1 diff -urN openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp openjdk/hotspot/src/os/linux/vm/os_linux.cpp
2 --- openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp 2007-10-12 03:46:00.000000000 -0400
3 +++ openjdk/hotspot/src/os/linux/vm/os_linux.cpp 2007-10-12 18:24:12.000000000 -0400
8 + SystemProperty* sp = Arguments::system_properties();
9 + Arguments::PropertyList_add (&sp,
10 + "javax.net.ssl.trustStore",
11 + "/etc/pki/tls/certs/ca-bundle.crt");
12 + Arguments::PropertyList_add (&sp,
13 + "javax.net.ssl.trustStoreType",
15 + Arguments::PropertyList_add (&sp,
16 + "javax.net.ssl.trustStoreProvider",
18 + Arguments::PropertyList_add (&sp,
19 + "javax.net.ssl.trustStorePassword",
25 diff -urN openjdk.orig/jdk/src/share/classes/sun/security/provider/CertBundleKeyStoreImpl.java openjdk/jdk/src/share/classes/sun/security/provider/CertBundleKeyStoreImpl.java
26 --- openjdk.orig/jdk/src/share/classes/sun/security/provider/CertBundleKeyStoreImpl.java 1969-12-31 19:00:00.000000000 -0500
27 +++ openjdk/jdk/src/share/classes/sun/security/provider/CertBundleKeyStoreImpl.java 2007-10-12 18:24:05.000000000 -0400
29 +/* CertBundleKeyStoreImpl.java
30 + Copyright (C) 2007 Casey Marshall <csm@gnu.org>
32 +This file is part of IcedTea.
34 +IcedTea is free software; you can redistribute it and/or
35 +modify it under the terms of the GNU General Public License as
36 +published by the Free Software Foundation, version 2.
38 +IcedTea is distributed in the hope that it will be useful,
39 +but WITHOUT ANY WARRANTY; without even the implied warranty of
40 +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
41 +General Public License for more details.
43 +You should have received a copy of the GNU General Public License
44 +along with IcedTea; see the file COPYING. If not, write to
45 +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
46 +Boston, MA 02110-1301 USA.
48 +Linking this library statically or dynamically with other modules is
49 +making a combined work based on this library. Thus, the terms and
50 +conditions of the GNU General Public License cover the whole
53 +As a special exception, the copyright holders of this library give you
54 +permission to link this library with independent modules to produce an
55 +executable, regardless of the license terms of these independent
56 +modules, and to copy and distribute the resulting executable under
57 +terms of your choice, provided that you also meet, for each linked
58 +independent module, the terms and conditions of the license of that
59 +module. An independent module is a module which is not derived from
60 +or based on this library. If you modify this library, you may extend
61 +this exception to your version of the library, but you are not
62 +obligated to do so. If you do not wish to do so, delete this
63 +exception statement from your version. */
66 +package sun.security.provider;
68 +import java.io.BufferedReader;
69 +import java.io.ByteArrayInputStream;
70 +import java.io.ByteArrayOutputStream;
71 +import java.io.IOException;
72 +import java.io.InputStream;
73 +import java.io.InputStreamReader;
74 +import java.io.OutputStream;
75 +import java.io.OutputStreamWriter;
76 +import java.io.PrintWriter;
77 +import java.security.Key;
78 +import java.security.KeyStoreException;
79 +import java.security.KeyStoreSpi;
80 +import java.security.NoSuchAlgorithmException;
81 +import java.security.UnrecoverableKeyException;
82 +import java.security.cert.Certificate;
83 +import java.security.cert.CertificateException;
84 +import java.security.cert.CertificateFactory;
85 +import java.util.Date;
86 +import java.util.Enumeration;
87 +import java.util.HashMap;
88 +import java.util.Map;
89 +import java.util.Vector;
92 + * A key store implementation for "certificate bundle" files, commonly used
93 + * on many free operating systems. Certificate bundles are plain text files
94 + * containing one or more "PEM" encoded X.509 certificates, which comprise
95 + * a list of trusted root certificates.
97 + * This class implements a read-only key store that reads in one or more
98 + * certificate bundles, storing all certificates successfully read. Calling
99 + * load multiple times will add certificates to the store.
101 + * @author Casey Marshall (csm@gnu.org)
103 +public class CertBundleKeyStoreImpl extends KeyStoreSpi
106 + private Map<String, Certificate> certs = new HashMap<String, Certificate>();
108 + @Override public Enumeration<String> engineAliases()
110 + return new Vector<String>(certs.keySet()).elements();
113 + @Override public boolean engineContainsAlias(String alias)
115 + return certs.containsKey(alias);
118 + @Override public void engineDeleteEntry(String alias) throws KeyStoreException
120 + certs.remove(alias);
123 + @Override public Certificate engineGetCertificate(String alias)
125 + return certs.get(alias);
128 + @Override public String engineGetCertificateAlias(Certificate cert)
130 + for (Map.Entry<String, Certificate> e : certs.entrySet())
132 + if (e.getValue().equals(cert))
138 + @Override public Certificate[] engineGetCertificateChain(String arg0)
143 + @Override public Date engineGetCreationDate(String alias)
145 + return new Date(0);
148 + @Override public Key engineGetKey(String arg0, char[] arg1)
149 + throws NoSuchAlgorithmException, UnrecoverableKeyException
154 + @Override public boolean engineIsCertificateEntry(String alias)
156 + return certs.containsKey(alias);
159 + @Override public boolean engineIsKeyEntry(String arg0)
164 + @Override public void engineLoad(InputStream in, char[] arg1)
165 + throws IOException, NoSuchAlgorithmException, CertificateException
167 + CertificateFactory cf = CertificateFactory.getInstance("X.509");
168 + ByteArrayOutputStream bout = new ByteArrayOutputStream();
169 + PrintWriter out = new PrintWriter(new OutputStreamWriter(bout));
170 + BufferedReader rin = new BufferedReader(new InputStreamReader(in));
172 + boolean push = false;
173 + while ((line = rin.readLine()) != null)
175 + if (line.equals("-----BEGIN CERTIFICATE-----"))
183 + if (line.equals("-----END CERTIFICATE-----"))
187 + byte[] bytes = bout.toByteArray();
188 + Certificate cert = cf.generateCertificate(new ByteArrayInputStream(bytes));
190 + String alias = "cert-" + (x++);
191 + certs.put(alias, cert);
197 + @Override public void engineSetCertificateEntry(String alias, Certificate cert)
198 + throws KeyStoreException
200 + certs.put(alias, cert);
203 + @Override public void engineSetKeyEntry(String arg0, byte[] arg1,
204 + Certificate[] arg2)
205 + throws KeyStoreException
207 + throw new KeyStoreException("not supported");
210 + @Override public void engineSetKeyEntry(String arg0, Key arg1, char[] arg2,
211 + Certificate[] arg3)
212 + throws KeyStoreException
214 + throw new KeyStoreException("not supported");
217 + @Override public int engineSize()
219 + return certs.size();
222 + @Override public void engineStore(OutputStream arg0, char[] arg1)
223 + throws IOException, NoSuchAlgorithmException, CertificateException
225 + throw new UnsupportedOperationException("read-only key stores");
228 --- ../opeinjdkb23/openjdk/jdk/src/share/classes/sun/security/provider/SunEntries.java 2007-10-30 04:38:07.000000000 -0400
229 +++ openjdk/jdk/src/share/classes/sun/security/provider/SunEntries.java 2007-11-13 13:13:21.000000000 -0500
231 map.put("KeyStore.JKS", "sun.security.provider.JavaKeyStore$JKS");
232 map.put("KeyStore.CaseExactJKS",
233 "sun.security.provider.JavaKeyStore$CaseExactJKS");
234 + map.put("KeyStore.CertBundle", "sun.security.provider.CertBundleKeyStoreImpl");