archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 07:14:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8291509: Minor cleanup could be done in sun.security

Browse source 
Reviewed-by: weijun
This commit is contained in:
Mark Powers 2022-09-15 19:59:53 +00:00 committed by Weijun Wang
parent 6beeb8471c
commit 4cec141a90
298 changed files with 2650 additions and 3262 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -29,12 +29,10 @@ import java.security.AccessController;
import java.security.AlgorithmConstraints;
import java.security.PrivilegedAction;
import java.security.Security;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.TreeSet;
import java.util.List;
import java.util.Set;
import java.util.TreeSet;
/**
* The class contains common functionality for algorithm constraints classes.

15
src/java.base/share/classes/sun/security/util/AlgorithmDecomposer.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,12 +25,7 @@
package sun.security.util;
import java.util.HashSet;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
import java.util.Arrays;
import java.util.Collection;
import java.util.*;
import java.util.regex.Pattern;
/**
@ -87,7 +82,7 @@ public class AlgorithmDecomposer {
* so that we can check the "SHA1" and "RSA" algorithm constraints
* separately.
* <p>
* Please override the method if need to support more name pattern.
* Please override the method if you need to support more name pattern.
*/
public Set<String> decompose(String algorithm) {
if (algorithm == null || algorithm.isEmpty()) {
@ -157,9 +152,7 @@ public class AlgorithmDecomposer {
for (Map.Entry<String, String> e : DECOMPOSED_DIGEST_NAMES.entrySet()) {
if (elements.contains(e.getKey())) {
if (!elements.contains(e.getValue())) {
elements.add(e.getValue());
}
elements.add(e.getValue());
elements.remove(e.getKey());
}
}

4
src/java.base/share/classes/sun/security/util/AnchorCertificates.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2016, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -100,7 +100,7 @@ public class AnchorCertificates {
*/
public static boolean contains(X509Certificate cert) {
String key = X509CertImpl.getFingerprint(HASH, cert, debug);
boolean result = (key == null ? false : certs.contains(key));
boolean result = (key != null && certs.contains(key));
if (result && debug != null) {
debug.println("AnchorCertificate.contains: matched " +
cert.getSubjectX500Principal());

7
src/java.base/share/classes/sun/security/util/ArrayUtil.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,11 +25,10 @@
package sun.security.util;
import java.util.List;
import java.util.function.BiFunction;
import java.security.*;
import jdk.internal.util.Preconditions;
import java.security.ProviderException;
/**
* This class holds the various utility methods for array range checks.

9
src/java.base/share/classes/sun/security/util/BitArray.java
View file

@ -26,7 +26,6 @@
package sun.security.util;
import java.io.ByteArrayOutputStream;
import java.util.Arrays;
import jdk.internal.util.Preconditions;
@ -39,8 +38,8 @@ import jdk.internal.util.Preconditions;
public class BitArray {
private byte[] repn;
private int length;
private final byte[] repn;
private final int length;
private static final int BITS_PER_UNIT = 8;
@ -170,7 +169,7 @@ public class BitArray {
* The bit stored at index zero in this BitArray will be copied
* into the most significant bit of the zeroth element of the
* returned byte array. The last byte of the returned byte array
* will be contain zeros in any bits that do not have corresponding
* will contain zeros in any bits that do not have corresponding
* bits in the BitArray. (This matters only if the BitArray's size
* is not a multiple of 8.)
*/
@ -191,7 +190,7 @@ public class BitArray {
}
/**
* Return a boolean array with the same bit values a this BitArray.
* Return a boolean array with the same bit values in this BitArray.
*/
public boolean[] toBooleanArray() {
boolean[] bits = new boolean[length];

19
src/java.base/share/classes/sun/security/util/Cache.java
View file

@ -187,16 +187,15 @@ public abstract class Cache<K,V> {
if (this == obj) {
return true;
}
if (obj instanceof EqualByteArray == false) {
if (!(obj instanceof EqualByteArray other)) {
return false;
}
EqualByteArray other = (EqualByteArray)obj;
return Arrays.equals(this.b, other.b);
}
}
public interface CacheVisitor<K,V> {
public void visit(Map<K,V> map);
void visit(Map<K, V> map);
}
}
@ -269,7 +268,7 @@ class MemoryCache<K,V> extends Cache<K,V> {
public MemoryCache(boolean soft, int maxSize, int lifetime) {
this.maxSize = maxSize;
this.lifetime = lifetime * 1000;
this.lifetime = lifetime * 1000L;
if (soft)
this.queue = new ReferenceQueue<>();
else
@ -334,7 +333,7 @@ class MemoryCache<K,V> extends Cache<K,V> {
for (Iterator<CacheEntry<K,V>> t = cacheMap.values().iterator();
t.hasNext(); ) {
CacheEntry<K,V> entry = t.next();
if (entry.isValid(time) == false) {
if (!entry.isValid(time)) {
t.remove();
cnt++;
} else if (nextExpirationTime > entry.getExpirationTime()) {
@ -403,7 +402,7 @@ class MemoryCache<K,V> extends Cache<K,V> {
return null;
}
long time = (lifetime == 0) ? 0 : System.currentTimeMillis();
if (entry.isValid(time) == false) {
if (!entry.isValid(time)) {
if (DEBUG) {
System.out.println("Ignoring expired entry");
}
@ -456,7 +455,7 @@ class MemoryCache<K,V> extends Cache<K,V> {
}
}
maxSize = size > 0 ? size : 0;
maxSize = Math.max(size, 0);
if (DEBUG) {
System.out.println("** capacity reset to " + size);
@ -499,7 +498,7 @@ class MemoryCache<K,V> extends Cache<K,V> {
}
}
private static interface CacheEntry<K,V> {
private interface CacheEntry<K,V> {
boolean isValid(long currentTime);
@ -538,7 +537,7 @@ class MemoryCache<K,V> extends Cache<K,V> {
public boolean isValid(long currentTime) {
boolean valid = (currentTime <= expirationTime);
if (valid == false) {
if (!valid) {
invalidate();
}
return valid;
@ -579,7 +578,7 @@ class MemoryCache<K,V> extends Cache<K,V> {
public boolean isValid(long currentTime) {
boolean valid = (currentTime <= expirationTime) && (get() != null);
if (valid == false) {
if (!valid) {
invalidate();
}
return valid;

15
src/java.base/share/classes/sun/security/util/ConsoleCallbackHandler.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2014, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -63,8 +63,7 @@ public class ConsoleCallbackHandler implements CallbackHandler {
ConfirmationCallback confirmation = null;
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof TextOutputCallback) {
TextOutputCallback tc = (TextOutputCallback) callbacks[i];
if (callbacks[i] instanceof TextOutputCallback tc) {
String text;
switch (tc.getMessageType()) {
@ -90,8 +89,7 @@ public class ConsoleCallbackHandler implements CallbackHandler {
System.err.println(text);
}
} else if (callbacks[i] instanceof NameCallback) {
NameCallback nc = (NameCallback) callbacks[i];
} else if (callbacks[i] instanceof NameCallback nc) {
if (nc.getDefaultName() == null) {
System.err.print(nc.getPrompt());
@ -108,8 +106,7 @@ public class ConsoleCallbackHandler implements CallbackHandler {
nc.setName(result);
} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callbacks[i];
} else if (callbacks[i] instanceof PasswordCallback pc) {
System.err.print(pc.getPrompt());
System.err.flush();
@ -162,8 +159,8 @@ public class ConsoleCallbackHandler implements CallbackHandler {
}
class OptionInfo {
String name;
int value;
final String name;
final int value;
OptionInfo(String name, int value) {
this.name = name;
this.value = value;

10
src/java.base/share/classes/sun/security/util/CurveDB.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2006, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -45,13 +45,13 @@ public class CurveDB {
private static final int BD = 6; // binary curve, mark as default
private static final Map<String,NamedCurve> oidMap =
new LinkedHashMap<String,NamedCurve>();
new LinkedHashMap<>();
private static final Map<String,NamedCurve> nameMap =
new HashMap<String,NamedCurve>();
new HashMap<>();
private static final Map<Integer,NamedCurve> lengthMap =
new HashMap<Integer,NamedCurve>();
new HashMap<>();
private static Collection<? extends NamedCurve> specCollection;
private static final Collection<? extends NamedCurve> specCollection;
// Return a NamedCurve for the specified OID/name or null if unknown.
public static NamedCurve lookup(String name) {

6
src/java.base/share/classes/sun/security/util/Debug.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -139,7 +139,7 @@ public class Debug {
/**
* Get a Debug object corresponding to whether or not the given
* option is set. Set the prefix to be prefix.
* option is set. Set the prefix to prefix.
*/
public static Debug getInstance(String option, String prefix)
{
@ -214,7 +214,7 @@ public class Debug {
}
/**
* PrintStream for debug methods. Currently only System.err is supported.
* PrintStream for debug methods. Currently, only System.err is supported.
*/
public PrintStream getPrintStream() {
return System.err;

4
src/java.base/share/classes/sun/security/util/DerEncoder.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1999, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 1922, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -41,7 +41,7 @@ public interface DerEncoder {
*
* @param out the stream on which the DER encoding is written.
*/
public void derEncode(OutputStream out)
void derEncode(OutputStream out)
throws IOException;
}

6
src/java.base/share/classes/sun/security/util/DerIndefLenConverter.java
View file

@ -59,7 +59,7 @@ class DerIndefLenConverter {
// length octets. At the end, the new DER encoding is a concatenation of
// all existing tags, existing definite length octets, existing contents,
// and the newly created definite length octets in this list.
private ArrayList<Object> ndefsList = new ArrayList<Object>();
private final ArrayList<Object> ndefsList = new ArrayList<>();
// Length of extra bytes needed to convert indefinite encoding to definite.
// For each resolved indefinite length encoding, the starting 0x80 byte
@ -303,7 +303,7 @@ class DerIndefLenConverter {
// Returns the number of bytes needed to represent the given length
// in ASN.1 notation
private int getNumOfLenBytes(int len) {
int numOfLenBytes = 0;
int numOfLenBytes;
if (len < 128) {
numOfLenBytes = 1;
@ -329,7 +329,7 @@ class DerIndefLenConverter {
}
/**
* Converts a indefinite length DER encoded byte array to
* Converts an indefinite length DER encoded byte array to
* a definite length DER encoding.
*
* @param indefData the byte array holding the indefinite

8
src/java.base/share/classes/sun/security/util/DerInputStream.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -288,8 +288,8 @@ public class DerInputStream {
/**
* Mark the current position in the buffer, so that
* a later call to <code>reset</code> will return here.
* The {@code readAheadLimit} is useless here because
* all data is available and we can go to anywhere at will.
* The {@code readAheadLimit} is useless here, because
* all data is available, and we can go to anywhere at will.
*/
public void mark(int readAheadLimit) { mark = pos; }
@ -324,7 +324,6 @@ public class DerInputStream {
*
* @param rule the rule to check for the tag.
* @return true if matches, false if not or stream is at end.
* @throws IOException if an I/O error happens while peeking the byte
*/
private boolean checkNextTag(Predicate<Byte> rule) {
return available() > 0 && rule.test(data[pos]);
@ -335,7 +334,6 @@ public class DerInputStream {
*
* @param tag the expected tag
* @return true if matches, false if not or stream is at end.
* @throws IOException if an I/O error happens while peeking the byte
*/
private boolean checkNextTag(byte tag) {
return checkNextTag(t -> t == tag);

14
src/java.base/share/classes/sun/security/util/DerOutputStream.java
View file

@ -344,7 +344,7 @@ extends ByteArrayOutputStream implements DerEncoder {
* Marshals the contents of a set on the output stream. Sets
* are semantically unordered, but DER requires that encodings of
* set elements be sorted into ascending lexicographical order
* before being output. Hence sets with the same tags and
* before being output. Hence, sets with the same tags and
* elements have the same DER encoding.
*
* This method supports the ASN.1 "SET OF" construct, but not
@ -358,7 +358,7 @@ extends ByteArrayOutputStream implements DerEncoder {
* Marshals the contents of a set on the output stream. Sets
* are semantically unordered, but DER requires that encodings of
* set elements be sorted into ascending tag order
* before being output. Hence sets with the same tags and
* before being output. Hence, sets with the same tags and
* elements have the same DER encoding.
*
* This method supports the ASN.1 "SET" construct, but not
@ -372,17 +372,17 @@ extends ByteArrayOutputStream implements DerEncoder {
* Lexicographical order comparison on byte arrays, for ordering
* elements of a SET OF objects in DER encoding.
*/
private static ByteArrayLexOrder lexOrder = new ByteArrayLexOrder();
private static final ByteArrayLexOrder lexOrder = new ByteArrayLexOrder();
/**
* Tag order comparison on byte arrays, for ordering elements of
* SET objects in DER encoding.
*/
private static ByteArrayTagOrder tagOrder = new ByteArrayTagOrder();
private static final ByteArrayTagOrder tagOrder = new ByteArrayTagOrder();
/**
* Marshals the contents of a set on the output stream with the
* encodings of its sorted in increasing order.
* encoding of elements sorted in increasing order.
*
* @param order the order to use when sorting encodings of components.
*/
@ -400,7 +400,7 @@ extends ByteArrayOutputStream implements DerEncoder {
for (int i = 0; i < streams.length; i++) {
bufs[i] = streams[i].toByteArray();
}
Arrays.<byte[]>sort(bufs, order);
Arrays.sort(bufs, order);
DerOutputStream bytes = new DerOutputStream();
for (int i = 0; i < streams.length; i++) {
@ -507,7 +507,7 @@ extends ByteArrayOutputStream implements DerEncoder {
*/
TimeZone tz = TimeZone.getTimeZone("GMT");
String pattern = null;
String pattern;
if (tag == DerValue.tag_UtcTime) {
pattern = "yyMMddHHmmss'Z'";

9
src/java.base/share/classes/sun/security/util/DerValue.java
View file

@ -120,7 +120,7 @@ public class DerValue {
/** Tag value indicating an ASN.1 "GeneralizedTime" value. */
public static final byte tag_GeneralizedTime = 0x18;
/** Tag value indicating an ASN.1 "GenerallString" value. */
/** Tag value indicating an ASN.1 "GeneralString" value. */
public static final byte tag_GeneralString = 0x1B;
/** Tag value indicating an ASN.1 "UniversalString" value. */
@ -1016,7 +1016,7 @@ public class DerValue {
throw new IOException("Parse " + type + " time, +hhmm");
}
time -= ((hr * 60) + min) * 60 * 1000;
time -= ((hr * 60L) + min) * 60 * 1000;
break;
case '-':
@ -1032,7 +1032,7 @@ public class DerValue {
throw new IOException("Parse " + type + " time, -hhmm");
}
time += ((hr * 60) + min) * 60 * 1000;
time += ((hr * 60L) + min) * 60 * 1000;
break;
case 'Z':
@ -1104,10 +1104,9 @@ public class DerValue {
if (this == o) {
return true;
}
if (!(o instanceof DerValue)) {
if (!(o instanceof DerValue other)) {
return false;
}
DerValue other = (DerValue) o;
if (tag != other.tag) {
return false;
}

16
src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
View file

@ -323,7 +323,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
* disallowed.
*/
private static class Constraints {
private Map<String, List<Constraint>> constraintsMap = new HashMap<>();
private final Map<String, List<Constraint>> constraintsMap = new HashMap<>();
private static class Holder {
private static final Pattern DENY_AFTER_PATTERN = Pattern.compile(
@ -358,7 +358,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
alias.toUpperCase(Locale.ENGLISH), constraintList);
}
// If there is no whitespace, it is a algorithm name; however,
// If there is no whitespace, it is an algorithm name; however,
// if there is a whitespace, could be a multi-word EC curve too.
if (space <= 0 || CurveDB.lookup(constraintEntry) != null) {
constraintList.add(new DisabledConstraint(algorithm));
@ -423,7 +423,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
day);
denyAfterLimit = true;
} else if (entry.startsWith("usage")) {
String s[] = (entry.substring(5)).trim().split(" ");
String[] s = (entry.substring(5)).trim().split(" ");
c = new UsageConstraint(algorithm, s);
if (debug != null) {
debug.println("Constraints usage length is " + s.length);
@ -589,7 +589,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
*
* @param parameters the cryptographic parameters
* @return 'true' if the cryptographic parameters is allowed,
* 'false' ortherwise.
* 'false' otherwise.
*/
public boolean permits(AlgorithmParameters parameters) {
return true;
@ -694,8 +694,8 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
* timezone.
*/
private static class DenyAfterConstraint extends Constraint {
private ZonedDateTime zdt;
private Instant denyAfterDate;
private final ZonedDateTime zdt;
private final Instant denyAfterDate;
DenyAfterConstraint(String algo, int year, int month, int day) {
@ -831,8 +831,8 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
*/
private static class KeySizeConstraint extends Constraint {
private int minSize; // the minimal available key size
private int maxSize; // the maximal available key size
private final int minSize; // the minimal available key size
private final int maxSize; // the maximal available key size
private int prohibitedSize = -1; // unavailable key sizes
public KeySizeConstraint(String algo, Operator operator, int length) {

10
src/java.base/share/classes/sun/security/util/DomainName.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2017, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2017, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -93,7 +93,7 @@ import sun.security.ssl.SSLLogger;
* rule, a wildcard rule (rules that contain a wildcard prefix only),
* or a LinkedList of "other" rules
*
* The general matching algorithm tries to find a longest match. So, the
* The general matching algorithm tries to find the longest match. So, the
* search begins at the RuleSet with the most labels, and works backwards.
*
* Exceptions take priority over all other rules, and if a Rule contains
@ -555,8 +555,8 @@ class DomainName {
* only in the leading label, or an exception rule.
*/
private static class CommonMatch implements Match {
private String domain;
private int publicSuffix; // index to
private final String domain;
private final int publicSuffix; // index to
private int registeredDomain; // index to
private final Rule rule;
@ -611,7 +611,7 @@ class DomainName {
public RegisteredDomain registeredDomain() {
int nlabels = numLabels + 1;
if (nlabels > target.size()) {
// special case when registered domain is same as pub suff
// special case when registered domain is same as pub suffix
return null;
}
return new RegisteredDomainImpl(getSuffixes(nlabels),

4
src/java.base/share/classes/sun/security/util/ECKeySizeParameterSpec.java
View file

@ -26,8 +26,6 @@ package sun.security.util;
import java.security.spec.AlgorithmParameterSpec;
import sun.security.util.ObjectIdentifier;
/**
* This immutable class is used when randomly generating a key pair and the
* consumer only specifies the length of the key and therefore a curve for that
@ -38,7 +36,7 @@ import sun.security.util.ObjectIdentifier;
*/
public class ECKeySizeParameterSpec implements AlgorithmParameterSpec {
private int keySize;
private final int keySize;
/**
* Creates a parameter specification for EC curve

4
src/java.base/share/classes/sun/security/util/Event.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2020, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -43,7 +43,7 @@ public final class Event {
}
public interface Reporter {
public void handle(String type, Object... args);
void handle(String type, Object... args);
}
public static void setReportListener(ReporterCategory cat, Reporter re) {

4
src/java.base/share/classes/sun/security/util/FilePermCompat.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,8 +25,6 @@
package sun.security.util;
import sun.security.action.GetPropertyAction;
import java.io.FilePermission;
import java.security.Permission;
import jdk.internal.access.SharedSecrets;

13
src/java.base/share/classes/sun/security/util/GCMParameters.java
View file

@ -30,8 +30,6 @@ import java.security.AlgorithmParametersSpi;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import javax.crypto.spec.GCMParameterSpec;
import sun.security.util.HexDumpEncoder;
import sun.security.util.*;
/**
* This class implements the parameter set used with
@ -60,11 +58,10 @@ public final class GCMParameters extends AlgorithmParametersSpi {
protected void engineInit(AlgorithmParameterSpec paramSpec)
throws InvalidParameterSpecException {
if (!(paramSpec instanceof GCMParameterSpec)) {
if (!(paramSpec instanceof GCMParameterSpec gps)) {
throw new InvalidParameterSpecException
("Inappropriate parameter specification");
}
GCMParameterSpec gps = (GCMParameterSpec) paramSpec;
// need to convert from bits to bytes for ASN.1 encoding
this.tLen = gps.getTLen()/8;
if (this.tLen < 12 || this.tLen > 16 ) {
@ -143,11 +140,9 @@ public final class GCMParameters extends AlgorithmParametersSpi {
protected String engineToString() {
String LINE_SEP = System.lineSeparator();
HexDumpEncoder encoder = new HexDumpEncoder();
StringBuilder sb
= new StringBuilder(LINE_SEP + " iv:" + LINE_SEP + "["
+ encoder.encodeBuffer(iv) + "]");
sb.append(LINE_SEP + "tLen(bits):" + LINE_SEP + tLen*8 + LINE_SEP);
return sb.toString();
return LINE_SEP + " iv:" + LINE_SEP + "["
+ encoder.encodeBuffer(iv) + "]" + LINE_SEP + "tLen(bits):"
+ LINE_SEP + tLen * 8 + LINE_SEP;
}
}

21
src/java.base/share/classes/sun/security/util/HexDumpEncoder.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1995, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -55,7 +55,7 @@ public class HexDumpEncoder {
private int offset;
private int thisLineLength;
private int currentByte;
private byte thisLine[] = new byte[16];
private final byte[] thisLine = new byte[16];
static void hexDigit(PrintStream p, byte x) {
char c;
@ -87,7 +87,7 @@ public class HexDumpEncoder {
pStream = new PrintStream(o);
}
protected void encodeLinePrefix(OutputStream o, int len) throws IOException {
protected void encodeLinePrefix(OutputStream o, int len) {
hexDigit(pStream, (byte)((offset >>> 8) & 0xff));
hexDigit(pStream, (byte)(offset & 0xff));
pStream.print(": ");
@ -95,7 +95,8 @@ public class HexDumpEncoder {
thisLineLength = len;
}
protected void encodeAtom(OutputStream o, byte buf[], int off, int len) throws IOException {
protected void encodeAtom(OutputStream o, byte[] buf, int off, int len)
throws IOException {
thisLine[currentByte] = buf[off];
hexDigit(pStream, buf[off]);
pStream.print(" ");
@ -131,7 +132,7 @@ public class HexDumpEncoder {
* This method works around the bizarre semantics of BufferedInputStream's
* read method.
*/
protected int readFully(InputStream in, byte buffer[])
protected int readFully(InputStream in, byte[] buffer)
throws java.io.IOException {
for (int i = 0; i < buffer.length; i++) {
int q = in.read();
@ -153,7 +154,7 @@ public class HexDumpEncoder {
{
int j;
int numBytes;
byte tmpbuffer[] = new byte[bytesPerLine()];
byte[] tmpbuffer = new byte[bytesPerLine()];
encodeBufferPrefix(outStream);
@ -183,7 +184,7 @@ public class HexDumpEncoder {
* A 'streamless' version of encode that simply takes a buffer of
* bytes and returns a string containing the encoded buffer.
*/
public String encode(byte aBuffer[]) {
public String encode(byte[] aBuffer) {
ByteArrayOutputStream outStream = new ByteArrayOutputStream();
ByteArrayInputStream inStream = new ByteArrayInputStream(aBuffer);
try {
@ -264,7 +265,7 @@ public class HexDumpEncoder {
{
int j;
int numBytes;
byte tmpbuffer[] = new byte[bytesPerLine()];
byte[] tmpbuffer = new byte[bytesPerLine()];
encodeBufferPrefix(outStream);
@ -292,7 +293,7 @@ public class HexDumpEncoder {
* Encode the buffer in <i>aBuffer</i> and write the encoded
* result to the OutputStream <i>aStream</i>.
*/
public void encodeBuffer(byte aBuffer[], OutputStream aStream)
public void encodeBuffer(byte[] aBuffer, OutputStream aStream)
throws IOException
{
ByteArrayInputStream inStream = new ByteArrayInputStream(aBuffer);
@ -303,7 +304,7 @@ public class HexDumpEncoder {
* A 'streamless' version of encode that simply takes a buffer of
* bytes and returns a string containing the encoded buffer.
*/
public String encodeBuffer(byte aBuffer[]) {
public String encodeBuffer(byte[] aBuffer) {
ByteArrayOutputStream outStream = new ByteArrayOutputStream();
ByteArrayInputStream inStream = new ByteArrayInputStream(aBuffer);
try {

14
src/java.base/share/classes/sun/security/util/HostnameChecker.java
View file

@ -61,7 +61,7 @@ public class HostnameChecker {
private static final int ALTNAME_DNS = 2;
private static final int ALTNAME_IP = 7;
// the algorithm to follow to perform the check. Currently unused.
// the algorithm to follow to perform the check. Currently, unused.
private final byte checkType;
private HostnameChecker(byte checkType) {
@ -119,12 +119,8 @@ public class HostnameChecker {
* Likewise for IP addresses when it returns false.
*/
private static boolean isIpAddress(String name) {
if (IPAddressUtil.isIPv4LiteralAddress(name) ||
IPAddressUtil.isIPv6LiteralAddress(name)) {
return true;
} else {
return false;
}
return IPAddressUtil.isIPv4LiteralAddress(name) ||
IPAddressUtil.isIPv6LiteralAddress(name);
}
/**
@ -288,7 +284,7 @@ public class HostnameChecker {
// check the validity of the domain name template.
try {
// Replacing wildcard character '*' with 'z' so as to check
// Replacing wildcard character '*' with 'z' to check
// the domain name template validity.
//
// Using the checking implemented in SNIHostName
@ -414,7 +410,7 @@ public class HostnameChecker {
return name.equals(template);
boolean isBeginning = true;
String beforeWildcard = "";
String beforeWildcard;
String afterWildcard = template;
while (wildcardIdx != -1) {

6
src/java.base/share/classes/sun/security/util/JarConstraintsParameters.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2020, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2020, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -34,8 +34,6 @@ import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import sun.security.util.AnchorCertificates;
import sun.security.util.ConstraintsParameters;
import sun.security.validator.Validator;
/**
@ -49,7 +47,7 @@ public class JarConstraintsParameters implements ConstraintsParameters {
private boolean anchorIsJdkCA;
private boolean anchorIsJdkCASet;
// The timestamp of the signed JAR file, if timestamped
private Date timestamp;
private final Date timestamp;
// The keys of the signers and TSA
private final Set<Key> keys;
// The certs in the signers and TSA chain that are issued by the trust anchor

30
src/java.base/share/classes/sun/security/util/KeyStoreDelegator.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2014, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2014, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,14 +25,16 @@
package sun.security.util;
import java.io.*;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateException;
import java.util.*;
import sun.security.util.Debug;
import java.util.Date;
import java.util.Enumeration;
import java.util.Set;
/**
* This class delegates to a primary or secondary keystore implementation.
@ -45,15 +47,15 @@ public class KeyStoreDelegator extends KeyStoreSpi {
private static final String KEYSTORE_TYPE_COMPAT = "keystore.type.compat";
private static final Debug debug = Debug.getInstance("keystore");
private String primaryType; // the primary keystore's type
private String secondaryType; // the secondary keystore's type
private Class<? extends KeyStoreSpi> primaryKeyStore;
// the primary keystore's class
private Class<? extends KeyStoreSpi> secondaryKeyStore;
// the secondary keystore's class
private final String primaryType; // the primary keystore's type
private final String secondaryType; // the secondary keystore's type
private final Class<? extends KeyStoreSpi> primaryKeyStore;
// the primary keystore's class
private final Class<? extends KeyStoreSpi> secondaryKeyStore;
// the secondary keystore's class
private String type; // the delegate's type
private KeyStoreSpi keystore; // the delegate
private boolean compatModeEnabled = true;
private final boolean compatModeEnabled;
public KeyStoreDelegator(
String primaryType,
@ -308,7 +310,7 @@ public class KeyStoreDelegator extends KeyStoreSpi {
} finally {
// reset
if (result == false) {
if (!result) {
type = null;
keystore = null;
}

53
src/java.base/share/classes/sun/security/util/KeyUtil.java
View file

@ -25,34 +25,24 @@
package sun.security.util;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.Key;
import java.security.InvalidKeyException;
import java.security.interfaces.ECKey;
import java.security.interfaces.EdECKey;
import java.security.interfaces.EdECPublicKey;
import java.security.interfaces.RSAKey;
import java.security.interfaces.DSAKey;
import java.security.interfaces.DSAParams;
import java.security.interfaces.XECKey;
import java.security.Key;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.KeySpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.security.interfaces.*;
import java.security.spec.*;
import java.util.Arrays;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import java.math.BigInteger;
import java.security.spec.NamedParameterSpec;
import java.util.Arrays;
import sun.security.jca.JCAUtil;
/**
* A utility class to get key length, valiate keys, etc.
* A utility class to get key length, validate keys, etc.
*/
public final class KeyUtil {
@ -63,7 +53,7 @@ public final class KeyUtil {
* @return the key size of the given key object in bits, or -1 if the
* key size is not accessible
*/
public static final int getKeySize(Key key) {
public static int getKeySize(Key key) {
int size = -1;
if (key instanceof Length) {
@ -80,8 +70,7 @@ public final class KeyUtil {
}
// try to parse the length from key specification
if (key instanceof SecretKey) {
SecretKey sk = (SecretKey)key;
if (key instanceof SecretKey sk) {
String format = sk.getFormat();
if ("RAW".equals(format)) {
byte[] encoded = sk.getEncoded();
@ -89,23 +78,18 @@ public final class KeyUtil {
size = (encoded.length * 8);
Arrays.fill(encoded, (byte)0);
}
} // Otherwise, it may be a unextractable key of PKCS#11, or
} // Otherwise, it may be an unextractable key of PKCS#11, or
// a key we are not able to handle.
} else if (key instanceof RSAKey) {
RSAKey pubk = (RSAKey)key;
} else if (key instanceof RSAKey pubk) {
size = pubk.getModulus().bitLength();
} else if (key instanceof ECKey) {
ECKey pubk = (ECKey)key;
} else if (key instanceof ECKey pubk) {
size = pubk.getParams().getOrder().bitLength();
} else if (key instanceof DSAKey) {
DSAKey pubk = (DSAKey)key;
} else if (key instanceof DSAKey pubk) {
DSAParams params = pubk.getParams(); // params can be null
size = (params != null) ? params.getP().bitLength() : -1;
} else if (key instanceof DHKey) {
DHKey pubk = (DHKey)key;
} else if (key instanceof DHKey pubk) {
size = pubk.getParams().getP().bitLength();
} else if (key instanceof XECKey) {
XECKey pubk = (XECKey)key;
} else if (key instanceof XECKey pubk) {
AlgorithmParameterSpec params = pubk.getParams();
if (params instanceof NamedParameterSpec) {
String name = ((NamedParameterSpec) params).getName();
@ -129,7 +113,7 @@ public final class KeyUtil {
} else {
size = -1;
}
} // Otherwise, it may be a unextractable key of PKCS#11, or
} // Otherwise, it may be an unextractable key of PKCS#11, or
// a key we are not able to handle.
return size;
@ -202,8 +186,7 @@ public final class KeyUtil {
String result = key.getAlgorithm();
if (key instanceof ECKey) {
ECParameterSpec paramSpec = ((ECKey) key).getParams();
if (paramSpec instanceof NamedCurve) {
NamedCurve nc = (NamedCurve)paramSpec;
if (paramSpec instanceof NamedCurve nc) {
result += " (" + nc.getNameAndAliases()[0] + ")";
}
} else if (key instanceof EdECKey) {
@ -308,7 +291,7 @@ public final class KeyUtil {
* contains the lower of that suggested by the client in the client
* hello and the highest supported by the server.
* @param encoded the encoded key in its "RAW" encoding format
* @param isFailOver whether or not the previous decryption of the
* @param isFailOver whether the previous decryption of the
* encrypted PreMasterSecret message run into problem
* @return the polished PreMasterSecret key in its "RAW" encoding format
*/
@ -356,7 +339,7 @@ public final class KeyUtil {
* 1. Verify that y lies within the interval [2,p-1]. If it does not,
* the key is invalid.
* 2. Compute y^q mod p. If the result == 1, the key is valid.
* Otherwise the key is invalid.
* Otherwise, the key is invalid.
*/
private static void validateDHPublicKey(DHPublicKey publicKey)
throws InvalidKeyException {

13
src/java.base/share/classes/sun/security/util/KnownOIDs.java
View file

@ -25,7 +25,6 @@
package sun.security.util;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
@ -431,9 +430,9 @@ public enum KnownOIDs {
Blowfish("1.3.6.1.4.1.3029.1.1.2");
private String stdName;
private String oid;
private String[] aliases;
private final String stdName;
private final String oid;
private final String[] aliases;
// find the matching enum using either name or oid string
// return null if no match found
@ -457,7 +456,7 @@ public enum KnownOIDs {
}
for (KnownOIDs o : KnownOIDs.values()) {
register(o);
};
}
}
private static void register(KnownOIDs o) {
@ -493,13 +492,13 @@ public enum KnownOIDs {
}
}
private KnownOIDs(String oid) {
KnownOIDs(String oid) {
this.oid = oid;
this.stdName = name(); // defaults to enum name
this.aliases = new String[0];
}
private KnownOIDs(String oid, String stdName, String ... aliases) {
KnownOIDs(String oid, String stdName, String... aliases) {
this.oid = oid;
this.stdName = stdName;
this.aliases = aliases;

3
src/java.base/share/classes/sun/security/util/LegacyAlgorithmConstraints.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,6 @@ package sun.security.util;
import java.security.AlgorithmParameters;
import java.security.CryptoPrimitive;
import java.security.Key;
import java.util.List;
import java.util.Set;
/**

4
src/java.base/share/classes/sun/security/util/Length.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -39,5 +39,5 @@ public interface Length {
* @return the length of this object
* @throws UnsupportedOperationException if the operation is not supported
*/
public int length();
int length();
}

5
src/java.base/share/classes/sun/security/util/ManifestDigester.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -89,7 +89,6 @@ public class ManifestDigester {
{
int i = offset, len = rawBytes.length;
int last = offset - 1;
int next;
boolean allBlank = true;
/* denotes that a position is not yet assigned.
@ -216,7 +215,7 @@ public class ManifestDigester {
// According to the JAR File Specification: "If there are multiple
// individual sections for the same file entry, the attributes in
// these sections are merged."
private List<Section> sections = new ArrayList<>();
private final List<Section> sections = new ArrayList<>();
boolean oldStyle;
private Entry addSection(Section sec)

4
src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java
View file

@ -25,14 +25,12 @@
package sun.security.util;
import java.io.IOException;
import java.security.*;
import java.io.*;
import java.util.*;
import java.util.jar.*;
import sun.security.jca.Providers;
import sun.security.util.DisabledAlgorithmConstraints;
import sun.security.util.JarConstraintsParameters;
/**
* This class is used to verify each entry in a jar file with its

8
src/java.base/share/classes/sun/security/util/NamedCurve.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,9 +27,9 @@ package sun.security.util;
import java.io.IOException;
import java.math.BigInteger;
import java.security.spec.*;
import java.util.Arrays;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.EllipticCurve;
/**
* Contains Elliptic Curve parameters.

25
src/java.base/share/classes/sun/security/util/ObjectIdentifier.java
View file

@ -75,7 +75,7 @@ public final class ObjectIdentifier implements Serializable {
* We use the DER value (no tag, no length) as the internal format
* @serial
*/
private byte[] encoding = null;
private byte[] encoding;
private transient volatile String stringForm;
@ -124,7 +124,7 @@ public final class ObjectIdentifier implements Serializable {
*/
private int componentLen = -1; // how much is used.
// Is the components field calculated?
// Is the component's field calculated?
private transient boolean componentsCalculated = false;
@java.io.Serial
@ -178,17 +178,17 @@ public final class ObjectIdentifier implements Serializable {
private ObjectIdentifier(String oid) throws IOException {
int ch = '.';
int start = 0;
int end = 0;
int end;
int pos = 0;
byte[] tmp = new byte[oid.length()];
int first = 0, second;
int first = 0;
int count = 0;
try {
String comp = null;
String comp;
do {
int length = 0; // length of one section
int length; // length of one section
end = oid.indexOf(ch,start);
if (end == -1) {
comp = oid.substring(start);
@ -206,7 +206,7 @@ public final class ObjectIdentifier implements Serializable {
} else {
if (count == 1) {
checkSecondComponent(first, bignum);
bignum = bignum.add(BigInteger.valueOf(40*first));
bignum = bignum.add(BigInteger.valueOf(40L *first));
} else {
checkOtherComponent(count, bignum);
}
@ -269,7 +269,7 @@ public final class ObjectIdentifier implements Serializable {
pos += pack7Oid(components[0] * 40 + components[1], tmp, pos);
} else {
BigInteger big = BigInteger.valueOf(components[1]);
big = big.add(BigInteger.valueOf(components[0] * 40));
big = big.add(BigInteger.valueOf(components[0] * 40L));
pos += pack7Oid(big, tmp, pos);
}
@ -283,8 +283,8 @@ public final class ObjectIdentifier implements Serializable {
System.arraycopy(tmp, 0, encoding, 0, pos);
}
// oid cache index'ed by the oid string
private static ConcurrentHashMap<String,ObjectIdentifier> oidTable =
// oid cache indexed by the oid string
private static final ConcurrentHashMap<String,ObjectIdentifier> oidTable =
new ConcurrentHashMap<>();
/**
@ -338,10 +338,9 @@ public final class ObjectIdentifier implements Serializable {
if (this == obj) {
return true;
}
if (obj instanceof ObjectIdentifier == false) {
if (!(obj instanceof ObjectIdentifier other)) {
return false;
}
ObjectIdentifier other = (ObjectIdentifier)obj;
return Arrays.equals(encoding, other.encoding);
}
@ -599,7 +598,7 @@ public final class ObjectIdentifier implements Serializable {
return pack7Oid(b, 0, b.length, out, ooffset);
}
/**
/*
* Private methods to check validity of OID. They must be --
* 1. at least 2 components
* 2. all components must be non-negative

5
src/java.base/share/classes/sun/security/util/Password.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -52,7 +52,7 @@ public class Password {
try {
// Use the new java.io.Console class
Console con = null;
Console con;
if (!isEchoOn && in == System.in && ((con = System.console()) != null)) {
consoleEntered = con.readPassword();
// readPassword returns "" if you just print ENTER,
@ -69,7 +69,6 @@ public class Password {
char[] lineBuffer;
char[] buf;
int i;
buf = lineBuffer = new char[128];

9
src/java.base/share/classes/sun/security/util/PolicyUtil.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2004, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -74,7 +74,7 @@ public class PolicyUtil {
String keyStoreProvider, // input: keyStore provider
String storePassURL, // input: keyStore password
Debug debug)
throws KeyStoreException, MalformedURLException, IOException,
throws KeyStoreException, IOException,
NoSuchProviderException, NoSuchAlgorithmException,
java.security.cert.CertificateException {
@ -131,13 +131,12 @@ public class PolicyUtil {
if (NONE.equals(keyStoreName)) {
ks.load(null, keyStorePassword);
return ks;
} else {
/*
* location of keystore is specified as absolute URL in policy
* file, or is relative to URL of policy file
*/
URL keyStoreUrl = null;
URL keyStoreUrl;
try {
keyStoreUrl = new URL(keyStoreName);
// absolute URL
@ -157,8 +156,8 @@ public class PolicyUtil {
new BufferedInputStream(getInputStream(keyStoreUrl))) {
ks.load(inStream, keyStorePassword);
}
return ks;
}
return ks;
} finally {
if (keyStorePassword != null) {
Arrays.fill(keyStorePassword, ' ');

1
src/java.base/share/classes/sun/security/util/PropertyExpander.java
View file

@ -77,7 +77,6 @@ public class PropertyExpander {
if (p > i) {
// copy in anything before the special stuff
sb.append(value.substring(i, p));
i = p;
}
int pe = p+2;

6
src/java.base/share/classes/sun/security/util/RegisteredDomain.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2017, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -38,7 +38,7 @@ import java.util.Optional;
*/
public interface RegisteredDomain {
public enum Type {
enum Type {
/**
* An ICANN registered domain.
*/
@ -79,7 +79,7 @@ public interface RegisteredDomain {
* empty if the domain is unknown or not registerable
* @throws NullPointerException if domain is null
*/
public static Optional<RegisteredDomain> from(String domain) {
static Optional<RegisteredDomain> from(String domain) {
return Optional.ofNullable(DomainName.registeredDomain(domain));
}
}

4
src/java.base/share/classes/sun/security/util/ResourcesMgr.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -48,7 +48,7 @@ public class ResourcesMgr {
if (!VM.isBooted()) {
// don't expect this be called before the system is fully initialized.
// This triggers loading of any resource bundle that should be
// be done during initialization of system class loader.
// done during initialization of system class loader.
throw new InternalError("Expected to use ResourceBundle only after booted");
}
return bundles.computeIfAbsent(bundleName, ResourceBundle::getBundle);

7
src/java.base/share/classes/sun/security/util/SecurityConstants.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,11 +26,10 @@
package sun.security.util;
import java.lang.reflect.ReflectPermission;
import java.net.SocketPermission;
import java.net.NetPermission;
import java.security.Permission;
import java.security.SecurityPermission;
import java.net.SocketPermission;
import java.security.AllPermission;
import java.security.SecurityPermission;
import sun.security.action.GetPropertyAction;
/**

18
src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java
View file

@ -65,20 +65,16 @@ public final class SecurityProviderConstants {
value.add(oid.value());
String[] knownAliases = oid.aliases();
if (knownAliases != null) {
for (String ka : knownAliases) {
value.add(ka);
}
value.addAll(Arrays.asList(knownAliases));
}
}
for (String ea : extraAliases) {
value.add(ea);
}
value.addAll(Arrays.asList(extraAliases));
}
aliasesMap.put(stdName, value);
return value;
}
// Return an aliases List for the specified algorithm name o
// Return an aliases List for the specified algorithm name o.
// NOTE: exception is thrown if no aliases nor oid found, so
// only call this method if aliases are expected
public static List<String> getAliases(String o) {
@ -88,9 +84,7 @@ public final class SecurityProviderConstants {
if (e != null) {
return store(o, e);
}
ProviderException pe =
new ProviderException("Cannot find aliases for " + o);
throw pe;
throw new ProviderException("Cannot find aliases for " + o);
}
return res;
}
@ -170,7 +164,7 @@ public final class SecurityProviderConstants {
}
String algoName =
algoAndValue[0].trim().toUpperCase(Locale.ENGLISH);
int value = -1;
int value;
try {
value = Integer.parseInt(algoAndValue[1].trim());
} catch (NumberFormatException nfe) {
@ -255,7 +249,7 @@ public final class SecurityProviderConstants {
store("NONEwithDSA", null, "RawDSA");
store("DESede", null, "TripleDES");
store("ARCFOUR", KnownOIDs.ARCFOUR);
// For backward compatility, refer to PKCS1 mapping for RSA
// For backward compatibility, refer to PKCS1 mapping for RSA
// KeyPairGenerator and KeyFactory
store("PKCS1", KnownOIDs.PKCS1, KnownOIDs.RSA.value());

58
src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,29 +27,13 @@ package sun.security.util;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.CodeSigner;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.*;
import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.HexFormat;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.security.cert.X509Certificate;
import java.util.*;
import java.util.jar.Attributes;
import java.util.jar.JarException;
import java.util.jar.JarFile;
import java.util.jar.Manifest;
import sun.security.jca.Providers;
@ -61,24 +45,24 @@ public class SignatureFileVerifier {
/* Are we debugging ? */
private static final Debug debug = Debug.getInstance("jar");
private ArrayList<CodeSigner[]> signerCache;
private final ArrayList<CodeSigner[]> signerCache;
private static final String ATTR_DIGEST =
"-DIGEST-" + ManifestDigester.MF_MAIN_ATTRS.toUpperCase(Locale.ENGLISH);
/** the PKCS7 block for this .DSA/.RSA/.EC file */
private PKCS7 block;
private final PKCS7 block;
/** the raw bytes of the .SF file */
private byte[] sfBytes;
/** the name of the signature block file, uppercased and without
/** the name of the signature block file, uppercase and without
* the extension (.DSA/.RSA/.EC)
*/
private String name;
private final String name;
/** the ManifestDigester */
private ManifestDigester md;
private final ManifestDigester md;
/** cache of created MessageDigest objects */
private HashMap<String, MessageDigest> createdDigests;
@ -87,12 +71,12 @@ public class SignatureFileVerifier {
private boolean workaround = false;
/* for generating certpath objects */
private CertificateFactory certificateFactory = null;
private final CertificateFactory certificateFactory;
/** Algorithms that have been previously checked against disabled
* constraints.
*/
private Map<String, Boolean> permittedAlgs = new HashMap<>();
private final Map<String, Boolean> permittedAlgs = new HashMap<>();
/** ConstraintsParameters for checking disabled algorithms */
private JarConstraintsParameters params;
@ -244,8 +228,7 @@ public class SignatureFileVerifier {
/** get digest from cache */
private MessageDigest getDigest(String algorithm)
throws SignatureException {
private MessageDigest getDigest(String algorithm) {
if (createdDigests == null)
createdDigests = new HashMap<>();
@ -272,7 +255,7 @@ public class SignatureFileVerifier {
public void process(Hashtable<String, CodeSigner[]> signers,
List<Object> manifestDigests, String manifestName)
throws IOException, SignatureException, NoSuchAlgorithmException,
JarException, CertificateException
CertificateException
{
// calls Signature.getInstance() and MessageDigest.getInstance()
// need to use local providers here, see Providers class
@ -289,7 +272,7 @@ public class SignatureFileVerifier {
private void processImpl(Hashtable<String, CodeSigner[]> signers,
List<Object> manifestDigests, String manifestName)
throws IOException, SignatureException, NoSuchAlgorithmException,
JarException, CertificateException
CertificateException
{
Manifest sf = new Manifest();
sf.read(new ByteArrayInputStream(sfBytes));
@ -299,7 +282,7 @@ public class SignatureFileVerifier {
if ((version == null) || !(version.equalsIgnoreCase("1.0"))) {
// XXX: should this be an exception?
// for now we just ignore this signature file
// for now, we just ignore this signature file
return;
}
@ -442,7 +425,7 @@ public class SignatureFileVerifier {
private boolean verifyManifestHash(Manifest sf,
ManifestDigester md,
List<Object> manifestDigests)
throws IOException, SignatureException
throws SignatureException
{
Attributes mattr = sf.getMainAttributes();
boolean manifestSigned = false;
@ -513,7 +496,7 @@ public class SignatureFileVerifier {
}
private boolean verifyManifestMainAttrs(Manifest sf, ManifestDigester md)
throws IOException, SignatureException
throws SignatureException
{
Attributes mattr = sf.getMainAttributes();
boolean attrsVerified = true;
@ -611,7 +594,7 @@ public class SignatureFileVerifier {
private boolean verifySection(Attributes sfAttr,
String name,
ManifestDigester md)
throws IOException, SignatureException
throws SignatureException
{
boolean oneDigestVerified = false;
ManifestDigester.Entry mde = md.get(name,block.isOldStyle());
@ -745,7 +728,7 @@ public class SignatureFileVerifier {
}
if (signers != null) {
return signers.toArray(new CodeSigner[signers.size()]);
return signers.toArray(new CodeSigner[0]);
} else {
return null;
}
@ -768,7 +751,6 @@ public class SignatureFileVerifier {
if (set == subset)
return true;
boolean match;
for (int i = 0; i < subset.length; i++) {
if (!contains(set, subset[i]))
return false;
@ -788,8 +770,6 @@ public class SignatureFileVerifier {
if ((oldSigners == null) && (signers == newSigners))
return true;
boolean match;
// make sure all oldSigners are in signers
if ((oldSigners != null) && !isSubSet(oldSigners, signers))
return false;

2
src/java.base/share/classes/sun/security/util/SignatureUtil.java
View file

@ -102,7 +102,7 @@ public class SignatureUtil {
AlgorithmParameterSpec paramSpec = null;
if (params != null) {
sigName = checkName(sigName);
// AlgorithmParameters.getAlgorithm() may returns oid if it's
// AlgorithmParameters.getAlgorithm() may return oid if it's
// created during DER decoding. Convert to use the standard name
// before passing it to RSAUtil
if (params.getAlgorithm().contains(".")) {

3
src/java.base/share/classes/sun/security/util/TlsChannelBinding.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2020, Azul Systems, Inc. All rights reserved.
* Copyright (c) 2022, Azul Systems, Inc. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,7 +30,6 @@ import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.Locale;
/**

2
src/java.base/share/classes/sun/security/util/math/IntegerModuloP.java
View file

@ -158,7 +158,7 @@ public interface IntegerModuloP {
default ImmutableIntegerModuloP multiplicativeInverse() {
// This method is used in 2 cases:
// 1. To calculate the inverse of a number in ECDSAOperations,
// this number must be non zero (modulo p).
// this number must be non-zero (modulo p).
// 2. To flatten a 3D point to a 2D AffinePoint. This number
// might be zero (infinity). However, since the infinity
// is represented as (0, 0) in 2D, it's OK returning 0 as

9
src/java.base/share/classes/sun/security/util/math/intpoly/IntegerPolynomial.java
View file

@ -451,7 +451,7 @@ public abstract sealed class IntegerPolynomial implements IntegerFieldModuloP
* The behavior is undefined if swap has any value other than 0 or 1.
*/
protected static void conditionalAssign(int set, long[] a, long[] b) {
int maskValue = 0 - set;
int maskValue = -set;
for (int i = 0; i < a.length; i++) {
long dummyLimbs = maskValue & (a[i] ^ b[i]);
a[i] = dummyLimbs ^ a[i];
@ -466,7 +466,7 @@ public abstract sealed class IntegerPolynomial implements IntegerFieldModuloP
* 0 or 1.
*/
protected static void conditionalSwap(int swap, long[] a, long[] b) {
int maskValue = 0 - swap;
int maskValue = -swap;
for (int i = 0; i < a.length; i++) {
long dummyLimbs = maskValue & (a[i] ^ b[i]);
a[i] = dummyLimbs ^ a[i];
@ -523,7 +523,7 @@ public abstract sealed class IntegerPolynomial implements IntegerFieldModuloP
public Element(boolean v) {
this.limbs = new long[numLimbs];
this.limbs[0] = v ? 1l : 0l;
this.limbs[0] = v ? 1L : 0L;
this.numAdds = 0;
}
@ -581,8 +581,7 @@ public abstract sealed class IntegerPolynomial implements IntegerFieldModuloP
newLimbs[i] = -limbs[i];
}
ImmutableElement result = new ImmutableElement(newLimbs, numAdds);
return result;
return new ImmutableElement(newLimbs, numAdds);
}
protected long[] cloneLow(long[] limbs) {

1
src/java.base/share/classes/sun/security/util/math/intpoly/IntegerPolynomialModBinP.java
View file

@ -26,7 +26,6 @@
package sun.security.util.math.intpoly;
import java.math.BigInteger;
import java.nio.ByteBuffer;
/**
* The field of integers modulo a binomial prime. This is a general-purpose