archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 14:24:46 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8241761: Typos: empty lines in javadoc, inconsistent indents, etc. (security-libs only)

Browse source 
Reviewed-by: weijun
This commit is contained in:
Ivan Gerasimov 2020-04-01 18:38:05 -07:00
parent cc25927f2d
commit 3790e58090
65 changed files with 606 additions and 620 deletions
Download patch file Download diff file Expand all files Collapse all files

46
src/java.base/macosx/classes/apple/security/KeychainStore.java
View file

@ -127,7 +127,7 @@ public final class KeychainStore extends KeyStoreSpi {
public KeychainStore() { }
/**
* Returns the key associated with the given alias, using the given
* Returns the key associated with the given alias, using the given
* password to recover it.
*
* @param alias the alias name
@ -240,10 +240,10 @@ public final class KeychainStore extends KeyStoreSpi {
* @param alias the alias name
*
* @return the certificate chain (ordered with the user's certificate first
* and the root certificate authority last), or null if the given alias
* and the root certificate authority last), or null if the given alias
* does not exist or does not contain a certificate chain (i.e., the given
* alias identifies either a <i>trusted certificate entry</i> or a
* <i>key entry</i> without a certificate chain).
* alias identifies either a <i>trusted certificate entry</i> or a
* <i>key entry</i> without a certificate chain).
*/
public Certificate[] engineGetCertificateChain(String alias) {
permissionCheck();
@ -297,7 +297,7 @@ public final class KeychainStore extends KeyStoreSpi {
}
/**
* Returns the creation date of the entry identified by the given alias.
* Returns the creation date of the entry identified by the given alias.
*
* @param alias the alias name
*
@ -321,7 +321,7 @@ public final class KeychainStore extends KeyStoreSpi {
}
/**
* Assigns the given key to the given alias, protecting it with the given
* Assigns the given key to the given alias, protecting it with the given
* password.
*
* <p>If the given key is of type <code>java.security.PrivateKey</code>,
@ -330,14 +330,14 @@ public final class KeychainStore extends KeyStoreSpi {
*
* <p>If the given alias already exists, the keystore information
* associated with it is overridden by the given key (and possibly
* certificate chain).
* certificate chain).
*
* @param alias the alias name
* @param key the key to be associated with the alias
* @param password the password to protect the key
* @param chain the certificate chain for the corresponding public
* key (only required if the given key is of type
* <code>java.security.PrivateKey</code>).
* <code>java.security.PrivateKey</code>).
*
* @exception KeyStoreException if the given key cannot be protected, or
* this operation fails for some other reason
@ -391,7 +391,7 @@ public final class KeychainStore extends KeyStoreSpi {
}
/**
* Assigns the given key (that has already been protected) to the given
* Assigns the given key (that has already been protected) to the given
* alias.
*
* <p>If the protected key is of type
@ -403,13 +403,13 @@ public final class KeychainStore extends KeyStoreSpi {
*
* <p>If the given alias already exists, the keystore information
* associated with it is overridden by the given key (and possibly
* certificate chain).
* certificate chain).
*
* @param alias the alias name
* @param key the key (in protected format) to be associated with the alias
* @param chain the certificate chain for the corresponding public
* key (only useful if the protected key is of type
* <code>java.security.PrivateKey</code>).
* <code>java.security.PrivateKey</code>).
*
* @exception KeyStoreException if this operation fails.
*/
@ -449,7 +449,7 @@ public final class KeychainStore extends KeyStoreSpi {
}
/**
* Assigns the given certificate to the given alias.
* Assigns the given certificate to the given alias.
*
* <p>If the given alias already exists in this keystore and identifies a
* <i>trusted certificate entry</i>, the certificate associated with it is
@ -501,7 +501,7 @@ public final class KeychainStore extends KeyStoreSpi {
}
/**
* Deletes the entry identified by the given alias from this keystore.
* Deletes the entry identified by the given alias from this keystore.
*
* @param alias the alias name
*
@ -519,7 +519,7 @@ public final class KeychainStore extends KeyStoreSpi {
}
/**
* Lists all the alias names of this keystore.
* Lists all the alias names of this keystore.
*
* @return enumeration of the alias names
*/
@ -529,7 +529,7 @@ public final class KeychainStore extends KeyStoreSpi {
}
/**
* Checks if the given alias exists in this keystore.
* Checks if the given alias exists in this keystore.
*
* @param alias the alias name
*
@ -541,7 +541,7 @@ public final class KeychainStore extends KeyStoreSpi {
}
/**
* Retrieves the number of entries in this keystore.
* Retrieves the number of entries in this keystore.
*
* @return the number of entries in this keystore
*/
@ -551,7 +551,7 @@ public final class KeychainStore extends KeyStoreSpi {
}
/**
* Returns true if the entry identified by the given alias is a
* Returns true if the entry identified by the given alias is a
* <i>key entry</i>, and false otherwise.
*
* @return true if the entry identified by the given alias is a
@ -568,7 +568,7 @@ public final class KeychainStore extends KeyStoreSpi {
}
/**
* Returns true if the entry identified by the given alias is a
* Returns true if the entry identified by the given alias is a
* <i>trusted certificate entry</i>, and false otherwise.
*
* @return true if the entry identified by the given alias is a
@ -585,7 +585,7 @@ public final class KeychainStore extends KeyStoreSpi {
}
/**
* Returns the (alias) name of the first keystore entry whose certificate
* Returns the (alias) name of the first keystore entry whose certificate
* matches the given certificate.
*
* <p>This method attempts to match the given certificate with each
@ -624,7 +624,7 @@ public final class KeychainStore extends KeyStoreSpi {
}
/**
* Stores this keystore to the given output stream, and protects its
* Stores this keystore to the given output stream, and protects its
* integrity with the given password.
*
* @param stream Ignored. the output stream to which this keystore is written.
@ -718,7 +718,7 @@ public final class KeychainStore extends KeyStoreSpi {
private native void _releaseKeychainItemRef(long keychainItemRef);
/**
* Loads the keystore from the Keychain.
* Loads the keystore from the Keychain.
*
* @param stream Ignored - here for API compatibility.
* @param password Ignored - if user needs to unlock keychain Security
@ -918,7 +918,7 @@ public final class KeychainStore extends KeyStoreSpi {
}
/*
* Read the authSafe.
* Read the authSafe.
*/
byte[] authSafeData;
ContentInfo authSafe = new ContentInfo(s);
@ -1003,7 +1003,7 @@ public final class KeychainStore extends KeyStoreSpi {
}
/*
* Generate PBE Algorithm Parameters
* Generate PBE Algorithm Parameters
*/
private AlgorithmParameters getAlgorithmParameters(String algorithm)
throws IOException

10
src/java.base/share/classes/com/sun/crypto/provider/ChaCha20Poly1305Parameters.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -40,9 +40,9 @@ import sun.security.util.*;
*
* <pre>
* id-alg-AEADChaCha20Poly1305 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs9(9) smime(16) alg(3) 18 }
* { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
* pkcs9(9) smime(16) alg(3) 18 }
*
* AEADChaCha20Poly1305Nonce ::= OCTET STRING (SIZE(12))
* </pre>
*
@ -86,7 +86,7 @@ public final class ChaCha20Poly1305Parameters extends AlgorithmParametersSpi {
/**
* Initialize the ChaCha20Poly1305Parameters from a DER encoded
* parameter block.
*
* @param encoded the DER encoding of the nonce as an OCTET STRING.
*
* @throws IOException if the encoded nonce is not 12 bytes long or a DER

4
src/java.base/share/classes/com/sun/crypto/provider/FeedbackCipher.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -103,7 +103,7 @@ abstract class FeedbackCipher {
byte[] iv) throws InvalidKeyException,
InvalidAlgorithmParameterException;
/**
/**
* Gets the initialization vector.
*
* @return the initialization vector

4
src/java.base/share/classes/com/sun/crypto/provider/PBES1Core.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -88,7 +88,7 @@ final class PBES1Core {
cipher.setMode(mode);
}
/**
/**
* Sets the padding mechanism of this cipher. This algorithm only uses
* PKCS #5 padding.
*

4
src/java.base/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -75,7 +75,7 @@ public final class PBEWithMD5AndDESCipher extends CipherSpi {
}
}
/**
/**
* Sets the padding mechanism of this cipher. This algorithm only uses
* PKCS #5 padding.
*

4
src/java.base/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -87,7 +87,7 @@ public final class PBEWithMD5AndTripleDESCipher extends CipherSpi {
}
}
/**
/**
* Sets the padding mechanism of this cipher. This algorithm only uses
* PKCS #5 padding.
*

10
src/java.base/share/classes/java/security/BasicPermission.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -311,10 +311,10 @@ final class BasicPermissionCollection
private static final long serialVersionUID = 739301742472979399L;
/**
* Key is name, value is permission. All permission objects in
* collection must be of the same type.
* Not serialized; see serialization section at end of class.
*/
* Key is name, value is permission. All permission objects in
* collection must be of the same type.
* Not serialized; see serialization section at end of class.
*/
private transient ConcurrentHashMap<String, Permission> perms;
/**

4
src/java.base/share/classes/java/security/KeyFactorySpi.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -115,7 +115,7 @@ public abstract class KeyFactorySpi {
*
* @return the underlying key specification (key material) in an instance
* of the requested specification class.
*
* @throws InvalidKeySpecException if the requested key specification is
* inappropriate for the given key, or the given key cannot be dealt with
* (e.g., the given key has an unrecognized format).

6
src/java.base/share/classes/java/security/KeyManagementException.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -58,14 +58,14 @@ public class KeyManagementException extends KeyException {
super();
}
/**
/**
* Constructs a KeyManagementException with the specified detail
* message. A detail message is a String that describes this
* particular exception.
*
* @param msg the detail message.
*/
public KeyManagementException(String msg) {
public KeyManagementException(String msg) {
super(msg);
}

6
src/java.base/share/classes/java/security/KeyPair.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -72,12 +72,12 @@ public final class KeyPair implements java.io.Serializable {
return publicKey;
}
/**
/**
* Returns a reference to the private key component of this key pair.
*
* @return a reference to the private key.
*/
public PrivateKey getPrivate() {
public PrivateKey getPrivate() {
return privateKey;
}
}

4
src/java.base/share/classes/java/security/PrivateKey.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -66,7 +66,7 @@ public interface PrivateKey extends Key, javax.security.auth.Destroyable {
*
* @deprecated A {@code serialVersionUID} field in an interface is
* ineffectual. Do not use; no replacement.
*/
*/
@Deprecated
@SuppressWarnings("serial")
@java.io.Serial

2
src/java.base/share/classes/java/security/Provider.java
View file

@ -287,7 +287,7 @@ public abstract class Provider extends Properties {
* @throws UnsupportedOperationException if a configuration argument is
* not supported.
* @throws NullPointerException if the supplied configuration argument is
null.
* null.
* @throws InvalidParameterException if the supplied configuration argument
* is invalid.
* @return a provider configured with the supplied configuration argument.

10
src/java.base/share/classes/java/security/Security.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -851,9 +851,9 @@ public final class Security {
}
/*
* Returns all providers who satisfy the specified
* criterion.
*/
* Returns all providers who satisfy the specified
* criterion.
*/
private static LinkedHashSet<Provider> getAllQualifyingCandidates(
String filterKey,
String filterValue,
@ -1067,7 +1067,7 @@ public final class Security {
* or an empty set if no provider supports the specified service.
*
* @since 1.4
**/
*/
public static Set<String> getAlgorithms(String serviceName) {
if ((serviceName == null) || (serviceName.isEmpty()) ||

13
src/java.base/share/classes/java/security/SecurityPermission.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -112,7 +112,7 @@ import java.util.StringTokenizer;
* <td>Getting an instance of a Policy implementation from a provider</td>
* <td>Granting this permission enables code to obtain a Policy object.
* Malicious code may query the Policy object to determine what permissions
* have been granted to code other than itself. </td>
* have been granted to code other than itself.</td>
* </tr>
*
* <tr>
@ -124,8 +124,7 @@ import java.util.StringTokenizer;
* security policies. while revealing this information does not
* compromise the security of the system, it does provide malicious
* code with additional information which it may use to better aim
* an attack.
</td>
* an attack.</td>
* </tr>
*
* <tr>
@ -139,8 +138,7 @@ import java.util.StringTokenizer;
* permission to set the location of the system-wide security policy
* may point it to a security policy that grants the attacker
* all the necessary permissions it requires to successfully mount
* an attack on the system.
</td>
* an attack on the system.</td>
* </tr>
*
* <tr>
@ -153,8 +151,7 @@ import java.util.StringTokenizer;
* currently does not check the integrity or authenticity of a provider
* before attaching it. The "insertProvider" permission subsumes the
* "insertProvider.{provider name}" permission (see the section below for
* more information).
* </td>
* more information).</td>
* </tr>
*
* <tr>

4
src/java.base/share/classes/java/security/Signer.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -113,7 +113,7 @@ public abstract class Signer extends Identity {
return privateKey;
}
/**
/**
* Sets the key pair (public key and private key) for this signer.
*
* <p>First, if there is a security manager, its {@code checkSecurityAccess}

4
src/java.base/share/classes/java/security/cert/CRLException.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -38,7 +38,7 @@ public class CRLException extends GeneralSecurityException {
@java.io.Serial
private static final long serialVersionUID = -6694728944094197147L;
/**
/**
* Constructs a CRLException with no detail message. A
* detail message is a String that describes this particular
* exception.

4
src/java.base/share/classes/java/security/cert/PKIXParameters.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -609,7 +609,7 @@ public class PKIXParameters implements CertPathParameters {
*
* @param sigProvider the signature provider's name (or {@code null})
* @see #getSigProvider
*/
*/
public void setSigProvider(String sigProvider) {
this.sigProvider = sigProvider;
}

8
src/java.base/share/classes/java/security/interfaces/RSAMultiPrimePrivateCrtKey.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2001, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -50,9 +50,9 @@ public interface RSAMultiPrimePrivateCrtKey extends RSAPrivateKey {
* The type fingerprint that is set to indicate
* serialization compatibility with a previous
* version of the type.
*
* @deprecated A {@code serialVersionUID} field in an interface is
* ineffectual. Do not use; no replacement.
*
* @deprecated A {@code serialVersionUID} field in an interface is
* ineffectual. Do not use; no replacement.
*/
@Deprecated
@SuppressWarnings("serial")

4
src/java.base/share/classes/java/security/interfaces/RSAPrivateCrtKey.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -63,7 +63,7 @@ public interface RSAPrivateCrtKey extends RSAPrivateKey {
/**
* Returns the primeP.
*
* @return the primeP
*/
public BigInteger getPrimeP();

4
src/java.base/share/classes/java/security/spec/RSAPrivateCrtKeySpec.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -123,7 +123,7 @@ public class RSAPrivateCrtKeySpec extends RSAPrivateKeySpec {
/**
* Returns the primeP.
*
* @return the primeP
*/
public BigInteger getPrimeP() {

4
src/java.base/share/classes/javax/crypto/ExemptionMechanism.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -160,7 +160,7 @@ public class ExemptionMechanism {
*
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
* @param algorithm the standard name of the requested exemption mechanism.
* See the ExemptionMechanism section in the
* <a href=

4
src/java.base/share/classes/javax/crypto/spec/RC2ParameterSpec.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -120,7 +120,7 @@ public class RC2ParameterSpec implements AlgorithmParameterSpec {
return (iv == null? null:iv.clone());
}
/**
/**
* Tests for equality between the specified object and this
* object. Two RC2ParameterSpec objects are considered equal if their
* effective key sizes and IVs are equal.

4
src/java.base/share/classes/javax/crypto/spec/RC5ParameterSpec.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -160,7 +160,7 @@ public class RC5ParameterSpec implements AlgorithmParameterSpec {
return (iv == null? null:iv.clone());
}
/**
/**
* Tests for equality between the specified object and this
* object. Two RC5ParameterSpec objects are considered equal if their
* version numbers, number of rounds, word sizes, and IVs are equal.

4
src/java.base/share/classes/javax/crypto/spec/SecretKeySpec.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -199,7 +199,7 @@ public class SecretKeySpec implements KeySpec, SecretKey {
this.algorithm.toLowerCase(Locale.ENGLISH).hashCode());
}
/**
/**
* Tests for equality between the specified object and this
* object. Two SecretKeySpec objects are considered equal if
* they are both SecretKey instances which have the

4
src/java.base/share/classes/javax/net/ssl/KeyManagerFactory.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -163,7 +163,7 @@ public class KeyManagerFactory {
*
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
* @param algorithm the standard name of the requested algorithm.
* See the <a href=
* "{@docRoot}/../specs/security/standard-names.html#keymanagerfactory-algorithms">

3
src/java.base/share/classes/javax/security/auth/x500/X500PrivateCredential.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -127,7 +127,6 @@ public final class X500PrivateCredential implements Destroyable {
* in this object have been cleared.
*
* @return true if X509Certificate and the PrivateKey are null
*/
public boolean isDestroyed() {
return cert == null && key == null && alias==null;

4
src/java.base/share/classes/sun/security/provider/SunEntries.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -55,7 +55,7 @@ import sun.security.action.GetPropertyAction;
* - SHA-224withDSA/SHA-256withDSA are the signature schemes
* described in FIPS 186-3. The associated object identifiers are
* "OID.2.16.840.1.101.3.4.3.1", and "OID.2.16.840.1.101.3.4.3.2".
*
* - DSA is the key generation scheme as described in FIPS 186.
* Aliases for DSA include the OID strings "OID.1.3.14.3.2.12"
* and "OID.1.2.840.10040.4.1".

4
src/java.base/share/classes/sun/security/provider/certpath/CertId.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -170,7 +170,7 @@ public class CertId {
}
}
/**
/**
* Returns a hashcode value for this CertId.
*
* @return the hashcode value.

4
src/java.base/share/classes/sun/security/ssl/CertificateVerify.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
/*
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it

2
src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
View file

@ -312,7 +312,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
* < 1 byte >
* < 4 bytes > maximumPacketSize
* < 4 bytes > negotiatedMaxFragSize
*/
*/
SSLSessionImpl(HandshakeContext hc, ByteBuffer buf) throws IOException {
int i = 0;

4
src/java.base/share/classes/sun/security/x509/AlgorithmId.java
View file

@ -971,7 +971,7 @@ public class AlgorithmId implements Serializable, DerEncoder {
/**
* Extracts the encryption algorithm name from a signature
* algorithm name.
*/
*/
public static String getEncAlgFromSigAlg(String signatureAlgorithm) {
signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH);
int with = signatureAlgorithm.indexOf("WITH");
@ -993,7 +993,7 @@ public class AlgorithmId implements Serializable, DerEncoder {
/**
* Extracts the digest algorithm name from a signature
* algorithm name.
*/
*/
public static String getDigAlgFromSigAlg(String signatureAlgorithm) {
signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH);
int with = signatureAlgorithm.indexOf("WITH");

2
src/java.base/share/classes/sun/security/x509/DNSName.java
View file

@ -83,7 +83,7 @@ public class DNSName implements GeneralNameInterface {
* Name will consist of label components separated by "."
* startIndex is the index of the first character of a component
* endIndex is the index of the last character of a component plus 1
*/
*/
for (int endIndex,startIndex = 0; startIndex < name.length(); startIndex = endIndex+1) {
endIndex = name.indexOf('.', startIndex);
if (endIndex < 0) {

6
src/java.base/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -45,8 +45,8 @@ import sun.security.util.*;
*
* <p>
* The extension is defined in Section 5.2.4 of
* <a href="http://tools.ietf.org/html/rfc5280">Internet X.509 PKI Certific
ate and Certificate Revocation List (CRL) Profile</a>.
* <a href="http://tools.ietf.org/html/rfc5280">Internet X.509 PKI
* Certificate and Certificate Revocation List (CRL) Profile</a>.
*
* <p>
* Its ASN.1 definition is as follows:

2
src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java
View file

@ -69,7 +69,7 @@ import sun.security.util.ObjectIdentifier;
* the purpose indicated. Certificate using applications may
* nevertheless require that a particular purpose be indicated in
* order for the certificate to be acceptable to that application.<p>
*
* If a certificate contains both a critical key usage field and a
* critical extended key usage field, then both fields MUST be
* processed independently and the certificate MUST only be used for a

6
src/java.base/share/classes/sun/security/x509/FreshestCRLExtension.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -42,8 +42,8 @@ import sun.security.util.*;
*
* <p>
* The extension is defined in Section 5.2.6 of
* <a href="http://tools.ietf.org/html/rfc5280">Internet X.509 PKI Certific
ate and Certificate Revocation List (CRL) Profile</a>.
* <a href="http://tools.ietf.org/html/rfc5280">Internet X.509 PKI
* Certificate and Certificate Revocation List (CRL) Profile</a>.
*
* <p>
* Its ASN.1 definition is as follows:

6
src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -46,8 +46,8 @@ import sun.security.util.DerValue;
*
* <p>
* The extension is defined in Section 5.2.5 of
* <a href="http://tools.ietf.org/html/rfc5280">Internet X.509 PKI Certific
ate and Certificate Revocation List (CRL) Profile</a>.
* <a href="http://tools.ietf.org/html/rfc5280">Internet X.509 PKI
* Certificate and Certificate Revocation List (CRL) Profile</a>.
*
* <p>
* Its ASN.1 definition is as follows:

20
src/java.security.jgss/share/classes/javax/security/auth/kerberos/KerberosKey.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -88,28 +88,28 @@ public class KerberosKey implements SecretKey {
private static final long serialVersionUID = -4625402278148246993L;
/**
/**
* The principal that this secret key belongs to.
*
* @serial
*/
private KerberosPrincipal principal;
/**
/**
* the version number of this secret key
*
* @serial
*/
private final int versionNum;
/**
* {@code KeyImpl} is serialized by writing out the ASN.1 encoded bytes
* of the encryption key.
*
* @serial
*/
/**
* {@code KeyImpl} is serialized by writing out the ASN.1 encoded bytes
* of the encryption key.
*
* @serial
*/
private KeyImpl key;
private transient boolean destroyed = false;
/**

14
src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Context.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -715,12 +715,12 @@ class Krb5Context implements GSSContextSpi {
if (subject != null &&
!subject.isReadOnly()) {
/*
* Store the service credentials as
* javax.security.auth.kerberos.KerberosTicket in
* the Subject. We could wait until the context is
* successfully established; however it is easier
* to do it here and there is no harm.
*/
* Store the service credentials as
* javax.security.auth.kerberos.KerberosTicket in
* the Subject. We could wait until the context is
* successfully established; however it is easier
* to do it here and there is no harm.
*/
final KerberosTicket kt =
Krb5Util.credsToTicket(serviceCreds);
AccessController.doPrivileged (

20
src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddress.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -133,7 +133,6 @@ public class HostAddress implements Cloneable {
* Gets the InetAddress of this HostAddress.
* @return the IP address for this specified host.
* @exception UnknownHostException if no IP address for the host could be found.
*
*/
public InetAddress getInetAddress() throws UnknownHostException {
// the type of internet addresses is 2.
@ -172,7 +171,6 @@ public class HostAddress implements Cloneable {
* Distributions of Unix.
* @param new_address network address.
* @exception KrbApErrException if address type and address length do not match defined value.
*
*/
public HostAddress(int new_addrType, byte[] new_address)
throws KrbApErrException, UnknownHostException {
@ -228,7 +226,6 @@ public class HostAddress implements Cloneable {
* @param encoding a single DER-encoded value.
* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
* @exception IOException if an I/O error occurs while reading encoded data.
*
*/
public HostAddress(DerValue encoding) throws Asn1Exception, IOException {
DerValue der = encoding.getData().getDerValue();
@ -248,13 +245,11 @@ public class HostAddress implements Cloneable {
}
/**
* Encodes a HostAddress object.
* @return a byte array of encoded HostAddress object.
* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
* @exception IOException if an I/O error occurs while reading encoded data.
*
*/
* Encodes a HostAddress object.
* @return a byte array of encoded HostAddress object.
* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
* @exception IOException if an I/O error occurs while reading encoded data.
*/
public byte[] asn1Encode() throws Asn1Exception, IOException {
DerOutputStream bytes = new DerOutputStream();
DerOutputStream temp = new DerOutputStream();
@ -271,7 +266,7 @@ public class HostAddress implements Cloneable {
/**
* Parses (unmarshal) a host address from a DER input stream. This form
* parsing might be used when expanding a value which is part of
* a constructed sequence and uses explicitly tagged type.
* a constructed sequence and uses explicitly tagged type.
*
* @exception Asn1Exception on error.
* @exception IOException if an I/O error occurs while reading encoded data.
@ -279,7 +274,6 @@ public class HostAddress implements Cloneable {
* @param explicitTag tag number.
* @param optional indicates if this data field is optional
* @return an instance of HostAddress.
*
*/
public static HostAddress parse(DerInputStream data, byte explicitTag,
boolean optional)

17
src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddresses.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -240,14 +240,13 @@ public class HostAddresses implements Cloneable {
}
/**
* Writes data field values in <code>HostAddresses</code> in FCC
* format to a <code>CCacheOutputStream</code>.
*
* @param cos a <code>CCacheOutputStream</code> to be written to.
* @exception IOException if an I/O exception occurs.
* @see sun.security.krb5.internal.ccache.CCacheOutputStream
*/
* Writes data field values in <code>HostAddresses</code> in FCC
* format to a <code>CCacheOutputStream</code>.
*
* @param cos a <code>CCacheOutputStream</code> to be written to.
* @exception IOException if an I/O exception occurs.
* @see sun.security.krb5.internal.ccache.CCacheOutputStream
*/
public void writeAddrs(CCacheOutputStream cos) throws IOException {
if (addresses == null || addresses.length == 0) {
cos.write32(0);

20
src/java.security.sasl/share/classes/com/sun/security/sasl/ClientFactoryImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -39,15 +39,15 @@ import javax.security.auth.callback.UnsupportedCallbackException;
import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Client factory for EXTERNAL, CRAM-MD5, PLAIN.
*
* Requires the following callbacks to be satisfied by callback handler
* when using CRAM-MD5 or PLAIN.
* - NameCallback (to get username)
* - PasswordCallback (to get password)
*
* @author Rosanna Lee
*/
* Client factory for EXTERNAL, CRAM-MD5, PLAIN.
*
* Requires the following callbacks to be satisfied by callback handler
* when using CRAM-MD5 or PLAIN.
* - NameCallback (to get username)
* - PasswordCallback (to get password)
*
* @author Rosanna Lee
*/
final public class ClientFactoryImpl implements SaslClientFactory {
private static final String[] myMechs = {
"EXTERNAL",

28
src/java.security.sasl/share/classes/com/sun/security/sasl/CramMD5Base.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -36,11 +36,11 @@ import java.util.Arrays;
import java.util.logging.Logger;
/**
* Base class for implementing CRAM-MD5 client and server mechanisms.
*
* @author Vincent Ryan
* @author Rosanna Lee
*/
* Base class for implementing CRAM-MD5 client and server mechanisms.
*
* @author Vincent Ryan
* @author Rosanna Lee
*/
abstract class CramMD5Base {
protected boolean completed = false;
protected boolean aborted = false;
@ -70,10 +70,10 @@ abstract class CramMD5Base {
}
/**
* Unwraps the incoming buffer. CRAM-MD5 supports no security layer.
*
* @throws SaslException If attempt to use this method.
*/
* Unwraps the incoming buffer. CRAM-MD5 supports no security layer.
*
* @throws SaslException If attempt to use this method.
*/
public byte[] unwrap(byte[] incoming, int offset, int len)
throws SaslException {
if (completed) {
@ -86,10 +86,10 @@ abstract class CramMD5Base {
}
/**
* Wraps the outgoing buffer. CRAM-MD5 supports no security layer.
*
* @throws SaslException If attempt to use this method.
*/
* Wraps the outgoing buffer. CRAM-MD5 supports no security layer.
*
* @throws SaslException If attempt to use this method.
*/
public byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException {
if (completed) {
throw new IllegalStateException(

22
src/java.security.sasl/share/classes/com/sun/security/sasl/CramMD5Client.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -34,16 +34,16 @@ import java.util.logging.Level;
import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Implements the CRAM-MD5 SASL client-side mechanism.
* (<A HREF="http://www.ietf.org/rfc/rfc2195.txt">RFC 2195</A>).
* CRAM-MD5 has no initial response. It receives bytes from
* the server as a challenge, which it hashes by using MD5 and the password.
* It concatenates the authentication ID with this result and returns it
* as the response to the challenge. At that point, the exchange is complete.
*
* @author Vincent Ryan
* @author Rosanna Lee
*/
* Implements the CRAM-MD5 SASL client-side mechanism.
* (<A HREF="http://www.ietf.org/rfc/rfc2195.txt">RFC 2195</A>).
* CRAM-MD5 has no initial response. It receives bytes from
* the server as a challenge, which it hashes by using MD5 and the password.
* It concatenates the authentication ID with this result and returns it
* as the response to the challenge. At that point, the exchange is complete.
*
* @author Vincent Ryan
* @author Rosanna Lee
*/
final class CramMD5Client extends CramMD5Base implements SaslClient {
private String username;

32
src/java.security.sasl/share/classes/com/sun/security/sasl/CramMD5Server.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -36,21 +36,21 @@ import javax.security.auth.callback.*;
import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Implements the CRAM-MD5 SASL server-side mechanism.
* (<A HREF="http://www.ietf.org/rfc/rfc2195.txt">RFC 2195</A>).
* CRAM-MD5 has no initial response.
*
* client <---- M={random, timestamp, server-fqdn} ------- server
* client ----- {username HMAC_MD5(pw, M)} --------------> server
*
* CallbackHandler must be able to handle the following callbacks:
* - NameCallback: default name is name of user for whom to get password
* - PasswordCallback: must fill in password; if empty, no pw
* - AuthorizeCallback: must setAuthorized() and canonicalized authorization id
* - auth id == authzid, but needed to get canonicalized authzid
*
* @author Rosanna Lee
*/
* Implements the CRAM-MD5 SASL server-side mechanism.
* (<A HREF="http://www.ietf.org/rfc/rfc2195.txt">RFC 2195</A>).
* CRAM-MD5 has no initial response.
*
* client <---- M={random, timestamp, server-fqdn} ------- server
* client ----- {username HMAC_MD5(pw, M)} --------------> server
*
* CallbackHandler must be able to handle the following callbacks:
* - NameCallback: default name is name of user for whom to get password
* - PasswordCallback: must fill in password; if empty, no pw
* - AuthorizeCallback: must setAuthorized() and canonicalized authorization id
* - auth id == authzid, but needed to get canonicalized authzid
*
* @author Rosanna Lee
*/
final class CramMD5Server extends CramMD5Base implements SaslServer {
private String fqdn;
private byte[] challengeData = null;

32
src/java.security.sasl/share/classes/com/sun/security/sasl/ExternalClient.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,13 +30,13 @@ import javax.security.sasl.*;
import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Implements the EXTERNAL SASL client mechanism.
* (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>).
* The EXTERNAL mechanism returns the optional authorization ID as
* the initial response. It processes no challenges.
*
* @author Rosanna Lee
*/
* Implements the EXTERNAL SASL client mechanism.
* (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>).
* The EXTERNAL mechanism returns the optional authorization ID as
* the initial response. It processes no challenges.
*
* @author Rosanna Lee
*/
final class ExternalClient implements SaslClient {
private byte[] username;
private boolean completed = false;
@ -103,10 +103,10 @@ final class ExternalClient implements SaslClient {
}
/**
* Unwraps the incoming buffer.
*
* @throws SaslException Not applicable to this mechanism.
*/
* Unwraps the incoming buffer.
*
* @throws SaslException Not applicable to this mechanism.
*/
public byte[] unwrap(byte[] incoming, int offset, int len)
throws SaslException {
if (completed) {
@ -118,10 +118,10 @@ final class ExternalClient implements SaslClient {
}
/**
* Wraps the outgoing buffer.
*
* @throws SaslException Not applicable to this mechanism.
*/
* Wraps the outgoing buffer.
*
* @throws SaslException Not applicable to this mechanism.
*/
public byte[] wrap(byte[] outgoing, int offset, int len)
throws SaslException {
if (completed) {

30
src/java.security.sasl/share/classes/com/sun/security/sasl/PlainClient.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,12 +30,12 @@ import javax.security.sasl.*;
import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Implements the PLAIN SASL client mechanism.
* (<A
* HREF="http://ftp.isi.edu/in-notes/rfc2595.txt">RFC 2595</A>)
*
* @author Rosanna Lee
*/
* Implements the PLAIN SASL client mechanism.
* (<A
* HREF="http://ftp.isi.edu/in-notes/rfc2595.txt">RFC 2595</A>)
*
* @author Rosanna Lee
*/
final class PlainClient implements SaslClient {
private boolean completed = false;
private byte[] pw;
@ -135,10 +135,10 @@ final class PlainClient implements SaslClient {
}
/**
* Unwraps the incoming buffer.
*
* @throws SaslException Not applicable to this mechanism.
*/
* Unwraps the incoming buffer.
*
* @throws SaslException Not applicable to this mechanism.
*/
public byte[] unwrap(byte[] incoming, int offset, int len)
throws SaslException {
if (completed) {
@ -150,10 +150,10 @@ final class PlainClient implements SaslClient {
}
/**
* Wraps the outgoing buffer.
*
* @throws SaslException Not applicable to this mechanism.
*/
* Wraps the outgoing buffer.
*
* @throws SaslException Not applicable to this mechanism.
*/
public byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException {
if (completed) {
throw new SaslException(

18
src/java.security.sasl/share/classes/com/sun/security/sasl/ServerFactoryImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,14 +32,14 @@ import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
/**
* Server factory for CRAM-MD5.
*
* Requires the following callback to be satisfied by callback handler
* when using CRAM-MD5.
* - AuthorizeCallback (to get canonicalized authzid)
*
* @author Rosanna Lee
*/
* Server factory for CRAM-MD5.
*
* Requires the following callback to be satisfied by callback handler
* when using CRAM-MD5.
* - AuthorizeCallback (to get canonicalized authzid)
*
* @author Rosanna Lee
*/
final public class ServerFactoryImpl implements SaslServerFactory {
private static final String[] myMechs = {
"CRAM-MD5", //

124
src/java.security.sasl/share/classes/com/sun/security/sasl/digest/DigestMD5Client.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -45,56 +45,56 @@ import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
/**
* An implementation of the DIGEST-MD5
* (<a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>) SASL
* (<a href="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</a>) mechanism.
*
* The DIGEST-MD5 SASL mechanism specifies two modes of authentication.
* - Initial Authentication
* - Subsequent Authentication - optional, (currently unsupported)
*
* Required callbacks:
* - RealmChoiceCallback
* shows user list of realms server has offered; handler must choose one
* from list
* - RealmCallback
* shows user the only realm server has offered or none; handler must
* enter realm to use
* - NameCallback
* handler must enter username to use for authentication
* - PasswordCallback
* handler must enter password for username to use for authentication
*
* Environment properties that affect behavior of implementation:
*
* javax.security.sasl.qop
* quality of protection; list of auth, auth-int, auth-conf; default is "auth"
* javax.security.sasl.strength
* auth-conf strength; list of high, medium, low; default is highest
* available on platform ["high,medium,low"].
* high means des3 or rc4 (128); medium des or rc4-56; low is rc4-40;
* choice of cipher depends on its availablility on platform
* javax.security.sasl.maxbuf
* max receive buffer size; default is 65536
* javax.security.sasl.sendmaxbuffer
* max send buffer size; default is 65536; (min with server max recv size)
*
* com.sun.security.sasl.digest.cipher
* name a specific cipher to use; setting must be compatible with the
* setting of the javax.security.sasl.strength property.
*
* @see <a href="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</a>
* - Simple Authentication and Security Layer (SASL)
* @see <a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>
* - Using Digest Authentication as a SASL Mechanism
* @see <a href="http://java.sun.com/products/jce">Java(TM)
* Cryptography Extension 1.2.1 (JCE)</a>
* @see <a href="http://java.sun.com/products/jaas">Java(TM)
* Authentication and Authorization Service (JAAS)</a>
*
* @author Jonathan Bruce
* @author Rosanna Lee
*/
* An implementation of the DIGEST-MD5
* (<a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>) SASL
* (<a href="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</a>) mechanism.
*
* The DIGEST-MD5 SASL mechanism specifies two modes of authentication.
* - Initial Authentication
* - Subsequent Authentication - optional, (currently unsupported)
*
* Required callbacks:
* - RealmChoiceCallback
* shows user list of realms server has offered; handler must choose one
* from list
* - RealmCallback
* shows user the only realm server has offered or none; handler must
* enter realm to use
* - NameCallback
* handler must enter username to use for authentication
* - PasswordCallback
* handler must enter password for username to use for authentication
*
* Environment properties that affect behavior of implementation:
*
* javax.security.sasl.qop
* quality of protection; list of auth, auth-int, auth-conf; default is "auth"
* javax.security.sasl.strength
* auth-conf strength; list of high, medium, low; default is highest
* available on platform ["high,medium,low"].
* high means des3 or rc4 (128); medium des or rc4-56; low is rc4-40;
* choice of cipher depends on its availablility on platform
* javax.security.sasl.maxbuf
* max receive buffer size; default is 65536
* javax.security.sasl.sendmaxbuffer
* max send buffer size; default is 65536; (min with server max recv size)
*
* com.sun.security.sasl.digest.cipher
* name a specific cipher to use; setting must be compatible with the
* setting of the javax.security.sasl.strength property.
*
* @see <a href="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</a>
* - Simple Authentication and Security Layer (SASL)
* @see <a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>
* - Using Digest Authentication as a SASL Mechanism
* @see <a href="http://java.sun.com/products/jce">Java(TM)
* Cryptography Extension 1.2.1 (JCE)</a>
* @see <a href="http://java.sun.com/products/jaas">Java(TM)
* Authentication and Authorization Service (JAAS)</a>
*
* @author Jonathan Bruce
* @author Rosanna Lee
*/
final class DigestMD5Client extends DigestMD5Base implements SaslClient {
private static final String MY_CLASS_NAME = DigestMD5Client.class.getName();
@ -136,17 +136,17 @@ final class DigestMD5Client extends DigestMD5Base implements SaslClient {
private byte[] authzidBytes; // byte repr of authzid
/**
* Constructor for DIGEST-MD5 mechanism.
*
* @param authzid A non-null String representing the principal
* for which authorization is being granted..
* @param digestURI A non-null String representing detailing the
* combined protocol and host being used for authentication.
* @param props The possibly null properties to be used by the SASL
* mechanism to configure the authentication exchange.
* @param cbh The non-null CallbackHanlder object for callbacks
* @throws SaslException if no authentication ID or password is supplied
*/
* Constructor for DIGEST-MD5 mechanism.
*
* @param authzid A non-null String representing the principal
* for which authorization is being granted..
* @param digestURI A non-null String representing detailing the
* combined protocol and host being used for authentication.
* @param props The possibly null properties to be used by the SASL
* mechanism to configure the authentication exchange.
* @param cbh The non-null CallbackHanlder object for callbacks
* @throws SaslException if no authentication ID or password is supplied
*/
DigestMD5Client(String authzid, String protocol, String serverName,
Map<String, ?> props, CallbackHandler cbh) throws SaslException {

84
src/java.security.sasl/share/classes/com/sun/security/sasl/digest/DigestMD5Server.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -42,47 +42,47 @@ import javax.security.auth.callback.*;
import static java.nio.charset.StandardCharsets.*;
/**
* An implementation of the DIGEST-MD5 server SASL mechanism.
* (<a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>)
* <p>
* The DIGEST-MD5 SASL mechanism specifies two modes of authentication.
* <ul><li>Initial Authentication
* <li>Subsequent Authentication - optional, (currently not supported)
* </ul>
*
* Required callbacks:
* - RealmCallback
* used as key by handler to fetch password
* - NameCallback
* used as key by handler to fetch password
* - PasswordCallback
* handler must enter password for username/realm supplied
* - AuthorizeCallback
* handler must verify that authid/authzids are allowed and set
* authorized ID to be the canonicalized authzid (if applicable).
*
* Environment properties that affect the implementation:
* javax.security.sasl.qop:
* specifies list of qops; default is "auth"; typically, caller should set
* this to "auth, auth-int, auth-conf".
* javax.security.sasl.strength
* specifies low/medium/high strength of encryption; default is all available
* ciphers [high,medium,low]; high means des3 or rc4 (128); medium des or
* rc4-56; low is rc4-40.
* javax.security.sasl.maxbuf
* specifies max receive buf size; default is 65536
* javax.security.sasl.sendmaxbuffer
* specifies max send buf size; default is 65536 (min of this and client's max
* recv size)
*
* com.sun.security.sasl.digest.utf8:
* "true" means to use UTF-8 charset; "false" to use ISO-8859-1 encoding;
* default is "true".
* com.sun.security.sasl.digest.realm:
* space-separated list of realms; default is server name (fqdn parameter)
*
* @author Rosanna Lee
*/
* An implementation of the DIGEST-MD5 server SASL mechanism.
* (<a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>)
* <p>
* The DIGEST-MD5 SASL mechanism specifies two modes of authentication.
* <ul><li>Initial Authentication
* <li>Subsequent Authentication - optional, (currently not supported)
* </ul>
*
* Required callbacks:
* - RealmCallback
* used as key by handler to fetch password
* - NameCallback
* used as key by handler to fetch password
* - PasswordCallback
* handler must enter password for username/realm supplied
* - AuthorizeCallback
* handler must verify that authid/authzids are allowed and set
* authorized ID to be the canonicalized authzid (if applicable).
*
* Environment properties that affect the implementation:
* javax.security.sasl.qop:
* specifies list of qops; default is "auth"; typically, caller should set
* this to "auth, auth-int, auth-conf".
* javax.security.sasl.strength
* specifies low/medium/high strength of encryption; default is all available
* ciphers [high,medium,low]; high means des3 or rc4 (128); medium des or
* rc4-56; low is rc4-40.
* javax.security.sasl.maxbuf
* specifies max receive buf size; default is 65536
* javax.security.sasl.sendmaxbuffer
* specifies max send buf size; default is 65536 (min of this and client's max
* recv size)
*
* com.sun.security.sasl.digest.utf8:
* "true" means to use UTF-8 charset; "false" to use ISO-8859-1 encoding;
* default is "true".
* com.sun.security.sasl.digest.realm:
* space-separated list of realms; default is server name (fqdn parameter)
*
* @author Rosanna Lee
*/
final class DigestMD5Server extends DigestMD5Base implements SaslServer {
private static final String MY_CLASS_NAME = DigestMD5Server.class.getName();

28
src/java.security.sasl/share/classes/com/sun/security/sasl/digest/FactoryImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -34,12 +34,12 @@ import com.sun.security.sasl.util.PolicyUtils;
/**
* Client and server factory for DIGEST-MD5 SASL client/server mechanisms.
* See DigestMD5Client and DigestMD5Server for input requirements.
*
* @author Jonathan Bruce
* @author Rosanna Lee
*/
* Client and server factory for DIGEST-MD5 SASL client/server mechanisms.
* See DigestMD5Client and DigestMD5Server for input requirements.
*
* @author Jonathan Bruce
* @author Rosanna Lee
*/
public final class FactoryImpl implements SaslClientFactory,
SaslServerFactory{
@ -50,8 +50,8 @@ SaslServerFactory{
PolicyUtils.NOPLAINTEXT|PolicyUtils.NOANONYMOUS};
/**
* Empty constructor.
*/
* Empty constructor.
*/
public FactoryImpl() {
}
@ -112,11 +112,11 @@ SaslServerFactory{
}
/**
* Returns the authentication mechanisms that this factory can produce.
*
* @return String[] {"DigestMD5"} if policies in env match those of this
* factory.
*/
* Returns the authentication mechanisms that this factory can produce.
*
* @return String[] {"DigestMD5"} if policies in env match those of this
* factory.
*/
public String[] getMechanismNames(Map<String,?> env) {
return PolicyUtils.filterMechs(myMechs, mechPolicies, env);
}

18
src/java.security.sasl/share/classes/com/sun/security/sasl/digest/SecurityCtx.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,14 +28,14 @@ package com.sun.security.sasl.digest;
import javax.security.sasl.SaslException;
/**
* Interface used for classes implementing integrity checking and privacy
* for DIGEST-MD5 SASL mechanism implementation.
*
* @see <a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>
* - Using Digest Authentication as a SASL Mechanism
*
* @author Jonathan Bruce
*/
* Interface used for classes implementing integrity checking and privacy
* for DIGEST-MD5 SASL mechanism implementation.
*
* @see <a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>
* - Using Digest Authentication as a SASL Mechanism
*
* @author Jonathan Bruce
*/
interface SecurityCtx {

26
src/java.security.sasl/share/classes/com/sun/security/sasl/ntlm/FactoryImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -34,11 +34,11 @@ import com.sun.security.sasl.util.PolicyUtils;
/**
* Client and server factory for NTLM SASL client/server mechanisms.
* See NTLMClient and NTLMServer for input requirements.
*
* @since 1.7
*/
* Client and server factory for NTLM SASL client/server mechanisms.
* See NTLMClient and NTLMServer for input requirements.
*
* @since 1.7
*/
public final class FactoryImpl implements SaslClientFactory,
SaslServerFactory{
@ -49,8 +49,8 @@ SaslServerFactory{
};
/**
* Empty constructor.
*/
* Empty constructor.
*/
public FactoryImpl() {
}
@ -114,11 +114,11 @@ SaslServerFactory{
}
/**
* Returns the authentication mechanisms that this factory can produce.
*
* @return String[] {"NTLM"} if policies in env match those of this
* factory.
*/
* Returns the authentication mechanisms that this factory can produce.
*
* @return String[] {"NTLM"} if policies in env match those of this
* factory.
*/
public String[] getMechanismNames(Map<String,?> env) {
return PolicyUtils.filterMechs(myMechs, mechPolicies, env);
}

86
src/java.security.sasl/share/classes/com/sun/security/sasl/ntlm/NTLMClient.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -42,48 +42,48 @@ import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
/**
* Required callbacks:
* - RealmCallback
* handle can provide domain info for authentication, optional
* - NameCallback
* handler must enter username to use for authentication
* - PasswordCallback
* handler must enter password for username to use for authentication
*
* Environment properties that affect behavior of implementation:
*
* javax.security.sasl.qop
* String, quality of protection; only "auth" is accepted, default "auth"
*
* com.sun.security.sasl.ntlm.version
* String, name a specific version to use; can be:
* LM/NTLM: Original NTLM v1
* LM: Original NTLM v1, LM only
* NTLM: Original NTLM v1, NTLM only
* NTLM2: NTLM v1 with Client Challenge
* LMv2/NTLMv2: NTLM v2
* LMv2: NTLM v2, LM only
* NTLMv2: NTLM v2, NTLM only
* If not specified, use system property "ntlm.version". If
* still not specified, use default value "LMv2/NTLMv2".
*
* com.sun.security.sasl.ntlm.random
* java.util.Random, the nonce source to be used in NTLM v2 or NTLM v1 with
* Client Challenge. Default null, an internal java.util.Random object
* will be used
*
* Negotiated Properties:
*
* javax.security.sasl.qop
* Always "auth"
*
* com.sun.security.sasl.html.domain
* The domain for the user, provided by the server
*
* @see <a href="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</a>
* - Simple Authentication and Security Layer (SASL)
*
*/
* Required callbacks:
* - RealmCallback
* handle can provide domain info for authentication, optional
* - NameCallback
* handler must enter username to use for authentication
* - PasswordCallback
* handler must enter password for username to use for authentication
*
* Environment properties that affect behavior of implementation:
*
* javax.security.sasl.qop
* String, quality of protection; only "auth" is accepted, default "auth"
*
* com.sun.security.sasl.ntlm.version
* String, name a specific version to use; can be:
* LM/NTLM: Original NTLM v1
* LM: Original NTLM v1, LM only
* NTLM: Original NTLM v1, NTLM only
* NTLM2: NTLM v1 with Client Challenge
* LMv2/NTLMv2: NTLM v2
* LMv2: NTLM v2, LM only
* NTLMv2: NTLM v2, NTLM only
* If not specified, use system property "ntlm.version". If
* still not specified, use default value "LMv2/NTLMv2".
*
* com.sun.security.sasl.ntlm.random
* java.util.Random, the nonce source to be used in NTLM v2 or NTLM v1 with
* Client Challenge. Default null, an internal java.util.Random object
* will be used
*
* Negotiated Properties:
*
* javax.security.sasl.qop
* Always "auth"
*
* com.sun.security.sasl.html.domain
* The domain for the user, provided by the server
*
* @see <a href="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</a>
* - Simple Authentication and Security Layer (SASL)
*
*/
final class NTLMClient implements SaslClient {
private static final String NTLM_VERSION =

84
src/java.security.sasl/share/classes/com/sun/security/sasl/ntlm/NTLMServer.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -39,47 +39,47 @@ import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.*;
/**
* Required callbacks:
* - RealmCallback
* used as key by handler to fetch password, optional
* - NameCallback
* used as key by handler to fetch password
* - PasswordCallback
* handler must enter password for username/realm supplied
*
* Environment properties that affect the implementation:
*
* javax.security.sasl.qop
* String, quality of protection; only "auth" is accepted, default "auth"
*
* com.sun.security.sasl.ntlm.version
* String, name a specific version to accept:
* LM/NTLM: Original NTLM v1
* LM: Original NTLM v1, LM only
* NTLM: Original NTLM v1, NTLM only
* NTLM2: NTLM v1 with Client Challenge
* LMv2/NTLMv2: NTLM v2
* LMv2: NTLM v2, LM only
* NTLMv2: NTLM v2, NTLM only
* If not specified, use system property "ntlm.version". If also
* not specified, all versions are accepted.
*
* com.sun.security.sasl.ntlm.domain
* String, the domain of the server, default is server name (fqdn parameter)
*
* com.sun.security.sasl.ntlm.random
* java.util.Random, the nonce source. Default null, an internal
* java.util.Random object will be used
*
* Negotiated Properties:
*
* javax.security.sasl.qop
* Always "auth"
*
* com.sun.security.sasl.ntlm.hostname
* The hostname for the user, provided by the client
*
*/
* Required callbacks:
* - RealmCallback
* used as key by handler to fetch password, optional
* - NameCallback
* used as key by handler to fetch password
* - PasswordCallback
* handler must enter password for username/realm supplied
*
* Environment properties that affect the implementation:
*
* javax.security.sasl.qop
* String, quality of protection; only "auth" is accepted, default "auth"
*
* com.sun.security.sasl.ntlm.version
* String, name a specific version to accept:
* LM/NTLM: Original NTLM v1
* LM: Original NTLM v1, LM only
* NTLM: Original NTLM v1, NTLM only
* NTLM2: NTLM v1 with Client Challenge
* LMv2/NTLMv2: NTLM v2
* LMv2: NTLM v2, LM only
* NTLMv2: NTLM v2, NTLM only
* If not specified, use system property "ntlm.version". If also
* not specified, all versions are accepted.
*
* com.sun.security.sasl.ntlm.domain
* String, the domain of the server, default is server name (fqdn parameter)
*
* com.sun.security.sasl.ntlm.random
* java.util.Random, the nonce source. Default null, an internal
* java.util.Random object will be used
*
* Negotiated Properties:
*
* javax.security.sasl.qop
* Always "auth"
*
* com.sun.security.sasl.ntlm.hostname
* The hostname for the user, provided by the client
*
*/
final class NTLMServer implements SaslServer {

22
src/java.security.sasl/share/classes/javax/security/sasl/AuthorizeCallback.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,16 +28,16 @@ package javax.security.sasl;
import javax.security.auth.callback.Callback;
/**
* This callback is used by {@code SaslServer} to determine whether
* one entity (identified by an authenticated authentication id)
* can act on
* behalf of another entity (identified by an authorization id).
*
* @since 1.5
*
* @author Rosanna Lee
* @author Rob Weltman
*/
* This callback is used by {@code SaslServer} to determine whether
* one entity (identified by an authenticated authentication id)
* can act on
* behalf of another entity (identified by an authorization id).
*
* @since 1.5
*
* @author Rosanna Lee
* @author Rob Weltman
*/
public class AuthorizeCallback implements Callback, java.io.Serializable {
/**
* The (authenticated) authentication id to check.

18
src/java.security.sasl/share/classes/javax/security/sasl/RealmCallback.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,14 +28,14 @@ package javax.security.sasl;
import javax.security.auth.callback.TextInputCallback;
/**
* This callback is used by {@code SaslClient} and {@code SaslServer}
* to retrieve realm information.
*
* @since 1.5
*
* @author Rosanna Lee
* @author Rob Weltman
*/
* This callback is used by {@code SaslClient} and {@code SaslServer}
* to retrieve realm information.
*
* @since 1.5
*
* @author Rosanna Lee
* @author Rob Weltman
*/
public class RealmCallback extends TextInputCallback {
/**

18
src/java.security.sasl/share/classes/javax/security/sasl/RealmChoiceCallback.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,14 +28,14 @@ package javax.security.sasl;
import javax.security.auth.callback.ChoiceCallback;
/**
* This callback is used by {@code SaslClient} and {@code SaslServer}
* to obtain a realm given a list of realm choices.
*
* @since 1.5
*
* @author Rosanna Lee
* @author Rob Weltman
*/
* This callback is used by {@code SaslClient} and {@code SaslServer}
* to obtain a realm given a list of realm choices.
*
* @since 1.5
*
* @author Rosanna Lee
* @author Rob Weltman
*/
public class RealmChoiceCallback extends ChoiceCallback {
/**

35
src/java.security.sasl/share/classes/javax/security/sasl/SaslClient.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,7 +27,7 @@ package javax.security.sasl;
/**
* Performs SASL authentication as a client.
*<p>
* <p>
* A protocol library such as one for LDAP gets an instance of this
* class in order to perform authentication defined by a specific SASL
* mechanism. Invoking methods on the {@code SaslClient} instance
@ -35,16 +35,16 @@ package javax.security.sasl;
* mechanism implemented by the {@code SaslClient}.
* As the authentication proceeds, the instance
* encapsulates the state of a SASL client's authentication exchange.
*<p>
* <p>
* Here's an example of how an LDAP library might use a {@code SaslClient}.
* It first gets an instance of a {@code SaslClient}:
*<blockquote><pre>{@code
* <blockquote><pre>{@code
* SaslClient sc = Sasl.createSaslClient(mechanisms,
* authorizationId, protocol, serverName, props, callbackHandler);
*}</pre></blockquote>
* }</pre></blockquote>
* It can then proceed to use the client for authentication.
* For example, an LDAP library might use the client as follows:
*<blockquote><pre>{@code
* <blockquote><pre>{@code
* // Get initial response and send to server
* byte[] response = (sc.hasInitialResponse() ? sc.evaluateChallenge(new byte[0]) :
* null);
@ -74,7 +74,7 @@ package javax.security.sasl;
* ldap.out = new SecureOutputStream(sc, ldap.out);
* }
* }
*}</pre></blockquote>
* }</pre></blockquote>
*
* If the mechanism has an initial response, the library invokes
* {@code evaluateChallenge()} with an empty
@ -135,14 +135,14 @@ public abstract interface SaslClient {
throws SaslException;
/**
* Determines whether the authentication exchange has completed.
* This method may be called at any time, but typically, it
* will not be called until the caller has received indication
* from the server
* (in a protocol-specific manner) that the exchange has completed.
*
* @return true if the authentication exchange has completed; false otherwise.
*/
* Determines whether the authentication exchange has completed.
* This method may be called at any time, but typically, it
* will not be called until the caller has received indication
* from the server
* (in a protocol-specific manner) that the exchange has completed.
*
* @return true if the authentication exchange has completed; false otherwise.
*/
public abstract boolean isComplete();
/**
@ -152,7 +152,7 @@ public abstract interface SaslClient {
* the authentication exchange has negotiated integrity and/or privacy
* as the quality of protection; otherwise, an
* {@code IllegalStateException} is thrown.
*<p>
* <p>
* {@code incoming} is the contents of the SASL buffer as defined in RFC 2222
* without the leading four octet field that represents the length.
* {@code offset} and {@code len} specify the portion of {@code incoming}
@ -179,7 +179,7 @@ public abstract interface SaslClient {
* the authentication exchange has negotiated integrity and/or privacy
* as the quality of protection; otherwise, an
* {@code IllegalStateException} is thrown.
*<p>
* <p>
* The result of this method will make up the contents of the SASL buffer
* as defined in RFC 2222 without the leading four octet field that
* represents the length.
@ -215,7 +215,6 @@ public abstract interface SaslClient {
* @exception IllegalStateException if this authentication exchange
* has not completed
*/
public abstract Object getNegotiatedProperty(String propName);
/**

54
src/java.security.sasl/share/classes/javax/security/sasl/SaslServer.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,7 +27,7 @@ package javax.security.sasl;
/**
* Performs SASL authentication as a server.
*<p>
* <p>
* A server such an LDAP server gets an instance of this
* class in order to perform authentication defined by a specific SASL
* mechanism. Invoking methods on the {@code SaslServer} instance
@ -35,19 +35,19 @@ package javax.security.sasl;
* mechanism implemented by the {@code SaslServer}.
* As the authentication proceeds, the instance
* encapsulates the state of a SASL server's authentication exchange.
*<p>
* <p>
* Here's an example of how an LDAP server might use a {@code SaslServer}.
* It first gets an instance of a {@code SaslServer} for the SASL mechanism
* requested by the client:
*<blockquote><pre>
* <blockquote><pre>
* SaslServer ss = Sasl.createSaslServer(mechanism,
* "ldap", myFQDN, props, callbackHandler);
*</pre></blockquote>
* </pre></blockquote>
* It can then proceed to use the server for authentication.
* For example, suppose the LDAP server received an LDAP BIND request
* containing the name of the SASL mechanism and an (optional) initial
* response. It then might use the server as follows:
*<blockquote><pre>{@code
* <blockquote><pre>{@code
* while (!ss.isComplete()) {
* try {
* byte[] challenge = ss.evaluateResponse(response);
@ -55,27 +55,27 @@ package javax.security.sasl;
* status = ldap.sendBindResponse(mechanism, challenge, SUCCESS);
* } else {
* status = ldap.sendBindResponse(mechanism, challenge,
SASL_BIND_IN_PROGRESS);
* SASL_BIND_IN_PROGRESS);
* response = ldap.readBindRequest();
* }
* } catch (SaslException e) {
* status = ldap.sendErrorResponse(e);
* break;
* status = ldap.sendErrorResponse(e);
* break;
* }
* }
* if (ss.isComplete() && status == SUCCESS) {
* String qop = (String) sc.getNegotiatedProperty(Sasl.QOP);
* if (qop != null
* && (qop.equalsIgnoreCase("auth-int")
* || qop.equalsIgnoreCase("auth-conf"))) {
* String qop = (String) sc.getNegotiatedProperty(Sasl.QOP);
* if (qop != null
* && (qop.equalsIgnoreCase("auth-int")
* || qop.equalsIgnoreCase("auth-conf"))) {
*
* // Use SaslServer.wrap() and SaslServer.unwrap() for future
* // communication with client
* ldap.in = new SecureInputStream(ss, ldap.in);
* ldap.out = new SecureOutputStream(ss, ldap.out);
* }
* // Use SaslServer.wrap() and SaslServer.unwrap() for future
* // communication with client
* ldap.in = new SecureInputStream(ss, ldap.in);
* ldap.out = new SecureOutputStream(ss, ldap.out);
* }
* }
*}</pre></blockquote>
* }</pre></blockquote>
*
* @since 1.5
*
@ -121,12 +121,12 @@ public abstract interface SaslServer {
throws SaslException;
/**
* Determines whether the authentication exchange has completed.
* This method is typically called after each invocation of
* {@code evaluateResponse()} to determine whether the
* authentication has completed successfully or should be continued.
* @return true if the authentication exchange has completed; false otherwise.
*/
* Determines whether the authentication exchange has completed.
* This method is typically called after each invocation of
* {@code evaluateResponse()} to determine whether the
* authentication has completed successfully or should be continued.
* @return true if the authentication exchange has completed; false otherwise.
*/
public abstract boolean isComplete();
/**
@ -145,7 +145,7 @@ public abstract interface SaslServer {
* the authentication exchange has negotiated integrity and/or privacy
* as the quality of protection; otherwise,
* an {@code IllegalStateException} is thrown.
*<p>
* <p>
* {@code incoming} is the contents of the SASL buffer as defined in RFC 2222
* without the leading four octet field that represents the length.
* {@code offset} and {@code len} specify the portion of {@code incoming}
@ -171,7 +171,7 @@ public abstract interface SaslServer {
* completed (i.e., when {@code isComplete()} returns true) and only if
* the authentication exchange has negotiated integrity and/or privacy
* as the quality of protection; otherwise, a {@code SaslException} is thrown.
*<p>
* <p>
* The result of this method
* will make up the contents of the SASL buffer as defined in RFC 2222
* without the leading four octet field that represents the length.

2
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_X9_42_DH1_DERIVE_PARAMS.java
View file

@ -70,7 +70,7 @@ public class CK_X9_42_DH1_DERIVE_PARAMS {
/**
* <B>PKCS#11:</B>
* <PRE>
* CK_X9_42_DH_KDF_TYPE kdf;
* CK_X9_42_DH_KDF_TYPE kdf;
* </PRE>
*/
public long kdf;

6
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
*/
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
@ -774,7 +774,7 @@ public class PKCS11 {
* @param outLen buffer size for the encrypted data
* @return the length of encrypted data for this update
* (PKCS#11 param: CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen)
* CK_ULONG_PTR pulEncryptedPartLen)
* @exception PKCS11Exception If function returns other value than CKR_OK.
* @preconditions
* @postconditions
@ -797,7 +797,7 @@ public class PKCS11 {
* @param outLen buffer size for the encrypted data
* @return the length of the last part of the encrypted data
* (PKCS#11 param: CK_BYTE_PTR pLastEncryptedPart,
CK_ULONG_PTR pulLastEncryptedPartLen)
* CK_ULONG_PTR pulLastEncryptedPartLen)
* @exception PKCS11Exception If function returns other value than CKR_OK.
* @preconditions
* @postconditions

6
src/jdk.security.auth/share/classes/com/sun/security/auth/callback/TextCallbackHandler.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -38,7 +38,6 @@ import java.io.IOException;
import sun.security.util.ConsoleCallbackHandler;
/**
* <p>
* Prompts and reads from the command line for answers to authentication
* questions.
* This can be used by a JAAS application to instantiate a
@ -50,11 +49,10 @@ public class TextCallbackHandler implements CallbackHandler {
private final CallbackHandler consoleHandler;
/**
* <p>Creates a callback handler that prompts and reads from the
* Creates a callback handler that prompts and reads from the
* command line for answers to authentication questions.
* This can be used by JAAS applications to instantiate a
* CallbackHandler.
*/
public TextCallbackHandler() {
this.consoleHandler = new ConsoleCallbackHandler();

12
src/jdk.security.jgss/share/classes/com/sun/security/sasl/gsskerb/FactoryImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,11 +32,11 @@ import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
/**
* Client/server factory for GSSAPI (Kerberos V5) SASL client/server mechs.
* See GssKrb5Client/GssKrb5Server for input requirements.
*
* @author Rosanna Lee
*/
* Client/server factory for GSSAPI (Kerberos V5) SASL client/server mechs.
* See GssKrb5Client/GssKrb5Server for input requirements.
*
* @author Rosanna Lee
*/
public final class FactoryImpl implements SaslClientFactory, SaslServerFactory {
private static final String[] myMechs = {
"GSSAPI"};

80
src/jdk.security.jgss/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Client.java
View file

@ -38,46 +38,46 @@ import javax.security.auth.callback.CallbackHandler;
import org.ietf.jgss.*;
/**
* Implements the GSSAPI SASL client mechanism for Kerberos V5.
* (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>,
* <a HREF="http://www.ietf.org/internet-drafts/draft-ietf-cat-sasl-gssapi-04.txt">draft-ietf-cat-sasl-gssapi-04.txt</a>).
* It uses the Java Bindings for GSSAPI
* (<A HREF="http://www.ietf.org/rfc/rfc2853.txt">RFC 2853</A>)
* for getting GSSAPI/Kerberos V5 support.
*
* The client/server interactions are:
* C0: bind (GSSAPI, initial response)
* S0: sasl-bind-in-progress, challenge 1 (output of accept_sec_context or [])
* C1: bind (GSSAPI, response 1 (output of init_sec_context or []))
* S1: sasl-bind-in-progress challenge 2 (security layer, server max recv size)
* C2: bind (GSSAPI, response 2 (security layer, client max recv size, authzid))
* S2: bind success response
*
* Expects the client's credentials to be supplied from the
* javax.security.sasl.credentials property or from the thread's Subject.
* Otherwise the underlying KRB5 mech will attempt to acquire Kerberos creds
* by logging into Kerberos (via default TextCallbackHandler).
* These creds will be used for exchange with server.
*
* Required callbacks: none.
*
* Environment properties that affect behavior of implementation:
*
* javax.security.sasl.qop
* - quality of protection; list of auth, auth-int, auth-conf; default is "auth"
* javax.security.sasl.maxbuf
* - max receive buffer size; default is 65536
* javax.security.sasl.sendmaxbuffer
* - max send buffer size; default is 65536; (min with server max recv size)
*
* javax.security.sasl.server.authentication
* - "true" means require mutual authentication; default is "false"
*
* javax.security.sasl.credentials
* - an {@link org.ietf.jgss.GSSCredential} used for delegated authentication.
*
* @author Rosanna Lee
*/
* Implements the GSSAPI SASL client mechanism for Kerberos V5.
* (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>,
* <a HREF="http://www.ietf.org/internet-drafts/draft-ietf-cat-sasl-gssapi-04.txt">draft-ietf-cat-sasl-gssapi-04.txt</a>).
* It uses the Java Bindings for GSSAPI
* (<A HREF="http://www.ietf.org/rfc/rfc2853.txt">RFC 2853</A>)
* for getting GSSAPI/Kerberos V5 support.
*
* The client/server interactions are:
* C0: bind (GSSAPI, initial response)
* S0: sasl-bind-in-progress, challenge 1 (output of accept_sec_context or [])
* C1: bind (GSSAPI, response 1 (output of init_sec_context or []))
* S1: sasl-bind-in-progress challenge 2 (security layer, server max recv size)
* C2: bind (GSSAPI, response 2 (security layer, client max recv size, authzid))
* S2: bind success response
*
* Expects the client's credentials to be supplied from the
* javax.security.sasl.credentials property or from the thread's Subject.
* Otherwise the underlying KRB5 mech will attempt to acquire Kerberos creds
* by logging into Kerberos (via default TextCallbackHandler).
* These creds will be used for exchange with server.
*
* Required callbacks: none.
*
* Environment properties that affect behavior of implementation:
*
* javax.security.sasl.qop
* - quality of protection; list of auth, auth-int, auth-conf; default is "auth"
* javax.security.sasl.maxbuf
* - max receive buffer size; default is 65536
* javax.security.sasl.sendmaxbuffer
* - max send buffer size; default is 65536; (min with server max recv size)
*
* javax.security.sasl.server.authentication
* - "true" means require mutual authentication; default is "false"
*
* javax.security.sasl.credentials
* - an {@link org.ietf.jgss.GSSCredential} used for delegated authentication.
*
* @author Rosanna Lee
*/
final class GssKrb5Client extends GssKrb5Base implements SaslClient {
// ---------------- Constants -----------------

52
src/jdk.security.jgss/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Server.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -39,31 +39,31 @@ import javax.security.auth.callback.*;
import org.ietf.jgss.*;
/**
* Implements the GSSAPI SASL server mechanism for Kerberos V5.
* (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>,
* <a HREF="http://www.ietf.org/internet-drafts/draft-ietf-cat-sasl-gssapi-00.txt">draft-ietf-cat-sasl-gssapi-00.txt</a>).
*
* Expects thread's Subject to contain server's Kerberos credentials
* - If not, underlying KRB5 mech will attempt to acquire Kerberos creds
* by logging into Kerberos (via default TextCallbackHandler).
* - These creds will be used for exchange with client.
*
* Required callbacks:
* - AuthorizeCallback
* handler must verify that authid/authzids are allowed and set
* authorized ID to be the canonicalized authzid (if applicable).
*
* Environment properties that affect behavior of implementation:
*
* javax.security.sasl.qop
* - quality of protection; list of auth, auth-int, auth-conf; default is "auth"
* javax.security.sasl.maxbuf
* - max receive buffer size; default is 65536
* javax.security.sasl.sendmaxbuffer
* - max send buffer size; default is 65536; (min with client max recv size)
*
* @author Rosanna Lee
*/
* Implements the GSSAPI SASL server mechanism for Kerberos V5.
* (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>,
* <a HREF="http://www.ietf.org/internet-drafts/draft-ietf-cat-sasl-gssapi-00.txt">draft-ietf-cat-sasl-gssapi-00.txt</a>).
*
* Expects thread's Subject to contain server's Kerberos credentials
* - If not, underlying KRB5 mech will attempt to acquire Kerberos creds
* by logging into Kerberos (via default TextCallbackHandler).
* - These creds will be used for exchange with client.
*
* Required callbacks:
* - AuthorizeCallback
* handler must verify that authid/authzids are allowed and set
* authorized ID to be the canonicalized authzid (if applicable).
*
* Environment properties that affect behavior of implementation:
*
* javax.security.sasl.qop
* - quality of protection; list of auth, auth-int, auth-conf; default is "auth"
* javax.security.sasl.maxbuf
* - max receive buffer size; default is 65536
* javax.security.sasl.sendmaxbuffer
* - max send buffer size; default is 65536; (min with client max recv size)
*
* @author Rosanna Lee
*/
final class GssKrb5Server extends GssKrb5Base implements SaslServer {
private static final String MY_CLASS_NAME = GssKrb5Server.class.getName();