openjdk/jdk8u
1
0
Fork 0
mirror of https://github.com/openjdk/jdk8u.git synced 2025-12-10 10:44:16 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge

Browse Source
This commit is contained in:
Andrew John Hughes 2023-10-31 14:46:44 +00:00
commit 8de4819440
52 changed files with 1513 additions and 578 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
corba/src/share/classes/com/sun/corba/se/impl/orbutil/IORCheckImpl.java Normal file
View File

@ -0,0 +1,109 @@
/*
* Copyright (c) 2023, Azul Systems, Inc. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.corba.se.impl.orbutil;
import java.io.InvalidObjectException;
import java.security.AccessController;
import java.util.*;
import sun.security.action.GetPropertyAction;
public final class IORCheckImpl {
private static final Set<String> stubsToCheck;
static {
boolean checkLocalStubs =
!getBooleanProperty(ORBConstants.DISABLE_IOR_CHECK_FOR_LOCAL_STUBS,
getBooleanProperty(ORBConstants.ALLOW_DESERIALIZE_OBJECT, false));
boolean checkRemoteStubs =
getBooleanProperty(ORBConstants.ENABLE_IOR_CHECK_FOR_REMOTE_STUBS, false);
stubsToCheck = getStubsToCheck(checkLocalStubs, checkRemoteStubs);
}
private static Set<String> getStubsToCheck(boolean checkLocalStubs, boolean checkRemoteStubs) {
if (!checkLocalStubs && !checkRemoteStubs) {
return Collections.emptySet();
}
List<String> stubs = new ArrayList<>();
if (checkLocalStubs) {
stubs.addAll(getLocalStubs());
}
if (checkRemoteStubs) {
stubs.addAll(getRemoteStubs());
}
return Collections.unmodifiableSet(new HashSet<>(stubs));
}
private static List<String> getLocalStubs() {
String[] localStubs = {
"org.omg.DynamicAny._DynAnyFactoryStub",
"org.omg.DynamicAny._DynAnyStub",
"org.omg.DynamicAny._DynArrayStub",
"org.omg.DynamicAny._DynEnumStub",
"org.omg.DynamicAny._DynFixedStub",
"org.omg.DynamicAny._DynSequenceStub",
"org.omg.DynamicAny._DynStructStub",
"org.omg.DynamicAny._DynUnionStub",
"org.omg.DynamicAny._DynValueStub"
};
return Arrays.asList(localStubs);
}
private static List<String> getRemoteStubs() {
String[] remoteStubs = {
"com.sun.corba.se.spi.activation._ActivatorStub",
"com.sun.corba.se.spi.activation._InitialNameServiceStub",
"com.sun.corba.se.spi.activation._LocatorStub",
"com.sun.corba.se.spi.activation._RepositoryStub",
"com.sun.corba.se.spi.activation._ServerManagerStub",
"com.sun.corba.se.spi.activation._ServerStub",
"org.omg.CosNaming._BindingIteratorStub",
"org.omg.CosNaming._NamingContextExtStub",
"org.omg.CosNaming._NamingContextStub",
"org.omg.PortableServer._ServantActivatorStub",
"org.omg.PortableServer._ServantLocatorStub"
};
return Arrays.asList(remoteStubs);
}
/*
* The str parameter is expected to start with "IOR:".
* Otherwise, the method throws the InvalidObjectException exception.
*/
public static void check(String str, String stubClassName) throws InvalidObjectException {
if (stubsToCheck.contains(stubClassName) && !str.startsWith(ORBConstants.STRINGIFY_PREFIX)) {
throw new InvalidObjectException("IOR: expected");
}
}
private static boolean getBooleanProperty(String property, boolean defaultValue) {
String value = AccessController.doPrivileged(
new GetPropertyAction(property, String.valueOf(defaultValue)));
return "true".equalsIgnoreCase(value);
}
}

6
corba/src/share/classes/com/sun/corba/se/impl/orbutil/ORBConstants.java
View File

@ -317,8 +317,14 @@ public class ORBConstants {
public static final String DYNAMIC_STUB_FACTORY_FACTORY_CLASS =
SUN_PREFIX + "ORBDynamicStubFactoryFactoryClass" ;
// This property is provided for backward compatibility reasons
public static final String ALLOW_DESERIALIZE_OBJECT = SUN_PREFIX + "ORBAllowDeserializeObject" ;
// Disables the IOR check for the ORB constrained stubs
public static final String DISABLE_IOR_CHECK_FOR_LOCAL_STUBS = ORG_OMG_PREFIX + "DynamicAny.disableIORCheck" ;
// Enables the IOR check for the Remote CORBA services stubs
public static final String ENABLE_IOR_CHECK_FOR_REMOTE_STUBS = ORG_OMG_CORBA_PREFIX + "IDL.Stubs.enableIORCheck";
// Constants for NameService properties ************************************
public static final int DEFAULT_INITIAL_PORT = 900;

8
corba/src/share/classes/com/sun/tools/corba/se/idl/toJavaPortable/Stub.java
View File

@ -101,6 +101,7 @@ public class Stub implements AuxGen
Util.mkdir (pkg);
name = pkg + '/' + name;
}
stubClassName = name.replace('/', '.');
stream = Util.getStream (name.replace ('/', File.separatorChar) + ".java", i);
} // openStream
@ -342,11 +343,7 @@ public class Stub implements AuxGen
stream.println (" private void readObject (java.io.ObjectInputStream s) throws java.io.IOException");
stream.println (" {");
stream.println (" String str = s.readUTF ();");
if ("DynAnyFactory".equals (i.name ())) {
stream.println (" if (!str.startsWith(com.sun.corba.se.impl.orbutil.ORBConstants.STRINGIFY_PREFIX) &&");
stream.println (" !Boolean.getBoolean(com.sun.corba.se.impl.orbutil.ORBConstants.ALLOW_DESERIALIZE_OBJECT))");
stream.println (" throw new java.io.InvalidObjectException(\"IOR: expected\");");
}
stream.println (" com.sun.corba.se.impl.orbutil.IORCheckImpl.check(str, \"" + stubClassName + "\");");
stream.println (" String[] args = null;");
stream.println (" java.util.Properties props = null;");
stream.println (" org.omg.CORBA.ORB orb = org.omg.CORBA.ORB.init (args, props);");
@ -382,4 +379,5 @@ public class Stub implements AuxGen
protected String classSuffix = "";
protected boolean localStub = false;
private boolean isAbstract = false;
private String stubClassName = null;
} // class Stub

43
jdk/make/data/cacerts/certignarootca Normal file
View File

@ -0,0 +1,43 @@
Owner: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR
Issuer: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR
Serial number: cae91b89f155030da3e6416dc4e3a6e1
Valid from: Tue Oct 01 08:32:27 GMT 2013 until: Sat Oct 01 08:32:27 GMT 2033
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 4096-bit RSA key
Version: 3
-----BEGIN CERTIFICATE-----
MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAw
WjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAw
MiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0x
MzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjdaMFoxCzAJBgNVBAYTAkZSMRIwEAYD
VQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgxMDAwMzYxGTAX
BgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sO
ty3tRQgXstmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9M
CiBtnyN6tMbaLOQdLNyzKNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPu
I9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8JXrJhFwLrN1CTivngqIkicuQstDuI7pm
TLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16XdG+RCYyKfHx9WzMfgIh
C59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq4NYKpkDf
ePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3Yz
IoejwpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWT
Co/1VTp2lc5ZmIoJlXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1k
JWumIWmbat10TWuXekG9qxf5kBdIjzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5
hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp//TBt2dzhauH8XwIDAQABo4IB
GjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
FBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of
1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczov
L3d3d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilo
dHRwOi8vY3JsLmNlcnRpZ25hLmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYr
aHR0cDovL2NybC5kaGlteW90aXMuY29tL2NlcnRpZ25hcm9vdGNhLmNybDANBgkq
hkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOItOoldaDgvUSILSo3L
6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxPTGRG
HVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH6
0BGM+RFq7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncB
lA2c5uk5jR+mUYyZDDl34bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdi
o2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1
gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS6Cvu5zHbugRqh5jnxV/v
faci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaYtlu3zM63
Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayh
jWZSaX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw
3kAP+HwV96LOPNdeE4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0=
-----END CERTIFICATE-----

23
jdk/src/share/classes/com/sun/crypto/provider/DESKey.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,8 @@
package com.sun.crypto.provider;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.InvalidKeyException;
@ -40,7 +42,7 @@ import javax.crypto.spec.DESKeySpec;
final class DESKey implements SecretKey {
static final long serialVersionUID = 7724971015953279128L;
private static final long serialVersionUID = 7724971015953279128L;
private byte[] key;
@ -99,7 +101,7 @@ final class DESKey implements SecretKey {
for (int i = 1; i < this.key.length; i++) {
retval += this.key[i] * i;
}
return(retval ^= "des".hashCode());
return(retval ^ "des".hashCode());
}
public boolean equals(Object obj) {
@ -120,14 +122,23 @@ final class DESKey implements SecretKey {
}
/**
* readObject is called to restore the state of this key from
* a stream.
* Restores the state of this object from the stream.
*
* @param s the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(java.io.ObjectInputStream s)
throws java.io.IOException, ClassNotFoundException
throws IOException, ClassNotFoundException
{
s.defaultReadObject();
if ((key == null) || (key.length != DESKeySpec.DES_KEY_LEN)) {
throw new InvalidObjectException("Wrong key size");
}
key = key.clone();
DESKeyGenerator.setParityBit(key, 0);
}
/**

24
jdk/src/share/classes/com/sun/crypto/provider/DESedeKey.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,8 @@
package com.sun.crypto.provider;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.InvalidKeyException;
@ -40,7 +42,7 @@ import javax.crypto.spec.DESedeKeySpec;
final class DESedeKey implements SecretKey {
static final long serialVersionUID = 2463986565756745178L;
private static final long serialVersionUID = 2463986565756745178L;
private byte[] key;
@ -99,7 +101,7 @@ final class DESedeKey implements SecretKey {
for (int i = 1; i < this.key.length; i++) {
retval += this.key[i] * i;
}
return(retval ^= "desede".hashCode());
return(retval ^ "desede".hashCode());
}
public boolean equals(Object obj) {
@ -121,14 +123,24 @@ final class DESedeKey implements SecretKey {
}
/**
* readObject is called to restore the state of this key from
* a stream.
* Restores the state of this object from the stream.
*
* @param s the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(java.io.ObjectInputStream s)
throws java.io.IOException, ClassNotFoundException
throws IOException, ClassNotFoundException
{
s.defaultReadObject();
if ((key == null) || (key.length != DESedeKeySpec.DES_EDE_KEY_LEN)) {
throw new InvalidObjectException("Wrong key size");
}
key = key.clone();
DESKeyGenerator.setParityBit(key, 0);
DESKeyGenerator.setParityBit(key, 8);
DESKeyGenerator.setParityBit(key, 16);
}
/**

33
jdk/src/share/classes/com/sun/crypto/provider/DHPrivateKey.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -40,15 +40,13 @@ import sun.security.util.*;
* algorithm.
*
* @author Jan Luehe
*
*
* @see DHPublicKey
* @see java.security.KeyAgreement
*/
final class DHPrivateKey implements PrivateKey,
javax.crypto.interfaces.DHPrivateKey, Serializable {
static final long serialVersionUID = 7565477590005668886L;
private static final long serialVersionUID = 7565477590005668886L;
// only supported version of PKCS#8 PrivateKeyInfo
private static final BigInteger PKCS8_VERSION = BigInteger.ZERO;
@ -63,10 +61,10 @@ javax.crypto.interfaces.DHPrivateKey, Serializable {
private byte[] encodedKey;
// the prime modulus
private BigInteger p;
private final BigInteger p;
// the base generator
private BigInteger g;
private final BigInteger g;
// the private-value length (optional)
private int l;
@ -319,4 +317,27 @@ javax.crypto.interfaces.DHPrivateKey, Serializable {
getFormat(),
getEncoded());
}
/**
* Restores the state of this object from the stream.
* <p>
* JDK 1.5+ objects use <code>KeyRep</code>s instead.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if ((key == null) || (key.length == 0)) {
throw new InvalidObjectException("key not deserializable");
}
this.key = key.clone();
if ((encodedKey == null) || (encodedKey.length == 0)) {
throw new InvalidObjectException(
"encoded key not deserializable");
}
this.encodedKey = encodedKey.clone();
}
}

33
jdk/src/share/classes/com/sun/crypto/provider/DHPublicKey.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -40,15 +40,13 @@ import sun.security.util.*;
* A public key in X.509 format for the Diffie-Hellman key agreement algorithm.
*
* @author Jan Luehe
*
*
* @see DHPrivateKey
* @see java.security.KeyAgreement
*/
final class DHPublicKey implements PublicKey,
javax.crypto.interfaces.DHPublicKey, Serializable {
static final long serialVersionUID = 7647557958927458271L;
private static final long serialVersionUID = 7647557958927458271L;
// the public key
private BigInteger y;
@ -60,10 +58,10 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
private byte[] encodedKey;
// the prime modulus
private BigInteger p;
private final BigInteger p;
// the base generator
private BigInteger g;
private final BigInteger g;
// the private-value length (optional)
private int l;
@ -320,4 +318,27 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
getFormat(),
getEncoded());
}
/**
* Restores the state of this object from the stream.
* <p>
* JDK 1.5+ objects use <code>KeyRep</code>s instead.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if ((key == null) || (key.length == 0)) {
throw new InvalidObjectException("key not deserializable");
}
this.key = key.clone();
if ((encodedKey == null) || (encodedKey.length == 0)) {
throw new InvalidObjectException(
"encoded key not deserializable");
}
this.encodedKey = encodedKey.clone();
}
}

34
jdk/src/share/classes/com/sun/crypto/provider/PBEKey.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,8 @@
package com.sun.crypto.provider;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.spec.InvalidKeySpecException;
@ -41,11 +43,11 @@ import javax.crypto.spec.PBEKeySpec;
*/
final class PBEKey implements SecretKey {
static final long serialVersionUID = -2234768909660948176L;
private static final long serialVersionUID = -2234768909660948176L;
private byte[] key;
private String type;
private final String type;
/**
* Creates a PBE key from a given PBE key specification.
@ -94,7 +96,7 @@ final class PBEKey implements SecretKey {
for (int i = 1; i < this.key.length; i++) {
retval += this.key[i] * i;
}
return(retval ^= getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode());
return(retval ^ getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode());
}
public boolean equals(Object obj) {
@ -128,14 +130,32 @@ final class PBEKey implements SecretKey {
}
/**
* readObject is called to restore the state of this key from
* a stream.
* Restores the state of this object from the stream.
*
* @param s the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(java.io.ObjectInputStream s)
throws java.io.IOException, ClassNotFoundException
throws IOException, ClassNotFoundException
{
s.defaultReadObject();
if (key == null) {
throw new InvalidObjectException(
"PBEKey couldn't be deserialized");
}
key = key.clone();
// Accept "\0" to signify "zero-length password with no terminator".
if (!(key.length == 1 && key[0] == 0)) {
for (int i = 0; i < key.length; i++) {
if ((key[i] < '\u0020') || (key[i] > '\u007E')) {
throw new InvalidObjectException(
"PBEKey had non-ASCII chars");
}
}
}
}

40
jdk/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java
View File

@ -25,7 +25,7 @@
package com.sun.crypto.provider;
import java.io.ObjectStreamException;
import java.io.*;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
@ -52,14 +52,14 @@ import javax.crypto.spec.PBEKeySpec;
*/
final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
static final long serialVersionUID = -2234868909660948157L;
private static final long serialVersionUID = -2234868909660948157L;
private char[] passwd;
private byte[] salt;
private int iterCount;
private final byte[] salt;
private final int iterCount;
private byte[] key;
private Mac prf;
private final Mac prf;
private static byte[] getPasswordBytes(char[] passwd) {
Charset utf8 = Charset.forName("UTF-8");
@ -131,12 +131,13 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
int intR = keyLength - (intL - 1)*hlen; // residue
byte[] ui = new byte[hlen];
byte[] ti = new byte[hlen];
String algName = prf.getAlgorithm();
// SecretKeySpec cannot be used, since password can be empty here.
SecretKey macKey = new SecretKey() {
private static final long serialVersionUID = 7874493593505141603L;
@Override
public String getAlgorithm() {
return prf.getAlgorithm();
return algName;
}
@Override
public String getFormat() {
@ -149,18 +150,26 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
@Override
public int hashCode() {
return Arrays.hashCode(password) * 41 +
prf.getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode();
algName.toLowerCase(Locale.ENGLISH).hashCode();
}
@Override
public boolean equals(Object obj) {
if (this == obj) return true;
if (this.getClass() != obj.getClass()) return false;
SecretKey sk = (SecretKey)obj;
return prf.getAlgorithm().equalsIgnoreCase(
return algName.equalsIgnoreCase(
sk.getAlgorithm()) &&
MessageDigest.isEqual(password, sk.getEncoded());
}
// This derived key can't be deserialized.
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"PBKDF2KeyImpl SecretKeys are not " +
"directly deserializable");
}
};
prf.init(macKey);
byte[] ibytes = new byte[4];
@ -282,4 +291,19 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
super.finalize();
}
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this class is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"PBKDF2KeyImpl keys are not directly deserializable");
}
}

26
jdk/src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package com.sun.crypto.provider;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.*;
import java.security.spec.AlgorithmParameterSpec;
@ -59,11 +62,11 @@ public final class TlsMasterSecretGenerator extends KeyGeneratorSpi {
protected void engineInit(AlgorithmParameterSpec params,
SecureRandom random) throws InvalidAlgorithmParameterException {
if (params instanceof TlsMasterSecretParameterSpec == false) {
if (!(params instanceof TlsMasterSecretParameterSpec)) {
throw new InvalidAlgorithmParameterException(MSG);
}
this.spec = (TlsMasterSecretParameterSpec)params;
if ("RAW".equals(spec.getPremasterSecret().getFormat()) == false) {
if (!"RAW".equals(spec.getPremasterSecret().getFormat())) {
throw new InvalidAlgorithmParameterException(
"Key format must be RAW");
}
@ -182,6 +185,21 @@ public final class TlsMasterSecretGenerator extends KeyGeneratorSpi {
return key.clone();
}
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if ((key == null) || (key.length == 0)) {
throw new InvalidObjectException("TlsMasterSecretKey is null");
}
key = key.clone();
}
}
}

31
jdk/src/share/classes/com/sun/security/auth/LdapPrincipal.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package com.sun.security.auth;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.Principal;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
@ -136,4 +139,30 @@ public final class LdapPrincipal implements Principal, java.io.Serializable {
private LdapName getLdapName(String name) throws InvalidNameException {
return new LdapName(name);
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if ((name == null) || (nameString == null)) {
throw new InvalidObjectException(
"null name/nameString is illegal");
}
try {
if (!name.equals(getLdapName(nameString))) {
throw new InvalidObjectException("Inconsistent names");
}
} catch (InvalidNameException e) {
InvalidObjectException nse = new InvalidObjectException(
"Invalid Name");
nse.initCause(e);
throw nse;
}
}
}

29
jdk/src/share/classes/com/sun/security/auth/NTDomainPrincipal.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package com.sun.security.auth;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.Principal;
/**
@ -131,9 +134,7 @@ public class NTDomainPrincipal implements Principal, java.io.Serializable {
return false;
NTDomainPrincipal that = (NTDomainPrincipal)o;
if (name.equals(that.getName()))
return true;
return false;
return name.equals(that.getName());
}
/**
@ -146,4 +147,24 @@ public class NTDomainPrincipal implements Principal, java.io.Serializable {
public int hashCode() {
return this.getName().hashCode();
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (name == null) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("invalid.null.input.value",
"sun.security.util.AuthResources"));
Object[] source = {"name"};
throw new InvalidObjectException(form.format(source));
}
}
}

38
jdk/src/share/classes/com/sun/security/auth/NTSid.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package com.sun.security.auth;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.Principal;
/**
@ -85,7 +88,7 @@ public class NTSid implements Principal, java.io.Serializable {
("Invalid.NTSid.value",
"sun.security.util.AuthResources"));
}
sid = new String(stringSid);
sid = stringSid;
}
/**
@ -140,10 +143,7 @@ public class NTSid implements Principal, java.io.Serializable {
return false;
NTSid that = (NTSid)o;
if (sid.equals(that.sid)) {
return true;
}
return false;
return sid.equals(that.sid);
}
/**
@ -156,4 +156,30 @@ public class NTSid implements Principal, java.io.Serializable {
public int hashCode() {
return sid.hashCode();
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (sid == null) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("invalid.null.input.value",
"sun.security.util.AuthResources"));
Object[] source = {"stringSid"};
throw new InvalidObjectException(form.format(source));
}
if (sid.length() == 0) {
throw new InvalidObjectException
(sun.security.util.ResourcesMgr.getString
("Invalid.NTSid.value",
"sun.security.util.AuthResources"));
}
}
}

30
jdk/src/share/classes/com/sun/security/auth/NTUserPrincipal.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package com.sun.security.auth;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.Principal;
/**
@ -125,9 +128,7 @@ public class NTUserPrincipal implements Principal, java.io.Serializable {
return false;
NTUserPrincipal that = (NTUserPrincipal)o;
if (name.equals(that.getName()))
return true;
return false;
return name.equals(that.getName());
}
/**
@ -140,4 +141,25 @@ public class NTUserPrincipal implements Principal, java.io.Serializable {
public int hashCode() {
return this.getName().hashCode();
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (name == null) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("invalid.null.input.value",
"sun.security.util.AuthResources"));
Object[] source = {"name"};
throw new InvalidObjectException(form.format(source));
}
}
}

31
jdk/src/share/classes/com/sun/security/auth/UnixNumericGroupPrincipal.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package com.sun.security.auth;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.Principal;
/**
@ -201,10 +204,8 @@ public class UnixNumericGroupPrincipal implements
return false;
UnixNumericGroupPrincipal that = (UnixNumericGroupPrincipal)o;
if (this.getName().equals(that.getName()) &&
this.isPrimaryGroup() == that.isPrimaryGroup())
return true;
return false;
return this.getName().equals(that.getName()) &&
this.isPrimaryGroup() == that.isPrimaryGroup();
}
/**
@ -217,4 +218,24 @@ public class UnixNumericGroupPrincipal implements
public int hashCode() {
return toString().hashCode();
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (name == null) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("invalid.null.input.value",
"sun.security.util.AuthResources"));
Object[] source = {"name"};
throw new InvalidObjectException(form.format(source));
}
}
}

29
jdk/src/share/classes/com/sun/security/auth/UnixNumericUserPrincipal.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package com.sun.security.auth;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.Principal;
/**
@ -161,9 +164,7 @@ public class UnixNumericUserPrincipal implements
return false;
UnixNumericUserPrincipal that = (UnixNumericUserPrincipal)o;
if (this.getName().equals(that.getName()))
return true;
return false;
return this.getName().equals(that.getName());
}
/**
@ -176,4 +177,24 @@ public class UnixNumericUserPrincipal implements
public int hashCode() {
return name.hashCode();
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (name == null) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("invalid.null.input.value",
"sun.security.util.AuthResources"));
Object[] source = {"name"};
throw new InvalidObjectException(form.format(source));
}
}
}

29
jdk/src/share/classes/com/sun/security/auth/UnixPrincipal.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package com.sun.security.auth;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.Principal;
/**
@ -126,9 +129,7 @@ public class UnixPrincipal implements Principal, java.io.Serializable {
return false;
UnixPrincipal that = (UnixPrincipal)o;
if (this.getName().equals(that.getName()))
return true;
return false;
return this.getName().equals(that.getName());
}
/**
@ -141,4 +142,24 @@ public class UnixPrincipal implements Principal, java.io.Serializable {
public int hashCode() {
return name.hashCode();
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (name == null) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("invalid.null.input.value",
"sun.security.util.AuthResources"));
Object[] source = {"name"};
throw new InvalidObjectException(form.format(source));
}
}
}

20
jdk/src/share/classes/com/sun/security/auth/UserPrincipal.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package com.sun.security.auth;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.Principal;
/**
@ -110,4 +113,19 @@ public final class UserPrincipal implements Principal, java.io.Serializable {
public String toString() {
return name;
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (name == null) {
throw new InvalidObjectException("null name is illegal");
}
}
}

15
jdk/src/share/classes/java/security/CodeSigner.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -156,9 +156,9 @@ public final class CodeSigner implements Serializable {
public String toString() {
StringBuffer sb = new StringBuffer();
sb.append("(");
sb.append("Signer: " + signerCertPath.getCertificates().get(0));
sb.append("Signer: ").append(signerCertPath.getCertificates().get(0));
if (timestamp != null) {
sb.append("timestamp: " + timestamp);
sb.append("timestamp: ").append(timestamp);
}
sb.append(")");
return sb.toString();
@ -166,8 +166,11 @@ public final class CodeSigner implements Serializable {
// Explicitly reset hash code value to -1
private void readObject(ObjectInputStream ois)
throws IOException, ClassNotFoundException {
ois.defaultReadObject();
myhash = -1;
throws IOException, ClassNotFoundException {
ois.defaultReadObject();
if (signerCertPath == null) {
throw new InvalidObjectException("signerCertPath is null");
}
myhash = -1;
}
}

11
jdk/src/share/classes/java/security/cert/CertPathHelperImpl.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,12 +25,10 @@
package java.security.cert;
import java.util.*;
import java.util.Date;
import sun.security.provider.certpath.CertPathHelper;
import sun.security.x509.GeneralNameInterface;
/**
* Helper class that allows the Sun CertPath provider to access
* implementation dependent APIs in CertPath framework.
@ -55,11 +53,6 @@ class CertPathHelperImpl extends CertPathHelper {
}
}
protected void implSetPathToNames(X509CertSelector sel,
Set<GeneralNameInterface> names) {
sel.setPathToNamesInternal(names);
}
protected void implSetDateAndTime(X509CRLSelector sel, Date date, long skew) {
sel.setDateAndTime(date, skew);
}

14
jdk/src/share/classes/java/security/cert/X509CertSelector.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -90,10 +90,6 @@ public class X509CertSelector implements CertSelector {
private final static ObjectIdentifier ANY_EXTENDED_KEY_USAGE =
ObjectIdentifier.newInternal(new int[] {2, 5, 29, 37, 0});
static {
CertPathHelperImpl.initialize();
}
private BigInteger serialNumber;
private X500Principal issuer;
private X500Principal subject;
@ -1177,14 +1173,6 @@ public class X509CertSelector implements CertSelector {
}
}
// called from CertPathHelper
void setPathToNamesInternal(Set<GeneralNameInterface> names) {
// set names to non-null dummy value
// this breaks getPathToNames()
pathToNames = Collections.<List<?>>emptySet();
pathToGeneralNames = names;
}
/**
* Adds a name to the pathToNames criterion. The {@code X509Certificate}
* must not include name constraints that would prohibit building a

26
jdk/src/share/classes/javax/crypto/spec/SecretKeySpec.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package javax.crypto.spec;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.MessageDigest;
import java.security.spec.KeySpec;
import java.util.Locale;
@ -234,4 +237,25 @@ public class SecretKeySpec implements KeySpec, SecretKey {
return MessageDigest.isEqual(this.key, thatKey);
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (key == null || algorithm == null) {
throw new InvalidObjectException("Missing argument");
}
this.key = key.clone();
if (key.length == 0) {
throw new InvalidObjectException("Invalid key length");
}
}
}

51
jdk/src/share/classes/javax/security/auth/callback/ChoiceCallback.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,10 @@
package javax.security.auth.callback;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
/**
* <p> Underlying security services instantiate and pass a
* {@code ChoiceCallback} to the {@code handle}
@ -46,7 +50,7 @@ public class ChoiceCallback implements Callback, java.io.Serializable {
* @serial the list of choices
* @since 1.4
*/
private final String[] choices;
private String[] choices;
/**
* @serial the choice to be used as the default choice
* @since 1.4
@ -103,15 +107,15 @@ public class ChoiceCallback implements Callback, java.io.Serializable {
defaultChoice < 0 || defaultChoice >= choices.length)
throw new IllegalArgumentException();
this.prompt = prompt;
this.defaultChoice = defaultChoice;
this.multipleSelectionsAllowed = multipleSelectionsAllowed;
this.choices = choices.clone();
for (int i = 0; i < choices.length; i++) {
if (choices[i] == null || choices[i].length() == 0)
throw new IllegalArgumentException();
}
this.prompt = prompt;
this.choices = choices.clone();
this.defaultChoice = defaultChoice;
this.multipleSelectionsAllowed = multipleSelectionsAllowed;
}
/**
@ -208,4 +212,37 @@ public class ChoiceCallback implements Callback, java.io.Serializable {
public int[] getSelectedIndexes() {
return selections == null ? null : selections.clone();
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if ((prompt == null) || prompt.isEmpty() ||
(choices == null) || (choices.length == 0) ||
(defaultChoice < 0) || (defaultChoice >= choices.length)) {
throw new InvalidObjectException(
"Missing/invalid prompt/choices");
}
choices = choices.clone();
for (int i = 0; i < choices.length; i++) {
if ((choices[i] == null) || choices[i].isEmpty())
throw new InvalidObjectException("Null/empty choices");
}
if (selections != null) {
selections = selections.clone();
if (!multipleSelectionsAllowed && (selections.length != 1)) {
throw new InvalidObjectException(
"Multiple selections not allowed");
}
}
}
}

46
jdk/src/share/classes/javax/security/auth/callback/ConfirmationCallback.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package javax.security.auth.callback;
import java.io.IOException;
import java.io.ObjectInputStream;
/**
* <p> Underlying security services instantiate and pass a
* {@code ConfirmationCallback} to the {@code handle}
@ -145,7 +148,7 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
* @serial
* @since 1.4
*/
private final String[] options;
private String[] options;
/**
* @serial
* @since 1.4
@ -253,16 +256,16 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
defaultOption < 0 || defaultOption >= options.length)
throw new IllegalArgumentException();
this.prompt = null;
this.messageType = messageType;
this.optionType = UNSPECIFIED_OPTION;
this.defaultOption = defaultOption;
this.options = options.clone();
for (int i = 0; i < options.length; i++) {
if (options[i] == null || options[i].length() == 0)
throw new IllegalArgumentException();
}
this.prompt = null;
this.messageType = messageType;
this.optionType = UNSPECIFIED_OPTION;
this.options = options.clone();
this.defaultOption = defaultOption;
}
/**
@ -376,16 +379,16 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
defaultOption < 0 || defaultOption >= options.length)
throw new IllegalArgumentException();
this.prompt = prompt;
this.messageType = messageType;
this.optionType = UNSPECIFIED_OPTION;
this.defaultOption = defaultOption;
this.options = options.clone();
for (int i = 0; i < options.length; i++) {
if (options[i] == null || options[i].length() == 0)
throw new IllegalArgumentException();
}
this.prompt = prompt;
this.messageType = messageType;
this.optionType = UNSPECIFIED_OPTION;
this.options = options.clone();
this.defaultOption = defaultOption;
}
/**
@ -505,4 +508,19 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
public int getSelectedIndex() {
return selection;
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (options != null) {
options = options.clone();
}
}
}

62
jdk/src/share/classes/javax/security/auth/callback/PasswordCallback.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,12 @@
package javax.security.auth.callback;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.util.Arrays;
import sun.misc.Cleaner;
/**
* <p> Underlying security services instantiate and pass a
* {@code PasswordCallback} to the {@code handle}
@ -40,18 +46,22 @@ public class PasswordCallback implements Callback, java.io.Serializable {
* @serial
* @since 1.4
*/
private String prompt;
private final String prompt;
/**
* @serial
* @since 1.4
*/
private boolean echoOn;
private final boolean echoOn;
/**
* @serial
* @since 1.4
*/
private char[] inputPassword;
private transient Cleaner cleaner;
/**
* Construct a {@code PasswordCallback} with a prompt
* and a boolean specifying whether the password should be displayed
@ -112,7 +122,18 @@ public class PasswordCallback implements Callback, java.io.Serializable {
* @see #getPassword
*/
public void setPassword(char[] password) {
// Cleanup the last buffered password copy.
if (cleaner != null) {
cleaner.clean();
cleaner = null;
}
// Set the retrieved password.
this.inputPassword = (password == null ? null : password.clone());
if (this.inputPassword != null) {
cleaner = Cleaner.create(this, cleanerFor(inputPassword));
}
}
/**
@ -134,9 +155,38 @@ public class PasswordCallback implements Callback, java.io.Serializable {
* Clear the retrieved password.
*/
public void clearPassword() {
if (inputPassword != null) {
for (int i = 0; i < inputPassword.length; i++)
inputPassword[i] = ' ';
// Cleanup the last retrieved password copy.
if (cleaner != null) {
cleaner.clean();
cleaner = null;
}
}
private static Runnable cleanerFor(char[] password) {
return () -> {
Arrays.fill(password, ' ');
};
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (prompt == null || prompt.isEmpty()) {
throw new InvalidObjectException("Missing prompt");
}
if (inputPassword != null) {
inputPassword = inputPassword.clone();
cleaner = Cleaner.create(this, cleanerFor(inputPassword));
}
}
}

19
jdk/src/share/classes/sun/security/ec/ECPrivateKeyImpl.java
View File

@ -26,6 +26,8 @@
package sun.security.ec;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.math.BigInteger;
import java.security.*;
@ -43,7 +45,7 @@ import sun.security.pkcs.PKCS8Key;
/**
* Key implementation for EC private keys.
*
* <p>
* ASN.1 syntax for EC private keys from SEC 1 v1.5 (draft):
*
* <pre>
@ -213,4 +215,19 @@ public final class ECPrivateKeyImpl extends PKCS8Key implements ECPrivateKey {
throw new InvalidKeyException("Invalid EC private key", e);
}
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"ECPrivateKeyImpl keys are not directly deserializable");
}
}

21
jdk/src/share/classes/sun/security/ec/ECPublicKeyImpl.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,6 +27,8 @@ package sun.security.ec;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.*;
import java.security.interfaces.*;
import java.security.spec.*;
@ -122,10 +124,25 @@ public final class ECPublicKeyImpl extends X509Key implements ECPublicKey {
+ "\n parameters: " + params;
}
protected Object writeReplace() throws java.io.ObjectStreamException {
private Object writeReplace() throws java.io.ObjectStreamException {
return new KeyRep(KeyRep.Type.PUBLIC,
getAlgorithm(),
getFormat(),
getEncoded());
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"ECPublicKeyImpl keys are not directly deserializable");
}
}

21
jdk/src/share/classes/sun/security/pkcs11/Token.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -416,11 +416,26 @@ class Token implements Serializable {
private Object writeReplace() throws ObjectStreamException {
if (isValid() == false) {
throw new NotSerializableException("Token has been removed");
throw new InvalidObjectException("Token has been removed");
}
return new TokenRep(this);
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"Tokens are not directly deserializable");
}
// serialized representation of a token
// tokens can only be de-serialized within the same VM invocation
// and if the token has not been removed in the meantime
@ -443,7 +458,7 @@ class Token implements Serializable {
}
}
}
throw new NotSerializableException("Could not find token");
throw new InvalidObjectException("Could not find token");
}
}

26
jdk/src/share/classes/sun/security/provider/DSAPublicKeyImpl.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,17 +25,20 @@
package sun.security.provider;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.math.BigInteger;
import java.security.KeyRep;
import java.security.InvalidKeyException;
/**
* An X.509 public key for the Digital Signature Algorithm.
*
* <p>
* The difference between DSAPublicKeyImpl and DSAPublicKey is that
* DSAPublicKeyImpl calls writeReplace with KeyRep, and DSAPublicKey
* calls writeObject.
*
* <p>
* See the comments in DSAKeyFactory, 4532506, and 6232513.
*
*/
@ -70,10 +73,25 @@ public final class DSAPublicKeyImpl extends DSAPublicKey {
super(encoded);
}
protected Object writeReplace() throws java.io.ObjectStreamException {
private Object writeReplace() throws java.io.ObjectStreamException {
return new KeyRep(KeyRep.Type.PUBLIC,
getAlgorithm(),
getFormat(),
getEncoded());
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"DSAPublicKeyImpl keys are not directly deserializable");
}
}

30
jdk/src/share/classes/sun/security/provider/PolicyFile.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -2214,8 +2214,17 @@ public class PolicyFile extends java.security.Policy {
this.actions.equals(that.actions)))
return false;
if (this.certs.length != that.certs.length)
if ((this.certs == null) && (that.certs == null)) {
return true;
}
if ((this.certs == null) || (that.certs == null)) {
return false;
}
if (this.certs.length != that.certs.length) {
return false;
}
int i,j;
boolean match;
@ -2285,7 +2294,7 @@ public class PolicyFile extends java.security.Policy {
}
public Certificate[] getCerts() {
return certs;
return (certs == null ? null : certs.clone());
}
/**
@ -2298,6 +2307,21 @@ public class PolicyFile extends java.security.Policy {
@Override public String toString() {
return "(SelfPermission " + type + " " + name + " " + actions + ")";
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (certs != null) {
this.certs = certs.clone();
}
}
}
/**

54
jdk/src/share/classes/sun/security/provider/SecureRandom.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,6 +26,7 @@
package sun.security.provider;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.security.MessageDigest;
import java.security.SecureRandomSpi;
import java.security.NoSuchAlgorithmException;
@ -186,7 +187,7 @@ implements java.io.Serializable {
/**
* This static object will be seeded by SeedGenerator, and used
* to seed future instances of SHA1PRNG SecureRandoms.
*
* <p>
* Bloch, Effective Java Second Edition: Item 71
*/
private static class SeederHolder {
@ -261,17 +262,23 @@ implements java.io.Serializable {
}
/*
* readObject is called to restore the state of the random object from
* a stream. We have to create a new instance of MessageDigest, because
* This method is called to restore the state of the random object from
* a stream.
* <p>
* We have to create a new instance of {@code MessageDigest}, because
* it is not included in the stream (it is marked "transient").
*
* Note that the engineNextBytes() method invoked on the restored random
* object will yield the exact same (random) bytes as the original.
* <p>
* Note that the {@code engineNextBytes()} method invoked on the restored
* random object will yield the exact same (random) bytes as the original.
* If you do not want this behaviour, you should re-seed the restored
* random object, using engineSetSeed().
* random object, using {@code engineSetSeed()}.
*
* @param s the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(java.io.ObjectInputStream s)
throws IOException, ClassNotFoundException {
throws IOException, ClassNotFoundException {
s.defaultReadObject ();
@ -290,5 +297,34 @@ implements java.io.Serializable {
"internal error: SHA-1 not available.", exc);
}
}
// Various consistency checks
if ((remainder == null) && (remCount > 0)) {
throw new InvalidObjectException(
"Remainder indicated, but no data available");
}
// Not yet allocated state
if (state == null) {
if (remainder == null) {
return;
} else {
throw new InvalidObjectException(
"Inconsistent buffer allocations");
}
}
// Sanity check on sizes/pointer
if ((state.length != DIGEST_SIZE) ||
((remainder != null) && (remainder.length != DIGEST_SIZE)) ||
(remCount < 0 ) || (remCount >= DIGEST_SIZE)) {
throw new InvalidObjectException(
"Inconsistent buffer sizes/state");
}
state = state.clone();
if (remainder != null) {
remainder = remainder.clone();
}
}
}

14
jdk/src/share/classes/sun/security/provider/certpath/CertPathHelper.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,14 +26,10 @@
package sun.security.provider.certpath;
import java.util.Date;
import java.util.Set;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509CRLSelector;
import sun.security.x509.GeneralNameInterface;
/**
* Helper class that allows access to JDK specific known-public methods in the
* java.security.cert package. It relies on a subclass in the
@ -55,18 +51,10 @@ public abstract class CertPathHelper {
// empty
}
protected abstract void implSetPathToNames(X509CertSelector sel,
Set<GeneralNameInterface> names);
protected abstract void implSetDateAndTime(X509CRLSelector sel, Date date, long skew);
protected abstract boolean implIsJdkCA(TrustAnchor anchor);
static void setPathToNames(X509CertSelector sel,
Set<GeneralNameInterface> names) {
instance.implSetPathToNames(sel, names);
}
public static void setDateAndTime(X509CRLSelector sel, Date date, long skew) {
instance.implSetDateAndTime(sel, date, skew);
}

65
jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java
View File

@ -48,7 +48,6 @@ import sun.security.x509.AccessDescription;
import sun.security.x509.AuthorityInfoAccessExtension;
import sun.security.x509.AuthorityKeyIdentifierExtension;
import static sun.security.x509.PKIXExtensions.*;
import sun.security.x509.SubjectAlternativeNameExtension;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
@ -258,14 +257,6 @@ class ForwardBuilder extends Builder {
*/
caSelector.setSubject(currentState.issuerDN);
/*
* Match on subjectNamesTraversed (both DNs and AltNames)
* (checks that current cert's name constraints permit it
* to certify all the DNs and AltNames that have been traversed)
*/
CertPathHelper.setPathToNames
(caSelector, currentState.subjectNamesTraversed);
/*
* check the validity period
*/
@ -704,19 +695,6 @@ class ForwardBuilder extends Builder {
// Don't bother to verify untrusted certificate more.
currState.untrustedChecker.check(cert, Collections.<String>emptySet());
/*
* Abort if we encounter the same certificate or a certificate with
* the same public key, subject DN, and subjectAltNames as a cert
* that is already in path.
*/
for (X509Certificate cpListCert : certPathList) {
if (repeated(cpListCert, cert)) {
throw new CertPathValidatorException(
"cert with repeated subject, public key, and " +
"subjectAltNames detected");
}
}
/* check if trusted cert */
boolean isTrustedCert = trustedCerts.contains(cert);
@ -794,49 +772,6 @@ class ForwardBuilder extends Builder {
}
}
/**
* Return true if two certificates are equal or have the same subject,
* public key, and subject alternative names.
*/
private static boolean repeated(
X509Certificate currCert, X509Certificate nextCert) {
if (currCert.equals(nextCert)) {
return true;
}
return (currCert.getSubjectX500Principal().equals(
nextCert.getSubjectX500Principal()) &&
currCert.getPublicKey().equals(nextCert.getPublicKey()) &&
altNamesEqual(currCert, nextCert));
}
/**
* Return true if two certificates have the same subject alternative names.
*/
private static boolean altNamesEqual(
X509Certificate currCert, X509Certificate nextCert) {
X509CertImpl curr, next;
try {
curr = X509CertImpl.toImpl(currCert);
next = X509CertImpl.toImpl(nextCert);
} catch (CertificateException ce) {
return false;
}
SubjectAlternativeNameExtension currAltNameExt =
curr.getSubjectAlternativeNameExtension();
SubjectAlternativeNameExtension nextAltNameExt =
next.getSubjectAlternativeNameExtension();
if (currAltNameExt != null) {
if (nextAltNameExt == null) {
return false;
}
return Arrays.equals(currAltNameExt.getExtensionValue(),
nextAltNameExt.getExtensionValue());
} else {
return (nextAltNameExt == null);
}
}
/**
* Verifies whether the input certificate completes the path.
* First checks the cert against each trust anchor that was specified,

50
jdk/src/share/classes/sun/security/provider/certpath/ForwardState.java
View File

@ -31,17 +31,11 @@ import java.security.cert.CertPathValidatorException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.ListIterator;
import javax.security.auth.x500.X500Principal;
import sun.security.util.Debug;
import sun.security.x509.SubjectAlternativeNameExtension;
import sun.security.x509.GeneralNames;
import sun.security.x509.GeneralName;
import sun.security.x509.GeneralNameInterface;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
/**
@ -61,9 +55,6 @@ class ForwardState implements State {
/* The last cert in the path */
X509CertImpl cert;
/* The set of subjectDNs and subjectAltNames of all certs in the path */
HashSet<GeneralNameInterface> subjectNamesTraversed;
/*
* The number of intermediate CA certs which have been traversed so
* far in the path
@ -73,7 +64,6 @@ class ForwardState implements State {
/* Flag indicating if state is initial (path is just starting) */
private boolean init = true;
/* the untrusted certificates checker */
UntrustedChecker untrustedChecker;
@ -104,8 +94,6 @@ class ForwardState implements State {
sb.append("\n issuerDN of last cert: ").append(issuerDN);
sb.append("\n traversedCACerts: ").append(traversedCACerts);
sb.append("\n init: ").append(String.valueOf(init));
sb.append("\n subjectNamesTraversed: \n").append
(subjectNamesTraversed);
sb.append("\n selfIssued: ").append
(String.valueOf(selfIssued));
sb.append("]\n");
@ -120,7 +108,6 @@ class ForwardState implements State {
public void initState(List<PKIXCertPathChecker> certPathCheckers)
throws CertPathValidatorException
{
subjectNamesTraversed = new HashSet<GeneralNameInterface>();
traversedCACerts = 0;
/*
@ -170,32 +157,6 @@ class ForwardState implements State {
}
}
/* update subjectNamesTraversed only if this is the EE cert or if
this cert is not self-issued */
if (init || !selfIssued) {
X500Principal subjName = cert.getSubjectX500Principal();
subjectNamesTraversed.add(X500Name.asX500Name(subjName));
try {
SubjectAlternativeNameExtension subjAltNameExt
= icert.getSubjectAlternativeNameExtension();
if (subjAltNameExt != null) {
GeneralNames gNames = subjAltNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
for (GeneralName gName : gNames.names()) {
subjectNamesTraversed.add(gName.getName());
}
}
} catch (IOException e) {
if (debug != null) {
debug.println("ForwardState.updateState() unexpected "
+ "exception");
e.printStackTrace();
}
throw new CertPathValidatorException(e);
}
}
init = false;
}
@ -203,10 +164,6 @@ class ForwardState implements State {
* Clone current state. The state is cloned as each cert is
* added to the path. This is necessary if backtracking occurs,
* and a prior state needs to be restored.
*
* Note that this is a SMART clone. Not all fields are fully copied,
* because some of them will
* not have their contents modified by subsequent calls to updateState.
*/
@Override
@SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly
@ -226,13 +183,6 @@ class ForwardState implements State {
}
}
/*
* Shallow copy traversed names. There is no need to
* deep copy contents, since the elements of the Set
* are never modified by subsequent calls to updateState().
*/
clonedState.subjectNamesTraversed
= (HashSet<GeneralNameInterface>)subjectNamesTraversed.clone();
return clonedState;
} catch (CloneNotSupportedException e) {
throw new InternalError(e.toString(), e);

121
jdk/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java
View File

@ -33,6 +33,7 @@ import java.security.cert.*;
import java.security.cert.CertPathValidatorException.BasicReason;
import java.security.cert.PKIXReason;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
@ -42,6 +43,7 @@ import javax.security.auth.x500.X500Principal;
import sun.security.provider.certpath.PKIX.BuilderParams;
import static sun.security.x509.PKIXExtensions.*;
import sun.security.x509.SubjectAlternativeNameExtension;
import sun.security.x509.X509CertImpl;
import sun.security.util.Debug;
@ -265,7 +267,7 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
*/
Collection<X509Certificate> certs =
builder.getMatchingCerts(currentState, buildParams.certStores());
List<Vertex> vertices = addVertices(certs, adjList);
List<Vertex> vertices = addVertices(certs, adjList, cpList);
if (debug != null) {
debug.println("SunCertPathBuilder.depthFirstSearchForward(): "
+ "certs.size=" + vertices.size());
@ -325,33 +327,9 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
* cert (which is signed by the trusted public key), but
* don't add it yet to the cpList
*/
if (builder.trustAnchor.getTrustedCert() == null) {
appendedCerts.add(0, cert);
}
Set<String> initExpPolSet =
Collections.singleton(PolicyChecker.ANY_POLICY);
PolicyNodeImpl rootNode = new PolicyNodeImpl(null,
PolicyChecker.ANY_POLICY, null, false, initExpPolSet, false);
List<PKIXCertPathChecker> checkers = new ArrayList<>();
PolicyChecker policyChecker
= new PolicyChecker(buildParams.initialPolicies(),
appendedCerts.size(),
buildParams.explicitPolicyRequired(),
buildParams.policyMappingInhibited(),
buildParams.anyPolicyInhibited(),
buildParams.policyQualifiersRejected(),
rootNode);
checkers.add(policyChecker);
// add the algorithm checker
checkers.add(new AlgorithmChecker(builder.trustAnchor,
buildParams.timestamp(), buildParams.variant()));
PublicKey rootKey = cert.getPublicKey();
if (builder.trustAnchor.getTrustedCert() == null) {
appendedCerts.add(0, cert);
rootKey = builder.trustAnchor.getCAPublicKey();
if (debug != null)
debug.println(
@ -363,11 +341,35 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
(cert.getSubjectX500Principal(), rootKey, null);
// add the basic checker
List<PKIXCertPathChecker> checkers = new ArrayList<>();
BasicChecker basicChecker = new BasicChecker(anchor,
buildParams.date(),
buildParams.sigProvider(),
true);
checkers.add(basicChecker);
Set<String> initExpPolSet =
Collections.singleton(PolicyChecker.ANY_POLICY);
PolicyNodeImpl rootNode = new PolicyNodeImpl(null,
PolicyChecker.ANY_POLICY, null, false, initExpPolSet, false);
PolicyChecker policyChecker
= new PolicyChecker(buildParams.initialPolicies(),
appendedCerts.size(),
buildParams.explicitPolicyRequired(),
buildParams.policyMappingInhibited(),
buildParams.anyPolicyInhibited(),
buildParams.policyQualifiersRejected(),
rootNode);
checkers.add(policyChecker);
// add the constraints checker
checkers.add(new ConstraintsChecker(appendedCerts.size()));
// add the algorithm checker
checkers.add(new AlgorithmChecker(builder.trustAnchor,
buildParams.timestamp(), buildParams.variant()));
buildParams.setCertPath(cf.generateCertPath(appendedCerts));
@ -563,18 +565,79 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
* adjacency list.
*/
private static List<Vertex> addVertices(Collection<X509Certificate> certs,
List<List<Vertex>> adjList)
List<List<Vertex>> adjList,
List<X509Certificate> cpList)
{
List<Vertex> l = adjList.get(adjList.size() - 1);
for (X509Certificate cert : certs) {
Vertex v = new Vertex(cert);
l.add(v);
boolean repeated = false;
for (X509Certificate cpListCert : cpList) {
/*
* Ignore if we encounter the same certificate or a
* certificate with the same public key, subject DN, and
* subjectAltNames as a cert that is already in path.
*/
if (repeated(cpListCert, cert)) {
if (debug != null) {
debug.println("cert with repeated subject, " +
"public key, and subjectAltNames detected");
}
repeated = true;
break;
}
}
if (!repeated) {
l.add(new Vertex(cert));
}
}
return l;
}
/**
* Return true if two certificates are equal or have the same subject,
* public key, and subject alternative names.
*/
private static boolean repeated(
X509Certificate currCert, X509Certificate nextCert) {
if (currCert.equals(nextCert)) {
return true;
}
return (currCert.getSubjectX500Principal().equals(
nextCert.getSubjectX500Principal()) &&
currCert.getPublicKey().equals(nextCert.getPublicKey()) &&
altNamesEqual(currCert, nextCert));
}
/**
* Return true if two certificates have the same subject alternative names.
*/
private static boolean altNamesEqual(
X509Certificate currCert, X509Certificate nextCert) {
X509CertImpl curr, next;
try {
curr = X509CertImpl.toImpl(currCert);
next = X509CertImpl.toImpl(nextCert);
} catch (CertificateException ce) {
return false;
}
SubjectAlternativeNameExtension currAltNameExt =
curr.getSubjectAlternativeNameExtension();
SubjectAlternativeNameExtension nextAltNameExt =
next.getSubjectAlternativeNameExtension();
if (currAltNameExt != null) {
if (nextAltNameExt == null) {
return false;
}
return Arrays.equals(currAltNameExt.getExtensionValue(),
nextAltNameExt.getExtensionValue());
} else {
return (nextAltNameExt == null);
}
}
/**
* Returns true if trust anchor certificate matches specified
* certificate constraints.

22
jdk/src/share/classes/sun/security/provider/certpath/X509CertPath.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,10 +25,7 @@
package sun.security.provider.certpath;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.*;
import java.security.cert.CertificateEncodingException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
@ -394,4 +391,19 @@ public class X509CertPath extends CertPath {
public List<X509Certificate> getCertificates() {
return certs;
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"X509CertPaths are not directly deserializable");
}
}

21
jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,6 +26,8 @@
package sun.security.rsa;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.math.BigInteger;
import java.security.*;
@ -43,7 +45,7 @@ import static sun.security.rsa.RSAUtil.KeyType;
* RSA private key implementation for "RSA", "RSASSA-PSS" algorithms in CRT form.
* For non-CRT private keys, see RSAPrivateKeyImpl. We need separate classes
* to ensure correct behavior in instanceof checks, etc.
*
* <p>
* Note: RSA keys must be at least 512 bits long
*
* @see RSAPrivateKeyImpl
@ -291,4 +293,19 @@ public final class RSAPrivateCrtKeyImpl
throw new InvalidKeyException("Invalid RSA private key", e);
}
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"RSAPrivateCrtKeyImpl keys are not directly deserializable");
}
}

28
jdk/src/share/classes/sun/security/rsa/RSAPrivateKeyImpl.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,6 +26,8 @@
package sun.security.rsa;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.math.BigInteger;
import java.security.*;
@ -38,10 +40,11 @@ import sun.security.pkcs.PKCS8Key;
/**
* RSA private key implementation for "RSA", "RSASSA-PSS" algorithms in non-CRT
* form (modulus, private exponent only). For CRT private keys, see
* RSAPrivateCrtKeyImpl. We need separate classes to ensure correct behavior
* in instanceof checks, etc.
*
* form (modulus, private exponent only).
* <p>
* For CRT private keys, see RSAPrivateCrtKeyImpl. We need separate classes
* to ensure correct behavior in instanceof checks, etc.
* <p>
* Note: RSA keys must be at least 512 bits long
*
* @see RSAPrivateCrtKeyImpl
@ -127,4 +130,19 @@ public final class RSAPrivateKeyImpl extends PKCS8Key implements RSAPrivateKey {
+ " bits" + "\n params: " + keyParams + "\n modulus: " + n
+ "\n private exponent: " + d;
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"RSAPrivateKeyImpl keys are not directly deserializable");
}
}

23
jdk/src/share/classes/sun/security/rsa/RSAPublicKeyImpl.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,6 +26,8 @@
package sun.security.rsa;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.math.BigInteger;
import java.security.*;
@ -40,7 +42,7 @@ import static sun.security.rsa.RSAUtil.KeyType;
/**
* RSA public key implementation for "RSA", "RSASSA-PSS" algorithms.
*
* <p>
* Note: RSA keys must be at least 512 bits long
*
* @see RSAPrivateCrtKeyImpl
@ -198,10 +200,25 @@ public final class RSAPublicKeyImpl extends X509Key implements RSAPublicKey {
+ "\n public exponent: " + e;
}
protected Object writeReplace() throws java.io.ObjectStreamException {
private Object writeReplace() throws java.io.ObjectStreamException {
return new KeyRep(KeyRep.Type.PUBLIC,
getAlgorithm(),
getFormat(),
getEncoded());
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"RSAPublicKeyImpl keys are not directly deserializable");
}
}

29
jdk/src/share/classes/sun/security/x509/X509CertImpl.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,13 +25,7 @@
package sun.security.x509;
import java.io.BufferedReader;
import java.io.BufferedInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.*;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.AlgorithmParameterSpec;
@ -679,7 +673,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
/**
* Return the requested attribute from the certificate.
*
* <p>
* Note that the X509CertInfo is not cloned for performance reasons.
* Callers must ensure that they do not modify it. All other
* attributes are cloned.
@ -1597,7 +1591,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
for (GeneralName gname : names.names()) {
GeneralNameInterface name = gname.getName();
List<Object> nameEntry = new ArrayList<>(2);
nameEntry.add(Integer.valueOf(name.getType()));
nameEntry.add(name.getType());
switch (name.getType()) {
case GeneralNameInterface.NAME_RFC822:
nameEntry.add(((RFC822Name) name).getName());
@ -2019,4 +2013,19 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
buf.append(hexChars[high]);
buf.append(hexChars[low]);
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"X509CertImpls are not directly deserializable");
}
}

2
jdk/src/share/classes/sun/text/bidi/BidiBase.java
View File

@ -3391,7 +3391,7 @@ public class BidiBase {
levelStart + " is out of range 0 to " +
(objects.length-1));
}
if (0 > count || objects.length < (objectStart+count)) {
if (0 > count || objects.length - count < objectStart) {
throw new IllegalArgumentException("Value count " +
levelStart + " is out of range 0 to " +
(objects.length - objectStart));

23
jdk/src/windows/classes/sun/security/mscapi/CPrivateKey.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package sun.security.mscapi;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.PrivateKey;
/**
@ -74,6 +77,22 @@ class CPrivateKey extends CKey implements PrivateKey {
// This class is not serializable
private void writeObject(java.io.ObjectOutputStream out)
throws java.io.IOException {
throw new java.io.NotSerializableException();
throw new java.io.InvalidObjectException(
"CPrivateKeys are not serializable");
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"CPrivateKeys are not deserializable");
}
}

24
jdk/src/windows/classes/sun/security/mscapi/CPublicKey.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package sun.security.mscapi;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.KeyException;
@ -108,7 +111,7 @@ public abstract class CPublicKey extends CKey implements PublicKey {
public String toString() {
StringBuffer sb = new StringBuffer();
sb.append(algorithm + "PublicKey [size=").append(keyLength)
sb.append(algorithm).append("PublicKey [size=").append(keyLength)
.append("]\n ECPoint: ").append(getW())
.append("\n params: ").append(getParams());
return sb.toString();
@ -127,7 +130,7 @@ public abstract class CPublicKey extends CKey implements PublicKey {
public String toString() {
StringBuffer sb = new StringBuffer();
sb.append(algorithm + "PublicKey [size=").append(keyLength)
sb.append(algorithm).append("PublicKey [size=").append(keyLength)
.append(" bits, type=");
if (handles.hCryptKey != 0) {
sb.append(getKeyType(handles.hCryptKey))
@ -221,6 +224,21 @@ public abstract class CPublicKey extends CKey implements PublicKey {
getEncoded());
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"CPublicKeys are not deserializable");
}
// Returns the CAPI or CNG representation of the key.
native byte[] getPublicKeyBlob(long hCryptProv, long hCryptKey)
throws KeyException;

2
jdk/test/ProblemList.txt
View File

@ -324,6 +324,8 @@ security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java
sun/security/mscapi/SignedObjectChain.java 8176183 windows-all
javax/security/auth/callback/PasswordCallback/CheckCleanerBound.java 8285785,8286045,8287596 generic-all
############################################################################
# jdk_sound

BIN
jdk/test/java/security/KeyRep/RSA.pre.1.5.key
View File

Binary file not shown.

14
jdk/test/java/security/KeyRep/SerialOld.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,14 +23,13 @@
/*
* @test 1.1, 03/08/13
* @bug 4532506
* @bug 4532506 8301126
* @summary Serializing KeyPair on one VM (Sun),
* and Deserializing on another (IBM) fails
* @run main/othervm/policy=SerialOld.policy SerialOld
*/
import java.io.*;
import java.security.*;
public class SerialOld {
public static void main(String[] args) throws Exception {
@ -40,10 +39,15 @@ public class SerialOld {
deserializeTigerKey("DSA");
deserializeTigerKey("RSA");
// verify pre-tiger keys still deserialize in our VM
// verify pre-tiger keys still deserialize in our VM.
// There used to be a RSA test here, but the serialized file contained
// classes introduced in JDK 5.0 (sun.security.rsa.RSA*). The older
// RSA keys from JDK 1.4.2 were of class JSA_* which were removed when
// sun.security.rsa was introduced. (See JDK-8301126 for more
// details.) The test/data has been removed.
deserializeKey("DSA");
deserializeKey("RSA");
deserializeKey("DH");
deserializeKey("AES");
deserializeKey("Blowfish");

61
jdk/test/javax/security/auth/callback/PasswordCallback/CheckCleanerBound.java Normal file
View File

@ -0,0 +1,61 @@
/*
* Copyright (C) 2022 THL A29 Limited, a Tencent company. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8284910
* @summary Check that the cleaner is not bound to the PasswordCallback object
*/
import javax.security.auth.callback.PasswordCallback;
import java.util.WeakHashMap;
public final class CheckCleanerBound {
private final static WeakHashMap<PasswordCallback, ?> weakHashMap =
new WeakHashMap<>();
public static void main(String[] args) throws Exception {
// Create an object
PasswordCallback passwordCallback =
new PasswordCallback("Password: ", false);
passwordCallback.setPassword("ThisIsAPassword".toCharArray());
weakHashMap.put(passwordCallback, null);
passwordCallback = null;
// Check if the PasswordCallback object could be collected.
// Wait to trigger the cleanup.
for (int i = 0; i < 10 && weakHashMap.size() != 0; i++) {
System.gc();
}
// Check if the object has been collected. The collection will not
// happen if the cleaner implementation in PasswordCallback is bound
// to the PasswordCallback object.
if (weakHashMap.size() > 0) {
throw new RuntimeException(
"PasswordCallback object is not released");
}
}
}

52
jdk/test/javax/security/auth/callback/PasswordCallback/PasswordCleanup.java Normal file
View File

@ -0,0 +1,52 @@
/*
* Copyright (C) 2022 THL A29 Limited, a Tencent company. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8284910
* @summary Check that PasswordCallback.clearPassword() clears the password
*/
import javax.security.auth.callback.PasswordCallback;
import java.util.Arrays;
public final class PasswordCleanup {
public static void main(String[] args) throws Exception {
// Create an object
PasswordCallback passwordCallback =
new PasswordCallback("Password: ", false);
passwordCallback.setPassword("ThisIsAPassword".toCharArray());
char[] originPassword = passwordCallback.getPassword();
// Use password clear method.
passwordCallback.clearPassword();
// Check that the password is cleared.
char[] clearedPassword = passwordCallback.getPassword();
if (Arrays.equals(originPassword, clearedPassword)) {
throw new RuntimeException(
"PasswordCallback.clearPassword() does not clear passwords");
}
}
}

227
jdk/test/security/infra/java/security/cert/CertPathValidator/certification/CertignaCA.java
View File

@ -1,227 +0,0 @@
/*
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8245654
* @summary Interoperability tests with Certigna Root CA from Dhimyotis
* @build ValidatePathWithParams
* @run main/othervm -Djava.security.debug=certpath CertignaCA OCSP
* @run main/othervm -Djava.security.debug=certpath CertignaCA CRL
*/
/*
* Obtain TLS test artifacts for Certigna Root CA from:
*
* Valid TLS Certificates:
* https://valid.servicesca.dhimyotis.com/
*
* Revoked TLS Certificates:
* https://revoked.servicesca.dhimyotis.com/
*/
public class CertignaCA {
// Owner: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036,
// OU=0002 48146308100036, O=DHIMYOTIS, C=FR
// Issuer: CN=Certigna, O=Dhimyotis, C=FR
// Serial number: 6f82fa28acd6f784bb5b120ba87367ad
// Valid from: Wed Nov 25 03:33:52 PST 2015 until: Sat Nov 22 03:33:52 PST 2025
private static final String INT = "-----BEGIN CERTIFICATE-----\n" +
"MIIGFjCCBP6gAwIBAgIQb4L6KKzW94S7WxILqHNnrTANBgkqhkiG9w0BAQsFADA0\n" +
"MQswCQYDVQQGEwJGUjESMBAGA1UECgwJRGhpbXlvdGlzMREwDwYDVQQDDAhDZXJ0\n" +
"aWduYTAeFw0xNTExMjUxMTMzNTJaFw0yNTExMjIxMTMzNTJaMH0xCzAJBgNVBAYT\n" +
"AkZSMRIwEAYDVQQKDAlESElNWU9USVMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgx\n" +
"MDAwMzYxHTAbBgNVBGEMFE5UUkZSLTQ4MTQ2MzA4MTAwMDM2MR0wGwYDVQQDDBRD\n" +
"ZXJ0aWduYSBTZXJ2aWNlcyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC\n" +
"ggIBALPM+7LpWBz9wFcPaTc3xnB+5g0XrnptB0EPPfrR04vO52Ykm4ky1d4ZLd10\n" +
"tbM1fa1RqNSOVWWg93O4pL7zCFKlz6JV74ZZVhHpEAwzBwv2oPnxvVbxtSN67xsS\n" +
"Y66ahUYxjzs8+3FhmsiRxqwnTYvK2u70uglUvRisOKyTL/M6JnrC4y8tlmoz7OSa\n" +
"5BmBMVplJFQtvmON6N9aHLvYMz+EyJPCbXL6pELxeHjFT5QmIaRamsr2DOTaCjtB\n" +
"ZKI1Wnh3X7lnbjM8MESJiV2t7E9tIQNG0Z/HI3tO4aaUMum3KysY5sC8v3vi7rry\n" +
"GidgzHQhrtP0ZXWW5UH/k7umLS/P/XXWnCFpc2Lxa1uDGfc2im7xibRoPP+JNZsz\n" +
"N76euFlls6jyEXAiwnVr14tVVTewLK0OWs5SJHpEKp8PGMZRDj59EmMvokWwzL6Q\n" +
"zNZ6vVAp00oOm05sbspNY9+MFqGKKUsKvhFGEa4XmRNxDe6KswLcjPZB+NKHZ0QW\n" +
"Fd4ip5C5XmEK/8qIPjwVr9dah9+oiHGGO8Wx7gJAMF5DTmkvW7GhqCKj1LmHnabj\n" +
"zc8av6kxWVQZi/C7HCm9i/W4wio+JA2EAFLqNL3GPNbK9kau4yPhQt/c7zxzo0OH\n" +
"nlsV4THCG7oOCd3cfCiyfQcb3FBt6OSpaKRZxjCLBwP00r0fAgMBAAGjggHZMIIB\n" +
"1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU\n" +
"rOyGj0s3HLh/FxsZ0K7oTuM0XBIwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF\n" +
"9lo53BGhOKQ2MDQxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAP\n" +
"BgNVBAMMCENlcnRpZ25hggkA/tzjAQ/JSP8wSQYDVR0gBEIwQDA+BgoqgXoBgTEB\n" +
"AAECMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmNlcnRpZ25hLmZyL2F1dG9y\n" +
"aXRlcy8wfAYIKwYBBQUHAQEEcDBuMDQGCCsGAQUFBzAChihodHRwOi8vYXV0b3Jp\n" +
"dGUuY2VydGlnbmEuZnIvY2VydGlnbmEuZGVyMDYGCCsGAQUFBzAChipodHRwOi8v\n" +
"YXV0b3JpdGUuZGhpbXlvdGlzLmNvbS9jZXJ0aWduYS5kZXIwYQYDVR0fBFowWDAp\n" +
"oCegJYYjaHR0cDovL2NybC5jZXJ0aWduYS5mci9jZXJ0aWduYS5jcmwwK6ApoCeG\n" +
"JWh0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9jZXJ0aWduYS5jcmwwDQYJKoZIhvcN\n" +
"AQELBQADggEBAGLft7gIuGPZVfg0cTM+HT2xAZFPDb/2+siH06x+dH044zMKbBIN\n" +
"bRzhKipwB1A3MW8FQjveE9tyrfyuqZE/X+o2SlGcdNV44ybYkxo4f6kcLEavV/IW\n" +
"+oFEnojZlhpksYcxrvQoEyqkAwshe8IS2KtZHKVACrt+XSs0lwvy7ALGmHaF7A4b\n" +
"y6cZWItA7Lhj8XWp+8tBJDj7HocRbWtxzEODdBuyMgJzFrNjc+97J0vH/K0+3yjm\n" +
"kczpKshMA0tM+MF9XDMN/MuwrPmUWGO/fHiqHgUp8yqeWtl1n44ZxkkK1t9GRwhn\n" +
"DWLv73/xhTmdhWYQ/reo0GbgBoLiltKmIJQ=\n" +
"-----END CERTIFICATE-----";
// Owner: SERIALNUMBER=S230100953, CN=valid.servicesca.dhimyotis.com,
// OU=0002 48146308100036, O=DHIMYOTIS, L=VILLENEUVE D'ASCQ, C=FR
// Issuer: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036,
// OU=0002 48146308100036, O=DHIMYOTIS, C=FR
// Serial number: 2959798fe2e0e7b43810169ae938bc5f
// Valid from: Sun Mar 13 16:00:00 PDT 2022 until: Mon Mar 13 15:59:59 PDT 2023
private static final String VALID = "-----BEGIN CERTIFICATE-----\n" +
"MIIIkzCCBnugAwIBAgIQKVl5j+Lg57Q4EBaa6Ti8XzANBgkqhkiG9w0BAQsFADB9\n" +
"MQswCQYDVQQGEwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAy\n" +
"IDQ4MTQ2MzA4MTAwMDM2MR0wGwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEd\n" +
"MBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMgQ0EwHhcNMjIwMzEzMjMwMDAwWhcN\n" +
"MjMwMzEzMjI1OTU5WjCBmTELMAkGA1UEBhMCRlIxGjAYBgNVBAcMEVZJTExFTkVV\n" +
"VkUgRCdBU0NRMRIwEAYDVQQKDAlESElNWU9USVMxHDAaBgNVBAsMEzAwMDIgNDgx\n" +
"NDYzMDgxMDAwMzYxJzAlBgNVBAMMHnZhbGlkLnNlcnZpY2VzY2EuZGhpbXlvdGlz\n" +
"LmNvbTETMBEGA1UEBRMKUzIzMDEwMDk1MzCCASIwDQYJKoZIhvcNAQEBBQADggEP\n" +
"ADCCAQoCggEBALpeGHbzRGnv1C0PdJS0nT+Cx98Pw8ctaw51m9Vlk2j8AFGZRu8r\n" +
"lX3noQYX0AIfcbk6KqPAreIvJQV0UgM5jxt3mIQF7iU+55MG4mWmSJgKDDq4b3ck\n" +
"WdBy0KpSBqLmB9sHyTNk9NilNu7VwG03HGIltWA2uQFJGC8CkxwAFpMCQ9RVYw2Z\n" +
"NkL/SsiPgrRLiCJZjesk1oAcLnLp7hbelfUB2Z71VmuDDlom7CsLvdN8eIG+Lj+V\n" +
"wkGmH6AbVGvbFniFDLCNDSJWCQ9AHeO+i0CM/wd2gBRSgm993p2YMxu5mVZjz/rp\n" +
"ELaCYjulvNZKvPIFoNe8qsxlXRWeqWaHuPsCAwEAAaOCA/AwggPsMIHkBggrBgEF\n" +
"BQcBAQSB1zCB1DA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rp\n" +
"cy5jb20vc2VydmljZXNjYS5kZXIwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0\n" +
"ZS5jZXJ0aWduYS5mci9zZXJ2aWNlc2NhLmRlcjAwBggrBgEFBQcwAYYkaHR0cDov\n" +
"L3NlcnZpY2VzY2Eub2NzcC5kaGlteW90aXMuY29tMC4GCCsGAQUFBzABhiJodHRw\n" +
"Oi8vc2VydmljZXNjYS5vY3NwLmNlcnRpZ25hLmZyMB8GA1UdIwQYMBaAFKzsho9L\n" +
"Nxy4fxcbGdCu6E7jNFwSMAkGA1UdEwQCMAAwYQYDVR0gBFowWDAIBgZngQwBAgIw\n" +
"TAYLKoF6AYExAgUBAQEwPTA7BggrBgEFBQcCARYvaHR0cHM6Ly93d3cuY2VydGln\n" +
"bmEuY29tL2F1dG9yaXRlLWNlcnRpZmljYXRpb24wZQYDVR0fBF4wXDAroCmgJ4Yl\n" +
"aHR0cDovL2NybC5jZXJ0aWduYS5mci9zZXJ2aWNlc2NhLmNybDAtoCugKYYnaHR0\n" +
"cDovL2NybC5kaGlteW90aXMuY29tL3NlcnZpY2VzY2EuY3JsMBMGA1UdJQQMMAoG\n" +
"CCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIFoDBIBgNVHREEQTA/gh12YWxpZC5zZXJ2\n" +
"aWNlc2NhLmNlcnRpZ25hLmNvbYIedmFsaWQuc2VydmljZXNjYS5kaGlteW90aXMu\n" +
"Y29tMB0GA1UdDgQWBBSGQwwMIdxiI7P+CFU/Z968XZaSGzCCAX0GCisGAQQB1nkC\n" +
"BAIEggFtBIIBaQFnAHUArfe++nz/EMiLnT2cHj4YarRnKV3PsQwkyoWGNOvcgooA\n" +
"AAF/h9eOGgAABAMARjBEAiBaneK2CTn9lH28CUnL2C2/WklUYkvygMiDrtCIUXfw\n" +
"gQIgJrGxwgGlsYzUdZyZY/oNWSLByO8/Jb5LXbNibdk5SnAAdwDoPtDaPvUGNTLn\n" +
"Vyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAX+H14/NAAAEAwBIMEYCIQCVtuV9p/Ug\n" +
"IhwVoMUjPp1KzGte/FmDaKPx432VjOpD+AIhANKWkDEuVnMzPH8sdJCL+eXoB0Q7\n" +
"0mpe5dHEiFJS8lTBAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoA\n" +
"AAF/h9eTcQAABAMARjBEAiAjdYhnzPe9lJksk94ngl7PLDRi71tSRN7SslibEyv+\n" +
"XAIgLQ5NKQAaJnF8oA7WnHB8gyJ/8kqZi52d1WFgARDLR30wDQYJKoZIhvcNAQEL\n" +
"BQADggIBAJhLhW5Gh9yOPKsrMhABd7U5juc5ev97c6s7Az70Yr5/EtH6TlgC6a1N\n" +
"i0yzFOeXzAR8Svsq6HzqP9kMJkEFIrdWH8JZdEv871EjYetEzLLnO0m+dNEROJAh\n" +
"fcJ2w2LufPNaQ327tGY/DxDH9jdtgquReO01bPlJ0Yc5J3maz4XapeUm/kQ8dRzS\n" +
"0UBOxfUlEMpDatZzg7wugy7g9vOndW/VbtbN5Iioq2bjuykPJZfZUx4cCAmLUS7w\n" +
"bqPThQ54PnybiPXaF8cH1Gq0Rs/lGB1erzRXRXHgMy61mFY944r13oATnSdTy8Gm\n" +
"QoMsVp9w7WBRo8O4PR606Ke8Ufm9Kg2GJ1sHClf70FNFO/OSFlr3BLDG0vEMdgVW\n" +
"9QLu6UQXa9PhWMoo030k5fmUySzIUljXnstj3rgcD2HE1UrobTqyRHbbQ8JVWaF0\n" +
"PrPR4WDFI9dY0jixVQucKlX6FCqsyNrJF8GWDlZH+Cd8bk+MA9fKUuX/vmoOc2d+\n" +
"bvOCliME7YjAJkyclk6yiFIMnqyh+TD0d8WbjE94YC/293Xqb6WGkRhhsCX9RUrk\n" +
"I6QbS2uicCFGjRsPmjvMkDDxS00MShRl2K/KpsAx68Cv/Gcw3bv31obwNXTB2IBg\n" +
"gI0MfBHnjIp1nmNvCNmVIP52YrGQyC2JE7+GZUWTuwUVeDgBhiEZ\n" +
"-----END CERTIFICATE-----";
// Owner: SERIALNUMBER=S230120951, CN=revoked.servicesca.dhimyotis.com,
// OU=0002 48146308100036, O=DHIMYOTIS, L=VILLENEUVE D'ASCQ, C=FR
// Issuer: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036,
// OU=0002 48146308100036, O=DHIMYOTIS, C=FR
// Serial number: f88f2566b3dbf73763622db9b2bf9cc
// Valid from: Sun Mar 13 16:00:00 PDT 2022 until: Mon Mar 13 15:59:59 PDT 2023
private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" +
"MIIImTCCBoGgAwIBAgIQD4jyVms9v3N2NiLbmyv5zDANBgkqhkiG9w0BAQsFADB9\n" +
"MQswCQYDVQQGEwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAy\n" +
"IDQ4MTQ2MzA4MTAwMDM2MR0wGwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEd\n" +
"MBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMgQ0EwHhcNMjIwMzEzMjMwMDAwWhcN\n" +
"MjMwMzEzMjI1OTU5WjCBmzELMAkGA1UEBhMCRlIxGjAYBgNVBAcMEVZJTExFTkVV\n" +
"VkUgRCdBU0NRMRIwEAYDVQQKDAlESElNWU9USVMxHDAaBgNVBAsMEzAwMDIgNDgx\n" +
"NDYzMDgxMDAwMzYxKTAnBgNVBAMMIHJldm9rZWQuc2VydmljZXNjYS5kaGlteW90\n" +
"aXMuY29tMRMwEQYDVQQFEwpTMjMwMTIwOTUxMIIBIjANBgkqhkiG9w0BAQEFAAOC\n" +
"AQ8AMIIBCgKCAQEAouvIzemKChCjYICW+TzRigLkqaTdMLnaPlGaXyCCoEUS6nkK\n" +
"QnrwTgebf1X9/mwSAuvTo3Ck7CVgE8AMqsPTluSjezCJuED/F3HYy2YsbIhnVK/i\n" +
"uSzKsDGVY3RlVNm2MA2viVTNBbOFhk4kefYqpDCmp3EGvIDOCb7Y5PTuKKQ79s97\n" +
"uDm+0WoBnOdwSuZMUg+hvINBgu2JQFwiWP0g/SxoK6Ci9SVokM3zR4KgECkMVArf\n" +
"cH0dN+5SYvByaGegQJy7TdKqDsf1lIHM19tUXcxOBNRgV3Rf7WMNIlERtLXjRfke\n" +
"IWXf8QtXRVIH/i/PoVTDo2qvQOMnZFY/Eb5dFQIDAQABo4ID9DCCA/AwgeQGCCsG\n" +
"AQUFBwEBBIHXMIHUMDgGCCsGAQUFBzAChixodHRwOi8vYXV0b3JpdGUuZGhpbXlv\n" +
"dGlzLmNvbS9zZXJ2aWNlc2NhLmRlcjA2BggrBgEFBQcwAoYqaHR0cDovL2F1dG9y\n" +
"aXRlLmNlcnRpZ25hLmZyL3NlcnZpY2VzY2EuZGVyMDAGCCsGAQUFBzABhiRodHRw\n" +
"Oi8vc2VydmljZXNjYS5vY3NwLmRoaW15b3Rpcy5jb20wLgYIKwYBBQUHMAGGImh0\n" +
"dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGlnbmEuZnIwHwYDVR0jBBgwFoAUrOyG\n" +
"j0s3HLh/FxsZ0K7oTuM0XBIwCQYDVR0TBAIwADBhBgNVHSAEWjBYMAgGBmeBDAEC\n" +
"AjBMBgsqgXoBgTECBQEBATA9MDsGCCsGAQUFBwIBFi9odHRwczovL3d3dy5jZXJ0\n" +
"aWduYS5jb20vYXV0b3JpdGUtY2VydGlmaWNhdGlvbjBlBgNVHR8EXjBcMCugKaAn\n" +
"hiVodHRwOi8vY3JsLmNlcnRpZ25hLmZyL3NlcnZpY2VzY2EuY3JsMC2gK6Aphido\n" +
"dHRwOi8vY3JsLmRoaW15b3Rpcy5jb20vc2VydmljZXNjYS5jcmwwEwYDVR0lBAww\n" +
"CgYIKwYBBQUHAwEwDgYDVR0PAQH/BAQDAgWgMEwGA1UdEQRFMEOCH3Jldm9rZWQu\n" +
"c2VydmljZXNjYS5jZXJ0aWduYS5jb22CIHJldm9rZWQuc2VydmljZXNjYS5kaGlt\n" +
"eW90aXMuY29tMB0GA1UdDgQWBBTGIed1eHBS8Z1H3PdMkItpjyjq2TCCAX0GCisG\n" +
"AQQB1nkCBAIEggFtBIIBaQFnAHcArfe++nz/EMiLnT2cHj4YarRnKV3PsQwkyoWG\n" +
"NOvcgooAAAF/h9g4MAAABAMASDBGAiEAp/1fQB730JrX9YGD3d1Uq7rTAL95tMKe\n" +
"G6kgUP1GEWoCIQCzi6feA3cImTH6tVZALNEmve/n8SVFAvD2AvX8ioCD9QB1AOg+\n" +
"0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABf4fYNHcAAAQDAEYwRAIg\n" +
"Dnd8oOV7/MuaiyR23qbdRVf1kBSsDxnLp1/vRdD0JTYCIAw7LuZalEVa/0KpuNHs\n" +
"NIdUJgV4Vioa2xkb9fdPIhtkAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PAD\n" +
"Dnk2pZoAAAF/h9g7nwAABAMARjBEAiA80M1W3V3iKjm6Dwn+hKkmvGiuXZoM6o3f\n" +
"QJsZ2ZOx0QIgUiS3I83WzoCdD4qO9rlmDQhRD69CeVzCgLtkaTPz3JYwDQYJKoZI\n" +
"hvcNAQELBQADggIBADKub0gNyasTvURoYukQCllqDC+SvWA4TURBcmQMNjdVkreJ\n" +
"B3O91HZhTyhrCBJxybeIG89zuRI6rjTpHCQGFqtP7968NA3eUlxGGnAPpw6VbN47\n" +
"Ake+CRI9XnhxcKmTGm987DjtIBH42BedS59P1T56grZP5ysOog9Hz4eYo2ytbZqt\n" +
"P/DHggivymaaiIaBsqup8C7/XN3vVAa/yo1FeLJ48i1d0M9hjGBUFMajd8Y5+pE7\n" +
"p6Nb5mT1LXbetORYXMyG3MiJQPBAr1dLnRGnOZxc1Kxa1QwoAFQAFIXFpqfBwfHi\n" +
"NaSDdFS/wLbpe7UvtC8FWLq9sgITDEkPqDPCsbu8Vc7OxaMhBJ7HQGaAYMReGADG\n" +
"Elx9ffAc+dFR62zFnqMLouaEznZ7FVNmU3cYbrFVBvnGmoDRe0AKUoYv5DCiawUg\n" +
"qeQS69DgG7DOE5VIDaWX2Cevy81mz7O8EVQsyS15J/MUxzWfQpRaHUqkge6G9FSH\n" +
"hF/Nm48oWgpWop5aIF2O6bA/Bt1VvAWdypUPUr4gtpYIQoOQBzTFgBVWUeOTOImE\n" +
"avvpzSwGQfZkB7t5PcAQ+zYGxWq7fr30/qY3geePcXJCGWS6PXyj8lNn4CaJ2sMF\n" +
"GKxNJGD49/5uoxi3b3TzGUn/3eG2qP2RZoXZ6ZPLAo+moIy3XLwMoZm3Im8r\n" +
"-----END CERTIFICATE-----";
public static void main(String[] args) throws Exception {
ValidatePathWithParams pathValidator;
String[] validChainToValidate;
String[] revChainToValidate;
if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) {
pathValidator = new ValidatePathWithParams(null);
pathValidator.enableCRLCheck();
validChainToValidate = new String[]{VALID, INT};
revChainToValidate = new String[]{REVOKED, INT};
} else {
// OCSP check by default
// int certificate doesn't specify OCSP responder
pathValidator = new ValidatePathWithParams(new String[]{INT});
pathValidator.enableOCSPCheck();
validChainToValidate = new String[]{VALID};
revChainToValidate = new String[]{REVOKED};
}
// Validate valid
pathValidator.validate(validChainToValidate,
ValidatePathWithParams.Status.GOOD, null, System.out);
// Validate Revoked
pathValidator.validate(revChainToValidate,
ValidatePathWithParams.Status.REVOKED,
"Mon Mar 14 03:00:16 PDT 2022", System.out);
}
}

293
jdk/test/security/infra/java/security/cert/CertPathValidator/certification/CertignaRoots.java Normal file
View File

@ -0,0 +1,293 @@
/*
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8245654 8314960
* @summary Interoperability tests with Certigna Root CAs from Dhimyotis
* @build ValidatePathWithParams
* @run main/othervm -Djava.security.debug=certpath CertignaRoots OCSP
* @run main/othervm -Djava.security.debug=certpath CertignaRoots CRL
*/
/*
* Obtain TLS test artifacts for Certigna Root CAs from:
*
* Valid TLS Certificates:
* https://valid.servicesca.dhimyotis.com/
*
* Revoked TLS Certificates:
* https://revoked.servicesca.dhimyotis.com/
*/
public class CertignaRoots {
// Owner: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036,
// OU=0002 48146308100036, O=DHIMYOTIS, C=FR
// Issuer: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR
// Serial number: fd30cf04344fc38dd90c4e70753d0623
// Valid from: Wed Nov 25 03:37:21 PST 2015 until: Fri Jun 03 04:37:21 PDT 2033
private static final String INT_CERTIGNA_ROOT_CA = "-----BEGIN CERTIFICATE-----\n" +
"MIIHETCCBPmgAwIBAgIRAP0wzwQ0T8ON2QxOcHU9BiMwDQYJKoZIhvcNAQELBQAw\n" +
"WjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAw\n" +
"MiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0x\n" +
"NTExMjUxMTM3MjFaFw0zMzA2MDMxMTM3MjFaMH0xCzAJBgNVBAYTAkZSMRIwEAYD\n" +
"VQQKDAlESElNWU9USVMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgxMDAwMzYxHTAb\n" +
"BgNVBGEMFE5UUkZSLTQ4MTQ2MzA4MTAwMDM2MR0wGwYDVQQDDBRDZXJ0aWduYSBT\n" +
"ZXJ2aWNlcyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALPM+7Lp\n" +
"WBz9wFcPaTc3xnB+5g0XrnptB0EPPfrR04vO52Ykm4ky1d4ZLd10tbM1fa1RqNSO\n" +
"VWWg93O4pL7zCFKlz6JV74ZZVhHpEAwzBwv2oPnxvVbxtSN67xsSY66ahUYxjzs8\n" +
"+3FhmsiRxqwnTYvK2u70uglUvRisOKyTL/M6JnrC4y8tlmoz7OSa5BmBMVplJFQt\n" +
"vmON6N9aHLvYMz+EyJPCbXL6pELxeHjFT5QmIaRamsr2DOTaCjtBZKI1Wnh3X7ln\n" +
"bjM8MESJiV2t7E9tIQNG0Z/HI3tO4aaUMum3KysY5sC8v3vi7rryGidgzHQhrtP0\n" +
"ZXWW5UH/k7umLS/P/XXWnCFpc2Lxa1uDGfc2im7xibRoPP+JNZszN76euFlls6jy\n" +
"EXAiwnVr14tVVTewLK0OWs5SJHpEKp8PGMZRDj59EmMvokWwzL6QzNZ6vVAp00oO\n" +
"m05sbspNY9+MFqGKKUsKvhFGEa4XmRNxDe6KswLcjPZB+NKHZ0QWFd4ip5C5XmEK\n" +
"/8qIPjwVr9dah9+oiHGGO8Wx7gJAMF5DTmkvW7GhqCKj1LmHnabjzc8av6kxWVQZ\n" +
"i/C7HCm9i/W4wio+JA2EAFLqNL3GPNbK9kau4yPhQt/c7zxzo0OHnlsV4THCG7oO\n" +
"Cd3cfCiyfQcb3FBt6OSpaKRZxjCLBwP00r0fAgMBAAGjggGtMIIBqTASBgNVHRMB\n" +
"Af8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUrOyGj0s3HLh/\n" +
"FxsZ0K7oTuM0XBIwHwYDVR0jBBgwFoAUGIdW4G537iQ1PE5zmh/W4eJ5fiswSQYD\n" +
"VR0gBEIwQDA+BgoqgXoBgTECAAEBMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3\n" +
"LmNlcnRpZ25hLmZyL2F1dG9yaXRlcy8wgYgGCCsGAQUFBwEBBHwwejA6BggrBgEF\n" +
"BQcwAoYuaHR0cDovL2F1dG9yaXRlLmNlcnRpZ25hLmZyL2NlcnRpZ25hcm9vdGNh\n" +
"LmRlcjA8BggrBgEFBQcwAoYwaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v\n" +
"Y2VydGlnbmFyb290Y2EuZGVyMG0GA1UdHwRmMGQwL6AtoCuGKWh0dHA6Ly9jcmwu\n" +
"Y2VydGlnbmEuZnIvY2VydGlnbmFyb290Y2EuY3JsMDGgL6AthitodHRwOi8vY3Js\n" +
"LmRoaW15b3Rpcy5jb20vY2VydGlnbmFyb290Y2EuY3JsMA0GCSqGSIb3DQEBCwUA\n" +
"A4ICAQCI5QbprXJ93L+JWHYpUTinXAMSvXMx2dmNm4mIiJRAbGnBOoEYx7M61fbL\n" +
"L5EJIYZhw8jLmeYVFuMao5OJLwda+RMmVzE7lyTGsY64IDKdwogByNCqbKzrlhnU\n" +
"8myyMNB0BDs2jgwQe2Dj9v+MddeHr7sDqvs7R1tSS5hoASLtdQhO7oxUzr3m7M8q\n" +
"+lh4jszli+cjfiPUVS2ADFu4ccQIh4OsIX6SWdU+8R+c/fn0FV6ip4SAVbNyCToz\n" +
"0ZbZKO8YTJgORxRmvrop9dPyuLWjaRrZ0LMx4a3EM3sQDPDqmsG0lHtfFj2PiJvq\n" +
"4lEYA+gDiLKODI+3DJMqo559m3QSS52DsShomHX/Txd0lJoZwepCE6X4KkG9FHjV\n" +
"WXyLgYFwCOcn+hkLhdpblms0wtjeSPITGOioSkefzhleJnDgJ9X4M3svd0HLTpJi\n" +
"lC1DmDZgdrXWITVdOoCogr2LFKNiGd0tbpKG533eKpfBALlm+afc6j73p1KhJEAn\n" +
"AfydDZqBRqv6+HHYplNDn/K2I1CZdkwaGrx3HOR/voGUi1sUI+hYbsPAFu8ZxrhD\n" +
"9UiysmLCfEUhqkbojony+L2mKsoLqyd24emQzn7GgMa7emlWX2jQUTwrD4SliZ2u\n" +
"OetVaZX5RLyqJWs4Igo/xye0xtMQN8INJ4hSZvnMQ1qFtuSRcQ==\n" +
"-----END CERTIFICATE-----";
// Owner: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036,
// OU=0002 48146308100036, O=DHIMYOTIS, C=FR
// Issuer: CN=Certigna, O=Dhimyotis, C=FR
// Serial number: 6f82fa28acd6f784bb5b120ba87367ad
// Valid from: Wed Nov 25 03:33:52 PST 2015 until: Sat Nov 22 03:33:52 PST 2025
private static final String INT_CERTIGNA = "-----BEGIN CERTIFICATE-----\n" +
"MIIGFjCCBP6gAwIBAgIQb4L6KKzW94S7WxILqHNnrTANBgkqhkiG9w0BAQsFADA0\n" +
"MQswCQYDVQQGEwJGUjESMBAGA1UECgwJRGhpbXlvdGlzMREwDwYDVQQDDAhDZXJ0\n" +
"aWduYTAeFw0xNTExMjUxMTMzNTJaFw0yNTExMjIxMTMzNTJaMH0xCzAJBgNVBAYT\n" +
"AkZSMRIwEAYDVQQKDAlESElNWU9USVMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgx\n" +
"MDAwMzYxHTAbBgNVBGEMFE5UUkZSLTQ4MTQ2MzA4MTAwMDM2MR0wGwYDVQQDDBRD\n" +
"ZXJ0aWduYSBTZXJ2aWNlcyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC\n" +
"ggIBALPM+7LpWBz9wFcPaTc3xnB+5g0XrnptB0EPPfrR04vO52Ykm4ky1d4ZLd10\n" +
"tbM1fa1RqNSOVWWg93O4pL7zCFKlz6JV74ZZVhHpEAwzBwv2oPnxvVbxtSN67xsS\n" +
"Y66ahUYxjzs8+3FhmsiRxqwnTYvK2u70uglUvRisOKyTL/M6JnrC4y8tlmoz7OSa\n" +
"5BmBMVplJFQtvmON6N9aHLvYMz+EyJPCbXL6pELxeHjFT5QmIaRamsr2DOTaCjtB\n" +
"ZKI1Wnh3X7lnbjM8MESJiV2t7E9tIQNG0Z/HI3tO4aaUMum3KysY5sC8v3vi7rry\n" +
"GidgzHQhrtP0ZXWW5UH/k7umLS/P/XXWnCFpc2Lxa1uDGfc2im7xibRoPP+JNZsz\n" +
"N76euFlls6jyEXAiwnVr14tVVTewLK0OWs5SJHpEKp8PGMZRDj59EmMvokWwzL6Q\n" +
"zNZ6vVAp00oOm05sbspNY9+MFqGKKUsKvhFGEa4XmRNxDe6KswLcjPZB+NKHZ0QW\n" +
"Fd4ip5C5XmEK/8qIPjwVr9dah9+oiHGGO8Wx7gJAMF5DTmkvW7GhqCKj1LmHnabj\n" +
"zc8av6kxWVQZi/C7HCm9i/W4wio+JA2EAFLqNL3GPNbK9kau4yPhQt/c7zxzo0OH\n" +
"nlsV4THCG7oOCd3cfCiyfQcb3FBt6OSpaKRZxjCLBwP00r0fAgMBAAGjggHZMIIB\n" +
"1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU\n" +
"rOyGj0s3HLh/FxsZ0K7oTuM0XBIwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF\n" +
"9lo53BGhOKQ2MDQxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAP\n" +
"BgNVBAMMCENlcnRpZ25hggkA/tzjAQ/JSP8wSQYDVR0gBEIwQDA+BgoqgXoBgTEB\n" +
"AAECMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmNlcnRpZ25hLmZyL2F1dG9y\n" +
"aXRlcy8wfAYIKwYBBQUHAQEEcDBuMDQGCCsGAQUFBzAChihodHRwOi8vYXV0b3Jp\n" +
"dGUuY2VydGlnbmEuZnIvY2VydGlnbmEuZGVyMDYGCCsGAQUFBzAChipodHRwOi8v\n" +
"YXV0b3JpdGUuZGhpbXlvdGlzLmNvbS9jZXJ0aWduYS5kZXIwYQYDVR0fBFowWDAp\n" +
"oCegJYYjaHR0cDovL2NybC5jZXJ0aWduYS5mci9jZXJ0aWduYS5jcmwwK6ApoCeG\n" +
"JWh0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9jZXJ0aWduYS5jcmwwDQYJKoZIhvcN\n" +
"AQELBQADggEBAGLft7gIuGPZVfg0cTM+HT2xAZFPDb/2+siH06x+dH044zMKbBIN\n" +
"bRzhKipwB1A3MW8FQjveE9tyrfyuqZE/X+o2SlGcdNV44ybYkxo4f6kcLEavV/IW\n" +
"+oFEnojZlhpksYcxrvQoEyqkAwshe8IS2KtZHKVACrt+XSs0lwvy7ALGmHaF7A4b\n" +
"y6cZWItA7Lhj8XWp+8tBJDj7HocRbWtxzEODdBuyMgJzFrNjc+97J0vH/K0+3yjm\n" +
"kczpKshMA0tM+MF9XDMN/MuwrPmUWGO/fHiqHgUp8yqeWtl1n44ZxkkK1t9GRwhn\n" +
"DWLv73/xhTmdhWYQ/reo0GbgBoLiltKmIJQ=\n" +
"-----END CERTIFICATE-----";
// Owner: SERIALNUMBER=S266241169, CN=valid.servicesca.dhimyotis.com, O=DHIMYOTIS,
// L=VILLENEUVE D'ASCQ, C=FR
// Issuer: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, OU=0002
// 48146308100036, O=DHIMYOTIS, C=FR
// Serial number: c641ef7b0340c21515d8c462e729dc0e
// Valid from: Thu Mar 09 15:00:00 PST 2023 until: Mon Mar 11 15:59:59 PDT 2024
private static final String VALID = "-----BEGIN CERTIFICATE-----\n" +
"MIIIdzCCBl+gAwIBAgIRAMZB73sDQMIVFdjEYucp3A4wDQYJKoZIhvcNAQELBQAw\n" +
"fTELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURISU1ZT1RJUzEcMBoGA1UECwwTMDAw\n" +
"MiA0ODE0NjMwODEwMDAzNjEdMBsGA1UEYQwUTlRSRlItNDgxNDYzMDgxMDAwMzYx\n" +
"HTAbBgNVBAMMFENlcnRpZ25hIFNlcnZpY2VzIENBMB4XDTIzMDMwOTIzMDAwMFoX\n" +
"DTI0MDMxMTIyNTk1OVowezELMAkGA1UEBhMCRlIxGjAYBgNVBAcMEVZJTExFTkVV\n" +
"VkUgRCdBU0NRMRIwEAYDVQQKDAlESElNWU9USVMxJzAlBgNVBAMMHnZhbGlkLnNl\n" +
"cnZpY2VzY2EuZGhpbXlvdGlzLmNvbTETMBEGA1UEBRMKUzI2NjI0MTE2OTCCASIw\n" +
"DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJDrFpZWEeBJoMUuG37wEmJ7XVeX\n" +
"Jde1bgURpFbLwifRj2TVmMdtfg9hXHL7B7Mh/+I8/e7kJz8mlU9qUYKyH24oAitE\n" +
"myXYHAKTydqTseiM3mp92n4PM+DrgsdbT7bpmiirNM0/sqWFNyGUz7kP6Z5E3uuU\n" +
"HSlzX1LBBj8S0ORNZWvomQho11gjuZJRS72X4XTnSc0DESwnLp2irUfx7pflBNt0\n" +
"sLE8BhpNSSQd91naJVKtCtn0H7df+o4gGBt2ZceCLBwU0NwN8+KXz06KjP8298V4\n" +
"P3+eR2QxAw4QBIanRaG6Gd4AmpdIaT7TpiYHotjrJ/Pbx5C8/cmgxxlmtI0CAwEA\n" +
"AaOCA/IwggPuMIHkBggrBgEFBQcBAQSB1zCB1DA2BggrBgEFBQcwAoYqaHR0cDov\n" +
"L2F1dG9yaXRlLmNlcnRpZ25hLmZyL3NlcnZpY2VzY2EuZGVyMDgGCCsGAQUFBzAC\n" +
"hixodHRwOi8vYXV0b3JpdGUuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmRlcjAu\n" +
"BggrBgEFBQcwAYYiaHR0cDovL3NlcnZpY2VzY2Eub2NzcC5jZXJ0aWduYS5mcjAw\n" +
"BggrBgEFBQcwAYYkaHR0cDovL3NlcnZpY2VzY2Eub2NzcC5kaGlteW90aXMuY29t\n" +
"MB8GA1UdIwQYMBaAFKzsho9LNxy4fxcbGdCu6E7jNFwSMAkGA1UdEwQCMAAwYQYD\n" +
"VR0gBFowWDAIBgZngQwBAgIwTAYLKoF6AYExAgUBAQEwPTA7BggrBgEFBQcCARYv\n" +
"aHR0cHM6Ly93d3cuY2VydGlnbmEuY29tL2F1dG9yaXRlLWNlcnRpZmljYXRpb24w\n" +
"ZQYDVR0fBF4wXDAtoCugKYYnaHR0cDovL2NybC5kaGlteW90aXMuY29tL3NlcnZp\n" +
"Y2VzY2EuY3JsMCugKaAnhiVodHRwOi8vY3JsLmNlcnRpZ25hLmZyL3NlcnZpY2Vz\n" +
"Y2EuY3JsMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIFoDBIBgNV\n" +
"HREEQTA/gh12YWxpZC5zZXJ2aWNlc2NhLmNlcnRpZ25hLmNvbYIedmFsaWQuc2Vy\n" +
"dmljZXNjYS5kaGlteW90aXMuY29tMB0GA1UdDgQWBBSzyYZfPBt65RUDq98+e0AK\n" +
"U8pd/jCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHcA7s3QZNXbGs7FXLedtM0T\n" +
"ojKHRny87N7DUUhZRnEftZsAAAGGy1ZNXwAABAMASDBGAiEAyG838/RfBOpojEI/\n" +
"cx++f0tvuDbc/rVa0WNcd2f9HekCIQDVKV2wI3VkD3wNmO93m022H7kvKD1OBEhw\n" +
"Tn6+0ZLA6QB2AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABhstW\n" +
"TcYAAAQDAEcwRQIhAOuj/r5G1wHNgFOMg3jsr3uWmWzIIkTmwmp4hJqvsJzzAiBf\n" +
"nm/jZCUW8DFY+iC+O/+Hzsk/kVDkKIlBDd6rA3MzJgB2AFWB1MIWkDYBSuoLm1c8\n" +
"U/DA5Dh4cCUIFy+jqh0HE9MMAAABhstWTw4AAAQDAEcwRQIgRbCAqI1/nxc6P4de\n" +
"Fqg/zc1+ldMDWjeamWjhctciGsgCIQDHQ4OKj0AA7hQKFIe1SVp+00BxRefFGmq7\n" +
"ZJ+8q+pRqzANBgkqhkiG9w0BAQsFAAOCAgEAVkzCC9LIHU+iOi+GFeCtWxxa5Fsk\n" +
"5gXnDJmtbdoVe2TJvOhrb+VnNI7/Ak+csBv3vxNl3P3DXIbPryB98aelleX7pkfP\n" +
"PcKhFAlbwzbII2D3L0mjFLERtVwdnoEJXXKcHsb9hJResKipZ//daMPD8FthHvEE\n" +
"HmtOrR0lHLjhbi4ODq0e4xyygbxFXXl5CCjtBw0jBtZaMDQaC3eemK9LkOggLz3h\n" +
"qs/+VQ7RyKfcKCuGC5Wb4GJR+IDKH812hFsUWmXe26MPoyTrzLNq6tfQZHSuY5Hj\n" +
"K0ZwldEkUZ2Hd7PrRlhCiGdVCp/2kS2yefhUkvX7Z5K5wX6n+LylfzOTvWf6ZPwQ\n" +
"1jTI0Js8ig4eHF25GlqgOWrqbyF9j67kLs3f7/c5Kx3FlclJ7/vlL8zEcTmGU7rm\n" +
"ZFOhEMDT/UYkitqAOvrgT60oIm9YJ1XTAVTeDbW0FFAb2nFmeBOrw8N3jaCb+jpO\n" +
"ysBA/lDaGTiQhMlJK44vwgS+TjbeWHxvmAE5srKa7MWU8Mmku2vuX95lupJo4LmD\n" +
"zOsihH00hyhtHFUB1TGXuaf77kFsipE6iycyxpcrpJ1UAWiZrba6PAZ85TbYhEdY\n" +
"FDNm7F7CVPU67HV5gE2kDa3Jprd1SjwO095LsRptWhzxUByhee3JI0jljBTaKowy\n" +
"jPv8oekm7zqCLzY=\n" +
"-----END CERTIFICATE-----";
// Owner: SERIALNUMBER=S266251168, CN=revoked.servicesca.certigna.com, O=DHIMYOTIS,
// L=VILLENEUVE D'ASCQ, C=FR
// Issuer: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, OU=0002
// 48146308100036, O=DHIMYOTIS, C=FR
// Serial number: e863f752a23a735e3ccf958abf18565b
// Valid from: Thu Mar 09 15:00:00 PST 2023 until: Fri Mar 08 14:59:59 PST 2024
private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" +
"MIIIezCCBmOgAwIBAgIRAOhj91KiOnNePM+Vir8YVlswDQYJKoZIhvcNAQELBQAw\n" +
"fTELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURISU1ZT1RJUzEcMBoGA1UECwwTMDAw\n" +
"MiA0ODE0NjMwODEwMDAzNjEdMBsGA1UEYQwUTlRSRlItNDgxNDYzMDgxMDAwMzYx\n" +
"HTAbBgNVBAMMFENlcnRpZ25hIFNlcnZpY2VzIENBMB4XDTIzMDMwOTIzMDAwMFoX\n" +
"DTI0MDMwODIyNTk1OVowfDELMAkGA1UEBhMCRlIxGjAYBgNVBAcMEVZJTExFTkVV\n" +
"VkUgRCdBU0NRMRIwEAYDVQQKDAlESElNWU9USVMxKDAmBgNVBAMMH3Jldm9rZWQu\n" +
"c2VydmljZXNjYS5jZXJ0aWduYS5jb20xEzARBgNVBAUTClMyNjYyNTExNjgwggEi\n" +
"MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCBqKNjMkHqJ9EQa3CjuZ6EYMz6\n" +
"mWODrEucRcJDihYMigaV1oRyquGlFQ82ootXaK5bU+EYSMmUwbRpdZ9G/oZUn2+K\n" +
"MKAFDI+MoZoFhQC+2w0AzJycCf/hShUVxcRREKRKdfzv+k5YHj3e8ic16tGlTFXT\n" +
"IF1x3y2Uru7mzZARsZJqnRqaqPPghT/QlBpcA04yLi3iSpgO++mRrJxTUoUHlDw/\n" +
"a1nhqnDgH2yKN7tSfwFTetnXat6/UVt0CJ/6dJF6oY8bGWO1YB03Xdq735eLdJE4\n" +
"t38pV/X8rf5Mc9ZQh8IGrjVW83M8mQmqaX5rbsOl0ZCA/q6RWxRFEF2SwK+dAgMB\n" +
"AAGjggP1MIID8TCB5AYIKwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6\n" +
"Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9zZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcw\n" +
"AoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20vc2VydmljZXNjYS5kZXIw\n" +
"LgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGlnbmEuZnIw\n" +
"MAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNv\n" +
"bTAfBgNVHSMEGDAWgBSs7IaPSzccuH8XGxnQruhO4zRcEjAJBgNVHRMEAjAAMGEG\n" +
"A1UdIARaMFgwCAYGZ4EMAQICMEwGCyqBegGBMQIFAQEBMD0wOwYIKwYBBQUHAgEW\n" +
"L2h0dHBzOi8vd3d3LmNlcnRpZ25hLmNvbS9hdXRvcml0ZS1jZXJ0aWZpY2F0aW9u\n" +
"MGUGA1UdHwReMFwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2\n" +
"aWNlc2NhLmNybDAroCmgJ4YlaHR0cDovL2NybC5jZXJ0aWduYS5mci9zZXJ2aWNl\n" +
"c2NhLmNybDATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAwTAYD\n" +
"VR0RBEUwQ4IgcmV2b2tlZC5zZXJ2aWNlc2NhLmRoaW15b3Rpcy5jb22CH3Jldm9r\n" +
"ZWQuc2VydmljZXNjYS5jZXJ0aWduYS5jb20wHQYDVR0OBBYEFEQsKyX8x8zVxVC2\n" +
"HEK7+bOBLoMkMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgDuzdBk1dsazsVc\n" +
"t520zROiModGfLzs3sNRSFlGcR+1mwAAAYbLTxPnAAAEAwBHMEUCIQD16IHX+8+4\n" +
"zWnxIME4rzCgQIA4m5OsEqP6ssgRG5iurwIgdBOGFGlF6+DGPSm5FKuk5ShAA8ZC\n" +
"AE+E27CKLkBTnfgAdgB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+ZnTFo6dAAA\n" +
"AYbLTxRMAAAEAwBHMEUCIDmW9elysDm3zAeIXsgJwmL33EoMTyVhA3ah2jkvMjzv\n" +
"AiEA6aIZXtwk2DnFt+GA6gLr4UgswUCuK4wxheDVwbpSw/4AdgA7U3d1Pi25gE6L\n" +
"MFsG/kA7Z9hPw/THvQANLXJv4frUFwAAAYbLTxXAAAAEAwBHMEUCIQDGuOg7koEE\n" +
"H9K4VkSHaDD9rAndys2BtswdspfRKUFR3QIgVZ7QUX3H56ECuI8wsAkSjBze4lBO\n" +
"RgfN2xh3l9xQOK0wDQYJKoZIhvcNAQELBQADggIBAFQTTtyQSoV4Zq3QYMnb0yEp\n" +
"u6Hwic/wpYN5L0km+zZoHWuf58vfj8Yg/sfKmftGSZHDdc3NfYSVBlT/0Hl4SDhi\n" +
"zHLLyapoX2GNhbg3esu0Y1fch8E16z2A/wAwrFvxI0XrjHpOyDp4CBDYqDADNPiL\n" +
"vlEkiwP6r7WHjUdWRb7W0t75uAkcajn46XKpFmaHHie5KBch+KDGsUionuH5ZW8Y\n" +
"klh2B34uLWcGZuIR7PeCO9+91mbn/bBNeabGC70qMStaB139lp9P2M+l2WpyREUK\n" +
"l7qHwTsrlMmNb8n44zGtY4wL9NSYWTdTfhcU0FAPdPcLlnjoQubJ1O0vPkzfVYns\n" +
"WQrslxoCBor6CL6AYMQz3jbzQ0soD3Reb11+uTngWGJZtx4DT09RFB3a+1rcYjiS\n" +
"ijCBB+Lqx0xfLQnfBv1A0wjNqUY+gyEe0SpXqB4edqy5uaqawRRKMuNSnb2BVz0/\n" +
"keo1Kif/GSak+JUBpJ8hkJWygtrWCETUNfoseQhqo3gism0EGxJ04tBp+DRvfbrz\n" +
"X4aBgALRro3jSIR1Ibp+e0fxePwShy715SF2H4SfjvplTAKq5bwztZtQUkPR6fJ7\n" +
"5xT0f762c1yytKP1rHFMvzl6k7QWvC6zb2FeG5UqXJw3wFxxWsCuAUu5SPFfXdno\n" +
"5lIHTTV5rpZBN+PzTZsz\n" +
"-----END CERTIFICATE-----";
public static void main(String[] args) throws Exception {
// OCSP check by default
boolean ocspEnabled = args.length < 1 || !"CRL".equalsIgnoreCase(args[0]);
// CN=Certigna
new CertignaCAs().runTest(ocspEnabled,
VALID,
REVOKED,
INT_CERTIGNA);
// CN=Certigna Root CA
new CertignaCAs().runTest(ocspEnabled,
VALID,
REVOKED,
INT_CERTIGNA_ROOT_CA);
}
}
class CertignaCAs {
public void runTest(boolean ocspEnabled,
final String VALID,
final String REVOKED,
final String INT_CERT) throws Exception {
ValidatePathWithParams pathValidator;
String[] validChainToValidate;
String[] revChainToValidate;
if (!ocspEnabled) {
pathValidator = new ValidatePathWithParams(null);
pathValidator.enableCRLCheck();
validChainToValidate = new String[]{VALID, INT_CERT};
revChainToValidate = new String[]{REVOKED, INT_CERT};
} else {
// int certificate doesn't specify OCSP responder
pathValidator = new ValidatePathWithParams(new String[]{INT_CERT});
pathValidator.enableOCSPCheck();
validChainToValidate = new String[]{VALID};
revChainToValidate = new String[]{REVOKED};
}
// Validate valid
pathValidator.validate(validChainToValidate,
ValidatePathWithParams.Status.GOOD, null, System.out);
// Validate Revoked
pathValidator.validate(revChainToValidate,
ValidatePathWithParams.Status.REVOKED,
"Fri Mar 10 03:39:51 PST 2023", System.out);
}
}

8
jdk/test/sun/security/lib/cacerts/VerifyCACerts.java
View File

@ -28,7 +28,7 @@
* 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136
* 8223499 8225392 8232019 8234245 8233223 8225068 8225069 8243321 8243320
* 8243559 8225072 8258630 8259312 8256421 8225081 8225082 8225083 8245654
* 8305975 8304760 8307134 8295894
* 8305975 8304760 8307134 8295894 8314960
* @summary Check root CA entries in cacerts file
*/
import java.io.ByteArrayInputStream;
@ -54,12 +54,12 @@ public class VerifyCACerts {
+ File.separator + "security" + File.separator + "cacerts";
// The numbers of certs now.
private static final int COUNT = 96;
private static final int COUNT = 97;
// SHA-256 of cacerts, can be generated with
// shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
private static final String CHECKSUM
= "9B:AF:A2:BD:88:C9:74:05:7F:DD:F3:97:85:21:18:4A:52:F0:07:CC:46:FD:2B:90:BA:FB:57:09:18:3B:66:0F";
= "88:72:92:56:FF:E5:A3:E4:39:98:6D:18:0B:BA:CC:0B:66:CB:1D:6D:52:CE:D7:C8:AD:63:B7:F1:5F:02:24:52";
// map of cert alias to SHA-256 fingerprint
@SuppressWarnings("serial")
private static final Map<String, String> FINGERPRINT_MAP
@ -257,6 +257,8 @@ public class VerifyCACerts {
"34:D8:A7:3E:E2:08:D9:BC:DB:0D:95:65:20:93:4B:4E:40:E6:94:82:59:6E:8B:6F:73:C8:42:6B:01:0A:6F:48");
put("gtsrootecccar4 [jdk]",
"34:9D:FA:40:58:C5:E2:63:12:3B:39:8A:E7:95:57:3C:4E:13:13:C8:3F:E6:8F:93:55:6C:D5:E8:03:1B:3C:7D");
put("certignarootca [jdk]",
"D4:8D:3D:23:EE:DB:50:A4:59:E5:51:97:60:1C:27:77:4B:9D:7B:18:C9:4D:5A:05:95:11:A1:02:50:B9:31:68");
}
};