diff options
Diffstat (limited to 'src/share/classes/sun/security')
-rw-r--r-- | src/share/classes/sun/security/krb5/KrbAsReq.java | 7 | ||||
-rw-r--r-- | src/share/classes/sun/security/krb5/internal/KerberosTime.java | 47 | ||||
-rw-r--r-- | src/share/classes/sun/security/provider/X509Factory.java | 24 | ||||
-rw-r--r-- | src/share/classes/sun/security/tools/JarSigner.java | 2 | ||||
-rw-r--r-- | src/share/classes/sun/security/tools/policytool/PolicyTool.java (renamed from src/share/classes/sun/security/tools/PolicyTool.java) | 4 | ||||
-rw-r--r-- | src/share/classes/sun/security/validator/PKIXValidator.java | 9 |
6 files changed, 68 insertions, 25 deletions
diff --git a/src/share/classes/sun/security/krb5/KrbAsReq.java b/src/share/classes/sun/security/krb5/KrbAsReq.java index 2ef8a1a9a..4073ddf26 100644 --- a/src/share/classes/sun/security/krb5/KrbAsReq.java +++ b/src/share/classes/sun/security/krb5/KrbAsReq.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -344,16 +344,13 @@ public class KrbAsReq extends KrbKdcReq { princName = cname; EncryptionKey key = null; - int[] tktETypes = null; + int[] tktETypes = EType.getDefaults("default_tkt_enctypes"); if (pa_exists && pa_etype != EncryptedData.ETYPE_NULL) { if (DEBUG) { System.out.println("Pre-Authenticaton: find key for etype = " + pa_etype); } key = EncryptionKey.findKey(pa_etype, keys); - tktETypes = new int[1]; - tktETypes[0] = pa_etype; } else { - tktETypes = EType.getDefaults("default_tkt_enctypes", keys); key = EncryptionKey.findKey(tktETypes[0], keys); } diff --git a/src/share/classes/sun/security/krb5/internal/KerberosTime.java b/src/share/classes/sun/security/krb5/internal/KerberosTime.java index 4432a2bfa..1e0cbeccb 100644 --- a/src/share/classes/sun/security/krb5/internal/KerberosTime.java +++ b/src/share/classes/sun/security/krb5/internal/KerberosTime.java @@ -57,11 +57,20 @@ import java.io.IOException; * specification available at * <a href="http://www.ietf.org/rfc/rfc4120.txt"> * http://www.ietf.org/rfc/rfc4120.txt</a>. + * + * The implementation also includes the microseconds info so that the + * same class can be used as a precise timestamp in Authenticator etc. */ public class KerberosTime implements Cloneable { private long kerberosTime; // milliseconds since epoch, a Date.getTime() value + private int microSeconds; // the last three digits of the microsecond value + + // The time when this class is loaded. Used in setNow() + private static final long initMilli = System.currentTimeMillis(); + private static final long initMicro = System.nanoTime() / 1000; + private static long syncTime; private static boolean DEBUG = Krb5.DEBUG; @@ -77,9 +86,13 @@ public class KerberosTime implements Cloneable { kerberosTime = time; } + private KerberosTime(long time, int micro) { + kerberosTime = time; + microSeconds = micro; + } public Object clone() { - return new KerberosTime(kerberosTime); + return new KerberosTime(kerberosTime, microSeconds); } // This constructor is used in the native code @@ -109,8 +122,8 @@ public class KerberosTime implements Cloneable { // | | | | | | | // 0 4 6 8 | | | // 10 | | - // 12 | - // 14 + // 12 | + // 14 if (time.length() != 15) throw new Asn1Exception(Krb5.ASN1_BAD_TIMEFORMAT); @@ -148,11 +161,8 @@ public class KerberosTime implements Cloneable { public KerberosTime(boolean initToNow) { if (initToNow) { - Date temp = new Date(); - setTime(temp); + setNow(); } - else - kerberosTime = 0; } /** @@ -192,10 +202,12 @@ public class KerberosTime implements Cloneable { public void setTime(Date time) { kerberosTime = time.getTime(); // (time.getTimezoneOffset() * 60000L); + microSeconds = 0; } public void setTime(long time) { kerberosTime = time; + microSeconds = 0; } public Date toDate() { @@ -205,16 +217,18 @@ public class KerberosTime implements Cloneable { } public void setNow() { - Date temp = new Date(); - setTime(temp); + long microElapsed = System.nanoTime() / 1000 - initMicro; + setTime(initMilli + microElapsed/1000); + microSeconds = (int)(microElapsed % 1000); } public int getMicroSeconds() { Long temp_long = new Long((kerberosTime % 1000L) * 1000L); - return temp_long.intValue(); + return temp_long.intValue() + microSeconds; } public void setMicroSeconds(int usec) { + microSeconds = usec % 1000; Integer temp_int = new Integer(usec); long temp_long = temp_int.longValue() / 1000L; kerberosTime = kerberosTime - (kerberosTime % 1000L) + temp_long; @@ -222,6 +236,7 @@ public class KerberosTime implements Cloneable { public void setMicroSeconds(Integer usec) { if (usec != null) { + microSeconds = usec.intValue() % 1000; long temp_long = usec.longValue() / 1000L; kerberosTime = kerberosTime - (kerberosTime % 1000L) + temp_long; } @@ -262,7 +277,9 @@ public class KerberosTime implements Cloneable { } public boolean greaterThan(KerberosTime time) { - return kerberosTime > time.kerberosTime; + return kerberosTime > time.kerberosTime || + kerberosTime == time.kerberosTime && + microSeconds > time.microSeconds; } public boolean equals(Object obj) { @@ -274,15 +291,17 @@ public class KerberosTime implements Cloneable { return false; } - return kerberosTime == ((KerberosTime)obj).kerberosTime; + return kerberosTime == ((KerberosTime)obj).kerberosTime && + microSeconds == ((KerberosTime)obj).microSeconds; } public int hashCode() { - return 37 * 17 + (int)(kerberosTime ^ (kerberosTime >>> 32)); + int result = 37 * 17 + (int)(kerberosTime ^ (kerberosTime >>> 32)); + return result * 17 + microSeconds; } public boolean isZero() { - return kerberosTime == 0; + return kerberosTime == 0 && microSeconds == 0; } public int getSeconds() { diff --git a/src/share/classes/sun/security/provider/X509Factory.java b/src/share/classes/sun/security/provider/X509Factory.java index 8dbe55d22..e785b655a 100644 --- a/src/share/classes/sun/security/provider/X509Factory.java +++ b/src/share/classes/sun/security/provider/X509Factory.java @@ -518,6 +518,7 @@ public class X509Factory extends CertificateFactorySpi { // Step 2: Read the rest of header, determine the line end int end; + StringBuffer header = new StringBuffer("-----"); while (true) { int next = is.read(); if (next == -1) { @@ -540,6 +541,7 @@ public class X509Factory extends CertificateFactorySpi { } break; } + header.append((char)next); } // Step 3: Read the data @@ -559,6 +561,7 @@ public class X509Factory extends CertificateFactorySpi { } // Step 4: Consume the footer + StringBuffer footer = new StringBuffer("-"); while (true) { int next = is.read(); // Add next == '\n' for maximum safety, in case endline @@ -566,13 +569,34 @@ public class X509Factory extends CertificateFactorySpi { if (next == -1 || next == end || next == '\n') { break; } + if (next != '\r') footer.append((char)next); } + checkHeaderFooter(header.toString(), footer.toString()); + BASE64Decoder decoder = new BASE64Decoder(); return decoder.decodeBuffer(new String(data, 0, pos)); } } + private static void checkHeaderFooter(String header, + String footer) throws IOException { + if (header.length() < 16 || !header.startsWith("-----BEGIN ") || + !header.endsWith("-----")) { + throw new IOException("Illegal header: " + header); + } + if (footer.length() < 14 || !footer.startsWith("-----END ") || + !footer.endsWith("-----")) { + throw new IOException("Illegal footer: " + footer); + } + String headerType = header.substring(11, header.length()-5); + String footerType = footer.substring(9, footer.length()-5); + if (!headerType.equals(footerType)) { + throw new IOException("Header and footer do not match: " + + header + " " + footer); + } + } + /** * Read one BER data block. This method is aware of indefinite-length BER * encoding and will read all of the sub-sections in a recursive way diff --git a/src/share/classes/sun/security/tools/JarSigner.java b/src/share/classes/sun/security/tools/JarSigner.java index 661e63fc9..981b7fd53 100644 --- a/src/share/classes/sun/security/tools/JarSigner.java +++ b/src/share/classes/sun/security/tools/JarSigner.java @@ -1486,7 +1486,7 @@ public class JarSigner { for (int i=0; i<len; i++) { switch (bs[i]) { case '\r': - if (i < len && bs[i+1] == '\n') i++; + if (i < len - 1 && bs[i+1] == '\n') i++; // fallthrough case '\n': if (newline) return i+1; //+1 to get length diff --git a/src/share/classes/sun/security/tools/PolicyTool.java b/src/share/classes/sun/security/tools/policytool/PolicyTool.java index d8a1888fe..bba2945c1 100644 --- a/src/share/classes/sun/security/tools/PolicyTool.java +++ b/src/share/classes/sun/security/tools/policytool/PolicyTool.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ * questions. */ -package sun.security.tools; +package sun.security.tools.policytool; import java.io.*; import java.util.LinkedList; diff --git a/src/share/classes/sun/security/validator/PKIXValidator.java b/src/share/classes/sun/security/validator/PKIXValidator.java index a760a05fc..8068a9db8 100644 --- a/src/share/classes/sun/security/validator/PKIXValidator.java +++ b/src/share/classes/sun/security/validator/PKIXValidator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -155,12 +155,15 @@ public final class PKIXValidator extends Validator { X500Principal prevIssuer = null; for (int i = 0; i < chain.length; i++) { X509Certificate cert = chain[i]; + X500Principal dn = cert.getSubjectX500Principal(); if (i != 0 && - !cert.getSubjectX500Principal().equals(prevIssuer)) { + !dn.equals(prevIssuer)) { // chain is not ordered correctly, call builder instead return doBuild(chain, otherCerts); } - if (trustedCerts.contains(cert)) { + if (trustedSubjects.containsKey(dn) + && trustedSubjects.get(dn).getPublicKey() + .equals(cert.getPublicKey())) { if (i == 0) { return new X509Certificate[] {chain[0]}; } |