changeset 12020:fdcb38fe8b4f

Merge
author asaha
date Mon, 03 Oct 2016 08:07:04 -0700
parents 0969c69a27dd 6c480a772201
children 2d75b4c1ff2f
files .hgtags
diffstat 10 files changed, 58 insertions(+), 25 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Mon Sep 19 09:47:34 2016 -0700
+++ b/.hgtags	Mon Oct 03 08:07:04 2016 -0700
@@ -643,6 +643,9 @@
 c959cff8f7accc5dc2a334a977a95fe1dcb9e812 jdk8u111-b09
 1f15a299d2bf9a8bed33a2bdf36745c8238aafbb jdk8u111-b10
 28e488c17b7a276e9ce00a0488bbc53094294e14 jdk8u111-b11
+b1304d71a2ec04ae6fa0a46120a5beba40a6f5ba jdk8u111-b12
+3f1a07c3a600abdc2eb204f9b67984e6b920846e jdk8u111-b13
+ab26fe28f9ed9c7d0a03ce47d1306427f86f27e9 jdk8u111-b14
 47e20a90bdbb2327289e330606b73a9fe4dc857e jdk8u112-b00
 96393e490afd4acba5b92c5ede68dc9bbb60a38e jdk8u112-b01
 b44d695f738baba091370828b84ae2c4cd715c1b jdk8u112-b02
@@ -655,3 +658,7 @@
 c86d82567b1200bdb2d2a757f676179a637c4244 jdk8u112-b10
 532df0329e8070a75ae229310aa87ae530fa1eee jdk8u112-b11
 2a44e743f1654e39109233322e639bcfeca42e8d jdk8u112-b12
+16c649b70dc3d437ab16ff8125a50125deda2bc9 jdk8u112-b13
+d2d8b67021a0f41e0eabd711bfd87a943dc0a8d5 jdk8u112-b14
+60767ec3909b3d0cb26dd7b3f952c62053719dda jdk8u112-b15
+5dd7e4bae5c2f1ee4f80c5570e7e3e2f715f7a32 jdk8u112-b16
--- a/src/share/classes/sun/security/pkcs/SignerInfo.java	Mon Sep 19 09:47:34 2016 -0700
+++ b/src/share/classes/sun/security/pkcs/SignerInfo.java	Mon Oct 03 08:07:04 2016 -0700
@@ -55,6 +55,7 @@
 import sun.security.util.DerOutputStream;
 import sun.security.util.DerValue;
 import sun.security.util.DisabledAlgorithmConstraints;
+import sun.security.util.KeyUtil;
 import sun.security.util.ObjectIdentifier;
 import sun.security.x509.AlgorithmId;
 import sun.security.x509.X500Name;
@@ -399,7 +400,9 @@
             // check if the public key is restricted
             if (!JAR_DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
                 throw new SignatureException("Public key check failed. " +
-                        "Disabled algorithm used: " + key.getAlgorithm());
+                        "Disabled key used: " +
+                        KeyUtil.getKeySize(key) + " bit " +
+                        key.getAlgorithm());
             }
 
             if (cert.hasUnsupportedCriticalExtension()) {
--- a/src/share/classes/sun/security/tools/jarsigner/Main.java	Mon Sep 19 09:47:34 2016 -0700
+++ b/src/share/classes/sun/security/tools/jarsigner/Main.java	Mon Oct 03 08:07:04 2016 -0700
@@ -603,6 +603,7 @@
             }
 
             Manifest man = jf.getManifest();
+            boolean hasSignature = false;
 
             // The map to record display info, only used when -verbose provided
             //      key: signer info string
@@ -618,6 +619,10 @@
                 while (e.hasMoreElements()) {
                     JarEntry je = e.nextElement();
                     String name = je.getName();
+
+                    hasSignature = hasSignature
+                            || SignatureFileVerifier.isBlockOrSF(name);
+
                     CodeSigner[] signers = je.getCodeSigners();
                     boolean isSigned = (signers != null);
                     anySigned |= isSigned;
@@ -757,8 +762,11 @@
                 System.out.println(rb.getString("no.manifest."));
 
             if (!anySigned) {
-                System.out.println(rb.getString(
-                      "jar.is.unsigned.signatures.missing.or.not.parsable."));
+                if (hasSignature) {
+                    System.out.println(rb.getString("jar.treated.unsigned"));
+                } else {
+                    System.out.println(rb.getString("jar.is.unsigned"));
+                }
             } else {
                 boolean warningAppeared = false;
                 boolean errorAppeared = false;
--- a/src/share/classes/sun/security/tools/jarsigner/Resources.java	Mon Sep 19 09:47:34 2016 -0700
+++ b/src/share/classes/sun/security/tools/jarsigner/Resources.java	Mon Oct 03 08:07:04 2016 -0700
@@ -135,8 +135,10 @@
         {"no.manifest.", "no manifest."},
         {".Signature.related.entries.","(Signature related entries)"},
         {".Unsigned.entries.", "(Unsigned entries)"},
-        {"jar.is.unsigned.signatures.missing.or.not.parsable.",
-                "jar is unsigned. (signatures missing or not parsable)"},
+        {"jar.is.unsigned",
+                "jar is unsigned."},
+        {"jar.treated.unsigned",
+                "Signature not parsable or verifiable. The jar will be treated as unsigned. The jar may have been signed with a weak algorithm that is now disabled. For more information, rerun jarsigner with debug enabled (-J-Djava.security.debug=jar)."},
         {"jar.signed.", "jar signed."},
         {"jar.signed.with.signer.errors.", "jar signed, with signer errors."},
         {"jar.verified.", "jar verified."},
--- a/src/share/lib/security/java.security-aix	Mon Sep 19 09:47:34 2016 -0700
+++ b/src/share/lib/security/java.security-aix	Mon Oct 03 08:07:04 2016 -0700
@@ -660,4 +660,4 @@
 # implementation. It is not guaranteed to be examined and used by other
 # implementations.
 #
-jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
+jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
--- a/src/share/lib/security/java.security-linux	Mon Sep 19 09:47:34 2016 -0700
+++ b/src/share/lib/security/java.security-linux	Mon Oct 03 08:07:04 2016 -0700
@@ -660,4 +660,4 @@
 # implementation. It is not guaranteed to be examined and used by other
 # implementations.
 #
-jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
+jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
--- a/src/share/lib/security/java.security-macosx	Mon Sep 19 09:47:34 2016 -0700
+++ b/src/share/lib/security/java.security-macosx	Mon Oct 03 08:07:04 2016 -0700
@@ -663,4 +663,4 @@
 # implementation. It is not guaranteed to be examined and used by other
 # implementations.
 #
-jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
+jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
--- a/src/share/lib/security/java.security-solaris	Mon Sep 19 09:47:34 2016 -0700
+++ b/src/share/lib/security/java.security-solaris	Mon Oct 03 08:07:04 2016 -0700
@@ -662,4 +662,4 @@
 # implementation. It is not guaranteed to be examined and used by other
 # implementations.
 #
-jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
+jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
--- a/src/share/lib/security/java.security-windows	Mon Sep 19 09:47:34 2016 -0700
+++ b/src/share/lib/security/java.security-windows	Mon Oct 03 08:07:04 2016 -0700
@@ -663,4 +663,4 @@
 # implementation. It is not guaranteed to be examined and used by other
 # implementations.
 #
-jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
+jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
--- a/test/lib/testlibrary/jdk/testlibrary/OutputAnalyzer.java	Mon Sep 19 09:47:34 2016 -0700
+++ b/test/lib/testlibrary/jdk/testlibrary/OutputAnalyzer.java	Mon Oct 03 08:07:04 2016 -0700
@@ -90,13 +90,14 @@
      * @throws RuntimeException
      *             If the string was not found
      */
-    public void shouldContain(String expectedString) {
+    public OutputAnalyzer shouldContain(String expectedString) {
         if (!stdout.contains(expectedString)
                 && !stderr.contains(expectedString)) {
             reportDiagnosticSummary();
             throw new RuntimeException("'" + expectedString
                     + "' missing from stdout/stderr \n");
         }
+        return this;
     }
 
     /**
@@ -107,12 +108,13 @@
      * @throws RuntimeException
      *             If the string was not found
      */
-    public void stdoutShouldContain(String expectedString) {
+    public OutputAnalyzer stdoutShouldContain(String expectedString) {
         if (!stdout.contains(expectedString)) {
             reportDiagnosticSummary();
             throw new RuntimeException("'" + expectedString
                     + "' missing from stdout \n");
         }
+        return this;
     }
 
     /**
@@ -123,24 +125,25 @@
      * @throws RuntimeException
      *             If the string was not found
      */
-    public void stderrShouldContain(String expectedString) {
+    public OutputAnalyzer stderrShouldContain(String expectedString) {
         if (!stderr.contains(expectedString)) {
             reportDiagnosticSummary();
             throw new RuntimeException("'" + expectedString
                     + "' missing from stderr \n");
         }
+        return this;
     }
 
     /**
      * Verify that the stdout and stderr contents of output buffer does not
      * contain the string
      *
-     * @param expectedString
+     * @param notExpectedString
      *            String that the buffer should not contain
      * @throws RuntimeException
      *             If the string was found
      */
-    public void shouldNotContain(String notExpectedString) {
+    public OutputAnalyzer shouldNotContain(String notExpectedString) {
         if (stdout.contains(notExpectedString)) {
             reportDiagnosticSummary();
             throw new RuntimeException("'" + notExpectedString
@@ -151,23 +154,25 @@
             throw new RuntimeException("'" + notExpectedString
                     + "' found in stderr \n");
         }
+        return this;
     }
 
     /**
      * Verify that the stdout contents of output buffer does not contain the
      * string
      *
-     * @param expectedString
+     * @param notExpectedString
      *            String that the buffer should not contain
      * @throws RuntimeException
      *             If the string was found
      */
-    public void stdoutShouldNotContain(String notExpectedString) {
+    public OutputAnalyzer stdoutShouldNotContain(String notExpectedString) {
         if (stdout.contains(notExpectedString)) {
             reportDiagnosticSummary();
             throw new RuntimeException("'" + notExpectedString
                     + "' found in stdout \n");
         }
+        return this;
     }
 
     /**
@@ -195,7 +200,7 @@
      * @throws RuntimeException
      *             If the pattern was not found
      */
-    public void shouldMatch(String pattern) {
+    public OutputAnalyzer shouldMatch(String pattern) {
         Matcher stdoutMatcher = Pattern.compile(pattern, Pattern.MULTILINE)
                 .matcher(stdout);
         Matcher stderrMatcher = Pattern.compile(pattern, Pattern.MULTILINE)
@@ -205,6 +210,7 @@
             throw new RuntimeException("'" + pattern
                     + "' missing from stdout/stderr \n");
         }
+        return this;
     }
 
     /**
@@ -214,7 +220,7 @@
      * @throws RuntimeException
      *             If the pattern was not found
      */
-    public void stdoutShouldMatch(String pattern) {
+    public OutputAnalyzer stdoutShouldMatch(String pattern) {
         Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher(
                 stdout);
         if (!matcher.find()) {
@@ -222,6 +228,7 @@
             throw new RuntimeException("'" + pattern
                     + "' missing from stdout \n");
         }
+        return this;
     }
 
     /**
@@ -231,7 +238,7 @@
      * @throws RuntimeException
      *             If the pattern was not found
      */
-    public void stderrShouldMatch(String pattern) {
+    public OutputAnalyzer stderrShouldMatch(String pattern) {
         Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher(
                 stderr);
         if (!matcher.find()) {
@@ -239,6 +246,7 @@
             throw new RuntimeException("'" + pattern
                     + "' missing from stderr \n");
         }
+        return this;
     }
 
     /**
@@ -249,7 +257,7 @@
      * @throws RuntimeException
      *             If the pattern was found
      */
-    public void shouldNotMatch(String pattern) {
+    public OutputAnalyzer shouldNotMatch(String pattern) {
         Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher(
                 stdout);
         if (matcher.find()) {
@@ -263,6 +271,7 @@
             throw new RuntimeException("'" + pattern + "' found in stderr: '"
                     + matcher.group() + "' \n");
         }
+        return this;
     }
 
     /**
@@ -273,13 +282,14 @@
      * @throws RuntimeException
      *             If the pattern was found
      */
-    public void stdoutShouldNotMatch(String pattern) {
+    public OutputAnalyzer stdoutShouldNotMatch(String pattern) {
         Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher(
                 stdout);
         if (matcher.find()) {
             reportDiagnosticSummary();
             throw new RuntimeException("'" + pattern + "' found in stdout \n");
         }
+        return this;
     }
 
     /**
@@ -290,13 +300,14 @@
      * @throws RuntimeException
      *             If the pattern was found
      */
-    public void stderrShouldNotMatch(String pattern) {
+    public OutputAnalyzer stderrShouldNotMatch(String pattern) {
         Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher(
                 stderr);
         if (matcher.find()) {
             reportDiagnosticSummary();
             throw new RuntimeException("'" + pattern + "' found in stderr \n");
         }
+        return this;
     }
 
     /**
@@ -344,12 +355,13 @@
      *             If the exit value from the process did not match the expected
      *             value
      */
-    public void shouldHaveExitValue(int expectedExitValue) {
+    public OutputAnalyzer shouldHaveExitValue(int expectedExitValue) {
         if (getExitValue() != expectedExitValue) {
             reportDiagnosticSummary();
             throw new RuntimeException("Expected to get exit value of ["
                     + expectedExitValue + "]\n");
         }
+        return this;
     }
 
     /**
@@ -357,11 +369,12 @@
      * - standard input produced by the process under test - standard output -
      * exit code Note: the command line is printed by the ProcessTools
      */
-    private void reportDiagnosticSummary() {
+    private OutputAnalyzer reportDiagnosticSummary() {
         String msg = " stdout: [" + stdout + "];\n" + " stderr: [" + stderr
                 + "]\n" + " exitValue = " + getExitValue() + "\n";
 
         System.err.println(msg);
+        return this;
     }
 
     /**