From 8c4a65b99dca01793faa441a958450dfdb54dcba Mon Sep 17 00:00:00 2001 From: Andrew John Hughes Date: Wed, 5 Mar 2025 15:54:49 +0000 Subject: [PATCH 01/33] 8351098: Bump update version of OpenJDK: 8u462 Reviewed-by: serb --- .jcheck/conf | 2 +- common/autoconf/version-numbers | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.jcheck/conf b/.jcheck/conf index bfeca8f858..93774730e7 100644 --- a/.jcheck/conf +++ b/.jcheck/conf @@ -1,7 +1,7 @@ [general] project=jdk8u jbs=JDK -version=openjdk8u452 +version=openjdk8u462 [checks] error=author,committer,reviewers,merge,issues,executable,symlink,message,hg-tag,whitespace diff --git a/common/autoconf/version-numbers b/common/autoconf/version-numbers index 2db7660362..73a0ffbd69 100644 --- a/common/autoconf/version-numbers +++ b/common/autoconf/version-numbers @@ -1,5 +1,5 @@ # -# Copyright (c) 2011, 2024, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2011, 2025, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -26,7 +26,7 @@ JDK_MAJOR_VERSION=1 JDK_MINOR_VERSION=8 JDK_MICRO_VERSION=0 -JDK_UPDATE_VERSION=452 +JDK_UPDATE_VERSION=462 LAUNCHER_NAME=openjdk PRODUCT_NAME=OpenJDK PRODUCT_SUFFIX="Runtime Environment" From 79124139a676a555511f4365ce6771a7dc920dcf Mon Sep 17 00:00:00 2001 From: Zdenek Zambersky Date: Thu, 6 Mar 2025 11:10:40 +0000 Subject: [PATCH 02/33] 8186787: clang-4.0 SIGSEGV in Unsafe_PutByte Reviewed-by: adinn, andrew Backport-of: 6dc1d8c06d98e127b022886172e16b90bf357c97 --- hotspot/src/share/vm/prims/unsafe.cpp | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/hotspot/src/share/vm/prims/unsafe.cpp b/hotspot/src/share/vm/prims/unsafe.cpp index ef22e4a97c..1bb62d15bf 100644 --- a/hotspot/src/share/vm/prims/unsafe.cpp +++ b/hotspot/src/share/vm/prims/unsafe.cpp @@ -165,13 +165,20 @@ jint Unsafe_invocation_key_to_method_slot(jint key) { #define truncate_jfloat(x) (x) #define truncate_jdouble(x) (x) +// Note that GET_FIELD and SET_FIELD cast the object field's C type to +// volatile at the point of access. That is needed in order to ensure +// that the C compiler does not reorder the object field access wrt to +// preceding and succeeding volatile accesses to the thread flag field +// (made by UnsafeWrapper) which safeguard the field access. See +// JDK-8186787 for details. + #define GET_FIELD(obj, offset, type_name, v) \ oop p = JNIHandles::resolve(obj); \ - type_name v = *(type_name*)index_oop_from_field_offset_long(p, offset) + type_name v = *(volatile type_name*)index_oop_from_field_offset_long(p, offset) #define SET_FIELD(obj, offset, type_name, x) \ oop p = JNIHandles::resolve(obj); \ - *(type_name*)index_oop_from_field_offset_long(p, offset) = truncate_##type_name(x) + *(volatile type_name*)index_oop_from_field_offset_long(p, offset) = truncate_##type_name(x) #define GET_FIELD_VOLATILE(obj, offset, type_name, v) \ oop p = JNIHandles::resolve(obj); \ From 84576a9729a299a3931c71091f4d2f205919fa67 Mon Sep 17 00:00:00 2001 From: Taizo Kurashige Date: Tue, 11 Mar 2025 18:55:17 +0000 Subject: [PATCH 03/33] 8341946: [8u] sun/security/pkcs11/ec/ tests fail on RHEL9 Reviewed-by: phh --- jdk/test/sun/security/pkcs11/PKCS11Test.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jdk/test/sun/security/pkcs11/PKCS11Test.java b/jdk/test/sun/security/pkcs11/PKCS11Test.java index 5fc9c605de..2f53dc1a17 100644 --- a/jdk/test/sun/security/pkcs11/PKCS11Test.java +++ b/jdk/test/sun/security/pkcs11/PKCS11Test.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -90,7 +90,7 @@ public abstract class PKCS11Test { // NSS version info public static enum ECCState { None, Basic, Extended }; static double nss_version = -1; - static ECCState nss_ecc_status = ECCState.Extended; + static ECCState nss_ecc_status = ECCState.Basic; // The NSS library we need to search for in getNSSLibDir() // Default is "libsoftokn3.so", listed as "softokn3" From 7210b971066c424acda13c4b0caa8ebcb063ace0 Mon Sep 17 00:00:00 2001 From: Satyen Subramaniam Date: Wed, 12 Mar 2025 23:08:32 +0000 Subject: [PATCH 04/33] 8346887: DrawFocusRect() may cause an assertion failure Reviewed-by: phh, serb Backport-of: 8eddf67c82a2af4d704c4063ad802640770b3c26 --- jdk/src/windows/native/sun/windows/awt_Button.cpp | 5 +++-- jdk/src/windows/native/sun/windows/awt_Checkbox.cpp | 8 +++++--- jdk/src/windows/native/sun/windows/awt_Component.cpp | 5 +++-- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/jdk/src/windows/native/sun/windows/awt_Button.cpp b/jdk/src/windows/native/sun/windows/awt_Button.cpp index 7d3ba5984c..6c0e0858e8 100644 --- a/jdk/src/windows/native/sun/windows/awt_Button.cpp +++ b/jdk/src/windows/native/sun/windows/awt_Button.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -242,7 +242,8 @@ AwtButton::OwnerDrawItem(UINT /*ctrlId*/, DRAWITEMSTRUCT& drawInfo) RECT focusRect; VERIFY(::CopyRect(&focusRect, &rect)); VERIFY(::InflateRect(&focusRect,-inf,-inf)); - VERIFY(::DrawFocusRect(hDC, &focusRect)); + if (!::IsRectEmpty(&focusRect) && (::DrawFocusRect(hDC, &focusRect) == 0)) + VERIFY(::GetLastError() == 0); } /* Notify any subclasses */ diff --git a/jdk/src/windows/native/sun/windows/awt_Checkbox.cpp b/jdk/src/windows/native/sun/windows/awt_Checkbox.cpp index 913dbaf2e1..f50ddbb5d5 100644 --- a/jdk/src/windows/native/sun/windows/awt_Checkbox.cpp +++ b/jdk/src/windows/native/sun/windows/awt_Checkbox.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -290,12 +290,14 @@ AwtCheckbox::OwnerDrawItem(UINT /*ctrlId*/, DRAWITEMSTRUCT& drawInfo) if ((drawInfo.itemState & ODS_FOCUS) && ((drawInfo.itemAction & ODA_FOCUS)|| (drawInfo.itemAction &ODA_DRAWENTIRE))) { - VERIFY(::DrawFocusRect(hDC, &focusRect)); + if (!::IsRectEmpty(&focusRect) && (::DrawFocusRect(hDC, &focusRect) == 0)) + VERIFY(::GetLastError() == 0); } /* erase focus rect */ else if (!(drawInfo.itemState & ODS_FOCUS) && (drawInfo.itemAction & ODA_FOCUS)) { - VERIFY(::DrawFocusRect(hDC, &focusRect)); + if (!::IsRectEmpty(&focusRect) && (::DrawFocusRect(hDC, &focusRect) == 0)) + VERIFY(::GetLastError() == 0); } /* Notify any subclasses */ diff --git a/jdk/src/windows/native/sun/windows/awt_Component.cpp b/jdk/src/windows/native/sun/windows/awt_Component.cpp index 8bc94bd81a..8c6ecfac5c 100644 --- a/jdk/src/windows/native/sun/windows/awt_Component.cpp +++ b/jdk/src/windows/native/sun/windows/awt_Component.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -4446,7 +4446,8 @@ void AwtComponent::DrawListItem(JNIEnv *env, DRAWITEMSTRUCT &drawInfo) if ((drawInfo.itemState & ODS_FOCUS) && (drawInfo.itemAction & (ODA_FOCUS | ODA_DRAWENTIRE))) { if (!unfocusableChoice){ - VERIFY(::DrawFocusRect(hDC, &rect)); + if (!::IsRectEmpty(&rect) && (::DrawFocusRect(hDC, &rect) == 0)) + VERIFY(::GetLastError() == 0); } } env->DeleteLocalRef(target); From 69d9a2f4bdf1a60e38bda9e69f83c676d963454e Mon Sep 17 00:00:00 2001 From: Roman Marchenko Date: Wed, 26 Mar 2025 14:46:07 +0000 Subject: [PATCH 05/33] 8240235: jdk.test.lib.util.JarUtils updates jar files incorrectly Reviewed-by: andrew Backport-of: 2a791467919c9df9869e6fe1e57df0a5caa90d8f --- .../testlibrary/jdk/testlibrary/JarUtils.java | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/jdk/test/lib/testlibrary/jdk/testlibrary/JarUtils.java b/jdk/test/lib/testlibrary/jdk/testlibrary/JarUtils.java index 8d1e9ef6e5..271fc93bfb 100644 --- a/jdk/test/lib/testlibrary/jdk/testlibrary/JarUtils.java +++ b/jdk/test/lib/testlibrary/jdk/testlibrary/JarUtils.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -216,7 +216,7 @@ public static void updateJar(String src, String dest, changes.remove(name); } else { System.out.println(String.format("- Copy %s", name)); - jos.putNextEntry(entry); + jos.putNextEntry(copyEntry(entry)); Utils.transferTo(srcJarFile.getInputStream(entry), jos); } } @@ -276,4 +276,17 @@ private static String toJarEntryName(Path file) { .toString() .replace(File.separatorChar, '/'); } + + private static JarEntry copyEntry(JarEntry e1) { + JarEntry e2 = new JarEntry(e1.getName()); + e2.setMethod(e1.getMethod()); + e2.setTime(e1.getTime()); + e2.setComment(e1.getComment()); + e2.setExtra(e1.getExtra()); + if (e1.getMethod() == JarEntry.STORED) { + e2.setSize(e1.getSize()); + e2.setCrc(e1.getCrc()); + } + return e2; + } } From b256b1a1ac5603d0103338fa3b00a55d77cc9db9 Mon Sep 17 00:00:00 2001 From: Roman Marchenko Date: Thu, 27 Mar 2025 17:10:33 +0000 Subject: [PATCH 06/33] 8309841: Jarsigner should print a warning if an entry is removed Reviewed-by: andrew Backport-of: bdfb41f977258831e4b0ceaef5d016d095ab6e7f --- .../sun/security/tools/jarsigner/Main.java | 17 ++++ .../security/tools/jarsigner/Resources.java | 2 + .../jdk/testlibrary/JarUtilsTest.java | 79 +++++++++++++++ .../testlibrary/jdk/testlibrary/JarUtils.java | 54 ++++++++++- .../tools/jarsigner/RemovedFiles.java | 95 +++++++++++++++++++ 5 files changed, 246 insertions(+), 1 deletion(-) create mode 100644 jdk/test/lib-test/testlibrary/jdk/testlibrary/JarUtilsTest.java create mode 100644 jdk/test/sun/security/tools/jarsigner/RemovedFiles.java diff --git a/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java b/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java index 667b602dd5..0cfa2c38ea 100644 --- a/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java +++ b/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java @@ -181,6 +181,7 @@ public static void main(String args[]) throws Exception { private boolean hasExpiringCert = false; private boolean hasExpiringTsaCert = false; private boolean noTimestamp = true; + private boolean hasNonexistentEntries = false; // Expiration date. The value could be null if signed by a trusted cert. private Date expireDate = null; @@ -635,6 +636,7 @@ void verifyJar(String jarName) Map sigMap = new HashMap<>(); Map sigNameMap = new HashMap<>(); Map unparsableSignatures = new HashMap<>(); + Map> entriesInSF = new HashMap<>(); try { jf = new JarFile(jarName, true); @@ -671,6 +673,7 @@ void verifyJar(String jarName) break; } } + entriesInSF.put(alias, sf.getEntries().keySet()); if (!found) { unparsableSignatures.putIfAbsent(alias, String.format( @@ -769,6 +772,9 @@ void verifyJar(String jarName) sb.append('\n'); } } + for (Set signed : entriesInSF.values()) { + signed.remove(name); + } } else if (showcerts && !verbose.equals("all")) { // Print no info for unsigned entries when -verbose:all, // to be consistent with old behavior. @@ -951,6 +957,13 @@ void verifyJar(String jarName) if (verbose != null) { System.out.println(history); } + Set signed = entriesInSF.get(s); + if (!signed.isEmpty()) { + if (verbose != null) { + System.out.println(rb.getString("history.nonexistent.entries") + signed); + } + hasNonexistentEntries = true; + } } else { unparsableSignatures.putIfAbsent(s, String.format( rb.getString("history.nobk"), s)); @@ -1180,6 +1193,7 @@ private void displayMessagesAndResult(boolean isSigning) { if (hasExpiringCert || (hasExpiringTsaCert && expireDate != null) || (noTimestamp && expireDate != null) || + hasNonexistentEntries || (hasExpiredTsaCert && signerNotExpired)) { if (hasExpiredTsaCert && signerNotExpired) { @@ -1217,6 +1231,9 @@ private void displayMessagesAndResult(boolean isSigning) { : "no.timestamp.verifying"), expireDate)); } } + if (hasNonexistentEntries) { + warnings.add(rb.getString("nonexistent.entries.found")); + } } System.out.println(result); diff --git a/jdk/src/share/classes/sun/security/tools/jarsigner/Resources.java b/jdk/src/share/classes/sun/security/tools/jarsigner/Resources.java index 48bfe3169d..923897089a 100644 --- a/jdk/src/share/classes/sun/security/tools/jarsigner/Resources.java +++ b/jdk/src/share/classes/sun/security/tools/jarsigner/Resources.java @@ -155,6 +155,7 @@ public class Resources extends java.util.ListResourceBundle { {"history.with.ts", "- Signed by \"%1$s\"\n Digest algorithm: %2$s\n Signature algorithm: %3$s, %4$s\n Timestamped by \"%6$s\" on %5$tc\n Timestamp digest algorithm: %7$s\n Timestamp signature algorithm: %8$s, %9$s"}, {"history.without.ts", "- Signed by \"%1$s\"\n Digest algorithm: %2$s\n Signature algorithm: %3$s, %4$s"}, + {"history.nonexistent.entries", " Warning: nonexistent signed entries: "}, {"history.unparsable", "- Unparsable signature-related file %s"}, {"history.nosf", "- Missing signature-related file META-INF/%s.SF"}, {"history.nobk", "- Missing block file for signature-related file META-INF/%s.SF"}, @@ -165,6 +166,7 @@ public class Resources extends java.util.ListResourceBundle { {"key.bit.weak", "%d-bit key (weak)"}, {"key.bit.disabled", "%d-bit key (disabled)"}, {"unknown.size", "unknown size"}, + {"nonexistent.entries.found", "This jar contains signed entries for files that do not exist. See the -verbose output for more details."}, {"jarsigner.", "jarsigner: "}, {"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.", diff --git a/jdk/test/lib-test/testlibrary/jdk/testlibrary/JarUtilsTest.java b/jdk/test/lib-test/testlibrary/jdk/testlibrary/JarUtilsTest.java new file mode 100644 index 0000000000..241d767c9f --- /dev/null +++ b/jdk/test/lib-test/testlibrary/jdk/testlibrary/JarUtilsTest.java @@ -0,0 +1,79 @@ +/* + * Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* @test + * @bug 8309841 + * @summary Unit Test for a common Test API in jdk.testlibrary.JarUtils + * @library /lib/testlibrary + */ + +import jdk.testlibrary.Asserts; +import jdk.testlibrary.JarUtils; + +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.util.Arrays; +import java.util.HashSet; +import java.util.jar.JarEntry; +import java.util.jar.JarFile; +import java.util.stream.Collectors; + +public class JarUtilsTest { + public static void main(String[] args) throws Exception { + Files.createDirectory(Paths.get("bx")); + JarUtils.createJarFile(Paths.get("a.jar"), + Paths.get("."), + Files.write(Paths.get("a"), "".getBytes(StandardCharsets.UTF_8)), + Files.write(Paths.get("b1"), "".getBytes(StandardCharsets.UTF_8)), + Files.write(Paths.get("b2"), "".getBytes(StandardCharsets.UTF_8)), + Files.write(Paths.get("bx/x"), "".getBytes(StandardCharsets.UTF_8)), + Files.write(Paths.get("c"), "".getBytes(StandardCharsets.UTF_8)), + Files.write(Paths.get("e1"), "".getBytes(StandardCharsets.UTF_8)), + Files.write(Paths.get("e2"), "".getBytes(StandardCharsets.UTF_8))); + checkContent("a", "b1", "b2", "bx/x", "c", "e1", "e2"); + + JarUtils.deleteEntries(Paths.get("a.jar"), "a"); + checkContent("b1", "b2", "bx/x", "c", "e1", "e2"); + + // Note: b* covers everything starting with b, even bx/x + JarUtils.deleteEntries(Paths.get("a.jar"), "b*"); + checkContent("c", "e1", "e2"); + + // d* does not match + JarUtils.deleteEntries(Paths.get("a.jar"), "d*"); + checkContent("c", "e1", "e2"); + + // multiple patterns + JarUtils.deleteEntries(Paths.get("a.jar"), "d*", "e*"); + checkContent("c"); + } + + static void checkContent(String... expected) throws IOException { + try (JarFile jf = new JarFile("a.jar")) { + Asserts.assertEquals(new HashSet<>(Arrays.asList(expected)), + jf.stream().map(JarEntry::getName).collect(Collectors.toSet())); + } + } +} diff --git a/jdk/test/lib/testlibrary/jdk/testlibrary/JarUtils.java b/jdk/test/lib/testlibrary/jdk/testlibrary/JarUtils.java index 271fc93bfb..8062d56d25 100644 --- a/jdk/test/lib/testlibrary/jdk/testlibrary/JarUtils.java +++ b/jdk/test/lib/testlibrary/jdk/testlibrary/JarUtils.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,6 +34,7 @@ import java.nio.file.InvalidPathException; import java.nio.file.Path; import java.nio.file.Paths; +import java.nio.file.StandardCopyOption; import java.util.ArrayList; import java.util.Enumeration; import java.util.HashMap; @@ -247,6 +248,57 @@ public static void updateManifest(String src, String dest, Manifest man) updateJar(src, dest, map); } + /** + * Remove entries from a ZIP file. + * + * Each entry can be a name or a name ending with "*". + * + * @return number of removed entries + * @throws IOException if there is any I/O error + */ + public static int deleteEntries(Path jarfile, String... patterns) + throws IOException { + Path tmpfile = Files.createTempFile("jar", "jar"); + int count = 0; + + try (OutputStream out = Files.newOutputStream(tmpfile); + JarOutputStream jos = new JarOutputStream(out)) { + try (JarFile jf = new JarFile(jarfile.toString())) { + Enumeration jentries = jf.entries(); + top: while (jentries.hasMoreElements()) { + JarEntry jentry = jentries.nextElement(); + String name = jentry.getName(); + for (String pattern : patterns) { + if (pattern.endsWith("*")) { + if (name.startsWith(pattern.substring( + 0, pattern.length() - 1))) { + // Go directly to next entry. This + // one is not written into `jos` and + // therefore removed. + count++; + continue top; + } + } else { + if (name.equals(pattern)) { + // Same as above + count++; + continue top; + } + } + } + // No pattern matched, file retained + jos.putNextEntry(copyEntry(jentry)); + Utils.transferTo(jf.getInputStream(jentry), jos); + } + } + } + + // replace the original JAR file + Files.move(tmpfile, jarfile, StandardCopyOption.REPLACE_EXISTING); + + return count; + } + private static void updateEntry(JarOutputStream jos, String name, Object content) throws IOException { if (content instanceof Boolean) { diff --git a/jdk/test/sun/security/tools/jarsigner/RemovedFiles.java b/jdk/test/sun/security/tools/jarsigner/RemovedFiles.java new file mode 100644 index 0000000000..3e7815c62d --- /dev/null +++ b/jdk/test/sun/security/tools/jarsigner/RemovedFiles.java @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8309841 + * @summary Jarsigner should print a warning if an entry is removed + * @library /lib/testlibrary + */ + +import jdk.testlibrary.SecurityTools; +import jdk.testlibrary.JarUtils; + +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.util.jar.Attributes; +import java.util.jar.Manifest; + +public class RemovedFiles { + + private static final String NONEXISTENT_ENTRIES_FOUND + = "This jar contains signed entries for files that do not exist. See the -verbose output for more details."; + + public static void main(String[] args) throws Exception { + JarUtils.createJarFile( + Paths.get("a.jar"), + Paths.get("."), + Files.write(Paths.get("a"), "a".getBytes(StandardCharsets.UTF_8)), + Files.write(Paths.get("b"), "b".getBytes(StandardCharsets.UTF_8))); + SecurityTools.keytool("-genkeypair -storepass changeit -keystore ks -alias x -dname CN=x -keyalg RSA"); + SecurityTools.jarsigner("-storepass changeit -keystore ks a.jar x"); + + // All is fine at the beginning. + SecurityTools.jarsigner("-verify a.jar") + .shouldNotContain(NONEXISTENT_ENTRIES_FOUND); + + // Remove an entry after signing. There will be a warning. + JarUtils.deleteEntries(Paths.get("a.jar"), "a"); + SecurityTools.jarsigner("-verify a.jar") + .shouldContain(NONEXISTENT_ENTRIES_FOUND); + SecurityTools.jarsigner("-verify -verbose a.jar") + .shouldContain(NONEXISTENT_ENTRIES_FOUND) + .shouldContain("Warning: nonexistent signed entries: [a]"); + + // Remove one more entry. + JarUtils.deleteEntries(Paths.get("a.jar"), "b"); + SecurityTools.jarsigner("-verify a.jar") + .shouldContain(NONEXISTENT_ENTRIES_FOUND); + SecurityTools.jarsigner("-verify -verbose a.jar") + .shouldContain(NONEXISTENT_ENTRIES_FOUND) + .shouldContain("Warning: nonexistent signed entries: [a, b]"); + + // Re-sign will not clear the warning. + SecurityTools.jarsigner("-storepass changeit -keystore ks a.jar x"); + SecurityTools.jarsigner("-verify a.jar") + .shouldContain(NONEXISTENT_ENTRIES_FOUND); + + // Unfortunately, if there is a non-file entry in manifest, there will be + // a false alarm. See https://bugs.openjdk.org/browse/JDK-8334261. + Manifest man = new Manifest(); + man.getMainAttributes().putValue("Manifest-Version", "1.0"); + man.getEntries().computeIfAbsent("Hello", key -> new Attributes()) + .putValue("Foo", "Bar"); + JarUtils.createJarFile(Paths.get("b.jar"), + man, + Paths.get("."), + Paths.get("a")); + SecurityTools.jarsigner("-storepass changeit -keystore ks b.jar x"); + SecurityTools.jarsigner("-verbose -verify b.jar") + .shouldContain("Warning: nonexistent signed entries: [Hello]") + .shouldContain(NONEXISTENT_ENTRIES_FOUND); + + } +} From af6e57b7191ecc23d55658a97228c7311a2c2268 Mon Sep 17 00:00:00 2001 From: Martin Balao Date: Thu, 27 Mar 2025 22:14:04 +0000 Subject: [PATCH 07/33] 8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract Reviewed-by: yan, andrew Backport-of: 8fce5275fc94ebc404a6a37f5ea0407140de63c1 --- jdk/src/share/classes/sun/tools/jar/Main.java | 220 +++++++++--------- 1 file changed, 104 insertions(+), 116 deletions(-) diff --git a/jdk/src/share/classes/sun/tools/jar/Main.java b/jdk/src/share/classes/sun/tools/jar/Main.java index 9208f54bd6..5c70d5818f 100644 --- a/jdk/src/share/classes/sun/tools/jar/Main.java +++ b/jdk/src/share/classes/sun/tools/jar/Main.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -150,7 +150,7 @@ private static File createTempFileInSameDirectoryAs(File file) /** * Starts main program with the specified arguments. */ - public synchronized boolean run(String args[]) { + public synchronized boolean run(String[] args) { ok = true; if (!parseArgs(args)) { return false; @@ -293,25 +293,19 @@ public synchronized boolean run(String args[]) { if (fname != null) { list(fname, files); } else { - InputStream in = new FileInputStream(FileDescriptor.in); - try { - list(new BufferedInputStream(in), files); - } finally { - in.close(); + try (InputStream in = new FileInputStream(FileDescriptor.in); + BufferedInputStream bis = new BufferedInputStream(in)) { + list(bis, files); } } } else if (xflag) { replaceFSC(files); - if (fname != null && files != null) { + if (fname != null) { extract(fname, files); } else { - InputStream in = (fname == null) - ? new FileInputStream(FileDescriptor.in) - : new FileInputStream(fname); - try { - extract(new BufferedInputStream(in), files); - } finally { - in.close(); + try (InputStream in = new FileInputStream(FileDescriptor.in); + BufferedInputStream bis = new BufferedInputStream(in)) { + extract(bis, files); } } } else if (iflag) { @@ -335,7 +329,7 @@ public synchronized boolean run(String args[]) { /** * Parses command line arguments. */ - boolean parseArgs(String args[]) { + boolean parseArgs(String[] args) { /* Preprocess and expand @file arguments */ try { args = CommandLine.parse(args); @@ -586,92 +580,90 @@ boolean update(InputStream in, OutputStream out, InputStream newManifest, JarIndex jarIndex) throws IOException { - ZipInputStream zis = new ZipInputStream(in); - ZipOutputStream zos = new JarOutputStream(out); - ZipEntry e = null; - boolean foundManifest = false; boolean updateOk = true; + try (ZipInputStream zis = new ZipInputStream(in); + ZipOutputStream zos = new JarOutputStream(out)) { - if (jarIndex != null) { - addIndex(jarIndex, zos); - } + if (jarIndex != null) { + addIndex(jarIndex, zos); + } + ZipEntry e = null; + boolean foundManifest = false; - // put the old entries first, replace if necessary - while ((e = zis.getNextEntry()) != null) { - String name = e.getName(); + // put the old entries first, replace if necessary + while ((e = zis.getNextEntry()) != null) { + String name = e.getName(); - boolean isManifestEntry = equalsIgnoreCase(name, MANIFEST_NAME); + boolean isManifestEntry = equalsIgnoreCase(name, MANIFEST_NAME); - if ((jarIndex != null && equalsIgnoreCase(name, INDEX_NAME)) - || (Mflag && isManifestEntry)) { - continue; - } else if (isManifestEntry && ((newManifest != null) || + if ((jarIndex != null && equalsIgnoreCase(name, INDEX_NAME)) + || (Mflag && isManifestEntry)) { + continue; + } else if (isManifestEntry && ((newManifest != null) || (ename != null))) { - foundManifest = true; - if (newManifest != null) { - // Don't read from the newManifest InputStream, as we - // might need it below, and we can't re-read the same data - // twice. - FileInputStream fis = new FileInputStream(mname); - boolean ambiguous = isAmbiguousMainClass(new Manifest(fis)); - fis.close(); - if (ambiguous) { - return false; + foundManifest = true; + if (newManifest != null) { + // Don't read from the newManifest InputStream, as we + // might need it below, and we can't re-read the same data + // twice. + try (FileInputStream fis = new FileInputStream(mname)) { + if (isAmbiguousMainClass(new Manifest(fis))) { + return false; + } + } } - } - // Update the manifest. - Manifest old = new Manifest(zis); - if (newManifest != null) { - old.read(newManifest); - } - if (!updateManifest(old, zos)) { - return false; - } - } else { - if (!entryMap.containsKey(name)) { // copy the old stuff - // do our own compression - ZipEntry e2 = new ZipEntry(name); - e2.setMethod(e.getMethod()); - e2.setTime(e.getTime()); - e2.setComment(e.getComment()); - e2.setExtra(e.getExtra()); - if (e.getMethod() == ZipEntry.STORED) { - e2.setSize(e.getSize()); - e2.setCrc(e.getCrc()); + // Update the manifest. + Manifest old = new Manifest(zis); + if (newManifest != null) { + old.read(newManifest); + } + if (!updateManifest(old, zos)) { + return false; + } + } else { + if (!entryMap.containsKey(name)) { // copy the old stuff + // do our own compression + ZipEntry e2 = new ZipEntry(name); + e2.setMethod(e.getMethod()); + e2.setTime(e.getTime()); + e2.setComment(e.getComment()); + e2.setExtra(e.getExtra()); + if (e.getMethod() == ZipEntry.STORED) { + e2.setSize(e.getSize()); + e2.setCrc(e.getCrc()); + } + zos.putNextEntry(e2); + copy(zis, zos); + } else { // replace with the new files + File f = entryMap.get(name); + addFile(zos, f); + entryMap.remove(name); + entries.remove(f); } - zos.putNextEntry(e2); - copy(zis, zos); - } else { // replace with the new files - File f = entryMap.get(name); - addFile(zos, f); - entryMap.remove(name); - entries.remove(f); } } - } - // add the remaining new files - for (File f: entries) { - addFile(zos, f); - } - if (!foundManifest) { - if (newManifest != null) { - Manifest m = new Manifest(newManifest); - updateOk = !isAmbiguousMainClass(m); - if (updateOk) { - if (!updateManifest(m, zos)) { + // add the remaining new files + for (File f : entries) { + addFile(zos, f); + } + if (!foundManifest) { + if (newManifest != null) { + Manifest m = new Manifest(newManifest); + updateOk = !isAmbiguousMainClass(m); + if (updateOk) { + if (!updateManifest(m, zos)) { + updateOk = false; + } + } + } else if (ename != null) { + if (!updateManifest(new Manifest(), zos)) { updateOk = false; } } - } else if (ename != null) { - if (!updateManifest(new Manifest(), zos)) { - updateOk = false; - } } } - zis.close(); - zos.close(); return updateOk; } @@ -978,11 +970,9 @@ void updateLastModifiedTime(Set zes) throws IOException { /** * Extracts specified entries from JAR file. */ - void extract(InputStream in, String files[]) throws IOException { + void extract(InputStream in, String[] files) throws IOException { ZipInputStream zis = new ZipInputStream(in); ZipEntry e; - // Set of all directory entries specified in archive. Disallows - // null entries. Disallows all entries if using pre-6.0 behavior. Set dirs = newDirSet(); while ((e = zis.getNextEntry()) != null) { if (files == null) { @@ -1008,25 +998,26 @@ void extract(InputStream in, String files[]) throws IOException { /** * Extracts specified entries from JAR file, via ZipFile. */ - void extract(String fname, String files[]) throws IOException { - ZipFile zf = new ZipFile(fname); - Set dirs = newDirSet(); - Enumeration zes = zf.entries(); - while (zes.hasMoreElements()) { - ZipEntry e = zes.nextElement(); - if (files == null) { - dirs.add(extractFile(zf.getInputStream(e), e)); - } else { - String name = e.getName(); - for (String file : files) { - if (name.startsWith(file)) { - dirs.add(extractFile(zf.getInputStream(e), e)); - break; + void extract(String fname, String[] files) throws IOException { + final Set dirs; + try (ZipFile zf = new ZipFile(fname)) { + dirs = newDirSet(); + Enumeration zes = zf.entries(); + while (zes.hasMoreElements()) { + ZipEntry e = zes.nextElement(); + if (files == null) { + dirs.add(extractFile(zf.getInputStream(e), e)); + } else { + String name = e.getName(); + for (String file : files) { + if (name.startsWith(file)) { + dirs.add(extractFile(zf.getInputStream(e), e)); + break; + } } } } } - zf.close(); updateLastModifiedTime(dirs); } @@ -1107,7 +1098,7 @@ ZipEntry extractFile(InputStream is, ZipEntry e) throws IOException { /** * Lists contents of JAR file. */ - void list(InputStream in, String files[]) throws IOException { + void list(InputStream in, String[] files) throws IOException { ZipInputStream zis = new ZipInputStream(in); ZipEntry e; while ((e = zis.getNextEntry()) != null) { @@ -1125,13 +1116,13 @@ void list(InputStream in, String files[]) throws IOException { /** * Lists contents of JAR file, via ZipFile. */ - void list(String fname, String files[]) throws IOException { - ZipFile zf = new ZipFile(fname); - Enumeration zes = zf.entries(); - while (zes.hasMoreElements()) { - printEntry(zes.nextElement(), files); + void list(String fname, String[] files) throws IOException { + try (ZipFile zf = new ZipFile(fname)) { + Enumeration zes = zf.entries(); + while (zes.hasMoreElements()) { + printEntry(zes.nextElement(), files); + } } - zf.close(); } /** @@ -1174,10 +1165,8 @@ List getJarPath(String jar) throws IOException { // class path attribute will give us jar file name with // '/' as separators, so we need to change them to the // appropriate one before we open the jar file. - JarFile rf = new JarFile(jar.replace('/', File.separatorChar)); - - if (rf != null) { - Manifest man = rf.getManifest(); + try (JarFile jarFile = new JarFile(jar.replace('/', File.separatorChar))) { + Manifest man = jarFile.getManifest(); if (man != null) { Attributes attr = man.getMainAttributes(); if (attr != null) { @@ -1198,7 +1187,6 @@ List getJarPath(String jar) throws IOException { } } } - rf.close(); return files; } @@ -1304,7 +1292,7 @@ void warn(String s) { /** * Main routine to start program. */ - public static void main(String args[]) { + public static void main(String[] args) { Main jartool = new Main(System.out, System.err, "jar"); System.exit(jartool.run(args) ? 0 : 1); } From 535e6215cad8f52a36002ed931273cded219d99f Mon Sep 17 00:00:00 2001 From: Sergey Bylokhov Date: Tue, 8 Apr 2025 19:01:35 +0000 Subject: [PATCH 08/33] 8351439: [8u] test/java/util/TimeZone/tools/share/Makefile use wrong path to tzdb Reviewed-by: sgehwolf, dcherepanov --- jdk/test/java/util/TimeZone/tools/share/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jdk/test/java/util/TimeZone/tools/share/Makefile b/jdk/test/java/util/TimeZone/tools/share/Makefile index 69c4838efe..38891ad89b 100644 --- a/jdk/test/java/util/TimeZone/tools/share/Makefile +++ b/jdk/test/java/util/TimeZone/tools/share/Makefile @@ -30,7 +30,7 @@ # make install # -TZDATA = ../../../../../../../src/java.base/share/data/tzdata +TZDATA = ../../../../../../make/data/tzdata TZDATA_VER = `grep '^tzdata' $(TZDATA)/VERSION` TZNAME = africa antarctica asia australasia europe northamerica \ solar87 solar88 solar89 southamerica \ From 5b97474a9ec27e0d56715d90f3b20cdedbeaad43 Mon Sep 17 00:00:00 2001 From: Andrew John Hughes Date: Fri, 11 Apr 2025 15:35:06 +0000 Subject: [PATCH 09/33] 8353433: XCG currency code not recognized in JDK 8u Reviewed-by: mbalao, syan --- jdk/src/share/classes/java/util/CurrencyData.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jdk/src/share/classes/java/util/CurrencyData.properties b/jdk/src/share/classes/java/util/CurrencyData.properties index 89b2437c69..f1d746b3a7 100644 --- a/jdk/src/share/classes/java/util/CurrencyData.properties +++ b/jdk/src/share/classes/java/util/CurrencyData.properties @@ -192,7 +192,7 @@ HR=EUR # CUBA CU=CUP # Cura\u00e7ao -CW=ANG;2025-04-01-04-00-00;XCG +CW=XCG # CYPRUS CY=EUR # CZECHIA @@ -507,7 +507,7 @@ SR=SRD # SVALBARD AND JAN MAYEN SJ=NOK # Sint Maarten (Dutch part) -SX=ANG;2025-04-01-04-00-00;XCG +SX=XCG # ESWATINI SZ=SZL # SWEDEN From 55273f7267b95cf38743bb32ea61a513fbafb06e Mon Sep 17 00:00:00 2001 From: Zdenek Zambersky Date: Thu, 17 Apr 2025 10:45:12 +0000 Subject: [PATCH 10/33] 8293107: GHA: Bump to Ubuntu 22.04 Reviewed-by: andrew, sgehwolf Backport-of: d7536588b38e368eaa6395bcbcc6724a39303fc5 --- .github/workflows/submit.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/submit.yml b/.github/workflows/submit.yml index 89ce1a6b95..c62e269426 100644 --- a/.github/workflows/submit.yml +++ b/.github/workflows/submit.yml @@ -19,7 +19,7 @@ concurrency: jobs: prerequisites: name: Prerequisites - runs-on: "ubuntu-20.04" + runs-on: "ubuntu-22.04" outputs: should_run: ${{ steps.check_submit.outputs.should_run }} bundle_id: ${{ steps.check_bundle_id.outputs.bundle_id }} @@ -115,7 +115,7 @@ jobs: linux_x64_build: name: Linux x64 - runs-on: "ubuntu-20.04" + runs-on: "ubuntu-22.04" needs: prerequisites if: needs.prerequisites.outputs.should_run != 'false' && needs.prerequisites.outputs.platform_linux_x64 != 'false' @@ -191,7 +191,7 @@ jobs: linux_x64_test: name: Linux x64 - runs-on: "ubuntu-20.04" + runs-on: "ubuntu-22.04" needs: - prerequisites - linux_x64_build @@ -308,7 +308,7 @@ jobs: linux_additional_build: name: Linux additional - runs-on: "ubuntu-20.04" + runs-on: "ubuntu-22.04" needs: - prerequisites if: needs.prerequisites.outputs.should_run != 'false' && needs.prerequisites.outputs.platform_linux_additional != 'false' @@ -464,7 +464,7 @@ jobs: linux_x86_build: name: Linux x86 - runs-on: "ubuntu-20.04" + runs-on: "ubuntu-22.04" needs: prerequisites if: needs.prerequisites.outputs.should_run != 'false' && needs.prerequisites.outputs.platform_linux_x86 != 'false' @@ -550,7 +550,7 @@ jobs: linux_x86_test: name: Linux x86 - runs-on: "ubuntu-20.04" + runs-on: "ubuntu-22.04" needs: - prerequisites - linux_x86_build @@ -1584,7 +1584,7 @@ jobs: artifacts: name: Post-process artifacts - runs-on: "ubuntu-20.04" + runs-on: "ubuntu-22.04" if: always() continue-on-error: true needs: From 5e59411bd3760a4c54bd52d301d882e4a9f5aab4 Mon Sep 17 00:00:00 2001 From: Taizo Kurashige <103394724+kurashige23@users.noreply.github.com> Date: Thu, 8 May 2025 10:06:42 +0000 Subject: [PATCH 11/33] 8026976: ECParameters, Point does not match field size Reviewed-by: phh, mbalao Backport-of: 55f5542ca2104df91e14693534cc7b3c36e81953 --- .../classes/sun/security/pkcs11/P11ECKeyFactory.java | 8 +++++++- jdk/test/ProblemList.txt | 2 -- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java b/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java index 7c3b93e040..1fc4517219 100644 --- a/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java +++ b/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java @@ -294,7 +294,13 @@ T implGetPublicKeySpec(P11Key key, Class keySpec, try { token.p11.C_GetAttributeValue(session[0].id(), keyID, attributes); ECParameterSpec params = decodeParameters(attributes[1].getByteArray()); - ECPoint point = decodePoint(attributes[0].getByteArray(), params.getCurve()); + ECPoint point; + + if (!token.config.getUseEcX963Encoding()) { + point = decodePoint(new DerValue(attributes[0].getByteArray()).getOctetString(), params.getCurve()); + } else { + point = decodePoint(attributes[0].getByteArray(), params.getCurve()); + } return keySpec.cast(new ECPublicKeySpec(point, params)); } catch (IOException e) { throw new InvalidKeySpecException("Could not parse key", e); diff --git a/jdk/test/ProblemList.txt b/jdk/test/ProblemList.txt index 0d432b16a2..6da2ef5df3 100644 --- a/jdk/test/ProblemList.txt +++ b/jdk/test/ProblemList.txt @@ -277,8 +277,6 @@ sun/rmi/transport/tcp/DisableRMIOverHttp/DisableRMIOverHTTPTest.java windows- # jdk_security -# 8026976 -sun/security/pkcs11/ec/TestKeyFactory.java generic-all # 8180837 sun/security/pkcs11/Secmod/AddTrustedCert.java generic-all sun/security/pkcs11/tls/TestKeyMaterial.java generic-all From eca7a305e1df50eaf459dcf43448d0ef911da5cc Mon Sep 17 00:00:00 2001 From: Roland Westrelin Date: Tue, 13 May 2025 07:22:11 +0000 Subject: [PATCH 12/33] 8071996: split_if accesses NULL region of ConstraintCast Backport-of: d4d8ef4585c1c6192fe35524faa6c6961d1e7a64 --- hotspot/src/share/vm/opto/ifnode.cpp | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/hotspot/src/share/vm/opto/ifnode.cpp b/hotspot/src/share/vm/opto/ifnode.cpp index 51579032e3..01e7a77057 100644 --- a/hotspot/src/share/vm/opto/ifnode.cpp +++ b/hotspot/src/share/vm/opto/ifnode.cpp @@ -145,10 +145,18 @@ static Node* split_if(IfNode *iff, PhaseIterGVN *igvn) { Node* v = u->fast_out(k); // User of the phi // CNC - Allow only really simple patterns. // In particular I disallow AddP of the Phi, a fairly common pattern - if( v == cmp ) continue; // The compare is OK - if( (v->is_ConstraintCast()) && - v->in(0)->in(0) == iff ) - continue; // CastPP/II of the IfNode is OK + if (v == cmp) continue; // The compare is OK + if (v->is_ConstraintCast()) { + // If the cast is derived from data flow edges, it may not have a control edge. + // If so, it should be safe to split. But follow-up code can not deal with + // this (l. 359). So skip. + if (v->in(0) == NULL) { + return NULL; + } + if (v->in(0)->in(0) == iff) { + continue; // CastPP/II of the IfNode is OK + } + } // Disabled following code because I cannot tell if exactly one // path dominates without a real dominator check. CNC 9/9/1999 //uint vop = v->Opcode(); From 656b3cfda2d349e8198ee4058d17352887d948f8 Mon Sep 17 00:00:00 2001 From: Alexey Bakhtin Date: Fri, 16 May 2025 18:11:02 +0000 Subject: [PATCH 13/33] 8186143: keytool -ext option doesn't accept wildcards for DNS subject alternative names Reviewed-by: yan Backport-of: 0c9f8e472f1d452e97b3cbd50b9e5d700fffcd15 --- .../sun/security/tools/keytool/Main.java | 18 +++-- .../classes/sun/security/x509/DNSName.java | 39 +++++++++-- .../x509/GeneralName/DNSNameTest.java | 65 ++++++++++++++++++- 3 files changed, 109 insertions(+), 13 deletions(-) diff --git a/jdk/src/share/classes/sun/security/tools/keytool/Main.java b/jdk/src/share/classes/sun/security/tools/keytool/Main.java index 00287e7b4f..9c04e60589 100644 --- a/jdk/src/share/classes/sun/security/tools/keytool/Main.java +++ b/jdk/src/share/classes/sun/security/tools/keytool/Main.java @@ -3982,9 +3982,10 @@ private static int oneOf(String s, String... list) throws Exception { * Create a GeneralName object from known types * @param t one of 5 known types * @param v value + * @param exttype X.509 extension type * @return which one */ - private GeneralName createGeneralName(String t, String v) + private GeneralName createGeneralName(String t, String v, int exttype) throws Exception { GeneralNameInterface gn; int p = oneOf(t, "EMAIL", "URI", "DNS", "IP", "OID"); @@ -3995,7 +3996,14 @@ private GeneralName createGeneralName(String t, String v) switch (p) { case 0: gn = new RFC822Name(v); break; case 1: gn = new URIName(v); break; - case 2: gn = new DNSName(v); break; + case 2: + if (exttype == 3) { + // Allow wildcard only for SAN extension + gn = new DNSName(v, true); + } else { + gn = new DNSName(v); + } + break; case 3: gn = new IPAddressName(v); break; default: gn = new OIDName(v); break; //4 } @@ -4249,7 +4257,7 @@ private CertificateExtensions createV3Extensions( } String t = item.substring(0, colonpos); String v = item.substring(colonpos+1); - gnames.add(createGeneralName(t, v)); + gnames.add(createGeneralName(t, v, exttype)); } if (exttype == 3) { ext.set(SubjectAlternativeNameExtension.NAME, @@ -4305,7 +4313,7 @@ private CertificateExtensions createV3Extensions( oid = new ObjectIdentifier("1.3.6.1.5.5.7.48." + p); } accessDescriptions.add(new AccessDescription( - oid, createGeneralName(t, v))); + oid, createGeneralName(t, v, exttype))); } if (exttype == 5) { ext.set(SubjectInfoAccessExtension.NAME, @@ -4330,7 +4338,7 @@ private CertificateExtensions createV3Extensions( } String t = item.substring(0, colonpos); String v = item.substring(colonpos+1); - gnames.add(createGeneralName(t, v)); + gnames.add(createGeneralName(t, v, exttype)); } ext.set(CRLDistributionPointsExtension.NAME, new CRLDistributionPointsExtension( diff --git a/jdk/src/share/classes/sun/security/x509/DNSName.java b/jdk/src/share/classes/sun/security/x509/DNSName.java index edc4677170..0be1f22403 100644 --- a/jdk/src/share/classes/sun/security/x509/DNSName.java +++ b/jdk/src/share/classes/sun/security/x509/DNSName.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -69,9 +69,10 @@ public DNSName(DerValue derValue) throws IOException { * Create the DNSName object with the specified name. * * @param name the DNSName. - * @throws IOException if the name is not a valid DNSName subjectAltName + * @param allowWildcard the flag for wildcard checking. + * @throws IOException if the name is not a valid DNSName */ - public DNSName(String name) throws IOException { + public DNSName(String name, boolean allowWildcard) throws IOException { if (name == null || name.length() == 0) throw new IOException("DNSName must not be null or empty"); if (name.contains(" ")) @@ -91,9 +92,26 @@ public DNSName(String name) throws IOException { if (endIndex - startIndex < 1) throw new IOException("DNSName with empty components are not permitted"); - // RFC 1123: DNSName components must begin with a letter or digit - if (alphaDigits.indexOf(name.charAt(startIndex)) < 0) - throw new IOException("DNSName components must begin with a letter or digit"); + if (allowWildcard) { + // RFC 1123: DNSName components must begin with a letter or digit + // or RFC 4592: the first component of a DNSName can have only a wildcard + // character * (asterisk), i.e. *.example.com. Asterisks at other components + // will not be allowed as a wildcard. + if (alphaDigits.indexOf(name.charAt(startIndex)) < 0) { + // Checking to make sure the wildcard only appears in the first component, + // and it has to be at least 3-char long with the form of *.[alphaDigit] + if ((name.length() < 3) || (name.indexOf('*', 0) != 0) || + (name.charAt(startIndex+1) != '.') || + (alphaDigits.indexOf(name.charAt(startIndex+2)) < 0)) + throw new IOException("DNSName components must begin with a letter, digit, " + + "or the first component can have only a wildcard character *"); + } + } else { + // RFC 1123: DNSName components must begin with a letter or digit + if (alphaDigits.indexOf(name.charAt(startIndex)) < 0) + throw new IOException("DNSName components must begin with a letter or digit"); + } + //nonStartIndex: index for characters in the component beyond the first one for (int nonStartIndex=startIndex+1; nonStartIndex < endIndex; nonStartIndex++) { char x = name.charAt(nonStartIndex); @@ -104,6 +122,15 @@ public DNSName(String name) throws IOException { this.name = name; } + /** + * Create the DNSName object with the specified name. + * + * @param name the DNSName. + * @throws IOException if the name is not a valid DNSName + */ + public DNSName(String name) throws IOException { + this(name, false); + } /** * Return the type of the GeneralName. diff --git a/jdk/test/sun/security/x509/GeneralName/DNSNameTest.java b/jdk/test/sun/security/x509/GeneralName/DNSNameTest.java index 490c8f534d..be7f082e70 100644 --- a/jdk/test/sun/security/x509/GeneralName/DNSNameTest.java +++ b/jdk/test/sun/security/x509/GeneralName/DNSNameTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,7 +24,7 @@ /** * @test * @summary DNSName parsing tests - * @bug 8213952 + * @bug 8213952 8186143 * @modules java.base/sun.security.x509 * @run testng DNSNameTest */ @@ -53,6 +53,23 @@ public Object[][] goodNames() { return data; } + @DataProvider(name = "goodSanNames") + public Object[][] goodSanNames() { + Object[][] data = { + {"abc.com"}, + {"ABC.COM"}, + {"a12.com"}, + {"a1b2c3.com"}, + {"1abc.com"}, + {"123.com"}, + {"abc.com-"}, // end with hyphen + {"a-b-c.com"}, // hyphens + {"*.domain.com"}, // wildcard in 1st level subdomain + {"*.com"}, + }; + return data; + } + @DataProvider(name = "badNames") public Object[][] badNames() { Object[][] data = { @@ -65,10 +82,34 @@ public Object[][] badNames() { {"a."}, // end with . {""}, // empty {" "}, // space only + {"*.domain.com"}, // wildcard not allowed + {"a*.com"}, // only allow letter, digit, or hyphen + }; + return data; + } + + @DataProvider(name = "badSanNames") + public Object[][] badSanNames() { + Object[][] data = { + {" 1abc.com"}, // begin with space + {"1abc.com "}, // end with space + {"1a bc.com "}, // no space allowed + {"-abc.com"}, // begin with hyphen + {"a..b"}, // .. + {".a"}, // begin with . + {"a."}, // end with . + {""}, // empty + {" "}, // space only + {"*"}, // wildcard only + {"*a.com"}, // partial wildcard disallowed + {"abc.*.com"}, // wildcard not allowed in 2nd level + {"*.*.domain.com"}, // double wildcard not allowed + {"a*.com"}, // only allow letter, digit, or hyphen }; return data; } + @Test(dataProvider = "goodNames") public void testGoodDNSName(String dnsNameString) { try { @@ -78,6 +119,15 @@ public void testGoodDNSName(String dnsNameString) { } } + @Test(dataProvider = "goodSanNames") + public void testGoodSanDNSName(String dnsNameString) { + try { + DNSName dn = new DNSName(dnsNameString, true); + } catch (IOException e) { + fail("Unexpected IOException"); + } + } + @Test(dataProvider = "badNames") public void testBadDNSName(String dnsNameString) { try { @@ -88,4 +138,15 @@ public void testBadDNSName(String dnsNameString) { fail("Unexpeceted message: " + e); } } + + @Test(dataProvider = "badSanNames") + public void testBadSanDNSName(String dnsNameString) { + try { + DNSName dn = new DNSName(dnsNameString, true); + fail("IOException expected"); + } catch (IOException e) { + if (!e.getMessage().contains("DNSName")) + fail("Unexpeceted message: " + e); + } + } } From 176d674745b33f86d810732c13465279a5aadeda Mon Sep 17 00:00:00 2001 From: Taizo Kurashige Date: Mon, 19 May 2025 13:45:52 +0000 Subject: [PATCH 14/33] 8296631: NSS tests failing on OL9 linux-aarch64 hosts Reviewed-by: phh Backport-of: 6e1aacdfba5a32f7b071eea8039888d275827e83 --- .../pkcs11/KeyStore/ClientAuthData/cert9.db | Bin 0 -> 36864 bytes .../pkcs11/KeyStore/ClientAuthData/key4.db | Bin 0 -> 53248 bytes jdk/test/sun/security/pkcs11/Secmod/cert9.db | Bin 9216 -> 28672 bytes jdk/test/sun/security/pkcs11/Secmod/key4.db | Bin 11264 -> 36864 bytes .../sun/security/pkcs11/Secmod/pkcs11.txt | 8 ++++++-- jdk/test/sun/security/pkcs11/SecmodTest.java | 2 +- jdk/test/sun/security/pkcs11/fips/cert9.db | Bin 0 -> 28672 bytes jdk/test/sun/security/pkcs11/fips/key4.db | Bin 0 -> 36864 bytes jdk/test/sun/security/pkcs11/fips/pkcs11.txt | 9 +++++++++ 9 files changed, 16 insertions(+), 3 deletions(-) create mode 100644 jdk/test/sun/security/pkcs11/KeyStore/ClientAuthData/cert9.db create mode 100644 jdk/test/sun/security/pkcs11/KeyStore/ClientAuthData/key4.db create mode 100644 jdk/test/sun/security/pkcs11/fips/cert9.db create mode 100644 jdk/test/sun/security/pkcs11/fips/key4.db create mode 100644 jdk/test/sun/security/pkcs11/fips/pkcs11.txt diff --git a/jdk/test/sun/security/pkcs11/KeyStore/ClientAuthData/cert9.db b/jdk/test/sun/security/pkcs11/KeyStore/ClientAuthData/cert9.db new file mode 100644 index 0000000000000000000000000000000000000000..f701c4fc2d42210759727d0cb29fb7b7dedc9a06 GIT binary patch literal 36864 zcmeI52UrwG8-RDO7r2!orx@YX5TwcOH4aoF>KRZ35mB1r0S970qJRdC1r#JiiCChE z4UH{I1b@Ze6&v;%QBkafpdk?yev@C$ZCQtNFo+q=NWKHR^?mCK;J9u(w4MDVqcwMAEz9|QmuXzO~so87NcjFS6^RkOAc|-vLQo#273(+kqy#@$b$TQ z0)n)#hJOBj1AKk@4U>8G^&dLSS*9bwN`X}lRt1#l2pB`bC=J}zz+DZ!3$tjHFi^oj z4FfkAXkg$D104(^LEuiSA`Ky}k%T%Z(ohf7LXl7nMM6Ck2^CQ!)I^a`6-7c_6bY44 zWE2dU<{8>YYnB^iTC<$iET=WgY0Yw4vz*o}r!~uI%?i4#f-b9|%PQ!y3c9SCPF2&X zYC2U-r>YI9v}QG}*^SOgQ=({0a@t-w3Cqf9d*yVS6?D9Uj#tp}N;*bK$0(T?Sc{T` zwJ2#aN}7z4)~}@XE9v8)qRXo2vMRc)ilz#5lBAr1l`|r2y#~gTbml0%N}*J!Ukqum}0J>Xv zQI8W1P!tjk!eQJyTmh#Yy8}KN8v`TX)RLAWn#{43NX*+Rv@};rB$xz5OF*i5nhDk> z3rIAiw=Ma{_e~415|EpPV{5TcSPX3H$7LT_w&bJpF2b}$oty@(divQdA-MMe?tXwo z@L66$#E1v^)jJ&Q<1)WotPhAQcG!BQ$Bcr_U82WLS||Qhf6TriA0PAm$)oatYWu=- zt5dF?6uII%x<3i;eW=DAhc{9%e5OkHhwPs9mh3*&)^4}RFH3Sib@skK$Cb6=+0ywA zJ~wBywEK&x4eBq#swF=yc-XPm&F@D)td$BM+^)FA=^S6lcMWoR7I^!=Cls5iC(gt^ zy)irVRQ7h?%>jwCZnGX_Jzqbic=d&Krd>TvSL1aRss6tVzjtV%t98+=tnATylDA#u zj$ArFHEZ9x!uQ5}8$7&{clX)0vcB_GqjMHoU4HPa?w#{rxbfMQcFBXnLms<_;QFO% zx6P+6R@K~oI@H_Sbn$^@U#%5>6z+r1STVidT)B8&>32^9Yx&k|L|HMrLb|05{b}x& z3ZlPnC~v^1P5Q)jt{G`PFC~6f-9K3I-P{G(C%^cPJuE%rJUY0bsPw(iiYK#1Tc>=y zsc@rb=bFL}oX7DY=@|+sbKKHW1b^tby{-Owvh8u(G-%)8C!0c3CtTk0O~c0J)4LU( zAJOu-6*_U9RHlyOBl992-E&?2l*bJZ$lp8g$`13J$G?-GOH5iE<1+94^3)Xq>8P(y zcboj9ZT>j*vN-ASuEClWQM+2& zogbVLR++mx-K~&UX%##FQIyhpbH@p*^A2~Pt{=RAx-eovm)*yo2IX zu1iMwOdGzt-YGIuYgX2!(e5B#YLkB=twAgP%mUrlpIa=!0!v7g&KPh{$Ik}#3#45S z*^ZKsCOmc!hi$=4NzzY{v$)vK0drh&m<6ms%r+1Usn;#?>e0)2Z` z>8#~sI-ZfoX5lQxD$$n=Mrnm*>fK4ecK<&>#=peXwsQI{=2*QQ}RzTZKMU+_F|51 z`emzx$>Z*Z^LE?c`tjZk6Romb$gQ4uNtHK!&XzrR$qlw5px?$L8os?2!IEKa4ae_X>i^d@|$H{6>P^? z_Lsd@D*K0Z{GlR#TiBVfY2NnsJ1#9u4a)G4u3xAd!#b$%yGi9*BdrK)xTx^?_5Puy z&mRpdSX5t{Tw?O|$|u?nu}-UEw7;IXbz;nbyu!eJQ@RaZRl0TiIs0WAmnq|Y2afGx zB8cifV&OH(J7c@`vma1hJ$b}rkJCGo&P#3_>eOehe;yf7aG>fxc4j<}pXS*e=$&VK z9do|uK4*ZaWb+5v3pV!UsDo?HXY`J(&WzX?9qn30Ic1e4@ZA5Plu>?fsvLVT-GT-EA7Ry}uvin*6W!=(kY4dh{Rcw1`5I_H2CriJ(g76hVSj}43q}=NG z%41PgnF96{=vJ+;EGx{iHH-g?|2YbXG5&`F{s$-1Dxozkdp`%boj1d&rLQ90RdVR7 zG^D#+11>P(?n`}(BEws@1bV7L80pRO!v5;l`AcIQSV@oZO$%zKF1EY8?)JHvDZ=n5 zZcb;x^KI#|H689c?Xi;h-SEhczjrgxroyvsKvJ)=QDnk4BEDPdV~Ik^kVc-=}UgODMIyGvDK& zMNCY1WNhWr%k}PK)?FAAR-yY`^Wx6I6Ft%bSNA+0d{TO2w!bK_mRIL@Br*R-znnXL zJU3WvPY`eH^mzV@#VhvOPYXPGf7B|ok|OF#cIFFLi<8&z#b);>AF>;`^7|!ww*>7; zvW-h}!%vSgf44zv=oQieSj}e`jvb7Tszj*9{-RZ~yQ+$5CNDV_YWh`}tvinH4uNt9M%N_{t6lA%6G}4jFzvHg*-0SJtxwACvY?|n<-K7uxJ4O8x(C|5D z$=*{%wy`;>6TZ#WPEDI}rl|K1tKKc1)MJFv5$c6qb@*wk{l;DC zzg9o_v&`9!!ZvY+-~Y2PqJlULe)E4!Tp)^w4MZNXgqTNUz12g2lp_L&03v`0AOeU0 zB7g`W0*C-2fCwN0|2hJEwmJNhh?v=mn5~f63YaY)-lKTc%?OyrF?yqdV#BmoU;nSe zi2s5+09T2hi95tu;ux`?*iLLF*8S@a12Py9Km-s0L;w*$1P}p401-e05CKF05%?Pk zFjxPty*t3<;|bYTI6dVOmx%fJ;9K@G7N-X90L@b0K)(z!b0)fvNr_o~C0(5orE@ zFqDI9-}t@?H2*(z@?abq^L}Xle>j;hn*SfZ4°>Vdg{(ft2t{(m(8 zKNk9i{+WvA|Nmp}NkH@eqxt{Q{Qrilb2R_|KYjlHQ22)fc>Rw{yfN@W3nG9BAOeU0 zB7g`W0*C-2fCwN0hyWt+S^_gw;^udrw#?n;{qAq;J?E!Eovq&QZtQpQmcJYQ+g}3A Hy!ZNlT;&TO literal 0 HcmV?d00001 diff --git a/jdk/test/sun/security/pkcs11/KeyStore/ClientAuthData/key4.db b/jdk/test/sun/security/pkcs11/KeyStore/ClientAuthData/key4.db new file mode 100644 index 0000000000000000000000000000000000000000..3c489989b0a7dbd518219864414651a692a6d327 GIT binary patch literal 53248 zcmeI52UHW?+O`uy@4fd(7YH2$se<(0QF@gwARr)yUIeLDP?{i8Z1mogA|gmpr1##X z3Ft?nyn5b~1Dy4p|6k`@D-$yFWS+h6xpPfsPiFRH(9u$L@U&sHb-n6r;mIffAOrw` z0BJ@>004k}_{2MW9u4S+0qW6l~g zl+%`%(UoV^m627IXFQtA$nIdxsHv@_CZlb{s3LE~sHd)^r6`i1KlSYXdPTn3#aEuJBd%Ti|zu@=NOHYWqF^G%HR< zRzq9&ETaYF@Oil2Ecg$f0o}q;d2Dx za|D0Qfh|Q40$Yk8oQxoxj38WJ5Uwu>Uk^g?xqpnwppz^@Qi;8zG+`mYdX;a3QIx4%NzTmBWoi2e#;Sbv6aKEJ}>)!?Ll z&HY_X_>XF^Rr0fd$ZroKM;?TK`#lVg{2qo!We>wY${sEFaPE=c!|-UqhvCtJ55uDc zABM1x8qC9C2>ZPK3Sl3*U!nEy(B^k&`&S76(EKcG`P+^q%#O8?1;pAC0^txqL8rLL z^sgGm-&?R5-|rZ7xJSW+?N!hYpFn~=Scvy?0t=A?k^qvxKNE<-06~GMr1<#6f6tK; z3*rL~ANcqH06sBs2rhs)#4X7G=y6p1Fb^yCzZvkJ13nzq2LXXk0LCz(!-_?)W0u6r0Pf8CYV7Mz)F<&$ z7l%YdnOAxi^`TvUnBW^xo&AEy z(UO=E(B`4ANMYN@#jhh9+KP&JcWYA~Ji&6iqy)VAC{QkjA1Ch1=M9}r4C*ZG2-|Wa zFjRXj=H)EG1yy5o1=Bnm*KFQUsCc()^y&pefzL6C0RMf}D-9Iy&zc)PFaE-6Ji8oX zPVMEB_u`o(-PaeCs7p>pL7@T^KmZUD1muCRqvLRfDTZz10ddiQAP5yIDIXv}(eHJ3 z*I*}sd3{OM+1e)%6%-&4H3$gMk~C_#D_(wuWDrO2$^*75nvWUVIltkLHC`AcsS6Nl z7Z>Xd?G;JFKwYra`mg~iuE}0W^`@enSGHyS@JzzOQ!`l9HJtj@mFeBgjll%3VZQ*G z_u})_5jVy-^xQg=QK4gA&X-~f2#tsU*ES56^S`I|NsGoqs!gR0l+8K5px=+`-ugll zRXRzcmDIM3^EKzuwIIHwl5^1Llv`FksLKdLCKM ziFSO~w{~}jblBd=$v&$3@U}WmNmgS)l+x8P@bF8rOq%2#~YF~-ydbz=hFLmw4Lw;`%%NogD zPwA=orB{y=@KIko`)UyT4vAlCNu?!E&DZtF4{d$gQu09B z;HU3 z;gn(Cj9p(o+jRb13gp~QzcBfhAYWdn-k#M$?swLC&hyKk7=SnWhfR#|Qlg<6S1E6Z zwaG4pk2j7I1408yN@JzU^b-a~)$BIDY@$~)~#2az=40?t3$Im)LhqMG9tbp!RLM@#2C{8$kCZgwGy+k}#( zU_wo2ndw?sMpe9{fBL>q37uH&jCjk6-oI|OV><0#I=xX!w0@8gsk#jivbLmL*j3h2 z7JNggZtO!DufoCBAbCJnx-cFsAZSt`Q$nUA=tuBCNp8mwE&h_I5xN)eGD`f+K5xL- zj>t@aH;@JS(;&&jj(tH&HxIA2TdvwzAEL7|q(Qr5}B|T;fo~zNNgp zL|*Fchm6UA-M6cCyN6y+`Tg`=FPGAyl~S%3-DQ}^#r};J|MtGq!t1_*)`{8jpb+xB zGXioOEOv4evWsdik#yieNt2>Qib%C+-AiJdC1+$*4AZhCgj$n$s;p7HISW2At7&bp zyDyeJaQ^6czrFqTT!1c1;>#B3^_e8U#fJk2VehLtAKs_3l&Em={Jya!m2K~}IF}tS z(SF#f1A$>oD5u*KK@aytP#>u1(c@^>^Pkxhb^Lu#l&4ayww!0|d$s3f?%uQ1K=6xB zgFp8~FSyXSgzz}sEz`_qCU`S8(9tewT%bWJ5FlM_Yo$AX=Xe4 z`U?Jgx3g@+w02|j-;;1_@n9{vCxT|F5N(8c=HdR!-7{+kB;=gsA*>BVu+^scg!z8n zUJwO4YIYt_gTEB|cwHnXY`~W2_H?f^-EAP= z0s($6v|O%E?=$n=Xpyi6h%SPq@{X$S^v|GsEU2jjuW+{ni-^f)!aATZrCIB$AyFjsxD=CbSm&ST(L3$CCz7nraqg=AK&YzgN@>Kv z_t8_CI7t9RSYEt36&MOv9hKG|H(Ye1C6X!OmXJ7rXv~}9H8Xf~s)H5c;(Pn(1gh9h(1?#3KSI?gjUKLeohrRBzo=^dPlGYwxY{|mDn2*smHRzz_mz1G zuo!%^Xa!8~VR~*3P55bD;*NCQM78uwDbn z;y}^NY$*E3s{GGwB;PR9WIjG4NaO|jJh@%MjFljDA=TB4vNPBXq zn2t1Q*e6!Fst9A3E;~;QH(y6LSuYi#m3_y!=U7%@rWank82j@~4L*m;l0ix*I)tk9 zBvYl{qf3nx?w4X~>uG6~e8B5)Rj;Dlp)`ijrFjnsR~7Wv_L^qxUN26mv@Tn#bJI20 zW_=4PFh=+6yHFSA9+zF6RKJid+k;Sb_+0j*Plx=m8My5UdbP z6AT@O$N@T7Lf#y1ds%f1ds%f1ds%f1ds%f z1ds%f1ds%f1P~HH1p$C)un{V31cHrFKp+6t&*T4o0KqQ78o?aF7(qY6>d2W$0!RW# z0!RW#0!RW#0!RW#0!RW#0!RW#0!RY?jRY`2#IPR-qy3tq{+fb*O;ON6#8`)UlU?7Jr67K?C_t6$Jj6Y% zr-EA$4VKt-iKmQc2&49>PL}B@o^78w5)rx&X-$@+)s|zR;av2@#*L}Lt@FAKI+21d5AwsB( zImW{+`l6eJX}ZLM4XFkI0Tb)cpxD@cDzbowE7&WRC@5@%C_qLCHag}{85FEPV^l`Q zT)Im-#`d5o+o+rpa;@apr?W|}Lv7Fn*UOCJxqfe;U$BE;C!F zVpE3~$%!*GW&dxhGI?G;(Q+44)mr?@}8Ryv{`CIPc1KPm1wft6N^%2Q= z41+wMzKYqQDL}!b$Ga3fh0DU|ybGn*Uy`?Jk}Ahc9^TX3>Y&Tp>UC4M`>U|Kmt4b6 zbP0L1Z;`<9)RDtJ&Z$+0elPqW5%#Gut;m!TsT zZ=Y%kCT`=)qGR~Zcb3B1jn3!^%z_0r)_R%IPj)G} zmrG5{MZpv9gJzecLIZWjnnpm=*G#btf+8M3*@4W7DWn z9sQkuyygqdvmjvpElXqajRJ8-R*oRnBaJqqNi|~S!9|K*Bo5dhg~=G5O26o zL}L6J1I?^FV3tHwF;W zjTzI?G%jSs6}l+-47%K}MeSuUr*?*d@s4+SnwIF9y1xG%xd93a+~C)jy!gaZd3IJ& zmZ@AiFWOIfJR7Ju(Pfd{Wu*g>sfoba@fu5#%vlB?fb;rKw|- zW5>({(*~%m__|uN`7Y}Nks&A;=UA7gYKhSO2P1AbJi7F;5|@qPJ2?hON}pX_5>ZSg~nc@#fyG<^z7kg@mByLB{tJJudh8 zM%0tA3$1h|pIoe z61d_Q{T3pWQ0;`9{Cq45mpA%Vn;oR{v zB`a99;KU`h;C!o~v=0n1wWKl|9A6w{(ZKl(1*0D8@>DI+&7wB}<`WHJjXvdgrccM@ zwZ?xCYk`urV*0ZolO1EhC%ViC9g2%v{?Yd=xEezwh2q=Bo|s)u?9iG?ejU!^l`ET2 zFz9%fr)h~QRJg{^Yj!J%Pbl#; zrX@n3UIXtzpk7bW%PpRI`3}>y(6!F#5kLjzwiyEN+^jj#W#|_oE`Sw=Iaq77wRsBa zBc}MSv-aWQnz!PE!=rL+O4#-PoH!T&91MbSf<}TYf=~imf{O&~1X%d<`0w!Z@ni5^ z@HOxu_(XW?c-?qKc*%Iz@C@)o@u+aW;SS(d;ilr=z%|2_#%0Du#hJ!w!Fh&r3&#aV z6Nev%^pC@SWQZhyB!DDpy3$Z2zjua$FX220_;5ue#vlvJhqjS?j;* zG98zNFw%o$;H>`a%d`5cGQ+WH2tA^-o5v48us!elj8bXaI{Z}s}Kh?2m z2qmKQ@7_U*W780FMCsrCVPwaq1xb%f3qwebOAA>NADgxyIyNmvcx+mf08#q)>2>^L z(}H-%rG+85$EAfVagI$}U>}~n z9FPQ%1ds&&{}M3cM57agVjgwR$ToeA`VzMejGIVURP7;_$*(TWg-Afy(Q$tLWC#}x z2!c?dl5V;(CeJdzp?RSbPl9QiQA;|OFNXpIq7qh2E;!LTXKIiPEA9=yyoS8`X!D5|YN4M!2Ylk- zi~4E%`KXkOe$+W;K@U(q^D5!BtC-#V_V1v~?8lls%`ZQ2p|Wh>UHjQVUjcXQ&$4hm z?T<<;B8xHuwpLcm-5Z%b(d38$$7Aigz#j7SN6As^AByhe^+2By(|dsmXU?;H_)G_7 zW9F8Dr?FY@gSh#z{!^|CkAq2)V#g^ZBCl&M^2J` z=R0Uv$;&wIBaKOABX6+Dm_3AoX^(e#8kRW}J9<8qlr0}^+cmdCAC0JR-F?mcW-@Vdh`o%e zW2NUrm%ScumK6d=-+cW3ELi(f4gixx1k#;)$x|=BKYm)qE)fc*LFn@LRTZaT$!%}+ z3Me_g0uqM88rm7YgP+8@=2G)dZv%xejb=M!F z%TLoLtjR8;w-G#sf~k*pc^a1Dvs%In57#tsrOpU|^&}E5{REqEUF#M&S@d6XWrQ++qJw^U;fxd6mq& zFFp~~9CeIc40ikv0`UNF2eHZyC&&Rw07>9q5{SV7L4l~G`1r(sFG5Nzhz~e?;Nt@T z_{78^xB%i1w;=zc$5HXaJgnINX25$6_;6Ss1cd#2517#51kt@ffUp6UJp8*8uqS-S zWEFocahghEaL#;slLBjMWOfLZ&S@TlSC4y3XXIOpK;G)LU_j(RxN%!liE5#iYsd)7 zRK#|U-R3ybR#Ztgptt{zQEeFLiN9M3i}@XHg&8<%bEr5!Kl*SnUf8_2<#Y zw~B^k6NJoTlgN9fwsvSc?}%W4=2<*dE*UL}83An`3X2rBeO&xHvZ1Z0hc180sV>{Ax)XEG{u%***wYyqJW5#ZW}!E*lh)IMp^cu2LWw1KiY z#~1YbQQcc#Xrf9dNwkvMmT|u3Ji69|+WgWK*F&hKJF53{07@z-I!yCC*sj1yaF`@R zjZM(3S})DiEVaw9CY<%kY*KK3MsxZdF`D*5PSUw}@ePK1ip=b!{vyK}1EIMQ#Sirp zw@P@=Y0CObJ8E+>&Q_bUNzz%A$0f!Uu6i(~L!iY7fbmEqPeqPz-Yk=xlj$ZQFnqxL z(HaH}8bQw^%Q?}G@A}s6?vM`K8#&oWRUh6~$0^BbEQpdiZc-0Jx;f*lyi951UX8?D zdo}lvuvx&-SAM2cp>N>uUK!oxcy+l;Tt#0L+0W~Qs@!v|u<@iUTheM@iRgN{!HO?+ z?Z!iXZxG8G$z4zBsrjW>j}!7nblTKQ$0{XiNqNee^g`+wRoVM$5c>{^UusFEB~Q)Q z^~euxecDp;K-%D^?|XS@7dxx>z?s7CP2H zdgzd+JgaA^u`}V6Vcv{gUq0J({#**=+)lqR`IaDGUZ~!l)k5xf)_KnJ%bys4H~NQ7 zjPO#Tp&C~yZ-}+YE`^UbjuHbx14&9_rONePqx+~aRsPwwBK&;AW;*4%$Q(n^3%7PWk9OlUSoByFsv#g0*UFM~{}3+|}Jds;Lk zpB;9faWk`;s4N>$*GsXcx_Z;w?sKZXE5U!bsb^v-2Y3+QG^@?MnxdG~oiyKiWCUrz)bF;}&%T^`=Kl=REva z5c_U+A&c9DlBHlmO=p?uT3AL^yrX~mzEBCBSnZ5>%ZlE=Zna}N?Or;)QA)IakP)f6 z4G^-nq+Hll)>0OHL#b};Lm98a!PX#oKv%jj9xWhfQXo@8rX%P_@IXm!#}F<4lBf~7 z7wN`&4?Jy+ODM^ zeY#xYP{h8ayu3tS>g|V&$${Ost984FUQhY`^j$BP(xR18t{2^9n8(HbjTZm*zSF|% zzJk_?+47(e^1L$wavLmmauc$PYA%s<;6X`~qD6{GwP@W-Vw)vrWK;~(vLu9BlX$AE zQN1|}J~FFmZLqs9mOOC&=y<=q{q|gdE=%Ie7U=bvB)`Rn0|#O6t2!Uvr?Ql&aPj=U zu_l#m@3lCW9WT*-*s248VN58e+Y><#_e4-1sOZt-XxHo zo!)2WyU`+H4G>)fOXVF^-|3%0_gGL<30~oD2^JBP&4w+Nz4T=dQxASVE`2@$S9-;E zq~=~hJTV}+B6Ao$P~fbKpDXR|{;e(mH$v6h>TOmktxt_iud0V`EYeapH8eNCRf)xu zgo|PZP1IYvT1vClRYRgk=y53~->}X<&!czRcTXf)o#Wh9{ee(b*Ok(Uf$yWIGI5ds zh_JkPbt*6vt~x5MJ#M(@MoT19!Yv_j0MVE?#cO8p=2QnO#Krga(Ft5@yygnR9zdvC zFH*m=?JdsyL79URq+ahvy_rn`SAEStn)=Y2E1=I_iSemrW%_J|f~Zelk@_{YrTI!v zY%1JXp`Z~THGYJuQ5rp5@j6v{VSZ87{GSG6z;U&6a8-P6)+_gW-0my$5@0d-X3+|m z-oy0V9GdXcy2KsnyoqY*m&h%=l)><88v*_|Y$NagzKtNd58I#HNWNjH$$Wf9kjM-4 zd2+ji87o2RLaM77X$|awHflA2SZ0Y#70t_OgO8PSATpMO$#0qOnJV4Tuh`|X43j4s zX8Kp#h#lc{@W$Fi1aC;qI@q6<;(T@J*>(KAJFWEX8|wp6ZOH zFv?k0wkT+i7DJG8+g{Sw+02MKP3n~umZ8z%H713(z9Ua~Tk)6El>2(PI%tArE+br* z25Q|@kcR6*v04uW%&0;H_?R1Z;p>uQi;JR?*@?b}PG0gm->r6*erzY_koM=(7d5(E z^xKG%8;2-kYJG+fs@{67lR9r2pW+v3PYxB+ktPlM#0pmxVeHan=ZWFw>*yxyr6RPl z?-=(S%PP$D!iyJUf1atq=TKQPNa;j}P?er!s?>XQsgc6{QfzHKEv=Fdcpa|lRg^oF z2J+0&w)c!<$u-!{VYZw#zRA7+DxfAy^RWjD#3_9LWse^!LRE)>^|H})C%*@)l5G-~ zY2Ldu?*ZYeg8tfG)2!X=#VM86WovbAx(3^cZUPva6Ho7qVr05ULKJ z%lA6KeO7I`Dr(0|6x`a=v{b!eP!eD@tuH=V<6O5@>T^;XQW+59LbhIJnOn+&Nu z%Cm33>U>eBRD*9Lu;YIebmhb2|HBb-KoUR_KoUR_Koa=33B(Yfo$lKf?A%x=;ONX) zkpIz={xe4;U59f2aBd9Iopt~Gw)NbbhMeiWbT^7$$A@!ds$`96Jg;l8y-iD~zj*8{ za>S1}$*JL8mUdko;&FekNKD`{xrs^-c+KwLNwh`9S(Sssl5(MfNrR8yKa8H@c@!HC zszqQAx$||G@k{6xY(py(1Gw^nV_0ab*Sdw$0&l&n1il*p2^fugw?$!<^yhXtqzcxU z-PE|6`D39a?fx*?Rqq;Q%`X1J`q|{juUhJ)=osQ(Y}3?)!$Y6UDiYfa7nj=Ukvy27 z@wRIKZu&k*j$)p4AzGy$6}>t6TK;T32B*!GuQOUsmLHP<&&bD5U%O%qGxI-oEE?G? zDe9+)Yg~zauB0%=+(r1V=C)(aZZz!MVh~Um!O_j636_*yXl-|&rH%MotVvExQ|CU| zH;f=4W_~0WBZ?UGx|&f^67G&wh7uWR#XIiRgXvTu3n~h!z~DR&aXR!W%_#+ZosBcI zjxj1vo7Lxw)-p2%Y8$q&Xb9dHMo0N%?%)l22}XHo#wT zC3m}H-=NZ&pVEId;7or19Sb}I#;%2Z@N#T3Rgzsx?p%(K`@n_gc+Co!CU0cBogd{GEeNx2 zJAKxws@_~%ve?)cMtlxoexR)R9{FC=%_l=!U7yMCg}W@4!N5TyoT_L(<;L@O-C@pE z6#4!-->ALckuyrY)7#*)n%RRL5pmb0uagl68wJxVy6>QLG_@)gXY za~GOp<5~9fqrlkrSwEeN=uhnC1z9MtYiUQV64Pc{#6xk5Mb6053O|?P9`{%Mwrryj z@Zj#M^uzc&^wJkZtj5AOs;{vbJ8)Se_Pv?Og#8`I&@^Snu*=lOO9!BKNt+k zYHMg(|1`DZD^H#Wz7UpZ)+h!N>d_xea1x~TK{M0aUBvfQ=rJ}7R>q6-njqjPQ&>;) zFj;U^eO6F0zAi{Hj~nS*-(y0JU8X&#ni@rzh1mDI@*?bSQ4ZD*905T)iucGq{UFTx z>09IV+^zB@ygd&iqp<~Z-fh>lS`$g?ucRcFfe+lCVOiJWP9uGj2NCQR{PT#b2Mb-IsH} z(8&JkThWANO|B+N5C?WAR!hxjRox7wdix6FmB8hanF|r=+)c(iq+r?&je?I@CCRzA zo(XnSsRQJg(^89*QY;5Mjukm9&xt_~STw1ZwZBn5uTo*s(W<=6yphvN!pqI>qg4dEz%rQ;qPhZHVaf z8~f?p-QMU7boPsUcva^Ic6+l+^}$3szd71y{oJQovG7Su`cQ~VUS2cXOAia@c!SAv z>eY)8qpfd~Maa-?&vQK%FWnV)e6=r97P?f;ftJc^y=xTMZ1b7WhuCKG>tJNYP}HyE zf7H|Mk^bMFBkTP89tqJc-T&MprM@Gu#Zgh;<*1Y9P8h?n(QV|c*!99YUzMJxFNC{)03tk2otmZROpYYWs`#!>R(F5Dc}9MK z4)$ST4;-(z&@W1tNPbP(r}1U>Is2uWhT-f)lJj*9O&8>tr(M!H>kOB+SoEjv?JpVqs#T8bXdK^1=>@6cfRNc=Xh-{)+4gsS^LP+7Oex^gLK_x)C%>gjff z=NZ9O`xb{>ebgEhg4|^{$qllJUww+E6qjTKG2dKfpQV A&;S4c literal 0 HcmV?d00001 diff --git a/jdk/test/sun/security/pkcs11/Secmod/cert9.db b/jdk/test/sun/security/pkcs11/Secmod/cert9.db index a202bea21e99c8063fdce58c3fedff9c29bcc306..b823a79864fa955eb0c458e52a17be72a40bc339 100644 GIT binary patch literal 28672 zcmeI4e{54#6vy9>u3guyT?Se4N9-dJ!w7- zQT!3<6voCzFro$nOiYLfQPc$q#)z^IBZ(oHOe6%NBogGO(IBYAc<*_yKj=o{KaL+c zFMGG=o^#Llp8M(DOWOC+C3V%&ctmRL>h1`}B{x^h@jN$Ak~oeN=xL#6>d2#pDb=B` ze3pGXQ{d+K@{1fdICH^y&i1?Gi0va=yKNTj;DH2?01`j~NB{{S0VIF~{zn4y%x0(4 z#WzJeTO!YeR|KOiojpB^6QNi%Y^kUZ_!|OJRZV4JsRS{pwnj?FrI|sQC}mINfkGoF z#DbwnEIq<}ivq-Q72IW&CbRP)7yk_8_as8?k#Ib%kavrM5zW<*iCpFv&CUl>>xlOB zBqH5u5z{RqdN5bRCztir@)oDd#c%3}2Sc$)Iz4R&hE9Wjesv(5L$pO&Twk@wU*9Ax z3^YlNHC1(u0X9QLZOww}s)`25KfkuVVYU<`^pxqT(9_Lqa4?U|Tt3$Iv91rgY=}=~ zjm8=eYrL%Sv8J3gLDqz5Qw~x@Z$XhT4VmckFcq0F8JRF0nJ^)lFeRBVDVZ=WnJ_V# zgjs8pr`HF{if)6l0?G;~E1;}^vI5EqC@Y}shFmw~x*^vMxo*hyK-2?K4@5l>_2^Mh z_JFb%Mgk=nFe$KJg|J)&)~i6xZt%Oo?*_jL9u+*Q;bF6=gw3J?85PK=ps#|y3h#pk zxf9!sss>M{UTUW5rDkd@HM7R1CZ^t0z0^!iOwH89 z)J#oGO}5oo4b)`&%`n-fGt8EZ8OfNfX%jY$J~osoC&bEW(SoEUL`az|n4JL^&*_(z zRWbUBet9qv?}GmF^#Ap8Ic6f{YcIW0_-|0AcQGL~1 zyzlIxEvJ82H0Q>N_!z%3u_?Ga*6{kk&V0YDm40!0`tbe_ig$XyD?i%&+LwnG44xJC zyzieg5FEWZ@`>xGv4^j%_5aNOQTEN@wU4_5|HZ?*0zd9swXN=I>C5jv+V z@zL3h8wQ4Xb~}*c`<~`sWZX)*{+Zm=WZSf?RVUljtln)*M)r0`4(SPoQF5PBH!Y=O z&5Fnx(knbgdifE-G{0-<5mIEf&RYNE`s+nJZ_49HOfDvNv)E`dPq8$1uITJ~wln3) zALp@*^AwEp*v5Ipw1+(6EFv0F6)!25y_&b#StPTrW^^aHn&fac4L*+(lS3Ry_6x}* zcc-_KAkxj0T^@b2L|Ru(@#f1focMF>%=$fFo!hFeUNAdwaAaBgm5p<+s$)AZ-4re~ z%-T}9uI}?wU+=B#*Q$4%>HE9exr9vV<{f>59o1w1e0+S_U*}F*-<(mh{p}Oe-xwTh z-!gRV!S6RF+E;G<@XYF0_S^cK-ui9I^z#F|M@OXt!}xgs^Zy3UvB5EPKP(W}fCP{L5)%(gguLY z=RW__=l`$c^Z)n!KEeec0VIF~kN^@u0!RP}AOR$R1dsp{&I&d3j7Nqb{%B^ delta 293 zcmZp8z}VoS5FF@}S(2)dmS2>cSfXIez{0@D$l#!$z`(%32*jKd73_r>8FWAHUHlW%cLPCm+SjO1$UOaMPpLQwz! diff --git a/jdk/test/sun/security/pkcs11/Secmod/key4.db b/jdk/test/sun/security/pkcs11/Secmod/key4.db index 222adb32286ad793715fbbce368af63e54ba48f5..8ddfc4c0fa6122eaeec290dce20624107aa725a0 100644 GIT binary patch delta 2473 zcmb7E3piA1A3tZ#+|A4xvvx*`87WOjXAB}^nWRr8C6^*4p+Z)lOPf?2dxkOv6#bZSt>6@XRwst<>^S$qRpYxvc|DFH;_rCA>{UQ%W zUPrN<9PRx=eObqYf&;xmSzLe$fFNMaVgUdE$p;~oWu*xLhGuv&JO|*3JV50SxIraf z#Y=@r>?QJu1!bz}38;*P9)L08vKfqI7bYNSAV4M5WO2X2??Gh~g>VX&7@&%?(&y z-o7SWW9}C2`>C-=9c~vjGfZi6s(AST$npWINC6e;dtOWA?0`5MPza*cC=>c@yF_OYzK<|DR!Ko3$oUo%qwd?E+Mox7`VhGNI(EYgyjeutD+ZU z7c)x+Nf;19R-x6(WWmy18B@m`I%hF=leIR|{NXQ9Acz*m_0p#uBW=>8i}OO~{bPQM zc_+=!X`BcbtajoSB+0@pQwI(Ctqe(^tAoHM#G)YMwjkZPDfO&XH>l@3_flH4%l32$ z&hB9K&KA=N^_h_lmntjYyE&`J9q#AZ);zgV+tE3W>AEmrCbsVhU%S3y3U*8W=Dak+ z(Jd=4-|Fa1_x0)_XA&~cC54g zV^0G~3j=9x8iUXIrMZK{t)!^0?vPw>SoGv*9x57N@7mF+FVQh-U)AbaP-xd!F1q_$ zhgtt(ZwrgF^?+U%aN9?BNcv&fw^duZ1uq^7s?!NAec~g1ae6ibulN6BsjQc#8u{L^ zS@(3|gT#35q!Zg4JY*YaI@`CawD?SAboqB_lE&h_FB0Ot2t|9+a4v3UWB1qjrGP(c zZ9a3VZmKOu7o+C4$M3PyvXkOJ8)~kb@BA(Op5P#(*UI=RRJFX?)r`H&f8F`)TLYy1 z=h@-YmZVp@mKlwiSnea?hKdsCNju5phD94YBF&`T^5M7+a}!I~=16+vP%&pF7B?NG zU$-`!*ApAYR$A7W`rt;^k<9p*q$^cMxz^h?<}b1YORLrKx#z}V0@BRg}>z)tC*Z$9p;~1-}LL1ISZLtL?ydDTbsrkWr)aAGi5yjSz+})h=f~C-$Am75gP~eKnb~dM zo&R}h3Dxb60d7#Z7LBorQUgN#PIw0RhI=BW=01q`F*DC)V>dEFghJ%7084o5Mi>gR z583wqk%X9_S%u>X6$w}=^R;d@CwNf3rfJ}ww&abD5CI?}zoWw{Oflk_Zjn)vx3?u>GXJ^tc3^y!eekxE5NGCbC5HJuPJ{ zCu&t5Brs)3!|OjuBzW+`x+?8kT_vsyMc-2S4fW5$S70faC8G#vR>;+fJ*~xaFpW2l zYt4?17>Qv1X=USb=}WtxnxEPe1BE&$4FBzBdiw^4zT3?$AMWPLG~3+vkxM)t4`SUs zI%=Qd@6U=ag$cx)ek3t1$#m&K?eACMxlFVEGg|B9XvHF-3!1Ny9UjfL?#%D6?b@zo zx(1U&$h8*gfGgAd+inV!9C~N;)O2Ls(AI!-$;|KKPkq>Gys@iy1f21x`e(&Xte*c# z^Jw!XHAZyJF!B8P1T0(MqLjdS!OlNQzID%6f3)^;p+bBZ_#6PAgKcSfXIez{0@D$l#!$z`(%31jO7E73_tX7<51GUDI0YBytK7gtnd>@(l| zgWHdBvJY?JWMw|F$$NRzCcE%Wp8SLFl&p?IqJ;q%7y_Besiwvz#%7k92vfy)nKm%6 zGYK*xToRKX@{1!m9y^l@>?P*;49xR4Hcn+$ zjb~()HEHB1NGvWc&o4@`>D_;#{rRFFF&YO2R6_YLtniwA*}!J9puDj0*WI314@arJ zsr(Y&;Mn!=NgTJw4<<%N7J)rV*SAhIne)q|=fn~Yw}81IpE5FkVPO8UvGEl%4>z+c HC(L*N&4_g- diff --git a/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt b/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt index 60cc1c5655..bb4679f459 100644 --- a/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt +++ b/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt @@ -1,4 +1,8 @@ library= name=NSS Internal PKCS #11 Module -parameters=configdir='sql:./tmpdb' certPrefix='' keyPrefix='' secmod='' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' -NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) +parameters=configdir='sql:./tmpdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' +NSS=trustOrder=75 cipherOrder=100 slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM askpw=any timeout=30 ] } Flags=internal,critical + +library=libnssckbi.so +name=Builtin Roots Module +NSS=trustOrder=100 diff --git a/jdk/test/sun/security/pkcs11/SecmodTest.java b/jdk/test/sun/security/pkcs11/SecmodTest.java index 6ff6dd29ac..700632d84a 100644 --- a/jdk/test/sun/security/pkcs11/SecmodTest.java +++ b/jdk/test/sun/security/pkcs11/SecmodTest.java @@ -34,7 +34,7 @@ public class SecmodTest extends PKCS11Test { static String DBDIR; static char[] password = "test12".toCharArray(); static String keyAlias = "mykey"; - static boolean useSqlite = false; + static boolean useSqlite = true; static void useSqlite(boolean b) { useSqlite = b; diff --git a/jdk/test/sun/security/pkcs11/fips/cert9.db b/jdk/test/sun/security/pkcs11/fips/cert9.db new file mode 100644 index 0000000000000000000000000000000000000000..247bdad0abc24512deadc67d6f0c427d9cc9c56d GIT binary patch literal 28672 zcmeH~%TC)s6ozdsp&~-Ci>fX%%ciQTneioNQxU+GB4`3>kjkP$c4DMJ0F@+C-=Mon zeUrXK-=+I*y6l|eu?=jx>L&Uv`S8!>{B!2>5NSS~9#7_(xV*c+N#??Hb{yAr_JnX8 z$2ISUd5dS=h_#|&{?hor9@lwu^nGjlk5k+H<ekzJb~s~)X_98saz^cu1CKp*@LGp!wZ@C4`-$^si}WfR%}a;%M-F!MsfUuP)mg1I zo)`O=%w~)1zBE~TWRed)^@vpKYv0{yG@I_Xn|YE>vogIDE7oV&**}gSa+r+8$)Nkb zGdLGV@wqtbbx+S?TH&DIdw1MD7>dq*e=vM45@}v#UTt2FGtkn~Yj)P`tl3$!vu0<_&YGPyJA0h#ajwU?9_M>RRln`bg5 z#h5hjS4+y(ykE^Vd))7FzsLPP_xRl7+a6lQm$Zt{WPB#$v%k;&K7WURa|6x|I5%Lb z##2hIXmKm4`iOcZPab7~=X(K7u#zTNNvm5)C0I$jwUV}MB@wlfu;!BaSXrepDcf76 zg%8r`ljIZHRSoT;hOnyF$f8~&i@8QVm|HAtdW(9EEEYDhSlGy7VI%3NQ4L1Yd9#uZ zot5KCW|h1wB_Eo6Zd#R-QaR%wk>ga#mRhMb;->55KP{i9=0<;!EarFIz9|2%FH|X4 z%}?z!`nlbrutNb42!H?xfB*=900@8p2!H?xfB*=9z_Jq9q>bVJzpS4Z`vL(F009sH z0T2KI5C8!X009sH0VaU^KMn#2fB*=900@8p2!H?xfB*=900=BU0o?zW{~Ke6AOHd& z00JNY0w4eaAOHd&00JO@`#;VA2!H?xfB*=900@8p2!H?xfB*E z!$abd7Ntm_A_SsBIU&ITdg5rIP;_+{1 zXTCf8*-e{Gr9OXgrZ@D=t842k?$ETgoTlsA8Pn7>Ew0{a^$uT#DiYy_`qX#S`;~F+ z%=$NFSBm;vCRFtJi7Yh33 z@uA!4dn?}1J?jqL@H5qDHEWAabFo&RX_{fLd9>Fx7h2P^wbm8$Li38bG&g;5scFv7 znT`3mb2HP8MYGjhn5i|ICrtH|>5B9}tkP2{Bi|_KT5q-My*YTTuXeWGjo}(^x5NCl z46AhAF!K4L{vr=pe#Px|R|kWI_1^35&>IUDH$8W@dD-Nhw1jAYdDNA{DxFDk#wE_^ zyB)6|4Ka3Q@XkFMcIjNg$R951ZGYJtotM4kVU&^Fl`-&l?@5tDmKt#*e<(bg-e9od ztw%A5T`~UNJtaF4@1PS8U~ zaReR3VHt;I9L{$*-{I>}=DB5_TjsfCR#lloSdtDNl(hOP^$H%m?3HcDF4KUZqya%m zM-NI`LQvA#1|^+xP?Bg+602XbPf$kFSSsj^rd4)Kqf6osn2gpi8Lpuctyh)ddQ};Y zRppMc;el0exL#F;2UcZxU{!_(RwdnPv<6ku{T7sT(*jX$;%EvG}v z>6Ts5?Fdn_V@Cej;(mWHM&H408P)V`pQ682#;M6sgBJuK009U<00Izz00bZa0SG_< z0;4LBp%cUN|EOMGoEHQj009U<00Izz00bZa0SG{V1@Qcj8vz0kfB*y_009U<00Izz z00bZ~`T}_VAN^~LGlT#HAOHafKmY;|fB*y_009W#`5*TH1Rwwb2tWV=5P$##AOHaf zKw$I*@ccje*BECA0SG_<0uX=z1Rwwb2tWV=5TO76U!S<7sV}@B009U<00Izz00bZa z0SG_<0ucCb0-I07k_G45qp!My!5eGq-Os<1N0uJ>X}k9EFYg`y_OH{Y?_PggY+e(q zM*7&+`K^cJdU9O2q8@D?5aon<^Wh73-hKOnKc2q#Ng!ElphmIi^E3xrLFV27f Date: Mon, 19 May 2025 13:46:16 +0000 Subject: [PATCH 15/33] 8278472: Invalid value set to CANDIDATEFORM structure Reviewed-by: phh Backport-of: 2426d58e592c54de64ebe0f06448d239aeced082 --- jdk/src/windows/native/sun/windows/awt_Component.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jdk/src/windows/native/sun/windows/awt_Component.cpp b/jdk/src/windows/native/sun/windows/awt_Component.cpp index 8c6ecfac5c..c4dc99cf20 100644 --- a/jdk/src/windows/native/sun/windows/awt_Component.cpp +++ b/jdk/src/windows/native/sun/windows/awt_Component.cpp @@ -3862,11 +3862,11 @@ void AwtComponent::SetCandidateWindow(int iCandType, int x, int y) HIMC hIMC = ImmGetContext(hwnd); if (hIMC) { CANDIDATEFORM cf; - cf.dwStyle = CFS_POINT; + cf.dwStyle = CFS_CANDIDATEPOS; ImmGetCandidateWindow(hIMC, 0, &cf); if (x != cf.ptCurrentPos.x || y != cf.ptCurrentPos.y) { cf.dwIndex = iCandType; - cf.dwStyle = CFS_POINT; + cf.dwStyle = CFS_CANDIDATEPOS; cf.ptCurrentPos.x = x; cf.ptCurrentPos.y = y; cf.rcArea.left = cf.rcArea.top = cf.rcArea.right = cf.rcArea.bottom = 0; From 73dca05a92e7751006622c33335540300bb2bb4d Mon Sep 17 00:00:00 2001 From: Kazuhisa Takakuri Date: Tue, 20 May 2025 02:08:02 +0000 Subject: [PATCH 16/33] 8248001: javadoc generates invalid HTML pages whose ftp:// links are broken Reviewed-by: phh Backport-of: bb95dda0ac5032e4df582f2903dcbbbbaef9e8c4 --- .../formats/html/HtmlDocletWriter.java | 3 +- .../TestHrefInDocComment.java | 4 +- .../javadoc/testHrefInDocComment/pkg/J1.java | 75 +++++++++++++++++++ 3 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 langtools/test/com/sun/javadoc/testHrefInDocComment/pkg/J1.java diff --git a/langtools/src/share/classes/com/sun/tools/doclets/formats/html/HtmlDocletWriter.java b/langtools/src/share/classes/com/sun/tools/doclets/formats/html/HtmlDocletWriter.java index f0db283c28..76229a1f7b 100644 --- a/langtools/src/share/classes/com/sun/tools/doclets/formats/html/HtmlDocletWriter.java +++ b/langtools/src/share/classes/com/sun/tools/doclets/formats/html/HtmlDocletWriter.java @@ -1725,7 +1725,8 @@ private String redirectRelativeLinks(Doc doc, String text) { if (!(relativeLinkLowerCase.startsWith("mailto:") || relativeLinkLowerCase.startsWith("http:") || relativeLinkLowerCase.startsWith("https:") || - relativeLinkLowerCase.startsWith("file:"))) { + relativeLinkLowerCase.startsWith("file:") || + relativeLinkLowerCase.startsWith("ftp:"))) { relativeLink = "{@"+(new DocRootTaglet()).getName() + "}/" + redirectPathFromRoot.resolve(relativeLink).getPath(); textBuff.replace(begin, end, relativeLink); diff --git a/langtools/test/com/sun/javadoc/testHrefInDocComment/TestHrefInDocComment.java b/langtools/test/com/sun/javadoc/testHrefInDocComment/TestHrefInDocComment.java index 80b2c49bff..aa424ad24a 100644 --- a/langtools/test/com/sun/javadoc/testHrefInDocComment/TestHrefInDocComment.java +++ b/langtools/test/com/sun/javadoc/testHrefInDocComment/TestHrefInDocComment.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /* * @test - * @bug 4638015 + * @bug 4638015 8248001 * @summary Determine if Hrefs are processed properly when they * appear in doc comments. * @author jamieh diff --git a/langtools/test/com/sun/javadoc/testHrefInDocComment/pkg/J1.java b/langtools/test/com/sun/javadoc/testHrefInDocComment/pkg/J1.java new file mode 100644 index 0000000000..9be939f37b --- /dev/null +++ b/langtools/test/com/sun/javadoc/testHrefInDocComment/pkg/J1.java @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2016, 2021, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package pkg; + +/** + *This class has various functions, + * see FTP Site, + * file service for further information + *various functions + *
    + *
  • function1
    • + *
  • function2
    • + *
  • function3
    • + *
+ *special methods + *
    + *
  • method1
    • + *
  • method2
    • + *
  • method3
    • + *
+ */ +public class J1 { + /** + *fields. + */ + protected Object field1; + + /** + *Creates an instance which has various functions. + */ + public J1(){ + } + + /** + *This is aspecial method. + *@param p1 arg1 + */ + public void method1(int p1){ + } + + /** + *See FTP Site for more information. + *@param p1 arg1 + */ + public void method2(int p1){ + } + + /** + *See file service for more information. + *@param p1 arg1 + */ + public void method3(int p1){ + } +} From 55e7ecc26b80b694b378c4d2d64a5e2da815bc48 Mon Sep 17 00:00:00 2001 From: Kazuhisa Takakuri Date: Tue, 20 May 2025 02:10:39 +0000 Subject: [PATCH 17/33] 8046883: com/sun/jdi/ProcessAttachTest.sh gets "java.io.IOException: Invalid process identifier" on windows Reviewed-by: phh Backport-of: 0139a3b9e7d3cbbe2c4efe1653856c2cd2769040 --- .../com/sun/jdi/ProcessAttachDebuggee.java | 62 ------ .../com/sun/jdi/ProcessAttachDebugger.java | 81 -------- jdk/test/com/sun/jdi/ProcessAttachTest.java | 152 +++++++++++++++ jdk/test/com/sun/jdi/ProcessAttachTest.sh | 181 ------------------ jdk/test/com/sun/jdi/ShutdownDebuggee.java | 62 ------ 5 files changed, 152 insertions(+), 386 deletions(-) delete mode 100644 jdk/test/com/sun/jdi/ProcessAttachDebuggee.java delete mode 100644 jdk/test/com/sun/jdi/ProcessAttachDebugger.java create mode 100644 jdk/test/com/sun/jdi/ProcessAttachTest.java delete mode 100644 jdk/test/com/sun/jdi/ProcessAttachTest.sh delete mode 100644 jdk/test/com/sun/jdi/ShutdownDebuggee.java diff --git a/jdk/test/com/sun/jdi/ProcessAttachDebuggee.java b/jdk/test/com/sun/jdi/ProcessAttachDebuggee.java deleted file mode 100644 index 3208b1551e..0000000000 --- a/jdk/test/com/sun/jdi/ProcessAttachDebuggee.java +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * - * - * The "debuggee" used by the unit tests for the ProcessAttachingConnector. - * This debuggee binds to a random TCP port and waits for a client to connect. - */ -import java.net.Socket; -import java.net.ServerSocket; -import java.nio.file.CopyOption; -import java.nio.file.Files; -import java.nio.file.StandardCopyOption; -import java.io.File; -import java.io.FileOutputStream; - -public class ProcessAttachDebuggee { - public static void main(String args[]) throws Exception { - // bind to a random port - ServerSocket ss = new ServerSocket(0); - int port = ss.getLocalPort(); - - // Write the port number to the given file - File partial = new File(args[0] + ".partial"); - File portFile = new File(args[0]); - try (FileOutputStream fos = new FileOutputStream(partial)) { - fos.write( Integer.toString(port).getBytes("UTF-8") ); - } - Files.move(partial.toPath(), portFile.toPath(), StandardCopyOption.ATOMIC_MOVE); - - System.out.println("Debuggee bound to port: " + port); - System.out.flush(); - - // wait for test harness to connect - Socket s = ss.accept(); - s.close(); - ss.close(); - - System.out.println("Debuggee shutdown."); - } -} diff --git a/jdk/test/com/sun/jdi/ProcessAttachDebugger.java b/jdk/test/com/sun/jdi/ProcessAttachDebugger.java deleted file mode 100644 index 9309403288..0000000000 --- a/jdk/test/com/sun/jdi/ProcessAttachDebugger.java +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * - * - * Unit test for ProcessAttachingConnector - this "debugger" attaches to a debuggee - * given it's pid. Usage: - * - * java ProcessAttachDebugger - */ - -import com.sun.jdi.Bootstrap; -import com.sun.jdi.VirtualMachine; -import com.sun.jdi.ThreadReference; -import com.sun.jdi.connect.Connector; -import com.sun.jdi.connect.AttachingConnector; - -import java.util.List; -import java.util.Map; - -public class ProcessAttachDebugger { - - public static void main(String main_args[]) throws Exception { - String pid = main_args[0]; - - // find ProcessAttachingConnector - - List l = - Bootstrap.virtualMachineManager().attachingConnectors(); - AttachingConnector ac = null; - for (AttachingConnector c: l) { - if (c.name().equals("com.sun.jdi.ProcessAttach")) { - ac = c; - break; - } - } - if (ac == null) { - throw new RuntimeException("Unable to locate ProcessAttachingConnector"); - } - - Map args = ac.defaultArguments(); - Connector.StringArgument arg = (Connector.StringArgument)args.get("pid"); - arg.setValue(pid); - - System.out.println("Debugger is attaching to: " + pid + " ..."); - - VirtualMachine vm = ac.attach(args); - - System.out.println("Attached! Now listing threads ..."); - - // list all threads - - for (ThreadReference thr: vm.allThreads()) { - System.out.println(thr); - } - - System.out.println("Debugger done."); - } - -} diff --git a/jdk/test/com/sun/jdi/ProcessAttachTest.java b/jdk/test/com/sun/jdi/ProcessAttachTest.java new file mode 100644 index 0000000000..0e14ed6e5c --- /dev/null +++ b/jdk/test/com/sun/jdi/ProcessAttachTest.java @@ -0,0 +1,152 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.io.IOException; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import jdk.testlibrary.JDKToolFinder; +import jdk.testlibrary.OutputAnalyzer; +import jdk.testlibrary.ProcessTools; + +import com.sun.jdi.Bootstrap; +import com.sun.jdi.ThreadReference; +import com.sun.jdi.VirtualMachine; +import com.sun.jdi.connect.AttachingConnector; +import com.sun.jdi.connect.Connector; +import com.sun.jdi.connect.IllegalConnectorArgumentsException; + +/** + * @test + * @bug 4527279 + * @summary Unit test for ProcessAttachingConnector + * + * @library /lib/testlibrary + * @build jdk.testlibrary.* ProcessAttachTest + * @run driver ProcessAttachTest + */ + +class ProcessAttachTestTarg { + public static void main(String args[]) throws Exception { + // Write something that can be read by the driver + System.out.println("Debuggee started"); + System.out.flush(); + for (;;) { + Thread.sleep(100); + } + } +} + +public class ProcessAttachTest { + + public static final String TESTCLASSES = System.getProperty("test.classes"); + + public static void main(String[] args) throws Throwable { + + System.out.println("Test 1: Debuggee start with suspend=n"); + runTest("-agentlib:jdwp=transport=dt_socket,server=y,suspend=n"); + + System.out.println("Test 2: Debuggee start with suspend=y"); + runTest("-agentlib:jdwp=transport=dt_socket,server=y,suspend=y"); + + } + + private static void runTest(String jdwpArg) throws Throwable { + ProcessBuilder pb = ProcessTools.createJavaProcessBuilder( + jdwpArg, + "-classpath", TESTCLASSES, + "ProcessAttachTestTarg"); + Process p = null; + try { + // Get pid + String jps = JDKToolFinder.getJDKTool("jps"); + OutputAnalyzer output = ProcessTools.executeProcess(jps); + Pattern ptn1 = Pattern.compile("(\\d+) ProcessAttachTestTarg"); + Pattern ptn2 = Pattern.compile("(\\d+) -- main class information unavailable"); // The target process is displayed as such in Test 2. + Matcher m1 = ptn1.matcher(output.getOutput()); + Matcher m2 = ptn2.matcher(output.getOutput()); + List pids1 = new ArrayList<>(); + while (m1.find()) { + pids1.add(m1.group(1)); + } + while (m2.find()) { + pids1.add(m2.group(1)); + } + + p = pb.start(); + + // Wait for the process to start + InputStream is = p.getInputStream(); + is.read(); + + // Get pid + output = ProcessTools.executeProcess(jps); + m1 = ptn1.matcher(output.getOutput()); + m2 = ptn2.matcher(output.getOutput()); + List pids2 = new ArrayList<>(); + while (m1.find()) { + pids2.add(m1.group(1)); + } + while (m2.find()) { + pids2.add(m2.group(1)); + } + pids2.removeAll(pids1); + if (pids2.size() != 1) { + throw new RuntimeException("Did not find pid"); + } + + // Attach a debugger + tryDebug(Long.parseLong(pids2.get(0))); + } finally { + p.destroyForcibly(); + } + } + + private static void tryDebug(long pid) throws IOException, + IllegalConnectorArgumentsException { + AttachingConnector ac = Bootstrap.virtualMachineManager().attachingConnectors() + .stream() + .filter(c -> c.name().equals("com.sun.jdi.ProcessAttach")) + .findFirst() + .orElseThrow(() -> new RuntimeException("Unable to locate ProcessAttachingConnector")); + + Map args = ac.defaultArguments(); + Connector.StringArgument arg = (Connector.StringArgument) args + .get("pid"); + arg.setValue("" + pid); + + System.out.println("Debugger is attaching to: " + pid + " ..."); + VirtualMachine vm = ac.attach(args); + + // list all threads + System.out.println("Attached! Now listing threads ..."); + vm.allThreads().stream().forEach(System.out::println); + + System.out.println("Debugger done."); + vm.dispose(); + } +} diff --git a/jdk/test/com/sun/jdi/ProcessAttachTest.sh b/jdk/test/com/sun/jdi/ProcessAttachTest.sh deleted file mode 100644 index 10b5d50315..0000000000 --- a/jdk/test/com/sun/jdi/ProcessAttachTest.sh +++ /dev/null @@ -1,181 +0,0 @@ -#!/bin/sh - -# -# Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - - -# @test -# @bug 4527279 -# @summary Unit test for ProcessAttachingConnector -# -# @build ProcessAttachDebugger ProcessAttachDebuggee ShutdownDebuggee -# @run shell ProcessAttachTest.sh - -if [ "${TESTJAVA}" = "" ] -then - echo "TESTJAVA not set. Test cannot execute. Failed." - exit 1 -fi - -if [ "${TESTSRC}" = "" ] -then - echo "TESTSRC not set. Test cannot execute. Failed." - exit 1 -fi - -if [ "${TESTCLASSES}" = "" ] -then - echo "TESTCLASSES not set. Test cannot execute. Failed." - exit 1 -fi - -JAVA="${TESTJAVA}/bin/java" - -OS=`uname -s` - -case "$OS" in - Windows*) - PS=";" - OS="Windows" - ;; - CYGWIN*) - PS=";" - OS="CYGWIN" - ;; - * ) - PS=":" - ;; -esac - -startDebuggee() -{ - OUTPUTFILE=${TESTCLASSES}/Debuggee.out - ${JAVA} "$@" > ${OUTPUTFILE} & - startpid="$!" - pid="${startpid}" - - # CYGWIN startpid is not the native windows PID we want, get the WINPID - if [ "${OS}" = "CYGWIN" ]; then - sleep 2 - ps -l -p ${startpid} - pid=`ps -l -p ${startpid} | tail -1 | awk '{print $4;}'` - fi - - # MKS creates an intermediate shell to launch ${JAVA} so - # ${startpid} is not the actual pid. We have put in a small sleep - # to give the intermediate shell process time to launch the - # "java" process. - if [ "$OS" = "Windows" ]; then - sleep 2 - pid=`ps -o pid,ppid,comm|grep ${startpid}|grep "java"|cut -c1-6` - fi - - echo "Waiting for Debuggee to initialize..." - attempts=0 - while true; do - sleep 1 - out=`tail -1 ${OUTPUTFILE}` - if [ ! -z "$out" ]; then - break - fi - attempts=`expr $attempts + 1` - echo "Waiting $attempts second(s) ..." - done - - echo "Debuggee is process $pid (startpid=${startpid})" -} - -stopDebuggee() -{ - $JAVA -classpath "${TESTCLASSES}" ShutdownDebuggee $1 - if [ $? != 0 ] ; then - echo "Error: ShutdownDebuggee failed" - failures=`expr $failures + 1` - kill -9 ${startpid} - fi -} - -failures=0 - -######################################################### -echo "Test 1: Debuggee start with suspend=n" - -PORTFILE="${TESTCLASSES}"/shutdown1.port - -DEBUGGEEFLAGS= -if [ -r $TESTCLASSES/@debuggeeVMOptions ] ; then - DEBUGGEEFLAGS=`cat $TESTCLASSES/@debuggeeVMOptions` -elif [ -r $TESTCLASSES/../@debuggeeVMOptions ] ; then - DEBUGGEEFLAGS=`cat $TESTCLASSES/../@debuggeeVMOptions` -fi - -startDebuggee \ - $DEBUGGEEFLAGS \ - -agentlib:jdwp=transport=dt_socket,server=y,suspend=n \ - -classpath "${TESTCLASSES}" ProcessAttachDebuggee "${PORTFILE}" - -$JAVA -classpath "${TESTCLASSES}${PS}${TESTJAVA}/lib/tools.jar" \ - ProcessAttachDebugger $pid 2>&1 -if [ $? != 0 ]; then failures=`expr $failures + 1`; fi - -# Note that when the debugger disconnects, the debuggee picks another -# port and outputs another 'Listening for transport ... ' msg. - -stopDebuggee "${PORTFILE}" - -######################################################### -echo "\nTest 2: Debuggee start with suspend=y" - -PORTFILE="${TESTCLASSES}"/shutdown2.port -startDebuggee \ - $DEBUGGEEFLAGS \ - -agentlib:jdwp=transport=dt_socket,server=y,suspend=y \ - -classpath "${TESTCLASSES}" ProcessAttachDebuggee "${PORTFILE}" - -$JAVA -classpath "${TESTCLASSES}${PS}${TESTJAVA}/lib/tools.jar" \ - ProcessAttachDebugger $pid 2>&1 - -# The debuggee is suspended and doesn't run until the debugger -# disconnects. We have to give it time to write the port number -# to ${PORTFILE} - -echo "Waiting for port file to be written..." -attempts=0 -while true; do - sleep 1 - attempts=`expr $attempts + 1` - if [ -f ${PORTFILE} ]; then - break - fi - echo "Waiting $attempts second(s) ..." -done - -if [ $? != 0 ]; then failures=`expr $failures + 1`; fi -stopDebuggee "${PORTFILE}" - -### -if [ $failures = 0 ]; - then echo "All tests passed."; - else echo "$failures test(s) failed:"; cat ${OUTPUTFILE}; -fi -exit $failures diff --git a/jdk/test/com/sun/jdi/ShutdownDebuggee.java b/jdk/test/com/sun/jdi/ShutdownDebuggee.java deleted file mode 100644 index b69768892a..0000000000 --- a/jdk/test/com/sun/jdi/ShutdownDebuggee.java +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * - * - * Used by the unit tests for the ProcessAttachingConnector. This class is - * used to shutdown the debuggee by connecting to its shutdown port. - */ -import java.net.Socket; -import java.net.InetSocketAddress; -import java.io.File; -import java.io.FileInputStream; - -public class ShutdownDebuggee { - public static void main(String args[]) throws Exception { - - // read the (TCP) port number from the given file - - File f = new File(args[0]); - FileInputStream fis = new FileInputStream(f); - byte b[] = new byte[8]; - int n = fis.read(b); - if (n < 1) { - throw new RuntimeException("Empty file"); - } - fis.close(); - - String str = new String(b, 0, n, "UTF-8"); - System.out.println("Port number of debuggee is: " + str); - int port = Integer.parseInt(str); - - // Now connect to the port (which will shutdown debuggee) - - System.out.println("Connecting to port " + port + - " to shutdown Debuggee ..."); - - Socket s = new Socket(); - s.connect( new InetSocketAddress(port) ); - s.close(); - } -} From 3e4321d11e557887378d42258be7130878b9ac5e Mon Sep 17 00:00:00 2001 From: Paul Hohensee Date: Tue, 20 May 2025 14:34:23 +0000 Subject: [PATCH 18/33] 8345133: Test sun/security/tools/jarsigner/TsacertOptionTest.java failed: Warning found in stdout Reviewed-by: rkennke Backport-of: 153dc6d84300e4c3446e33be820c15336cf45e72 --- jdk/test/sun/security/tools/jarsigner/TsacertOptionTest.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/jdk/test/sun/security/tools/jarsigner/TsacertOptionTest.java b/jdk/test/sun/security/tools/jarsigner/TsacertOptionTest.java index 059970b893..0e90583b71 100644 --- a/jdk/test/sun/security/tools/jarsigner/TsacertOptionTest.java +++ b/jdk/test/sun/security/tools/jarsigner/TsacertOptionTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -110,6 +110,7 @@ void start() throws Throwable { "-alias", CA_KEY_ALIAS, "-keystore", KEYSTORE, "-storepass", PASSWORD, + "-startdate", "-1M", "-keypass", PASSWORD, "-validity", Integer.toString(VALIDITY), "-infile", "certreq", From 6fd5ba5f62bfffc8b127aec0f56f7b1987dee46d Mon Sep 17 00:00:00 2001 From: Satyen Subramaniam Date: Tue, 20 May 2025 17:45:26 +0000 Subject: [PATCH 19/33] 8352716: (tz) Update Timezone Data to 2025b Reviewed-by: serb Backport-of: 1d205f5f0704f251eb68165f3caf1e70d542ae63 --- jdk/make/data/tzdata/VERSION | 2 +- jdk/make/data/tzdata/asia | 12 ++- jdk/make/data/tzdata/northamerica | 9 ++ jdk/make/data/tzdata/southamerica | 86 +++++++++++++++---- jdk/make/data/tzdata/zone.tab | 3 +- .../java/util/TimeZone/TimeZoneData/VERSION | 2 +- jdk/test/sun/util/calendar/zi/tzdata/VERSION | 2 +- jdk/test/sun/util/calendar/zi/tzdata/asia | 12 ++- .../sun/util/calendar/zi/tzdata/northamerica | 9 ++ .../sun/util/calendar/zi/tzdata/southamerica | 86 +++++++++++++++---- jdk/test/sun/util/calendar/zi/tzdata/zone.tab | 3 +- 11 files changed, 187 insertions(+), 39 deletions(-) diff --git a/jdk/make/data/tzdata/VERSION b/jdk/make/data/tzdata/VERSION index 9c056fac34..4bd54efbcd 100644 --- a/jdk/make/data/tzdata/VERSION +++ b/jdk/make/data/tzdata/VERSION @@ -21,4 +21,4 @@ # or visit www.oracle.com if you need additional information or have any # questions. # -tzdata2025a +tzdata2025b diff --git a/jdk/make/data/tzdata/asia b/jdk/make/data/tzdata/asia index 73cccd39a0..d52e8de87e 100644 --- a/jdk/make/data/tzdata/asia +++ b/jdk/make/data/tzdata/asia @@ -1523,6 +1523,16 @@ Zone Asia/Jayapura 9:22:48 - LMT 1932 Nov # (UIT No. 143 17.XI.1977) and not 23 September (UIT No. 141 13.IX.1977). # UIT is the Operational Bulletin of International Telecommunication Union. +# From Roozbeh Pournader (2025-03-18): +# ... the exact time of Iran's transition from +0400 to +0330 ... was Friday +# 1357/8/19 AP=1978-11-10. Here's a newspaper clip from the Ettela'at +# newspaper, dated 1357/8/14 AP=1978-11-05, translated from Persian +# (at https://w.wiki/DUEY): +# Following the government's decision about returning the official time +# to the previous status, the spokesperson for the Ministry of Energy +# announced today: At the hour 24 of Friday 19th of Aban (=1978-11-10), +# the country's time will be pulled back half an hour. +# # From Roozbeh Pournader (2003-03-15): # This is an English translation of what I just found (originally in Persian). # The Gregorian dates in brackets are mine: @@ -1650,7 +1660,7 @@ Rule Iran 2021 2022 - Sep 21 24:00 0 - Zone Asia/Tehran 3:25:44 - LMT 1916 3:25:44 - TMT 1935 Jun 13 # Tehran Mean Time 3:30 Iran +0330/+0430 1977 Oct 20 24:00 - 4:00 Iran +04/+05 1979 + 4:00 Iran +04/+05 1978 Nov 10 24:00 3:30 Iran +0330/+0430 diff --git a/jdk/make/data/tzdata/northamerica b/jdk/make/data/tzdata/northamerica index e735d43e3c..b0687f0fce 100644 --- a/jdk/make/data/tzdata/northamerica +++ b/jdk/make/data/tzdata/northamerica @@ -1634,6 +1634,15 @@ Zone America/Moncton -4:19:08 - LMT 1883 Dec 9 # For more on Orillia, see: Daubs K. Bold attempt at daylight saving # time became a comic failure in Orillia. Toronto Star 2017-07-08. # https://www.thestar.com/news/insight/2017/07/08/bold-attempt-at-daylight-saving-time-became-a-comic-failure-in-orillia.html +# From Paul Eggert (2025-03-20): +# Also see the 1912-06-17 front page of The Evening Sunbeam, +# reproduced in: Richardson M. "Daylight saving was a confusing +# time in Orillia" in the 2025-03-15 Orillia Matters. Richardson writes, +# "The first Sunday after the switch was made, [DST proponent and +# Orillia mayor William Sword] Frost walked into church an hour late. +# This became a symbol of the downfall of daylight saving in Orillia." +# The mayor became known as "Daylight Bill". +# https://www.orilliamatters.com/local-news/column-daylight-saving-was-a-confusing-time-in-orillia-10377529 # From Mark Brader (2010-03-06): # diff --git a/jdk/make/data/tzdata/southamerica b/jdk/make/data/tzdata/southamerica index 8fc2bf8cea..3b0b65be4a 100644 --- a/jdk/make/data/tzdata/southamerica +++ b/jdk/make/data/tzdata/southamerica @@ -1269,35 +1269,45 @@ Zone America/Rio_Branco -4:31:12 - LMT 1914 # dates to 2014. # DST End: last Saturday of April 2014 (Sun 27 Apr 2014 03:00 UTC) # DST Start: first Saturday of September 2014 (Sun 07 Sep 2014 04:00 UTC) -# http://www.diariooficial.interior.gob.cl//media/2014/02/19/do-20140219.pdf +# From Tim Parenti (2025-03-22): +# Decreto 307 of 2014 of the Ministry of the Interior and Public Security, +# promulgated 2014-01-30 and published 2014-02-19: +# https://www.diariooficial.interior.gob.cl/media/2014/02/19/do-20140219.pdf#page=1 +# https://www.bcn.cl/leychile/navegar?idNorma=1059557 # From Eduardo Romero Urra (2015-03-03): # Today has been published officially that Chile will use the DST time # permanently until March 25 of 2017 -# http://www.diariooficial.interior.gob.cl/media/2015/03/03/1-large.jpg -# -# From Paul Eggert (2015-03-03): -# For now, assume that the extension will persist indefinitely. +# From Tim Parenti (2025-03-22): +# Decreto 106 of 2015 of the Ministry of the Interior and Public Security, +# promulgated 2015-01-27 and published 2015-03-03: +# https://www.diariooficial.interior.gob.cl/media/2015/03/03/do-20150303.pdf#page=1 +# https://www.bcn.cl/leychile/navegar?idNorma=1075157 # From Juan Correa (2016-03-18): -# The decree regarding DST has been published in today's Official Gazette: -# http://www.diariooficial.interior.gob.cl/versiones-anteriores/do/20160318/ -# http://www.leychile.cl/Navegar?idNorma=1088502 +# The decree regarding DST has been published in today's Official Gazette... # It does consider the second Saturday of May and August as the dates # for the transition; and it lists DST dates until 2019, but I think # this scheme will stick. -# # From Paul Eggert (2016-03-18): -# For now, assume the pattern holds for the indefinite future. # The decree says transitions occur at 24:00; in practice this appears # to mean 24:00 mainland time, not 24:00 local time, so that Easter # Island is always two hours behind the mainland. +# From Tim Parenti (2025-03-22): +# Decreto 253 of 2016 of the Ministry of the Interior and Public Security, +# promulgated 2016-03-16 and published 2016-03-18. +# https://www.diariooficial.interior.gob.cl/media/2016/03/18/do-20160318.pdf#page=1 +# https://www.bcn.cl/leychile/navegar?idNorma=1088502 # From Juan Correa (2016-12-04): # Magallanes region ... will keep DST (UTC -3) all year round.... # http://www.soychile.cl/Santiago/Sociedad/2016/12/04/433428/Bachelet-firmo-el-decreto-para-establecer-un-horario-unico-para-la-Region-de-Magallanes.aspx -# From Deborah Goldsmith (2017-01-19): -# http://www.diariooficial.interior.gob.cl/publicaciones/2017/01/17/41660/01/1169626.pdf +# From Tim Parenti (2025-03-22), via Deborah Goldsmith (2017-01-19): +# Decreto 1820 of 2016 of the Ministry of the Interior and Public Security, +# promulgated 2016-12-02 and published 2017-01-17: +# https://www.diariooficial.interior.gob.cl/publicaciones/2017/01/17/41660/01/1169626.pdf +# https://www.bcn.cl/leychile/Navegar?idNorma=1099217 +# Model this as a change to standard offset effective 2016-12-04. # From Juan Correa (2018-08-13): # As of moments ago, the Ministry of Energy in Chile has announced the new @@ -1316,13 +1326,20 @@ Zone America/Rio_Branco -4:31:12 - LMT 1914 # https://twitter.com/MinEnergia/status/1029009354001973248 # "We will keep the new time policy unchanged for at least the next 4 years." # So we extend the new rules on Saturdays at 24:00 mainland time indefinitely. -# From Juan Correa (2019-02-04): -# http://www.diariooficial.interior.gob.cl/publicaciones/2018/11/23/42212/01/1498738.pdf +# From Tim Parenti (2025-03-22), via Juan Correa (2019-02-04): +# Decreto 1286 of 2018 of the Ministry of the Interior and Public Security, +# promulgated 2018-09-21 and published 2018-11-23: +# https://www.diariooficial.interior.gob.cl/publicaciones/2018/11/23/42212/01/1498738.pdf +# https://www.bcn.cl/leychile/Navegar?idNorma=1125760 # From Juan Correa (2022-04-02): # I found there was a decree published last Thursday that will keep -# Magallanes region to UTC -3 "indefinitely". The decree is available at +# Magallanes region to UTC -3 "indefinitely". +# From Tim Parenti (2025-03-22): +# Decreto 143 of 2022 of the Ministry of the Interior and Public Security, +# promulgated 2022-03-29 and published 2022-03-31: # https://www.diariooficial.interior.gob.cl/publicaciones/2022/03/31/43217-B/01/2108910.pdf +# https://www.bcn.cl/leychile/Navegar?idNorma=1174342 # From Juan Correa (2022-08-09): # the Internal Affairs Ministry (Ministerio del Interior) informed DST @@ -1331,13 +1348,36 @@ Zone America/Rio_Branco -4:31:12 - LMT 1914 # will keep UTC -3 "indefinitely"... This is because on September 4th # we will have a voting whether to approve a new Constitution. # -# From Eduardo Romero Urra (2022-08-17): +# From Tim Parenti (2025-03-22), via Eduardo Romero Urra (2022-08-17): +# Decreto 224 of 2022 of the Ministry of the Interior and Public Security, +# promulgated 2022-07-14 and published 2022-08-13: # https://www.diariooficial.interior.gob.cl/publicaciones/2022/08/13/43327/01/2172567.pdf +# https://www.bcn.cl/leychile/navegar?idNorma=1179983 # # From Paul Eggert (2022-08-17): # Although the presidential decree stops at fall 2026, assume that # similar DST rules will continue thereafter. +# From Paul Eggert (2025-01-15): +# Diario Regional Aysén's Sebastián Martel reports that 94% of Aysén +# citizens polled in November favored changing the rules from +# -04/-03-with-DST to -03 all year... +# https://www.diarioregionalaysen.cl/noticia/actualidad/2024/12/presentan-decision-que-gano-la-votacion-sobre-el-cambio-del-huso-horario-en-aysen +# +# From Yonathan Dossow (2025-03-20): +# [T]oday we have more confirmation of the change. [Aysén] region will keep +# UTC-3 all year... +# https://www.cnnchile.com/pais/region-de-aysen-mantendra-horario-de-verano-todo-el-ano_20250320/ +# https://www.latercera.com/nacional/noticia/tras-consulta-ciudadana-region-de-aysen-mantendra-el-horario-de-verano-durante-todo-el-ano/ +# https://x.com/min_interior/status/1902692504270672098 +# +# From Tim Parenti (2025-03-22), via Eduardo Romero Urra (2025-03-20): +# Decreto 93 of 2025 of the Ministry of the Interior and Public Security, +# promulgated 2025-03-11 and published 2025-03-20: +# https://www.diariooficial.interior.gob.cl/publicaciones/2025/03/20/44104/01/2624263.pdf +# https://www.bcn.cl/leychile/Navegar?idNorma=1211955 +# Model this as a change to standard offset effective 2025-03-20. + # Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Chile 1927 1931 - Sep 1 0:00 1:00 - Rule Chile 1928 1932 - Apr 1 0:00 0 - @@ -1394,6 +1434,20 @@ Zone America/Santiago -4:42:45 - LMT 1890 -5:00 1:00 -04 1947 Mar 31 24:00 -5:00 - -05 1947 May 21 23:00 -4:00 Chile -04/-03 +Zone America/Coyhaique -4:48:16 - LMT 1890 + -4:42:45 - SMT 1910 Jan 10 + -5:00 - -05 1916 Jul 1 + -4:42:45 - SMT 1918 Sep 10 + -4:00 - -04 1919 Jul 1 + -4:42:45 - SMT 1927 Sep 1 + -5:00 Chile -05/-04 1932 Sep 1 + -4:00 - -04 1942 Jun 1 + -5:00 - -05 1942 Aug 1 + -4:00 - -04 1946 Aug 28 24:00 + -5:00 1:00 -04 1947 Mar 31 24:00 + -5:00 - -05 1947 May 21 23:00 + -4:00 Chile -04/-03 2025 Mar 20 + -3:00 - -03 Zone America/Punta_Arenas -4:43:40 - LMT 1890 -4:42:45 - SMT 1910 Jan 10 -5:00 - -05 1916 Jul 1 diff --git a/jdk/make/data/tzdata/zone.tab b/jdk/make/data/tzdata/zone.tab index e7a4868c39..c8fc601041 100644 --- a/jdk/make/data/tzdata/zone.tab +++ b/jdk/make/data/tzdata/zone.tab @@ -162,7 +162,8 @@ CH +4723+00832 Europe/Zurich CI +0519-00402 Africa/Abidjan CK -2114-15946 Pacific/Rarotonga CL -3327-07040 America/Santiago most of Chile -CL -5309-07055 America/Punta_Arenas Region of Magallanes +CL -4534-07204 America/Coyhaique Aysen Region +CL -5309-07055 America/Punta_Arenas Magallanes Region CL -2709-10926 Pacific/Easter Easter Island CM +0403+00942 Africa/Douala CN +3114+12128 Asia/Shanghai Beijing Time diff --git a/jdk/test/java/util/TimeZone/TimeZoneData/VERSION b/jdk/test/java/util/TimeZone/TimeZoneData/VERSION index 5159b3786e..750d9fae2b 100644 --- a/jdk/test/java/util/TimeZone/TimeZoneData/VERSION +++ b/jdk/test/java/util/TimeZone/TimeZoneData/VERSION @@ -1 +1 @@ -tzdata2025a +tzdata2025b diff --git a/jdk/test/sun/util/calendar/zi/tzdata/VERSION b/jdk/test/sun/util/calendar/zi/tzdata/VERSION index 9c056fac34..4bd54efbcd 100644 --- a/jdk/test/sun/util/calendar/zi/tzdata/VERSION +++ b/jdk/test/sun/util/calendar/zi/tzdata/VERSION @@ -21,4 +21,4 @@ # or visit www.oracle.com if you need additional information or have any # questions. # -tzdata2025a +tzdata2025b diff --git a/jdk/test/sun/util/calendar/zi/tzdata/asia b/jdk/test/sun/util/calendar/zi/tzdata/asia index 73cccd39a0..d52e8de87e 100644 --- a/jdk/test/sun/util/calendar/zi/tzdata/asia +++ b/jdk/test/sun/util/calendar/zi/tzdata/asia @@ -1523,6 +1523,16 @@ Zone Asia/Jayapura 9:22:48 - LMT 1932 Nov # (UIT No. 143 17.XI.1977) and not 23 September (UIT No. 141 13.IX.1977). # UIT is the Operational Bulletin of International Telecommunication Union. +# From Roozbeh Pournader (2025-03-18): +# ... the exact time of Iran's transition from +0400 to +0330 ... was Friday +# 1357/8/19 AP=1978-11-10. Here's a newspaper clip from the Ettela'at +# newspaper, dated 1357/8/14 AP=1978-11-05, translated from Persian +# (at https://w.wiki/DUEY): +# Following the government's decision about returning the official time +# to the previous status, the spokesperson for the Ministry of Energy +# announced today: At the hour 24 of Friday 19th of Aban (=1978-11-10), +# the country's time will be pulled back half an hour. +# # From Roozbeh Pournader (2003-03-15): # This is an English translation of what I just found (originally in Persian). # The Gregorian dates in brackets are mine: @@ -1650,7 +1660,7 @@ Rule Iran 2021 2022 - Sep 21 24:00 0 - Zone Asia/Tehran 3:25:44 - LMT 1916 3:25:44 - TMT 1935 Jun 13 # Tehran Mean Time 3:30 Iran +0330/+0430 1977 Oct 20 24:00 - 4:00 Iran +04/+05 1979 + 4:00 Iran +04/+05 1978 Nov 10 24:00 3:30 Iran +0330/+0430 diff --git a/jdk/test/sun/util/calendar/zi/tzdata/northamerica b/jdk/test/sun/util/calendar/zi/tzdata/northamerica index e735d43e3c..b0687f0fce 100644 --- a/jdk/test/sun/util/calendar/zi/tzdata/northamerica +++ b/jdk/test/sun/util/calendar/zi/tzdata/northamerica @@ -1634,6 +1634,15 @@ Zone America/Moncton -4:19:08 - LMT 1883 Dec 9 # For more on Orillia, see: Daubs K. Bold attempt at daylight saving # time became a comic failure in Orillia. Toronto Star 2017-07-08. # https://www.thestar.com/news/insight/2017/07/08/bold-attempt-at-daylight-saving-time-became-a-comic-failure-in-orillia.html +# From Paul Eggert (2025-03-20): +# Also see the 1912-06-17 front page of The Evening Sunbeam, +# reproduced in: Richardson M. "Daylight saving was a confusing +# time in Orillia" in the 2025-03-15 Orillia Matters. Richardson writes, +# "The first Sunday after the switch was made, [DST proponent and +# Orillia mayor William Sword] Frost walked into church an hour late. +# This became a symbol of the downfall of daylight saving in Orillia." +# The mayor became known as "Daylight Bill". +# https://www.orilliamatters.com/local-news/column-daylight-saving-was-a-confusing-time-in-orillia-10377529 # From Mark Brader (2010-03-06): # diff --git a/jdk/test/sun/util/calendar/zi/tzdata/southamerica b/jdk/test/sun/util/calendar/zi/tzdata/southamerica index 8fc2bf8cea..3b0b65be4a 100644 --- a/jdk/test/sun/util/calendar/zi/tzdata/southamerica +++ b/jdk/test/sun/util/calendar/zi/tzdata/southamerica @@ -1269,35 +1269,45 @@ Zone America/Rio_Branco -4:31:12 - LMT 1914 # dates to 2014. # DST End: last Saturday of April 2014 (Sun 27 Apr 2014 03:00 UTC) # DST Start: first Saturday of September 2014 (Sun 07 Sep 2014 04:00 UTC) -# http://www.diariooficial.interior.gob.cl//media/2014/02/19/do-20140219.pdf +# From Tim Parenti (2025-03-22): +# Decreto 307 of 2014 of the Ministry of the Interior and Public Security, +# promulgated 2014-01-30 and published 2014-02-19: +# https://www.diariooficial.interior.gob.cl/media/2014/02/19/do-20140219.pdf#page=1 +# https://www.bcn.cl/leychile/navegar?idNorma=1059557 # From Eduardo Romero Urra (2015-03-03): # Today has been published officially that Chile will use the DST time # permanently until March 25 of 2017 -# http://www.diariooficial.interior.gob.cl/media/2015/03/03/1-large.jpg -# -# From Paul Eggert (2015-03-03): -# For now, assume that the extension will persist indefinitely. +# From Tim Parenti (2025-03-22): +# Decreto 106 of 2015 of the Ministry of the Interior and Public Security, +# promulgated 2015-01-27 and published 2015-03-03: +# https://www.diariooficial.interior.gob.cl/media/2015/03/03/do-20150303.pdf#page=1 +# https://www.bcn.cl/leychile/navegar?idNorma=1075157 # From Juan Correa (2016-03-18): -# The decree regarding DST has been published in today's Official Gazette: -# http://www.diariooficial.interior.gob.cl/versiones-anteriores/do/20160318/ -# http://www.leychile.cl/Navegar?idNorma=1088502 +# The decree regarding DST has been published in today's Official Gazette... # It does consider the second Saturday of May and August as the dates # for the transition; and it lists DST dates until 2019, but I think # this scheme will stick. -# # From Paul Eggert (2016-03-18): -# For now, assume the pattern holds for the indefinite future. # The decree says transitions occur at 24:00; in practice this appears # to mean 24:00 mainland time, not 24:00 local time, so that Easter # Island is always two hours behind the mainland. +# From Tim Parenti (2025-03-22): +# Decreto 253 of 2016 of the Ministry of the Interior and Public Security, +# promulgated 2016-03-16 and published 2016-03-18. +# https://www.diariooficial.interior.gob.cl/media/2016/03/18/do-20160318.pdf#page=1 +# https://www.bcn.cl/leychile/navegar?idNorma=1088502 # From Juan Correa (2016-12-04): # Magallanes region ... will keep DST (UTC -3) all year round.... # http://www.soychile.cl/Santiago/Sociedad/2016/12/04/433428/Bachelet-firmo-el-decreto-para-establecer-un-horario-unico-para-la-Region-de-Magallanes.aspx -# From Deborah Goldsmith (2017-01-19): -# http://www.diariooficial.interior.gob.cl/publicaciones/2017/01/17/41660/01/1169626.pdf +# From Tim Parenti (2025-03-22), via Deborah Goldsmith (2017-01-19): +# Decreto 1820 of 2016 of the Ministry of the Interior and Public Security, +# promulgated 2016-12-02 and published 2017-01-17: +# https://www.diariooficial.interior.gob.cl/publicaciones/2017/01/17/41660/01/1169626.pdf +# https://www.bcn.cl/leychile/Navegar?idNorma=1099217 +# Model this as a change to standard offset effective 2016-12-04. # From Juan Correa (2018-08-13): # As of moments ago, the Ministry of Energy in Chile has announced the new @@ -1316,13 +1326,20 @@ Zone America/Rio_Branco -4:31:12 - LMT 1914 # https://twitter.com/MinEnergia/status/1029009354001973248 # "We will keep the new time policy unchanged for at least the next 4 years." # So we extend the new rules on Saturdays at 24:00 mainland time indefinitely. -# From Juan Correa (2019-02-04): -# http://www.diariooficial.interior.gob.cl/publicaciones/2018/11/23/42212/01/1498738.pdf +# From Tim Parenti (2025-03-22), via Juan Correa (2019-02-04): +# Decreto 1286 of 2018 of the Ministry of the Interior and Public Security, +# promulgated 2018-09-21 and published 2018-11-23: +# https://www.diariooficial.interior.gob.cl/publicaciones/2018/11/23/42212/01/1498738.pdf +# https://www.bcn.cl/leychile/Navegar?idNorma=1125760 # From Juan Correa (2022-04-02): # I found there was a decree published last Thursday that will keep -# Magallanes region to UTC -3 "indefinitely". The decree is available at +# Magallanes region to UTC -3 "indefinitely". +# From Tim Parenti (2025-03-22): +# Decreto 143 of 2022 of the Ministry of the Interior and Public Security, +# promulgated 2022-03-29 and published 2022-03-31: # https://www.diariooficial.interior.gob.cl/publicaciones/2022/03/31/43217-B/01/2108910.pdf +# https://www.bcn.cl/leychile/Navegar?idNorma=1174342 # From Juan Correa (2022-08-09): # the Internal Affairs Ministry (Ministerio del Interior) informed DST @@ -1331,13 +1348,36 @@ Zone America/Rio_Branco -4:31:12 - LMT 1914 # will keep UTC -3 "indefinitely"... This is because on September 4th # we will have a voting whether to approve a new Constitution. # -# From Eduardo Romero Urra (2022-08-17): +# From Tim Parenti (2025-03-22), via Eduardo Romero Urra (2022-08-17): +# Decreto 224 of 2022 of the Ministry of the Interior and Public Security, +# promulgated 2022-07-14 and published 2022-08-13: # https://www.diariooficial.interior.gob.cl/publicaciones/2022/08/13/43327/01/2172567.pdf +# https://www.bcn.cl/leychile/navegar?idNorma=1179983 # # From Paul Eggert (2022-08-17): # Although the presidential decree stops at fall 2026, assume that # similar DST rules will continue thereafter. +# From Paul Eggert (2025-01-15): +# Diario Regional Aysén's Sebastián Martel reports that 94% of Aysén +# citizens polled in November favored changing the rules from +# -04/-03-with-DST to -03 all year... +# https://www.diarioregionalaysen.cl/noticia/actualidad/2024/12/presentan-decision-que-gano-la-votacion-sobre-el-cambio-del-huso-horario-en-aysen +# +# From Yonathan Dossow (2025-03-20): +# [T]oday we have more confirmation of the change. [Aysén] region will keep +# UTC-3 all year... +# https://www.cnnchile.com/pais/region-de-aysen-mantendra-horario-de-verano-todo-el-ano_20250320/ +# https://www.latercera.com/nacional/noticia/tras-consulta-ciudadana-region-de-aysen-mantendra-el-horario-de-verano-durante-todo-el-ano/ +# https://x.com/min_interior/status/1902692504270672098 +# +# From Tim Parenti (2025-03-22), via Eduardo Romero Urra (2025-03-20): +# Decreto 93 of 2025 of the Ministry of the Interior and Public Security, +# promulgated 2025-03-11 and published 2025-03-20: +# https://www.diariooficial.interior.gob.cl/publicaciones/2025/03/20/44104/01/2624263.pdf +# https://www.bcn.cl/leychile/Navegar?idNorma=1211955 +# Model this as a change to standard offset effective 2025-03-20. + # Rule NAME FROM TO - IN ON AT SAVE LETTER/S Rule Chile 1927 1931 - Sep 1 0:00 1:00 - Rule Chile 1928 1932 - Apr 1 0:00 0 - @@ -1394,6 +1434,20 @@ Zone America/Santiago -4:42:45 - LMT 1890 -5:00 1:00 -04 1947 Mar 31 24:00 -5:00 - -05 1947 May 21 23:00 -4:00 Chile -04/-03 +Zone America/Coyhaique -4:48:16 - LMT 1890 + -4:42:45 - SMT 1910 Jan 10 + -5:00 - -05 1916 Jul 1 + -4:42:45 - SMT 1918 Sep 10 + -4:00 - -04 1919 Jul 1 + -4:42:45 - SMT 1927 Sep 1 + -5:00 Chile -05/-04 1932 Sep 1 + -4:00 - -04 1942 Jun 1 + -5:00 - -05 1942 Aug 1 + -4:00 - -04 1946 Aug 28 24:00 + -5:00 1:00 -04 1947 Mar 31 24:00 + -5:00 - -05 1947 May 21 23:00 + -4:00 Chile -04/-03 2025 Mar 20 + -3:00 - -03 Zone America/Punta_Arenas -4:43:40 - LMT 1890 -4:42:45 - SMT 1910 Jan 10 -5:00 - -05 1916 Jul 1 diff --git a/jdk/test/sun/util/calendar/zi/tzdata/zone.tab b/jdk/test/sun/util/calendar/zi/tzdata/zone.tab index e7a4868c39..c8fc601041 100644 --- a/jdk/test/sun/util/calendar/zi/tzdata/zone.tab +++ b/jdk/test/sun/util/calendar/zi/tzdata/zone.tab @@ -162,7 +162,8 @@ CH +4723+00832 Europe/Zurich CI +0519-00402 Africa/Abidjan CK -2114-15946 Pacific/Rarotonga CL -3327-07040 America/Santiago most of Chile -CL -5309-07055 America/Punta_Arenas Region of Magallanes +CL -4534-07204 America/Coyhaique Aysen Region +CL -5309-07055 America/Punta_Arenas Magallanes Region CL -2709-10926 Pacific/Easter Easter Island CM +0403+00942 Africa/Douala CN +3114+12128 Asia/Shanghai Beijing Time From 1daca5f46e16a0d257e0f80713bee9a42332f1c3 Mon Sep 17 00:00:00 2001 From: Kazuhisa Takakuri Date: Wed, 21 May 2025 08:11:19 +0000 Subject: [PATCH 20/33] 8274606: Fix jaxp/javax/xml/jaxp/unittest/transform/SurrogateTest.java test Reviewed-by: phh Backport-of: 7eb0372e55f23275b12470593adc97f1b79bc965 --- .../jaxp/transform/8268457/SurrogateTest.java | 27 ++++++++++--------- 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/jdk/test/javax/xml/jaxp/transform/8268457/SurrogateTest.java b/jdk/test/javax/xml/jaxp/transform/8268457/SurrogateTest.java index 79fa503554..626c81d264 100644 --- a/jdk/test/javax/xml/jaxp/transform/8268457/SurrogateTest.java +++ b/jdk/test/javax/xml/jaxp/transform/8268457/SurrogateTest.java @@ -24,14 +24,14 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; -import java.io.FileReader; import java.io.IOException; import java.io.InputStream; import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Paths; -import java.util.stream.Collectors; +import java.util.ArrayList; +import java.util.List; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; @@ -59,10 +59,11 @@ public class SurrogateTest { public void toHTMLTest() throws Exception { String out = "SurrogateTest1out.html"; String expected = TEST_SRC + File.separator + "SurrogateTest1.html"; + String xml = TEST_SRC + File.separator + "SurrogateTest1.xml"; String xsl = TEST_SRC + File.separator + "SurrogateTest1.xsl"; try (FileInputStream tFis = new FileInputStream(xsl); - InputStream fis = this.getClass().getResourceAsStream("SurrogateTest1.xml"); + InputStream fis = new FileInputStream(xml); FileOutputStream fos = new FileOutputStream(out)) { Source tSrc = new StreamSource(tFis); @@ -74,7 +75,9 @@ public void toHTMLTest() throws Exception { Result res = new StreamResult(fos); t.transform(src, res); } - compareWithGold(expected, out); + if (!compareWithGold(expected, out)) { + throw new RuntimeException("toHTMLTest failed"); + } } public void handlerTest() throws Exception { @@ -84,15 +87,17 @@ public void handlerTest() throws Exception { SAXParser sp = spf.newSAXParser(); TestHandler th = new TestHandler(); sp.parse(xmlFile, th); - compareStringWithGold(TEST_SRC + File.separator + "SurrogateTest2.txt", th.sb.toString()); + if (!compareLinesWithGold(TEST_SRC + File.separator + "SurrogateTest2.txt", th.lines)) { + throw new RuntimeException("handlerTest failed"); + } } private static class TestHandler extends DefaultHandler { - private StringBuilder sb = new StringBuilder(); + private List lines = new ArrayList<>(); @Override public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException { - sb.append( localName + "@attr:" + attributes.getValue("attr") + '\n'); + lines.add( localName + "@attr:" + attributes.getValue("attr")); } } @@ -122,11 +127,9 @@ public static boolean compareWithGold(String goldfile, String outputfile, return isSame; } - // Compare contents of golden file with a test output string. - public static boolean compareStringWithGold(String goldfile, String string) + // Compare contents of golden file with test output list line by line. + public static boolean compareLinesWithGold(String goldfile, List lines) throws IOException { - return Files.readAllLines(Paths.get(goldfile)).stream().collect( - Collectors.joining(System.getProperty("line.separator"))) - .equals(string); + return Files.readAllLines(Paths.get(goldfile)).equals(lines); } } From b4aa2218a462b8db33602943ecb6c71ef44e3f47 Mon Sep 17 00:00:00 2001 From: Taizo Kurashige Date: Wed, 21 May 2025 16:06:18 +0000 Subject: [PATCH 21/33] 8159694: HiDPI, Unity, java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java Reviewed-by: phh Backport-of: c3938ec18b4026d70d9654235dcd986d90344f5b --- .../dnd/DropTargetEnterExitTest/MissedDragExitTest.java | 5 +++-- jdk/test/java/awt/regtesthelpers/Util.java | 9 +++++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/jdk/test/java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java b/jdk/test/java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java index 3863667c8b..03a32f682f 100644 --- a/jdk/test/java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java +++ b/jdk/test/java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -59,6 +59,7 @@ public class MissedDragExitTest { private static void initAndShowUI() { f = new Frame("Test frame"); + f.setUndecorated(true); f.setBounds(FRAME_LOCATION,FRAME_LOCATION,FRAME_SIZE,FRAME_SIZE); final DraggablePanel dragSource = new DraggablePanel(); @@ -101,7 +102,7 @@ public void run() { Util.drag(r, new Point(FRAME_LOCATION + FRAME_SIZE / 3, FRAME_LOCATION + FRAME_SIZE / 3), new Point(FRAME_LOCATION + FRAME_SIZE / 3 * 2, FRAME_LOCATION + FRAME_SIZE / 3 * 2), - InputEvent.BUTTON1_MASK); + InputEvent.BUTTON1_DOWN_MASK); Util.waitForIdle(r); if (!dragExitCalled) { diff --git a/jdk/test/java/awt/regtesthelpers/Util.java b/jdk/test/java/awt/regtesthelpers/Util.java index 2b2a8fb255..ecf8b62595 100644 --- a/jdk/test/java/awt/regtesthelpers/Util.java +++ b/jdk/test/java/awt/regtesthelpers/Util.java @@ -323,8 +323,13 @@ public static void waitTillShown(final Component comp) { * {@code InputEvent.BUTTON3_MASK} */ public static void drag(Robot robot, Point startPoint, Point endPoint, int button) { - if (!(button == InputEvent.BUTTON1_MASK || button == InputEvent.BUTTON2_MASK - || button == InputEvent.BUTTON3_MASK)) + if (!(button == InputEvent.BUTTON1_MASK + || button == InputEvent.BUTTON2_MASK + || button == InputEvent.BUTTON3_MASK + || button == InputEvent.BUTTON1_DOWN_MASK + || button == InputEvent.BUTTON2_DOWN_MASK + || button == InputEvent.BUTTON3_DOWN_MASK + )) { throw new IllegalArgumentException("invalid mouse button"); } From abda9d84100179c80c16f642b3ab470a905b3018 Mon Sep 17 00:00:00 2001 From: Taizo Kurashige Date: Thu, 22 May 2025 17:38:21 +0000 Subject: [PATCH 22/33] 8274597: Some of the dnd tests time out and fail intermittently 8028998: [TEST_BUG] [macosx] java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java failed Reviewed-by: phh Backport-of: 669ac611b269bbda5c53d84173e5c9d0eb4ce919 --- .../AcceptDropMultipleTimes.java | 63 ++++++++++++++--- .../ExtraDragEnterTest.java | 28 ++++++-- .../MissedDragExitTest.java | 38 ++++++---- .../MissingDragExitEventTest.java | 70 +++++++++++++------ 4 files changed, 147 insertions(+), 52 deletions(-) diff --git a/jdk/test/java/awt/dnd/AcceptDropMultipleTimes/AcceptDropMultipleTimes.java b/jdk/test/java/awt/dnd/AcceptDropMultipleTimes/AcceptDropMultipleTimes.java index b8bfb44bfd..abad73bfce 100644 --- a/jdk/test/java/awt/dnd/AcceptDropMultipleTimes/AcceptDropMultipleTimes.java +++ b/jdk/test/java/awt/dnd/AcceptDropMultipleTimes/AcceptDropMultipleTimes.java @@ -34,22 +34,44 @@ import test.java.awt.regtesthelpers.Util; -import javax.swing.*; -import java.awt.*; -import java.awt.datatransfer.*; -import java.awt.dnd.*; +import java.awt.Color; +import java.awt.Cursor; +import java.awt.Dimension; +import java.awt.Frame; +import java.awt.Panel; +import java.awt.Point; +import java.awt.Rectangle; +import java.awt.Robot; +import java.awt.Toolkit; +import java.awt.datatransfer.StringSelection; +import java.awt.dnd.DnDConstants; +import java.awt.dnd.DragGestureEvent; +import java.awt.dnd.DragGestureListener; +import java.awt.dnd.DragSource; +import java.awt.dnd.DropTarget; +import java.awt.dnd.DropTargetAdapter; +import java.awt.dnd.DropTargetDropEvent; import java.awt.event.InputEvent; +import java.io.File; +import java.io.IOException; +import java.util.concurrent.CountDownLatch; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicReference; +import javax.imageio.ImageIO; +import javax.swing.SwingUtilities; public class AcceptDropMultipleTimes { private static final int FRAME_SIZE = 100; - private static final int FRAME_LOCATION = 100; + private static CountDownLatch dropCompleteLatch = new CountDownLatch(1); private static volatile Frame f; private static void initAndShowUI() { f = new Frame("Test frame"); - f.setBounds(FRAME_LOCATION, FRAME_LOCATION, FRAME_SIZE, FRAME_SIZE); + f.setSize(FRAME_SIZE, FRAME_SIZE); + f.setLocationRelativeTo(null); + f.setUndecorated(true); final DraggablePanel dragSource = new DraggablePanel(); dragSource.setBackground(Color.yellow); @@ -62,11 +84,12 @@ private static void initAndShowUI() { dtde.acceptDrop(DnDConstants.ACTION_MOVE); dtde.dropComplete(true); + dropCompleteLatch.countDown(); } }); dragSource.setDropTarget(dt); f.add(dragSource); - + f.setAlwaysOnTop(true); f.setVisible(true); } @@ -76,19 +99,37 @@ public static void main(String[] args) throws Throwable { SwingUtilities.invokeAndWait(() -> initAndShowUI()); Robot r = new Robot(); + r.setAutoDelay(50); Util.waitForIdle(r); + final AtomicReference frameLoc = new AtomicReference<>(); + SwingUtilities.invokeAndWait(() -> frameLoc.set(f.getLocationOnScreen())); + Point loc = frameLoc.get(); Util.drag(r, - new Point(FRAME_LOCATION + FRAME_SIZE / 3, FRAME_LOCATION + FRAME_SIZE / 3), - new Point(FRAME_LOCATION + FRAME_SIZE / 3 * 2, FRAME_LOCATION + FRAME_SIZE / 3 * 2), - InputEvent.BUTTON1_MASK); + new Point(loc.x + FRAME_SIZE / 3, loc.y + FRAME_SIZE / 3), + new Point(loc.x + FRAME_SIZE / 3 * 2, loc.y + FRAME_SIZE / 3 * 2), + InputEvent.BUTTON1_DOWN_MASK); Util.waitForIdle(r); + if(!dropCompleteLatch.await(10, TimeUnit.SECONDS)) { + captureScreen(r); + throw new RuntimeException("Waited too long, but the drop is not completed"); + } } finally { if (f != null) { f.dispose(); } } } - + private static void captureScreen(Robot r) { + Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize(); + try { + ImageIO.write( + r.createScreenCapture(new Rectangle(0, 0, screenSize.width, screenSize.height)), + "png", + new File("FailedScreenImage.png") + ); + } catch (IOException ignore) { + } + } private static class DraggablePanel extends Panel implements DragGestureListener { public DraggablePanel() { diff --git a/jdk/test/java/awt/dnd/DropTargetEnterExitTest/ExtraDragEnterTest.java b/jdk/test/java/awt/dnd/DropTargetEnterExitTest/ExtraDragEnterTest.java index 16d938f98f..a41fb4796d 100644 --- a/jdk/test/java/awt/dnd/DropTargetEnterExitTest/ExtraDragEnterTest.java +++ b/jdk/test/java/awt/dnd/DropTargetEnterExitTest/ExtraDragEnterTest.java @@ -34,8 +34,13 @@ import test.java.awt.regtesthelpers.Util; -import javax.swing.*; -import java.awt.*; +import java.awt.Color; +import java.awt.Cursor; +import java.awt.Frame; +import java.awt.GridLayout; +import java.awt.Panel; +import java.awt.Point; +import java.awt.Robot; import java.awt.datatransfer.StringSelection; import java.awt.dnd.DnDConstants; import java.awt.dnd.DragGestureEvent; @@ -46,23 +51,27 @@ import java.awt.dnd.DropTargetDragEvent; import java.awt.dnd.DropTargetDropEvent; import java.awt.event.InputEvent; +import java.util.concurrent.CountDownLatch; +import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicInteger; +import javax.swing.SwingUtilities; public class ExtraDragEnterTest { private static final int FRAME_SIZE = 100; - private static final int FRAME_LOCATION = 100; private static AtomicInteger dragEnterCalled = new AtomicInteger(0); private static volatile Panel mainPanel; private static volatile Frame f; + private static CountDownLatch dropCompleteLatch = new CountDownLatch(1); private static void initAndShowUI() { f = new Frame("Test frame"); - f.setBounds(FRAME_LOCATION,FRAME_LOCATION,FRAME_SIZE,FRAME_SIZE); + f.setLocationRelativeTo(null); + f.setSize(FRAME_SIZE,FRAME_SIZE); mainPanel = new Panel(); - mainPanel.setBounds(0, 0, FRAME_SIZE, FRAME_SIZE); + mainPanel.setSize(FRAME_SIZE, FRAME_SIZE); mainPanel.setBackground(Color.black); mainPanel.setLayout(new GridLayout(2, 1)); @@ -74,7 +83,10 @@ private static void initAndShowUI() { Panel dropTarget = new Panel(); dropTarget.setBackground(Color.red); DropTarget dt = new DropTarget(dropTarget, new DropTargetAdapter() { - @Override public void drop(DropTargetDropEvent dtde) { } + @Override public void drop(DropTargetDropEvent dtde) { + System.out.println("Drop complete"); + dropCompleteLatch.countDown(); + } @Override public void dragEnter(DropTargetDragEvent dtde) { @@ -85,6 +97,7 @@ public void dragEnter(DropTargetDragEvent dtde) { mainPanel.add(dropTarget); f.add(mainPanel); + f.setAlwaysOnTop(true); f.setVisible(true); } @@ -112,6 +125,9 @@ public void run() { if (called != 1) { throw new RuntimeException("Failed. Drag enter called " + called + " times. Expected 1" ); } + if(!dropCompleteLatch.await(10, TimeUnit.SECONDS)) { + throw new RuntimeException("Waited too long, but the drop is not completed"); + } } finally { if (f != null) { f.dispose(); diff --git a/jdk/test/java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java b/jdk/test/java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java index 03a32f682f..638b68d962 100644 --- a/jdk/test/java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java +++ b/jdk/test/java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java @@ -34,8 +34,12 @@ import test.java.awt.regtesthelpers.Util; -import javax.swing.*; -import java.awt.*; +import java.awt.Color; +import java.awt.Cursor; +import java.awt.Frame; +import java.awt.Panel; +import java.awt.Point; +import java.awt.Robot; import java.awt.datatransfer.StringSelection; import java.awt.dnd.DnDConstants; import java.awt.dnd.DragGestureEvent; @@ -47,15 +51,17 @@ import java.awt.dnd.DropTargetDropEvent; import java.awt.dnd.DropTargetEvent; import java.awt.event.InputEvent; +import java.util.concurrent.CountDownLatch; +import java.util.concurrent.TimeUnit; +import javax.swing.SwingUtilities; public class MissedDragExitTest { private static final int FRAME_SIZE = 100; private static final int FRAME_LOCATION = 100; - private static volatile boolean dragExitCalled = false; - private static volatile Frame f; + private static CountDownLatch dragLatch = new CountDownLatch(2); private static void initAndShowUI() { f = new Frame("Test frame"); @@ -69,21 +75,30 @@ private static void initAndShowUI() { @Override public void dragExit(DropTargetEvent dte) { - dragExitCalled = true; + System.out.println("Drag Exit"); + dragLatch.countDown(); } @Override public void dragOver(DropTargetDragEvent dtde) { - Panel newDropTarget = new Panel(); - newDropTarget.setDropTarget(new DropTarget()); - newDropTarget.setBackground(Color.red); - newDropTarget.setBounds(0, 0, FRAME_SIZE, FRAME_SIZE); - dragSource.add(newDropTarget); + Panel newDropTargetPanel = new Panel(); + final DropTarget dropTarget = new DropTarget(null,new DropTargetAdapter() { + @Override + public void drop(DropTargetDropEvent dtde) { + System.out.println("Drop complete"); + dragLatch.countDown(); + } + }); + newDropTargetPanel.setDropTarget(dropTarget); + newDropTargetPanel.setBackground(Color.red); + newDropTargetPanel.setSize(FRAME_SIZE, FRAME_SIZE); + dragSource.add(newDropTargetPanel); } }); dragSource.setDropTarget(dt); f.add(dragSource); + f.setAlwaysOnTop(true); f.setVisible(true); } @@ -104,8 +119,7 @@ public void run() { new Point(FRAME_LOCATION + FRAME_SIZE / 3 * 2, FRAME_LOCATION + FRAME_SIZE / 3 * 2), InputEvent.BUTTON1_DOWN_MASK); Util.waitForIdle(r); - - if (!dragExitCalled) { + if(!dragLatch.await(10, TimeUnit.SECONDS)) { throw new RuntimeException("Failed. Drag exit was not called" ); } } finally { diff --git a/jdk/test/java/awt/dnd/MissingDragExitEventTest/MissingDragExitEventTest.java b/jdk/test/java/awt/dnd/MissingDragExitEventTest/MissingDragExitEventTest.java index 8854c7d74a..97757f2e69 100644 --- a/jdk/test/java/awt/dnd/MissingDragExitEventTest/MissingDragExitEventTest.java +++ b/jdk/test/java/awt/dnd/MissingDragExitEventTest/MissingDragExitEventTest.java @@ -31,9 +31,14 @@ * @author Sergey Bylokhov */ +import test.java.awt.regtesthelpers.Util; + import java.awt.Color; +import java.awt.Dimension; import java.awt.Point; +import java.awt.Rectangle; import java.awt.Robot; +import java.awt.Toolkit; import java.awt.dnd.DnDConstants; import java.awt.dnd.DropTarget; import java.awt.dnd.DropTargetAdapter; @@ -43,13 +48,16 @@ import java.awt.event.InputEvent; import java.awt.event.MouseAdapter; import java.awt.event.MouseEvent; - +import java.io.File; +import java.io.IOException; +import java.util.concurrent.CountDownLatch; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicReference; +import javax.imageio.ImageIO; import javax.swing.JFrame; import javax.swing.JTextArea; import javax.swing.SwingUtilities; -import test.java.awt.regtesthelpers.Util; - public class MissingDragExitEventTest { private static volatile JFrame frame; @@ -58,23 +66,26 @@ public class MissingDragExitEventTest { private static boolean MOUSE_ENTERED; private static boolean MOUSE_EXIT_TD; private static boolean MOUSE_EXIT; - private static int SIZE = 300; + private static int SIZE = 100; + private static CountDownLatch dropCompleteLatch = new CountDownLatch(1); private static void initAndShowUI() { frame = new JFrame("Test frame"); - + frame.setUndecorated(true); frame.setSize(SIZE, SIZE); frame.setLocationRelativeTo(null); final JTextArea jta = new JTextArea(); jta.setBackground(Color.RED); frame.add(jta); jta.setText("1234567890"); - jta.setFont(jta.getFont().deriveFont(150f)); + jta.setFont(jta.getFont().deriveFont(50f)); jta.setDragEnabled(true); jta.selectAll(); jta.setDropTarget(new DropTarget(jta, DnDConstants.ACTION_COPY, new TestdropTargetListener())); jta.addMouseListener(new TestMouseAdapter()); + frame.pack(); + frame.setAlwaysOnTop(true); frame.setVisible(true); } @@ -91,25 +102,36 @@ public void run() { initAndShowUI(); } }); - - final Point inside = new Point(frame.getLocationOnScreen()); - inside.translate(20, SIZE / 2); + final AtomicReference insidePoint = new AtomicReference<>(); + SwingUtilities.invokeAndWait(() -> insidePoint.set(frame.getLocationOnScreen())); + final Point inside = insidePoint.get(); + inside.translate(2,20); final Point outer = new Point(inside); - outer.translate(-40, 0); + outer.translate(-20, 0); r.mouseMove(inside.x, inside.y); - r.mousePress(InputEvent.BUTTON1_MASK); + r.mousePress(InputEvent.BUTTON1_DOWN_MASK); try { for (int i = 0; i < 3; ++i) { Util.mouseMove(r, inside, outer); Util.mouseMove(r, outer, inside); } } finally { - r.mouseRelease(InputEvent.BUTTON1_MASK); + r.mouseRelease(InputEvent.BUTTON1_DOWN_MASK); } - sleep(r); - if (FAILED || !MOUSE_ENTERED || !MOUSE_ENTERED_DT || !MOUSE_EXIT - || !MOUSE_EXIT_TD) { + if (!dropCompleteLatch.await(10, TimeUnit.SECONDS)) { + captureScreen(r); + throw new RuntimeException( + "Waited too long, but the drop is not completed"); + } + if (FAILED || !MOUSE_ENTERED || !MOUSE_ENTERED_DT || !MOUSE_EXIT || + !MOUSE_EXIT_TD) { + System.out.println( + "Events, FAILED = " + FAILED + ", MOUSE_ENTERED = " + + MOUSE_ENTERED + ", MOUSE_ENTERED_DT = " + + MOUSE_ENTERED_DT + ", MOUSE_EXIT = " + MOUSE_EXIT + + ", MOUSE_EXIT_TD = " + MOUSE_EXIT_TD); + captureScreen(r); throw new RuntimeException("Failed"); } } finally { @@ -119,12 +141,14 @@ public void run() { } } - private static void sleep(Robot robot) { + private static void captureScreen(Robot r) { + Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize(); try { - Thread.sleep(10000); - } catch (InterruptedException ignored) { + ImageIO.write(r.createScreenCapture( + new Rectangle(0, 0, screenSize.width, screenSize.height)), + "png", new File("FailedScreenImage.png")); + } catch (IOException ignore) { } - robot.waitForIdle(); } static class TestdropTargetListener extends DropTargetAdapter { @@ -139,10 +163,6 @@ public void dragEnter(final DropTargetDragEvent dtde) { } inside = true; MOUSE_ENTERED_DT = true; - try { - Thread.sleep(10000); // we should have time to leave a component - } catch (InterruptedException ignored) { - } } @Override @@ -161,6 +181,7 @@ public void dragExit(final DropTargetEvent dte) { } inside = false; MOUSE_EXIT_TD = true; + System.out.println("Drag exit"); } @Override @@ -170,6 +191,8 @@ public void drop(final DropTargetDropEvent dtde) { Thread.dumpStack(); } inside = false; + System.out.println("Drop complete"); + dropCompleteLatch.countDown(); } } @@ -189,6 +212,7 @@ public void mouseEntered(final MouseEvent e) { @Override public void mouseExited(final MouseEvent e) { + System.out.println( "Mouse exit"); if (!inside) { FAILED = true; Thread.dumpStack(); From afd0266ef01647ea9cdcb77bb93f46a961872ad6 Mon Sep 17 00:00:00 2001 From: Antonio Vieiro Date: Tue, 3 Jun 2025 09:47:35 +0000 Subject: [PATCH 23/33] 8303770: Remove Baltimore root certificate expiring in May 2025 Reviewed-by: sgehwolf Backport-of: c0e7aa6c122e88e0d749ac3e8edf2cda9c5f53da --- jdk/make/data/cacerts/baltimorecybertrustca | 28 ------------------- .../security/lib/cacerts/VerifyCACerts.java | 10 +++---- 2 files changed, 4 insertions(+), 34 deletions(-) delete mode 100644 jdk/make/data/cacerts/baltimorecybertrustca diff --git a/jdk/make/data/cacerts/baltimorecybertrustca b/jdk/make/data/cacerts/baltimorecybertrustca deleted file mode 100644 index b3cf6547c1..0000000000 --- a/jdk/make/data/cacerts/baltimorecybertrustca +++ /dev/null @@ -1,28 +0,0 @@ -Owner: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE -Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE -Serial number: 20000b9 -Valid from: Fri May 12 18:46:00 GMT 2000 until: Mon May 12 23:59:00 GMT 2025 -Signature algorithm name: SHA1withRSA -Subject Public Key Algorithm: 2048-bit RSA key -Version: 3 ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ -RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD -VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX -DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y -ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy -VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr -mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr -IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK -mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu -XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy -dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye -jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 -BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 -DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 -9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx -jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 -Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz -ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS -R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp ------END CERTIFICATE----- diff --git a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java index 0ae4d59962..edaf71d1a8 100644 --- a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java +++ b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,7 +28,7 @@ * 8223499 8225392 8232019 8234245 8233223 8225068 8225069 8243321 8243320 * 8243559 8225072 8258630 8259312 8256421 8225081 8225082 8225083 8245654 * 8305975 8304760 8307134 8295894 8314960 8317373 8317374 8318759 8319187 - * 8321408 8316138 8341057 + * 8321408 8316138 8341057 8303770 * @summary Check root CA entries in cacerts file */ import java.io.ByteArrayInputStream; @@ -54,12 +54,12 @@ public class VerifyCACerts { + File.separator + "security" + File.separator + "cacerts"; // The numbers of certs now. - private static final int COUNT = 112; + private static final int COUNT = 111; // SHA-256 of cacerts, can be generated with // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 private static final String CHECKSUM - = "8F:E0:6F:7F:21:59:33:A6:43:F3:48:FD:A3:4A:8E:28:35:AA:DD:6E:A5:43:56:F1:28:34:48:DF:5C:D2:7C:72"; + = "B7:60:5A:7A:01:0A:9F:47:E3:46:B9:30:E1:FC:A2:71:69:58:76:CB:8C:85:2B:FF:1A:D5:92:71:AF:F5:60:8F"; // map of cert alias to SHA-256 fingerprint @SuppressWarnings("serial") @@ -100,8 +100,6 @@ public class VerifyCACerts { "68:7F:A4:51:38:22:78:FF:F0:C8:B1:1F:8D:43:D5:76:67:1C:6E:B2:BC:EA:B4:13:FB:83:D9:65:D0:6D:2F:F2"); put("addtrustqualifiedca [jdk]", "80:95:21:08:05:DB:4B:BC:35:5E:44:28:D8:FD:6E:C2:CD:E3:AB:5F:B9:7A:99:42:98:8E:B8:F4:DC:D0:60:16"); - put("baltimorecybertrustca [jdk]", - "16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB"); put("digicertglobalrootca [jdk]", "43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61"); put("digicertglobalrootg2 [jdk]", From c163b402d0620a42a1c8ebaa402124722dc0c8a2 Mon Sep 17 00:00:00 2001 From: Antonio Vieiro Date: Tue, 3 Jun 2025 15:29:05 +0000 Subject: [PATCH 24/33] 8350498: Remove two Camerfirma root CA certificates Reviewed-by: sgehwolf Backport-of: 8894d6ad1b83553a5c60af51fd2de2319fd1d6ec --- .../data/cacerts/camerfirmachamberscommerceca | 35 ----------- jdk/make/data/cacerts/camerfirmachambersignca | 48 -------------- .../validator/CamerfirmaTLSPolicy.java | 31 +++------- .../security/lib/cacerts/VerifyCACerts.java | 10 +-- .../distrust/Camerfirma.java | 24 +++---- .../camerfirmachamberscommerceca-chain.pem | 48 -------------- .../camerfirmachambersignca-chain.pem | 62 ------------------- 7 files changed, 24 insertions(+), 234 deletions(-) delete mode 100644 jdk/make/data/cacerts/camerfirmachamberscommerceca delete mode 100644 jdk/make/data/cacerts/camerfirmachambersignca delete mode 100644 jdk/test/sun/security/ssl/X509TrustManagerImpl/distrust/chains/camerfirma/camerfirmachamberscommerceca-chain.pem delete mode 100644 jdk/test/sun/security/ssl/X509TrustManagerImpl/distrust/chains/camerfirma/camerfirmachambersignca-chain.pem diff --git a/jdk/make/data/cacerts/camerfirmachamberscommerceca b/jdk/make/data/cacerts/camerfirmachamberscommerceca deleted file mode 100644 index b92255f770..0000000000 --- a/jdk/make/data/cacerts/camerfirmachamberscommerceca +++ /dev/null @@ -1,35 +0,0 @@ -Owner: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU -Issuer: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU -Serial number: 0 -Valid from: Tue Sep 30 16:13:43 GMT 2003 until: Wed Sep 30 16:13:44 GMT 2037 -Signature algorithm name: SHA1withRSA -Subject Public Key Algorithm: 2048-bit RSA key -Version: 3 ------BEGIN CERTIFICATE----- -MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn -MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL -ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg -b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa -MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB -ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw -IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B -AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb -unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d -BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq -7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3 -0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX -roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG -A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j -aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p -26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA -BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud -EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN -BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz -aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB -AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd -p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi -1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc -XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0 -eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu -tGWaIZDgqtCYvDi1czyL+Nw= ------END CERTIFICATE----- diff --git a/jdk/make/data/cacerts/camerfirmachambersignca b/jdk/make/data/cacerts/camerfirmachambersignca deleted file mode 100644 index 935eea9c21..0000000000 --- a/jdk/make/data/cacerts/camerfirmachambersignca +++ /dev/null @@ -1,48 +0,0 @@ -Owner: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU -Issuer: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU -Serial number: c9cdd3e9d57d23ce -Valid from: Fri Aug 01 12:31:40 GMT 2008 until: Sat Jul 31 12:31:40 GMT 2038 -Signature algorithm name: SHA1withRSA -Subject Public Key Algorithm: 4096-bit RSA key -Version: 3 ------BEGIN CERTIFICATE----- -MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD -VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 -IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 -MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD -aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx -MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy -cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG -A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl -BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI -hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed -KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7 -G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2 -zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4 -ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG -HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2 -Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V -yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e -beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r -6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh -wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog -zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW -BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr -ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp -ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk -cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt -YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC -CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow -KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI -hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ -UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz -X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x -fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz -a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd -Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd -SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O -AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso -M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge -v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z -09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B ------END CERTIFICATE----- diff --git a/jdk/src/share/classes/sun/security/validator/CamerfirmaTLSPolicy.java b/jdk/src/share/classes/sun/security/validator/CamerfirmaTLSPolicy.java index 071617970f..d30cb067df 100644 --- a/jdk/src/share/classes/sun/security/validator/CamerfirmaTLSPolicy.java +++ b/jdk/src/share/classes/sun/security/validator/CamerfirmaTLSPolicy.java @@ -46,27 +46,14 @@ final class CamerfirmaTLSPolicy { private static final Debug debug = Debug.getInstance("certpath"); - // SHA-256 certificate fingerprints of distrusted roots - private static final Set FINGERPRINTS = - Collections.unmodifiableSet(new HashSet<>(Arrays.asList( - // cacerts alias: camerfirmachamberscommerceca - // DN: CN=Chambers of Commerce Root, - // OU=http://www.chambersign.org, - // O=AC Camerfirma SA CIF A82743287, C=EU - "0C258A12A5674AEF25F28BA7DCFAECEEA348E541E6F5CC4EE63B71B361606AC3", - // cacerts alias: camerfirmachambersca - // DN: CN=Chambers of Commerce Root - 2008, - // O=AC Camerfirma S.A., SERIALNUMBER=A82743287, - // L=Madrid (see current address at www.camerfirma.com/address), - // C=EU - "063E4AFAC491DFD332F3089B8542E94617D893D7FE944E10A7937EE29D9693C0", - // cacerts alias: camerfirmachambersignca - // DN: CN=Global Chambersign Root - 2008, - // O=AC Camerfirma S.A., SERIALNUMBER=A82743287, - // L=Madrid (see current address at www.camerfirma.com/address), - // C=EU - "136335439334A7698016A0D324DE72284E079D7B5220BB8FBD747816EEBEBACA" - ))); + // SHA-256 certificate fingerprint of distrusted root for TLS + // cacerts alias: camerfirmachambersca + // DN: CN=Chambers of Commerce Root - 2008, + // O=AC Camerfirma S.A., SERIALNUMBER=A82743287, + // L=Madrid (see current address at www.camerfirma.com/address), + // C=EU + private static final String FINGERPRINT = + "063E4AFAC491DFD332F3089B8542E94617D893D7FE944E10A7937EE29D9693C0"; // Any TLS Server certificate that is anchored by one of the Camerfirma // roots above and is issued after this date will be distrusted. @@ -89,7 +76,7 @@ static void checkDistrust(X509Certificate[] chain) throw new ValidatorException("Cannot generate fingerprint for " + "trust anchor of TLS server certificate"); } - if (FINGERPRINTS.contains(fp)) { + if (FINGERPRINT.equalsIgnoreCase(fp)) { Date notBefore = chain[0].getNotBefore(); LocalDate ldNotBefore = notBefore.toInstant() .atZone(ZoneOffset.UTC).toLocalDate(); diff --git a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java index edaf71d1a8..50ac243f30 100644 --- a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java +++ b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java @@ -28,7 +28,7 @@ * 8223499 8225392 8232019 8234245 8233223 8225068 8225069 8243321 8243320 * 8243559 8225072 8258630 8259312 8256421 8225081 8225082 8225083 8245654 * 8305975 8304760 8307134 8295894 8314960 8317373 8317374 8318759 8319187 - * 8321408 8316138 8341057 8303770 + * 8321408 8316138 8341057 8303770 8350498 * @summary Check root CA entries in cacerts file */ import java.io.ByteArrayInputStream; @@ -54,12 +54,12 @@ public class VerifyCACerts { + File.separator + "security" + File.separator + "cacerts"; // The numbers of certs now. - private static final int COUNT = 111; + private static final int COUNT = 109; // SHA-256 of cacerts, can be generated with // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 private static final String CHECKSUM - = "B7:60:5A:7A:01:0A:9F:47:E3:46:B9:30:E1:FC:A2:71:69:58:76:CB:8C:85:2B:FF:1A:D5:92:71:AF:F5:60:8F"; + = "07:21:E0:F8:EA:55:CC:93:24:2E:74:07:4B:6B:CE:F3:81:C3:BB:47:5B:85:A2:F1:9E:44:CD:C0:99:55:D7:5F"; // map of cert alias to SHA-256 fingerprint @SuppressWarnings("serial") @@ -74,10 +74,6 @@ public class VerifyCACerts { "ED:F7:EB:BC:A2:7A:2A:38:4D:38:7B:7D:40:10:C6:66:E2:ED:B4:84:3E:4C:29:B4:AE:1D:5B:93:32:E6:B2:4D"); put("camerfirmachambersca [jdk]", "06:3E:4A:FA:C4:91:DF:D3:32:F3:08:9B:85:42:E9:46:17:D8:93:D7:FE:94:4E:10:A7:93:7E:E2:9D:96:93:C0"); - put("camerfirmachambersignca [jdk]", - "13:63:35:43:93:34:A7:69:80:16:A0:D3:24:DE:72:28:4E:07:9D:7B:52:20:BB:8F:BD:74:78:16:EE:BE:BA:CA"); - put("camerfirmachamberscommerceca [jdk]", - "0C:25:8A:12:A5:67:4A:EF:25:F2:8B:A7:DC:FA:EC:EE:A3:48:E5:41:E6:F5:CC:4E:E6:3B:71:B3:61:60:6A:C3"); put("certumca [jdk]", "D8:E0:FE:BC:1D:B2:E3:8D:00:94:0F:37:D2:7D:41:34:4D:99:3E:73:4B:99:D5:65:6D:97:78:D4:D8:14:36:24"); put("certumtrustednetworkca [jdk]", diff --git a/jdk/test/sun/security/ssl/X509TrustManagerImpl/distrust/Camerfirma.java b/jdk/test/sun/security/ssl/X509TrustManagerImpl/distrust/Camerfirma.java index 5ddcc0aef3..b45d3d9465 100644 --- a/jdk/test/sun/security/ssl/X509TrustManagerImpl/distrust/Camerfirma.java +++ b/jdk/test/sun/security/ssl/X509TrustManagerImpl/distrust/Camerfirma.java @@ -21,17 +21,19 @@ * questions. */ +import javax.net.ssl.X509TrustManager; import java.io.File; import java.security.Security; -import java.time.*; -import java.util.*; -import javax.net.ssl.*; +import java.time.LocalDate; +import java.time.ZoneOffset; +import java.time.ZonedDateTime; +import java.util.Date; -/** +/* * @test - * @bug 8346587 + * @bug 8346587 8350498 * @summary Check that TLS Server certificates chaining back to distrusted - * Camerfirma roots are invalid + * Camerfirma root are invalid * @library /lib/security * @modules java.base/sun.security.validator * @run main/othervm Camerfirma after policyOn invalid @@ -42,13 +44,11 @@ public class Camerfirma { - private static final String certPath = "chains" + File.separator + "camerfirma"; + private static final String CERT_PATH = "chains" + File.separator + "camerfirma"; // Each of the roots have a test certificate chain stored in a file // named "-chain.pem". - private static String[] rootsToTest = new String[] { - "camerfirmachamberscommerceca", "camerfirmachambersca", - "camerfirmachambersignca"}; + private static final String ROOT_TO_TEST = "camerfirmachambersca"; // Date after the restrictions take effect private static final ZonedDateTime DISTRUST_DATE = @@ -56,7 +56,7 @@ public class Camerfirma { public static void main(String[] args) throws Exception { - // All of the test certificates are signed with SHA-1 so we need + // All the test certificates are signed with SHA-1, so we need // to remove the constraint that disallows SHA-1 certificates. String prop = Security.getProperty("jdk.certpath.disabledAlgorithms"); String newProp = prop.replace(", SHA1 jdkCA & usage TLSServer", ""); @@ -70,6 +70,6 @@ public static void main(String[] args) throws Exception { }; Date notBefore = distrust.getNotBefore(DISTRUST_DATE); - distrust.testCertificateChain(certPath, notBefore, tms, rootsToTest); + distrust.testCertificateChain(CERT_PATH, notBefore, tms, ROOT_TO_TEST); } } diff --git a/jdk/test/sun/security/ssl/X509TrustManagerImpl/distrust/chains/camerfirma/camerfirmachamberscommerceca-chain.pem b/jdk/test/sun/security/ssl/X509TrustManagerImpl/distrust/chains/camerfirma/camerfirmachamberscommerceca-chain.pem deleted file mode 100644 index b27d46c17c..0000000000 --- a/jdk/test/sun/security/ssl/X509TrustManagerImpl/distrust/chains/camerfirma/camerfirmachamberscommerceca-chain.pem +++ /dev/null @@ -1,48 +0,0 @@ -Owner: CN=AC Camerfirma Certificados Camerales, - O=AC Camerfirma SA, SERIALNUMBER=A82743287, - L=Madrid (see current address at www.camerfirma.com/address), - EMAILADDRESS=ac_camerfirma_cc@camerfirma.com, C=ES -Issuer: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, - O=AC Camerfirma SA CIF A82743287, C=EU -Serial number: 5 -Valid from: Mon Feb 09 07:42:47 PST 2004 until: Thu Feb 09 07:42:47 PST 2034 -Certificate fingerprints: - SHA1: 9F:36:B4:BE:9D:AF:1C:91:01:B2:D7:61:58:FB:95:CB:53:82:01:10 - SHA256: C7:D8:43:81:E1:1F:7C:57:46:77:1A:F5:B0:50:DC:51:FC:6F:DA:D6:F6:F3:5B:B5:3A:3D:E9:13:82:2E:A0:9E -Signature algorithm name: SHA1withRSA (weak) -Subject Public Key Algorithm: 2048-bit RSA key -Version: 3 - ------BEGIN CERTIFICATE----- -MIIFwDCCBKigAwIBAgIBBTANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn -MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL -ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg -b2YgQ29tbWVyY2UgUm9vdDAeFw0wNDAyMDkxNTQyNDdaFw0zNDAyMDkxNTQyNDda -MIHgMQswCQYDVQQGEwJFUzEuMCwGCSqGSIb3DQEJARYfYWNfY2FtZXJmaXJtYV9j -Y0BjYW1lcmZpcm1hLmNvbTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBh -ZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJ -QTgyNzQzMjg3MRkwFwYDVQQKExBBQyBDYW1lcmZpcm1hIFNBMS0wKwYDVQQDEyRB -QyBDYW1lcmZpcm1hIENlcnRpZmljYWRvcyBDYW1lcmFsZXMwggEgMA0GCSqGSIb3 -DQEBAQUAA4IBDQAwggEIAoIBAQCjxnvvj01f36lgGhihRYVf1fAPEXsTJKrY4aLQ -cEUSh5szZE7VTtGiyMTMc2uCmnaXafjYHK8Lgmy6T9xxGEZ5OS4x6rgtuPyy13AP -tu3X3Y2kPVLu7ZMw5HoQC64wBj6YcnxTnBwmVW05DjzRXp6OyBIEKEaAB9vv2qEl -fh/Y234FG6Wd/ut1s0ScRZAo+6CSMNQxaY+ryXKD11uWkzWXJa9UZOasG7z4uPqc -Gr4/Hz2/CTLDTgp0xkMJYuzOztpUvOACrxlkS2utKUwVlAikJnboNwf/en94RbHN -zkKc5t0SAbzCf57ueawbzxSdPa+SAC25FNur64FKkfdq5PPjAgEDo4IB5TCCAeEw -EgYDVR0TAQH/BAgwBgEB/wIBCzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3Js -LmNoYW1iZXJzaWduLm9yZy9jaGFtYmVyc3Jvb3QuY3JsMB0GA1UdDgQWBBS2H06d -HGiRLjdyYOFGj1qlKjExuTCBqwYDVR0jBIGjMIGggBTjlPWxTenboSlbV4tNdgZ2 -4dGiiqGBhKSBgTB/MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJt -YSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJz -aWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdIIBADAO -BgNVHQ8BAf8EBAMCAYYwKgYDVR0RBCMwIYEfYWNfY2FtZXJmaXJtYV9jY0BjYW1l -cmZpcm1hLmNvbTAnBgNVHRIEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24u -b3JnMFsGA1UdIARUMFIwUAYLKwYBBAGBhy4KCQEwQTA/BggrBgEFBQcCARYzaHR0 -cDovL2Nwcy5jYW1lcmZpcm1hLmNvbS9jcHMvYWNfY2FtZXJmaXJtYV9jYy5odG1s -MA0GCSqGSIb3DQEBBQUAA4IBAQBl8KoPBYL//EBonqQWS0N+hLfxImP1eQ6nac+v -R5QfF/0w+VCTkShfKwHaa6V/W1dPlVwXSECuvXHkX6DYrtxFGGFB6qxuP1rkIpRs -sTkAlpvOx3REiFjIkhsijKd/ijvqxjbMbuYU+EFACK/jQIRoj+LEEZ+haiqbALZB -Iqq/26HTqX0itDosBj6M94YWcIpbTDefQNWCGsSnZcw2+k+az/wAOZT6xAxlnEim -HpDDlgRsmaLrHpDPDoIRYOih0gbJTnn4mKex9Wgr0sZ+XFl03j+bvcXL1tiuQnwb -9dMRDe/OdXABT35W4ZzLbpost65ZW3Tx+oi/bLbmu6pbKCgs ------END CERTIFICATE----- diff --git a/jdk/test/sun/security/ssl/X509TrustManagerImpl/distrust/chains/camerfirma/camerfirmachambersignca-chain.pem b/jdk/test/sun/security/ssl/X509TrustManagerImpl/distrust/chains/camerfirma/camerfirmachambersignca-chain.pem deleted file mode 100644 index 2ab3091439..0000000000 --- a/jdk/test/sun/security/ssl/X509TrustManagerImpl/distrust/chains/camerfirma/camerfirmachambersignca-chain.pem +++ /dev/null @@ -1,62 +0,0 @@ -Owner: CN=AC Camerfirma - 2009, - L=Madrid (see current address at https://www.camerfirma.com/address), - SERIALNUMBER=A82743287, O=AC Camerfirma S.A., C=ES -Issuer: CN=Global Chambersign Root - 2008, - O=AC Camerfirma S.A., SERIALNUMBER=A82743287, - L=Madrid (see current address at www.camerfirma.com/address), C=EU -Serial number: 2 -Valid from: Mon Mar 16 10:16:25 PDT 2009 until: Sun Mar 11 10:16:25 PDT 2029 -Certificate fingerprints: - SHA1: BA:BA:69:CF:D5:CC:C9:4D:05:6B:5B:E7:80:5F:E2:03:CB:EB:5C:57 - SHA256: B6:8D:5D:9B:4E:A6:35:95:7C:0C:32:15:C2:0D:35:B2:21:7B:69:E3:49:C7:A3:04:C4:F9:7F:20:C4:08:1F:88 -Signature algorithm name: SHA1withRSA (weak) -Subject Public Key Algorithm: 4096-bit RSA key -Version: 3 - ------BEGIN CERTIFICATE----- -MIIIPzCCBiegAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBrDELMAkGA1UEBhMCRVUx -QzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2Ft -ZXJmaXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UE -ChMSQUMgQ2FtZXJmaXJtYSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNp -Z24gUm9vdCAtIDIwMDgwHhcNMDkwMzE2MTcxNjI1WhcNMjkwMzExMTcxNjI1WjCB -qjELMAkGA1UEBhMCRVMxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjESMBAG -A1UEBRMJQTgyNzQzMjg3MUswSQYDVQQHE0JNYWRyaWQgKHNlZSBjdXJyZW50IGFk -ZHJlc3MgYXQgaHR0cHM6Ly93d3cuY2FtZXJmaXJtYS5jb20vYWRkcmVzcykxHTAb -BgNVBAMTFEFDIENhbWVyZmlybWEgLSAyMDA5MIICIjANBgkqhkiG9w0BAQEFAAOC -Ag8AMIICCgKCAgEAmbHxFEYTJmMdPcYiPlWUGZu2+tQo4voohYi3dwCwoVuGdHSp -kyoqs1B3YGx4u5KT4n0A7+Bb8YQ/QzbNy7UQ4JXAK+rT8JpNeKIvfN4lHnQJaChE -4fdn0KpvHWymaNq2k+EbQClquZB6OsTLvsivwSuSnyLcUw5rbajj53wq77fwB12y -phMjwz2AnD1BvHZd3vLOaH1jRQP3zzNmyjT/Oj6+jdux7SBKlJWgQEaKflwcvYyc -DPFPhGM4KPwEGX61PCrS+l8Lw0Kdy6K4lE+GrfgJrXM5m1Ey1R0c9McYQQPAtYcm -cOnHHgkJdEAFVDa76T9C+lcMP6DNckbJIyc/ENrmM2v4rq/JnsJKEEx0VLyLizQx -cGU3gp4ckg0ImQ9hV3H/DLWEqfrPuD++zaV81gpstnc9+pLg0Jibvwg3qvIr7nS5 -acc//qqxH0iJGYoStHW5J5HoM9HcBvhACq5rjzjrNLPYSJqbPJwBHKcql/uUjQ6S -SVWe3/CeJp6/vGuY1aRXAk9c/8oO0ZDrLKE8LsUgZesTLnWGd1LQcyQf6UMG1nb9 -5C3eZRkCVpKma6Hl/SUQNukerlbLOU9InFGNPdeEVq1Jo62XeEi8KMbTPdXou6Yl -rpe99dFnOUjVOdY7gfBGSgIVJjORqf/V70jwsxcYz7j6PKl0XulJs06vpSECAwEA -AaOCAmowggJmMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFMgAD/zGUvyf -2ztkLjK5bi5x82V5MIHhBgNVHSMEgdkwgdaAFLkJypwe29NsOmuu7VTxW5MGNS5e -oYGypIGvMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy -cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG -A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl -BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwOIIJAMnN0+nVfSPO -MH0GCCsGAQUFBwEBBHEwbzBFBggrBgEFBQcwAoY5aHR0cDovL3d3dy5jYW1lcmZp -cm1hLmNvbS9jZXJ0cy9yb290X2NoYW1iZXJzaWduLTIwMDguY3J0MCYGCCsGAQUF -BzABhhpodHRwOi8vb2NzcC5jYW1lcmZpcm1hLmNvbTAOBgNVHQ8BAf8EBAMCAQYw -PgYDVR0gBDcwNTAzBgRVHSAAMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vcG9saWN5 -LmNhbWVyZmlybWEuY29tMH4GA1UdHwR3MHUwOKA2oDSGMmh0dHA6Ly9jcmwuY2Ft -ZXJmaXJtYS5jb20vY2hhbWJlcnNpZ25yb290LTIwMDguY3JsMDmgN6A1hjNodHRw -Oi8vY3JsMS5jYW1lcmZpcm1hLmNvbS9jaGFtYmVyc2lnbnJvb3QtMjAwOC5jcmww -DQYJKoZIhvcNAQEFBQADggIBABNYG4jBwoI7e8pCuUyDc6rwpE9H6AgrUdL7O1xK -TgTjDGBrMOBK+ZPS4Si8J3yZngvSrL694a1HmiiblJ+CmCdNGli2nBBM+OPK3tQB -4TW6hgkIe3vSNg/9o9y6+MAJcm8Kn0nPCBkSRME87NwvpehtekuF1G2ng1KDVwAn -F+eCXfNanEwY++vWbJAuPE69Z/0+rCgNyH1PzihiNu6vrUlSlLWKaG34O1DEttX+ -SsWTpEbpH9w5y9Vmw6WQ/B5nfhPM551HaMbiGgSxT9jHmf8APYQ3iT8EktcdTAdw -m1miiyxfKG+WjPT7P/x8Np1spJZw+sNIDTLdZ0T1XQ6obVkBTFUDSULKW8949HDu -VSwdl9Hu9lkDzzh9tyVYwwjEWVFZOiD/4TPVLfphf4ZEiyHt5YpNd9kZJIGGDxdc -CdtzPm2dQODFpv72LnPQHbuBQPJ71zkoAmyeM/1Qj0DlrFsPcYnbRasck1VmYgDc -Xc0+is0wcgCd7Gpx1zpEeVqwMD96am2xZPzd6nsbXvo+6TzsKLRMJo6nOERwrzuI -F+/eq3WXxYMt2UenJsHqwSgPJRMdl3SFz0+SZN0viHeLuwb7qaHN74qC6GP8yHGp -2xe6Z11mJDPLDSrQQ2dOceSJ1LurJgLP7amYmFlWwVnmM7LnfShhMWMV+MDrICnL -2ksL ------END CERTIFICATE----- From 711caa3ce056659a8f54c58b6cbbd3aaa221eaf4 Mon Sep 17 00:00:00 2001 From: Ekaterina Vergizova Date: Mon, 9 Jun 2025 15:50:15 +0000 Subject: [PATCH 25/33] 8356096: ISO 4217 Amendment 179 Update Reviewed-by: sgehwolf, andrew Backport-of: b8484be137a9d8bf6463188e1fc68b22db0b52c3 --- jdk/src/share/classes/java/util/CurrencyData.properties | 6 +++--- .../classes/sun/util/resources/CurrencyNames.properties | 4 +++- jdk/test/java/util/Currency/ISO4217-list-one.txt | 6 +++--- jdk/test/java/util/Currency/ValidateISO4217.java | 3 ++- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/jdk/src/share/classes/java/util/CurrencyData.properties b/jdk/src/share/classes/java/util/CurrencyData.properties index f1d746b3a7..79becc3e6d 100644 --- a/jdk/src/share/classes/java/util/CurrencyData.properties +++ b/jdk/src/share/classes/java/util/CurrencyData.properties @@ -1,5 +1,5 @@ # -# Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2000, 2025, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -31,7 +31,7 @@ formatVersion=2 # Version of the currency code information in this class. # It is a serial number that accompanies with each amendment. -dataVersion=177 +dataVersion=179 # List of all valid ISO 4217 currency codes. # To ensure compatibility, do not remove codes. @@ -53,7 +53,7 @@ all=ADP020-AED784-AFA004-AFN971-ALL008-AMD051-ANG532-AOA973-ARS032-ATS040-AUD036 SBD090-SCR690-SDD736-SDG938-SEK752-SGD702-SHP654-SIT705-SKK703-SLE925-SLL694-SOS706-\ SRD968-SRG740-SSP728-STD678-STN930-SVC222-SYP760-SZL748-THB764-TJS972-TMM795-TMT934-TND788-TOP776-\ TPE626-TRL792-TRY949-TTD780-TWD901-TZS834-UAH980-UGX800-USD840-USN997-USS998-UYI940-\ - UYU858-UZS860-VEB862-VED926-VEF937-VES928-VND704-VUV548-WST882-XAF950-XAG961-XAU959-XBA955-\ + UYU858-UZS860-VEB862-VED926-VEF937-VES928-VND704-VUV548-WST882-XAD396-XAF950-XAG961-XAU959-XBA955-\ XBB956-XBC957-XBD958-XCD951-XCG532-XDR960-XFO000-XFU000-XOF952-XPD964-XPF953-\ XPT962-XSU994-XTS963-XUA965-XXX999-YER886-YUM891-ZAR710-ZMK894-ZMW967-ZWD716-ZWG924-\ ZWL932-ZWN942-ZWR935 diff --git a/jdk/src/share/classes/sun/util/resources/CurrencyNames.properties b/jdk/src/share/classes/sun/util/resources/CurrencyNames.properties index 3ed4f873a3..e543398fac 100644 --- a/jdk/src/share/classes/sun/util/resources/CurrencyNames.properties +++ b/jdk/src/share/classes/sun/util/resources/CurrencyNames.properties @@ -1,5 +1,5 @@ # -# Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2005, 2025, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -258,6 +258,7 @@ VES=VES VND=VND VUV=VUV WST=WST +XAD=XAD XAF=XAF XAG=XAG XAU=XAU @@ -485,6 +486,7 @@ ves=Venezuelan Bol\u00edvar Soberano vnd=Vietnamese Dong vuv=Vanuatu Vatu wst=Samoan Tala +xad=Arab Accounting Dinar xaf=CFA Franc BEAC xag=Silver xau=Gold diff --git a/jdk/test/java/util/Currency/ISO4217-list-one.txt b/jdk/test/java/util/Currency/ISO4217-list-one.txt index 0561adb442..1ad1fcb097 100644 --- a/jdk/test/java/util/Currency/ISO4217-list-one.txt +++ b/jdk/test/java/util/Currency/ISO4217-list-one.txt @@ -1,12 +1,12 @@ # # -# Amendments up until ISO 4217 AMENDMENT NUMBER 176 -# (As of 20 June 2024) +# Amendments up until ISO 4217 AMENDMENT NUMBER 179 +# (As of 02 May 2025) # # Version FILEVERSION=2 -DATAVERSION=177 +DATAVERSION=179 # ISO 4217 currency data AF AFN 971 2 diff --git a/jdk/test/java/util/Currency/ValidateISO4217.java b/jdk/test/java/util/Currency/ValidateISO4217.java index e26769b6b8..50ef6c15d4 100644 --- a/jdk/test/java/util/Currency/ValidateISO4217.java +++ b/jdk/test/java/util/Currency/ValidateISO4217.java @@ -25,6 +25,7 @@ * @bug 4691089 4819436 4942982 5104960 6544471 6627549 7066203 7195759 * 8074350 8074351 8145952 8187946 8193552 8202026 8204269 * 8208746 8209775 8274658 8283277 8296239 8321480 8334653 + * 8356096 * @summary Validate ISO 4217 data for Currency class. */ @@ -97,7 +98,7 @@ public class ValidateISO4217 { "ADP-AFA-ATS-AYM-AZM-BEF-BGL-BOV-BYB-BYR-CHE-CHW-CLF-COU-CUC-CYP-" + "DEM-EEK-ESP-FIM-FRF-GHC-GRD-GWP-HRK-IEP-ITL-LTL-LUF-LVL-MGF-MRO-MTL-MXV-MZM-NLG-" + "PTE-ROL-RUR-SDD-SIT-SLL-SKK-SRG-STD-TMM-TPE-TRL-VEF-UYI-USN-USS-VEB-VED-" - + "XAG-XAU-XBA-XBB-XBC-XBD-XDR-XFO-XFU-XPD-XPT-XSU-XTS-XUA-XXX-" + + "XAD-XAG-XAU-XBA-XBB-XBC-XBD-XDR-XFO-XFU-XPD-XPT-XSU-XTS-XUA-XXX-" + "YUM-ZMK-ZWD-ZWL-ZWN-ZWR"; static boolean err = false; From 1e912a129c4074dac8bedbcb77dcb2a8284f5228 Mon Sep 17 00:00:00 2001 From: Antonio Vieiro Date: Mon, 16 Jun 2025 15:12:22 +0000 Subject: [PATCH 26/33] 8359170: Add 2 TLS and 2 CS Sectigo roots Reviewed-by: andrew Backport-of: e00605fcebe7b2716db6b95e7bcae47d85b88dce --- jdk/make/data/cacerts/sectigocodesignroote46 | 21 ++ jdk/make/data/cacerts/sectigocodesignrootr46 | 39 +++ jdk/make/data/cacerts/sectigotlsroote46 | 21 ++ jdk/make/data/cacerts/sectigotlsrootr46 | 39 +++ .../certification/CAInterop.java | 39 ++- .../certification/SectigoCSRootCAs.java | 310 ++++++++++++++++++ .../security/lib/cacerts/VerifyCACerts.java | 14 +- 7 files changed, 479 insertions(+), 4 deletions(-) create mode 100644 jdk/make/data/cacerts/sectigocodesignroote46 create mode 100644 jdk/make/data/cacerts/sectigocodesignrootr46 create mode 100644 jdk/make/data/cacerts/sectigotlsroote46 create mode 100644 jdk/make/data/cacerts/sectigotlsrootr46 create mode 100644 jdk/test/security/infra/java/security/cert/CertPathValidator/certification/SectigoCSRootCAs.java diff --git a/jdk/make/data/cacerts/sectigocodesignroote46 b/jdk/make/data/cacerts/sectigocodesignroote46 new file mode 100644 index 0000000000..7f13b28a40 --- /dev/null +++ b/jdk/make/data/cacerts/sectigocodesignroote46 @@ -0,0 +1,21 @@ +Owner: CN=Sectigo Public Code Signing Root E46, O=Sectigo Limited, C=GB +Issuer: CN=Sectigo Public Code Signing Root E46, O=Sectigo Limited, C=GB +Serial number: 50249ba2ef8ea6bf6c2c1f1a6385d4c3 +Valid from: Mon Mar 22 00:00:00 GMT 2021 until: Wed Mar 21 23:59:59 GMT 2046 +Signature algorithm name: SHA384withECDSA +Subject Public Key Algorithm: 384-bit EC (secp384r1) key +Version: 3 +-----BEGIN CERTIFICATE----- +MIICKDCCAa+gAwIBAgIQUCSbou+Opr9sLB8aY4XUwzAKBggqhkjOPQQDAzBWMQsw +CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMS0wKwYDVQQDEyRT +ZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25pbmcgUm9vdCBFNDYwHhcNMjEwMzIyMDAw +MDAwWhcNNDYwMzIxMjM1OTU5WjBWMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2Vj +dGlnbyBMaW1pdGVkMS0wKwYDVQQDEyRTZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25p +bmcgUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQIMoEDH487om+BR4zl +e7m6wWmyW0nAKLkUWG8kM85Qm3PZO8FoOZx6Yc5c0iJHRKuAhanllayqrmZYhlan +uIODzLTRDqlR+EtnOX+MubY5aDSPGUq6jiHrQrisVp0J3AejQjBAMB0GA1UdDgQW +BBTPfSygkHqYHd22XoXC4NoVcdLlXjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/ +BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjACd++zAerlV83j8HflRwwwlLmgchbs +aGX/4g44dv/oG8KfzCVTRg6sZHMobtK0IqYCMGk5W6+oBFyZMtOebrSwXs8lGjll +/zHz43Zy8DMXO+iiqzSEwWGneZ6KupkGGqfVKw== +-----END CERTIFICATE----- diff --git a/jdk/make/data/cacerts/sectigocodesignrootr46 b/jdk/make/data/cacerts/sectigocodesignrootr46 new file mode 100644 index 0000000000..38270cb0c5 --- /dev/null +++ b/jdk/make/data/cacerts/sectigocodesignrootr46 @@ -0,0 +1,39 @@ +Owner: CN=Sectigo Public Code Signing Root R46, O=Sectigo Limited, C=GB +Issuer: CN=Sectigo Public Code Signing Root R46, O=Sectigo Limited, C=GB +Serial number: 4b2c3b01018bad2abc8c7b5b3eed9057 +Valid from: Mon Mar 22 00:00:00 GMT 2021 until: Wed Mar 21 23:59:59 GMT 2046 +Signature algorithm name: SHA384withRSA +Subject Public Key Algorithm: 4096-bit RSA key +Version: 3 +-----BEGIN CERTIFICATE----- +MIIFeDCCA2CgAwIBAgIQSyw7AQGLrSq8jHtbPu2QVzANBgkqhkiG9w0BAQwFADBW +MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMS0wKwYDVQQD +EyRTZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25pbmcgUm9vdCBSNDYwHhcNMjEwMzIy +MDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBWMQswCQYDVQQGEwJHQjEYMBYGA1UEChMP +U2VjdGlnbyBMaW1pdGVkMS0wKwYDVQQDEyRTZWN0aWdvIFB1YmxpYyBDb2RlIFNp +Z25pbmcgUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCN +55QSIgQkdC7/FiMCkoq2rjaFrEfUI5ErPtx94jGgUW+shJHjUoq14pbe0IdjJImK +/+8Skzt9u7aKvb0Ffyeba2XTpQxpsbxJOZrxbW6q5KCDJ9qaDStQ6Utbs7hkNqR+ +Sj2pcaths3OzPAsM79szV+W+NDfjlxtd/R8SPYIDdub7P2bSlDFp+m2zNKzBenjc +klDyZMeqLQSrw2rq4C+np9xu1+j/2iGrQL+57g2extmeme/G3h+pDHazJyCh1rr9 +gOcB0u/rgimVcI3/uxXP/tEPNqIuTzKQdEZrRzUTdwUzT2MuuC3hv2WnBGsY2HH6 +zAjybYmZELGt2z4s5KoYsMYHAXVn3m3pY2MeNn9pib6qRT5uWl+PoVvLnTCGMOgD +s0DGDQ84zWeoU4j6uDBl+m/H5x2xg3RpPqzEaDux5mczmrYI4IAFSEDu9oJkRqj1 +c7AGlfJsZZ+/VVscnFcax3hGfHCqlBuCF6yH6bbJDoEcQNYWFyn8XJwYK+pF9e+9 +1WdPKF4F7pBMeufG9ND8+s0+MkYTIDaKBOq3qgdGnA2TOglmmVhcKaO5DKYwODzQ +RjY1fJy67sPV+Qp2+n4FG0DKkjXp1XrRtX8ArqmQqsV/AZwQsRb8zG4Y3G9i/qZQ +p7h7uJ0VP/4gDHXIIloTlRmQAOka1cKG8eOO7F/05QIDAQABo0IwQDAdBgNVHQ4E +FgQUMuuSmv81lkgvKEBCcCA2kVwXheYwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAHZlwuPXIkrXHYle/2lexhQCTXOm +zc0oyrA36r+nySGqql/av/aDbNCA0QpcAKTL88w5D55BcYjVPOiKe4wXI/fKNHSR +bAauUD8AWbImPDwXg1cDPi3RGj3UzwdUskMLUnKoiPXEF/Jv0Vil0WjkPZgIGO42 +9EhImvpUcPCI1HAWMEJJ0Nk/dUtFcdiuorthDoiFUFe5uhErNikfjyBynlyeidGC +2kWNapnahHFrM6UQu3nwl/Z0gaA/V8eGjDCMDjiVrgHGHqvcqB9vL9f/dh6uF3Nt +5bl1s2EGqJUzwk5vsjfylb6FVBK5yL1iQnb3Kvz1NzEDJlf+0ebb8BYCcoOMCLOE +rKnkB/ihiMQTWlBHVEKm7dBBNCyYsT6iNKEMXb2s9395p79tDFYyhRtLl7jhrOSk +PHHxo+FOY9b0Rrr1CwjhYzztolkvCtQsayOinqFN7tESzRgzUO1Bbst/PUFgC2ML +ePV170MVtzYLEK/cXBipmNk22R3YhLMGioLjexskp0LO7g8+VlwyfexL3lYrOzu6 ++XpY0FG2bNb2WKJSJHpEhqEcYD9J0/z6+YQcBcI0v+Lm8RkqmS9WVzWctfUHw0Yv +3jg9GQ37o/HfE57nqXJYMa+96trX1m13MzOO9Kz9wb9Jh9JwBWd0Bqb2eEAtFgSR +Dx/TFsS4ehcNJMmy +-----END CERTIFICATE----- diff --git a/jdk/make/data/cacerts/sectigotlsroote46 b/jdk/make/data/cacerts/sectigotlsroote46 new file mode 100644 index 0000000000..60e0b83c97 --- /dev/null +++ b/jdk/make/data/cacerts/sectigotlsroote46 @@ -0,0 +1,21 @@ +Owner: CN=Sectigo Public Server Authentication Root E46, O=Sectigo Limited, C=GB +Issuer: CN=Sectigo Public Server Authentication Root E46, O=Sectigo Limited, C=GB +Serial number: 42f2ccda1b6937445f15fe752810b8f4 +Valid from: Mon Mar 22 00:00:00 GMT 2021 until: Wed Mar 21 23:59:59 GMT 2046 +Signature algorithm name: SHA384withECDSA +Subject Public Key Algorithm: 384-bit EC (secp384r1) key +Version: 3 +-----BEGIN CERTIFICATE----- +MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQsw +CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T +ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcN +MjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYG +A1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT +ZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccC +WvkEN/U0NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+ +6xnOQ6OjQjBAMB0GA1UdDgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8B +Af8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjAn7qRa +qCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RHlAFWovgzJQxC36oCMB3q +4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21USAGKcw== +-----END CERTIFICATE----- diff --git a/jdk/make/data/cacerts/sectigotlsrootr46 b/jdk/make/data/cacerts/sectigotlsrootr46 new file mode 100644 index 0000000000..7ec1b263de --- /dev/null +++ b/jdk/make/data/cacerts/sectigotlsrootr46 @@ -0,0 +1,39 @@ +Owner: CN=Sectigo Public Server Authentication Root R46, O=Sectigo Limited, C=GB +Issuer: CN=Sectigo Public Server Authentication Root R46, O=Sectigo Limited, C=GB +Serial number: 758dfd8bae7c0700faa925a7e1c7ad14 +Valid from: Mon Mar 22 00:00:00 GMT 2021 until: Wed Mar 21 23:59:59 GMT 2046 +Signature algorithm name: SHA384withRSA +Subject Public Key Algorithm: 4096-bit RSA key +Version: 3 +-----BEGIN CERTIFICATE----- +MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBf +MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD +Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw +HhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEY +MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1Ymxp +YyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDa +ef0rty2k1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnz +SDBh+oF8HqcIStw+KxwfGExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xf +iOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMPFF1bFOdLvt30yNoDN9HWOaEhUTCDsG3X +ME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vuZDCQOc2TZYEhMbUjUDM3 +IuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5QazYw6A3OAS +VYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgE +SJ/AwSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu ++Zd4KKTIRJLpfSYFplhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt +8uaZFURww3y8nDnAtOFr94MlI1fZEoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+L +HaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW6aWWrL3DkJiy4Pmi1KZHQ3xt +zwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWIIUkwDgYDVR0P +AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c +mTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQ +YKlJfp/imTYpE0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52 +gDY9hAaLMyZlbcp+nv4fjFg4exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZA +Fv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M0ejf5lG5Nkc/kLnHvALcWxxPDkjB +JYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI84HxZmduTILA7rpX +DhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9mpFui +TdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5 +dHn5HrwdVw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65 +LvKRRFHQV80MNNVIIb/bE/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp +0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmmJ1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAY +QqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL +-----END CERTIFICATE----- diff --git a/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java b/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java index 96697b4f8e..ec1a14ae72 100644 --- a/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java +++ b/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023, 2024, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2023, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -506,6 +506,36 @@ * @run main/othervm -Djava.security.debug=certpath CAInterop ssltlsrootrsa2022 CRL */ +/* + * @test id=sectigotlsrootr46 + * @bug 8359170 + * @summary Interoperability tests with Sectigo Public Server Authentication + * Root R46 + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop + * sectigotlsrootr46 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp + * -Dcom.sun.security.ocsp.useget=false CAInterop sectigotlsrootr46 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop + * sectigotlsrootr46 CRL + */ + +/* + * @test id=sectigotlsroote46 + * @bug 8359170 + * @summary Interoperability tests with Sectigo Public Server Authentication + * Root E46 + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop + * sectigotlsroote46 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp + * -Dcom.sun.security.ocsp.useget=false CAInterop sectigotlsroote46 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop + * sectigotlsroote46 CRL + */ + /** * Collection of certificate validation tests for interoperability with external CAs */ @@ -689,6 +719,13 @@ private CATestURLs getTestURLs(String alias) { return new CATestURLs("https://test-root-2022-rsa.ssl.com", "https://revoked-root-2022-rsa.ssl.com"); + case "sectigotlsrootr46": + return new CATestURLs("https://sectigopublicserverauthenticationrootr46-ev.sectigo.com", + "https://sectigopublicserverauthenticationrootr46-ev.sectigo.com:444"); + case "sectigotlsroote46": + return new CATestURLs("https://sectigopublicserverauthenticationroote46-ev.sectigo.com", + "https://sectigopublicserverauthenticationroote46-ev.sectigo.com:444"); + default: throw new RuntimeException("No test setup found for: " + alias); } } diff --git a/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/SectigoCSRootCAs.java b/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/SectigoCSRootCAs.java new file mode 100644 index 0000000000..4c9356709e --- /dev/null +++ b/jdk/test/security/infra/java/security/cert/CertPathValidator/certification/SectigoCSRootCAs.java @@ -0,0 +1,310 @@ +/* + * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8359170 + * @summary Interoperability tests with Sectigo Public Code Signing Root CAs + * @build ValidatePathWithParams + * @run main/othervm -Djava.security.debug=ocsp,certpath SectigoCSRootCAs OCSP + * @run main/othervm -Djava.security.debug=certpath SectigoCSRootCAs CRL + */ + +public class SectigoCSRootCAs { + + public static void main(String[] args) throws Exception { + + ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); + + if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { + pathValidator.enableCRLCheck(); + } else { + // OCSP check by default + pathValidator.enableOCSPCheck(); + } + + new SectigoCSRootCA_R46().runTest(pathValidator); + new SectigoCSRootCA_E46().runTest(pathValidator); + } +} + +class SectigoCSRootCA_R46 { + + // Owner: CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB + // Issuer: CN=Sectigo Public Code Signing Root R46, O=Sectigo Limited, C=GB + // Serial number: 621d6d0c52019e3b9079152089211c0a + // Valid from: Sun Mar 21 17:00:00 PDT 2021 until: Fri Mar 21 16:59:59 + // PDT 2036 + private static final String INT = "-----BEGIN CERTIFICATE-----\n" + + "MIIGGjCCBAKgAwIBAgIQYh1tDFIBnjuQeRUgiSEcCjANBgkqhkiG9w0BAQwFADBW\n" + + "MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMS0wKwYDVQQD\n" + + "EyRTZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25pbmcgUm9vdCBSNDYwHhcNMjEwMzIy\n" + + "MDAwMDAwWhcNMzYwMzIxMjM1OTU5WjBUMQswCQYDVQQGEwJHQjEYMBYGA1UEChMP\n" + + "U2VjdGlnbyBMaW1pdGVkMSswKQYDVQQDEyJTZWN0aWdvIFB1YmxpYyBDb2RlIFNp\n" + + "Z25pbmcgQ0EgUjM2MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAmyud\n" + + "U/o1P45gBkNqwM/1f/bIU1MYyM7TbH78WAeVF3llMwsRHgBGRmxDeEDIArCS2VCo\n" + + "Vk4Y/8j6stIkmYV5Gej4NgNjVQ4BYoDjGMwdjioXan1hlaGFt4Wk9vT0k2oWJMJj\n" + + "L9G//N523hAm4jF4UjrW2pvv9+hdPX8tbbAfI3v0VdJiJPFy/7XwiunD7mBxNtec\n" + + "M6ytIdUlh08T2z7mJEXZD9OWcJkZk5wDuf2q52PN43jc4T9OkoXZ0arWZVeffvMr\n" + + "/iiIROSCzKoDmWABDRzV/UiQ5vqsaeFaqQdzFf4ed8peNWh1OaZXnYvZQgWx/SXi\n" + + "JDRSAolRzZEZquE6cbcH747FHncs/Kzcn0Ccv2jrOW+LPmnOyB+tAfiWu01TPhCr\n" + + "9VrkxsHC5qFNxaThTG5j4/Kc+ODD2dX/fmBECELcvzUHf9shoFvrn35XGf2RPaNT\n" + + "O2uSZ6n9otv7jElspkfK9qEATHZcodp+R4q2OIypxR//YEb3fkDn3UayWW9bAgMB\n" + + "AAGjggFkMIIBYDAfBgNVHSMEGDAWgBQy65Ka/zWWSC8oQEJwIDaRXBeF5jAdBgNV\n" + + "HQ4EFgQUDyrLIIcouOxvSK4rVKYpqhekzQwwDgYDVR0PAQH/BAQDAgGGMBIGA1Ud\n" + + "EwEB/wQIMAYBAf8CAQAwEwYDVR0lBAwwCgYIKwYBBQUHAwMwGwYDVR0gBBQwEjAG\n" + + "BgRVHSAAMAgGBmeBDAEEATBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsLnNl\n" + + "Y3RpZ28uY29tL1NlY3RpZ29QdWJsaWNDb2RlU2lnbmluZ1Jvb3RSNDYuY3JsMHsG\n" + + "CCsGAQUFBwEBBG8wbTBGBggrBgEFBQcwAoY6aHR0cDovL2NydC5zZWN0aWdvLmNv\n" + + "bS9TZWN0aWdvUHVibGljQ29kZVNpZ25pbmdSb290UjQ2LnA3YzAjBggrBgEFBQcw\n" + + "AYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wDQYJKoZIhvcNAQEMBQADggIBAAb/\n" + + "guF3YzZue6EVIJsT/wT+mHVEYcNWlXHRkT+FoetAQLHI1uBy/YXKZDk8+Y1LoNqH\n" + + "rp22AKMGxQtgCivnDHFyAQ9GXTmlk7MjcgQbDCx6mn7yIawsppWkvfPkKaAQsiqa\n" + + "T9DnMWBHVNIabGqgQSGTrQWo43MOfsPynhbz2Hyxf5XWKZpRvr3dMapandPfYgoZ\n" + + "8iDL2OR3sYztgJrbG6VZ9DoTXFm1g0Rf97Aaen1l4c+w3DC+IkwFkvjFV3jS49ZS\n" + + "c4lShKK6BrPTJYs4NG1DGzmpToTnwoqZ8fAmi2XlZnuchC4NPSZaPATHvNIzt+z1\n" + + "PHo35D/f7j2pO1S8BCysQDHCbM5Mnomnq5aYcKCsdbh0czchOm8bkinLrYrKpii+\n" + + "Tk7pwL7TjRKLXkomm5D1Umds++pip8wH2cQpf93at3VDcOK4N7EwoIJB0kak6pSz\n" + + "Eu4I64U6gZs7tS/dGNSljf2OSSnRr7KWzq03zl8l75jy+hOds9TWSenLbjBQUGR9\n" + + "6cFr6lEUfAIEHVC1L68Y1GGxx4/eRI82ut83axHMViw1+sVpbPxg51Tbnio1lB93\n" + + "079WPFnYaOvfGAA0e0zcfF/M9gXr+korwQTh2Prqooq2bYNMvUoUKD85gnJ+t0sm\n" + + "rWrb8dee2CvYZXD5laGtaAxOfy/VKNmwuWuAh9kc\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=Sectigo Limited, O=Sectigo Limited, ST=West Yorkshire, C=GB + // Issuer: CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB + // Serial number: c1de046377578f1605414f3fa91bf5f6 + // Valid from: Wed Jun 04 17:00:00 PDT 2025 until: Fri Jun 05 16:59:59 + // PDT 2026 + private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIGRDCCBKygAwIBAgIRAMHeBGN3V48WBUFPP6kb9fYwDQYJKoZIhvcNAQEMBQAw\n" + + "VDELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDErMCkGA1UE\n" + + "AxMiU2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5nIENBIFIzNjAeFw0yNTA2MDUw\n" + + "MDAwMDBaFw0yNjA2MDUyMzU5NTlaMFoxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5X\n" + + "ZXN0IFlvcmtzaGlyZTEYMBYGA1UECgwPU2VjdGlnbyBMaW1pdGVkMRgwFgYDVQQD\n" + + "DA9TZWN0aWdvIExpbWl0ZWQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\n" + + "AQDCYjakgsoYkqVpENW0MuN5hBZDdIM60WJgBXU7zTAXORntSu/Grn/SQywwTg4o\n" + + "ltRcKuCp0Cd5zLAIjtgpVDDACWHgxKUtxerjjBZeGp0+viR+biLL0mVNPXgZZ5bQ\n" + + "AnDYVKJaGnPsXQD8l+Bn/R2c4cw7mXjBYp2KrTuqOBkPzk4LmdgpKXjxiw1yYb+n\n" + + "WKZ+3BMLIU6/k+LB9+WB6Odrl4Lff1jB4C6XhQELGjZAbpkFB2+Qr0ajIA3ZFXqU\n" + + "IMh0j5oD5juuXxryOvCgSBkEwxPHnlXxZBNd3DmrZ9NGClBIGE2f9FOjzo5Rl7lV\n" + + "KlzFdFmcH8LaLtWjniF+iT+YZw3Ld1O9VMK7RaHePsS4JYfbjeapoCEgudecmIz4\n" + + "5Q2tTjCdR5s/SxiVbynfEw+cAGeiv4sRXNSg0uhZ2eGMHh6mPley2pUoRMR8Qx1U\n" + + "0Uzg2NtPsHAo0DIH3jKEWU2zP5UPwCfqKYGaZLNLeGh07NZHBCp3TGp9kPVen5Ib\n" + + "tnJssu+pab7fixvbpDM4/r9MkKU6C1IsE6lffyON0PA6LaywwecYTJGpieXqoz03\n" + + "5UmQXvAzkb9omIAcQ6yWMZNrqwwG9XRKQEhvG3v7sbFkck1KZOz4r/KHkLx9sIxm\n" + + "vngdD/qLFebxPIvPT0GKnvSzuGcdQXVTdkZBBBrunv+XpQIDAQABo4IBiTCCAYUw\n" + + "HwYDVR0jBBgwFoAUDyrLIIcouOxvSK4rVKYpqhekzQwwHQYDVR0OBBYEFGMpbbJO\n" + + "xiuD6t+HEyA3hjp4devXMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBMG\n" + + "A1UdJQQMMAoGCCsGAQUFBwMDMEoGA1UdIARDMEEwNQYMKwYBBAGyMQECAQMCMCUw\n" + + "IwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAEEATBJ\n" + + "BgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29Q\n" + + "dWJsaWNDb2RlU2lnbmluZ0NBUjM2LmNybDB5BggrBgEFBQcBAQRtMGswRAYIKwYB\n" + + "BQUHMAKGOGh0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY0NvZGVT\n" + + "aWduaW5nQ0FSMzYuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdv\n" + + "LmNvbTANBgkqhkiG9w0BAQwFAAOCAYEAP2OCzJ+0hrg4XK3w+Ypoe0G5hKfzZ9RH\n" + + "nDcgY8BjgWYVOlN9ad2bU70RfgkZzylkaSt02KHOpkXmYpgfjZsovmyUchvlZ4fU\n" + + "RmivZleuO3G/ZvDFX373S40QFDd+lC1LYYUolRVz7/ZU2Vzql4FxsM1psRaW17xj\n" + + "jf9qaAvDlOH45eEEkfRUbIDdn1UYqDxdCN+90jtD1vRWkYINvE1T6mq3rHpEVoTS\n" + + "dIOgmcSL3MAKMB0LxWUPfoVdhnoUuoIxIAcV1SuR6zej4wHjClEaR8ReT/C23Jr3\n" + + "hQ4VDbfGu3gvlZG8/+lNmT+t4WaNPECxbFP0BgbD70FP594mSVH3fgptYiiRN7ez\n" + + "iUfOSBeCZpSMm7Z5P0KkxkagyFIR3vzgvqbJS/iaomvd9ZIkd9AwMEhugJpITeZj\n" + + "lKSXs+2q2UHQdLTPGVoOjmqyPhDGKAeVVF+jLIUWwtAaAoJm6ooXSp8sAeLA+e+K\n" + + "6RUFETVxhCefCjkbWq64OYLXriDb0l+W\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=Sectigo Limited, O=Sectigo Limited, ST=West Yorkshire, C=GB + // Issuer: CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB + // Serial number: 5ca6fb60da04db99dedbbc0c37131ec + // Valid from: Wed Jun 04 17:00:00 PDT 2025 until: Sun Jun 04 16:59:59 + // PDT 2028 + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIGQzCCBKugAwIBAgIQBcpvtg2gTbmd7bvAw3Ex7DANBgkqhkiG9w0BAQwFADBU\n" + + "MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSswKQYDVQQD\n" + + "EyJTZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25pbmcgQ0EgUjM2MB4XDTI1MDYwNTAw\n" + + "MDAwMFoXDTI4MDYwNDIzNTk1OVowWjELMAkGA1UEBhMCR0IxFzAVBgNVBAgMDldl\n" + + "c3QgWW9ya3NoaXJlMRgwFgYDVQQKDA9TZWN0aWdvIExpbWl0ZWQxGDAWBgNVBAMM\n" + + "D1NlY3RpZ28gTGltaXRlZDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB\n" + + "ALDjoFCMN16zlrcv/saieSYT7FXEhTVDPLNzGAbNdBEX09FoL5EIkiN3biVIbDki\n" + + "bIocCFpo/yTrjARG/zz82AjdWHyomdtDjL35CQmgiUX7V8tu64xUfUAgadqm+0PL\n" + + "by1LRddKE7chpdJu+EDEmeYDPqcRGM+u8suPgosFf6XfVNFy/FZJiD1c7q6JNZ8i\n" + + "5NrvTs0zA9HckKE3uvPO9rw56EyF3SfUz9+zHKHwSElv8nCYpREudUf4yCzPNisK\n" + + "MVovzeCo36nzJFEdWTnDOr4mtvfCEGvJOU3mgzpECK7QF+yFifr90SG4lvrwzkig\n" + + "wYQymukXmB2gxN1tGOvgLig3Q/b4vljBiEeRPEba/L8YQnaXpR/BnPze8yb2t39l\n" + + "bzmnghkWkGA0PAB2vrzpi7pq12fGOD0+ErtAzAl/TAD/UFWwXDQLWX9LXRRKi5E+\n" + + "ScTlqLl9U1q9HsWYfM6CvLbc32TByaQ8yBytvsSRB0C0blp7CtP5MAc8j9xJdwAs\n" + + "Mj2bvSOfA+NJ0Kdg/tqdHHU6hex2HnGzDiEhovm6u/oAfDp/i2bBKLgARglMfGaC\n" + + "hFWeHLL6GAyBezMv+AQNCDCTYDMlqAihVMRUAfYgoHcVCfvTSETTTGdRUDFzIdCA\n" + + "wNwSVfykpadsev43I2IF+F3aNgJYuXnpxSCLPngemcgxAgMBAAGjggGJMIIBhTAf\n" + + "BgNVHSMEGDAWgBQPKssghyi47G9IritUpimqF6TNDDAdBgNVHQ4EFgQUlff/C/GC\n" + + "faJ+Y7ua3hKsCsrW9y4wDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwEwYD\n" + + "VR0lBAwwCgYIKwYBBQUHAwMwSgYDVR0gBEMwQTA1BgwrBgEEAbIxAQIBAwIwJTAj\n" + + "BggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQQBMEkG\n" + + "A1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1B1\n" + + "YmxpY0NvZGVTaWduaW5nQ0FSMzYuY3JsMHkGCCsGAQUFBwEBBG0wazBEBggrBgEF\n" + + "BQcwAoY4aHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUHVibGljQ29kZVNp\n" + + "Z25pbmdDQVIzNi5jcnQwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28u\n" + + "Y29tMA0GCSqGSIb3DQEBDAUAA4IBgQAfVq3mY7ggMcTJeWKKrGxs9RUiuAY0p4Xv\n" + + "CHNQViM/tHAn0t/nkPp+d2Ji3Zr6PefN+1F6zmsxsbZHse52JNHWYUwCb/Dx4Vw6\n" + + "3Wnc1zhXtZnvUTUfgrivuIsMjUG8yzTdEt/taMKEO0KqlKPsBPgFKveDVVaq9UZa\n" + + "FfxTWqgrnvkvP/Lag/YeKKj4cJG+a/MJZJm7kvyaBNKXVAamr/bumoxKDzpD67ds\n" + + "n9qwBi2Mv0rRXvZ2SHQXzsJ/zjNKWUhpPVrpypaER7EUxjNuSgC4L8AmfvHiO67v\n" + + "9EVIEud+beP3FtCXl/cSHhVeDxiC0KBXXBl9zLBaYvCH+8iABnZLStLgBDtfdkfk\n" + + "TZEAGbrNOXJDMnKRxr8y377Zq+KHwfiTnyizACHyMMTi+CCwg1ZFGcLOHa5shByc\n" + + "Ln9lYysM1/5vrEjt3ZUw11+pDqbPCGS++xgAwcftKfJ0TZrW/g6NZ9URg+11H9ad\n" + + "WalBv2VkhJAFJam9P2Y+pi9luk85sGo=\n" + + "-----END CERTIFICATE-----"; + + public void runTest(ValidatePathWithParams pathValidator) throws Exception { + // Validate valid + pathValidator.validate(new String[]{VALID, INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Validate Revoked + pathValidator.validate(new String[]{REVOKED, INT}, + ValidatePathWithParams.Status.REVOKED, + "Thu Jun 05 10:27:45 PDT 2025", System.out); + } +} + +class SectigoCSRootCA_E46 { + + // Owner: CN=Sectigo Public Code Signing CA EV E36, O=Sectigo Limited, C=GB + // Issuer: CN=Sectigo Public Code Signing Root E46, O=Sectigo Limited, C=GB + // Serial number: 3774434f9eb40e221f9236ca1f2f2717 + // Valid from: Sun Mar 21 17:00:00 PDT 2021 until: Fri Mar 21 16:59:59 + // PDT 2036 + private static final String INT_VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIDMDCCAragAwIBAgIQN3RDT560DiIfkjbKHy8nFzAKBggqhkjOPQQDAzBWMQsw\n" + + "CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMS0wKwYDVQQDEyRT\n" + + "ZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25pbmcgUm9vdCBFNDYwHhcNMjEwMzIyMDAw\n" + + "MDAwWhcNMzYwMzIxMjM1OTU5WjBXMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2Vj\n" + + "dGlnbyBMaW1pdGVkMS4wLAYDVQQDEyVTZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25p\n" + + "bmcgQ0EgRVYgRTM2MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3mMV9nNViYoH\n" + + "4aSrPwFjpbbeXHw2pMbqezwDGb45uEZQr3qI9Hgt0k4R26o5upfXzJt03F8efu0r\n" + + "RNEs4yDDz6OCAWMwggFfMB8GA1UdIwQYMBaAFM99LKCQepgd3bZehcLg2hVx0uVe\n" + + "MB0GA1UdDgQWBBQadKQ417m2DrNb+txerj+28HM9iDAOBgNVHQ8BAf8EBAMCAYYw\n" + + "EgYDVR0TAQH/BAgwBgEB/wIBADATBgNVHSUEDDAKBggrBgEFBQcDAzAaBgNVHSAE\n" + + "EzARMAYGBFUdIAAwBwYFZ4EMAQMwSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2Ny\n" + + "bC5zZWN0aWdvLmNvbS9TZWN0aWdvUHVibGljQ29kZVNpZ25pbmdSb290RTQ2LmNy\n" + + "bDB7BggrBgEFBQcBAQRvMG0wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jcnQuc2VjdGln\n" + + "by5jb20vU2VjdGlnb1B1YmxpY0NvZGVTaWduaW5nUm9vdEU0Ni5wN2MwIwYIKwYB\n" + + "BQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMAoGCCqGSM49BAMDA2gAMGUC\n" + + "MQCger3L4CYx2W7HyHzvLaAnNee9QVqOwOrBYZyyqXERLtZg1DscsdoYZ2gszEW3\n" + + "zaUCMAaLtcwdoV35ADpru29wChS7kFgXt599Ex27wmL++uJCJth6xYr3nyF2b2YJ\n" + + "DAatOw==\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=Sectigo Public Code Signing CA E36, O=Sectigo Limited, C=GB + // Issuer: CN=Sectigo Public Code Signing Root E46, O=Sectigo Limited, C=GB + // Serial number: 3602617636e7034b9cc1fc5ffeac2d54 + // Valid from: Sun Mar 21 17:00:00 PDT 2021 until: Fri Mar 21 16:59:59 + // PDT 2036 + private static final String INT_REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIDLjCCArSgAwIBAgIQNgJhdjbnA0ucwfxf/qwtVDAKBggqhkjOPQQDAzBWMQsw\n" + + "CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMS0wKwYDVQQDEyRT\n" + + "ZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25pbmcgUm9vdCBFNDYwHhcNMjEwMzIyMDAw\n" + + "MDAwWhcNMzYwMzIxMjM1OTU5WjBUMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2Vj\n" + + "dGlnbyBMaW1pdGVkMSswKQYDVQQDEyJTZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25p\n" + + "bmcgQ0EgRTM2MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElDe1m6jawDhrwMxJ\n" + + "yFPhKYf8EGu+lBw3bF5CzmfaH1I7Zi+WAmkeEwS3tiNxzPh8GbBBLtdaRuqGuyWc\n" + + "W6ERmaOCAWQwggFgMB8GA1UdIwQYMBaAFM99LKCQepgd3bZehcLg2hVx0uVeMB0G\n" + + "A1UdDgQWBBQlDZtt2Bh3t4rDOFFW5cfytf+DajAOBgNVHQ8BAf8EBAMCAYYwEgYD\n" + + "VR0TAQH/BAgwBgEB/wIBADATBgNVHSUEDDAKBggrBgEFBQcDAzAbBgNVHSAEFDAS\n" + + "MAYGBFUdIAAwCAYGZ4EMAQQBMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwu\n" + + "c2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY0NvZGVTaWduaW5nUm9vdEU0Ni5jcmww\n" + + "ewYIKwYBBQUHAQEEbzBtMEYGCCsGAQUFBzAChjpodHRwOi8vY3J0LnNlY3RpZ28u\n" + + "Y29tL1NlY3RpZ29QdWJsaWNDb2RlU2lnbmluZ1Jvb3RFNDYucDdjMCMGCCsGAQUF\n" + + "BzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAKBggqhkjOPQQDAwNoADBlAjBM\n" + + "ykNTSVvegC1m17yIi87qgx6QIGbw1Mw2bQ4gtOWBVb/C8ALByC1YK7yQJNLJFTkC\n" + + "MQCNBv3fe1eLrGELS5KQD0cEFbXGlzQ5r1mnOHePMqlK5d+rmMxff58/t6bo3QEb\n" + + "8SQ=\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=Sectigo Limited, O=Sectigo Limited, ST=West Yorkshire, C=GB, + // OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, + // SERIALNUMBER=04058690 + // Issuer: CN=Sectigo Public Code Signing CA EV E36, O=Sectigo Limited, C=GB + // Serial number: fa2aa131f36b337717ac73f606a6ec49 + // Valid from: Tue Feb 13 16:00:00 PST 2024 until: Sat Feb 13 15:59:59 + // PST 2027 + private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIDrjCCA1SgAwIBAgIRAPoqoTHzazN3F6xz9gam7EkwCgYIKoZIzj0EAwIwVzEL\n" + + "MAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDEuMCwGA1UEAxMl\n" + + "U2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5nIENBIEVWIEUzNjAeFw0yNDAyMTQw\n" + + "MDAwMDBaFw0yNzAyMTMyMzU5NTlaMIGhMREwDwYDVQQFEwgwNDA1ODY5MDETMBEG\n" + + "CysGAQQBgjc8AgEDEwJHQjEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24x\n" + + "CzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5XZXN0IFlvcmtzaGlyZTEYMBYGA1UECgwP\n" + + "U2VjdGlnbyBMaW1pdGVkMRgwFgYDVQQDDA9TZWN0aWdvIExpbWl0ZWQwWTATBgcq\n" + + "hkjOPQIBBggqhkjOPQMBBwNCAASwXGEU01WkW/hWNYza08ZT7i0ZeZ9M1s93JYEB\n" + + "rZ/f1Ho1YzxtToqgIK2o+32afablPFYWlE6wGyuL/TYggBpKo4IBtDCCAbAwHwYD\n" + + "VR0jBBgwFoAUGnSkONe5tg6zW/rcXq4/tvBzPYgwHQYDVR0OBBYEFHEcsJgcYuDO\n" + + "dv1raL6h83a6j9C/MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBMGA1Ud\n" + + "JQQMMAoGCCsGAQUFBwMDMEkGA1UdIARCMEAwNQYMKwYBBAGyMQECAQYBMCUwIwYI\n" + + "KwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAcGBWeBDAEDMEsGA1Ud\n" + + "HwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1B1Ymxp\n" + + "Y0NvZGVTaWduaW5nQ0FFVkUzNi5jcmwwewYIKwYBBQUHAQEEbzBtMEYGCCsGAQUF\n" + + "BzAChjpodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29QdWJsaWNDb2RlU2ln\n" + + "bmluZ0NBRVZFMzYuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdv\n" + + "LmNvbTAmBgNVHREEHzAdoBsGCCsGAQUFBwgDoA8wDQwLR0ItMDQwNTg2OTAwCgYI\n" + + "KoZIzj0EAwIDSAAwRQIgQVp7IIkEZNmC7GfmT1MSEhDebIjjzd75ZVEEbPP/4ocC\n" + + "IQDSyfPDKNMbKNOKrweDLwSE2GZV6nDWbiLz6ZmSZHob8w==\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=Sectigo Limited, O=Sectigo Limited, ST=West Yorkshire, C=GB + // Issuer: CN=Sectigo Public Code Signing CA E36, O=Sectigo Limited, C=GB + // Serial number: a1f601514271f24ca0a31c0d7b856705 + // Valid from: Wed Jun 04 17:00:00 PDT 2025 until: Sun Jun 04 16:59:59 + // PDT 2028 + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIDOTCCAt6gAwIBAgIRAKH2AVFCcfJMoKMcDXuFZwUwCgYIKoZIzj0EAwIwVDEL\n" + + "MAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDErMCkGA1UEAxMi\n" + + "U2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5nIENBIEUzNjAeFw0yNTA2MDUwMDAw\n" + + "MDBaFw0yODA2MDQyMzU5NTlaMFoxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5XZXN0\n" + + "IFlvcmtzaGlyZTEYMBYGA1UECgwPU2VjdGlnbyBMaW1pdGVkMRgwFgYDVQQDDA9T\n" + + "ZWN0aWdvIExpbWl0ZWQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASwXGEU01Wk\n" + + "W/hWNYza08ZT7i0ZeZ9M1s93JYEBrZ/f1Ho1YzxtToqgIK2o+32afablPFYWlE6w\n" + + "GyuL/TYggBpKo4IBiTCCAYUwHwYDVR0jBBgwFoAUJQ2bbdgYd7eKwzhRVuXH8rX/\n" + + "g2owHQYDVR0OBBYEFHEcsJgcYuDOdv1raL6h83a6j9C/MA4GA1UdDwEB/wQEAwIH\n" + + "gDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMEoGA1UdIARDMEEw\n" + + "NQYMKwYBBAGyMQECAQMCMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5j\n" + + "b20vQ1BTMAgGBmeBDAEEATBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLnNl\n" + + "Y3RpZ28uY29tL1NlY3RpZ29QdWJsaWNDb2RlU2lnbmluZ0NBRTM2LmNybDB5Bggr\n" + + "BgEFBQcBAQRtMGswRAYIKwYBBQUHMAKGOGh0dHA6Ly9jcnQuc2VjdGlnby5jb20v\n" + + "U2VjdGlnb1B1YmxpY0NvZGVTaWduaW5nQ0FFMzYuY3J0MCMGCCsGAQUFBzABhhdo\n" + + "dHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAKBggqhkjOPQQDAgNJADBGAiEAlEkiISLz\n" + + "PdJsFmVzJ2VZ8hnnVsOBXKbqISFQvIdguJoCIQCH4T0vwxn6uVkJpMvtxiMG/rYg\n" + + "jRFhfbxDcVee6likOw==\n" + + "-----END CERTIFICATE-----"; + + public void runTest(ValidatePathWithParams pathValidator) throws Exception { + // Validate valid + pathValidator.validate(new String[]{VALID, INT_VALID}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Validate Revoked + pathValidator.validate(new String[]{REVOKED, INT_REVOKED}, + ValidatePathWithParams.Status.REVOKED, + "Thu Jun 05 10:27:19 PDT 2025", System.out); + } +} diff --git a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java index 50ac243f30..dbd69e0bfe 100644 --- a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java +++ b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java @@ -28,7 +28,7 @@ * 8223499 8225392 8232019 8234245 8233223 8225068 8225069 8243321 8243320 * 8243559 8225072 8258630 8259312 8256421 8225081 8225082 8225083 8245654 * 8305975 8304760 8307134 8295894 8314960 8317373 8317374 8318759 8319187 - * 8321408 8316138 8341057 8303770 8350498 + * 8321408 8316138 8341057 8303770 8350498 8359170 * @summary Check root CA entries in cacerts file */ import java.io.ByteArrayInputStream; @@ -54,12 +54,12 @@ public class VerifyCACerts { + File.separator + "security" + File.separator + "cacerts"; // The numbers of certs now. - private static final int COUNT = 109; + private static final int COUNT = 113; // SHA-256 of cacerts, can be generated with // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 private static final String CHECKSUM - = "07:21:E0:F8:EA:55:CC:93:24:2E:74:07:4B:6B:CE:F3:81:C3:BB:47:5B:85:A2:F1:9E:44:CD:C0:99:55:D7:5F"; + = "1E:63:88:DF:34:AD:7E:61:3F:06:BD:C4:DC:FE:05:52:9B:0D:86:6E:64:DA:E8:25:7C:C0:15:8F:31:C0:2C:78"; // map of cert alias to SHA-256 fingerprint @SuppressWarnings("serial") @@ -284,6 +284,14 @@ public class VerifyCACerts { "C3:2F:FD:9F:46:F9:36:D1:6C:36:73:99:09:59:43:4B:9A:D6:0A:AF:BB:9E:7C:F3:36:54:F1:44:CC:1B:A1:43"); put("ssltlsrootrsa2022 [jdk]", "8F:AF:7D:2E:2C:B4:70:9B:B8:E0:B3:36:66:BF:75:A5:DD:45:B5:DE:48:0F:8E:A8:D4:BF:E6:BE:BC:17:F2:ED"); + put("sectigotlsrootr46 [jdk]", + "7B:B6:47:A6:2A:EE:AC:88:BF:25:7A:A5:22:D0:1F:FE:A3:95:E0:AB:45:C7:3F:93:F6:56:54:EC:38:F2:5A:06"); + put("sectigotlsroote46 [jdk]", + "C9:0F:26:F0:FB:1B:40:18:B2:22:27:51:9B:5C:A2:B5:3E:2C:A5:B3:BE:5C:F1:8E:FE:1B:EF:47:38:0C:53:83"); + put("sectigocodesignrootr46 [jdk]", + "7E:76:26:0A:E6:9A:55:D3:F0:60:B0:FD:18:B2:A8:C0:14:43:C8:7B:60:79:10:30:C9:FA:0B:05:85:10:1A:38"); + put("sectigocodesignroote46 [jdk]", + "8F:63:71:D8:CC:5A:A7:CA:14:96:67:A9:8B:54:96:39:89:51:E4:31:9F:7A:FB:CC:6A:66:0D:67:3E:43:8D:0B"); } }; From 181b252c79c3e808e1fe984ff1a9b3756a7dc98a Mon Sep 17 00:00:00 2001 From: Alexey Bakhtin Date: Wed, 4 Jun 2025 13:13:47 -0700 Subject: [PATCH 27/33] 8345625: Better HTTP connections Reviewed-by: mbalao, andrew --- .../classes/sun/net/ftp/impl/FtpClient.java | 6 ++- .../share/classes/sun/net/util/ProxyUtil.java | 49 +++++++++++++++++++ .../classes/sun/net/www/http/HttpClient.java | 10 ++-- .../www/protocol/ftp/FtpURLConnection.java | 6 ++- .../sun/net/www/protocol/ftp/Handler.java | 11 ++--- .../www/protocol/http/HttpURLConnection.java | 8 +-- 6 files changed, 71 insertions(+), 19 deletions(-) create mode 100644 jdk/src/share/classes/sun/net/util/ProxyUtil.java diff --git a/jdk/src/share/classes/sun/net/ftp/impl/FtpClient.java b/jdk/src/share/classes/sun/net/ftp/impl/FtpClient.java index 7af3eecb8b..260d2b02e5 100644 --- a/jdk/src/share/classes/sun/net/ftp/impl/FtpClient.java +++ b/jdk/src/share/classes/sun/net/ftp/impl/FtpClient.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -60,6 +60,7 @@ import java.util.regex.Pattern; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; + import sun.misc.BASE64Decoder; import sun.misc.BASE64Encoder; import sun.net.ftp.FtpDirEntry; @@ -69,6 +70,7 @@ import sun.net.util.IPAddressUtil; import sun.util.logging.PlatformLogger; +import static sun.net.util.ProxyUtil.copyProxy; public class FtpClient extends sun.net.ftp.FtpClient { @@ -996,7 +998,7 @@ public int getReadTimeout() { } public sun.net.ftp.FtpClient setProxy(Proxy p) { - proxy = p; + proxy = copyProxy(p); return this; } diff --git a/jdk/src/share/classes/sun/net/util/ProxyUtil.java b/jdk/src/share/classes/sun/net/util/ProxyUtil.java new file mode 100644 index 0000000000..dfb60671e3 --- /dev/null +++ b/jdk/src/share/classes/sun/net/util/ProxyUtil.java @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.net.util; + +import sun.net.ApplicationProxy; + +import java.net.Proxy; + +public final class ProxyUtil { + + private ProxyUtil() {} + + /** + * Creates a new {@link Proxy} instance for the given proxy iff it is + * neither null, {@link Proxy#NO_PROXY Proxy.NO_PROXY}, an + * {@link ApplicationProxy} instance, nor already a {@code Proxy} instance. + */ + public static Proxy copyProxy(Proxy proxy) { + return proxy == null + || proxy.getClass() == Proxy.class + || proxy instanceof ApplicationProxy + ? proxy + : new Proxy(proxy.type(), proxy.address()); + } + +} diff --git a/jdk/src/share/classes/sun/net/www/http/HttpClient.java b/jdk/src/share/classes/sun/net/www/http/HttpClient.java index e7440f0b65..f3d5735160 100644 --- a/jdk/src/share/classes/sun/net/www/http/HttpClient.java +++ b/jdk/src/share/classes/sun/net/www/http/HttpClient.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1994, 2019, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1994, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,6 +37,8 @@ import sun.net.www.ParseUtil; import sun.net.www.protocol.http.HttpURLConnection; import sun.util.logging.PlatformLogger; + +import static sun.net.util.ProxyUtil.copyProxy; import static sun.net.www.protocol.http.HttpURLConnection.TunnelState.*; /** @@ -231,7 +233,7 @@ public HttpClient(URL url, String proxyHost, int proxyPort) } protected HttpClient(URL url, Proxy p, int to) throws IOException { - proxy = (p == null) ? Proxy.NO_PROXY : p; + proxy = p == null ? Proxy.NO_PROXY : copyProxy(p); this.host = url.getHost(); this.url = url; port = url.getPort(); @@ -296,9 +298,7 @@ public static HttpClient New(URL url, boolean useCache) public static HttpClient New(URL url, Proxy p, int to, boolean useCache, HttpURLConnection httpuc) throws IOException { - if (p == null) { - p = Proxy.NO_PROXY; - } + p = p == null ? Proxy.NO_PROXY : copyProxy(p); HttpClient ret = null; /* see if one's already around */ if (useCache) { diff --git a/jdk/src/share/classes/sun/net/www/protocol/ftp/FtpURLConnection.java b/jdk/src/share/classes/sun/net/www/protocol/ftp/FtpURLConnection.java index 582687ba46..10944f5703 100644 --- a/jdk/src/share/classes/sun/net/www/protocol/ftp/FtpURLConnection.java +++ b/jdk/src/share/classes/sun/net/www/protocol/ftp/FtpURLConnection.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1994, 2019, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1994, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -47,6 +47,7 @@ import java.util.StringTokenizer; import java.util.Iterator; import java.security.Permission; + import sun.net.NetworkClient; import sun.net.util.IPAddressUtil; import sun.net.www.MessageHeader; @@ -60,6 +61,7 @@ import sun.net.www.ParseUtil; import sun.security.action.GetPropertyAction; +import static sun.net.util.ProxyUtil.copyProxy; /** * This class Opens an FTP input (or output) stream given a URL. @@ -242,7 +244,7 @@ public ProxySelector run() { URI uri = sun.net.www.ParseUtil.toURI(url); Iterator it = sel.select(uri).iterator(); while (it.hasNext()) { - p = it.next(); + p = copyProxy(it.next()); if (p == null || p == Proxy.NO_PROXY || p.type() == Proxy.Type.SOCKS) { break; diff --git a/jdk/src/share/classes/sun/net/www/protocol/ftp/Handler.java b/jdk/src/share/classes/sun/net/www/protocol/ftp/Handler.java index f5caad651e..41f4344aa7 100644 --- a/jdk/src/share/classes/sun/net/www/protocol/ftp/Handler.java +++ b/jdk/src/share/classes/sun/net/www/protocol/ftp/Handler.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1994, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1994, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,10 +32,7 @@ import java.io.IOException; import java.net.URL; import java.net.Proxy; -import java.util.Map; -import java.util.HashMap; -import sun.net.ftp.FtpClient; -import sun.net.www.protocol.http.HttpURLConnection; +import static sun.net.util.ProxyUtil.copyProxy; /** open an ftp connection given a URL */ public class Handler extends java.net.URLStreamHandler { @@ -56,8 +53,8 @@ protected java.net.URLConnection openConnection(URL u) return openConnection(u, null); } - protected java.net.URLConnection openConnection(URL u, Proxy p) + protected java.net.URLConnection openConnection(URL u, Proxy proxy) throws IOException { - return new FtpURLConnection(u, p); + return new FtpURLConnection(u, copyProxy(proxy)); } } diff --git a/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java b/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java index e3419c535e..c24542d518 100644 --- a/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java +++ b/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 2019, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1995, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -77,6 +77,8 @@ import java.util.TimeZone; import java.net.MalformedURLException; import java.nio.ByteBuffer; + +import static sun.net.util.ProxyUtil.copyProxy; import static sun.net.www.protocol.http.AuthScheme.BASIC; import static sun.net.www.protocol.http.AuthScheme.DIGEST; import static sun.net.www.protocol.http.AuthScheme.NTLM; @@ -880,7 +882,7 @@ protected HttpURLConnection(URL u, Proxy p, Handler handler) responses = new MessageHeader(maxHeaderSize); userHeaders = new MessageHeader(); this.handler = handler; - instProxy = p; + instProxy = copyProxy(p); if (instProxy instanceof sun.net.ApplicationProxy) { /* Application set Proxies should not have access to cookies * in a secure environment unless explicitly allowed. */ @@ -1171,7 +1173,7 @@ public ProxySelector run() { Iterator it = sel.select(uri).iterator(); Proxy p; while (it.hasNext()) { - p = it.next(); + p = copyProxy(it.next()); try { if (!failedOnce) { http = getNewHttpClient(url, p, connectTimeout); From 33624e872e7d40d3059f4c0d2967f140305378b8 Mon Sep 17 00:00:00 2001 From: Ilarion Nakonechnyy Date: Tue, 27 May 2025 16:14:48 -0700 Subject: [PATCH 28/33] 8348989: Better Glyph drawing Co-authored-by: Alexey Bakhtin Reviewed-by: avoitylov, mbalao, andrew Backport-of: 191c37a280faccfaecae033a68313ad06cdfc411 --- jdk/src/macosx/native/sun/font/AWTStrike.m | 4 +- .../macosx/native/sun/font/CGGlyphImages.h | 9 +- .../macosx/native/sun/font/CGGlyphImages.m | 101 ++++++++++++++---- 3 files changed, 93 insertions(+), 21 deletions(-) diff --git a/jdk/src/macosx/native/sun/font/AWTStrike.m b/jdk/src/macosx/native/sun/font/AWTStrike.m index e55a267d5f..5f022f0d99 100644 --- a/jdk/src/macosx/native/sun/font/AWTStrike.m +++ b/jdk/src/macosx/native/sun/font/AWTStrike.m @@ -156,7 +156,7 @@ + (AWTStrike *) awtStrikeForFont:(AWTFont *)awtFont // to indicate we should use CoreText to substitute the character CGGlyph glyph; const CTFontRef fallback = CTS_CopyCTFallbackFontAndGlyphForJavaGlyphCode(awtFont, glyphCode, &glyph); - CTFontGetAdvancesForGlyphs(fallback, kCTFontDefaultOrientation, &glyph, &advance, 1); + CGGlyphImages_GetGlyphMetrics(fallback, &awtStrike->fAltTx, awtStrike->fStyle, &glyph, 1, NULL, &advance); CFRelease(fallback); advance = CGSizeApplyAffineTransform(advance, awtStrike->fFontTx); if (!JRSFontStyleUsesFractionalMetrics(awtStrike->fStyle)) { @@ -193,7 +193,7 @@ + (AWTStrike *) awtStrikeForFont:(AWTFont *)awtFont const CTFontRef fallback = CTS_CopyCTFallbackFontAndGlyphForJavaGlyphCode(awtFont, glyphCode, &glyph); CGRect bbox; - JRSFontGetBoundingBoxesForGlyphsAndStyle(fallback, &tx, awtStrike->fStyle, &glyph, 1, &bbox); + CGGlyphImages_GetGlyphMetrics(fallback, &tx, awtStrike->fStyle, &glyph, 1, &bbox, NULL); CFRelease(fallback); // the origin of this bounding box is relative to the bottom-left corner baseline diff --git a/jdk/src/macosx/native/sun/font/CGGlyphImages.h b/jdk/src/macosx/native/sun/font/CGGlyphImages.h index 73cb604bcf..736167d2af 100644 --- a/jdk/src/macosx/native/sun/font/CGGlyphImages.h +++ b/jdk/src/macosx/native/sun/font/CGGlyphImages.h @@ -33,5 +33,12 @@ void CGGlyphImages_GetGlyphImagePtrs(jlong glyphInfos[], const AWTStrike *strike, jint rawGlyphCodes[], const CFIndex len); - +void +CGGlyphImages_GetGlyphMetrics(const CTFontRef font, + const CGAffineTransform *tx, + const JRSFontRenderingStyle style, + const CGGlyph glyphs[], + size_t count, + CGRect bboxes[], + CGSize advances[]); #endif /* __CGGLYPHIMAGES_H */ diff --git a/jdk/src/macosx/native/sun/font/CGGlyphImages.m b/jdk/src/macosx/native/sun/font/CGGlyphImages.m index c762fac61a..b4257203f4 100644 --- a/jdk/src/macosx/native/sun/font/CGGlyphImages.m +++ b/jdk/src/macosx/native/sun/font/CGGlyphImages.m @@ -237,6 +237,7 @@ @implementation CGGI_GlyphCanvas { UInt32 *src = (UInt32 *)canvas->image->data; size_t srcRowWidth = canvas->image->width; + size_t srcHeight = canvas->image->height; UInt8 *dest = (UInt8 *)info->image; size_t destRowWidth = info->width; @@ -246,12 +247,12 @@ @implementation CGGI_GlyphCanvas size_t y; // fill empty glyph image with black-on-white glyph - for (y = 0; y < height; y++) { + for (y = 0; y < height && y < srcHeight; y++) { size_t destRow = y * destRowWidth * 3; size_t srcRow = y * srcRowWidth; size_t x; - for (x = 0; x < destRowWidth; x++) { + for (x = 0; x < destRowWidth && x < srcRowWidth; x++) { CGGI_CopyARGBPixelToRGBPixel(src[srcRow + x], dest + destRow + x * 3); } @@ -289,6 +290,7 @@ @implementation CGGI_GlyphCanvas { UInt32 *src = (UInt32 *)canvas->image->data; size_t srcRowWidth = canvas->image->width; + size_t srcHeight = canvas->image->height; UInt8 *dest = (UInt8 *)info->image; size_t destRowWidth = info->width; @@ -298,11 +300,11 @@ @implementation CGGI_GlyphCanvas size_t y; // fill empty glyph image with black-on-white glyph - for (y = 0; y < height; y++) { + for (y = 0; y < height && y < srcHeight; y++) { size_t destRow = y * destRowWidth; size_t srcRow = y * srcRowWidth; size_t x; - for (x = 0; x < destRowWidth; x++) { + for (x = 0; x < destRowWidth && x < srcRowWidth; x++) { UInt32 p = src[srcRow + x]; dest[destRow + x] = CGGI_ConvertBWPixelToByteGray(p); } @@ -384,8 +386,10 @@ @implementation CGGI_GlyphCanvas canvas->image->data = (void *)calloc(byteCount, sizeof(UInt8)); if (canvas->image->data == NULL) { - [[NSException exceptionWithName:NSMallocException - reason:@"Failed to allocate memory for the buffer which backs the CGContext for glyph strikes." userInfo:nil] raise]; + canvas->image->width = 0; + canvas->image->height = 0; + canvas->image->rowBytes = 0; + canvas->image->data = malloc(0); } uint32_t bmpInfo = kCGImageAlphaPremultipliedFirst; @@ -435,6 +439,10 @@ @implementation CGGI_GlyphCanvas /* * Quick and easy inline to check if this canvas is big enough. + * This function only increases the size. To get a smaller canvas, free it first. + * This function adds padding / slack multiplier to the requested size. + * So resizes must be based on the size you need, not the size of the canvas. + * The function will internally account for the multiplier it uses. */ static inline void CGGI_SizeCanvas(CGGI_GlyphCanvas *canvas, const vImagePixelCount width, @@ -442,18 +450,31 @@ @implementation CGGI_GlyphCanvas const CGGI_RenderingMode* mode) { if (canvas->image != NULL && - width < canvas->image->width && - height < canvas->image->height) + width * CGGI_GLYPH_CANVAS_SLACK <= canvas->image->width && + height * CGGI_GLYPH_CANVAS_SLACK <= canvas->image->height) { return; } + vImagePixelCount w = width * CGGI_GLYPH_CANVAS_SLACK; + vImagePixelCount h = height * CGGI_GLYPH_CANVAS_SLACK; + + // Do not allow the canvas to be resized smaller. + if (canvas->image != NULL) { + if (w < canvas->image->width) { + w = canvas->image->width; + } + if (h < canvas->image->height) { + h = canvas->image->height; + } + } + // if we don't have enough space to strike the largest glyph in the // run, resize the canvas CGGI_FreeCanvas(canvas); CGGI_InitCanvas(canvas, - width * CGGI_GLYPH_CANVAS_SLACK, - height * CGGI_GLYPH_CANVAS_SLACK, + w, + h, mode); JRSFontSetRenderingStyleOnContext(canvas->context, mode->cgFontMode); } @@ -469,6 +490,12 @@ @implementation CGGI_GlyphCanvas canvasRectToClear.data = canvas->image->data; canvasRectToClear.height = info->height; canvasRectToClear.width = info->width; + if (canvas->image->width < canvasRectToClear.width) { + canvasRectToClear.width = canvas->image->width; + } + if (canvas->image->height < canvasRectToClear.height) { + canvasRectToClear.height = canvas->image->height; + } // use the row stride of the canvas, not the info canvasRectToClear.rowBytes = canvas->image->rowBytes; @@ -605,10 +632,8 @@ @implementation CGGI_GlyphCanvas JRSFontRenderingStyle style = JRSFontAlignStyleForFractionalMeasurement(strike->fStyle); CGRect bbox; - JRSFontGetBoundingBoxesForGlyphsAndStyle(fallback, &tx, style, &glyph, 1, &bbox); - CGSize advance; - CTFontGetAdvancesForGlyphs(fallback, kCTFontDefaultOrientation, &glyph, &advance, 1); + CGGlyphImages_GetGlyphMetrics(fallback, &tx, style, &glyph, 1, &bbox, &advance); // create the Sun2D GlyphInfo we are going to strike into GlyphInfo *info = CGGI_CreateNewGlyphInfoFrom(advance, bbox, strike, mode); @@ -764,8 +789,8 @@ @implementation CGGI_GlyphCanvas CGAffineTransform tx = strike->fTx; JRSFontRenderingStyle bboxCGMode = JRSFontAlignStyleForFractionalMeasurement(strike->fStyle); - JRSFontGetBoundingBoxesForGlyphsAndStyle((CTFontRef)font->fFont, &tx, bboxCGMode, glyphs, len, bboxes); - CTFontGetAdvancesForGlyphs((CTFontRef)font->fFont, kCTFontDefaultOrientation, glyphs, advances, len); + CTFontRef fontRef = (CTFontRef)font->fFont; + CGGlyphImages_GetGlyphMetrics(fontRef, &tx, bboxCGMode, glyphs, len, bboxes, advances); size_t maxWidth = 1; size_t maxHeight = 1; @@ -783,7 +808,6 @@ @implementation CGGI_GlyphCanvas CGRect bbox = bboxes[i]; GlyphInfo *glyphInfo = CGGI_CreateNewGlyphInfoFrom(advance, bbox, strike, mode); - if (maxWidth < glyphInfo->width) maxWidth = glyphInfo->width; if (maxHeight < glyphInfo->height) maxHeight = glyphInfo->height; @@ -860,8 +884,7 @@ @implementation CGGI_GlyphCanvas } // just do one malloc, and carve it up for all the buffers - void *buffer = malloc(sizeof(CGRect) * sizeof(CGSize) * - sizeof(CGGlyph) * sizeof(UniChar) * len); + void *buffer = malloc((sizeof(CGRect) + sizeof(CGSize) + sizeof(CGGlyph) + sizeof(UniChar)) * len); if (buffer == NULL) { [[NSException exceptionWithName:NSMallocException reason:@"Failed to allocate memory for the temporary glyph strike and measurement buffers." userInfo:nil] raise]; @@ -878,3 +901,45 @@ @implementation CGGI_GlyphCanvas free(buffer); } + +#define TX_FIXED_UNSAFE(v) (isinf(v) || isnan(v) || fabs(v) >= (1<<30)) + +/* + * Calculates bounding boxes (for given transform) and advance (for untransformed 1pt-size font) for specified glyphs. + */ +void +CGGlyphImages_GetGlyphMetrics(const CTFontRef font, + const CGAffineTransform *tx, + const JRSFontRenderingStyle style, + const CGGlyph glyphs[], + size_t count, + CGRect bboxes[], + CGSize advances[]) { + + if (TX_FIXED_UNSAFE(tx->a) || TX_FIXED_UNSAFE(tx->b) || TX_FIXED_UNSAFE(tx->c) || + TX_FIXED_UNSAFE(tx->d) || TX_FIXED_UNSAFE(tx->tx) || TX_FIXED_UNSAFE(tx->tx)) { + + if (bboxes) { + for (int i = 0; i < count; i++) { + bboxes[i].origin.x = 0; + bboxes[i].origin.y = 0; + bboxes[i].size.width = 0; + bboxes[i].size.height = 0; + } + } + if (advances) { + for (int i = 0; i < count; i++) { + advances[i].width = 0; + advances[i].height = 0; + } + } + return; + } + + if (bboxes) { + JRSFontGetBoundingBoxesForGlyphsAndStyle(font, tx, style, glyphs, count, bboxes); + } + if (advances) { + CTFontGetAdvancesForGlyphs(font, kCTFontDefaultOrientation, glyphs, advances, count); + } +} From f1d976060fabe926681522d4cf9bdd20200f257d Mon Sep 17 00:00:00 2001 From: Alexei Voitylov Date: Fri, 6 Jun 2025 19:34:02 +0000 Subject: [PATCH 29/33] 8349111: Enhance Swing supports Co-authored-by: Jan Kratochvil Reviewed-by: abakhtin, andrew, mbalao Backport-of: 8a34c18c6593da54b6b8695d645310db95f23509 --- .../com/apple/laf/AquaTabbedPaneCopyFromBasicUI.java | 12 +++++++++--- .../classes/javax/swing/border/TitledBorder.java | 7 ++++++- .../javax/swing/plaf/basic/BasicOptionPaneUI.java | 7 ++++++- .../javax/swing/plaf/basic/BasicTabbedPaneUI.java | 12 +++++++++--- 4 files changed, 30 insertions(+), 8 deletions(-) diff --git a/jdk/src/macosx/classes/com/apple/laf/AquaTabbedPaneCopyFromBasicUI.java b/jdk/src/macosx/classes/com/apple/laf/AquaTabbedPaneCopyFromBasicUI.java index 4bd2570e91..9d2a69fbcb 100644 --- a/jdk/src/macosx/classes/com/apple/laf/AquaTabbedPaneCopyFromBasicUI.java +++ b/jdk/src/macosx/classes/com/apple/laf/AquaTabbedPaneCopyFromBasicUI.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -404,7 +404,11 @@ protected void installListeners() { } tabPane.addContainerListener(getHandler()); if (tabPane.getTabCount() > 0) { - htmlViews = createHTMLVector(); + Boolean htmlDisabled = (Boolean) + tabPane.getClientProperty("html.disable"); + if (!(Boolean.TRUE.equals(htmlDisabled))) { + htmlViews = createHTMLVector(); + } } } @@ -3466,8 +3470,10 @@ public void componentAdded(final ContainerEvent e) { private void updateHtmlViews(int index) { final String title = tabPane.getTitleAt(index); + Boolean htmlDisabled = (Boolean) + tabPane.getClientProperty("html.disable"); final boolean isHTML = BasicHTML.isHTMLString(title); - if (isHTML) { + if (isHTML && !(Boolean.TRUE.equals(htmlDisabled))) { if (htmlViews == null) { // Initialize vector htmlViews = createHTMLVector(); } else { // Vector already exists diff --git a/jdk/src/share/classes/javax/swing/border/TitledBorder.java b/jdk/src/share/classes/javax/swing/border/TitledBorder.java index 5b084300a7..3afe81614d 100644 --- a/jdk/src/share/classes/javax/swing/border/TitledBorder.java +++ b/jdk/src/share/classes/javax/swing/border/TitledBorder.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -701,6 +701,11 @@ private Color getColor(Component c) { } private JLabel getLabel(Component c) { + if (c instanceof JComponent) { + JComponent comp = (JComponent)c; + this.label.putClientProperty("html.disable", + comp.getClientProperty("html.disable")); + } this.label.setText(getTitle()); this.label.setFont(getFont(c)); this.label.setForeground(getColor(c)); diff --git a/jdk/src/share/classes/javax/swing/plaf/basic/BasicOptionPaneUI.java b/jdk/src/share/classes/javax/swing/plaf/basic/BasicOptionPaneUI.java index b43e5d24c6..f251369494 100644 --- a/jdk/src/share/classes/javax/swing/plaf/basic/BasicOptionPaneUI.java +++ b/jdk/src/share/classes/javax/swing/plaf/basic/BasicOptionPaneUI.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -423,6 +423,11 @@ public Dimension getPreferredSize() { } else { JLabel label; label = new JLabel( s, JLabel.LEADING ); + if (Boolean.TRUE.equals( + this.optionPane.getClientProperty("html.disable"))) { + label.putClientProperty("html.disable", true); + BasicHTML.updateRenderer(label, label.getText()); + } label.setName("OptionPane.label"); configureMessageLabel(label); addMessageComponents(container, cons, label, maxll, true); diff --git a/jdk/src/share/classes/javax/swing/plaf/basic/BasicTabbedPaneUI.java b/jdk/src/share/classes/javax/swing/plaf/basic/BasicTabbedPaneUI.java index f08ab9adc7..4e751454ad 100644 --- a/jdk/src/share/classes/javax/swing/plaf/basic/BasicTabbedPaneUI.java +++ b/jdk/src/share/classes/javax/swing/plaf/basic/BasicTabbedPaneUI.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -417,7 +417,11 @@ protected void installListeners() { } tabPane.addContainerListener(getHandler()); if (tabPane.getTabCount()>0) { - htmlViews = createHTMLVector(); + Boolean htmlDisabled = (Boolean) + tabPane.getClientProperty("html.disable"); + if (!(Boolean.TRUE.equals(htmlDisabled))) { + htmlViews = createHTMLVector(); + } } } @@ -3584,8 +3588,10 @@ else if (name =="indexForTitle") { private void updateHtmlViews(int index) { String title = tabPane.getTitleAt(index); + Boolean htmlDisabled = (Boolean) + tabPane.getClientProperty("html.disable"); boolean isHTML = BasicHTML.isHTMLString(title); - if (isHTML) { + if (isHTML && !(Boolean.TRUE.equals(htmlDisabled))) { if (htmlViews==null) { // Initialize vector htmlViews = createHTMLVector(); } else { // Vector already exists From 517df6c40d2e04729526c285ed32cf91ea5be969 Mon Sep 17 00:00:00 2001 From: Alexey Bakhtin Date: Fri, 16 May 2025 17:01:20 -0700 Subject: [PATCH 30/33] 8349594: Enhance TLS protocol support Reviewed-by: mbalao, andrew Backport-of: d40052ee9789908fb7c06527ab644fdd217a6bea --- .../classes/sun/security/ssl/CertificateMessage.java | 11 ++++++++++- .../classes/sun/security/ssl/CertificateVerify.java | 10 +++++++++- jdk/src/share/classes/sun/security/ssl/Finished.java | 10 +++++++++- 3 files changed, 28 insertions(+), 3 deletions(-) diff --git a/jdk/src/share/classes/sun/security/ssl/CertificateMessage.java b/jdk/src/share/classes/sun/security/ssl/CertificateMessage.java index 07453f20af..36948d18fd 100644 --- a/jdk/src/share/classes/sun/security/ssl/CertificateMessage.java +++ b/jdk/src/share/classes/sun/security/ssl/CertificateMessage.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1165,6 +1165,15 @@ public void consume(ConnectionContext context, // clean up this consumer hc.handshakeConsumers.remove(SSLHandshake.CERTIFICATE.id); + + // Ensure that the Certificate message has not been sent w/o + // an EncryptedExtensions preceding + if (hc.handshakeConsumers.containsKey( + SSLHandshake.ENCRYPTED_EXTENSIONS.id)) { + throw hc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, + "Unexpected Certificate handshake message"); + } + T13CertificateMessage cm = new T13CertificateMessage(hc, message); if (hc.sslConfig.isClientMode) { if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { diff --git a/jdk/src/share/classes/sun/security/ssl/CertificateVerify.java b/jdk/src/share/classes/sun/security/ssl/CertificateVerify.java index 409119c097..8f3d86c423 100644 --- a/jdk/src/share/classes/sun/security/ssl/CertificateVerify.java +++ b/jdk/src/share/classes/sun/security/ssl/CertificateVerify.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1155,6 +1155,14 @@ public void consume(ConnectionContext context, // Clean up this consumer hc.handshakeConsumers.remove(SSLHandshake.CERTIFICATE_VERIFY.id); + // Ensure that the Certificate Verify message has not been sent w/o + // a Certificate message preceding + if (hc.handshakeConsumers.containsKey( + SSLHandshake.CERTIFICATE.id)) { + throw hc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, + "Unexpected Certificate Verify handshake message"); + } + T13CertificateVerifyMessage cvm = new T13CertificateVerifyMessage(hc, message); if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { diff --git a/jdk/src/share/classes/sun/security/ssl/Finished.java b/jdk/src/share/classes/sun/security/ssl/Finished.java index a4b029d5a7..fcf9de1731 100644 --- a/jdk/src/share/classes/sun/security/ssl/Finished.java +++ b/jdk/src/share/classes/sun/security/ssl/Finished.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -859,6 +859,14 @@ public void consume(ConnectionContext context, private void onConsumeFinished(ClientHandshakeContext chc, ByteBuffer message) throws IOException { + // Ensure that the Finished message has not been sent w/o + // an EncryptedExtensions preceding + if (chc.handshakeConsumers.containsKey( + SSLHandshake.ENCRYPTED_EXTENSIONS.id)) { + throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, + "Unexpected Finished handshake message"); + } + // Make sure that any expected CertificateVerify message // has been received and processed. if (!chc.isResumption) { From d24f35dcef2ecba264c7c0f78e93fd9179082a4c Mon Sep 17 00:00:00 2001 From: Alexey Bakhtin Date: Wed, 28 May 2025 16:52:30 -0700 Subject: [PATCH 31/33] 8351422: Improve scripting supports Reviewed-by: mbalao, andrew --- .../internal/runtime/options/Options.java | 49 ++++++++++++++++--- 1 file changed, 42 insertions(+), 7 deletions(-) diff --git a/nashorn/src/jdk/nashorn/internal/runtime/options/Options.java b/nashorn/src/jdk/nashorn/internal/runtime/options/Options.java index f85c4f28a3..d34ed11416 100644 --- a/nashorn/src/jdk/nashorn/internal/runtime/options/Options.java +++ b/nashorn/src/jdk/nashorn/internal/runtime/options/Options.java @@ -416,16 +416,34 @@ public void displayHelp(final boolean extended) { * @param args arguments from command line */ public void process(final String[] args) { + final LinkedList prepArgList = new LinkedList<>(); + addSystemProperties(NASHORN_ARGS_PREPEND_PROPERTY, prepArgList); + final LinkedList postArgList = new LinkedList<>(); + addSystemProperties(NASHORN_ARGS_PROPERTY, postArgList); final LinkedList argList = new LinkedList<>(); - addSystemProperties(NASHORN_ARGS_PREPEND_PROPERTY, argList); - processArgList(argList); - assert argList.isEmpty(); - Collections.addAll(argList, args); - processArgList(argList); - assert argList.isEmpty(); - addSystemProperties(NASHORN_ARGS_PROPERTY, argList); + for (final String arg : args) { + if (arg.startsWith(definePropPrefix)) { + final String value = arg.substring(definePropPrefix.length()); + final int eq = value.indexOf('='); + if (eq != -1) { + String name = value.substring(0, eq); + if (name.equals(NASHORN_ARGS_PREPEND_PROPERTY)) { + addNashornProperties(value.substring(eq + 1), prepArgList, false); + continue; + } else if (name.equals(NASHORN_ARGS_PROPERTY)) { + addNashornProperties(value.substring(eq + 1), postArgList, true); + continue; + } + } + } + argList.add(arg); + } + processArgList(prepArgList); + assert prepArgList.isEmpty(); processArgList(argList); assert argList.isEmpty(); + processArgList(postArgList); + assert postArgList.isEmpty(); } private void processArgList(final LinkedList argList) { @@ -519,6 +537,23 @@ private static void addSystemProperties(final String sysPropName, final List argList, boolean prepend) { + if (args != null) { + final StringTokenizer st = new StringTokenizer(args); + final LinkedList prepArgList = new LinkedList<>(); + while (st.hasMoreTokens()) { + if (prepend) { + prepArgList.add(st.nextToken()); + } else { + argList.add(st.nextToken()); + } + } + if (prepend) { + argList.addAll(0,prepArgList); + } + } + } + /** * Retrieves an option template identified by key. * @param shortKey the short (that is without the e.g. "nashorn.option." part) key From 943a5ea328fd2fc8eed0aed4ec9b1957d41f8144 Mon Sep 17 00:00:00 2001 From: Alexey Bakhtin Date: Mon, 30 Jun 2025 13:20:47 -0700 Subject: [PATCH 32/33] 8360147: Better Glyph drawing redux Reviewed-by: mbalao, andrew Backport-of: 141d7af9cd3c41de974c3d3f8017d6b21dc6d36c --- .../macosx/native/sun/font/CGGlyphImages.m | 23 +++++++++++-------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/jdk/src/macosx/native/sun/font/CGGlyphImages.m b/jdk/src/macosx/native/sun/font/CGGlyphImages.m index b4257203f4..4658911541 100644 --- a/jdk/src/macosx/native/sun/font/CGGlyphImages.m +++ b/jdk/src/macosx/native/sun/font/CGGlyphImages.m @@ -883,23 +883,28 @@ @implementation CGGI_GlyphCanvas return; } - // just do one malloc, and carve it up for all the buffers - void *buffer = malloc((sizeof(CGRect) + sizeof(CGSize) + sizeof(CGGlyph) + sizeof(UniChar)) * len); - if (buffer == NULL) { + CGRect *bboxes = (CGRect*)calloc(len, sizeof(CGRect)); + CGSize *advances = (CGSize*)calloc(len, sizeof(CGSize)); + CGGlyph *glyphs = (CGGlyph*)calloc(len, sizeof(CGGlyph)); + UniChar *uniChars = (UniChar*)calloc(len, sizeof(UniChar)); + + if (bboxes == NULL || advances == NULL || glyphs == NULL || uniChars == NULL) { + free(bboxes); + free(advances); + free(glyphs); + free(uniChars); [[NSException exceptionWithName:NSMallocException reason:@"Failed to allocate memory for the temporary glyph strike and measurement buffers." userInfo:nil] raise]; } - CGRect *bboxes = (CGRect *)(buffer); - CGSize *advances = (CGSize *)(bboxes + sizeof(CGRect) * len); - CGGlyph *glyphs = (CGGlyph *)(advances + sizeof(CGGlyph) * len); - UniChar *uniChars = (UniChar *)(glyphs + sizeof(UniChar) * len); - CGGI_CreateGlyphsAndScanForComplexities(glyphInfos, strike, &mode, rawGlyphCodes, uniChars, glyphs, advances, bboxes, len); - free(buffer); + free(bboxes); + free(advances); + free(glyphs); + free(uniChars); } #define TX_FIXED_UNSAFE(v) (isinf(v) || isnan(v) || fabs(v) >= (1<<30)) From 16a711a0f883717a7b5f1dc7efd85478e3404e99 Mon Sep 17 00:00:00 2001 From: Antonio Vieiro Date: Mon, 7 Jul 2025 15:58:58 +0000 Subject: [PATCH 33/33] 8358538: Update GHA Windows runner to 2025 Reviewed-by: sgehwolf Backport-of: 0927ca70e66ef27b38cbf5c0dd2851c796218067 --- .github/workflows/submit.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/submit.yml b/.github/workflows/submit.yml index 5d95612f2e..74d918eb54 100644 --- a/.github/workflows/submit.yml +++ b/.github/workflows/submit.yml @@ -679,7 +679,7 @@ jobs: windows_x64_build: name: Windows x64 - runs-on: "windows-2019" + runs-on: "windows-2025" needs: prerequisites if: needs.prerequisites.outputs.should_run != 'false' && needs.prerequisites.outputs.platform_windows_x64 != 'false' @@ -857,7 +857,7 @@ jobs: windows_x86_build: name: Windows x86 - runs-on: "windows-2019" + runs-on: "windows-2025" needs: prerequisites if: needs.prerequisites.outputs.should_run != 'false' && needs.prerequisites.outputs.platform_windows_x86 != 'false' @@ -1031,7 +1031,7 @@ jobs: windows_x64_test: name: Windows x64 - runs-on: "windows-2019" + runs-on: "windows-2025" needs: - prerequisites - windows_x64_build @@ -1192,7 +1192,7 @@ jobs: windows_x86_test: name: Windows x86 - runs-on: "windows-2019" + runs-on: "windows-2025" needs: - prerequisites - windows_x86_build