1berry/openjdk
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge

Browse Source
This commit is contained in:
Abhijit Saha 2012-02-20 11:31:53 -08:00
commit 162d75c68c
34 changed files with 2826 additions and 202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
jdk/make/java/java/FILES_java.gmk
View File

@ -474,6 +474,7 @@ JAVA_JAVA_java = \
sun/misc/MessageUtils.java \ sun/misc/MessageUtils.java \
sun/misc/GC.java \ sun/misc/GC.java \
sun/misc/Service.java \ sun/misc/Service.java \
sun/misc/JavaAWTAccess.java \
sun/misc/JavaLangAccess.java \ sun/misc/JavaLangAccess.java \
sun/misc/JavaIOAccess.java \ sun/misc/JavaIOAccess.java \
sun/misc/JavaIOFileDescriptorAccess.java \ sun/misc/JavaIOFileDescriptorAccess.java \

4
jdk/src/share/classes/com/sun/media/sound/DirectAudioDevice.java
View File

@ -736,7 +736,7 @@ class DirectAudioDevice extends AbstractMixer {
if (off < 0) { if (off < 0) {
throw new ArrayIndexOutOfBoundsException(off); throw new ArrayIndexOutOfBoundsException(off);
} }
if (off + len > b.length) { if ((long)off + (long)len > (long)b.length) {
throw new ArrayIndexOutOfBoundsException(b.length); throw new ArrayIndexOutOfBoundsException(b.length);
} }
@ -964,7 +964,7 @@ class DirectAudioDevice extends AbstractMixer {
if (off < 0) { if (off < 0) {
throw new ArrayIndexOutOfBoundsException(off); throw new ArrayIndexOutOfBoundsException(off);
} }
if (off + len > b.length) { if ((long)off + (long)len > (long)b.length) {
throw new ArrayIndexOutOfBoundsException(b.length); throw new ArrayIndexOutOfBoundsException(b.length);
} }
if (!isActive() && doIO) { if (!isActive() && doIO) {

6
jdk/src/share/classes/com/sun/media/sound/SoftMixingSourceDataLine.java
View File

@ -130,6 +130,12 @@ public class SoftMixingSourceDataLine extends SoftMixingDataLine implements
if (len % framesize != 0) if (len % framesize != 0)
throw new IllegalArgumentException( throw new IllegalArgumentException(
"Number of bytes does not represent an integral number of sample frames."); "Number of bytes does not represent an integral number of sample frames.");
if (off < 0) {
throw new ArrayIndexOutOfBoundsException(off);
}
if ((long)off + (long)len > (long)b.length) {
throw new ArrayIndexOutOfBoundsException(b.length);
}
byte[] buff = cycling_buffer; byte[] buff = cycling_buffer;
int buff_len = cycling_buffer.length; int buff_len = cycling_buffer.length;

63
jdk/src/share/classes/java/io/ObjectStreamClass.java
View File

@ -123,14 +123,39 @@ public class ObjectStreamClass implements Serializable {
*/ */
private boolean hasBlockExternalData = true; private boolean hasBlockExternalData = true;
/**
* Contains information about InvalidClassException instances to be thrown
* when attempting operations on an invalid class. Note that instances of
* this class are immutable and are potentially shared among
* ObjectStreamClass instances.
*/
private static class ExceptionInfo {
private final String className;
private final String message;
ExceptionInfo(String cn, String msg) {
className = cn;
message = msg;
}
/**
* Returns (does not throw) an InvalidClassException instance created
* from the information in this object, suitable for being thrown by
* the caller.
*/
InvalidClassException newInvalidClassException() {
return new InvalidClassException(className, message);
}
}
/** exception (if any) thrown while attempting to resolve class */ /** exception (if any) thrown while attempting to resolve class */
private ClassNotFoundException resolveEx; private ClassNotFoundException resolveEx;
/** exception (if any) to throw if non-enum deserialization attempted */ /** exception (if any) to throw if non-enum deserialization attempted */
private InvalidClassException deserializeEx; private ExceptionInfo deserializeEx;
/** exception (if any) to throw if non-enum serialization attempted */ /** exception (if any) to throw if non-enum serialization attempted */
private InvalidClassException serializeEx; private ExceptionInfo serializeEx;
/** exception (if any) to throw if default serialization attempted */ /** exception (if any) to throw if default serialization attempted */
private InvalidClassException defaultSerializeEx; private ExceptionInfo defaultSerializeEx;
/** serializable fields */ /** serializable fields */
private ObjectStreamField[] fields; private ObjectStreamField[] fields;
@ -444,7 +469,8 @@ public class ObjectStreamClass implements Serializable {
fields = getSerialFields(cl); fields = getSerialFields(cl);
computeFieldOffsets(); computeFieldOffsets();
} catch (InvalidClassException e) { } catch (InvalidClassException e) {
serializeEx = deserializeEx = e; serializeEx = deserializeEx =
new ExceptionInfo(e.classname, e.getMessage());
fields = NO_FIELDS; fields = NO_FIELDS;
} }
@ -483,15 +509,14 @@ public class ObjectStreamClass implements Serializable {
if (deserializeEx == null) { if (deserializeEx == null) {
if (isEnum) { if (isEnum) {
deserializeEx = new InvalidClassException(name, "enum type"); deserializeEx = new ExceptionInfo(name, "enum type");
} else if (cons == null) { } else if (cons == null) {
deserializeEx = new InvalidClassException( deserializeEx = new ExceptionInfo(name, "no valid constructor");
name, "no valid constructor");
} }
} }
for (int i = 0; i < fields.length; i++) { for (int i = 0; i < fields.length; i++) {
if (fields[i].getField() == null) { if (fields[i].getField() == null) {
defaultSerializeEx = new InvalidClassException( defaultSerializeEx = new ExceptionInfo(
name, "unmatched serializable field(s) declared"); name, "unmatched serializable field(s) declared");
} }
} }
@ -601,8 +626,8 @@ public class ObjectStreamClass implements Serializable {
(externalizable != localDesc.externalizable) || (externalizable != localDesc.externalizable) ||
!(serializable || externalizable)) !(serializable || externalizable))
{ {
deserializeEx = new InvalidClassException(localDesc.name, deserializeEx = new ExceptionInfo(
"class invalid for deserialization"); localDesc.name, "class invalid for deserialization");
} }
} }
@ -727,11 +752,7 @@ public class ObjectStreamClass implements Serializable {
*/ */
void checkDeserialize() throws InvalidClassException { void checkDeserialize() throws InvalidClassException {
if (deserializeEx != null) { if (deserializeEx != null) {
InvalidClassException ice = throw deserializeEx.newInvalidClassException();
new InvalidClassException(deserializeEx.classname,
deserializeEx.getMessage());
ice.initCause(deserializeEx);
throw ice;
} }
} }
@ -742,11 +763,7 @@ public class ObjectStreamClass implements Serializable {
*/ */
void checkSerialize() throws InvalidClassException { void checkSerialize() throws InvalidClassException {
if (serializeEx != null) { if (serializeEx != null) {
InvalidClassException ice = throw serializeEx.newInvalidClassException();
new InvalidClassException(serializeEx.classname,
serializeEx.getMessage());
ice.initCause(serializeEx);
throw ice;
} }
} }
@ -759,11 +776,7 @@ public class ObjectStreamClass implements Serializable {
*/ */
void checkDefaultSerialize() throws InvalidClassException { void checkDefaultSerialize() throws InvalidClassException {
if (defaultSerializeEx != null) { if (defaultSerializeEx != null) {
InvalidClassException ice = throw defaultSerializeEx.newInvalidClassException();
new InvalidClassException(defaultSerializeEx.classname,
defaultSerializeEx.getMessage());
ice.initCause(defaultSerializeEx);
throw ice;
} }
} }

68
jdk/src/share/classes/java/util/TimeZone.java
View File

@ -43,6 +43,8 @@ import java.lang.ref.SoftReference;
import java.security.AccessController; import java.security.AccessController;
import java.security.PrivilegedAction; import java.security.PrivilegedAction;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import sun.misc.SharedSecrets;
import sun.misc.JavaAWTAccess;
import sun.security.action.GetPropertyAction; import sun.security.action.GetPropertyAction;
import sun.util.TimeZoneNameUtility; import sun.util.TimeZoneNameUtility;
import sun.util.calendar.ZoneInfo; import sun.util.calendar.ZoneInfo;
@ -615,7 +617,7 @@ abstract public class TimeZone implements Serializable, Cloneable {
* method doesn't create a clone. * method doesn't create a clone.
*/ */
static TimeZone getDefaultRef() { static TimeZone getDefaultRef() {
TimeZone defaultZone = defaultZoneTL.get(); TimeZone defaultZone = getDefaultInAppContext();
if (defaultZone == null) { if (defaultZone == null) {
defaultZone = defaultTimeZone; defaultZone = defaultTimeZone;
if (defaultZone == null) { if (defaultZone == null) {
@ -706,10 +708,65 @@ abstract public class TimeZone implements Serializable, Cloneable {
if (hasPermission()) { if (hasPermission()) {
synchronized (TimeZone.class) { synchronized (TimeZone.class) {
defaultTimeZone = zone; defaultTimeZone = zone;
defaultZoneTL.set(null); setDefaultInAppContext(null);
} }
} else { } else {
defaultZoneTL.set(zone); setDefaultInAppContext(zone);
}
}
/**
* Returns the default TimeZone in an AppContext if any AppContext
* has ever used. null is returned if any AppContext hasn't been
* used or if the AppContext doesn't have the default TimeZone.
*/
private synchronized static TimeZone getDefaultInAppContext() {
// JavaAWTAccess provides access implementation-private methods without using reflection.
JavaAWTAccess javaAWTAccess = SharedSecrets.getJavaAWTAccess();
// Note that javaAWTAccess may be null if sun.awt.AppContext class hasn't
// been loaded. If so, it implies that AWTSecurityManager is not our
// SecurityManager and we can use a local static variable.
// This works around a build time issue.
if (javaAWTAccess == null) {
return mainAppContextDefault;
} else {
if (!javaAWTAccess.isDisposed()) {
TimeZone tz = (TimeZone)
javaAWTAccess.get(TimeZone.class);
if (tz == null && javaAWTAccess.isMainAppContext()) {
return mainAppContextDefault;
} else {
return tz;
}
}
}
return null;
}
/**
* Sets the default TimeZone in the AppContext to the given
* tz. null is handled special: do nothing if any AppContext
* hasn't been used, remove the default TimeZone in the
* AppContext otherwise.
*/
private synchronized static void setDefaultInAppContext(TimeZone tz) {
// JavaAWTAccess provides access implementation-private methods without using reflection.
JavaAWTAccess javaAWTAccess = SharedSecrets.getJavaAWTAccess();
// Note that javaAWTAccess may be null if sun.awt.AppContext class hasn't
// been loaded. If so, it implies that AWTSecurityManager is not our
// SecurityManager and we can use a local static variable.
// This works around a build time issue.
if (javaAWTAccess == null) {
mainAppContextDefault = tz;
} else {
if (!javaAWTAccess.isDisposed()) {
javaAWTAccess.put(TimeZone.class, tz);
if (javaAWTAccess.isMainAppContext()) {
mainAppContextDefault = null;
}
}
} }
} }
@ -760,12 +817,13 @@ abstract public class TimeZone implements Serializable, Cloneable {
*/ */
private String ID; private String ID;
private static volatile TimeZone defaultTimeZone; private static volatile TimeZone defaultTimeZone;
private static final InheritableThreadLocal<TimeZone> defaultZoneTL
= new InheritableThreadLocal<TimeZone>();
static final String GMT_ID = "GMT"; static final String GMT_ID = "GMT";
private static final int GMT_ID_LENGTH = 3; private static final int GMT_ID_LENGTH = 3;
// a static TimeZone we can reference if no AppContext is in place
private static TimeZone mainAppContextDefault;
/** /**
* Parses a custom time zone identifier and returns a corresponding zone. * Parses a custom time zone identifier and returns a corresponding zone.
* This method doesn't support the RFC 822 time zone format. (e.g., +hhmm) * This method doesn't support the RFC 822 time zone format. (e.g., +hhmm)

41
jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java
View File

@ -34,8 +34,10 @@
*/ */
package java.util.concurrent.atomic; package java.util.concurrent.atomic;
import java.lang.reflect.Array;
import java.util.Arrays;
import sun.misc.Unsafe; import sun.misc.Unsafe;
import java.util.*;
/** /**
* An array of object references in which elements may be updated * An array of object references in which elements may be updated
@ -49,13 +51,23 @@ import java.util.*;
public class AtomicReferenceArray<E> implements java.io.Serializable { public class AtomicReferenceArray<E> implements java.io.Serializable {
private static final long serialVersionUID = -6209656149925076980L; private static final long serialVersionUID = -6209656149925076980L;
private static final Unsafe unsafe = Unsafe.getUnsafe(); private static final Unsafe unsafe;
private static final int base = unsafe.arrayBaseOffset(Object[].class); private static final int base;
private static final int shift; private static final int shift;
private final Object[] array; private static final long arrayFieldOffset;
private final Object[] array; // must have exact type Object[]
static { static {
int scale = unsafe.arrayIndexScale(Object[].class); int scale;
try {
unsafe = Unsafe.getUnsafe();
arrayFieldOffset = unsafe.objectFieldOffset
(AtomicReferenceArray.class.getDeclaredField("array"));
base = unsafe.arrayBaseOffset(Object[].class);
scale = unsafe.arrayIndexScale(Object[].class);
} catch (Exception e) {
throw new Error(e);
}
if ((scale & (scale - 1)) != 0) if ((scale & (scale - 1)) != 0)
throw new Error("data type scale not a power of two"); throw new Error("data type scale not a power of two");
shift = 31 - Integer.numberOfLeadingZeros(scale); shift = 31 - Integer.numberOfLeadingZeros(scale);
@ -91,7 +103,7 @@ public class AtomicReferenceArray<E> implements java.io.Serializable {
*/ */
public AtomicReferenceArray(E[] array) { public AtomicReferenceArray(E[] array) {
// Visibility guaranteed by final field guarantees // Visibility guaranteed by final field guarantees
this.array = array.clone(); this.array = Arrays.copyOf(array, array.length, Object[].class);
} }
/** /**
@ -197,7 +209,7 @@ public class AtomicReferenceArray<E> implements java.io.Serializable {
* @return the String representation of the current values of array * @return the String representation of the current values of array
*/ */
public String toString() { public String toString() {
int iMax = array.length - 1; int iMax = array.length - 1;
if (iMax == -1) if (iMax == -1)
return "[]"; return "[]";
@ -211,4 +223,19 @@ public class AtomicReferenceArray<E> implements java.io.Serializable {
} }
} }
/**
* Reconstitutes the instance from a stream (that is, deserializes it).
* @param s the stream
*/
private void readObject(java.io.ObjectInputStream s)
throws java.io.IOException, ClassNotFoundException {
// Note: This must be changed if any additional fields are defined
Object a = s.readFields().get("array", null);
if (a == null || !a.getClass().isArray())
throw new java.io.InvalidObjectException("Not array type");
if (a.getClass() != Object[].class)
a = Arrays.copyOf((Object[])a, Array.getLength(a), Object[].class);
unsafe.putObjectVolatile(this, arrayFieldOffset, a);
}
} }

21
jdk/src/share/classes/sun/awt/AppContext.java
View File

@ -787,6 +787,27 @@ public final class AppContext {
} }
return changeSupport.getPropertyChangeListeners(propertyName); return changeSupport.getPropertyChangeListeners(propertyName);
} }
// Set up JavaAWTAccess in SharedSecrets
static {
sun.misc.SharedSecrets.setJavaAWTAccess(new sun.misc.JavaAWTAccess() {
public Object get(Object key) {
return getAppContext().get(key);
}
public void put(Object key, Object value) {
getAppContext().put(key, value);
}
public void remove(Object key) {
getAppContext().remove(key);
}
public boolean isDisposed() {
return getAppContext().isDisposed();
}
public boolean isMainAppContext() {
return (numAppContexts == 1);
}
});
}
} }
final class MostRecentKeyValue { final class MostRecentKeyValue {

80
jdk/src/share/classes/sun/java2d/SunGraphics2D.java
View File

@ -370,6 +370,17 @@ public final class SunGraphics2D
} }
public void validatePipe() { public void validatePipe() {
/* This workaround is for the situation when we update the Pipelines
* for invalid SurfaceData and run further code when the current
* pipeline doesn't support the type of new SurfaceData created during
* the current pipeline's work (in place of the invalid SurfaceData).
* Usually SurfaceData and Pipelines are repaired (through revalidateAll)
* and called again in the exception handlers */
if (!surfaceData.isValid()) {
throw new InvalidPipeException("attempt to validate Pipe with invalid SurfaceData");
}
surfaceData.validatePipe(this); surfaceData.validatePipe(this);
} }
@ -1804,7 +1815,12 @@ public final class SunGraphics2D
width += x; width += x;
height += y; height += y;
} }
if (!getCompClip().intersectsQuickCheckXYXY(x, y, width, height)) {
try {
if (!getCompClip().intersectsQuickCheckXYXY(x, y, width, height)) {
return false;
}
} catch (InvalidPipeException e) {
return false; return false;
} }
// REMIND: We could go one step further here and examine the // REMIND: We could go one step further here and examine the
@ -1988,8 +2004,8 @@ public final class SunGraphics2D
try { try {
doCopyArea(x, y, w, h, dx, dy); doCopyArea(x, y, w, h, dx, dy);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
doCopyArea(x, y, w, h, dx, dy); doCopyArea(x, y, w, h, dx, dy);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2120,8 +2136,8 @@ public final class SunGraphics2D
try { try {
drawpipe.drawLine(this, x1, y1, x2, y2); drawpipe.drawLine(this, x1, y1, x2, y2);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
drawpipe.drawLine(this, x1, y1, x2, y2); drawpipe.drawLine(this, x1, y1, x2, y2);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2137,8 +2153,8 @@ public final class SunGraphics2D
try { try {
drawpipe.drawRoundRect(this, x, y, w, h, arcW, arcH); drawpipe.drawRoundRect(this, x, y, w, h, arcW, arcH);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
drawpipe.drawRoundRect(this, x, y, w, h, arcW, arcH); drawpipe.drawRoundRect(this, x, y, w, h, arcW, arcH);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2154,8 +2170,8 @@ public final class SunGraphics2D
try { try {
fillpipe.fillRoundRect(this, x, y, w, h, arcW, arcH); fillpipe.fillRoundRect(this, x, y, w, h, arcW, arcH);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
fillpipe.fillRoundRect(this, x, y, w, h, arcW, arcH); fillpipe.fillRoundRect(this, x, y, w, h, arcW, arcH);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2171,8 +2187,8 @@ public final class SunGraphics2D
try { try {
drawpipe.drawOval(this, x, y, w, h); drawpipe.drawOval(this, x, y, w, h);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
drawpipe.drawOval(this, x, y, w, h); drawpipe.drawOval(this, x, y, w, h);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2188,8 +2204,8 @@ public final class SunGraphics2D
try { try {
fillpipe.fillOval(this, x, y, w, h); fillpipe.fillOval(this, x, y, w, h);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
fillpipe.fillOval(this, x, y, w, h); fillpipe.fillOval(this, x, y, w, h);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2206,8 +2222,8 @@ public final class SunGraphics2D
try { try {
drawpipe.drawArc(this, x, y, w, h, startAngl, arcAngl); drawpipe.drawArc(this, x, y, w, h, startAngl, arcAngl);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
drawpipe.drawArc(this, x, y, w, h, startAngl, arcAngl); drawpipe.drawArc(this, x, y, w, h, startAngl, arcAngl);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2224,8 +2240,8 @@ public final class SunGraphics2D
try { try {
fillpipe.fillArc(this, x, y, w, h, startAngl, arcAngl); fillpipe.fillArc(this, x, y, w, h, startAngl, arcAngl);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
fillpipe.fillArc(this, x, y, w, h, startAngl, arcAngl); fillpipe.fillArc(this, x, y, w, h, startAngl, arcAngl);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2241,8 +2257,8 @@ public final class SunGraphics2D
try { try {
drawpipe.drawPolyline(this, xPoints, yPoints, nPoints); drawpipe.drawPolyline(this, xPoints, yPoints, nPoints);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
drawpipe.drawPolyline(this, xPoints, yPoints, nPoints); drawpipe.drawPolyline(this, xPoints, yPoints, nPoints);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2258,8 +2274,8 @@ public final class SunGraphics2D
try { try {
drawpipe.drawPolygon(this, xPoints, yPoints, nPoints); drawpipe.drawPolygon(this, xPoints, yPoints, nPoints);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
drawpipe.drawPolygon(this, xPoints, yPoints, nPoints); drawpipe.drawPolygon(this, xPoints, yPoints, nPoints);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2275,8 +2291,8 @@ public final class SunGraphics2D
try { try {
fillpipe.fillPolygon(this, xPoints, yPoints, nPoints); fillpipe.fillPolygon(this, xPoints, yPoints, nPoints);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
fillpipe.fillPolygon(this, xPoints, yPoints, nPoints); fillpipe.fillPolygon(this, xPoints, yPoints, nPoints);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2292,8 +2308,8 @@ public final class SunGraphics2D
try { try {
drawpipe.drawRect(this, x, y, w, h); drawpipe.drawRect(this, x, y, w, h);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
drawpipe.drawRect(this, x, y, w, h); drawpipe.drawRect(this, x, y, w, h);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2309,8 +2325,8 @@ public final class SunGraphics2D
try { try {
fillpipe.fillRect(this, x, y, w, h); fillpipe.fillRect(this, x, y, w, h);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
fillpipe.fillRect(this, x, y, w, h); fillpipe.fillRect(this, x, y, w, h);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2358,7 +2374,6 @@ public final class SunGraphics2D
Paint p = paint; Paint p = paint;
setComposite(AlphaComposite.Src); setComposite(AlphaComposite.Src);
setColor(getBackground()); setColor(getBackground());
validatePipe();
fillRect(x, y, w, h); fillRect(x, y, w, h);
setPaint(p); setPaint(p);
setComposite(c); setComposite(c);
@ -2382,8 +2397,8 @@ public final class SunGraphics2D
try { try {
shapepipe.draw(this, s); shapepipe.draw(this, s);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
shapepipe.draw(this, s); shapepipe.draw(this, s);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2412,8 +2427,8 @@ public final class SunGraphics2D
try { try {
shapepipe.fill(this, s); shapepipe.fill(this, s);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
shapepipe.fill(this, s); shapepipe.fill(this, s);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2560,10 +2575,17 @@ public final class SunGraphics2D
// Include padding for interpolation/antialiasing if necessary // Include padding for interpolation/antialiasing if necessary
int pad = isIntegerTranslate ? 0 : 3; int pad = isIntegerTranslate ? 0 : 3;
Region clip;
try {
clip = getCompClip();
} catch (InvalidPipeException e) {
return;
}
// Determine the region of the image that may contribute to // Determine the region of the image that may contribute to
// the clipped drawing area // the clipped drawing area
Rectangle region = getImageRegion(img, Rectangle region = getImageRegion(img,
getCompClip(), clip,
transform, transform,
xform, xform,
pad, pad); pad, pad);
@ -2806,8 +2828,8 @@ public final class SunGraphics2D
try { try {
textpipe.drawString(this, str, x, y); textpipe.drawString(this, str, x, y);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
textpipe.drawString(this, str, x, y); textpipe.drawString(this, str, x, y);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2835,8 +2857,8 @@ public final class SunGraphics2D
try { try {
textpipe.drawString(this, str, x, y); textpipe.drawString(this, str, x, y);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
textpipe.drawString(this, str, x, y); textpipe.drawString(this, str, x, y);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2881,8 +2903,8 @@ public final class SunGraphics2D
try { try {
textpipe.drawGlyphVector(this, gv, x, y); textpipe.drawGlyphVector(this, gv, x, y);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
textpipe.drawGlyphVector(this, gv, x, y); textpipe.drawGlyphVector(this, gv, x, y);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2914,8 +2936,8 @@ public final class SunGraphics2D
try { try {
textpipe.drawChars(this, data, offset, length, x, y); textpipe.drawChars(this, data, offset, length, x, y);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
textpipe.drawChars(this, data, offset, length, x, y); textpipe.drawChars(this, data, offset, length, x, y);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2951,8 +2973,8 @@ public final class SunGraphics2D
try { try {
textpipe.drawChars(this, chData, 0, length, x, y); textpipe.drawChars(this, chData, 0, length, x, y);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
textpipe.drawChars(this, chData, 0, length, x, y); textpipe.drawChars(this, chData, 0, length, x, y);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -2988,8 +3010,8 @@ public final class SunGraphics2D
return imagepipe.copyImage(this, img, dx, dy, sx, sy, return imagepipe.copyImage(this, img, dx, dy, sx, sy,
width, height, bgcolor, observer); width, height, bgcolor, observer);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
return imagepipe.copyImage(this, img, dx, dy, sx, sy, return imagepipe.copyImage(this, img, dx, dy, sx, sy,
width, height, bgcolor, observer); width, height, bgcolor, observer);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
@ -3025,8 +3047,8 @@ public final class SunGraphics2D
return imagepipe.scaleImage(this, img, x, y, width, height, return imagepipe.scaleImage(this, img, x, y, width, height,
bg, observer); bg, observer);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
return imagepipe.scaleImage(this, img, x, y, width, height, return imagepipe.scaleImage(this, img, x, y, width, height,
bg, observer); bg, observer);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
@ -3061,8 +3083,8 @@ public final class SunGraphics2D
try { try {
return imagepipe.copyImage(this, img, x, y, bg, observer); return imagepipe.copyImage(this, img, x, y, bg, observer);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
return imagepipe.copyImage(this, img, x, y, bg, observer); return imagepipe.copyImage(this, img, x, y, bg, observer);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -3138,8 +3160,8 @@ public final class SunGraphics2D
sx1, sy1, sx2, sy2, bgcolor, sx1, sy1, sx2, sy2, bgcolor,
observer); observer);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
return imagepipe.scaleImage(this, img, dx1, dy1, dx2, dy2, return imagepipe.scaleImage(this, img, dx1, dy1, dx2, dy2,
sx1, sy1, sx2, sy2, bgcolor, sx1, sy1, sx2, sy2, bgcolor,
observer); observer);
@ -3187,8 +3209,8 @@ public final class SunGraphics2D
try { try {
return imagepipe.transformImage(this, img, xform, observer); return imagepipe.transformImage(this, img, xform, observer);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
return imagepipe.transformImage(this, img, xform, observer); return imagepipe.transformImage(this, img, xform, observer);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to
@ -3213,8 +3235,8 @@ public final class SunGraphics2D
try { try {
imagepipe.transformImage(this, bImg, op, x, y); imagepipe.transformImage(this, bImg, op, x, y);
} catch (InvalidPipeException e) { } catch (InvalidPipeException e) {
revalidateAll();
try { try {
revalidateAll();
imagepipe.transformImage(this, bImg, op, x, y); imagepipe.transformImage(this, bImg, op, x, y);
} catch (InvalidPipeException e2) { } catch (InvalidPipeException e2) {
// Still catching the exception; we are not yet ready to // Still catching the exception; we are not yet ready to

22
jdk/src/share/classes/sun/java2d/opengl/OGLRenderer.java
View File

@ -27,6 +27,7 @@ package sun.java2d.opengl;
import java.awt.Transparency; import java.awt.Transparency;
import java.awt.geom.Path2D; import java.awt.geom.Path2D;
import sun.java2d.InvalidPipeException;
import sun.java2d.SunGraphics2D; import sun.java2d.SunGraphics2D;
import sun.java2d.loops.GraphicsPrimitive; import sun.java2d.loops.GraphicsPrimitive;
import sun.java2d.pipe.BufferedRenderPipe; import sun.java2d.pipe.BufferedRenderPipe;
@ -46,7 +47,12 @@ class OGLRenderer extends BufferedRenderPipe {
int ctxflags = int ctxflags =
sg2d.paint.getTransparency() == Transparency.OPAQUE ? sg2d.paint.getTransparency() == Transparency.OPAQUE ?
OGLContext.SRC_IS_OPAQUE : OGLContext.NO_CONTEXT_FLAGS; OGLContext.SRC_IS_OPAQUE : OGLContext.NO_CONTEXT_FLAGS;
OGLSurfaceData dstData = (OGLSurfaceData)sg2d.surfaceData; OGLSurfaceData dstData;
try {
dstData = (OGLSurfaceData)sg2d.surfaceData;
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
OGLContext.validateContext(dstData, dstData, OGLContext.validateContext(dstData, dstData,
sg2d.getCompClip(), sg2d.composite, sg2d.getCompClip(), sg2d.composite,
null, sg2d.paint, sg2d, ctxflags); null, sg2d.paint, sg2d, ctxflags);
@ -55,7 +61,12 @@ class OGLRenderer extends BufferedRenderPipe {
@Override @Override
protected void validateContextAA(SunGraphics2D sg2d) { protected void validateContextAA(SunGraphics2D sg2d) {
int ctxflags = OGLContext.NO_CONTEXT_FLAGS; int ctxflags = OGLContext.NO_CONTEXT_FLAGS;
OGLSurfaceData dstData = (OGLSurfaceData)sg2d.surfaceData; OGLSurfaceData dstData;
try {
dstData = (OGLSurfaceData)sg2d.surfaceData;
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
OGLContext.validateContext(dstData, dstData, OGLContext.validateContext(dstData, dstData,
sg2d.getCompClip(), sg2d.composite, sg2d.getCompClip(), sg2d.composite,
null, sg2d.paint, sg2d, ctxflags); null, sg2d.paint, sg2d, ctxflags);
@ -69,7 +80,12 @@ class OGLRenderer extends BufferedRenderPipe {
int ctxflags = int ctxflags =
sg2d.surfaceData.getTransparency() == Transparency.OPAQUE ? sg2d.surfaceData.getTransparency() == Transparency.OPAQUE ?
OGLContext.SRC_IS_OPAQUE : OGLContext.NO_CONTEXT_FLAGS; OGLContext.SRC_IS_OPAQUE : OGLContext.NO_CONTEXT_FLAGS;
OGLSurfaceData dstData = (OGLSurfaceData)sg2d.surfaceData; OGLSurfaceData dstData;
try {
dstData = (OGLSurfaceData)sg2d.surfaceData;
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
OGLContext.validateContext(dstData, dstData, OGLContext.validateContext(dstData, dstData,
sg2d.getCompClip(), sg2d.composite, sg2d.getCompClip(), sg2d.composite,
null, null, null, ctxflags); null, null, null, ctxflags);

6
jdk/src/share/classes/sun/java2d/pipe/BufferedContext.java
View File

@ -111,6 +111,8 @@ public abstract class BufferedContext {
* *
* Note: must be called while the RenderQueue lock is held. * Note: must be called while the RenderQueue lock is held.
* *
* It's assumed that the type of surfaces has been checked by the Renderer
*
* @throws InvalidPipeException if either src or dest surface is not valid * @throws InvalidPipeException if either src or dest surface is not valid
* or lost * or lost
* @see RenderQueue#lock * @see RenderQueue#lock
@ -135,6 +137,8 @@ public abstract class BufferedContext {
* *
* Note: must be called while the RenderQueue lock is held. * Note: must be called while the RenderQueue lock is held.
* *
* It's assumed that the type of surfaces has been checked by the Renderer
*
* @throws InvalidPipeException if the surface is not valid * @throws InvalidPipeException if the surface is not valid
* or lost * or lost
* @see RenderQueue#lock * @see RenderQueue#lock
@ -160,6 +164,8 @@ public abstract class BufferedContext {
* *
* Note: must be called while the RenderQueue lock is held. * Note: must be called while the RenderQueue lock is held.
* *
* It's assumed that the type of surfaces has been checked by the Renderer
*
* @throws InvalidPipeException if either src or dest surface is not valid * @throws InvalidPipeException if either src or dest surface is not valid
* or lost * or lost
*/ */

34
jdk/src/share/classes/sun/misc/JavaAWTAccess.java Normal file
View File

@ -0,0 +1,34 @@
/*
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.misc;
public interface JavaAWTAccess {
public Object get(Object key);
public void put(Object key, Object value);
public void remove(Object key);
public boolean isDisposed();
public boolean isMainAppContext();
}

11
jdk/src/share/classes/sun/misc/SharedSecrets.java
View File

@ -52,6 +52,7 @@ public class SharedSecrets {
private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess; private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess;
private static JavaSecurityProtectionDomainAccess javaSecurityProtectionDomainAccess; private static JavaSecurityProtectionDomainAccess javaSecurityProtectionDomainAccess;
private static JavaSecurityAccess javaSecurityAccess; private static JavaSecurityAccess javaSecurityAccess;
private static JavaAWTAccess javaAWTAccess;
public static JavaUtilJarAccess javaUtilJarAccess() { public static JavaUtilJarAccess javaUtilJarAccess() {
if (javaUtilJarAccess == null) { if (javaUtilJarAccess == null) {
@ -150,4 +151,14 @@ public class SharedSecrets {
} }
return javaSecurityAccess; return javaSecurityAccess;
} }
public static void setJavaAWTAccess(JavaAWTAccess jaa) {
javaAWTAccess = jaa;
}
public static JavaAWTAccess getJavaAWTAccess() {
// this may return null in which case calling code needs to
// provision for.
return javaAWTAccess;
}
} }

7
jdk/src/share/classes/sun/net/httpserver/Request.java
View File

@ -200,6 +200,13 @@ class Request {
v = new String(); v = new String();
else else
v = String.copyValueOf(s, keyend, len - keyend); v = String.copyValueOf(s, keyend, len - keyend);
if (hdrs.size() >= ServerConfig.getMaxReqHeaders()) {
throw new IOException("Maximum number of request headers (" +
"sun.net.httpserver.maxReqHeaders) exceeded, " +
ServerConfig.getMaxReqHeaders() + ".");
}
hdrs.add (k,v); hdrs.add (k,v);
len = 0; len = 0;
} }

64
jdk/src/share/classes/sun/net/httpserver/ServerConfig.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -35,32 +35,33 @@ import java.security.PrivilegedAction;
class ServerConfig { class ServerConfig {
static int clockTick; private static final int DEFAULT_CLOCK_TICK = 10000 ; // 10 sec.
static final int DEFAULT_CLOCK_TICK = 10000 ; // 10 sec.
/* These values must be a reasonable multiple of clockTick */ /* These values must be a reasonable multiple of clockTick */
static final long DEFAULT_IDLE_INTERVAL = 30 ; // 5 min private static final long DEFAULT_IDLE_INTERVAL = 30 ; // 5 min
static final int DEFAULT_MAX_IDLE_CONNECTIONS = 200 ; private static final int DEFAULT_MAX_IDLE_CONNECTIONS = 200 ;
static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever private static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever
static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever private static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever
static final long DEFAULT_TIMER_MILLIS = 1000; private static final long DEFAULT_TIMER_MILLIS = 1000;
private static final int DEFAULT_MAX_REQ_HEADERS = 200;
static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024; private static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024;
static long idleInterval;
static long drainAmount; // max # of bytes to drain from an inputstream
static int maxIdleConnections;
private static int clockTick;
private static long idleInterval;
// The maximum number of bytes to drain from an inputstream
private static long drainAmount;
private static int maxIdleConnections;
// The maximum number of request headers allowable
private static int maxReqHeaders;
// max time a request or response is allowed to take // max time a request or response is allowed to take
static long maxReqTime; private static long maxReqTime;
static long maxRspTime; private static long maxRspTime;
static long timerMillis; private static long timerMillis;
static boolean debug; private static boolean debug;
// the value of the TCP_NODELAY socket-level option // the value of the TCP_NODELAY socket-level option
static boolean noDelay; private static boolean noDelay;
static { static {
java.security.AccessController.doPrivileged( java.security.AccessController.doPrivileged(
@ -99,8 +100,7 @@ class ServerConfig {
} }
static void checkLegacyProperties(final Logger logger) {
static void checkLegacyProperties (final Logger logger) {
// legacy properties that are no longer used // legacy properties that are no longer used
// print a warning to logger if they are set. // print a warning to logger if they are set.
@ -137,35 +137,39 @@ class ServerConfig {
); );
} }
static boolean debugEnabled () { static boolean debugEnabled() {
return debug; return debug;
} }
static long getIdleInterval () { static long getIdleInterval() {
return idleInterval; return idleInterval;
} }
static int getClockTick () { static int getClockTick() {
return clockTick; return clockTick;
} }
static int getMaxIdleConnections () { static int getMaxIdleConnections() {
return maxIdleConnections; return maxIdleConnections;
} }
static long getDrainAmount () { static long getDrainAmount() {
return drainAmount; return drainAmount;
} }
static long getMaxReqTime () { static int getMaxReqHeaders() {
return maxReqHeaders;
}
static long getMaxReqTime() {
return maxReqTime; return maxReqTime;
} }
static long getMaxRspTime () { static long getMaxRspTime() {
return maxRspTime; return maxRspTime;
} }
static long getTimerMillis () { static long getTimerMillis() {
return timerMillis; return timerMillis;
} }

7
jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -661,7 +661,10 @@ class ForwardBuilder extends Builder {
+ "\n Subject: " + cert.getSubjectX500Principal() + ")"); + "\n Subject: " + cert.getSubjectX500Principal() + ")");
} }
ForwardState currState = (ForwardState) currentState; ForwardState currState = (ForwardState)currentState;
// Don't bother to verify untrusted certificate more.
currState.untrustedChecker.check(cert, Collections.<String>emptySet());
/* /*
* check for looping - abort a loop if * check for looping - abort a loop if

5
jdk/src/share/classes/sun/security/provider/certpath/ForwardState.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -79,6 +79,9 @@ class ForwardState implements State {
/* the checker used for revocation status */ /* the checker used for revocation status */
public CrlRevocationChecker crlChecker; public CrlRevocationChecker crlChecker;
/* the untrusted certificates checker */
UntrustedChecker untrustedChecker;
/* The list of user-defined checkers that support forward checking */ /* The list of user-defined checkers that support forward checking */
ArrayList<PKIXCertPathChecker> forwardCheckers; ArrayList<PKIXCertPathChecker> forwardCheckers;

4
jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -314,10 +314,12 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
pkixParam.isAnyPolicyInhibited(), pkixParam.isAnyPolicyInhibited(),
pkixParam.getPolicyQualifiersRejected(), pkixParam.getPolicyQualifiersRejected(),
rootNode); rootNode);
UntrustedChecker untrustedChecker = new UntrustedChecker();
ArrayList<PKIXCertPathChecker> certPathCheckers = ArrayList<PKIXCertPathChecker> certPathCheckers =
new ArrayList<PKIXCertPathChecker>(); new ArrayList<PKIXCertPathChecker>();
// add standard checkers that we will be using // add standard checkers that we will be using
certPathCheckers.add(untrustedChecker);
certPathCheckers.add(algorithmChecker); certPathCheckers.add(algorithmChecker);
certPathCheckers.add(keyChecker); certPathCheckers.add(keyChecker);
certPathCheckers.add(constraintsChecker); certPathCheckers.add(constraintsChecker);

6
jdk/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -347,6 +347,10 @@ class ReverseBuilder extends Builder {
return; return;
} }
// Don't bother to verify untrusted certificate more.
currentState.untrustedChecker.check(cert,
Collections.<String>emptySet());
/* /*
* check for looping - abort a loop if * check for looping - abort a loop if
* ((we encounter the same certificate twice) AND * ((we encounter the same certificate twice) AND

5
jdk/src/share/classes/sun/security/provider/certpath/ReverseState.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -99,6 +99,9 @@ class ReverseState implements State {
/* the algorithm checker */ /* the algorithm checker */
AlgorithmChecker algorithmChecker; AlgorithmChecker algorithmChecker;
/* the untrusted certificates checker */
UntrustedChecker untrustedChecker;
/* the trust anchor used to validate the path */ /* the trust anchor used to validate the path */
TrustAnchor trustAnchor; TrustAnchor trustAnchor;

9
jdk/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -284,6 +284,7 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
Iterator<TrustAnchor> iter = buildParams.getTrustAnchors().iterator(); Iterator<TrustAnchor> iter = buildParams.getTrustAnchors().iterator();
while (iter.hasNext()) { while (iter.hasNext()) {
TrustAnchor anchor = iter.next(); TrustAnchor anchor = iter.next();
/* check if anchor satisfies target constraints */ /* check if anchor satisfies target constraints */
if (anchorIsTarget(anchor, targetSel)) { if (anchorIsTarget(anchor, targetSel)) {
this.trustAnchor = anchor; this.trustAnchor = anchor;
@ -303,6 +304,7 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
currentState.crlChecker = currentState.crlChecker =
new CrlRevocationChecker(null, buildParams, null, onlyEECert); new CrlRevocationChecker(null, buildParams, null, onlyEECert);
currentState.algorithmChecker = new AlgorithmChecker(anchor); currentState.algorithmChecker = new AlgorithmChecker(anchor);
currentState.untrustedChecker = new UntrustedChecker();
try { try {
depthFirstSearchReverse(null, currentState, depthFirstSearchReverse(null, currentState,
new ReverseBuilder(buildParams, targetSubjectDN), adjacencyList, new ReverseBuilder(buildParams, targetSubjectDN), adjacencyList,
@ -349,6 +351,7 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
// init the crl checker // init the crl checker
currentState.crlChecker currentState.crlChecker
= new CrlRevocationChecker(null, buildParams, null, onlyEECert); = new CrlRevocationChecker(null, buildParams, null, onlyEECert);
currentState.untrustedChecker = new UntrustedChecker();
depthFirstSearchForward(targetSubjectDN, currentState, depthFirstSearchForward(targetSubjectDN, currentState,
new ForwardBuilder new ForwardBuilder
@ -645,8 +648,8 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
vertex.setIndex(adjList.size() - 1); vertex.setIndex(adjList.size() - 1);
/* recursively search for matching certs at next dN */ /* recursively search for matching certs at next dN */
depthFirstSearchForward(cert.getIssuerX500Principal(), nextState, builder, depthFirstSearchForward(cert.getIssuerX500Principal(),
adjList, certPathList); nextState, builder, adjList, certPathList);
/* /*
* If path has been completed, return ASAP! * If path has been completed, return ASAP!

89
jdk/src/share/classes/sun/security/provider/certpath/UntrustedChecker.java Normal file
View File

@ -0,0 +1,89 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.provider.certpath;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.cert.CertPathValidatorException;
import java.security.cert.PKIXCertPathChecker;
import java.util.Set;
import java.util.Collection;
import sun.security.util.Debug;
import sun.security.util.UntrustedCertificates;
/**
* A <code>PKIXCertPathChecker</code> implementation to check whether a
* specified certificate is distrusted.
*
* @see PKIXCertPathChecker
* @see PKIXParameters
*/
final public class UntrustedChecker extends PKIXCertPathChecker {
private static final Debug debug = Debug.getInstance("certpath");
/**
* Default Constructor
*/
public UntrustedChecker() {
// blank
}
@Override
public void init(boolean forward) throws CertPathValidatorException {
// Note that this class supports both forward and reverse modes.
}
@Override
public boolean isForwardCheckingSupported() {
// Note that this class supports both forward and reverse modes.
return true;
}
@Override
public Set<String> getSupportedExtensions() {
return null;
}
@Override
public void check(Certificate cert,
Collection<String> unresolvedCritExts)
throws CertPathValidatorException {
X509Certificate currCert = (X509Certificate)cert;
if (UntrustedCertificates.isUntrusted(currCert)) {
if (debug != null) {
debug.println("UntrustedChecker: untrusted certificate " +
currCert.getSubjectX500Principal());
}
throw new CertPathValidatorException(
"Untrusted certificate: " + currCert.getSubjectX500Principal());
}
}
}

741
jdk/src/share/classes/sun/security/util/UntrustedCertificates.java Normal file
View File

@ -0,0 +1,741 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.util;
import java.io.IOException;
import java.io.ByteArrayInputStream;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateException;
import java.util.Set;
import java.util.HashSet;
/**
* A utility class to check if a certificate is untrusted. This is an internal
* mechanism that explicitly marks a certificate as untrusted, normally in the
* case that a certificate is known to be used for malicious reasons.
*
* <b>Attention</b>: This check is NOT meant to replace the standard PKI-defined
* validation check, neither is it used as an alternative to CRL.
*/
public final class UntrustedCertificates {
private final static Set<X509Certificate> untrustedCerts = new HashSet<>();
/**
* Checks if a certificate is untrusted.
*
* @param cert the certificate to check
* @return true if the certificate is untrusted.
*/
public static boolean isUntrusted(X509Certificate cert) {
return untrustedCerts.contains(cert);
}
private static void add(String alias, String pemCert) {
// generate certificate from PEM certificate
try (ByteArrayInputStream is =
new ByteArrayInputStream(pemCert.getBytes())) {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate)cf.generateCertificate(is);
if (!untrustedCerts.add(cert)) {
throw new RuntimeException("Duplicate untrusted certificate: " +
cert.getSubjectX500Principal());
}
} catch (CertificateException | IOException e) {
throw new RuntimeException(
"Incorrect untrusted certificate: " + alias, e);
}
}
static {
// -----------------------------------------------------------------
// Compromised CAs of Digicert Malaysia
//
// Reported by Digicert in its announcement on November 05, 2011.
//
// Digicert Malaysia intermediate, cross-signed by CyberTrust
//
// Subject: CN=Digisign Server ID (Enrich),
// OU=457608-K,
// O=Digicert Sdn. Bhd.,
// C=MY
// Issuer: CN=GTE CyberTrust Global Root,
// OU=GTE CyberTrust Solutions, Inc.,
// O=GTE Corporation,
// C=US
// Serial: 120001705 (07:27:14:a9)
add("digicert-server-cross-to-cybertrust-4C0E636A",
"-----BEGIN CERTIFICATE-----\n" +
"MIIDyzCCAzSgAwIBAgIEBycUqTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV\n" +
"UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU\n" +
"cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds\n" +
"b2JhbCBSb290MB4XDTA3MDcxNzE1MTc0OFoXDTEyMDcxNzE1MTY1NFowYzELMAkG\n" +
"A1UEBhMCTVkxGzAZBgNVBAoTEkRpZ2ljZXJ0IFNkbi4gQmhkLjERMA8GA1UECxMI\n" +
"NDU3NjA4LUsxJDAiBgNVBAMTG0RpZ2lzaWduIFNlcnZlciBJRCAoRW5yaWNoKTCB\n" +
"nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArahkS02Hx4RZufuQRqCmicDx/tXa\n" +
"VII3DZkrRSYK6Fawf8qo9I5HhAGCKeOzarWR8/uVhbxyqGToCkCcxfRxrnt7agfq\n" +
"kBRPjYmvlKuyBtQCanuYH1m5Os1U+iDfsioK6bjdaZDAKdNO0JftZszFGUkGf/pe\n" +
"LHx7hRsyQt97lSUCAwEAAaOCAXgwggF0MBIGA1UdEwEB/wQIMAYBAf8CAQAwXAYD\n" +
"VR0gBFUwUzBIBgkrBgEEAbE+AQAwOzA5BggrBgEFBQcCARYtaHR0cDovL2N5YmVy\n" +
"dHJ1c3Qub21uaXJvb3QuY29tL3JlcG9zaXRvcnkuY2ZtMAcGBWCDSgEBMA4GA1Ud\n" +
"DwEB/wQEAwIB5jCBiQYDVR0jBIGBMH+heaR3MHUxCzAJBgNVBAYTAlVTMRgwFgYD\n" +
"VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv\n" +
"bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv\n" +
"b3SCAgGlMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly93d3cucHVibGljLXRydXN0\n" +
"LmNvbS9jZ2ktYmluL0NSTC8yMDE4L2NkcC5jcmwwHQYDVR0OBBYEFMYWk04WF+wW\n" +
"royUdvOGbcV0boR3MA0GCSqGSIb3DQEBBQUAA4GBAHYAe6Z4K2Ydjl42xqSOBfIj\n" +
"knyTZ9P0wAp9iy3Z6tVvGvPhSilaIoRNUC9LDPL/hcJ7VdREgr5trGeOvLQfkpxR\n" +
"gBoU9m6rYYgLrRx/90tQUdZlG6ZHcRVesHHzNRTyN71jyNXwk1o0X9g96F33xR7A\n" +
"5c8fhiSpPAdmzcHSNmNZ\n" +
"-----END CERTIFICATE-----");
// Digicert Malaysia intermediate, cross-signed by Entrust
//
// Subject: CN=Digisign Server ID - (Enrich),
// OU=457608-K,
// O=Digicert Sdn. Bhd.,
// C=MY
// Issuer: CN=Entrust.net Certification Authority (2048)
// OU=(c) 1999 Entrust.net Limited,
// OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),
// O=Entrust.net
// Serial: 1184644297 (4c:0e:63:6a)
add("digicert-server-cross-to-entrust-ca-4C0E636A",
"-----BEGIN CERTIFICATE-----\n" +
"MIIEzjCCA7agAwIBAgIETA5jajANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML\n" +
"RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp\n" +
"bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5\n" +
"IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp\n" +
"ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw0xMDA3MTYxNzIzMzdaFw0xNTA3\n" +
"MTYxNzUzMzdaMGUxCzAJBgNVBAYTAk1ZMRswGQYDVQQKExJEaWdpY2VydCBTZG4u\n" +
"IEJoZC4xETAPBgNVBAsTCDQ1NzYwOC1LMSYwJAYDVQQDEx1EaWdpc2lnbiBTZXJ2\n" +
"ZXIgSUQgLSAoRW5yaWNoKTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n" +
"AMWJ5PQNBkCSWccaszXRDkwqM/n4r8qef+65p21g9FTob9Wb8xtjMQRoctE0Foy0\n" +
"FyyX3nPF2JAVoBor9cuzSIZE8B2ITM5BQhrv9Qze/kDaOSD3BlU6ap1GwdJvpbLI\n" +
"Vz4po5zg6YV3ZuiYpyR+vsBZIOVEb7ZX2L7OwmV3WMZhQdF0BMh/SULFcqlyFu6M\n" +
"3RJdtErU0a9Qt9iqdXZorT5dqjBtYairEFs+E78z4K9EnTgiW+9ML6ZxJhUmyiiM\n" +
"2fqOjqmiFDXimySItPR/hZ2DTwehthSQNsQ0HI0mYW0Tb3i+6I8nx0uElqOGaAwj\n" +
"vgvsjJQAqQSKE5D334VsDLECAwEAAaOCATQwggEwMA4GA1UdDwEB/wQEAwIBBjAS\n" +
"BgNVHRMBAf8ECDAGAQH/AgEAMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcD\n" +
"AgYIKwYBBQUHAwQwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8v\n" +
"b2NzcC5lbnRydXN0Lm5ldDBEBgNVHSAEPTA7MDkGBWCDSgEBMDAwLgYIKwYBBQUH\n" +
"AgEWImh0dHA6Ly93d3cuZGlnaWNlcnQuY29tLm15L2Nwcy5odG0wMgYDVR0fBCsw\n" +
"KTAnoCWgI4YhaHR0cDovL2NybC5lbnRydXN0Lm5ldC8yMDQ4Y2EuY3JsMBEGA1Ud\n" +
"DgQKBAhMTswlKAMpgTAfBgNVHSMEGDAWgBRV5IHREYC+2Im5CKMx+aEkCRa5cDAN\n" +
"BgkqhkiG9w0BAQUFAAOCAQEAl0zvSjpJrHL8MCBrtClbp8WVBJD5MtXChWreA6E3\n" +
"+YkAsFqsVX7bQzX/yQH4Ub7MJsrIaqTEVD4mHucMo82XZ5TdpkLrXM2POXlrM3kh\n" +
"Bnn6gkQVmczBtznTRmJ8snDrb84gqj4Zt+l0gpy0pUtNYQA35IfS8hQ6ZHy4qXth\n" +
"4JMi59WfPkfmNnagU9gAAzoPtTP+lsrT0oI6Lt3XSOHkp2nMHOmZSufKcEXXCwcO\n" +
"mnUb0C+Sb/akB8O9HEumhLZ9qJqp0qcp8QtXaR6XVybsK0Os1EWDBQDp4/BGQAf6\n" +
"6rFRc5Mcpd1TETfIKqcVJx20qsx/qjEw/LhFn0gJ7RDixQ==\n" +
"-----END CERTIFICATE-----");
// -----------------------------------------------------------------
//
// No longer used certificates
//
// Subject: CN=Java Media APIs,
// OU=Java Signed Extensions,
// OU=Corporate Object Signing,
// O=Sun Microsystems Inc
// Issuer: CN=Object Signing CA,
// OU=Class 2 OnSite Subscriber CA,
// OU=VeriSign Trust Network,
// O=Sun Microsystems Inc
// Serial: 6a:8b:99:91:37:59:4f:89:53:e2:97:18:9f:19:1e:4e
add("java-media-pretrusted-9F191E4E",
"-----BEGIN CERTIFICATE-----\n" +
"MIIFdzCCBF+gAwIBAgIQaouZkTdZT4lT4pcYnxkeTjANBgkqhkiG9w0BAQUFADCB\n" +
"gzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxHzAdBgNVBAsTFlZlcmlT\n" +
"aWduIFRydXN0IE5ldHdvcmsxJTAjBgNVBAsTHENsYXNzIDIgT25TaXRlIFN1YnNj\n" +
"cmliZXIgQ0ExGjAYBgNVBAMTEU9iamVjdCBTaWduaW5nIENBMB4XDTA5MDUxMjAw\n" +
"MDAwMFoXDTEyMDUxMTIzNTk1OVowfTEdMBsGA1UEChQUU3VuIE1pY3Jvc3lzdGVt\n" +
"cyBJbmMxITAfBgNVBAsUGENvcnBvcmF0ZSBPYmplY3QgU2lnbmluZzEfMB0GA1UE\n" +
"CxQWSmF2YSBTaWduZWQgRXh0ZW5zaW9uczEYMBYGA1UEAxQPSmF2YSBNZWRpYSBB\n" +
"UElzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5blzoKTVE8y4Hpz\n" +
"q6E15RZz1bF5HnYEyYqgHkZXnAKedmYCoMzm1XK8s+gQWShLEvGEAvs5yqarx9gE\n" +
"nnC21N28aEZgIJMa2/arKxCUkS4pxdGPYGexL9UzSRkUpoBShCZKEGdmX7gfJE2K\n" +
"/sd9MFvGV5/yZtWXrADzvm0Kd/9mg1KRv1gfrZIq0TJbupoXPYYqb73AkI9eT2ZD\n" +
"q9MdwD4E5+oojsDFXt8GU/D00fUhtXpYwuplU7D667WHYdJhIah0ST6JywyqcLXG\n" +
"XSuFTXOgITT2idSHluZVmx3dqJ72u9kPkO4JdJTMDfaK8zgNLaRkiU8Qcj+qhLYH\n" +
"ytaqcwIDAQABo4IB6jCCAeYwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwfwYD\n" +
"VR0fBHgwdjB0oHKgcIZuaHR0cDovL29uc2l0ZWNybC52ZXJpc2lnbi5jb20vU3Vu\n" +
"TWljcm9zeXN0ZW1zSW5jQ29ycG9yYXRlT2JqZWN0U2lnbmluZ0phdmFTaWduZWRF\n" +
"eHRlbnNpb25zQ2xhc3NCL0xhdGVzdENSTC5jcmwwHwYDVR0jBBgwFoAUs0crgn5T\n" +
"tHPKuLsZt76BTQeVx+0wHQYDVR0OBBYEFKS32mVx0gNWTeS4ProHEaeSpvvIMDsG\n" +
"CCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL29uc2l0ZS1vY3NwLnZl\n" +
"cmlzaWduLmNvbTCBtQYDVR0gBIGtMIGqMDkGC2CGSAGG+EUBBxcCMCowKAYIKwYB\n" +
"BQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwbQYLYIZIAYb3AIN9\n" +
"nD8wXjAnBggrBgEFBQcCARYbaHR0cHM6Ly93d3cuc3VuLmNvbS9wa2kvY3BzMDMG\n" +
"CCsGAQUFBwICMCcaJVZhbGlkYXRlZCBGb3IgU3VuIEJ1c2luZXNzIE9wZXJhdGlv\n" +
"bnMwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQEFBQADggEBAAe6BO4W\n" +
"3TSNWfezyelJs6kE3HfulT6Bdyz4UUoh9ykXcV8nRwT+kh25I5MdyG2GfkJoADPR\n" +
"VhC5DYo13UFpIsTNVjq+hGYe2hML93bN7ad9SxCCyjHUo3yMz2qgBbHZI3VA9ZHA\n" +
"aWM4Tx0saMwbcnVvlbuGh+PXvStfypJqYT6lzcdFfjNVX4FI/QQNGhBswMY51tC8\n" +
"GTBCL2qhJon0gSCU4zaawDOf7+XxJWirLamYL1Aal1/h2z2sFrvA/1ftxtU3kZ6I\n" +
"7De8DyoHeZg7pYGdrj7g+lPhCga/WvEhN152I+aP08YbFcJHYmK05ngl/Ye4c6Bd\n" +
"cdrdfbw6QzEUIYY=\n" +
"-----END CERTIFICATE-----");
// Subject: CN=JavaFX 1.0 Runtime,
// OU=Java Signed Extensions,
// OU=Corporate Object Signing,
// O=Sun Microsystems Inc
// Issuer: CN=Object Signing CA,
// OU=Class 2 OnSite Subscriber CA,
// OU=VeriSign Trust Network,
// O=Sun Microsystems Inc
// Serial: 55:c0:e6:44:59:59:79:9e:d9:26:f1:b0:4a:1e:f0:27
add("java-fx10-pretrusted-4A1EF027",
"-----BEGIN CERTIFICATE-----\n" +
"MIIFezCCBGOgAwIBAgIQVcDmRFlZeZ7ZJvGwSh7wJzANBgkqhkiG9w0BAQUFADCB\n" +
"gzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxHzAdBgNVBAsTFlZlcmlT\n" +
"aWduIFRydXN0IE5ldHdvcmsxJTAjBgNVBAsTHENsYXNzIDIgT25TaXRlIFN1YnNj\n" +
"cmliZXIgQ0ExGjAYBgNVBAMTEU9iamVjdCBTaWduaW5nIENBMB4XDTA4MTAwOTAw\n" +
"MDAwMFoXDTExMTAwOTIzNTk1OVowgYAxHTAbBgNVBAoUFFN1biBNaWNyb3N5c3Rl\n" +
"bXMgSW5jMSEwHwYDVQQLFBhDb3Jwb3JhdGUgT2JqZWN0IFNpZ25pbmcxHzAdBgNV\n" +
"BAsUFkphdmEgU2lnbmVkIEV4dGVuc2lvbnMxGzAZBgNVBAMUEkphdmFGWCAxLjAg\n" +
"UnVudGltZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+WDc6+bu+4\n" +
"tmAcS/lBtUc02WOt9QZpVsXg9cG2pu/8bUtmDELa8iiYBVFpIs8DU58HLrGQtCUY\n" +
"SIAGOVPsOJoN29UKCDWfY9j5JeVhfhMGqk9DwrWhzgsjy4cpZ1pIp+k/fJ8zT8Ul\n" +
"aYLpow1vg3UNddsmwz02tN7cOrMw9WYIG4CRYnY1OrtJSfe2pYzheC4zyvR+aiVl\n" +
"nang2OtqikSQsNFOFHsLOJFxngy9LrO8evDSu25VTKI6zlWU6/bMeqtztJPN0VOn\n" +
"NyUrJZvkxZ207Jg0T693BGSxNC1n+ihztXogql8950M/pEuUbDjylv5FFvlp6DSB\n" +
"dDT2MkutmyMCAwEAAaOCAeowggHmMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeA\n" +
"MH8GA1UdHwR4MHYwdKByoHCGbmh0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29t\n" +
"L1N1bk1pY3Jvc3lzdGVtc0luY0NvcnBvcmF0ZU9iamVjdFNpZ25pbmdKYXZhU2ln\n" +
"bmVkRXh0ZW5zaW9uc0NsYXNzQi9MYXRlc3RDUkwuY3JsMB8GA1UdIwQYMBaAFLNH\n" +
"K4J+U7Rzyri7Gbe+gU0HlcftMB0GA1UdDgQWBBTjgufVi3XJ3gx1ewsA6Rr7BR4Z\n" +
"zjA7BggrBgEFBQcBAQQvMC0wKwYIKwYBBQUHMAGGH2h0dHA6Ly9vbnNpdGUtb2Nz\n" +
"cC52ZXJpc2lnbi5jb20wgbUGA1UdIASBrTCBqjA5BgtghkgBhvhFAQcXAjAqMCgG\n" +
"CCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMG0GC2CGSAGG\n" +
"9wCDfZw/MF4wJwYIKwYBBQUHAgEWG2h0dHBzOi8vd3d3LnN1bi5jb20vcGtpL2Nw\n" +
"czAzBggrBgEFBQcCAjAnGiVWYWxpZGF0ZWQgRm9yIFN1biBCdXNpbmVzcyBPcGVy\n" +
"YXRpb25zMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBBQUAA4IBAQAB\n" +
"YVJTTVe7rzyTO4jc3zajErOT/COkdQTfNo0eIX1QbNynFieJvwY/jRzUZwjktIFR\n" +
"2p4JtbpHGAtKtjOAOTieQ8xdDOoC1djzpE7/AbMvuvlTavtUKT+F7tPdhfXgWXJV\n" +
"6Wbt8jryKyk3zZGiEhauIwZUkfjRkEtffEmZWLUd8c8rURJjfC/XHH2oyurscoxc\n" +
"CjX29c9ynxSiS/VvQp1an0HvErGh69N48wj7cj8mtZ1yHzd2XCzSSR1OfTPfk0Pt\n" +
"yg51p7yJaFiH21PTZegEL6zyVNOYBTKwwIi2OzpwYalD3uvK6e3OKDrfFCOxu17u\n" +
"4PveESbrdyrmvLe7IVez\n" +
"-----END CERTIFICATE-----");
// Subject: CN=JavaFX Runtime,
// OU=Java Signed Extensions,
// OU=Corporate Object Signing,
// O=Sun Microsystems Inc
// Issuer: CN=Object Signing CA,
// OU=Class 2 OnSite Subscriber CA,
// OU=VeriSign Trust Network,
// O=Sun Microsystems Inc
// Serial: 47:f4:55:f1:da:4a:5e:f9:e3:f7:a8:03:62:17:c0:ff
add("javafx-runtime-pretrusted-6217C0FF",
"-----BEGIN CERTIFICATE-----\n" +
"MIIFdjCCBF6gAwIBAgIQR/RV8dpKXvnj96gDYhfA/zANBgkqhkiG9w0BAQUFADCB\n" +
"gzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxHzAdBgNVBAsTFlZlcmlT\n" +
"aWduIFRydXN0IE5ldHdvcmsxJTAjBgNVBAsTHENsYXNzIDIgT25TaXRlIFN1YnNj\n" +
"cmliZXIgQ0ExGjAYBgNVBAMTEU9iamVjdCBTaWduaW5nIENBMB4XDTA5MDEyOTAw\n" +
"MDAwMFoXDTEyMDEyOTIzNTk1OVowfDEdMBsGA1UEChQUU3VuIE1pY3Jvc3lzdGVt\n" +
"cyBJbmMxITAfBgNVBAsUGENvcnBvcmF0ZSBPYmplY3QgU2lnbmluZzEfMB0GA1UE\n" +
"CxQWSmF2YSBTaWduZWQgRXh0ZW5zaW9uczEXMBUGA1UEAxQOSmF2YUZYIFJ1bnRp\n" +
"bWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIzd0fAk8mI9ONc6RJ\n" +
"aGieioK2FLdXEwj8zL3vdGDVmBwyR1zwYkaOIFFgF9IW/8qc4iAYA5sGUY+0g8q3\n" +
"5DuYAxfTzBB5KdaYvbuq6GGnoHIWmTirXY+1friFp8lyXSvtuEaGB1VHaBoZchEg\n" +
"k+UgeVDA43dHwcT1Ov3DePczJRUes8T/QHzLX+BxUDG43vjyncCEO/AjqLZxXEz2\n" +
"xrNbKLcH3lGMJK7hdbfssUfF5BjC38Hn71HauYlA43b2no+2y0Sjulwzez2YPbDC\n" +
"0GLR3TnKtA8dqOrnl5t3DniDbfOBNtBE3VOydJO0XW57Ng1HRXD023nm9ECPY2xp\n" +
"0N/pAgMBAAGjggHqMIIB5jAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDB/BgNV\n" +
"HR8EeDB2MHSgcqBwhm5odHRwOi8vb25zaXRlY3JsLnZlcmlzaWduLmNvbS9TdW5N\n" +
"aWNyb3N5c3RlbXNJbmNDb3Jwb3JhdGVPYmplY3RTaWduaW5nSmF2YVNpZ25lZEV4\n" +
"dGVuc2lvbnNDbGFzc0IvTGF0ZXN0Q1JMLmNybDAfBgNVHSMEGDAWgBSzRyuCflO0\n" +
"c8q4uxm3voFNB5XH7TAdBgNVHQ4EFgQUvOdd0cKPj+Yik/iOBwTdphh5A+gwOwYI\n" +
"KwYBBQUHAQEELzAtMCsGCCsGAQUFBzABhh9odHRwOi8vb25zaXRlLW9jc3AudmVy\n" +
"aXNpZ24uY29tMIG1BgNVHSAEga0wgaowOQYLYIZIAYb4RQEHFwIwKjAoBggrBgEF\n" +
"BQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTBtBgtghkgBhvcAg32c\n" +
"PzBeMCcGCCsGAQUFBwIBFhtodHRwczovL3d3dy5zdW4uY29tL3BraS9jcHMwMwYI\n" +
"KwYBBQUHAgIwJxolVmFsaWRhdGVkIEZvciBTdW4gQnVzaW5lc3MgT3BlcmF0aW9u\n" +
"czATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQUFAAOCAQEAbGcf2NjL\n" +
"AI93HG6ny2BbepaZA1a8xa/R6uUc7xV+Qw6MgLwFD4Q4i6LWUztQDvg9l68MM2/i\n" +
"Y9LEi1KM4lcNbK5+D+t9x98wXBiuojXhVdp5ZmC03EyEBbriopdBsmXVLDSu/Y3+\n" +
"zowOO5xwpMK3dbgsSDs2Vt0UosD3FTcRaD3GNfOhXMp+o1grHNiXF9YgkmdQbPPZ\n" +
"DQ2KBhFPCRJXBGvyKOqno/DTg0sQ3crGH/C4/4t7mnQXWldZotmJUZ0ONc9oD+Q1\n" +
"JAaguUKqIwn9yZ093ie+JWHbYNid9IIIPXYgtRxmf9a376WBhqhu56uJftBJ7x9g\n" +
"eQ7Lot6CSWCiFw==\n" +
"-----END CERTIFICATE-----");
//
// Compromised Solaris INTERNAL DEVELOPMENT USE ONLY certificate
//
// Subject: CN=Solaris INTERNAL DEVELOPMENT USE ONLY,
// OU=Solaris Cryptographic Framework,
// OU=Corporate Object Signing,
// O=Sun Microsystems Inc
// Issuer: CN=Object Signing CA,
// OU=Class 2 OnSite Subscriber CA,
// OU=VeriSign Trust Network,
// O=Sun Microsystems Inc
// Serial: 77:29:77:52:6a:19:7b:9a:a6:a2:c7:99:a0:e1:cd:8c
add("solaris-internal-dev-A0E1CD8C",
"-----BEGIN CERTIFICATE-----\n" +
"MIIFHjCCBAagAwIBAgIQdyl3UmoZe5qmoseZoOHNjDANBgkqhkiG9w0BAQUFADCB\n" +
"gzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxHzAdBgNVBAsTFlZlcmlT\n" +
"aWduIFRydXN0IE5ldHdvcmsxJTAjBgNVBAsTHENsYXNzIDIgT25TaXRlIFN1YnNj\n" +
"cmliZXIgQ0ExGjAYBgNVBAMTEU9iamVjdCBTaWduaW5nIENBMB4XDTA3MDEwNDAw\n" +
"MDAwMFoXDTEwMDEwMzIzNTk1OVowgZwxHTAbBgNVBAoUFFN1biBNaWNyb3N5c3Rl\n" +
"bXMgSW5jMSEwHwYDVQQLFBhDb3Jwb3JhdGUgT2JqZWN0IFNpZ25pbmcxKDAmBgNV\n" +
"BAsUH1NvbGFyaXMgQ3J5cHRvZ3JhcGhpYyBGcmFtZXdvcmsxLjAsBgNVBAMUJVNv\n" +
"bGFyaXMgSU5URVJOQUwgREVWRUxPUE1FTlQgVVNFIE9OTFkwgZ8wDQYJKoZIhvcN\n" +
"AQEBBQADgY0AMIGJAoGBALbNU4hf3mD5ArDI9pjgioAyvV3bjMPRQdCZniIeGJBp\n" +
"odFlSEH+Mh64W1DsY8coeZ7FvvGJkx9IpTMJW9k8w1oJK9UNqHyAQfaYjQyXi3xQ\n" +
"LJp62EvYdGfDlwOZejEcR/MbzZG+GOPMMvQj5+xyFDvLXNGfQNTnxw2qnBgCJXjj\n" +
"AgMBAAGjggH1MIIB8TAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDCBiQYDVR0f\n" +
"BIGBMH8wfaB7oHmGd2h0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL1N1bk1p\n" +
"Y3Jvc3lzdGVtc0luY0NvcnBvcmF0ZU9iamVjdFNpZ25pbmdTb2xhcmlzQ3J5cHRv\n" +
"Z3JhcGhpY0ZyYW1ld29ya0NsYXNzQi9MYXRlc3RDUkwuY3JsMB8GA1UdIwQYMBaA\n" +
"FLNHK4J+U7Rzyri7Gbe+gU0HlcftMB0GA1UdDgQWBBRpfiGYkehTnsIzuN2H6AFb\n" +
"VCZG8jA7BggrBgEFBQcBAQQvMC0wKwYIKwYBBQUHMAGGH2h0dHA6Ly9vbnNpdGUt\n" +
"b2NzcC52ZXJpc2lnbi5jb20wgbUGA1UdIASBrTCBqjA5BgtghkgBhvhFAQcXAjAq\n" +
"MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMG0GC2CG\n" +
"SAGG9wCDfZw/MF4wJwYIKwYBBQUHAgEWG2h0dHBzOi8vd3d3LnN1bi5jb20vcGtp\n" +
"L2NwczAzBggrBgEFBQcCAjAnFiVWYWxpZGF0ZWQgRm9yIFN1biBCdXNpbmVzcyBP\n" +
"cGVyYXRpb25zMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBBQUAA4IB\n" +
"AQCG5soy3LFHTFbA8/5SzDRhQoJkHUnOP0t3b6nvX6vZYRp649fje7TQOPRm1pFd\n" +
"CZ17J+tggdZwgzTqY4aYpJ00jZaK6pV37q/vgFC/ia6jDs8Q+ly9cEcadBZ5loYg\n" +
"cmxp9p57W2MNWx8VA8oFdNtKfF0jUNXbLNtvwGHmgR6YcwLrGN1b6/9Lt9bO3ODl\n" +
"FO+ZDwkfQz5ClUVrTx2dGBvKRYFqSG5S8JAfsgYhPvcacUQkA7ExyKvfRXLWVrce\n" +
"ZiPpcElbx+819H2sAPvVvparVeAruZGMAtejHZp9NFoowKen5drJp9VxePS4eM49\n" +
"3DepB6lKRrNRw66LNQol4ZBz\n" +
"-----END CERTIFICATE-----");
// -----------------------------------------------------------------
// Compromised CAs of DigiNotar
//
// Reported by Fox-IT in its interim report on September 5, 2011,
// "DigiNotar Certificate Authority breach 'Operation Black Tulip'".
//
//
// Compromised DigiNotar Cyber CA
//
// DigiNotar intermediate, cross-signed by CyberTrust
//
// Subject: EMAILADDRESS=info@diginotar.nl, CN=DigiNotar Cyber CA,
// O=DigiNotar, C=NL
// Issuer: CN=GTE CyberTrust Global Root,
// OU=GTE CyberTrust Solutions, Inc.,
// O=GTE Corporation,
// C=US
// Serial: 120000525 (07:27:10:0D)
add("info-at-diginotar-cyber-ca-cross-to-gte-cybertrust-0727100D",
"-----BEGIN CERTIFICATE-----\n" +
"MIIFWjCCBMOgAwIBAgIEBycQDTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV\n" +
"UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU\n" +
"cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds\n" +
"b2JhbCBSb290MB4XDTA2MTAwNDEwNTQxMVoXDTExMTAwNDEwNTMxMVowYDELMAkG\n" +
"A1UEBhMCTkwxEjAQBgNVBAoTCURpZ2lOb3RhcjEbMBkGA1UEAxMSRGlnaU5vdGFy\n" +
"IEN5YmVyIENBMSAwHgYJKoZIhvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIw\n" +
"DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANLOFQotqF6EZ639vu9Gx8i5z3P8\n" +
"9DS5+SxD52ATPXrjss87Z2yQrcC5P4RS8DVC3HTcKDu9UrSnrHJFF8bwieu0qiXy\n" +
"XUte0dmHutZ9fPXOMp8QM8WxSrtekTHC0OlBwpFkfglBO9uLCDdqqspS3rU5HsCI\n" +
"A6U/i5kTYUO1m4Kz7iBvz6FEouova0CfjytXraFTwoUiaZ2gP1HfC0GRDaXhqKpc\n" +
"SQhdvd5wQbEPyWNr0380dAIvNFp4dRxoeoFnivPaQPBgY/SSINcDpj2jHmfEhBtB\n" +
"pcmM5r3qSLYFFgizNxJa92E89zhvLpfgb1Y4VNMota0Ubi5LZLUnZbd1JQm2Bz2V\n" +
"VgIKgmCyc0XgMyZRdJq51FAc9k1bW1JSE1qmf6cO4ehBVGeYjIfVydNsy9NUkgYJ\n" +
"NEH3gW8/nsl8dVWw58Gzd+jDxAA1lUBwEEoF3iW7n1mlZLxHYL9g43aLE1Xd4XR6\n" +
"uc8kpmp/3mQiRFhogmoQ+T3lPhu5vfwi9GAEibtVbShV+t6OjRshFNc3izR7Tfay\n" +
"shDPM7F9HGKZSMsrbHaWVb8ZDR0fu2WqG46ZtcYokOWCLXhQIJr9eS8kf/CJKWn0\n" +
"fc1zvrPtTsHR7VJej/e4142HrbLZG1ES/1az4a80fVykeIgQnp0DxqWqoiRR90kU\n" +
"xbHuWUOV36toKDA/AgMBAAGjggGGMIIBgjASBgNVHRMBAf8ECDAGAQH/AgEBMFMG\n" +
"A1UdIARMMEowSAYJKwYBBAGxPgEAMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93d3cu\n" +
"cHVibGljLXRydXN0LmNvbS9DUFMvT21uaVJvb3QuaHRtbDAOBgNVHQ8BAf8EBAMC\n" +
"AQYwgaAGA1UdIwSBmDCBlYAUpgwdn2H/Bxe1vzhG20Mw1Y6wUgaheaR3MHUxCzAJ\n" +
"BgNVBAYTAlVTMRgwFgYDVQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdU\n" +
"RSBDeWJlclRydXN0IFNvbHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVy\n" +
"VHJ1c3QgR2xvYmFsIFJvb3SCAgGlMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly93\n" +
"d3cucHVibGljLXRydXN0LmNvbS9jZ2ktYmluL0NSTC8yMDE4L2NkcC5jcmwwHQYD\n" +
"VR0OBBYEFKv5aN/PSjfXe0WMX3LeQETDZbvCMA0GCSqGSIb3DQEBBQUAA4GBAI9o\n" +
"a6VbB7pEZg4cqFwwezPkCiYE/O+eGjjWLqEf0JlHwnVkJP2eOyh2uSYoYZEMbSz4\n" +
"BJ98UAHV42mv7xXSRZskCSpmBU8lgcpdvqrBWSeuM46C9990sFWzjvjnN8huqlZE\n" +
"9r1TgSOWPbT6MopTZkQloiXGpjwljPDgKAYityZB\n" +
"-----END CERTIFICATE-----");
// DigiNotar intermediate, cross-signed by CyberTrust
//
// Subject: CN=DigiNotar Cyber CA, O=DigiNotar, C=NL
// Issuer: CN=GTE CyberTrust Global Root,
// OU=GTE CyberTrust Solutions, Inc.,
// O=GTE Corporation,
// C=US
// Serial: 120000505 (07:27:0F:F9)
add("diginotar-cyber-ca-cross-to-gte-cybertrust-07270FF9",
"-----BEGIN CERTIFICATE-----\n" +
"MIIFODCCBKGgAwIBAgIEBycP+TANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV\n" +
"UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU\n" +
"cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds\n" +
"b2JhbCBSb290MB4XDTA2MDkyMDA5NDUzMloXDTEzMDkyMDA5NDQwNlowPjELMAkG\n" +
"A1UEBhMCTkwxEjAQBgNVBAoTCURpZ2lOb3RhcjEbMBkGA1UEAxMSRGlnaU5vdGFy\n" +
"IEN5YmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0s4VCi2o\n" +
"XoRnrf2+70bHyLnPc/z0NLn5LEPnYBM9euOyzztnbJCtwLk/hFLwNULcdNwoO71S\n" +
"tKesckUXxvCJ67SqJfJdS17R2Ye61n189c4ynxAzxbFKu16RMcLQ6UHCkWR+CUE7\n" +
"24sIN2qqylLetTkewIgDpT+LmRNhQ7WbgrPuIG/PoUSi6i9rQJ+PK1etoVPChSJp\n" +
"naA/Ud8LQZENpeGoqlxJCF293nBBsQ/JY2vTfzR0Ai80Wnh1HGh6gWeK89pA8GBj\n" +
"9JIg1wOmPaMeZ8SEG0GlyYzmvepItgUWCLM3Elr3YTz3OG8ul+BvVjhU0yi1rRRu\n" +
"LktktSdlt3UlCbYHPZVWAgqCYLJzReAzJlF0mrnUUBz2TVtbUlITWqZ/pw7h6EFU\n" +
"Z5iMh9XJ02zL01SSBgk0QfeBbz+eyXx1VbDnwbN36MPEADWVQHAQSgXeJbufWaVk\n" +
"vEdgv2DjdosTVd3hdHq5zySman/eZCJEWGiCahD5PeU+G7m9/CL0YASJu1VtKFX6\n" +
"3o6NGyEU1zeLNHtN9rKyEM8zsX0cYplIyytsdpZVvxkNHR+7Zaobjpm1xiiQ5YIt\n" +
"eFAgmv15LyR/8IkpafR9zXO+s+1OwdHtUl6P97jXjYetstkbURL/VrPhrzR9XKR4\n" +
"iBCenQPGpaqiJFH3SRTFse5ZQ5Xfq2goMD8CAwEAAaOCAYYwggGCMBIGA1UdEwEB\n" +
"/wQIMAYBAf8CAQEwUwYDVR0gBEwwSjBIBgkrBgEEAbE+AQAwOzA5BggrBgEFBQcC\n" +
"ARYtaHR0cDovL3d3dy5wdWJsaWMtdHJ1c3QuY29tL0NQUy9PbW5pUm9vdC5odG1s\n" +
"MA4GA1UdDwEB/wQEAwIBBjCBoAYDVR0jBIGYMIGVgBSmDB2fYf8HF7W/OEbbQzDV\n" +
"jrBSBqF5pHcwdTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlv\n" +
"bjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMwIQYD\n" +
"VQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdIICAaUwRQYDVR0fBD4wPDA6\n" +
"oDigNoY0aHR0cDovL3d3dy5wdWJsaWMtdHJ1c3QuY29tL2NnaS1iaW4vQ1JMLzIw\n" +
"MTgvY2RwLmNybDAdBgNVHQ4EFgQUq/lo389KN9d7RYxfct5ARMNlu8IwDQYJKoZI\n" +
"hvcNAQEFBQADgYEACcpiD427SuDUejUrBi3RKGG2rAH7g0m8rtQvLYauGYOl1h0T\n" +
"4he+/jJ06XoUOMqUXvcpAWlxG5Ea/aO7qh3Ke+IW/aGjDvMMX7LhIDGUK16Sdu36\n" +
"6bUjpr8KOwOpb1JgVM1f6bcvfKIn/UGDdbYN+3gm87FF6TKVKho1IZXFonU=\n" +
"-----END CERTIFICATE-----");
// DigiNotar intermediate, cross-signed by CyberTrust
//
// Subject: CN=DigiNotar Cyber CA, O=DigiNotar, C=NL
// Issuer: CN=GTE CyberTrust Global Root,
// OU=GTE CyberTrust Solutions, Inc.,
// O=GTE Corporation,
// C=US
// Serial: 120000515 (07:27:10:03)
add("diginotar-cyber-ca-cross-to-gte-cybertrust-07271003",
"-----BEGIN CERTIFICATE-----\n" +
"MIIFODCCBKGgAwIBAgIEBycQAzANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV\n" +
"UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU\n" +
"cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds\n" +
"b2JhbCBSb290MB4XDTA2MDkyNzEwNTMzMloXDTExMDkyNzEwNTIzMFowPjELMAkG\n" +
"A1UEBhMCTkwxEjAQBgNVBAoTCURpZ2lOb3RhcjEbMBkGA1UEAxMSRGlnaU5vdGFy\n" +
"IEN5YmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0s4VCi2o\n" +
"XoRnrf2+70bHyLnPc/z0NLn5LEPnYBM9euOyzztnbJCtwLk/hFLwNULcdNwoO71S\n" +
"tKesckUXxvCJ67SqJfJdS17R2Ye61n189c4ynxAzxbFKu16RMcLQ6UHCkWR+CUE7\n" +
"24sIN2qqylLetTkewIgDpT+LmRNhQ7WbgrPuIG/PoUSi6i9rQJ+PK1etoVPChSJp\n" +
"naA/Ud8LQZENpeGoqlxJCF293nBBsQ/JY2vTfzR0Ai80Wnh1HGh6gWeK89pA8GBj\n" +
"9JIg1wOmPaMeZ8SEG0GlyYzmvepItgUWCLM3Elr3YTz3OG8ul+BvVjhU0yi1rRRu\n" +
"LktktSdlt3UlCbYHPZVWAgqCYLJzReAzJlF0mrnUUBz2TVtbUlITWqZ/pw7h6EFU\n" +
"Z5iMh9XJ02zL01SSBgk0QfeBbz+eyXx1VbDnwbN36MPEADWVQHAQSgXeJbufWaVk\n" +
"vEdgv2DjdosTVd3hdHq5zySman/eZCJEWGiCahD5PeU+G7m9/CL0YASJu1VtKFX6\n" +
"3o6NGyEU1zeLNHtN9rKyEM8zsX0cYplIyytsdpZVvxkNHR+7Zaobjpm1xiiQ5YIt\n" +
"eFAgmv15LyR/8IkpafR9zXO+s+1OwdHtUl6P97jXjYetstkbURL/VrPhrzR9XKR4\n" +
"iBCenQPGpaqiJFH3SRTFse5ZQ5Xfq2goMD8CAwEAAaOCAYYwggGCMBIGA1UdEwEB\n" +
"/wQIMAYBAf8CAQEwUwYDVR0gBEwwSjBIBgkrBgEEAbE+AQAwOzA5BggrBgEFBQcC\n" +
"ARYtaHR0cDovL3d3dy5wdWJsaWMtdHJ1c3QuY29tL0NQUy9PbW5pUm9vdC5odG1s\n" +
"MA4GA1UdDwEB/wQEAwIBBjCBoAYDVR0jBIGYMIGVgBSmDB2fYf8HF7W/OEbbQzDV\n" +
"jrBSBqF5pHcwdTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlv\n" +
"bjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMwIQYD\n" +
"VQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdIICAaUwRQYDVR0fBD4wPDA6\n" +
"oDigNoY0aHR0cDovL3d3dy5wdWJsaWMtdHJ1c3QuY29tL2NnaS1iaW4vQ1JMLzIw\n" +
"MTgvY2RwLmNybDAdBgNVHQ4EFgQUq/lo389KN9d7RYxfct5ARMNlu8IwDQYJKoZI\n" +
"hvcNAQEFBQADgYEAWcyGZhizJlRP1jjNupZey+yZG6oMDW4Z11boriMHbYPCndBE\n" +
"bVh07zmPbZsihOw9w/vm5KbVX5CgxUv4Rhzh/20Faixf3P3bpWg0qgzHVVusNVR/\n" +
"P50aKkpdK3hp+QLl56e+lWOddSAINIpmcuyDI1hyuzB+GJEASm9tNU/6rs8=\n" +
"-----END CERTIFICATE-----");
//
// Compromised DigiNotar Root CA
//
// DigiNotar intermediate, cross-signed by Entrust
//
// Subject: EMAILADDRESS=info@diginotar.nl,
// CN=DigiNotar Root CA,
// O=DigiNotar, C=NL
// Issuer: CN=Entrust.net Secure Server Certification Authority
// OU=(c) 1999 Entrust.net Limited,
// OU=www.entrust.net/CPS incorp. by ref. (limits liab.),
// O=Entrust.net,
// C=US,
// Serial: 1184644297 (46:9C:3C:C9)
add("info-at-diginotar-root-ca-cross-to-entrust-secure-server-469C3CC9",
"-----BEGIN CERTIFICATE-----\n" +
"MIIFSDCCBLGgAwIBAgIERpw8yTANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA0\n" +
"MjYwNTAwMDBaFw0xMzA4MTQyMDEyMzZaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" +
"EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" +
"hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" +
"ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" +
"OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" +
"hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" +
"gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" +
"IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" +
"BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" +
"Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" +
"5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" +
"DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" +
"9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" +
"7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" +
"ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" +
"BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" +
"BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" +
"VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" +
"bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" +
"A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" +
"BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAI979rBep8tu3TeLunapgsZ0jtXp\n" +
"GDFjKWSk87dj1jCyYi+q/GyDyZ6ZQZNRP0sF+6twscq05lClWNy3TROMp7QeuoLO\n" +
"G7Utw3OJaswUtp4YglANMRTHEe3g9ltifUXRH5tSuy7u6yi4LD4WTm5ULP6r/g6l\n" +
"0CnjXYb0+b1Fmz6U\n" +
"-----END CERTIFICATE-----");
// DigiNotar intermediate, cross-signed by Entrust
//
// Subject: EMAILADDRESS=info@diginotar.nl,
// CN=DigiNotar Root CA,
// O=DigiNotar, C=NL
// Issuer: CN=Entrust.net Secure Server Certification Authority
// OU=(c) 1999 Entrust.net Limited,
// OU=www.entrust.net/CPS incorp. by ref. (limits liab.),
// O=Entrust.net,
// C=US,
// Serial: 1184640175 (46:9C:2C:AF)
add("info-at-diginotar-root-ca-cross-to-entrust-secure-server-469C2CAF",
"-----BEGIN CERTIFICATE-----\n" +
"MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" +
"MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" +
"EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" +
"hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" +
"ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" +
"OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" +
"hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" +
"gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" +
"IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" +
"BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" +
"Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" +
"5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" +
"DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" +
"9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" +
"7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" +
"ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" +
"BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" +
"BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" +
"VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" +
"bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" +
"A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" +
"BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" +
"xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" +
"ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" +
"ZFdYf+hthc3m6IcJ\n" +
"-----END CERTIFICATE-----");
//
// Compromised DigiNotar PKIoverheid CA Organisatie - G2
//
// DigiNotar intermediate, cross-signed by the Dutch government
//
// Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2,
// O=DigiNotar B.V.,
// C=NL
// Issuer: CN=Staat der Nederlanden Organisatie CA - G2,
// O=Staat der Nederlanden,
// C=NL
// Serial: 20001983 (01:31:34:bf)
add("diginotar-pkioverheid-organisatie-cross-to-nederlanden-013134BF",
"-----BEGIN CERTIFICATE-----\n" +
"MIIGnDCCBISgAwIBAgIEATE0vzANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJO\n" +
"TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMTIwMAYDVQQDDClTdGFh\n" +
"dCBkZXIgTmVkZXJsYW5kZW4gT3JnYW5pc2F0aWUgQ0EgLSBHMjAeFw0xMDA1MTIw\n" +
"ODUxMzhaFw0yMDAzMjMwOTUwMDRaMFoxCzAJBgNVBAYTAk5MMRcwFQYDVQQKDA5E\n" +
"aWdpTm90YXIgQi5WLjEyMDAGA1UEAwwpRGlnaU5vdGFyIFBLSW92ZXJoZWlkIENB\n" +
"IE9yZ2FuaXNhdGllIC0gRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\n" +
"AQCxExkPJ+Zs1FWGS9DsiYpFkXisR71HK+T8RetPtCZzWzfTw3/2497Xo/gtaMUI\n" +
"PkuU1uSHJTZrhLUYdPMoWHMvm2rPvAQe9t7dr/xLqvXbZmIlASWC3vKXWhBu3V2p\n" +
"IrEEqSNzOvhxrR3PhETrR9Gvbch8KKvH8jd6dF9fxQIUiqNa4xtsAeNdjtlo1vQJ\n" +
"GzLckbUs9SDrjANtJkm4k8SFXdjSm69WaswFM8ygQp40VUSca6DUEtArVM23iQ3l\n" +
"9uvo+4UBM096a/GdcjOWDveyhKWlJ8Qn8VFzKXe6Z27+TNy04qGhgS85SY1DOBPO\n" +
"0KVcwoc6AGdlQiPxNlkKHaNRyLyjlCox3+M88p0aPASw77EKMBNzttfzo0wBdRSF\n" +
"eMDXijlYhVD6LubFvs+LP6+PNtQlCS3SD6xyk/K/i9RQs/kVUJuZ9RTZ+4uRozIm\n" +
"JqD43ztggYaDeVsr6xM9KTrBbd29no6H1kquNJcF7hSm9tw4fkrpJFQHPZdoN0Zr\n" +
"DceoIa8TVOQJavFNRgrJXfubT73e+7dUy7g4nKc5+2otwHuNq6WnV+xKkoozxeEg\n" +
"XHPYkJIrgNUPhhhpfDlPhIa890xb89W0yqDC8DciynlSH1PmqvOQsDvd8ij9rOvF\n" +
"BiSgydQvD1j9tZ7sD8+yWdCiBHo4aq5y+73wJWKUCacFCwIDAQABo4IBYTCCAV0w\n" +
"SAYDVR0gBEEwPzA9BgRVHSAAMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cuZGln\n" +
"aW5vdGFyLm5sL2Nwcy9wa2lvdmVyaGVpZDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud\n" +
"DwEB/wQEAwIBBjCBhQYDVR0jBH4wfIAUORCLSZJc22ESIM1JnRqO2pxnQLmhXqRc\n" +
"MFoxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIgTmVkZXJsYW5kZW4x\n" +
"KzApBgNVBAMMIlN0YWF0IGRlciBOZWRlcmxhbmRlbiBSb290IENBIC0gRzKCBACY\n" +
"lvQwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5wa2lvdmVyaGVpZC5ubC9E\n" +
"b21PcmdhbmlzYXRpZUxhdGVzdENSTC1HMi5jcmwwHQYDVR0OBBYEFLxdlDvZq3sD\n" +
"JXNhwtst7vyrj2WhMA0GCSqGSIb3DQEBCwUAA4ICAQCP/C1Mt9kt1R+978v0t2gX\n" +
"dZ1O1ffdnPEqJu2forYcA9VTs+wIzzTi48P0tRYvyMO+19NzqwA2+RpKftZj6V5G\n" +
"uqW2jhW3oyrYQx3vXcgfgYWzi/f/PPTZ9EYIP5y8HaDZqEzNJVJOCrEg9x/pQ9lU\n" +
"RoETmsBedGwqmDLq/He7DaWiMZgifnx859qkrey3LhoZcfhIUNpDjyyE3cFAJ+O1\n" +
"8BVOltT4XOOGKUYr1zsH6zh/yIZXl9PvKjPEF1DVZGlrK2tFXl0vF8paTs/D1zk8\n" +
"9TufRrmb5w5Jl53W1eMbD+qPAU6aE5RZCgIHSEsaYKt/T+0L2FUNaG9VnGllFULs\n" +
"wNzdbKzDFs4LHVabpMTE0i7gD+JEJytQaaTcYuiKISlCbMwAOpZ2m+9AwKRed4Qy\n" +
"bCYqOWauXeO5ubIsaB8empADOfCqs6TMSYsYNOk3yXspx4R8b0QVL+xhWQTJRcui\n" +
"1lKifH8pktZKxYtCqNT+6tjHhyMY5J16fXNAUpigrm7jBT8FD+Clxm1N7YM3iJzH\n" +
"89xCmmq21yFJNnfy7xhPxXDZnunetyuL9Lx+KN8NQMmFXK6dxTH/0FwOtah+8Okv\n" +
"uq+IruW10Vilr5xxpykBkINpN4IFuvwJwQhujHg7wzMCgD9EhQgd31VWCK0shS1d\n" +
"sQPhrqp0xaTzTro3mHuCuQ==\n" +
"-----END CERTIFICATE-----");
//
// Compromised DigiNotar PKIoverheid CA Overheid en Bedrijven
//
// DigiNotar intermediate, cross-signed by the Dutch government
//
// Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven,
// O=DigiNotar B.V.,
// C=NL
// Issuer: CN=Staat der Nederlanden Overheid CA
// O=Staat der Nederlanden,
// C=NL
// Serial: 20015536 (01:31:69:b0)
add("diginotar-pkioverheid-overheid-enb-cross-to-nederlanden-013169B0",
"-----BEGIN CERTIFICATE-----\n" +
"MIIEiDCCA3CgAwIBAgIEATFpsDANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJO\n" +
"TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSowKAYDVQQDEyFTdGFh\n" +
"dCBkZXIgTmVkZXJsYW5kZW4gT3ZlcmhlaWQgQ0EwHhcNMDcwNzA1MDg0MjA3WhcN\n" +
"MTUwNzI3MDgzOTQ2WjBfMQswCQYDVQQGEwJOTDEXMBUGA1UEChMORGlnaU5vdGFy\n" +
"IEIuVi4xNzA1BgNVBAMTLkRpZ2lOb3RhciBQS0lvdmVyaGVpZCBDQSBPdmVyaGVp\n" +
"ZCBlbiBCZWRyaWp2ZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc\n" +
"vdKnTmoKuzuiheF/AK2+tDBomAfNoHrElM9x+Yo35FPrV3bMi+Zs/u6HVcg+uwQ5\n" +
"AKeAeKxbT370vbhUuHE7BzFJOZNUfCA7eSuPu2GQfbGs5h+QLp1FAalkLU3DL7nn\n" +
"UNVOKlyrdnY3Rtd57EKZ96LspIlw3Dgrh6aqJOadkiQbvvb91C8ZF3rmMgeUVAVT\n" +
"Q+lsvK9Hy7zL/b07RBKB8WtLu+20z6slTxjSzAL8o0+1QjPLWc0J3NNQ/aB2jKx+\n" +
"ZopC9q0ckvO2+xRG603XLzDgbe5bNr5EdLcgBVeFTegAGaL2DOauocBC36esgl3H\n" +
"aLcY5olLmmv6znn58yynAgMBAAGjggFQMIIBTDBIBgNVHSAEQTA/MD0GBFUdIAAw\n" +
"NTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5kaWdpbm90YXIubmwvY3BzL3BraW92\n" +
"ZXJoZWlkMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMIGABgNVHSME\n" +
"eTB3gBQLhtYPd6NosftkCcOIblwEHFfpPaFZpFcwVTELMAkGA1UEBhMCTkwxHjAc\n" +
"BgNVBAoTFVN0YWF0IGRlciBOZWRlcmxhbmRlbjEmMCQGA1UEAxMdU3RhYXQgZGVy\n" +
"IE5lZGVybGFuZGVuIFJvb3QgQ0GCBACYmnkwPQYDVR0fBDYwNDAyoDCgLoYsaHR0\n" +
"cDovL2NybC5wa2lvdmVyaGVpZC5ubC9Eb21PdkxhdGVzdENSTC5jcmwwHQYDVR0O\n" +
"BBYEFEwIyY128ZjHPt881y91DbF2eZfMMA0GCSqGSIb3DQEBBQUAA4IBAQAMlIca\n" +
"v03jheLu19hjeQ5Q38aEW9K72fUxCho1l3TfFPoqDz7toOMI9tVOW6+mriXiRWsi\n" +
"D7dUKH6S3o0UbNEc5W50BJy37zRERd/Jgx0ZH8Apad+J1T/CsFNt5U4X5HNhIxMm\n" +
"cUP9TFnLw98iqiEr2b+VERqKpOKrp11Lbyn1UtHk0hWxi/7wA8+nfemZhzizDXMU\n" +
"5HIs4c71rQZIZPrTKbmi2Lv01QulQERDjqC/zlqlUkxk0xcxYczopIro5Ij76eUv\n" +
"BjMzm5RmZrGrUDqhCYF0U1onuabSJc/Tw6f/ltAv6uAejVLpGBwgCkegllYOQJBR\n" +
"RKwa/fHuhR/3Qlpl\n" +
"-----END CERTIFICATE-----");
//
// Compromised DigiNotar PKIoverheid CA Overheid
//
// DigiNotar intermediate, cross-signed by the Dutch government
//
// Subject: CN=DigiNotar PKIoverheid CA Overheid
// O=DigiNotar B.V.,
// C=NL
// Issuer: CN=Staat der Nederlanden Overheid CA
// O=Staat der Nederlanden,
// C=NL
// Serial: 20006006 (01:31:44:76)
add("diginotar-pkioverheid-overheid-cross-to-nederlanden-01314476",
"-----BEGIN CERTIFICATE-----\n" +
"MIIEezCCA2OgAwIBAgIEATFEdjANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJO\n" +
"TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSowKAYDVQQDEyFTdGFh\n" +
"dCBkZXIgTmVkZXJsYW5kZW4gT3ZlcmhlaWQgQ0EwHhcNMDQwNjI0MDgxOTMyWhcN\n" +
"MTAwNjIzMDgxNzM2WjBSMQswCQYDVQQGEwJOTDEXMBUGA1UEChMORGlnaU5vdGFy\n" +
"IEIuVi4xKjAoBgNVBAMTIURpZ2lOb3RhciBQS0lvdmVyaGVpZCBDQSBPdmVyaGVp\n" +
"ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANSlrubta5tlOjVCi/gb\n" +
"yLCvRqfBjxG8H594VcKHu0WAYc99SPZF9cycj5mw2GyfQvy/WIrGrL4iyNq1gSqR\n" +
"0QA/mTXKZIaPqzpDhdm+VvrKkmjrbZfaQxgMSs3ChtBsjcP9Lc0X1zXZ4Q8nBe3k\n" +
"BTp+zehINfmbjoEgXLxsMR5RQ6GxzKjuC04PQpbJQgTIakglKaqYcDDZbEscWgPV\n" +
"Hgj/2aoHlj6leW/ThHZ+O41jUguEmBLZA3mu3HrCfrHntb5dPt0ihzSx7GtD/SaX\n" +
"5HBLxnP189YuqMk5iRA95CtiSdKauvon/xRKRLNgG6XAz0ctSoY7xLDdiBVU5kJd\n" +
"FScCAwEAAaOCAVAwggFMMEgGA1UdIARBMD8wPQYEVR0gADA1MDMGCCsGAQUFBwIB\n" +
"FidodHRwOi8vd3d3LmRpZ2lub3Rhci5ubC9jcHMvcGtpb3ZlcmhlaWQwDwYDVR0T\n" +
"AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgYAGA1UdIwR5MHeAFAuG1g93o2ix\n" +
"+2QJw4huXAQcV+k9oVmkVzBVMQswCQYDVQQGEwJOTDEeMBwGA1UEChMVU3RhYXQg\n" +
"ZGVyIE5lZGVybGFuZGVuMSYwJAYDVQQDEx1TdGFhdCBkZXIgTmVkZXJsYW5kZW4g\n" +
"Um9vdCBDQYIEAJiaeTA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3JsLnBraW92\n" +
"ZXJoZWlkLm5sL0RvbU92TGF0ZXN0Q1JMLmNybDAdBgNVHQ4EFgQUvRaYQh2+kdE9\n" +
"wpcl4CjXWOC1f+IwDQYJKoZIhvcNAQEFBQADggEBAGhQsCWLiaN2EOhPAW+JQP6o\n" +
"XBOrLv5w6joahzBFVn1BiefzmlMKjibqKYxURRvMAsMkh82/MfL8V0w6ugxl81lu\n" +
"i42dcxl9cKSVXKMw4bbBzJ2VQI5HTIABwefeNuy/eX6idVwYdt3ajAH7fUA8Q9Cq\n" +
"vr6H8B+8mwoEqTVTEVlCSsC/EXsokYEUr06PPzRudKjDmijgj7zFaIioZNc8hk7g\n" +
"ufEgrs/tmcNGylrwRHgCXjCRBt2NHlZ08l7A1AGU8HcHlSbG9Un/2q9kVHUkps0D\n" +
"gtUaEK+x6jpAu/R8Ojezu/+ZEcwwjI/KOhG+84+ejFmtyEkrUdsAdEdLf/2dKsw=\n" +
"-----END CERTIFICATE-----");
//
// Compromised DigiNotar Services 1024 CA
//
// DigiNotar intermediate, cross-signed by the Entrust
//
// Subject: EMAILADDRESS=info@diginotar.nl,
// CN=DigiNotar Services 1024 CA
// O=DigiNotar, C=NL
// Issuer: CN=Entrust.net Secure Server Certification Authority,
// OU=(c) 1999 Entrust.net Limited,
// OU=www.entrust.net/CPS incorp. by ref. (limits liab.),
// O=Entrust.net,
// C=US
// Serial: 1184640176 (46:9c:2c:b0)
add("diginotar-services-1024-ca-cross-to-entrust-469C2CB0",
"-----BEGIN CERTIFICATE-----\n" +
"MIIDzTCCAzagAwIBAgIERpwssDANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" +
"MjYxNTU5MDBaFw0xMzA4MjYxNjI5MDBaMGgxCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" +
"EwlEaWdpTm90YXIxIzAhBgNVBAMTGkRpZ2lOb3RhciBTZXJ2aWNlcyAxMDI0IENB\n" +
"MSAwHgYJKoZIhvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCBnzANBgkqhkiG9w0B\n" +
"AQEFAAOBjQAwgYkCgYEA2ptNXTz50eKLxsYIIMXZHkjsZlhneWIrQWP0iY1o2q+4\n" +
"lDaLGSSkoJPSmQ+yrS01Tc0vauH5mxkrvAQafi09UmTN8T5nD4ku6PJPrqYIoYX+\n" +
"oakJ5sarPkP8r3oDkdqmOaZh7phPGKjTs69mgumfvN1y+QYEvRLZGCTnq5NTi1kC\n" +
"AwEAAaOCASYwggEiMBIGA1UdEwEB/wQIMAYBAf8CAQAwJwYDVR0lBCAwHgYIKwYB\n" +
"BQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDBDARBgNVHSAECjAIMAYGBFUdIAAwMwYI\n" +
"KwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5l\n" +
"dDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L3NlcnZl\n" +
"cjEuY3JsMB0GA1UdDgQWBBT+3JRJDG/vXH/G8RKZTxZJrfuCZTALBgNVHQ8EBAMC\n" +
"AQYwHwYDVR0jBBgwFoAU8BdiE1U9s/8KAGv7UISX8+1i0BowGQYJKoZIhvZ9B0EA\n" +
"BAwwChsEVjcuMQMCAIEwDQYJKoZIhvcNAQEFBQADgYEAY3RqN6k/lpxmyFisCcnv\n" +
"9WWUf6MCxDgxvV0jh+zUVrLJsm7kBQb87PX6iHBZ1O7m3bV6oKNgLwIMq94SXa/w\n" +
"NUuqikeRGvWFLELHHe+VQ7NeuJWTpdrFKKqtci0xrZlrbP+MISevrZqRK8fdWMNu\n" +
"B8WfedLHjFW/TMcnXlEWKz4=\n" +
"-----END CERTIFICATE-----");
}
}

17
jdk/src/share/classes/sun/security/validator/SimpleValidator.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -40,6 +40,7 @@ import sun.security.util.DerInputStream;
import sun.security.util.ObjectIdentifier; import sun.security.util.ObjectIdentifier;
import sun.security.provider.certpath.AlgorithmChecker; import sun.security.provider.certpath.AlgorithmChecker;
import sun.security.provider.certpath.UntrustedChecker;
/** /**
* A simple validator implementation. It is based on code from the JSSE * A simple validator implementation. It is based on code from the JSSE
@ -137,6 +138,9 @@ public final class SimpleValidator extends Validator {
date = new Date(); date = new Date();
} }
// create distrusted certificates checker
UntrustedChecker untrustedChecker = new UntrustedChecker();
// create default algorithm constraints checker // create default algorithm constraints checker
TrustAnchor anchor = new TrustAnchor(chain[chain.length - 1], null); TrustAnchor anchor = new TrustAnchor(chain[chain.length - 1], null);
AlgorithmChecker defaultAlgChecker = new AlgorithmChecker(anchor); AlgorithmChecker defaultAlgChecker = new AlgorithmChecker(anchor);
@ -154,6 +158,17 @@ public final class SimpleValidator extends Validator {
X509Certificate issuerCert = chain[i + 1]; X509Certificate issuerCert = chain[i + 1];
X509Certificate cert = chain[i]; X509Certificate cert = chain[i];
// check untrusted certificate
try {
// Untrusted checker does not care about the unresolved
// critical extensions.
untrustedChecker.check(cert, Collections.<String>emptySet());
} catch (CertPathValidatorException cpve) {
throw new ValidatorException(
"Untrusted certificate: " + cert.getSubjectX500Principal(),
ValidatorException.T_UNTRUSTED_CERT, cert, cpve);
}
// check certificate algorithm // check certificate algorithm
try { try {
// Algorithm checker does not care about the unresolved // Algorithm checker does not care about the unresolved

5
jdk/src/share/classes/sun/security/validator/ValidatorException.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2002, 2009, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -58,6 +58,9 @@ public class ValidatorException extends CertificateException {
public final static Object T_ALGORITHM_DISABLED = public final static Object T_ALGORITHM_DISABLED =
"Certificate signature algorithm disabled"; "Certificate signature algorithm disabled";
public final static Object T_UNTRUSTED_CERT =
"Untrusted certificate";
private Object type; private Object type;
private X509Certificate cert; private X509Certificate cert;

2
jdk/src/share/native/java/util/zip/zip_util.c
View File

@ -521,7 +521,7 @@ countCENHeaders(unsigned char *beg, unsigned char *end)
{ {
jint count = 0; jint count = 0;
ptrdiff_t i; ptrdiff_t i;
for (i = 0; i + CENHDR < end - beg; i += CENSIZE(beg + i)) for (i = 0; i + CENHDR <= end - beg; i += CENSIZE(beg + i))
count++; count++;
return count; return count;
} }

22
jdk/src/windows/classes/sun/java2d/d3d/D3DRenderer.java
View File

@ -27,6 +27,7 @@ package sun.java2d.d3d;
import java.awt.Transparency; import java.awt.Transparency;
import java.awt.geom.Path2D; import java.awt.geom.Path2D;
import sun.java2d.InvalidPipeException;
import sun.java2d.SunGraphics2D; import sun.java2d.SunGraphics2D;
import sun.java2d.loops.GraphicsPrimitive; import sun.java2d.loops.GraphicsPrimitive;
import sun.java2d.pipe.BufferedPaints; import sun.java2d.pipe.BufferedPaints;
@ -47,7 +48,12 @@ class D3DRenderer extends BufferedRenderPipe {
int ctxflags = int ctxflags =
sg2d.paint.getTransparency() == Transparency.OPAQUE ? sg2d.paint.getTransparency() == Transparency.OPAQUE ?
D3DContext.SRC_IS_OPAQUE : D3DContext.NO_CONTEXT_FLAGS; D3DContext.SRC_IS_OPAQUE : D3DContext.NO_CONTEXT_FLAGS;
D3DSurfaceData dstData = (D3DSurfaceData)sg2d.surfaceData; D3DSurfaceData dstData;
try {
dstData = (D3DSurfaceData)sg2d.surfaceData;
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
D3DContext.validateContext(dstData, dstData, D3DContext.validateContext(dstData, dstData,
sg2d.getCompClip(), sg2d.composite, sg2d.getCompClip(), sg2d.composite,
null, sg2d.paint, sg2d, ctxflags); null, sg2d.paint, sg2d, ctxflags);
@ -56,7 +62,12 @@ class D3DRenderer extends BufferedRenderPipe {
@Override @Override
protected void validateContextAA(SunGraphics2D sg2d) { protected void validateContextAA(SunGraphics2D sg2d) {
int ctxflags = D3DContext.NO_CONTEXT_FLAGS; int ctxflags = D3DContext.NO_CONTEXT_FLAGS;
D3DSurfaceData dstData = (D3DSurfaceData)sg2d.surfaceData; D3DSurfaceData dstData;
try {
dstData = (D3DSurfaceData)sg2d.surfaceData;
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
D3DContext.validateContext(dstData, dstData, D3DContext.validateContext(dstData, dstData,
sg2d.getCompClip(), sg2d.composite, sg2d.getCompClip(), sg2d.composite,
null, sg2d.paint, sg2d, ctxflags); null, sg2d.paint, sg2d, ctxflags);
@ -70,7 +81,12 @@ class D3DRenderer extends BufferedRenderPipe {
int ctxflags = int ctxflags =
sg2d.surfaceData.getTransparency() == Transparency.OPAQUE ? sg2d.surfaceData.getTransparency() == Transparency.OPAQUE ?
D3DContext.SRC_IS_OPAQUE : D3DContext.NO_CONTEXT_FLAGS; D3DContext.SRC_IS_OPAQUE : D3DContext.NO_CONTEXT_FLAGS;
D3DSurfaceData dstData = (D3DSurfaceData)sg2d.surfaceData; D3DSurfaceData dstData;
try {
dstData = (D3DSurfaceData)sg2d.surfaceData;
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
D3DContext.validateContext(dstData, dstData, D3DContext.validateContext(dstData, dstData,
sg2d.getCompClip(), sg2d.composite, sg2d.getCompClip(), sg2d.composite,
null, null, null, ctxflags); null, null, null, ctxflags);

198
jdk/src/windows/classes/sun/java2d/windows/GDIRenderer.java
View File

@ -29,6 +29,7 @@ import java.awt.Composite;
import java.awt.Shape; import java.awt.Shape;
import java.awt.geom.Path2D; import java.awt.geom.Path2D;
import java.awt.geom.PathIterator; import java.awt.geom.PathIterator;
import sun.java2d.InvalidPipeException;
import sun.java2d.SunGraphics2D; import sun.java2d.SunGraphics2D;
import sun.java2d.SurfaceData; import sun.java2d.SurfaceData;
import sun.java2d.pipe.Region; import sun.java2d.pipe.Region;
@ -45,7 +46,7 @@ public class GDIRenderer implements
PixelFillPipe, PixelFillPipe,
ShapeDrawPipe ShapeDrawPipe
{ {
native void doDrawLine(SurfaceData sData, native void doDrawLine(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int x1, int y1, int x2, int y2); int x1, int y1, int x2, int y2);
@ -54,24 +55,32 @@ public class GDIRenderer implements
{ {
int transx = sg2d.transX; int transx = sg2d.transX;
int transy = sg2d.transY; int transy = sg2d.transY;
doDrawLine(sg2d.surfaceData, try {
sg2d.getCompClip(), sg2d.composite, sg2d.eargb, doDrawLine((GDIWindowSurfaceData)sg2d.surfaceData,
x1+transx, y1+transy, x2+transx, y2+transy); sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x1+transx, y1+transy, x2+transx, y2+transy);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
} }
native void doDrawRect(SurfaceData sData, native void doDrawRect(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int x, int y, int w, int h); int x, int y, int w, int h);
public void drawRect(SunGraphics2D sg2d, public void drawRect(SunGraphics2D sg2d,
int x, int y, int width, int height) int x, int y, int width, int height)
{ {
doDrawRect(sg2d.surfaceData, try {
sg2d.getCompClip(), sg2d.composite, sg2d.eargb, doDrawRect((GDIWindowSurfaceData)sg2d.surfaceData,
x+sg2d.transX, y+sg2d.transY, width, height); sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
} }
native void doDrawRoundRect(SurfaceData sData, native void doDrawRoundRect(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int x, int y, int w, int h, int x, int y, int w, int h,
int arcW, int arcH); int arcW, int arcH);
@ -80,25 +89,33 @@ public class GDIRenderer implements
int x, int y, int width, int height, int x, int y, int width, int height,
int arcWidth, int arcHeight) int arcWidth, int arcHeight)
{ {
doDrawRoundRect(sg2d.surfaceData, try {
sg2d.getCompClip(), sg2d.composite, sg2d.eargb, doDrawRoundRect((GDIWindowSurfaceData)sg2d.surfaceData,
x+sg2d.transX, y+sg2d.transY, width, height, sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
arcWidth, arcHeight); x+sg2d.transX, y+sg2d.transY, width, height,
arcWidth, arcHeight);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
} }
native void doDrawOval(SurfaceData sData, native void doDrawOval(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int x, int y, int w, int h); int x, int y, int w, int h);
public void drawOval(SunGraphics2D sg2d, public void drawOval(SunGraphics2D sg2d,
int x, int y, int width, int height) int x, int y, int width, int height)
{ {
doDrawOval(sg2d.surfaceData, try {
sg2d.getCompClip(), sg2d.composite, sg2d.eargb, doDrawOval((GDIWindowSurfaceData)sg2d.surfaceData,
x+sg2d.transX, y+sg2d.transY, width, height); sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
} }
native void doDrawArc(SurfaceData sData, native void doDrawArc(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int x, int y, int w, int h, int x, int y, int w, int h,
int angleStart, int angleExtent); int angleStart, int angleExtent);
@ -107,13 +124,17 @@ public class GDIRenderer implements
int x, int y, int width, int height, int x, int y, int width, int height,
int startAngle, int arcAngle) int startAngle, int arcAngle)
{ {
doDrawArc(sg2d.surfaceData, try {
sg2d.getCompClip(), sg2d.composite, sg2d.eargb, doDrawArc((GDIWindowSurfaceData)sg2d.surfaceData,
x+sg2d.transX, y+sg2d.transY, width, height, sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
startAngle, arcAngle); x+sg2d.transX, y+sg2d.transY, width, height,
startAngle, arcAngle);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
} }
native void doDrawPoly(SurfaceData sData, native void doDrawPoly(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int transx, int transy, int transx, int transy,
int[] xpoints, int[] ypoints, int[] xpoints, int[] ypoints,
@ -123,33 +144,45 @@ public class GDIRenderer implements
int xpoints[], int ypoints[], int xpoints[], int ypoints[],
int npoints) int npoints)
{ {
doDrawPoly(sg2d.surfaceData, try {
sg2d.getCompClip(), sg2d.composite, sg2d.eargb, doDrawPoly((GDIWindowSurfaceData)sg2d.surfaceData,
sg2d.transX, sg2d.transY, xpoints, ypoints, npoints, false); sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
sg2d.transX, sg2d.transY, xpoints, ypoints, npoints, false);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
} }
public void drawPolygon(SunGraphics2D sg2d, public void drawPolygon(SunGraphics2D sg2d,
int xpoints[], int ypoints[], int xpoints[], int ypoints[],
int npoints) int npoints)
{ {
doDrawPoly(sg2d.surfaceData, try {
sg2d.getCompClip(), sg2d.composite, sg2d.eargb, doDrawPoly((GDIWindowSurfaceData)sg2d.surfaceData,
sg2d.transX, sg2d.transY, xpoints, ypoints, npoints, true); sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
sg2d.transX, sg2d.transY, xpoints, ypoints, npoints, true);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
} }
native void doFillRect(SurfaceData sData, native void doFillRect(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int x, int y, int w, int h); int x, int y, int w, int h);
public void fillRect(SunGraphics2D sg2d, public void fillRect(SunGraphics2D sg2d,
int x, int y, int width, int height) int x, int y, int width, int height)
{ {
doFillRect(sg2d.surfaceData, try {
sg2d.getCompClip(), sg2d.composite, sg2d.eargb, doFillRect((GDIWindowSurfaceData)sg2d.surfaceData,
x+sg2d.transX, y+sg2d.transY, width, height); sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
} }
native void doFillRoundRect(SurfaceData sData, native void doFillRoundRect(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int x, int y, int w, int h, int x, int y, int w, int h,
int arcW, int arcH); int arcW, int arcH);
@ -158,25 +191,33 @@ public class GDIRenderer implements
int x, int y, int width, int height, int x, int y, int width, int height,
int arcWidth, int arcHeight) int arcWidth, int arcHeight)
{ {
doFillRoundRect(sg2d.surfaceData, try {
sg2d.getCompClip(), sg2d.composite, sg2d.eargb, doFillRoundRect((GDIWindowSurfaceData)sg2d.surfaceData,
x+sg2d.transX, y+sg2d.transY, width, height, sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
arcWidth, arcHeight); x+sg2d.transX, y+sg2d.transY, width, height,
arcWidth, arcHeight);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
} }
native void doFillOval(SurfaceData sData, native void doFillOval(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int x, int y, int w, int h); int x, int y, int w, int h);
public void fillOval(SunGraphics2D sg2d, public void fillOval(SunGraphics2D sg2d,
int x, int y, int width, int height) int x, int y, int width, int height)
{ {
doFillOval(sg2d.surfaceData, try {
sg2d.getCompClip(), sg2d.composite, sg2d.eargb, doFillOval((GDIWindowSurfaceData)sg2d.surfaceData,
x+sg2d.transX, y+sg2d.transY, width, height); sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
x+sg2d.transX, y+sg2d.transY, width, height);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
} }
native void doFillArc(SurfaceData sData, native void doFillArc(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int x, int y, int w, int h, int x, int y, int w, int h,
int angleStart, int angleExtent); int angleStart, int angleExtent);
@ -185,13 +226,17 @@ public class GDIRenderer implements
int x, int y, int width, int height, int x, int y, int width, int height,
int startAngle, int arcAngle) int startAngle, int arcAngle)
{ {
doFillArc(sg2d.surfaceData, try {
sg2d.getCompClip(), sg2d.composite, sg2d.eargb, doFillArc((GDIWindowSurfaceData)sg2d.surfaceData,
x+sg2d.transX, y+sg2d.transY, width, height, sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
startAngle, arcAngle); x+sg2d.transX, y+sg2d.transY, width, height,
startAngle, arcAngle);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
} }
native void doFillPoly(SurfaceData sData, native void doFillPoly(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int transx, int transy, int transx, int transy,
int[] xpoints, int[] ypoints, int[] xpoints, int[] ypoints,
@ -201,12 +246,16 @@ public class GDIRenderer implements
int xpoints[], int ypoints[], int xpoints[], int ypoints[],
int npoints) int npoints)
{ {
doFillPoly(sg2d.surfaceData, try {
sg2d.getCompClip(), sg2d.composite, sg2d.eargb, doFillPoly((GDIWindowSurfaceData)sg2d.surfaceData,
sg2d.transX, sg2d.transY, xpoints, ypoints, npoints); sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
sg2d.transX, sg2d.transY, xpoints, ypoints, npoints);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
} }
native void doShape(SurfaceData sData, native void doShape(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int transX, int transY, int transX, int transY,
Path2D.Float p2df, boolean isfill); Path2D.Float p2df, boolean isfill);
@ -228,9 +277,13 @@ public class GDIRenderer implements
transX = 0; transX = 0;
transY = 0; transY = 0;
} }
doShape(sg2d.surfaceData, try {
sg2d.getCompClip(), sg2d.composite, sg2d.eargb, doShape((GDIWindowSurfaceData)sg2d.surfaceData,
transX, transY, p2df, isfill); sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
transX, transY, p2df, isfill);
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
} }
// REMIND: This is just a hack to get WIDE lines to honor the // REMIND: This is just a hack to get WIDE lines to honor the
@ -239,7 +292,12 @@ public class GDIRenderer implements
// method that could be filled by the doShape method more quickly. // method that could be filled by the doShape method more quickly.
public void doFillSpans(SunGraphics2D sg2d, SpanIterator si) { public void doFillSpans(SunGraphics2D sg2d, SpanIterator si) {
int box[] = new int[4]; int box[] = new int[4];
SurfaceData sd = sg2d.surfaceData; GDIWindowSurfaceData sd;
try {
sd = (GDIWindowSurfaceData)sg2d.surfaceData;
} catch (ClassCastException e) {
throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
}
Region clip = sg2d.getCompClip(); Region clip = sg2d.getCompClip();
Composite comp = sg2d.composite; Composite comp = sg2d.composite;
int eargb = sg2d.eargb; int eargb = sg2d.eargb;
@ -268,7 +326,7 @@ public class GDIRenderer implements
doShape(sg2d, s, true); doShape(sg2d, s, true);
} }
public native void devCopyArea(SurfaceData sData, public native void devCopyArea(GDIWindowSurfaceData sData,
int srcx, int srcy, int srcx, int srcy,
int dx, int dy, int dx, int dy,
int w, int h); int w, int h);
@ -278,21 +336,21 @@ public class GDIRenderer implements
} }
public static class Tracer extends GDIRenderer { public static class Tracer extends GDIRenderer {
void doDrawLine(SurfaceData sData, void doDrawLine(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int x1, int y1, int x2, int y2) int x1, int y1, int x2, int y2)
{ {
GraphicsPrimitive.tracePrimitive("GDIDrawLine"); GraphicsPrimitive.tracePrimitive("GDIDrawLine");
super.doDrawLine(sData, clip, comp, color, x1, y1, x2, y2); super.doDrawLine(sData, clip, comp, color, x1, y1, x2, y2);
} }
void doDrawRect(SurfaceData sData, void doDrawRect(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int x, int y, int w, int h) int x, int y, int w, int h)
{ {
GraphicsPrimitive.tracePrimitive("GDIDrawRect"); GraphicsPrimitive.tracePrimitive("GDIDrawRect");
super.doDrawRect(sData, clip, comp, color, x, y, w, h); super.doDrawRect(sData, clip, comp, color, x, y, w, h);
} }
void doDrawRoundRect(SurfaceData sData, void doDrawRoundRect(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int x, int y, int w, int h, int x, int y, int w, int h,
int arcW, int arcH) int arcW, int arcH)
@ -301,14 +359,14 @@ public class GDIRenderer implements
super.doDrawRoundRect(sData, clip, comp, color, super.doDrawRoundRect(sData, clip, comp, color,
x, y, w, h, arcW, arcH); x, y, w, h, arcW, arcH);
} }
void doDrawOval(SurfaceData sData, void doDrawOval(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int x, int y, int w, int h) int x, int y, int w, int h)
{ {
GraphicsPrimitive.tracePrimitive("GDIDrawOval"); GraphicsPrimitive.tracePrimitive("GDIDrawOval");
super.doDrawOval(sData, clip, comp, color, x, y, w, h); super.doDrawOval(sData, clip, comp, color, x, y, w, h);
} }
void doDrawArc(SurfaceData sData, void doDrawArc(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int x, int y, int w, int h, int x, int y, int w, int h,
int angleStart, int angleExtent) int angleStart, int angleExtent)
@ -317,7 +375,7 @@ public class GDIRenderer implements
super.doDrawArc(sData, clip, comp, color, x, y, w, h, super.doDrawArc(sData, clip, comp, color, x, y, w, h,
angleStart, angleExtent); angleStart, angleExtent);
} }
void doDrawPoly(SurfaceData sData, void doDrawPoly(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int transx, int transy, int transx, int transy,
int[] xpoints, int[] ypoints, int[] xpoints, int[] ypoints,
@ -327,14 +385,14 @@ public class GDIRenderer implements
super.doDrawPoly(sData, clip, comp, color, transx, transy, super.doDrawPoly(sData, clip, comp, color, transx, transy,
xpoints, ypoints, npoints, isclosed); xpoints, ypoints, npoints, isclosed);
} }
void doFillRect(SurfaceData sData, void doFillRect(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int x, int y, int w, int h) int x, int y, int w, int h)
{ {
GraphicsPrimitive.tracePrimitive("GDIFillRect"); GraphicsPrimitive.tracePrimitive("GDIFillRect");
super.doFillRect(sData, clip, comp, color, x, y, w, h); super.doFillRect(sData, clip, comp, color, x, y, w, h);
} }
void doFillRoundRect(SurfaceData sData, void doFillRoundRect(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int x, int y, int w, int h, int x, int y, int w, int h,
int arcW, int arcH) int arcW, int arcH)
@ -343,14 +401,14 @@ public class GDIRenderer implements
super.doFillRoundRect(sData, clip, comp, color, super.doFillRoundRect(sData, clip, comp, color,
x, y, w, h, arcW, arcH); x, y, w, h, arcW, arcH);
} }
void doFillOval(SurfaceData sData, void doFillOval(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int x, int y, int w, int h) int x, int y, int w, int h)
{ {
GraphicsPrimitive.tracePrimitive("GDIFillOval"); GraphicsPrimitive.tracePrimitive("GDIFillOval");
super.doFillOval(sData, clip, comp, color, x, y, w, h); super.doFillOval(sData, clip, comp, color, x, y, w, h);
} }
void doFillArc(SurfaceData sData, void doFillArc(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int x, int y, int w, int h, int x, int y, int w, int h,
int angleStart, int angleExtent) int angleStart, int angleExtent)
@ -359,7 +417,7 @@ public class GDIRenderer implements
super.doFillArc(sData, clip, comp, color, x, y, w, h, super.doFillArc(sData, clip, comp, color, x, y, w, h,
angleStart, angleExtent); angleStart, angleExtent);
} }
void doFillPoly(SurfaceData sData, void doFillPoly(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int transx, int transy, int transx, int transy,
int[] xpoints, int[] ypoints, int[] xpoints, int[] ypoints,
@ -369,7 +427,7 @@ public class GDIRenderer implements
super.doFillPoly(sData, clip, comp, color, transx, transy, super.doFillPoly(sData, clip, comp, color, transx, transy,
xpoints, ypoints, npoints); xpoints, ypoints, npoints);
} }
void doShape(SurfaceData sData, void doShape(GDIWindowSurfaceData sData,
Region clip, Composite comp, int color, Region clip, Composite comp, int color,
int transX, int transY, int transX, int transY,
Path2D.Float p2df, boolean isfill) Path2D.Float p2df, boolean isfill)
@ -380,7 +438,7 @@ public class GDIRenderer implements
super.doShape(sData, clip, comp, color, super.doShape(sData, clip, comp, color,
transX, transY, p2df, isfill); transX, transY, p2df, isfill);
} }
public void devCopyArea(SurfaceData sData, public void devCopyArea(GDIWindowSurfaceData sData,
int srcx, int srcy, int srcx, int srcy,
int dx, int dy, int dx, int dy,
int w, int h) int w, int h)

26
jdk/src/windows/native/sun/java2d/windows/GDIRenderer.cpp
View File

@ -117,7 +117,7 @@ static POINT *TransformPoly(jint *xpoints, jint *ypoints,
/* /*
* Class: sun_java2d_windows_GDIRenderer * Class: sun_java2d_windows_GDIRenderer
* Method: doDrawLine * Method: doDrawLine
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
*/ */
JNIEXPORT void JNICALL JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doDrawLine Java_sun_java2d_windows_GDIRenderer_doDrawLine
@ -164,7 +164,7 @@ Java_sun_java2d_windows_GDIRenderer_doDrawLine
/* /*
* Class: sun_java2d_windows_GDIRenderer * Class: sun_java2d_windows_GDIRenderer
* Method: doDrawRect * Method: doDrawRect
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
*/ */
JNIEXPORT void JNICALL JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doDrawRect Java_sun_java2d_windows_GDIRenderer_doDrawRect
@ -209,7 +209,7 @@ Java_sun_java2d_windows_GDIRenderer_doDrawRect
/* /*
* Class: sun_java2d_windows_GDIRenderer * Class: sun_java2d_windows_GDIRenderer
* Method: doDrawRoundRect * Method: doDrawRoundRect
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
*/ */
JNIEXPORT void JNICALL JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doDrawRoundRect Java_sun_java2d_windows_GDIRenderer_doDrawRoundRect
@ -253,7 +253,7 @@ Java_sun_java2d_windows_GDIRenderer_doDrawRoundRect
/* /*
* Class: sun_java2d_windows_GDIRenderer * Class: sun_java2d_windows_GDIRenderer
* Method: doDrawOval * Method: doDrawOval
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
*/ */
JNIEXPORT void JNICALL JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doDrawOval Java_sun_java2d_windows_GDIRenderer_doDrawOval
@ -291,7 +291,7 @@ Java_sun_java2d_windows_GDIRenderer_doDrawOval
/* /*
* Class: sun_java2d_windows_GDIRenderer * Class: sun_java2d_windows_GDIRenderer
* Method: doDrawArc * Method: doDrawArc
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
*/ */
JNIEXPORT void JNICALL JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doDrawArc Java_sun_java2d_windows_GDIRenderer_doDrawArc
@ -347,7 +347,7 @@ Java_sun_java2d_windows_GDIRenderer_doDrawArc
/* /*
* Class: sun_java2d_windows_GDIRenderer * Class: sun_java2d_windows_GDIRenderer
* Method: doDrawPoly * Method: doDrawPoly
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;III[I[IIZ)V * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;III[I[IIZ)V
*/ */
JNIEXPORT void JNICALL JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doDrawPoly Java_sun_java2d_windows_GDIRenderer_doDrawPoly
@ -412,7 +412,7 @@ Java_sun_java2d_windows_GDIRenderer_doDrawPoly
/* /*
* Class: sun_java2d_windows_GDIRenderer * Class: sun_java2d_windows_GDIRenderer
* Method: doFillRect * Method: doFillRect
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
*/ */
JNIEXPORT void JNICALL JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doFillRect Java_sun_java2d_windows_GDIRenderer_doFillRect
@ -445,7 +445,7 @@ Java_sun_java2d_windows_GDIRenderer_doFillRect
/* /*
* Class: sun_java2d_windows_GDIRenderer * Class: sun_java2d_windows_GDIRenderer
* Method: doFillRoundRect * Method: doFillRoundRect
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
*/ */
JNIEXPORT void JNICALL JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doFillRoundRect Java_sun_java2d_windows_GDIRenderer_doFillRoundRect
@ -488,7 +488,7 @@ Java_sun_java2d_windows_GDIRenderer_doFillRoundRect
/* /*
* Class: sun_java2d_windows_GDIRenderer * Class: sun_java2d_windows_GDIRenderer
* Method: doFillOval * Method: doFillOval
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
*/ */
JNIEXPORT void JNICALL JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doFillOval Java_sun_java2d_windows_GDIRenderer_doFillOval
@ -555,7 +555,7 @@ Java_sun_java2d_windows_GDIRenderer_doFillOval
/* /*
* Class: sun_java2d_windows_GDIRenderer * Class: sun_java2d_windows_GDIRenderer
* Method: doFillArc * Method: doFillArc
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
*/ */
JNIEXPORT void JNICALL JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doFillArc Java_sun_java2d_windows_GDIRenderer_doFillArc
@ -615,7 +615,7 @@ Java_sun_java2d_windows_GDIRenderer_doFillArc
/* /*
* Class: sun_java2d_windows_GDIRenderer * Class: sun_java2d_windows_GDIRenderer
* Method: doFillPoly * Method: doFillPoly
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;III[I[II)V * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;III[I[II)V
*/ */
JNIEXPORT void JNICALL JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_doFillPoly Java_sun_java2d_windows_GDIRenderer_doFillPoly
@ -680,7 +680,7 @@ Java_sun_java2d_windows_GDIRenderer_doFillPoly
/* /*
* Class: sun_java2d_windows_GDIRenderer * Class: sun_java2d_windows_GDIRenderer
* Method: doShape * Method: doShape
* Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region; * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;
* Ljava/awt/Composite;IIILjava/awt/geom/Path2D.Float;Z)V * Ljava/awt/Composite;IIILjava/awt/geom/Path2D.Float;Z)V
*/ */
JNIEXPORT void JNICALL JNIEXPORT void JNICALL
@ -863,7 +863,7 @@ INLINE BOOL RectInMonitorRect(RECT *rCheck, RECT *rContainer)
/* /*
* Class: sun_java2d_windows_GDIRenderer * Class: sun_java2d_windows_GDIRenderer
* Method: devCopyArea * Method: devCopyArea
* Signature: (Lsun/awt/windows/SurfaceData;IIIIII)V * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;IIIIII)V
*/ */
JNIEXPORT void JNICALL JNIEXPORT void JNICALL
Java_sun_java2d_windows_GDIRenderer_devCopyArea Java_sun_java2d_windows_GDIRenderer_devCopyArea

9
jdk/test/java/io/Serializable/expectedStackTrace/ExpectedStackTrace.java
View File

@ -22,7 +22,7 @@
*/ */
/* @test /* @test
* @bug 6317435 * @bug 6317435 7110700
* @summary Verify that stack trace contains a proper cause of * @summary Verify that stack trace contains a proper cause of
* InvalidClassException (methods: checkSerialize, * InvalidClassException (methods: checkSerialize,
* checkDeserialize or checkDefaultSerialize) * checkDeserialize or checkDefaultSerialize)
@ -59,7 +59,7 @@ public class ExpectedStackTrace {
private static final String SER_METHOD_NAME = "checkSerializable"; private static final String SER_METHOD_NAME = "checkSerializable";
public static final void main(String[] args) throws Exception { public static final void main(String[] args) throws Exception {
System.err.println("\nRegression test for CR6317435"); System.err.println("\nRegression test for CRs 6317435, 7110700");
checkSerializable(getObject()); checkSerializable(getObject());
} }
@ -99,9 +99,12 @@ public class ExpectedStackTrace {
} }
} }
if (found) { if (found) {
if (ex.getCause() != null) {
throw new Error("\nTest for CR 7110700 FAILED");
}
System.err.println("\nTEST PASSED"); System.err.println("\nTEST PASSED");
} else { } else {
throw new Error(); throw new Error("\nTest for CR 6317435 FAILED");
} }
} }
} }

226
jdk/test/javax/sound/sampled/DataLine/DataLine_ArrayIndexOutOfBounds.java Normal file
View File

@ -0,0 +1,226 @@
/**
* @test
* @bug 7088367
* @summary SourceDataLine.write and TargetDataLine.read don't throw ArrayIndexOutOfBoundsException
* @author Alex Menkov
*/
import javax.sound.sampled.AudioSystem;
import javax.sound.sampled.DataLine;
import javax.sound.sampled.Line;
import javax.sound.sampled.LineUnavailableException;
import javax.sound.sampled.Mixer;
import javax.sound.sampled.SourceDataLine;
import javax.sound.sampled.TargetDataLine;
public class DataLine_ArrayIndexOutOfBounds {
static int total = 0;
static int failed = 0;
// shared buffer for all tests
static final byte[] buffer = new byte[5000000];
// the class describes different test scenarios (buffer properties)
static abstract class Scenario {
abstract int getBufferOffset(DataLine line);
abstract int getBufferLength(DataLine line);
}
// scenarios to tests
static Scenario[] scenarios = new Scenario[]{
new Scenario() {
public String toString() {
return "offset is near Integer.MAX_VALUE";
}
public int getBufferOffset(DataLine line) {
return Integer.MAX_VALUE - 4096;
}
public int getBufferLength(DataLine line) {
return 65536;
}
},
new Scenario() {
public String toString() {
return "offset is less than buffer.length, length is large";
}
int getBufferOffset(DataLine line) {
return buffer.length / 10;
}
int getBufferLength(DataLine line) {
return Integer.MAX_VALUE - getBufferOffset(line) + 4096;
}
}
};
public static void main(String[] args) throws Exception {
Mixer.Info[] infos = AudioSystem.getMixerInfo();
log("" + infos.length + " mixers detected");
for (int i=0; i<infos.length; i++) {
Mixer mixer = AudioSystem.getMixer(infos[i]);
log("Mixer " + (i+1) + ": " + infos[i]);
try {
mixer.open();
for (Scenario scenario: scenarios) {
testSDL(mixer, scenario);
testTDL(mixer, scenario);
}
mixer.close();
} catch (LineUnavailableException ex) {
log("LineUnavailableException: " + ex);
}
}
if (failed == 0) {
log("PASSED (" + total + " tests)");
} else {
log("FAILED (" + failed + " of " + total + " tests)");
throw new Exception("Test FAILED");
}
}
final static int STOPPER_DELAY = 5000; // 1 sec
static class AsyncLineStopper implements Runnable {
private final DataLine line;
private final long delayMS; // delay before stop the line
private final Thread thread;
private final Object readyEvent = new Object();
private final Object startEvent = new Object();
public AsyncLineStopper(DataLine line, long delayMS) {
this.line = line;
this.delayMS = delayMS;
thread = new Thread(this);
thread.setDaemon(true);
// starts the thread and waits until it becomes ready
synchronized (readyEvent) {
thread.start();
try {
readyEvent.wait();
} catch (InterruptedException ex) { }
}
}
// makes the delay and then stops the line
public void schedule() {
synchronized(startEvent) {
startEvent.notifyAll();
}
}
// force stop/close the line
public void force() {
thread.interrupt();
try {
thread.join();
} catch (InterruptedException ex) {
log("join exception: " + ex);
}
}
// Runnable implementation
public void run() {
try {
synchronized(readyEvent) {
readyEvent.notifyAll();
}
synchronized(startEvent) {
startEvent.wait();
}
// delay
Thread.sleep(delayMS);
} catch (InterruptedException ex) {
log(" AsyncLineStopper has been interrupted: " + ex);
}
// and flush
log(" stop...");
line.stop();
log(" close...");
line.close();
}
}
static void testSDL(Mixer mixer, Scenario scenario) {
log(" Testing SDL (scenario: " + scenario + ")...");
Line.Info linfo = new Line.Info(SourceDataLine.class);
SourceDataLine line = null;
try {
line = (SourceDataLine)mixer.getLine(linfo);
log(" got line: " + line);
log(" open...");
line.open();
} catch (IllegalArgumentException ex) {
log(" unsupported (IllegalArgumentException)");
return;
} catch (LineUnavailableException ex) {
log(" unavailable: " + ex);
return;
}
total++;
log(" start...");
line.start();
AsyncLineStopper lineStopper = new AsyncLineStopper(line, STOPPER_DELAY);
int offset = scenario.getBufferOffset(line);
int len = scenario.getBufferLength(line);
// ensure len represents integral number of frames
len -= len % line.getFormat().getFrameSize();
log(" write...");
lineStopper.schedule();
try {
line.write(buffer, offset, len);
log(" ERROR: didn't get ArrayIndexOutOfBoundsException");
failed++;
} catch (ArrayIndexOutOfBoundsException ex) {
log(" OK: got ArrayIndexOutOfBoundsException: " + ex);
}
lineStopper.force();
}
static void testTDL(Mixer mixer, Scenario scenario) {
log(" Testing TDL (scenario: " + scenario + ")...");
Line.Info linfo = new Line.Info(TargetDataLine.class);
TargetDataLine line = null;
try {
line = (TargetDataLine)mixer.getLine(linfo);
log(" got line: " + line);
log(" open...");
line.open();
} catch (IllegalArgumentException ex) {
log(" unsupported (IllegalArgumentException)");
return;
} catch (LineUnavailableException ex) {
log(" unavailable: " + ex);
return;
}
total++;
log(" start...");
line.start();
AsyncLineStopper lineStopper = new AsyncLineStopper(line, STOPPER_DELAY);
int offset = scenario.getBufferOffset(line);
int len = scenario.getBufferLength(line);
// ensure len represents integral number of frames
len -= len % line.getFormat().getFrameSize();
log(" read...");
try {
line.read(buffer, offset, len);
log(" ERROR: didn't get ArrayIndexOutOfBoundsException");
failed++;
} catch (ArrayIndexOutOfBoundsException ex) {
log(" OK: got ArrayIndexOutOfBoundsException: " + ex);
}
lineStopper.force();
}
static void log(String s) {
System.out.println(s);
System.out.flush();
}
}

312
jdk/test/sun/security/provider/certpath/X509CertPath/ForwardBuildCompromised.java Normal file
View File

@ -0,0 +1,312 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 7123519
* @summary Problem with java/classes_security
*/
import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.KeyStore;
import java.security.cert.*;
import java.security.spec.*;
import java.security.interfaces.*;
public class ForwardBuildCompromised {
// DigiNotar Root CA, untrusted root certificate
static String trustedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\n" +
"MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\n" +
"ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\n" +
"b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\n" +
"bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\n" +
"U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\n" +
"A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\n" +
"I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\n" +
"wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\n" +
"AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\n" +
"oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\n" +
"BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\n" +
"dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\n" +
"MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\n" +
"b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\n" +
"dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\n" +
"MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\n" +
"E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\n" +
"MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\n" +
"hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\n" +
"95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\n" +
"2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\n" +
"-----END CERTIFICATE-----";
// DigiNotar Root CA, untrusted cross-certificate
static String untrustedCrossCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" +
"MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" +
"EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" +
"hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" +
"ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" +
"OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" +
"hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" +
"gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" +
"IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" +
"BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" +
"Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" +
"5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" +
"DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" +
"9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" +
"7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" +
"ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" +
"BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" +
"BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" +
"VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" +
"bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" +
"A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" +
"BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" +
"xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" +
"ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" +
"ZFdYf+hthc3m6IcJ\n" +
"-----END CERTIFICATE-----";
// DigiNotar Root CA, compromised certificate
static String compromisedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
"Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
"HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES\n" +
"MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg\n" +
"MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB\n" +
"AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B\n" +
"8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY\n" +
"tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl\n" +
"HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj\n" +
"zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU\n" +
"JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM\n" +
"ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv\n" +
"a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p\n" +
"K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi\n" +
"puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT\n" +
"yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO\n" +
"owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV\n" +
"HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC\n" +
"jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy\n" +
"fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo\n" +
"Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo\n" +
"M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM\n" +
"Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed\n" +
"2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH\n" +
"/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl\n" +
"nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE\n" +
"O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU\n" +
"9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9\n" +
"j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr\n" +
"-----END CERTIFICATE-----";
// DigiNotar Public CA 2025, intermediate certificate
static String intermediateCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIGAzCCA+ugAwIBAgIQHn16Uz1FMEGWQA9xSB9FBDANBgkqhkiG9w0BAQUFADBf\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
"Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
"HhcNMDYwMjA2MTYwNzAyWhcNMjUwMzI4MTYwNzAyWjBmMQswCQYDVQQGEwJOTDES\n" +
"MBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdpTm90YXIgUHVibGljIENB\n" +
"IDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5vdGFyLm5sMIIBIjANBgkq\n" +
"hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/2eu/I5fMG8lbvPph3e8zfJpZQtg/72\n" +
"Yx29+ivtKehiF6A3n785XyoY6IT3vlCrhy1CbMOY3M0x1n4YQlv17B0XZ/DqHyBA\n" +
"SQvnDNbkM9j4NoSy/sRtGsP6PetIFFjrhE9whZuvuSUC1PY4PruEEJp8zOCx4+wU\n" +
"Zt9xvjy4Xra+bSia5rwccQ/R5FYTGKrYCthOy9C9ud5Fhd++rlVhgdA/78w+Cs2s\n" +
"xS4i0MAxG75P3/e/bATJKepbydHdDjkyz9o3RW/wdPUXhzEw4EwUjYg6XJrDzMad\n" +
"6aL9M/eaxDjgz6o48EaWRDrGptaE2uJRuErVz7oOO0p/wYKq/BU+/wIDAQABo4IB\n" +
"sjCCAa4wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vdmFsaWRh\n" +
"dGlvbi5kaWdpbm90YXIubmwwHwYDVR0jBBgwFoAUiGi/4I41xDs4a2L3KDuEgcgM\n" +
"100wEgYDVR0TAQH/BAgwBgEB/wIBADCBxgYDVR0gBIG+MIG7MIG4Bg5ghBABh2kB\n" +
"AQEBBQIGBDCBpTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpbm90YXIubmwv\n" +
"Y3BzMHoGCCsGAQUFBwICMG4abENvbmRpdGlvbnMsIGFzIG1lbnRpb25lZCBvbiBv\n" +
"dXIgd2Vic2l0ZSAod3d3LmRpZ2lub3Rhci5ubCksIGFyZSBhcHBsaWNhYmxlIHRv\n" +
"IGFsbCBvdXIgcHJvZHVjdHMgYW5kIHNlcnZpY2VzLjBDBgNVHR8EPDA6MDigNqA0\n" +
"hjJodHRwOi8vc2VydmljZS5kaWdpbm90YXIubmwvY3JsL3Jvb3QvbGF0ZXN0Q1JM\n" +
"LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFN8zwK+S/jf8ttgWFtDZsZHV\n" +
"+m6lMA0GCSqGSIb3DQEBBQUAA4ICAQCfV1rmBd9QStEyQ40lT0tqby0/3ez0STuJ\n" +
"ESBQLQD56XYdb4VFSuqA6xTtiuSVHLoiv2xyISN9FvX3A5VtifkJ00JEaLQJiSsE\n" +
"wGDkYGl1DT7SsqtAVKdMAuCM+e0j0/RV3hZ6kcrM7/wFccHwM+/TiurR9lgZDzB4\n" +
"a7++A4XrYyKx9vc9ZwBEnD1nrAe7++gg9cuZgP7e+QL0FBHMjpw+gnCDjr2dzBZC\n" +
"4r+b8SOqlbPRPexBuNghlc7PfcPIyFis2LJXDRMWiAd3TcfdALwRsuKMR/T+cwyr\n" +
"asy69OEGHplLT57otQ524BDctDXNzlH9bHEh52QzqkWvIDqs42910IUy1nYNPIUG\n" +
"yYJV/T7H8Jb6vfMZWe47iUFvtNZCi8+b542gRUwdi+ca+hGviBC9Qr4Wv1pl7CBQ\n" +
"Hy1axTkHiQawUo/hgmoetCpftugl9yJTfvsBorUV1ZMxn9B1JLSGtWnbUsFRla7G\n" +
"fNa0IsUkzmmha8XCzvNu0d1PDGtcQyUqmDOE1Hx4cIBeuF8ipuIXkrVCr9zAZ4ZC\n" +
"hgz6aA1gDTW8whSRJqYEYEQ0pcMEFLyXE+Nz3O8NinO2AuxqKhjMk13203xA7lPY\n" +
"MnBQ0v7S3qqbp/pvPMiUhOz/VaYted6QmOY5EATBnFiLCuw87JXoAyp382eJ3WX1\n" +
"hOiR4IX9Tg==\n" +
"-----END CERTIFICATE-----";
// The fraudulent certificate issued by above compromised CA
static String targetCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp\n" +
"Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v\n" +
"dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE\n" +
"BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp\n" +
"ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j\n" +
"b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS\n" +
"CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q\n" +
"7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD\n" +
"ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x\n" +
"OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8\n" +
"vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2\n" +
"EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0\n" +
"dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43\n" +
"/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH\n" +
"aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u\n" +
"bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u\n" +
"IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg\n" +
"dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8\n" +
"oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s\n" +
"YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn\n" +
"b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG\n" +
"9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH\n" +
"UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB\n" +
"pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM\n" +
"FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum\n" +
"U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK\n" +
"baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==\n" +
"-----END CERTIFICATE-----";
public static void main(String args[]) throws Exception {
Exception reservedException = null;
try {
build();
} catch (CertPathBuilderException cpbe) {
reservedException = cpbe;
}
if (reservedException == null) {
throw new Exception("Unable to block fraudulent certificate");
}
System.out.println(
"The expected untrusted cert exception: " + reservedException);
}
private static X509CertSelector generateSelector() throws Exception {
// generate certificate from cert strings
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate target = null;
try (ByteArrayInputStream is =
new ByteArrayInputStream(targetCertStr.getBytes())) {
target = (X509Certificate)cf.generateCertificate(is);
}
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(target);
return selector;
}
private static CertStore generateCertificateStore() throws Exception {
// generate certificate from cert strings
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// generate certification path
Set<Certificate> entries = new HashSet();
try (ByteArrayInputStream is =
new ByteArrayInputStream(targetCertStr.getBytes())) {
entries.add(cf.generateCertificate(is));
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(intermediateCertStr.getBytes())) {
entries.add(cf.generateCertificate(is));
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(compromisedCertStr.getBytes())) {
entries.add(cf.generateCertificate(is));
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(untrustedCrossCertStr.getBytes())) {
entries.add(cf.generateCertificate(is));
}
return CertStore.getInstance("Collection",
new CollectionCertStoreParameters(entries));
}
private static Set<TrustAnchor> generateTrustAnchors()
throws CertificateException, IOException {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate trustedCert = null;
try (ByteArrayInputStream is =
new ByteArrayInputStream(trustedCertStr.getBytes())) {
trustedCert = cf.generateCertificate(is);
}
// generate a trust anchor
TrustAnchor anchor =
new TrustAnchor((X509Certificate)trustedCert, null);
return Collections.singleton(anchor);
}
private static void build() throws Exception {
X509CertSelector selector = generateSelector();
Set<TrustAnchor> anchors = generateTrustAnchors();
CertStore certs = generateCertificateStore();
PKIXBuilderParameters params =
new PKIXBuilderParameters(anchors, selector);
params.addCertStore(certs);
params.setRevocationEnabled(false);
params.setDate(new Date(111, 11, 25)); // 2011-12-25
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
PKIXCertPathBuilderResult result =
(PKIXCertPathBuilderResult)builder.build(params);
}
}

315
jdk/test/sun/security/provider/certpath/X509CertPath/ReverseBuildCompromised.java Normal file
View File

@ -0,0 +1,315 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 7123519
* @summary Problem with java/classes_security
*/
import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.KeyStore;
import java.security.cert.*;
import java.security.spec.*;
import java.security.interfaces.*;
import sun.security.provider.certpath.SunCertPathBuilderParameters;
public class ReverseBuildCompromised {
// DigiNotar Root CA, untrusted root certificate
static String trustedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\n" +
"MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\n" +
"ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\n" +
"b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\n" +
"bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\n" +
"U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\n" +
"A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\n" +
"I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\n" +
"wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\n" +
"AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\n" +
"oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\n" +
"BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\n" +
"dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\n" +
"MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\n" +
"b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\n" +
"dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\n" +
"MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\n" +
"E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\n" +
"MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\n" +
"hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\n" +
"95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\n" +
"2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\n" +
"-----END CERTIFICATE-----";
// DigiNotar Root CA, untrusted cross-certificate
static String untrustedCrossCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" +
"MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" +
"EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" +
"hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" +
"ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" +
"OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" +
"hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" +
"gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" +
"IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" +
"BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" +
"Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" +
"5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" +
"DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" +
"9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" +
"7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" +
"ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" +
"BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" +
"BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" +
"VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" +
"bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" +
"A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" +
"BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" +
"xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" +
"ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" +
"ZFdYf+hthc3m6IcJ\n" +
"-----END CERTIFICATE-----";
// DigiNotar Root CA, compromised certificate
static String compromisedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
"Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
"HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES\n" +
"MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg\n" +
"MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB\n" +
"AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B\n" +
"8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY\n" +
"tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl\n" +
"HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj\n" +
"zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU\n" +
"JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM\n" +
"ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv\n" +
"a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p\n" +
"K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi\n" +
"puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT\n" +
"yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO\n" +
"owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV\n" +
"HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC\n" +
"jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy\n" +
"fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo\n" +
"Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo\n" +
"M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM\n" +
"Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed\n" +
"2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH\n" +
"/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl\n" +
"nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE\n" +
"O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU\n" +
"9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9\n" +
"j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr\n" +
"-----END CERTIFICATE-----";
// DigiNotar Public CA 2025, intermediate certificate
static String intermediateCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIGAzCCA+ugAwIBAgIQHn16Uz1FMEGWQA9xSB9FBDANBgkqhkiG9w0BAQUFADBf\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
"Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
"HhcNMDYwMjA2MTYwNzAyWhcNMjUwMzI4MTYwNzAyWjBmMQswCQYDVQQGEwJOTDES\n" +
"MBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdpTm90YXIgUHVibGljIENB\n" +
"IDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5vdGFyLm5sMIIBIjANBgkq\n" +
"hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/2eu/I5fMG8lbvPph3e8zfJpZQtg/72\n" +
"Yx29+ivtKehiF6A3n785XyoY6IT3vlCrhy1CbMOY3M0x1n4YQlv17B0XZ/DqHyBA\n" +
"SQvnDNbkM9j4NoSy/sRtGsP6PetIFFjrhE9whZuvuSUC1PY4PruEEJp8zOCx4+wU\n" +
"Zt9xvjy4Xra+bSia5rwccQ/R5FYTGKrYCthOy9C9ud5Fhd++rlVhgdA/78w+Cs2s\n" +
"xS4i0MAxG75P3/e/bATJKepbydHdDjkyz9o3RW/wdPUXhzEw4EwUjYg6XJrDzMad\n" +
"6aL9M/eaxDjgz6o48EaWRDrGptaE2uJRuErVz7oOO0p/wYKq/BU+/wIDAQABo4IB\n" +
"sjCCAa4wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vdmFsaWRh\n" +
"dGlvbi5kaWdpbm90YXIubmwwHwYDVR0jBBgwFoAUiGi/4I41xDs4a2L3KDuEgcgM\n" +
"100wEgYDVR0TAQH/BAgwBgEB/wIBADCBxgYDVR0gBIG+MIG7MIG4Bg5ghBABh2kB\n" +
"AQEBBQIGBDCBpTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpbm90YXIubmwv\n" +
"Y3BzMHoGCCsGAQUFBwICMG4abENvbmRpdGlvbnMsIGFzIG1lbnRpb25lZCBvbiBv\n" +
"dXIgd2Vic2l0ZSAod3d3LmRpZ2lub3Rhci5ubCksIGFyZSBhcHBsaWNhYmxlIHRv\n" +
"IGFsbCBvdXIgcHJvZHVjdHMgYW5kIHNlcnZpY2VzLjBDBgNVHR8EPDA6MDigNqA0\n" +
"hjJodHRwOi8vc2VydmljZS5kaWdpbm90YXIubmwvY3JsL3Jvb3QvbGF0ZXN0Q1JM\n" +
"LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFN8zwK+S/jf8ttgWFtDZsZHV\n" +
"+m6lMA0GCSqGSIb3DQEBBQUAA4ICAQCfV1rmBd9QStEyQ40lT0tqby0/3ez0STuJ\n" +
"ESBQLQD56XYdb4VFSuqA6xTtiuSVHLoiv2xyISN9FvX3A5VtifkJ00JEaLQJiSsE\n" +
"wGDkYGl1DT7SsqtAVKdMAuCM+e0j0/RV3hZ6kcrM7/wFccHwM+/TiurR9lgZDzB4\n" +
"a7++A4XrYyKx9vc9ZwBEnD1nrAe7++gg9cuZgP7e+QL0FBHMjpw+gnCDjr2dzBZC\n" +
"4r+b8SOqlbPRPexBuNghlc7PfcPIyFis2LJXDRMWiAd3TcfdALwRsuKMR/T+cwyr\n" +
"asy69OEGHplLT57otQ524BDctDXNzlH9bHEh52QzqkWvIDqs42910IUy1nYNPIUG\n" +
"yYJV/T7H8Jb6vfMZWe47iUFvtNZCi8+b542gRUwdi+ca+hGviBC9Qr4Wv1pl7CBQ\n" +
"Hy1axTkHiQawUo/hgmoetCpftugl9yJTfvsBorUV1ZMxn9B1JLSGtWnbUsFRla7G\n" +
"fNa0IsUkzmmha8XCzvNu0d1PDGtcQyUqmDOE1Hx4cIBeuF8ipuIXkrVCr9zAZ4ZC\n" +
"hgz6aA1gDTW8whSRJqYEYEQ0pcMEFLyXE+Nz3O8NinO2AuxqKhjMk13203xA7lPY\n" +
"MnBQ0v7S3qqbp/pvPMiUhOz/VaYted6QmOY5EATBnFiLCuw87JXoAyp382eJ3WX1\n" +
"hOiR4IX9Tg==\n" +
"-----END CERTIFICATE-----";
// The fraudulent certificate issued by above compromised CA
static String targetCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp\n" +
"Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v\n" +
"dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE\n" +
"BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp\n" +
"ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j\n" +
"b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS\n" +
"CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q\n" +
"7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD\n" +
"ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x\n" +
"OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8\n" +
"vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2\n" +
"EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0\n" +
"dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43\n" +
"/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH\n" +
"aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u\n" +
"bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u\n" +
"IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg\n" +
"dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8\n" +
"oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s\n" +
"YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn\n" +
"b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG\n" +
"9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH\n" +
"UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB\n" +
"pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM\n" +
"FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum\n" +
"U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK\n" +
"baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==\n" +
"-----END CERTIFICATE-----";
public static void main(String args[]) throws Exception {
Exception reservedException = null;
try {
build();
} catch (CertPathBuilderException cpbe) {
reservedException = cpbe;
}
if (reservedException == null) {
throw new Exception("Unable to block fraudulent certificate");
}
System.out.println(
"The expected untrusted cert exception: " + reservedException);
}
private static X509CertSelector generateSelector() throws Exception {
// generate certificate from cert strings
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate target = null;
try (ByteArrayInputStream is =
new ByteArrayInputStream(targetCertStr.getBytes())) {
target = (X509Certificate)cf.generateCertificate(is);
}
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(target);
selector.setSubject(target.getSubjectX500Principal());
return selector;
}
private static CertStore generateCertificateStore() throws Exception {
// generate certificate from cert strings
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// generate certification path
Set<Certificate> entries = new HashSet();
try (ByteArrayInputStream is =
new ByteArrayInputStream(targetCertStr.getBytes())) {
entries.add(cf.generateCertificate(is));
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(intermediateCertStr.getBytes())) {
entries.add(cf.generateCertificate(is));
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(compromisedCertStr.getBytes())) {
entries.add(cf.generateCertificate(is));
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(untrustedCrossCertStr.getBytes())) {
entries.add(cf.generateCertificate(is));
}
return CertStore.getInstance("Collection",
new CollectionCertStoreParameters(entries));
}
private static Set<TrustAnchor> generateTrustAnchors()
throws CertificateException, IOException {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate trustedCert = null;
try (ByteArrayInputStream is =
new ByteArrayInputStream(trustedCertStr.getBytes())) {
trustedCert = cf.generateCertificate(is);
}
// generate a trust anchor
TrustAnchor anchor =
new TrustAnchor((X509Certificate)trustedCert, null);
return Collections.singleton(anchor);
}
private static void build() throws Exception {
X509CertSelector selector = generateSelector();
Set<TrustAnchor> anchors = generateTrustAnchors();
CertStore certs = generateCertificateStore();
SunCertPathBuilderParameters params =
new SunCertPathBuilderParameters(anchors, selector);
params.setBuildForward(false);
params.addCertStore(certs);
params.setRevocationEnabled(false);
params.setDate(new Date(111, 11, 25)); // 2011-12-25
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
PKIXCertPathBuilderResult result =
(PKIXCertPathBuilderResult)builder.build(params);
}
}

297
jdk/test/sun/security/provider/certpath/X509CertPath/ValidateCompromised.java Normal file
View File

@ -0,0 +1,297 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 7123519
* @summary Problem with java/classes_security
*/
import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.KeyStore;
import java.security.cert.*;
import java.security.spec.*;
import java.security.interfaces.*;
public class ValidateCompromised {
// DigiNotar Root CA, untrusted root certificate
static String trustedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\n" +
"MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\n" +
"ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\n" +
"b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\n" +
"bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\n" +
"U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\n" +
"A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\n" +
"I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\n" +
"wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\n" +
"AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\n" +
"oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\n" +
"BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\n" +
"dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\n" +
"MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\n" +
"b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\n" +
"dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\n" +
"MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\n" +
"E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\n" +
"MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\n" +
"hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\n" +
"95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\n" +
"2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\n" +
"-----END CERTIFICATE-----";
// DigiNotar Root CA, untrusted cross-certificate
static String untrustedCrossCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" +
"MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" +
"EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" +
"hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" +
"ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" +
"OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" +
"hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" +
"gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" +
"IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" +
"BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" +
"Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" +
"5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" +
"DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" +
"9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" +
"7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" +
"ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" +
"BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" +
"BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" +
"VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" +
"bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" +
"A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" +
"BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" +
"xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" +
"ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" +
"ZFdYf+hthc3m6IcJ\n" +
"-----END CERTIFICATE-----";
// DigiNotar Root CA, compromised certificate
static String compromisedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
"Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
"HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES\n" +
"MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg\n" +
"MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB\n" +
"AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B\n" +
"8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY\n" +
"tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl\n" +
"HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj\n" +
"zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU\n" +
"JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM\n" +
"ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv\n" +
"a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p\n" +
"K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi\n" +
"puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT\n" +
"yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO\n" +
"owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV\n" +
"HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC\n" +
"jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy\n" +
"fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo\n" +
"Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo\n" +
"M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM\n" +
"Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed\n" +
"2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH\n" +
"/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl\n" +
"nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE\n" +
"O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU\n" +
"9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9\n" +
"j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr\n" +
"-----END CERTIFICATE-----";
// DigiNotar Public CA 2025, intermediate certificate
static String intermediateCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIGAzCCA+ugAwIBAgIQHn16Uz1FMEGWQA9xSB9FBDANBgkqhkiG9w0BAQUFADBf\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
"Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
"HhcNMDYwMjA2MTYwNzAyWhcNMjUwMzI4MTYwNzAyWjBmMQswCQYDVQQGEwJOTDES\n" +
"MBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdpTm90YXIgUHVibGljIENB\n" +
"IDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5vdGFyLm5sMIIBIjANBgkq\n" +
"hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/2eu/I5fMG8lbvPph3e8zfJpZQtg/72\n" +
"Yx29+ivtKehiF6A3n785XyoY6IT3vlCrhy1CbMOY3M0x1n4YQlv17B0XZ/DqHyBA\n" +
"SQvnDNbkM9j4NoSy/sRtGsP6PetIFFjrhE9whZuvuSUC1PY4PruEEJp8zOCx4+wU\n" +
"Zt9xvjy4Xra+bSia5rwccQ/R5FYTGKrYCthOy9C9ud5Fhd++rlVhgdA/78w+Cs2s\n" +
"xS4i0MAxG75P3/e/bATJKepbydHdDjkyz9o3RW/wdPUXhzEw4EwUjYg6XJrDzMad\n" +
"6aL9M/eaxDjgz6o48EaWRDrGptaE2uJRuErVz7oOO0p/wYKq/BU+/wIDAQABo4IB\n" +
"sjCCAa4wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vdmFsaWRh\n" +
"dGlvbi5kaWdpbm90YXIubmwwHwYDVR0jBBgwFoAUiGi/4I41xDs4a2L3KDuEgcgM\n" +
"100wEgYDVR0TAQH/BAgwBgEB/wIBADCBxgYDVR0gBIG+MIG7MIG4Bg5ghBABh2kB\n" +
"AQEBBQIGBDCBpTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpbm90YXIubmwv\n" +
"Y3BzMHoGCCsGAQUFBwICMG4abENvbmRpdGlvbnMsIGFzIG1lbnRpb25lZCBvbiBv\n" +
"dXIgd2Vic2l0ZSAod3d3LmRpZ2lub3Rhci5ubCksIGFyZSBhcHBsaWNhYmxlIHRv\n" +
"IGFsbCBvdXIgcHJvZHVjdHMgYW5kIHNlcnZpY2VzLjBDBgNVHR8EPDA6MDigNqA0\n" +
"hjJodHRwOi8vc2VydmljZS5kaWdpbm90YXIubmwvY3JsL3Jvb3QvbGF0ZXN0Q1JM\n" +
"LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFN8zwK+S/jf8ttgWFtDZsZHV\n" +
"+m6lMA0GCSqGSIb3DQEBBQUAA4ICAQCfV1rmBd9QStEyQ40lT0tqby0/3ez0STuJ\n" +
"ESBQLQD56XYdb4VFSuqA6xTtiuSVHLoiv2xyISN9FvX3A5VtifkJ00JEaLQJiSsE\n" +
"wGDkYGl1DT7SsqtAVKdMAuCM+e0j0/RV3hZ6kcrM7/wFccHwM+/TiurR9lgZDzB4\n" +
"a7++A4XrYyKx9vc9ZwBEnD1nrAe7++gg9cuZgP7e+QL0FBHMjpw+gnCDjr2dzBZC\n" +
"4r+b8SOqlbPRPexBuNghlc7PfcPIyFis2LJXDRMWiAd3TcfdALwRsuKMR/T+cwyr\n" +
"asy69OEGHplLT57otQ524BDctDXNzlH9bHEh52QzqkWvIDqs42910IUy1nYNPIUG\n" +
"yYJV/T7H8Jb6vfMZWe47iUFvtNZCi8+b542gRUwdi+ca+hGviBC9Qr4Wv1pl7CBQ\n" +
"Hy1axTkHiQawUo/hgmoetCpftugl9yJTfvsBorUV1ZMxn9B1JLSGtWnbUsFRla7G\n" +
"fNa0IsUkzmmha8XCzvNu0d1PDGtcQyUqmDOE1Hx4cIBeuF8ipuIXkrVCr9zAZ4ZC\n" +
"hgz6aA1gDTW8whSRJqYEYEQ0pcMEFLyXE+Nz3O8NinO2AuxqKhjMk13203xA7lPY\n" +
"MnBQ0v7S3qqbp/pvPMiUhOz/VaYted6QmOY5EATBnFiLCuw87JXoAyp382eJ3WX1\n" +
"hOiR4IX9Tg==\n" +
"-----END CERTIFICATE-----";
// The fraudulent certificate issued by above compromised CA
static String targetCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp\n" +
"Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v\n" +
"dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE\n" +
"BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp\n" +
"ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j\n" +
"b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS\n" +
"CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q\n" +
"7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD\n" +
"ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x\n" +
"OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8\n" +
"vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2\n" +
"EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0\n" +
"dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43\n" +
"/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH\n" +
"aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u\n" +
"bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u\n" +
"IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg\n" +
"dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8\n" +
"oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s\n" +
"YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn\n" +
"b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG\n" +
"9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH\n" +
"UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB\n" +
"pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM\n" +
"FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum\n" +
"U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK\n" +
"baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==\n" +
"-----END CERTIFICATE-----";
public static void main(String args[]) throws Exception {
Exception reservedException = null;
try {
validate();
} catch (CertPathValidatorException cpve) {
reservedException = cpve;
}
if (reservedException == null) {
throw new Exception("Unable to block fraudulent certificate");
}
System.out.println(
"The expected untrusted cert exception: " + reservedException);
}
private static CertPath generateCertificatePath()
throws CertificateException, IOException {
// generate certificate from cert strings
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// generate certification path
List<Certificate> list = new ArrayList();
try (ByteArrayInputStream is =
new ByteArrayInputStream(targetCertStr.getBytes())) {
list.add(cf.generateCertificate(is));
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(intermediateCertStr.getBytes())) {
list.add(cf.generateCertificate(is));
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(compromisedCertStr.getBytes())) {
list.add(cf.generateCertificate(is));
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(untrustedCrossCertStr.getBytes())) {
list.add(cf.generateCertificate(is));
}
return cf.generateCertPath(list);
}
private static Set<TrustAnchor> generateTrustAnchors()
throws CertificateException, IOException {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate trustedCert = null;
try (ByteArrayInputStream is =
new ByteArrayInputStream(trustedCertStr.getBytes())) {
trustedCert = cf.generateCertificate(is);
}
// generate a trust anchor
TrustAnchor anchor =
new TrustAnchor((X509Certificate)trustedCert, null);
return Collections.singleton(anchor);
}
private static void validate()
throws CertPathValidatorException, Exception {
CertPath path = generateCertificatePath();
Set<TrustAnchor> anchors = generateTrustAnchors();
PKIXParameters params = new PKIXParameters(anchors);
// disable certificate revocation checking
params.setRevocationEnabled(false);
// set the validation time
params.setDate(new Date(111, 11, 25)); // 2011-12-25
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
validator.validate(path, params);
}
}

305
jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/ComodoHacker.java Normal file
View File

@ -0,0 +1,305 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 7123519
* @summary Problem with java/classes_security
* @run main/othervm ComodoHacker PKIX
* @run main/othervm ComodoHacker SunX509
*/
import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
import java.security.spec.*;
import java.security.interfaces.*;
public class ComodoHacker {
// DigiNotar Root CA, untrusted root certificate
static String trustedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\n" +
"MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\n" +
"ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\n" +
"b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\n" +
"bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\n" +
"U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\n" +
"A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\n" +
"I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\n" +
"wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\n" +
"AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\n" +
"oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\n" +
"BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\n" +
"dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\n" +
"MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\n" +
"b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\n" +
"dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\n" +
"MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\n" +
"E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\n" +
"MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\n" +
"hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\n" +
"95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\n" +
"2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\n" +
"-----END CERTIFICATE-----";
// DigiNotar Root CA, untrusted cross-certificate
static String untrustedCrossCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" +
"MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" +
"EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" +
"hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" +
"ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" +
"OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" +
"hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" +
"gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" +
"IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" +
"BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" +
"Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" +
"5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" +
"DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" +
"9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" +
"7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" +
"ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" +
"BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" +
"BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" +
"VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" +
"bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" +
"A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" +
"BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" +
"xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" +
"ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" +
"ZFdYf+hthc3m6IcJ\n" +
"-----END CERTIFICATE-----";
// DigiNotar Root CA, compromised certificate
static String compromisedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
"Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
"HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES\n" +
"MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg\n" +
"MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB\n" +
"AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B\n" +
"8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY\n" +
"tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl\n" +
"HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj\n" +
"zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU\n" +
"JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM\n" +
"ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv\n" +
"a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p\n" +
"K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi\n" +
"puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT\n" +
"yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO\n" +
"owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV\n" +
"HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC\n" +
"jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy\n" +
"fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo\n" +
"Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo\n" +
"M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM\n" +
"Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed\n" +
"2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH\n" +
"/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl\n" +
"nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE\n" +
"O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU\n" +
"9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9\n" +
"j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr\n" +
"-----END CERTIFICATE-----";
// DigiNotar Public CA 2025, intermediate certificate
static String intermediateCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIGAzCCA+ugAwIBAgIQHn16Uz1FMEGWQA9xSB9FBDANBgkqhkiG9w0BAQUFADBf\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
"Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
"HhcNMDYwMjA2MTYwNzAyWhcNMjUwMzI4MTYwNzAyWjBmMQswCQYDVQQGEwJOTDES\n" +
"MBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdpTm90YXIgUHVibGljIENB\n" +
"IDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5vdGFyLm5sMIIBIjANBgkq\n" +
"hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/2eu/I5fMG8lbvPph3e8zfJpZQtg/72\n" +
"Yx29+ivtKehiF6A3n785XyoY6IT3vlCrhy1CbMOY3M0x1n4YQlv17B0XZ/DqHyBA\n" +
"SQvnDNbkM9j4NoSy/sRtGsP6PetIFFjrhE9whZuvuSUC1PY4PruEEJp8zOCx4+wU\n" +
"Zt9xvjy4Xra+bSia5rwccQ/R5FYTGKrYCthOy9C9ud5Fhd++rlVhgdA/78w+Cs2s\n" +
"xS4i0MAxG75P3/e/bATJKepbydHdDjkyz9o3RW/wdPUXhzEw4EwUjYg6XJrDzMad\n" +
"6aL9M/eaxDjgz6o48EaWRDrGptaE2uJRuErVz7oOO0p/wYKq/BU+/wIDAQABo4IB\n" +
"sjCCAa4wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vdmFsaWRh\n" +
"dGlvbi5kaWdpbm90YXIubmwwHwYDVR0jBBgwFoAUiGi/4I41xDs4a2L3KDuEgcgM\n" +
"100wEgYDVR0TAQH/BAgwBgEB/wIBADCBxgYDVR0gBIG+MIG7MIG4Bg5ghBABh2kB\n" +
"AQEBBQIGBDCBpTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpbm90YXIubmwv\n" +
"Y3BzMHoGCCsGAQUFBwICMG4abENvbmRpdGlvbnMsIGFzIG1lbnRpb25lZCBvbiBv\n" +
"dXIgd2Vic2l0ZSAod3d3LmRpZ2lub3Rhci5ubCksIGFyZSBhcHBsaWNhYmxlIHRv\n" +
"IGFsbCBvdXIgcHJvZHVjdHMgYW5kIHNlcnZpY2VzLjBDBgNVHR8EPDA6MDigNqA0\n" +
"hjJodHRwOi8vc2VydmljZS5kaWdpbm90YXIubmwvY3JsL3Jvb3QvbGF0ZXN0Q1JM\n" +
"LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFN8zwK+S/jf8ttgWFtDZsZHV\n" +
"+m6lMA0GCSqGSIb3DQEBBQUAA4ICAQCfV1rmBd9QStEyQ40lT0tqby0/3ez0STuJ\n" +
"ESBQLQD56XYdb4VFSuqA6xTtiuSVHLoiv2xyISN9FvX3A5VtifkJ00JEaLQJiSsE\n" +
"wGDkYGl1DT7SsqtAVKdMAuCM+e0j0/RV3hZ6kcrM7/wFccHwM+/TiurR9lgZDzB4\n" +
"a7++A4XrYyKx9vc9ZwBEnD1nrAe7++gg9cuZgP7e+QL0FBHMjpw+gnCDjr2dzBZC\n" +
"4r+b8SOqlbPRPexBuNghlc7PfcPIyFis2LJXDRMWiAd3TcfdALwRsuKMR/T+cwyr\n" +
"asy69OEGHplLT57otQ524BDctDXNzlH9bHEh52QzqkWvIDqs42910IUy1nYNPIUG\n" +
"yYJV/T7H8Jb6vfMZWe47iUFvtNZCi8+b542gRUwdi+ca+hGviBC9Qr4Wv1pl7CBQ\n" +
"Hy1axTkHiQawUo/hgmoetCpftugl9yJTfvsBorUV1ZMxn9B1JLSGtWnbUsFRla7G\n" +
"fNa0IsUkzmmha8XCzvNu0d1PDGtcQyUqmDOE1Hx4cIBeuF8ipuIXkrVCr9zAZ4ZC\n" +
"hgz6aA1gDTW8whSRJqYEYEQ0pcMEFLyXE+Nz3O8NinO2AuxqKhjMk13203xA7lPY\n" +
"MnBQ0v7S3qqbp/pvPMiUhOz/VaYted6QmOY5EATBnFiLCuw87JXoAyp382eJ3WX1\n" +
"hOiR4IX9Tg==\n" +
"-----END CERTIFICATE-----";
// The fraudulent certificate issued by above compromised CA
static String targetCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm\n" +
"MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp\n" +
"Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v\n" +
"dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE\n" +
"BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp\n" +
"ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j\n" +
"b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS\n" +
"CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q\n" +
"7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD\n" +
"ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x\n" +
"OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8\n" +
"vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2\n" +
"EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0\n" +
"dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43\n" +
"/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH\n" +
"aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u\n" +
"bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u\n" +
"IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg\n" +
"dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8\n" +
"oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s\n" +
"YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn\n" +
"b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG\n" +
"9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH\n" +
"UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB\n" +
"pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM\n" +
"FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum\n" +
"U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK\n" +
"baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==\n" +
"-----END CERTIFICATE-----";
private static String tmAlgorithm; // trust manager
public static void main(String args[]) throws Exception {
// Get the customized arguments.
parseArguments(args);
X509TrustManager tm = getTrustManager();
X509Certificate[] chain = getFraudulentChain();
Exception reservedException = null;
try {
tm.checkClientTrusted(chain, "RSA");
} catch (CertificateException ce) {
reservedException = ce;
}
if (reservedException == null) {
throw new Exception("Unable to block fraudulent certificate");
}
reservedException = null;
try {
tm.checkServerTrusted(chain, "RSA");
} catch (CertificateException ce) {
reservedException = ce;
}
if (reservedException == null) {
throw new Exception("Unable to block fraudulent certificate");
}
System.out.println(
"The expected untrusted cert exception: " + reservedException);
}
private static void parseArguments(String[] args) {
tmAlgorithm = args[0];
}
private static X509TrustManager getTrustManager() throws Exception {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// create a key store
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
// import the trusted cert
try (ByteArrayInputStream is =
new ByteArrayInputStream(trustedCertStr.getBytes())) {
Certificate trustedCert = cf.generateCertificate(is);
ks.setCertificateEntry("RSA Export Signer", trustedCert);
}
// create the trust manager
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlgorithm);
tmf.init(ks);
return (X509TrustManager)tmf.getTrustManagers()[0];
}
private static X509Certificate[] getFraudulentChain() throws Exception {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate[] chain = new X509Certificate[4];
try (ByteArrayInputStream is =
new ByteArrayInputStream(targetCertStr.getBytes())) {
chain[0] = (X509Certificate)cf.generateCertificate(is);
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(intermediateCertStr.getBytes())) {
chain[1] = (X509Certificate)cf.generateCertificate(is);
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(compromisedCertStr.getBytes())) {
chain[2] = (X509Certificate)cf.generateCertificate(is);
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(untrustedCrossCertStr.getBytes())) {
chain[3] = (X509Certificate)cf.generateCertificate(is);
}
return chain;
}
}