}
protected int engineUpdate(byte[] in, int inOff, int inLen,
byte[] out, int outOff)
throws ShortBufferException {
return cipher.engineUpdate(in, inOff, inLen, out, outOff);
}
protected byte[] engineWrap(Key key)
throws IllegalBlockSizeException, InvalidKeyException {
return cipher.engineWrap(key);
}
}
}

246
jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java
View File

@ -77,10 +77,14 @@ public final class SunJCE extends Provider {
"(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, "
+ "Diffie-Hellman, HMAC)";
private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6";
private static final String OID_PKCS12_RC4_128 = "1.2.840.113549.1.12.1.1";
private static final String OID_PKCS12_RC4_40 = "1.2.840.113549.1.12.1.2";
private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3";
private static final String OID_PKCS12_RC2_128 = "1.2.840.113549.1.12.1.5";
private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6";
private static final String OID_PKCS5_MD5_DES = "1.2.840.113549.1.5.3";
private static final String OID_PKCS5_PBKDF2 = "1.2.840.113549.1.5.12";
private static final String OID_PKCS5_PBES2 = "1.2.840.113549.1.5.13";
private static final String OID_PKCS3 = "1.2.840.113549.1.3.1";
/* Are we debugging? -- for developers */
@ -138,21 +142,18 @@ public final class SunJCE extends Provider {
put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING");
put("Cipher.DESedeWrap SupportedKeyFormats", "RAW");
// PBES1
put("Cipher.PBEWithMD5AndDES",
"com.sun.crypto.provider.PBEWithMD5AndDESCipher");
put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES,
"PBEWithMD5AndDES");
put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES,
"PBEWithMD5AndDES");
put("Cipher.PBEWithMD5AndTripleDES",
"com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
put("Cipher.PBEWithSHA1AndRC2_40",
"com.sun.crypto.provider.PKCS12PBECipherCore$" +
"PBEWithSHA1AndRC2_40");
put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40,
"PBEWithSHA1AndRC2_40");
put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40,
"PBEWithSHA1AndRC2_40");
put("Cipher.PBEWithSHA1AndDESede",
"com.sun.crypto.provider.PKCS12PBECipherCore$" +
"PBEWithSHA1AndDESede");
@ -161,6 +162,78 @@ public final class SunJCE extends Provider {
put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
"PBEWithSHA1AndDESede");
put("Cipher.PBEWithSHA1AndRC2_40",
"com.sun.crypto.provider.PKCS12PBECipherCore$" +
"PBEWithSHA1AndRC2_40");
put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40,
"PBEWithSHA1AndRC2_40");
put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40,
"PBEWithSHA1AndRC2_40");
put("Cipher.PBEWithSHA1AndRC2_128",
"com.sun.crypto.provider.PKCS12PBECipherCore$" +
"PBEWithSHA1AndRC2_128");
put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_128,
"PBEWithSHA1AndRC2_128");
put("Alg.Alias.Cipher." + OID_PKCS12_RC2_128,
"PBEWithSHA1AndRC2_128");
put("Cipher.PBEWithSHA1AndRC4_40",
"com.sun.crypto.provider.PKCS12PBECipherCore$" +
"PBEWithSHA1AndRC4_40");
put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_40,
"PBEWithSHA1AndRC4_40");
put("Alg.Alias.Cipher." + OID_PKCS12_RC4_40,
"PBEWithSHA1AndRC4_40");
put("Cipher.PBEWithSHA1AndRC4_128",
"com.sun.crypto.provider.PKCS12PBECipherCore$" +
"PBEWithSHA1AndRC4_128");
put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_128,
"PBEWithSHA1AndRC4_128");
put("Alg.Alias.Cipher." + OID_PKCS12_RC4_128,
"PBEWithSHA1AndRC4_128");
//PBES2
put("Cipher.PBEWithHmacSHA1AndAES_128",
"com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
put("Cipher.PBEWithHmacSHA224AndAES_128",
"com.sun.crypto.provider.PBES2Core$" +
"HmacSHA224AndAES_128");
put("Cipher.PBEWithHmacSHA256AndAES_128",
"com.sun.crypto.provider.PBES2Core$" +
"HmacSHA256AndAES_128");
put("Cipher.PBEWithHmacSHA384AndAES_128",
"com.sun.crypto.provider.PBES2Core$" +
"HmacSHA384AndAES_128");
put("Cipher.PBEWithHmacSHA512AndAES_128",
"com.sun.crypto.provider.PBES2Core$" +
"HmacSHA512AndAES_128");
put("Cipher.PBEWithHmacSHA1AndAES_256",
"com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
put("Cipher.PBEWithHmacSHA224AndAES_256",
"com.sun.crypto.provider.PBES2Core$" +
"HmacSHA224AndAES_256");
put("Cipher.PBEWithHmacSHA256AndAES_256",
"com.sun.crypto.provider.PBES2Core$" +
"HmacSHA256AndAES_256");
put("Cipher.PBEWithHmacSHA384AndAES_256",
"com.sun.crypto.provider.PBES2Core$" +
"HmacSHA384AndAES_256");
put("Cipher.PBEWithHmacSHA512AndAES_256",
"com.sun.crypto.provider.PBES2Core$" +
"HmacSHA512AndAES_256");
put("Cipher.Blowfish",
"com.sun.crypto.provider.BlowfishCipher");
put("Cipher.Blowfish SupportedModes", BLOCK_MODES);
@ -301,6 +374,7 @@ public final class SunJCE extends Provider {
"DiffieHellman");
put("Alg.Alias.KeyPairGenerator."+OID_PKCS3,
"DiffieHellman");
/*
* Algorithm parameter generation engines
*/
@ -371,6 +445,64 @@ public final class SunJCE extends Provider {
put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40,
"PBEWithSHA1AndRC2_40");
put("AlgorithmParameters.PBEWithSHA1AndRC2_128",
"com.sun.crypto.provider.PBEParameters");
put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_128,
"PBEWithSHA1AndRC2_128");
put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_128,
"PBEWithSHA1AndRC2_128");
put("AlgorithmParameters.PBEWithSHA1AndRC4_40",
"com.sun.crypto.provider.PBEParameters");
put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_40,
"PBEWithSHA1AndRC4_40");
put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_40,
"PBEWithSHA1AndRC4_40");
put("AlgorithmParameters.PBEWithSHA1AndRC4_128",
"com.sun.crypto.provider.PBEParameters");
put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_128,
"PBEWithSHA1AndRC4_128");
put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_128,
"PBEWithSHA1AndRC4_128");
put("AlgorithmParameters.PBES2",
"com.sun.crypto.provider.PBES2Parameters$General");
put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_PBES2,
"PBES2");
put("Alg.Alias.AlgorithmParameters." + OID_PKCS5_PBES2,
"PBES2");
put("AlgorithmParameters.PBEWithHmacSHA1AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128");
put("AlgorithmParameters.PBEWithHmacSHA224AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128");
put("AlgorithmParameters.PBEWithHmacSHA256AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128");
put("AlgorithmParameters.PBEWithHmacSHA384AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128");
put("AlgorithmParameters.PBEWithHmacSHA512AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128");
put("AlgorithmParameters.PBEWithHmacSHA1AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256");
put("AlgorithmParameters.PBEWithHmacSHA224AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256");
put("AlgorithmParameters.PBEWithHmacSHA256AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256");
put("AlgorithmParameters.PBEWithHmacSHA384AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256");
put("AlgorithmParameters.PBEWithHmacSHA512AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256");
put("AlgorithmParameters.Blowfish",
"com.sun.crypto.provider.BlowfishParameters");
@ -378,6 +510,7 @@ public final class SunJCE extends Provider {
"com.sun.crypto.provider.AESParameters");
put("Alg.Alias.AlgorithmParameters.Rijndael", "AES");
put("AlgorithmParameters.RC2",
"com.sun.crypto.provider.RC2Parameters");
@ -393,6 +526,7 @@ public final class SunJCE extends Provider {
put("Alg.Alias.KeyFactory.OID."+OID_PKCS3,
"DiffieHellman");
put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman");
/*
* Secret-key factories
*/
@ -441,13 +575,90 @@ public final class SunJCE extends Provider {
put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40,
"PBEWithSHA1AndRC2_40");
put("SecretKeyFactory.PBEWithSHA1AndRC2_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128"
);
put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_128,
"PBEWithSHA1AndRC2_128");
put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_128,
"PBEWithSHA1AndRC2_128");
put("SecretKeyFactory.PBEWithSHA1AndRC4_40",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40"
);
put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_40,
"PBEWithSHA1AndRC4_40");
put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_40,
"PBEWithSHA1AndRC4_40");
put("SecretKeyFactory.PBEWithSHA1AndRC4_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128"
);
put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_128,
"PBEWithSHA1AndRC4_128");
put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_128,
"PBEWithSHA1AndRC4_128");
put("SecretKeyFactory.PBEWithHmacSHA1AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA1AndAES_128");
put("SecretKeyFactory.PBEWithHmacSHA224AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA224AndAES_128");
put("SecretKeyFactory.PBEWithHmacSHA256AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA256AndAES_128");
put("SecretKeyFactory.PBEWithHmacSHA384AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA384AndAES_128");
put("SecretKeyFactory.PBEWithHmacSHA512AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA512AndAES_128");
put("SecretKeyFactory.PBEWithHmacSHA1AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA1AndAES_256");
put("SecretKeyFactory.PBEWithHmacSHA224AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA224AndAES_256");
put("SecretKeyFactory.PBEWithHmacSHA256AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA256AndAES_256");
put("SecretKeyFactory.PBEWithHmacSHA384AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA384AndAES_256");
put("SecretKeyFactory.PBEWithHmacSHA512AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA512AndAES_256");
// PBKDF2
put("SecretKeyFactory.PBKDF2WithHmacSHA1",
"com.sun.crypto.provider.PBKDF2HmacSHA1Factory");
"com.sun.crypto.provider.PBKDF2Core$HmacSHA1");
put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2,
"PBKDF2WithHmacSHA1");
put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2,
"PBKDF2WithHmacSHA1");
put("SecretKeyFactory.PBKDF2WithHmacSHA224",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
put("SecretKeyFactory.PBKDF2WithHmacSHA256",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
put("SecretKeyFactory.PBKDF2WithHmacSHA384",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
put("SecretKeyFactory.PBKDF2WithHmacSHA512",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
/*
* MAC
*/
@ -475,6 +686,19 @@ public final class SunJCE extends Provider {
put("Mac.HmacPBESHA1",
"com.sun.crypto.provider.HmacPKCS12PBESHA1");
// PBMAC1
put("Mac.PBEWithHmacSHA1",
"com.sun.crypto.provider.PBMAC1Core$HmacSHA1");
put("Mac.PBEWithHmacSHA224",
"com.sun.crypto.provider.PBMAC1Core$HmacSHA224");
put("Mac.PBEWithHmacSHA256",
"com.sun.crypto.provider.PBMAC1Core$HmacSHA256");
put("Mac.PBEWithHmacSHA384",
"com.sun.crypto.provider.PBMAC1Core$HmacSHA384");
put("Mac.PBEWithHmacSHA512",
"com.sun.crypto.provider.PBMAC1Core$HmacSHA512");
put("Mac.SslMacMD5",
"com.sun.crypto.provider.SslMacCore$SslMacMD5");
put("Mac.SslMacSHA1",
@ -487,6 +711,10 @@ public final class SunJCE extends Provider {
put("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
put("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA224 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA256 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA384 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA512 SupportedKeyFormats", "RAW");
put("Mac.SslMacMD5 SupportedKeyFormats", "RAW");
put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW");

5
jdk/src/share/classes/com/sun/java/util/jar/pack/Constants.java
View File

@ -59,6 +59,9 @@ class Constants {
public final static Package.Version JAVA7_MAX_CLASS_VERSION =
Package.Version.of(51, 00);
public final static Package.Version JAVA8_MAX_CLASS_VERSION =
Package.Version.of(52, 00);
public final static int JAVA_PACKAGE_MAGIC = 0xCAFED00D;
public final static Package.Version JAVA5_PACKAGE_VERSION =
@ -72,7 +75,7 @@ class Constants {
// upper limit, should point to the latest class version
public final static Package.Version JAVA_MAX_CLASS_VERSION =
JAVA7_MAX_CLASS_VERSION;
JAVA8_MAX_CLASS_VERSION;
// upper limit should point to the latest package version, for version info!.
public final static Package.Version MAX_PACKAGE_VERSION =

42
jdk/src/share/classes/com/sun/naming/internal/ResourceManager.java
View File

@ -542,14 +542,26 @@ public final class ResourceManager {
try {
NamingEnumeration<InputStream> resources =
helper.getResources(cl, APP_RESOURCE_FILE_NAME);
while (resources.hasMore()) {
Properties props = new Properties();
props.load(resources.next());
try {
while (resources.hasMore()) {
Properties props = new Properties();
InputStream istream = resources.next();
try {
props.load(istream);
} finally {
istream.close();
}
if (result == null) {
result = props;
} else {
mergeTables(result, props);
if (result == null) {
result = props;
} else {
mergeTables(result, props);
}
}
} finally {
while (resources.hasMore()) {
InputStream istream = (InputStream)resources.next();
istream.close();
}
}
@ -557,13 +569,17 @@ public final class ResourceManager {
InputStream istream =
helper.getJavaHomeLibStream(JRELIB_PROPERTY_FILE_NAME);
if (istream != null) {
Properties props = new Properties();
props.load(istream);
try {
Properties props = new Properties();
props.load(istream);
if (result == null) {
result = props;
} else {
mergeTables(result, props);
if (result == null) {
result = props;
} else {
mergeTables(result, props);
}
} finally {
istream.close();
}
}

52
jdk/src/share/classes/com/sun/security/jgss/ExtendedGSSCredential.java Normal file
View File

@ -0,0 +1,52 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.jgss;
import org.ietf.jgss.*;
/**
* The extended GSSCredential interface for supporting additional
* functionalities not defined by {@code org.ietf.jgss.GSSCredential}.
* @since 1.8
*/
public interface ExtendedGSSCredential extends GSSCredential {
/**
* Impersonates a principal. In Kerberos, this can be implemented
* using the Microsoft S4U2self extension.
* <p>
* A {@link GSSException#NO_CRED GSSException.NO_CRED} will be thrown if the
* impersonation fails. A {@link GSSException#FAILURE GSSException.FAILURE}
* will be thrown if the impersonation method is not available to this
* credential object.
* @param name the name of the principal to impersonate
* @return a credential for that principal
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#NO_CRED GSSException.NO_CRED}
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public GSSCredential impersonate(GSSName name) throws GSSException;
}

6
jdk/src/share/classes/java/lang/Character.java
View File

@ -40,7 +40,7 @@ import java.util.Locale;
* a character's category (lowercase letter, digit, etc.) and for converting
* characters from uppercase to lowercase and vice versa.
* <p>
* Character information is based on the Unicode Standard, version 6.1.0.
* Character information is based on the Unicode Standard, version 6.2.0.
* <p>
* The methods and data of class {@code Character} are defined by
* the information in the <i>UnicodeData</i> file that is part of the
@ -3758,8 +3758,7 @@ class Character implements java.io.Serializable, Comparable<Character> {
0x0640, // 0640..0640; COMMON
0x0641, // 0641..064A; ARABIC
0x064B, // 064B..0655; INHERITED
0x0656, // 0656..065E; ARABIC
0x065F, // 065F..065F; INHERITED
0x0656, // 0656..065F; ARABIC
0x0660, // 0660..0669; COMMON
0x066A, // 066A..066F; ARABIC
0x0670, // 0670..0670; INHERITED
@ -4081,7 +4080,6 @@ class Character implements java.io.Serializable, Comparable<Character> {
ARABIC,
INHERITED,
ARABIC,
INHERITED,
COMMON,
ARABIC,
INHERITED,

160
jdk/src/share/classes/java/lang/Math.java
View File

@ -742,6 +742,7 @@ public final class Math {
* @param y the second value
* @return the result
* @throws ArithmeticException if the result overflows an int
* @since 1.8
*/
public static int addExact(int x, int y) {
int r = x + y;
@ -760,6 +761,7 @@ public final class Math {
* @param y the second value
* @return the result
* @throws ArithmeticException if the result overflows a long
* @since 1.8
*/
public static long addExact(long x, long y) {
long r = x + y;
@ -778,6 +780,7 @@ public final class Math {
* @param y the second value to subtract from the first
* @return the result
* @throws ArithmeticException if the result overflows an int
* @since 1.8
*/
public static int subtractExact(int x, int y) {
int r = x - y;
@ -797,6 +800,7 @@ public final class Math {
* @param y the second value to subtract from the first
* @return the result
* @throws ArithmeticException if the result overflows a long
* @since 1.8
*/
public static long subtractExact(long x, long y) {
long r = x - y;
@ -816,6 +820,7 @@ public final class Math {
* @param y the second value
* @return the result
* @throws ArithmeticException if the result overflows an int
* @since 1.8
*/
public static int multiplyExact(int x, int y) {
long r = (long)x * (long)y;
@ -833,6 +838,7 @@ public final class Math {
* @param y the second value
* @return the result
* @throws ArithmeticException if the result overflows a long
* @since 1.8
*/
public static long multiplyExact(long x, long y) {
long r = x * y;
@ -857,6 +863,7 @@ public final class Math {
* @param value the long value
* @return the argument as an int
* @throws ArithmeticException if the {@code argument} overflows an int
* @since 1.8
*/
public static int toIntExact(long value) {
if ((int)value != value) {
@ -865,6 +872,159 @@ public final class Math {
return (int)value;
}
/**
* Returns the largest (closest to positive infinity)
* {@code int} value that is less than or equal to the algebraic quotient.
* There is one special case, if the dividend is the
* {@linkplain Integer#MIN_VALUE Integer.MIN_VALUE} and the divisor is {@code -1},
* then integer overflow occurs and
* the result is equal to the {@code Integer.MIN_VALUE}.
* <p>
* Normal integer division operates under the round to zero rounding mode
* (truncation). This operation instead acts under the round toward
* negative infinity (floor) rounding mode.
* The floor rounding mode gives different results than truncation
* when the exact result is negative.
* <ul>
* <li>If the signs of the arguments are the same, the results of
* {@code floorDiv} and the {@code /} operator are the same. <br>
* For example, {@code floorDiv(4, 3) == 1} and {@code (4 / 3) == 1}.</li>
* <li>If the signs of the arguments are different, the quotient is negative and
* {@code floorDiv} returns the integer less than or equal to the quotient
* and the {@code /} operator returns the integer closest to zero.<br>
* For example, {@code floorDiv(-4, 3) == -2},
* whereas {@code (-4 / 3) == -1}.
* </li>
* </ul>
* <p>
*
* @param x the dividend
* @param y the divisor
* @return the largest (closest to positive infinity)
* {@code int} value that is less than or equal to the algebraic quotient.
* @throws ArithmeticException if the divisor {@code y} is zero
* @see #floorMod(int, int)
* @see #floor(double)
* @since 1.8
*/
public static int floorDiv(int x, int y) {
int r = x / y;
// if the signs are different and modulo not zero, round down
if ((x ^ y) < 0 && (r * y != x)) {
r--;
}
return r;
}
/**
* Returns the largest (closest to positive infinity)
* {@code long} value that is less than or equal to the algebraic quotient.
* There is one special case, if the dividend is the
* {@linkplain Long#MIN_VALUE Long.MIN_VALUE} and the divisor is {@code -1},
* then integer overflow occurs and
* the result is equal to the {@code Long.MIN_VALUE}.
* <p>
* Normal integer division operates under the round to zero rounding mode
* (truncation). This operation instead acts under the round toward
* negative infinity (floor) rounding mode.
* The floor rounding mode gives different results than truncation
* when the exact result is negative.
* <p>
* For examples, see {@link #floorDiv(int, int)}.
*
* @param x the dividend
* @param y the divisor
* @return the largest (closest to positive infinity)
* {@code long} value that is less than or equal to the algebraic quotient.
* @throws ArithmeticException if the divisor {@code y} is zero
* @see #floorMod(long, long)
* @see #floor(double)
* @since 1.8
*/
public static long floorDiv(long x, long y) {
long r = x / y;
// if the signs are different and modulo not zero, round down
if ((x ^ y) < 0 && (r * y != x)) {
r--;
}
return r;
}
/**
* Returns the floor modulus of the {@code int} arguments.
* <p>
* The floor modulus is {@code x - (floorDiv(x, y) * y)},
* has the same sign as the divisor {@code y}, and
* is in the range of {@code -abs(y) < r < +abs(y)}.
*
* <p>
* The relationship between {@code floorDiv} and {@code floorMod} is such that:
* <ul>
* <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
* </ul>
* <p>
* The difference in values between {@code floorMod} and
* the {@code %} operator is due to the difference between
* {@code floorDiv} that returns the integer less than or equal to the quotient
* and the {@code /} operator that returns the integer closest to zero.
* <p>
* Examples:
* <ul>
* <li>If the signs of the arguments are the same, the results
* of {@code floorMod} and the {@code %} operator are the same. <br>
* <ul>
* <li>{@code floorMod(4, 3) == 1}; &nbsp; and {@code (4 % 3) == 1}</li>
* </ul>
* <li>If the signs of the arguments are different, the results differ from the {@code %} operator.<br>
* <ul>
* <li>{@code floorMod(+4, -3) == -2}; &nbsp; and {@code (+4 % -3) == +1} </li>
* <li>{@code floorMod(-4, +3) == +2}; &nbsp; and {@code (-4 % +3) == -1} </li>
* <li>{@code floorMod(-4, -3) == -1}; &nbsp; and {@code (-4 % -3) == -1 } </li>
* </ul>
* </li>
* </ul>
* <p>
* If the signs of arguments are unknown and a positive modulus
* is needed it can be computed as {@code (floorMod(x, y) + abs(y)) % abs(y)}.
*
* @param x the dividend
* @param y the divisor
* @return the floor modulus {@code x - (floorDiv(x, y) * y)}
* @throws ArithmeticException if the divisor {@code y} is zero
* @see #floorDiv(int, int)
* @since 1.8
*/
public static int floorMod(int x, int y) {
int r = x - floorDiv(x, y) * y;
return r;
}
/**
* Returns the floor modulus of the {@code long} arguments.
* <p>
* The floor modulus is {@code x - (floorDiv(x, y) * y)},
* has the same sign as the divisor {@code y}, and
* is in the range of {@code -abs(y) < r < +abs(y)}.
*
* <p>
* The relationship between {@code floorDiv} and {@code floorMod} is such that:
* <ul>
* <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
* </ul>
* <p>
* For examples, see {@link #floorMod(int, int)}.
*
* @param x the dividend
* @param y the divisor
* @return the floor modulus {@code x - (floorDiv(x, y) * y)}
* @throws ArithmeticException if the divisor {@code y} is zero
* @see #floorDiv(long, long)
* @since 1.8
*/
public static long floorMod(long x, long y) {
return x - floorDiv(x, y) * y;
}
/**
* Returns the absolute value of an {@code int} value.
* If the argument is not negative, the argument is returned.

119
jdk/src/share/classes/java/lang/StrictMath.java
View File

@ -365,7 +365,7 @@ public final class StrictMath {
* @param a the value to be floored or ceiled
* @param negativeBoundary result for values in (-1, 0)
* @param positiveBoundary result for values in (0, 1)
* @param sign the sign of the result
* @param increment value to add when the argument is non-integral
*/
private static double floorOrCeil(double a,
double negativeBoundary,
@ -702,7 +702,7 @@ public final class StrictMath {
* <p>This method is properly synchronized to allow correct use by
* more than one thread. However, if many threads need to generate
* pseudorandom numbers at a great rate, it may reduce contention
* for each thread to have its own pseudorandom number generator.
* for each thread to have its own pseudorandom-number generator.
*
* @return a pseudorandom {@code double} greater than or equal
* to {@code 0.0} and less than {@code 1.0}.
@ -745,7 +745,7 @@ public final class StrictMath {
}
/**
* Return the difference of the arguments,
* Returns the difference of the arguments,
* throwing an exception if the result overflows an {@code int}.
*
* @param x the first value
@ -760,7 +760,7 @@ public final class StrictMath {
}
/**
* Return the difference of the arguments,
* Returns the difference of the arguments,
* throwing an exception if the result overflows a {@code long}.
*
* @param x the first value
@ -775,7 +775,7 @@ public final class StrictMath {
}
/**
* Return the product of the arguments,
* Returns the product of the arguments,
* throwing an exception if the result overflows an {@code int}.
*
* @param x the first value
@ -790,7 +790,7 @@ public final class StrictMath {
}
/**
* Return the product of the arguments,
* Returns the product of the arguments,
* throwing an exception if the result overflows a {@code long}.
*
* @param x the first value
@ -805,7 +805,7 @@ public final class StrictMath {
}
/**
* Return the value of the {@code long} argument;
* Returns the value of the {@code long} argument;
* throwing an exception if the value overflows an {@code int}.
*
* @param value the long value
@ -818,6 +818,107 @@ public final class StrictMath {
return Math.toIntExact(value);
}
/**
* Returns the largest (closest to positive infinity)
* {@code int} value that is less than or equal to the algebraic quotient.
* There is one special case, if the dividend is the
* {@linkplain Integer#MIN_VALUE Integer.MIN_VALUE} and the divisor is {@code -1},
* then integer overflow occurs and
* the result is equal to the {@code Integer.MIN_VALUE}.
* <p>
* See {@link Math#floorDiv(int, int) Math.floorDiv} for examples and
* a comparison to the integer division {@code /} operator.
*
* @param x the dividend
* @param y the divisor
* @return the largest (closest to positive infinity)
* {@code int} value that is less than or equal to the algebraic quotient.
* @throws ArithmeticException if the divisor {@code y} is zero
* @see Math#floorDiv(int, int)
* @see Math#floor(double)
* @since 1.8
*/
public static int floorDiv(int x, int y) {
return Math.floorDiv(x, y);
}
/**
* Returns the largest (closest to positive infinity)
* {@code long} value that is less than or equal to the algebraic quotient.
* There is one special case, if the dividend is the
* {@linkplain Long#MIN_VALUE Long.MIN_VALUE} and the divisor is {@code -1},
* then integer overflow occurs and
* the result is equal to the {@code Long.MIN_VALUE}.
* <p>
* See {@link Math#floorDiv(int, int) Math.floorDiv} for examples and
* a comparison to the integer division {@code /} operator.
*
* @param x the dividend
* @param y the divisor
* @return the largest (closest to positive infinity)
* {@code long} value that is less than or equal to the algebraic quotient.
* @throws ArithmeticException if the divisor {@code y} is zero
* @see Math#floorDiv(long, long)
* @see Math#floor(double)
* @since 1.8
*/
public static long floorDiv(long x, long y) {
return Math.floorDiv(x, y);
}
/**
* Returns the floor modulus of the {@code int} arguments.
* <p>
* The floor modulus is {@code x - (floorDiv(x, y) * y)},
* has the same sign as the divisor {@code y}, and
* is in the range of {@code -abs(y) < r < +abs(y)}.
* <p>
* The relationship between {@code floorDiv} and {@code floorMod} is such that:
* <ul>
* <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
* </ul>
* <p>
* See {@link Math#floorMod(int, int) Math.floorMod} for examples and
* a comparison to the {@code %} operator.
*
* @param x the dividend
* @param y the divisor
* @return the floor modulus {@code x - (floorDiv(x, y) * y)}
* @throws ArithmeticException if the divisor {@code y} is zero
* @see Math#floorMod(int, int)
* @see StrictMath#floorDiv(int, int)
* @since 1.8
*/
public static int floorMod(int x, int y) {
return Math.floorMod(x , y);
}
/**
* Returns the floor modulus of the {@code long} arguments.
* <p>
* The floor modulus is {@code x - (floorDiv(x, y) * y)},
* has the same sign as the divisor {@code y}, and
* is in the range of {@code -abs(y) < r < +abs(y)}.
* <p>
* The relationship between {@code floorDiv} and {@code floorMod} is such that:
* <ul>
* <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
* </ul>
* <p>
* See {@link Math#floorMod(int, int) Math.floorMod} for examples and
* a comparison to the {@code %} operator.
*
* @param x the dividend
* @param y the divisor
* @return the floor modulus {@code x - (floorDiv(x, y) * y)}
* @throws ArithmeticException if the divisor {@code y} is zero
* @see Math#floorMod(long, long)
* @see StrictMath#floorDiv(long, long)
* @since 1.8
*/
public static long floorMod(long x, long y) {
return Math.floorMod(x, y);
}
/**
* Returns the absolute value of an {@code int} value.
* If the argument is not negative, the argument is returned.
@ -1543,7 +1644,7 @@ public final class StrictMath {
}
/**
* Return {@code d} &times;
* Returns {@code d} &times;
* 2<sup>{@code scaleFactor}</sup> rounded as if performed
* by a single correctly rounded floating-point multiply to a
* member of the double value set. See the Java
@ -1577,7 +1678,7 @@ public final class StrictMath {
}
/**
* Return {@code f} &times;
* Returns {@code f} &times;
* 2<sup>{@code scaleFactor}</sup> rounded as if performed
* by a single correctly rounded floating-point multiply to a
* member of the float value set. See the Java

20
jdk/src/share/classes/java/lang/annotation/ElementType.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -46,7 +46,7 @@ public enum ElementType {
/** Method declaration */
METHOD,
/** Parameter declaration */
/** Formal parameter declaration */
PARAMETER,
/** Constructor declaration */
@ -59,5 +59,19 @@ public enum ElementType {
ANNOTATION_TYPE,
/** Package declaration */
PACKAGE
PACKAGE,
/**
* Type parameter declaration
*
* @since 1.8
*/
TYPE_PARAMETER,
/**
* Use of a type
*
* @since 1.8
*/
TYPE_USE
}

4
jdk/src/share/classes/java/security/cert/CertPathBuilder.java
View File

@ -315,12 +315,14 @@ public class CertPathBuilder {
* Returns a {@code CertPathChecker} that the encapsulated
* {@code CertPathBuilderSpi} implementation uses to check the revocation
* status of certificates. A PKIX implementation returns objects of
* type {@code PKIXRevocationChecker}.
* type {@code PKIXRevocationChecker}. Each invocation of this method
* returns a new instance of {@code CertPathChecker}.
*
* <p>The primary purpose of this method is to allow callers to specify
* additional input parameters and options specific to revocation checking.
* See the class description for an example.
*
* @return a {@code CertPathChecker}
* @throws UnsupportedOperationException if the service provider does not
* support this method
* @since 1.8

4
jdk/src/share/classes/java/security/cert/CertPathValidator.java
View File

@ -327,12 +327,14 @@ public class CertPathValidator {
* Returns a {@code CertPathChecker} that the encapsulated
* {@code CertPathValidatorSpi} implementation uses to check the revocation
* status of certificates. A PKIX implementation returns objects of
* type {@code PKIXRevocationChecker}.
* type {@code PKIXRevocationChecker}. Each invocation of this method
* returns a new instance of {@code CertPathChecker}.
*
* <p>The primary purpose of this method is to allow callers to specify
* additional input parameters and options specific to revocation checking.
* See the class description for an example.
*
* @return a {@code CertPathChecker}
* @throws UnsupportedOperationException if the service provider does not
* support this method
* @since 1.8

32
jdk/src/share/classes/java/security/cert/PKIXRevocationChecker.java
View File

@ -63,8 +63,8 @@ import java.util.Set;
* and then the {@code PKIXParameters} is passed along with the {@code CertPath}
* to be validated to the {@link CertPathValidator#validate validate} method
* of a PKIX {@code CertPathValidator}. When supplying a revocation checker in
* this manner, do not enable the default revocation checking mechanism (by
* calling {@link PKIXParameters#setRevocationEnabled}.
* this manner, it will be used to check revocation irrespective of the setting
* of the {@link PKIXParameters#isRevocationEnabled RevocationEnabled} flag.
*
* <p>Note that when a {@code PKIXRevocationChecker} is added to
* {@code PKIXParameters}, it clones the {@code PKIXRevocationChecker};
@ -88,7 +88,7 @@ public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
private URI ocspResponder;
private X509Certificate ocspResponderCert;
private List<Extension> ocspExtensions = Collections.<Extension>emptyList();
private Map<X509Certificate, byte[]> ocspStapled = Collections.emptyMap();
private Map<X509Certificate, byte[]> ocspResponses = Collections.emptyMap();
private Set<Option> options = Collections.emptySet();
protected PKIXRevocationChecker() {}
@ -169,40 +169,40 @@ public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
}
/**
* Sets the stapled OCSP responses. These responses are used to determine
* Sets the OCSP responses. These responses are used to determine
* the revocation status of the specified certificates when OCSP is used.
*
* @param responses a map of stapled OCSP responses. Each key is an
* @param responses a map of OCSP responses. Each key is an
* {@code X509Certificate} that maps to the corresponding
* DER-encoded OCSP response for that certificate. A deep copy of
* the map is performed to protect against subsequent modification.
*/
public void setOCSPStapledResponses(Map<X509Certificate, byte[]> responses)
public void setOCSPResponses(Map<X509Certificate, byte[]> responses)
{
if (responses == null) {
this.ocspStapled = Collections.<X509Certificate, byte[]>emptyMap();
this.ocspResponses = Collections.<X509Certificate, byte[]>emptyMap();
} else {
Map<X509Certificate, byte[]> copy = new HashMap<>(responses.size());
for (Map.Entry<X509Certificate, byte[]> e : responses.entrySet()) {
copy.put(e.getKey(), e.getValue().clone());
}
this.ocspStapled = copy;
this.ocspResponses = copy;
}
}
/**
* Gets the stapled OCSP responses. These responses are used to determine
* Gets the OCSP responses. These responses are used to determine
* the revocation status of the specified certificates when OCSP is used.
*
* @return a map of stapled OCSP responses. Each key is an
* @return a map of OCSP responses. Each key is an
* {@code X509Certificate} that maps to the corresponding
* DER-encoded OCSP response for that certificate. A deep copy of
* the map is returned to protect against subsequent modification.
* Returns an empty map if no responses have been specified.
*/
public Map<X509Certificate, byte[]> getOCSPStapledResponses() {
Map<X509Certificate, byte[]> copy = new HashMap<>(ocspStapled.size());
for (Map.Entry<X509Certificate, byte[]> e : ocspStapled.entrySet()) {
public Map<X509Certificate, byte[]> getOCSPResponses() {
Map<X509Certificate, byte[]> copy = new HashMap<>(ocspResponses.size());
for (Map.Entry<X509Certificate, byte[]> e : ocspResponses.entrySet()) {
copy.put(e.getKey(), e.getValue().clone());
}
return copy;
@ -234,10 +234,10 @@ public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
public Object clone() {
PKIXRevocationChecker copy = (PKIXRevocationChecker)super.clone();
copy.ocspExtensions = new ArrayList<>(ocspExtensions);
copy.ocspStapled = new HashMap<>(ocspStapled);
// deep-copy the encoded stapled responses, since they are mutable
copy.ocspResponses = new HashMap<>(ocspResponses);
// deep-copy the encoded responses, since they are mutable
for (Map.Entry<X509Certificate, byte[]> entry :
copy.ocspStapled.entrySet())
copy.ocspResponses.entrySet())
{
byte[] encoded = entry.getValue();
entry.setValue(encoded.clone());

33
jdk/src/share/classes/javax/crypto/spec/PBEParameterSpec.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -41,6 +41,7 @@ public class PBEParameterSpec implements AlgorithmParameterSpec {
private byte[] salt;
private int iterationCount;
private AlgorithmParameterSpec paramSpec = null;
/**
* Constructs a parameter set for password-based encryption as defined in
@ -56,6 +57,25 @@ public class PBEParameterSpec implements AlgorithmParameterSpec {
this.iterationCount = iterationCount;
}
/**
* Constructs a parameter set for password-based encryption as defined in
* the PKCS #5 standard.
*
* @param salt the salt. The contents of <code>salt</code> are copied
* to protect against subsequent modification.
* @param iterationCount the iteration count.
* @param paramSpec the cipher algorithm parameter specification.
* @exception NullPointerException if <code>salt</code> is null.
*
* @since 1.8
*/
public PBEParameterSpec(byte[] salt, int iterationCount,
AlgorithmParameterSpec paramSpec) {
this.salt = salt.clone();
this.iterationCount = iterationCount;
this.paramSpec = paramSpec;
}
/**
* Returns the salt.
*
@ -74,4 +94,15 @@ public class PBEParameterSpec implements AlgorithmParameterSpec {
public int getIterationCount() {
return this.iterationCount;
}
/**
* Returns the cipher algorithm parameter specification.
*
* @return the parameter specification, or null if none was set.
*
* @since 1.8
*/
public AlgorithmParameterSpec getParameterSpec() {
return this.paramSpec;
}
}

95
jdk/src/share/classes/javax/sql/rowset/serial/SerialArray.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -29,7 +29,7 @@ import java.sql.*;
import java.io.*;
import java.util.Map;
import java.net.URL;
import java.util.Arrays;
/**
* A serialized version of an <code>Array</code>
@ -524,6 +524,97 @@ public class SerialArray implements Array, Serializable, Cloneable {
throw new UnsupportedOperationException();
}
/**
* Compares this SerialArray to the specified object. The result is {@code
* true} if and only if the argument is not {@code null} and is a {@code
* SerialArray} object whose elements are identical to this object's elements
*
* @param obj The object to compare this {@code SerialArray} against
*
* @return {@code true} if the given object represents a {@code SerialArray}
* equivalent to this SerialArray, {@code false} otherwise
*
*/
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj instanceof SerialArray) {
SerialArray sa = (SerialArray)obj;
return baseType == sa.baseType &&
baseTypeName.equals(sa.baseTypeName) &&
Arrays.equals(elements, sa.elements);
}
return false;
}
/**
* Returns a hash code for this SerialArray. The hash code for a
* {@code SerialArray} object is computed using the hash codes
* of the elements of the {@code SerialArray} object
*
* @return a hash code value for this object.
*/
public int hashCode() {
return (((31 + Arrays.hashCode(elements)) * 31 + len) * 31 +
baseType) * 31 + baseTypeName.hashCode();
}
/**
* Returns a clone of this {@code SerialArray}. The copy will contain a
* reference to a clone of the underlying objects array, not a reference
* to the original underlying object array of this {@code SerialArray} object.
*
* @return a clone of this SerialArray
*/
public Object clone() {
try {
SerialArray sa = (SerialArray) super.clone();
sa.elements = Arrays.copyOf(elements, len);
return sa;
} catch (CloneNotSupportedException ex) {
// this shouldn't happen, since we are Cloneable
throw new InternalError();
}
}
/**
* readObject is called to restore the state of the {@code SerialArray} from
* a stream.
*/
private void readObject(ObjectInputStream s)
throws IOException, ClassNotFoundException {
ObjectInputStream.GetField fields = s.readFields();
Object[] tmp = (Object[])fields.get("elements", null);
if (tmp == null)
throw new InvalidObjectException("elements is null and should not be!");
elements = tmp.clone();
len = fields.get("len", 0);
if(elements.length != len)
throw new InvalidObjectException("elements is not the expected size");
baseType = fields.get("baseType", 0);
baseTypeName = (String)fields.get("baseTypeName", null);
}
/**
* writeObject is called to save the state of the {@code SerialArray}
* to a stream.
*/
private void writeObject(ObjectOutputStream s)
throws IOException, ClassNotFoundException {
ObjectOutputStream.PutField fields = s.putFields();
fields.put("elements", elements);
fields.put("len", len);
fields.put("baseType", baseType);
fields.put("baseTypeName", baseTypeName);
s.writeFields();
}
/**
* The identifier that assists in the serialization of this <code>SerialArray</code>
* object.

60
jdk/src/share/classes/javax/sql/rowset/serial/SerialDatalink.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -100,10 +100,64 @@ public class SerialDatalink implements Serializable, Cloneable {
return aURL;
}
/**
* Compares this {@code SerialDatalink} to the specified object.
* The result is {@code true} if and only if the argument is not
* {@code null} and is a {@code SerialDatalink} object whose URL is
* identical to this object's URL
*
* @param obj The object to compare this {@code SerialDatalink} against
*
* @return {@code true} if the given object represents a {@code SerialDatalink}
* equivalent to this SerialDatalink, {@code false} otherwise
*
*/
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj instanceof SerialDatalink) {
SerialDatalink sdl = (SerialDatalink) obj;
return url.equals(sdl.url);
}
return false;
}
/**
* The identifier that assists in the serialization of this <code>SerialDatalink</code>
* object.
* Returns a hash code for this {@code SerialDatalink}. The hash code for a
* {@code SerialDatalink} object is taken as the hash code of
* the {@code URL} it stores
*
* @return a hash code value for this object.
*/
public int hashCode() {
return 31 + url.hashCode();
}
/**
* Returns a clone of this {@code SerialDatalink}.
*
* @return a clone of this SerialDatalink
*/
public Object clone() {
try {
SerialDatalink sdl = (SerialDatalink) super.clone();
return sdl;
} catch (CloneNotSupportedException ex) {
// this shouldn't happen, since we are Cloneable
throw new InternalError();
}
}
/**
* readObject and writeObject are called to restore the state
* of the {@code SerialDatalink}
* from a stream. Note: we leverage the default Serialized form
*/
/**
* The identifier that assists in the serialization of this
* {@code SerialDatalink} object.
*/
static final long serialVersionUID = 2826907821828733626L;
}

125
jdk/src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,6 +27,8 @@ package javax.sql.rowset.serial;
import java.io.*;
import java.lang.reflect.*;
import java.util.Arrays;
import java.util.Vector;
import javax.sql.rowset.RowSetWarning;
/**
@ -49,7 +51,7 @@ public class SerialJavaObject implements Serializable, Cloneable {
/**
* Placeholder for object to be serialized.
*/
private final Object obj;
private Object obj;
/**
@ -82,18 +84,9 @@ public class SerialJavaObject implements Serializable, Cloneable {
// any of these are static, this should invalidate
// the action of attempting to persist these fields
// in a serialized form
boolean anyStaticFields = false;
fields = c.getFields();
for (int i = 0; i < fields.length; i++ ) {
if ( fields[i].getModifiers() == Modifier.STATIC ) {
anyStaticFields = true;
}
}
if (anyStaticFields) {
if (hasStaticFields(fields)) {
throw new SerialException("Located static fields in " +
"object instance. Cannot serialize");
}
@ -132,7 +125,7 @@ public class SerialJavaObject implements Serializable, Cloneable {
}
/**
* The identifier that assists in the serialization of this
* The identifier that assists in the serialization of this
* <code>SerialJavaObject</code> object.
*/
static final long serialVersionUID = -1465795139032831023L;
@ -142,15 +135,117 @@ public class SerialJavaObject implements Serializable, Cloneable {
* object. When there are multiple warnings, each warning is chained to the
* previous warning.
*/
java.util.Vector<RowSetWarning> chain;
Vector<RowSetWarning> chain;
/**
* Compares this SerialJavaObject to the specified object.
* The result is {@code true} if and only if the argument
* is not {@code null} and is a {@code SerialJavaObject}
* object that is identical to this object
*
* @param o The object to compare this {@code SerialJavaObject} against
*
* @return {@code true} if the given object represents a {@code SerialJavaObject}
* equivalent to this SerialJavaObject, {@code false} otherwise
*
*/
public boolean equals(Object o) {
if (this == o) {
return true;
}
if (o instanceof SerialJavaObject) {
SerialJavaObject sjo = (SerialJavaObject) o;
return obj.equals(sjo.obj);
}
return false;
}
/**
* Returns a hash code for this SerialJavaObject. The hash code for a
* {@code SerialJavaObject} object is taken as the hash code of
* the {@code Object} it stores
*
* @return a hash code value for this object.
*/
public int hashCode() {
return 31 + obj.hashCode();
}
/**
* Returns a clone of this {@code SerialJavaObject}.
*
* @return a clone of this SerialJavaObject
*/
public Object clone() {
try {
SerialJavaObject sjo = (SerialJavaObject) super.clone();
sjo.fields = Arrays.copyOf(fields, fields.length);
if (chain != null)
sjo.chain = new Vector<>(chain);
return sjo;
} catch (CloneNotSupportedException ex) {
// this shouldn't happen, since we are Cloneable
throw new InternalError();
}
}
/**
* Registers the given warning.
*/
private void setWarning(RowSetWarning e) {
if (chain == null) {
chain = new java.util.Vector<>();
chain = new Vector<>();
}
chain.add(e);
}
/**
* readObject is called to restore the state of the {@code SerialJavaObject}
* from a stream.
*/
private void readObject(ObjectInputStream s)
throws IOException, ClassNotFoundException {
ObjectInputStream.GetField fields1 = s.readFields();
@SuppressWarnings("unchecked")
Vector<RowSetWarning> tmp = (Vector<RowSetWarning>)fields1.get("chain", null);
if (tmp != null)
chain = new Vector<>(tmp);
obj = fields1.get("obj", null);
if (obj != null) {
fields = obj.getClass().getFields();
if(hasStaticFields(fields))
throw new IOException("Located static fields in " +
"object instance. Cannot serialize");
} else {
throw new IOException("Object cannot be null!");
}
}
/**
* writeObject is called to save the state of the {@code SerialJavaObject}
* to a stream.
*/
private void writeObject(ObjectOutputStream s)
throws IOException {
ObjectOutputStream.PutField fields = s.putFields();
fields.put("obj", obj);
fields.put("chain", chain);
s.writeFields();
}
/*
* Check to see if there are any Static Fields in this object
*/
private static boolean hasStaticFields(Field[] fields) {
for (Field field : fields) {
if ( field.getModifiers() == Modifier.STATIC) {
return true;
}
}
return false;
}
}

82
jdk/src/share/classes/javax/sql/rowset/serial/SerialRef.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -163,7 +163,85 @@ public class SerialRef implements Ref, Serializable, Cloneable {
}
/**
* The identifier that assists in the serialization of this <code>SerialRef</code>
* Compares this SerialRef to the specified object. The result is {@code
* true} if and only if the argument is not {@code null} and is a {@code
* SerialRef} object that represents the same object as this
* object.
*
* @param obj The object to compare this {@code SerialRef} against
*
* @return {@code true} if the given object represents a {@code SerialRef}
* equivalent to this SerialRef, {@code false} otherwise
*
*/
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if(obj instanceof SerialRef) {
SerialRef ref = (SerialRef)obj;
return baseTypeName.equals(ref.baseTypeName) &&
object.equals(ref.object);
}
return false;
}
/**
* Returns a hash code for this {@code SerialRef}.
* @return a hash code value for this object.
*/
public int hashCode() {
return (31 + object.hashCode()) * 31 + baseTypeName.hashCode();
}
/**
* Returns a clone of this {@code SerialRef}. .
* The underlying {@code Ref} object will be set to null.
*
* @return a clone of this SerialRef
*/
public Object clone() {
try {
SerialRef ref = (SerialRef) super.clone();
ref.reference = null;
return ref;
} catch (CloneNotSupportedException ex) {
// this shouldn't happen, since we are Cloneable
throw new InternalError();
}
}
/**
* readObject is called to restore the state of the SerialRef from
* a stream.
*/
private void readObject(ObjectInputStream s)
throws IOException, ClassNotFoundException {
ObjectInputStream.GetField fields = s.readFields();
object = fields.get("object", null);
baseTypeName = (String) fields.get("baseTypeName", null);
reference = (Ref) fields.get("reference", null);
}
/**
* writeObject is called to save the state of the SerialRef
* to a stream.
*/
private void writeObject(ObjectOutputStream s)
throws IOException, ClassNotFoundException {
ObjectOutputStream.PutField fields = s.putFields();
fields.put("baseTypeName", baseTypeName);
fields.put("object", object);
// Note: this check to see if it is an instance of Serializable
// is for backwards compatibiity
fields.put("reference", reference instanceof Serializable ? reference : null);
s.writeFields();
}
/**
* The identifier that assists in the serialization of this <code>SerialRef</code>
* object.
*/
static final long serialVersionUID = -4727123500609662274L;

82
jdk/src/share/classes/javax/sql/rowset/serial/SerialStruct.java
View File

@ -249,6 +249,88 @@ public class SerialStruct implements Struct, Serializable, Cloneable {
return;
}
/**
* Compares this SerialStruct to the specified object. The result is
* {@code true} if and only if the argument is not {@code null} and is a
* {@code SerialStruct} object whose attributes are identical to this
* object's attributes
*
* @param obj The object to compare this {@code SerialStruct} against
*
* @return {@code true} if the given object represents a {@code SerialStruct}
* equivalent to this SerialStruct, {@code false} otherwise
*
*/
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj instanceof SerialStruct) {
SerialStruct ss = (SerialStruct)obj;
return SQLTypeName.equals(ss.SQLTypeName) &&
Arrays.equals(attribs, ss.attribs);
}
return false;
}
/**
* Returns a hash code for this {@code SerialStruct}. The hash code for a
* {@code SerialStruct} object is computed using the hash codes
* of the attributes of the {@code SerialStruct} object and its
* {@code SQLTypeName}
*
* @return a hash code value for this object.
*/
public int hashCode() {
return ((31 + Arrays.hashCode(attribs)) * 31) * 31
+ SQLTypeName.hashCode();
}
/**
* Returns a clone of this {@code SerialStruct}. The copy will contain a
* reference to a clone of the underlying attribs array, not a reference
* to the original underlying attribs array of this {@code SerialStruct} object.
*
* @return a clone of this SerialStruct
*/
public Object clone() {
try {
SerialStruct ss = (SerialStruct) super.clone();
ss.attribs = Arrays.copyOf(attribs, attribs.length);
return ss;
} catch (CloneNotSupportedException ex) {
// this shouldn't happen, since we are Cloneable
throw new InternalError();
}
}
/**
* readObject is called to restore the state of the {@code SerialStruct} from
* a stream.
*/
private void readObject(ObjectInputStream s)
throws IOException, ClassNotFoundException {
ObjectInputStream.GetField fields = s.readFields();
Object[] tmp = (Object[])fields.get("attribs", null);
attribs = tmp == null ? null : tmp.clone();
SQLTypeName = (String)fields.get("SQLTypeName", null);
}
/**
* writeObject is called to save the state of the {@code SerialStruct}
* to a stream.
*/
private void writeObject(ObjectOutputStream s)
throws IOException, ClassNotFoundException {
ObjectOutputStream.PutField fields = s.putFields();
fields.put("attribs", attribs);
fields.put("SQLTypeName", SQLTypeName);
s.writeFields();
}
/**
* The identifier that assists in the serialization of this
* <code>SerialStruct</code> object.

39
jdk/src/share/classes/sun/nio/ch/FileChannelImpl.java
View File

@ -302,12 +302,10 @@ public class FileChannelImpl
}
}
public FileChannel truncate(long size) throws IOException {
public FileChannel truncate(long newSize) throws IOException {
ensureOpen();
if (size < 0)
throw new IllegalArgumentException();
if (size > size())
return this;
if (newSize < 0)
throw new IllegalArgumentException("Negative size");
if (!writable)
throw new NonWritableChannelException();
synchronized (positionLock) {
@ -320,6 +318,14 @@ public class FileChannelImpl
if (!isOpen())
return null;
// get current size
long size;
do {
size = nd.size(fd);
} while ((size == IOStatus.INTERRUPTED) && isOpen());
if (!isOpen())
return null;
// get current position
do {
p = position0(fd, -1);
@ -328,16 +334,18 @@ public class FileChannelImpl
return null;
assert p >= 0;
// truncate file
do {
rv = nd.truncate(fd, size);
} while ((rv == IOStatus.INTERRUPTED) && isOpen());
if (!isOpen())
return null;
// truncate file if given size is less than the current size
if (newSize < size) {
do {
rv = nd.truncate(fd, newSize);
} while ((rv == IOStatus.INTERRUPTED) && isOpen());
if (!isOpen())
return null;
}
// set position to size if greater than size
if (p > size)
p = size;
// if position is beyond new size then adjust it
if (p > newSize)
p = newSize;
do {
rv = (int)position0(fd, p);
} while ((rv == IOStatus.INTERRUPTED) && isOpen());
@ -779,6 +787,8 @@ public class FileChannelImpl
throws IOException
{
ensureOpen();
if (mode == null)
throw new NullPointerException("Mode is null");
if (position < 0L)
throw new IllegalArgumentException("Negative position");
if (size < 0L)
@ -787,6 +797,7 @@ public class FileChannelImpl
throw new IllegalArgumentException("Position + size overflow");
if (size > Integer.MAX_VALUE)
throw new IllegalArgumentException("Size exceeds Integer.MAX_VALUE");
int imode = -1;
if (mode == MapMode.READ_ONLY)
imode = MAP_RO;

19
jdk/src/share/classes/sun/security/jgss/GSSCaller.java
View File

@ -31,10 +31,19 @@ package sun.security.jgss;
* different callers.
*/
public class GSSCaller {
public static final GSSCaller CALLER_UNKNOWN = new GSSCaller();
public static final GSSCaller CALLER_INITIATE = new GSSCaller();
public static final GSSCaller CALLER_ACCEPT = new GSSCaller();
public static final GSSCaller CALLER_SSL_CLIENT = new GSSCaller();
public static final GSSCaller CALLER_SSL_SERVER = new GSSCaller();
public static final GSSCaller CALLER_UNKNOWN = new GSSCaller("UNKNOWN");
public static final GSSCaller CALLER_INITIATE = new GSSCaller("INITIATE");
public static final GSSCaller CALLER_ACCEPT = new GSSCaller("ACCEPT");
public static final GSSCaller CALLER_SSL_CLIENT = new GSSCaller("SSL_CLIENT");
public static final GSSCaller CALLER_SSL_SERVER = new GSSCaller("SSL_SERVER");
private String name;
GSSCaller(String s) {
name = s;
}
@Override
public String toString() {
return "GSSCaller{" + name + '}';
}
}

16
jdk/src/share/classes/sun/security/jgss/GSSCredentialImpl.java
View File

@ -28,8 +28,9 @@ package sun.security.jgss;
import org.ietf.jgss.*;
import sun.security.jgss.spi.*;
import java.util.*;
import com.sun.security.jgss.*;
public class GSSCredentialImpl implements GSSCredential {
public class GSSCredentialImpl implements ExtendedGSSCredential {
private GSSManagerImpl gssManager = null;
private boolean destroyed = false;
@ -122,6 +123,19 @@ public class GSSCredentialImpl implements GSSCredential {
}
}
public GSSCredential impersonate(GSSName name) throws GSSException {
if (destroyed) {
throw new IllegalStateException("This credential is " +
"no longer valid");
}
Oid mech = tempCred.getMechanism();
GSSNameSpi nameElement = (name == null ? null :
((GSSNameImpl)name).getElement(mech));
GSSCredentialSpi cred = tempCred.impersonate(nameElement);
return (cred == null ?
null : new GSSCredentialImpl(gssManager, cred));
}
public GSSName getName() throws GSSException {
if (destroyed) {
throw new IllegalStateException("This credential is " +

1
jdk/src/share/classes/sun/security/jgss/HttpCaller.java
View File

@ -35,6 +35,7 @@ public class HttpCaller extends GSSCaller {
final private HttpCallerInfo hci;
public HttpCaller(HttpCallerInfo hci) {
super("HTTP_CLIENT");
this.hci = hci;
}

18
jdk/src/share/classes/sun/security/jgss/krb5/Krb5AcceptCredential.java
View File

@ -25,6 +25,7 @@
package sun.security.jgss.krb5;
import java.io.IOException;
import org.ietf.jgss.*;
import sun.security.jgss.GSSCaller;
import sun.security.jgss.spi.*;
@ -177,4 +178,21 @@ public class Krb5AcceptCredential
public void destroy() throws DestroyFailedException {
screds.destroy();
}
/**
* Impersonation is only available on the initiator side. The
* service must starts as an initiator to get an initial TGT to complete
* the S4U2self protocol.
*/
@Override
public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
Credentials cred = screds.getInitCred();
if (cred != null) {
return Krb5InitCredential.getInstance(this.name, cred)
.impersonate(name);
} else {
throw new GSSException(GSSException.FAILURE, -1,
"Only an initiate credentials can impersonate");
}
}
}

81
jdk/src/share/classes/sun/security/jgss/krb5/Krb5Context.java
View File

@ -45,6 +45,7 @@ import java.security.PrivilegedActionException;
import javax.crypto.Cipher;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.*;
import sun.security.krb5.internal.Ticket;
/**
* Implements the mechanism specific context class for the Kerberos v5
@ -76,7 +77,7 @@ class Krb5Context implements GSSContextSpi {
* values.
*/
private boolean credDelegState = false;
private boolean credDelegState = false; // now only useful at client
private boolean mutualAuthState = true;
private boolean replayDetState = true;
private boolean sequenceDetState = true;
@ -84,6 +85,8 @@ class Krb5Context implements GSSContextSpi {
private boolean integState = true;
private boolean delegPolicyState = false;
private boolean isConstrainedDelegationTried = false;
private int mySeqNumber;
private int peerSeqNumber;
private int keySrc;
@ -113,13 +116,11 @@ class Krb5Context implements GSSContextSpi {
private Krb5CredElement myCred;
private Krb5CredElement delegatedCred; // Set only on acceptor side
/* DESCipher instance used by the corresponding GSSContext */
private Cipher desCipher = null;
// XXX See if the required info from these can be extracted and
// stored elsewhere
private Credentials serviceCreds;
private KrbApReq apReq;
Ticket serviceTicket;
final private GSSCaller caller;
private static final boolean DEBUG = Krb5Util.DEBUG;
@ -248,7 +249,14 @@ class Krb5Context implements GSSContextSpi {
* Is credential delegation enabled?
*/
public final boolean getCredDelegState() {
return credDelegState;
if (isInitiator()) {
return credDelegState;
} else {
// Server side deleg state is not flagged by credDelegState.
// It can use constrained delegation.
tryConstrainedDelegation();
return delegatedCred != null;
}
}
/**
@ -498,7 +506,8 @@ class Krb5Context implements GSSContextSpi {
* Returns the delegated credential for the context. This
* is an optional feature of contexts which not all
* mechanisms will support. A context can be requested to
* support credential delegation by using the <b>CRED_DELEG</b>.
* support credential delegation by using the <b>CRED_DELEG</b>,
* or it can request for a constrained delegation.
* This is only valid on the acceptor side of the context.
* @return GSSCredentialSpi object for the delegated credential
* @exception GSSException
@ -507,11 +516,41 @@ class Krb5Context implements GSSContextSpi {
public final GSSCredentialSpi getDelegCred() throws GSSException {
if (state != STATE_IN_PROCESS && state != STATE_DONE)
throw new GSSException(GSSException.NO_CONTEXT);
if (delegatedCred == null)
if (isInitiator()) {
throw new GSSException(GSSException.NO_CRED);
}
tryConstrainedDelegation();
if (delegatedCred == null) {
throw new GSSException(GSSException.NO_CRED);
}
return delegatedCred;
}
private void tryConstrainedDelegation() {
if (state != STATE_IN_PROCESS && state != STATE_DONE) {
return;
}
// We will only try constrained delegation once (if necessary).
if (!isConstrainedDelegationTried) {
if (delegatedCred == null) {
if (DEBUG) {
System.out.println(">>> Constrained deleg from " + caller);
}
// The constrained delegation part. The acceptor needs to have
// isInitiator=true in order to get a TGT, either earlier at
// logon stage, if useSubjectCredsOnly, or now.
try {
delegatedCred = new Krb5ProxyCredential(
Krb5InitCredential.getInstance(
GSSCaller.CALLER_ACCEPT, myName, lifetime),
peerName, serviceTicket);
} catch (GSSException gsse) {
// OK, delegatedCred is null then
}
}
isConstrainedDelegationTried = true;
}
}
/**
* Tests if this is the initiator side of the context.
*
@ -577,8 +616,15 @@ class Krb5Context implements GSSContextSpi {
"No TGT available");
}
myName = (Krb5NameElement) myCred.getName();
Credentials tgt =
((Krb5InitCredential) myCred).getKrb5Credentials();
Credentials tgt;
final Krb5ProxyCredential second;
if (myCred instanceof Krb5InitCredential) {
second = null;
tgt = ((Krb5InitCredential) myCred).getKrb5Credentials();
} else {
second = (Krb5ProxyCredential) myCred;
tgt = second.self.getKrb5Credentials();
}
checkPermission(peerName.getKrb5PrincipalName().getName(),
"initiate");
@ -607,7 +653,9 @@ class Krb5Context implements GSSContextSpi {
GSSCaller.CALLER_UNKNOWN,
// since it's useSubjectCredsOnly here,
// don't worry about the null
myName.getKrb5PrincipalName().getName(),
second == null ?
myName.getKrb5PrincipalName().getName():
second.getName().getKrb5PrincipalName().getName(),
peerName.getKrb5PrincipalName().getName(),
acc);
}});
@ -638,9 +686,17 @@ class Krb5Context implements GSSContextSpi {
"the subject");
}
// Get Service ticket using the Kerberos protocols
serviceCreds = Credentials.acquireServiceCreds(
if (second == null) {
serviceCreds = Credentials.acquireServiceCreds(
peerName.getKrb5PrincipalName().getName(),
tgt);
} else {
serviceCreds = Credentials.acquireS4U2proxyCreds(
peerName.getKrb5PrincipalName().getName(),
second.tkt,
second.getName().getKrb5PrincipalName(),
tgt);
}
if (GSSUtil.useSubjectCredsOnly(caller)) {
final Subject subject =
AccessController.doPrivileged(
@ -776,6 +832,7 @@ class Krb5Context implements GSSContextSpi {
retVal = new AcceptSecContextToken(this,
token.getKrbApReq()).encode();
}
serviceTicket = token.getKrbApReq().getCreds().getTicket();
myCred = null;
state = STATE_DONE;
} else {
@ -802,8 +859,6 @@ class Krb5Context implements GSSContextSpi {
return retVal;
}
/**
* Queries the context for largest data size to accomodate
* the specified protection and be <= maxTokSize.

35
jdk/src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java
View File

@ -309,8 +309,7 @@ public class Krb5InitCredential
int initLifetime)
throws GSSException {
String realm = null;
final String clientPrincipal, tgsPrincipal = null;
final String clientPrincipal;
/*
* Find the TGT for the realm that the client is in. If the client
@ -318,20 +317,8 @@ public class Krb5InitCredential
*/
if (name != null) {
clientPrincipal = (name.getKrb5PrincipalName()).getName();
realm = (name.getKrb5PrincipalName()).getRealmAsString();
} else {
clientPrincipal = null;
try {
Config config = Config.getInstance();
realm = config.getDefaultRealm();
} catch (KrbException e) {
GSSException ge =
new GSSException(GSSException.NO_CRED, -1,
"Attempt to obtain INITIATE credentials failed!" +
" (" + e.getMessage() + ")");
ge.initCause(e);
throw ge;
}
}
final AccessControlContext acc = AccessController.getContext();
@ -343,9 +330,11 @@ public class Krb5InitCredential
return AccessController.doPrivileged(
new PrivilegedExceptionAction<KerberosTicket>() {
public KerberosTicket run() throws Exception {
// It's OK to use null as serverPrincipal. TGT is almost
// the first ticket for a principal and we use list.
return Krb5Util.getTicket(
realCaller,
clientPrincipal, tgsPrincipal, acc);
clientPrincipal, null, acc);
}});
} catch (PrivilegedActionException e) {
GSSException ge =
@ -356,4 +345,20 @@ public class Krb5InitCredential
throw ge;
}
}
@Override
public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
try {
Krb5NameElement kname = (Krb5NameElement)name;
Credentials newCred = Credentials.acquireS4U2selfCreds(
kname.getKrb5PrincipalName(), krb5Credentials);
return new Krb5ProxyCredential(this, kname, newCred.getTicket());
} catch (IOException | KrbException ke) {
GSSException ge =
new GSSException(GSSException.FAILURE, -1,
"Attempt to obtain S4U2self credentials failed!");
ge.initCause(ke);
throw ge;
}
}
}

115
jdk/src/share/classes/sun/security/jgss/krb5/Krb5ProxyCredential.java Normal file
View File

@ -0,0 +1,115 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.jgss.krb5;
import org.ietf.jgss.*;
import sun.security.jgss.spi.*;
import java.util.Date;
import sun.security.krb5.internal.Ticket;
/**
* Implements the krb5 proxy credential element used in constrained
* delegation. It is used in both impersonation (where there is no Kerberos 5
* communication between the middle server and the client) and normal
* constrained delegation (where there is, but client has not called
* requestCredDeleg(true)).
* @since 1.8
*/
public class Krb5ProxyCredential
implements Krb5CredElement {
public final Krb5InitCredential self; // the middle server
private final Krb5NameElement client; // the client
// The ticket with cname=client and sname=self. This can be a normal
// service ticket or an S4U2self ticket.
public final Ticket tkt;
Krb5ProxyCredential(Krb5InitCredential self, Krb5NameElement client,
Ticket tkt) {
this.self = self;
this.tkt = tkt;
this.client = client;
}
// The client name behind the proxy
@Override
public final Krb5NameElement getName() throws GSSException {
return client;
}
@Override
public int getInitLifetime() throws GSSException {
// endTime of tkt is not used by KDC, and it's also not
// available in the case of kerberos constr deleg
return self.getInitLifetime();
}
@Override
public int getAcceptLifetime() throws GSSException {
return 0;
}
@Override
public boolean isInitiatorCredential() throws GSSException {
return true;
}
@Override
public boolean isAcceptorCredential() throws GSSException {
return false;
}
@Override
public final Oid getMechanism() {
return Krb5MechFactory.GSS_KRB5_MECH_OID;
}
@Override
public final java.security.Provider getProvider() {
return Krb5MechFactory.PROVIDER;
}
@Override
public void dispose() throws GSSException {
try {
self.destroy();
} catch (javax.security.auth.DestroyFailedException e) {
GSSException gssException =
new GSSException(GSSException.FAILURE, -1,
"Could not destroy credentials - " + e.getMessage());
gssException.initCause(e);
}
}
@Override
public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
// Cannot impersonate multiple levels without the impersonatee's TGT.
throw new GSSException(GSSException.FAILURE, -1,
"Only an initiate credentials can impersonate");
}
}

20
jdk/src/share/classes/sun/security/jgss/krb5/Krb5Util.java
View File

@ -206,7 +206,7 @@ public class Krb5Util {
* identity, which can be:
* 1. Some KerberosKeys (generated from password)
* 2. A KeyTab (for a typical service)
* 3. A TGT (for a user2user service. Not supported yet)
* 3. A TGT (for S4U2proxy extension)
*
* Note that some creds can coexist. For example, a user2user service
* can use its keytab (or keys) if the client can successfully obtain a
@ -219,7 +219,7 @@ public class Krb5Util {
private List<KeyTab> ktabs;
private List<KerberosKey> kk;
private Subject subj;
//private KerberosTicket tgt; // user2user, not supported yet
private KerberosTicket tgt;
private static ServiceCreds getInstance(
Subject subj, String serverPrincipal) {
@ -255,6 +255,8 @@ public class Krb5Util {
subj, null, null, KeyTab.class);
sc.kk = SubjectComber.findMany(
subj, serverPrincipal, null, KerberosKey.class);
sc.tgt = SubjectComber.find(subj, null, null, KerberosTicket.class);
if (sc.ktabs.isEmpty() && sc.kk.isEmpty()) {
return null;
}
@ -310,10 +312,22 @@ public class Krb5Util {
return ekeys;
}
public Credentials getInitCred() {
if (tgt == null) {
return null;
}
try {
return ticketToCreds(tgt);
} catch (KrbException | IOException e) {
return null;
}
}
public void destroy() {
kp = null;
ktabs = null;
kk = null;
tgt = null;
}
}
/**
@ -357,7 +371,7 @@ public class Krb5Util {
};
public static Credentials ticketToCreds(KerberosTicket kerbTicket)
throws KrbException, IOException {
throws KrbException, IOException {
return new Credentials(
kerbTicket.getEncoded(),
kerbTicket.getClient().getName(),

9
jdk/src/share/classes/sun/security/jgss/spi/GSSCredentialSpi.java
View File

@ -96,4 +96,13 @@ public interface GSSCredentialSpi {
* @exception GSSException may be thrown
*/
public Oid getMechanism();
/**
* Impersonates another client.
*
* @param name the client to impersonate
* @return the new credential
* @exception GSSException may be thrown
*/
public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException;
}

3
jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java
View File

@ -1059,6 +1059,9 @@ public class SpNegoContext implements GSSContextSpi {
if (mechContext != null) {
GSSCredentialImpl delegCred =
(GSSCredentialImpl)mechContext.getDelegCred();
if (delegCred == null) {
return null;
}
// determine delegated cred element usage
boolean initiate = false;
if (delegCred.getUsage() == GSSCredential.INITIATE_ONLY) {

5
jdk/src/share/classes/sun/security/jgss/spnego/SpNegoCredElement.java
View File

@ -88,4 +88,9 @@ public class SpNegoCredElement implements GSSCredentialSpi {
public Oid getMechanism() {
return GSSUtil.GSS_SPNEGO_MECH_OID;
}
@Override
public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
return cred.impersonate(name);
}
}

7
jdk/src/share/classes/sun/security/jgss/wrapper/GSSCredElement.java
View File

@ -28,6 +28,7 @@ import org.ietf.jgss.*;
import java.security.Provider;
import sun.security.jgss.GSSUtil;
import sun.security.jgss.spi.GSSCredentialSpi;
import sun.security.jgss.spi.GSSNameSpi;
/**
* This class is essentially a wrapper class for the gss_cred_id_t
@ -132,4 +133,10 @@ public class GSSCredElement implements GSSCredentialSpi {
protected void finalize() throws Throwable {
dispose();
}
@Override
public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
throw new GSSException(GSSException.FAILURE, -1,
"Not supported yet");
}
}

29
jdk/src/share/classes/sun/security/krb5/Credentials.java
View File

@ -449,6 +449,18 @@ public class Credentials {
return CredentialsUtil.acquireServiceCreds(service, ccreds);
}
public static Credentials acquireS4U2selfCreds(PrincipalName user,
Credentials ccreds) throws KrbException, IOException {
return CredentialsUtil.acquireS4U2selfCreds(user, ccreds);
}
public static Credentials acquireS4U2proxyCreds(String service,
Ticket second, PrincipalName client, Credentials ccreds)
throws KrbException, IOException {
return CredentialsUtil.acquireS4U2proxyCreds(
service, second, client, ccreds);
}
public CredentialsCache getCache() {
return cache;
}
@ -490,18 +502,19 @@ public class Credentials {
public String toString() {
StringBuffer buffer = new StringBuffer("Credentials:");
buffer.append("\nclient=").append(client);
buffer.append("\nserver=").append(server);
buffer.append( "\n client=").append(client);
buffer.append( "\n server=").append(server);
if (authTime != null) {
buffer.append("\nauthTime=").append(authTime);
buffer.append("\n authTime=").append(authTime);
}
if (startTime != null) {
buffer.append("\nstartTime=").append(startTime);
buffer.append("\n startTime=").append(startTime);
}
buffer.append("\nendTime=").append(endTime);
buffer.append("\nrenewTill=").append(renewTill);
buffer.append("\nflags: ").append(flags);
buffer.append("\nEType (int): ").append(key.getEType());
buffer.append( "\n endTime=").append(endTime);
buffer.append( "\n renewTill=").append(renewTill);
buffer.append( "\n flags=").append(flags);
buffer.append( "\nEType (skey)=").append(key.getEType());
buffer.append( "\n (tkt key)=").append(ticket.encPart.eType);
return buffer.toString();
}

6
jdk/src/share/classes/sun/security/krb5/EncryptedData.java
View File

@ -160,8 +160,6 @@ public class EncryptedData implements Cloneable {
kvno = key.getKeyVersionNumber();
}
*/
// currently destructive on cipher
public byte[] decrypt(
EncryptionKey key, int usage)
throws KdcErrException, KrbApErrException, KrbCryptoException {
@ -175,7 +173,9 @@ public class EncryptedData implements Cloneable {
EType etypeEngine = EType.getInstance(eType);
plain = etypeEngine.decrypt(cipher, key.getBytes(), usage);
cipher = null;
// The service ticket will be used in S4U2proxy request. Therefore
// the raw ticket is still needed.
//cipher = null;
return etypeEngine.decryptedData(plain);
}

3
jdk/src/share/classes/sun/security/krb5/KrbApReq.java
View File

@ -287,8 +287,9 @@ public class KrbApReq {
cusec = authenticator.cusec;
authenticator.ctime.setMicroSeconds(authenticator.cusec);
if (!authenticator.cname.equals(enc_ticketPart.cname))
if (!authenticator.cname.equals(enc_ticketPart.cname)) {
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADMATCH);
}
KerberosTime currTime = new KerberosTime(KerberosTime.NOW);
if (!authenticator.ctime.inClockSkew(currTime))

7
jdk/src/share/classes/sun/security/krb5/KrbKdcRep.java
View File

@ -64,7 +64,12 @@ abstract class KrbKdcRep {
for (int i = 1; i < 6; i++) {
if (req.reqBody.kdcOptions.get(i) !=
rep.encKDCRepPart.flags.get(i)) {
rep.encKDCRepPart.flags.get(i)) {
if (Krb5.DEBUG) {
System.out.println("> KrbKdcRep.check: at #" + i
+ ". request for " + req.reqBody.kdcOptions.get(i)
+ ", received " + rep.encKDCRepPart.flags.get(i));
}
throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
}
}

2
jdk/src/share/classes/sun/security/krb5/KrbTgsRep.java
View File

@ -87,7 +87,7 @@ public class KrbTgsRep extends KrbKdcRep {
check(false, req, rep);
this.creds = new Credentials(rep.ticket,
req.reqBody.cname,
rep.cname,
rep.ticket.sname,
enc_part.key,
enc_part.flags,

92
jdk/src/share/classes/sun/security/krb5/KrbTgsReq.java
View File

@ -35,6 +35,7 @@ import sun.security.krb5.internal.*;
import sun.security.krb5.internal.crypto.*;
import java.io.IOException;
import java.net.UnknownHostException;
import java.util.Arrays;
/**
* This class encapsulates a Kerberos TGS-REQ that is sent from the
@ -55,7 +56,7 @@ public class KrbTgsReq {
private byte[] obuf;
private byte[] ibuf;
// Used in CredentialsUtil
// Used in CredentialsUtil
public KrbTgsReq(Credentials asCreds,
PrincipalName sname)
throws KrbException, IOException {
@ -72,6 +73,45 @@ public class KrbTgsReq {
null); // EncryptionKey subSessionKey
}
// S4U2proxy
public KrbTgsReq(Credentials asCreds,
Ticket second,
PrincipalName sname)
throws KrbException, IOException {
this(KDCOptions.with(KDCOptions.CNAME_IN_ADDL_TKT,
KDCOptions.FORWARDABLE),
asCreds,
sname,
null,
null,
null,
null,
null,
null,
new Ticket[] {second}, // the service ticket
null);
}
// S4U2user
public KrbTgsReq(Credentials asCreds,
PrincipalName sname,
PAData extraPA)
throws KrbException, IOException {
this(KDCOptions.with(KDCOptions.FORWARDABLE),
asCreds,
asCreds.getClient(),
sname,
null,
null,
null,
null,
null,
null,
null,
null,
extraPA); // the PA-FOR-USER
}
// Called by Credentials, KrbCred
KrbTgsReq(
KDCOptions options,
@ -85,14 +125,42 @@ public class KrbTgsReq {
AuthorizationData authorizationData,
Ticket[] additionalTickets,
EncryptionKey subKey) throws KrbException, IOException {
this(options, asCreds, asCreds.getClient(), sname,
from, till, rtime, eTypes, addresses,
authorizationData, additionalTickets, subKey, null);
}
princName = asCreds.client;
private KrbTgsReq(
KDCOptions options,
Credentials asCreds,
PrincipalName cname,
PrincipalName sname,
KerberosTime from,
KerberosTime till,
KerberosTime rtime,
int[] eTypes,
HostAddresses addresses,
AuthorizationData authorizationData,
Ticket[] additionalTickets,
EncryptionKey subKey,
PAData extraPA) throws KrbException, IOException {
princName = cname;
servName = sname;
ctime = new KerberosTime(KerberosTime.NOW);
// check if they are valid arguments. The optional fields
// should be consistent with settings in KDCOptions.
// TODO: Is this necessary? If the TGT is not FORWARDABLE,
// you can still request for a FORWARDABLE ticket, just the
// KDC will give you a non-FORWARDABLE one. Even if you
// cannot use the ticket expected, it still contains info.
// This means there will be problem later. We already have
// flags check in KrbTgsRep. Of course, sometimes the KDC
// will not issue the ticket at all.
if (options.get(KDCOptions.FORWARDABLE) &&
(!(asCreds.flags.get(Krb5.TKT_OPTS_FORWARDABLE)))) {
throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
@ -130,13 +198,13 @@ public class KrbTgsReq {
} else {
if (rtime != null) rtime = null;
}
if (options.get(KDCOptions.ENC_TKT_IN_SKEY)) {
if (options.get(KDCOptions.ENC_TKT_IN_SKEY) || options.get(KDCOptions.CNAME_IN_ADDL_TKT)) {
if (additionalTickets == null)
throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
// in TGS_REQ there could be more than one additional
// tickets, but in file-based credential cache,
// there is only one additional ticket field.
secondTicket = additionalTickets[0];
secondTicket = additionalTickets[0];
} else {
if (additionalTickets != null)
additionalTickets = null;
@ -156,7 +224,8 @@ public class KrbTgsReq {
addresses,
authorizationData,
additionalTickets,
subKey);
subKey,
extraPA);
obuf = tgsReqMessg.asn1Encode();
// XXX We need to revisit this to see if can't move it
@ -221,7 +290,8 @@ public class KrbTgsReq {
HostAddresses addresses,
AuthorizationData authorizationData,
Ticket[] additionalTickets,
EncryptionKey subKey)
EncryptionKey subKey,
PAData extraPA)
throws Asn1Exception, IOException, KdcErrException, KrbApErrException,
UnknownHostException, KrbCryptoException {
KerberosTime req_till = null;
@ -318,10 +388,12 @@ public class KrbTgsReq {
null,
null).getMessage();
PAData[] tgsPAData = new PAData[1];
tgsPAData[0] = new PAData(Krb5.PA_TGS_REQ, tgs_ap_req);
return new TGSReq(tgsPAData, reqBody);
PAData tgsPAData = new PAData(Krb5.PA_TGS_REQ, tgs_ap_req);
return new TGSReq(
extraPA != null ?
new PAData[] {extraPA, tgsPAData } :
new PAData[] {tgsPAData},
reqBody);
}
TGSReq getMessage() {

302
jdk/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java
View File

@ -32,17 +32,7 @@
package sun.security.krb5.internal;
import sun.security.krb5.*;
import sun.security.krb5.internal.ccache.CredentialsCache;
import java.util.StringTokenizer;
import sun.security.krb5.internal.ktab.*;
import java.io.File;
import java.io.IOException;
import java.util.Date;
import java.util.Vector;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
/**
* This class is a utility that contains much of the TGS-Exchange
@ -53,77 +43,158 @@ public class CredentialsUtil {
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
/**
* Acquires credentials for a specified service using initial credential. Wh
en the service has a different realm
* from the initial credential, we do cross-realm authentication - first, we
use the current credential to get
* a cross-realm credential from the local KDC, then use that cross-realm cr
edential to request service credential
* from the foreigh KDC.
*
* @param service the name of service principal using format components@real
m
* @param ccreds client's initial credential.
* @exception Exception general exception will be thrown when any error occu
rs.
* @return a <code>Credentials</code> object.
*/
/**
* Used by a middle server to acquire credentials on behalf of a
* client to itself using the S4U2self extension.
* @param client the client to impersonate
* @param ccreds the TGT of the middle service
* @return the new creds (cname=client, sname=middle)
*/
public static Credentials acquireS4U2selfCreds(PrincipalName client,
Credentials ccreds) throws KrbException, IOException {
String uRealm = client.getRealmString();
String localRealm = ccreds.getClient().getRealmString();
if (!uRealm.equals(localRealm)) {
// TODO: we do not support kerberos referral now
throw new KrbException("Cross realm impersonation not supported");
}
KrbTgsReq req = new KrbTgsReq(
ccreds,
ccreds.getClient(),
new PAData(Krb5.PA_FOR_USER,
new PAForUserEnc(client,
ccreds.getSessionKey()).asn1Encode()));
Credentials creds = req.sendAndGetCreds();
if (!creds.getClient().equals(client)) {
throw new KrbException("S4U2self request not honored by KDC");
}
return creds;
}
/**
* Used by a middle server to acquire a service ticket to a backend
* server using the S4U2proxy extension.
* @param backend the name of the backend service
* @param second the client's service ticket to the middle server
* @param ccreds the TGT of the middle server
* @return the creds (cname=client, sname=backend)
*/
public static Credentials acquireS4U2proxyCreds(
String backend, Ticket second,
PrincipalName client, Credentials ccreds)
throws KrbException, IOException {
KrbTgsReq req = new KrbTgsReq(
ccreds,
second,
new PrincipalName(backend));
Credentials creds = req.sendAndGetCreds();
if (!creds.getClient().equals(client)) {
throw new KrbException("S4U2proxy request not honored by KDC");
}
return creds;
}
/**
* Acquires credentials for a specified service using initial
* credential. When the service has a different realm from the initial
* credential, we do cross-realm authentication - first, we use the
* current credential to get a cross-realm credential from the local KDC,
* then use that cross-realm credential to request service credential
* from the foreign KDC.
*
* @param service the name of service principal
* @param ccreds client's initial credential
*/
public static Credentials acquireServiceCreds(
String service, Credentials ccreds)
throws KrbException, IOException {
throws KrbException, IOException {
PrincipalName sname = new PrincipalName(service);
String serviceRealm = sname.getRealmString();
String localRealm = ccreds.getClient().getRealmString();
/*
if (!localRealm.equalsIgnoreCase(serviceRealm)) { //do cross-realm auth entication
if (DEBUG) {
System.out.println(">>>DEBUG: Credentails request cross realm ticket for " + "krbtgt/" + serviceRealm + "@" + localRealm);
}
Credentials crossCreds = serviceCreds(new ServiceName("krbtgt/" + serviceRealm + "@" + localRealm), ccreds);
if (DEBUG) {
printDebug(crossCreds);
}
Credentials result = serviceCreds(sname, crossCreds);
if (DEBUG) {
printDebug(result);
}
return result;
}
else return serviceCreds(sname, ccreds);
*/
if (localRealm.equals(serviceRealm))
{
if (DEBUG)
System.out.println(">>> Credentials acquireServiceCreds: same realm");
if (localRealm.equals(serviceRealm)) {
if (DEBUG) {
System.out.println(
">>> Credentials acquireServiceCreds: same realm");
}
return serviceCreds(sname, ccreds);
}
Credentials theCreds = null;
boolean[] okAsDelegate = new boolean[1];
Credentials theTgt = getTGTforRealm(localRealm, serviceRealm,
ccreds, okAsDelegate);
if (theTgt != null) {
if (DEBUG) {
System.out.println(">>> Credentials acquireServiceCreds: "
+ "got right tgt");
System.out.println(">>> Credentials acquireServiceCreds: "
+ "obtaining service creds for " + sname);
}
try {
theCreds = serviceCreds(sname, theTgt);
} catch (Exception exc) {
if (DEBUG) {
System.out.println(exc);
}
theCreds = null;
}
}
if (theCreds != null) {
if (DEBUG) {
System.out.println(">>> Credentials acquireServiceCreds: "
+ "returning creds:");
Credentials.printDebug(theCreds);
}
if (!okAsDelegate[0]) {
theCreds.resetDelegate();
}
return theCreds;
}
throw new KrbApErrException(Krb5.KRB_AP_ERR_GEN_CRED,
"No service creds");
}
/**
* Gets a TGT to another realm
* @param localRealm this realm
* @param serviceRealm the other realm
* @param ccreds TGT in this realm
* @param okAsDelegate an [out] argument to receive the okAsDelegate
* property. True only if all realms allow delegation.
* @return the TGT for the other realm, null if cannot find a path
* @throws KrbException if something goes wrong
*/
private static Credentials getTGTforRealm(String localRealm,
String serviceRealm, Credentials ccreds, boolean[] okAsDelegate)
throws KrbException {
// Get a list of realms to traverse
String[] realms = Realm.getRealmsList(localRealm, serviceRealm);
boolean okAsDelegate = true;
if (realms == null || realms.length == 0)
{
if (DEBUG)
System.out.println(">>> Credentials acquireServiceCreds: no realms list");
if (realms == null || realms.length == 0) {
if (DEBUG) {
System.out.println(
">>> Credentials acquireServiceCreds: no realms list");
}
return null;
}
int i = 0, k = 0;
Credentials cTgt = null, newTgt = null, theTgt = null;
PrincipalName tempService = null;
String realm = null, newTgtRealm = null, theTgtRealm = null;
String newTgtRealm = null;
for (cTgt = ccreds, i = 0; i < realms.length;)
{
okAsDelegate[0] = true;
for (cTgt = ccreds, i = 0; i < realms.length;) {
tempService = PrincipalName.tgsService(serviceRealm, realms[i]);
if (DEBUG)
{
System.out.println(">>> Credentials acquireServiceCreds: main loop: [" + i +"] tempService=" + tempService);
if (DEBUG) {
System.out.println(
">>> Credentials acquireServiceCreds: main loop: ["
+ i +"] tempService=" + tempService);
}
try {
@ -132,11 +203,10 @@ rs.
newTgt = null;
}
if (newTgt == null)
{
if (DEBUG)
{
System.out.println(">>> Credentials acquireServiceCreds: no tgt; searching backwards");
if (newTgt == null) {
if (DEBUG) {
System.out.println(">>> Credentials acquireServiceCreds: "
+ "no tgt; searching backwards");
}
/*
@ -144,17 +214,15 @@ rs.
* realm as close to the target as possible.
* That means traversing the realms list backwards.
*/
for (newTgt = null, k = realms.length - 1;
newTgt == null && k > i; k--)
{
newTgt == null && k > i; k--) {
tempService = PrincipalName.tgsService(realms[k], realms[i]);
if (DEBUG)
{
System.out.println(">>> Credentials acquireServiceCreds: inner loop: [" + k +"] tempService=" + tempService);
if (DEBUG) {
System.out.println(
">>> Credentials acquireServiceCreds: "
+ "inner loop: [" + k
+ "] tempService=" + tempService);
}
try {
newTgt = serviceCreds(tempService, cTgt);
} catch (Exception exc) {
@ -163,11 +231,10 @@ rs.
}
} // Ends 'if (newTgt == null)'
if (newTgt == null)
{
if (DEBUG)
{
System.out.println(">>> Credentials acquireServiceCreds: no tgt; cannot get creds");
if (newTgt == null) {
if (DEBUG) {
System.out.println(">>> Credentials acquireServiceCreds: "
+ "no tgt; cannot get creds");
}
break;
}
@ -176,29 +243,24 @@ rs.
* We have a tgt. It may or may not be for the target.
* If it's for the target realm, we're done looking for a tgt.
*/
newTgtRealm = newTgt.getServer().getInstanceComponent();
if (okAsDelegate && !newTgt.checkDelegate()) {
if (DEBUG)
{
if (okAsDelegate[0] && !newTgt.checkDelegate()) {
if (DEBUG) {
System.out.println(">>> Credentials acquireServiceCreds: " +
"global OK-AS-DELEGATE turned off at " +
newTgt.getServer());
}
okAsDelegate = false;
okAsDelegate[0] = false;
}
if (DEBUG)
{
System.out.println(">>> Credentials acquireServiceCreds: got tgt");
//printDebug(newTgt);
if (DEBUG) {
System.out.println(">>> Credentials acquireServiceCreds: "
+ "got tgt");
}
if (newTgtRealm.equals(serviceRealm))
{
if (newTgtRealm.equals(serviceRealm)) {
/* We got the right tgt */
theTgt = newTgt;
theTgtRealm = newTgtRealm;
break;
}
@ -207,17 +269,13 @@ rs.
* See if the realm of the new tgt is in the list of realms
* and continue looking from there.
*/
for (k = i+1; k < realms.length; k++)
{
if (newTgtRealm.equals(realms[k]))
{
for (k = i+1; k < realms.length; k++) {
if (newTgtRealm.equals(realms[k])) {
break;
}
}
if (k < realms.length)
{
if (k < realms.length) {
/*
* (re)set the counter so we start looking
* from the realm we just obtained a tgt for.
@ -225,64 +283,24 @@ rs.
i = k;
cTgt = newTgt;
if (DEBUG)
{
System.out.println(">>> Credentials acquireServiceCreds: continuing with main loop counter reset to " + i);
if (DEBUG) {
System.out.println(">>> Credentials acquireServiceCreds: "
+ "continuing with main loop counter reset to " + i);
}
continue;
}
else
{
else {
/*
* The new tgt's realm is not in the heirarchy of realms.
* It's probably not safe to get a tgt from
* a tgs that is outside the known list of realms.
* Give up now.
*/
break;
}
} // Ends outermost/main 'for' loop
Credentials theCreds = null;
if (theTgt != null)
{
/* We have the right tgt. Let's get the service creds */
if (DEBUG)
{
System.out.println(">>> Credentials acquireServiceCreds: got right tgt");
//printDebug(theTgt);
System.out.println(">>> Credentials acquireServiceCreds: obtaining service creds for " + sname);
}
try {
theCreds = serviceCreds(sname, theTgt);
} catch (Exception exc) {
if (DEBUG)
System.out.println(exc);
theCreds = null;
}
}
if (theCreds != null)
{
if (DEBUG)
{
System.out.println(">>> Credentials acquireServiceCreds: returning creds:");
Credentials.printDebug(theCreds);
}
if (!okAsDelegate) {
theCreds.resetDelegate();
}
return theCreds;
}
throw new KrbApErrException(Krb5.KRB_AP_ERR_GEN_CRED,
"No service creds");
return theTgt;
}
/*

5
jdk/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java
View File

@ -160,9 +160,10 @@ public class EncKDCRepPart {
if (der.getData().available() > 0) {
caddr = HostAddresses.parse(der.getData(), (byte) 0x0B, true);
}
if (der.getData().available() > 0) {
// We observe extra data from MSAD
/*if (der.getData().available() > 0) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
}*/
}
/**

46
jdk/src/share/classes/sun/security/krb5/internal/KDCOptions.java
View File

@ -139,13 +139,45 @@ public class KDCOptions extends KerberosFlags {
public static final int UNUSED9 = 9;
public static final int UNUSED10 = 10;
public static final int UNUSED11 = 11;
public static final int CNAME_IN_ADDL_TKT = 14;
public static final int RENEWABLE_OK = 27;
public static final int ENC_TKT_IN_SKEY = 28;
public static final int RENEW = 30;
public static final int VALIDATE = 31;
private static final String[] names = {
"RESERVED", //0
"FORWARDABLE", //1;
"FORWARDED", //2;
"PROXIABLE", //3;
"PROXY", //4;
"ALLOW_POSTDATE", //5;
"POSTDATED", //6;
"UNUSED7", //7;
"RENEWABLE", //8;
"UNUSED9", //9;
"UNUSED10", //10;
"UNUSED11", //11;
null,null,
"CNAME_IN_ADDL_TKT",//14;
null,null,null,null,null,null,null,null,null,null,null,null,
"RENEWABLE_OK", //27;
"ENC_TKT_IN_SKEY", //28;
null,
"RENEW", //30;
"VALIDATE", //31;
};
private boolean DEBUG = Krb5.DEBUG;
public static KDCOptions with(int... flags) {
KDCOptions options = new KDCOptions();
for (int flag: flags) {
options.set(flag, true);
}
return options;
}
public KDCOptions() {
super(Krb5.KDC_OPTS_MAX + 1);
setDefault();
@ -238,6 +270,20 @@ public class KDCOptions extends KerberosFlags {
return super.get(option);
}
@Override public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("KDCOptions: ");
for (int i=0; i<Krb5.KDC_OPTS_MAX+1; i++) {
if (get(i)) {
if (names[i] != null) {
sb.append(names[i]).append(",");
} else {
sb.append(i).append(",");
}
}
}
return sb.toString();
}
private void setDefault() {
try {

3
jdk/src/share/classes/sun/security/krb5/internal/Krb5.java
View File

@ -158,6 +158,9 @@ public class Krb5 {
public static final int PA_ETYPE_INFO = 11;
public static final int PA_ETYPE_INFO2 = 19;
// S4U2user info
public static final int PA_FOR_USER = 129;
//-------------------------------+-------------
//authorization data type |ad-type value
//-------------------------------+-------------

3
jdk/src/share/classes/sun/security/krb5/internal/PAData.java
View File

@ -312,6 +312,9 @@ public class PAData {
}
}
break;
case Krb5.PA_FOR_USER:
sb.append("\t PA-FOR-USER\n");
break;
default:
// Unknown Pre-auth type
break;

190
jdk/src/share/classes/sun/security/krb5/internal/PAForUserEnc.java Normal file
View File

@ -0,0 +1,190 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.krb5.internal;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import sun.security.krb5.*;
import sun.security.krb5.internal.crypto.KeyUsage;
import sun.security.krb5.internal.util.KerberosString;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
/**
* Implements the ASN.1 PA-FOR-USER type.
*
* <xmp>
* padata-type ::= PA-FOR-USER
* -- value 129
* padata-value ::= EncryptedData
* -- PA-FOR-USER-ENC
* PA-FOR-USER-ENC ::= SEQUENCE {
* userName[0] PrincipalName,
* userRealm[1] Realm,
* cksum[2] Checksum,
* auth-package[3] KerberosString
* }
* </xmp>
*
* <p>
* This definition reflects MS-SFU.
*/
public class PAForUserEnc {
final public PrincipalName name;
final private EncryptionKey key;
final public static String AUTH_PACKAGE = "Kerberos";
public PAForUserEnc(PrincipalName name, EncryptionKey key) {
this.name = name;
this.key = key;
}
/**
* Constructs a PA-FOR-USER object from a DER encoding.
* @param encoding the input object
* @param key the key to verify the checksum inside encoding
* @throws KrbException if the verification fails.
* Note: this method is now only used by test KDC, therefore
* the verification is ignored (at the moment).
*/
public PAForUserEnc(DerValue encoding, EncryptionKey key)
throws Asn1Exception, KrbException, IOException {
DerValue der = null;
this.key = key;
if (encoding.getTag() != DerValue.tag_Sequence) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
// Realm after name? Quite abnormal.
PrincipalName tmpName = null;
der = encoding.getData().getDerValue();
if ((der.getTag() & 0x1F) == 0x00) {
try {
tmpName = new PrincipalName(der.getData().getDerValue(),
new Realm("PLACEHOLDER"));
} catch (RealmException re) {
// Impossible
}
} else {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
der = encoding.getData().getDerValue();
if ((der.getTag() & 0x1F) == 0x01) {
try {
Realm realm = new Realm(der.getData().getDerValue());
name = new PrincipalName(
tmpName.getNameType(), tmpName.getNameStrings(), realm);
} catch (RealmException re) {
throw new IOException(re);
}
} else {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
der = encoding.getData().getDerValue();
if ((der.getTag() & 0x1F) == 0x02) {
// Deal with the checksum
} else {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
der = encoding.getData().getDerValue();
if ((der.getTag() & 0x1F) == 0x03) {
String authPackage = new KerberosString(der.getData().getDerValue()).toString();
if (!authPackage.equalsIgnoreCase(AUTH_PACKAGE)) {
throw new IOException("Incorrect auth-package");
}
} else {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
if (encoding.getData().available() > 0)
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
public byte[] asn1Encode() throws Asn1Exception, IOException {
DerOutputStream bytes = new DerOutputStream();
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), name.asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), name.getRealm().asn1Encode());
try {
Checksum cks = new Checksum(
Checksum.CKSUMTYPE_HMAC_MD5_ARCFOUR,
getS4UByteArray(),
key,
KeyUsage.KU_PA_FOR_USER_ENC_CKSUM);
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), cks.asn1Encode());
} catch (KrbException ke) {
throw new IOException(ke);
}
DerOutputStream temp = new DerOutputStream();
temp.putDerValue(new KerberosString(AUTH_PACKAGE).toDerValue());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), temp);
temp = new DerOutputStream();
temp.write(DerValue.tag_Sequence, bytes);
return temp.toByteArray();
}
/**
* Returns S4UByteArray, the block to calculate checksum inside a
* PA-FOR-USER-ENC data structure. It includes:
* 1. userName.name-type encoded as a 4-byte integer in little endian
* byte order
* 2. all string values in the sequence of strings contained in the
* userName.name-string field
* 3. the string value of the userRealm field
* 4. the string value of auth-package field
*/
public byte[] getS4UByteArray() {
try {
ByteArrayOutputStream ba = new ByteArrayOutputStream();
ba.write(new byte[4]);
for (String s: name.getNameStrings()) {
ba.write(s.getBytes("UTF-8"));
}
ba.write(name.getRealm().toString().getBytes("UTF-8"));
ba.write(AUTH_PACKAGE.getBytes("UTF-8"));
byte[] output = ba.toByteArray();
int pnType = name.getNameType();
output[0] = (byte)(pnType & 0xff);
output[1] = (byte)((pnType>>8) & 0xff);
output[2] = (byte)((pnType>>16) & 0xff);
output[3] = (byte)((pnType>>24) & 0xff);
return output;
} catch (IOException ioe) {
// not possible
throw new AssertionError("Cannot write ByteArrayOutputStream", ioe);
}
}
public String toString() {
return "PA-FOR-USER: " + name;
}
}

1
jdk/src/share/classes/sun/security/krb5/internal/crypto/KeyUsage.java
View File

@ -54,6 +54,7 @@ public class KeyUsage {
public static final int KU_ENC_KRB_PRIV_PART = 13; // KrbPriv
public static final int KU_ENC_KRB_CRED_PART = 14; // KrbCred
public static final int KU_KRB_SAFE_CKSUM = 15; // KrbSafe
public static final int KU_PA_FOR_USER_ENC_CKSUM = 17; // S4U2user
public static final int KU_AD_KDC_ISSUED_CKSUM = 19;
public static final boolean isValid(int usage) {

3
jdk/src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java
View File

@ -279,6 +279,9 @@ public class KeyTab implements KeyTabConstants {
EncryptionKey key;
int size = entries.size();
ArrayList<EncryptionKey> keys = new ArrayList<>(size);
if (DEBUG) {
System.out.println("Looking for keys for: " + service);
}
for (int i = size-1; i >= 0; i--) {
entry = entries.elementAt(i);
if (entry.service.match(service)) {

5
jdk/src/share/classes/sun/security/pkcs/PKCS7.java
View File

@ -39,7 +39,6 @@ import java.security.*;
import sun.security.timestamp.*;
import sun.security.util.*;
import sun.security.x509.AlgorithmId;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;
import sun.security.x509.X509CRLImpl;
@ -712,8 +711,8 @@ public class PKCS7 {
X509CertInfo tbsCert =
new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal)
tbsCert.get(CertificateIssuerName.NAME + "." +
CertificateIssuerName.DN_NAME);
tbsCert.get(X509CertInfo.ISSUER + "." +
X509CertInfo.DN_NAME);
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.

10
jdk/src/share/classes/sun/security/provider/certpath/RevocationChecker.java
View File

@ -67,7 +67,7 @@ class RevocationChecker extends PKIXRevocationChecker {
private URI responderURI;
private X509Certificate responderCert;
private List<CertStore> certStores;
private Map<X509Certificate, byte[]> ocspStapled;
private Map<X509Certificate, byte[]> ocspResponses;
private List<Extension> ocspExtensions;
private boolean legacy;
@ -140,7 +140,7 @@ class RevocationChecker extends PKIXRevocationChecker {
} else {
crlDP = true;
}
ocspStapled = getOCSPStapledResponses();
ocspResponses = getOCSPResponses();
ocspExtensions = getOCSPExtensions();
this.anchor = anchor;
@ -645,11 +645,11 @@ class RevocationChecker extends PKIXRevocationChecker {
try {
certId = new CertId(issuerCert, currCert.getSerialNumberObject());
// check if there is a stapled OCSP response available
byte[] responseBytes = ocspStapled.get(cert);
// check if there is a cached OCSP response available
byte[] responseBytes = ocspResponses.get(cert);
if (responseBytes != null) {
if (debug != null) {
debug.println("Found stapled OCSP response");
debug.println("Found cached OCSP response");
}
response = new OCSPResponse(responseBytes);

6
jdk/src/share/classes/sun/security/tools/jarsigner/Main.java
View File

@ -2259,9 +2259,9 @@ class SignatureFile {
X509CertInfo tbsCert = new
X509CertInfo(certChain[0].getTBSCertificate());
issuerName = (Principal)
tbsCert.get(CertificateIssuerName.NAME + "." +
CertificateIssuerName.DN_NAME);
}
tbsCert.get(X509CertInfo.ISSUER + "." +
X509CertInfo.DN_NAME);
}
BigInteger serial = certChain[0].getSerialNumber();
String signatureAlgorithm;

4
jdk/src/share/classes/sun/security/tools/keytool/CertAndKeyGen.java
View File

@ -258,10 +258,10 @@ public final class CertAndKeyGen {
AlgorithmId algID = AlgorithmId.get(sigAlg);
info.set(X509CertInfo.ALGORITHM_ID,
new CertificateAlgorithmId(algID));
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(myname));
info.set(X509CertInfo.SUBJECT, myname);
info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname));
info.set(X509CertInfo.ISSUER, myname);
if (ext != null) info.set(X509CertInfo.EXTENSIONS, ext);
cert = new X509CertImpl(info);

16
jdk/src/share/classes/sun/security/tools/keytool/Main.java
View File

@ -1145,7 +1145,7 @@ public final class Main {
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
CertificateSubjectName.DN_NAME);
X509CertInfo.DN_NAME);
Date firstDate = getStartDate(startDate);
Date lastDate = new Date();
@ -1170,7 +1170,7 @@ public final class Main {
info.set(X509CertInfo.ALGORITHM_ID,
new CertificateAlgorithmId(
AlgorithmId.get(sigAlgName)));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer));
info.set(X509CertInfo.ISSUER, issuer);
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
boolean canRead = false;
@ -1193,8 +1193,8 @@ public final class Main {
PKCS10 req = new PKCS10(rawReq);
info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
dname==null?req.getSubjectName():new X500Name(dname)));
info.set(X509CertInfo.SUBJECT,
dname==null?req.getSubjectName():new X500Name(dname));
CertificateExtensions reqex = null;
Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
while (attrs.hasNext()) {
@ -1234,7 +1234,7 @@ public final class Main {
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
CertificateSubjectName.DN_NAME);
X509CertInfo.DN_NAME);
Date firstDate = getStartDate(startDate);
Date lastDate = (Date) firstDate.clone();
@ -2405,16 +2405,16 @@ public final class Main {
if (dname == null) {
// Get the owner name from the certificate
owner = (X500Name)certInfo.get(X509CertInfo.SUBJECT + "." +
CertificateSubjectName.DN_NAME);
X509CertInfo.DN_NAME);
} else {
// Use the owner name specified at the command line
owner = new X500Name(dname);
certInfo.set(X509CertInfo.SUBJECT + "." +
CertificateSubjectName.DN_NAME, owner);
X509CertInfo.DN_NAME, owner);
}
// Make issuer same as owner (self-signed!)
certInfo.set(X509CertInfo.ISSUER + "." +
CertificateIssuerName.DN_NAME, owner);
X509CertInfo.DN_NAME, owner);
// The inner and outer signature algorithms have to match.
// The way we achieve that is really ugly, but there seems to be no

24
jdk/src/share/classes/sun/security/x509/X509CertImpl.java
View File

@ -96,12 +96,10 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
*/
// x509.info.subject.dname
public static final String SUBJECT_DN = NAME + DOT + INFO + DOT +
X509CertInfo.SUBJECT + DOT +
CertificateSubjectName.DN_NAME;
X509CertInfo.SUBJECT + DOT + X509CertInfo.DN_NAME;
// x509.info.issuer.dname
public static final String ISSUER_DN = NAME + DOT + INFO + DOT +
X509CertInfo.ISSUER + DOT +
CertificateIssuerName.DN_NAME;
X509CertInfo.ISSUER + DOT + X509CertInfo.DN_NAME;
// x509.info.serialNumber.number
public static final String SERIAL_ID = NAME + DOT + INFO + DOT +
X509CertInfo.SERIAL_NUMBER + DOT +
@ -890,9 +888,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
if (info == null)
return null;
try {
Principal subject = (Principal)info.get(
CertificateSubjectName.NAME + DOT +
CertificateSubjectName.DN_NAME);
Principal subject = (Principal)info.get(X509CertInfo.SUBJECT + DOT +
X509CertInfo.DN_NAME);
return subject;
} catch (Exception e) {
return null;
@ -910,8 +907,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
}
try {
X500Principal subject = (X500Principal)info.get(
CertificateSubjectName.NAME + DOT +
CertificateSubjectName.DN_PRINCIPAL);
X509CertInfo.SUBJECT + DOT +
"x500principal");
return subject;
} catch (Exception e) {
return null;
@ -927,9 +924,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
if (info == null)
return null;
try {
Principal issuer = (Principal)info.get(
CertificateIssuerName.NAME + DOT +
CertificateIssuerName.DN_NAME);
Principal issuer = (Principal)info.get(X509CertInfo.ISSUER + DOT +
X509CertInfo.DN_NAME);
return issuer;
} catch (Exception e) {
return null;
@ -947,8 +943,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
}
try {
X500Principal issuer = (X500Principal)info.get(
CertificateIssuerName.NAME + DOT +
CertificateIssuerName.DN_PRINCIPAL);
X509CertInfo.ISSUER + DOT +
"x500principal");
return issuer;
} catch (Exception e) {
return null;

75
jdk/src/share/classes/sun/security/x509/X509CertInfo.java
View File

@ -68,12 +68,13 @@ public class X509CertInfo implements CertAttrSet<String> {
public static final String IDENT = "x509.info";
// Certificate attribute names
public static final String NAME = "info";
public static final String DN_NAME = "dname";
public static final String VERSION = CertificateVersion.NAME;
public static final String SERIAL_NUMBER = CertificateSerialNumber.NAME;
public static final String ALGORITHM_ID = CertificateAlgorithmId.NAME;
public static final String ISSUER = CertificateIssuerName.NAME;
public static final String ISSUER = "issuer";
public static final String SUBJECT = "subject";
public static final String VALIDITY = CertificateValidity.NAME;
public static final String SUBJECT = CertificateSubjectName.NAME;
public static final String KEY = CertificateX509Key.NAME;
public static final String ISSUER_ID = "issuerID";
public static final String SUBJECT_ID = "subjectID";
@ -83,9 +84,9 @@ public class X509CertInfo implements CertAttrSet<String> {
protected CertificateVersion version = new CertificateVersion();
protected CertificateSerialNumber serialNum = null;
protected CertificateAlgorithmId algId = null;
protected CertificateIssuerName issuer = null;
protected X500Name issuer = null;
protected X500Name subject = null;
protected CertificateValidity interval = null;
protected CertificateSubjectName subject = null;
protected CertificateX509Key pubKey = null;
// X509.v2 & v3 extensions
@ -399,11 +400,7 @@ public class X509CertInfo implements CertAttrSet<String> {
break;
case ATTR_ISSUER:
if (suffix == null) {
setIssuer(val);
} else {
issuer.set(suffix, val);
}
setIssuer(val);
break;
case ATTR_VALIDITY:
@ -415,11 +412,7 @@ public class X509CertInfo implements CertAttrSet<String> {
break;
case ATTR_SUBJECT:
if (suffix == null) {
setSubject(val);
} else {
subject.set(suffix, val);
}
setSubject(val);
break;
case ATTR_KEY:
@ -493,11 +486,7 @@ public class X509CertInfo implements CertAttrSet<String> {
}
break;
case (ATTR_ISSUER):
if (suffix == null) {
issuer = null;
} else {
issuer.delete(suffix);
}
issuer = null;
break;
case (ATTR_VALIDITY):
if (suffix == null) {
@ -507,11 +496,7 @@ public class X509CertInfo implements CertAttrSet<String> {
}
break;
case (ATTR_SUBJECT):
if (suffix == null) {
subject = null;
} else {
subject.delete(suffix);
}
subject = null;
break;
case (ATTR_KEY):
if (suffix == null) {
@ -571,13 +556,13 @@ public class X509CertInfo implements CertAttrSet<String> {
if (suffix == null) {
return(subject);
} else {
return(subject.get(suffix));
return(getX500Name(suffix, false));
}
case (ATTR_ISSUER):
if (suffix == null) {
return(issuer);
} else {
return(issuer.get(suffix));
return(getX500Name(suffix, true));
}
case (ATTR_KEY):
if (suffix == null) {
@ -617,6 +602,21 @@ public class X509CertInfo implements CertAttrSet<String> {
return null;
}
/*
* Get the Issuer or Subject name
*/
private Object getX500Name(String name, boolean getIssuer)
throws IOException {
if (name.equalsIgnoreCase(X509CertInfo.DN_NAME)) {
return getIssuer ? issuer : subject;
} else if (name.equalsIgnoreCase("x500principal")) {
return getIssuer ? issuer.asX500Principal()
: subject.asX500Principal();
} else {
throw new IOException("Attribute name not recognized.");
}
}
/*
* This routine unmarshals the certificate information.
*/
@ -646,9 +646,8 @@ public class X509CertInfo implements CertAttrSet<String> {
algId = new CertificateAlgorithmId(in);
// Issuer name
issuer = new CertificateIssuerName(in);
X500Name issuerDN = (X500Name)issuer.get(CertificateIssuerName.DN_NAME);
if (issuerDN.isEmpty()) {
issuer = new X500Name(in);
if (issuer.isEmpty()) {
throw new CertificateParsingException(
"Empty issuer DN not allowed in X509Certificates");
}
@ -657,10 +656,9 @@ public class X509CertInfo implements CertAttrSet<String> {
interval = new CertificateValidity(in);
// subject name
subject = new CertificateSubjectName(in);
X500Name subjectDN = (X500Name)subject.get(CertificateSubjectName.DN_NAME);
subject = new X500Name(in);
if ((version.compare(CertificateVersion.V1) == 0) &&
subjectDN.isEmpty()) {
subject.isEmpty()) {
throw new CertificateParsingException(
"Empty subject DN not allowed in v1 certificate");
}
@ -712,13 +710,12 @@ public class X509CertInfo implements CertAttrSet<String> {
/*
* Verify if X.509 V3 Certificate is compliant with RFC 3280.
*/
private void verifyCert(CertificateSubjectName subject,
private void verifyCert(X500Name subject,
CertificateExtensions extensions)
throws CertificateParsingException, IOException {
// if SubjectName is empty, check for SubjectAlternativeNameExtension
X500Name subjectDN = (X500Name)subject.get(CertificateSubjectName.DN_NAME);
if (subjectDN.isEmpty()) {
if (subject.isEmpty()) {
if (extensions == null) {
throw new CertificateParsingException("X.509 Certificate is " +
"incomplete: subject field is empty, and certificate " +
@ -859,11 +856,11 @@ public class X509CertInfo implements CertAttrSet<String> {
* @exception CertificateException on invalid data.
*/
private void setIssuer(Object val) throws CertificateException {
if (!(val instanceof CertificateIssuerName)) {
if (!(val instanceof X500Name)) {
throw new CertificateException(
"Issuer class type invalid.");
}
issuer = (CertificateIssuerName)val;
issuer = (X500Name)val;
}
/**
@ -887,11 +884,11 @@ public class X509CertInfo implements CertAttrSet<String> {
* @exception CertificateException on invalid data.
*/
private void setSubject(Object val) throws CertificateException {
if (!(val instanceof CertificateSubjectName)) {
if (!(val instanceof X500Name)) {
throw new CertificateException(
"Subject class type invalid.");
}
subject = (CertificateSubjectName)val;
subject = (X500Name)val;
}
/**

18
jdk/src/share/classes/sun/security/x509/certAttributes.html
View File

@ -6,7 +6,7 @@
<h2><center>Certificate Attributes</center></h2>
<font size=3><center>July 1998</font></center>
<p>
In JDK1.2 we provide an implementation of X.509 (version 3).
In JDK1.2 we provide an implementation of X.509 (version 3).
The X509CertImpl class supports the following methods to
manipulate the various attributes of a certificate:
<pre>
@ -86,9 +86,9 @@ AlgorithmId</td>
<td>issuer</td>
<td>x509.info.issuer<br>
x509.info.issuer.dname</td>
<td>CertificateIssuerName.IDENT<br>
<td>none<br>
X509CertImpl.ISSUER_DN</td>
<td>CertificateIssuerName<br>
<td>X500Name<br>
X500Name</td>
</tr>
<tr>
@ -109,9 +109,9 @@ java.util.Date</td>
<td>subject</td>
<td>x509.info.subject<br>
x509.info.subject.dname</td>
<td>CertificateSubjectName.IDENT<br>
<td>none<br>
X509CertImpl.SUBJECT_DN</td>
<td>CertificateSubjectName<br>
<td>X500Name<br>
X500Name</td>
</tr>
<tr>
@ -127,18 +127,18 @@ X509Key</td>
<td>issuerUniqueID</td>
<td>x509.info.issuerID<br>
x509.info.issuerID.id</td>
<td>CertificateIssuerUniqueIdentity.IDENT<br>
<td>none<br>
none</td>
<td>CertificateIssuerUniqueIdentity<br>
<td>UniqueIdentity<br>
UniqueIdentity</td>
</tr>
<tr>
<td>subjectUniqueID</td>
<td>x509.info.subjectID<br>
x509.info.subjectID.id</td>
<td>CertificateSubjectUniqueIdentity.IDENT<br>
<td>none<br>
none</td>
<td>CertificateSubjectUniqueIdentity<br>
<td>UniqueIdentity<br>
UniqueIdentity</td>
</tr>
<tr>

4
jdk/src/share/classes/sun/tools/java/RuntimeConstants.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2005, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -67,7 +67,7 @@ public interface RuntimeConstants {
/* Class File Constants */
int JAVA_MAGIC = 0xcafebabe;
int JAVA_MIN_SUPPORTED_VERSION = 45;
int JAVA_MAX_SUPPORTED_VERSION = 51;
int JAVA_MAX_SUPPORTED_VERSION = 52;
int JAVA_MAX_SUPPORTED_MINOR_VERSION = 0;
/* Generate class file version for 1.1 by default */

3
jdk/src/share/classes/sun/util/locale/provider/JRELocaleProviderAdapter.java
View File

@ -329,9 +329,6 @@ public class JRELocaleProviderAdapter extends LocaleProviderAdapter {
tagset.add(token);
}
// ensure en-US is there (mandated by the spec, e.g. Collator.getAvailableLocales())
tagset.add("en-US");
return tagset;
}

22
jdk/src/share/classes/sun/util/locale/provider/LocaleServiceProviderPool.java
View File

@ -26,6 +26,7 @@
package sun.util.locale.provider;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.IllformedLocaleException;
@ -177,7 +178,7 @@ public final class LocaleServiceProviderPool {
for (Class<? extends LocaleServiceProvider> c : spiClasses) {
LocaleServiceProviderPool pool =
LocaleServiceProviderPool.getPool(c);
all.addAll(pool.getAvailableLocaleList());
all.addAll(pool.getAvailableLocaleSet());
}
allAvailableLocales = all.toArray(new Locale[0]);
@ -207,13 +208,23 @@ public final class LocaleServiceProviderPool {
* @return an array of the available locales
*/
public Locale[] getAvailableLocales() {
Set<Locale> locList = getAvailableLocaleList();
Set<Locale> locList = new HashSet<>();
locList.addAll(getAvailableLocaleSet());
// Make sure it all contains JRE's locales for compatibility.
locList.addAll(Arrays.asList(LocaleProviderAdapter.forJRE().getAvailableLocales()));
Locale[] tmp = new Locale[locList.size()];
locList.toArray(tmp);
return tmp;
}
private synchronized Set<Locale> getAvailableLocaleList() {
/**
* Returns the union of locale sets that are available from
* each service provider. This method does NOT return the
* defensive copy.
*
* @return a set of available locales
*/
private synchronized Set<Locale> getAvailableLocaleSet() {
if (availableLocales == null) {
availableLocales = new HashSet<>();
for (LocaleServiceProvider lsp : providers.values()) {
@ -222,9 +233,6 @@ public final class LocaleServiceProviderPool {
availableLocales.add(getLookupLocale(locale));
}
}
// Remove Locale.ROOT for the compatibility.
availableLocales.remove(Locale.ROOT);
}
return availableLocales;
@ -295,7 +303,7 @@ public final class LocaleServiceProviderPool {
List<Locale> lookupLocales = getLookupLocales(locale);
Set<Locale> available = getAvailableLocaleList();
Set<Locale> available = getAvailableLocaleSet();
for (Locale current : lookupLocales) {
if (available.contains(current)) {
S providersObj;

9
jdk/src/share/native/com/sun/java/util/jar/pack/constants.h
View File

@ -35,12 +35,19 @@
#define JAVA_MAGIC 0xCAFEBABE
#define JAVA_MIN_MAJOR_VERSION 45
#define JAVA_MIN_MINOR_VERSION 3
#define JAVA5_MAX_MAJOR_VERSION 49
#define JAVA5_MAX_MINOR_VERSION 0
// NOTE: Assume for now
#define JAVA6_MAX_MAJOR_VERSION 50
#define JAVA6_MAX_MINOR_VERSION 0
#define JAVA7_MAX_MAJOR_VERSION 51
#define JAVA7_MAX_MINOR_VERSION 0
#define JAVA8_MAX_MAJOR_VERSION 52
#define JAVA8_MAX_MINOR_VERSION 0
// package file constants
#define JAVA_PACKAGE_MAGIC 0xCAFED00D
#define JAVA5_PACKAGE_MAJOR_VERSION 150

2
jdk/src/share/native/java/lang/System.c
View File

@ -102,7 +102,7 @@ Java_java_lang_System_identityHashCode(JNIEnv *env, jobject this, jobject x)
#define VENDOR_URL_BUG "http://bugreport.sun.com/bugreport/"
#endif
#define JAVA_MAX_SUPPORTED_VERSION 51
#define JAVA_MAX_SUPPORTED_VERSION 52
#define JAVA_MAX_SUPPORTED_MINOR_VERSION 0
#ifdef JAVA_SPECIFICATION_VENDOR /* Third party may NOT overwrite this. */

135
jdk/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c
View File

@ -26,6 +26,7 @@
#include "sun_security_jgss_wrapper_GSSLibStub.h"
#include "NativeUtil.h"
#include "NativeFunc.h"
#include "jlong.h"
/* Constants for indicating what type of info is needed for inqueries */
const int TYPE_CRED_NAME = 10;
@ -75,14 +76,14 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getMechPtr(JNIEnv *env,
jclass jcls,
jbyteArray jbytes) {
gss_OID cOid;
int i, len;
unsigned int i, len;
jbyte* bytes;
jthrowable gssEx;
jboolean found;
if (jbytes != NULL) {
found = JNI_FALSE;
len = (*env)->GetArrayLength(env, jbytes) - 2;
len = (unsigned int)((*env)->GetArrayLength(env, jbytes) - 2);
bytes = (*env)->GetByteArrayElements(env, jbytes, NULL);
if (bytes != NULL) {
for (i = 0; i < ftab->mechs->count; i++) {
@ -98,9 +99,9 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getMechPtr(JNIEnv *env,
}
if (found != JNI_TRUE) {
checkStatus(env, NULL, GSS_S_BAD_MECH, 0, "[GSSLibStub_getMechPtr]");
return NULL;
} else return cOid;
} else return GSS_C_NO_OID;
return ptr_to_jlong(NULL);
} else return ptr_to_jlong(cOid);
} else return ptr_to_jlong(GSS_C_NO_OID);
}
@ -244,7 +245,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_inquireNamesForMech(JNIEnv *env,
if (ftab->inquireNamesForMech != NULL) {
mech = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
mech = (gss_OID)jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
nameTypes = GSS_C_NO_OID_SET;
/* gss_inquire_names_for_mech(...) => N/A */
@ -273,7 +274,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_releaseName(JNIEnv *env,
OM_uint32 minor, major;
gss_name_t nameHdl;
nameHdl = (gss_name_t) pName;
nameHdl = (gss_name_t) jlong_to_ptr(pName);
sprintf(debugBuf, "[GSSLibStub_releaseName] %ld", (long) pName);
debug(env, debugBuf);
@ -319,7 +320,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_importName(JNIEnv *env,
resetGSSBuffer(env, jnameVal, &nameVal);
checkStatus(env, jobj, major, minor, "[GSSLibStub_importName]");
return (jlong) nameHdl;
return ptr_to_jlong(nameHdl);
}
@ -339,8 +340,8 @@ Java_sun_security_jgss_wrapper_GSSLibStub_compareName(JNIEnv *env,
int isEqual;
isEqual = 0;
nameHdl1 = (gss_name_t) pName1;
nameHdl2 = (gss_name_t) pName2;
nameHdl1 = (gss_name_t) jlong_to_ptr(pName1);
nameHdl2 = (gss_name_t) jlong_to_ptr(pName2);
sprintf(debugBuf, "[GSSLibStub_compareName] %ld %ld", (long) pName1,
(long) pName2);
@ -370,12 +371,12 @@ Java_sun_security_jgss_wrapper_GSSLibStub_canonicalizeName(JNIEnv *env,
gss_name_t nameHdl, mnNameHdl;
gss_OID mech;
nameHdl = (gss_name_t) pName;
nameHdl = (gss_name_t) jlong_to_ptr(pName);
sprintf(debugBuf, "[GSSLibStub_canonicalizeName] %ld", (long) pName);
debug(env, debugBuf);
if (nameHdl != GSS_C_NO_NAME) {
mech = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
mech = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
mnNameHdl = GSS_C_NO_NAME;
/* gss_canonicalize_name(...) may return GSS_S_BAD_NAMETYPE,
@ -391,7 +392,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_canonicalizeName(JNIEnv *env,
checkStatus(env, jobj, major, minor, "[GSSLibStub_canonicalizeName]");
} else mnNameHdl = GSS_C_NO_NAME;
return (jlong) mnNameHdl;
return ptr_to_jlong(mnNameHdl);
}
/*
@ -408,7 +409,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_exportName(JNIEnv *env,
gss_buffer_desc outBuf;
jbyteArray jresult;
nameHdl = (gss_name_t) pName;
nameHdl = (gss_name_t) jlong_to_ptr(pName);
sprintf(debugBuf, "[GSSLibStub_exportName] %ld", (long) pName);
debug(env, debugBuf);
@ -420,16 +421,16 @@ Java_sun_security_jgss_wrapper_GSSLibStub_exportName(JNIEnv *env,
if (major == GSS_S_NAME_NOT_MN) {
debug(env, "[GSSLibStub_exportName] canonicalize and re-try");
mNameHdl = (gss_name_t)
mNameHdl = (gss_name_t)jlong_to_ptr(
Java_sun_security_jgss_wrapper_GSSLibStub_canonicalizeName
(env, jobj, pName);
(env, jobj, pName));
/* return immediately if an exception has occurred */
if ((*env)->ExceptionCheck(env)) {
return NULL;
}
major = (*ftab->exportName)(&minor, mNameHdl, &outBuf);
Java_sun_security_jgss_wrapper_GSSLibStub_releaseName
(env, jobj, (jlong) mNameHdl);
(env, jobj, ptr_to_jlong(mNameHdl));
/* return immediately if an exception has occurred */
if ((*env)->ExceptionCheck(env)) {
return NULL;
@ -460,7 +461,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_displayName(JNIEnv *env,
jobject jtype;
jobjectArray jresult;
nameHdl = (gss_name_t) pName;
nameHdl = (gss_name_t) jlong_to_ptr(pName);
sprintf(debugBuf, "[GSSLibStub_displayName] %ld", (long) pName);
debug(env, debugBuf);
@ -512,10 +513,10 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acquireCred(JNIEnv *env,
debug(env, "[GSSLibStub_acquireCred]");
mech = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
mech = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
mechs = newGSSOIDSet(env, mech);
credUsage = (gss_cred_usage_t) usage;
nameHdl = (gss_name_t) pName;
nameHdl = (gss_name_t) jlong_to_ptr(pName);
credHdl = GSS_C_NO_CREDENTIAL;
sprintf(debugBuf, "[GSSLibStub_acquireCred] pName=%ld, usage=%d",
@ -534,7 +535,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acquireCred(JNIEnv *env,
debug(env, debugBuf);
checkStatus(env, jobj, major, minor, "[GSSLibStub_acquireCred]");
return (jlong) credHdl;
return ptr_to_jlong(credHdl);
}
/*
@ -550,9 +551,9 @@ Java_sun_security_jgss_wrapper_GSSLibStub_releaseCred(JNIEnv *env,
OM_uint32 minor, major;
gss_cred_id_t credHdl;
credHdl = (gss_cred_id_t) pCred;
credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
sprintf(debugBuf, "[GSSLibStub_releaseCred] %ld", pCred);
sprintf(debugBuf, "[GSSLibStub_releaseCred] %ld", (long int)pCred);
debug(env, debugBuf);
if (credHdl != GSS_C_NO_CREDENTIAL) {
@ -562,7 +563,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_releaseCred(JNIEnv *env,
checkStatus(env, jobj, major, minor, "[GSSLibStub_releaseCred]");
}
return (jlong) credHdl;
return ptr_to_jlong(credHdl);
}
/*
@ -570,7 +571,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_releaseCred(JNIEnv *env,
*/
void inquireCred(JNIEnv *env, jobject jobj, gss_cred_id_t pCred,
jint type, void *result) {
OM_uint32 minor, major;
OM_uint32 minor, major=GSS_C_QOP_DEFAULT;
OM_uint32 routineErr;
gss_cred_id_t credHdl;
@ -617,9 +618,9 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getCredName(JNIEnv *env,
gss_name_t nameHdl;
gss_cred_id_t credHdl;
credHdl = (gss_cred_id_t) pCred;
credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
sprintf(debugBuf, "[GSSLibStub_getCredName] %ld", pCred);
sprintf(debugBuf, "[GSSLibStub_getCredName] %ld", (long int)pCred);
debug(env, debugBuf);
nameHdl = GSS_C_NO_NAME;
@ -633,7 +634,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getCredName(JNIEnv *env,
sprintf(debugBuf, "[GSSLibStub_getCredName] pName=%ld", (long) nameHdl);
debug(env, debugBuf);
return (jlong) nameHdl;
return ptr_to_jlong(nameHdl);
}
/*
@ -649,9 +650,9 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getCredTime(JNIEnv *env,
gss_cred_id_t credHdl;
OM_uint32 lifetime;
credHdl = (gss_cred_id_t) pCred;
credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
sprintf(debugBuf, "[GSSLibStub_getCredTime] %ld", pCred);
sprintf(debugBuf, "[GSSLibStub_getCredTime] %ld", (long int)pCred);
debug(env, debugBuf);
lifetime = 0;
@ -677,9 +678,9 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getCredUsage(JNIEnv *env,
gss_cred_usage_t usage;
gss_cred_id_t credHdl;
credHdl = (gss_cred_id_t) pCred;
credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
sprintf(debugBuf, "[GSSLibStub_getCredUsage] %ld", pCred);
sprintf(debugBuf, "[GSSLibStub_getCredUsage] %ld", (long int)pCred);
debug(env, debugBuf);
inquireCred(env, jobj, credHdl, TYPE_CRED_USAGE, &usage);
@ -738,13 +739,13 @@ Java_sun_security_jgss_wrapper_GSSLibStub_importContext(JNIEnv *env,
return NULL;
}
mech2 = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
mech2 = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
if (sameMech(env, mech, mech2) == JNI_TRUE) {
/* mech match - return the context object */
return (*env)->NewObject(env, CLS_NativeGSSContext,
MID_NativeGSSContext_ctor,
(jlong) contextHdl, jobj);
ptr_to_jlong(contextHdl), jobj);
} else {
/* mech mismatch - clean up then return null */
major = (*ftab->deleteSecContext)(&minor, &contextHdl, GSS_C_NO_BUFFER);
@ -784,11 +785,11 @@ Java_sun_security_jgss_wrapper_GSSLibStub_initContext(JNIEnv *env,
*/
debug(env, "[GSSLibStub_initContext]");
credHdl = (gss_cred_id_t) pCred;
contextHdl = (gss_ctx_id_t)
(*env)->GetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext);
targetName = (gss_name_t) pName;
mech = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
contextHdl = (gss_ctx_id_t) jlong_to_ptr(
(*env)->GetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext));
targetName = (gss_name_t) jlong_to_ptr(pName);
mech = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
flags = (OM_uint32) (*env)->GetIntField(env, jcontextSpi,
FID_NativeGSSContext_flags);
time = getGSSTime((*env)->GetIntField(env, jcontextSpi,
@ -821,7 +822,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_initContext(JNIEnv *env,
if (GSS_ERROR(major) == GSS_S_COMPLETE) {
/* update member values if needed */
(*env)->SetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext,
(jlong) contextHdl);
ptr_to_jlong(contextHdl));
(*env)->SetIntField(env, jcontextSpi, FID_NativeGSSContext_flags, aFlags);
sprintf(debugBuf, "[GSSLibStub_initContext] set flags=0x%x", aFlags);
debug(env, debugBuf);
@ -879,7 +880,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acceptContext(JNIEnv *env,
OM_uint32 aFlags;
OM_uint32 aTime;
gss_cred_id_t delCred;
jobject jsrcName;
jobject jsrcName=GSS_C_NO_NAME;
jobject jdelCred;
jobject jMech;
jbyteArray jresult;
@ -889,9 +890,9 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acceptContext(JNIEnv *env,
debug(env, "[GSSLibStub_acceptContext]");
contextHdl = (gss_ctx_id_t)
(*env)->GetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext);
credHdl = (gss_cred_id_t) pCred;
contextHdl = (gss_ctx_id_t)jlong_to_ptr(
(*env)->GetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext));
credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
initGSSBuffer(env, jinToken, &inToken);
cb = getGSSCB(env, jcb);
srcName = GSS_C_NO_NAME;
@ -922,7 +923,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acceptContext(JNIEnv *env,
if (GSS_ERROR(major) == GSS_S_COMPLETE) {
/* update member values if needed */
(*env)->SetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext,
(jlong) contextHdl);
ptr_to_jlong(contextHdl));
sprintf(debugBuf, "[GSSLibStub_acceptContext] set pContext=%ld",
(long)contextHdl);
debug(env, debugBuf);
@ -940,7 +941,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acceptContext(JNIEnv *env,
NULL, NULL);
jtargetName = (*env)->NewObject(env, CLS_GSSNameElement,
MID_GSSNameElement_ctor,
(jlong) targetName, jobj);
ptr_to_jlong(targetName), jobj);
/* return immediately if an exception has occurred */
if ((*env)->ExceptionCheck(env)) {
@ -955,7 +956,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acceptContext(JNIEnv *env,
if (srcName != GSS_C_NO_NAME) {
jsrcName = (*env)->NewObject(env, CLS_GSSNameElement,
MID_GSSNameElement_ctor,
(jlong) srcName, jobj);
ptr_to_jlong(srcName), jobj);
/* return immediately if an exception has occurred */
if ((*env)->ExceptionCheck(env)) {
return NULL;
@ -981,7 +982,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acceptContext(JNIEnv *env,
if (delCred != GSS_C_NO_CREDENTIAL) {
jdelCred = (*env)->NewObject(env, CLS_GSSCredElement,
MID_GSSCredElement_ctor,
(jlong) delCred, jsrcName, jMech);
ptr_to_jlong(delCred), jsrcName, jMech);
/* return immediately if an exception has occurred */
if ((*env)->ExceptionCheck(env)) {
return NULL;
@ -1031,7 +1032,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_inquireContext(JNIEnv *env,
jlong result[6];
jlongArray jresult;
contextHdl = (gss_ctx_id_t) pContext;
contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_inquireContext] %ld", (long)contextHdl);
debug(env, debugBuf);
@ -1051,8 +1052,8 @@ Java_sun_security_jgss_wrapper_GSSLibStub_inquireContext(JNIEnv *env,
(long)targetName);
debug(env, debugBuf);
result[0] = (jlong) srcName;
result[1] = (jlong) targetName;
result[0] = ptr_to_jlong(srcName);
result[1] = ptr_to_jlong(targetName);
result[2] = (jlong) isInitiator;
result[3] = (jlong) isEstablished;
result[4] = (jlong) flags;
@ -1081,9 +1082,9 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getContextMech(JNIEnv *env,
gss_OID mech;
gss_ctx_id_t contextHdl;
contextHdl = (gss_ctx_id_t) pContext;
contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_getContextMech] %ld", pContext);
sprintf(debugBuf, "[GSSLibStub_getContextMech] %ld", (long int)pContext);
debug(env, debugBuf);
major = (*ftab->inquireContext)(&minor, contextHdl, NULL, NULL,
@ -1111,7 +1112,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getContextName(JNIEnv *env,
gss_name_t nameHdl;
gss_ctx_id_t contextHdl;
contextHdl = (gss_ctx_id_t) pContext;
contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_getContextName] %ld, isSrc=%d",
(long)contextHdl, isSrc);
@ -1129,13 +1130,13 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getContextName(JNIEnv *env,
checkStatus(env, jobj, major, minor, "[GSSLibStub_inquireContextAll]");
/* return immediately if an exception has occurred */
if ((*env)->ExceptionCheck(env)) {
return (long)NULL;
return ptr_to_jlong(NULL);
}
sprintf(debugBuf, "[GSSLibStub_getContextName] pName=%ld", (long) nameHdl);
debug(env, debugBuf);
return (jlong) nameHdl;
return ptr_to_jlong(nameHdl);
}
/*
@ -1151,7 +1152,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getContextTime(JNIEnv *env,
gss_ctx_id_t contextHdl;
OM_uint32 time;
contextHdl = (gss_ctx_id_t) pContext;
contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_getContextTime] %ld", (long)contextHdl);
debug(env, debugBuf);
@ -1180,17 +1181,17 @@ Java_sun_security_jgss_wrapper_GSSLibStub_deleteContext(JNIEnv *env,
OM_uint32 minor, major;
gss_ctx_id_t contextHdl;
contextHdl = (gss_ctx_id_t) pContext;
contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_deleteContext] %ld", (long)contextHdl);
debug(env, debugBuf);
if (contextHdl == GSS_C_NO_CONTEXT) return GSS_C_NO_CONTEXT;
if (contextHdl == GSS_C_NO_CONTEXT) return ptr_to_jlong(GSS_C_NO_CONTEXT);
/* gss_delete_sec_context(...) => GSS_S_NO_CONTEXT(!) */
major = (*ftab->deleteSecContext)(&minor, &contextHdl, GSS_C_NO_BUFFER);
checkStatus(env, jobj, major, minor, "[GSSLibStub_deleteContext]");
return (jlong) contextHdl;
return (jlong) ptr_to_jlong(contextHdl);
}
/*
@ -1211,7 +1212,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_wrapSizeLimit(JNIEnv *env,
OM_uint32 outSize, maxInSize;
gss_qop_t qop;
contextHdl = (gss_ctx_id_t) pContext;
contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_wrapSizeLimit] %ld", (long)contextHdl);
debug(env, debugBuf);
@ -1244,7 +1245,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_exportContext(JNIEnv *env,
gss_buffer_desc interProcToken;
jbyteArray jresult;
contextHdl = (gss_ctx_id_t) pContext;
contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_exportContext] %ld", (long)contextHdl);
debug(env, debugBuf);
@ -1281,7 +1282,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getMic(JNIEnv *env, jobject jobj,
gss_buffer_desc msgToken;
jbyteArray jresult;
contextHdl = (gss_ctx_id_t) pContext;
contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_getMic] %ld", (long)contextHdl);
debug(env, debugBuf);
@ -1290,7 +1291,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getMic(JNIEnv *env, jobject jobj,
checkStatus(env, jobj, GSS_S_CONTEXT_EXPIRED, 0, "[GSSLibStub_getMic]");
return NULL;
}
contextHdl = (gss_ctx_id_t) pContext;
contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
qop = (gss_qop_t) jqop;
initGSSBuffer(env, jmsg, &msg);
@ -1326,7 +1327,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_verifyMic(JNIEnv *env,
gss_buffer_desc msgToken;
gss_qop_t qop;
contextHdl = (gss_ctx_id_t) pContext;
contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_verifyMic] %ld", (long)contextHdl);
debug(env, debugBuf);
@ -1376,7 +1377,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_wrap(JNIEnv *env,
gss_ctx_id_t contextHdl;
jbyteArray jresult;
contextHdl = (gss_ctx_id_t) pContext;
contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_wrap] %ld", (long)contextHdl);
debug(env, debugBuf);
@ -1427,7 +1428,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_unwrap(JNIEnv *env,
gss_qop_t qop;
jbyteArray jresult;
contextHdl = (gss_ctx_id_t) pContext;
contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_unwrap] %ld", (long)contextHdl);
debug(env, debugBuf);

5
jdk/src/share/native/sun/security/jgss/wrapper/NativeUtil.c
View File

@ -25,6 +25,7 @@
#include "NativeUtil.h"
#include "NativeFunc.h"
#include "jlong.h"
const int JAVA_DUPLICATE_TOKEN_CODE = 19; /* DUPLICATE_TOKEN */
const int JAVA_OLD_TOKEN_CODE = 20; /* OLD_TOKEN */
@ -412,7 +413,7 @@ OM_uint32 getGSSTime(jint jtime) {
OM_uint32 result;
/* special handle values equal to JAVA_MAX */
if (jtime == JAVA_MAX) {
if (jtime == (jint)JAVA_MAX) {
result = GSS_C_INDEFINITE;
} else {
result = jtime;
@ -482,7 +483,7 @@ jstring getMinorMessage(JNIEnv *env, jobject jstub, OM_uint32 statusValue) {
messageContext = 0;
if (jstub != NULL) {
mech = (gss_OID) (*env)->GetLongField(env, jstub, FID_GSSLibStub_pMech);
mech = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jstub, FID_GSSLibStub_pMech));
} else {
mech = GSS_C_NO_OID;
}

4
jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c
View File

@ -422,6 +422,7 @@ CK_ATTRIBUTE jAttributeToCKAttribute(JNIEnv *env, jobject jAttribute)
jfieldID jFieldID;
jlong jType;
jobject jPValue;
memset(&ckAttribute, 0, sizeof(CK_ATTRIBUTE));
// TBD: what if jAttribute == NULL?!
@ -1577,6 +1578,7 @@ CK_RSA_PKCS_PSS_PARAMS jRsaPkcsPssParamToCKRsaPkcsPssParam(JNIEnv *env, jobject
CK_RSA_PKCS_PSS_PARAMS ckParam;
jfieldID fieldID;
jlong jHashAlg, jMgf, jSLen;
memset(&ckParam, 0, sizeof(CK_RSA_PKCS_PSS_PARAMS));
/* get hashAlg */
jRsaPkcsPssParamsClass = (*env)->FindClass(env, CLASS_RSA_PKCS_PSS_PARAMS);
@ -1617,6 +1619,7 @@ CK_ECDH1_DERIVE_PARAMS jEcdh1DeriveParamToCKEcdh1DeriveParam(JNIEnv *env, jobjec
jfieldID fieldID;
jlong jLong;
jobject jSharedData, jPublicData;
memset(&ckParam, 0, sizeof(CK_ECDH1_DERIVE_PARAMS));
/* get kdf */
jEcdh1DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH1_DERIVE_PARAMS);
@ -1663,6 +1666,7 @@ CK_ECDH2_DERIVE_PARAMS jEcdh2DeriveParamToCKEcdh2DeriveParam(JNIEnv *env, jobjec
jfieldID fieldID;
jlong jKdf, jPrivateDataLen, jPrivateData;
jobject jSharedData, jPublicData, jPublicData2;
memset(&ckParam, 0, sizeof(CK_ECDH2_DERIVE_PARAMS));
/* get kdf */
jEcdh2DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH2_DERIVE_PARAMS);

12
jdk/src/share/native/sun/security/pkcs11/wrapper/p11_crypt.c
View File

@ -180,14 +180,14 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1EncryptUpdate
ckSessionHandle = jLongToCKULong(jSessionHandle);
if (directIn != 0) {
inBufP = (CK_BYTE_PTR) directIn;
inBufP = (CK_BYTE_PTR) jlong_to_ptr(directIn);
} else {
inBufP = (*env)->GetPrimitiveArrayCritical(env, jIn, NULL);
if (inBufP == NULL) { return 0; }
}
if (directOut != 0) {
outBufP = (CK_BYTE_PTR) directOut;
outBufP = (CK_BYTE_PTR) jlong_to_ptr(directOut);
} else {
outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL);
if (outBufP == NULL) {
@ -249,7 +249,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1EncryptFinal
ckSessionHandle = jLongToCKULong(jSessionHandle);
if (directOut != 0) {
outBufP = (CK_BYTE_PTR) directOut;
outBufP = (CK_BYTE_PTR) jlong_to_ptr(directOut);
} else {
outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL);
if (outBufP == NULL) { return 0; }
@ -401,14 +401,14 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1DecryptUpdate
ckSessionHandle = jLongToCKULong(jSessionHandle);
if (directIn != 0) {
inBufP = (CK_BYTE_PTR) directIn;
inBufP = (CK_BYTE_PTR) jlong_to_ptr(directIn);
} else {
inBufP = (*env)->GetPrimitiveArrayCritical(env, jIn, NULL);
if (inBufP == NULL) { return 0; }
}
if (directOut != 0) {
outBufP = (CK_BYTE_PTR) directOut;
outBufP = (CK_BYTE_PTR) jlong_to_ptr(directOut);
} else {
outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL);
if (outBufP == NULL) {
@ -465,7 +465,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1DecryptFinal
ckSessionHandle = jLongToCKULong(jSessionHandle);
if (directOut != 0) {
outBufP = (CK_BYTE_PTR) directOut;
outBufP = (CK_BYTE_PTR) jlong_to_ptr(directOut);
} else {
outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL);
if (outBufP == NULL) { return 0; }

3
jdk/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c
View File

@ -51,6 +51,7 @@
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include "jlong.h"
#include "sun_security_pkcs11_wrapper_PKCS11.h"
@ -178,7 +179,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestUpdate
ckSessionHandle = jLongToCKULong(jSessionHandle);
if (directIn != 0) {
rv = (*ckpFunctions->C_DigestUpdate)(ckSessionHandle, (CK_BYTE_PTR)directIn, jInLen);
rv = (*ckpFunctions->C_DigestUpdate)(ckSessionHandle, (CK_BYTE_PTR)jlong_to_ptr(directIn), jInLen);
ckAssertReturnValueOK(env, rv);
return;
}

10
jdk/src/share/native/sun/security/pkcs11/wrapper/p11_general.c
View File

@ -253,10 +253,12 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetInfo
(JNIEnv *env, jobject obj)
{
CK_INFO ckLibInfo;
jobject jInfoObject;
jobject jInfoObject=NULL;
CK_RV rv;
CK_FUNCTION_LIST_PTR ckpFunctions;
memset(&ckLibInfo, 0, sizeof(CK_INFO));
CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
ckpFunctions = getFunctionList(env, obj);
if (ckpFunctions == NULL) { return NULL; }
rv = (*ckpFunctions->C_GetInfo)(&ckLibInfo);
@ -384,7 +386,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetSlotInfo
{
CK_SLOT_ID ckSlotID;
CK_SLOT_INFO ckSlotInfo;
jobject jSlotInfoObject;
jobject jSlotInfoObject=NULL;
CK_RV rv;
CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
@ -396,7 +398,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetSlotInfo
if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {
jSlotInfoObject = ckSlotInfoPtrToJSlotInfo(env, &ckSlotInfo);
}
return jSlotInfoObject ;
return jSlotInfoObject;
}
/*

2
jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c
View File

@ -256,7 +256,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetSessionI
{
CK_SESSION_HANDLE ckSessionHandle;
CK_SESSION_INFO ckSessionInfo;
jobject jSessionInfo;
jobject jSessionInfo=NULL;
CK_RV rv;
CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);

7
jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c
View File

@ -51,6 +51,7 @@
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include "jlong.h"
#include "sun_security_pkcs11_wrapper_PKCS11.h"
@ -198,7 +199,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignUpdate
ckSessionHandle = jLongToCKULong(jSessionHandle);
if (directIn != 0) {
rv = (*ckpFunctions->C_SignUpdate)(ckSessionHandle, (CK_BYTE_PTR)directIn, jInLen);
rv = (*ckpFunctions->C_SignUpdate)(ckSessionHandle, (CK_BYTE_PTR) jlong_to_ptr(directIn), jInLen);
ckAssertReturnValueOK(env, rv);
return;
}
@ -262,7 +263,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignFina
ckSessionHandle = jLongToCKULong(jSessionHandle);
if ((jExpectedLength > 0) && (jExpectedLength < ckSignatureLength)) {
if ((jExpectedLength > 0) && ((CK_ULONG)jExpectedLength < ckSignatureLength)) {
ckSignatureLength = jExpectedLength;
}
@ -496,7 +497,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyUpdate
ckSessionHandle = jLongToCKULong(jSessionHandle);
if (directIn != 0) {
rv = (*ckpFunctions->C_VerifyUpdate)(ckSessionHandle, (CK_BYTE_PTR)directIn, jInLen);
rv = (*ckpFunctions->C_VerifyUpdate)(ckSessionHandle, (CK_BYTE_PTR)jlong_to_ptr(directIn), jInLen);
ckAssertReturnValueOK(env, rv);
return;
}

4
jdk/src/share/native/sun/security/pkcs11/wrapper/p11_util.c
View File

@ -106,7 +106,7 @@ void putModuleEntry(JNIEnv *env, jobject pkcs11Implementation, ModuleData *modul
if (moduleData == NULL) {
return ;
}
(*env)->SetLongField(env, pkcs11Implementation, pNativeDataID, (jlong)moduleData);
(*env)->SetLongField(env, pkcs11Implementation, pNativeDataID, ptr_to_jlong(moduleData));
}
@ -120,7 +120,7 @@ ModuleData * getModuleEntry(JNIEnv *env, jobject pkcs11Implementation) {
return NULL;
}
jData = (*env)->GetLongField(env, pkcs11Implementation, pNativeDataID);
return (ModuleData*)jData;
return (ModuleData*)jlong_to_ptr(jData);
}
CK_FUNCTION_LIST_PTR getFunctionList(JNIEnv *env, jobject pkcs11Implementation) {

6
jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.c
View File

@ -34,7 +34,7 @@
#include "j2secmod.h"
void *findFunction(JNIEnv *env, jlong jHandle, const char *functionName) {
void *hModule = (void*)jHandle;
void *hModule = (void*)jlong_to_ptr(jHandle);
void *fAddress = dlsym(hModule, functionName);
if (fAddress == NULL) {
char errorMessage[256];
@ -53,7 +53,7 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_Secmod_nssGetLibraryHandle
void *hModule = dlopen(libName, RTLD_NOLOAD);
dprintf2("-handle for %s: %u\n", libName, hModule);
(*env)->ReleaseStringUTFChars(env, jLibName, libName);
return (jlong)hModule;
return ptr_to_jlong(hModule);
}
JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_Secmod_nssLoadLibrary
@ -72,5 +72,5 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_Secmod_nssLoadLibrary
return 0;
}
return (jlong)hModule;
return ptr_to_jlong(hModule);
}

2
jdk/src/solaris/native/sun/security/pkcs11/wrapper/p11_md.c
View File

@ -79,7 +79,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_connect
{
void *hModule;
char *error;
CK_C_GetFunctionList C_GetFunctionList;
CK_C_GetFunctionList C_GetFunctionList=NULL;
CK_RV rv;
ModuleData *moduleData;
jobject globalPKCS11ImplementationReference;

5
jdk/test/ProblemList.txt
View File

@ -137,11 +137,6 @@ java/lang/management/MemoryMXBean/ResetPeakMemoryUsage.java generic-all
# 7196801
java/lang/management/MemoryMXBean/LowMemoryTest2.sh generic-all
# Exclude until hotspot/jdk repos are sync'd w.r.t. JAVA_MAX_SUPPORTED_VERSION
# Needed when hotspot fix 7054345 is present. Remove when the JDK source is
# updated accordingly.
java/lang/System/Versions.java generic-all
############################################################################
# jdk_management

18
jdk/test/com/sun/crypto/provider/Cipher/PBE/PBEInvalidParamsTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/*
* @test
* @bug 6209660
* @bug 6209660 6383200
* @summary Ensure that InvalidAlgorithmParameterException is
* thrown as javadoc specified when parameters of the wrong
* type are used.
@ -38,9 +38,21 @@ public class PBEInvalidParamsTest {
private static final char[] PASSWORD = { 'p', 'a', 's', 's' };
private static final String[] PBE_ALGOS = {
"PBEWithMD5AndDES", "PBEWithSHA1AndDESede", "PBEWithSHA1AndRC2_40"
"PBEWithMD5AndDES",
"PBEWithSHA1AndDESede",
"PBEWithSHA1AndRC2_40",
"PBEWithSHA1AndRC2_128",
"PBEWithSHA1AndRC4_40",
"PBEWithSHA1AndRC4_128",
// skip "PBEWithMD5AndTripleDES" since it requires Unlimited
// version of JCE jurisdiction policy files.
"PBEWithHmacSHA1AndAES_128",
"PBEWithHmacSHA224AndAES_128",
"PBEWithHmacSHA256AndAES_128",
"PBEWithHmacSHA384AndAES_128",
"PBEWithHmacSHA512AndAES_128"
// skip "PBEWithHmacSHAxxxAndAES_256" since they require Unlimited
// version of JCE jurisdiction policy files.
};
private static final IvParameterSpec INVALID_PARAMS =

13
jdk/test/com/sun/crypto/provider/Cipher/PBE/PBEKeysAlgorithmNames.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/*
* @test
* @bug 6341599
* @bug 6341599 6383200
* @summary JCE Reference Guide has recommendations, not requirements,
* for algorithm names
* @author Brad R. Wetmore
@ -38,8 +38,15 @@ public class PBEKeysAlgorithmNames {
"PBEWithMD5AndDES",
"PBEWithSHA1AndDESede",
"PBEWithSHA1AndRC2_40",
"PBEWithSHA1AndRC2_128",
"PBEWithMD5AndTripleDES",
"PBEWithSHA1AndRC4_40",
"PBEWithSHA1AndRC4_128",
"PBKDF2WithHmacSHA1",
"PBEWithMD5AndTripleDES"
"PBKDF2WithHmacSHA224",
"PBKDF2WithHmacSHA256",
"PBKDF2WithHmacSHA384",
"PBKDF2WithHmacSHA512"
};
public static void main(String[] argv) throws Exception {

Some files were not shown because too many files have changed in this diff Show More