Menu
▾
▴
[Jnode-svn-commits] SF.net SVN: jnode:[5948] classlib6/core/src/openjdk
|
From: <ls...@us...> - 2013-02-16 19:08:59
|
Revision: 5948
http://jnode.svn.sourceforge.net/jnode/?rev=5948&view=rev
Author: lsantha
Date: 2013-02-16 19:08:48 +0000 (Sat, 16 Feb 2013)
Log Message:
-----------
Integrating OpenJDK 6 build 27.
Modified Paths:
--------------
classlib6/core/src/openjdk/java/java/beans/XMLDecoder.java
classlib6/core/src/openjdk/java/java/net/URL.java
classlib6/core/src/openjdk/java/java/util/ServiceLoader.java
classlib6/core/src/openjdk/java/java/util/concurrent/Executors.java
classlib6/core/src/openjdk/java/java/util/logging/FileHandler.java
classlib6/core/src/openjdk/java/java/util/logging/Handler.java
classlib6/core/src/openjdk/java/java/util/logging/LogManager.java
classlib6/core/src/openjdk/java/java/util/logging/Logger.java
classlib6/core/src/openjdk/java/java/util/logging/MemoryHandler.java
classlib6/core/src/openjdk/java/java/util/logging/StreamHandler.java
classlib6/core/src/openjdk/javax/javax/management/modelmbean/DescriptorSupport.java
classlib6/core/src/openjdk/javax/javax/management/remote/rmi/RMIConnectionImpl.java
classlib6/core/src/openjdk/javax/javax/swing/text/DefaultFormatter.java
classlib6/core/src/openjdk/sun/sun/misc/Service.java
classlib6/core/src/openjdk/sun/sun/rmi/registry/RegistryImpl.java
classlib6/core/src/openjdk/sun/sun/security/pkcs11/P11Cipher.java
classlib6/core/src/openjdk/sun/sun/security/pkcs11/P11Key.java
classlib6/core/src/openjdk/sun/sun/security/pkcs11/P11RSACipher.java
classlib6/core/src/openjdk/sun/sun/security/pkcs11/P11Signature.java
classlib6/core/src/openjdk/sun/sun/security/provider/SecureRandom.java
classlib6/core/src/openjdk/sun/sun/security/ssl/HandshakeInStream.java
classlib6/core/src/openjdk/sun/sun/security/ssl/Handshaker.java
classlib6/core/src/openjdk/sun/sun/security/ssl/RSAClientKeyExchange.java
classlib6/core/src/openjdk/sun/sun/security/ssl/ServerHandshaker.java
Added Paths:
-----------
classlib6/core/src/openjdk/sun/sun/security/util/KeyLength.java
classlib6/core/src/openjdk/sun/sun/security/util/Length.java
classlib6/core/src/openjdk/sun/sun/text/resources/CollationData_zh_HK.java
classlib6/core/src/openjdk/sun/sun/text/resources/FormatData_zh_HK.java
Modified: classlib6/core/src/openjdk/java/java/beans/XMLDecoder.java
===================================================================
--- classlib6/core/src/openjdk/java/java/beans/XMLDecoder.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/java/java/beans/XMLDecoder.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,10 @@
import java.lang.ref.Reference;
import java.lang.ref.WeakReference;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
import org.xml.sax.SAXException;
import javax.xml.parsers.SAXParserFactory;
@@ -66,6 +70,7 @@
* @author Philip Milne
*/
public class XMLDecoder {
+ private final AccessControlContext acc = AccessController.getContext();
private InputStream in;
private Object owner;
private ExceptionListener exceptionListener;
@@ -248,10 +253,15 @@
*/
private ObjectHandler getHandler() {
if ( handler == null ) {
+ if ((this.acc == null) && (null != System.getSecurityManager())) {
+ throw new SecurityException("AccessControlContext is not set");
+ }
+ handler = AccessController.doPrivileged(new PrivilegedAction<ObjectHandler>() {
+ public ObjectHandler run() {
+ ObjectHandler handler = new ObjectHandler(XMLDecoder.this, getClassLoader());
SAXParserFactory factory = SAXParserFactory.newInstance();
try {
SAXParser parser = factory.newSAXParser();
- handler = new ObjectHandler( this, getClassLoader() );
parser.parse( in, handler );
}
catch ( ParserConfigurationException e ) {
@@ -267,6 +277,9 @@
catch ( IOException ioe ) {
getExceptionListener().exceptionThrown( ioe );
}
+ return handler;
+ }
+ }, this.acc);
}
return handler;
}
Modified: classlib6/core/src/openjdk/java/java/net/URL.java
===================================================================
--- classlib6/core/src/openjdk/java/java/net/URL.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/java/java/net/URL.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,6 +28,8 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.Hashtable;
import java.util.StringTokenizer;
import sun.security.util.SecurityConstants;
@@ -1110,6 +1112,21 @@
static Hashtable handlers = new Hashtable();
private static Object streamHandlerLock = new Object();
+ // special case the gopher protocol, disabled by default
+ private static final String GOPHER = "gopher";
+ private static final String ENABLE_GOPHER_PROP = "jdk.net.registerGopherProtocol";
+ private static final boolean enableGopher = AccessController.doPrivileged(
+ new PrivilegedAction<Boolean>() {
+ public Boolean run() {
+ String prop = System.getProperty(ENABLE_GOPHER_PROP);
+ return prop == null ? false :
+ (prop.equalsIgnoreCase("false") ? false : true);
+ }
+ });
+
+ // package name of the JDK implementation protocol handlers
+ private static final String JDK_PACKAGE_PREFIX = "sun.net.www.protocol";
+
/**
* Returns the Stream Handler.
* @param protocol the protocol to use
@@ -1141,7 +1158,7 @@
// REMIND: decide whether to allow the "null" class prefix
// or not.
- packagePrefixList += "sun.net.www.protocol";
+ packagePrefixList += JDK_PACKAGE_PREFIX;
StringTokenizer packagePrefixIter =
new StringTokenizer(packagePrefixList, "|");
@@ -1151,6 +1168,15 @@
String packagePrefix =
packagePrefixIter.nextToken().trim();
+
+ // do not try to instantiate the JDK gopher handler
+ // unless the system property had been explicitly set
+ if (protocol.equalsIgnoreCase(GOPHER) &&
+ packagePrefix.equals(JDK_PACKAGE_PREFIX) &&
+ !enableGopher) {
+ continue;
+ }
+
try {
String clsName = packagePrefix + "." + protocol +
".Handler";
Modified: classlib6/core/src/openjdk/java/java/util/ServiceLoader.java
===================================================================
--- classlib6/core/src/openjdk/java/java/util/ServiceLoader.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/java/java/util/ServiceLoader.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -358,14 +358,21 @@
}
String cn = nextName;
nextName = null;
+ Class<?> c = null;
try {
- S p = service.cast(Class.forName(cn, true, loader)
- .newInstance());
- providers.put(cn, p);
- return p;
+ c = Class.forName(cn, false, loader);
} catch (ClassNotFoundException x) {
fail(service,
"Provider " + cn + " not found");
+ }
+ if (!service.isAssignableFrom(c)) {
+ fail(service,
+ "Provider " + cn + " not a subtype");
+ }
+ try {
+ S p = service.cast(c.newInstance());
+ providers.put(cn, p);
+ return p;
} catch (Throwable x) {
fail(service,
"Provider " + cn + " could not be instantiated: " + x,
Modified: classlib6/core/src/openjdk/java/java/util/concurrent/Executors.java
===================================================================
--- classlib6/core/src/openjdk/java/java/util/concurrent/Executors.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/java/java/util/concurrent/Executors.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -530,18 +530,17 @@
return AccessController.doPrivileged(
new PrivilegedExceptionAction<T>() {
public T run() throws Exception {
- ClassLoader savedcl = null;
Thread t = Thread.currentThread();
- try {
ClassLoader cl = t.getContextClassLoader();
- if (ccl != cl) {
+ if (ccl == cl) {
+ return task.call();
+ } else {
t.setContextClassLoader(ccl);
- savedcl = cl;
- }
+ try {
return task.call();
} finally {
- if (savedcl != null)
- t.setContextClassLoader(savedcl);
+ t.setContextClassLoader(cl);
+ }
}
}
}, acc);
Modified: classlib6/core/src/openjdk/java/java/util/logging/FileHandler.java
===================================================================
--- classlib6/core/src/openjdk/java/java/util/logging/FileHandler.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/java/java/util/logging/FileHandler.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -220,7 +220,7 @@
* @exception NullPointerException if pattern property is an empty String.
*/
public FileHandler() throws IOException, SecurityException {
- checkAccess();
+ checkPermission();
configure();
openFiles();
}
@@ -246,7 +246,7 @@
if (pattern.length() < 1 ) {
throw new IllegalArgumentException();
}
- checkAccess();
+ checkPermission();
configure();
this.pattern = pattern;
this.limit = 0;
@@ -278,7 +278,7 @@
if (pattern.length() < 1 ) {
throw new IllegalArgumentException();
}
- checkAccess();
+ checkPermission();
configure();
this.pattern = pattern;
this.limit = 0;
@@ -315,7 +315,7 @@
if (limit < 0 || count < 1 || pattern.length() < 1) {
throw new IllegalArgumentException();
}
- checkAccess();
+ checkPermission();
configure();
this.pattern = pattern;
this.limit = limit;
@@ -354,7 +354,7 @@
if (limit < 0 || count < 1 || pattern.length() < 1) {
throw new IllegalArgumentException();
}
- checkAccess();
+ checkPermission();
configure();
this.pattern = pattern;
this.limit = limit;
@@ -367,7 +367,7 @@
// configured instance variables.
private void openFiles() throws IOException {
LogManager manager = LogManager.getLogManager();
- manager.checkAccess();
+ manager.checkPermission();
if (count < 1) {
throw new IllegalArgumentException("file count = " + count);
}
Modified: classlib6/core/src/openjdk/java/java/util/logging/Handler.java
===================================================================
--- classlib6/core/src/openjdk/java/java/util/logging/Handler.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/java/java/util/logging/Handler.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -111,7 +111,7 @@
* the caller does not have <tt>LoggingPermission("control")</tt>.
*/
public void setFormatter(Formatter newFormatter) throws SecurityException {
- checkAccess();
+ checkPermission();
// Check for a null pointer:
newFormatter.getClass();
formatter = newFormatter;
@@ -140,7 +140,7 @@
*/
public void setEncoding(String encoding)
throws SecurityException, java.io.UnsupportedEncodingException {
- checkAccess();
+ checkPermission();
if (encoding != null) {
try {
if(!java.nio.charset.Charset.isSupported(encoding)) {
@@ -175,7 +175,7 @@
* the caller does not have <tt>LoggingPermission("control")</tt>.
*/
public void setFilter(Filter newFilter) throws SecurityException {
- checkAccess();
+ checkPermission();
filter = newFilter;
}
@@ -199,7 +199,7 @@
* the caller does not have <tt>LoggingPermission("control")</tt>.
*/
public void setErrorManager(ErrorManager em) {
- checkAccess();
+ checkPermission();
if (em == null) {
throw new NullPointerException();
}
@@ -213,7 +213,7 @@
* the caller does not have <tt>LoggingPermission("control")</tt>.
*/
public ErrorManager getErrorManager() {
- checkAccess();
+ checkPermission();
return errorManager;
}
@@ -253,7 +253,7 @@
if (newLevel == null) {
throw new NullPointerException();
}
- checkAccess();
+ checkPermission();
logLevel = newLevel;
}
@@ -296,9 +296,9 @@
// If "sealed" is true, we check that the caller has
// appropriate security privileges to update Handler
// state and if not throw a SecurityException.
- void checkAccess() throws SecurityException {
+ void checkPermission() throws SecurityException {
if (sealed) {
- manager.checkAccess();
+ manager.checkPermission();
}
}
}
Modified: classlib6/core/src/openjdk/java/java/util/logging/LogManager.java
===================================================================
--- classlib6/core/src/openjdk/java/java/util/logging/LogManager.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/java/java/util/logging/LogManager.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -303,7 +303,7 @@
if (l == null) {
throw new NullPointerException();
}
- checkAccess();
+ checkPermission();
changes.addPropertyChangeListener(l);
}
@@ -322,7 +322,7 @@
* the caller does not have LoggingPermission("control").
*/
public void removePropertyChangeListener(PropertyChangeListener l) throws SecurityException {
- checkAccess();
+ checkPermission();
changes.removePropertyChangeListener(l);
}
@@ -740,7 +740,7 @@
* @exception IOException if there are IO problems reading the configuration.
*/
public void readConfiguration() throws IOException, SecurityException {
- checkAccess();
+ checkPermission();
// if a configuration class is specified, load it and use it.
String cname = System.getProperty("java.util.logging.config.class");
@@ -798,7 +798,7 @@
*/
public void reset() throws SecurityException {
- checkAccess();
+ checkPermission();
synchronized (this) {
props = new Properties();
// Since we are doing a reset we no longer want to initialize
@@ -883,7 +883,7 @@
* @exception IOException if there are problems reading from the stream.
*/
public void readConfiguration(InputStream ins) throws IOException, SecurityException {
- checkAccess();
+ checkPermission();
reset();
// Load the properties
@@ -1045,7 +1045,13 @@
}
- private Permission ourPermission = new LoggingPermission("control", null);
+ private final Permission controlPermission = new LoggingPermission("control", null);
+
+ void checkPermission() {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(controlPermission);
+ }
/**
* Check that the current context is trusted to modify the logging
@@ -1058,11 +1064,7 @@
* the caller does not have LoggingPermission("control").
*/
public void checkAccess() throws SecurityException {
- SecurityManager sm = System.getSecurityManager();
- if (sm == null) {
- return;
- }
- sm.checkPermission(ourPermission);
+ checkPermission();
}
// Nested class to represent a node in our tree of named loggers.
Modified: classlib6/core/src/openjdk/java/java/util/logging/Logger.java
===================================================================
--- classlib6/core/src/openjdk/java/java/util/logging/Logger.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/java/java/util/logging/Logger.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -266,13 +266,13 @@
this.manager = manager;
}
- private void checkAccess() throws SecurityException {
+ private void checkPermission() throws SecurityException {
if (!anonymous) {
if (manager == null) {
// Complete initialization of the global Logger.
manager = LogManager.getLogManager();
}
- manager.checkAccess();
+ manager.checkPermission();
}
}
@@ -454,7 +454,7 @@
* the caller does not have LoggingPermission("control").
*/
public synchronized void setFilter(Filter newFilter) throws SecurityException {
- checkAccess();
+ checkPermission();
filter = newFilter;
}
@@ -1145,7 +1145,7 @@
* the caller does not have LoggingPermission("control").
*/
public void setLevel(Level newLevel) throws SecurityException {
- checkAccess();
+ checkPermission();
synchronized (treeLock) {
levelObject = newLevel;
updateEffectiveLevel();
@@ -1200,7 +1200,7 @@
public synchronized void addHandler(Handler handler) throws SecurityException {
// Check for null handler
handler.getClass();
- checkAccess();
+ checkPermission();
if (handlers == null) {
handlers = new ArrayList<Handler>();
}
@@ -1217,7 +1217,7 @@
* the caller does not have LoggingPermission("control").
*/
public synchronized void removeHandler(Handler handler) throws SecurityException {
- checkAccess();
+ checkPermission();
if (handler == null) {
return;
}
@@ -1251,7 +1251,7 @@
* the caller does not have LoggingPermission("control").
*/
public synchronized void setUseParentHandlers(boolean useParentHandlers) {
- checkAccess();
+ checkPermission();
this.useParentHandlers = useParentHandlers;
}
@@ -1388,7 +1388,7 @@
if (parent == null) {
throw new NullPointerException();
}
- manager.checkAccess();
+ manager.checkPermission();
doSetParent(parent);
}
Modified: classlib6/core/src/openjdk/java/java/util/logging/MemoryHandler.java
===================================================================
--- classlib6/core/src/openjdk/java/java/util/logging/MemoryHandler.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/java/java/util/logging/MemoryHandler.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -238,7 +238,7 @@
throw new NullPointerException();
}
LogManager manager = LogManager.getLogManager();
- checkAccess();
+ checkPermission();
pushLevel = newLevel;
}
Modified: classlib6/core/src/openjdk/java/java/util/logging/StreamHandler.java
===================================================================
--- classlib6/core/src/openjdk/java/java/util/logging/StreamHandler.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/java/java/util/logging/StreamHandler.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -249,7 +249,7 @@
}
private synchronized void flushAndClose() throws SecurityException {
- checkAccess();
+ checkPermission();
if (writer != null) {
try {
if (!doneHeader) {
Modified: classlib6/core/src/openjdk/javax/javax/management/modelmbean/DescriptorSupport.java
===================================================================
--- classlib6/core/src/openjdk/javax/javax/management/modelmbean/DescriptorSupport.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/javax/javax/management/modelmbean/DescriptorSupport.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1239,13 +1239,12 @@
return s.substring(1, s.length() - 1);
}
final String className = s.substring(1, slash);
+
final Constructor<?> constr;
try {
+ ReflectUtil.checkPackageAccess(className);
final ClassLoader contextClassLoader =
Thread.currentThread().getContextClassLoader();
- if (contextClassLoader == null) {
- ReflectUtil.checkPackageAccess(className);
- }
final Class<?> c =
Class.forName(className, false, contextClassLoader);
constr = c.getConstructor(new Class[] {String.class});
Modified: classlib6/core/src/openjdk/javax/javax/management/remote/rmi/RMIConnectionImpl.java
===================================================================
--- classlib6/core/src/openjdk/javax/javax/management/remote/rmi/RMIConnectionImpl.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/javax/javax/management/remote/rmi/RMIConnectionImpl.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -39,11 +39,17 @@
import java.rmi.MarshalledObject;
import java.rmi.UnmarshalException;
import java.rmi.server.Unreferenced;
+
import java.security.AccessControlContext;
import java.security.AccessController;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
+import java.security.ProtectionDomain;
+
import java.util.Arrays;
import java.util.Collections;
import java.util.Map;
@@ -60,6 +66,7 @@
import javax.management.MBeanException;
import javax.management.MBeanInfo;
import javax.management.MBeanRegistrationException;
+import javax.management.MBeanPermission;
import javax.management.MBeanServer;
import javax.management.NotCompliantMBeanException;
import javax.management.NotificationFilter;
@@ -144,22 +151,46 @@
this.mbeanServer = rmiServer.getMBeanServer();
final ClassLoader dcl = defaultClassLoader;
+
this.classLoaderWithRepository =
AccessController.doPrivileged(
new PrivilegedAction<ClassLoaderWithRepository>() {
public ClassLoaderWithRepository run() {
return new ClassLoaderWithRepository(
- getClassLoaderRepository(),
+ mbeanServer.getClassLoaderRepository(),
dcl);
}
+ },
+
+ withPermissions( new MBeanPermission("*", "getClassLoaderRepository"),
+ new RuntimePermission("createClassLoader"))
+ );
+ this.defaultContextClassLoader =
+ AccessController.doPrivileged(
+ new PrivilegedAction<ClassLoader>() {
+ @Override
+ public ClassLoader run() {
+ return new CombinedClassLoader(Thread.currentThread().getContextClassLoader(),
+ dcl);
+ }
});
-
serverCommunicatorAdmin = new
RMIServerCommunicatorAdmin(EnvHelp.getServerConnectionTimeout(env));
this.env = env;
}
+ private static AccessControlContext withPermissions(Permission ... perms){
+ Permissions col = new Permissions();
+
+ for (Permission thePerm : perms ) {
+ col.add(thePerm);
+ }
+
+ final ProtectionDomain pd = new ProtectionDomain(null, col);
+ return new AccessControlContext( new ProtectionDomain[] { pd });
+ }
+
private synchronized ServerNotifForwarder getServerNotifFwd() {
// Lazily created when first use. Mainly when
// addNotificationListener is first called.
@@ -506,7 +537,7 @@
"connectionId=" + connectionId
+" unwrapping query with defaultClassLoader.");
- queryValue = unwrap(query, defaultClassLoader, QueryExp.class);
+ queryValue = unwrap(query, defaultContextClassLoader, QueryExp.class);
try {
final Object params[] = new Object[] { name, queryValue };
@@ -540,7 +571,7 @@
"connectionId=" + connectionId
+" unwrapping query with defaultClassLoader.");
- queryValue = unwrap(query, defaultClassLoader, QueryExp.class);
+ queryValue = unwrap(query, defaultContextClassLoader, QueryExp.class);
try {
final Object params[] = new Object[] { name, queryValue };
@@ -1314,16 +1345,6 @@
// private methods
//------------------------------------------------------------------------
- private ClassLoaderRepository getClassLoaderRepository() {
- return
- AccessController.doPrivileged(
- new PrivilegedAction<ClassLoaderRepository>() {
- public ClassLoaderRepository run() {
- return mbeanServer.getClassLoaderRepository();
- }
- });
- }
-
private ClassLoader getClassLoader(final ObjectName name)
throws InstanceNotFoundException {
try {
@@ -1333,7 +1354,9 @@
public ClassLoader run() throws InstanceNotFoundException {
return mbeanServer.getClassLoader(name);
}
- });
+ },
+ withPermissions(new MBeanPermission("*", "getClassLoader"))
+ );
} catch (PrivilegedActionException pe) {
throw (InstanceNotFoundException) extractException(pe);
}
@@ -1348,7 +1371,9 @@
public Object run() throws InstanceNotFoundException {
return mbeanServer.getClassLoaderFor(name);
}
- });
+ },
+ withPermissions(new MBeanPermission("*", "getClassLoaderFor"))
+ );
} catch (PrivilegedActionException pe) {
throw (InstanceNotFoundException) extractException(pe);
}
@@ -1575,7 +1600,8 @@
ClassLoader orderCL = AccessController.doPrivileged(
new PrivilegedExceptionAction<ClassLoader>() {
public ClassLoader run() throws Exception {
- return new OrderClassLoaders(cl1, cl2);
+ return new CombinedClassLoader(Thread.currentThread().getContextClassLoader(),
+ new OrderClassLoaders(cl1, cl2));
}
}
);
@@ -1667,6 +1693,8 @@
private final ClassLoader defaultClassLoader;
+ private final ClassLoader defaultContextClassLoader;
+
private final ClassLoaderWithRepository classLoaderWithRepository;
private boolean terminated = false;
@@ -1751,4 +1779,43 @@
private static final ClassLogger logger =
new ClassLogger("javax.management.remote.rmi", "RMIConnectionImpl");
+
+ private static final class CombinedClassLoader extends ClassLoader {
+
+ private final static class ClassLoaderWrapper extends ClassLoader {
+ ClassLoaderWrapper(ClassLoader cl) {
+ super(cl);
+ }
+
+ @Override
+ protected Class<?> loadClass(String name, boolean resolve)
+ throws ClassNotFoundException {
+ return super.loadClass(name, resolve);
+ }
+ };
+
+ final ClassLoaderWrapper defaultCL;
+
+ private CombinedClassLoader(ClassLoader parent, ClassLoader defaultCL) {
+ super(parent);
+ this.defaultCL = new ClassLoaderWrapper(defaultCL);
+ }
+
+ @Override
+ protected Class<?> loadClass(String name, boolean resolve)
+ throws ClassNotFoundException {
+ try {
+ super.loadClass(name, resolve);
+ } catch(Exception e) {
+ for(Throwable t = e; t != null; t = t.getCause()) {
+ if(t instanceof SecurityException) {
+ throw t==e?(SecurityException)t:new SecurityException(t.getMessage(), e);
+ }
+ }
+ }
+ final Class<?> cl = defaultCL.loadClass(name, resolve);
+ return cl;
+ }
+
+ }
}
Modified: classlib6/core/src/openjdk/javax/javax/swing/text/DefaultFormatter.java
===================================================================
--- classlib6/core/src/openjdk/javax/javax/swing/text/DefaultFormatter.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/javax/javax/swing/text/DefaultFormatter.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -24,6 +24,8 @@
*/
package javax.swing.text;
+import sun.reflect.misc.ConstructorUtil;
+
import java.io.Serializable;
import java.lang.reflect.*;
import java.text.ParseException;
@@ -245,7 +247,7 @@
Constructor cons;
try {
- cons = vc.getConstructor(new Class[] { String.class });
+ cons = ConstructorUtil.getConstructor(vc, new Class[]{String.class});
} catch (NoSuchMethodException nsme) {
cons = null;
Modified: classlib6/core/src/openjdk/sun/sun/misc/Service.java
===================================================================
--- classlib6/core/src/openjdk/sun/sun/misc/Service.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/sun/sun/misc/Service.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -284,12 +284,20 @@
}
String cn = nextName;
nextName = null;
+ Class<?> c = null;
try {
- return Class.forName(cn, true, loader).newInstance();
+ c = Class.forName(cn, false, loader);
} catch (ClassNotFoundException x) {
fail(service,
"Provider " + cn + " not found");
- } catch (Exception x) {
+ }
+ if (!service.isAssignableFrom(c)) {
+ fail(service,
+ "Provider " + cn + " not a subtype");
+ }
+ try {
+ return service.cast(c.newInstance());
+ } catch (Throwable x) {
fail(service,
"Provider " + cn + " could not be instantiated: " + x,
x);
Modified: classlib6/core/src/openjdk/sun/sun/rmi/registry/RegistryImpl.java
===================================================================
--- classlib6/core/src/openjdk/sun/sun/rmi/registry/RegistryImpl.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/sun/sun/rmi/registry/RegistryImpl.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -405,7 +405,8 @@
*/
perms.add(new SocketPermission("*", "connect,accept"));
- perms.add(new RuntimePermission("accessClassInPackage.sun.*"));
+ perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
+ perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));
perms.add(new FilePermission("<<ALL FILES>>", "read"));
Modified: classlib6/core/src/openjdk/sun/sun/security/pkcs11/P11Cipher.java
===================================================================
--- classlib6/core/src/openjdk/sun/sun/security/pkcs11/P11Cipher.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/sun/sun/security/pkcs11/P11Cipher.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -650,7 +650,7 @@
// see JCE spec
protected int engineGetKeySize(Key key) throws InvalidKeyException {
int n = P11SecretKeyFactory.convertKey
- (token, key, keyAlgorithm).keyLength();
+ (token, key, keyAlgorithm).length();
return n;
}
}
Modified: classlib6/core/src/openjdk/sun/sun/security/pkcs11/P11Key.java
===================================================================
--- classlib6/core/src/openjdk/sun/sun/security/pkcs11/P11Key.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/sun/sun/security/pkcs11/P11Key.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -46,6 +46,7 @@
import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
import sun.security.util.DerValue;
+import sun.security.util.Length;
/**
* Key implementation classes.
@@ -61,7 +62,7 @@
* @author Andreas Sterbenz
* @since 1.5
*/
-abstract class P11Key implements Key {
+abstract class P11Key implements Key, Length {
private final static String PUBLIC = "public";
private final static String PRIVATE = "private";
@@ -212,7 +213,11 @@
return s1;
}
- int keyLength() {
+ /**
+ * Return bit length of the key.
+ */
+ @Override
+ public int length() {
return keyLength;
}
Modified: classlib6/core/src/openjdk/sun/sun/security/pkcs11/P11RSACipher.java
===================================================================
--- classlib6/core/src/openjdk/sun/sun/security/pkcs11/P11RSACipher.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/sun/sun/security/pkcs11/P11RSACipher.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -201,7 +201,7 @@
} else {
throw new InvalidKeyException("Unknown key type: " + p11Key);
}
- int n = (p11Key.keyLength() + 7) >> 3;
+ int n = (p11Key.length() + 7) >> 3;
outputSize = n;
buffer = new byte[n];
maxInputSize = encrypt ? (n - PKCS1_MIN_PADDING_LENGTH) : n;
@@ -458,7 +458,7 @@
// see JCE spec
protected int engineGetKeySize(Key key) throws InvalidKeyException {
- int n = P11KeyFactory.convertKey(token, key, algorithm).keyLength();
+ int n = P11KeyFactory.convertKey(token, key, algorithm).length();
return n;
}
}
Modified: classlib6/core/src/openjdk/sun/sun/security/pkcs11/P11Signature.java
===================================================================
--- classlib6/core/src/openjdk/sun/sun/security/pkcs11/P11Signature.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/sun/sun/security/pkcs11/P11Signature.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -274,7 +274,7 @@
if (keyAlgorithm.equals("DSA")) {
signature = new byte[40];
} else {
- signature = new byte[(p11Key.keyLength() + 7) >> 3];
+ signature = new byte[(p11Key.length() + 7) >> 3];
}
if (type == T_UPDATE) {
token.p11.C_VerifyFinal(session.id(), signature);
@@ -359,7 +359,7 @@
if (keyAlgorithm.equals("RSA") && publicKey != p11Key) {
int keyLen;
if (publicKey instanceof P11Key) {
- keyLen = ((P11Key) publicKey).keyLength();
+ keyLen = ((P11Key) publicKey).length();
} else {
keyLen = ((RSAKey) publicKey).getModulus().bitLength();
}
@@ -620,7 +620,7 @@
private byte[] pkcs1Pad(byte[] data) {
try {
- int len = (p11Key.keyLength() + 7) >> 3;
+ int len = (p11Key.length() + 7) >> 3;
RSAPadding padding = RSAPadding.getInstance
(RSAPadding.PAD_BLOCKTYPE_1, len);
byte[] padded = padding.pad(data);
Modified: classlib6/core/src/openjdk/sun/sun/security/provider/SecureRandom.java
===================================================================
--- classlib6/core/src/openjdk/sun/sun/security/provider/SecureRandom.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/sun/sun/security/provider/SecureRandom.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -56,12 +56,6 @@
private static final long serialVersionUID = 3581829991155417889L;
- /**
- * This static object will be seeded by SeedGenerator, and used
- * to seed future instances of SecureRandom
- */
- private static SecureRandom seeder;
-
private static final int DIGEST_SIZE = 20;
private transient MessageDigest digest;
private byte[] state;
@@ -173,6 +167,28 @@
}
/**
+ * This static object will be seeded by SeedGenerator, and used
+ * to seed future instances of SHA1PRNG SecureRandoms.
+ *
+ * Bloch, Effective Java Second Edition: Item 71
+ */
+ private static class SeederHolder {
+
+ private static final SecureRandom seeder;
+
+ static {
+ /*
+ * Call to SeedGenerator.generateSeed() to add additional
+ * seed material (likely from the Native implementation).
+ */
+ seeder = new SecureRandom(SeedGenerator.getSystemEntropy());
+ byte [] b = new byte[DIGEST_SIZE];
+ SeedGenerator.generateSeed(b);
+ seeder.engineSetSeed(b);
+ }
+ }
+
+ /**
* Generates a user-specified number of random bytes.
*
* @param bytes the array to be filled in with random bytes.
@@ -183,13 +199,8 @@
byte[] output = remainder;
if (state == null) {
- if (seeder == null) {
- seeder = new SecureRandom(SeedGenerator.getSystemEntropy());
- seeder.engineSetSeed(engineGenerateSeed(DIGEST_SIZE));
- }
-
byte[] seed = new byte[DIGEST_SIZE];
- seeder.engineNextBytes(seed);
+ SeederHolder.seeder.engineNextBytes(seed);
state = digest.digest(seed);
}
Modified: classlib6/core/src/openjdk/sun/sun/security/ssl/HandshakeInStream.java
===================================================================
--- classlib6/core/src/openjdk/sun/sun/security/ssl/HandshakeInStream.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/sun/sun/security/ssl/HandshakeInStream.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -190,6 +190,7 @@
byte[] getBytes8() throws IOException {
int len = getInt8();
+ verifyLength(len);
byte b[] = new byte[len];
read(b, 0, len);
@@ -198,6 +199,7 @@
byte[] getBytes16() throws IOException {
int len = getInt16();
+ verifyLength(len);
byte b[] = new byte[len];
read(b, 0, len);
@@ -206,10 +208,19 @@
byte[] getBytes24() throws IOException {
int len = getInt24();
+ verifyLength(len);
byte b[] = new byte[len];
read(b, 0, len);
return b;
}
+ // Is a length greater than available bytes in the record?
+ private void verifyLength(int len) throws SSLException {
+ if (len > available()) {
+ throw new SSLException(
+ "Not enough data to fill declared vector size");
+ }
+ }
+
}
Modified: classlib6/core/src/openjdk/sun/sun/security/ssl/Handshaker.java
===================================================================
--- classlib6/core/src/openjdk/sun/sun/security/ssl/Handshaker.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/sun/sun/security/ssl/Handshaker.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -776,9 +776,9 @@
if (debug != null && Debug.isOn("handshake")) {
System.out.println("RSA master secret generation error:");
e.printStackTrace(System.out);
- System.out.println("Generating new random premaster secret");
}
- preMasterSecret = RSAClientKeyExchange.generateDummySecret(protocolVersion);
+ preMasterSecret =
+ RSAClientKeyExchange.generateDummySecret(protocolVersion);
// recursive call with new premaster secret
return calculateMasterSecret(preMasterSecret, null);
}
@@ -821,9 +821,9 @@
System.out.println("RSA PreMasterSecret version error: expected"
+ protocolVersion + " or " + requestedVersion + ", decrypted: "
+ premasterVersion);
- System.out.println("Generating new random premaster secret");
}
- preMasterSecret = RSAClientKeyExchange.generateDummySecret(protocolVersion);
+ preMasterSecret =
+ RSAClientKeyExchange.generateDummySecret(protocolVersion);
// recursive call with new premaster secret
return calculateMasterSecret(preMasterSecret, null);
}
Modified: classlib6/core/src/openjdk/sun/sun/security/ssl/RSAClientKeyExchange.java
===================================================================
--- classlib6/core/src/openjdk/sun/sun/security/ssl/RSAClientKeyExchange.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/sun/sun/security/ssl/RSAClientKeyExchange.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -36,6 +36,7 @@
import javax.net.ssl.*;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
+import sun.security.util.KeyLength;
/**
* This is the client key exchange message (CLIENT --> SERVER) used with
@@ -85,7 +86,8 @@
* it, using its RSA private key. Result is the same size as the
* server's public key, and uses PKCS #1 block format 02.
*/
- RSAClientKeyExchange(ProtocolVersion protocolVersion, ProtocolVersion maxVersion,
+ RSAClientKeyExchange(ProtocolVersion protocolVersion,
+ ProtocolVersion maxVersion,
SecureRandom generator, PublicKey publicKey) throws IOException {
if (publicKey.getAlgorithm().equals("RSA") == false) {
throw new SSLKeyException("Public key not of type RSA");
@@ -120,7 +122,8 @@
* Server gets the PKCS #1 (block format 02) data, decrypts
* it with its private key.
*/
- RSAClientKeyExchange(ProtocolVersion currentVersion, HandshakeInStream input,
+ RSAClientKeyExchange(ProtocolVersion currentVersion,
+ ProtocolVersion maxVersion, HandshakeInStream input,
int messageSize, PrivateKey privateKey) throws IOException {
if (privateKey.getAlgorithm().equals("RSA") == false) {
@@ -143,28 +146,119 @@
cipher.init(Cipher.UNWRAP_MODE, privateKey);
preMaster = (SecretKey)cipher.unwrap(encrypted,
"TlsRsaPremasterSecret", Cipher.SECRET_KEY);
+
+ // polish the premaster secret
+ preMaster = polishPreMasterSecretKey(
+ currentVersion, maxVersion, preMaster, null);
} catch (Exception e) {
+ // polish the premaster secret
+ preMaster = polishPreMasterSecretKey(
+ currentVersion, maxVersion, preMaster, e);
+ }
+ }
+
+ /**
+ * To avoid vulnerabilities described by section 7.4.7.1, RFC 5246,
+ * treating incorrectly formatted message blocks and/or mismatched
+ * version numbers in a manner indistinguishable from correctly
+ * formatted RSA blocks.
+ *
+ * RFC 5246 describes the approach as :
+ *
+ * 1. Generate a string R of 46 random bytes
+ *
+ * 2. Decrypt the message to recover the plaintext M
+ *
+ * 3. If the PKCS#1 padding is not correct, or the length of message
+ * M is not exactly 48 bytes:
+ * pre_master_secret = ClientHello.client_version || R
+ * else If ClientHello.client_version <= TLS 1.0, and version
+ * number check is explicitly disabled:
+ * pre_master_secret = M
+ * else:
+ * pre_master_secret = ClientHello.client_version || M[2..47]
+ *
+ * Note that although TLS 1.2 is not supported in this release, we still
+ * want to make use of the above approach to provide better protection.
+ */
+ private SecretKey polishPreMasterSecretKey(
+ ProtocolVersion currentVersion, ProtocolVersion clientHelloVersion,
+ SecretKey secretKey, Exception failoverException) {
+
+ if (failoverException == null && secretKey != null) {
+ // check the length
+ byte[] encoded = secretKey.getEncoded();
+ if (encoded == null) { // unable to get the encoded key
+ if (debug != null && Debug.isOn("handshake")) {
+ System.out.println(
+ "unable to get the plaintext of the premaster secret");
+ }
+
+ int keySize = KeyLength.getKeySize(secretKey);
+ if (keySize > 0 && keySize != 384) { // 384 = 48 * 8
+ if (debug != null && Debug.isOn("handshake")) {
+ System.out.println(
+ "incorrect length of premaster secret: " +
+ (keySize/8));
+ }
+
+ return generateDummySecret(currentVersion);
+ }
+
+ // The key size is exactly 48 bytes or not accessible.
+ //
+ // Conservatively, pass the checking to master secret
+ // calculation.
+ return secretKey;
+ } else if (encoded.length == 48) {
+ // check the version
+ if (clientHelloVersion.major == encoded[0] &&
+ clientHelloVersion.minor == encoded[1]) {
+
+ return secretKey;
+ } else if (clientHelloVersion.v <= ProtocolVersion.TLS10.v &&
+ currentVersion.major == encoded[0] &&
+ currentVersion.minor == encoded[1]) {
/*
- * Bogus decrypted ClientKeyExchange? If so, conjure a
- * a random preMaster secret that will fail later during
- * Finished message processing. This is a countermeasure against
- * the "interactive RSA PKCS#1 encryption envelop attack" reported
- * in June 1998. Preserving the executation path will
- * mitigate timing attacks and force consistent error handling
- * that will prevent an attacking client from differentiating
- * different kinds of decrypted ClientKeyExchange bogosities.
+ * For compatibility, we maintain the behavior that the
+ * version in pre_master_secret can be the negotiated
+ * version for TLS v1.0 and SSL v3.0.
*/
+ return secretKey;
+ }
+
if (debug != null && Debug.isOn("handshake")) {
- System.out.println("Error decrypting premaster secret:");
- e.printStackTrace(System.out);
- System.out.println("Generating random secret");
+ System.out.println("Mismatching Protocol Versions, " +
+ "ClientHello.client_version is " + clientHelloVersion +
+ ", while PreMasterSecret.client_version is " +
+ ProtocolVersion.valueOf(encoded[0], encoded[1]));
+ }
+ return generateDummySecret(currentVersion);
+ } else {
+ if (debug != null && Debug.isOn("handshake")) {
+ System.out.println(
+ "incorrect length of premaster secret: " +
+ encoded.length);
+ }
+ return generateDummySecret(currentVersion);
}
- preMaster = generateDummySecret(currentVersion);
}
+
+ if (debug != null && Debug.isOn("handshake") &&
+ failoverException != null) {
+ System.out.println("Error decrypting premaster secret:");
+ failoverException.printStackTrace(System.out);
+ }
+
+ return generateDummySecret(currentVersion);
}
// generate a premaster secret with the specified version number
static SecretKey generateDummySecret(ProtocolVersion version) {
+ if (debug != null && Debug.isOn("handshake")) {
+ System.out.println("Generating a random fake premaster secret");
+ }
+
try {
KeyGenerator kg =
JsseJce.getKeyGenerator("SunTlsRsaPremasterSecret");
Modified: classlib6/core/src/openjdk/sun/sun/security/ssl/ServerHandshaker.java
===================================================================
--- classlib6/core/src/openjdk/sun/sun/security/ssl/ServerHandshaker.java 2013-02-13 20:12:29 UTC (rev 5947)
+++ classlib6/core/src/openjdk/sun/sun/security/ssl/ServerHandshaker.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -190,8 +190,9 @@
* temporary one used for non-export or signing-only
* certificates/keys.
*/
- RSAClientKeyExchange pms = new RSAClientKeyExchange
- (protocolVersion, input, message_len, privateKey);
+ RSAClientKeyExchange pms = new RSAClientKeyExchange(
+ protocolVersion, clientRequestedVersion,
+ input, message_len, privateKey);
preMasterSecret = this.clientKeyExchange(pms);
break;
case K_KRB5:
Added: classlib6/core/src/openjdk/sun/sun/security/util/KeyLength.java
===================================================================
--- classlib6/core/src/openjdk/sun/sun/security/util/KeyLength.java (rev 0)
+++ classlib6/core/src/openjdk/sun/sun/security/util/KeyLength.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.security.Key;
+import java.security.PrivilegedAction;
+import java.security.AccessController;
+import java.security.interfaces.ECKey;
+import java.security.interfaces.RSAKey;
+import java.security.interfaces.DSAKey;
+import javax.crypto.SecretKey;
+import javax.crypto.interfaces.DHKey;
+
+/**
+ * A utility class to get key length
+ */
+public final class KeyLength {
+
+ /**
+ * Returns the key size of the given key object in bits.
+ *
+ * @param key the key object, cannot be null
+ * @return the key size of the given key object in bits, or -1 if the
+ * key size is not accessible
+ */
+ final public static int getKeySize(Key key) {
+ int size = -1;
+
+ if (key instanceof Length) {
+ try {
+ Length ruler = (Length)key;
+ size = ruler.length();
+ } catch (UnsupportedOperationException usoe) {
+ // ignore the exception
+ }
+
+ if (size >= 0) {
+ return size;
+ }
+ }
+
+ // try to parse the length from key specification
+ if (key instanceof SecretKey) {
+ SecretKey sk = (SecretKey)key;
+ String format = sk.getFormat();
+ if ("RAW".equals(format) && sk.getEncoded() != null) {
+ size = (sk.getEncoded().length * 8);
+ } // Otherwise, it may be a unextractable key of PKCS#11, or
+ // a key we are not able to handle.
+ } else if (key instanceof RSAKey) {
+ RSAKey pubk = (RSAKey)key;
+ size = pubk.getModulus().bitLength();
+ } else if (key instanceof ECKey) {
+ ECKey pubk = (ECKey)key;
+ size = pubk.getParams().getOrder().bitLength();
+ } else if (key instanceof DSAKey) {
+ DSAKey pubk = (DSAKey)key;
+ size = pubk.getParams().getP().bitLength();
+ } else if (key instanceof DHKey) {
+ DHKey pubk = (DHKey)key;
+ size = pubk.getParams().getP().bitLength();
+ } // Otherwise, it may be a unextractable key of PKCS#11, or
+ // a key we are not able to handle.
+
+ return size;
+ }
+}
+
Added: classlib6/core/src/openjdk/sun/sun/security/util/Length.java
===================================================================
--- classlib6/core/src/openjdk/sun/sun/security/util/Length.java (rev 0)
+++ classlib6/core/src/openjdk/sun/sun/security/util/Length.java 2013-02-16 19:08:48 UTC (rev 5948)
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRA...
[truncated message content] |
