From 4923d46b6f43f98c9cdc133c7161ab3b629621b0 Mon Sep 17 00:00:00 2001 From: Andrew John Hughes Date: Wed, 31 May 2023 14:58:29 +0000 Subject: [PATCH 01/34] 8309122: Bump update version of OpenJDK: 8u392 Reviewed-by: serb, sgehwolf --- .jcheck/conf | 2 +- common/autoconf/version-numbers | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.jcheck/conf b/.jcheck/conf index 90a5d1633f6..6b38c2b0c86 100644 --- a/.jcheck/conf +++ b/.jcheck/conf @@ -1,7 +1,7 @@ [general] project=jdk8u jbs=JDK -version=openjdk8u382 +version=openjdk8u392 [checks] error=author,committer,reviewers,merge,issues,executable,symlink,message,hg-tag,whitespace diff --git a/common/autoconf/version-numbers b/common/autoconf/version-numbers index a3d7eb774c8..c6f195d24a9 100644 --- a/common/autoconf/version-numbers +++ b/common/autoconf/version-numbers @@ -26,7 +26,7 @@ JDK_MAJOR_VERSION=1 JDK_MINOR_VERSION=8 JDK_MICRO_VERSION=0 -JDK_UPDATE_VERSION=382 +JDK_UPDATE_VERSION=392 LAUNCHER_NAME=openjdk PRODUCT_NAME=OpenJDK PRODUCT_SUFFIX="Runtime Environment" From 1c802b2ae8d00bedf425a4fe94f510bd8a616589 Mon Sep 17 00:00:00 2001 From: Sergey Bylokhov Date: Wed, 31 May 2023 21:49:29 +0000 Subject: [PATCH 02/34] 8253269: The CheckCommonColors test should provide more info on failure Backport-of: 1c2754bfe3294fb3c80defe5479bdd85b0d07e29 --- .../CheckCommonColors/CheckCommonColors.java | 28 ++++++++++++++++--- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/jdk/test/java/awt/Robot/CheckCommonColors/CheckCommonColors.java b/jdk/test/java/awt/Robot/CheckCommonColors/CheckCommonColors.java index 5b48b34fbe5..9e705e6ef0f 100644 --- a/jdk/test/java/awt/Robot/CheckCommonColors/CheckCommonColors.java +++ b/jdk/test/java/awt/Robot/CheckCommonColors/CheckCommonColors.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,11 +22,19 @@ */ import java.awt.Color; +import java.awt.Dimension; import java.awt.Frame; import java.awt.Point; +import java.awt.Rectangle; import java.awt.Robot; +import java.awt.Toolkit; +import java.awt.image.BufferedImage; +import java.io.File; +import java.io.IOException; import java.util.List; +import javax.imageio.ImageIO; + /** * @test * @key headful @@ -58,6 +66,7 @@ private static void test() { Color.GREEN, Color.MAGENTA, Color.CYAN, Color.BLUE}) { frame.dispose(); + robot.waitForIdle(); frame.setBackground(color); frame.setVisible(true); checkPixels(color); @@ -68,14 +77,25 @@ private static void checkPixels(final Color color) { int attempt = 0; while (true) { Point p = frame.getLocationOnScreen(); - Color pixel = robot.getPixelColor(p.x + frame.getWidth() / 2, - p.y + frame.getHeight() / 2); + p.translate(frame.getWidth() / 2, frame.getHeight() / 2); + Color pixel = robot.getPixelColor(p.x, p.y); if (color.equals(pixel)) { return; } - if (attempt > 10) { + frame.repaint(); + if (attempt > 11) { System.err.println("Expected: " + color); System.err.println("Actual: " + pixel); + System.err.println("Point: " + p); + Dimension screenSize = + Toolkit.getDefaultToolkit().getScreenSize(); + BufferedImage screen = robot.createScreenCapture( + new Rectangle(screenSize)); + try { + File output = new File("ScreenCapture.png"); + System.err.println("Dump screen to: " + output); + ImageIO.write(screen, "png", output); + } catch (IOException ex) {} throw new RuntimeException("Too many attempts: " + attempt); } // skip Robot.waitForIdle to speedup the common case, but also take From 6244292d28e1cddcc70bc4dbf98adad13fe1e3d7 Mon Sep 17 00:00:00 2001 From: Ekaterina Vergizova Date: Fri, 2 Jun 2023 02:25:17 +0000 Subject: [PATCH 03/34] 8139348: Deprecate 3DES and RC4 in Kerberos Reviewed-by: andrew Backport-of: ded96ddcde1e9e8556a6ce8948acef27b6e192cc --- .../security/krb5/internal/crypto/EType.java | 6 +-- jdk/test/sun/security/krb5/auto/NewSalt.java | 4 +- jdk/test/sun/security/krb5/auto/W83.java | 7 +-- .../sun/security/krb5/etype/WeakCrypto.java | 46 +++++++++++++------ .../sun/security/krb5/etype/weakcrypto.conf | 2 - jdk/test/sun/security/krb5/tools/ktcheck.sh | 38 +++++++-------- .../sun/security/krb5/tools/onlythree.conf | 2 +- 7 files changed, 62 insertions(+), 43 deletions(-) delete mode 100644 jdk/test/sun/security/krb5/etype/weakcrypto.conf diff --git a/jdk/src/share/classes/sun/security/krb5/internal/crypto/EType.java b/jdk/src/share/classes/sun/security/krb5/internal/crypto/EType.java index ee59d215075..abccce82415 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/crypto/EType.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/crypto/EType.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -221,8 +221,8 @@ public static int[] getBuiltInDefaults() { result = BUILTIN_ETYPES; } if (!allowWeakCrypto) { - // The last 2 etypes are now weak ones - return Arrays.copyOfRange(result, 0, result.length - 2); + // The last 4 etypes are now weak ones + return Arrays.copyOfRange(result, 0, result.length - 4); } return result; } diff --git a/jdk/test/sun/security/krb5/auto/NewSalt.java b/jdk/test/sun/security/krb5/auto/NewSalt.java index 6101ebf89a1..35107cf4c48 100644 --- a/jdk/test/sun/security/krb5/auto/NewSalt.java +++ b/jdk/test/sun/security/krb5/auto/NewSalt.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -42,7 +42,7 @@ public static void main(String[] args) KDC kdc = new OneKDC(null); if (System.getProperty("onlyonepreauth") != null) { KDC.saveConfig(OneKDC.KRB5_CONF, kdc, - "default_tgs_enctypes=des3-cbc-sha1"); + "default_tgs_enctypes=aes128-cts"); Config.refresh(); kdc.setOption(KDC.Option.ONLY_ONE_PREAUTH, true); } diff --git a/jdk/test/sun/security/krb5/auto/W83.java b/jdk/test/sun/security/krb5/auto/W83.java index 9b30db75c19..559704875e2 100644 --- a/jdk/test/sun/security/krb5/auto/W83.java +++ b/jdk/test/sun/security/krb5/auto/W83.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,11 +26,11 @@ * @bug 6932525 6951366 6959292 * @summary kerberos login failure on win2008 with AD set to win2000 compat mode * and cannot login if session key and preauth does not use the same etype + * @compile -XDignore.symbol.file W83.java * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -D6932525 W83 * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -D6959292 W83 */ import com.sun.security.auth.module.Krb5LoginModule; -import java.io.File; import sun.security.krb5.Config; import sun.security.krb5.EncryptedData; import sun.security.krb5.PrincipalName; @@ -47,7 +47,8 @@ public static void main(String[] args) throws Exception { KDC kdc = new KDC(OneKDC.REALM, "127.0.0.1", 0, true); kdc.addPrincipal(OneKDC.USER, OneKDC.PASS); kdc.addPrincipalRandKey("krbtgt/" + OneKDC.REALM); - KDC.saveConfig(OneKDC.KRB5_CONF, kdc); + KDC.saveConfig(OneKDC.KRB5_CONF, kdc, + "allow_weak_crypto = true"); System.setProperty("java.security.krb5.conf", OneKDC.KRB5_CONF); Config.refresh(); diff --git a/jdk/test/sun/security/krb5/etype/WeakCrypto.java b/jdk/test/sun/security/krb5/etype/WeakCrypto.java index e7a109f6f33..adec7d5aa4f 100644 --- a/jdk/test/sun/security/krb5/etype/WeakCrypto.java +++ b/jdk/test/sun/security/krb5/etype/WeakCrypto.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,41 +22,59 @@ */ /* * @test - * @bug 6844909 8012679 + * @bug 6844909 8012679 8139348 * @run main/othervm WeakCrypto * @run main/othervm WeakCrypto true * @run main/othervm WeakCrypto false * @summary support allow_weak_crypto in krb5.conf */ -import java.io.File; import java.lang.Exception; import java.nio.file.Files; import java.nio.file.Paths; +import java.util.Arrays; +import java.util.List; +import sun.security.krb5.EncryptionKey; import sun.security.krb5.internal.crypto.EType; import sun.security.krb5.EncryptedData; public class WeakCrypto { + + static List weakOnes = Arrays.asList( + EncryptedData.ETYPE_DES_CBC_CRC, + EncryptedData.ETYPE_DES_CBC_MD5, + EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD, + EncryptedData.ETYPE_ARCFOUR_HMAC + ); + public static void main(String[] args) throws Exception { + String conf = "[libdefaults]\n" + (args.length > 0 ? ("allow_weak_crypto = " + args[0]) : ""); Files.write(Paths.get("krb5.conf"), conf.getBytes()); System.setProperty("java.security.krb5.conf", "krb5.conf"); - boolean expected = args.length != 0 && args[0].equals("true"); - int[] etypes = EType.getBuiltInDefaults(); + // expected number of supported weak etypes + int expected = 0; + if (args.length != 0 && args[0].equals("true")) { + expected = weakOnes.size(); + } - boolean found = false; - for (int i=0, length = etypes.length; iReleaseStringUTFChars(env, jlibName, libName); - if (error == NULL) { + if (!failed) { return JNI_TRUE; } else { - TRACE0(error); + if (JGSS_DEBUG) { +#ifdef WIN32 + #define MAX_MSG_SIZE 256 + static CHAR szMsgBuf[MAX_MSG_SIZE]; + DWORD dwRes; + DWORD dwError = GetLastError(); + dwRes = FormatMessage ( + FORMAT_MESSAGE_FROM_SYSTEM, + NULL, + dwError, + 0, + szMsgBuf, + MAX_MSG_SIZE, + NULL); + if (0 == dwRes) { + printf("GSS-API: Unknown failure %d\n", dwError); + } else { + printf("GSS-API: %s\n",szMsgBuf); + } +#else + char* error = dlerror(); + if (error) { + TRACE0(error); + } +#endif + } return JNI_FALSE; } } @@ -88,7 +114,6 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getMechPtr(JNIEnv *env, gss_OID cOid; unsigned int i, len; jbyte* bytes; - jthrowable gssEx; int found; if (jbytes != NULL) { @@ -125,8 +150,6 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getMechPtr(JNIEnv *env, * structure. */ void deleteGSSCB(gss_channel_bindings_t cb) { - jobject jinetAddr; - jbyteArray value; if (cb == GSS_C_NO_CHANNEL_BINDINGS) return; @@ -154,7 +177,6 @@ gss_channel_bindings_t newGSSCB(JNIEnv *env, jobject jcb) { gss_channel_bindings_t cb; jobject jinetAddr; jbyteArray value; - int i; if (jcb == NULL) { return GSS_C_NO_CHANNEL_BINDINGS; @@ -355,7 +377,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_importName(JNIEnv *env, GSS_S_BAD_MECH */ major = (*ftab->importName)(&minor, &nameVal, nameType, &nameHdl); - TRACE1("[GSSLibStub_importName] %ld", (long) nameHdl); + TRACE1("[GSSLibStub_importName] %" PRIuPTR "", (uintptr_t) nameHdl); /* release intermediate buffers */ deleteGSSOID(nameType); @@ -426,7 +448,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_canonicalizeName(JNIEnv *env, GSS_S_BAD_NAME, GSS_S_BAD_MECH */ major = (*ftab->canonicalizeName)(&minor, nameHdl, mech, &mnNameHdl); - TRACE1("[GSSLibStub_canonicalizeName] MN=%ld", (long)mnNameHdl); + TRACE1("[GSSLibStub_canonicalizeName] MN=%" PRIuPTR "", (uintptr_t)mnNameHdl); checkStatus(env, jobj, major, minor, "[GSSLibStub_canonicalizeName]"); if ((*env)->ExceptionCheck(env)) { @@ -596,7 +618,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acquireCred(JNIEnv *env, /* release intermediate buffers */ deleteGSSOIDSet(mechs); - TRACE1("[GSSLibStub_acquireCred] pCred=%ld", (long) credHdl); + TRACE1("[GSSLibStub_acquireCred] pCred=%" PRIuPTR "", (uintptr_t) credHdl); checkStatus(env, jobj, major, minor, "[GSSLibStub_acquireCred]"); if ((*env)->ExceptionCheck(env)) { @@ -645,7 +667,7 @@ void inquireCred(JNIEnv *env, jobject jobj, gss_cred_id_t pCred, credHdl = pCred; - TRACE1("[gss_inquire_cred] %ld", (long) pCred); + TRACE1("[gss_inquire_cred] %" PRIuPTR "", (uintptr_t) pCred); /* gss_inquire_cred(...) => GSS_S_DEFECTIVE_CREDENTIAL(!), GSS_S_CREDENTIALS_EXPIRED(!), GSS_S_NO_CRED(!) */ @@ -694,7 +716,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getCredName(JNIEnv *env, return jlong_zero; } - TRACE1("[GSSLibStub_getCredName] pName=%ld", (long) nameHdl); + TRACE1("[GSSLibStub_getCredName] pName=%" PRIuPTR "", (uintptr_t) nameHdl); return ptr_to_jlong(nameHdl); } @@ -775,7 +797,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_importContext(JNIEnv *env, GSS_S_UNAVAILABLE, GSS_S_UNAUTHORIZED */ major = (*ftab->importSecContext)(&minor, &ctxtToken, &contextHdl); - TRACE1("[GSSLibStub_importContext] pContext=%ld", (long) contextHdl); + TRACE1("[GSSLibStub_importContext] pContext=%" PRIuPTR "", (uintptr_t) contextHdl); /* release intermediate buffers */ resetGSSBuffer(&ctxtToken); @@ -866,8 +888,8 @@ Java_sun_security_jgss_wrapper_GSSLibStub_initContext(JNIEnv *env, return NULL; } - TRACE2( "[GSSLibStub_initContext] before: pCred=%ld, pContext=%ld", - (long)credHdl, (long)contextHdl); + TRACE2( "[GSSLibStub_initContext] before: pCred=%" PRIuPTR ", pContext=%" PRIuPTR "", + (uintptr_t)credHdl, (uintptr_t)contextHdl); /* gss_init_sec_context(...) => GSS_S_CONTINUE_NEEDED(!), GSS_S_DEFECTIVE_TOKEN, GSS_S_NO_CRED, GSS_S_DEFECTIVE_CREDENTIAL(!), @@ -879,8 +901,8 @@ Java_sun_security_jgss_wrapper_GSSLibStub_initContext(JNIEnv *env, flags, time, cb, &inToken, NULL /*aMech*/, &outToken, &aFlags, &aTime); - TRACE2("[GSSLibStub_initContext] after: pContext=%ld, outToken len=%ld", - (long)contextHdl, (long)outToken.length); + TRACE2("[GSSLibStub_initContext] after: pContext=%" PRIuPTR ", outToken len=%ld", + (uintptr_t)contextHdl, (long)outToken.length); // update context handle with the latest value if changed // this is to work with both MIT and Solaris. Former deletes half-built @@ -888,7 +910,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_initContext(JNIEnv *env, if (contextHdl != contextHdlSave) { (*env)->SetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext, ptr_to_jlong(contextHdl)); - TRACE1("[GSSLibStub_initContext] set pContext=%ld", (long)contextHdl); + TRACE1("[GSSLibStub_initContext] set pContext=%" PRIuPTR "", (uintptr_t)contextHdl); } if (GSS_ERROR(major) == GSS_S_COMPLETE) { @@ -959,7 +981,6 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acceptContext(JNIEnv *env, jobject jsrcName=GSS_C_NO_NAME; jobject jdelCred; jobject jMech; - jbyteArray jresult; jboolean setTarget; gss_name_t targetName; jobject jtargetName; @@ -983,8 +1004,8 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acceptContext(JNIEnv *env, setTarget = (credHdl == GSS_C_NO_CREDENTIAL); aFlags = 0; - TRACE2( "[GSSLibStub_acceptContext] before: pCred=%ld, pContext=%ld", - (long) credHdl, (long) contextHdl); + TRACE2( "[GSSLibStub_acceptContext] before: pCred=%" PRIuPTR ", pContext=%" PRIuPTR "", + (uintptr_t) credHdl, (uintptr_t) contextHdl); /* gss_accept_sec_context(...) => GSS_S_CONTINUE_NEEDED(!), GSS_S_DEFECTIVE_TOKEN, GSS_S_DEFECTIVE_CREDENTIAL(!), @@ -1000,8 +1021,8 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acceptContext(JNIEnv *env, deleteGSSCB(cb); resetGSSBuffer(&inToken); - TRACE3("[GSSLibStub_acceptContext] after: pCred=%ld, pContext=%ld, pDelegCred=%ld", - (long)credHdl, (long)contextHdl, (long) delCred); + TRACE3("[GSSLibStub_acceptContext] after: pCred=%" PRIuPTR ", pContext=%" PRIuPTR ", pDelegCred=%" PRIuPTR "", + (uintptr_t)credHdl, (uintptr_t)contextHdl, (uintptr_t) delCred); // update context handle with the latest value if changed // this is to work with both MIT and Solaris. Former deletes half-built @@ -1009,7 +1030,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acceptContext(JNIEnv *env, if (contextHdl != contextHdlSave) { (*env)->SetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext, ptr_to_jlong(contextHdl)); - TRACE1("[GSSLibStub_acceptContext] set pContext=%ld", (long)contextHdl); + TRACE1("[GSSLibStub_acceptContext] set pContext=%" PRIuPTR "", (uintptr_t)contextHdl); } if (GSS_ERROR(major) == GSS_S_COMPLETE) { @@ -1038,8 +1059,8 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acceptContext(JNIEnv *env, goto error; } - TRACE1("[GSSLibStub_acceptContext] set targetName=%ld", - (long)targetName); + TRACE1("[GSSLibStub_acceptContext] set targetName=%" PRIuPTR "", + (uintptr_t)targetName); (*env)->SetObjectField(env, jcontextSpi, FID_NativeGSSContext_targetName, jtargetName); @@ -1055,7 +1076,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acceptContext(JNIEnv *env, goto error; } - TRACE1("[GSSLibStub_acceptContext] set srcName=%ld", (long)srcName); + TRACE1("[GSSLibStub_acceptContext] set srcName=%" PRIuPTR "", (uintptr_t)srcName); (*env)->SetObjectField(env, jcontextSpi, FID_NativeGSSContext_srcName, jsrcName); @@ -1090,8 +1111,8 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acceptContext(JNIEnv *env, (*env)->SetObjectField(env, jcontextSpi, FID_NativeGSSContext_delegatedCred, jdelCred); - TRACE1("[GSSLibStub_acceptContext] set delegatedCred=%ld", - (long) delCred); + TRACE1("[GSSLibStub_acceptContext] set delegatedCred=%" PRIuPTR "", + (uintptr_t) delCred); if ((*env)->ExceptionCheck(env)) { goto error; @@ -1144,7 +1165,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_inquireContext(JNIEnv *env, contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext); - TRACE1("[GSSLibStub_inquireContext] %ld", (long)contextHdl); + TRACE1("[GSSLibStub_inquireContext] %" PRIuPTR "", (uintptr_t)contextHdl); srcName = targetName = GSS_C_NO_NAME; time = 0; @@ -1155,8 +1176,8 @@ Java_sun_security_jgss_wrapper_GSSLibStub_inquireContext(JNIEnv *env, &targetName, &time, NULL, &flags, &isInitiator, &isEstablished); /* update member values if needed */ - TRACE2("[GSSLibStub_inquireContext] srcName %ld, targetName %ld", - (long)srcName, (long)targetName); + TRACE2("[GSSLibStub_inquireContext] srcName %" PRIuPTR ", targetName %" PRIuPTR "", + (uintptr_t)srcName, (uintptr_t)targetName); checkStatus(env, jobj, major, minor, "[GSSLibStub_inquireContext]"); if ((*env)->ExceptionCheck(env)) { @@ -1225,8 +1246,8 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getContextName(JNIEnv *env, contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext); - TRACE2("[GSSLibStub_getContextName] %ld, isSrc=%d", - (long)contextHdl, isSrc); + TRACE2("[GSSLibStub_getContextName] %" PRIuPTR ", isSrc=%d", + (uintptr_t)contextHdl, isSrc); nameHdl = GSS_C_NO_NAME; if (isSrc == JNI_TRUE) { @@ -1243,7 +1264,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getContextName(JNIEnv *env, return jlong_zero; } - TRACE1("[GSSLibStub_getContextName] pName=%ld", (long) nameHdl); + TRACE1("[GSSLibStub_getContextName] pName=%" PRIuPTR "", (uintptr_t) nameHdl); return ptr_to_jlong(nameHdl); } @@ -1263,7 +1284,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getContextTime(JNIEnv *env, contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext); - TRACE1("[GSSLibStub_getContextTime] %ld", (long)contextHdl); + TRACE1("[GSSLibStub_getContextTime] %" PRIuPTR "", (uintptr_t)contextHdl); if (contextHdl == GSS_C_NO_CONTEXT) return 0; @@ -1295,7 +1316,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_deleteContext(JNIEnv *env, contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext); - TRACE1("[GSSLibStub_deleteContext] %ld", (long)contextHdl); + TRACE1("[GSSLibStub_deleteContext] %" PRIuPTR "", (uintptr_t)contextHdl); if (contextHdl == GSS_C_NO_CONTEXT) return ptr_to_jlong(GSS_C_NO_CONTEXT); @@ -1329,7 +1350,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_wrapSizeLimit(JNIEnv *env, contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext); - TRACE1("[GSSLibStub_wrapSizeLimit] %ld", (long)contextHdl); + TRACE1("[GSSLibStub_wrapSizeLimit] %" PRIuPTR "", (uintptr_t)contextHdl); if (contextHdl == GSS_C_NO_CONTEXT) { // Twik per javadoc @@ -1369,7 +1390,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_exportContext(JNIEnv *env, contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext); - TRACE1("[GSSLibStub_exportContext] %ld", (long)contextHdl); + TRACE1("[GSSLibStub_exportContext] %" PRIuPTR "", (uintptr_t)contextHdl); if (contextHdl == GSS_C_NO_CONTEXT) { // Twik per javadoc @@ -1413,7 +1434,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_getMic(JNIEnv *env, jobject jobj, contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext); - TRACE1("[GSSLibStub_getMic] %ld", (long)contextHdl); + TRACE1("[GSSLibStub_getMic] %" PRIuPTR "", (uintptr_t)contextHdl); if (contextHdl == GSS_C_NO_CONTEXT) { // Twik per javadoc @@ -1467,7 +1488,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_verifyMic(JNIEnv *env, contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext); - TRACE1("[GSSLibStub_verifyMic] %ld", (long)contextHdl); + TRACE1("[GSSLibStub_verifyMic] %" PRIuPTR "", (uintptr_t)contextHdl); if (contextHdl == GSS_C_NO_CONTEXT) { // Twik per javadoc @@ -1538,7 +1559,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_wrap(JNIEnv *env, contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext); - TRACE1("[GSSLibStub_wrap] %ld", (long)contextHdl); + TRACE1("[GSSLibStub_wrap] %" PRIuPTR "", (uintptr_t)contextHdl); if (contextHdl == GSS_C_NO_CONTEXT) { // Twik per javadoc @@ -1610,7 +1631,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_unwrap(JNIEnv *env, contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext); - TRACE1("[GSSLibStub_unwrap] %ld", (long)contextHdl); + TRACE1("[GSSLibStub_unwrap] %" PRIuPTR "", (uintptr_t)contextHdl); if (contextHdl == GSS_C_NO_CONTEXT) { // Twik per javadoc diff --git a/jdk/src/solaris/native/sun/security/jgss/wrapper/NativeFunc.c b/jdk/src/share/native/sun/security/jgss/wrapper/NativeFunc.c similarity index 78% rename from jdk/src/solaris/native/sun/security/jgss/wrapper/NativeFunc.c rename to jdk/src/share/native/sun/security/jgss/wrapper/NativeFunc.c index 70da4faef05..577b6ec5bec 100644 --- a/jdk/src/solaris/native/sun/security/jgss/wrapper/NativeFunc.c +++ b/jdk/src/share/native/sun/security/jgss/wrapper/NativeFunc.c @@ -25,7 +25,6 @@ #include #include -#include #include "NativeFunc.h" /* global GSS function table */ @@ -67,18 +66,16 @@ static const char RELEASE_BUFFER[] = "gss_release_buffer"; /** * Initialize native GSS function pointers */ -char* loadNative(const char *libName) { +int loadNative(const char *libName) { - char *error; void *gssLib; int failed; OM_uint32 minor, major; ftab = NULL; failed = FALSE; - error = NULL; - gssLib = dlopen(libName, RTLD_NOW); + gssLib = GETLIB(libName); if (gssLib == NULL) { failed = TRUE; goto out; @@ -91,183 +88,183 @@ char* loadNative(const char *libName) { goto out; } - ftab->releaseName = (RELEASE_NAME_FN_PTR)dlsym(gssLib, RELEASE_NAME); + ftab->releaseName = (RELEASE_NAME_FN_PTR)GETFUNC(gssLib, RELEASE_NAME); if (ftab->releaseName == NULL) { failed = TRUE; goto out; } - ftab->importName = (IMPORT_NAME_FN_PTR)dlsym(gssLib, IMPORT_NAME); + ftab->importName = (IMPORT_NAME_FN_PTR)GETFUNC(gssLib, IMPORT_NAME); if (ftab->importName == NULL) { failed = TRUE; goto out; } - ftab->compareName = (COMPARE_NAME_FN_PTR)dlsym(gssLib, COMPARE_NAME); + ftab->compareName = (COMPARE_NAME_FN_PTR)GETFUNC(gssLib, COMPARE_NAME); if (ftab->compareName == NULL) { failed = TRUE; goto out; } ftab->canonicalizeName = (CANONICALIZE_NAME_FN_PTR) - dlsym(gssLib, CANONICALIZE_NAME); + GETFUNC(gssLib, CANONICALIZE_NAME); if (ftab->canonicalizeName == NULL) { failed = TRUE; goto out; } - ftab->exportName = (EXPORT_NAME_FN_PTR)dlsym(gssLib, EXPORT_NAME); + ftab->exportName = (EXPORT_NAME_FN_PTR)GETFUNC(gssLib, EXPORT_NAME); if (ftab->exportName == NULL) { failed = TRUE; goto out; } - ftab->displayName = (DISPLAY_NAME_FN_PTR)dlsym(gssLib, DISPLAY_NAME); + ftab->displayName = (DISPLAY_NAME_FN_PTR)GETFUNC(gssLib, DISPLAY_NAME); if (ftab->displayName == NULL) { failed = TRUE; goto out; } - ftab->acquireCred = (ACQUIRE_CRED_FN_PTR)dlsym(gssLib, ACQUIRE_CRED); + ftab->acquireCred = (ACQUIRE_CRED_FN_PTR)GETFUNC(gssLib, ACQUIRE_CRED); if (ftab->acquireCred == NULL) { failed = TRUE; goto out; } - ftab->releaseCred = (RELEASE_CRED_FN_PTR)dlsym(gssLib, RELEASE_CRED); + ftab->releaseCred = (RELEASE_CRED_FN_PTR)GETFUNC(gssLib, RELEASE_CRED); if (ftab->releaseCred == NULL) { failed = TRUE; goto out; } - ftab->inquireCred = (INQUIRE_CRED_FN_PTR)dlsym(gssLib, INQUIRE_CRED); + ftab->inquireCred = (INQUIRE_CRED_FN_PTR)GETFUNC(gssLib, INQUIRE_CRED); if (ftab->inquireCred == NULL) { failed = TRUE; goto out; } ftab->importSecContext = (IMPORT_SEC_CONTEXT_FN_PTR) - dlsym(gssLib, IMPORT_SEC_CONTEXT); + GETFUNC(gssLib, IMPORT_SEC_CONTEXT); if (ftab->importSecContext == NULL) { failed = TRUE; goto out; } ftab->initSecContext = (INIT_SEC_CONTEXT_FN_PTR) - dlsym(gssLib, INIT_SEC_CONTEXT); + GETFUNC(gssLib, INIT_SEC_CONTEXT); if (ftab->initSecContext == NULL) { failed = TRUE; goto out; } ftab->acceptSecContext = (ACCEPT_SEC_CONTEXT_FN_PTR) - dlsym(gssLib, ACCEPT_SEC_CONTEXT); + GETFUNC(gssLib, ACCEPT_SEC_CONTEXT); if (ftab->acceptSecContext == NULL) { failed = TRUE; goto out; } ftab->inquireContext = (INQUIRE_CONTEXT_FN_PTR) - dlsym(gssLib, INQUIRE_CONTEXT); + GETFUNC(gssLib, INQUIRE_CONTEXT); if (ftab->inquireContext == NULL) { failed = TRUE; goto out; } ftab->deleteSecContext = (DELETE_SEC_CONTEXT_FN_PTR) - dlsym(gssLib, DELETE_SEC_CONTEXT); + GETFUNC(gssLib, DELETE_SEC_CONTEXT); if (ftab->deleteSecContext == NULL) { failed = TRUE; goto out; } - ftab->contextTime = (CONTEXT_TIME_FN_PTR)dlsym(gssLib, CONTEXT_TIME); + ftab->contextTime = (CONTEXT_TIME_FN_PTR)GETFUNC(gssLib, CONTEXT_TIME); if (ftab->contextTime == NULL) { failed = TRUE; goto out; } ftab->wrapSizeLimit = (WRAP_SIZE_LIMIT_FN_PTR) - dlsym(gssLib, WRAP_SIZE_LIMIT); + GETFUNC(gssLib, WRAP_SIZE_LIMIT); if (ftab->wrapSizeLimit == NULL) { failed = TRUE; goto out; } ftab->exportSecContext = (EXPORT_SEC_CONTEXT_FN_PTR) - dlsym(gssLib, EXPORT_SEC_CONTEXT); + GETFUNC(gssLib, EXPORT_SEC_CONTEXT); if (ftab->exportSecContext == NULL) { failed = TRUE; goto out; } - ftab->getMic = (GET_MIC_FN_PTR)dlsym(gssLib, GET_MIC); + ftab->getMic = (GET_MIC_FN_PTR)GETFUNC(gssLib, GET_MIC); if (ftab->getMic == NULL) { failed = TRUE; goto out; } - ftab->verifyMic = (VERIFY_MIC_FN_PTR)dlsym(gssLib, VERIFY_MIC); + ftab->verifyMic = (VERIFY_MIC_FN_PTR)GETFUNC(gssLib, VERIFY_MIC); if (ftab->verifyMic == NULL) { failed = TRUE; goto out; } - ftab->wrap = (WRAP_FN_PTR)dlsym(gssLib, WRAP); + ftab->wrap = (WRAP_FN_PTR)GETFUNC(gssLib, WRAP); if (ftab->wrap == NULL) { failed = TRUE; goto out; } - ftab->unwrap = (UNWRAP_FN_PTR)dlsym(gssLib, UNWRAP); + ftab->unwrap = (UNWRAP_FN_PTR)GETFUNC(gssLib, UNWRAP); if (ftab->unwrap == NULL) { failed = TRUE; goto out; } - ftab->indicateMechs = (INDICATE_MECHS_FN_PTR)dlsym(gssLib, INDICATE_MECHS); + ftab->indicateMechs = (INDICATE_MECHS_FN_PTR)GETFUNC(gssLib, INDICATE_MECHS); if (ftab->indicateMechs == NULL) { failed = TRUE; goto out; } ftab->inquireNamesForMech = (INQUIRE_NAMES_FOR_MECH_FN_PTR) - dlsym(gssLib, INQUIRE_NAMES_FOR_MECH); + GETFUNC(gssLib, INQUIRE_NAMES_FOR_MECH); if (ftab->inquireNamesForMech == NULL) { failed = TRUE; goto out; } ftab->addOidSetMember = (ADD_OID_SET_MEMBER_FN_PTR) - dlsym(gssLib, ADD_OID_SET_MEMBER); + GETFUNC(gssLib, ADD_OID_SET_MEMBER); if (ftab->addOidSetMember == NULL) { failed = TRUE; goto out; } ftab->displayStatus = (DISPLAY_STATUS_FN_PTR) - dlsym(gssLib, DISPLAY_STATUS); + GETFUNC(gssLib, DISPLAY_STATUS); if (ftab->displayStatus == NULL) { failed = TRUE; goto out; } ftab->createEmptyOidSet = (CREATE_EMPTY_OID_SET_FN_PTR) - dlsym(gssLib, CREATE_EMPTY_OID_SET); + GETFUNC(gssLib, CREATE_EMPTY_OID_SET); if (ftab->createEmptyOidSet == NULL) { failed = TRUE; goto out; } ftab->releaseOidSet = (RELEASE_OID_SET_FN_PTR) - dlsym(gssLib, RELEASE_OID_SET); + GETFUNC(gssLib, RELEASE_OID_SET); if (ftab->releaseOidSet == NULL) { failed = TRUE; goto out; } ftab->releaseBuffer = (RELEASE_BUFFER_FN_PTR) - dlsym(gssLib, RELEASE_BUFFER); + GETFUNC(gssLib, RELEASE_BUFFER); if (ftab->releaseBuffer == NULL) { failed = TRUE; goto out; @@ -283,9 +280,8 @@ char* loadNative(const char *libName) { out: if (failed == TRUE) { - error = dlerror(); - if (gssLib != NULL) dlclose(gssLib); + if (gssLib != NULL) CLOSELIB(gssLib); if (ftab != NULL) free(ftab); } - return error; + return failed; } diff --git a/jdk/src/solaris/native/sun/security/jgss/wrapper/NativeFunc.h b/jdk/src/share/native/sun/security/jgss/wrapper/NativeFunc.h similarity index 97% rename from jdk/src/solaris/native/sun/security/jgss/wrapper/NativeFunc.h rename to jdk/src/share/native/sun/security/jgss/wrapper/NativeFunc.h index 1caa605cd2d..c036130e712 100644 --- a/jdk/src/solaris/native/sun/security/jgss/wrapper/NativeFunc.h +++ b/jdk/src/share/native/sun/security/jgss/wrapper/NativeFunc.h @@ -28,6 +28,18 @@ #include "gssapi.h" +#ifdef WIN32 +#include +#define GETLIB(libName) LoadLibrary(libName) +#define GETFUNC(lib,name) GetProcAddress(lib,name) +#define CLOSELIB(lib) CloseHandle(lib) +#else +#include +#define GETLIB(libName) dlopen(libName, RTLD_NOW) +#define GETFUNC(lib,name) dlsym(lib,name) +#define CLOSELIB(lib) dlclose(lib) +#endif + #ifndef TRUE #define TRUE 1 #endif @@ -36,7 +48,7 @@ #define FALSE 0 #endif -char* loadNative(const char *libName); +int loadNative(const char *libName); /* function pointer definitions */ typedef OM_uint32 (*RELEASE_NAME_FN_PTR) diff --git a/jdk/src/share/native/sun/security/jgss/wrapper/NativeUtil.c b/jdk/src/share/native/sun/security/jgss/wrapper/NativeUtil.c index 7095af4e17e..fd4f727823a 100644 --- a/jdk/src/share/native/sun/security/jgss/wrapper/NativeUtil.c +++ b/jdk/src/share/native/sun/security/jgss/wrapper/NativeUtil.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -468,7 +468,7 @@ jstring getJavaString(JNIEnv *env, gss_buffer_t bytes) { if (bytes != NULL) { /* constructs the String object with new String(byte[]) NOTE: do NOT include the trailing NULL */ - len = bytes->length; + len = (int) bytes->length; jbytes = (*env)->NewByteArray(env, len); if (jbytes == NULL) { goto finish; @@ -496,7 +496,6 @@ jstring getMinorMessage(JNIEnv *env, jobject jstub, OM_uint32 statusValue) { OM_uint32 messageContext, minor, major; gss_buffer_desc statusString; gss_OID mech; - jstring msg; messageContext = 0; if (jstub != NULL) { @@ -635,11 +634,11 @@ jbyteArray getJavaBuffer(JNIEnv *env, gss_buffer_t cbytes) { if (cbytes != NULL) { if ((cbytes != GSS_C_NO_BUFFER) && (cbytes->length != 0)) { - result = (*env)->NewByteArray(env, cbytes->length); + result = (*env)->NewByteArray(env, (int) cbytes->length); if (result == NULL) { goto finish; } - (*env)->SetByteArrayRegion(env, result, 0, cbytes->length, + (*env)->SetByteArrayRegion(env, result, 0, (int) cbytes->length, cbytes->value); if ((*env)->ExceptionCheck(env)) { result = NULL; @@ -660,7 +659,6 @@ jbyteArray getJavaBuffer(JNIEnv *env, gss_buffer_t cbytes) { gss_OID newGSSOID(JNIEnv *env, jobject jOid) { jbyteArray jbytes; gss_OID cOid; - jthrowable gssEx; if (jOid != NULL) { jbytes = (*env)->CallObjectMethod(env, jOid, MID_Oid_getDER); if ((*env)->ExceptionCheck(env)) { @@ -782,10 +780,9 @@ jobjectArray getJavaOIDArray(JNIEnv *env, gss_OID_set cOidSet) { jobjectArray jOidSet; jobject jOid; int i; - jthrowable gssEx; if (cOidSet != NULL && cOidSet != GSS_C_NO_OID_SET) { - numOfOids = cOidSet->count; + numOfOids = (int) cOidSet->count; jOidSet = (*env)->NewObjectArray(env, numOfOids, CLS_Oid, NULL); if ((*env)->ExceptionCheck(env)) { return NULL; diff --git a/jdk/src/share/native/sun/security/jgss/wrapper/NativeUtil.h b/jdk/src/share/native/sun/security/jgss/wrapper/NativeUtil.h index 78f72269f8c..478246b7a65 100644 --- a/jdk/src/share/native/sun/security/jgss/wrapper/NativeUtil.h +++ b/jdk/src/share/native/sun/security/jgss/wrapper/NativeUtil.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,9 @@ #include #include #include +#if _MSC_VER >= 1800 +# include +#endif #include "gssapi.h" #ifndef _Included_NATIVE_Util @@ -90,6 +93,14 @@ extern "C" { #define TRACE2(s, p1, p2) { if (JGSS_DEBUG) { printf(s"\n", p1, p2); fflush(stdout); }} #define TRACE3(s, p1, p2, p3) { if (JGSS_DEBUG) { printf(s"\n", p1, p2, p3); fflush(stdout); }} + // Visual Studio 2010-2012 doesn't provide inttypes.h so provide appropriate definitions here. + #if _MSC_VER < 1800 + #ifdef _LP64 + #define PRIuPTR "I64u" + #else + #define PRIuPTR "u" + #endif + #endif #ifdef __cplusplus } diff --git a/jdk/src/share/native/sun/security/jgss/wrapper/gssapi.h b/jdk/src/share/native/sun/security/jgss/wrapper/gssapi.h index f0aa4c570d9..a1f1e3456c1 100644 --- a/jdk/src/share/native/sun/security/jgss/wrapper/gssapi.h +++ b/jdk/src/share/native/sun/security/jgss/wrapper/gssapi.h @@ -387,7 +387,7 @@ GSS_DLLIMP extern gss_OID GSS_C_NT_EXPORT_NAME; /* Function Prototypes */ -OM_uint32 gss_acquire_cred( +GSS_DLLIMP OM_uint32 gss_acquire_cred( OM_uint32 *, /* minor_status */ gss_name_t, /* desired_name */ OM_uint32, /* time_req */ @@ -398,12 +398,12 @@ OM_uint32 gss_acquire_cred( OM_uint32 * /* time_rec */ ); -OM_uint32 gss_release_cred( +GSS_DLLIMP OM_uint32 gss_release_cred( OM_uint32 *, /* minor_status */ gss_cred_id_t * /* cred_handle */ ); -OM_uint32 gss_init_sec_context( +GSS_DLLIMP OM_uint32 gss_init_sec_context( OM_uint32 *, /* minor_status */ gss_cred_id_t, /* claimant_cred_handle */ gss_ctx_id_t *, /* context_handle */ @@ -419,7 +419,7 @@ OM_uint32 gss_init_sec_context( OM_uint32 * /* time_rec */ ); -OM_uint32 gss_accept_sec_context( +GSS_DLLIMP OM_uint32 gss_accept_sec_context( OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ gss_cred_id_t, /* acceptor_cred_handle */ @@ -433,26 +433,26 @@ OM_uint32 gss_accept_sec_context( gss_cred_id_t * /* delegated_cred_handle */ ); -OM_uint32 gss_process_context_token( +GSS_DLLIMP OM_uint32 gss_process_context_token( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t /* token_buffer */ ); -OM_uint32 gss_delete_sec_context( +GSS_DLLIMP OM_uint32 gss_delete_sec_context( OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ gss_buffer_t /* output_token */ ); -OM_uint32 gss_context_time( +GSS_DLLIMP OM_uint32 gss_context_time( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ OM_uint32 * /* time_rec */ ); /* New for V2 */ -OM_uint32 gss_get_mic( +GSS_DLLIMP OM_uint32 gss_get_mic( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_qop_t, /* qop_req */ @@ -461,7 +461,7 @@ OM_uint32 gss_get_mic( ); /* New for V2 */ -OM_uint32 gss_verify_mic( +GSS_DLLIMP OM_uint32 gss_verify_mic( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* message_buffer */ @@ -470,7 +470,7 @@ OM_uint32 gss_verify_mic( ); /* New for V2 */ -OM_uint32 gss_wrap( +GSS_DLLIMP OM_uint32 gss_wrap( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ @@ -481,7 +481,7 @@ OM_uint32 gss_wrap( ); /* New for V2 */ -OM_uint32 gss_unwrap( +GSS_DLLIMP OM_uint32 gss_unwrap( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* input_message_buffer */ @@ -490,7 +490,7 @@ OM_uint32 gss_unwrap( gss_qop_t * /* qop_state */ ); -OM_uint32 gss_display_status( +GSS_DLLIMP OM_uint32 gss_display_status( OM_uint32 *, /* minor_status */ OM_uint32, /* status_value */ int, /* status_type */ @@ -499,48 +499,48 @@ OM_uint32 gss_display_status( gss_buffer_t /* status_string */ ); -OM_uint32 gss_indicate_mechs( +GSS_DLLIMP OM_uint32 gss_indicate_mechs( OM_uint32 *, /* minor_status */ gss_OID_set * /* mech_set */ ); -OM_uint32 gss_compare_name( +GSS_DLLIMP OM_uint32 gss_compare_name( OM_uint32 *, /* minor_status */ gss_name_t, /* name1 */ gss_name_t, /* name2 */ int * /* name_equal */ ); -OM_uint32 gss_display_name( +GSS_DLLIMP OM_uint32 gss_display_name( OM_uint32 *, /* minor_status */ gss_name_t, /* input_name */ gss_buffer_t, /* output_name_buffer */ gss_OID * /* output_name_type */ ); -OM_uint32 gss_import_name( +GSS_DLLIMP OM_uint32 gss_import_name( OM_uint32 *, /* minor_status */ gss_buffer_t, /* input_name_buffer */ gss_OID, /* input_name_type(used to be const) */ gss_name_t * /* output_name */ ); -OM_uint32 gss_release_name( +GSS_DLLIMP OM_uint32 gss_release_name( OM_uint32 *, /* minor_status */ gss_name_t * /* input_name */ ); -OM_uint32 gss_release_buffer( +GSS_DLLIMP OM_uint32 gss_release_buffer( OM_uint32 *, /* minor_status */ gss_buffer_t /* buffer */ ); -OM_uint32 gss_release_oid_set( +GSS_DLLIMP OM_uint32 gss_release_oid_set( OM_uint32 *, /* minor_status */ gss_OID_set * /* set */ ); -OM_uint32 gss_inquire_cred( +GSS_DLLIMP OM_uint32 gss_inquire_cred( OM_uint32 *, /* minor_status */ gss_cred_id_t, /* cred_handle */ gss_name_t *, /* name */ @@ -550,7 +550,7 @@ OM_uint32 gss_inquire_cred( ); /* Last argument new for V2 */ -OM_uint32 gss_inquire_context( +GSS_DLLIMP OM_uint32 gss_inquire_context( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_name_t *, /* src_name */ @@ -563,7 +563,7 @@ OM_uint32 gss_inquire_context( ); /* New for V2 */ -OM_uint32 gss_wrap_size_limit( +GSS_DLLIMP OM_uint32 gss_wrap_size_limit( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ @@ -573,7 +573,7 @@ OM_uint32 gss_wrap_size_limit( ); /* New for V2 */ -OM_uint32 gss_add_cred( +GSS_DLLIMP OM_uint32 gss_add_cred( OM_uint32 *, /* minor_status */ gss_cred_id_t, /* input_cred_handle */ gss_name_t, /* desired_name */ @@ -588,7 +588,7 @@ OM_uint32 gss_add_cred( ); /* New for V2 */ -OM_uint32 gss_inquire_cred_by_mech( +GSS_DLLIMP OM_uint32 gss_inquire_cred_by_mech( OM_uint32 *, /* minor_status */ gss_cred_id_t, /* cred_handle */ gss_OID, /* mech_type */ @@ -599,40 +599,40 @@ OM_uint32 gss_inquire_cred_by_mech( ); /* New for V2 */ -OM_uint32 gss_export_sec_context( +GSS_DLLIMP OM_uint32 gss_export_sec_context( OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ gss_buffer_t /* interprocess_token */ ); /* New for V2 */ -OM_uint32 gss_import_sec_context( +GSS_DLLIMP OM_uint32 gss_import_sec_context( OM_uint32 *, /* minor_status */ gss_buffer_t, /* interprocess_token */ gss_ctx_id_t * /* context_handle */ ); /* New for V2 */ -OM_uint32 gss_release_oid( +GSS_DLLIMP OM_uint32 gss_release_oid( OM_uint32 *, /* minor_status */ gss_OID * /* oid */ ); /* New for V2 */ -OM_uint32 gss_create_empty_oid_set( +GSS_DLLIMP OM_uint32 gss_create_empty_oid_set( OM_uint32 *, /* minor_status */ gss_OID_set * /* oid_set */ ); /* New for V2 */ -OM_uint32 gss_add_oid_set_member( +GSS_DLLIMP OM_uint32 gss_add_oid_set_member( OM_uint32 *, /* minor_status */ gss_OID, /* member_oid */ gss_OID_set * /* oid_set */ ); /* New for V2 */ -OM_uint32 gss_test_oid_set_member( +GSS_DLLIMP OM_uint32 gss_test_oid_set_member( OM_uint32 *, /* minor_status */ gss_OID, /* member */ gss_OID_set, /* set */ @@ -640,42 +640,42 @@ OM_uint32 gss_test_oid_set_member( ); /* New for V2 */ -OM_uint32 gss_str_to_oid( +GSS_DLLIMP OM_uint32 gss_str_to_oid( OM_uint32 *, /* minor_status */ gss_buffer_t, /* oid_str */ gss_OID * /* oid */ ); /* New for V2 */ -OM_uint32 gss_oid_to_str( +GSS_DLLIMP OM_uint32 gss_oid_to_str( OM_uint32 *, /* minor_status */ gss_OID, /* oid */ gss_buffer_t /* oid_str */ ); /* New for V2 */ -OM_uint32 gss_inquire_names_for_mech( +GSS_DLLIMP OM_uint32 gss_inquire_names_for_mech( OM_uint32 *, /* minor_status */ gss_OID, /* mechanism */ gss_OID_set * /* name_types */ ); /* New for V2 */ -OM_uint32 gss_export_name( +GSS_DLLIMP OM_uint32 gss_export_name( OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ gss_buffer_t /* exported_name */ ); /* New for V2 */ -OM_uint32 gss_duplicate_name( +GSS_DLLIMP OM_uint32 gss_duplicate_name( OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ gss_name_t * /* dest_name */ ); /* New for V2 */ -OM_uint32 gss_canonicalize_name( +GSS_DLLIMP OM_uint32 gss_canonicalize_name( OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ const gss_OID, /* mech_type */ diff --git a/jdk/test/java/security/testlibrary/Proc.java b/jdk/test/java/security/testlibrary/Proc.java index 8623def52df..c5c4c1cef9c 100644 --- a/jdk/test/java/security/testlibrary/Proc.java +++ b/jdk/test/java/security/testlibrary/Proc.java @@ -239,6 +239,9 @@ public Proc start() throws IOException { } if (debug != null) { System.out.println("PROC: " + debug + " cmdline: " + cmd); + for (String e : env.keySet()) { + System.out.print(e + "=" + env.get(e) + " "); + } } ProcessBuilder pb = new ProcessBuilder(cmd); for (Entry e: env.entrySet()) { diff --git a/jdk/test/sun/security/krb5/auto/BasicProc.java b/jdk/test/sun/security/krb5/auto/BasicProc.java index 50f65eab52c..94167ddaeb3 100644 --- a/jdk/test/sun/security/krb5/auto/BasicProc.java +++ b/jdk/test/sun/security/krb5/auto/BasicProc.java @@ -41,6 +41,7 @@ import java.util.Set; import jdk.testlibrary.Asserts; +import jdk.testlibrary.Platform; import org.ietf.jgss.Oid; import sun.security.krb5.Config; @@ -229,11 +230,13 @@ private static void once(String label, String lc, String ls, String lb) pc.perm(new PropertyPermission("user.name", "read")); } else { Files.copy(Paths.get("base.ccache"), Paths.get(label + ".ccache")); - Set perms = new HashSet<>(); - perms.add(PosixFilePermission.OWNER_READ); - perms.add(PosixFilePermission.OWNER_WRITE); - Files.setPosixFilePermissions(Paths.get(label + ".ccache"), + if (!Platform.isWindows()) { + Set perms = new HashSet<>(); + perms.add(PosixFilePermission.OWNER_READ); + perms.add(PosixFilePermission.OWNER_WRITE); + Files.setPosixFilePermissions(Paths.get(label + ".ccache"), Collections.unmodifiableSet(perms)); + } pc.env("KRB5CCNAME", label + ".ccache"); // Do not try system ktab if ccache fails pc.env("KRB5_KTNAME", "none"); @@ -300,7 +303,7 @@ private static Proc proc(String lib) throws Exception { .perm(new javax.security.auth.AuthPermission("doAs")); if (lib != null) { p.env("KRB5_CONFIG", CONF) - .env("KRB5_TRACE", "/dev/stderr") + .env("KRB5_TRACE", Platform.isWindows() ? "CON" : "/dev/stderr") .prop("sun.security.jgss.native", "true") .prop("sun.security.jgss.lib", lib) .prop("javax.security.auth.useSubjectCredsOnly", "false") From a2a68737d927e7afa6e5c2d2642d8cb42f9d6be9 Mon Sep 17 00:00:00 2001 From: Aleksey Shipilev Date: Fri, 7 Jul 2023 13:21:29 +0000 Subject: [PATCH 05/34] 8205399: Set node color on pinned HashMap.TreeNode deletion Backport-of: 51d0a9e1223f218d10f8761e38cd2dd478607040 --- jdk/src/share/classes/java/util/HashMap.java | 2 +- jdk/test/java/util/HashMap/TreeBinAssert.java | 175 ++++++++++++++++++ 2 files changed, 176 insertions(+), 1 deletion(-) create mode 100644 jdk/test/java/util/HashMap/TreeBinAssert.java diff --git a/jdk/src/share/classes/java/util/HashMap.java b/jdk/src/share/classes/java/util/HashMap.java index cfeaa6b5bfd..675f1f3bfe2 100644 --- a/jdk/src/share/classes/java/util/HashMap.java +++ b/jdk/src/share/classes/java/util/HashMap.java @@ -2125,7 +2125,7 @@ else if (pr != null) if (replacement != p) { TreeNode pp = replacement.parent = p.parent; if (pp == null) - root = replacement; + (root = replacement).red = false; else if (p == pp.left) pp.left = replacement; else diff --git a/jdk/test/java/util/HashMap/TreeBinAssert.java b/jdk/test/java/util/HashMap/TreeBinAssert.java new file mode 100644 index 00000000000..bde93b5ce7c --- /dev/null +++ b/jdk/test/java/util/HashMap/TreeBinAssert.java @@ -0,0 +1,175 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8205399 + * @summary Check for AssertionError from HashMap TreeBin after Iterator.remove + * @run testng/othervm -esa TreeBinAssert + */ + +import org.testng.annotations.DataProvider; +import org.testng.annotations.Test; +import org.testng.annotations.BeforeTest; +import java.util.Map; +import java.util.Set; +import java.util.Iterator; +import java.util.HashMap; +import java.util.LinkedHashSet; +import java.util.function.BiConsumer; +import java.util.function.Function; + +public class TreeBinAssert { + private static final int ITR_RM = -1; // Remove an item via Iterator + private static final int BIN352442_SIZE = 524288; + private static final int BIN552165_SIZE = 1048576; + + @DataProvider(name = "SizeAndHashes") + public Object[][] sizeAndHashes() { + return new Object[][] { + { // Bin 352442 + BIN352442_SIZE, + new int[] { + 2020958394, + 631595194, + 1984782522, + 419782842, + 285565114, + 1432182970, + 841310394, + 320692410, + 303390906, + ITR_RM, + ITR_RM, + ITR_RM, + ITR_RM, + ITR_RM, + ITR_RM, + ITR_RM, + ITR_RM, + 519397562, + ITR_RM, + 626352314, + 101540026 + } + },{ // Bin 552165 + BIN552165_SIZE, + new int[] { + 790129893, + 1214803173, + 1212706021, + 608726245, + 2073586917, + 1433955557, + 692612325, + 370699493, + 2061004005, + 48786661, + ITR_RM, + ITR_RM, + 1418226917, + ITR_RM, + ITR_RM, + ITR_RM, + ITR_RM, + ITR_RM, + ITR_RM, + ITR_RM, + 1487432933, + ITR_RM, + ITR_RM, + 1880648933, + 338193637 + } + } + }; + } + + @BeforeTest + public void checkAssertionStatus() { + if (!HashMap.class.desiredAssertionStatus()) { + System.out.println("*** Superficial test run. Test should be run with -esa ***\n"); + return; + } + } + + @Test(dataProvider = "SizeAndHashes") + public void testMap(int size, int[] hashes) { + Map map = new HashMap<>(size); + + doTest(map, hashes, + (c,k) -> { ((Map)c).put(k,0); }, + (c) -> { return ((Map)c).keySet().iterator(); } + ); + } + + @Test(dataProvider = "SizeAndHashes") + public void testSet(int size, int[] hashes) { + Set set = new LinkedHashSet<>(size); + + doTest(set, hashes, + (c,k) -> { ((Set)c).add(k); }, + (c) -> { return ((Set)c).iterator(); } + ); + } + + private void doTest(Object collection, int[] hashes, + BiConsumer addKey, + Function> mkItr) { + Iterator itr = null; // saved iterator, used for removals + for (int h : hashes) { + if (h == ITR_RM) { + if (itr == null) { + itr = mkItr.apply(collection); + } + itr.next(); + itr.remove(); + } else { + itr = null; + addKey.accept(collection, new Key(h)); + } + } + } + + /** + * Class that will have specified hash code in a HashMap. + */ + static class Key implements Comparable { + final int hash; + + public Key(int desiredHash) { + // Account for processing done by HashMap + this.hash = desiredHash ^ (desiredHash >>> 16); + } + + @Override public int hashCode() { return this.hash; } + + @Override public boolean equals(Object o) { + return o.hashCode() == this.hashCode(); + } + + @Override public int compareTo(Key k) { + return Integer.compare(this.hash, k.hash); + } + } +} From 108003eb378c7b830119bb7ae41d3a40fcd0809e Mon Sep 17 00:00:00 2001 From: Zdenek Zambersky Date: Mon, 10 Jul 2023 11:24:39 +0000 Subject: [PATCH 06/34] 8309143: [8u] fix archiving inconsistencies in GHA Reviewed-by: phh, sgehwolf --- .github/workflows/submit.yml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/submit.yml b/.github/workflows/submit.yml index 41d6d79fc2b..83a8c98a30d 100644 --- a/.github/workflows/submit.yml +++ b/.github/workflows/submit.yml @@ -180,7 +180,7 @@ jobs: - name: Pack artifacts run: | - tar -cf jdk-${{ env.JDK_VERSION }}-internal+0_linux-x64_bin${{ matrix.artifact }}.tar.gz -C jdk/build/linux-x64/images j2sdk-image + tar -czf jdk-${{ env.JDK_VERSION }}-internal+0_linux-x64_bin${{ matrix.artifact }}.tar.gz -C jdk/build/linux-x64/images j2sdk-image - name: Persist test bundles uses: actions/upload-artifact@v3 @@ -257,7 +257,7 @@ jobs: - name: Unpack jdk run: | mkdir -p "${HOME}/jdk-linux-x64${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_linux-x64_bin${{ matrix.artifact }}" - tar -xf "${HOME}/jdk-linux-x64${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_linux-x64_bin${{ matrix.artifact }}.tar.gz" -C "${HOME}/jdk-linux-x64${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_linux-x64_bin${{ matrix.artifact }}" + tar -xzf "${HOME}/jdk-linux-x64${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_linux-x64_bin${{ matrix.artifact }}.tar.gz" -C "${HOME}/jdk-linux-x64${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_linux-x64_bin${{ matrix.artifact }}" - name: Run tests run: > @@ -532,7 +532,7 @@ jobs: - name: Pack artifacts run: | - tar -cf jdk-${{ env.JDK_VERSION }}-internal+0_linux-x86_bin${{ matrix.artifact }}.tar.gz -C jdk/build/linux-x86/images j2sdk-image + tar -czf jdk-${{ env.JDK_VERSION }}-internal+0_linux-x86_bin${{ matrix.artifact }}.tar.gz -C jdk/build/linux-x86/images j2sdk-image - name: Persist test bundles uses: actions/upload-artifact@v3 @@ -610,7 +610,7 @@ jobs: - name: Unpack jdk run: | mkdir -p "${HOME}/jdk-linux-x86${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_linux-x86_bin${{ matrix.artifact }}" - tar -xf "${HOME}/jdk-linux-x86${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_linux-x86_bin${{ matrix.artifact }}.tar.gz" -C "${HOME}/jdk-linux-x86${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_linux-x86_bin${{ matrix.artifact }}" + tar -xzf "${HOME}/jdk-linux-x86${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_linux-x86_bin${{ matrix.artifact }}.tar.gz" -C "${HOME}/jdk-linux-x86${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_linux-x86_bin${{ matrix.artifact }}" - name: Build multilib docker image if: matrix.test == 'hotspot/tier1' @@ -740,7 +740,7 @@ jobs: & curl -L "$env:BOOT_JDK_URL" -o "$HOME/bootjdk/$env:BOOT_JDK_FILENAME" $FileHash = Get-FileHash -Algorithm SHA256 "$HOME/bootjdk/$env:BOOT_JDK_FILENAME" $FileHash.Hash -eq $env:BOOT_JDK_SHA256 - & tar -xf "$HOME/bootjdk/$env:BOOT_JDK_FILENAME" -C "$HOME/bootjdk/$env:BOOT_JDK_VERSION" + & unzip "$HOME/bootjdk/$env:BOOT_JDK_FILENAME" -d "$HOME/bootjdk/$env:BOOT_JDK_VERSION" Get-ChildItem "$HOME\bootjdk\$env:BOOT_JDK_VERSION\*\*" | Move-Item -Destination "$HOME\bootjdk\$env:BOOT_JDK_VERSION" if: steps.bootjdk.outputs.cache-hit != 'true' @@ -919,7 +919,7 @@ jobs: & curl -L "$env:BOOT_JDK_URL" -o "$HOME/bootjdk/$env:BOOT_JDK_FILENAME" $FileHash = Get-FileHash -Algorithm SHA256 "$HOME/bootjdk/$env:BOOT_JDK_FILENAME" $FileHash.Hash -eq $env:BOOT_JDK_SHA256 - & tar -xf "$HOME/bootjdk/$env:BOOT_JDK_FILENAME" -C "$HOME/bootjdk/$env:BOOT_JDK_VERSION" + & unzip "$HOME/bootjdk/$env:BOOT_JDK_FILENAME" -d "$HOME/bootjdk/$env:BOOT_JDK_VERSION" Get-ChildItem "$HOME\bootjdk\$env:BOOT_JDK_VERSION\*\*" | Move-Item -Destination "$HOME\bootjdk\$env:BOOT_JDK_VERSION" if: steps.bootjdk.outputs.cache-hit != 'true' @@ -1058,7 +1058,7 @@ jobs: & curl -L "$env:BOOT_JDK_URL" -o "$HOME/bootjdk/$env:BOOT_JDK_FILENAME" $FileHash = Get-FileHash -Algorithm SHA256 "$HOME/bootjdk/$env:BOOT_JDK_FILENAME" $FileHash.Hash -eq $env:BOOT_JDK_SHA256 - & tar -xf "$HOME/bootjdk/$env:BOOT_JDK_FILENAME" -C "$HOME/bootjdk/$env:BOOT_JDK_VERSION" + & unzip "$HOME/bootjdk/$env:BOOT_JDK_FILENAME" -d "$HOME/bootjdk/$env:BOOT_JDK_VERSION" Get-ChildItem "$HOME\bootjdk\$env:BOOT_JDK_VERSION\*\*" | Move-Item -Destination "$HOME\bootjdk\$env:BOOT_JDK_VERSION" if: steps.bootjdk.outputs.cache-hit != 'true' @@ -1119,7 +1119,7 @@ jobs: - name: Unpack jdk run: | mkdir -p "${HOME}/jdk-windows-x64${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_windows-x64_bin${{ matrix.artifact }}" - tar -xf "${HOME}/jdk-windows-x64${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_windows-x64_bin${{ matrix.artifact }}.zip" -C "${HOME}/jdk-windows-x64${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_windows-x64_bin${{ matrix.artifact }}" + unzip "${HOME}/jdk-windows-x64${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_windows-x64_bin${{ matrix.artifact }}.zip" -d "${HOME}/jdk-windows-x64${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_windows-x64_bin${{ matrix.artifact }}" - name: Create results dir run: | @@ -1214,7 +1214,7 @@ jobs: & curl -L "$env:BOOT_JDK_URL" -o "$HOME/bootjdk/$env:BOOT_JDK_FILENAME" $FileHash = Get-FileHash -Algorithm SHA256 "$HOME/bootjdk/$env:BOOT_JDK_FILENAME" $FileHash.Hash -eq $env:BOOT_JDK_SHA256 - & tar -xf "$HOME/bootjdk/$env:BOOT_JDK_FILENAME" -C "$HOME/bootjdk/$env:BOOT_JDK_VERSION" + & unzip "$HOME/bootjdk/$env:BOOT_JDK_FILENAME" -d "$HOME/bootjdk/$env:BOOT_JDK_VERSION" Get-ChildItem "$HOME\bootjdk\$env:BOOT_JDK_VERSION\*\*" | Move-Item -Destination "$HOME\bootjdk\$env:BOOT_JDK_VERSION" if: steps.bootjdk.outputs.cache-hit != 'true' @@ -1275,7 +1275,7 @@ jobs: - name: Unpack jdk run: | mkdir -p "${HOME}/jdk-windows-x86${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_windows-x86_bin${{ matrix.artifact }}" - tar -xf "${HOME}/jdk-windows-x86${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_windows-x86_bin${{ matrix.artifact }}.zip" -C "${HOME}/jdk-windows-x86${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_windows-x86_bin${{ matrix.artifact }}" + unzip "${HOME}/jdk-windows-x86${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_windows-x86_bin${{ matrix.artifact }}.zip" -d "${HOME}/jdk-windows-x86${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_windows-x86_bin${{ matrix.artifact }}" - name: Create results dir run: | @@ -1367,7 +1367,7 @@ jobs: mkdir -p ${HOME}/bootjdk/${BOOT_JDK_VERSION} || true wget -O "${HOME}/bootjdk/${BOOT_JDK_FILENAME}" "${BOOT_JDK_URL}" echo "${BOOT_JDK_SHA256} ${HOME}/bootjdk/${BOOT_JDK_FILENAME}" | shasum -a 256 -c >/dev/null - - tar -xf "${HOME}/bootjdk/${BOOT_JDK_FILENAME}" -C "${HOME}/bootjdk/${BOOT_JDK_VERSION}" + tar -xzf "${HOME}/bootjdk/${BOOT_JDK_FILENAME}" -C "${HOME}/bootjdk/${BOOT_JDK_VERSION}" mv "${HOME}/bootjdk/${BOOT_JDK_VERSION}/"*/* "${HOME}/bootjdk/${BOOT_JDK_VERSION}/" if: steps.bootjdk.outputs.cache-hit != 'true' @@ -1413,7 +1413,7 @@ jobs: - name: Pack artifacts run: | - tar -cf jdk-${{ env.JDK_VERSION }}-internal+0_osx-x64_bin${{ matrix.artifact }}.tar.gz -C jdk/build/macos-x64/images j2sdk-image + tar -czf jdk-${{ env.JDK_VERSION }}-internal+0_osx-x64_bin${{ matrix.artifact }}.tar.gz -C jdk/build/macos-x64/images j2sdk-image - name: Persist test bundles uses: actions/upload-artifact@v3 @@ -1467,7 +1467,7 @@ jobs: mkdir -p ${HOME}/bootjdk/${BOOT_JDK_VERSION} || true wget -O "${HOME}/bootjdk/${BOOT_JDK_FILENAME}" "${BOOT_JDK_URL}" echo "${BOOT_JDK_SHA256} ${HOME}/bootjdk/${BOOT_JDK_FILENAME}" | shasum -a 256 -c >/dev/null - - tar -xf "${HOME}/bootjdk/${BOOT_JDK_FILENAME}" -C "${HOME}/bootjdk/${BOOT_JDK_VERSION}" + tar -xzf "${HOME}/bootjdk/${BOOT_JDK_FILENAME}" -C "${HOME}/bootjdk/${BOOT_JDK_VERSION}" mv "${HOME}/bootjdk/${BOOT_JDK_VERSION}/"*/* "${HOME}/bootjdk/${BOOT_JDK_VERSION}/" if: steps.bootjdk.outputs.cache-hit != 'true' @@ -1504,7 +1504,7 @@ jobs: - name: Unpack jdk run: | mkdir -p "${HOME}/jdk-macos-x64${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_osx-x64_bin${{ matrix.artifact }}" - tar -xf "${HOME}/jdk-macos-x64${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_osx-x64_bin${{ matrix.artifact }}.tar.gz" -C "${HOME}/jdk-macos-x64${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_osx-x64_bin${{ matrix.artifact }}" + tar -xzf "${HOME}/jdk-macos-x64${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_osx-x64_bin${{ matrix.artifact }}.tar.gz" -C "${HOME}/jdk-macos-x64${{ matrix.artifact }}/jdk-${{ env.JDK_VERSION }}-internal+0_osx-x64_bin${{ matrix.artifact }}" - name: Install dependencies run: brew install make From 15077ad189dc24d7776998f63c2245c3c61ab2bb Mon Sep 17 00:00:00 2001 From: Zdenek Zambersky Date: Mon, 10 Jul 2023 11:44:01 +0000 Subject: [PATCH 07/34] 8310026: [8u] make java_lang_String::hash_code consistent across platforms Reviewed-by: phh, adinn, stuefe --- .../classes/sun/jvm/hotspot/utilities/Hashtable.java | 2 +- hotspot/src/share/vm/classfile/javaClasses.hpp | 12 +++++++++++- hotspot/src/share/vm/classfile/symbolTable.cpp | 2 +- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/hotspot/agent/src/share/classes/sun/jvm/hotspot/utilities/Hashtable.java b/hotspot/agent/src/share/classes/sun/jvm/hotspot/utilities/Hashtable.java index e2281e7b321..72ad355f07d 100644 --- a/hotspot/agent/src/share/classes/sun/jvm/hotspot/utilities/Hashtable.java +++ b/hotspot/agent/src/share/classes/sun/jvm/hotspot/utilities/Hashtable.java @@ -63,7 +63,7 @@ protected static long hashSymbol(byte[] buf) { int len = buf.length; // Emulate the unsigned int in java_lang_String::hash_code while (len-- > 0) { - h = 31*h + (0xFFFFFFFFL & buf[s]); + h = 31*h + (0xFFL & buf[s]); s++; } return h & 0xFFFFFFFFL; diff --git a/hotspot/src/share/vm/classfile/javaClasses.hpp b/hotspot/src/share/vm/classfile/javaClasses.hpp index 6f403d0442c..75950200f47 100644 --- a/hotspot/src/share/vm/classfile/javaClasses.hpp +++ b/hotspot/src/share/vm/classfile/javaClasses.hpp @@ -177,7 +177,7 @@ class java_lang_String : AllStatic { // hash P(31) from Kernighan & Ritchie // // For this reason, THIS ALGORITHM MUST MATCH String.hashCode(). - template static unsigned int hash_code(T* s, int len) { + static unsigned int hash_code(const jchar* s, int len) { unsigned int h = 0; while (len-- > 0) { h = 31*h + (unsigned int) *s; @@ -185,6 +185,16 @@ class java_lang_String : AllStatic { } return h; } + + static unsigned int hash_code(const jbyte* s, int len) { + unsigned int h = 0; + while (len-- > 0) { + h = 31*h + (((unsigned int) *s) & 0xFF); + s++; + } + return h; + } + static unsigned int hash_code(oop java_string); // This is the string hash code used by the StringTable, which may be diff --git a/hotspot/src/share/vm/classfile/symbolTable.cpp b/hotspot/src/share/vm/classfile/symbolTable.cpp index 8dd4e6b2121..1c6b42fceb0 100644 --- a/hotspot/src/share/vm/classfile/symbolTable.cpp +++ b/hotspot/src/share/vm/classfile/symbolTable.cpp @@ -225,7 +225,7 @@ Symbol* SymbolTable::lookup(int index, const char* name, unsigned int SymbolTable::hash_symbol(const char* s, int len) { return use_alternate_hashcode() ? AltHashing::halfsiphash_32(seed(), (const uint8_t*)s, len) : - java_lang_String::hash_code(s, len); + java_lang_String::hash_code((const jbyte*)s, len); } From 4dc1305cafe7913b194e9a8ebc01c49e6dc14a6d Mon Sep 17 00:00:00 2001 From: Andrew John Hughes Date: Thu, 13 Jul 2023 16:33:19 +0000 Subject: [PATCH 08/34] 8301119: Support for GB18030-2022 8310947: gb18030-2000 not selectable with LANG=zh_CN.GB18030 after JDK-8301119 Co-authored-by: Severin Gehwolf Reviewed-by: stuefe, sgehwolf Backport-of: 5c4e744dabcf7785c35168db5d0458ccebfd41e6 --- .../sun/nio/cs/AbstractCharsetProvider.java | 2 - .../sun/nio/cs/ext/ExtendedCharsets.java | 50 +- .../share/classes/sun/nio/cs/ext/GB18030.java | 172 ++-- .../charset/Charset/RegisteredCharsets.java | 11 +- .../testlibrary/jdk/testlibrary/Utils.java | 733 +++++++++++++++++- jdk/test/sun/nio/cs/TestGB18030.java | 25 +- jdk/test/sun/nio/cs/mapping/CoderTest.java | 16 +- jdk/test/sun/nio/cs/mapping/GB18030.b2c | 81 +- .../sun/nio/cs/mapping/GB18030_2000.b2c} | 4 +- 9 files changed, 979 insertions(+), 115 deletions(-) rename jdk/{make/data/charsetmapping/GB18030.map => test/sun/nio/cs/mapping/GB18030_2000.b2c} (99%) diff --git a/jdk/src/share/classes/sun/nio/cs/AbstractCharsetProvider.java b/jdk/src/share/classes/sun/nio/cs/AbstractCharsetProvider.java index dd0fd23fd15..58d029addbd 100644 --- a/jdk/src/share/classes/sun/nio/cs/AbstractCharsetProvider.java +++ b/jdk/src/share/classes/sun/nio/cs/AbstractCharsetProvider.java @@ -31,11 +31,9 @@ import java.util.ArrayList; import java.util.TreeMap; import java.util.Iterator; -import java.util.Locale; import java.util.Map; import sun.misc.ASCIICaseInsensitiveComparator; - /** * Abstract base class for charset providers. * diff --git a/jdk/src/share/classes/sun/nio/cs/ext/ExtendedCharsets.java b/jdk/src/share/classes/sun/nio/cs/ext/ExtendedCharsets.java index 348fda5ede4..6b4fd46ae1f 100644 --- a/jdk/src/share/classes/sun/nio/cs/ext/ExtendedCharsets.java +++ b/jdk/src/share/classes/sun/nio/cs/ext/ExtendedCharsets.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,11 +25,9 @@ package sun.nio.cs.ext; -import java.lang.ref.SoftReference; -import java.nio.charset.Charset; -import java.nio.charset.spi.CharsetProvider; import sun.nio.cs.AbstractCharsetProvider; import java.security.AccessController; + import sun.security.action.GetPropertyAction; @@ -115,9 +113,11 @@ public ExtendedCharsets() { "CP936" }); + // The definition of this charset may be overridden by the init method + // below, if the jdk.charset.GB18030 property is set charset("GB18030", "GB18030", new String[] { - "gb18030-2000" + "gb18030-2022" }); charset("GB2312", "EUC_CN", @@ -1136,14 +1136,15 @@ public ExtendedCharsets() { } private boolean initialized = false; + private boolean isGB18030_2000 = false; - // If the sun.nio.cs.map property is defined on the command line we won't - // see it in the system-properties table until after the charset subsystem - // has been initialized. We therefore delay the effect of this property - // until after the JRE has completely booted. + // If the sun.nio.cs.map and/or jdk.charset.GB18030 properties are defined + // on the command line we won't see them in the system-properties table until + // after the charset subsystem has been initialized. We therefore delay + // the effect of these property until after the JRE has completely booted. // - // At the moment following values for this property are supported, property - // value string is case insensitive. + // At the moment the following values for the sun.nio.cs.map property are + // supported and the property value string is case insensitive. // // (1)"Windows-31J/Shift_JIS" // In 1.4.1 we added a correct implementation of the Shift_JIS charset @@ -1176,6 +1177,10 @@ public ExtendedCharsets() { // where each charset named to the left of a slash is intended to replace // (most) uses of the charset named to the right of the slash. // + // The jdk.charset.GB18030 property is simpler and accepts only the value + // "2000". If this value is given, the older GB18030-2000 variant of the + // character set replaces the default GB18030-2022 variant. + // protected void init() { if (initialized) return; @@ -1184,6 +1189,8 @@ protected void init() { String map = AccessController.doPrivileged( new GetPropertyAction("sun.nio.cs.map")); + boolean isGB18030_2000 = "2000".equals(AccessController.doPrivileged( + new GetPropertyAction("jdk.charset.GB18030"))); boolean sjisIsMS932 = false; boolean iso2022jpIsMS50221 = false; boolean iso2022jpIsMS50220 = false; @@ -1202,6 +1209,16 @@ protected void init() { } } } + if (isGB18030_2000) { + deleteCharset("GB18030", + new String[] { + "gb18030-2022" + }); + charset("GB18030", "GB18030", + new String[] { + "gb18030-2000" + }); + } if (sjisIsMS932) { deleteCharset("Shift_JIS", new String[] { @@ -1314,6 +1331,7 @@ protected void init() { "x-compound-text" }); } + this.isGB18030_2000 = isGB18030_2000; initialized = true; } @@ -1322,4 +1340,14 @@ public static String[] aliasesFor(String charsetName) { return null; return instance.aliases(charsetName); } + + static boolean IS_2000() { + if (instance == null) { + return false; + } + if (!instance.initialized) { + instance.init(); + } + return instance.isGB18030_2000; + } } diff --git a/jdk/src/share/classes/sun/nio/cs/ext/GB18030.java b/jdk/src/share/classes/sun/nio/cs/ext/GB18030.java index ddbd7bc121e..16010ce4a97 100644 --- a/jdk/src/share/classes/sun/nio/cs/ext/GB18030.java +++ b/jdk/src/share/classes/sun/nio/cs/ext/GB18030.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1045,7 +1045,8 @@ public CharsetEncoder newEncoder() { "\u1E26\u1E27\u1E28\u1E29\u1E2A\u1E2B\u1E2C\u1E2D"+ "\u1E2E\u1E2F\u1E30\u1E31\u1E32\u1E33\u1E34\u1E35"+ "\u1E36\u1E37\u1E38\u1E39\u1E3A\u1E3B\u1E3C\u1E3D"+ - "\u1E3E\u1E3F\u1E40\u1E41\u1E42\u1E43\u1E44\u1E45"+ + (ExtendedCharsets.IS_2000() ? "\u1E3E\u1E3F\u1E40\u1E41\u1E42\u1E43\u1E44\u1E45" : + "\u1E3E\uE7C7\u1E40\u1E41\u1E42\u1E43\u1E44\u1E45")+ "\u1E46\u1E47\u1E48\u1E49\u1E4A\u1E4B\u1E4C\u1E4D"+ "\u1E4E\u1E4F\u1E50\u1E51\u1E52\u1E53\u1E54\u1E55"+ "\u1E56\u1E57\u1E58\u1E59\u1E5A\u1E5B\u1E5C\u1E5D"+ @@ -2501,8 +2502,10 @@ public CharsetEncoder newEncoder() { "\u4DF5\u4DF6\u4DF7\u4DF8\u4DF9\u4DFA\u4DFB\u4DFC"+ "\u4DFD\u4DFE\u4DFF\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD"+ "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD"+ - "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD"+ - "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD"+ + (ExtendedCharsets.IS_2000() ? "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD"+ + "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD" : + "\uFFFD\uE81E\uE826\uE82B\uE82C\uE832\uE843\uE854"+ + "\uE864\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD")+ "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD"+ "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD"+ "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD"+ @@ -2765,8 +2768,10 @@ public CharsetEncoder newEncoder() { "\uFDF4\uFDF5\uFDF6\uFDF7\uFDF8\uFDF9\uFDFA\uFDFB"+ "\uFDFC\uFDFD\uFDFE\uFDFF\uFE00\uFE01\uFE02\uFE03"+ "\uFE04\uFE05\uFE06\uFE07\uFE08\uFE09\uFE0A\uFE0B"+ - "\uFE0C\uFE0D\uFE0E\uFE0F\uFE10\uFE11\uFE12\uFE13"+ - "\uFE14\uFE15\uFE16\uFE17\uFE18\uFE19\uFE1A\uFE1B"+ + (ExtendedCharsets.IS_2000() ? "\uFE0C\uFE0D\uFE0E\uFE0F\uFE10\uFE11\uFE12\uFE13"+ + "\uFE14\uFE15\uFE16\uFE17\uFE18\uFE19\uFE1A\uFE1B" : + "\uFE0C\uFE0D\uFE0E\uFE0F\uE78D\uE78F\uE78E\uE790"+ + "\uE791\uE792\uE793\uE794\uE795\uE796\uFE1A\uFE1B")+ "\uFE1C\uFE1D\uFE1E\uFE1F\uFE20\uFE21\uFE22\uFE23"+ "\uFE24\uFE25\uFE26\uFE27\uFE28\uFE29\uFE2A\uFE2B"+ "\uFE2C\uFE2D\uFE2E\uFE2F\uFE32\uFE45\uFE46\uFE47"+ @@ -3772,10 +3777,14 @@ public CharsetEncoder newEncoder() { "\uE78A\uE78B\uE78C\u03B1\u03B2\u03B3\u03B4\u03B5"+ "\u03B6\u03B7\u03B8\u03B9\u03BA\u03BB\u03BC\u03BD"+ "\u03BE\u03BF\u03C0\u03C1\u03C3\u03C4\u03C5\u03C6"+ - "\u03C7\u03C8\u03C9\uE78D\uE78E\uE78F\uE790\uE791"+ - "\uE792\uE793\uFE35\uFE36\uFE39\uFE3A\uFE3F\uFE40"+ - "\uFE3D\uFE3E\uFE41\uFE42\uFE43\uFE44\uE794\uE795"+ - "\uFE3B\uFE3C\uFE37\uFE38\uFE31\uE796\uFE33\uFE34"+ + (ExtendedCharsets.IS_2000() ? "\u03C7\u03C8\u03C9\uE78D\uE78E\uE78F\uE790\uE791"+ + "\uE792\uE793\uFE35\uFE36\uFE39\uFE3A\uFE3F\uFE40"+ + "\uFE3D\uFE3E\uFE41\uFE42\uFE43\uFE44\uE794\uE795"+ + "\uFE3B\uFE3C\uFE37\uFE38\uFE31\uE796\uFE33\uFE34" : + "\u03C7\u03C8\u03C9\uFE10\uFE12\uFE11\uFE13\uFE14"+ + "\uFE15\uFE16\uFE35\uFE36\uFE39\uFE3A\uFE3F\uFE40"+ + "\uFE3D\uFE3E\uFE41\uFE42\uFE43\uFE44\uFE17\uFE18"+ + "\uFE3B\uFE3C\uFE37\uFE38\uFE31\uFE19\uFE33\uFE34")+ "\uE797\uE798\uE799\uE79A\uE79B\uE79C\uE79D\uE79E"+ "\uE79F\uE706\uE707\uE708\uE709\uE70A\uE70B\uE70C"+ "\uE70D\uE70E\uE70F\uE710\uE711\uE712\uE713\uE714"+ @@ -3816,7 +3825,8 @@ public CharsetEncoder newEncoder() { "\uE7C6\u0101\u00E1\u01CE\u00E0\u0113\u00E9\u011B"+ "\u00E8\u012B\u00ED\u01D0\u00EC\u014D\u00F3\u01D2"+ "\u00F2\u016B\u00FA\u01D4\u00F9\u01D6\u01D8\u01DA"+ - "\u01DC\u00FC\u00EA\u0251\uE7C7\u0144\u0148\u01F9"+ + (ExtendedCharsets.IS_2000() ? "\u01DC\u00FC\u00EA\u0251\uE7C7\u0144\u0148\u01F9" : + "\u01DC\u00FC\u00EA\u0251\u1E3F\u0144\u0148\u01F9")+ "\u0261\uE7C9\uE7CA\uE7CB\uE7CC\u3105\u3106\u3107"+ "\u3108\u3109\u310A\u310B\u310C\u310D\u310E\u310F"+ "\u3110\u3111\u3112\u3113\u3114\u3115\u3116\u3117"+ @@ -5867,16 +5877,22 @@ public CharsetEncoder newEncoder() { "\uE466\uE467\uFA0C\uFA0D\uFA0E\uFA0F\uFA11\uFA13"+ "\uFA14\uFA18\uFA1F\uFA20\uFA21\uFA23\uFA24\uFA27"+ "\uFA28\uFA29\u2E81\uE816\uE817\uE818\u2E84\u3473"+ - "\u3447\u2E88\u2E8B\uE81E\u359E\u361A\u360E\u2E8C"+ - "\u2E97\u396E\u3918\uE826\u39CF\u39DF\u3A73\u39D0"+ - "\uE82B\uE82C\u3B4E\u3C6E\u3CE0\u2EA7\uE831\uE832"+ + (ExtendedCharsets.IS_2000() ? "\u3447\u2E88\u2E8B\uE81E\u359E\u361A\u360E\u2E8C"+ + "\u2E97\u396E\u3918\uE826\u39CF\u39DF\u3A73\u39D0"+ + "\uE82B\uE82C\u3B4E\u3C6E\u3CE0\u2EA7\uE831\uE832" : + "\u3447\u2E88\u2E8B\u9FB4\u359E\u361A\u360E\u2E8C"+ + "\u2E97\u396E\u3918\u9FB5\u39CF\u39DF\u3A73\u39D0"+ + "\u9FB6\u9FB7\u3B4E\u3C6E\u3CE0\u2EA7\uE831\u9FB8")+ "\u2EAA\u4056\u415F\u2EAE\u4337\u2EB3\u2EB6\u2EB7"+ "\uE83B\u43B1\u43AC\u2EBB\u43DD\u44D6\u4661\u464C"+ - "\uE843\uFFFD\u4723\u4729\u477C\u478D\u2ECA\u4947"+ + (ExtendedCharsets.IS_2000() ? "\uE843\uFFFD\u4723\u4729\u477C\u478D\u2ECA\u4947" : + "\u9FB9\uFFFD\u4723\u4729\u477C\u478D\u2ECA\u4947")+ "\u497A\u497D\u4982\u4983\u4985\u4986\u499F\u499B"+ - "\u49B7\u49B6\uE854\uE855\u4CA3\u4C9F\u4CA0\u4CA1"+ + (ExtendedCharsets.IS_2000() ? "\u49B7\u49B6\uE854\uE855\u4CA3\u4C9F\u4CA0\u4CA1" : + "\u49B7\u49B6\u9FBA\uE855\u4CA3\u4C9F\u4CA0\u4CA1")+ "\u4C77\u4CA2\u4D13\u4D14\u4D15\u4D16\u4D17\u4D18"+ - "\u4D19\u4DAE\uE864\uE468\uE469\uE46A\uE46B\uE46C"+ + (ExtendedCharsets.IS_2000() ? "\u4D19\u4DAE\uE864\uE468\uE469\uE46A\uE46B\uE46C" : + "\u4D19\u4DAE\u9FBB\uE468\uE469\uE46A\uE46B\uE46C")+ "\uE46D\uE46E\uE46F\uE470\uE471\uE472\uE473\uE474"+ "\uE475\uE476\uE477\uE478\uE479\uE47A\uE47B\uE47C"+ "\uE47D\uE47E\uE47F\uE480\uE481\uE482\uE483\uE484"+ @@ -6894,7 +6910,8 @@ public CharsetEncoder newEncoder() { "\u3D02\u3D03\u3D04\u3D05\u3D06\u3D07\u3D08\u3D09"+ "\u3D0A\u3D0B\u3D0C\u3D0D\u3D0E\u3D0F\u3D10\u3D11"+ "\u3D12\u3D13\u3D14\u3D15\u3D16\u3D17\u3D18\u3D19"+ - "\u3D1A\u3D1B\u3D1C\u3D1D\u3D1E\u3D1F\u3D20\u3D21"+ + (ExtendedCharsets.IS_2000() ? "\u3D1A\u3D1B\u3D1C\u3D1D\u3D1E\u3D1F\u3D20\u3D21" : + "\u3D1A\u3D1B\u3D1C\u3D1D\u3D1E\u3D1F\u3D20\uA8BC")+ "\u3D22\u3D23\u3D24\u3D25\u3D26\u3D27\u3D28\u3D29"+ "\u3D2A\u3D2B\u3D2C\u3D2D\u3D2E\u3D2F\u3D30\u3D31"+ "\u3D32\u3D33\u3D34\u3D35\u3D36\u3D37\u3D38\u3D39"+ @@ -11053,8 +11070,10 @@ public CharsetEncoder newEncoder() { "\uFD93\uC1FA\uB9A8\uEDE8\uFD94\uFD95\uFD96\uB9EA"+ "\uD9DF\uFD97\uFD98\uFD99\uFD9A\uFD9B\u6A63\u6A64"+ "\u6A65\u6A66\u6A67\u6A68\u6A69\u6A6A\u6A6B\u6A6C"+ - "\u6A6D\u6A6E\u6A6F\u6A70\u6A71\u6A72\u6A73\u6A74"+ - "\u6A75\u6A76\u6A77\u6A78\u6A79\u6A7A\u6A7B\u6A7C"+ + (ExtendedCharsets.IS_2000() ? "\u6A6D\u6A6E\u6A6F\u6A70\u6A71\u6A72\u6A73\u6A74"+ + "\u6A75\u6A76\u6A77\u6A78\u6A79\u6A7A\u6A7B\u6A7C" : + "\u6A6D\u6A6E\u6A6F\u6A70\uFE59\uFE61\uFE66\uFE67"+ + "\uFE6D\uFE7E\uFE90\uFEA0\u6A79\u6A7A\u6A7B\u6A7C")+ "\u6A7D\u6A7E\u6A7F\u6A80\u6A81\u6A82\u6A83\u6A84"+ "\u6A85\u6A86\u6A87\u6A88\u6A89\u6A8A\u6A8B\u6A8C"+ "\u6A8D\u6A8E\u6A8F\u6A90\u6A91\u6A92\u6A93\u6A94"+ @@ -11466,14 +11485,17 @@ public CharsetEncoder newEncoder() { "\uA2FD\uA2FE\uA4F4\uA4F5\uA4F6\uA4F7\uA4F8\uA4F9"+ "\uA4FA\uA4FB\uA4FC\uA4FD\uA4FE\uA5F7\uA5F8\uA5F9"+ "\uA5FA\uA5FB\uA5FC\uA5FD\uA5FE\uA6B9\uA6BA\uA6BB"+ - "\uA6BC\uA6BD\uA6BE\uA6BF\uA6C0\uA6D9\uA6DA\uA6DB"+ - "\uA6DC\uA6DD\uA6DE\uA6DF\uA6EC\uA6ED\uA6F3\uA6F6"+ + (ExtendedCharsets.IS_2000() ? "\uA6BC\uA6BD\uA6BE\uA6BF\uA6C0\uA6D9\uA6DA\uA6DB"+ + "\uA6DC\uA6DD\uA6DE\uA6DF\uA6EC\uA6ED\uA6F3\uA6F6" : + "\uA6BC\uA6BD\uA6BE\uA6BF\uA6C0\u35E7\u35E9\u35E8"+ + "\u35EA\u35EB\u35EC\u35ED\u35EE\u35EF\u35F0\uA6F6")+ "\uA6F7\uA6F8\uA6F9\uA6FA\uA6FB\uA6FC\uA6FD\uA6FE"+ "\uA7C2\uA7C3\uA7C4\uA7C5\uA7C6\uA7C7\uA7C8\uA7C9"+ "\uA7CA\uA7CB\uA7CC\uA7CD\uA7CE\uA7CF\uA7D0\uA7F2"+ "\uA7F3\uA7F4\uA7F5\uA7F6\uA7F7\uA7F8\uA7F9\uA7FA"+ "\uA7FB\uA7FC\uA7FD\uA7FE\uA896\uA897\uA898\uA899"+ - "\uA89A\uA89B\uA89C\uA89D\uA89E\uA89F\uA8A0\uA8BC"+ + (ExtendedCharsets.IS_2000() ? "\uA89A\uA89B\uA89C\uA89D\uA89E\uA89F\uA8A0\uA8BC" : + "\uA89A\uA89B\uA89C\uA89D\uA89E\uA89F\uA8A0\u3D21")+ "\u2001\uA8C1\uA8C2\uA8C3\uA8C4\uA8EA\uA8EB\uA8EC"+ "\uA8ED\uA8EE\uA8EF\uA8F0\uA8F1\uA8F2\uA8F3\uA8F4"+ "\uA8F5\uA8F6\uA8F7\uA8F8\uA8F9\uA8FA\uA8FB\uA8FC"+ @@ -11484,16 +11506,23 @@ public CharsetEncoder newEncoder() { "\uA9A3\uA9F0\uA9F1\uA9F2\uA9F3\uA9F4\uA9F5\uA9F6"+ "\uA9F7\uA9F8\uA9F9\uA9FA\uA9FB\uA9FC\uA9FD\uA9FE"+ "\uD7FA\uD7FB\uD7FC\uD7FD\uD7FE\u200F\uFE51\uFE52"+ - "\uFE53\u2010\u2011\u2012\u2013\u2014\uFE59\u2015"+ - "\u2016\u2017\u2018\u2019\u201A\u201B\uFE61\u201C"+ - "\u201D\u201E\u201F\uFE66\uFE67\u2020\u2021\u2022"+ - "\u2023\uFE6C\uFE6D\u2024\u2025\u2026\u2027\u2028"+ + (ExtendedCharsets.IS_2000() ? "\uFE53\u2010\u2011\u2012\u2013\u2014\uFE59\u2015"+ + "\u2016\u2017\u2018\u2019\u201A\u201B\uFE61\u201C"+ + "\u201D\u201E\u201F\uFE66\uFE67\u2020\u2021\u2022"+ + "\u2023\uFE6C\uFE6D\u2024\u2025\u2026\u2027\u2028" : + "\uFE53\u2010\u2011\u2012\u2013\u2014\u6A71\u2015"+ + "\u2016\u2017\u2018\u2019\u201A\u201B\u6A72\u201C"+ + "\u201D\u201E\u201F\u6A73\u6A74\u2020\u2021\u2022"+ + "\u2023\uFE6C\u6A75\u2024\u2025\u2026\u2027\u2028")+ "\u2029\u202A\u202B\uFE76\u202C\u202D\u202E\u202F"+ - "\u2030\u2031\u2032\uFE7E\u2033\u2034\u2035\u2036"+ + (ExtendedCharsets.IS_2000() ? "\u2030\u2031\u2032\uFE7E\u2033\u2034\u2035\u2036" : + "\u2030\u2031\u2032\u6A76\u2033\u2034\u2035\u2036")+ "\u2037\u2038\u2039\u203A\u203B\u203C\u203D\u203E"+ - "\u203F\u2040\u2041\u2042\uFE90\uFE91\u2043\u2044"+ + (ExtendedCharsets.IS_2000() ? "\u203F\u2040\u2041\u2042\uFE90\uFE91\u2043\u2044" : + "\u203F\u2040\u2041\u2042\u6A77\uFE91\u2043\u2044")+ "\u2045\u2046\u2047\u2048\u2049\u204A\u204B\u204C"+ - "\u204D\u204E\u204F\u2050\uFEA0\u2051\u2052\u2053"+ + (ExtendedCharsets.IS_2000() ? "\u204D\u204E\u204F\u2050\uFEA0\u2051\u2052\u2053" : + "\u204D\u204E\u204F\u2050\u6A78\u2051\u2052\u2053")+ "\u2054\u2055\u2056\u2057\u2058\u2059\u205A\u205B"+ "\u205C\u205D\u205E\u205F\u2060\u2061\u2062\u2063"+ "\u2064\u2065\u2066\u2067\u2068\u2069\u206A\u206B"+ @@ -12191,8 +12220,10 @@ public CharsetEncoder newEncoder() { "\u24E3\u24E4\u24E5\u24E6\u24E7\u24E8\u24E9\u24EA"+ "\u24EB\u24EC\u24ED\u24EE\u24EF\u24F0\u24F1\u24F2"+ "\u24F3\u24F4\u24F5\u24F6\u24F7\u24F8\u24F9\u24FA"+ - "\u24FB\u24FC\u24FD\u24FE\u24FF\u2500\u2501\u2502"+ - "\u2503\u2504\u2505\u2506\u2507\u2508\u2509\u250A"+ + (ExtendedCharsets.IS_2000() ? "\u24FB\u24FC\u24FD\u24FE\u24FF\u2500\u2501\u2502"+ + "\u2503\u2504\u2505\u2506\u2507\u2508\u2509\u250A" : + "\uA6D9\uA6DB\uA6DA\uA6DC\uA6DD\uA6DE\uA6DF\uA6EC"+ + "\uA6ED\uA6F3\u2505\u2506\u2507\u2508\u2509\u250A")+ "\u250B\u250C\u250D\u250E\u250F\u2510\u2511\u2512"+ "\u2513\u2514\u2515\u2516\u2517\u2518\u2519\u251A"+ "\uA955\uA6F2\u251B\uA6F4\uA6F5\uA6E0\uA6E1\uA6F0"+ @@ -12341,6 +12372,7 @@ private CoderResult decodeArrayLoop(ByteBuffer src, dp = (dp <= dl ? dp : dl); int inputSize = 1; + boolean isGB18030_2000 = ExtendedCharsets.IS_2000(); try { while (sp < sl) { @@ -12409,8 +12441,13 @@ else if (byte2 == 0x7f || byte2 == 0xff || // BMP Ranges if (offset <= 0x4A62) da[dp++] = getChar(offset); - else if (offset > 0x4A62 && offset <= 0x82BC) - da[dp++] = (char)(offset + 0x5543); + else if (offset > 0x4A62 && offset <= 0x82BC) { + if (offset >= 0x4A71 && offset <= 0x4A78 && !isGB18030_2000) { + da[dp++] = getChar(offset); + } else { + da[dp++] = (char)(offset + 0x5543); + } + } else if (offset >= 0x82BD && offset <= 0x830D) da[dp++] = getChar(offset); else if (offset >= 0x830D && offset <= 0x93A8) @@ -12445,7 +12482,7 @@ private CoderResult decodeBufferLoop(ByteBuffer src, CharBuffer dst) { int mark = src.position(); - + boolean isGB18030_2000 = ExtendedCharsets.IS_2000(); try { while (src.hasRemaining()) { int byte1 = 0, byte2 = 0, byte3 = 0, byte4 = 0; @@ -12512,8 +12549,13 @@ else if (byte2 == 0x7f || byte2 == 0xff || // BMP Ranges if (offset <= 0x4A62) dst.put(getChar(offset)); - else if (offset > 0x4A62 && offset <= 0x82BC) - dst.put((char)(offset + 0x5543)); + else if (offset > 0x4A62 && offset <= 0x82BC) { + if (offset >= 0x4A71 && offset <= 0x4A78 && !isGB18030_2000) { + dst.put(getChar(offset)); + } else { + dst.put((char)(offset + 0x5543)); + } + } else if (offset >= 0x82BD && offset <= 0x830D) dst.put(getChar(offset)); else if (offset >= 0x830D && offset <= 0x93A8) @@ -12595,6 +12637,7 @@ private CoderResult encodeArrayLoop(CharBuffer src, int condensedKey = 0; // expands to a four byte sequence int hiByte = 0, loByte = 0; currentState = GB18030_DOUBLE_BYTE; + boolean isGB18030_2000 = ExtendedCharsets.IS_2000(); try { while (sp < sl) { @@ -12626,15 +12669,33 @@ else if (c <= 0xA4C6 || c >= 0xE000) { condensedKey = (hiByte - 0x20) * 256 + loByte; - if (c >= 0xE000 && c < 0xF900) + if (c >= 0xE000 && c < 0xF900) { + if (isGB18030_2000) { condensedKey += 0x82BD; + } else { + switch (c) { + case 0xE7C7: + case 0xE81E: + case 0xE826: + case 0xE82B: + case 0xE82C: + case 0xE832: + case 0xE843: + case 0xE854: + case 0xE864: + break; + default: + condensedKey += 0x82BD; + }; + } + } else if (c >= 0xF900) - condensedKey += 0x93A9; + condensedKey += 0x93A9; if (hiByte > 0x80) - currentState = GB18030_DOUBLE_BYTE; + currentState = GB18030_DOUBLE_BYTE; else - currentState = GB18030_FOUR_BYTE; + currentState = GB18030_FOUR_BYTE; } else if (c >= 0xA4C7 && c <= 0xD7FF) { condensedKey = c - 0x5543; @@ -12677,7 +12738,7 @@ else if (c >= 0xA4C7 && c <= 0xD7FF) { } sp += inputSize; } - return CoderResult.UNDERFLOW; + return CoderResult.UNDERFLOW; } finally { src.position(sp - src.arrayOffset()); dst.position(dp - dst.arrayOffset()); @@ -12691,6 +12752,7 @@ private CoderResult encodeBufferLoop(CharBuffer src, int hiByte = 0, loByte = 0; currentState = GB18030_DOUBLE_BYTE; int mark = src.position(); + boolean isGB18030_2000 = ExtendedCharsets.IS_2000(); try { while (src.hasRemaining()) { char c = src.get(); @@ -12717,15 +12779,33 @@ else if (c <= 0xA4C6 || c >= 0xE000) { condensedKey = (hiByte - 0x20) * 256 + loByte; - if (c >= 0xE000 && c < 0xF900) + if (c >= 0xE000 && c < 0xF900) { + if (isGB18030_2000) { condensedKey += 0x82BD; + } else { + switch (c) { + case 0xE7C7: + case 0xE81E: + case 0xE826: + case 0xE82B: + case 0xE82C: + case 0xE832: + case 0xE843: + case 0xE854: + case 0xE864: + break; + default: + condensedKey += 0x82BD; + }; + } + } else if (c >= 0xF900) - condensedKey += 0x93A9; + condensedKey += 0x93A9; if (hiByte > 0x80) - currentState = GB18030_DOUBLE_BYTE; + currentState = GB18030_DOUBLE_BYTE; else - currentState = GB18030_FOUR_BYTE; + currentState = GB18030_FOUR_BYTE; } else if (c >= 0xA4C7 && c <= 0xD7FF) { condensedKey = c - 0x5543; diff --git a/jdk/test/java/nio/charset/Charset/RegisteredCharsets.java b/jdk/test/java/nio/charset/Charset/RegisteredCharsets.java index b7a4b250713..12020ce41c9 100644 --- a/jdk/test/java/nio/charset/Charset/RegisteredCharsets.java +++ b/jdk/test/java/nio/charset/Charset/RegisteredCharsets.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,8 +22,11 @@ */ /* @test - * @bug 4473201 4696726 4652234 4482298 4784385 4966197 4267354 5015668 6911753 + * @bug 4473201 4696726 4652234 4482298 4784385 4966197 4267354 5015668 + 6911753 8071447 8301119 * @summary Check that registered charsets are actually registered + * @run main RegisteredCharsets + * @run main/othervm -Djdk.charset.GB18030=2000 RegisteredCharsets */ import java.io.*; @@ -250,8 +253,12 @@ public static void main(String[] args) throws Exception { }); aliasCheck("GB18030", + "2000".equals(System.getProperty("jdk.charset.GB18030")) ? new String[] { "gb18030-2000" + } : + new String[] { + "gb18030-2022" }); aliasCheck("ISO-2022-KR", new String[] {"csISO2022KR"}); diff --git a/jdk/test/lib/testlibrary/jdk/testlibrary/Utils.java b/jdk/test/lib/testlibrary/jdk/testlibrary/Utils.java index 31bfeea36cc..8a315537927 100644 --- a/jdk/test/lib/testlibrary/jdk/testlibrary/Utils.java +++ b/jdk/test/lib/testlibrary/jdk/testlibrary/Utils.java @@ -34,17 +34,20 @@ import java.net.InetAddress; import java.net.ServerSocket; import java.net.UnknownHostException; + +import java.util.Arrays; import java.util.ArrayList; +import java.util.Collections; +import java.util.HashSet; import java.util.List; -import java.util.Arrays; import java.util.LinkedList; +import java.util.Objects; +import java.util.Set; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; import java.nio.file.attribute.FileAttribute; -import java.util.Collections; -import java.util.Objects; import java.util.regex.Pattern; import java.util.regex.Matcher; import java.util.concurrent.TimeUnit; @@ -464,4 +467,728 @@ public static Path createTempDirectory(String prefix, FileAttribute... attrs) Path dir = Paths.get(System.getProperty("user.dir", ".")); return Files.createTempDirectory(dir, prefix); } + + /* + List.of implementations + These methods are intended to provide replacements + for the use of List.of() methods in backports, + using existing 8u methods. The returned collections + share the key property of the List.of collections + in being unmodifiable, but may not be equivalent + with regard to other properties such as serialization + and access order. + */ + + /** + * Returns an unmodifiable list containing zero elements. + * + * @param the {@code List}'s element type + * @return an empty {@code List} + */ + public static List listOf() { + return Collections.emptyList(); + } + + /** + * Returns an unmodifiable list containing one element. + * + * @param the {@code List}'s element type + * @param e1 the single element + * @return a {@code List} containing the specified element + * @throws NullPointerException if the element is {@code null} + */ + public static List listOf(E e1) { + Objects.requireNonNull(e1, "e1"); + return Collections.singletonList(e1); + } + + /** + * Returns an unmodifiable list containing two elements. + * + * @param the {@code List}'s element type + * @param e1 the first element + * @param e2 the second element + * @return a {@code List} containing the specified elements + * @throws NullPointerException if an element is {@code null} + */ + public static List listOf(E e1, E e2) { + Objects.requireNonNull(e1, "e1"); + Objects.requireNonNull(e2, "e2"); + List l = new ArrayList<>(2); + l.add(e1); + l.add(e2); + return Collections.unmodifiableList(l); + } + + /** + * Returns an unmodifiable list containing three elements. + * + * @param the {@code List}'s element type + * @param e1 the first element + * @param e2 the second element + * @param e3 the third element + * @return a {@code List} containing the specified elements + * @throws NullPointerException if an element is {@code null} + */ + public static List listOf(E e1, E e2, E e3) { + Objects.requireNonNull(e1, "e1"); + Objects.requireNonNull(e2, "e2"); + Objects.requireNonNull(e3, "e3"); + List l = new ArrayList<>(3); + l.add(e1); + l.add(e2); + l.add(e3); + return Collections.unmodifiableList(l); + } + + /** + * Returns an unmodifiable list containing four elements. + * + * @param the {@code List}'s element type + * @param e1 the first element + * @param e2 the second element + * @param e3 the third element + * @param e4 the fourth element + * @return a {@code List} containing the specified elements + * @throws NullPointerException if an element is {@code null} + */ + public static List listOf(E e1, E e2, E e3, E e4) { + Objects.requireNonNull(e1, "e1"); + Objects.requireNonNull(e2, "e2"); + Objects.requireNonNull(e3, "e3"); + Objects.requireNonNull(e4, "e4"); + List l = new ArrayList<>(4); + l.add(e1); + l.add(e2); + l.add(e3); + l.add(e4); + return Collections.unmodifiableList(l); + } + + /** + * Returns an unmodifiable list containing five elements. + * + * @param the {@code List}'s element type + * @param e1 the first element + * @param e2 the second element + * @param e3 the third element + * @param e4 the fourth element + * @param e5 the fifth element + * @return a {@code List} containing the specified elements + * @throws NullPointerException if an element is {@code null} + */ + public static List listOf(E e1, E e2, E e3, E e4, E e5) { + Objects.requireNonNull(e1, "e1"); + Objects.requireNonNull(e2, "e2"); + Objects.requireNonNull(e3, "e3"); + Objects.requireNonNull(e4, "e4"); + Objects.requireNonNull(e5, "e5"); + List l = new ArrayList<>(5); + l.add(e1); + l.add(e2); + l.add(e3); + l.add(e4); + l.add(e5); + return Collections.unmodifiableList(l); + } + + /** + * Returns an unmodifiable list containing six elements. + * + * @param the {@code List}'s element type + * @param e1 the first element + * @param e2 the second element + * @param e3 the third element + * @param e4 the fourth element + * @param e5 the fifth element + * @param e6 the sixth element + * @return a {@code List} containing the specified elements + * @throws NullPointerException if an element is {@code null} + */ + public static List listOf(E e1, E e2, E e3, E e4, E e5, E e6) { + Objects.requireNonNull(e1, "e1"); + Objects.requireNonNull(e2, "e2"); + Objects.requireNonNull(e3, "e3"); + Objects.requireNonNull(e4, "e4"); + Objects.requireNonNull(e5, "e5"); + Objects.requireNonNull(e6, "e6"); + List l = new ArrayList<>(6); + l.add(e1); + l.add(e2); + l.add(e3); + l.add(e4); + l.add(e5); + l.add(e6); + return Collections.unmodifiableList(l); + } + + /** + * Returns an unmodifiable list containing seven elements. + * + * @param the {@code List}'s element type + * @param e1 the first element + * @param e2 the second element + * @param e3 the third element + * @param e4 the fourth element + * @param e5 the fifth element + * @param e6 the sixth element + * @param e7 the seventh element + * @return a {@code List} containing the specified elements + * @throws NullPointerException if an element is {@code null} + */ + public static List listOf(E e1, E e2, E e3, E e4, E e5, E e6, E e7) { + Objects.requireNonNull(e1, "e1"); + Objects.requireNonNull(e2, "e2"); + Objects.requireNonNull(e3, "e3"); + Objects.requireNonNull(e4, "e4"); + Objects.requireNonNull(e5, "e5"); + Objects.requireNonNull(e6, "e6"); + Objects.requireNonNull(e7, "e7"); + List l = new ArrayList<>(7); + l.add(e1); + l.add(e2); + l.add(e3); + l.add(e4); + l.add(e5); + l.add(e6); + l.add(e7); + return Collections.unmodifiableList(l); + } + + /** + * Returns an unmodifiable list containing eight elements. + * + * @param the {@code List}'s element type + * @param e1 the first element + * @param e2 the second element + * @param e3 the third element + * @param e4 the fourth element + * @param e5 the fifth element + * @param e6 the sixth element + * @param e7 the seventh element + * @param e8 the eighth element + * @return a {@code List} containing the specified elements + * @throws NullPointerException if an element is {@code null} + */ + public static List listOf(E e1, E e2, E e3, E e4, E e5, E e6, E e7, E e8) { + Objects.requireNonNull(e1, "e1"); + Objects.requireNonNull(e2, "e2"); + Objects.requireNonNull(e3, "e3"); + Objects.requireNonNull(e4, "e4"); + Objects.requireNonNull(e5, "e5"); + Objects.requireNonNull(e6, "e6"); + Objects.requireNonNull(e7, "e7"); + Objects.requireNonNull(e8, "e8"); + List l = new ArrayList<>(8); + l.add(e1); + l.add(e2); + l.add(e3); + l.add(e4); + l.add(e5); + l.add(e6); + l.add(e7); + l.add(e8); + return Collections.unmodifiableList(l); + } + + /** + * Returns an unmodifiable list containing nine elements. + * + * @param the {@code List}'s element type + * @param e1 the first element + * @param e2 the second element + * @param e3 the third element + * @param e4 the fourth element + * @param e5 the fifth element + * @param e6 the sixth element + * @param e7 the seventh element + * @param e8 the eighth element + * @param e9 the ninth element + * @return a {@code List} containing the specified elements + * @throws NullPointerException if an element is {@code null} + */ + public static List listOf(E e1, E e2, E e3, E e4, E e5, E e6, E e7, E e8, E e9) { + Objects.requireNonNull(e1, "e1"); + Objects.requireNonNull(e2, "e2"); + Objects.requireNonNull(e3, "e3"); + Objects.requireNonNull(e4, "e4"); + Objects.requireNonNull(e5, "e5"); + Objects.requireNonNull(e6, "e6"); + Objects.requireNonNull(e7, "e7"); + Objects.requireNonNull(e8, "e8"); + Objects.requireNonNull(e9, "e9"); + List l = new ArrayList<>(9); + l.add(e1); + l.add(e2); + l.add(e3); + l.add(e4); + l.add(e5); + l.add(e6); + l.add(e7); + l.add(e8); + l.add(e9); + return Collections.unmodifiableList(l); + } + + /** + * Returns an unmodifiable list containing ten elements. + * + * @param the {@code List}'s element type + * @param e1 the first element + * @param e2 the second element + * @param e3 the third element + * @param e4 the fourth element + * @param e5 the fifth element + * @param e6 the sixth element + * @param e7 the seventh element + * @param e8 the eighth element + * @param e9 the ninth element + * @param e10 the tenth element + * @return a {@code List} containing the specified elements + * @throws NullPointerException if an element is {@code null} + */ + public static List listOf(E e1, E e2, E e3, E e4, E e5, E e6, E e7, E e8, E e9, E e10) { + Objects.requireNonNull(e1, "e1"); + Objects.requireNonNull(e2, "e2"); + Objects.requireNonNull(e3, "e3"); + Objects.requireNonNull(e4, "e4"); + Objects.requireNonNull(e5, "e5"); + Objects.requireNonNull(e6, "e6"); + Objects.requireNonNull(e7, "e7"); + Objects.requireNonNull(e8, "e8"); + Objects.requireNonNull(e9, "e9"); + Objects.requireNonNull(e10, "e10"); + List l = new ArrayList<>(10); + l.add(e1); + l.add(e2); + l.add(e3); + l.add(e4); + l.add(e5); + l.add(e6); + l.add(e7); + l.add(e8); + l.add(e9); + l.add(e10); + return Collections.unmodifiableList(l); + } + + /** + * Returns an unmodifiable list containing an arbitrary number of elements. + * + * @apiNote + * This method also accepts a single array as an argument. The element type of + * the resulting list will be the component type of the array, and the size of + * the list will be equal to the length of the array. To create a list with + * a single element that is an array, do the following: + * + * 
{@code
+     *     String[] array = ... ;
+     *     List list = Utils.listOf(array);
+     * }
+ * + * This will cause the {@link Utils#listOf(Object) listOf(E)} method + * to be invoked instead. + * + * @param the {@code List}'s element type + * @param elements the elements to be contained in the list + * @return a {@code List} containing the specified elements + * @throws NullPointerException if an element is {@code null} or if the array is {@code null} + */ + @SafeVarargs + @SuppressWarnings("varargs") + public static List listOf(E... elements) { + switch (elements.length) { // implicit null check of elements + case 0: + return listOf(); + case 1: + return listOf(elements[0]); + case 2: + return listOf(elements[0], elements[1]); + default: + for (int a = 0; a < elements.length; ++a) { + Objects.requireNonNull(elements[a], "e" + a); + } + return Collections.unmodifiableList(Arrays.asList(elements)); + } + } + + /* + Set.of implementations + These methods are intended to provide replacements + for the use of Set.of() methods in backports, + using existing 8u methods. The returned collections + share the key property of the Set.of collections + in being unmodifiable, but may not be equivalent + with regard to other properties such as serialization + and access order. + */ + + /** + * Returns an unmodifiable set containing zero elements. + * + * @param the {@code Set}'s element type + * @return an empty {@code Set} + */ + public static Set setOf() { + return Collections.emptySet(); + } + + /** + * Returns an unmodifiable set containing one element. + * + * @param the {@code Set}'s element type + * @param e1 the single element + * @return a {@code Set} containing the specified element + * @throws NullPointerException if the element is {@code null} + */ + public static Set setOf(E e1) { + Objects.requireNonNull(e1, "e1"); + + Set s = new HashSet<>(1); + if (!s.add(e1)) { throw new IllegalArgumentException("duplicate 1"); } + + return Collections.unmodifiableSet(s); + } + + /** + * Returns an unmodifiable set containing two elements. + * + * @param the {@code Set}'s element type + * @param e1 the first element + * @param e2 the second element + * @return a {@code Set} containing the specified elements + * @throws IllegalArgumentException if the elements are duplicates + * @throws NullPointerException if an element is {@code null} + */ + public static Set setOf(E e1, E e2) { + Objects.requireNonNull(e1, "e1"); + Objects.requireNonNull(e2, "e2"); + + Set s = new HashSet<>(2); + if (!s.add(e1)) { throw new IllegalArgumentException("duplicate 1"); } + if (!s.add(e2)) { throw new IllegalArgumentException("duplicate 2"); } + + return Collections.unmodifiableSet(s); + } + + /** + * Returns an unmodifiable set containing three elements. + * + * @param the {@code Set}'s element type + * @param e1 the first element + * @param e2 the second element + * @param e3 the third element + * @return a {@code Set} containing the specified elements + * @throws IllegalArgumentException if there are any duplicate elements + * @throws NullPointerException if an element is {@code null} + */ + public static Set setOf(E e1, E e2, E e3) { + Objects.requireNonNull(e1, "e1"); + Objects.requireNonNull(e2, "e2"); + Objects.requireNonNull(e3, "e3"); + + Set s = new HashSet<>(10); + if (!s.add(e1)) { throw new IllegalArgumentException("duplicate 1"); } + if (!s.add(e2)) { throw new IllegalArgumentException("duplicate 2"); } + if (!s.add(e3)) { throw new IllegalArgumentException("duplicate 3"); } + + return Collections.unmodifiableSet(s); + } + + /** + * Returns an unmodifiable set containing four elements. + * + * @param the {@code Set}'s element type + * @param e1 the first element + * @param e2 the second element + * @param e3 the third element + * @param e4 the fourth element + * @return a {@code Set} containing the specified elements + * @throws IllegalArgumentException if there are any duplicate elements + * @throws NullPointerException if an element is {@code null} + */ + public static Set setOf(E e1, E e2, E e3, E e4) { + Objects.requireNonNull(e1, "e1"); + Objects.requireNonNull(e2, "e2"); + Objects.requireNonNull(e3, "e3"); + Objects.requireNonNull(e4, "e4"); + + Set s = new HashSet<>(10); + if (!s.add(e1)) { throw new IllegalArgumentException("duplicate 1"); } + if (!s.add(e2)) { throw new IllegalArgumentException("duplicate 2"); } + if (!s.add(e3)) { throw new IllegalArgumentException("duplicate 3"); } + if (!s.add(e4)) { throw new IllegalArgumentException("duplicate 4"); } + + return Collections.unmodifiableSet(s); + } + + /** + * Returns an unmodifiable set containing five elements. + * + * @param the {@code Set}'s element type + * @param e1 the first element + * @param e2 the second element + * @param e3 the third element + * @param e4 the fourth element + * @param e5 the fifth element + * @return a {@code Set} containing the specified elements + * @throws IllegalArgumentException if there are any duplicate elements + * @throws NullPointerException if an element is {@code null} + */ + public static Set setOf(E e1, E e2, E e3, E e4, E e5) { + Objects.requireNonNull(e1, "e1"); + Objects.requireNonNull(e2, "e2"); + Objects.requireNonNull(e3, "e3"); + Objects.requireNonNull(e4, "e4"); + Objects.requireNonNull(e5, "e5"); + + Set s = new HashSet<>(10); + if (!s.add(e1)) { throw new IllegalArgumentException("duplicate 1"); } + if (!s.add(e2)) { throw new IllegalArgumentException("duplicate 2"); } + if (!s.add(e3)) { throw new IllegalArgumentException("duplicate 3"); } + if (!s.add(e4)) { throw new IllegalArgumentException("duplicate 4"); } + if (!s.add(e5)) { throw new IllegalArgumentException("duplicate 5"); } + + return Collections.unmodifiableSet(s); + } + + /** + * Returns an unmodifiable set containing six elements. + * + * @param the {@code Set}'s element type + * @param e1 the first element + * @param e2 the second element + * @param e3 the third element + * @param e4 the fourth element + * @param e5 the fifth element + * @param e6 the sixth element + * @return a {@code Set} containing the specified elements + * @throws IllegalArgumentException if there are any duplicate elements + * @throws NullPointerException if an element is {@code null} + */ + public static Set setOf(E e1, E e2, E e3, E e4, E e5, E e6) { + Objects.requireNonNull(e1, "e1"); + Objects.requireNonNull(e2, "e2"); + Objects.requireNonNull(e3, "e3"); + Objects.requireNonNull(e4, "e4"); + Objects.requireNonNull(e5, "e5"); + Objects.requireNonNull(e6, "e6"); + + Set s = new HashSet<>(10); + if (!s.add(e1)) { throw new IllegalArgumentException("duplicate 1"); } + if (!s.add(e2)) { throw new IllegalArgumentException("duplicate 2"); } + if (!s.add(e3)) { throw new IllegalArgumentException("duplicate 3"); } + if (!s.add(e4)) { throw new IllegalArgumentException("duplicate 4"); } + if (!s.add(e5)) { throw new IllegalArgumentException("duplicate 5"); } + if (!s.add(e6)) { throw new IllegalArgumentException("duplicate 6"); } + + return Collections.unmodifiableSet(s); + } + + /** + * Returns an unmodifiable set containing seven elements. + * + * @param the {@code Set}'s element type + * @param e1 the first element + * @param e2 the second element + * @param e3 the third element + * @param e4 the fourth element + * @param e5 the fifth element + * @param e6 the sixth element + * @param e7 the seventh element + * @return a {@code Set} containing the specified elements + * @throws IllegalArgumentException if there are any duplicate elements + * @throws NullPointerException if an element is {@code null} + */ + public static Set setOf(E e1, E e2, E e3, E e4, E e5, E e6, E e7) { + Objects.requireNonNull(e1, "e1"); + Objects.requireNonNull(e2, "e2"); + Objects.requireNonNull(e3, "e3"); + Objects.requireNonNull(e4, "e4"); + Objects.requireNonNull(e5, "e5"); + Objects.requireNonNull(e6, "e6"); + Objects.requireNonNull(e7, "e7"); + + Set s = new HashSet<>(10); + if (!s.add(e1)) { throw new IllegalArgumentException("duplicate 1"); } + if (!s.add(e2)) { throw new IllegalArgumentException("duplicate 2"); } + if (!s.add(e3)) { throw new IllegalArgumentException("duplicate 3"); } + if (!s.add(e4)) { throw new IllegalArgumentException("duplicate 4"); } + if (!s.add(e5)) { throw new IllegalArgumentException("duplicate 5"); } + if (!s.add(e6)) { throw new IllegalArgumentException("duplicate 6"); } + if (!s.add(e7)) { throw new IllegalArgumentException("duplicate 7"); } + + return Collections.unmodifiableSet(s); + } + + /** + * Returns an unmodifiable set containing eight elements. + * + * @param the {@code Set}'s element type + * @param e1 the first element + * @param e2 the second element + * @param e3 the third element + * @param e4 the fourth element + * @param e5 the fifth element + * @param e6 the sixth element + * @param e7 the seventh element + * @param e8 the eighth element + * @return a {@code Set} containing the specified elements + * @throws IllegalArgumentException if there are any duplicate elements + * @throws NullPointerException if an element is {@code null} + */ + public static Set setOf(E e1, E e2, E e3, E e4, E e5, E e6, E e7, E e8) { + Objects.requireNonNull(e1, "e1"); + Objects.requireNonNull(e2, "e2"); + Objects.requireNonNull(e3, "e3"); + Objects.requireNonNull(e4, "e4"); + Objects.requireNonNull(e5, "e5"); + Objects.requireNonNull(e6, "e6"); + Objects.requireNonNull(e7, "e7"); + Objects.requireNonNull(e8, "e8"); + + Set s = new HashSet<>(10); + if (!s.add(e1)) { throw new IllegalArgumentException("duplicate 1"); } + if (!s.add(e2)) { throw new IllegalArgumentException("duplicate 2"); } + if (!s.add(e3)) { throw new IllegalArgumentException("duplicate 3"); } + if (!s.add(e4)) { throw new IllegalArgumentException("duplicate 4"); } + if (!s.add(e5)) { throw new IllegalArgumentException("duplicate 5"); } + if (!s.add(e6)) { throw new IllegalArgumentException("duplicate 6"); } + if (!s.add(e7)) { throw new IllegalArgumentException("duplicate 7"); } + if (!s.add(e8)) { throw new IllegalArgumentException("duplicate 8"); } + + return Collections.unmodifiableSet(s); + } + + /** + * Returns an unmodifiable set containing nine elements. + * + * @param the {@code Set}'s element type + * @param e1 the first element + * @param e2 the second element + * @param e3 the third element + * @param e4 the fourth element + * @param e5 the fifth element + * @param e6 the sixth element + * @param e7 the seventh element + * @param e8 the eighth element + * @param e9 the ninth element + * @return a {@code Set} containing the specified elements + * @throws IllegalArgumentException if there are any duplicate elements + * @throws NullPointerException if an element is {@code null} + */ + public static Set setOf(E e1, E e2, E e3, E e4, E e5, E e6, E e7, E e8, E e9) { + Objects.requireNonNull(e1, "e1"); + Objects.requireNonNull(e2, "e2"); + Objects.requireNonNull(e3, "e3"); + Objects.requireNonNull(e4, "e4"); + Objects.requireNonNull(e5, "e5"); + Objects.requireNonNull(e6, "e6"); + Objects.requireNonNull(e7, "e7"); + Objects.requireNonNull(e8, "e8"); + Objects.requireNonNull(e9, "e9"); + + Set s = new HashSet<>(10); + if (!s.add(e1)) { throw new IllegalArgumentException("duplicate 1"); } + if (!s.add(e2)) { throw new IllegalArgumentException("duplicate 2"); } + if (!s.add(e3)) { throw new IllegalArgumentException("duplicate 3"); } + if (!s.add(e4)) { throw new IllegalArgumentException("duplicate 4"); } + if (!s.add(e5)) { throw new IllegalArgumentException("duplicate 5"); } + if (!s.add(e6)) { throw new IllegalArgumentException("duplicate 6"); } + if (!s.add(e7)) { throw new IllegalArgumentException("duplicate 7"); } + if (!s.add(e8)) { throw new IllegalArgumentException("duplicate 8"); } + if (!s.add(e9)) { throw new IllegalArgumentException("duplicate 9"); } + + return Collections.unmodifiableSet(s); + } + + /** + * Returns an unmodifiable set containing ten elements. + * + * @param the {@code Set}'s element type + * @param e1 the first element + * @param e2 the second element + * @param e3 the third element + * @param e4 the fourth element + * @param e5 the fifth element + * @param e6 the sixth element + * @param e7 the seventh element + * @param e8 the eighth element + * @param e9 the ninth element + * @param e10 the tenth element + * @return a {@code Set} containing the specified elements + * @throws IllegalArgumentException if there are any duplicate elements + * @throws NullPointerException if an element is {@code null} + */ + public static Set setOf(E e1, E e2, E e3, E e4, E e5, E e6, E e7, E e8, E e9, E e10) { + Objects.requireNonNull(e1, "e1"); + Objects.requireNonNull(e2, "e2"); + Objects.requireNonNull(e3, "e3"); + Objects.requireNonNull(e4, "e4"); + Objects.requireNonNull(e5, "e5"); + Objects.requireNonNull(e6, "e6"); + Objects.requireNonNull(e7, "e7"); + Objects.requireNonNull(e8, "e8"); + Objects.requireNonNull(e9, "e9"); + Objects.requireNonNull(e10, "e10"); + + Set s = new HashSet<>(10); + if (!s.add(e1)) { throw new IllegalArgumentException("duplicate 1"); } + if (!s.add(e2)) { throw new IllegalArgumentException("duplicate 2"); } + if (!s.add(e3)) { throw new IllegalArgumentException("duplicate 3"); } + if (!s.add(e4)) { throw new IllegalArgumentException("duplicate 4"); } + if (!s.add(e5)) { throw new IllegalArgumentException("duplicate 5"); } + if (!s.add(e6)) { throw new IllegalArgumentException("duplicate 6"); } + if (!s.add(e7)) { throw new IllegalArgumentException("duplicate 7"); } + if (!s.add(e8)) { throw new IllegalArgumentException("duplicate 8"); } + if (!s.add(e9)) { throw new IllegalArgumentException("duplicate 9"); } + if (!s.add(e10)) { throw new IllegalArgumentException("duplicate 10"); } + + return Collections.unmodifiableSet(s); + } + + /** + * Returns an unmodifiable set containing an arbitrary number of elements. + * + * @apiNote + * This method also accepts a single array as an argument. The element type of + * the resulting set will be the component type of the array, and the size of + * the set will be equal to the length of the array. To create a set with + * a single element that is an array, do the following: + * + * 
{@code
+     *     String[] array = ... ;
+     *     Set list = Utils.setOf(array);
+     * }
+ * + * This will cause the {@link Utils#setOf(Object) Utils.setOf(E)} method + * to be invoked instead. + * + * @param the {@code Set}'s element type + * @param elements the elements to be contained in the set + * @return a {@code Set} containing the specified elements + * @throws IllegalArgumentException if there are any duplicate elements + * @throws NullPointerException if an element is {@code null} or if the array is {@code null} + */ + @SafeVarargs + @SuppressWarnings("varargs") + public static Set setOf(E... elements) { + switch (elements.length) { // implicit null check of elements + case 0: + return setOf(); + case 1: + return setOf(elements[0]); + case 2: + return setOf(elements[1]); + default: + Set s = new HashSet<>(elements.length); + for (int a = 0; a < elements.length; ++a) { + Objects.requireNonNull(elements[a], "e" + a); + if (!s.add(elements[a])) { + throw new IllegalArgumentException("duplicate " + a); + } + } + return Collections.unmodifiableSet(s); + } + } } diff --git a/jdk/test/sun/nio/cs/TestGB18030.java b/jdk/test/sun/nio/cs/TestGB18030.java index d7183967058..5bf6959aefa 100644 --- a/jdk/test/sun/nio/cs/TestGB18030.java +++ b/jdk/test/sun/nio/cs/TestGB18030.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,20 +22,24 @@ */ /* @test - * @bug 8211382 + * @bug 8211382 8301119 * @summary Check GB18030 - * @modules jdk.charsets + * @library /lib/testlibrary + * @build jdk.testlibrary.Utils + * @run main TestGB18030 + * @run main/othervm -Djdk.charset.GB18030=2000 TestGB18030 */ -import java.io.*; import java.nio.*; import java.nio.charset.*; +import java.util.Set; +import jdk.testlibrary.Utils; public class TestGB18030 { + private static final Charset cs = Charset.forName("GB18030"); public static void gb18030_1(boolean useDirect) throws Exception { for(char ch : new char[]{'\uFFFE', '\uFFFF'}) { char[] ca = new char[]{ch}; - Charset cs = Charset.forName("GB18030"); CharsetEncoder ce = cs.newEncoder(); CharsetDecoder cd = cs.newDecoder(); CharBuffer cb = CharBuffer.wrap(ca); @@ -75,8 +79,19 @@ public static void gb18030_1(boolean useDirect) throws Exception { } } } + + static void checkAlias() { + boolean IS_2000 = "2000".equals(System.getProperty("jdk.charset.GB18030")); + Set expected = IS_2000 ? Utils.setOf("gb18030-2000") : Utils.setOf("gb18030-2022"); + Set found = cs.aliases(); + System.out.printf("checkAlias(): IS_2000: %s, expected: %s, found: %s\n", IS_2000, expected, found); + if (!cs.aliases().equals(expected)) { + throw new RuntimeException("Result mismatch"); + } + } public static void main(String args[]) throws Exception { gb18030_1(false); gb18030_1(true); + checkAlias(); } } diff --git a/jdk/test/sun/nio/cs/mapping/CoderTest.java b/jdk/test/sun/nio/cs/mapping/CoderTest.java index f5c3f615c27..5cbb6857077 100644 --- a/jdk/test/sun/nio/cs/mapping/CoderTest.java +++ b/jdk/test/sun/nio/cs/mapping/CoderTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,8 +22,10 @@ */ /* @test - @bug 4691554 6221056 6380723 6404504 6419565 6529796 + @bug 4691554 6221056 6380723 6404504 6419565 6529796 8301119 @summary Test the supported New I/O coders + @run main CoderTest + @run main/othervm -Djdk.charset.GB18030=2000 CoderTest */ import java.io.*; @@ -55,6 +57,9 @@ public class CoderTest { ".c2b-irreversible", ".b2c-irreversible" }; + private static final boolean IS_2000 = + "2000".equals(System.getProperty("jdk.charset.GB18030")); + // Utilities private static ByteBuffer expand(ByteBuffer bb) { @@ -465,7 +470,12 @@ private boolean run() throws Exception { // Outer loop runs three passes: roundtrip, irreversible encodings, // and then irreversible decodings for (int mode = ROUNDTRIP; mode <= DECODE; mode++) { - File f = testFile(encoding, mode); + String fileName = encoding; + if (fileName.equals("GB18030") && IS_2000) { + // tweak the map file name + fileName = "GB18030_2000"; + } + File f = testFile(fileName, mode); if (f == null) continue; loadTests(f); diff --git a/jdk/test/sun/nio/cs/mapping/GB18030.b2c b/jdk/test/sun/nio/cs/mapping/GB18030.b2c index 7bf135cbc35..955d1306aed 100644 --- a/jdk/test/sun/nio/cs/mapping/GB18030.b2c +++ b/jdk/test/sun/nio/cs/mapping/GB18030.b2c @@ -1,3 +1,4 @@ +# based on GB18030-2022 mapping 00 0000 01 0001 02 0002 @@ -7741,7 +7742,7 @@ A7D7 0451 8135F434 1E3C 8135F435 1E3D 8135F436 1E3E -8135F437 1E3F +A8BC 1E3F 8135F438 1E40 8135F439 1E41 8135F530 1E42 @@ -40882,14 +40883,14 @@ FD9B 9FA5 82359034 9FB1 82359035 9FB2 82359036 9FB3 -82359037 9FB4 -82359038 9FB5 -82359039 9FB6 -82359130 9FB7 -82359131 9FB8 -82359132 9FB9 -82359133 9FBA -82359134 9FBB +82359037 E81E +82359038 E826 +82359039 E82B +82359130 E82C +82359131 E832 +82359132 E843 +82359133 E854 +82359134 E864 82359135 9FBC 82359136 9FBD 82359137 9FBE @@ -57227,16 +57228,16 @@ A6BD E789 A6BE E78A A6BF E78B A6C0 E78C -A6D9 E78D -A6DA E78E -A6DB E78F -A6DC E790 -A6DD E791 -A6DE E792 -A6DF E793 -A6EC E794 -A6ED E795 -A6F3 E796 +A6D9 FE10 +A6DA FE12 +A6DB FE11 +A6DC FE13 +A6DD FE14 +A6DE FE15 +A6DF FE16 +A6EC FE17 +A6ED FE18 +A6F3 FE19 A6F6 E797 A6F7 E798 A6F8 E799 @@ -57285,7 +57286,7 @@ A89D E7C3 A89E E7C4 A89F E7C5 A8A0 E7C6 -A8BC E7C7 +8135F437 E7C7 8336C830 E7C8 A8C1 E7C9 A8C2 E7CA @@ -57372,7 +57373,7 @@ FE53 E818 8336C937 E81B 8336C938 E81C 8336C939 E81D -FE59 E81E +FE59 9FB4 8336CA30 E81F 8336CA31 E820 8336CA32 E821 @@ -57380,19 +57381,19 @@ FE59 E81E 8336CA34 E823 8336CA35 E824 8336CA36 E825 -FE61 E826 +FE61 9FB5 8336CA37 E827 8336CA38 E828 8336CA39 E829 8336CB30 E82A -FE66 E82B -FE67 E82C +FE66 9FB6 +FE67 9FB7 8336CB31 E82D 8336CB32 E82E 8336CB33 E82F 8336CB34 E830 FE6C E831 -FE6D E832 +FE6D 9FB8 8336CB35 E833 8336CB36 E834 8336CB37 E835 @@ -57409,7 +57410,7 @@ FE76 E83B 8336CC37 E840 8336CC38 E841 8336CC39 E842 -FE7E E843 +FE7E 9FB9 8336CD30 E844 8336CD31 E845 8336CD32 E846 @@ -57426,7 +57427,7 @@ FE7E E843 8336CE33 E851 8336CE34 E852 8336CE35 E853 -FE90 E854 +FE90 9FBA FE91 E855 8336CE36 E856 8336CE37 E857 @@ -57442,7 +57443,7 @@ FE91 E855 8336CF37 E861 8336CF38 E862 8336CF39 E863 -FEA0 E864 +FEA0 9FBB 8336D030 E865 8336D031 E866 8336D032 E867 @@ -62990,16 +62991,16 @@ FE4F FA29 84318233 FE0D 84318234 FE0E 84318235 FE0F -84318236 FE10 -84318237 FE11 -84318238 FE12 -84318239 FE13 -84318330 FE14 -84318331 FE15 -84318332 FE16 -84318333 FE17 -84318334 FE18 -84318335 FE19 +84318236 E78D +84318237 E78F +84318238 E78E +84318239 E790 +84318330 E791 +84318331 E792 +84318332 E793 +84318333 E794 +84318334 E795 +84318335 E796 84318336 FE1A 84318337 FE1B 84318338 FE1C @@ -63484,5 +63485,5 @@ A3A4 FFE5 8431A435 FFFB 8431A436 FFFC 8431A437 FFFD -#8431A438 FFFE -#8431A439 FFFF +8431A438 FFFE +8431A439 FFFF diff --git a/jdk/make/data/charsetmapping/GB18030.map b/jdk/test/sun/nio/cs/mapping/GB18030_2000.b2c similarity index 99% rename from jdk/make/data/charsetmapping/GB18030.map rename to jdk/test/sun/nio/cs/mapping/GB18030_2000.b2c index 2303efc9a6b..8eeda1c6dbd 100644 --- a/jdk/make/data/charsetmapping/GB18030.map +++ b/jdk/test/sun/nio/cs/mapping/GB18030_2000.b2c @@ -1,6 +1,4 @@ -# GB18030.java is NOT generated from this mapping right now. This -# map is here for testing only. -# +# based on GB18030-2000 mapping 00 0000 01 0001 02 0002 From a039c8a5d98abb2223a02a9591e805891259221f Mon Sep 17 00:00:00 2001 From: Tobias Gesellchen Date: Mon, 7 Aug 2023 17:55:48 +0000 Subject: [PATCH 09/34] 8214046: [macosx] Undecorated Frame does not Iconify when set to Reviewed-by: phh, serb Backport-of: ab97f65242dad6ad1a7bfb8284954f202eb37369 --- jdk/src/macosx/native/sun/awt/AWTWindow.m | 2 +- .../NormalToIconified/NormalToIconifiedTest.java | 13 ++++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/jdk/src/macosx/native/sun/awt/AWTWindow.m b/jdk/src/macosx/native/sun/awt/AWTWindow.m index 92fff249ccf..0165750cd88 100644 --- a/jdk/src/macosx/native/sun/awt/AWTWindow.m +++ b/jdk/src/macosx/native/sun/awt/AWTWindow.m @@ -203,13 +203,13 @@ + (NSUInteger) styleMaskForStyleBits:(jint)styleBits { if (IS(styleBits, DECORATED)) { type |= NSTitledWindowMask; if (IS(styleBits, CLOSEABLE)) type |= NSClosableWindowMask; - if (IS(styleBits, MINIMIZABLE)) type |= NSMiniaturizableWindowMask; if (IS(styleBits, RESIZABLE)) type |= NSResizableWindowMask; if (IS(styleBits, FULL_WINDOW_CONTENT)) type |= NSFullSizeContentViewWindowMask; } else { type |= NSBorderlessWindowMask; } + if (IS(styleBits, MINIMIZABLE)) type |= NSMiniaturizableWindowMask; if (IS(styleBits, TEXTURED)) type |= NSTexturedBackgroundWindowMask; if (IS(styleBits, UNIFIED)) type |= NSUnifiedTitleAndToolbarWindowMask; if (IS(styleBits, UTILITY)) type |= NSUtilityWindowMask; diff --git a/jdk/test/java/awt/Frame/NormalToIconified/NormalToIconifiedTest.java b/jdk/test/java/awt/Frame/NormalToIconified/NormalToIconifiedTest.java index ca4c592ed1d..31e85c2b58a 100644 --- a/jdk/test/java/awt/Frame/NormalToIconified/NormalToIconifiedTest.java +++ b/jdk/test/java/awt/Frame/NormalToIconified/NormalToIconifiedTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /* * @test - * @bug 8171949 + * @bug 8171949 8214046 * @summary Tests that bitwise mask is set and state listener is notified during state transition. * @author Dmitry Markov * @library ../../regtesthelpers @@ -40,12 +40,19 @@ import test.java.awt.regtesthelpers.Util; public class NormalToIconifiedTest { - private static final AtomicBoolean listenerNotified = new AtomicBoolean(false); public static void main(String[] args) { + test(false); + test(true); + } + + private static void test(final boolean undecorated) { + AtomicBoolean listenerNotified = new AtomicBoolean(false); + Robot robot = Util.createRobot(); Frame testFrame = new Frame("Test Frame"); + testFrame.setUndecorated(undecorated); testFrame.setSize(200, 200); testFrame.addWindowStateListener(new WindowStateListener() { @Override From 893340a78b23b6dd6086a79d4d07cf220caaedc4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 9 Aug 2023 16:13:49 +0000 Subject: [PATCH 10/34] 8040887: [TESTBUG] Remove test/runtime/6925573/SortMethodsTest.java Removed test/runtime/6925573/SortMethodsTest.java Reviewed-by: phh Backport-of: db9dcbd63b412cbc9cbbf537585b63a5ccbe8d46 --- .../test/runtime/6925573/SortMethodsTest.java | 190 ------------------ 1 file changed, 190 deletions(-) delete mode 100644 hotspot/test/runtime/6925573/SortMethodsTest.java diff --git a/hotspot/test/runtime/6925573/SortMethodsTest.java b/hotspot/test/runtime/6925573/SortMethodsTest.java deleted file mode 100644 index 08b9c6c991a..00000000000 --- a/hotspot/test/runtime/6925573/SortMethodsTest.java +++ /dev/null @@ -1,190 +0,0 @@ -/* - * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - * - */ - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; -import java.io.PrintWriter; -import java.io.StringWriter; - -import java.lang.reflect.Method; -import java.net.URI; -import java.util.Arrays; -import java.util.Vector; - -import javax.tools.Diagnostic; -import javax.tools.DiagnosticCollector; -import javax.tools.FileObject; -import javax.tools.ForwardingJavaFileManager; -import javax.tools.JavaCompiler; -import javax.tools.JavaCompiler.CompilationTask; -import javax.tools.JavaFileManager; -import javax.tools.JavaFileObject; -import javax.tools.JavaFileObject.Kind; -import javax.tools.SimpleJavaFileObject; -import javax.tools.StandardJavaFileManager; -import javax.tools.ToolProvider; - -/* - * @test SortMethodsTest - * @bug 6925573 - * @summary verify that class loading does not need quadratic time with regard to the number of class -methods. - * @run main SortMethodsTest - * @author volker.simonis@gmail.com -*/ - -public class SortMethodsTest { - - static String createClass(String name, int nrOfMethods) { - StringWriter sw = new StringWriter(); - PrintWriter pw = new PrintWriter(sw); - pw.println("public class " + name + "{"); - for (int i = 0; i < nrOfMethods; i++) { - pw.println(" public void m" + i + "() {}"); - } - pw.println(" public static String sayHello() {"); - pw.println(" return \"Hello from class \" + " + name + - ".class.getName() + \" with \" + " + name + - ".class.getDeclaredMethods().length + \" methods\";"); - pw.println(" }"); - pw.println("}"); - pw.close(); - return sw.toString(); - } - - public static void main(String args[]) { - - JavaCompiler comp = ToolProvider.getSystemJavaCompiler(); - DiagnosticCollector diags = new DiagnosticCollector(); - final String cName = new String("ManyMethodsClass"); - Vector results = new Vector(); - - for (int i = 6; i < 600000; i*=10) { - String klass = createClass(cName, i); - JavaMemoryFileObject file = new JavaMemoryFileObject(cName, klass); - MemoryFileManager mfm = new MemoryFileManager(comp.getStandardFileManager(diags, null, null), file); - CompilationTask task = comp.getTask(null, mfm, diags, null, null, Arrays.asList(file)); - - if (task.call()) { - try { - MemoryClassLoader mcl = new MemoryClassLoader(file); - long start = System.nanoTime(); - Class c = Class.forName(cName, true, mcl); - long end = System.nanoTime(); - results.add(end - start); - Method m = c.getDeclaredMethod("sayHello", new Class[0]); - String ret = (String)m.invoke(null, new Object[0]); - System.out.println(ret + " (loaded and resloved in " + (end - start) + "ns)"); - } catch (Exception e) { - System.err.println(e); - } - } - else { - System.out.println(klass); - System.out.println(); - for (Diagnostic diag : diags.getDiagnostics()) { - System.out.println(diag.getCode() + "\n" + diag.getKind() + "\n" + diag.getPosition()); - System.out.println(diag.getSource() + "\n" + diag.getMessage(null)); - } - } - } - - long lastRatio = 0; - for (int i = 2; i < results.size(); i++) { - long normalized1 = Math.max(results.get(i-1) - results.get(0), 1); - long normalized2 = Math.max(results.get(i) - results.get(0), 1); - long ratio = normalized2/normalized1; - lastRatio = ratio; - System.out.println("10 x more methods requires " + ratio + " x more time"); - } - // The following is just vague estimation but seems to work on current x86_64 and sparcv9 machines - if (lastRatio > 80) { - throw new RuntimeException("ATTENTION: it seems that class loading needs quadratic time with regard to the number of class methods!!!"); - } - } -} - -class JavaMemoryFileObject extends SimpleJavaFileObject { - - private final String code; - private ByteArrayOutputStream byteCode; - - JavaMemoryFileObject(String name, String code) { - super(URI.create("string:///" + name.replace('.','/') + Kind.SOURCE.extension), Kind.SOURCE); - this.code = code; - } - - @Override - public CharSequence getCharContent(boolean ignoreEncodingErrors) { - return code; - } - - @Override - public OutputStream openOutputStream() { - byteCode = new ByteArrayOutputStream(); - return byteCode; - } - - byte[] getByteCode() { - return byteCode.toByteArray(); - } -} - -class MemoryClassLoader extends ClassLoader { - - private final JavaMemoryFileObject jfo; - - public MemoryClassLoader(JavaMemoryFileObject jfo) { - this.jfo = jfo; - } - - public Class findClass(String name) { - byte[] b = jfo.getByteCode(); - return defineClass(name, b, 0, b.length); - } -} - -class MemoryFileManager extends ForwardingJavaFileManager { - - private final JavaFileObject jfo; - - public MemoryFileManager(StandardJavaFileManager jfm, JavaFileObject jfo) { - super(jfm); - this.jfo = jfo; - } - - @Override - public FileObject getFileForInput(Location location, String packageName, - String relativeName) throws IOException { - return jfo; - } - - @Override - public JavaFileObject getJavaFileForOutput(Location location, String qualifiedName, - Kind kind, FileObject outputFile) throws IOException { - return jfo; - } - -} From 710481f9da9ed5253ed8db02320bd38e551caf46 Mon Sep 17 00:00:00 2001 From: sendaoYan Date: Wed, 9 Aug 2023 16:15:58 +0000 Subject: [PATCH 11/34] 8219804: java/net/MulticastSocket/Promiscuous.java fails intermittently due to NumberFormatException Reviewed-by: phh Backport-of: eccfec498d4062b582282f3b73bba84206a36046 --- .../java/net/MulticastSocket/Promiscuous.java | 42 +++++++++++++++---- 1 file changed, 33 insertions(+), 9 deletions(-) diff --git a/jdk/test/java/net/MulticastSocket/Promiscuous.java b/jdk/test/java/net/MulticastSocket/Promiscuous.java index ce0a1033156..f25c4f7410f 100644 --- a/jdk/test/java/net/MulticastSocket/Promiscuous.java +++ b/jdk/test/java/net/MulticastSocket/Promiscuous.java @@ -22,7 +22,7 @@ * /* @test - * @bug 8014499 + * @bug 8014499 8219804 * @summary Test for interference when two sockets are bound to the same * port but joined to different multicast groups * @run main Promiscuous @@ -30,6 +30,7 @@ */ import java.io.IOException; +import java.lang.management.ManagementFactory; import static java.lang.System.out; import java.net.*; @@ -42,11 +43,20 @@ static void receive(MulticastSocket mc, boolean datagramExpected, int id) throws IOException { byte[] ba = new byte[100]; - DatagramPacket p = new DatagramPacket(ba, ba.length); + DatagramPacket p; try { - mc.receive(p); - int recvId = Integer.parseInt( - new String(p.getData(), 0, p.getLength(), "UTF-8")); + String data = null; + while (true) { + p = new DatagramPacket(ba, ba.length); + mc.receive(p); + data = new String(p.getData(), 0, p.getLength(), "UTF-8"); + if (data.length() > UUID.length() && data.startsWith(UUID)) { + data = data.substring(UUID.length()); + break; + } + logUnexpected(p); + } + int recvId = Integer.parseInt(data); if (datagramExpected) { if (recvId != id) throw new RuntimeException("Unexpected id, got " + recvId @@ -65,6 +75,20 @@ static void receive(MulticastSocket mc, boolean datagramExpected, int id) } } + static void logUnexpected(DatagramPacket p) { + byte[] ba = p.getData(); + System.out.printf("Unexpected packet: length: %d. First three bytes: %d, %d, %d\n", + p.getLength(), ba[0], ba[1], ba[2]); + } + + static final String UUID; // process-id : currentTimeMillis + + static { + String s1 = ManagementFactory.getRuntimeMXBean().getName().split("@")[0]; + String s2 = Long.toString(System.currentTimeMillis()); + UUID = "<" + s1 + s2 + ">"; + } + static void test(InetAddress group1, InetAddress group2) throws IOException { @@ -77,7 +101,7 @@ static void test(InetAddress group1, InetAddress group2) mc1.setSoTimeout(TIMEOUT); mc2.setSoTimeout(TIMEOUT); int nextId = id; - byte[] msg = Integer.toString(nextId).getBytes("UTF-8"); + byte[] msg = (UUID + Integer.toString(nextId)).getBytes("UTF-8"); DatagramPacket p = new DatagramPacket(msg, msg.length); p.setAddress(group1); p.setPort(port); @@ -95,7 +119,7 @@ static void test(InetAddress group1, InetAddress group2) receive(mc2, false, 0); nextId = ++id; - msg = Integer.toString(nextId).getBytes("UTF-8"); + msg = (UUID + Integer.toString(nextId)).getBytes("UTF-8"); p = new DatagramPacket(msg, msg.length); p.setAddress(group2); p.setPort(port); @@ -129,8 +153,8 @@ public static void main(String args[]) throws IOException { } // multicast groups used for the test - InetAddress ip4Group1 = InetAddress.getByName("224.7.8.9"); - InetAddress ip4Group2 = InetAddress.getByName("225.4.5.6"); + InetAddress ip4Group1 = InetAddress.getByName("224.0.0.120"); + InetAddress ip4Group2 = InetAddress.getByName("224.0.0.121"); test(ip4Group1, ip4Group2); } From ab2d4274459fe503bded639de5e8b80aca056454 Mon Sep 17 00:00:00 2001 From: Sergey Bylokhov Date: Wed, 9 Aug 2023 16:47:05 +0000 Subject: [PATCH 12/34] 8232225: Rework the fix for JDK-8071483 Reviewed-by: phh Backport-of: e4b73897adf47467461634ceb786540f46aa9eb7 --- jdk/test/java/awt/{Color => ColorClass}/HeadlessColor.java | 0 .../awt/{Color => ColorClass}/OpacityChange/OpacityChange.java | 0 .../java/awt/{Color => color}/GetMinMaxValue_ICC_ColorSpace.java | 0 .../awt/{Color => color}/ICC_Profile/GetInstanceBrokenStream.java | 0 jdk/test/java/awt/{Color => color}/LoadProfileWithSM.java | 0 jdk/test/java/awt/{Color => color}/LoadStandardProfilesTest.java | 0 6 files changed, 0 insertions(+), 0 deletions(-) rename jdk/test/java/awt/{Color => ColorClass}/HeadlessColor.java (100%) rename jdk/test/java/awt/{Color => ColorClass}/OpacityChange/OpacityChange.java (100%) rename jdk/test/java/awt/{Color => color}/GetMinMaxValue_ICC_ColorSpace.java (100%) rename jdk/test/java/awt/{Color => color}/ICC_Profile/GetInstanceBrokenStream.java (100%) rename jdk/test/java/awt/{Color => color}/LoadProfileWithSM.java (100%) rename jdk/test/java/awt/{Color => color}/LoadStandardProfilesTest.java (100%) diff --git a/jdk/test/java/awt/Color/HeadlessColor.java b/jdk/test/java/awt/ColorClass/HeadlessColor.java similarity index 100% rename from jdk/test/java/awt/Color/HeadlessColor.java rename to jdk/test/java/awt/ColorClass/HeadlessColor.java diff --git a/jdk/test/java/awt/Color/OpacityChange/OpacityChange.java b/jdk/test/java/awt/ColorClass/OpacityChange/OpacityChange.java similarity index 100% rename from jdk/test/java/awt/Color/OpacityChange/OpacityChange.java rename to jdk/test/java/awt/ColorClass/OpacityChange/OpacityChange.java diff --git a/jdk/test/java/awt/Color/GetMinMaxValue_ICC_ColorSpace.java b/jdk/test/java/awt/color/GetMinMaxValue_ICC_ColorSpace.java similarity index 100% rename from jdk/test/java/awt/Color/GetMinMaxValue_ICC_ColorSpace.java rename to jdk/test/java/awt/color/GetMinMaxValue_ICC_ColorSpace.java diff --git a/jdk/test/java/awt/Color/ICC_Profile/GetInstanceBrokenStream.java b/jdk/test/java/awt/color/ICC_Profile/GetInstanceBrokenStream.java similarity index 100% rename from jdk/test/java/awt/Color/ICC_Profile/GetInstanceBrokenStream.java rename to jdk/test/java/awt/color/ICC_Profile/GetInstanceBrokenStream.java diff --git a/jdk/test/java/awt/Color/LoadProfileWithSM.java b/jdk/test/java/awt/color/LoadProfileWithSM.java similarity index 100% rename from jdk/test/java/awt/Color/LoadProfileWithSM.java rename to jdk/test/java/awt/color/LoadProfileWithSM.java diff --git a/jdk/test/java/awt/Color/LoadStandardProfilesTest.java b/jdk/test/java/awt/color/LoadStandardProfilesTest.java similarity index 100% rename from jdk/test/java/awt/Color/LoadStandardProfilesTest.java rename to jdk/test/java/awt/color/LoadStandardProfilesTest.java From 86ea3f25b6b288919788d4ec99ff4cc0bab81413 Mon Sep 17 00:00:00 2001 From: Severin Gehwolf Date: Fri, 11 Aug 2023 08:50:49 +0000 Subject: [PATCH 13/34] 8308788: [8u] Remove duplicate HaricaCA.java test Reviewed-by: phh, andrew --- .../certification/HaricaCA.java | 320 ------------------ 1 file changed, 320 deletions(-) delete mode 100644 jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/HaricaCA.java diff --git a/jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/HaricaCA.java b/jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/HaricaCA.java deleted file mode 100644 index 247502e6e6c..00000000000 --- a/jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/HaricaCA.java +++ /dev/null @@ -1,320 +0,0 @@ -/* - * Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 8256421 - * @summary Interoperability tests with Harica CAs - * @build ValidatePathWithParams - * @run main/othervm -Djava.security.debug=certpath HaricaCA OCSP - * @run main/othervm -Djava.security.debug=certpath HaricaCA CRL - */ - -/* - * Obtain test artifacts for Harica CA from: - * - * CA has no published test sites so we will need to communicate with CA for test. - */ -public class HaricaCA { - - public static void main(String[] args) throws Exception { - - ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); - boolean ocspEnabled = false; - - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLCheck(); - } else { - // OCSP check by default - pathValidator.enableOCSPCheck(); - ocspEnabled = true; - } - - new Harica_CA().runTest(pathValidator, ocspEnabled); - new Harica_ECC().runTest(pathValidator, ocspEnabled); - } -} - -class Harica_CA { - - // Owner: CN=Hellenic Academic and Research Institutions Code Signing CA R1, - // O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR - // Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015, - // O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR - // Serial number: 1bc8b59e0cea0b7c - // Valid from: Fri Apr 08 00:37:41 PDT 2016 until: Sat Apr 06 00:37:41 PDT 2024 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIHnjCCBYagAwIBAgIIG8i1ngzqC3wwDQYJKoZIhvcNAQELBQAwgaYxCzAJBgNV\n" + - "BAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmljIEFjYWRl\n" + - "bWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAw\n" + - "PgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRp\n" + - "b25zIFJvb3RDQSAyMDE1MB4XDTE2MDQwODA3Mzc0MVoXDTI0MDQwNjA3Mzc0MVow\n" + - "ga0xCzAJBgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxl\n" + - "bmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0\n" + - "aG9yaXR5MUcwRQYDVQQDEz5IZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2gg\n" + - "SW5zdGl0dXRpb25zIENvZGUgU2lnbmluZyBDQSBSMTCCAiIwDQYJKoZIhvcNAQEB\n" + - "BQADggIPADCCAgoCggIBAJYQhJz8QjfP1wOc1sHxTKe9wy7d3oBScTslX5Yn1IE8\n" + - "j5SzsKilvbu9rp8bd8IKHnPrl1Vnjpvna/Vx/XKlXDxnIxgfLINfmbjJRoEbzj1t\n" + - "fxdTnZSN5c6vHYr5112/XCr2VQ7gIL+2jujXlJQYs/aUzAb9RR35dy4z2tQJQwtA\n" + - "gG/paNGgnOU2ROrcaEYfvG4YQWaHAwqjJ53ZY5HVD7NmLp5SZTA5Q3eHAYae99fq\n" + - "iEgMti3zMejzrAM1h+iVpLUxA7iMFh5nwCOvYJWVYqN3YOEmksxh7HOWlpe1PgDT\n" + - "5SezPCHmOilNizMSRsdW7fE8apYVq/O0yStFW32kS9RQzYiBsdgPvNzDGec7Jj8X\n" + - "SozhS6to+A6RdgfpHccHc2jhIRkFocA63OEde3Eo/NPf/WbFX2tpgDIv+HF/YZV3\n" + - "iaMeKeOKDIxa4c3t3qBsZNtFEGOQyDouVH4g2Y8gHhUCcR7gQrHEYy/9FbtUDviu\n" + - "abBVPFnNbEwT0uKS20aLgldkJ4/b3UzeTVzXVwLB8ruBfZX/e60YFaUJAZbbYRbE\n" + - "mD6KmDOCTfalpBRhXar6U1wf+GRp1wv01Vw88EJ6VEBxXAYrfQ28ER9IuLqVQRlN\n" + - "xpZCP71DRCvWljkXAKvWrs3JAw926n5K7sL+fv6mn+6iGBHrSEcyX8g8EZv6XuLP\n" + - "AgMBAAGjggHFMIIBwTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAT\n" + - "BgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUDyz8Ez5xsy3SqelOr4FBCaaY\n" + - "3UgwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybHYxLmhhcmljYS5nci9IYXJp\n" + - "Y2FSb290Q0EyMDE1L2NybHYxLmRlci5jcmwwHwYDVR0jBBgwFoAUcRVnyMjJvXVd\n" + - "ctA4GGqd83EkVAswbgYIKwYBBQUHAQEEYjBgMCEGCCsGAQUFBzABhhVodHRwOi8v\n" + - "b2NzcC5oYXJpY2EuZ3IwOwYIKwYBBQUHMAKGL2h0dHA6Ly93d3cuaGFyaWNhLmdy\n" + - "L2NlcnRzL0hhcmljYVJvb3RDQTIwMTUuY3J0MIGQBgNVHSAEgYgwgYUwgYIGBFUd\n" + - "IAAwejAyBggrBgEFBQcCARYmaHR0cDovL3d3dy5oYXJpY2EuZ3IvZG9jdW1lbnRz\n" + - "L0NQUy5waHAwRAYIKwYBBQUHAgIwOAw2VGhpcyBjZXJ0aWZpY2F0ZSBpcyBzdWJq\n" + - "ZWN0IHRvIEdyZWVrIGxhd3MgYW5kIG91ciBDUFMuMA0GCSqGSIb3DQEBCwUAA4IC\n" + - "AQA2t84B3ImFaWsnaYoPxwYu9njKaDc/QsaxT4AKP8env/Zr+fjD5s0Bjd1gZijC\n" + - "9LRTzIovpldc/yADy7SVboIH0uNEiBC0kc0DaCq0ceCGIe6dw92Mu9DJ3UpMGAuF\n" + - "fLpyearmfX9qzi0KhPGhjTxSTD4vWw3E0nvDVMBG54Im0OUGeVzZ9SpvRRhRnPOk\n" + - "1eplEYRRDVTGYQJ84GdVC4H4U3TjlbO9gppeSnBoVHyCqDDpyd8HhTuY3P5VRWaf\n" + - "dvAkwrW2Vv53zIYpDtcwG7mf4UXKbfYGtOIg/xaqHV82J6MYZHW1RNIlSh7F+1S5\n" + - "XamkPCQZZI87CMt/OZH+RaO87Vr2V02wkYwEeAvjOwq9l7LtOJaOznKS+BlMi009\n" + - "ljgHWUQcA2wk25hOAS3YtvhI1l2UrRHSqmHd7Jah4clskIjURt3b2Ez9nuZh1dC8\n" + - "NfaoPCkpK3leLBezubtq48MRe5jkAgen5UXvxq9zOZSen4pYeBK72ugNyLjzOhY8\n" + - "GrSeE1voLnvyZIguM2hrI8nEjI4rSXL6lsqXyG/ODzDMMdKq4FrjoW3y9KnV/n8t\n" + - "BvKTAlDcXQTqfdTykDWnxwNTp6dU+MOom9LGy6ZNFbei7XuvjrREiXUEJ/I2dGSD\n" + - "3zeNek32BS2BBZNN8jeP4szLs85G5HWql59OyePZfARA6Q==\n" + - "-----END CERTIFICATE-----"; - - // Owner: OID.1.3.6.1.4.1.311.60.2.1.3=GR, OID.2.5.4.15=Private Organization, - // CN=Greek Universities Network (GUnet), SERIALNUMBER=VATGR-099028220, - // OU=Class A - Private Key created and stored in hardware CSP, O=Greek Universities Network, L=Athens, C=GR - // Issuer: CN=Hellenic Academic and Research Institutions Code Signing CA R1, - // O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR - // Serial number: 2c9a7af519251c645c1bed40b9d1aeca - // Valid from: Mon Sep 09 01:15:13 PDT 2019 until: Wed Sep 08 01:15:13 PDT 2021 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIGyzCCBLOgAwIBAgIQLJp69RklHGRcG+1AudGuyjANBgkqhkiG9w0BAQsFADCB\n" + - "rTELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVu\n" + - "aWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRo\n" + - "b3JpdHkxRzBFBgNVBAMTPkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJ\n" + - "bnN0aXR1dGlvbnMgQ29kZSBTaWduaW5nIENBIFIxMB4XDTE5MDkwOTA4MTUxM1oX\n" + - "DTIxMDkwODA4MTUxM1owggEBMQswCQYDVQQGEwJHUjEPMA0GA1UEBwwGQXRoZW5z\n" + - "MSMwIQYDVQQKDBpHcmVlayBVbml2ZXJzaXRpZXMgTmV0d29yazFBMD8GA1UECww4\n" + - "Q2xhc3MgQSAtIFByaXZhdGUgS2V5IGNyZWF0ZWQgYW5kIHN0b3JlZCBpbiBoYXJk\n" + - "d2FyZSBDU1AxGDAWBgNVBAUTD1ZBVEdSLTA5OTAyODIyMDErMCkGA1UEAwwiR3Jl\n" + - "ZWsgVW5pdmVyc2l0aWVzIE5ldHdvcmsgKEdVbmV0KTEdMBsGA1UEDwwUUHJpdmF0\n" + - "ZSBPcmdhbml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCR1IwggEiMA0GCSqGSIb3\n" + - "DQEBAQUAA4IBDwAwggEKAoIBAQDdkvuJzgjD3Hr1RoDtPZPp5ZelMl6Xh5vnKVuG\n" + - "KX9gwHbDaXpLkp2bF2497R3olBaeYcEgappsWLPvLMEA75BSRopFQmhX3PAsjfAG\n" + - "JZGM3A53n4NAQscCmtD6echJi4P6RThRcpfqObfe0vqZUVzSWRC8fU1P4lt/KzJj\n" + - "DGSJtOP/SJfgp3M7hEp54fn+15DlYp+0e4aa5HF2HpGIy2ghPbRvkMJWbHmp3KZG\n" + - "NOXViQdr/ogpqRsbdP7kN78WLhwrLu+xRUmf9A845jxyNO7269jOQHztfPAcgvDw\n" + - "NbZouGtN3IIWoXWMLipNgzC9CYdqgLsLI9lXV9oQrXaICQ27AgMBAAGjggGOMIIB\n" + - "ijAfBgNVHSMEGDAWgBQPLPwTPnGzLdKp6U6vgUEJppjdSDB0BggrBgEFBQcBAQRo\n" + - "MGYwQQYIKwYBBQUHMAKGNWh0dHA6Ly9yZXBvLmhhcmljYS5nci9jZXJ0cy9IYXJp\n" + - "Y2FDb2RlU2lnbmluZ0NBUjEuY3J0MCEGCCsGAQUFBzABhhVodHRwOi8vb2NzcC5o\n" + - "YXJpY2EuZ3IwYAYDVR0gBFkwVzAHBgVngQwBAzAIBgYEAI96AQIwQgYMKwYBBAGB\n" + - "zxEBAQMDMDIwMAYIKwYBBQUHAgEWJGh0dHBzOi8vcmVwby5oYXJpY2EuZ3IvZG9j\n" + - "dW1lbnRzL0NQUzATBgNVHSUEDDAKBggrBgEFBQcDAzBLBgNVHR8ERDBCMECgPqA8\n" + - "hjpodHRwOi8vY3JsdjEuaGFyaWNhLmdyL0hhcmljYUNvZGVTaWduaW5nQ0FSMS9j\n" + - "cmx2MS5kZXIuY3JsMB0GA1UdDgQWBBR0K0c/UEGkfRtqAEwoONenOUa0WTAOBgNV\n" + - "HQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAHXVdzMwKeZSWmXZu/MyoyH8\n" + - "yTHYi/yvaPpR88/Q/j5wxzuceECZJgH74xgePCIXx74IKTADUyIj7eWuTkzEnZF9\n" + - "yqJyG+tArrIH7zdnjC0OgbJVFeUUY45rS24u8n/+46LnXy4A+bRa0qX/QikHxMvj\n" + - "0I0/RTZpdQFjhnmhZyZzUWReFlAEG1fUz9TNwcCfGrv3z6YHCNAh/HWFtM7te6H7\n" + - "LNjoRw0fC5edqI16ca2VrOLObbg64zdk7Ll/fu3Ll5UcAthve/PTez6R1wm47ETT\n" + - "ItjinmQI3vRhIls/UwvF4ey5Linz80rnzIlrrMgn3G2gRpfJ55CxsXOZDGS9iy8C\n" + - "jU8EiKkjbdDH6mOdQO11+FlwhBwSxVbr004RDPJJqKHKtKTWx6mEbW+ZrMXaEUNZ\n" + - "mSPwDCUgDzrFfSspYJL0UW7zV+SbK9u5nf09m6qOpkZ5OE91IEpkotTWqMe/yOJu\n" + - "Yey5wvAmEqQM6fcQCTfV5JBtzU5LOsm5Uwg728DcHfal21dJWtY3fi7+CgDRutU3\n" + - "Ee8uZUmCd/KCSQgP8B/QTu7wLXHd4IQz2EP2tmN9Zrv/MsDjpSHgRrU6Hwi49bPQ\n" + - "R43rmXHC7e2GZpBdPsfG0VDnpzgCx5Kogi5nJwwUevbvC2CT11AAlaOmTQPflqQj\n" + - "w2LPatMDMTAga/l+CE8j\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=Greek Universities Network (GUnet), SERIALNUMBER=VATGR-099028220, - // OU=Class B - Private Key created and stored in software CSP, O=Greek Universities Network, L=Athens, C=GR - // Issuer: CN=Hellenic Academic and Research Institutions Code Signing CA R1, - // O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR - // Serial number: 29c4a7abf35bd0acb1638abbf22da1d3 - // Valid from: Mon Feb 17 01:47:19 PST 2020 until: Mon Feb 15 16:00:00 PST 2021 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIGmDCCBICgAwIBAgIQKcSnq/Nb0KyxY4q78i2h0zANBgkqhkiG9w0BAQsFADCB\n" + - "rTELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVu\n" + - "aWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRo\n" + - "b3JpdHkxRzBFBgNVBAMTPkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJ\n" + - "bnN0aXR1dGlvbnMgQ29kZSBTaWduaW5nIENBIFIxMB4XDTIwMDIxNzA5NDcxOVoX\n" + - "DTIxMDIxNjAwMDAwMFowgc0xCzAJBgNVBAYTAkdSMQ8wDQYDVQQHDAZBdGhlbnMx\n" + - "IzAhBgNVBAoMGkdyZWVrIFVuaXZlcnNpdGllcyBOZXR3b3JrMUEwPwYDVQQLDDhD\n" + - "bGFzcyBCIC0gUHJpdmF0ZSBLZXkgY3JlYXRlZCBhbmQgc3RvcmVkIGluIHNvZnR3\n" + - "YXJlIENTUDEYMBYGA1UEBRMPVkFUR1ItMDk5MDI4MjIwMSswKQYDVQQDDCJHcmVl\n" + - "ayBVbml2ZXJzaXRpZXMgTmV0d29yayAoR1VuZXQpMIIBIjANBgkqhkiG9w0BAQEF\n" + - "AAOCAQ8AMIIBCgKCAQEArSBfy0xwIHpFxFrAHiYpMOkILjOvlhRCBmfzrJFSILou\n" + - "8vc1wxZw/olBa38khtIybE0GJnzZqoFTsalAcLg0CzfqucDoWL+uVLURmEmYZExj\n" + - "ngYfjrpB7ypjWqxfBVqqLgxugY1XV3oaQRNWgFEn/mrQhv+0azySJdRSiW0BH4rP\n" + - "wXp9LHgzHc7oxVOHsOKApwRN7TRVKz0/EoPhyUzdk5xoRTQMRalwZ0/E24v+CyoF\n" + - "bPl/v+dlRK5n9It8yjCtqOMZ1z7l8sKmJ7q9iLvzAF58a8B5lPueC+opHPEy4VD0\n" + - "7xZHYgdHliDsVIcWDXAzfcfo7l9EUX17onEXKMWKDwIDAQABo4IBkDCCAYwwHwYD\n" + - "VR0jBBgwFoAUDyz8Ez5xsy3SqelOr4FBCaaY3UgwdAYIKwYBBQUHAQEEaDBmMEEG\n" + - "CCsGAQUFBzAChjVodHRwOi8vcmVwby5oYXJpY2EuZ3IvY2VydHMvSGFyaWNhQ29k\n" + - "ZVNpZ25pbmdDQVIxLmNydDAhBggrBgEFBQcwAYYVaHR0cDovL29jc3AuaGFyaWNh\n" + - "LmdyMGIGA1UdIARbMFkwCAYGZ4EMAQQBMAgGBgQAj3oBATBDBg0rBgEEAYHPEQEB\n" + - "AwEBMDIwMAYIKwYBBQUHAgEWJGh0dHBzOi8vcmVwby5oYXJpY2EuZ3IvZG9jdW1l\n" + - "bnRzL0NQUzATBgNVHSUEDDAKBggrBgEFBQcDAzBLBgNVHR8ERDBCMECgPqA8hjpo\n" + - "dHRwOi8vY3JsdjEuaGFyaWNhLmdyL0hhcmljYUNvZGVTaWduaW5nQ0FSMS9jcmx2\n" + - "MS5kZXIuY3JsMB0GA1UdDgQWBBTj6v8Qkmosm+VNGsd/prwylbsM7TAOBgNVHQ8B\n" + - "Af8EBAMCB4AwDQYJKoZIhvcNAQELBQADggIBADYBQvc68KwX28UFeE/nXcowBTSd\n" + - "z+tQexloeBa4Z5G0yRr9URPc95H1R4SJiGQxb/KKqX2LqZtowc5rOXFBchI3da24\n" + - "kn8pmoi4/U2o8iS+DSlAMsn4ZW2lyDd0jyNeRiuZXvkdpqxa9u/x0TyXJ6qUxSYM\n" + - "oUC/H7RI1rxA+NgQ+otLHVs4ye53qzO44mXJv5Qq4dQ+GEdD+dShrYs69WMC0mV0\n" + - "mVs//R1qp8G3tThAiJJF55kV8w1JH2+yv8RXAdQ2cRpN2W6wsnm2DxldHKM4Kel4\n" + - "ON0TXlARGjoGqfEjFyZYtvpjzIPGoj3MHgCdiVb+zQJavYZJfLymlnIXajVb80Hh\n" + - "9xSar/uZ0NwtZgX8EwOrBiDUuCjyvlYrcbpSN26Q4fuUfPdIJQXMQDLTFMQLQ/o4\n" + - "5dn9FLLaJF7CA8VFeyJYi9pWEiIIpmPzIibd2+CAEQ43Q87GAvLpC09Rf6yggRh5\n" + - "by/FAOOzfbEQMhvJfGcJrPeG8JdzG95N5ycAeeyb/iboYptRwsLWwurASmUEKn0y\n" + - "BHlQPhut0mqNJQsoxvW6yIipFAQPBxfRHeLG71UO1kRxCleDTMsb3Zzt8hv1G4+m\n" + - "Nsm3ZMOV8TMdlBxYO/xA9dqwAxMuPvShx6LdiiyQhdeEmIFvKZeTD22cIOVLDsrd\n" + - "D2GbhbvPInvh21Qz\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Mon Feb 17 02:00:10 PST 2020", System.out); - } -} - -class Harica_ECC { - - // Owner: CN=HARICA Code Signing ECC SubCA R2, - // O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR - // Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, - // O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR - // Serial number: 1f6ea9c2f4d7f80ee6a046d8b822dd3f - // Valid from: Wed Mar 06 02:49:26 PST 2019 until: Thu Mar 02 02:49:26 PST 2034 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIDxzCCA02gAwIBAgIQH26pwvTX+A7moEbYuCLdPzAKBggqhkjOPQQDAzCBqjEL\n" + - "MAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMg\n" + - "QWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3Jp\n" + - "dHkxRDBCBgNVBAMTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0\n" + - "aXR1dGlvbnMgRUNDIFJvb3RDQSAyMDE1MB4XDTE5MDMwNjEwNDkyNloXDTM0MDMw\n" + - "MjEwNDkyNlowgY8xCzAJBgNVBAYTAkdSMQ8wDQYDVQQHDAZBdGhlbnMxRDBCBgNV\n" + - "BAoMO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMg\n" + - "Q2VydC4gQXV0aG9yaXR5MSkwJwYDVQQDDCBIQVJJQ0EgQ29kZSBTaWduaW5nIEVD\n" + - "QyBTdWJDQSBSMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABKPWDfLT76KnCZ7dujms\n" + - "bFYFLTvCWTyk8l0JqdhvZ+Tk6dWYAViIX90fc8+3HPAdHvkofNWvI/PW0qlZoRn3\n" + - "De/Nrp+ZCWjg7UrUrmKH2z/N3A7lgZFqrwlWPxHSPSYVkqOCAU8wggFLMBIGA1Ud\n" + - "EwEB/wQIMAYBAf8CAQAwHwYDVR0jBBgwFoAUtCILgpkkAQ6cu+QO/b/7lyCTmSow\n" + - "cgYIKwYBBQUHAQEEZjBkMD8GCCsGAQUFBzAChjNodHRwOi8vcmVwby5oYXJpY2Eu\n" + - "Z3IvY2VydHMvSGFyaWNhRUNDUm9vdENBMjAxNS5jcnQwIQYIKwYBBQUHMAGGFWh0\n" + - "dHA6Ly9vY3NwLmhhcmljYS5ncjARBgNVHSAECjAIMAYGBFUdIAAwEwYDVR0lBAww\n" + - "CgYIKwYBBQUHAwMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybHYxLmhhcmlj\n" + - "YS5nci9IYXJpY2FFQ0NSb290Q0EyMDE1L2NybHYxLmRlci5jcmwwHQYDVR0OBBYE\n" + - "FMdgA8SpJhybKTZTnW4Xu3NWRKZeMA4GA1UdDwEB/wQEAwIBhjAKBggqhkjOPQQD\n" + - "AwNoADBlAjAcJj7q9ujC+87/b81QowGo87VJhn9XWzRtpwjQFbIilqEfO3ot1d5F\n" + - "MWT1Xn2Qg3sCMQCoM+eV2KkQluHn2N6+GMImJqVObVUyZv0E+BvvszdJubo1cAM0\n" + - "SUImVT1t2wZpJKg=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=Dimitrios Zacharopoulos, GIVENNAME=Dimitrios, SURNAME=Zacharopoulos, - // OU=Class B - Private Key created and stored in software CSP, - // O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR - // Issuer: CN=HARICA Code Signing ECC SubCA R2, O=Hellenic Academic and Research Institutions Cert. Authority, - // L=Athens, C=GR - // Serial number: 11a187e3b5b0eabea4ba4987e76cd09d - // Valid from: Fri Jul 31 02:11:08 PDT 2020 until: Sun Jul 31 02:11:08 PDT 2022 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIENTCCA7ugAwIBAgIQEaGH47Ww6r6kukmH52zQnTAKBggqhkjOPQQDAzCBjzEL\n" + - "MAkGA1UEBhMCR1IxDzANBgNVBAcMBkF0aGVuczFEMEIGA1UECgw7SGVsbGVuaWMg\n" + - "QWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3Jp\n" + - "dHkxKTAnBgNVBAMMIEhBUklDQSBDb2RlIFNpZ25pbmcgRUNDIFN1YkNBIFIyMB4X\n" + - "DTIwMDczMTA5MTEwOFoXDTIyMDczMTA5MTEwOFowgfUxCzAJBgNVBAYTAkdSMQ8w\n" + - "DQYDVQQHDAZBdGhlbnMxRDBCBgNVBAoMO0hlbGxlbmljIEFjYWRlbWljIGFuZCBS\n" + - "ZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUEwPwYDVQQLDDhD\n" + - "bGFzcyBCIC0gUHJpdmF0ZSBLZXkgY3JlYXRlZCBhbmQgc3RvcmVkIGluIHNvZnR3\n" + - "YXJlIENTUDEWMBQGA1UEBAwNWmFjaGFyb3BvdWxvczESMBAGA1UEKgwJRGltaXRy\n" + - "aW9zMSAwHgYDVQQDDBdEaW1pdHJpb3MgWmFjaGFyb3BvdWxvczBZMBMGByqGSM49\n" + - "AgEGCCqGSM49AwEHA0IABOzRSqoI9HoxXjWerBBw8Croi1bJlUzoFXGjdszJIThf\n" + - "UG3YOiR1whG7wY5H5v8v4IIB5pJanArJk4CzxBLKob6jggGPMIIBizAfBgNVHSME\n" + - "GDAWgBTHYAPEqSYcmyk2U51uF7tzVkSmXjB6BggrBgEFBQcBAQRuMGwwRwYIKwYB\n" + - "BQUHMAKGO2h0dHA6Ly9yZXBvLmhhcmljYS5nci9jZXJ0cy9IYXJpY2FFQ0NDb2Rl\n" + - "U2lnbmluZ1N1YkNBUjIuY3J0MCEGCCsGAQUFBzABhhVodHRwOi8vb2NzcC5oYXJp\n" + - "Y2EuZ3IwYQYDVR0gBFowWDAIBgZngQwBBAEwCAYGBACPegEBMEIGDCsGAQQBgc8R\n" + - "AQMCATAyMDAGCCsGAQUFBwIBFiRodHRwczovL3JlcG8uaGFyaWNhLmdyL2RvY3Vt\n" + - "ZW50cy9DUFMwEwYDVR0lBAwwCgYIKwYBBQUHAwMwRQYDVR0fBD4wPDA6oDigNoY0\n" + - "aHR0cDovL2NybC5oYXJpY2EuZ3IvSGFyaWNhRUNDQ29kZVNpZ25pbmdTdWJDQVIy\n" + - "LmNybDAdBgNVHQ4EFgQUpNjChUi9LGgwz7E18N1EwXooEFcwDgYDVR0PAQH/BAQD\n" + - "AgeAMAoGCCqGSM49BAMDA2gAMGUCMQCDvQIjqgssTRHqp+gu7l21XmAQ4EMqr4+B\n" + - "05iU/edLxxV+z5roTswxnPnr43+EbvkCMHq4aFW1u1+RvPBQJNRnYmdXCnj0lUw4\n" + - "Ug7JnsEYMffLakDudzgsNv5ByJf9SO84Lw==\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=Greek Universities Network (GUnet), SERIALNUMBER=VATGR-099028220, - // OU=Class B - Private Key created and stored in software CSP, O=Greek Universities Network, L=Athens, C=GR - // Issuer: CN=HARICA Code Signing ECC SubCA R2, O=Hellenic Academic and Research Institutions Cert. Authority, - // L=Athens, C=GR - // Serial number: 4b14719c7195c96de8a5663724454205 - // Valid from: Mon Feb 17 01:48:32 PST 2020 until: Mon Feb 15 16:00:00 PST 2021 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIEDjCCA5SgAwIBAgIQSxRxnHGVyW3opWY3JEVCBTAKBggqhkjOPQQDAzCBjzEL\n" + - "MAkGA1UEBhMCR1IxDzANBgNVBAcMBkF0aGVuczFEMEIGA1UECgw7SGVsbGVuaWMg\n" + - "QWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3Jp\n" + - "dHkxKTAnBgNVBAMMIEhBUklDQSBDb2RlIFNpZ25pbmcgRUNDIFN1YkNBIFIyMB4X\n" + - "DTIwMDIxNzA5NDgzMloXDTIxMDIxNjAwMDAwMFowgc0xCzAJBgNVBAYTAkdSMQ8w\n" + - "DQYDVQQHDAZBdGhlbnMxIzAhBgNVBAoMGkdyZWVrIFVuaXZlcnNpdGllcyBOZXR3\n" + - "b3JrMUEwPwYDVQQLDDhDbGFzcyBCIC0gUHJpdmF0ZSBLZXkgY3JlYXRlZCBhbmQg\n" + - "c3RvcmVkIGluIHNvZnR3YXJlIENTUDEYMBYGA1UEBRMPVkFUR1ItMDk5MDI4MjIw\n" + - "MSswKQYDVQQDDCJHcmVlayBVbml2ZXJzaXRpZXMgTmV0d29yayAoR1VuZXQpMFkw\n" + - "EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECC+lD6hphUDLSGs/Vw4Tvj8RAuCQAyi+\n" + - "MUiXXXzGSp5e6ksBVlRlawluNR+BUtY93BRCjjNr3OuvSVALyrH7HKOCAZAwggGM\n" + - "MB8GA1UdIwQYMBaAFMdgA8SpJhybKTZTnW4Xu3NWRKZeMHoGCCsGAQUFBwEBBG4w\n" + - "bDBHBggrBgEFBQcwAoY7aHR0cDovL3JlcG8uaGFyaWNhLmdyL2NlcnRzL0hhcmlj\n" + - "YUVDQ0NvZGVTaWduaW5nU3ViQ0FSMi5jcnQwIQYIKwYBBQUHMAGGFWh0dHA6Ly9v\n" + - "Y3NwLmhhcmljYS5ncjBiBgNVHSAEWzBZMAgGBmeBDAEEATAIBgYEAI96AQEwQwYN\n" + - "KwYBBAGBzxEBAQMBATAyMDAGCCsGAQUFBwIBFiRodHRwczovL3JlcG8uaGFyaWNh\n" + - "LmdyL2RvY3VtZW50cy9DUFMwEwYDVR0lBAwwCgYIKwYBBQUHAwMwRQYDVR0fBD4w\n" + - "PDA6oDigNoY0aHR0cDovL2NybC5oYXJpY2EuZ3IvSGFyaWNhRUNDQ29kZVNpZ25p\n" + - "bmdTdWJDQVIyLmNybDAdBgNVHQ4EFgQUT4+WfQu125tLqla60vhK7ijBBWkwDgYD\n" + - "VR0PAQH/BAQDAgeAMAoGCCqGSM49BAMDA2gAMGUCMQDADGDAxKpUkyEKBLzpX+88\n" + - "ONLYDgFSie5W2ULWk02sDRO/k5xcSSjTf0FFa4+l6E8CME/b27e7NUGHPVYTLTWL\n" + - "5yPiboyNsT8QpV+hZiWh/Qqiw1E/bR2SPIGEwYUrOV61fA==\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Mon Feb 17 02:00:57 PST 2020", System.out); - } -} From 949d8e7783112977b644294620585513b7d63ae7 Mon Sep 17 00:00:00 2001 From: Severin Gehwolf Date: Fri, 11 Aug 2023 08:57:39 +0000 Subject: [PATCH 14/34] 8287073: NPE from CgroupV2Subsystem.getInstance() Reviewed-by: andrew Backport-of: 744b822ab194a0f7ef4e7a4053be32c6a0889efc --- .../jdk/internal/platform/CgroupSubsystemFactory.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/jdk/src/linux/classes/jdk/internal/platform/CgroupSubsystemFactory.java b/jdk/src/linux/classes/jdk/internal/platform/CgroupSubsystemFactory.java index d1bd4fb8b00..e47513e02fe 100644 --- a/jdk/src/linux/classes/jdk/internal/platform/CgroupSubsystemFactory.java +++ b/jdk/src/linux/classes/jdk/internal/platform/CgroupSubsystemFactory.java @@ -34,6 +34,7 @@ import java.util.List; import java.util.Map; import java.util.Optional; +import java.util.Objects; import java.util.function.Consumer; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -104,9 +105,9 @@ static CgroupMetrics create() { Map infos = result.getInfos(); if (result.isCgroupV2()) { // For unified it doesn't matter which controller we pick. - CgroupInfo anyController = infos.get(MEMORY_CTRL); - CgroupSubsystem subsystem = CgroupV2Subsystem.getInstance(anyController); - return subsystem != null ? new CgroupMetrics(subsystem) : null; + CgroupInfo anyController = infos.values().iterator().next(); + CgroupSubsystem subsystem = CgroupV2Subsystem.getInstance(Objects.requireNonNull(anyController)); + return new CgroupMetrics(subsystem); } else { CgroupV1Subsystem subsystem = CgroupV1Subsystem.getInstance(infos); return subsystem != null ? new CgroupV1MetricsImpl(subsystem) : null; From 5f62e559fb5040c5d0021de4c3ee49e6fca6b087 Mon Sep 17 00:00:00 2001 From: Alexey Bakhtin Date: Fri, 11 Aug 2023 23:01:00 +0000 Subject: [PATCH 15/34] 6722928: Provide a default native GSS-API library on Windows Reviewed-by: phh, andrew Backport-of: 475996adc2aaa7af920f2e9711d0ace2ddd2430e --- jdk/make/lib/SecurityLibraries.gmk | 18 + .../security/jgss/spnego/NegTokenTarg.java | 15 +- .../jgss/wrapper/SunNativeProvider.java | 13 +- .../sun/security/jgss/wrapper/GSSLibStub.c | 4 +- .../sun/security/jgss/wrapper/NativeFunc.h | 68 +- .../sun/security/jgss/wrapper/NativeUtil.h | 10 +- .../native/sun/security/jgss/wrapper/gssapi.h | 111 +- .../sun/security/jgss/sspi_bridge/sspi.cpp | 1575 +++++++++++++++++ 8 files changed, 1706 insertions(+), 108 deletions(-) create mode 100644 jdk/src/windows/native/sun/security/jgss/sspi_bridge/sspi.cpp diff --git a/jdk/make/lib/SecurityLibraries.gmk b/jdk/make/lib/SecurityLibraries.gmk index 7bf88fa27e1..84abb7e76b3 100644 --- a/jdk/make/lib/SecurityLibraries.gmk +++ b/jdk/make/lib/SecurityLibraries.gmk @@ -112,6 +112,24 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBJ2GSS, \ BUILD_LIBRARIES += $(BUILD_LIBJ2GSS) +ifeq ($(OPENJDK_TARGET_OS), windows) + $(eval $(call SetupNativeCompilation,BUILD_LIBSSPI_BRIDGE, \ + LIBRARY := sspi_bridge, \ + OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \ + SRC := $(JDK_TOPDIR)/src/windows/native/sun/security/jgss/sspi_bridge, \ + LANG := C, \ + OPTIMIZATION := LOW, \ + CFLAGS := $(CFLAGS_JDKLIB) \ + -I$(JDK_TOPDIR)/src/share/native/sun/security/jgss/wrapper, \ + LDFLAGS := $(LDFLAGS_JDKLIB) \ + $(call SET_SHARED_LIBRARY_ORIGIN), \ + LDFLAGS_SUFFIX := $(LIBDL), \ + OBJECT_DIR := $(JDK_OUTPUTDIR)/objs/libsspi_bridge, \ + DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES))) + + BUILD_LIBRARIES += $(BUILD_LIBSSPI_BRIDGE) +endif + ########################################################################################## ifneq ($(BUILD_CRYPTO), no) diff --git a/jdk/src/share/classes/sun/security/jgss/spnego/NegTokenTarg.java b/jdk/src/share/classes/sun/security/jgss/spnego/NegTokenTarg.java index 1a4333ff298..fb87af49fa3 100644 --- a/jdk/src/share/classes/sun/security/jgss/spnego/NegTokenTarg.java +++ b/jdk/src/share/classes/sun/security/jgss/spnego/NegTokenTarg.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,7 +26,6 @@ package sun.security.jgss.spnego; import java.io.*; -import java.util.*; import org.ietf.jgss.*; import sun.security.jgss.*; import sun.security.util.*; @@ -113,18 +112,6 @@ final byte[] encode() throws GSSException { mic.putOctetString(mechListMIC); targToken.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), mic); - } else if (GSSUtil.useMSInterop()) { - // required for MS-interoperability - if (responseToken != null) { - if (DEBUG) { - System.out.println("SpNegoToken NegTokenTarg: " + - "sending additional token for MS Interop"); - } - DerOutputStream rspToken = new DerOutputStream(); - rspToken.putOctetString(responseToken); - targToken.write(DerValue.createTag(DerValue.TAG_CONTEXT, - true, (byte) 0x03), rspToken); - } } // insert in a SEQUENCE diff --git a/jdk/src/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java b/jdk/src/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java index 25da168d5d0..287dc793edf 100644 --- a/jdk/src/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java +++ b/jdk/src/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -78,7 +78,7 @@ public HashMap run() { if (DEBUG) err.printStackTrace(); return null; } - String gssLibs[] = new String[0]; + String gssLibs[]; String defaultLib = System.getProperty(LIB_PROP); if (defaultLib == null || defaultLib.trim().equals("")) { String osname = System.getProperty("os.name"); @@ -95,6 +95,12 @@ public HashMap run() { "libgssapi_krb5.dylib", "/usr/lib/sasl2/libgssapiv2.2.so", }; + } else if (osname.contains("Windows")) { + // Full path needed, DLL is in jre/bin + gssLibs = new String[]{ System.getProperty("java.home") + + "\\bin\\sspi_bridge.dll" }; + } else { + gssLibs = new String[0]; } } else { gssLibs = new String[]{ defaultLib }; @@ -103,8 +109,7 @@ public HashMap run() { if (GSSLibStub.init(libName, DEBUG)) { debug("Loaded GSS library: " + libName); Oid[] mechs = GSSLibStub.indicateMechs(); - HashMap map = - new HashMap(); + HashMap map = new HashMap<>(); for (int i = 0; i < mechs.length; i++) { debug("Native MF for " + mechs[i]); map.put("GssApiMechanism." + mechs[i], diff --git a/jdk/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c b/jdk/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c index e8d309b57c9..a4c25c94d2b 100644 --- a/jdk/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c +++ b/jdk/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -978,7 +978,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acceptContext(JNIEnv *env, OM_uint32 aFlags; OM_uint32 aTime; gss_cred_id_t delCred; - jobject jsrcName=GSS_C_NO_NAME; + jobject jsrcName = NULL; jobject jdelCred; jobject jMech; jboolean setTarget; diff --git a/jdk/src/share/native/sun/security/jgss/wrapper/NativeFunc.h b/jdk/src/share/native/sun/security/jgss/wrapper/NativeFunc.h index c036130e712..21f3d03ebd4 100644 --- a/jdk/src/share/native/sun/security/jgss/wrapper/NativeFunc.h +++ b/jdk/src/share/native/sun/security/jgss/wrapper/NativeFunc.h @@ -57,38 +57,38 @@ typedef OM_uint32 (*RELEASE_NAME_FN_PTR) typedef OM_uint32 (*IMPORT_NAME_FN_PTR) (OM_uint32 *minor_status, - gss_buffer_t input_name_buffer, - gss_OID input_name_type, + const gss_buffer_t input_name_buffer, + const gss_OID input_name_type, gss_name_t *output_name); typedef OM_uint32 (*COMPARE_NAME_FN_PTR) (OM_uint32 *minor_status, - gss_name_t name1, - gss_name_t name2, + gss_const_name_t name1, + gss_const_name_t name2, int *name_equal); typedef OM_uint32 (*CANONICALIZE_NAME_FN_PTR) (OM_uint32 *minor_status, - gss_name_t input_name, - gss_OID mech_type, + gss_const_name_t input_name, + const gss_OID mech_type, gss_name_t *output_name); typedef OM_uint32 (*EXPORT_NAME_FN_PTR) (OM_uint32 *minor_status, - gss_name_t input_name, + gss_const_name_t input_name, gss_buffer_t exported_name); typedef OM_uint32 (*DISPLAY_NAME_FN_PTR) (OM_uint32 *minor_status, - gss_name_t input_name, + gss_const_name_t input_name, gss_buffer_t output_name_buffer, gss_OID *output_name_type); typedef OM_uint32 (*ACQUIRE_CRED_FN_PTR) (OM_uint32 *minor_status, - gss_name_t desired_name, + gss_const_name_t desired_name, OM_uint32 time_req, - gss_OID_set desired_mech, + const gss_OID_set desired_mech, gss_cred_usage_t cred_usage, gss_cred_id_t *output_cred_handle, gss_OID_set *actual_mechs, @@ -100,7 +100,7 @@ typedef OM_uint32 (*RELEASE_CRED_FN_PTR) typedef OM_uint32 (*INQUIRE_CRED_FN_PTR) (OM_uint32 *minor_status, - gss_cred_id_t cred_handle, + gss_const_cred_id_t cred_handle, gss_name_t *name, OM_uint32 *lifetime, gss_cred_usage_t *cred_usage, @@ -108,19 +108,19 @@ typedef OM_uint32 (*INQUIRE_CRED_FN_PTR) typedef OM_uint32 (*IMPORT_SEC_CONTEXT_FN_PTR) (OM_uint32 *minor_status, - gss_buffer_t interprocess_token, + const gss_buffer_t interprocess_token, gss_ctx_id_t *context_handle); typedef OM_uint32 (*INIT_SEC_CONTEXT_FN_PTR) (OM_uint32 *minor_status, - gss_cred_id_t initiator_cred_handle, + gss_const_cred_id_t initiator_cred_handle, gss_ctx_id_t *context_handle, - gss_name_t *target_name, - gss_OID mech_type, + gss_const_name_t target_name, + const gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, - gss_channel_bindings_t input_chan_bindings, - gss_buffer_t input_token, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, gss_OID *actual_mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, @@ -129,9 +129,9 @@ typedef OM_uint32 (*INIT_SEC_CONTEXT_FN_PTR) typedef OM_uint32 (*ACCEPT_SEC_CONTEXT_FN_PTR) (OM_uint32 *minor_status, gss_ctx_id_t *context_handle, - gss_cred_id_t acceptor_cred_handle, - gss_buffer_t input_token, - gss_channel_bindings_t input_chan_bindings, + gss_const_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token, + const gss_channel_bindings_t input_chan_bindings, gss_name_t *src_name, gss_OID *mech_type, gss_buffer_t output_token, @@ -141,7 +141,7 @@ typedef OM_uint32 (*ACCEPT_SEC_CONTEXT_FN_PTR) typedef OM_uint32 (*INQUIRE_CONTEXT_FN_PTR) (OM_uint32 *minor_status, - gss_ctx_id_t context_handle, + gss_const_ctx_id_t context_handle, gss_name_t *src_name, gss_name_t *targ_name, OM_uint32 *lifetime_rec, @@ -157,12 +157,12 @@ typedef OM_uint32 (*DELETE_SEC_CONTEXT_FN_PTR) typedef OM_uint32 (*CONTEXT_TIME_FN_PTR) (OM_uint32 *minor_status, - gss_ctx_id_t *context_handle, + gss_const_ctx_id_t context_handle, OM_uint32 *time_rec); typedef OM_uint32 (*WRAP_SIZE_LIMIT_FN_PTR) (OM_uint32 *minor_status, - gss_ctx_id_t context_handle, + gss_const_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, OM_uint32 req_output_size, @@ -175,31 +175,31 @@ typedef OM_uint32 (*EXPORT_SEC_CONTEXT_FN_PTR) typedef OM_uint32 (*GET_MIC_FN_PTR) (OM_uint32 *minor_status, - gss_ctx_id_t context_handle, + gss_const_ctx_id_t context_handle, gss_qop_t qop_req, - gss_buffer_t message_buffer, + const gss_buffer_t message_buffer, gss_buffer_t msg_token); typedef OM_uint32 (*VERIFY_MIC_FN_PTR) (OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t message_buffer, - gss_buffer_t token_buffer, + gss_const_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, gss_qop_t *qop_state); typedef OM_uint32 (*WRAP_FN_PTR) (OM_uint32 *minor_status, - gss_ctx_id_t context_handle, + gss_const_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, - gss_buffer_t input_message_buffer, + const gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer); typedef OM_uint32 (*UNWRAP_FN_PTR) (OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t input_message_buffer, + gss_const_ctx_id_t context_handle, + const gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int *conf_state, gss_qop_t *qop_state); @@ -215,14 +215,14 @@ typedef OM_uint32 (*INQUIRE_NAMES_FOR_MECH_FN_PTR) typedef OM_uint32 (*ADD_OID_SET_MEMBER_FN_PTR) (OM_uint32 *minor_status, - gss_OID member_oid, + const gss_OID member_oid, gss_OID_set *oid_set); typedef OM_uint32 (*DISPLAY_STATUS_FN_PTR) (OM_uint32 *minor_status, OM_uint32 status_value, int status_type, - gss_OID mech_type, + const gss_OID mech_type, OM_uint32 *message_context, gss_buffer_t status_string); diff --git a/jdk/src/share/native/sun/security/jgss/wrapper/NativeUtil.h b/jdk/src/share/native/sun/security/jgss/wrapper/NativeUtil.h index 478246b7a65..a27cc7922b6 100644 --- a/jdk/src/share/native/sun/security/jgss/wrapper/NativeUtil.h +++ b/jdk/src/share/native/sun/security/jgss/wrapper/NativeUtil.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -88,10 +88,10 @@ extern "C" { extern jfieldID FID_NativeGSSContext_flags; extern jfieldID FID_NativeGSSContext_lifetime; extern jfieldID FID_NativeGSSContext_actualMech; - #define TRACE0(s) { if (JGSS_DEBUG) { puts(s); fflush(stdout); }} - #define TRACE1(s, p1) { if (JGSS_DEBUG) { printf(s"\n", p1); fflush(stdout); }} - #define TRACE2(s, p1, p2) { if (JGSS_DEBUG) { printf(s"\n", p1, p2); fflush(stdout); }} - #define TRACE3(s, p1, p2, p3) { if (JGSS_DEBUG) { printf(s"\n", p1, p2, p3); fflush(stdout); }} + #define TRACE0(s) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] %s\n", __LINE__, s); fflush(stdout); }} + #define TRACE1(s, p1) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] "s"\n", __LINE__, p1); fflush(stdout); }} + #define TRACE2(s, p1, p2) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] "s"\n", __LINE__, p1, p2); fflush(stdout); }} + #define TRACE3(s, p1, p2, p3) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] "s"\n", __LINE__, p1, p2, p3); fflush(stdout); }} // Visual Studio 2010-2012 doesn't provide inttypes.h so provide appropriate definitions here. #if _MSC_VER < 1800 diff --git a/jdk/src/share/native/sun/security/jgss/wrapper/gssapi.h b/jdk/src/share/native/sun/security/jgss/wrapper/gssapi.h index a1f1e3456c1..9c6002c4633 100644 --- a/jdk/src/share/native/sun/security/jgss/wrapper/gssapi.h +++ b/jdk/src/share/native/sun/security/jgss/wrapper/gssapi.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -57,9 +57,17 @@ extern "C" { */ #include -typedef void * gss_name_t; -typedef void * gss_cred_id_t; -typedef void * gss_ctx_id_t; +struct gss_name_struct; +typedef struct gss_name_struct * gss_name_t; +typedef const struct gss_name_struct *gss_const_name_t; + +struct gss_cred_id_struct; +typedef struct gss_cred_id_struct * gss_cred_id_t; +typedef const struct gss_cred_id_struct *gss_const_cred_id_t; + +struct gss_ctx_id_struct; +typedef struct gss_ctx_id_struct * gss_ctx_id_t; +typedef const struct gss_ctx_id_struct *gss_const_ctx_id_t; /* * The following type must be defined as the smallest natural unsigned integer @@ -82,16 +90,19 @@ typedef struct gss_OID_desc_struct { OM_uint32 length; void *elements; } gss_OID_desc, *gss_OID; +typedef const gss_OID_desc * gss_const_OID; typedef struct gss_OID_set_desc_struct { size_t count; gss_OID elements; } gss_OID_set_desc, *gss_OID_set; +typedef const gss_OID_set_desc * gss_const_OID_set; typedef struct gss_buffer_desc_struct { size_t length; void *value; } gss_buffer_desc, *gss_buffer_t; +typedef const gss_buffer_desc * gss_const_buffer_t; typedef struct gss_channel_bindings_struct { OM_uint32 initiator_addrtype; @@ -100,6 +111,7 @@ typedef struct gss_channel_bindings_struct { gss_buffer_desc acceptor_address; gss_buffer_desc application_data; } *gss_channel_bindings_t; +typedef const struct gss_channel_bindings_struct *gss_const_channel_bindings_t; /* * For now, define a QOP-type as an OM_uint32 @@ -119,6 +131,7 @@ typedef int gss_cred_usage_t; #define GSS_C_ANON_FLAG 64 #define GSS_C_PROT_READY_FLAG 128 #define GSS_C_TRANS_FLAG 256 +#define GSS_C_DELEG_POLICY_FLAG 32768 /* * Credential usage options @@ -389,9 +402,9 @@ GSS_DLLIMP extern gss_OID GSS_C_NT_EXPORT_NAME; GSS_DLLIMP OM_uint32 gss_acquire_cred( OM_uint32 *, /* minor_status */ - gss_name_t, /* desired_name */ + gss_const_name_t, /* desired_name */ OM_uint32, /* time_req */ - gss_OID_set, /* desired_mechs */ + const gss_OID_set, /* desired_mechs */ gss_cred_usage_t, /* cred_usage */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ @@ -405,14 +418,14 @@ GSS_DLLIMP OM_uint32 gss_release_cred( GSS_DLLIMP OM_uint32 gss_init_sec_context( OM_uint32 *, /* minor_status */ - gss_cred_id_t, /* claimant_cred_handle */ + gss_const_cred_id_t, /* claimant_cred_handle */ gss_ctx_id_t *, /* context_handle */ - gss_name_t, /* target_name */ - gss_OID, /* mech_type (used to be const) */ + gss_const_name_t, /* target_name */ + const gss_OID, /* mech_type */ OM_uint32, /* req_flags */ OM_uint32, /* time_req */ - gss_channel_bindings_t, /* input_chan_bindings */ - gss_buffer_t, /* input_token */ + const gss_channel_bindings_t, /* input_chan_bindings */ + const gss_buffer_t, /* input_token */ gss_OID *, /* actual_mech_type */ gss_buffer_t, /* output_token */ OM_uint32 *, /* ret_flags */ @@ -422,9 +435,9 @@ GSS_DLLIMP OM_uint32 gss_init_sec_context( GSS_DLLIMP OM_uint32 gss_accept_sec_context( OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ - gss_cred_id_t, /* acceptor_cred_handle */ - gss_buffer_t, /* input_token_buffer */ - gss_channel_bindings_t, /* input_chan_bindings */ + gss_const_cred_id_t, /* acceptor_cred_handle */ + const gss_buffer_t, /* input_token_buffer */ + const gss_channel_bindings_t, /* input_chan_bindings */ gss_name_t *, /* src_name */ gss_OID *, /* mech_type */ gss_buffer_t, /* output_token */ @@ -435,8 +448,8 @@ GSS_DLLIMP OM_uint32 gss_accept_sec_context( GSS_DLLIMP OM_uint32 gss_process_context_token( OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t /* token_buffer */ + gss_const_ctx_id_t, /* context_handle */ + const gss_buffer_t /* token_buffer */ ); GSS_DLLIMP OM_uint32 gss_delete_sec_context( @@ -447,35 +460,35 @@ GSS_DLLIMP OM_uint32 gss_delete_sec_context( GSS_DLLIMP OM_uint32 gss_context_time( OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ + gss_const_ctx_id_t, /* context_handle */ OM_uint32 * /* time_rec */ ); /* New for V2 */ GSS_DLLIMP OM_uint32 gss_get_mic( OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ + gss_const_ctx_id_t, /* context_handle */ gss_qop_t, /* qop_req */ - gss_buffer_t, /* message_buffer */ + const gss_buffer_t, /* message_buffer */ gss_buffer_t /* message_token */ ); /* New for V2 */ GSS_DLLIMP OM_uint32 gss_verify_mic( OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t, /* message_token */ + gss_const_ctx_id_t, /* context_handle */ + const gss_buffer_t, /* message_buffer */ + const gss_buffer_t, /* message_token */ gss_qop_t * /* qop_state */ ); /* New for V2 */ GSS_DLLIMP OM_uint32 gss_wrap( OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ + gss_const_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ gss_qop_t, /* qop_req */ - gss_buffer_t, /* input_message_buffer */ + const gss_buffer_t, /* input_message_buffer */ int *, /* conf_state */ gss_buffer_t /* output_message_buffer */ ); @@ -483,8 +496,8 @@ GSS_DLLIMP OM_uint32 gss_wrap( /* New for V2 */ GSS_DLLIMP OM_uint32 gss_unwrap( OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* input_message_buffer */ + gss_const_ctx_id_t, /* context_handle */ + const gss_buffer_t, /* input_message_buffer */ gss_buffer_t, /* output_message_buffer */ int *, /* conf_state */ gss_qop_t * /* qop_state */ @@ -494,7 +507,7 @@ GSS_DLLIMP OM_uint32 gss_display_status( OM_uint32 *, /* minor_status */ OM_uint32, /* status_value */ int, /* status_type */ - gss_OID, /* mech_type (used to be const) */ + const gss_OID, /* mech_type (used to be const) */ OM_uint32 *, /* message_context */ gss_buffer_t /* status_string */ ); @@ -506,22 +519,22 @@ GSS_DLLIMP OM_uint32 gss_indicate_mechs( GSS_DLLIMP OM_uint32 gss_compare_name( OM_uint32 *, /* minor_status */ - gss_name_t, /* name1 */ - gss_name_t, /* name2 */ + gss_const_name_t, /* name1 */ + gss_const_name_t, /* name2 */ int * /* name_equal */ ); GSS_DLLIMP OM_uint32 gss_display_name( OM_uint32 *, /* minor_status */ - gss_name_t, /* input_name */ + gss_const_name_t, /* input_name */ gss_buffer_t, /* output_name_buffer */ gss_OID * /* output_name_type */ ); GSS_DLLIMP OM_uint32 gss_import_name( OM_uint32 *, /* minor_status */ - gss_buffer_t, /* input_name_buffer */ - gss_OID, /* input_name_type(used to be const) */ + const gss_buffer_t, /* input_name_buffer */ + const gss_OID, /* input_name_type(used to be const) */ gss_name_t * /* output_name */ ); @@ -542,7 +555,7 @@ GSS_DLLIMP OM_uint32 gss_release_oid_set( GSS_DLLIMP OM_uint32 gss_inquire_cred( OM_uint32 *, /* minor_status */ - gss_cred_id_t, /* cred_handle */ + gss_const_cred_id_t, /* cred_handle */ gss_name_t *, /* name */ OM_uint32 *, /* lifetime */ gss_cred_usage_t *, /* cred_usage */ @@ -552,7 +565,7 @@ GSS_DLLIMP OM_uint32 gss_inquire_cred( /* Last argument new for V2 */ GSS_DLLIMP OM_uint32 gss_inquire_context( OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ + gss_const_ctx_id_t, /* context_handle */ gss_name_t *, /* src_name */ gss_name_t *, /* targ_name */ OM_uint32 *, /* lifetime_rec */ @@ -565,7 +578,7 @@ GSS_DLLIMP OM_uint32 gss_inquire_context( /* New for V2 */ GSS_DLLIMP OM_uint32 gss_wrap_size_limit( OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ + gss_const_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ gss_qop_t, /* qop_req */ OM_uint32, /* req_output_size */ @@ -575,9 +588,9 @@ GSS_DLLIMP OM_uint32 gss_wrap_size_limit( /* New for V2 */ GSS_DLLIMP OM_uint32 gss_add_cred( OM_uint32 *, /* minor_status */ - gss_cred_id_t, /* input_cred_handle */ - gss_name_t, /* desired_name */ - gss_OID, /* desired_mech */ + gss_const_cred_id_t, /* input_cred_handle */ + gss_const_name_t, /* desired_name */ + const gss_OID, /* desired_mech */ gss_cred_usage_t, /* cred_usage */ OM_uint32, /* initiator_time_req */ OM_uint32, /* acceptor_time_req */ @@ -590,8 +603,8 @@ GSS_DLLIMP OM_uint32 gss_add_cred( /* New for V2 */ GSS_DLLIMP OM_uint32 gss_inquire_cred_by_mech( OM_uint32 *, /* minor_status */ - gss_cred_id_t, /* cred_handle */ - gss_OID, /* mech_type */ + gss_const_cred_id_t, /* cred_handle */ + const gss_OID, /* mech_type */ gss_name_t *, /* name */ OM_uint32 *, /* initiator_lifetime */ OM_uint32 *, /* acceptor_lifetime */ @@ -608,7 +621,7 @@ GSS_DLLIMP OM_uint32 gss_export_sec_context( /* New for V2 */ GSS_DLLIMP OM_uint32 gss_import_sec_context( OM_uint32 *, /* minor_status */ - gss_buffer_t, /* interprocess_token */ + const gss_buffer_t, /* interprocess_token */ gss_ctx_id_t * /* context_handle */ ); @@ -627,22 +640,22 @@ GSS_DLLIMP OM_uint32 gss_create_empty_oid_set( /* New for V2 */ GSS_DLLIMP OM_uint32 gss_add_oid_set_member( OM_uint32 *, /* minor_status */ - gss_OID, /* member_oid */ + const gss_OID, /* member_oid */ gss_OID_set * /* oid_set */ ); /* New for V2 */ GSS_DLLIMP OM_uint32 gss_test_oid_set_member( OM_uint32 *, /* minor_status */ - gss_OID, /* member */ - gss_OID_set, /* set */ + const gss_OID, /* member */ + const gss_OID_set, /* set */ int * /* present */ ); /* New for V2 */ GSS_DLLIMP OM_uint32 gss_str_to_oid( OM_uint32 *, /* minor_status */ - gss_buffer_t, /* oid_str */ + const gss_buffer_t, /* oid_str */ gss_OID * /* oid */ ); @@ -656,28 +669,28 @@ GSS_DLLIMP OM_uint32 gss_oid_to_str( /* New for V2 */ GSS_DLLIMP OM_uint32 gss_inquire_names_for_mech( OM_uint32 *, /* minor_status */ - gss_OID, /* mechanism */ + const gss_OID, /* mechanism */ gss_OID_set * /* name_types */ ); /* New for V2 */ GSS_DLLIMP OM_uint32 gss_export_name( OM_uint32 *, /* minor_status */ - const gss_name_t, /* input_name */ + gss_const_name_t, /* input_name */ gss_buffer_t /* exported_name */ ); /* New for V2 */ GSS_DLLIMP OM_uint32 gss_duplicate_name( OM_uint32 *, /* minor_status */ - const gss_name_t, /* input_name */ + gss_const_name_t, /* input_name */ gss_name_t * /* dest_name */ ); /* New for V2 */ GSS_DLLIMP OM_uint32 gss_canonicalize_name( OM_uint32 *, /* minor_status */ - const gss_name_t, /* input_name */ + gss_const_name_t, /* input_name */ const gss_OID, /* mech_type */ gss_name_t * /* output_name */ ); diff --git a/jdk/src/windows/native/sun/security/jgss/sspi_bridge/sspi.cpp b/jdk/src/windows/native/sun/security/jgss/sspi_bridge/sspi.cpp new file mode 100644 index 00000000000..b6827198a71 --- /dev/null +++ b/jdk/src/windows/native/sun/security/jgss/sspi_bridge/sspi.cpp @@ -0,0 +1,1575 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// This library is client-side only, and only supports the default credentials. +// It speaks krb5 and SPNEGO. NTLM is excluded from SPNEGO negotiation. +// +// This library can be built directly with the following command: +// cl -I %OPENJDK%\src\java.security.jgss\share\native\libj2gss\ sspi.cpp \ +// -link -dll -out:sspi_bridge.dll + +#define UNICODE +#define _UNICODE + +#include +#include +#include +#include +#include +#include +#include + +#define GSS_DLL_FILE +#include + +#define SECURITY_WIN32 +#include + +#pragma comment(lib, "secur32.lib") + +// Otherwise an exception will be thrown +#define new new (std::nothrow) + +// A debugging macro +#define PP(fmt, ...) \ + if (trace) { \ + fprintf(stderr, "[SSPI:%ld] "fmt"\n", __LINE__, ##__VA_ARGS__); \ + fflush(stderr); \ + } +#define SEC_SUCCESS(status) ((*minor_status = (status)), (status) >= SEC_E_OK) + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +// When SSPI_BRIDGE_TRACE is set, debug info goes to stderr. The value is ignored. +char* trace = getenv("SSPI_BRIDGE_TRACE"); + +void +dump(const char* title, PBYTE data, size_t len) +{ + if (trace) { + fprintf(stderr, "==== %s ====\n", title); + for (size_t i = 0; i < len; i++) { + if (i != 0 && i % 16 == 0) { + fprintf(stderr, "\n"); + } + fprintf(stderr, "%02X ", *(data + i) & 0xff); + } + fprintf(stderr, "\n"); + } +} + +gss_OID_desc KRB5_OID = {9, (void*)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"}; +gss_OID_desc SPNEGO_OID = {6, (void*)"\x2b\x06\x01\x05\x05\x02"}; +gss_OID_desc USER_NAME_OID = {10, (void*)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"}; +gss_OID_desc KRB5_NAME_OID = {10, (void*)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"}; +gss_OID_desc HOST_SERVICE_NAME_OID = {10, (void*)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"}; +gss_OID_desc EXPORT_NAME_OID = {6, (void*)"\x2b\x06\x01\x05\x06\x04"}; + +struct gss_name_struct { + SEC_WCHAR* name; +}; + +struct gss_ctx_id_struct { + CredHandle* phCred; + CtxtHandle hCtxt; + SecPkgContext_Sizes SecPkgContextSizes; + SecPkgContext_NativeNames nnames; + BOOLEAN established; + BOOLEAN isSPNEGO; + BOOLEAN isLocalCred; + OM_uint32 flags; +}; + +struct gss_cred_id_struct { + CredHandle* phCredK; + CredHandle* phCredS; + long time; +}; + +/* This section holds supporting functions that are not exported */ + +static OM_uint32 +seconds_until(int inputIsUTC, TimeStamp *time) +{ + // time is local time + LARGE_INTEGER uiLocal; + FILETIME now; + GetSystemTimeAsFileTime(&now); + if (!inputIsUTC) { + FILETIME nowLocal; + if (FileTimeToLocalFileTime(&now, &nowLocal) == 0) { + return -1; + } + now = nowLocal; + } + uiLocal.HighPart = now.dwHighDateTime; + uiLocal.LowPart = now.dwLowDateTime; + if (time->QuadPart < uiLocal.QuadPart) { + return 0; + } + ULONGLONG diff = (time->QuadPart - uiLocal.QuadPart) / 10000000; + if (diff > (ULONGLONG)~(OM_uint32)0) + return GSS_C_INDEFINITE; + return (OM_uint32)diff; +} + +static void +show_time(char* label, TimeStamp* ts) +{ + if (trace) { + SYSTEMTIME stLocal; + FileTimeToSystemTime((FILETIME*)ts, &stLocal); + + // Build a string showing the date and time. + PP("%s: %02d/%02d/%d %02d:%02d %uld", label, + stLocal.wMonth, stLocal.wDay, stLocal.wYear, + stLocal.wHour, stLocal.wMinute, + seconds_until(1, ts)); + } +} + +// isSPNEGO: true, SPNEGO. false, Kerberos. +static gss_ctx_id_t +new_context(BOOLEAN isSPNEGO) +{ + gss_ctx_id_t out = new gss_ctx_id_struct; + if (out == NULL) { + return NULL; + } + out->phCred = NULL; + out->hCtxt.dwLower = out->hCtxt.dwUpper = NULL; + out->established = FALSE; + out->SecPkgContextSizes.cbMaxSignature + = out->SecPkgContextSizes.cbBlockSize + = out->SecPkgContextSizes.cbSecurityTrailer + = 0; + out->nnames.sClientName = out->nnames.sServerName = NULL; + out->isSPNEGO = isSPNEGO; + out->isLocalCred = FALSE; + return out; +} + +static gss_cred_id_t +new_cred() +{ + gss_cred_id_t out = new gss_cred_id_struct; + out->phCredK = out->phCredS = NULL; + out->time = 0L; + return out; +} + +static int +flag_sspi_to_gss(int fin) +{ + int fout = 0; + if (fin & ISC_REQ_MUTUAL_AUTH) fout |= GSS_C_MUTUAL_FLAG; + if (fin & ISC_REQ_CONFIDENTIALITY) fout |= GSS_C_CONF_FLAG; + if (fin & ISC_REQ_DELEGATE) fout |= GSS_C_DELEG_FLAG; + if (fin & ISC_REQ_INTEGRITY) fout |= GSS_C_INTEG_FLAG; + if (fin & ISC_REQ_REPLAY_DETECT) fout |= GSS_C_REPLAY_FLAG; + if (fin & ISC_REQ_SEQUENCE_DETECT) fout |= GSS_C_SEQUENCE_FLAG; + return fout; +} + +static int +flag_gss_to_sspi(int fin) +{ + int fout = 0; + if (fin & GSS_C_MUTUAL_FLAG) fout |= ISC_RET_MUTUAL_AUTH; + if (fin & GSS_C_CONF_FLAG) fout |= ISC_RET_CONFIDENTIALITY; + if (fin & GSS_C_DELEG_FLAG) fout |= ISC_RET_DELEGATE; + if (fin & GSS_C_INTEG_FLAG) fout |= ISC_RET_INTEGRITY; + if (fin & GSS_C_REPLAY_FLAG) fout |= ISC_RET_REPLAY_DETECT; + if (fin & GSS_C_SEQUENCE_FLAG) fout |= ISC_RET_SEQUENCE_DETECT; + return fout; +} + +static BOOLEAN +is_same_oid(gss_OID o2, gss_OID o1) +{ + return o1 && o2 && o1->length == o2->length + && !memcmp(o1->elements, o2->elements, o2->length); +} + +static BOOLEAN +has_oid(gss_OID_set set, gss_OID oid) +{ + for (int i = 0; i < set->count; i++) { + if (is_same_oid(&set->elements[i], oid)) { + return TRUE; + } + } + return FALSE; +} + +static void +get_oid_desc(gss_OID mech) +{ + if (trace) { + if (is_same_oid(mech, &KRB5_OID)) { + PP("Kerberos mech"); + } else if (is_same_oid(mech, &SPNEGO_OID)) { + PP("SPNEGO mech"); + } else if (is_same_oid(mech, &USER_NAME_OID)) { + PP("NT_USER_NAME name-type"); + } else if (is_same_oid(mech, &KRB5_NAME_OID)) { + PP("KRB5_NAME name-type"); + } else if (is_same_oid(mech, &HOST_SERVICE_NAME_OID)) { + PP("NT_HOSTBASED_SERVICE name-type"); + } else if (is_same_oid(mech, &EXPORT_NAME_OID)) { + PP("NT_EXPORT_NAME name-type"); + } else { + dump("UNKNOWN OID", (PBYTE)mech->elements, mech->length); + } + } +} + +static void +get_oid_set_desc(gss_OID_set mechs) +{ + if (trace) { + if (mechs == NULL) { + PP("OID set is NULL"); + return; + } + PP("gss_OID_set.count is %d", (int)mechs->count); + for (int i = 0; i < mechs->count; i++) { + get_oid_desc(&mechs->elements[i]); + } + } +} + +// Add realm to a name if there was none. +// Returns a newly allocated name. +static WCHAR* +get_full_name(WCHAR* input) +{ + // input has realm, no need to add one + for (int i = 0;; i++) { + if (!input[i]) { // the end + break; + } + if (input[i] == L'\\') { // escaped + i++; + continue; + } + if (input[i] == L'@') { + return _wcsdup(input); + } + } + + // Always use the default domain + WCHAR* realm = _wgetenv(L"USERDNSDOMAIN"); + if (realm == NULL) { + realm = L""; + } + + size_t oldlen = wcslen(input); + size_t newlen = oldlen + 1 + wcslen(realm) + 1; + + WCHAR* fullname = new WCHAR[newlen]; + if (!fullname) { + return NULL; + } + wcscpy_s(fullname, newlen, input); + wcscat_s(fullname, newlen, L"@"); + wcscat_s(fullname, newlen, realm); + + PP("get_full_name returns %ls", fullname); + return fullname; +} + +/* End support section */ + +/* This section holds GSS-API exported functions */ + +#define CHECK_OUTPUT(x) if (!x) return GSS_S_CALL_INACCESSIBLE_WRITE; +#define CHECK_BUFFER(b) if (!b || !b->value) return GSS_S_CALL_INACCESSIBLE_READ; +#define CHECK_OID(o) if (!o || !o->elements) return GSS_S_CALL_INACCESSIBLE_READ; +#define CHECK_NAME(n) if (!n || !(n->name)) return GSS_S_BAD_NAME; +#define CHECK_CONTEXT(c) if (!c) return GSS_S_NO_CONTEXT; +#define CHECK_CRED(c) if (!c || (!(cred_handle->phCredK) && !(cred_handle->phCredS))) \ + return GSS_S_NO_CRED; + +__declspec(dllexport) OM_uint32 +gss_release_name(OM_uint32 *minor_status, + gss_name_t *name) +{ + PP(">>>> Calling gss_release_name %p...", *name); + if (name != NULL && *name != GSS_C_NO_NAME) { + if ((*name)->name != NULL) { + delete[] (*name)->name; + } + delete *name; + *name = GSS_C_NO_NAME; + } + return GSS_S_COMPLETE; +} + +__declspec(dllexport) OM_uint32 +gss_import_name(OM_uint32 *minor_status, + const gss_buffer_t input_name_buffer, + const gss_OID input_name_type, + gss_name_t *output_name) +{ + PP(">>>> Calling gss_import_name..."); + CHECK_BUFFER(input_name_buffer) + CHECK_OUTPUT(output_name) + + int len = (int)input_name_buffer->length; + LPSTR input = (LPSTR)input_name_buffer->value; + if (input_name_type != NULL + && is_same_oid(input_name_type, &EXPORT_NAME_OID)) { + int mechLen = (int)input[3]; /* including 06 len */ + len -= mechLen + 8; /* 4 header bytes, and an int32 length after OID */ + if (len <= 0) { + return GSS_S_FAILURE; + } + // Reject if mech is not krb5 + if (mechLen - 2!= KRB5_OID.length || + memcmp(input + 6, KRB5_OID.elements, mechLen - 2)) { + return GSS_S_FAILURE;; + } + input = input + mechLen + 8; + } + + SEC_WCHAR* value = new SEC_WCHAR[len + 1]; + if (value == NULL) { + goto err; + } + + len = MultiByteToWideChar(CP_UTF8, 0, input, len, value, len+1); + if (len == 0) { + goto err; + } + value[len] = 0; + + PP("import_name from %ls", value); + + if (len > 33 && !wcscmp(value+len-33, L"@WELLKNOWN:ORG.H5L.REFERALS-REALM")) { + // Remove the wellknown referrals realms + value[len-33] = 0; + len -= 33; + } else if (value[len-1] == L'@') { + // Remove the empty realm. It might come from an NT_EXPORT_NAME. + value[len-1] = 0; + len--; + } + if (len == 0) { + goto err; + } + + if (input_name_type != NULL + && is_same_oid(input_name_type, &HOST_SERVICE_NAME_OID)) { + // HOST_SERVICE_NAME_OID takes the form of service@host. + for (int i = 0; i < len; i++) { + if (value[i] == L'\\') { + i++; + continue; + } + if (value[i] == L'@') { + value[i] = L'/'; + break; + } + } + PP("Host-based service now %ls", value); + } + PP("import_name to %ls", value); + gss_name_struct* name = new gss_name_struct; + if (name == NULL) { + goto err; + } + name->name = value; + *output_name = (gss_name_t) name; + return GSS_S_COMPLETE; +err: + if (value != NULL) { + delete[] value; + } + return GSS_S_FAILURE; +} + +__declspec(dllexport) OM_uint32 +gss_compare_name(OM_uint32 *minor_status, + gss_const_name_t name1, + gss_const_name_t name2, + int *name_equal) +{ + PP(">>>> Calling gss_compare_name..."); + CHECK_NAME(name1) + CHECK_NAME(name2) + CHECK_OUTPUT(name_equal) + + *name_equal = 0; + + SEC_WCHAR* n1 = name1->name; + SEC_WCHAR* n2 = name2->name; + PP("Comparing %ls and %ls", n1, n2); + int l1 = lstrlen(n1); + int l2 = lstrlen(n2); + if (l1 < l2 && n2[l1] != L'@' + || l2 < l1 && n1[l2] != L'@') { + return GSS_S_COMPLETE; // different + } + if (l1 > l2) { + l1 = l2; // choose the smaller one. longer=smaller @ ... + } + if (CompareStringEx(LOCALE_NAME_SYSTEM_DEFAULT, NORM_IGNORECASE, + n1, l1, n2, l1, NULL, NULL, 0) == CSTR_EQUAL) { + *name_equal = 1; + } + return GSS_S_COMPLETE; +} + +__declspec(dllexport) OM_uint32 +gss_canonicalize_name(OM_uint32 *minor_status, + gss_const_name_t input_name, + const gss_OID mech_type, + gss_name_t *output_name) +{ + PP(">>>> Calling gss_canonicalize_name..."); + CHECK_NAME(input_name) + CHECK_OID(mech_type) + CHECK_OUTPUT(output_name) + + gss_name_t names2 = new gss_name_struct; + if (names2 == NULL) { + return GSS_S_FAILURE; + } + names2->name = get_full_name(input_name->name); + if (names2->name == NULL) { + delete names2; + return GSS_S_FAILURE; + } + *output_name = names2; + return GSS_S_COMPLETE; +} + +__declspec(dllexport) OM_uint32 +gss_export_name(OM_uint32 *minor_status, + gss_const_name_t input_name, + gss_buffer_t exported_name) +{ + PP(">>>> Calling gss_export_name..."); + CHECK_NAME(input_name) + CHECK_OUTPUT(exported_name) + + OM_uint32 result = GSS_S_FAILURE; + SEC_WCHAR* name = input_name->name; + SEC_WCHAR* fullname = get_full_name(name); + if (!fullname) { + goto err; + } + PP("Make fullname: %ls -> %ls", name, fullname); + int len; + size_t namelen = wcslen(fullname); + if (namelen > 255) { + goto err; + } + len = (int)namelen; + // We only deal with not-so-long names. + // 04 01 00 ** 06 ** OID len:int32 name + int mechLen = KRB5_OID.length; + char* buffer = new char[10 + mechLen + len]; + if (buffer == NULL) { + goto err; + } + buffer[0] = 4; + buffer[1] = 1; + buffer[2] = 0; + buffer[3] = 2 + mechLen; + buffer[4] = 6; + buffer[5] = mechLen; + memcpy_s(buffer + 6, mechLen, KRB5_OID.elements, mechLen); + buffer[6 + mechLen] = buffer[7 + mechLen] = buffer[8 + mechLen] = 0; + buffer[9 + mechLen] = (char)len; + len = WideCharToMultiByte(CP_UTF8, 0, fullname, len, + buffer+10+mechLen, len, NULL, NULL); + if (len == 0) { + delete[] buffer; + goto err; + } + exported_name->length = 10 + mechLen + len; + exported_name->value = buffer; + result = GSS_S_COMPLETE; +err: + if (fullname != name) { + delete[] fullname; + } + return result; +} + +__declspec(dllexport) OM_uint32 +gss_display_name(OM_uint32 *minor_status, + gss_const_name_t input_name, + gss_buffer_t output_name_buffer, + gss_OID *output_name_type) +{ + PP(">>>> Calling gss_display_name..."); + CHECK_NAME(input_name) + CHECK_OUTPUT(output_name_buffer) + + SEC_WCHAR* names = input_name->name; + int len = (int)wcslen(names); + char* buffer = new char[4*len+1]; + if (buffer == NULL) { + return GSS_S_FAILURE; + } + len = WideCharToMultiByte(CP_UTF8, 0, names, len, buffer, 4*len, NULL, NULL); + if (len == 0) { + delete[] buffer; + return GSS_S_FAILURE; + } + buffer[len] = 0; + output_name_buffer->length = len; + output_name_buffer->value = buffer; + PP("Name found: %ls -> %d [%s]", names, len, buffer); + if (output_name_type != NULL) { + *output_name_type = &KRB5_NAME_OID; + } + return GSS_S_COMPLETE; +} + +__declspec(dllexport) OM_uint32 +gss_acquire_cred(OM_uint32 *minor_status, + gss_const_name_t desired_name, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *time_rec) +{ + PP(">>>> Calling gss_acquire_cred..."); + CHECK_OUTPUT(output_cred_handle) + + SECURITY_STATUS ss; + TimeStamp ts; + ts.QuadPart = 0; + cred_usage = 0; + PP("AcquireCredentialsHandle with %d %p", cred_usage, desired_mechs); + get_oid_set_desc(desired_mechs); + + BOOLEAN reqKerberos, reqSPNEGO; + + if (!desired_mechs) { + reqKerberos = reqSPNEGO = TRUE; + } else { + if (has_oid(desired_mechs, &KRB5_OID)) { + PP("reqKerberos"); + reqKerberos = TRUE; + } + if (has_oid(desired_mechs, &SPNEGO_OID)) { + PP("reqSPNEGO"); + reqSPNEGO = TRUE; + } + if (!reqSPNEGO && !reqKerberos) { + return GSS_S_BAD_MECH; + } + } + + if (actual_mechs) { + *actual_mechs = GSS_C_NO_OID_SET; + } + + gss_cred_id_t cred = new_cred(); + if (cred == NULL) { + goto err; + } + + if (reqKerberos) { + cred->phCredK = new CredHandle; + if (cred->phCredK == NULL) { + goto err; + } + ss = AcquireCredentialsHandle( + NULL, + L"Kerberos", + cred_usage == 0 ? SECPKG_CRED_BOTH : + (cred_usage == 1 ? SECPKG_CRED_OUTBOUND : SECPKG_CRED_INBOUND), + NULL, + NULL, + NULL, + NULL, + cred->phCredK, + &ts); + if (!(SEC_SUCCESS(ss))) { + delete cred->phCredK; + cred->phCredK = NULL; + goto err; + } + } + + if (reqSPNEGO) { + cred->phCredS = new CredHandle; + if (cred->phCredS == NULL) { + goto err; + } + SEC_WINNT_AUTH_IDENTITY_EX auth; + ZeroMemory(&auth, sizeof(auth)); + auth.Version = SEC_WINNT_AUTH_IDENTITY_VERSION; + auth.Length = sizeof(auth); + auth.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE; + auth.PackageList = (unsigned short*)L"Kerberos"; + auth.PackageListLength = 8; + ss = AcquireCredentialsHandle( + NULL, + L"Negotiate", + cred_usage == 0 ? SECPKG_CRED_BOTH : + (cred_usage == 1 ? SECPKG_CRED_OUTBOUND : SECPKG_CRED_INBOUND), + NULL, + &auth, + NULL, + NULL, + cred->phCredS, + &ts); + if (!(SEC_SUCCESS(ss))) { + delete cred->phCredS; + cred->phCredS = NULL; + goto err; + } + } + + if (actual_mechs) { + if (gss_create_empty_oid_set(minor_status, actual_mechs)) { + goto err; + } + if (reqKerberos) { + if (gss_add_oid_set_member(minor_status, &KRB5_OID, actual_mechs)) { + goto err; + } + } + if (reqSPNEGO) { + if (gss_add_oid_set_member(minor_status, &SPNEGO_OID, actual_mechs)) { + goto err; + } + } + } + + *output_cred_handle = (gss_cred_id_t)cred; + + // Note: ts here is weirdly huge, maybe because LSA retains the + // password and can re-acquire a TGT at anytime. It will be + // GSSCredential.INDEFINITE_LIFETIME. + show_time("cred expiration", &ts); + cred->time = seconds_until(1, &ts); + if (time_rec != NULL) { + *time_rec = cred->time; + } + + // Since only default cred is supported, if there is a desired_name, + // we must make sure it is the same as the realname of the default cred. + if (desired_name != NULL) { + PP("Acquiring cred with a name. Check if it's me."); + gss_name_t realname; + if (gss_inquire_cred(minor_status, *output_cred_handle, &realname, + NULL, NULL, NULL) != GSS_S_COMPLETE) { + PP("Cannot get owner name of default creds"); + goto err; + } + SEC_WCHAR* rnames = realname->name; + SEC_WCHAR* dnames = desired_name->name; + int equals = 0; + gss_compare_name(minor_status, realname, desired_name, &equals); + gss_release_name(minor_status, &realname); + PP("Comparing result: %d", equals); + if (!equals) { + goto err; + } + } + + return GSS_S_COMPLETE; +err: + if (cred) { + OM_uint32 dummy; + gss_release_cred(&dummy, &cred); + } + if (actual_mechs) { + OM_uint32 dummy; + gss_release_oid_set(&dummy, actual_mechs); + } + return GSS_S_FAILURE; +} + +__declspec(dllexport) OM_uint32 +gss_release_cred(OM_uint32 *minor_status, + gss_cred_id_t *cred_handle) +{ + PP(">>>> Calling gss_release_cred..."); + if (cred_handle && *cred_handle) { + if ((*cred_handle)->phCredK) { + FreeCredentialsHandle((*cred_handle)->phCredK); + delete (*cred_handle)->phCredK; + } + if ((*cred_handle)->phCredS) { + FreeCredentialsHandle((*cred_handle)->phCredS); + delete (*cred_handle)->phCredS; + } + delete *cred_handle; + *cred_handle = GSS_C_NO_CREDENTIAL; + } + return GSS_S_COMPLETE; +} + +__declspec(dllexport) OM_uint32 +gss_inquire_cred(OM_uint32 *minor_status, + gss_const_cred_id_t cred_handle, + gss_name_t *name, + OM_uint32 *lifetime, + gss_cred_usage_t *cred_usage, + gss_OID_set *mechanisms) +{ + PP(">>>> Calling gss_inquire_cred..."); + CHECK_CRED(cred_handle) + + CredHandle* cred = cred_handle->phCredK + ? cred_handle->phCredK + : cred_handle->phCredS; + SECURITY_STATUS ss; + if (name) { + *name = GSS_C_NO_NAME; + SecPkgCredentials_Names snames; + ss = QueryCredentialsAttributes(cred, SECPKG_CRED_ATTR_NAMES, &snames); + if (!SEC_SUCCESS(ss)) { + return GSS_S_FAILURE; + } + SEC_WCHAR* names = new SEC_WCHAR[lstrlen(snames.sUserName) + 1]; + if (names == NULL) { + return GSS_S_FAILURE; + } + StringCchCopy(names, lstrlen(snames.sUserName) + 1, snames.sUserName); + FreeContextBuffer(snames.sUserName); + PP("Allocate new name at %p", names); + gss_name_t name1 = new gss_name_struct; + if (name1 == NULL) { + delete[] names; + return GSS_S_FAILURE; + } + name1->name = names; + *name = (gss_name_t) name1; + } + if (lifetime) { + *lifetime = cred_handle->time; + } + if (cred_usage) { + *cred_usage = 1; // We only support INITIATE_ONLY now + } + if (mechanisms) { + // Useless for Java + } + // Others inquiries not supported yet + return GSS_S_COMPLETE; +} + +__declspec(dllexport) OM_uint32 +gss_import_sec_context(OM_uint32 *minor_status, + const gss_buffer_t interprocess_token, + gss_ctx_id_t *context_handle) +{ + // Not transferable, return FAILURE + PP(">>>> Calling UNIMPLEMENTED gss_import_sec_context..."); + *minor_status = 0; + return GSS_S_FAILURE; +} + +__declspec(dllexport) OM_uint32 +gss_init_sec_context(OM_uint32 *minor_status, + gss_const_cred_id_t initiator_cred_handle, + gss_ctx_id_t *context_handle, + gss_const_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID *actual_mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags, + OM_uint32 *time_rec) +{ + PP(">>>> Calling gss_init_sec_context..."); + CHECK_NAME(target_name) + CHECK_OUTPUT(output_token) + + SECURITY_STATUS ss; + TimeStamp lifeTime; + SecBufferDesc inBuffDesc; + SecBuffer inSecBuff; + SecBufferDesc outBuffDesc; + SecBuffer outSecBuff; + BOOLEAN isSPNEGO = is_same_oid(mech_type, &SPNEGO_OID); + + gss_ctx_id_t pc; + + output_token->length = 0; + output_token->value = NULL; + + BOOLEAN firstTime = (*context_handle == GSS_C_NO_CONTEXT); + PP("First time? %d", firstTime); + if (firstTime) { + pc = new_context(isSPNEGO); + if (pc == NULL) { + return GSS_S_FAILURE; + } + *context_handle = (gss_ctx_id_t) pc; + } else { + pc = *context_handle; + } + + if (pc == NULL) { + return GSS_S_NO_CONTEXT; + } + + DWORD outFlag; + TCHAR outName[100]; + + OM_uint32 minor; + gss_buffer_desc tn; + gss_display_name(&minor, target_name, &tn, NULL); + int len = MultiByteToWideChar(CP_UTF8, 0, (LPCCH)tn.value, (int)tn.length, + outName, sizeof(outName) - 1); + if (len == 0) { + goto err; + } + outName[len] = 0; + + int flag = flag_gss_to_sspi(req_flags) | ISC_REQ_ALLOCATE_MEMORY; + + outBuffDesc.ulVersion = SECBUFFER_VERSION; + outBuffDesc.cBuffers = 1; + outBuffDesc.pBuffers = &outSecBuff; + + outSecBuff.BufferType = SECBUFFER_TOKEN; + + if (!firstTime) { + inBuffDesc.ulVersion = SECBUFFER_VERSION; + inBuffDesc.cBuffers = 1; + inBuffDesc.pBuffers = &inSecBuff; + + inSecBuff.BufferType = SECBUFFER_TOKEN; + inSecBuff.cbBuffer = (ULONG)input_token->length; + inSecBuff.pvBuffer = input_token->value; + } else if (!pc->phCred) { + if (isSPNEGO && initiator_cred_handle + && initiator_cred_handle->phCredS) { + PP("Find SPNEGO credentials"); + pc->phCred = initiator_cred_handle->phCredS; + pc->isLocalCred = FALSE; + } else if (!isSPNEGO && initiator_cred_handle + && initiator_cred_handle->phCredK) { + PP("Find Kerberos credentials"); + pc->phCred = initiator_cred_handle->phCredK; + pc->isLocalCred = FALSE; + } else { + PP("No credentials provided, acquire myself"); + CredHandle* newCred = new CredHandle; + SEC_WINNT_AUTH_IDENTITY_EX auth; + ZeroMemory(&auth, sizeof(auth)); + auth.Version = SEC_WINNT_AUTH_IDENTITY_VERSION; + auth.Length = sizeof(auth); + auth.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE; + auth.PackageList = (unsigned short*)L"Kerberos"; + auth.PackageListLength = 8; + ss = AcquireCredentialsHandle( + NULL, + isSPNEGO ? L"Negotiate" : L"Kerberos", + SECPKG_CRED_OUTBOUND, + NULL, + isSPNEGO ? &auth : NULL, + NULL, + NULL, + newCred, + &lifeTime); + if (!(SEC_SUCCESS(ss))) { + delete newCred; + goto err; + } + pc->phCred = newCred; + pc->isLocalCred = TRUE; + } + } + ss = InitializeSecurityContext( + pc->phCred, + firstTime ? NULL : &pc->hCtxt, + outName, + flag, + 0, + SECURITY_NATIVE_DREP, + firstTime ? NULL : &inBuffDesc, + 0, + &pc->hCtxt, + &outBuffDesc, + &outFlag, + &lifeTime); + + if (!SEC_SUCCESS(ss)) { + // TODO: seems NativeGSSContext has not failed here. + PP("InitializeSecurityContext failed"); + goto err; + } + + pc->flags = *ret_flags = flag_sspi_to_gss(outFlag); + + // Ignore the result of the next call. Might fail before context established. + QueryContextAttributes( + &pc->hCtxt, SECPKG_ATTR_SIZES, &pc->SecPkgContextSizes); + PP("cbMaxSignature: %ld. cbBlockSize: %ld. cbSecurityTrailer: %ld", + pc->SecPkgContextSizes.cbMaxSignature, + pc->SecPkgContextSizes.cbBlockSize, + pc->SecPkgContextSizes.cbSecurityTrailer); + + output_token->length = outSecBuff.cbBuffer; + if (outSecBuff.cbBuffer) { + // No idea how user would free the data. Let's duplicate one. + output_token->value = new char[outSecBuff.cbBuffer]; + if (!output_token->value) { + FreeContextBuffer(outSecBuff.pvBuffer); + output_token->length = 0; + goto err; + } + memcpy(output_token->value, outSecBuff.pvBuffer, outSecBuff.cbBuffer); + FreeContextBuffer(outSecBuff.pvBuffer); + } + + if (ss == SEC_I_CONTINUE_NEEDED) { + return GSS_S_CONTINUE_NEEDED; + } else { + pc->established = true; + ss = QueryContextAttributes(&pc->hCtxt, SECPKG_ATTR_NATIVE_NAMES, &pc->nnames); + if (!SEC_SUCCESS(ss)) { + goto err; + } + PP("Names. %ls %ls", pc->nnames.sClientName, pc->nnames.sServerName); + *ret_flags |= GSS_C_PROT_READY_FLAG; + return GSS_S_COMPLETE; + } +err: + if (firstTime) { + OM_uint32 dummy; + gss_delete_sec_context(&dummy, context_handle, GSS_C_NO_BUFFER); + } + if (output_token->value) { + gss_release_buffer(NULL, output_token); + output_token = GSS_C_NO_BUFFER; + } + return GSS_S_FAILURE; +} + +__declspec(dllexport) OM_uint32 +gss_accept_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_const_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t *src_name, + gss_OID *mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags, + OM_uint32 *time_rec, + gss_cred_id_t *delegated_cred_handle) +{ + PP(">>>> Calling UNIMPLEMENTED gss_accept_sec_context..."); + PP("gss_accept_sec_context is not supported in this initiator-only library"); + return GSS_S_FAILURE; +} + +__declspec(dllexport) OM_uint32 +gss_inquire_context(OM_uint32 *minor_status, + gss_const_ctx_id_t context_handle, + gss_name_t *src_name, + gss_name_t *targ_name, + OM_uint32 *lifetime_rec, + gss_OID *mech_type, + OM_uint32 *ctx_flags, + int *locally_initiated, + int *open) +{ + PP(">>>> Calling gss_inquire_context..."); + CHECK_CONTEXT(context_handle) + + gss_name_t n1 = NULL; + gss_name_t n2 = NULL; + if (!context_handle->established) { + return GSS_S_NO_CONTEXT; + } + if (src_name != NULL) { + n1 = new gss_name_struct; + if (n1 == NULL) { + goto err; + } + n1->name = new SEC_WCHAR[lstrlen(context_handle->nnames.sClientName) + 1]; + if (n1->name == NULL) { + goto err; + } + PP("Allocate new name at %p", n1->name); + StringCchCopy(n1->name, lstrlen(context_handle->nnames.sClientName) + 1, + context_handle->nnames.sClientName); + *src_name = (gss_name_t) n1; + } + if (targ_name != NULL) { + n2 = new gss_name_struct; + if (n2 == NULL) { + goto err; + } + n2->name = new SEC_WCHAR[lstrlen(context_handle->nnames.sServerName) + 1]; + if (n2->name == NULL) { + goto err; + } + PP("Allocate new name at %p", n2->name); + StringCchCopy(n2->name, lstrlen(context_handle->nnames.sServerName) + 1, + context_handle->nnames.sServerName); + *targ_name = (gss_name_t) n2; + } + if (lifetime_rec != NULL) { + SecPkgContext_Lifespan ls; + SECURITY_STATUS ss; + ss = QueryContextAttributes( + (PCtxtHandle)&context_handle->hCtxt, + SECPKG_ATTR_LIFESPAN, + &ls); + if (!SEC_SUCCESS(ss)) { + goto err; + } + *lifetime_rec = seconds_until(0, &ls.tsExpiry); + } + if (mech_type != NULL) { + *mech_type = context_handle->isSPNEGO + ? &SPNEGO_OID : &KRB5_OID; + } + if (ctx_flags != NULL) { + *ctx_flags = context_handle->flags; + } + if (locally_initiated != NULL) { + // We are always initiator + *locally_initiated = 1; + } + return GSS_S_COMPLETE; +err: + if (n1 != NULL) { + if (n1->name != NULL) { + delete[] n1->name; + } + delete n1; + n1 = NULL; + } + if (n2 != NULL) { + if (n2->name != NULL) { + delete[] n2->name; + } + delete n2; + n2 = NULL; + } + return GSS_S_FAILURE; +} + +__declspec(dllexport) OM_uint32 +gss_delete_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_buffer_t output_token) +{ + PP(">>>> Calling gss_delete_sec_context..."); + CHECK_CONTEXT(context_handle) + + DeleteSecurityContext(&(*context_handle)->hCtxt); + if ((*context_handle)->isLocalCred && (*context_handle)->phCred != NULL) { + FreeCredentialsHandle((*context_handle)->phCred); + (*context_handle)->phCred = NULL; + } + if ((*context_handle)->nnames.sClientName != NULL) { + FreeContextBuffer((*context_handle)->nnames.sClientName); + (*context_handle)->nnames.sClientName = NULL; + } + if ((*context_handle)->nnames.sServerName != NULL) { + FreeContextBuffer((*context_handle)->nnames.sServerName); + (*context_handle)->nnames.sServerName = NULL; + } + delete (*context_handle); + *context_handle = GSS_C_NO_CONTEXT; + return GSS_S_COMPLETE; +} + +__declspec(dllexport) OM_uint32 +gss_context_time(OM_uint32 *minor_status, + gss_const_ctx_id_t context_handle, + OM_uint32 *time_rec) +{ + PP(">>>> Calling IMPLEMENTED gss_context_time..."); + CHECK_CONTEXT(context_handle) + CHECK_OUTPUT(time_rec) + + SECURITY_STATUS ss; + SecPkgContext_Lifespan ls; + ss = QueryContextAttributes( + (PCtxtHandle)&context_handle->hCtxt, + SECPKG_ATTR_LIFESPAN, + &ls); + if (ss == SEC_E_OK) { + *time_rec = seconds_until(0, &ls.tsExpiry); + show_time("context start", &ls.tsStart); + show_time("context expiry", &ls.tsExpiry); + return *time_rec == 0 ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE; + } else { + return GSS_S_FAILURE; + } +} + +__declspec(dllexport) OM_uint32 +gss_wrap_size_limit(OM_uint32 *minor_status, + gss_const_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_output_size, + OM_uint32 *max_input_size) +{ + PP(">>>> Calling gss_wrap_size_limit..."); + CHECK_CONTEXT(context_handle) + CHECK_OUTPUT(max_input_size) + + *max_input_size = req_output_size + - context_handle->SecPkgContextSizes.cbSecurityTrailer + - context_handle->SecPkgContextSizes.cbBlockSize; + return GSS_S_COMPLETE; +} + +__declspec(dllexport) OM_uint32 +gss_export_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_buffer_t interprocess_token) +{ + PP(">>>> Calling UNIMPLEMENTED gss_export_sec_context..."); + return GSS_S_FAILURE; +} + +__declspec(dllexport) OM_uint32 +gss_get_mic(OM_uint32 *minor_status, + gss_const_ctx_id_t context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t msg_token) +{ + PP(">>>> Calling gss_get_mic..."); + CHECK_CONTEXT(context_handle); + CHECK_BUFFER(message_buffer); + CHECK_OUTPUT(msg_token); + + SECURITY_STATUS ss; + SecBufferDesc buffDesc; + SecBuffer secBuff[2]; + + buffDesc.cBuffers = 2; + buffDesc.pBuffers = secBuff; + buffDesc.ulVersion = SECBUFFER_VERSION; + + secBuff[0].BufferType = SECBUFFER_DATA; + secBuff[0].cbBuffer = (ULONG)message_buffer->length; + secBuff[0].pvBuffer = message_buffer->value; + + secBuff[1].BufferType = SECBUFFER_TOKEN; + secBuff[1].cbBuffer = context_handle->SecPkgContextSizes.cbMaxSignature; + secBuff[1].pvBuffer = msg_token->value = new char[secBuff[1].cbBuffer]; + + ss = MakeSignature((PCtxtHandle)&context_handle->hCtxt, 0, &buffDesc, 0); + + if (!SEC_SUCCESS(ss)) { + msg_token->length = 0; + msg_token->value = NULL; + delete[] secBuff[1].pvBuffer; + return GSS_S_FAILURE; + } + + msg_token->length = secBuff[1].cbBuffer; + return GSS_S_COMPLETE; +} + +__declspec(dllexport) OM_uint32 +gss_verify_mic(OM_uint32 *minor_status, + gss_const_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t *qop_state) +{ + PP(">>>> Calling gss_verify_mic..."); + CHECK_CONTEXT(context_handle); + CHECK_BUFFER(message_buffer); + CHECK_BUFFER(token_buffer); + + SECURITY_STATUS ss; + SecBufferDesc buffDesc; + SecBuffer secBuff[2]; + ULONG qop; + + buffDesc.ulVersion = SECBUFFER_VERSION; + buffDesc.cBuffers = 2; + buffDesc.pBuffers = secBuff; + + secBuff[0].BufferType = SECBUFFER_TOKEN; + secBuff[0].cbBuffer = (ULONG)token_buffer->length; + secBuff[0].pvBuffer = token_buffer->value; + + secBuff[1].BufferType = SECBUFFER_DATA; + secBuff[1].cbBuffer = (ULONG)message_buffer->length; + secBuff[1].pvBuffer = message_buffer->value; + + ss = VerifySignature((PCtxtHandle)&context_handle->hCtxt, &buffDesc, 0, &qop); + if (qop_state) { + *qop_state = qop; + } + + if (ss == SEC_E_OK) { + return GSS_S_COMPLETE; + } else if (ss == SEC_E_OUT_OF_SEQUENCE) { + return GSS_S_UNSEQ_TOKEN; + } else { + return GSS_S_BAD_SIG; + } +} + +__declspec(dllexport) OM_uint32 +gss_wrap(OM_uint32 *minor_status, + gss_const_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int *conf_state, + gss_buffer_t output_message_buffer) +{ + PP(">>>> Calling gss_wrap..."); + CHECK_CONTEXT(context_handle); + CHECK_BUFFER(input_message_buffer); + CHECK_OUTPUT(output_message_buffer); + + SECURITY_STATUS ss; + SecBufferDesc buffDesc; + SecBuffer secBuff[3]; + + buffDesc.ulVersion = SECBUFFER_VERSION; + buffDesc.cBuffers = 3; + buffDesc.pBuffers = secBuff; + + secBuff[0].BufferType = SECBUFFER_TOKEN; + secBuff[0].cbBuffer = context_handle->SecPkgContextSizes.cbSecurityTrailer; + output_message_buffer->value = secBuff[0].pvBuffer = malloc( + context_handle->SecPkgContextSizes.cbSecurityTrailer + + input_message_buffer->length + + context_handle->SecPkgContextSizes.cbBlockSize);; + + secBuff[1].BufferType = SECBUFFER_DATA; + secBuff[1].cbBuffer = (ULONG)input_message_buffer->length; + secBuff[1].pvBuffer = malloc(secBuff[1].cbBuffer); + memcpy_s(secBuff[1].pvBuffer, secBuff[1].cbBuffer, + input_message_buffer->value, input_message_buffer->length); + + secBuff[2].BufferType = SECBUFFER_PADDING; + secBuff[2].cbBuffer = context_handle->SecPkgContextSizes.cbBlockSize; + secBuff[2].pvBuffer = malloc(secBuff[2].cbBuffer); + + ss = EncryptMessage((PCtxtHandle)&context_handle->hCtxt, + conf_req_flag ? 0 : SECQOP_WRAP_NO_ENCRYPT, + &buffDesc, 0); + if (conf_state) { + *conf_state = conf_req_flag; + } + + if (!SEC_SUCCESS(ss)) { + free(secBuff[0].pvBuffer); + free(secBuff[1].pvBuffer); + free(secBuff[2].pvBuffer); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; + return GSS_S_FAILURE; + } + + memcpy_s((PBYTE)secBuff[0].pvBuffer + secBuff[0].cbBuffer, + input_message_buffer->length + context_handle->SecPkgContextSizes.cbBlockSize, + secBuff[1].pvBuffer, + secBuff[1].cbBuffer); + memcpy_s((PBYTE)secBuff[0].pvBuffer + secBuff[0].cbBuffer + secBuff[1].cbBuffer, + context_handle->SecPkgContextSizes.cbBlockSize, + secBuff[2].pvBuffer, + secBuff[2].cbBuffer); + + output_message_buffer->length = secBuff[0].cbBuffer + secBuff[1].cbBuffer + + secBuff[2].cbBuffer; + free(secBuff[1].pvBuffer); + free(secBuff[2].pvBuffer); + + return GSS_S_COMPLETE; +} + +__declspec(dllexport) OM_uint32 +gss_unwrap(OM_uint32 *minor_status, + gss_const_ctx_id_t context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + gss_qop_t *qop_state) +{ + PP(">>>> Calling gss_unwrap..."); + CHECK_CONTEXT(context_handle); + CHECK_BUFFER(input_message_buffer); + CHECK_OUTPUT(output_message_buffer); + + SECURITY_STATUS ss; + SecBufferDesc buffDesc; + SecBuffer secBuff[2]; + ULONG ulQop = 0; + + buffDesc.cBuffers = 2; + buffDesc.pBuffers = secBuff; + buffDesc.ulVersion = SECBUFFER_VERSION; + + secBuff[0].BufferType = SECBUFFER_STREAM; + secBuff[0].cbBuffer = (ULONG)input_message_buffer->length; + secBuff[0].pvBuffer = malloc(input_message_buffer->length); + memcpy_s(secBuff[0].pvBuffer, input_message_buffer->length, + input_message_buffer->value, input_message_buffer->length); + + secBuff[1].BufferType = SECBUFFER_DATA; + secBuff[1].cbBuffer = 0; + secBuff[1].pvBuffer = NULL; + + ss = DecryptMessage((PCtxtHandle)&context_handle->hCtxt, &buffDesc, 0, &ulQop); + if (qop_state) { + *qop_state = ulQop; + } + if (!SEC_SUCCESS(ss)) { + free(secBuff[0].pvBuffer); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; + return GSS_S_FAILURE; + } + + // Must allocate a new memory block so client can release it correctly + output_message_buffer->length = secBuff[1].cbBuffer; + output_message_buffer->value = new char[secBuff[1].cbBuffer]; + memcpy_s(output_message_buffer->value, secBuff[1].cbBuffer, + secBuff[1].pvBuffer, secBuff[1].cbBuffer); + *conf_state = ulQop == SECQOP_WRAP_NO_ENCRYPT ? 0 : 1; + + free(secBuff[0].pvBuffer); + return GSS_S_COMPLETE; +} + +__declspec(dllexport) OM_uint32 +gss_indicate_mechs(OM_uint32 *minor_status, + gss_OID_set *mech_set) +{ + PP(">>>> Calling gss_indicate_mechs..."); + OM_uint32 major = GSS_S_COMPLETE; + + ULONG ccPackages; + PSecPkgInfo packages; + EnumerateSecurityPackages(&ccPackages, &packages); + PP("EnumerateSecurityPackages returns %ld", ccPackages); + for (unsigned int i = 0; i < ccPackages; i++) { + PP("#%d: %ls, %ls\n", i, packages[i].Name, packages[i].Comment); + } + FreeContextBuffer(packages); + + // Hardcode kerberos and SPNEGO support + major = gss_create_empty_oid_set(minor_status, mech_set); + if (major != GSS_S_COMPLETE) { + goto done; + } + + major = gss_add_oid_set_member(minor_status, &KRB5_OID, mech_set); + if (major != GSS_S_COMPLETE) { + goto done; + } + + major = gss_add_oid_set_member(minor_status, &SPNEGO_OID, mech_set); + if (major != GSS_S_COMPLETE) { + goto done; + } + +done: + + if (major != GSS_S_COMPLETE) { + gss_release_oid_set(minor_status, mech_set); + } + + return major; +} + +__declspec(dllexport) OM_uint32 +gss_inquire_names_for_mech(OM_uint32 *minor_status, + const gss_OID mechanism, + gss_OID_set *name_types) +{ + PP(">>>> Calling gss_inquire_names_for_mech..."); + CHECK_OID(mechanism); + + if (gss_create_empty_oid_set(minor_status, name_types)) { + return GSS_S_FAILURE; + } + if (gss_add_oid_set_member(minor_status, &USER_NAME_OID, name_types)) { + goto err; + } + if (gss_add_oid_set_member(minor_status, &HOST_SERVICE_NAME_OID, name_types)) { + goto err; + } + if (!is_same_oid(mechanism, &SPNEGO_OID)) { + if (gss_add_oid_set_member(minor_status, &EXPORT_NAME_OID, name_types)) { + goto err; + } + } + return GSS_S_COMPLETE; +err: + gss_release_oid_set(minor_status, name_types); + return GSS_S_FAILURE; +} + +__declspec(dllexport) OM_uint32 +gss_add_oid_set_member(OM_uint32 *minor_status, + const gss_OID member_oid, + gss_OID_set *oid_set) +{ + PP(">>>> Calling gss_add_oid_set_member..."); + CHECK_OID(member_oid); + CHECK_OUTPUT(oid_set); + + + int count = (int)(*oid_set)->count; + for (int i = 0; i < count; i++) { + if (is_same_oid(&(*oid_set)->elements[i], member_oid)) { + // already there + return GSS_S_COMPLETE; + } + } + gss_OID existing = (*oid_set)->elements; + gss_OID newcopy = new gss_OID_desc[count + 1]; + if (newcopy == NULL) { + return GSS_S_FAILURE; + } + if (existing) { + memcpy_s(newcopy, (count + 1) * sizeof(gss_OID_desc), + existing, count * sizeof(gss_OID_desc)); + } + newcopy[count].length = member_oid->length; + newcopy[count].elements = new char[member_oid->length]; + if (newcopy[count].elements == NULL) { + delete[] newcopy; + return GSS_S_FAILURE; + } + memcpy_s(newcopy[count].elements, member_oid->length, + member_oid->elements, member_oid->length); + (*oid_set)->elements = newcopy; + (*oid_set)->count++; + if (existing) { + delete[] existing; + } + + return GSS_S_COMPLETE; +} + +__declspec(dllexport) OM_uint32 +gss_display_status(OM_uint32 *minor_status, + OM_uint32 status_value, + int status_type, + const gss_OID mech_type, + OM_uint32 *message_context, + gss_buffer_t status_string) +{ + PP(">>>> Calling gss_display_status..."); + TCHAR msg[256]; + int len = FormatMessage( + FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, + 0, status_value, + MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), + msg, 256, 0); + if (len > 0) { + status_string->value = new char[len + 20]; + status_string->length = sprintf_s( + (LPSTR)status_string->value, len + 19, + "(%lx) %ls", status_value, msg); + } else { + status_string->value = new char[33]; + status_string->length = sprintf_s( + (LPSTR)status_string->value, 32, + "status is %lx", status_value); + } + if (status_string->length <= 0) { + gss_release_buffer(NULL, status_string); + status_string = GSS_C_NO_BUFFER; + return GSS_S_FAILURE; + } else { + return GSS_S_COMPLETE; + } +} + +__declspec(dllexport) OM_uint32 +gss_create_empty_oid_set(OM_uint32 *minor_status, + gss_OID_set *oid_set) +{ + PP(">>>> Calling gss_create_empty_oid_set..."); + CHECK_OUTPUT(oid_set); + + if (*oid_set = new gss_OID_set_desc) { + memset(*oid_set, 0, sizeof(gss_OID_set_desc)); + return GSS_S_COMPLETE; + } + return GSS_S_FAILURE; +} + +__declspec(dllexport) OM_uint32 +gss_release_oid_set(OM_uint32 *minor_status, + gss_OID_set *set) +{ + PP(">>>> Calling gss_release_oid_set..."); + if (set == NULL || *set == GSS_C_NO_OID_SET) { + return GSS_S_COMPLETE; + } + for (int i = 0; i < (*set)->count; i++) { + delete[] (*set)->elements[i].elements; + } + delete[] (*set)->elements; + delete *set; + *set = GSS_C_NO_OID_SET; + return GSS_S_COMPLETE; +} + +__declspec(dllexport) OM_uint32 +gss_release_buffer(OM_uint32 *minor_status, + gss_buffer_t buffer) +{ + PP(">>>> Calling gss_release_buffer..."); + if (buffer == NULL || buffer == GSS_C_NO_BUFFER) { + return GSS_S_COMPLETE; + } + if (buffer->value) { + delete[] buffer->value; + buffer->value = NULL; + } + buffer->length = 0; + return GSS_S_COMPLETE; +} + +/* End implemented section */ + +#ifdef __cplusplus +} +#endif From fc379423b48eef9d6aee2a0cda7c87353dd31f71 Mon Sep 17 00:00:00 2001 From: Severin Gehwolf Date: Mon, 14 Aug 2023 07:23:21 +0000 Subject: [PATCH 16/34] 8287663: Add a regression test for JDK-8287073 Reviewed-by: phh, andrew Backport-of: 2d8c6490540e3ccea23b81129b2e4073915071e0 --- .../platform/CgroupSubsystemFactory.java | 3 ++ .../cgroup/TestCgroupSubsystemFactory.java | 34 ++++++++++++++++++- 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/jdk/src/linux/classes/jdk/internal/platform/CgroupSubsystemFactory.java b/jdk/src/linux/classes/jdk/internal/platform/CgroupSubsystemFactory.java index e47513e02fe..b6141e3bae5 100644 --- a/jdk/src/linux/classes/jdk/internal/platform/CgroupSubsystemFactory.java +++ b/jdk/src/linux/classes/jdk/internal/platform/CgroupSubsystemFactory.java @@ -85,7 +85,10 @@ static CgroupMetrics create() { } catch (UncheckedIOException e) { return null; } + return create(optResult); + } + public static CgroupMetrics create(Optional optResult) { if (optResult.equals(Optional.empty())) { return null; } diff --git a/jdk/test/jdk/internal/platform/cgroup/TestCgroupSubsystemFactory.java b/jdk/test/jdk/internal/platform/cgroup/TestCgroupSubsystemFactory.java index 15793041c1b..fe5e1bc1abf 100644 --- a/jdk/test/jdk/internal/platform/cgroup/TestCgroupSubsystemFactory.java +++ b/jdk/test/jdk/internal/platform/cgroup/TestCgroupSubsystemFactory.java @@ -25,6 +25,7 @@ import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.fail; import java.io.IOException; import java.nio.charset.StandardCharsets; @@ -50,7 +51,7 @@ /* * @test - * @bug 8293540 8287107 + * @bug 8287107 8287073 8293540 * @requires os.family == "linux" * @modules java.base/jdk.internal.platform * @library /lib/testlibrary @@ -64,6 +65,7 @@ public class TestCgroupSubsystemFactory { private Path cgroupv1CgInfoZeroHierarchy; private Path cgroupv1MntInfoZeroHierarchy; private Path cgroupv2CgInfoZeroHierarchy; + private Path cgroupv2CgInfoZeroMinimal; private Path cgroupv2MntInfoZeroHierarchy; private Path cgroupv1CgInfoNonZeroHierarchy; private Path cgroupv1MntInfoNonZeroHierarchy; @@ -125,6 +127,9 @@ public class TestCgroupSubsystemFactory { "net_cls 0 1 1\n" + "blkio 0 1 1\n" + "perf_event 0 1 1 "; + private String cgroupsZeroHierarchyMinimal = + "#subsys_name hierarchy num_cgroups enabled\n" + + "cpu 0 1 1\n"; private String mntInfoHybrid = "30 23 0:26 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:4 - tmpfs tmpfs ro,seclabel,mode=755\n" + "31 30 0:27 / /sys/fs/cgroup/unified rw,nosuid,nodev,noexec,relatime shared:5 - cgroup2 none rw,seclabel,nsdelegate\n" + @@ -308,6 +313,9 @@ public void setup() { cgroupv1MountInfoCgroupsOnlyCPUCtrl = Paths.get(existingDirectory.toString(), "self_mountinfo_cpu_only_controller"); Files.write(cgroupv1MountInfoCgroupsOnlyCPUCtrl, mntInfoCpuOnly.getBytes(StandardCharsets.UTF_8)); + cgroupv2CgInfoZeroMinimal = Paths.get(existingDirectory.toString(), "cgv2_proc_cgroups_minimal"); + Files.write(cgroupv2CgInfoZeroMinimal, cgroupsZeroHierarchyMinimal.getBytes(StandardCharsets.UTF_8)); + cgroupv2CgInfoNoZeroHierarchyOnlyFreezer = Paths.get(existingDirectory.toString(), "cgroups_cgv2_non_zero_only_freezer"); Files.write(cgroupv2CgInfoNoZeroHierarchyOnlyFreezer, cgroupsNonZeroHierarchyOnlyFreezer.getBytes(StandardCharsets.UTF_8)); @@ -489,6 +497,30 @@ public void testZeroHierarchyCgroupsV2() throws IOException { assertEquals("/sys/fs/cgroup", cpuInfo.getMountPoint()); } + /* + * On some systems the memory controller might not show up in /proc/cgroups + * which may provoke a NPE on instantiation. See bug 8287073. + */ + @Test + public void testZeroHierarchyCgroupsV2Minimal() throws IOException { + String cgroups = cgroupv2CgInfoZeroMinimal.toString(); + String mountInfo = cgroupv2MntInfoZeroHierarchy.toString(); + String selfCgroup = cgroupv2SelfCgroup.toString(); + Optional result = CgroupSubsystemFactory.determineType(mountInfo, cgroups, selfCgroup); + + assertTrue("Expected non-empty cgroup result", result.isPresent()); + CgroupTypeResult res = result.get(); + + assertTrue("zero hierarchy ids with mounted controllers expected cgroups v2", res.isCgroupV2()); + assertNull("Only cpu controller present", res.getInfos().get("memory")); + try { + CgroupSubsystemFactory.create(result); + // pass + } catch (NullPointerException e) { + fail("Missing memory controller should not cause any NPE"); + } + } + @Test(expected = IOException.class) public void mountInfoFileNotFound() throws IOException { String cgroups = cgroupv1CgInfoZeroHierarchy.toString(); // any existing file From 3232400385ca3797247bfba20a54616cf893c50f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 16 Aug 2023 18:14:18 +0000 Subject: [PATCH 17/34] 8042726: [TESTBUG] TEST.groups file was not updated after runtime/6925573/SortMethodsTest.java removal Removed runtime/6925573/SortMethodsTest.java from TEST.groups Reviewed-by: sgehwolf Backport-of: 3e6986fb58400193cf02ce4566afcf8bd24b92de --- hotspot/test/TEST.groups | 1 - 1 file changed, 1 deletion(-) diff --git a/hotspot/test/TEST.groups b/hotspot/test/TEST.groups index 216e307cf14..c8767949707 100644 --- a/hotspot/test/TEST.groups +++ b/hotspot/test/TEST.groups @@ -65,7 +65,6 @@ needs_jdk = \ gc/metaspace/TestMetaspacePerfCounters.java \ gc/metaspace/TestPerfCountersAndMemoryPools.java \ runtime/6819213/TestBootNativeLibraryPath.java \ - runtime/6925573/SortMethodsTest.java \ runtime/7107135/Test7107135.sh \ runtime/7158988/FieldMonitor.java \ runtime/7194254/Test7194254.java \ From aa3e9dda3d733508ad8bcd6e290f716b189141d4 Mon Sep 17 00:00:00 2001 From: Dongbo He Date: Thu, 24 Aug 2023 12:47:59 +0000 Subject: [PATCH 18/34] 8202952: C2: Unexpected dead nodes after matching Reviewed-by: roland, andrew Backport-of: 50e3aa4150dc1dd18870c5725666188ab38ab7d5 --- hotspot/src/share/vm/opto/matcher.cpp | 1 + .../compiler/c2/TestMatcherLargeOffset.java | 67 +++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 hotspot/test/compiler/c2/TestMatcherLargeOffset.java diff --git a/hotspot/src/share/vm/opto/matcher.cpp b/hotspot/src/share/vm/opto/matcher.cpp index 75f1fbee58c..6660b4b467b 100644 --- a/hotspot/src/share/vm/opto/matcher.cpp +++ b/hotspot/src/share/vm/opto/matcher.cpp @@ -2202,6 +2202,7 @@ void Matcher::find_shared( Node *n ) { // AtomicAdd is not an addressing expression. // Cheap to find it by looking for screwy base. !adr->in(AddPNode::Base)->is_top() && + X86_ONLY(LP64_ONLY( off->get_long() == (int) (off->get_long()) && )) // immL32 // Are there other uses besides address expressions? !is_visited(adr) ) { address_visited.set(adr->_idx); // Flag as address_visited diff --git a/hotspot/test/compiler/c2/TestMatcherLargeOffset.java b/hotspot/test/compiler/c2/TestMatcherLargeOffset.java new file mode 100644 index 00000000000..ab211ea55c5 --- /dev/null +++ b/hotspot/test/compiler/c2/TestMatcherLargeOffset.java @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8202952 + * @summary C2: Unexpected dead nodes after matching + * + * @run main/othervm -XX:-TieredCompilation -Xcomp -XX:CompileOnly=::test + * compiler.c2.TestMatcherLargeOffset + */ +package compiler.c2; + +public class TestMatcherLargeOffset { + + public static int s = 0; + public static final int N = 400; + public static int a[] = new int[N]; + + public static void test() { + int x = -57785; + + for (int i = 0; i < N; i++) { + a[(x >>> 1) % N] &= (--x); + + for (int j = 4; j > 1; j -= 3) { + switch ((j % 9) + 119) { + case 122: + s += i; + break; + case 123: + s += i; + break; + default: + } + } + } + } + + public static void main(String[] args) { + for (int i = 0; i < 16000; i++) { + test(); + } + + System.out.println("s = " + s); + } +} From f92926955791c810469e412927f58f2ca634fe4b Mon Sep 17 00:00:00 2001 From: Xin Liu Date: Thu, 24 Aug 2023 17:49:18 +0000 Subject: [PATCH 19/34] 8173072: zipfs fails to handle incorrect info-zip "extended timestamp extra field" Reviewed-by: phh, serb, andrew Backport-of: 248778d27a5f8a16e4c90a4f5a6632a7ca8e9a89 --- .../nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java b/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java index 26e2a5bf9e9..d3c68e5e06a 100644 --- a/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java +++ b/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java @@ -2461,16 +2461,17 @@ void readExtra(ZipFileSystem zipfs) throws IOException { locPos += locSZ; continue; } + int end = locPos + locSZ - 4; int flag = CH(buf, locPos++); - if ((flag & 0x1) != 0) { + if ((flag & 0x1) != 0 && locPos <= end) { mtime = unixToJavaTime(LG(buf, locPos)); locPos += 4; } - if ((flag & 0x2) != 0) { + if ((flag & 0x2) != 0 && locPos <= end) { atime = unixToJavaTime(LG(buf, locPos)); locPos += 4; } - if ((flag & 0x4) != 0) { + if ((flag & 0x4) != 0 && locPos <= end) { ctime = unixToJavaTime(LG(buf, locPos)); locPos += 4; } From 599bb77c451274bacdb38cb7fd2d8fe658846ab3 Mon Sep 17 00:00:00 2001 From: Alexey Bakhtin Date: Wed, 6 Sep 2023 15:25:08 +0000 Subject: [PATCH 20/34] 8225687: Newly added sspi.cpp in JDK-6722928 still contains some small errors Reviewed-by: andrew Backport-of: e03c2a270b291e7b1edcf4df491d6d386a882a87 --- .../sun/security/jgss/wrapper/NativeFunc.h | 36 ++--- .../native/sun/security/jgss/wrapper/gssapi.h | 48 +++---- .../sun/security/jgss/sspi_bridge/sspi.cpp | 127 ++++++++++++------ 3 files changed, 126 insertions(+), 85 deletions(-) diff --git a/jdk/src/share/native/sun/security/jgss/wrapper/NativeFunc.h b/jdk/src/share/native/sun/security/jgss/wrapper/NativeFunc.h index 21f3d03ebd4..d6951201227 100644 --- a/jdk/src/share/native/sun/security/jgss/wrapper/NativeFunc.h +++ b/jdk/src/share/native/sun/security/jgss/wrapper/NativeFunc.h @@ -57,8 +57,8 @@ typedef OM_uint32 (*RELEASE_NAME_FN_PTR) typedef OM_uint32 (*IMPORT_NAME_FN_PTR) (OM_uint32 *minor_status, - const gss_buffer_t input_name_buffer, - const gss_OID input_name_type, + gss_const_buffer_t input_name_buffer, + gss_const_OID input_name_type, gss_name_t *output_name); typedef OM_uint32 (*COMPARE_NAME_FN_PTR) @@ -70,7 +70,7 @@ typedef OM_uint32 (*COMPARE_NAME_FN_PTR) typedef OM_uint32 (*CANONICALIZE_NAME_FN_PTR) (OM_uint32 *minor_status, gss_const_name_t input_name, - const gss_OID mech_type, + gss_const_OID mech_type, gss_name_t *output_name); typedef OM_uint32 (*EXPORT_NAME_FN_PTR) @@ -88,7 +88,7 @@ typedef OM_uint32 (*ACQUIRE_CRED_FN_PTR) (OM_uint32 *minor_status, gss_const_name_t desired_name, OM_uint32 time_req, - const gss_OID_set desired_mech, + gss_const_OID_set desired_mech, gss_cred_usage_t cred_usage, gss_cred_id_t *output_cred_handle, gss_OID_set *actual_mechs, @@ -108,7 +108,7 @@ typedef OM_uint32 (*INQUIRE_CRED_FN_PTR) typedef OM_uint32 (*IMPORT_SEC_CONTEXT_FN_PTR) (OM_uint32 *minor_status, - const gss_buffer_t interprocess_token, + gss_const_buffer_t interprocess_token, gss_ctx_id_t *context_handle); typedef OM_uint32 (*INIT_SEC_CONTEXT_FN_PTR) @@ -116,11 +116,11 @@ typedef OM_uint32 (*INIT_SEC_CONTEXT_FN_PTR) gss_const_cred_id_t initiator_cred_handle, gss_ctx_id_t *context_handle, gss_const_name_t target_name, - const gss_OID mech_type, + gss_const_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, + gss_const_channel_bindings_t input_chan_bindings, + gss_const_buffer_t input_token, gss_OID *actual_mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, @@ -130,8 +130,8 @@ typedef OM_uint32 (*ACCEPT_SEC_CONTEXT_FN_PTR) (OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_const_cred_id_t acceptor_cred_handle, - const gss_buffer_t input_token, - const gss_channel_bindings_t input_chan_bindings, + gss_const_buffer_t input_token, + gss_const_channel_bindings_t input_chan_bindings, gss_name_t *src_name, gss_OID *mech_type, gss_buffer_t output_token, @@ -177,14 +177,14 @@ typedef OM_uint32 (*GET_MIC_FN_PTR) (OM_uint32 *minor_status, gss_const_ctx_id_t context_handle, gss_qop_t qop_req, - const gss_buffer_t message_buffer, + gss_const_buffer_t message_buffer, gss_buffer_t msg_token); typedef OM_uint32 (*VERIFY_MIC_FN_PTR) (OM_uint32 *minor_status, gss_const_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, + gss_const_buffer_t message_buffer, + gss_const_buffer_t token_buffer, gss_qop_t *qop_state); typedef OM_uint32 (*WRAP_FN_PTR) @@ -192,14 +192,14 @@ typedef OM_uint32 (*WRAP_FN_PTR) gss_const_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, + gss_const_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer); typedef OM_uint32 (*UNWRAP_FN_PTR) (OM_uint32 *minor_status, gss_const_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, + gss_const_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int *conf_state, gss_qop_t *qop_state); @@ -210,19 +210,19 @@ typedef OM_uint32 (*INDICATE_MECHS_FN_PTR) typedef OM_uint32 (*INQUIRE_NAMES_FOR_MECH_FN_PTR) (OM_uint32 *minor_status, - const gss_OID mechanism, + gss_const_OID mechanism, gss_OID_set *name_types); typedef OM_uint32 (*ADD_OID_SET_MEMBER_FN_PTR) (OM_uint32 *minor_status, - const gss_OID member_oid, + gss_const_OID member_oid, gss_OID_set *oid_set); typedef OM_uint32 (*DISPLAY_STATUS_FN_PTR) (OM_uint32 *minor_status, OM_uint32 status_value, int status_type, - const gss_OID mech_type, + gss_const_OID mech_type, OM_uint32 *message_context, gss_buffer_t status_string); diff --git a/jdk/src/share/native/sun/security/jgss/wrapper/gssapi.h b/jdk/src/share/native/sun/security/jgss/wrapper/gssapi.h index 9c6002c4633..932742ca9f5 100644 --- a/jdk/src/share/native/sun/security/jgss/wrapper/gssapi.h +++ b/jdk/src/share/native/sun/security/jgss/wrapper/gssapi.h @@ -404,7 +404,7 @@ GSS_DLLIMP OM_uint32 gss_acquire_cred( OM_uint32 *, /* minor_status */ gss_const_name_t, /* desired_name */ OM_uint32, /* time_req */ - const gss_OID_set, /* desired_mechs */ + gss_const_OID_set, /* desired_mechs */ gss_cred_usage_t, /* cred_usage */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ @@ -421,11 +421,11 @@ GSS_DLLIMP OM_uint32 gss_init_sec_context( gss_const_cred_id_t, /* claimant_cred_handle */ gss_ctx_id_t *, /* context_handle */ gss_const_name_t, /* target_name */ - const gss_OID, /* mech_type */ + gss_const_OID, /* mech_type */ OM_uint32, /* req_flags */ OM_uint32, /* time_req */ - const gss_channel_bindings_t, /* input_chan_bindings */ - const gss_buffer_t, /* input_token */ + gss_const_channel_bindings_t, /* input_chan_bindings */ + gss_const_buffer_t, /* input_token */ gss_OID *, /* actual_mech_type */ gss_buffer_t, /* output_token */ OM_uint32 *, /* ret_flags */ @@ -436,8 +436,8 @@ GSS_DLLIMP OM_uint32 gss_accept_sec_context( OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ gss_const_cred_id_t, /* acceptor_cred_handle */ - const gss_buffer_t, /* input_token_buffer */ - const gss_channel_bindings_t, /* input_chan_bindings */ + gss_const_buffer_t, /* input_token_buffer */ + gss_const_channel_bindings_t, /* input_chan_bindings */ gss_name_t *, /* src_name */ gss_OID *, /* mech_type */ gss_buffer_t, /* output_token */ @@ -449,7 +449,7 @@ GSS_DLLIMP OM_uint32 gss_accept_sec_context( GSS_DLLIMP OM_uint32 gss_process_context_token( OM_uint32 *, /* minor_status */ gss_const_ctx_id_t, /* context_handle */ - const gss_buffer_t /* token_buffer */ + gss_const_buffer_t /* token_buffer */ ); GSS_DLLIMP OM_uint32 gss_delete_sec_context( @@ -469,7 +469,7 @@ GSS_DLLIMP OM_uint32 gss_get_mic( OM_uint32 *, /* minor_status */ gss_const_ctx_id_t, /* context_handle */ gss_qop_t, /* qop_req */ - const gss_buffer_t, /* message_buffer */ + gss_const_buffer_t, /* message_buffer */ gss_buffer_t /* message_token */ ); @@ -477,8 +477,8 @@ GSS_DLLIMP OM_uint32 gss_get_mic( GSS_DLLIMP OM_uint32 gss_verify_mic( OM_uint32 *, /* minor_status */ gss_const_ctx_id_t, /* context_handle */ - const gss_buffer_t, /* message_buffer */ - const gss_buffer_t, /* message_token */ + gss_const_buffer_t, /* message_buffer */ + gss_const_buffer_t, /* message_token */ gss_qop_t * /* qop_state */ ); @@ -488,7 +488,7 @@ GSS_DLLIMP OM_uint32 gss_wrap( gss_const_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ gss_qop_t, /* qop_req */ - const gss_buffer_t, /* input_message_buffer */ + gss_const_buffer_t, /* input_message_buffer */ int *, /* conf_state */ gss_buffer_t /* output_message_buffer */ ); @@ -497,7 +497,7 @@ GSS_DLLIMP OM_uint32 gss_wrap( GSS_DLLIMP OM_uint32 gss_unwrap( OM_uint32 *, /* minor_status */ gss_const_ctx_id_t, /* context_handle */ - const gss_buffer_t, /* input_message_buffer */ + gss_const_buffer_t, /* input_message_buffer */ gss_buffer_t, /* output_message_buffer */ int *, /* conf_state */ gss_qop_t * /* qop_state */ @@ -507,7 +507,7 @@ GSS_DLLIMP OM_uint32 gss_display_status( OM_uint32 *, /* minor_status */ OM_uint32, /* status_value */ int, /* status_type */ - const gss_OID, /* mech_type (used to be const) */ + gss_const_OID, /* mech_type (used to be const) */ OM_uint32 *, /* message_context */ gss_buffer_t /* status_string */ ); @@ -533,8 +533,8 @@ GSS_DLLIMP OM_uint32 gss_display_name( GSS_DLLIMP OM_uint32 gss_import_name( OM_uint32 *, /* minor_status */ - const gss_buffer_t, /* input_name_buffer */ - const gss_OID, /* input_name_type(used to be const) */ + gss_const_buffer_t, /* input_name_buffer */ + gss_const_OID, /* input_name_type(used to be const) */ gss_name_t * /* output_name */ ); @@ -590,7 +590,7 @@ GSS_DLLIMP OM_uint32 gss_add_cred( OM_uint32 *, /* minor_status */ gss_const_cred_id_t, /* input_cred_handle */ gss_const_name_t, /* desired_name */ - const gss_OID, /* desired_mech */ + gss_const_OID, /* desired_mech */ gss_cred_usage_t, /* cred_usage */ OM_uint32, /* initiator_time_req */ OM_uint32, /* acceptor_time_req */ @@ -604,7 +604,7 @@ GSS_DLLIMP OM_uint32 gss_add_cred( GSS_DLLIMP OM_uint32 gss_inquire_cred_by_mech( OM_uint32 *, /* minor_status */ gss_const_cred_id_t, /* cred_handle */ - const gss_OID, /* mech_type */ + gss_const_OID, /* mech_type */ gss_name_t *, /* name */ OM_uint32 *, /* initiator_lifetime */ OM_uint32 *, /* acceptor_lifetime */ @@ -621,7 +621,7 @@ GSS_DLLIMP OM_uint32 gss_export_sec_context( /* New for V2 */ GSS_DLLIMP OM_uint32 gss_import_sec_context( OM_uint32 *, /* minor_status */ - const gss_buffer_t, /* interprocess_token */ + gss_const_buffer_t, /* interprocess_token */ gss_ctx_id_t * /* context_handle */ ); @@ -640,22 +640,22 @@ GSS_DLLIMP OM_uint32 gss_create_empty_oid_set( /* New for V2 */ GSS_DLLIMP OM_uint32 gss_add_oid_set_member( OM_uint32 *, /* minor_status */ - const gss_OID, /* member_oid */ + gss_const_OID, /* member_oid */ gss_OID_set * /* oid_set */ ); /* New for V2 */ GSS_DLLIMP OM_uint32 gss_test_oid_set_member( OM_uint32 *, /* minor_status */ - const gss_OID, /* member */ - const gss_OID_set, /* set */ + gss_const_OID, /* member */ + gss_const_OID_set, /* set */ int * /* present */ ); /* New for V2 */ GSS_DLLIMP OM_uint32 gss_str_to_oid( OM_uint32 *, /* minor_status */ - const gss_buffer_t, /* oid_str */ + gss_const_buffer_t, /* oid_str */ gss_OID * /* oid */ ); @@ -669,7 +669,7 @@ GSS_DLLIMP OM_uint32 gss_oid_to_str( /* New for V2 */ GSS_DLLIMP OM_uint32 gss_inquire_names_for_mech( OM_uint32 *, /* minor_status */ - const gss_OID, /* mechanism */ + gss_const_OID, /* mechanism */ gss_OID_set * /* name_types */ ); @@ -691,7 +691,7 @@ GSS_DLLIMP OM_uint32 gss_duplicate_name( GSS_DLLIMP OM_uint32 gss_canonicalize_name( OM_uint32 *, /* minor_status */ gss_const_name_t, /* input_name */ - const gss_OID, /* mech_type */ + gss_const_OID, /* mech_type */ gss_name_t * /* output_name */ ); diff --git a/jdk/src/windows/native/sun/security/jgss/sspi_bridge/sspi.cpp b/jdk/src/windows/native/sun/security/jgss/sspi_bridge/sspi.cpp index b6827198a71..b1de9934a00 100644 --- a/jdk/src/windows/native/sun/security/jgss/sspi_bridge/sspi.cpp +++ b/jdk/src/windows/native/sun/security/jgss/sspi_bridge/sspi.cpp @@ -209,14 +209,14 @@ flag_gss_to_sspi(int fin) } static BOOLEAN -is_same_oid(gss_OID o2, gss_OID o1) +is_same_oid(gss_const_OID o2, gss_const_OID o1) { return o1 && o2 && o1->length == o2->length && !memcmp(o1->elements, o2->elements, o2->length); } static BOOLEAN -has_oid(gss_OID_set set, gss_OID oid) +has_oid(gss_const_OID_set set, gss_const_OID oid) { for (int i = 0; i < set->count; i++) { if (is_same_oid(&set->elements[i], oid)) { @@ -227,7 +227,7 @@ has_oid(gss_OID_set set, gss_OID oid) } static void -get_oid_desc(gss_OID mech) +show_oid(gss_const_OID mech) { if (trace) { if (is_same_oid(mech, &KRB5_OID)) { @@ -249,7 +249,7 @@ get_oid_desc(gss_OID mech) } static void -get_oid_set_desc(gss_OID_set mechs) +show_oid_set(gss_const_OID_set mechs) { if (trace) { if (mechs == NULL) { @@ -258,7 +258,7 @@ get_oid_set_desc(gss_OID_set mechs) } PP("gss_OID_set.count is %d", (int)mechs->count); for (int i = 0; i < mechs->count; i++) { - get_oid_desc(&mechs->elements[i]); + show_oid(&mechs->elements[i]); } } } @@ -332,8 +332,8 @@ gss_release_name(OM_uint32 *minor_status, __declspec(dllexport) OM_uint32 gss_import_name(OM_uint32 *minor_status, - const gss_buffer_t input_name_buffer, - const gss_OID input_name_type, + gss_const_buffer_t input_name_buffer, + gss_const_OID input_name_type, gss_name_t *output_name) { PP(">>>> Calling gss_import_name..."); @@ -344,6 +344,9 @@ gss_import_name(OM_uint32 *minor_status, LPSTR input = (LPSTR)input_name_buffer->value; if (input_name_type != NULL && is_same_oid(input_name_type, &EXPORT_NAME_OID)) { + if (len < 4 || input[0] != 4 || input[1] != 1 || input[2] != 0) { + return GSS_S_FAILURE; + } int mechLen = (int)input[3]; /* including 06 len */ len -= mechLen + 8; /* 4 header bytes, and an int32 length after OID */ if (len <= 0) { @@ -429,15 +432,50 @@ gss_compare_name(OM_uint32 *minor_status, SEC_WCHAR* n1 = name1->name; SEC_WCHAR* n2 = name2->name; PP("Comparing %ls and %ls", n1, n2); + int l1 = lstrlen(n1); int l2 = lstrlen(n2); - if (l1 < l2 && n2[l1] != L'@' - || l2 < l1 && n1[l2] != L'@') { + int r1 = l1; // position of @ or the end if none + int r2 = l2; + int i; + + for (i = 0; i < l1; i++) { + if (n1[i] == L'\\') { + i++; + continue; + } + if (n1[i] == L'@') { + r1 = i; + break; + } + } + + for (i = 0; i < l2; i++) { + if (n2[i] == L'\\') { + i++; + continue; + } + if (n2[i] == L'@') { + r2 = i; + break; + } + } + + if (l1 < l2 && l1 != r2 + || l2 < l1 && l2 != l1) { return GSS_S_COMPLETE; // different } + if (l1 > l2) { l1 = l2; // choose the smaller one. longer=smaller @ ... } + + // Two names are equal if they are the same or one has no realm and + // one has realm but they have the same name. If both have realm but + // different, they are treated different even if the names are the same. + // Note: the default name concept is not used here. + // Principal names on Windows are case-insensitive, both user name + // and service principal name. if (CompareStringEx(LOCALE_NAME_SYSTEM_DEFAULT, NORM_IGNORECASE, n1, l1, n2, l1, NULL, NULL, 0) == CSTR_EQUAL) { *name_equal = 1; @@ -448,7 +486,7 @@ gss_compare_name(OM_uint32 *minor_status, __declspec(dllexport) OM_uint32 gss_canonicalize_name(OM_uint32 *minor_status, gss_const_name_t input_name, - const gss_OID mech_type, + gss_const_OID mech_type, gss_name_t *output_name) { PP(">>>> Calling gss_canonicalize_name..."); @@ -456,6 +494,10 @@ gss_canonicalize_name(OM_uint32 *minor_status, CHECK_OID(mech_type) CHECK_OUTPUT(output_name) + if (!is_same_oid(mech_type, &KRB5_OID)) { + PP("Cannot canonicalize to non-krb5 OID"); + return GSS_S_BAD_MECH; + } gss_name_t names2 = new gss_name_struct; if (names2 == NULL) { return GSS_S_FAILURE; @@ -558,7 +600,7 @@ __declspec(dllexport) OM_uint32 gss_acquire_cred(OM_uint32 *minor_status, gss_const_name_t desired_name, OM_uint32 time_req, - const gss_OID_set desired_mechs, + gss_const_OID_set desired_mechs, gss_cred_usage_t cred_usage, gss_cred_id_t *output_cred_handle, gss_OID_set *actual_mechs, @@ -572,7 +614,7 @@ gss_acquire_cred(OM_uint32 *minor_status, ts.QuadPart = 0; cred_usage = 0; PP("AcquireCredentialsHandle with %d %p", cred_usage, desired_mechs); - get_oid_set_desc(desired_mechs); + show_oid_set(desired_mechs); BOOLEAN reqKerberos, reqSPNEGO; @@ -787,7 +829,7 @@ gss_inquire_cred(OM_uint32 *minor_status, __declspec(dllexport) OM_uint32 gss_import_sec_context(OM_uint32 *minor_status, - const gss_buffer_t interprocess_token, + gss_const_buffer_t interprocess_token, gss_ctx_id_t *context_handle) { // Not transferable, return FAILURE @@ -801,11 +843,11 @@ gss_init_sec_context(OM_uint32 *minor_status, gss_const_cred_id_t initiator_cred_handle, gss_ctx_id_t *context_handle, gss_const_name_t target_name, - const gss_OID mech_type, + gss_const_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, + gss_const_channel_bindings_t input_chan_bindings, + gss_const_buffer_t input_token, gss_OID *actual_mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, @@ -927,7 +969,6 @@ gss_init_sec_context(OM_uint32 *minor_status, &lifeTime); if (!SEC_SUCCESS(ss)) { - // TODO: seems NativeGSSContext has not failed here. PP("InitializeSecurityContext failed"); goto err; } @@ -983,8 +1024,8 @@ __declspec(dllexport) OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_const_cred_id_t acceptor_cred_handle, - const gss_buffer_t input_token, - const gss_channel_bindings_t input_chan_bindings, + gss_const_buffer_t input_token, + gss_const_channel_bindings_t input_chan_bindings, gss_name_t *src_name, gss_OID *mech_type, gss_buffer_t output_token, @@ -1168,13 +1209,13 @@ __declspec(dllexport) OM_uint32 gss_get_mic(OM_uint32 *minor_status, gss_const_ctx_id_t context_handle, gss_qop_t qop_req, - const gss_buffer_t message_buffer, + gss_const_buffer_t message_buffer, gss_buffer_t msg_token) { PP(">>>> Calling gss_get_mic..."); - CHECK_CONTEXT(context_handle); - CHECK_BUFFER(message_buffer); - CHECK_OUTPUT(msg_token); + CHECK_CONTEXT(context_handle) + CHECK_BUFFER(message_buffer) + CHECK_OUTPUT(msg_token) SECURITY_STATUS ss; SecBufferDesc buffDesc; @@ -1208,14 +1249,14 @@ gss_get_mic(OM_uint32 *minor_status, __declspec(dllexport) OM_uint32 gss_verify_mic(OM_uint32 *minor_status, gss_const_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, + gss_const_buffer_t message_buffer, + gss_const_buffer_t token_buffer, gss_qop_t *qop_state) { PP(">>>> Calling gss_verify_mic..."); - CHECK_CONTEXT(context_handle); - CHECK_BUFFER(message_buffer); - CHECK_BUFFER(token_buffer); + CHECK_CONTEXT(context_handle) + CHECK_BUFFER(message_buffer) + CHECK_BUFFER(token_buffer) SECURITY_STATUS ss; SecBufferDesc buffDesc; @@ -1253,14 +1294,14 @@ gss_wrap(OM_uint32 *minor_status, gss_const_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, + gss_const_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer) { PP(">>>> Calling gss_wrap..."); - CHECK_CONTEXT(context_handle); - CHECK_BUFFER(input_message_buffer); - CHECK_OUTPUT(output_message_buffer); + CHECK_CONTEXT(context_handle) + CHECK_BUFFER(input_message_buffer) + CHECK_OUTPUT(output_message_buffer) SECURITY_STATUS ss; SecBufferDesc buffDesc; @@ -1323,15 +1364,15 @@ gss_wrap(OM_uint32 *minor_status, __declspec(dllexport) OM_uint32 gss_unwrap(OM_uint32 *minor_status, gss_const_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, + gss_const_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int *conf_state, gss_qop_t *qop_state) { PP(">>>> Calling gss_unwrap..."); - CHECK_CONTEXT(context_handle); - CHECK_BUFFER(input_message_buffer); - CHECK_OUTPUT(output_message_buffer); + CHECK_CONTEXT(context_handle) + CHECK_BUFFER(input_message_buffer) + CHECK_OUTPUT(output_message_buffer) SECURITY_STATUS ss; SecBufferDesc buffDesc; @@ -1417,11 +1458,11 @@ gss_indicate_mechs(OM_uint32 *minor_status, __declspec(dllexport) OM_uint32 gss_inquire_names_for_mech(OM_uint32 *minor_status, - const gss_OID mechanism, + gss_const_OID mechanism, gss_OID_set *name_types) { PP(">>>> Calling gss_inquire_names_for_mech..."); - CHECK_OID(mechanism); + CHECK_OID(mechanism) if (gss_create_empty_oid_set(minor_status, name_types)) { return GSS_S_FAILURE; @@ -1445,12 +1486,12 @@ gss_inquire_names_for_mech(OM_uint32 *minor_status, __declspec(dllexport) OM_uint32 gss_add_oid_set_member(OM_uint32 *minor_status, - const gss_OID member_oid, + gss_const_OID member_oid, gss_OID_set *oid_set) { PP(">>>> Calling gss_add_oid_set_member..."); - CHECK_OID(member_oid); - CHECK_OUTPUT(oid_set); + CHECK_OID(member_oid) + CHECK_OUTPUT(oid_set) int count = (int)(*oid_set)->count; @@ -1490,7 +1531,7 @@ __declspec(dllexport) OM_uint32 gss_display_status(OM_uint32 *minor_status, OM_uint32 status_value, int status_type, - const gss_OID mech_type, + gss_const_OID mech_type, OM_uint32 *message_context, gss_buffer_t status_string) { @@ -1526,7 +1567,7 @@ gss_create_empty_oid_set(OM_uint32 *minor_status, gss_OID_set *oid_set) { PP(">>>> Calling gss_create_empty_oid_set..."); - CHECK_OUTPUT(oid_set); + CHECK_OUTPUT(oid_set) if (*oid_set = new gss_OID_set_desc) { memset(*oid_set, 0, sizeof(gss_OID_set_desc)); From e74d29d67429a8059ec168882ee3b540dea67a1f Mon Sep 17 00:00:00 2001 From: Severin Gehwolf Date: Mon, 11 Sep 2023 08:09:50 +0000 Subject: [PATCH 21/34] 8295894: Remove SECOM certificate that is expiring in September 2023 Reviewed-by: andrew Backport-of: b40b1ca1f6ab606387bb1a466810f0e23dead560 --- jdk/make/data/cacerts/secomscrootca1 | 27 ------------------- .../security/lib/cacerts/VerifyCACerts.java | 9 +++---- 2 files changed, 3 insertions(+), 33 deletions(-) delete mode 100644 jdk/make/data/cacerts/secomscrootca1 diff --git a/jdk/make/data/cacerts/secomscrootca1 b/jdk/make/data/cacerts/secomscrootca1 deleted file mode 100644 index d300e31195d..00000000000 --- a/jdk/make/data/cacerts/secomscrootca1 +++ /dev/null @@ -1,27 +0,0 @@ -Owner: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP -Issuer: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP -Serial number: 0 -Valid from: Tue Sep 30 04:20:49 GMT 2003 until: Sat Sep 30 04:20:49 GMT 2023 -Signature algorithm name: SHA1withRSA -Subject Public Key Algorithm: 2048-bit RSA key -Version: 3 ------BEGIN CERTIFICATE----- -MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY -MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t -dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 -WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD -VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 -9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ -DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 -Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N -QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ -xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G -A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T -AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG -kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr -Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 -Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU -JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot -RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== ------END CERTIFICATE----- diff --git a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java index f3762176a3e..9caf545b606 100644 --- a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java +++ b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java @@ -28,7 +28,7 @@ * 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136 * 8223499 8225392 8232019 8234245 8233223 8225068 8225069 8243321 8243320 * 8243559 8225072 8258630 8259312 8256421 8225081 8225082 8225083 8245654 - * 8305975 8304760 8307134 + * 8305975 8304760 8307134 8295894 * @summary Check root CA entries in cacerts file */ import java.io.ByteArrayInputStream; @@ -54,13 +54,12 @@ public class VerifyCACerts { + File.separator + "security" + File.separator + "cacerts"; // The numbers of certs now. - private static final int COUNT = 97; + private static final int COUNT = 96; // SHA-256 of cacerts, can be generated with // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 private static final String CHECKSUM - = "72:C7:B8:9E:54:94:D2:D9:C0:E5:9F:F7:C3:8C:3B:18:D7:42:23:82:51:F2:AD:A1:14:26:E0:4A:F2:5F:AE:80"; - + = "9B:AF:A2:BD:88:C9:74:05:7F:DD:F3:97:85:21:18:4A:52:F0:07:CC:46:FD:2B:90:BA:FB:57:09:18:3B:66:0F"; // map of cert alias to SHA-256 fingerprint @SuppressWarnings("serial") private static final Map FINGERPRINT_MAP @@ -166,8 +165,6 @@ public class VerifyCACerts { "18:F1:FC:7F:20:5D:F8:AD:DD:EB:7F:E0:07:DD:57:E3:AF:37:5A:9C:4D:8D:73:54:6B:F4:F1:FE:D1:E1:8D:35"); put("quovadisrootca3g3 [jdk]", "88:EF:81:DE:20:2E:B0:18:45:2E:43:F8:64:72:5C:EA:5F:BD:1F:C2:D9:D2:05:73:07:09:C5:D8:B8:69:0F:46"); - put("secomscrootca1 [jdk]", - "E7:5E:72:ED:9F:56:0E:EC:6E:B4:80:00:73:A4:3F:C3:AD:19:19:5A:39:22:82:01:78:95:97:4A:99:02:6B:6C"); put("secomscrootca2 [jdk]", "51:3B:2C:EC:B8:10:D4:CD:E5:DD:85:39:1A:DF:C6:C2:DD:60:D8:7B:B7:36:D2:B5:21:48:4A:A4:7A:0E:BE:F6"); put("swisssigngoldg2ca [jdk]", From b24b03f9dbeb2c1e8b5cb0279659eee489bd9df4 Mon Sep 17 00:00:00 2001 From: Severin Gehwolf Date: Mon, 18 Sep 2023 09:06:41 +0000 Subject: [PATCH 22/34] 8314960: Add Certigna Root CA - 2 Reviewed-by: andrew Backport-of: a44f8b059847135ecd0618cb04abbb0d2be1d2d0 --- jdk/make/data/cacerts/certignarootca | 43 +++ .../certification/CertignaCA.java | 227 -------------- .../certification/CertignaRoots.java | 293 ++++++++++++++++++ .../security/lib/cacerts/VerifyCACerts.java | 8 +- 4 files changed, 341 insertions(+), 230 deletions(-) create mode 100644 jdk/make/data/cacerts/certignarootca delete mode 100644 jdk/test/security/infra/java/security/cert/CertPathValidator/certification/CertignaCA.java create mode 100644 jdk/test/security/infra/java/security/cert/CertPathValidator/certification/CertignaRoots.java diff --git a/jdk/make/data/cacerts/certignarootca b/jdk/make/data/cacerts/certignarootca new file mode 100644 index 00000000000..b79092d0cb5 --- /dev/null +++ b/jdk/make/data/cacerts/certignarootca @@ -0,0 +1,43 @@ +Owner: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR +Issuer: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR +Serial number: cae91b89f155030da3e6416dc4e3a6e1 +Valid from: Tue Oct 01 08:32:27 GMT 2013 until: Sat Oct 01 08:32:27 GMT 2033 +Signature algorithm name: SHA256withRSA +Subject Public Key Algorithm: 4096-bit RSA key +Version: 3 +-----BEGIN CERTIFICATE----- +MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAw +WjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAw +MiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0x +MzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjdaMFoxCzAJBgNVBAYTAkZSMRIwEAYD +VQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgxMDAwMzYxGTAX +BgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sO +ty3tRQgXstmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9M +CiBtnyN6tMbaLOQdLNyzKNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPu +I9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8JXrJhFwLrN1CTivngqIkicuQstDuI7pm +TLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16XdG+RCYyKfHx9WzMfgIh +C59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq4NYKpkDf +ePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3Yz +IoejwpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWT +Co/1VTp2lc5ZmIoJlXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1k +JWumIWmbat10TWuXekG9qxf5kBdIjzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5 +hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp//TBt2dzhauH8XwIDAQABo4IB +GjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of +1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczov +L3d3d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilo +dHRwOi8vY3JsLmNlcnRpZ25hLmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYr +aHR0cDovL2NybC5kaGlteW90aXMuY29tL2NlcnRpZ25hcm9vdGNhLmNybDANBgkq +hkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOItOoldaDgvUSILSo3L +6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxPTGRG +HVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH6 +0BGM+RFq7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncB +lA2c5uk5jR+mUYyZDDl34bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdi +o2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1 +gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS6Cvu5zHbugRqh5jnxV/v +faci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaYtlu3zM63 +Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayh +jWZSaX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw +3kAP+HwV96LOPNdeE4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0= +-----END CERTIFICATE----- diff --git a/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/CertignaCA.java b/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/CertignaCA.java deleted file mode 100644 index 5e058233370..00000000000 --- a/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/CertignaCA.java +++ /dev/null @@ -1,227 +0,0 @@ -/* - * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 8245654 - * @summary Interoperability tests with Certigna Root CA from Dhimyotis - * @build ValidatePathWithParams - * @run main/othervm -Djava.security.debug=certpath CertignaCA OCSP - * @run main/othervm -Djava.security.debug=certpath CertignaCA CRL - */ - -/* - * Obtain TLS test artifacts for Certigna Root CA from: - * - * Valid TLS Certificates: - * https://valid.servicesca.dhimyotis.com/ - * - * Revoked TLS Certificates: - * https://revoked.servicesca.dhimyotis.com/ - */ -public class CertignaCA { - - // Owner: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, - // OU=0002 48146308100036, O=DHIMYOTIS, C=FR - // Issuer: CN=Certigna, O=Dhimyotis, C=FR - // Serial number: 6f82fa28acd6f784bb5b120ba87367ad - // Valid from: Wed Nov 25 03:33:52 PST 2015 until: Sat Nov 22 03:33:52 PST 2025 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIGFjCCBP6gAwIBAgIQb4L6KKzW94S7WxILqHNnrTANBgkqhkiG9w0BAQsFADA0\n" + - "MQswCQYDVQQGEwJGUjESMBAGA1UECgwJRGhpbXlvdGlzMREwDwYDVQQDDAhDZXJ0\n" + - "aWduYTAeFw0xNTExMjUxMTMzNTJaFw0yNTExMjIxMTMzNTJaMH0xCzAJBgNVBAYT\n" + - "AkZSMRIwEAYDVQQKDAlESElNWU9USVMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgx\n" + - "MDAwMzYxHTAbBgNVBGEMFE5UUkZSLTQ4MTQ2MzA4MTAwMDM2MR0wGwYDVQQDDBRD\n" + - "ZXJ0aWduYSBTZXJ2aWNlcyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC\n" + - "ggIBALPM+7LpWBz9wFcPaTc3xnB+5g0XrnptB0EPPfrR04vO52Ykm4ky1d4ZLd10\n" + - "tbM1fa1RqNSOVWWg93O4pL7zCFKlz6JV74ZZVhHpEAwzBwv2oPnxvVbxtSN67xsS\n" + - "Y66ahUYxjzs8+3FhmsiRxqwnTYvK2u70uglUvRisOKyTL/M6JnrC4y8tlmoz7OSa\n" + - "5BmBMVplJFQtvmON6N9aHLvYMz+EyJPCbXL6pELxeHjFT5QmIaRamsr2DOTaCjtB\n" + - "ZKI1Wnh3X7lnbjM8MESJiV2t7E9tIQNG0Z/HI3tO4aaUMum3KysY5sC8v3vi7rry\n" + - "GidgzHQhrtP0ZXWW5UH/k7umLS/P/XXWnCFpc2Lxa1uDGfc2im7xibRoPP+JNZsz\n" + - "N76euFlls6jyEXAiwnVr14tVVTewLK0OWs5SJHpEKp8PGMZRDj59EmMvokWwzL6Q\n" + - "zNZ6vVAp00oOm05sbspNY9+MFqGKKUsKvhFGEa4XmRNxDe6KswLcjPZB+NKHZ0QW\n" + - "Fd4ip5C5XmEK/8qIPjwVr9dah9+oiHGGO8Wx7gJAMF5DTmkvW7GhqCKj1LmHnabj\n" + - "zc8av6kxWVQZi/C7HCm9i/W4wio+JA2EAFLqNL3GPNbK9kau4yPhQt/c7zxzo0OH\n" + - "nlsV4THCG7oOCd3cfCiyfQcb3FBt6OSpaKRZxjCLBwP00r0fAgMBAAGjggHZMIIB\n" + - "1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU\n" + - "rOyGj0s3HLh/FxsZ0K7oTuM0XBIwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF\n" + - "9lo53BGhOKQ2MDQxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAP\n" + - "BgNVBAMMCENlcnRpZ25hggkA/tzjAQ/JSP8wSQYDVR0gBEIwQDA+BgoqgXoBgTEB\n" + - "AAECMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmNlcnRpZ25hLmZyL2F1dG9y\n" + - "aXRlcy8wfAYIKwYBBQUHAQEEcDBuMDQGCCsGAQUFBzAChihodHRwOi8vYXV0b3Jp\n" + - "dGUuY2VydGlnbmEuZnIvY2VydGlnbmEuZGVyMDYGCCsGAQUFBzAChipodHRwOi8v\n" + - "YXV0b3JpdGUuZGhpbXlvdGlzLmNvbS9jZXJ0aWduYS5kZXIwYQYDVR0fBFowWDAp\n" + - "oCegJYYjaHR0cDovL2NybC5jZXJ0aWduYS5mci9jZXJ0aWduYS5jcmwwK6ApoCeG\n" + - "JWh0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9jZXJ0aWduYS5jcmwwDQYJKoZIhvcN\n" + - "AQELBQADggEBAGLft7gIuGPZVfg0cTM+HT2xAZFPDb/2+siH06x+dH044zMKbBIN\n" + - "bRzhKipwB1A3MW8FQjveE9tyrfyuqZE/X+o2SlGcdNV44ybYkxo4f6kcLEavV/IW\n" + - "+oFEnojZlhpksYcxrvQoEyqkAwshe8IS2KtZHKVACrt+XSs0lwvy7ALGmHaF7A4b\n" + - "y6cZWItA7Lhj8XWp+8tBJDj7HocRbWtxzEODdBuyMgJzFrNjc+97J0vH/K0+3yjm\n" + - "kczpKshMA0tM+MF9XDMN/MuwrPmUWGO/fHiqHgUp8yqeWtl1n44ZxkkK1t9GRwhn\n" + - "DWLv73/xhTmdhWYQ/reo0GbgBoLiltKmIJQ=\n" + - "-----END CERTIFICATE-----"; - - // Owner: SERIALNUMBER=S230100953, CN=valid.servicesca.dhimyotis.com, - // OU=0002 48146308100036, O=DHIMYOTIS, L=VILLENEUVE D'ASCQ, C=FR - // Issuer: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, - // OU=0002 48146308100036, O=DHIMYOTIS, C=FR - // Serial number: 2959798fe2e0e7b43810169ae938bc5f - // Valid from: Sun Mar 13 16:00:00 PDT 2022 until: Mon Mar 13 15:59:59 PDT 2023 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIIkzCCBnugAwIBAgIQKVl5j+Lg57Q4EBaa6Ti8XzANBgkqhkiG9w0BAQsFADB9\n" + - "MQswCQYDVQQGEwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAy\n" + - "IDQ4MTQ2MzA4MTAwMDM2MR0wGwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEd\n" + - "MBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMgQ0EwHhcNMjIwMzEzMjMwMDAwWhcN\n" + - "MjMwMzEzMjI1OTU5WjCBmTELMAkGA1UEBhMCRlIxGjAYBgNVBAcMEVZJTExFTkVV\n" + - "VkUgRCdBU0NRMRIwEAYDVQQKDAlESElNWU9USVMxHDAaBgNVBAsMEzAwMDIgNDgx\n" + - "NDYzMDgxMDAwMzYxJzAlBgNVBAMMHnZhbGlkLnNlcnZpY2VzY2EuZGhpbXlvdGlz\n" + - "LmNvbTETMBEGA1UEBRMKUzIzMDEwMDk1MzCCASIwDQYJKoZIhvcNAQEBBQADggEP\n" + - "ADCCAQoCggEBALpeGHbzRGnv1C0PdJS0nT+Cx98Pw8ctaw51m9Vlk2j8AFGZRu8r\n" + - "lX3noQYX0AIfcbk6KqPAreIvJQV0UgM5jxt3mIQF7iU+55MG4mWmSJgKDDq4b3ck\n" + - "WdBy0KpSBqLmB9sHyTNk9NilNu7VwG03HGIltWA2uQFJGC8CkxwAFpMCQ9RVYw2Z\n" + - "NkL/SsiPgrRLiCJZjesk1oAcLnLp7hbelfUB2Z71VmuDDlom7CsLvdN8eIG+Lj+V\n" + - "wkGmH6AbVGvbFniFDLCNDSJWCQ9AHeO+i0CM/wd2gBRSgm993p2YMxu5mVZjz/rp\n" + - "ELaCYjulvNZKvPIFoNe8qsxlXRWeqWaHuPsCAwEAAaOCA/AwggPsMIHkBggrBgEF\n" + - "BQcBAQSB1zCB1DA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rp\n" + - "cy5jb20vc2VydmljZXNjYS5kZXIwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0\n" + - "ZS5jZXJ0aWduYS5mci9zZXJ2aWNlc2NhLmRlcjAwBggrBgEFBQcwAYYkaHR0cDov\n" + - "L3NlcnZpY2VzY2Eub2NzcC5kaGlteW90aXMuY29tMC4GCCsGAQUFBzABhiJodHRw\n" + - "Oi8vc2VydmljZXNjYS5vY3NwLmNlcnRpZ25hLmZyMB8GA1UdIwQYMBaAFKzsho9L\n" + - "Nxy4fxcbGdCu6E7jNFwSMAkGA1UdEwQCMAAwYQYDVR0gBFowWDAIBgZngQwBAgIw\n" + - "TAYLKoF6AYExAgUBAQEwPTA7BggrBgEFBQcCARYvaHR0cHM6Ly93d3cuY2VydGln\n" + - "bmEuY29tL2F1dG9yaXRlLWNlcnRpZmljYXRpb24wZQYDVR0fBF4wXDAroCmgJ4Yl\n" + - "aHR0cDovL2NybC5jZXJ0aWduYS5mci9zZXJ2aWNlc2NhLmNybDAtoCugKYYnaHR0\n" + - "cDovL2NybC5kaGlteW90aXMuY29tL3NlcnZpY2VzY2EuY3JsMBMGA1UdJQQMMAoG\n" + - "CCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIFoDBIBgNVHREEQTA/gh12YWxpZC5zZXJ2\n" + - "aWNlc2NhLmNlcnRpZ25hLmNvbYIedmFsaWQuc2VydmljZXNjYS5kaGlteW90aXMu\n" + - "Y29tMB0GA1UdDgQWBBSGQwwMIdxiI7P+CFU/Z968XZaSGzCCAX0GCisGAQQB1nkC\n" + - "BAIEggFtBIIBaQFnAHUArfe++nz/EMiLnT2cHj4YarRnKV3PsQwkyoWGNOvcgooA\n" + - "AAF/h9eOGgAABAMARjBEAiBaneK2CTn9lH28CUnL2C2/WklUYkvygMiDrtCIUXfw\n" + - "gQIgJrGxwgGlsYzUdZyZY/oNWSLByO8/Jb5LXbNibdk5SnAAdwDoPtDaPvUGNTLn\n" + - "Vyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAX+H14/NAAAEAwBIMEYCIQCVtuV9p/Ug\n" + - "IhwVoMUjPp1KzGte/FmDaKPx432VjOpD+AIhANKWkDEuVnMzPH8sdJCL+eXoB0Q7\n" + - "0mpe5dHEiFJS8lTBAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoA\n" + - "AAF/h9eTcQAABAMARjBEAiAjdYhnzPe9lJksk94ngl7PLDRi71tSRN7SslibEyv+\n" + - "XAIgLQ5NKQAaJnF8oA7WnHB8gyJ/8kqZi52d1WFgARDLR30wDQYJKoZIhvcNAQEL\n" + - "BQADggIBAJhLhW5Gh9yOPKsrMhABd7U5juc5ev97c6s7Az70Yr5/EtH6TlgC6a1N\n" + - "i0yzFOeXzAR8Svsq6HzqP9kMJkEFIrdWH8JZdEv871EjYetEzLLnO0m+dNEROJAh\n" + - "fcJ2w2LufPNaQ327tGY/DxDH9jdtgquReO01bPlJ0Yc5J3maz4XapeUm/kQ8dRzS\n" + - "0UBOxfUlEMpDatZzg7wugy7g9vOndW/VbtbN5Iioq2bjuykPJZfZUx4cCAmLUS7w\n" + - "bqPThQ54PnybiPXaF8cH1Gq0Rs/lGB1erzRXRXHgMy61mFY944r13oATnSdTy8Gm\n" + - "QoMsVp9w7WBRo8O4PR606Ke8Ufm9Kg2GJ1sHClf70FNFO/OSFlr3BLDG0vEMdgVW\n" + - "9QLu6UQXa9PhWMoo030k5fmUySzIUljXnstj3rgcD2HE1UrobTqyRHbbQ8JVWaF0\n" + - "PrPR4WDFI9dY0jixVQucKlX6FCqsyNrJF8GWDlZH+Cd8bk+MA9fKUuX/vmoOc2d+\n" + - "bvOCliME7YjAJkyclk6yiFIMnqyh+TD0d8WbjE94YC/293Xqb6WGkRhhsCX9RUrk\n" + - "I6QbS2uicCFGjRsPmjvMkDDxS00MShRl2K/KpsAx68Cv/Gcw3bv31obwNXTB2IBg\n" + - "gI0MfBHnjIp1nmNvCNmVIP52YrGQyC2JE7+GZUWTuwUVeDgBhiEZ\n" + - "-----END CERTIFICATE-----"; - - // Owner: SERIALNUMBER=S230120951, CN=revoked.servicesca.dhimyotis.com, - // OU=0002 48146308100036, O=DHIMYOTIS, L=VILLENEUVE D'ASCQ, C=FR - // Issuer: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, - // OU=0002 48146308100036, O=DHIMYOTIS, C=FR - // Serial number: f88f2566b3dbf73763622db9b2bf9cc - // Valid from: Sun Mar 13 16:00:00 PDT 2022 until: Mon Mar 13 15:59:59 PDT 2023 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIImTCCBoGgAwIBAgIQD4jyVms9v3N2NiLbmyv5zDANBgkqhkiG9w0BAQsFADB9\n" + - "MQswCQYDVQQGEwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAy\n" + - "IDQ4MTQ2MzA4MTAwMDM2MR0wGwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEd\n" + - "MBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMgQ0EwHhcNMjIwMzEzMjMwMDAwWhcN\n" + - "MjMwMzEzMjI1OTU5WjCBmzELMAkGA1UEBhMCRlIxGjAYBgNVBAcMEVZJTExFTkVV\n" + - "VkUgRCdBU0NRMRIwEAYDVQQKDAlESElNWU9USVMxHDAaBgNVBAsMEzAwMDIgNDgx\n" + - "NDYzMDgxMDAwMzYxKTAnBgNVBAMMIHJldm9rZWQuc2VydmljZXNjYS5kaGlteW90\n" + - "aXMuY29tMRMwEQYDVQQFEwpTMjMwMTIwOTUxMIIBIjANBgkqhkiG9w0BAQEFAAOC\n" + - "AQ8AMIIBCgKCAQEAouvIzemKChCjYICW+TzRigLkqaTdMLnaPlGaXyCCoEUS6nkK\n" + - "QnrwTgebf1X9/mwSAuvTo3Ck7CVgE8AMqsPTluSjezCJuED/F3HYy2YsbIhnVK/i\n" + - "uSzKsDGVY3RlVNm2MA2viVTNBbOFhk4kefYqpDCmp3EGvIDOCb7Y5PTuKKQ79s97\n" + - "uDm+0WoBnOdwSuZMUg+hvINBgu2JQFwiWP0g/SxoK6Ci9SVokM3zR4KgECkMVArf\n" + - "cH0dN+5SYvByaGegQJy7TdKqDsf1lIHM19tUXcxOBNRgV3Rf7WMNIlERtLXjRfke\n" + - "IWXf8QtXRVIH/i/PoVTDo2qvQOMnZFY/Eb5dFQIDAQABo4ID9DCCA/AwgeQGCCsG\n" + - "AQUFBwEBBIHXMIHUMDgGCCsGAQUFBzAChixodHRwOi8vYXV0b3JpdGUuZGhpbXlv\n" + - "dGlzLmNvbS9zZXJ2aWNlc2NhLmRlcjA2BggrBgEFBQcwAoYqaHR0cDovL2F1dG9y\n" + - "aXRlLmNlcnRpZ25hLmZyL3NlcnZpY2VzY2EuZGVyMDAGCCsGAQUFBzABhiRodHRw\n" + - "Oi8vc2VydmljZXNjYS5vY3NwLmRoaW15b3Rpcy5jb20wLgYIKwYBBQUHMAGGImh0\n" + - "dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGlnbmEuZnIwHwYDVR0jBBgwFoAUrOyG\n" + - "j0s3HLh/FxsZ0K7oTuM0XBIwCQYDVR0TBAIwADBhBgNVHSAEWjBYMAgGBmeBDAEC\n" + - "AjBMBgsqgXoBgTECBQEBATA9MDsGCCsGAQUFBwIBFi9odHRwczovL3d3dy5jZXJ0\n" + - "aWduYS5jb20vYXV0b3JpdGUtY2VydGlmaWNhdGlvbjBlBgNVHR8EXjBcMCugKaAn\n" + - "hiVodHRwOi8vY3JsLmNlcnRpZ25hLmZyL3NlcnZpY2VzY2EuY3JsMC2gK6Aphido\n" + - "dHRwOi8vY3JsLmRoaW15b3Rpcy5jb20vc2VydmljZXNjYS5jcmwwEwYDVR0lBAww\n" + - "CgYIKwYBBQUHAwEwDgYDVR0PAQH/BAQDAgWgMEwGA1UdEQRFMEOCH3Jldm9rZWQu\n" + - "c2VydmljZXNjYS5jZXJ0aWduYS5jb22CIHJldm9rZWQuc2VydmljZXNjYS5kaGlt\n" + - "eW90aXMuY29tMB0GA1UdDgQWBBTGIed1eHBS8Z1H3PdMkItpjyjq2TCCAX0GCisG\n" + - "AQQB1nkCBAIEggFtBIIBaQFnAHcArfe++nz/EMiLnT2cHj4YarRnKV3PsQwkyoWG\n" + - "NOvcgooAAAF/h9g4MAAABAMASDBGAiEAp/1fQB730JrX9YGD3d1Uq7rTAL95tMKe\n" + - "G6kgUP1GEWoCIQCzi6feA3cImTH6tVZALNEmve/n8SVFAvD2AvX8ioCD9QB1AOg+\n" + - "0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABf4fYNHcAAAQDAEYwRAIg\n" + - "Dnd8oOV7/MuaiyR23qbdRVf1kBSsDxnLp1/vRdD0JTYCIAw7LuZalEVa/0KpuNHs\n" + - "NIdUJgV4Vioa2xkb9fdPIhtkAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PAD\n" + - "Dnk2pZoAAAF/h9g7nwAABAMARjBEAiA80M1W3V3iKjm6Dwn+hKkmvGiuXZoM6o3f\n" + - "QJsZ2ZOx0QIgUiS3I83WzoCdD4qO9rlmDQhRD69CeVzCgLtkaTPz3JYwDQYJKoZI\n" + - "hvcNAQELBQADggIBADKub0gNyasTvURoYukQCllqDC+SvWA4TURBcmQMNjdVkreJ\n" + - "B3O91HZhTyhrCBJxybeIG89zuRI6rjTpHCQGFqtP7968NA3eUlxGGnAPpw6VbN47\n" + - "Ake+CRI9XnhxcKmTGm987DjtIBH42BedS59P1T56grZP5ysOog9Hz4eYo2ytbZqt\n" + - "P/DHggivymaaiIaBsqup8C7/XN3vVAa/yo1FeLJ48i1d0M9hjGBUFMajd8Y5+pE7\n" + - "p6Nb5mT1LXbetORYXMyG3MiJQPBAr1dLnRGnOZxc1Kxa1QwoAFQAFIXFpqfBwfHi\n" + - "NaSDdFS/wLbpe7UvtC8FWLq9sgITDEkPqDPCsbu8Vc7OxaMhBJ7HQGaAYMReGADG\n" + - "Elx9ffAc+dFR62zFnqMLouaEznZ7FVNmU3cYbrFVBvnGmoDRe0AKUoYv5DCiawUg\n" + - "qeQS69DgG7DOE5VIDaWX2Cevy81mz7O8EVQsyS15J/MUxzWfQpRaHUqkge6G9FSH\n" + - "hF/Nm48oWgpWop5aIF2O6bA/Bt1VvAWdypUPUr4gtpYIQoOQBzTFgBVWUeOTOImE\n" + - "avvpzSwGQfZkB7t5PcAQ+zYGxWq7fr30/qY3geePcXJCGWS6PXyj8lNn4CaJ2sMF\n" + - "GKxNJGD49/5uoxi3b3TzGUn/3eG2qP2RZoXZ6ZPLAo+moIy3XLwMoZm3Im8r\n" + - "-----END CERTIFICATE-----"; - - public static void main(String[] args) throws Exception { - - ValidatePathWithParams pathValidator; - String[] validChainToValidate; - String[] revChainToValidate; - - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator = new ValidatePathWithParams(null); - pathValidator.enableCRLCheck(); - - validChainToValidate = new String[]{VALID, INT}; - revChainToValidate = new String[]{REVOKED, INT}; - } else { - // OCSP check by default - // int certificate doesn't specify OCSP responder - pathValidator = new ValidatePathWithParams(new String[]{INT}); - pathValidator.enableOCSPCheck(); - - validChainToValidate = new String[]{VALID}; - revChainToValidate = new String[]{REVOKED}; - } - - // Validate valid - pathValidator.validate(validChainToValidate, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(revChainToValidate, - ValidatePathWithParams.Status.REVOKED, - "Mon Mar 14 03:00:16 PDT 2022", System.out); - } -} - diff --git a/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/CertignaRoots.java b/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/CertignaRoots.java new file mode 100644 index 00000000000..92744eac3d0 --- /dev/null +++ b/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/CertignaRoots.java @@ -0,0 +1,293 @@ +/* + * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8245654 8314960 + * @summary Interoperability tests with Certigna Root CAs from Dhimyotis + * @build ValidatePathWithParams + * @run main/othervm -Djava.security.debug=certpath CertignaRoots OCSP + * @run main/othervm -Djava.security.debug=certpath CertignaRoots CRL + */ + +/* + * Obtain TLS test artifacts for Certigna Root CAs from: + * + * Valid TLS Certificates: + * https://valid.servicesca.dhimyotis.com/ + * + * Revoked TLS Certificates: + * https://revoked.servicesca.dhimyotis.com/ + */ +public class CertignaRoots { + + // Owner: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, + // OU=0002 48146308100036, O=DHIMYOTIS, C=FR + // Issuer: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR + // Serial number: fd30cf04344fc38dd90c4e70753d0623 + // Valid from: Wed Nov 25 03:37:21 PST 2015 until: Fri Jun 03 04:37:21 PDT 2033 + private static final String INT_CERTIGNA_ROOT_CA = "-----BEGIN CERTIFICATE-----\n" + + "MIIHETCCBPmgAwIBAgIRAP0wzwQ0T8ON2QxOcHU9BiMwDQYJKoZIhvcNAQELBQAw\n" + + "WjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAw\n" + + "MiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0x\n" + + "NTExMjUxMTM3MjFaFw0zMzA2MDMxMTM3MjFaMH0xCzAJBgNVBAYTAkZSMRIwEAYD\n" + + "VQQKDAlESElNWU9USVMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgxMDAwMzYxHTAb\n" + + "BgNVBGEMFE5UUkZSLTQ4MTQ2MzA4MTAwMDM2MR0wGwYDVQQDDBRDZXJ0aWduYSBT\n" + + "ZXJ2aWNlcyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALPM+7Lp\n" + + "WBz9wFcPaTc3xnB+5g0XrnptB0EPPfrR04vO52Ykm4ky1d4ZLd10tbM1fa1RqNSO\n" + + "VWWg93O4pL7zCFKlz6JV74ZZVhHpEAwzBwv2oPnxvVbxtSN67xsSY66ahUYxjzs8\n" + + "+3FhmsiRxqwnTYvK2u70uglUvRisOKyTL/M6JnrC4y8tlmoz7OSa5BmBMVplJFQt\n" + + "vmON6N9aHLvYMz+EyJPCbXL6pELxeHjFT5QmIaRamsr2DOTaCjtBZKI1Wnh3X7ln\n" + + "bjM8MESJiV2t7E9tIQNG0Z/HI3tO4aaUMum3KysY5sC8v3vi7rryGidgzHQhrtP0\n" + + "ZXWW5UH/k7umLS/P/XXWnCFpc2Lxa1uDGfc2im7xibRoPP+JNZszN76euFlls6jy\n" + + "EXAiwnVr14tVVTewLK0OWs5SJHpEKp8PGMZRDj59EmMvokWwzL6QzNZ6vVAp00oO\n" + + "m05sbspNY9+MFqGKKUsKvhFGEa4XmRNxDe6KswLcjPZB+NKHZ0QWFd4ip5C5XmEK\n" + + "/8qIPjwVr9dah9+oiHGGO8Wx7gJAMF5DTmkvW7GhqCKj1LmHnabjzc8av6kxWVQZ\n" + + "i/C7HCm9i/W4wio+JA2EAFLqNL3GPNbK9kau4yPhQt/c7zxzo0OHnlsV4THCG7oO\n" + + "Cd3cfCiyfQcb3FBt6OSpaKRZxjCLBwP00r0fAgMBAAGjggGtMIIBqTASBgNVHRMB\n" + + "Af8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUrOyGj0s3HLh/\n" + + "FxsZ0K7oTuM0XBIwHwYDVR0jBBgwFoAUGIdW4G537iQ1PE5zmh/W4eJ5fiswSQYD\n" + + "VR0gBEIwQDA+BgoqgXoBgTECAAEBMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3\n" + + "LmNlcnRpZ25hLmZyL2F1dG9yaXRlcy8wgYgGCCsGAQUFBwEBBHwwejA6BggrBgEF\n" + + "BQcwAoYuaHR0cDovL2F1dG9yaXRlLmNlcnRpZ25hLmZyL2NlcnRpZ25hcm9vdGNh\n" + + "LmRlcjA8BggrBgEFBQcwAoYwaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v\n" + + "Y2VydGlnbmFyb290Y2EuZGVyMG0GA1UdHwRmMGQwL6AtoCuGKWh0dHA6Ly9jcmwu\n" + + "Y2VydGlnbmEuZnIvY2VydGlnbmFyb290Y2EuY3JsMDGgL6AthitodHRwOi8vY3Js\n" + + "LmRoaW15b3Rpcy5jb20vY2VydGlnbmFyb290Y2EuY3JsMA0GCSqGSIb3DQEBCwUA\n" + + "A4ICAQCI5QbprXJ93L+JWHYpUTinXAMSvXMx2dmNm4mIiJRAbGnBOoEYx7M61fbL\n" + + "L5EJIYZhw8jLmeYVFuMao5OJLwda+RMmVzE7lyTGsY64IDKdwogByNCqbKzrlhnU\n" + + "8myyMNB0BDs2jgwQe2Dj9v+MddeHr7sDqvs7R1tSS5hoASLtdQhO7oxUzr3m7M8q\n" + + "+lh4jszli+cjfiPUVS2ADFu4ccQIh4OsIX6SWdU+8R+c/fn0FV6ip4SAVbNyCToz\n" + + "0ZbZKO8YTJgORxRmvrop9dPyuLWjaRrZ0LMx4a3EM3sQDPDqmsG0lHtfFj2PiJvq\n" + + "4lEYA+gDiLKODI+3DJMqo559m3QSS52DsShomHX/Txd0lJoZwepCE6X4KkG9FHjV\n" + + "WXyLgYFwCOcn+hkLhdpblms0wtjeSPITGOioSkefzhleJnDgJ9X4M3svd0HLTpJi\n" + + "lC1DmDZgdrXWITVdOoCogr2LFKNiGd0tbpKG533eKpfBALlm+afc6j73p1KhJEAn\n" + + "AfydDZqBRqv6+HHYplNDn/K2I1CZdkwaGrx3HOR/voGUi1sUI+hYbsPAFu8ZxrhD\n" + + "9UiysmLCfEUhqkbojony+L2mKsoLqyd24emQzn7GgMa7emlWX2jQUTwrD4SliZ2u\n" + + "OetVaZX5RLyqJWs4Igo/xye0xtMQN8INJ4hSZvnMQ1qFtuSRcQ==\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, + // OU=0002 48146308100036, O=DHIMYOTIS, C=FR + // Issuer: CN=Certigna, O=Dhimyotis, C=FR + // Serial number: 6f82fa28acd6f784bb5b120ba87367ad + // Valid from: Wed Nov 25 03:33:52 PST 2015 until: Sat Nov 22 03:33:52 PST 2025 + private static final String INT_CERTIGNA = "-----BEGIN CERTIFICATE-----\n" + + "MIIGFjCCBP6gAwIBAgIQb4L6KKzW94S7WxILqHNnrTANBgkqhkiG9w0BAQsFADA0\n" + + "MQswCQYDVQQGEwJGUjESMBAGA1UECgwJRGhpbXlvdGlzMREwDwYDVQQDDAhDZXJ0\n" + + "aWduYTAeFw0xNTExMjUxMTMzNTJaFw0yNTExMjIxMTMzNTJaMH0xCzAJBgNVBAYT\n" + + "AkZSMRIwEAYDVQQKDAlESElNWU9USVMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgx\n" + + "MDAwMzYxHTAbBgNVBGEMFE5UUkZSLTQ4MTQ2MzA4MTAwMDM2MR0wGwYDVQQDDBRD\n" + + "ZXJ0aWduYSBTZXJ2aWNlcyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC\n" + + "ggIBALPM+7LpWBz9wFcPaTc3xnB+5g0XrnptB0EPPfrR04vO52Ykm4ky1d4ZLd10\n" + + "tbM1fa1RqNSOVWWg93O4pL7zCFKlz6JV74ZZVhHpEAwzBwv2oPnxvVbxtSN67xsS\n" + + "Y66ahUYxjzs8+3FhmsiRxqwnTYvK2u70uglUvRisOKyTL/M6JnrC4y8tlmoz7OSa\n" + + "5BmBMVplJFQtvmON6N9aHLvYMz+EyJPCbXL6pELxeHjFT5QmIaRamsr2DOTaCjtB\n" + + "ZKI1Wnh3X7lnbjM8MESJiV2t7E9tIQNG0Z/HI3tO4aaUMum3KysY5sC8v3vi7rry\n" + + "GidgzHQhrtP0ZXWW5UH/k7umLS/P/XXWnCFpc2Lxa1uDGfc2im7xibRoPP+JNZsz\n" + + "N76euFlls6jyEXAiwnVr14tVVTewLK0OWs5SJHpEKp8PGMZRDj59EmMvokWwzL6Q\n" + + "zNZ6vVAp00oOm05sbspNY9+MFqGKKUsKvhFGEa4XmRNxDe6KswLcjPZB+NKHZ0QW\n" + + "Fd4ip5C5XmEK/8qIPjwVr9dah9+oiHGGO8Wx7gJAMF5DTmkvW7GhqCKj1LmHnabj\n" + + "zc8av6kxWVQZi/C7HCm9i/W4wio+JA2EAFLqNL3GPNbK9kau4yPhQt/c7zxzo0OH\n" + + "nlsV4THCG7oOCd3cfCiyfQcb3FBt6OSpaKRZxjCLBwP00r0fAgMBAAGjggHZMIIB\n" + + "1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU\n" + + "rOyGj0s3HLh/FxsZ0K7oTuM0XBIwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF\n" + + "9lo53BGhOKQ2MDQxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAP\n" + + "BgNVBAMMCENlcnRpZ25hggkA/tzjAQ/JSP8wSQYDVR0gBEIwQDA+BgoqgXoBgTEB\n" + + "AAECMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmNlcnRpZ25hLmZyL2F1dG9y\n" + + "aXRlcy8wfAYIKwYBBQUHAQEEcDBuMDQGCCsGAQUFBzAChihodHRwOi8vYXV0b3Jp\n" + + "dGUuY2VydGlnbmEuZnIvY2VydGlnbmEuZGVyMDYGCCsGAQUFBzAChipodHRwOi8v\n" + + "YXV0b3JpdGUuZGhpbXlvdGlzLmNvbS9jZXJ0aWduYS5kZXIwYQYDVR0fBFowWDAp\n" + + "oCegJYYjaHR0cDovL2NybC5jZXJ0aWduYS5mci9jZXJ0aWduYS5jcmwwK6ApoCeG\n" + + "JWh0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9jZXJ0aWduYS5jcmwwDQYJKoZIhvcN\n" + + "AQELBQADggEBAGLft7gIuGPZVfg0cTM+HT2xAZFPDb/2+siH06x+dH044zMKbBIN\n" + + "bRzhKipwB1A3MW8FQjveE9tyrfyuqZE/X+o2SlGcdNV44ybYkxo4f6kcLEavV/IW\n" + + "+oFEnojZlhpksYcxrvQoEyqkAwshe8IS2KtZHKVACrt+XSs0lwvy7ALGmHaF7A4b\n" + + "y6cZWItA7Lhj8XWp+8tBJDj7HocRbWtxzEODdBuyMgJzFrNjc+97J0vH/K0+3yjm\n" + + "kczpKshMA0tM+MF9XDMN/MuwrPmUWGO/fHiqHgUp8yqeWtl1n44ZxkkK1t9GRwhn\n" + + "DWLv73/xhTmdhWYQ/reo0GbgBoLiltKmIJQ=\n" + + "-----END CERTIFICATE-----"; + + // Owner: SERIALNUMBER=S266241169, CN=valid.servicesca.dhimyotis.com, O=DHIMYOTIS, + // L=VILLENEUVE D'ASCQ, C=FR + // Issuer: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, OU=0002 + // 48146308100036, O=DHIMYOTIS, C=FR + // Serial number: c641ef7b0340c21515d8c462e729dc0e + // Valid from: Thu Mar 09 15:00:00 PST 2023 until: Mon Mar 11 15:59:59 PDT 2024 + private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIIdzCCBl+gAwIBAgIRAMZB73sDQMIVFdjEYucp3A4wDQYJKoZIhvcNAQELBQAw\n" + + "fTELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURISU1ZT1RJUzEcMBoGA1UECwwTMDAw\n" + + "MiA0ODE0NjMwODEwMDAzNjEdMBsGA1UEYQwUTlRSRlItNDgxNDYzMDgxMDAwMzYx\n" + + "HTAbBgNVBAMMFENlcnRpZ25hIFNlcnZpY2VzIENBMB4XDTIzMDMwOTIzMDAwMFoX\n" + + "DTI0MDMxMTIyNTk1OVowezELMAkGA1UEBhMCRlIxGjAYBgNVBAcMEVZJTExFTkVV\n" + + "VkUgRCdBU0NRMRIwEAYDVQQKDAlESElNWU9USVMxJzAlBgNVBAMMHnZhbGlkLnNl\n" + + "cnZpY2VzY2EuZGhpbXlvdGlzLmNvbTETMBEGA1UEBRMKUzI2NjI0MTE2OTCCASIw\n" + + "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJDrFpZWEeBJoMUuG37wEmJ7XVeX\n" + + "Jde1bgURpFbLwifRj2TVmMdtfg9hXHL7B7Mh/+I8/e7kJz8mlU9qUYKyH24oAitE\n" + + "myXYHAKTydqTseiM3mp92n4PM+DrgsdbT7bpmiirNM0/sqWFNyGUz7kP6Z5E3uuU\n" + + "HSlzX1LBBj8S0ORNZWvomQho11gjuZJRS72X4XTnSc0DESwnLp2irUfx7pflBNt0\n" + + "sLE8BhpNSSQd91naJVKtCtn0H7df+o4gGBt2ZceCLBwU0NwN8+KXz06KjP8298V4\n" + + "P3+eR2QxAw4QBIanRaG6Gd4AmpdIaT7TpiYHotjrJ/Pbx5C8/cmgxxlmtI0CAwEA\n" + + "AaOCA/IwggPuMIHkBggrBgEFBQcBAQSB1zCB1DA2BggrBgEFBQcwAoYqaHR0cDov\n" + + "L2F1dG9yaXRlLmNlcnRpZ25hLmZyL3NlcnZpY2VzY2EuZGVyMDgGCCsGAQUFBzAC\n" + + "hixodHRwOi8vYXV0b3JpdGUuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmRlcjAu\n" + + "BggrBgEFBQcwAYYiaHR0cDovL3NlcnZpY2VzY2Eub2NzcC5jZXJ0aWduYS5mcjAw\n" + + "BggrBgEFBQcwAYYkaHR0cDovL3NlcnZpY2VzY2Eub2NzcC5kaGlteW90aXMuY29t\n" + + "MB8GA1UdIwQYMBaAFKzsho9LNxy4fxcbGdCu6E7jNFwSMAkGA1UdEwQCMAAwYQYD\n" + + "VR0gBFowWDAIBgZngQwBAgIwTAYLKoF6AYExAgUBAQEwPTA7BggrBgEFBQcCARYv\n" + + "aHR0cHM6Ly93d3cuY2VydGlnbmEuY29tL2F1dG9yaXRlLWNlcnRpZmljYXRpb24w\n" + + "ZQYDVR0fBF4wXDAtoCugKYYnaHR0cDovL2NybC5kaGlteW90aXMuY29tL3NlcnZp\n" + + "Y2VzY2EuY3JsMCugKaAnhiVodHRwOi8vY3JsLmNlcnRpZ25hLmZyL3NlcnZpY2Vz\n" + + "Y2EuY3JsMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIFoDBIBgNV\n" + + "HREEQTA/gh12YWxpZC5zZXJ2aWNlc2NhLmNlcnRpZ25hLmNvbYIedmFsaWQuc2Vy\n" + + "dmljZXNjYS5kaGlteW90aXMuY29tMB0GA1UdDgQWBBSzyYZfPBt65RUDq98+e0AK\n" + + "U8pd/jCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHcA7s3QZNXbGs7FXLedtM0T\n" + + "ojKHRny87N7DUUhZRnEftZsAAAGGy1ZNXwAABAMASDBGAiEAyG838/RfBOpojEI/\n" + + "cx++f0tvuDbc/rVa0WNcd2f9HekCIQDVKV2wI3VkD3wNmO93m022H7kvKD1OBEhw\n" + + "Tn6+0ZLA6QB2AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABhstW\n" + + "TcYAAAQDAEcwRQIhAOuj/r5G1wHNgFOMg3jsr3uWmWzIIkTmwmp4hJqvsJzzAiBf\n" + + "nm/jZCUW8DFY+iC+O/+Hzsk/kVDkKIlBDd6rA3MzJgB2AFWB1MIWkDYBSuoLm1c8\n" + + "U/DA5Dh4cCUIFy+jqh0HE9MMAAABhstWTw4AAAQDAEcwRQIgRbCAqI1/nxc6P4de\n" + + "Fqg/zc1+ldMDWjeamWjhctciGsgCIQDHQ4OKj0AA7hQKFIe1SVp+00BxRefFGmq7\n" + + "ZJ+8q+pRqzANBgkqhkiG9w0BAQsFAAOCAgEAVkzCC9LIHU+iOi+GFeCtWxxa5Fsk\n" + + "5gXnDJmtbdoVe2TJvOhrb+VnNI7/Ak+csBv3vxNl3P3DXIbPryB98aelleX7pkfP\n" + + "PcKhFAlbwzbII2D3L0mjFLERtVwdnoEJXXKcHsb9hJResKipZ//daMPD8FthHvEE\n" + + "HmtOrR0lHLjhbi4ODq0e4xyygbxFXXl5CCjtBw0jBtZaMDQaC3eemK9LkOggLz3h\n" + + "qs/+VQ7RyKfcKCuGC5Wb4GJR+IDKH812hFsUWmXe26MPoyTrzLNq6tfQZHSuY5Hj\n" + + "K0ZwldEkUZ2Hd7PrRlhCiGdVCp/2kS2yefhUkvX7Z5K5wX6n+LylfzOTvWf6ZPwQ\n" + + "1jTI0Js8ig4eHF25GlqgOWrqbyF9j67kLs3f7/c5Kx3FlclJ7/vlL8zEcTmGU7rm\n" + + "ZFOhEMDT/UYkitqAOvrgT60oIm9YJ1XTAVTeDbW0FFAb2nFmeBOrw8N3jaCb+jpO\n" + + "ysBA/lDaGTiQhMlJK44vwgS+TjbeWHxvmAE5srKa7MWU8Mmku2vuX95lupJo4LmD\n" + + "zOsihH00hyhtHFUB1TGXuaf77kFsipE6iycyxpcrpJ1UAWiZrba6PAZ85TbYhEdY\n" + + "FDNm7F7CVPU67HV5gE2kDa3Jprd1SjwO095LsRptWhzxUByhee3JI0jljBTaKowy\n" + + "jPv8oekm7zqCLzY=\n" + + "-----END CERTIFICATE-----"; + + // Owner: SERIALNUMBER=S266251168, CN=revoked.servicesca.certigna.com, O=DHIMYOTIS, + // L=VILLENEUVE D'ASCQ, C=FR + // Issuer: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, OU=0002 + // 48146308100036, O=DHIMYOTIS, C=FR + // Serial number: e863f752a23a735e3ccf958abf18565b + // Valid from: Thu Mar 09 15:00:00 PST 2023 until: Fri Mar 08 14:59:59 PST 2024 + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIIezCCBmOgAwIBAgIRAOhj91KiOnNePM+Vir8YVlswDQYJKoZIhvcNAQELBQAw\n" + + "fTELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURISU1ZT1RJUzEcMBoGA1UECwwTMDAw\n" + + "MiA0ODE0NjMwODEwMDAzNjEdMBsGA1UEYQwUTlRSRlItNDgxNDYzMDgxMDAwMzYx\n" + + "HTAbBgNVBAMMFENlcnRpZ25hIFNlcnZpY2VzIENBMB4XDTIzMDMwOTIzMDAwMFoX\n" + + "DTI0MDMwODIyNTk1OVowfDELMAkGA1UEBhMCRlIxGjAYBgNVBAcMEVZJTExFTkVV\n" + + "VkUgRCdBU0NRMRIwEAYDVQQKDAlESElNWU9USVMxKDAmBgNVBAMMH3Jldm9rZWQu\n" + + "c2VydmljZXNjYS5jZXJ0aWduYS5jb20xEzARBgNVBAUTClMyNjYyNTExNjgwggEi\n" + + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCBqKNjMkHqJ9EQa3CjuZ6EYMz6\n" + + "mWODrEucRcJDihYMigaV1oRyquGlFQ82ootXaK5bU+EYSMmUwbRpdZ9G/oZUn2+K\n" + + "MKAFDI+MoZoFhQC+2w0AzJycCf/hShUVxcRREKRKdfzv+k5YHj3e8ic16tGlTFXT\n" + + "IF1x3y2Uru7mzZARsZJqnRqaqPPghT/QlBpcA04yLi3iSpgO++mRrJxTUoUHlDw/\n" + + "a1nhqnDgH2yKN7tSfwFTetnXat6/UVt0CJ/6dJF6oY8bGWO1YB03Xdq735eLdJE4\n" + + "t38pV/X8rf5Mc9ZQh8IGrjVW83M8mQmqaX5rbsOl0ZCA/q6RWxRFEF2SwK+dAgMB\n" + + "AAGjggP1MIID8TCB5AYIKwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6\n" + + "Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9zZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcw\n" + + "AoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20vc2VydmljZXNjYS5kZXIw\n" + + "LgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGlnbmEuZnIw\n" + + "MAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNv\n" + + "bTAfBgNVHSMEGDAWgBSs7IaPSzccuH8XGxnQruhO4zRcEjAJBgNVHRMEAjAAMGEG\n" + + "A1UdIARaMFgwCAYGZ4EMAQICMEwGCyqBegGBMQIFAQEBMD0wOwYIKwYBBQUHAgEW\n" + + "L2h0dHBzOi8vd3d3LmNlcnRpZ25hLmNvbS9hdXRvcml0ZS1jZXJ0aWZpY2F0aW9u\n" + + "MGUGA1UdHwReMFwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2\n" + + "aWNlc2NhLmNybDAroCmgJ4YlaHR0cDovL2NybC5jZXJ0aWduYS5mci9zZXJ2aWNl\n" + + "c2NhLmNybDATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAwTAYD\n" + + "VR0RBEUwQ4IgcmV2b2tlZC5zZXJ2aWNlc2NhLmRoaW15b3Rpcy5jb22CH3Jldm9r\n" + + "ZWQuc2VydmljZXNjYS5jZXJ0aWduYS5jb20wHQYDVR0OBBYEFEQsKyX8x8zVxVC2\n" + + "HEK7+bOBLoMkMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgDuzdBk1dsazsVc\n" + + "t520zROiModGfLzs3sNRSFlGcR+1mwAAAYbLTxPnAAAEAwBHMEUCIQD16IHX+8+4\n" + + "zWnxIME4rzCgQIA4m5OsEqP6ssgRG5iurwIgdBOGFGlF6+DGPSm5FKuk5ShAA8ZC\n" + + "AE+E27CKLkBTnfgAdgB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+ZnTFo6dAAA\n" + + "AYbLTxRMAAAEAwBHMEUCIDmW9elysDm3zAeIXsgJwmL33EoMTyVhA3ah2jkvMjzv\n" + + "AiEA6aIZXtwk2DnFt+GA6gLr4UgswUCuK4wxheDVwbpSw/4AdgA7U3d1Pi25gE6L\n" + + "MFsG/kA7Z9hPw/THvQANLXJv4frUFwAAAYbLTxXAAAAEAwBHMEUCIQDGuOg7koEE\n" + + "H9K4VkSHaDD9rAndys2BtswdspfRKUFR3QIgVZ7QUX3H56ECuI8wsAkSjBze4lBO\n" + + "RgfN2xh3l9xQOK0wDQYJKoZIhvcNAQELBQADggIBAFQTTtyQSoV4Zq3QYMnb0yEp\n" + + "u6Hwic/wpYN5L0km+zZoHWuf58vfj8Yg/sfKmftGSZHDdc3NfYSVBlT/0Hl4SDhi\n" + + "zHLLyapoX2GNhbg3esu0Y1fch8E16z2A/wAwrFvxI0XrjHpOyDp4CBDYqDADNPiL\n" + + "vlEkiwP6r7WHjUdWRb7W0t75uAkcajn46XKpFmaHHie5KBch+KDGsUionuH5ZW8Y\n" + + "klh2B34uLWcGZuIR7PeCO9+91mbn/bBNeabGC70qMStaB139lp9P2M+l2WpyREUK\n" + + "l7qHwTsrlMmNb8n44zGtY4wL9NSYWTdTfhcU0FAPdPcLlnjoQubJ1O0vPkzfVYns\n" + + "WQrslxoCBor6CL6AYMQz3jbzQ0soD3Reb11+uTngWGJZtx4DT09RFB3a+1rcYjiS\n" + + "ijCBB+Lqx0xfLQnfBv1A0wjNqUY+gyEe0SpXqB4edqy5uaqawRRKMuNSnb2BVz0/\n" + + "keo1Kif/GSak+JUBpJ8hkJWygtrWCETUNfoseQhqo3gism0EGxJ04tBp+DRvfbrz\n" + + "X4aBgALRro3jSIR1Ibp+e0fxePwShy715SF2H4SfjvplTAKq5bwztZtQUkPR6fJ7\n" + + "5xT0f762c1yytKP1rHFMvzl6k7QWvC6zb2FeG5UqXJw3wFxxWsCuAUu5SPFfXdno\n" + + "5lIHTTV5rpZBN+PzTZsz\n" + + "-----END CERTIFICATE-----"; + + public static void main(String[] args) throws Exception { + // OCSP check by default + boolean ocspEnabled = args.length < 1 || !"CRL".equalsIgnoreCase(args[0]); + + // CN=Certigna + new CertignaCAs().runTest(ocspEnabled, + VALID, + REVOKED, + INT_CERTIGNA); + + // CN=Certigna Root CA + new CertignaCAs().runTest(ocspEnabled, + VALID, + REVOKED, + INT_CERTIGNA_ROOT_CA); + } +} + +class CertignaCAs { + public void runTest(boolean ocspEnabled, + final String VALID, + final String REVOKED, + final String INT_CERT) throws Exception { + + ValidatePathWithParams pathValidator; + String[] validChainToValidate; + String[] revChainToValidate; + + if (!ocspEnabled) { + pathValidator = new ValidatePathWithParams(null); + pathValidator.enableCRLCheck(); + + validChainToValidate = new String[]{VALID, INT_CERT}; + revChainToValidate = new String[]{REVOKED, INT_CERT}; + } else { + // int certificate doesn't specify OCSP responder + pathValidator = new ValidatePathWithParams(new String[]{INT_CERT}); + pathValidator.enableOCSPCheck(); + + validChainToValidate = new String[]{VALID}; + revChainToValidate = new String[]{REVOKED}; + } + + // Validate valid + pathValidator.validate(validChainToValidate, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Validate Revoked + pathValidator.validate(revChainToValidate, + ValidatePathWithParams.Status.REVOKED, + "Fri Mar 10 03:39:51 PST 2023", System.out); + } +} diff --git a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java index 9caf545b606..dd8918ebc0b 100644 --- a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java +++ b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java @@ -28,7 +28,7 @@ * 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136 * 8223499 8225392 8232019 8234245 8233223 8225068 8225069 8243321 8243320 * 8243559 8225072 8258630 8259312 8256421 8225081 8225082 8225083 8245654 - * 8305975 8304760 8307134 8295894 + * 8305975 8304760 8307134 8295894 8314960 * @summary Check root CA entries in cacerts file */ import java.io.ByteArrayInputStream; @@ -54,12 +54,12 @@ public class VerifyCACerts { + File.separator + "security" + File.separator + "cacerts"; // The numbers of certs now. - private static final int COUNT = 96; + private static final int COUNT = 97; // SHA-256 of cacerts, can be generated with // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 private static final String CHECKSUM - = "9B:AF:A2:BD:88:C9:74:05:7F:DD:F3:97:85:21:18:4A:52:F0:07:CC:46:FD:2B:90:BA:FB:57:09:18:3B:66:0F"; + = "88:72:92:56:FF:E5:A3:E4:39:98:6D:18:0B:BA:CC:0B:66:CB:1D:6D:52:CE:D7:C8:AD:63:B7:F1:5F:02:24:52"; // map of cert alias to SHA-256 fingerprint @SuppressWarnings("serial") private static final Map FINGERPRINT_MAP @@ -257,6 +257,8 @@ public class VerifyCACerts { "34:D8:A7:3E:E2:08:D9:BC:DB:0D:95:65:20:93:4B:4E:40:E6:94:82:59:6E:8B:6F:73:C8:42:6B:01:0A:6F:48"); put("gtsrootecccar4 [jdk]", "34:9D:FA:40:58:C5:E2:63:12:3B:39:8A:E7:95:57:3C:4E:13:13:C8:3F:E6:8F:93:55:6C:D5:E8:03:1B:3C:7D"); + put("certignarootca [jdk]", + "D4:8D:3D:23:EE:DB:50:A4:59:E5:51:97:60:1C:27:77:4B:9D:7B:18:C9:4D:5A:05:95:11:A1:02:50:B9:31:68"); } }; From 1d6f9bd1ea09eb7866cdd1462b24e2c8801f7513 Mon Sep 17 00:00:00 2001 From: Martin Balao Date: Tue, 19 Sep 2023 01:36:16 +0000 Subject: [PATCH 23/34] 8209115: adjust libsplashscreen linux ppc64le builds for easier libpng update Reviewed-by: andrew, phh Backport-of: e4fdd0391733756f5b898371a66b38869d625c77 --- jdk/make/lib/Awt2dLibraries.gmk | 6 ++++++ jdk/src/share/native/sun/awt/libpng/pngpriv.h | 3 --- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/jdk/make/lib/Awt2dLibraries.gmk b/jdk/make/lib/Awt2dLibraries.gmk index 9368a9d508c..01e0369017f 100644 --- a/jdk/make/lib/Awt2dLibraries.gmk +++ b/jdk/make/lib/Awt2dLibraries.gmk @@ -1159,6 +1159,12 @@ ifndef BUILD_HEADLESS_ONLY -DPNG_ARM_NEON_OPT=0 -DPNG_ARM_NEON_IMPLEMENTATION=0 \ $(foreach dir, $(LIBSPLASHSCREEN_DIRS), -I$(dir)) + ifeq ($(OPENJDK_TARGET_OS), linux) + ifeq ($(OPENJDK_TARGET_CPU_ARCH), ppc) + LIBSPLASHSCREEN_CFLAGS += -DPNG_POWERPC_VSX_OPT=0 + endif + endif + ifeq ($(OPENJDK_TARGET_OS), macosx) LIBSPLASHSCREEN_CFLAGS := -I$(JDK_TOPDIR)/src/macosx/native/sun/awt/splashscreen \ $(LIBSPLASHSCREEN_CFLAGS) diff --git a/jdk/src/share/native/sun/awt/libpng/pngpriv.h b/jdk/src/share/native/sun/awt/libpng/pngpriv.h index 5f704260305..73e1e9371a3 100644 --- a/jdk/src/share/native/sun/awt/libpng/pngpriv.h +++ b/jdk/src/share/native/sun/awt/libpng/pngpriv.h @@ -293,13 +293,10 @@ # endif #endif /* PNG_MIPS_MSA_OPT > 0 */ -#ifdef PNG_POWERPC_VSX_API_SUPPORTED #if PNG_POWERPC_VSX_OPT > 0 # define PNG_FILTER_OPTIMIZATIONS png_init_filter_functions_vsx # define PNG_POWERPC_VSX_IMPLEMENTATION 1 #endif -#endif - /* Is this a build of a DLL where compilation of the object modules requires From dd6efb10c26453229dc262f8366af64bd97a9b7f Mon Sep 17 00:00:00 2001 From: Yuri Nesterenko Date: Thu, 5 Oct 2023 16:39:59 +0000 Subject: [PATCH 24/34] 8242330: Arrays should be cloned in several JAAS Callback classes Reviewed-by: andrew Backport-of: 8cd9241448f818b5e307d408ac4395b518791096 --- .../auth/callback/ChoiceCallback.java | 18 ++-- .../auth/callback/ConfirmationCallback.java | 25 +++-- .../security/auth/callback/Mutability.java | 96 +++++++++++++++++++ 3 files changed, 121 insertions(+), 18 deletions(-) create mode 100644 jdk/test/javax/security/auth/callback/Mutability.java diff --git a/jdk/src/share/classes/javax/security/auth/callback/ChoiceCallback.java b/jdk/src/share/classes/javax/security/auth/callback/ChoiceCallback.java index 215a8dd790e..3887f0953de 100644 --- a/jdk/src/share/classes/javax/security/auth/callback/ChoiceCallback.java +++ b/jdk/src/share/classes/javax/security/auth/callback/ChoiceCallback.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,23 +41,23 @@ public class ChoiceCallback implements Callback, java.io.Serializable { * @serial * @since 1.4 */ - private String prompt; + private final String prompt; /** * @serial the list of choices * @since 1.4 */ - private String[] choices; + private final String[] choices; /** * @serial the choice to be used as the default choice * @since 1.4 */ - private int defaultChoice; + private final int defaultChoice; /** * @serial whether multiple selections are allowed from the list of * choices * @since 1.4 */ - private boolean multipleSelectionsAllowed; + private final boolean multipleSelectionsAllowed; /** * @serial the selected choices, represented as indexes into the * {@code choices} list. @@ -109,7 +109,7 @@ public ChoiceCallback(String prompt, String[] choices, } this.prompt = prompt; - this.choices = choices; + this.choices = choices.clone(); this.defaultChoice = defaultChoice; this.multipleSelectionsAllowed = multipleSelectionsAllowed; } @@ -133,7 +133,7 @@ public String getPrompt() { * @return the list of choices. */ public String[] getChoices() { - return choices; + return choices.clone(); } /** @@ -192,7 +192,7 @@ public void setSelectedIndex(int selection) { public void setSelectedIndexes(int[] selections) { if (!multipleSelectionsAllowed) throw new UnsupportedOperationException(); - this.selections = selections; + this.selections = selections == null ? null : selections.clone(); } /** @@ -206,6 +206,6 @@ public void setSelectedIndexes(int[] selections) { * @see #setSelectedIndexes */ public int[] getSelectedIndexes() { - return selections; + return selections == null ? null : selections.clone(); } } diff --git a/jdk/src/share/classes/javax/security/auth/callback/ConfirmationCallback.java b/jdk/src/share/classes/javax/security/auth/callback/ConfirmationCallback.java index 2d85c463ca9..005ff6333fe 100644 --- a/jdk/src/share/classes/javax/security/auth/callback/ConfirmationCallback.java +++ b/jdk/src/share/classes/javax/security/auth/callback/ConfirmationCallback.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -120,31 +120,32 @@ public class ConfirmationCallback implements Callback, java.io.Serializable { /** ERROR message type. */ public static final int ERROR = 2; + /** * @serial * @since 1.4 */ - private String prompt; + private final String prompt; /** * @serial * @since 1.4 */ - private int messageType; + private final int messageType; /** * @serial * @since 1.4 */ - private int optionType = UNSPECIFIED_OPTION; + private final int optionType; /** * @serial * @since 1.4 */ - private int defaultOption; + private final int defaultOption; /** * @serial * @since 1.4 */ - private String[] options; + private final String[] options; /** * @serial * @since 1.4 @@ -206,8 +207,10 @@ public ConfirmationCallback(int messageType, break; } + this.prompt = null; this.messageType = messageType; this.optionType = optionType; + this.options = null; this.defaultOption = defaultOption; } @@ -255,8 +258,10 @@ public ConfirmationCallback(int messageType, throw new IllegalArgumentException(); } + this.prompt = null; this.messageType = messageType; - this.options = options; + this.optionType = UNSPECIFIED_OPTION; + this.options = options.clone(); this.defaultOption = defaultOption; } @@ -323,6 +328,7 @@ public ConfirmationCallback(String prompt, int messageType, this.prompt = prompt; this.messageType = messageType; this.optionType = optionType; + this.options = null; this.defaultOption = defaultOption; } @@ -377,7 +383,8 @@ public ConfirmationCallback(String prompt, int messageType, this.prompt = prompt; this.messageType = messageType; - this.options = options; + this.optionType = UNSPECIFIED_OPTION; + this.options = options.clone(); this.defaultOption = defaultOption; } @@ -437,7 +444,7 @@ public int getOptionType() { * an {@code optionType} instead of {@code options}. */ public String[] getOptions() { - return options; + return options == null ? null : options.clone(); } /** diff --git a/jdk/test/javax/security/auth/callback/Mutability.java b/jdk/test/javax/security/auth/callback/Mutability.java new file mode 100644 index 00000000000..2c77a4e3ab3 --- /dev/null +++ b/jdk/test/javax/security/auth/callback/Mutability.java @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8242330 + * @library /lib/testlibrary + * @summary Arrays should be cloned in several JAAS Callback classes + */ + +import javax.security.auth.callback.ChoiceCallback; +import javax.security.auth.callback.ConfirmationCallback; + +import static jdk.testlibrary.Asserts.assertEQ; + +public class Mutability { + public static void main(String[] args) { + + // #1. ConfirmationCallback.new(3) + String[] i11 = {"1", "2"}; + ConfirmationCallback c1 = new ConfirmationCallback( + ConfirmationCallback.INFORMATION, + i11, + 0); + + // Modify argument of constructor + i11[0] = "x"; + String[] o11 = c1.getOptions(); + assertEQ(o11[0], "1"); + // Modify output + o11[0] = "y"; + String[] o12 = c1.getOptions(); + assertEQ(o12[0], "1"); + + // #2. ConfirmationCallback.new(4) + String[] i21 = {"1", "2"}; + ConfirmationCallback c2 = new ConfirmationCallback( + "Hi", + ConfirmationCallback.INFORMATION, + i21, + 0); + + // Modify argument of constructor + i21[0] = "x"; + assertEQ(c2.getOptions()[0], "1"); + + // #3. ChoiceCallback.new + String[] i31 = {"1", "2"}; + ChoiceCallback c3 = new ChoiceCallback( + "Hi", + i31, + 0, + true); + + // Modify argument of constructor + i31[0] = "x"; + String[] o31 = c3.getChoices(); + assertEQ(o31[0], "1"); + // Modify output of getChoices + o31[0] = "y"; + String[] o32 = c3.getChoices(); + assertEQ(o32[0], "1"); + + int[] s31 = {0, 1}; + c3.setSelectedIndexes(s31); + + // Modify argument of setSelectedIndexes + s31[0] = 1; + int[] s32 = c3.getSelectedIndexes(); + assertEQ(s32[0], 0); + // Modify output of getSelectedIndexes + s32[1] = 0; + int[] s33 = c3.getSelectedIndexes(); + assertEQ(s33[1], 1); + } +} From 50d9af9b9371bedf971ee8c4c73283391f0ebb82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ji=C5=99=C3=AD=20Van=C4=9Bk?= Date: Mon, 25 Sep 2023 14:05:03 +0000 Subject: [PATCH 25/34] 8283441: C2: segmentation fault in ciMethodBlocks::make_block_at(int) Reviewed-by: mbalao Backport-of: 947869609ce6b74d4d28f79724b823d8781adbed --- hotspot/src/share/vm/c1/c1_GraphBuilder.cpp | 12 ++++-- hotspot/src/share/vm/ci/ciMethodBlocks.cpp | 17 +++++--- .../src/share/vm/compiler/methodLiveness.cpp | 9 ++-- hotspot/test/compiler/parsing/Custom.jasm | 38 +++++++++++++++++ ...UnreachableBlockFallsThroughEndOfCode.java | 42 +++++++++++++++++++ 5 files changed, 106 insertions(+), 12 deletions(-) create mode 100644 hotspot/test/compiler/parsing/Custom.jasm create mode 100644 hotspot/test/compiler/parsing/UnreachableBlockFallsThroughEndOfCode.java diff --git a/hotspot/src/share/vm/c1/c1_GraphBuilder.cpp b/hotspot/src/share/vm/c1/c1_GraphBuilder.cpp index 5def6693b6c..800535f97e1 100644 --- a/hotspot/src/share/vm/c1/c1_GraphBuilder.cpp +++ b/hotspot/src/share/vm/c1/c1_GraphBuilder.cpp @@ -206,8 +206,10 @@ void BlockListBuilder::handle_exceptions(BlockBegin* current, int cur_bci) { } void BlockListBuilder::handle_jsr(BlockBegin* current, int sr_bci, int next_bci) { - // start a new block after jsr-bytecode and link this block into cfg - make_block_at(next_bci, current); + if (next_bci < method()->code_size()) { + // start a new block after jsr-bytecode and link this block into cfg + make_block_at(next_bci, current); + } // start a new block at the subroutine entry at mark it with special flag BlockBegin* sr_block = make_block_at(sr_bci, current); @@ -227,6 +229,8 @@ void BlockListBuilder::set_leaders() { // branch target and a modification of the successor lists. BitMap bci_block_start = method()->bci_block_start(); + int end_bci = method()->code_size(); + ciBytecodeStream s(method()); while (s.next() != ciBytecodeStream::EOBC()) { int cur_bci = s.cur_bci(); @@ -297,7 +301,9 @@ void BlockListBuilder::set_leaders() { case Bytecodes::_if_acmpne: // fall through case Bytecodes::_ifnull: // fall through case Bytecodes::_ifnonnull: - make_block_at(s.next_bci(), current); + if (s.next_bci() < end_bci) { + make_block_at(s.next_bci(), current); + } make_block_at(s.get_dest(), current); current = NULL; break; diff --git a/hotspot/src/share/vm/ci/ciMethodBlocks.cpp b/hotspot/src/share/vm/ci/ciMethodBlocks.cpp index 614e75dc3bf..2285eb0a5b4 100644 --- a/hotspot/src/share/vm/ci/ciMethodBlocks.cpp +++ b/hotspot/src/share/vm/ci/ciMethodBlocks.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,12 +33,13 @@ ciBlock *ciMethodBlocks::block_containing(int bci) { + assert(bci >= 0 && bci < _code_size, "valid bytecode range"); ciBlock *blk = _bci_to_block[bci]; return blk; } bool ciMethodBlocks::is_block_start(int bci) { - assert(bci >=0 && bci < _code_size, "valid bytecode range"); + assert(bci >= 0 && bci < _code_size, "valid bytecode range"); ciBlock *b = _bci_to_block[bci]; assert(b != NULL, "must have block for bytecode"); return b->start_bci() == bci; @@ -146,7 +147,9 @@ void ciMethodBlocks::do_analysis() { case Bytecodes::_ifnonnull : { cur_block->set_control_bci(bci); - ciBlock *fall_through = make_block_at(s.next_bci()); + if (s.next_bci() < limit_bci) { + ciBlock *fall_through = make_block_at(s.next_bci()); + } int dest_bci = s.get_dest(); ciBlock *dest = make_block_at(dest_bci); break; @@ -166,7 +169,9 @@ void ciMethodBlocks::do_analysis() { case Bytecodes::_jsr : { cur_block->set_control_bci(bci); - ciBlock *ret = make_block_at(s.next_bci()); + if (s.next_bci() < limit_bci) { + ciBlock *ret = make_block_at(s.next_bci()); + } int dest_bci = s.get_dest(); ciBlock *dest = make_block_at(dest_bci); break; @@ -224,7 +229,9 @@ void ciMethodBlocks::do_analysis() { case Bytecodes::_jsr_w : { cur_block->set_control_bci(bci); - ciBlock *ret = make_block_at(s.next_bci()); + if (s.next_bci() < limit_bci) { + ciBlock *ret = make_block_at(s.next_bci()); + } int dest_bci = s.get_far_dest(); ciBlock *dest = make_block_at(dest_bci); break; diff --git a/hotspot/src/share/vm/compiler/methodLiveness.cpp b/hotspot/src/share/vm/compiler/methodLiveness.cpp index eda1ab156b3..7fb496dc96b 100644 --- a/hotspot/src/share/vm/compiler/methodLiveness.cpp +++ b/hotspot/src/share/vm/compiler/methodLiveness.cpp @@ -268,10 +268,11 @@ void MethodLiveness::init_basic_blocks() { case Bytecodes::_ifnull: case Bytecodes::_ifnonnull: // Two way branch. Set predecessors at each destination. - dest = _block_map->at(bytes.next_bci()); - assert(dest != NULL, "must be a block immediately following this one."); - dest->add_normal_predecessor(current_block); - + if (bytes.next_bci() < method_len) { + dest = _block_map->at(bytes.next_bci()); + assert(dest != NULL, "must be a block immediately following this one."); + dest->add_normal_predecessor(current_block); + } dest = _block_map->at(bytes.get_dest()); assert(dest != NULL, "branch desination must start a block."); dest->add_normal_predecessor(current_block); diff --git a/hotspot/test/compiler/parsing/Custom.jasm b/hotspot/test/compiler/parsing/Custom.jasm new file mode 100644 index 00000000000..73a2b1ff910 --- /dev/null +++ b/hotspot/test/compiler/parsing/Custom.jasm @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package compiler/parsing; + +super public class Custom { + + public static Method test:"(I)V" stack 2 locals 1 { + return; +Loop: + // Unreachable block + iload_0; + bipush 100; + if_icmpge Loop; + // Falls through + } + +} diff --git a/hotspot/test/compiler/parsing/UnreachableBlockFallsThroughEndOfCode.java b/hotspot/test/compiler/parsing/UnreachableBlockFallsThroughEndOfCode.java new file mode 100644 index 00000000000..9dfb488d8c6 --- /dev/null +++ b/hotspot/test/compiler/parsing/UnreachableBlockFallsThroughEndOfCode.java @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + * + */ + +/* + * @test UnreachableBlockFallsThroughEndOfCode.java + * @bug 8283441 + * @compile Custom.jasm UnreachableBlockFallsThroughEndOfCode.java + * @summary Compiling method that falls off the end of the code array + * @run main/othervm -XX:TieredStopAtLevel=1 -Xbatch compiler.parsing.UnreachableBlockFallsThroughEndOfCode + * @run main/othervm -XX:-TieredCompilation -Xbatch compiler.parsing.UnreachableBlockFallsThroughEndOfCode + */ + +package compiler.parsing; + +public class UnreachableBlockFallsThroughEndOfCode { + public static void main(String[] strArr) { + for (int i = 0; i < 20000; i++) { + Custom.test(i); + } + } +} From 9d59e5b0a94f65bb9a60f23fc472db3a7c0c81f7 Mon Sep 17 00:00:00 2001 From: Martin Balao Date: Tue, 19 Sep 2023 14:43:20 +0000 Subject: [PATCH 26/34] 8295685: Update Libpng to 1.6.38 Reviewed-by: andrew Backport-of: d183dc25f7360c3012726acf8c03874df6fc41a4 --- THIRD_PARTY_README | 68 ++++++++++++++++--- corba/THIRD_PARTY_README | 68 ++++++++++++++++--- hotspot/THIRD_PARTY_README | 68 ++++++++++++++++--- jaxp/THIRD_PARTY_README | 68 ++++++++++++++++--- jaxws/THIRD_PARTY_README | 68 ++++++++++++++++--- jdk/THIRD_PARTY_README | 68 ++++++++++++++++--- jdk/src/share/native/sun/awt/libpng/CHANGES | 10 ++- jdk/src/share/native/sun/awt/libpng/LICENSE | 4 +- jdk/src/share/native/sun/awt/libpng/README | 8 +-- jdk/src/share/native/sun/awt/libpng/png.c | 14 ++-- jdk/src/share/native/sun/awt/libpng/png.h | 26 +++---- jdk/src/share/native/sun/awt/libpng/pngconf.h | 8 +-- jdk/src/share/native/sun/awt/libpng/pngget.c | 14 ++-- .../share/native/sun/awt/libpng/pnglibconf.h | 4 +- jdk/src/share/native/sun/awt/libpng/pngpriv.h | 65 ++++++++---------- jdk/src/share/native/sun/awt/libpng/pngread.c | 3 - .../share/native/sun/awt/libpng/pngrtran.c | 2 +- .../share/native/sun/awt/libpng/pngrutil.c | 36 +++++----- jdk/src/share/native/sun/awt/libpng/pngset.c | 13 ++-- .../share/native/sun/awt/libpng/pngstruct.h | 12 +--- langtools/THIRD_PARTY_README | 68 ++++++++++++++++--- nashorn/THIRD_PARTY_README | 68 ++++++++++++++++--- 22 files changed, 583 insertions(+), 180 deletions(-) diff --git a/THIRD_PARTY_README b/THIRD_PARTY_README index 0dbfc173da6..f71e8f9b49a 100644 --- a/THIRD_PARTY_README +++ b/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.37, which may be +%% This notice is provided with respect to libpng 1.6.38, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1483,11 +1483,11 @@ COPYRIGHT NOTICE, DISCLAIMER, and LICENSE PNG Reference Library License version 2 --------------------------------------- - * Copyright (c) 1995-2019 The PNG Reference Library Authors. - * Copyright (c) 2018-2019 Cosmin Truta. - * Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson. - * Copyright (c) 1996-1997 Andreas Dilger. - * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. +Copyright (c) 1995-2022 The PNG Reference Library Authors. +Copyright (c) 2018-2022 Cosmin Truta +Copyright (c) 1998-2018 Glenn Randers-Pehrson +Copyright (c) 1996-1997 Andreas Dilger +Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. The software is supplied "as is", without warranty of any kind, express or implied, including, without limitation, the warranties @@ -1614,10 +1614,10 @@ be appreciated. TRADEMARK: -The name "libpng" has not been registered by the Copyright owner +The name "libpng" has not been registered by the Copyright owners as a trademark in any jurisdiction. However, because libpng has been distributed and maintained world-wide, continually since 1995, -the Copyright owner claims "common-law trademark protection" in any +the Copyright owners claim "common-law trademark protection" in any jurisdiction where common-law trademark is recognized. OSI CERTIFICATION: @@ -1639,6 +1639,58 @@ Glenn Randers-Pehrson glennrp at users.sourceforge.net July 15, 2018 +AUTHORS File Information: + +PNG REFERENCE LIBRARY AUTHORS +============================= + +This is the list of PNG Reference Library ("libpng") Contributing +Authors, for copyright and licensing purposes. + + * Andreas Dilger + * Cosmin Truta + * Dave Martindale + * Eric S. Raymond + * Gilles Vollant + * Glenn Randers-Pehrson + * Greg Roelofs + * Guy Eric Schalnat + * James Yu + * John Bowler + * Kevin Bracey + * Magnus Holmgren + * Mandar Sahastrabuddhe + * Mans Rullgard + * Matt Sarett + * Mike Klein + * Pascal Massimino + * Paul Schmidt + * Qiang Zhou + * Sam Bushell + * Samuel Williams + * Simon-Pierre Cadieux + * Tim Wegner + * Tom Lane + * Tom Tanner + * Vadim Barkov + * Willem van Schaik + * Zhijie Liang + * Arm Holdings + - Richard Townsend + * Google Inc. + - Matt Sarett + - Mike Klein + - Dan Field + - Sami Boukortt + +The build projects, the build scripts, the test scripts, and other +files in the "ci", "projects", "scripts" and "tests" directories, have +other copyright owners, but are released under the libpng license. + +Some files in the "contrib" directory, and some tools-generated files +that are distributed with libpng, have other copyright owners, and are +released under other open source licenses. + --- end of LICENSE --- ------------------------------------------------------------------------------- diff --git a/corba/THIRD_PARTY_README b/corba/THIRD_PARTY_README index d19de8ae6c8..ae4f4d796bf 100644 --- a/corba/THIRD_PARTY_README +++ b/corba/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.37, which may be +%% This notice is provided with respect to libpng 1.6.38, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1483,11 +1483,11 @@ COPYRIGHT NOTICE, DISCLAIMER, and LICENSE PNG Reference Library License version 2 --------------------------------------- - * Copyright (c) 1995-2019 The PNG Reference Library Authors. - * Copyright (c) 2018-2019 Cosmin Truta. - * Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson. - * Copyright (c) 1996-1997 Andreas Dilger. - * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. +Copyright (c) 1995-2022 The PNG Reference Library Authors. +Copyright (c) 2018-2022 Cosmin Truta +Copyright (c) 1998-2018 Glenn Randers-Pehrson +Copyright (c) 1996-1997 Andreas Dilger +Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. The software is supplied "as is", without warranty of any kind, express or implied, including, without limitation, the warranties @@ -1614,10 +1614,10 @@ be appreciated. TRADEMARK: -The name "libpng" has not been registered by the Copyright owner +The name "libpng" has not been registered by the Copyright owners as a trademark in any jurisdiction. However, because libpng has been distributed and maintained world-wide, continually since 1995, -the Copyright owner claims "common-law trademark protection" in any +the Copyright owners claim "common-law trademark protection" in any jurisdiction where common-law trademark is recognized. OSI CERTIFICATION: @@ -1639,6 +1639,58 @@ Glenn Randers-Pehrson glennrp at users.sourceforge.net July 15, 2018 +AUTHORS File Information: + +PNG REFERENCE LIBRARY AUTHORS +============================= + +This is the list of PNG Reference Library ("libpng") Contributing +Authors, for copyright and licensing purposes. + + * Andreas Dilger + * Cosmin Truta + * Dave Martindale + * Eric S. Raymond + * Gilles Vollant + * Glenn Randers-Pehrson + * Greg Roelofs + * Guy Eric Schalnat + * James Yu + * John Bowler + * Kevin Bracey + * Magnus Holmgren + * Mandar Sahastrabuddhe + * Mans Rullgard + * Matt Sarett + * Mike Klein + * Pascal Massimino + * Paul Schmidt + * Qiang Zhou + * Sam Bushell + * Samuel Williams + * Simon-Pierre Cadieux + * Tim Wegner + * Tom Lane + * Tom Tanner + * Vadim Barkov + * Willem van Schaik + * Zhijie Liang + * Arm Holdings + - Richard Townsend + * Google Inc. + - Matt Sarett + - Mike Klein + - Dan Field + - Sami Boukortt + +The build projects, the build scripts, the test scripts, and other +files in the "ci", "projects", "scripts" and "tests" directories, have +other copyright owners, but are released under the libpng license. + +Some files in the "contrib" directory, and some tools-generated files +that are distributed with libpng, have other copyright owners, and are +released under other open source licenses. + --- end of LICENSE --- ------------------------------------------------------------------------------- diff --git a/hotspot/THIRD_PARTY_README b/hotspot/THIRD_PARTY_README index d19de8ae6c8..ae4f4d796bf 100644 --- a/hotspot/THIRD_PARTY_README +++ b/hotspot/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.37, which may be +%% This notice is provided with respect to libpng 1.6.38, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1483,11 +1483,11 @@ COPYRIGHT NOTICE, DISCLAIMER, and LICENSE PNG Reference Library License version 2 --------------------------------------- - * Copyright (c) 1995-2019 The PNG Reference Library Authors. - * Copyright (c) 2018-2019 Cosmin Truta. - * Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson. - * Copyright (c) 1996-1997 Andreas Dilger. - * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. +Copyright (c) 1995-2022 The PNG Reference Library Authors. +Copyright (c) 2018-2022 Cosmin Truta +Copyright (c) 1998-2018 Glenn Randers-Pehrson +Copyright (c) 1996-1997 Andreas Dilger +Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. The software is supplied "as is", without warranty of any kind, express or implied, including, without limitation, the warranties @@ -1614,10 +1614,10 @@ be appreciated. TRADEMARK: -The name "libpng" has not been registered by the Copyright owner +The name "libpng" has not been registered by the Copyright owners as a trademark in any jurisdiction. However, because libpng has been distributed and maintained world-wide, continually since 1995, -the Copyright owner claims "common-law trademark protection" in any +the Copyright owners claim "common-law trademark protection" in any jurisdiction where common-law trademark is recognized. OSI CERTIFICATION: @@ -1639,6 +1639,58 @@ Glenn Randers-Pehrson glennrp at users.sourceforge.net July 15, 2018 +AUTHORS File Information: + +PNG REFERENCE LIBRARY AUTHORS +============================= + +This is the list of PNG Reference Library ("libpng") Contributing +Authors, for copyright and licensing purposes. + + * Andreas Dilger + * Cosmin Truta + * Dave Martindale + * Eric S. Raymond + * Gilles Vollant + * Glenn Randers-Pehrson + * Greg Roelofs + * Guy Eric Schalnat + * James Yu + * John Bowler + * Kevin Bracey + * Magnus Holmgren + * Mandar Sahastrabuddhe + * Mans Rullgard + * Matt Sarett + * Mike Klein + * Pascal Massimino + * Paul Schmidt + * Qiang Zhou + * Sam Bushell + * Samuel Williams + * Simon-Pierre Cadieux + * Tim Wegner + * Tom Lane + * Tom Tanner + * Vadim Barkov + * Willem van Schaik + * Zhijie Liang + * Arm Holdings + - Richard Townsend + * Google Inc. + - Matt Sarett + - Mike Klein + - Dan Field + - Sami Boukortt + +The build projects, the build scripts, the test scripts, and other +files in the "ci", "projects", "scripts" and "tests" directories, have +other copyright owners, but are released under the libpng license. + +Some files in the "contrib" directory, and some tools-generated files +that are distributed with libpng, have other copyright owners, and are +released under other open source licenses. + --- end of LICENSE --- ------------------------------------------------------------------------------- diff --git a/jaxp/THIRD_PARTY_README b/jaxp/THIRD_PARTY_README index d19de8ae6c8..ae4f4d796bf 100644 --- a/jaxp/THIRD_PARTY_README +++ b/jaxp/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.37, which may be +%% This notice is provided with respect to libpng 1.6.38, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1483,11 +1483,11 @@ COPYRIGHT NOTICE, DISCLAIMER, and LICENSE PNG Reference Library License version 2 --------------------------------------- - * Copyright (c) 1995-2019 The PNG Reference Library Authors. - * Copyright (c) 2018-2019 Cosmin Truta. - * Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson. - * Copyright (c) 1996-1997 Andreas Dilger. - * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. +Copyright (c) 1995-2022 The PNG Reference Library Authors. +Copyright (c) 2018-2022 Cosmin Truta +Copyright (c) 1998-2018 Glenn Randers-Pehrson +Copyright (c) 1996-1997 Andreas Dilger +Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. The software is supplied "as is", without warranty of any kind, express or implied, including, without limitation, the warranties @@ -1614,10 +1614,10 @@ be appreciated. TRADEMARK: -The name "libpng" has not been registered by the Copyright owner +The name "libpng" has not been registered by the Copyright owners as a trademark in any jurisdiction. However, because libpng has been distributed and maintained world-wide, continually since 1995, -the Copyright owner claims "common-law trademark protection" in any +the Copyright owners claim "common-law trademark protection" in any jurisdiction where common-law trademark is recognized. OSI CERTIFICATION: @@ -1639,6 +1639,58 @@ Glenn Randers-Pehrson glennrp at users.sourceforge.net July 15, 2018 +AUTHORS File Information: + +PNG REFERENCE LIBRARY AUTHORS +============================= + +This is the list of PNG Reference Library ("libpng") Contributing +Authors, for copyright and licensing purposes. + + * Andreas Dilger + * Cosmin Truta + * Dave Martindale + * Eric S. Raymond + * Gilles Vollant + * Glenn Randers-Pehrson + * Greg Roelofs + * Guy Eric Schalnat + * James Yu + * John Bowler + * Kevin Bracey + * Magnus Holmgren + * Mandar Sahastrabuddhe + * Mans Rullgard + * Matt Sarett + * Mike Klein + * Pascal Massimino + * Paul Schmidt + * Qiang Zhou + * Sam Bushell + * Samuel Williams + * Simon-Pierre Cadieux + * Tim Wegner + * Tom Lane + * Tom Tanner + * Vadim Barkov + * Willem van Schaik + * Zhijie Liang + * Arm Holdings + - Richard Townsend + * Google Inc. + - Matt Sarett + - Mike Klein + - Dan Field + - Sami Boukortt + +The build projects, the build scripts, the test scripts, and other +files in the "ci", "projects", "scripts" and "tests" directories, have +other copyright owners, but are released under the libpng license. + +Some files in the "contrib" directory, and some tools-generated files +that are distributed with libpng, have other copyright owners, and are +released under other open source licenses. + --- end of LICENSE --- ------------------------------------------------------------------------------- diff --git a/jaxws/THIRD_PARTY_README b/jaxws/THIRD_PARTY_README index d19de8ae6c8..ae4f4d796bf 100644 --- a/jaxws/THIRD_PARTY_README +++ b/jaxws/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.37, which may be +%% This notice is provided with respect to libpng 1.6.38, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1483,11 +1483,11 @@ COPYRIGHT NOTICE, DISCLAIMER, and LICENSE PNG Reference Library License version 2 --------------------------------------- - * Copyright (c) 1995-2019 The PNG Reference Library Authors. - * Copyright (c) 2018-2019 Cosmin Truta. - * Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson. - * Copyright (c) 1996-1997 Andreas Dilger. - * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. +Copyright (c) 1995-2022 The PNG Reference Library Authors. +Copyright (c) 2018-2022 Cosmin Truta +Copyright (c) 1998-2018 Glenn Randers-Pehrson +Copyright (c) 1996-1997 Andreas Dilger +Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. The software is supplied "as is", without warranty of any kind, express or implied, including, without limitation, the warranties @@ -1614,10 +1614,10 @@ be appreciated. TRADEMARK: -The name "libpng" has not been registered by the Copyright owner +The name "libpng" has not been registered by the Copyright owners as a trademark in any jurisdiction. However, because libpng has been distributed and maintained world-wide, continually since 1995, -the Copyright owner claims "common-law trademark protection" in any +the Copyright owners claim "common-law trademark protection" in any jurisdiction where common-law trademark is recognized. OSI CERTIFICATION: @@ -1639,6 +1639,58 @@ Glenn Randers-Pehrson glennrp at users.sourceforge.net July 15, 2018 +AUTHORS File Information: + +PNG REFERENCE LIBRARY AUTHORS +============================= + +This is the list of PNG Reference Library ("libpng") Contributing +Authors, for copyright and licensing purposes. + + * Andreas Dilger + * Cosmin Truta + * Dave Martindale + * Eric S. Raymond + * Gilles Vollant + * Glenn Randers-Pehrson + * Greg Roelofs + * Guy Eric Schalnat + * James Yu + * John Bowler + * Kevin Bracey + * Magnus Holmgren + * Mandar Sahastrabuddhe + * Mans Rullgard + * Matt Sarett + * Mike Klein + * Pascal Massimino + * Paul Schmidt + * Qiang Zhou + * Sam Bushell + * Samuel Williams + * Simon-Pierre Cadieux + * Tim Wegner + * Tom Lane + * Tom Tanner + * Vadim Barkov + * Willem van Schaik + * Zhijie Liang + * Arm Holdings + - Richard Townsend + * Google Inc. + - Matt Sarett + - Mike Klein + - Dan Field + - Sami Boukortt + +The build projects, the build scripts, the test scripts, and other +files in the "ci", "projects", "scripts" and "tests" directories, have +other copyright owners, but are released under the libpng license. + +Some files in the "contrib" directory, and some tools-generated files +that are distributed with libpng, have other copyright owners, and are +released under other open source licenses. + --- end of LICENSE --- ------------------------------------------------------------------------------- diff --git a/jdk/THIRD_PARTY_README b/jdk/THIRD_PARTY_README index d19de8ae6c8..ae4f4d796bf 100644 --- a/jdk/THIRD_PARTY_README +++ b/jdk/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.37, which may be +%% This notice is provided with respect to libpng 1.6.38, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1483,11 +1483,11 @@ COPYRIGHT NOTICE, DISCLAIMER, and LICENSE PNG Reference Library License version 2 --------------------------------------- - * Copyright (c) 1995-2019 The PNG Reference Library Authors. - * Copyright (c) 2018-2019 Cosmin Truta. - * Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson. - * Copyright (c) 1996-1997 Andreas Dilger. - * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. +Copyright (c) 1995-2022 The PNG Reference Library Authors. +Copyright (c) 2018-2022 Cosmin Truta +Copyright (c) 1998-2018 Glenn Randers-Pehrson +Copyright (c) 1996-1997 Andreas Dilger +Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. The software is supplied "as is", without warranty of any kind, express or implied, including, without limitation, the warranties @@ -1614,10 +1614,10 @@ be appreciated. TRADEMARK: -The name "libpng" has not been registered by the Copyright owner +The name "libpng" has not been registered by the Copyright owners as a trademark in any jurisdiction. However, because libpng has been distributed and maintained world-wide, continually since 1995, -the Copyright owner claims "common-law trademark protection" in any +the Copyright owners claim "common-law trademark protection" in any jurisdiction where common-law trademark is recognized. OSI CERTIFICATION: @@ -1639,6 +1639,58 @@ Glenn Randers-Pehrson glennrp at users.sourceforge.net July 15, 2018 +AUTHORS File Information: + +PNG REFERENCE LIBRARY AUTHORS +============================= + +This is the list of PNG Reference Library ("libpng") Contributing +Authors, for copyright and licensing purposes. + + * Andreas Dilger + * Cosmin Truta + * Dave Martindale + * Eric S. Raymond + * Gilles Vollant + * Glenn Randers-Pehrson + * Greg Roelofs + * Guy Eric Schalnat + * James Yu + * John Bowler + * Kevin Bracey + * Magnus Holmgren + * Mandar Sahastrabuddhe + * Mans Rullgard + * Matt Sarett + * Mike Klein + * Pascal Massimino + * Paul Schmidt + * Qiang Zhou + * Sam Bushell + * Samuel Williams + * Simon-Pierre Cadieux + * Tim Wegner + * Tom Lane + * Tom Tanner + * Vadim Barkov + * Willem van Schaik + * Zhijie Liang + * Arm Holdings + - Richard Townsend + * Google Inc. + - Matt Sarett + - Mike Klein + - Dan Field + - Sami Boukortt + +The build projects, the build scripts, the test scripts, and other +files in the "ci", "projects", "scripts" and "tests" directories, have +other copyright owners, but are released under the libpng license. + +Some files in the "contrib" directory, and some tools-generated files +that are distributed with libpng, have other copyright owners, and are +released under other open source licenses. + --- end of LICENSE --- ------------------------------------------------------------------------------- diff --git a/jdk/src/share/native/sun/awt/libpng/CHANGES b/jdk/src/share/native/sun/awt/libpng/CHANGES index f0b0a9342c3..9a86869681b 100644 --- a/jdk/src/share/native/sun/awt/libpng/CHANGES +++ b/jdk/src/share/native/sun/awt/libpng/CHANGES @@ -2295,7 +2295,7 @@ Version 1.4.0beta58 [May 14, 2009] Clarified usage of sig_bit versus sig_bit_p in example.c (Vincent Torri) Version 1.4.0beta59 [May 15, 2009] - Reformated sources in libpng style (3-space intentation, comment format) + Reformated sources in libpng style (3-space indentation, comment format) Fixed typo in libpng docs (PNG_FILTER_AVE should be PNG_FILTER_AVG) Added sections about the git repository and our coding style to the documentation @@ -3886,7 +3886,7 @@ Version 1.6.0beta06 [January 24, 2012] Version 1.6.0beta07 [January 28, 2012] Eliminated Intel icc/icl compiler warnings. The Intel (GCC derived) compiler issues slightly different warnings from those issued by the - current vesions of GCC. This eliminates those warnings by + current versions of GCC. This eliminates those warnings by adding/removing casts and small code rewrites. Updated configure.ac from autoupdate: added --enable-werror option. Also some layout regularization and removal of introduced tab characters @@ -6103,6 +6103,12 @@ Version 1.6.37 [April 14, 2019] Added makefiles for AddressSanitizer-enabled builds. Cleaned up various makefiles. +Version 1.6.38 [September 14, 2022] + Added configurations and scripts for continuous integration. + Fixed various errors in the handling of tRNS, hIST and eXIf. + Implemented many stability improvements across all platforms. + Updated the internal documentation. + Send comments/corrections/commendations to png-mng-implement at lists.sf.net. Subscription is required; visit https://lists.sourceforge.net/lists/listinfo/png-mng-implement diff --git a/jdk/src/share/native/sun/awt/libpng/LICENSE b/jdk/src/share/native/sun/awt/libpng/LICENSE index e0c5b531cf5..c8ad24eecf7 100644 --- a/jdk/src/share/native/sun/awt/libpng/LICENSE +++ b/jdk/src/share/native/sun/awt/libpng/LICENSE @@ -4,8 +4,8 @@ COPYRIGHT NOTICE, DISCLAIMER, and LICENSE PNG Reference Library License version 2 --------------------------------------- - * Copyright (c) 1995-2019 The PNG Reference Library Authors. - * Copyright (c) 2018-2019 Cosmin Truta. + * Copyright (c) 1995-2022 The PNG Reference Library Authors. + * Copyright (c) 2018-2022 Cosmin Truta. * Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson. * Copyright (c) 1996-1997 Andreas Dilger. * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. diff --git a/jdk/src/share/native/sun/awt/libpng/README b/jdk/src/share/native/sun/awt/libpng/README index cfc1f0e3dc9..e6e72aa5472 100644 --- a/jdk/src/share/native/sun/awt/libpng/README +++ b/jdk/src/share/native/sun/awt/libpng/README @@ -1,12 +1,12 @@ -README for libpng version 1.6.37 - April 14, 2019 -================================================= +README for libpng version 1.6.38 +================================ See the note about version numbers near the top of png.h. See INSTALL for instructions on how to install libpng. Libpng comes in several distribution formats. Get libpng-*.tar.gz or -libpng-*.tar.xz or if you want UNIX-style line endings in the text -files, or lpng*.7z or lpng*.zip if you want DOS-style line endings. +libpng-*.tar.xz if you want UNIX-style line endings in the text files, +or lpng*.7z or lpng*.zip if you want DOS-style line endings. Version 0.89 was the first official release of libpng. Don't let the fact that it's the first release fool you. The libpng library has been diff --git a/jdk/src/share/native/sun/awt/libpng/png.c b/jdk/src/share/native/sun/awt/libpng/png.c index 3740c3cd214..ba608f128ab 100644 --- a/jdk/src/share/native/sun/awt/libpng/png.c +++ b/jdk/src/share/native/sun/awt/libpng/png.c @@ -29,7 +29,7 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Copyright (c) 2018-2019 Cosmin Truta + * Copyright (c) 2018-2022 Cosmin Truta * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson * Copyright (c) 1996-1997 Andreas Dilger * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. @@ -42,7 +42,7 @@ #include "pngpriv.h" /* Generate a compiler error if there is an old png.h in the search path. */ -typedef png_libpng_version_1_6_37 Your_png_h_is_not_version_1_6_37; +typedef png_libpng_version_1_6_38 Your_png_h_is_not_version_1_6_38; #ifdef __GNUC__ /* The version tests may need to be added to, but the problem warning has @@ -748,7 +748,7 @@ png_init_io(png_structrp png_ptr, png_FILE_p fp) * * Where UNSIGNED_MAX is the appropriate maximum unsigned value, so when the * negative integral value is added the result will be an unsigned value - * correspnding to the 2's complement representation. + * corresponding to the 2's complement representation. */ void PNGAPI png_save_int_32(png_bytep buf, png_int_32 i) @@ -843,8 +843,8 @@ png_get_copyright(png_const_structrp png_ptr) return PNG_STRING_COPYRIGHT #else return PNG_STRING_NEWLINE \ - "libpng version 1.6.37" PNG_STRING_NEWLINE \ - "Copyright (c) 2018-2019 Cosmin Truta" PNG_STRING_NEWLINE \ + "libpng version 1.6.38" PNG_STRING_NEWLINE \ + "Copyright (c) 2018-2022 Cosmin Truta" PNG_STRING_NEWLINE \ "Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson" \ PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ @@ -1871,12 +1871,12 @@ png_icc_profile_error(png_const_structrp png_ptr, png_colorspacerp colorspace, # ifdef PNG_WARNINGS_SUPPORTED else { - char number[PNG_NUMBER_BUFFER_SIZE]; /* +24 = 114*/ + char number[PNG_NUMBER_BUFFER_SIZE]; /* +24 = 114 */ pos = png_safecat(message, (sizeof message), pos, png_format_number(number, number+(sizeof number), PNG_NUMBER_FORMAT_x, value)); - pos = png_safecat(message, (sizeof message), pos, "h: "); /*+2 = 116*/ + pos = png_safecat(message, (sizeof message), pos, "h: "); /* +2 = 116 */ } # endif /* The 'reason' is an arbitrary message, allow +79 maximum 195 */ diff --git a/jdk/src/share/native/sun/awt/libpng/png.h b/jdk/src/share/native/sun/awt/libpng/png.h index e5e87d3b818..aeff31573c7 100644 --- a/jdk/src/share/native/sun/awt/libpng/png.h +++ b/jdk/src/share/native/sun/awt/libpng/png.h @@ -29,9 +29,9 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * libpng version 1.6.37 - April 14, 2019 + * libpng version 1.6.38 - September 14, 2022 * - * Copyright (c) 2018-2019 Cosmin Truta + * Copyright (c) 2018-2022 Cosmin Truta * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson * Copyright (c) 1996-1997 Andreas Dilger * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. @@ -43,7 +43,7 @@ * libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger * libpng versions 0.97, January 1998, through 1.6.35, July 2018: * Glenn Randers-Pehrson - * libpng versions 1.6.36, December 2018, through 1.6.37, April 2019: + * libpng versions 1.6.36, December 2018, through 1.6.38, September 2022: * Cosmin Truta * See also "Contributing Authors", below. */ @@ -55,8 +55,8 @@ * PNG Reference Library License version 2 * --------------------------------------- * - * * Copyright (c) 1995-2019 The PNG Reference Library Authors. - * * Copyright (c) 2018-2019 Cosmin Truta. + * * Copyright (c) 1995-2022 The PNG Reference Library Authors. + * * Copyright (c) 2018-2022 Cosmin Truta. * * Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson. * * Copyright (c) 1996-1997 Andreas Dilger. * * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. @@ -267,7 +267,7 @@ * ... * 1.5.30 15 10530 15.so.15.30[.0] * ... - * 1.6.37 16 10637 16.so.16.37[.0] + * 1.6.38 16 10638 16.so.16.38[.0] * * Henceforth the source version will match the shared-library major and * minor numbers; the shared-library major version number will be used for @@ -306,8 +306,8 @@ */ /* Version information for png.h - this should match the version in png.c */ -#define PNG_LIBPNG_VER_STRING "1.6.37" -#define PNG_HEADER_VERSION_STRING " libpng version 1.6.37 - April 14, 2019\n" +#define PNG_LIBPNG_VER_STRING "1.6.38" +#define PNG_HEADER_VERSION_STRING " libpng version 1.6.38 - September 14, 2022\n" #define PNG_LIBPNG_VER_SONUM 16 #define PNG_LIBPNG_VER_DLLNUM 16 @@ -315,7 +315,7 @@ /* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */ #define PNG_LIBPNG_VER_MAJOR 1 #define PNG_LIBPNG_VER_MINOR 6 -#define PNG_LIBPNG_VER_RELEASE 37 +#define PNG_LIBPNG_VER_RELEASE 38 /* This should be zero for a public release, or non-zero for a * development version. [Deprecated] @@ -346,7 +346,7 @@ * From version 1.0.1 it is: * XXYYZZ, where XX=major, YY=minor, ZZ=release */ -#define PNG_LIBPNG_VER 10637 /* 1.6.37 */ +#define PNG_LIBPNG_VER 10638 /* 1.6.38 */ /* Library configuration: these options cannot be changed after * the library has been built. @@ -456,7 +456,7 @@ extern "C" { /* This triggers a compiler error in png.c, if png.c and png.h * do not agree upon the version number. */ -typedef char* png_libpng_version_1_6_37; +typedef char* png_libpng_version_1_6_38; /* Basic control structions. Read libpng-manual.txt or libpng.3 for more info. * @@ -1474,7 +1474,7 @@ PNG_EXPORT(66, void, png_set_crc_action, (png_structrp png_ptr, int crit_action, * mainly useful for testing, as the defaults should work with most users. * Those users who are tight on memory or want faster performance at the * expense of compression can modify them. See the compression library - * header file (zlib.h) for an explination of the compression functions. + * header file (zlib.h) for an explanation of the compression functions. */ /* Set the filtering method(s) used by libpng. Currently, the only valid @@ -1529,7 +1529,7 @@ PNG_FIXED_EXPORT(209, void, png_set_filter_heuristics_fixed, * 0 - 9, corresponding directly to the zlib compression levels 0 - 9 * (0 - no compression, 9 - "maximal" compression). Note that tests have * shown that zlib compression levels 3-6 usually perform as well as level 9 - * for PNG images, and do considerably fewer caclulations. In the future, + * for PNG images, and do considerably fewer calculations. In the future, * these values may not correspond directly to the zlib compression levels. */ #ifdef PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED diff --git a/jdk/src/share/native/sun/awt/libpng/pngconf.h b/jdk/src/share/native/sun/awt/libpng/pngconf.h index e6c993b8573..e95fa34ad7a 100644 --- a/jdk/src/share/native/sun/awt/libpng/pngconf.h +++ b/jdk/src/share/native/sun/awt/libpng/pngconf.h @@ -29,9 +29,9 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * libpng version 1.6.37 + * libpng version 1.6.38 * - * Copyright (c) 2018-2019 Cosmin Truta + * Copyright (c) 2018-2022 Cosmin Truta * Copyright (c) 1998-2002,2004,2006-2016,2018 Glenn Randers-Pehrson * Copyright (c) 1996-1997 Andreas Dilger * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. @@ -208,8 +208,8 @@ * compiler-specific macros to the values required to change the calling * conventions of the various functions. */ -#if defined(_Windows) || defined(_WINDOWS) || defined(WIN32) ||\ - defined(_WIN32) || defined(__WIN32__) || defined(__CYGWIN__) +#if defined(_WIN32) || defined(__WIN32__) || defined(__NT__) || \ + defined(__CYGWIN__) /* Windows system (DOS doesn't support DLLs). Includes builds under Cygwin or * MinGW on any architecture currently supported by Windows. Also includes * Watcom builds but these need special treatment because they are not diff --git a/jdk/src/share/native/sun/awt/libpng/pngget.c b/jdk/src/share/native/sun/awt/libpng/pngget.c index 4e5f6c962a5..454d4e82273 100644 --- a/jdk/src/share/native/sun/awt/libpng/pngget.c +++ b/jdk/src/share/native/sun/awt/libpng/pngget.c @@ -1179,7 +1179,7 @@ png_get_unknown_chunks(png_const_structrp png_ptr, png_inforp info_ptr, #ifdef PNG_READ_RGB_TO_GRAY_SUPPORTED png_byte PNGAPI -png_get_rgb_to_gray_status (png_const_structrp png_ptr) +png_get_rgb_to_gray_status(png_const_structrp png_ptr) { return (png_byte)(png_ptr ? png_ptr->rgb_to_gray_status : 0); } @@ -1220,27 +1220,27 @@ png_get_compression_buffer_size(png_const_structrp png_ptr) /* These functions were added to libpng 1.2.6 and were enabled * by default in libpng-1.4.0 */ png_uint_32 PNGAPI -png_get_user_width_max (png_const_structrp png_ptr) +png_get_user_width_max(png_const_structrp png_ptr) { return (png_ptr ? png_ptr->user_width_max : 0); } png_uint_32 PNGAPI -png_get_user_height_max (png_const_structrp png_ptr) +png_get_user_height_max(png_const_structrp png_ptr) { return (png_ptr ? png_ptr->user_height_max : 0); } /* This function was added to libpng 1.4.0 */ png_uint_32 PNGAPI -png_get_chunk_cache_max (png_const_structrp png_ptr) +png_get_chunk_cache_max(png_const_structrp png_ptr) { return (png_ptr ? png_ptr->user_chunk_cache_max : 0); } /* This function was added to libpng 1.4.1 */ png_alloc_size_t PNGAPI -png_get_chunk_malloc_max (png_const_structrp png_ptr) +png_get_chunk_malloc_max(png_const_structrp png_ptr) { return (png_ptr ? png_ptr->user_chunk_malloc_max : 0); } @@ -1249,13 +1249,13 @@ png_get_chunk_malloc_max (png_const_structrp png_ptr) /* These functions were added to libpng 1.4.0 */ #ifdef PNG_IO_STATE_SUPPORTED png_uint_32 PNGAPI -png_get_io_state (png_const_structrp png_ptr) +png_get_io_state(png_const_structrp png_ptr) { return png_ptr->io_state; } png_uint_32 PNGAPI -png_get_io_chunk_type (png_const_structrp png_ptr) +png_get_io_chunk_type(png_const_structrp png_ptr) { return png_ptr->chunk_name; } diff --git a/jdk/src/share/native/sun/awt/libpng/pnglibconf.h b/jdk/src/share/native/sun/awt/libpng/pnglibconf.h index efe99f78402..b3dc39a45be 100644 --- a/jdk/src/share/native/sun/awt/libpng/pnglibconf.h +++ b/jdk/src/share/native/sun/awt/libpng/pnglibconf.h @@ -31,9 +31,9 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: */ -/* libpng version 1.6.37 */ +/* libpng version 1.6.38 */ -/* Copyright (c) 2018-2019 Cosmin Truta */ +/* Copyright (c) 2018-2022 Cosmin Truta */ /* Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson */ /* This code is released under the libpng license. */ diff --git a/jdk/src/share/native/sun/awt/libpng/pngpriv.h b/jdk/src/share/native/sun/awt/libpng/pngpriv.h index 73e1e9371a3..ed44512ef20 100644 --- a/jdk/src/share/native/sun/awt/libpng/pngpriv.h +++ b/jdk/src/share/native/sun/awt/libpng/pngpriv.h @@ -29,7 +29,7 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Copyright (c) 2018-2019 Cosmin Truta + * Copyright (c) 2018-2022 Cosmin Truta * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson * Copyright (c) 1996-1997 Andreas Dilger * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. @@ -202,7 +202,7 @@ # else /* !defined __ARM_NEON__ */ /* The 'intrinsics' code simply won't compile without this -mfpu=neon: */ -# if !defined(__aarch64__) +# if !defined(__aarch64__) && !defined(_M_ARM64) /* The assembler code currently does not work on ARM64 */ # define PNG_ARM_NEON_IMPLEMENTATION 2 # endif /* __aarch64__ */ @@ -213,6 +213,8 @@ /* Use the intrinsics code by default. */ # define PNG_ARM_NEON_IMPLEMENTATION 1 # endif +#else /* PNG_ARM_NEON_OPT == 0 */ +# define PNG_ARM_NEON_IMPLEMENTATION 0 #endif /* PNG_ARM_NEON_OPT > 0 */ #ifndef PNG_MIPS_MSA_OPT @@ -291,11 +293,15 @@ # ifndef PNG_MIPS_MSA_IMPLEMENTATION # define PNG_MIPS_MSA_IMPLEMENTATION 1 # endif +#else +# define PNG_MIPS_MSA_IMPLEMENTATION 0 #endif /* PNG_MIPS_MSA_OPT > 0 */ #if PNG_POWERPC_VSX_OPT > 0 # define PNG_FILTER_OPTIMIZATIONS png_init_filter_functions_vsx # define PNG_POWERPC_VSX_IMPLEMENTATION 1 +#else +# define PNG_POWERPC_VSX_IMPLEMENTATION 0 #endif @@ -520,16 +526,7 @@ static_cast(static_cast(value)) #else # define png_voidcast(type, value) (value) -# ifdef _WIN64 -# ifdef __GNUC__ - typedef unsigned long long png_ptruint; -# else - typedef unsigned __int64 png_ptruint; -# endif -# else - typedef unsigned long png_ptruint; -# endif -# define png_constcast(type, value) ((type)(png_ptruint)(const void*)(value)) +# define png_constcast(type, value) ((type)(void*)(const void*)(value)) # define png_aligncast(type, value) ((void*)(value)) # define png_aligncastconst(type, value) ((const void*)(value)) #endif /* __cplusplus */ @@ -571,9 +568,8 @@ # include #endif -#if defined(WIN32) || defined(_Windows) || defined(_WINDOWS) || \ - defined(_WIN32) || defined(__WIN32__) -# include /* defines _WINDOWS_ macro */ +#if defined(_WIN32) || defined(__WIN32__) || defined(__NT__) +# include #endif #endif /* PNG_VERSION_INFO_ONLY */ @@ -582,24 +578,20 @@ * functions that are passed far data must be model-independent. */ -/* Memory model/platform independent fns */ +/* Platform-independent functions */ #ifndef PNG_ABORT -# ifdef _WINDOWS_ -# define PNG_ABORT() ExitProcess(0) -# else -# define PNG_ABORT() abort() -# endif +# define PNG_ABORT() abort() #endif /* These macros may need to be architecture dependent. */ -#define PNG_ALIGN_NONE 0 /* do not use data alignment */ -#define PNG_ALIGN_ALWAYS 1 /* assume unaligned accesses are OK */ +#define PNG_ALIGN_NONE 0 /* do not use data alignment */ +#define PNG_ALIGN_ALWAYS 1 /* assume unaligned accesses are OK */ #ifdef offsetof -# define PNG_ALIGN_OFFSET 2 /* use offsetof to determine alignment */ +# define PNG_ALIGN_OFFSET 2 /* use offsetof to determine alignment */ #else # define PNG_ALIGN_OFFSET -1 /* prevent the use of this */ #endif -#define PNG_ALIGN_SIZE 3 /* use sizeof to determine alignment */ +#define PNG_ALIGN_SIZE 3 /* use sizeof to determine alignment */ #ifndef PNG_ALIGN_TYPE /* Default to using aligned access optimizations and requiring alignment to a @@ -613,26 +605,25 @@ /* This is used because in some compiler implementations non-aligned * structure members are supported, so the offsetof approach below fails. * Set PNG_ALIGN_SIZE=0 for compiler combinations where unaligned access - * is good for performance. Do not do this unless you have tested the result - * and understand it. + * is good for performance. Do not do this unless you have tested the + * result and understand it. */ -# define png_alignof(type) (sizeof (type)) +# define png_alignof(type) (sizeof(type)) #else # if PNG_ALIGN_TYPE == PNG_ALIGN_OFFSET -# define png_alignof(type) offsetof(struct{char c; type t;}, t) +# define png_alignof(type) offsetof(struct{char c; type t;}, t) # else -# if PNG_ALIGN_TYPE == PNG_ALIGN_ALWAYS -# define png_alignof(type) (1) -# endif - /* Else leave png_alignof undefined to prevent use thereof */ +# if PNG_ALIGN_TYPE == PNG_ALIGN_ALWAYS +# define png_alignof(type) 1 +# endif + /* Else leave png_alignof undefined to prevent use thereof */ # endif #endif -/* This implicitly assumes alignment is always to a power of 2. */ +/* This implicitly assumes alignment is always a multiple of 2. */ #ifdef png_alignof -# define png_isaligned(ptr, type)\ - (((type)((const char*)ptr-(const char*)0) & \ - (type)(png_alignof(type)-1)) == 0) +# define png_isaligned(ptr, type) \ + (((type)(size_t)((const void*)(ptr)) & (type)(png_alignof(type)-1)) == 0) #else # define png_isaligned(ptr, type) 0 #endif diff --git a/jdk/src/share/native/sun/awt/libpng/pngread.c b/jdk/src/share/native/sun/awt/libpng/pngread.c index b558c5716f8..3631e60f36b 100644 --- a/jdk/src/share/native/sun/awt/libpng/pngread.c +++ b/jdk/src/share/native/sun/awt/libpng/pngread.c @@ -3480,7 +3480,6 @@ png_image_read_background(png_voidp argument) for (pass = 0; pass < passes; ++pass) { - png_bytep row = png_voidcast(png_bytep, display->first_row); unsigned int startx, stepx, stepy; png_uint_32 y; @@ -3585,8 +3584,6 @@ png_image_read_background(png_voidp argument) inrow += 2; /* gray and alpha channel */ } - - row += display->row_bytes; } } } diff --git a/jdk/src/share/native/sun/awt/libpng/pngrtran.c b/jdk/src/share/native/sun/awt/libpng/pngrtran.c index efe7135553a..843eb5fff2a 100644 --- a/jdk/src/share/native/sun/awt/libpng/pngrtran.c +++ b/jdk/src/share/native/sun/awt/libpng/pngrtran.c @@ -49,7 +49,7 @@ #ifdef PNG_ARM_NEON_IMPLEMENTATION # if PNG_ARM_NEON_IMPLEMENTATION == 1 # define PNG_ARM_NEON_INTRINSICS_AVAILABLE -# if defined(_MSC_VER) && defined(_M_ARM64) +# if defined(_MSC_VER) && !defined(__clang__) && defined(_M_ARM64) # include # else # include diff --git a/jdk/src/share/native/sun/awt/libpng/pngrutil.c b/jdk/src/share/native/sun/awt/libpng/pngrutil.c index 5c6244116af..d41a6d09b27 100644 --- a/jdk/src/share/native/sun/awt/libpng/pngrutil.c +++ b/jdk/src/share/native/sun/awt/libpng/pngrutil.c @@ -29,7 +29,7 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Copyright (c) 2018 Cosmin Truta + * Copyright (c) 2018-2022 Cosmin Truta * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson * Copyright (c) 1996-1997 Andreas Dilger * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. @@ -329,7 +329,6 @@ png_read_buffer(png_structrp png_ptr, png_alloc_size_t new_size, int warn) if (buffer != NULL && new_size > png_ptr->read_buffer_size) { - png_ptr->read_buffer = NULL; png_ptr->read_buffer = NULL; png_ptr->read_buffer_size = 0; png_free(png_ptr, buffer); @@ -2104,21 +2103,22 @@ png_handle_eXIf(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) png_byte buf[1]; png_crc_read(png_ptr, buf, 1); info_ptr->eXIf_buf[i] = buf[0]; - if (i == 1 && buf[0] != 'M' && buf[0] != 'I' - && info_ptr->eXIf_buf[0] != buf[0]) + if (i == 1) { - png_crc_finish(png_ptr, length); - png_chunk_benign_error(png_ptr, "incorrect byte-order specifier"); - png_free(png_ptr, info_ptr->eXIf_buf); - info_ptr->eXIf_buf = NULL; - return; + if ((buf[0] != 'M' && buf[0] != 'I') || + (info_ptr->eXIf_buf[0] != buf[0])) + { + png_crc_finish(png_ptr, length - 2); + png_chunk_benign_error(png_ptr, "incorrect byte-order specifier"); + png_free(png_ptr, info_ptr->eXIf_buf); + info_ptr->eXIf_buf = NULL; + return; + } } } - if (png_crc_finish(png_ptr, 0) != 0) - return; - - png_set_eXIf_1(png_ptr, info_ptr, length, info_ptr->eXIf_buf); + if (png_crc_finish(png_ptr, 0) == 0) + png_set_eXIf_1(png_ptr, info_ptr, length, info_ptr->eXIf_buf); png_free(png_ptr, info_ptr->eXIf_buf); info_ptr->eXIf_buf = NULL; @@ -2154,8 +2154,9 @@ png_handle_hIST(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) num = length / 2 ; - if (num != (unsigned int) png_ptr->num_palette || - num > (unsigned int) PNG_MAX_PALETTE_LENGTH) + if (length != num * 2 || + num != (unsigned int)png_ptr->num_palette || + num > (unsigned int)PNG_MAX_PALETTE_LENGTH) { png_crc_finish(png_ptr, length); png_chunk_benign_error(png_ptr, "invalid"); @@ -4649,14 +4650,13 @@ defined(PNG_USER_TRANSFORM_PTR_SUPPORTED) */ { png_bytep temp = png_ptr->big_row_buf + 32; - int extra = (int)((temp - (png_bytep)0) & 0x0f); + size_t extra = (size_t)temp & 0x0f; png_ptr->row_buf = temp - extra - 1/*filter byte*/; temp = png_ptr->big_prev_row + 32; - extra = (int)((temp - (png_bytep)0) & 0x0f); + extra = (size_t)temp & 0x0f; png_ptr->prev_row = temp - extra - 1/*filter byte*/; } - #else /* Use 31 bytes of padding before and 17 bytes after row_buf. */ png_ptr->row_buf = png_ptr->big_row_buf + 31; diff --git a/jdk/src/share/native/sun/awt/libpng/pngset.c b/jdk/src/share/native/sun/awt/libpng/pngset.c index 1b075795b65..ea7decaa065 100644 --- a/jdk/src/share/native/sun/awt/libpng/pngset.c +++ b/jdk/src/share/native/sun/awt/libpng/pngset.c @@ -29,7 +29,7 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Copyright (c) 2018 Cosmin Truta + * Copyright (c) 2018-2022 Cosmin Truta * Copyright (c) 1998-2018 Glenn Randers-Pehrson * Copyright (c) 1996-1997 Andreas Dilger * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. @@ -1047,6 +1047,9 @@ png_set_tRNS(png_structrp png_ptr, png_inforp info_ptr, info_ptr->trans_alpha = png_voidcast(png_bytep, png_malloc(png_ptr, PNG_MAX_PALETTE_LENGTH)); memcpy(info_ptr->trans_alpha, trans_alpha, (size_t)num_trans); + + info_ptr->valid |= PNG_INFO_tRNS; + info_ptr->free_me |= PNG_FREE_TRNS; } png_ptr->trans_alpha = info_ptr->trans_alpha; } @@ -1354,7 +1357,7 @@ png_set_unknown_chunk_location(png_const_structrp png_ptr, png_inforp info_ptr, #ifdef PNG_MNG_FEATURES_SUPPORTED png_uint_32 PNGAPI -png_permit_mng_features (png_structrp png_ptr, png_uint_32 mng_features) +png_permit_mng_features(png_structrp png_ptr, png_uint_32 mng_features) { png_debug(1, "in png_permit_mng_features"); @@ -1661,7 +1664,7 @@ png_set_invalid(png_const_structrp png_ptr, png_inforp info_ptr, int mask) #ifdef PNG_SET_USER_LIMITS_SUPPORTED /* This function was added to libpng 1.2.6 */ void PNGAPI -png_set_user_limits (png_structrp png_ptr, png_uint_32 user_width_max, +png_set_user_limits(png_structrp png_ptr, png_uint_32 user_width_max, png_uint_32 user_height_max) { /* Images with dimensions larger than these limits will be @@ -1677,7 +1680,7 @@ png_set_user_limits (png_structrp png_ptr, png_uint_32 user_width_max, /* This function was added to libpng 1.4.0 */ void PNGAPI -png_set_chunk_cache_max (png_structrp png_ptr, png_uint_32 user_chunk_cache_max) +png_set_chunk_cache_max(png_structrp png_ptr, png_uint_32 user_chunk_cache_max) { if (png_ptr != NULL) png_ptr->user_chunk_cache_max = user_chunk_cache_max; @@ -1685,7 +1688,7 @@ png_set_chunk_cache_max (png_structrp png_ptr, png_uint_32 user_chunk_cache_max) /* This function was added to libpng 1.4.1 */ void PNGAPI -png_set_chunk_malloc_max (png_structrp png_ptr, +png_set_chunk_malloc_max(png_structrp png_ptr, png_alloc_size_t user_chunk_malloc_max) { if (png_ptr != NULL) diff --git a/jdk/src/share/native/sun/awt/libpng/pngstruct.h b/jdk/src/share/native/sun/awt/libpng/pngstruct.h index 1f53e0534af..f153bdec602 100644 --- a/jdk/src/share/native/sun/awt/libpng/pngstruct.h +++ b/jdk/src/share/native/sun/awt/libpng/pngstruct.h @@ -29,7 +29,7 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * Copyright (c) 2018-2019 Cosmin Truta + * Copyright (c) 2018-2022 Cosmin Truta * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson * Copyright (c) 1996-1997 Andreas Dilger * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. @@ -362,18 +362,8 @@ struct png_struct_def size_t current_buffer_size; /* amount of data now in current_buffer */ int process_mode; /* what push library is currently doing */ int cur_palette; /* current push library palette index */ - #endif /* PROGRESSIVE_READ */ -#if defined(__TURBOC__) && !defined(_Windows) && !defined(__FLAT__) -/* For the Borland special 64K segment handler */ - png_bytepp offset_table_ptr; - png_bytep offset_table; - png_uint_16 offset_table_number; - png_uint_16 offset_table_count; - png_uint_16 offset_table_count_free; -#endif - #ifdef PNG_READ_QUANTIZE_SUPPORTED png_bytep palette_lookup; /* lookup table for quantizing */ png_bytep quantize_index; /* index translation for palette files */ diff --git a/langtools/THIRD_PARTY_README b/langtools/THIRD_PARTY_README index d19de8ae6c8..ae4f4d796bf 100644 --- a/langtools/THIRD_PARTY_README +++ b/langtools/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.37, which may be +%% This notice is provided with respect to libpng 1.6.38, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1483,11 +1483,11 @@ COPYRIGHT NOTICE, DISCLAIMER, and LICENSE PNG Reference Library License version 2 --------------------------------------- - * Copyright (c) 1995-2019 The PNG Reference Library Authors. - * Copyright (c) 2018-2019 Cosmin Truta. - * Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson. - * Copyright (c) 1996-1997 Andreas Dilger. - * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. +Copyright (c) 1995-2022 The PNG Reference Library Authors. +Copyright (c) 2018-2022 Cosmin Truta +Copyright (c) 1998-2018 Glenn Randers-Pehrson +Copyright (c) 1996-1997 Andreas Dilger +Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. The software is supplied "as is", without warranty of any kind, express or implied, including, without limitation, the warranties @@ -1614,10 +1614,10 @@ be appreciated. TRADEMARK: -The name "libpng" has not been registered by the Copyright owner +The name "libpng" has not been registered by the Copyright owners as a trademark in any jurisdiction. However, because libpng has been distributed and maintained world-wide, continually since 1995, -the Copyright owner claims "common-law trademark protection" in any +the Copyright owners claim "common-law trademark protection" in any jurisdiction where common-law trademark is recognized. OSI CERTIFICATION: @@ -1639,6 +1639,58 @@ Glenn Randers-Pehrson glennrp at users.sourceforge.net July 15, 2018 +AUTHORS File Information: + +PNG REFERENCE LIBRARY AUTHORS +============================= + +This is the list of PNG Reference Library ("libpng") Contributing +Authors, for copyright and licensing purposes. + + * Andreas Dilger + * Cosmin Truta + * Dave Martindale + * Eric S. Raymond + * Gilles Vollant + * Glenn Randers-Pehrson + * Greg Roelofs + * Guy Eric Schalnat + * James Yu + * John Bowler + * Kevin Bracey + * Magnus Holmgren + * Mandar Sahastrabuddhe + * Mans Rullgard + * Matt Sarett + * Mike Klein + * Pascal Massimino + * Paul Schmidt + * Qiang Zhou + * Sam Bushell + * Samuel Williams + * Simon-Pierre Cadieux + * Tim Wegner + * Tom Lane + * Tom Tanner + * Vadim Barkov + * Willem van Schaik + * Zhijie Liang + * Arm Holdings + - Richard Townsend + * Google Inc. + - Matt Sarett + - Mike Klein + - Dan Field + - Sami Boukortt + +The build projects, the build scripts, the test scripts, and other +files in the "ci", "projects", "scripts" and "tests" directories, have +other copyright owners, but are released under the libpng license. + +Some files in the "contrib" directory, and some tools-generated files +that are distributed with libpng, have other copyright owners, and are +released under other open source licenses. + --- end of LICENSE --- ------------------------------------------------------------------------------- diff --git a/nashorn/THIRD_PARTY_README b/nashorn/THIRD_PARTY_README index d19de8ae6c8..ae4f4d796bf 100644 --- a/nashorn/THIRD_PARTY_README +++ b/nashorn/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.37, which may be +%% This notice is provided with respect to libpng 1.6.38, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1483,11 +1483,11 @@ COPYRIGHT NOTICE, DISCLAIMER, and LICENSE PNG Reference Library License version 2 --------------------------------------- - * Copyright (c) 1995-2019 The PNG Reference Library Authors. - * Copyright (c) 2018-2019 Cosmin Truta. - * Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson. - * Copyright (c) 1996-1997 Andreas Dilger. - * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. +Copyright (c) 1995-2022 The PNG Reference Library Authors. +Copyright (c) 2018-2022 Cosmin Truta +Copyright (c) 1998-2018 Glenn Randers-Pehrson +Copyright (c) 1996-1997 Andreas Dilger +Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. The software is supplied "as is", without warranty of any kind, express or implied, including, without limitation, the warranties @@ -1614,10 +1614,10 @@ be appreciated. TRADEMARK: -The name "libpng" has not been registered by the Copyright owner +The name "libpng" has not been registered by the Copyright owners as a trademark in any jurisdiction. However, because libpng has been distributed and maintained world-wide, continually since 1995, -the Copyright owner claims "common-law trademark protection" in any +the Copyright owners claim "common-law trademark protection" in any jurisdiction where common-law trademark is recognized. OSI CERTIFICATION: @@ -1639,6 +1639,58 @@ Glenn Randers-Pehrson glennrp at users.sourceforge.net July 15, 2018 +AUTHORS File Information: + +PNG REFERENCE LIBRARY AUTHORS +============================= + +This is the list of PNG Reference Library ("libpng") Contributing +Authors, for copyright and licensing purposes. + + * Andreas Dilger + * Cosmin Truta + * Dave Martindale + * Eric S. Raymond + * Gilles Vollant + * Glenn Randers-Pehrson + * Greg Roelofs + * Guy Eric Schalnat + * James Yu + * John Bowler + * Kevin Bracey + * Magnus Holmgren + * Mandar Sahastrabuddhe + * Mans Rullgard + * Matt Sarett + * Mike Klein + * Pascal Massimino + * Paul Schmidt + * Qiang Zhou + * Sam Bushell + * Samuel Williams + * Simon-Pierre Cadieux + * Tim Wegner + * Tom Lane + * Tom Tanner + * Vadim Barkov + * Willem van Schaik + * Zhijie Liang + * Arm Holdings + - Richard Townsend + * Google Inc. + - Matt Sarett + - Mike Klein + - Dan Field + - Sami Boukortt + +The build projects, the build scripts, the test scripts, and other +files in the "ci", "projects", "scripts" and "tests" directories, have +other copyright owners, but are released under the libpng license. + +Some files in the "contrib" directory, and some tools-generated files +that are distributed with libpng, have other copyright owners, and are +released under other open source licenses. + --- end of LICENSE --- ------------------------------------------------------------------------------- From dc7013e0d9853cfe99307eb8d2fc4e5f76e14b4a Mon Sep 17 00:00:00 2001 From: Alexei Voitylov Date: Fri, 1 Sep 2023 21:51:00 +0000 Subject: [PATCH 27/34] 8297856: Improve handling of Bidi characters Reviewed-by: mbalao, andrew Backport-of: 244b89fc786894cb8cca742f91875ebb98b603ff --- jdk/src/share/classes/sun/text/bidi/BidiBase.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jdk/src/share/classes/sun/text/bidi/BidiBase.java b/jdk/src/share/classes/sun/text/bidi/BidiBase.java index f13155d06d5..6485bea94e6 100644 --- a/jdk/src/share/classes/sun/text/bidi/BidiBase.java +++ b/jdk/src/share/classes/sun/text/bidi/BidiBase.java @@ -3391,7 +3391,7 @@ public static void reorderVisually(byte[] levels, levelStart + " is out of range 0 to " + (objects.length-1)); } - if (0 > count || objects.length < (objectStart+count)) { + if (0 > count || objects.length - count < objectStart) { throw new IllegalArgumentException("Value count " + levelStart + " is out of range 0 to " + (objects.length - objectStart)); From 6930f190778e62c88ee0d7d382f61515031563e4 Mon Sep 17 00:00:00 2001 From: Dmitry Cherepanov Date: Thu, 14 Sep 2023 12:54:18 +0400 Subject: [PATCH 28/34] 8303384: Improved communication in CORBA Reviewed-by: mbalao, andrew --- .../corba/se/impl/orbutil/IORCheckImpl.java | 109 ++++++++++++++++++ .../corba/se/impl/orbutil/ORBConstants.java | 6 + .../corba/se/idl/toJavaPortable/Stub.java | 8 +- 3 files changed, 118 insertions(+), 5 deletions(-) create mode 100644 corba/src/share/classes/com/sun/corba/se/impl/orbutil/IORCheckImpl.java diff --git a/corba/src/share/classes/com/sun/corba/se/impl/orbutil/IORCheckImpl.java b/corba/src/share/classes/com/sun/corba/se/impl/orbutil/IORCheckImpl.java new file mode 100644 index 00000000000..9f44957e862 --- /dev/null +++ b/corba/src/share/classes/com/sun/corba/se/impl/orbutil/IORCheckImpl.java @@ -0,0 +1,109 @@ +/* + * Copyright (c) 2023, Azul Systems, Inc. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +package com.sun.corba.se.impl.orbutil; + +import java.io.InvalidObjectException; +import java.security.AccessController; +import java.util.*; + +import sun.security.action.GetPropertyAction; + +public final class IORCheckImpl { + + private static final Set stubsToCheck; + + static { + boolean checkLocalStubs = + !getBooleanProperty(ORBConstants.DISABLE_IOR_CHECK_FOR_LOCAL_STUBS, + getBooleanProperty(ORBConstants.ALLOW_DESERIALIZE_OBJECT, false)); + + boolean checkRemoteStubs = + getBooleanProperty(ORBConstants.ENABLE_IOR_CHECK_FOR_REMOTE_STUBS, false); + + stubsToCheck = getStubsToCheck(checkLocalStubs, checkRemoteStubs); + } + + private static Set getStubsToCheck(boolean checkLocalStubs, boolean checkRemoteStubs) { + if (!checkLocalStubs && !checkRemoteStubs) { + return Collections.emptySet(); + } + List stubs = new ArrayList<>(); + if (checkLocalStubs) { + stubs.addAll(getLocalStubs()); + } + if (checkRemoteStubs) { + stubs.addAll(getRemoteStubs()); + } + return Collections.unmodifiableSet(new HashSet<>(stubs)); + } + + private static List getLocalStubs() { + String[] localStubs = { + "org.omg.DynamicAny._DynAnyFactoryStub", + "org.omg.DynamicAny._DynAnyStub", + "org.omg.DynamicAny._DynArrayStub", + "org.omg.DynamicAny._DynEnumStub", + "org.omg.DynamicAny._DynFixedStub", + "org.omg.DynamicAny._DynSequenceStub", + "org.omg.DynamicAny._DynStructStub", + "org.omg.DynamicAny._DynUnionStub", + "org.omg.DynamicAny._DynValueStub" + }; + return Arrays.asList(localStubs); + } + + private static List getRemoteStubs() { + String[] remoteStubs = { + "com.sun.corba.se.spi.activation._ActivatorStub", + "com.sun.corba.se.spi.activation._InitialNameServiceStub", + "com.sun.corba.se.spi.activation._LocatorStub", + "com.sun.corba.se.spi.activation._RepositoryStub", + "com.sun.corba.se.spi.activation._ServerManagerStub", + "com.sun.corba.se.spi.activation._ServerStub", + "org.omg.CosNaming._BindingIteratorStub", + "org.omg.CosNaming._NamingContextExtStub", + "org.omg.CosNaming._NamingContextStub", + "org.omg.PortableServer._ServantActivatorStub", + "org.omg.PortableServer._ServantLocatorStub" + }; + return Arrays.asList(remoteStubs); + } + + /* + * The str parameter is expected to start with "IOR:". + * Otherwise, the method throws the InvalidObjectException exception. + */ + public static void check(String str, String stubClassName) throws InvalidObjectException { + if (stubsToCheck.contains(stubClassName) && !str.startsWith(ORBConstants.STRINGIFY_PREFIX)) { + throw new InvalidObjectException("IOR: expected"); + } + } + + private static boolean getBooleanProperty(String property, boolean defaultValue) { + String value = AccessController.doPrivileged( + new GetPropertyAction(property, String.valueOf(defaultValue))); + return "true".equalsIgnoreCase(value); + } +} diff --git a/corba/src/share/classes/com/sun/corba/se/impl/orbutil/ORBConstants.java b/corba/src/share/classes/com/sun/corba/se/impl/orbutil/ORBConstants.java index a621d88aa43..9779e5c9970 100644 --- a/corba/src/share/classes/com/sun/corba/se/impl/orbutil/ORBConstants.java +++ b/corba/src/share/classes/com/sun/corba/se/impl/orbutil/ORBConstants.java @@ -317,8 +317,14 @@ public static int makePersistent( int scid ) public static final String DYNAMIC_STUB_FACTORY_FACTORY_CLASS = SUN_PREFIX + "ORBDynamicStubFactoryFactoryClass" ; + // This property is provided for backward compatibility reasons public static final String ALLOW_DESERIALIZE_OBJECT = SUN_PREFIX + "ORBAllowDeserializeObject" ; + // Disables the IOR check for the ORB constrained stubs + public static final String DISABLE_IOR_CHECK_FOR_LOCAL_STUBS = ORG_OMG_PREFIX + "DynamicAny.disableIORCheck" ; + // Enables the IOR check for the Remote CORBA services stubs + public static final String ENABLE_IOR_CHECK_FOR_REMOTE_STUBS = ORG_OMG_CORBA_PREFIX + "IDL.Stubs.enableIORCheck"; + // Constants for NameService properties ************************************ public static final int DEFAULT_INITIAL_PORT = 900; diff --git a/corba/src/share/classes/com/sun/tools/corba/se/idl/toJavaPortable/Stub.java b/corba/src/share/classes/com/sun/tools/corba/se/idl/toJavaPortable/Stub.java index 89c809672e7..62d42619116 100644 --- a/corba/src/share/classes/com/sun/tools/corba/se/idl/toJavaPortable/Stub.java +++ b/corba/src/share/classes/com/sun/tools/corba/se/idl/toJavaPortable/Stub.java @@ -101,6 +101,7 @@ protected void openStream () Util.mkdir (pkg); name = pkg + '/' + name; } + stubClassName = name.replace('/', '.'); stream = Util.getStream (name.replace ('/', File.separatorChar) + ".java", i); } // openStream @@ -342,11 +343,7 @@ protected void writeSerializationMethods () stream.println (" private void readObject (java.io.ObjectInputStream s) throws java.io.IOException"); stream.println (" {"); stream.println (" String str = s.readUTF ();"); - if ("DynAnyFactory".equals (i.name ())) { - stream.println (" if (!str.startsWith(com.sun.corba.se.impl.orbutil.ORBConstants.STRINGIFY_PREFIX) &&"); - stream.println (" !Boolean.getBoolean(com.sun.corba.se.impl.orbutil.ORBConstants.ALLOW_DESERIALIZE_OBJECT))"); - stream.println (" throw new java.io.InvalidObjectException(\"IOR: expected\");"); - } + stream.println (" com.sun.corba.se.impl.orbutil.IORCheckImpl.check(str, \"" + stubClassName + "\");"); stream.println (" String[] args = null;"); stream.println (" java.util.Properties props = null;"); stream.println (" org.omg.CORBA.ORB orb = org.omg.CORBA.ORB.init (args, props);"); @@ -382,4 +379,5 @@ protected void writeSerializationMethods () protected String classSuffix = ""; protected boolean localStub = false; private boolean isAbstract = false; + private String stubClassName = null; } // class Stub From 9b6da14435a1c39d9a64b872357467bc54cd1df2 Mon Sep 17 00:00:00 2001 From: Martin Balao Date: Tue, 26 Sep 2023 00:01:11 +0000 Subject: [PATCH 29/34] 8305815: Update Libpng to 1.6.39 Reviewed-by: phh, andrew Backport-of: c1f759e9d01d646eac69442452151b0467eab306 --- THIRD_PARTY_README | 5 +- corba/THIRD_PARTY_README | 5 +- hotspot/THIRD_PARTY_README | 5 +- jaxp/THIRD_PARTY_README | 5 +- jaxws/THIRD_PARTY_README | 5 +- jdk/THIRD_PARTY_README | 5 +- jdk/src/share/native/sun/awt/libpng/CHANGES | 12 ++ jdk/src/share/native/sun/awt/libpng/LICENSE | 2 +- jdk/src/share/native/sun/awt/libpng/README | 137 +++++++++--------- jdk/src/share/native/sun/awt/libpng/png.c | 6 +- jdk/src/share/native/sun/awt/libpng/png.h | 16 +- jdk/src/share/native/sun/awt/libpng/pngconf.h | 2 +- .../share/native/sun/awt/libpng/pnglibconf.h | 2 +- jdk/src/share/native/sun/awt/libpng/pngpriv.h | 2 +- .../share/native/sun/awt/libpng/pngrutil.c | 2 +- langtools/THIRD_PARTY_README | 5 +- nashorn/THIRD_PARTY_README | 5 +- 17 files changed, 121 insertions(+), 100 deletions(-) diff --git a/THIRD_PARTY_README b/THIRD_PARTY_README index f71e8f9b49a..99a20eb52d1 100644 --- a/THIRD_PARTY_README +++ b/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.38, which may be +%% This notice is provided with respect to libpng 1.6.39, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1678,9 +1678,10 @@ Authors, for copyright and licensing purposes. * Arm Holdings - Richard Townsend * Google Inc. + - Dan Field + - Leon Scroggins III - Matt Sarett - Mike Klein - - Dan Field - Sami Boukortt The build projects, the build scripts, the test scripts, and other diff --git a/corba/THIRD_PARTY_README b/corba/THIRD_PARTY_README index ae4f4d796bf..f26a5f3ec57 100644 --- a/corba/THIRD_PARTY_README +++ b/corba/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.38, which may be +%% This notice is provided with respect to libpng 1.6.39, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1678,9 +1678,10 @@ Authors, for copyright and licensing purposes. * Arm Holdings - Richard Townsend * Google Inc. + - Dan Field + - Leon Scroggins III - Matt Sarett - Mike Klein - - Dan Field - Sami Boukortt The build projects, the build scripts, the test scripts, and other diff --git a/hotspot/THIRD_PARTY_README b/hotspot/THIRD_PARTY_README index ae4f4d796bf..f26a5f3ec57 100644 --- a/hotspot/THIRD_PARTY_README +++ b/hotspot/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.38, which may be +%% This notice is provided with respect to libpng 1.6.39, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1678,9 +1678,10 @@ Authors, for copyright and licensing purposes. * Arm Holdings - Richard Townsend * Google Inc. + - Dan Field + - Leon Scroggins III - Matt Sarett - Mike Klein - - Dan Field - Sami Boukortt The build projects, the build scripts, the test scripts, and other diff --git a/jaxp/THIRD_PARTY_README b/jaxp/THIRD_PARTY_README index ae4f4d796bf..f26a5f3ec57 100644 --- a/jaxp/THIRD_PARTY_README +++ b/jaxp/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.38, which may be +%% This notice is provided with respect to libpng 1.6.39, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1678,9 +1678,10 @@ Authors, for copyright and licensing purposes. * Arm Holdings - Richard Townsend * Google Inc. + - Dan Field + - Leon Scroggins III - Matt Sarett - Mike Klein - - Dan Field - Sami Boukortt The build projects, the build scripts, the test scripts, and other diff --git a/jaxws/THIRD_PARTY_README b/jaxws/THIRD_PARTY_README index ae4f4d796bf..f26a5f3ec57 100644 --- a/jaxws/THIRD_PARTY_README +++ b/jaxws/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.38, which may be +%% This notice is provided with respect to libpng 1.6.39, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1678,9 +1678,10 @@ Authors, for copyright and licensing purposes. * Arm Holdings - Richard Townsend * Google Inc. + - Dan Field + - Leon Scroggins III - Matt Sarett - Mike Klein - - Dan Field - Sami Boukortt The build projects, the build scripts, the test scripts, and other diff --git a/jdk/THIRD_PARTY_README b/jdk/THIRD_PARTY_README index ae4f4d796bf..f26a5f3ec57 100644 --- a/jdk/THIRD_PARTY_README +++ b/jdk/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.38, which may be +%% This notice is provided with respect to libpng 1.6.39, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1678,9 +1678,10 @@ Authors, for copyright and licensing purposes. * Arm Holdings - Richard Townsend * Google Inc. + - Dan Field + - Leon Scroggins III - Matt Sarett - Mike Klein - - Dan Field - Sami Boukortt The build projects, the build scripts, the test scripts, and other diff --git a/jdk/src/share/native/sun/awt/libpng/CHANGES b/jdk/src/share/native/sun/awt/libpng/CHANGES index 9a86869681b..468e1119a10 100644 --- a/jdk/src/share/native/sun/awt/libpng/CHANGES +++ b/jdk/src/share/native/sun/awt/libpng/CHANGES @@ -6109,6 +6109,18 @@ Version 1.6.38 [September 14, 2022] Implemented many stability improvements across all platforms. Updated the internal documentation. +Version 1.6.39 [November 20, 2022] + Changed the error handler of oversized chunks (i.e. larger than + PNG_USER_CHUNK_MALLOC_MAX) from png_chunk_error to png_benign_error. + Fixed a buffer overflow error in contrib/tools/pngfix. + Fixed a memory leak (CVE-2019-6129) in contrib/tools/pngcp. + Disabled the ARM Neon optimizations by default in the CMake file, + following the default behavior of the configure script. + Allowed configure.ac to work with the trunk version of autoconf. + Removed the support for "install" targets from the legacy makefiles; + removed the obsolete makefile.cegcc. + Cleaned up the code and updated the internal documentation. + Send comments/corrections/commendations to png-mng-implement at lists.sf.net. Subscription is required; visit https://lists.sourceforge.net/lists/listinfo/png-mng-implement diff --git a/jdk/src/share/native/sun/awt/libpng/LICENSE b/jdk/src/share/native/sun/awt/libpng/LICENSE index c8ad24eecf7..7ac90160ede 100644 --- a/jdk/src/share/native/sun/awt/libpng/LICENSE +++ b/jdk/src/share/native/sun/awt/libpng/LICENSE @@ -131,4 +131,4 @@ The Contributing Authors and Group 42, Inc. specifically permit, without fee, and encourage the use of this source code as a component to supporting the PNG file format in commercial products. If you use this source code in a product, acknowledgment is not required but would -be appreciated. +be appreciated. \ No newline at end of file diff --git a/jdk/src/share/native/sun/awt/libpng/README b/jdk/src/share/native/sun/awt/libpng/README index e6e72aa5472..097a3c21841 100644 --- a/jdk/src/share/native/sun/awt/libpng/README +++ b/jdk/src/share/native/sun/awt/libpng/README @@ -1,4 +1,4 @@ -README for libpng version 1.6.38 +README for libpng version 1.6.39 ================================ See the note about version numbers near the top of png.h. @@ -106,73 +106,74 @@ subscribe). Files in this distribution: - ANNOUNCE => Announcement of this version, with recent changes - AUTHORS => List of contributing authors - CHANGES => Description of changes between libpng versions - KNOWNBUG => List of known bugs and deficiencies - LICENSE => License to use and redistribute libpng - README => This file - TODO => Things not implemented in the current library - TRADEMARK => Trademark information - example.c => Example code for using libpng functions - libpng.3 => manual page for libpng (includes libpng-manual.txt) - libpng-manual.txt => Description of libpng and its functions - libpngpf.3 => manual page for libpng's private functions - png.5 => manual page for the PNG format - png.c => Basic interface functions common to library - png.h => Library function and interface declarations (public) - pngpriv.h => Library function and interface declarations (private) - pngconf.h => System specific library configuration (public) - pngstruct.h => png_struct declaration (private) - pnginfo.h => png_info struct declaration (private) - pngdebug.h => debugging macros (private) - pngerror.c => Error/warning message I/O functions - pngget.c => Functions for retrieving info from struct - pngmem.c => Memory handling functions - pngbar.png => PNG logo, 88x31 - pngnow.png => PNG logo, 98x31 - pngpread.c => Progressive reading functions - pngread.c => Read data/helper high-level functions - pngrio.c => Lowest-level data read I/O functions - pngrtran.c => Read data transformation functions - pngrutil.c => Read data utility functions - pngset.c => Functions for storing data into the info_struct - pngtest.c => Library test program - pngtest.png => Library test sample image - pngtrans.c => Common data transformation functions - pngwio.c => Lowest-level write I/O functions - pngwrite.c => High-level write functions - pngwtran.c => Write data transformations - pngwutil.c => Write utility functions - arm => Contains optimized code for the ARM platform - powerpc => Contains optimized code for the PowerPC platform - contrib => Contributions - arm-neon => Optimized code for ARM-NEON platform - powerpc-vsx => Optimized code for POWERPC-VSX platform - examples => Example programs - gregbook => source code for PNG reading and writing, from - Greg Roelofs' "PNG: The Definitive Guide", - O'Reilly, 1999 - libtests => Test programs - mips-msa => Optimized code for MIPS-MSA platform - pngminim => Minimal decoder, encoder, and progressive decoder - programs demonstrating use of pngusr.dfa - pngminus => Simple pnm2png and png2pnm programs - pngsuite => Test images - testpngs - tools => Various tools - visupng => Contains a MSVC workspace for VisualPng - intel => Optimized code for INTEL-SSE2 platform - mips => Optimized code for MIPS platform - projects => Contains project files and workspaces for - building a DLL - owatcom => Contains a WATCOM project for building libpng - visualc71 => Contains a Microsoft Visual C++ (MSVC) - workspace for building libpng and zlib - vstudio => Contains a Microsoft Visual C++ (MSVC) - workspace for building libpng and zlib - scripts => Directory containing scripts for building libpng: - (see scripts/README.txt for the list of scripts) + ANNOUNCE => Announcement of this version, with recent changes + AUTHORS => List of contributing authors + CHANGES => Description of changes between libpng versions + INSTALL => Instructions to install libpng + LICENSE => License to use and redistribute libpng + README => This file + TODO => Things not implemented in the current library + TRADEMARK => Trademark information + example.c => Example code for using libpng functions + libpng.3 => Manual page for libpng (includes libpng-manual.txt) + libpng-manual.txt => Description of libpng and its functions + libpngpf.3 => Manual page for libpng's private functions (deprecated) + png.5 => Manual page for the PNG format + png.c => Basic interface functions common to library + png.h => Library function and interface declarations (public) + pngpriv.h => Library function and interface declarations (private) + pngconf.h => System specific library configuration (public) + pngstruct.h => png_struct declaration (private) + pnginfo.h => png_info struct declaration (private) + pngdebug.h => debugging macros (private) + pngerror.c => Error/warning message I/O functions + pngget.c => Functions for retrieving info from struct + pngmem.c => Memory handling functions + pngbar.png => PNG logo, 88x31 + pngnow.png => PNG logo, 98x31 + pngpread.c => Progressive reading functions + pngread.c => Read data/helper high-level functions + pngrio.c => Lowest-level data read I/O functions + pngrtran.c => Read data transformation functions + pngrutil.c => Read data utility functions + pngset.c => Functions for storing data into the info_struct + pngtest.c => Library test program + pngtest.png => Library test sample image + pngtrans.c => Common data transformation functions + pngwio.c => Lowest-level write I/O functions + pngwrite.c => High-level write functions + pngwtran.c => Write data transformations + pngwutil.c => Write utility functions + arm/ => Optimized code for the ARM platform + intel/ => Optimized code for the INTEL-SSE2 platform + mips/ => Optimized code for the MIPS platform + powerpc/ => Optimized code for the PowerPC platform + ci/ => Scripts for continuous integration + contrib/ => External contributions + arm-neon/ => Optimized code for the ARM-NEON platform + mips-msa/ => Optimized code for the MIPS-MSA platform + powerpc-vsx/ => Optimized code for the POWERPC-VSX platform + examples/ => Example programs + gregbook/ => Source code for PNG reading and writing, from + "PNG: The Definitive Guide" by Greg Roelofs, + O'Reilly, 1999 + libtests/ => Test programs + oss-fuzz/ => Files used by the OSS-Fuzz project for fuzz-testing + libpng + pngminim/ => Minimal decoder, encoder, and progressive decoder + programs demonstrating the use of pngusr.dfa + pngminus/ => Simple pnm2png and png2pnm programs + pngsuite/ => Test images + testpngs/ => Test images + tools/ => Various tools + visupng/ => VisualPng, a Windows viewer for PNG images + projects/ => Project files and workspaces for various IDEs + owatcom/ => OpenWatcom project + visualc71/ => Microsoft Visual C++ 7.1 workspace + vstudio/ => Microsoft Visual Studio workspace + scripts/ => Scripts and makefiles for building libpng + (see scripts/README.txt for the complete list) + tests/ => Test scripts Good luck, and happy coding! diff --git a/jdk/src/share/native/sun/awt/libpng/png.c b/jdk/src/share/native/sun/awt/libpng/png.c index ba608f128ab..30181b6ff7c 100644 --- a/jdk/src/share/native/sun/awt/libpng/png.c +++ b/jdk/src/share/native/sun/awt/libpng/png.c @@ -42,7 +42,7 @@ #include "pngpriv.h" /* Generate a compiler error if there is an old png.h in the search path. */ -typedef png_libpng_version_1_6_38 Your_png_h_is_not_version_1_6_38; +typedef png_libpng_version_1_6_39 Your_png_h_is_not_version_1_6_39; #ifdef __GNUC__ /* The version tests may need to be added to, but the problem warning has @@ -843,7 +843,7 @@ png_get_copyright(png_const_structrp png_ptr) return PNG_STRING_COPYRIGHT #else return PNG_STRING_NEWLINE \ - "libpng version 1.6.38" PNG_STRING_NEWLINE \ + "libpng version 1.6.39" PNG_STRING_NEWLINE \ "Copyright (c) 2018-2022 Cosmin Truta" PNG_STRING_NEWLINE \ "Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson" \ PNG_STRING_NEWLINE \ @@ -2738,7 +2738,7 @@ png_check_IHDR(png_const_structrp png_ptr, int /* PRIVATE */ png_check_fp_number(png_const_charp string, size_t size, int *statep, - png_size_tp whereami) + size_t *whereami) { int state = *statep; size_t i = *whereami; diff --git a/jdk/src/share/native/sun/awt/libpng/png.h b/jdk/src/share/native/sun/awt/libpng/png.h index aeff31573c7..3d9fa03de66 100644 --- a/jdk/src/share/native/sun/awt/libpng/png.h +++ b/jdk/src/share/native/sun/awt/libpng/png.h @@ -29,7 +29,7 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * libpng version 1.6.38 - September 14, 2022 + * libpng version 1.6.39 - November 20, 2022 * * Copyright (c) 2018-2022 Cosmin Truta * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson @@ -43,7 +43,7 @@ * libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger * libpng versions 0.97, January 1998, through 1.6.35, July 2018: * Glenn Randers-Pehrson - * libpng versions 1.6.36, December 2018, through 1.6.38, September 2022: + * libpng versions 1.6.36, December 2018, through 1.6.39, November 2022: * Cosmin Truta * See also "Contributing Authors", below. */ @@ -267,7 +267,7 @@ * ... * 1.5.30 15 10530 15.so.15.30[.0] * ... - * 1.6.38 16 10638 16.so.16.38[.0] + * 1.6.39 16 10639 16.so.16.39[.0] * * Henceforth the source version will match the shared-library major and * minor numbers; the shared-library major version number will be used for @@ -306,8 +306,8 @@ */ /* Version information for png.h - this should match the version in png.c */ -#define PNG_LIBPNG_VER_STRING "1.6.38" -#define PNG_HEADER_VERSION_STRING " libpng version 1.6.38 - September 14, 2022\n" +#define PNG_LIBPNG_VER_STRING "1.6.39" +#define PNG_HEADER_VERSION_STRING " libpng version 1.6.39 - November 20, 2022\n" #define PNG_LIBPNG_VER_SONUM 16 #define PNG_LIBPNG_VER_DLLNUM 16 @@ -315,7 +315,7 @@ /* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */ #define PNG_LIBPNG_VER_MAJOR 1 #define PNG_LIBPNG_VER_MINOR 6 -#define PNG_LIBPNG_VER_RELEASE 38 +#define PNG_LIBPNG_VER_RELEASE 39 /* This should be zero for a public release, or non-zero for a * development version. [Deprecated] @@ -346,7 +346,7 @@ * From version 1.0.1 it is: * XXYYZZ, where XX=major, YY=minor, ZZ=release */ -#define PNG_LIBPNG_VER 10638 /* 1.6.38 */ +#define PNG_LIBPNG_VER 10639 /* 1.6.39 */ /* Library configuration: these options cannot be changed after * the library has been built. @@ -456,7 +456,7 @@ extern "C" { /* This triggers a compiler error in png.c, if png.c and png.h * do not agree upon the version number. */ -typedef char* png_libpng_version_1_6_38; +typedef char* png_libpng_version_1_6_39; /* Basic control structions. Read libpng-manual.txt or libpng.3 for more info. * diff --git a/jdk/src/share/native/sun/awt/libpng/pngconf.h b/jdk/src/share/native/sun/awt/libpng/pngconf.h index e95fa34ad7a..d11e9ac346a 100644 --- a/jdk/src/share/native/sun/awt/libpng/pngconf.h +++ b/jdk/src/share/native/sun/awt/libpng/pngconf.h @@ -29,7 +29,7 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: * - * libpng version 1.6.38 + * libpng version 1.6.39 * * Copyright (c) 2018-2022 Cosmin Truta * Copyright (c) 1998-2002,2004,2006-2016,2018 Glenn Randers-Pehrson diff --git a/jdk/src/share/native/sun/awt/libpng/pnglibconf.h b/jdk/src/share/native/sun/awt/libpng/pnglibconf.h index b3dc39a45be..f6923c01e9f 100644 --- a/jdk/src/share/native/sun/awt/libpng/pnglibconf.h +++ b/jdk/src/share/native/sun/awt/libpng/pnglibconf.h @@ -31,7 +31,7 @@ * However, the following notice accompanied the original version of this * file and, per its terms, should not be removed: */ -/* libpng version 1.6.38 */ +/* libpng version 1.6.39 */ /* Copyright (c) 2018-2022 Cosmin Truta */ /* Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson */ diff --git a/jdk/src/share/native/sun/awt/libpng/pngpriv.h b/jdk/src/share/native/sun/awt/libpng/pngpriv.h index ed44512ef20..ec473298068 100644 --- a/jdk/src/share/native/sun/awt/libpng/pngpriv.h +++ b/jdk/src/share/native/sun/awt/libpng/pngpriv.h @@ -1974,7 +1974,7 @@ PNG_INTERNAL_FUNCTION(void,png_ascii_from_fixed,(png_const_structrp png_ptr, * the problem character.) This has not been tested within libpng. */ PNG_INTERNAL_FUNCTION(int,png_check_fp_number,(png_const_charp string, - size_t size, int *statep, png_size_tp whereami),PNG_EMPTY); + size_t size, int *statep, size_t *whereami),PNG_EMPTY); /* This is the same but it checks a complete string and returns true * only if it just contains a floating point number. As of 1.5.4 this diff --git a/jdk/src/share/native/sun/awt/libpng/pngrutil.c b/jdk/src/share/native/sun/awt/libpng/pngrutil.c index d41a6d09b27..524297c5a10 100644 --- a/jdk/src/share/native/sun/awt/libpng/pngrutil.c +++ b/jdk/src/share/native/sun/awt/libpng/pngrutil.c @@ -3214,7 +3214,7 @@ png_check_chunk_length(png_const_structrp png_ptr, png_uint_32 length) { png_debug2(0," length = %lu, limit = %lu", (unsigned long)length,(unsigned long)limit); - png_chunk_error(png_ptr, "chunk data is too large"); + png_benign_error(png_ptr, "chunk data is too large"); } } diff --git a/langtools/THIRD_PARTY_README b/langtools/THIRD_PARTY_README index ae4f4d796bf..f26a5f3ec57 100644 --- a/langtools/THIRD_PARTY_README +++ b/langtools/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.38, which may be +%% This notice is provided with respect to libpng 1.6.39, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1678,9 +1678,10 @@ Authors, for copyright and licensing purposes. * Arm Holdings - Richard Townsend * Google Inc. + - Dan Field + - Leon Scroggins III - Matt Sarett - Mike Klein - - Dan Field - Sami Boukortt The build projects, the build scripts, the test scripts, and other diff --git a/nashorn/THIRD_PARTY_README b/nashorn/THIRD_PARTY_README index ae4f4d796bf..f26a5f3ec57 100644 --- a/nashorn/THIRD_PARTY_README +++ b/nashorn/THIRD_PARTY_README @@ -1472,7 +1472,7 @@ included with JDK 8 and OpenJDK 8 source distributions. ------------------------------------------------------------------------------- -%% This notice is provided with respect to libpng 1.6.38, which may be +%% This notice is provided with respect to libpng 1.6.39, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- @@ -1678,9 +1678,10 @@ Authors, for copyright and licensing purposes. * Arm Holdings - Richard Townsend * Google Inc. + - Dan Field + - Leon Scroggins III - Matt Sarett - Mike Klein - - Dan Field - Sami Boukortt The build projects, the build scripts, the test scripts, and other From 32ec85f1ee2c9d1cc5109d4c4678d2aadf6dbf09 Mon Sep 17 00:00:00 2001 From: Yuri Nesterenko Date: Wed, 6 Sep 2023 15:20:03 -0700 Subject: [PATCH 30/34] 8309966: Enhanced TLS connections Reviewed-by: mbalao, andrew Backport-of: d25ee81f56d67f2c51ba8b8c59f470c6f88ae47f --- .../security/cert/CertPathHelperImpl.java | 11 +- .../java/security/cert/X509CertSelector.java | 14 +-- .../provider/certpath/CertPathHelper.java | 14 +-- .../provider/certpath/ForwardBuilder.java | 65 ----------- .../provider/certpath/ForwardState.java | 50 -------- .../provider/certpath/SunCertPathBuilder.java | 109 ++++++++++++++---- 6 files changed, 90 insertions(+), 173 deletions(-) diff --git a/jdk/src/share/classes/java/security/cert/CertPathHelperImpl.java b/jdk/src/share/classes/java/security/cert/CertPathHelperImpl.java index c56a5f1458d..54cc8af3acf 100644 --- a/jdk/src/share/classes/java/security/cert/CertPathHelperImpl.java +++ b/jdk/src/share/classes/java/security/cert/CertPathHelperImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,12 +25,10 @@ package java.security.cert; -import java.util.*; +import java.util.Date; import sun.security.provider.certpath.CertPathHelper; -import sun.security.x509.GeneralNameInterface; - /** * Helper class that allows the Sun CertPath provider to access * implementation dependent APIs in CertPath framework. @@ -55,11 +53,6 @@ synchronized static void initialize() { } } - protected void implSetPathToNames(X509CertSelector sel, - Set names) { - sel.setPathToNamesInternal(names); - } - protected void implSetDateAndTime(X509CRLSelector sel, Date date, long skew) { sel.setDateAndTime(date, skew); } diff --git a/jdk/src/share/classes/java/security/cert/X509CertSelector.java b/jdk/src/share/classes/java/security/cert/X509CertSelector.java index 905e45401e9..74e4c5c2aca 100644 --- a/jdk/src/share/classes/java/security/cert/X509CertSelector.java +++ b/jdk/src/share/classes/java/security/cert/X509CertSelector.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -90,10 +90,6 @@ public class X509CertSelector implements CertSelector { private final static ObjectIdentifier ANY_EXTENDED_KEY_USAGE = ObjectIdentifier.newInternal(new int[] {2, 5, 29, 37, 0}); - static { - CertPathHelperImpl.initialize(); - } - private BigInteger serialNumber; private X500Principal issuer; private X500Principal subject; @@ -1177,14 +1173,6 @@ public void setPathToNames(Collection> names) throws IOException { } } - // called from CertPathHelper - void setPathToNamesInternal(Set names) { - // set names to non-null dummy value - // this breaks getPathToNames() - pathToNames = Collections.>emptySet(); - pathToGeneralNames = names; - } - /** * Adds a name to the pathToNames criterion. The {@code X509Certificate} * must not include name constraints that would prohibit building a diff --git a/jdk/src/share/classes/sun/security/provider/certpath/CertPathHelper.java b/jdk/src/share/classes/sun/security/provider/certpath/CertPathHelper.java index 7c02007422d..ebc2200f0e6 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/CertPathHelper.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/CertPathHelper.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,14 +26,10 @@ package sun.security.provider.certpath; import java.util.Date; -import java.util.Set; import java.security.cert.TrustAnchor; -import java.security.cert.X509CertSelector; import java.security.cert.X509CRLSelector; -import sun.security.x509.GeneralNameInterface; - /** * Helper class that allows access to JDK specific known-public methods in the * java.security.cert package. It relies on a subclass in the @@ -55,18 +51,10 @@ protected CertPathHelper() { // empty } - protected abstract void implSetPathToNames(X509CertSelector sel, - Set names); - protected abstract void implSetDateAndTime(X509CRLSelector sel, Date date, long skew); protected abstract boolean implIsJdkCA(TrustAnchor anchor); - static void setPathToNames(X509CertSelector sel, - Set names) { - instance.implSetPathToNames(sel, names); - } - public static void setDateAndTime(X509CRLSelector sel, Date date, long skew) { instance.implSetDateAndTime(sel, date, skew); } diff --git a/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java b/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java index 2afb2f9a85f..00351647349 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java @@ -48,7 +48,6 @@ import sun.security.x509.AuthorityInfoAccessExtension; import sun.security.x509.AuthorityKeyIdentifierExtension; import static sun.security.x509.PKIXExtensions.*; -import sun.security.x509.SubjectAlternativeNameExtension; import sun.security.x509.X500Name; import sun.security.x509.X509CertImpl; @@ -258,14 +257,6 @@ private void getMatchingCACerts(ForwardState currentState, */ caSelector.setSubject(currentState.issuerDN); - /* - * Match on subjectNamesTraversed (both DNs and AltNames) - * (checks that current cert's name constraints permit it - * to certify all the DNs and AltNames that have been traversed) - */ - CertPathHelper.setPathToNames - (caSelector, currentState.subjectNamesTraversed); - /* * check the validity period */ @@ -704,19 +695,6 @@ void verifyCert(X509Certificate cert, State currentState, // Don't bother to verify untrusted certificate more. currState.untrustedChecker.check(cert, Collections.emptySet()); - /* - * Abort if we encounter the same certificate or a certificate with - * the same public key, subject DN, and subjectAltNames as a cert - * that is already in path. - */ - for (X509Certificate cpListCert : certPathList) { - if (repeated(cpListCert, cert)) { - throw new CertPathValidatorException( - "cert with repeated subject, public key, and " + - "subjectAltNames detected"); - } - } - /* check if trusted cert */ boolean isTrustedCert = trustedCerts.contains(cert); @@ -794,49 +772,6 @@ void verifyCert(X509Certificate cert, State currentState, } } - /** - * Return true if two certificates are equal or have the same subject, - * public key, and subject alternative names. - */ - private static boolean repeated( - X509Certificate currCert, X509Certificate nextCert) { - if (currCert.equals(nextCert)) { - return true; - } - return (currCert.getSubjectX500Principal().equals( - nextCert.getSubjectX500Principal()) && - currCert.getPublicKey().equals(nextCert.getPublicKey()) && - altNamesEqual(currCert, nextCert)); - } - - /** - * Return true if two certificates have the same subject alternative names. - */ - private static boolean altNamesEqual( - X509Certificate currCert, X509Certificate nextCert) { - X509CertImpl curr, next; - try { - curr = X509CertImpl.toImpl(currCert); - next = X509CertImpl.toImpl(nextCert); - } catch (CertificateException ce) { - return false; - } - - SubjectAlternativeNameExtension currAltNameExt = - curr.getSubjectAlternativeNameExtension(); - SubjectAlternativeNameExtension nextAltNameExt = - next.getSubjectAlternativeNameExtension(); - if (currAltNameExt != null) { - if (nextAltNameExt == null) { - return false; - } - return Arrays.equals(currAltNameExt.getExtensionValue(), - nextAltNameExt.getExtensionValue()); - } else { - return (nextAltNameExt == null); - } - } - /** * Verifies whether the input certificate completes the path. * First checks the cert against each trust anchor that was specified, diff --git a/jdk/src/share/classes/sun/security/provider/certpath/ForwardState.java b/jdk/src/share/classes/sun/security/provider/certpath/ForwardState.java index 9d7af9b169b..9a5088babf2 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/ForwardState.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/ForwardState.java @@ -31,17 +31,11 @@ import java.security.cert.PKIXCertPathChecker; import java.security.cert.X509Certificate; import java.util.ArrayList; -import java.util.HashSet; import java.util.List; import java.util.ListIterator; import javax.security.auth.x500.X500Principal; import sun.security.util.Debug; -import sun.security.x509.SubjectAlternativeNameExtension; -import sun.security.x509.GeneralNames; -import sun.security.x509.GeneralName; -import sun.security.x509.GeneralNameInterface; -import sun.security.x509.X500Name; import sun.security.x509.X509CertImpl; /** @@ -61,9 +55,6 @@ class ForwardState implements State { /* The last cert in the path */ X509CertImpl cert; - /* The set of subjectDNs and subjectAltNames of all certs in the path */ - HashSet subjectNamesTraversed; - /* * The number of intermediate CA certs which have been traversed so * far in the path @@ -73,7 +64,6 @@ class ForwardState implements State { /* Flag indicating if state is initial (path is just starting) */ private boolean init = true; - /* the untrusted certificates checker */ UntrustedChecker untrustedChecker; @@ -104,8 +94,6 @@ public String toString() { sb.append("\n issuerDN of last cert: ").append(issuerDN); sb.append("\n traversedCACerts: ").append(traversedCACerts); sb.append("\n init: ").append(String.valueOf(init)); - sb.append("\n subjectNamesTraversed: \n").append - (subjectNamesTraversed); sb.append("\n selfIssued: ").append (String.valueOf(selfIssued)); sb.append("]\n"); @@ -120,7 +108,6 @@ public String toString() { public void initState(List certPathCheckers) throws CertPathValidatorException { - subjectNamesTraversed = new HashSet(); traversedCACerts = 0; /* @@ -170,32 +157,6 @@ public void updateState(X509Certificate cert) } } - /* update subjectNamesTraversed only if this is the EE cert or if - this cert is not self-issued */ - if (init || !selfIssued) { - X500Principal subjName = cert.getSubjectX500Principal(); - subjectNamesTraversed.add(X500Name.asX500Name(subjName)); - - try { - SubjectAlternativeNameExtension subjAltNameExt - = icert.getSubjectAlternativeNameExtension(); - if (subjAltNameExt != null) { - GeneralNames gNames = subjAltNameExt.get( - SubjectAlternativeNameExtension.SUBJECT_NAME); - for (GeneralName gName : gNames.names()) { - subjectNamesTraversed.add(gName.getName()); - } - } - } catch (IOException e) { - if (debug != null) { - debug.println("ForwardState.updateState() unexpected " - + "exception"); - e.printStackTrace(); - } - throw new CertPathValidatorException(e); - } - } - init = false; } @@ -203,10 +164,6 @@ public void updateState(X509Certificate cert) * Clone current state. The state is cloned as each cert is * added to the path. This is necessary if backtracking occurs, * and a prior state needs to be restored. - * - * Note that this is a SMART clone. Not all fields are fully copied, - * because some of them will - * not have their contents modified by subsequent calls to updateState. */ @Override @SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly @@ -226,13 +183,6 @@ public Object clone() { } } - /* - * Shallow copy traversed names. There is no need to - * deep copy contents, since the elements of the Set - * are never modified by subsequent calls to updateState(). - */ - clonedState.subjectNamesTraversed - = (HashSet)subjectNamesTraversed.clone(); return clonedState; } catch (CloneNotSupportedException e) { throw new InternalError(e.toString(), e); diff --git a/jdk/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java b/jdk/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java index fd4eb9543e9..fd5a01a923d 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java @@ -33,6 +33,7 @@ import java.security.cert.CertPathValidatorException.BasicReason; import java.security.cert.PKIXReason; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.List; @@ -42,6 +43,7 @@ import sun.security.provider.certpath.PKIX.BuilderParams; import static sun.security.x509.PKIXExtensions.*; +import sun.security.x509.SubjectAlternativeNameExtension; import sun.security.x509.X509CertImpl; import sun.security.util.Debug; @@ -265,7 +267,7 @@ private void depthFirstSearchForward(X500Principal dN, */ Collection certs = builder.getMatchingCerts(currentState, buildParams.certStores()); - List vertices = addVertices(certs, adjList); + List vertices = addVertices(certs, adjList, cpList); if (debug != null) { debug.println("SunCertPathBuilder.depthFirstSearchForward(): " + "certs.size=" + vertices.size()); @@ -325,17 +327,32 @@ private void depthFirstSearchForward(X500Principal dN, * cert (which is signed by the trusted public key), but * don't add it yet to the cpList */ + PublicKey rootKey = cert.getPublicKey(); if (builder.trustAnchor.getTrustedCert() == null) { appendedCerts.add(0, cert); + rootKey = builder.trustAnchor.getCAPublicKey(); + if (debug != null) + debug.println( + "SunCertPathBuilder.depthFirstSearchForward " + + "using buildParams public key: " + + rootKey.toString()); } + TrustAnchor anchor = new TrustAnchor + (cert.getSubjectX500Principal(), rootKey, null); + // add the basic checker + List checkers = new ArrayList<>(); + BasicChecker basicChecker = new BasicChecker(anchor, + buildParams.date(), + buildParams.sigProvider(), + true); + checkers.add(basicChecker); Set initExpPolSet = Collections.singleton(PolicyChecker.ANY_POLICY); PolicyNodeImpl rootNode = new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null, false, initExpPolSet, false); - List checkers = new ArrayList<>(); PolicyChecker policyChecker = new PolicyChecker(buildParams.initialPolicies(), appendedCerts.size(), @@ -346,28 +363,13 @@ private void depthFirstSearchForward(X500Principal dN, rootNode); checkers.add(policyChecker); + // add the constraints checker + checkers.add(new ConstraintsChecker(appendedCerts.size())); + // add the algorithm checker checkers.add(new AlgorithmChecker(builder.trustAnchor, buildParams.timestamp(), buildParams.variant())); - PublicKey rootKey = cert.getPublicKey(); - if (builder.trustAnchor.getTrustedCert() == null) { - rootKey = builder.trustAnchor.getCAPublicKey(); - if (debug != null) - debug.println( - "SunCertPathBuilder.depthFirstSearchForward " + - "using buildParams public key: " + - rootKey.toString()); - } - TrustAnchor anchor = new TrustAnchor - (cert.getSubjectX500Principal(), rootKey, null); - - // add the basic checker - BasicChecker basicChecker = new BasicChecker(anchor, - buildParams.date(), - buildParams.sigProvider(), - true); - checkers.add(basicChecker); buildParams.setCertPath(cf.generateCertPath(appendedCerts)); @@ -563,18 +565,79 @@ private void depthFirstSearchForward(X500Principal dN, * adjacency list. */ private static List addVertices(Collection certs, - List> adjList) + List> adjList, + List cpList) { List l = adjList.get(adjList.size() - 1); for (X509Certificate cert : certs) { - Vertex v = new Vertex(cert); - l.add(v); + boolean repeated = false; + for (X509Certificate cpListCert : cpList) { + /* + * Ignore if we encounter the same certificate or a + * certificate with the same public key, subject DN, and + * subjectAltNames as a cert that is already in path. + */ + if (repeated(cpListCert, cert)) { + if (debug != null) { + debug.println("cert with repeated subject, " + + "public key, and subjectAltNames detected"); + } + repeated = true; + break; + } + } + if (!repeated) { + l.add(new Vertex(cert)); + } } return l; } + /** + * Return true if two certificates are equal or have the same subject, + * public key, and subject alternative names. + */ + private static boolean repeated( + X509Certificate currCert, X509Certificate nextCert) { + if (currCert.equals(nextCert)) { + return true; + } + return (currCert.getSubjectX500Principal().equals( + nextCert.getSubjectX500Principal()) && + currCert.getPublicKey().equals(nextCert.getPublicKey()) && + altNamesEqual(currCert, nextCert)); + } + + /** + * Return true if two certificates have the same subject alternative names. + */ + private static boolean altNamesEqual( + X509Certificate currCert, X509Certificate nextCert) { + X509CertImpl curr, next; + try { + curr = X509CertImpl.toImpl(currCert); + next = X509CertImpl.toImpl(nextCert); + } catch (CertificateException ce) { + return false; + } + + SubjectAlternativeNameExtension currAltNameExt = + curr.getSubjectAlternativeNameExtension(); + SubjectAlternativeNameExtension nextAltNameExt = + next.getSubjectAlternativeNameExtension(); + if (currAltNameExt != null) { + if (nextAltNameExt == null) { + return false; + } + return Arrays.equals(currAltNameExt.getExtensionValue(), + nextAltNameExt.getExtensionValue()); + } else { + return (nextAltNameExt == null); + } + } + /** * Returns true if trust anchor certificate matches specified * certificate constraints. From 33f3f1c76562c4a3073ce4d1fba60e93c7f56fac Mon Sep 17 00:00:00 2001 From: Yuri Nesterenko Date: Fri, 11 Aug 2023 14:30:49 +0300 Subject: [PATCH 31/34] 8284910: Buffer clean in PasswordCallback Reviewed-by: mbalao, andrew Backport-of: 89fd6d34f859d61d9cf5a1edf9419eee7c338390 --- .../auth/callback/PasswordCallback.java | 38 ++++++++++-- .../PasswordCallback/CheckCleanerBound.java | 61 +++++++++++++++++++ .../PasswordCallback/PasswordCleanup.java | 52 ++++++++++++++++ 3 files changed, 145 insertions(+), 6 deletions(-) create mode 100644 jdk/test/javax/security/auth/callback/PasswordCallback/CheckCleanerBound.java create mode 100644 jdk/test/javax/security/auth/callback/PasswordCallback/PasswordCleanup.java diff --git a/jdk/src/share/classes/javax/security/auth/callback/PasswordCallback.java b/jdk/src/share/classes/javax/security/auth/callback/PasswordCallback.java index 0e8fb7bd794..0578be39c49 100644 --- a/jdk/src/share/classes/javax/security/auth/callback/PasswordCallback.java +++ b/jdk/src/share/classes/javax/security/auth/callback/PasswordCallback.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,9 @@ package javax.security.auth.callback; +import java.util.Arrays; +import sun.misc.Cleaner; + /** *

Underlying security services instantiate and pass a * {@code PasswordCallback} to the {@code handle} @@ -40,18 +43,22 @@ public class PasswordCallback implements Callback, java.io.Serializable { * @serial * @since 1.4 */ - private String prompt; + private final String prompt; + /** * @serial * @since 1.4 */ - private boolean echoOn; + private final boolean echoOn; + /** * @serial * @since 1.4 */ private char[] inputPassword; + private transient Cleaner cleaner; + /** * Construct a {@code PasswordCallback} with a prompt * and a boolean specifying whether the password should be displayed @@ -112,7 +119,18 @@ public boolean isEchoOn() { * @see #getPassword */ public void setPassword(char[] password) { + // Cleanup the last buffered password copy. + if (cleaner != null) { + cleaner.clean(); + cleaner = null; + } + + // Set the retrieved password. this.inputPassword = (password == null ? null : password.clone()); + + if (this.inputPassword != null) { + cleaner = Cleaner.create(this, cleanerFor(inputPassword)); + } } /** @@ -134,9 +152,17 @@ public char[] getPassword() { * Clear the retrieved password. */ public void clearPassword() { - if (inputPassword != null) { - for (int i = 0; i < inputPassword.length; i++) - inputPassword[i] = ' '; + // Cleanup the last retrieved password copy. + if (cleaner != null) { + cleaner.clean(); + cleaner = null; } } + + private static Runnable cleanerFor(char[] password) { + return () -> { + Arrays.fill(password, ' '); + }; + } + } diff --git a/jdk/test/javax/security/auth/callback/PasswordCallback/CheckCleanerBound.java b/jdk/test/javax/security/auth/callback/PasswordCallback/CheckCleanerBound.java new file mode 100644 index 00000000000..cc995893f65 --- /dev/null +++ b/jdk/test/javax/security/auth/callback/PasswordCallback/CheckCleanerBound.java @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2022 THL A29 Limited, a Tencent company. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8284910 + * @summary Check that the cleaner is not bound to the PasswordCallback object + */ + +import javax.security.auth.callback.PasswordCallback; +import java.util.WeakHashMap; + +public final class CheckCleanerBound { + private final static WeakHashMap weakHashMap = + new WeakHashMap<>(); + + public static void main(String[] args) throws Exception { + // Create an object + PasswordCallback passwordCallback = + new PasswordCallback("Password: ", false); + passwordCallback.setPassword("ThisIsAPassword".toCharArray()); + + weakHashMap.put(passwordCallback, null); + passwordCallback = null; + + // Check if the PasswordCallback object could be collected. + // Wait to trigger the cleanup. + for (int i = 0; i < 10 && weakHashMap.size() != 0; i++) { + System.gc(); + } + + // Check if the object has been collected. The collection will not + // happen if the cleaner implementation in PasswordCallback is bound + // to the PasswordCallback object. + if (weakHashMap.size() > 0) { + throw new RuntimeException( + "PasswordCallback object is not released"); + } + } +} + diff --git a/jdk/test/javax/security/auth/callback/PasswordCallback/PasswordCleanup.java b/jdk/test/javax/security/auth/callback/PasswordCallback/PasswordCleanup.java new file mode 100644 index 00000000000..ea8b1d1c145 --- /dev/null +++ b/jdk/test/javax/security/auth/callback/PasswordCallback/PasswordCleanup.java @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2022 THL A29 Limited, a Tencent company. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8284910 + * @summary Check that PasswordCallback.clearPassword() clears the password + */ + +import javax.security.auth.callback.PasswordCallback; +import java.util.Arrays; + +public final class PasswordCleanup { + public static void main(String[] args) throws Exception { + // Create an object + PasswordCallback passwordCallback = + new PasswordCallback("Password: ", false); + passwordCallback.setPassword("ThisIsAPassword".toCharArray()); + char[] originPassword = passwordCallback.getPassword(); + + // Use password clear method. + passwordCallback.clearPassword(); + + // Check that the password is cleared. + char[] clearedPassword = passwordCallback.getPassword(); + if (Arrays.equals(originPassword, clearedPassword)) { + throw new RuntimeException( + "PasswordCallback.clearPassword() does not clear passwords"); + } + } +} + From dee2d2de8e939a09f5abebc478b919fdb289748e Mon Sep 17 00:00:00 2001 From: Yuri Nesterenko Date: Mon, 25 Sep 2023 11:19:17 +0300 Subject: [PATCH 32/34] 8286503: Enhance security classes Reviewed-by: mbalao, andrew Backport-of: 7f5e120a631ffda3e6d5efc03bae572b21877b69 --- .../com/sun/crypto/provider/DESKey.java | 23 ++++++-- .../com/sun/crypto/provider/DESedeKey.java | 24 ++++++-- .../com/sun/crypto/provider/DHPrivateKey.java | 33 +++++++++-- .../com/sun/crypto/provider/DHPublicKey.java | 33 +++++++++-- .../com/sun/crypto/provider/PBEKey.java | 34 ++++++++--- .../sun/crypto/provider/PBKDF2KeyImpl.java | 40 ++++++++++--- .../provider/TlsMasterSecretGenerator.java | 26 +++++++-- .../com/sun/security/auth/LdapPrincipal.java | 31 +++++++++- .../sun/security/auth/NTDomainPrincipal.java | 29 ++++++++-- .../classes/com/sun/security/auth/NTSid.java | 38 ++++++++++-- .../sun/security/auth/NTUserPrincipal.java | 30 ++++++++-- .../auth/UnixNumericGroupPrincipal.java | 31 ++++++++-- .../auth/UnixNumericUserPrincipal.java | 29 ++++++++-- .../com/sun/security/auth/UnixPrincipal.java | 29 ++++++++-- .../com/sun/security/auth/UserPrincipal.java | 20 ++++++- .../classes/java/security/CodeSigner.java | 15 +++-- .../javax/crypto/spec/SecretKeySpec.java | 26 ++++++++- .../auth/callback/ChoiceCallback.java | 51 ++++++++++++++--- .../auth/callback/ConfirmationCallback.java | 46 ++++++++++----- .../auth/callback/PasswordCallback.java | 26 ++++++++- .../sun/security/ec/ECPrivateKeyImpl.java | 19 +++++- .../sun/security/ec/ECPublicKeyImpl.java | 21 ++++++- .../classes/sun/security/pkcs11/Token.java | 21 ++++++- .../security/provider/DSAPublicKeyImpl.java | 26 +++++++-- .../sun/security/provider/PolicyFile.java | 30 +++++++++- .../sun/security/provider/SecureRandom.java | 54 +++++++++++++++--- .../provider/certpath/X509CertPath.java | 22 +++++-- .../security/rsa/RSAPrivateCrtKeyImpl.java | 21 ++++++- .../sun/security/rsa/RSAPrivateKeyImpl.java | 28 +++++++-- .../sun/security/rsa/RSAPublicKeyImpl.java | 23 +++++++- .../sun/security/x509/X509CertImpl.java | 29 ++++++---- .../sun/security/mscapi/CPrivateKey.java | 23 +++++++- .../sun/security/mscapi/CPublicKey.java | 24 +++++++- jdk/test/java/security/KeyRep/RSA.pre.1.5.key | Bin 1803 -> 0 bytes jdk/test/java/security/KeyRep/SerialOld.java | 14 +++-- 35 files changed, 811 insertions(+), 158 deletions(-) delete mode 100644 jdk/test/java/security/KeyRep/RSA.pre.1.5.key diff --git a/jdk/src/share/classes/com/sun/crypto/provider/DESKey.java b/jdk/src/share/classes/com/sun/crypto/provider/DESKey.java index 90d4b833369..54eafe56c4f 100644 --- a/jdk/src/share/classes/com/sun/crypto/provider/DESKey.java +++ b/jdk/src/share/classes/com/sun/crypto/provider/DESKey.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,8 @@ package com.sun.crypto.provider; +import java.io.IOException; +import java.io.InvalidObjectException; import java.security.MessageDigest; import java.security.KeyRep; import java.security.InvalidKeyException; @@ -40,7 +42,7 @@ final class DESKey implements SecretKey { - static final long serialVersionUID = 7724971015953279128L; + private static final long serialVersionUID = 7724971015953279128L; private byte[] key; @@ -99,7 +101,7 @@ public int hashCode() { for (int i = 1; i < this.key.length; i++) { retval += this.key[i] * i; } - return(retval ^= "des".hashCode()); + return(retval ^ "des".hashCode()); } public boolean equals(Object obj) { @@ -120,14 +122,23 @@ public boolean equals(Object obj) { } /** - * readObject is called to restore the state of this key from - * a stream. + * Restores the state of this object from the stream. + * + * @param s the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded */ private void readObject(java.io.ObjectInputStream s) - throws java.io.IOException, ClassNotFoundException + throws IOException, ClassNotFoundException { s.defaultReadObject(); + if ((key == null) || (key.length != DESKeySpec.DES_KEY_LEN)) { + throw new InvalidObjectException("Wrong key size"); + } key = key.clone(); + + DESKeyGenerator.setParityBit(key, 0); + } /** diff --git a/jdk/src/share/classes/com/sun/crypto/provider/DESedeKey.java b/jdk/src/share/classes/com/sun/crypto/provider/DESedeKey.java index 8f0251d0484..3a6569f28a8 100644 --- a/jdk/src/share/classes/com/sun/crypto/provider/DESedeKey.java +++ b/jdk/src/share/classes/com/sun/crypto/provider/DESedeKey.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,8 @@ package com.sun.crypto.provider; +import java.io.IOException; +import java.io.InvalidObjectException; import java.security.MessageDigest; import java.security.KeyRep; import java.security.InvalidKeyException; @@ -40,7 +42,7 @@ final class DESedeKey implements SecretKey { - static final long serialVersionUID = 2463986565756745178L; + private static final long serialVersionUID = 2463986565756745178L; private byte[] key; @@ -99,7 +101,7 @@ public int hashCode() { for (int i = 1; i < this.key.length; i++) { retval += this.key[i] * i; } - return(retval ^= "desede".hashCode()); + return(retval ^ "desede".hashCode()); } public boolean equals(Object obj) { @@ -121,14 +123,24 @@ public boolean equals(Object obj) { } /** - * readObject is called to restore the state of this key from - * a stream. + * Restores the state of this object from the stream. + * + * @param s the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded */ private void readObject(java.io.ObjectInputStream s) - throws java.io.IOException, ClassNotFoundException + throws IOException, ClassNotFoundException { s.defaultReadObject(); + if ((key == null) || (key.length != DESedeKeySpec.DES_EDE_KEY_LEN)) { + throw new InvalidObjectException("Wrong key size"); + } key = key.clone(); + + DESKeyGenerator.setParityBit(key, 0); + DESKeyGenerator.setParityBit(key, 8); + DESKeyGenerator.setParityBit(key, 16); } /** diff --git a/jdk/src/share/classes/com/sun/crypto/provider/DHPrivateKey.java b/jdk/src/share/classes/com/sun/crypto/provider/DHPrivateKey.java index c87cc1c5d62..e1ea506fdba 100644 --- a/jdk/src/share/classes/com/sun/crypto/provider/DHPrivateKey.java +++ b/jdk/src/share/classes/com/sun/crypto/provider/DHPrivateKey.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -40,15 +40,13 @@ * algorithm. * * @author Jan Luehe - * - * * @see DHPublicKey * @see java.security.KeyAgreement */ final class DHPrivateKey implements PrivateKey, javax.crypto.interfaces.DHPrivateKey, Serializable { - static final long serialVersionUID = 7565477590005668886L; + private static final long serialVersionUID = 7565477590005668886L; // only supported version of PKCS#8 PrivateKeyInfo private static final BigInteger PKCS8_VERSION = BigInteger.ZERO; @@ -63,10 +61,10 @@ final class DHPrivateKey implements PrivateKey, private byte[] encodedKey; // the prime modulus - private BigInteger p; + private final BigInteger p; // the base generator - private BigInteger g; + private final BigInteger g; // the private-value length (optional) private int l; @@ -319,4 +317,27 @@ private Object writeReplace() throws java.io.ObjectStreamException { getFormat(), getEncoded()); } + + /** + * Restores the state of this object from the stream. + *

+ * JDK 1.5+ objects use KeyReps instead. + * + * @param stream the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded + */ + private void readObject(ObjectInputStream stream) + throws IOException, ClassNotFoundException { + stream.defaultReadObject(); + if ((key == null) || (key.length == 0)) { + throw new InvalidObjectException("key not deserializable"); + } + this.key = key.clone(); + if ((encodedKey == null) || (encodedKey.length == 0)) { + throw new InvalidObjectException( + "encoded key not deserializable"); + } + this.encodedKey = encodedKey.clone(); + } } diff --git a/jdk/src/share/classes/com/sun/crypto/provider/DHPublicKey.java b/jdk/src/share/classes/com/sun/crypto/provider/DHPublicKey.java index 7293c945768..4e7d0f03ca0 100644 --- a/jdk/src/share/classes/com/sun/crypto/provider/DHPublicKey.java +++ b/jdk/src/share/classes/com/sun/crypto/provider/DHPublicKey.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -40,15 +40,13 @@ * A public key in X.509 format for the Diffie-Hellman key agreement algorithm. * * @author Jan Luehe - * - * * @see DHPrivateKey * @see java.security.KeyAgreement */ final class DHPublicKey implements PublicKey, javax.crypto.interfaces.DHPublicKey, Serializable { - static final long serialVersionUID = 7647557958927458271L; + private static final long serialVersionUID = 7647557958927458271L; // the public key private BigInteger y; @@ -60,10 +58,10 @@ final class DHPublicKey implements PublicKey, private byte[] encodedKey; // the prime modulus - private BigInteger p; + private final BigInteger p; // the base generator - private BigInteger g; + private final BigInteger g; // the private-value length (optional) private int l; @@ -320,4 +318,27 @@ private Object writeReplace() throws java.io.ObjectStreamException { getFormat(), getEncoded()); } + + /** + * Restores the state of this object from the stream. + *

+ * JDK 1.5+ objects use KeyReps instead. + * + * @param stream the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded + */ + private void readObject(ObjectInputStream stream) + throws IOException, ClassNotFoundException { + stream.defaultReadObject(); + if ((key == null) || (key.length == 0)) { + throw new InvalidObjectException("key not deserializable"); + } + this.key = key.clone(); + if ((encodedKey == null) || (encodedKey.length == 0)) { + throw new InvalidObjectException( + "encoded key not deserializable"); + } + this.encodedKey = encodedKey.clone(); + } } diff --git a/jdk/src/share/classes/com/sun/crypto/provider/PBEKey.java b/jdk/src/share/classes/com/sun/crypto/provider/PBEKey.java index 7fb66e5597f..69c9d00e584 100644 --- a/jdk/src/share/classes/com/sun/crypto/provider/PBEKey.java +++ b/jdk/src/share/classes/com/sun/crypto/provider/PBEKey.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,8 @@ package com.sun.crypto.provider; +import java.io.IOException; +import java.io.InvalidObjectException; import java.security.MessageDigest; import java.security.KeyRep; import java.security.spec.InvalidKeySpecException; @@ -41,11 +43,11 @@ */ final class PBEKey implements SecretKey { - static final long serialVersionUID = -2234768909660948176L; + private static final long serialVersionUID = -2234768909660948176L; private byte[] key; - private String type; + private final String type; /** * Creates a PBE key from a given PBE key specification. @@ -94,7 +96,7 @@ public int hashCode() { for (int i = 1; i < this.key.length; i++) { retval += this.key[i] * i; } - return(retval ^= getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode()); + return(retval ^ getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode()); } public boolean equals(Object obj) { @@ -128,14 +130,32 @@ public void destroy() { } /** - * readObject is called to restore the state of this key from - * a stream. + * Restores the state of this object from the stream. + * + * @param s the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded */ private void readObject(java.io.ObjectInputStream s) - throws java.io.IOException, ClassNotFoundException + throws IOException, ClassNotFoundException { s.defaultReadObject(); + if (key == null) { + throw new InvalidObjectException( + "PBEKey couldn't be deserialized"); + } key = key.clone(); + + // Accept "\0" to signify "zero-length password with no terminator". + if (!(key.length == 1 && key[0] == 0)) { + for (int i = 0; i < key.length; i++) { + if ((key[i] < '\u0020') || (key[i] > '\u007E')) { + throw new InvalidObjectException( + "PBEKey had non-ASCII chars"); + } + } + } + } diff --git a/jdk/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java b/jdk/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java index 506cc731bea..a039c2e77a0 100644 --- a/jdk/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java +++ b/jdk/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java @@ -25,7 +25,7 @@ package com.sun.crypto.provider; -import java.io.ObjectStreamException; +import java.io.*; import java.nio.ByteBuffer; import java.nio.CharBuffer; import java.nio.charset.Charset; @@ -52,14 +52,14 @@ */ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey { - static final long serialVersionUID = -2234868909660948157L; + private static final long serialVersionUID = -2234868909660948157L; private char[] passwd; - private byte[] salt; - private int iterCount; + private final byte[] salt; + private final int iterCount; private byte[] key; - private Mac prf; + private final Mac prf; private static byte[] getPasswordBytes(char[] passwd) { Charset utf8 = Charset.forName("UTF-8"); @@ -131,12 +131,13 @@ private static byte[] deriveKey(final Mac prf, final byte[] password, int intR = keyLength - (intL - 1)*hlen; // residue byte[] ui = new byte[hlen]; byte[] ti = new byte[hlen]; + String algName = prf.getAlgorithm(); // SecretKeySpec cannot be used, since password can be empty here. SecretKey macKey = new SecretKey() { private static final long serialVersionUID = 7874493593505141603L; @Override public String getAlgorithm() { - return prf.getAlgorithm(); + return algName; } @Override public String getFormat() { @@ -149,18 +150,26 @@ public byte[] getEncoded() { @Override public int hashCode() { return Arrays.hashCode(password) * 41 + - prf.getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode(); + algName.toLowerCase(Locale.ENGLISH).hashCode(); } @Override public boolean equals(Object obj) { if (this == obj) return true; if (this.getClass() != obj.getClass()) return false; SecretKey sk = (SecretKey)obj; - return prf.getAlgorithm().equalsIgnoreCase( + return algName.equalsIgnoreCase( sk.getAlgorithm()) && MessageDigest.isEqual(password, sk.getEncoded()); } + // This derived key can't be deserialized. + private void readObject(ObjectInputStream stream) + throws IOException, ClassNotFoundException { + throw new InvalidObjectException( + "PBKDF2KeyImpl SecretKeys are not " + + "directly deserializable"); + } }; + prf.init(macKey); byte[] ibytes = new byte[4]; @@ -282,4 +291,19 @@ protected void finalize() throws Throwable { super.finalize(); } } + + /** + * Restores the state of this object from the stream. + *

+ * Deserialization of this class is not supported. + * + * @param stream the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded + */ + private void readObject(ObjectInputStream stream) + throws IOException, ClassNotFoundException { + throw new InvalidObjectException( + "PBKDF2KeyImpl keys are not directly deserializable"); + } } diff --git a/jdk/src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java b/jdk/src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java index 9a6308f3446..ac6cc2ecf88 100644 --- a/jdk/src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java +++ b/jdk/src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,9 @@ package com.sun.crypto.provider; +import java.io.IOException; +import java.io.InvalidObjectException; +import java.io.ObjectInputStream; import java.security.*; import java.security.spec.AlgorithmParameterSpec; @@ -59,11 +62,11 @@ protected void engineInit(SecureRandom random) { protected void engineInit(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException { - if (params instanceof TlsMasterSecretParameterSpec == false) { + if (!(params instanceof TlsMasterSecretParameterSpec)) { throw new InvalidAlgorithmParameterException(MSG); } this.spec = (TlsMasterSecretParameterSpec)params; - if ("RAW".equals(spec.getPremasterSecret().getFormat()) == false) { + if (!"RAW".equals(spec.getPremasterSecret().getFormat())) { throw new InvalidAlgorithmParameterException( "Key format must be RAW"); } @@ -182,6 +185,21 @@ public byte[] getEncoded() { return key.clone(); } - } + /** + * Restores the state of this object from the stream. + * + * @param stream the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded + */ + private void readObject(ObjectInputStream stream) + throws IOException, ClassNotFoundException { + stream.defaultReadObject(); + if ((key == null) || (key.length == 0)) { + throw new InvalidObjectException("TlsMasterSecretKey is null"); + } + key = key.clone(); + } + } } diff --git a/jdk/src/share/classes/com/sun/security/auth/LdapPrincipal.java b/jdk/src/share/classes/com/sun/security/auth/LdapPrincipal.java index 6a324eeaccc..7d1380feba9 100644 --- a/jdk/src/share/classes/com/sun/security/auth/LdapPrincipal.java +++ b/jdk/src/share/classes/com/sun/security/auth/LdapPrincipal.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,9 @@ package com.sun.security.auth; +import java.io.IOException; +import java.io.InvalidObjectException; +import java.io.ObjectInputStream; import java.security.Principal; import javax.naming.InvalidNameException; import javax.naming.ldap.LdapName; @@ -136,4 +139,30 @@ public String toString() { private LdapName getLdapName(String name) throws InvalidNameException { return new LdapName(name); } + + /** + * Restores the state of this object from the stream. + * + * @param stream the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded + */ + private void readObject(ObjectInputStream stream) + throws IOException, ClassNotFoundException { + stream.defaultReadObject(); + if ((name == null) || (nameString == null)) { + throw new InvalidObjectException( + "null name/nameString is illegal"); + } + try { + if (!name.equals(getLdapName(nameString))) { + throw new InvalidObjectException("Inconsistent names"); + } + } catch (InvalidNameException e) { + InvalidObjectException nse = new InvalidObjectException( + "Invalid Name"); + nse.initCause(e); + throw nse; + } + } } diff --git a/jdk/src/share/classes/com/sun/security/auth/NTDomainPrincipal.java b/jdk/src/share/classes/com/sun/security/auth/NTDomainPrincipal.java index eb7730cd5ad..c1e8361d656 100644 --- a/jdk/src/share/classes/com/sun/security/auth/NTDomainPrincipal.java +++ b/jdk/src/share/classes/com/sun/security/auth/NTDomainPrincipal.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,9 @@ package com.sun.security.auth; +import java.io.IOException; +import java.io.InvalidObjectException; +import java.io.ObjectInputStream; import java.security.Principal; /** @@ -131,9 +134,7 @@ public boolean equals(Object o) { return false; NTDomainPrincipal that = (NTDomainPrincipal)o; - if (name.equals(that.getName())) - return true; - return false; + return name.equals(that.getName()); } /** @@ -146,4 +147,24 @@ public boolean equals(Object o) { public int hashCode() { return this.getName().hashCode(); } + + /** + * Restores the state of this object from the stream. + * + * @param stream the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded + */ + private void readObject(ObjectInputStream stream) + throws IOException, ClassNotFoundException { + stream.defaultReadObject(); + if (name == null) { + java.text.MessageFormat form = new java.text.MessageFormat + (sun.security.util.ResourcesMgr.getString + ("invalid.null.input.value", + "sun.security.util.AuthResources")); + Object[] source = {"name"}; + throw new InvalidObjectException(form.format(source)); + } + } } diff --git a/jdk/src/share/classes/com/sun/security/auth/NTSid.java b/jdk/src/share/classes/com/sun/security/auth/NTSid.java index 28b40b9302f..d5e063a7141 100644 --- a/jdk/src/share/classes/com/sun/security/auth/NTSid.java +++ b/jdk/src/share/classes/com/sun/security/auth/NTSid.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,9 @@ package com.sun.security.auth; +import java.io.IOException; +import java.io.InvalidObjectException; +import java.io.ObjectInputStream; import java.security.Principal; /** @@ -85,7 +88,7 @@ public NTSid (String stringSid) { ("Invalid.NTSid.value", "sun.security.util.AuthResources")); } - sid = new String(stringSid); + sid = stringSid; } /** @@ -140,10 +143,7 @@ public boolean equals(Object o) { return false; NTSid that = (NTSid)o; - if (sid.equals(that.sid)) { - return true; - } - return false; + return sid.equals(that.sid); } /** @@ -156,4 +156,30 @@ public boolean equals(Object o) { public int hashCode() { return sid.hashCode(); } + + /** + * Restores the state of this object from the stream. + * + * @param stream the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded + */ + private void readObject(ObjectInputStream stream) + throws IOException, ClassNotFoundException { + stream.defaultReadObject(); + if (sid == null) { + java.text.MessageFormat form = new java.text.MessageFormat + (sun.security.util.ResourcesMgr.getString + ("invalid.null.input.value", + "sun.security.util.AuthResources")); + Object[] source = {"stringSid"}; + throw new InvalidObjectException(form.format(source)); + } + if (sid.length() == 0) { + throw new InvalidObjectException + (sun.security.util.ResourcesMgr.getString + ("Invalid.NTSid.value", + "sun.security.util.AuthResources")); + } + } } diff --git a/jdk/src/share/classes/com/sun/security/auth/NTUserPrincipal.java b/jdk/src/share/classes/com/sun/security/auth/NTUserPrincipal.java index 91be069aa10..78015fa8609 100644 --- a/jdk/src/share/classes/com/sun/security/auth/NTUserPrincipal.java +++ b/jdk/src/share/classes/com/sun/security/auth/NTUserPrincipal.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,9 @@ package com.sun.security.auth; +import java.io.IOException; +import java.io.InvalidObjectException; +import java.io.ObjectInputStream; import java.security.Principal; /** @@ -125,9 +128,7 @@ public boolean equals(Object o) { return false; NTUserPrincipal that = (NTUserPrincipal)o; - if (name.equals(that.getName())) - return true; - return false; + return name.equals(that.getName()); } /** @@ -140,4 +141,25 @@ public boolean equals(Object o) { public int hashCode() { return this.getName().hashCode(); } + + + /** + * Restores the state of this object from the stream. + * + * @param stream the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded + */ + private void readObject(ObjectInputStream stream) + throws IOException, ClassNotFoundException { + stream.defaultReadObject(); + if (name == null) { + java.text.MessageFormat form = new java.text.MessageFormat + (sun.security.util.ResourcesMgr.getString + ("invalid.null.input.value", + "sun.security.util.AuthResources")); + Object[] source = {"name"}; + throw new InvalidObjectException(form.format(source)); + } + } } diff --git a/jdk/src/share/classes/com/sun/security/auth/UnixNumericGroupPrincipal.java b/jdk/src/share/classes/com/sun/security/auth/UnixNumericGroupPrincipal.java index db5775ab329..046d75f23da 100644 --- a/jdk/src/share/classes/com/sun/security/auth/UnixNumericGroupPrincipal.java +++ b/jdk/src/share/classes/com/sun/security/auth/UnixNumericGroupPrincipal.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,9 @@ package com.sun.security.auth; +import java.io.IOException; +import java.io.InvalidObjectException; +import java.io.ObjectInputStream; import java.security.Principal; /** @@ -201,10 +204,8 @@ public boolean equals(Object o) { return false; UnixNumericGroupPrincipal that = (UnixNumericGroupPrincipal)o; - if (this.getName().equals(that.getName()) && - this.isPrimaryGroup() == that.isPrimaryGroup()) - return true; - return false; + return this.getName().equals(that.getName()) && + this.isPrimaryGroup() == that.isPrimaryGroup(); } /** @@ -217,4 +218,24 @@ public boolean equals(Object o) { public int hashCode() { return toString().hashCode(); } + + /** + * Restores the state of this object from the stream. + * + * @param stream the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded + */ + private void readObject(ObjectInputStream stream) + throws IOException, ClassNotFoundException { + stream.defaultReadObject(); + if (name == null) { + java.text.MessageFormat form = new java.text.MessageFormat + (sun.security.util.ResourcesMgr.getString + ("invalid.null.input.value", + "sun.security.util.AuthResources")); + Object[] source = {"name"}; + throw new InvalidObjectException(form.format(source)); + } + } } diff --git a/jdk/src/share/classes/com/sun/security/auth/UnixNumericUserPrincipal.java b/jdk/src/share/classes/com/sun/security/auth/UnixNumericUserPrincipal.java index c6dfd7eaf1b..b8a8633d3cc 100644 --- a/jdk/src/share/classes/com/sun/security/auth/UnixNumericUserPrincipal.java +++ b/jdk/src/share/classes/com/sun/security/auth/UnixNumericUserPrincipal.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,9 @@ package com.sun.security.auth; +import java.io.IOException; +import java.io.InvalidObjectException; +import java.io.ObjectInputStream; import java.security.Principal; /** @@ -161,9 +164,7 @@ public boolean equals(Object o) { return false; UnixNumericUserPrincipal that = (UnixNumericUserPrincipal)o; - if (this.getName().equals(that.getName())) - return true; - return false; + return this.getName().equals(that.getName()); } /** @@ -176,4 +177,24 @@ public boolean equals(Object o) { public int hashCode() { return name.hashCode(); } + + /** + * Restores the state of this object from the stream. + * + * @param stream the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded + */ + private void readObject(ObjectInputStream stream) + throws IOException, ClassNotFoundException { + stream.defaultReadObject(); + if (name == null) { + java.text.MessageFormat form = new java.text.MessageFormat + (sun.security.util.ResourcesMgr.getString + ("invalid.null.input.value", + "sun.security.util.AuthResources")); + Object[] source = {"name"}; + throw new InvalidObjectException(form.format(source)); + } + } } diff --git a/jdk/src/share/classes/com/sun/security/auth/UnixPrincipal.java b/jdk/src/share/classes/com/sun/security/auth/UnixPrincipal.java index 4aefaf9b7f2..de7af16db05 100644 --- a/jdk/src/share/classes/com/sun/security/auth/UnixPrincipal.java +++ b/jdk/src/share/classes/com/sun/security/auth/UnixPrincipal.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,9 @@ package com.sun.security.auth; +import java.io.IOException; +import java.io.InvalidObjectException; +import java.io.ObjectInputStream; import java.security.Principal; /** @@ -126,9 +129,7 @@ public boolean equals(Object o) { return false; UnixPrincipal that = (UnixPrincipal)o; - if (this.getName().equals(that.getName())) - return true; - return false; + return this.getName().equals(that.getName()); } /** @@ -141,4 +142,24 @@ public boolean equals(Object o) { public int hashCode() { return name.hashCode(); } + + /** + * Restores the state of this object from the stream. + * + * @param stream the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded + */ + private void readObject(ObjectInputStream stream) + throws IOException, ClassNotFoundException { + stream.defaultReadObject(); + if (name == null) { + java.text.MessageFormat form = new java.text.MessageFormat + (sun.security.util.ResourcesMgr.getString + ("invalid.null.input.value", + "sun.security.util.AuthResources")); + Object[] source = {"name"}; + throw new InvalidObjectException(form.format(source)); + } + } } diff --git a/jdk/src/share/classes/com/sun/security/auth/UserPrincipal.java b/jdk/src/share/classes/com/sun/security/auth/UserPrincipal.java index f4e7555ab1a..2d39ca5621f 100644 --- a/jdk/src/share/classes/com/sun/security/auth/UserPrincipal.java +++ b/jdk/src/share/classes/com/sun/security/auth/UserPrincipal.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,9 @@ package com.sun.security.auth; +import java.io.IOException; +import java.io.InvalidObjectException; +import java.io.ObjectInputStream; import java.security.Principal; /** @@ -110,4 +113,19 @@ public String getName() { public String toString() { return name; } + + /** + * Restores the state of this object from the stream. + * + * @param stream the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded + */ + private void readObject(ObjectInputStream stream) + throws IOException, ClassNotFoundException { + stream.defaultReadObject(); + if (name == null) { + throw new InvalidObjectException("null name is illegal"); + } + } } diff --git a/jdk/src/share/classes/java/security/CodeSigner.java b/jdk/src/share/classes/java/security/CodeSigner.java index 37c12b153b3..67240408757 100644 --- a/jdk/src/share/classes/java/security/CodeSigner.java +++ b/jdk/src/share/classes/java/security/CodeSigner.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -156,9 +156,9 @@ public boolean equals(Object obj) { public String toString() { StringBuffer sb = new StringBuffer(); sb.append("("); - sb.append("Signer: " + signerCertPath.getCertificates().get(0)); + sb.append("Signer: ").append(signerCertPath.getCertificates().get(0)); if (timestamp != null) { - sb.append("timestamp: " + timestamp); + sb.append("timestamp: ").append(timestamp); } sb.append(")"); return sb.toString(); @@ -166,8 +166,11 @@ public String toString() { // Explicitly reset hash code value to -1 private void readObject(ObjectInputStream ois) - throws IOException, ClassNotFoundException { - ois.defaultReadObject(); - myhash = -1; + throws IOException, ClassNotFoundException { + ois.defaultReadObject(); + if (signerCertPath == null) { + throw new InvalidObjectException("signerCertPath is null"); + } + myhash = -1; } } diff --git a/jdk/src/share/classes/javax/crypto/spec/SecretKeySpec.java b/jdk/src/share/classes/javax/crypto/spec/SecretKeySpec.java index c97e4a5348a..b97bc68cca9 100644 --- a/jdk/src/share/classes/javax/crypto/spec/SecretKeySpec.java +++ b/jdk/src/share/classes/javax/crypto/spec/SecretKeySpec.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,9 @@ package javax.crypto.spec; +import java.io.IOException; +import java.io.InvalidObjectException; +import java.io.ObjectInputStream; import java.security.MessageDigest; import java.security.spec.KeySpec; import java.util.Locale; @@ -234,4 +237,25 @@ public boolean equals(Object obj) { return MessageDigest.isEqual(this.key, thatKey); } + + /** + * Restores the state of this object from the stream. + * + * @param stream the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded + */ + private void readObject(ObjectInputStream stream) + throws IOException, ClassNotFoundException { + stream.defaultReadObject(); + + if (key == null || algorithm == null) { + throw new InvalidObjectException("Missing argument"); + } + + this.key = key.clone(); + if (key.length == 0) { + throw new InvalidObjectException("Invalid key length"); + } + } } diff --git a/jdk/src/share/classes/javax/security/auth/callback/ChoiceCallback.java b/jdk/src/share/classes/javax/security/auth/callback/ChoiceCallback.java index 3887f0953de..4310e25dd7a 100644 --- a/jdk/src/share/classes/javax/security/auth/callback/ChoiceCallback.java +++ b/jdk/src/share/classes/javax/security/auth/callback/ChoiceCallback.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,10 @@ package javax.security.auth.callback; +import java.io.IOException; +import java.io.InvalidObjectException; +import java.io.ObjectInputStream; + /** *

Underlying security services instantiate and pass a * {@code ChoiceCallback} to the {@code handle} @@ -46,7 +50,7 @@ public class ChoiceCallback implements Callback, java.io.Serializable { * @serial the list of choices * @since 1.4 */ - private final String[] choices; + private String[] choices; /** * @serial the choice to be used as the default choice * @since 1.4 @@ -103,15 +107,15 @@ public ChoiceCallback(String prompt, String[] choices, defaultChoice < 0 || defaultChoice >= choices.length) throw new IllegalArgumentException(); + this.prompt = prompt; + this.defaultChoice = defaultChoice; + this.multipleSelectionsAllowed = multipleSelectionsAllowed; + + this.choices = choices.clone(); for (int i = 0; i < choices.length; i++) { if (choices[i] == null || choices[i].length() == 0) throw new IllegalArgumentException(); } - - this.prompt = prompt; - this.choices = choices.clone(); - this.defaultChoice = defaultChoice; - this.multipleSelectionsAllowed = multipleSelectionsAllowed; } /** @@ -208,4 +212,37 @@ public void setSelectedIndexes(int[] selections) { public int[] getSelectedIndexes() { return selections == null ? null : selections.clone(); } + + /** + * Restores the state of this object from the stream. + * + * @param stream the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded + */ + private void readObject(ObjectInputStream stream) + throws IOException, ClassNotFoundException { + stream.defaultReadObject(); + + if ((prompt == null) || prompt.isEmpty() || + (choices == null) || (choices.length == 0) || + (defaultChoice < 0) || (defaultChoice >= choices.length)) { + throw new InvalidObjectException( + "Missing/invalid prompt/choices"); + } + + choices = choices.clone(); + for (int i = 0; i < choices.length; i++) { + if ((choices[i] == null) || choices[i].isEmpty()) + throw new InvalidObjectException("Null/empty choices"); + } + + if (selections != null) { + selections = selections.clone(); + if (!multipleSelectionsAllowed && (selections.length != 1)) { + throw new InvalidObjectException( + "Multiple selections not allowed"); + } + } + } } diff --git a/jdk/src/share/classes/javax/security/auth/callback/ConfirmationCallback.java b/jdk/src/share/classes/javax/security/auth/callback/ConfirmationCallback.java index 005ff6333fe..f6149e45c57 100644 --- a/jdk/src/share/classes/javax/security/auth/callback/ConfirmationCallback.java +++ b/jdk/src/share/classes/javax/security/auth/callback/ConfirmationCallback.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,9 @@ package javax.security.auth.callback; +import java.io.IOException; +import java.io.ObjectInputStream; + /** *

Underlying security services instantiate and pass a * {@code ConfirmationCallback} to the {@code handle} @@ -145,7 +148,7 @@ public class ConfirmationCallback implements Callback, java.io.Serializable { * @serial * @since 1.4 */ - private final String[] options; + private String[] options; /** * @serial * @since 1.4 @@ -253,16 +256,16 @@ public ConfirmationCallback(int messageType, defaultOption < 0 || defaultOption >= options.length) throw new IllegalArgumentException(); - for (int i = 0; i < options.length; i++) { - if (options[i] == null || options[i].length() == 0) - throw new IllegalArgumentException(); - } - this.prompt = null; this.messageType = messageType; this.optionType = UNSPECIFIED_OPTION; - this.options = options.clone(); this.defaultOption = defaultOption; + + this.options = options.clone(); + for (int i = 0; i < options.length; i++) { + if (options[i] == null || options[i].length() == 0) + throw new IllegalArgumentException(); + } } /** @@ -376,16 +379,16 @@ public ConfirmationCallback(String prompt, int messageType, defaultOption < 0 || defaultOption >= options.length) throw new IllegalArgumentException(); - for (int i = 0; i < options.length; i++) { - if (options[i] == null || options[i].length() == 0) - throw new IllegalArgumentException(); - } - this.prompt = prompt; this.messageType = messageType; this.optionType = UNSPECIFIED_OPTION; - this.options = options.clone(); this.defaultOption = defaultOption; + + this.options = options.clone(); + for (int i = 0; i < options.length; i++) { + if (options[i] == null || options[i].length() == 0) + throw new IllegalArgumentException(); + } } /** @@ -505,4 +508,19 @@ public void setSelectedIndex(int selection) { public int getSelectedIndex() { return selection; } + + /** + * Restores the state of this object from the stream. + * + * @param stream the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded + */ + private void readObject(ObjectInputStream stream) + throws IOException, ClassNotFoundException { + stream.defaultReadObject(); + if (options != null) { + options = options.clone(); + } + } } diff --git a/jdk/src/share/classes/javax/security/auth/callback/PasswordCallback.java b/jdk/src/share/classes/javax/security/auth/callback/PasswordCallback.java index 0578be39c49..6333804d862 100644 --- a/jdk/src/share/classes/javax/security/auth/callback/PasswordCallback.java +++ b/jdk/src/share/classes/javax/security/auth/callback/PasswordCallback.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,9 @@ package javax.security.auth.callback; +import java.io.IOException; +import java.io.InvalidObjectException; +import java.io.ObjectInputStream; import java.util.Arrays; import sun.misc.Cleaner; @@ -165,4 +168,25 @@ private static Runnable cleanerFor(char[] password) { }; } + /** + * Restores the state of this object from the stream. + * + * @param stream the {@code ObjectInputStream} from which data is read + * @throws IOException if an I/O error occurs + * @throws ClassNotFoundException if a serialized class cannot be loaded + */ + private void readObject(ObjectInputStream stream) + throws IOException, ClassNotFoundException { + stream.defaultReadObject(); + + if (prompt == null || prompt.isEmpty()) { + throw new InvalidObjectException("Missing prompt"); + } + + if (inputPassword != null) { + inputPassword = inputPassword.clone(); + cleaner = Cleaner.create(this, cleanerFor(inputPassword)); + } + } + } diff --git a/jdk/src/share/classes/sun/security/ec/ECPrivateKeyImpl.java b/jdk/src/share/classes/sun/security/ec/ECPrivateKeyImpl.java index e423850cc38..3f5bda39b8c 100644 --- a/jdk/src/share/classes/sun/security/ec/ECPrivateKeyImpl.java +++ b/jdk/src/share/classes/sun/security/ec/ECPrivateKeyImpl.java @@ -26,6 +26,8 @@ package sun.security.ec; import java.io.IOException; +import java.io.InvalidObjectException; +import java.io.ObjectInputStream; import java.math.BigInteger; import java.security.*; @@ -43,7 +45,7 @@ /** * Key implementation for EC private keys. - * + *

* ASN.1 syntax for EC private keys from SEC 1 v1.5 (draft): * * 

@@ -213,4 +215,19 @@ protected void parseKeyBits() throws InvalidKeyException {
             throw new InvalidKeyException("Invalid EC private key", e);
         }
     }
+
+    /**
+     * Restores the state of this object from the stream.
+     * 

+     * Deserialization of this object is not supported.
+     *
+     * @param  stream the {@code ObjectInputStream} from which data is read
+     * @throws IOException if an I/O error occurs
+     * @throws ClassNotFoundException if a serialized class cannot be loaded
+     */
+    private void readObject(ObjectInputStream stream)
+            throws IOException, ClassNotFoundException {
+        throw new InvalidObjectException(
+                "ECPrivateKeyImpl keys are not directly deserializable");
+    }
 }
diff --git a/jdk/src/share/classes/sun/security/ec/ECPublicKeyImpl.java b/jdk/src/share/classes/sun/security/ec/ECPublicKeyImpl.java
index f17d52c46b7..6da122fe620 100644
--- a/jdk/src/share/classes/sun/security/ec/ECPublicKeyImpl.java
+++ b/jdk/src/share/classes/sun/security/ec/ECPublicKeyImpl.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,8 @@
 
 import java.io.IOException;
 
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.security.*;
 import java.security.interfaces.*;
 import java.security.spec.*;
@@ -122,10 +124,25 @@ public String toString() {
             + "\n  parameters: " + params;
     }
 
-    protected Object writeReplace() throws java.io.ObjectStreamException {
+    private Object writeReplace() throws java.io.ObjectStreamException {
         return new KeyRep(KeyRep.Type.PUBLIC,
                         getAlgorithm(),
                         getFormat(),
                         getEncoded());
     }
+
+    /**
+     * Restores the state of this object from the stream.
+     * 

+     * Deserialization of this object is not supported.
+     *
+     * @param  stream the {@code ObjectInputStream} from which data is read
+     * @throws IOException if an I/O error occurs
+     * @throws ClassNotFoundException if a serialized class cannot be loaded
+     */
+    private void readObject(ObjectInputStream stream)
+            throws IOException, ClassNotFoundException {
+        throw new InvalidObjectException(
+                "ECPublicKeyImpl keys are not directly deserializable");
+    }
 }
diff --git a/jdk/src/share/classes/sun/security/pkcs11/Token.java b/jdk/src/share/classes/sun/security/pkcs11/Token.java
index 39d301ae7b8..f9db262b0a1 100644
--- a/jdk/src/share/classes/sun/security/pkcs11/Token.java
+++ b/jdk/src/share/classes/sun/security/pkcs11/Token.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -416,11 +416,26 @@ private synchronized byte[] getTokenId() {
 
     private Object writeReplace() throws ObjectStreamException {
         if (isValid() == false) {
-            throw new NotSerializableException("Token has been removed");
+            throw new InvalidObjectException("Token has been removed");
         }
         return new TokenRep(this);
     }
 
+    /**
+     * Restores the state of this object from the stream.
+     * 

+     * Deserialization of this object is not supported.
+     *
+     * @param  stream the {@code ObjectInputStream} from which data is read
+     * @throws IOException if an I/O error occurs
+     * @throws ClassNotFoundException if a serialized class cannot be loaded
+     */
+    private void readObject(ObjectInputStream stream)
+            throws IOException, ClassNotFoundException {
+        throw new InvalidObjectException(
+                "Tokens are not directly deserializable");
+    }
+
     // serialized representation of a token
     // tokens can only be de-serialized within the same VM invocation
     // and if the token has not been removed in the meantime
@@ -443,7 +458,7 @@ private Object readResolve() throws ObjectStreamException {
                     }
                 }
             }
-            throw new NotSerializableException("Could not find token");
+            throw new InvalidObjectException("Could not find token");
         }
     }
 
diff --git a/jdk/src/share/classes/sun/security/provider/DSAPublicKeyImpl.java b/jdk/src/share/classes/sun/security/provider/DSAPublicKeyImpl.java
index 7ccc1c0239f..a97a901f87f 100644
--- a/jdk/src/share/classes/sun/security/provider/DSAPublicKeyImpl.java
+++ b/jdk/src/share/classes/sun/security/provider/DSAPublicKeyImpl.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,17 +25,20 @@
 
 package sun.security.provider;
 
+import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.math.BigInteger;
 import java.security.KeyRep;
 import java.security.InvalidKeyException;
 
 /**
  * An X.509 public key for the Digital Signature Algorithm.
- *
+ * 

  * The difference between DSAPublicKeyImpl and DSAPublicKey is that
  * DSAPublicKeyImpl calls writeReplace with KeyRep, and DSAPublicKey
  * calls writeObject.
- *
+ * 

  * See the comments in DSAKeyFactory, 4532506, and 6232513.
  *
  */
@@ -70,10 +73,25 @@ public DSAPublicKeyImpl(byte[] encoded) throws InvalidKeyException {
         super(encoded);
     }
 
-    protected Object writeReplace() throws java.io.ObjectStreamException {
+    private Object writeReplace() throws java.io.ObjectStreamException {
         return new KeyRep(KeyRep.Type.PUBLIC,
                         getAlgorithm(),
                         getFormat(),
                         getEncoded());
     }
+
+    /**
+     * Restores the state of this object from the stream.
+     * 

+     * Deserialization of this object is not supported.
+     *
+     * @param  stream the {@code ObjectInputStream} from which data is read
+     * @throws IOException if an I/O error occurs
+     * @throws ClassNotFoundException if a serialized class cannot be loaded
+     */
+    private void readObject(ObjectInputStream stream)
+            throws IOException, ClassNotFoundException {
+        throw new InvalidObjectException(
+                "DSAPublicKeyImpl keys are not directly deserializable");
+    }
 }
diff --git a/jdk/src/share/classes/sun/security/provider/PolicyFile.java b/jdk/src/share/classes/sun/security/provider/PolicyFile.java
index 097451da742..a980277883a 100644
--- a/jdk/src/share/classes/sun/security/provider/PolicyFile.java
+++ b/jdk/src/share/classes/sun/security/provider/PolicyFile.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -2214,8 +2214,17 @@ public SelfPermission(String type, String name, String actions,
                 this.actions.equals(that.actions)))
                 return false;
 
-            if (this.certs.length != that.certs.length)
+            if ((this.certs == null) && (that.certs == null)) {
+                return true;
+            }
+
+            if ((this.certs == null) || (that.certs == null)) {
+                return false;
+            }
+
+            if (this.certs.length != that.certs.length) {
                 return false;
+            }
 
             int i,j;
             boolean match;
@@ -2285,7 +2294,7 @@ public String getSelfActions() {
         }
 
         public Certificate[] getCerts() {
-            return certs;
+            return (certs == null ? null : certs.clone());
         }
 
         /**
@@ -2298,6 +2307,21 @@ public Certificate[] getCerts() {
         @Override public String toString() {
             return "(SelfPermission " + type + " " + name + " " + actions + ")";
         }
+
+        /**
+         * Restores the state of this object from the stream.
+         *
+         * @param  stream the {@code ObjectInputStream} from which data is read
+         * @throws IOException if an I/O error occurs
+         * @throws ClassNotFoundException if a serialized class cannot be loaded
+         */
+        private void readObject(ObjectInputStream stream)
+                throws IOException, ClassNotFoundException {
+            stream.defaultReadObject();
+            if (certs != null) {
+                this.certs = certs.clone();
+            }
+        }
     }
 
     /**
diff --git a/jdk/src/share/classes/sun/security/provider/SecureRandom.java b/jdk/src/share/classes/sun/security/provider/SecureRandom.java
index 4f7d7c3aad6..5ffc81b16ff 100644
--- a/jdk/src/share/classes/sun/security/provider/SecureRandom.java
+++ b/jdk/src/share/classes/sun/security/provider/SecureRandom.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
 package sun.security.provider;
 
 import java.io.IOException;
+import java.io.InvalidObjectException;
 import java.security.MessageDigest;
 import java.security.SecureRandomSpi;
 import java.security.NoSuchAlgorithmException;
@@ -186,7 +187,7 @@ private static void updateState(byte[] state, byte[] output) {
     /**
      * This static object will be seeded by SeedGenerator, and used
      * to seed future instances of SHA1PRNG SecureRandoms.
-     *
+     * 

      * Bloch, Effective Java Second Edition: Item 71
      */
     private static class SeederHolder {
@@ -261,17 +262,23 @@ public synchronized void engineNextBytes(byte[] result) {
     }
 
     /*
-     * readObject is called to restore the state of the random object from
-     * a stream.  We have to create a new instance of MessageDigest, because
+     * This method is called to restore the state of the random object from
+     * a stream.
+     * 

+     * We have to create a new instance of {@code MessageDigest}, because
      * it is not included in the stream (it is marked "transient").
-     *
-     * Note that the engineNextBytes() method invoked on the restored random
-     * object will yield the exact same (random) bytes as the original.
+     * 

+     * Note that the {@code engineNextBytes()} method invoked on the restored
+     * random object will yield the exact same (random) bytes as the original.
      * If you do not want this behaviour, you should re-seed the restored
-     * random object, using engineSetSeed().
+     * random object, using {@code engineSetSeed()}.
+     *
+     * @param  s the {@code ObjectInputStream} from which data is read
+     * @throws IOException if an I/O error occurs
+     * @throws ClassNotFoundException if a serialized class cannot be loaded
      */
     private void readObject(java.io.ObjectInputStream s)
-        throws IOException, ClassNotFoundException {
+            throws IOException, ClassNotFoundException {
 
         s.defaultReadObject ();
 
@@ -290,5 +297,34 @@ private void readObject(java.io.ObjectInputStream s)
                     "internal error: SHA-1 not available.", exc);
             }
         }
+
+        // Various consistency checks
+        if ((remainder == null) && (remCount > 0)) {
+            throw new InvalidObjectException(
+                    "Remainder indicated, but no data available");
+        }
+
+        // Not yet allocated state
+        if (state == null) {
+            if (remainder == null) {
+                return;
+            } else {
+                throw new InvalidObjectException(
+                        "Inconsistent buffer allocations");
+            }
+        }
+
+        // Sanity check on sizes/pointer
+        if ((state.length != DIGEST_SIZE) ||
+                ((remainder != null) && (remainder.length != DIGEST_SIZE)) ||
+                (remCount < 0 ) || (remCount >= DIGEST_SIZE)) {
+            throw new InvalidObjectException(
+                    "Inconsistent buffer sizes/state");
+        }
+
+        state = state.clone();
+        if (remainder != null) {
+            remainder = remainder.clone();
+        }
     }
 }
diff --git a/jdk/src/share/classes/sun/security/provider/certpath/X509CertPath.java b/jdk/src/share/classes/sun/security/provider/certpath/X509CertPath.java
index f738b5f5fe0..79cde0d72fd 100644
--- a/jdk/src/share/classes/sun/security/provider/certpath/X509CertPath.java
+++ b/jdk/src/share/classes/sun/security/provider/certpath/X509CertPath.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,10 +25,7 @@
 
 package sun.security.provider.certpath;
 
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
+import java.io.*;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
@@ -394,4 +391,19 @@ public Iterator getEncodings() {
     public List getCertificates() {
         return certs;
     }
+
+    /**
+     * Restores the state of this object from the stream.
+     * 

+     * Deserialization of this object is not supported.
+     *
+     * @param  stream the {@code ObjectInputStream} from which data is read
+     * @throws IOException if an I/O error occurs
+     * @throws ClassNotFoundException if a serialized class cannot be loaded
+     */
+    private void readObject(ObjectInputStream stream)
+            throws IOException, ClassNotFoundException {
+        throw new InvalidObjectException(
+                "X509CertPaths are not directly deserializable");
+    }
 }
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
index b3c1fae9672..4cb407e2508 100644
--- a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
 package sun.security.rsa;
 
 import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.math.BigInteger;
 
 import java.security.*;
@@ -43,7 +45,7 @@
  * RSA private key implementation for "RSA", "RSASSA-PSS" algorithms in CRT form.
  * For non-CRT private keys, see RSAPrivateKeyImpl. We need separate classes
  * to ensure correct behavior in instanceof checks, etc.
- *
+ * 

  * Note: RSA keys must be at least 512 bits long
  *
  * @see RSAPrivateKeyImpl
@@ -291,4 +293,19 @@ protected void parseKeyBits() throws InvalidKeyException {
             throw new InvalidKeyException("Invalid RSA private key", e);
         }
     }
+
+    /**
+     * Restores the state of this object from the stream.
+     * 

+     * Deserialization of this object is not supported.
+     *
+     * @param  stream the {@code ObjectInputStream} from which data is read
+     * @throws IOException if an I/O error occurs
+     * @throws ClassNotFoundException if a serialized class cannot be loaded
+     */
+    private void readObject(ObjectInputStream stream)
+            throws IOException, ClassNotFoundException {
+        throw new InvalidObjectException(
+                "RSAPrivateCrtKeyImpl keys are not directly deserializable");
+    }
 }
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPrivateKeyImpl.java b/jdk/src/share/classes/sun/security/rsa/RSAPrivateKeyImpl.java
index df5abc1bfd0..b443caf91fd 100644
--- a/jdk/src/share/classes/sun/security/rsa/RSAPrivateKeyImpl.java
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPrivateKeyImpl.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
 package sun.security.rsa;
 
 import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.math.BigInteger;
 
 import java.security.*;
@@ -38,10 +40,11 @@
 
 /**
  * RSA private key implementation for "RSA", "RSASSA-PSS" algorithms in non-CRT
- * form (modulus, private exponent only). For CRT private keys, see
- * RSAPrivateCrtKeyImpl. We need separate classes to ensure correct behavior
- * in instanceof checks, etc.
- *
+ * form (modulus, private exponent only).
+ * 

+ * For CRT private keys, see RSAPrivateCrtKeyImpl. We need separate classes
+ * to ensure correct behavior in instanceof checks, etc.
+ * 

  * Note: RSA keys must be at least 512 bits long
  *
  * @see RSAPrivateCrtKeyImpl
@@ -127,4 +130,19 @@ public String toString() {
                + " bits" + "\n  params: " + keyParams + "\n  modulus: " + n
                + "\n  private exponent: " + d;
     }
+
+    /**
+     * Restores the state of this object from the stream.
+     * 

+     * Deserialization of this object is not supported.
+     *
+     * @param  stream the {@code ObjectInputStream} from which data is read
+     * @throws IOException if an I/O error occurs
+     * @throws ClassNotFoundException if a serialized class cannot be loaded
+     */
+    private void readObject(ObjectInputStream stream)
+            throws IOException, ClassNotFoundException {
+        throw new InvalidObjectException(
+                "RSAPrivateKeyImpl keys are not directly deserializable");
+    }
 }
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPublicKeyImpl.java b/jdk/src/share/classes/sun/security/rsa/RSAPublicKeyImpl.java
index ebd035e06a8..279fc19edec 100644
--- a/jdk/src/share/classes/sun/security/rsa/RSAPublicKeyImpl.java
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPublicKeyImpl.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
 package sun.security.rsa;
 
 import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.math.BigInteger;
 
 import java.security.*;
@@ -40,7 +42,7 @@
 
 /**
  * RSA public key implementation for "RSA", "RSASSA-PSS" algorithms.
- *
+ * 

  * Note: RSA keys must be at least 512 bits long
  *
  * @see RSAPrivateCrtKeyImpl
@@ -198,10 +200,25 @@ public String toString() {
                + "\n  public exponent: " + e;
     }
 
-    protected Object writeReplace() throws java.io.ObjectStreamException {
+    private Object writeReplace() throws java.io.ObjectStreamException {
         return new KeyRep(KeyRep.Type.PUBLIC,
                         getAlgorithm(),
                         getFormat(),
                         getEncoded());
     }
+
+    /**
+     * Restores the state of this object from the stream.
+     * 

+     * Deserialization of this object is not supported.
+     *
+     * @param  stream the {@code ObjectInputStream} from which data is read
+     * @throws IOException if an I/O error occurs
+     * @throws ClassNotFoundException if a serialized class cannot be loaded
+     */
+    private void readObject(ObjectInputStream stream)
+            throws IOException, ClassNotFoundException {
+        throw new InvalidObjectException(
+                "RSAPublicKeyImpl keys are not directly deserializable");
+    }
 }
diff --git a/jdk/src/share/classes/sun/security/x509/X509CertImpl.java b/jdk/src/share/classes/sun/security/x509/X509CertImpl.java
index 012bb8cf823..818ae1e2619 100644
--- a/jdk/src/share/classes/sun/security/x509/X509CertImpl.java
+++ b/jdk/src/share/classes/sun/security/x509/X509CertImpl.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,13 +25,7 @@
 
 package sun.security.x509;
 
-import java.io.BufferedReader;
-import java.io.BufferedInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStream;
+import java.io.*;
 import java.math.BigInteger;
 import java.security.*;
 import java.security.spec.AlgorithmParameterSpec;
@@ -679,7 +673,7 @@ public void checkValidity(Date date)
 
     /**
      * Return the requested attribute from the certificate.
-     *
+     * 

      * Note that the X509CertInfo is not cloned for performance reasons.
      * Callers must ensure that they do not modify it. All other
      * attributes are cloned.
@@ -1597,7 +1591,7 @@ private static Collection> makeAltNames(GeneralNames names) {
         for (GeneralName gname : names.names()) {
             GeneralNameInterface name = gname.getName();
             List nameEntry = new ArrayList<>(2);
-            nameEntry.add(Integer.valueOf(name.getType()));
+            nameEntry.add(name.getType());
             switch (name.getType()) {
             case GeneralNameInterface.NAME_RFC822:
                 nameEntry.add(((RFC822Name) name).getName());
@@ -2019,4 +2013,19 @@ private static void byte2hex(byte b, StringBuffer buf) {
         buf.append(hexChars[high]);
         buf.append(hexChars[low]);
     }
+
+    /**
+     * Restores the state of this object from the stream.
+     * 

+     * Deserialization of this object is not supported.
+     *
+     * @param  stream the {@code ObjectInputStream} from which data is read
+     * @throws IOException if an I/O error occurs
+     * @throws ClassNotFoundException if a serialized class cannot be loaded
+     */
+    private void readObject(ObjectInputStream stream)
+            throws IOException, ClassNotFoundException {
+        throw new InvalidObjectException(
+                "X509CertImpls are not directly deserializable");
+    }
 }
diff --git a/jdk/src/windows/classes/sun/security/mscapi/CPrivateKey.java b/jdk/src/windows/classes/sun/security/mscapi/CPrivateKey.java
index 60fb4fb6723..cea2f93ed5f 100644
--- a/jdk/src/windows/classes/sun/security/mscapi/CPrivateKey.java
+++ b/jdk/src/windows/classes/sun/security/mscapi/CPrivateKey.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,9 @@
 
 package sun.security.mscapi;
 
+import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.security.PrivateKey;
 
 /**
@@ -74,6 +77,22 @@ public String toString() {
     // This class is not serializable
     private void writeObject(java.io.ObjectOutputStream out)
             throws java.io.IOException {
-        throw new java.io.NotSerializableException();
+        throw new java.io.InvalidObjectException(
+                "CPrivateKeys are not serializable");
+    }
+
+    /**
+     * Restores the state of this object from the stream.
+     * 

+     * Deserialization of this object is not supported.
+     *
+     * @param  stream the {@code ObjectInputStream} from which data is read
+     * @throws IOException if an I/O error occurs
+     * @throws ClassNotFoundException if a serialized class cannot be loaded
+     */
+    private void readObject(ObjectInputStream stream)
+            throws IOException, ClassNotFoundException {
+        throw new InvalidObjectException(
+                "CPrivateKeys are not deserializable");
     }
 }
diff --git a/jdk/src/windows/classes/sun/security/mscapi/CPublicKey.java b/jdk/src/windows/classes/sun/security/mscapi/CPublicKey.java
index 8a81c5dc327..93c11c8d561 100644
--- a/jdk/src/windows/classes/sun/security/mscapi/CPublicKey.java
+++ b/jdk/src/windows/classes/sun/security/mscapi/CPublicKey.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,9 @@
 
 package sun.security.mscapi;
 
+import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.math.BigInteger;
 import java.security.AlgorithmParameters;
 import java.security.KeyException;
@@ -108,7 +111,7 @@ public ECParameterSpec getParams() {
 
         public String toString() {
             StringBuffer sb = new StringBuffer();
-            sb.append(algorithm + "PublicKey [size=").append(keyLength)
+            sb.append(algorithm).append("PublicKey [size=").append(keyLength)
                     .append("]\n  ECPoint: ").append(getW())
                     .append("\n  params: ").append(getParams());
             return sb.toString();
@@ -127,7 +130,7 @@ public static class CRSAPublicKey extends CPublicKey implements RSAPublicKey {
 
         public String toString() {
             StringBuffer sb = new StringBuffer();
-            sb.append(algorithm + "PublicKey [size=").append(keyLength)
+            sb.append(algorithm).append("PublicKey [size=").append(keyLength)
                     .append(" bits, type=");
             if (handles.hCryptKey != 0) {
                 sb.append(getKeyType(handles.hCryptKey))
@@ -221,6 +224,21 @@ protected Object writeReplace() throws java.io.ObjectStreamException {
                         getEncoded());
     }
 
+    /**
+     * Restores the state of this object from the stream.
+     * 

+     * Deserialization of this object is not supported.
+     *
+     * @param  stream the {@code ObjectInputStream} from which data is read
+     * @throws IOException if an I/O error occurs
+     * @throws ClassNotFoundException if a serialized class cannot be loaded
+     */
+    private void readObject(ObjectInputStream stream)
+            throws IOException, ClassNotFoundException {
+        throw new InvalidObjectException(
+                "CPublicKeys are not deserializable");
+    }
+
     // Returns the CAPI or CNG representation of the key.
     native byte[] getPublicKeyBlob(long hCryptProv, long hCryptKey)
             throws KeyException;
diff --git a/jdk/test/java/security/KeyRep/RSA.pre.1.5.key b/jdk/test/java/security/KeyRep/RSA.pre.1.5.key
deleted file mode 100644
index 0c15a06c9cd1422eeb75657122a85db1111a1485..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1803
zcmZ4UmVvdnh(REy#I0-cTtjYPQX=x=4Vi1#a6H7Amoifus^GZ_FQ;UGs
zGo}x?&x^Zy-moU9WY8S*=Lr)lZoBf_KY1%pc
z^DSY`F;m?Ocug7l4qg1^75AoV`PY8`@CULxJy$8%|Ls^akx7x^tJHI$TV2WAFBM|u
zS}d27tgt$HOtH}0Ejilwl8LwHbfA*u^Ed4JJ@-Nm%X_cCDgS=ld6Blw_nZJvlb-*w
z$0dwQGl5F_zuB4W-?(e8wSV@uh?(m9H-FAv_~S!=Fnd`eN6nA<^-Kz00a34Ry;zu7
zl(Zl>=ZGl7O|t=QFY^sw#b)ln-SJ?~Tg{WX*K6_=H;
zzhn5@>Bjd~Zmj?&GZAp|1|=0eL{jPbGhcqC^>0~b1~yLyj-<>I=ls&V5>EzBAk!x`
zFTEtglR-Ewv#7YlFF&s;wJ6`IvLw~7G}n`XCnvu=wYVfWwZthCsDZ6GGd-^~H=2Pn
zH!(dgv!pZyoRT5u?t5(!@-R
zB?^SnDN%+HN~S~^LMS^BWeB0{07~nMD1{fSNQD)EQBC2DNxBEy>IQme?hZMMa5~sAVHaKL<+LSRQ8(gH|Rodovh#P^&bo09h#rB7^~H
C((W$+

diff --git a/jdk/test/java/security/KeyRep/SerialOld.java b/jdk/test/java/security/KeyRep/SerialOld.java
index 3732609872a..a3792e1e8c4 100644
--- a/jdk/test/java/security/KeyRep/SerialOld.java
+++ b/jdk/test/java/security/KeyRep/SerialOld.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,14 +23,13 @@
 
 /*
  * @test 1.1, 03/08/13
- * @bug 4532506
+ * @bug 4532506 8301126
  * @summary Serializing KeyPair on one VM (Sun),
  *      and Deserializing on another (IBM) fails
  * @run main/othervm/policy=SerialOld.policy SerialOld
  */
 
 import java.io.*;
-import java.security.*;
 
 public class SerialOld {
     public static void main(String[] args) throws Exception {
@@ -40,10 +39,15 @@ public static void main(String[] args) throws Exception {
         deserializeTigerKey("DSA");
         deserializeTigerKey("RSA");
 
-        // verify pre-tiger keys still deserialize in our VM
+        // verify pre-tiger keys still deserialize in our VM.
+
+        // There used to be a RSA test here, but the serialized file contained
+        // classes introduced in JDK 5.0 (sun.security.rsa.RSA*).  The older
+        // RSA keys from JDK 1.4.2 were of class JSA_* which were removed when
+        // sun.security.rsa was introduced.  (See JDK-8301126 for more
+        // details.)  The test/data has been removed.
 
         deserializeKey("DSA");
-        deserializeKey("RSA");
         deserializeKey("DH");
         deserializeKey("AES");
         deserializeKey("Blowfish");

From 47a816eab013aa94237887d401bdbe32073c0afa Mon Sep 17 00:00:00 2001
From: Volker Simonis 
Date: Fri, 1 Sep 2023 14:43:16 +0000
Subject: [PATCH 33/34] 8315135: Memory leak in the native implementation of
 Pack200.Unpacker.unpack()

Reviewed-by: andrew
Backport-of: b77c161e7509aa3b09ebf3e6b2b1490c0667bbdc
---
 .../sun/java/util/jar/pack/NativeUnpack.java  |  2 +-
 .../sun/java/util/jar/pack/UnpackerImpl.java  |  5 ++
 .../native/com/sun/java/util/jar/pack/jni.cpp |  5 +-
 jdk/test/tools/pack200/UnpackMalformed.java   | 55 +++++++++++++++++++
 4 files changed, 65 insertions(+), 2 deletions(-)
 create mode 100644 jdk/test/tools/pack200/UnpackMalformed.java

diff --git a/jdk/src/share/classes/com/sun/java/util/jar/pack/NativeUnpack.java b/jdk/src/share/classes/com/sun/java/util/jar/pack/NativeUnpack.java
index 52864dfb02f..a04b440525a 100644
--- a/jdk/src/share/classes/com/sun/java/util/jar/pack/NativeUnpack.java
+++ b/jdk/src/share/classes/com/sun/java/util/jar/pack/NativeUnpack.java
@@ -60,7 +60,7 @@ class NativeUnpack {
 
     // Resets the engine and frees all resources.
     // Returns total number of bytes consumed by the engine.
-    private synchronized native long finish();
+    synchronized native long finish();
 
     // Setting state in the unpacker.
     protected  synchronized native boolean setOption(String opt, String value);
diff --git a/jdk/src/share/classes/com/sun/java/util/jar/pack/UnpackerImpl.java b/jdk/src/share/classes/com/sun/java/util/jar/pack/UnpackerImpl.java
index 7bc6281fd95..b5028f9d952 100644
--- a/jdk/src/share/classes/com/sun/java/util/jar/pack/UnpackerImpl.java
+++ b/jdk/src/share/classes/com/sun/java/util/jar/pack/UnpackerImpl.java
@@ -139,6 +139,11 @@ public synchronized void unpack(InputStream in, JarOutputStream out) throws IOEx
                 } catch (UnsatisfiedLinkError | NoClassDefFoundError ex) {
                     // failover to java implementation
                     (new DoUnpack()).run(in0, out);
+                } finally {
+                    if (_nunp != null) {
+                       // Free up native memory and JNI handles to prevent leaks
+                       ((NativeUnpack) _nunp).finish();
+                    }
                 }
                 in0.close();
                 Utils.markJarFile(out);
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
index e9109cbec96..5fbc7261fb3 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
@@ -309,9 +309,12 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_getUnusedInput(JNIEnv *env, jobject
 
 JNIEXPORT jlong JNICALL
 Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) {
-  unpacker* uPtr = get_unpacker(env, pObj, false);
+  // There's no need to create a new unpacker here if we don't already have one
+  // just to immediatly free it afterwards.
+  unpacker* uPtr = get_unpacker(env, pObj, /* noCreate= */ true);
   CHECK_EXCEPTION_RETURN_VALUE(uPtr, NULL);
   size_t consumed = uPtr->input_consumed();
+  // free_unpacker() will set the unpacker field on 'pObj' to null
   free_unpacker(env, pObj, uPtr);
   return consumed;
 }
diff --git a/jdk/test/tools/pack200/UnpackMalformed.java b/jdk/test/tools/pack200/UnpackMalformed.java
new file mode 100644
index 00000000000..70a84acdf2e
--- /dev/null
+++ b/jdk/test/tools/pack200/UnpackMalformed.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+
+/*
+ * @test
+ * @bug 8315135
+ * @run main/othervm/timeout=300 -Dcom.sun.java.util.jar.pack.disable.native=false -Xmx8m UnpackMalformed
+ */
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.jar.JarOutputStream;
+import java.util.jar.Pack200;
+
+@SuppressWarnings("removal")
+public class UnpackMalformed {
+    public static void main(String[] args) {
+        try {
+            ByteArrayInputStream in = new ByteArrayInputStream("foobar".getBytes());
+            for (int i=0; i < 1_000; i++) {
+                try {
+                    JarOutputStream out = new JarOutputStream(new ByteArrayOutputStream());
+                    Pack200.Unpacker unpacker = Pack200.newUnpacker();
+                    unpacker.unpack(in, out);
+                } catch (IOException e) {
+                }
+            }
+        } catch (OutOfMemoryError e) {
+            System.out.println(e);
+            throw e;
+        }
+    }
+}

From 9499e54ebbab17b0f5e48be27c0c7f90806a3c40 Mon Sep 17 00:00:00 2001
From: Yuri Nesterenko 
Date: Thu, 28 Sep 2023 11:56:25 +0300
Subject: [PATCH 34/34] 8317040: Exclude cleaner test failing on older releases

Reviewed-by: mbalao, andrew, clanger
---
 jdk/test/ProblemList.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/jdk/test/ProblemList.txt b/jdk/test/ProblemList.txt
index 48c100b0c3e..48e818ec232 100644
--- a/jdk/test/ProblemList.txt
+++ b/jdk/test/ProblemList.txt
@@ -324,6 +324,8 @@ security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java
 
 sun/security/mscapi/SignedObjectChain.java                      8176183 windows-all
 
+javax/security/auth/callback/PasswordCallback/CheckCleanerBound.java 8285785,8286045,8287596 generic-all
+
 ############################################################################
 
 # jdk_sound