OpenJDK / amber / amber
changeset 10949:42f7cc0468dd
Merge
| author | lana |
|---|---|
| date | Sat, 05 Nov 2011 00:02:33 -0700 |
| parents | 063463f6535f 4cc0ef72c812 |
| children | e87b50888909 |
| files | hotspot/src/share/vm/precompiled.hpp jdk/make/sun/rmi/rmi/mapfile-vers jdk/src/share/classes/sun/security/pkcs/EncodingException.java jdk/src/share/classes/sun/security/pkcs/PKCS10.java jdk/src/share/classes/sun/security/pkcs/PKCS10Attribute.java jdk/src/share/classes/sun/security/pkcs/PKCS10Attributes.java jdk/src/share/classes/sun/security/util/BigInt.java jdk/src/share/classes/sun/security/util/PathList.java jdk/src/share/classes/sun/security/x509/CertAndKeyGen.java jdk/src/share/native/sun/rmi/server/MarshalInputStream.c jdk/test/java/net/DatagramSocket/ChangingAddress.java jdk/test/sun/security/util/BigInt/BigIntEqualsHashCode.java |
| diffstat | 143 files changed, 4372 insertions(+), 3303 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgtags Fri Nov 04 12:36:40 2011 +0000 +++ b/.hgtags Sat Nov 05 00:02:33 2011 -0700 @@ -132,3 +132,5 @@ 24ee504f80412770c6874836cd9e55b536427b1d jdk8-b08 fbf3cabc9e3bb1fcf710941d777cb0400505fbe6 jdk8-b09 f651ce87127980c58e3599daba964eba2f3b4026 jdk8-b10 +cc1f5ce8e504d350e0b0c28c5f84333f8d540132 jdk8-b11 +86db042b3385c338e17f7664447fdc7d406dd19e jdk8-b12
--- a/.hgtags-top-repo Fri Nov 04 12:36:40 2011 +0000 +++ b/.hgtags-top-repo Sat Nov 05 00:02:33 2011 -0700 @@ -132,3 +132,5 @@ fb1bc13260d76447e269e843859eb593fe2a8ab2 jdk8-b08 8adb70647b5af5273dfe6a540f07be667cd50216 jdk8-b09 a6c4c248e8fa350c35014fa94bab5ac1a1ac3299 jdk8-b10 +1defbc57940a56f0aa41e9dee87b71e8c8b71103 jdk8-b11 +8e2104d565baee473895d5eba20e39f85ab4bf9f jdk8-b12
--- a/corba/.hgtags Fri Nov 04 12:36:40 2011 +0000 +++ b/corba/.hgtags Sat Nov 05 00:02:33 2011 -0700 @@ -132,3 +132,5 @@ 0d52b1c87aa8fdea7fdc9c4126ea58f95ca6b351 jdk8-b08 a891732c1a83082177ff7a4cf1506068d9cc0a47 jdk8-b09 cda87f7fefcee3b89742a57ce5ad9b03a54c210d jdk8-b10 +0199e4fef5cc2bd234c65b93220459ef7a3bb3b1 jdk8-b11 +31d70911b712c6b4e580a3110363d5f044cfed7a jdk8-b12
--- a/hotspot/.hgtags Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/.hgtags Sat Nov 05 00:02:33 2011 -0700 @@ -193,3 +193,7 @@ e4f412d2b75d2c797acff965aa2c420e3d358f09 hs23-b02 d815de2e85e511b7deab2a83cf80c0224d011da9 jdk8-b10 4d3850d9d326ac3a9bee2d867727e954322d014e hs23-b03 +4538caeef7b6cbd4302bebced805d65e68ccf301 jdk8-b11 +6534482ff68ad79066dfe15dfb6d8905f09681bd hs23-b04 +1d3900713a67a0a39faf4e12c9c158d55aebef87 jdk8-b12 +3e609627e780736f372eb14d29bb9b5e53b21fbf hs23-b05
--- a/hotspot/make/bsd/makefiles/buildtree.make Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/make/bsd/makefiles/buildtree.make Sat Nov 05 00:02:33 2011 -0700 @@ -234,6 +234,8 @@ echo "$(call gamma-path,commonsrc,share/vm/prims) \\"; \ echo "$(call gamma-path,altsrc,share/vm) \\"; \ echo "$(call gamma-path,commonsrc,share/vm) \\"; \ + echo "$(call gamma-path,altsrc,share/vm/precompiled) \\"; \ + echo "$(call gamma-path,commonsrc,share/vm/precompiled) \\"; \ echo "$(call gamma-path,altsrc,cpu/$(SRCARCH)/vm) \\"; \ echo "$(call gamma-path,commonsrc,cpu/$(SRCARCH)/vm) \\"; \ echo "$(call gamma-path,altsrc,os_cpu/$(OS_FAMILY)_$(SRCARCH)/vm) \\"; \
--- a/hotspot/make/bsd/makefiles/gcc.make Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/make/bsd/makefiles/gcc.make Sat Nov 05 00:02:33 2011 -0700 @@ -88,7 +88,7 @@ ifneq ($(USE_PRECOMPILED_HEADER),0) USE_PRECOMPILED_HEADER=1 PRECOMPILED_HEADER_DIR=. -PRECOMPILED_HEADER_SRC=$(GAMMADIR)/src/share/vm/precompiled.hpp +PRECOMPILED_HEADER_SRC=$(GAMMADIR)/src/share/vm/precompiled/precompiled.hpp PRECOMPILED_HEADER=$(PRECOMPILED_HEADER_DIR)/precompiled.hpp.gch endif endif
--- a/hotspot/make/hotspot_version Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/make/hotspot_version Sat Nov 05 00:02:33 2011 -0700 @@ -35,7 +35,7 @@ HS_MAJOR_VER=23 HS_MINOR_VER=0 -HS_BUILD_NUMBER=03 +HS_BUILD_NUMBER=05 JDK_MAJOR_VER=1 JDK_MINOR_VER=8
--- a/hotspot/make/linux/makefiles/buildtree.make Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/make/linux/makefiles/buildtree.make Sat Nov 05 00:02:33 2011 -0700 @@ -223,6 +223,8 @@ echo "$(call gamma-path,commonsrc,share/vm/prims) \\"; \ echo "$(call gamma-path,altsrc,share/vm) \\"; \ echo "$(call gamma-path,commonsrc,share/vm) \\"; \ + echo "$(call gamma-path,altsrc,share/vm/precompiled) \\"; \ + echo "$(call gamma-path,commonsrc,share/vm/precompiled) \\"; \ echo "$(call gamma-path,altsrc,cpu/$(SRCARCH)/vm) \\"; \ echo "$(call gamma-path,commonsrc,cpu/$(SRCARCH)/vm) \\"; \ echo "$(call gamma-path,altsrc,os_cpu/$(OS_FAMILY)_$(SRCARCH)/vm) \\"; \
--- a/hotspot/make/linux/makefiles/gcc.make Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/make/linux/makefiles/gcc.make Sat Nov 05 00:02:33 2011 -0700 @@ -52,7 +52,7 @@ ifneq ($(USE_PRECOMPILED_HEADER),0) USE_PRECOMPILED_HEADER=1 PRECOMPILED_HEADER_DIR=. -PRECOMPILED_HEADER_SRC=$(GAMMADIR)/src/share/vm/precompiled.hpp +PRECOMPILED_HEADER_SRC=$(GAMMADIR)/src/share/vm/precompiled/precompiled.hpp PRECOMPILED_HEADER=$(PRECOMPILED_HEADER_DIR)/precompiled.hpp.gch endif endif
--- a/hotspot/make/solaris/makefiles/buildtree.make Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/make/solaris/makefiles/buildtree.make Sat Nov 05 00:02:33 2011 -0700 @@ -216,6 +216,8 @@ echo "$(call gamma-path,commonsrc,share/vm/prims) \\"; \ echo "$(call gamma-path,altsrc,share/vm) \\"; \ echo "$(call gamma-path,commonsrc,share/vm) \\"; \ + echo "$(call gamma-path,altsrc,share/vm/precompiled) \\"; \ + echo "$(call gamma-path,commonsrc,share/vm/precompiled) \\"; \ echo "$(call gamma-path,altsrc,cpu/$(ARCH)/vm) \\"; \ echo "$(call gamma-path,commonsrc,cpu/$(ARCH)/vm) \\"; \ echo "$(call gamma-path,altsrc,os_cpu/$(OS_FAMILY)_$(ARCH)/vm) \\"; \
--- a/hotspot/make/solaris/makefiles/gcc.make Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/make/solaris/makefiles/gcc.make Sat Nov 05 00:02:33 2011 -0700 @@ -1,5 +1,5 @@ # -# Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -51,7 +51,7 @@ ifneq ($(USE_PRECOMPILED_HEADER),0) USE_PRECOMPILED_HEADER=1 PRECOMPILED_HEADER_DIR=. -PRECOMPILED_HEADER_SRC=$(GAMMADIR)/src/share/vm/precompiled.hpp +PRECOMPILED_HEADER_SRC=$(GAMMADIR)/src/share/vm/precompiled/precompiled.hpp PRECOMPILED_HEADER=$(PRECOMPILED_HEADER_DIR)/precompiled.hpp.gch endif endif
--- a/hotspot/make/windows/makefiles/vm.make Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/make/windows/makefiles/vm.make Sat Nov 05 00:02:33 2011 -0700 @@ -134,6 +134,7 @@ CPP_INCLUDE_DIRS=$(CPP_INCLUDE_DIRS) \ /I "$(COMMONSRC)\share\vm" \ + /I "$(COMMONSRC)\share\vm\precompiled" \ /I "$(COMMONSRC)\share\vm\prims" \ /I "$(COMMONSRC)\os\windows\vm" \ /I "$(COMMONSRC)\os_cpu\windows_$(Platform_arch)\vm" \
--- a/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp Sat Nov 05 00:02:33 2011 -0700 @@ -62,7 +62,7 @@ MinChunkSize = numQuanta(sizeof(FreeChunk), MinObjAlignmentInBytes) * MinObjAlignment; assert(IndexSetStart == 0 && IndexSetStride == 0, "already set"); - IndexSetStart = MinObjAlignment; + IndexSetStart = (int) MinChunkSize; IndexSetStride = MinObjAlignment; } @@ -138,7 +138,7 @@ } else { _fitStrategy = FreeBlockStrategyNone; } - checkFreeListConsistency(); + check_free_list_consistency(); // Initialize locks for parallel case. @@ -1358,17 +1358,29 @@ ShouldNotReachHere(); } -bool CompactibleFreeListSpace::verifyChunkInIndexedFreeLists(FreeChunk* fc) - const { +bool CompactibleFreeListSpace::verifyChunkInIndexedFreeLists(FreeChunk* fc) const { assert(fc->size() < IndexSetSize, "Size of chunk is too large"); return _indexedFreeList[fc->size()].verifyChunkInFreeLists(fc); } +bool CompactibleFreeListSpace::verify_chunk_is_linear_alloc_block(FreeChunk* fc) const { + assert((_smallLinearAllocBlock._ptr != (HeapWord*)fc) || + (_smallLinearAllocBlock._word_size == fc->size()), + "Linear allocation block shows incorrect size"); + return ((_smallLinearAllocBlock._ptr == (HeapWord*)fc) && + (_smallLinearAllocBlock._word_size == fc->size())); +} + +// Check if the purported free chunk is present either as a linear +// allocation block, the size-indexed table of (smaller) free blocks, +// or the larger free blocks kept in the binary tree dictionary. bool CompactibleFreeListSpace::verifyChunkInFreeLists(FreeChunk* fc) const { - if (fc->size() >= IndexSetSize) { + if (verify_chunk_is_linear_alloc_block(fc)) { + return true; + } else if (fc->size() < IndexSetSize) { + return verifyChunkInIndexedFreeLists(fc); + } else { return dictionary()->verifyChunkInFreeLists(fc); - } else { - return verifyChunkInIndexedFreeLists(fc); } } @@ -2495,7 +2507,8 @@ FreeChunk* tail = _indexedFreeList[size].tail(); size_t num = _indexedFreeList[size].count(); size_t n = 0; - guarantee((size % 2 == 0) || fc == NULL, "Odd slots should be empty"); + guarantee(((size >= MinChunkSize) && (size % IndexSetStride == 0)) || fc == NULL, + "Slot should have been empty"); for (; fc != NULL; fc = fc->next(), n++) { guarantee(fc->size() == size, "Size inconsistency"); guarantee(fc->isFree(), "!free?"); @@ -2506,14 +2519,14 @@ } #ifndef PRODUCT -void CompactibleFreeListSpace::checkFreeListConsistency() const { +void CompactibleFreeListSpace::check_free_list_consistency() const { assert(_dictionary->minSize() <= IndexSetSize, "Some sizes can't be allocated without recourse to" " linear allocation buffers"); assert(MIN_TREE_CHUNK_SIZE*HeapWordSize == sizeof(TreeChunk), "else MIN_TREE_CHUNK_SIZE is wrong"); - assert((IndexSetStride == 2 && IndexSetStart == 2) || - (IndexSetStride == 1 && IndexSetStart == 1), "just checking"); + assert((IndexSetStride == 2 && IndexSetStart == 4) || // 32-bit + (IndexSetStride == 1 && IndexSetStart == 3), "just checking"); // 64-bit assert((IndexSetStride != 2) || (MinChunkSize % 2 == 0), "Some for-loops may be incorrectly initialized"); assert((IndexSetStride != 2) || (IndexSetSize % 2 == 1), @@ -2688,33 +2701,27 @@ } } +// If this is changed in the future to allow parallel +// access, one would need to take the FL locks and, +// depending on how it is used, stagger access from +// parallel threads to reduce contention. void CFLS_LAB::retire(int tid) { // We run this single threaded with the world stopped; // so no need for locks and such. -#define CFLS_LAB_PARALLEL_ACCESS 0 NOT_PRODUCT(Thread* t = Thread::current();) assert(Thread::current()->is_VM_thread(), "Error"); - assert(CompactibleFreeListSpace::IndexSetStart == CompactibleFreeListSpace::IndexSetStride, - "Will access to uninitialized slot below"); -#if CFLS_LAB_PARALLEL_ACCESS - for (size_t i = CompactibleFreeListSpace::IndexSetSize - 1; - i > 0; - i -= CompactibleFreeListSpace::IndexSetStride) { -#else // CFLS_LAB_PARALLEL_ACCESS for (size_t i = CompactibleFreeListSpace::IndexSetStart; i < CompactibleFreeListSpace::IndexSetSize; i += CompactibleFreeListSpace::IndexSetStride) { -#endif // !CFLS_LAB_PARALLEL_ACCESS assert(_num_blocks[i] >= (size_t)_indexedFreeList[i].count(), "Can't retire more than what we obtained"); if (_num_blocks[i] > 0) { size_t num_retire = _indexedFreeList[i].count(); assert(_num_blocks[i] > num_retire, "Should have used at least one"); { -#if CFLS_LAB_PARALLEL_ACCESS - MutexLockerEx x(_cfls->_indexedFreeListParLocks[i], - Mutex::_no_safepoint_check_flag); -#endif // CFLS_LAB_PARALLEL_ACCESS + // MutexLockerEx x(_cfls->_indexedFreeListParLocks[i], + // Mutex::_no_safepoint_check_flag); + // Update globals stats for num_blocks used _global_num_blocks[i] += (_num_blocks[i] - num_retire); _global_num_workers[i]++;
--- a/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.hpp Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.hpp Sat Nov 05 00:02:33 2011 -0700 @@ -502,10 +502,14 @@ void verifyFreeLists() const PRODUCT_RETURN; void verifyIndexedFreeLists() const; void verifyIndexedFreeList(size_t size) const; - // verify that the given chunk is in the free lists. + // Verify that the given chunk is in the free lists: + // i.e. either the binary tree dictionary, the indexed free lists + // or the linear allocation block. bool verifyChunkInFreeLists(FreeChunk* fc) const; + // Verify that the given chunk is the linear allocation block + bool verify_chunk_is_linear_alloc_block(FreeChunk* fc) const; // Do some basic checks on the the free lists. - void checkFreeListConsistency() const PRODUCT_RETURN; + void check_free_list_consistency() const PRODUCT_RETURN; // Printing support void dump_at_safepoint_with_locks(CMSCollector* c, outputStream* st);
--- a/hotspot/src/share/vm/gc_implementation/g1/concurrentMarkThread.cpp Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/src/share/vm/gc_implementation/g1/concurrentMarkThread.cpp Sat Nov 05 00:02:33 2011 -0700 @@ -147,12 +147,8 @@ } } } while (cm()->restart_for_overflow()); + double counting_start_time = os::elapsedVTime(); - - // YSR: These look dubious (i.e. redundant) !!! FIX ME - slt()->manipulatePLL(SurrogateLockerThread::acquirePLL); - slt()->manipulatePLL(SurrogateLockerThread::releaseAndNotifyPLL); - if (!cm()->has_aborted()) { double count_start_sec = os::elapsedTime(); if (PrintGC) { @@ -175,6 +171,7 @@ } } } + double end_time = os::elapsedVTime(); _vtime_count_accum += (end_time - counting_start_time); // Update the total virtual time before doing this, since it will try @@ -335,13 +332,15 @@ clear_started(); } -// Note: this method, although exported by the ConcurrentMarkSweepThread, -// which is a non-JavaThread, can only be called by a JavaThread. -// Currently this is done at vm creation time (post-vm-init) by the -// main/Primordial (Java)Thread. -// XXX Consider changing this in the future to allow the CMS thread +// Note: As is the case with CMS - this method, although exported +// by the ConcurrentMarkThread, which is a non-JavaThread, can only +// be called by a JavaThread. Currently this is done at vm creation +// time (post-vm-init) by the main/Primordial (Java)Thread. +// XXX Consider changing this in the future to allow the CM thread // itself to create this thread? void ConcurrentMarkThread::makeSurrogateLockerThread(TRAPS) { + assert(UseG1GC, "SLT thread needed only for concurrent GC"); + assert(THREAD->is_Java_thread(), "must be a Java thread"); assert(_slt == NULL, "SLT already created"); _slt = SurrogateLockerThread::make(THREAD); }
--- a/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp Sat Nov 05 00:02:33 2011 -0700 @@ -5502,34 +5502,36 @@ CardTableModRefBS* ct_bs = (CardTableModRefBS*) (barrier_set()); double start = os::elapsedTime(); - // Iterate over the dirty cards region list. - G1ParCleanupCTTask cleanup_task(ct_bs, this); - - if (ParallelGCThreads > 0) { - set_par_threads(workers()->total_workers()); - workers()->run_task(&cleanup_task); - set_par_threads(0); - } else { - while (_dirty_cards_region_list) { - HeapRegion* r = _dirty_cards_region_list; - cleanup_task.clear_cards(r); - _dirty_cards_region_list = r->get_next_dirty_cards_region(); - if (_dirty_cards_region_list == r) { - // The last region. - _dirty_cards_region_list = NULL; + { + // Iterate over the dirty cards region list. + G1ParCleanupCTTask cleanup_task(ct_bs, this); + + if (ParallelGCThreads > 0) { + set_par_threads(workers()->total_workers()); + workers()->run_task(&cleanup_task); + set_par_threads(0); + } else { + while (_dirty_cards_region_list) { + HeapRegion* r = _dirty_cards_region_list; + cleanup_task.clear_cards(r); + _dirty_cards_region_list = r->get_next_dirty_cards_region(); + if (_dirty_cards_region_list == r) { + // The last region. + _dirty_cards_region_list = NULL; + } + r->set_next_dirty_cards_region(NULL); } - r->set_next_dirty_cards_region(NULL); } +#ifndef PRODUCT + if (G1VerifyCTCleanup || VerifyAfterGC) { + G1VerifyCardTableCleanup cleanup_verifier(this, ct_bs); + heap_region_iterate(&cleanup_verifier); + } +#endif } double elapsed = os::elapsedTime() - start; g1_policy()->record_clear_ct_time(elapsed * 1000.0); -#ifndef PRODUCT - if (G1VerifyCTCleanup || VerifyAfterGC) { - G1VerifyCardTableCleanup cleanup_verifier(this, ct_bs); - heap_region_iterate(&cleanup_verifier); - } -#endif } void G1CollectedHeap::free_collection_set(HeapRegion* cs_head) {
--- a/hotspot/src/share/vm/gc_implementation/g1/g1CollectorPolicy.cpp Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/src/share/vm/gc_implementation/g1/g1CollectorPolicy.cpp Sat Nov 05 00:02:33 2011 -0700 @@ -320,6 +320,7 @@ _par_last_termination_attempts = new double[_parallel_gc_threads]; _par_last_gc_worker_end_times_ms = new double[_parallel_gc_threads]; _par_last_gc_worker_times_ms = new double[_parallel_gc_threads]; + _par_last_gc_worker_other_times_ms = new double[_parallel_gc_threads]; // start conservatively _expensive_region_limit_ms = 0.5 * (double) MaxGCPauseMillis; @@ -497,7 +498,6 @@ initialize_gc_policy_counters(); G1YoungGenSizer sizer; - size_t initial_region_num = sizer.initial_young_region_num(); _min_desired_young_length = sizer.min_young_region_num(); _max_desired_young_length = sizer.max_young_region_num(); @@ -511,17 +511,14 @@ } } - // GenCollectorPolicy guarantees that min <= initial <= max. - // Asserting here just to state that we rely on this property. assert(_min_desired_young_length <= _max_desired_young_length, "Invalid min/max young gen size values"); - assert(initial_region_num <= _max_desired_young_length, "Initial young gen size too large"); - assert(_min_desired_young_length <= initial_region_num, "Initial young gen size too small"); set_adaptive_young_list_length(_min_desired_young_length < _max_desired_young_length); if (adaptive_young_list_length()) { _young_list_fixed_length = 0; } else { - _young_list_fixed_length = initial_region_num; + assert(_min_desired_young_length == _max_desired_young_length, "Min and max young size differ"); + _young_list_fixed_length = _min_desired_young_length; } _free_regions_at_end_of_collection = _g1->free_regions(); update_young_list_target_length(); @@ -976,6 +973,7 @@ _par_last_termination_attempts[i] = -1234.0; _par_last_gc_worker_end_times_ms[i] = -1234.0; _par_last_gc_worker_times_ms[i] = -1234.0; + _par_last_gc_worker_other_times_ms[i] = -1234.0; } #endif @@ -984,8 +982,10 @@ _cur_aux_times_set[i] = false; } - _satb_drain_time_set = false; - _last_satb_drain_processed_buffers = -1; + // These are initialized to zero here and they are set during + // the evacuation pause if marking is in progress. + _cur_satb_drain_time_ms = 0.0; + _last_satb_drain_processed_buffers = 0; _last_young_gc_full = false; @@ -1097,61 +1097,65 @@ (int)total, (int)avg, (int)min, (int)max, (int)max - (int)min); } -void G1CollectorPolicy::print_stats (int level, - const char* str, - double value) { +void G1CollectorPolicy::print_stats(int level, + const char* str, + double value) { LineBuffer(level).append_and_print_cr("[%s: %5.1lf ms]", str, value); } -void G1CollectorPolicy::print_stats (int level, - const char* str, - int value) { +void G1CollectorPolicy::print_stats(int level, + const char* str, + int value) { LineBuffer(level).append_and_print_cr("[%s: %d]", str, value); } -double G1CollectorPolicy::avg_value (double* data) { +double G1CollectorPolicy::avg_value(double* data) { if (G1CollectedHeap::use_parallel_gc_threads()) { double ret = 0.0; - for (uint i = 0; i < ParallelGCThreads; ++i) + for (uint i = 0; i < ParallelGCThreads; ++i) { ret += data[i]; + } return ret / (double) ParallelGCThreads; } else { return data[0]; } } -double G1CollectorPolicy::max_value (double* data) { +double G1CollectorPolicy::max_value(double* data) { if (G1CollectedHeap::use_parallel_gc_threads()) { double ret = data[0]; - for (uint i = 1; i < ParallelGCThreads; ++i) - if (data[i] > ret) + for (uint i = 1; i < ParallelGCThreads; ++i) { + if (data[i] > ret) { ret = data[i]; + } + } return ret; } else { return data[0]; } } -double G1CollectorPolicy::sum_of_values (double* data) { +double G1CollectorPolicy::sum_of_values(double* data) { if (G1CollectedHeap::use_parallel_gc_threads()) { double sum = 0.0; - for (uint i = 0; i < ParallelGCThreads; i++) + for (uint i = 0; i < ParallelGCThreads; i++) { sum += data[i]; + } return sum; } else { return data[0]; } } -double G1CollectorPolicy::max_sum (double* data1, - double* data2) { +double G1CollectorPolicy::max_sum(double* data1, double* data2) { double ret = data1[0] + data2[0]; if (G1CollectedHeap::use_parallel_gc_threads()) { for (uint i = 1; i < ParallelGCThreads; ++i) { double data = data1[i] + data2[i]; - if (data > ret) + if (data > ret) { ret = data; + } } } return ret; @@ -1251,6 +1255,10 @@ _n_pauses++; + // These values are used to update the summary information that is + // displayed when TraceGen0Time is enabled, and are output as part + // of the PrintGCDetails output, in the non-parallel case. + double ext_root_scan_time = avg_value(_par_last_ext_root_scan_times_ms); double mark_stack_scan_time = avg_value(_par_last_mark_stack_scan_times_ms); double update_rs_time = avg_value(_par_last_update_rs_times_ms); @@ -1260,42 +1268,68 @@ double obj_copy_time = avg_value(_par_last_obj_copy_times_ms); double termination_time = avg_value(_par_last_termination_times_ms); - double parallel_known_time = update_rs_time + - ext_root_scan_time + - mark_stack_scan_time + - scan_rs_time + - obj_copy_time + - termination_time; - - double parallel_other_time = _cur_collection_par_time_ms - parallel_known_time; - - PauseSummary* summary = _summary; + double known_time = ext_root_scan_time + + mark_stack_scan_time + + update_rs_time + + scan_rs_time + + obj_copy_time; + + double other_time_ms = elapsed_ms; + + // Subtract the SATB drain time. It's initialized to zero at the + // start of the pause and is updated during the pause if marking + // is in progress. + other_time_ms -= _cur_satb_drain_time_ms; + + if (parallel) { + other_time_ms -= _cur_collection_par_time_ms; + } else { + other_time_ms -= known_time; + } + + // Subtract the time taken to clean the card table from the + // current value of "other time" + other_time_ms -= _cur_clear_ct_time_ms; + + // TraceGen0Time and TraceGen1Time summary info updating. + _all_pause_times_ms->add(elapsed_ms); if (update_stats) { _recent_rs_scan_times_ms->add(scan_rs_time); _recent_pause_times_ms->add(elapsed_ms); _recent_rs_sizes->add(rs_size); - MainBodySummary* body_summary = summary->main_body_summary(); - guarantee(body_summary != NULL, "should not be null!"); - - if (_satb_drain_time_set) - body_summary->record_satb_drain_time_ms(_cur_satb_drain_time_ms); - else - body_summary->record_satb_drain_time_ms(0.0); + _summary->record_total_time_ms(elapsed_ms); + _summary->record_other_time_ms(other_time_ms); + + MainBodySummary* body_summary = _summary->main_body_summary(); + assert(body_summary != NULL, "should not be null!"); + + // This will be non-zero iff marking is currently in progress (i.e. + // _g1->mark_in_progress() == true) and the currrent pause was not + // an initial mark pause. Since the body_summary items are NumberSeqs, + // however, they have to be consistent and updated in lock-step with + // each other. Therefore we unconditionally record the SATB drain + // time - even if it's zero. + body_summary->record_satb_drain_time_ms(_cur_satb_drain_time_ms); body_summary->record_ext_root_scan_time_ms(ext_root_scan_time); body_summary->record_mark_stack_scan_time_ms(mark_stack_scan_time); body_summary->record_update_rs_time_ms(update_rs_time); body_summary->record_scan_rs_time_ms(scan_rs_time); body_summary->record_obj_copy_time_ms(obj_copy_time); + if (parallel) { body_summary->record_parallel_time_ms(_cur_collection_par_time_ms); - body_summary->record_clear_ct_time_ms(_cur_clear_ct_time_ms); body_summary->record_termination_time_ms(termination_time); + + double parallel_known_time = known_time + termination_time; + double parallel_other_time = _cur_collection_par_time_ms - parallel_known_time; body_summary->record_parallel_other_time_ms(parallel_other_time); } + body_summary->record_mark_closure_time_ms(_mark_closure_time_ms); + body_summary->record_clear_ct_time_ms(_cur_clear_ct_time_ms); // We exempt parallel collection from this check because Alloc Buffer // fragmentation can produce negative collections. Same with evac @@ -1307,6 +1341,7 @@ || _g1->evacuation_failed() || surviving_bytes <= _collection_set_bytes_used_before, "Or else negative collection!"); + _recent_CS_bytes_used_before->add(_collection_set_bytes_used_before); _recent_CS_bytes_surviving->add(surviving_bytes); @@ -1357,6 +1392,13 @@ } } + for (int i = 0; i < _aux_num; ++i) { + if (_cur_aux_times_set[i]) { + _all_aux_times_ms[i].add(_cur_aux_times_ms[i]); + } + } + + if (G1PolicyVerbose > 1) { gclog_or_tty->print_cr(" Recording collection pause(%d)", _n_pauses); } @@ -1383,61 +1425,60 @@ recent_avg_pause_time_ratio() * 100.0); } - double other_time_ms = elapsed_ms; - - if (_satb_drain_time_set) { - other_time_ms -= _cur_satb_drain_time_ms; - } - - if (parallel) { - other_time_ms -= _cur_collection_par_time_ms + _cur_clear_ct_time_ms; - } else { - other_time_ms -= - update_rs_time + - ext_root_scan_time + mark_stack_scan_time + - scan_rs_time + obj_copy_time; - } - + // PrintGCDetails output if (PrintGCDetails) { + bool print_marking_info = + _g1->mark_in_progress() && !last_pause_included_initial_mark; + gclog_or_tty->print_cr("%s, %1.8lf secs]", (last_pause_included_initial_mark) ? " (initial-mark)" : "", elapsed_ms / 1000.0); - if (_satb_drain_time_set) { + if (print_marking_info) { print_stats(1, "SATB Drain Time", _cur_satb_drain_time_ms); - } - if (_last_satb_drain_processed_buffers >= 0) { print_stats(2, "Processed Buffers", _last_satb_drain_processed_buffers); } + if (parallel) { print_stats(1, "Parallel Time", _cur_collection_par_time_ms); - print_par_stats(2, "GC Worker Start Time", _par_last_gc_worker_start_times_ms); + print_par_stats(2, "GC Worker Start", _par_last_gc_worker_start_times_ms); + print_par_stats(2, "Ext Root Scanning", _par_last_ext_root_scan_times_ms); + if (print_marking_info) { + print_par_stats(2, "Mark Stack Scanning", _par_last_mark_stack_scan_times_ms); + } print_par_stats(2, "Update RS", _par_last_update_rs_times_ms); print_par_sizes(3, "Processed Buffers", _par_last_update_rs_processed_buffers); - print_par_stats(2, "Ext Root Scanning", _par_last_ext_root_scan_times_ms); - print_par_stats(2, "Mark Stack Scanning", _par_last_mark_stack_scan_times_ms); print_par_stats(2, "Scan RS", _par_last_scan_rs_times_ms); print_par_stats(2, "Object Copy", _par_last_obj_copy_times_ms); print_par_stats(2, "Termination", _par_last_termination_times_ms); print_par_sizes(3, "Termination Attempts", _par_last_termination_attempts); - print_par_stats(2, "GC Worker End Time", _par_last_gc_worker_end_times_ms); + print_par_stats(2, "GC Worker End", _par_last_gc_worker_end_times_ms); for (int i = 0; i < _parallel_gc_threads; i++) { _par_last_gc_worker_times_ms[i] = _par_last_gc_worker_end_times_ms[i] - _par_last_gc_worker_start_times_ms[i]; + + double worker_known_time = _par_last_ext_root_scan_times_ms[i] + + _par_last_mark_stack_scan_times_ms[i] + + _par_last_update_rs_times_ms[i] + + _par_last_scan_rs_times_ms[i] + + _par_last_obj_copy_times_ms[i] + + _par_last_termination_times_ms[i]; + + _par_last_gc_worker_other_times_ms[i] = _cur_collection_par_time_ms - worker_known_time; } - print_par_stats(2, "GC Worker Times", _par_last_gc_worker_times_ms); - - print_stats(2, "Parallel Other", parallel_other_time); - print_stats(1, "Clear CT", _cur_clear_ct_time_ms); + print_par_stats(2, "GC Worker", _par_last_gc_worker_times_ms); + print_par_stats(2, "GC Worker Other", _par_last_gc_worker_other_times_ms); } else { + print_stats(1, "Ext Root Scanning", ext_root_scan_time); + if (print_marking_info) { + print_stats(1, "Mark Stack Scanning", mark_stack_scan_time); + } print_stats(1, "Update RS", update_rs_time); - print_stats(2, "Processed Buffers", - (int)update_rs_processed_buffers); - print_stats(1, "Ext Root Scanning", ext_root_scan_time); - print_stats(1, "Mark Stack Scanning", mark_stack_scan_time); + print_stats(2, "Processed Buffers", (int)update_rs_processed_buffers); print_stats(1, "Scan RS", scan_rs_time); print_stats(1, "Object Copying", obj_copy_time); } + print_stats(1, "Clear CT", _cur_clear_ct_time_ms); #ifndef PRODUCT print_stats(1, "Cur Clear CC", _cur_clear_cc_time_ms); print_stats(1, "Cum Clear CC", _cum_clear_cc_time_ms); @@ -1461,16 +1502,6 @@ } } - _all_pause_times_ms->add(elapsed_ms); - if (update_stats) { - summary->record_total_time_ms(elapsed_ms); - summary->record_other_time_ms(other_time_ms); - } - for (int i = 0; i < _aux_num; ++i) - if (_cur_aux_times_set[i]) { - _all_aux_times_ms[i].add(_cur_aux_times_ms[i]); - } - // Update the efficiency-since-mark vars. double proc_ms = elapsed_ms * (double) _parallel_gc_threads; if (elapsed_ms < MIN_TIMER_GRANULARITY) { @@ -2138,17 +2169,17 @@ _g1->collection_set_iterate(&cs_closure); } -void G1CollectorPolicy::print_summary (int level, - const char* str, - NumberSeq* seq) const { +void G1CollectorPolicy::print_summary(int level, + const char* str, + NumberSeq* seq) const { double sum = seq->sum(); LineBuffer(level + 1).append_and_print_cr("%-24s = %8.2lf s (avg = %8.2lf ms)", str, sum / 1000.0, seq->avg()); } -void G1CollectorPolicy::print_summary_sd (int level, - const char* str, - NumberSeq* seq) const { +void G1CollectorPolicy::print_summary_sd(int level, + const char* str, + NumberSeq* seq) const { print_summary(level, str, seq); LineBuffer(level + 6).append_and_print_cr("(num = %5d, std dev = %8.2lf ms, max = %8.2lf ms)", seq->num(), seq->sd(), seq->maximum()); @@ -2211,20 +2242,18 @@ print_summary(1, "SATB Drain", body_summary->get_satb_drain_seq()); if (parallel) { print_summary(1, "Parallel Time", body_summary->get_parallel_seq()); + print_summary(2, "Ext Root Scanning", body_summary->get_ext_root_scan_seq()); + print_summary(2, "Mark Stack Scanning", body_summary->get_mark_stack_scan_seq()); print_summary(2, "Update RS", body_summary->get_update_rs_seq()); - print_summary(2, "Ext Root Scanning", - body_summary->get_ext_root_scan_seq()); - print_summary(2, "Mark Stack Scanning", - body_summary->get_mark_stack_scan_seq()); print_summary(2, "Scan RS", body_summary->get_scan_rs_seq()); print_summary(2, "Object Copy", body_summary->get_obj_copy_seq()); print_summary(2, "Termination", body_summary->get_termination_seq()); - print_summary(2, "Other", body_summary->get_parallel_other_seq()); + print_summary(2, "Parallel Other", body_summary->get_parallel_other_seq()); { NumberSeq* other_parts[] = { - body_summary->get_update_rs_seq(), body_summary->get_ext_root_scan_seq(), body_summary->get_mark_stack_scan_seq(), + body_summary->get_update_rs_seq(), body_summary->get_scan_rs_seq(), body_summary->get_obj_copy_seq(), body_summary->get_termination_seq() @@ -2234,18 +2263,16 @@ check_other_times(2, body_summary->get_parallel_other_seq(), &calc_other_times_ms); } - print_summary(1, "Mark Closure", body_summary->get_mark_closure_seq()); - print_summary(1, "Clear CT", body_summary->get_clear_ct_seq()); } else { + print_summary(1, "Ext Root Scanning", body_summary->get_ext_root_scan_seq()); + print_summary(1, "Mark Stack Scanning", body_summary->get_mark_stack_scan_seq()); print_summary(1, "Update RS", body_summary->get_update_rs_seq()); - print_summary(1, "Ext Root Scanning", - body_summary->get_ext_root_scan_seq()); - print_summary(1, "Mark Stack Scanning", - body_summary->get_mark_stack_scan_seq()); print_summary(1, "Scan RS", body_summary->get_scan_rs_seq()); print_summary(1, "Object Copy", body_summary->get_obj_copy_seq()); } } + print_summary(1, "Mark Closure", body_summary->get_mark_closure_seq()); + print_summary(1, "Clear CT", body_summary->get_clear_ct_seq()); print_summary(1, "Other", summary->get_other_seq()); { if (body_summary != NULL) {
--- a/hotspot/src/share/vm/gc_implementation/g1/g1CollectorPolicy.hpp Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/src/share/vm/gc_implementation/g1/g1CollectorPolicy.hpp Sat Nov 05 00:02:33 2011 -0700 @@ -74,7 +74,7 @@ define_num_seq(termination) // parallel only define_num_seq(parallel_other) // parallel only define_num_seq(mark_closure) - define_num_seq(clear_ct) // parallel only + define_num_seq(clear_ct) }; class Summary: public PauseSummary, @@ -115,7 +115,6 @@ double _cur_collection_par_time_ms; double _cur_satb_drain_time_ms; double _cur_clear_ct_time_ms; - bool _satb_drain_time_set; double _cur_ref_proc_time_ms; double _cur_ref_enq_time_ms; @@ -176,6 +175,11 @@ double* _par_last_gc_worker_end_times_ms; double* _par_last_gc_worker_times_ms; + // Each workers 'other' time i.e. the elapsed time of the parallel + // phase of the pause minus the sum of the individual sub-phase + // times for a given worker thread. + double* _par_last_gc_worker_other_times_ms; + // indicates whether we are in full young or partially young GC mode bool _full_young_gcs; @@ -892,11 +896,12 @@ } void record_satb_drain_time(double ms) { + assert(_g1->mark_in_progress(), "shouldn't be here otherwise"); _cur_satb_drain_time_ms = ms; - _satb_drain_time_set = true; } - void record_satb_drain_processed_buffers (int processed_buffers) { + void record_satb_drain_processed_buffers(int processed_buffers) { + assert(_g1->mark_in_progress(), "shouldn't be here otherwise"); _last_satb_drain_processed_buffers = processed_buffers; }
--- a/hotspot/src/share/vm/gc_implementation/g1/g1RemSet.cpp Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/src/share/vm/gc_implementation/g1/g1RemSet.cpp Sat Nov 05 00:02:33 2011 -0700 @@ -122,10 +122,10 @@ void set_try_claimed() { _try_claimed = true; } void scanCard(size_t index, HeapRegion *r) { - DirtyCardToOopClosure* cl = - r->new_dcto_closure(_oc, - CardTableModRefBS::Precise, - HeapRegionDCTOC::IntoCSFilterKind); + // Stack allocate the DirtyCardToOopClosure instance + HeapRegionDCTOC cl(_g1h, r, _oc, + CardTableModRefBS::Precise, + HeapRegionDCTOC::IntoCSFilterKind); // Set the "from" region in the closure. _oc->set_region(r); @@ -140,7 +140,7 @@ // scans (the rsets of the regions in the cset can intersect). _ct_bs->set_card_claimed(index); _cards_done++; - cl->do_MemRegion(mr); + cl.do_MemRegion(mr); } }
--- a/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp Sat Nov 05 00:02:33 2011 -0700 @@ -340,14 +340,6 @@ init_top_at_mark_start(); } -DirtyCardToOopClosure* -HeapRegion::new_dcto_closure(OopClosure* cl, - CardTableModRefBS::PrecisionStyle precision, - HeapRegionDCTOC::FilterKind fk) { - return new HeapRegionDCTOC(G1CollectedHeap::heap(), - this, cl, precision, fk); -} - void HeapRegion::hr_clear(bool par, bool clear_space) { assert(_humongous_type == NotHumongous, "we should have already filtered out humongous regions");
--- a/hotspot/src/share/vm/gc_implementation/g1/heapRegion.hpp Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/src/share/vm/gc_implementation/g1/heapRegion.hpp Sat Nov 05 00:02:33 2011 -0700 @@ -431,6 +431,14 @@ return _humongous_start_region; } + // Same as Space::is_in_reserved, but will use the original size of the region. + // The original size is different only for start humongous regions. They get + // their _end set up to be the end of the last continues region of the + // corresponding humongous object. + bool is_in_reserved_raw(const void* p) const { + return _bottom <= p && p < _orig_end; + } + // Makes the current region be a "starts humongous" region, i.e., // the first region in a series of one or more contiguous regions // that will contain a single "humongous" object. The two parameters @@ -569,11 +577,6 @@ // allocated in the current region before the last call to "save_mark". void oop_before_save_marks_iterate(OopClosure* cl); - DirtyCardToOopClosure* - new_dcto_closure(OopClosure* cl, - CardTableModRefBS::PrecisionStyle precision, - HeapRegionDCTOC::FilterKind fk); - // Note the start or end of marking. This tells the heap region // that the collector is about to start or has finished (concurrently) // marking the heap.
--- a/hotspot/src/share/vm/gc_implementation/g1/heapRegionRemSet.cpp Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/src/share/vm/gc_implementation/g1/heapRegionRemSet.cpp Sat Nov 05 00:02:33 2011 -0700 @@ -143,7 +143,11 @@ // If the test below fails, then this table was reused concurrently // with this operation. This is OK, since the old table was coarsened, // and adding a bit to the new table is never incorrect. - if (loc_hr->is_in_reserved(from)) { + // If the table used to belong to a continues humongous region and is + // now reused for the corresponding start humongous region, we need to + // make sure that we detect this. Thus, we call is_in_reserved_raw() + // instead of just is_in_reserved() here. + if (loc_hr->is_in_reserved_raw(from)) { size_t hw_offset = pointer_delta((HeapWord*)from, loc_hr->bottom()); CardIdx_t from_card = (CardIdx_t) hw_offset >> (CardTableModRefBS::card_shift - LogHeapWordSize);
--- a/hotspot/src/share/vm/gc_implementation/g1/vm_operations_g1.cpp Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/src/share/vm/gc_implementation/g1/vm_operations_g1.cpp Sat Nov 05 00:02:33 2011 -0700 @@ -23,6 +23,7 @@ */ #include "precompiled.hpp" +#include "gc_implementation/g1/concurrentMarkThread.inline.hpp" #include "gc_implementation/g1/g1CollectedHeap.inline.hpp" #include "gc_implementation/g1/g1CollectorPolicy.hpp" #include "gc_implementation/g1/vm_operations_g1.hpp" @@ -165,6 +166,20 @@ } } +void VM_CGC_Operation::acquire_pending_list_lock() { + // The caller may block while communicating + // with the SLT thread in order to acquire/release the PLL. + ConcurrentMarkThread::slt()-> + manipulatePLL(SurrogateLockerThread::acquirePLL); +} + +void VM_CGC_Operation::release_and_notify_pending_list_lock() { + // The caller may block while communicating + // with the SLT thread in order to acquire/release the PLL. + ConcurrentMarkThread::slt()-> + manipulatePLL(SurrogateLockerThread::releaseAndNotifyPLL); +} + void VM_CGC_Operation::doit() { gclog_or_tty->date_stamp(PrintGC && PrintGCDateStamps); TraceCPUTime tcpu(PrintGCDetails, true, gclog_or_tty); @@ -180,12 +195,19 @@ } bool VM_CGC_Operation::doit_prologue() { + // Note the relative order of the locks must match that in + // VM_GC_Operation::doit_prologue() or deadlocks can occur + acquire_pending_list_lock(); + Heap_lock->lock(); SharedHeap::heap()->_thread_holds_heap_lock_for_gc = true; return true; } void VM_CGC_Operation::doit_epilogue() { + // Note the relative order of the unlocks must match that in + // VM_GC_Operation::doit_epilogue() SharedHeap::heap()->_thread_holds_heap_lock_for_gc = false; Heap_lock->unlock(); + release_and_notify_pending_list_lock(); }
--- a/hotspot/src/share/vm/gc_implementation/g1/vm_operations_g1.hpp Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/src/share/vm/gc_implementation/g1/vm_operations_g1.hpp Sat Nov 05 00:02:33 2011 -0700 @@ -93,11 +93,17 @@ } }; -// Concurrent GC stop-the-world operations such as initial and final mark; +// Concurrent GC stop-the-world operations such as remark and cleanup; // consider sharing these with CMS's counterparts. class VM_CGC_Operation: public VM_Operation { VoidClosure* _cl; const char* _printGCMessage; + +protected: + // java.lang.ref.Reference support + void acquire_pending_list_lock(); + void release_and_notify_pending_list_lock(); + public: VM_CGC_Operation(VoidClosure* cl, const char *printGCMsg) : _cl(cl), _printGCMessage(printGCMsg) { }
--- a/hotspot/src/share/vm/gc_implementation/shared/concurrentGCThread.cpp Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/src/share/vm/gc_implementation/shared/concurrentGCThread.cpp Sat Nov 05 00:02:33 2011 -0700 @@ -224,6 +224,8 @@ MutexLockerEx x(&_monitor, Mutex::_no_safepoint_check_flag); assert(_buffer == empty, "Should be empty"); assert(msg != empty, "empty message"); + assert(!Heap_lock->owned_by_self(), "Heap_lock owned by requesting thread"); + _buffer = msg; while (_buffer != empty) { _monitor.notify();
--- a/hotspot/src/share/vm/precompiled.hpp Fri Nov 04 12:36:40 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,330 +0,0 @@ -/* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - * - */ - -// Precompiled headers are turned off for Sun Studion, -// or if the user passes USE_PRECOMPILED_HEADER=0 to the makefiles. -#ifndef DONT_USE_PRECOMPILED_HEADER - -# include "asm/assembler.hpp" -# include "asm/assembler.inline.hpp" -# include "asm/codeBuffer.hpp" -# include "asm/register.hpp" -# include "ci/ciArray.hpp" -# include "ci/ciArrayKlass.hpp" -# include "ci/ciClassList.hpp" -# include "ci/ciConstant.hpp" -# include "ci/ciConstantPoolCache.hpp" -# include "ci/ciEnv.hpp" -# include "ci/ciExceptionHandler.hpp" -# include "ci/ciField.hpp" -# include "ci/ciFlags.hpp" -# include "ci/ciInstance.hpp" -# include "ci/ciInstanceKlass.hpp" -# include "ci/ciInstanceKlassKlass.hpp" -# include "ci/ciKlass.hpp" -# include "ci/ciKlassKlass.hpp" -# include "ci/ciMethod.hpp" -# include "ci/ciNullObject.hpp" -# include "ci/ciObjArrayKlass.hpp" -# include "ci/ciObject.hpp" -# include "ci/ciObjectFactory.hpp" -# include "ci/ciSignature.hpp" -# include "ci/ciStreams.hpp" -# include "ci/ciSymbol.hpp" -# include "ci/ciType.hpp" -# include "ci/ciTypeArrayKlass.hpp" -# include "ci/ciUtilities.hpp" -# include "ci/compilerInterface.hpp" -# include "classfile/classFileParser.hpp" -# include "classfile/classFileStream.hpp" -# include "classfile/classLoader.hpp" -# include "classfile/javaClasses.hpp" -# include "classfile/symbolTable.hpp" -# include "classfile/systemDictionary.hpp" -# include "classfile/vmSymbols.hpp" -# include "code/codeBlob.hpp" -# include "code/codeCache.hpp" -# include "code/compressedStream.hpp" -# include "code/debugInfo.hpp" -# include "code/debugInfoRec.hpp" -# include "code/dependencies.hpp" -# include "code/exceptionHandlerTable.hpp" -# include "code/jvmticmlr.h" -# include "code/location.hpp" -# include "code/nmethod.hpp" -# include "code/oopRecorder.hpp" -# include "code/pcDesc.hpp" -# include "code/relocInfo.hpp" -# include "code/stubs.hpp" -# include "code/vmreg.hpp" -# include "compiler/disassembler.hpp" -# include "compiler/methodLiveness.hpp" -# include "compiler/oopMap.hpp" -# include "gc_implementation/shared/adaptiveSizePolicy.hpp" -# include "gc_implementation/shared/ageTable.hpp" -# include "gc_implementation/shared/allocationStats.hpp" -# include "gc_implementation/shared/cSpaceCounters.hpp" -# include "gc_implementation/shared/collectorCounters.hpp" -# include "gc_implementation/shared/gSpaceCounters.hpp" -# include "gc_implementation/shared/gcStats.hpp" -# include "gc_implementation/shared/gcUtil.hpp" -# include "gc_implementation/shared/generationCounters.hpp" -# include "gc_implementation/shared/immutableSpace.hpp" -# include "gc_implementation/shared/markSweep.hpp" -# include "gc_implementation/shared/markSweep.inline.hpp" -# include "gc_implementation/shared/mutableSpace.hpp" -# include "gc_implementation/shared/spaceCounters.hpp" -# include "gc_implementation/shared/spaceDecorator.hpp" -# include "gc_interface/collectedHeap.hpp" -# include "gc_interface/collectedHeap.inline.hpp" -# include "gc_interface/gcCause.hpp" -# include "interpreter/abstractInterpreter.hpp" -# include "interpreter/bytecode.hpp" -# include "interpreter/bytecodeHistogram.hpp" -# include "interpreter/bytecodeInterpreter.hpp" -# include "interpreter/bytecodeInterpreter.inline.hpp" -# include "interpreter/bytecodeTracer.hpp" -# include "interpreter/bytecodes.hpp" -# include "interpreter/cppInterpreter.hpp" -# include "interpreter/interpreter.hpp" -# include "interpreter/invocationCounter.hpp" -# include "interpreter/linkResolver.hpp" -# include "interpreter/templateInterpreter.hpp" -# include "interpreter/templateTable.hpp" -# include "jvmtifiles/jvmti.h" -# include "memory/allocation.hpp" -# include "memory/allocation.inline.hpp" -# include "memory/barrierSet.hpp" -# include "memory/barrierSet.inline.hpp" -# include "memory/blockOffsetTable.hpp" -# include "memory/blockOffsetTable.inline.hpp" -# include "memory/cardTableModRefBS.hpp" -# include "memory/collectorPolicy.hpp" -# include "memory/compactingPermGenGen.hpp" -# include "memory/defNewGeneration.hpp" -# include "memory/gcLocker.hpp" -# include "memory/genCollectedHeap.hpp" -# include "memory/genOopClosures.hpp" -# include "memory/genRemSet.hpp" -# include "memory/generation.hpp" -# include "memory/generation.inline.hpp" -# include "memory/heap.hpp" -# include "memory/iterator.hpp" -# include "memory/memRegion.hpp" -# include "memory/modRefBarrierSet.hpp" -# include "memory/oopFactory.hpp" -# include "memory/permGen.hpp" -# include "memory/referencePolicy.hpp" -# include "memory/referenceProcessor.hpp" -# include "memory/resourceArea.hpp" -# include "memory/sharedHeap.hpp" -# include "memory/space.hpp" -# include "memory/space.inline.hpp" -# include "memory/specialized_oop_closures.hpp" -# include "memory/threadLocalAllocBuffer.hpp" -# include "memory/threadLocalAllocBuffer.inline.hpp" -# include "memory/universe.hpp" -# include "memory/universe.inline.hpp" -# include "memory/watermark.hpp" -# include "oops/arrayKlass.hpp" -# include "oops/arrayOop.hpp" -# include "oops/constMethodOop.hpp" -# include "oops/constantPoolOop.hpp" -# include "oops/cpCacheOop.hpp" -# include "oops/instanceKlass.hpp" -# include "oops/instanceOop.hpp" -# include "oops/instanceRefKlass.hpp" -# include "oops/klass.hpp" -# include "oops/klassOop.hpp" -# include "oops/klassPS.hpp" -# include "oops/klassVtable.hpp" -# include "oops/markOop.hpp" -# include "oops/markOop.inline.hpp" -# include "oops/methodDataOop.hpp" -# include "oops/methodOop.hpp" -# include "oops/objArrayKlass.hpp" -# include "oops/objArrayOop.hpp" -# include "oops/oop.hpp" -# include "oops/oop.inline.hpp" -# include "oops/oop.inline2.hpp" -# include "oops/oopsHierarchy.hpp" -# include "oops/symbol.hpp" -# include "oops/typeArrayKlass.hpp" -# include "oops/typeArrayOop.hpp" -# include "prims/jni.h" -# include "prims/jvm.h" -# include "prims/jvmtiExport.hpp" -# include "prims/methodHandles.hpp" -# include "runtime/arguments.hpp" -# include "runtime/atomic.hpp" -# include "runtime/deoptimization.hpp" -# include "runtime/extendedPC.hpp" -# include "runtime/fieldDescriptor.hpp" -# include "runtime/fieldType.hpp" -# include "runtime/frame.hpp" -# include "runtime/frame.inline.hpp" -# include "runtime/globals.hpp" -# include "runtime/globals_extension.hpp" -# include "runtime/handles.hpp" -# include "runtime/handles.inline.hpp" -# include "runtime/icache.hpp" -# include "runtime/init.hpp" -# include "runtime/interfaceSupport.hpp" -# include "runtime/java.hpp" -# include "runtime/javaCalls.hpp" -# include "runtime/javaFrameAnchor.hpp" -# include "runtime/jniHandles.hpp" -# include "runtime/monitorChunk.hpp" -# include "runtime/mutex.hpp" -# include "runtime/mutexLocker.hpp" -# include "runtime/objectMonitor.hpp" -# include "runtime/orderAccess.hpp" -# include "runtime/os.hpp" -# include "runtime/osThread.hpp" -# include "runtime/perfData.hpp" -# include "runtime/perfMemory.hpp" -# include "runtime/prefetch.hpp" -# include "runtime/reflection.hpp" -# include "runtime/reflectionUtils.hpp" -# include "runtime/registerMap.hpp" -# include "runtime/safepoint.hpp" -# include "runtime/sharedRuntime.hpp" -# include "runtime/signature.hpp" -# include "runtime/stackValue.hpp" -# include "runtime/stackValueCollection.hpp" -# include "runtime/stubCodeGenerator.hpp" -# include "runtime/stubRoutines.hpp" -# include "runtime/synchronizer.hpp" -# include "runtime/thread.hpp" -# include "runtime/threadLocalStorage.hpp" -# include "runtime/timer.hpp" -# include "runtime/unhandledOops.hpp" -# include "runtime/vframe.hpp" -# include "runtime/virtualspace.hpp" -# include "runtime/vmThread.hpp" -# include "runtime/vm_operations.hpp" -# include "runtime/vm_version.hpp" -# include "services/lowMemoryDetector.hpp" -# include "services/memoryPool.hpp" -# include "services/memoryService.hpp" -# include "services/memoryUsage.hpp" -# include "utilities/accessFlags.hpp" -# include "utilities/array.hpp" -# include "utilities/bitMap.hpp" -# include "utilities/bitMap.inline.hpp" -# include "utilities/constantTag.hpp" -# include "utilities/copy.hpp" -# include "utilities/debug.hpp" -# include "utilities/exceptions.hpp" -# include "utilities/globalDefinitions.hpp" -# include "utilities/growableArray.hpp" -# include "utilities/hashtable.hpp" -# include "utilities/histogram.hpp" -# include "utilities/macros.hpp" -# include "utilities/numberSeq.hpp" -# include "utilities/ostream.hpp" -# include "utilities/preserveException.hpp" -# include "utilities/sizes.hpp" -# include "utilities/taskqueue.hpp" -# include "utilities/top.hpp" -# include "utilities/utf8.hpp" -# include "utilities/workgroup.hpp" -# include "utilities/yieldingWorkgroup.hpp" -#ifdef COMPILER2 -# include "libadt/dict.hpp" -# include "libadt/port.hpp" -# include "libadt/set.hpp" -# include "libadt/vectset.hpp" -# include "opto/addnode.hpp" -# include "opto/adlcVMDeps.hpp" -# include "opto/block.hpp" -# include "opto/c2_globals.hpp" -# include "opto/callnode.hpp" -# include "opto/cfgnode.hpp" -# include "opto/compile.hpp" -# include "opto/connode.hpp" -# include "opto/idealGraphPrinter.hpp" -# include "opto/loopnode.hpp" -# include "opto/machnode.hpp" -# include "opto/matcher.hpp" -# include "opto/memnode.hpp" -# include "opto/mulnode.hpp" -# include "opto/multnode.hpp" -# include "opto/node.hpp" -# include "opto/opcodes.hpp" -# include "opto/optoreg.hpp" -# include "opto/phase.hpp" -# include "opto/phaseX.hpp" -# include "opto/regalloc.hpp" -# include "opto/regmask.hpp" -# include "opto/runtime.hpp" -# include "opto/subnode.hpp" -# include "opto/type.hpp" -# include "opto/vectornode.hpp" -#endif // COMPILER2 -#ifdef COMPILER1 -# include "c1/c1_Compilation.hpp" -# include "c1/c1_Defs.hpp" -# include "c1/c1_FrameMap.hpp" -# include "c1/c1_LIR.hpp" -# include "c1/c1_MacroAssembler.hpp" -# include "c1/c1_ValueType.hpp" -# include "c1/c1_globals.hpp" -#endif // COMPILER1 -#ifndef SERIALGC -# include "gc_implementation/concurrentMarkSweep/binaryTreeDictionary.hpp" -# include "gc_implementation/concurrentMarkSweep/cmsOopClosures.hpp" -# include "gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.hpp" -# include "gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.hpp" -# include "gc_implementation/concurrentMarkSweep/freeBlockDictionary.hpp" -# include "gc_implementation/concurrentMarkSweep/freeChunk.hpp" -# include "gc_implementation/concurrentMarkSweep/freeList.hpp" -# include "gc_implementation/concurrentMarkSweep/promotionInfo.hpp" -# include "gc_implementation/g1/dirtyCardQueue.hpp" -# include "gc_implementation/g1/g1BlockOffsetTable.hpp" -# include "gc_implementation/g1/g1BlockOffsetTable.inline.hpp" -# include "gc_implementation/g1/g1OopClosures.hpp" -# include "gc_implementation/g1/g1_globals.hpp" -# include "gc_implementation/g1/g1_specialized_oop_closures.hpp" -# include "gc_implementation/g1/ptrQueue.hpp" -# include "gc_implementation/g1/satbQueue.hpp" -# include "gc_implementation/parNew/parGCAllocBuffer.hpp" -# include "gc_implementation/parNew/parOopClosures.hpp" -# include "gc_implementation/parallelScavenge/objectStartArray.hpp" -# include "gc_implementation/parallelScavenge/parMarkBitMap.hpp" -# include "gc_implementation/parallelScavenge/parallelScavengeHeap.hpp" -# include "gc_implementation/parallelScavenge/psAdaptiveSizePolicy.hpp" -# include "gc_implementation/parallelScavenge/psCompactionManager.hpp" -# include "gc_implementation/parallelScavenge/psGCAdaptivePolicyCounters.hpp" -# include "gc_implementation/parallelScavenge/psGenerationCounters.hpp" -# include "gc_implementation/parallelScavenge/psOldGen.hpp" -# include "gc_implementation/parallelScavenge/psParallelCompact.hpp" -# include "gc_implementation/parallelScavenge/psPermGen.hpp" -# include "gc_implementation/parallelScavenge/psVirtualspace.hpp" -# include "gc_implementation/parallelScavenge/psYoungGen.hpp" -# include "gc_implementation/shared/gcAdaptivePolicyCounters.hpp" -# include "gc_implementation/shared/gcPolicyCounters.hpp" -#endif // SERIALGC - -#endif // !DONT_USE_PRECOMPILED_HEADER
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/hotspot/src/share/vm/precompiled/precompiled.hpp Sat Nov 05 00:02:33 2011 -0700 @@ -0,0 +1,330 @@ +/* + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + * + */ + +// Precompiled headers are turned off for Sun Studion, +// or if the user passes USE_PRECOMPILED_HEADER=0 to the makefiles. +#ifndef DONT_USE_PRECOMPILED_HEADER + +# include "asm/assembler.hpp" +# include "asm/assembler.inline.hpp" +# include "asm/codeBuffer.hpp" +# include "asm/register.hpp" +# include "ci/ciArray.hpp" +# include "ci/ciArrayKlass.hpp" +# include "ci/ciClassList.hpp" +# include "ci/ciConstant.hpp" +# include "ci/ciConstantPoolCache.hpp" +# include "ci/ciEnv.hpp" +# include "ci/ciExceptionHandler.hpp" +# include "ci/ciField.hpp" +# include "ci/ciFlags.hpp" +# include "ci/ciInstance.hpp" +# include "ci/ciInstanceKlass.hpp" +# include "ci/ciInstanceKlassKlass.hpp" +# include "ci/ciKlass.hpp" +# include "ci/ciKlassKlass.hpp" +# include "ci/ciMethod.hpp" +# include "ci/ciNullObject.hpp" +# include "ci/ciObjArrayKlass.hpp" +# include "ci/ciObject.hpp" +# include "ci/ciObjectFactory.hpp" +# include "ci/ciSignature.hpp" +# include "ci/ciStreams.hpp" +# include "ci/ciSymbol.hpp" +# include "ci/ciType.hpp" +# include "ci/ciTypeArrayKlass.hpp" +# include "ci/ciUtilities.hpp" +# include "ci/compilerInterface.hpp" +# include "classfile/classFileParser.hpp" +# include "classfile/classFileStream.hpp" +# include "classfile/classLoader.hpp" +# include "classfile/javaClasses.hpp" +# include "classfile/symbolTable.hpp" +# include "classfile/systemDictionary.hpp" +# include "classfile/vmSymbols.hpp" +# include "code/codeBlob.hpp" +# include "code/codeCache.hpp" +# include "code/compressedStream.hpp" +# include "code/debugInfo.hpp" +# include "code/debugInfoRec.hpp" +# include "code/dependencies.hpp" +# include "code/exceptionHandlerTable.hpp" +# include "code/jvmticmlr.h" +# include "code/location.hpp" +# include "code/nmethod.hpp" +# include "code/oopRecorder.hpp" +# include "code/pcDesc.hpp" +# include "code/relocInfo.hpp" +# include "code/stubs.hpp" +# include "code/vmreg.hpp" +# include "compiler/disassembler.hpp" +# include "compiler/methodLiveness.hpp" +# include "compiler/oopMap.hpp" +# include "gc_implementation/shared/adaptiveSizePolicy.hpp" +# include "gc_implementation/shared/ageTable.hpp" +# include "gc_implementation/shared/allocationStats.hpp" +# include "gc_implementation/shared/cSpaceCounters.hpp" +# include "gc_implementation/shared/collectorCounters.hpp" +# include "gc_implementation/shared/gSpaceCounters.hpp" +# include "gc_implementation/shared/gcStats.hpp" +# include "gc_implementation/shared/gcUtil.hpp" +# include "gc_implementation/shared/generationCounters.hpp" +# include "gc_implementation/shared/immutableSpace.hpp" +# include "gc_implementation/shared/markSweep.hpp" +# include "gc_implementation/shared/markSweep.inline.hpp" +# include "gc_implementation/shared/mutableSpace.hpp" +# include "gc_implementation/shared/spaceCounters.hpp" +# include "gc_implementation/shared/spaceDecorator.hpp" +# include "gc_interface/collectedHeap.hpp" +# include "gc_interface/collectedHeap.inline.hpp" +# include "gc_interface/gcCause.hpp" +# include "interpreter/abstractInterpreter.hpp" +# include "interpreter/bytecode.hpp" +# include "interpreter/bytecodeHistogram.hpp" +# include "interpreter/bytecodeInterpreter.hpp" +# include "interpreter/bytecodeInterpreter.inline.hpp" +# include "interpreter/bytecodeTracer.hpp" +# include "interpreter/bytecodes.hpp" +# include "interpreter/cppInterpreter.hpp" +# include "interpreter/interpreter.hpp" +# include "interpreter/invocationCounter.hpp" +# include "interpreter/linkResolver.hpp" +# include "interpreter/templateInterpreter.hpp" +# include "interpreter/templateTable.hpp" +# include "jvmtifiles/jvmti.h" +# include "memory/allocation.hpp" +# include "memory/allocation.inline.hpp" +# include "memory/barrierSet.hpp" +# include "memory/barrierSet.inline.hpp" +# include "memory/blockOffsetTable.hpp" +# include "memory/blockOffsetTable.inline.hpp" +# include "memory/cardTableModRefBS.hpp" +# include "memory/collectorPolicy.hpp" +# include "memory/compactingPermGenGen.hpp" +# include "memory/defNewGeneration.hpp" +# include "memory/gcLocker.hpp" +# include "memory/genCollectedHeap.hpp" +# include "memory/genOopClosures.hpp" +# include "memory/genRemSet.hpp" +# include "memory/generation.hpp" +# include "memory/generation.inline.hpp" +# include "memory/heap.hpp" +# include "memory/iterator.hpp" +# include "memory/memRegion.hpp" +# include "memory/modRefBarrierSet.hpp" +# include "memory/oopFactory.hpp" +# include "memory/permGen.hpp" +# include "memory/referencePolicy.hpp" +# include "memory/referenceProcessor.hpp" +# include "memory/resourceArea.hpp" +# include "memory/sharedHeap.hpp" +# include "memory/space.hpp" +# include "memory/space.inline.hpp" +# include "memory/specialized_oop_closures.hpp" +# include "memory/threadLocalAllocBuffer.hpp" +# include "memory/threadLocalAllocBuffer.inline.hpp" +# include "memory/universe.hpp" +# include "memory/universe.inline.hpp" +# include "memory/watermark.hpp" +# include "oops/arrayKlass.hpp" +# include "oops/arrayOop.hpp" +# include "oops/constMethodOop.hpp" +# include "oops/constantPoolOop.hpp" +# include "oops/cpCacheOop.hpp" +# include "oops/instanceKlass.hpp" +# include "oops/instanceOop.hpp" +# include "oops/instanceRefKlass.hpp" +# include "oops/klass.hpp" +# include "oops/klassOop.hpp" +# include "oops/klassPS.hpp" +# include "oops/klassVtable.hpp" +# include "oops/markOop.hpp" +# include "oops/markOop.inline.hpp" +# include "oops/methodDataOop.hpp" +# include "oops/methodOop.hpp" +# include "oops/objArrayKlass.hpp" +# include "oops/objArrayOop.hpp" +# include "oops/oop.hpp" +# include "oops/oop.inline.hpp" +# include "oops/oop.inline2.hpp" +# include "oops/oopsHierarchy.hpp" +# include "oops/symbol.hpp" +# include "oops/typeArrayKlass.hpp" +# include "oops/typeArrayOop.hpp" +# include "prims/jni.h" +# include "prims/jvm.h" +# include "prims/jvmtiExport.hpp" +# include "prims/methodHandles.hpp" +# include "runtime/arguments.hpp" +# include "runtime/atomic.hpp" +# include "runtime/deoptimization.hpp" +# include "runtime/extendedPC.hpp" +# include "runtime/fieldDescriptor.hpp" +# include "runtime/fieldType.hpp" +# include "runtime/frame.hpp" +# include "runtime/frame.inline.hpp" +# include "runtime/globals.hpp" +# include "runtime/globals_extension.hpp" +# include "runtime/handles.hpp" +# include "runtime/handles.inline.hpp" +# include "runtime/icache.hpp" +# include "runtime/init.hpp" +# include "runtime/interfaceSupport.hpp" +# include "runtime/java.hpp" +# include "runtime/javaCalls.hpp" +# include "runtime/javaFrameAnchor.hpp" +# include "runtime/jniHandles.hpp" +# include "runtime/monitorChunk.hpp" +# include "runtime/mutex.hpp" +# include "runtime/mutexLocker.hpp" +# include "runtime/objectMonitor.hpp" +# include "runtime/orderAccess.hpp" +# include "runtime/os.hpp" +# include "runtime/osThread.hpp" +# include "runtime/perfData.hpp" +# include "runtime/perfMemory.hpp" +# include "runtime/prefetch.hpp" +# include "runtime/reflection.hpp" +# include "runtime/reflectionUtils.hpp" +# include "runtime/registerMap.hpp" +# include "runtime/safepoint.hpp" +# include "runtime/sharedRuntime.hpp" +# include "runtime/signature.hpp" +# include "runtime/stackValue.hpp" +# include "runtime/stackValueCollection.hpp" +# include "runtime/stubCodeGenerator.hpp" +# include "runtime/stubRoutines.hpp" +# include "runtime/synchronizer.hpp" +# include "runtime/thread.hpp" +# include "runtime/threadLocalStorage.hpp" +# include "runtime/timer.hpp" +# include "runtime/unhandledOops.hpp" +# include "runtime/vframe.hpp" +# include "runtime/virtualspace.hpp" +# include "runtime/vmThread.hpp" +# include "runtime/vm_operations.hpp" +# include "runtime/vm_version.hpp" +# include "services/lowMemoryDetector.hpp" +# include "services/memoryPool.hpp" +# include "services/memoryService.hpp" +# include "services/memoryUsage.hpp" +# include "utilities/accessFlags.hpp" +# include "utilities/array.hpp" +# include "utilities/bitMap.hpp" +# include "utilities/bitMap.inline.hpp" +# include "utilities/constantTag.hpp" +# include "utilities/copy.hpp" +# include "utilities/debug.hpp" +# include "utilities/exceptions.hpp" +# include "utilities/globalDefinitions.hpp" +# include "utilities/growableArray.hpp" +# include "utilities/hashtable.hpp" +# include "utilities/histogram.hpp" +# include "utilities/macros.hpp" +# include "utilities/numberSeq.hpp" +# include "utilities/ostream.hpp" +# include "utilities/preserveException.hpp" +# include "utilities/sizes.hpp" +# include "utilities/taskqueue.hpp" +# include "utilities/top.hpp" +# include "utilities/utf8.hpp" +# include "utilities/workgroup.hpp" +# include "utilities/yieldingWorkgroup.hpp" +#ifdef COMPILER2 +# include "libadt/dict.hpp" +# include "libadt/port.hpp" +# include "libadt/set.hpp" +# include "libadt/vectset.hpp" +# include "opto/addnode.hpp" +# include "opto/adlcVMDeps.hpp" +# include "opto/block.hpp" +# include "opto/c2_globals.hpp" +# include "opto/callnode.hpp" +# include "opto/cfgnode.hpp" +# include "opto/compile.hpp" +# include "opto/connode.hpp" +# include "opto/idealGraphPrinter.hpp" +# include "opto/loopnode.hpp" +# include "opto/machnode.hpp" +# include "opto/matcher.hpp" +# include "opto/memnode.hpp" +# include "opto/mulnode.hpp" +# include "opto/multnode.hpp" +# include "opto/node.hpp" +# include "opto/opcodes.hpp" +# include "opto/optoreg.hpp" +# include "opto/phase.hpp" +# include "opto/phaseX.hpp" +# include "opto/regalloc.hpp" +# include "opto/regmask.hpp" +# include "opto/runtime.hpp" +# include "opto/subnode.hpp" +# include "opto/type.hpp" +# include "opto/vectornode.hpp" +#endif // COMPILER2 +#ifdef COMPILER1 +# include "c1/c1_Compilation.hpp" +# include "c1/c1_Defs.hpp" +# include "c1/c1_FrameMap.hpp" +# include "c1/c1_LIR.hpp" +# include "c1/c1_MacroAssembler.hpp" +# include "c1/c1_ValueType.hpp" +# include "c1/c1_globals.hpp" +#endif // COMPILER1 +#ifndef SERIALGC +# include "gc_implementation/concurrentMarkSweep/binaryTreeDictionary.hpp" +# include "gc_implementation/concurrentMarkSweep/cmsOopClosures.hpp" +# include "gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.hpp" +# include "gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.hpp" +# include "gc_implementation/concurrentMarkSweep/freeBlockDictionary.hpp" +# include "gc_implementation/concurrentMarkSweep/freeChunk.hpp" +# include "gc_implementation/concurrentMarkSweep/freeList.hpp" +# include "gc_implementation/concurrentMarkSweep/promotionInfo.hpp" +# include "gc_implementation/g1/dirtyCardQueue.hpp" +# include "gc_implementation/g1/g1BlockOffsetTable.hpp" +# include "gc_implementation/g1/g1BlockOffsetTable.inline.hpp" +# include "gc_implementation/g1/g1OopClosures.hpp" +# include "gc_implementation/g1/g1_globals.hpp" +# include "gc_implementation/g1/g1_specialized_oop_closures.hpp" +# include "gc_implementation/g1/ptrQueue.hpp" +# include "gc_implementation/g1/satbQueue.hpp" +# include "gc_implementation/parNew/parGCAllocBuffer.hpp" +# include "gc_implementation/parNew/parOopClosures.hpp" +# include "gc_implementation/parallelScavenge/objectStartArray.hpp" +# include "gc_implementation/parallelScavenge/parMarkBitMap.hpp" +# include "gc_implementation/parallelScavenge/parallelScavengeHeap.hpp" +# include "gc_implementation/parallelScavenge/psAdaptiveSizePolicy.hpp" +# include "gc_implementation/parallelScavenge/psCompactionManager.hpp" +# include "gc_implementation/parallelScavenge/psGCAdaptivePolicyCounters.hpp" +# include "gc_implementation/parallelScavenge/psGenerationCounters.hpp" +# include "gc_implementation/parallelScavenge/psOldGen.hpp" +# include "gc_implementation/parallelScavenge/psParallelCompact.hpp" +# include "gc_implementation/parallelScavenge/psPermGen.hpp" +# include "gc_implementation/parallelScavenge/psVirtualspace.hpp" +# include "gc_implementation/parallelScavenge/psYoungGen.hpp" +# include "gc_implementation/shared/gcAdaptivePolicyCounters.hpp" +# include "gc_implementation/shared/gcPolicyCounters.hpp" +#endif // SERIALGC + +#endif // !DONT_USE_PRECOMPILED_HEADER
--- a/hotspot/src/share/vm/runtime/globals.hpp Fri Nov 04 12:36:40 2011 +0000 +++ b/hotspot/src/share/vm/runtime/globals.hpp Sat Nov 05 00:02:33 2011 -0700 @@ -2580,7 +2580,7 @@ diagnostic(bool, DebugInlinedCalls, true, \ "If false, restricts profiled locations to the root method only") \ \ - product(bool, PrintVMOptions, trueInDebug, \ + product(bool, PrintVMOptions, NOT_EMBEDDED(trueInDebug) EMBEDDED_ONLY(false),\ "Print flags that appeared on the command line") \ \ product(bool, IgnoreUnrecognizedVMOptions, false, \
--- a/jaxp/.hgtags Fri Nov 04 12:36:40 2011 +0000 +++ b/jaxp/.hgtags Sat Nov 05 00:02:33 2011 -0700 @@ -132,3 +132,5 @@ de4794dd69c48b08029d158a972993ff9d5627df jdk8-b08 93554324c014282571aeeb48552ad00d3fedb089 jdk8-b09 d21a4d5141c04bc9e88f2c0253121d449b66d667 jdk8-b10 +d1b7a4f6dd2065fdeafbcdfd9dcc0072da8c6881 jdk8-b11 +ca977d167697a561c04894187fc1c4d927582ffa jdk8-b12
--- a/jaxws/.hgtags Fri Nov 04 12:36:40 2011 +0000 +++ b/jaxws/.hgtags Sat Nov 05 00:02:33 2011 -0700 @@ -132,3 +132,5 @@ 1c9d4f59acf8f71477473c170239b43b2c9dee24 jdk8-b08 70172e57cf29efe271b068987eefb601c2a77780 jdk8-b09 8e7fdc8e3c758644ca6d0fd70bb255e9d2e64cda jdk8-b10 +a12ab897a249feb7859a6e6cd84b49411f4c06ac jdk8-b11 +e6eed2ff5d5f62bdc815beb5276d23347600c760 jdk8-b12
--- a/jdk/.hgtags Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/.hgtags Sat Nov 05 00:02:33 2011 -0700 @@ -132,3 +132,5 @@ 1c023bcd0c5a01ac07bc7eea728aafbb0d8991e9 jdk8-b08 f1ec21b8142168ff40f3278d2f6b5fe4bd5f3b26 jdk8-b09 4788745572ef2bde34924ef34e7e4d55ba07e979 jdk8-b10 +7ab0d613cd1a271a9763ffb894dc1f0a5b95a7e4 jdk8-b11 +09fd2067f715e4505c44b01c301258a4e8f8964e jdk8-b12
--- a/jdk/make/com/sun/security/auth/module/Makefile Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/com/sun/security/auth/module/Makefile Sat Nov 05 00:02:33 2011 -0700 @@ -78,7 +78,3 @@ # include $(BUILDDIR)/common/Library.gmk -# -# JVMDI implementation lives in the VM. -# -OTHER_LDLIBS = $(JVMLIB)
--- a/jdk/make/common/Defs.gmk Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/common/Defs.gmk Sat Nov 05 00:02:33 2011 -0700 @@ -220,14 +220,30 @@ JRE_NONEXIST_LOCALES = en en_US de_DE es_ES fr_FR it_IT ja_JP ko_KR sv_SE zh # -# All libraries except libjava and libjvm itself link against libjvm and -# libjava, the latter for its exported common utilities. libjava only links -# against libjvm. Programs' makefiles take their own responsibility for +# For now, most libraries except libjava and libjvm itself link against libjvm +# and libjava, the latter for its exported common utilities. libjava only +# links against libjvm. Programs' makefiles take their own responsibility for # adding other libs. # +# The makefiles for these packages do not link against libjvm and libjava. +# This list will eventually go away and each Programs' makefiles +# will have to explicitly declare that they want to link to libjava/libjvm +# +NO_JAVALIB_PKGS = \ + sun.security.mscapi \ + sun.security.krb5 \ + sun.security.pkcs11 \ + sun.security.jgss \ + sun.security.jgss.wrapper \ + sun.security.ec \ + sun.security.smartcardio \ + com.sun.security.auth.module + ifdef PACKAGE # put JAVALIB first, but do not lose any platform specific values.... - LDLIBS_COMMON = $(JAVALIB) + ifeq (,$(findstring $(PACKAGE),$(NO_JAVALIB_PKGS))) + LDLIBS_COMMON = $(JAVALIB) + endif endif # PACKAGE #
--- a/jdk/make/common/Demo.gmk Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/common/Demo.gmk Sat Nov 05 00:02:33 2011 -0700 @@ -158,6 +158,8 @@ # bit between them. LINK.demo = $(LINK.c) LDLIBS.demo = $(EXTRA_LIBS) $(LFLAGS_$(COMPILER_VERSION)) + DEMO_VERSION_INFO = $(OBJDIR)/$(LIBRARY).res + LDLIBS.demo += $(DEMO_VERSION_INFO) else ifneq ($(DEMO_NEEDS_CPP),) LINK.demo = $(LINK.cpp) @@ -288,6 +290,13 @@ $(install-file) endif +ifeq ($(PLATFORM),windows) +# JDK name required here +RC_FLAGS += /D "JDK_FNAME=$(LIBRARY).dll" \ + /D "JDK_INTERNAL_NAME=$(LIBRARY)" \ + /D "JDK_FTYPE=0x2L" +endif + # Native library building ifdef DEMO_LIBRARY @@ -308,6 +317,9 @@ # Actual creation of the native shared library (C++ and C are different) $(DEMO_LIBRARY): $(DEMO_FULL_OBJECTS) @$(prep-target) + ifeq ($(PLATFORM),windows) + $(RC) $(RC_FLAGS) $(CC_OBJECT_OUTPUT_FLAG)$(DEMO_VERSION_INFO) $(VERSIONINFO_RESOURCE) + endif $(LINK.demo) $(SHARED_LIBRARY_FLAG) $(CC_PROGRAM_OUTPUT_FLAG)$@ \ $(DEMO_FULL_OBJECTS) $(LDLIBS.demo) @$(call binary_file_verification,$@)
--- a/jdk/make/common/Library.gmk Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/common/Library.gmk Sat Nov 05 00:02:33 2011 -0700 @@ -165,7 +165,7 @@ $(LINK) -dll -out:$(OBJDIR)/$(@F) \ -map:$(OBJDIR)/$(LIBRARY).map \ $(LFLAGS) @$(OBJDIR)/$(LIBRARY).lcf \ - $(OTHER_LCF) $(JAVALIB) $(LDLIBS) + $(OTHER_LCF) $(LDLIBS) $(CP) $(OBJDIR)/$(@F) $@ @$(call binary_file_verification,$@) $(CP) $(OBJDIR)/$(LIBRARY).map $(@D)
--- a/jdk/make/java/java/mapfile-vers Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/java/java/mapfile-vers Sat Nov 05 00:02:33 2011 -0700 @@ -90,7 +90,6 @@ Java_java_io_FileSystem_getFileSystem; Java_java_io_ObjectInputStream_bytesToDoubles; Java_java_io_ObjectInputStream_bytesToFloats; - Java_java_io_ObjectInputStream_latestUserDefinedLoader; Java_java_io_ObjectOutputStream_doublesToBytes; Java_java_io_ObjectOutputStream_floatsToBytes; Java_java_io_ObjectStreamClass_hasStaticInitializer; @@ -275,6 +274,7 @@ Java_sun_misc_Version_getJvmVersionInfo; Java_sun_misc_Version_getJvmSpecialVersion; Java_sun_misc_VM_getThreadStateValues; + Java_sun_misc_VM_latestUserDefinedLoader; Java_sun_misc_VM_initialize; Java_sun_misc_VMSupport_initAgentProperties;
--- a/jdk/make/sun/javazic/tzdata/VERSION Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/sun/javazic/tzdata/VERSION Sat Nov 05 00:02:33 2011 -0700 @@ -21,4 +21,4 @@ # or visit www.oracle.com if you need additional information or have any # questions. # -tzdata2011j +tzdata2011l
--- a/jdk/make/sun/javazic/tzdata/asia Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/sun/javazic/tzdata/asia Sat Nov 05 00:02:33 2011 -0700 @@ -2216,7 +2216,47 @@ # http://www.timeanddate.com/news/time/westbank-gaza-end-dst-2010.html # </a> +# From Steffen Thorsen (2011-08-26): +# Gaza and the West Bank did go back to standard time in the beginning of +# August, and will now enter daylight saving time again on 2011-08-30 +# 00:00 (so two periods of DST in 2011). The pause was because of +# Ramadan. +# +# <a href="http://www.maannews.net/eng/ViewDetails.aspx?ID=416217"> +# http://www.maannews.net/eng/ViewDetails.aspx?ID=416217 +# </a> +# Additional info: +# <a href="http://www.timeanddate.com/news/time/palestine-dst-2011.html"> +# http://www.timeanddate.com/news/time/palestine-dst-2011.html +# </a> + +# From Alexander Krivenyshev (2011-08-27): +# According to the article in The Jerusalem Post: +# "...Earlier this month, the Palestinian government in the West Bank decided to +# move to standard time for 30 days, during Ramadan. The Palestinians in the +# Gaza Strip accepted the change and also moved their clocks one hour back. +# The Hamas government said on Saturday that it won't observe summertime after +# the Muslim feast of Id al-Fitr, which begins on Tuesday..." +# ... +# <a href="http://www.jpost.com/MiddleEast/Article.aspx?id=235650"> +# http://www.jpost.com/MiddleEast/Article.aspx?id=235650 +# </a> +# or +# <a href="http://www.worldtimezone.com/dst_news/dst_news_gazastrip05.html"> +# http://www.worldtimezone.com/dst_news/dst_news_gazastrip05.html +# </a> # The rules for Egypt are stolen from the `africa' file. + +# From Steffen Thorsen (2011-09-30): +# West Bank did end Daylight Saving Time this morning/midnight (2011-09-30 +# 00:00). +# So West Bank and Gaza now have the same time again. +# +# Many sources, including: +# <a href="http://www.maannews.net/eng/ViewDetails.aspx?ID=424808"> +# http://www.maannews.net/eng/ViewDetails.aspx?ID=424808 +# </a> + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule EgyptAsia 1957 only - May 10 0:00 1:00 S Rule EgyptAsia 1957 1958 - Oct 1 0:00 0 - @@ -2232,19 +2272,37 @@ Rule Palestine 2006 2008 - Apr 1 0:00 1:00 S Rule Palestine 2006 only - Sep 22 0:00 0 - Rule Palestine 2007 only - Sep Thu>=8 2:00 0 - -Rule Palestine 2008 only - Aug lastFri 2:00 0 - +Rule Palestine 2008 only - Aug lastFri 0:00 0 - Rule Palestine 2009 only - Mar lastFri 0:00 1:00 S -Rule Palestine 2010 max - Mar lastSat 0:01 1:00 S -Rule Palestine 2009 max - Sep Fri>=1 2:00 0 - +Rule Palestine 2009 only - Sep Fri>=1 2:00 0 - +Rule Palestine 2010 only - Mar lastSat 0:01 1:00 S Rule Palestine 2010 only - Aug 11 0:00 0 - +# From Arthur David Olson (2011-09-20): +# 2011 transitions per http://www.timeanddate.com as of 2011-09-20. + # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Asia/Gaza 2:17:52 - LMT 1900 Oct 2:00 Zion EET 1948 May 15 2:00 EgyptAsia EE%sT 1967 Jun 5 2:00 Zion I%sT 1996 2:00 Jordan EE%sT 1999 - 2:00 Palestine EE%sT + 2:00 Palestine EE%sT 2011 Apr 2 12:01 + 2:00 1:00 EEST 2011 Aug 1 + 2:00 - EET + +Zone Asia/Hebron 2:20:23 - LMT 1900 Oct + 2:00 Zion EET 1948 May 15 + 2:00 EgyptAsia EE%sT 1967 Jun 5 + 2:00 Zion I%sT 1996 + 2:00 Jordan EE%sT 1999 + 2:00 Palestine EE%sT 2008 Aug + 2:00 1:00 EEST 2008 Sep + 2:00 Palestine EE%sT 2011 Apr 1 12:01 + 2:00 1:00 EEST 2011 Aug 1 + 2:00 - EET 2011 Aug 30 + 2:00 1:00 EEST 2011 Sep 30 3:00 + 2:00 - EET # Paracel Is # no information
--- a/jdk/make/sun/javazic/tzdata/australasia Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/sun/javazic/tzdata/australasia Sat Nov 05 00:02:33 2011 -0700 @@ -318,6 +318,18 @@ # http://www.worldtimezone.com/dst_news/dst_news_fiji04.html # </a> +# From Steffen Thorsen (2011-10-03): +# Now the dates have been confirmed, and at least our start date +# assumption was correct (end date was one week wrong). +# +# <a href="http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155"> +# www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155 +# </a> +# which says +# Members of the public are reminded to change their time to one hour in +# advance at 2am to 3am on October 23, 2011 and one hour back at 3am to +# 2am on February 26 next year. + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule Fiji 1998 1999 - Nov Sun>=1 2:00 1:00 S Rule Fiji 1999 2000 - Feb lastSun 3:00 0 - @@ -325,6 +337,8 @@ Rule Fiji 2010 only - Mar lastSun 3:00 0 - Rule Fiji 2010 only - Oct 24 2:00 1:00 S Rule Fiji 2011 only - Mar Sun>=1 3:00 0 - +Rule Fiji 2011 only - Oct 23 2:00 1:00 S +Rule Fiji 2012 only - Feb 26 3:00 0 - # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Pacific/Fiji 11:53:40 - LMT 1915 Oct 26 # Suva 12:00 Fiji FJ%sT # Fiji Time
--- a/jdk/make/sun/javazic/tzdata/europe Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/sun/javazic/tzdata/europe Sat Nov 05 00:02:33 2011 -0700 @@ -583,9 +583,9 @@ # Rule Russia 1992 only - Mar lastSat 23:00 1:00 S Rule Russia 1992 only - Sep lastSat 23:00 0 - -Rule Russia 1993 max - Mar lastSun 2:00s 1:00 S +Rule Russia 1993 2010 - Mar lastSun 2:00s 1:00 S Rule Russia 1993 1995 - Sep lastSun 2:00s 0 - -Rule Russia 1996 max - Oct lastSun 2:00s 0 - +Rule Russia 1996 2010 - Oct lastSun 2:00s 0 - # From Alexander Krivenyshev (2011-06-14): # According to Kremlin press service, Russian President Dmitry Medvedev @@ -605,7 +605,6 @@ # From Arthur David Olson (2011-06-15): # Take "abolishing daylight saving time" to mean that time is now considered # to be standard. -# At least for now, keep the "old" Russia rules for the benefit of Belarus. # These are for backward compatibility with older versions. @@ -711,6 +710,23 @@ 1:00 EU CE%sT # Belarus +# From Yauhen Kharuzhy (2011-09-16): +# By latest Belarus government act Europe/Minsk timezone was changed to +# GMT+3 without DST (was GMT+2 with DST). +# +# Sources (Russian language): +# 1. +# <a href="http://www.belta.by/ru/all_news/society/V-Belarusi-otmenjaetsja-perexod-na-sezonnoe-vremja_i_572952.html"> +# http://www.belta.by/ru/all_news/society/V-Belarusi-otmenjaetsja-perexod-na-sezonnoe-vremja_i_572952.html +# </a> +# 2. +# <a href="http://naviny.by/rubrics/society/2011/09/16/ic_articles_116_175144/"> +# http://naviny.by/rubrics/society/2011/09/16/ic_articles_116_175144/ +# </a> +# 3. +# <a href="http://news.tut.by/society/250578.html"> +# http://news.tut.by/society/250578.html +# </a> # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Europe/Minsk 1:50:16 - LMT 1880 1:50 - MMT 1924 May 2 # Minsk Mean Time @@ -722,7 +738,8 @@ 2:00 1:00 EEST 1991 Sep 29 2:00s 2:00 - EET 1992 Mar 29 0:00s 2:00 1:00 EEST 1992 Sep 27 0:00s - 2:00 Russia EE%sT + 2:00 Russia EE%sT 2011 Mar 27 2:00s + 3:00 - FET # Further-eastern European Time # Belgium # @@ -2056,7 +2073,7 @@ 2:00 Poland CE%sT 1946 3:00 Russia MSK/MSD 1991 Mar 31 2:00s 2:00 Russia EE%sT 2011 Mar 27 2:00s - 3:00 - KALT + 3:00 - FET # Further-eastern European Time # # From Oscar van Vlijmen (2001-08-25): [This region consists of] # Respublika Adygeya, Arkhangel'skaya oblast', @@ -2211,7 +2228,7 @@ # [parts of] Respublika Sakha (Yakutiya), Chitinskaya oblast'. # From Oscar van Vlijmen (2009-11-29): -# ...some regions of RUssia were merged with others since 2005... +# ...some regions of [Russia] were merged with others since 2005... # Some names were changed, no big deal, except for one instance: a new name. # YAK/YAKST: UTC+9 Zabajkal'skij kraj. @@ -2635,6 +2652,28 @@ # of March at 3am the time is changing to 4am and each last Sunday of # October the time at 4am is changing to 3am" +# From Alexander Krivenyshev (2011-09-20): +# On September 20, 2011 the deputies of the Verkhovna Rada agreed to +# abolish the transfer clock to winter time. +# +# Bill number 8330 of MP from the Party of Regions Oleg Nadoshi got +# approval from 266 deputies. +# +# Ukraine abolishes transter back to the winter time (in Russian) +# <a href="http://news.mail.ru/politics/6861560/"> +# http://news.mail.ru/politics/6861560/ +# </a> +# +# The Ukrainians will no longer change the clock (in Russian) +# <a href="http://www.segodnya.ua/news/14290482.html"> +# http://www.segodnya.ua/news/14290482.html +# </a> +# +# Deputies cancelled the winter time (in Russian) +# <a href="http://www.pravda.com.ua/rus/news/2011/09/20/6600616/"> +# http://www.pravda.com.ua/rus/news/2011/09/20/6600616/ +# </a> + # Zone NAME GMTOFF RULES FORMAT [UNTIL] # Most of Ukraine since 1970 has been like Kiev. # "Kyiv" is the transliteration of the Ukrainian name, but @@ -2648,7 +2687,8 @@ 3:00 - MSK 1990 Jul 1 2:00 2:00 - EET 1992 2:00 E-Eur EE%sT 1995 - 2:00 EU EE%sT + 2:00 EU EE%sT 2011 Mar lastSun 1:00u + 3:00 - FET # Further-eastern European Time # Ruthenia used CET 1990/1991. # "Uzhhorod" is the transliteration of the Ukrainian name, but # "Uzhgorod" is more common in English. @@ -2662,7 +2702,8 @@ 1:00 - CET 1991 Mar 31 3:00 2:00 - EET 1992 2:00 E-Eur EE%sT 1995 - 2:00 EU EE%sT + 2:00 EU EE%sT 2011 Mar lastSun 1:00u + 3:00 - FET # Further-eastern European Time # Zaporozh'ye and eastern Lugansk oblasts observed DST 1990/1991. # "Zaporizhia" is the transliteration of the Ukrainian name, but # "Zaporozh'ye" is more common in English. Use the common English @@ -2675,7 +2716,8 @@ 1:00 C-Eur CE%sT 1943 Oct 25 3:00 Russia MSK/MSD 1991 Mar 31 2:00 2:00 E-Eur EE%sT 1995 - 2:00 EU EE%sT + 2:00 EU EE%sT 2011 Mar lastSun 1:00u + 3:00 - FET # Further-eastern European Time # Central Crimea used Moscow time 1994/1997. Zone Europe/Simferopol 2:16:24 - LMT 1880 2:16 - SMT 1924 May 2 # Simferopol Mean T @@ -2700,7 +2742,8 @@ # Assume it happened in March by not changing the clocks. 3:00 Russia MSK/MSD 1997 3:00 - MSK 1997 Mar lastSun 1:00u - 2:00 EU EE%sT + 2:00 EU EE%sT 2011 Mar lastSun 1:00u + 3:00 - FET # Further-eastern European Time ###############################################################################
--- a/jdk/make/sun/javazic/tzdata/northamerica Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/sun/javazic/tzdata/northamerica Sat Nov 05 00:02:33 2011 -0700 @@ -505,7 +505,7 @@ -8:00 US P%sT 1983 Oct 30 2:00 -9:00 US Y%sT 1983 Nov 30 -9:00 US AK%sT -Zone America/Sitka -14:58:47 - LMT 1867 Oct 18 +Zone America/Sitka 14:58:47 - LMT 1867 Oct 18 -9:01:13 - LMT 1900 Aug 20 12:00 -8:00 - PST 1942 -8:00 US P%sT 1946 @@ -1190,31 +1190,21 @@ # INMS (2000-09-12) says that, since 1988 at least, Newfoundland switches # at 00:01 local time. For now, assume it started in 1987. -# From Michael Pelley (2011-08-05): -# The Government of Newfoundland and Labrador has pending changes to -# modify the hour for daylight savings time to come into effect in -# November 2011. This modification would change the time from 12:01AM to -# 2:00AM on the dates of the switches of Daylight Savings Time to/from -# Standard Time. -# -# As a matter of reference, in Canada provinces have the authority of -# setting time zone information. The legislation has passed our -# legislative body (The House of Assembly) and is awaiting the -# proclamation to come into effect. You may find this information at: -# <a href="http://www.assembly.nl.ca/legislation/sr/lists/Proclamation.htm"> -# http://www.assembly.nl.ca/legislation/sr/lists/Proclamation.htm -# </a> -# and -# search within that web page for Standard Time (Amendment) Act. The Act -# may be found at: -# <a href="http://www.assembly.nl.ca/business/bills/Bill1106.htm"> -# http://www.assembly.nl.ca/business/bills/Bill1106.htm +# From Michael Pelley (2011-09-12): +# We received today, Monday, September 12, 2011, notification that the +# changes to the Newfoundland Standard Time Act have been proclaimed. +# The change in the Act stipulates that the change from Daylight Savings +# Time to Standard Time and from Standard Time to Daylight Savings Time +# now occurs at 2:00AM. +# ... +# <a href="http://www.assembly.nl.ca/legislation/sr/annualstatutes/2011/1106.chp.htm"> +# http://www.assembly.nl.ca/legislation/sr/annualstatutes/2011/1106.chp.htm # </a> # ... -# MICHAEL PELLEY | Manager of Enterprise Architecture - Solution Delivery -# Office of the Chief Information Officer Executive Council Government of -# Newfoundland & Labrador P.O. Box 8700, 40 Higgins Line, St. John's NL -# A1B 4J6 +# MICHAEL PELLEY | Manager of Enterprise Architecture - Solution Delivery +# Office of the Chief Information Officer +# Executive Council +# Government of Newfoundland & Labrador Rule StJohns 1987 only - Apr Sun>=1 0:01 1:00 D Rule StJohns 1987 2006 - Oct lastSun 0:01 0 S
--- a/jdk/make/sun/javazic/tzdata/southamerica Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/sun/javazic/tzdata/southamerica Sat Nov 05 00:02:33 2011 -0700 @@ -819,6 +819,26 @@ # <a href="http://www.timeanddate.com/news/time/brazil-dst-2008-2009.html"> # http://www.timeanddate.com/news/time/brazil-dst-2008-2009.html # </a> +# +# From Alexander Krivenyshev (2011-10-04): +# State Bahia will return to Daylight savings time this year after 8 years off. +# The announcement was made by Governor Jaques Wagner in an interview to a +# television station in Salvador. + +# In Portuguese: +# <a href="http://g1.globo.com/bahia/noticia/2011/10/governador-jaques-wagner-confirma-horario-de-verao-na-bahia.html"> +# http://g1.globo.com/bahia/noticia/2011/10/governador-jaques-wagner-confirma-horario-de-verao-na-bahia.html +# </a> and +# <a href="http://noticias.terra.com.br/brasil/noticias/0,,OI5390887-EI8139,00-Bahia+volta+a+ter+horario+de+verao+apos+oito+anos.html"> +# http://noticias.terra.com.br/brasil/noticias/0,,OI5390887-EI8139,00-Bahia+volta+a+ter+horario+de+verao+apos+oito+anos.html +# </a> + +# From Guilherme Bernardes Rodrigues (2011-10-07): +# There is news in the media, however there is still no decree about it. +# I just send a e-mail to Zulmira Brandão at +# <a href="http://pcdsh01.on.br/">http://pcdsh01.on.br/</a> the +# oficial agency about time in Brazil, and she confirmed that the old rule is +# still in force. # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S # Decree <a href="http://pcdsh01.on.br/HV20466.htm">20,466</a> (1931-10-01) @@ -1057,6 +1077,9 @@ Zone America/Bahia -2:34:04 - LMT 1914 -3:00 Brazil BR%sT 2003 Sep 24 -3:00 - BRT +# as noted above, not yet in operation. +# -3:00 - BRT 2011 Oct 16 +# -3:00 Brazil BR%sT # # Goias (GO), Distrito Federal (DF), Minas Gerais (MG), # Espirito Santo (ES), Rio de Janeiro (RJ), Sao Paulo (SP), Parana (PR),
--- a/jdk/make/sun/javazic/tzdata/zone.tab Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/sun/javazic/tzdata/zone.tab Sat Nov 05 00:02:33 2011 -0700 @@ -341,7 +341,8 @@ PM +4703-05620 America/Miquelon PN -2504-13005 Pacific/Pitcairn PR +182806-0660622 America/Puerto_Rico -PS +3130+03428 Asia/Gaza +PS +3130+03428 Asia/Gaza Gaza Strip +PS +313200+0350542 Asia/Hebron West Bank PT +3843-00908 Europe/Lisbon mainland PT +3238-01654 Atlantic/Madeira Madeira Islands PT +3744-02540 Atlantic/Azores Azores
--- a/jdk/make/sun/rmi/rmi/Makefile Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/sun/rmi/rmi/Makefile Sat Nov 05 00:02:33 2011 -0700 @@ -30,16 +30,9 @@ BUILDDIR = ../../.. PACKAGE = sun.rmi PRODUCT = sun -LIBRARY = rmi include $(BUILDDIR)/common/Defs.gmk # -# Add use of a mapfile -# -FILES_m = mapfile-vers -include $(BUILDDIR)/common/Mapfile-vers.gmk - -# # Java files to compile. # AUTO_FILES_JAVA_DIRS = \ @@ -52,31 +45,9 @@ com/sun/rmi # -# Native files to compile. -# -FILES_c = \ - sun/rmi/server/MarshalInputStream.c - -# -# Add ambient vpath to pick up files not part of sun.rmi package -# -vpath %.c $(SHARE_SRC)/native/sun/rmi/server - -# -# Exported files that require generated .h -# -FILES_export = \ - sun/rmi/server/MarshalInputStream.java - -# -# Link to JVM for JVM_LatestUserDefinedLoader -# -OTHER_LDLIBS = $(JVMLIB) - -# # Rules # -include $(BUILDDIR)/common/Library.gmk +include $(BUILDDIR)/common/Rules.gmk # # Full package names of implementations requiring stubs
--- a/jdk/make/sun/rmi/rmi/mapfile-vers Fri Nov 04 12:36:40 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,33 +0,0 @@ -# -# Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. Oracle designates this -# particular file as subject to the "Classpath" exception as provided -# by Oracle in the LICENSE file that accompanied this code. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - -# Define library interface. - -SUNWprivate_1.1 { - global: - Java_sun_rmi_server_MarshalInputStream_latestUserDefinedLoader; - local: - *; -};
--- a/jdk/make/sun/security/ec/Makefile Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/sun/security/ec/Makefile Sat Nov 05 00:02:33 2011 -0700 @@ -192,10 +192,8 @@ # # Libraries to link # - ifeq ($(PLATFORM), windows) - OTHER_LDLIBS += $(JVMLIB) - else - OTHER_LDLIBS = -ldl $(JVMLIB) $(LIBCXX) + ifneq ($(PLATFORM), windows) + OTHER_LDLIBS = $(LIBCXX) endif include $(BUILDDIR)/common/Mapfile-vers.gmk
--- a/jdk/make/sun/security/jgss/wrapper/Makefile Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/sun/security/jgss/wrapper/Makefile Sat Nov 05 00:02:33 2011 -0700 @@ -72,5 +72,6 @@ # Libraries to link # ifneq ($(PLATFORM), windows) - OTHER_LDLIBS = -ldl $(JVMLIB) + OTHER_LDLIBS = -ldl endif +
--- a/jdk/make/sun/security/krb5/Makefile Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/sun/security/krb5/Makefile Sat Nov 05 00:02:33 2011 -0700 @@ -69,15 +69,6 @@ include $(BUILDDIR)/common/Classes.gmk endif # PLATFORM -# -# Libraries to link -# -ifeq ($(PLATFORM), windows) - OTHER_LDLIBS = $(JVMLIB) -else - OTHER_LDLIBS = -ldl $(JVMLIB) -endif - build: ifeq ($(PLATFORM),windows) $(call make-launcher, kinit, sun.security.krb5.internal.tools.Kinit, , )
--- a/jdk/make/sun/security/mscapi/Makefile Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/sun/security/mscapi/Makefile Sat Nov 05 00:02:33 2011 -0700 @@ -159,7 +159,7 @@ # Libraries to link # ifeq ($(PLATFORM), windows) - OTHER_LDLIBS += $(JVMLIB) Crypt32.Lib + OTHER_LDLIBS += Crypt32.Lib endif #
--- a/jdk/make/sun/security/other/Makefile Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/sun/security/other/Makefile Sat Nov 05 00:02:33 2011 -0700 @@ -38,6 +38,7 @@ sun/security/acl \ sun/security/jca \ sun/security/pkcs \ + sun/security/pkcs10 \ sun/security/pkcs12 \ sun/security/provider \ sun/security/rsa \
--- a/jdk/make/sun/security/pkcs11/Makefile Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/sun/security/pkcs11/Makefile Sat Nov 05 00:02:33 2011 -0700 @@ -159,10 +159,8 @@ # # Libraries to link # -ifeq ($(PLATFORM), windows) - OTHER_LDLIBS = $(JVMLIB) -else - OTHER_LDLIBS = -ldl $(JVMLIB) +ifneq ($(PLATFORM), windows) + OTHER_LDLIBS = -ldl endif # Other config files
--- a/jdk/make/sun/security/smartcardio/Makefile Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/make/sun/security/smartcardio/Makefile Sat Nov 05 00:02:33 2011 -0700 @@ -73,8 +73,8 @@ # Libraries to link # ifeq ($(PLATFORM), windows) - OTHER_LDLIBS = $(JVMLIB) winscard.lib + OTHER_LDLIBS = winscard.lib else - OTHER_LDLIBS = -ldl $(JVMLIB) + OTHER_LDLIBS = -ldl OTHER_CFLAGS = -D__sun_jdk endif
--- a/jdk/src/share/classes/java/io/ObjectInputStream.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/java/io/ObjectInputStream.java Sat Nov 05 00:02:33 2011 -0700 @@ -2025,8 +2025,9 @@ * This method should not be removed or its signature changed without * corresponding modifications to the above class. */ - // REMIND: change name to something more accurate? - private static native ClassLoader latestUserDefinedLoader(); + private static ClassLoader latestUserDefinedLoader() { + return sun.misc.VM.latestUserDefinedLoader(); + } /** * Default GetField implementation.
--- a/jdk/src/share/classes/java/util/Collections.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/java/util/Collections.java Sat Nov 05 00:02:33 2011 -0700 @@ -2352,6 +2352,64 @@ } /** + * Returns a dynamically typesafe view of the specified queue. + * Any attempt to insert an element of the wrong type will result in + * an immediate {@link ClassCastException}. Assuming a queue contains + * no incorrectly typed elements prior to the time a dynamically typesafe + * view is generated, and that all subsequent access to the queue + * takes place through the view, it is <i>guaranteed</i> that the + * queue cannot contain an incorrectly typed element. + * + * <p>A discussion of the use of dynamically typesafe views may be + * found in the documentation for the {@link #checkedCollection + * checkedCollection} method. + * + * <p>The returned queue will be serializable if the specified queue + * is serializable. + * + * <p>Since {@code null} is considered to be a value of any reference + * type, the returned queue permits insertion of {@code null} elements + * whenever the backing queue does. + * + * @param queue the queue for which a dynamically typesafe view is to be + * returned + * @param type the type of element that {@code queue} is permitted to hold + * @return a dynamically typesafe view of the specified queue + * @since 1.8 + */ + public static <E> Queue<E> checkedQueue(Queue<E> queue, Class<E> type) { + return new CheckedQueue<>(queue, type); + } + + /** + * @serial include + */ + static class CheckedQueue<E> + extends CheckedCollection<E> + implements Queue<E>, Serializable + { + private static final long serialVersionUID = 1433151992604707767L; + final Queue<E> queue; + + CheckedQueue(Queue<E> queue, Class<E> elementType) { + super(queue, elementType); + this.queue = queue; + } + + public E element() {return queue.element();} + public boolean equals(Object o) {return o == this || c.equals(o);} + public int hashCode() {return c.hashCode();} + public E peek() {return queue.peek();} + public E poll() {return queue.poll();} + public E remove() {return queue.remove();} + + public boolean offer(E e) { + typeCheck(e); + return add(e); + } + } + + /** * Returns a dynamically typesafe view of the specified set. * Any attempt to insert an element of the wrong type will result in * an immediate {@link ClassCastException}. Assuming a set contains
--- a/jdk/src/share/classes/java/util/CurrencyData.properties Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/java/util/CurrencyData.properties Sat Nov 05 00:02:33 2011 -0700 @@ -71,7 +71,7 @@ # # The table is based on the following web sites: # http://www.din.de/gremien/nas/nabd/iso3166ma/codlstp1/db_en.html -# http://www.bsi-global.com/iso4217currency +# http://www.currency-iso.org/iso_index/iso_tables.htm # http://www.cia.gov/cia/publications/factbook/indexgeo.html # AFGHANISTAN @@ -105,7 +105,7 @@ # AUSTRIA AT=EUR # AZERBAIJAN -AZ=AZM;2005-12-31-20-00-00;AZN +AZ=AZN # BAHAMAS BS=BSD # BAHRAIN @@ -378,7 +378,7 @@ # MOROCCO MA=MAD # MOZAMBIQUE -MZ=MZM;2006-06-30-22-00-00;MZN +MZ=MZN # MYANMAR MM=MMK # NAMIBIA @@ -440,7 +440,7 @@ # REUNION RE=EUR # ROMANIA -RO=ROL;2005-06-30-21-00-00;RON +RO=RON # RUSSIAN FEDERATION RU=RUB # RWANDA @@ -532,7 +532,7 @@ # TUNISIA TN=TND # TURKEY -TR=TRL;2004-12-31-22-00-00;TRY +TR=TRY # TURKMENISTAN TM=TMT # TURKS AND CAICOS ISLANDS @@ -558,7 +558,7 @@ # VANUATU VU=VUV # VENEZUELA -VE=VEB;2008-01-01-04-00-00;VEF +VE=VEF # VIET NAM VN=VND # VIRGIN ISLANDS, BRITISH
--- a/jdk/src/share/classes/sun/misc/VM.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/misc/VM.java Sat Nov 05 00:02:33 2011 -0700 @@ -371,6 +371,12 @@ private final static int JVMTI_THREAD_STATE_WAITING_INDEFINITELY = 0x0010; private final static int JVMTI_THREAD_STATE_WAITING_WITH_TIMEOUT = 0x0020; + /* + * Returns the first non-null class loader up the execution stack, + * or null if only code from the null class loader is on the stack. + */ + public static native ClassLoader latestUserDefinedLoader(); + static { initialize(); }
--- a/jdk/src/share/classes/sun/rmi/server/MarshalInputStream.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/rmi/server/MarshalInputStream.java Sat Nov 05 00:02:33 2011 -0700 @@ -110,14 +110,6 @@ } /** - * Load the "rmi" native library. - */ - static { - java.security.AccessController.doPrivileged( - new sun.security.action.LoadLibraryAction("rmi")); - } - - /** * Create a new MarshalInputStream object. */ public MarshalInputStream(InputStream in) @@ -262,7 +254,9 @@ * Returns the first non-null class loader up the execution stack, or null * if only code from the null class loader is on the stack. */ - private static native ClassLoader latestUserDefinedLoader(); + private static ClassLoader latestUserDefinedLoader() { + return sun.misc.VM.latestUserDefinedLoader(); + } /** * Fix for 4179055: Need to assist resolving sun stubs; resolve
--- a/jdk/src/share/classes/sun/security/pkcs/EncodingException.java Fri Nov 04 12:36:40 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,45 +0,0 @@ -/* - * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/** - * Generic PKCS Encoding exception. - * - * @author Benjamin Renaud - */ - -package sun.security.pkcs; - -public class EncodingException extends Exception { - - private static final long serialVersionUID = 4060198374240668325L; - - public EncodingException() { - super(); - } - - public EncodingException(String s) { - super(s); - } -}
--- a/jdk/src/share/classes/sun/security/pkcs/PKCS10.java Fri Nov 04 12:36:40 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,353 +0,0 @@ -/* - * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - - -package sun.security.pkcs; - -import java.io.PrintStream; -import java.io.IOException; -import java.math.BigInteger; - -import java.security.cert.CertificateException; -import java.security.NoSuchAlgorithmException; -import java.security.InvalidKeyException; -import java.security.Signature; -import java.security.SignatureException; -import java.security.PublicKey; - -import sun.misc.BASE64Encoder; - -import sun.security.util.*; -import sun.security.x509.AlgorithmId; -import sun.security.x509.X509Key; -import sun.security.x509.X500Name; - -/** - * A PKCS #10 certificate request is created and sent to a Certificate - * Authority, which then creates an X.509 certificate and returns it to - * the entity that requested it. A certificate request basically consists - * of the subject's X.500 name, public key, and optionally some attributes, - * signed using the corresponding private key. - * - * The ASN.1 syntax for a Certification Request is: - * <pre> - * CertificationRequest ::= SEQUENCE { - * certificationRequestInfo CertificationRequestInfo, - * signatureAlgorithm SignatureAlgorithmIdentifier, - * signature Signature - * } - * - * SignatureAlgorithmIdentifier ::= AlgorithmIdentifier - * Signature ::= BIT STRING - * - * CertificationRequestInfo ::= SEQUENCE { - * version Version, - * subject Name, - * subjectPublicKeyInfo SubjectPublicKeyInfo, - * attributes [0] IMPLICIT Attributes - * } - * Attributes ::= SET OF Attribute - * </pre> - * - * @author David Brownell - * @author Amit Kapoor - * @author Hemma Prafullchandra - */ -public class PKCS10 { - /** - * Constructs an unsigned PKCS #10 certificate request. Before this - * request may be used, it must be encoded and signed. Then it - * must be retrieved in some conventional format (e.g. string). - * - * @param publicKey the public key that should be placed - * into the certificate generated by the CA. - */ - public PKCS10(PublicKey publicKey) { - subjectPublicKeyInfo = publicKey; - attributeSet = new PKCS10Attributes(); - } - - /** - * Constructs an unsigned PKCS #10 certificate request. Before this - * request may be used, it must be encoded and signed. Then it - * must be retrieved in some conventional format (e.g. string). - * - * @param publicKey the public key that should be placed - * into the certificate generated by the CA. - * @param attributes additonal set of PKCS10 attributes requested - * for in the certificate. - */ - public PKCS10(PublicKey publicKey, PKCS10Attributes attributes) { - subjectPublicKeyInfo = publicKey; - attributeSet = attributes; - } - - /** - * Parses an encoded, signed PKCS #10 certificate request, verifying - * the request's signature as it does so. This constructor would - * typically be used by a Certificate Authority, from which a new - * certificate would then be constructed. - * - * @param data the DER-encoded PKCS #10 request. - * @exception IOException for low level errors reading the data - * @exception SignatureException when the signature is invalid - * @exception NoSuchAlgorithmException when the signature - * algorithm is not supported in this environment - */ - public PKCS10(byte[] data) - throws IOException, SignatureException, NoSuchAlgorithmException { - DerInputStream in; - DerValue[] seq; - AlgorithmId id; - byte[] sigData; - Signature sig; - - encoded = data; - - // - // Outer sequence: request, signature algorithm, signature. - // Parse, and prepare to verify later. - // - in = new DerInputStream(data); - seq = in.getSequence(3); - - if (seq.length != 3) - throw new IllegalArgumentException("not a PKCS #10 request"); - - data = seq[0].toByteArray(); // reusing this variable - id = AlgorithmId.parse(seq[1]); - sigData = seq[2].getBitString(); - - // - // Inner sequence: version, name, key, attributes - // - BigInteger serial; - DerValue val; - - serial = seq[0].data.getBigInteger(); - if (!serial.equals(BigInteger.ZERO)) - throw new IllegalArgumentException("not PKCS #10 v1"); - - subject = new X500Name(seq[0].data); - subjectPublicKeyInfo = X509Key.parse(seq[0].data.getDerValue()); - - // Cope with a somewhat common illegal PKCS #10 format - if (seq[0].data.available() != 0) - attributeSet = new PKCS10Attributes(seq[0].data); - else - attributeSet = new PKCS10Attributes(); - - if (seq[0].data.available() != 0) - throw new IllegalArgumentException("illegal PKCS #10 data"); - - // - // OK, we parsed it all ... validate the signature using the - // key and signature algorithm we found. - // - try { - sig = Signature.getInstance(id.getName()); - sig.initVerify(subjectPublicKeyInfo); - sig.update(data); - if (!sig.verify(sigData)) - throw new SignatureException("Invalid PKCS #10 signature"); - } catch (InvalidKeyException e) { - throw new SignatureException("invalid key"); - } - } - - /** - * Create the signed certificate request. This will later be - * retrieved in either string or binary format. - * - * @param subject identifies the signer (by X.500 name). - * @param signature private key and signing algorithm to use. - * @exception IOException on errors. - * @exception CertificateException on certificate handling errors. - * @exception SignatureException on signature handling errors. - */ - public void encodeAndSign(X500Name subject, Signature signature) - throws CertificateException, IOException, SignatureException { - DerOutputStream out, scratch; - byte[] certificateRequestInfo; - byte[] sig; - - if (encoded != null) - throw new SignatureException("request is already signed"); - - this.subject = subject; - - /* - * Encode cert request info, wrap in a sequence for signing - */ - scratch = new DerOutputStream(); - scratch.putInteger(BigInteger.ZERO); // PKCS #10 v1.0 - subject.encode(scratch); // X.500 name - scratch.write(subjectPublicKeyInfo.getEncoded()); // public key - attributeSet.encode(scratch); - - out = new DerOutputStream(); - out.write(DerValue.tag_Sequence, scratch); // wrap it! - certificateRequestInfo = out.toByteArray(); - scratch = out; - - /* - * Sign it ... - */ - signature.update(certificateRequestInfo, 0, - certificateRequestInfo.length); - sig = signature.sign(); - - /* - * Build guts of SIGNED macro - */ - AlgorithmId algId = null; - try { - algId = AlgorithmId.get(signature.getAlgorithm()); - } catch (NoSuchAlgorithmException nsae) { - throw new SignatureException(nsae); - } - algId.encode(scratch); // sig algorithm - scratch.putBitString(sig); // sig - - /* - * Wrap those guts in a sequence - */ - out = new DerOutputStream(); - out.write(DerValue.tag_Sequence, scratch); - encoded = out.toByteArray(); - } - - /** - * Returns the subject's name. - */ - public X500Name getSubjectName() { return subject; } - - /** - * Returns the subject's public key. - */ - public PublicKey getSubjectPublicKeyInfo() - { return subjectPublicKeyInfo; } - - /** - * Returns the additional attributes requested. - */ - public PKCS10Attributes getAttributes() - { return attributeSet; } - - /** - * Returns the encoded and signed certificate request as a - * DER-encoded byte array. - * - * @return the certificate request, or null if encodeAndSign() - * has not yet been called. - */ - public byte[] getEncoded() { - if (encoded != null) - return encoded.clone(); - else - return null; - } - - /** - * Prints an E-Mailable version of the certificate request on the print - * stream passed. The format is a common base64 encoded one, supported - * by most Certificate Authorities because Netscape web servers have - * used this for some time. Some certificate authorities expect some - * more information, in particular contact information for the web - * server administrator. - * - * @param out the print stream where the certificate request - * will be printed. - * @exception IOException when an output operation failed - * @exception SignatureException when the certificate request was - * not yet signed. - */ - public void print(PrintStream out) - throws IOException, SignatureException { - if (encoded == null) - throw new SignatureException("Cert request was not signed"); - - BASE64Encoder encoder = new BASE64Encoder(); - - out.println("-----BEGIN NEW CERTIFICATE REQUEST-----"); - encoder.encodeBuffer(encoded, out); - out.println("-----END NEW CERTIFICATE REQUEST-----"); - } - - /** - * Provides a short description of this request. - */ - public String toString() { - return "[PKCS #10 certificate request:\n" - + subjectPublicKeyInfo.toString() - + " subject: <" + subject + ">" + "\n" - + " attributes: " + attributeSet.toString() - + "\n]"; - } - - /** - * Compares this object for equality with the specified - * object. If the <code>other</code> object is an - * <code>instanceof</code> <code>PKCS10</code>, then - * its encoded form is retrieved and compared with the - * encoded form of this certificate request. - * - * @param other the object to test for equality with this object. - * @return true iff the encoded forms of the two certificate - * requests match, false otherwise. - */ - public boolean equals(Object other) { - if (this == other) - return true; - if (!(other instanceof PKCS10)) - return false; - if (encoded == null) // not signed yet - return false; - byte[] otherEncoded = ((PKCS10)other).getEncoded(); - if (otherEncoded == null) - return false; - - return java.util.Arrays.equals(encoded, otherEncoded); - } - - /** - * Returns a hashcode value for this certificate request from its - * encoded form. - * - * @return the hashcode value. - */ - public int hashCode() { - int retval = 0; - if (encoded != null) - for (int i = 1; i < encoded.length; i++) - retval += encoded[i] * i; - return(retval); - } - - private X500Name subject; - private PublicKey subjectPublicKeyInfo; - private PKCS10Attributes attributeSet; - private byte[] encoded; // signed -}
--- a/jdk/src/share/classes/sun/security/pkcs/PKCS10Attribute.java Fri Nov 04 12:36:40 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,135 +0,0 @@ -/* - * Copyright (c) 1997, 1998, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.pkcs; - -import java.io.OutputStream; -import java.io.IOException; - -import sun.security.util.*; - -/** - * Represent a PKCS#10 Attribute. - * - * <p>Attributes are additonal information which can be inserted in a PKCS#10 - * certificate request. For example a "Driving License Certificate" could have - * the driving license number as an attribute. - * - * <p>Attributes are represented as a sequence of the attribute identifier - * (Object Identifier) and a set of DER encoded attribute values. - * - * ASN.1 definition of Attribute: - * <pre> - * Attribute :: SEQUENCE { - * type AttributeType, - * values SET OF AttributeValue - * } - * AttributeType ::= OBJECT IDENTIFIER - * AttributeValue ::= ANY defined by type - * </pre> - * - * @author Amit Kapoor - * @author Hemma Prafullchandra - */ -public class PKCS10Attribute implements DerEncoder { - - protected ObjectIdentifier attributeId = null; - protected Object attributeValue = null; - - /** - * Constructs an attribute from a DER encoding. - * This constructor expects the value to be encoded as defined above, - * i.e. a SEQUENCE of OID and SET OF value(s), not a literal - * X.509 v3 extension. Only PKCS9 defined attributes are supported - * currently. - * - * @param derVal the der encoded attribute. - * @exception IOException on parsing errors. - */ - public PKCS10Attribute(DerValue derVal) throws IOException { - PKCS9Attribute attr = new PKCS9Attribute(derVal); - this.attributeId = attr.getOID(); - this.attributeValue = attr.getValue(); - } - - /** - * Constructs an attribute from individual components of - * ObjectIdentifier and the value (any java object). - * - * @param attributeId the ObjectIdentifier of the attribute. - * @param attributeValue an instance of a class that implements - * the attribute identified by the ObjectIdentifier. - */ - public PKCS10Attribute(ObjectIdentifier attributeId, - Object attributeValue) { - this.attributeId = attributeId; - this.attributeValue = attributeValue; - } - - /** - * Constructs an attribute from PKCS9 attribute. - * - * @param attr the PKCS9Attribute to create from. - */ - public PKCS10Attribute(PKCS9Attribute attr) { - this.attributeId = attr.getOID(); - this.attributeValue = attr.getValue(); - } - - /** - * DER encode this object onto an output stream. - * Implements the <code>DerEncoder</code> interface. - * - * @param out - * the OutputStream on which to write the DER encoding. - * - * @exception IOException on encoding errors. - */ - public void derEncode(OutputStream out) throws IOException { - PKCS9Attribute attr = new PKCS9Attribute(attributeId, attributeValue); - attr.derEncode(out); - } - - /** - * Returns the ObjectIdentifier of the attribute. - */ - public ObjectIdentifier getAttributeId() { - return (attributeId); - } - - /** - * Returns the attribute value. - */ - public Object getAttributeValue() { - return (attributeValue); - } - - /** - * Returns the attribute in user readable form. - */ - public String toString() { - return (attributeValue.toString()); - } -}
--- a/jdk/src/share/classes/sun/security/pkcs/PKCS10Attributes.java Fri Nov 04 12:36:40 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,219 +0,0 @@ -/* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.pkcs; - -import java.io.IOException; -import java.io.OutputStream; -import java.security.cert.CertificateException; -import java.util.Collection; -import java.util.Collections; -import java.util.Enumeration; -import java.util.Hashtable; - -import sun.security.util.*; - -/** - * This class defines the PKCS10 attributes for the request. - * The ASN.1 syntax for this is: - * <pre> - * Attributes ::= SET OF Attribute - * </pre> - * - * @author Amit Kapoor - * @author Hemma Prafullchandra - * @see PKCS10 - * @see PKCS10Attribute - */ -public class PKCS10Attributes implements DerEncoder { - - private Hashtable<String, PKCS10Attribute> map = - new Hashtable<String, PKCS10Attribute>(3); - - /** - * Default constructor for the PKCS10 attribute. - */ - public PKCS10Attributes() { } - - /** - * Create the object from the array of PKCS10Attribute objects. - * - * @param attrs the array of PKCS10Attribute objects. - */ - public PKCS10Attributes(PKCS10Attribute[] attrs) { - for (int i = 0; i < attrs.length; i++) { - map.put(attrs[i].getAttributeId().toString(), attrs[i]); - } - } - - /** - * Create the object, decoding the values from the passed DER stream. - * The DER stream contains the SET OF Attribute. - * - * @param in the DerInputStream to read the attributes from. - * @exception IOException on decoding errors. - */ - public PKCS10Attributes(DerInputStream in) throws IOException { - DerValue[] attrs = in.getSet(3, true); - - if (attrs == null) - throw new IOException("Illegal encoding of attributes"); - for (int i = 0; i < attrs.length; i++) { - PKCS10Attribute attr = new PKCS10Attribute(attrs[i]); - map.put(attr.getAttributeId().toString(), attr); - } - } - - /** - * Encode the attributes in DER form to the stream. - * - * @param out the OutputStream to marshal the contents to. - * @exception IOException on encoding errors. - */ - public void encode(OutputStream out) throws IOException { - derEncode(out); - } - - /** - * Encode the attributes in DER form to the stream. - * Implements the <code>DerEncoder</code> interface. - * - * @param out the OutputStream to marshal the contents to. - * @exception IOException on encoding errors. - */ - public void derEncode(OutputStream out) throws IOException { - // first copy the elements into an array - Collection<PKCS10Attribute> allAttrs = map.values(); - PKCS10Attribute[] attribs = - allAttrs.toArray(new PKCS10Attribute[map.size()]); - - DerOutputStream attrOut = new DerOutputStream(); - attrOut.putOrderedSetOf(DerValue.createTag(DerValue.TAG_CONTEXT, - true, (byte)0), - attribs); - out.write(attrOut.toByteArray()); - } - - /** - * Set the attribute value. - */ - public void setAttribute(String name, Object obj) { - if (obj instanceof PKCS10Attribute) { - map.put(name, (PKCS10Attribute)obj); - } - } - - /** - * Get the attribute value. - */ - public Object getAttribute(String name) { - return map.get(name); - } - - /** - * Delete the attribute value. - */ - public void deleteAttribute(String name) { - map.remove(name); - } - - /** - * Return an enumeration of names of attributes existing within this - * attribute. - */ - public Enumeration<PKCS10Attribute> getElements() { - return (map.elements()); - } - - /** - * Return a Collection of attributes existing within this - * PKCS10Attributes object. - */ - public Collection<PKCS10Attribute> getAttributes() { - return (Collections.unmodifiableCollection(map.values())); - } - - /** - * Compares this PKCS10Attributes for equality with the specified - * object. If the <code>other</code> object is an - * <code>instanceof</code> <code>PKCS10Attributes</code>, then - * all the entries are compared with the entries from this. - * - * @param other the object to test for equality with this PKCS10Attributes. - * @return true if all the entries match that of the Other, - * false otherwise. - */ - public boolean equals(Object other) { - if (this == other) - return true; - if (!(other instanceof PKCS10Attributes)) - return false; - - Collection<PKCS10Attribute> othersAttribs = - ((PKCS10Attributes)other).getAttributes(); - PKCS10Attribute[] attrs = - othersAttribs.toArray(new PKCS10Attribute[othersAttribs.size()]); - int len = attrs.length; - if (len != map.size()) - return false; - PKCS10Attribute thisAttr, otherAttr; - String key = null; - for (int i=0; i < len; i++) { - otherAttr = attrs[i]; - key = otherAttr.getAttributeId().toString(); - - if (key == null) - return false; - thisAttr = map.get(key); - if (thisAttr == null) - return false; - if (! thisAttr.equals(otherAttr)) - return false; - } - return true; - } - - /** - * Returns a hashcode value for this PKCS10Attributes. - * - * @return the hashcode value. - */ - public int hashCode() { - return map.hashCode(); - } - - /** - * Returns a string representation of this <tt>PKCS10Attributes</tt> object - * in the form of a set of entries, enclosed in braces and separated - * by the ASCII characters "<tt>, </tt>" (comma and space). - * <p>Overrides the <tt>toString</tt> method of <tt>Object</tt>. - * - * @return a string representation of this PKCS10Attributes. - */ - public String toString() { - String s = map.size() + "\n" + map.toString(); - return s; - } -}
--- a/jdk/src/share/classes/sun/security/pkcs/PKCS7.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/pkcs/PKCS7.java Sat Nov 05 00:02:33 2011 -0700 @@ -27,6 +27,7 @@ import java.io.*; import java.math.BigInteger; +import java.net.URI; import java.util.*; import java.security.cert.X509Certificate; import java.security.cert.CertificateException; @@ -35,6 +36,7 @@ import java.security.cert.CertificateFactory; import java.security.*; +import sun.security.timestamp.*; import sun.security.util.*; import sun.security.x509.AlgorithmId; import sun.security.x509.CertificateIssuerName; @@ -68,6 +70,30 @@ private Principal[] certIssuerNames; + /* + * Random number generator for creating nonce values + */ + private static final SecureRandom RANDOM; + static { + SecureRandom tmp = null; + try { + tmp = SecureRandom.getInstance("SHA1PRNG"); + } catch (NoSuchAlgorithmException e) { + // should not happen + } + RANDOM = tmp; + } + + /* + * Object identifier for the timestamping key purpose. + */ + private static final String KP_TIMESTAMPING_OID = "1.3.6.1.5.5.7.3.8"; + + /* + * Object identifier for extendedKeyUsage extension + */ + private static final String EXTENDED_KEY_USAGE_OID = "2.5.29.37"; + /** * Unmarshals a PKCS7 block from its encoded form, parsing the * encoded bytes from the InputStream. @@ -733,4 +759,164 @@ public boolean isOldStyle() { return this.oldStyle; } + + /** + * Assembles a PKCS #7 signed data message that optionally includes a + * signature timestamp. + * + * @param signature the signature bytes + * @param signerChain the signer's X.509 certificate chain + * @param content the content that is signed; specify null to not include + * it in the PKCS7 data + * @param signatureAlgorithm the name of the signature algorithm + * @param tsaURI the URI of the Timestamping Authority; or null if no + * timestamp is requested + * @return the bytes of the encoded PKCS #7 signed data message + * @throws NoSuchAlgorithmException The exception is thrown if the signature + * algorithm is unrecognised. + * @throws CertificateException The exception is thrown if an error occurs + * while processing the signer's certificate or the TSA's + * certificate. + * @throws IOException The exception is thrown if an error occurs while + * generating the signature timestamp or while generating the signed + * data message. + */ + public static byte[] generateSignedData(byte[] signature, + X509Certificate[] signerChain, + byte[] content, + String signatureAlgorithm, + URI tsaURI) + throws CertificateException, IOException, NoSuchAlgorithmException + { + + // Generate the timestamp token + PKCS9Attributes unauthAttrs = null; + if (tsaURI != null) { + // Timestamp the signature + HttpTimestamper tsa = new HttpTimestamper(tsaURI); + byte[] tsToken = generateTimestampToken(tsa, signature); + + // Insert the timestamp token into the PKCS #7 signer info element + // (as an unsigned attribute) + unauthAttrs = + new PKCS9Attributes(new PKCS9Attribute[]{ + new PKCS9Attribute( + PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_STR, + tsToken)}); + } + + // Create the SignerInfo + X500Name issuerName = + X500Name.asX500Name(signerChain[0].getIssuerX500Principal()); + BigInteger serialNumber = signerChain[0].getSerialNumber(); + String encAlg = AlgorithmId.getEncAlgFromSigAlg(signatureAlgorithm); + String digAlg = AlgorithmId.getDigAlgFromSigAlg(signatureAlgorithm); + SignerInfo signerInfo = new SignerInfo(issuerName, serialNumber, + AlgorithmId.get(digAlg), null, + AlgorithmId.get(encAlg), + signature, unauthAttrs); + + // Create the PKCS #7 signed data message + SignerInfo[] signerInfos = {signerInfo}; + AlgorithmId[] algorithms = {signerInfo.getDigestAlgorithmId()}; + // Include or exclude content + ContentInfo contentInfo = (content == null) + ? new ContentInfo(ContentInfo.DATA_OID, null) + : new ContentInfo(content); + PKCS7 pkcs7 = new PKCS7(algorithms, contentInfo, + signerChain, signerInfos); + ByteArrayOutputStream p7out = new ByteArrayOutputStream(); + pkcs7.encodeSignedData(p7out); + + return p7out.toByteArray(); + } + + /** + * Requests, processes and validates a timestamp token from a TSA using + * common defaults. Uses the following defaults in the timestamp request: + * SHA-1 for the hash algorithm, a 64-bit nonce, and request certificate + * set to true. + * + * @param tsa the timestamping authority to use + * @param toBeTimestamped the token that is to be timestamped + * @return the encoded timestamp token + * @throws IOException The exception is thrown if an error occurs while + * communicating with the TSA. + * @throws CertificateException The exception is thrown if the TSA's + * certificate is not permitted for timestamping. + */ + private static byte[] generateTimestampToken(Timestamper tsa, + byte[] toBeTimestamped) + throws IOException, CertificateException + { + // Generate a timestamp + MessageDigest messageDigest = null; + TSRequest tsQuery = null; + try { + // SHA-1 is always used. + messageDigest = MessageDigest.getInstance("SHA-1"); + tsQuery = new TSRequest(toBeTimestamped, messageDigest); + } catch (NoSuchAlgorithmException e) { + // ignore + } + + // Generate a nonce + BigInteger nonce = null; + if (RANDOM != null) { + nonce = new BigInteger(64, RANDOM); + tsQuery.setNonce(nonce); + } + tsQuery.requestCertificate(true); + + TSResponse tsReply = tsa.generateTimestamp(tsQuery); + int status = tsReply.getStatusCode(); + // Handle TSP error + if (status != 0 && status != 1) { + throw new IOException("Error generating timestamp: " + + tsReply.getStatusCodeAsText() + " " + + tsReply.getFailureCodeAsText()); + } + PKCS7 tsToken = tsReply.getToken(); + + TimestampToken tst = tsReply.getTimestampToken(); + if (!tst.getHashAlgorithm().getName().equals("SHA")) { + throw new IOException("Digest algorithm not SHA-1 in " + + "timestamp token"); + } + if (!MessageDigest.isEqual(tst.getHashedMessage(), + tsQuery.getHashedMessage())) { + throw new IOException("Digest octets changed in timestamp token"); + } + + BigInteger replyNonce = tst.getNonce(); + if (replyNonce == null && nonce != null) { + throw new IOException("Nonce missing in timestamp token"); + } + if (replyNonce != null && !replyNonce.equals(nonce)) { + throw new IOException("Nonce changed in timestamp token"); + } + + // Examine the TSA's certificate (if present) + for (SignerInfo si: tsToken.getSignerInfos()) { + X509Certificate cert = si.getCertificate(tsToken); + if (cert == null) { + // Error, we've already set tsRequestCertificate = true + throw new CertificateException( + "Certificate not included in timestamp token"); + } else { + if (!cert.getCriticalExtensionOIDs().contains( + EXTENDED_KEY_USAGE_OID)) { + throw new CertificateException( + "Certificate is not valid for timestamping"); + } + List<String> keyPurposes = cert.getExtendedKeyUsage(); + if (keyPurposes == null || + !keyPurposes.contains(KP_TIMESTAMPING_OID)) { + throw new CertificateException( + "Certificate is not valid for timestamping"); + } + } + } + return tsReply.getEncodedToken(); + } }
--- a/jdk/src/share/classes/sun/security/pkcs/SignerInfo.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/pkcs/SignerInfo.java Sat Nov 05 00:02:33 2011 -0700 @@ -28,10 +28,14 @@ import java.io.OutputStream; import java.io.IOException; import java.math.BigInteger; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.CertPath; import java.security.cert.X509Certificate; import java.security.*; import java.util.ArrayList; +import sun.security.timestamp.TimestampToken; import sun.security.util.*; import sun.security.x509.AlgorithmId; import sun.security.x509.X500Name; @@ -51,6 +55,8 @@ AlgorithmId digestAlgorithmId; AlgorithmId digestEncryptionAlgorithmId; byte[] encryptedDigest; + Timestamp timestamp; + private boolean hasTimestamp = true; PKCS9Attributes authenticatedAttributes; PKCS9Attributes unauthenticatedAttributes; @@ -442,6 +448,62 @@ return unauthenticatedAttributes; } + /* + * Extracts a timestamp from a PKCS7 SignerInfo. + * + * Examines the signer's unsigned attributes for a + * <tt>signatureTimestampToken</tt> attribute. If present, + * then it is parsed to extract the date and time at which the + * timestamp was generated. + * + * @param info A signer information element of a PKCS 7 block. + * + * @return A timestamp token or null if none is present. + * @throws IOException if an error is encountered while parsing the + * PKCS7 data. + * @throws NoSuchAlgorithmException if an error is encountered while + * verifying the PKCS7 object. + * @throws SignatureException if an error is encountered while + * verifying the PKCS7 object. + * @throws CertificateException if an error is encountered while generating + * the TSA's certpath. + */ + public Timestamp getTimestamp() + throws IOException, NoSuchAlgorithmException, SignatureException, + CertificateException + { + if (timestamp != null || !hasTimestamp) + return timestamp; + + if (unauthenticatedAttributes == null) { + hasTimestamp = false; + return null; + } + PKCS9Attribute tsTokenAttr = + unauthenticatedAttributes.getAttribute( + PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID); + if (tsTokenAttr == null) { + hasTimestamp = false; + return null; + } + + PKCS7 tsToken = new PKCS7((byte[])tsTokenAttr.getValue()); + // Extract the content (an encoded timestamp token info) + byte[] encTsTokenInfo = tsToken.getContentInfo().getData(); + // Extract the signer (the Timestamping Authority) + // while verifying the content + SignerInfo[] tsa = tsToken.verify(encTsTokenInfo); + // Expect only one signer + ArrayList<X509Certificate> chain = tsa[0].getCertificateChain(tsToken); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + CertPath tsaChain = cf.generateCertPath(chain); + // Create a timestamp token info object + TimestampToken tsTokenInfo = new TimestampToken(encTsTokenInfo); + // Create a timestamp object + timestamp = new Timestamp(tsTokenInfo.getDate(), tsaChain); + return timestamp; + } + public String toString() { HexDumpEncoder hexDump = new HexDumpEncoder(); @@ -467,5 +529,4 @@ } return out; } - }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java Sat Nov 05 00:02:33 2011 -0700 @@ -0,0 +1,353 @@ +/* + * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + + +package sun.security.pkcs10; + +import java.io.PrintStream; +import java.io.IOException; +import java.math.BigInteger; + +import java.security.cert.CertificateException; +import java.security.NoSuchAlgorithmException; +import java.security.InvalidKeyException; +import java.security.Signature; +import java.security.SignatureException; +import java.security.PublicKey; + +import sun.misc.BASE64Encoder; + +import sun.security.util.*; +import sun.security.x509.AlgorithmId; +import sun.security.x509.X509Key; +import sun.security.x509.X500Name; + +/** + * A PKCS #10 certificate request is created and sent to a Certificate + * Authority, which then creates an X.509 certificate and returns it to + * the entity that requested it. A certificate request basically consists + * of the subject's X.500 name, public key, and optionally some attributes, + * signed using the corresponding private key. + * + * The ASN.1 syntax for a Certification Request is: + * <pre> + * CertificationRequest ::= SEQUENCE { + * certificationRequestInfo CertificationRequestInfo, + * signatureAlgorithm SignatureAlgorithmIdentifier, + * signature Signature + * } + * + * SignatureAlgorithmIdentifier ::= AlgorithmIdentifier + * Signature ::= BIT STRING + * + * CertificationRequestInfo ::= SEQUENCE { + * version Version, + * subject Name, + * subjectPublicKeyInfo SubjectPublicKeyInfo, + * attributes [0] IMPLICIT Attributes + * } + * Attributes ::= SET OF Attribute + * </pre> + * + * @author David Brownell + * @author Amit Kapoor + * @author Hemma Prafullchandra + */ +public class PKCS10 { + /** + * Constructs an unsigned PKCS #10 certificate request. Before this + * request may be used, it must be encoded and signed. Then it + * must be retrieved in some conventional format (e.g. string). + * + * @param publicKey the public key that should be placed + * into the certificate generated by the CA. + */ + public PKCS10(PublicKey publicKey) { + subjectPublicKeyInfo = publicKey; + attributeSet = new PKCS10Attributes(); + } + + /** + * Constructs an unsigned PKCS #10 certificate request. Before this + * request may be used, it must be encoded and signed. Then it + * must be retrieved in some conventional format (e.g. string). + * + * @param publicKey the public key that should be placed + * into the certificate generated by the CA. + * @param attributes additonal set of PKCS10 attributes requested + * for in the certificate. + */ + public PKCS10(PublicKey publicKey, PKCS10Attributes attributes) { + subjectPublicKeyInfo = publicKey; + attributeSet = attributes; + } + + /** + * Parses an encoded, signed PKCS #10 certificate request, verifying + * the request's signature as it does so. This constructor would + * typically be used by a Certificate Authority, from which a new + * certificate would then be constructed. + * + * @param data the DER-encoded PKCS #10 request. + * @exception IOException for low level errors reading the data + * @exception SignatureException when the signature is invalid + * @exception NoSuchAlgorithmException when the signature + * algorithm is not supported in this environment + */ + public PKCS10(byte[] data) + throws IOException, SignatureException, NoSuchAlgorithmException { + DerInputStream in; + DerValue[] seq; + AlgorithmId id; + byte[] sigData; + Signature sig; + + encoded = data; + + // + // Outer sequence: request, signature algorithm, signature. + // Parse, and prepare to verify later. + // + in = new DerInputStream(data); + seq = in.getSequence(3); + + if (seq.length != 3) + throw new IllegalArgumentException("not a PKCS #10 request"); + + data = seq[0].toByteArray(); // reusing this variable + id = AlgorithmId.parse(seq[1]); + sigData = seq[2].getBitString(); + + // + // Inner sequence: version, name, key, attributes + // + BigInteger serial; + DerValue val; + + serial = seq[0].data.getBigInteger(); + if (!serial.equals(BigInteger.ZERO)) + throw new IllegalArgumentException("not PKCS #10 v1"); + + subject = new X500Name(seq[0].data); + subjectPublicKeyInfo = X509Key.parse(seq[0].data.getDerValue()); + + // Cope with a somewhat common illegal PKCS #10 format + if (seq[0].data.available() != 0) + attributeSet = new PKCS10Attributes(seq[0].data); + else + attributeSet = new PKCS10Attributes(); + + if (seq[0].data.available() != 0) + throw new IllegalArgumentException("illegal PKCS #10 data"); + + // + // OK, we parsed it all ... validate the signature using the + // key and signature algorithm we found. + // + try { + sig = Signature.getInstance(id.getName()); + sig.initVerify(subjectPublicKeyInfo); + sig.update(data); + if (!sig.verify(sigData)) + throw new SignatureException("Invalid PKCS #10 signature"); + } catch (InvalidKeyException e) { + throw new SignatureException("invalid key"); + } + } + + /** + * Create the signed certificate request. This will later be + * retrieved in either string or binary format. + * + * @param subject identifies the signer (by X.500 name). + * @param signature private key and signing algorithm to use. + * @exception IOException on errors. + * @exception CertificateException on certificate handling errors. + * @exception SignatureException on signature handling errors. + */ + public void encodeAndSign(X500Name subject, Signature signature) + throws CertificateException, IOException, SignatureException { + DerOutputStream out, scratch; + byte[] certificateRequestInfo; + byte[] sig; + + if (encoded != null) + throw new SignatureException("request is already signed"); + + this.subject = subject; + + /* + * Encode cert request info, wrap in a sequence for signing + */ + scratch = new DerOutputStream(); + scratch.putInteger(BigInteger.ZERO); // PKCS #10 v1.0 + subject.encode(scratch); // X.500 name + scratch.write(subjectPublicKeyInfo.getEncoded()); // public key + attributeSet.encode(scratch); + + out = new DerOutputStream(); + out.write(DerValue.tag_Sequence, scratch); // wrap it! + certificateRequestInfo = out.toByteArray(); + scratch = out; + + /* + * Sign it ... + */ + signature.update(certificateRequestInfo, 0, + certificateRequestInfo.length); + sig = signature.sign(); + + /* + * Build guts of SIGNED macro + */ + AlgorithmId algId = null; + try { + algId = AlgorithmId.get(signature.getAlgorithm()); + } catch (NoSuchAlgorithmException nsae) { + throw new SignatureException(nsae); + } + algId.encode(scratch); // sig algorithm + scratch.putBitString(sig); // sig + + /* + * Wrap those guts in a sequence + */ + out = new DerOutputStream(); + out.write(DerValue.tag_Sequence, scratch); + encoded = out.toByteArray(); + } + + /** + * Returns the subject's name. + */ + public X500Name getSubjectName() { return subject; } + + /** + * Returns the subject's public key. + */ + public PublicKey getSubjectPublicKeyInfo() + { return subjectPublicKeyInfo; } + + /** + * Returns the additional attributes requested. + */ + public PKCS10Attributes getAttributes() + { return attributeSet; } + + /** + * Returns the encoded and signed certificate request as a + * DER-encoded byte array. + * + * @return the certificate request, or null if encodeAndSign() + * has not yet been called. + */ + public byte[] getEncoded() { + if (encoded != null) + return encoded.clone(); + else + return null; + } + + /** + * Prints an E-Mailable version of the certificate request on the print + * stream passed. The format is a common base64 encoded one, supported + * by most Certificate Authorities because Netscape web servers have + * used this for some time. Some certificate authorities expect some + * more information, in particular contact information for the web + * server administrator. + * + * @param out the print stream where the certificate request + * will be printed. + * @exception IOException when an output operation failed + * @exception SignatureException when the certificate request was + * not yet signed. + */ + public void print(PrintStream out) + throws IOException, SignatureException { + if (encoded == null) + throw new SignatureException("Cert request was not signed"); + + BASE64Encoder encoder = new BASE64Encoder(); + + out.println("-----BEGIN NEW CERTIFICATE REQUEST-----"); + encoder.encodeBuffer(encoded, out); + out.println("-----END NEW CERTIFICATE REQUEST-----"); + } + + /** + * Provides a short description of this request. + */ + public String toString() { + return "[PKCS #10 certificate request:\n" + + subjectPublicKeyInfo.toString() + + " subject: <" + subject + ">" + "\n" + + " attributes: " + attributeSet.toString() + + "\n]"; + } + + /** + * Compares this object for equality with the specified + * object. If the <code>other</code> object is an + * <code>instanceof</code> <code>PKCS10</code>, then + * its encoded form is retrieved and compared with the + * encoded form of this certificate request. + * + * @param other the object to test for equality with this object. + * @return true iff the encoded forms of the two certificate + * requests match, false otherwise. + */ + public boolean equals(Object other) { + if (this == other) + return true; + if (!(other instanceof PKCS10)) + return false; + if (encoded == null) // not signed yet + return false; + byte[] otherEncoded = ((PKCS10)other).getEncoded(); + if (otherEncoded == null) + return false; + + return java.util.Arrays.equals(encoded, otherEncoded); + } + + /** + * Returns a hashcode value for this certificate request from its + * encoded form. + * + * @return the hashcode value. + */ + public int hashCode() { + int retval = 0; + if (encoded != null) + for (int i = 1; i < encoded.length; i++) + retval += encoded[i] * i; + return(retval); + } + + private X500Name subject; + private PublicKey subjectPublicKeyInfo; + private PKCS10Attributes attributeSet; + private byte[] encoded; // signed +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/src/share/classes/sun/security/pkcs10/PKCS10Attribute.java Sat Nov 05 00:02:33 2011 -0700 @@ -0,0 +1,136 @@ +/* + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.pkcs10; + +import java.io.OutputStream; +import java.io.IOException; + +import sun.security.pkcs.PKCS9Attribute; +import sun.security.util.*; + +/** + * Represent a PKCS#10 Attribute. + * + * <p>Attributes are additonal information which can be inserted in a PKCS#10 + * certificate request. For example a "Driving License Certificate" could have + * the driving license number as an attribute. + * + * <p>Attributes are represented as a sequence of the attribute identifier + * (Object Identifier) and a set of DER encoded attribute values. + * + * ASN.1 definition of Attribute: + * <pre> + * Attribute :: SEQUENCE { + * type AttributeType, + * values SET OF AttributeValue + * } + * AttributeType ::= OBJECT IDENTIFIER + * AttributeValue ::= ANY defined by type + * </pre> + * + * @author Amit Kapoor + * @author Hemma Prafullchandra + */ +public class PKCS10Attribute implements DerEncoder { + + protected ObjectIdentifier attributeId = null; + protected Object attributeValue = null; + + /** + * Constructs an attribute from a DER encoding. + * This constructor expects the value to be encoded as defined above, + * i.e. a SEQUENCE of OID and SET OF value(s), not a literal + * X.509 v3 extension. Only PKCS9 defined attributes are supported + * currently. + * + * @param derVal the der encoded attribute. + * @exception IOException on parsing errors. + */ + public PKCS10Attribute(DerValue derVal) throws IOException { + PKCS9Attribute attr = new PKCS9Attribute(derVal); + this.attributeId = attr.getOID(); + this.attributeValue = attr.getValue(); + } + + /** + * Constructs an attribute from individual components of + * ObjectIdentifier and the value (any java object). + * + * @param attributeId the ObjectIdentifier of the attribute. + * @param attributeValue an instance of a class that implements + * the attribute identified by the ObjectIdentifier. + */ + public PKCS10Attribute(ObjectIdentifier attributeId, + Object attributeValue) { + this.attributeId = attributeId; + this.attributeValue = attributeValue; + } + + /** + * Constructs an attribute from PKCS9 attribute. + * + * @param attr the PKCS9Attribute to create from. + */ + public PKCS10Attribute(PKCS9Attribute attr) { + this.attributeId = attr.getOID(); + this.attributeValue = attr.getValue(); + } + + /** + * DER encode this object onto an output stream. + * Implements the <code>DerEncoder</code> interface. + * + * @param out + * the OutputStream on which to write the DER encoding. + * + * @exception IOException on encoding errors. + */ + public void derEncode(OutputStream out) throws IOException { + PKCS9Attribute attr = new PKCS9Attribute(attributeId, attributeValue); + attr.derEncode(out); + } + + /** + * Returns the ObjectIdentifier of the attribute. + */ + public ObjectIdentifier getAttributeId() { + return (attributeId); + } + + /** + * Returns the attribute value. + */ + public Object getAttributeValue() { + return (attributeValue); + } + + /** + * Returns the attribute in user readable form. + */ + public String toString() { + return (attributeValue.toString()); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/src/share/classes/sun/security/pkcs10/PKCS10Attributes.java Sat Nov 05 00:02:33 2011 -0700 @@ -0,0 +1,219 @@ +/* + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.pkcs10; + +import java.io.IOException; +import java.io.OutputStream; +import java.security.cert.CertificateException; +import java.util.Collection; +import java.util.Collections; +import java.util.Enumeration; +import java.util.Hashtable; + +import sun.security.util.*; + +/** + * This class defines the PKCS10 attributes for the request. + * The ASN.1 syntax for this is: + * <pre> + * Attributes ::= SET OF Attribute + * </pre> + * + * @author Amit Kapoor + * @author Hemma Prafullchandra + * @see PKCS10 + * @see PKCS10Attribute + */ +public class PKCS10Attributes implements DerEncoder { + + private Hashtable<String, PKCS10Attribute> map = + new Hashtable<String, PKCS10Attribute>(3); + + /** + * Default constructor for the PKCS10 attribute. + */ + public PKCS10Attributes() { } + + /** + * Create the object from the array of PKCS10Attribute objects. + * + * @param attrs the array of PKCS10Attribute objects. + */ + public PKCS10Attributes(PKCS10Attribute[] attrs) { + for (int i = 0; i < attrs.length; i++) { + map.put(attrs[i].getAttributeId().toString(), attrs[i]); + } + } + + /** + * Create the object, decoding the values from the passed DER stream. + * The DER stream contains the SET OF Attribute. + * + * @param in the DerInputStream to read the attributes from. + * @exception IOException on decoding errors. + */ + public PKCS10Attributes(DerInputStream in) throws IOException { + DerValue[] attrs = in.getSet(3, true); + + if (attrs == null) + throw new IOException("Illegal encoding of attributes"); + for (int i = 0; i < attrs.length; i++) { + PKCS10Attribute attr = new PKCS10Attribute(attrs[i]); + map.put(attr.getAttributeId().toString(), attr); + } + } + + /** + * Encode the attributes in DER form to the stream. + * + * @param out the OutputStream to marshal the contents to. + * @exception IOException on encoding errors. + */ + public void encode(OutputStream out) throws IOException { + derEncode(out); + } + + /** + * Encode the attributes in DER form to the stream. + * Implements the <code>DerEncoder</code> interface. + * + * @param out the OutputStream to marshal the contents to. + * @exception IOException on encoding errors. + */ + public void derEncode(OutputStream out) throws IOException { + // first copy the elements into an array + Collection<PKCS10Attribute> allAttrs = map.values(); + PKCS10Attribute[] attribs = + allAttrs.toArray(new PKCS10Attribute[map.size()]); + + DerOutputStream attrOut = new DerOutputStream(); + attrOut.putOrderedSetOf(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte)0), + attribs); + out.write(attrOut.toByteArray()); + } + + /** + * Set the attribute value. + */ + public void setAttribute(String name, Object obj) { + if (obj instanceof PKCS10Attribute) { + map.put(name, (PKCS10Attribute)obj); + } + } + + /** + * Get the attribute value. + */ + public Object getAttribute(String name) { + return map.get(name); + } + + /** + * Delete the attribute value. + */ + public void deleteAttribute(String name) { + map.remove(name); + } + + /** + * Return an enumeration of names of attributes existing within this + * attribute. + */ + public Enumeration<PKCS10Attribute> getElements() { + return (map.elements()); + } + + /** + * Return a Collection of attributes existing within this + * PKCS10Attributes object. + */ + public Collection<PKCS10Attribute> getAttributes() { + return (Collections.unmodifiableCollection(map.values())); + } + + /** + * Compares this PKCS10Attributes for equality with the specified + * object. If the <code>other</code> object is an + * <code>instanceof</code> <code>PKCS10Attributes</code>, then + * all the entries are compared with the entries from this. + * + * @param other the object to test for equality with this PKCS10Attributes. + * @return true if all the entries match that of the Other, + * false otherwise. + */ + public boolean equals(Object other) { + if (this == other) + return true; + if (!(other instanceof PKCS10Attributes)) + return false; + + Collection<PKCS10Attribute> othersAttribs = + ((PKCS10Attributes)other).getAttributes(); + PKCS10Attribute[] attrs = + othersAttribs.toArray(new PKCS10Attribute[othersAttribs.size()]); + int len = attrs.length; + if (len != map.size()) + return false; + PKCS10Attribute thisAttr, otherAttr; + String key = null; + for (int i=0; i < len; i++) { + otherAttr = attrs[i]; + key = otherAttr.getAttributeId().toString(); + + if (key == null) + return false; + thisAttr = map.get(key); + if (thisAttr == null) + return false; + if (! thisAttr.equals(otherAttr)) + return false; + } + return true; + } + + /** + * Returns a hashcode value for this PKCS10Attributes. + * + * @return the hashcode value. + */ + public int hashCode() { + return map.hashCode(); + } + + /** + * Returns a string representation of this <tt>PKCS10Attributes</tt> object + * in the form of a set of entries, enclosed in braces and separated + * by the ASCII characters "<tt>, </tt>" (comma and space). + * <p>Overrides the <tt>toString</tt> method of <tt>Object</tt>. + * + * @return a string representation of this PKCS10Attributes. + */ + public String toString() { + String s = map.size() + "\n" + map.toString(); + return s; + } +}
--- a/jdk/src/share/classes/sun/security/pkcs11/Config.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/pkcs11/Config.java Sat Nov 05 00:02:33 2011 -0700 @@ -192,6 +192,11 @@ // works only for NSS providers created via the Secmod API private boolean nssUseSecmodTrust = false; + // Flag to indicate whether the X9.63 encoding for EC points shall be used + // (true) or whether that encoding shall be wrapped in an ASN.1 OctetString + // (false). + private boolean useEcX963Encoding = false; + private Config(String filename, InputStream in) throws IOException { if (in == null) { if (filename.startsWith("--")) { @@ -320,6 +325,10 @@ return nssUseSecmodTrust; } + boolean getUseEcX963Encoding() { + return useEcX963Encoding; + } + private static String expand(final String s) throws IOException { try { return PropertyExpander.expand(s); @@ -440,6 +449,8 @@ parseNSSArgs(word); } else if (word.equals("nssUseSecmodTrust")) { nssUseSecmodTrust = parseBooleanEntry(word); + } else if (word.equals("useEcX963Encoding")) { + useEcX963Encoding = parseBooleanEntry(word); } else { throw new ConfigurationException ("Unknown keyword '" + word + "', line " + st.lineno());
--- a/jdk/src/share/classes/sun/security/pkcs11/KeyCache.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/pkcs11/KeyCache.java Sat Nov 05 00:02:33 2011 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -48,7 +48,7 @@ */ final class KeyCache { - private final Cache strongCache; + private final Cache<IdentityWrapper, P11Key> strongCache; private WeakReference<Map<Key,P11Key>> cacheReference; @@ -77,7 +77,7 @@ } synchronized P11Key get(Key key) { - P11Key p11Key = (P11Key)strongCache.get(new IdentityWrapper(key)); + P11Key p11Key = strongCache.get(new IdentityWrapper(key)); if (p11Key != null) { return p11Key; } @@ -94,8 +94,8 @@ Map<Key,P11Key> map = (cacheReference == null) ? null : cacheReference.get(); if (map == null) { - map = new IdentityHashMap<Key,P11Key>(); - cacheReference = new WeakReference<Map<Key,P11Key>>(map); + map = new IdentityHashMap<>(); + cacheReference = new WeakReference<>(map); } map.put(key, p11Key); }
--- a/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java Sat Nov 05 00:02:33 2011 -0700 @@ -203,14 +203,20 @@ private PublicKey generatePublic(ECPoint point, ECParameterSpec params) throws PKCS11Exception { byte[] encodedParams = ECParameters.encodeParameters(params); - byte[] encodedPoint = null; - DerValue pkECPoint = new DerValue(DerValue.tag_OctetString, - ECParameters.encodePoint(point, params.getCurve())); + byte[] encodedPoint = + ECParameters.encodePoint(point, params.getCurve()); - try { - encodedPoint = pkECPoint.toByteArray(); - } catch (IOException e) { - throw new IllegalArgumentException("Could not DER encode point", e); + // Check whether the X9.63 encoding of an EC point shall be wrapped + // in an ASN.1 OCTET STRING + if (!token.config.getUseEcX963Encoding()) { + try { + encodedPoint = + new DerValue(DerValue.tag_OctetString, encodedPoint) + .toByteArray(); + } catch (IOException e) { + throw new + IllegalArgumentException("Could not DER encode point", e); + } } CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
--- a/jdk/src/share/classes/sun/security/pkcs11/P11Key.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/pkcs11/P11Key.java Sat Nov 05 00:02:33 2011 -0700 @@ -1028,28 +1028,21 @@ try { params = P11ECKeyFactory.decodeParameters (attributes[1].getByteArray()); - - /* - * An uncompressed EC point may be in either of two formats. - * First try the OCTET STRING encoding: - * 04 <length> 04 <X-coordinate> <Y-coordinate> - * - * Otherwise try the raw encoding: - * 04 <X-coordinate> <Y-coordinate> - */ byte[] ecKey = attributes[0].getByteArray(); - try { + // Check whether the X9.63 encoding of an EC point is wrapped + // in an ASN.1 OCTET STRING + if (!token.config.getUseEcX963Encoding()) { DerValue wECPoint = new DerValue(ecKey); - if (wECPoint.getTag() != DerValue.tag_OctetString) - throw new IOException("Unexpected tag: " + - wECPoint.getTag()); + if (wECPoint.getTag() != DerValue.tag_OctetString) { + throw new IOException("Could not DER decode EC point." + + " Unexpected tag: " + wECPoint.getTag()); + } w = P11ECKeyFactory.decodePoint (wECPoint.getDataBytes(), params.getCurve()); - } catch (IOException e) { - // Failover + } else { w = P11ECKeyFactory.decodePoint(ecKey, params.getCurve()); }
--- a/jdk/src/share/classes/sun/security/provider/X509Factory.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/provider/X509Factory.java Sat Nov 05 00:02:33 2011 -0700 @@ -64,8 +64,10 @@ private static final int ENC_MAX_LENGTH = 4096 * 1024; // 4 MB MAX - private static final Cache certCache = Cache.newSoftMemoryCache(750); - private static final Cache crlCache = Cache.newSoftMemoryCache(750); + private static final Cache<Object, X509CertImpl> certCache + = Cache.newSoftMemoryCache(750); + private static final Cache<Object, X509CRLImpl> crlCache + = Cache.newSoftMemoryCache(750); /** * Generates an X.509 certificate object and initializes it with @@ -90,7 +92,7 @@ try { byte[] encoding = readOneBlock(is); if (encoding != null) { - X509CertImpl cert = (X509CertImpl)getFromCache(certCache, encoding); + X509CertImpl cert = getFromCache(certCache, encoding); if (cert != null) { return cert; } @@ -151,7 +153,7 @@ } else { encoding = c.getEncoded(); } - X509CertImpl newC = (X509CertImpl)getFromCache(certCache, encoding); + X509CertImpl newC = getFromCache(certCache, encoding); if (newC != null) { return newC; } @@ -181,7 +183,7 @@ } else { encoding = c.getEncoded(); } - X509CRLImpl newC = (X509CRLImpl)getFromCache(crlCache, encoding); + X509CRLImpl newC = getFromCache(crlCache, encoding); if (newC != null) { return newC; } @@ -198,18 +200,17 @@ /** * Get the X509CertImpl or X509CRLImpl from the cache. */ - private static synchronized Object getFromCache(Cache cache, + private static synchronized <K,V> V getFromCache(Cache<K,V> cache, byte[] encoding) { Object key = new Cache.EqualByteArray(encoding); - Object value = cache.get(key); - return value; + return cache.get(key); } /** * Add the X509CertImpl or X509CRLImpl to the cache. */ - private static synchronized void addToCache(Cache cache, byte[] encoding, - Object value) { + private static synchronized <V> void addToCache(Cache<Object, V> cache, + byte[] encoding, V value) { if (encoding.length > ENC_MAX_LENGTH) { return; } @@ -361,7 +362,7 @@ try { byte[] encoding = readOneBlock(is); if (encoding != null) { - X509CRLImpl crl = (X509CRLImpl)getFromCache(crlCache, encoding); + X509CRLImpl crl = getFromCache(crlCache, encoding); if (crl != null) { return crl; } @@ -669,6 +670,23 @@ bout.write(midByte); bout.write(lowByte); length = (highByte << 16) | (midByte << 8) | lowByte; + } else if (n == 0x84) { + int highByte = is.read(); + int nextByte = is.read(); + int midByte = is.read(); + int lowByte = is.read(); + if (lowByte == -1) { + throw new IOException("Incomplete BER/DER length info"); + } + if (highByte > 127) { + throw new IOException("Invalid BER/DER data (a little huge?)"); + } + bout.write(highByte); + bout.write(nextByte); + bout.write(midByte); + bout.write(lowByte); + length = (highByte << 24 ) | (nextByte << 16) | + (midByte << 8) | lowByte; } else { // ignore longer length forms throw new IOException("Invalid BER/DER data (too huge?)"); }
--- a/jdk/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java Sat Nov 05 00:02:33 2011 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,32 +27,87 @@ import java.net.URI; import java.util.Collection; +import java.util.HashMap; +import java.util.Map; +import java.security.AccessController; import java.security.NoSuchAlgorithmException; import java.security.InvalidAlgorithmParameterException; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.security.cert.CertStore; import java.security.cert.X509CertSelector; import java.security.cert.X509CRLSelector; import javax.security.auth.x500.X500Principal; import java.io.IOException; +import sun.security.util.Cache; + /** - * Helper used by URICertStore when delegating to another CertStore to - * fetch certs and CRLs. + * Helper used by URICertStore and others when delegating to another CertStore + * to fetch certs and CRLs. */ -public interface CertStoreHelper { +public abstract class CertStoreHelper { + + private static final int NUM_TYPES = 2; + private final static Map<String,String> classMap = new HashMap<>(NUM_TYPES); + static { + classMap.put( + "LDAP", + "sun.security.provider.certpath.ldap.LDAPCertStoreHelper"); + classMap.put( + "SSLServer", + "sun.security.provider.certpath.ssl.SSLServerCertStoreHelper"); + }; + private static Cache<String, CertStoreHelper> cache + = Cache.newSoftMemoryCache(NUM_TYPES); + + public static CertStoreHelper getInstance(final String type) + throws NoSuchAlgorithmException + { + CertStoreHelper helper = cache.get(type); + if (helper != null) { + return helper; + } + final String cl = classMap.get(type); + if (cl == null) { + throw new NoSuchAlgorithmException(type + " not available"); + } + try { + helper = AccessController.doPrivileged( + new PrivilegedExceptionAction<CertStoreHelper>() { + public CertStoreHelper run() throws ClassNotFoundException { + try { + Class<?> c = Class.forName(cl, true, null); + CertStoreHelper csh + = (CertStoreHelper)c.newInstance(); + cache.put(type, csh); + return csh; + } catch (InstantiationException e) { + throw new AssertionError(e); + } catch (IllegalAccessException e) { + throw new AssertionError(e); + } + } + }); + return helper; + } catch (PrivilegedActionException e) { + throw new NoSuchAlgorithmException(type + " not available", + e.getException()); + } + } /** * Returns a CertStore using the given URI as parameters. */ - CertStore getCertStore(URI uri) + public abstract CertStore getCertStore(URI uri) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException; /** * Wraps an existing X509CertSelector when needing to avoid DN matching * issues. */ - X509CertSelector wrap(X509CertSelector selector, + public abstract X509CertSelector wrap(X509CertSelector selector, X500Principal certSubject, String dn) throws IOException; @@ -61,7 +116,7 @@ * Wraps an existing X509CRLSelector when needing to avoid DN matching * issues. */ - X509CRLSelector wrap(X509CRLSelector selector, + public abstract X509CRLSelector wrap(X509CRLSelector selector, Collection<X500Principal> certIssuers, String dn) throws IOException;
--- a/jdk/src/share/classes/sun/security/provider/certpath/URICertStore.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/provider/certpath/URICertStore.java Sat Nov 05 00:02:33 2011 -0700 @@ -30,8 +30,6 @@ import java.net.HttpURLConnection; import java.net.URI; import java.net.URLConnection; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; import java.security.Provider; @@ -102,8 +100,7 @@ private final CertificateFactory factory; // cached Collection of X509Certificates (may be empty, never null) - private Collection<X509Certificate> certs = - Collections.<X509Certificate>emptySet(); + private Collection<X509Certificate> certs = Collections.emptySet(); // cached X509CRL (may be null) private X509CRL crl; @@ -120,36 +117,11 @@ // true if URI is ldap private boolean ldap = false; + private CertStoreHelper ldapHelper; private CertStore ldapCertStore; private String ldapPath; /** - * Holder class to lazily load LDAPCertStoreHelper if present. - */ - private static class LDAP { - private static final String CERT_STORE_HELPER = - "sun.security.provider.certpath.ldap.LDAPCertStoreHelper"; - private static final CertStoreHelper helper = - AccessController.doPrivileged( - new PrivilegedAction<CertStoreHelper>() { - public CertStoreHelper run() { - try { - Class<?> c = Class.forName(CERT_STORE_HELPER, true, null); - return (CertStoreHelper)c.newInstance(); - } catch (ClassNotFoundException cnf) { - return null; - } catch (InstantiationException e) { - throw new AssertionError(e); - } catch (IllegalAccessException e) { - throw new AssertionError(e); - } - }}); - static CertStoreHelper helper() { - return helper; - } - } - - /** * Creates a URICertStore. * * @param parameters specifying the URI @@ -164,10 +136,9 @@ this.uri = ((URICertStoreParameters) params).uri; // if ldap URI, use an LDAPCertStore to fetch certs and CRLs if (uri.getScheme().toLowerCase(Locale.ENGLISH).equals("ldap")) { - if (LDAP.helper() == null) - throw new NoSuchAlgorithmException("LDAP not present"); ldap = true; - ldapCertStore = LDAP.helper().getCertStore(uri); + ldapHelper = CertStoreHelper.getInstance("LDAP"); + ldapCertStore = ldapHelper.getCertStore(uri); ldapPath = uri.getPath(); // strip off leading '/' if (ldapPath.charAt(0) == '/') { @@ -185,14 +156,14 @@ * Returns a URI CertStore. This method consults a cache of * CertStores (shared per JVM) using the URI as a key. */ - private static final Cache certStoreCache = - Cache.newSoftMemoryCache(CACHE_SIZE); + private static final Cache<URICertStoreParameters, CertStore> + certStoreCache = Cache.newSoftMemoryCache(CACHE_SIZE); static synchronized CertStore getInstance(URICertStoreParameters params) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { if (debug != null) { debug.println("CertStore URI:" + params.uri); } - CertStore ucs = (CertStore) certStoreCache.get(params); + CertStore ucs = certStoreCache.get(params); if (ucs == null) { ucs = new UCS(new URICertStore(params), null, "URI", params); certStoreCache.put(params, ucs); @@ -251,7 +222,7 @@ if (ldap) { X509CertSelector xsel = (X509CertSelector) selector; try { - xsel = LDAP.helper().wrap(xsel, xsel.getSubject(), ldapPath); + xsel = ldapHelper.wrap(xsel, xsel.getSubject(), ldapPath); } catch (IOException ioe) { throw new CertStoreException(ioe); } @@ -273,62 +244,49 @@ return getMatchingCerts(certs, selector); } lastChecked = time; - InputStream in = null; try { URLConnection connection = uri.toURL().openConnection(); if (lastModified != 0) { connection.setIfModifiedSince(lastModified); } - in = connection.getInputStream(); long oldLastModified = lastModified; - lastModified = connection.getLastModified(); - if (oldLastModified != 0) { - if (oldLastModified == lastModified) { - if (debug != null) { - debug.println("Not modified, using cached copy"); - } - return getMatchingCerts(certs, selector); - } else if (connection instanceof HttpURLConnection) { - // some proxy servers omit last modified - HttpURLConnection hconn = (HttpURLConnection) connection; - if (hconn.getResponseCode() - == HttpURLConnection.HTTP_NOT_MODIFIED) { + try (InputStream in = connection.getInputStream()) { + lastModified = connection.getLastModified(); + if (oldLastModified != 0) { + if (oldLastModified == lastModified) { if (debug != null) { debug.println("Not modified, using cached copy"); } return getMatchingCerts(certs, selector); + } else if (connection instanceof HttpURLConnection) { + // some proxy servers omit last modified + HttpURLConnection hconn = (HttpURLConnection)connection; + if (hconn.getResponseCode() + == HttpURLConnection.HTTP_NOT_MODIFIED) { + if (debug != null) { + debug.println("Not modified, using cached copy"); + } + return getMatchingCerts(certs, selector); + } } } + if (debug != null) { + debug.println("Downloading new certificates..."); + } + // Safe cast since factory is an X.509 certificate factory + certs = (Collection<X509Certificate>) + factory.generateCertificates(in); } - if (debug != null) { - debug.println("Downloading new certificates..."); - } - // Safe cast since factory is an X.509 certificate factory - certs = (Collection<X509Certificate>) - factory.generateCertificates(in); return getMatchingCerts(certs, selector); - } catch (IOException e) { + } catch (IOException | CertificateException e) { if (debug != null) { debug.println("Exception fetching certificates:"); e.printStackTrace(); } - } catch (CertificateException e) { - if (debug != null) { - debug.println("Exception fetching certificates:"); - e.printStackTrace(); - } - } finally { - if (in != null) { - try { - in.close(); - } catch (IOException e) { - // ignore - } - } } // exception, forget previous values lastModified = 0; - certs = Collections.<X509Certificate>emptySet(); + certs = Collections.emptySet(); return certs; } @@ -343,8 +301,7 @@ if (selector == null) { return certs; } - List<X509Certificate> matchedCerts = - new ArrayList<X509Certificate>(certs.size()); + List<X509Certificate> matchedCerts = new ArrayList<>(certs.size()); for (X509Certificate cert : certs) { if (selector.match(cert)) { matchedCerts.add(cert); @@ -374,7 +331,7 @@ if (ldap) { X509CRLSelector xsel = (X509CRLSelector) selector; try { - xsel = LDAP.helper().wrap(xsel, null, ldapPath); + xsel = ldapHelper.wrap(xsel, null, ldapPath); } catch (IOException ioe) { throw new CertStoreException(ioe); } @@ -395,61 +352,48 @@ return getMatchingCRLs(crl, selector); } lastChecked = time; - InputStream in = null; try { URLConnection connection = uri.toURL().openConnection(); if (lastModified != 0) { connection.setIfModifiedSince(lastModified); } - in = connection.getInputStream(); long oldLastModified = lastModified; - lastModified = connection.getLastModified(); - if (oldLastModified != 0) { - if (oldLastModified == lastModified) { - if (debug != null) { - debug.println("Not modified, using cached copy"); - } - return getMatchingCRLs(crl, selector); - } else if (connection instanceof HttpURLConnection) { - // some proxy servers omit last modified - HttpURLConnection hconn = (HttpURLConnection) connection; - if (hconn.getResponseCode() - == HttpURLConnection.HTTP_NOT_MODIFIED) { + try (InputStream in = connection.getInputStream()) { + lastModified = connection.getLastModified(); + if (oldLastModified != 0) { + if (oldLastModified == lastModified) { if (debug != null) { debug.println("Not modified, using cached copy"); } return getMatchingCRLs(crl, selector); + } else if (connection instanceof HttpURLConnection) { + // some proxy servers omit last modified + HttpURLConnection hconn = (HttpURLConnection)connection; + if (hconn.getResponseCode() + == HttpURLConnection.HTTP_NOT_MODIFIED) { + if (debug != null) { + debug.println("Not modified, using cached copy"); + } + return getMatchingCRLs(crl, selector); + } } } + if (debug != null) { + debug.println("Downloading new CRL..."); + } + crl = (X509CRL) factory.generateCRL(in); } - if (debug != null) { - debug.println("Downloading new CRL..."); - } - crl = (X509CRL) factory.generateCRL(in); return getMatchingCRLs(crl, selector); - } catch (IOException e) { + } catch (IOException | CRLException e) { if (debug != null) { debug.println("Exception fetching CRL:"); e.printStackTrace(); } - } catch (CRLException e) { - if (debug != null) { - debug.println("Exception fetching CRL:"); - e.printStackTrace(); - } - } finally { - if (in != null) { - try { - in.close(); - } catch (IOException e) { - // ignore - } - } } // exception, forget previous values lastModified = 0; crl = null; - return Collections.<X509CRL>emptyList(); + return Collections.emptyList(); } /** @@ -459,9 +403,9 @@ private static Collection<X509CRL> getMatchingCRLs (X509CRL crl, CRLSelector selector) { if (selector == null || (crl != null && selector.match(crl))) { - return Collections.<X509CRL>singletonList(crl); + return Collections.singletonList(crl); } else { - return Collections.<X509CRL>emptyList(); + return Collections.emptyList(); } }
--- a/jdk/src/share/classes/sun/security/provider/certpath/X509CertificatePair.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/provider/certpath/X509CertificatePair.java Sat Nov 05 00:02:33 2011 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2002, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -79,7 +79,8 @@ private X509Certificate reverse; private byte[] encoded; - private static final Cache cache = Cache.newSoftMemoryCache(750); + private static final Cache<Object, X509CertificatePair> cache + = Cache.newSoftMemoryCache(750); /** * Creates an empty instance of X509CertificatePair. @@ -114,7 +115,7 @@ * * For internal use only, external code should use generateCertificatePair. */ - private X509CertificatePair(byte[] encoded)throws CertificateException { + private X509CertificatePair(byte[] encoded) throws CertificateException { try { parse(new DerValue(encoded)); this.encoded = encoded; @@ -138,7 +139,7 @@ public static synchronized X509CertificatePair generateCertificatePair (byte[] encoded) throws CertificateException { Object key = new Cache.EqualByteArray(encoded); - X509CertificatePair pair = (X509CertificatePair)cache.get(key); + X509CertificatePair pair = cache.get(key); if (pair != null) { return pair; }
--- a/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java Sat Nov 05 00:02:33 2011 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -103,7 +103,7 @@ * @author Steve Hanna * @author Andreas Sterbenz */ -public class LDAPCertStore extends CertStoreSpi { +public final class LDAPCertStore extends CertStoreSpi { private static final Debug debug = Debug.getInstance("certpath"); @@ -160,7 +160,7 @@ */ private boolean prefetchCRLs = false; - private final Cache valueCache; + private final Cache<String, byte[][]> valueCache; private int cacheHits = 0; private int cacheMisses = 0; @@ -207,10 +207,11 @@ * Returns an LDAP CertStore. This method consults a cache of * CertStores (shared per JVM) using the LDAP server/port as a key. */ - private static final Cache certStoreCache = Cache.newSoftMemoryCache(185); + private static final Cache<LDAPCertStoreParameters, CertStore> + certStoreCache = Cache.newSoftMemoryCache(185); static synchronized CertStore getInstance(LDAPCertStoreParameters params) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { - CertStore lcs = (CertStore) certStoreCache.get(params); + CertStore lcs = certStoreCache.get(params); if (lcs == null) { lcs = CertStore.getInstance("LDAP", params); certStoreCache.put(params, lcs); @@ -232,7 +233,7 @@ private void createInitialDirContext(String server, int port) throws InvalidAlgorithmParameterException { String url = "ldap://" + server + ":" + port; - Hashtable<String,Object> env = new Hashtable<String,Object>(); + Hashtable<String,Object> env = new Hashtable<>(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, url); @@ -283,7 +284,7 @@ LDAPRequest(String name) { this.name = name; - requestedAttributes = new ArrayList<String>(5); + requestedAttributes = new ArrayList<>(5); } String getName() { @@ -311,7 +312,7 @@ + cacheMisses); } String cacheKey = name + "|" + attrId; - byte[][] values = (byte[][])valueCache.get(cacheKey); + byte[][] values = valueCache.get(cacheKey); if (values != null) { cacheHits++; return values; @@ -347,7 +348,7 @@ System.out.println("LDAP requests: " + requests); } } - valueMap = new HashMap<String, byte[][]>(8); + valueMap = new HashMap<>(8); String[] attrIds = requestedAttributes.toArray(STRING0); Attributes attrs; try { @@ -429,10 +430,10 @@ int n = encodedCert.length; if (n == 0) { - return Collections.<X509Certificate>emptySet(); + return Collections.emptySet(); } - List<X509Certificate> certs = new ArrayList<X509Certificate>(n); + List<X509Certificate> certs = new ArrayList<>(n); /* decode certs and check if they satisfy selector */ for (int i = 0; i < n; i++) { ByteArrayInputStream bais = new ByteArrayInputStream(encodedCert[i]); @@ -477,11 +478,10 @@ int n = encodedCertPair.length; if (n == 0) { - return Collections.<X509CertificatePair>emptySet(); + return Collections.emptySet(); } - List<X509CertificatePair> certPairs = - new ArrayList<X509CertificatePair>(n); + List<X509CertificatePair> certPairs = new ArrayList<>(n); /* decode each cert pair and add it to the Collection */ for (int i = 0; i < n; i++) { try { @@ -528,8 +528,7 @@ getCertPairs(request, CROSS_CERT); // Find Certificates that match and put them in a list - ArrayList<X509Certificate> matchingCerts = - new ArrayList<X509Certificate>(); + ArrayList<X509Certificate> matchingCerts = new ArrayList<>(); for (X509CertificatePair certPair : certPairs) { X509Certificate cert; if (forward != null) { @@ -587,7 +586,7 @@ int basicConstraints = xsel.getBasicConstraints(); String subject = xsel.getSubjectAsString(); String issuer = xsel.getIssuerAsString(); - HashSet<X509Certificate> certs = new HashSet<X509Certificate>(); + HashSet<X509Certificate> certs = new HashSet<>(); if (debug != null) { debug.println("LDAPCertStore.engineGetCertificates() basicConstraints: " + basicConstraints); @@ -706,10 +705,10 @@ int n = encodedCRL.length; if (n == 0) { - return Collections.<X509CRL>emptySet(); + return Collections.emptySet(); } - List<X509CRL> crls = new ArrayList<X509CRL>(n); + List<X509CRL> crls = new ArrayList<>(n); /* decode each crl and check if it matches selector */ for (int i = 0; i < n; i++) { try { @@ -765,13 +764,13 @@ throw new CertStoreException("need X509CRLSelector to find CRLs"); } X509CRLSelector xsel = (X509CRLSelector) selector; - HashSet<X509CRL> crls = new HashSet<X509CRL>(); + HashSet<X509CRL> crls = new HashSet<>(); // Look in directory entry for issuer of cert we're checking. Collection<Object> issuerNames; X509Certificate certChecking = xsel.getCertificateChecking(); if (certChecking != null) { - issuerNames = new HashSet<Object>(); + issuerNames = new HashSet<>(); X500Principal issuer = certChecking.getIssuerX500Principal(); issuerNames.add(issuer.getName(X500Principal.RFC2253)); } else { @@ -796,7 +795,7 @@ issuerName = (String)nameObject; } // If all we want is CA certs, try to get the (probably shorter) ARL - Collection<X509CRL> entryCRLs = Collections.<X509CRL>emptySet(); + Collection<X509CRL> entryCRLs = Collections.emptySet(); if (certChecking == null || certChecking.getBasicConstraints() != -1) { LDAPRequest request = new LDAPRequest(issuerName); request.addRequestedAttribute(CROSS_CERT); @@ -1028,9 +1027,9 @@ throws IOException { this.selector = selector == null ? new X509CRLSelector() : selector; this.certIssuers = certIssuers; - issuerNames = new HashSet<Object>(); + issuerNames = new HashSet<>(); issuerNames.add(ldapDN); - issuers = new HashSet<X500Principal>(); + issuers = new HashSet<>(); issuers.add(new X500Name(ldapDN).asX500Principal()); } // we only override the get (accessor methods) since the set methods
--- a/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java Sat Nov 05 00:02:33 2011 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,11 +41,9 @@ * LDAP implementation of CertStoreHelper. */ -public class LDAPCertStoreHelper - implements CertStoreHelper +public final class LDAPCertStoreHelper + extends CertStoreHelper { - public LDAPCertStoreHelper() { } - @Override public CertStore getCertStore(URI uri) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStore.java Sat Nov 05 00:02:33 2011 -0700 @@ -0,0 +1,153 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.provider.certpath.ssl; + +import java.io.IOException; +import java.net.URI; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.security.GeneralSecurityException; +import java.security.InvalidAlgorithmParameterException; +import java.security.Provider; +import java.security.cert.CertificateException; +import java.security.cert.CertSelector; +import java.security.cert.CertStore; +import java.security.cert.CertStoreException; +import java.security.cert.CertStoreParameters; +import java.security.cert.CertStoreSpi; +import java.security.cert.CRLSelector; +import java.security.cert.X509Certificate; +import java.security.cert.X509CRL; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; + +/** + * A CertStore that retrieves an SSL server's certificate chain. + */ +public final class SSLServerCertStore extends CertStoreSpi { + + private final URI uri; + + SSLServerCertStore(URI uri) throws InvalidAlgorithmParameterException { + super(null); + this.uri = uri; + } + + public synchronized Collection<X509Certificate> engineGetCertificates + (CertSelector selector) throws CertStoreException + { + try { + SSLContext sc = SSLContext.getInstance("SSL"); + GetChainTrustManager xtm = new GetChainTrustManager(); + sc.init(null, new TrustManager[] { xtm }, null); + HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); + HttpsURLConnection.setDefaultHostnameVerifier( + new HostnameVerifier() { + public boolean verify(String hostname, SSLSession session) { + return true; + } + }); + uri.toURL().openConnection().connect(); + return getMatchingCerts(xtm.serverChain, selector); + } catch (GeneralSecurityException | IOException e) { + throw new CertStoreException(e); + } + } + + private static List<X509Certificate> getMatchingCerts + (List<X509Certificate> certs, CertSelector selector) + { + // if selector not specified, all certs match + if (selector == null) { + return certs; + } + List<X509Certificate> matchedCerts = new ArrayList<>(certs.size()); + for (X509Certificate cert : certs) { + if (selector.match(cert)) { + matchedCerts.add(cert); + } + } + return matchedCerts; + } + + public Collection<X509CRL> engineGetCRLs(CRLSelector selector) + throws CertStoreException + { + throw new UnsupportedOperationException(); + } + + static synchronized CertStore getInstance(URI uri) + throws InvalidAlgorithmParameterException + { + return new CS(new SSLServerCertStore(uri), null, "SSLServer", null); + } + + /* + * An X509TrustManager that simply stores a reference to the server's + * certificate chain. + */ + private static class GetChainTrustManager implements X509TrustManager { + private List<X509Certificate> serverChain; + + public X509Certificate[] getAcceptedIssuers() { + throw new UnsupportedOperationException(); + } + + public void checkClientTrusted(X509Certificate[] chain, + String authType) + throws CertificateException + { + throw new UnsupportedOperationException(); + } + + public void checkServerTrusted(X509Certificate[] chain, + String authType) + throws CertificateException + { + this.serverChain = (chain == null) + ? Collections.<X509Certificate>emptyList() + : Arrays.asList(chain); + } + } + + /** + * This class allows the SSLServerCertStore to be accessed as a CertStore. + */ + private static class CS extends CertStore { + protected CS(CertStoreSpi spi, Provider p, String type, + CertStoreParameters params) + { + super(spi, p, type, params); + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStoreHelper.java Sat Nov 05 00:02:33 2011 -0700 @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.provider.certpath.ssl; + +import java.net.URI; +import java.util.Collection; +import java.security.NoSuchAlgorithmException; +import java.security.InvalidAlgorithmParameterException; +import java.security.cert.CertStore; +import java.security.cert.X509CertSelector; +import java.security.cert.X509CRLSelector; +import javax.security.auth.x500.X500Principal; +import java.io.IOException; + +import sun.security.provider.certpath.CertStoreHelper; + +/** + * SSL implementation of CertStoreHelper. + */ +public final class SSLServerCertStoreHelper extends CertStoreHelper { + + @Override + public CertStore getCertStore(URI uri) + throws NoSuchAlgorithmException, InvalidAlgorithmParameterException + { + return SSLServerCertStore.getInstance(uri); + } + + @Override + public X509CertSelector wrap(X509CertSelector selector, + X500Principal certSubject, + String ldapDN) + throws IOException + { + throw new UnsupportedOperationException(); + } + + @Override + public X509CRLSelector wrap(X509CRLSelector selector, + Collection<X500Principal> certIssuers, + String ldapDN) + throws IOException + { + throw new UnsupportedOperationException(); + } +}
--- a/jdk/src/share/classes/sun/security/ssl/CipherBox.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/ssl/CipherBox.java Sat Nov 05 00:02:33 2011 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -305,9 +305,11 @@ byte[] buf = null; int limit = bb.limit(); if (bb.hasArray()) { + int arrayOffset = bb.arrayOffset(); buf = bb.array(); - System.arraycopy(buf, pos, - buf, pos + prefix.length, limit - pos); + System.arraycopy(buf, arrayOffset + pos, + buf, arrayOffset + pos + prefix.length, + limit - pos); bb.limit(limit + prefix.length); } else { buf = new byte[limit - pos]; @@ -491,9 +493,10 @@ byte[] buf = null; int limit = bb.limit(); if (bb.hasArray()) { + int arrayOffset = bb.arrayOffset(); buf = bb.array(); - System.arraycopy(buf, pos + blockSize, - buf, pos, limit - pos - blockSize); + System.arraycopy(buf, arrayOffset + pos + blockSize, + buf, arrayOffset + pos, limit - pos - blockSize); bb.limit(limit - blockSize); } else { buf = new byte[limit - pos - blockSize];
--- a/jdk/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java Sat Nov 05 00:02:33 2011 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -43,11 +43,14 @@ import javax.net.ssl.SSLSession; import sun.security.util.Cache; +import sun.security.util.Cache.CacheVisitor; final class SSLSessionContextImpl implements SSLSessionContext { - private Cache sessionCache; // session cache, session id as key - private Cache sessionHostPortCache; // session cache, "host:port" as key + private Cache<SessionId, SSLSessionImpl> sessionCache; + // session cache, session id as key + private Cache<String, SSLSessionImpl> sessionHostPortCache; + // session cache, "host:port" as key private int cacheLimit; // the max cache size private int timeout; // timeout in seconds @@ -71,8 +74,7 @@ throw new NullPointerException("session id cannot be null"); } - SSLSessionImpl sess = - (SSLSessionImpl)sessionCache.get(new SessionId(sessionId)); + SSLSessionImpl sess = sessionCache.get(new SessionId(sessionId)); if (!isTimedout(sess)) { return sess; } @@ -157,8 +159,7 @@ return null; } - SSLSessionImpl sess = - (SSLSessionImpl)sessionHostPortCache.get(getKey(hostname, port)); + SSLSessionImpl sess = sessionHostPortCache.get(getKey(hostname, port)); if (!isTimedout(sess)) { return sess; } @@ -193,7 +194,7 @@ // package-private method, remove a cached SSLSession void remove(SessionId key) { - SSLSessionImpl s = (SSLSessionImpl)sessionCache.get(key); + SSLSessionImpl s = sessionCache.get(key); if (s != null) { sessionCache.remove(key); sessionHostPortCache.remove( @@ -233,17 +234,17 @@ } final class SessionCacheVisitor - implements sun.security.util.Cache.CacheVisitor { + implements Cache.CacheVisitor<SessionId, SSLSessionImpl> { Vector<byte[]> ids = null; - // public void visit(java.util.Map<Object, Object> map) {} - public void visit(java.util.Map<Object, Object> map) { - ids = new Vector<byte[]>(map.size()); + // public void visit(java.util.Map<K,V> map) {} + public void visit(java.util.Map<SessionId, SSLSessionImpl> map) { + ids = new Vector<>(map.size()); - for (Object key : map.keySet()) { - SSLSessionImpl value = (SSLSessionImpl)map.get(key); + for (SessionId key : map.keySet()) { + SSLSessionImpl value = map.get(key); if (!isTimedout(value)) { - ids.addElement(((SessionId)key).getId()); + ids.addElement(key.getId()); } } }
--- a/jdk/src/share/classes/sun/security/timestamp/HttpTimestamper.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/timestamp/HttpTimestamper.java Sat Nov 05 00:02:33 2011 -0700 @@ -28,13 +28,13 @@ import java.io.BufferedInputStream; import java.io.DataOutputStream; import java.io.IOException; +import java.net.URI; import java.net.URL; import java.net.HttpURLConnection; -import java.util.List; -import java.util.Map; -import java.util.Set; +import java.util.*; import sun.misc.IOUtils; +import sun.security.util.Debug; /** * A timestamper that communicates with a Timestamping Authority (TSA) @@ -58,20 +58,23 @@ private static final String TS_REPLY_MIME_TYPE = "application/timestamp-reply"; - private static final boolean DEBUG = false; + private static final Debug debug = Debug.getInstance("ts"); /* - * HTTP URL identifying the location of the TSA + * HTTP URI identifying the location of the TSA */ - private String tsaUrl = null; + private URI tsaURI = null; /** * Creates a timestamper that connects to the specified TSA. * - * @param tsa The location of the TSA. It must be an HTTP URL. + * @param tsa The location of the TSA. It must be an HTTP URI. + * @throws IllegalArgumentException if tsaURI is not an HTTP URI */ - public HttpTimestamper(String tsaUrl) { - this.tsaUrl = tsaUrl; + public HttpTimestamper(URI tsaURI) { + if (!tsaURI.getScheme().equalsIgnoreCase("http")) + throw new IllegalArgumentException("TSA must be an HTTP URI"); + this.tsaURI = tsaURI; } /** @@ -85,7 +88,7 @@ public TSResponse generateTimestamp(TSRequest tsQuery) throws IOException { HttpURLConnection connection = - (HttpURLConnection) new URL(tsaUrl).openConnection(); + (HttpURLConnection) tsaURI.toURL().openConnection(); connection.setDoOutput(true); connection.setUseCaches(false); // ignore cache connection.setRequestProperty("Content-Type", TS_QUERY_MIME_TYPE); @@ -93,15 +96,15 @@ // Avoids the "hang" when a proxy is required but none has been set. connection.setConnectTimeout(CONNECT_TIMEOUT); - if (DEBUG) { + if (debug != null) { Set<Map.Entry<String, List<String>>> headers = - connection.getRequestProperties().entrySet(); - System.out.println(connection.getRequestMethod() + " " + tsaUrl + + connection.getRequestProperties().entrySet(); + debug.println(connection.getRequestMethod() + " " + tsaURI + " HTTP/1.1"); - for (Map.Entry<String, List<String>> entry : headers) { - System.out.println(" " + entry); + for (Map.Entry<String, List<String>> e : headers) { + debug.println(" " + e); } - System.out.println(); + debug.println(); } connection.connect(); // No HTTP authentication is performed @@ -112,8 +115,8 @@ byte[] request = tsQuery.encode(); output.write(request, 0, request.length); output.flush(); - if (DEBUG) { - System.out.println("sent timestamp query (length=" + + if (debug != null) { + debug.println("sent timestamp query (length=" + request.length + ")"); } } finally { @@ -127,17 +130,17 @@ byte[] replyBuffer = null; try { input = new BufferedInputStream(connection.getInputStream()); - if (DEBUG) { + if (debug != null) { String header = connection.getHeaderField(0); - System.out.println(header); + debug.println(header); int i = 1; while ((header = connection.getHeaderField(i)) != null) { String key = connection.getHeaderFieldKey(i); - System.out.println(" " + ((key==null) ? "" : key + ": ") + + debug.println(" " + ((key==null) ? "" : key + ": ") + header); i++; } - System.out.println(); + debug.println(); } verifyMimeType(connection.getContentType()); @@ -145,8 +148,8 @@ int contentLength = connection.getContentLength(); replyBuffer = IOUtils.readFully(input, contentLength, false); - if (DEBUG) { - System.out.println("received timestamp response (length=" + + if (debug != null) { + debug.println("received timestamp response (length=" + total + ")"); } } finally {
--- a/jdk/src/share/classes/sun/security/timestamp/TSRequest.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/timestamp/TSRequest.java Sat Nov 05 00:02:33 2011 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,10 +27,13 @@ import java.io.IOException; import java.math.BigInteger; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; import java.security.cert.X509Extension; import sun.security.util.DerValue; import sun.security.util.DerOutputStream; import sun.security.util.ObjectIdentifier; +import sun.security.x509.AlgorithmId; /** * This class provides a timestamp request, as defined in @@ -64,24 +67,9 @@ public class TSRequest { - private static final ObjectIdentifier SHA1_OID; - private static final ObjectIdentifier MD5_OID; - static { - ObjectIdentifier sha1 = null; - ObjectIdentifier md5 = null; - try { - sha1 = new ObjectIdentifier("1.3.14.3.2.26"); - md5 = new ObjectIdentifier("1.2.840.113549.2.5"); - } catch (IOException ioe) { - // should not happen - } - SHA1_OID = sha1; - MD5_OID = md5; - } - private int version = 1; - private ObjectIdentifier hashAlgorithmId = null; + private AlgorithmId hashAlgorithmId = null; private byte[] hashValue; @@ -94,30 +82,21 @@ private X509Extension[] extensions = null; /** - * Constructs a timestamp request for the supplied hash value.. + * Constructs a timestamp request for the supplied data. * - * @param hashValue The hash value. This is the data to be timestamped. - * @param hashAlgorithm The name of the hash algorithm. + * @param toBeTimeStamped The data to be timestamped. + * @param messageDigest The MessageDigest of the hash algorithm to use. + * @throws NoSuchAlgorithmException if the hash algorithm is not supported */ - public TSRequest(byte[] hashValue, String hashAlgorithm) { + public TSRequest(byte[] toBeTimeStamped, MessageDigest messageDigest) + throws NoSuchAlgorithmException { - // Check the common hash algorithms - if ("MD5".equalsIgnoreCase(hashAlgorithm)) { - hashAlgorithmId = MD5_OID; - // Check that the hash value matches the hash algorithm - assert hashValue.length == 16; + this.hashAlgorithmId = AlgorithmId.get(messageDigest.getAlgorithm()); + this.hashValue = messageDigest.digest(toBeTimeStamped); + } - } else if ("SHA-1".equalsIgnoreCase(hashAlgorithm) || - "SHA".equalsIgnoreCase(hashAlgorithm) || - "SHA1".equalsIgnoreCase(hashAlgorithm)) { - hashAlgorithmId = SHA1_OID; - // Check that the hash value matches the hash algorithm - assert hashValue.length == 20; - - } - // Clone the hash value - this.hashValue = new byte[hashValue.length]; - System.arraycopy(hashValue, 0, this.hashValue, 0, hashValue.length); + public byte[] getHashedMessage() { + return hashValue.clone(); } /** @@ -176,9 +155,7 @@ // encode messageImprint DerOutputStream messageImprint = new DerOutputStream(); - DerOutputStream hashAlgorithm = new DerOutputStream(); - hashAlgorithm.putOID(hashAlgorithmId); - messageImprint.write(DerValue.tag_Sequence, hashAlgorithm); + hashAlgorithmId.encode(messageImprint); messageImprint.putOctetString(hashValue); request.write(DerValue.tag_Sequence, messageImprint);
--- a/jdk/src/share/classes/sun/security/timestamp/TSResponse.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/timestamp/TSResponse.java Sat Nov 05 00:02:33 2011 -0700 @@ -27,6 +27,7 @@ import java.io.IOException; import sun.security.pkcs.PKCS7; +import sun.security.util.Debug; import sun.security.util.DerValue; /** @@ -175,18 +176,20 @@ */ public static final int SYSTEM_FAILURE = 25; - private static final boolean DEBUG = false; + private static final Debug debug = Debug.getInstance("ts"); private int status; private String[] statusString = null; - private int failureInfo = -1; + private boolean[] failureInfo = null; private byte[] encodedTsToken = null; private PKCS7 tsToken = null; + private TimestampToken tstInfo; + /** * Constructs an object to store the response to a timestamp request. * @@ -215,11 +218,11 @@ } /** - * Retrieve the failure code returned by the TSA. + * Retrieve the failure info returned by the TSA. * - * @return If -1 then no failure code was received. + * @return the failure info, or null if no failure code was received. */ - public int getFailureCode() { + public boolean[] getFailureInfo() { return failureInfo; } @@ -250,42 +253,38 @@ } } + private boolean isSet(int position) { + return failureInfo[position]; + } + public String getFailureCodeAsText() { - if (failureInfo == -1) { - return null; + if (failureInfo == null) { + return ""; } - switch (failureInfo) { + try { + if (isSet(BAD_ALG)) + return "Unrecognized or unsupported algorithm identifier."; + if (isSet(BAD_REQUEST)) + return "The requested transaction is not permitted or " + + "supported."; + if (isSet(BAD_DATA_FORMAT)) + return "The data submitted has the wrong format."; + if (isSet(TIME_NOT_AVAILABLE)) + return "The TSA's time source is not available."; + if (isSet(UNACCEPTED_POLICY)) + return "The requested TSA policy is not supported by the TSA."; + if (isSet(UNACCEPTED_EXTENSION)) + return "The requested extension is not supported by the TSA."; + if (isSet(ADD_INFO_NOT_AVAILABLE)) + return "The additional information requested could not be " + + "understood or is not available."; + if (isSet(SYSTEM_FAILURE)) + return "The request cannot be handled due to system failure."; + } catch (ArrayIndexOutOfBoundsException ex) {} - case BAD_ALG: - return "Unrecognized or unsupported alrorithm identifier."; - - case BAD_REQUEST: - return "The requested transaction is not permitted or supported."; - - case BAD_DATA_FORMAT: - return "The data submitted has the wrong format."; - - case TIME_NOT_AVAILABLE: - return "The TSA's time source is not available."; - - case UNACCEPTED_POLICY: - return "The requested TSA policy is not supported by the TSA."; - - case UNACCEPTED_EXTENSION: - return "The requested extension is not supported by the TSA."; - - case ADD_INFO_NOT_AVAILABLE: - return "The additional information requested could not be " + - "understood or is not available."; - - case SYSTEM_FAILURE: - return "The request cannot be handled due to system failure."; - - default: - return ("unknown status code " + status); - } + return ("unknown failure code"); } /** @@ -297,6 +296,10 @@ return tsToken; } + public TimestampToken getTimestampToken() { + return tstInfo; + } + /** * Retrieve the ASN.1 BER encoded timestamp token returned by the TSA. * @@ -323,29 +326,30 @@ // Parse status - DerValue status = derValue.data.getDerValue(); - // Parse status - this.status = status.data.getInteger(); - if (DEBUG) { - System.out.println("timestamp response: status=" + this.status); + DerValue statusInfo = derValue.data.getDerValue(); + this.status = statusInfo.data.getInteger(); + if (debug != null) { + debug.println("timestamp response: status=" + this.status); } // Parse statusString, if present - if (status.data.available() > 0) { - DerValue[] strings = status.data.getSequence(1); - statusString = new String[strings.length]; - for (int i = 0; i < strings.length; i++) { - statusString[i] = strings[i].data.getUTF8String(); + if (statusInfo.data.available() > 0) { + byte tag = (byte)statusInfo.data.peekByte(); + if (tag == DerValue.tag_SequenceOf) { + DerValue[] strings = statusInfo.data.getSequence(1); + statusString = new String[strings.length]; + for (int i = 0; i < strings.length; i++) { + statusString[i] = strings[i].getUTF8String(); + if (debug != null) { + debug.println("timestamp response: statusString=" + + statusString[i]); + } + } } } // Parse failInfo, if present - if (status.data.available() > 0) { - byte[] failInfo = status.data.getBitString(); - int failureInfo = (new Byte(failInfo[0])).intValue(); - if (failureInfo < 0 || failureInfo > 25 || failInfo.length != 1) { - throw new IOException("Bad encoding for timestamp response: " + - "unrecognized value for the failInfo element"); - } - this.failureInfo = failureInfo; + if (statusInfo.data.available() > 0) { + this.failureInfo + = statusInfo.data.getUnalignedBitString().toBooleanArray(); } // Parse timeStampToken, if present @@ -353,6 +357,7 @@ DerValue timestampToken = derValue.data.getDerValue(); encodedTsToken = timestampToken.toByteArray(); tsToken = new PKCS7(encodedTsToken); + tstInfo = new TimestampToken(tsToken.getContentInfo().getData()); } // Check the format of the timestamp response
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/src/share/classes/sun/security/tools/CertAndKeyGen.java Sat Nov 05 00:02:33 2011 -0700 @@ -0,0 +1,313 @@ +/* + * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools; + +import java.io.IOException; +import java.security.cert.X509Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateEncodingException; +import java.security.*; +import java.util.Date; + +import sun.security.pkcs10.PKCS10; +import sun.security.x509.AlgorithmId; +import sun.security.x509.CertificateAlgorithmId; +import sun.security.x509.CertificateIssuerName; +import sun.security.x509.CertificateSerialNumber; +import sun.security.x509.CertificateSubjectName; +import sun.security.x509.CertificateValidity; +import sun.security.x509.CertificateVersion; +import sun.security.x509.CertificateX509Key; +import sun.security.x509.X500Name; +import sun.security.x509.X509CertImpl; +import sun.security.x509.X509CertInfo; +import sun.security.x509.X509Key; + + +/** + * Generate a pair of keys, and provide access to them. This class is + * provided primarily for ease of use. + * + * <P>This provides some simple certificate management functionality. + * Specifically, it allows you to create self-signed X.509 certificates + * as well as PKCS 10 based certificate signing requests. + * + * <P>Keys for some public key signature algorithms have algorithm + * parameters, such as DSS/DSA. Some sites' Certificate Authorities + * adopt fixed algorithm parameters, which speeds up some operations + * including key generation and signing. <em>At this time, this interface + * does not provide a way to provide such algorithm parameters, e.g. + * by providing the CA certificate which includes those parameters.</em> + * + * <P>Also, note that at this time only signature-capable keys may be + * acquired through this interface. Diffie-Hellman keys, used for secure + * key exchange, may be supported later. + * + * @author David Brownell + * @author Hemma Prafullchandra + * @see PKCS10 + * @see X509CertImpl + */ +public final class CertAndKeyGen { + /** + * Creates a CertAndKeyGen object for a particular key type + * and signature algorithm. + * + * @param keyType type of key, e.g. "RSA", "DSA" + * @param sigAlg name of the signature algorithm, e.g. "MD5WithRSA", + * "MD2WithRSA", "SHAwithDSA". + * @exception NoSuchAlgorithmException on unrecognized algorithms. + */ + public CertAndKeyGen (String keyType, String sigAlg) + throws NoSuchAlgorithmException + { + keyGen = KeyPairGenerator.getInstance(keyType); + this.sigAlg = sigAlg; + } + + /** + * Creates a CertAndKeyGen object for a particular key type, + * signature algorithm, and provider. + * + * @param keyType type of key, e.g. "RSA", "DSA" + * @param sigAlg name of the signature algorithm, e.g. "MD5WithRSA", + * "MD2WithRSA", "SHAwithDSA". + * @param providerName name of the provider + * @exception NoSuchAlgorithmException on unrecognized algorithms. + * @exception NoSuchProviderException on unrecognized providers. + */ + public CertAndKeyGen (String keyType, String sigAlg, String providerName) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (providerName == null) { + keyGen = KeyPairGenerator.getInstance(keyType); + } else { + try { + keyGen = KeyPairGenerator.getInstance(keyType, providerName); + } catch (Exception e) { + // try first available provider instead + keyGen = KeyPairGenerator.getInstance(keyType); + } + } + this.sigAlg = sigAlg; + } + + /** + * Sets the source of random numbers used when generating keys. + * If you do not provide one, a system default facility is used. + * You may wish to provide your own source of random numbers + * to get a reproducible sequence of keys and signatures, or + * because you may be able to take advantage of strong sources + * of randomness/entropy in your environment. + */ + public void setRandom (SecureRandom generator) + { + prng = generator; + } + + // want "public void generate (X509Certificate)" ... inherit DSA/D-H param + + /** + * Generates a random public/private key pair, with a given key + * size. Different algorithms provide different degrees of security + * for the same key size, because of the "work factor" involved in + * brute force attacks. As computers become faster, it becomes + * easier to perform such attacks. Small keys are to be avoided. + * + * <P>Note that not all values of "keyBits" are valid for all + * algorithms, and not all public key algorithms are currently + * supported for use in X.509 certificates. If the algorithm + * you specified does not produce X.509 compatible keys, an + * invalid key exception is thrown. + * + * @param keyBits the number of bits in the keys. + * @exception InvalidKeyException if the environment does not + * provide X.509 public keys for this signature algorithm. + */ + public void generate (int keyBits) + throws InvalidKeyException + { + KeyPair pair; + + try { + if (prng == null) { + prng = new SecureRandom(); + } + keyGen.initialize(keyBits, prng); + pair = keyGen.generateKeyPair(); + + } catch (Exception e) { + throw new IllegalArgumentException(e.getMessage()); + } + + publicKey = pair.getPublic(); + privateKey = pair.getPrivate(); + } + + + /** + * Returns the public key of the generated key pair if it is of type + * <code>X509Key</code>, or null if the public key is of a different type. + * + * XXX Note: This behaviour is needed for backwards compatibility. + * What this method really should return is the public key of the + * generated key pair, regardless of whether or not it is an instance of + * <code>X509Key</code>. Accordingly, the return type of this method + * should be <code>PublicKey</code>. + */ + public X509Key getPublicKey() + { + if (!(publicKey instanceof X509Key)) { + return null; + } + return (X509Key)publicKey; + } + + + /** + * Returns the private key of the generated key pair. + * + * <P><STRONG><em>Be extremely careful when handling private keys. + * When private keys are not kept secret, they lose their ability + * to securely authenticate specific entities ... that is a huge + * security risk!</em></STRONG> + */ + public PrivateKey getPrivateKey () + { + return privateKey; + } + + + /** + * Returns a self-signed X.509v3 certificate for the public key. + * The certificate is immediately valid. No extensions. + * + * <P>Such certificates normally are used to identify a "Certificate + * Authority" (CA). Accordingly, they will not always be accepted by + * other parties. However, such certificates are also useful when + * you are bootstrapping your security infrastructure, or deploying + * system prototypes. + * + * @param myname X.500 name of the subject (who is also the issuer) + * @param firstDate the issue time of the certificate + * @param validity how long the certificate should be valid, in seconds + * @exception CertificateException on certificate handling errors. + * @exception InvalidKeyException on key handling errors. + * @exception SignatureException on signature handling errors. + * @exception NoSuchAlgorithmException on unrecognized algorithms. + * @exception NoSuchProviderException on unrecognized providers. + */ + public X509Certificate getSelfCertificate ( + X500Name myname, Date firstDate, long validity) + throws CertificateException, InvalidKeyException, SignatureException, + NoSuchAlgorithmException, NoSuchProviderException + { + X509CertImpl cert; + Date lastDate; + + try { + lastDate = new Date (); + lastDate.setTime (firstDate.getTime () + validity * 1000); + + CertificateValidity interval = + new CertificateValidity(firstDate,lastDate); + + X509CertInfo info = new X509CertInfo(); + // Add all mandatory attributes + info.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); + info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( + new java.util.Random().nextInt() & 0x7fffffff)); + AlgorithmId algID = AlgorithmId.get(sigAlg); + info.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId(algID)); + info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(myname)); + info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey)); + info.set(X509CertInfo.VALIDITY, interval); + info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname)); + + cert = new X509CertImpl(info); + cert.sign(privateKey, this.sigAlg); + + return (X509Certificate)cert; + + } catch (IOException e) { + throw new CertificateEncodingException("getSelfCert: " + + e.getMessage()); + } + } + + // Keep the old method + public X509Certificate getSelfCertificate (X500Name myname, long validity) + throws CertificateException, InvalidKeyException, SignatureException, + NoSuchAlgorithmException, NoSuchProviderException + { + return getSelfCertificate(myname, new Date(), validity); + } + + /** + * Returns a PKCS #10 certificate request. The caller uses either + * <code>PKCS10.print</code> or <code>PKCS10.toByteArray</code> + * operations on the result, to get the request in an appropriate + * transmission format. + * + * <P>PKCS #10 certificate requests are sent, along with some proof + * of identity, to Certificate Authorities (CAs) which then issue + * X.509 public key certificates. + * + * @param myname X.500 name of the subject + * @exception InvalidKeyException on key handling errors. + * @exception SignatureException on signature handling errors. + */ + public PKCS10 getCertRequest (X500Name myname) + throws InvalidKeyException, SignatureException + { + PKCS10 req = new PKCS10 (publicKey); + + try { + Signature signature = Signature.getInstance(sigAlg); + signature.initSign (privateKey); + req.encodeAndSign(myname, signature); + + } catch (CertificateException e) { + throw new SignatureException (sigAlg + " CertificateException"); + + } catch (IOException e) { + throw new SignatureException (sigAlg + " IOException"); + + } catch (NoSuchAlgorithmException e) { + // "can't happen" + throw new SignatureException (sigAlg + " unavailable?"); + } + return req; + } + + private SecureRandom prng; + private String sigAlg; + private KeyPairGenerator keyGen; + private PublicKey publicKey; + private PrivateKey privateKey; +}
--- a/jdk/src/share/classes/sun/security/tools/JarSigner.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/tools/JarSigner.java Sat Nov 05 00:02:33 2011 -0700 @@ -1277,11 +1277,10 @@ System.out.println(rb.getString("TSA.location.") + tsaUrl); } if (tsaCert != null) { - String certUrl = - TimestampedSigner.getTimestampingUrl(tsaCert); - if (certUrl != null) { + URI tsaURI = TimestampedSigner.getTimestampingURI(tsaCert); + if (tsaURI != null) { System.out.println(rb.getString("TSA.location.") + - certUrl); + tsaURI); } System.out.println(rb.getString("TSA.certificate.") + printCert("", tsaCert, false, 0, false));
--- a/jdk/src/share/classes/sun/security/tools/KeyTool.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/tools/KeyTool.java Sat Nov 05 00:02:33 2011 -0700 @@ -38,10 +38,12 @@ import java.security.Timestamp; import java.security.UnrecoverableEntryException; import java.security.UnrecoverableKeyException; +import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.Provider; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; +import java.security.cert.CertStoreException; import java.security.cert.CRL; import java.security.cert.X509Certificate; import java.security.cert.CertificateException; @@ -63,23 +65,16 @@ import javax.security.auth.x500.X500Principal; import sun.misc.BASE64Encoder; import sun.security.util.ObjectIdentifier; -import sun.security.pkcs.PKCS10; +import sun.security.pkcs10.PKCS10; +import sun.security.pkcs10.PKCS10Attribute; import sun.security.provider.X509Factory; +import sun.security.provider.certpath.CertStoreHelper; import sun.security.util.Password; -import sun.security.util.PathList; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; import sun.misc.BASE64Decoder; -import sun.security.pkcs.PKCS10Attribute; import sun.security.pkcs.PKCS9Attribute; -import sun.security.provider.certpath.ldap.LDAPCertStoreHelper; import sun.security.util.DerValue; import sun.security.x509.*; @@ -917,18 +912,13 @@ // Perform the specified command if (command == CERTREQ) { - PrintStream ps = null; if (filename != null) { - ps = new PrintStream(new FileOutputStream - (filename)); - out = ps; - } - try { + try (PrintStream ps = new PrintStream(new FileOutputStream + (filename))) { + doCertReq(alias, sigAlgName, ps); + } + } else { doCertReq(alias, sigAlgName, out); - } finally { - if (ps != null) { - ps.close(); - } } if (verbose && filename != null) { MessageFormat form = new MessageFormat(rb.getString @@ -941,18 +931,13 @@ doDeleteEntry(alias); kssave = true; } else if (command == EXPORTCERT) { - PrintStream ps = null; if (filename != null) { - ps = new PrintStream(new FileOutputStream - (filename)); - out = ps; - } - try { + try (PrintStream ps = new PrintStream(new FileOutputStream + (filename))) { + doExportCert(alias, ps); + } + } else { doExportCert(alias, out); - } finally { - if (ps != null) { - ps.close(); - } } if (filename != null) { MessageFormat form = new MessageFormat(rb.getString @@ -973,16 +958,12 @@ doGenSecretKey(alias, keyAlgName, keysize); kssave = true; } else if (command == IDENTITYDB) { - InputStream inStream = System.in; if (filename != null) { - inStream = new FileInputStream(filename); - } - try { - doImportIdentityDatabase(inStream); - } finally { - if (inStream != System.in) { - inStream.close(); + try (InputStream inStream = new FileInputStream(filename)) { + doImportIdentityDatabase(inStream); } + } else { + doImportIdentityDatabase(System.in); } } else if (command == IMPORTCERT) { InputStream inStream = System.in; @@ -1101,29 +1082,21 @@ if (alias == null) { alias = keyAlias; } - PrintStream ps = null; if (filename != null) { - ps = new PrintStream(new FileOutputStream(filename)); - out = ps; - } - try { + try (PrintStream ps = + new PrintStream(new FileOutputStream(filename))) { + doGenCRL(ps); + } + } else { doGenCRL(out); - } finally { - if (ps != null) { - ps.close(); - } } } else if (command == PRINTCERTREQ) { - InputStream inStream = System.in; if (filename != null) { - inStream = new FileInputStream(filename); - } - try { - doPrintCertReq(inStream, out); - } finally { - if (inStream != System.in) { - inStream.close(); + try (InputStream inStream = new FileInputStream(filename)) { + doPrintCertReq(inStream, out); } + } else { + doPrintCertReq(System.in, out); } } else if (command == PRINTCRL) { doPrintCRL(filename, out); @@ -2070,12 +2043,13 @@ } } } else { // must be LDAP, and uri is not null + // Lazily load LDAPCertStoreHelper if present + CertStoreHelper helper = CertStoreHelper.getInstance("LDAP"); String path = uri.getPath(); if (path.charAt(0) == '/') path = path.substring(1); - LDAPCertStoreHelper h = new LDAPCertStoreHelper(); - CertStore s = h.getCertStore(uri); + CertStore s = helper.getCertStore(uri); X509CRLSelector sel = - h.wrap(new X509CRLSelector(), null, path); + helper.wrap(new X509CRLSelector(), null, path); return s.getCRLs(sel); } } @@ -2259,18 +2233,12 @@ int pos = 0; while (entries.hasMoreElements()) { JarEntry je = entries.nextElement(); - InputStream is = null; - try { - is = jf.getInputStream(je); + try (InputStream is = jf.getInputStream(je)) { while (is.read(buffer) != -1) { // we just read. this will throw a SecurityException // if a signature/digest check fails. This also // populate the signers } - } finally { - if (is != null) { - is.close(); - } } CodeSigner[] signers = je.getCodeSigners(); if (signers != null) { @@ -2316,85 +2284,52 @@ out.println(rb.getString("Not.a.signed.jar.file")); } } else if (sslserver != null) { - SSLContext sc = SSLContext.getInstance("SSL"); - final boolean[] certPrinted = new boolean[1]; - sc.init(null, new TrustManager[] { - new X509TrustManager() { - - public java.security.cert.X509Certificate[] getAcceptedIssuers() { - return null; + // Lazily load SSLCertStoreHelper if present + CertStoreHelper helper = CertStoreHelper.getInstance("SSLServer"); + CertStore cs = helper.getCertStore(new URI("https://" + sslserver)); + Collection<? extends Certificate> chain; + try { + chain = cs.getCertificates(null); + if (chain.isEmpty()) { + // If the certs are not retrieved, we consider it an error + // even if the URL connection is successful. + throw new Exception(rb.getString( + "No.certificate.from.the.SSL.server")); + } + } catch (CertStoreException cse) { + if (cse.getCause() instanceof IOException) { + throw new Exception(rb.getString( + "No.certificate.from.the.SSL.server"), + cse.getCause()); + } else { + throw cse; + } + } + + int i = 0; + for (Certificate cert : chain) { + try { + if (rfc) { + dumpCert(cert, out); + } else { + out.println("Certificate #" + i++); + out.println("===================================="); + printX509Cert((X509Certificate)cert, out); + out.println(); } - - public void checkClientTrusted( - java.security.cert.X509Certificate[] certs, String authType) { - } - - public void checkServerTrusted( - java.security.cert.X509Certificate[] certs, String authType) { - for (int i=0; i<certs.length; i++) { - X509Certificate cert = certs[i]; - try { - if (rfc) { - dumpCert(cert, out); - } else { - out.println("Certificate #" + i); - out.println("===================================="); - printX509Cert(cert, out); - out.println(); - } - } catch (Exception e) { - if (debug) { - e.printStackTrace(); - } - } - } - - // Set to true where there's something to print - if (certs.length > 0) { - certPrinted[0] = true; - } + } catch (Exception e) { + if (debug) { + e.printStackTrace(); } } - }, null); - HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); - HttpsURLConnection.setDefaultHostnameVerifier( - new HostnameVerifier() { - public boolean verify(String hostname, SSLSession session) { - return true; - } - }); - // HTTPS instead of raw SSL, so that -Dhttps.proxyHost and - // -Dhttps.proxyPort can be used. Since we only go through - // the handshake process, an HTTPS server is not needed. - // This program should be able to deal with any SSL-based - // network service. - Exception ex = null; - try { - new URL("https://" + sslserver).openConnection().connect(); - } catch (Exception e) { - ex = e; - } - // If the certs are not printed out, we consider it an error even - // if the URL connection is successful. - if (!certPrinted[0]) { - Exception e = new Exception( - rb.getString("No.certificate.from.the.SSL.server")); - if (ex != null) { - e.initCause(ex); - } - throw e; } } else { - InputStream inStream = System.in; if (filename != null) { - inStream = new FileInputStream(filename); - } - try { - printCertFromStream(inStream, out); - } finally { - if (inStream != System.in) { - inStream.close(); + try (FileInputStream inStream = new FileInputStream(filename)) { + printCertFromStream(inStream, out); } + } else { + printCertFromStream(System.in, out); } } } @@ -2590,9 +2525,7 @@ X509Certificate cert = null; try { cert = (X509Certificate)cf.generateCertificate(in); - } catch (ClassCastException cce) { - throw new Exception(rb.getString("Input.not.an.X.509.certificate")); - } catch (CertificateException ce) { + } catch (ClassCastException | CertificateException ce) { throw new Exception(rb.getString("Input.not.an.X.509.certificate")); } @@ -3441,16 +3374,10 @@ if (!file.exists()) { return null; } - FileInputStream fis = null; KeyStore caks = null; - try { - fis = new FileInputStream(file); + try (FileInputStream fis = new FileInputStream(file)) { caks = KeyStore.getInstance(JKS); caks.load(fis, null); - } finally { - if (fis != null) { - fis.close(); - } } return caks; }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/src/share/classes/sun/security/tools/PathList.java Sat Nov 05 00:02:33 2011 -0700 @@ -0,0 +1,111 @@ +/* + * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.tools; + +import java.io.File; +import java.io.IOException; +import java.lang.String; +import java.util.StringTokenizer; +import java.net.URL; +import java.net.URLClassLoader; +import java.net.MalformedURLException; + +/** + * A utility class for handle path list + * + */ +public class PathList { + /** + * Utility method for appending path from pathFrom to pathTo. + * + * @param pathTo the target path + * @param pathSource the path to be appended to pathTo + * @return the resulting path + */ + public static String appendPath(String pathTo, String pathFrom) { + if (pathTo == null || pathTo.length() == 0) { + return pathFrom; + } else if (pathFrom == null || pathFrom.length() == 0) { + return pathTo; + } else { + return pathTo + File.pathSeparator + pathFrom; + } + } + + /** + * Utility method for converting a search path string to an array + * of directory and JAR file URLs. + * + * @param path the search path string + * @return the resulting array of directory and JAR file URLs + */ + public static URL[] pathToURLs(String path) { + StringTokenizer st = new StringTokenizer(path, File.pathSeparator); + URL[] urls = new URL[st.countTokens()]; + int count = 0; + while (st.hasMoreTokens()) { + URL url = fileToURL(new File(st.nextToken())); + if (url != null) { + urls[count++] = url; + } + } + if (urls.length != count) { + URL[] tmp = new URL[count]; + System.arraycopy(urls, 0, tmp, 0, count); + urls = tmp; + } + return urls; + } + + /** + * Returns the directory or JAR file URL corresponding to the specified + * local file name. + * + * @param file the File object + * @return the resulting directory or JAR file URL, or null if unknown + */ + private static URL fileToURL(File file) { + String name; + try { + name = file.getCanonicalPath(); + } catch (IOException e) { + name = file.getAbsolutePath(); + } + name = name.replace(File.separatorChar, '/'); + if (!name.startsWith("/")) { + name = "/" + name; + } + // If the file does not exist, then assume that it's a directory + if (!file.isFile()) { + name = name + "/"; + } + try { + return new URL("file", "", name); + } catch (MalformedURLException e) { + throw new IllegalArgumentException("file"); + } + } +}
--- a/jdk/src/share/classes/sun/security/tools/TimestampedSigner.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/tools/TimestampedSigner.java Sat Nov 05 00:02:33 2011 -0700 @@ -25,22 +25,14 @@ package sun.security.tools; -import java.io.ByteArrayOutputStream; import java.io.IOException; -import java.math.BigInteger; import java.net.URI; -import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.security.Principal; -import java.security.SecureRandom; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; -import java.util.List; import com.sun.jarsigner.*; -import java.util.Arrays; -import sun.security.pkcs.*; -import sun.security.timestamp.*; +import sun.security.pkcs.PKCS7; import sun.security.util.*; import sun.security.x509.*; @@ -57,36 +49,12 @@ public final class TimestampedSigner extends ContentSigner { /* - * Random number generator for creating nonce values - */ - private static final SecureRandom RANDOM; - static { - SecureRandom tmp = null; - try { - tmp = SecureRandom.getInstance("SHA1PRNG"); - } catch (NoSuchAlgorithmException e) { - // should not happen - } - RANDOM = tmp; - } - - /* * Object identifier for the subject information access X.509 certificate * extension. */ private static final String SUBJECT_INFO_ACCESS_OID = "1.3.6.1.5.5.7.1.11"; /* - * Object identifier for the timestamping key purpose. - */ - private static final String KP_TIMESTAMPING_OID = "1.3.6.1.5.5.7.3.8"; - - /* - * Object identifier for extendedKeyUsage extension - */ - private static final String EXTENDED_KEY_USAGE_OID = "2.5.29.37"; - - /* * Object identifier for the timestamping access descriptors. */ private static final ObjectIdentifier AD_TIMESTAMPING_Id; @@ -100,26 +68,6 @@ AD_TIMESTAMPING_Id = tmp; } - /* - * Location of the TSA. - */ - private String tsaUrl = null; - - /* - * TSA's X.509 certificate. - */ - private X509Certificate tsaCertificate = null; - - /* - * Generates an SHA-1 hash value for the data to be timestamped. - */ - private MessageDigest messageDigest = null; - - /* - * Parameters for the timestamping protocol. - */ - private boolean tsRequestCertificate = true; - /** * Instantiates a content signer that supports timestamped signatures. */ @@ -134,7 +82,7 @@ * and optionally the content that was signed, are packaged into a PKCS #7 * signed data message. * - * @param parameters The non-null input parameters. + * @param params The non-null input parameters. * @param omitContent true if the content should be omitted from the * signed data message. Otherwise the content is included. * @param applyTimestamp true if the signature should be timestamped. @@ -151,98 +99,41 @@ * @throws NullPointerException The exception is thrown if parameters is * null. */ - public byte[] generateSignedData(ContentSignerParameters parameters, + public byte[] generateSignedData(ContentSignerParameters params, boolean omitContent, boolean applyTimestamp) throws NoSuchAlgorithmException, CertificateException, IOException { - if (parameters == null) { + if (params == null) { throw new NullPointerException(); } - // Parse the signature algorithm to extract the digest and key - // algorithms. The expected format is: + // Parse the signature algorithm to extract the digest + // algorithm. The expected format is: // "<digest>with<encryption>" // or "<digest>with<encryption>and<mgf>" - String signatureAlgorithm = parameters.getSignatureAlgorithm(); - String keyAlgorithm = - AlgorithmId.getEncAlgFromSigAlg(signatureAlgorithm); - String digestAlgorithm = - AlgorithmId.getDigAlgFromSigAlg(signatureAlgorithm); - AlgorithmId digestAlgorithmId = AlgorithmId.get(digestAlgorithm); + String signatureAlgorithm = params.getSignatureAlgorithm(); - // Examine signer's certificate - X509Certificate[] signerCertificateChain = - parameters.getSignerCertificateChain(); - Principal issuerName = signerCertificateChain[0].getIssuerDN(); - if (!(issuerName instanceof X500Name)) { - // must extract the original encoded form of DN for subsequent - // name comparison checks (converting to a String and back to - // an encoded DN could cause the types of String attribute - // values to be changed) - X509CertInfo tbsCert = new - X509CertInfo(signerCertificateChain[0].getTBSCertificate()); - issuerName = (Principal) - tbsCert.get(CertificateIssuerName.NAME + "." + - CertificateIssuerName.DN_NAME); - } - BigInteger serialNumber = signerCertificateChain[0].getSerialNumber(); + X509Certificate[] signerChain = params.getSignerCertificateChain(); + byte[] signature = params.getSignature(); // Include or exclude content - byte[] content = parameters.getContent(); - ContentInfo contentInfo; - if (omitContent) { - contentInfo = new ContentInfo(ContentInfo.DATA_OID, null); - } else { - contentInfo = new ContentInfo(content); - } + byte[] content = (omitContent == true) ? null : params.getContent(); - // Generate the timestamp token - byte[] signature = parameters.getSignature(); - SignerInfo signerInfo = null; + URI tsaURI = null; if (applyTimestamp) { - - tsaCertificate = parameters.getTimestampingAuthorityCertificate(); - URI tsaUri = parameters.getTimestampingAuthority(); - if (tsaUri != null) { - tsaUrl = tsaUri.toString(); - } else { + tsaURI = params.getTimestampingAuthority(); + if (tsaURI == null) { // Examine TSA cert - String certUrl = getTimestampingUrl(tsaCertificate); - if (certUrl == null) { + tsaURI = getTimestampingURI( + params.getTimestampingAuthorityCertificate()); + if (tsaURI == null) { throw new CertificateException( "Subject Information Access extension not found"); } - tsaUrl = certUrl; } - - // Timestamp the signature - byte[] tsToken = generateTimestampToken(signature); - - // Insert the timestamp token into the PKCS #7 signer info element - // (as an unsigned attribute) - PKCS9Attributes unsignedAttrs = - new PKCS9Attributes(new PKCS9Attribute[]{ - new PKCS9Attribute( - PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_STR, - tsToken)}); - signerInfo = new SignerInfo((X500Name)issuerName, serialNumber, - digestAlgorithmId, null, AlgorithmId.get(keyAlgorithm), - signature, unsignedAttrs); - } else { - signerInfo = new SignerInfo((X500Name)issuerName, serialNumber, - digestAlgorithmId, AlgorithmId.get(keyAlgorithm), signature); } - - SignerInfo[] signerInfos = {signerInfo}; - AlgorithmId[] algorithms = {digestAlgorithmId}; - - // Create the PKCS #7 signed data message - PKCS7 p7 = new PKCS7(algorithms, contentInfo, signerCertificateChain, - null, signerInfos); - ByteArrayOutputStream p7out = new ByteArrayOutputStream(); - p7.encodeSignedData(p7out); - - return p7out.toByteArray(); + return PKCS7.generateSignedData(signature, signerChain, content, + params.getSignatureAlgorithm(), tsaURI); } /** @@ -253,9 +144,9 @@ * <tt>accessLocation</tt> field should contain an HTTP or HTTPS URL. * * @param tsaCertificate An X.509 certificate for the TSA. - * @return An HTTP or HTTPS URL or null if none was found. + * @return An HTTP or HTTPS URI or null if none was found. */ - public static String getTimestampingUrl(X509Certificate tsaCertificate) { + public static URI getTimestampingURI(X509Certificate tsaCertificate) { if (tsaCertificate == null) { return null; @@ -282,7 +173,7 @@ uri = (URIName) location.getName(); if (uri.getScheme().equalsIgnoreCase("http") || uri.getScheme().equalsIgnoreCase("https")) { - return uri.getName(); + return uri.getURI(); } } } @@ -292,97 +183,4 @@ } return null; } - - /* - * Returns a timestamp token from a TSA for the given content. - * Performs a basic check on the token to confirm that it has been signed - * by a certificate that is permitted to sign timestamps. - * - * @param toBeTimestamped The data to be timestamped. - * @throws IOException The exception is throw if an error occurs while - * communicating with the TSA. - * @throws CertificateException The exception is throw if the TSA's - * certificate is not permitted for timestamping. - */ - private byte[] generateTimestampToken(byte[] toBeTimestamped) - throws CertificateException, IOException { - - // Generate hash value for the data to be timestamped - // SHA-1 is always used. - if (messageDigest == null) { - try { - messageDigest = MessageDigest.getInstance("SHA-1"); - } catch (NoSuchAlgorithmException e) { - // ignore - } - } - byte[] digest = messageDigest.digest(toBeTimestamped); - - // Generate a timestamp - TSRequest tsQuery = new TSRequest(digest, "SHA-1"); - // Generate a nonce - BigInteger nonce = null; - if (RANDOM != null) { - nonce = new BigInteger(64, RANDOM); - tsQuery.setNonce(nonce); - } - tsQuery.requestCertificate(tsRequestCertificate); - - Timestamper tsa = new HttpTimestamper(tsaUrl); // use supplied TSA - TSResponse tsReply = tsa.generateTimestamp(tsQuery); - int status = tsReply.getStatusCode(); - // Handle TSP error - if (status != 0 && status != 1) { - int failureCode = tsReply.getFailureCode(); - if (failureCode == -1) { - throw new IOException("Error generating timestamp: " + - tsReply.getStatusCodeAsText()); - } else { - throw new IOException("Error generating timestamp: " + - tsReply.getStatusCodeAsText() + " " + - tsReply.getFailureCodeAsText()); - } - } - PKCS7 tsToken = tsReply.getToken(); - - TimestampToken tst = new TimestampToken(tsToken.getContentInfo().getData()); - if (!tst.getHashAlgorithm().equals( - new AlgorithmId(new ObjectIdentifier("1.3.14.3.2.26")))) { - throw new IOException("Digest algorithm not SHA-1 in timestamp token"); - } - if (!Arrays.equals(tst.getHashedMessage(), digest)) { - throw new IOException("Digest octets changed in timestamp token"); - } - - BigInteger replyNonce = tst.getNonce(); - if (replyNonce == null && nonce != null) { - throw new IOException("Nonce missing in timestamp token"); - } - if (replyNonce != null && !replyNonce.equals(nonce)) { - throw new IOException("Nonce changed in timestamp token"); - } - - // Examine the TSA's certificate (if present) - for (SignerInfo si: tsToken.getSignerInfos()) { - X509Certificate cert = si.getCertificate(tsToken); - if (cert == null) { - // Error, we've already set tsRequestCertificate = true - throw new CertificateException( - "Certificate not included in timestamp token"); - } else { - if (!cert.getCriticalExtensionOIDs().contains( - EXTENDED_KEY_USAGE_OID)) { - throw new CertificateException( - "Certificate is not valid for timestamping"); - } - List<String> keyPurposes = cert.getExtendedKeyUsage(); - if (keyPurposes == null || - ! keyPurposes.contains(KP_TIMESTAMPING_OID)) { - throw new CertificateException( - "Certificate is not valid for timestamping"); - } - } - } - return tsReply.getEncodedToken(); - } }
--- a/jdk/src/share/classes/sun/security/util/BigInt.java Fri Nov 04 12:36:40 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,198 +0,0 @@ -/* - * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.util; - -import java.math.BigInteger; - - -/** - * A low-overhead arbitrary-precision <em>unsigned</em> integer. - * This is intended for use with ASN.1 parsing, and printing of - * such parsed values. Convert to "BigInteger" if you need to do - * arbitrary precision arithmetic, rather than just represent - * the number as a wrapped array of bytes. - * - * <P><em><b>NOTE:</b> This class may eventually disappear, to - * be supplanted by big-endian byte arrays which hold both signed - * and unsigned arbitrary-precision integers.</em> - * - * @author David Brownell - */ -public final class BigInt { - - // Big endian -- MSB first. - private byte[] places; - - /** - * Constructs a "Big" integer from a set of (big-endian) bytes. - * Leading zeroes should be stripped off. - * - * @param data a sequence of bytes, most significant bytes/digits - * first. CONSUMED. - */ - public BigInt(byte[] data) { places = data.clone(); } - - /** - * Constructs a "Big" integer from a "BigInteger", which must be - * positive (or zero) in value. - */ - public BigInt(BigInteger i) { - byte[] temp = i.toByteArray(); - - if ((temp[0] & 0x80) != 0) - throw new IllegalArgumentException("negative BigInteger"); - - // XXX we assume exactly _one_ sign byte is used... - - if (temp[0] != 0) - places = temp; - else { - places = new byte[temp.length - 1]; - for (int j = 1; j < temp.length; j++) - places[j - 1] = temp[j]; - } - } - - /** - * Constructs a "Big" integer from a normal Java integer. - * - * @param i the java primitive integer - */ - public BigInt(int i) { - if (i < (1 << 8)) { - places = new byte[1]; - places[0] = (byte) i; - } else if (i < (1 << 16)) { - places = new byte[2]; - places[0] = (byte) (i >> 8); - places[1] = (byte) i; - } else if (i < (1 << 24)) { - places = new byte[3]; - places[0] = (byte) (i >> 16); - places[1] = (byte) (i >> 8); - places[2] = (byte) i; - } else { - places = new byte[4]; - places[0] = (byte) (i >> 24); - places[1] = (byte) (i >> 16); - places[2] = (byte) (i >> 8); - places[3] = (byte) i; - } - } - - /** - * Converts the "big" integer to a java primitive integer. - * - * @excpet NumberFormatException if 32 bits is insufficient. - */ - public int toInt() { - if (places.length > 4) - throw new NumberFormatException("BigInt.toLong, too big"); - int retval = 0, i = 0; - for (; i < places.length; i++) - retval = (retval << 8) + ((int)places[i] & 0xff); - return retval; - } - - /** - * Returns a hexadecimal printed representation. The value is - * formatted to fit on lines of at least 75 characters, with - * embedded newlines. Words are separated for readability, - * with eight words (32 bytes) per line. - */ - public String toString() { return hexify(); } - - /** - * Returns a BigInteger value which supports many arithmetic - * operations. Assumes negative values will never occur. - */ - public BigInteger toBigInteger() - { return new BigInteger(1, places); } - - /** - * Returns the data as a byte array. The most significant bit - * of the array is bit zero (as in <code>java.math.BigInteger</code>). - */ - public byte[] toByteArray() { return places.clone(); } - - private static final String digits = "0123456789abcdef"; - private String hexify() { - if (places.length == 0) - return " 0 "; - - StringBuffer buf = new StringBuffer(places.length * 2); - buf.append(" "); // four spaces - for (int i = 0; i < places.length; i++) { - buf.append(digits.charAt((places[i] >> 4) & 0x0f)); - buf.append(digits.charAt(places[i] & 0x0f)); - if (((i + 1) % 32) == 0) { - if ((i + 1) != places.length) - buf.append("\n "); // line after four words - } else if (((i + 1) % 4) == 0) - buf.append(' '); // space between words - } - return buf.toString(); - } - - /** - * Returns true iff the parameter is a numerically equivalent - * BigInt. - * - * @param other the object being compared with this one. - */ - public boolean equals(Object other) { - if (other instanceof BigInt) - return equals((BigInt) other); - return false; - } - - /** - * Returns true iff the parameter is numerically equivalent. - * - * @param other the BigInt being compared with this one. - */ - public boolean equals(BigInt other) { - if (this == other) - return true; - - byte[] otherPlaces = other.toByteArray(); - if (places.length != otherPlaces.length) - return false; - for (int i = 0; i < places.length; i++) - if (places[i] != otherPlaces[i]) - return false; - return true; - } - - /** - * Returns a hashcode for this BigInt. - * - * @return a hashcode for this BigInt. - */ - public int hashCode() { - return hexify().hashCode(); - } -}
--- a/jdk/src/share/classes/sun/security/util/Cache.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/util/Cache.java Sat Nov 05 00:02:33 2011 -0700 @@ -43,7 +43,7 @@ * * . optional lifetime, specified in seconds. * - * . save for concurrent use by multiple threads + * . safe for concurrent use by multiple threads * * . values are held by either standard references or via SoftReferences. * SoftReferences have the advantage that they are automatically cleared @@ -69,7 +69,7 @@ * * @author Andreas Sterbenz */ -public abstract class Cache { +public abstract class Cache<K,V> { protected Cache() { // empty @@ -88,12 +88,12 @@ /** * Add an entry to the cache. */ - public abstract void put(Object key, Object value); + public abstract void put(K key, V value); /** * Get a value from the cache. */ - public abstract Object get(Object key); + public abstract V get(Object key); /** * Remove an entry from the cache. @@ -113,14 +113,14 @@ /** * accept a visitor */ - public abstract void accept(CacheVisitor visitor); + public abstract void accept(CacheVisitor<K,V> visitor); /** * Return a new memory cache with the specified maximum size, unlimited * lifetime for entries, with the values held by SoftReferences. */ - public static Cache newSoftMemoryCache(int size) { - return new MemoryCache(true, size); + public static <K,V> Cache<K,V> newSoftMemoryCache(int size) { + return new MemoryCache<>(true, size); } /** @@ -128,23 +128,24 @@ * specified maximum lifetime (in seconds), with the values held * by SoftReferences. */ - public static Cache newSoftMemoryCache(int size, int timeout) { - return new MemoryCache(true, size, timeout); + public static <K,V> Cache<K,V> newSoftMemoryCache(int size, int timeout) { + return new MemoryCache<>(true, size, timeout); } /** * Return a new memory cache with the specified maximum size, unlimited * lifetime for entries, with the values held by standard references. */ - public static Cache newHardMemoryCache(int size) { - return new MemoryCache(false, size); + public static <K,V> Cache<K,V> newHardMemoryCache(int size) { + return new MemoryCache<>(false, size); } /** * Return a dummy cache that does nothing. */ - public static Cache newNullCache() { - return NullCache.INSTANCE; + @SuppressWarnings("unchecked") + public static <K,V> Cache<K,V> newNullCache() { + return (Cache<K,V>) NullCache.INSTANCE; } /** @@ -152,8 +153,8 @@ * specified maximum lifetime (in seconds), with the values held * by standard references. */ - public static Cache newHardMemoryCache(int size, int timeout) { - return new MemoryCache(false, size, timeout); + public static <K,V> Cache<K,V> newHardMemoryCache(int size, int timeout) { + return new MemoryCache<>(false, size, timeout); } /** @@ -193,15 +194,15 @@ } } - public interface CacheVisitor { - public void visit(Map<Object, Object> map); + public interface CacheVisitor<K,V> { + public void visit(Map<K,V> map); } } -class NullCache extends Cache { +class NullCache<K,V> extends Cache<K,V> { - final static Cache INSTANCE = new NullCache(); + final static Cache<Object,Object> INSTANCE = new NullCache<>(); private NullCache() { // empty @@ -215,11 +216,11 @@ // empty } - public void put(Object key, Object value) { + public void put(K key, V value) { // empty } - public Object get(Object key) { + public V get(Object key) { return null; } @@ -235,23 +236,26 @@ // empty } - public void accept(CacheVisitor visitor) { + public void accept(CacheVisitor<K,V> visitor) { // empty } } -class MemoryCache extends Cache { +class MemoryCache<K,V> extends Cache<K,V> { private final static float LOAD_FACTOR = 0.75f; // XXXX private final static boolean DEBUG = false; - private final Map<Object, CacheEntry> cacheMap; + private final Map<K, CacheEntry<K,V>> cacheMap; private int maxSize; private long lifetime; - private final ReferenceQueue<Object> queue; + + // ReferenceQueue is of type V instead of Cache<K,V> + // to allow SoftCacheEntry to extend SoftReference<V> + private final ReferenceQueue<V> queue; public MemoryCache(boolean soft, int maxSize) { this(soft, maxSize, 0); @@ -260,10 +264,13 @@ public MemoryCache(boolean soft, int maxSize, int lifetime) { this.maxSize = maxSize; this.lifetime = lifetime * 1000; - this.queue = soft ? new ReferenceQueue<Object>() : null; + if (soft) + this.queue = new ReferenceQueue<>(); + else + this.queue = null; + int buckets = (int)(maxSize / LOAD_FACTOR) + 1; - cacheMap = new LinkedHashMap<Object, CacheEntry>(buckets, - LOAD_FACTOR, true); + cacheMap = new LinkedHashMap<>(buckets, LOAD_FACTOR, true); } /** @@ -279,16 +286,17 @@ } int startSize = cacheMap.size(); while (true) { - CacheEntry entry = (CacheEntry)queue.poll(); + @SuppressWarnings("unchecked") + CacheEntry<K,V> entry = (CacheEntry<K,V>)queue.poll(); if (entry == null) { break; } - Object key = entry.getKey(); + K key = entry.getKey(); if (key == null) { // key is null, entry has already been removed continue; } - CacheEntry currentEntry = cacheMap.remove(key); + CacheEntry<K,V> currentEntry = cacheMap.remove(key); // check if the entry in the map corresponds to the expired // entry. If not, readd the entry if ((currentEntry != null) && (entry != currentEntry)) { @@ -314,9 +322,9 @@ } int cnt = 0; long time = System.currentTimeMillis(); - for (Iterator<CacheEntry> t = cacheMap.values().iterator(); + for (Iterator<CacheEntry<K,V>> t = cacheMap.values().iterator(); t.hasNext(); ) { - CacheEntry entry = t.next(); + CacheEntry<K,V> entry = t.next(); if (entry.isValid(time) == false) { t.remove(); cnt++; @@ -339,7 +347,7 @@ if (queue != null) { // if this is a SoftReference cache, first invalidate() all // entries so that GC does not have to enqueue them - for (CacheEntry entry : cacheMap.values()) { + for (CacheEntry<K,V> entry : cacheMap.values()) { entry.invalidate(); } while (queue.poll() != null) { @@ -349,12 +357,12 @@ cacheMap.clear(); } - public synchronized void put(Object key, Object value) { + public synchronized void put(K key, V value) { emptyQueue(); long expirationTime = (lifetime == 0) ? 0 : System.currentTimeMillis() + lifetime; - CacheEntry newEntry = newEntry(key, value, expirationTime, queue); - CacheEntry oldEntry = cacheMap.put(key, newEntry); + CacheEntry<K,V> newEntry = newEntry(key, value, expirationTime, queue); + CacheEntry<K,V> oldEntry = cacheMap.put(key, newEntry); if (oldEntry != null) { oldEntry.invalidate(); return; @@ -362,8 +370,8 @@ if (maxSize > 0 && cacheMap.size() > maxSize) { expungeExpiredEntries(); if (cacheMap.size() > maxSize) { // still too large? - Iterator<CacheEntry> t = cacheMap.values().iterator(); - CacheEntry lruEntry = t.next(); + Iterator<CacheEntry<K,V>> t = cacheMap.values().iterator(); + CacheEntry<K,V> lruEntry = t.next(); if (DEBUG) { System.out.println("** Overflow removal " + lruEntry.getKey() + " | " + lruEntry.getValue()); @@ -374,9 +382,9 @@ } } - public synchronized Object get(Object key) { + public synchronized V get(Object key) { emptyQueue(); - CacheEntry entry = cacheMap.get(key); + CacheEntry<K,V> entry = cacheMap.get(key); if (entry == null) { return null; } @@ -393,7 +401,7 @@ public synchronized void remove(Object key) { emptyQueue(); - CacheEntry entry = cacheMap.remove(key); + CacheEntry<K,V> entry = cacheMap.remove(key); if (entry != null) { entry.invalidate(); } @@ -402,9 +410,9 @@ public synchronized void setCapacity(int size) { expungeExpiredEntries(); if (size > 0 && cacheMap.size() > size) { - Iterator<CacheEntry> t = cacheMap.values().iterator(); + Iterator<CacheEntry<K,V>> t = cacheMap.values().iterator(); for (int i = cacheMap.size() - size; i > 0; i--) { - CacheEntry lruEntry = t.next(); + CacheEntry<K,V> lruEntry = t.next(); if (DEBUG) { System.out.println("** capacity reset removal " + lruEntry.getKey() + " | " + lruEntry.getValue()); @@ -431,60 +439,61 @@ } // it is a heavyweight method. - public synchronized void accept(CacheVisitor visitor) { + public synchronized void accept(CacheVisitor<K,V> visitor) { expungeExpiredEntries(); - Map<Object, Object> cached = getCachedEntries(); + Map<K,V> cached = getCachedEntries(); visitor.visit(cached); } - private Map<Object, Object> getCachedEntries() { - Map<Object,Object> kvmap = new HashMap<Object,Object>(cacheMap.size()); + private Map<K,V> getCachedEntries() { + Map<K,V> kvmap = new HashMap<>(cacheMap.size()); - for (CacheEntry entry : cacheMap.values()) { + for (CacheEntry<K,V> entry : cacheMap.values()) { kvmap.put(entry.getKey(), entry.getValue()); } return kvmap; } - protected CacheEntry newEntry(Object key, Object value, - long expirationTime, ReferenceQueue<Object> queue) { + protected CacheEntry<K,V> newEntry(K key, V value, + long expirationTime, ReferenceQueue<V> queue) { if (queue != null) { - return new SoftCacheEntry(key, value, expirationTime, queue); + return new SoftCacheEntry<>(key, value, expirationTime, queue); } else { - return new HardCacheEntry(key, value, expirationTime); + return new HardCacheEntry<>(key, value, expirationTime); } } - private static interface CacheEntry { + private static interface CacheEntry<K,V> { boolean isValid(long currentTime); void invalidate(); - Object getKey(); + K getKey(); - Object getValue(); + V getValue(); } - private static class HardCacheEntry implements CacheEntry { + private static class HardCacheEntry<K,V> implements CacheEntry<K,V> { - private Object key, value; + private K key; + private V value; private long expirationTime; - HardCacheEntry(Object key, Object value, long expirationTime) { + HardCacheEntry(K key, V value, long expirationTime) { this.key = key; this.value = value; this.expirationTime = expirationTime; } - public Object getKey() { + public K getKey() { return key; } - public Object getValue() { + public V getValue() { return value; } @@ -503,24 +512,25 @@ } } - private static class SoftCacheEntry - extends SoftReference<Object> implements CacheEntry { + private static class SoftCacheEntry<K,V> + extends SoftReference<V> + implements CacheEntry<K,V> { - private Object key; + private K key; private long expirationTime; - SoftCacheEntry(Object key, Object value, long expirationTime, - ReferenceQueue<Object> queue) { + SoftCacheEntry(K key, V value, long expirationTime, + ReferenceQueue<V> queue) { super(value, queue); this.key = key; this.expirationTime = expirationTime; } - public Object getKey() { + public K getKey() { return key; } - public Object getValue() { + public V getValue() { return get(); }
--- a/jdk/src/share/classes/sun/security/util/Debug.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/util/Debug.java Sat Nov 05 00:02:33 2011 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -80,6 +80,7 @@ System.err.println("policy loading and granting"); System.err.println("provider security provider debugging"); System.err.println("scl permissions SecureClassLoader assigns"); + System.err.println("ts timestamping"); System.err.println(); System.err.println("The following can be used with access:"); System.err.println();
--- a/jdk/src/share/classes/sun/security/util/PathList.java Fri Nov 04 12:36:40 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,111 +0,0 @@ -/* - * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.util; - -import java.io.File; -import java.io.IOException; -import java.lang.String; -import java.util.StringTokenizer; -import java.net.URL; -import java.net.URLClassLoader; -import java.net.MalformedURLException; - -/** - * A utility class for handle path list - * - */ -public class PathList { - /** - * Utility method for appending path from pathFrom to pathTo. - * - * @param pathTo the target path - * @param pathSource the path to be appended to pathTo - * @return the resulting path - */ - public static String appendPath(String pathTo, String pathFrom) { - if (pathTo == null || pathTo.length() == 0) { - return pathFrom; - } else if (pathFrom == null || pathFrom.length() == 0) { - return pathTo; - } else { - return pathTo + File.pathSeparator + pathFrom; - } - } - - /** - * Utility method for converting a search path string to an array - * of directory and JAR file URLs. - * - * @param path the search path string - * @return the resulting array of directory and JAR file URLs - */ - public static URL[] pathToURLs(String path) { - StringTokenizer st = new StringTokenizer(path, File.pathSeparator); - URL[] urls = new URL[st.countTokens()]; - int count = 0; - while (st.hasMoreTokens()) { - URL url = fileToURL(new File(st.nextToken())); - if (url != null) { - urls[count++] = url; - } - } - if (urls.length != count) { - URL[] tmp = new URL[count]; - System.arraycopy(urls, 0, tmp, 0, count); - urls = tmp; - } - return urls; - } - - /** - * Returns the directory or JAR file URL corresponding to the specified - * local file name. - * - * @param file the File object - * @return the resulting directory or JAR file URL, or null if unknown - */ - private static URL fileToURL(File file) { - String name; - try { - name = file.getCanonicalPath(); - } catch (IOException e) { - name = file.getAbsolutePath(); - } - name = name.replace(File.separatorChar, '/'); - if (!name.startsWith("/")) { - name = "/" + name; - } - // If the file does not exist, then assume that it's a directory - if (!file.isFile()) { - name = name + "/"; - } - try { - return new URL("file", "", name); - } catch (MalformedURLException e) { - throw new IllegalArgumentException("file"); - } - } -}
--- a/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java Sat Nov 05 00:02:33 2011 -0700 @@ -35,7 +35,6 @@ import java.util.jar.*; import sun.security.pkcs.*; -import sun.security.timestamp.TimestampToken; import sun.misc.BASE64Decoder; import sun.security.jca.Providers; @@ -485,7 +484,7 @@ signers = new ArrayList<CodeSigner>(); } // Append the new code signer - signers.add(new CodeSigner(certChain, getTimestamp(info))); + signers.add(new CodeSigner(certChain, info.getTimestamp())); if (debug != null) { debug.println("Signature Block Certificate: " + @@ -500,62 +499,6 @@ } } - /* - * Examines a signature timestamp token to generate a timestamp object. - * - * Examines the signer's unsigned attributes for a - * <tt>signatureTimestampToken</tt> attribute. If present, - * then it is parsed to extract the date and time at which the - * timestamp was generated. - * - * @param info A signer information element of a PKCS 7 block. - * - * @return A timestamp token or null if none is present. - * @throws IOException if an error is encountered while parsing the - * PKCS7 data. - * @throws NoSuchAlgorithmException if an error is encountered while - * verifying the PKCS7 object. - * @throws SignatureException if an error is encountered while - * verifying the PKCS7 object. - * @throws CertificateException if an error is encountered while generating - * the TSA's certpath. - */ - private Timestamp getTimestamp(SignerInfo info) - throws IOException, NoSuchAlgorithmException, SignatureException, - CertificateException { - - Timestamp timestamp = null; - - // Extract the signer's unsigned attributes - PKCS9Attributes unsignedAttrs = info.getUnauthenticatedAttributes(); - if (unsignedAttrs != null) { - PKCS9Attribute timestampTokenAttr = - unsignedAttrs.getAttribute("signatureTimestampToken"); - if (timestampTokenAttr != null) { - PKCS7 timestampToken = - new PKCS7((byte[])timestampTokenAttr.getValue()); - // Extract the content (an encoded timestamp token info) - byte[] encodedTimestampTokenInfo = - timestampToken.getContentInfo().getData(); - // Extract the signer (the Timestamping Authority) - // while verifying the content - SignerInfo[] tsa = - timestampToken.verify(encodedTimestampTokenInfo); - // Expect only one signer - ArrayList<X509Certificate> chain = - tsa[0].getCertificateChain(timestampToken); - CertPath tsaChain = certificateFactory.generateCertPath(chain); - // Create a timestamp token info object - TimestampToken timestampTokenInfo = - new TimestampToken(encodedTimestampTokenInfo); - // Create a timestamp object - timestamp = - new Timestamp(timestampTokenInfo.getDate(), tsaChain); - } - } - return timestamp; - } - // for the toHex function private static final char[] hexc = {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
--- a/jdk/src/share/classes/sun/security/x509/CertAndKeyGen.java Fri Nov 04 12:36:40 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,301 +0,0 @@ -/* - * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.x509; - -import java.io.IOException; -import java.security.cert.X509Certificate; -import java.security.cert.CertificateException; -import java.security.cert.CertificateEncodingException; -import java.security.*; -import java.util.Date; - -import sun.security.pkcs.PKCS10; - - -/** - * Generate a pair of keys, and provide access to them. This class is - * provided primarily for ease of use. - * - * <P>This provides some simple certificate management functionality. - * Specifically, it allows you to create self-signed X.509 certificates - * as well as PKCS 10 based certificate signing requests. - * - * <P>Keys for some public key signature algorithms have algorithm - * parameters, such as DSS/DSA. Some sites' Certificate Authorities - * adopt fixed algorithm parameters, which speeds up some operations - * including key generation and signing. <em>At this time, this interface - * does not provide a way to provide such algorithm parameters, e.g. - * by providing the CA certificate which includes those parameters.</em> - * - * <P>Also, note that at this time only signature-capable keys may be - * acquired through this interface. Diffie-Hellman keys, used for secure - * key exchange, may be supported later. - * - * @author David Brownell - * @author Hemma Prafullchandra - * @see PKCS10 - * @see X509CertImpl - */ -public final class CertAndKeyGen { - /** - * Creates a CertAndKeyGen object for a particular key type - * and signature algorithm. - * - * @param keyType type of key, e.g. "RSA", "DSA" - * @param sigAlg name of the signature algorithm, e.g. "MD5WithRSA", - * "MD2WithRSA", "SHAwithDSA". - * @exception NoSuchAlgorithmException on unrecognized algorithms. - */ - public CertAndKeyGen (String keyType, String sigAlg) - throws NoSuchAlgorithmException - { - keyGen = KeyPairGenerator.getInstance(keyType); - this.sigAlg = sigAlg; - } - - /** - * Creates a CertAndKeyGen object for a particular key type, - * signature algorithm, and provider. - * - * @param keyType type of key, e.g. "RSA", "DSA" - * @param sigAlg name of the signature algorithm, e.g. "MD5WithRSA", - * "MD2WithRSA", "SHAwithDSA". - * @param providerName name of the provider - * @exception NoSuchAlgorithmException on unrecognized algorithms. - * @exception NoSuchProviderException on unrecognized providers. - */ - public CertAndKeyGen (String keyType, String sigAlg, String providerName) - throws NoSuchAlgorithmException, NoSuchProviderException - { - if (providerName == null) { - keyGen = KeyPairGenerator.getInstance(keyType); - } else { - try { - keyGen = KeyPairGenerator.getInstance(keyType, providerName); - } catch (Exception e) { - // try first available provider instead - keyGen = KeyPairGenerator.getInstance(keyType); - } - } - this.sigAlg = sigAlg; - } - - /** - * Sets the source of random numbers used when generating keys. - * If you do not provide one, a system default facility is used. - * You may wish to provide your own source of random numbers - * to get a reproducible sequence of keys and signatures, or - * because you may be able to take advantage of strong sources - * of randomness/entropy in your environment. - */ - public void setRandom (SecureRandom generator) - { - prng = generator; - } - - // want "public void generate (X509Certificate)" ... inherit DSA/D-H param - - /** - * Generates a random public/private key pair, with a given key - * size. Different algorithms provide different degrees of security - * for the same key size, because of the "work factor" involved in - * brute force attacks. As computers become faster, it becomes - * easier to perform such attacks. Small keys are to be avoided. - * - * <P>Note that not all values of "keyBits" are valid for all - * algorithms, and not all public key algorithms are currently - * supported for use in X.509 certificates. If the algorithm - * you specified does not produce X.509 compatible keys, an - * invalid key exception is thrown. - * - * @param keyBits the number of bits in the keys. - * @exception InvalidKeyException if the environment does not - * provide X.509 public keys for this signature algorithm. - */ - public void generate (int keyBits) - throws InvalidKeyException - { - KeyPair pair; - - try { - if (prng == null) { - prng = new SecureRandom(); - } - keyGen.initialize(keyBits, prng); - pair = keyGen.generateKeyPair(); - - } catch (Exception e) { - throw new IllegalArgumentException(e.getMessage()); - } - - publicKey = pair.getPublic(); - privateKey = pair.getPrivate(); - } - - - /** - * Returns the public key of the generated key pair if it is of type - * <code>X509Key</code>, or null if the public key is of a different type. - * - * XXX Note: This behaviour is needed for backwards compatibility. - * What this method really should return is the public key of the - * generated key pair, regardless of whether or not it is an instance of - * <code>X509Key</code>. Accordingly, the return type of this method - * should be <code>PublicKey</code>. - */ - public X509Key getPublicKey() - { - if (!(publicKey instanceof X509Key)) { - return null; - } - return (X509Key)publicKey; - } - - - /** - * Returns the private key of the generated key pair. - * - * <P><STRONG><em>Be extremely careful when handling private keys. - * When private keys are not kept secret, they lose their ability - * to securely authenticate specific entities ... that is a huge - * security risk!</em></STRONG> - */ - public PrivateKey getPrivateKey () - { - return privateKey; - } - - - /** - * Returns a self-signed X.509v3 certificate for the public key. - * The certificate is immediately valid. No extensions. - * - * <P>Such certificates normally are used to identify a "Certificate - * Authority" (CA). Accordingly, they will not always be accepted by - * other parties. However, such certificates are also useful when - * you are bootstrapping your security infrastructure, or deploying - * system prototypes. - * - * @param myname X.500 name of the subject (who is also the issuer) - * @param firstDate the issue time of the certificate - * @param validity how long the certificate should be valid, in seconds - * @exception CertificateException on certificate handling errors. - * @exception InvalidKeyException on key handling errors. - * @exception SignatureException on signature handling errors. - * @exception NoSuchAlgorithmException on unrecognized algorithms. - * @exception NoSuchProviderException on unrecognized providers. - */ - public X509Certificate getSelfCertificate ( - X500Name myname, Date firstDate, long validity) - throws CertificateException, InvalidKeyException, SignatureException, - NoSuchAlgorithmException, NoSuchProviderException - { - X509CertImpl cert; - Date lastDate; - - try { - lastDate = new Date (); - lastDate.setTime (firstDate.getTime () + validity * 1000); - - CertificateValidity interval = - new CertificateValidity(firstDate,lastDate); - - X509CertInfo info = new X509CertInfo(); - // Add all mandatory attributes - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); - info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( - new java.util.Random().nextInt() & 0x7fffffff)); - AlgorithmId algID = AlgorithmId.get(sigAlg); - info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(algID)); - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(myname)); - info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey)); - info.set(X509CertInfo.VALIDITY, interval); - info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname)); - - cert = new X509CertImpl(info); - cert.sign(privateKey, this.sigAlg); - - return (X509Certificate)cert; - - } catch (IOException e) { - throw new CertificateEncodingException("getSelfCert: " + - e.getMessage()); - } - } - - // Keep the old method - public X509Certificate getSelfCertificate (X500Name myname, long validity) - throws CertificateException, InvalidKeyException, SignatureException, - NoSuchAlgorithmException, NoSuchProviderException - { - return getSelfCertificate(myname, new Date(), validity); - } - - /** - * Returns a PKCS #10 certificate request. The caller uses either - * <code>PKCS10.print</code> or <code>PKCS10.toByteArray</code> - * operations on the result, to get the request in an appropriate - * transmission format. - * - * <P>PKCS #10 certificate requests are sent, along with some proof - * of identity, to Certificate Authorities (CAs) which then issue - * X.509 public key certificates. - * - * @param myname X.500 name of the subject - * @exception InvalidKeyException on key handling errors. - * @exception SignatureException on signature handling errors. - */ - public PKCS10 getCertRequest (X500Name myname) - throws InvalidKeyException, SignatureException - { - PKCS10 req = new PKCS10 (publicKey); - - try { - Signature signature = Signature.getInstance(sigAlg); - signature.initSign (privateKey); - req.encodeAndSign(myname, signature); - - } catch (CertificateException e) { - throw new SignatureException (sigAlg + " CertificateException"); - - } catch (IOException e) { - throw new SignatureException (sigAlg + " IOException"); - - } catch (NoSuchAlgorithmException e) { - // "can't happen" - throw new SignatureException (sigAlg + " unavailable?"); - } - return req; - } - - private SecureRandom prng; - private String sigAlg; - private KeyPairGenerator keyGen; - private PublicKey publicKey; - private PrivateKey privateKey; -}
--- a/jdk/src/share/classes/sun/text/resources/CollationData_th.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/text/resources/CollationData_th.java Sat Nov 05 00:02:33 2011 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -103,18 +103,13 @@ // // Normal vowels // + + "< \u0E4D " // NIKHAHIT + "< \u0E30 " // SARA A + "< \u0E31 " // MAI HAN-AKAT + "< \u0E32 " // SARA AA - // Normalizer will decompose this character to \u0e4d\u0e32. This is - // a Bad Thing, because we want the separate characters to sort - // differently than this individual one. Since there's no public way to - // set the decomposition to be used when creating a collator, there's - // no way around this right now. - // It's best to go ahead and leave the character in, because it occurs - // this way a lot more often than it occurs as separate characters. - + "< \u0E33 " // SARA AM + // Normalizer will decompose this character to \u0e4d\u0e32. + + "< \u0E33 = \u0E4D\u0E32 " // SARA AM + "< \u0E34 " // SARA I @@ -133,62 +128,58 @@ + "< \u0E43 " // SARA AI MAIMUAN + "< \u0E44 " // SARA AI MAIMALAI - // - // Digits - // - + "< \u0E50 " // DIGIT ZERO - + "< \u0E51 " // DIGIT ONE - + "< \u0E52 " // DIGIT TWO - + "< \u0E53 " // DIGIT THREE - + "< \u0E54 " // DIGIT FOUR - + "< \u0E55 " // DIGIT FIVE - + "< \u0E56 " // DIGIT SIX - + "< \u0E57 " // DIGIT SEVEN - + "< \u0E58 " // DIGIT EIGHT - + "< \u0E59 " // DIGIT NINE - // Sorta tonal marks, but maybe not really - + "< \u0E4D " // NIKHAHIT + //according to CLDR, it's after 0e44 + + "< \u0E3A " // PHINTHU - // - // Thai symbols are supposed to sort "after white space". - // I'm treating this as making them sort just after the normal Latin-1 - // symbols, which are in turn after the white space. - // - + "&'\u007d'" // right-brace - + "< \u0E2F " // PAIYANNOI (ellipsis, abbreviation) - + "< \u0E46 " // MAIYAMOK - + "< \u0E4F " // FONGMAN - + "< \u0E5A " // ANGKHANKHU - + "< \u0E5B " // KHOMUT - + "< \u0E3F " // CURRENCY SYMBOL BAHT - // These symbols are supposed to be "after all characters" - + "< \u0E4E " // YAMAKKAN - // This rare symbol also comes after all characters. But when it is - // used in combination with RU and LU, the combination is treated as - // a separate letter, ala "CH" sorting after "C" in traditional Spanish. + // This rare symbol comes after all characters. + "< \u0E45 " // LAKKHANGYAO - + "& \u0E24 < \u0E24\u0E45 " - + "& \u0E26 < \u0E26\u0E45 " + + "& \u0E32 , \0E45 " // According to CLDR, 0E45 is after 0E32 in tertiary level - // Tonal marks are primary ignorables but are treated as secondary - // differences + + + + // Below are thai puntuation marks and Tonal(Accent) marks. According to CLDR 1.9 and + // ISO/IEC 14651, Annex C, C.2.1 Thai ordering principles, 0E2F to 0E5B are punctuaion marks that need to be ignored + // in the first three leveles. 0E4E to 0E4B are tonal marks to be compared in secondary level. + // In real implmentation, set puncutation marks in tertiary as there is no fourth level in Java. + // Set all these special marks after \u0301, the accute accent. + "& \u0301 " // acute accent + + //puncutation marks + + ", \u0E2F " // PAIYANNOI (ellipsis, abbreviation) + + ", \u0E46 " // MAIYAMOK + + ", \u0E4F " // FONGMAN + + ", \u0E5A " // ANGKHANKHU + + ", \u0E5B " // KHOMUT + + //tonal marks + + "; \u0E4E " // YAMAKKAN + + "; \u0E4C " // THANTHAKHAT + "; \u0E47 " // MAITAIKHU + "; \u0E48 " // MAI EK + "; \u0E49 " // MAI THO + "; \u0E4A " // MAI TRI + "; \u0E4B " // MAI CHATTAWA - + "; \u0E4C " // THANTHAKHAT + // + // Digits are equal to their corresponding Arabic digits in the first level + // + + "& 0 = \u0E50 " // DIGIT ZERO + + "& 1 = \u0E51 " // DIGIT ONE + + "& 2 = \u0E52 " // DIGIT TWO + + "& 3 = \u0E53 " // DIGIT THREE + + "& 4 = \u0E54 " // DIGIT FOUR + + "& 5 = \u0E55 " // DIGIT FIVE + + "& 6 = \u0E56 " // DIGIT SIX + + "& 7 = \u0E57 " // DIGIT SEVEN + + "& 8 = \u0E58 " // DIGIT EIGHT + + "& 9 = \u0E59 " // DIGIT NINE - // These are supposed to be ignored, so I'm treating them as controls - + "& \u0001 " - + "= \u0E3A " // PHINTHU - + "= '.' " // period - } + + } }; } }
--- a/jdk/src/share/classes/sun/util/resources/CalendarData_lv.properties Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/util/resources/CalendarData_lv.properties Sat Nov 05 00:02:33 2011 -0700 @@ -1,5 +1,5 @@ # -# Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -23,21 +23,45 @@ # questions. # -# (C) Copyright Taligent, Inc. 1996, 1997 - All Rights Reserved -# (C) Copyright IBM Corp. 1996 - 1999 - All Rights Reserved # -# The original version of this source code and documentation -# is copyrighted and owned by Taligent, Inc., a wholly-owned -# subsidiary of IBM. These materials are provided under terms -# of a License Agreement between Taligent and Sun. This technology -# is protected by multiple US and International patents. +# COPYRIGHT AND PERMISSION NOTICE # -# This notice and attribution to Taligent may not be removed. -# Taligent is a registered trademark of Taligent, Inc. +# Copyright (C) 1991-2011 Unicode, Inc. All rights reserved. +# Distributed under the Terms of Use in http://www.unicode.org/copyright.html. +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of the Unicode data files and any associated documentation (the +# "Data Files") or Unicode software and any associated documentation +# (the "Software") to deal in the Data Files or Software without +# restriction, including without limitation the rights to use, copy, +# modify, merge, publish, distribute, and/or sell copies of the Data +# Files or Software, and to permit persons to whom the Data Files or +# Software are furnished to do so, provided that (a) the above copyright +# notice(s) and this permission notice appear with all copies of the +# Data Files or Software, (b) both the above copyright notice(s) and +# this permission notice appear in associated documentation, and (c) +# there is clear notice in each modified Data File or in the Software as +# well as in the documentation associated with the Data File(s) or +# Software that the data or software has been modified. +# +# THE DATA FILES AND SOFTWARE ARE PROVIDED "AS IS", WITHOUT WARRANTY OF +# ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE +# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT +# HOLDER OR HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR +# ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THE DATA FILES OR +# SOFTWARE. +# +# Except as contained in this notice, the name of a copyright holder +# shall not be used in advertising or otherwise to promote the sale, use +# or other dealings in these Data Files or Software without prior +# written authorization of the copyright holder. - -# This bundle is empty because the data of the base bundle -# is adequate for this locale. -# The bundle is necessary to prevent the resource -# bundle lookup from falling back to the default -# locale. +# +# Generated automatically from the Common Locale Data Repository. DO NOT EDIT! +# +firstDayOfWeek=2 +minimalDaysInFirstWeek=4
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java Sat Nov 05 00:02:33 2011 -0700 @@ -103,6 +103,8 @@ "Eastern Daylight Time", "EDT"}; String EST_NSW[] = new String[] {"Eastern Standard Time (New South Wales)", "EST", "Eastern Summer Time (New South Wales)", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"Ghana Mean Time", "GMT", "Ghana Summer Time", "GHST"}; String GAMBIER[] = new String[] {"Gambier Time", "GAMT", @@ -186,7 +188,7 @@ String SAMOA[] = new String[] {"Samoa Standard Time", "SST", "Samoa Daylight Time", "SDT"}; String WST_SAMOA[] = new String[] {"West Samoa Time", "WST", - "West Samoa Summer Time", "WSST"}; + "West Samoa Daylight Time", "WSDT"}; String ChST[] = new String[] {"Chamorro Standard Time", "ChST", "Chamorro Daylight Time", "ChDT"}; String VICTORIA[] = new String[] {"Eastern Standard Time (Victoria)", "EST", @@ -511,6 +513,7 @@ "Tajikistan Summer Time", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"Hovd Time", "HOVT", @@ -674,9 +677,8 @@ {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ "Samara Summer Time", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ "Volgograd Summer Time", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_de.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_de.java Sat Nov 05 00:02:33 2011 -0700 @@ -103,6 +103,8 @@ "\u00d6stliche Sommerzeit", "EDT"}; String EST_NSW[] = new String[] {"\u00d6stliche Normalzeit (New South Wales)", "EST", "\u00d6stliche Sommerzeit (New South Wales)", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"Ghanaische Normalzeit", "GMT", "Ghanaische Sommerzeit", "GHST"}; String GAMBIER[] = new String[] {"Gambier Zeit", "GAMT", @@ -186,7 +188,7 @@ String SAMOA[] = new String[] {"Samoa Normalzeit", "SST", "Samoa Sommerzeit", "SDT"}; String WST_SAMOA[] = new String[] {"West Samoa Zeit", "WST", - "West Samoa Sommerzeit", "WSST"}; + "West Samoa Sommerzeit", "WSDT"}; String ChST[] = new String[] {"Chamorro Normalzeit", "ChST", "Chamorro Sommerzeit", "ChDT"}; String VICTORIA[] = new String[] {"\u00d6stliche Normalzeit (Victoria)", "EST", @@ -511,6 +513,7 @@ "Tadschikische Sommerzeit", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"Hovd Zeit", "HOVT", @@ -674,9 +677,8 @@ {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ "Samarische Sommerzeit", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ "Wolgograder Sommerzeit", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_es.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_es.java Sat Nov 05 00:02:33 2011 -0700 @@ -103,6 +103,8 @@ "Hora de verano Oriental", "EDT"}; String EST_NSW[] = new String[] {"Hora est\u00e1ndar Oriental (Nueva Gales del Sur)", "EST", "Hora de verano Oriental (Nueva Gales del Sur)", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"Hora central de Ghana", "GMT", "Hora de verano de Ghana", "GHST"}; String GAMBIER[] = new String[] {"Hora de Gambier", "GAMT", @@ -186,7 +188,7 @@ String SAMOA[] = new String[] {"Hora est\u00e1ndar de Samoa", "SST", "Hora de verano de Samoa", "SDT"}; String WST_SAMOA[] = new String[] {"Hora de Samoa Occidental", "WST", - "Hora de verano de Samoa Occidental", "WSST"}; + "Hora de verano de Samoa Occidental", "WSDT"}; String ChST[] = new String[] {"Hora est\u00e1ndar de Chamorro", "ChST", "Hora de verano de Chamorro", "ChDT"}; String VICTORIA[] = new String[] {"Hora est\u00e1ndar del Este (Victoria)", "EST", @@ -511,6 +513,7 @@ "Hora de verano de Tajikist\u00e1n", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"Hora de Hovd", "HOVT", @@ -674,9 +677,8 @@ {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ "Hora de verano de Samara", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ "Hora de verano de Volgogrado", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_fr.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_fr.java Sat Nov 05 00:02:33 2011 -0700 @@ -103,6 +103,8 @@ "Heure avanc\u00e9e de l'Est", "EDT"} ; String EST_NSW[] = new String[] {"Heure normale de l'Est (Nouvelle-Galles du Sud)", "EST", "Heure d'\u00e9t\u00e9 de l'Est (Nouvelle-Galles du Sud)", "EST"} ; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"Heure du Ghana", "GMT", "Heure d'\u00e9t\u00e9 du Ghana", "GHST"}; String GAMBIER[] = new String[] {"Heure de Gambi", "GAMT", @@ -186,7 +188,7 @@ String SAMOA[] = new String[] {"Heure standard de Samoa", "SST", "Heure avanc\u00e9e de Samoa", "SDT"}; String WST_SAMOA[] = new String[] {"Heure des Samoas occidentales", "WST", - "Heure d'\u00e9t\u00e9 des Samoas occidentales", "WSST"} ; + "Heure d'\u00e9t\u00e9 des Samoas occidentales", "WSDT"} ; String ChST[] = new String[] {"Heure normale des \u00eeles Mariannes", "ChST", "Heure d'\u00e9t\u00e9 des \u00eeles Mariannes", "ChDT"}; String VICTORIA[] = new String[] {"Heure standard d'Australie orientale (Victoria)", "EST", @@ -511,6 +513,7 @@ "Heure d'\u00e9t\u00e9 du Tadjikistan", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"Heure de Hovd", "HOVT", @@ -674,9 +677,8 @@ {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ "Heure d'\u00e9t\u00e9 de Samara", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ "Heure d'\u00e9t\u00e9 de Volgograd", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_it.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_it.java Sat Nov 05 00:02:33 2011 -0700 @@ -103,6 +103,8 @@ "Ora legale USA orientale", "EDT"}; String EST_NSW[] = new String[] {"Ora solare dell'Australia orientale (Nuovo Galles del Sud)", "EST", "Ora estiva dell'Australia orientale (Nuovo Galles del Sud)", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"Ora media del Ghana", "GMT", "Ora legale del Ghana", "GHST"}; String GAMBIER[] = new String[] {"Ora di Gambier", "GAMT", @@ -186,7 +188,7 @@ String SAMOA[] = new String[] {"Ora standard di Samoa", "SST", "Ora legale di Samoa", "SDT"}; String WST_SAMOA[] = new String[] {"Ora di Samoa", "WST", - "Ora estiva di Samoa", "WSST"}; + "Ora estiva di Samoa", "WSDT"}; String ChST[] = new String[] {"Ora standard di Chamorro", "ChST", "Ora legale di Chamorro", "ChDT"}; String VICTORIA[] = new String[] {"Ora orientale standard (Victoria)", "EST", @@ -511,6 +513,7 @@ "Ora estiva del Tagikistan", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"Ora di Hovd", "HOVT", @@ -674,9 +677,8 @@ {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ "Ora estiva di Samara", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ "Ora estiva di Volgograd", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ja.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ja.java Sat Nov 05 00:02:33 2011 -0700 @@ -103,6 +103,8 @@ "\u6771\u90e8\u590f\u6642\u9593", "EDT"}; String EST_NSW[] = new String[] {"\u6771\u90e8\u6a19\u6e96\u6642 (\u30cb\u30e5\u30fc\u30b5\u30a6\u30b9\u30a6\u30a7\u30fc\u30eb\u30ba)", "EST", "\u6771\u90e8\u590f\u6642\u9593 (\u30cb\u30e5\u30fc\u30b5\u30a6\u30b9\u30a6\u30a7\u30fc\u30eb\u30ba)", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"\u30ac\u30fc\u30ca\u6a19\u6e96\u6642", "GMT", "\u30ac\u30fc\u30ca\u590f\u6642\u9593", "GHST"}; String GAMBIER[] = new String[] {"\u30ac\u30f3\u30d3\u30a2\u6642\u9593", "GAMT", @@ -186,7 +188,7 @@ String SAMOA[] = new String[] {"\u30b5\u30e2\u30a2\u6a19\u6e96\u6642", "SST", "\u30b5\u30e2\u30a2\u590f\u6642\u9593", "SDT"}; String WST_SAMOA[] = new String[] {"\u897f\u30b5\u30e2\u30a2\u6642\u9593", "WST", - "\u897f\u30b5\u30e2\u30a2\u590f\u6642\u9593", "WSST"}; + "\u897f\u30b5\u30e2\u30a2\u590f\u6642\u9593", "WSDT"}; String ChST[] = new String[] {"\u30b0\u30a2\u30e0\u6a19\u6e96\u6642", "ChST", "\u30b0\u30a2\u30e0\u590f\u6642\u9593", "ChDT"}; String VICTORIA[] = new String[] {"\u6771\u90e8\u6a19\u6e96\u6642 (\u30d3\u30af\u30c8\u30ea\u30a2)", "EST", @@ -511,6 +513,7 @@ "\u30bf\u30b8\u30ad\u30b9\u30bf\u30f3\u590f\u6642\u9593", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"\u30db\u30d6\u30c9\u6642\u9593", "HOVT", @@ -674,9 +677,8 @@ {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ "\u30b5\u30de\u30e9\u590f\u6642\u9593", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ "\u30dc\u30eb\u30b4\u30b0\u30e9\u30fc\u30c9\u590f\u6642\u9593", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ko.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ko.java Sat Nov 05 00:02:33 2011 -0700 @@ -103,6 +103,8 @@ "\ub3d9\ubd80 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "EDT"}; String EST_NSW[] = new String[] {"\ub3d9\ubd80 \ud45c\uc900\uc2dc(\ub274 \uc0ac\uc6b0\uc2a4 \uc6e8\uc77c\uc988)", "EST", "\ub3d9\ubd80 \uc77c\uad11\uc808\uc57d\uc2dc\uac04(\ub274 \uc0ac\uc6b0\uc2a4 \uc6e8\uc77c\uc988)", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"\uac00\ub098 \ud45c\uc900\uc2dc", "GMT", "\uac00\ub098 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "GHST"}; String GAMBIER[] = new String[] {"\uac10\ube44\uc544 \uc2dc\uac04", "GAMT", @@ -186,7 +188,7 @@ String SAMOA[] = new String[] {"\uc0ac\ubaa8\uc544 \ud45c\uc900\uc2dc", "SST", "\uc0ac\ubaa8\uc544 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "SDT"}; String WST_SAMOA[] = new String[] {"\uc11c\uc0ac\ubaa8\uc544 \uc2dc\uac04", "WST", - "\uc11c\uc0ac\ubaa8\uc544 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "WSST"}; + "\uc11c\uc0ac\ubaa8\uc544 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "WSDT"}; String ChST[] = new String[] {"\ucc28\ubaa8\ub85c \ud45c\uc900\uc2dc", "ChST", "\ucc28\ubaa8\ub85c \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "ChDT"}; String VICTORIA[] = new String[] {"\ub3d9\ubd80 \ud45c\uc900\uc2dc(\ube45\ud1a0\ub9ac\uc544)", "EST", @@ -511,6 +513,7 @@ "\ud0c0\uc9c0\ud0a4\uc2a4\ud0c4 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"Hovd \uc2dc\uac04", "HOVT", @@ -674,9 +677,8 @@ {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ "\uc0ac\ub9c8\ub77c \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ "\ubcfc\uace0\uadf8\ub77c\ub4dc \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_pt_BR.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_pt_BR.java Sat Nov 05 00:02:33 2011 -0700 @@ -101,6 +101,8 @@ "Hor\u00e1rio de luz natural oriental", "EDT"}; String EST_NSW[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o oriental (Nova Gales do Sul)", "EST", "Fuso hor\u00e1rio de ver\u00e3o oriental (Nova Gales do Sul)", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"Fuso hor\u00e1rio do meridiano de Gana", "GMT", "Fuso hor\u00e1rio de ver\u00e3o de Gana", "GHST"}; String GAMBIER[] = new String[] {"Fuso hor\u00e1rio de Gambier", "GAMT", @@ -184,7 +186,7 @@ String SAMOA[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o de Samoa", "SST", "Hor\u00e1rio de luz natural de Samoa", "SDT"}; String WST_SAMOA[] = new String[] {"Fuso hor\u00e1rio de Samoa Ocidental", "WST", - "Fuso hor\u00e1rio de ver\u00e3o de Samoa Ocidental", "WSST"}; + "Fuso hor\u00e1rio de ver\u00e3o de Samoa Ocidental", "WSDT"}; String ChST[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o de Chamorro", "ChST", "Hor\u00e1rio de luz natural de Chamorro", "ChDT"}; String VICTORIA[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o oriental (Victoria)", "EST", @@ -511,6 +513,7 @@ "Fuso hor\u00e1rio de ver\u00e3o do Tadjiquist\u00e3o", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"Fuso hor\u00e1rio de Hovd", "HOVT", @@ -674,9 +677,8 @@ {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ "Fuso hor\u00e1rio de ver\u00e3o de Samara", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ "Fuso hor\u00e1rio de ver\u00e3o de Volgogrado", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_sv.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_sv.java Sat Nov 05 00:02:33 2011 -0700 @@ -103,6 +103,8 @@ "Eastern, sommartid", "EDT"}; String EST_NSW[] = new String[] {"Eastern, normaltid (Nya Sydwales)", "EST", "Eastern, sommartid (Nya Sydwales)", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"Ghana, normaltid", "GMT", "Ghana, sommartid", "GHST"}; String GAMBIER[] = new String[] {"Gambier, normaltid", "GAMT", @@ -186,7 +188,7 @@ String SAMOA[] = new String[] {"Samoa, normaltid", "SST", "Samoa, sommartid", "SDT"}; String WST_SAMOA[] = new String[] {"V\u00e4stsamoansk tid", "WST", - "V\u00e4stsamoansk sommartid", "WSST"}; + "V\u00e4stsamoansk sommartid", "WSDT"}; String ChST[] = new String[] {"Chamorro, normaltid", "ChST", "Chamorro, sommartid", "ChDT"}; String VICTORIA[] = new String[] {"\u00d6stlig normaltid (Victoria)", "EST", @@ -511,6 +513,7 @@ "Tadzjikistan, sommartid", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"Hovd, normaltid", "HOVT", @@ -674,9 +677,8 @@ {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ "Samara, sommartid", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ "Volgograd, sommartid", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_CN.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_CN.java Sat Nov 05 00:02:33 2011 -0700 @@ -103,6 +103,8 @@ "\u4e1c\u90e8\u590f\u4ee4\u65f6", "EDT"}; String EST_NSW[] = new String[] {"\u4e1c\u90e8\u6807\u51c6\u65f6\u95f4\uff08\u65b0\u5357\u5a01\u5c14\u65af\uff09", "EST", "\u4e1c\u90e8\u590f\u4ee4\u65f6\uff08\u65b0\u5357\u5a01\u5c14\u65af\uff09", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"\u52a0\u7eb3\u65f6\u95f4", "GMT", "\u52a0\u7eb3\u590f\u4ee4\u65f6", "GHST"}; String GAMBIER[] = new String[] {"\u5188\u6bd4\u4e9a\u65f6\u95f4", "GAMT", @@ -186,7 +188,7 @@ String SAMOA[] = new String[] {"\u8428\u6469\u4e9a\u7fa4\u5c9b\u6807\u51c6\u65f6\u95f4", "SST", "\u8428\u6469\u4e9a\u7fa4\u5c9b\u590f\u4ee4\u65f6", "SDT"}; String WST_SAMOA[] = new String[] {"\u897f\u8428\u6469\u4e9a\u65f6\u95f4", "WST", - "\u897f\u8428\u6469\u4e9a\u590f\u4ee4\u65f6", "WSST"}; + "\u897f\u8428\u6469\u4e9a\u590f\u4ee4\u65f6", "WSDT"}; String ChST[] = new String[] {"Chamorro \u6807\u51c6\u65f6\u95f4", "ChST", "Chamorro \u590f\u4ee4\u65f6", "ChDT"}; String VICTORIA[] = new String[] {"\u4e1c\u90e8\u6807\u51c6\u65f6\u95f4\uff08\u7ef4\u591a\u5229\u4e9a\uff09", "EST", @@ -511,6 +513,7 @@ "\u5854\u5409\u514b\u65af\u5766\u590f\u4ee4\u65f6", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"\u79d1\u5e03\u591a\u65f6\u95f4", "HOVT", @@ -674,9 +677,8 @@ {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ "\u6c99\u9a6c\u62c9\u590f\u4ee4\u65f6", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ "\u4f0f\u5c14\u52a0\u683c\u52d2\u590f\u4ee4\u65f6", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_TW.java Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_TW.java Sat Nov 05 00:02:33 2011 -0700 @@ -103,6 +103,8 @@ "\u6771\u65b9\u65e5\u5149\u7bc0\u7d04\u6642\u9593", "EDT"}; String EST_NSW[] = new String[] {"\u6771\u65b9\u6a19\u6e96\u6642\u9593 (\u65b0\u5357\u5a01\u723e\u65af)", "EST", "\u6771\u65b9\u590f\u4ee4\u6642\u9593 (\u65b0\u5357\u5a01\u723e\u65af)", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"\u8fe6\u7d0d\u5e73\u5747\u6642\u9593", "GMT", "\u8fe6\u7d0d\u590f\u4ee4\u6642\u9593", "GHST"}; String GAMBIER[] = new String[] {"\u7518\u6bd4\u723e\u6642\u9593", "GAMT", @@ -186,7 +188,7 @@ String SAMOA[] = new String[] {"\u85a9\u6469\u4e9e\u6a19\u6e96\u6642\u9593", "SST", "\u85a9\u6469\u4e9e\u65e5\u5149\u7bc0\u7d04\u6642\u9593", "SDT"}; String WST_SAMOA[] = new String[] {"\u897f\u85a9\u6469\u4e9e\u6642\u9593", "WST", - "\u897f\u85a9\u6469\u4e9e\u590f\u4ee4\u6642\u9593", "WSST"}; + "\u897f\u85a9\u6469\u4e9e\u590f\u4ee4\u6642\u9593", "WSDT"}; String ChST[] = new String[] {"\u67e5\u83ab\u6d1b\u6a19\u6e96\u6642\u9593", "ChST", "\u67e5\u83ab\u6d1b\u65e5\u5149\u7bc0\u7d04\u6642\u9593", "ChDT"}; String VICTORIA[] = new String[] {"\u6771\u90e8\u6a19\u6e96\u6642\u9593 (\u7dad\u591a\u5229\u4e9e\u90a6)", "EST", @@ -511,6 +513,7 @@ "\u5854\u5409\u514b\u590f\u4ee4\u6642\u9593", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"\u4faf\u5fb7 (Hovd) \u6642\u9593", "HOVT", @@ -675,9 +678,8 @@ {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -685,7 +687,7 @@ {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -698,14 +700,14 @@ "\u6c99\u99ac\u62c9\u590f\u4ee4\u6642\u9593", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -714,7 +716,7 @@ "\u4f0f\u723e\u52a0\u683c\u52d2\u590f\u4ee4\u6642\u9593", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST},
--- a/jdk/src/share/lib/security/sunpkcs11-solaris.cfg Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/lib/security/sunpkcs11-solaris.cfg Sat Nov 05 00:02:33 2011 -0700 @@ -11,6 +11,9 @@ handleStartupErrors = ignoreAll +# Use the X9.63 encoding for EC points (do not wrap in an ASN.1 OctetString). +useEcX963Encoding = true + attributes = compatibility disabledMechanisms = {
--- a/jdk/src/share/native/java/io/ObjectInputStream.c Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/native/java/io/ObjectInputStream.c Sat Nov 05 00:02:33 2011 -0700 @@ -173,16 +173,3 @@ (*env)->ReleasePrimitiveArrayCritical(env, dst, doubles, 0); } -/* - * Class: java_io_ObjectInputStream - * Method: latestUserDefinedLoader - * Signature: ()Ljava/lang/ClassLoader; - * - * Returns the first non-null class loader up the execution stack, or null - * if only code from the null class loader is on the stack. - */ -JNIEXPORT jobject JNICALL -Java_java_io_ObjectInputStream_latestUserDefinedLoader(JNIEnv *env, jclass cls) -{ - return JVM_LatestUserDefinedLoader(env); -}
--- a/jdk/src/share/native/sun/misc/VM.c Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/native/sun/misc/VM.c Sat Nov 05 00:02:33 2011 -0700 @@ -111,6 +111,11 @@ get_thread_state_info(env, JAVA_THREAD_STATE_TERMINATED, values, names); } +JNIEXPORT jobject JNICALL +Java_sun_misc_VM_latestUserDefinedLoader(JNIEnv *env, jclass cls) { + return JVM_LatestUserDefinedLoader(env); +} + typedef void (JNICALL *GetJvmVersionInfo_fp)(JNIEnv*, jvm_version_info*, size_t); JNIEXPORT void JNICALL
--- a/jdk/src/share/native/sun/rmi/server/MarshalInputStream.c Fri Nov 04 12:36:40 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,44 +0,0 @@ -/* - * Copyright (c) 2000, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -#include "jni.h" -#include "jvm.h" -#include "jni_util.h" - -#include "sun_rmi_server_MarshalInputStream.h" - -/* - * Class: sun_rmi_server_MarshalInputStream - * Method: latestUserDefinedLoader - * Signature: ()Ljava/lang/ClassLoader; - * - * Returns the first non-null class loader up the execution stack, or null - * if only code from the null class loader is on the stack. - */ -JNIEXPORT jobject JNICALL -Java_sun_rmi_server_MarshalInputStream_latestUserDefinedLoader(JNIEnv *env, jclass cls) -{ - return JVM_LatestUserDefinedLoader(env); -}
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c Fri Nov 04 12:36:40 2011 +0000 +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c Sat Nov 05 00:02:33 2011 -0700 @@ -273,7 +273,7 @@ /* allocate memory for CK_VERSION pointer */ ckpVersion = (CK_VERSION_PTR) malloc(sizeof(CK_VERSION)); if (ckpVersion == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } ckpVersion->major = jByteToCKByte(jMajor); @@ -326,7 +326,7 @@ /* allocate memory for CK_DATE pointer */ ckpDate = (CK_DATE *) malloc(sizeof(CK_DATE)); if (ckpDate == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } @@ -340,7 +340,7 @@ jTempChars = (jchar*) malloc((ckLength) * sizeof(jchar)); if (jTempChars == NULL) { free(ckpDate); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } (*env)->GetCharArrayRegion(env, jYear, 0, ckLength, jTempChars); @@ -364,7 +364,7 @@ jTempChars = (jchar*) malloc((ckLength) * sizeof(jchar)); if (jTempChars == NULL) { free(ckpDate); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } (*env)->GetCharArrayRegion(env, jMonth, 0, ckLength, jTempChars); @@ -388,7 +388,7 @@ jTempChars = (jchar*) malloc((ckLength) * sizeof(jchar)); if (jTempChars == NULL) { free(ckpDate); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } (*env)->GetCharArrayRegion(env, jDay, 0, ckLength, jTempChars); @@ -558,7 +558,7 @@ if (ckParam.pulOutputLen == NULL) { free(ckParam.pSeed); free(ckParam.pLabel); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return ckParam; } jByteArrayToCKByteArray(env, jOutput, &(ckParam.pOutput), ckParam.pulOutputLen); @@ -665,7 +665,7 @@ if (ckParam.pReturnedKeyMaterial == NULL) { free(ckParam.RandomInfo.pClientRandom); free(ckParam.RandomInfo.pServerRandom); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return ckParam; } @@ -1013,7 +1013,7 @@ ckpParam = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR) malloc(sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1040,7 +1040,7 @@ ckpParam = (CK_SSL3_KEY_MAT_PARAMS_PTR) malloc(sizeof(CK_SSL3_KEY_MAT_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1067,7 +1067,7 @@ ckpParam = (CK_TLS_PRF_PARAMS_PTR) malloc(sizeof(CK_TLS_PRF_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1094,7 +1094,7 @@ ckpParam = (CK_AES_CTR_PARAMS_PTR) malloc(sizeof(CK_AES_CTR_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1121,7 +1121,7 @@ ckpParam = (CK_RSA_PKCS_OAEP_PARAMS_PTR) malloc(sizeof(CK_RSA_PKCS_OAEP_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1148,7 +1148,7 @@ ckpParam = (CK_PBE_PARAMS_PTR) malloc(sizeof(CK_PBE_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1175,7 +1175,7 @@ ckpParam = (CK_PKCS5_PBKD2_PARAMS_PTR) malloc(sizeof(CK_PKCS5_PBKD2_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1202,7 +1202,7 @@ ckpParam = (CK_RSA_PKCS_PSS_PARAMS_PTR) malloc(sizeof(CK_RSA_PKCS_PSS_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1229,7 +1229,7 @@ ckpParam = (CK_ECDH1_DERIVE_PARAMS_PTR) malloc(sizeof(CK_ECDH1_DERIVE_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1256,7 +1256,7 @@ ckpParam = (CK_ECDH2_DERIVE_PARAMS_PTR) malloc(sizeof(CK_ECDH2_DERIVE_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1283,7 +1283,7 @@ ckpParam = (CK_X9_42_DH1_DERIVE_PARAMS_PTR) malloc(sizeof(CK_X9_42_DH1_DERIVE_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1310,7 +1310,7 @@ ckpParam = (CK_X9_42_DH2_DERIVE_PARAMS_PTR) malloc(sizeof(CK_X9_42_DH2_DERIVE_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0);