[security-dev 00086]: hg: jdk7/jsn/jdk: 2 new changesets

2008-03-05 Thread weijun . wang
Changeset: d842462572a9 Author:weijun Date: 2008-03-05 22:15 +0800 URL: http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/d842462572a9 6590930: reed/write does not match for ccache Summary: Add null-awareness to ccache read Reviewed-by: valeriep !

[security-dev 00099]: hg: jdk7/jsn/jdk: 6634644: broken fragment, should use @link

2008-03-08 Thread weijun . wang
Changeset: ac695089ccc5 Author:weijun Date: 2008-03-08 22:49 +0800 URL: http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/ac695089ccc5 6634644: broken fragment, should use @link Reviewed-by: mullan ! src/share/classes/javax/security/cert/X509Certificate.java

[security-dev 00251]: hg: jdk7/jsn/jdk: 6709758: keytool default cert fingerprint algorithm should be SHA1, not MD5

2008-07-27 Thread weijun . wang
Changeset: 9655476d50f4 Author:weijun Date: 2008-07-27 19:16 +0800 URL: http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/9655476d50f4 6709758: keytool default cert fingerprint algorithm should be SHA1, not MD5 Reviewed-by: mullan, xuelei !

[security-dev 00262]: Code review: Failure when SPNEGO request non-Mutual

2008-08-04 Thread Weijun Wang
Hi All Please review this code fix: The bug: http://bugs.sun.com/view_bug.do?bug_id=6733095 Synopsis: Failure when SPNEGO request non-Mutual Webrev URL: http://hgrev.appspot.com/show?id=201 Description: Using SPNEGO, when the client calls reqMutualAuth(false) with Kerberos

[security-dev 00269]: hg: jdk7/jsn/jdk: 6731685: CertificateFactory.generateCertificates throws IOException on PKCS7 cert chain

2008-08-05 Thread weijun . wang
Changeset: a4ff2fe5b5d9 Author:weijun Date: 2008-08-06 08:11 +0800 URL: http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/a4ff2fe5b5d9 6731685: CertificateFactory.generateCertificates throws IOException on PKCS7 cert chain Reviewed-by: mullan !

[security-dev 00298]: hg: jdk7/jsn/jdk: 6740833: krb5.conf does not accept kdc=hostname (no spaces around =)

2008-09-08 Thread weijun . wang
Changeset: bcb61dfc8514 Author:weijun Date: 2008-09-08 14:17 +0800 URL: http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/bcb61dfc8514 6740833: krb5.conf does not accept kdc=hostname (no spaces around =) Reviewed-by: xuelei ! src/share/classes/sun/security/krb5/Config.java

[security-dev 00346]: hg: jdk7/jsn/jdk: 6706974: Add krb5 test infrastructure

2008-10-16 Thread weijun . wang
Changeset: 3f051f3ba5bb Author:weijun Date: 2008-10-17 13:02 +0800 URL: http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/3f051f3ba5bb 6706974: Add krb5 test infrastructure Reviewed-by: valeriep + test/sun/security/krb5/auto/Action.java + test/sun/security/krb5/auto/BasicKrb5Test.java +

[security-dev 00349]: hg: jdk7/jsn/jdk: 6761072: new krb5 tests fail on multiple platforms

2008-10-19 Thread weijun . wang
Changeset: 0bf6c9c6fdc5 Author:weijun Date: 2008-10-20 10:32 +0800 URL: http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/0bf6c9c6fdc5 6761072: new krb5 tests fail on multiple platforms Reviewed-by: xuelei ! test/sun/security/krb5/auto/BasicKrb5Test.java !

[security-dev 00360]: JGSS/krb5: Too strict Krb5LoginModule options validation

2008-10-21 Thread Weijun Wang
Hi All Currently we have this check inside Krb5LoginModule: private void validateConfiguration() throws LoginException { if (doNotPrompt !useTicketCache !useKeyTab) throw new LoginException (Configuration Error + - either doNotPrompt

[security-dev 00400]: hg: jdk7/tl/jdk: 2 new changesets

2008-11-12 Thread weijun . wang
Changeset: d2f96992b77b Author:weijun Date: 2008-11-12 16:00 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d2f96992b77b 6733095: Failure when SPNEGO request non-Mutual Reviewed-by: valeriep ! src/share/classes/sun/security/jgss/GSSContextImpl.java !

[security-dev 00429]: Request for comment: How to enable credentials delegation in HTTP Negotiate?

2008-11-24 Thread Weijun Wang
Hi All The current implementation of HTTP Negotiate authentication has not enabled credential delegation (it simply acquires a new one using either a cached TGT or username/password from Authenticator). This means that in a multi-tier application, a middle tier cannot start an HTTP request (to

[security-dev 00499]: hg: jdk7/tl/jdk: 6793475: krb5.ini not found on some Windows

2009-01-19 Thread weijun . wang
Changeset: 9260d9bd0843 Author:weijun Date: 2009-01-19 18:49 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/9260d9bd0843 6793475: krb5.ini not found on some Windows Reviewed-by: xuelei ! src/share/classes/sun/security/krb5/Config.java !

[security-dev 00545]: hg: jdk7/tl/jdk: 2 new changesets

2009-02-02 Thread weijun . wang
Changeset: dbb82636df41 Author:weijun Date: 2009-02-03 09:38 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/dbb82636df41 6552334: Enable DNS in Kerberos by default Reviewed-by: valeriep ! src/share/classes/sun/security/krb5/Config.java !

[security-dev 00547]: Should X509Factory.engineCenerateCertificates() use is.avaiable()?

2009-02-04 Thread Weijun Wang
Hi All I'm implementing new keytool commands. The following command throw an exception: $ cat req | keytool -gencert | keytool -printcert Exception in thread main java.lang.Exception: Empty input at sun.security.tools.KeyTool.printCertFromStream(KeyTool.java:1898) at

[security-dev 00641]: Please review:

2009-03-02 Thread Weijun Wang
Hi All A code review request for 6705872 SecureRandom number init is taking too long on a java.io.tmpdir with a large number of files. http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6705872 Webrev is at: http://cr.openjdk.java.net/~weijun/6705872/webrev.00/ The threshold

[security-dev 00642]: Review request: Infinite loop if SPNEGO specified as sun.security.jgss.mechanism

2009-03-02 Thread Weijun Wang
Hi Andrew or Valerie Please take a review at this bug fix: http://cr.openjdk.java.net/~weijun/6770883/webrev.01/ http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6770883 Basically. Since SPNEGO is a pseudo-mech that's meant to negotiate a real concrete mech, SPNEGO itself cannot be used

[security-dev 00648]: Re: Please review:

2009-03-03 Thread Weijun Wang
Thanks, both suggestions accepted. Max Alan Bateman wrote: Weijun Wang wrote: Xuelei Fan wrote: Max, I'm not satisfied with the fix, it try to read the *first* 1024 files in the java.io.tmpdir, I don't know the order of the iterator of java.nio.file.Path.newDirectoryStream

[security-dev 00659]: hg: jdk7/tl/jdk: 6705872: SecureRandom number init is taking too long on a java.io.tmpdir with a large number of files.

2009-03-03 Thread weijun . wang
Changeset: a8d9e8cb38bb Author:weijun Date: 2009-03-04 15:09 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/a8d9e8cb38bb 6705872: SecureRandom number init is taking too long on a java.io.tmpdir with a large number of files. Reviewed-by: xuelei, alanb !

[security-dev 00681]: keytool: -import reply different when length is different

2009-03-10 Thread Weijun Wang
Hi In keytool's installReply(), there is: if (replyCerts.length == 1) { // single-cert reply newChain = establishCertChain(userCert, replyCerts[0]); } else { // cert-chain reply (e.g., PKCS#7) newChain = validateReply(alias,

[security-dev 00685]: hg: jdk7/tl/jdk: 2 new changesets

2009-03-12 Thread weijun . wang
Changeset: 9d5cce463fa0 Author:weijun Date: 2009-03-13 09:20 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/9d5cce463fa0 6815182: GSSAPI/SPNEGO does not work with server using MIT Kerberos library Reviewed-by: valeriep !

[security-dev 00699]: hg: jdk7/tl/jdk: 6819272: keytool -importcert should read the whole input

2009-03-18 Thread weijun . wang
Changeset: 87acd36bd847 Author:weijun Date: 2009-03-19 11:17 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/87acd36bd847 6819272: keytool -importcert should read the whole input Reviewed-by: xuelei ! src/share/classes/sun/security/tools/KeyTool.java +

[security-dev 00710]: hg: jdk7/tl/jdk: 6820606: keytool can generate serialno more randomly

2009-03-23 Thread weijun . wang
Changeset: 74fe20f0e49b Author:weijun Date: 2009-03-23 17:05 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/74fe20f0e49b 6820606: keytool can generate serialno more randomly Reviewed-by: xuelei ! src/share/classes/sun/security/tools/KeyTool.java !

[security-dev 00722]: hg: jdk7/tl/jdk: 6802846: jarsigner needs enhanced cert validation(options)

2009-03-26 Thread weijun . wang
Changeset: b752110df530 Author:weijun Date: 2009-03-27 11:05 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/b752110df530 6802846: jarsigner needs enhanced cert validation(options) Reviewed-by: xuelei ! src/share/classes/sun/security/tools/JarSigner.java !

[security-dev 00731]: hg: jdk7/tl/jdk: 6825352: support self-issued certificate in keytool

2009-04-02 Thread weijun . wang
Changeset: ee75d1fac0ca Author:weijun Date: 2009-04-03 11:36 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ee75d1fac0ca 6825352: support self-issued certificate in keytool Reviewed-by: xuelei ! src/share/classes/sun/security/tools/KeyTool.java +

[security-dev 00744]: hg: jdk7/tl/jdk: 4811968: ASN.1 (X509Certificate) implementations don't handle large OID components

2009-04-08 Thread weijun . wang
Changeset: a31f5f824580 Author:weijun Date: 2009-04-08 13:54 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/a31f5f824580 4811968: ASN.1 (X509Certificate) implementations don't handle large OID components Reviewed-by: xuelei !

[security-dev 00747]: hg: jdk7/tl/jdk: 6714845: Quotes in Kerberos configuration file are included in the values

2009-04-09 Thread weijun . wang
Changeset: 8d37331265ae Author:weijun Date: 2009-04-09 15:32 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/8d37331265ae 6714845: Quotes in Kerberos configuration file are included in the values Reviewed-by: xuelei ! src/share/classes/sun/security/krb5/Config.java +

[security-dev 00749]: Code review request: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication()

2009-04-12 Thread Weijun Wang
Hi Valerie and Networking guys Please take a review at this bug fix: http://cr.openjdk.java.net/~weijun/6578647/webrev.00/ The bug is http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6578647 The bug report says that no URL-related info is available in Authenticator when using

[security-dev 00755]: hg: jdk7/tl/jdk: 6830658: Changeset 897b2d42995a breaks the fastdebug build in NativeCreds.c

2009-04-15 Thread weijun . wang
Changeset: 33e06332c9d4 Author:weijun Date: 2009-04-16 11:16 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/33e06332c9d4 6830658: Changeset 897b2d42995a breaks the fastdebug build in NativeCreds.c Reviewed-by: tbell ! src/windows/native/sun/security/krb5/NativeCreds.c

[security-dev 00756]: Re: Code review request: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication()

2009-04-16 Thread Weijun Wang
, putting two Kerberos KDC, one HTTP server, one proxy server in a single regression test is fun! Thanks Mx On Apr 14, 2009, at 8:55 PM, Max (Weijun) Wang wrote: On Apr 14, 2009, at 5:59 PM, Christopher Hegarty - Sun Microsystems Ireland wrote: Hi Max, I only looked at the networking

[security-dev 00787]: Re: Code review request: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication()

2009-04-27 Thread Weijun Wang
these values. As I said the comments are minor (feel free to ignore them). Otherwise looks good. -Chris. Weijun Wang wrote: Hi Chris/Valerie Can you take a review on a related bug. I found it when I wrote the test for the previous one. 6829283: HTTP/Negotiate: Authenticator triggered

[security-dev 00858]: Re: Code review request: 6813340: X509Factory should not depend on is.available()==0

2009-05-25 Thread Weijun Wang
The new webrev is at http://cr.openjdk.java.net/~weijun/6813340/webrev.03 Changes compared to last webrev is: diff -r 59db2c7c37fa src/share/classes/sun/security/provider/X509Factory.java --- a/src/share/classes/sun/security/provider/X509Factory.java +++

[security-dev 00887]: hg: jdk7/tl/jdk: 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication()

2009-06-09 Thread weijun . wang
Changeset: 8f405b65ddac Author:weijun Date: 2009-06-09 14:17 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/8f405b65ddac 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() Reviewed-by: chegar, valeriep !

[security-dev 00903]: hg: jdk7/tl/jdk: 6849275: enhance krb5 reg tests

2009-06-17 Thread weijun . wang
Changeset: bc2c9dbdcc70 Author:weijun Date: 2009-06-17 15:26 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/bc2c9dbdcc70 6849275: enhance krb5 reg tests Reviewed-by: xuelei ! test/sun/security/krb5/auto/CrossRealm.java ! test/sun/security/krb5/auto/HttpNegotiateServer.java

[security-dev 00904]: hg: jdk7/tl/jdk: 6712755: jarsigner fails to sign itextasian.jar since 1.5.0_b14, it works with 1.5.0_13

2009-06-17 Thread weijun . wang
Changeset: 863351d5d244 Author:weijun Date: 2009-06-18 11:12 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/863351d5d244 6712755: jarsigner fails to sign itextasian.jar since 1.5.0_b14, it works with 1.5.0_13 Reviewed-by: mullan !

[security-dev 00941]: hg: jdk7/tl/jdk: 6855671: DerOutputStream encodes negative integer incorrectly

2009-06-29 Thread weijun . wang
Changeset: 605d3fa6764e Author:weijun Date: 2009-06-30 11:55 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/605d3fa6764e 6855671: DerOutputStream encodes negative integer incorrectly Reviewed-by: xuelei ! src/share/classes/sun/security/util/DerOutputStream.java +

[security-dev 00948]: Re: code review request 6853793: OutOfMemoryError in sun.security.provider.certpath.OCSPChecker.check

2009-07-02 Thread Weijun Wang
I understand what the code means. It either reads contentLength bytes of data, or, if it's -1, reads until EOF. However, I guess it would look simpler if you use only one while(read): if (contentLength == -1) { resp = new byte[contentLength]; } else { resp = new byte[2048];

[security-dev 00949]: Re: code review request 6853793: OutOfMemoryError in sun.security.provider.certpath.OCSPChecker.check

2009-07-02 Thread Weijun Wang
; total += count; } Weijun Wang wrote: I understand what the code means. It either reads contentLength bytes of data, or, if it's -1, reads until EOF. However, I guess it would look simpler if you use only one while(read): if (contentLength == -1) { resp = new byte[contentLength

[security-dev 00968]: hg: jdk7/tl/jdk: 2 new changesets

2009-07-07 Thread weijun . wang
Changeset: 1175f872a968 Author:weijun Date: 2009-07-08 12:07 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/1175f872a968 6857802: GSS getRemainingInitLifetime method returns milliseconds not seconds Reviewed-by: xuelei !

[security-dev 00998]: CCAPI in Java

2009-07-21 Thread Weijun Wang
Hi Shawn Earlier this year, you've asked me about supporting CCAPI in Java. At the time, our Java JGSS provider only support the FILE ccache reading. (We do have a native bridge to GSSAPI but that provider is not turned on by default). I'm creating a native bridge to CCAPI now. Some questions:

[security-dev 00999]: hg: jdk7/tl/jdk: 4 new changesets

2009-07-22 Thread weijun . wang
Changeset: 81e3117803a5 Author:weijun Date: 2009-07-22 16:39 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/81e3117803a5 6858589: more changes to Config on system properties Reviewed-by: valeriep ! src/share/classes/sun/security/krb5/Config.java !

[security-dev 01032]: hg: jdk7/tl/jdk: 6867231: Regression: jdk/test/sun/security/krb5/ConfPlusProp.java error against jdk7/pit/b68

2009-07-31 Thread weijun . wang
Changeset: 0c58a7b6b978 Author:weijun Date: 2009-07-31 16:21 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/0c58a7b6b978 6867231: Regression: jdk/test/sun/security/krb5/ConfPlusProp.java error against jdk7/pit/b68 Reviewed-by: xuelei !

[security-dev 01034]: hg: jdk7/tl/jdk: 6867687: keytool's standard.sh test timeout sometimes

2009-08-01 Thread weijun . wang
Changeset: 2536ab04dc68 Author:weijun Date: 2009-08-02 13:40 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/2536ab04dc68 6867687: keytool's standard.sh test timeout sometimes Reviewed-by: xuelei ! test/sun/security/tools/keytool/standard.sh

[security-dev 01064]: hg: jdk7/tl/jdk: 3 new changesets

2009-08-10 Thread weijun . wang
Changeset: 5439d705c04e Author:weijun Date: 2009-08-11 12:15 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/5439d705c04e 6866479: libzip.so caused JVM to crash when running jarsigner Reviewed-by: mullan ! src/share/classes/sun/security/tools/JarSigner.java +

[security-dev 01065]: hg: jdk7/tl/jdk: 6868867: Test: sun/security/tools/keytool/standard.sh fails under windows/cygwin

2009-08-11 Thread weijun . wang
Changeset: efe2d2a55b3b Author:weijun Date: 2009-08-11 15:36 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/efe2d2a55b3b 6868867: Test: sun/security/tools/keytool/standard.sh fails under windows/cygwin Reviewed-by: wetmore ! src/share/classes/sun/security/tools/KeyTool.java

[security-dev 01090]: hg: jdk7/tl/jdk: 6829785: TextCallbackHandler does not honor PasswordCallback.isEchoOn()

2009-08-17 Thread weijun . wang
Changeset: 8414927b41d8 Author:weijun Date: 2009-08-18 10:20 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/8414927b41d8 6829785: TextCallbackHandler does not honor PasswordCallback.isEchoOn() Reviewed-by: mullan !

[security-dev 01112]: hg: jdk7/tl/jdk: 6875033: regression: test of 6867665 fail

2009-08-24 Thread weijun . wang
Changeset: dbcc1f13e4fd Author:weijun Date: 2009-08-24 18:37 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/dbcc1f13e4fd 6875033: regression: test of 6867665 fail Reviewed-by: xuelei ! test/sun/security/krb5/ktab/HighestKvno.java

[security-dev 01121]: hg: jdk7/tl/jdk: 6868864: Kerberos tests fail under windows/cygwin

2009-08-25 Thread weijun . wang
Changeset: 2607e571a6d5 Author:weijun Date: 2009-08-26 12:17 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/2607e571a6d5 6868864: Kerberos tests fail under windows/cygwin Reviewed-by: wetmore ! test/sun/security/krb5/auto/basic.sh

[security-dev 01173]: hg: jdk7/tl/jdk: 2 new changesets

2009-09-04 Thread weijun . wang
Changeset: ee5300e1835a Author:weijun Date: 2009-09-04 14:58 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ee5300e1835a 6876328: different names for the same digest algorithms breaks jarsigner Reviewed-by: mullan ! src/share/classes/sun/security/tools/JarSigner.java +

[security-dev 01238]: hg: jdk7/tl/jdk: 6877357: IPv6 address does not work

2009-09-21 Thread weijun . wang
Changeset: 81dffe63c913 Author:weijun Date: 2009-09-22 10:01 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/81dffe63c913 6877357: IPv6 address does not work Reviewed-by: xuelei, alanb ! src/share/classes/sun/security/krb5/KrbKdcReq.java + test/sun/security/krb5/IPv6.java

[security-dev 01252]: hg: jdk7/tl/jdk: 6885166: regression test for 6877357 (IPv6 address does not work) error (timed out)

2009-09-24 Thread weijun . wang
Changeset: bd928aefe692 Author:weijun Date: 2009-09-24 21:35 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/bd928aefe692 6885166: regression test for 6877357 (IPv6 address does not work) error (timed out) Reviewed-by: xuelei ! test/sun/security/krb5/IPv6.java

[security-dev 01266]: hg: jdk7/tl/jdk: 4 new changesets

2009-10-02 Thread weijun . wang
Changeset: 527ad9cbc9cf Author:weijun Date: 2009-10-02 18:44 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/527ad9cbc9cf 6324292: keytool -help is unhelpful Reviewed-by: xuelei, mullan ! src/share/classes/sun/security/tools/KeyTool.java !

[security-dev 01330]: hg: jdk7/tl/jdk: 6870812: enhance security tools to use ECC algorithms

2009-10-20 Thread weijun . wang
Changeset: 0d7c64c023c6 Author:weijun Date: 2009-10-21 08:17 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/0d7c64c023c6 6870812: enhance security tools to use ECC algorithms Reviewed-by: vinnie, mullan ! src/share/classes/java/util/jar/JarFile.java !

[security-dev 01344]: hg: jdk7/tl/jdk: 2 new changesets

2009-10-28 Thread weijun . wang
Changeset: 6764ef7d539d Author:weijun Date: 2009-10-28 15:32 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/6764ef7d539d 6893158: AP_REQ check should use key version number Reviewed-by: valeriep, xuelei ! src/share/classes/sun/security/krb5/EncryptionKey.java !

[security-dev 01348]: hg: jdk7/tl/jdk: 6894534: SeedGenerator shouldn't require java.nio.file to be present

2009-10-29 Thread weijun . wang
Changeset: a1923ebcd61b Author:weijun Date: 2009-10-30 11:28 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/a1923ebcd61b 6894534: SeedGenerator shouldn't require java.nio.file to be present Reviewed-by: alanb ! src/share/classes/sun/security/provider/SeedGenerator.java

[security-dev 01417]: hg: jdk7/tl/jdk: 3 new changesets

2009-11-26 Thread weijun . wang
Changeset: 7871897537b1 Author:weijun Date: 2009-11-27 08:51 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7871897537b1 6853328: Support OK-AS-DELEGATE flag Reviewed-by: valeriep ! src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java !

[security-dev 01437]: hg: jdk7/tl/jdk: 2 new changesets

2009-12-06 Thread weijun . wang
Changeset: 0f494453cd0a Author:weijun Date: 2009-12-07 15:27 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/0f494453cd0a 6879540: enable empty password for kerberos 5 Reviewed-by: valeriep, wetmore ! src/share/classes/com/sun/crypto/provider/HmacCore.java !

[security-dev 01450]: hg: jdk7/tl/jdk: 6908628: ObjectIdentifier s11n test fails

2009-12-08 Thread weijun . wang
Changeset: db5c77621c6b Author:weijun Date: 2009-12-09 11:15 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/db5c77621c6b 6908628: ObjectIdentifier s11n test fails Reviewed-by: xuelei ! test/sun/security/util/Oid/S11N.sh

[security-dev 01489]: hg: jdk7/tl/jdk: 2 new changesets

2010-01-04 Thread weijun . wang
Changeset: ef9774dc4f5a Author:weijun Date: 2010-01-05 10:40 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ef9774dc4f5a 6895424: RFC 5653 Reviewed-by: valeriep ! src/share/classes/org/ietf/jgss/GSSName.java ! src/share/classes/sun/security/jgss/GSSManagerImpl.java !

[security-dev 01559]: hg: jdk7/tl/jdk: 6919610: KeyTabInputStream uses static field for per-instance value

2010-01-26 Thread weijun . wang
Changeset: 558f2a424bfa Author:weijun Date: 2010-01-26 17:03 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/558f2a424bfa 6919610: KeyTabInputStream uses static field for per-instance value Reviewed-by: mullan !

[security-dev 01589]: hg: jdk7/tl/jdk: 6922482: keytool's help on -file always shows 'output file'

2010-02-03 Thread weijun . wang
Changeset: e6ab5fabaf7e Author:weijun Date: 2010-02-03 17:04 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e6ab5fabaf7e 6922482: keytool's help on -file always shows 'output file' Reviewed-by: wetmore ! src/share/classes/sun/security/tools/KeyTool.java +

[security-dev 01614]: hg: jdk7/tl/jdk: 6925639: keytool -genkeypair -help missing dname option

2010-02-11 Thread weijun . wang
Changeset: d7d8807fca86 Author:weijun Date: 2010-02-12 10:24 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d7d8807fca86 6925639: keytool -genkeypair -help missing dname option Reviewed-by: mullan ! src/share/classes/sun/security/tools/KeyTool.java

[security-dev 01633]: Re: CR 6928227 Updated, weijun.wang now responsible engineer, P4 java/classes_secu keytool -printcert fails on extra trailing whitespace.

2010-02-23 Thread Weijun Wang
Hi Brad Keytool's -printcert tries to parse multiple certificates in a single file, when there is an empty line there it tries to parse it as another certificate, and fails. I had a fix some time ago that covers this issue -- http://cr.openjdk.java.net/~weijun/6813340/webrev.04/ Andrew

[security-dev 01693]: hg: jdk7/tl/jdk: 6868865: Test: sun/security/tools/jarsigner/oldsig.sh fails under all platforms

2010-03-16 Thread weijun . wang
Changeset: 0500f7306cbe Author:weijun Date: 2010-03-17 09:55 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/0500f7306cbe 6868865: Test: sun/security/tools/jarsigner/oldsig.sh fails under all platforms Reviewed-by: wetmore ! test/sun/security/tools/jarsigner/oldsig.sh

[security-dev 01694]: hg: jdk7/tl/jdk: 6829283: HTTP/Negotiate: Autheticator triggered again when user cancels the first one

2010-03-18 Thread weijun . wang
Changeset: 2796f839e337 Author:weijun Date: 2010-03-18 18:26 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/2796f839e337 6829283: HTTP/Negotiate: Autheticator triggered again when user cancels the first one Reviewed-by: chegar !

[security-dev 01714]: '\0' in alias name of a pkcs11 keystore

2010-03-18 Thread Weijun Wang
Hi Valerie As described in http://forums.sun.com/thread.jspa?threadID=5432248, customer's pkcs11 keystore has aliases ended with '\0'. Is this something we should fix on the Java side? Thanks Max

[security-dev 01732]: hg: jdk7/tl/jdk: 6586707: NTLM authentication with proxy fails

2010-03-22 Thread weijun . wang
Changeset: 31dcf23042f9 Author:weijun Date: 2010-03-23 10:41 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/31dcf23042f9 6586707: NTLM authentication with proxy fails Reviewed-by: chegar ! src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java

[security-dev 01738]: hg: jdk7/tl/jdk: 6813340: X509Factory should not depend on is.available()==0

2010-03-24 Thread weijun . wang
Changeset: 26477628f2d5 Author:weijun Date: 2010-03-25 12:07 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/26477628f2d5 6813340: X509Factory should not depend on is.available()==0 Reviewed-by: xuelei ! src/share/classes/sun/security/provider/X509Factory.java !

Re: CR 6939248/7 Created, P4 java/classes_secu Jarsigner can't extract Extended Key Usage from Timestamp Reply currectly

2010-04-12 Thread Weijun Wang
Hi Xuelei and Sean Please take a review on the fix for OpenJDK: http://cr.openjdk.java.net/~weijun/6939248/webrev.00 Note that I've added some check: 1. response cert null check 2. extension isCritical check About the test: 1. Since keytool can now generate extensions, binary keystore is

hg: jdk7/tl/jdk: 6937978: let keytool -gencert generate the chain

2010-04-15 Thread weijun . wang
Changeset: db4fd2fdf196 Author:weijun Date: 2010-04-16 10:06 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/db4fd2fdf196 6937978: let keytool -gencert generate the chain Reviewed-by: mullan ! src/share/classes/sun/security/tools/KeyTool.java !

hg: jdk7/tl/jdk: 6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly

2010-04-15 Thread weijun . wang
Changeset: 0d989dc383d3 Author:weijun Date: 2010-04-16 10:13 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/0d989dc383d3 6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly Reviewed-by: xuelei, mullan !

Re: CR 6911951 Updated, weijun.wang now responsible engineer, P4 java/classes_secu NTLM should be a supported Java SASL mechanism

2010-04-15 Thread Weijun Wang
Vinnie Please take a review on this webrev: cr.openjdk.java.net/~weijun/6911951/webrev.00/ I've updated the spec a little by making NTLMv2 as the default version. It has been supported for a long time and now default with Windows 7 and Server 2008 R2. Networking guys, are you OK with the

hg: jdk7/tl/jdk: 6944847: native gss lib names on linux

2010-04-20 Thread weijun . wang
Changeset: 97fb6f6d230a Author:weijun Date: 2010-04-20 19:30 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/97fb6f6d230a 6944847: native gss lib names on linux Reviewed-by: valeriep ! src/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java +

code review request: 6856069 PrincipalName.clone() does not invoke super.clone()

2010-04-20 Thread Weijun Wang
Hi Anyone can review this code change? http://cr.openjdk.java.net/~weijun/6856069/webrev.00/ Thanks Max Begin forwarded message: *Change Request ID*: 6856069 *Synopsis*: PrincipalName.clone() does not invoke super.clone() === *Description*

Re: code review request: 6856069 PrincipalName.clone() does not invoke super.clone()

2010-04-21 Thread Weijun Wang
. -Chris. On 21/04/2010 04:56, Weijun Wang wrote: Hi Anyone can review this code change? http://cr.openjdk.java.net/~weijun/6856069/webrev.00/ Thanks Max Begin forwarded message: *Change Request ID*: 6856069 *Synopsis*: PrincipalName.clone() does not invoke super.clone

hg: jdk7/tl/jdk: 6856069: PrincipalName.clone() does not invoke super.clone()

2010-04-21 Thread weijun . wang
Changeset: edde2f60415b Author:weijun Date: 2010-04-22 12:45 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/edde2f60415b 6856069: PrincipalName.clone() does not invoke super.clone() Reviewed-by: chegar ! src/share/classes/sun/security/krb5/PrincipalName.java +

code review request: 6948287 KDC test strange kvno

2010-04-28 Thread Weijun Wang
Hi Please take a review at this test bug: http://cr.openjdk.java.net/~weijun/6948287/webrev.00 Thanks Max *Change Request ID*: 6948287 *Synopsis*: KDC test strange kvno Keywords: noreg-self === *Description* In

hg: jdk7/tl/jdk: 2 new changesets

2010-04-29 Thread weijun . wang
Changeset: b833a422c776 Author:weijun Date: 2010-04-29 15:50 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/b833a422c776 6947487: use HexDumpEncoder.encodeBuffer() Reviewed-by: mullan ! src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java !

code review request: 6948781: CertificateFactory.generateCertificate doesn't throw CertificateException for malformed certificate

2010-05-03 Thread Weijun Wang
Hi All Please review the following code change: http://cr.openjdk.java.net/~weijun/6948781/webrev.00/ === *Evaluation* = The new parser in 6813340 is too loose in checking the footer, it simply checks if the line starts with a

hg: jdk7/tl/jdk: 6948909: Jarsigner removes MANIFEST.MF info for badly packages jar's

2010-05-05 Thread weijun . wang
Changeset: 3d51799b65a9 Author:weijun Date: 2010-05-06 11:26 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3d51799b65a9 6948909: Jarsigner removes MANIFEST.MF info for badly packages jar's Reviewed-by: mullan, xuelei ! src/share/classes/sun/security/tools/JarSigner.java +

hg: jdk7/tl/jdk: 6890876: jarsigner can add CRL info into signed jar

2010-05-05 Thread weijun . wang
Changeset: 8834c3633f0b Author:weijun Date: 2010-05-06 13:42 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/8834c3633f0b 6890876: jarsigner can add CRL info into signed jar Reviewed-by: mullan ! src/share/classes/com/sun/jarsigner/ContentSignerParameters.java !

Re: Please review fix for 6951599 (Rename package of security tools for modularization)

2010-05-14 Thread Weijun Wang
On May 14, 2010, at 2:40 PM, Mandy Chung wrote: Hi Max, Wang Weijun wrote: Hi Mandy Sorry for late comment. My email client on Nokia E71 keeps crashing. (Hope it's good this time). It's good. Thanks for the comment. I'm quite sure there are people out there calling KeyTool the

code review request: 6882687 KerberosTime too imprecise

2010-05-17 Thread Weijun Wang
Hi Valerie A new bug 6950930 filed for the same problem. So ping again. Webrev small update at -- http://cr.openjdk.java.net/~weijun/6882687/webrev.01 Changes: 1. 2009 - 2010 2. new fields now private final Thanks Max On Sep 17, 2009, at 1:46 AM, Max (Weijun) Wang wrote: Hi Valerie

hg: jdk7/tl/jdk: 2 new changesets

2010-05-23 Thread weijun . wang
Changeset: d01726854317 Author:weijun Date: 2010-05-24 09:28 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d01726854317 6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature Reviewed-by: xuelei, mullan !

hg: jdk7/tl/jdk: 2 new changesets

2010-05-23 Thread weijun . wang
Changeset: ff9cc9789bb3 Author:weijun Date: 2010-05-24 09:37 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ff9cc9789bb3 6882687: KerberosTime too imprecise Reviewed-by: valeriep ! src/share/classes/sun/security/krb5/internal/KerberosTime.java +

hg: jdk7/tl/jdk: 6932525: Incorrect encryption types of KDC_REQ_BODY of AS-REQ with pre-authentication

2010-05-23 Thread weijun . wang
Changeset: ba95fd03440b Author:weijun Date: 2010-05-24 10:05 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ba95fd03440b 6932525: Incorrect encryption types of KDC_REQ_BODY of AS-REQ with pre-authentication Reviewed-by: valeriep !

hg: jdk7/tl/jdk: 6948287: KDC test strange knvo

2010-05-25 Thread weijun . wang
Changeset: 2306564dea3a Author:weijun Date: 2010-05-25 18:20 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/2306564dea3a 6948287: KDC test strange knvo Reviewed-by: xuelei ! test/sun/security/krb5/auto/KDC.java

hg: jdk7/tl/jdk: 6955783: ServiceUnavailableException caught even the secondary DNS is available

2010-05-27 Thread weijun . wang
Changeset: d5939d20b762 Author:weijun Date: 2010-05-27 17:24 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d5939d20b762 6955783: ServiceUnavailableException caught even the secondary DNS is available Reviewed-by: vinnie ! src/share/classes/com/sun/jndi/dns/DnsClient.java

hg: jdk7/tl/jdk: 6950931: test fails on windows sun/security/tools/jarsigner/crl.sh

2010-05-31 Thread weijun . wang
Changeset: f3189453d134 Author:weijun Date: 2010-06-01 10:52 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/f3189453d134 6950931: test fails on windows sun/security/tools/jarsigner/crl.sh Reviewed-by: wetmore, xuelei ! test/sun/security/tools/jarsigner/crl.sh

code review request: 6844907: krb5 etype order should be from strong to weak

2010-06-01 Thread Weijun Wang
Hi All Please review this webrev: http://cr.openjdk.java.net/~weijun/6844907/webrev.00/ Three notes: 1. The etype order change has effect on keys in a keytab file. In KeyTab.java, I've made the following change: public EncryptionKey[] readServiceKeys(PrincipalName service) {

code review request: 6958026: Problem with PKCS12 keystore

2010-06-02 Thread Weijun Wang
Hi All Please review this code change: http://cr.openjdk.java.net/~weijun/6958026/webrev.00/ Two parts included: 1. Major one: match private key and cert using both keyId and friendlyName. 2. Minor one: add keyId and friendlyName to private keys created by setKeyEntry(alias, byte[],

hg: jdk7/tl/jdk: 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode

2010-06-04 Thread weijun . wang
Changeset: ea8c57ec8409 Author:weijun Date: 2010-06-04 19:28 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ea8c57ec8409 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode Reviewed-by: valeriep, xuelei !

code review request: 6960894: Better AS-REQ creation and processing

2010-06-13 Thread Weijun Wang
Hi Valerie and Andrew Please review the following webrev: http://cr.openjdk.java.net/~weijun/6960894/webrev.00 The major enhancement is KrbAsReqBuilder which generates AS-REQ, sends it, parses any response, and returns a Credentials object. The other big change is KrbKdcReq, it's no longer

hg: jdk7/tl/jdk: 6959292: regression: cannot login if session key and preauth does not use the same etype

2010-06-16 Thread weijun . wang
Changeset: 3df25d0680f3 Author:weijun Date: 2010-06-17 13:46 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3df25d0680f3 6959292: regression: cannot login if session key and preauth does not use the same etype Reviewed-by: xuelei, valeriep !

hg: jdk7/tl/jdk: 3 new changesets

2010-06-24 Thread weijun . wang
Changeset: 706e2d1fc378 Author:weijun Date: 2010-06-24 14:26 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/706e2d1fc378 6958026: Problem with PKCS12 keystore Reviewed-by: mullan ! src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java +

code review request: 6670889: Keystore created under Hindi Locale causing ArrayIndexOutOfBoundsException

2010-07-13 Thread Weijun Wang
6670889: Keystore created under Hindi Locale causing ArrayIndexOutOfBoundsException Webrev: http://cr.openjdk.java.net/~weijun/6670889/webrev.00/ Thanks Max

hg: jdk7/tl/jdk: 6670889: Keystore created under Hindi Locale causing ArrayIndexOutOfBoundsException

2010-07-13 Thread weijun . wang
Changeset: f3a4c1947fd1 Author:weijun Date: 2010-07-13 20:27 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/f3a4c1947fd1 6670889: Keystore created under Hindi Locale causing ArrayIndexOutOfBoundsException Reviewed-by: chegar !

code review request: 6969292: make DNS lookup for realm/kdc really work

2010-07-15 Thread Weijun Wang
Hi Valerie 6969292: make DNS lookup for realm/kdc really work Webrev: http://cr.openjdk.java.net/~weijun/6969292/webrev.00/ We've implemented DNS lookup for realm and kdc for some time, and have made it default turned on in JDK 7. However, it's still not 100% zero-configuration, a krb5.conf

Re: code review request: 6969292: make DNS lookup for realm/kdc really work

2010-07-16 Thread Weijun Wang
Updated webrev: http://cr.openjdk.java.net/~weijun/6969292/webrev.01/ Changes: checkRealm() return null instead of throwing an exception. (Thanks, Alan). Thanks Max On 07/15/2010 02:12 PM, Weijun Wang wrote: Hi Valerie 6969292: make DNS lookup for realm/kdc really work Webrev: http

Re: PKCS11 no longer supported for KeyStore

2010-07-18 Thread Weijun Wang
What platform and openjdk release (or build) are you using? What kind of security providers are specified? When you say regression, is it a regression of an earlier build of openjdk? If I understand correctly, a PKCS #11 security provider is needed to use PKCS11-based keystores. Currently,

hg: jdk7/tl/jdk: 2 new changesets

2010-07-18 Thread weijun . wang
Changeset: 9a1bd20fc71c Author:weijun Date: 2010-07-19 10:02 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/9a1bd20fc71c 6969683: Generify ResolverConfiguration codes Reviewed-by: alanb, chegar ! src/share/classes/com/sun/jndi/dns/DnsContextFactory.java !

  1   2   3   4   5   6   7   8   9   10   >