On 11/18/2010 07:31 AM, Valerie (Yu-Ching) Peng wrote:
Hi, Max,
Can you please help reviewing the following two regression test fixes?
6203816: Can not run test/java/security/Security/ClassLoaderDeadlock.sh
from the command line
Webrev: http://cr.openjdk.java.net/~valeriep/6203816/webrev.00/
cs11.jar, maybe their jdk/make/closed is still not updated.
Thanks
Max
Valerie
On 11/17/10 17:00, Weijun Wang wrote:
On 11/18/2010 07:31 AM, Valerie (Yu-Ching) Peng wrote:
Hi, Max,
Can you please help reviewing the following two regression test fixes?
6203816: Can not r
I'm fine with all code changes.
Thanks
Max
On 11/20/2010 08:00 AM, Valerie (Yu-Ching) Peng wrote:
On 11/17/10 19:31, Weijun Wang wrote:
On 11/18/2010 11:00 AM, Valerie (Yu-Ching) Peng wrote:
Thanks for the lightning fast review!
TBD means "to be determined at runtime". Dif
Changeset: c1734c00a8ba
Author:weijun
Date: 2010-11-22 09:43 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/c1734c00a8ba
6979329: CCacheInputStream fails to read ticket cache files from Kerberos 1.8.1
Reviewed-by: valeriep
! src/share/classes/sun/security/krb5/internal/ccach
Changeset: de402590e18f
Author:weijun
Date: 2010-11-24 07:43 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/de402590e18f
7002036: ktab return code changes on a error case
Reviewed-by: valeriep
! src/windows/classes/sun/security/krb5/internal/tools/Ktab.java
+ test/sun/securi
Hi Valerie
The webrev is at --
http://cr.openjdk.java.net/~weijun/6894072/webrev.00/
Changes:
1. New javax..KeyTab, updated sun..KeyTab. As the impl note in
javax..KeyTab says: the former is a name with dynamic content, the
latter is a snapshot of a file.
2. Now Subject can have private
Hi Sean
Please review my code changes:
http://cr.openjdk.java.net/~weijun/7004035/webrev.00/
After this change, MANIFEST.MF's getSigners() and getCertificates() will
be not null. Since every signer of the jar file has a hash of the
manifest header, I regard all of them as signers of MANIFES
Changeset: e3dbb8cd8820
Author:weijun
Date: 2010-12-06 06:49 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e3dbb8cd8820
7004721: ktarg.sh fails when there's no default realm
Reviewed-by: xuelei
! test/sun/security/krb5/tools/ktarg.sh
Changeset: b8713c88c060
Author:weijun
Date: 2010-12-06 10:46 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/b8713c88c060
7004035: signed jar with only META-INF/* inside is not verifiable
Reviewed-by: mullan
! src/share/classes/sun/security/tools/JarSigner.java
! src/share/cl
Changeset: 34f8b6669273
Author:weijun
Date: 2010-12-07 09:51 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/34f8b6669273
6986825: policytool can not save file.
Reviewed-by: wetmore
! src/share/classes/sun/security/tools/policytool/PolicyTool.java
Changeset: beeea65e79f4
Author:weijun
Date: 2010-12-07 17:30 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/beeea65e79f4
6990370: FindBugs scan - Malicious code vulnerability Warnings in
com.sun.jndi.ldap.*
Reviewed-by: xuelei
! src/share/classes/com/sun/jndi/ldap/BasicCont
Changeset: 1f0f0737f04e
Author:weijun
Date: 2010-12-17 11:03 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/1f0f0737f04e
6975866: api/org_ietf/jgss/GSSContext/index.html#wrapUnwrapIOTest started to
fail since jdk7 b102
Reviewed-by: valeriep
! src/share/classes/sun/security/
Changeset: d2a0e795c1c2
Author:weijun
Date: 2010-12-21 17:35 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d2a0e795c1c2
6996367: improve HandshakeHash
Reviewed-by: xuelei
! src/share/classes/sun/security/ssl/ClientHandshaker.java
! src/share/classes/sun/security/ssl/Handsha
Looks fine.
BTW, what are we supposed to review? Besides going through the patch and
making sure each change is good, the only thing I can think of is
looking for lines need coinification but untouched. Made some simple
greps and found none yet.
I can review the following files you listed fo
On 12/23/2010 10:17 AM, Brad Wetmore wrote:
You need to update the Copyright updates on these files to include 2010.
Not having a lot of experience yet with <>, the only ones I wasn't sure
about were the ones in X509Factor.parseX509orPKCS7Cert. (line 415 & 425)
I assume it just picks up the
Hi Xuelei
Are you sure these 3 files all need to be changed? Hopefully you can
change as few as possible.
Also, the message name is not "PreMasterSecret message". I know it
should be "ClientKeyExchange" for RSAClientKeyExchange.java.
and, "tolerate" is the verb, "tolerant" is an adjective.
On 12/30/2010 06:07 PM, Xuelei Fan wrote:
On 12/30/2010 9:39 AM, Weijun Wang wrote:
Hi Xuelei
Are you sure these 3 files all need to be changed? Hopefully you can
change as few as possible.
Yes, we need to change all 3 files. As we discussed before, we'd better
to check the version n
Hi Stuart
On 01/12/2011 08:06 AM, Stuart Marks wrote:
Hi Max,
Here, finally, is an updated webrev for 7008713. Like the other updates,
this is the automated diamond conversion but with diamonds removed from
assignment statements. This is mostly diamonds used in variable
initializers. I think th
rs have only one letter.
Thanks
Max
On 01/12/2011 11:04 AM, Stuart Marks wrote:
Hi Max, thanks for reviewing the webrev.
On 1/11/11 5:25 PM, Weijun Wang wrote:
On 01/12/2011 08:06 AM, Stuart Marks wrote:
I think there's one in a return statement in there too.
You mean this one?
pub
If sunpkcs11.jar includes line number info (which I think yes), then it
needs to be updated. Otherwise, line numbers shown in the exception
stack info will not match the source code.
Max
On 01/14/2011 08:15 AM, Stuart Marks wrote:
Yes, the byte codes are identical. I compiled with -g:none bef
Hi Sean
http://cr.openjdk.java.net/~weijun/7012160/webrev.00/
I've made changes to the following classes to enable streaming mode SF
file reading:
- java/util/jar/JarVerifier.java:
1. New verifyBlock method.
2. Change the constructor from JarVerifier(byte[]) to
JarVerifier(byte[], Manifest
Hi All
I have a keystore with a bunch of testing root CA, intermediate CA and
entity certs, some PrivateKeyEntry and some TrustedCertEntry, and it's
quite difficult to know who signs who. Therefore I suggest some
enhancement for the simple "keytool -list". (by simple, I mean no "-v").
The en
cert 1 alias
+ entity cert 2 alias
Andrew
On 1/17/2011 4:59 PM, Weijun Wang wrote:
Hi All
I have a keystore with a bunch of testing root CA, intermediate CA and
entity certs, some PrivateKeyEntry and some TrustedCertEntry, and it's
quite difficult to know who signs who. Theref
evel of the tree. "CN=l" is not a self-signed cert, so it's listed
under "Not self signed". But we still know "CN=l" signs m.
5. x is a SecretKeyEntry so not put inside chained entries.
Any suggestions?
Thanks
Max
On 01/18/2011 09:45 AM, Xuelei Fan wrote:
On
sign each other to form a loop. I
haven't yet figured out how to best show this in a tree.
More description below inline.
On 01/19/2011 10:50 PM, Xuelei Fan wrote:
I'm not sure I understand the proposal completely. Please read in-lines
comments.
On 1/19/2011 5:34 PM, Weijun Wang wrote
Hi Sean
Some time ago we enhanced "keytool -gencert" to generate a cert chain,
including certicates from the end-entity to the secondary level CA,
except the root CA. I have some different opinion now, and think maybe
it's better to include the root CA.
1. There is no spec saying a chain can
d different. As described in my number 2 reason below, it won't
even make any changes to the "keytool -import -file certs" result.
Max
Andrew
On 1/21/2011 12:25 PM, Weijun Wang wrote:
Hi Sean
Some time ago we enhanced "keytool -gencert" to generate a cert chain,
includi
25 PM, Weijun Wang wrote:
Hi Sean
Some time ago we enhanced "keytool -gencert" to generate a cert chain,
including
certicates from the end-entity to the secondary level CA, except the
root CA. I
have some different opinion now, and think maybe it's better to
include the root
CA.
1. The
break;
}
Now if A signs B and B signs A again, there would be a loop. This should
seldom happen I guess.
Thanks
Max
On 01/26/2011 02:50 AM, Sean Mullan wrote:
On 1/25/11 10:09 AM, Weijun Wang wrote:
On 01/25/2011 10:44 PM, Sean Mullan wrote:
Hi Max,
For #3 below,
Hi Valerie
I just looked into to this bug, the reason is that the failed Ubuntu has
a libgssapi_krb5.so.2 but no libgssapi_krb5.so.
Turns out that a newly installed Ubuntu only has the GSS/krb5 runtime
installed, which include the .so.2 file. On the other hand, the .so file
(simply a symlink
is
such a difference and use this static method to precisely mimic the
behavior.
[661-665]: replace this code with MessageDigest.isEqual.
Yes.
All changes are trivial except for the new SignerInfo.verify() method. I
guess a webrev is not needed.
Thanks
Max
--Sean
On 1/14/11 3:31 A
prefer to keep it this way for
simplicity.
So, my preference would be closer to your suggestion#2.
Thanks,
Valerie
On 02/09/11 05:47 PM, Weijun Wang wrote:
Hi Valerie
I just looked into to this bug, the reason is that the failed Ubuntu
has a libgssapi_krb5.so.2 but no libgssapi_krb5.so.
Turns out t
Changeset: 8860e17db3bd
Author:weijun
Date: 2011-02-12 05:09 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/8860e17db3bd
6742654: Code insertion/replacement attacks against signed jars
6911041: JCK api/signaturetest tests fails for Mixed Code PIT builds (b91) for
all trains
Changeset: de923c0ec3c4
Author:weijun
Date: 2011-02-12 07:30 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/de923c0ec3c4
7016698: test sun/security/krb5/runNameEquals.sh failed on Ubuntu
Reviewed-by: valeriep
! src/share/classes/sun/security/jgss/wrapper/SunNativeProvider.ja
Hi Valerie
http://cr.openjdk.java.net/~weijun/7018928/webrev.00/
There was a failure of krb5 test SSL.java for jdk7b130 PIT. The
exception thrown is a java.net.NoRouteToHostException. The test uses an
internal DNS service and starts its own KDC and HTTPS server.
I cannot replay the error so
On 02/15/2011 05:51 AM, Valerie (Yu-Ching) Peng wrote:
So, the test failures are intermittent?
I think so.
The changes look fine.
Thanks
Max
Valerie
On 02/13/11 11:49 PM, Weijun Wang wrote:
Hi Valerie
http://cr.openjdk.java.net/~weijun/7018928/webrev.00/
There was a failure of
Changeset: 9024288330c4
Author:weijun
Date: 2011-02-15 12:11 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/9024288330c4
7018928: test failure: sun/security/krb5/auto/SSL.java
Reviewed-by: valeriep
! test/sun/security/krb5/auto/BadKdc1.java
! test/sun/security/krb5/auto/BadK
Changeset: f4613b378874
Author:weijun
Date: 2011-02-28 23:02 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/f4613b378874
7021789: Remove jarsigner -crl option
Reviewed-by: mullan
! src/share/classes/com/sun/jarsigner/ContentSignerParameters.java
! src/share/classes/java/secu
Changeset: f8bf888edf20
Author:weijun
Date: 2011-03-01 16:22 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/f8bf888edf20
7020531: test: java/security/cert/CertificateFactory/openssl/OpenSSLCert.java
file not closed after run
Reviewed-by: alanb, smarks
! test/ProblemList.txt
e"? I think that matches
the description of the method better.
[138]: Same comment as above. I think setSignatureFile is a better name.
Also can you add a comment describing what this method does?
* JarVerifier
[267]: this should be printed in debug only
--Sean
On 2/10/11 3:08 AM, Weijun
Small non-functional changes:
http://cr.openjdk.java.net/~weijun/7012160/webrev.02/
1. comments
2. some new language usage, say, <> operator
3. Vector->List, Hashtable->Map
Thanks
Max
On 03/03/2011 08:32 AM, Weijun Wang wrote:
Webrev updated
http://cr.openjdk.java.net/~we
Hi Christopher
I'm not familiar with that function. So it reads the user's secret key
from a keytab and try to decrypt the TGT to see if it can successfully
get the session key inside?
This is a part of the Krb5LoginModule login process: it receives a TGT
from the KDC and use either the pass
re a change in the openjdk code.
-Christopher
On Thu, Mar 10, 2011 at 6:36 PM, Weijun Wang mailto:weijun.w...@oracle.com>> wrote:
Hi Christopher
I'm not familiar with that function. So it reads the user's secret
key from a keytab and try to decrypt the TGT to see if it
Changeset: d901560d70a7
Author:weijun
Date: 2011-03-13 17:09 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d901560d70a7
6990848: JGSS/windows security code native code compiler warnings
Reviewed-by: valeriep
! src/windows/native/sun/security/krb5/NativeCreds.c
or
KeyTab(File) does not throw NPE when null is specified.
Fixed. getInstance(file) now throws NPE when file == null.
2) why not leverage getEncryptionKeys(PrincipalName) for the code of
line 148-155? They seem similar enough.
Updated.
I've also added @run main/othervm to all jgss/krb
On 03/19/2011 07:54 AM, Valerie (Yu-Ching) Peng wrote:
Max,
Krb5AcceptCredential.java
1) you changed it to not extending KerberosKey, potential compatibility
concern?
Not compatibility concern. I only think that now Krb5AcceptCredential
can be something else other than simply KerberosKey.
I
Hi Valerie
Updated webrev:
http://cr.openjdk.java.net/~weijun/6894072/webrev.02
Changes since last version:
1. A KerberosPrincipal inside javax..KeyTab class. New getInstance()
arguments, new getPrincipal() method.
It can only be non-null now, but I didn't say anything in the spec. I'm
Changeset: c43811a602a8
Author:weijun
Date: 2011-03-23 18:26 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/c43811a602a8
7028490: better suggestion for jarsigner when TSA is not accessible
Reviewed-by: mullan
! src/share/classes/sun/security/tools/JarSigner.java
! src/share/
Changeset: 65e7fddf517f
Author:weijun
Date: 2011-03-24 16:16 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/65e7fddf517f
7030174: Jarsigner should accept TSACert with an HTTPS id-ad-timeStamping SIA
Reviewed-by: xuelei
! src/share/classes/sun/security/tools/TimestampedSigner
Hi Sean
This is a regression made by my former treat-MANIFEST.MF-as-signed code
change. Webrev here:
http://cr.openjdk.java.net/~weijun/7023056/webrev.00/
For the reason, see the evaluation below.
=== *Description*
Running a Maven build of
AuthResources.java:
===
1.
{"expected.", "expected "},
-{".read.end.of.file", ", read end of file"},
+{"expected.expect.read.end.of.file.",
+"expected {0}, read end of file"},
The "expected." is now useless. At least I grep thru all jdk/s
Changeset: 4a64eefbfd7a
Author:weijun
Date: 2011-03-25 11:58 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/4a64eefbfd7a
7023056: NPE from sun.security.util.ManifestEntryVerifier.verify during Maven
build
Reviewed-by: mullan
! src/share/classes/java/util/jar/JarVerifier.jav
Another thing, maybe you can also combine the JarSigner TSA-unavailable
warnings like you did for KeyTool integrity-not-checked ones?
I've attached a diff and you can directly apply it at jdk level.
Thanks
Max
On 03/25/2011 09:35 AM, Weijun Wang wrote:
AuthResources
Hi Xuelei
We fixed an [capaths] bug some time ago:
6789935: cross-realm capath search error
http://hg.openjdk.java.net/jdk7/tl/jdk/rev/33bc32405045
Unfortunately, it's still not correct. Here is a new webrev:
http://cr.openjdk.java.net/~weijun/7019384/webrev.00/
As described in the b
Hi Xuelei
This webrev includes 2 kinds of code changes:
http://cr.openjdk.java.net/~weijun/7031536/webrev.00/
1. HttpNegotiateServer: now servers open on port 0.
2. Others: I add run/othervm for all tests in jgss and krb5 that call
System.setProperty
Thanks
Max
Original Messag
Changeset: 86ace035d04d
Author:weijun
Date: 2011-03-28 18:04 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/86ace035d04d
7019384: Realm.getRealmsList returns realms list in wrong (reverse) order
Reviewed-by: xuelei
! src/share/classes/sun/security/krb5/Realm.java
! test/sun/
Sorry for the late reply.
I suppose your client side program is not in Java? Because in JDK a
service ticker's addresses field is always null.
Thanks
Max
On 03/25/2011 07:53 PM, Szabolcs Pota wrote:
[+ adding back security-dev]
Hi Henry,
Thank you for your reply. My answers are below.
, Weijun Wang wrote:
Another thing, maybe you can also combine the JarSigner
TSA-unavailable warnings
like you did for KeyTool integrity-not-checked ones?
I've attached a diff and you can directly apply it at jdk level.
Thanks
Max
On 03/25/2011 09:35 AM, Weijun Wang wrote:
AuthResources
na]
at
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:761)
~[na:na]
Regards,
Szabolcs
On Mon, Mar 28, 2011 at 2:21 PM, Weijun Wang mailto:weijun.w...@oracle.com>> wrote:
Sorry for the late reply.
I suppose your client side program is not in J
5Context.acceptSecContext(Krb5Context.java:761)
~[na:na]
Regards,
Szabolcs
On Mon, Mar 28, 2011 at 2:21 PM, Weijun Wang mailto:weijun.w...@oracle.com>> wrote:
Sorry for the late reply.
I suppose your client side program is not in Java? Because in JDK a
service ticker's addresses field is
Hi Valerie
http://cr.openjdk.java.net/~weijun/7032354/webrev.00/
I've removed the use of this setting on the acceptor side, now host
address check is only performed if caddr is inside service ticket and
the acceptor has a way to get the initiator's address (currently, thru
channel binding onl
ired by 6894072.
I'll continue to review your webrev, but just want to kick this idea off
w/ you and see if it may work.
Valerie
On 03/23/11 02:00 AM, Weijun Wang wrote:
Hi Valerie
Updated webrev:
http://cr.openjdk.java.net/~weijun/6894072/webrev.02
Changes since last version:
1. A Kerber
Hi Valerie
http://cr.openjdk.java.net/~weijun/7030180/webrev.00/
A bug in MIT krb5 1.8 triggers this exception (read evaluation below).
They will fix it in 1.8.4 and 1.9. At the mean time, we can check both
the session key and the subkey on the acceptor side.
I think this does not deserve a
st an idea.
Valerie
On 04/01/11 02:14 AM, Weijun Wang wrote:
Hi Valerie
Updated again:
http://cr.openjdk.java.net/~weijun/6894072/webrev.04/
1. KeyTab can be used by anyone
2. The two compatibility support
As for adding keys (from keytab) into private credentials set, I
haven't cleaned up
On 04/02/2011 05:18 PM, Weijun Wang wrote:
Updated again:
http://cr.openjdk.java.net/~weijun/6894072/webrev.05/
Changes:
1. New Krb5Util.KeysFromKeyTab as a special kind of KerebrosKey we will
add to and remove from private credentials set. Add and remove are only
done when
nish
> 56 *b. Builder will not wipe it for you
I'll remove lines 54-56. Maybe I meant to do that some time ago.
Thanks
Max
>
> I am still looking at the rest of changes, just want to send what I have now,
> so you don't wait too long.
>
> Thanks,
>
Hi Valerie
http://cr.openjdk.java.net/~weijun/7036157/webrev.00/
There is no regression test because it's not easy to simulate a
connection timeout in a regression test.
On my home machine, I set KDC to facebook.com. Thanks to the Great
Firewall of China that all connections to facebook are
Changes look fine.
Are you going to backport the fix to earlier JDKs? Otherwise, you can
simplify
cons = clazz.getConstructor(new Class[] {String.class});
Object obj = cons.newInstance(new Object[] {configFile});
to
cons = clazz.getConstructor(String.class);
cons.newInstance(conf
Thanks for the careful review. It has been a long one.
Max
On 04/19/2011 02:58 AM, Valerie (Yu-Ching) Peng wrote:
Ok, I have no more comments.
Thanks,
Valerie
On 04/13/11 09:36 PM, Weijun Wang wrote:
webrev updated at
http://cr.openjdk.java.net/~weijun/6894072/webrev.06/
changes:
1
Changeset: f8956ba13b37
Author:weijun
Date: 2011-04-20 18:41 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/f8956ba13b37
6894072: always refresh keytab
Reviewed-by: valeriep
! src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java
+
src/share/classes/javax/secu
Hi Valerie
Code change for the BadKdc.java test:
http://cr.openjdk.java.net/~weijun/6950929/webrev.00/
As described in the lines 44-69 of the new file, the test might fail due
to 2 reasons:
1. KDC port opened by some other process (1%)
2. KDC cannot receive the first UDP packet (99%)
Th
ting
the set, and I cannot predict what they will do with the set.
Thanks
Max
On 04/01/2011 10:23 AM, Weijun Wang wrote:
On 04/01/2011 10:09 AM, Valerie (Yu-Ching) Peng wrote:
Max,
I like this new approach of yours better.
As for compatibility, you mentioned only one aspect, i.e. apps wh
Changeset: 06c7ee973e05
Author:weijun
Date: 2011-04-07 08:51 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/06c7ee973e05
7032354: no-addresses should not be used on acceptor side
Reviewed-by: valeriep
! src/share/classes/sun/security/krb5/KrbApReq.java
! test/sun/security/kr
here at the beginning and refresh them
whenever a getKeys() is called. This should be harmless because we don't
really use the keys if keytab objects (not keytab files) exist. I can do
that.
Thanks
Max
Valerie
On 03/31/11 03:41 AM, Weijun Wang wrote:
Hi Valerie
Sorry for the la
Changeset: 4de90f390a48
Author:weijun
Date: 2011-04-11 10:22 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/4de90f390a48
7012160: read SF file in signed jar in streaming mode
Reviewed-by: mullan
! src/share/classes/java/util/jar/JarFile.java
! src/share/classes/java/util/jar
Handshaker and ServerHandsshaker (mentioned in your
other mail)
Comments inline below:
On 04/14/2011 09:45 AM, Valerie (Yu-Ching) Peng wrote:
On 04/09/11 03:00 AM, Weijun Wang wrote:
src/share/classes/sun/security/jgss/krb5/Krb5Util.java
=> 1) So, since when do we populate the Subjec
Changeset: e9ae2178926a
Author:weijun
Date: 2011-04-14 12:40 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e9ae2178926a
7036157: TCP connection does not use kdc_timeout
Reviewed-by: valeriep
! src/share/classes/sun/security/krb5/internal/NetClient.java
Changeset: 0e0db3421e8f
Author:weijun
Date: 2011-04-27 17:11 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/0e0db3421e8f
6950929: Failures on Solaris sparc 64bit sun/security/krb5/auto/BadKdc4.java
(and linux?)
Reviewed-by: xuelei
! test/sun/security/krb5/auto/BadKdc.java
Changeset: 76703c84b3a2
Author:weijun
Date: 2011-04-28 20:34 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/76703c84b3a2
7037201: regression: invalid signed jar file not detected
Reviewed-by: mullan
! src/share/classes/java/util/jar/JarFile.java
! src/share/classes/java/util
Hi Andrew
http://cr.openjdk.java.net/~weijun/7040916/webrev.00/
The keytab file cannot be removed and the test fails. The file was
opened twice and both not closed:
1. once inside the test
2. once inside KeyTab and not closed because it's not a valid keytab
Also, I change File.delete() c
Changeset: aa7c361144bb
Author:weijun
Date: 2011-05-01 14:22 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/aa7c361144bb
7040916: DynamicKeyTab test fails on Windows
Reviewed-by: xuelei
! src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java
! test/sun/security/krb5/
Changeset: d08d77ad2d7b
Author:weijun
Date: 2011-05-03 02:48 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d08d77ad2d7b
7040151: SPNEGO GSS code does not parse tokens in accordance to RFC 2478
Reviewed-by: valeriep
! src/share/classes/sun/security/jgss/spnego/NegTokenInit.j
Changeset: 9f56fbc8b6be
Author:weijun
Date: 2011-05-10 07:00 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/9f56fbc8b6be
7041635: GSSContextSpi.java copyright notice error
Reviewed-by: valeriep
! src/share/classes/sun/security/jgss/spi/GSSContextSpi.java
Hi Valerie
http://cr.openjdk.java.net/~weijun/7043737/webrev.00/
Not only a missing keytab is detected, but also an invalid one, where I
use a similar error message like the native klist:
$ klist -k ASSEMBLY_EXCEPTION
Keytab name: WRFILE:ASSEMBLY_EXCEPTION
klist: Unsupported key table format
Thanks
Max
> Valerie
>
> On 05/11/11 00:35, Weijun Wang wrote:
>> Hi Valerie
>>
>> http://cr.openjdk.java.net/~weijun/7043737/webrev.00/
>>
>> Not only a missing keytab is detected, but also an invalid one, where I use
>> a similar error
Changeset: b8bcb12acea6
Author:weijun
Date: 2011-05-27 09:01 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/b8bcb12acea6
7048466: Move sun.misc.JavaxSecurityAuthKerberosAccess to sun.security.krb5
package
Reviewed-by: weijun, alanb
Contributed-by: Mandy Chung
!
src/share/
Changeset: 9b678733fa51
Author:weijun
Date: 2011-06-08 14:01 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/9b678733fa51
7043737: klist does not detect non-existing keytab
Reviewed-by: valeriep
! src/windows/classes/sun/security/krb5/internal/tools/Klist.java
+ test/sun/secu
Hi Vinnie
http://cr.openjdk.java.net/~weijun/7043847/webrev.00/
There are 5 bugs, you can see them in the webrev.
This fix is for JDK 8. I guess I'll need >=2 reviewers for backporting
to JDK 7u2.
Thanks
Max
Hi Alan
The last excluded test in jdk_security1:
http://cr.openjdk.java.net/~weijun/7054428/webrev.00/
I'm not an NIO expert, but the test looks too wrong. Is there any chance
for it to pass in the last 8 years?
Thanks
Max
Original Message
*Change Request ID*: 7054428
ass loader
get used.
http://cr.openjdk.java.net/~weijun/7054428/webrev.01
JPRT also OK at --
http://jprt-web.us.oracle.com/archive/2011/06/2011-06-14-140902.ww155710.jdk//JobStatus.txt
Thanks
Max
On 06/14/2011 08:53 PM, Alan Bateman wrote:
Weijun Wang wrote:
Hi Alan
The last excluded test i
Code changes look fine.
Thanks
Max
On 06/15/2011 10:28 AM, Joe Darcy wrote:
Hello.
Please review this change to replace use of private two-argument equals
methods with the platform Objects.equals method introduced in JDK 7:
7041252 Use j.u.Objects.equals in security classes
http://cr.openjdk.
Hi Vinnie
Why does this test run in /othervm mode?
Thanks
Max
Oh, is it possible to use a non-Secure Random?
Thanks
Max
On 06/15/2011 05:00 PM, Vincent Ryan wrote:
On 06/15/11 09:45, Weijun Wang wrote:
Hi Vinnie
Why does this test run in /othervm mode?
Thanks
Max
It was failing due to SecureRandom problems on some platforms when run in samevm
mode
7;s main method.
The reason the original test failed in samevm is that
buffers[DIRECT_BUFFER].flip() is not called and its remaining() is zero,
and causes the error:
java.lang.ClassFormatError: Truncated class file
Thanks
Max
On 06/15/2011 06:56 PM, Alan Bateman wrote:
Weijun Wang wrote
sable?
Thanks
Max
On 06/15/2011 07:26 PM, Alan Bateman wrote:
Weijun Wang wrote:
But the current test passes without closing the stream, even on
Windows. I guess it's because the file opened is not in scratch
directory and needs not be cleaned up.
If we have to close the stream/channel
Changeset: 82706552f7a3
Author:weijun
Date: 2011-06-20 17:38 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/82706552f7a3
7054428: test/java/security/SecureClassLoader/DefineClassByteBuffer.java error
Reviewed-by: alanb
! test/ProblemList.txt
! test/java/security/SecureClassL
Changeset: a015dda3bdc6
Author:weijun
Date: 2011-06-20 19:17 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a015dda3bdc6
7054918: jdk_security1 test target cleanup
Reviewed-by: alanb, smarks, vinnie
! test/ProblemList.txt
! test/java/security/BasicPermission/PermClass.java
!
Hi Florian
Thanks for looking into this.
The following bug is for this special purpose:
6879539: enable empty password support for pkcs12 keystore
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6879539
and it's now still in code review mode:
http://cr.openjdk.java.net/~weijun/687
Changeset: febb7f557135
Author:weijun
Date: 2011-06-23 09:27 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/febb7f557135
7055362: jdk_security2 test target cleanup
Reviewed-by: alanb
! test/Makefile
! test/ProblemList.txt
! test/com/sun/crypto/provider/Cipher/DES/Sealtest.ja
http://cr.openjdk.java.net/~weijun/6330275/webrev.00/
Thanks
Max
On 06/23/2011 08:03 AM, Brad Wetmore wrote:
No, feel free to take it.
Brad
On 6/21/2011 2:24 AM, Weijun Wang wrote:
Hi Brad
# Timed out, Solaris 10 64bit sparcv9
com/sun/crypto/provider/Cipher/DES/PaddingTest.java generic
501 - 600 of 3227 matches
Mail list logo