aring
should be:
+ 160 if (!"X.509".equalsIgnoreCase(publicKey.getFormat())) {
- 160 if (!publicKey.getFormat().equalsIgnoreCase("X.509")) {
Otherwise, looks fine to me.
Thanks,
Xuelei
On 11/9/2011 11:32 AM, Weijun Wang wrote:
Well, in fact the whole CertAndKe
s
Max
Xuelei
On 11/9/2011 1:15 PM, Weijun Wang wrote:
The CertAndKeyGen class is for generating a keypair and create a
certificate or cert request. The normal usage for it will be
1. create an object
2. call generate() to generate keypair
3. call getSelfCertificate or getCertRequest
Both me
Changeset: 52be75d060f9
Author:weijun
Date: 2011-11-09 15:51 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/52be75d060f9
7109096: keytool -genkeypair needn't call -selfcert
Reviewed-by: xuelei
! src/share/classes/sun/security/tools/CertAndKeyGen.java
! src/share/classes/sun/
SSLContextVersion.java:
typo: suported -> supported
DisabledAlgorithmConstraints.java:
When can size == 0? Why it's not allowed?
Yes, I think the reflection calls should be wrapped in doPriv
Please also consider keys from MSCAPI
Try looking at sun.misc.SharedSecrets and see if
Looks fine.
-Max
On 11/14/2011 04:45 PM, Xuelei Fan wrote:
webrev: http://cr.openjdk.java.net/~xuelei/7111548/webrev.00/
Simple fix, cleanup, no new regression test.
Thanks,
Xuelei
Webrev at
http://cr.openjdk.java.net/~weijun/7111579/webrev.00/
Changes made (as in bug description). From
[1] Service Principal: krbtgt/THREE.LOCAL@THREE.LOCAL
Valid starting: Nov 14, 2011 17:53
Expires: Nov 15, 2011 03:53
Encryption type: RC4 with HMAC
to
[1] Se
Hi Brad
Turns out there is a tiny difference for 7u4 -- I need to remove the
test from ProblemsList.txt.
Can you take a review on it? The code change for the test itself is
identical.
http://cr.openjdk.java.net/~weijun/7078816/7u4/webrev.00/
Thanks
Max
On 11/15/2011 08:45 AM, Weijun
CR'er but you listed me in
changeset. FYI, I also approve.
Brad
On 11/14/2011 12:52 AM, Weijun Wang wrote:
Looks fine.
-Max
On 11/14/2011 04:45 PM, Xuelei Fan wrote:
webrev: http://cr.openjdk.java.net/~xuelei/7111548/webrev.00/
Simple fix, cleanup, no new regression test.
Thanks,
Xuelei
Changeset: c740519fe83a
Author:weijun
Date: 2011-11-16 11:53 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/c740519fe83a
7111579: klist starttime, renewtill, ticket etype
Reviewed-by: mullan
! src/share/classes/sun/security/krb5/internal/ccache/Credentials.java
! src/windows
Hi Valerie
In code changes for 6882687, in order to increase the precision of
KerberosTime, I use System.nanoTime() to calculate the current time. It
is precise, but it's only an elapse of nanaseconds after the VM starts.
What I did is, when the VM starts, I record a clock time, and after
tha
Resent with an updated subject.
Original Message
Subject: Fwd: CR 7077172 Updated, P3 jgss/krb5plugin KerberosTime does
not take into account system clock adjustement
Date: Wed, 16 Nov 2011 17:54:49 +0800
From: Weijun Wang
To: Valerie (Yu-Ching) Peng
CC: OpenJDK
Hi
Changeset: 5bfff9616b86
Author:weijun
Date: 2011-11-18 16:13 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/5bfff9616b86
7077172: KerberosTime does not take into account system clock adjustement
Reviewed-by: valeriep
! src/share/classes/sun/security/krb5/internal/KerberosTim
add a new KeyLength class under sun.security.util.
I think it may be useful for other models.
On 11/11/2011 2:33 PM, Weijun Wang wrote:
SSLContextVersion.java:
typo: suported -> supported
Updated.
DisabledAlgorithmConstraints.java:
When can size == 0? Why it's not allowed?
It'
On 11/18/2011 08:39 PM, Xuelei Fan wrote:
The VPN is awesomely bad today.
The webrev in cr.openjdk is
http://cr.openjdk.java.net/~xuelei/7106773/webrev.01/
On 11/18/2011 7:39 PM, Weijun Wang wrote:
Oh, there seems to be much more non-trivial code changes then the
previous version of webrev
On 11/18/2011 10:38 PM, Xuelei Fan wrote:
On 11/18/2011 10:16 PM, Weijun Wang wrote:
On 11/18/2011 08:39 PM, Xuelei Fan wrote:
The VPN is awesomely bad today.
The webrev in cr.openjdk is
http://cr.openjdk.java.net/~xuelei/7106773/webrev.01/
On 11/18/2011 7:39 PM, Weijun Wang wrote:
Oh
I removed most of the thread and keep some sections below:
On 11/21/2011 03:30 PM, Xuelei Fan wrote:
new webrev: http://cr.openjdk.java.net/~xuelei/7106773/webrev.02/
What is synchronized for? Why only on the for block? This won't prevent
map iteration and insertion at the same time.
An
I really like this one.
Thanks
Max
On 11/21/2011 08:05 PM, Xuelei Fan wrote:
> How about this approach? This looks very safe.
>
I also prefer this approach, although it need more updates in PKCS11 and
MSCPI source code. If you vote for this approach, I will try to
implement it.
Hi Xuelei
Why move the local variables to static fields?
The engineGetCertificates method is only synchronized on this but not the whole
class, so there is a chance that the method is called by multiple threads at
the same time. This means if you only use one static GetChainTrustManager
field,
Hi Xuelei
Please take a review:
http://cr.openjdk.java.net/~weijun/7115744/webrev.00/
Most are krb5 tests, one for SSL.
Thanks
Max
Begin forwarded message:
> *Change Request ID*: 7115744
> *Synopsis*: Do not call File::deleteOnExit in security tests
>
>
> === *Description* =
nks,
> Xuelei
>
> On 11/26/2011 10:42 PM, Xuelei Fan wrote:
>> On 11/26/2011 9:59 PM, Weijun Wang wrote:
>>> Hi Xuelei
>>>
>>> Why move the local variables to static fields?
>>>
>> In order to improve the performance. SSLContext.init() is ex
atic attribute is used.
>
> Thanks,
> Xuelei
>
> On 11/26/2011 11:16 PM, Weijun Wang wrote:
>>
>> On Nov 26, 2011, at 10:58 PM, Xuelei Fan wrote:
>>
>>> I was wondering why we synchronized the getInstance() and
>>> engineGetCertificates(). I
11 09:05 AM, Xuelei Fan wrote:
Sent from my iPad
On Nov 27, 2011, at 12:23 AM, Weijun Wang wrote:
There is one thing I'm not sure about:
In which case(s), the GeneralSecurityException will be thrown?
SSLContext initialization.
Is it possible that the exception is thrown sometime
27, 2011, at 9:49 AM, Weijun Wang wrote:
Is it possible that the exception is thrown sometimes but not always?
If it always fails, there is no problem failing once at the beginning.
Otherwise, if there is a chance it goes fine again after calling some codes,
maybe it's better to try ca
On 11/27/2011 05:48 PM, Xuelei Fan wrote:
Sent from my iPad
On Nov 27, 2011, at 5:01 PM, Weijun Wang wrote:
Anyway, I find this a little unsafe. One can add a new SSL security provider at
run time, and then run this method, and the new provider can be loaded.
I did not follow your
e static
fields.
I make a update, so that even the TLS handshaking failed or other IO
exceptions, once we are able to get the server certificate, we will use it.
This is good, and you can add a comment on this.
Thanks
Max
Thanks,
Xuelei
On 11/27/2011 10:31 PM, Xuelei Fan wrote:
On 1
ementation was wrong even in a JDK 1.4.2 view?
Thanks
Max
On 11/28/2011 12:48 PM, Xuelei Fan wrote:
On 11/28/2011 12:34 PM, Weijun Wang wrote:
On 11/28/2011 11:27 AM, Xuelei Fan wrote:
webrev: http://cr.openjdk.java.net/~xuelei/7115524/webrev.02/
I think the class is special in that in the
On 11/28/2011 02:16 PM, Xuelei Fan wrote:
Sent from my iPad
On Nov 28, 2011, at 1:52 PM, Weijun Wang wrote:
OK. Let's stop arguing. The code is fine.
Something else: you said the original SSLServerCertStore class "is a little bit out of
date". Do you think it's p
Changeset: 022540b11147
Author:weijun
Date: 2011-11-28 18:16 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/022540b11147
7115744: Do not call File::deleteOnExit in security tests
Reviewed-by: xuelei
! test/sun/security/krb5/auto/CrossRealm.java
! test/sun/security/krb5/auto/
Hi Xuelei
Please review the code changes for 7u4:
http://cr.openjdk.java.net/~weijun/7115524/7u4/webrev.00/
I've changed the synopsis because there is no SSLServerCertStore in 7u4.
Thanks
Max
--
7115524: Regression: keytool -printcert -sslserv
object but macosx-port cannot.
Thanks
Max
Regards
Bino.
On Oct 14, 2011, at 10:38 AM, Weijun Wang wrote:
Hi Mike
I'm working in the Java SE Security Team in Oracle. Apple's JRE (at
least in the JDK 6 releases) supports some extra Kerberos features for
OS X. As I know, at leas
Changeset: 2ae848ea980a
Author:weijun
Date: 2011-12-05 10:19 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/2ae848ea980a
7116857: Warnings in javax.security and some sun.misc
Reviewed-by: smarks
! src/share/classes/javax/security/auth/kerberos/ServicePermission.java
! src/sh
yself.
Thanks
Max
On 12/20/2011 09:58 AM, Mike Swingler wrote:
This is just a .c file. No Objective-C here.
~Mike
On Dec 19, 2011, at 5:56 PM, Weijun Wang wrote:
Hi Bino
Thank you for locating it. I would be glad if you or Scott can do an
integration. I guess this .m file is almost a pure .c
tributor/whatever so I can get my 8 checkmarks
for commit rights. :-)
-- Scott
On Dec 19, 2011, at 10:23 PM, Weijun Wang wrote:
Hi All
I've created a webrev. Please anyone take a review:
http://cr.openjdk.java.net/~weijun/999/webrev.12/
*Jeannette*:
Is a formal donate-to-openjdk pr
Hi Alan
Do you have time to look at this fix?
http://cr.openjdk.java.net/~weijun/7122169/webrev.01/
I study the test again and find out it's not the same as those BadKdc*
tests, where the port number must obey a pattern (n-th server on n).
So there is no need to assign one before the serv
ce of System.getCurrentMillies() can vary between 7 and 15 seconds.
Thanks
Max
-Chris.
On 12/20/11 10:22 AM, Weijun Wang wrote:
Hi Alan
Do you have time to look at this fix?
http://cr.openjdk.java.net/~weijun/7122169/webrev.01/
I study the test again and find out it's not the same as th
On 12/20/2011 10:05 PM, Alan Bateman wrote:
On 20/12/2011 10:22, Weijun Wang wrote:
Hi Alan
Do you have time to look at this fix?
http://cr.openjdk.java.net/~weijun/7122169/webrev.01/
I study the test again and find out it's not the same as those BadKdc*
tests, where the port number
Great. I'll do that. Let's see if the test ever fails again.
Here is updated webrev:
http://cr.openjdk.java.net/~weijun/7122169/webrev.02/
Thanks
Max
On 12/21/2011 10:08 PM, Alan Bateman wrote:
On 21/12/2011 01:52, Weijun Wang wrote:
:
I'm not sure. The time consumed
Changeset: 11698dedbe79
Author:weijun
Date: 2011-12-22 15:35 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/11698dedbe79
7122169: TcpTimeout fail for various reasons
Reviewed-by: alanb
! test/sun/security/krb5/auto/TcpTimeout.java
On 12/26/2011 05:39 PM, Sebastian Sickelmann wrote:
Hi,
one week ago (2011-12-15) [0] i asked for the downsides of changing
the legacy Exceptions in core-libs. There where only one answer from
"/Weijun Wang" who said that there may be serialisation issues. I
With your current solu
On 12/28/2011 03:13 AM, Sebastian Sickelmann wrote:
Am 26.12.2011 12:38, schrieb Weijun Wang:
On 12/26/2011 05:39 PM, Sebastian Sickelmann wrote:
Hi,
one week ago (2011-12-15) [0] i asked for the downsides of changing
the legacy Exceptions in core-libs. There where only one answer from
Hi Valerie
Please review my fix:
http://cr.openjdk.java.net/~weijun/7118809/webrev.00/
Basically, CacheTable.put() operates on ReplayCache inside it, and
ReplayCache.put() operates on CacheTable containing it, and both methods
are synchronized and using thread-safe Hashtable.
My solution
It's late night and I'll read it tomorrow. But can you choose another word
instead of Lengthable? Length is not a verb.
Max
Hi Sean
Webrev at
http://cr.openjdk.java.net/~weijun/7090565/webrev.00/
I changed the name to "duke test", and inline a binary file as a byte
array (lines 93-99).
Thanks
Max
Original Message
*Change Request ID*: 7090565
*Synopsis*: Move
test/closed/javax/security/auth
webrev after this round of code review:
>
> webrev: http://cr.openjdk.java.net/~xuelei/7106773/webrev.04/
>
> Thanks,
> Xuelei
>
> On 1/10/2012 11:47 PM, Vincent Ryan wrote:
>> On 01/10/12 03:19 PM, Xuelei Fan wrote:
>>> On 1/10/2012 11:09 PM, Weijun Wang wrot
On 01/11/2012 06:02 PM, Xuelei Fan wrote:
> On 1/11/2012 5:50 PM, Weijun Wang wrote:
>> Hi Andrew
>>
>> Take a brief look at the webrev. Looks like this Lengthable thing is the
>> only change after your previous webrev. Please confirm.
>>
> Yes.
>
>>
On 01/11/2012 06:55 PM, Xuelei Fan wrote:
> On 1/11/2012 6:42 PM, Weijun Wang wrote:
>>
>>
>> On 01/11/2012 06:02 PM, Xuelei Fan wrote:
>>> On 1/11/2012 5:50 PM, Weijun Wang wrote:
>>>> Hi Andrew
>>>>
>>>> Take a brief look at th
On 01/11/2012 07:42 PM, Xuelei Fan wrote:
> On 1/11/2012 7:12 PM, Weijun Wang wrote:
>>
>>
>> On 01/11/2012 06:55 PM, Xuelei Fan wrote:
>>> On 1/11/2012 6:42 PM, Weijun Wang wrote:
>>>>
>>>>
>>>> On 01/11/2012 06:02 PM, Xuelei F
This is better, at least more precise.
On 01/11/2012 08:12 PM, Xuelei Fan wrote:
> On 1/11/2012 8:09 PM, Weijun Wang wrote:
>>>> BTW, I will change the interface name from "Lengthable" to "Measurable".
>> Well, this is not much better. There are many thing
revert the order or doing both together, i.e. check for
expiration and find the indexing while going through the list once?
Maybe.
Thanks
Max
Thanks,
Valerie
On 01/09/12 21:41, Weijun Wang wrote:
Hi Valerie
Please review my fix:
http://cr.openjdk.java.net/~weijun/7118809/webrev.00/
Basically,
rie
On 01/11/12 22:11, Weijun Wang wrote:
In addition, I think the CacheTable.put(...) method should check if the
ReplayCache object is empty and if yes, do the removal itself.
So, the cleanup of empty ReplayCache object is still done, except it's
now in CacheTable class instead of ReplayCa
Changeset: 38bf1e9b6979
Author:weijun
Date: 2012-01-13 09:50 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/38bf1e9b6979
7090565: Move test/closed/javax/security/auth/x500/X500Principal/Parse.java to
open tests
Reviewed-by: mullan
+ test/javax/security/auth/x500/X500Princip
t for this particular bug
because of noreg-hard.
Thanks
Max
On 01/13/2012 09:58 AM, Valerie (Yu-Ching) Peng wrote:
Ok.
Thanks,
Valerie
On 01/12/12 17:46, Weijun Wang wrote:
How about this? We remove the empty ReplayCache in JDK 8 but keep it
in 7u4 (I want to backport it). I just feel there
Changeset: e8e08d46cc37
Author:weijun
Date: 2012-01-16 10:10 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e8e08d46cc37
7118809: rcache deadlock
Reviewed-by: valeriep
! src/share/classes/sun/security/krb5/internal/rcache/CacheTable.java
! src/share/classes/sun/security/krb5
I've created a webrev for Florain at
http://cr.openjdk.java.net/~weijun/6415637/webrev.00/
Very tiny format changes, removing trailing whitespaces, change TABs to
spaces, and add braces for one-line block in two places.
The code change looks fine, but I would like to get a confirmation fro
Hi Vinnie
The code change is fine.
However, I noticed something weird when trying out your test. It seems
for each PrivateKeyEntry, there is a TrustedCertificateEntry with the
same cert:
x, Feb 3, 2012, PrivateKeyEntry,
Certificate fingerprint (SHA1):
DB:8F:DC:61:EF:A6:CC:FE:FB:66:6F:6A:E6:
Hi Valerie
Please review this code change
http://cr.openjdk.java.net/~weijun/7133112/webrev.00/
Basically the reason is that native the GSS provider is not turned on
(GSSManagerImpl::USE_NATIVE is false), so we should not test it on Mac.
The Mac does include native gss libs. I try to retur
Hi Valerie
Please review this code change:
http://cr.openjdk.java.net/~weijun/6880619/webrev.00/
6879540 was about enabling empty password in kerberos. It did not have
any reg test. This is for it.
Thanks
Max
Original Message
*Change Request ID*: 6880619
*Synopsis*: reg
Changeset: 085c4f780d4e
Author:weijun
Date: 2012-02-08 11:44 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/085c4f780d4e
6880619: reg tests for 6879540
Reviewed-by: valeriep
+ test/sun/security/krb5/auto/EmptyPassword.java
Changeset: bdd1dd1e1462
Author:weijun
Date: 2012-02-10 11:41 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/bdd1dd1e1462
6879539: enable empty password support for pkcs12 keystore
Reviewed-by: vinnie, weijun
Contributed-by: Florian Weimer
! src/share/classes/com/sun/crypto/
Hi Valerie
Please take a review on this fix:
http://cr.openjdk.java.net/~weijun/7144530/webrev.00/
I plan to backport it to jdk7u6 once the dev workspace is re-opened.
Thanks
Max
On 02/14/2012 06:01 PM, weijun.w...@oracle.com wrote:
*Change Request ID*: 7144530
*Synopsis*: KeyTab.getIns
Hi All
I'm looking at this bug report. The jar is recently signed on 2/9/12 but
the cert expired long time ago on 10/14/03, and jarsigner -verify shows
[CertPath not validated: timestamp check failed]
This failure message is totally correct. However, because the test was
about timestampi
quot; or "certificate not yet valid" depending on how the check failed.
I suggest lowering the priority, leaving the bug open to make this
change, and leave it unassigned for now.
--Sean
On 02/20/2012 03:35 AM, Weijun Wang wrote:
Hi All
I'm looking at this bug report. The jar i
Changeset: 0243e7c0b0fb
Author:weijun
Date: 2012-02-21 08:51 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0243e7c0b0fb
7144530: KeyTab.getInstance(String) no longer handles keyTabNames with "file:"
prefix
Reviewed-by: valeriep
! src/share/classes/sun/security/krb5/interna
Please review this code change:
http://cr.openjdk.java.net/~weijun/7147336/webrev.00/
No regression test, trivial fix.
Thanks
Max
Original Message
*Change Request ID*: 7147336
*Synopsis*: clarification on warning of keytool -printcrl
=== *Description*
===
Changeset: b739dd7ce59c
Author:weijun
Date: 2012-02-21 15:11 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/b739dd7ce59c
7147336: clarification on warning of keytool -printcrl
Reviewed-by: xuelei
! src/share/classes/sun/security/tools/KeyTool.java
! src/share/classes/sun/sec
Hi All
Please review this code change
http://cr.openjdk.java.net/~weijun/7133068/webrev.00/
Basically, for a nice accessibility compliance, a TABLE needs a
"summary" attribute, a TH needs an "id", and then a TH needs a "headers"
that links to its corresponding TD. (By headers I guess it's
Hi All
Please take a look at this code change:
http://cr.openjdk.java.net/~weijun/7149012/webrev.00/
Jarsigner will not print a warning if the signer cert is expired but a
timestamp shows the jar was signed before the expiration date.
Another change is that the chainNotValidated flag now
focus on Java Plugin.
Thanks
Max
On 02/28/2012 10:11 PM, Xuelei Fan wrote:
I have not read the changes, just some minor comments about the description.
On Feb 26, 2012, at 11:00 PM, Weijun Wang wrote:
Hi All
Please take a look at this code change:
http://cr.openjdk.java.net/~weijun/71
On 02/28/2012 10:29 PM, Xuelei Fan wrote:
On Feb 28, 2012, at 6:19 AM, Weijun Wang wrote:
Hi Andrew
Well, this code change is to make jarsigner behaviors to be consistent with
Java Plugin, that is to say, if Java Plugin allows something jarsigner should
also.
If you believe that Java
?
Yes, during the verification of the jar file, its info is included in
the CodeSigner class.
Thanks
Max
Xuelei
On 2/27/2012 3:00 PM, Weijun Wang wrote:
Hi All
Please take a look at this code change:
http://cr.openjdk.java.net/~weijun/7149012/webrev.00/
Jarsigner will not print a warnin
Changeset: 26ed9a64a318
Author:weijun
Date: 2012-03-06 10:25 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/26ed9a64a318
7149012: jarsigner needs not warn about cert expiration if the jar has a TSA
timestamp
Reviewed-by: xuelei
! src/share/classes/sun/security/tools/JarSign
Changeset: e8438dc196bb
Author:weijun
Date: 2012-03-07 10:15 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e8438dc196bb
6961765: Double byte characters corrupted in DN for LDAP referrals
Reviewed-by: vinnie
! src/share/classes/com/sun/jndi/toolkit/url/UrlUtil.java
+ test/co
Hi Valerie
This code change is only inside jdk/test/:
http://cr.openjdk.java.net/~weijun/7152176/webrev.00/
Basic.java:
the simplest test I can use as skeleton later.
GSS.java:
make sure the JGSS-without-JAAS programming style works
TwoTab.java:
make sure that each entry in a sing
Andrew
Can you review this? It's pure test for existing functions.
Thanks
Max
On 03/09/2012 01:39 PM, Weijun Wang wrote:
Hi Valerie
This code change is only inside jdk/test/:
http://cr.openjdk.java.net/~weijun/7152176/webrev.00/
Basic.java:
the simplest test I can use as skeleton
Changeset: 0d1c576980a0
Author:weijun
Date: 2012-03-20 19:12 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0d1c576980a0
7152176: More krb5 tests
Reviewed-by: xuelei
+ test/sun/security/krb5/auto/Basic.java
! test/sun/security/krb5/auto/Context.java
+ test/sun/security/krb5/
The webrev is at
http://cr.openjdk.java.net/~weijun/7158329/webrev.00/
There are two places where the content (getDefaultCreds) of a cache
might be null, one with a specified ccache file name, one default. In
order to check for both, a KRB5CCNAME environment variable is needed.
Therefore th
ode could even be co-located in the EmptyCC.java file.
-- Jon
On 04/05/2012 02:32 AM, Weijun Wang wrote:
The webrev is at
http://cr.openjdk.java.net/~weijun/7158329/webrev.00/
There are two places where the content (getDefaultCreds) of a cache
might be null, one with a specified ccache file name,
d wrap the whole subprocess in
a try block and call System.exit(1) whenever an exception is thrown?
Thanks
Max
-- Jon
On 04/05/2012 07:35 PM, Weijun Wang wrote:
Webrev updated:
http://cr.openjdk.java.net/~weijun/7158329/webrev.01
No change to src.
*Jon*: Is this the correct style to use Proc
d wrap the whole subprocess in
a try block and call System.exit(1) whenever an exception is thrown?
Thanks
Max
-- Jon
On 04/05/2012 07:35 PM, Weijun Wang wrote:
Webrev updated:
http://cr.openjdk.java.net/~weijun/7158329/webrev.01
No change to src.
*Jon*: Is this the correct style to use Proc
Changeset: 1ffe2565ec06
Author:weijun
Date: 2012-04-10 12:15 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1ffe2565ec06
7158329: NPE in sun.security.krb5.Credentials.acquireDefaultCreds()
Reviewed-by: valeriep, jjg
! src/share/classes/sun/security/krb5/Credentials.java
+ te
Hi Valerie
Please take a review at
http://cr.openjdk.java.net/~weijun/7162687/webrev.00/
Basically I add a connect() before send/receive and if a KDC UDP server
is not on, an ICMP Port Unreachable message will be received
immediately, and there will be no more retry on the same KDC.
In t
Hi Jonathan
Some comments:
1. Can you be sure that the new format always has the same length?
jarsigner tries to output in a tabular style and each column should be
aligned.
2. You might need to reformat the modified line to make it fit into 80
characters width.
3. Why not include the tes
On 04/25/2012 03:28 PM, Jonathan Lu wrote:
Hi Weijun,
Thanks for your time, I've updated the webrev, could you please take a
look?
http://cr.openjdk.java.net/~luchsh/7163483_2/
On 04/24/2012 03:06 PM, Weijun Wang wrote:
Hi Jonathan
Some comments:
1. Can you be sure that the new f
On 04/25/2012 05:23 PM, Jonathan Lu wrote:
Hi Max,
On 04/25/2012 05:12 PM, Weijun Wang wrote:
On 04/25/2012 03:28 PM, Jonathan Lu wrote:
Hi Weijun,
Thanks for your time, I've updated the webrev, could you please take a
look?
http://cr.openjdk.java.net/~luchsh/7163483_2/
On 04/24/20
hanks
Max
On 04/25/2012 07:09 PM, Jonathan Lu wrote:
Hello Max,
Terribly sorry for my misunderstanding!
On 04/25/2012 05:39 PM, Weijun Wang wrote:
On 04/25/2012 05:23 PM, Jonathan Lu wrote:
Hi Max,
On 04/25/2012 05:12 PM, Weijun Wang wrote:
On 04/25/2012 03:28 PM, Jonathan Lu wrote
Looks fine.
It seems people normally put "static" before "final", but since there
are already 2 "final static" there, you're free to do anything.
Thanks
Max
On 04/27/2012 12:07 PM, Xuelei Fan wrote:
On 4/27/2012 11:46 AM, David Schlosnagle wrote:
On Apr 26, 2012, at 10:07 PM, Xuelei Fan wr
The fix is good, but I think you are over-commenting. Everyone seeing
the synchronized keyword knows what it means. You can keep the new lines
at 380-381.
Thanks
Max
On 05/04/2012 12:37 PM, Xuelei Fan wrote:
Hi,
Please review the synchronization issue in SSLContextImpl.
bug detail: http://b
On 05/04/2012 04:24 PM, Xuelei Fan wrote:
On May 4, 2012, at 3:31 PM, Weijun Wang wrote:
The fix is good, but I think you are over-commenting. Everyone seeing the
synchronized keyword knows what it means. You can keep the new lines at 380-381.
Thanks for the review. The purpose of the
/2012 4:39 PM, Weijun Wang wrote:
On 05/04/2012 04:24 PM, Xuelei Fan wrote:
On May 4, 2012, at 3:31 PM, Weijun Wang wrote:
The fix is good, but I think you are over-commenting. Everyone seeing
the synchronized keyword knows what it means. You can keep the new
lines at 380-381.
Thanks for
uite a lot of our test machines
are virtual machines and Windows guests always get timing wrong. Remove
that check.
Thanks
Max
On 04/19/2012 11:21 AM, Weijun Wang wrote:
Hi Valerie
Please take a review at
http://cr.openjdk.java.net/~weijun/7162687/webrev.00/
Basically I add a connect() b
Hi Xuelei
I've adopted your style of synchronizing the SSL client and server.
Please take a review at
http://cr.openjdk.java.net/~weijun/7170308/webrev.00/
Noreg-self.
Thanks
Max
On 05/21/2012 10:14 AM, weijun.w...@oracle.com wrote:
*Change Request ID*: 7170308
*Synopsis*: timing error i
client will deadly
wait for the setting.
I think it may be a little safer to have the set of serverReady in a
final clause.
try {
SSLServerSocketFactory sslssf =
...
} finally {
serverReady = true;
}
Xuelei
On 5/21/2012 10:52 AM, Weijun Wang wrote:
Hi Xuelei
I've adopted
Changeset: 72af24348b2b
Author:weijun
Date: 2012-05-21 15:40 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/72af24348b2b
7170308: timing error in the krb5 test SSL.java
Reviewed-by: xuelei
! test/sun/security/krb5/auto/SSL.java
work
there.
So, what is the behavior on Mac then? Is it a different type of
SocketException or else?
On Mac, connect() does not call the native connect so PUE is not thrown.
It simply waits until a SocketTimeoutException is thrown. The reason is
7122794.
Thanks
Max
Thanks,
Valerie
On 05/18/
Changeset: a2fc04c2dfc8
Author:weijun
Date: 2012-05-23 15:51 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a2fc04c2dfc8
7162687: enhance KDC server availability detection
Reviewed-by: valeriep
! src/share/classes/sun/security/krb5/KdcComm.java
! src/share/classes/sun/securi
Changeset: a5bb0343f135
Author:weijun
Date: 2012-06-04 18:06 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a5bb0343f135
7173036: test/com/sun/jdi/ConnectedVMs.java does not run as expected
Reviewed-by: alanb
! test/com/sun/jdi/ConnectedVMs.java
Xuelei or Valerie,
Anyone can take a review on this cleanup?
http://cr.openjdk.java.net/~weijun/7172701/webrev.00/
There are two parts in the webrev:
1. policy and option combined as option in KDC.java. Policy was designed
(in the configMatch method) to match a rule to client and server na
Changeset: 0678af55d3db
Author:weijun
Date: 2012-06-05 17:11 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0678af55d3db
7172701: KDC tests cleanup
Reviewed-by: xuelei
! test/sun/security/krb5/auto/KDC.java
! test/sun/security/krb5/auto/OkAsDelegate.java
! test/sun/security/
Hi Xuelei
Can you take a look at this?
http://cr.openjdk.java.net/~weijun/7174351/webrev.00
In the test, I try to import a JCEKS keystore into a JKS one. The JCEKS
one includes 4 entries:
s1, Jun 5, 2012, SecretKeyEntry,
s2, Jun 5, 2012, SecretKeyEntry,
c1, Jun 5, 2012, trustedCer
Changeset: b6eb10d6932f
Author:weijun
Date: 2012-06-06 10:05 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/b6eb10d6932f
7174351: test/sun/security/tools/keytool/standard.sh failed after new Hashtable
Reviewed-by: xuelei
! test/sun/security/tools/keytool/KeyToolTest.java
701 - 800 of 3227 matches
Mail list logo
