From f70505664e8694f098723f3a9587067f1d6327f2 Mon Sep 17 00:00:00 2001 From: Alex Kashchenko Date: Oct 25 2016 17:08:09 +0000 Subject: merge master branch --- diff --git a/aarch32-8u111.patch b/aarch32-8u111.patch new file mode 100644 index 0000000..53a7a7f --- /dev/null +++ b/aarch32-8u111.patch @@ -0,0 +1,6809 @@ +diff --git a/corba/src/share/classes/javax/rmi/CORBA/Util.java b/src/share/classes/javax/rmi/CORBA/Util.java +--- openjdk/corba/src/share/classes/javax/rmi/CORBA/Util.java ++++ openjdk/corba/src/share/classes/javax/rmi/CORBA/Util.java +@@ -414,7 +414,7 @@ + // set to allow the loading of the Util delegate + // which provides access to custom ValueHandler + sm.checkPermission(new SerializablePermission( +- "enableCustomValueHanlder")); ++ "enableCustomValueHandler")); + } + } + } +diff --git a/hotspot/src/cpu/sparc/vm/c1_LIRAssembler_sparc.cpp b/hotspot/src/cpu/sparc/vm/c1_LIRAssembler_sparc.cpp +index 89c1780..b3b3dcb 100644 +--- openjdk/hotspot/src/cpu/sparc/vm/c1_LIRAssembler_sparc.cpp ++++ openjdk/hotspot/src/cpu/sparc/vm/c1_LIRAssembler_sparc.cpp +@@ -2168,6 +2168,27 @@ void LIR_Assembler::emit_arraycopy(LIR_OpArrayCopy* op) { + __ delayed()->nop(); + } + ++ // If the compiler was not able to prove that exact type of the source or the destination ++ // of the arraycopy is an array type, check at runtime if the source or the destination is ++ // an instance type. ++ if (flags & LIR_OpArrayCopy::type_check) { ++ if (!(flags & LIR_OpArrayCopy::LIR_OpArrayCopy::dst_objarray)) { ++ __ load_klass(dst, tmp); ++ __ lduw(tmp, in_bytes(Klass::layout_helper_offset()), tmp2); ++ __ cmp(tmp2, Klass::_lh_neutral_value); ++ __ br(Assembler::greaterEqual, false, Assembler::pn, *stub->entry()); ++ __ delayed()->nop(); ++ } ++ ++ if (!(flags & LIR_OpArrayCopy::LIR_OpArrayCopy::src_objarray)) { ++ __ load_klass(src, tmp); ++ __ lduw(tmp, in_bytes(Klass::layout_helper_offset()), tmp2); ++ __ cmp(tmp2, Klass::_lh_neutral_value); ++ __ br(Assembler::greaterEqual, false, Assembler::pn, *stub->entry()); ++ __ delayed()->nop(); ++ } ++ } ++ + if (flags & LIR_OpArrayCopy::src_pos_positive_check) { + // test src_pos register + __ cmp_zero_and_br(Assembler::less, src_pos, *stub->entry()); +diff --git a/hotspot/src/cpu/x86/vm/c1_LIRAssembler_x86.cpp b/hotspot/src/cpu/x86/vm/c1_LIRAssembler_x86.cpp +index 59fa2a1..335ec1d 100644 +--- openjdk/hotspot/src/cpu/x86/vm/c1_LIRAssembler_x86.cpp ++++ openjdk/hotspot/src/cpu/x86/vm/c1_LIRAssembler_x86.cpp +@@ -3275,6 +3275,23 @@ void LIR_Assembler::emit_arraycopy(LIR_OpArrayCopy* op) { + __ jcc(Assembler::zero, *stub->entry()); + } + ++ // If the compiler was not able to prove that exact type of the source or the destination ++ // of the arraycopy is an array type, check at runtime if the source or the destination is ++ // an instance type. ++ if (flags & LIR_OpArrayCopy::type_check) { ++ if (!(flags & LIR_OpArrayCopy::dst_objarray)) { ++ __ load_klass(tmp, dst); ++ __ cmpl(Address(tmp, in_bytes(Klass::layout_helper_offset())), Klass::_lh_neutral_value); ++ __ jcc(Assembler::greaterEqual, *stub->entry()); ++ } ++ ++ if (!(flags & LIR_OpArrayCopy::src_objarray)) { ++ __ load_klass(tmp, src); ++ __ cmpl(Address(tmp, in_bytes(Klass::layout_helper_offset())), Klass::_lh_neutral_value); ++ __ jcc(Assembler::greaterEqual, *stub->entry()); ++ } ++ } ++ + // check if negative + if (flags & LIR_OpArrayCopy::src_pos_positive_check) { + __ testl(src_pos, src_pos); +diff --git a/hotspot/src/share/vm/classfile/classFileParser.cpp b/hotspot/src/share/vm/classfile/classFileParser.cpp +index 2828b4e..8615bbe 100644 +--- openjdk/hotspot/src/share/vm/classfile/classFileParser.cpp ++++ openjdk/hotspot/src/share/vm/classfile/classFileParser.cpp +@@ -3969,6 +3969,11 @@ instanceKlassHandle ClassFileParser::parseClassFile(Symbol* name, + // Make sure this is the end of class file stream + guarantee_property(cfs->at_eos(), "Extra bytes at the end of class file %s", CHECK_(nullHandle)); + ++ if (_class_name == vmSymbols::java_lang_Object()) { ++ check_property(_local_interfaces == Universe::the_empty_klass_array(), ++ "java.lang.Object cannot implement an interface in class file %s", ++ CHECK_(nullHandle)); ++ } + // We check super class after class file is parsed and format is checked + if (super_class_index > 0 && super_klass.is_null()) { + Symbol* sk = cp->klass_name_at(super_class_index); +diff --git a/hotspot/src/share/vm/classfile/stackMapTableFormat.hpp b/hotspot/src/share/vm/classfile/stackMapTableFormat.hpp +index 8bfa625..469a6b5 100644 +--- openjdk/hotspot/src/share/vm/classfile/stackMapTableFormat.hpp ++++ openjdk/hotspot/src/share/vm/classfile/stackMapTableFormat.hpp +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -203,6 +203,7 @@ class stack_map_frame { + inline bool verify(address start, address end) const; + + inline void print_on(outputStream* st, int current_offset) const; ++ inline void print_truncated(outputStream* st, int current_offset) const; + + // Create as_xxx and is_xxx methods for the subtypes + #define FRAME_TYPE_DECL(stackmap_frame_type, arg1, arg2) \ +@@ -263,6 +264,10 @@ class same_frame : public stack_map_frame { + void print_on(outputStream* st, int current_offset = -1) const { + st->print("same_frame(@%d)", offset_delta() + current_offset); + } ++ ++ void print_truncated(outputStream* st, int current_offset = -1) const { ++ print_on(st, current_offset); ++ } + }; + + class same_frame_extended : public stack_map_frame { +@@ -309,6 +314,10 @@ class same_frame_extended : public stack_map_frame { + void print_on(outputStream* st, int current_offset = -1) const { + st->print("same_frame_extended(@%d)", offset_delta() + current_offset); + } ++ ++ void print_truncated(outputStream* st, int current_offset = -1) const { ++ print_on(st, current_offset); ++ } + }; + + class same_locals_1_stack_item_frame : public stack_map_frame { +@@ -381,6 +390,11 @@ class same_locals_1_stack_item_frame : public stack_map_frame { + types()->print_on(st); + st->print(")"); + } ++ ++ void print_truncated(outputStream* st, int current_offset = -1) const { ++ st->print("same_locals_1_stack_item_frame(@%d), output truncated, Stackmap exceeds table size.", ++ offset_delta() + current_offset); ++ } + }; + + class same_locals_1_stack_item_extended : public stack_map_frame { +@@ -446,6 +460,11 @@ class same_locals_1_stack_item_extended : public stack_map_frame { + types()->print_on(st); + st->print(")"); + } ++ ++ void print_truncated(outputStream* st, int current_offset = -1) const { ++ st->print("same_locals_1_stack_item_extended(@%d), output truncated, Stackmap exceeds table size.", ++ offset_delta() + current_offset); ++ } + }; + + class chop_frame : public stack_map_frame { +@@ -511,6 +530,10 @@ class chop_frame : public stack_map_frame { + void print_on(outputStream* st, int current_offset = -1) const { + st->print("chop_frame(@%d,%d)", offset_delta() + current_offset, chops()); + } ++ ++ void print_truncated(outputStream* st, int current_offset = -1) const { ++ print_on(st, current_offset); ++ } + }; + + class append_frame : public stack_map_frame { +@@ -619,6 +642,11 @@ class append_frame : public stack_map_frame { + } + st->print(")"); + } ++ ++ void print_truncated(outputStream* st, int current_offset = -1) const { ++ st->print("append_frame(@%d), output truncated, Stackmap exceeds table size.", ++ offset_delta() + current_offset); ++ } + }; + + class full_frame : public stack_map_frame { +@@ -784,6 +812,11 @@ class full_frame : public stack_map_frame { + } + st->print("})"); + } ++ ++ void print_truncated(outputStream* st, int current_offset = -1) const { ++ st->print("full_frame(@%d), output truncated, Stackmap exceeds table size.", ++ offset_delta() + current_offset); ++ } + }; + + #define VIRTUAL_DISPATCH(stack_frame_type, func_name, args) \ +@@ -841,6 +874,10 @@ void stack_map_frame::print_on(outputStream* st, int offs = -1) const { + FOR_EACH_STACKMAP_FRAME_TYPE(VOID_VIRTUAL_DISPATCH, print_on, (st, offs)); + } + ++void stack_map_frame::print_truncated(outputStream* st, int offs = -1) const { ++ FOR_EACH_STACKMAP_FRAME_TYPE(VOID_VIRTUAL_DISPATCH, print_truncated, (st, offs)); ++} ++ + #undef VIRTUAL_DISPATCH + #undef VOID_VIRTUAL_DISPATCH + +diff --git a/hotspot/src/share/vm/classfile/verifier.cpp b/hotspot/src/share/vm/classfile/verifier.cpp +index cf43fd0..8381e0c 100644 +--- openjdk/hotspot/src/share/vm/classfile/verifier.cpp ++++ openjdk/hotspot/src/share/vm/classfile/verifier.cpp +@@ -507,8 +507,19 @@ void ErrorContext::stackmap_details(outputStream* ss, const Method* method) cons + stack_map_frame* sm_frame = sm_table->entries(); + streamIndentor si2(ss); + int current_offset = -1; ++ // Subtract two from StackMapAttribute length because the length includes ++ // two bytes for number of table entries. ++ size_t sm_table_space = method->stackmap_data()->length() - 2; + for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { + ss->indent(); ++ size_t sm_frame_size = sm_frame->size(); ++ // If the size of the next stackmap exceeds the length of the entire ++ // stackmap table then print a truncated message and return. ++ if (sm_frame_size > sm_table_space) { ++ sm_frame->print_truncated(ss, current_offset); ++ return; ++ } ++ sm_table_space -= sm_frame_size; + sm_frame->print_on(ss, current_offset); + ss->cr(); + current_offset += sm_frame->offset_delta(); +diff --git a/hotspot/src/share/vm/opto/lcm.cpp b/hotspot/src/share/vm/opto/lcm.cpp +index 4e19ed3..3a6e726 100644 +--- openjdk/hotspot/src/share/vm/opto/lcm.cpp ++++ openjdk/hotspot/src/share/vm/opto/lcm.cpp +@@ -1090,11 +1090,12 @@ void PhaseCFG::call_catch_cleanup(Block* block) { + Block *sb = block->_succs[i]; + // Clone the entire area; ignoring the edge fixup for now. + for( uint j = end; j > beg; j-- ) { +- // It is safe here to clone a node with anti_dependence +- // since clones dominate on each path. + Node *clone = block->get_node(j-1)->clone(); + sb->insert_node(clone, 1); + map_node_to_block(clone, sb); ++ if (clone->needs_anti_dependence_check()) { ++ insert_anti_dependences(sb, clone); ++ } + } + } + +diff --git a/hotspot/src/share/vm/prims/jvm.cpp b/hotspot/src/share/vm/prims/jvm.cpp +index 7a8b9b2..1dd321c 100644 +--- openjdk/hotspot/src/share/vm/prims/jvm.cpp ++++ openjdk/hotspot/src/share/vm/prims/jvm.cpp +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -2636,7 +2636,6 @@ JVM_ENTRY(const char*, JVM_GetCPMethodNameUTF(JNIEnv *env, jclass cls, jint cp_i + switch (cp->tag_at(cp_index).value()) { + case JVM_CONSTANT_InterfaceMethodref: + case JVM_CONSTANT_Methodref: +- case JVM_CONSTANT_NameAndType: // for invokedynamic + return cp->uncached_name_ref_at(cp_index)->as_utf8(); + default: + fatal("JVM_GetCPMethodNameUTF: illegal constant"); +@@ -2654,7 +2653,6 @@ JVM_ENTRY(const char*, JVM_GetCPMethodSignatureUTF(JNIEnv *env, jclass cls, jint + switch (cp->tag_at(cp_index).value()) { + case JVM_CONSTANT_InterfaceMethodref: + case JVM_CONSTANT_Methodref: +- case JVM_CONSTANT_NameAndType: // for invokedynamic + return cp->uncached_signature_ref_at(cp_index)->as_utf8(); + default: + fatal("JVM_GetCPMethodSignatureUTF: illegal constant"); +@@ -2880,7 +2878,18 @@ ATTRIBUTE_PRINTF(3, 0) + int jio_vsnprintf(char *str, size_t count, const char *fmt, va_list args) { + // see bug 4399518, 4417214 + if ((intptr_t)count <= 0) return -1; +- return vsnprintf(str, count, fmt, args); ++ ++ int result = vsnprintf(str, count, fmt, args); ++ // Note: on truncation vsnprintf(3) on Unix returns number of ++ // characters which would have been written had the buffer been large ++ // enough; on Windows, it returns -1. We handle both cases here and ++ // always return -1, and perform null termination. ++ if ((result > 0 && (size_t)result >= count) || result == -1) { ++ str[count - 1] = '\0'; ++ result = -1; ++ } ++ ++ return result; + } + + ATTRIBUTE_PRINTF(3, 0) +diff --git a/hotspot/src/share/vm/runtime/arguments.cpp b/hotspot/src/share/vm/runtime/arguments.cpp +index 6e64938..5bc8b3b 100644 +--- openjdk/hotspot/src/share/vm/runtime/arguments.cpp ++++ openjdk/hotspot/src/share/vm/runtime/arguments.cpp +@@ -560,8 +560,9 @@ char* SysClassPath::add_jars_to_path(char* path, const char* directory) { + (os::file_name_strcmp(ext, ".jar") == 0 || + os::file_name_strcmp(ext, ".zip") == 0); + if (isJarOrZip) { +- char* jarpath = NEW_C_HEAP_ARRAY(char, directory_len + 2 + strlen(name), mtInternal); +- sprintf(jarpath, "%s%s%s", directory, dir_sep, name); ++ size_t length = directory_len + 2 + strlen(name); ++ char* jarpath = NEW_C_HEAP_ARRAY(char, length, mtInternal); ++ jio_snprintf(jarpath, length, "%s%s%s", directory, dir_sep, name); + path = add_to_path(path, jarpath, false); + FREE_C_HEAP_ARRAY(char, jarpath, mtInternal); + } +@@ -704,9 +705,10 @@ static bool append_to_string_flag(char* name, const char* new_value, Flag::Flags + } else if (new_len == 0) { + value = old_value; + } else { +- char* buf = NEW_C_HEAP_ARRAY(char, old_len + 1 + new_len + 1, mtInternal); ++ size_t length = old_len + 1 + new_len + 1; ++ char* buf = NEW_C_HEAP_ARRAY(char, length, mtInternal); + // each new setting adds another LINE to the switch: +- sprintf(buf, "%s\n%s", old_value, new_value); ++ jio_snprintf(buf, length, "%s\n%s", old_value, new_value); + value = buf; + free_this_too = buf; + } +@@ -813,15 +815,17 @@ const char* Arguments::build_resource_string(char** args, int count) { + if (args == NULL || count == 0) { + return NULL; + } +- size_t length = strlen(args[0]) + 1; // add 1 for the null terminator +- for (int i = 1; i < count; i++) { +- length += strlen(args[i]) + 1; // add 1 for a space ++ size_t length = 0; ++ for (int i = 0; i < count; i++) { ++ length += strlen(args[i]) + 1; // add 1 for a space or NULL terminating character + } + char* s = NEW_RESOURCE_ARRAY(char, length); +- strcpy(s, args[0]); +- for (int j = 1; j < count; j++) { +- strcat(s, " "); +- strcat(s, args[j]); ++ char* dst = s; ++ for (int j = 0; j < count; j++) { ++ size_t offset = strlen(args[j]) + 1; // add 1 for a space or NULL terminating character ++ jio_snprintf(dst, length, "%s ", args[j]); // jio_snprintf will replace the last space character with NULL character ++ dst += offset; ++ length -= offset; + } + return (const char*) s; + } +@@ -1890,7 +1894,7 @@ void Arguments::set_aggressive_opts_flags() { + + // Feed the cache size setting into the JDK + char buffer[1024]; +- sprintf(buffer, "java.lang.Integer.IntegerCache.high=" INTX_FORMAT, AutoBoxCacheMax); ++ jio_snprintf(buffer, 1024, "java.lang.Integer.IntegerCache.high=" INTX_FORMAT, AutoBoxCacheMax); + add_property(buffer); + } + if (AggressiveOpts && FLAG_IS_DEFAULT(BiasedLockingStartupDelay)) { +@@ -2765,7 +2769,9 @@ jint Arguments::parse_each_vm_init_arg(const JavaVMInitArgs* args, + + char *options = NULL; + if(pos != NULL) { +- options = strcpy(NEW_C_HEAP_ARRAY(char, strlen(pos + 1) + 1, mtInternal), pos + 1); ++ size_t length = strlen(pos + 1) + 1; ++ options = NEW_C_HEAP_ARRAY(char, length, mtInternal); ++ jio_snprintf(options, length, "%s", pos + 1); + } + #if !INCLUDE_JVMTI + if (valid_hprof_or_jdwp_agent(name, is_absolute_path)) { +@@ -2784,7 +2790,9 @@ jint Arguments::parse_each_vm_init_arg(const JavaVMInitArgs* args, + return JNI_ERR; + #else + if(tail != NULL) { +- char *options = strcpy(NEW_C_HEAP_ARRAY(char, strlen(tail) + 1, mtInternal), tail); ++ size_t length = strlen(tail) + 1; ++ char *options = NEW_C_HEAP_ARRAY(char, length, mtInternal); ++ jio_snprintf(options, length, "%s", tail); + add_init_agent("instrument", options, false); + } + #endif // !INCLUDE_JVMTI +@@ -3622,8 +3630,7 @@ jint Arguments::finalize_vm_init_args(SysClassPath* scp_p, bool scp_assembly_req + } + } else { + char buffer[256]; +- strcpy(buffer, "java.awt.headless="); +- strcat(buffer, envbuffer); ++ jio_snprintf(buffer, 256, "java.awt.headless=%s", envbuffer); + if (!add_property(buffer)) { + return JNI_ENOMEM; + } +@@ -3722,6 +3729,14 @@ jint Arguments::parse_options_environment_variable(const char* name, SysClassPat + + void Arguments::set_shared_spaces_flags() { + if (DumpSharedSpaces) { ++ if (FailOverToOldVerifier) { ++ // Don't fall back to the old verifier on verification failure. If a ++ // class fails verification with the split verifier, it might fail the ++ // CDS runtime verifier constraint check. In that case, we don't want ++ // to share the class. We only archive classes that pass the split verifier. ++ FLAG_SET_DEFAULT(FailOverToOldVerifier, false); ++ } ++ + if (RequireSharedSpaces) { + warning("cannot dump shared archive while using shared archive"); + } +diff --git a/hotspot/src/share/vm/runtime/deoptimization.cpp b/hotspot/src/share/vm/runtime/deoptimization.cpp +index 1fe6110..1a61956 100644 +--- openjdk/hotspot/src/share/vm/runtime/deoptimization.cpp ++++ openjdk/hotspot/src/share/vm/runtime/deoptimization.cpp +@@ -1886,8 +1886,6 @@ const char* Deoptimization::format_trap_state(char* buf, size_t buflen, + trap_reason_name(reason), + recomp_flag ? " recompiled" : ""); + } +- if (len >= buflen) +- buf[buflen-1] = '\0'; + return buf; + } + +@@ -1957,8 +1955,6 @@ const char* Deoptimization::format_trap_request(char* buf, size_t buflen, + len = jio_snprintf(buf, buflen, "reason='%s' action='%s' index='%d'", + reason, action, unloaded_class_index); + } +- if (len >= buflen) +- buf[buflen-1] = '\0'; + return buf; + } + +diff --git a/hotspot/src/share/vm/runtime/java.cpp b/hotspot/src/share/vm/runtime/java.cpp +index 8497c69..8aad421 100644 +--- openjdk/hotspot/src/share/vm/runtime/java.cpp ++++ openjdk/hotspot/src/share/vm/runtime/java.cpp +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -776,25 +776,36 @@ int JDK_Version::compare(const JDK_Version& other) const { + } + + void JDK_Version::to_string(char* buffer, size_t buflen) const { ++ assert(buffer && buflen > 0, "call with useful buffer"); + size_t index = 0; + if (!is_valid()) { + jio_snprintf(buffer, buflen, "%s", "(uninitialized)"); + } else if (is_partially_initialized()) { + jio_snprintf(buffer, buflen, "%s", "(uninitialized) pre-1.6.0"); + } else { +- index += jio_snprintf( ++ int rc = jio_snprintf( + &buffer[index], buflen - index, "%d.%d", _major, _minor); ++ if (rc == -1) return; ++ index += rc; + if (_micro > 0) { +- index += jio_snprintf(&buffer[index], buflen - index, ".%d", _micro); ++ rc = jio_snprintf(&buffer[index], buflen - index, ".%d", _micro); ++ if (rc == -1) return; ++ index += rc; + } + if (_update > 0) { +- index += jio_snprintf(&buffer[index], buflen - index, "_%02d", _update); ++ rc = jio_snprintf(&buffer[index], buflen - index, "_%02d", _update); ++ if (rc == -1) return; ++ index += rc; + } + if (_special > 0) { +- index += jio_snprintf(&buffer[index], buflen - index, "%c", _special); ++ rc = jio_snprintf(&buffer[index], buflen - index, "%c", _special); ++ if (rc == -1) return; ++ index += rc; + } + if (_build > 0) { +- index += jio_snprintf(&buffer[index], buflen - index, "-b%02d", _build); ++ rc = jio_snprintf(&buffer[index], buflen - index, "-b%02d", _build); ++ if (rc == -1) return; ++ index += rc; + } + } + } +diff --git a/hotspot/src/share/vm/runtime/sharedRuntime.cpp b/hotspot/src/share/vm/runtime/sharedRuntime.cpp +index d15b28a..f966e75 100644 +--- openjdk/hotspot/src/share/vm/runtime/sharedRuntime.cpp ++++ openjdk/hotspot/src/share/vm/runtime/sharedRuntime.cpp +@@ -2856,8 +2856,6 @@ VMRegPair *SharedRuntime::find_callee_arguments(Symbol* sig, bool has_receiver, + char *s = sig->as_C_string(); + int len = (int)strlen(s); + s++; len--; // Skip opening paren +- char *t = s+len; +- while( *(--t) != ')' ) ; // Find close paren + + BasicType *sig_bt = NEW_RESOURCE_ARRAY( BasicType, 256 ); + VMRegPair *regs = NEW_RESOURCE_ARRAY( VMRegPair, 256 ); +@@ -2866,7 +2864,7 @@ VMRegPair *SharedRuntime::find_callee_arguments(Symbol* sig, bool has_receiver, + sig_bt[cnt++] = T_OBJECT; // Receiver is argument 0; not in signature + } + +- while( s < t ) { ++ while( *s != ')' ) { // Find closing right paren + switch( *s++ ) { // Switch on signature character + case 'B': sig_bt[cnt++] = T_BYTE; break; + case 'C': sig_bt[cnt++] = T_CHAR; break; +diff --git a/hotspot/src/share/vm/runtime/signature.cpp b/hotspot/src/share/vm/runtime/signature.cpp +index dd3ed8b..975c1f4 100644 +--- openjdk/hotspot/src/share/vm/runtime/signature.cpp ++++ openjdk/hotspot/src/share/vm/runtime/signature.cpp +@@ -225,7 +225,49 @@ void SignatureIterator::iterate_returntype() { + _index = 0; + expect('('); + Symbol* sig = _signature; +- while (sig->byte_at(_index) != ')') _index++; ++ // Need to skip over each type in the signature's argument list until a ++ // closing ')' is found., then get the return type. We cannot just scan ++ // for the first ')' because ')' is a legal character in a type name. ++ while (sig->byte_at(_index) != ')') { ++ switch(sig->byte_at(_index)) { ++ case 'B': ++ case 'C': ++ case 'D': ++ case 'F': ++ case 'I': ++ case 'J': ++ case 'S': ++ case 'Z': ++ case 'V': ++ { ++ _index++; ++ } ++ break; ++ case 'L': ++ { ++ while (sig->byte_at(_index++) != ';') ; ++ } ++ break; ++ case '[': ++ { ++ int begin = ++_index; ++ skip_optional_size(); ++ while (sig->byte_at(_index) == '[') { ++ _index++; ++ skip_optional_size(); ++ } ++ if (sig->byte_at(_index) == 'L') { ++ while (sig->byte_at(_index++) != ';') ; ++ } else { ++ _index++; ++ } ++ } ++ break; ++ default: ++ ShouldNotReachHere(); ++ break; ++ } ++ } + expect(')'); + // Parse return type + _parameter_index = -1; +diff --git a/jdk/make/mapfiles/libjava/mapfile-vers b/jdk/make/mapfiles/libjava/mapfile-vers +index 618d501..1b371a2 100644 +--- openjdk/jdk/make/mapfiles/libjava/mapfile-vers ++++ openjdk/jdk/make/mapfiles/libjava/mapfile-vers +@@ -56,6 +56,7 @@ SUNWprivate_1.1 { + JNU_ThrowArrayIndexOutOfBoundsException; + JNU_ThrowByName; + JNU_ThrowByNameWithLastError; ++ JNU_ThrowByNameWithMessageAndLastError; + JNU_ThrowClassNotFoundException; + JNU_ThrowIllegalAccessError; + JNU_ThrowIllegalAccessException; +diff --git a/jdk/src/macosx/native/com/sun/media/sound/PLATFORM_API_MacOSX_PCM.cpp b/jdk/src/macosx/native/com/sun/media/sound/PLATFORM_API_MacOSX_PCM.cpp +index 40cddfc..cadbb11 100644 +--- openjdk/jdk/src/macosx/native/com/sun/media/sound/PLATFORM_API_MacOSX_PCM.cpp ++++ openjdk/jdk/src/macosx/native/com/sun/media/sound/PLATFORM_API_MacOSX_PCM.cpp +@@ -817,6 +817,10 @@ void* DAUDIO_Open(INT32 mixerIndex, INT32 deviceID, int isSource, + ERROR1("< findClass(String name) throws ClassNotFoundException { ++ Class cls; + try { +- return repository.loadClass(name); ++ cls = repository.loadClass(name); + } catch (ClassNotFoundException cne) { + if (cl2 != null) { + return cl2.loadClass(name); +@@ -48,6 +49,15 @@ public class ClassLoaderWithRepository extends ClassLoader { + throw cne; + } + } ++ ++ if(!cls.getName().equals(name)){ ++ if (cl2 != null) { ++ return cl2.loadClass(name); ++ } else { ++ throw new ClassNotFoundException(name); ++ } ++ } ++ return cls; + } + + private ClassLoaderRepository repository; +diff --git a/jdk/src/share/classes/javax/swing/JEditorPane.java b/jdk/src/share/classes/javax/swing/JEditorPane.java +index 0df1181..9707523 100644 +--- openjdk/jdk/src/share/classes/javax/swing/JEditorPane.java ++++ openjdk/jdk/src/share/classes/javax/swing/JEditorPane.java +@@ -24,15 +24,12 @@ + */ + package javax.swing; + +-import sun.swing.SwingUtilities2; + + import java.awt.*; +-import java.awt.event.*; + import java.lang.reflect.*; + import java.net.*; + import java.util.*; + import java.io.*; +-import java.util.*; + + import javax.swing.plaf.*; + import javax.swing.text.*; +@@ -1244,7 +1241,11 @@ public class JEditorPane extends JTextComponent { + */ + public static void registerEditorKitForContentType(String type, String classname, ClassLoader loader) { + getKitTypeRegistry().put(type, classname); +- getKitLoaderRegistry().put(type, loader); ++ if (loader != null) { ++ getKitLoaderRegistry().put(type, loader); ++ } else { ++ getKitLoaderRegistry().remove(type); ++ } + getKitRegisty().remove(type); + } + +diff --git a/jdk/src/share/classes/sun/awt/image/SunVolatileImage.java b/jdk/src/share/classes/sun/awt/image/SunVolatileImage.java +index 97e2011..e5e8ca9 100644 +--- openjdk/jdk/src/share/classes/sun/awt/image/SunVolatileImage.java ++++ openjdk/jdk/src/share/classes/sun/awt/image/SunVolatileImage.java +@@ -70,6 +70,10 @@ public class SunVolatileImage extends VolatileImage + { + this.comp = comp; + this.graphicsConfig = graphicsConfig; ++ if (width <= 0 || height <= 0) { ++ throw new IllegalArgumentException("Width (" + width + ")" + ++ " and height (" + height + ") cannot be <= 0"); ++ } + this.width = width; + this.height = height; + this.forcedAccelSurfaceType = accType; +diff --git a/jdk/src/share/classes/sun/launcher/resources/launcher_zh_TW.properties b/jdk/src/share/classes/sun/launcher/resources/launcher_zh_TW.properties +index 949c138..ecd952d 100644 +--- openjdk/jdk/src/share/classes/sun/launcher/resources/launcher_zh_TW.properties ++++ openjdk/jdk/src/share/classes/sun/launcher/resources/launcher_zh_TW.properties +@@ -34,7 +34,7 @@ java.launcher.ergo.message1 =\ \u9810\u8A2D\u7684 VM \u70BA {0 + java.launcher.ergo.message2 =\ \u56E0\u70BA\u60A8\u6B63\u5728\u4F3A\u670D\u5668\u985E\u5225\u6A5F\u5668\u4E0A\u57F7\u884C\u3002\n + + # Translators please note do not translate the options themselves +-java.launcher.opt.footer =\ -cp \n -classpath \n \u4F7F\u7528 {0} \u5340\u9694\u7684\u76EE\u9304\u3001JAR \u5B58\u6A94\u4EE5\u53CA\n ZIP \u5B58\u6A94\u6E05\u55AE\u4F86\u641C\u5C0B\u985E\u5225\u6A94\u6848\u3002\n -D=\n \u8A2D\u5B9A\u7CFB\u7D71\u5C6C\u6027\n -verbose:[class|gc|jni]\n \u555F\u7528\u8A73\u7D30\u8CC7\u8A0A\u8F38\u51FA\n -version \u5217\u5370\u7522\u54C1\u7248\u672C\u4E26\u7D50\u675F\n -version:\n \u8B66\u544A: \u6B64\u529F\u80FD\u5DF2\u4E0D\u518D\u4F7F\u7528\uFF0C\u5C07\u6703\u5F9E\n \u672A\u4F86\u7248\u672C\u4E2D\u79FB\u9664\u3002\n \u9700\u8981\u6307\u5B9A\u7684\u7248\u672C\u624D\u80FD\u57F7\u884C\n -showversion \u5217\u5370\u7522\u54C1\u7248\u672C\u4E26\u7E7C\u7E8C\n -jre-restrict-search | -no-jre-restrict-search\n \u8B66\u544A: \u6B64\u529F\u80FD\u5DF2\u4E0D\u518D\u4F7F\u7528\uFF0C\u5C07\u6703\u5F9E\n \u672A\u4F86\u7248\u672C\u4E2D\u79FB\u9664\u3002\n \u5728\u7248\u672C\u641C\u5C0B\u4E2D\u5305\u62EC/\u6392\u9664\u4F7F\u7528\u8005\u5C08\u7528 JRE\n -? -help \u5217\u5370\u6B64\u8AAA\u660E\u8A0A\u606F\n -X \u5217\u5370\u975E\u6A19\u6E96\u9078\u9805\u7684\u8AAA\u660E\n -ea[:...|:]\n -enableassertions[:...|:]\n \u555F\u7528\u542B\u6307\u5B9A\u8A73\u7D30\u7A0B\u5EA6\u7684\u5BA3\u544A\n -da[:...|:]\n -disableassertions[:...|:]\n \u505C\u7528\u542B\u6307\u5B9A\u8A73\u7D30\u7A0B\u5EA6\u7684\u5BA3\u544A\n -esa | -enablesystemassertions\n \u555F\u7528\u7CFB\u7D71\u5BA3\u544A\n -dsa | -disablesystemassertions\n \u505C\u7528\u7CFB\u7D71\u5BA3\u544A\n -agentlib:[=]\n \u8F09\u5165\u539F\u751F\u4EE3\u7406\u7A0B\u5F0F\u7A0B\u5F0F\u5EAB \uFF0C\u4F8B\u5982 -agentlib:hprof\n \u53E6\u8ACB\u53C3\u95B1 -agentlib:jdwp=help \u8207 -agentlib:hprof=help\n -agentpath:[=]\n \u4F7F\u7528\u5B8C\u6574\u8DEF\u5F91\u540D\u7A31\u8F09\u5165\u539F\u751F\u4EE3\u7406\u7A0B\u5F0F\u7A0B\u5F0F\u5EAB\n -javaagent:[=]\n \u8F09\u5165 Java \u7A0B\u5F0F\u8A9E\u8A00\u4EE3\u7406\u7A0B\u5F0F\uFF0C\u8ACB\u53C3\u95B1 java.lang.instrument\n -splash:\n \u986F\u793A\u6307\u5B9A\u5F71\u50CF\u7684\u8EDF\u9AD4\u8CC7\u8A0A\u756B\u9762\n\u8ACB\u53C3\u95B1 http://www.oracle.com/technetwork/java/javase/documentation/index.html \u66B8\u89E3\u8A73\u7D30\u8CC7\u8A0A\u3002 ++java.launcher.opt.footer =\ -cp <\u76EE\u9304\u53CA zip/jar \u6A94\u6848\u7684\u985E\u5225\u641C\u5C0B\u8DEF\u5F91>\n -classpath <\u76EE\u9304\u53CA zip/jar \u6A94\u6848\u7684\u985E\u5225\u641C\u5C0B\u8DEF\u5F91>\n \u4F7F\u7528 {0} \u5340\u9694\u7684\u76EE\u9304\u3001JAR \u5B58\u6A94\u4EE5\u53CA ZIP \u5B58\u6A94\u6E05\u55AE\u4F86\u641C\u5C0B\u985E\u5225\u6A94\u6848\u3002\n -D=\n \u8A2D\u5B9A\u7CFB\u7D71\u5C6C\u6027\n -verbose:[class|gc|jni]\n \u555F\u7528\u8A73\u7D30\u8CC7\u8A0A\u8F38\u51FA\n -version \u5217\u5370\u7522\u54C1\u7248\u672C\u4E26\u7D50\u675F\n -version:\n \u8B66\u544A: \u6B64\u529F\u80FD\u5DF2\u4E0D\u518D\u4F7F\u7528\uFF0C\u5C07\u6703\u5F9E\u672A\u4F86\u7248\u672C\u4E2D\u79FB\u9664\u3002\n \u9700\u8981\u6307\u5B9A\u7684\u7248\u672C\u624D\u80FD\u57F7\u884C\n -showversion \u5217\u5370\u7522\u54C1\u7248\u672C\u4E26\u7E7C\u7E8C\n -jre-restrict-search | -no-jre-restrict-search\n \u8B66\u544A: \u6B64\u529F\u80FD\u5DF2\u4E0D\u518D\u4F7F\u7528\uFF0C\u5C07\u6703\u5F9E\u672A\u4F86\u7248\u672C\u4E2D\u79FB\u9664\u3002\n \u5728\u7248\u672C\u641C\u5C0B\u4E2D\u5305\u62EC/\u6392\u9664\u4F7F\u7528\u8005\u5C08\u7528 JRE\n -? -help \u5217\u5370\u6B64\u8AAA\u660E\u8A0A\u606F\n -X \u5217\u5370\u975E\u6A19\u6E96\u9078\u9805\u7684\u8AAA\u660E\n -ea[:...|:]\n -enableassertions[:...|:]\n \u555F\u7528\u542B\u6307\u5B9A\u8A73\u7D30\u7A0B\u5EA6\u7684\u5BA3\u544A\n -da[:...|:]\n -disableassertions[:...|:]\n \u505C\u7528\u542B\u6307\u5B9A\u8A73\u7D30\u7A0B\u5EA6\u7684\u5BA3\u544A\n -esa | -enablesystemassertions\n \u555F\u7528\u7CFB\u7D71\u5BA3\u544A\n -dsa | -disablesystemassertions\n \u505C\u7528\u7CFB\u7D71\u5BA3\u544A\n -agentlib:[=]\n \u8F09\u5165\u539F\u751F\u4EE3\u7406\u7A0B\u5F0F\u7A0B\u5F0F\u5EAB \uFF0C\u4F8B\u5982 -agentlib:hprof\n \u53E6\u8ACB\u53C3\u95B1 -agentlib:jdwp=help \u8207 -agentlib:hprof=help\n -agentpath:[=]\n \u4F7F\u7528\u5B8C\u6574\u8DEF\u5F91\u540D\u7A31\u8F09\u5165\u539F\u751F\u4EE3\u7406\u7A0B\u5F0F\u7A0B\u5F0F\u5EAB\n -javaagent:[=]\n \u8F09\u5165 Java \u7A0B\u5F0F\u8A9E\u8A00\u4EE3\u7406\u7A0B\u5F0F\uFF0C\u8ACB\u53C3\u95B1 java.lang.instrument\n -splash:\n \u986F\u793A\u6307\u5B9A\u5F71\u50CF\u7684\u8EDF\u9AD4\u8CC7\u8A0A\u756B\u9762\n\u8ACB\u53C3\u95B1 http://www.oracle.com/technetwork/java/javase/documentation/index.html \u66B8\u89E3\u8A73\u7D30\u8CC7\u8A0A\u3002 + + # Translators please note do not translate the options themselves + java.launcher.X.usage=\ -Xmixed \u6DF7\u5408\u6A21\u5F0F\u57F7\u884C (\u9810\u8A2D)\n -Xint \u50C5\u9650\u89E3\u8B6F\u6A21\u5F0F\u57F7\u884C\n -Xbootclasspath:<\u4EE5 {0} \u5206\u9694\u7684\u76EE\u9304\u548C zip/jar \u6A94\u6848>\n \u8A2D\u5B9A\u555F\u52D5\u5B89\u88DD\u985E\u5225\u548C\u8CC7\u6E90\u7684\u641C\u5C0B\u8DEF\u5F91\n -Xbootclasspath/a:<\u4EE5 {0} \u5206\u9694\u7684\u76EE\u9304\u548C zip/jar \u6A94\u6848>\n \u9644\u52A0\u5728\u555F\u52D5\u5B89\u88DD\u985E\u5225\u8DEF\u5F91\u7684\u7D50\u5C3E\n -Xbootclasspath/p:<\u4EE5 {0} \u5206\u9694\u7684\u76EE\u9304\u548C zip/jar \u6A94\u6848>\n \u9644\u52A0\u5728\u555F\u52D5\u5B89\u88DD\u985E\u5225\u8DEF\u5F91\u7684\u524D\u9762\n -Xdiag \u986F\u793A\u5176\u4ED6\u7684\u8A3A\u65B7\u8A0A\u606F\n -Xnoclassgc \u505C\u7528\u985E\u5225\u8CC7\u6E90\u56DE\u6536\n -Xincgc \u555F\u7528\u6F38\u9032\u8CC7\u6E90\u56DE\u6536\n -Xloggc: \u5229\u7528\u6642\u6233\u5C07 GC \u72C0\u614B\u8A18\u9304\u81F3\u6A94\u6848\u4E2D\n -Xbatch \u505C\u7528\u80CC\u666F\u7DE8\u8B6F\n -Xms \u8A2D\u5B9A\u8D77\u59CB Java \u5806\u96C6\u5927\u5C0F\n -Xmx \u8A2D\u5B9A Java \u5806\u96C6\u5927\u5C0F\u4E0A\u9650\n -Xss \u8A2D\u5B9A Java \u57F7\u884C\u7DD2\u5806\u758A\u5927\u5C0F\n -Xprof \u8F38\u51FA CPU \u5206\u6790\u8CC7\u6599\n -Xfuture \u555F\u7528\u6700\u56B4\u683C\u7684\u6AA2\u67E5\uFF0C\u9810\u5148\u4F5C\u70BA\u5C07\u4F86\u7684\u9810\u8A2D\n -Xrs \u6E1B\u5C11 Java/VM \u4F7F\u7528\u4F5C\u696D\u7CFB\u7D71\u4FE1\u865F (\u8ACB\u53C3\u95B1\u6587\u4EF6)\n -Xcheck:jni \u57F7\u884C\u5176\u4ED6\u7684 JNI \u51FD\u6578\u6AA2\u67E5\n -Xshare:off \u4E0D\u5617\u8A66\u4F7F\u7528\u5171\u7528\u985E\u5225\u8CC7\u6599\n -Xshare:auto \u5118\u53EF\u80FD\u4F7F\u7528\u5171\u7528\u985E\u5225\u8CC7\u6599 (\u9810\u8A2D)\n -Xshare:on \u9700\u8981\u4F7F\u7528\u5171\u7528\u985E\u5225\u8CC7\u6599\uFF0C\u5426\u5247\u5931\u6557\u3002\n -XshowSettings \u986F\u793A\u6240\u6709\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\n -XshowSettings:all\n \u986F\u793A\u6240\u6709\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\n -XshowSettings:vm \u986F\u793A\u6240\u6709 VM \u76F8\u95DC\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\n -XshowSettings:properties\n \u986F\u793A\u6240\u6709\u5C6C\u6027\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\n -XshowSettings:locale\n \u986F\u793A\u6240\u6709\u5730\u5340\u8A2D\u5B9A\u76F8\u95DC\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\n\n -X \u9078\u9805\u4E0D\u662F\u6A19\u6E96\u9078\u9805\uFF0C\u82E5\u6709\u8B8A\u66F4\u4E0D\u53E6\u884C\u901A\u77E5\u3002\n +diff --git a/jdk/src/share/classes/sun/misc/resources/Messages.java b/jdk/src/share/classes/sun/misc/resources/Messages.java +index 56f76bb..23c5b29 100644 +--- openjdk/jdk/src/share/classes/sun/misc/resources/Messages.java ++++ openjdk/jdk/src/share/classes/sun/misc/resources/Messages.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2002, 2005, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -32,21 +32,19 @@ package sun.misc.resources; + * @author Michael Colburn + */ + +-public class Messages extends java.util.ListResourceBundle { ++public final class Messages extends java.util.ListResourceBundle { + + /** + * Returns the contents of this ResourceBundle. + *

+ * @return the contents of this ResourceBundle. + */ +- public Object[][] getContents() { +- return contents; ++ protected Object[][] getContents() { ++ return new Object[][]{ ++ {"optpkg.versionerror", "ERROR: Invalid version format used in {0} JAR file. Check the documentation for the supported version format."}, ++ {"optpkg.attributeerror", "ERROR: The required {0} JAR manifest attribute is not set in {1} JAR file."}, ++ {"optpkg.attributeserror", "ERROR: Some required JAR manifest attributes are not set in {0} JAR file."} ++ }; + } + +- private static final Object[][] contents = { +- { "optpkg.versionerror", "ERROR: Invalid version format used in {0} JAR file. Check the documentation for the supported version format." }, +- { "optpkg.attributeerror", "ERROR: The required {0} JAR manifest attribute is not set in {1} JAR file." }, +- { "optpkg.attributeserror", "ERROR: Some required JAR manifest attributes are not set in {0} JAR file." } +- }; +- + } +diff --git a/jdk/src/share/classes/sun/misc/resources/Messages_de.java b/jdk/src/share/classes/sun/misc/resources/Messages_de.java +index e2961c5..84a0d8a 100644 +--- openjdk/jdk/src/share/classes/sun/misc/resources/Messages_de.java ++++ openjdk/jdk/src/share/classes/sun/misc/resources/Messages_de.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -32,21 +32,19 @@ package sun.misc.resources; + * @author Michael Colburn + */ + +-public class Messages_de extends java.util.ListResourceBundle { ++public final class Messages_de extends java.util.ListResourceBundle { + + /** + * Returns the contents of this ResourceBundle. + *

+ * @return the contents of this ResourceBundle. + */ +- public Object[][] getContents() { +- return contents; ++ protected Object[][] getContents() { ++ return new Object[][]{ ++ {"optpkg.versionerror", "ERROR: In JAR-Datei {0} wurde ein ung\u00FCltiges Versionsformat verwendet. Pr\u00FCfen Sie in der Dokumentation, welches Versionsformat unterst\u00FCtzt wird."}, ++ {"optpkg.attributeerror", "ERROR: In JAR-Datei {1} ist das erforderliche JAR-Manifestattribut {0} nicht festgelegt."}, ++ {"optpkg.attributeserror", "ERROR: In JAR-Datei {0} sind einige erforderliche JAR-Manifestattribute nicht festgelegt."} ++ }; + } + +- private static final Object[][] contents = { +- { "optpkg.versionerror", "ERROR: In JAR-Datei {0} wurde ein ung\u00FCltiges Versionsformat verwendet. Pr\u00FCfen Sie in der Dokumentation, welches Versionsformat unterst\u00FCtzt wird." }, +- { "optpkg.attributeerror", "ERROR: In JAR-Datei {1} ist das erforderliche JAR-Manifestattribut {0} nicht festgelegt." }, +- { "optpkg.attributeserror", "ERROR: In JAR-Datei {0} sind einige erforderliche JAR-Manifestattribute nicht festgelegt." } +- }; +- + } +diff --git a/jdk/src/share/classes/sun/misc/resources/Messages_es.java b/jdk/src/share/classes/sun/misc/resources/Messages_es.java +index 9e76201..297b0b1 100644 +--- openjdk/jdk/src/share/classes/sun/misc/resources/Messages_es.java ++++ openjdk/jdk/src/share/classes/sun/misc/resources/Messages_es.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -32,21 +32,19 @@ package sun.misc.resources; + * @author Michael Colburn + */ + +-public class Messages_es extends java.util.ListResourceBundle { ++public final class Messages_es extends java.util.ListResourceBundle { + + /** + * Returns the contents of this ResourceBundle. + *

+ * @return the contents of this ResourceBundle. + */ +- public Object[][] getContents() { +- return contents; ++ protected Object[][] getContents() { ++ return new Object[][]{ ++ {"optpkg.versionerror", "ERROR: el formato del archivo JAR {0} pertenece a una versi\u00F3n no v\u00E1lida. Busque en la documentaci\u00F3n el formato de una versi\u00F3n soportada."}, ++ {"optpkg.attributeerror", "ERROR: el atributo obligatorio JAR manifest {0} no est\u00E1 definido en el archivo JAR {1}."}, ++ {"optpkg.attributeserror", "ERROR: algunos atributos obligatorios JAR manifest no est\u00E1n definidos en el archivo JAR {0}."} ++ }; + } + +- private static final Object[][] contents = { +- { "optpkg.versionerror", "ERROR: el formato del archivo JAR {0} pertenece a una versi\u00F3n no v\u00E1lida. Busque en la documentaci\u00F3n el formato de una versi\u00F3n soportada." }, +- { "optpkg.attributeerror", "ERROR: el atributo obligatorio JAR manifest {0} no est\u00E1 definido en el archivo JAR {1}." }, +- { "optpkg.attributeserror", "ERROR: algunos atributos obligatorios JAR manifest no est\u00E1n definidos en el archivo JAR {0}." } +- }; +- + } +diff --git a/jdk/src/share/classes/sun/misc/resources/Messages_fr.java b/jdk/src/share/classes/sun/misc/resources/Messages_fr.java +index b742b26..3133ab1 100644 +--- openjdk/jdk/src/share/classes/sun/misc/resources/Messages_fr.java ++++ openjdk/jdk/src/share/classes/sun/misc/resources/Messages_fr.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -32,21 +32,19 @@ package sun.misc.resources; + * @author Michael Colburn + */ + +-public class Messages_fr extends java.util.ListResourceBundle { ++public final class Messages_fr extends java.util.ListResourceBundle { + + /** + * Returns the contents of this ResourceBundle. + *

+ * @return the contents of this ResourceBundle. + */ +- public Object[][] getContents() { +- return contents; ++ protected Object[][] getContents() { ++ return new Object[][]{ ++ {"optpkg.versionerror", "ERREUR\u00A0: le format de version utilis\u00E9 pour le fichier JAR {0} n''est pas valide. Pour conna\u00EEtre le format de version pris en charge, consultez la documentation."}, ++ {"optpkg.attributeerror", "ERREUR\u00A0: l''attribut manifest JAR {0} obligatoire n''est pas d\u00E9fini dans le fichier JAR {1}."}, ++ {"optpkg.attributeserror", "ERREUR\u00A0: certains attributs manifest JAR obligatoires ne sont pas d\u00E9finis dans le fichier JAR {0}."} ++ }; + } + +- private static final Object[][] contents = { +- { "optpkg.versionerror", "ERREUR\u00A0: le format de version utilis\u00E9 pour le fichier JAR {0} n''est pas valide. Pour conna\u00EEtre le format de version pris en charge, consultez la documentation." }, +- { "optpkg.attributeerror", "ERREUR\u00A0: l''attribut manifest JAR {0} obligatoire n''est pas d\u00E9fini dans le fichier JAR {1}." }, +- { "optpkg.attributeserror", "ERREUR\u00A0: certains attributs manifest JAR obligatoires ne sont pas d\u00E9finis dans le fichier JAR {0}." } +- }; +- + } +diff --git a/jdk/src/share/classes/sun/misc/resources/Messages_it.java b/jdk/src/share/classes/sun/misc/resources/Messages_it.java +index ee7dd0a..9adaf25 100644 +--- openjdk/jdk/src/share/classes/sun/misc/resources/Messages_it.java ++++ openjdk/jdk/src/share/classes/sun/misc/resources/Messages_it.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -32,21 +32,19 @@ package sun.misc.resources; + * @author Michael Colburn + */ + +-public class Messages_it extends java.util.ListResourceBundle { ++public final class Messages_it extends java.util.ListResourceBundle { + + /** + * Returns the contents of this ResourceBundle. + *

+ * @return the contents of this ResourceBundle. + */ +- public Object[][] getContents() { +- return contents; ++ protected Object[][] getContents() { ++ return new Object[][]{ ++ {"optpkg.versionerror", "ERRORE: Formato versione non valido nel file JAR {0}. Verificare nella documentazione il formato della versione supportato."}, ++ {"optpkg.attributeerror", "ERRORE: L''attributo manifest JAR {0} richiesto non \u00E8 impostato nel file JAR {1}."}, ++ {"optpkg.attributeserror", "ERRORE: Alcuni attributi manifesti JAR obbligatori non sono impostati nel file JAR {0}."} ++ }; + } + +- private static final Object[][] contents = { +- { "optpkg.versionerror", "ERRORE: Formato versione non valido nel file JAR {0}. Verificare nella documentazione il formato della versione supportato." }, +- { "optpkg.attributeerror", "ERRORE: L''attributo manifest JAR {0} richiesto non \u00E8 impostato nel file JAR {1}." }, +- { "optpkg.attributeserror", "ERRORE: Alcuni attributi manifesti JAR obbligatori non sono impostati nel file JAR {0}." } +- }; +- + } +diff --git a/jdk/src/share/classes/sun/misc/resources/Messages_ja.java b/jdk/src/share/classes/sun/misc/resources/Messages_ja.java +index 4f14551..5c82297 100644 +--- openjdk/jdk/src/share/classes/sun/misc/resources/Messages_ja.java ++++ openjdk/jdk/src/share/classes/sun/misc/resources/Messages_ja.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -32,21 +32,19 @@ package sun.misc.resources; + * @author Michael Colburn + */ + +-public class Messages_ja extends java.util.ListResourceBundle { ++public final class Messages_ja extends java.util.ListResourceBundle { + + /** + * Returns the contents of this ResourceBundle. + *

+ * @return the contents of this ResourceBundle. + */ +- public Object[][] getContents() { +- return contents; ++ protected Object[][] getContents() { ++ return new Object[][]{ ++ {"optpkg.versionerror", "\u30A8\u30E9\u30FC: JAR\u30D5\u30A1\u30A4\u30EB{0}\u3067\u7121\u52B9\u306A\u30D0\u30FC\u30B8\u30E7\u30F3\u5F62\u5F0F\u304C\u4F7F\u7528\u3055\u308C\u3066\u3044\u307E\u3059\u3002\u30B5\u30DD\u30FC\u30C8\u3055\u308C\u308B\u30D0\u30FC\u30B8\u30E7\u30F3\u5F62\u5F0F\u306B\u3064\u3044\u3066\u306E\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u3092\u53C2\u7167\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, ++ {"optpkg.attributeerror", "\u30A8\u30E9\u30FC: \u5FC5\u8981\u306AJAR\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u5C5E\u6027{0}\u304CJAR\u30D5\u30A1\u30A4\u30EB{1}\u306B\u8A2D\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002"}, ++ {"optpkg.attributeserror", "\u30A8\u30E9\u30FC: \u8907\u6570\u306E\u5FC5\u8981\u306AJAR\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u5C5E\u6027\u304CJAR\u30D5\u30A1\u30A4\u30EB{0}\u306B\u8A2D\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002"} ++ }; + } + +- private static final Object[][] contents = { +- { "optpkg.versionerror", "\u30A8\u30E9\u30FC: JAR\u30D5\u30A1\u30A4\u30EB{0}\u3067\u7121\u52B9\u306A\u30D0\u30FC\u30B8\u30E7\u30F3\u5F62\u5F0F\u304C\u4F7F\u7528\u3055\u308C\u3066\u3044\u307E\u3059\u3002\u30B5\u30DD\u30FC\u30C8\u3055\u308C\u308B\u30D0\u30FC\u30B8\u30E7\u30F3\u5F62\u5F0F\u306B\u3064\u3044\u3066\u306E\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u3092\u53C2\u7167\u3057\u3066\u304F\u3060\u3055\u3044\u3002" }, +- { "optpkg.attributeerror", "\u30A8\u30E9\u30FC: \u5FC5\u8981\u306AJAR\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u5C5E\u6027{0}\u304CJAR\u30D5\u30A1\u30A4\u30EB{1}\u306B\u8A2D\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002" }, +- { "optpkg.attributeserror", "\u30A8\u30E9\u30FC: \u8907\u6570\u306E\u5FC5\u8981\u306AJAR\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u5C5E\u6027\u304CJAR\u30D5\u30A1\u30A4\u30EB{0}\u306B\u8A2D\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002" } +- }; +- + } +diff --git a/jdk/src/share/classes/sun/misc/resources/Messages_ko.java b/jdk/src/share/classes/sun/misc/resources/Messages_ko.java +index 53c32fc..5ce1cec 100644 +--- openjdk/jdk/src/share/classes/sun/misc/resources/Messages_ko.java ++++ openjdk/jdk/src/share/classes/sun/misc/resources/Messages_ko.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -32,21 +32,19 @@ package sun.misc.resources; + * @author Michael Colburn + */ + +-public class Messages_ko extends java.util.ListResourceBundle { ++public final class Messages_ko extends java.util.ListResourceBundle { + + /** + * Returns the contents of this ResourceBundle. + *

+ * @return the contents of this ResourceBundle. + */ +- public Object[][] getContents() { +- return contents; ++ protected Object[][] getContents() { ++ return new Object[][]{ ++ {"optpkg.versionerror", "\uC624\uB958: {0} JAR \uD30C\uC77C\uC5D0 \uBD80\uC801\uD569\uD55C \uBC84\uC804 \uD615\uC2DD\uC774 \uC0AC\uC6A9\uB418\uC5C8\uC2B5\uB2C8\uB2E4. \uC124\uBA85\uC11C\uC5D0\uC11C \uC9C0\uC6D0\uB418\uB294 \uBC84\uC804 \uD615\uC2DD\uC744 \uD655\uC778\uD558\uC2ED\uC2DC\uC624."}, ++ {"optpkg.attributeerror", "\uC624\uB958: \uD544\uC694\uD55C {0} JAR manifest \uC18D\uC131\uC774 {1} JAR \uD30C\uC77C\uC5D0 \uC124\uC815\uB418\uC5B4 \uC788\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4."}, ++ {"optpkg.attributeserror", "\uC624\uB958: \uD544\uC694\uD55C \uC77C\uBD80 JAR manifest \uC18D\uC131\uC774 {0} JAR \uD30C\uC77C\uC5D0 \uC124\uC815\uB418\uC5B4 \uC788\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4."} ++ }; + } + +- private static final Object[][] contents = { +- { "optpkg.versionerror", "\uC624\uB958: {0} JAR \uD30C\uC77C\uC5D0 \uBD80\uC801\uD569\uD55C \uBC84\uC804 \uD615\uC2DD\uC774 \uC0AC\uC6A9\uB418\uC5C8\uC2B5\uB2C8\uB2E4. \uC124\uBA85\uC11C\uC5D0\uC11C \uC9C0\uC6D0\uB418\uB294 \uBC84\uC804 \uD615\uC2DD\uC744 \uD655\uC778\uD558\uC2ED\uC2DC\uC624." }, +- { "optpkg.attributeerror", "\uC624\uB958: \uD544\uC694\uD55C {0} JAR manifest \uC18D\uC131\uC774 {1} JAR \uD30C\uC77C\uC5D0 \uC124\uC815\uB418\uC5B4 \uC788\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4." }, +- { "optpkg.attributeserror", "\uC624\uB958: \uD544\uC694\uD55C \uC77C\uBD80 JAR manifest \uC18D\uC131\uC774 {0} JAR \uD30C\uC77C\uC5D0 \uC124\uC815\uB418\uC5B4 \uC788\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4." } +- }; +- + } +diff --git a/jdk/src/share/classes/sun/misc/resources/Messages_pt_BR.java b/jdk/src/share/classes/sun/misc/resources/Messages_pt_BR.java +index 4781700..44e0f9f 100644 +--- openjdk/jdk/src/share/classes/sun/misc/resources/Messages_pt_BR.java ++++ openjdk/jdk/src/share/classes/sun/misc/resources/Messages_pt_BR.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -32,21 +32,19 @@ package sun.misc.resources; + * @author Michael Colburn + */ + +-public class Messages_pt_BR extends java.util.ListResourceBundle { ++public final class Messages_pt_BR extends java.util.ListResourceBundle { + + /** + * Returns the contents of this ResourceBundle. + *

+ * @return the contents of this ResourceBundle. + */ +- public Object[][] getContents() { +- return contents; ++ protected Object[][] getContents() { ++ return new Object[][]{ ++ {"optpkg.versionerror", "ERRO: formato de vers\u00E3o inv\u00E1lido usado no arquivo JAR {0}. Verifique a documenta\u00E7\u00E3o para obter o formato de vers\u00E3o suportado."}, ++ {"optpkg.attributeerror", "ERRO: o atributo de manifesto JAR {0} necess\u00E1rio n\u00E3o est\u00E1 definido no arquivo JAR {1}."}, ++ {"optpkg.attributeserror", "ERRO: alguns atributos de manifesto JAR necess\u00E1rios n\u00E3o est\u00E3o definidos no arquivo JAR {0}."} ++ }; + } + +- private static final Object[][] contents = { +- { "optpkg.versionerror", "ERRO: formato de vers\u00E3o inv\u00E1lido usado no arquivo JAR {0}. Verifique a documenta\u00E7\u00E3o para obter o formato de vers\u00E3o suportado." }, +- { "optpkg.attributeerror", "ERRO: o atributo de manifesto JAR {0} necess\u00E1rio n\u00E3o est\u00E1 definido no arquivo JAR {1}." }, +- { "optpkg.attributeserror", "ERRO: alguns atributos de manifesto JAR necess\u00E1rios n\u00E3o est\u00E3o definidos no arquivo JAR {0}." } +- }; +- + } +diff --git a/jdk/src/share/classes/sun/misc/resources/Messages_sv.java b/jdk/src/share/classes/sun/misc/resources/Messages_sv.java +index a813852..c7ec392 100644 +--- openjdk/jdk/src/share/classes/sun/misc/resources/Messages_sv.java ++++ openjdk/jdk/src/share/classes/sun/misc/resources/Messages_sv.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -32,21 +32,19 @@ package sun.misc.resources; + * @author Michael Colburn + */ + +-public class Messages_sv extends java.util.ListResourceBundle { ++public final class Messages_sv extends java.util.ListResourceBundle { + + /** + * Returns the contents of this ResourceBundle. + *

+ * @return the contents of this ResourceBundle. + */ +- public Object[][] getContents() { +- return contents; ++ protected Object[][] getContents() { ++ return new Object[][]{ ++ {"optpkg.versionerror", "FEL: Ogiltigt versionsformat i {0} JAR-fil. Kontrollera i dokumentationen vilket versionsformat som st\u00F6ds."}, ++ {"optpkg.attributeerror", "FEL: Obligatoriskt JAR manifest-attribut {0} \u00E4r inte inst\u00E4llt i {1} JAR-filen."}, ++ {"optpkg.attributeserror", "FEL: Vissa obligatoriska JAR manifest-attribut \u00E4r inte inst\u00E4llda i {0} JAR-filen."} ++ }; + } + +- private static final Object[][] contents = { +- { "optpkg.versionerror", "FEL: Ogiltigt versionsformat i {0} JAR-fil. Kontrollera i dokumentationen vilket versionsformat som st\u00F6ds." }, +- { "optpkg.attributeerror", "FEL: Obligatoriskt JAR manifest-attribut {0} \u00E4r inte inst\u00E4llt i {1} JAR-filen." }, +- { "optpkg.attributeserror", "FEL: Vissa obligatoriska JAR manifest-attribut \u00E4r inte inst\u00E4llda i {0} JAR-filen." } +- }; +- + } +diff --git a/jdk/src/share/classes/sun/misc/resources/Messages_zh_CN.java b/jdk/src/share/classes/sun/misc/resources/Messages_zh_CN.java +index d884f74..46a9049 100644 +--- openjdk/jdk/src/share/classes/sun/misc/resources/Messages_zh_CN.java ++++ openjdk/jdk/src/share/classes/sun/misc/resources/Messages_zh_CN.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -32,21 +32,19 @@ package sun.misc.resources; + * @author Michael Colburn + */ + +-public class Messages_zh_CN extends java.util.ListResourceBundle { ++public final class Messages_zh_CN extends java.util.ListResourceBundle { + + /** + * Returns the contents of this ResourceBundle. + *

+ * @return the contents of this ResourceBundle. + */ +- public Object[][] getContents() { +- return contents; ++ protected Object[][] getContents() { ++ return new Object[][]{ ++ {"optpkg.versionerror", "\u9519\u8BEF: {0} JAR \u6587\u4EF6\u4E2D\u4F7F\u7528\u7684\u7248\u672C\u683C\u5F0F\u65E0\u6548\u3002\u8BF7\u68C0\u67E5\u6587\u6863\u4EE5\u4E86\u89E3\u652F\u6301\u7684\u7248\u672C\u683C\u5F0F\u3002"}, ++ {"optpkg.attributeerror", "\u9519\u8BEF: \u5FC5\u8981\u7684{0} JAR \u6E05\u5355\u5C5E\u6027\u672A\u5728{1} JAR \u6587\u4EF6\u4E2D\u8BBE\u7F6E\u3002"}, ++ {"optpkg.attributeserror", "\u9519\u8BEF: \u67D0\u4E9B\u5FC5\u8981\u7684 JAR \u6E05\u5355\u5C5E\u6027\u672A\u5728{0} JAR \u6587\u4EF6\u4E2D\u8BBE\u7F6E\u3002"} ++ }; + } + +- private static final Object[][] contents = { +- { "optpkg.versionerror", "\u9519\u8BEF: {0} JAR \u6587\u4EF6\u4E2D\u4F7F\u7528\u7684\u7248\u672C\u683C\u5F0F\u65E0\u6548\u3002\u8BF7\u68C0\u67E5\u6587\u6863\u4EE5\u4E86\u89E3\u652F\u6301\u7684\u7248\u672C\u683C\u5F0F\u3002" }, +- { "optpkg.attributeerror", "\u9519\u8BEF: \u5FC5\u8981\u7684{0} JAR \u6E05\u5355\u5C5E\u6027\u672A\u5728{1} JAR \u6587\u4EF6\u4E2D\u8BBE\u7F6E\u3002" }, +- { "optpkg.attributeserror", "\u9519\u8BEF: \u67D0\u4E9B\u5FC5\u8981\u7684 JAR \u6E05\u5355\u5C5E\u6027\u672A\u5728{0} JAR \u6587\u4EF6\u4E2D\u8BBE\u7F6E\u3002" } +- }; +- + } +diff --git a/jdk/src/share/classes/sun/misc/resources/Messages_zh_TW.java b/jdk/src/share/classes/sun/misc/resources/Messages_zh_TW.java +index 530a7cd..1f414bb 100644 +--- openjdk/jdk/src/share/classes/sun/misc/resources/Messages_zh_TW.java ++++ openjdk/jdk/src/share/classes/sun/misc/resources/Messages_zh_TW.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -32,21 +32,19 @@ package sun.misc.resources; + * @author Michael Colburn + */ + +-public class Messages_zh_TW extends java.util.ListResourceBundle { ++public final class Messages_zh_TW extends java.util.ListResourceBundle { + + /** + * Returns the contents of this ResourceBundle. + *

+ * @return the contents of this ResourceBundle. + */ +- public Object[][] getContents() { +- return contents; ++ protected Object[][] getContents() { ++ return new Object[][]{ ++ {"optpkg.versionerror", "\u932F\u8AA4: {0} JAR \u6A94\u4F7F\u7528\u4E86\u7121\u6548\u7684\u7248\u672C\u683C\u5F0F\u3002\u8ACB\u6AA2\u67E5\u6587\u4EF6\uFF0C\u4EE5\u7372\u5F97\u652F\u63F4\u7684\u7248\u672C\u683C\u5F0F\u3002"}, ++ {"optpkg.attributeerror", "\u932F\u8AA4: {1} JAR \u6A94\u4E2D\u672A\u8A2D\u5B9A\u5FC5\u8981\u7684 {0} JAR \u8CC7\u8A0A\u6E05\u55AE\u5C6C\u6027\u3002"}, ++ {"optpkg.attributeserror", "\u932F\u8AA4: {0} JAR \u6A94\u4E2D\u672A\u8A2D\u5B9A\u67D0\u4E9B\u5FC5\u8981\u7684 JAR \u8CC7\u8A0A\u6E05\u55AE\u5C6C\u6027\u3002"} ++ }; + } + +- private static final Object[][] contents = { +- { "optpkg.versionerror", "\u932F\u8AA4: {0} JAR \u6A94\u4F7F\u7528\u4E86\u7121\u6548\u7684\u7248\u672C\u683C\u5F0F\u3002\u8ACB\u6AA2\u67E5\u6587\u4EF6\uFF0C\u4EE5\u7372\u5F97\u652F\u63F4\u7684\u7248\u672C\u683C\u5F0F\u3002" }, +- { "optpkg.attributeerror", "\u932F\u8AA4: {1} JAR \u6A94\u4E2D\u672A\u8A2D\u5B9A\u5FC5\u8981\u7684 {0} JAR \u8CC7\u8A0A\u6E05\u55AE\u5C6C\u6027\u3002" }, +- { "optpkg.attributeserror", "\u932F\u8AA4: {0} JAR \u6A94\u4E2D\u672A\u8A2D\u5B9A\u67D0\u4E9B\u5FC5\u8981\u7684 JAR \u8CC7\u8A0A\u6E05\u55AE\u5C6C\u6027\u3002" } +- }; +- + } +diff --git a/jdk/src/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java b/jdk/src/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java +index 89b4d99..9769a00 100644 +--- openjdk/jdk/src/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java ++++ openjdk/jdk/src/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java +@@ -26,8 +26,10 @@ + package sun.net.www.protocol.http; + + import sun.net.www.*; ++import java.util.Collections; + import java.util.Iterator; + import java.util.HashMap; ++import java.util.Set; + + /** + * This class is used to parse the information in WWW-Authenticate: and Proxy-Authenticate: +@@ -66,8 +68,8 @@ import java.util.HashMap; + * -Dhttp.auth.preference="scheme" + * + * which in this case, specifies that "scheme" should be used as the auth scheme when offered +- * disregarding the default prioritisation. If scheme is not offered then the default priority +- * is used. ++ * disregarding the default prioritisation. If scheme is not offered, or explicitly ++ * disabled, by {@code disabledSchemes}, then the default priority is used. + * + * Attention: when http.auth.preference is set as SPNEGO or Kerberos, it's actually "Negotiate + * with SPNEGO" or "Negotiate with Kerberos", which means the user will prefer the Negotiate +@@ -113,17 +115,32 @@ public class AuthenticationHeader { + String hdrname; // Name of the header to look for + + /** +- * parse a set of authentication headers and choose the preferred scheme +- * that we support for a given host ++ * Parses a set of authentication headers and chooses the preferred scheme ++ * that is supported for a given host. + */ + public AuthenticationHeader (String hdrname, MessageHeader response, + HttpCallerInfo hci, boolean dontUseNegotiate) { ++ this(hdrname, response, hci, dontUseNegotiate, Collections.emptySet()); ++ } ++ ++ /** ++ * Parses a set of authentication headers and chooses the preferred scheme ++ * that is supported for a given host. ++ * ++ *

The {@code disabledSchemes} parameter is a, possibly empty, set of ++ * authentication schemes that are disabled. ++ */ ++ public AuthenticationHeader(String hdrname, ++ MessageHeader response, ++ HttpCallerInfo hci, ++ boolean dontUseNegotiate, ++ Set disabledSchemes) { + this.hci = hci; + this.dontUseNegotiate = dontUseNegotiate; +- rsp = response; ++ this.rsp = response; + this.hdrname = hdrname; +- schemes = new HashMap(); +- parse(); ++ this.schemes = new HashMap<>(); ++ parse(disabledSchemes); + } + + public HttpCallerInfo getHttpCallerInfo() { +@@ -143,10 +160,11 @@ public class AuthenticationHeader { + * then the last one will be used. The + * preferred scheme that we support will be used. + */ +- private void parse () { ++ private void parse(Set disabledSchemes) { + Iterator iter = rsp.multiValueIterator(hdrname); + while (iter.hasNext()) { + String raw = iter.next(); ++ // HeaderParser lower cases everything, so can be used case-insensitively + HeaderParser hp = new HeaderParser(raw); + Iterator keys = hp.keys(); + int i, lastSchemeIndex; +@@ -156,7 +174,8 @@ public class AuthenticationHeader { + if (lastSchemeIndex != -1) { + HeaderParser hpn = hp.subsequence (lastSchemeIndex, i); + String scheme = hpn.findKey(0); +- schemes.put (scheme, new SchemeMapValue (hpn, raw)); ++ if (!disabledSchemes.contains(scheme)) ++ schemes.put (scheme, new SchemeMapValue (hpn, raw)); + } + lastSchemeIndex = i; + } +@@ -164,7 +183,8 @@ public class AuthenticationHeader { + if (i > lastSchemeIndex) { + HeaderParser hpn = hp.subsequence (lastSchemeIndex, i); + String scheme = hpn.findKey(0); +- schemes.put(scheme, new SchemeMapValue (hpn, raw)); ++ if (!disabledSchemes.contains(scheme)) ++ schemes.put(scheme, new SchemeMapValue (hpn, raw)); + } + } + +diff --git a/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java b/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java +index 25949db..3a429e9 100644 +--- openjdk/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java ++++ openjdk/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java +@@ -25,6 +25,7 @@ + + package sun.net.www.protocol.http; + ++import java.security.PrivilegedAction; + import java.util.Arrays; + import java.net.URL; + import java.net.URLConnection; +@@ -104,6 +105,14 @@ public class HttpURLConnection extends java.net.HttpURLConnection { + static final boolean validateProxy; + static final boolean validateServer; + ++ /** A, possibly empty, set of authentication schemes that are disabled ++ * when proxying plain HTTP ( not HTTPS ). */ ++ static final Set disabledProxyingSchemes; ++ ++ /** A, possibly empty, set of authentication schemes that are disabled ++ * when setting up a tunnel for HTTPS ( HTTP CONNECT ). */ ++ static final Set disabledTunnelingSchemes; ++ + private StreamingOutputStream strOutputStream; + private final static String RETRY_MSG1 = + "cannot retry due to proxy authentication, in streaming mode"; +@@ -201,6 +210,22 @@ public class HttpURLConnection extends java.net.HttpURLConnection { + "Via" + }; + ++ private static String getNetProperty(String name) { ++ PrivilegedAction pa = () -> NetProperties.get(name); ++ return AccessController.doPrivileged(pa); ++ } ++ ++ private static Set schemesListToSet(String list) { ++ if (list == null || list.isEmpty()) ++ return Collections.emptySet(); ++ ++ Set s = new HashSet<>(); ++ String[] parts = list.split("\\s*,\\s*"); ++ for (String part : parts) ++ s.add(part.toLowerCase(Locale.ROOT)); ++ return s; ++ } ++ + static { + maxRedirects = java.security.AccessController.doPrivileged( + new sun.security.action.GetIntegerAction( +@@ -215,6 +240,14 @@ public class HttpURLConnection extends java.net.HttpURLConnection { + agent = agent + " Java/"+version; + } + userAgent = agent; ++ ++ // A set of net properties to control the use of authentication schemes ++ // when proxing/tunneling. ++ String p = getNetProperty("jdk.http.auth.tunneling.disabledSchemes"); ++ disabledTunnelingSchemes = schemesListToSet(p); ++ p = getNetProperty("jdk.http.auth.proxying.disabledSchemes"); ++ disabledProxyingSchemes = schemesListToSet(p); ++ + validateProxy = java.security.AccessController.doPrivileged( + new sun.security.action.GetBooleanAction( + "http.auth.digest.validateProxy")).booleanValue(); +@@ -1586,10 +1619,13 @@ public class HttpURLConnection extends java.net.HttpURLConnection { + // altered in similar ways. + + AuthenticationHeader authhdr = new AuthenticationHeader ( +- "Proxy-Authenticate", responses, +- new HttpCallerInfo(url, http.getProxyHostUsed(), ++ "Proxy-Authenticate", ++ responses, ++ new HttpCallerInfo(url, ++ http.getProxyHostUsed(), + http.getProxyPortUsed()), +- dontUseNegotiate ++ dontUseNegotiate, ++ disabledProxyingSchemes + ); + + if (!doingNTLMp2ndStage) { +@@ -2036,10 +2072,13 @@ public class HttpURLConnection extends java.net.HttpURLConnection { + } + + AuthenticationHeader authhdr = new AuthenticationHeader ( +- "Proxy-Authenticate", responses, +- new HttpCallerInfo(url, http.getProxyHostUsed(), ++ "Proxy-Authenticate", ++ responses, ++ new HttpCallerInfo(url, ++ http.getProxyHostUsed(), + http.getProxyPortUsed()), +- dontUseNegotiate ++ dontUseNegotiate, ++ disabledTunnelingSchemes + ); + if (!doingNTLMp2ndStage) { + proxyAuthentication = +diff --git a/jdk/src/share/classes/sun/security/ec/CurveDB.java b/jdk/src/share/classes/sun/security/ec/CurveDB.java +index 43f3285..1eb3cb6 100644 +--- openjdk/jdk/src/share/classes/sun/security/ec/CurveDB.java ++++ openjdk/jdk/src/share/classes/sun/security/ec/CurveDB.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +diff --git a/jdk/src/share/classes/sun/security/pkcs/SignerInfo.java b/jdk/src/share/classes/sun/security/pkcs/SignerInfo.java +index 8650474..d93a09f 100644 +--- openjdk/jdk/src/share/classes/sun/security/pkcs/SignerInfo.java ++++ openjdk/jdk/src/share/classes/sun/security/pkcs/SignerInfo.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -28,20 +28,38 @@ package sun.security.pkcs; + import java.io.OutputStream; + import java.io.IOException; + import java.math.BigInteger; ++import java.security.CryptoPrimitive; ++import java.security.InvalidKeyException; ++import java.security.MessageDigest; ++import java.security.NoSuchAlgorithmException; ++import java.security.Principal; ++import java.security.PublicKey; ++import java.security.Signature; ++import java.security.SignatureException; ++import java.security.Timestamp; + import java.security.cert.CertificateException; + import java.security.cert.CertificateFactory; + import java.security.cert.CertPath; + import java.security.cert.X509Certificate; +-import java.security.*; + import java.util.ArrayList; + import java.util.Arrays; ++import java.util.Collections; ++import java.util.EnumSet; ++import java.util.Set; + ++import sun.misc.HexDumpEncoder; + import sun.security.timestamp.TimestampToken; +-import sun.security.util.*; ++import sun.security.util.Debug; ++import sun.security.util.DerEncoder; ++import sun.security.util.DerInputStream; ++import sun.security.util.DerOutputStream; ++import sun.security.util.DerValue; ++import sun.security.util.DisabledAlgorithmConstraints; ++import sun.security.util.KeyUtil; ++import sun.security.util.ObjectIdentifier; + import sun.security.x509.AlgorithmId; + import sun.security.x509.X500Name; + import sun.security.x509.KeyUsageExtension; +-import sun.misc.HexDumpEncoder; + + /** + * A SignerInfo, as defined in PKCS#7's signedData type. +@@ -50,6 +68,17 @@ import sun.misc.HexDumpEncoder; + */ + public class SignerInfo implements DerEncoder { + ++ // Digest and Signature restrictions ++ private static final Set DIGEST_PRIMITIVE_SET = ++ Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.MESSAGE_DIGEST)); ++ ++ private static final Set SIG_PRIMITIVE_SET = ++ Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE)); ++ ++ private static final DisabledAlgorithmConstraints JAR_DISABLED_CHECK = ++ new DisabledAlgorithmConstraints( ++ DisabledAlgorithmConstraints.PROPERTY_JAR_DISABLED_ALGS); ++ + BigInteger version; + X500Name issuerName; + BigInteger certificateSerialNumber; +@@ -318,6 +347,13 @@ public class SignerInfo implements DerEncoder { + if (messageDigest == null) // fail if there is no message digest + return null; + ++ // check that algorithm is not restricted ++ if (!JAR_DISABLED_CHECK.permits(DIGEST_PRIMITIVE_SET, ++ digestAlgname, null)) { ++ throw new SignatureException("Digest check failed. " + ++ "Disabled algorithm used: " + digestAlgname); ++ } ++ + MessageDigest md = MessageDigest.getInstance(digestAlgname); + byte[] computedMessageDigest = md.digest(data); + +@@ -349,12 +385,26 @@ public class SignerInfo implements DerEncoder { + String algname = AlgorithmId.makeSigAlg( + digestAlgname, encryptionAlgname); + +- Signature sig = Signature.getInstance(algname); +- X509Certificate cert = getCertificate(block); ++ // check that algorithm is not restricted ++ if (!JAR_DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, algname, null)) { ++ throw new SignatureException("Signature check failed. " + ++ "Disabled algorithm used: " + algname); ++ } + ++ X509Certificate cert = getCertificate(block); ++ PublicKey key = cert.getPublicKey(); + if (cert == null) { + return null; + } ++ ++ // check if the public key is restricted ++ if (!JAR_DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) { ++ throw new SignatureException("Public key check failed. " + ++ "Disabled key used: " + ++ KeyUtil.getKeySize(key) + " bit " + ++ key.getAlgorithm()); ++ } ++ + if (cert.hasUnsupportedCriticalExtension()) { + throw new SignatureException("Certificate has unsupported " + + "critical extension(s)"); +@@ -391,11 +441,9 @@ public class SignerInfo implements DerEncoder { + } + } + +- PublicKey key = cert.getPublicKey(); ++ Signature sig = Signature.getInstance(algname); + sig.initVerify(key); +- + sig.update(dataSigned); +- + if (sig.verify(encryptedDigest)) { + return this; + } +@@ -515,9 +563,16 @@ public class SignerInfo implements DerEncoder { + */ + private void verifyTimestamp(TimestampToken token) + throws NoSuchAlgorithmException, SignatureException { ++ String digestAlgname = token.getHashAlgorithm().getName(); ++ // check that algorithm is not restricted ++ if (!JAR_DISABLED_CHECK.permits(DIGEST_PRIMITIVE_SET, digestAlgname, ++ null)) { ++ throw new SignatureException("Timestamp token digest check failed. " + ++ "Disabled algorithm used: " + digestAlgname); ++ } + + MessageDigest md = +- MessageDigest.getInstance(token.getHashAlgorithm().getName()); ++ MessageDigest.getInstance(digestAlgname); + + if (!Arrays.equals(token.getHashedMessage(), + md.digest(encryptedDigest))) { +diff --git a/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java b/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java +index 3c86d62..56ecabf 100644 +--- openjdk/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java ++++ openjdk/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -816,18 +816,22 @@ class ForwardBuilder extends Builder { + + /** + * Verifies whether the input certificate completes the path. +- * Checks the cert against each trust anchor that was specified, in order, +- * and returns true as soon as it finds a valid anchor. +- * Returns true if the cert matches a trust anchor specified as a +- * certificate or if the cert verifies with a trust anchor that +- * was specified as a trusted {pubkey, caname} pair. Returns false if none +- * of the trust anchors are valid for this cert. ++ * First checks the cert against each trust anchor that was specified, ++ * in order, and returns true if the cert matches the trust anchor ++ * specified as a certificate or has the same key and subject of an anchor ++ * specified as a trusted {pubkey, caname} pair. ++ * If no match has been found, does a second check of the cert against ++ * anchors specified as a trusted {pubkey, caname} pair to see if the cert ++ * was issued by that anchor. ++ * Returns false if none of the trust anchors are valid for this cert. + * + * @param cert the certificate to test + * @return a boolean value indicating whether the cert completes the path. + */ + @Override + boolean isPathCompleted(X509Certificate cert) { ++ List otherAnchors = new ArrayList<>(); ++ // first, check if cert is already trusted + for (TrustAnchor anchor : trustAnchors) { + if (anchor.getTrustedCert() != null) { + if (cert.equals(anchor.getTrustedCert())) { +@@ -849,7 +853,12 @@ class ForwardBuilder extends Builder { + } + // else, it is a self-issued certificate of the anchor + } +- ++ otherAnchors.add(anchor); ++ } ++ // next, check if cert is issued by anchor specified by key/name ++ for (TrustAnchor anchor : otherAnchors) { ++ X500Principal principal = anchor.getCA(); ++ PublicKey publicKey = anchor.getCAPublicKey(); + // Check subject/issuer name chaining + if (principal == null || + !principal.equals(cert.getIssuerX500Principal())) { +diff --git a/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java b/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java +index 37b04c9..961921c 100644 +--- openjdk/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java ++++ openjdk/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java +@@ -603,6 +603,7 @@ public class Main { + } + + Manifest man = jf.getManifest(); ++ boolean hasSignature = false; + + // The map to record display info, only used when -verbose provided + // key: signer info string +@@ -618,6 +619,10 @@ public class Main { + while (e.hasMoreElements()) { + JarEntry je = e.nextElement(); + String name = je.getName(); ++ ++ hasSignature = hasSignature ++ || SignatureFileVerifier.isBlockOrSF(name); ++ + CodeSigner[] signers = je.getCodeSigners(); + boolean isSigned = (signers != null); + anySigned |= isSigned; +@@ -757,8 +762,11 @@ public class Main { + System.out.println(rb.getString("no.manifest.")); + + if (!anySigned) { +- System.out.println(rb.getString( +- "jar.is.unsigned.signatures.missing.or.not.parsable.")); ++ if (hasSignature) { ++ System.out.println(rb.getString("jar.treated.unsigned")); ++ } else { ++ System.out.println(rb.getString("jar.is.unsigned")); ++ } + } else { + boolean warningAppeared = false; + boolean errorAppeared = false; +diff --git a/jdk/src/share/classes/sun/security/tools/jarsigner/Resources.java b/jdk/src/share/classes/sun/security/tools/jarsigner/Resources.java +index db35b1e..909d573 100644 +--- openjdk/jdk/src/share/classes/sun/security/tools/jarsigner/Resources.java ++++ openjdk/jdk/src/share/classes/sun/security/tools/jarsigner/Resources.java +@@ -135,8 +135,10 @@ public class Resources extends java.util.ListResourceBundle { + {"no.manifest.", "no manifest."}, + {".Signature.related.entries.","(Signature related entries)"}, + {".Unsigned.entries.", "(Unsigned entries)"}, +- {"jar.is.unsigned.signatures.missing.or.not.parsable.", +- "jar is unsigned. (signatures missing or not parsable)"}, ++ {"jar.is.unsigned", ++ "jar is unsigned."}, ++ {"jar.treated.unsigned", ++ "Signature not parsable or verifiable. The jar will be treated as unsigned. The jar may have been signed with a weak algorithm that is now disabled. For more information, rerun jarsigner with debug enabled (-J-Djava.security.debug=jar)."}, + {"jar.signed.", "jar signed."}, + {"jar.signed.with.signer.errors.", "jar signed, with signer errors."}, + {"jar.verified.", "jar verified."}, +diff --git a/jdk/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java b/jdk/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java +index 94670e4..6175fea 100644 +--- openjdk/jdk/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java ++++ openjdk/jdk/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java +@@ -48,8 +48,12 @@ public abstract class AbstractAlgorithmConstraints + private static void loadAlgorithmsMap(Map algorithmsMap, + String propertyName) { + String property = AccessController.doPrivileged( +- (PrivilegedAction) () -> Security.getProperty( +- propertyName)); ++ new PrivilegedAction() { ++ @Override ++ public String run() { ++ return Security.getProperty(propertyName); ++ } ++ }); + + String[] algorithmsInProperty = null; + if (property != null && !property.isEmpty()) { +diff --git a/jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java b/jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java +index 28eeef0..a102187 100644 +--- openjdk/jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java ++++ openjdk/jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java +@@ -58,6 +58,10 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints { + private final static Map keySizeConstraintsMap = + new HashMap<>(); + ++ // the known security property, jdk.jar.disabledAlgorithms ++ public static final String PROPERTY_JAR_DISABLED_ALGS = ++ "jdk.jar.disabledAlgorithms"; ++ + private final String[] disabledAlgorithms; + private final KeySizeConstraints keySizeConstraints; + +@@ -71,6 +75,14 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints { + this(propertyName, new AlgorithmDecomposer()); + } + ++ /** ++ * Initialize algorithm constraints with the specified security property ++ * for a specific usage type. ++ * ++ * @param propertyName the security property name that define the disabled ++ * algorithm constraints ++ * @param decomposer an alternate AlgorithmDecomposer. ++ */ + public DisabledAlgorithmConstraints(String propertyName, + AlgorithmDecomposer decomposer) { + super(decomposer); +diff --git a/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java b/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java +index fa0f530..ed563dc 100644 +--- openjdk/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java ++++ openjdk/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -25,26 +25,49 @@ + + package sun.security.util; + ++import java.io.ByteArrayInputStream; ++import java.io.IOException; ++import java.security.CodeSigner; ++import java.security.CryptoPrimitive; ++import java.security.MessageDigest; ++import java.security.NoSuchAlgorithmException; ++import java.security.SignatureException; + import java.security.cert.CertPath; + import java.security.cert.X509Certificate; + import java.security.cert.CertificateException; + import java.security.cert.CertificateFactory; +-import java.security.*; +-import java.io.*; +-import java.util.*; +-import java.util.jar.*; +- +-import sun.security.pkcs.*; ++import java.util.ArrayList; + import java.util.Base64; ++import java.util.Collections; ++import java.util.EnumSet; ++import java.util.HashMap; ++import java.util.Hashtable; ++import java.util.Iterator; ++import java.util.List; ++import java.util.Locale; ++import java.util.Map; ++import java.util.Set; ++import java.util.jar.Attributes; ++import java.util.jar.JarException; ++import java.util.jar.JarFile; ++import java.util.jar.Manifest; + + import sun.security.jca.Providers; ++import sun.security.pkcs.PKCS7; ++import sun.security.pkcs.SignerInfo; + + public class SignatureFileVerifier { + + /* Are we debugging ? */ + private static final Debug debug = Debug.getInstance("jar"); + +- /* cache of CodeSigner objects */ ++ private static final Set DIGEST_PRIMITIVE_SET = ++ Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.MESSAGE_DIGEST)); ++ ++ private static final DisabledAlgorithmConstraints JAR_DISABLED_CHECK = ++ new DisabledAlgorithmConstraints( ++ DisabledAlgorithmConstraints.PROPERTY_JAR_DISABLED_ALGS); ++ + private ArrayList signerCache; + + private static final String ATTR_DIGEST = +@@ -200,8 +223,15 @@ public class SignatureFileVerifier { + + /** get digest from cache */ + +- private MessageDigest getDigest(String algorithm) +- { ++ private MessageDigest getDigest(String algorithm) throws SignatureException { ++ // check that algorithm is not restricted ++ if (!JAR_DISABLED_CHECK.permits(DIGEST_PRIMITIVE_SET, algorithm, null)) { ++ SignatureException e = ++ new SignatureException("SignatureFile check failed. " + ++ "Disabled algorithm used: " + algorithm); ++ throw e; ++ } ++ + if (createdDigests == null) + createdDigests = new HashMap(); + +@@ -321,7 +351,7 @@ public class SignatureFileVerifier { + private boolean verifyManifestHash(Manifest sf, + ManifestDigester md, + List manifestDigests) +- throws IOException ++ throws IOException, SignatureException + { + Attributes mattr = sf.getMainAttributes(); + boolean manifestSigned = false; +@@ -365,7 +395,7 @@ public class SignatureFileVerifier { + + private boolean verifyManifestMainAttrs(Manifest sf, + ManifestDigester md) +- throws IOException ++ throws IOException, SignatureException + { + Attributes mattr = sf.getMainAttributes(); + boolean attrsVerified = true; +@@ -431,14 +461,14 @@ public class SignatureFileVerifier { + private boolean verifySection(Attributes sfAttr, + String name, + ManifestDigester md) +- throws IOException ++ throws IOException, SignatureException + { + boolean oneDigestVerified = false; + ManifestDigester.Entry mde = md.get(name,block.isOldStyle()); + + if (mde == null) { + throw new SecurityException( +- "no manifiest section for signature file entry "+name); ++ "no manifest section for signature file entry "+name); + } + + if (sfAttr != null) { +diff --git a/jdk/src/share/javavm/export/jdwpTransport.h b/jdk/src/share/javavm/export/jdwpTransport.h +index c3342d9..32ccdea 100644 +--- openjdk/jdk/src/share/javavm/export/jdwpTransport.h ++++ openjdk/jdk/src/share/javavm/export/jdwpTransport.h +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -96,6 +96,11 @@ typedef struct { + */ + + enum { ++ /* ++ * If additional flags are added that apply to jdwpCmdPacket, ++ * then debugLoop.c: reader() will need to be updated to ++ * accept more than JDWPTRANSPORT_FLAGS_NONE. ++ */ + JDWPTRANSPORT_FLAGS_NONE = 0x0, + JDWPTRANSPORT_FLAGS_REPLY = 0x80 + }; +diff --git a/jdk/src/share/lib/net.properties b/jdk/src/share/lib/net.properties +index da78a84..b490e17 100644 +--- openjdk/jdk/src/share/lib/net.properties ++++ openjdk/jdk/src/share/lib/net.properties +@@ -72,3 +72,30 @@ ftp.nonProxyHosts=localhost|127.*|[::1] + # value is 10). + # http.KeepAlive.remainingData=512 + # http.KeepAlive.queuedConnections=10 ++ ++# Authentication Scheme restrictions for HTTP and HTTPS. ++# ++# In some environments certain authentication schemes may be undesirable ++# when proxying HTTP or HTTPS. For example, "Basic" results in effectively the ++# cleartext transmission of the user's password over the physical network. ++# This section describes the mechanism for disabling authentication schemes ++# based on the scheme name. Disabled schemes will be treated as if they are not ++# supported by the implementation. ++# ++# The 'jdk.http.auth.tunneling.disabledSchemes' property lists the authentication ++# schemes that will be disabled when tunneling HTTPS over a proxy, HTTP CONNECT. ++# The 'jdk.http.auth.proxying.disabledSchemes' property lists the authentication ++# schemes that will be disabled when proxying HTTP. ++# ++# In both cases the property is a comma-separated list of, case-insensitive, ++# authentication scheme names, as defined by their relevant RFCs. An ++# implementation may, but is not required to, support common schemes whose names ++# include: 'Basic', 'Digest', 'NTLM', 'Kerberos', 'Negotiate'. A scheme that ++# is not known, or not supported, by the implementation is ignored. ++# ++# Note: This property is currently used by the JDK Reference implementation. It ++# is not guaranteed to be examined and used by other implementations. ++# ++#jdk.http.auth.proxying.disabledSchemes= ++jdk.http.auth.tunneling.disabledSchemes=Basic ++ +diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix +index 6d3f56d..ae47914 100644 +--- openjdk/jdk/src/share/lib/security/java.security-aix ++++ openjdk/jdk/src/share/lib/security/java.security-aix +@@ -624,3 +624,40 @@ jdk.tls.legacyAlgorithms= \ + # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ + # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ + # FFFFFFFF FFFFFFFF, 2} ++ ++# Algorithm restrictions for signed JAR files ++# ++# In some environments, certain algorithms or key lengths may be undesirable ++# for signed JAR validation. For example, "MD2" is generally no longer ++# considered to be a secure hash algorithm. This section describes the ++# mechanism for disabling algorithms based on algorithm name and/or key length. ++# JARs signed with any of the disabled algorithms or key sizes will be treated ++# as unsigned. ++# ++# The syntax of the disabled algorithm string is described as follows: ++# DisabledAlgorithms: ++# " DisabledAlgorithm { , DisabledAlgorithm } " ++# ++# DisabledAlgorithm: ++# AlgorithmName [Constraint] ++# ++# AlgorithmName: ++# (see below) ++# ++# Constraint: ++# KeySizeConstraint ++# ++# KeySizeConstraint: ++# keySize Operator KeyLength ++# ++# Operator: ++# <= | < | == | != | >= | > ++# ++# KeyLength: ++# Integer value of the algorithm's key length in bits ++# ++# Note: This property is currently used by the JDK Reference ++# implementation. It is not guaranteed to be examined and used by other ++# implementations. ++# ++jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024 +diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux +index 6d3f56d..ae47914 100644 +--- openjdk/jdk/src/share/lib/security/java.security-linux ++++ openjdk/jdk/src/share/lib/security/java.security-linux +@@ -624,3 +624,40 @@ jdk.tls.legacyAlgorithms= \ + # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ + # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ + # FFFFFFFF FFFFFFFF, 2} ++ ++# Algorithm restrictions for signed JAR files ++# ++# In some environments, certain algorithms or key lengths may be undesirable ++# for signed JAR validation. For example, "MD2" is generally no longer ++# considered to be a secure hash algorithm. This section describes the ++# mechanism for disabling algorithms based on algorithm name and/or key length. ++# JARs signed with any of the disabled algorithms or key sizes will be treated ++# as unsigned. ++# ++# The syntax of the disabled algorithm string is described as follows: ++# DisabledAlgorithms: ++# " DisabledAlgorithm { , DisabledAlgorithm } " ++# ++# DisabledAlgorithm: ++# AlgorithmName [Constraint] ++# ++# AlgorithmName: ++# (see below) ++# ++# Constraint: ++# KeySizeConstraint ++# ++# KeySizeConstraint: ++# keySize Operator KeyLength ++# ++# Operator: ++# <= | < | == | != | >= | > ++# ++# KeyLength: ++# Integer value of the algorithm's key length in bits ++# ++# Note: This property is currently used by the JDK Reference ++# implementation. It is not guaranteed to be examined and used by other ++# implementations. ++# ++jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024 +diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx +index 51ff498..2e25f91 100644 +--- openjdk/jdk/src/share/lib/security/java.security-macosx ++++ openjdk/jdk/src/share/lib/security/java.security-macosx +@@ -627,3 +627,40 @@ jdk.tls.legacyAlgorithms= \ + # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ + # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ + # FFFFFFFF FFFFFFFF, 2} ++ ++# Algorithm restrictions for signed JAR files ++# ++# In some environments, certain algorithms or key lengths may be undesirable ++# for signed JAR validation. For example, "MD2" is generally no longer ++# considered to be a secure hash algorithm. This section describes the ++# mechanism for disabling algorithms based on algorithm name and/or key length. ++# JARs signed with any of the disabled algorithms or key sizes will be treated ++# as unsigned. ++# ++# The syntax of the disabled algorithm string is described as follows: ++# DisabledAlgorithms: ++# " DisabledAlgorithm { , DisabledAlgorithm } " ++# ++# DisabledAlgorithm: ++# AlgorithmName [Constraint] ++# ++# AlgorithmName: ++# (see below) ++# ++# Constraint: ++# KeySizeConstraint ++# ++# KeySizeConstraint: ++# keySize Operator KeyLength ++# ++# Operator: ++# <= | < | == | != | >= | > ++# ++# KeyLength: ++# Integer value of the algorithm's key length in bits ++# ++# Note: This property is currently used by the JDK Reference ++# implementation. It is not guaranteed to be examined and used by other ++# implementations. ++# ++jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024 +diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris +index 0a8e6c3..078fd66 100644 +--- openjdk/jdk/src/share/lib/security/java.security-solaris ++++ openjdk/jdk/src/share/lib/security/java.security-solaris +@@ -626,3 +626,40 @@ jdk.tls.legacyAlgorithms= \ + # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ + # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ + # FFFFFFFF FFFFFFFF, 2} ++ ++# Algorithm restrictions for signed JAR files ++# ++# In some environments, certain algorithms or key lengths may be undesirable ++# for signed JAR validation. For example, "MD2" is generally no longer ++# considered to be a secure hash algorithm. This section describes the ++# mechanism for disabling algorithms based on algorithm name and/or key length. ++# JARs signed with any of the disabled algorithms or key sizes will be treated ++# as unsigned. ++# ++# The syntax of the disabled algorithm string is described as follows: ++# DisabledAlgorithms: ++# " DisabledAlgorithm { , DisabledAlgorithm } " ++# ++# DisabledAlgorithm: ++# AlgorithmName [Constraint] ++# ++# AlgorithmName: ++# (see below) ++# ++# Constraint: ++# KeySizeConstraint ++# ++# KeySizeConstraint: ++# keySize Operator KeyLength ++# ++# Operator: ++# <= | < | == | != | >= | > ++# ++# KeyLength: ++# Integer value of the algorithm's key length in bits ++# ++# Note: This property is currently used by the JDK Reference ++# implementation. It is not guaranteed to be examined and used by other ++# implementations. ++# ++jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024 +diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows +index 79de502..d2ddbe5 100644 +--- openjdk/jdk/src/share/lib/security/java.security-windows ++++ openjdk/jdk/src/share/lib/security/java.security-windows +@@ -627,3 +627,40 @@ jdk.tls.legacyAlgorithms= \ + # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ + # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ + # FFFFFFFF FFFFFFFF, 2} ++ ++# Algorithm restrictions for signed JAR files ++# ++# In some environments, certain algorithms or key lengths may be undesirable ++# for signed JAR validation. For example, "MD2" is generally no longer ++# considered to be a secure hash algorithm. This section describes the ++# mechanism for disabling algorithms based on algorithm name and/or key length. ++# JARs signed with any of the disabled algorithms or key sizes will be treated ++# as unsigned. ++# ++# The syntax of the disabled algorithm string is described as follows: ++# DisabledAlgorithms: ++# " DisabledAlgorithm { , DisabledAlgorithm } " ++# ++# DisabledAlgorithm: ++# AlgorithmName [Constraint] ++# ++# AlgorithmName: ++# (see below) ++# ++# Constraint: ++# KeySizeConstraint ++# ++# KeySizeConstraint: ++# keySize Operator KeyLength ++# ++# Operator: ++# <= | < | == | != | >= | > ++# ++# KeyLength: ++# Integer value of the algorithm's key length in bits ++# ++# Note: This property is currently used by the JDK Reference ++# implementation. It is not guaranteed to be examined and used by other ++# implementations. ++# ++jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024 +diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp +index f54df94..f0a25f8 100644 +--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp ++++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -171,7 +171,10 @@ struct entry { + + const char* utf8String() { + assert(tagMatches(CONSTANT_Utf8)); +- assert(value.b.len == strlen((const char*)value.b.ptr)); ++ if (value.b.len != strlen((const char*)value.b.ptr)) { ++ unpack_abort("bad utf8 encoding"); ++ // and fall through ++ } + return (const char*)value.b.ptr; + } + +@@ -1316,10 +1319,10 @@ void unpacker::read_signature_values(entry* cpMap, int len) { + CHECK; + int nc = 0; + +- for ( const char* ncp = form.utf8String() ; *ncp; ncp++) { +- if (*ncp == 'L') nc++; ++ for (int j = 0; j < (int)form.value.b.len; j++) { ++ int c = form.value.b.ptr[j]; ++ if (c == 'L') nc++; + } +- + ncTotal += nc; + e.refs = U_NEW(entry*, cpMap[i].nrefs = 1 + nc); + CHECK; +@@ -2827,6 +2830,7 @@ void unpacker::putlayout(band** body) { + } + assert(!b.le_bci || prevBCI == (int)to_bci(prevBII)); + ++ CHECK; + switch (b.le_len) { + case 0: break; + case 1: putu1(x); break; +@@ -4023,6 +4027,10 @@ uint unpacker::to_bci(uint bii) { + uint len = bcimap.length(); + uint* map = (uint*) bcimap.base(); + assert(len > 0); // must be initialized before using to_bci ++ if (len == 0) { ++ abort("bad bcimap"); ++ return 0; ++ } + if (bii < len) + return map[bii]; + // Else it's a fractional or out-of-range BCI. +@@ -4045,6 +4053,7 @@ void unpacker::put_stackmap_type() { + break; + case 8: // (8) [PH] + putu2(to_bci(code_StackMapTable_P.getInt())); ++ CHECK; + break; + } + } +@@ -4092,6 +4101,7 @@ void unpacker::write_bc_ops() { + CHECK; + + for (int curIP = 0; ; curIP++) { ++ CHECK; + int curPC = (int)(wpoffset() - codeBase); + bcimap.add(curPC); + ensure_put_space(10); // covers most instrs w/o further bounds check +@@ -4333,6 +4343,7 @@ void unpacker::write_bc_ops() { + int curIP = code_fixup_source.get(i); + int destIP = curIP + bc_label.getInt(); + int span = to_bci(destIP) - to_bci(curIP); ++ CHECK; + switch (type) { + case 2: putu2_at(bp, (ushort)span); break; + case 4: putu4_at(bp, span); break; +@@ -4529,11 +4540,13 @@ int unpacker::write_attrs(int attrc, julong indexBits) { + if (tag <= 127) { + // (64-127) [(2)] + if (tag >= 64) put_stackmap_type(); ++ CHECK_0; + } else if (tag <= 251) { + // (247) [(1)(2)] + // (248-251) [(1)] + if (tag >= 247) putu2(code_StackMapTable_offset.getInt()); + if (tag == 247) put_stackmap_type(); ++ CHECK_0; + } else if (tag <= 254) { + // (252) [(1)(2)] + // (253) [(1)(2)(2)] +@@ -4560,6 +4573,7 @@ int unpacker::write_attrs(int attrc, julong indexBits) { + putu2(count = code_LineNumberTable_N.getInt()); + for (j = 0; j < count; j++) { + putu2(to_bci(code_LineNumberTable_bci_P.getInt())); ++ CHECK_0; + putu2(code_LineNumberTable_line.getInt()); + } + break; +@@ -4570,9 +4584,11 @@ int unpacker::write_attrs(int attrc, julong indexBits) { + for (j = 0; j < count; j++) { + int bii = code_LocalVariableTable_bci_P.getInt(); + int bci = to_bci(bii); ++ CHECK_0; + putu2(bci); + bii += code_LocalVariableTable_span_O.getInt(); + putu2(to_bci(bii) - bci); ++ CHECK_0; + putref(code_LocalVariableTable_name_RU.getRefN()); + CHECK_0; + putref(code_LocalVariableTable_type_RS.getRefN()); +@@ -4587,9 +4603,11 @@ int unpacker::write_attrs(int attrc, julong indexBits) { + for (j = 0; j < count; j++) { + int bii = code_LocalVariableTypeTable_bci_P.getInt(); + int bci = to_bci(bii); ++ CHECK_0; + putu2(bci); + bii += code_LocalVariableTypeTable_span_O.getInt(); + putu2(to_bci(bii) - bci); ++ CHECK_0; + putref(code_LocalVariableTypeTable_name_RU.getRefN()); + CHECK_0; + putref(code_LocalVariableTypeTable_type_RS.getRefN()); +@@ -5033,6 +5051,7 @@ unpacker::file* unpacker::get_next_file() { + entry* e = file_name.getRef(); + CHECK_0; + cur_file.name = e->utf8String(); ++ CHECK_0; + bool haveLongSize = (testBit(archive_options, AO_HAVE_FILE_SIZE_HI)); + cur_file.size = file_size_hi.getLong(file_size_lo, haveLongSize); + if (testBit(archive_options, AO_HAVE_FILE_MODTIME)) +diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp +index ae3cbcd..31813d7 100644 +--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp ++++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -435,7 +435,7 @@ uLong jar::get_dostime(int modtime) { + struct tm* s = gmtime_r(&t, &sbuf); + if (s == NULL) { + fprintf(u->errstrm, "Error: gmtime failure, invalid input archive\n"); +- exit(2); ++ exit(-1); + } + modtime_cache = modtime; + dostime_cache = dostime(s->tm_year + 1900, s->tm_mon + 1, s->tm_mday, +diff --git a/jdk/src/share/native/common/check_code.c b/jdk/src/share/native/common/check_code.c +index 4ffbd67..d01bec4 100644 +--- openjdk/jdk/src/share/native/common/check_code.c ++++ openjdk/jdk/src/share/native/common/check_code.c +@@ -1286,14 +1286,13 @@ verify_opcode_operands(context_type *context, unsigned int inumber, int offset) + case JVM_OPC_invokevirtual: + case JVM_OPC_invokespecial: + case JVM_OPC_invokestatic: +- case JVM_OPC_invokedynamic: + case JVM_OPC_invokeinterface: { + /* Make sure the constant pool item is the right type. */ + int key = (code[offset + 1] << 8) + code[offset + 2]; + const char *methodname; + jclass cb = context->class; + fullinfo_type clazz_info; +- int is_constructor, is_internal, is_invokedynamic; ++ int is_constructor, is_internal; + int kind; + + switch (opcode ) { +@@ -1302,9 +1301,6 @@ verify_opcode_operands(context_type *context, unsigned int inumber, int offset) + ? (1 << JVM_CONSTANT_Methodref) + : ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref))); + break; +- case JVM_OPC_invokedynamic: +- kind = 1 << JVM_CONSTANT_NameAndType; +- break; + case JVM_OPC_invokeinterface: + kind = 1 << JVM_CONSTANT_InterfaceMethodref; + break; +@@ -1312,7 +1308,6 @@ verify_opcode_operands(context_type *context, unsigned int inumber, int offset) + kind = 1 << JVM_CONSTANT_Methodref; + } + +- is_invokedynamic = opcode == JVM_OPC_invokedynamic; + /* Make sure the constant pool item is the right type. */ + verify_constant_pool_type(context, key, kind); + methodname = JVM_GetCPMethodNameUTF(env, cb, key); +@@ -1321,11 +1316,8 @@ verify_opcode_operands(context_type *context, unsigned int inumber, int offset) + is_internal = methodname[0] == '<'; + pop_and_free(context); + +- if (is_invokedynamic) +- clazz_info = context->object_info; // anything will do +- else +- clazz_info = cp_index_to_class_fullinfo(context, key, +- JVM_CONSTANT_Methodref); ++ clazz_info = cp_index_to_class_fullinfo(context, key, ++ JVM_CONSTANT_Methodref); + this_idata->operand.i = key; + this_idata->operand2.fi = clazz_info; + if (is_constructor) { +@@ -1380,17 +1372,15 @@ verify_opcode_operands(context_type *context, unsigned int inumber, int offset) + "Fourth operand byte of invokeinterface must be zero"); + } + pop_and_free(context); +- } else if (opcode == JVM_OPC_invokedynamic) { +- if (code[offset + 3] != 0 || code[offset + 4] != 0) { +- CCerror(context, +- "Third and fourth operand bytes of invokedynamic must be zero"); +- } + } else if (opcode == JVM_OPC_invokevirtual + || opcode == JVM_OPC_invokespecial) + set_protected(context, inumber, key, opcode); + break; + } + ++ case JVM_OPC_invokedynamic: ++ CCerror(context, ++ "invokedynamic bytecode is not supported in this class file version"); + + case JVM_OPC_instanceof: + case JVM_OPC_checkcast: +@@ -2071,7 +2061,6 @@ pop_stack(context_type *context, unsigned int inumber, stack_info_type *new_stac + + case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial: + case JVM_OPC_invokeinit: /* invokespecial call to */ +- case JVM_OPC_invokedynamic: + case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: { + /* The top stuff on the stack depends on the method signature */ + int operand = this_idata->operand.i; +@@ -2087,8 +2076,7 @@ pop_stack(context_type *context, unsigned int inumber, stack_info_type *new_stac + print_formatted_methodname(context, operand); + } + #endif +- if (opcode != JVM_OPC_invokestatic && +- opcode != JVM_OPC_invokedynamic) ++ if (opcode != JVM_OPC_invokestatic) + /* First, push the object */ + *ip++ = (opcode == JVM_OPC_invokeinit ? '@' : 'A'); + for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) { +@@ -2373,7 +2361,6 @@ pop_stack(context_type *context, unsigned int inumber, stack_info_type *new_stac + + case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial: + case JVM_OPC_invokeinit: +- case JVM_OPC_invokedynamic: + case JVM_OPC_invokeinterface: case JVM_OPC_invokestatic: { + int operand = this_idata->operand.i; + const char *signature = +@@ -2383,8 +2370,7 @@ pop_stack(context_type *context, unsigned int inumber, stack_info_type *new_stac + int item; + const char *p; + check_and_push(context, signature, VM_STRING_UTF); +- if (opcode == JVM_OPC_invokestatic || +- opcode == JVM_OPC_invokedynamic) { ++ if (opcode == JVM_OPC_invokestatic) { + item = 0; + } else if (opcode == JVM_OPC_invokeinit) { + fullinfo_type init_type = this_idata->operand2.fi; +@@ -2781,7 +2767,6 @@ push_stack(context_type *context, unsigned int inumber, stack_info_type *new_sta + + case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial: + case JVM_OPC_invokeinit: +- case JVM_OPC_invokedynamic: + case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: { + /* Look to signature to determine correct result. */ + int operand = this_idata->operand.i; +diff --git a/jdk/src/share/native/common/jni_util.c b/jdk/src/share/native/common/jni_util.c +index 3ef707f..0d00897 100644 +--- openjdk/jdk/src/share/native/common/jni_util.c ++++ openjdk/jdk/src/share/native/common/jni_util.c +@@ -148,6 +148,61 @@ JNU_ThrowInstantiationException(JNIEnv *env, const char *msg) + } + + ++/* ++ * Throw an exception by name, using a given message and the string ++ * returned by getLastErrorString to construct the detail string. ++ */ ++JNIEXPORT void JNICALL ++JNU_ThrowByNameWithMessageAndLastError ++ (JNIEnv *env, const char *name, const char *message) ++{ ++ char buf[256]; ++ size_t n = getLastErrorString(buf, sizeof(buf)); ++ size_t messagelen = message == NULL ? 0 : strlen(message); ++ ++ if (n > 0) { ++ jstring s = JNU_NewStringPlatform(env, buf); ++ if (s != NULL) { ++ jobject x = NULL; ++ if (messagelen) { ++ jstring s2 = NULL; ++ size_t messageextlen = messagelen + 4; ++ char *str1 = (char *)malloc((messageextlen) * sizeof(char)); ++ if (str1 == 0) { ++ JNU_ThrowOutOfMemoryError(env, 0); ++ return; ++ } ++ jio_snprintf(str1, messageextlen, " (%s)", message); ++ s2 = (*env)->NewStringUTF(env, str1); ++ free(str1); ++ if (s2 != NULL) { ++ jstring s3 = JNU_CallMethodByName( ++ env, NULL, s, "concat", ++ "(Ljava/lang/String;)Ljava/lang/String;", ++ s2).l; ++ (*env)->DeleteLocalRef(env, s2); ++ if (s3 != NULL) { ++ (*env)->DeleteLocalRef(env, s); ++ s = s3; ++ } ++ } ++ } ++ x = JNU_NewObjectByName(env, name, "(Ljava/lang/String;)V", s); ++ if (x != NULL) { ++ (*env)->Throw(env, x); ++ } ++ } ++ } ++ ++ if (!(*env)->ExceptionOccurred(env)) { ++ if (messagelen) { ++ JNU_ThrowByName(env, name, message); ++ } else { ++ JNU_ThrowByName(env, name, "no further information"); ++ } ++ } ++} ++ + /* Throw an exception by name, using the string returned by + * JVM_LastErrorString for the detail string. If the last-error + * string is NULL, use the given default detail string. +diff --git a/jdk/src/share/native/common/jni_util.h b/jdk/src/share/native/common/jni_util.h +index cdfaa63..7655eab 100644 +--- openjdk/jdk/src/share/native/common/jni_util.h ++++ openjdk/jdk/src/share/native/common/jni_util.h +@@ -105,6 +105,13 @@ JNIEXPORT void JNICALL + JNU_ThrowByNameWithLastError(JNIEnv *env, const char *name, + const char *defaultMessage); + ++/* Throw an exception by name, using a given message and the string ++ * returned by getLastErrorString to construct the detail string. ++ */ ++JNIEXPORT void JNICALL ++JNU_ThrowByNameWithMessageAndLastError ++ (JNIEnv *env, const char *name, const char *message); ++ + /* Throw an IOException, using the last-error string for the detail + * string. If the last-error string is NULL, use the given default + * detail string. +diff --git a/jdk/src/share/native/sun/font/layout/ContextualGlyphSubstProc.cpp b/jdk/src/share/native/sun/font/layout/ContextualGlyphSubstProc.cpp +index 63f7b64..9b92060 100644 +--- openjdk/jdk/src/share/native/sun/font/layout/ContextualGlyphSubstProc.cpp ++++ openjdk/jdk/src/share/native/sun/font/layout/ContextualGlyphSubstProc.cpp +@@ -46,6 +46,7 @@ UOBJECT_DEFINE_RTTI_IMPLEMENTATION(ContextualGlyphSubstitutionProcessor) + ContextualGlyphSubstitutionProcessor::ContextualGlyphSubstitutionProcessor(const LEReferenceTo &morphSubtableHeader, LEErrorCode &success) + : StateTableProcessor(morphSubtableHeader, success), entryTable(), contextualGlyphSubstitutionHeader(morphSubtableHeader, success) + { ++ if (LE_FAILURE(success)) return; + contextualGlyphSubstitutionHeader.orphan(); + substitutionTableOffset = SWAPW(contextualGlyphSubstitutionHeader->substitutionTableOffset); + +@@ -66,10 +67,10 @@ void ContextualGlyphSubstitutionProcessor::beginStateTable() + markGlyph = 0; + } + +-ByteOffset ContextualGlyphSubstitutionProcessor::processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index) ++ByteOffset ContextualGlyphSubstitutionProcessor::processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index, LEErrorCode &success) + { +- LEErrorCode success = LE_NO_ERROR; + const ContextualGlyphSubstitutionStateEntry *entry = entryTable.getAlias(index, success); ++ if (LE_FAILURE(success)) return 0; + ByteOffset newState = SWAPW(entry->newStateOffset); + le_int16 flags = SWAPW(entry->flags); + WordOffset markOffset = SWAPW(entry->markOffset); +diff --git a/jdk/src/share/native/sun/font/layout/ContextualGlyphSubstProc.h b/jdk/src/share/native/sun/font/layout/ContextualGlyphSubstProc.h +index 136398f..7cf1532 100644 +--- openjdk/jdk/src/share/native/sun/font/layout/ContextualGlyphSubstProc.h ++++ openjdk/jdk/src/share/native/sun/font/layout/ContextualGlyphSubstProc.h +@@ -52,7 +52,7 @@ class ContextualGlyphSubstitutionProcessor : public StateTableProcessor + public: + virtual void beginStateTable(); + +- virtual ByteOffset processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index); ++ virtual ByteOffset processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index, LEErrorCode &success); + + virtual void endStateTable(); + +diff --git a/jdk/src/share/native/sun/font/layout/IndicRearrangementProcessor.cpp b/jdk/src/share/native/sun/font/layout/IndicRearrangementProcessor.cpp +index 5598349..512ec4d 100644 +--- openjdk/jdk/src/share/native/sun/font/layout/IndicRearrangementProcessor.cpp ++++ openjdk/jdk/src/share/native/sun/font/layout/IndicRearrangementProcessor.cpp +@@ -63,10 +63,10 @@ void IndicRearrangementProcessor::beginStateTable() + lastGlyph = 0; + } + +-ByteOffset IndicRearrangementProcessor::processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index) ++ByteOffset IndicRearrangementProcessor::processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index, LEErrorCode &success) + { +- LEErrorCode success = LE_NO_ERROR; // todo- make a param? +- const IndicRearrangementStateEntry *entry = entryTable.getAlias(index,success); ++ const IndicRearrangementStateEntry *entry = entryTable.getAlias(index, success); ++ if (LE_FAILURE(success)) return 0; + ByteOffset newState = SWAPW(entry->newStateOffset); + IndicRearrangementFlags flags = (IndicRearrangementFlags) SWAPW(entry->flags); + +diff --git a/jdk/src/share/native/sun/font/layout/IndicRearrangementProcessor.h b/jdk/src/share/native/sun/font/layout/IndicRearrangementProcessor.h +index 42d7a24..593c318 100644 +--- openjdk/jdk/src/share/native/sun/font/layout/IndicRearrangementProcessor.h ++++ openjdk/jdk/src/share/native/sun/font/layout/IndicRearrangementProcessor.h +@@ -52,7 +52,7 @@ class IndicRearrangementProcessor : public StateTableProcessor + public: + virtual void beginStateTable(); + +- virtual ByteOffset processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index); ++ virtual ByteOffset processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index, LEErrorCode &success); + + virtual void endStateTable(); + +diff --git a/jdk/src/share/native/sun/font/layout/LigatureSubstProc.cpp b/jdk/src/share/native/sun/font/layout/LigatureSubstProc.cpp +index 76131fd..1113462 100644 +--- openjdk/jdk/src/share/native/sun/font/layout/LigatureSubstProc.cpp ++++ openjdk/jdk/src/share/native/sun/font/layout/LigatureSubstProc.cpp +@@ -67,9 +67,8 @@ void LigatureSubstitutionProcessor::beginStateTable() + m = -1; + } + +-ByteOffset LigatureSubstitutionProcessor::processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index) ++ByteOffset LigatureSubstitutionProcessor::processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index, LEErrorCode &success) + { +- LEErrorCode success = LE_NO_ERROR; + const LigatureSubstitutionStateEntry *entry = entryTable.getAlias(index, success); + if (LE_FAILURE(success)) { + currGlyph++; +diff --git a/jdk/src/share/native/sun/font/layout/LigatureSubstProc.h b/jdk/src/share/native/sun/font/layout/LigatureSubstProc.h +index 1765a71..67bab99 100644 +--- openjdk/jdk/src/share/native/sun/font/layout/LigatureSubstProc.h ++++ openjdk/jdk/src/share/native/sun/font/layout/LigatureSubstProc.h +@@ -54,7 +54,7 @@ class LigatureSubstitutionProcessor : public StateTableProcessor + public: + virtual void beginStateTable(); + +- virtual ByteOffset processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index); ++ virtual ByteOffset processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index, LEErrorCode &success); + + virtual void endStateTable(); + +diff --git a/jdk/src/share/native/sun/font/layout/StateTableProcessor.cpp b/jdk/src/share/native/sun/font/layout/StateTableProcessor.cpp +index f5bef5f..2234faf 100644 +--- openjdk/jdk/src/share/native/sun/font/layout/StateTableProcessor.cpp ++++ openjdk/jdk/src/share/native/sun/font/layout/StateTableProcessor.cpp +@@ -81,6 +81,7 @@ void StateTableProcessor::process(LEGlyphStorage &glyphStorage, LEErrorCode &suc + + while (currGlyph <= glyphCount) { + if(LE_STATE_PATIENCE_DECR()) break; // patience exceeded. ++ if (LE_FAILURE(success)) break; + ClassCode classCode = classCodeOOB; + if (currGlyph == glyphCount) { + // XXX: How do we handle EOT vs. EOL? +@@ -100,7 +101,7 @@ void StateTableProcessor::process(LEGlyphStorage &glyphStorage, LEErrorCode &suc + EntryTableIndex entryTableIndex = stateArray.getObject((le_uint8)classCode, success); + if (LE_FAILURE(success)) { break; } + LE_STATE_PATIENCE_CURR(le_int32, currGlyph); +- currentState = processStateEntry(glyphStorage, currGlyph, entryTableIndex); ++ currentState = processStateEntry(glyphStorage, currGlyph, entryTableIndex, success); + LE_STATE_PATIENCE_INCR(currGlyph); + } + +diff --git a/jdk/src/share/native/sun/font/layout/StateTableProcessor.h b/jdk/src/share/native/sun/font/layout/StateTableProcessor.h +index 2e8d7f6..e437da7 100644 +--- openjdk/jdk/src/share/native/sun/font/layout/StateTableProcessor.h ++++ openjdk/jdk/src/share/native/sun/font/layout/StateTableProcessor.h +@@ -53,7 +53,7 @@ public: + + virtual void beginStateTable() = 0; + +- virtual ByteOffset processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index) = 0; ++ virtual ByteOffset processStateEntry(LEGlyphStorage &glyphStorage, le_int32 &currGlyph, EntryTableIndex index, LEErrorCode &success) = 0; + + virtual void endStateTable() = 0; + +diff --git a/jdk/src/share/native/sun/java2d/cmm/lcms/cmsintrp.c b/jdk/src/share/native/sun/java2d/cmm/lcms/cmsintrp.c +index b40bc1d..20175ef 100644 +--- openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsintrp.c ++++ openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsintrp.c +@@ -244,7 +244,7 @@ void LinLerp1D(register const cmsUInt16Number Value[], + // To prevent out of bounds indexing + cmsINLINE cmsFloat32Number fclamp(cmsFloat32Number v) + { +- return v < 0.0f ? 0.0f : (v > 1.0f ? 1.0f : v); ++ return v < 0.0f || v != v ? 0.0f : (v > 1.0f ? 1.0f : v); + } + + // Floating-point version of 1D interpolation +diff --git a/jdk/src/share/native/sun/java2d/cmm/lcms/cmsio0.c b/jdk/src/share/native/sun/java2d/cmm/lcms/cmsio0.c +index cbaffb8..3811ef9 100644 +--- openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsio0.c ++++ openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsio0.c +@@ -1516,6 +1516,13 @@ void* CMSEXPORT cmsReadTag(cmsHPROFILE hProfile, cmsTagSignature sig) + // If the element is already in memory, return the pointer + if (Icc -> TagPtrs[n]) { + ++ if (Icc -> TagTypeHandlers[n] == NULL) goto Error; ++ BaseType = Icc -> TagTypeHandlers[n]->Signature; ++ if (BaseType == 0) goto Error; ++ TagDescriptor = _cmsGetTagDescriptor(Icc-> ContextID, sig); ++ if (TagDescriptor == NULL) goto Error; ++ if (!IsTypeSupported(TagDescriptor, BaseType)) goto Error; ++ + if (Icc ->TagSaveAsRaw[n]) goto Error; // We don't support read raw tags as cooked + + _cmsUnlockMutex(Icc->ContextID, Icc ->UsrMutex); +diff --git a/jdk/src/share/native/sun/java2d/cmm/lcms/cmstypes.c b/jdk/src/share/native/sun/java2d/cmm/lcms/cmstypes.c +index 684a205..6d598e1 100644 +--- openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmstypes.c ++++ openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmstypes.c +@@ -1484,6 +1484,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU + + // Check for overflow + if (Offset < (SizeOfHeader + 8)) goto Error; ++ if ((Offset + Len) > SizeOfTag + 8) goto Error; + + // True begin of the string + BeginOfThisString = Offset - SizeOfHeader - 8; +@@ -4305,7 +4306,10 @@ void *Type_MPEclut_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, + + // Copy MAX_INPUT_DIMENSIONS at most. Expand to cmsUInt32Number + nMaxGrids = InputChans > MAX_INPUT_DIMENSIONS ? MAX_INPUT_DIMENSIONS : InputChans; +- for (i=0; i < nMaxGrids; i++) GridPoints[i] = (cmsUInt32Number) Dimensions8[i]; ++ for (i=0; i < nMaxGrids; i++) { ++ if (Dimensions8[i] == 1) goto Error; // Impossible value, 0 for no CLUT and then 2 at least ++ GridPoints[i] = (cmsUInt32Number)Dimensions8[i]; ++ } + + // Allocate the true CLUT + mpe = cmsStageAllocCLutFloatGranular(self ->ContextID, GridPoints, InputChans, OutputChans, NULL); +diff --git a/jdk/src/solaris/classes/sun/awt/X11GraphicsConfig.java b/jdk/src/solaris/classes/sun/awt/X11GraphicsConfig.java +index 9055bf0..d1ddc22 100644 +--- openjdk/jdk/src/solaris/classes/sun/awt/X11GraphicsConfig.java ++++ openjdk/jdk/src/solaris/classes/sun/awt/X11GraphicsConfig.java +@@ -435,8 +435,12 @@ public class X11GraphicsConfig extends GraphicsConfiguration + public VolatileImage createBackBufferImage(Component target, + long backBuffer) + { ++ // it is possible for the component to have size 0x0, adjust it to ++ // be at least 1x1 to avoid IAE ++ int w = Math.max(1, target.getWidth()); ++ int h = Math.max(1, target.getHeight()); + return new SunVolatileImage(target, +- target.getWidth(), target.getHeight(), ++ w, h, + Long.valueOf(backBuffer)); + } + +diff --git a/jdk/src/solaris/classes/sun/java2d/x11/X11SurfaceDataProxy.java b/jdk/src/solaris/classes/sun/java2d/x11/X11SurfaceDataProxy.java +index fd29ac3..6f21c01 100644 +--- openjdk/jdk/src/solaris/classes/sun/java2d/x11/X11SurfaceDataProxy.java ++++ openjdk/jdk/src/solaris/classes/sun/java2d/x11/X11SurfaceDataProxy.java +@@ -102,10 +102,13 @@ public abstract class X11SurfaceDataProxy extends SurfaceDataProxy + int w, int h) + { + if (cachedData == null) { +- // Bitmask will be created lazily during the blit phase +- cachedData = X11SurfaceData.createData(x11gc, w, h, +- x11gc.getColorModel(), +- null, 0, getTransparency()); ++ try { ++ // Bitmask will be created lazily during the blit phase ++ cachedData = X11SurfaceData.createData(x11gc, w, h, ++ x11gc.getColorModel(), ++ null, 0, getTransparency()); ++ } catch (OutOfMemoryError oome) { ++ } + } + return cachedData; + } +diff --git a/jdk/src/solaris/classes/sun/java2d/xr/XRPMBlitLoops.java b/jdk/src/solaris/classes/sun/java2d/xr/XRPMBlitLoops.java +index ab3a5ef..6a2f714 100644 +--- openjdk/jdk/src/solaris/classes/sun/java2d/xr/XRPMBlitLoops.java ++++ openjdk/jdk/src/solaris/classes/sun/java2d/xr/XRPMBlitLoops.java +@@ -134,6 +134,9 @@ public class XRPMBlitLoops { + vImg = (SunVolatileImage) dst.getGraphicsConfig().createCompatibleVolatileImage(w, h, src.getTransparency()); + vImg.setAccelerationPriority(1.0f); + ++ if (!(vImg.getDestSurface() instanceof XRSurfaceData)) { ++ throw new InvalidPipeException("Could not create XRSurfaceData"); ++ } + if (src.getTransparency() == SurfaceData.OPAQUE) { + rgbTmpPM = new WeakReference(vImg); + } else { +diff --git a/jdk/src/solaris/classes/sun/java2d/xr/XRSurfaceDataProxy.java b/jdk/src/solaris/classes/sun/java2d/xr/XRSurfaceDataProxy.java +index 091d26e..c84fa26 100644 +--- openjdk/jdk/src/solaris/classes/sun/java2d/xr/XRSurfaceDataProxy.java ++++ openjdk/jdk/src/solaris/classes/sun/java2d/xr/XRSurfaceDataProxy.java +@@ -59,8 +59,12 @@ public class XRSurfaceDataProxy extends SurfaceDataProxy implements Transparency + public SurfaceData validateSurfaceData(SurfaceData srcData, + SurfaceData cachedData, int w, int h) { + if (cachedData == null) { +- cachedData = XRSurfaceData.createData(xrgc, w, h, xrgc +- .getColorModel(), null, 0, getTransparency()); ++ try { ++ cachedData = XRSurfaceData.createData(xrgc, w, h, ++ xrgc.getColorModel(), null, 0, ++ getTransparency()); ++ } catch (OutOfMemoryError oome) { ++ } + } + return cachedData; + } +diff --git a/jdk/src/solaris/native/com/sun/media/sound/PLATFORM_API_BsdOS_ALSA_PCM.c b/jdk/src/solaris/native/com/sun/media/sound/PLATFORM_API_BsdOS_ALSA_PCM.c +index 9046841..506e002 100644 +--- openjdk/jdk/src/solaris/native/com/sun/media/sound/PLATFORM_API_BsdOS_ALSA_PCM.c ++++ openjdk/jdk/src/solaris/native/com/sun/media/sound/PLATFORM_API_BsdOS_ALSA_PCM.c +@@ -434,7 +434,10 @@ void* DAUDIO_Open(INT32 mixerIndex, INT32 deviceID, int isSource, + snd_output_stdio_attach(&ALSA_OUTPUT, stdout, 0); + } + #endif +- ++ if (channels <= 0) { ++ ERROR1("ERROR: Invalid number of channels=%d!\n", channels); ++ return NULL; ++ } + info = (AlsaPcmInfo*) malloc(sizeof(AlsaPcmInfo)); + if (!info) { + ERROR0("Out of memory\n"); +diff --git a/jdk/src/solaris/native/com/sun/media/sound/PLATFORM_API_LinuxOS_ALSA_PCM.c b/jdk/src/solaris/native/com/sun/media/sound/PLATFORM_API_LinuxOS_ALSA_PCM.c +index fdd5b94..332abb5 100644 +--- openjdk/jdk/src/solaris/native/com/sun/media/sound/PLATFORM_API_LinuxOS_ALSA_PCM.c ++++ openjdk/jdk/src/solaris/native/com/sun/media/sound/PLATFORM_API_LinuxOS_ALSA_PCM.c +@@ -434,7 +434,10 @@ void* DAUDIO_Open(INT32 mixerIndex, INT32 deviceID, int isSource, + snd_output_stdio_attach(&ALSA_OUTPUT, stdout, 0); + } + #endif +- ++ if (channels <= 0) { ++ ERROR1("ERROR: Invalid number of channels=%d!\n", channels); ++ return NULL; ++ } + info = (AlsaPcmInfo*) malloc(sizeof(AlsaPcmInfo)); + if (!info) { + ERROR0("Out of memory\n"); +diff --git a/jdk/src/solaris/native/com/sun/media/sound/PLATFORM_API_SolarisOS_PCM.c b/jdk/src/solaris/native/com/sun/media/sound/PLATFORM_API_SolarisOS_PCM.c +index cb42892..3d5682b 100644 +--- openjdk/jdk/src/solaris/native/com/sun/media/sound/PLATFORM_API_SolarisOS_PCM.c ++++ openjdk/jdk/src/solaris/native/com/sun/media/sound/PLATFORM_API_SolarisOS_PCM.c +@@ -182,6 +182,10 @@ void* DAUDIO_Open(INT32 mixerIndex, INT32 deviceID, int isSource, + ERROR1(" DAUDIO_Open: invalid encoding %d\n", (int) encoding); + return NULL; + } ++ if (channels <= 0) { ++ ERROR1(" DAUDIO_Open: Invalid number of channels=%d!\n", channels); ++ return NULL; ++ } + + info = (SolPcmInfo*) malloc(sizeof(SolPcmInfo)); + if (!info) { +diff --git a/jdk/src/solaris/native/java/net/net_util_md.c b/jdk/src/solaris/native/java/net/net_util_md.c +index c31d294..a284fed 100644 +--- openjdk/jdk/src/solaris/native/java/net/net_util_md.c ++++ openjdk/jdk/src/solaris/native/java/net/net_util_md.c +@@ -106,6 +106,8 @@ void setDefaultScopeID(JNIEnv *env, struct sockaddr *him) + int getDefaultScopeID(JNIEnv *env) { + static jclass ni_class = NULL; + static jfieldID ni_defaultIndexID; ++ int defaultIndex = 0; ++ + if (ni_class == NULL) { + jclass c = (*env)->FindClass(env, "java/net/NetworkInterface"); + CHECK_NULL_RETURN(c, 0); +@@ -116,7 +118,6 @@ int getDefaultScopeID(JNIEnv *env) { + CHECK_NULL_RETURN(ni_defaultIndexID, 0); + ni_class = c; + } +- int defaultIndex = 0; + defaultIndex = (*env)->GetStaticIntField(env, ni_class, + ni_defaultIndexID); + return defaultIndex; +@@ -257,9 +258,7 @@ int cmpScopeID (unsigned int scope, struct sockaddr *him) { + void + NET_ThrowByNameWithLastError(JNIEnv *env, const char *name, + const char *defaultDetail) { +- char errmsg[255]; +- sprintf(errmsg, "errno: %d, error: %s\n", errno, defaultDetail); +- JNU_ThrowByNameWithLastError(env, name, errmsg); ++ JNU_ThrowByNameWithMessageAndLastError(env, name, defaultDetail); + } + + void +diff --git a/jdk/src/solaris/native/sun/java2d/x11/X11SurfaceData.c b/jdk/src/solaris/native/sun/java2d/x11/X11SurfaceData.c +index 1f3e92d..b4518af 100644 +--- openjdk/jdk/src/solaris/native/sun/java2d/x11/X11SurfaceData.c ++++ openjdk/jdk/src/solaris/native/sun/java2d/x11/X11SurfaceData.c +@@ -438,6 +438,15 @@ jboolean XShared_initSurface(JNIEnv *env, X11SDOps *xsdo, jint depth, jint width + xsdo->drawable = drawable; + xsdo->isPixmap = JNI_FALSE; + } else { ++ /* ++ * width , height must be nonzero otherwise XCreatePixmap ++ * generates BadValue in error_handler ++ */ ++ if (width <= 0 || height <= 0 || width > 32767 || height > 32767) { ++ JNU_ThrowOutOfMemoryError(env, ++ "Can't create offscreen surface"); ++ return JNI_FALSE; ++ } + xsdo->isPixmap = JNI_TRUE; + /* REMIND: workaround for bug 4420220 on pgx32 boards: + don't use DGA with pixmaps unless USE_DGA_PIXMAPS is set. +diff --git a/jdk/src/windows/classes/sun/awt/windows/WFramePeer.java b/jdk/src/windows/classes/sun/awt/windows/WFramePeer.java +index 37486e1..6140c2c 100644 +--- openjdk/jdk/src/windows/classes/sun/awt/windows/WFramePeer.java ++++ openjdk/jdk/src/windows/classes/sun/awt/windows/WFramePeer.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -153,6 +153,19 @@ class WFramePeer extends WWindowPeer implements FramePeer { + @Override + public void setMenuBar(MenuBar mb) { + WMenuBarPeer mbPeer = (WMenuBarPeer) WToolkit.targetToPeer(mb); ++ if (mbPeer != null) { ++ if (mbPeer.framePeer != this) { ++ mb.removeNotify(); ++ mb.addNotify(); ++ mbPeer = (WMenuBarPeer) WToolkit.targetToPeer(mb); ++ if (mbPeer != null && mbPeer.framePeer != this) { ++ throw new IllegalStateException("Wrong parent peer"); ++ } ++ } ++ if (mbPeer != null) { ++ addChildPeer(mbPeer); ++ } ++ } + setMenuBar0(mbPeer); + updateInsets(insets_); + } +diff --git a/jdk/src/windows/classes/sun/awt/windows/WMenuBarPeer.java b/jdk/src/windows/classes/sun/awt/windows/WMenuBarPeer.java +index 3a661da..9c68e71 100644 +--- openjdk/jdk/src/windows/classes/sun/awt/windows/WMenuBarPeer.java ++++ openjdk/jdk/src/windows/classes/sun/awt/windows/WMenuBarPeer.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -31,6 +31,8 @@ final class WMenuBarPeer extends WMenuPeer implements MenuBarPeer { + + // MenuBarPeer implementation + ++ final WFramePeer framePeer; ++ + @Override + public native void addMenu(Menu m); + @Override +@@ -44,8 +46,11 @@ final class WMenuBarPeer extends WMenuPeer implements MenuBarPeer { + // Toolkit & peer internals + WMenuBarPeer(MenuBar target) { + this.target = target; +- WFramePeer framePeer = (WFramePeer) ++ framePeer = (WFramePeer) + WToolkit.targetToPeer(target.getParent()); ++ if (framePeer != null) { ++ framePeer.addChildPeer(this); ++ } + create(framePeer); + // fix for 5088782: check if menu object is created successfully + checkMenuCreation(); +diff --git a/jdk/src/windows/classes/sun/awt/windows/WMenuItemPeer.java b/jdk/src/windows/classes/sun/awt/windows/WMenuItemPeer.java +index 9f681e7..5a58119 100644 +--- openjdk/jdk/src/windows/classes/sun/awt/windows/WMenuItemPeer.java ++++ openjdk/jdk/src/windows/classes/sun/awt/windows/WMenuItemPeer.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -107,6 +107,7 @@ class WMenuItemPeer extends WObjectPeer implements MenuItemPeer { + this.target = target; + this.parent = (WMenuPeer) WToolkit.targetToPeer(target.getParent()); + this.isCheckbox = isCheckbox; ++ parent.addChildPeer(this); + create(parent); + // fix for 5088782: check if menu object is created successfully + checkMenuCreation(); +diff --git a/jdk/src/windows/classes/sun/awt/windows/WMenuPeer.java b/jdk/src/windows/classes/sun/awt/windows/WMenuPeer.java +index 567af92..9272a48 100644 +--- openjdk/jdk/src/windows/classes/sun/awt/windows/WMenuPeer.java ++++ openjdk/jdk/src/windows/classes/sun/awt/windows/WMenuPeer.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -51,10 +51,12 @@ class WMenuPeer extends WMenuItemPeer implements MenuPeer { + if (parent instanceof MenuBar) { + WMenuBarPeer mbPeer = (WMenuBarPeer) WToolkit.targetToPeer(parent); + this.parent = mbPeer; ++ mbPeer.addChildPeer(this); + createMenu(mbPeer); + } + else if (parent instanceof Menu) { + this.parent = (WMenuPeer) WToolkit.targetToPeer(parent); ++ this.parent.addChildPeer(this); + createSubMenu(this.parent); + } + else { +diff --git a/jdk/src/windows/classes/sun/awt/windows/WObjectPeer.java b/jdk/src/windows/classes/sun/awt/windows/WObjectPeer.java +index 843b15f..c066ab5 100644 +--- openjdk/jdk/src/windows/classes/sun/awt/windows/WObjectPeer.java ++++ openjdk/jdk/src/windows/classes/sun/awt/windows/WObjectPeer.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1996, 2008, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -24,6 +24,9 @@ + */ + package sun.awt.windows; + ++import java.util.Map; ++import java.util.WeakHashMap; ++ + abstract class WObjectPeer { + + static { +@@ -45,6 +48,8 @@ abstract class WObjectPeer { + // used to synchronize the state of this peer + private final Object stateLock = new Object(); + ++ private volatile Map childPeers; ++ + public static WObjectPeer getPeerForTarget(Object t) { + WObjectPeer peer = (WObjectPeer) WToolkit.targetToPeer(t); + return peer; +@@ -77,6 +82,9 @@ abstract class WObjectPeer { + } + + if (call_disposeImpl) { ++ if (childPeers != null) { ++ disposeChildPeers(); ++ } + disposeImpl(); + } + } +@@ -88,4 +96,33 @@ abstract class WObjectPeer { + * Initialize JNI field and method IDs + */ + private static native void initIDs(); ++ ++ // if a child peer existence depends on this peer, add it to this collection ++ final void addChildPeer(WObjectPeer child) { ++ synchronized (getStateLock()) { ++ if (childPeers == null) { ++ childPeers = new WeakHashMap<>(); ++ } ++ if (isDisposed()) { ++ throw new IllegalStateException("Parent peer is disposed"); ++ } ++ childPeers.put(child, this); ++ } ++ } ++ ++ // called to dispose dependent child peers ++ private void disposeChildPeers() { ++ synchronized (getStateLock()) { ++ for (WObjectPeer child : childPeers.keySet()) { ++ if (child != null) { ++ try { ++ child.dispose(); ++ } ++ catch (Exception e) { ++ // ignored ++ } ++ } ++ } ++ } ++ } + } +diff --git a/jdk/src/windows/classes/sun/awt/windows/WPopupMenuPeer.java b/jdk/src/windows/classes/sun/awt/windows/WPopupMenuPeer.java +index 6818be3..d37858d 100644 +--- openjdk/jdk/src/windows/classes/sun/awt/windows/WPopupMenuPeer.java ++++ openjdk/jdk/src/windows/classes/sun/awt/windows/WPopupMenuPeer.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -58,6 +58,7 @@ final class WPopupMenuPeer extends WMenuPeer implements PopupMenuPeer { + parent = WToolkit.getNativeContainer((Component)parent); + parentPeer = (WComponentPeer) WToolkit.targetToPeer(parent); + } ++ parentPeer.addChildPeer(this); + createMenu(parentPeer); + // fix for 5088782: check if menu object is created successfully + checkMenuCreation(); +diff --git a/jdk/src/windows/classes/sun/java2d/opengl/WGLGraphicsConfig.java b/jdk/src/windows/classes/sun/java2d/opengl/WGLGraphicsConfig.java +index b0f04e3..c2bd2ad 100644 +--- openjdk/jdk/src/windows/classes/sun/java2d/opengl/WGLGraphicsConfig.java ++++ openjdk/jdk/src/windows/classes/sun/java2d/opengl/WGLGraphicsConfig.java +@@ -323,8 +323,12 @@ public class WGLGraphicsConfig + @Override + public VolatileImage createBackBuffer(WComponentPeer peer) { + Component target = (Component)peer.getTarget(); ++ // it is possible for the component to have size 0x0, adjust it to ++ // be at least 1x1 to avoid IAE ++ int w = Math.max(1, target.getWidth()); ++ int h = Math.max(1, target.getHeight()); + return new SunVolatileImage(target, +- target.getWidth(), target.getHeight(), ++ w, h, + Boolean.TRUE); + } + +diff --git a/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_DirectSound.cpp b/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_DirectSound.cpp +index ce19bba..d8db5d7 100644 +--- openjdk/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_DirectSound.cpp ++++ openjdk/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_DirectSound.cpp +@@ -859,6 +859,10 @@ void* DAUDIO_Open(INT32 mixerIndex, INT32 deviceID, int isSource, + ERROR1("DAUDIO_Open: ERROR: cannot open the device with encoding=%d!\n", encoding); + return NULL; + } ++ if (channels <= 0) { ++ ERROR1("DAUDIO_Open: ERROR: Invalid number of channels=%d!\n", channels); ++ return NULL; ++ } + if (sampleSizeInBits > 8 && + #ifdef _LITTLE_ENDIAN + isBigEndian +diff --git a/jdk/src/windows/native/java/net/net_util_md.c b/jdk/src/windows/native/java/net/net_util_md.c +index 8a0f5c1..7d990bf 100644 +--- openjdk/jdk/src/windows/native/java/net/net_util_md.c ++++ openjdk/jdk/src/windows/native/java/net/net_util_md.c +@@ -218,9 +218,7 @@ NET_ThrowSocketException(JNIEnv *env, char* msg) + void + NET_ThrowByNameWithLastError(JNIEnv *env, const char *name, + const char *defaultDetail) { +- char errmsg[255]; +- sprintf(errmsg, "errno: %d, error: %s\n", WSAGetLastError(), defaultDetail); +- JNU_ThrowByNameWithLastError(env, name, errmsg); ++ JNU_ThrowByNameWithMessageAndLastError(env, name, defaultDetail); + } + + jfieldID +diff --git a/jdk/src/windows/native/sun/windows/awt_Font.cpp b/jdk/src/windows/native/sun/windows/awt_Font.cpp +index 76bdd84..7282a8f 100644 +--- openjdk/jdk/src/windows/native/sun/windows/awt_Font.cpp ++++ openjdk/jdk/src/windows/native/sun/windows/awt_Font.cpp +@@ -607,7 +607,7 @@ SIZE AwtFont::TextSize(AwtFont* font, int columns, int rows) + int AwtFont::getFontDescriptorNumber(JNIEnv *env, jobject font, + jobject fontDescriptor) + { +- int i, num; ++ int i, num = 0; + jobject refFontDescriptor; + jobjectArray array; + +diff --git a/jdk/src/windows/native/sun/windows/awt_Frame.cpp b/jdk/src/windows/native/sun/windows/awt_Frame.cpp +index 6ff8a95..3f5572f 100644 +--- openjdk/jdk/src/windows/native/sun/windows/awt_Frame.cpp ++++ openjdk/jdk/src/windows/native/sun/windows/awt_Frame.cpp +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -1113,11 +1113,19 @@ AwtMenuBar* AwtFrame::GetMenuBar() + + void AwtFrame::SetMenuBar(AwtMenuBar* mb) + { ++ if (menuBar) { ++ menuBar->SetFrame(NULL); ++ } + menuBar = mb; + if (mb == NULL) { + // Remove existing menu bar, if any. + ::SetMenu(GetHWnd(), NULL); + } else { ++ AwtFrame* oldFrame = menuBar->GetFrame(); ++ if (oldFrame && oldFrame != this) { ++ oldFrame->SetMenuBar(NULL); ++ } ++ menuBar->SetFrame(this); + if (menuBar->GetHMenu() != NULL) { + ::SetMenu(GetHWnd(), menuBar->GetHMenu()); + } +diff --git a/jdk/src/windows/native/sun/windows/awt_MenuBar.cpp b/jdk/src/windows/native/sun/windows/awt_MenuBar.cpp +index c600d8d..f6e69c3 100644 +--- openjdk/jdk/src/windows/native/sun/windows/awt_MenuBar.cpp ++++ openjdk/jdk/src/windows/native/sun/windows/awt_MenuBar.cpp +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -58,6 +58,9 @@ AwtMenuBar::~AwtMenuBar() + + void AwtMenuBar::Dispose() + { ++ if (m_frame != NULL && m_frame->GetMenuBar() == this) { ++ m_frame->SetMenuBar(NULL); ++ } + m_frame = NULL; + + AwtMenu::Dispose(); +diff --git a/jdk/src/windows/native/sun/windows/awt_MenuBar.h b/jdk/src/windows/native/sun/windows/awt_MenuBar.h +index b4291f1..797cf0a 100644 +--- openjdk/jdk/src/windows/native/sun/windows/awt_MenuBar.h ++++ openjdk/jdk/src/windows/native/sun/windows/awt_MenuBar.h +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -63,6 +63,9 @@ public: + + virtual AwtMenuBar* GetMenuBar() { return this; } + INLINE AwtFrame* GetFrame() { return m_frame; } ++ INLINE void SetFrame(AwtFrame* frame) { ++ m_frame = frame; ++ } + + virtual HWND GetOwnerHWnd(); + virtual void RedrawMenuBar(); +diff --git a/jdk/test/ProblemList.txt b/jdk/test/ProblemList.txt +index c726b04..825c985 100644 +--- openjdk/jdk/test/ProblemList.txt ++++ openjdk/jdk/test/ProblemList.txt +@@ -234,6 +234,9 @@ sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java solaris-all + java/security/KeyPairGenerator/SolarisShortDSA.java solaris-all + sun/security/tools/keytool/standard.sh solaris-all + ++# 8026393 ++sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java generic-all ++ + ############################################################################ + + # jdk_sound +diff --git a/jdk/test/javax/crypto/SecretKeyFactory/FailOverTest.sh b/jdk/test/javax/crypto/SecretKeyFactory/FailOverTest.sh +index 6beb911..b39efb0 100644 +--- openjdk/jdk/test/javax/crypto/SecretKeyFactory/FailOverTest.sh ++++ openjdk/jdk/test/javax/crypto/SecretKeyFactory/FailOverTest.sh +@@ -88,6 +88,7 @@ fi + + ${TESTJAVA}${FS}bin${FS}java \ + ${TESTVMOPTS} \ ++ -Djava.security.properties=${TESTSRC}${FS}security.properties \ + -classpath "${TESTSRC}${FS}P1.jar${PS}${TESTSRC}${FS}P2.jar${PS}." \ + FailOverTest + result=$? +diff --git a/jdk/test/javax/crypto/SecretKeyFactory/security.properties b/jdk/test/javax/crypto/SecretKeyFactory/security.properties +new file mode 100644 +index 0000000..224dbf7 +--- /dev/null ++++ openjdk/jdk/test/javax/crypto/SecretKeyFactory/security.properties +@@ -0,0 +1,26 @@ ++# ++# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. ++# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++# ++# This code is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License version 2 only, as ++# published by the Free Software Foundation. ++# ++# This code is distributed in the hope that it will be useful, but WITHOUT ++# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++# version 2 for more details (a copy is included in the LICENSE file that ++# accompanied this code). ++# ++# You should have received a copy of the GNU General Public License version ++# 2 along with this work; if not, write to the Free Software Foundation, ++# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++# ++# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++# or visit www.oracle.com if you need additional information or have any ++# questions. ++# ++ ++jdk.security.provider.preferred= ++jdk.jar.disabledAlgorithms= ++ +diff --git a/jdk/test/javax/security/auth/Subject/doAs/NestedActions.java b/jdk/test/javax/security/auth/Subject/doAs/NestedActions.java +index f02b2ff..a4f249e 100644 +--- openjdk/jdk/test/javax/security/auth/Subject/doAs/NestedActions.java ++++ openjdk/jdk/test/javax/security/auth/Subject/doAs/NestedActions.java +@@ -23,6 +23,7 @@ + */ + + import jdk.testlibrary.ProcessTools; ++import jdk.testlibrary.JarUtils; + + import javax.security.auth.Subject; + import javax.security.auth.x500.X500Principal; +@@ -35,6 +36,7 @@ import java.util.List; + import java.util.jar.JarEntry; + import java.util.jar.JarOutputStream; + import java.util.jar.Manifest; ++import java.nio.file.Paths; + + /** + * @test +@@ -99,7 +101,7 @@ public class NestedActions { + public static void main(String[] args) throws IOException { + if (args.length > 0) { + if ("jar".equals(args[0]) && args.length > 2) { +- createJar(args[1], ++ JarUtils.createJar(args[1], Paths.get(TEST_CLASSES + FS), + Arrays.copyOfRange(args, 2, args.length)); + } else { + runJava(args); +@@ -109,24 +111,7 @@ public class NestedActions { + } + } + +- static void createJar(String dest, String... files) throws IOException { +- System.out.println("Create " + dest + " with the following content:"); +- try (JarOutputStream jos = new JarOutputStream( +- new FileOutputStream(dest), new Manifest())) { +- for (String file : files) { +- System.out.println(" " + file); +- jos.putNextEntry(new JarEntry(file)); +- try (FileInputStream fis = new FileInputStream( +- TEST_CLASSES + FS + file)) { +- byte[] buffer = new byte[1024]; +- int read; +- while ((read = fis.read(buffer, 0, buffer.length)) > 0) { +- jos.write(buffer, 0, read); +- } +- } +- } +- } +- } ++ + + static void runJava(String[] args) { + if (args == null || args.length < 3) { +diff --git a/jdk/test/javax/swing/JEditorPane/6882559/bug6882559.java b/jdk/test/javax/swing/JEditorPane/6882559/bug6882559.java +new file mode 100644 +index 0000000..5bcd041 +--- /dev/null ++++ openjdk/jdk/test/javax/swing/JEditorPane/6882559/bug6882559.java +@@ -0,0 +1,41 @@ ++/* ++ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++/* @test ++ @bug 6882559 ++ @summary new JEditorPane("text/plain","") fails for null context class loader ++ @author Mikhail Cherkasov ++ @run main bug6882559 ++*/ ++ ++import javax.swing.*; ++ ++ ++public class bug6882559 { ++ public static void main(String[] args) throws Exception { ++ SwingUtilities.invokeAndWait(() -> { ++ Thread.currentThread().setContextClassLoader(null); ++ new javax.swing.JEditorPane("text/plain", ""); ++ }); ++ } ++} +diff --git a/jdk/test/javax/swing/JEditorPane/8158734/bug8158734.java b/jdk/test/javax/swing/JEditorPane/8158734/bug8158734.java +new file mode 100644 +index 0000000..3514303 +--- /dev/null ++++ openjdk/jdk/test/javax/swing/JEditorPane/8158734/bug8158734.java +@@ -0,0 +1,115 @@ ++/* ++ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++/* @test ++ @bug 8158734 ++ @summary JEditorPane.createEditorKitForContentType throws NPE after 6882559 ++ @author Mikhail Cherkasov ++ @run main bug8158734 ++*/ ++ ++import javax.swing.*; ++import javax.swing.text.*; ++import java.io.*; ++import java.lang.reflect.InvocationTargetException; ++ ++ ++public class bug8158734 { ++ ++ public static final String TYPE = "test/test"; ++ public static final String TYPE_2 = "test2/test2"; ++ ++ static boolean myClassloaderWasUsed = false; ++ ++ static class MyEditorKit extends EditorKit { ++ @Override ++ public String getContentType() { ++ return null; ++ } ++ ++ @Override ++ public ViewFactory getViewFactory() { ++ return null; ++ } ++ ++ @Override ++ public Action[] getActions() { ++ return new Action[0]; ++ } ++ ++ @Override ++ public Caret createCaret() { ++ return null; ++ } ++ ++ @Override ++ public Document createDefaultDocument() { ++ return null; ++ } ++ ++ @Override ++ public void read(InputStream in, Document doc, int pos) throws IOException, BadLocationException { ++ } ++ ++ @Override ++ public void write(OutputStream out, Document doc, int pos, int len) throws IOException, BadLocationException { ++ ++ } ++ ++ @Override ++ public void read(Reader in, Document doc, int pos) throws IOException, BadLocationException { ++ } ++ ++ @Override ++ public void write(Writer out, Document doc, int pos, int len) throws IOException, BadLocationException { ++ } ++ } ++ ++ static class MyClassloader extends ClassLoader { ++ @Override ++ public Class loadClass(String name) throws ClassNotFoundException { ++ myClassloaderWasUsed = true; ++ return super.loadClass(name); ++ } ++ } ++ ++ public static void main(String[] args) throws InvocationTargetException, InterruptedException { ++ SwingUtilities.invokeAndWait(new Runnable() { ++ @Override ++ public void run() { ++ JEditorPane c = new JEditorPane(); ++ c.setContentType(TYPE); ++ ++ final MyClassloader loader = new MyClassloader(); ++ JEditorPane.registerEditorKitForContentType(TYPE_2, MyEditorKit.class.getName(), loader); ++ JEditorPane.registerEditorKitForContentType(TYPE_2, MyEditorKit.class.getName(), null); ++ JEditorPane.createEditorKitForContentType(TYPE_2); ++ ++ if (myClassloaderWasUsed) { ++ throw new RuntimeException("Class loader has not been removed for '" + TYPE_2 + "' type"); ++ } ++ } ++ }); ++ ++ } ++} +\ No newline at end of file +diff --git a/jdk/test/lib/testlibrary/jdk/testlibrary/JarUtils.java b/jdk/test/lib/testlibrary/jdk/testlibrary/JarUtils.java +new file mode 100644 +index 0000000..13b07a5 +--- /dev/null ++++ openjdk/jdk/test/lib/testlibrary/jdk/testlibrary/JarUtils.java +@@ -0,0 +1,136 @@ ++/* ++ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package jdk.testlibrary; ++ ++import java.io.File; ++import java.io.FileInputStream; ++import java.io.FileOutputStream; ++import java.io.IOException; ++import java.nio.file.Path; ++import java.util.ArrayList; ++import java.util.Enumeration; ++import java.util.List; ++import java.util.jar.JarEntry; ++import java.util.jar.JarFile; ++import java.util.jar.JarOutputStream; ++import java.util.jar.Manifest; ++ ++/** ++ * Common library for various test jar file utility functions. ++ */ ++public final class JarUtils { ++ ++ ++ /** ++ * Create jar file with specified files from specified location. ++ */ ++ public static void createJar(String dest, Path filesLocation, ++ String... fileNames) throws IOException { ++ try (JarOutputStream jos = new JarOutputStream( ++ new FileOutputStream(dest), new Manifest())) { ++ for (String fileName : fileNames) { ++ System.out.println(String.format("Adding %s to %s", ++ fileName, dest)); ++ ++ // add an archive entry, and write a file ++ jos.putNextEntry(new JarEntry(fileName)); ++ File file; ++ if (filesLocation != null) { ++ file = filesLocation.resolve(fileName).toFile(); ++ } else { ++ file = new File(fileName); ++ } ++ try (FileInputStream fis = new FileInputStream(file)) { ++ Utils.transferBetweenStreams(fis, jos); ++ } ++ } ++ } ++ System.out.println(); ++ } ++ ++ /** ++ * Create jar file with specified files from current directory. ++ */ ++ public static void createJar(String dest, String... files) ++ throws IOException { ++ createJar(dest, null, files); ++ } ++ ++ /** ++ * Add specified files to existing jar file. ++ */ ++ public static void updateJar(String src, String dest, String... files) ++ throws IOException { ++ try (JarOutputStream jos = new JarOutputStream( ++ new FileOutputStream(dest))) { ++ ++ // copy each old entry into destination unless the entry name ++ // is in the updated list ++ List updatedFiles = new ArrayList<>(); ++ try (JarFile srcJarFile = new JarFile(src)) { ++ Enumeration entries = srcJarFile.entries(); ++ while (entries.hasMoreElements()) { ++ JarEntry entry = entries.nextElement(); ++ String name = entry.getName(); ++ boolean found = false; ++ for (String file : files) { ++ if (name.equals(file)) { ++ updatedFiles.add(file); ++ found = true; ++ break; ++ } ++ } ++ ++ if (found) { ++ System.out.println(String.format("Updating %s with %s", ++ dest, name)); ++ jos.putNextEntry(new JarEntry(name)); ++ try (FileInputStream fis = new FileInputStream(name)) { ++ Utils.transferBetweenStreams(fis, jos); ++ } ++ } else { ++ System.out.println(String.format("Copying %s to %s", ++ name, dest)); ++ jos.putNextEntry(entry); ++ Utils.transferBetweenStreams(srcJarFile. ++ getInputStream(entry), jos); ++ } ++ } ++ } ++ ++ // append new files ++ for (String file : files) { ++ if (!updatedFiles.contains(file)) { ++ System.out.println(String.format("Adding %s with %s", ++ dest, file)); ++ jos.putNextEntry(new JarEntry(file)); ++ try (FileInputStream fis = new FileInputStream(file)) { ++ Utils.transferBetweenStreams(fis, jos); ++ } ++ } ++ } ++ } ++ System.out.println(); ++ } ++} +\ No newline at end of file +diff --git a/jdk/test/lib/testlibrary/jdk/testlibrary/OutputAnalyzer.java b/jdk/test/lib/testlibrary/jdk/testlibrary/OutputAnalyzer.java +index 7c0d364..b760b9b 100644 +--- openjdk/jdk/test/lib/testlibrary/jdk/testlibrary/OutputAnalyzer.java ++++ openjdk/jdk/test/lib/testlibrary/jdk/testlibrary/OutputAnalyzer.java +@@ -90,13 +90,14 @@ public final class OutputAnalyzer { + * @throws RuntimeException + * If the string was not found + */ +- public void shouldContain(String expectedString) { ++ public OutputAnalyzer shouldContain(String expectedString) { + if (!stdout.contains(expectedString) + && !stderr.contains(expectedString)) { + reportDiagnosticSummary(); + throw new RuntimeException("'" + expectedString + + "' missing from stdout/stderr \n"); + } ++ return this; + } + + /** +@@ -107,12 +108,13 @@ public final class OutputAnalyzer { + * @throws RuntimeException + * If the string was not found + */ +- public void stdoutShouldContain(String expectedString) { ++ public OutputAnalyzer stdoutShouldContain(String expectedString) { + if (!stdout.contains(expectedString)) { + reportDiagnosticSummary(); + throw new RuntimeException("'" + expectedString + + "' missing from stdout \n"); + } ++ return this; + } + + /** +@@ -123,24 +125,25 @@ public final class OutputAnalyzer { + * @throws RuntimeException + * If the string was not found + */ +- public void stderrShouldContain(String expectedString) { ++ public OutputAnalyzer stderrShouldContain(String expectedString) { + if (!stderr.contains(expectedString)) { + reportDiagnosticSummary(); + throw new RuntimeException("'" + expectedString + + "' missing from stderr \n"); + } ++ return this; + } + + /** + * Verify that the stdout and stderr contents of output buffer does not + * contain the string + * +- * @param expectedString ++ * @param notExpectedString + * String that the buffer should not contain + * @throws RuntimeException + * If the string was found + */ +- public void shouldNotContain(String notExpectedString) { ++ public OutputAnalyzer shouldNotContain(String notExpectedString) { + if (stdout.contains(notExpectedString)) { + reportDiagnosticSummary(); + throw new RuntimeException("'" + notExpectedString +@@ -151,23 +154,25 @@ public final class OutputAnalyzer { + throw new RuntimeException("'" + notExpectedString + + "' found in stderr \n"); + } ++ return this; + } + + /** + * Verify that the stdout contents of output buffer does not contain the + * string + * +- * @param expectedString ++ * @param notExpectedString + * String that the buffer should not contain + * @throws RuntimeException + * If the string was found + */ +- public void stdoutShouldNotContain(String notExpectedString) { ++ public OutputAnalyzer stdoutShouldNotContain(String notExpectedString) { + if (stdout.contains(notExpectedString)) { + reportDiagnosticSummary(); + throw new RuntimeException("'" + notExpectedString + + "' found in stdout \n"); + } ++ return this; + } + + /** +@@ -195,7 +200,7 @@ public final class OutputAnalyzer { + * @throws RuntimeException + * If the pattern was not found + */ +- public void shouldMatch(String pattern) { ++ public OutputAnalyzer shouldMatch(String pattern) { + Matcher stdoutMatcher = Pattern.compile(pattern, Pattern.MULTILINE) + .matcher(stdout); + Matcher stderrMatcher = Pattern.compile(pattern, Pattern.MULTILINE) +@@ -205,6 +210,7 @@ public final class OutputAnalyzer { + throw new RuntimeException("'" + pattern + + "' missing from stdout/stderr \n"); + } ++ return this; + } + + /** +@@ -214,7 +220,7 @@ public final class OutputAnalyzer { + * @throws RuntimeException + * If the pattern was not found + */ +- public void stdoutShouldMatch(String pattern) { ++ public OutputAnalyzer stdoutShouldMatch(String pattern) { + Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher( + stdout); + if (!matcher.find()) { +@@ -222,6 +228,7 @@ public final class OutputAnalyzer { + throw new RuntimeException("'" + pattern + + "' missing from stdout \n"); + } ++ return this; + } + + /** +@@ -231,7 +238,7 @@ public final class OutputAnalyzer { + * @throws RuntimeException + * If the pattern was not found + */ +- public void stderrShouldMatch(String pattern) { ++ public OutputAnalyzer stderrShouldMatch(String pattern) { + Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher( + stderr); + if (!matcher.find()) { +@@ -239,6 +246,7 @@ public final class OutputAnalyzer { + throw new RuntimeException("'" + pattern + + "' missing from stderr \n"); + } ++ return this; + } + + /** +@@ -249,7 +257,7 @@ public final class OutputAnalyzer { + * @throws RuntimeException + * If the pattern was found + */ +- public void shouldNotMatch(String pattern) { ++ public OutputAnalyzer shouldNotMatch(String pattern) { + Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher( + stdout); + if (matcher.find()) { +@@ -263,6 +271,7 @@ public final class OutputAnalyzer { + throw new RuntimeException("'" + pattern + "' found in stderr: '" + + matcher.group() + "' \n"); + } ++ return this; + } + + /** +@@ -273,13 +282,14 @@ public final class OutputAnalyzer { + * @throws RuntimeException + * If the pattern was found + */ +- public void stdoutShouldNotMatch(String pattern) { ++ public OutputAnalyzer stdoutShouldNotMatch(String pattern) { + Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher( + stdout); + if (matcher.find()) { + reportDiagnosticSummary(); + throw new RuntimeException("'" + pattern + "' found in stdout \n"); + } ++ return this; + } + + /** +@@ -290,13 +300,14 @@ public final class OutputAnalyzer { + * @throws RuntimeException + * If the pattern was found + */ +- public void stderrShouldNotMatch(String pattern) { ++ public OutputAnalyzer stderrShouldNotMatch(String pattern) { + Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher( + stderr); + if (matcher.find()) { + reportDiagnosticSummary(); + throw new RuntimeException("'" + pattern + "' found in stderr \n"); + } ++ return this; + } + + /** +@@ -344,12 +355,13 @@ public final class OutputAnalyzer { + * If the exit value from the process did not match the expected + * value + */ +- public void shouldHaveExitValue(int expectedExitValue) { ++ public OutputAnalyzer shouldHaveExitValue(int expectedExitValue) { + if (getExitValue() != expectedExitValue) { + reportDiagnosticSummary(); + throw new RuntimeException("Expected to get exit value of [" + + expectedExitValue + "]\n"); + } ++ return this; + } + + /** +@@ -357,11 +369,12 @@ public final class OutputAnalyzer { + * - standard input produced by the process under test - standard output - + * exit code Note: the command line is printed by the ProcessTools + */ +- private void reportDiagnosticSummary() { ++ private OutputAnalyzer reportDiagnosticSummary() { + String msg = " stdout: [" + stdout + "];\n" + " stderr: [" + stderr + + "]\n" + " exitValue = " + getExitValue() + "\n"; + + System.err.println(msg); ++ return this; + } + + /** +diff --git a/jdk/test/lib/testlibrary/jdk/testlibrary/Utils.java b/jdk/test/lib/testlibrary/jdk/testlibrary/Utils.java +index c219234..399909f 100644 +--- openjdk/jdk/test/lib/testlibrary/jdk/testlibrary/Utils.java ++++ openjdk/jdk/test/lib/testlibrary/jdk/testlibrary/Utils.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -29,6 +29,8 @@ import java.io.BufferedReader; + import java.io.File; + import java.io.FileReader; + import java.io.IOException; ++import java.io.InputStream; ++import java.io.OutputStream; + import java.net.InetAddress; + import java.net.ServerSocket; + import java.net.UnknownHostException; +@@ -332,4 +334,43 @@ public final class Utils { + } + return null; + } ++ ++ private static final int BUFFER_SIZE = 1024; ++ ++ /** ++ * Reads all bytes from the input stream and writes the bytes to the ++ * given output stream in the order that they are read. On return, the ++ * input stream will be at end of stream. This method does not close either ++ * stream. ++ *

++ * This method may block indefinitely reading from the input stream, or ++ * writing to the output stream. The behavior for the case where the input ++ * and/or output stream is asynchronously closed, or the thread ++ * interrupted during the transfer, is highly input and output stream ++ * specific, and therefore not specified. ++ *

++ * If an I/O error occurs reading from the input stream or writing to the ++ * output stream, then it may do so after some bytes have been read or ++ * written. Consequently the input stream may not be at end of stream and ++ * one, or both, streams may be in an inconsistent state. It is strongly ++ * recommended that both streams be promptly closed if an I/O error occurs. ++ * ++ * @param in the input stream, non-null ++ * @param out the output stream, non-null ++ * @return the number of bytes transferred ++ * @throws IOException if an I/O error occurs when reading or writing ++ * @throws NullPointerException if {@code in} or {@code out} is {@code null} ++ * ++ */ ++ public static long transferBetweenStreams(InputStream in, OutputStream out) ++ throws IOException { ++ long transferred = 0; ++ byte[] buffer = new byte[BUFFER_SIZE]; ++ int read; ++ while ((read = in.read(buffer, 0, BUFFER_SIZE)) >= 0) { ++ out.write(buffer, 0, read); ++ transferred += read; ++ } ++ return transferred; ++ } + } +diff --git a/jdk/test/sun/security/pkcs/pkcs7/PKCS7VerifyTest.java b/jdk/test/sun/security/pkcs/pkcs7/PKCS7VerifyTest.java +index 24cc111..ec8359a 100644 +--- openjdk/jdk/test/sun/security/pkcs/pkcs7/PKCS7VerifyTest.java ++++ openjdk/jdk/test/sun/security/pkcs/pkcs7/PKCS7VerifyTest.java +@@ -26,8 +26,8 @@ + * @bug 8048357 + * @summary Read signed data in one or more PKCS7 objects from individual files, + * verify SignerInfos and certificate chain. +- * @run main PKCS7VerifyTest PKCS7TEST.DSA.base64 +- * @run main PKCS7VerifyTest PKCS7TEST.DSA.base64 PKCS7TEST.SF ++ * @run main/othervm -Djava.security.properties=${test.src}/reenable.jar.alg.props PKCS7VerifyTest PKCS7TEST.DSA.base64 ++ * @run main/othervm -Djava.security.properties=${test.src}/reenable.jar.alg.props PKCS7VerifyTest PKCS7TEST.DSA.base64 PKCS7TEST.SF + */ + import java.io.ByteArrayInputStream; + import java.io.File; +@@ -35,6 +35,7 @@ import java.io.FileInputStream; + import java.nio.file.Files; + import java.nio.file.Path; + import java.nio.file.Paths; ++import java.security.Security; + import java.security.cert.X509Certificate; + import java.util.Base64; + import java.util.HashMap; +diff --git a/jdk/test/sun/security/pkcs/pkcs7/reenable.jar.alg.props b/jdk/test/sun/security/pkcs/pkcs7/reenable.jar.alg.props +new file mode 100644 +index 0000000..9841943 +--- /dev/null ++++ openjdk/jdk/test/sun/security/pkcs/pkcs7/reenable.jar.alg.props +@@ -0,0 +1,24 @@ ++# ++# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. ++# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++# ++# This code is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License version 2 only, as ++# published by the Free Software Foundation. ++# ++# This code is distributed in the hope that it will be useful, but WITHOUT ++# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++# version 2 for more details (a copy is included in the LICENSE file that ++# accompanied this code). ++# ++# You should have received a copy of the GNU General Public License version ++# 2 along with this work; if not, write to the Free Software Foundation, ++# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++# ++# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++# or visit www.oracle.com if you need additional information or have any ++# questions. ++# ++ ++jdk.jar.disabledAlgorithms= +diff --git a/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/OriginServer.java b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/OriginServer.java +index b24aed6..dc2070f 100644 +--- openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/OriginServer.java ++++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/OriginServer.java +@@ -36,10 +36,12 @@ import javax.net.*; + * Http get request in both clear and secure channel + */ + +-public abstract class OriginServer implements Runnable { ++public abstract class OriginServer implements Runnable, Closeable { + + private ServerSocket server = null; + Exception serverException = null; ++ private volatile boolean closed; ++ + /** + * Constructs a OriginServer based on ss and + * obtains a response data's bytecodes using the method +@@ -53,6 +55,14 @@ public abstract class OriginServer implements Runnable { + throw serverException; + } + ++ @Override ++ public void close() throws IOException { ++ if (closed) ++ return; ++ closed = true; ++ server.close(); ++ } ++ + /** + * Returns an array of bytes containing the bytes for + * the data sent in the response. +diff --git a/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/ProxyAuthTest.java b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/ProxyAuthTest.java +index a4ef930..50e3d06 100644 +--- openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/ProxyAuthTest.java ++++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/ProxyAuthTest.java +@@ -23,21 +23,30 @@ + + /* + * @test +- * @bug 4323990 4413069 ++ * @bug 4323990 4413069 8160838 + * @summary HttpsURLConnection doesn't send Proxy-Authorization on CONNECT + * Incorrect checking of proxy server response +- * @run main/othervm ProxyAuthTest +- * +- * No way to reserve and restore java.lang.Authenticator, need to run this +- * test in othervm mode. ++ * @run main/othervm ProxyAuthTest fail ++ * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Basic ProxyAuthTest fail ++ * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Basic, ProxyAuthTest fail ++ * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=BAsIc ProxyAuthTest fail ++ * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Basic,Digest ProxyAuthTest fail ++ * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Unknown,bAsIc ProxyAuthTest fail ++ * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes= ProxyAuthTest succeed ++ * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Digest,NTLM,Negotiate ProxyAuthTest succeed ++ * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=UNKNOWN,notKnown ProxyAuthTest succeed + */ + ++// No way to reserve and restore java.lang.Authenticator, as well as read-once ++// system properties, so this tests needs to run in othervm mode. ++ + import java.io.*; + import java.net.*; + import java.security.KeyStore; + import javax.net.*; + import javax.net.ssl.*; + import java.security.cert.*; ++import static java.nio.charset.StandardCharsets.US_ASCII; + + /* + * ProxyAuthTest.java -- includes a simple server that can serve +@@ -74,7 +83,7 @@ public class ProxyAuthTest { + */ + public byte[] getBytes() { + return "Proxy authentication for tunneling succeeded ..". +- getBytes(); ++ getBytes(US_ASCII); + } + } + +@@ -82,6 +91,13 @@ public class ProxyAuthTest { + * Main method to create the server and the client + */ + public static void main(String args[]) throws Exception { ++ boolean expectSuccess; ++ if (args[0].equals("succeed")) { ++ expectSuccess = true; ++ } else { ++ expectSuccess = false; ++ } ++ + String keyFilename = + System.getProperty("test.src", "./") + "/" + pathToStores + + "/" + keyStoreFile; +@@ -98,12 +114,13 @@ public class ProxyAuthTest { + /* + * setup the server + */ ++ Closeable server; + try { + ServerSocketFactory ssf = + ProxyAuthTest.getServerSocketFactory(useSSL); + ServerSocket ss = ssf.createServerSocket(serverPort); + serverPort = ss.getLocalPort(); +- new TestServer(ss); ++ server = new TestServer(ss); + } catch (Exception e) { + System.out.println("Server side failed:" + + e.getMessage()); +@@ -112,10 +129,28 @@ public class ProxyAuthTest { + // trigger the client + try { + doClientSide(); +- } catch (Exception e) { ++ if (!expectSuccess) { ++ throw new RuntimeException( ++ "Expected exception/failure to connect, but succeeded."); ++ } ++ } catch (IOException e) { ++ if (expectSuccess) { + System.out.println("Client side failed: " + e.getMessage()); + throw e; + } ++ ++ if (! (e.getMessage().contains("Unable to tunnel through proxy") && ++ e.getMessage().contains("407")) ) { ++ throw new RuntimeException( ++ "Expected exception about cannot tunnel, 407, etc, but got", e); ++ } else { ++ // Informative ++ System.out.println("Caught expected exception: " + e.getMessage()); ++ } ++ } finally { ++ if (server != null) ++ server.close(); ++ } + } + + private static ServerSocketFactory getServerSocketFactory +@@ -144,11 +179,11 @@ public class ProxyAuthTest { + } + } + +- static void doClientSide() throws Exception { ++ static void doClientSide() throws IOException { + /* + * setup up a proxy with authentication information + */ +- setupProxy(); ++ ProxyTunnelServer ps = setupProxy(); + + /* + * we want to avoid URLspoofCheck failures in cases where the cert +@@ -156,18 +191,28 @@ public class ProxyAuthTest { + */ + HttpsURLConnection.setDefaultHostnameVerifier( + new NameVerifier()); ++ ++ InetSocketAddress paddr = new InetSocketAddress("localhost", ps.getPort()); ++ Proxy proxy = new Proxy(Proxy.Type.HTTP, paddr); ++ + URL url = new URL("https://" + "localhost:" + serverPort + + "/index.html"); + BufferedReader in = null; ++ HttpsURLConnection uc = (HttpsURLConnection) url.openConnection(proxy); + try { +- in = new BufferedReader(new InputStreamReader( +- url.openStream())); ++ in = new BufferedReader(new InputStreamReader(uc.getInputStream())); + String inputLine; + System.out.print("Client recieved from the server: "); + while ((inputLine = in.readLine()) != null) + System.out.println(inputLine); + in.close(); +- } catch (SSLException e) { ++ } catch (IOException e) { ++ // Assert that the error stream is not accessible from the failed ++ // tunnel setup. ++ if (uc.getErrorStream() != null) { ++ throw new RuntimeException("Unexpected error stream."); ++ } ++ + if (in != null) + in.close(); + throw e; +@@ -180,7 +225,7 @@ public class ProxyAuthTest { + } + } + +- static void setupProxy() throws IOException { ++ static ProxyTunnelServer setupProxy() throws IOException { + ProxyTunnelServer pserver = new ProxyTunnelServer(); + /* + * register a system wide authenticator and setup the proxy for +@@ -193,9 +238,7 @@ public class ProxyAuthTest { + pserver.setUserAuth("Test", "test123"); + + pserver.start(); +- System.setProperty("https.proxyHost", "localhost"); +- System.setProperty("https.proxyPort", String.valueOf( +- pserver.getPort())); ++ return pserver; + } + + public static class TestAuthenticator extends Authenticator { +@@ -206,3 +249,4 @@ public class ProxyAuthTest { + } + } + } ++ +diff --git a/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/ProxyTunnelServer.java b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/ProxyTunnelServer.java +index 145cb49..90315e8 100644 +--- openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/ProxyTunnelServer.java ++++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/ProxyTunnelServer.java +@@ -65,6 +65,7 @@ public class ProxyTunnelServer extends Thread { + ss = (ServerSocket) ServerSocketFactory.getDefault(). + createServerSocket(0); + } ++ setDaemon(true); + } + + public void needUserAuth(boolean auth) { +@@ -211,6 +212,7 @@ public class ProxyTunnelServer extends Thread { + this.sockOut = sockOut; + input = sockIn.getInputStream(); + output = sockOut.getOutputStream(); ++ setDaemon(true); + } + + public void run() { +diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxyWithAuth.sh b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxyWithAuth.sh +index fd24c76..a89827c 100644 +--- openjdk/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxyWithAuth.sh ++++ openjdk/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxyWithAuth.sh +@@ -53,5 +53,7 @@ esac + ${COMPILEJAVA}${FS}bin${FS}javac ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} -d . ${TESTSRC}${FS}OriginServer.java \ + ${TESTSRC}${FS}ProxyTunnelServer.java \ + ${TESTSRC}${FS}PostThruProxyWithAuth.java +-${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} PostThruProxyWithAuth ${HOSTNAME} ${TESTSRC} ++${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} \ ++ -Djdk.http.auth.tunneling.disabledSchemes= \ ++ PostThruProxyWithAuth ${HOSTNAME} ${TESTSRC} + exit +diff --git a/jdk/test/sun/security/tools/jarsigner/JarSigningNonAscii.java b/jdk/test/sun/security/tools/jarsigner/JarSigningNonAscii.java +index 69bf09ed5..d04ff57 100644 +--- openjdk/jdk/test/sun/security/tools/jarsigner/JarSigningNonAscii.java ++++ openjdk/jdk/test/sun/security/tools/jarsigner/JarSigningNonAscii.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -25,10 +25,12 @@ + * @test + * @bug 4924188 + * @summary sign a JAR file that has entry names with non-ASCII characters. ++ * @run main/othervm -Djava.security.properties=${test.src}/reenable.jar.alg.props JarSigningNonAscii + */ + + import sun.security.tools.*; + import java.io.*; ++import java.security.Security; + import java.util.*; + import java.util.jar.*; + import java.security.cert.Certificate; +diff --git a/jdk/test/sun/security/tools/jarsigner/TimestampCheck.java b/jdk/test/sun/security/tools/jarsigner/TimestampCheck.java +index 113bb26..bc4d6ed 100644 +--- openjdk/jdk/test/sun/security/tools/jarsigner/TimestampCheck.java ++++ openjdk/jdk/test/sun/security/tools/jarsigner/TimestampCheck.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -58,7 +58,12 @@ public class TimestampCheck { + + static final String defaultPolicyId = "2.3.4.5"; + +- static class Handler implements HttpHandler { ++ static class Handler implements HttpHandler, AutoCloseable { ++ ++ private final HttpServer httpServer; ++ private final String keystore; ++ ++ @Override + public void handle(HttpExchange t) throws IOException { + int len = 0; + for (String h: t.getRequestHeaders().keySet()) { +@@ -136,7 +141,9 @@ public class TimestampCheck { + // Write TSResponse + System.err.println("\nResponse\n==================="); + KeyStore ks = KeyStore.getInstance("JKS"); +- ks.load(new FileInputStream(TSKS), "changeit".toCharArray()); ++ try (FileInputStream fis = new FileInputStream(keystore)) { ++ ks.load(fis, "changeit".toCharArray()); ++ } + + String alias = "ts"; + if (path == 6) alias = "tsbad1"; +@@ -240,35 +247,72 @@ public class TimestampCheck { + + return out.toByteArray(); + } +- } + +- public static void main(String[] args) throws Exception { ++ private Handler(HttpServer httpServer, String keystore) { ++ this.httpServer = httpServer; ++ this.keystore = keystore; ++ } ++ ++ /** ++ * Initialize TSA instance. ++ * ++ * Extended Key Info extension of certificate that is used for ++ * signing TSA responses should contain timeStamping value. ++ */ ++ static Handler init(int port, String keystore) throws IOException { ++ HttpServer httpServer = HttpServer.create( ++ new InetSocketAddress(port), 0); ++ Handler tsa = new Handler(httpServer, keystore); ++ httpServer.createContext("/", tsa); ++ return tsa; ++ } + +- Handler h = new Handler(); +- HttpServer server = HttpServer.create(new InetSocketAddress(0), 0); +- int port = server.getAddress().getPort(); +- HttpContext ctx = server.createContext("/", h); +- server.start(); +- +- String cmd = null; +- // Use -J-Djava.security.egd=file:/dev/./urandom to speed up +- // nonce generation in timestamping request. Not avaibale on +- // Windows and defaults to thread seed generator, not too bad. +- if (System.getProperty("java.home").endsWith("jre")) { +- cmd = System.getProperty("java.home") + "/../bin/jarsigner" + +- " -J-Djava.security.egd=file:/dev/./urandom" + +- " -debug -keystore " + TSKS + " -storepass changeit" + +- " -tsa http://localhost:" + port + "/%d" + +- " -signedjar new_%d.jar " + JAR + " old"; +- } else { +- cmd = System.getProperty("java.home") + "/bin/jarsigner" + +- " -J-Djava.security.egd=file:/dev/./urandom" + +- " -debug -keystore " + TSKS + " -storepass changeit" + +- " -tsa http://localhost:" + port + "/%d" + +- " -signedjar new_%d.jar " + JAR + " old"; ++ /** ++ * Start TSA service. ++ */ ++ void start() { ++ httpServer.start(); + } + +- try { ++ /** ++ * Stop TSA service. ++ */ ++ void stop() { ++ httpServer.stop(0); ++ } ++ ++ /** ++ * Return server port number. ++ */ ++ int getPort() { ++ return httpServer.getAddress().getPort(); ++ } ++ ++ @Override ++ public void close() throws Exception { ++ stop(); ++ } ++ } ++ public static void main(String[] args) throws Exception { ++ try (Handler tsa = Handler.init(0, TSKS);) { ++ tsa.start(); ++ int port = tsa.getPort(); ++ ++ String cmd; ++ // Use -J-Djava.security.egd=file:/dev/./urandom to speed up ++ // nonce generation in timestamping request. Not avaibale on ++ // Windows and defaults to thread seed generator, not too bad. ++ if (System.getProperty("java.home").endsWith("jre")) { ++ cmd = System.getProperty("java.home") + "/../bin/jarsigner"; ++ } else { ++ cmd = System.getProperty("java.home") + "/bin/jarsigner"; ++ } ++ ++ cmd += " -J-Djava.security.egd=file:/dev/./urandom" ++ + " -debug -keystore " + TSKS + " -storepass changeit" ++ + " -tsa http://localhost:" + port + "/%d" ++ + " -signedjar new_%d.jar " + JAR + " old"; ++ + if (args.length == 0) { // Run this test + jarsigner(cmd, 0, true); // Success, normal call + jarsigner(cmd, 1, false); // These 4 should fail +@@ -289,8 +333,6 @@ public class TimestampCheck { + System.err.println("Press Enter to quit server"); + System.in.read(); + } +- } finally { +- server.stop(0); + } + } + +diff --git a/jdk/test/sun/security/tools/jarsigner/TsacertOptionTest.java b/jdk/test/sun/security/tools/jarsigner/TsacertOptionTest.java +new file mode 100644 +index 0000000..c86affc +--- /dev/null ++++ openjdk/jdk/test/sun/security/tools/jarsigner/TsacertOptionTest.java +@@ -0,0 +1,147 @@ ++/* ++ * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import jdk.testlibrary.OutputAnalyzer; ++import jdk.testlibrary.ProcessTools; ++import jdk.testlibrary.JarUtils; ++ ++/** ++ * @test ++ * @bug 8024302 8026037 ++ * @summary The test signs and verifies a jar file with -tsacert option ++ * @library /lib/testlibrary ++ * @run main TsacertOptionTest ++ */ ++public class TsacertOptionTest { ++ ++ private static final String FS = System.getProperty("file.separator"); ++ private static final String JAVA_HOME = System.getProperty("test.jdk"); ++ private static final String KEYTOOL = JAVA_HOME + FS + "bin" + FS ++ + "keytool"; ++ private static final String JARSIGNER = JAVA_HOME + FS + "bin" + FS ++ + "jarsigner"; ++ private static final String UNSIGNED_JARFILE = "unsigned.jar"; ++ private static final String SIGNED_JARFILE = "signed.jar"; ++ private static final String FILENAME = TsacertOptionTest.class.getName() ++ + ".txt"; ++ private static final String PASSWORD = "changeit"; ++ private static final String KEYSTORE = "ks.jks"; ++ private static final String SIGNING_KEY_ALIAS = "sign_alias"; ++ private static final String TSA_KEY_ALIAS = "ts"; ++ private static final String KEY_ALG = "RSA"; ++ private static final int KEY_SIZE = 2048; ++ private static final int VALIDITY = 365; ++ private static final String WARNING = "Warning:"; ++ private static final String JAR_SIGNED = "jar signed."; ++ private static final String JAR_VERIFIED = "jar verified."; ++ ++ /** ++ * The test signs and verifies a jar file with -tsacert option, ++ * and checks that no warning was shown. ++ * A certificate that is addressed in -tsacert option contains URL to TSA ++ * in Subject Information Access extension. ++ */ ++ public static void main(String[] args) throws Throwable { ++ TsacertOptionTest test = new TsacertOptionTest(); ++ test.start(); ++ } ++ ++ void start() throws Throwable { ++ // create a jar file that contains one file ++ Utils.createFiles(FILENAME); ++ JarUtils.createJar(UNSIGNED_JARFILE, FILENAME); ++ ++ // look for free network port for TSA service ++ int port = jdk.testlibrary.Utils.getFreePort(); ++ String host = jdk.testlibrary.Utils.getHostname(); ++ String tsaUrl = "http://" + host + ":" + port; ++ ++ // create key pair for jar signing ++ ProcessTools.executeCommand(KEYTOOL, ++ "-genkey", ++ "-alias", SIGNING_KEY_ALIAS, ++ "-keyalg", KEY_ALG, ++ "-keysize", Integer.toString(KEY_SIZE), ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-dname", "CN=Test", ++ "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); ++ ++ // create key pair for TSA service ++ // SubjectInfoAccess extension contains URL to TSA service ++ ProcessTools.executeCommand(KEYTOOL, ++ "-genkey", ++ "-v", ++ "-alias", TSA_KEY_ALIAS, ++ "-keyalg", KEY_ALG, ++ "-keysize", Integer.toString(KEY_SIZE), ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-dname", "CN=TSA", ++ "-ext", "ExtendedkeyUsage:critical=timeStamping", ++ "-ext", "SubjectInfoAccess=timeStamping:URI:" + tsaUrl, ++ "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); ++ ++ try (TimestampCheck.Handler tsa = TimestampCheck.Handler.init(port, ++ KEYSTORE);) { ++ ++ // start TSA ++ tsa.start(); ++ ++ // sign jar file ++ // specify -tsadigestalg option because ++ // TSA server uses SHA-1 digest algorithm ++ OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verbose", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-signedjar", SIGNED_JARFILE, ++ "-tsacert", TSA_KEY_ALIAS, ++ "-tsadigestalg", "SHA-1", ++ UNSIGNED_JARFILE, ++ SIGNING_KEY_ALIAS); ++ ++ analyzer.shouldHaveExitValue(0); ++ analyzer.stdoutShouldNotContain(WARNING); ++ analyzer.shouldContain(JAR_SIGNED); ++ ++ // verify signed jar ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verbose", ++ "-verify", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ SIGNED_JARFILE); ++ ++ analyzer.shouldHaveExitValue(0); ++ analyzer.stdoutShouldNotContain(WARNING); ++ analyzer.shouldContain(JAR_VERIFIED); ++ } ++ ++ System.out.println("Test passed"); ++ } ++ ++} +diff --git a/jdk/test/sun/security/tools/jarsigner/Utils.java b/jdk/test/sun/security/tools/jarsigner/Utils.java +new file mode 100644 +index 0000000..3fc9009 +--- /dev/null ++++ openjdk/jdk/test/sun/security/tools/jarsigner/Utils.java +@@ -0,0 +1,39 @@ ++/* ++ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import java.io.File; ++import java.io.IOException; ++ ++/** ++ * Helper class. ++ */ ++public class Utils { ++ ++ static void createFiles(String... filenames) throws IOException { ++ for (String filename : filenames) { ++ new File(filename).createNewFile(); ++ } ++ } ++ ++} ++ +diff --git a/jdk/test/sun/security/tools/jarsigner/reenable.jar.alg.props b/jdk/test/sun/security/tools/jarsigner/reenable.jar.alg.props +new file mode 100644 +index 0000000..9841943 +--- /dev/null ++++ openjdk/jdk/test/sun/security/tools/jarsigner/reenable.jar.alg.props +@@ -0,0 +1,24 @@ ++# ++# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. ++# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++# ++# This code is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License version 2 only, as ++# published by the Free Software Foundation. ++# ++# This code is distributed in the hope that it will be useful, but WITHOUT ++# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++# version 2 for more details (a copy is included in the LICENSE file that ++# accompanied this code). ++# ++# You should have received a copy of the GNU General Public License version ++# 2 along with this work; if not, write to the Free Software Foundation, ++# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++# ++# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++# or visit www.oracle.com if you need additional information or have any ++# questions. ++# ++ ++jdk.jar.disabledAlgorithms= +diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/AliasNotInStoreTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/AliasNotInStoreTest.java +new file mode 100644 +index 0000000..81475fb +--- /dev/null ++++ openjdk/jdk/test/sun/security/tools/jarsigner/warnings/AliasNotInStoreTest.java +@@ -0,0 +1,149 @@ ++/* ++ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import jdk.testlibrary.OutputAnalyzer; ++import jdk.testlibrary.ProcessTools; ++import jdk.testlibrary.JarUtils; ++ ++/** ++ * @test ++ * @bug 8024302 8026037 ++ * @summary Test for aliasNotInStore warning ++ * @library /lib/testlibrary ../ ++ * @run main AliasNotInStoreTest ++ */ ++public class AliasNotInStoreTest extends Test { ++ ++ /** ++ * The test signs and verifies a jar that contains signed entries ++ * that are not signed by any alias in keystore (aliasNotInStore). ++ * Warning message is expected. ++ */ ++ public static void main(String[] args) throws Throwable { ++ AliasNotInStoreTest test = new AliasNotInStoreTest(); ++ test.start(); ++ } ++ ++ private void start() throws Throwable { ++ Utils.createFiles(FIRST_FILE, SECOND_FILE); ++ System.out.println(String.format("Create a %s that contains %s", ++ new Object[]{UNSIGNED_JARFILE, FIRST_FILE})); ++ JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); ++ ++ // create first key pair for signing ++ ProcessTools.executeCommand(KEYTOOL, ++ "-genkey", ++ "-alias", FIRST_KEY_ALIAS, ++ "-keyalg", KEY_ALG, ++ "-keysize", Integer.toString(KEY_SIZE), ++ "-keystore", BOTH_KEYS_KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-dname", "CN=First", ++ "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); ++ ++ // create second key pair for signing ++ ProcessTools.executeCommand(KEYTOOL, ++ "-genkey", ++ "-alias", SECOND_KEY_ALIAS, ++ "-keyalg", KEY_ALG, ++ "-keysize", Integer.toString(KEY_SIZE), ++ "-keystore", BOTH_KEYS_KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-dname", "CN=Second", ++ "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); ++ ++ // sign jar with first key ++ OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-keystore", BOTH_KEYS_KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-signedjar", SIGNED_JARFILE, ++ UNSIGNED_JARFILE, ++ FIRST_KEY_ALIAS); ++ ++ checkSigning(analyzer); ++ ++ System.out.println(String.format("Copy %s to %s, and add %s", ++ new Object[] {SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, ++ SECOND_FILE})); ++ ++ JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE); ++ ++ // sign jar with second key ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-keystore", BOTH_KEYS_KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ UPDATED_SIGNED_JARFILE, ++ SECOND_KEY_ALIAS); ++ ++ checkSigning(analyzer); ++ ++ // create keystore that contains only first key ++ ProcessTools.executeCommand(KEYTOOL, ++ "-importkeystore", ++ "-srckeystore", BOTH_KEYS_KEYSTORE, ++ "-srcalias", FIRST_KEY_ALIAS, ++ "-srcstorepass", PASSWORD, ++ "-srckeypass", PASSWORD, ++ "-destkeystore", FIRST_KEY_KEYSTORE, ++ "-destalias", FIRST_KEY_ALIAS, ++ "-deststorepass", PASSWORD, ++ "-destkeypass", PASSWORD).shouldHaveExitValue(0); ++ ++ // verify jar with keystore that contains only first key in strict mode, ++ // so there is signed entry (FirstClass.class) that is not signed ++ // by any alias in the keystore ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-verbose", ++ "-keystore", FIRST_KEY_KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ UPDATED_SIGNED_JARFILE); ++ ++ checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING, ++ ALIAS_NOT_IN_STORE_VERIFYING_WARNING); ++ ++ // verify jar with keystore that contains only first key in strict mode ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-verbose", ++ "-strict", ++ "-keystore", FIRST_KEY_KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ UPDATED_SIGNED_JARFILE); ++ ++ int expectedExitCode = ALIAS_NOT_IN_STORE_EXIT_CODE ++ + CHAIN_NOT_VALIDATED_EXIT_CODE; ++ checkVerifying(analyzer, expectedExitCode, ++ CHAIN_NOT_VALIDATED_VERIFYING_WARNING, ++ ALIAS_NOT_IN_STORE_VERIFYING_WARNING); ++ ++ System.out.println("Test passed"); ++ } ++ ++} +diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/BadExtendedKeyUsageTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/BadExtendedKeyUsageTest.java +new file mode 100644 +index 0000000..a8c3c8a +--- /dev/null ++++ openjdk/jdk/test/sun/security/tools/jarsigner/warnings/BadExtendedKeyUsageTest.java +@@ -0,0 +1,106 @@ ++/* ++ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import jdk.testlibrary.OutputAnalyzer; ++import jdk.testlibrary.ProcessTools; ++import jdk.testlibrary.JarUtils; ++ ++/** ++ * @test ++ * @bug 8024302 8026037 ++ * @summary Test for badExtendedKeyUsage warning ++ * @library /lib/testlibrary ../ ++ * @run main BadExtendedKeyUsageTest ++ */ ++public class BadExtendedKeyUsageTest extends Test { ++ ++ /** ++ * The test signs and verifies a jar that contains entries ++ * whose signer certificate's ExtendedKeyUsage extension ++ * doesn't allow code signing (badExtendedKeyUsage). ++ * Warning message is expected. ++ */ ++ public static void main(String[] args) throws Throwable { ++ BadExtendedKeyUsageTest test = new BadExtendedKeyUsageTest(); ++ test.start(); ++ } ++ ++ private void start() throws Throwable { ++ // create a jar file that contains one class file ++ Utils.createFiles(FIRST_FILE); ++ JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); ++ ++ // create a certificate whose signer certificate's ++ // ExtendedKeyUsage extension doesn't allow code signing ++ ProcessTools.executeCommand(KEYTOOL, ++ "-genkey", ++ "-alias", KEY_ALIAS, ++ "-keyalg", KEY_ALG, ++ "-keysize", Integer.toString(KEY_SIZE), ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-dname", "CN=Test", ++ "-ext", "ExtendedkeyUsage=serverAuth", ++ "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); ++ ++ // sign jar ++ OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verbose", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-signedjar", SIGNED_JARFILE, ++ UNSIGNED_JARFILE, ++ KEY_ALIAS); ++ ++ checkSigning(analyzer, BAD_EXTENDED_KEY_USAGE_SIGNING_WARNING); ++ ++ // verify signed jar ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-verbose", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ SIGNED_JARFILE); ++ ++ checkVerifying(analyzer, 0, BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING); ++ ++ // verity signed jar in strict mode ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-verbose", ++ "-strict", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ SIGNED_JARFILE); ++ ++ checkVerifying(analyzer, BAD_EXTENDED_KEY_USAGE_EXIT_CODE, ++ BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING); ++ ++ System.out.println("Test passed"); ++ } ++ ++} +diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java +new file mode 100644 +index 0000000..fd37eb9 +--- /dev/null ++++ openjdk/jdk/test/sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java +@@ -0,0 +1,107 @@ ++/* ++ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import jdk.testlibrary.OutputAnalyzer; ++import jdk.testlibrary.ProcessTools; ++import jdk.testlibrary.JarUtils; ++ ++/** ++ * @test ++ * @bug 8024302 8026037 ++ * @summary Test for badKeyUsage warning ++ * @library /lib/testlibrary ../ ++ * @ignore until 8026393 is fixed ++ * @run main BadKeyUsageTest ++ */ ++public class BadKeyUsageTest extends Test { ++ ++ /** ++ * The test signs and verifies a jar that contains entries ++ * whose signer certificate's KeyUsage extension ++ * doesn't allow code signing (badKeyUsage). ++ * Warning message is expected. ++ */ ++ public static void main(String[] args) throws Throwable { ++ BadKeyUsageTest test = new BadKeyUsageTest(); ++ test.start(); ++ } ++ ++ private void start() throws Throwable { ++ // create a jar file that contains one class file ++ Utils.createFiles(FIRST_FILE); ++ JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); ++ ++ // create a certificate whose signer certificate's KeyUsage extension ++ // doesn't allow code signing ++ ProcessTools.executeCommand(KEYTOOL, ++ "-genkey", ++ "-alias", KEY_ALIAS, ++ "-keyalg", KEY_ALG, ++ "-keysize", Integer.toString(KEY_SIZE), ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-dname", "CN=Test", ++ "-ext", "KeyUsage=keyAgreement", ++ "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); ++ ++ // sign jar ++ OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verbose", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-signedjar", SIGNED_JARFILE, ++ UNSIGNED_JARFILE, ++ KEY_ALIAS); ++ ++ checkSigning(analyzer, BAD_KEY_USAGE_SIGNING_WARNING); ++ ++ // verify signed jar ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-verbose", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ SIGNED_JARFILE); ++ ++ checkVerifying(analyzer, 0, BAD_KEY_USAGE_VERIFYING_WARNING); ++ ++ // verify signed jar in strict mode ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-verbose", ++ "-strict", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ SIGNED_JARFILE); ++ ++ checkVerifying(analyzer, BAD_KEY_USAGE_EXIT_CODE, ++ BAD_KEY_USAGE_VERIFYING_WARNING); ++ ++ System.out.println("Test passed"); ++ } ++ ++} +diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/BadNetscapeCertTypeTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/BadNetscapeCertTypeTest.java +new file mode 100644 +index 0000000..e2e8086 +--- /dev/null ++++ openjdk/jdk/test/sun/security/tools/jarsigner/warnings/BadNetscapeCertTypeTest.java +@@ -0,0 +1,108 @@ ++/* ++ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import jdk.testlibrary.OutputAnalyzer; ++import jdk.testlibrary.ProcessTools; ++import jdk.testlibrary.JarUtils; ++ ++import java.nio.file.Files; ++import java.nio.file.Paths; ++import java.util.Base64; ++ ++/** ++ * @test ++ * @bug 8024302 8026037 ++ * @summary Test for badNetscapeCertType warning ++ * @library /lib/testlibrary ../ ++ * @run main BadNetscapeCertTypeTest ++ */ ++public class BadNetscapeCertTypeTest extends Test { ++ ++ private static final String NETSCAPE_KEYSTORE_BASE64 = TEST_SOURCES + FS ++ + "bad_netscape_cert_type.jks.base64"; ++ ++ private static final String NETSCAPE_KEYSTORE ++ = "bad_netscape_cert_type.jks"; ++ ++ /** ++ * The test signs and verifies a jar that contains entries ++ * whose signer certificate's NetscapeCertType extension ++ * doesn't allow code signing (badNetscapeCertType). ++ * Warning message is expected. ++ * Run bad_netscape_cert_type.sh script to create bad_netscape_cert_type.jks ++ */ ++ public static void main(String[] args) throws Throwable { ++ ++ Files.write(Paths.get(NETSCAPE_KEYSTORE), ++ Base64.getMimeDecoder().decode( ++ Files.readAllBytes(Paths.get(NETSCAPE_KEYSTORE_BASE64)))); ++ ++ BadNetscapeCertTypeTest test = new BadNetscapeCertTypeTest(); ++ test.start(); ++ } ++ ++ private void start() throws Throwable { ++ // create a jar file that contains one class file ++ Utils.createFiles(FIRST_FILE); ++ JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); ++ ++ // sign jar ++ OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verbose", ++ "-keystore", NETSCAPE_KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-signedjar", SIGNED_JARFILE, ++ UNSIGNED_JARFILE, ++ KEY_ALIAS); ++ ++ checkSigning(analyzer, BAD_NETSCAPE_CERT_TYPE_SIGNING_WARNING); ++ ++ // verify signed jar ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-verbose", ++ "-keystore", NETSCAPE_KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ SIGNED_JARFILE); ++ ++ checkVerifying(analyzer, 0, BAD_NETSCAPE_CERT_TYPE_VERIFYING_WARNING); ++ ++ // verify signed jar in strict mode ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-verbose", ++ "-strict", ++ "-keystore", NETSCAPE_KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ SIGNED_JARFILE); ++ ++ checkVerifying(analyzer, BAD_NETSCAPE_CERT_TYPE_EXIT_CODE, ++ BAD_NETSCAPE_CERT_TYPE_VERIFYING_WARNING); ++ ++ System.out.println("Test passed"); ++ } ++ ++} +diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/ChainNotValidatedTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/ChainNotValidatedTest.java +new file mode 100644 +index 0000000..21f0979 +--- /dev/null ++++ openjdk/jdk/test/sun/security/tools/jarsigner/warnings/ChainNotValidatedTest.java +@@ -0,0 +1,180 @@ ++/* ++ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import java.io.File; ++import jdk.testlibrary.OutputAnalyzer; ++import jdk.testlibrary.ProcessTools; ++import jdk.testlibrary.JarUtils; ++ ++/** ++ * @test ++ * @bug 8024302 8026037 ++ * @summary Test for chainNotValidated warning ++ * @library /lib/testlibrary ../ ++ * @run main ChainNotValidatedTest ++ */ ++public class ChainNotValidatedTest extends Test { ++ ++ private static final String CHAIN = "chain"; ++ ++ /** ++ * The test signs and verifies a jar that contains entries ++ * whose cert chain can't be correctly validated (chainNotValidated). ++ * Warning message is expected. ++ */ ++ public static void main(String[] args) throws Throwable { ++ ChainNotValidatedTest test = new ChainNotValidatedTest(); ++ test.start(); ++ } ++ ++ private void start() throws Throwable { ++ // create a jar file that contains one class file ++ Utils.createFiles(FIRST_FILE); ++ JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); ++ ++ // create self-signed certificate whose BasicConstraints extension ++ // is set to false, so the certificate may not be used ++ // as a parent certificate (certpath validation should fail) ++ ProcessTools.executeCommand(KEYTOOL, ++ "-genkeypair", ++ "-alias", CA_KEY_ALIAS, ++ "-keyalg", KEY_ALG, ++ "-keysize", Integer.toString(KEY_SIZE), ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-dname", "CN=CA", ++ "-ext", "BasicConstraints:critical=ca:false", ++ "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); ++ ++ // create a certificate that is signed by self-signed certificate ++ // despite of it may not be used as a parent certificate ++ // (certpath validation should fail) ++ ProcessTools.executeCommand(KEYTOOL, ++ "-genkeypair", ++ "-alias", KEY_ALIAS, ++ "-keyalg", KEY_ALG, ++ "-keysize", Integer.toString(KEY_SIZE), ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-dname", "CN=Test", ++ "-ext", "BasicConstraints:critical=ca:false", ++ "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); ++ ++ ProcessTools.executeCommand(KEYTOOL, ++ "-certreq", ++ "-alias", KEY_ALIAS, ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-file", CERT_REQUEST_FILENAME).shouldHaveExitValue(0); ++ ++ ProcessTools.executeCommand(KEYTOOL, ++ "-gencert", ++ "-alias", CA_KEY_ALIAS, ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-infile", CERT_REQUEST_FILENAME, ++ "-validity", Integer.toString(VALIDITY), ++ "-outfile", CERT_FILENAME).shouldHaveExitValue(0); ++ ++ ProcessTools.executeCommand(KEYTOOL, ++ "-importcert", ++ "-alias", KEY_ALIAS, ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-file", CERT_FILENAME).shouldHaveExitValue(0); ++ ++ ProcessBuilder pb = new ProcessBuilder(KEYTOOL, ++ "-export", ++ "-rfc", ++ "-alias", KEY_ALIAS, ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD); ++ pb.redirectOutput(ProcessBuilder.Redirect.appendTo(new File(CHAIN))); ++ ProcessTools.executeCommand(pb).shouldHaveExitValue(0); ++ ++ pb = new ProcessBuilder(KEYTOOL, ++ "-export", ++ "-rfc", ++ "-alias", CA_KEY_ALIAS, ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD); ++ pb.redirectOutput(ProcessBuilder.Redirect.appendTo(new File(CHAIN))); ++ ProcessTools.executeCommand(pb).shouldHaveExitValue(0); ++ ++ // remove CA certificate ++ ProcessTools.executeCommand(KEYTOOL, ++ "-delete", ++ "-alias", CA_KEY_ALIAS, ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD).shouldHaveExitValue(0); ++ ++ // sign jar ++ OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-certchain", CHAIN, ++ "-signedjar", SIGNED_JARFILE, ++ UNSIGNED_JARFILE, ++ KEY_ALIAS); ++ ++ checkSigning(analyzer, CHAIN_NOT_VALIDATED_SIGNING_WARNING); ++ ++ // verify signed jar ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-verbose", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-certchain", CHAIN, ++ SIGNED_JARFILE); ++ ++ checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING); ++ ++ // verify signed jar in strict mode ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-verbose", ++ "-strict", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-certchain", CHAIN, ++ SIGNED_JARFILE); ++ ++ checkVerifying(analyzer, CHAIN_NOT_VALIDATED_EXIT_CODE, ++ CHAIN_NOT_VALIDATED_VERIFYING_WARNING); ++ ++ System.out.println("Test passed"); ++ } ++ ++} +diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/HasExpiredCertTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/HasExpiredCertTest.java +new file mode 100644 +index 0000000..ccb8e91 +--- /dev/null ++++ openjdk/jdk/test/sun/security/tools/jarsigner/warnings/HasExpiredCertTest.java +@@ -0,0 +1,104 @@ ++/* ++ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import jdk.testlibrary.OutputAnalyzer; ++import jdk.testlibrary.ProcessTools; ++import jdk.testlibrary.JarUtils; ++ ++/** ++ * @test ++ * @bug 8024302 8026037 ++ * @summary Test for hasExpiredCert warning ++ * @library /lib/testlibrary ../ ++ * @run main HasExpiredCertTest ++ */ ++public class HasExpiredCertTest extends Test { ++ ++ static final int SHORT_VALIDITY = 365; ++ ++ /** ++ * The test signs and verifies a jar that contains entries ++ * whose signer certificate has expired (hasExpiredCert). ++ * Warning message is expected. ++ */ ++ public static void main(String[] args) throws Throwable { ++ HasExpiredCertTest test = new HasExpiredCertTest(); ++ test.start(); ++ } ++ ++ private void start() throws Throwable { ++ // create a jar file that contains one class file ++ Utils.createFiles(FIRST_FILE); ++ JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); ++ ++ // create key pair for jar signing ++ ProcessTools.executeCommand(KEYTOOL, ++ "-genkey", ++ "-alias", KEY_ALIAS, ++ "-keyalg", KEY_ALG, ++ "-keysize", Integer.toString(KEY_SIZE), ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-dname", "CN=Test", ++ "-startdate", "-" + SHORT_VALIDITY * 2 + "d", ++ "-validity", Integer.toString(SHORT_VALIDITY)) ++ .shouldHaveExitValue(0); ++ ++ // sign jar ++ OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-signedjar", SIGNED_JARFILE, ++ UNSIGNED_JARFILE, ++ KEY_ALIAS); ++ ++ checkSigning(analyzer, HAS_EXPIRED_CERT_SIGNING_WARNING); ++ ++ // verify signed jar ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-verbose", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ SIGNED_JARFILE); ++ ++ checkVerifying(analyzer, 0, HAS_EXPIRED_CERT_VERIFYING_WARNING); ++ ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-strict", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ SIGNED_JARFILE); ++ ++ checkVerifying(analyzer, HAS_EXPIRED_CERT_EXIT_CODE, ++ HAS_EXPIRED_CERT_VERIFYING_WARNING); ++ ++ System.out.println("Test passed"); ++ } ++ ++} +diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/HasExpiringCertTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/HasExpiringCertTest.java +new file mode 100644 +index 0000000..f34148e +--- /dev/null ++++ openjdk/jdk/test/sun/security/tools/jarsigner/warnings/HasExpiringCertTest.java +@@ -0,0 +1,107 @@ ++/* ++ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import jdk.testlibrary.OutputAnalyzer; ++import jdk.testlibrary.ProcessTools; ++import jdk.testlibrary.JarUtils; ++ ++/** ++ * @test ++ * @bug 8024302 8026037 ++ * @summary Test for hasExpiringCert warning ++ * @library /lib/testlibrary ../ ++ * @run main HasExpiringCertTest ++ */ ++public class HasExpiringCertTest extends Test { ++ ++ static final int SHORT_VALIDITY = 90; // less than 6 month ++ ++ /** ++ * The test signs and verifies a jar that contains entries ++ * whose signer certificate will expire within six months (hasExpiringCert). ++ * Warning message is expected. ++ */ ++ public static void main(String[] args) throws Throwable { ++ HasExpiringCertTest test = new HasExpiringCertTest(); ++ test.start(); ++ } ++ ++ private void start() throws Throwable { ++ // create a jar file that contains one class file ++ Utils.createFiles(FIRST_FILE); ++ JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); ++ ++ // create key pair for jar signing ++ ProcessTools.executeCommand(KEYTOOL, ++ "-genkey", ++ "-alias", KEY_ALIAS, ++ "-keyalg", KEY_ALG, ++ "-keysize", Integer.toString(KEY_SIZE), ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-dname", "CN=Test", ++ "-validity", Integer.toString(SHORT_VALIDITY)) ++ .shouldHaveExitValue(0); ++ ++ // sign jar ++ OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-keystore", KEYSTORE, ++ "-verbose", ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-signedjar", SIGNED_JARFILE, ++ UNSIGNED_JARFILE, ++ KEY_ALIAS); ++ ++ checkSigning(analyzer, HAS_EXPIRING_CERT_SIGNING_WARNING); ++ ++ // verify signed jar ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-verbose", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ SIGNED_JARFILE, ++ KEY_ALIAS); ++ ++ checkVerifying(analyzer, 0, HAS_EXPIRING_CERT_VERIFYING_WARNING); ++ ++ // verify signed jar in strict mode ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-verbose", ++ "-strict", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ SIGNED_JARFILE, ++ KEY_ALIAS); ++ ++ checkVerifying(analyzer, 0, HAS_EXPIRING_CERT_VERIFYING_WARNING); ++ ++ System.out.println("Test passed"); ++ } ++ ++} +diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/HasUnsignedEntryTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/HasUnsignedEntryTest.java +new file mode 100644 +index 0000000..e71feb3 +--- /dev/null ++++ openjdk/jdk/test/sun/security/tools/jarsigner/warnings/HasUnsignedEntryTest.java +@@ -0,0 +1,111 @@ ++/* ++ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import jdk.testlibrary.OutputAnalyzer; ++import jdk.testlibrary.ProcessTools; ++import jdk.testlibrary.JarUtils; ++ ++/** ++ * @test ++ * @bug 8024302 8026037 ++ * @summary Test for hasUnsignedEntry warning ++ * @library /lib/testlibrary ../ ++ * @run main HasUnsignedEntryTest ++ */ ++public class HasUnsignedEntryTest extends Test { ++ ++ /** ++ * The test signs and verifies a jar that contains unsigned entries ++ * which have not been integrity-checked (hasUnsignedEntry). ++ * Warning message is expected. ++ */ ++ public static void main(String[] args) throws Throwable { ++ HasUnsignedEntryTest test = new HasUnsignedEntryTest(); ++ test.start(); ++ } ++ ++ private void start() throws Throwable { ++ System.out.println(String.format("Create a %s that contains %s", ++ UNSIGNED_JARFILE, FIRST_FILE)); ++ Utils.createFiles(FIRST_FILE, SECOND_FILE); ++ JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); ++ ++ // create key pair for signing ++ ProcessTools.executeCommand(KEYTOOL, ++ "-genkey", ++ "-alias", KEY_ALIAS, ++ "-keyalg", KEY_ALG, ++ "-keysize", Integer.toString(KEY_SIZE), ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-dname", "CN=Test", ++ "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); ++ ++ // sign jar ++ OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verbose", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-signedjar", SIGNED_JARFILE, ++ UNSIGNED_JARFILE, ++ KEY_ALIAS); ++ ++ checkSigning(analyzer); ++ ++ System.out.println(String.format("Copy %s to %s, and add %s.class, " ++ + "so it contains unsigned entry", ++ new Object[]{SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, ++ SECOND_FILE})); ++ ++ JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE); ++ ++ // verify jar ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-verbose", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ UPDATED_SIGNED_JARFILE); ++ ++ checkVerifying(analyzer, 0, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING); ++ ++ // verify jar in strict mode ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-verbose", ++ "-strict", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ UPDATED_SIGNED_JARFILE); ++ ++ checkVerifying(analyzer, HAS_UNSIGNED_ENTRY_EXIT_CODE, ++ HAS_UNSIGNED_ENTRY_VERIFYING_WARNING); ++ ++ System.out.println("Test passed"); ++ } ++ ++} +diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/MultipleWarningsTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/MultipleWarningsTest.java +new file mode 100644 +index 0000000..677914c +--- /dev/null ++++ openjdk/jdk/test/sun/security/tools/jarsigner/warnings/MultipleWarningsTest.java +@@ -0,0 +1,169 @@ ++/* ++ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import jdk.testlibrary.OutputAnalyzer; ++import jdk.testlibrary.ProcessTools; ++import jdk.testlibrary.JarUtils; ++ ++/** ++ * @test ++ * @bug 8024302 8026037 ++ * @summary Checks if jarsigner prints appropriate warnings ++ * @library /lib/testlibrary ../ ++ * @run main MultipleWarningsTest ++ */ ++public class MultipleWarningsTest extends Test { ++ ++ /** ++ * The test signs and verifies a jar that: ++ * - contains entries whose signer certificate has expired ++ * - contains entries whose signer certificate's ExtendedKeyUsage ++ * extension doesn't allow code signing ++ * - contains unsigned entries which have not been integrity-checked ++ * - contains signed entries which are not signed by the specified alias ++ * Warning messages are expected. ++ */ ++ public static void main(String[] args) throws Throwable { ++ MultipleWarningsTest test = new MultipleWarningsTest(); ++ test.start(); ++ } ++ ++ private void start() throws Throwable { ++ Utils.createFiles(FIRST_FILE, SECOND_FILE); ++ ++ // create a jar file that contains one class file ++ JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); ++ ++ // create first expired certificate ++ // whose ExtendedKeyUsage extension does not allow code signing ++ ProcessTools.executeCommand(KEYTOOL, ++ "-genkey", ++ "-alias", FIRST_KEY_ALIAS, ++ "-keyalg", KEY_ALG, ++ "-keysize", Integer.toString(KEY_SIZE), ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-dname", "CN=First", ++ "-ext", "ExtendedkeyUsage=serverAuth", ++ "-startdate", "-" + VALIDITY * 2 + "d", ++ "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); ++ ++ // create second expired certificate ++ // whose KeyUsage extension does not allow code signing ++ ProcessTools.executeCommand(KEYTOOL, ++ "-genkey", ++ "-alias", SECOND_KEY_ALIAS, ++ "-keyalg", KEY_ALG, ++ "-keysize", Integer.toString(KEY_SIZE), ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-dname", "CN=Second", ++ "-ext", "ExtendedkeyUsage=serverAuth", ++ "-startdate", "-" + VALIDITY * 2 + "d", ++ "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); ++ ++ // sign jar with first key ++ OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-signedjar", SIGNED_JARFILE, ++ UNSIGNED_JARFILE, ++ FIRST_KEY_ALIAS); ++ ++ checkSigning(analyzer, HAS_EXPIRED_CERT_SIGNING_WARNING, ++ BAD_EXTENDED_KEY_USAGE_SIGNING_WARNING); ++ ++ // add a second class to created jar, so it contains unsigned entry ++ JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE); ++ ++ // verify jar with second key ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ UPDATED_SIGNED_JARFILE, ++ SECOND_KEY_ALIAS); ++ ++ checkVerifying(analyzer, 0, BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING, ++ HAS_EXPIRED_CERT_VERIFYING_WARNING, ++ HAS_UNSIGNED_ENTRY_VERIFYING_WARNING, ++ NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING); ++ ++ // verify jar with second key in strict mode ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-strict", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ UPDATED_SIGNED_JARFILE, ++ SECOND_KEY_ALIAS); ++ ++ int expectedExitCode = HAS_EXPIRED_CERT_EXIT_CODE ++ + BAD_EXTENDED_KEY_USAGE_EXIT_CODE ++ + HAS_UNSIGNED_ENTRY_EXIT_CODE ++ + NOT_SIGNED_BY_ALIAS_EXIT_CODE; ++ checkVerifying(analyzer, expectedExitCode, ++ BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING, ++ HAS_EXPIRED_CERT_VERIFYING_WARNING, ++ HAS_UNSIGNED_ENTRY_VERIFYING_WARNING, ++ NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING); ++ ++ // verify jar with non-exisiting alias ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ UPDATED_SIGNED_JARFILE, ++ "bogus"); ++ ++ checkVerifying(analyzer, 0, BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING, ++ HAS_EXPIRED_CERT_VERIFYING_WARNING, ++ HAS_UNSIGNED_ENTRY_VERIFYING_WARNING, ++ NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING); ++ ++ // verify jar with non-exisiting alias in strict mode ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-strict", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ UPDATED_SIGNED_JARFILE, ++ "bogus"); ++ ++ checkVerifying(analyzer, expectedExitCode, ++ BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING, ++ HAS_EXPIRED_CERT_VERIFYING_WARNING, ++ HAS_UNSIGNED_ENTRY_VERIFYING_WARNING, ++ NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING); ++ ++ System.out.println("Test passed"); ++ } ++ ++} +diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/NoTimestampTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/NoTimestampTest.java +new file mode 100644 +index 0000000..10b142a +--- /dev/null ++++ openjdk/jdk/test/sun/security/tools/jarsigner/warnings/NoTimestampTest.java +@@ -0,0 +1,114 @@ ++/* ++ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import java.util.Date; ++import jdk.testlibrary.OutputAnalyzer; ++import jdk.testlibrary.ProcessTools; ++import jdk.testlibrary.JarUtils; ++ ++/** ++ * @test ++ * @bug 8024302 8026037 ++ * @summary Checks warnings if -tsa and -tsacert options are not specified ++ * @library /lib/testlibrary ../ ++ * @run main NoTimestampTest ++ */ ++public class NoTimestampTest extends Test { ++ ++ /** ++ * The test signs and verifies a jar file without -tsa and -tsacert options, ++ * and checks that proper warnings are shown. ++ */ ++ public static void main(String[] args) throws Throwable { ++ NoTimestampTest test = new NoTimestampTest(); ++ test.start(); ++ } ++ ++ private void start() throws Throwable { ++ String timezone = System.getProperty("user.timezone"); ++ System.out.println(String.format("Timezone = %s", timezone)); ++ ++ // create a jar file that contains one class file ++ Utils.createFiles(FIRST_FILE); ++ JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); ++ ++ // calculate certificate expiration date ++ Date expirationDate = new Date(System.currentTimeMillis() + VALIDITY ++ * 24 * 60 * 60 * 1000L); ++ ++ // create key pair ++ ProcessTools.executeCommand(KEYTOOL, ++ "-genkey", ++ "-alias", KEY_ALIAS, ++ "-keyalg", KEY_ALG, ++ "-keysize", Integer.toString(KEY_SIZE), ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-dname", "CN=Test", ++ "-validity", Integer.toString(VALIDITY)); ++ ++ // sign jar file ++ OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-J-Duser.timezone=" + timezone, ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-signedjar", SIGNED_JARFILE, ++ UNSIGNED_JARFILE, ++ KEY_ALIAS); ++ ++ String warning = String.format(NO_TIMESTAMP_SIGNING_WARN_TEMPLATE, ++ expirationDate); ++ checkSigning(analyzer, warning); ++ ++ // verify signed jar ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-J-Duser.timezone=" + timezone, ++ "-verify", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ SIGNED_JARFILE, ++ KEY_ALIAS); ++ ++ warning = String.format(NO_TIMESTAMP_VERIFYING_WARN_TEMPLATE, expirationDate); ++ checkVerifying(analyzer, 0, warning); ++ ++ // verify signed jar in strict mode ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-J-Duser.timezone=" + timezone, ++ "-verify", ++ "-strict", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ SIGNED_JARFILE, ++ KEY_ALIAS); ++ ++ checkVerifying(analyzer, 0, warning); ++ ++ System.out.println("Test passed"); ++ } ++ ++} +diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/NotSignedByAliasTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/NotSignedByAliasTest.java +new file mode 100644 +index 0000000..40ef68e +--- /dev/null ++++ openjdk/jdk/test/sun/security/tools/jarsigner/warnings/NotSignedByAliasTest.java +@@ -0,0 +1,138 @@ ++/* ++ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import jdk.testlibrary.OutputAnalyzer; ++import jdk.testlibrary.ProcessTools; ++import jdk.testlibrary.JarUtils; ++ ++/** ++ * @test ++ * @bug 8024302 8026037 ++ * @summary Test for notSignedByAlias warning ++ * @library /lib/testlibrary ../ ++ * @run main NotSignedByAliasTest ++ */ ++public class NotSignedByAliasTest extends Test { ++ ++ /** ++ * The test signs and verifies a jar that contains signed entries ++ * which are not signed by the specified alias(es) (notSignedByAlias). ++ * Warning message is expected. ++ */ ++ public static void main(String[] args) throws Throwable { ++ NotSignedByAliasTest test = new NotSignedByAliasTest(); ++ test.start(); ++ } ++ ++ protected void start() throws Throwable { ++ // create a jar file that contains one class file ++ Utils.createFiles(FIRST_FILE); ++ JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); ++ ++ // create first key pair for signing ++ ProcessTools.executeCommand(KEYTOOL, ++ "-genkey", ++ "-alias", FIRST_KEY_ALIAS, ++ "-keyalg", KEY_ALG, ++ "-keysize", Integer.toString(KEY_SIZE), ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-dname", "CN=First", ++ "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); ++ ++ // create first key pair for signing ++ ProcessTools.executeCommand(KEYTOOL, ++ "-genkey", ++ "-alias", SECOND_KEY_ALIAS, ++ "-keyalg", KEY_ALG, ++ "-keysize", Integer.toString(KEY_SIZE), ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-dname", "CN=Second", ++ "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); ++ ++ // sign jar with first key ++ OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-signedjar", SIGNED_JARFILE, ++ UNSIGNED_JARFILE, ++ FIRST_KEY_ALIAS); ++ ++ checkSigning(analyzer); ++ ++ // verify jar with second key ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ SIGNED_JARFILE, ++ SECOND_KEY_ALIAS); ++ ++ checkVerifying(analyzer, 0, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING); ++ ++ // verify jar with second key in strict mode ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-strict", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ SIGNED_JARFILE, ++ SECOND_KEY_ALIAS); ++ ++ checkVerifying(analyzer, NOT_SIGNED_BY_ALIAS_EXIT_CODE, ++ NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING); ++ ++ // verify jar with non-existing alias ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ SIGNED_JARFILE, ++ "bogus"); ++ ++ checkVerifying(analyzer, 0, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING); ++ ++ // verify jar with non-existing alias in strict mode ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-strict", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ SIGNED_JARFILE, ++ "bogus"); ++ ++ checkVerifying(analyzer, NOT_SIGNED_BY_ALIAS_EXIT_CODE, ++ NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING); ++ ++ System.out.println("Test passed"); ++ } ++ ++} +diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/NotYetValidCertTest.java b/jdk/test/sun/security/tools/jarsigner/warnings/NotYetValidCertTest.java +new file mode 100644 +index 0000000..a75c278 +--- /dev/null ++++ openjdk/jdk/test/sun/security/tools/jarsigner/warnings/NotYetValidCertTest.java +@@ -0,0 +1,105 @@ ++/* ++ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import jdk.testlibrary.OutputAnalyzer; ++import jdk.testlibrary.ProcessTools; ++import jdk.testlibrary.JarUtils; ++ ++/** ++ * @test ++ * @bug 8024302 8026037 ++ * @summary Test for notYetValidCert warning ++ * @library /lib/testlibrary ../ ++ * @run main NotYetValidCertTest ++ */ ++public class NotYetValidCertTest extends Test { ++ ++ /** ++ * The test signs and verifies a jar that contains entries ++ * whose signer certificate is not yet valid (notYetValidCert). ++ * Warning message is expected. ++ */ ++ public static void main(String[] args) throws Throwable { ++ NotYetValidCertTest test = new NotYetValidCertTest(); ++ test.start(); ++ } ++ ++ protected void start() throws Throwable { ++ // create a jar file that contains one class file ++ Utils.createFiles(FIRST_FILE); ++ JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); ++ ++ // create certificate that will be valid only tomorrow ++ ProcessTools.executeCommand(KEYTOOL, ++ "-genkey", ++ "-alias", KEY_ALIAS, ++ "-keyalg", KEY_ALG, ++ "-keysize", Integer.toString(KEY_SIZE), ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-dname", "CN=Test", ++ "-startdate", "+1d", ++ "-validity", Integer.toString(VALIDITY)); ++ ++ // sign jar ++ OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ "-signedjar", SIGNED_JARFILE, ++ UNSIGNED_JARFILE, ++ KEY_ALIAS); ++ ++ checkSigning(analyzer, NOT_YET_VALID_CERT_SIGNING_WARNING); ++ ++ // verify signed jar ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-verbose", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ SIGNED_JARFILE, ++ KEY_ALIAS); ++ ++ checkVerifying(analyzer, 0, NOT_YET_VALID_CERT_VERIFYING_WARNING); ++ ++ // verify jar in strict mode ++ analyzer = ProcessTools.executeCommand(JARSIGNER, ++ "-verify", ++ "-verbose", ++ "-strict", ++ "-keystore", KEYSTORE, ++ "-storepass", PASSWORD, ++ "-keypass", PASSWORD, ++ SIGNED_JARFILE, ++ KEY_ALIAS); ++ ++ checkVerifying(analyzer, HAS_EXPIRED_CERT_EXIT_CODE, ++ NOT_YET_VALID_CERT_VERIFYING_WARNING); ++ ++ System.out.println("Test passed"); ++ } ++ ++} +diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/Test.java b/jdk/test/sun/security/tools/jarsigner/warnings/Test.java +new file mode 100644 +index 0000000..999789a +--- /dev/null ++++ openjdk/jdk/test/sun/security/tools/jarsigner/warnings/Test.java +@@ -0,0 +1,200 @@ ++/* ++ * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import jdk.testlibrary.OutputAnalyzer; ++import jdk.testlibrary.ProcessTools; ++ ++import java.util.ArrayList; ++import java.util.Arrays; ++import java.util.List; ++ ++/** ++ * Base class. ++ */ ++public abstract class Test { ++ ++ static final String TEST_SOURCES = System.getProperty("test.src", "."); ++ static final String TEST_CLASSES = System.getProperty("test.classes"); ++ static final String FS = System.getProperty("file.separator"); ++ static final String JAVA_HOME = System.getProperty("test.jdk"); ++ static final String KEYTOOL = JAVA_HOME + FS + "bin" + FS + "keytool"; ++ static final String JARSIGNER = JAVA_HOME + FS + "bin" + FS + "jarsigner"; ++ static final String UNSIGNED_JARFILE = "unsigned.jar"; ++ static final String SIGNED_JARFILE = "signed.jar"; ++ static final String UPDATED_SIGNED_JARFILE = "updated_signed.jar"; ++ static final String FIRST_FILE = "first.txt"; ++ static final String SECOND_FILE = "second.txt"; ++ static final String PASSWORD = "password"; ++ static final String BOTH_KEYS_KEYSTORE = "both_keys.jks"; ++ static final String FIRST_KEY_KEYSTORE = "first_key.jks"; ++ static final String KEYSTORE = "keystore.jks"; ++ static final String FIRST_KEY_ALIAS = "first"; ++ static final String SECOND_KEY_ALIAS = "second"; ++ static final String KEY_ALG = "RSA"; ++ static final String KEY_ALIAS = "alias"; ++ static final String CERT_REQUEST_FILENAME = "test.req"; ++ static final String CERT_FILENAME = "test.crt"; ++ static final String CA_KEY_ALIAS = "ca"; ++ static final int KEY_SIZE = 2048; ++ static final int TIMEOUT = 6 * 60 * 1000; // in millis ++ static final int VALIDITY = 365; ++ ++ static final String WARNING = "Warning:"; ++ ++ static final String CHAIN_NOT_VALIDATED_VERIFYING_WARNING ++ = "This jar contains entries " ++ + "whose certificate chain is not validated."; ++ ++ static final String ALIAS_NOT_IN_STORE_VERIFYING_WARNING ++ = "This jar contains signed entries " ++ + "that are not signed by alias in this keystore."; ++ ++ static final String BAD_EXTENDED_KEY_USAGE_SIGNING_WARNING ++ = "The signer certificate's ExtendedKeyUsage extension " ++ + "doesn't allow code signing."; ++ ++ static final String BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING ++ = "This jar contains entries whose signer certificate's " ++ + "ExtendedKeyUsage extension doesn't allow code signing."; ++ ++ static final String BAD_KEY_USAGE_SIGNING_WARNING ++ = "The signer certificate's KeyUsage extension " ++ + "doesn't allow code signing."; ++ ++ static final String BAD_KEY_USAGE_VERIFYING_WARNING ++ = "This jar contains entries whose signer certificate's KeyUsage " ++ + "extension doesn't allow code signing."; ++ ++ static final String BAD_NETSCAPE_CERT_TYPE_SIGNING_WARNING ++ = "The signer certificate's NetscapeCertType extension " ++ + "doesn't allow code signing."; ++ ++ static final String BAD_NETSCAPE_CERT_TYPE_VERIFYING_WARNING ++ = "This jar contains entries " ++ + "whose signer certificate's NetscapeCertType extension " ++ + "doesn't allow code signing."; ++ ++ static final String CHAIN_NOT_VALIDATED_SIGNING_WARNING ++ = "The signer's certificate chain is not validated."; ++ ++ static final String HAS_EXPIRING_CERT_SIGNING_WARNING ++ = "The signer certificate will expire within six months."; ++ ++ static final String HAS_EXPIRING_CERT_VERIFYING_WARNING ++ = "This jar contains entries " ++ + "whose signer certificate will expire within six months."; ++ ++ static final String HAS_EXPIRED_CERT_SIGNING_WARNING ++ = "The signer certificate has expired."; ++ ++ static final String HAS_EXPIRED_CERT_VERIFYING_WARNING ++ = "This jar contains entries whose signer certificate has expired."; ++ ++ static final String HAS_UNSIGNED_ENTRY_VERIFYING_WARNING ++ = "This jar contains unsigned entries " ++ + "which have not been integrity-checked."; ++ ++ static final String NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING ++ = "This jar contains signed entries " ++ + "which are not signed by the specified alias(es)."; ++ ++ static final String NO_TIMESTAMP_SIGNING_WARN_TEMPLATE ++ = "No -tsa or -tsacert is provided " ++ + "and this jar is not timestamped. " ++ + "Without a timestamp, users may not be able to validate this jar " ++ + "after the signer certificate's expiration date " ++ + "(%1$tY-%1$tm-%1$td) or after any future revocation date."; ++ ++ static final String NO_TIMESTAMP_VERIFYING_WARN_TEMPLATE ++ = "This jar contains signatures that does not include a timestamp. " ++ + "Without a timestamp, users may not be able to validate this jar " ++ + "after the signer certificate's expiration date " ++ + "(%1$tY-%1$tm-%1$td) or after any future revocation date."; ++ ++ static final String NOT_YET_VALID_CERT_SIGNING_WARNING ++ = "The signer certificate is not yet valid."; ++ ++ static final String NOT_YET_VALID_CERT_VERIFYING_WARNING ++ = "This jar contains entries " ++ + "whose signer certificate is not yet valid."; ++ ++ static final String JAR_SIGNED = "jar signed."; ++ ++ static final String JAR_VERIFIED = "jar verified."; ++ ++ static final String JAR_VERIFIED_WITH_SIGNER_ERRORS ++ = "jar verified, with signer errors."; ++ ++ static final int CHAIN_NOT_VALIDATED_EXIT_CODE = 4; ++ static final int HAS_EXPIRED_CERT_EXIT_CODE = 4; ++ static final int BAD_KEY_USAGE_EXIT_CODE = 8; ++ static final int BAD_EXTENDED_KEY_USAGE_EXIT_CODE = 8; ++ static final int BAD_NETSCAPE_CERT_TYPE_EXIT_CODE = 8; ++ static final int HAS_UNSIGNED_ENTRY_EXIT_CODE = 16; ++ static final int ALIAS_NOT_IN_STORE_EXIT_CODE = 32; ++ static final int NOT_SIGNED_BY_ALIAS_EXIT_CODE = 32; ++ ++ protected void checkVerifying(OutputAnalyzer analyzer, int expectedExitCode, ++ String... warnings) { ++ analyzer.shouldHaveExitValue(expectedExitCode); ++ for (String warning : warnings) { ++ analyzer.shouldContain(warning); ++ } ++ if (warnings.length > 0) { ++ analyzer.shouldContain(WARNING); ++ } ++ if (expectedExitCode == 0) { ++ analyzer.shouldContain(JAR_VERIFIED); ++ } else { ++ analyzer.shouldContain(JAR_VERIFIED_WITH_SIGNER_ERRORS); ++ } ++ } ++ ++ protected void checkSigning(OutputAnalyzer analyzer, String... warnings) { ++ analyzer.shouldHaveExitValue(0); ++ for (String warning : warnings) { ++ analyzer.shouldContain(warning); ++ } ++ if (warnings.length > 0) { ++ analyzer.shouldContain(WARNING); ++ } ++ analyzer.shouldContain(JAR_SIGNED); ++ } ++ ++ protected OutputAnalyzer keytool(String... cmd) throws Throwable { ++ return tool(KEYTOOL, cmd); ++ } ++ ++ protected OutputAnalyzer jarsigner(String... cmd) throws Throwable { ++ return tool(JARSIGNER, cmd); ++ } ++ ++ private OutputAnalyzer tool(String tool, String... args) throws Throwable { ++ List cmd = new ArrayList<>(); ++ cmd.add(tool); ++ cmd.add("-J-Duser.language=en"); ++ cmd.add("-J-Duser.country=US"); ++ cmd.addAll(Arrays.asList(args)); ++ return ProcessTools.executeCommand(cmd.toArray(new String[cmd.size()])); ++ } ++} +diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.jks.base64 b/jdk/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.jks.base64 +new file mode 100644 +index 0000000..756d5ff +--- /dev/null ++++ openjdk/jdk/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.jks.base64 +@@ -0,0 +1,26 @@ ++/u3+7QAAAAIAAAABAAAAAQAFYWxpYXMAAAFBpkwW0gAAAr0wggK5MA4GCisGAQQB ++KgIRAQEFAASCAqWkGJ3PPjYmWNKrV23Y1u413RMAkrRZ+1OLWYRcQt4jtxtIyEH5 ++Ho5b9dy9XN9FBKlTOD4c2Pc1T43BLKXeuLu3uLLeIxgXFt0z9CLyGwdYZZ751kXr ++DQ99qY6aNQUO6SeE4Wdty0KPAqid6ZJ8bF7T6wsTZSvNhaBRzyFydEfG7bbUYjOl ++mWC44nlsu6VEU3o9RQpcm1gIMwradOaIVT/HoB2bKmAv8gHqI6kreiEZwTdZkSAI ++IRi2vt1RPllXt5hgjDxUfZe8XOYYweR4Vt2/jVuKLJ80DNTu/9SeUD88zQAz53k4 ++r3nRhv6TRcPm6tV/Fh92XLHiskL+TAzTfm+bUAudPCCVxN+yRtxvAgA+UhdV/SuM ++Zn5F6nrmP+YJG1hmprgCJIJJaCEXa9RXYC+vIVpO0WVNRuGlGm+/1afnOuQC8Wss ++ShXwjkaqTwAhqBFq7eYmmP8BK3gflYrt2zDLXvhl4ndVvMhMthFJ3ZvLh2LWpqLI ++/n8EMCf8US3lIEFk9DTHBZjffiHkqK2e7+FXEpG3xrgE6ZYLMdbd5Pb3YjZfhQx+ ++ZTtiEFzYSaEGhacek/m7dRq1qmwgFsytng2OdWZe2ln8LJY0odr1dGUfJHfgafvi ++tlfbkg/rgjONtwliChDggbkUwnerrj/D/zrdEufUvfyltSshhHXRNDD3fH6spmEk ++hHKgxEc4yvxqJxzdMGtuib355aSfNegyl+GsnsKzXQCVEK2h3BLTQObzaD+8NZ12 ++LQHvbrCiaS34vxJ3rEC+a+SW7itZp0aCdXMWdMJNkRKqyLBD3vG3zN05sN3XrhEM ++8BRT020TWY00tbVFbbBFheYLQRgTjrQtr0Yt6UHWBZc4N20crDLcSH5gqcCOVpla ++1Y2uqFEn8yqrGRwn/kgfNgAAAAEABVguNTA5AAABtTCCAbEwggEaoAMCAQICCQDH ++cEuVvzCuqzANBgkqhkiG9w0BAQUFADAPMQ0wCwYDVQQDDARUZXN0MB4XDTEzMTAx ++MTA2NTUwNloXDTIzMTAwOTA2NTUwNlowDzENMAsGA1UEAwwEVGVzdDCBnzANBgkq ++hkiG9w0BAQEFAAOBjQAwgYkCgYEA8hOfp2Dcnvt//ZZQAja9TRiwKqXVS+TiYE3S ++gngCBjIi+YYdo0DsUeO5MBfE6uvCWOr5lwAR/u1iaJOhIoGJDiGoPasZlt+yIgtR ++LzA7j2q+1q6kcwiVxfikI3aUgHV/QsybTriT4Bf7TQNKtJG23MQa4sD7+PjtCWD7 ++p3cHTfkCAwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgeAMA0GCSqGSIb3DQEBBQUA ++A4GBAKoDlTJ8wLRA7G8XdGm4gv733n1cSQzlkcsjfOO6/mA5Jvu8tyFNq9HTf9AT ++VXbrbGcUYJjhzSSY3w5apXK1kXyqTB1LUNEJ45WnmciqSSecVTpJz9TuegyoX0Zf ++HScSgqfDmjqoiiFiNCgn3ZEJ85ykGvoFYGH+php+BVi3S0bj5E/jRpyV3vNnii/S ++wJDSAXF6bYU= +diff --git a/jdk/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.sh b/jdk/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.sh +new file mode 100644 +index 0000000..49fe91e +--- /dev/null ++++ openjdk/jdk/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.sh +@@ -0,0 +1,48 @@ ++# ++# Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. ++# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++# ++# This code is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License version 2 only, as ++# published by the Free Software Foundation. ++# ++# This code is distributed in the hope that it will be useful, but WITHOUT ++# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++# version 2 for more details (a copy is included in the LICENSE file that ++# accompanied this code). ++# ++# You should have received a copy of the GNU General Public License version ++# 2 along with this work; if not, write to the Free Software Foundation, ++# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++# ++# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++# or visit www.oracle.com if you need additional information or have any ++# questions. ++# ++ ++#!/bin/sh ++ ++# This script creates JKS keystore with a certificate ++# that contains Netscape Certificate Type extension ++# that does not allow code signing ++# The keystore is used by BadNetscapeCertTypeTest.java test ++ ++rm -rf keystore.jks ++echo "nsCertType = client" > ext.cfg ++ ++openssl req -new -out cert.req -keyout key.pem -days 3650 \ ++ -passin pass:password -passout pass:password -subj "/CN=Test" ++openssl x509 -in cert.req -out cert.pem -req -signkey key.pem -days 3650 \ ++ -passin pass:password -extfile ext.cfg ++openssl pkcs12 -export -in cert.pem -inkey key.pem -out keystore.p12 \ ++ -passin pass:password -passout pass:password -name alias ++ ++${JAVA_HOME}/bin/keytool -importkeystore \ ++ -srckeystore keystore.p12 -srcstoretype pkcs12 \ ++ -srcstorepass password -alias alias \ ++ -destkeystore bad_netscape_cert_type.jks -deststoretype jks \ ++ -deststorepass password -destalias alias \ ++ ++openssl base64 < bad_netscape_cert_type.jks > bad_netscape_cert_type.jks.base64 ++rm -rf cert.req key.pem cert.pem keystore.p12 ext.cfg bad_netscape_cert_type.jks +diff --git a/jdk/test/sun/util/calendar/zi/tzdata/VERSION b/jdk/test/sun/util/calendar/zi/tzdata/VERSION +index 5aaf0c5..6bf3661 100644 +--- openjdk/jdk/test/sun/util/calendar/zi/tzdata/VERSION ++++ openjdk/jdk/test/sun/util/calendar/zi/tzdata/VERSION +@@ -21,4 +21,4 @@ + # or visit www.oracle.com if you need additional information or have any + # questions. + # +-tzdata2016d ++tzdata2016f +diff --git a/jdk/test/sun/util/calendar/zi/tzdata/africa b/jdk/test/sun/util/calendar/zi/tzdata/africa +index 00150c6..b523dc3 100644 +--- openjdk/jdk/test/sun/util/calendar/zi/tzdata/africa ++++ openjdk/jdk/test/sun/util/calendar/zi/tzdata/africa +@@ -366,6 +366,12 @@ Rule Egypt 2007 only - Sep Thu>=1 24:00 0 - + # decision to abandon DST permanently. See Ahram Online 2015-04-24. + # http://english.ahram.org.eg/NewsContent/1/64/128509/Egypt/Politics-/Sisi-cancels-daylight-saving-time-in-Egypt.aspx + ++# From Steffen Thorsen (2016-04-29): ++# Egypt will have DST from July 7 until the end of October.... ++# http://english.ahram.org.eg/NewsContentP/1/204655/Egypt/Daylight-savings-time-returning-to-Egypt-on--July.aspx ++# From Mina Samuel (2016-07-04): ++# Egyptian government took the decision to cancel the DST, ++ + Rule Egypt 2008 only - Aug lastThu 24:00 0 - + Rule Egypt 2009 only - Aug 20 24:00 0 - + Rule Egypt 2010 only - Aug 10 24:00 0 - +@@ -881,11 +887,11 @@ Rule Morocco 2009 only - Aug 21 0:00 0 - + Rule Morocco 2010 only - May 2 0:00 1:00 S + Rule Morocco 2010 only - Aug 8 0:00 0 - + Rule Morocco 2011 only - Apr 3 0:00 1:00 S +-Rule Morocco 2011 only - Jul 31 0 0 - ++Rule Morocco 2011 only - Jul 31 0:00 0 - + Rule Morocco 2012 2013 - Apr lastSun 2:00 1:00 S +-Rule Morocco 2012 only - Sep 30 3:00 0 - + Rule Morocco 2012 only - Jul 20 3:00 0 - + Rule Morocco 2012 only - Aug 20 2:00 1:00 S ++Rule Morocco 2012 only - Sep 30 3:00 0 - + Rule Morocco 2013 only - Jul 7 3:00 0 - + Rule Morocco 2013 only - Aug 10 2:00 1:00 S + Rule Morocco 2013 max - Oct lastSun 3:00 0 - +diff --git a/jdk/test/sun/util/calendar/zi/tzdata/antarctica b/jdk/test/sun/util/calendar/zi/tzdata/antarctica +index 102b496..e12c764 100644 +--- openjdk/jdk/test/sun/util/calendar/zi/tzdata/antarctica ++++ openjdk/jdk/test/sun/util/calendar/zi/tzdata/antarctica +@@ -36,7 +36,7 @@ + # + # Except for the French entries, + # I made up all time zone abbreviations mentioned here; corrections welcome! +-# FORMAT is 'zzz' and GMTOFF is 0 for locations while uninhabited. ++# FORMAT is '-00' and GMTOFF is 0 for locations while uninhabited. + + # Argentina - year-round bases + # Belgrano II, Confin Coast, -770227-0343737, since 1972-02-05 +@@ -90,22 +90,22 @@ + # http://www.timeanddate.com/news/time/antartica-time-changes-2010.html + + # Zone NAME GMTOFF RULES FORMAT [UNTIL] +-Zone Antarctica/Casey 0 - zzz 1969 ++Zone Antarctica/Casey 0 - -00 1969 + 8:00 - AWST 2009 Oct 18 2:00 + # Australian Western Std Time + 11:00 - CAST 2010 Mar 5 2:00 # Casey Time + 8:00 - AWST 2011 Oct 28 2:00 + 11:00 - CAST 2012 Feb 21 17:00u + 8:00 - AWST +-Zone Antarctica/Davis 0 - zzz 1957 Jan 13 ++Zone Antarctica/Davis 0 - -00 1957 Jan 13 + 7:00 - DAVT 1964 Nov # Davis Time +- 0 - zzz 1969 Feb ++ 0 - -00 1969 Feb + 7:00 - DAVT 2009 Oct 18 2:00 + 5:00 - DAVT 2010 Mar 10 20:00u + 7:00 - DAVT 2011 Oct 28 2:00 + 5:00 - DAVT 2012 Feb 21 20:00u + 7:00 - DAVT +-Zone Antarctica/Mawson 0 - zzz 1954 Feb 13 ++Zone Antarctica/Mawson 0 - -00 1954 Feb 13 + 6:00 - MAWT 2009 Oct 18 2:00 # Mawson Time + 5:00 - MAWT + # References: +@@ -160,7 +160,7 @@ Zone Antarctica/Mawson 0 - zzz 1954 Feb 13 + # fishing stations operated variously 1819/1931 + # + # Zone NAME GMTOFF RULES FORMAT [UNTIL] +-Zone Indian/Kerguelen 0 - zzz 1950 # Port-aux-Français ++Zone Indian/Kerguelen 0 - -00 1950 # Port-aux-Français + 5:00 - TFT # ISO code TF Time + # + # year-round base in the main continent +@@ -171,9 +171,9 @@ Zone Indian/Kerguelen 0 - zzz 1950 # Port-aux-Français + # It was destroyed by fire on 1952-01-14. + # + # Zone NAME GMTOFF RULES FORMAT [UNTIL] +-Zone Antarctica/DumontDUrville 0 - zzz 1947 ++Zone Antarctica/DumontDUrville 0 - -00 1947 + 10:00 - PMT 1952 Jan 14 # Port-Martin Time +- 0 - zzz 1956 Nov ++ 0 - -00 1956 Nov + 10:00 - DDUT # Dumont-d'Urville Time + + # France & Italy - year-round base +@@ -199,7 +199,7 @@ Zone Antarctica/DumontDUrville 0 - zzz 1947 + # was established on 1957-01-29. Since Syowa station is still the main + # station of Japan, it's appropriate for the principal location. + # Zone NAME GMTOFF RULES FORMAT [UNTIL] +-Zone Antarctica/Syowa 0 - zzz 1957 Jan 29 ++Zone Antarctica/Syowa 0 - -00 1957 Jan 29 + 3:00 - SYOT # Syowa Time + # See: + # NIPR Antarctic Research Activities (1999-08-17) +@@ -249,7 +249,7 @@ Rule Troll 2005 max - Mar lastSun 1:00u 2:00 CEST + # Remove the following line when uncommenting the above '#Rule' lines. + Rule Troll 2004 max - Oct lastSun 1:00u 0:00 UTC + # Zone NAME GMTOFF RULES FORMAT [UNTIL] +-Zone Antarctica/Troll 0 - zzz 2005 Feb 12 ++Zone Antarctica/Troll 0 - -00 2005 Feb 12 + 0:00 Troll %s + + # Poland - year-round base +@@ -290,7 +290,7 @@ Zone Antarctica/Troll 0 - zzz 2005 Feb 12 + # happened to be during their visit. So we still don't really know what time + # it is at Vostok. But we'll guess UTC+6. + # +-Zone Antarctica/Vostok 0 - zzz 1957 Dec 16 ++Zone Antarctica/Vostok 0 - -00 1957 Dec 16 + 6:00 - VOST # Vostok time + + # S Africa - year-round bases +@@ -323,7 +323,7 @@ Zone Antarctica/Vostok 0 - zzz 1957 Dec 16 + # says Rothera is -03 all year. + # + # Zone NAME GMTOFF RULES FORMAT [UNTIL] +-Zone Antarctica/Rothera 0 - zzz 1976 Dec 1 ++Zone Antarctica/Rothera 0 - -00 1976 Dec 1 + -3:00 - ROTT # Rothera time + + # Uruguay - year round base +diff --git a/jdk/test/sun/util/calendar/zi/tzdata/asia b/jdk/test/sun/util/calendar/zi/tzdata/asia +index 58b43e9..35ac37c 100644 +--- openjdk/jdk/test/sun/util/calendar/zi/tzdata/asia ++++ openjdk/jdk/test/sun/util/calendar/zi/tzdata/asia +@@ -169,7 +169,7 @@ Zone Asia/Baku 3:19:24 - LMT 1924 May 2 + 3:00 - BAKT 1957 Mar # Baku Time + 4:00 RussiaAsia BAK%sT 1991 Mar 31 2:00s + 3:00 1:00 BAKST 1991 Aug 30 # independence +- 3:00 RussiaAsia AZ%sT 1992 Sep lastSat 23:00 ++ 3:00 RussiaAsia AZ%sT 1992 Sep lastSun 2:00s + 4:00 - AZT 1996 # Azerbaijan Time + 4:00 EUAsia AZ%sT 1997 + 4:00 Azer AZ%sT +diff --git a/jdk/test/sun/util/calendar/zi/tzdata/australasia b/jdk/test/sun/util/calendar/zi/tzdata/australasia +index 929124c..134a01e 100644 +--- openjdk/jdk/test/sun/util/calendar/zi/tzdata/australasia ++++ openjdk/jdk/test/sun/util/calendar/zi/tzdata/australasia +@@ -266,11 +266,11 @@ Zone Australia/Lord_Howe 10:36:20 - LMT 1895 Feb + # will produce a binary file with an [A]EST-type as the first 32-bit type; + # this is required for correct handling of times before 1916 by + # pre-2013 versions of localtime. +-Zone Antarctica/Macquarie 0 - zzz 1899 Nov ++Zone Antarctica/Macquarie 0 - -00 1899 Nov + 10:00 - AEST 1916 Oct 1 2:00 + 10:00 1:00 AEDT 1917 Feb + 10:00 Aus AE%sT 1919 Apr 1 0:00s +- 0 - zzz 1948 Mar 25 ++ 0 - -00 1948 Mar 25 + 10:00 Aus AE%sT 1967 + 10:00 AT AE%sT 2010 Apr 4 3:00 + 11:00 - MIST # Macquarie I Standard Time +diff --git a/jdk/test/sun/util/calendar/zi/tzdata/europe b/jdk/test/sun/util/calendar/zi/tzdata/europe +index 00a9fff..8ed7d4b 100644 +--- openjdk/jdk/test/sun/util/calendar/zi/tzdata/europe ++++ openjdk/jdk/test/sun/util/calendar/zi/tzdata/europe +@@ -778,6 +778,14 @@ Zone Europe/Vienna 1:05:21 - LMT 1893 Apr + 1:00 EU CE%sT + + # Belarus ++# ++# From Stepan Golosunov (2016-07-02): ++# http://www.lawbelarus.com/repub/sub30/texf9611.htm ++# (Act of the Cabinet of Ministers of the Republic of Belarus from ++# 1992-03-25 No. 157) ... says clocks were to be moved forward at 2:00 ++# on last Sunday of March and backward at 3:00 on last Sunday of September ++# (the same as previous USSR and contemporary Russian regulations). ++# + # From Yauhen Kharuzhy (2011-09-16): + # By latest Belarus government act Europe/Minsk timezone was changed to + # GMT+3 without DST (was GMT+2 with DST). +@@ -801,9 +809,6 @@ Zone Europe/Minsk 1:50:16 - LMT 1880 + 1:00 C-Eur CE%sT 1944 Jul 3 + 3:00 Russia MSK/MSD 1990 + 3:00 - MSK 1991 Mar 31 2:00s +- 2:00 1:00 EEST 1991 Sep 29 2:00s +- 2:00 - EET 1992 Mar 29 0:00s +- 2:00 1:00 EEST 1992 Sep 27 0:00s + 2:00 Russia EE%sT 2011 Mar 27 2:00s + 3:00 - FET 2014 Oct 26 1:00s + 3:00 - MSK +@@ -2746,14 +2751,22 @@ Zone Asia/Barnaul 5:35:00 - LMT 1919 Dec 10 + # Asia/Novosibirsk covers: + # 54 RU-NVS Novosibirsk Oblast + ++# From Stepan Golosunov (2016-05-30): ++# http://asozd2.duma.gov.ru/main.nsf/(Spravka)?OpenAgent&RN=1085784-6 ++# moves Novosibirsk oblast from UTC+6 to UTC+7. ++# From Stepan Golosunov (2016-07-04): ++# The law was signed yesterday and published today on ++# http://publication.pravo.gov.ru/Document/View/0001201607040064 ++ + Zone Asia/Novosibirsk 5:31:40 - LMT 1919 Dec 14 6:00 +- 6:00 - NOVT 1930 Jun 21 # Novosibirsk Time +- 7:00 Russia NOV%sT 1991 Mar 31 2:00s +- 6:00 Russia NOV%sT 1992 Jan 19 2:00s +- 7:00 Russia NOV%sT 1993 May 23 # say Shanks & P. +- 6:00 Russia NOV%sT 2011 Mar 27 2:00s +- 7:00 - NOVT 2014 Oct 26 2:00s +- 6:00 - NOVT ++ 6:00 - +06 1930 Jun 21 ++ 7:00 Russia +07/+08 1991 Mar 31 2:00s ++ 6:00 Russia +06/+07 1992 Jan 19 2:00s ++ 7:00 Russia +07/+08 1993 May 23 # say Shanks & P. ++ 6:00 Russia +06/+07 2011 Mar 27 2:00s ++ 7:00 - +07 2014 Oct 26 2:00s ++ 6:00 - +06 2016 Jul 24 2:00s ++ 7:00 - +07 + + # From Paul Eggert (2016-03-18): + # Asia/Tomsk covers: +@@ -2794,6 +2807,9 @@ Zone Asia/Novosibirsk 5:31:40 - LMT 1919 Dec 14 6:00 + # approved by the Federation Council on 2016-04-20, signed by the President and + # published as a law around 2016-04-26. + ++# From Matt Johnson (2016-04-26): ++# http://publication.pravo.gov.ru/Document/View/0001201604260048 ++ + Zone Asia/Tomsk 5:39:51 - LMT 1919 Dec 22 + 6:00 - +06 1930 Jun 21 + 7:00 Russia +07/+08 1991 Mar 31 2:00s +@@ -2833,14 +2849,12 @@ Zone Asia/Tomsk 5:39:51 - LMT 1919 Dec 22 + # realigning itself with KRAT. + + Zone Asia/Novokuznetsk 5:48:48 - LMT 1924 May 1 +- 6:00 - KRAT 1930 Jun 21 # Krasnoyarsk Time +- 7:00 Russia KRA%sT 1991 Mar 31 2:00s +- 6:00 Russia KRA%sT 1992 Jan 19 2:00s +- 7:00 Russia KRA%sT 2010 Mar 28 2:00s +- 6:00 Russia NOV%sT 2011 Mar 27 2:00s # Novosibirsk +- 7:00 - NOVT 2014 Oct 26 2:00s +- 7:00 - KRAT # Krasnoyarsk Time +- ++ 6:00 - +06 1930 Jun 21 ++ 7:00 Russia +07/+08 1991 Mar 31 2:00s ++ 6:00 Russia +06/+07 1992 Jan 19 2:00s ++ 7:00 Russia +07/+08 2010 Mar 28 2:00s ++ 6:00 Russia +06/+07 2011 Mar 27 2:00s ++ 7:00 - +07 + + # From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2001-08-25): + # Asia/Krasnoyarsk covers... +diff --git a/jdk/test/sun/util/calendar/zi/tzdata/northamerica b/jdk/test/sun/util/calendar/zi/tzdata/northamerica +index 2124401..ec59510 100644 +--- openjdk/jdk/test/sun/util/calendar/zi/tzdata/northamerica ++++ openjdk/jdk/test/sun/util/calendar/zi/tzdata/northamerica +@@ -2214,39 +2214,39 @@ Rule NT_YK 1980 2006 - Oct lastSun 2:00 0 S + Rule NT_YK 1987 2006 - Apr Sun>=1 2:00 1:00 D + # Zone NAME GMTOFF RULES FORMAT [UNTIL] + # aka Panniqtuuq +-Zone America/Pangnirtung 0 - zzz 1921 # trading post est. ++Zone America/Pangnirtung 0 - -00 1921 # trading post est. + -4:00 NT_YK A%sT 1995 Apr Sun>=1 2:00 + -5:00 Canada E%sT 1999 Oct 31 2:00 + -6:00 Canada C%sT 2000 Oct 29 2:00 + -5:00 Canada E%sT + # formerly Frobisher Bay +-Zone America/Iqaluit 0 - zzz 1942 Aug # Frobisher Bay est. ++Zone America/Iqaluit 0 - -00 1942 Aug # Frobisher Bay est. + -5:00 NT_YK E%sT 1999 Oct 31 2:00 + -6:00 Canada C%sT 2000 Oct 29 2:00 + -5:00 Canada E%sT + # aka Qausuittuq +-Zone America/Resolute 0 - zzz 1947 Aug 31 # Resolute founded ++Zone America/Resolute 0 - -00 1947 Aug 31 # Resolute founded + -6:00 NT_YK C%sT 2000 Oct 29 2:00 + -5:00 - EST 2001 Apr 1 3:00 + -6:00 Canada C%sT 2006 Oct 29 2:00 + -5:00 - EST 2007 Mar 11 3:00 + -6:00 Canada C%sT + # aka Kangiqiniq +-Zone America/Rankin_Inlet 0 - zzz 1957 # Rankin Inlet founded ++Zone America/Rankin_Inlet 0 - -00 1957 # Rankin Inlet founded + -6:00 NT_YK C%sT 2000 Oct 29 2:00 + -5:00 - EST 2001 Apr 1 3:00 + -6:00 Canada C%sT + # aka Iqaluktuuttiaq +-Zone America/Cambridge_Bay 0 - zzz 1920 # trading post est.? ++Zone America/Cambridge_Bay 0 - -00 1920 # trading post est.? + -7:00 NT_YK M%sT 1999 Oct 31 2:00 + -6:00 Canada C%sT 2000 Oct 29 2:00 + -5:00 - EST 2000 Nov 5 0:00 + -6:00 - CST 2001 Apr 1 3:00 + -7:00 Canada M%sT +-Zone America/Yellowknife 0 - zzz 1935 # Yellowknife founded? ++Zone America/Yellowknife 0 - -00 1935 # Yellowknife founded? + -7:00 NT_YK M%sT 1980 + -7:00 Canada M%sT +-Zone America/Inuvik 0 - zzz 1953 # Inuvik founded ++Zone America/Inuvik 0 - -00 1953 # Inuvik founded + -8:00 NT_YK P%sT 1979 Apr lastSun 2:00 + -7:00 NT_YK M%sT 1980 + -7:00 Canada M%sT +diff --git a/jdk/test/sun/util/calendar/zi/tzdata/southamerica b/jdk/test/sun/util/calendar/zi/tzdata/southamerica +index b909089..08c89ca 100644 +--- openjdk/jdk/test/sun/util/calendar/zi/tzdata/southamerica ++++ openjdk/jdk/test/sun/util/calendar/zi/tzdata/southamerica +@@ -1332,7 +1332,7 @@ Zone Pacific/Easter -7:17:28 - LMT 1890 + # Palmer used to be supplied from Argentina. + # + # Zone NAME GMTOFF RULES FORMAT [UNTIL] +-Zone Antarctica/Palmer 0 - zzz 1965 ++Zone Antarctica/Palmer 0 - -00 1965 + -4:00 Arg AR%sT 1969 Oct 5 + -3:00 Arg AR%sT 1982 May + -4:00 Chile CL%sT +@@ -1782,16 +1782,16 @@ Zone America/Montevideo -3:44:44 - LMT 1898 Jun 28 + # https://actualidad.rt.com/actualidad/204758-venezuela-modificar-huso-horario-sequia-elnino + # + # From Paul Eggert (2016-04-15): +-# Clocks advance 30 minutes on 2016-05-01 at 02:30. See: +-# Barboza AD. Huso horario en Venezuela volverá a 4 horas menos con +-# respecto al "Greenwich". Panorama 2016-04-15 12:20 -0430. +-# http://www.panorama.com.ve/ciudad/Huso-horario-en-Venezuela-volvera-a-4-horas-menos-con-respecto-al-Greenwich-20160415-0032.html +-# ++# Clocks advance 30 minutes on 2016-05-01 at 02:30.... + # "'Venezuela's new time-zone: hours without light, hours without water, +-# hours of presidential broadcasts, hours of lines," quipped comedian +-# Jean Mary Curro ...". See: Cawthorne A, Kai D. Venezuela scraps ++# hours of presidential broadcasts, hours of lines,' quipped comedian ++# Jean Mary Curró ...". See: Cawthorne A, Kai D. Venezuela scraps + # half-hour time difference set by Chavez. Reuters 2016-04-15 14:50 -0400 + # http://www.reuters.com/article/us-venezuela-timezone-idUSKCN0XC2BE ++# ++# From Matt Johnson (2016-04-20): ++# ... published in the official Gazette [2016-04-18], here: ++# http://historico.tsj.gob.ve/gaceta_ext/abril/1842016/E-1842016-4551.pdf + + # Zone NAME GMTOFF RULES FORMAT [UNTIL] + Zone America/Caracas -4:27:44 - LMT 1890 +diff --git a/langtools/src/share/classes/com/sun/tools/doclets/formats/html/markup/HtmlWriter.java b/langtools/src/share/classes/com/sun/tools/doclets/formats/html/markup/HtmlWriter.java +index ae748c3..d15459e 100644 +--- openjdk/langtools/src/share/classes/com/sun/tools/doclets/formats/html/markup/HtmlWriter.java ++++ openjdk/langtools/src/share/classes/com/sun/tools/doclets/formats/html/markup/HtmlWriter.java +@@ -380,11 +380,12 @@ public class HtmlWriter { + HtmlTree script = new HtmlTree(HtmlTag.SCRIPT); + script.addAttr(HtmlAttr.TYPE, "text/javascript"); + String scriptCode = DocletConstants.NL + +- " targetPage = \"\" + window.location.search;" + DocletConstants.NL + +- " if (targetPage != \"\" && targetPage != \"undefined\")" + DocletConstants.NL + +- " targetPage = targetPage.substring(1);" + DocletConstants.NL + +- " if (targetPage.indexOf(\":\") != -1 || (targetPage != \"\" && !validURL(targetPage)))" + DocletConstants.NL + +- " targetPage = \"undefined\";" + DocletConstants.NL + ++ " tmpTargetPage = \"\" + window.location.search;" + DocletConstants.NL + ++ " if (tmpTargetPage != \"\" && tmpTargetPage != \"undefined\")" + DocletConstants.NL + ++ " tmpTargetPage = tmpTargetPage.substring(1);" + DocletConstants.NL + ++ " if (tmpTargetPage.indexOf(\":\") != -1 || (tmpTargetPage != \"\" && !validURL(tmpTargetPage)))" + DocletConstants.NL + ++ " tmpTargetPage = \"undefined\";" + DocletConstants.NL + ++ " targetPage = tmpTargetPage;" + DocletConstants.NL + + " function validURL(url) {" + DocletConstants.NL + + " try {" + DocletConstants.NL + + " url = decodeURIComponent(url);" + DocletConstants.NL + +diff --git a/langtools/src/share/classes/com/sun/tools/javac/resources/javac_ja.properties b/langtools/src/share/classes/com/sun/tools/javac/resources/javac_ja.properties +index 4d86f6a..286142b 100644 +--- openjdk/langtools/src/share/classes/com/sun/tools/javac/resources/javac_ja.properties ++++ openjdk/langtools/src/share/classes/com/sun/tools/javac/resources/javac_ja.properties +@@ -1,5 +1,5 @@ + # +-# Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved. ++# Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved. + # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + # + # This code is free software; you can redistribute it and/or modify it +@@ -34,7 +34,7 @@ javac.opt.deprecation=\u975E\u63A8\u5968\u306EAPI\u304C\u4F7F\u7528\u3055\u308C\ + javac.opt.classpath=\u30E6\u30FC\u30B6\u30FC\u30FB\u30AF\u30E9\u30B9\u30FB\u30D5\u30A1\u30A4\u30EB\u304A\u3088\u3073\u6CE8\u91C8\u30D7\u30ED\u30BB\u30C3\u30B5\u3092\u691C\u7D22\u3059\u308B\u4F4D\u7F6E\u3092\u6307\u5B9A\u3059\u308B + javac.opt.sourcepath=\u5165\u529B\u30BD\u30FC\u30B9\u30FB\u30D5\u30A1\u30A4\u30EB\u3092\u691C\u7D22\u3059\u308B\u4F4D\u7F6E\u3092\u6307\u5B9A\u3059\u308B + javac.opt.bootclasspath=\u30D6\u30FC\u30C8\u30B9\u30C8\u30E9\u30C3\u30D7\u30FB\u30AF\u30E9\u30B9\u30FB\u30D1\u30B9\u306E\u5834\u6240\u3092\u30AA\u30FC\u30D0\u30FC\u30E9\u30A4\u30C9\u3059\u308B +-javac.opt.Xbootclasspath.p=\u30D6\u30FC\u30C8\u30B9\u30C8\u30E9\u30C3\u30D7\u30FB\u30AF\u30E9\u30B9\u30FB\u30D1\u30B9\u306B\u4ED8\u52A0\u3059\u308B ++javac.opt.Xbootclasspath.p=\u30D6\u30FC\u30C8\u30B9\u30C8\u30E9\u30C3\u30D7\u30FB\u30AF\u30E9\u30B9\u30FB\u30D1\u30B9\u306E\u5148\u982D\u306B\u4ED8\u52A0\u3059\u308B + javac.opt.Xbootclasspath.a=\u30D6\u30FC\u30C8\u30B9\u30C8\u30E9\u30C3\u30D7\u30FB\u30AF\u30E9\u30B9\u30FB\u30D1\u30B9\u306B\u8FFD\u52A0\u3059\u308B + javac.opt.endorseddirs=\u63A8\u5968\u898F\u683C\u30D1\u30B9\u306E\u5834\u6240\u3092\u30AA\u30FC\u30D0\u30FC\u30E9\u30A4\u30C9\u3059\u308B + javac.opt.extdirs=\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u6E08\u62E1\u5F35\u6A5F\u80FD\u306E\u5834\u6240\u3092\u30AA\u30FC\u30D0\u30FC\u30E9\u30A4\u30C9\u3059\u308B +diff --git a/langtools/test/com/sun/javadoc/testJavascript/TestJavascript.java b/langtools/test/com/sun/javadoc/testJavascript/TestJavascript.java +index 96487f0..33331a9 100644 +--- openjdk/langtools/test/com/sun/javadoc/testJavascript/TestJavascript.java ++++ openjdk/langtools/test/com/sun/javadoc/testJavascript/TestJavascript.java +@@ -23,7 +23,7 @@ + + /* + * @test +- * @bug 4665566 4855876 7025314 8012375 8015997 8016328 8024756 ++ * @bug 4665566 4855876 7025314 8012375 8015997 8016328 8024756 8151921 + * @summary Verify that the output has the right javascript. + * @author jamieh + * @library ../lib/ +@@ -50,11 +50,12 @@ public class TestJavascript extends JavadocTester { + "Frames"}, + {BUG_ID + FS + "index.html", + "