From e4661801352674f01f64ba70f4d735afab05a102 Mon Sep 17 00:00:00 2001 From: Daniel Fuchs Date: Thu, 12 Mar 2009 15:36:14 +0100 Subject: [PATCH 01/11] 6661448: Make the SNMP agent optional when OPENJDK=true and IMPORT_BINARY_PLUGS=false Reviewed-by: mchung, ohair --- jdk/make/com/sun/jmx/Makefile | 10 +- jdk/make/java/management/Makefile | 2 + jdk/make/javax/management/Makefile | 1 + jdk/make/sun/management/Makefile | 11 +- .../share/classes/sun/management/Agent.java | 38 ++++- .../com/sun/jmx/snmp/SnmpOidHashCode.java | 74 ++++++++- .../com/sun/jmx/snmp/TimeTicksWrapping.java | 157 ++++++++++++++++-- 7 files changed, 268 insertions(+), 25 deletions(-) diff --git a/jdk/make/com/sun/jmx/Makefile b/jdk/make/com/sun/jmx/Makefile index c529dd4be31..81470f0befe 100644 --- a/jdk/make/com/sun/jmx/Makefile +++ b/jdk/make/com/sun/jmx/Makefile @@ -41,7 +41,15 @@ include $(BUILDDIR)/common/Defs.gmk # Note : some targets are double colon rules and some single colon rules # within common included gmk files : that is why the following for loop # has been duplicated. -SUBDIRS = snmp + +# When building the openjdk, build snmp only if importing binary plugs, +ifdef OPENJDK + ifeq ($(IMPORT_BINARY_PLUGS),true) + SUBDIRS = snmp + endif +else + SUBDIRS = snmp +endif all build: $(SUBDIRS-loop) diff --git a/jdk/make/java/management/Makefile b/jdk/make/java/management/Makefile index 466d2212afe..f579e10c105 100644 --- a/jdk/make/java/management/Makefile +++ b/jdk/make/java/management/Makefile @@ -46,6 +46,8 @@ include $(BUILDDIR)/common/Mapfile-vers.gmk # include FILES_c.gmk +# We don't need snmp here. +AUTO_JAVA_PRUNE = snmp AUTO_FILES_JAVA_DIRS = java/lang/management com/sun/management sun/management include Exportedfiles.gmk diff --git a/jdk/make/javax/management/Makefile b/jdk/make/javax/management/Makefile index 2085e38a88b..02527ec2d21 100644 --- a/jdk/make/javax/management/Makefile +++ b/jdk/make/javax/management/Makefile @@ -35,6 +35,7 @@ include $(BUILDDIR)/common/Defs.gmk # # Files to compile # +AUTO_JAVA_PRUNE = snmp AUTO_FILES_JAVA_DIRS = javax/management com/sun/jmx com/sun/management/jmx # diff --git a/jdk/make/sun/management/Makefile b/jdk/make/sun/management/Makefile index 6ae5d85d817..bb7ad8935c9 100644 --- a/jdk/make/sun/management/Makefile +++ b/jdk/make/sun/management/Makefile @@ -35,7 +35,16 @@ MGMT_LIB_SRC = $(SHARE_SRC)/lib/management all build:: properties aclfile jmxremotefiles -SUBDIRS = snmp jmxremote +# When building the openjdk, build snmp only if importing binary plugs, +ifdef OPENJDK + ifeq ($(IMPORT_BINARY_PLUGS),true) + SUBDIRS = snmp + endif +else + SUBDIRS = snmp +endif +SUBDIRS += jmxremote + all build clean clobber:: $(SUBDIRS-loop) diff --git a/jdk/src/share/classes/sun/management/Agent.java b/jdk/src/share/classes/sun/management/Agent.java index e247412ba91..edc53f93c6e 100644 --- a/jdk/src/share/classes/sun/management/Agent.java +++ b/jdk/src/share/classes/sun/management/Agent.java @@ -31,9 +31,9 @@ import java.io.FileInputStream; import java.io.BufferedInputStream; import java.io.FileNotFoundException; import java.io.IOException; +import java.lang.reflect.InvocationTargetException; import java.text.MessageFormat; import java.util.Properties; -import java.util.Enumeration; import java.util.ResourceBundle; import java.util.MissingResourceException; import java.lang.management.ManagementFactory; @@ -41,7 +41,6 @@ import java.lang.reflect.Method; import javax.management.remote.JMXConnectorServer; -import sun.management.snmp.AdaptorBootstrap; import sun.management.jmxremote.ConnectorBootstrap; import static sun.management.AgentConfigurationError.*; import sun.misc.VMSupport; @@ -69,6 +68,9 @@ public class Agent { private static final String LOCAL_CONNECTOR_ADDRESS_PROP = "com.sun.management.jmxremote.localConnectorAddress"; + private static final String SNMP_ADAPTOR_BOOTSTRAP_CLASS_NAME = + "sun.management.snmp.AdaptorBootstrap"; + // invoked by -javaagent or -Dcom.sun.management.agent.class public static void premain(String args) throws Exception { agentmain(args); @@ -128,7 +130,7 @@ public class Agent { try { if (snmpPort != null) { - AdaptorBootstrap.initialize(snmpPort, props); + loadSnmpAgent(snmpPort, props); } /* @@ -204,6 +206,36 @@ public class Agent { return mgmtProps; } + private static void loadSnmpAgent(String snmpPort, Properties props) { + try { + // invoke the following through reflection: + // AdaptorBootstrap.initialize(snmpPort, props); + final Class adaptorClass = + Class.forName(SNMP_ADAPTOR_BOOTSTRAP_CLASS_NAME,true,null); + final Method initializeMethod = + adaptorClass.getMethod("initialize", + String.class, Properties.class); + initializeMethod.invoke(null,snmpPort,props); + } catch (ClassNotFoundException x) { + // The SNMP packages are not present: throws an exception. + throw new UnsupportedOperationException("Unsupported management property: " + SNMP_PORT,x); + } catch (NoSuchMethodException x) { + // should not happen... + throw new UnsupportedOperationException("Unsupported management property: " + SNMP_PORT,x); + } catch (InvocationTargetException x) { + final Throwable cause = x.getCause(); + if (cause instanceof RuntimeException) + throw (RuntimeException) cause; + else if (cause instanceof Error) + throw (Error) cause; + // should not happen... + throw new UnsupportedOperationException("Unsupported management property: " + SNMP_PORT,cause); + } catch (IllegalAccessException x) { + // should not happen... + throw new UnsupportedOperationException("Unsupported management property: " + SNMP_PORT,x); + } + } + // read config file and initialize the properties private static void readConfiguration(String fname, Properties p) { if (fname == null) { diff --git a/jdk/test/com/sun/jmx/snmp/SnmpOidHashCode.java b/jdk/test/com/sun/jmx/snmp/SnmpOidHashCode.java index 907d00913f4..4a815de0386 100644 --- a/jdk/test/com/sun/jmx/snmp/SnmpOidHashCode.java +++ b/jdk/test/com/sun/jmx/snmp/SnmpOidHashCode.java @@ -1,5 +1,5 @@ /* - * Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,7 +28,8 @@ * @build SnmpOidHashCode * @run main SnmpOidHashCode */ -import com.sun.jmx.snmp.SnmpOid; +import java.lang.reflect.Constructor; +import java.lang.reflect.InvocationTargetException; public class SnmpOidHashCode { public static final String[] oids = { @@ -57,16 +58,81 @@ public class SnmpOidHashCode { ".39."+0xFFFFFFFFL }; + // We use an SnmpOidBuilder in order to adapt this test case to a + // configuration where the SNMP packages are not present in rt.jar. + // + public static final class SnmpOidBuilder { + public static final String SNMP_OID_CLASS_NAME = + "com.sun.jmx.snmp.SnmpOid"; + private static final Class SNMP_OID_CLASS; + private static final Constructor SNMP_OID_CTOR; + static { + Class snmpOidClass; + try { + snmpOidClass = + Class.forName(SNMP_OID_CLASS_NAME, true, null); + } catch (ClassNotFoundException x) { + snmpOidClass = null; + System.err.println("WARNING: can't load "+SNMP_OID_CLASS_NAME); + } catch (NoClassDefFoundError x) { + snmpOidClass = null; + System.err.println("WARNING: can't load "+SNMP_OID_CLASS_NAME); + } + SNMP_OID_CLASS = snmpOidClass; + if (SNMP_OID_CLASS != null) { + try { + SNMP_OID_CTOR = snmpOidClass.getConstructor(String.class); + } catch (Exception x) { + throw new ExceptionInInitializerError(x); + } + } else { + SNMP_OID_CTOR = null; + } + } + + public static boolean isSnmpPresent() { + System.out.println(SnmpOidHashCode.class.getName()+ + ": Testing for SNMP Packages..."); + return SNMP_OID_CLASS != null; + } + + public static Object newSnmpOid(String oid) + throws InstantiationException, + IllegalAccessException, + InvocationTargetException { + return SNMP_OID_CTOR.newInstance(oid); + } + + } + + private static Object newSnmpOid(String oid) throws Exception { + try { + return SnmpOidBuilder.newSnmpOid(oid); + } catch (InvocationTargetException x) { + final Throwable cause = x.getCause(); + if (cause instanceof Exception) throw (Exception)cause; + if (cause instanceof Error) throw (Error)cause; + throw x; + } + } + public static void main(String args[]) { + if (!SnmpOidBuilder.isSnmpPresent()) { + System.err.println("WARNING: "+ + SnmpOidBuilder.SNMP_OID_CLASS_NAME+" not present."); + System.err.println(SnmpOidHashCode.class.getName()+ + ": test skipped."); + return; + } try { int errCount=0; int collisions=0; for (int i=0;i SNMP_TIME_TICKS_CLASS; + private static final Constructor SNMP_long_CTOR; + private static final Constructor SNMP_LONG_CTOR; + private static final Method SNMP_LONG_VALUE; + static { + Class snmpTimeTicksClass; + try { + snmpTimeTicksClass = + Class.forName(SNMP_TIME_TICKS_CLASS_NAME, true, null); + } catch (ClassNotFoundException x) { + snmpTimeTicksClass = null; + System.err.println("WARNING: can't load "+ + SNMP_TIME_TICKS_CLASS_NAME); + } catch (NoClassDefFoundError x) { + snmpTimeTicksClass = null; + System.err.println("WARNING: can't load "+ + SNMP_TIME_TICKS_CLASS_NAME); + } + SNMP_TIME_TICKS_CLASS = snmpTimeTicksClass; + if (SNMP_TIME_TICKS_CLASS != null) { + try { + SNMP_long_CTOR = + SNMP_TIME_TICKS_CLASS.getConstructor(long.class); + } catch (Exception x) { + throw new ExceptionInInitializerError(x); + } + } else { + SNMP_long_CTOR = null; + } + if (SNMP_TIME_TICKS_CLASS != null) { + try { + SNMP_LONG_CTOR = + SNMP_TIME_TICKS_CLASS.getConstructor(Long.class); + } catch (Exception x) { + throw new ExceptionInInitializerError(x); + } + } else { + SNMP_LONG_CTOR = null; + } + if (SNMP_TIME_TICKS_CLASS != null) { + try { + SNMP_LONG_VALUE = + SNMP_TIME_TICKS_CLASS.getMethod("longValue"); + } catch (Exception x) { + throw new ExceptionInInitializerError(x); + } + } else { + SNMP_LONG_VALUE = null; + } + + } + + private final Object timeticks; + + public SnmpTimeticksBuilder(long ticks) throws Exception { + timeticks = newSnmpTimeticks(ticks); + } + public SnmpTimeticksBuilder(Long ticks) throws Exception { + timeticks = newSnmpTimeticks(ticks); + } + public long longValue() throws Exception { + return longValue(timeticks); + } + + public static boolean isSnmpPresent() { + System.out.println(TimeTicksWrapping.class.getName()+ + ": Testing for SNMP Packages..."); + return SNMP_TIME_TICKS_CLASS != null; + } + + private static Object newSnmpTimeticks(long time) + throws Exception { + try { + return SNMP_long_CTOR.newInstance(time); + } catch (InvocationTargetException x) { + final Throwable cause = x.getCause(); + if (cause instanceof Exception) throw (Exception) cause; + if (cause instanceof Error) throw (Error) cause; + throw x; + } + } + + private static Object newSnmpTimeticks(Long time) + throws Exception { + try { + return SNMP_LONG_CTOR.newInstance(time); + } catch (InvocationTargetException x) { + final Throwable cause = x.getCause(); + if (cause instanceof Exception) throw (Exception) cause; + if (cause instanceof Error) throw (Error) cause; + throw x; + } + } + + private static long longValue(Object o) + throws Exception { + try { + return ((Long)SNMP_LONG_VALUE.invoke(o)).longValue(); + } catch (InvocationTargetException x) { + final Throwable cause = x.getCause(); + if (cause instanceof Exception) throw (Exception) cause; + if (cause instanceof Error) throw (Error) cause; + throw x; + } + } + + } + public static final long[] oks = { 0L, 1L, (long)Integer.MAX_VALUE, (long)Integer.MAX_VALUE*2, (long)Integer.MAX_VALUE*2+1L, (long)Integer.MAX_VALUE*2+2L, (long)Integer.MAX_VALUE*3, - SnmpUnsignedInt.MAX_VALUE, SnmpUnsignedInt.MAX_VALUE+1L, - SnmpUnsignedInt.MAX_VALUE*3-1L, Long.MAX_VALUE + SnmpTimeticksBuilder.MAX_VALUE, SnmpTimeticksBuilder.MAX_VALUE+1L, + SnmpTimeticksBuilder.MAX_VALUE*3-1L, Long.MAX_VALUE }; public static final long[] kos = { -1L, (long)Integer.MIN_VALUE, (long)Integer.MIN_VALUE*2, (long)Integer.MIN_VALUE*2-1L, (long)Integer.MIN_VALUE*3, - -SnmpUnsignedInt.MAX_VALUE, -(SnmpUnsignedInt.MAX_VALUE+1L), - -(SnmpUnsignedInt.MAX_VALUE*3-1L), Long.MIN_VALUE + -SnmpTimeticksBuilder.MAX_VALUE, -(SnmpTimeticksBuilder.MAX_VALUE+1L), + -(SnmpTimeticksBuilder.MAX_VALUE*3-1L), Long.MIN_VALUE }; + public static void main(String args[]) { + if (!SnmpTimeticksBuilder.isSnmpPresent()) { + System.err.println("WARNING: "+ + SnmpTimeticksBuilder.SNMP_TIME_TICKS_CLASS_NAME+ + " not present."); + System.err.println(TimeTicksWrapping.class.getName()+ + ": test skipped."); + return; + } try { - SnmpTimeticks t; + SnmpTimeticksBuilder t = null; for (int i=0;i SnmpUnsignedInt.MAX_VALUE) + if (t1 > SnmpTimeticksBuilder.MAX_VALUE) throw new Exception("Value should have wrapped " + "for " + oks[i] + ": " + t1 + " exceeds max: " + - SnmpUnsignedInt.MAX_VALUE); - if (t2 > SnmpUnsignedInt.MAX_VALUE) + SnmpTimeticksBuilder.MAX_VALUE); + if (t2 > SnmpTimeticksBuilder.MAX_VALUE) throw new Exception("Value should have wrapped " + "for " + oks[i] + ": " + t2 + " exceeds max: " + - SnmpUnsignedInt.MAX_VALUE); + SnmpTimeticksBuilder.MAX_VALUE); if (t1 < 0) throw new Exception("Value should have wrapped: " + @@ -90,14 +215,14 @@ public class TimeTicksWrapping { for (int i=0;i Date: Thu, 12 Mar 2009 10:27:22 -0700 Subject: [PATCH 02/11] 6810254: Lazily instantiate the shared secret access objects Register the shutdown hooks only when needed and remove JavaIODeleteOnExitAccess Reviewed-by: alanb --- jdk/make/java/java/FILES_java.gmk | 1 - jdk/src/share/classes/java/io/Console.java | 29 +++++++------- .../classes/java/io/DeleteOnExitHook.java | 19 +++++----- jdk/src/share/classes/java/io/File.java | 12 ------ .../java/lang/ApplicationShutdownHooks.java | 20 +++++----- jdk/src/share/classes/java/lang/Shutdown.java | 38 +++++++------------ jdk/src/share/classes/java/lang/System.java | 11 ++---- .../share/classes/sun/misc/JavaIOAccess.java | 1 - .../sun/misc/JavaIODeleteOnExitAccess.java | 30 --------------- .../classes/sun/misc/JavaLangAccess.java | 3 ++ .../share/classes/sun/misc/SharedSecrets.java | 12 ------ 11 files changed, 54 insertions(+), 122 deletions(-) delete mode 100644 jdk/src/share/classes/sun/misc/JavaIODeleteOnExitAccess.java diff --git a/jdk/make/java/java/FILES_java.gmk b/jdk/make/java/java/FILES_java.gmk index 3117af8461f..83f3af7d968 100644 --- a/jdk/make/java/java/FILES_java.gmk +++ b/jdk/make/java/java/FILES_java.gmk @@ -449,7 +449,6 @@ JAVA_JAVA_java = \ sun/misc/Service.java \ sun/misc/JavaLangAccess.java \ sun/misc/JavaIOAccess.java \ - sun/misc/JavaIODeleteOnExitAccess.java \ sun/misc/JavaIOFileDescriptorAccess.java \ sun/misc/JavaNioAccess.java diff --git a/jdk/src/share/classes/java/io/Console.java b/jdk/src/share/classes/java/io/Console.java index 9e009943a95..201b66f71b5 100644 --- a/jdk/src/share/classes/java/io/Console.java +++ b/jdk/src/share/classes/java/io/Console.java @@ -503,6 +503,21 @@ public final class Console implements Flushable // Set up JavaIOAccess in SharedSecrets static { + + // Add a shutdown hook to restore console's echo state should + // it be necessary. + sun.misc.SharedSecrets.getJavaLangAccess() + .registerShutdownHook(0 /* shutdown hook invocation order */, + new Runnable() { + public void run() { + try { + if (echoOff) { + echo(true); + } + } catch (IOException x) { } + } + }); + sun.misc.SharedSecrets.setJavaIOAccess(new sun.misc.JavaIOAccess() { public Console console() { if (istty()) { @@ -513,20 +528,6 @@ public final class Console implements Flushable return null; } - // Add a shutdown hook to restore console's echo state should - // it be necessary. - public Runnable consoleRestoreHook() { - return new Runnable() { - public void run() { - try { - if (echoOff) { - echo(true); - } - } catch (IOException x) {} - } - }; - } - public Charset charset() { // This method is called in sun.security.util.Password, // cons already exists when this method is called diff --git a/jdk/src/share/classes/java/io/DeleteOnExitHook.java b/jdk/src/share/classes/java/io/DeleteOnExitHook.java index bf4d9e7f20f..1dc5c9d85bc 100644 --- a/jdk/src/share/classes/java/io/DeleteOnExitHook.java +++ b/jdk/src/share/classes/java/io/DeleteOnExitHook.java @@ -34,17 +34,18 @@ import java.io.File; */ class DeleteOnExitHook { - private static DeleteOnExitHook instance = null; + static { + sun.misc.SharedSecrets.getJavaLangAccess() + .registerShutdownHook(2 /* Shutdown hook invocation order */, + new Runnable() { + public void run() { + runHooks(); + } + }); + } private static LinkedHashSet files = new LinkedHashSet(); - static DeleteOnExitHook hook() { - if (instance == null) - instance = new DeleteOnExitHook(); - - return instance; - } - private DeleteOnExitHook() {} static synchronized void add(String file) { @@ -54,7 +55,7 @@ class DeleteOnExitHook { files.add(file); } - void run() { + static void runHooks() { LinkedHashSet theFiles; synchronized (DeleteOnExitHook.class) { diff --git a/jdk/src/share/classes/java/io/File.java b/jdk/src/share/classes/java/io/File.java index 6a0415101fb..6e58efbbd6b 100644 --- a/jdk/src/share/classes/java/io/File.java +++ b/jdk/src/share/classes/java/io/File.java @@ -2147,18 +2147,6 @@ public class File /** use serialVersionUID from JDK 1.0.2 for interoperability */ private static final long serialVersionUID = 301077366599181567L; - // Set up JavaIODeleteOnExitAccess in SharedSecrets - // Added here as DeleteOnExitHook is package-private and SharedSecrets cannot easily access it. - static { - sun.misc.SharedSecrets.setJavaIODeleteOnExitAccess( - new sun.misc.JavaIODeleteOnExitAccess() { - public void run() { - DeleteOnExitHook.hook().run(); - } - } - ); - } - // -- Integration with java.nio.file -- private volatile transient Path filePath; diff --git a/jdk/src/share/classes/java/lang/ApplicationShutdownHooks.java b/jdk/src/share/classes/java/lang/ApplicationShutdownHooks.java index 8eeb0fef8d0..b3341de15a4 100644 --- a/jdk/src/share/classes/java/lang/ApplicationShutdownHooks.java +++ b/jdk/src/share/classes/java/lang/ApplicationShutdownHooks.java @@ -34,19 +34,19 @@ import java.util.*; * @see java.lang.Runtime#removeShutdownHook */ -class ApplicationShutdownHooks implements Runnable { - private static ApplicationShutdownHooks instance = null; +class ApplicationShutdownHooks { + static { + Shutdown.add(1 /* shutdown hook invocation order */, + new Runnable() { + public void run() { + runHooks(); + } + }); + } /* The set of registered hooks */ private static IdentityHashMap hooks = new IdentityHashMap(); - static synchronized ApplicationShutdownHooks hook() { - if (instance == null) - instance = new ApplicationShutdownHooks(); - - return instance; - } - private ApplicationShutdownHooks() {} /* Add a new shutdown hook. Checks the shutdown state and the hook itself, @@ -82,7 +82,7 @@ class ApplicationShutdownHooks implements Runnable { * to run in. Hooks are run concurrently and this method waits for * them to finish. */ - public void run() { + static void runHooks() { Collection threads; synchronized(ApplicationShutdownHooks.class) { threads = hooks.keySet(); diff --git a/jdk/src/share/classes/java/lang/Shutdown.java b/jdk/src/share/classes/java/lang/Shutdown.java index 18e32d96f8e..b77b45056a7 100644 --- a/jdk/src/share/classes/java/lang/Shutdown.java +++ b/jdk/src/share/classes/java/lang/Shutdown.java @@ -25,8 +25,6 @@ package java.lang; -import java.util.ArrayList; - /** * Package-private utility class containing data structures and logic @@ -47,8 +45,13 @@ class Shutdown { /* Should we run all finalizers upon exit? */ private static boolean runFinalizersOnExit = false; - /* The set of registered, wrapped hooks, or null if there aren't any */ - private static ArrayList hooks = new ArrayList(); + // The system shutdown hooks are registered with a predefined slot. + // The list of shutdown hooks is as follows: + // (0) Console restore hook + // (1) Application hooks + // (2) DeleteOnExit hook + private static final int MAX_SYSTEM_HOOKS = 10; + private static final Runnable[] hooks = new Runnable[MAX_SYSTEM_HOOKS]; /* The preceding static fields are protected by this lock */ private static class Lock { }; @@ -68,33 +71,18 @@ class Shutdown { /* Add a new shutdown hook. Checks the shutdown state and the hook itself, * but does not do any security checks. */ - static void add(Runnable hook) { + static void add(int slot, Runnable hook) { synchronized (lock) { if (state > RUNNING) throw new IllegalStateException("Shutdown in progress"); - hooks.add(hook); + if (hooks[slot] != null) + throw new InternalError("Shutdown hook at slot " + slot + " already registered"); + + hooks[slot] = hook; } } - - /* Remove a previously-registered hook. Like the add method, this method - * does not do any security checks. - */ - static boolean remove(Runnable hook) { - synchronized (lock) { - if (state > RUNNING) - throw new IllegalStateException("Shutdown in progress"); - if (hook == null) throw new NullPointerException(); - if (hooks == null) { - return false; - } else { - return hooks.remove(hook); - } - } - } - - /* Run all registered shutdown hooks */ private static void runHooks() { @@ -103,7 +91,7 @@ class Shutdown { */ for (Runnable hook : hooks) { try { - hook.run(); + if (hook != null) hook.run(); } catch(Throwable t) { if (t instanceof ThreadDeath) { ThreadDeath td = (ThreadDeath)t; diff --git a/jdk/src/share/classes/java/lang/System.java b/jdk/src/share/classes/java/lang/System.java index a81bfa70152..eb62b4087e9 100644 --- a/jdk/src/share/classes/java/lang/System.java +++ b/jdk/src/share/classes/java/lang/System.java @@ -1121,14 +1121,6 @@ public final class System { // Setup Java signal handlers for HUP, TERM, and INT (where available). Terminator.setup(); - // The order in with the hooks are added here is important as it - // determines the order in which they are run. - // (1)Console restore hook needs to be called first. - // (2)Application hooks must be run before calling deleteOnExitHook. - Shutdown.add(sun.misc.SharedSecrets.getJavaIOAccess().consoleRestoreHook()); - Shutdown.add(ApplicationShutdownHooks.hook()); - Shutdown.add(sun.misc.SharedSecrets.getJavaIODeleteOnExitAccess()); - // Initialize any miscellenous operating system settings that need to be // set for the class libraries. Currently this is no-op everywhere except // for Windows where the process-wide error mode is set before the java.io @@ -1174,6 +1166,9 @@ public final class System { public void blockedOn(Thread t, Interruptible b) { t.blockedOn(b); } + public void registerShutdownHook(int slot, Runnable r) { + Shutdown.add(slot, r); + } }); } diff --git a/jdk/src/share/classes/sun/misc/JavaIOAccess.java b/jdk/src/share/classes/sun/misc/JavaIOAccess.java index 2a076a9d84d..f0b50a8ac4e 100644 --- a/jdk/src/share/classes/sun/misc/JavaIOAccess.java +++ b/jdk/src/share/classes/sun/misc/JavaIOAccess.java @@ -29,6 +29,5 @@ import java.nio.charset.Charset; public interface JavaIOAccess { public Console console(); - public Runnable consoleRestoreHook(); public Charset charset(); } diff --git a/jdk/src/share/classes/sun/misc/JavaIODeleteOnExitAccess.java b/jdk/src/share/classes/sun/misc/JavaIODeleteOnExitAccess.java deleted file mode 100644 index 54aef8b428a..00000000000 --- a/jdk/src/share/classes/sun/misc/JavaIODeleteOnExitAccess.java +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Sun designates this - * particular file as subject to the "Classpath" exception as provided - * by Sun in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, - * CA 95054 USA or visit www.sun.com if you need additional information or - * have any questions. - */ - -package sun.misc; - -public interface JavaIODeleteOnExitAccess extends Runnable { - public void run(); -} diff --git a/jdk/src/share/classes/sun/misc/JavaLangAccess.java b/jdk/src/share/classes/sun/misc/JavaLangAccess.java index 7c1cc55032f..c288bc8402f 100644 --- a/jdk/src/share/classes/sun/misc/JavaLangAccess.java +++ b/jdk/src/share/classes/sun/misc/JavaLangAccess.java @@ -54,4 +54,7 @@ public interface JavaLangAccess { /** Set thread's blocker field. */ void blockedOn(Thread t, Interruptible b); + + /** register shutdown hook */ + void registerShutdownHook(int slot, Runnable r); } diff --git a/jdk/src/share/classes/sun/misc/SharedSecrets.java b/jdk/src/share/classes/sun/misc/SharedSecrets.java index 938e54c6c50..16b5727c604 100644 --- a/jdk/src/share/classes/sun/misc/SharedSecrets.java +++ b/jdk/src/share/classes/sun/misc/SharedSecrets.java @@ -44,7 +44,6 @@ public class SharedSecrets { private static JavaUtilJarAccess javaUtilJarAccess; private static JavaLangAccess javaLangAccess; private static JavaIOAccess javaIOAccess; - private static JavaIODeleteOnExitAccess javaIODeleteOnExitAccess; private static JavaNetAccess javaNetAccess; private static JavaNioAccess javaNioAccess; private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess; @@ -103,17 +102,6 @@ public class SharedSecrets { return javaIOAccess; } - public static void setJavaIODeleteOnExitAccess(JavaIODeleteOnExitAccess jida) { - javaIODeleteOnExitAccess = jida; - } - - public static JavaIODeleteOnExitAccess getJavaIODeleteOnExitAccess() { - if (javaIODeleteOnExitAccess == null) { - unsafe.ensureClassInitialized(File.class); - } - return javaIODeleteOnExitAccess; - } - public static void setJavaIOFileDescriptorAccess(JavaIOFileDescriptorAccess jiofda) { javaIOFileDescriptorAccess = jiofda; } From 2f06b83dfcf601211b83b31d99b95b368f266493 Mon Sep 17 00:00:00 2001 From: Mandy Chung Date: Thu, 12 Mar 2009 10:32:58 -0700 Subject: [PATCH 03/11] 6813240: Remove dead code in sun.misc.FormattedFloatingDecimal class Remove unused methods from FormattedFloatingDecimal that were originally copied from FloatingDecimal Reviewed-by: darcy --- .../sun/misc/FormattedFloatingDecimal.java | 812 ------------------ 1 file changed, 812 deletions(-) diff --git a/jdk/src/share/classes/sun/misc/FormattedFloatingDecimal.java b/jdk/src/share/classes/sun/misc/FormattedFloatingDecimal.java index a1a658a3e6f..99ba5224950 100644 --- a/jdk/src/share/classes/sun/misc/FormattedFloatingDecimal.java +++ b/jdk/src/share/classes/sun/misc/FormattedFloatingDecimal.java @@ -978,15 +978,6 @@ public class FormattedFloatingDecimal{ return new String(result); } - // This method should only ever be called if this object is constructed - // without Form.DECIMAL_FLOAT because the perThreadBuffer is not large - // enough to handle floating-point numbers of large precision. - public String toJavaFormatString() { - char result[] = (char[])(perThreadBuffer.get()); - int i = getChars(result); - return new String(result, 0, i); - } - // returns the exponent before rounding public int getExponent() { return decExponent - 1; @@ -1157,265 +1148,6 @@ public class FormattedFloatingDecimal{ } }; - // This method should only ever be called if this object is constructed - // without Form.DECIMAL_FLOAT because the perThreadBuffer is not large - // enough to handle floating-point numbers of large precision. - public void appendTo(Appendable buf) { - char result[] = (char[])(perThreadBuffer.get()); - int i = getChars(result); - if (buf instanceof StringBuilder) - ((StringBuilder) buf).append(result, 0, i); - else if (buf instanceof StringBuffer) - ((StringBuffer) buf).append(result, 0, i); - else - assert false; - } - - public static FormattedFloatingDecimal - readJavaFormatString( String in ) throws NumberFormatException { - boolean isNegative = false; - boolean signSeen = false; - int decExp; - char c; - - parseNumber: - try{ - in = in.trim(); // don't fool around with white space. - // throws NullPointerException if null - int l = in.length(); - if ( l == 0 ) throw new NumberFormatException("empty String"); - int i = 0; - switch ( c = in.charAt( i ) ){ - case '-': - isNegative = true; - //FALLTHROUGH - case '+': - i++; - signSeen = true; - } - - // Check for NaN and Infinity strings - c = in.charAt(i); - if(c == 'N' || c == 'I') { // possible NaN or infinity - boolean potentialNaN = false; - char targetChars[] = null; // char arrary of "NaN" or "Infinity" - - if(c == 'N') { - targetChars = notANumber; - potentialNaN = true; - } else { - targetChars = infinity; - } - - // compare Input string to "NaN" or "Infinity" - int j = 0; - while(i < l && j < targetChars.length) { - if(in.charAt(i) == targetChars[j]) { - i++; j++; - } - else // something is amiss, throw exception - break parseNumber; - } - - // For the candidate string to be a NaN or infinity, - // all characters in input string and target char[] - // must be matched ==> j must equal targetChars.length - // and i must equal l - if( (j == targetChars.length) && (i == l) ) { // return NaN or infinity - return (potentialNaN ? new FormattedFloatingDecimal(Double.NaN) // NaN has no sign - : new FormattedFloatingDecimal(isNegative? - Double.NEGATIVE_INFINITY: - Double.POSITIVE_INFINITY)) ; - } - else { // something went wrong, throw exception - break parseNumber; - } - - } else if (c == '0') { // check for hexadecimal floating-point number - if (l > i+1 ) { - char ch = in.charAt(i+1); - if (ch == 'x' || ch == 'X' ) // possible hex string - return parseHexString(in); - } - } // look for and process decimal floating-point string - - char[] digits = new char[ l ]; - int nDigits= 0; - boolean decSeen = false; - int decPt = 0; - int nLeadZero = 0; - int nTrailZero= 0; - digitLoop: - while ( i < l ){ - switch ( c = in.charAt( i ) ){ - case '0': - if ( nDigits > 0 ){ - nTrailZero += 1; - } else { - nLeadZero += 1; - } - break; // out of switch. - case '1': - case '2': - case '3': - case '4': - case '5': - case '6': - case '7': - case '8': - case '9': - while ( nTrailZero > 0 ){ - digits[nDigits++] = '0'; - nTrailZero -= 1; - } - digits[nDigits++] = c; - break; // out of switch. - case '.': - if ( decSeen ){ - // already saw one ., this is the 2nd. - throw new NumberFormatException("multiple points"); - } - decPt = i; - if ( signSeen ){ - decPt -= 1; - } - decSeen = true; - break; // out of switch. - default: - break digitLoop; - } - i++; - } - /* - * At this point, we've scanned all the digits and decimal - * point we're going to see. Trim off leading and trailing - * zeros, which will just confuse us later, and adjust - * our initial decimal exponent accordingly. - * To review: - * we have seen i total characters. - * nLeadZero of them were zeros before any other digits. - * nTrailZero of them were zeros after any other digits. - * if ( decSeen ), then a . was seen after decPt characters - * ( including leading zeros which have been discarded ) - * nDigits characters were neither lead nor trailing - * zeros, nor point - */ - /* - * special hack: if we saw no non-zero digits, then the - * answer is zero! - * Unfortunately, we feel honor-bound to keep parsing! - */ - if ( nDigits == 0 ){ - digits = zero; - nDigits = 1; - if ( nLeadZero == 0 ){ - // we saw NO DIGITS AT ALL, - // not even a crummy 0! - // this is not allowed. - break parseNumber; // go throw exception - } - - } - - /* Our initial exponent is decPt, adjusted by the number of - * discarded zeros. Or, if there was no decPt, - * then its just nDigits adjusted by discarded trailing zeros. - */ - if ( decSeen ){ - decExp = decPt - nLeadZero; - } else { - decExp = nDigits+nTrailZero; - } - - /* - * Look for 'e' or 'E' and an optionally signed integer. - */ - if ( (i < l) && (((c = in.charAt(i) )=='e') || (c == 'E') ) ){ - int expSign = 1; - int expVal = 0; - int reallyBig = Integer.MAX_VALUE / 10; - boolean expOverflow = false; - switch( in.charAt(++i) ){ - case '-': - expSign = -1; - //FALLTHROUGH - case '+': - i++; - } - int expAt = i; - expLoop: - while ( i < l ){ - if ( expVal >= reallyBig ){ - // the next character will cause integer - // overflow. - expOverflow = true; - } - switch ( c = in.charAt(i++) ){ - case '0': - case '1': - case '2': - case '3': - case '4': - case '5': - case '6': - case '7': - case '8': - case '9': - expVal = expVal*10 + ( (int)c - (int)'0' ); - continue; - default: - i--; // back up. - break expLoop; // stop parsing exponent. - } - } - int expLimit = bigDecimalExponent+nDigits+nTrailZero; - if ( expOverflow || ( expVal > expLimit ) ){ - // - // The intent here is to end up with - // infinity or zero, as appropriate. - // The reason for yielding such a small decExponent, - // rather than something intuitive such as - // expSign*Integer.MAX_VALUE, is that this value - // is subject to further manipulation in - // doubleValue() and floatValue(), and I don't want - // it to be able to cause overflow there! - // (The only way we can get into trouble here is for - // really outrageous nDigits+nTrailZero, such as 2 billion. ) - // - decExp = expSign*expLimit; - } else { - // this should not overflow, since we tested - // for expVal > (MAX+N), where N >= abs(decExp) - decExp = decExp + expSign*expVal; - } - - // if we saw something not a digit ( or end of string ) - // after the [Ee][+-], without seeing any digits at all - // this is certainly an error. If we saw some digits, - // but then some trailing garbage, that might be ok. - // so we just fall through in that case. - // HUMBUG - if ( i == expAt ) - break parseNumber; // certainly bad - } - /* - * We parsed everything we could. - * If there are leftovers, then this is not good input! - */ - if ( i < l && - ((i != l - 1) || - (in.charAt(i) != 'f' && - in.charAt(i) != 'F' && - in.charAt(i) != 'd' && - in.charAt(i) != 'D'))) { - break parseNumber; // go throw exception - } - - return new FormattedFloatingDecimal( isNegative, decExp, digits, nDigits, false, Integer.MAX_VALUE, Form.COMPATIBLE ); - } catch ( StringIndexOutOfBoundsException e ){ } - throw new NumberFormatException("For input string: \"" + in + "\""); - } - /* * Take a FormattedFloatingDecimal, which we presumably just scanned in, * and find out what its value is, as a double. @@ -2035,548 +1767,4 @@ public class FormattedFloatingDecimal{ private static final char infinity[] = { 'I', 'n', 'f', 'i', 'n', 'i', 't', 'y' }; private static final char notANumber[] = { 'N', 'a', 'N' }; private static final char zero[] = { '0', '0', '0', '0', '0', '0', '0', '0' }; - - - /* - * Grammar is compatible with hexadecimal floating-point constants - * described in section 6.4.4.2 of the C99 specification. - */ - private static Pattern hexFloatPattern = Pattern.compile( - //1 234 56 7 8 9 - "([-+])?0[xX](((\\p{XDigit}+)\\.?)|((\\p{XDigit}*)\\.(\\p{XDigit}+)))[pP]([-+])?(\\p{Digit}+)[fFdD]?" - ); - - /* - * Convert string s to a suitable floating decimal; uses the - * double constructor and set the roundDir variable appropriately - * in case the value is later converted to a float. - */ - static FormattedFloatingDecimal parseHexString(String s) { - // Verify string is a member of the hexadecimal floating-point - // string language. - Matcher m = hexFloatPattern.matcher(s); - boolean validInput = m.matches(); - - if (!validInput) { - // Input does not match pattern - throw new NumberFormatException("For input string: \"" + s + "\""); - } else { // validInput - /* - * We must isolate the sign, significand, and exponent - * fields. The sign value is straightforward. Since - * floating-point numbers are stored with a normalized - * representation, the significand and exponent are - * interrelated. - * - * After extracting the sign, we normalized the - * significand as a hexadecimal value, calculating an - * exponent adjust for any shifts made during - * normalization. If the significand is zero, the - * exponent doesn't need to be examined since the output - * will be zero. - * - * Next the exponent in the input string is extracted. - * Afterwards, the significand is normalized as a *binary* - * value and the input value's normalized exponent can be - * computed. The significand bits are copied into a - * double significand; if the string has more logical bits - * than can fit in a double, the extra bits affect the - * round and sticky bits which are used to round the final - * value. - */ - - // Extract significand sign - String group1 = m.group(1); - double sign = (( group1 == null ) || group1.equals("+"))? 1.0 : -1.0; - - - // Extract Significand magnitude - /* - * Based on the form of the significand, calculate how the - * binary exponent needs to be adjusted to create a - * normalized *hexadecimal* floating-point number; that - * is, a number where there is one nonzero hex digit to - * the left of the (hexa)decimal point. Since we are - * adjusting a binary, not hexadecimal exponent, the - * exponent is adjusted by a multiple of 4. - * - * There are a number of significand scenarios to consider; - * letters are used in indicate nonzero digits: - * - * 1. 000xxxx => x.xxx normalized - * increase exponent by (number of x's - 1)*4 - * - * 2. 000xxx.yyyy => x.xxyyyy normalized - * increase exponent by (number of x's - 1)*4 - * - * 3. .000yyy => y.yy normalized - * decrease exponent by (number of zeros + 1)*4 - * - * 4. 000.00000yyy => y.yy normalized - * decrease exponent by (number of zeros to right of point + 1)*4 - * - * If the significand is exactly zero, return a properly - * signed zero. - */ - - String significandString =null; - int signifLength = 0; - int exponentAdjust = 0; - { - int leftDigits = 0; // number of meaningful digits to - // left of "decimal" point - // (leading zeros stripped) - int rightDigits = 0; // number of digits to right of - // "decimal" point; leading zeros - // must always be accounted for - /* - * The significand is made up of either - * - * 1. group 4 entirely (integer portion only) - * - * OR - * - * 2. the fractional portion from group 7 plus any - * (optional) integer portions from group 6. - */ - String group4; - if( (group4 = m.group(4)) != null) { // Integer-only significand - // Leading zeros never matter on the integer portion - significandString = stripLeadingZeros(group4); - leftDigits = significandString.length(); - } - else { - // Group 6 is the optional integer; leading zeros - // never matter on the integer portion - String group6 = stripLeadingZeros(m.group(6)); - leftDigits = group6.length(); - - // fraction - String group7 = m.group(7); - rightDigits = group7.length(); - - // Turn "integer.fraction" into "integer"+"fraction" - significandString = - ((group6 == null)?"":group6) + // is the null - // check necessary? - group7; - } - - significandString = stripLeadingZeros(significandString); - signifLength = significandString.length(); - - /* - * Adjust exponent as described above - */ - if (leftDigits >= 1) { // Cases 1 and 2 - exponentAdjust = 4*(leftDigits - 1); - } else { // Cases 3 and 4 - exponentAdjust = -4*( rightDigits - signifLength + 1); - } - - // If the significand is zero, the exponent doesn't - // matter; return a properly signed zero. - - if (signifLength == 0) { // Only zeros in input - return new FormattedFloatingDecimal(sign * 0.0); - } - } - - // Extract Exponent - /* - * Use an int to read in the exponent value; this should - * provide more than sufficient range for non-contrived - * inputs. If reading the exponent in as an int does - * overflow, examine the sign of the exponent and - * significand to determine what to do. - */ - String group8 = m.group(8); - boolean positiveExponent = ( group8 == null ) || group8.equals("+"); - long unsignedRawExponent; - try { - unsignedRawExponent = Integer.parseInt(m.group(9)); - } - catch (NumberFormatException e) { - // At this point, we know the exponent is - // syntactically well-formed as a sequence of - // digits. Therefore, if an NumberFormatException - // is thrown, it must be due to overflowing int's - // range. Also, at this point, we have already - // checked for a zero significand. Thus the signs - // of the exponent and significand determine the - // final result: - // - // significand - // + - - // exponent + +infinity -infinity - // - +0.0 -0.0 - return new FormattedFloatingDecimal(sign * (positiveExponent ? - Double.POSITIVE_INFINITY : 0.0)); - } - - long rawExponent = - (positiveExponent ? 1L : -1L) * // exponent sign - unsignedRawExponent; // exponent magnitude - - // Calculate partially adjusted exponent - long exponent = rawExponent + exponentAdjust ; - - // Starting copying non-zero bits into proper position in - // a long; copy explicit bit too; this will be masked - // later for normal values. - - boolean round = false; - boolean sticky = false; - int bitsCopied=0; - int nextShift=0; - long significand=0L; - // First iteration is different, since we only copy - // from the leading significand bit; one more exponent - // adjust will be needed... - - // IMPORTANT: make leadingDigit a long to avoid - // surprising shift semantics! - long leadingDigit = getHexDigit(significandString, 0); - - /* - * Left shift the leading digit (53 - (bit position of - * leading 1 in digit)); this sets the top bit of the - * significand to 1. The nextShift value is adjusted - * to take into account the number of bit positions of - * the leadingDigit actually used. Finally, the - * exponent is adjusted to normalize the significand - * as a binary value, not just a hex value. - */ - if (leadingDigit == 1) { - significand |= leadingDigit << 52; - nextShift = 52 - 4; - /* exponent += 0 */ } - else if (leadingDigit <= 3) { // [2, 3] - significand |= leadingDigit << 51; - nextShift = 52 - 5; - exponent += 1; - } - else if (leadingDigit <= 7) { // [4, 7] - significand |= leadingDigit << 50; - nextShift = 52 - 6; - exponent += 2; - } - else if (leadingDigit <= 15) { // [8, f] - significand |= leadingDigit << 49; - nextShift = 52 - 7; - exponent += 3; - } else { - throw new AssertionError("Result from digit converstion too large!"); - } - // The preceding if-else could be replaced by a single - // code block based on the high-order bit set in - // leadingDigit. Given leadingOnePosition, - - // significand |= leadingDigit << (SIGNIFICAND_WIDTH - leadingOnePosition); - // nextShift = 52 - (3 + leadingOnePosition); - // exponent += (leadingOnePosition-1); - - - /* - * Now the exponent variable is equal to the normalized - * binary exponent. Code below will make representation - * adjustments if the exponent is incremented after - * rounding (includes overflows to infinity) or if the - * result is subnormal. - */ - - // Copy digit into significand until the significand can't - // hold another full hex digit or there are no more input - // hex digits. - int i = 0; - for(i = 1; - i < signifLength && nextShift >= 0; - i++) { - long currentDigit = getHexDigit(significandString, i); - significand |= (currentDigit << nextShift); - nextShift-=4; - } - - // After the above loop, the bulk of the string is copied. - // Now, we must copy any partial hex digits into the - // significand AND compute the round bit and start computing - // sticky bit. - - if ( i < signifLength ) { // at least one hex input digit exists - long currentDigit = getHexDigit(significandString, i); - - // from nextShift, figure out how many bits need - // to be copied, if any - switch(nextShift) { // must be negative - case -1: - // three bits need to be copied in; can - // set round bit - significand |= ((currentDigit & 0xEL) >> 1); - round = (currentDigit & 0x1L) != 0L; - break; - - case -2: - // two bits need to be copied in; can - // set round and start sticky - significand |= ((currentDigit & 0xCL) >> 2); - round = (currentDigit &0x2L) != 0L; - sticky = (currentDigit & 0x1L) != 0; - break; - - case -3: - // one bit needs to be copied in - significand |= ((currentDigit & 0x8L)>>3); - // Now set round and start sticky, if possible - round = (currentDigit &0x4L) != 0L; - sticky = (currentDigit & 0x3L) != 0; - break; - - case -4: - // all bits copied into significand; set - // round and start sticky - round = ((currentDigit & 0x8L) != 0); // is top bit set? - // nonzeros in three low order bits? - sticky = (currentDigit & 0x7L) != 0; - break; - - default: - throw new AssertionError("Unexpected shift distance remainder."); - // break; - } - - // Round is set; sticky might be set. - - // For the sticky bit, it suffices to check the - // current digit and test for any nonzero digits in - // the remaining unprocessed input. - i++; - while(i < signifLength && !sticky) { - currentDigit = getHexDigit(significandString,i); - sticky = sticky || (currentDigit != 0); - i++; - } - - } - // else all of string was seen, round and sticky are - // correct as false. - - - // Check for overflow and update exponent accordingly. - - if (exponent > DoubleConsts.MAX_EXPONENT) { // Infinite result - // overflow to properly signed infinity - return new FormattedFloatingDecimal(sign * Double.POSITIVE_INFINITY); - } else { // Finite return value - if (exponent <= DoubleConsts.MAX_EXPONENT && // (Usually) normal result - exponent >= DoubleConsts.MIN_EXPONENT) { - - // The result returned in this block cannot be a - // zero or subnormal; however after the - // significand is adjusted from rounding, we could - // still overflow in infinity. - - // AND exponent bits into significand; if the - // significand is incremented and overflows from - // rounding, this combination will update the - // exponent correctly, even in the case of - // Double.MAX_VALUE overflowing to infinity. - - significand = (( ((long)exponent + - (long)DoubleConsts.EXP_BIAS) << - (DoubleConsts.SIGNIFICAND_WIDTH-1)) - & DoubleConsts.EXP_BIT_MASK) | - (DoubleConsts.SIGNIF_BIT_MASK & significand); - - } else { // Subnormal or zero - // (exponent < DoubleConsts.MIN_EXPONENT) - - if (exponent < (DoubleConsts.MIN_SUB_EXPONENT -1 )) { - // No way to round back to nonzero value - // regardless of significand if the exponent is - // less than -1075. - return new FormattedFloatingDecimal(sign * 0.0); - } else { // -1075 <= exponent <= MIN_EXPONENT -1 = -1023 - /* - * Find bit position to round to; recompute - * round and sticky bits, and shift - * significand right appropriately. - */ - - sticky = sticky || round; - round = false; - - // Number of bits of significand to preserve is - // exponent - abs_min_exp +1 - // check: - // -1075 +1074 + 1 = 0 - // -1023 +1074 + 1 = 52 - - int bitsDiscarded = 53 - - ((int)exponent - DoubleConsts.MIN_SUB_EXPONENT + 1); - assert bitsDiscarded >= 1 && bitsDiscarded <= 53; - - // What to do here: - // First, isolate the new round bit - round = (significand & (1L << (bitsDiscarded -1))) != 0L; - if (bitsDiscarded > 1) { - // create mask to update sticky bits; low - // order bitsDiscarded bits should be 1 - long mask = ~((~0L) << (bitsDiscarded -1)); - sticky = sticky || ((significand & mask) != 0L ) ; - } - - // Now, discard the bits - significand = significand >> bitsDiscarded; - - significand = (( ((long)(DoubleConsts.MIN_EXPONENT -1) + // subnorm exp. - (long)DoubleConsts.EXP_BIAS) << - (DoubleConsts.SIGNIFICAND_WIDTH-1)) - & DoubleConsts.EXP_BIT_MASK) | - (DoubleConsts.SIGNIF_BIT_MASK & significand); - } - } - - // The significand variable now contains the currently - // appropriate exponent bits too. - - /* - * Determine if significand should be incremented; - * making this determination depends on the least - * significant bit and the round and sticky bits. - * - * Round to nearest even rounding table, adapted from - * table 4.7 in "Computer Arithmetic" by IsraelKoren. - * The digit to the left of the "decimal" point is the - * least significant bit, the digits to the right of - * the point are the round and sticky bits - * - * Number Round(x) - * x0.00 x0. - * x0.01 x0. - * x0.10 x0. - * x0.11 x1. = x0. +1 - * x1.00 x1. - * x1.01 x1. - * x1.10 x1. + 1 - * x1.11 x1. + 1 - */ - boolean incremented = false; - boolean leastZero = ((significand & 1L) == 0L); - if( ( leastZero && round && sticky ) || - ((!leastZero) && round )) { - incremented = true; - significand++; - } - - FormattedFloatingDecimal fd = new FormattedFloatingDecimal(FpUtils.rawCopySign( - Double.longBitsToDouble(significand), - sign)); - - /* - * Set roundingDir variable field of fd properly so - * that the input string can be properly rounded to a - * float value. There are two cases to consider: - * - * 1. rounding to double discards sticky bit - * information that would change the result of a float - * rounding (near halfway case between two floats) - * - * 2. rounding to double rounds up when rounding up - * would not occur when rounding to float. - * - * For former case only needs to be considered when - * the bits rounded away when casting to float are all - * zero; otherwise, float round bit is properly set - * and sticky will already be true. - * - * The lower exponent bound for the code below is the - * minimum (normalized) subnormal exponent - 1 since a - * value with that exponent can round up to the - * minimum subnormal value and the sticky bit - * information must be preserved (i.e. case 1). - */ - if ((exponent >= FloatConsts.MIN_SUB_EXPONENT-1) && - (exponent <= FloatConsts.MAX_EXPONENT ) ){ - // Outside above exponent range, the float value - // will be zero or infinity. - - /* - * If the low-order 28 bits of a rounded double - * significand are 0, the double could be a - * half-way case for a rounding to float. If the - * double value is a half-way case, the double - * significand may have to be modified to round - * the the right float value (see the stickyRound - * method). If the rounding to double has lost - * what would be float sticky bit information, the - * double significand must be incremented. If the - * double value's significand was itself - * incremented, the float value may end up too - * large so the increment should be undone. - */ - if ((significand & 0xfffffffL) == 0x0L) { - // For negative values, the sign of the - // roundDir is the same as for positive values - // since adding 1 increasing the significand's - // magnitude and subtracting 1 decreases the - // significand's magnitude. If neither round - // nor sticky is true, the double value is - // exact and no adjustment is required for a - // proper float rounding. - if( round || sticky) { - if (leastZero) { // prerounding lsb is 0 - // If round and sticky were both true, - // and the least significant - // significand bit were 0, the rounded - // significand would not have its - // low-order bits be zero. Therefore, - // we only need to adjust the - // significand if round XOR sticky is - // true. - if (round ^ sticky) { - fd.roundDir = 1; - } - } - else { // prerounding lsb is 1 - // If the prerounding lsb is 1 and the - // resulting significand has its - // low-order bits zero, the significand - // was incremented. Here, we undo the - // increment, which will ensure the - // right guard and sticky bits for the - // float rounding. - if (round) - fd.roundDir = -1; - } - } - } - } - - fd.fromHex = true; - return fd; - } - } - } - - /** - * Return s with any leading zeros removed. - */ - static String stripLeadingZeros(String s) { - return s.replaceFirst("^0+", ""); - } - - /** - * Extract a hexadecimal digit from position position - * of string s. - */ - static int getHexDigit(String s, int position) { - int value = Character.digit(s.charAt(position), 16); - if (value <= -1 || value >= 16) { - throw new AssertionError("Unxpected failure of digit converstion of " + - s.charAt(position)); - } - return value; - } - - } From 78ae650f8f866b0e9341c928fff17bed67e5ad58 Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Fri, 13 Mar 2009 09:20:56 +0800 Subject: [PATCH 04/11] 6815182: GSSAPI/SPNEGO does not work with server using MIT Kerberos library Reviewed-by: valeriep --- .../security/jgss/spnego/NegTokenInit.java | 10 +- .../security/jgss/spnego/SpNegoContext.java | 35 ++----- .../security/krb5/auto/SpnegoReqFlags.java | 92 +++++++++++++++++++ 3 files changed, 107 insertions(+), 30 deletions(-) create mode 100644 jdk/test/sun/security/krb5/auto/SpnegoReqFlags.java diff --git a/jdk/src/share/classes/sun/security/jgss/spnego/NegTokenInit.java b/jdk/src/share/classes/sun/security/jgss/spnego/NegTokenInit.java index 6003cdfaeab..9bb77fd7a1d 100644 --- a/jdk/src/share/classes/sun/security/jgss/spnego/NegTokenInit.java +++ b/jdk/src/share/classes/sun/security/jgss/spnego/NegTokenInit.java @@ -1,5 +1,5 @@ /* - * Copyright 2005-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -66,11 +66,11 @@ public class NegTokenInit extends SpNegoToken { private byte[] mechTypes = null; private Oid[] mechTypeList = null; - private byte[] reqFlags = null; + private BitArray reqFlags = null; private byte[] mechToken = null; private byte[] mechListMIC = null; - NegTokenInit(byte[] mechTypes, byte[] flags, + NegTokenInit(byte[] mechTypes, BitArray flags, byte[] token, byte[] mechListMIC) { super(NEG_TOKEN_INIT_ID); @@ -101,7 +101,7 @@ public class NegTokenInit extends SpNegoToken { // write context flags with CONTEXT 01 if (reqFlags != null) { DerOutputStream flags = new DerOutputStream(); - flags.putBitString(reqFlags); + flags.putUnalignedBitString(reqFlags); initToken.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), flags); } @@ -237,7 +237,7 @@ public class NegTokenInit extends SpNegoToken { return mechTypeList; } - byte[] getReqFlags() { + BitArray getReqFlags() { return reqFlags; } diff --git a/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java b/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java index 7185b0e08a7..a84e8a26001 100644 --- a/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java +++ b/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java @@ -1,5 +1,5 @@ /* - * Copyright 2005-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -53,13 +53,6 @@ public class SpNegoContext implements GSSContextSpi { private int state = STATE_NEW; - private static final int CHECKSUM_DELEG_FLAG = 1; - private static final int CHECKSUM_MUTUAL_FLAG = 2; - private static final int CHECKSUM_REPLAY_FLAG = 4; - private static final int CHECKSUM_SEQUENCE_FLAG = 8; - private static final int CHECKSUM_CONF_FLAG = 16; - private static final int CHECKSUM_INTEG_FLAG = 32; - /* * Optional features that the application can set and their default * values. @@ -697,25 +690,17 @@ public class SpNegoContext implements GSSContextSpi { /** * get the context flags */ - private byte[] getContextFlags() { - int flags = 0; + private BitArray getContextFlags() { + BitArray out = new BitArray(7); - if (getCredDelegState()) - flags |= CHECKSUM_DELEG_FLAG; - if (getMutualAuthState()) - flags |= CHECKSUM_MUTUAL_FLAG; - if (getReplayDetState()) - flags |= CHECKSUM_REPLAY_FLAG; - if (getSequenceDetState()) - flags |= CHECKSUM_SEQUENCE_FLAG; - if (getIntegState()) - flags |= CHECKSUM_INTEG_FLAG; - if (getConfState()) - flags |= CHECKSUM_CONF_FLAG; + if (getCredDelegState()) out.set(0, true); + if (getMutualAuthState()) out.set(1, true); + if (getReplayDetState()) out.set(2, true); + if (getSequenceDetState()) out.set(3, true); + if (getConfState()) out.set(5, true); + if (getIntegState()) out.set(6, true); - byte[] temp = new byte[1]; - temp[0] = (byte)(flags & 0xff); - return temp; + return out; } private void setContextFlags() { diff --git a/jdk/test/sun/security/krb5/auto/SpnegoReqFlags.java b/jdk/test/sun/security/krb5/auto/SpnegoReqFlags.java new file mode 100644 index 00000000000..a94a2b5d1ac --- /dev/null +++ b/jdk/test/sun/security/krb5/auto/SpnegoReqFlags.java @@ -0,0 +1,92 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6815182 + * @summary GSSAPI/SPNEGO does not work with server using MIT Kerberos library + */ + +import sun.security.jgss.GSSUtil; +import sun.security.util.BitArray; +import sun.security.util.DerInputStream; +import sun.security.util.DerValue; + +public class SpnegoReqFlags { + + public static void main(String[] args) + throws Exception { + + // Create and start the KDC + new OneKDC(null).writeJAASConf(); + new SpnegoReqFlags().go(); + } + + void go() throws Exception { + Context c = Context.fromJAAS("client"); + c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID); + + byte[] token = c.doAs(new Action() { + @Override + public byte[] run(Context me, byte[] input) throws Exception { + me.x().requestCredDeleg(true); + me.x().requestReplayDet(false); + me.x().requestSequenceDet(false); + return me.x().initSecContext(new byte[0], 0, 0); + } + }, null); + + DerValue d = new DerValue(token); // GSSToken + DerInputStream ins = d.data; // OID + mech token + d.data.getDerValue(); // skip OID + d = d.data.getDerValue(); // NegTokenInit + d = d.data.getDerValue(); // The SEQUENCE inside + + boolean found = false; + + // Go through all fields inside NegTokenInit. The reqFlags field + // is optional. It's even not recommended in RFC 4178. + while (d.data.available() > 0) { + DerValue d2 = d.data.getDerValue(); + if (d2.isContextSpecific((byte)1)) { + found = true; + System.out.println("regFlags field located."); + BitArray ba = d2.data.getUnalignedBitString(); + if (ba.length() != 7) { + throw new Exception("reqFlags should contain 7 bits"); + } + if (!ba.get(0)) { + throw new Exception("delegFlag should be true"); + } + if (ba.get(2) || ba.get(3)) { + throw new Exception("replay/sequenceFlag should be false"); + } + } + } + + if (!found) { + System.out.println("Warning: regFlags field not found, too new?"); + } + c.dispose(); + } +} From d6f2afc28f0e2d6681d0b3d5d412bade9c4a1502 Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Fri, 13 Mar 2009 09:21:13 +0800 Subject: [PATCH 05/11] 6550221: jaas, jgss and smartcardio javadoc files do not contain Copyrights Reviewed-by: ohair --- jdk/make/docs/Makefile | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/jdk/make/docs/Makefile b/jdk/make/docs/Makefile index 492fa059160..301acde0826 100644 --- a/jdk/make/docs/Makefile +++ b/jdk/make/docs/Makefile @@ -1,5 +1,5 @@ # -# Copyright 1997-2008 Sun Microsystems, Inc. All Rights Reserved. +# Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -204,6 +204,9 @@ JDI_DOCTITLE = "Java$(TRADEMARK) Debug Interface" JDI_HEADER = "Java Debug Interface" # JDI_PKGS is located in NON_CORE_PKGS.gmk +# Variables used by security components +SECURITYAPI_JAVADOCBOTTOM = 'Report a bug or request a feature.
Copyright $(THIS_YEAR) Sun Microsystems, Inc. All Rights Reserved. Use is subject to license terms.' + # # Variables used by JAAS target # @@ -221,6 +224,7 @@ JAAS_JAVADOCFLAGS = $(COMMON_JAVADOCFLAGS) \ -windowtitle $(JAAS_WINDOWTITLE) \ -doctitle $(JAAS_DOCTITLE) \ -header $(JAAS_JAVADOCHEADER) \ + -bottom $(SECURITYAPI_JAVADOCBOTTOM) \ -linkoffline ../../../../../api $(DOCSDIR)/api/ \ -overview $(TOPDIR)/src/share/classes/com/sun/security/auth/jaas-overview.html JAAS_WINDOWTITLE = "Java Authentication and Authorization Service " @@ -243,6 +247,7 @@ JGSS_JAVADOCFLAGS = $(COMMON_JAVADOCFLAGS) \ -windowtitle $(JGSS_WINDOWTITLE) \ -doctitle $(JGSS_DOCTITLE) \ -header $(JGSS_JAVADOCHEADER) \ + -bottom $(SECURITYAPI_JAVADOCBOTTOM) \ -linkoffline ../../../../../api $(DOCSDIR)/api/ \ -overview $(JGSS_SOURCEPATH)/com/sun/security/jgss/jgss-overview.html @@ -266,6 +271,7 @@ SMARTCARDIO_JAVADOCFLAGS = $(COMMON_JAVADOCFLAGS) \ -windowtitle $(SMARTCARDIO_WINDOWTITLE) \ -doctitle $(SMARTCARDIO_DOCTITLE) \ -header $(SMARTCARDIO_JAVADOCHEADER) \ + -bottom $(SECURITYAPI_JAVADOCBOTTOM) \ -linkoffline ../../../../../api $(DOCSDIR)/api/ SMARTCARDIO_WINDOWTITLE = "Java Smart Card I/O" From 95ef28ff0d979d4b1664e9ec8a6cc136ce5a1839 Mon Sep 17 00:00:00 2001 From: Xue-Lei Andrew Fan Date: Fri, 13 Mar 2009 12:59:25 +0800 Subject: [PATCH 06/11] 6798714: OCSPResponse class has to check the validity of signing certificate for OCSP response Checking validity and ocsp-nocheck extension. Reviewed-by: mullan, vinnie --- .../provider/certpath/OCSPResponse.java | 55 +++++++- .../security/x509/OCSPNoCheckExtension.java | 132 ++++++++++++++++++ .../classes/sun/security/x509/OIDMap.java | 4 + .../sun/security/x509/PKIXExtensions.java | 11 +- 4 files changed, 195 insertions(+), 7 deletions(-) create mode 100644 jdk/src/share/classes/sun/security/x509/OCSPNoCheckExtension.java diff --git a/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java b/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java index 20bac34f2cc..62cd4288ed0 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java @@ -1,5 +1,5 @@ /* - * Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,8 +28,6 @@ package sun.security.provider.certpath; import java.io.*; import java.math.BigInteger; import java.security.*; -import java.security.cert.Certificate; -import java.security.cert.CertificateFactory; import java.security.cert.CertPathValidatorException; import java.security.cert.CRLReason; import java.security.cert.X509Certificate; @@ -335,7 +333,7 @@ class OCSPResponse { // Check whether the cert returned by the responder is trusted if (x509Certs != null && x509Certs[0] != null) { - X509Certificate cert = x509Certs[0]; + X509CertImpl cert = x509Certs[0]; // First check if the cert matches the responder cert which // was set locally. @@ -344,8 +342,8 @@ class OCSPResponse { // Next check if the cert was issued by the responder cert // which was set locally. - } else if (cert.getIssuerDN().equals( - responderCert.getSubjectDN())) { + } else if (cert.getIssuerX500Principal().equals( + responderCert.getSubjectX500Principal())) { // Check for the OCSPSigning key purpose List keyPurposes = cert.getExtendedKeyUsage(); @@ -360,6 +358,43 @@ class OCSPResponse { "OCSP responses"); } + // check the validity + try { + Date dateCheckedAgainst = params.getDate(); + if (dateCheckedAgainst == null) { + cert.checkValidity(); + } else { + cert.checkValidity(dateCheckedAgainst); + } + } catch (GeneralSecurityException e) { + if (DEBUG != null) { + DEBUG.println("Responder's certificate is not " + + "within the validity period."); + } + throw new CertPathValidatorException( + "Responder's certificate not within the " + + "validity period"); + } + + // check for revocation + // + // A CA may specify that an OCSP client can trust a + // responder for the lifetime of the responder's + // certificate. The CA does so by including the + // extension id-pkix-ocsp-nocheck. + // + Extension noCheck = + cert.getExtension(PKIXExtensions.OCSPNoCheck_Id); + if (noCheck != null) { + if (DEBUG != null) { + DEBUG.println("Responder's certificate includes " + + "the extension id-pkix-ocsp-nocheck."); + } + } else { + // we should do the revocating checking of the + // authorized responder in a future update. + } + // verify the signature try { cert.verify(responderCert.getPublicKey()); @@ -369,6 +404,14 @@ class OCSPResponse { } catch (GeneralSecurityException e) { responderCert = null; } + } else { + if (DEBUG != null) { + DEBUG.println("Responder's certificate is not " + + "authorized to sign OCSP responses."); + } + throw new CertPathValidatorException( + "Responder's certificate not authorized to sign " + + "OCSP responses"); } } diff --git a/jdk/src/share/classes/sun/security/x509/OCSPNoCheckExtension.java b/jdk/src/share/classes/sun/security/x509/OCSPNoCheckExtension.java new file mode 100644 index 00000000000..b721439d5c9 --- /dev/null +++ b/jdk/src/share/classes/sun/security/x509/OCSPNoCheckExtension.java @@ -0,0 +1,132 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Sun designates this + * particular file as subject to the "Classpath" exception as provided + * by Sun in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +package sun.security.x509; + +import java.io.IOException; +import java.io.OutputStream; +import java.util.Enumeration; + +import sun.security.util.*; + +/** + * Represent the OCSP NoCheck Extension from RFC2560. + *

+ * A CA may specify that an OCSP client can trust a responder for the + * lifetime of the responder's certificate. The CA does so by including + * the extension id-pkix-ocsp-nocheck. This SHOULD be a non-critical + * extension. The value of the extension should be NULL. CAs issuing + * such a certificate should realized that a compromise of the + * responder's key, is as serious as the compromise of a CA key used to + * sign CRLs, at least for the validity period of this certificate. CA's + * may choose to issue this type of certificate with a very short + * lifetime and renew it frequently. + * 

+ * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
+ *
+ * + * @author Xuelei Fan + * @see Extension + * @see CertAttrSet + */ +public class OCSPNoCheckExtension extends Extension + implements CertAttrSet { + + /** + * Identifier for this attribute, to be used with the + * get, set, delete methods of Certificate, x509 type. + */ + public static final String IDENT = + "x509.info.extensions.OCSPNoCheck"; + /** + * Attribute names. + */ + public static final String NAME = "OCSPNoCheck"; + + /** + * Create a OCSPNoCheckExtension + */ + public OCSPNoCheckExtension() throws IOException { + this.extensionId = PKIXExtensions.OCSPNoCheck_Id; + this.critical = false; + this.extensionValue = new byte[0]; + } + + /** + * Create the extension from the passed DER encoded value. + * + * @param critical true if the extension is to be treated as critical. + * @param value an array of DER encoded bytes of the actual value. + * @exception IOException on error. + */ + public OCSPNoCheckExtension(Boolean critical, Object value) + throws IOException { + + this.extensionId = PKIXExtensions.OCSPNoCheck_Id; + this.critical = critical.booleanValue(); + + // the value should be null, just ignore it here. + this.extensionValue = new byte[0]; + } + + /** + * Set the attribute value. + */ + public void set(String name, Object obj) throws IOException { + throw new IOException("No attribute is allowed by " + + "CertAttrSet:OCSPNoCheckExtension."); + } + + /** + * Get the attribute value. + */ + public Object get(String name) throws IOException { + throw new IOException("No attribute is allowed by " + + "CertAttrSet:OCSPNoCheckExtension."); + } + + /** + * Delete the attribute value. + */ + public void delete(String name) throws IOException { + throw new IOException("No attribute is allowed by " + + "CertAttrSet:OCSPNoCheckExtension."); + } + + /** + * Return an enumeration of names of attributes existing within this + * attribute. + */ + public Enumeration getElements() { + return (new AttributeNameEnumeration()).elements(); + } + + /** + * Return the name of this attribute. + */ + public String getName() { + return NAME; + } +} diff --git a/jdk/src/share/classes/sun/security/x509/OIDMap.java b/jdk/src/share/classes/sun/security/x509/OIDMap.java index bb7cffef343..f52fab3eeef 100644 --- a/jdk/src/share/classes/sun/security/x509/OIDMap.java +++ b/jdk/src/share/classes/sun/security/x509/OIDMap.java @@ -100,6 +100,8 @@ public class OIDMap { DeltaCRLIndicatorExtension.NAME; private static final String FRESHEST_CRL = ROOT + "." + FreshestCRLExtension.NAME; + private static final String OCSPNOCHECK = ROOT + "." + + OCSPNoCheckExtension.NAME; private static final int NetscapeCertType_data[] = { 2, 16, 840, 1, 113730, 1, 1 }; @@ -161,6 +163,8 @@ public class OIDMap { "sun.security.x509.DeltaCRLIndicatorExtension"); addInternal(FRESHEST_CRL, PKIXExtensions.FreshestCRL_Id, "sun.security.x509.FreshestCRLExtension"); + addInternal(OCSPNOCHECK, PKIXExtensions.OCSPNoCheck_Id, + "sun.security.x509.OCSPNoCheckExtension"); } /** diff --git a/jdk/src/share/classes/sun/security/x509/PKIXExtensions.java b/jdk/src/share/classes/sun/security/x509/PKIXExtensions.java index 78177944c08..f140c548551 100644 --- a/jdk/src/share/classes/sun/security/x509/PKIXExtensions.java +++ b/jdk/src/share/classes/sun/security/x509/PKIXExtensions.java @@ -1,5 +1,5 @@ /* - * Copyright 1997-2005 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -74,6 +74,8 @@ public class PKIXExtensions { private static final int AuthInfoAccess_data [] = { 1, 3, 6, 1, 5, 5, 7, 1, 1}; private static final int SubjectInfoAccess_data [] = { 1, 3, 6, 1, 5, 5, 7, 1, 11}; private static final int FreshestCRL_data [] = { 2, 5, 29, 46 }; + private static final int OCSPNoCheck_data [] = { 1, 3, 6, 1, 5, 5, 7, + 48, 1, 5}; /** * Identifies the particular public key used to sign the certificate. @@ -216,6 +218,12 @@ public class PKIXExtensions { */ public static final ObjectIdentifier FreshestCRL_Id; + /** + * Identifies the OCSP client can trust the responder for the + * lifetime of the responder's certificate. + */ + public static final ObjectIdentifier OCSPNoCheck_Id; + static { AuthorityKey_Id = ObjectIdentifier.newInternal(AuthorityKey_data); SubjectKey_Id = ObjectIdentifier.newInternal(SubjectKey_data); @@ -257,5 +265,6 @@ public class PKIXExtensions { SubjectInfoAccess_Id = ObjectIdentifier.newInternal(SubjectInfoAccess_data); FreshestCRL_Id = ObjectIdentifier.newInternal(FreshestCRL_data); + OCSPNoCheck_Id = ObjectIdentifier.newInternal(OCSPNoCheck_data); } } From 6a44e920f6bf1f66d7ecff817763f35052d7e1ea Mon Sep 17 00:00:00 2001 From: Xue-Lei Andrew Fan Date: Tue, 17 Mar 2009 11:54:13 +0800 Subject: [PATCH 07/11] 6383095: CRL revoked certificate failures masked by OCSP failures Remove the mask if certificate revoked Reviewed-by: mullan --- .../certpath/PKIXMasterCertPathValidator.java | 14 +- .../CertPathValidator/OCSP/FailoverToCRL.java | 265 ++++++++++++++++++ 2 files changed, 274 insertions(+), 5 deletions(-) create mode 100644 jdk/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java diff --git a/jdk/src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java b/jdk/src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java index d5f12168dda..7c3bfc37843 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java @@ -1,5 +1,5 @@ /* - * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -143,11 +143,15 @@ class PKIXMasterCertPathValidator { } } catch (CertPathValidatorException cpve) { - // Throw the saved OCSP exception - // (when the CRL check has also failed) + // Throw the saved OCSP exception unless the CRL + // checker has determined that the cert is revoked if (ocspCause != null && - currChecker instanceof CrlRevocationChecker) { - throw ocspCause; + currChecker instanceof CrlRevocationChecker) { + if (cpve.getReason() == BasicReason.REVOKED) { + throw cpve; + } else { + throw ocspCause; + } } /* * Handle failover from OCSP to CRLs diff --git a/jdk/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java b/jdk/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java new file mode 100644 index 00000000000..56367cd2ae3 --- /dev/null +++ b/jdk/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java @@ -0,0 +1,265 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/** + * @test + * @bug 6383095 + * @summary CRL revoked certificate failures masked by OCSP failures + * + * Note that the certificate validity is from Mar 16 14:55:35 2009 GMT to + * Dec 1 14:55:35 2028 GMT, please update it with newer certificate if + * expires. + * + * @author Xuelei Fan + */ + +/* + * Certificates used in the test. + * + * end entity certificate: + * Data: + * Version: 3 (0x2) + * Serial Number: 25 (0x19) + * Signature Algorithm: md5WithRSAEncryption + * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org + * Validity + * Not Before: Mar 16 14:55:35 2009 GMT + * Not After : Dec 1 14:55:35 2028 GMT + * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, + * CN=localhost + * Subject Public Key Info: + * Public Key Algorithm: rsaEncryption + * RSA Public Key: (1024 bit) + * Modulus (1024 bit): + * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69: + * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f: + * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7: + * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21: + * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41: + * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10: + * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9: + * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba: + * 75:8d:f5:82:ac:43:92:44:1b + * Exponent: 65537 (0x10001) + * X509v3 extensions: + * X509v3 Basic Constraints: + * CA:FALSE + * X509v3 Key Usage: + * Digital Signature, Non Repudiation, Key Encipherment + * X509v3 Subject Key Identifier: + * CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6 + * X509v3 Authority Key Identifier: + * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 + * Signature Algorithm: md5WithRSAEncryption + * + * + * trusted certificate authority: + * Data: + * Version: 3 (0x2) + * Serial Number: 0 (0x0) + * Signature Algorithm: md5WithRSAEncryption + * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org + * Validity + * Not Before: Dec 8 02:43:36 2008 GMT + * Not After : Aug 25 02:43:36 2028 GMT + * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org + * Subject Public Key Info: + * Public Key Algorithm: rsaEncryption + * RSA Public Key: (1024 bit) + * Modulus (1024 bit): + * 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d: + * d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53: + * 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9: + * 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f: + * 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7: + * 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee: + * f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee: + * 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97: + * 89:2a:95:12:4c:d8:09:2a:e9 + * Exponent: 65537 (0x10001) + * X509v3 extensions: + * X509v3 Subject Key Identifier: + * FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 + * X509v3 Authority Key Identifier: + * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 + * DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org + * X509v3 Basic Constraints: + * CA:TRUE + * Signature Algorithm: md5WithRSAEncryption + * + * CRL: + * Certificate Revocation List (CRL): + * Version 2 (0x1) + * Signature Algorithm: md5WithRSAEncryption + * Issuer: /C=US/ST=Some-State/L=Some-City/O=Some-Org + * Last Update: Mar 16 16:27:14 2009 GMT + * Next Update: May 15 16:27:14 2028 GMT + * CRL extensions: + * X509v3 CRL Number: + * 2 + * Revoked Certificates: + * Serial Number: 19 + * Revocation Date: Mar 16 16:22:08 2009 GMT + * CRL entry extensions: + * X509v3 CRL Reason Code: + * Superseded + * Signature Algorithm: md5WithRSAEncryption + */ + +import java.io.*; +import java.net.SocketException; +import java.util.*; +import java.security.Security; +import java.security.cert.*; +import java.security.InvalidAlgorithmParameterException; +import java.security.cert.CertPathValidatorException.BasicReason; + +public class FailoverToCRL { + + static String trusedCertStr = + "-----BEGIN CERTIFICATE-----\n" + + "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + + "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + + "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" + + "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + + "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" + + "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" + + "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" + + "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" + + "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" + + "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" + + "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" + + "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" + + "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" + + "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" + + "6Mvf0r1PNTY2hwTJLJmKtg==\n" + + "-----END CERTIFICATE-----"; + + static String targetCertStr = + "-----BEGIN CERTIFICATE-----\n" + + "MIICizCCAfSgAwIBAgIBGTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + + "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + + "EwhTb21lLU9yZzAeFw0wOTAzMTYxNDU1MzVaFw0yODEyMDExNDU1MzVaMHIxCzAJ\n" + + "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + + "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" + + "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" + + "JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" + + "8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" + + "ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjWjBYMAkGA1UdEwQCMAAw\n" + + "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" + + "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDANBgkqhkiG9w0BAQQFAAOBgQBv\n" + + "p7JjCDOrMBNun46xs4Gz7Y4ygM5VHaFP0oO7369twvRSu0pCuIdZd5OIMPFeRqQw\n" + + "PA68ZdhYVR0pG5W7isV+jB+Dfge/IOgOA85sZ/6FlP3PBRW+YMQKKdRr5So3ook9\n" + + "PimQ7rbxRAofPECv20IUKFBbOUkU+gFcn+WbTKYxBw==\n" + + "-----END CERTIFICATE-----"; + + static String crlStr = + "-----BEGIN X509 CRL-----\n" + + "MIIBRTCBrwIBATANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzETMBEGA1UE\n" + + "CBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQKEwhTb21l\n" + + "LU9yZxcNMDkwMzE2MTYyNzE0WhcNMjgwNTE1MTYyNzE0WjAiMCACARkXDTA5MDMx\n" + + "NjE2MjIwOFowDDAKBgNVHRUEAwoBBKAOMAwwCgYDVR0UBAMCAQIwDQYJKoZIhvcN\n" + + "AQEEBQADgYEAMixJI9vBwYpOGosn46+T/MTEtlm2S5pIVT/xPDrHkCPfw8l4Zrgp\n" + + "dGPuUkglWdrGdxY9MNRUj2YFNfdZi6zZ7JF6XbkDHYOAKYgPDJRjS/0VcBntn5RJ\n" + + "sQfZsBqc9fFSP8gknRRn3LT41kr9xNRxTT1t3YYjv7J3zkMYyInqeUA=\n" + + "-----END X509 CRL-----"; + + + private static CertPath generateCertificatePath() + throws CertificateException { + // generate certificate from cert strings + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + + ByteArrayInputStream is = + new ByteArrayInputStream(targetCertStr.getBytes()); + Certificate targetCert = cf.generateCertificate(is); + + // generate certification path + List list = Arrays.asList(new Certificate[] {targetCert}); + + return cf.generateCertPath(list); + } + + private static Set generateTrustAnchors() + throws CertificateException { + // generate certificate from cert string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + + ByteArrayInputStream is = + new ByteArrayInputStream(trusedCertStr.getBytes()); + Certificate trusedCert = cf.generateCertificate(is); + + // generate a trust anchor + TrustAnchor anchor = new TrustAnchor((X509Certificate)trusedCert, null); + + return Collections.singleton(anchor); + } + + private static CertStore generateCertificateStore() throws Exception { + // generate CRL from CRL string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + + ByteArrayInputStream is = + new ByteArrayInputStream(crlStr.getBytes()); + + // generate a cert store + Collection crls = cf.generateCRLs(is); + return CertStore.getInstance("Collection", + new CollectionCertStoreParameters(crls)); + } + + public static void main(String args[]) throws Exception { + CertPath path = generateCertificatePath(); + Set anchors = generateTrustAnchors(); + CertStore crls = generateCertificateStore(); + + PKIXParameters params = new PKIXParameters(anchors); + + // add the CRL store + params.addCertStore(crls); + + // Activate certificate revocation checking + params.setRevocationEnabled(true); + + // Activate OCSP + Security.setProperty("ocsp.enable", "true"); + System.setProperty("com.sun.security.enableCRLDP", "true"); + + // Ensure that the ocsp.responderURL property is not set. + if (Security.getProperty("ocsp.responderURL") != null) { + throw new + Exception("The ocsp.responderURL property must not be set"); + } + + CertPathValidator validator = CertPathValidator.getInstance("PKIX"); + + try { + validator.validate(path, params); + } catch (CertPathValidatorException cpve) { + if (cpve.getReason() != BasicReason.REVOKED) { + throw new Exception( + "unexpect exception, should be a REVOKED CPVE", cpve); + } + } + } +} From a787d51eea2fc9dfa9272e4ca90d018c2833a80f Mon Sep 17 00:00:00 2001 From: Tim Bell Date: Tue, 17 Mar 2009 13:20:56 -0700 Subject: [PATCH 08/11] 6814587: Legal notice repair needed in jdk/src/share/classes/java/nio 6814590: Legal notice repair needed in jdk/test/java/awt/Frame/FrameSize/TestFrameSize.java 6814591: Legal notice repair needed in jdk/test/javax/script/Test3.java Reviewed-by: alanb, xdono --- .../share/classes/java/nio/file/SecureDirectoryStream.java | 2 +- .../classes/sun/nio/ch/UnixAsynchronousSocketChannelImpl.java | 2 +- .../sun/nio/ch/WindowsAsynchronousSocketChannelImpl.java | 2 +- jdk/test/java/awt/Frame/FrameSize/TestFrameSize.java | 4 ++++ jdk/test/javax/script/Test3.java | 1 - 5 files changed, 7 insertions(+), 4 deletions(-) diff --git a/jdk/src/share/classes/java/nio/file/SecureDirectoryStream.java b/jdk/src/share/classes/java/nio/file/SecureDirectoryStream.java index 11df095ceb3..b2555c14185 100644 --- a/jdk/src/share/classes/java/nio/file/SecureDirectoryStream.java +++ b/jdk/src/share/classes/java/nio/file/SecureDirectoryStream.java @@ -5,7 +5,7 @@ * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Sun designates this - * particular file as subject to the "Classname" exception as provided + * particular file as subject to the "Classpath" exception as provided * by Sun in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT diff --git a/jdk/src/solaris/classes/sun/nio/ch/UnixAsynchronousSocketChannelImpl.java b/jdk/src/solaris/classes/sun/nio/ch/UnixAsynchronousSocketChannelImpl.java index 702b28cbbeb..78ed152d3a1 100644 --- a/jdk/src/solaris/classes/sun/nio/ch/UnixAsynchronousSocketChannelImpl.java +++ b/jdk/src/solaris/classes/sun/nio/ch/UnixAsynchronousSocketChannelImpl.java @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA conne02110-1301 USA. + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, * CA 95054 USA or visit www.sun.com if you need additional information or diff --git a/jdk/src/windows/classes/sun/nio/ch/WindowsAsynchronousSocketChannelImpl.java b/jdk/src/windows/classes/sun/nio/ch/WindowsAsynchronousSocketChannelImpl.java index fe9920c15cc..d1f8c9307d5 100644 --- a/jdk/src/windows/classes/sun/nio/ch/WindowsAsynchronousSocketChannelImpl.java +++ b/jdk/src/windows/classes/sun/nio/ch/WindowsAsynchronousSocketChannelImpl.java @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA conne02110-1301 USA. + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, * CA 95054 USA or visit www.sun.com if you need additional information or diff --git a/jdk/test/java/awt/Frame/FrameSize/TestFrameSize.java b/jdk/test/java/awt/Frame/FrameSize/TestFrameSize.java index f8a98ea3216..b220ec5cc01 100644 --- a/jdk/test/java/awt/Frame/FrameSize/TestFrameSize.java +++ b/jdk/test/java/awt/Frame/FrameSize/TestFrameSize.java @@ -15,6 +15,10 @@ * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. */ /* diff --git a/jdk/test/javax/script/Test3.java b/jdk/test/javax/script/Test3.java index 8aa876ba24a..66fa23af07a 100644 --- a/jdk/test/javax/script/Test3.java +++ b/jdk/test/javax/script/Test3.java @@ -4,7 +4,6 @@ * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT From e85a4d85368f38ede58ac8bf35f46959221c47dd Mon Sep 17 00:00:00 2001 From: Mandy Chung Date: Wed, 18 Mar 2009 17:37:39 -0700 Subject: [PATCH 09/11] 6817246: Redundant call to set InetAddressCachePolicy to FOREVER if not set during initialization Remove InetAddressCachePolicy.setIfNotSet call from System.setSecurityManager0 Reviewed-by: alanb, jccollet --- jdk/src/share/classes/java/lang/System.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/jdk/src/share/classes/java/lang/System.java b/jdk/src/share/classes/java/lang/System.java index eb62b4087e9..68958dd0898 100644 --- a/jdk/src/share/classes/java/lang/System.java +++ b/jdk/src/share/classes/java/lang/System.java @@ -34,7 +34,6 @@ import java.security.AllPermission; import java.nio.channels.Channel; import java.nio.channels.spi.SelectorProvider; import sun.nio.ch.Interruptible; -import sun.net.InetAddressCachePolicy; import sun.reflect.Reflection; import sun.security.util.SecurityConstants; import sun.reflect.annotation.AnnotationType; @@ -310,7 +309,6 @@ public final class System { } security = s; - InetAddressCachePolicy.setIfNotSet(InetAddressCachePolicy.FOREVER); } /** From 827d42556046082a905e321e4ff2eadca747615f Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Thu, 19 Mar 2009 11:17:06 +0800 Subject: [PATCH 10/11] 6819272: keytool -importcert should read the whole input Reviewed-by: xuelei --- .../classes/sun/security/tools/KeyTool.java | 12 ++++ .../security/tools/keytool/importreadall.sh | 62 +++++++++++++++++++ 2 files changed, 74 insertions(+) create mode 100644 jdk/test/sun/security/tools/keytool/importreadall.sh diff --git a/jdk/src/share/classes/sun/security/tools/KeyTool.java b/jdk/src/share/classes/sun/security/tools/KeyTool.java index ca2d6a384ab..a3aa50f435d 100644 --- a/jdk/src/share/classes/sun/security/tools/KeyTool.java +++ b/jdk/src/share/classes/sun/security/tools/KeyTool.java @@ -875,6 +875,18 @@ public final class KeyTool { if (filename != null) { inStream = new FileInputStream(filename); } + // Read the full stream before feeding to X509Factory, + // otherwise, keytool -gencert | keytool -importcert + // might not work properly, since -gencert is slow + // and there's no data in the pipe at the beginning. + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + byte[] b = new byte[4096]; + while (true) { + int len = inStream.read(b); + if (len < 0) break; + bout.write(b, 0, len); + } + inStream = new ByteArrayInputStream(bout.toByteArray()); try { String importAlias = (alias!=null)?alias:keyAlias; if (keyStore.entryInstanceOf(importAlias, KeyStore.PrivateKeyEntry.class)) { diff --git a/jdk/test/sun/security/tools/keytool/importreadall.sh b/jdk/test/sun/security/tools/keytool/importreadall.sh new file mode 100644 index 00000000000..6c0c65dedc7 --- /dev/null +++ b/jdk/test/sun/security/tools/keytool/importreadall.sh @@ -0,0 +1,62 @@ +# +# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, +# CA 95054 USA or visit www.sun.com if you need additional information or +# have any questions. +# + +# @test +# @bug 6819272 +# @summary keytool -importcert should read the whole input +# +# @run shell importreadall.sh + +# set a few environment variables so that the shell-script can run stand-alone +# in the source directory +if [ "${TESTSRC}" = "" ] ; then + TESTSRC="." +fi + +if [ "${TESTJAVA}" = "" ] ; then + JAVA_CMD=`which java` + TESTJAVA=`dirname $JAVA_CMD`/.. +fi + +# set platform-dependent variables +OS=`uname -s` +case "$OS" in + Windows_* ) + FS="\\" + ;; + * ) + FS="/" + ;; +esac + +KEYTOOL="${TESTJAVA}${FS}bin${FS}keytool -keystore importreadall.jks -storepass changeit -keypass changeit" + +# In case the test is run twice in the same directory + +$KEYTOOL -delete -alias a +$KEYTOOL -delete -alias ca +$KEYTOOL -genkeypair -alias a -dname CN=a || exit 1 +$KEYTOOL -genkeypair -alias ca -dname CN=ca || exit 2 +$KEYTOOL -certreq -alias a | $KEYTOOL -gencert -alias ca | $KEYTOOL -importcert -alias a + +exit $? From df65a88edb38fec4aee98467c9821c8068414a98 Mon Sep 17 00:00:00 2001 From: Xueming Shen Date: Fri, 20 Mar 2009 16:22:59 -0700 Subject: [PATCH 11/11] 6817475: named-capturing group name started with digit causes PSE exception Need accept the digit as the first char of the group name Reviewed-by: alanb --- jdk/src/share/classes/java/util/regex/Pattern.java | 3 ++- jdk/test/java/util/regex/RegExTest.java | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/jdk/src/share/classes/java/util/regex/Pattern.java b/jdk/src/share/classes/java/util/regex/Pattern.java index 919c1bf3c55..ccbf1140ea5 100644 --- a/jdk/src/share/classes/java/util/regex/Pattern.java +++ b/jdk/src/share/classes/java/util/regex/Pattern.java @@ -2567,7 +2567,8 @@ loop: for(int x=0, offset=0; xy+)z+"), + "xxxyyyzzz", + "8gname", + "yyy"); + //backref Pattern pattern = Pattern.compile("(a*)bc\\1"); check(pattern, "zzzaabcazzz", true); // found "abca"