changeset 12024:1b35fabb3d88

Merge
author asaha
date Mon, 03 Oct 2016 08:45:53 -0700
parents 70fe02b90e71 2d75b4c1ff2f
children ecdb635eaf48
files .hgtags src/share/lib/security/java.security-aix src/share/lib/security/java.security-linux src/share/lib/security/java.security-macosx src/share/lib/security/java.security-solaris src/share/lib/security/java.security-windows test/sun/security/tools/jarsigner/warnings/Test.java
diffstat 3 files changed, 132 insertions(+), 53 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Thu Sep 29 16:06:49 2016 +0300
+++ b/.hgtags	Mon Oct 03 08:45:53 2016 -0700
@@ -630,6 +630,8 @@
 222d3ac3aa1f99f16e31c1c4a10f916ce83ff759 jdk8u102-b31
 e3839fe291add6e0ea199457fb31c9312cc5dd77 jdk8u102-b32
 275fcb7d4e3e70a37ac70c33d087a805ba182f1e jdk8u102-b33
+d783f00bb04a6fff7ddf1555572c1f3cdfd21e59 jdk8u102-b34
+958684c9f1e73d9310511559c770823180d33e4b jdk8u102-b35
 ebc56c2e803597ef409a5296addc986b390d934d jdk8u111-b00
 c4f03717831993e4658b8366810ca4682ece952d jdk8u111-b01
 de1d09f09e571e38afdf1fb72984ec210e7c19e6 jdk8u111-b02
@@ -642,6 +644,9 @@
 c959cff8f7accc5dc2a334a977a95fe1dcb9e812 jdk8u111-b09
 1f15a299d2bf9a8bed33a2bdf36745c8238aafbb jdk8u111-b10
 28e488c17b7a276e9ce00a0488bbc53094294e14 jdk8u111-b11
+b1304d71a2ec04ae6fa0a46120a5beba40a6f5ba jdk8u111-b12
+3f1a07c3a600abdc2eb204f9b67984e6b920846e jdk8u111-b13
+ab26fe28f9ed9c7d0a03ce47d1306427f86f27e9 jdk8u111-b14
 47e20a90bdbb2327289e330606b73a9fe4dc857e jdk8u112-b00
 96393e490afd4acba5b92c5ede68dc9bbb60a38e jdk8u112-b01
 b44d695f738baba091370828b84ae2c4cd715c1b jdk8u112-b02
@@ -654,6 +659,10 @@
 c86d82567b1200bdb2d2a757f676179a637c4244 jdk8u112-b10
 532df0329e8070a75ae229310aa87ae530fa1eee jdk8u112-b11
 2a44e743f1654e39109233322e639bcfeca42e8d jdk8u112-b12
+16c649b70dc3d437ab16ff8125a50125deda2bc9 jdk8u112-b13
+d2d8b67021a0f41e0eabd711bfd87a943dc0a8d5 jdk8u112-b14
+60767ec3909b3d0cb26dd7b3f952c62053719dda jdk8u112-b15
+5dd7e4bae5c2f1ee4f80c5570e7e3e2f715f7a32 jdk8u112-b16
 ab5ff8f1e52c5e3ca02e988f4d978af63ceca5b8 jdk8u121-b00
 5f0839ac7e0d25dd1ae705df496b12ca76c26d59 jdk8u121-b01
 f91e3aa155b3c6774afb456db15fb358313d5771 jdk8u121-b02
--- a/src/windows/native/java/net/Inet4AddressImpl.c	Thu Sep 29 16:06:49 2016 +0300
+++ b/src/windows/native/java/net/Inet4AddressImpl.c	Mon Oct 03 08:45:53 2016 -0700
@@ -33,6 +33,7 @@
 #include <process.h>
 #include <iphlpapi.h>
 #include <icmpapi.h>
+#include <WinError.h>
 
 #include "java_net_InetAddress.h"
 #include "java_net_Inet4AddressImpl.h"
@@ -481,7 +482,15 @@
     DWORD ReplySize = 0;
     jboolean ret = JNI_FALSE;
 
-    ReplySize = sizeof(ICMP_ECHO_REPLY) + sizeof(SendData);
+    // https://msdn.microsoft.com/en-us/library/windows/desktop/aa366051%28v=vs.85%29.aspx
+    ReplySize = sizeof(ICMP_ECHO_REPLY)   // The buffer should be large enough
+                                          // to hold at least one ICMP_ECHO_REPLY
+                                          // structure
+                + sizeof(SendData)        // plus RequestSize bytes of data.
+                + 8;                      // This buffer should also be large enough
+                                          // to also hold 8 more bytes of data
+                                          // (the size of an ICMP error message)
+
     ReplyBuffer = (VOID*) malloc(ReplySize);
     if (ReplyBuffer == NULL) {
         IcmpCloseHandle(hIcmpFile);
@@ -517,10 +526,45 @@
                                    (timeout < 1000) ? 1000 : timeout);   // DWORD Timeout
     }
 
-    if (dwRetVal != 0) {
+    if (dwRetVal == 0) { // if the call failed
+        TCHAR *buf;
+        DWORD err = WSAGetLastError();
+        switch (err) {
+            case ERROR_NO_NETWORK:
+            case ERROR_NETWORK_UNREACHABLE:
+            case ERROR_HOST_UNREACHABLE:
+            case ERROR_PROTOCOL_UNREACHABLE:
+            case ERROR_PORT_UNREACHABLE:
+            case ERROR_REQUEST_ABORTED:
+            case ERROR_INCORRECT_ADDRESS:
+            case ERROR_HOST_DOWN:
+            case WSAEHOSTUNREACH:   /* Host Unreachable */
+            case WSAENETUNREACH:    /* Network Unreachable */
+            case WSAENETDOWN:       /* Network is down */
+            case WSAEPFNOSUPPORT:   /* Protocol Family unsupported */
+            case IP_REQ_TIMED_OUT:
+                break;
+            default:
+                FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
+                        NULL, err, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+                        (LPTSTR)&buf, 0, NULL);
+                NET_ThrowNew(env, err, buf);
+                LocalFree(buf);
+                break;
+        }
+    } else {
         PICMP_ECHO_REPLY pEchoReply = (PICMP_ECHO_REPLY)ReplyBuffer;
-        if ((int)pEchoReply->RoundTripTime <= timeout)
+
+        // This is to take into account the undocumented minimum
+        // timeout mentioned in the IcmpSendEcho call above.
+        // We perform an extra check to make sure that our
+        // roundtrip time was less than our desired timeout
+        // for cases where that timeout is < 1000ms.
+        if (pEchoReply->Status == IP_SUCCESS
+                && (int)pEchoReply->RoundTripTime <= timeout)
+        {
             ret = JNI_TRUE;
+        }
     }
 
     free(ReplyBuffer);
--- a/src/windows/native/sun/security/mscapi/security.cpp	Thu Sep 29 16:06:49 2016 +0300
+++ b/src/windows/native/sun/security/mscapi/security.cpp	Mon Oct 03 08:45:53 2016 -0700
@@ -352,38 +352,50 @@
             BOOL bHasNoPrivateKey = FALSE;
             DWORD dwPublicKeyLength = 0;
 
-            if (::CryptAcquireCertificatePrivateKey(pCertContext, NULL, NULL,
-                                                    &hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE)
+            // First, probe it silently
+            if (::CryptAcquireCertificatePrivateKey(pCertContext, CRYPT_ACQUIRE_SILENT_FLAG, NULL,
+                    &hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE
+                && GetLastError() != NTE_SILENT_CONTEXT)
             {
                 bHasNoPrivateKey = TRUE;
-
-            } else {
-                // Private key is available
-
-                BOOL bGetUserKey = ::CryptGetUserKey(hCryptProv, dwKeySpec, &hUserKey);
-
-                // Skip certificate if cannot find private key
-                if (bGetUserKey == FALSE)
-                {
-                    if (bCallerFreeProv)
-                        ::CryptReleaseContext(hCryptProv, NULL);
-
-                    continue;
+            }
+            else
+            {
+                if (bCallerFreeProv == TRUE) {
+                    ::CryptReleaseContext(hCryptProv, NULL);
+                    bCallerFreeProv = FALSE;
                 }
 
-                // Set cipher mode to ECB
-                DWORD dwCipherMode = CRYPT_MODE_ECB;
-                ::CryptSetKeyParam(hUserKey, KP_MODE, (BYTE*)&dwCipherMode, NULL);
+                // Second, acquire the key normally (not silently)
+                if (::CryptAcquireCertificatePrivateKey(pCertContext, 0, NULL,
+                        &hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE)
+                {
+                    bHasNoPrivateKey = TRUE;
+                }
+                else
+                {
+                    // Private key is available
+                    BOOL bGetUserKey = ::CryptGetUserKey(hCryptProv, dwKeySpec, &hUserKey);
 
+                    // Skip certificate if cannot find private key
+                    if (bGetUserKey == FALSE) {
+                        if (bCallerFreeProv)
+                            ::CryptReleaseContext(hCryptProv, NULL);
+                        continue;
+                    }
 
-                // If the private key is present in smart card, we may not be able to
-                // determine the key length by using the private key handle. However,
-                // since public/private key pairs must have the same length, we could
-                // determine the key length of the private key by using the public key
-                // in the certificate.
-                dwPublicKeyLength = ::CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
-                        &(pCertContext->pCertInfo->SubjectPublicKeyInfo));
+                    // Set cipher mode to ECB
+                    DWORD dwCipherMode = CRYPT_MODE_ECB;
+                    ::CryptSetKeyParam(hUserKey, KP_MODE, (BYTE*)&dwCipherMode, NULL);
 
+                    // If the private key is present in smart card, we may not be able to
+                    // determine the key length by using the private key handle. However,
+                    // since public/private key pairs must have the same length, we could
+                    // determine the key length of the private key by using the public key
+                    // in the certificate.
+                    dwPublicKeyLength = ::CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+                            &(pCertContext->pCertInfo->SubjectPublicKeyInfo));
+                }
             }
             PCCERT_CHAIN_CONTEXT pCertChainContext = NULL;
 
@@ -392,8 +404,7 @@
             //
             if (GetCertificateChain(OID_EKU_ANY, pCertContext, &pCertChainContext))
             {
-
-                for (unsigned int i=0; i < pCertChainContext->cChain; i++)
+                for (DWORD i = 0; i < pCertChainContext->cChain; i++)
                 {
                     // Found cert chain
                     PCERT_SIMPLE_CHAIN rgpChain =
@@ -443,6 +454,7 @@
                         // cert collection
                         env->CallVoidMethod(obj, mGenCert, byteArray, jArrayList);
                     }
+
                     if (bHasNoPrivateKey)
                     {
                         // Generate certificate chain and store into cert chain
@@ -1361,43 +1373,57 @@
     HCRYPTPROV hCryptProv = NULL;
     HCRYPTKEY hKey = NULL;
     DWORD dwKeySpec;
+    BOOL bCallerFreeProv = FALSE;
+    BOOL bRes;
 
     __try
     {
         if (usePrivateKey == JNI_TRUE) {
             // Locate the key container for the certificate's private key
-            if (!(::CryptAcquireCertificatePrivateKey(
-                (PCCERT_CONTEXT) pCertContext, 0, NULL, &hCryptProv,
-                &dwKeySpec, NULL))) {
 
+            // First, probe it silently
+            bRes = ::CryptAcquireCertificatePrivateKey(
+                    (PCCERT_CONTEXT) pCertContext, CRYPT_ACQUIRE_SILENT_FLAG,
+                    NULL, &hCryptProv, &dwKeySpec, &bCallerFreeProv);
+
+            if (bRes == FALSE && GetLastError() != NTE_SILENT_CONTEXT)
+            {
+                ThrowException(env, KEYSTORE_EXCEPTION, GetLastError());
+                __leave;
+            }
+
+            if (bCallerFreeProv == TRUE) {
+                ::CryptReleaseContext(hCryptProv, NULL);
+                bCallerFreeProv = FALSE;
+            }
+
+            // Now, do it normally (not silently)
+            if (::CryptAcquireCertificatePrivateKey(
+                    (PCCERT_CONTEXT) pCertContext, 0, NULL, &hCryptProv,
+                    &dwKeySpec, &bCallerFreeProv) == FALSE)
+            {
                 ThrowException(env, KEYSTORE_EXCEPTION, GetLastError());
                 __leave;
             }
 
             // Get a handle to the private key
-            if (!(::CryptGetUserKey(hCryptProv, dwKeySpec, &hKey))) {
+            if (::CryptGetUserKey(hCryptProv, dwKeySpec, &hKey) == FALSE) {
                 ThrowException(env, KEY_EXCEPTION, GetLastError());
                 __leave;
             }
-
-        } else { // use public key
+        }
+        else // use public key
+        {
+            bCallerFreeProv = TRUE;
 
             //  Acquire a CSP context.
-            if(::CryptAcquireContext(
-               &hCryptProv,
-               "J2SE",
-               NULL,
-               PROV_RSA_FULL,
-               0) == FALSE)
+            if (::CryptAcquireContext(&hCryptProv, "J2SE", NULL,
+                    PROV_RSA_FULL, 0) == FALSE)
             {
                 // If CSP context hasn't been created, create one.
                 //
-                if (::CryptAcquireContext(
-                    &hCryptProv,
-                    "J2SE",
-                    NULL,
-                    PROV_RSA_FULL,
-                    CRYPT_NEWKEYSET) == FALSE)
+                if (::CryptAcquireContext(&hCryptProv, "J2SE", NULL,
+                        PROV_RSA_FULL, CRYPT_NEWKEYSET) == FALSE)
                 {
                     ThrowException(env, KEYSTORE_EXCEPTION, GetLastError());
                     __leave;
@@ -1405,10 +1431,10 @@
             }
 
             // Import the certificate's public key into the key container
-            if (!(::CryptImportPublicKeyInfo(hCryptProv, X509_ASN_ENCODING,
-                &(((PCCERT_CONTEXT) pCertContext)->pCertInfo->SubjectPublicKeyInfo),
-                &hKey))) {
-
+            if (::CryptImportPublicKeyInfo(hCryptProv, X509_ASN_ENCODING,
+                    &(((PCCERT_CONTEXT) pCertContext)->pCertInfo->SubjectPublicKeyInfo),
+                    &hKey) == FALSE)
+            {
                 ThrowException(env, KEY_EXCEPTION, GetLastError());
                 __leave;
             }
@@ -1419,7 +1445,7 @@
         //--------------------------------------------------------------------
         // Clean up.
 
-        if (hCryptProv)
+        if (bCallerFreeProv == TRUE && hCryptProv != NULL)
             ::CryptReleaseContext(hCryptProv, 0);
     }