changeset 10571:81e4885e1406

Merge
author amurillo
date Tue, 24 Mar 2015 08:23:00 -0700
parents 478602cc17e2 518f0c5574ef
children fadc8cf0a648
files
diffstat 15 files changed, 322 insertions(+), 81 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/java/security/ProtectionDomain.java	Tue Mar 24 08:19:33 2015 -0700
+++ b/src/share/classes/java/security/ProtectionDomain.java	Tue Mar 24 08:23:00 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
 
 package java.security;
 
+import java.lang.ref.WeakReference;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Enumeration;
@@ -456,24 +457,37 @@
     /**
      * Used for storing ProtectionDomains as keys in a Map.
      */
-    final class Key {}
+    final static class Key {}
+
+    // A cache of ProtectionDomains and their Permissions
+    private static class PDCache implements ProtectionDomainCache {
+        // We must wrap the PermissionCollection in a WeakReference as there
+        // are some PermissionCollections which contain strong references
+        // back to a ProtectionDomain and otherwise would never be removed
+        // from the WeakHashMap
+        private final Map<Key, WeakReference<PermissionCollection>>
+            map = new WeakHashMap<>();
+
+        @Override
+        public synchronized void put(ProtectionDomain pd,
+                                     PermissionCollection pc) {
+            map.put(pd == null ? null : pd.key, new WeakReference<>(pc));
+        }
+
+        @Override
+        public synchronized PermissionCollection get(ProtectionDomain pd) {
+            WeakReference<PermissionCollection> ref =
+                map.get(pd == null ? null : pd.key);
+            return ref == null ? null : ref.get();
+        }
+    }
 
     static {
         SharedSecrets.setJavaSecurityProtectionDomainAccess(
             new JavaSecurityProtectionDomainAccess() {
+                @Override
                 public ProtectionDomainCache getProtectionDomainCache() {
-                    return new ProtectionDomainCache() {
-                        private final Map<Key, PermissionCollection> map =
-                            Collections.synchronizedMap
-                                (new WeakHashMap<Key, PermissionCollection>());
-                        public void put(ProtectionDomain pd,
-                            PermissionCollection pc) {
-                            map.put((pd == null ? null : pd.key), pc);
-                        }
-                        public PermissionCollection get(ProtectionDomain pd) {
-                            return pd == null ? map.get(null) : map.get(pd.key);
-                        }
-                    };
+                    return new PDCache();
                 }
             });
     }
--- a/src/share/classes/java/security/cert/X509CertSelector.java	Tue Mar 24 08:19:33 2015 -0700
+++ b/src/share/classes/java/security/cert/X509CertSelector.java	Tue Mar 24 08:23:00 2015 -0700
@@ -2574,8 +2574,10 @@
         } else {
             if (maxPathLen < basicConstraints) {
                 if (debug != null) {
-                    debug.println("X509CertSelector.match: maxPathLen too small ("
-                        + maxPathLen + " < " + basicConstraints + ")");
+                    debug.println("X509CertSelector.match: cert's maxPathLen " +
+                            "is less than the min maxPathLen set by " +
+                            "basicConstraints. " +
+                            "(" + maxPathLen + " < " + basicConstraints + ")");
                 }
                 return false;
             }
--- a/src/share/classes/javax/imageio/stream/ImageInputStreamImpl.java	Tue Mar 24 08:19:33 2015 -0700
+++ b/src/share/classes/javax/imageio/stream/ImageInputStreamImpl.java	Tue Mar 24 08:23:00 2015 -0700
@@ -225,7 +225,7 @@
     }
 
     public short readShort() throws IOException {
-        if (read(byteBuf, 0, 2) < 0) {
+        if (read(byteBuf, 0, 2) != 2) {
             throw new EOFException();
         }
 
@@ -247,7 +247,7 @@
     }
 
     public int readInt() throws IOException {
-        if (read(byteBuf, 0, 4) < 0) {
+        if (read(byteBuf, 0, 4) !=  4) {
             throw new EOFException();
         }
 
--- a/src/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java	Tue Mar 24 08:19:33 2015 -0700
+++ b/src/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java	Tue Mar 24 08:23:00 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -224,7 +224,8 @@
             if (extVal == null) {
                 if (debug != null) {
                     debug.println("AdaptableX509CertSelector.match: "
-                        + "no subject key ID extension");
+                        + "no subject key ID extension. Subject: "
+                        + xcert.getSubjectX500Principal());
                 }
                 return true;
             }
@@ -234,7 +235,9 @@
                     !Arrays.equals(ski, certSubjectKeyID)) {
                 if (debug != null) {
                     debug.println("AdaptableX509CertSelector.match: "
-                        + "subject key IDs don't match");
+                        + "subject key IDs don't match. "
+                        + "Expected: " + Arrays.toString(ski) + " "
+                        + "Cert's: " + Arrays.toString(certSubjectKeyID));
                 }
                 return false;
             }
--- a/src/share/classes/sun/security/provider/certpath/Builder.java	Tue Mar 24 08:19:33 2015 -0700
+++ b/src/share/classes/sun/security/provider/certpath/Builder.java	Tue Mar 24 08:23:00 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -435,7 +435,12 @@
             if (selector.match(targetCert) && !X509CertImpl.isSelfSigned
                 (targetCert, buildParams.sigProvider())) {
                 if (debug != null) {
-                    debug.println("Builder.addMatchingCerts: adding target cert");
+                    debug.println("Builder.addMatchingCerts: " +
+                        "adding target cert" +
+                        "\n  SN: " + Debug.toHexString(
+                                            targetCert.getSerialNumber()) +
+                        "\n  Subject: " + targetCert.getSubjectX500Principal() +
+                        "\n  Issuer: " + targetCert.getIssuerX500Principal());
                 }
                 return resultCerts.add(targetCert);
             }
--- a/src/share/classes/sun/security/provider/certpath/ConstraintsChecker.java	Tue Mar 24 08:19:33 2015 -0700
+++ b/src/share/classes/sun/security/provider/certpath/ConstraintsChecker.java	Tue Mar 24 08:23:00 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -145,8 +145,8 @@
         if (prevNC != null && ((i == certPathLength) ||
                 !X509CertImpl.isSelfIssued(currCert))) {
             if (debug != null) {
-                debug.println("prevNC = " + prevNC);
-                debug.println("currDN = " + currCert.getSubjectX500Principal());
+                debug.println("prevNC = " + prevNC +
+                    ", currDN = " + currCert.getSubjectX500Principal());
             }
 
             try {
@@ -184,8 +184,8 @@
             currCertImpl.getNameConstraintsExtension();
 
         if (debug != null) {
-            debug.println("prevNC = " + prevNC);
-            debug.println("newNC = " + String.valueOf(newConstraints));
+            debug.println("prevNC = " + prevNC +
+                        ", newNC = " + String.valueOf(newConstraints));
         }
 
         // if there are no previous name constraints, we just return the
@@ -225,8 +225,8 @@
         String msg = "basic constraints";
         if (debug != null) {
             debug.println("---checking " + msg + "...");
-            debug.println("i = " + i);
-            debug.println("maxPathLength = " + maxPathLength);
+            debug.println("i = " + i +
+                        ", maxPathLength = " + maxPathLength);
         }
 
         /* check if intermediate cert */
--- a/src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java	Tue Mar 24 08:19:33 2015 -0700
+++ b/src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java	Tue Mar 24 08:23:00 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -320,6 +320,14 @@
         Set<TrustAnchor> trustAnchors, List<CertStore> certStores,
         Date validity) throws CRLException, IOException {
 
+        if (debug != null) {
+            debug.println("DistributionPointFetcher.verifyCRL: " +
+                "checking revocation status for" +
+                "\n  SN: " + Debug.toHexString(certImpl.getSerialNumber()) +
+                "\n  Subject: " + certImpl.getSubjectX500Principal() +
+                "\n  Issuer: " + certImpl.getIssuerX500Principal());
+        }
+
         boolean indirectCRL = false;
         X509CRLImpl crlImpl = X509CRLImpl.toImpl(crl);
         IssuingDistributionPointExtension idpExt =
@@ -363,7 +371,9 @@
             }
         } else if (crlIssuer.equals(certIssuer) == false) {
             if (debug != null) {
-                debug.println("crl issuer does not equal cert issuer");
+                debug.println("crl issuer does not equal cert issuer.\n" +
+                              "crl issuer: " + crlIssuer + "\n" +
+                              "cert issuer: " + certIssuer);
             }
             return false;
         } else {
--- a/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java	Tue Mar 24 08:19:33 2015 -0700
+++ b/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java	Tue Mar 24 08:23:00 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -209,7 +209,8 @@
              * getMatchingEECerts
              */
             if (debug != null) {
-                debug.println("ForwardBuilder.getMatchingCACerts(): ca is target");
+                debug.println("ForwardBuilder.getMatchingCACerts(): " +
+                              "the target is a CA");
             }
 
             if (caTargetSelector == null) {
@@ -291,8 +292,14 @@
         for (X509Certificate trustedCert : trustedCerts) {
             if (sel.match(trustedCert)) {
                 if (debug != null) {
-                    debug.println("ForwardBuilder.getMatchingCACerts: "
-                        + "found matching trust anchor");
+                    debug.println("ForwardBuilder.getMatchingCACerts: " +
+                        "found matching trust anchor." +
+                        "\n  SN: " +
+                            Debug.toHexString(trustedCert.getSerialNumber()) +
+                        "\n  Subject: " +
+                            trustedCert.getSubjectX500Principal() +
+                        "\n  Issuer: " +
+                            trustedCert.getIssuerX500Principal());
                 }
                 if (caCerts.add(trustedCert) && !searchAllCertStores) {
                     return;
--- a/src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java	Tue Mar 24 08:19:33 2015 -0700
+++ b/src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java	Tue Mar 24 08:23:00 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,7 @@
 import java.util.Collections;
 import java.util.List;
 import java.util.Set;
+import java.util.StringJoiner;
 import java.security.cert.CertPath;
 import java.security.cert.CertPathValidatorException;
 import java.security.cert.PKIXCertPathChecker;
@@ -88,20 +89,25 @@
              * current certificate of this loop to be the previous certificate
              * of the next loop. The state is initialized during first loop.
              */
-            if (debug != null)
-                debug.println("Checking cert" + (i+1) + " ...");
+            X509Certificate currCert = reversedCertList.get(i);
 
-            X509Certificate currCert = reversedCertList.get(i);
+            if (debug != null) {
+                debug.println("Checking cert" + (i+1) + " - Subject: " +
+                    currCert.getSubjectX500Principal());
+            }
+
             Set<String> unresCritExts = currCert.getCriticalExtensionOIDs();
             if (unresCritExts == null) {
                 unresCritExts = Collections.<String>emptySet();
             }
 
             if (debug != null && !unresCritExts.isEmpty()) {
-                debug.println("Set of critical extensions:");
+                StringJoiner joiner = new StringJoiner(", ", "{", "}");
                 for (String oid : unresCritExts) {
-                    debug.println(oid);
+                  joiner.add(oid);
                 }
+                debug.println("Set of critical extensions: " +
+                        joiner.toString());
             }
 
             for (int j = 0; j < certPathCheckers.size(); j++) {
--- a/src/share/classes/sun/security/provider/certpath/RevocationChecker.java	Tue Mar 24 08:19:33 2015 -0700
+++ b/src/share/classes/sun/security/provider/certpath/RevocationChecker.java	Tue Mar 24 08:23:00 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -343,11 +343,17 @@
                        PublicKey pubKey, boolean crlSignFlag)
         throws CertPathValidatorException
     {
+        if (debug != null) {
+            debug.println("RevocationChecker.check: checking cert" +
+                "\n  SN: " + Debug.toHexString(xcert.getSerialNumber()) +
+                "\n  Subject: " + xcert.getSubjectX500Principal() +
+                "\n  Issuer: " + xcert.getIssuerX500Principal());
+        }
         try {
             if (onlyEE && xcert.getBasicConstraints() != -1) {
                 if (debug != null) {
-                    debug.println("Skipping revocation check, not end " +
-                                  "entity cert");
+                    debug.println("Skipping revocation check; cert is not " +
+                                  "an end entity cert");
                 }
                 return;
             }
--- a/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java	Tue Mar 24 08:19:33 2015 -0700
+++ b/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java	Tue Mar 24 08:23:00 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -136,7 +136,8 @@
         PKIXCertPathBuilderResult result = buildCertPath(false, adjList);
         if (result == null) {
             if (debug != null) {
-                debug.println("SunCertPathBuilder.engineBuild: 2nd pass");
+                debug.println("SunCertPathBuilder.engineBuild: 2nd pass; " +
+                              "try building again searching all certstores");
             }
             // try again
             adjList.clear();
--- a/src/share/classes/sun/security/ssl/ClientHandshaker.java	Tue Mar 24 08:19:33 2015 -0700
+++ b/src/share/classes/sun/security/ssl/ClientHandshaker.java	Tue Mar 24 08:23:00 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -59,6 +59,10 @@
  */
 final class ClientHandshaker extends Handshaker {
 
+    // constants for subject alt names of type DNS and IP
+    private final static int ALTNAME_DNS = 2;
+    private final static int ALTNAME_IP  = 7;
+
     // the server's public key from its certificate.
     private PublicKey serverKey;
 
@@ -818,6 +822,11 @@
                 } else {
                     warningSE(Alerts.alert_no_certificate);
                 }
+                if (debug != null && Debug.isOn("handshake")) {
+                    System.out.println(
+                        "Warning: no suitable certificate found - " +
+                        "continuing without client authentication");
+                }
             }
 
             //
@@ -1497,20 +1506,49 @@
             return true;
         }
 
-        // check the iPAddress field in subjectAltName extension
-        Object thisIPAddress = getSubjectAltName(thisCert, 7);  // 7: iPAddress
-        Object prevIPAddress = getSubjectAltName(prevCert, 7);
-        if (thisIPAddress != null && prevIPAddress!= null) {
-            // only allow the exactly match
-            return Objects.equals(thisIPAddress, prevIPAddress);
+        // check subject alternative names
+        Collection<List<?>> thisSubjectAltNames = null;
+        try {
+            thisSubjectAltNames = thisCert.getSubjectAlternativeNames();
+        } catch (CertificateParsingException cpe) {
+            if (debug != null && Debug.isOn("handshake")) {
+                System.out.println(
+                        "Attempt to obtain subjectAltNames extension failed!");
+            }
         }
 
-        // check the dNSName field in subjectAltName extension
-        Object thisDNSName = getSubjectAltName(thisCert, 2);    // 2: dNSName
-        Object prevDNSName = getSubjectAltName(prevCert, 2);
-        if (thisDNSName != null && prevDNSName!= null) {
-            // only allow the exactly match
-            return Objects.equals(thisDNSName, prevDNSName);
+        Collection<List<?>> prevSubjectAltNames = null;
+        try {
+            prevSubjectAltNames = prevCert.getSubjectAlternativeNames();
+        } catch (CertificateParsingException cpe) {
+            if (debug != null && Debug.isOn("handshake")) {
+                System.out.println(
+                        "Attempt to obtain subjectAltNames extension failed!");
+            }
+        }
+
+        if ((thisSubjectAltNames != null) && (prevSubjectAltNames != null)) {
+            // check the iPAddress field in subjectAltName extension
+            Collection<String> thisSubAltIPAddrs =
+                        getSubjectAltNames(thisSubjectAltNames, ALTNAME_IP);
+            Collection<String> prevSubAltIPAddrs =
+                        getSubjectAltNames(prevSubjectAltNames, ALTNAME_IP);
+            if ((thisSubAltIPAddrs != null) && (prevSubAltIPAddrs != null) &&
+                (isEquivalent(thisSubAltIPAddrs, prevSubAltIPAddrs))) {
+
+                return true;
+            }
+
+            // check the dNSName field in subjectAltName extension
+            Collection<String> thisSubAltDnsNames =
+                        getSubjectAltNames(thisSubjectAltNames, ALTNAME_DNS);
+            Collection<String> prevSubAltDnsNames =
+                        getSubjectAltNames(prevSubjectAltNames, ALTNAME_DNS);
+            if ((thisSubAltDnsNames != null) && (prevSubAltDnsNames != null) &&
+                (isEquivalent(thisSubAltDnsNames, prevSubAltDnsNames))) {
+
+                return true;
+            }
         }
 
         // check the certificate subject and issuer
@@ -1531,29 +1569,43 @@
     /*
      * Returns the subject alternative name of the specified type in the
      * subjectAltNames extension of a certificate.
+     *
+     * Note that only those subjectAltName types that use String data
+     * should be passed into this function.
      */
-    private static Object getSubjectAltName(X509Certificate cert, int type) {
-        Collection<List<?>> subjectAltNames;
+    private static Collection<String> getSubjectAltNames(
+            Collection<List<?>> subjectAltNames, int type) {
 
-        try {
-            subjectAltNames = cert.getSubjectAlternativeNames();
-        } catch (CertificateParsingException cpe) {
-            if (debug != null && Debug.isOn("handshake")) {
-                System.out.println(
-                        "Attempt to obtain subjectAltNames extension failed!");
-            }
-            return null;
-        }
-
-        if (subjectAltNames != null) {
-            for (List<?> subjectAltName : subjectAltNames) {
-                int subjectAltNameType = (Integer)subjectAltName.get(0);
-                if (subjectAltNameType == type) {
-                    return subjectAltName.get(1);
+        HashSet<String> subAltDnsNames = null;
+        for (List<?> subjectAltName : subjectAltNames) {
+            int subjectAltNameType = (Integer)subjectAltName.get(0);
+            if (subjectAltNameType == type) {
+                String subAltDnsName = (String)subjectAltName.get(1);
+                if ((subAltDnsName != null) && !subAltDnsName.isEmpty()) {
+                    if (subAltDnsNames == null) {
+                        subAltDnsNames =
+                                new HashSet<>(subjectAltNames.size());
+                    }
+                    subAltDnsNames.add(subAltDnsName);
                 }
             }
         }
 
-        return null;
+        return subAltDnsNames;
+    }
+
+    private static boolean isEquivalent(Collection<String> thisSubAltNames,
+            Collection<String> prevSubAltNames) {
+
+        for (String thisSubAltName : thisSubAltNames) {
+            for (String prevSubAltName : prevSubAltNames) {
+                // Only allow the exactly match.  Check no wildcard character.
+                if (thisSubAltName.equalsIgnoreCase(prevSubAltName)) {
+                    return true;
+                }
+            }
+        }
+
+        return false;
     }
 }
--- a/src/share/classes/sun/security/ssl/HandshakeMessage.java	Tue Mar 24 08:19:33 2015 -0700
+++ b/src/share/classes/sun/security/ssl/HandshakeMessage.java	Tue Mar 24 08:23:00 2015 -0700
@@ -492,11 +492,14 @@
     void print(PrintStream s) throws IOException {
         s.println("*** Certificate chain");
 
-        if (debug != null && Debug.isOn("verbose")) {
-            for (int i = 0; i < chain.length; i++)
+        if (chain.length == 0) {
+            s.println("<Empty>");
+        } else if (debug != null && Debug.isOn("verbose")) {
+            for (int i = 0; i < chain.length; i++) {
                 s.println("chain [" + i + "] = " + chain[i]);
-            s.println("***");
+            }
         }
+        s.println("***");
     }
 
     X509Certificate[] getCertificateChain() {
--- a/test/com/sun/nio/sctp/SctpMultiChannel/SendFailed.java	Tue Mar 24 08:19:33 2015 -0700
+++ b/test/com/sun/nio/sctp/SctpMultiChannel/SendFailed.java	Tue Mar 24 08:23:00 2015 -0700
@@ -43,11 +43,16 @@
 
     void test(String[] args) throws IOException {
         SocketAddress address = null;
+        String os = System.getProperty("os.name").toLowerCase();
 
         if (!Util.isSCTPSupported()) {
             out.println("SCTP protocol is not supported");
             out.println("Test cannot be run");
             return;
+        } else if (os.startsWith("sunos")) {
+            out.println("Test not supported on Solaris");
+            out.println("Test cannot be run");
+            return;
         }
 
         System.out.println("remote address: " + remoteAddress);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/imageio/stream/ShortStreamTest.java	Tue Mar 24 08:23:00 2015 -0700
@@ -0,0 +1,127 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug     8074954
+ * @summary Test verifies that an IOException is triggered if input stream
+ *          does not contain enough data to read a multi-byte type.
+ *
+ * @run     main ShortStreamTest
+ */
+
+import javax.imageio.ImageIO;
+import javax.imageio.stream.ImageInputStream;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+public class ShortStreamTest {
+    public static void main(String[] args) throws IOException {
+        TestCase[]  tests = createTests();
+
+        for (TestCase t : tests) {
+            t.test();
+        }
+    }
+
+    private static abstract class TestCase {
+        abstract void testRead(ImageInputStream iis) throws IOException;
+
+        public void test() {
+            boolean gotException = false;
+
+            ImageInputStream iis = createShortStream();
+
+            try {
+                testRead(iis);
+            } catch (IOException e) {
+                e.printStackTrace(System.out);
+                gotException = true;
+            }
+
+            if (!gotException) {
+                throw new RuntimeException("Test failed.");
+            }
+            System.out.println("Test PASSED");
+        }
+    }
+
+
+    private static ImageInputStream createShortStream() {
+        try {
+            byte[] integerTestArray = new byte[] { 80 };
+            ByteArrayInputStream bais = new ByteArrayInputStream(integerTestArray);
+
+            return ImageIO.createImageInputStream(bais);
+        } catch (IOException e) {
+            return null;
+        }
+    }
+
+    private static TestCase[] createTests() {
+        return new TestCase[]{
+                new TestCase() {
+                    @Override
+                    void testRead(ImageInputStream iis) throws IOException {
+                        iis.readInt();
+                    }
+                },
+                new TestCase() {
+                    @Override
+                    void testRead(ImageInputStream iis) throws IOException {
+                        iis.readShort();
+                    }
+                },
+                new TestCase() {
+                    @Override
+                    void testRead(ImageInputStream iis) throws IOException {
+                        iis.readDouble();
+                    }
+                },
+                new TestCase() {
+                    @Override
+                    void testRead(ImageInputStream iis) throws IOException {
+                        iis.readFloat();
+                    }
+                },
+                new TestCase() {
+                    @Override
+                    void testRead(ImageInputStream iis) throws IOException {
+                        iis.readLong();
+                    }
+                },
+                new TestCase() {
+                    @Override
+                    void testRead(ImageInputStream iis) throws IOException {
+                        iis.readUnsignedInt();
+                    }
+                },
+                new TestCase() {
+                    @Override
+                    void testRead(ImageInputStream iis) throws IOException {
+                        iis.readUnsignedShort();
+                    }
+                }
+        };
+    }
+}