aboutsummaryrefslogtreecommitdiff
path: root/src/share/classes/sun/security
diff options
context:
space:
mode:
Diffstat (limited to 'src/share/classes/sun/security')
-rw-r--r--src/share/classes/sun/security/krb5/KrbAsReq.java7
-rw-r--r--src/share/classes/sun/security/krb5/internal/KerberosTime.java47
-rw-r--r--src/share/classes/sun/security/provider/X509Factory.java24
-rw-r--r--src/share/classes/sun/security/tools/JarSigner.java2
-rw-r--r--src/share/classes/sun/security/tools/policytool/PolicyTool.java (renamed from src/share/classes/sun/security/tools/PolicyTool.java)4
-rw-r--r--src/share/classes/sun/security/validator/PKIXValidator.java9
6 files changed, 68 insertions, 25 deletions
diff --git a/src/share/classes/sun/security/krb5/KrbAsReq.java b/src/share/classes/sun/security/krb5/KrbAsReq.java
index 2ef8a1a9a..4073ddf26 100644
--- a/src/share/classes/sun/security/krb5/KrbAsReq.java
+++ b/src/share/classes/sun/security/krb5/KrbAsReq.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -344,16 +344,13 @@ public class KrbAsReq extends KrbKdcReq {
princName = cname;
EncryptionKey key = null;
- int[] tktETypes = null;
+ int[] tktETypes = EType.getDefaults("default_tkt_enctypes");
if (pa_exists && pa_etype != EncryptedData.ETYPE_NULL) {
if (DEBUG) {
System.out.println("Pre-Authenticaton: find key for etype = " + pa_etype);
}
key = EncryptionKey.findKey(pa_etype, keys);
- tktETypes = new int[1];
- tktETypes[0] = pa_etype;
} else {
- tktETypes = EType.getDefaults("default_tkt_enctypes", keys);
key = EncryptionKey.findKey(tktETypes[0], keys);
}
diff --git a/src/share/classes/sun/security/krb5/internal/KerberosTime.java b/src/share/classes/sun/security/krb5/internal/KerberosTime.java
index 4432a2bfa..1e0cbeccb 100644
--- a/src/share/classes/sun/security/krb5/internal/KerberosTime.java
+++ b/src/share/classes/sun/security/krb5/internal/KerberosTime.java
@@ -57,11 +57,20 @@ import java.io.IOException;
* specification available at
* <a href="http://www.ietf.org/rfc/rfc4120.txt">
* http://www.ietf.org/rfc/rfc4120.txt</a>.
+ *
+ * The implementation also includes the microseconds info so that the
+ * same class can be used as a precise timestamp in Authenticator etc.
*/
public class KerberosTime implements Cloneable {
private long kerberosTime; // milliseconds since epoch, a Date.getTime() value
+ private int microSeconds; // the last three digits of the microsecond value
+
+ // The time when this class is loaded. Used in setNow()
+ private static final long initMilli = System.currentTimeMillis();
+ private static final long initMicro = System.nanoTime() / 1000;
+
private static long syncTime;
private static boolean DEBUG = Krb5.DEBUG;
@@ -77,9 +86,13 @@ public class KerberosTime implements Cloneable {
kerberosTime = time;
}
+ private KerberosTime(long time, int micro) {
+ kerberosTime = time;
+ microSeconds = micro;
+ }
public Object clone() {
- return new KerberosTime(kerberosTime);
+ return new KerberosTime(kerberosTime, microSeconds);
}
// This constructor is used in the native code
@@ -109,8 +122,8 @@ public class KerberosTime implements Cloneable {
// | | | | | | |
// 0 4 6 8 | | |
// 10 | |
- // 12 |
- // 14
+ // 12 |
+ // 14
if (time.length() != 15)
throw new Asn1Exception(Krb5.ASN1_BAD_TIMEFORMAT);
@@ -148,11 +161,8 @@ public class KerberosTime implements Cloneable {
public KerberosTime(boolean initToNow) {
if (initToNow) {
- Date temp = new Date();
- setTime(temp);
+ setNow();
}
- else
- kerberosTime = 0;
}
/**
@@ -192,10 +202,12 @@ public class KerberosTime implements Cloneable {
public void setTime(Date time) {
kerberosTime = time.getTime(); // (time.getTimezoneOffset() * 60000L);
+ microSeconds = 0;
}
public void setTime(long time) {
kerberosTime = time;
+ microSeconds = 0;
}
public Date toDate() {
@@ -205,16 +217,18 @@ public class KerberosTime implements Cloneable {
}
public void setNow() {
- Date temp = new Date();
- setTime(temp);
+ long microElapsed = System.nanoTime() / 1000 - initMicro;
+ setTime(initMilli + microElapsed/1000);
+ microSeconds = (int)(microElapsed % 1000);
}
public int getMicroSeconds() {
Long temp_long = new Long((kerberosTime % 1000L) * 1000L);
- return temp_long.intValue();
+ return temp_long.intValue() + microSeconds;
}
public void setMicroSeconds(int usec) {
+ microSeconds = usec % 1000;
Integer temp_int = new Integer(usec);
long temp_long = temp_int.longValue() / 1000L;
kerberosTime = kerberosTime - (kerberosTime % 1000L) + temp_long;
@@ -222,6 +236,7 @@ public class KerberosTime implements Cloneable {
public void setMicroSeconds(Integer usec) {
if (usec != null) {
+ microSeconds = usec.intValue() % 1000;
long temp_long = usec.longValue() / 1000L;
kerberosTime = kerberosTime - (kerberosTime % 1000L) + temp_long;
}
@@ -262,7 +277,9 @@ public class KerberosTime implements Cloneable {
}
public boolean greaterThan(KerberosTime time) {
- return kerberosTime > time.kerberosTime;
+ return kerberosTime > time.kerberosTime ||
+ kerberosTime == time.kerberosTime &&
+ microSeconds > time.microSeconds;
}
public boolean equals(Object obj) {
@@ -274,15 +291,17 @@ public class KerberosTime implements Cloneable {
return false;
}
- return kerberosTime == ((KerberosTime)obj).kerberosTime;
+ return kerberosTime == ((KerberosTime)obj).kerberosTime &&
+ microSeconds == ((KerberosTime)obj).microSeconds;
}
public int hashCode() {
- return 37 * 17 + (int)(kerberosTime ^ (kerberosTime >>> 32));
+ int result = 37 * 17 + (int)(kerberosTime ^ (kerberosTime >>> 32));
+ return result * 17 + microSeconds;
}
public boolean isZero() {
- return kerberosTime == 0;
+ return kerberosTime == 0 && microSeconds == 0;
}
public int getSeconds() {
diff --git a/src/share/classes/sun/security/provider/X509Factory.java b/src/share/classes/sun/security/provider/X509Factory.java
index 8dbe55d22..e785b655a 100644
--- a/src/share/classes/sun/security/provider/X509Factory.java
+++ b/src/share/classes/sun/security/provider/X509Factory.java
@@ -518,6 +518,7 @@ public class X509Factory extends CertificateFactorySpi {
// Step 2: Read the rest of header, determine the line end
int end;
+ StringBuffer header = new StringBuffer("-----");
while (true) {
int next = is.read();
if (next == -1) {
@@ -540,6 +541,7 @@ public class X509Factory extends CertificateFactorySpi {
}
break;
}
+ header.append((char)next);
}
// Step 3: Read the data
@@ -559,6 +561,7 @@ public class X509Factory extends CertificateFactorySpi {
}
// Step 4: Consume the footer
+ StringBuffer footer = new StringBuffer("-");
while (true) {
int next = is.read();
// Add next == '\n' for maximum safety, in case endline
@@ -566,13 +569,34 @@ public class X509Factory extends CertificateFactorySpi {
if (next == -1 || next == end || next == '\n') {
break;
}
+ if (next != '\r') footer.append((char)next);
}
+ checkHeaderFooter(header.toString(), footer.toString());
+
BASE64Decoder decoder = new BASE64Decoder();
return decoder.decodeBuffer(new String(data, 0, pos));
}
}
+ private static void checkHeaderFooter(String header,
+ String footer) throws IOException {
+ if (header.length() < 16 || !header.startsWith("-----BEGIN ") ||
+ !header.endsWith("-----")) {
+ throw new IOException("Illegal header: " + header);
+ }
+ if (footer.length() < 14 || !footer.startsWith("-----END ") ||
+ !footer.endsWith("-----")) {
+ throw new IOException("Illegal footer: " + footer);
+ }
+ String headerType = header.substring(11, header.length()-5);
+ String footerType = footer.substring(9, footer.length()-5);
+ if (!headerType.equals(footerType)) {
+ throw new IOException("Header and footer do not match: " +
+ header + " " + footer);
+ }
+ }
+
/**
* Read one BER data block. This method is aware of indefinite-length BER
* encoding and will read all of the sub-sections in a recursive way
diff --git a/src/share/classes/sun/security/tools/JarSigner.java b/src/share/classes/sun/security/tools/JarSigner.java
index 661e63fc9..981b7fd53 100644
--- a/src/share/classes/sun/security/tools/JarSigner.java
+++ b/src/share/classes/sun/security/tools/JarSigner.java
@@ -1486,7 +1486,7 @@ public class JarSigner {
for (int i=0; i<len; i++) {
switch (bs[i]) {
case '\r':
- if (i < len && bs[i+1] == '\n') i++;
+ if (i < len - 1 && bs[i+1] == '\n') i++;
// fallthrough
case '\n':
if (newline) return i+1; //+1 to get length
diff --git a/src/share/classes/sun/security/tools/PolicyTool.java b/src/share/classes/sun/security/tools/policytool/PolicyTool.java
index d8a1888fe..bba2945c1 100644
--- a/src/share/classes/sun/security/tools/PolicyTool.java
+++ b/src/share/classes/sun/security/tools/policytool/PolicyTool.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
* questions.
*/
-package sun.security.tools;
+package sun.security.tools.policytool;
import java.io.*;
import java.util.LinkedList;
diff --git a/src/share/classes/sun/security/validator/PKIXValidator.java b/src/share/classes/sun/security/validator/PKIXValidator.java
index a760a05fc..8068a9db8 100644
--- a/src/share/classes/sun/security/validator/PKIXValidator.java
+++ b/src/share/classes/sun/security/validator/PKIXValidator.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -155,12 +155,15 @@ public final class PKIXValidator extends Validator {
X500Principal prevIssuer = null;
for (int i = 0; i < chain.length; i++) {
X509Certificate cert = chain[i];
+ X500Principal dn = cert.getSubjectX500Principal();
if (i != 0 &&
- !cert.getSubjectX500Principal().equals(prevIssuer)) {
+ !dn.equals(prevIssuer)) {
// chain is not ordered correctly, call builder instead
return doBuild(chain, otherCerts);
}
- if (trustedCerts.contains(cert)) {
+ if (trustedSubjects.containsKey(dn)
+ && trustedSubjects.get(dn).getPublicKey()
+ .equals(cert.getPublicKey())) {
if (i == 0) {
return new X509Certificate[] {chain[0]};
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-23 01:22:55 +0000