From 6dac9ffccaa130fb54521d0ca81acfe02d01b78d Mon Sep 17 00:00:00 2001 From: akozlov Date: Fri, 13 Dec 2019 07:19:47 +0000 Subject: [PATCH 01/37] 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call 8194653: Deadlock involving FileSystems.getDefault and System.loadLibrary call Reviewed-by: andrew, adinn, phh --- .../share/classes/java/lang/ClassLoader.java | 32 ++-- jdk/src/share/classes/java/lang/Runtime.java | 7 +- jdk/src/share/classes/java/lang/System.java | 2 + .../Runtime/loadLibrary/LoadLibraryTest.java | 156 ++++++++++++++++++ .../lang/Runtime/loadLibrary/src/Target.java | 34 ++++ .../lang/Runtime/loadLibrary/src/Target2.java | 29 ++++ 6 files changed, 247 insertions(+), 13 deletions(-) create mode 100644 jdk/test/java/lang/Runtime/loadLibrary/LoadLibraryTest.java create mode 100644 jdk/test/java/lang/Runtime/loadLibrary/src/Target.java create mode 100644 jdk/test/java/lang/Runtime/loadLibrary/src/Target2.java diff --git a/jdk/src/share/classes/java/lang/ClassLoader.java b/jdk/src/share/classes/java/lang/ClassLoader.java index 2e98092f63e..925fdacce3f 100644 --- a/jdk/src/share/classes/java/lang/ClassLoader.java +++ b/jdk/src/share/classes/java/lang/ClassLoader.java @@ -1,5 +1,6 @@ /* * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2019, Azul Systems, Inc. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1467,6 +1468,17 @@ private static synchronized void initSystemClassLoader() { } } + /* + * Initialize default paths for native libraries search. + * Must be done early as JDK may load libraries during bootstrap. + * + * @see java.lang.System#initPhase1 + */ + static void initLibraryPaths() { + usr_paths = initializePath("java.library.path"); + sys_paths = initializePath("sun.boot.library.path"); + } + // Returns true if the specified class loader can be found in this class // loader's delegation chain. boolean isAncestor(ClassLoader cl) { @@ -1809,10 +1821,9 @@ static void loadLibrary(Class fromClass, String name, boolean isAbsolute) { ClassLoader loader = (fromClass == null) ? null : fromClass.getClassLoader(); - if (sys_paths == null) { - usr_paths = initializePath("java.library.path"); - sys_paths = initializePath("sun.boot.library.path"); - } + assert sys_paths != null : "should be initialized at this point"; + assert usr_paths != null : "should be initialized at this point"; + if (isAbsolute) { if (loadLibrary0(fromClass, new File(name))) { return; @@ -1902,13 +1913,14 @@ public Object run() { name + " already loaded in another classloader"); } - /* If the library is being loaded (must be by the same thread, - * because Runtime.load and Runtime.loadLibrary are - * synchronous). The reason is can occur is that the JNI_OnLoad - * function can cause another loadLibrary invocation. + /* + * When a library is being loaded, JNI_OnLoad function can cause + * another loadLibrary invocation that should succeed. * - * Thus we can use a static stack to hold the list of libraries - * we are loading. + * We use a static stack to hold the list of libraries we are + * loading because this can happen only when called by the + * same thread because Runtime.load and Runtime.loadLibrary + * are synchronous. * * If there is a pending load operation for the library, we * immediately return success; otherwise, we raise diff --git a/jdk/src/share/classes/java/lang/Runtime.java b/jdk/src/share/classes/java/lang/Runtime.java index 9e53dc939ec..5039059149f 100644 --- a/jdk/src/share/classes/java/lang/Runtime.java +++ b/jdk/src/share/classes/java/lang/Runtime.java @@ -1,5 +1,6 @@ /* * Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2019, Azul Systems, Inc. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -797,7 +798,7 @@ public void load(String filename) { load0(Reflection.getCallerClass(), filename); } - synchronized void load0(Class fromClass, String filename) { + void load0(Class fromClass, String filename) { SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkLink(filename); @@ -858,14 +859,14 @@ public void loadLibrary(String libname) { loadLibrary0(Reflection.getCallerClass(), libname); } - synchronized void loadLibrary0(Class fromClass, String libname) { + void loadLibrary0(Class fromClass, String libname) { SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkLink(libname); } if (libname.indexOf((int)File.separatorChar) != -1) { throw new UnsatisfiedLinkError( - "Directory separator should not appear in library name: " + libname); + "Directory separator should not appear in library name: " + libname); } ClassLoader.loadLibrary(fromClass, libname, false); } diff --git a/jdk/src/share/classes/java/lang/System.java b/jdk/src/share/classes/java/lang/System.java index b2747fa7a41..7bc235beff7 100644 --- a/jdk/src/share/classes/java/lang/System.java +++ b/jdk/src/share/classes/java/lang/System.java @@ -1192,6 +1192,8 @@ private static void initializeSystemClass() { setOut0(newPrintStream(fdOut, props.getProperty("sun.stdout.encoding"))); setErr0(newPrintStream(fdErr, props.getProperty("sun.stderr.encoding"))); + ClassLoader.initLibraryPaths(); + // Load the zip library now in order to keep java.util.zip.ZipFile // from trying to use itself to load this library later. loadLibrary("zip"); diff --git a/jdk/test/java/lang/Runtime/loadLibrary/LoadLibraryTest.java b/jdk/test/java/lang/Runtime/loadLibrary/LoadLibraryTest.java new file mode 100644 index 00000000000..62eac12e186 --- /dev/null +++ b/jdk/test/java/lang/Runtime/loadLibrary/LoadLibraryTest.java @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2018, Amazon and/or its affiliates. All rights reserved. + * Copyright (c) 2019, Azul Systems, Inc. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8231584 + * @library /lib/testlibrary + * @run main/othervm LoadLibraryTest + */ + +import java.nio.file.FileSystems; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.nio.file.Path; +import java.net.MalformedURLException; +import java.net.URLClassLoader; +import java.net.URL; + +public class LoadLibraryTest { + static Thread thread1 = null; + static Thread thread2 = null; + + static volatile boolean thread1Ready = false; + + private static final String TEST_SRC = System.getProperty("test.src"); + private static final Path SRC_DIR = Paths.get(TEST_SRC, "src"); + private static final Path CLS_DIR = Paths.get("classes"); + + static TestClassLoader loader; + static void someLibLoad() { + try { +/* + FileSystems.getDefault(); + + // jdk/jdk: loads directly from Bootstrap Classloader (doesn't take lock on Runtime) + java.net.NetworkInterface.getNetworkInterfaces(); + + System.out.println(jdk.net.ExtendedSocketOptions.SO_FLOW_SLA); +*/ + Class c = Class.forName("Target2", true, loader); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + static class TestClassLoader extends URLClassLoader { + boolean passed = false; + + public boolean passed() { + return passed; + } + + TestClassLoader() throws MalformedURLException { + super(new URL[] { new URL("file://" + CLS_DIR.toAbsolutePath().toString() + '/') }); + } + + public String findLibrary(String name) { + System.out.println("findLibrary " + name); + + if ("someLibrary".equals(name)) { + try { + synchronized(thread1) { + while(!thread1Ready) { + thread1.wait(); + } + thread1.notifyAll(); + } + + Thread.sleep(10000); + + System.out.println("Thread2 load"); + someLibLoad(); + + // no deadlock happened + passed = true; + } catch (Exception e) { + throw new RuntimeException(e); + } + return null; + } + + return super.findLibrary(name); + } + } + + + public static void main(String[] args) throws Exception { + loader = new TestClassLoader(); + + if (!CompilerUtils.compile(SRC_DIR, CLS_DIR)) { + throw new Exception("Can't compile"); + } + + thread1 = new Thread() { + public void run() { + try { + synchronized(this) { + thread1Ready = true; + thread1.notifyAll(); + thread1.wait(); + } + } catch(InterruptedException e) { + throw new RuntimeException(e); + } + + System.out.println("Thread1 load"); + someLibLoad(); + }; + }; + + thread2 = new Thread() { + public void run() { + try { + Class c = Class.forName("Target", true, loader); + System.out.println(c); + } catch (Exception e) { + throw new RuntimeException(e); + } + }; + }; + + thread1.setDaemon(true); + thread2.setDaemon(true); + + thread1.start(); + thread2.start(); + + thread1.join(); + thread2.join(); + + if (!loader.passed()) { + throw new RuntimeException("FAIL"); + } + } +} diff --git a/jdk/test/java/lang/Runtime/loadLibrary/src/Target.java b/jdk/test/java/lang/Runtime/loadLibrary/src/Target.java new file mode 100644 index 00000000000..fc51481053d --- /dev/null +++ b/jdk/test/java/lang/Runtime/loadLibrary/src/Target.java @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2019, Azul Systems, Inc. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +class Target { + static { + try { + System.loadLibrary("someLibrary"); + throw new RuntimeException("someLibrary was loaded"); + } catch (UnsatisfiedLinkError e) { + // expected: we do not have a someLibrary + } + } +} + diff --git a/jdk/test/java/lang/Runtime/loadLibrary/src/Target2.java b/jdk/test/java/lang/Runtime/loadLibrary/src/Target2.java new file mode 100644 index 00000000000..bc8dfc5e63b --- /dev/null +++ b/jdk/test/java/lang/Runtime/loadLibrary/src/Target2.java @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2019, Azul Systems, Inc. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +class Target2 { + static { + System.loadLibrary("awt"); + } +} + From 6b388c33caf7ac0895e2e348d2bb903f5febcd55 Mon Sep 17 00:00:00 2001 From: prr Date: Fri, 13 Dec 2019 07:26:37 +0000 Subject: [PATCH 02/37] 8198649: Switch AWT/Swing's default GTK version to 3 8222496: [8u] Switch on GTK3 as a default GTK L&F in client-libs Reviewed-by: psadhukhan, kaddepalli --- jdk/src/solaris/native/sun/awt/gtk_interface.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/jdk/src/solaris/native/sun/awt/gtk_interface.c b/jdk/src/solaris/native/sun/awt/gtk_interface.c index 8157efed471..42db9b6fe0d 100644 --- a/jdk/src/solaris/native/sun/awt/gtk_interface.c +++ b/jdk/src/solaris/native/sun/awt/gtk_interface.c @@ -44,19 +44,19 @@ typedef struct { } GtkLib; static GtkLib gtk_libs[] = { - { - GTK_2, - JNI_LIB_NAME("gtk-x11-2.0"), - VERSIONED_JNI_LIB_NAME("gtk-x11-2.0", "0"), - >k2_load, - >k2_check - }, { GTK_3, JNI_LIB_NAME("gtk-3"), VERSIONED_JNI_LIB_NAME("gtk-3", "0"), >k3_load, >k3_check + }, + { + GTK_2, + JNI_LIB_NAME("gtk-x11-2.0"), + VERSIONED_JNI_LIB_NAME("gtk-x11-2.0", "0"), + >k2_load, + >k2_check } }; From ba0e606e7c43e1645ac4f23111c1dea4de3feb10 Mon Sep 17 00:00:00 2001 From: rriggs Date: Thu, 5 Dec 2013 15:49:53 -0500 Subject: [PATCH 03/37] 8029629: java/lang/ProcessBuilder/Basic.java fails intermittently Summary: Improved test for Thread.interrupt Reviewed-by: martin, rriggs Contributed-by: martinrb@google.com --- jdk/test/java/lang/ProcessBuilder/Basic.java | 69 +++++++++++++++----- 1 file changed, 52 insertions(+), 17 deletions(-) diff --git a/jdk/test/java/lang/ProcessBuilder/Basic.java b/jdk/test/java/lang/ProcessBuilder/Basic.java index 1db1d31d8c4..7ea8a52b873 100644 --- a/jdk/test/java/lang/ProcessBuilder/Basic.java +++ b/jdk/test/java/lang/ProcessBuilder/Basic.java @@ -61,6 +61,15 @@ public class Basic { /* used for AIX only */ static final String libpath = System.getenv("LIBPATH"); + /** + * Returns the number of milliseconds since time given by + * startNanoTime, which must have been previously returned from a + * call to {@link System.nanoTime()}. + */ + private static long millisElapsedSince(long startNanoTime) { + return TimeUnit.NANOSECONDS.toMillis(System.nanoTime() - startNanoTime); + } + private static String commandOutput(Reader r) throws Throwable { StringBuilder sb = new StringBuilder(); int c; @@ -2294,40 +2303,66 @@ public void run() { //---------------------------------------------------------------- // Check that Process.waitFor(timeout, TimeUnit.MILLISECONDS) - // interrupt works as expected. + // interrupt works as expected, if interrupted while waiting. //---------------------------------------------------------------- try { List childArgs = new ArrayList(javaChildArgs); childArgs.add("sleep"); final Process p = new ProcessBuilder(childArgs).start(); final long start = System.nanoTime(); - final CountDownLatch ready = new CountDownLatch(1); - final CountDownLatch done = new CountDownLatch(1); + final CountDownLatch aboutToWaitFor = new CountDownLatch(1); final Thread thread = new Thread() { public void run() { try { - final boolean result; - try { - ready.countDown(); - result = p.waitFor(30000, TimeUnit.MILLISECONDS); - } catch (InterruptedException e) { - return; - } + aboutToWaitFor.countDown(); + boolean result = p.waitFor(30L * 1000L, TimeUnit.MILLISECONDS); fail("waitFor() wasn't interrupted, its return value was: " + result); - } catch (Throwable t) { - unexpected(t); - } finally { - done.countDown(); - } + } catch (InterruptedException success) { + } catch (Throwable t) { unexpected(t); } } }; thread.start(); - ready.await(); + aboutToWaitFor.await(); Thread.sleep(1000); thread.interrupt(); - done.await(); + thread.join(10L * 1000L); + check(millisElapsedSince(start) < 10L * 1000L); + check(!thread.isAlive()); + p.destroy(); + } catch (Throwable t) { unexpected(t); } + + //---------------------------------------------------------------- + // Check that Process.waitFor(timeout, TimeUnit.MILLISECONDS) + // interrupt works as expected, if interrupted before waiting. + //---------------------------------------------------------------- + try { + List childArgs = new ArrayList(javaChildArgs); + childArgs.add("sleep"); + final Process p = new ProcessBuilder(childArgs).start(); + final long start = System.nanoTime(); + final CountDownLatch threadStarted = new CountDownLatch(1); + + final Thread thread = new Thread() { + public void run() { + try { + threadStarted.countDown(); + do { Thread.yield(); } + while (!Thread.currentThread().isInterrupted()); + boolean result = p.waitFor(30L * 1000L, TimeUnit.MILLISECONDS); + fail("waitFor() wasn't interrupted, its return value was: " + result); + } catch (InterruptedException success) { + } catch (Throwable t) { unexpected(t); } + } + }; + + thread.start(); + threadStarted.await(); + thread.interrupt(); + thread.join(10L * 1000L); + check(millisElapsedSince(start) < 10L * 1000L); + check(!thread.isAlive()); p.destroy(); } catch (Throwable t) { unexpected(t); } From db86834705f56044b67a80936f8f35bed0c13956 Mon Sep 17 00:00:00 2001 From: andrew Date: Fri, 13 Dec 2019 08:02:48 +0000 Subject: [PATCH 04/37] 8208715: Conversion of milliseconds to nanoseconds in UNIXProcess contains bug Reviewed-by: martin, andrew --- .../classes/java/lang/UNIXProcess.java | 3 +- .../classes/java/lang/ProcessImpl.java | 8 +++-- .../windows/native/java/lang/ProcessImpl_md.c | 4 +-- jdk/test/java/lang/ProcessBuilder/Basic.java | 34 ++++++++++++++++++- 4 files changed, 42 insertions(+), 7 deletions(-) diff --git a/jdk/src/solaris/classes/java/lang/UNIXProcess.java b/jdk/src/solaris/classes/java/lang/UNIXProcess.java index 1793a8f35c4..fe26fd89301 100644 --- a/jdk/src/solaris/classes/java/lang/UNIXProcess.java +++ b/jdk/src/solaris/classes/java/lang/UNIXProcess.java @@ -408,8 +408,7 @@ public synchronized boolean waitFor(long timeout, TimeUnit unit) long deadline = System.nanoTime() + remainingNanos; do { - // Round up to next millisecond - wait(TimeUnit.NANOSECONDS.toMillis(remainingNanos + 999_999L)); + TimeUnit.NANOSECONDS.timedWait(this, remainingNanos); if (hasExited) { return true; } diff --git a/jdk/src/windows/classes/java/lang/ProcessImpl.java b/jdk/src/windows/classes/java/lang/ProcessImpl.java index 37c32375475..1970260e57e 100644 --- a/jdk/src/windows/classes/java/lang/ProcessImpl.java +++ b/jdk/src/windows/classes/java/lang/ProcessImpl.java @@ -520,11 +520,15 @@ public boolean waitFor(long timeout, TimeUnit unit) if (timeout <= 0) return false; long remainingNanos = unit.toNanos(timeout); - long deadline = System.nanoTime() + remainingNanos ; + long deadline = System.nanoTime() + remainingNanos; do { // Round up to next millisecond long msTimeout = TimeUnit.NANOSECONDS.toMillis(remainingNanos + 999_999L); + if (msTimeout < 0) { + // if wraps around then wait a long while + msTimeout = Integer.MAX_VALUE; + } waitForTimeoutInterruptibly(handle, msTimeout); if (Thread.interrupted()) throw new InterruptedException(); @@ -538,7 +542,7 @@ public boolean waitFor(long timeout, TimeUnit unit) } private static native void waitForTimeoutInterruptibly( - long handle, long timeout); + long handle, long timeoutMillis); public void destroy() { terminateProcess(handle); } diff --git a/jdk/src/windows/native/java/lang/ProcessImpl_md.c b/jdk/src/windows/native/java/lang/ProcessImpl_md.c index 3a013c1591c..8dcf8972e1e 100644 --- a/jdk/src/windows/native/java/lang/ProcessImpl_md.c +++ b/jdk/src/windows/native/java/lang/ProcessImpl_md.c @@ -421,10 +421,10 @@ JNIEXPORT void JNICALL Java_java_lang_ProcessImpl_waitForTimeoutInterruptibly(JNIEnv *env, jclass ignored, jlong handle, - jlong timeout) + jlong timeoutMillis) { HANDLE events[2]; - DWORD dwTimeout = (DWORD)timeout; + DWORD dwTimeout = (DWORD)timeoutMillis; DWORD result; events[0] = (HANDLE) handle; events[1] = JVM_GetThreadInterruptEvent(); diff --git a/jdk/test/java/lang/ProcessBuilder/Basic.java b/jdk/test/java/lang/ProcessBuilder/Basic.java index 7ea8a52b873..7a9260acbf2 100644 --- a/jdk/test/java/lang/ProcessBuilder/Basic.java +++ b/jdk/test/java/lang/ProcessBuilder/Basic.java @@ -2316,6 +2316,7 @@ public void run() { public void run() { try { aboutToWaitFor.countDown(); + Thread.currentThread().interrupt(); boolean result = p.waitFor(30L * 1000L, TimeUnit.MILLISECONDS); fail("waitFor() wasn't interrupted, its return value was: " + result); } catch (InterruptedException success) { @@ -2325,7 +2326,38 @@ public void run() { thread.start(); aboutToWaitFor.await(); - Thread.sleep(1000); + thread.interrupt(); + thread.join(10L * 1000L); + check(millisElapsedSince(start) < 10L * 1000L); + check(!thread.isAlive()); + p.destroy(); + } catch (Throwable t) { unexpected(t); } + + //---------------------------------------------------------------- + // Check that Process.waitFor(Long.MAX_VALUE, TimeUnit.MILLISECONDS) + // interrupt works as expected, if interrupted while waiting. + //---------------------------------------------------------------- + try { + List childArgs = new ArrayList(javaChildArgs); + childArgs.add("sleep"); + final Process p = new ProcessBuilder(childArgs).start(); + final long start = System.nanoTime(); + final CountDownLatch aboutToWaitFor = new CountDownLatch(1); + + final Thread thread = new Thread() { + public void run() { + try { + aboutToWaitFor.countDown(); + Thread.currentThread().interrupt(); + boolean result = p.waitFor(Long.MAX_VALUE, TimeUnit.MILLISECONDS); + fail("waitFor() wasn't interrupted, its return value was: " + result); + } catch (InterruptedException success) { + } catch (Throwable t) { unexpected(t); } + } + }; + + thread.start(); + aboutToWaitFor.await(); thread.interrupt(); thread.join(10L * 1000L); check(millisElapsedSince(start) < 10L * 1000L); From d89b3c4a5cd8021970231a6aa44c00d1dd291b8d Mon Sep 17 00:00:00 2001 From: andrew Date: Fri, 13 Dec 2019 08:08:02 +0000 Subject: [PATCH 05/37] 8195667: ProblemList PKCS11 tests Secmod/AddTrustedCert.java and tls/TestKeyMaterial.java due to JDK-8180837 Summary: Puts sun/security/pkcs11/Secmod/AddTrustedCert.java and sun/security/pkcs11/tls/TestKeyMaterial.java into ProblemList Reviewed-by: weijun, coffeys --- jdk/test/ProblemList.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/jdk/test/ProblemList.txt b/jdk/test/ProblemList.txt index b94b2926ef1..c86b5ec52ff 100644 --- a/jdk/test/ProblemList.txt +++ b/jdk/test/ProblemList.txt @@ -270,6 +270,9 @@ sun/rmi/transport/tcp/DisableRMIOverHttp/DisableRMIOverHTTPTest.java windows- # 8026976 sun/security/pkcs11/ec/TestKeyFactory.java generic-all +# 8180837 +sun/security/pkcs11/Secmod/AddTrustedCert.java generic-all +sun/security/pkcs11/tls/TestKeyMaterial.java generic-all # 7164518 sun/security/krb5/auto/Unreachable.java macosx-all From 73fa3f0daf8bdc9e5406152def1118d8a807bebc Mon Sep 17 00:00:00 2001 From: sgehwolf Date: Fri, 13 Dec 2019 08:11:30 +0000 Subject: [PATCH 06/37] 8195088: [TEST_BUG] StartManagementAgent got unexpected exception Reviewed-by: sspitsyn, andrew --- jdk/test/com/sun/tools/attach/StartManagementAgent.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jdk/test/com/sun/tools/attach/StartManagementAgent.java b/jdk/test/com/sun/tools/attach/StartManagementAgent.java index da8289558ae..cc3969084eb 100644 --- a/jdk/test/com/sun/tools/attach/StartManagementAgent.java +++ b/jdk/test/com/sun/tools/attach/StartManagementAgent.java @@ -93,7 +93,7 @@ private static void basicTests(VirtualMachine vm) throws Exception { } catch(AttachOperationFailedException ex) { // We expect parsing of "apa" above to fail, but if the file path // can't be read we get a different exception message - if (!ex.getMessage().contains("Invalid com.sun.management.jmxremote.port number")) { + if (!ex.getMessage().contains("NumberFormatException: For input string: \"apa\"")) { throw ex; } } From 467baa870c235b15a8e8fac922fafdca41da851f Mon Sep 17 00:00:00 2001 From: mbalao Date: Mon, 6 Feb 2017 17:28:33 +0000 Subject: [PATCH 07/37] 8173956: KeyStore regression due to default keystore being changed to PKCS12 Reviewed-by: xuelei, andrew --- .../sun/security/pkcs12/PKCS12KeyStore.java | 2 +- .../sun/security/pkcs12/MixedcaseAlias.java | 68 +++++++++++++++++++ 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 jdk/test/sun/security/pkcs12/MixedcaseAlias.java diff --git a/jdk/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java b/jdk/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java index 30c94891892..07d8e98a045 100644 --- a/jdk/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java +++ b/jdk/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java @@ -982,7 +982,7 @@ private void setCertEntry(String alias, Certificate cert, new CertEntry((X509Certificate) cert, null, alias, AnyUsage, attributes); certificateCount++; - entries.put(alias, certEntry); + entries.put(alias.toLowerCase(Locale.ENGLISH), certEntry); if (debug != null) { debug.println("Setting a trusted certificate at alias '" + alias + diff --git a/jdk/test/sun/security/pkcs12/MixedcaseAlias.java b/jdk/test/sun/security/pkcs12/MixedcaseAlias.java new file mode 100644 index 00000000000..520da009b75 --- /dev/null +++ b/jdk/test/sun/security/pkcs12/MixedcaseAlias.java @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8173956 + * @summary KeyStore regression due to default keystore being changed to PKCS12 + */ + +import java.io.*; +import java.security.KeyStore; +import java.security.cert.Certificate; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; + +/** + * Test that a PKCS12 keystore entry with mixed-case alias can be retrieved. + */ +public class MixedcaseAlias { + private static final String DIR = System.getProperty("test.src", "."); + private static final String CERT = DIR + "/trusted.pem"; + private static final String ALIAS = "Mixed-case Alias"; + + public static void main(String[] ignored) throws Exception { + KeyStore keystore = KeyStore.getInstance("PKCS12"); + keystore.load(null, null); + + keystore.setCertificateEntry(ALIAS, loadCertificate(CERT)); + KeyStore.Entry entry = keystore.getEntry(ALIAS, null); + + if (entry == null) { + throw new Exception( + "Error retrieving keystore entry using a mixed-case alias"); + } + + System.out.println("OK"); + } + + private static Certificate loadCertificate(String certFile) + throws Exception { + X509Certificate cert = null; + try (FileInputStream certStream = new FileInputStream(certFile)) { + CertificateFactory factory = + CertificateFactory.getInstance("X.509"); + return factory.generateCertificate(certStream); + } + } +} From 3dcdd85d1f7fe0d946bb84908dd2cc403091e4e5 Mon Sep 17 00:00:00 2001 From: mbalao Date: Tue, 3 Jan 2017 21:05:46 -0800 Subject: [PATCH 08/37] 8170641: sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.sh fails with timeout Summary: The fix sets timeout for the server and the client, and ignore SocketTimeoutException. Reviewed-by: chegar, phh, andrew Contributed-by: John Jiang --- .../HttpsURLConnection/PostThruProxy.java | 83 ++++++++++--------- .../https/HttpsURLConnection/PostThruProxy.sh | 58 ------------- .../PostThruProxyWithAuth.java | 80 +++++++++--------- .../PostThruProxyWithAuth.sh | 59 ------------- .../HttpsURLConnection/ProxyTunnelServer.java | 23 ++--- 5 files changed, 101 insertions(+), 202 deletions(-) delete mode 100644 jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.sh delete mode 100644 jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxyWithAuth.sh diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.java index 9fb21a2348d..389029c1492 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,27 +21,31 @@ * questions. */ -/* - * This test is run using PostThruProxy.sh - */ - import java.io.*; import java.net.*; import java.security.KeyStore; import javax.net.*; import javax.net.ssl.*; -import java.security.cert.*; + +import jdk.testlibrary.OutputAnalyzer; +import jdk.testlibrary.ProcessTools; /* - * This test case is written to test the https POST through a proxy. - * There is no proxy authentication done. - * - * PostThruProxy.java -- includes a simple server that serves - * http POST method requests in secure channel, and a client - * that makes https POST request through a proxy. + * @test + * @bug 4423074 + * @summary This test case is written to test the https POST through a proxy. + * There is no proxy authentication done. It includes a simple server + * that serves http POST method requests in secure channel, and a client + * that makes https POST request through a proxy. + * @library /lib/testlibrary + * @compile OriginServer.java ProxyTunnelServer.java + * @run main/othervm PostThruProxy */ - public class PostThruProxy { + + private static final String TEST_SRC = System.getProperty("test.src", "."); + private static final int TIMEOUT = 30000; + /* * Where do we find the keystores? */ @@ -76,14 +80,10 @@ public byte[] getBytes() { /* * Main method to create the server and client */ - public static void main(String args[]) throws Exception - { - String keyFilename = - args[1] + "/" + pathToStores + - "/" + keyStoreFile; - String trustFilename = - args[1] + "/" + pathToStores + - "/" + trustStoreFile; + public static void main(String args[]) throws Exception { + String keyFilename = TEST_SRC + "/" + pathToStores + "/" + keyStoreFile; + String trustFilename = TEST_SRC + "/" + pathToStores + "/" + + trustStoreFile; System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); @@ -95,10 +95,9 @@ public static void main(String args[]) throws Exception * setup the server */ try { - ServerSocketFactory ssf = - PostThruProxy.getServerSocketFactory(useSSL); + ServerSocketFactory ssf = getServerSocketFactory(useSSL); ServerSocket ss = ssf.createServerSocket(serverPort); - ss.setSoTimeout(30000); // 30 seconds + ss.setSoTimeout(TIMEOUT); // 30 seconds serverPort = ss.getLocalPort(); new TestServer(ss); } catch (Exception e) { @@ -108,35 +107,29 @@ public static void main(String args[]) throws Exception } // trigger the client try { - doClientSide(args[0]); + doClientSide(); } catch (Exception e) { System.out.println("Client side failed: " + e.getMessage()); throw e; - } + } } private static ServerSocketFactory getServerSocketFactory (boolean useSSL) throws Exception { if (useSSL) { - SSLServerSocketFactory ssf = null; // set up key manager to do server authentication - SSLContext ctx; - KeyManagerFactory kmf; - KeyStore ks; + SSLContext ctx = SSLContext.getInstance("TLS"); + KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); + KeyStore ks = KeyStore.getInstance("JKS"); char[] passphrase = passwd.toCharArray(); - ctx = SSLContext.getInstance("TLS"); - kmf = KeyManagerFactory.getInstance("SunX509"); - ks = KeyStore.getInstance("JKS"); - ks.load(new FileInputStream(System.getProperty( "javax.net.ssl.keyStore")), passphrase); kmf.init(ks, passphrase); ctx.init(kmf.getKeyManagers(), null, null); - ssf = ctx.getServerSocketFactory(); - return ssf; + return ctx.getServerSocketFactory(); } else { return ServerSocketFactory.getDefault(); } @@ -147,7 +140,7 @@ public static void main(String args[]) throws Exception */ static String postMsg = "Testing HTTP post on a https server"; - static void doClientSide(String hostname) throws Exception { + static void doClientSide() throws Exception { HostnameVerifier reservedHV = HttpsURLConnection.getDefaultHostnameVerifier(); try { @@ -162,10 +155,12 @@ static void doClientSide(String hostname) throws Exception { */ HttpsURLConnection.setDefaultHostnameVerifier( new NameVerifier()); - URL url = new URL("https://" + hostname+ ":" + serverPort); + URL url = new URL("https://" + getHostname() +":" + serverPort); Proxy p = new Proxy(Proxy.Type.HTTP, pAddr); HttpsURLConnection https = (HttpsURLConnection)url.openConnection(p); + https.setConnectTimeout(TIMEOUT); + https.setReadTimeout(TIMEOUT); https.setDoOutput(true); https.setRequestMethod("POST"); PrintStream ps = null; @@ -190,6 +185,9 @@ static void doClientSide(String hostname) throws Exception { if (ps != null) ps.close(); throw e; + } catch (SocketTimeoutException e) { + System.out.println("Client can not get response in time: " + + e.getMessage()); } } finally { HttpsURLConnection.setDefaultHostnameVerifier(reservedHV); @@ -210,4 +208,13 @@ static SocketAddress setupProxy() throws IOException { pserver.start(); return new InetSocketAddress("localhost", pserver.getPort()); } + + private static String getHostname() { + try { + OutputAnalyzer oa = ProcessTools.executeCommand("hostname"); + return oa.getOutput().trim(); + } catch (Throwable e) { + throw new RuntimeException("Get hostname failed.", e); + } + } } diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.sh b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.sh deleted file mode 100644 index 1b7cf984e8b..00000000000 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/sh - -# -# Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - - -# -# @test -# @bug 4423074 -# @summary Need to rebase all the duplicated classes from Merlin - -HOSTNAME=`uname -n` -OS=`uname -s` -case "$OS" in - SunOS | Linux | Darwin | AIX ) - PS=":" - FS="/" - ;; - CYGWIN* ) - PS=";" - FS="/" - ;; - Windows* ) - PS=";" - FS="\\" - ;; - * ) - echo "Unrecognized system!" - exit 1; - ;; -esac - -${COMPILEJAVA}${FS}bin${FS}javac ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} -d . \ - ${TESTSRC}${FS}OriginServer.java \ - ${TESTSRC}${FS}ProxyTunnelServer.java \ - ${TESTSRC}${FS}PostThruProxy.java -${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} PostThruProxy ${HOSTNAME} ${TESTSRC} -exit diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxyWithAuth.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxyWithAuth.java index ccd8360ea9e..15f89768d84 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxyWithAuth.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxyWithAuth.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,28 +21,31 @@ * questions. */ -/* - * This test is run through PostThruProxyWithAuth.sh - */ - import java.io.*; import java.net.*; import java.security.KeyStore; import javax.net.*; import javax.net.ssl.*; -import java.security.cert.*; + +import jdk.testlibrary.OutputAnalyzer; +import jdk.testlibrary.ProcessTools; /* - * This test case is written to test the https POST through a proxy - * with proxy authentication. - * - * PostThruProxyWithAuth.java -- includes a simple server that serves - * http POST method requests in secure channel, and a client - * that makes https POST request through a proxy. + * @test + * @bug 4423074 + * @summary This test case is written to test the https POST through a proxy + * with proxy authentication. It includes a simple server that serves + * http POST method requests in secure channel, and a client that + * makes https POST request through a proxy. + * @library /lib/testlibrary + * @compile OriginServer.java ProxyTunnelServer.java + * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes= PostThruProxyWithAuth */ - public class PostThruProxyWithAuth { + private static final String TEST_SRC = System.getProperty("test.src", "."); + private static final int TIMEOUT = 30000; + /* * Where do we find the keystores? */ @@ -78,14 +81,10 @@ public byte[] getBytes() { /* * Main method to create the server and client */ - public static void main(String args[]) throws Exception - { - String keyFilename = - args[1] + "/" + pathToStores + - "/" + keyStoreFile; - String trustFilename = - args[1] + "/" + pathToStores + - "/" + trustStoreFile; + public static void main(String args[]) throws Exception { + String keyFilename = TEST_SRC + "/" + pathToStores + "/" + keyStoreFile; + String trustFilename = TEST_SRC + "/" + pathToStores + "/" + + trustStoreFile; System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); @@ -97,10 +96,9 @@ public static void main(String args[]) throws Exception * setup the server */ try { - ServerSocketFactory ssf = - PostThruProxyWithAuth.getServerSocketFactory(useSSL); + ServerSocketFactory ssf = getServerSocketFactory(useSSL); ServerSocket ss = ssf.createServerSocket(serverPort); - ss.setSoTimeout(30000); // 30 seconds + ss.setSoTimeout(TIMEOUT); // 30 seconds serverPort = ss.getLocalPort(); new TestServer(ss); } catch (Exception e) { @@ -110,7 +108,7 @@ public static void main(String args[]) throws Exception } // trigger the client try { - doClientSide(args[0]); + doClientSide(); } catch (Exception e) { System.out.println("Client side failed: " + e.getMessage()); @@ -121,24 +119,18 @@ public static void main(String args[]) throws Exception private static ServerSocketFactory getServerSocketFactory (boolean useSSL) throws Exception { if (useSSL) { - SSLServerSocketFactory ssf = null; // set up key manager to do server authentication - SSLContext ctx; - KeyManagerFactory kmf; - KeyStore ks; + SSLContext ctx = SSLContext.getInstance("TLS"); + KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); + KeyStore ks = KeyStore.getInstance("JKS"); char[] passphrase = passwd.toCharArray(); - ctx = SSLContext.getInstance("TLS"); - kmf = KeyManagerFactory.getInstance("SunX509"); - ks = KeyStore.getInstance("JKS"); - ks.load(new FileInputStream(System.getProperty( "javax.net.ssl.keyStore")), passphrase); kmf.init(ks, passphrase); ctx.init(kmf.getKeyManagers(), null, null); - ssf = ctx.getServerSocketFactory(); - return ssf; + return ctx.getServerSocketFactory(); } else { return ServerSocketFactory.getDefault(); } @@ -149,7 +141,7 @@ public static void main(String args[]) throws Exception */ static String postMsg = "Testing HTTP post on a https server"; - static void doClientSide(String hostname) throws Exception { + static void doClientSide() throws Exception { /* * setup up a proxy */ @@ -161,10 +153,12 @@ static void doClientSide(String hostname) throws Exception { */ HttpsURLConnection.setDefaultHostnameVerifier( new NameVerifier()); - URL url = new URL("https://" + hostname + ":" + serverPort); + URL url = new URL("https://" + getHostname() + ":" + serverPort); Proxy p = new Proxy(Proxy.Type.HTTP, pAddr); HttpsURLConnection https = (HttpsURLConnection)url.openConnection(p); + https.setConnectTimeout(TIMEOUT); + https.setReadTimeout(TIMEOUT); https.setDoOutput(true); https.setRequestMethod("POST"); PrintStream ps = null; @@ -188,6 +182,9 @@ static void doClientSide(String hostname) throws Exception { if (ps != null) ps.close(); throw e; + } catch (SocketTimeoutException e) { + System.out.println("Client can not get response in time: " + + e.getMessage()); } } @@ -221,4 +218,13 @@ public PasswordAuthentication getPasswordAuthentication() { "test123".toCharArray()); } } + + private static String getHostname() { + try { + OutputAnalyzer oa = ProcessTools.executeCommand("hostname"); + return oa.getOutput().trim(); + } catch (Throwable e) { + throw new RuntimeException("Get hostname failed.", e); + } + } } diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxyWithAuth.sh b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxyWithAuth.sh deleted file mode 100644 index a89827c9db8..00000000000 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxyWithAuth.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - -# -# Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - - -# -# @test -# @bug 4423074 -# @summary Need to rebase all the duplicated classes from Merlin - -HOSTNAME=`uname -n` -OS=`uname -s` -case "$OS" in - SunOS | Linux | Darwin | AIX ) - PS=":" - FS="/" - ;; - CYGWIN* ) - PS=";" - FS="/" - ;; - Windows* ) - PS=";" - FS="\\" - ;; - * ) - echo "Unrecognized system!" - exit 1; - ;; -esac - -${COMPILEJAVA}${FS}bin${FS}javac ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} -d . ${TESTSRC}${FS}OriginServer.java \ - ${TESTSRC}${FS}ProxyTunnelServer.java \ - ${TESTSRC}${FS}PostThruProxyWithAuth.java -${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} \ - -Djdk.http.auth.tunneling.disabledSchemes= \ - PostThruProxyWithAuth ${HOSTNAME} ${TESTSRC} -exit diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/ProxyTunnelServer.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/ProxyTunnelServer.java index f4987685faa..02a7af75317 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/ProxyTunnelServer.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/ProxyTunnelServer.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,13 +32,14 @@ import java.io.*; import java.net.*; -import javax.net.ssl.*; import javax.net.ServerSocketFactory; import sun.net.www.*; import java.util.Base64; public class ProxyTunnelServer extends Thread { + private static final int TIMEOUT = 30000; + private static ServerSocket ss = null; /* * holds the registered user's username and password @@ -64,8 +65,9 @@ public class ProxyTunnelServer extends Thread { public ProxyTunnelServer() throws IOException { if (ss == null) { - ss = (ServerSocket) ServerSocketFactory.getDefault(). - createServerSocket(0); + ss = (ServerSocket) ServerSocketFactory.getDefault() + .createServerSocket(0); + ss.setSoTimeout(TIMEOUT); } } @@ -86,6 +88,9 @@ public void run() { try { clientSocket = ss.accept(); processRequests(); + } catch (SocketTimeoutException e) { + System.out.println( + "Proxy can not get response in time: " + e.getMessage()); } catch (Exception e) { System.out.println("Proxy Failed: " + e); e.printStackTrace(); @@ -188,8 +193,8 @@ private void doTunnel() throws Exception { serverToClient.start(); System.out.println("Proxy: Started tunneling......."); - clientToServer.join(); - serverToClient.join(); + clientToServer.join(TIMEOUT); + serverToClient.join(TIMEOUT); System.out.println("Proxy: Finished tunneling........"); clientToServer.close(); @@ -219,13 +224,11 @@ public void run() { int BUFFER_SIZE = 400; byte[] buf = new byte[BUFFER_SIZE]; int bytesRead = 0; - int count = 0; // keep track of the amount of data transfer try { while ((bytesRead = input.read(buf)) >= 0) { output.write(buf, 0, bytesRead); output.flush(); - count += bytesRead; } } catch (IOException e) { /* @@ -236,7 +239,7 @@ public void run() { } } - public void close() { + private void close() { try { if (!sockIn.isClosed()) sockIn.close(); @@ -275,7 +278,7 @@ private void retrieveConnectInfo(String connectStr) throws Exception { serverPort = Integer.parseInt(connectInfo.substring(endi+1)); } catch (Exception e) { throw new IOException("Proxy recieved a request: " - + connectStr); + + connectStr, e); } serverInetAddr = InetAddress.getByName(serverName); } From e7fa8580a0a011e3adebf7fd2c2cc28d46c7f6e6 Mon Sep 17 00:00:00 2001 From: chegar Date: Mon, 15 Feb 2016 14:25:21 +0000 Subject: [PATCH 09/37] 8134424: BlockDataInputStream.readUTFBody: size local StringBuffer with the given length Reviewed-by: rriggs, shade --- jdk/src/share/classes/java/io/ObjectInputStream.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/jdk/src/share/classes/java/io/ObjectInputStream.java b/jdk/src/share/classes/java/io/ObjectInputStream.java index 9d293c707c1..cb84d0137dd 100644 --- a/jdk/src/share/classes/java/io/ObjectInputStream.java +++ b/jdk/src/share/classes/java/io/ObjectInputStream.java @@ -3403,7 +3403,15 @@ String readLongUTF() throws IOException { * utflen bytes. */ private String readUTFBody(long utflen) throws IOException { - StringBuilder sbuf = new StringBuilder(); + StringBuilder sbuf; + if (utflen > 0 && utflen < Integer.MAX_VALUE) { + // a reasonable initial capacity based on the UTF length + int initialCapacity = Math.min((int)utflen, 0xFFFF); + sbuf = new StringBuilder(initialCapacity); + } else { + sbuf = new StringBuilder(); + } + if (!blkmode) { end = pos = 0; } From c3eca1646a2dc42aa6d84cc46cda7a0cc149ade9 Mon Sep 17 00:00:00 2001 From: mbalao Date: Fri, 21 Jun 2019 08:07:18 +0000 Subject: [PATCH 10/37] 8133489: Better messaging for PKIX path validation matching Reviewed-by: xuelei, phh, andrew --- .../classes/java/security/cert/X509CertSelector.java | 7 +++++-- .../cert/CertPathBuilder/selfIssued/KeyUsageMatters.java | 8 ++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/jdk/src/share/classes/java/security/cert/X509CertSelector.java b/jdk/src/share/classes/java/security/cert/X509CertSelector.java index 4a1ff7ef50d..0fe97a60204 100644 --- a/jdk/src/share/classes/java/security/cert/X509CertSelector.java +++ b/jdk/src/share/classes/java/security/cert/X509CertSelector.java @@ -2115,8 +2115,11 @@ private boolean matchSubjectKeyID(X509Certificate xcert) { if (certSubjectKeyID == null || !Arrays.equals(subjectKeyID, certSubjectKeyID)) { if (debug != null) { - debug.println("X509CertSelector.match: " - + "subject key IDs don't match"); + debug.println("X509CertSelector.match: subject key IDs " + + "don't match\nX509CertSelector.match: subjectKeyID: " + + Arrays.toString(subjectKeyID) + + "\nX509CertSelector.match: certSubjectKeyID: " + + Arrays.toString(certSubjectKeyID)); } return false; } diff --git a/jdk/test/java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java b/jdk/test/java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java index 75bf2ec5a02..79dce7e4434 100644 --- a/jdk/test/java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java +++ b/jdk/test/java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java @@ -29,12 +29,12 @@ /** * @test - * @bug 6852744 + * @bug 6852744 8133489 * @summary PIT b61: PKI test suite fails because self signed certificates * are being rejected - * @run main/othervm KeyUsageMatters subca - * @run main/othervm KeyUsageMatters subci - * @run main/othervm KeyUsageMatters alice + * @run main/othervm -Djava.security.debug=certpath KeyUsageMatters subca + * @run main/othervm -Djava.security.debug=certpath KeyUsageMatters subci + * @run main/othervm -Djava.security.debug=certpath KeyUsageMatters alice * @author Xuelei Fan */ From d3bb8ac5de9e3a6d709254b58f23b93c3457d403 Mon Sep 17 00:00:00 2001 From: mbalao Date: Wed, 13 Apr 2016 16:05:31 -0700 Subject: [PATCH 11/37] 8055351: sun/security/provider/DSA/TestAlgParameterGenerator.java failed with interrupted! (timed out?) Reviewed-by: valeriep, andrew, phh --- .../DSA/TestAlgParameterGenerator.java | 59 ++++++++++--------- 1 file changed, 30 insertions(+), 29 deletions(-) diff --git a/jdk/test/sun/security/provider/DSA/TestAlgParameterGenerator.java b/jdk/test/sun/security/provider/DSA/TestAlgParameterGenerator.java index 43ed0a9980b..385f1fb0f94 100644 --- a/jdk/test/sun/security/provider/DSA/TestAlgParameterGenerator.java +++ b/jdk/test/sun/security/provider/DSA/TestAlgParameterGenerator.java @@ -23,56 +23,59 @@ /* * @test - * @bug 7044060 8181048 + * @bug 7044060 8055351 8181048 * @summary verify that DSA parameter generation works - * @run main/othervm/timeout=300 TestAlgParameterGenerator + * @run main/timeout=600 TestAlgParameterGenerator */ -import java.security.*; -import java.security.spec.*; -import java.security.interfaces.*; + +import java.security.AlgorithmParameterGenerator; +import java.security.AlgorithmParameters; +import java.security.spec.DSAGenParameterSpec; +import java.security.spec.DSAParameterSpec; public class TestAlgParameterGenerator { private static void checkParamStrength(AlgorithmParameters param, - int strength) throws Exception { + int strength) throws Exception { String algo = param.getAlgorithm(); if (!algo.equalsIgnoreCase("DSA")) { - throw new Exception("Unexpected type of parameters: " + algo); + throw new RuntimeException("Unexpected type of parameters: " + algo); } DSAParameterSpec spec = param.getParameterSpec(DSAParameterSpec.class); int valueL = spec.getP().bitLength(); if (strength != valueL) { System.out.println("Expected " + strength + " but actual " + valueL); - throw new Exception("Wrong P strength"); + throw new RuntimeException("Wrong P strength"); } } + private static void checkParamStrength(AlgorithmParameters param, - DSAGenParameterSpec genParam) - throws Exception { + DSAGenParameterSpec genParam) + throws Exception { String algo = param.getAlgorithm(); if (!algo.equalsIgnoreCase("DSA")) { - throw new Exception("Unexpected type of parameters: " + algo); + throw new RuntimeException("Unexpected type of parameters: " + algo); } DSAParameterSpec spec = param.getParameterSpec(DSAParameterSpec.class); int valueL = spec.getP().bitLength(); int strength = genParam.getPrimePLength(); if (strength != valueL) { System.out.println("P: Expected " + strength + " but actual " + valueL); - throw new Exception("Wrong P strength"); + throw new RuntimeException("Wrong P strength"); } int valueN = spec.getQ().bitLength(); strength = genParam.getSubprimeQLength(); if (strength != valueN) { System.out.println("Q: Expected " + strength + " but actual " + valueN); - throw new Exception("Wrong Q strength"); + throw new RuntimeException("Wrong Q strength"); } } public static void main(String[] args) throws Exception { - AlgorithmParameterGenerator apg = - AlgorithmParameterGenerator.getInstance("DSA", "SUN"); - + AlgorithmParameterGenerator apg + = AlgorithmParameterGenerator.getInstance("DSA", "SUN"); long start, stop; + // make sure no-init still works start = System.currentTimeMillis(); AlgorithmParameters param = apg.generateParameters(); @@ -80,9 +83,8 @@ public static void main(String[] args) throws Exception { System.out.println("Time: " + (stop - start) + " ms."); // make sure the old model works - int[] strengths = { 512, 768, 1024 }; - for (int i = 0; i < strengths.length; i++) { - int sizeP = strengths[i]; + int[] strengths = {512, 768, 1024}; + for (int sizeP : strengths) { System.out.println("Generating " + sizeP + "-bit DSA Parameters"); start = System.currentTimeMillis(); apg.init(sizeP); @@ -93,18 +95,17 @@ public static void main(String[] args) throws Exception { } // now the newer model - DSAGenParameterSpec spec1 = new DSAGenParameterSpec(1024, 160); - DSAGenParameterSpec spec2 = new DSAGenParameterSpec(2048, 224); - DSAGenParameterSpec spec3 = new DSAGenParameterSpec(2048, 256); - //DSAGenParameterSpec spec4 = new DSAGenParameterSpec(3072, 256); DSAGenParameterSpec[] specSet = { - spec1, spec2, spec3//, spec4 + new DSAGenParameterSpec(1024, 160), + new DSAGenParameterSpec(2048, 224), + new DSAGenParameterSpec(2048, 256) + // no support for prime size 3072 + // ,new DSAGenParameterSpec(3072, 256) }; - for (int i = 0; i < specSet.length; i++) { - DSAGenParameterSpec genParam = specSet[i]; - System.out.println("Generating (" + genParam.getPrimePLength() + - ", " + genParam.getSubprimeQLength() + - ") DSA Parameters"); + + for (DSAGenParameterSpec genParam : specSet) { + System.out.println("Generating (" + genParam.getPrimePLength() + + ", " + genParam.getSubprimeQLength() + ") DSA Parameters"); start = System.currentTimeMillis(); apg.init(genParam, null); param = apg.generateParameters(); From c540b6cb6e57ba33bfe8cdea4e734fde28516f6d Mon Sep 17 00:00:00 2001 From: serb Date: Mon, 16 Dec 2019 18:58:19 +0000 Subject: [PATCH 12/37] 8213119: [macos] java/awt/GraphicsDevice/CheckDisplayModes.java fails Reviewed-by: prr, jdv --- .../macosx/native/sun/awt/CGraphicsDevice.m | 15 ++++--- .../awt/GraphicsDevice/CheckDisplayModes.java | 41 ++++++++++--------- 2 files changed, 30 insertions(+), 26 deletions(-) diff --git a/jdk/src/macosx/native/sun/awt/CGraphicsDevice.m b/jdk/src/macosx/native/sun/awt/CGraphicsDevice.m index c04a6a3807f..870162e9fdd 100644 --- a/jdk/src/macosx/native/sun/awt/CGraphicsDevice.m +++ b/jdk/src/macosx/native/sun/awt/CGraphicsDevice.m @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -94,16 +94,18 @@ static CFMutableArrayRef getAllValidDisplayModes(jint displayID){ static CGDisplayModeRef getBestModeForParameters(CFArrayRef allModes, int w, int h, int bpp, int refrate) { CGDisplayModeRef bestGuess = NULL; CFIndex numModes = CFArrayGetCount(allModes), n; - int thisBpp = 0; + for(n = 0; n < numModes; n++ ) { CGDisplayModeRef cRef = (CGDisplayModeRef) CFArrayGetValueAtIndex(allModes, n); if(cRef == NULL) { continue; } CFStringRef modeString = CGDisplayModeCopyPixelEncoding(cRef); - thisBpp = getBPPFromModeString(modeString); + int thisBpp = getBPPFromModeString(modeString); CFRelease(modeString); - if (thisBpp != bpp || (int)CGDisplayModeGetHeight(cRef) != h || (int)CGDisplayModeGetWidth(cRef) != w) { + int thisH = (int)CGDisplayModeGetHeight(cRef); + int thisW = (int)CGDisplayModeGetWidth(cRef); + if (thisBpp != bpp || thisH != h || thisW != w) { // One of the key parameters does not match continue; } @@ -114,11 +116,12 @@ static CGDisplayModeRef getBestModeForParameters(CFArrayRef allModes, int w, int // Refresh rate might be 0 in display mode and we ask for specific display rate // but if we do not find exact match then 0 refresh rate might be just Ok - if (CGDisplayModeGetRefreshRate(cRef) == refrate) { + int thisRefrate = (int)CGDisplayModeGetRefreshRate(cRef); + if (thisRefrate == refrate) { // Exact match return cRef; } - if (CGDisplayModeGetRefreshRate(cRef) == 0) { + if (thisRefrate == 0) { // Not exactly what was asked for, but may fit our needs if we don't find an exact match bestGuess = cRef; } diff --git a/jdk/test/java/awt/GraphicsDevice/CheckDisplayModes.java b/jdk/test/java/awt/GraphicsDevice/CheckDisplayModes.java index 719ee9b43a7..9fced188d63 100644 --- a/jdk/test/java/awt/GraphicsDevice/CheckDisplayModes.java +++ b/jdk/test/java/awt/GraphicsDevice/CheckDisplayModes.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /* * @test - * @bug 8007146 + * @bug 8007146 8213119 * @summary [macosx] Setting a display mode crashes JDK under VNC * @author Alexander Scherbatiy * @run main CheckDisplayModes @@ -36,27 +36,28 @@ public class CheckDisplayModes { public static void main(String[] args) { GraphicsEnvironment ge = GraphicsEnvironment.getLocalGraphicsEnvironment(); - GraphicsDevice graphicDevice = ge.getDefaultScreenDevice(); - if (!graphicDevice.isDisplayChangeSupported()) { - System.err.println("Display mode change is not supported on this host. Test is considered passed."); - return; - } - DisplayMode defaultDisplayMode = graphicDevice.getDisplayMode(); - checkDisplayMode(defaultDisplayMode); - graphicDevice.setDisplayMode(defaultDisplayMode); + for (GraphicsDevice graphicDevice : ge.getScreenDevices()) { + if (!graphicDevice.isDisplayChangeSupported()) { + System.err.println("Display mode change is not supported on this host. Test is considered passed."); + continue; + } + DisplayMode defaultDisplayMode = graphicDevice.getDisplayMode(); + checkDisplayMode(defaultDisplayMode); + graphicDevice.setDisplayMode(defaultDisplayMode); - DisplayMode[] displayModes = graphicDevice.getDisplayModes(); - boolean isDefaultDisplayModeIncluded = false; - for (DisplayMode displayMode : displayModes) { - checkDisplayMode(displayMode); - graphicDevice.setDisplayMode(displayMode); - if (defaultDisplayMode.equals(displayMode)) { - isDefaultDisplayModeIncluded = true; + DisplayMode[] displayModes = graphicDevice.getDisplayModes(); + boolean isDefaultDisplayModeIncluded = false; + for (DisplayMode displayMode : displayModes) { + checkDisplayMode(displayMode); + graphicDevice.setDisplayMode(displayMode); + if (defaultDisplayMode.equals(displayMode)) { + isDefaultDisplayModeIncluded = true; + } } - } - if (!isDefaultDisplayModeIncluded) { - throw new RuntimeException("Default display mode is not included"); + if (!isDefaultDisplayModeIncluded) { + throw new RuntimeException("Default display mode is not included"); + } } } From 991feab07c6012c04654e5ab4ccf22f8c363fc03 Mon Sep 17 00:00:00 2001 From: andrew Date: Thu, 26 Jul 2018 06:16:09 -0400 Subject: [PATCH 13/37] 8189762: [TESTBUG] Create tests for JDK-8146115 container awareness and resource configuration Summary: Sync ClassFileInstaller.java with the HotSpot version Reviewed-by: phh --- .../lib/testlibrary/ClassFileInstaller.java | 216 +++++++++++++++++- 1 file changed, 209 insertions(+), 7 deletions(-) diff --git a/jdk/test/lib/testlibrary/ClassFileInstaller.java b/jdk/test/lib/testlibrary/ClassFileInstaller.java index dd8777b1ff2..0f5b515a6c9 100644 --- a/jdk/test/lib/testlibrary/ClassFileInstaller.java +++ b/jdk/test/lib/testlibrary/ClassFileInstaller.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,28 +21,229 @@ * questions. */ +import java.io.ByteArrayInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.FileNotFoundException; import java.io.InputStream; +import java.io.ByteArrayInputStream; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; import java.nio.file.StandardCopyOption; +import java.util.zip.ZipEntry; +import java.util.zip.ZipOutputStream; /** - * Dump a class file for a class on the class path in the current directory + * Dump a class file for a class on the class path in the current directory, or + * in the specified JAR file. This class is usually used when you build a class + * from a test library, but want to use this class in a sub-process. + * + * For example, to build the following library class: + * test/lib/sun/hotspot/WhiteBox.java + * + * You would use the following tags: + * + * @library /test/lib + * @build sun.hotspot.WhiteBox + * + * JTREG would build the class file under + * ${JTWork}/classes/test/lib/sun/hotspot/WhiteBox.class + * + * With you run your main test class using "@run main MyMainClass", JTREG would setup the + * -classpath to include "${JTWork}/classes/test/lib/", so MyMainClass would be able to + * load the WhiteBox class. + * + * However, if you run a sub process, and do not wish to use the exact same -classpath, + * You can use ClassFileInstaller to ensure that WhiteBox is available in the current + * directory of your test: + * + * @run main ClassFileInstaller sun.hotspot.WhiteBox + * + * Or, you can use the -jar option to store the class in the specified JAR file. If a relative + * path name is given, the JAR file would be relative to the current directory of + * + * @run main ClassFileInstaller -jar myjar.jar sun.hotspot.WhiteBox */ public class ClassFileInstaller { + /** + * You can enable debug tracing of ClassFileInstaller by running JTREG with + * jtreg -DClassFileInstaller.debug=true ... + */ + public static boolean DEBUG = Boolean.getBoolean("ClassFileInstaller.debug"); + /** * @param args The names of the classes to dump * @throws Exception */ public static void main(String... args) throws Exception { - for (String arg : args) { - ClassLoader cl = ClassFileInstaller.class.getClassLoader(); + if (args.length > 1 && args[0].equals("-jar")) { + if (args.length < 2) { + throw new RuntimeException("Usage: ClassFileInstaller \n" + + "where possible options include:\n" + + " -jar Write to the JAR file "); + } + writeJar(args[1], null, args, 2, args.length); + } else { + if (DEBUG) { + System.out.println("ClassFileInstaller: Writing to " + System.getProperty("user.dir")); + } + for (String arg : args) { + writeClassToDisk(arg); + } + } + } + + public static class Manifest { + private InputStream in; + + private Manifest(InputStream in) { + this.in = in; + } + + static Manifest fromSourceFile(String fileName) throws Exception { + String pathName = System.getProperty("test.src") + File.separator + fileName; + return new Manifest(new FileInputStream(pathName)); + } + + // Example: + // String manifest = "Premain-Class: RedefineClassHelper\n" + + // "Can-Redefine-Classes: true\n"; + // ClassFileInstaller.writeJar("redefineagent.jar", + // ClassFileInstaller.Manifest.fromString(manifest), + // "RedefineClassHelper"); + static Manifest fromString(String manifest) throws Exception { + return new Manifest(new ByteArrayInputStream(manifest.getBytes())); + } + + public InputStream getInputStream() { + return in; + } + } + + private static void writeJar(String jarFile, Manifest manifest, String classes[], int from, int to) throws Exception { + if (DEBUG) { + System.out.println("ClassFileInstaller: Writing to " + getJarPath(jarFile)); + } + + (new File(jarFile)).delete(); + FileOutputStream fos = new FileOutputStream(jarFile); + ZipOutputStream zos = new ZipOutputStream(fos); + + // The manifest must be the first or second entry. See comments in JarInputStream + // constructor and JDK-5046178. + if (manifest != null) { + writeToDisk(zos, "META-INF/MANIFEST.MF", manifest.getInputStream()); + } + + for (int i=from; i 0) { + pathName = prependPath + "/" + pathName; + } + writeToDisk(zos, pathName, is); + } + + public static void writeClassToDisk(String className, byte[] bytecode) throws Exception { + writeClassToDisk(null, className, bytecode); + } + private static void writeClassToDisk(ZipOutputStream zos, String className, byte[] bytecode) throws Exception { + writeClassToDisk(zos, className, bytecode, ""); + } + + public static void writeClassToDisk(String className, byte[] bytecode, String prependPath) throws Exception { + writeClassToDisk(null, className, bytecode, prependPath); + } + private static void writeClassToDisk(ZipOutputStream zos, String className, byte[] bytecode, String prependPath) throws Exception { + // Convert dotted class name to a path to a class file + String pathName = className.replace('.', '/').concat(".class"); + if (prependPath.length() > 0) { + pathName = prependPath + "/" + pathName; + } + writeToDisk(zos, pathName, new ByteArrayInputStream(bytecode)); + } + + private static void writeToDisk(ZipOutputStream zos, String pathName, InputStream is) throws Exception { + if (DEBUG) { + System.out.println("ClassFileInstaller: Writing " + pathName); + } + if (zos != null) { + ZipEntry ze = new ZipEntry(pathName); + zos.putNextEntry(ze); + byte[] buf = new byte[1024]; + int len; + while ((len = is.read(buf))>0){ + zos.write(buf, 0, len); + } + } else { // Create the class file's package directory Path p = Paths.get(pathName); Path parent = p.getParent(); @@ -52,5 +253,6 @@ public static void main(String... args) throws Exception { // Create the class file Files.copy(is, p, StandardCopyOption.REPLACE_EXISTING); } + is.close(); } } From f6cfaade704e08102d6589e16cb6d5bef0ae8048 Mon Sep 17 00:00:00 2001 From: zgu Date: Tue, 17 Dec 2019 03:10:22 +0000 Subject: [PATCH 14/37] 8216401: Allow "file:" URLs in Class-Path of local JARs Reviewed-by: phh, andrew --- .../share/classes/sun/misc/URLClassPath.java | 97 ++++++++++++----- .../URLClassPath/JarClassPathFileEntry.java | 103 ++++++++++++++++++ 2 files changed, 173 insertions(+), 27 deletions(-) create mode 100644 jdk/test/sun/misc/URLClassPath/JarClassPathFileEntry.java diff --git a/jdk/src/share/classes/sun/misc/URLClassPath.java b/jdk/src/share/classes/sun/misc/URLClassPath.java index 6e035105dfc..8d7593f263a 100644 --- a/jdk/src/share/classes/sun/misc/URLClassPath.java +++ b/jdk/src/share/classes/sun/misc/URLClassPath.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1229,10 +1229,15 @@ private URL[] parseClassPath(URL base, String value) int i = 0; while (st.hasMoreTokens()) { String path = st.nextToken(); - URL url = DISABLE_CP_URL_CHECK ? new URL(base, path) : safeResolve(base, path); + URL url = DISABLE_CP_URL_CHECK ? new URL(base, path) : tryResolve(base, path); if (url != null) { urls[i] = url; i++; + } else { + if (DEBUG_CP_URL_CHECK) { + System.err.println("Class-Path entry: \"" + path + + "\" ignored in JAR file " + base); + } } } if (i == 0) { @@ -1244,36 +1249,74 @@ private URL[] parseClassPath(URL base, String value) return urls; } - /* - * Return a URL for the given path resolved against the base URL, or - * null if the resulting URL is invalid. + static URL tryResolve(URL base, String input) throws MalformedURLException { + if ("file".equalsIgnoreCase(base.getProtocol())) { + return tryResolveFile(base, input); + } else { + return tryResolveNonFile(base, input); + } + } + + /** + * Attempt to return a file URL by resolving input against a base file + * URL. The input is an absolute or relative file URL that encodes a + * file path. + * + * @apiNote Nonsensical input such as a Windows file path with a drive + * letter cannot be disambiguated from an absolute URL so will be rejected + * (by returning null) by this method. + * + * @return the resolved URL or null if the input is an absolute URL with + * a scheme other than file (ignoring case) + * @throws MalformedURLException */ - static URL safeResolve(URL base, String path) { - String child = path.replace(File.separatorChar, '/'); - try { - if (!URI.create(child).isAbsolute()) { - URL url = new URL(base, child); - if (base.getProtocol().equalsIgnoreCase("file")) { - return url; - } else { - String bp = base.getPath(); - String urlp = url.getPath(); - int pos = bp.lastIndexOf('/'); - if (pos == -1) { - pos = bp.length() - 1; - } - if (urlp.regionMatches(0, bp, 0, pos + 1) - && urlp.indexOf("..", pos) == -1) { - return url; - } - } + static URL tryResolveFile(URL base, String input) throws MalformedURLException { + int index = input.indexOf(':'); + boolean isFile; + if (index >= 0) { + String scheme = input.substring(0, index); + isFile = "file".equalsIgnoreCase(scheme); + } else { + isFile = true; + } + return (isFile) ? new URL(base, input) : null; + } + + /** + * Attempt to return a URL by resolving input against a base URL. Returns + * null if the resolved URL is not contained by the base URL. + * + * @return the resolved URL or null + * @throws MalformedURLException + */ + static URL tryResolveNonFile(URL base, String input) throws MalformedURLException { + String child = input.replace(File.separatorChar, '/'); + if (isRelative(child)) { + URL url = new URL(base, child); + String bp = base.getPath(); + String urlp = url.getPath(); + int pos = bp.lastIndexOf('/'); + if (pos == -1) { + pos = bp.length() - 1; + } + if (urlp.regionMatches(0, bp, 0, pos + 1) + && urlp.indexOf("..", pos) == -1) { + return url; } - } catch (MalformedURLException | IllegalArgumentException e) {} - if (DEBUG_CP_URL_CHECK) { - System.err.println("Class-Path entry: \"" + path + "\" ignored in JAR file " + base); } return null; } + + /** + * Returns true if the given input is a relative URI. + */ + static boolean isRelative(String child) { + try { + return !URI.create(child).isAbsolute(); + } catch (IllegalArgumentException e) { + return false; + } + } } /* diff --git a/jdk/test/sun/misc/URLClassPath/JarClassPathFileEntry.java b/jdk/test/sun/misc/URLClassPath/JarClassPathFileEntry.java new file mode 100644 index 00000000000..6f57ec514d6 --- /dev/null +++ b/jdk/test/sun/misc/URLClassPath/JarClassPathFileEntry.java @@ -0,0 +1,103 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.io.File; +import java.net.URL; +import java.net.URLClassLoader; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.jar.Attributes; +import java.util.jar.Manifest; +import jdk.testlibrary.InMemoryJavaCompiler; +import jdk.testlibrary.JarUtils; + +/* + * @test + * @bug 8216401 + * @summary Test loading of JAR Class-Path entry with file: scheme + * @library /lib/testlibrary + * + * @run main/othervm JarClassPathFileEntry + * @run main/othervm -Djdk.net.URLClassPath.disableClassPathURLCheck=true JarClassPathFileEntry + * @run main/othervm -Djdk.net.URLClassPath.disableClassPathURLCheck=false JarClassPathFileEntry + */ + +public class JarClassPathFileEntry { + private final static boolean IS_WINDOWS = System.getProperty("os.name").startsWith("Windows"); + + private final static String TEST_CLASSES = System.getProperty("test.classes"); + private final static String OTHER_DIR = TEST_CLASSES + "/OTHER/"; + + private final static Path OTHER_JAR_PATH = Paths.get(OTHER_DIR, "Other.jar"); + private final static Path CONTEXT_JAR_PATH = Paths.get(TEST_CLASSES, "Context.jar"); + + public static void main(String[] args) throws Throwable { + // Create Other.class in OTHER_DIR, off the default classpath + byte klassbuf[] = InMemoryJavaCompiler.compile("Other", + "public class Other {}"); + ClassFileInstaller.writeClassToDisk("Other", klassbuf, OTHER_DIR); + + // Create Other.jar in OTHER_DIR + JarUtils.createJarFile(OTHER_JAR_PATH, + Paths.get(OTHER_DIR), + Paths.get(OTHER_DIR, "Other.class")); + + // Create Context.class + klassbuf = InMemoryJavaCompiler.compile("Context", + "public class Context {}"); + ClassFileInstaller.writeClassToDisk("Context", klassbuf, TEST_CLASSES); + + // Create Context.jar w/ "file:" entry for Other.jar + Manifest mf = new Manifest(); + Attributes attrs = mf.getMainAttributes(); + attrs.put(Attributes.Name.MANIFEST_VERSION, "1.0"); + + String classPathEntry = "file:" + (IS_WINDOWS ? toUnixPath(OTHER_JAR_PATH.toString()) + : OTHER_JAR_PATH.toString()); + attrs.put(Attributes.Name.CLASS_PATH, classPathEntry); + + System.out.println("Creating Context.jar with Class-Path: " + classPathEntry); + JarUtils.createJarFile(CONTEXT_JAR_PATH, mf, + Paths.get(TEST_CLASSES), + Paths.get(TEST_CLASSES, "Context.class")); + + // Use URLClassLoader w/ Context.jar to load Other.class, which will + // load via the Class-Path entry + URL url = CONTEXT_JAR_PATH.toUri().toURL(); + URLClassLoader ucl = new URLClassLoader(new URL[]{ url }, + null); // don't delegate to App CL + Class otherClass = Class.forName("Other", true, ucl); // ClassNotFoundException -> fail + System.out.println("Loaded: " + otherClass); + } + + /* Convert a Windows path to a unix-style path, and remove any drive letter */ + private static String toUnixPath(String orig) { + String retVal = new File(orig).toURI().getPath(); + int colonAt = retVal.indexOf(':'); + + if (colonAt != -1 && colonAt < 3) { + retVal = retVal.substring(colonAt + 1); // Start after the drive letter + } + return retVal; + } +} From 49f39b455d76a36248b95c495879c24f2e185a76 Mon Sep 17 00:00:00 2001 From: apetcher Date: Thu, 21 Mar 2019 13:10:37 -0400 Subject: [PATCH 15/37] 8221172: SunEC specific test is not limited to SunEC Summary: Fixing a minor test bug in the SignatureDigestTruncate regression test Reviewed-by: mullan --- jdk/test/sun/security/ec/SignatureDigestTruncate.java | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/jdk/test/sun/security/ec/SignatureDigestTruncate.java b/jdk/test/sun/security/ec/SignatureDigestTruncate.java index a0ebbb2cf58..18208fc38f4 100644 --- a/jdk/test/sun/security/ec/SignatureDigestTruncate.java +++ b/jdk/test/sun/security/ec/SignatureDigestTruncate.java @@ -91,22 +91,25 @@ private static void runTest(String alg, String curveName, String privateKeyStr, String msgStr, String kStr, String sigStr) throws Exception { + System.out.println("Testing " + alg + " with " + curveName); + byte[] privateKey = Convert.hexStringToByteArray(privateKeyStr); byte[] msg = Convert.hexStringToByteArray(msgStr); byte[] k = Convert.hexStringToByteArray(kStr); byte[] expectedSig = Convert.hexStringToByteArray(sigStr); - AlgorithmParameters params = AlgorithmParameters.getInstance("EC"); + AlgorithmParameters params = + AlgorithmParameters.getInstance("EC", "SunEC"); params.init(new ECGenParameterSpec(curveName)); ECParameterSpec ecParams = params.getParameterSpec(ECParameterSpec.class); - KeyFactory kf = KeyFactory.getInstance("EC"); + KeyFactory kf = KeyFactory.getInstance("EC", "SunEC"); BigInteger s = new BigInteger(1, privateKey); ECPrivateKeySpec privKeySpec = new ECPrivateKeySpec(s, ecParams); PrivateKey privKey = kf.generatePrivate(privKeySpec); - Signature sig = Signature.getInstance(alg); + Signature sig = Signature.getInstance(alg, "SunEC"); sig.initSign(privKey, new FixedRandom(k)); sig.update(msg); byte[] computedSig = sig.sign(); From 5b8dc264ebc50ea27e264ef46a28389691d59466 Mon Sep 17 00:00:00 2001 From: andrew Date: Tue, 17 Dec 2019 03:53:16 +0000 Subject: [PATCH 16/37] 8221246: NullPointerException within Win32ShellFolder2 Reviewed-by: andrew Contributed-by: Alex Kashchenko --- .../awt/shell/Win32ShellFolderManager2.java | 100 ++++++++++++------ 1 file changed, 65 insertions(+), 35 deletions(-) diff --git a/jdk/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java b/jdk/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java index add8f731ee2..bc4039ad945 100644 --- a/jdk/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java +++ b/jdk/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,7 +25,8 @@ package sun.awt.shell; -import java.awt.*; +import java.awt.Image; +import java.awt.Toolkit; import java.awt.image.BufferedImage; import java.io.File; @@ -33,14 +34,29 @@ import java.io.IOException; import java.security.AccessController; import java.security.PrivilegedAction; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; import java.util.List; -import java.util.concurrent.*; +import java.util.concurrent.Callable; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.Future; +import java.util.concurrent.LinkedBlockingQueue; +import java.util.concurrent.RejectedExecutionException; +import java.util.concurrent.ThreadFactory; +import java.util.concurrent.ThreadPoolExecutor; +import java.util.concurrent.TimeUnit; import java.util.stream.Stream; -import static sun.awt.shell.Win32ShellFolder2.*; import sun.awt.OSInfo; import sun.misc.ThreadGroupUtils; +import sun.util.logging.PlatformLogger; + +import static sun.awt.shell.Win32ShellFolder2.DESKTOP; +import static sun.awt.shell.Win32ShellFolder2.DRIVES; +import static sun.awt.shell.Win32ShellFolder2.Invoker; +import static sun.awt.shell.Win32ShellFolder2.NETWORK; +import static sun.awt.shell.Win32ShellFolder2.PERSONAL; +import static sun.awt.shell.Win32ShellFolder2.RECENT; // NOTE: This class supersedes Win32ShellFolderManager, which was removed // from distribution after version 1.4.2. @@ -54,6 +70,9 @@ public class Win32ShellFolderManager2 extends ShellFolderManager { + private static final PlatformLogger + log = PlatformLogger.getLogger("sun.awt.shell.Win32ShellFolderManager2"); + static { // Load library here sun.awt.windows.WToolkit.loadLibraries(); @@ -137,12 +156,13 @@ static Win32ShellFolder2 getDesktop() { if (desktop == null) { try { desktop = new Win32ShellFolder2(DESKTOP); - } catch (SecurityException e) { - // Ignore error - } catch (IOException e) { - // Ignore error - } catch (InterruptedException e) { - // Ignore error + } catch (final SecurityException ignored) { + // Ignore, the message may have sensitive information, not + // accessible other ways + } catch (IOException | InterruptedException e) { + if (log.isLoggable(PlatformLogger.Level.WARNING)) { + log.warning("Cannot access 'Desktop'", e); + } } } return desktop; @@ -152,12 +172,13 @@ static Win32ShellFolder2 getDrives() { if (drives == null) { try { drives = new Win32ShellFolder2(DRIVES); - } catch (SecurityException e) { - // Ignore error - } catch (IOException e) { - // Ignore error - } catch (InterruptedException e) { - // Ignore error + } catch (final SecurityException ignored) { + // Ignore, the message may have sensitive information, not + // accessible other ways + } catch (IOException | InterruptedException e) { + if (log.isLoggable(PlatformLogger.Level.WARNING)) { + log.warning("Cannot access 'Drives'", e); + } } } return drives; @@ -170,12 +191,13 @@ static Win32ShellFolder2 getRecent() { if (path != null) { recent = createShellFolder(getDesktop(), new File(path)); } - } catch (SecurityException e) { - // Ignore error - } catch (InterruptedException e) { - // Ignore error - } catch (IOException e) { - // Ignore error + } catch (final SecurityException ignored) { + // Ignore, the message may have sensitive information, not + // accessible other ways + } catch (InterruptedException | IOException e) { + if (log.isLoggable(PlatformLogger.Level.WARNING)) { + log.warning("Cannot access 'Recent'", e); + } } } return recent; @@ -185,12 +207,13 @@ static Win32ShellFolder2 getNetwork() { if (network == null) { try { network = new Win32ShellFolder2(NETWORK); - } catch (SecurityException e) { - // Ignore error - } catch (IOException e) { - // Ignore error - } catch (InterruptedException e) { - // Ignore error + } catch (final SecurityException ignored) { + // Ignore, the message may have sensitive information, not + // accessible other ways + } catch (IOException | InterruptedException e) { + if (log.isLoggable(PlatformLogger.Level.WARNING)) { + log.warning("Cannot access 'Network'", e); + } } } return network; @@ -210,12 +233,13 @@ static Win32ShellFolder2 getPersonal() { personal.setIsPersonal(); } } - } catch (SecurityException e) { - // Ignore error - } catch (InterruptedException e) { - // Ignore error - } catch (IOException e) { - // Ignore error + } catch (final SecurityException ignored) { + // Ignore, the message may have sensitive information, not + // accessible other ways + } catch (InterruptedException | IOException e) { + if (log.isLoggable(PlatformLogger.Level.WARNING)) { + log.warning("Cannot access 'Personal'", e); + } } } return personal; @@ -316,8 +340,14 @@ public Object get(String key) { folders.add(createShellFolder(new File((String)value))); } } catch (IOException e) { + if (log.isLoggable(PlatformLogger.Level.WARNING)) { + log.warning("Cannot read value = " + value, e); + } // Skip this value } catch (InterruptedException e) { + if (log.isLoggable(PlatformLogger.Level.WARNING)) { + log.warning("Cannot read value = " + value, e); + } // Return empty result return new File[0]; } From 453f0c877496aaa1cac9459884db770a69146ee8 Mon Sep 17 00:00:00 2001 From: alvdavi Date: Tue, 17 Dec 2019 04:13:42 +0000 Subject: [PATCH 17/37] 8223490: Optimize search algorithm for determining default time zone Reviewed-by: yan, andrew --- .../solaris/native/java/util/TimeZone_md.c | 112 +++++++++++------- 1 file changed, 70 insertions(+), 42 deletions(-) diff --git a/jdk/src/solaris/native/java/util/TimeZone_md.c b/jdk/src/solaris/native/java/util/TimeZone_md.c index 3507c1c6514..81b4642d8ea 100644 --- a/jdk/src/solaris/native/java/util/TimeZone_md.c +++ b/jdk/src/solaris/native/java/util/TimeZone_md.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -42,6 +42,8 @@ #include "jvm.h" #include "TimeZone_md.h" +static char *isFileIdentical(char* buf, size_t size, char *pathname); + #define SKIP_SPACE(p) while (*p == ' ' || *p == '\t') p++; #if defined(_ALLBSD_SOURCE) @@ -65,6 +67,8 @@ static const char *ZONEINFO_DIR = "/usr/share/lib/zoneinfo"; static const char *DEFAULT_ZONEINFO_FILE = "/usr/share/lib/zoneinfo/localtime"; #endif /* defined(__linux__) || defined(_ALLBSD_SOURCE) */ +static const char popularZones[][4] = {"UTC", "GMT"}; + #if defined(_AIX) static const char *ETC_ENVIRONMENT_FILE = "/etc/environment"; #endif @@ -114,12 +118,9 @@ static char * findZoneinfoFile(char *buf, size_t size, const char *dir) { DIR *dirp = NULL; - struct stat statbuf; struct dirent64 *dp = NULL; struct dirent64 *entry = NULL; char *pathname = NULL; - int fd = -1; - char *dbuf = NULL; char *tz = NULL; dirp = opendir(dir); @@ -133,6 +134,22 @@ findZoneinfoFile(char *buf, size_t size, const char *dir) return NULL; } + if (strcmp(dir, ZONEINFO_DIR) == 0) { + /* fast path for 1st iteration */ + for (unsigned int i = 0; i < sizeof (popularZones) / sizeof (popularZones[0]); i++) { + pathname = getPathName(dir, popularZones[i]); + if (pathname == NULL) { + continue; + } + tz = isFileIdentical(buf, size, pathname); + free((void *) pathname); + pathname = NULL; + if (tz != NULL) { + return tz; + } + } + } + while (readdir64_r(dirp, entry, &dp) == 0 && dp != NULL) { /* * Skip '.' and '..' (and possibly other .* files) @@ -161,40 +178,14 @@ findZoneinfoFile(char *buf, size_t size, const char *dir) if (pathname == NULL) { break; } - if (stat(pathname, &statbuf) == -1) { - break; - } - if (S_ISDIR(statbuf.st_mode)) { - tz = findZoneinfoFile(buf, size, pathname); - if (tz != NULL) { - break; - } - } else if (S_ISREG(statbuf.st_mode) && (size_t)statbuf.st_size == size) { - dbuf = (char *) malloc(size); - if (dbuf == NULL) { - break; - } - if ((fd = open(pathname, O_RDONLY)) == -1) { - break; - } - if (read(fd, dbuf, size) != (ssize_t) size) { - break; - } - if (memcmp(buf, dbuf, size) == 0) { - tz = getZoneName(pathname); - if (tz != NULL) { - tz = strdup(tz); - } - break; - } - free((void *) dbuf); - dbuf = NULL; - (void) close(fd); - fd = -1; - } + tz = isFileIdentical(buf, size, pathname); + free((void *) pathname); pathname = NULL; + if (tz != NULL) { + break; + } } if (entry != NULL) { @@ -203,16 +194,53 @@ findZoneinfoFile(char *buf, size_t size, const char *dir) if (dirp != NULL) { (void) closedir(dirp); } - if (pathname != NULL) { - free((void *) pathname); - } - if (fd != -1) { - (void) close(fd); + return tz; +} + +/* + * Checks if the file pointed to by pathname matches + * the data contents in buf. + * Returns a representation of the timezone file name + * if file match is found, otherwise NULL. + */ +static char * +isFileIdentical(char *buf, size_t size, char *pathname) +{ + char *possibleMatch = NULL; + struct stat statbuf; + char *dbuf = NULL; + int fd = -1; + int res; + + if (stat(pathname, &statbuf) == -1) { + return NULL; } - if (dbuf != NULL) { + + if (S_ISDIR(statbuf.st_mode)) { + possibleMatch = findZoneinfoFile(buf, size, pathname); + } else if (S_ISREG(statbuf.st_mode) && (size_t)statbuf.st_size == size) { + dbuf = (char *) malloc(size); + if (dbuf == NULL) { + return NULL; + } + if ((fd = open(pathname, O_RDONLY)) == -1) { + goto freedata; + } + if (read(fd, dbuf, size) != (ssize_t) size) { + goto freedata; + } + if (memcmp(buf, dbuf, size) == 0) { + possibleMatch = getZoneName(pathname); + if (possibleMatch != NULL) { + possibleMatch = strdup(possibleMatch); + } + } + freedata: free((void *) dbuf); + dbuf = NULL; + (void) close(fd); } - return tz; + return possibleMatch; } #if defined(__linux__) || defined(MACOSX) From 961c179074e151e547b7ae7ee143699f40cac6b1 Mon Sep 17 00:00:00 2001 From: mdoerr Date: Fri, 22 Nov 2019 10:06:55 +0100 Subject: [PATCH 18/37] 8234591: [11u] Build with old C compiler broken by 8223490 Reviewed-by: phh --- jdk/src/solaris/native/java/util/TimeZone_md.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/jdk/src/solaris/native/java/util/TimeZone_md.c b/jdk/src/solaris/native/java/util/TimeZone_md.c index 81b4642d8ea..a1f1dc37e8a 100644 --- a/jdk/src/solaris/native/java/util/TimeZone_md.c +++ b/jdk/src/solaris/native/java/util/TimeZone_md.c @@ -136,7 +136,8 @@ findZoneinfoFile(char *buf, size_t size, const char *dir) if (strcmp(dir, ZONEINFO_DIR) == 0) { /* fast path for 1st iteration */ - for (unsigned int i = 0; i < sizeof (popularZones) / sizeof (popularZones[0]); i++) { + unsigned int i; + for (i = 0; i < sizeof (popularZones) / sizeof (popularZones[0]); i++) { pathname = getPathName(dir, popularZones[i]); if (pathname == NULL) { continue; From 5abcc93b061b32a824444c884b84e1bd5b3acf59 Mon Sep 17 00:00:00 2001 From: alvdavi Date: Tue, 17 Dec 2019 04:41:12 +0000 Subject: [PATCH 19/37] 8231124: Missing closedir call with JDK-8223490 Reviewed-by: phh, andrew --- .../solaris/native/java/util/TimeZone_md.c | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/jdk/src/solaris/native/java/util/TimeZone_md.c b/jdk/src/solaris/native/java/util/TimeZone_md.c index a1f1dc37e8a..7ec893b6b62 100644 --- a/jdk/src/solaris/native/java/util/TimeZone_md.c +++ b/jdk/src/solaris/native/java/util/TimeZone_md.c @@ -123,17 +123,6 @@ findZoneinfoFile(char *buf, size_t size, const char *dir) char *pathname = NULL; char *tz = NULL; - dirp = opendir(dir); - if (dirp == NULL) { - return NULL; - } - - entry = (struct dirent64 *) malloc((size_t) pathconf(dir, _PC_NAME_MAX)); - if (entry == NULL) { - (void) closedir(dirp); - return NULL; - } - if (strcmp(dir, ZONEINFO_DIR) == 0) { /* fast path for 1st iteration */ unsigned int i; @@ -151,6 +140,17 @@ findZoneinfoFile(char *buf, size_t size, const char *dir) } } + dirp = opendir(dir); + if (dirp == NULL) { + return NULL; + } + + entry = (struct dirent64 *) malloc((size_t) pathconf(dir, _PC_NAME_MAX)); + if (entry == NULL) { + (void) closedir(dirp); + return NULL; + } + while (readdir64_r(dirp, entry, &dp) == 0 && dp != NULL) { /* * Skip '.' and '..' (and possibly other .* files) From 057be17c448c5e58725a4dfc9ba9dd61ce4e282d Mon Sep 17 00:00:00 2001 From: sgehwolf Date: Tue, 17 Dec 2019 06:08:30 +0000 Subject: [PATCH 20/37] 8232984: Upgrading Joni License version to 2.1.16 Reviewed-by: andrew --- jdk/THIRD_PARTY_README | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/jdk/THIRD_PARTY_README b/jdk/THIRD_PARTY_README index 7dc54a05723..643ea79ce6e 100644 --- a/jdk/THIRD_PARTY_README +++ b/jdk/THIRD_PARTY_README @@ -1334,11 +1334,13 @@ SUCH DAMAGE. -------------------------------------------------------------------------------- -%% This notice is provided with respect to Joni v1.1.9, which may be +%% This notice is provided with respect to Joni v2.1.16, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- +Copyright (c) 2017 JRuby Team + Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights From aa5091742f02734b8b231a9f6439c2e788b570a3 Mon Sep 17 00:00:00 2001 From: yan Date: Tue, 17 Dec 2019 06:19:05 +0000 Subject: [PATCH 21/37] 8185898: setRequestProperty(key, null) results in HTTP header without colon in request Reviewed-by: phh, andrew --- .../classes/sun/net/www/MessageHeader.java | 38 ++- jdk/test/sun/net/www/B8185898.java | 283 ++++++++++++++++++ 2 files changed, 317 insertions(+), 4 deletions(-) create mode 100644 jdk/test/sun/net/www/B8185898.java diff --git a/jdk/src/share/classes/sun/net/www/MessageHeader.java b/jdk/src/share/classes/sun/net/www/MessageHeader.java index 34b6307826f..6ab2008dd4f 100644 --- a/jdk/src/share/classes/sun/net/www/MessageHeader.java +++ b/jdk/src/share/classes/sun/net/www/MessageHeader.java @@ -288,14 +288,44 @@ public synchronized Map> filterAndAddHeaders( return Collections.unmodifiableMap(m); } + /** Check if a line of message header looks like a request line. + * This method does not perform a full validation but simply + * returns false if the line does not end with 'HTTP/[1-9].[0-9]' + * @param line the line to check. + * @return true if the line might be a request line. + */ + private boolean isRequestline(String line) { + String k = line.trim(); + int i = k.lastIndexOf(' '); + if (i <= 0) return false; + int len = k.length(); + if (len - i < 9) return false; + + char c1 = k.charAt(len-3); + char c2 = k.charAt(len-2); + char c3 = k.charAt(len-1); + if (c1 < '1' || c1 > '9') return false; + if (c2 != '.') return false; + if (c3 < '0' || c3 > '9') return false; + + return (k.substring(i+1, len-3).equalsIgnoreCase("HTTP/")); + } + + /** Prints the key-value pairs represented by this - header. Also prints the RFC required blank line - at the end. Omits pairs with a null key. */ + header. Also prints the RFC required blank line + at the end. Omits pairs with a null key. Omits + colon if key-value pair is the requestline. */ public synchronized void print(PrintStream p) { for (int i = 0; i < nkeys; i++) if (keys[i] != null) { - p.print(keys[i] + - (values[i] != null ? ": "+values[i]: "") + "\r\n"); + StringBuilder sb = new StringBuilder(keys[i]); + if (values[i] != null) { + sb.append(": " + values[i]); + } else if (i != 0 || !isRequestline(keys[i])) { + sb.append(":"); + } + p.print(sb.append("\r\n")); } p.print("\r\n"); p.flush(); diff --git a/jdk/test/sun/net/www/B8185898.java b/jdk/test/sun/net/www/B8185898.java new file mode 100644 index 00000000000..67f3998e6bd --- /dev/null +++ b/jdk/test/sun/net/www/B8185898.java @@ -0,0 +1,283 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8185898 + * @library /lib/testlibrary + * @run main/othervm B8185898 + * @summary setRequestProperty(key, null) results in HTTP header without colon in request + */ + +import java.io.*; +import java.net.*; +import java.util.Arrays; +import java.util.List; +import java.util.Map; +import java.util.HashMap; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import java.util.stream.Collectors; +import java.util.Collections; + +import jdk.testlibrary.net.URIBuilder; +import sun.net.www.MessageHeader; +import com.sun.net.httpserver.HttpContext; +import com.sun.net.httpserver.HttpExchange; +import com.sun.net.httpserver.HttpHandler; +import com.sun.net.httpserver.HttpServer; + +import static java.nio.charset.StandardCharsets.ISO_8859_1; +import static java.nio.charset.StandardCharsets.UTF_8; + +/* + * Test checks that MessageHeader with key != null and value == null is set correctly + * and printed according to HTTP standard in the format : + * */ +public class B8185898 { + + static HttpServer server; + static final String RESPONSE_BODY = "Test response body"; + static final String H1 = "X-header1"; + static final String H2 = "X-header2"; + static final String VALUE = "This test value should appear"; + static final List oneList = Arrays.asList(VALUE); + static final List zeroList = Arrays.asList(""); + static int port; + static URL url; + static volatile Map> headers; + + static class Handler implements HttpHandler { + + public void handle(HttpExchange t) throws IOException { + InputStream is = t.getRequestBody(); + InetSocketAddress rem = t.getRemoteAddress(); + headers = t.getRequestHeaders(); // Get request headers on the server side + while(is.read() != -1){} + is.close(); + + OutputStream os = t.getResponseBody(); + t.sendResponseHeaders(200, RESPONSE_BODY.length()); + os.write(RESPONSE_BODY.getBytes(UTF_8)); + t.close(); + } + } + + public static void main(String[] args) throws Exception { + ExecutorService exec = Executors.newCachedThreadPool(); + InetAddress loopback = InetAddress.getLoopbackAddress(); + + try { + InetSocketAddress addr = new InetSocketAddress(loopback, 0); + server = HttpServer.create(addr, 100); + HttpHandler handler = new Handler(); + HttpContext context = server.createContext("/", handler); + server.setExecutor(exec); + server.start(); + + port = server.getAddress().getPort(); + System.out.println("Server on port: " + port); + url = URIBuilder.newBuilder() + .scheme("http") + .loopback() + .port(port) + .path("/foo") + .toURLUnchecked(); + System.out.println("URL: " + url); + testMessageHeader(); + testMessageHeaderMethods(); + testURLConnectionMethods(); + } finally { + server.stop(0); + System.out.println("After server shutdown"); + exec.shutdown(); + } + } + + // Test message header with malformed message header and fake request line + static void testMessageHeader() { + final String badHeader = "This is not a request line for HTTP/1.1"; + final String fakeRequestLine = "This /is/a/fake/status/line HTTP/2.0"; + final String expectedHeaders = fakeRequestLine + "\r\n" + + H1 + ": " + VALUE + "\r\n" + + H2 + ": " + VALUE + "\r\n" + + badHeader + ":\r\n\r\n"; + + MessageHeader header = new MessageHeader(); + header.add(H1, VALUE); + header.add(H2, VALUE); + header.add(badHeader, null); + header.prepend(fakeRequestLine, null); + ByteArrayOutputStream out = new ByteArrayOutputStream(); + header.print(new PrintStream(out)); + + if (!out.toString().equals(expectedHeaders)) { + throw new AssertionError("FAILED: expected: " + + expectedHeaders + "\nReceived: " + out.toString()); + } else { + System.out.println("PASSED: ::print returned correct " + + "status line and headers:\n" + out.toString()); + } + } + + // Test MessageHeader::print, ::toString, implicitly testing that + // MessageHeader::mergeHeader formats headers correctly for responses + static void testMessageHeaderMethods() throws IOException { + // {{inputString1, expectedToString1, expectedPrint1}, {...}} + String[][] strings = { + {"HTTP/1.1 200 OK\r\n" + + "Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\r\n" + + "Connection: keep-alive\r\n" + + "Host: 127.0.0.1:12345\r\n" + + "User-agent: Java/12\r\n\r\nfoooo", + "pairs: {null: HTTP/1.1 200 OK}" + + "{Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2}" + + "{Connection: keep-alive}" + + "{Host: 127.0.0.1:12345}" + + "{User-agent: Java/12}", + "Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\r\n" + + "Connection: keep-alive\r\n" + + "Host: 127.0.0.1:12345\r\n" + + "User-agent: Java/12\r\n\r\n"}, + {"HTTP/1.1 200 OK\r\n" + + "Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\r\n" + + "Connection: keep-alive\r\n" + + "Host: 127.0.0.1:12345\r\n" + + "User-agent: Java/12\r\n" + + "X-Header:\r\n\r\n", + "pairs: {null: HTTP/1.1 200 OK}" + + "{Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2}" + + "{Connection: keep-alive}" + + "{Host: 127.0.0.1:12345}" + + "{User-agent: Java/12}" + + "{X-Header: }", + "Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\r\n" + + "Connection: keep-alive\r\n" + + "Host: 127.0.0.1:12345\r\n" + + "User-agent: Java/12\r\n" + + "X-Header: \r\n\r\n"}, + }; + + System.out.println("Test custom message headers"); + for (String[] s : strings) { + // Test MessageHeader::toString + MessageHeader header = new MessageHeader( + new ByteArrayInputStream(s[0].getBytes(ISO_8859_1))); + if (!header.toString().endsWith(s[1])) { + throw new AssertionError("FAILED: expected: " + + s[1] + "\nReceived: " + header); + } else { + System.out.println("PASSED: ::toString returned correct " + + "status line and headers:\n" + header); + } + + // Test MessageHeader::print + ByteArrayOutputStream out = new ByteArrayOutputStream(); + header.print(new PrintStream(out)); + if (!out.toString().equals(s[2])) { + throw new AssertionError("FAILED: expected: " + + s[2] + "\nReceived: " + out.toString()); + } else { + System.out.println("PASSED: ::print returned correct " + + "status line and headers:\n" + out.toString()); + } + } + } + + // Test methods URLConnection::getRequestProperties, + // ::getHeaderField, ::getHeaderFieldKey + static void testURLConnectionMethods() throws IOException { + HttpURLConnection urlConn = (HttpURLConnection) url.openConnection(Proxy.NO_PROXY); + urlConn.setRequestProperty(H1, ""); + urlConn.setRequestProperty(H1, VALUE); + urlConn.setRequestProperty(H2, null); // Expected to contain ':' between key and value + Map> props = urlConn.getRequestProperties(); + Map> expectedMap = new HashMap>(); + expectedMap.put(H1, oneList); + expectedMap.put(H2, Arrays.asList((String)null)); + + // Test request properties + System.out.println("Client request properties"); + StringBuilder sb = new StringBuilder(); + props.forEach((k, v) -> sb.append(k + ": " + + v.stream().collect(Collectors.joining()) + "\n")); + System.out.println(sb); + + if (!props.equals(expectedMap)) { + throw new AssertionError("Unexpected properties returned: " + + props); + } else { + System.out.println("Properties returned as expected"); + } + + // Test header fields + String headerField = urlConn.getHeaderField(0); + if (!headerField.contains("200 OK")) { + throw new AssertionError("Expected headerField[0]: status line. " + + "Received: " + headerField); + } else { + System.out.println("PASSED: headerField[0] contains status line: " + + headerField); + } + + String headerFieldKey = urlConn.getHeaderFieldKey(0); + if (headerFieldKey != null) { + throw new AssertionError("Expected headerFieldKey[0]: null. " + + "Received: " + headerFieldKey); + } else { + System.out.println("PASSED: headerFieldKey[0] is null"); + } + + // Check that test request headers are included with correct format + try ( + BufferedReader in = new BufferedReader( + new InputStreamReader(urlConn.getInputStream())) + ) { + if (!headers.keySet().contains(H1)) { + throw new AssertionError("Expected key not found: " + + H1 + ": " + VALUE); + } else if (!headers.get(H1).equals(oneList)) { + throw new AssertionError("Unexpected key-value pair: " + + H1 + ": " + headers.get(H1)); + } else { + System.out.println("PASSED: " + H1 + " included in request headers"); + } + + if (!headers.keySet().contains(H2)) { + throw new AssertionError("Expected key not found: " + + H2 + ": "); + // Check that empty list is returned + } else if (!headers.get(H2).equals(zeroList)) { + throw new AssertionError("Unexpected key-value pair: " + + H2 + ": " + headers.get(H2)); + } else { + System.out.println("PASSED: " + H2 + " included in request headers"); + } + + String inputLine; + while ((inputLine = in.readLine()) != null) { + System.out.println(inputLine); + } + } + } +} From 999c2763e9cdd0498e6ef3861ef5553aa7df1d1e Mon Sep 17 00:00:00 2001 From: igerasim Date: Mon, 11 Nov 2019 05:09:31 -0800 Subject: [PATCH 22/37] 8233886: TEST_BUG jdk/java/net/CookieHandler/B6791927.java hit hardcoded expiration date Reviewed-by: chegar, vtewari --- jdk/test/java/net/CookieHandler/B6791927.java | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/jdk/test/java/net/CookieHandler/B6791927.java b/jdk/test/java/net/CookieHandler/B6791927.java index 4b870158d58..bc5374b2a98 100644 --- a/jdk/test/java/net/CookieHandler/B6791927.java +++ b/jdk/test/java/net/CookieHandler/B6791927.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,8 +23,9 @@ /** * @test - * @bug 6791927 + * @bug 6791927 8233886 * @summary Wrong Locale in HttpCookie::expiryDate2DeltaSeconds + * @run main/othervm B6791927 */ import java.net.*; @@ -32,12 +33,14 @@ import java.util.Locale; public class B6791927 { - public static final void main( String[] aaParamters ) throws Exception{ + public static final void main(String[] aaParamters) throws Exception { Locale reservedLocale = Locale.getDefault(); try { // Forces a non US locale Locale.setDefault(Locale.FRANCE); - List cookies = HttpCookie.parse("set-cookie: CUSTOMER=WILE_E_COYOTE; expires=Sat, 09-Nov-2019 23:12:40 GMT"); + List cookies = HttpCookie.parse("set-cookie:" + + " CUSTOMER=WILE_E_COYOTE;" + + " expires=Sat, 09-Nov-2041 23:12:40 GMT"); if (cookies == null || cookies.isEmpty()) { throw new RuntimeException("No cookie found"); } From 07fc5240f7fef9b1f52abde6c2173c367a192166 Mon Sep 17 00:00:00 2001 From: afarley Date: Mon, 6 Jan 2020 03:57:02 +0000 Subject: [PATCH 23/37] 8227715: GPLv2 files missing Classpath Exception Summary: Add missing exception to build files that were missed by JDK-8193758. Reviewed-by: phh, andrew --- .../build/tools/generatelsrequivmaps/EquivMapsGenerator.java | 4 +++- jdk/make/src/native/add_gnu_debuglink/add_gnu_debuglink.c | 4 +++- .../native/fix_empty_sec_hdr_flags/fix_empty_sec_hdr_flags.c | 4 +++- jdk/src/macosx/native/jobjc/JObjC.xcodeproj/default.pbxuser | 4 +++- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/jdk/make/src/classes/build/tools/generatelsrequivmaps/EquivMapsGenerator.java b/jdk/make/src/classes/build/tools/generatelsrequivmaps/EquivMapsGenerator.java index c693eedc245..ba83f92a183 100644 --- a/jdk/make/src/classes/build/tools/generatelsrequivmaps/EquivMapsGenerator.java +++ b/jdk/make/src/classes/build/tools/generatelsrequivmaps/EquivMapsGenerator.java @@ -4,7 +4,9 @@ * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or diff --git a/jdk/make/src/native/add_gnu_debuglink/add_gnu_debuglink.c b/jdk/make/src/native/add_gnu_debuglink/add_gnu_debuglink.c index b65457c0d99..a9985fa5ffb 100644 --- a/jdk/make/src/native/add_gnu_debuglink/add_gnu_debuglink.c +++ b/jdk/make/src/native/add_gnu_debuglink/add_gnu_debuglink.c @@ -4,7 +4,9 @@ * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or diff --git a/jdk/make/src/native/fix_empty_sec_hdr_flags/fix_empty_sec_hdr_flags.c b/jdk/make/src/native/fix_empty_sec_hdr_flags/fix_empty_sec_hdr_flags.c index 68bd0938668..fc583ec9862 100644 --- a/jdk/make/src/native/fix_empty_sec_hdr_flags/fix_empty_sec_hdr_flags.c +++ b/jdk/make/src/native/fix_empty_sec_hdr_flags/fix_empty_sec_hdr_flags.c @@ -4,7 +4,9 @@ * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or diff --git a/jdk/src/macosx/native/jobjc/JObjC.xcodeproj/default.pbxuser b/jdk/src/macosx/native/jobjc/JObjC.xcodeproj/default.pbxuser index cda3de5e2f2..dd674ec5583 100644 --- a/jdk/src/macosx/native/jobjc/JObjC.xcodeproj/default.pbxuser +++ b/jdk/src/macosx/native/jobjc/JObjC.xcodeproj/default.pbxuser @@ -5,7 +5,9 @@ * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or From 95b737929fa9d754adf3b2698dfa853b897c0694 Mon Sep 17 00:00:00 2001 From: sgehwolf Date: Thu, 14 Nov 2019 19:49:55 -0800 Subject: [PATCH 24/37] 8232019: Add LuxTrust certificate updates to the existing root program Reviewed-by: clanger, andrew --- jdk/src/share/lib/security/cacerts | Bin 98310 -> 99841 bytes .../certification/LuxTrustCA.java | 194 ++++++++++++++++++ .../security/lib/cacerts/VerifyCACerts.java | 6 +- 3 files changed, 198 insertions(+), 2 deletions(-) create mode 100644 jdk/test/security/infra/java/security/cert/CertPathValidator/certification/LuxTrustCA.java diff --git a/jdk/src/share/lib/security/cacerts b/jdk/src/share/lib/security/cacerts index 1db6c41b89d4d6186ac8ecde19b25f9465f17b36..0578d6f2dd657e1e1d7cf003f9077e0aebddd7f9 100644 GIT binary patch delta 3160 zcma)8dpJ~U7vJyf*`p&288aBeken#YxFnTJNOG%FCqy@m$=zUxC__c5&KKUaIV2rj zPC7ZXJ53kYT%rqI-0I}ki4;0gDxc!pq*LGXe1Cj@>}T)a`u*1XthM%fpS4mFX-S7^ zauY)nLkNOU$Y%o_{lNe;N$dPOjnG}&gyCFcphiQwA~NQCNo|b5LMkk=Vow=zg2Rai zR?bwsARcH;8SvqI(%N`nNQKVLdYE3E|NLUuRiI8BX?8^6)dFqO6lh;bbQNqxVMCoJ z34>Q|B?jxfF+2}|DLTs5R$2qV910vr(LGB6}(9u0Z_#_>iwf#=+(!iR)5N!!ME z6Jx|C8J2=T7#S5ED)8m{1o;JTB6EMWx!x{IdYS>aD1OQta50Xq`0x4B25-=WYO4wY zqQm?HVtj?+!GVz?QPfvQfV^6hr7EqT3u-X?urB#V;x{S{x+^@fC|r1->R5LLg=q3Wpl3q{kRMu!FN5R(5Q zLrGiA&xqmLi0$-6)u1w6JL` zeGvdmC~%LyDn?J%8b*i{`b{YOzMqA0)vzIiuD7QJ$ZGs<17LY>0Em-hQgLMHs)4tog7Y#wk2ZQLZV}*Q}+)MZSxJ8 z>THv*$pe>{YN@jj%*)7}XNe%#P2L`?nzsi%pN~=ig~E_cIMe0gkoP!9H#x8GipoQ# zQ%lxNO2HQ}3Ec(de9zlHzTITWr5EMaR)+LG}KrK}gj+xEIH+dsB0$YS;g zecAp-(GxxWvf9*Z4STKLzq;j97rIJ(sll;;ZKiBfmAb<7?W2UpBZ<|8~9=O|%r~6D^E;U%tS=-a)evT2cuG_cq9m|-rtgKJR zl>knSU`WAYTSC5skSx(c5cd^MgU|gj2_9MAWrL9Nu zQbqpd-7CG9%KhwrsL8ReXmP>F+0wq&=a9 z8b=v`Nh-!e$rsOV%D|;AS$5qePKAjlSF#@&n#E#xb2#oxfwu30ruw==B2jf{W`uxa=aPJDa0GWl|aci-v%~ zkOZkQhQfAME!^KMAD+WsI=z>0?C(dL`1Y?;2C_0Qz`&s}Of?DL1x#-@V`@~ywc zBu$v)>gGi@{`lse=ogRH!D@?zLa%a9M14eJ{_lZ!{-zsMbF7Xf9XOU+wP9mipCsJu z`QE1`Jv~>v{%+2Ewl#P77#?|eU?0Uuc;uAyfyBR~{$bw6!gHtc=P_tGgR2t^XG=KI zuT9&B8m~l$TKinh;_&4?+U@DQ^o!Ks4v+H8#P$B=?RWP+QhjAaPch8M3s)ZO{Gq`< zmLfUrRzJ3-Cf&=C8RH#QXj>|Cf_Js#{Tx=uUz57FoVcL-t5szS(>MdRnq4O~9WoSu z9{H)~zKdgC{|Y<&<%;Y#gWFpu{~kHxtXtUGc=gtp4HS(PTzh%iI{U(>$@uJ1;j7^d z^Znb>GEXV*JGZZ@zp*hI3e-!Ny=?K*GBlWDDXFXWHW^x(&QvH}T(ze2$Ss33GmTfv zkLGSxGy1S%Rd!T*F;(;z)w|@p!TE`s_l{kD+~e#=3)|{eX6HT``&joD`%>F6%aEei z3WaBPJ00S>Hu<$)!5xd;?;Ch5$%kdXC+c>~COp5@a;rai{gXuoJx2rJ&Fzs6^h9lw zka;)fQWN*e4#3Q#b1|dpCCla$Wk+LC4kIF3w8PggQ2gKP1=8!aaHEs-fGK!};SpBk zkTrWSI*}+%w*t`^UdICDU|}x~;cJY3f}tlu@uIbW zg=rrwD{Y7LbT#NXK1Vvb7LZF_NiYjjsD5r7PTUQ?L#87Zg$W~lr+0>LMhenkpHGaxv!0o9g!TAq6weTYxieGmni!x|SmDFQ6cX^94@8$wBZe1o zfEHCDAvaxmp95Mk*jmXU>Fk_h;zQ+q4EGcO4yJPPW7QhzP62SkU~~tEhE%U^T8I!? z9nL7cJV5H-EDAx0_5m|0^ti4yvnj+~&!v!11;!=HVxM<})I@74o*@Fdn1*y>Te0-I z2(*zAih!yTxeR@&5zvsneVdPyWD&vqRUd`Sa#c((hQewhFq46ZS-c;bsVuWy?Ttk_XC@Oth%4sR# zk;OzmbKgXRJWi+OBGMfmz-anxMJ2OuLjAlHt@|l!+ED{jsOjJ#(zA5%oC?<-WYUm2 zLFs&i2s>Cqfwh?SOdSTWyHsd%o}?#7wP$Z7e9qfY8HeK&Q(Q+6*6hqLzt!~CbN5h( HXUTs6Y5n&L delta 1830 zcmZuydrVVT80Yld(@s<>7RtLVPJ9F*3Ya;VkCh1vz9u^GjrI1f)DvZ)(4h!z=B5!h!`ys9rYyL7Zw+g={n4b~z2E(Qzw`Tk z-*+l%l-tUcV}|b!-}m$LQ;5G6!bKJslz<)lv@D7~VnGPR`!+-GYRq91x`h;)7|2X?70S!r-n$ zk@ADa0y1!@6k%l5jI$&fR&O-FyVlQ7N;UP7u1(7ndM%glbQJPVhu!XEO&mL8B*|<% zetA4m)sBTxK|IIW^LW;i^iRrqwR_qgY8?yg5LY*cATBvR)t`La+zD~I*RRiwy2 zgTcW~da-!ioi6ff(*O`+R)SEeTC_loE5Rd#gScoZwl$Ju?k2>;w$W0!dXNOVx0=!ZezA_U<$dX@$^P4}08AKWGe5aZWqM2zKs;$x}G-^#dl&2m;vM-xBP_rtHbEL3=qR$b!?baq5mF7cy59=45F2L2NM(A5+R1`hR~gX(_I%D^lE3&AW3jwD>-#= zJcA==OI_?8JVuPO*Q$inbdMrO-=mgv@R35`vOH~{be2|TfkuU(O9E0e-Sf-nyd-cH zVMDl1qEK>=q=v6TxZp^zXsg%}q{{gpa!^v_@ z8pI7Qxv?mPbhyfqP(Js?WPM|xjdMW;3=b3s!EUyjOePh|jH%H(uZ}^7D${5Uz@mNBP$T z92Z+aG?V_4hKloAs|nud(;v|%Cmd|?BgRd}I{Ua^6A26v~+cY`v445fF9hJ3NW zxgxJ4imU2)8A;v#2_pn1iB>}0$4{SB=Lr2hZ_ diff --git a/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/LuxTrustCA.java b/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/LuxTrustCA.java new file mode 100644 index 00000000000..63ba5e1bbab --- /dev/null +++ b/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/LuxTrustCA.java @@ -0,0 +1,194 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8232019 + * @summary Interoperability tests with LuxTrust Global Root 2 CA + * @build ValidatePathWithParams + * @run main/othervm -Djava.security.debug=certpath LuxTrustCA OCSP + * @run main/othervm -Djava.security.debug=certpath LuxTrustCA CRL + */ + +/* + * Obtain TLS test artifacts for LuxTrust CAs from: + * + * LuxTrust Global Root 2 CA sent test certificates as attachment + */ +public class LuxTrustCA { + + // Owner: CN=LuxTrust Global Qualified CA 3, O=LuxTrust S.A., C=LU + // Issuer: CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU + // Serial number: 413dea1a28c2253845558e047f3e2a8b5b9baeae + // Valid from: Fri Mar 06 06:12:15 PST 2015 until: Mon Mar 05 05:21:57 PST 2035 + private static final String INT = "-----BEGIN CERTIFICATE-----\n" + + "MIIGcjCCBFqgAwIBAgIUQT3qGijCJThFVY4Efz4qi1ubrq4wDQYJKoZIhvcNAQEL\n" + + "BQAwRjELMAkGA1UEBhMCTFUxFjAUBgNVBAoMDUx1eFRydXN0IFMuQS4xHzAdBgNV\n" + + "BAMMFkx1eFRydXN0IEdsb2JhbCBSb290IDIwHhcNMTUwMzA2MTQxMjE1WhcNMzUw\n" + + "MzA1MTMyMTU3WjBOMQswCQYDVQQGEwJMVTEWMBQGA1UECgwNTHV4VHJ1c3QgUy5B\n" + + "LjEnMCUGA1UEAwweTHV4VHJ1c3QgR2xvYmFsIFF1YWxpZmllZCBDQSAzMIICIjAN\n" + + "BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuZ5iXSmFbP80gWb0kieYsImcyIo3\n" + + "QYg+XA3NlwH6QtI0PgZEG9dSo8pM7VMIzE5zq8tgJ50HnPdYflvfhkEKvAW2NuNX\n" + + "6hi/6HK4Nye+kB+INjpfAHmLft3GT95e+frk/t7hJNorK44xzqfWZKLNGysEHIri\n" + + "ddcePWOk3J/VMc9CsSemeZbmeZW1/xXeqolMS7JIDZ3+0DgVCYsKIK+b3sAQ8iqX\n" + + "bQlQyvymG6QyoQoJbuEP23iawRMWKNWk+sjzOkPAAQDtgEEVdggzzudLSM04C5Cj\n" + + "eLlLYuXgljler9bKRk9wW8nkareLZsn9uCDihGXGyC5m9jseGY1KAnlV8usLjBFA\n" + + "iW5OCnzcOg+CPsVucoRhS6uvXcu7VtHRGo5yLysJVv7sj6cx5lMvQKAMLviVi3kp\n" + + "hZKYfqVLAVFJpXTpunY2GayVGf/uOpzNoiSRpcxxYjmAlPKNeTgXVl5Mc0zojgT/\n" + + "MZTGFN7ov7n01yodN6OhfTADacvaKfj2C2CwdCJvMqvlUuCKrvuXbdZrtRm3BZXr\n" + + "ghGhuQmG0Tir7VVCI0WZjVjyHs2rpUcCQ6+D1WymKhzp0mrXdaFzYRce7FrEk69J\n" + + "WzWVp/9/GKnnb0//camavEaI4V64MVxYAir5AL/j7d4JIOqhPPU14ajxmC6dEH84\n" + + "guVs0Lo/dwVTUzsCAwEAAaOCAU4wggFKMBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYD\n" + + "VR0gBDwwOjA4BggrgSsBAQEKAzAsMCoGCCsGAQUFBwIBFh5odHRwczovL3JlcG9z\n" + + "aXRvcnkubHV4dHJ1c3QubHUwagYIKwYBBQUHAQEEXjBcMCsGCCsGAQUFBzABhh9o\n" + + "dHRwOi8vbHRncm9vdC5vY3NwLmx1eHRydXN0Lmx1MC0GCCsGAQUFBzAChiFodHRw\n" + + "Oi8vY2EubHV4dHJ1c3QubHUvTFRHUkNBMi5jcnQwDgYDVR0PAQH/BAQDAgEGMB8G\n" + + "A1UdIwQYMBaAFP8YKHb5SAUsoa7xKxsrslP4S3yzMDMGA1UdHwQsMCowKKAmoCSG\n" + + "Imh0dHA6Ly9jcmwubHV4dHJ1c3QubHUvTFRHUkNBMi5jcmwwHQYDVR0OBBYEFGOP\n" + + "wosDsauO2FNHlh2ZqH32rKh1MA0GCSqGSIb3DQEBCwUAA4ICAQADB6M/edbOO9iJ\n" + + "COnVxayJ1NBk08/BVKlHwe7HBYAzT6Kmo3TbMUwOpcGI2e/NBCR3F4wTzXOVvFmv\n" + + "dBl7sdS6uMSLBTrav+5LChcFDBQj26X5VQDcXkA8b/u6J4Ve7CwoSesYg9H0fsJ3\n" + + "v12QrmGUUao9gbamKP1TFriO+XiIaDLYectruusRktIke9qy8MCpNSarZqr3oD3c\n" + + "/+N5D3lDlGpaz1IL8TpbubFEQHPCr6JiwR+qSqGRfxv8vIvOOAVxe7np5QhtwmCk\n" + + "XdMOPQ/XOOuEA06bez+zHkASX64at7dXru+4JUEbpijjMA+1jbFZr20OeBIQZL7o\n" + + "Est+FF8lFuvmucC9TS9QnlF28WJExvpIknjS7LhFMGXB9w380q38ZOuKjPZpoztY\n" + + "eyUpf8gxzV7fE5Q1okhnsDZ+12vBzBruzJcwtNuXyLyIh3fVN0LunVd+NP2kGjB2\n" + + "t9WD2Y0CaKxWx8snDdrSbAi46TpNoe04eroWgZOvdN0hEmf2d8tYBSJ/XZekU9sC\n" + + "Aww5vxHnXJi6CZHhjt8f1mMhyE2gBvmpk4CFetViO2sG0n/nsxCQNpnclsax/eJu\n" + + "XmGiZ3OPCIRijI5gy3pLRgnbgLyktWoOkmT/gxtWDLfVZwEt52JL8d550KIgttyR\n" + + "qX81LJWGSDdpnzeRVQEnzAt6+RebAQ==\n" + + "-----END CERTIFICATE-----"; + + // Owner: T=Private Person, SERIALNUMBER=00100978855105608536, + // GIVENNAME=TokenPRIActive, SURNAME=Test, CN=TokenPRIActive Test, C=DE + // Issuer: CN=LuxTrust Global Qualified CA 3, O=LuxTrust S.A., C=LU + // Serial number: 3814b6 + // Valid from: Wed Jul 10 04:36:12 PDT 2019 until: Sun Jul 10 04:36:12 PDT 2022 + private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIG/jCCBOagAwIBAgIDOBS2MA0GCSqGSIb3DQEBCwUAME4xCzAJBgNVBAYTAkxV\n" + + "MRYwFAYDVQQKDA1MdXhUcnVzdCBTLkEuMScwJQYDVQQDDB5MdXhUcnVzdCBHbG9i\n" + + "YWwgUXVhbGlmaWVkIENBIDMwHhcNMTkwNzEwMTEzNjEyWhcNMjIwNzEwMTEzNjEy\n" + + "WjCBizELMAkGA1UEBhMCREUxHDAaBgNVBAMTE1Rva2VuUFJJQWN0aXZlIFRlc3Qx\n" + + "DTALBgNVBAQTBFRlc3QxFzAVBgNVBCoTDlRva2VuUFJJQWN0aXZlMR0wGwYDVQQF\n" + + "ExQwMDEwMDk3ODg1NTEwNTYwODUzNjEXMBUGA1UEDBMOUHJpdmF0ZSBQZXJzb24w\n" + + "ggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDb8l2RJNS7iA9hJFj8aR25\n" + + "kpU/ZQTHl8Z9yrTLhr4VcMWMxqeOQUcUU27SgIuFvU9s/68OuaIhxyu6eohaGCLC\n" + + "wzFFRg8OlsUYuI1QtUEliIjmHOMDqSNIt093+SDV64osnHw5fpfy8V0zehEkd7QR\n" + + "t7Aq38ixCQyxCmNIDJeDCKJT+wwdLaKuw/4SEpR9sygSxZ3kG6kF4icsgYuiOCRx\n" + + "+DrS1wP9kcrQVWQ0bJbGzwxLZXCHaJsWE1Y17mQAO4Iv/9icqDkP3bZBU5GCgbNT\n" + + "JEP2GiUUPU3nL41Tlq03+iDmkS2bpWCtFZmTgUg+1nJEb7PSCJ9VcoflOOFgX/ku\n" + + "TQCJWwhsgyOneEZAg7PpzOj2msxA9RWI88FzRnX/zyjWEpdUCVJ85hFw8u+UZ7k1\n" + + "eF37oOpgNxQMJ+/ey7huneTzyhpFz/TqJpfMmwaGbPL6zmPLAMQalIPQj+68zlcX\n" + + "qyeKVbZU74Vm051kXb/3qs6CeUpT4HrY3UmHWLvOdNkCAwEAAaOCAiUwggIhMB8G\n" + + "A1UdIwQYMBaAFGOPwosDsauO2FNHlh2ZqH32rKh1MGYGCCsGAQUFBwEBBFowWDAn\n" + + "BggrBgEFBQcwAYYbaHR0cDovL3FjYS5vY3NwLmx1eHRydXN0Lmx1MC0GCCsGAQUF\n" + + "BzAChiFodHRwOi8vY2EubHV4dHJ1c3QubHUvTFRHUUNBMy5jcnQwggEuBgNVHSAE\n" + + "ggElMIIBITCCARMGC4g3AQOBKwEBCgMFMIIBAjAqBggrBgEFBQcCARYeaHR0cHM6\n" + + "Ly9yZXBvc2l0b3J5Lmx1eHRydXN0Lmx1MIHTBggrBgEFBQcCAjCBxgyBw0x1eFRy\n" + + "dXN0IENlcnRpZmljYXRlIG5vdCBvbiBTU0NEIGNvbXBsaWFudCB3aXRoIEVUU0kg\n" + + "VFMgMTAyIDA0MiBOQ1AgY2VydGlmaWNhdGUgcG9saWN5LiBLZXkgR2VuZXJhdGlv\n" + + "biBieSBDU1AuIFNvbGUgQXV0aG9yaXNlZCBVc2FnZTogU2lnbmF0dXJlLCBEYXRh\n" + + "IG9yIEVudGl0eSBBdXRoZW50aWNhdGlvbiBhbmQgRGF0YSBFbmNyeXB0aW9uLjAI\n" + + "BgYEAI96AQEwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5sdXh0cnVzdC5s\n" + + "dS9MVEdRQ0EzLmNybDARBgNVHQ4ECgQISND+8GZyXrcwDgYDVR0PAQH/BAQDAgTw\n" + + "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAA54w2kGy+hJsYSyrQ5C\n" + + "ft0rasUHQviEiy31H2Z1lh4yEPLiuUsaepdzG4bov/J1RewX1fL7fvErraKK7nNr\n" + + "ioAXNElHtC0wfxGx0xGaCz7xsZIDFgpzyPqS+vd8VKbRCOY66AI+3aPiatCsk+BM\n" + + "Hp9GwW3B1e5EOgXiWVNxzYFtav5QSAj28IEV7ZuN2BIiU+phawRaoFy+4glMB7zE\n" + + "J5AM/Zfi50Q85ljy1kWUueFE3VNDafAUGOF5gTHvkKqj6LznUkqcT8m96Wd0IbF2\n" + + "BLYjnKPF6lGJsivErGqMwQIhlUUMkRQ13/hftL12rIiSjC1C/6cnbxOjWEOGnler\n" + + "Qn2zu2OTGnnrYxp/hojdZggb5Yt9mkM3EmyuqP1W4g0xtMv9q97swm/fHz/rDh8T\n" + + "MqrEOJzz284IM0DXjXq1wkmsZ/6/ueCyf0oBN0csvYspZKmLAydZ+jZmjdKKxX+N\n" + + "dreauHgOq1knLHkMb/YIyA+Oh6SBlNXL4Iae8APQcRGnylHQ1lc/YHTqWh8N1tmn\n" + + "no5r1kVJBYYtkI3oufaLtP7JIazteZlqTN+tubMJhO4xGgt6bqEpQiid9r3UnIjR\n" + + "esLYxXS5qRwSoOSleXT98H75+Ok1WR3ciD4exBR8/KcUtDITvDJhkBHnRHm40jFs\n" + + "5UbHFf98S6G9dqzsqW8+2Bpn\n" + + "-----END CERTIFICATE-----"; + + // Owner: T=Private Person, SERIALNUMBER=00100918135105608625, + // GIVENNAME=TokenPRIREV, SURNAME=Test, CN=TokenPRIREV Test, C=LU + // Issuer: CN=LuxTrust Global Qualified CA 3, O=LuxTrust S.A., C=LU + // Serial number: 3814b8 + // Valid from: Wed Jul 10 04:36:48 PDT 2019 until: Sun Jul 10 04:36:48 PDT 2022 + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIG+DCCBOCgAwIBAgIDOBS4MA0GCSqGSIb3DQEBCwUAME4xCzAJBgNVBAYTAkxV\n" + + "MRYwFAYDVQQKDA1MdXhUcnVzdCBTLkEuMScwJQYDVQQDDB5MdXhUcnVzdCBHbG9i\n" + + "YWwgUXVhbGlmaWVkIENBIDMwHhcNMTkwNzEwMTEzNjQ4WhcNMjIwNzEwMTEzNjQ4\n" + + "WjCBhTELMAkGA1UEBhMCTFUxGTAXBgNVBAMTEFRva2VuUFJJUkVWIFRlc3QxDTAL\n" + + "BgNVBAQTBFRlc3QxFDASBgNVBCoTC1Rva2VuUFJJUkVWMR0wGwYDVQQFExQwMDEw\n" + + "MDkxODEzNTEwNTYwODYyNTEXMBUGA1UEDBMOUHJpdmF0ZSBQZXJzb24wggGiMA0G\n" + + "CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCcm7y4c/D58u6g3m6HGdfiqDXa2yEl\n" + + "H2cAeSb85fsAX08iXfa/U/kmFqqycwp2nsJdfor6HEEqHsmozyjjIWHDEsq+cUre\n" + + "SO6d2Ag29MrxsAWZ1XAol40FcxNN+yEL9Xs5doqqcbz3OoKdxkoWVdYq3D7peizF\n" + + "OER4M2XA0KSLiKXDapDCfTVLE6qRG6Cn5mqnlqbUtkI6vSsda5mWLSNe4Qw/PIMw\n" + + "v7ZDn5dHeHoV6UpZC95Ole5vMQfjAOsy4nRc1zofQz7iPw4ClNzDQSuonaAKSk3Y\n" + + "1KjWPmHshb6BoANL+ce1KuWESKV3D5lBkVVLTeoBkWQu7ViJviF2HE5UoPRSGijO\n" + + "nmGOTZRsjOJXPe7/pEq9SQ477EufnSsoCj1cPCtaowbsO7oswzV/axKMhhZf6nU7\n" + + "0wd9xUuMgMRKBfi026mYK7pdxJ85qE8qKlqeNprje+g1sjxMDbMHARA427Px0IUJ\n" + + "mzIJk0ysAQvbqQVe8QQM/f+PH3mUkXR02H8CAwEAAaOCAiUwggIhMB8GA1UdIwQY\n" + + "MBaAFGOPwosDsauO2FNHlh2ZqH32rKh1MGYGCCsGAQUFBwEBBFowWDAnBggrBgEF\n" + + "BQcwAYYbaHR0cDovL3FjYS5vY3NwLmx1eHRydXN0Lmx1MC0GCCsGAQUFBzAChiFo\n" + + "dHRwOi8vY2EubHV4dHJ1c3QubHUvTFRHUUNBMy5jcnQwggEuBgNVHSAEggElMIIB\n" + + "ITCCARMGC4g3AQOBKwEBCgMFMIIBAjAqBggrBgEFBQcCARYeaHR0cHM6Ly9yZXBv\n" + + "c2l0b3J5Lmx1eHRydXN0Lmx1MIHTBggrBgEFBQcCAjCBxgyBw0x1eFRydXN0IENl\n" + + "cnRpZmljYXRlIG5vdCBvbiBTU0NEIGNvbXBsaWFudCB3aXRoIEVUU0kgVFMgMTAy\n" + + "IDA0MiBOQ1AgY2VydGlmaWNhdGUgcG9saWN5LiBLZXkgR2VuZXJhdGlvbiBieSBD\n" + + "U1AuIFNvbGUgQXV0aG9yaXNlZCBVc2FnZTogU2lnbmF0dXJlLCBEYXRhIG9yIEVu\n" + + "dGl0eSBBdXRoZW50aWNhdGlvbiBhbmQgRGF0YSBFbmNyeXB0aW9uLjAIBgYEAI96\n" + + "AQEwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5sdXh0cnVzdC5sdS9MVEdR\n" + + "Q0EzLmNybDARBgNVHQ4ECgQIS0KUXpWyku0wDgYDVR0PAQH/BAQDAgTwMAwGA1Ud\n" + + "EwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAFSnezuyeRO0sh9e8/1N+2RE6Uhb\n" + + "RIdLKmaS8hMOyUNBapnHfJAdOn7j767qWQjRop5VNCcv0zDOxAqApxFiz4gJdzBY\n" + + "FVrEVwYos8a3BHLXNxfwIWEJ6EjlqI2qI3NjqK8m4M8LTq4G94V2/MOFVpXeCLju\n" + + "r0s+XZep2Sk9J4ofUOc8Gp7IZNhPzIlfKQ+KhnWovde4bpL3zRpp4u7Y580XsBuN\n" + + "kow2Eg84tRzSVizmgLPuRbySHuMo1jGIP7F9FdtOC8VVSjntfCXSEQqOvpH4YZ8S\n" + + "V4qP17CQHPWW1kOHAyXpkAjU+6SOlmF76Adv9nQFTZ6DAnKqiuxmi8EVCv96aFD7\n" + + "Ih+zBF7kj7fghPjUzsVdB6gI4VwuFCXEaAfWlxJS67s1hKnsCyqX3cu+Gnq9aRt+\n" + + "08iaTVEdrKL95AYYobVbnGJ7bH87SpenjLL+CDctXNNDlpJZ8eRYcQe+Q4dg+8L8\n" + + "X8tkXBeRbiZD1U7XwVBnKF6sJmhA4F/h/EJzwX0lp7EU6EO91bSiwD2NFVs+64UR\n" + + "9lftfFFm5In2N3vjDR/3nrCf3Jq9f0g7bTrNJmo+hc0+fD+zlAhZAx+ii2xE1cY1\n" + + "KLH2zXNzPUgIqYGdVQwn1TUFJN8JgGKsXwc+P51nEpgf6JVyK1m7EtVGtr9gF7DI\n" + + "P+4VSqTbTp4/l5n0\n" + + "-----END CERTIFICATE-----"; + + public static void main(String[] args) throws Exception { + + ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); + + if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { + pathValidator.enableCRLCheck(); + } else { + // OCSP check by default + pathValidator.enableOCSPCheck(); + } + + // Validate valid + pathValidator.validate(new String[]{VALID, INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Validate Revoked + pathValidator.validate(new String[]{REVOKED, INT}, + ValidatePathWithParams.Status.REVOKED, + "Wed Jul 10 04:48:49 PDT 2019", System.out); + } +} diff --git a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java index 585f1e9cc65..58bb0fcd0a1 100644 --- a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java +++ b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java @@ -26,7 +26,7 @@ * @test * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 * 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136 - * 8223499 + * 8223499 8232019 * @summary Check root CA entries in cacerts file */ import java.io.File; @@ -50,7 +50,7 @@ public class VerifyCACerts { + File.separator + "security" + File.separator + "cacerts"; // The numbers of certs now. - private static final int COUNT = 88; + private static final int COUNT = 89; // map of cert alias to SHA-256 fingerprint @SuppressWarnings("serial") @@ -233,6 +233,8 @@ public class VerifyCACerts { "DD:69:36:FE:21:F8:F0:77:C1:23:A1:A5:21:C1:22:24:F7:22:55:B7:3E:03:A7:26:06:93:E8:A2:4B:0F:A3:89"); put("globalsignrootcar6 [jdk]", "2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69"); + put("luxtrustglobalroot2ca [jdk]", + "54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5"); } }; From d55174cdb221c91bf448b02a21f516f66818e4cf Mon Sep 17 00:00:00 2001 From: sgehwolf Date: Thu, 28 Nov 2019 10:43:35 -0800 Subject: [PATCH 25/37] 8233223: Add Amazon Root CA certificates Reviewed-by: clanger, andrew --- jdk/src/share/lib/security/cacerts | Bin 99841 -> 103147 bytes .../certification/AmazonCA.java | 552 ++++++++++++++++++ .../security/lib/cacerts/VerifyCACerts.java | 12 +- 3 files changed, 562 insertions(+), 2 deletions(-) create mode 100644 jdk/test/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java diff --git a/jdk/src/share/lib/security/cacerts b/jdk/src/share/lib/security/cacerts index 0578d6f2dd657e1e1d7cf003f9077e0aebddd7f9..2adbd1168cbce6caf2d09aad8bc80833fd3454d2 100644 GIT binary patch delta 3125 zcmbuB2T+sQ7ROT{^dg|4D24@T0)Es`o&_Tvkt$s}qChAD1_VA}A(RC-5^6*OVnkR7 zMV4y8U63wS5m1B$G&F$-p~K7ic4mEV-S^(?elut0yJhY@bN=`DpA(ykn5Q7P_ZIgS zArJ_R8O~MQ9TK3Ro4;E`05&)vAjHE>8RdA@)7KdSfu2u`?}k8F?Ud93EeHgz2gJd3 zfjF340UQQ}!2}V0`NaT zK?uTZtd#kf>&yYCAVT-^g~}oTk~tB;0vF`}*9^*%nF9)=i&6%}kvz)kfVzqX@cDB< z@~CP8%F5{9hX3c;Uptzp%O(L<<6?q3aWAKWDhy)GL!z*+hm*oqbA8tBBwRN`;-M$X zV2b#`0!)Ni^}RlgM(C5YF~fE?q=xD0$0W(NQ}gJxA4N8dd@9F>8^Sb?xaHs5i_@UY z7+;*$o7~*3IkXirns-}W>%>+i${gVr(HB#Ff3sr2K;(OKO}0086SeHXjmDQHn}(Nx ztdAMEO99D67R>q|!`k+6%K8wJQ;U?N-EYcG;<%W4)61Hpe9f zBNI5v%}AlzKXF}6#)X|T5ccv*)4iz!lDbxZEH)ozRY23=Cgrnk1u*OyeYv%I(XsB$ zR)*8{d_f9mS)NJXAnJ^N2Rb=+I#@coRtT+|EER2&&t&>5Tko75Y|}p~Sw6yN7)Tlk z#Rc^TW7I;iw)Q{4oTOdldL=~;-AuwzhNipNwU z?)%2{8&A|(O9a%WK6!??E1ZNFImqs*oNG#a>m>sV(it^gKRVj8E@4Bsz_&n+n= z=nXb4yCg3DLqQ8adU|{z*k(SwsC?{gWM$*w7dzt@)WdrDHgHF;YFOyYxH-<|_b%VH ziHZb|r39R)Y3+?yI=;(e!SA>2BKAlux|OPv165An=dxWTRX5nq{;l*CF~{#bN})x#!`k=~!zC%l@D9sTygeUDsI%J!ut3C{?W zi=Su0!7lWyJ2#j7p*K(^mC;isYx&v?VA zx-Rz2zZom;Y>kFJrdzXH@75@CC?KtkbNa0(EiSVUEMlVrP7f%?+RJ%&5wtQ7h=<6q z?7f|@_|+xAO73M-V3pMlX1J?5V_9JmKjm%t9}gNH2ZKUNAH;mmiz}MAJJj=jEhj=} z4g#;t<|RIIc)(Cd4Nfen+5xZadIaGpiT1s~BoBYJpo4$h+ST_lPaz0$cUg<~HV zOjWMekVR)roKdZ#yN44GJ;%_7nxsj3ftO0S&{n_b-;mjz(5ENYb%SSXyJV%YBa{y9 zc3nZ&b@SAN)M|gxgQB*$_v!K@UWB;Qey|FvfVNDQ2Fvh~yD=Umw^wEwYa)dz%{r=% zhPY@lEaq-+Dcn6URH7&&s#jG}Z5G7SY^VR~3Zl!Z>*1cSZjWwslqp|iaCn4$&n08t zvfCv&*TN%fR=XSO*|@>#5U2XKfTTh~@oMSj)63ecq6gi@>&Q<|R>@UdE)<~K@rzi& z0kL|~WJccOZ1~M0j!#FvlUS*FH+{ID>;*&2IlU5m7{7Fv;*@$_uGpv9mwIO4LCsvx za+--|o(M@y*1A5Ku+$kEdrF+{Db*%iVYY9O&&E*qx;Myqaeoa&dipIr_~w`qvGyGV zIcgW}{ION6vcKO&g1>F^QzML1hOKqwRomdiHixUth0y2@1UWBYm+dPh-5X(e!eB6S!CJXzv593_#V{%*TTbNt& zU`s0*c@MKT=by`O)GF+06NC;8r+P>k9)1Tzz4X!fql{`O@avr+l)==H&J5h|Iu1W; z;y0DU%mm%Iq0lb+jQ5Ky;eT01XO!CC((%8_s755Cgk1-INI_pHvf|l$mU6@7!3}*A zk4krjqSzRFki-Cl=JA*$v%Rc^b)Gv(>4+^Yazy3mIUgF^rSbbu- diff --git a/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java b/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java new file mode 100644 index 00000000000..6cb50066b6d --- /dev/null +++ b/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java @@ -0,0 +1,552 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8233223 + * @summary Interoperability tests with Amazon's CA1, CA2, CA3, and CA4 + * @build ValidatePathWithParams + * @run main/othervm -Djava.security.debug=certpath AmazonCA OCSP + * @run main/othervm -Djava.security.debug=certpath AmazonCA CRL + */ + +/* + * Obtain TLS test artifacts for Amazon CAs from: + * + * Amazon Root CA 1 + * Valid - https://good.sca1a.amazontrust.com/ + * Revoked - https://revoked.sca1a.amazontrust.com/ + * Amazon Root CA 2 + * Valid - https://good.sca2a.amazontrust.com/ + * Revoked - https://revoked.sca2a.amazontrust.com/ + * Amazon Root CA 3 + * Valid - https://good.sca3a.amazontrust.com/ + * Revoked - https://revoked.sca3a.amazontrust.com/ + * Amazon Root CA 4 + * Valid - https://good.sca4a.amazontrust.com/ + * Revoked - https://revoked.sca4a.amazontrust.com/ + */ +public class AmazonCA { + + public static void main(String[] args) throws Exception { + + ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); + boolean ocspEnabled = false; + + if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { + pathValidator.enableCRLCheck(); + } else { + // OCSP check by default + pathValidator.enableOCSPCheck(); + ocspEnabled = true; + } + + new AmazonCA_1().runTest(pathValidator, ocspEnabled); + new AmazonCA_2().runTest(pathValidator, ocspEnabled); + new AmazonCA_3().runTest(pathValidator, ocspEnabled); + new AmazonCA_4().runTest(pathValidator, ocspEnabled); + } +} + +class AmazonCA_1 { + + // Owner: CN=Amazon, OU=Server CA 1A, O=Amazon, C=US + // Issuer: CN=Amazon Root CA 1, O=Amazon, C=US + // Serial number: 67f9457508c648c09ca652e71791830e72592 + // Valid from: Wed Oct 21 17:00:00 PDT 2015 until: Sat Oct 18 17:00:00 PDT 2025 + private static final String INT = "-----BEGIN CERTIFICATE-----\n" + + "MIIERzCCAy+gAwIBAgITBn+UV1CMZIwJymUucXkYMOclkjANBgkqhkiG9w0BAQsF\n" + + "ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\n" + + "b24gUm9vdCBDQSAxMB4XDTE1MTAyMjAwMDAwMFoXDTI1MTAxOTAwMDAwMFowRjEL\n" + + "MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENB\n" + + "IDFBMQ8wDQYDVQQDEwZBbWF6b24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + + "AoIBAQCeQM3XCsIZunv8bSJxOqkc/ed87uL76FDB7teBNThDRB+1J7aITuadbNfH\n" + + "5ZfZykrdZ1qQLKxP6DwHOmJr9u2b4IxjUX9qUMuq4B02ghD2g6yU3YivEosZ7fpo\n" + + "srD2TBN29JpgPGrOrpOE+ArZuIpBjdKFinemu6fTDD0NCeQlfyHXd1NOYyfYRLTa\n" + + "xlpDqr/2M41BgSkWQfSPHHyRWNQgWBiGsIQaS8TK0g8OWi1ov78+2K9DWT+AHgXW\n" + + "AanjZK91GfygPXJYSlAGxSiBAwH/KhAMifhaoFYAbH0Yuohmd85B45G2xVsop4TM\n" + + "Dsl007U7qnS7sdJ4jYGzEvva/a95AgMBAAGjggE5MIIBNTASBgNVHRMBAf8ECDAG\n" + + "AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUYtRCXoZwdWqQvMa40k1g\n" + + "wjS6UTowHwYDVR0jBBgwFoAUhBjMhTTsvAyUlC4IWZzHshBOCggwewYIKwYBBQUH\n" + + "AQEEbzBtMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5yb290Y2ExLmFtYXpvbnRy\n" + + "dXN0LmNvbTA6BggrBgEFBQcwAoYuaHR0cDovL2NydC5yb290Y2ExLmFtYXpvbnRy\n" + + "dXN0LmNvbS9yb290Y2ExLmNlcjA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3Js\n" + + "LnJvb3RjYTEuYW1hem9udHJ1c3QuY29tL3Jvb3RjYTEuY3JsMBEGA1UdIAQKMAgw\n" + + "BgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEAMHbSWHRFMzGNIE0qhN6gnRahTrTU\n" + + "CDPwe7l9/q0IA+QBlrpUHnlAreetYeH1jB8uF3qXXzy22gpBU7NqulTkqSPByT1J\n" + + "xOhpT2FpO5R3VAdMPdWfSEgtrED0jkmyUQrR1T+/A+nBLdJZeQcl+OqLgeY790JM\n" + + "JJTsJnnI6FBWeTGhcDI4Y+n3KS3QCVePeWI7jx1dhrHcXH+QDX8Ywe31hV7YENdr\n" + + "HDpUXrjK6eHN8gazy8G6pndXHFwHp4auiZbJbYAk/q1peOTRagD2JojcLkm+i3cD\n" + + "843t4By6YT/PVlePU2PCWejkrJQnKQAPOov7IA8kuO2RDWuzE/zF6Hotdg==\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=good.sca1a.amazontrust.com, O=Amazon Trust Services, L=Seattle, ST=Washington, C=US, \ + // SERIALNUMBER=5846743, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, \ + // OID.1.3.6.1.4.1.311.60.2.1.3=US + // Issuer: CN=Amazon, OU=Server CA 1A, O=Amazon, C=US + // Serial number: 703e4e4bbd78e2b6db5634f36c4ee944cb1a4 + // Valid from: Mon Jul 29 16:53:36 PDT 2019 until: Sat Aug 29 16:53:36 PDT 2020 + private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIFEzCCA/ugAwIBAgITBwPk5LvXjitttWNPNsTulEyxpDANBgkqhkiG9w0BAQsF\n" + + "ADBGMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2\n" + + "ZXIgQ0EgMUExDzANBgNVBAMTBkFtYXpvbjAeFw0xOTA3MjkyMzUzMzZaFw0yMDA4\n" + + "MjkyMzUzMzZaMIHaMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwC\n" + + "AQITCERlbGF3YXJlMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjEQMA4G\n" + + "A1UEBRMHNTg0Njc0MzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x\n" + + "EDAOBgNVBAcTB1NlYXR0bGUxHjAcBgNVBAoTFUFtYXpvbiBUcnVzdCBTZXJ2aWNl\n" + + "czEjMCEGA1UEAxMaZ29vZC5zY2ExYS5hbWF6b250cnVzdC5jb20wggEiMA0GCSqG\n" + + "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQyuJ83c2Zf9k29f6iLqd8nJSuHSk1v+SS\n" + + "0sYyG8tjscfCC1HcOdNj37vtiNN65sXh/e/kBKH9wvzhCLOJbBqVKRHOZuHdJEpH\n" + + "35R6C/PbcV/tp49g6mNmBe+lcmm/cwwCtYvkL0rgL/OKB0liFhhRIqy2TPg08op/\n" + + "RlY2DdbgBA2B3g7wdMo0hK3SO56/QUccUtLRm43km9Yd4E3U+CEUyDd0Bmc/YbPa\n" + + "htuXVsXJwiwlwooomujIIENhFw3htdcsu2apRj8EYUrKL8Mvvn+h16gDyobj0f01\n" + + "jWXlUgmH2lzUzca5eGuphfvmWN/ME/yqC2mMvWGnWySycqtT8VdJAgMBAAGjggFj\n" + + "MIIBXzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0OBBYEFFENOZBwFkjVdQX0iK32c77z\n" + + "SUl6MB8GA1UdIwQYMBaAFGLUQl6GcHVqkLzGuNJNYMI0ulE6MB0GA1UdJQQWMBQG\n" + + "CCsGAQUFBwMBBggrBgEFBQcDAjB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGG\n" + + "IWh0dHA6Ly9vY3NwLnNjYTFhLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYq\n" + + "aHR0cDovL2NydC5zY2ExYS5hbWF6b250cnVzdC5jb20vc2NhMWEuY2VyMCUGA1Ud\n" + + "EQQeMByCGmdvb2Quc2NhMWEuYW1hem9udHJ1c3QuY29tMFAGA1UdIARJMEcwDQYL\n" + + "YIZIAYb9bgEHGAMwNgYFZ4EMAQEwLTArBggrBgEFBQcCARYfaHR0cHM6Ly93d3cu\n" + + "YW1hem9udHJ1c3QuY29tL2NwczANBgkqhkiG9w0BAQsFAAOCAQEAmn7z6Ub1sL77\n" + + "wyUEaCq/Odqm+2RtYYMJ1MeW6nTXTfAgZ/iLx/6hStafd9AK9gHiTCggBpj6KgnF\n" + + "UsGMDeX879jP675fH6SEk710QPDhIrfAzwE0pF/eUNsd7pLwne32zHX0ouCoAt4d\n" + + "KwBCZkKNUkdj4U+bpOJzvtcTP9JlzziLp9IFRjjQh3xKgfblx57CmRJbqH3fT5JJ\n" + + "IAIDVTz3ZUcqhPTFAnNsO1oNBEyrO5X9rwCiSy7aRijY/11R75mIIvyA9zyd9ss1\n" + + "kvrrER0GWMTDvC84FZD2vhkXgPTFrB1Dn9f3QgO5APT9GCFY5hdpqqPEXOSdRzQo\n" + + "h9j4OQAqtA==\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=revoked.sca1a.amazontrust.com, O=Amazon Trust Services, L=Seattle, ST=Washington, C=US, \ + // SERIALNUMBER=5846743, OID.2.5.4.15=PrivateOrganization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, \ + // OID.1.3.6.1.4.1.311.60.2.1.3=US + // Issuer: CN=Amazon, OU=Server CA 1A, O=Amazon, C=US + // Serial number: 6f1d774ad5e7b6d251d217661782bbdb6f37d + // Valid from: Mon Jan 28 15:34:38 PST 2019 until: Thu Apr 28 16:34:38 PDT 2022 + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIE2zCCA8OgAwIBAgITBvHXdK1ee20lHSF2YXgrvbbzfTANBgkqhkiG9w0BAQsF\n" + + "ADBGMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2\n" + + "ZXIgQ0EgMUExDzANBgNVBAMTBkFtYXpvbjAeFw0xOTAxMjgyMzM0MzhaFw0yMjA0\n" + + "MjgyMzM0MzhaMIHcMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwC\n" + + "AQITCERlbGF3YXJlMRwwGgYDVQQPExNQcml2YXRlT3JnYW5pemF0aW9uMRAwDgYD\n" + + "VQQFEwc1ODQ2NzQzMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQ\n" + + "MA4GA1UEBxMHU2VhdHRsZTEeMBwGA1UEChMVQW1hem9uIFRydXN0IFNlcnZpY2Vz\n" + + "MSYwJAYDVQQDEx1yZXZva2VkLnNjYTFhLmFtYXpvbnRydXN0LmNvbTCCASIwDQYJ\n" + + "KoZIhvcNAQEBBQADggEPADCCAQoCggEBANUoHop9sW+QlgVsdtacioraTAWHcSTd\n" + + "MNkOkOEMgJIFPyfdcDvW/H2NvpdYeIQqzaCgT2kcsONWTZTPJMirCPnzl1ohHOZU\n" + + "uTnOVkamGxvNmQCURLBXmlCMRTCI5RY3CuYntFFbSPAnbumsF+K/gKqcE6ME53Bw\n" + + "PAwn4qwavB0i5Ib7Jk8XYzxSYXC9l8QLxt6fshPJRlecpXzfmVFvMAm3IbaLcpuv\n" + + "AtD+8I2KwjNtBPRPNYeFsWxwsgUGAyHEGa61oTGUqqAXu5YmPfyK+YTOJdoofsh4\n" + + "Tf3K7AKxnPWuvY3RNTs1pzEVwJYZqSsNwbgyKJJ4+0Xe4iP7qB8SYf8CAwEAAaOC\n" + + "ASkwggElMA4GA1UdDwEB/wQEAwIFoDAdBgNVHQ4EFgQUGHreoz+LP/Wr+RKzuexO\n" + + "V8ICtmEwHwYDVR0jBBgwFoAUYtRCXoZwdWqQvMa40k1gwjS6UTowHQYDVR0lBBYw\n" + + "FAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGCCsGAQUFBwEBBGkwZzAtBggrBgEFBQcw\n" + + "AYYhaHR0cDovL29jc3Auc2NhMWEuYW1hem9udHJ1c3QuY29tMDYGCCsGAQUFBzAC\n" + + "hipodHRwOi8vY3J0LnNjYTFhLmFtYXpvbnRydXN0LmNvbS9zY2ExYS5jZXIwKAYD\n" + + "VR0RBCEwH4IdcmV2b2tlZC5zY2ExYS5hbWF6b250cnVzdC5jb20wEwYDVR0gBAww\n" + + "CjAIBgZngQwBAgEwDQYJKoZIhvcNAQELBQADggEBABSbe1UCLL7Qay6XK5wD8B5a\n" + + "wvR1XG3UrggpVIz/w5cutEm/yE71hzE0gag/3YPbNYEnaLbJH+9jz4YW9wd/cEPj\n" + + "xSK5PErAQjCd+aA4LKN1xqkSysgYknl0y47hJBXGnWf+hxvBBHeSoUzM0KIC21pC\n" + + "ZyXrmfaPCQAz13ruYIYdQaETqXGVORmKbf/a+Zn18/tfQt0LeeCYVoSopbXWQvcJ\n" + + "gUMtdIqYQmb8aVj0pdZXwKl4yZ2DtlS3Z9MpWNgQNlhRPmiYlu28y2yTtZ9SwD6m\n" + + "2f+cwc19aJrDT4Y280px+jRU7dIE6oZVJU+yBRVIZYpUFAB7extCMVxnTkCf8Dk=\n" + + "-----END CERTIFICATE-----"; + + public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) throws Exception { + // EE certificates don't have CRLDP extension + if (!ocspEnabled){ + pathValidator.validate(new String[]{INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + return; + } + + // Validate valid + pathValidator.validate(new String[]{VALID, INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Validate Revoked + pathValidator.validate(new String[]{REVOKED, INT}, + ValidatePathWithParams.Status.REVOKED, + "Mon Jan 28 15:35:56 PST 2019", System.out); + } +} + +class AmazonCA_2 { + + // Owner: CN=Amazon, OU=Server CA 2A, O=Amazon, C=US + // Issuer: CN=Amazon Root CA 2, O=Amazon, C=US + // Serial number: 67f945755f187a91f8163f3e624620177ff38 + // Valid from: Wed Oct 21 17:00:00 PDT 2015 until: Sat Oct 18 17:00:00 PDT 2025 + private static final String INT = "-----BEGIN CERTIFICATE-----\n" + + "MIIGRzCCBC+gAwIBAgITBn+UV1Xxh6kfgWPz5iRiAXf/ODANBgkqhkiG9w0BAQwF\n" + + "ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\n" + + "b24gUm9vdCBDQSAyMB4XDTE1MTAyMjAwMDAwMFoXDTI1MTAxOTAwMDAwMFowRjEL\n" + + "MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENB\n" + + "IDJBMQ8wDQYDVQQDEwZBbWF6b24wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK\n" + + "AoICAQC0P8hSLewmrZ41CCPBQytZs5NBFMq5ztbnMf+kZUp9S25LPfjNW3zgC/6E\n" + + "qCTWNVMMHhq7ez9IQJk48qbfBTLlZkuKnUWbA9vowrDfcxUN0mRE4B/TJbveXyTf\n" + + "vE91iDlqDrERecE9D8sdjzURrtHTp27lZdRkXFvfEVCq4hl3sHkzjodisaQthLp1\n" + + "gLsiA7vKt+8zcL4Aeq52UyYb8r4/jdZ3KaQp8O/T4VwDCRKm8ey3kttpJWaflci7\n" + + "eRzNjY7gE3NMANVXCeQwOBfH2GjINFCObmPsqiBuoAnsv2k5aQLNoU1OZk08ClXm\n" + + "mEZ2rI5qZUTX1HuefBJnpMkPugFCw8afaHnB13SkLE7wxX8SZRdDIe5WiwyDL1tR\n" + + "2+8lpz4JsMoFopHmD3GaHyjbN+hkOqHgLltwewOsiyM0u3CZphypN2KeD+1FLjnY\n" + + "TgdIAd1FRgK2ZXDDrEdjnsSEfShKf0l4mFPSBs9E3U6sLmubDRXKLLLpa/dF4eKu\n" + + "LEKS1bXYT28iM6D5gSCnzho5G4d18jQD/slmc5XmRo5Pig0RyBwDaLuxeIZuiJ0A\n" + + "J6YFhffbrLYF5dEQl0cU+t3VBK5u/o1WkWXsZawU038lWn/AXerodT/pAcrtWA4E\n" + + "NQEN09WEKMhZVPhqdwhF/Gusr04mQtKt7T2v6UMQvtVglv5E7wIDAQABo4IBOTCC\n" + + "ATUwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYE\n" + + "FNpDStD8AcBLv1gnjHbNCoHzlC70MB8GA1UdIwQYMBaAFLAM8Eww9AVYAkj9M+VS\n" + + "r0uE42ZSMHsGCCsGAQUFBwEBBG8wbTAvBggrBgEFBQcwAYYjaHR0cDovL29jc3Au\n" + + "cm9vdGNhMi5hbWF6b250cnVzdC5jb20wOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcnQu\n" + + "cm9vdGNhMi5hbWF6b250cnVzdC5jb20vcm9vdGNhMi5jZXIwPwYDVR0fBDgwNjA0\n" + + "oDKgMIYuaHR0cDovL2NybC5yb290Y2EyLmFtYXpvbnRydXN0LmNvbS9yb290Y2Ey\n" + + "LmNybDARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQEMBQADggIBAEO5W+iF\n" + + "yChjDyyrmiwFupVWQ0Xy2ReFNQiZq7XKVHvsLQe01moSLnxcBxioOPBKt1KkZO7w\n" + + "Gcbmke0+7AxLaG/F5NPnzRtK1/pRhXQ0XdU8pVh/1/h4GoqRlZ/eN0JDarUhZPkV\n" + + "kSr96LUYDTxcsAidF7zkzWfmtcJg/Aw8mi14xKVEa6aVyKu54c8kKkdlt0WaigOv\n" + + "Z/xYhxp24AfoFKaIraDNdsD8q2N7eDYeN4WGLzNSlil+iFjzflI9mq1hTuI/ZNjV\n" + + "rbvob6FUQ8Cc524gMjbpZCNuZ1gfXzwwhGp0AnQF6CJsWF9uwPpZEVFnnnfiWH3M\n" + + "oup41EvBhqaAqOlny0sm5pI82nRUCAE3DLkJ1+eAtdQaYblZQkQrRyTuPmJEm+5y\n" + + "QwdDVw6uHc5OsSj/tyhh8zJ2Xq3zgh3dMONGjJEysxGaCoIb+61PWwMy2dIarVwI\n" + + "r+c+AY+3PrhgBspNdWZ87JzNHii7ksdjUSVGTTy1vGXgPYrv0lp0IMnKaZP58xiw\n" + + "rDx7uTlQuPVWNOZvCaT3ZcoxTsNKNscIUe+WJjWx5hdzpv/oksDPY5ltZ0j3hlDS\n" + + "D+Itk95/cNJVRM/0HpxI1SX9MTZtOSJoEDdUtOpVaOuBAvEK4gvTzdt0r5L+fuI6\n" + + "o5LAuRo/LO1xVRH49KFRoaznzU3Ch9+kbPb3\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=good.sca2a.amazontrust.com, O=Amazon Trust Services, L=Seattle, ST=Washington, C=US, \ + // SERIALNUMBER=5846743, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, \ + // OID.1.3.6.1.4.1.311.60.2.1.3=US + // Issuer: CN=Amazon, OU=Server CA 2A, O=Amazon, C=US + // Serial number: 703e4e70616c90d611fd04a5ecc635665184e + // Valid from: Mon Jul 29 16:54:06 PDT 2019 until: Sat Aug 29 16:54:06 PDT 2020 + private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIHEzCCBPugAwIBAgITBwPk5wYWyQ1hH9BKXsxjVmUYTjANBgkqhkiG9w0BAQwF\n" + + "ADBGMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2\n" + + "ZXIgQ0EgMkExDzANBgNVBAMTBkFtYXpvbjAeFw0xOTA3MjkyMzU0MDZaFw0yMDA4\n" + + "MjkyMzU0MDZaMIHaMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwC\n" + + "AQITCERlbGF3YXJlMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjEQMA4G\n" + + "A1UEBRMHNTg0Njc0MzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x\n" + + "EDAOBgNVBAcTB1NlYXR0bGUxHjAcBgNVBAoTFUFtYXpvbiBUcnVzdCBTZXJ2aWNl\n" + + "czEjMCEGA1UEAxMaZ29vZC5zY2EyYS5hbWF6b250cnVzdC5jb20wggIiMA0GCSqG\n" + + "SIb3DQEBAQUAA4ICDwAwggIKAoICAQC+XjOB3ZCFX+b9y9reP+e6EAQz4ytiMSqU\n" + + "O4s5MyYLkY6n4BIZHmgWeQ2IgW1VrH8ho+Iu3UsTiuhd3/L/q/w+T0OJfcrWngTs\n" + + "uVcIuvUr32ObPeeWbg/m/lkN7hqH1jY62iybYVrFXiLo1+0G92PUazcyNvyA20+G\n" + + "HsvGG5jlArWNgRLdc8KUXxvnDUxx5vu4jeHEZnqSwuulV1h9ve0UutkmoK0Sk7Rz\n" + + "HMxYK0LmUT5OvcNQSkUi5nLi+M1FxnYYgsELwSiKSSEDfEdgxooMAiVTgw51Q/DB\n" + + "lTOjAIDL3K3J0yGfIG3bwLvE1qz2Z5yWn8f3JibIah7LrC4PiZDDLHFM6V9l+YqU\n" + + "RqimJ5BltSyAx7bxQNZ1AW3Lxvvm894i4k6/Vdf1CDovRuTMPCDAQmKA/A/AQ7TN\n" + + "q3bBimX6UyuJu0I8RyvAYKzFhOOqe4vXrbndTbje/jnzTNQPeIIcuRa9cgXTOrbw\n" + + "86FTUKj6AZXihRWjKWsQpDwdgE0tQETZ3ynCXfbBKfFmn0MSjeX0CEEAZdYHR8EV\n" + + "F271Yt7UJjS/FP702aHTOWk7zFbIRfFQODvBhn0I8p/Stk2sDq4/YsbXVZOe3+ad\n" + + "YavoiODGSAH6ZcZzULumgK9eii0koAOPB/xqXnkcTS63gEHOKjLQl3hqdVZRCugv\n" + + "1CwUXLvoSwIDAQABo4IBYzCCAV8wDgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBTa\n" + + "j6dHgPdOxTGLcwaNDeaMnlSxNjAfBgNVHSMEGDAWgBTaQ0rQ/AHAS79YJ4x2zQqB\n" + + "85Qu9DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYIKwYBBQUHAQEE\n" + + "aTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5zY2EyYS5hbWF6b250cnVzdC5j\n" + + "b20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuc2NhMmEuYW1hem9udHJ1c3QuY29t\n" + + "L3NjYTJhLmNlcjAlBgNVHREEHjAcghpnb29kLnNjYTJhLmFtYXpvbnRydXN0LmNv\n" + + "bTBQBgNVHSAESTBHMA0GC2CGSAGG/W4BBxgDMDYGBWeBDAEBMC0wKwYIKwYBBQUH\n" + + "AgEWH2h0dHBzOi8vd3d3LmFtYXpvbnRydXN0LmNvbS9jcHMwDQYJKoZIhvcNAQEM\n" + + "BQADggIBAE6RwZAZvN0i9ygwzqoX9DhSPtvZ3xIO0G0Bhgjkb986+p8XJstU3gEM\n" + + "8P2i1J/YthXCnRGedm+Odxx+31G6xIYfP5S5g7HyRGkj/aXNXy4s3KjH8HJgOY9N\n" + + "ra3XfC05OKq5FpyZQDZ+hxCdLrH3Gs+UxREbu+LuIKUpI7nMVEjn9XynKyOdKN21\n" + + "Kq5VsuI0fDWCYvUN1M+lI/LgE5HbNJVQJs+dB7g1/kaOeaLia7Wk1ys+uRzB58rp\n" + + "FKAoLk++HWTfNDkbN8vKRfHhJ/xhI9ju3TWcci6EyFVAym1C62UkJNI0KHgQ+zc7\n" + + "nl1tv/ytj8N/eJoysyp23lJ5qrVetlQORfgXryGkWBMYBvYF8zbBb/f+UXHDKVWt\n" + + "9l1lL6HQGY/tTo253pj6/FgDD35bZdjLQeUVmbnz679S5oUmoH5ZtSdnpUTghU3p\n" + + "bae9adBFY9S1pm50Q3ckRVBAwNqNmI0KKUh14Ms8KSAUHg19NvGsBonqwOT2rdbv\n" + + "xZ47N6c2eCl/cjMvzre0v0NoUO+3og2GHeAoOwVos6480YDbMqp739tOFPxBcsII\n" + + "6SjpDVh+14dkSW6kEKeaCFLR+eChqutri1VQbQ49nmADQWw9Al8vBytSnPv0YN6W\n" + + "XfIE1Qj7YmHu/UuoeKVsqDqoP/no29+96dtfd4afJqlIoyZUqXpt\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=revoked.sca2a.amazontrust.com, O=Amazon Trust Services, L=Seattle, ST=Washington, C=US, \ + // SERIALNUMBER=5846743, OID.2.5.4.15=PrivateOrganization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, \ + // OID.1.3.6.1.4.1.311.60.2.1.3=US + //Issuer: CN=Amazon, OU=Server CA 2A, O=Amazon, C=US + //Serial number: 6f1d782c0aa2f4866b7b522c279b939b92369 + //Valid from: Mon Jan 28 15:37:45 PST 2019 until: Thu Apr 28 16:37:45 PDT 2022 + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIG2zCCBMOgAwIBAgITBvHXgsCqL0hmt7Uiwnm5ObkjaTANBgkqhkiG9w0BAQwF\n" + + "ADBGMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2\n" + + "ZXIgQ0EgMkExDzANBgNVBAMTBkFtYXpvbjAeFw0xOTAxMjgyMzM3NDVaFw0yMjA0\n" + + "MjgyMzM3NDVaMIHcMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwC\n" + + "AQITCERlbGF3YXJlMRwwGgYDVQQPExNQcml2YXRlT3JnYW5pemF0aW9uMRAwDgYD\n" + + "VQQFEwc1ODQ2NzQzMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQ\n" + + "MA4GA1UEBxMHU2VhdHRsZTEeMBwGA1UEChMVQW1hem9uIFRydXN0IFNlcnZpY2Vz\n" + + "MSYwJAYDVQQDEx1yZXZva2VkLnNjYTJhLmFtYXpvbnRydXN0LmNvbTCCAiIwDQYJ\n" + + "KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKFm418X8hN1YTgD2XpMb4sp78mw8k3j\n" + + "Dq/vnpX48evVUzNpHpy4qRz/ZHBR4HUJO4lhfnX+CO0uRqqqx4F0JZRQB3KevaU8\n" + + "QGWHdJGhEddnurDhrgOUa+ZroqUnMCsTJfbyGtC6aiEXeu/eMhEUFkuBxJH1JtwD\n" + + "dQXMXuMjG07SVjOkhTkbMDzA/YbUqkDeOIybifDuvA5LEsl+kReY0b6RYFo2Tt/M\n" + + "dPhJD8q3Wsu+XCiCnbpcwlEVGxiD2RVRXJJ9o3ALGOxqU69V+lYS0kkwNHT7oV9J\n" + + "rhgt7iOCq0aoTAxu2j4FCp0JHNhGoW9pXoMXnmS6kK80hzLNYDxvKEaVaKkiYHw5\n" + + "CV0Vwii05ICa14nrStH/jcRNLyU+gp+6OeerPV3jpKWshGKWewF+2UiWU2WHTSrd\n" + + "Wis0/qEfFK/kSraAxpd+KavEEavKeudoMAHIxMACOk9E/fF5zhd2y4G1q1BdoRlR\n" + + "KP4GIV2v6qH6Ru2mNSuge9il6kDXxFNucrYKLDbAqkqalohkvDavcPoG9gZT3etv\n" + + "4IcgJriIWRxbJwKPpwJM+6wa6RpwoeJMuEp3ZBP7KDaQ8YX4rlf4zXLAsOKCNA9K\n" + + "OS/qYQ/I4g0E1WhfgEKClaLPS2u7jeVR6s1t4txGo4vq5Dkt17KTCew/WsX3rckf\n" + + "a2p5zvFcfpCNAgMBAAGjggEpMIIBJTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0OBBYE\n" + + "FAF8N1wV8EoYFkMXH6tEnmR/7vI+MB8GA1UdIwQYMBaAFNpDStD8AcBLv1gnjHbN\n" + + "CoHzlC70MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BggrBgEFBQcB\n" + + "AQRpMGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnNjYTJhLmFtYXpvbnRydXN0\n" + + "LmNvbTA2BggrBgEFBQcwAoYqaHR0cDovL2NydC5zY2EyYS5hbWF6b250cnVzdC5j\n" + + "b20vc2NhMmEuY2VyMCgGA1UdEQQhMB+CHXJldm9rZWQuc2NhMmEuYW1hem9udHJ1\n" + + "c3QuY29tMBMGA1UdIAQMMAowCAYGZ4EMAQIBMA0GCSqGSIb3DQEBDAUAA4ICAQBC\n" + + "VwR1NFk1IYIF4cjU7ML1aj8OIn+8mtakGQnuSJLK6ypSysINJBS48ZDdP6XZXvyD\n" + + "iTS0xEAPjAZHTqrABdNYmvJeL2RnN99DIwVzBpZp4NLTXbiSW7jb0Y5cEPDGJMOo\n" + + "SUAAM6fsiPRfz5vX4XVPznbcF2AwE/NVV+L3n9LVRt7qv2VqIEvLioR56Dq+5ofR\n" + + "4bw0BVlEYWF4Gsy7WDDTL1iLNBUwZTqBHwTv0fgDRiPqb/odmLQuRANwcJy8B8Zr\n" + + "s/yX4SeESaRdA82lAlQilksQitXS2qvQN06GEDOgUxYE6EabFdgklV5JypKqdOly\n" + + "vzpaDpF3z5W8Bj3D4fns1Kjrh1pPh5JRvg+616diKnQRt4X5q+EtmnXhDvIGMISI\n" + + "FuGwj57CNQ2x2MY2HHKWPrOccpQfEEvoSNR+ntYWrtSSttZq948O+zZBk1TXWuXV\n" + + "TVXllqTg8lp6d5cfKgvtHKgt98WkpPOcLVrNuVnMAIfDw6ar54dVKqrvkeEcF6mJ\n" + + "7oMKjJX/Vu9lYoGViBIfdeqcCPWSI8BpnCKaG7dTQO3Q1ObGmLdGBRlsRh+d+S5l\n" + + "Fq326ckbjx537e5/ai31lOR7OwVh9TDweKLqIACjs987C0EJSEfoOue25WRww2va\n" + + "iX9SrTPm4GxQ2OJgYwx0+HbezJXFN+dhaOFUavTSFw==\n" + + "-----END CERTIFICATE-----"; + + public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) throws Exception { + // EE certificates don't have CRLDP extension + if (!ocspEnabled){ + pathValidator.validate(new String[]{INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + return; + } + + // Validate valid + pathValidator.validate(new String[]{VALID, INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Validate Revoked + pathValidator.validate(new String[]{REVOKED, INT}, + ValidatePathWithParams.Status.REVOKED, + "Mon Jan 28 15:38:57 PST 2019", System.out); + } +} + +class AmazonCA_3 { + + // Owner: CN=Amazon, OU=Server CA 3A, O=Amazon, C=US + // Issuer: CN=Amazon Root CA 3, O=Amazon, C=US + // Serial number: 67f945758fe55b9ee3f75831d47f07d226c8a + // Valid from: Wed Oct 21 17:00:00 PDT 2015 until: Sat Oct 18 17:00:00 PDT 2025 + private static final String INT = "-----BEGIN CERTIFICATE-----\n" + + "MIICuzCCAmGgAwIBAgITBn+UV1j+VbnuP3WDHUfwfSJsijAKBggqhkjOPQQDAjA5\n" + + "MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g\n" + + "Um9vdCBDQSAzMB4XDTE1MTAyMjAwMDAwMFoXDTI1MTAxOTAwMDAwMFowRjELMAkG\n" + + "A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENBIDNB\n" + + "MQ8wDQYDVQQDEwZBbWF6b24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATYcYsK\n" + + "mYdR0Gj8Xz45E/lfcTTnXhg2EtAIYBIHyXv/ZQyyyCas1aptX/I5T1coT6XK181g\n" + + "nB8hADuKfWlNoIYRo4IBOTCCATUwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8B\n" + + "Af8EBAMCAYYwHQYDVR0OBBYEFATc4JXl6LlrlKHvjFsxHhN+VZfaMB8GA1UdIwQY\n" + + "MBaAFKu229cGnjesMIYHkXDHnMQZsXjAMHsGCCsGAQUFBwEBBG8wbTAvBggrBgEF\n" + + "BQcwAYYjaHR0cDovL29jc3Aucm9vdGNhMy5hbWF6b250cnVzdC5jb20wOgYIKwYB\n" + + "BQUHMAKGLmh0dHA6Ly9jcnQucm9vdGNhMy5hbWF6b250cnVzdC5jb20vcm9vdGNh\n" + + "My5jZXIwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NybC5yb290Y2EzLmFtYXpv\n" + + "bnRydXN0LmNvbS9yb290Y2EzLmNybDARBgNVHSAECjAIMAYGBFUdIAAwCgYIKoZI\n" + + "zj0EAwIDSAAwRQIgOl/vux0qfxNm05W3eofa9lKwz6oKvdu6g6Sc0UlwgRcCIQCS\n" + + "WSQ6F6JHLoeOWLyFFF658eNKEKbkEGMHz34gLX/N3g==\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=good.sca3a.amazontrust.com, O=Amazon Trust Services, L=Seattle, ST=Washington, C=US, \ + // SERIALNUMBER=5846743, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, \ + // OID.1.3.6.1.4.1.311.60.2.1.3=US + // Issuer: CN=Amazon, OU=Server CA 3A, O=Amazon, C=US + // Serial number: 703e4e9bbc2605f37967a0e95f31f4789a677 + // Valid from: Mon Jul 29 16:54:43 PDT 2019 until: Sat Aug 29 16:54:43 PDT 2020 + private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIDhzCCAy2gAwIBAgITBwPk6bvCYF83lnoOlfMfR4mmdzAKBggqhkjOPQQDAjBG\n" + + "MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg\n" + + "Q0EgM0ExDzANBgNVBAMTBkFtYXpvbjAeFw0xOTA3MjkyMzU0NDNaFw0yMDA4Mjky\n" + + "MzU0NDNaMIHaMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQIT\n" + + "CERlbGF3YXJlMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjEQMA4GA1UE\n" + + "BRMHNTg0Njc0MzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO\n" + + "BgNVBAcTB1NlYXR0bGUxHjAcBgNVBAoTFUFtYXpvbiBUcnVzdCBTZXJ2aWNlczEj\n" + + "MCEGA1UEAxMaZ29vZC5zY2EzYS5hbWF6b250cnVzdC5jb20wWTATBgcqhkjOPQIB\n" + + "BggqhkjOPQMBBwNCAARl4yxf8XcvWR0LZ+YuBC0CpkwtU2NiMdlIM7eX0lxhQp53\n" + + "NpLlCrPRNzOWrjCJDdn21D0u7PrtN94UHLHOg9X0o4IBYzCCAV8wDgYDVR0PAQH/\n" + + "BAQDAgeAMB0GA1UdDgQWBBT2cHmOJFLWfg1Op7xAdAnqYcwaPzAfBgNVHSMEGDAW\n" + + "gBQE3OCV5ei5a5Sh74xbMR4TflWX2jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\n" + + "BQUHAwIwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5z\n" + + "Y2EzYS5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuc2Nh\n" + + "M2EuYW1hem9udHJ1c3QuY29tL3NjYTNhLmNlcjAlBgNVHREEHjAcghpnb29kLnNj\n" + + "YTNhLmFtYXpvbnRydXN0LmNvbTBQBgNVHSAESTBHMA0GC2CGSAGG/W4BBxgDMDYG\n" + + "BWeBDAEBMC0wKwYIKwYBBQUHAgEWH2h0dHBzOi8vd3d3LmFtYXpvbnRydXN0LmNv\n" + + "bS9jcHMwCgYIKoZIzj0EAwIDSAAwRQIgURdcqJVr4PWNIkmWcSKmzgZ1i94hQpGe\n" + + "mWbE9osk4m0CIQDhxIguihwvDa5RsBwdM0aRDgGKLNHigGqJoKqgH0d2qg==\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=revoked.sca3a.amazontrust.com, O=Amazon Trust Services, L=Seattle, ST=Washington, C=US, \ + // SERIALNUMBER=5846743, OID.2.5.4.15=PrivateOrganization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, \ + // OID.1.3.6.1.4.1.311.60.2.1.3=US + // Issuer: CN=Amazon, OU=Server CA 3A, O=Amazon, C=US + // Serial number: 6f1d78cf0ca64ce7f551a6f2a0715cc0e8b50 + // Valid from: Mon Jan 28 15:40:01 PST 2019 until: Thu Apr 28 16:40:01 PDT 2022 + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIDTzCCAvWgAwIBAgITBvHXjPDKZM5/VRpvKgcVzA6LUDAKBggqhkjOPQQDAjBG\n" + + "MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg\n" + + "Q0EgM0ExDzANBgNVBAMTBkFtYXpvbjAeFw0xOTAxMjgyMzQwMDFaFw0yMjA0Mjgy\n" + + "MzQwMDFaMIHcMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQIT\n" + + "CERlbGF3YXJlMRwwGgYDVQQPExNQcml2YXRlT3JnYW5pemF0aW9uMRAwDgYDVQQF\n" + + "Ewc1ODQ2NzQzMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4G\n" + + "A1UEBxMHU2VhdHRsZTEeMBwGA1UEChMVQW1hem9uIFRydXN0IFNlcnZpY2VzMSYw\n" + + "JAYDVQQDEx1yZXZva2VkLnNjYTNhLmFtYXpvbnRydXN0LmNvbTBZMBMGByqGSM49\n" + + "AgEGCCqGSM49AwEHA0IABJNl90Jq0wddpFj+JbLtmvGR/1geL5t1tvV406jGpYn2\n" + + "C5lAFjwASFy7pAnazZbfSkIDUU2i2XU0+7Cs+j1S/EOjggEpMIIBJTAOBgNVHQ8B\n" + + "Af8EBAMCB4AwHQYDVR0OBBYEFPhX3dYays5Sps0xTgouLkZzYLg4MB8GA1UdIwQY\n" + + "MBaAFATc4JXl6LlrlKHvjFsxHhN+VZfaMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr\n" + + "BgEFBQcDAjB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3Nw\n" + + "LnNjYTNhLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYqaHR0cDovL2NydC5z\n" + + "Y2EzYS5hbWF6b250cnVzdC5jb20vc2NhM2EuY2VyMCgGA1UdEQQhMB+CHXJldm9r\n" + + "ZWQuc2NhM2EuYW1hem9udHJ1c3QuY29tMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoG\n" + + "CCqGSM49BAMCA0gAMEUCICLb16/50S4fOAFafi5lagdx7q6EDPPm596g19eQDMXk\n" + + "AiEAksCMLypRB4t30FABlsEjhVCBIxay0iIer2OcCIrhfEI=\n" + + "-----END CERTIFICATE-----"; + + public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) throws Exception { + // EE certificates don't have CRLDP extension + if (!ocspEnabled){ + pathValidator.validate(new String[]{INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + return; + } + + // Validate valid + pathValidator.validate(new String[]{VALID, INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Validate Revoked + pathValidator.validate(new String[]{REVOKED, INT}, + ValidatePathWithParams.Status.REVOKED, + "Mon Jan 28 15:40:35 PST 2019", System.out); + } +} + +class AmazonCA_4 { + + // Owner: CN=Amazon, OU=Server CA 4A, O=Amazon, C=US + // Issuer: CN=Amazon Root CA 4, O=Amazon, C=US + // Serial number: 67f94575a8862a9072e3239c37ceba1274e18 + // Valid from: Wed Oct 21 17:00:00 PDT 2015 until: Sat Oct 18 17:00:00 PDT 2025 + private static final String INT = "-----BEGIN CERTIFICATE-----\n" + + "MIIC+TCCAn6gAwIBAgITBn+UV1qIYqkHLjI5w3zroSdOGDAKBggqhkjOPQQDAzA5\n" + + "MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g\n" + + "Um9vdCBDQSA0MB4XDTE1MTAyMjAwMDAwMFoXDTI1MTAxOTAwMDAwMFowRjELMAkG\n" + + "A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENBIDRB\n" + + "MQ8wDQYDVQQDEwZBbWF6b24wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASRP0kIW0Ha\n" + + "7+ORvEVhIS5gIgkH66X5W9vBRTX14oG/1elIyI6LbFZ+E5KAufL0XoWJGI1WbPRm\n" + + "HW246FKSzF0wOEZZyxEROz6tuaVsnXRHRE76roS/Wr064uJpKH+Lv+SjggE5MIIB\n" + + "NTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU\n" + + "pSHN2+tTIZmqytlnQpQlsnv0wuMwHwYDVR0jBBgwFoAU0+zHOmVuzOHadppW+5zz\n" + + "hm1X5YEwewYIKwYBBQUHAQEEbzBtMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5y\n" + + "b290Y2E0LmFtYXpvbnRydXN0LmNvbTA6BggrBgEFBQcwAoYuaHR0cDovL2NydC5y\n" + + "b290Y2E0LmFtYXpvbnRydXN0LmNvbS9yb290Y2E0LmNlcjA/BgNVHR8EODA2MDSg\n" + + "MqAwhi5odHRwOi8vY3JsLnJvb3RjYTQuYW1hem9udHJ1c3QuY29tL3Jvb3RjYTQu\n" + + "Y3JsMBEGA1UdIAQKMAgwBgYEVR0gADAKBggqhkjOPQQDAwNpADBmAjEA59RAOBaj\n" + + "uh0rT/OOTWPEv6TBnb9XEadburBaXb8SSrR8il+NdkfS9WXRAzbwrG7LAjEA3ukD\n" + + "1HrQq+WXHBM5sIuViJI/Zh7MOjsc159Q+dn36PBqLRq03AXqE/lRjnv8C5nj\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=good.sca4a.amazontrust.com, O=Amazon Trust Services, L=Seattle, ST=Washington, C=US, \ + // SERIALNUMBER=5846743, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, \ + // OID.1.3.6.1.4.1.311.60.2.1.3=US + // Issuer: CN=Amazon, OU=Server CA 4A, O=Amazon, C=US + // Serial number: 703e4ec57c72d5669efbc98875c3f6bc3f934 + // Valid from: Mon Jul 29 16:55:17 PDT 2019 until: Sat Aug 29 16:55:17 PDT 2020 + private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIDxTCCA0qgAwIBAgITBwPk7FfHLVZp77yYh1w/a8P5NDAKBggqhkjOPQQDAzBG\n" + + "MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg\n" + + "Q0EgNEExDzANBgNVBAMTBkFtYXpvbjAeFw0xOTA3MjkyMzU1MTdaFw0yMDA4Mjky\n" + + "MzU1MTdaMIHaMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQIT\n" + + "CERlbGF3YXJlMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjEQMA4GA1UE\n" + + "BRMHNTg0Njc0MzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO\n" + + "BgNVBAcTB1NlYXR0bGUxHjAcBgNVBAoTFUFtYXpvbiBUcnVzdCBTZXJ2aWNlczEj\n" + + "MCEGA1UEAxMaZ29vZC5zY2E0YS5hbWF6b250cnVzdC5jb20wdjAQBgcqhkjOPQIB\n" + + "BgUrgQQAIgNiAAS9fqMYfOBsdXMSsPjqOlTgIGOlOQWA7Wg6XwVvHTr0+UN+XTeC\n" + + "yZN+XjLbEDQ0CF5eryRZ535sDpwh3qNe0lYFO1n1+2iDtDI1jhhLNYNxBpVnR2BU\n" + + "2l9EuRmgRbQpDCajggFjMIIBXzAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFMd0\n" + + "itH5IcE6DpM1uTSBV/6DLmK7MB8GA1UdIwQYMBaAFKUhzdvrUyGZqsrZZ0KUJbJ7\n" + + "9MLjMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BggrBgEFBQcBAQRp\n" + + "MGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnNjYTRhLmFtYXpvbnRydXN0LmNv\n" + + "bTA2BggrBgEFBQcwAoYqaHR0cDovL2NydC5zY2E0YS5hbWF6b250cnVzdC5jb20v\n" + + "c2NhNGEuY2VyMCUGA1UdEQQeMByCGmdvb2Quc2NhNGEuYW1hem9udHJ1c3QuY29t\n" + + "MFAGA1UdIARJMEcwDQYLYIZIAYb9bgEHGAMwNgYFZ4EMAQEwLTArBggrBgEFBQcC\n" + + "ARYfaHR0cHM6Ly93d3cuYW1hem9udHJ1c3QuY29tL2NwczAKBggqhkjOPQQDAwNp\n" + + "ADBmAjEA2RBD1F+rnm394VkqA3ncysM3deoyfWqaoAO5923MNisswPnHfVqnfeXf\n" + + "ZwTAvVTBAjEAiiaPx9GRjEk8IBKvCSbTp9rPogVTN7zDDQGrwA83O0pRP7A0dxtT\n" + + "pn/0K5Sj8otp\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=revoked.sca4a.amazontrust.com, O=Amazon Trust Services, L=Seattle, ST=Washington, C=US, \ + // SERIALNUMBER=5846743, OID.2.5.4.15=PrivateOrganization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, \ + // OID.1.3.6.1.4.1.311.60.2.1.3=US + // Issuer: CN=Amazon, OU=Server CA 4A, O=Amazon, C=US + // Serial number: 6f1d79295c384a699d51c2d756bd46213b5b3 + // Valid from: Mon Jan 28 15:41:16 PST 2019 until: Thu Apr 28 16:41:16 PDT 2022 + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIDjTCCAxKgAwIBAgITBvHXkpXDhKaZ1RwtdWvUYhO1szAKBggqhkjOPQQDAzBG\n" + + "MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg\n" + + "Q0EgNEExDzANBgNVBAMTBkFtYXpvbjAeFw0xOTAxMjgyMzQxMTZaFw0yMjA0Mjgy\n" + + "MzQxMTZaMIHcMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQIT\n" + + "CERlbGF3YXJlMRwwGgYDVQQPExNQcml2YXRlT3JnYW5pemF0aW9uMRAwDgYDVQQF\n" + + "Ewc1ODQ2NzQzMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4G\n" + + "A1UEBxMHU2VhdHRsZTEeMBwGA1UEChMVQW1hem9uIFRydXN0IFNlcnZpY2VzMSYw\n" + + "JAYDVQQDEx1yZXZva2VkLnNjYTRhLmFtYXpvbnRydXN0LmNvbTB2MBAGByqGSM49\n" + + "AgEGBSuBBAAiA2IABLuNpZTcNU3FElNP3Y/OeXIZcIMXkFTBi/n92fNwHfqUbEhH\n" + + "H+PovJ26eAGvb5a8bGc275MBFcVnWL0rCVgM+j9KAtBDCRJX3f7mo0D2VKcmtZKu\n" + + "jPxwGPy2kuqM505dGqOCASkwggElMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQU\n" + + "zUFIhn+hphzCKA2qgAdLztSBzJgwHwYDVR0jBBgwFoAUpSHN2+tTIZmqytlnQpQl\n" + + "snv0wuMwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGCCsGAQUFBwEB\n" + + "BGkwZzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3Auc2NhNGEuYW1hem9udHJ1c3Qu\n" + + "Y29tMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LnNjYTRhLmFtYXpvbnRydXN0LmNv\n" + + "bS9zY2E0YS5jZXIwKAYDVR0RBCEwH4IdcmV2b2tlZC5zY2E0YS5hbWF6b250cnVz\n" + + "dC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwMDaQAwZgIxALDA\n" + + "klY3iKwyzwpwVtLfLxzQEl45xvE2VjBJvfJJ60KhJt7Ud0gt0zxkogh29+mpEQIx\n" + + "ANTG1mk8OJB41DU7ru1Pwc6ju8STw1FdwDp/Eliqhvnm2i0k4/F1bBHLta2mlC2V\n" + + "hg==\n" + + "-----END CERTIFICATE-----"; + + public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) throws Exception { + // EE certificates don't have CRLDP extension + if (!ocspEnabled){ + pathValidator.validate(new String[]{INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + return; + } + + // Validate valid + pathValidator.validate(new String[]{VALID, INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Validate Revoked + pathValidator.validate(new String[]{REVOKED, INT}, + ValidatePathWithParams.Status.REVOKED, + "Mon Jan 28 15:41:53 PST 2019", System.out); + } +} diff --git a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java index 58bb0fcd0a1..bed497b0046 100644 --- a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java +++ b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java @@ -26,7 +26,7 @@ * @test * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 * 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136 - * 8223499 8232019 + * 8223499 8232019 8233223 * @summary Check root CA entries in cacerts file */ import java.io.File; @@ -50,7 +50,7 @@ public class VerifyCACerts { + File.separator + "security" + File.separator + "cacerts"; // The numbers of certs now. - private static final int COUNT = 89; + private static final int COUNT = 93; // map of cert alias to SHA-256 fingerprint @SuppressWarnings("serial") @@ -235,6 +235,14 @@ public class VerifyCACerts { "2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69"); put("luxtrustglobalroot2ca [jdk]", "54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5"); + put("amazonrootca1 [jdk]", + "8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E"); + put("amazonrootca2 [jdk]", + "1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4"); + put("amazonrootca3 [jdk]", + "18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4"); + put("amazonrootca4 [jdk]", + "E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92"); } }; From 6f7508675ed86b89b53e2dc0bacbfe0b416e17eb Mon Sep 17 00:00:00 2001 From: yan Date: Thu, 5 Dec 2019 09:39:14 +0300 Subject: [PATCH 26/37] 8215210: [macos] Hangul text does not shape to the precomposed form on JDK8u Reviewed-by: phh --- .../classes/sun/net/www/MessageHeader.java | 38 +++++++++- .../native/sun/font/layout/MorphTables2.cpp | 2 +- .../font/TextLayout/HangulShapingTest.java | 72 ++++++++++++++++++ .../awt/font/TextLayout/HebrewIsRTLTest.java | 75 +++++++++++++++++++ 4 files changed, 182 insertions(+), 5 deletions(-) create mode 100644 jdk/test/java/awt/font/TextLayout/HangulShapingTest.java create mode 100644 jdk/test/java/awt/font/TextLayout/HebrewIsRTLTest.java diff --git a/jdk/src/share/classes/sun/net/www/MessageHeader.java b/jdk/src/share/classes/sun/net/www/MessageHeader.java index 34b6307826f..6ab2008dd4f 100644 --- a/jdk/src/share/classes/sun/net/www/MessageHeader.java +++ b/jdk/src/share/classes/sun/net/www/MessageHeader.java @@ -288,14 +288,44 @@ public synchronized Map> filterAndAddHeaders( return Collections.unmodifiableMap(m); } + /** Check if a line of message header looks like a request line. + * This method does not perform a full validation but simply + * returns false if the line does not end with 'HTTP/[1-9].[0-9]' + * @param line the line to check. + * @return true if the line might be a request line. + */ + private boolean isRequestline(String line) { + String k = line.trim(); + int i = k.lastIndexOf(' '); + if (i <= 0) return false; + int len = k.length(); + if (len - i < 9) return false; + + char c1 = k.charAt(len-3); + char c2 = k.charAt(len-2); + char c3 = k.charAt(len-1); + if (c1 < '1' || c1 > '9') return false; + if (c2 != '.') return false; + if (c3 < '0' || c3 > '9') return false; + + return (k.substring(i+1, len-3).equalsIgnoreCase("HTTP/")); + } + + /** Prints the key-value pairs represented by this - header. Also prints the RFC required blank line - at the end. Omits pairs with a null key. */ + header. Also prints the RFC required blank line + at the end. Omits pairs with a null key. Omits + colon if key-value pair is the requestline. */ public synchronized void print(PrintStream p) { for (int i = 0; i < nkeys; i++) if (keys[i] != null) { - p.print(keys[i] + - (values[i] != null ? ": "+values[i]: "") + "\r\n"); + StringBuilder sb = new StringBuilder(keys[i]); + if (values[i] != null) { + sb.append(": " + values[i]); + } else if (i != 0 || !isRequestline(keys[i])) { + sb.append(":"); + } + p.print(sb.append("\r\n")); } p.print("\r\n"); p.flush(); diff --git a/jdk/src/share/native/sun/font/layout/MorphTables2.cpp b/jdk/src/share/native/sun/font/layout/MorphTables2.cpp index ff69cb9a41e..eb628a1a32d 100644 --- a/jdk/src/share/native/sun/font/layout/MorphTables2.cpp +++ b/jdk/src/share/native/sun/font/layout/MorphTables2.cpp @@ -192,7 +192,7 @@ void MorphTableHeader2::process(const LEReferenceTo &base, LE for (subtable = 0; LE_SUCCESS(success) && subtable < nSubtables; subtable++) { if(subtable>0) { le_uint32 length = SWAPL(subtableHeader->length); - if (length & 0x03) { // incorrect alignment for 32 bit tables + if (length & 0x01) { // incorrect alignment for 32 bit tables success = LE_MEMORY_ALLOCATION_ERROR; // as good a choice as any return; } diff --git a/jdk/test/java/awt/font/TextLayout/HangulShapingTest.java b/jdk/test/java/awt/font/TextLayout/HangulShapingTest.java new file mode 100644 index 00000000000..2febfad3dbc --- /dev/null +++ b/jdk/test/java/awt/font/TextLayout/HangulShapingTest.java @@ -0,0 +1,72 @@ +// Copyright 2019 Azul Systems, Inc. All Rights Reserved. +// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +// +// This code is free software; you can redistribute it and/or modify it under +// the terms of the GNU General Public License version 2 only, as published by +// the Free Software Foundation. +// +// This code is distributed in the hope that it will be useful, but WITHOUT ANY +// WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +// A PARTICULAR PURPOSE. See the GNU General Public License version 2 for more +// details (a copy is included in the LICENSE file that accompanied this code). +// +// You should have received a copy of the GNU General Public License version 2 +// along with this work; if not, write to the Free Software Foundation, Inc., +// 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +// +// Please contact Azul Systems, 385 Moffett Park Drive, Suite 115, Sunnyvale, +// CA 94089 USA or visit www.azul.com if you need additional information or +// have any questions. + +import java.awt.Font; +import java.awt.Color; +import java.awt.Graphics2D; +import java.awt.image.BufferedImage; + +/* + * @test + * @bug 8215210 + * @summary Downport of prr's fix to a certain ICU wrong condition breaking some Hangul shaping + * @run main/othervm -Dsun.font.layoutengine=icu HangulShapingTest + */ +public class HangulShapingTest { + public static void main(String args[]) { + if (!System.getProperty("os.name").startsWith("Mac")) { + return; + } + + // images of the strings as drawn should be identical + String beforeString = "\u1100\u1161 \u1102\u1161"; + String afterString = "\uAC00 \uB098"; + int w = 100, h = 100; + + BufferedImage bi1 = drawit(w, h, beforeString); + BufferedImage bi2 = drawit(w, h, afterString); + + boolean same = true; + for (int x = 0; x < w; x++) { + for (int y = 0; y < h; y++) { + int c1 = bi1.getRGB(x, y); + int c2 = bi2.getRGB(x, y); + same &= (c1 == c2); + } + if (!same) { + break; + } + } + if (!same) { + throw new RuntimeException("Images differ"); + } + } + private static BufferedImage drawit(int w, int h, String toDraw) { + BufferedImage bi = new BufferedImage(w, h, BufferedImage.TYPE_INT_RGB); + Graphics2D biGraphics = bi.createGraphics(); + biGraphics.setColor(Color.white); + biGraphics.fillRect(0, 0, w, h); + biGraphics.setColor(Color.black); + Font font = new Font("Dialog", Font.PLAIN, 20); + biGraphics.setFont(font); + biGraphics.drawString(toDraw, 10, 40); + return bi; + } +} diff --git a/jdk/test/java/awt/font/TextLayout/HebrewIsRTLTest.java b/jdk/test/java/awt/font/TextLayout/HebrewIsRTLTest.java new file mode 100644 index 00000000000..1ced41de189 --- /dev/null +++ b/jdk/test/java/awt/font/TextLayout/HebrewIsRTLTest.java @@ -0,0 +1,75 @@ +// Copyright 2019 Azul Systems, Inc. All Rights Reserved. +// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +// +// This code is free software; you can redistribute it and/or modify it under +// the terms of the GNU General Public License version 2 only, as published by +// the Free Software Foundation. +// +// This code is distributed in the hope that it will be useful, but WITHOUT ANY +// WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +// A PARTICULAR PURPOSE. See the GNU General Public License version 2 for more +// details (a copy is included in the LICENSE file that accompanied this code). +// +// You should have received a copy of the GNU General Public License version 2 +// along with this work; if not, write to the Free Software Foundation, Inc., +// 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +// +// Please contact Azul Systems, 385 Moffett Park Drive, Suite 115, Sunnyvale, +// CA 94089 USA or visit www.azul.com if you need additional information or +// have any questions. + +import java.awt.Font; +import java.awt.Color; +import java.awt.Graphics2D; +import java.awt.image.BufferedImage; + +/* + * @test + * @summary Fix to 8215210 should not break RTL with AAT fonts. + * @run main/othervm -Dsun.font.layoutengine=icu HebrewIsRTLTest + */ +public class HebrewIsRTLTest { + static final String hebrewString = "\u05E9\u059E\u05E9\u0595\u05E9\u05A9\u05E9\u0592\u05E9\u0599\u05E9\u059E\u05E9\u0595\u05E9\u05A9\u05E9\u0592\u05E9\u0599 . \u05E9\u0599\u05E9\u05A1\u05E9\u0595\u05E9\u0593"; + public static void main(String args[]) { + if (!System.getProperty("os.name").startsWith("Mac")) { + return; + } + + // calculate text size + BufferedImage biMetrics = new BufferedImage(1000, 1000, BufferedImage.TYPE_INT_RGB); + Graphics2D biMetricsGraphics = biMetrics.createGraphics(); + Font font = new Font("TimesRoman", Font.PLAIN, 40); + biMetricsGraphics.setFont(font); + int width = biMetricsGraphics.getFontMetrics().stringWidth(hebrewString); + int height = biMetricsGraphics.getFontMetrics().getHeight(); + + // create minimal image + BufferedImage bi = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB); + Graphics2D biGraphics = bi.createGraphics(); + biGraphics.setColor(Color.white); + biGraphics.fillRect(0, 0, width, height); + biGraphics.setColor(Color.black); + biGraphics.setFont(font); + biGraphics.drawString(hebrewString, 0, height); + + int y = bi.getHeight() / 2; + int x; + int rgb, rgbLeftCount = 0, rgbRightCount = 0; + + for (x = 0; x < bi.getWidth()/2; x++) { + rgb = bi.getRGB(x, y); + if (rgb == Color.BLACK.getRGB()) { + rgbLeftCount++; + } + } + for (x = bi.getWidth()/2 + 1; x < bi.getWidth(); x++) { + rgb = bi.getRGB(x, y); + if (rgb == Color.BLACK.getRGB()) { + rgbRightCount++; + } + } + if (rgbLeftCount > rgbRightCount) { + throw new RuntimeException("Hebrew text seems drawn LTR"); + } + } +} From e5bd6510495c8be1e77a7eb38db0250c0e9c6b4b Mon Sep 17 00:00:00 2001 From: sgehwolf Date: Tue, 17 Dec 2019 06:07:24 +0000 Subject: [PATCH 27/37] 8232984: Upgrading Joni License version to 2.1.16 Reviewed-by: andrew --- THIRD_PARTY_README | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/THIRD_PARTY_README b/THIRD_PARTY_README index 7dc54a05723..643ea79ce6e 100644 --- a/THIRD_PARTY_README +++ b/THIRD_PARTY_README @@ -1334,11 +1334,13 @@ SUCH DAMAGE. -------------------------------------------------------------------------------- -%% This notice is provided with respect to Joni v1.1.9, which may be +%% This notice is provided with respect to Joni v2.1.16, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- +Copyright (c) 2017 JRuby Team + Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights From e7d5f6fa17e6a57aaf4804dbc00a1c76b935cef1 Mon Sep 17 00:00:00 2001 From: sgehwolf Date: Tue, 17 Dec 2019 06:08:06 +0000 Subject: [PATCH 28/37] 8232984: Upgrading Joni License version to 2.1.16 Reviewed-by: andrew --- corba/THIRD_PARTY_README | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/corba/THIRD_PARTY_README b/corba/THIRD_PARTY_README index 7dc54a05723..643ea79ce6e 100644 --- a/corba/THIRD_PARTY_README +++ b/corba/THIRD_PARTY_README @@ -1334,11 +1334,13 @@ SUCH DAMAGE. -------------------------------------------------------------------------------- -%% This notice is provided with respect to Joni v1.1.9, which may be +%% This notice is provided with respect to Joni v2.1.16, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- +Copyright (c) 2017 JRuby Team + Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights From 8f4833be773a274da6be25df6a2a9c3174d386b4 Mon Sep 17 00:00:00 2001 From: sgehwolf Date: Tue, 17 Dec 2019 06:08:09 +0000 Subject: [PATCH 29/37] 8232984: Upgrading Joni License version to 2.1.16 Reviewed-by: andrew --- jaxp/THIRD_PARTY_README | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/jaxp/THIRD_PARTY_README b/jaxp/THIRD_PARTY_README index 7dc54a05723..643ea79ce6e 100644 --- a/jaxp/THIRD_PARTY_README +++ b/jaxp/THIRD_PARTY_README @@ -1334,11 +1334,13 @@ SUCH DAMAGE. -------------------------------------------------------------------------------- -%% This notice is provided with respect to Joni v1.1.9, which may be +%% This notice is provided with respect to Joni v2.1.16, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- +Copyright (c) 2017 JRuby Team + Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights From 70df2067792ae41f7524e5130cec54da8abeb21e Mon Sep 17 00:00:00 2001 From: sgehwolf Date: Tue, 17 Dec 2019 06:08:12 +0000 Subject: [PATCH 30/37] 8232984: Upgrading Joni License version to 2.1.16 Reviewed-by: andrew --- jaxws/THIRD_PARTY_README | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/jaxws/THIRD_PARTY_README b/jaxws/THIRD_PARTY_README index 7dc54a05723..643ea79ce6e 100644 --- a/jaxws/THIRD_PARTY_README +++ b/jaxws/THIRD_PARTY_README @@ -1334,11 +1334,13 @@ SUCH DAMAGE. -------------------------------------------------------------------------------- -%% This notice is provided with respect to Joni v1.1.9, which may be +%% This notice is provided with respect to Joni v2.1.16, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- +Copyright (c) 2017 JRuby Team + Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights From 3eab4da78e1a2db11a318c0ba5a7aa7c8124ea00 Mon Sep 17 00:00:00 2001 From: sgehwolf Date: Tue, 17 Dec 2019 06:08:16 +0000 Subject: [PATCH 31/37] 8232984: Upgrading Joni License version to 2.1.16 Reviewed-by: andrew --- langtools/THIRD_PARTY_README | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/langtools/THIRD_PARTY_README b/langtools/THIRD_PARTY_README index 7dc54a05723..643ea79ce6e 100644 --- a/langtools/THIRD_PARTY_README +++ b/langtools/THIRD_PARTY_README @@ -1334,11 +1334,13 @@ SUCH DAMAGE. -------------------------------------------------------------------------------- -%% This notice is provided with respect to Joni v1.1.9, which may be +%% This notice is provided with respect to Joni v2.1.16, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- +Copyright (c) 2017 JRuby Team + Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights From a8c66f1f58b9aed0f610ceb7fa1f0221977934c6 Mon Sep 17 00:00:00 2001 From: sgehwolf Date: Tue, 17 Dec 2019 06:08:19 +0000 Subject: [PATCH 32/37] 8232984: Upgrading Joni License version to 2.1.16 Reviewed-by: andrew --- nashorn/THIRD_PARTY_README | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nashorn/THIRD_PARTY_README b/nashorn/THIRD_PARTY_README index 7dc54a05723..643ea79ce6e 100644 --- a/nashorn/THIRD_PARTY_README +++ b/nashorn/THIRD_PARTY_README @@ -1334,11 +1334,13 @@ SUCH DAMAGE. -------------------------------------------------------------------------------- -%% This notice is provided with respect to Joni v1.1.9, which may be +%% This notice is provided with respect to Joni v2.1.16, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- +Copyright (c) 2017 JRuby Team + Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights From fbdf154d48bce04892f6d1a2e6fccd291fafdc1e Mon Sep 17 00:00:00 2001 From: J9 Build Date: Sat, 28 Dec 2019 03:31:18 +0000 Subject: [PATCH 33/37] Update OPENJDK_TAG to merged level jdk8u242-b05 Signed-off-by: J9 Build --- closed/openjdk-tag.gmk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/closed/openjdk-tag.gmk b/closed/openjdk-tag.gmk index 851f2f73587..b03ceb5edf4 100644 --- a/closed/openjdk-tag.gmk +++ b/closed/openjdk-tag.gmk @@ -1 +1 @@ -OPENJDK_TAG := jdk8u242-b04 +OPENJDK_TAG := jdk8u242-b05 From e871f3f60c8de188d36244c5c05d90bad2e23c86 Mon Sep 17 00:00:00 2001 From: a7ehuo Date: Thu, 19 Dec 2019 12:14:04 -0800 Subject: [PATCH 34/37] Remove the check on a specific OpenSSL API for JITServer With the change in eclipse/openj9#8145, OpenSSL symbols are dynamically loaded at the runtime. During the build time, there is no longer a dependency on the installed OpenSSL version on the build machines. Removed the code that checks `SSL_CTX_set_ecdh_auto` during config. Signed-off-by: a7ehuo --- common/autoconf/generated-configure.sh | 2 +- jdk/make/closed/autoconf/custom-hook.m4 | 14 -------------- .../closed/autoconf/generated-configure.sh | 19 +------------------ 3 files changed, 2 insertions(+), 33 deletions(-) diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh index 1aeb3f78ec0..776dbb33e1c 100644 --- a/common/autoconf/generated-configure.sh +++ b/common/autoconf/generated-configure.sh @@ -4397,7 +4397,7 @@ VS_SDK_PLATFORM_NAME_2017= #CUSTOM_AUTOCONF_INCLUDE # Do not change or remove the following line, it is needed for consistency checks: -DATE_WHEN_GENERATED=1576018331 +DATE_WHEN_GENERATED=1577815762 ############################################################################### # diff --git a/jdk/make/closed/autoconf/custom-hook.m4 b/jdk/make/closed/autoconf/custom-hook.m4 index 61fb6960ffe..8e48a2607c5 100644 --- a/jdk/make/closed/autoconf/custom-hook.m4 +++ b/jdk/make/closed/autoconf/custom-hook.m4 @@ -702,20 +702,6 @@ AC_DEFUN([CONFIGURE_OPENSSL], AC_MSG_CHECKING([if we should bundle openssl]) AC_MSG_RESULT([$BUNDLE_OPENSSL]) - - if test "x$OPENJ9_ENABLE_JITSERVER" = xtrue ; then - if test "x$OPENJDK_TARGET_OS" = xlinux ; then - if test "x$OPENSSL_DIR" != x ; then - AC_MSG_CHECKING([if the required OPENSSL API exists for JITServer in $OPENSSL_DIR]) - if $GREP -q -w SSL_CTX_set_ecdh_auto "$OPENSSL_DIR/include/openssl/ssl.h" 2> /dev/null ; then - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) - AC_MSG_ERROR([SSL_CTX_set_ecdh_auto is required by JITServer]) - fi - fi - fi - fi fi AC_SUBST(OPENSSL_BUNDLE_LIB_PATH) diff --git a/jdk/make/closed/autoconf/generated-configure.sh b/jdk/make/closed/autoconf/generated-configure.sh index ab40f35680b..fa8de290048 100644 --- a/jdk/make/closed/autoconf/generated-configure.sh +++ b/jdk/make/closed/autoconf/generated-configure.sh @@ -4576,7 +4576,7 @@ VS_SDK_PLATFORM_NAME_2017= # Do not change or remove the following line, it is needed for consistency checks: -DATE_WHEN_GENERATED=1576018331 +DATE_WHEN_GENERATED=1577815762 ############################################################################### # @@ -55786,23 +55786,6 @@ $as_echo "yes" >&6; } $as_echo_n "checking if we should bundle openssl... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $BUNDLE_OPENSSL" >&5 $as_echo "$BUNDLE_OPENSSL" >&6; } - - if test "x$OPENJ9_ENABLE_JITSERVER" = xtrue ; then - if test "x$OPENJDK_TARGET_OS" = xlinux ; then - if test "x$OPENSSL_DIR" != x ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the required OPENSSL API exists for JITServer in $OPENSSL_DIR" >&5 -$as_echo_n "checking if the required OPENSSL API exists for JITServer in $OPENSSL_DIR... " >&6; } - if $GREP -q -w SSL_CTX_set_ecdh_auto "$OPENSSL_DIR/include/openssl/ssl.h" 2> /dev/null ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - as_fn_error $? "SSL_CTX_set_ecdh_auto is required by JITServer" "$LINENO" 5 - fi - fi - fi - fi fi From e99805ff817fd17051cd6b7997e9ce25c4846147 Mon Sep 17 00:00:00 2001 From: Ashutosh Mehra Date: Thu, 12 Dec 2019 10:39:46 -0500 Subject: [PATCH 35/37] Add jitserver launcher in OpenJ9 builds If --enable-jitserver configuration option is set, then enable building of jitserver launcher and include it in the jre or jdk. Signed-off-by: Ashutosh Mehra --- closed/OpenJ9.gmk | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/closed/OpenJ9.gmk b/closed/OpenJ9.gmk index b4eb32f3e6c..c69815fd875 100644 --- a/closed/OpenJ9.gmk +++ b/closed/OpenJ9.gmk @@ -1,5 +1,5 @@ # =========================================================================== -# (c) Copyright IBM Corp. 2017, 2019 All Rights Reserved +# (c) Copyright IBM Corp. 2017, 2020 All Rights Reserved # =========================================================================== # This code is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License version 2 only, as @@ -86,6 +86,22 @@ endif stage_openj9_build_jdk \ # +# jitserver + +ifeq (true,$(OPENJ9_ENABLE_JITSERVER)) +$(eval $(call SetupCopyFiles,OPENJ9_STAGED_FILES, \ + DEST := $(JDK_OUTPUTDIR)/bin, \ + SRC := $(OPENJ9_VM_BUILD_DIR), \ + FILES := jitserver$(EXE_SUFFIX) \ + )) + +$(eval $(call SetupCopyFiles,OPENJ9_STAGED_FILES, \ + DEST := $(JDK_OUTPUTDIR)/jre/bin, \ + SRC := $(OPENJ9_VM_BUILD_DIR), \ + FILES := jitserver$(EXE_SUFFIX) \ + )) +endif # OPENJ9_ENABLE_JITSERVER + # redirector $(foreach subdir, j9vm server, \ @@ -323,6 +339,13 @@ else SPEC_SED_SCRIPT += $(call SedDisable,module_ddr) endif +# Adjust JITServer enablement flags. +ifeq (true,$(OPENJ9_ENABLE_JITSERVER)) + FEATURE_SED_SCRIPT += $(call SedEnable,build_jitserver) +else + FEATURE_SED_SCRIPT += $(call SedDisable,build_jitserver) +endif + # openj9_stage_buildspec_file # --------------------------- # param 1 = The simple name of the file to copy. From dbe164aa7e8ca9d0541893bbf7dca58aeda4377d Mon Sep 17 00:00:00 2001 From: Simon Rushton Date: Wed, 30 Oct 2019 12:49:00 +0000 Subject: [PATCH 36/37] Add targets to create openj9 javadoc Signed-off-by: Simon Rushton --- closed/make/Javadoc.gmk | 485 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 485 insertions(+) create mode 100644 closed/make/Javadoc.gmk diff --git a/closed/make/Javadoc.gmk b/closed/make/Javadoc.gmk new file mode 100644 index 00000000000..c549040b260 --- /dev/null +++ b/closed/make/Javadoc.gmk @@ -0,0 +1,485 @@ +# Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. Oracle designates this +# particular file as subject to the "Classpath" exception as provided +# by Oracle in the LICENSE file that accompanied this code. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +# =========================================================================== +# (c) Copyright IBM Corp. 2019, 2020 All Rights Reserved +# =========================================================================== + +############################################################################# +# This file is included by (and is based on) make/Javadoc.gmk +# OpenJ9 adds a number of packages to the jdk and also overrides certain +# core api and com.sun.management classes. +# The targets in this file generate the javadoc for the additional classes +# and modify the page footers in the overridden files to carry the correct +# copyrights. +# Javadoc for the OpenJ9 extensions packages is created under docs/platform +############################################################################# + +############################################################################# +# Set the link prefix for the JavaSE core and com.sun.management packages +# to reference the pages created in this build. +JAVASE_BASE_URL := $(JDKJRE2COREAPI) + +############################################################################# +# Source files for openj9 extensions javadoc +OPENJ9_DOCS_SRCDIR := $(JDK_OUTPUTDIR)/j9jcl_sources/jdk/src/share/classes + +############################################################################# +# Update macros which hold a list of the source directories. +# ALL_SOURCE_DIRS is used in the PackageFilter function +ALL_SOURCE_DIRS := $(OPENJ9_DOCS_SRCDIR) $(ALL_SOURCE_DIRS) +# ALL_EXISTING_SOURCE_DIRS is used in the $(DIRECTORY_CACHE) target +ALL_EXISTING_SOURCE_DIRS := $(wildcard $(ALL_SOURCE_DIRS)) + +############################################################################# +# html page footer for the OpenJ9 extensions and overrides pages +OPENJ9_BASE_URL := https://www.eclipse.org/openj9/ +OPENJ9_BUG_SUBMIT_URL := https://github.com/eclipse/openj9/issues +OPENJ9_FULL_COMPANY_NAME := IBM Corp +OPENJ9_JAVADOC_BOTTOM = \ + Link to Eclipse OpenJ9 documentation.
\ + To raise a bug report or suggest an improvement create an Eclipse Openj9 issue.
\ + Copyright © $(FIRST_COPYRIGHT_YEAR), $(COPYRIGHT_YEAR), $(OPENJ9_FULL_COMPANY_NAME). All rights reserved. + +############################################################################# +# +# openj9-sharedclassesdocs +# + +OPENJ9_SHAREDCLASSES_PKGS := com.ibm.oti.shared + +OPENJ9_SHAREDCLASSES_FIRST_COPYRIGHT_YEAR := 1998 + +OPENJ9_SHAREDCLASSES_DOCDIR := $(PLATFORM_DOCSDIR)/sharedclasses +OPENJ9_SHAREDCLASSES_DOCTITLE := OpenJ9 Shared Classes +OPENJ9_SHAREDCLASSES_WINDOWTITLE := OpenJ9 Shared Classes +OPENJ9_SHAREDCLASSES_HEADER := OpenJ9 Shared Classes + +# The index.html, options, and packages files +OPENJ9_SHAREDCLASSES_INDEX_FILE := $(OPENJ9_SHAREDCLASSES_DOCDIR)/index.html +OPENJ9_SHAREDCLASSES_OPTIONS_FILE := $(DOCSTMPDIR)/openj9.sharedclasses.options +OPENJ9_SHAREDCLASSES_PACKAGES_FILE := $(DOCSTMPDIR)/openj9.sharedclasses.packages + +openj9-sharedclassesdocs: $(OPENJ9_SHAREDCLASSES_INDEX_FILE) + +# Set relative location to platform document root +$(OPENJ9_SHAREDCLASSES_INDEX_FILE): GET2DOCSDIR := $(PLATFORM_DOCSDIR)/.. + +# Run javadoc if the index file is out of date or missing +$(OPENJ9_SHAREDCLASSES_INDEX_FILE): $(OPENJ9_SHAREDCLASSES_OPTIONS_FILE) $(OPENJ9_SHAREDCLASSES_PACKAGES_FILE) + $(prep-javadoc) + $(call JavadocSummary,$(OPENJ9_SHAREDCLASSES_OPTIONS_FILE),$(OPENJ9_SHAREDCLASSES_PACKAGES_FILE)) + $(JAVADOC_CMD) -d $(@D) \ + @$(OPENJ9_SHAREDCLASSES_OPTIONS_FILE) @$(OPENJ9_SHAREDCLASSES_PACKAGES_FILE) + +$(OPENJ9_SHAREDCLASSES_OPTIONS_FILE): FIRST_COPYRIGHT_YEAR := $(OPENJ9_SHAREDCLASSES_FIRST_COPYRIGHT_YEAR) +$(OPENJ9_SHAREDCLASSES_OPTIONS_FILE): + $(prep-target) + @($(call OptionOnly,$(COMMON_JAVADOCFLAGS)) ; \ + $(call OptionPair,-sourcepath,$(OPENJ9_DOCS_SRCDIR)) ; \ + $(call OptionPair,-encoding,ascii) ; \ + $(call OptionPair,-doctitle,$(OPENJ9_SHAREDCLASSES_DOCTITLE)) ; \ + $(call OptionPair,-windowtitle,$(OPENJ9_SHAREDCLASSES_WINDOWTITLE) $(DRAFT_WINTITLE)) ; \ + $(call OptionPair,-header,$(OPENJ9_SHAREDCLASSES_HEADER)$(DRAFT_HEADER)) ; \ + $(call OptionPair,-bottom,$(OPENJ9_JAVADOC_BOTTOM)$(DRAFT_BOTTOM)) ; \ + $(call OptionTrip,-linkoffline,$(JAVASE_BASE_URL),$(COREAPI_DOCSDIR)/) ; \ + ) > $@ + +# Create a file with the package names in it +$(OPENJ9_SHAREDCLASSES_PACKAGES_FILE): $(DIRECTORY_CACHE) $(call PackageDependencies,$(OPENJ9_SHAREDCLASSES_PKGS)) + $(prep-target) + $(call PackageFilter,$(OPENJ9_SHAREDCLASSES_PKGS)) + +############################################################################# +# +# openj9-gpudocs +# + +OPENJ9_GPU_PKGS := com.ibm.gpu + +OPENJ9_GPU_FIRST_COPYRIGHT_YEAR := 2014 + +OPENJ9_GPU_DOCDIR := $(PLATFORM_DOCSDIR)/gpu +OPENJ9_GPU2COREAPI := $(JDKJRE2COREAPI) +OPENJ9_GPU_DOCTITLE := OpenJ9 GPU Classes +OPENJ9_GPU_WINDOWTITLE := OpenJ9 GPU Classes +OPENJ9_GPU_HEADER := OpenJ9 GPU Classes + +# The index.html, options, and packages files +OPENJ9_GPU_INDEX_FILE := $(OPENJ9_GPU_DOCDIR)/index.html +OPENJ9_GPU_OPTIONS_FILE := $(DOCSTMPDIR)/openj9.gpu.options +OPENJ9_GPU_PACKAGES_FILE := $(DOCSTMPDIR)/openj9.gpu.packages + +openj9-gpudocs: $(OPENJ9_GPU_INDEX_FILE) + +# Set relative location to platform document root +$(OPENJ9_GPU_INDEX_FILE): GET2DOCSDIR := $(PLATFORM_DOCSDIR)/.. + +# Run javadoc if the index file is out of date or missing +$(OPENJ9_GPU_INDEX_FILE): $(OPENJ9_GPU_OPTIONS_FILE) $(OPENJ9_GPU_PACKAGES_FILE) + $(prep-javadoc) + $(call JavadocSummary,$(OPENJ9_GPU_OPTIONS_FILE),$(OPENJ9_GPU_PACKAGES_FILE)) + $(JAVADOC_CMD) -d $(@D) \ + @$(OPENJ9_GPU_OPTIONS_FILE) @$(OPENJ9_GPU_PACKAGES_FILE) + +$(OPENJ9_GPU_OPTIONS_FILE): FIRST_COPYRIGHT_YEAR := $(OPENJ9_GPU_FIRST_COPYRIGHT_YEAR) +$(OPENJ9_GPU_OPTIONS_FILE): + $(prep-target) + @($(call OptionOnly,$(COMMON_JAVADOCFLAGS)) ; \ + $(call OptionPair,-sourcepath,$(OPENJ9_DOCS_SRCDIR)) ; \ + $(call OptionPair,-encoding,ascii) ; \ + $(call OptionPair,-doctitle,$(OPENJ9_GPU_DOCTITLE)) ; \ + $(call OptionPair,-windowtitle,$(OPENJ9_GPU_WINDOWTITLE) $(DRAFT_WINTITLE)) ; \ + $(call OptionPair,-header,$(OPENJ9_GPU_HEADER)$(DRAFT_HEADER)) ; \ + $(call OptionPair,-bottom,$(OPENJ9_JAVADOC_BOTTOM)$(DRAFT_BOTTOM)) ; \ + $(call OptionTrip,-linkoffline,$(JAVASE_BASE_URL),$(COREAPI_DOCSDIR)/) ; \ + ) > $@ + +# Create a file with the package names in it +$(OPENJ9_GPU_PACKAGES_FILE): $(DIRECTORY_CACHE) $(call PackageDependencies,$(OPENJ9_GPU_PKGS)) + $(prep-target) + $(call PackageFilter,$(OPENJ9_GPU_PKGS)) + +############################################################################# +# +# openj9-cudadocs +# + +OPENJ9_CUDA_PKGS := com.ibm.cuda + +OPENJ9_CUDA_FIRST_COPYRIGHT_YEAR := 2013 + +OPENJ9_CUDA_DOCDIR := $(PLATFORM_DOCSDIR)/cuda +OPENJ9_CUDA2COREAPI := $(JDKJRE2COREAPI) +OPENJ9_CUDA_DOCTITLE := OpenJ9 CUDA Classes +OPENJ9_CUDA_WINDOWTITLE := OpenJ9 CUDA Classes +OPENJ9_CUDA_HEADER := OpenJ9 CUDA Classes + +# The index.html, options, and packages files +OPENJ9_CUDA_INDEX_FILE := $(OPENJ9_CUDA_DOCDIR)/index.html +OPENJ9_CUDA_OPTIONS_FILE := $(DOCSTMPDIR)/openj9.cuda.options +OPENJ9_CUDA_PACKAGES_FILE := $(DOCSTMPDIR)/openj9.cuda.packages + +openj9-cudadocs: $(OPENJ9_CUDA_INDEX_FILE) + +# Set relative location to platform document root +$(OPENJ9_CUDA_INDEX_FILE): GET2DOCSDIR := $(PLATFORM_DOCSDIR)/.. + +# Run javadoc if the index file is out of date or missing +$(OPENJ9_CUDA_INDEX_FILE): $(OPENJ9_CUDA_OPTIONS_FILE) $(OPENJ9_CUDA_PACKAGES_FILE) + $(prep-javadoc) + $(call JavadocSummary,$(OPENJ9_CUDA_OPTIONS_FILE),$(OPENJ9_CUDA_PACKAGES_FILE)) + $(JAVADOC_CMD) -d $(@D) \ + @$(OPENJ9_CUDA_OPTIONS_FILE) @$(OPENJ9_CUDA_PACKAGES_FILE) + +$(OPENJ9_CUDA_OPTIONS_FILE): FIRST_COPYRIGHT_YEAR := $(OPENJ9_CUDA_FIRST_COPYRIGHT_YEAR) +$(OPENJ9_CUDA_OPTIONS_FILE): + $(prep-target) + @($(call OptionOnly,$(COMMON_JAVADOCFLAGS)) ; \ + $(call OptionPair,-sourcepath,$(OPENJ9_DOCS_SRCDIR)) ; \ + $(call OptionPair,-encoding,ascii) ; \ + $(call OptionPair,-doctitle,$(OPENJ9_CUDA_DOCTITLE)) ; \ + $(call OptionPair,-windowtitle,$(OPENJ9_CUDA_WINDOWTITLE) $(DRAFT_WINTITLE)) ; \ + $(call OptionPair,-header,$(OPENJ9_CUDA_HEADER)$(DRAFT_HEADER)) ; \ + $(call OptionPair,-bottom,$(OPENJ9_JAVADOC_BOTTOM)$(DRAFT_BOTTOM)) ; \ + $(call OptionTrip,-linkoffline,$(JAVASE_BASE_URL),$(COREAPI_DOCSDIR)/) ; \ + ) > $@ + +# Create a file with the package names in it +$(OPENJ9_CUDA_PACKAGES_FILE): $(DIRECTORY_CACHE) $(call PackageDependencies,$(OPENJ9_CUDA_PKGS)) + $(prep-target) + $(call PackageFilter,$(OPENJ9_CUDA_PKGS)) + +############################################################################# +# +# openj9-dataaccessdocs +# + +OPENJ9_DATAACCESS_PKGS := com.ibm.dataaccess + +OPENJ9_DATAACCESS_FIRST_COPYRIGHT_YEAR := 2013 + +OPENJ9_DATAACCESS_DOCDIR := $(PLATFORM_DOCSDIR)/dataaccess +OPENJ9_DATAACCESS2COREAPI := $(JDKJRE2COREAPI) +OPENJ9_DATAACCESS_DOCTITLE := OpenJ9 Data Access Acceleration Classes +OPENJ9_DATAACCESS_WINDOWTITLE := OpenJ9 Data Access Acceleration Classes +OPENJ9_DATAACCESS_HEADER := OpenJ9 Data Access Acceleration Classes + +# The index.html, options, and packages files +OPENJ9_DATAACCESS_INDEX_FILE := $(OPENJ9_DATAACCESS_DOCDIR)/index.html +OPENJ9_DATAACCESS_OPTIONS_FILE := $(DOCSTMPDIR)/openj9.dataaccess.options +OPENJ9_DATAACCESS_PACKAGES_FILE := $(DOCSTMPDIR)/openj9.dataaccess.packages + +openj9-dataaccessdocs: $(OPENJ9_DATAACCESS_INDEX_FILE) + +# Set relative location to platform document root +$(OPENJ9_DATAACCESS_INDEX_FILE): GET2DOCSDIR := $(PLATFORM_DOCSDIR)/.. + +# Run javadoc if the index file is out of date or missing +$(OPENJ9_DATAACCESS_INDEX_FILE): $(OPENJ9_DATAACCESS_OPTIONS_FILE) $(OPENJ9_DATAACCESS_PACKAGES_FILE) + $(prep-javadoc) + $(call JavadocSummary,$(OPENJ9_DATAACCESS_OPTIONS_FILE),$(OPENJ9_DATAACCESS_PACKAGES_FILE)) + $(JAVADOC_CMD) -d $(@D) \ + @$(OPENJ9_DATAACCESS_OPTIONS_FILE) @$(OPENJ9_DATAACCESS_PACKAGES_FILE) + +$(OPENJ9_DATAACCESS_OPTIONS_FILE): FIRST_COPYRIGHT_YEAR := $(OPENJ9_DATAACCESS_FIRST_COPYRIGHT_YEAR) +$(OPENJ9_DATAACCESS_OPTIONS_FILE): + $(prep-target) + @($(call OptionOnly,$(COMMON_JAVADOCFLAGS)) ; \ + $(call OptionPair,-sourcepath,$(OPENJ9_DOCS_SRCDIR)) ; \ + $(call OptionPair,-encoding,ascii) ; \ + $(call OptionPair,-doctitle,$(OPENJ9_DATAACCESS_DOCTITLE)) ; \ + $(call OptionPair,-windowtitle,$(OPENJ9_DATAACCESS_WINDOWTITLE) $(DRAFT_WINTITLE)) ; \ + $(call OptionPair,-header,$(OPENJ9_DATAACCESS_HEADER)$(DRAFT_HEADER)) ; \ + $(call OptionPair,-bottom,$(OPENJ9_JAVADOC_BOTTOM)$(DRAFT_BOTTOM)) ; \ + $(call OptionTrip,-linkoffline,$(JAVASE_BASE_URL),$(COREAPI_DOCSDIR)/) ; \ + ) > $@ + +# Create a file with the package names in it +$(OPENJ9_DATAACCESS_PACKAGES_FILE): $(DIRECTORY_CACHE) $(call PackageDependencies,$(OPENJ9_DATAACCESS_PKGS)) + $(prep-target) + $(call PackageFilter,$(OPENJ9_DATAACCESS_PKGS)) + +############################################################################# +# +# openj9-jvmdocs +# + +OPENJ9_JVM_PKGS := com.ibm.jvm + +OPENJ9_JVM_FIRST_COPYRIGHT_YEAR := 1998 + +OPENJ9_JVM_DOCDIR := $(PLATFORM_DOCSDIR)/jvm +OPENJ9_JVM2COREAPI := $(JDKJRE2COREAPI) +OPENJ9_JVM_DOCTITLE := OpenJ9 JVM Diagnostic Utilities Classes +OPENJ9_JVM_WINDOWTITLE := OpenJ9 JVM Diagnostic Utilities Classes +OPENJ9_JVM_HEADER := OpenJ9 JVM Diagnostic Utilities Classes + +# The index.html, options, and packages files +OPENJ9_JVM_INDEX_FILE := $(OPENJ9_JVM_DOCDIR)/index.html +OPENJ9_JVM_OPTIONS_FILE := $(DOCSTMPDIR)/openj9.jvm.options +OPENJ9_JVM_PACKAGES_FILE := $(DOCSTMPDIR)/openj9.jvm.packages + +openj9-jvmdocs: $(OPENJ9_JVM_INDEX_FILE) + +# Set relative location to platform document root +$(OPENJ9_JVM_INDEX_FILE): GET2DOCSDIR := $(PLATFORM_DOCSDIR)/.. + +# Run javadoc if the index file is out of date or missing +$(OPENJ9_JVM_INDEX_FILE): $(OPENJ9_JVM_OPTIONS_FILE) $(OPENJ9_JVM_PACKAGES_FILE) + $(prep-javadoc) + $(call JavadocSummary,$(OPENJ9_JVM_OPTIONS_FILE),$(OPENJ9_JVM_PACKAGES_FILE)) + $(JAVADOC_CMD) -d $(@D) \ + @$(OPENJ9_JVM_OPTIONS_FILE) @$(OPENJ9_JVM_PACKAGES_FILE) + +$(OPENJ9_JVM_OPTIONS_FILE): FIRST_COPYRIGHT_YEAR := $(OPENJ9_JVM_FIRST_COPYRIGHT_YEAR) +$(OPENJ9_JVM_OPTIONS_FILE): + $(prep-target) + @($(call OptionOnly,$(COMMON_JAVADOCFLAGS)) ; \ + $(call OptionPair,-sourcepath,$(OPENJ9_DOCS_SRCDIR)) ; \ + $(call OptionPair,-encoding,ascii) ; \ + $(call OptionPair,-doctitle,$(OPENJ9_JVM_DOCTITLE)) ; \ + $(call OptionPair,-windowtitle,$(OPENJ9_JVM_WINDOWTITLE) $(DRAFT_WINTITLE)) ; \ + $(call OptionPair,-header,$(OPENJ9_JVM_HEADER)$(DRAFT_HEADER)) ; \ + $(call OptionPair,-bottom,$(OPENJ9_JAVADOC_BOTTOM)$(DRAFT_BOTTOM)) ; \ + $(call OptionTrip,-linkoffline,$(JAVASE_BASE_URL),$(COREAPI_DOCSDIR)/) ; \ + ) > $@ + +# Create a file with the package names in it +$(OPENJ9_JVM_PACKAGES_FILE): $(DIRECTORY_CACHE) $(call PackageDependencies,$(OPENJ9_JVM_PKGS)) + $(prep-target) + $(call PackageFilter,$(OPENJ9_JVM_PKGS)) + +############################################################################# +# +# openj9 mgmtdocs +# +# The openjdk com.sun.management classes are specific to the +# hotspot virtual machine and do not work with openj9. +# openj9 provides the com.ibm.lang.management, +# com.ibm.virtualization.management and +# openj9.lang.management packages for managing the openj9 +# virtual machine. +# Some of the openj9 com.ibm.lang.management classes implement +# com.sun.management interfaces, so those com.sun.management +# classes need to be included in the javadoc. +# +# The required openjdk com.sun.management interface source files +# are copied to a temporary location, which is then used as the +# source file location for the javadoc, rather than the actual +# openjdk source tree. +# +# The MGMT_XXX macros are defined in make/Javadoc.gmk + +############################################################################# +# Location of the openjdk com.sun.management source files +SUN_MGMT_SRCDIR := $(JDK_SHARE_CLASSES)/com/sun/management + +############################################################################# +# Somewhere to copy the openjdk com.sun.management interfaces referenced by +# the com.ibm.lang.management to. +TEMP_SUN_MGMT_PKGDIR := $(TEMPDIR)/mgmt +TEMP_SUN_MGMT_SRCDIR := $(TEMP_SUN_MGMT_PKGDIR)/com/sun/management + +OPENJ9_MGMT_PKGS := com.ibm.lang.management com.ibm.virtualization.management openj9.lang.management +ALL_MGMT_PKGS = $(OPENJ9_MGMT_PKGS) $(MGMT_PKGS) + +OPENJ9_MGMT_FIRST_COPYRIGHT_YEAR := 2001 +OPENJ9_MGMT_DOCDIR := $(JRE_API_DOCSDIR)/management/extension +OPENJ9_MGMT_DOCTITLE := OpenJ9 Monitoring and Management Interface Classes +OPENJ9_MGMT_WINDOWTITLE := OpenJ9 Monitoring and Management Interface Classes +OPENJ9_MGMT_HEADER := OpenJ9 Monitoring and Management Interface Classes + +############################################################################# +# The index.html, options, and packages files +OPENJ9_MGMT_INDEXALL_FILE = $(OPENJ9_MGMT_DOCDIR)/index-all.html +OPENJ9_MGMT_INDEX_FILE = $(OPENJ9_MGMT_DOCDIR)/index.html +OPENJ9_MGMT_OPTIONS_FILE := $(DOCSTMPDIR)/openj9.mgmt.options +OPENJ9_MGMT_PACKAGES_FILE := $(DOCSTMPDIR)/openj9.mgmt.packages + +############################################################################# +# Set the link prefix for the JavaSE core and com.sun.management packages +# point at the pages created in this build. +JAVASE_BASE_URL := ../../$(JDKJRE2COREAPI) +MGMT_BASE_URL := $(OPENJ9_MGMT_DOCDIR) +OPENJ9_MGMT_SRCPATH := $(OPENJ9_DOCS_SRCDIR)$(PATH_SEP)$(TEMP_SUN_MGMT_PKGDIR) + +############################################################################# +# Run javadoc if the index-all.html file is out of date or missing. +# The openjdk build already uses index.html as its marker, so this +# uses the index-all.html file instead. +# The dependency on the index.html file ensures this javadoc +# generation will replace the openjdk javadoc generation. +$(OPENJ9_MGMT_INDEXALL_FILE): FIRST_COPYRIGHT_YEAR := $(OPENJ9_MGMT_FIRST_COPYRIGHT_YEAR) +$(OPENJ9_MGMT_INDEXALL_FILE): $(OPENJ9_MGMT_INDEX_FILE) $(OPENJ9_MGMT_OPTIONS_FILE) $(OPENJ9_MGMT_PACKAGES_FILE) + $(MKDIR) -p $(TEMP_SUN_MGMT_SRCDIR) + if [ ! -d $(TEMP_SUN_MGMT_SRCDIR) ]; then echo Error: $(TEMP_SUN_MGMT_SRCDIR) does not exist, mkdir -p $(TEMP_SUN_MGMT_SRCDIR) must have failed; exit 1; fi + $(CP) $(SUN_MGMT_SRCDIR)/GarbageCollectorMXBean.java $(TEMP_SUN_MGMT_SRCDIR) + $(CP) $(SUN_MGMT_SRCDIR)/OperatingSystemMXBean.java $(TEMP_SUN_MGMT_SRCDIR) + $(CP) $(SUN_MGMT_SRCDIR)/UnixOperatingSystemMXBean.java $(TEMP_SUN_MGMT_SRCDIR) + $(CP) $(SUN_MGMT_SRCDIR)/package-info.java $(TEMP_SUN_MGMT_SRCDIR) + $(prep-javadoc) + $(call JavadocSummary,$(OPENJ9_MGMT_OPTIONS_FILE),$(OPENJ9_MGMT_PACKAGES_FILE)) + $(JAVADOC_CMD) -d $(@D) @$(OPENJ9_MGMT_OPTIONS_FILE) @$(OPENJ9_MGMT_PACKAGES_FILE) 1>&2 + $(RM) -r $(TEMP_SUN_MGMT_PKGDIR) + +$(OPENJ9_MGMT_OPTIONS_FILE): + $(prep-target) + @($(call OptionOnly,$(COMMON_JAVADOCFLAGS)) ; \ + $(call OptionPair,-sourcepath,$(OPENJ9_MGMT_SRCPATH)) ; \ + $(call OptionPair,-encoding,ascii) ; \ + $(call OptionPair,-doctitle,$(MGMT_DOCTITLE)) ; \ + $(call OptionPair,-windowtitle,$(MGMT_WINDOWTITLE) $(DRAFT_WINTITLE)) ; \ + $(call OptionPair,-header,$(MGMT_HEADER)$(DRAFT_HEADER)) ; \ + $(call OptionPair,-bottom,$(MGMT_BOTTOM)$(DRAFT_BOTTOM)) ; \ + $(call OptionTrip,-linkoffline,$(JAVASE_BASE_URL),$(COREAPI_DOCSDIR)/) ; \ + $(call OptionTrip,-linkoffline,$(MGMT_BASE_URL),$(MGMT_DOCDIR)/) ; \ + ) > $@ + +# Create a file with the package names in it +$(OPENJ9_MGMT_PACKAGES_FILE): $(DIRECTORY_CACHE) $(call PackageDependencies,$(ALL_MGMT_PKGS)) + $(prep-target) + $(call PackageFilter,$(ALL_MGMT_PKGS)) + +############################################################################# +# The javadoc tool only allows for a single setting for headers and footers +# per invocation, which means that the jdk management and core api openjdk +# classes which have been replaced by openj9 will contain the openjdk page +# footer. +# The commands below locate the javadoc pages generated from the openj9 +# overrides and replace the footer in those pages. +# '.' need escaping in the sed regex. If more sed special characters are +# introduced in the openjdk footer in future these would need escaping also. +# '&' needs escaping in sed replacement text. +# When pages are being generated openj9 extensions (under the docs/platform +# directory), the correct footer is specified directly in the javadoc command. +# +# The OpenJ9 classes are built from the j9jcl_sources and closed/src +# directories. +# The packages are beneath directories called /share/classes (or /unix/classes, +# /windows/classes etc.) which do not appear in the javadoc tree structure. +# The commands below replace the footer in the javadoc html pages for the +# following files: +# 1. The openj9 java source files which override the openjdk versions +# 2. The openj9.xxxx modules, including the javadoc generated files such as +# enum class pages, module-summary.html, package-summary.html etc.) +# A temporary script file is used to avoid the xargs command line length limit +# of 255 chars. + +OPENJ9_SUBST_BOTTOM = $(subst &,\&,$(OPENJ9_JAVADOC_BOTTOM)) + +############################################################################# +# sed command to replace the footer in the jdk management javadoc files. +MGMT_BOTTOM_REGEX = $(subst .,\.,$(MGMT_BOTTOM)) +OPENJ9_MGMT_SUBST_COMMAND = $(SED) -e '\''s|$(MGMT_BOTTOM_REGEX)|$(OPENJ9_SUBST_BOTTOM)|g'\'' + +############################################################################# +# sed command to replace the footer in the core api javadoc files. +# Openjdk Core API doc is generated with the -Xdocrootparent javadoc option, +# so apply the same substition to the page footer before matching. +COREAPI_BOTTOM_REGEX = $(subst {@docroot}/,$(subst .,\.,$(DOCS_BASE_URL)),$(subst .,\.,$(COREAPI_BOTTOM))) +OPENJ9_COREAPI_SUBST_COMMAND = $(SED) -e '\''s|$(COREAPI_BOTTOM_REGEX)|$(OPENJ9_SUBST_BOTTOM)|g'\'' + +################################################################################ +OPENJ9_JAVADOC_MARKER := $(TEMPDIR)/_javadoc_openj9.marker +OPENJ9_JAVADOC_SCRIPT := $(TEMPDIR)/_javadoc_openj9_footer_replace.sh +OPENJ9_JAVADOC_TEMP := $(TEMPDIR)/_javadoc_temp.html + +################################################################################ +# Use a marker file as target with dependencies which ensure footers are not +# updated until the pages have been updated by the openjdk javadoc targets. + +OPENJ9_JAVADOC_SCRIPT_BODY = \ + for path in "$$@" ; do \ + if [ -f "$(COREAPI_DOCSDIR)/$$path" ] ; then \ + $(CP) "$(COREAPI_DOCSDIR)/$$path" "$(OPENJ9_JAVADOC_TEMP)" ; \ + $(OPENJ9_COREAPI_SUBST_COMMAND) < "$(OPENJ9_JAVADOC_TEMP)" > "$(COREAPI_DOCSDIR)/$$path" ; \ + $(RM) "$(OPENJ9_JAVADOC_TEMP)" ; \ + fi ; \ + if [ -f "$(JRE_API_DOCSDIR)/management/extension/$$path" ] ; then \ + $(CP) "$(JRE_API_DOCSDIR)/management/extension/$$path" "$(OPENJ9_JAVADOC_TEMP)" ; \ + $(OPENJ9_MGMT_SUBST_COMMAND) < "$(OPENJ9_JAVADOC_TEMP)" > "$(JRE_API_DOCSDIR)/management/extension/$$path" ; \ + $(RM) "$(OPENJ9_JAVADOC_TEMP)" ; \ + fi ; \ + done \ + # + +$(OPENJ9_JAVADOC_MARKER) : $(COREAPI_DOCSDIR)/index.html $(OPENJ9_MGMT_INDEXALL_FILE) + $(ECHO) '$(OPENJ9_JAVADOC_SCRIPT_BODY)' >$(OPENJ9_JAVADOC_SCRIPT) + $(CD) $(JDK_OUTPUTDIR)/j9jcl_sources/jdk/src ; \ + $(FIND) . -type f -name '*.java' \ + | $(SED) -e 's|/[^/]\+/classes/|/|' -e 's|\.java$$|.html|' \ + | $(XARGS) $(BASH) $(OPENJ9_JAVADOC_SCRIPT) + $(CD) $(TOPDIR)/closed/adds/jdk/src; \ + $(FIND) . -type f -name '*.java' \ + | $(SED) -e 's|/[^/]\+/classes/|/|' -e 's|\.java$$|.html|' \ + | $(XARGS) $(BASH) $(OPENJ9_JAVADOC_SCRIPT) + $(CD) $(JRE_API_DOCSDIR)/management/extension; \ + $(FIND) . -type f '(' -path '*/openj9*/*.html' ')' -o '(' -path '*/com/ibm/*.html' ')' \ + | $(XARGS) $(BASH) $(OPENJ9_JAVADOC_SCRIPT) + $(RM) -f $(OPENJ9_JAVADOC_SCRIPT) + $(TOUCH) $@ + +# ALL_OTHER_TARGETS are declared as PHONY in make/Javadoc.gmk +ALL_OTHER_TARGETS += $(OPENJ9_JAVADOC_MARKER) openj9-sharedclassesdocs openj9-gpudocs openj9-cudadocs openj9-dataaccessdocs openj9-jvmdocs From e913cc3caaa9a00529ef7f93a1d029f3e5fcd1b0 Mon Sep 17 00:00:00 2001 From: J9 Build Date: Wed, 8 Jan 2020 03:31:17 +0000 Subject: [PATCH 37/37] Update OPENJDK_TAG to merged level jdk8u242-b06 Signed-off-by: J9 Build --- closed/openjdk-tag.gmk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/closed/openjdk-tag.gmk b/closed/openjdk-tag.gmk index b03ceb5edf4..669cbc60bbb 100644 --- a/closed/openjdk-tag.gmk +++ b/closed/openjdk-tag.gmk @@ -1 +1 @@ -OPENJDK_TAG := jdk8u242-b05 +OPENJDK_TAG := jdk8u242-b06