diff options
Diffstat (limited to 'java/openjdk7/files/patch-u3')
| -rw-r--r-- | java/openjdk7/files/patch-u3 | 4326 |
1 files changed, 0 insertions, 4326 deletions
diff --git a/java/openjdk7/files/patch-u3 b/java/openjdk7/files/patch-u3 deleted file mode 100644 index b44fa61ee87b..000000000000 --- a/java/openjdk7/files/patch-u3 +++ /dev/null @@ -1,4326 +0,0 @@ -diff -uNr -x '.hg*' jdk7u2/corba/src/share/classes/com/sun/corba/se/impl/dynamicany/DynAnyFactoryImpl.java jdk7u3/corba/src/share/classes/com/sun/corba/se/impl/dynamicany/DynAnyFactoryImpl.java ---- corba/src/share/classes/com/sun/corba/se/impl/dynamicany/DynAnyFactoryImpl.java 2012-04-17 17:40:35.000000000 -0400 -+++ corba/src/share/classes/com/sun/corba/se/impl/dynamicany/DynAnyFactoryImpl.java 2012-04-17 17:50:37.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -82,6 +82,6 @@ - private String[] __ids = { "IDL:omg.org/DynamicAny/DynAnyFactory:1.0" }; - - public String[] _ids() { -- return __ids; -+ return (String[])__ids.clone(); - } - } -diff -uNr -x '.hg*' jdk7u2/corba/src/share/classes/com/sun/corba/se/impl/dynamicany/DynAnyImpl.java jdk7u3/corba/src/share/classes/com/sun/corba/se/impl/dynamicany/DynAnyImpl.java ---- corba/src/share/classes/com/sun/corba/se/impl/dynamicany/DynAnyImpl.java 2012-04-17 17:40:35.000000000 -0400 -+++ corba/src/share/classes/com/sun/corba/se/impl/dynamicany/DynAnyImpl.java 2012-04-17 17:50:37.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -195,6 +195,6 @@ - private String[] __ids = { "IDL:omg.org/DynamicAny/DynAny:1.0" }; - - public String[] _ids() { -- return __ids; -+ return (String[])__ids.clone(); - } - } -diff -uNr -x '.hg*' jdk7u2/corba/src/share/classes/com/sun/org/omg/SendingContext/_CodeBaseImplBase.java jdk7u3/corba/src/share/classes/com/sun/org/omg/SendingContext/_CodeBaseImplBase.java ---- corba/src/share/classes/com/sun/org/omg/SendingContext/_CodeBaseImplBase.java 2012-04-17 17:40:36.000000000 -0400 -+++ corba/src/share/classes/com/sun/org/omg/SendingContext/_CodeBaseImplBase.java 2012-04-17 17:50:39.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -138,7 +138,7 @@ - - public String[] _ids () - { -- return __ids; -+ return (String[])__ids.clone(); - } - - -diff -uNr -x '.hg*' jdk7u2/hotspot/make/hotspot_version jdk7u3/hotspot/make/hotspot_version ---- hotspot/make/hotspot_version 2012-04-17 17:34:59.000000000 -0400 -+++ hotspot/make/hotspot_version 2012-04-17 17:50:17.000000000 -0400 -@@ -34,12 +34,12 @@ - HOTSPOT_VM_COPYRIGHT=Copyright 2011 - - HS_MAJOR_VER=22 --HS_MINOR_VER=0 --HS_BUILD_NUMBER=10 -+HS_MINOR_VER=1 -+HS_BUILD_NUMBER=02 - - JDK_MAJOR_VER=1 --JDK_MINOR_VER=8 -+JDK_MINOR_VER=7 - JDK_MICRO_VER=0 - - # Previous (bootdir) JDK version --JDK_PREVIOUS_VERSION=1.7.0 -+JDK_PREVIOUS_VERSION=1.6.0 -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/com/sun/media/sound/DirectAudioDevice.java jdk7u3/jdk/src/share/classes/com/sun/media/sound/DirectAudioDevice.java ---- jdk/src/share/classes/com/sun/media/sound/DirectAudioDevice.java 2012-04-17 17:39:04.000000000 -0400 -+++ jdk/src/share/classes/com/sun/media/sound/DirectAudioDevice.java 2012-04-17 17:48:41.000000000 -0400 -@@ -736,7 +736,7 @@ - if (off < 0) { - throw new ArrayIndexOutOfBoundsException(off); - } -- if (off + len > b.length) { -+ if ((long)off + (long)len > (long)b.length) { - throw new ArrayIndexOutOfBoundsException(b.length); - } - -@@ -964,7 +964,7 @@ - if (off < 0) { - throw new ArrayIndexOutOfBoundsException(off); - } -- if (off + len > b.length) { -+ if ((long)off + (long)len > (long)b.length) { - throw new ArrayIndexOutOfBoundsException(b.length); - } - if (!isActive() && doIO) { -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/com/sun/media/sound/SoftMixingSourceDataLine.java jdk7u3/jdk/src/share/classes/com/sun/media/sound/SoftMixingSourceDataLine.java ---- jdk/src/share/classes/com/sun/media/sound/SoftMixingSourceDataLine.java 2012-04-17 17:39:04.000000000 -0400 -+++ jdk/src/share/classes/com/sun/media/sound/SoftMixingSourceDataLine.java 2012-04-17 17:48:41.000000000 -0400 -@@ -130,6 +130,12 @@ - if (len % framesize != 0) - throw new IllegalArgumentException( - "Number of bytes does not represent an integral number of sample frames."); -+ if (off < 0) { -+ throw new ArrayIndexOutOfBoundsException(off); -+ } -+ if ((long)off + (long)len > (long)b.length) { -+ throw new ArrayIndexOutOfBoundsException(b.length); -+ } - - byte[] buff = cycling_buffer; - int buff_len = cycling_buffer.length; -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/java/awt/KeyboardFocusManager.java jdk7u3/jdk/src/share/classes/java/awt/KeyboardFocusManager.java ---- jdk/src/share/classes/java/awt/KeyboardFocusManager.java 2012-04-17 17:39:07.000000000 -0400 -+++ jdk/src/share/classes/java/awt/KeyboardFocusManager.java 2012-04-17 17:48:43.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -503,14 +503,8 @@ - */ - protected Component getGlobalFocusOwner() throws SecurityException { - synchronized (KeyboardFocusManager.class) { -- if (this == getCurrentKeyboardFocusManager()) { -- return focusOwner; -- } else { -- if (focusLog.isLoggable(PlatformLogger.FINER)) { -- focusLog.finer("This manager is " + this + ", current is " + getCurrentKeyboardFocusManager()); -- } -- throw new SecurityException(notPrivileged); -- } -+ checkCurrentKFMSecurity(); -+ return focusOwner; - } - } - -@@ -544,6 +538,8 @@ - - if (focusOwner == null || focusOwner.isFocusable()) { - synchronized (KeyboardFocusManager.class) { -+ checkCurrentKFMSecurity(); -+ - oldFocusOwner = getFocusOwner(); - - try { -@@ -593,6 +589,9 @@ - * @see java.awt.event.FocusEvent#FOCUS_LOST - */ - public void clearGlobalFocusOwner() { -+ synchronized (KeyboardFocusManager.class) { -+ checkCurrentKFMSecurity(); -+ } - if (!GraphicsEnvironment.isHeadless()) { - // Toolkit must be fully initialized, otherwise - // _clearGlobalFocusOwner will crash or throw an exception -@@ -672,14 +671,8 @@ - throws SecurityException - { - synchronized (KeyboardFocusManager.class) { -- if (this == getCurrentKeyboardFocusManager()) { -- return permanentFocusOwner; -- } else { -- if (focusLog.isLoggable(PlatformLogger.FINER)) { -- focusLog.finer("This manager is " + this + ", current is " + getCurrentKeyboardFocusManager()); -- } -- throw new SecurityException(notPrivileged); -- } -+ checkCurrentKFMSecurity(); -+ return permanentFocusOwner; - } - } - -@@ -708,13 +701,14 @@ - * @beaninfo - * bound: true - */ -- protected void setGlobalPermanentFocusOwner(Component permanentFocusOwner) -- { -+ protected void setGlobalPermanentFocusOwner(Component permanentFocusOwner) { - Component oldPermanentFocusOwner = null; - boolean shouldFire = false; - - if (permanentFocusOwner == null || permanentFocusOwner.isFocusable()) { - synchronized (KeyboardFocusManager.class) { -+ checkCurrentKFMSecurity(); -+ - oldPermanentFocusOwner = getPermanentFocusOwner(); - - try { -@@ -780,14 +774,8 @@ - */ - protected Window getGlobalFocusedWindow() throws SecurityException { - synchronized (KeyboardFocusManager.class) { -- if (this == getCurrentKeyboardFocusManager()) { -- return focusedWindow; -- } else { -- if (focusLog.isLoggable(PlatformLogger.FINER)) { -- focusLog.finer("This manager is " + this + ", current is " + getCurrentKeyboardFocusManager()); -- } -- throw new SecurityException(notPrivileged); -- } -+ checkCurrentKFMSecurity(); -+ return focusedWindow; - } - } - -@@ -818,6 +806,8 @@ - - if (focusedWindow == null || focusedWindow.isFocusableWindow()) { - synchronized (KeyboardFocusManager.class) { -+ checkCurrentKFMSecurity(); -+ - oldFocusedWindow = getFocusedWindow(); - - try { -@@ -884,14 +874,8 @@ - */ - protected Window getGlobalActiveWindow() throws SecurityException { - synchronized (KeyboardFocusManager.class) { -- if (this == getCurrentKeyboardFocusManager()) { -- return activeWindow; -- } else { -- if (focusLog.isLoggable(PlatformLogger.FINER)) { -- focusLog.finer("This manager is " + this + ", current is " + getCurrentKeyboardFocusManager()); -- } -- throw new SecurityException(notPrivileged); -- } -+ checkCurrentKFMSecurity(); -+ return activeWindow; - } - } - -@@ -920,6 +904,8 @@ - protected void setGlobalActiveWindow(Window activeWindow) { - Window oldActiveWindow; - synchronized (KeyboardFocusManager.class) { -+ checkCurrentKFMSecurity(); -+ - oldActiveWindow = getActiveWindow(); - if (focusLog.isLoggable(PlatformLogger.FINER)) { - focusLog.finer("Setting global active window to " + activeWindow + ", old active " + oldActiveWindow); -@@ -1214,14 +1200,8 @@ - throws SecurityException - { - synchronized (KeyboardFocusManager.class) { -- if (this == getCurrentKeyboardFocusManager()) { -- return currentFocusCycleRoot; -- } else { -- if (focusLog.isLoggable(PlatformLogger.FINER)) { -- focusLog.finer("This manager is " + this + ", current is " + getCurrentKeyboardFocusManager()); -- } -- throw new SecurityException(notPrivileged); -- } -+ checkCurrentKFMSecurity(); -+ return currentFocusCycleRoot; - } - } - -@@ -1245,6 +1225,8 @@ - Container oldFocusCycleRoot; - - synchronized (KeyboardFocusManager.class) { -+ checkCurrentKFMSecurity(); -+ - oldFocusCycleRoot = getCurrentFocusCycleRoot(); - currentFocusCycleRoot = newFocusCycleRoot; - } -@@ -3062,4 +3044,14 @@ - : null; - } - } -+ -+ private void checkCurrentKFMSecurity() { -+ if (this != getCurrentKeyboardFocusManager()) { -+ if (focusLog.isLoggable(PlatformLogger.FINER)) { -+ focusLog.finer("This manager is " + this + -+ ", current is " + getCurrentKeyboardFocusManager()); -+ } -+ throw new SecurityException(notPrivileged); -+ } -+ } - } -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/java/io/ObjectStreamClass.java jdk7u3/jdk/src/share/classes/java/io/ObjectStreamClass.java ---- jdk/src/share/classes/java/io/ObjectStreamClass.java 2012-04-17 17:39:08.000000000 -0400 -+++ jdk/src/share/classes/java/io/ObjectStreamClass.java 2012-04-17 17:48:44.000000000 -0400 -@@ -123,14 +123,39 @@ - */ - private boolean hasBlockExternalData = true; - -+ /** -+ * Contains information about InvalidClassException instances to be thrown -+ * when attempting operations on an invalid class. Note that instances of -+ * this class are immutable and are potentially shared among -+ * ObjectStreamClass instances. -+ */ -+ private static class ExceptionInfo { -+ private final String className; -+ private final String message; -+ -+ ExceptionInfo(String cn, String msg) { -+ className = cn; -+ message = msg; -+ } -+ -+ /** -+ * Returns (does not throw) an InvalidClassException instance created -+ * from the information in this object, suitable for being thrown by -+ * the caller. -+ */ -+ InvalidClassException newInvalidClassException() { -+ return new InvalidClassException(className, message); -+ } -+ } -+ - /** exception (if any) thrown while attempting to resolve class */ - private ClassNotFoundException resolveEx; - /** exception (if any) to throw if non-enum deserialization attempted */ -- private InvalidClassException deserializeEx; -+ private ExceptionInfo deserializeEx; - /** exception (if any) to throw if non-enum serialization attempted */ -- private InvalidClassException serializeEx; -+ private ExceptionInfo serializeEx; - /** exception (if any) to throw if default serialization attempted */ -- private InvalidClassException defaultSerializeEx; -+ private ExceptionInfo defaultSerializeEx; - - /** serializable fields */ - private ObjectStreamField[] fields; -@@ -444,7 +469,8 @@ - fields = getSerialFields(cl); - computeFieldOffsets(); - } catch (InvalidClassException e) { -- serializeEx = deserializeEx = e; -+ serializeEx = deserializeEx = -+ new ExceptionInfo(e.classname, e.getMessage()); - fields = NO_FIELDS; - } - -@@ -483,15 +509,14 @@ - - if (deserializeEx == null) { - if (isEnum) { -- deserializeEx = new InvalidClassException(name, "enum type"); -+ deserializeEx = new ExceptionInfo(name, "enum type"); - } else if (cons == null) { -- deserializeEx = new InvalidClassException( -- name, "no valid constructor"); -+ deserializeEx = new ExceptionInfo(name, "no valid constructor"); - } - } - for (int i = 0; i < fields.length; i++) { - if (fields[i].getField() == null) { -- defaultSerializeEx = new InvalidClassException( -+ defaultSerializeEx = new ExceptionInfo( - name, "unmatched serializable field(s) declared"); - } - } -@@ -601,8 +626,8 @@ - (externalizable != localDesc.externalizable) || - !(serializable || externalizable)) - { -- deserializeEx = new InvalidClassException(localDesc.name, -- "class invalid for deserialization"); -+ deserializeEx = new ExceptionInfo( -+ localDesc.name, "class invalid for deserialization"); - } - } - -@@ -727,11 +752,7 @@ - */ - void checkDeserialize() throws InvalidClassException { - if (deserializeEx != null) { -- InvalidClassException ice = -- new InvalidClassException(deserializeEx.classname, -- deserializeEx.getMessage()); -- ice.initCause(deserializeEx); -- throw ice; -+ throw deserializeEx.newInvalidClassException(); - } - } - -@@ -742,11 +763,7 @@ - */ - void checkSerialize() throws InvalidClassException { - if (serializeEx != null) { -- InvalidClassException ice = -- new InvalidClassException(serializeEx.classname, -- serializeEx.getMessage()); -- ice.initCause(serializeEx); -- throw ice; -+ throw serializeEx.newInvalidClassException(); - } - } - -@@ -759,11 +776,7 @@ - */ - void checkDefaultSerialize() throws InvalidClassException { - if (defaultSerializeEx != null) { -- InvalidClassException ice = -- new InvalidClassException(defaultSerializeEx.classname, -- defaultSerializeEx.getMessage()); -- ice.initCause(defaultSerializeEx); -- throw ice; -+ throw defaultSerializeEx.newInvalidClassException(); - } - } - -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/java/util/TimeZone.java jdk7u3/jdk/src/share/classes/java/util/TimeZone.java ---- jdk/src/share/classes/java/util/TimeZone.java 2012-04-17 17:39:10.000000000 -0400 -+++ jdk/src/share/classes/java/util/TimeZone.java 2012-04-17 17:48:47.000000000 -0400 -@@ -43,6 +43,7 @@ - import java.security.AccessController; - import java.security.PrivilegedAction; - import java.util.concurrent.ConcurrentHashMap; -+import sun.awt.AppContext; - import sun.security.action.GetPropertyAction; - import sun.util.TimeZoneNameUtility; - import sun.util.calendar.ZoneInfo; -@@ -615,7 +616,7 @@ - * method doesn't create a clone. - */ - static TimeZone getDefaultRef() { -- TimeZone defaultZone = defaultZoneTL.get(); -+ TimeZone defaultZone = getDefaultInAppContext(); - if (defaultZone == null) { - defaultZone = defaultTimeZone; - if (defaultZone == null) { -@@ -706,10 +707,49 @@ - if (hasPermission()) { - synchronized (TimeZone.class) { - defaultTimeZone = zone; -- defaultZoneTL.set(null); -+ setDefaultInAppContext(null); - } - } else { -- defaultZoneTL.set(zone); -+ setDefaultInAppContext(zone); -+ } -+ } -+ -+ /** -+ * Returns the default TimeZone in an AppContext if any AppContext -+ * has ever used. null is returned if any AppContext hasn't been -+ * used or if the AppContext doesn't have the default TimeZone. -+ */ -+ private synchronized static TimeZone getDefaultInAppContext() { -+ if (!hasSetInAppContext) { -+ return null; -+ } -+ -+ AppContext ac = AppContext.getAppContext(); -+ if (ac != null && !ac.isDisposed()) { -+ return (TimeZone) ac.get(TimeZone.class); -+ } -+ return null; -+ } -+ -+ /** -+ * Sets the default TimeZone in the AppContext to the given -+ * tz. null is handled special: do nothing if any AppContext -+ * hasn't been used, remove the default TimeZone in the -+ * AppContext otherwise. -+ */ -+ private synchronized static void setDefaultInAppContext(TimeZone tz) { -+ if (!hasSetInAppContext && tz == null) { -+ return; -+ } -+ -+ AppContext ac = AppContext.getAppContext(); -+ if (ac != null && !ac.isDisposed()) { -+ if (tz != null) { -+ ac.put(TimeZone.class, tz); -+ hasSetInAppContext = true; -+ } else { -+ ac.remove(TimeZone.class); -+ } - } - } - -@@ -760,12 +800,13 @@ - */ - private String ID; - private static volatile TimeZone defaultTimeZone; -- private static final InheritableThreadLocal<TimeZone> defaultZoneTL -- = new InheritableThreadLocal<TimeZone>(); - - static final String GMT_ID = "GMT"; - private static final int GMT_ID_LENGTH = 3; - -+ // true if the default TimeZone has been set in any AppContext -+ private static boolean hasSetInAppContext; -+ - /** - * Parses a custom time zone identifier and returns a corresponding zone. - * This method doesn't support the RFC 822 time zone format. (e.g., +hhmm) -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java jdk7u3/jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java ---- jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java 2012-04-17 17:39:10.000000000 -0400 -+++ jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java 2012-04-17 17:48:47.000000000 -0400 -@@ -34,8 +34,10 @@ - */ - - package java.util.concurrent.atomic; -+ -+import java.lang.reflect.Array; -+import java.util.Arrays; - import sun.misc.Unsafe; --import java.util.*; - - /** - * An array of object references in which elements may be updated -@@ -49,13 +51,23 @@ - public class AtomicReferenceArray<E> implements java.io.Serializable { - private static final long serialVersionUID = -6209656149925076980L; - -- private static final Unsafe unsafe = Unsafe.getUnsafe(); -- private static final int base = unsafe.arrayBaseOffset(Object[].class); -+ private static final Unsafe unsafe; -+ private static final int base; - private static final int shift; -- private final Object[] array; -+ private static final long arrayFieldOffset; -+ private final Object[] array; // must have exact type Object[] - - static { -- int scale = unsafe.arrayIndexScale(Object[].class); -+ int scale; -+ try { -+ unsafe = Unsafe.getUnsafe(); -+ arrayFieldOffset = unsafe.objectFieldOffset -+ (AtomicReferenceArray.class.getDeclaredField("array")); -+ base = unsafe.arrayBaseOffset(Object[].class); -+ scale = unsafe.arrayIndexScale(Object[].class); -+ } catch (Exception e) { -+ throw new Error(e); -+ } - if ((scale & (scale - 1)) != 0) - throw new Error("data type scale not a power of two"); - shift = 31 - Integer.numberOfLeadingZeros(scale); -@@ -91,7 +103,7 @@ - */ - public AtomicReferenceArray(E[] array) { - // Visibility guaranteed by final field guarantees -- this.array = array.clone(); -+ this.array = Arrays.copyOf(array, array.length, Object[].class); - } - - /** -@@ -150,7 +162,7 @@ - public final E getAndSet(int i, E newValue) { - long offset = checkedByteOffset(i); - while (true) { -- E current = (E) getRaw(offset); -+ E current = getRaw(offset); - if (compareAndSetRaw(offset, current, newValue)) - return current; - } -@@ -196,7 +208,7 @@ - * @return the String representation of the current values of array - */ - public String toString() { -- int iMax = array.length - 1; -+ int iMax = array.length - 1; - if (iMax == -1) - return "[]"; - -@@ -210,4 +222,19 @@ - } - } - -+ /** -+ * Reconstitutes the instance from a stream (that is, deserializes it). -+ * @param s the stream -+ */ -+ private void readObject(java.io.ObjectInputStream s) -+ throws java.io.IOException, ClassNotFoundException { -+ // Note: This must be changed if any additional fields are defined -+ Object a = s.readFields().get("array", null); -+ if (a == null || !a.getClass().isArray()) -+ throw new java.io.InvalidObjectException("Not array type"); -+ if (a.getClass() != Object[].class) -+ a = Arrays.copyOf((Object[])a, Array.getLength(a), Object[].class); -+ unsafe.putObjectVolatile(this, arrayFieldOffset, a); -+ } -+ - } -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/sun/java2d/SunGraphics2D.java jdk7u3/jdk/src/share/classes/sun/java2d/SunGraphics2D.java ---- jdk/src/share/classes/sun/java2d/SunGraphics2D.java 2012-04-17 17:39:17.000000000 -0400 -+++ jdk/src/share/classes/sun/java2d/SunGraphics2D.java 2012-04-17 17:48:53.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 1996, 2008, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -370,6 +370,17 @@ - } - - public void validatePipe() { -+ /* This workaround is for the situation when we update the Pipelines -+ * for invalid SurfaceData and run further code when the current -+ * pipeline doesn't support the type of new SurfaceData created during -+ * the current pipeline's work (in place of the invalid SurfaceData). -+ * Usually SurfaceData and Pipelines are repaired (through revalidateAll) -+ * and called again in the exception handlers */ -+ -+ if (!surfaceData.isValid()) { -+ throw new InvalidPipeException("attempt to validate Pipe with invalid SurfaceData"); -+ } -+ - surfaceData.validatePipe(this); - } - -@@ -1804,7 +1815,12 @@ - width += x; - height += y; - } -- if (!getCompClip().intersectsQuickCheckXYXY(x, y, width, height)) { -+ -+ try { -+ if (!getCompClip().intersectsQuickCheckXYXY(x, y, width, height)) { -+ return false; -+ } -+ } catch (InvalidPipeException e) { - return false; - } - // REMIND: We could go one step further here and examine the -@@ -1988,8 +2004,8 @@ - try { - doCopyArea(x, y, w, h, dx, dy); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - doCopyArea(x, y, w, h, dx, dy); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2120,8 +2136,8 @@ - try { - drawpipe.drawLine(this, x1, y1, x2, y2); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - drawpipe.drawLine(this, x1, y1, x2, y2); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2137,8 +2153,8 @@ - try { - drawpipe.drawRoundRect(this, x, y, w, h, arcW, arcH); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - drawpipe.drawRoundRect(this, x, y, w, h, arcW, arcH); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2154,8 +2170,8 @@ - try { - fillpipe.fillRoundRect(this, x, y, w, h, arcW, arcH); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - fillpipe.fillRoundRect(this, x, y, w, h, arcW, arcH); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2171,8 +2187,8 @@ - try { - drawpipe.drawOval(this, x, y, w, h); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - drawpipe.drawOval(this, x, y, w, h); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2188,8 +2204,8 @@ - try { - fillpipe.fillOval(this, x, y, w, h); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - fillpipe.fillOval(this, x, y, w, h); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2206,8 +2222,8 @@ - try { - drawpipe.drawArc(this, x, y, w, h, startAngl, arcAngl); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - drawpipe.drawArc(this, x, y, w, h, startAngl, arcAngl); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2224,8 +2240,8 @@ - try { - fillpipe.fillArc(this, x, y, w, h, startAngl, arcAngl); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - fillpipe.fillArc(this, x, y, w, h, startAngl, arcAngl); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2241,8 +2257,8 @@ - try { - drawpipe.drawPolyline(this, xPoints, yPoints, nPoints); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - drawpipe.drawPolyline(this, xPoints, yPoints, nPoints); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2258,8 +2274,8 @@ - try { - drawpipe.drawPolygon(this, xPoints, yPoints, nPoints); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - drawpipe.drawPolygon(this, xPoints, yPoints, nPoints); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2275,8 +2291,8 @@ - try { - fillpipe.fillPolygon(this, xPoints, yPoints, nPoints); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - fillpipe.fillPolygon(this, xPoints, yPoints, nPoints); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2292,8 +2308,8 @@ - try { - drawpipe.drawRect(this, x, y, w, h); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - drawpipe.drawRect(this, x, y, w, h); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2309,8 +2325,8 @@ - try { - fillpipe.fillRect(this, x, y, w, h); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - fillpipe.fillRect(this, x, y, w, h); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2358,7 +2374,6 @@ - Paint p = paint; - setComposite(AlphaComposite.Src); - setColor(getBackground()); -- validatePipe(); - fillRect(x, y, w, h); - setPaint(p); - setComposite(c); -@@ -2382,8 +2397,8 @@ - try { - shapepipe.draw(this, s); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - shapepipe.draw(this, s); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2412,8 +2427,8 @@ - try { - shapepipe.fill(this, s); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - shapepipe.fill(this, s); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2560,10 +2575,17 @@ - // Include padding for interpolation/antialiasing if necessary - int pad = isIntegerTranslate ? 0 : 3; - -+ Region clip; -+ try { -+ clip = getCompClip(); -+ } catch (InvalidPipeException e) { -+ return; -+ } -+ - // Determine the region of the image that may contribute to - // the clipped drawing area - Rectangle region = getImageRegion(img, -- getCompClip(), -+ clip, - transform, - xform, - pad, pad); -@@ -2806,8 +2828,8 @@ - try { - textpipe.drawString(this, str, x, y); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - textpipe.drawString(this, str, x, y); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2835,8 +2857,8 @@ - try { - textpipe.drawString(this, str, x, y); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - textpipe.drawString(this, str, x, y); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2881,8 +2903,8 @@ - try { - textpipe.drawGlyphVector(this, gv, x, y); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - textpipe.drawGlyphVector(this, gv, x, y); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2914,8 +2936,8 @@ - try { - textpipe.drawChars(this, data, offset, length, x, y); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - textpipe.drawChars(this, data, offset, length, x, y); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2951,8 +2973,8 @@ - try { - textpipe.drawChars(this, chData, 0, length, x, y); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - textpipe.drawChars(this, chData, 0, length, x, y); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -2988,8 +3010,8 @@ - return imagepipe.copyImage(this, img, dx, dy, sx, sy, - width, height, bgcolor, observer); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - return imagepipe.copyImage(this, img, dx, dy, sx, sy, - width, height, bgcolor, observer); - } catch (InvalidPipeException e2) { -@@ -3025,8 +3047,8 @@ - return imagepipe.scaleImage(this, img, x, y, width, height, - bg, observer); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - return imagepipe.scaleImage(this, img, x, y, width, height, - bg, observer); - } catch (InvalidPipeException e2) { -@@ -3061,8 +3083,8 @@ - try { - return imagepipe.copyImage(this, img, x, y, bg, observer); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - return imagepipe.copyImage(this, img, x, y, bg, observer); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -3138,8 +3160,8 @@ - sx1, sy1, sx2, sy2, bgcolor, - observer); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - return imagepipe.scaleImage(this, img, dx1, dy1, dx2, dy2, - sx1, sy1, sx2, sy2, bgcolor, - observer); -@@ -3187,8 +3209,8 @@ - try { - return imagepipe.transformImage(this, img, xform, observer); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - return imagepipe.transformImage(this, img, xform, observer); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -@@ -3213,8 +3235,8 @@ - try { - imagepipe.transformImage(this, bImg, op, x, y); - } catch (InvalidPipeException e) { -- revalidateAll(); - try { -+ revalidateAll(); - imagepipe.transformImage(this, bImg, op, x, y); - } catch (InvalidPipeException e2) { - // Still catching the exception; we are not yet ready to -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/sun/java2d/opengl/OGLRenderer.java jdk7u3/jdk/src/share/classes/sun/java2d/opengl/OGLRenderer.java ---- jdk/src/share/classes/sun/java2d/opengl/OGLRenderer.java 2012-04-17 17:39:17.000000000 -0400 -+++ jdk/src/share/classes/sun/java2d/opengl/OGLRenderer.java 2012-04-17 17:48:53.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -27,6 +27,7 @@ - - import java.awt.Transparency; - import java.awt.geom.Path2D; -+import sun.java2d.InvalidPipeException; - import sun.java2d.SunGraphics2D; - import sun.java2d.loops.GraphicsPrimitive; - import sun.java2d.pipe.BufferedRenderPipe; -@@ -46,7 +47,12 @@ - int ctxflags = - sg2d.paint.getTransparency() == Transparency.OPAQUE ? - OGLContext.SRC_IS_OPAQUE : OGLContext.NO_CONTEXT_FLAGS; -- OGLSurfaceData dstData = (OGLSurfaceData)sg2d.surfaceData; -+ OGLSurfaceData dstData; -+ try { -+ dstData = (OGLSurfaceData)sg2d.surfaceData; -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - OGLContext.validateContext(dstData, dstData, - sg2d.getCompClip(), sg2d.composite, - null, sg2d.paint, sg2d, ctxflags); -@@ -55,7 +61,12 @@ - @Override - protected void validateContextAA(SunGraphics2D sg2d) { - int ctxflags = OGLContext.NO_CONTEXT_FLAGS; -- OGLSurfaceData dstData = (OGLSurfaceData)sg2d.surfaceData; -+ OGLSurfaceData dstData; -+ try { -+ dstData = (OGLSurfaceData)sg2d.surfaceData; -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - OGLContext.validateContext(dstData, dstData, - sg2d.getCompClip(), sg2d.composite, - null, sg2d.paint, sg2d, ctxflags); -@@ -69,7 +80,12 @@ - int ctxflags = - sg2d.surfaceData.getTransparency() == Transparency.OPAQUE ? - OGLContext.SRC_IS_OPAQUE : OGLContext.NO_CONTEXT_FLAGS; -- OGLSurfaceData dstData = (OGLSurfaceData)sg2d.surfaceData; -+ OGLSurfaceData dstData; -+ try { -+ dstData = (OGLSurfaceData)sg2d.surfaceData; -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - OGLContext.validateContext(dstData, dstData, - sg2d.getCompClip(), sg2d.composite, - null, null, null, ctxflags); -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/sun/java2d/pipe/BufferedContext.java jdk7u3/jdk/src/share/classes/sun/java2d/pipe/BufferedContext.java ---- jdk/src/share/classes/sun/java2d/pipe/BufferedContext.java 2012-04-17 17:39:17.000000000 -0400 -+++ jdk/src/share/classes/sun/java2d/pipe/BufferedContext.java 2012-04-17 17:48:54.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2005, 2008, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -111,6 +111,8 @@ - * - * Note: must be called while the RenderQueue lock is held. - * -+ * It's assumed that the type of surfaces has been checked by the Renderer -+ * - * @throws InvalidPipeException if either src or dest surface is not valid - * or lost - * @see RenderQueue#lock -@@ -135,6 +137,8 @@ - * - * Note: must be called while the RenderQueue lock is held. - * -+ * It's assumed that the type of surfaces has been checked by the Renderer -+ * - * @throws InvalidPipeException if the surface is not valid - * or lost - * @see RenderQueue#lock -@@ -160,6 +164,8 @@ - * - * Note: must be called while the RenderQueue lock is held. - * -+ * It's assumed that the type of surfaces has been checked by the Renderer -+ * - * @throws InvalidPipeException if either src or dest surface is not valid - * or lost - */ -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/sun/net/httpserver/Request.java jdk7u3/jdk/src/share/classes/sun/net/httpserver/Request.java ---- jdk/src/share/classes/sun/net/httpserver/Request.java 2012-04-17 17:39:18.000000000 -0400 -+++ jdk/src/share/classes/sun/net/httpserver/Request.java 2012-04-17 17:48:55.000000000 -0400 -@@ -203,6 +203,13 @@ - v = new String(); - else - v = String.copyValueOf(s, keyend, len - keyend); -+ -+ if (hdrs.size() >= ServerConfig.getMaxReqHeaders()) { -+ throw new IOException("Maximum number of request headers (" + -+ "sun.net.httpserver.maxReqHeaders) exceeded, " + -+ ServerConfig.getMaxReqHeaders() + "."); -+ } -+ - hdrs.add (k,v); - len = 0; - } -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/sun/net/httpserver/ServerConfig.java jdk7u3/jdk/src/share/classes/sun/net/httpserver/ServerConfig.java ---- jdk/src/share/classes/sun/net/httpserver/ServerConfig.java 2012-04-17 17:39:18.000000000 -0400 -+++ jdk/src/share/classes/sun/net/httpserver/ServerConfig.java 2012-04-17 17:48:55.000000000 -0400 -@@ -46,13 +46,14 @@ - static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever - static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever - static final long DEFAULT_TIMER_MILLIS = 1000; -- -+ static final int DEFAULT_MAX_REQ_HEADERS = 200; - static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024; - - static long idleInterval; - static long drainAmount; // max # of bytes to drain from an inputstream - static int maxIdleConnections; -- -+ // The maximum number of request headers allowable -+ private static int maxReqHeaders; - // max time a request or response is allowed to take - static long maxReqTime; - static long maxRspTime; -@@ -80,6 +81,10 @@ - drainAmount = Long.getLong("sun.net.httpserver.drainAmount", - DEFAULT_DRAIN_AMOUNT); - -+ maxReqHeaders = Integer.getInteger( -+ "sun.net.httpserver.maxReqHeaders", -+ DEFAULT_MAX_REQ_HEADERS); -+ - maxReqTime = Long.getLong("sun.net.httpserver.maxReqTime", - DEFAULT_MAX_REQ_TIME); - -@@ -157,6 +162,10 @@ - return drainAmount; - } - -+ static int getMaxReqHeaders() { -+ return maxReqHeaders; -+ } -+ - static long getMaxReqTime () { - return maxReqTime; - } -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java jdk7u3/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java ---- jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java 2012-04-17 17:39:20.000000000 -0400 -+++ jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java 2012-04-17 17:48:57.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -668,7 +668,10 @@ - + "\n Subject: " + cert.getSubjectX500Principal() + ")"); - } - -- ForwardState currState = (ForwardState) currentState; -+ ForwardState currState = (ForwardState)currentState; -+ -+ // Don't bother to verify untrusted certificate more. -+ currState.untrustedChecker.check(cert, Collections.<String>emptySet()); - - /* - * check for looping - abort a loop if -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/sun/security/provider/certpath/ForwardState.java jdk7u3/jdk/src/share/classes/sun/security/provider/certpath/ForwardState.java ---- jdk/src/share/classes/sun/security/provider/certpath/ForwardState.java 2012-04-17 17:39:20.000000000 -0400 -+++ jdk/src/share/classes/sun/security/provider/certpath/ForwardState.java 2012-04-17 17:48:57.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -79,6 +79,9 @@ - /* the checker used for revocation status */ - public CrlRevocationChecker crlChecker; - -+ /* the untrusted certificates checker */ -+ UntrustedChecker untrustedChecker; -+ - /* The list of user-defined checkers that support forward checking */ - ArrayList<PKIXCertPathChecker> forwardCheckers; - -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java jdk7u3/jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java ---- jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java 2012-04-17 17:39:20.000000000 -0400 -+++ jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java 2012-04-17 17:48:57.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -314,10 +314,12 @@ - pkixParam.isAnyPolicyInhibited(), - pkixParam.getPolicyQualifiersRejected(), - rootNode); -+ UntrustedChecker untrustedChecker = new UntrustedChecker(); - - ArrayList<PKIXCertPathChecker> certPathCheckers = - new ArrayList<PKIXCertPathChecker>(); - // add standard checkers that we will be using -+ certPathCheckers.add(untrustedChecker); - certPathCheckers.add(algorithmChecker); - certPathCheckers.add(keyChecker); - certPathCheckers.add(constraintsChecker); -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java jdk7u3/jdk/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java ---- jdk/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java 2012-04-17 17:39:20.000000000 -0400 -+++ jdk/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java 2012-04-17 17:48:57.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -347,6 +347,10 @@ - return; - } - -+ // Don't bother to verify untrusted certificate more. -+ currentState.untrustedChecker.check(cert, -+ Collections.<String>emptySet()); -+ - /* - * check for looping - abort a loop if - * ((we encounter the same certificate twice) AND -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/sun/security/provider/certpath/ReverseState.java jdk7u3/jdk/src/share/classes/sun/security/provider/certpath/ReverseState.java ---- jdk/src/share/classes/sun/security/provider/certpath/ReverseState.java 2012-04-17 17:39:20.000000000 -0400 -+++ jdk/src/share/classes/sun/security/provider/certpath/ReverseState.java 2012-04-17 17:48:57.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -99,6 +99,9 @@ - /* the algorithm checker */ - AlgorithmChecker algorithmChecker; - -+ /* the untrusted certificates checker */ -+ UntrustedChecker untrustedChecker; -+ - /* the trust anchor used to validate the path */ - TrustAnchor trustAnchor; - -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java jdk7u3/jdk/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java ---- jdk/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java 2012-04-17 17:39:20.000000000 -0400 -+++ jdk/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java 2012-04-17 17:48:57.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -284,6 +284,7 @@ - Iterator<TrustAnchor> iter = buildParams.getTrustAnchors().iterator(); - while (iter.hasNext()) { - TrustAnchor anchor = iter.next(); -+ - /* check if anchor satisfies target constraints */ - if (anchorIsTarget(anchor, targetSel)) { - this.trustAnchor = anchor; -@@ -303,6 +304,7 @@ - currentState.crlChecker = - new CrlRevocationChecker(null, buildParams, null, onlyEECert); - currentState.algorithmChecker = new AlgorithmChecker(anchor); -+ currentState.untrustedChecker = new UntrustedChecker(); - try { - depthFirstSearchReverse(null, currentState, - new ReverseBuilder(buildParams, targetSubjectDN), adjacencyList, -@@ -349,6 +351,7 @@ - // init the crl checker - currentState.crlChecker - = new CrlRevocationChecker(null, buildParams, null, onlyEECert); -+ currentState.untrustedChecker = new UntrustedChecker(); - - depthFirstSearchForward(targetSubjectDN, currentState, - new ForwardBuilder -@@ -645,8 +648,8 @@ - vertex.setIndex(adjList.size() - 1); - - /* recursively search for matching certs at next dN */ -- depthFirstSearchForward(cert.getIssuerX500Principal(), nextState, builder, -- adjList, certPathList); -+ depthFirstSearchForward(cert.getIssuerX500Principal(), -+ nextState, builder, adjList, certPathList); - - /* - * If path has been completed, return ASAP! -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/sun/security/provider/certpath/UntrustedChecker.java jdk7u3/jdk/src/share/classes/sun/security/provider/certpath/UntrustedChecker.java ---- jdk/src/share/classes/sun/security/provider/certpath/UntrustedChecker.java 1969-12-31 19:00:00.000000000 -0500 -+++ jdk/src/share/classes/sun/security/provider/certpath/UntrustedChecker.java 2012-04-17 17:48:57.000000000 -0400 -@@ -0,0 +1,89 @@ -+/* -+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. Oracle designates this -+ * particular file as subject to the "Classpath" exception as provided -+ * by Oracle in the LICENSE file that accompanied this code. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+package sun.security.provider.certpath; -+ -+import java.security.cert.Certificate; -+import java.security.cert.X509Certificate; -+import java.security.cert.CertPathValidatorException; -+import java.security.cert.PKIXCertPathChecker; -+import java.util.Set; -+import java.util.Collection; -+import sun.security.util.Debug; -+import sun.security.util.UntrustedCertificates; -+ -+/** -+ * A <code>PKIXCertPathChecker</code> implementation to check whether a -+ * specified certificate is distrusted. -+ * -+ * @see PKIXCertPathChecker -+ * @see PKIXParameters -+ */ -+final public class UntrustedChecker extends PKIXCertPathChecker { -+ -+ private static final Debug debug = Debug.getInstance("certpath"); -+ -+ /** -+ * Default Constructor -+ */ -+ public UntrustedChecker() { -+ // blank -+ } -+ -+ @Override -+ public void init(boolean forward) throws CertPathValidatorException { -+ // Note that this class supports both forward and reverse modes. -+ } -+ -+ @Override -+ public boolean isForwardCheckingSupported() { -+ // Note that this class supports both forward and reverse modes. -+ return true; -+ } -+ -+ @Override -+ public Set<String> getSupportedExtensions() { -+ return null; -+ } -+ -+ @Override -+ public void check(Certificate cert, -+ Collection<String> unresolvedCritExts) -+ throws CertPathValidatorException { -+ -+ X509Certificate currCert = (X509Certificate)cert; -+ -+ if (UntrustedCertificates.isUntrusted(currCert)) { -+ if (debug != null) { -+ debug.println("UntrustedChecker: untrusted certificate " + -+ currCert.getSubjectX500Principal()); -+ } -+ -+ throw new CertPathValidatorException( -+ "Untrusted certificate: " + currCert.getSubjectX500Principal()); -+ } -+ } -+} -+ -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java jdk7u3/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java ---- jdk/src/share/classes/sun/security/util/UntrustedCertificates.java 1969-12-31 19:00:00.000000000 -0500 -+++ jdk/src/share/classes/sun/security/util/UntrustedCertificates.java 2012-04-17 17:48:58.000000000 -0400 -@@ -0,0 +1,741 @@ -+/* -+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. Oracle designates this -+ * particular file as subject to the "Classpath" exception as provided -+ * by Oracle in the LICENSE file that accompanied this code. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+package sun.security.util; -+ -+import java.io.IOException; -+import java.io.ByteArrayInputStream; -+import java.security.cert.X509Certificate; -+import java.security.cert.CertificateFactory; -+import java.security.cert.CertificateException; -+import java.util.Set; -+import java.util.HashSet; -+ -+/** -+ * A utility class to check if a certificate is untrusted. This is an internal -+ * mechanism that explicitly marks a certificate as untrusted, normally in the -+ * case that a certificate is known to be used for malicious reasons. -+ * -+ * <b>Attention</b>: This check is NOT meant to replace the standard PKI-defined -+ * validation check, neither is it used as an alternative to CRL. -+ */ -+public final class UntrustedCertificates { -+ -+ private final static Set<X509Certificate> untrustedCerts = new HashSet<>(); -+ -+ /** -+ * Checks if a certificate is untrusted. -+ * -+ * @param cert the certificate to check -+ * @return true if the certificate is untrusted. -+ */ -+ public static boolean isUntrusted(X509Certificate cert) { -+ return untrustedCerts.contains(cert); -+ } -+ -+ private static void add(String alias, String pemCert) { -+ // generate certificate from PEM certificate -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(pemCert.getBytes())) { -+ CertificateFactory cf = CertificateFactory.getInstance("X.509"); -+ X509Certificate cert = (X509Certificate)cf.generateCertificate(is); -+ -+ if (!untrustedCerts.add(cert)) { -+ throw new RuntimeException("Duplicate untrusted certificate: " + -+ cert.getSubjectX500Principal()); -+ } -+ } catch (CertificateException | IOException e) { -+ throw new RuntimeException( -+ "Incorrect untrusted certificate: " + alias, e); -+ } -+ } -+ -+ static { -+ // ----------------------------------------------------------------- -+ // Compromised CAs of Digicert Malaysia -+ // -+ // Reported by Digicert in its announcement on November 05, 2011. -+ // -+ -+ // Digicert Malaysia intermediate, cross-signed by CyberTrust -+ // -+ // Subject: CN=Digisign Server ID (Enrich), -+ // OU=457608-K, -+ // O=Digicert Sdn. Bhd., -+ // C=MY -+ // Issuer: CN=GTE CyberTrust Global Root, -+ // OU=GTE CyberTrust Solutions, Inc., -+ // O=GTE Corporation, -+ // C=US -+ // Serial: 120001705 (07:27:14:a9) -+ add("digicert-server-cross-to-cybertrust-4C0E636A", -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIDyzCCAzSgAwIBAgIEBycUqTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV\n" + -+ "UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU\n" + -+ "cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds\n" + -+ "b2JhbCBSb290MB4XDTA3MDcxNzE1MTc0OFoXDTEyMDcxNzE1MTY1NFowYzELMAkG\n" + -+ "A1UEBhMCTVkxGzAZBgNVBAoTEkRpZ2ljZXJ0IFNkbi4gQmhkLjERMA8GA1UECxMI\n" + -+ "NDU3NjA4LUsxJDAiBgNVBAMTG0RpZ2lzaWduIFNlcnZlciBJRCAoRW5yaWNoKTCB\n" + -+ "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArahkS02Hx4RZufuQRqCmicDx/tXa\n" + -+ "VII3DZkrRSYK6Fawf8qo9I5HhAGCKeOzarWR8/uVhbxyqGToCkCcxfRxrnt7agfq\n" + -+ "kBRPjYmvlKuyBtQCanuYH1m5Os1U+iDfsioK6bjdaZDAKdNO0JftZszFGUkGf/pe\n" + -+ "LHx7hRsyQt97lSUCAwEAAaOCAXgwggF0MBIGA1UdEwEB/wQIMAYBAf8CAQAwXAYD\n" + -+ "VR0gBFUwUzBIBgkrBgEEAbE+AQAwOzA5BggrBgEFBQcCARYtaHR0cDovL2N5YmVy\n" + -+ "dHJ1c3Qub21uaXJvb3QuY29tL3JlcG9zaXRvcnkuY2ZtMAcGBWCDSgEBMA4GA1Ud\n" + -+ "DwEB/wQEAwIB5jCBiQYDVR0jBIGBMH+heaR3MHUxCzAJBgNVBAYTAlVTMRgwFgYD\n" + -+ "VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv\n" + -+ "bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv\n" + -+ "b3SCAgGlMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly93d3cucHVibGljLXRydXN0\n" + -+ "LmNvbS9jZ2ktYmluL0NSTC8yMDE4L2NkcC5jcmwwHQYDVR0OBBYEFMYWk04WF+wW\n" + -+ "royUdvOGbcV0boR3MA0GCSqGSIb3DQEBBQUAA4GBAHYAe6Z4K2Ydjl42xqSOBfIj\n" + -+ "knyTZ9P0wAp9iy3Z6tVvGvPhSilaIoRNUC9LDPL/hcJ7VdREgr5trGeOvLQfkpxR\n" + -+ "gBoU9m6rYYgLrRx/90tQUdZlG6ZHcRVesHHzNRTyN71jyNXwk1o0X9g96F33xR7A\n" + -+ "5c8fhiSpPAdmzcHSNmNZ\n" + -+ "-----END CERTIFICATE-----"); -+ -+ // Digicert Malaysia intermediate, cross-signed by Entrust -+ // -+ // Subject: CN=Digisign Server ID - (Enrich), -+ // OU=457608-K, -+ // O=Digicert Sdn. Bhd., -+ // C=MY -+ // Issuer: CN=Entrust.net Certification Authority (2048) -+ // OU=(c) 1999 Entrust.net Limited, -+ // OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), -+ // O=Entrust.net -+ // Serial: 1184644297 (4c:0e:63:6a) -+ add("digicert-server-cross-to-entrust-ca-4C0E636A", -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIEzjCCA7agAwIBAgIETA5jajANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML\n" + -+ "RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp\n" + -+ "bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5\n" + -+ "IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp\n" + -+ "ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw0xMDA3MTYxNzIzMzdaFw0xNTA3\n" + -+ "MTYxNzUzMzdaMGUxCzAJBgNVBAYTAk1ZMRswGQYDVQQKExJEaWdpY2VydCBTZG4u\n" + -+ "IEJoZC4xETAPBgNVBAsTCDQ1NzYwOC1LMSYwJAYDVQQDEx1EaWdpc2lnbiBTZXJ2\n" + -+ "ZXIgSUQgLSAoRW5yaWNoKTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n" + -+ "AMWJ5PQNBkCSWccaszXRDkwqM/n4r8qef+65p21g9FTob9Wb8xtjMQRoctE0Foy0\n" + -+ "FyyX3nPF2JAVoBor9cuzSIZE8B2ITM5BQhrv9Qze/kDaOSD3BlU6ap1GwdJvpbLI\n" + -+ "Vz4po5zg6YV3ZuiYpyR+vsBZIOVEb7ZX2L7OwmV3WMZhQdF0BMh/SULFcqlyFu6M\n" + -+ "3RJdtErU0a9Qt9iqdXZorT5dqjBtYairEFs+E78z4K9EnTgiW+9ML6ZxJhUmyiiM\n" + -+ "2fqOjqmiFDXimySItPR/hZ2DTwehthSQNsQ0HI0mYW0Tb3i+6I8nx0uElqOGaAwj\n" + -+ "vgvsjJQAqQSKE5D334VsDLECAwEAAaOCATQwggEwMA4GA1UdDwEB/wQEAwIBBjAS\n" + -+ "BgNVHRMBAf8ECDAGAQH/AgEAMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcD\n" + -+ "AgYIKwYBBQUHAwQwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8v\n" + -+ "b2NzcC5lbnRydXN0Lm5ldDBEBgNVHSAEPTA7MDkGBWCDSgEBMDAwLgYIKwYBBQUH\n" + -+ "AgEWImh0dHA6Ly93d3cuZGlnaWNlcnQuY29tLm15L2Nwcy5odG0wMgYDVR0fBCsw\n" + -+ "KTAnoCWgI4YhaHR0cDovL2NybC5lbnRydXN0Lm5ldC8yMDQ4Y2EuY3JsMBEGA1Ud\n" + -+ "DgQKBAhMTswlKAMpgTAfBgNVHSMEGDAWgBRV5IHREYC+2Im5CKMx+aEkCRa5cDAN\n" + -+ "BgkqhkiG9w0BAQUFAAOCAQEAl0zvSjpJrHL8MCBrtClbp8WVBJD5MtXChWreA6E3\n" + -+ "+YkAsFqsVX7bQzX/yQH4Ub7MJsrIaqTEVD4mHucMo82XZ5TdpkLrXM2POXlrM3kh\n" + -+ "Bnn6gkQVmczBtznTRmJ8snDrb84gqj4Zt+l0gpy0pUtNYQA35IfS8hQ6ZHy4qXth\n" + -+ "4JMi59WfPkfmNnagU9gAAzoPtTP+lsrT0oI6Lt3XSOHkp2nMHOmZSufKcEXXCwcO\n" + -+ "mnUb0C+Sb/akB8O9HEumhLZ9qJqp0qcp8QtXaR6XVybsK0Os1EWDBQDp4/BGQAf6\n" + -+ "6rFRc5Mcpd1TETfIKqcVJx20qsx/qjEw/LhFn0gJ7RDixQ==\n" + -+ "-----END CERTIFICATE-----"); -+ -+ -+ // ----------------------------------------------------------------- -+ // -+ // No longer used certificates -+ // -+ -+ // Subject: CN=Java Media APIs, -+ // OU=Java Signed Extensions, -+ // OU=Corporate Object Signing, -+ // O=Sun Microsystems Inc -+ // Issuer: CN=Object Signing CA, -+ // OU=Class 2 OnSite Subscriber CA, -+ // OU=VeriSign Trust Network, -+ // O=Sun Microsystems Inc -+ // Serial: 6a:8b:99:91:37:59:4f:89:53:e2:97:18:9f:19:1e:4e -+ add("java-media-pretrusted-9F191E4E", -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFdzCCBF+gAwIBAgIQaouZkTdZT4lT4pcYnxkeTjANBgkqhkiG9w0BAQUFADCB\n" + -+ "gzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxHzAdBgNVBAsTFlZlcmlT\n" + -+ "aWduIFRydXN0IE5ldHdvcmsxJTAjBgNVBAsTHENsYXNzIDIgT25TaXRlIFN1YnNj\n" + -+ "cmliZXIgQ0ExGjAYBgNVBAMTEU9iamVjdCBTaWduaW5nIENBMB4XDTA5MDUxMjAw\n" + -+ "MDAwMFoXDTEyMDUxMTIzNTk1OVowfTEdMBsGA1UEChQUU3VuIE1pY3Jvc3lzdGVt\n" + -+ "cyBJbmMxITAfBgNVBAsUGENvcnBvcmF0ZSBPYmplY3QgU2lnbmluZzEfMB0GA1UE\n" + -+ "CxQWSmF2YSBTaWduZWQgRXh0ZW5zaW9uczEYMBYGA1UEAxQPSmF2YSBNZWRpYSBB\n" + -+ "UElzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5blzoKTVE8y4Hpz\n" + -+ "q6E15RZz1bF5HnYEyYqgHkZXnAKedmYCoMzm1XK8s+gQWShLEvGEAvs5yqarx9gE\n" + -+ "nnC21N28aEZgIJMa2/arKxCUkS4pxdGPYGexL9UzSRkUpoBShCZKEGdmX7gfJE2K\n" + -+ "/sd9MFvGV5/yZtWXrADzvm0Kd/9mg1KRv1gfrZIq0TJbupoXPYYqb73AkI9eT2ZD\n" + -+ "q9MdwD4E5+oojsDFXt8GU/D00fUhtXpYwuplU7D667WHYdJhIah0ST6JywyqcLXG\n" + -+ "XSuFTXOgITT2idSHluZVmx3dqJ72u9kPkO4JdJTMDfaK8zgNLaRkiU8Qcj+qhLYH\n" + -+ "ytaqcwIDAQABo4IB6jCCAeYwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwfwYD\n" + -+ "VR0fBHgwdjB0oHKgcIZuaHR0cDovL29uc2l0ZWNybC52ZXJpc2lnbi5jb20vU3Vu\n" + -+ "TWljcm9zeXN0ZW1zSW5jQ29ycG9yYXRlT2JqZWN0U2lnbmluZ0phdmFTaWduZWRF\n" + -+ "eHRlbnNpb25zQ2xhc3NCL0xhdGVzdENSTC5jcmwwHwYDVR0jBBgwFoAUs0crgn5T\n" + -+ "tHPKuLsZt76BTQeVx+0wHQYDVR0OBBYEFKS32mVx0gNWTeS4ProHEaeSpvvIMDsG\n" + -+ "CCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL29uc2l0ZS1vY3NwLnZl\n" + -+ "cmlzaWduLmNvbTCBtQYDVR0gBIGtMIGqMDkGC2CGSAGG+EUBBxcCMCowKAYIKwYB\n" + -+ "BQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwbQYLYIZIAYb3AIN9\n" + -+ "nD8wXjAnBggrBgEFBQcCARYbaHR0cHM6Ly93d3cuc3VuLmNvbS9wa2kvY3BzMDMG\n" + -+ "CCsGAQUFBwICMCcaJVZhbGlkYXRlZCBGb3IgU3VuIEJ1c2luZXNzIE9wZXJhdGlv\n" + -+ "bnMwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQEFBQADggEBAAe6BO4W\n" + -+ "3TSNWfezyelJs6kE3HfulT6Bdyz4UUoh9ykXcV8nRwT+kh25I5MdyG2GfkJoADPR\n" + -+ "VhC5DYo13UFpIsTNVjq+hGYe2hML93bN7ad9SxCCyjHUo3yMz2qgBbHZI3VA9ZHA\n" + -+ "aWM4Tx0saMwbcnVvlbuGh+PXvStfypJqYT6lzcdFfjNVX4FI/QQNGhBswMY51tC8\n" + -+ "GTBCL2qhJon0gSCU4zaawDOf7+XxJWirLamYL1Aal1/h2z2sFrvA/1ftxtU3kZ6I\n" + -+ "7De8DyoHeZg7pYGdrj7g+lPhCga/WvEhN152I+aP08YbFcJHYmK05ngl/Ye4c6Bd\n" + -+ "cdrdfbw6QzEUIYY=\n" + -+ "-----END CERTIFICATE-----"); -+ -+ // Subject: CN=JavaFX 1.0 Runtime, -+ // OU=Java Signed Extensions, -+ // OU=Corporate Object Signing, -+ // O=Sun Microsystems Inc -+ // Issuer: CN=Object Signing CA, -+ // OU=Class 2 OnSite Subscriber CA, -+ // OU=VeriSign Trust Network, -+ // O=Sun Microsystems Inc -+ // Serial: 55:c0:e6:44:59:59:79:9e:d9:26:f1:b0:4a:1e:f0:27 -+ add("java-fx10-pretrusted-4A1EF027", -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFezCCBGOgAwIBAgIQVcDmRFlZeZ7ZJvGwSh7wJzANBgkqhkiG9w0BAQUFADCB\n" + -+ "gzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxHzAdBgNVBAsTFlZlcmlT\n" + -+ "aWduIFRydXN0IE5ldHdvcmsxJTAjBgNVBAsTHENsYXNzIDIgT25TaXRlIFN1YnNj\n" + -+ "cmliZXIgQ0ExGjAYBgNVBAMTEU9iamVjdCBTaWduaW5nIENBMB4XDTA4MTAwOTAw\n" + -+ "MDAwMFoXDTExMTAwOTIzNTk1OVowgYAxHTAbBgNVBAoUFFN1biBNaWNyb3N5c3Rl\n" + -+ "bXMgSW5jMSEwHwYDVQQLFBhDb3Jwb3JhdGUgT2JqZWN0IFNpZ25pbmcxHzAdBgNV\n" + -+ "BAsUFkphdmEgU2lnbmVkIEV4dGVuc2lvbnMxGzAZBgNVBAMUEkphdmFGWCAxLjAg\n" + -+ "UnVudGltZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+WDc6+bu+4\n" + -+ "tmAcS/lBtUc02WOt9QZpVsXg9cG2pu/8bUtmDELa8iiYBVFpIs8DU58HLrGQtCUY\n" + -+ "SIAGOVPsOJoN29UKCDWfY9j5JeVhfhMGqk9DwrWhzgsjy4cpZ1pIp+k/fJ8zT8Ul\n" + -+ "aYLpow1vg3UNddsmwz02tN7cOrMw9WYIG4CRYnY1OrtJSfe2pYzheC4zyvR+aiVl\n" + -+ "nang2OtqikSQsNFOFHsLOJFxngy9LrO8evDSu25VTKI6zlWU6/bMeqtztJPN0VOn\n" + -+ "NyUrJZvkxZ207Jg0T693BGSxNC1n+ihztXogql8950M/pEuUbDjylv5FFvlp6DSB\n" + -+ "dDT2MkutmyMCAwEAAaOCAeowggHmMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeA\n" + -+ "MH8GA1UdHwR4MHYwdKByoHCGbmh0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29t\n" + -+ "L1N1bk1pY3Jvc3lzdGVtc0luY0NvcnBvcmF0ZU9iamVjdFNpZ25pbmdKYXZhU2ln\n" + -+ "bmVkRXh0ZW5zaW9uc0NsYXNzQi9MYXRlc3RDUkwuY3JsMB8GA1UdIwQYMBaAFLNH\n" + -+ "K4J+U7Rzyri7Gbe+gU0HlcftMB0GA1UdDgQWBBTjgufVi3XJ3gx1ewsA6Rr7BR4Z\n" + -+ "zjA7BggrBgEFBQcBAQQvMC0wKwYIKwYBBQUHMAGGH2h0dHA6Ly9vbnNpdGUtb2Nz\n" + -+ "cC52ZXJpc2lnbi5jb20wgbUGA1UdIASBrTCBqjA5BgtghkgBhvhFAQcXAjAqMCgG\n" + -+ "CCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMG0GC2CGSAGG\n" + -+ "9wCDfZw/MF4wJwYIKwYBBQUHAgEWG2h0dHBzOi8vd3d3LnN1bi5jb20vcGtpL2Nw\n" + -+ "czAzBggrBgEFBQcCAjAnGiVWYWxpZGF0ZWQgRm9yIFN1biBCdXNpbmVzcyBPcGVy\n" + -+ "YXRpb25zMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBBQUAA4IBAQAB\n" + -+ "YVJTTVe7rzyTO4jc3zajErOT/COkdQTfNo0eIX1QbNynFieJvwY/jRzUZwjktIFR\n" + -+ "2p4JtbpHGAtKtjOAOTieQ8xdDOoC1djzpE7/AbMvuvlTavtUKT+F7tPdhfXgWXJV\n" + -+ "6Wbt8jryKyk3zZGiEhauIwZUkfjRkEtffEmZWLUd8c8rURJjfC/XHH2oyurscoxc\n" + -+ "CjX29c9ynxSiS/VvQp1an0HvErGh69N48wj7cj8mtZ1yHzd2XCzSSR1OfTPfk0Pt\n" + -+ "yg51p7yJaFiH21PTZegEL6zyVNOYBTKwwIi2OzpwYalD3uvK6e3OKDrfFCOxu17u\n" + -+ "4PveESbrdyrmvLe7IVez\n" + -+ "-----END CERTIFICATE-----"); -+ -+ // Subject: CN=JavaFX Runtime, -+ // OU=Java Signed Extensions, -+ // OU=Corporate Object Signing, -+ // O=Sun Microsystems Inc -+ // Issuer: CN=Object Signing CA, -+ // OU=Class 2 OnSite Subscriber CA, -+ // OU=VeriSign Trust Network, -+ // O=Sun Microsystems Inc -+ // Serial: 47:f4:55:f1:da:4a:5e:f9:e3:f7:a8:03:62:17:c0:ff -+ add("javafx-runtime-pretrusted-6217C0FF", -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFdjCCBF6gAwIBAgIQR/RV8dpKXvnj96gDYhfA/zANBgkqhkiG9w0BAQUFADCB\n" + -+ "gzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxHzAdBgNVBAsTFlZlcmlT\n" + -+ "aWduIFRydXN0IE5ldHdvcmsxJTAjBgNVBAsTHENsYXNzIDIgT25TaXRlIFN1YnNj\n" + -+ "cmliZXIgQ0ExGjAYBgNVBAMTEU9iamVjdCBTaWduaW5nIENBMB4XDTA5MDEyOTAw\n" + -+ "MDAwMFoXDTEyMDEyOTIzNTk1OVowfDEdMBsGA1UEChQUU3VuIE1pY3Jvc3lzdGVt\n" + -+ "cyBJbmMxITAfBgNVBAsUGENvcnBvcmF0ZSBPYmplY3QgU2lnbmluZzEfMB0GA1UE\n" + -+ "CxQWSmF2YSBTaWduZWQgRXh0ZW5zaW9uczEXMBUGA1UEAxQOSmF2YUZYIFJ1bnRp\n" + -+ "bWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIzd0fAk8mI9ONc6RJ\n" + -+ "aGieioK2FLdXEwj8zL3vdGDVmBwyR1zwYkaOIFFgF9IW/8qc4iAYA5sGUY+0g8q3\n" + -+ "5DuYAxfTzBB5KdaYvbuq6GGnoHIWmTirXY+1friFp8lyXSvtuEaGB1VHaBoZchEg\n" + -+ "k+UgeVDA43dHwcT1Ov3DePczJRUes8T/QHzLX+BxUDG43vjyncCEO/AjqLZxXEz2\n" + -+ "xrNbKLcH3lGMJK7hdbfssUfF5BjC38Hn71HauYlA43b2no+2y0Sjulwzez2YPbDC\n" + -+ "0GLR3TnKtA8dqOrnl5t3DniDbfOBNtBE3VOydJO0XW57Ng1HRXD023nm9ECPY2xp\n" + -+ "0N/pAgMBAAGjggHqMIIB5jAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDB/BgNV\n" + -+ "HR8EeDB2MHSgcqBwhm5odHRwOi8vb25zaXRlY3JsLnZlcmlzaWduLmNvbS9TdW5N\n" + -+ "aWNyb3N5c3RlbXNJbmNDb3Jwb3JhdGVPYmplY3RTaWduaW5nSmF2YVNpZ25lZEV4\n" + -+ "dGVuc2lvbnNDbGFzc0IvTGF0ZXN0Q1JMLmNybDAfBgNVHSMEGDAWgBSzRyuCflO0\n" + -+ "c8q4uxm3voFNB5XH7TAdBgNVHQ4EFgQUvOdd0cKPj+Yik/iOBwTdphh5A+gwOwYI\n" + -+ "KwYBBQUHAQEELzAtMCsGCCsGAQUFBzABhh9odHRwOi8vb25zaXRlLW9jc3AudmVy\n" + -+ "aXNpZ24uY29tMIG1BgNVHSAEga0wgaowOQYLYIZIAYb4RQEHFwIwKjAoBggrBgEF\n" + -+ "BQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTBtBgtghkgBhvcAg32c\n" + -+ "PzBeMCcGCCsGAQUFBwIBFhtodHRwczovL3d3dy5zdW4uY29tL3BraS9jcHMwMwYI\n" + -+ "KwYBBQUHAgIwJxolVmFsaWRhdGVkIEZvciBTdW4gQnVzaW5lc3MgT3BlcmF0aW9u\n" + -+ "czATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQUFAAOCAQEAbGcf2NjL\n" + -+ "AI93HG6ny2BbepaZA1a8xa/R6uUc7xV+Qw6MgLwFD4Q4i6LWUztQDvg9l68MM2/i\n" + -+ "Y9LEi1KM4lcNbK5+D+t9x98wXBiuojXhVdp5ZmC03EyEBbriopdBsmXVLDSu/Y3+\n" + -+ "zowOO5xwpMK3dbgsSDs2Vt0UosD3FTcRaD3GNfOhXMp+o1grHNiXF9YgkmdQbPPZ\n" + -+ "DQ2KBhFPCRJXBGvyKOqno/DTg0sQ3crGH/C4/4t7mnQXWldZotmJUZ0ONc9oD+Q1\n" + -+ "JAaguUKqIwn9yZ093ie+JWHbYNid9IIIPXYgtRxmf9a376WBhqhu56uJftBJ7x9g\n" + -+ "eQ7Lot6CSWCiFw==\n" + -+ "-----END CERTIFICATE-----"); -+ -+ // -+ // Compromised Solaris INTERNAL DEVELOPMENT USE ONLY certificate -+ // -+ -+ // Subject: CN=Solaris INTERNAL DEVELOPMENT USE ONLY, -+ // OU=Solaris Cryptographic Framework, -+ // OU=Corporate Object Signing, -+ // O=Sun Microsystems Inc -+ // Issuer: CN=Object Signing CA, -+ // OU=Class 2 OnSite Subscriber CA, -+ // OU=VeriSign Trust Network, -+ // O=Sun Microsystems Inc -+ // Serial: 77:29:77:52:6a:19:7b:9a:a6:a2:c7:99:a0:e1:cd:8c -+ add("solaris-internal-dev-A0E1CD8C", -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFHjCCBAagAwIBAgIQdyl3UmoZe5qmoseZoOHNjDANBgkqhkiG9w0BAQUFADCB\n" + -+ "gzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxHzAdBgNVBAsTFlZlcmlT\n" + -+ "aWduIFRydXN0IE5ldHdvcmsxJTAjBgNVBAsTHENsYXNzIDIgT25TaXRlIFN1YnNj\n" + -+ "cmliZXIgQ0ExGjAYBgNVBAMTEU9iamVjdCBTaWduaW5nIENBMB4XDTA3MDEwNDAw\n" + -+ "MDAwMFoXDTEwMDEwMzIzNTk1OVowgZwxHTAbBgNVBAoUFFN1biBNaWNyb3N5c3Rl\n" + -+ "bXMgSW5jMSEwHwYDVQQLFBhDb3Jwb3JhdGUgT2JqZWN0IFNpZ25pbmcxKDAmBgNV\n" + -+ "BAsUH1NvbGFyaXMgQ3J5cHRvZ3JhcGhpYyBGcmFtZXdvcmsxLjAsBgNVBAMUJVNv\n" + -+ "bGFyaXMgSU5URVJOQUwgREVWRUxPUE1FTlQgVVNFIE9OTFkwgZ8wDQYJKoZIhvcN\n" + -+ "AQEBBQADgY0AMIGJAoGBALbNU4hf3mD5ArDI9pjgioAyvV3bjMPRQdCZniIeGJBp\n" + -+ "odFlSEH+Mh64W1DsY8coeZ7FvvGJkx9IpTMJW9k8w1oJK9UNqHyAQfaYjQyXi3xQ\n" + -+ "LJp62EvYdGfDlwOZejEcR/MbzZG+GOPMMvQj5+xyFDvLXNGfQNTnxw2qnBgCJXjj\n" + -+ "AgMBAAGjggH1MIIB8TAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDCBiQYDVR0f\n" + -+ "BIGBMH8wfaB7oHmGd2h0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL1N1bk1p\n" + -+ "Y3Jvc3lzdGVtc0luY0NvcnBvcmF0ZU9iamVjdFNpZ25pbmdTb2xhcmlzQ3J5cHRv\n" + -+ "Z3JhcGhpY0ZyYW1ld29ya0NsYXNzQi9MYXRlc3RDUkwuY3JsMB8GA1UdIwQYMBaA\n" + -+ "FLNHK4J+U7Rzyri7Gbe+gU0HlcftMB0GA1UdDgQWBBRpfiGYkehTnsIzuN2H6AFb\n" + -+ "VCZG8jA7BggrBgEFBQcBAQQvMC0wKwYIKwYBBQUHMAGGH2h0dHA6Ly9vbnNpdGUt\n" + -+ "b2NzcC52ZXJpc2lnbi5jb20wgbUGA1UdIASBrTCBqjA5BgtghkgBhvhFAQcXAjAq\n" + -+ "MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMG0GC2CG\n" + -+ "SAGG9wCDfZw/MF4wJwYIKwYBBQUHAgEWG2h0dHBzOi8vd3d3LnN1bi5jb20vcGtp\n" + -+ "L2NwczAzBggrBgEFBQcCAjAnFiVWYWxpZGF0ZWQgRm9yIFN1biBCdXNpbmVzcyBP\n" + -+ "cGVyYXRpb25zMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBBQUAA4IB\n" + -+ "AQCG5soy3LFHTFbA8/5SzDRhQoJkHUnOP0t3b6nvX6vZYRp649fje7TQOPRm1pFd\n" + -+ "CZ17J+tggdZwgzTqY4aYpJ00jZaK6pV37q/vgFC/ia6jDs8Q+ly9cEcadBZ5loYg\n" + -+ "cmxp9p57W2MNWx8VA8oFdNtKfF0jUNXbLNtvwGHmgR6YcwLrGN1b6/9Lt9bO3ODl\n" + -+ "FO+ZDwkfQz5ClUVrTx2dGBvKRYFqSG5S8JAfsgYhPvcacUQkA7ExyKvfRXLWVrce\n" + -+ "ZiPpcElbx+819H2sAPvVvparVeAruZGMAtejHZp9NFoowKen5drJp9VxePS4eM49\n" + -+ "3DepB6lKRrNRw66LNQol4ZBz\n" + -+ "-----END CERTIFICATE-----"); -+ -+ -+ // ----------------------------------------------------------------- -+ // Compromised CAs of DigiNotar -+ // -+ // Reported by Fox-IT in its interim report on September 5, 2011, -+ // "DigiNotar Certificate Authority breach 'Operation Black Tulip'". -+ // -+ -+ // -+ // Compromised DigiNotar Cyber CA -+ // -+ -+ // DigiNotar intermediate, cross-signed by CyberTrust -+ // -+ // Subject: EMAILADDRESS=info@diginotar.nl, CN=DigiNotar Cyber CA, -+ // O=DigiNotar, C=NL -+ // Issuer: CN=GTE CyberTrust Global Root, -+ // OU=GTE CyberTrust Solutions, Inc., -+ // O=GTE Corporation, -+ // C=US -+ // Serial: 120000525 (07:27:10:0D) -+ add("info-at-diginotar-cyber-ca-cross-to-gte-cybertrust-0727100D", -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFWjCCBMOgAwIBAgIEBycQDTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV\n" + -+ "UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU\n" + -+ "cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds\n" + -+ "b2JhbCBSb290MB4XDTA2MTAwNDEwNTQxMVoXDTExMTAwNDEwNTMxMVowYDELMAkG\n" + -+ "A1UEBhMCTkwxEjAQBgNVBAoTCURpZ2lOb3RhcjEbMBkGA1UEAxMSRGlnaU5vdGFy\n" + -+ "IEN5YmVyIENBMSAwHgYJKoZIhvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIw\n" + -+ "DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANLOFQotqF6EZ639vu9Gx8i5z3P8\n" + -+ "9DS5+SxD52ATPXrjss87Z2yQrcC5P4RS8DVC3HTcKDu9UrSnrHJFF8bwieu0qiXy\n" + -+ "XUte0dmHutZ9fPXOMp8QM8WxSrtekTHC0OlBwpFkfglBO9uLCDdqqspS3rU5HsCI\n" + -+ "A6U/i5kTYUO1m4Kz7iBvz6FEouova0CfjytXraFTwoUiaZ2gP1HfC0GRDaXhqKpc\n" + -+ "SQhdvd5wQbEPyWNr0380dAIvNFp4dRxoeoFnivPaQPBgY/SSINcDpj2jHmfEhBtB\n" + -+ "pcmM5r3qSLYFFgizNxJa92E89zhvLpfgb1Y4VNMota0Ubi5LZLUnZbd1JQm2Bz2V\n" + -+ "VgIKgmCyc0XgMyZRdJq51FAc9k1bW1JSE1qmf6cO4ehBVGeYjIfVydNsy9NUkgYJ\n" + -+ "NEH3gW8/nsl8dVWw58Gzd+jDxAA1lUBwEEoF3iW7n1mlZLxHYL9g43aLE1Xd4XR6\n" + -+ "uc8kpmp/3mQiRFhogmoQ+T3lPhu5vfwi9GAEibtVbShV+t6OjRshFNc3izR7Tfay\n" + -+ "shDPM7F9HGKZSMsrbHaWVb8ZDR0fu2WqG46ZtcYokOWCLXhQIJr9eS8kf/CJKWn0\n" + -+ "fc1zvrPtTsHR7VJej/e4142HrbLZG1ES/1az4a80fVykeIgQnp0DxqWqoiRR90kU\n" + -+ "xbHuWUOV36toKDA/AgMBAAGjggGGMIIBgjASBgNVHRMBAf8ECDAGAQH/AgEBMFMG\n" + -+ "A1UdIARMMEowSAYJKwYBBAGxPgEAMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93d3cu\n" + -+ "cHVibGljLXRydXN0LmNvbS9DUFMvT21uaVJvb3QuaHRtbDAOBgNVHQ8BAf8EBAMC\n" + -+ "AQYwgaAGA1UdIwSBmDCBlYAUpgwdn2H/Bxe1vzhG20Mw1Y6wUgaheaR3MHUxCzAJ\n" + -+ "BgNVBAYTAlVTMRgwFgYDVQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdU\n" + -+ "RSBDeWJlclRydXN0IFNvbHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVy\n" + -+ "VHJ1c3QgR2xvYmFsIFJvb3SCAgGlMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly93\n" + -+ "d3cucHVibGljLXRydXN0LmNvbS9jZ2ktYmluL0NSTC8yMDE4L2NkcC5jcmwwHQYD\n" + -+ "VR0OBBYEFKv5aN/PSjfXe0WMX3LeQETDZbvCMA0GCSqGSIb3DQEBBQUAA4GBAI9o\n" + -+ "a6VbB7pEZg4cqFwwezPkCiYE/O+eGjjWLqEf0JlHwnVkJP2eOyh2uSYoYZEMbSz4\n" + -+ "BJ98UAHV42mv7xXSRZskCSpmBU8lgcpdvqrBWSeuM46C9990sFWzjvjnN8huqlZE\n" + -+ "9r1TgSOWPbT6MopTZkQloiXGpjwljPDgKAYityZB\n" + -+ "-----END CERTIFICATE-----"); -+ -+ // DigiNotar intermediate, cross-signed by CyberTrust -+ // -+ // Subject: CN=DigiNotar Cyber CA, O=DigiNotar, C=NL -+ // Issuer: CN=GTE CyberTrust Global Root, -+ // OU=GTE CyberTrust Solutions, Inc., -+ // O=GTE Corporation, -+ // C=US -+ // Serial: 120000505 (07:27:0F:F9) -+ add("diginotar-cyber-ca-cross-to-gte-cybertrust-07270FF9", -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFODCCBKGgAwIBAgIEBycP+TANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV\n" + -+ "UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU\n" + -+ "cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds\n" + -+ "b2JhbCBSb290MB4XDTA2MDkyMDA5NDUzMloXDTEzMDkyMDA5NDQwNlowPjELMAkG\n" + -+ "A1UEBhMCTkwxEjAQBgNVBAoTCURpZ2lOb3RhcjEbMBkGA1UEAxMSRGlnaU5vdGFy\n" + -+ "IEN5YmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0s4VCi2o\n" + -+ "XoRnrf2+70bHyLnPc/z0NLn5LEPnYBM9euOyzztnbJCtwLk/hFLwNULcdNwoO71S\n" + -+ "tKesckUXxvCJ67SqJfJdS17R2Ye61n189c4ynxAzxbFKu16RMcLQ6UHCkWR+CUE7\n" + -+ "24sIN2qqylLetTkewIgDpT+LmRNhQ7WbgrPuIG/PoUSi6i9rQJ+PK1etoVPChSJp\n" + -+ "naA/Ud8LQZENpeGoqlxJCF293nBBsQ/JY2vTfzR0Ai80Wnh1HGh6gWeK89pA8GBj\n" + -+ "9JIg1wOmPaMeZ8SEG0GlyYzmvepItgUWCLM3Elr3YTz3OG8ul+BvVjhU0yi1rRRu\n" + -+ "LktktSdlt3UlCbYHPZVWAgqCYLJzReAzJlF0mrnUUBz2TVtbUlITWqZ/pw7h6EFU\n" + -+ "Z5iMh9XJ02zL01SSBgk0QfeBbz+eyXx1VbDnwbN36MPEADWVQHAQSgXeJbufWaVk\n" + -+ "vEdgv2DjdosTVd3hdHq5zySman/eZCJEWGiCahD5PeU+G7m9/CL0YASJu1VtKFX6\n" + -+ "3o6NGyEU1zeLNHtN9rKyEM8zsX0cYplIyytsdpZVvxkNHR+7Zaobjpm1xiiQ5YIt\n" + -+ "eFAgmv15LyR/8IkpafR9zXO+s+1OwdHtUl6P97jXjYetstkbURL/VrPhrzR9XKR4\n" + -+ "iBCenQPGpaqiJFH3SRTFse5ZQ5Xfq2goMD8CAwEAAaOCAYYwggGCMBIGA1UdEwEB\n" + -+ "/wQIMAYBAf8CAQEwUwYDVR0gBEwwSjBIBgkrBgEEAbE+AQAwOzA5BggrBgEFBQcC\n" + -+ "ARYtaHR0cDovL3d3dy5wdWJsaWMtdHJ1c3QuY29tL0NQUy9PbW5pUm9vdC5odG1s\n" + -+ "MA4GA1UdDwEB/wQEAwIBBjCBoAYDVR0jBIGYMIGVgBSmDB2fYf8HF7W/OEbbQzDV\n" + -+ "jrBSBqF5pHcwdTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlv\n" + -+ "bjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMwIQYD\n" + -+ "VQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdIICAaUwRQYDVR0fBD4wPDA6\n" + -+ "oDigNoY0aHR0cDovL3d3dy5wdWJsaWMtdHJ1c3QuY29tL2NnaS1iaW4vQ1JMLzIw\n" + -+ "MTgvY2RwLmNybDAdBgNVHQ4EFgQUq/lo389KN9d7RYxfct5ARMNlu8IwDQYJKoZI\n" + -+ "hvcNAQEFBQADgYEACcpiD427SuDUejUrBi3RKGG2rAH7g0m8rtQvLYauGYOl1h0T\n" + -+ "4he+/jJ06XoUOMqUXvcpAWlxG5Ea/aO7qh3Ke+IW/aGjDvMMX7LhIDGUK16Sdu36\n" + -+ "6bUjpr8KOwOpb1JgVM1f6bcvfKIn/UGDdbYN+3gm87FF6TKVKho1IZXFonU=\n" + -+ "-----END CERTIFICATE-----"); -+ -+ // DigiNotar intermediate, cross-signed by CyberTrust -+ // -+ // Subject: CN=DigiNotar Cyber CA, O=DigiNotar, C=NL -+ // Issuer: CN=GTE CyberTrust Global Root, -+ // OU=GTE CyberTrust Solutions, Inc., -+ // O=GTE Corporation, -+ // C=US -+ // Serial: 120000515 (07:27:10:03) -+ add("diginotar-cyber-ca-cross-to-gte-cybertrust-07271003", -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFODCCBKGgAwIBAgIEBycQAzANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV\n" + -+ "UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU\n" + -+ "cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds\n" + -+ "b2JhbCBSb290MB4XDTA2MDkyNzEwNTMzMloXDTExMDkyNzEwNTIzMFowPjELMAkG\n" + -+ "A1UEBhMCTkwxEjAQBgNVBAoTCURpZ2lOb3RhcjEbMBkGA1UEAxMSRGlnaU5vdGFy\n" + -+ "IEN5YmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0s4VCi2o\n" + -+ "XoRnrf2+70bHyLnPc/z0NLn5LEPnYBM9euOyzztnbJCtwLk/hFLwNULcdNwoO71S\n" + -+ "tKesckUXxvCJ67SqJfJdS17R2Ye61n189c4ynxAzxbFKu16RMcLQ6UHCkWR+CUE7\n" + -+ "24sIN2qqylLetTkewIgDpT+LmRNhQ7WbgrPuIG/PoUSi6i9rQJ+PK1etoVPChSJp\n" + -+ "naA/Ud8LQZENpeGoqlxJCF293nBBsQ/JY2vTfzR0Ai80Wnh1HGh6gWeK89pA8GBj\n" + -+ "9JIg1wOmPaMeZ8SEG0GlyYzmvepItgUWCLM3Elr3YTz3OG8ul+BvVjhU0yi1rRRu\n" + -+ "LktktSdlt3UlCbYHPZVWAgqCYLJzReAzJlF0mrnUUBz2TVtbUlITWqZ/pw7h6EFU\n" + -+ "Z5iMh9XJ02zL01SSBgk0QfeBbz+eyXx1VbDnwbN36MPEADWVQHAQSgXeJbufWaVk\n" + -+ "vEdgv2DjdosTVd3hdHq5zySman/eZCJEWGiCahD5PeU+G7m9/CL0YASJu1VtKFX6\n" + -+ "3o6NGyEU1zeLNHtN9rKyEM8zsX0cYplIyytsdpZVvxkNHR+7Zaobjpm1xiiQ5YIt\n" + -+ "eFAgmv15LyR/8IkpafR9zXO+s+1OwdHtUl6P97jXjYetstkbURL/VrPhrzR9XKR4\n" + -+ "iBCenQPGpaqiJFH3SRTFse5ZQ5Xfq2goMD8CAwEAAaOCAYYwggGCMBIGA1UdEwEB\n" + -+ "/wQIMAYBAf8CAQEwUwYDVR0gBEwwSjBIBgkrBgEEAbE+AQAwOzA5BggrBgEFBQcC\n" + -+ "ARYtaHR0cDovL3d3dy5wdWJsaWMtdHJ1c3QuY29tL0NQUy9PbW5pUm9vdC5odG1s\n" + -+ "MA4GA1UdDwEB/wQEAwIBBjCBoAYDVR0jBIGYMIGVgBSmDB2fYf8HF7W/OEbbQzDV\n" + -+ "jrBSBqF5pHcwdTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlv\n" + -+ "bjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMwIQYD\n" + -+ "VQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdIICAaUwRQYDVR0fBD4wPDA6\n" + -+ "oDigNoY0aHR0cDovL3d3dy5wdWJsaWMtdHJ1c3QuY29tL2NnaS1iaW4vQ1JMLzIw\n" + -+ "MTgvY2RwLmNybDAdBgNVHQ4EFgQUq/lo389KN9d7RYxfct5ARMNlu8IwDQYJKoZI\n" + -+ "hvcNAQEFBQADgYEAWcyGZhizJlRP1jjNupZey+yZG6oMDW4Z11boriMHbYPCndBE\n" + -+ "bVh07zmPbZsihOw9w/vm5KbVX5CgxUv4Rhzh/20Faixf3P3bpWg0qgzHVVusNVR/\n" + -+ "P50aKkpdK3hp+QLl56e+lWOddSAINIpmcuyDI1hyuzB+GJEASm9tNU/6rs8=\n" + -+ "-----END CERTIFICATE-----"); -+ -+ // -+ // Compromised DigiNotar Root CA -+ // -+ -+ // DigiNotar intermediate, cross-signed by Entrust -+ // -+ // Subject: EMAILADDRESS=info@diginotar.nl, -+ // CN=DigiNotar Root CA, -+ // O=DigiNotar, C=NL -+ // Issuer: CN=Entrust.net Secure Server Certification Authority -+ // OU=(c) 1999 Entrust.net Limited, -+ // OU=www.entrust.net/CPS incorp. by ref. (limits liab.), -+ // O=Entrust.net, -+ // C=US, -+ // Serial: 1184644297 (46:9C:3C:C9) -+ add("info-at-diginotar-root-ca-cross-to-entrust-secure-server-469C3CC9", -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFSDCCBLGgAwIBAgIERpw8yTANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" + -+ "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" + -+ "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" + -+ "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" + -+ "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA0\n" + -+ "MjYwNTAwMDBaFw0xMzA4MTQyMDEyMzZaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" + -+ "EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" + -+ "hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" + -+ "ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" + -+ "OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" + -+ "hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" + -+ "gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" + -+ "IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" + -+ "BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" + -+ "Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" + -+ "5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" + -+ "DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" + -+ "9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" + -+ "7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" + -+ "ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" + -+ "BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" + -+ "BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" + -+ "VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" + -+ "bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" + -+ "A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" + -+ "BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAI979rBep8tu3TeLunapgsZ0jtXp\n" + -+ "GDFjKWSk87dj1jCyYi+q/GyDyZ6ZQZNRP0sF+6twscq05lClWNy3TROMp7QeuoLO\n" + -+ "G7Utw3OJaswUtp4YglANMRTHEe3g9ltifUXRH5tSuy7u6yi4LD4WTm5ULP6r/g6l\n" + -+ "0CnjXYb0+b1Fmz6U\n" + -+ "-----END CERTIFICATE-----"); -+ -+ // DigiNotar intermediate, cross-signed by Entrust -+ // -+ // Subject: EMAILADDRESS=info@diginotar.nl, -+ // CN=DigiNotar Root CA, -+ // O=DigiNotar, C=NL -+ // Issuer: CN=Entrust.net Secure Server Certification Authority -+ // OU=(c) 1999 Entrust.net Limited, -+ // OU=www.entrust.net/CPS incorp. by ref. (limits liab.), -+ // O=Entrust.net, -+ // C=US, -+ // Serial: 1184640175 (46:9C:2C:AF) -+ add("info-at-diginotar-root-ca-cross-to-entrust-secure-server-469C2CAF", -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" + -+ "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" + -+ "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" + -+ "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" + -+ "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" + -+ "MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" + -+ "EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" + -+ "hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" + -+ "ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" + -+ "OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" + -+ "hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" + -+ "gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" + -+ "IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" + -+ "BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" + -+ "Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" + -+ "5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" + -+ "DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" + -+ "9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" + -+ "7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" + -+ "ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" + -+ "BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" + -+ "BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" + -+ "VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" + -+ "bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" + -+ "A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" + -+ "BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" + -+ "xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" + -+ "ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" + -+ "ZFdYf+hthc3m6IcJ\n" + -+ "-----END CERTIFICATE-----"); -+ -+ // -+ // Compromised DigiNotar PKIoverheid CA Organisatie - G2 -+ // -+ -+ // DigiNotar intermediate, cross-signed by the Dutch government -+ // -+ // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2, -+ // O=DigiNotar B.V., -+ // C=NL -+ // Issuer: CN=Staat der Nederlanden Organisatie CA - G2, -+ // O=Staat der Nederlanden, -+ // C=NL -+ // Serial: 20001983 (01:31:34:bf) -+ add("diginotar-pkioverheid-organisatie-cross-to-nederlanden-013134BF", -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIGnDCCBISgAwIBAgIEATE0vzANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJO\n" + -+ "TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMTIwMAYDVQQDDClTdGFh\n" + -+ "dCBkZXIgTmVkZXJsYW5kZW4gT3JnYW5pc2F0aWUgQ0EgLSBHMjAeFw0xMDA1MTIw\n" + -+ "ODUxMzhaFw0yMDAzMjMwOTUwMDRaMFoxCzAJBgNVBAYTAk5MMRcwFQYDVQQKDA5E\n" + -+ "aWdpTm90YXIgQi5WLjEyMDAGA1UEAwwpRGlnaU5vdGFyIFBLSW92ZXJoZWlkIENB\n" + -+ "IE9yZ2FuaXNhdGllIC0gRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\n" + -+ "AQCxExkPJ+Zs1FWGS9DsiYpFkXisR71HK+T8RetPtCZzWzfTw3/2497Xo/gtaMUI\n" + -+ "PkuU1uSHJTZrhLUYdPMoWHMvm2rPvAQe9t7dr/xLqvXbZmIlASWC3vKXWhBu3V2p\n" + -+ "IrEEqSNzOvhxrR3PhETrR9Gvbch8KKvH8jd6dF9fxQIUiqNa4xtsAeNdjtlo1vQJ\n" + -+ "GzLckbUs9SDrjANtJkm4k8SFXdjSm69WaswFM8ygQp40VUSca6DUEtArVM23iQ3l\n" + -+ "9uvo+4UBM096a/GdcjOWDveyhKWlJ8Qn8VFzKXe6Z27+TNy04qGhgS85SY1DOBPO\n" + -+ "0KVcwoc6AGdlQiPxNlkKHaNRyLyjlCox3+M88p0aPASw77EKMBNzttfzo0wBdRSF\n" + -+ "eMDXijlYhVD6LubFvs+LP6+PNtQlCS3SD6xyk/K/i9RQs/kVUJuZ9RTZ+4uRozIm\n" + -+ "JqD43ztggYaDeVsr6xM9KTrBbd29no6H1kquNJcF7hSm9tw4fkrpJFQHPZdoN0Zr\n" + -+ "DceoIa8TVOQJavFNRgrJXfubT73e+7dUy7g4nKc5+2otwHuNq6WnV+xKkoozxeEg\n" + -+ "XHPYkJIrgNUPhhhpfDlPhIa890xb89W0yqDC8DciynlSH1PmqvOQsDvd8ij9rOvF\n" + -+ "BiSgydQvD1j9tZ7sD8+yWdCiBHo4aq5y+73wJWKUCacFCwIDAQABo4IBYTCCAV0w\n" + -+ "SAYDVR0gBEEwPzA9BgRVHSAAMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cuZGln\n" + -+ "aW5vdGFyLm5sL2Nwcy9wa2lvdmVyaGVpZDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud\n" + -+ "DwEB/wQEAwIBBjCBhQYDVR0jBH4wfIAUORCLSZJc22ESIM1JnRqO2pxnQLmhXqRc\n" + -+ "MFoxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIgTmVkZXJsYW5kZW4x\n" + -+ "KzApBgNVBAMMIlN0YWF0IGRlciBOZWRlcmxhbmRlbiBSb290IENBIC0gRzKCBACY\n" + -+ "lvQwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5wa2lvdmVyaGVpZC5ubC9E\n" + -+ "b21PcmdhbmlzYXRpZUxhdGVzdENSTC1HMi5jcmwwHQYDVR0OBBYEFLxdlDvZq3sD\n" + -+ "JXNhwtst7vyrj2WhMA0GCSqGSIb3DQEBCwUAA4ICAQCP/C1Mt9kt1R+978v0t2gX\n" + -+ "dZ1O1ffdnPEqJu2forYcA9VTs+wIzzTi48P0tRYvyMO+19NzqwA2+RpKftZj6V5G\n" + -+ "uqW2jhW3oyrYQx3vXcgfgYWzi/f/PPTZ9EYIP5y8HaDZqEzNJVJOCrEg9x/pQ9lU\n" + -+ "RoETmsBedGwqmDLq/He7DaWiMZgifnx859qkrey3LhoZcfhIUNpDjyyE3cFAJ+O1\n" + -+ "8BVOltT4XOOGKUYr1zsH6zh/yIZXl9PvKjPEF1DVZGlrK2tFXl0vF8paTs/D1zk8\n" + -+ "9TufRrmb5w5Jl53W1eMbD+qPAU6aE5RZCgIHSEsaYKt/T+0L2FUNaG9VnGllFULs\n" + -+ "wNzdbKzDFs4LHVabpMTE0i7gD+JEJytQaaTcYuiKISlCbMwAOpZ2m+9AwKRed4Qy\n" + -+ "bCYqOWauXeO5ubIsaB8empADOfCqs6TMSYsYNOk3yXspx4R8b0QVL+xhWQTJRcui\n" + -+ "1lKifH8pktZKxYtCqNT+6tjHhyMY5J16fXNAUpigrm7jBT8FD+Clxm1N7YM3iJzH\n" + -+ "89xCmmq21yFJNnfy7xhPxXDZnunetyuL9Lx+KN8NQMmFXK6dxTH/0FwOtah+8Okv\n" + -+ "uq+IruW10Vilr5xxpykBkINpN4IFuvwJwQhujHg7wzMCgD9EhQgd31VWCK0shS1d\n" + -+ "sQPhrqp0xaTzTro3mHuCuQ==\n" + -+ "-----END CERTIFICATE-----"); -+ -+ // -+ // Compromised DigiNotar PKIoverheid CA Overheid en Bedrijven -+ // -+ -+ // DigiNotar intermediate, cross-signed by the Dutch government -+ // -+ // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven, -+ // O=DigiNotar B.V., -+ // C=NL -+ // Issuer: CN=Staat der Nederlanden Overheid CA -+ // O=Staat der Nederlanden, -+ // C=NL -+ // Serial: 20015536 (01:31:69:b0) -+ add("diginotar-pkioverheid-overheid-enb-cross-to-nederlanden-013169B0", -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIEiDCCA3CgAwIBAgIEATFpsDANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJO\n" + -+ "TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSowKAYDVQQDEyFTdGFh\n" + -+ "dCBkZXIgTmVkZXJsYW5kZW4gT3ZlcmhlaWQgQ0EwHhcNMDcwNzA1MDg0MjA3WhcN\n" + -+ "MTUwNzI3MDgzOTQ2WjBfMQswCQYDVQQGEwJOTDEXMBUGA1UEChMORGlnaU5vdGFy\n" + -+ "IEIuVi4xNzA1BgNVBAMTLkRpZ2lOb3RhciBQS0lvdmVyaGVpZCBDQSBPdmVyaGVp\n" + -+ "ZCBlbiBCZWRyaWp2ZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc\n" + -+ "vdKnTmoKuzuiheF/AK2+tDBomAfNoHrElM9x+Yo35FPrV3bMi+Zs/u6HVcg+uwQ5\n" + -+ "AKeAeKxbT370vbhUuHE7BzFJOZNUfCA7eSuPu2GQfbGs5h+QLp1FAalkLU3DL7nn\n" + -+ "UNVOKlyrdnY3Rtd57EKZ96LspIlw3Dgrh6aqJOadkiQbvvb91C8ZF3rmMgeUVAVT\n" + -+ "Q+lsvK9Hy7zL/b07RBKB8WtLu+20z6slTxjSzAL8o0+1QjPLWc0J3NNQ/aB2jKx+\n" + -+ "ZopC9q0ckvO2+xRG603XLzDgbe5bNr5EdLcgBVeFTegAGaL2DOauocBC36esgl3H\n" + -+ "aLcY5olLmmv6znn58yynAgMBAAGjggFQMIIBTDBIBgNVHSAEQTA/MD0GBFUdIAAw\n" + -+ "NTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5kaWdpbm90YXIubmwvY3BzL3BraW92\n" + -+ "ZXJoZWlkMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMIGABgNVHSME\n" + -+ "eTB3gBQLhtYPd6NosftkCcOIblwEHFfpPaFZpFcwVTELMAkGA1UEBhMCTkwxHjAc\n" + -+ "BgNVBAoTFVN0YWF0IGRlciBOZWRlcmxhbmRlbjEmMCQGA1UEAxMdU3RhYXQgZGVy\n" + -+ "IE5lZGVybGFuZGVuIFJvb3QgQ0GCBACYmnkwPQYDVR0fBDYwNDAyoDCgLoYsaHR0\n" + -+ "cDovL2NybC5wa2lvdmVyaGVpZC5ubC9Eb21PdkxhdGVzdENSTC5jcmwwHQYDVR0O\n" + -+ "BBYEFEwIyY128ZjHPt881y91DbF2eZfMMA0GCSqGSIb3DQEBBQUAA4IBAQAMlIca\n" + -+ "v03jheLu19hjeQ5Q38aEW9K72fUxCho1l3TfFPoqDz7toOMI9tVOW6+mriXiRWsi\n" + -+ "D7dUKH6S3o0UbNEc5W50BJy37zRERd/Jgx0ZH8Apad+J1T/CsFNt5U4X5HNhIxMm\n" + -+ "cUP9TFnLw98iqiEr2b+VERqKpOKrp11Lbyn1UtHk0hWxi/7wA8+nfemZhzizDXMU\n" + -+ "5HIs4c71rQZIZPrTKbmi2Lv01QulQERDjqC/zlqlUkxk0xcxYczopIro5Ij76eUv\n" + -+ "BjMzm5RmZrGrUDqhCYF0U1onuabSJc/Tw6f/ltAv6uAejVLpGBwgCkegllYOQJBR\n" + -+ "RKwa/fHuhR/3Qlpl\n" + -+ "-----END CERTIFICATE-----"); -+ -+ // -+ // Compromised DigiNotar PKIoverheid CA Overheid -+ // -+ -+ // DigiNotar intermediate, cross-signed by the Dutch government -+ // -+ // Subject: CN=DigiNotar PKIoverheid CA Overheid -+ // O=DigiNotar B.V., -+ // C=NL -+ // Issuer: CN=Staat der Nederlanden Overheid CA -+ // O=Staat der Nederlanden, -+ // C=NL -+ // Serial: 20006006 (01:31:44:76) -+ add("diginotar-pkioverheid-overheid-cross-to-nederlanden-01314476", -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIEezCCA2OgAwIBAgIEATFEdjANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJO\n" + -+ "TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSowKAYDVQQDEyFTdGFh\n" + -+ "dCBkZXIgTmVkZXJsYW5kZW4gT3ZlcmhlaWQgQ0EwHhcNMDQwNjI0MDgxOTMyWhcN\n" + -+ "MTAwNjIzMDgxNzM2WjBSMQswCQYDVQQGEwJOTDEXMBUGA1UEChMORGlnaU5vdGFy\n" + -+ "IEIuVi4xKjAoBgNVBAMTIURpZ2lOb3RhciBQS0lvdmVyaGVpZCBDQSBPdmVyaGVp\n" + -+ "ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANSlrubta5tlOjVCi/gb\n" + -+ "yLCvRqfBjxG8H594VcKHu0WAYc99SPZF9cycj5mw2GyfQvy/WIrGrL4iyNq1gSqR\n" + -+ "0QA/mTXKZIaPqzpDhdm+VvrKkmjrbZfaQxgMSs3ChtBsjcP9Lc0X1zXZ4Q8nBe3k\n" + -+ "BTp+zehINfmbjoEgXLxsMR5RQ6GxzKjuC04PQpbJQgTIakglKaqYcDDZbEscWgPV\n" + -+ "Hgj/2aoHlj6leW/ThHZ+O41jUguEmBLZA3mu3HrCfrHntb5dPt0ihzSx7GtD/SaX\n" + -+ "5HBLxnP189YuqMk5iRA95CtiSdKauvon/xRKRLNgG6XAz0ctSoY7xLDdiBVU5kJd\n" + -+ "FScCAwEAAaOCAVAwggFMMEgGA1UdIARBMD8wPQYEVR0gADA1MDMGCCsGAQUFBwIB\n" + -+ "FidodHRwOi8vd3d3LmRpZ2lub3Rhci5ubC9jcHMvcGtpb3ZlcmhlaWQwDwYDVR0T\n" + -+ "AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgYAGA1UdIwR5MHeAFAuG1g93o2ix\n" + -+ "+2QJw4huXAQcV+k9oVmkVzBVMQswCQYDVQQGEwJOTDEeMBwGA1UEChMVU3RhYXQg\n" + -+ "ZGVyIE5lZGVybGFuZGVuMSYwJAYDVQQDEx1TdGFhdCBkZXIgTmVkZXJsYW5kZW4g\n" + -+ "Um9vdCBDQYIEAJiaeTA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3JsLnBraW92\n" + -+ "ZXJoZWlkLm5sL0RvbU92TGF0ZXN0Q1JMLmNybDAdBgNVHQ4EFgQUvRaYQh2+kdE9\n" + -+ "wpcl4CjXWOC1f+IwDQYJKoZIhvcNAQEFBQADggEBAGhQsCWLiaN2EOhPAW+JQP6o\n" + -+ "XBOrLv5w6joahzBFVn1BiefzmlMKjibqKYxURRvMAsMkh82/MfL8V0w6ugxl81lu\n" + -+ "i42dcxl9cKSVXKMw4bbBzJ2VQI5HTIABwefeNuy/eX6idVwYdt3ajAH7fUA8Q9Cq\n" + -+ "vr6H8B+8mwoEqTVTEVlCSsC/EXsokYEUr06PPzRudKjDmijgj7zFaIioZNc8hk7g\n" + -+ "ufEgrs/tmcNGylrwRHgCXjCRBt2NHlZ08l7A1AGU8HcHlSbG9Un/2q9kVHUkps0D\n" + -+ "gtUaEK+x6jpAu/R8Ojezu/+ZEcwwjI/KOhG+84+ejFmtyEkrUdsAdEdLf/2dKsw=\n" + -+ "-----END CERTIFICATE-----"); -+ -+ // -+ // Compromised DigiNotar Services 1024 CA -+ // -+ -+ // DigiNotar intermediate, cross-signed by the Entrust -+ // -+ // Subject: EMAILADDRESS=info@diginotar.nl, -+ // CN=DigiNotar Services 1024 CA -+ // O=DigiNotar, C=NL -+ // Issuer: CN=Entrust.net Secure Server Certification Authority, -+ // OU=(c) 1999 Entrust.net Limited, -+ // OU=www.entrust.net/CPS incorp. by ref. (limits liab.), -+ // O=Entrust.net, -+ // C=US -+ // Serial: 1184640176 (46:9c:2c:b0) -+ add("diginotar-services-1024-ca-cross-to-entrust-469C2CB0", -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIDzTCCAzagAwIBAgIERpwssDANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" + -+ "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" + -+ "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" + -+ "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" + -+ "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" + -+ "MjYxNTU5MDBaFw0xMzA4MjYxNjI5MDBaMGgxCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" + -+ "EwlEaWdpTm90YXIxIzAhBgNVBAMTGkRpZ2lOb3RhciBTZXJ2aWNlcyAxMDI0IENB\n" + -+ "MSAwHgYJKoZIhvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCBnzANBgkqhkiG9w0B\n" + -+ "AQEFAAOBjQAwgYkCgYEA2ptNXTz50eKLxsYIIMXZHkjsZlhneWIrQWP0iY1o2q+4\n" + -+ "lDaLGSSkoJPSmQ+yrS01Tc0vauH5mxkrvAQafi09UmTN8T5nD4ku6PJPrqYIoYX+\n" + -+ "oakJ5sarPkP8r3oDkdqmOaZh7phPGKjTs69mgumfvN1y+QYEvRLZGCTnq5NTi1kC\n" + -+ "AwEAAaOCASYwggEiMBIGA1UdEwEB/wQIMAYBAf8CAQAwJwYDVR0lBCAwHgYIKwYB\n" + -+ "BQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDBDARBgNVHSAECjAIMAYGBFUdIAAwMwYI\n" + -+ "KwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5l\n" + -+ "dDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L3NlcnZl\n" + -+ "cjEuY3JsMB0GA1UdDgQWBBT+3JRJDG/vXH/G8RKZTxZJrfuCZTALBgNVHQ8EBAMC\n" + -+ "AQYwHwYDVR0jBBgwFoAU8BdiE1U9s/8KAGv7UISX8+1i0BowGQYJKoZIhvZ9B0EA\n" + -+ "BAwwChsEVjcuMQMCAIEwDQYJKoZIhvcNAQEFBQADgYEAY3RqN6k/lpxmyFisCcnv\n" + -+ "9WWUf6MCxDgxvV0jh+zUVrLJsm7kBQb87PX6iHBZ1O7m3bV6oKNgLwIMq94SXa/w\n" + -+ "NUuqikeRGvWFLELHHe+VQ7NeuJWTpdrFKKqtci0xrZlrbP+MISevrZqRK8fdWMNu\n" + -+ "B8WfedLHjFW/TMcnXlEWKz4=\n" + -+ "-----END CERTIFICATE-----"); -+ -+ } -+} -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/sun/security/validator/SimpleValidator.java jdk7u3/jdk/src/share/classes/sun/security/validator/SimpleValidator.java ---- jdk/src/share/classes/sun/security/validator/SimpleValidator.java 2012-04-17 17:39:21.000000000 -0400 -+++ jdk/src/share/classes/sun/security/validator/SimpleValidator.java 2012-04-17 17:48:58.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -41,6 +41,7 @@ - import sun.security.util.ObjectIdentifier; - - import sun.security.provider.certpath.AlgorithmChecker; -+import sun.security.provider.certpath.UntrustedChecker; - - /** - * A simple validator implementation. It is based on code from the JSSE -@@ -137,6 +138,9 @@ - date = new Date(); - } - -+ // create distrusted certificates checker -+ UntrustedChecker untrustedChecker = new UntrustedChecker(); -+ - // create default algorithm constraints checker - TrustAnchor anchor = new TrustAnchor(chain[chain.length - 1], null); - AlgorithmChecker defaultAlgChecker = new AlgorithmChecker(anchor); -@@ -154,6 +158,17 @@ - X509Certificate issuerCert = chain[i + 1]; - X509Certificate cert = chain[i]; - -+ // check untrusted certificate -+ try { -+ // Untrusted checker does not care about the unresolved -+ // critical extensions. -+ untrustedChecker.check(cert, Collections.<String>emptySet()); -+ } catch (CertPathValidatorException cpve) { -+ throw new ValidatorException( -+ "Untrusted certificate: " + cert.getSubjectX500Principal(), -+ ValidatorException.T_UNTRUSTED_CERT, cert, cpve); -+ } -+ - // check certificate algorithm - try { - // Algorithm checker does not care about the unresolved -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/classes/sun/security/validator/ValidatorException.java jdk7u3/jdk/src/share/classes/sun/security/validator/ValidatorException.java ---- jdk/src/share/classes/sun/security/validator/ValidatorException.java 2012-04-17 17:39:21.000000000 -0400 -+++ jdk/src/share/classes/sun/security/validator/ValidatorException.java 2012-04-17 17:48:58.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2002, 2009, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -58,6 +58,9 @@ - public final static Object T_ALGORITHM_DISABLED = - "Certificate signature algorithm disabled"; - -+ public final static Object T_UNTRUSTED_CERT = -+ "Untrusted certificate"; -+ - private Object type; - private X509Certificate cert; - -diff -uNr -x '.hg*' jdk7u2/jdk/src/share/native/java/util/zip/zip_util.c jdk7u3/jdk/src/share/native/java/util/zip/zip_util.c ---- jdk/src/share/native/java/util/zip/zip_util.c 2012-04-17 17:39:25.000000000 -0400 -+++ jdk/src/share/native/java/util/zip/zip_util.c 2012-04-17 17:49:02.000000000 -0400 -@@ -521,7 +521,7 @@ - { - jint count = 0; - ptrdiff_t i; -- for (i = 0; i + CENHDR < end - beg; i += CENSIZE(beg + i)) -+ for (i = 0; i + CENHDR <= end - beg; i += CENSIZE(beg + i)) - count++; - return count; - } -diff -uNr -x '.hg*' jdk7u2/jdk/src/windows/classes/sun/java2d/d3d/D3DRenderer.java jdk7u3/jdk/src/windows/classes/sun/java2d/d3d/D3DRenderer.java ---- jdk/src/windows/classes/sun/java2d/d3d/D3DRenderer.java 2012-04-17 17:39:31.000000000 -0400 -+++ jdk/src/windows/classes/sun/java2d/d3d/D3DRenderer.java 2012-04-17 17:49:07.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2007, 2008, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -27,6 +27,7 @@ - - import java.awt.Transparency; - import java.awt.geom.Path2D; -+import sun.java2d.InvalidPipeException; - import sun.java2d.SunGraphics2D; - import sun.java2d.loops.GraphicsPrimitive; - import sun.java2d.pipe.BufferedPaints; -@@ -47,7 +48,12 @@ - int ctxflags = - sg2d.paint.getTransparency() == Transparency.OPAQUE ? - D3DContext.SRC_IS_OPAQUE : D3DContext.NO_CONTEXT_FLAGS; -- D3DSurfaceData dstData = (D3DSurfaceData)sg2d.surfaceData; -+ D3DSurfaceData dstData; -+ try { -+ dstData = (D3DSurfaceData)sg2d.surfaceData; -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - D3DContext.validateContext(dstData, dstData, - sg2d.getCompClip(), sg2d.composite, - null, sg2d.paint, sg2d, ctxflags); -@@ -56,7 +62,12 @@ - @Override - protected void validateContextAA(SunGraphics2D sg2d) { - int ctxflags = D3DContext.NO_CONTEXT_FLAGS; -- D3DSurfaceData dstData = (D3DSurfaceData)sg2d.surfaceData; -+ D3DSurfaceData dstData; -+ try { -+ dstData = (D3DSurfaceData)sg2d.surfaceData; -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - D3DContext.validateContext(dstData, dstData, - sg2d.getCompClip(), sg2d.composite, - null, sg2d.paint, sg2d, ctxflags); -@@ -70,7 +81,12 @@ - int ctxflags = - sg2d.surfaceData.getTransparency() == Transparency.OPAQUE ? - D3DContext.SRC_IS_OPAQUE : D3DContext.NO_CONTEXT_FLAGS; -- D3DSurfaceData dstData = (D3DSurfaceData)sg2d.surfaceData; -+ D3DSurfaceData dstData; -+ try { -+ dstData = (D3DSurfaceData)sg2d.surfaceData; -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - D3DContext.validateContext(dstData, dstData, - sg2d.getCompClip(), sg2d.composite, - null, null, null, ctxflags); -diff -uNr -x '.hg*' jdk7u2/jdk/src/windows/classes/sun/java2d/windows/GDIRenderer.java jdk7u3/jdk/src/windows/classes/sun/java2d/windows/GDIRenderer.java ---- jdk/src/windows/classes/sun/java2d/windows/GDIRenderer.java 2012-04-17 17:39:31.000000000 -0400 -+++ jdk/src/windows/classes/sun/java2d/windows/GDIRenderer.java 2012-04-17 17:49:07.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -29,6 +29,7 @@ - import java.awt.Shape; - import java.awt.geom.Path2D; - import java.awt.geom.PathIterator; -+import sun.java2d.InvalidPipeException; - import sun.java2d.SunGraphics2D; - import sun.java2d.SurfaceData; - import sun.java2d.pipe.Region; -@@ -45,7 +46,7 @@ - PixelFillPipe, - ShapeDrawPipe - { -- native void doDrawLine(SurfaceData sData, -+ native void doDrawLine(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int x1, int y1, int x2, int y2); - -@@ -54,24 +55,32 @@ - { - int transx = sg2d.transX; - int transy = sg2d.transY; -- doDrawLine(sg2d.surfaceData, -- sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -- x1+transx, y1+transy, x2+transx, y2+transy); -+ try { -+ doDrawLine((GDIWindowSurfaceData)sg2d.surfaceData, -+ sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -+ x1+transx, y1+transy, x2+transx, y2+transy); -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - } - -- native void doDrawRect(SurfaceData sData, -+ native void doDrawRect(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int x, int y, int w, int h); - - public void drawRect(SunGraphics2D sg2d, - int x, int y, int width, int height) - { -- doDrawRect(sg2d.surfaceData, -- sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -- x+sg2d.transX, y+sg2d.transY, width, height); -+ try { -+ doDrawRect((GDIWindowSurfaceData)sg2d.surfaceData, -+ sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -+ x+sg2d.transX, y+sg2d.transY, width, height); -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - } - -- native void doDrawRoundRect(SurfaceData sData, -+ native void doDrawRoundRect(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int x, int y, int w, int h, - int arcW, int arcH); -@@ -80,25 +89,33 @@ - int x, int y, int width, int height, - int arcWidth, int arcHeight) - { -- doDrawRoundRect(sg2d.surfaceData, -- sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -- x+sg2d.transX, y+sg2d.transY, width, height, -- arcWidth, arcHeight); -+ try { -+ doDrawRoundRect((GDIWindowSurfaceData)sg2d.surfaceData, -+ sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -+ x+sg2d.transX, y+sg2d.transY, width, height, -+ arcWidth, arcHeight); -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - } - -- native void doDrawOval(SurfaceData sData, -+ native void doDrawOval(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int x, int y, int w, int h); - - public void drawOval(SunGraphics2D sg2d, - int x, int y, int width, int height) - { -- doDrawOval(sg2d.surfaceData, -- sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -- x+sg2d.transX, y+sg2d.transY, width, height); -+ try { -+ doDrawOval((GDIWindowSurfaceData)sg2d.surfaceData, -+ sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -+ x+sg2d.transX, y+sg2d.transY, width, height); -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - } - -- native void doDrawArc(SurfaceData sData, -+ native void doDrawArc(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int x, int y, int w, int h, - int angleStart, int angleExtent); -@@ -107,13 +124,17 @@ - int x, int y, int width, int height, - int startAngle, int arcAngle) - { -- doDrawArc(sg2d.surfaceData, -- sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -- x+sg2d.transX, y+sg2d.transY, width, height, -- startAngle, arcAngle); -+ try { -+ doDrawArc((GDIWindowSurfaceData)sg2d.surfaceData, -+ sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -+ x+sg2d.transX, y+sg2d.transY, width, height, -+ startAngle, arcAngle); -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - } - -- native void doDrawPoly(SurfaceData sData, -+ native void doDrawPoly(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int transx, int transy, - int[] xpoints, int[] ypoints, -@@ -123,33 +144,45 @@ - int xpoints[], int ypoints[], - int npoints) - { -- doDrawPoly(sg2d.surfaceData, -- sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -- sg2d.transX, sg2d.transY, xpoints, ypoints, npoints, false); -+ try { -+ doDrawPoly((GDIWindowSurfaceData)sg2d.surfaceData, -+ sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -+ sg2d.transX, sg2d.transY, xpoints, ypoints, npoints, false); -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - } - - public void drawPolygon(SunGraphics2D sg2d, - int xpoints[], int ypoints[], - int npoints) - { -- doDrawPoly(sg2d.surfaceData, -- sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -- sg2d.transX, sg2d.transY, xpoints, ypoints, npoints, true); -+ try { -+ doDrawPoly((GDIWindowSurfaceData)sg2d.surfaceData, -+ sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -+ sg2d.transX, sg2d.transY, xpoints, ypoints, npoints, true); -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - } - -- native void doFillRect(SurfaceData sData, -+ native void doFillRect(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int x, int y, int w, int h); - - public void fillRect(SunGraphics2D sg2d, - int x, int y, int width, int height) - { -- doFillRect(sg2d.surfaceData, -- sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -- x+sg2d.transX, y+sg2d.transY, width, height); -+ try { -+ doFillRect((GDIWindowSurfaceData)sg2d.surfaceData, -+ sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -+ x+sg2d.transX, y+sg2d.transY, width, height); -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - } - -- native void doFillRoundRect(SurfaceData sData, -+ native void doFillRoundRect(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int x, int y, int w, int h, - int arcW, int arcH); -@@ -158,25 +191,33 @@ - int x, int y, int width, int height, - int arcWidth, int arcHeight) - { -- doFillRoundRect(sg2d.surfaceData, -- sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -- x+sg2d.transX, y+sg2d.transY, width, height, -- arcWidth, arcHeight); -+ try { -+ doFillRoundRect((GDIWindowSurfaceData)sg2d.surfaceData, -+ sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -+ x+sg2d.transX, y+sg2d.transY, width, height, -+ arcWidth, arcHeight); -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - } - -- native void doFillOval(SurfaceData sData, -+ native void doFillOval(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int x, int y, int w, int h); - - public void fillOval(SunGraphics2D sg2d, - int x, int y, int width, int height) - { -- doFillOval(sg2d.surfaceData, -- sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -- x+sg2d.transX, y+sg2d.transY, width, height); -+ try { -+ doFillOval((GDIWindowSurfaceData)sg2d.surfaceData, -+ sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -+ x+sg2d.transX, y+sg2d.transY, width, height); -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - } - -- native void doFillArc(SurfaceData sData, -+ native void doFillArc(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int x, int y, int w, int h, - int angleStart, int angleExtent); -@@ -185,13 +226,17 @@ - int x, int y, int width, int height, - int startAngle, int arcAngle) - { -- doFillArc(sg2d.surfaceData, -- sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -- x+sg2d.transX, y+sg2d.transY, width, height, -- startAngle, arcAngle); -+ try { -+ doFillArc((GDIWindowSurfaceData)sg2d.surfaceData, -+ sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -+ x+sg2d.transX, y+sg2d.transY, width, height, -+ startAngle, arcAngle); -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - } - -- native void doFillPoly(SurfaceData sData, -+ native void doFillPoly(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int transx, int transy, - int[] xpoints, int[] ypoints, -@@ -201,12 +246,16 @@ - int xpoints[], int ypoints[], - int npoints) - { -- doFillPoly(sg2d.surfaceData, -- sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -- sg2d.transX, sg2d.transY, xpoints, ypoints, npoints); -+ try { -+ doFillPoly((GDIWindowSurfaceData)sg2d.surfaceData, -+ sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -+ sg2d.transX, sg2d.transY, xpoints, ypoints, npoints); -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - } - -- native void doShape(SurfaceData sData, -+ native void doShape(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int transX, int transY, - Path2D.Float p2df, boolean isfill); -@@ -228,9 +277,13 @@ - transX = 0; - transY = 0; - } -- doShape(sg2d.surfaceData, -- sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -- transX, transY, p2df, isfill); -+ try { -+ doShape((GDIWindowSurfaceData)sg2d.surfaceData, -+ sg2d.getCompClip(), sg2d.composite, sg2d.eargb, -+ transX, transY, p2df, isfill); -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - } - - // REMIND: This is just a hack to get WIDE lines to honor the -@@ -239,7 +292,12 @@ - // method that could be filled by the doShape method more quickly. - public void doFillSpans(SunGraphics2D sg2d, SpanIterator si) { - int box[] = new int[4]; -- SurfaceData sd = sg2d.surfaceData; -+ GDIWindowSurfaceData sd; -+ try { -+ sd = (GDIWindowSurfaceData)sg2d.surfaceData; -+ } catch (ClassCastException e) { -+ throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData); -+ } - Region clip = sg2d.getCompClip(); - Composite comp = sg2d.composite; - int eargb = sg2d.eargb; -@@ -268,7 +326,7 @@ - doShape(sg2d, s, true); - } - -- public native void devCopyArea(SurfaceData sData, -+ public native void devCopyArea(GDIWindowSurfaceData sData, - int srcx, int srcy, - int dx, int dy, - int w, int h); -@@ -278,21 +336,21 @@ - } - - public static class Tracer extends GDIRenderer { -- void doDrawLine(SurfaceData sData, -+ void doDrawLine(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int x1, int y1, int x2, int y2) - { - GraphicsPrimitive.tracePrimitive("GDIDrawLine"); - super.doDrawLine(sData, clip, comp, color, x1, y1, x2, y2); - } -- void doDrawRect(SurfaceData sData, -+ void doDrawRect(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int x, int y, int w, int h) - { - GraphicsPrimitive.tracePrimitive("GDIDrawRect"); - super.doDrawRect(sData, clip, comp, color, x, y, w, h); - } -- void doDrawRoundRect(SurfaceData sData, -+ void doDrawRoundRect(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int x, int y, int w, int h, - int arcW, int arcH) -@@ -301,14 +359,14 @@ - super.doDrawRoundRect(sData, clip, comp, color, - x, y, w, h, arcW, arcH); - } -- void doDrawOval(SurfaceData sData, -+ void doDrawOval(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int x, int y, int w, int h) - { - GraphicsPrimitive.tracePrimitive("GDIDrawOval"); - super.doDrawOval(sData, clip, comp, color, x, y, w, h); - } -- void doDrawArc(SurfaceData sData, -+ void doDrawArc(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int x, int y, int w, int h, - int angleStart, int angleExtent) -@@ -317,7 +375,7 @@ - super.doDrawArc(sData, clip, comp, color, x, y, w, h, - angleStart, angleExtent); - } -- void doDrawPoly(SurfaceData sData, -+ void doDrawPoly(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int transx, int transy, - int[] xpoints, int[] ypoints, -@@ -327,14 +385,14 @@ - super.doDrawPoly(sData, clip, comp, color, transx, transy, - xpoints, ypoints, npoints, isclosed); - } -- void doFillRect(SurfaceData sData, -+ void doFillRect(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int x, int y, int w, int h) - { - GraphicsPrimitive.tracePrimitive("GDIFillRect"); - super.doFillRect(sData, clip, comp, color, x, y, w, h); - } -- void doFillRoundRect(SurfaceData sData, -+ void doFillRoundRect(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int x, int y, int w, int h, - int arcW, int arcH) -@@ -343,14 +401,14 @@ - super.doFillRoundRect(sData, clip, comp, color, - x, y, w, h, arcW, arcH); - } -- void doFillOval(SurfaceData sData, -+ void doFillOval(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int x, int y, int w, int h) - { - GraphicsPrimitive.tracePrimitive("GDIFillOval"); - super.doFillOval(sData, clip, comp, color, x, y, w, h); - } -- void doFillArc(SurfaceData sData, -+ void doFillArc(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int x, int y, int w, int h, - int angleStart, int angleExtent) -@@ -359,7 +417,7 @@ - super.doFillArc(sData, clip, comp, color, x, y, w, h, - angleStart, angleExtent); - } -- void doFillPoly(SurfaceData sData, -+ void doFillPoly(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int transx, int transy, - int[] xpoints, int[] ypoints, -@@ -369,7 +427,7 @@ - super.doFillPoly(sData, clip, comp, color, transx, transy, - xpoints, ypoints, npoints); - } -- void doShape(SurfaceData sData, -+ void doShape(GDIWindowSurfaceData sData, - Region clip, Composite comp, int color, - int transX, int transY, - Path2D.Float p2df, boolean isfill) -@@ -380,7 +438,7 @@ - super.doShape(sData, clip, comp, color, - transX, transY, p2df, isfill); - } -- public void devCopyArea(SurfaceData sData, -+ public void devCopyArea(GDIWindowSurfaceData sData, - int srcx, int srcy, - int dx, int dy, - int w, int h) -diff -uNr -x '.hg*' jdk7u2/jdk/src/windows/native/sun/java2d/windows/GDIRenderer.cpp jdk7u3/jdk/src/windows/native/sun/java2d/windows/GDIRenderer.cpp ---- jdk/src/windows/native/sun/java2d/windows/GDIRenderer.cpp 2012-04-17 17:39:32.000000000 -0400 -+++ jdk/src/windows/native/sun/java2d/windows/GDIRenderer.cpp 2012-04-17 17:49:08.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 1999, 2008, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -117,7 +117,7 @@ - /* - * Class: sun_java2d_windows_GDIRenderer - * Method: doDrawLine -- * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V -+ * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V - */ - JNIEXPORT void JNICALL - Java_sun_java2d_windows_GDIRenderer_doDrawLine -@@ -164,7 +164,7 @@ - /* - * Class: sun_java2d_windows_GDIRenderer - * Method: doDrawRect -- * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V -+ * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V - */ - JNIEXPORT void JNICALL - Java_sun_java2d_windows_GDIRenderer_doDrawRect -@@ -209,7 +209,7 @@ - /* - * Class: sun_java2d_windows_GDIRenderer - * Method: doDrawRoundRect -- * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V -+ * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V - */ - JNIEXPORT void JNICALL - Java_sun_java2d_windows_GDIRenderer_doDrawRoundRect -@@ -253,7 +253,7 @@ - /* - * Class: sun_java2d_windows_GDIRenderer - * Method: doDrawOval -- * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V -+ * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V - */ - JNIEXPORT void JNICALL - Java_sun_java2d_windows_GDIRenderer_doDrawOval -@@ -291,7 +291,7 @@ - /* - * Class: sun_java2d_windows_GDIRenderer - * Method: doDrawArc -- * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V -+ * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V - */ - JNIEXPORT void JNICALL - Java_sun_java2d_windows_GDIRenderer_doDrawArc -@@ -347,7 +347,7 @@ - /* - * Class: sun_java2d_windows_GDIRenderer - * Method: doDrawPoly -- * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;III[I[IIZ)V -+ * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;III[I[IIZ)V - */ - JNIEXPORT void JNICALL - Java_sun_java2d_windows_GDIRenderer_doDrawPoly -@@ -412,7 +412,7 @@ - /* - * Class: sun_java2d_windows_GDIRenderer - * Method: doFillRect -- * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V -+ * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V - */ - JNIEXPORT void JNICALL - Java_sun_java2d_windows_GDIRenderer_doFillRect -@@ -445,7 +445,7 @@ - /* - * Class: sun_java2d_windows_GDIRenderer - * Method: doFillRoundRect -- * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V -+ * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V - */ - JNIEXPORT void JNICALL - Java_sun_java2d_windows_GDIRenderer_doFillRoundRect -@@ -488,7 +488,7 @@ - /* - * Class: sun_java2d_windows_GDIRenderer - * Method: doFillOval -- * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V -+ * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V - */ - JNIEXPORT void JNICALL - Java_sun_java2d_windows_GDIRenderer_doFillOval -@@ -555,7 +555,7 @@ - /* - * Class: sun_java2d_windows_GDIRenderer - * Method: doFillArc -- * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V -+ * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V - */ - JNIEXPORT void JNICALL - Java_sun_java2d_windows_GDIRenderer_doFillArc -@@ -615,7 +615,7 @@ - /* - * Class: sun_java2d_windows_GDIRenderer - * Method: doFillPoly -- * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;III[I[II)V -+ * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;III[I[II)V - */ - JNIEXPORT void JNICALL - Java_sun_java2d_windows_GDIRenderer_doFillPoly -@@ -680,7 +680,7 @@ - /* - * Class: sun_java2d_windows_GDIRenderer - * Method: doShape -- * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region; -+ * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region; - * Ljava/awt/Composite;IIILjava/awt/geom/Path2D.Float;Z)V - */ - JNIEXPORT void JNICALL -@@ -863,7 +863,7 @@ - /* - * Class: sun_java2d_windows_GDIRenderer - * Method: devCopyArea -- * Signature: (Lsun/awt/windows/SurfaceData;IIIIII)V -+ * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;IIIIII)V - */ - JNIEXPORT void JNICALL - Java_sun_java2d_windows_GDIRenderer_devCopyArea -diff -uNr -x '.hg*' jdk7u2/jdk/test/java/io/Serializable/expectedStackTrace/ExpectedStackTrace.java jdk7u3/jdk/test/java/io/Serializable/expectedStackTrace/ExpectedStackTrace.java ---- jdk/test/java/io/Serializable/expectedStackTrace/ExpectedStackTrace.java 2012-04-17 17:39:36.000000000 -0400 -+++ jdk/test/java/io/Serializable/expectedStackTrace/ExpectedStackTrace.java 2012-04-17 17:49:13.000000000 -0400 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -22,7 +22,7 @@ - */ - - /* @test -- * @bug 6317435 -+ * @bug 6317435 7110700 - * @summary Verify that stack trace contains a proper cause of - * InvalidClassException (methods: checkSerialize, - * checkDeserialize or checkDefaultSerialize) -@@ -59,7 +59,7 @@ - private static final String SER_METHOD_NAME = "checkSerializable"; - - public static final void main(String[] args) throws Exception { -- System.err.println("\nRegression test for CR6317435"); -+ System.err.println("\nRegression test for CRs 6317435, 7110700"); - checkSerializable(getObject()); - } - -@@ -99,9 +99,12 @@ - } - } - if (found) { -+ if (ex.getCause() != null) { -+ throw new Error("\nTest for CR 7110700 FAILED"); -+ } - System.err.println("\nTEST PASSED"); - } else { -- throw new Error(); -+ throw new Error("\nTest for CR 6317435 FAILED"); - } - } - } -diff -uNr -x '.hg*' jdk7u2/jdk/test/java/util/zip/ZipFile/VmCrash.java jdk7u3/jdk/test/java/util/zip/ZipFile/VmCrash.java ---- jdk/test/java/util/zip/ZipFile/VmCrash.java 1969-12-31 19:00:00.000000000 -0500 -+++ jdk/test/java/util/zip/ZipFile/VmCrash.java 2012-04-17 17:49:21.000000000 -0400 -@@ -0,0 +1,47 @@ -+/* -+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+/* @test -+ @bug 7118283 -+ @summary Test if a corrupted zip file crashes VM -+ */ -+ -+import java.util.zip.*; -+import java.io.*; -+import java.util.*; -+ -+public class VmCrash { -+ public static void main(String[] argv) throws Exception { -+ try { -+ ZipFile zf = new ZipFile(new File(System.getProperty("test.src","."), -+ "vmcrash.zip")); -+ for (Enumeration e = zf.entries(); e.hasMoreElements();) { -+ System.out.println(e.nextElement()); -+ } -+ throw new RuntimeException("Corrupted zip read without exception"); -+ } catch (ZipException ex) { -+ System.out.println("expected ZipException:"); -+ //ex.printStackTrace(); -+ } -+ } -+} -Files jdk7u2/jdk/test/java/util/zip/ZipFile/vmcrash.zip and jdk7u3/jdk/test/java/util/zip/ZipFile/vmcrash.zip differ -diff -uNr -x '.hg*' jdk7u2/jdk/test/javax/sound/sampled/DataLine/DataLine_ArrayIndexOutOfBounds.java jdk7u3/jdk/test/javax/sound/sampled/DataLine/DataLine_ArrayIndexOutOfBounds.java ---- jdk/test/javax/sound/sampled/DataLine/DataLine_ArrayIndexOutOfBounds.java 1969-12-31 19:00:00.000000000 -0500 -+++ jdk/test/javax/sound/sampled/DataLine/DataLine_ArrayIndexOutOfBounds.java 2012-04-17 17:49:23.000000000 -0400 -@@ -0,0 +1,226 @@ -+/** -+ * @test -+ * @bug 7088367 -+ * @summary SourceDataLine.write and TargetDataLine.read don't throw ArrayIndexOutOfBoundsException -+ * @author Alex Menkov -+ */ -+ -+import javax.sound.sampled.AudioSystem; -+import javax.sound.sampled.DataLine; -+import javax.sound.sampled.Line; -+import javax.sound.sampled.LineUnavailableException; -+import javax.sound.sampled.Mixer; -+import javax.sound.sampled.SourceDataLine; -+import javax.sound.sampled.TargetDataLine; -+ -+public class DataLine_ArrayIndexOutOfBounds { -+ -+ static int total = 0; -+ static int failed = 0; -+ -+ // shared buffer for all tests -+ static final byte[] buffer = new byte[5000000]; -+ -+ // the class describes different test scenarios (buffer properties) -+ static abstract class Scenario { -+ abstract int getBufferOffset(DataLine line); -+ abstract int getBufferLength(DataLine line); -+ } -+ -+ // scenarios to tests -+ static Scenario[] scenarios = new Scenario[]{ -+ new Scenario() { -+ public String toString() { -+ return "offset is near Integer.MAX_VALUE"; -+ } -+ public int getBufferOffset(DataLine line) { -+ return Integer.MAX_VALUE - 4096; -+ } -+ public int getBufferLength(DataLine line) { -+ return 65536; -+ } -+ }, -+ new Scenario() { -+ public String toString() { -+ return "offset is less than buffer.length, length is large"; -+ } -+ int getBufferOffset(DataLine line) { -+ return buffer.length / 10; -+ } -+ int getBufferLength(DataLine line) { -+ return Integer.MAX_VALUE - getBufferOffset(line) + 4096; -+ } -+ } -+ }; -+ -+ public static void main(String[] args) throws Exception { -+ Mixer.Info[] infos = AudioSystem.getMixerInfo(); -+ log("" + infos.length + " mixers detected"); -+ for (int i=0; i<infos.length; i++) { -+ Mixer mixer = AudioSystem.getMixer(infos[i]); -+ log("Mixer " + (i+1) + ": " + infos[i]); -+ try { -+ mixer.open(); -+ for (Scenario scenario: scenarios) { -+ testSDL(mixer, scenario); -+ testTDL(mixer, scenario); -+ } -+ mixer.close(); -+ } catch (LineUnavailableException ex) { -+ log("LineUnavailableException: " + ex); -+ } -+ } -+ if (failed == 0) { -+ log("PASSED (" + total + " tests)"); -+ } else { -+ log("FAILED (" + failed + " of " + total + " tests)"); -+ throw new Exception("Test FAILED"); -+ } -+ } -+ -+ final static int STOPPER_DELAY = 5000; // 1 sec -+ -+ static class AsyncLineStopper implements Runnable { -+ private final DataLine line; -+ private final long delayMS; // delay before stop the line -+ private final Thread thread; -+ private final Object readyEvent = new Object(); -+ private final Object startEvent = new Object(); -+ -+ public AsyncLineStopper(DataLine line, long delayMS) { -+ this.line = line; -+ this.delayMS = delayMS; -+ thread = new Thread(this); -+ thread.setDaemon(true); -+ // starts the thread and waits until it becomes ready -+ synchronized (readyEvent) { -+ thread.start(); -+ try { -+ readyEvent.wait(); -+ } catch (InterruptedException ex) { } -+ } -+ } -+ -+ // makes the delay and then stops the line -+ public void schedule() { -+ synchronized(startEvent) { -+ startEvent.notifyAll(); -+ } -+ } -+ -+ // force stop/close the line -+ public void force() { -+ thread.interrupt(); -+ try { -+ thread.join(); -+ } catch (InterruptedException ex) { -+ log("join exception: " + ex); -+ } -+ } -+ -+ // Runnable implementation -+ public void run() { -+ try { -+ synchronized(readyEvent) { -+ readyEvent.notifyAll(); -+ } -+ synchronized(startEvent) { -+ startEvent.wait(); -+ } -+ // delay -+ Thread.sleep(delayMS); -+ } catch (InterruptedException ex) { -+ log(" AsyncLineStopper has been interrupted: " + ex); -+ } -+ // and flush -+ log(" stop..."); -+ line.stop(); -+ log(" close..."); -+ line.close(); -+ } -+ } -+ -+ static void testSDL(Mixer mixer, Scenario scenario) { -+ log(" Testing SDL (scenario: " + scenario + ")..."); -+ Line.Info linfo = new Line.Info(SourceDataLine.class); -+ SourceDataLine line = null; -+ try { -+ line = (SourceDataLine)mixer.getLine(linfo); -+ log(" got line: " + line); -+ log(" open..."); -+ line.open(); -+ } catch (IllegalArgumentException ex) { -+ log(" unsupported (IllegalArgumentException)"); -+ return; -+ } catch (LineUnavailableException ex) { -+ log(" unavailable: " + ex); -+ return; -+ } -+ -+ total++; -+ -+ log(" start..."); -+ line.start(); -+ -+ AsyncLineStopper lineStopper = new AsyncLineStopper(line, STOPPER_DELAY); -+ int offset = scenario.getBufferOffset(line); -+ int len = scenario.getBufferLength(line); -+ // ensure len represents integral number of frames -+ len -= len % line.getFormat().getFrameSize(); -+ -+ log(" write..."); -+ lineStopper.schedule(); -+ try { -+ line.write(buffer, offset, len); -+ log(" ERROR: didn't get ArrayIndexOutOfBoundsException"); -+ failed++; -+ } catch (ArrayIndexOutOfBoundsException ex) { -+ log(" OK: got ArrayIndexOutOfBoundsException: " + ex); -+ } -+ lineStopper.force(); -+ } -+ -+ static void testTDL(Mixer mixer, Scenario scenario) { -+ log(" Testing TDL (scenario: " + scenario + ")..."); -+ Line.Info linfo = new Line.Info(TargetDataLine.class); -+ TargetDataLine line = null; -+ try { -+ line = (TargetDataLine)mixer.getLine(linfo); -+ log(" got line: " + line); -+ log(" open..."); -+ line.open(); -+ } catch (IllegalArgumentException ex) { -+ log(" unsupported (IllegalArgumentException)"); -+ return; -+ } catch (LineUnavailableException ex) { -+ log(" unavailable: " + ex); -+ return; -+ } -+ -+ total++; -+ -+ log(" start..."); -+ line.start(); -+ -+ AsyncLineStopper lineStopper = new AsyncLineStopper(line, STOPPER_DELAY); -+ int offset = scenario.getBufferOffset(line); -+ int len = scenario.getBufferLength(line); -+ // ensure len represents integral number of frames -+ len -= len % line.getFormat().getFrameSize(); -+ -+ log(" read..."); -+ try { -+ line.read(buffer, offset, len); -+ log(" ERROR: didn't get ArrayIndexOutOfBoundsException"); -+ failed++; -+ } catch (ArrayIndexOutOfBoundsException ex) { -+ log(" OK: got ArrayIndexOutOfBoundsException: " + ex); -+ } -+ lineStopper.force(); -+ } -+ -+ static void log(String s) { -+ System.out.println(s); -+ System.out.flush(); -+ } -+} -diff -uNr -x '.hg*' jdk7u2/jdk/test/sun/security/provider/certpath/X509CertPath/ForwardBuildCompromised.java jdk7u3/jdk/test/sun/security/provider/certpath/X509CertPath/ForwardBuildCompromised.java ---- jdk/test/sun/security/provider/certpath/X509CertPath/ForwardBuildCompromised.java 1969-12-31 19:00:00.000000000 -0500 -+++ jdk/test/sun/security/provider/certpath/X509CertPath/ForwardBuildCompromised.java 2012-04-17 17:49:27.000000000 -0400 -@@ -0,0 +1,312 @@ -+/* -+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+/* -+ * @test -+ * @bug 7123519 -+ * @summary Problem with java/classes_security -+ */ -+ -+import java.net.*; -+import java.util.*; -+import java.io.*; -+import javax.net.ssl.*; -+import java.security.KeyStore; -+import java.security.cert.*; -+import java.security.spec.*; -+import java.security.interfaces.*; -+ -+public class ForwardBuildCompromised { -+ // DigiNotar Root CA, untrusted root certificate -+ static String trustedCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" + -+ "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" + -+ "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" + -+ "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" + -+ "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\n" + -+ "MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\n" + -+ "ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\n" + -+ "b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\n" + -+ "bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\n" + -+ "U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\n" + -+ "A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\n" + -+ "I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\n" + -+ "wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\n" + -+ "AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\n" + -+ "oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\n" + -+ "BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\n" + -+ "dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\n" + -+ "MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\n" + -+ "b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\n" + -+ "dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\n" + -+ "MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\n" + -+ "E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\n" + -+ "MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\n" + -+ "hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\n" + -+ "95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\n" + -+ "2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\n" + -+ "-----END CERTIFICATE-----"; -+ -+ // DigiNotar Root CA, untrusted cross-certificate -+ static String untrustedCrossCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" + -+ "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" + -+ "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" + -+ "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" + -+ "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" + -+ "MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" + -+ "EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" + -+ "hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" + -+ "ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" + -+ "OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" + -+ "hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" + -+ "gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" + -+ "IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" + -+ "BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" + -+ "Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" + -+ "5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" + -+ "DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" + -+ "9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" + -+ "7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" + -+ "ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" + -+ "BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" + -+ "BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" + -+ "VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" + -+ "bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" + -+ "A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" + -+ "BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" + -+ "xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" + -+ "ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" + -+ "ZFdYf+hthc3m6IcJ\n" + -+ "-----END CERTIFICATE-----"; -+ -+ // DigiNotar Root CA, compromised certificate -+ static String compromisedCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf\n" + -+ "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" + -+ "Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" + -+ "HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES\n" + -+ "MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg\n" + -+ "MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB\n" + -+ "AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B\n" + -+ "8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY\n" + -+ "tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl\n" + -+ "HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj\n" + -+ "zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU\n" + -+ "JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM\n" + -+ "ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv\n" + -+ "a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p\n" + -+ "K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi\n" + -+ "puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT\n" + -+ "yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO\n" + -+ "owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV\n" + -+ "HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC\n" + -+ "jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy\n" + -+ "fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo\n" + -+ "Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo\n" + -+ "M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM\n" + -+ "Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed\n" + -+ "2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH\n" + -+ "/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl\n" + -+ "nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE\n" + -+ "O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU\n" + -+ "9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9\n" + -+ "j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr\n" + -+ "-----END CERTIFICATE-----"; -+ -+ // DigiNotar Public CA 2025, intermediate certificate -+ static String intermediateCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIGAzCCA+ugAwIBAgIQHn16Uz1FMEGWQA9xSB9FBDANBgkqhkiG9w0BAQUFADBf\n" + -+ "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" + -+ "Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" + -+ "HhcNMDYwMjA2MTYwNzAyWhcNMjUwMzI4MTYwNzAyWjBmMQswCQYDVQQGEwJOTDES\n" + -+ "MBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdpTm90YXIgUHVibGljIENB\n" + -+ "IDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5vdGFyLm5sMIIBIjANBgkq\n" + -+ "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/2eu/I5fMG8lbvPph3e8zfJpZQtg/72\n" + -+ "Yx29+ivtKehiF6A3n785XyoY6IT3vlCrhy1CbMOY3M0x1n4YQlv17B0XZ/DqHyBA\n" + -+ "SQvnDNbkM9j4NoSy/sRtGsP6PetIFFjrhE9whZuvuSUC1PY4PruEEJp8zOCx4+wU\n" + -+ "Zt9xvjy4Xra+bSia5rwccQ/R5FYTGKrYCthOy9C9ud5Fhd++rlVhgdA/78w+Cs2s\n" + -+ "xS4i0MAxG75P3/e/bATJKepbydHdDjkyz9o3RW/wdPUXhzEw4EwUjYg6XJrDzMad\n" + -+ "6aL9M/eaxDjgz6o48EaWRDrGptaE2uJRuErVz7oOO0p/wYKq/BU+/wIDAQABo4IB\n" + -+ "sjCCAa4wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vdmFsaWRh\n" + -+ "dGlvbi5kaWdpbm90YXIubmwwHwYDVR0jBBgwFoAUiGi/4I41xDs4a2L3KDuEgcgM\n" + -+ "100wEgYDVR0TAQH/BAgwBgEB/wIBADCBxgYDVR0gBIG+MIG7MIG4Bg5ghBABh2kB\n" + -+ "AQEBBQIGBDCBpTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpbm90YXIubmwv\n" + -+ "Y3BzMHoGCCsGAQUFBwICMG4abENvbmRpdGlvbnMsIGFzIG1lbnRpb25lZCBvbiBv\n" + -+ "dXIgd2Vic2l0ZSAod3d3LmRpZ2lub3Rhci5ubCksIGFyZSBhcHBsaWNhYmxlIHRv\n" + -+ "IGFsbCBvdXIgcHJvZHVjdHMgYW5kIHNlcnZpY2VzLjBDBgNVHR8EPDA6MDigNqA0\n" + -+ "hjJodHRwOi8vc2VydmljZS5kaWdpbm90YXIubmwvY3JsL3Jvb3QvbGF0ZXN0Q1JM\n" + -+ "LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFN8zwK+S/jf8ttgWFtDZsZHV\n" + -+ "+m6lMA0GCSqGSIb3DQEBBQUAA4ICAQCfV1rmBd9QStEyQ40lT0tqby0/3ez0STuJ\n" + -+ "ESBQLQD56XYdb4VFSuqA6xTtiuSVHLoiv2xyISN9FvX3A5VtifkJ00JEaLQJiSsE\n" + -+ "wGDkYGl1DT7SsqtAVKdMAuCM+e0j0/RV3hZ6kcrM7/wFccHwM+/TiurR9lgZDzB4\n" + -+ "a7++A4XrYyKx9vc9ZwBEnD1nrAe7++gg9cuZgP7e+QL0FBHMjpw+gnCDjr2dzBZC\n" + -+ "4r+b8SOqlbPRPexBuNghlc7PfcPIyFis2LJXDRMWiAd3TcfdALwRsuKMR/T+cwyr\n" + -+ "asy69OEGHplLT57otQ524BDctDXNzlH9bHEh52QzqkWvIDqs42910IUy1nYNPIUG\n" + -+ "yYJV/T7H8Jb6vfMZWe47iUFvtNZCi8+b542gRUwdi+ca+hGviBC9Qr4Wv1pl7CBQ\n" + -+ "Hy1axTkHiQawUo/hgmoetCpftugl9yJTfvsBorUV1ZMxn9B1JLSGtWnbUsFRla7G\n" + -+ "fNa0IsUkzmmha8XCzvNu0d1PDGtcQyUqmDOE1Hx4cIBeuF8ipuIXkrVCr9zAZ4ZC\n" + -+ "hgz6aA1gDTW8whSRJqYEYEQ0pcMEFLyXE+Nz3O8NinO2AuxqKhjMk13203xA7lPY\n" + -+ "MnBQ0v7S3qqbp/pvPMiUhOz/VaYted6QmOY5EATBnFiLCuw87JXoAyp382eJ3WX1\n" + -+ "hOiR4IX9Tg==\n" + -+ "-----END CERTIFICATE-----"; -+ -+ // The fraudulent certificate issued by above compromised CA -+ static String targetCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm\n" + -+ "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp\n" + -+ "Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v\n" + -+ "dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE\n" + -+ "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp\n" + -+ "ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j\n" + -+ "b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS\n" + -+ "CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q\n" + -+ "7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD\n" + -+ "ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x\n" + -+ "OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8\n" + -+ "vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2\n" + -+ "EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0\n" + -+ "dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43\n" + -+ "/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH\n" + -+ "aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u\n" + -+ "bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u\n" + -+ "IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg\n" + -+ "dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8\n" + -+ "oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s\n" + -+ "YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn\n" + -+ "b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG\n" + -+ "9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH\n" + -+ "UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB\n" + -+ "pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM\n" + -+ "FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum\n" + -+ "U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK\n" + -+ "baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==\n" + -+ "-----END CERTIFICATE-----"; -+ -+ public static void main(String args[]) throws Exception { -+ -+ Exception reservedException = null; -+ try { -+ build(); -+ } catch (CertPathBuilderException cpbe) { -+ reservedException = cpbe; -+ } -+ -+ if (reservedException == null) { -+ throw new Exception("Unable to block fraudulent certificate"); -+ } -+ -+ System.out.println( -+ "The expected untrusted cert exception: " + reservedException); -+ } -+ -+ private static X509CertSelector generateSelector() throws Exception { -+ -+ // generate certificate from cert strings -+ CertificateFactory cf = CertificateFactory.getInstance("X.509"); -+ -+ X509Certificate target = null; -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(targetCertStr.getBytes())) { -+ target = (X509Certificate)cf.generateCertificate(is); -+ } -+ -+ X509CertSelector selector = new X509CertSelector(); -+ selector.setCertificate(target); -+ -+ return selector; -+ } -+ -+ -+ private static CertStore generateCertificateStore() throws Exception { -+ -+ // generate certificate from cert strings -+ CertificateFactory cf = CertificateFactory.getInstance("X.509"); -+ -+ // generate certification path -+ Set<Certificate> entries = new HashSet(); -+ -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(targetCertStr.getBytes())) { -+ entries.add(cf.generateCertificate(is)); -+ } -+ -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(intermediateCertStr.getBytes())) { -+ entries.add(cf.generateCertificate(is)); -+ } -+ -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(compromisedCertStr.getBytes())) { -+ entries.add(cf.generateCertificate(is)); -+ } -+ -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(untrustedCrossCertStr.getBytes())) { -+ entries.add(cf.generateCertificate(is)); -+ } -+ -+ return CertStore.getInstance("Collection", -+ new CollectionCertStoreParameters(entries)); -+ } -+ -+ private static Set<TrustAnchor> generateTrustAnchors() -+ throws CertificateException, IOException { -+ // generate certificate from cert string -+ CertificateFactory cf = CertificateFactory.getInstance("X.509"); -+ -+ Certificate trustedCert = null; -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(trustedCertStr.getBytes())) { -+ trustedCert = cf.generateCertificate(is); -+ } -+ -+ // generate a trust anchor -+ TrustAnchor anchor = -+ new TrustAnchor((X509Certificate)trustedCert, null); -+ -+ return Collections.singleton(anchor); -+ } -+ -+ private static void build() throws Exception { -+ X509CertSelector selector = generateSelector(); -+ Set<TrustAnchor> anchors = generateTrustAnchors(); -+ CertStore certs = generateCertificateStore(); -+ -+ PKIXBuilderParameters params = -+ new PKIXBuilderParameters(anchors, selector); -+ params.addCertStore(certs); -+ params.setRevocationEnabled(false); -+ params.setDate(new Date(111, 11, 25)); // 2011-12-25 -+ -+ CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); -+ PKIXCertPathBuilderResult result = -+ (PKIXCertPathBuilderResult)builder.build(params); -+ } -+} -+ -diff -uNr -x '.hg*' jdk7u2/jdk/test/sun/security/provider/certpath/X509CertPath/ReverseBuildCompromised.java jdk7u3/jdk/test/sun/security/provider/certpath/X509CertPath/ReverseBuildCompromised.java ---- jdk/test/sun/security/provider/certpath/X509CertPath/ReverseBuildCompromised.java 1969-12-31 19:00:00.000000000 -0500 -+++ jdk/test/sun/security/provider/certpath/X509CertPath/ReverseBuildCompromised.java 2012-04-17 17:49:27.000000000 -0400 -@@ -0,0 +1,315 @@ -+/* -+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+/* -+ * @test -+ * @bug 7123519 -+ * @summary Problem with java/classes_security -+ */ -+ -+import java.net.*; -+import java.util.*; -+import java.io.*; -+import javax.net.ssl.*; -+import java.security.KeyStore; -+import java.security.cert.*; -+import java.security.spec.*; -+import java.security.interfaces.*; -+import sun.security.provider.certpath.SunCertPathBuilderParameters; -+ -+public class ReverseBuildCompromised { -+ // DigiNotar Root CA, untrusted root certificate -+ static String trustedCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" + -+ "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" + -+ "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" + -+ "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" + -+ "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\n" + -+ "MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\n" + -+ "ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\n" + -+ "b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\n" + -+ "bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\n" + -+ "U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\n" + -+ "A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\n" + -+ "I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\n" + -+ "wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\n" + -+ "AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\n" + -+ "oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\n" + -+ "BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\n" + -+ "dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\n" + -+ "MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\n" + -+ "b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\n" + -+ "dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\n" + -+ "MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\n" + -+ "E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\n" + -+ "MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\n" + -+ "hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\n" + -+ "95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\n" + -+ "2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\n" + -+ "-----END CERTIFICATE-----"; -+ -+ // DigiNotar Root CA, untrusted cross-certificate -+ static String untrustedCrossCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" + -+ "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" + -+ "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" + -+ "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" + -+ "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" + -+ "MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" + -+ "EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" + -+ "hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" + -+ "ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" + -+ "OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" + -+ "hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" + -+ "gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" + -+ "IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" + -+ "BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" + -+ "Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" + -+ "5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" + -+ "DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" + -+ "9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" + -+ "7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" + -+ "ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" + -+ "BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" + -+ "BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" + -+ "VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" + -+ "bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" + -+ "A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" + -+ "BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" + -+ "xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" + -+ "ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" + -+ "ZFdYf+hthc3m6IcJ\n" + -+ "-----END CERTIFICATE-----"; -+ -+ // DigiNotar Root CA, compromised certificate -+ static String compromisedCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf\n" + -+ "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" + -+ "Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" + -+ "HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES\n" + -+ "MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg\n" + -+ "MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB\n" + -+ "AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B\n" + -+ "8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY\n" + -+ "tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl\n" + -+ "HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj\n" + -+ "zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU\n" + -+ "JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM\n" + -+ "ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv\n" + -+ "a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p\n" + -+ "K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi\n" + -+ "puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT\n" + -+ "yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO\n" + -+ "owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV\n" + -+ "HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC\n" + -+ "jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy\n" + -+ "fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo\n" + -+ "Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo\n" + -+ "M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM\n" + -+ "Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed\n" + -+ "2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH\n" + -+ "/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl\n" + -+ "nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE\n" + -+ "O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU\n" + -+ "9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9\n" + -+ "j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr\n" + -+ "-----END CERTIFICATE-----"; -+ -+ // DigiNotar Public CA 2025, intermediate certificate -+ static String intermediateCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIGAzCCA+ugAwIBAgIQHn16Uz1FMEGWQA9xSB9FBDANBgkqhkiG9w0BAQUFADBf\n" + -+ "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" + -+ "Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" + -+ "HhcNMDYwMjA2MTYwNzAyWhcNMjUwMzI4MTYwNzAyWjBmMQswCQYDVQQGEwJOTDES\n" + -+ "MBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdpTm90YXIgUHVibGljIENB\n" + -+ "IDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5vdGFyLm5sMIIBIjANBgkq\n" + -+ "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/2eu/I5fMG8lbvPph3e8zfJpZQtg/72\n" + -+ "Yx29+ivtKehiF6A3n785XyoY6IT3vlCrhy1CbMOY3M0x1n4YQlv17B0XZ/DqHyBA\n" + -+ "SQvnDNbkM9j4NoSy/sRtGsP6PetIFFjrhE9whZuvuSUC1PY4PruEEJp8zOCx4+wU\n" + -+ "Zt9xvjy4Xra+bSia5rwccQ/R5FYTGKrYCthOy9C9ud5Fhd++rlVhgdA/78w+Cs2s\n" + -+ "xS4i0MAxG75P3/e/bATJKepbydHdDjkyz9o3RW/wdPUXhzEw4EwUjYg6XJrDzMad\n" + -+ "6aL9M/eaxDjgz6o48EaWRDrGptaE2uJRuErVz7oOO0p/wYKq/BU+/wIDAQABo4IB\n" + -+ "sjCCAa4wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vdmFsaWRh\n" + -+ "dGlvbi5kaWdpbm90YXIubmwwHwYDVR0jBBgwFoAUiGi/4I41xDs4a2L3KDuEgcgM\n" + -+ "100wEgYDVR0TAQH/BAgwBgEB/wIBADCBxgYDVR0gBIG+MIG7MIG4Bg5ghBABh2kB\n" + -+ "AQEBBQIGBDCBpTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpbm90YXIubmwv\n" + -+ "Y3BzMHoGCCsGAQUFBwICMG4abENvbmRpdGlvbnMsIGFzIG1lbnRpb25lZCBvbiBv\n" + -+ "dXIgd2Vic2l0ZSAod3d3LmRpZ2lub3Rhci5ubCksIGFyZSBhcHBsaWNhYmxlIHRv\n" + -+ "IGFsbCBvdXIgcHJvZHVjdHMgYW5kIHNlcnZpY2VzLjBDBgNVHR8EPDA6MDigNqA0\n" + -+ "hjJodHRwOi8vc2VydmljZS5kaWdpbm90YXIubmwvY3JsL3Jvb3QvbGF0ZXN0Q1JM\n" + -+ "LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFN8zwK+S/jf8ttgWFtDZsZHV\n" + -+ "+m6lMA0GCSqGSIb3DQEBBQUAA4ICAQCfV1rmBd9QStEyQ40lT0tqby0/3ez0STuJ\n" + -+ "ESBQLQD56XYdb4VFSuqA6xTtiuSVHLoiv2xyISN9FvX3A5VtifkJ00JEaLQJiSsE\n" + -+ "wGDkYGl1DT7SsqtAVKdMAuCM+e0j0/RV3hZ6kcrM7/wFccHwM+/TiurR9lgZDzB4\n" + -+ "a7++A4XrYyKx9vc9ZwBEnD1nrAe7++gg9cuZgP7e+QL0FBHMjpw+gnCDjr2dzBZC\n" + -+ "4r+b8SOqlbPRPexBuNghlc7PfcPIyFis2LJXDRMWiAd3TcfdALwRsuKMR/T+cwyr\n" + -+ "asy69OEGHplLT57otQ524BDctDXNzlH9bHEh52QzqkWvIDqs42910IUy1nYNPIUG\n" + -+ "yYJV/T7H8Jb6vfMZWe47iUFvtNZCi8+b542gRUwdi+ca+hGviBC9Qr4Wv1pl7CBQ\n" + -+ "Hy1axTkHiQawUo/hgmoetCpftugl9yJTfvsBorUV1ZMxn9B1JLSGtWnbUsFRla7G\n" + -+ "fNa0IsUkzmmha8XCzvNu0d1PDGtcQyUqmDOE1Hx4cIBeuF8ipuIXkrVCr9zAZ4ZC\n" + -+ "hgz6aA1gDTW8whSRJqYEYEQ0pcMEFLyXE+Nz3O8NinO2AuxqKhjMk13203xA7lPY\n" + -+ "MnBQ0v7S3qqbp/pvPMiUhOz/VaYted6QmOY5EATBnFiLCuw87JXoAyp382eJ3WX1\n" + -+ "hOiR4IX9Tg==\n" + -+ "-----END CERTIFICATE-----"; -+ -+ // The fraudulent certificate issued by above compromised CA -+ static String targetCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm\n" + -+ "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp\n" + -+ "Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v\n" + -+ "dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE\n" + -+ "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp\n" + -+ "ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j\n" + -+ "b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS\n" + -+ "CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q\n" + -+ "7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD\n" + -+ "ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x\n" + -+ "OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8\n" + -+ "vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2\n" + -+ "EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0\n" + -+ "dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43\n" + -+ "/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH\n" + -+ "aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u\n" + -+ "bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u\n" + -+ "IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg\n" + -+ "dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8\n" + -+ "oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s\n" + -+ "YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn\n" + -+ "b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG\n" + -+ "9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH\n" + -+ "UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB\n" + -+ "pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM\n" + -+ "FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum\n" + -+ "U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK\n" + -+ "baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==\n" + -+ "-----END CERTIFICATE-----"; -+ -+ public static void main(String args[]) throws Exception { -+ -+ Exception reservedException = null; -+ try { -+ build(); -+ } catch (CertPathBuilderException cpbe) { -+ reservedException = cpbe; -+ } -+ -+ if (reservedException == null) { -+ throw new Exception("Unable to block fraudulent certificate"); -+ } -+ -+ System.out.println( -+ "The expected untrusted cert exception: " + reservedException); -+ } -+ -+ private static X509CertSelector generateSelector() throws Exception { -+ -+ // generate certificate from cert strings -+ CertificateFactory cf = CertificateFactory.getInstance("X.509"); -+ -+ X509Certificate target = null; -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(targetCertStr.getBytes())) { -+ target = (X509Certificate)cf.generateCertificate(is); -+ } -+ -+ X509CertSelector selector = new X509CertSelector(); -+ selector.setCertificate(target); -+ selector.setSubject(target.getSubjectX500Principal()); -+ -+ return selector; -+ } -+ -+ -+ private static CertStore generateCertificateStore() throws Exception { -+ -+ // generate certificate from cert strings -+ CertificateFactory cf = CertificateFactory.getInstance("X.509"); -+ -+ // generate certification path -+ Set<Certificate> entries = new HashSet(); -+ -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(targetCertStr.getBytes())) { -+ entries.add(cf.generateCertificate(is)); -+ } -+ -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(intermediateCertStr.getBytes())) { -+ entries.add(cf.generateCertificate(is)); -+ } -+ -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(compromisedCertStr.getBytes())) { -+ entries.add(cf.generateCertificate(is)); -+ } -+ -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(untrustedCrossCertStr.getBytes())) { -+ entries.add(cf.generateCertificate(is)); -+ } -+ -+ return CertStore.getInstance("Collection", -+ new CollectionCertStoreParameters(entries)); -+ } -+ -+ private static Set<TrustAnchor> generateTrustAnchors() -+ throws CertificateException, IOException { -+ // generate certificate from cert string -+ CertificateFactory cf = CertificateFactory.getInstance("X.509"); -+ -+ Certificate trustedCert = null; -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(trustedCertStr.getBytes())) { -+ trustedCert = cf.generateCertificate(is); -+ } -+ -+ // generate a trust anchor -+ TrustAnchor anchor = -+ new TrustAnchor((X509Certificate)trustedCert, null); -+ -+ return Collections.singleton(anchor); -+ } -+ -+ private static void build() throws Exception { -+ X509CertSelector selector = generateSelector(); -+ Set<TrustAnchor> anchors = generateTrustAnchors(); -+ CertStore certs = generateCertificateStore(); -+ -+ SunCertPathBuilderParameters params = -+ new SunCertPathBuilderParameters(anchors, selector); -+ params.setBuildForward(false); -+ params.addCertStore(certs); -+ params.setRevocationEnabled(false); -+ params.setDate(new Date(111, 11, 25)); // 2011-12-25 -+ -+ CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); -+ PKIXCertPathBuilderResult result = -+ (PKIXCertPathBuilderResult)builder.build(params); -+ } -+} -+ -diff -uNr -x '.hg*' jdk7u2/jdk/test/sun/security/provider/certpath/X509CertPath/ValidateCompromised.java jdk7u3/jdk/test/sun/security/provider/certpath/X509CertPath/ValidateCompromised.java ---- jdk/test/sun/security/provider/certpath/X509CertPath/ValidateCompromised.java 1969-12-31 19:00:00.000000000 -0500 -+++ jdk/test/sun/security/provider/certpath/X509CertPath/ValidateCompromised.java 2012-04-17 17:49:27.000000000 -0400 -@@ -0,0 +1,297 @@ -+/* -+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+/* -+ * @test -+ * @bug 7123519 -+ * @summary Problem with java/classes_security -+ */ -+ -+import java.net.*; -+import java.util.*; -+import java.io.*; -+import javax.net.ssl.*; -+import java.security.KeyStore; -+import java.security.cert.*; -+import java.security.spec.*; -+import java.security.interfaces.*; -+ -+public class ValidateCompromised { -+ // DigiNotar Root CA, untrusted root certificate -+ static String trustedCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" + -+ "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" + -+ "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" + -+ "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" + -+ "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\n" + -+ "MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\n" + -+ "ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\n" + -+ "b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\n" + -+ "bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\n" + -+ "U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\n" + -+ "A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\n" + -+ "I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\n" + -+ "wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\n" + -+ "AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\n" + -+ "oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\n" + -+ "BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\n" + -+ "dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\n" + -+ "MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\n" + -+ "b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\n" + -+ "dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\n" + -+ "MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\n" + -+ "E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\n" + -+ "MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\n" + -+ "hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\n" + -+ "95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\n" + -+ "2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\n" + -+ "-----END CERTIFICATE-----"; -+ -+ // DigiNotar Root CA, untrusted cross-certificate -+ static String untrustedCrossCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" + -+ "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" + -+ "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" + -+ "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" + -+ "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" + -+ "MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" + -+ "EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" + -+ "hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" + -+ "ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" + -+ "OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" + -+ "hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" + -+ "gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" + -+ "IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" + -+ "BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" + -+ "Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" + -+ "5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" + -+ "DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" + -+ "9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" + -+ "7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" + -+ "ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" + -+ "BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" + -+ "BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" + -+ "VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" + -+ "bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" + -+ "A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" + -+ "BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" + -+ "xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" + -+ "ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" + -+ "ZFdYf+hthc3m6IcJ\n" + -+ "-----END CERTIFICATE-----"; -+ -+ // DigiNotar Root CA, compromised certificate -+ static String compromisedCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf\n" + -+ "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" + -+ "Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" + -+ "HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES\n" + -+ "MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg\n" + -+ "MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB\n" + -+ "AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B\n" + -+ "8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY\n" + -+ "tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl\n" + -+ "HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj\n" + -+ "zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU\n" + -+ "JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM\n" + -+ "ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv\n" + -+ "a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p\n" + -+ "K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi\n" + -+ "puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT\n" + -+ "yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO\n" + -+ "owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV\n" + -+ "HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC\n" + -+ "jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy\n" + -+ "fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo\n" + -+ "Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo\n" + -+ "M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM\n" + -+ "Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed\n" + -+ "2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH\n" + -+ "/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl\n" + -+ "nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE\n" + -+ "O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU\n" + -+ "9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9\n" + -+ "j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr\n" + -+ "-----END CERTIFICATE-----"; -+ -+ // DigiNotar Public CA 2025, intermediate certificate -+ static String intermediateCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIGAzCCA+ugAwIBAgIQHn16Uz1FMEGWQA9xSB9FBDANBgkqhkiG9w0BAQUFADBf\n" + -+ "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" + -+ "Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" + -+ "HhcNMDYwMjA2MTYwNzAyWhcNMjUwMzI4MTYwNzAyWjBmMQswCQYDVQQGEwJOTDES\n" + -+ "MBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdpTm90YXIgUHVibGljIENB\n" + -+ "IDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5vdGFyLm5sMIIBIjANBgkq\n" + -+ "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/2eu/I5fMG8lbvPph3e8zfJpZQtg/72\n" + -+ "Yx29+ivtKehiF6A3n785XyoY6IT3vlCrhy1CbMOY3M0x1n4YQlv17B0XZ/DqHyBA\n" + -+ "SQvnDNbkM9j4NoSy/sRtGsP6PetIFFjrhE9whZuvuSUC1PY4PruEEJp8zOCx4+wU\n" + -+ "Zt9xvjy4Xra+bSia5rwccQ/R5FYTGKrYCthOy9C9ud5Fhd++rlVhgdA/78w+Cs2s\n" + -+ "xS4i0MAxG75P3/e/bATJKepbydHdDjkyz9o3RW/wdPUXhzEw4EwUjYg6XJrDzMad\n" + -+ "6aL9M/eaxDjgz6o48EaWRDrGptaE2uJRuErVz7oOO0p/wYKq/BU+/wIDAQABo4IB\n" + -+ "sjCCAa4wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vdmFsaWRh\n" + -+ "dGlvbi5kaWdpbm90YXIubmwwHwYDVR0jBBgwFoAUiGi/4I41xDs4a2L3KDuEgcgM\n" + -+ "100wEgYDVR0TAQH/BAgwBgEB/wIBADCBxgYDVR0gBIG+MIG7MIG4Bg5ghBABh2kB\n" + -+ "AQEBBQIGBDCBpTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpbm90YXIubmwv\n" + -+ "Y3BzMHoGCCsGAQUFBwICMG4abENvbmRpdGlvbnMsIGFzIG1lbnRpb25lZCBvbiBv\n" + -+ "dXIgd2Vic2l0ZSAod3d3LmRpZ2lub3Rhci5ubCksIGFyZSBhcHBsaWNhYmxlIHRv\n" + -+ "IGFsbCBvdXIgcHJvZHVjdHMgYW5kIHNlcnZpY2VzLjBDBgNVHR8EPDA6MDigNqA0\n" + -+ "hjJodHRwOi8vc2VydmljZS5kaWdpbm90YXIubmwvY3JsL3Jvb3QvbGF0ZXN0Q1JM\n" + -+ "LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFN8zwK+S/jf8ttgWFtDZsZHV\n" + -+ "+m6lMA0GCSqGSIb3DQEBBQUAA4ICAQCfV1rmBd9QStEyQ40lT0tqby0/3ez0STuJ\n" + -+ "ESBQLQD56XYdb4VFSuqA6xTtiuSVHLoiv2xyISN9FvX3A5VtifkJ00JEaLQJiSsE\n" + -+ "wGDkYGl1DT7SsqtAVKdMAuCM+e0j0/RV3hZ6kcrM7/wFccHwM+/TiurR9lgZDzB4\n" + -+ "a7++A4XrYyKx9vc9ZwBEnD1nrAe7++gg9cuZgP7e+QL0FBHMjpw+gnCDjr2dzBZC\n" + -+ "4r+b8SOqlbPRPexBuNghlc7PfcPIyFis2LJXDRMWiAd3TcfdALwRsuKMR/T+cwyr\n" + -+ "asy69OEGHplLT57otQ524BDctDXNzlH9bHEh52QzqkWvIDqs42910IUy1nYNPIUG\n" + -+ "yYJV/T7H8Jb6vfMZWe47iUFvtNZCi8+b542gRUwdi+ca+hGviBC9Qr4Wv1pl7CBQ\n" + -+ "Hy1axTkHiQawUo/hgmoetCpftugl9yJTfvsBorUV1ZMxn9B1JLSGtWnbUsFRla7G\n" + -+ "fNa0IsUkzmmha8XCzvNu0d1PDGtcQyUqmDOE1Hx4cIBeuF8ipuIXkrVCr9zAZ4ZC\n" + -+ "hgz6aA1gDTW8whSRJqYEYEQ0pcMEFLyXE+Nz3O8NinO2AuxqKhjMk13203xA7lPY\n" + -+ "MnBQ0v7S3qqbp/pvPMiUhOz/VaYted6QmOY5EATBnFiLCuw87JXoAyp382eJ3WX1\n" + -+ "hOiR4IX9Tg==\n" + -+ "-----END CERTIFICATE-----"; -+ -+ // The fraudulent certificate issued by above compromised CA -+ static String targetCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm\n" + -+ "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp\n" + -+ "Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v\n" + -+ "dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE\n" + -+ "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp\n" + -+ "ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j\n" + -+ "b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS\n" + -+ "CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q\n" + -+ "7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD\n" + -+ "ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x\n" + -+ "OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8\n" + -+ "vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2\n" + -+ "EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0\n" + -+ "dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43\n" + -+ "/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH\n" + -+ "aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u\n" + -+ "bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u\n" + -+ "IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg\n" + -+ "dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8\n" + -+ "oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s\n" + -+ "YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn\n" + -+ "b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG\n" + -+ "9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH\n" + -+ "UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB\n" + -+ "pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM\n" + -+ "FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum\n" + -+ "U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK\n" + -+ "baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==\n" + -+ "-----END CERTIFICATE-----"; -+ -+ public static void main(String args[]) throws Exception { -+ -+ Exception reservedException = null; -+ try { -+ validate(); -+ } catch (CertPathValidatorException cpve) { -+ reservedException = cpve; -+ } -+ -+ if (reservedException == null) { -+ throw new Exception("Unable to block fraudulent certificate"); -+ } -+ -+ System.out.println( -+ "The expected untrusted cert exception: " + reservedException); -+ } -+ -+ private static CertPath generateCertificatePath() -+ throws CertificateException, IOException { -+ -+ // generate certificate from cert strings -+ CertificateFactory cf = CertificateFactory.getInstance("X.509"); -+ -+ // generate certification path -+ List<Certificate> list = new ArrayList(); -+ -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(targetCertStr.getBytes())) { -+ list.add(cf.generateCertificate(is)); -+ } -+ -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(intermediateCertStr.getBytes())) { -+ list.add(cf.generateCertificate(is)); -+ } -+ -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(compromisedCertStr.getBytes())) { -+ list.add(cf.generateCertificate(is)); -+ } -+ -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(untrustedCrossCertStr.getBytes())) { -+ list.add(cf.generateCertificate(is)); -+ } -+ -+ return cf.generateCertPath(list); -+ } -+ -+ private static Set<TrustAnchor> generateTrustAnchors() -+ throws CertificateException, IOException { -+ // generate certificate from cert string -+ CertificateFactory cf = CertificateFactory.getInstance("X.509"); -+ -+ Certificate trustedCert = null; -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(trustedCertStr.getBytes())) { -+ trustedCert = cf.generateCertificate(is); -+ } -+ -+ // generate a trust anchor -+ TrustAnchor anchor = -+ new TrustAnchor((X509Certificate)trustedCert, null); -+ -+ return Collections.singleton(anchor); -+ } -+ -+ private static void validate() -+ throws CertPathValidatorException, Exception { -+ -+ CertPath path = generateCertificatePath(); -+ Set<TrustAnchor> anchors = generateTrustAnchors(); -+ -+ PKIXParameters params = new PKIXParameters(anchors); -+ -+ // disable certificate revocation checking -+ params.setRevocationEnabled(false); -+ -+ // set the validation time -+ params.setDate(new Date(111, 11, 25)); // 2011-12-25 -+ -+ CertPathValidator validator = CertPathValidator.getInstance("PKIX"); -+ -+ validator.validate(path, params); -+ } -+} -+ -diff -uNr -x '.hg*' jdk7u2/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/ComodoHacker.java jdk7u3/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/ComodoHacker.java ---- jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/ComodoHacker.java 1969-12-31 19:00:00.000000000 -0500 -+++ jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/ComodoHacker.java 2012-04-17 17:49:27.000000000 -0400 -@@ -0,0 +1,305 @@ -+/* -+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+/* -+ * @test -+ * @bug 7123519 -+ * @summary Problem with java/classes_security -+ * @run main/othervm ComodoHacker PKIX -+ * @run main/othervm ComodoHacker SunX509 -+ */ -+ -+import java.net.*; -+import java.util.*; -+import java.io.*; -+import javax.net.ssl.*; -+import java.security.KeyStore; -+import java.security.cert.Certificate; -+import java.security.cert.CertificateFactory; -+import java.security.cert.X509Certificate; -+import java.security.cert.CertificateException; -+import java.security.spec.*; -+import java.security.interfaces.*; -+ -+public class ComodoHacker { -+ // DigiNotar Root CA, untrusted root certificate -+ static String trustedCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" + -+ "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" + -+ "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" + -+ "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" + -+ "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\n" + -+ "MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\n" + -+ "ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\n" + -+ "b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\n" + -+ "bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\n" + -+ "U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\n" + -+ "A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\n" + -+ "I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\n" + -+ "wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\n" + -+ "AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\n" + -+ "oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\n" + -+ "BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\n" + -+ "dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\n" + -+ "MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\n" + -+ "b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\n" + -+ "dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\n" + -+ "MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\n" + -+ "E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\n" + -+ "MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\n" + -+ "hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\n" + -+ "95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\n" + -+ "2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\n" + -+ "-----END CERTIFICATE-----"; -+ -+ // DigiNotar Root CA, untrusted cross-certificate -+ static String untrustedCrossCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" + -+ "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" + -+ "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" + -+ "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" + -+ "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" + -+ "MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" + -+ "EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" + -+ "hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" + -+ "ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" + -+ "OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" + -+ "hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" + -+ "gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" + -+ "IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" + -+ "BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" + -+ "Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" + -+ "5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" + -+ "DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" + -+ "9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" + -+ "7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" + -+ "ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" + -+ "BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" + -+ "BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" + -+ "VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" + -+ "bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" + -+ "A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" + -+ "BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" + -+ "xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" + -+ "ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" + -+ "ZFdYf+hthc3m6IcJ\n" + -+ "-----END CERTIFICATE-----"; -+ -+ // DigiNotar Root CA, compromised certificate -+ static String compromisedCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf\n" + -+ "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" + -+ "Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" + -+ "HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES\n" + -+ "MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg\n" + -+ "MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB\n" + -+ "AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B\n" + -+ "8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY\n" + -+ "tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl\n" + -+ "HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj\n" + -+ "zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU\n" + -+ "JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM\n" + -+ "ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv\n" + -+ "a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p\n" + -+ "K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi\n" + -+ "puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT\n" + -+ "yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO\n" + -+ "owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV\n" + -+ "HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC\n" + -+ "jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy\n" + -+ "fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo\n" + -+ "Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo\n" + -+ "M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM\n" + -+ "Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed\n" + -+ "2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH\n" + -+ "/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl\n" + -+ "nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE\n" + -+ "O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU\n" + -+ "9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9\n" + -+ "j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr\n" + -+ "-----END CERTIFICATE-----"; -+ -+ // DigiNotar Public CA 2025, intermediate certificate -+ static String intermediateCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIGAzCCA+ugAwIBAgIQHn16Uz1FMEGWQA9xSB9FBDANBgkqhkiG9w0BAQUFADBf\n" + -+ "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" + -+ "Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" + -+ "HhcNMDYwMjA2MTYwNzAyWhcNMjUwMzI4MTYwNzAyWjBmMQswCQYDVQQGEwJOTDES\n" + -+ "MBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdpTm90YXIgUHVibGljIENB\n" + -+ "IDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5vdGFyLm5sMIIBIjANBgkq\n" + -+ "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/2eu/I5fMG8lbvPph3e8zfJpZQtg/72\n" + -+ "Yx29+ivtKehiF6A3n785XyoY6IT3vlCrhy1CbMOY3M0x1n4YQlv17B0XZ/DqHyBA\n" + -+ "SQvnDNbkM9j4NoSy/sRtGsP6PetIFFjrhE9whZuvuSUC1PY4PruEEJp8zOCx4+wU\n" + -+ "Zt9xvjy4Xra+bSia5rwccQ/R5FYTGKrYCthOy9C9ud5Fhd++rlVhgdA/78w+Cs2s\n" + -+ "xS4i0MAxG75P3/e/bATJKepbydHdDjkyz9o3RW/wdPUXhzEw4EwUjYg6XJrDzMad\n" + -+ "6aL9M/eaxDjgz6o48EaWRDrGptaE2uJRuErVz7oOO0p/wYKq/BU+/wIDAQABo4IB\n" + -+ "sjCCAa4wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vdmFsaWRh\n" + -+ "dGlvbi5kaWdpbm90YXIubmwwHwYDVR0jBBgwFoAUiGi/4I41xDs4a2L3KDuEgcgM\n" + -+ "100wEgYDVR0TAQH/BAgwBgEB/wIBADCBxgYDVR0gBIG+MIG7MIG4Bg5ghBABh2kB\n" + -+ "AQEBBQIGBDCBpTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpbm90YXIubmwv\n" + -+ "Y3BzMHoGCCsGAQUFBwICMG4abENvbmRpdGlvbnMsIGFzIG1lbnRpb25lZCBvbiBv\n" + -+ "dXIgd2Vic2l0ZSAod3d3LmRpZ2lub3Rhci5ubCksIGFyZSBhcHBsaWNhYmxlIHRv\n" + -+ "IGFsbCBvdXIgcHJvZHVjdHMgYW5kIHNlcnZpY2VzLjBDBgNVHR8EPDA6MDigNqA0\n" + -+ "hjJodHRwOi8vc2VydmljZS5kaWdpbm90YXIubmwvY3JsL3Jvb3QvbGF0ZXN0Q1JM\n" + -+ "LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFN8zwK+S/jf8ttgWFtDZsZHV\n" + -+ "+m6lMA0GCSqGSIb3DQEBBQUAA4ICAQCfV1rmBd9QStEyQ40lT0tqby0/3ez0STuJ\n" + -+ "ESBQLQD56XYdb4VFSuqA6xTtiuSVHLoiv2xyISN9FvX3A5VtifkJ00JEaLQJiSsE\n" + -+ "wGDkYGl1DT7SsqtAVKdMAuCM+e0j0/RV3hZ6kcrM7/wFccHwM+/TiurR9lgZDzB4\n" + -+ "a7++A4XrYyKx9vc9ZwBEnD1nrAe7++gg9cuZgP7e+QL0FBHMjpw+gnCDjr2dzBZC\n" + -+ "4r+b8SOqlbPRPexBuNghlc7PfcPIyFis2LJXDRMWiAd3TcfdALwRsuKMR/T+cwyr\n" + -+ "asy69OEGHplLT57otQ524BDctDXNzlH9bHEh52QzqkWvIDqs42910IUy1nYNPIUG\n" + -+ "yYJV/T7H8Jb6vfMZWe47iUFvtNZCi8+b542gRUwdi+ca+hGviBC9Qr4Wv1pl7CBQ\n" + -+ "Hy1axTkHiQawUo/hgmoetCpftugl9yJTfvsBorUV1ZMxn9B1JLSGtWnbUsFRla7G\n" + -+ "fNa0IsUkzmmha8XCzvNu0d1PDGtcQyUqmDOE1Hx4cIBeuF8ipuIXkrVCr9zAZ4ZC\n" + -+ "hgz6aA1gDTW8whSRJqYEYEQ0pcMEFLyXE+Nz3O8NinO2AuxqKhjMk13203xA7lPY\n" + -+ "MnBQ0v7S3qqbp/pvPMiUhOz/VaYted6QmOY5EATBnFiLCuw87JXoAyp382eJ3WX1\n" + -+ "hOiR4IX9Tg==\n" + -+ "-----END CERTIFICATE-----"; -+ -+ // The fraudulent certificate issued by above compromised CA -+ static String targetCertStr = -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm\n" + -+ "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp\n" + -+ "Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v\n" + -+ "dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE\n" + -+ "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp\n" + -+ "ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j\n" + -+ "b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS\n" + -+ "CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q\n" + -+ "7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD\n" + -+ "ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x\n" + -+ "OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8\n" + -+ "vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2\n" + -+ "EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0\n" + -+ "dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43\n" + -+ "/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH\n" + -+ "aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u\n" + -+ "bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u\n" + -+ "IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg\n" + -+ "dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8\n" + -+ "oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s\n" + -+ "YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn\n" + -+ "b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG\n" + -+ "9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH\n" + -+ "UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB\n" + -+ "pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM\n" + -+ "FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum\n" + -+ "U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK\n" + -+ "baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==\n" + -+ "-----END CERTIFICATE-----"; -+ -+ private static String tmAlgorithm; // trust manager -+ -+ public static void main(String args[]) throws Exception { -+ // Get the customized arguments. -+ parseArguments(args); -+ -+ X509TrustManager tm = getTrustManager(); -+ X509Certificate[] chain = getFraudulentChain(); -+ -+ Exception reservedException = null; -+ try { -+ tm.checkClientTrusted(chain, "RSA"); -+ } catch (CertificateException ce) { -+ reservedException = ce; -+ } -+ -+ if (reservedException == null) { -+ throw new Exception("Unable to block fraudulent certificate"); -+ } -+ -+ reservedException = null; -+ try { -+ tm.checkServerTrusted(chain, "RSA"); -+ } catch (CertificateException ce) { -+ reservedException = ce; -+ } -+ -+ if (reservedException == null) { -+ throw new Exception("Unable to block fraudulent certificate"); -+ } -+ -+ System.out.println( -+ "The expected untrusted cert exception: " + reservedException); -+ } -+ -+ private static void parseArguments(String[] args) { -+ tmAlgorithm = args[0]; -+ } -+ -+ private static X509TrustManager getTrustManager() throws Exception { -+ // generate certificate from cert string -+ CertificateFactory cf = CertificateFactory.getInstance("X.509"); -+ -+ // create a key store -+ KeyStore ks = KeyStore.getInstance("JKS"); -+ ks.load(null, null); -+ -+ // import the trusted cert -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(trustedCertStr.getBytes())) { -+ Certificate trustedCert = cf.generateCertificate(is); -+ ks.setCertificateEntry("RSA Export Signer", trustedCert); -+ } -+ -+ // create the trust manager -+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlgorithm); -+ tmf.init(ks); -+ -+ return (X509TrustManager)tmf.getTrustManagers()[0]; -+ } -+ -+ private static X509Certificate[] getFraudulentChain() throws Exception { -+ // generate certificate from cert string -+ CertificateFactory cf = CertificateFactory.getInstance("X.509"); -+ -+ X509Certificate[] chain = new X509Certificate[4]; -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(targetCertStr.getBytes())) { -+ chain[0] = (X509Certificate)cf.generateCertificate(is); -+ } -+ -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(intermediateCertStr.getBytes())) { -+ chain[1] = (X509Certificate)cf.generateCertificate(is); -+ } -+ -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(compromisedCertStr.getBytes())) { -+ chain[2] = (X509Certificate)cf.generateCertificate(is); -+ } -+ -+ try (ByteArrayInputStream is = -+ new ByteArrayInputStream(untrustedCrossCertStr.getBytes())) { -+ chain[3] = (X509Certificate)cf.generateCertificate(is); -+ } -+ -+ return chain; -+ } -+} -+ |