RFR: 8280363: Minor correction of ALPN specification in SSLParameters
In the getApplicationProtocols() method in javax.net.ssl.SSLParameters, the return statement says that "The array is ordered based on protocol preference, with protocols[0] being the most preferred.". However, there is no "protocols" variable in this method. The update is a minor correction so that the specification is not rely on the "protocols" variable. - Commit messages: - 8280363: Minor correction of ALPN specification in SSLParameters Changes: https://git.openjdk.java.net/jdk/pull/7152/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk=7152=00 Issue: https://bugs.openjdk.java.net/browse/JDK-8280363 Stats: 2 lines in 1 file changed: 0 ins; 0 del; 2 mod Patch: https://git.openjdk.java.net/jdk/pull/7152.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/7152/head:pull/7152 PR: https://git.openjdk.java.net/jdk/pull/7152
Integrated: Merge jdk18
On Thu, 20 Jan 2022 00:28:55 GMT, Jesper Wilhelmsson wrote: > Forwardport JDK 18 -> JDK 19 This pull request has now been integrated. Changeset: 4616c13c Author:Jesper Wilhelmsson URL: https://git.openjdk.java.net/jdk/commit/4616c13c2f1ced8a8bdeed81f0469523932e91b5 Stats: 1732 lines in 67 files changed: 933 ins; 606 del; 193 mod Merge - PR: https://git.openjdk.java.net/jdk/pull/7151
RFR: Merge jdk18
Forwardport JDK 18 -> JDK 19 - Commit messages: - Merge - 8280233: Temporarily disable Unix domain sockets in Windows PipeImpl - 8278834: Error "Cannot read field "sym" because "this.lvar[od]" is null" when compiling - 8272058: 25 Null pointer dereference defect groups in 4 files - 8280234: AArch64 "core" variant does not build after JDK-8270947 - 8280155: [PPC64, s390] frame size checks are not yet correct - 8273383: vmTestbase/vm/gc/containers/Combination05/TestDescription.java crashes verifying length of DCQS - 8279654: jdk/incubator/vector/Vector256ConversionTests.java crashes randomly with SVE - 8278417: Closed test fails after JDK-8276108 on aarch64 - 8274096: Improve decoding of image files - ... and 30 more: https://git.openjdk.java.net/jdk/compare/98d96a77...e0d83a07 The webrevs contain the adjustments done while merging with regards to each parent branch: - master: https://webrevs.openjdk.java.net/?repo=jdk=7151=00.0 - jdk18: https://webrevs.openjdk.java.net/?repo=jdk=7151=00.1 Changes: https://git.openjdk.java.net/jdk/pull/7151/files Stats: 1732 lines in 67 files changed: 933 ins; 606 del; 193 mod Patch: https://git.openjdk.java.net/jdk/pull/7151.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/7151/head:pull/7151 PR: https://git.openjdk.java.net/jdk/pull/7151
Integrated: 8279796: Fix typo: Constucts -> Constructs
On Wed, 19 Jan 2022 22:18:32 GMT, Weijun Wang wrote: > Two edits. This pull request has now been integrated. Changeset: 98d96a77 Author:Weijun Wang URL: https://git.openjdk.java.net/jdk/commit/98d96a770756ffe3e7f5e4b82120e9fb484cad9a Stats: 2 lines in 1 file changed: 0 ins; 0 del; 2 mod 8279796: Fix typo: Constucts -> Constructs Reviewed-by: iris - PR: https://git.openjdk.java.net/jdk/pull/7147
Re: RFR: 8279796: Fix typo: Constucts -> Constructs [v2]
> Two edits. Weijun Wang has refreshed the contents of this pull request, and previous commits have been removed. The incremental views will show differences compared to the previous content of the PR. The pull request contains two new commits since the last revision: - year - Update DigestMD5Base.java - Changes: - all: https://git.openjdk.java.net/jdk/pull/7147/files - new: https://git.openjdk.java.net/jdk/pull/7147/files/faec0c1d..6df9ccf8 Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk=7147=01 - incr: https://webrevs.openjdk.java.net/?repo=jdk=7147=00-01 Stats: 2 lines in 1 file changed: 0 ins; 0 del; 2 mod Patch: https://git.openjdk.java.net/jdk/pull/7147.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/7147/head:pull/7147 PR: https://git.openjdk.java.net/jdk/pull/7147
Re: RFR: 8279796: Fix typo: Constucts -> Constructs
On Wed, 19 Jan 2022 22:57:06 GMT, Sergey Bylokhov wrote:
>> Two edits.
>
> src/java.desktop/share/classes/javax/swing/plaf/basic/BasicFileChooserUI.java
> line 727:
>
>> 725: Handler handler;
>> 726: /**
>> 727: * Constructs a {@code DoubleClickListener}.
>
> This change is under review here:
> https://github.com/openjdk/jdk/pull/7030
Oops, I'll remove mine. Thanks.
-
PR: https://git.openjdk.java.net/jdk/pull/7147
Re: RFR: 8279796: Fix typo: Constucts -> Constructs
On Wed, 19 Jan 2022 22:18:32 GMT, Weijun Wang wrote:
> Two edits.
src/java.desktop/share/classes/javax/swing/plaf/basic/BasicFileChooserUI.java
line 727:
> 725: Handler handler;
> 726: /**
> 727: * Constructs a {@code DoubleClickListener}.
This change is under review here:
https://github.com/openjdk/jdk/pull/7030
-
PR: https://git.openjdk.java.net/jdk/pull/7147
Re: RFR: 8279796: Fix typo: Constucts -> Constructs
On Wed, 19 Jan 2022 22:18:32 GMT, Weijun Wang wrote: > Two edits. Marked as reviewed by iris (Reviewer). - PR: https://git.openjdk.java.net/jdk/pull/7147
Re: RFR: 8279842: HTTPS Channel Binding support for Java GSS/Kerberos [v2]
On Wed, 19 Jan 2022 22:20:47 GMT, Michael McMahon wrote:
>> Hi,
>>
>> This change adds Channel Binding Token (CBT) support to HTTPS
>> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO,
>> Kerberos) authentication scheme. When enabled, the implementation
>> preemptively includes a CBT with authentication requests over Kerberos. The
>> feature is enabled as follows:
>>
>> A system property "jdk.spnego.cbt" is defined which can have the values
>> "never" (default), which means the feature is disabled, "always", which
>> means the CBT is included for all https Negotiate authentications, or it can
>> take the form "domain:a,b.c,*.d.com" which is a comma separated list of
>> domains/hosts where the feature is enabled, and disabled everywhere else. In
>> the given example, the CBT would be included in authentication requests for
>> hosts "a", "b.c" and all hosts under the domain "d.com" and all of its
>> sub-domains.
>>
>> A test will be added separately to the implementation.
>>
>> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>>
>> Thanks,
>> Michael
>
> Michael McMahon has updated the pull request incrementally with one
> additional commit since the last revision:
>
> changes after first review round
src/java.naming/share/classes/com/sun/jndi/ldap/sasl/LdapSasl.java line 133:
> 131:
> (String)env.get(TlsChannelBinding.CHANNEL_BINDING_TYPE));
> 132: } catch (ChannelBindingException e) {
> 133: throw new SaslException(e.getMessage());
How about setting `e` as cause of new exception? In `TlsChannelBinding.java`
the when the original exception was thrown (the 2nd throws) there was a cause.
src/java.security.jgss/share/classes/module-info.java line 36:
> 34: module java.security.jgss {
> 35: requires java.naming;
> 36: requires java.security.sasl;
Can this be removed now?
-
PR: https://git.openjdk.java.net/jdk/pull/7065
RFR: 8279796: Fix typo: Constucts -> Constructs
Two edits. - Commit messages: - Another year - year - Update DigestMD5Base.java - 8279796: Fix typo: Constucts -> Constructs Changes: https://git.openjdk.java.net/jdk/pull/7147/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk=7147=00 Issue: https://bugs.openjdk.java.net/browse/JDK-8279796 Stats: 4 lines in 2 files changed: 0 ins; 0 del; 4 mod Patch: https://git.openjdk.java.net/jdk/pull/7147.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/7147/head:pull/7147 PR: https://git.openjdk.java.net/jdk/pull/7147
Re: RFR: 8279842: HTTPS Channel Binding support for Java GSS/Kerberos [v2]
> Hi, > > This change adds Channel Binding Token (CBT) support to HTTPS > (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO, Kerberos) > authentication scheme. When enabled, the implementation preemptively includes > a CBT with authentication requests over Kerberos. The feature is enabled as > follows: > > A system property "jdk.spnego.cbt" is defined which can have the values > "never" (default), which means the feature is disabled, "always", which means > the CBT is included for all https Negotiate authentications, or it can take > the form "domain:a,b.c,*.d.com" which is a comma separated list of > domains/hosts where the feature is enabled, and disabled everywhere else. In > the given example, the CBT would be included in authentication requests for > hosts "a", "b.c" and all hosts under the domain "d.com" and all of its > sub-domains. > > A test will be added separately to the implementation. > > Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842 > > Thanks, > Michael Michael McMahon has updated the pull request incrementally with one additional commit since the last revision: changes after first review round - Changes: - all: https://git.openjdk.java.net/jdk/pull/7065/files - new: https://git.openjdk.java.net/jdk/pull/7065/files/853ed4db..f2ee58ec Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk=7065=01 - incr: https://webrevs.openjdk.java.net/?repo=jdk=7065=00-01 Stats: 111 lines in 7 files changed: 88 ins; 5 del; 18 mod Patch: https://git.openjdk.java.net/jdk/pull/7065.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/7065/head:pull/7065 PR: https://git.openjdk.java.net/jdk/pull/7065
Re: RFR: 8272317: jstatd has dependency on Security Manager which needs to be removed [v2]
On Mon, 10 Jan 2022 11:17:12 GMT, Kevin Walls wrote: >> Remove the use of Security Manager from jstatd. >> Add use of an ObjectInputFilter to restrict RMI. >> >> Also we can undo the property-setting Launcher.gmk change from: 8279007: >> jstatd fails to start because SecurityManager is disabled >> ..as that is no longer needed. >> >> Docs/man page update to follow (JDK-8278619). > > Kevin Walls has updated the pull request incrementally with one additional > commit since the last revision: > > Wildcard in object filter to permit proxies, in case other activity in this > JVM changes the nameing/numbering of proxy classes. Are all the proxy interfaces public?The package in which a proxy class is created may be different depending if whether any proxy interface is in a non-exported and non-open package. `com.sun.proxy.jdk.proxy*` is the package for non-exported proxy classes. The proxy classes may be public in an unconditionally exported package [1] and its package name is `jdk.proxy*`. [1] https://download.java.net/java/early_access/jdk18/docs/api/java.base/java/lang/reflect/Proxy.html#membership - PR: https://git.openjdk.java.net/jdk/pull/6919
Re: RFR: 8279842: HTTPS Channel Binding support for Java GSS/Kerberos
On Fri, 14 Jan 2022 15:06:12 GMT, Daniel Fuchs wrote: > Have you been able to test this on a specific setup? Would be good to hear > from @msheppar too. I have tested it with the server setup by Prajwal. Security SQE are looking into configuring a server with a similar setup which can be tested with an infra test. - PR: https://git.openjdk.java.net/jdk/pull/7065
Re: RFR: 8279842: HTTPS Channel Binding support for Java GSS/Kerberos
On Wed, 19 Jan 2022 15:36:16 GMT, Michael McMahon wrote: >>> It's actually a purely system property rather than a Net property at the >>> moment (same as the other spnego ones). Maybe, I should convert them all to >>> net properties, so they can be documented/set in that file? >> >> AFAICS this file documents properties used by the networking stack - not >> necessarily net properties (e.g. java.net.preferIPv6Addresses is documented >> there but AFAICT it is a plain system property) > > Okay, good idea to document it in the properties file. Also, I think > "jdk.https.tls.cbt" is a reasonable name for the property. Sorry, on reflection, something like "jdk.https.negotiate.cbt" might be better. There's no need for tls and https in the name and "negotiate" or "spnego" should be in it, but "negotiate" is probably better - PR: https://git.openjdk.java.net/jdk/pull/7065
Re: RFR: 8279842: HTTPS Channel Binding support for Java GSS/Kerberos
On Sat, 15 Jan 2022 14:02:15 GMT, Michael Osipov wrote: >> I suggest moving the `TlsChannelBinding` class into >> `java.base/sun.security.util` since it's not only used by LDAP anymore. It's >> even not restricted to GSS-API. According to >> https://www.rfc-editor.org/rfc/rfc5056, "Although inspired by and derived >> from the GSS-API, the notion of channel binding described herein is not at >> all limited to use by GSS-API applications". >> >> If so, you might need to modify the types of exceptions thrown in the class, >> and move the 2 final strings to some other class inside `java.security.sasl`. > > Seems like `com.sun.jndi.ldap.sasl.TlsChannelBinding` is not misplaced Okay, I'll look at doing this refactoring. - PR: https://git.openjdk.java.net/jdk/pull/7065
Re: RFR: 8279842: HTTPS Channel Binding support for Java GSS/Kerberos
On Mon, 17 Jan 2022 13:49:35 GMT, Daniel Fuchs wrote: >> I vote for "jdk.https.tls.cbt" > >> It's actually a purely system property rather than a Net property at the >> moment (same as the other spnego ones). Maybe, I should convert them all to >> net properties, so they can be documented/set in that file? > > AFAICS this file documents properties used by the networking task - not > necessarily net properties (e.g. java.net.preferIPv6Addresses is documented > there but AFAICT it is a plain system property) Okay, good idea to document it in the properties file. Also, I think "jdk.https.tls.cbt" is a reasonable name for the property. - PR: https://git.openjdk.java.net/jdk/pull/7065
Re: RFR: 8279842: HTTPS Channel Binding support for Java GSS/Kerberos
On Mon, 17 Jan 2022 13:44:06 GMT, Daniel Fuchs wrote: >> Shall we log a message if the value is not one of the 3 forms? > > Usually malformed values are just ignored - and the property takes its > default value. But yes - s.n.w.h.HttpClient has a logger so it wouldn't be > much effort to log it as a DEBUG trace for better diagnostic. Yes, I will log it using the same debug/logging mechanism already in the same source file.. - PR: https://git.openjdk.java.net/jdk/pull/7065
Re: RFR: 8272317: jstatd has dependency on Security Manager which needs to be removed [v2]
On Mon, 10 Jan 2022 11:17:12 GMT, Kevin Walls wrote: >> Remove the use of Security Manager from jstatd. >> Add use of an ObjectInputFilter to restrict RMI. >> >> Also we can undo the property-setting Launcher.gmk change from: 8279007: >> jstatd fails to start because SecurityManager is disabled >> ..as that is no longer needed. >> >> Docs/man page update to follow (JDK-8278619). > > Kevin Walls has updated the pull request incrementally with one additional > commit since the last revision: > > Wildcard in object filter to permit proxies, in case other activity in this > JVM changes the nameing/numbering of proxy classes. CSR has been approved (https://bugs.openjdk.java.net/browse/JDK-8279891) - PR: https://git.openjdk.java.net/jdk/pull/6919
Integrated: 8274811: Remove superfluous use of boxing in java.base
On Sat, 11 Sep 2021 12:11:50 GMT, Andrey Turbanov wrote: > Usages of primitive types should be preferred and makes code easier to read. > Similar cleanups: > 1. [JDK-8273168](https://bugs.openjdk.java.net/browse/JDK-8273168) > java.desktop > 2. [JDK-8274234](https://bugs.openjdk.java.net/browse/JDK-8274234) > java.sql.rowset This pull request has now been integrated. Changeset: 5af7f258 Author:Andrey Turbanov URL: https://git.openjdk.java.net/jdk/commit/5af7f258144d9f753ebe6ebfada42f33aaed108b Stats: 11 lines in 4 files changed: 0 ins; 0 del; 11 mod 8274811: Remove superfluous use of boxing in java.base Reviewed-by: lancea - PR: https://git.openjdk.java.net/jdk/pull/5481
