Projects
home:dingli:branches:openEuler:24.09-openjdk
openjdk-1.8.0
_service:tar_scm:7092821-java.security.Provider...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:7092821-java.security.Provider.getService-is-synchro.patch of Package openjdk-1.8.0
From 834e8792532d89505e5cabfdbca0de3481b5c8ed Mon Sep 17 00:00:00 2001 From: z00558301 <zhoulei103@huawei.com> Date: Wed, 8 Jun 2022 09:38:47 +0800 Subject: [PATCH 06/10] 7092821: java.security.Provider.getService() is synchronized and became scalability bottleneck Bug url: https://bugs.openjdk.java.net/browse/JDK-7092821 --- .../com/sun/crypto/provider/SunJCE.java | 1300 ++++++++--------- .../security/AlgorithmParameterGenerator.java | 5 +- .../share/classes/java/security/Provider.java | 129 +- .../classes/java/security/SecureRandom.java | 70 +- .../share/classes/javax/crypto/Cipher.java | 8 +- .../classes/javax/crypto/JceSecurity.java | 2 - .../classes/javax/crypto/KeyAgreement.java | 4 +- .../classes/javax/crypto/KeyGenerator.java | 4 +- .../classes/sun/security/provider/Sun.java | 25 +- .../sun/security/provider/SunEntries.java | 333 ++--- .../provider/VerificationProvider.java | 28 +- .../classes/sun/security/rsa/SunRsaSign.java | 25 +- .../sun/security/rsa/SunRsaSignEntries.java | 171 +-- .../classes/sun/security/ssl/SunJSSE.java | 136 +- .../Provider/BaseProviderValidator.java | 76 + .../security/Provider/GetServiceRace.java | 98 ++ .../security/Provider/LegacyPutAlias.java | 86 ++ .../Provider/ProviderValidationUtil.java | 270 ++++ .../security/Provider/SunJCEValidator.java | 574 ++++++++ .../security/Provider/SunJSSEValidator.java | 137 ++ .../Provider/SunRsaSignValidator.java | 154 ++ .../java/security/Provider/SunValidator.java | 263 ++++ .../security/SecureRandom/DefaultAlgo.java | 117 ++ .../provider/GetServiceBenchmark.java | 83 ++ 24 files changed, 2965 insertions(+), 1133 deletions(-) create mode 100644 jdk/test/java/security/Provider/BaseProviderValidator.java create mode 100644 jdk/test/java/security/Provider/GetServiceRace.java create mode 100644 jdk/test/java/security/Provider/LegacyPutAlias.java create mode 100644 jdk/test/java/security/Provider/ProviderValidationUtil.java create mode 100644 jdk/test/java/security/Provider/SunJCEValidator.java create mode 100644 jdk/test/java/security/Provider/SunJSSEValidator.java create mode 100644 jdk/test/java/security/Provider/SunRsaSignValidator.java create mode 100644 jdk/test/java/security/Provider/SunValidator.java create mode 100644 jdk/test/java/security/SecureRandom/DefaultAlgo.java create mode 100644 jdk/test/micro/org/openeuler/bench/security/provider/GetServiceBenchmark.java diff --git a/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java b/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java index 1e5b5dd0..66a26db2 100644 --- a/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java +++ b/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java @@ -28,7 +28,10 @@ package com.sun.crypto.provider; import java.security.AccessController; import java.security.Provider; import java.security.SecureRandom; - +import java.security.PrivilegedAction; +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; /** * The "SunJCE" Cryptographic Service Provider. @@ -78,16 +81,6 @@ public final class SunJCE extends Provider { "(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, " + "Diffie-Hellman, HMAC)"; - private static final String OID_PKCS12_RC4_128 = "1.2.840.113549.1.12.1.1"; - private static final String OID_PKCS12_RC4_40 = "1.2.840.113549.1.12.1.2"; - private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3"; - private static final String OID_PKCS12_RC2_128 = "1.2.840.113549.1.12.1.5"; - private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6"; - private static final String OID_PKCS5_MD5_DES = "1.2.840.113549.1.5.3"; - private static final String OID_PKCS5_PBKDF2 = "1.2.840.113549.1.5.12"; - private static final String OID_PKCS5_PBES2 = "1.2.840.113549.1.5.13"; - private static final String OID_PKCS3 = "1.2.840.113549.1.3.1"; - /* Are we debugging? -- for developers */ static final boolean debug = false; @@ -102,10 +95,115 @@ public final class SunJCE extends Provider { } static SecureRandom getRandom() { return SecureRandomHolder.RANDOM; } + // create an aliases List from the specified aliases + public static List<String> createAliases(String ... aliases) { + return Arrays.asList(aliases); + } + + // create an aliases List from the specified oid followed by other aliases + public static List<String> createAliasesWithOid(String ... oids) { + String[] result = Arrays.copyOf(oids, oids.length + 1); + result[result.length - 1] = "OID." + oids[0]; + return Arrays.asList(result); + } + + private void ps(String type, String algo, String cn, + List<String> aliases, HashMap<String, String> attrs) { + putService(new Provider.Service(this, type, algo, cn, aliases, attrs)); + } + public SunJCE() { /* We are the "SunJCE" provider */ super("SunJCE", 1.8d, info); + // if there is no security manager installed, put directly into + // the provider + if (System.getSecurityManager() == null) { + putEntries(); + } else { + AccessController.doPrivileged(new PrivilegedAction<Void>() { + @Override + public Void run() { + putEntries(); + return null; + } + }); + } + if (instance == null) { + instance = this; + } + } + + void putEntries() { + // common aliases and oids + List<String> aesAliases = createAliases("Rijndael"); + List<String> desEdeAliases = createAliases("TripleDES"); + List<String> arcFourAliases = createAliases("RC4"); + List<String> sunTlsMSAliases = createAliases( + "SunTls12MasterSecret", "SunTlsExtendedMasterSecret" + ); + List<String> sunTlsKMAliases = createAliases("SunTls12KeyMaterial"); + List<String> sunTlsRsaPMSAliases = createAliases("SunTls12RsaPremasterSecret"); + + String aes128Oid = "2.16.840.1.101.3.4.1."; + String aes192Oid = "2.16.840.1.101.3.4.1.2"; + String aes256Oid = "2.16.840.1.101.3.4.1.4"; + + List<String> pkcs12RC4_128Aliases = + createAliasesWithOid("1.2.840.113549.1.12.1.1"); + + List<String> pkcs12RC4_40Aliases = + createAliasesWithOid("1.2.840.113549.1.12.1.2"); + + List<String> pkcs12DESedeAliases = + createAliasesWithOid("1.2.840.113549.1.12.1.3"); + + List<String> pkcs12RC2_128Aliases = + createAliasesWithOid("1.2.840.113549.1.12.1.5"); + + List<String> pkcs12RC2_40Aliases = + createAliasesWithOid("1.2.840.113549.1.12.1.6"); + + List<String> pkcs5MD5_DESAliases = + createAliasesWithOid("1.2.840.113549.1.5.3", "PBE"); + + List<String> pkcs5PBKDF2Aliases = + createAliasesWithOid("1.2.840.113549.1.5.12"); + + List<String> pkcs5PBES2Aliases = + createAliasesWithOid("1.2.840.113549.1.5.13"); + + List<String> diffieHellmanAliases = + createAliasesWithOid("1.2.840.113549.1.3.1", "DH"); + + String macOidBase = "1.2.840.113549.2."; + List<String> macSHA1Aliases = createAliasesWithOid(macOidBase + "7"); + List<String> macSHA224Aliases = createAliasesWithOid(macOidBase + "8"); + List<String> macSHA256Aliases = createAliasesWithOid(macOidBase + "9"); + List<String> macSHA384Aliases = createAliasesWithOid(macOidBase + "10"); + List<String> macSHA512Aliases = createAliasesWithOid(macOidBase + "11"); + + // reuse attribute map and reset before each reuse + HashMap<String, String> attrs = new HashMap<>(3); + attrs.put("SupportedModes", "ECB"); + attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING" + + "|OAEPWITHMD5ANDMGF1PADDING" + + "|OAEPWITHSHA1ANDMGF1PADDING" + + "|OAEPWITHSHA-1ANDMGF1PADDING" + + "|OAEPWITHSHA-224ANDMGF1PADDING" + + "|OAEPWITHSHA-256ANDMGF1PADDING" + + "|OAEPWITHSHA-384ANDMGF1PADDING" + + "|OAEPWITHSHA-512ANDMGF1PADDING" + + "|OAEPWITHSHA-512/224ANDMGF1PADDING" + + "|OAEPWITHSHA-512/256ANDMGF1PADDING"); + attrs.put("SupportedKeyClasses", + "java.security.interfaces.RSAPublicKey" + + "|java.security.interfaces.RSAPrivateKey"); + ps("Cipher", "RSA", + "com.sun.crypto.provider.RSACipher", null, attrs); + + // common block cipher modes, pads + final String BLOCK_MODES = "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" + "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" + "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64"; @@ -114,694 +212,529 @@ public final class SunJCE extends Provider { "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128"; final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING"; - AccessController.doPrivileged( - new java.security.PrivilegedAction<Object>() { - public Object run() { - - /* - * Cipher engines - */ - put("Cipher.RSA", "com.sun.crypto.provider.RSACipher"); - put("Cipher.RSA SupportedModes", "ECB"); - put("Cipher.RSA SupportedPaddings", - "NOPADDING|PKCS1PADDING|OAEPPADDING" - + "|OAEPWITHMD5ANDMGF1PADDING" - + "|OAEPWITHSHA1ANDMGF1PADDING" - + "|OAEPWITHSHA-1ANDMGF1PADDING" - + "|OAEPWITHSHA-224ANDMGF1PADDING" - + "|OAEPWITHSHA-256ANDMGF1PADDING" - + "|OAEPWITHSHA-384ANDMGF1PADDING" - + "|OAEPWITHSHA-512ANDMGF1PADDING" - + "|OAEPWITHSHA-512/224ANDMGF1PADDING" - + "|OAEPWITHSHA-512/256ANDMGF1PADDING"); - put("Cipher.RSA SupportedKeyClasses", - "java.security.interfaces.RSAPublicKey" + - "|java.security.interfaces.RSAPrivateKey"); - - put("Cipher.DES", "com.sun.crypto.provider.DESCipher"); - put("Cipher.DES SupportedModes", BLOCK_MODES); - put("Cipher.DES SupportedPaddings", BLOCK_PADS); - put("Cipher.DES SupportedKeyFormats", "RAW"); - - put("Cipher.DESede", "com.sun.crypto.provider.DESedeCipher"); - put("Alg.Alias.Cipher.TripleDES", "DESede"); - put("Cipher.DESede SupportedModes", BLOCK_MODES); - put("Cipher.DESede SupportedPaddings", BLOCK_PADS); - put("Cipher.DESede SupportedKeyFormats", "RAW"); - - put("Cipher.DESedeWrap", - "com.sun.crypto.provider.DESedeWrapCipher"); - put("Cipher.DESedeWrap SupportedModes", "CBC"); - put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING"); - put("Cipher.DESedeWrap SupportedKeyFormats", "RAW"); - - // PBES1 - - put("Cipher.PBEWithMD5AndDES", - "com.sun.crypto.provider.PBEWithMD5AndDESCipher"); - put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES, - "PBEWithMD5AndDES"); - put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES, - "PBEWithMD5AndDES"); - - put("Cipher.PBEWithMD5AndTripleDES", - "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher"); - - put("Cipher.PBEWithSHA1AndDESede", - "com.sun.crypto.provider.PKCS12PBECipherCore$" + - "PBEWithSHA1AndDESede"); - put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede, - "PBEWithSHA1AndDESede"); - put("Alg.Alias.Cipher." + OID_PKCS12_DESede, - "PBEWithSHA1AndDESede"); - - put("Cipher.PBEWithSHA1AndRC2_40", - "com.sun.crypto.provider.PKCS12PBECipherCore$" + - "PBEWithSHA1AndRC2_40"); - put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40, - "PBEWithSHA1AndRC2_40"); - put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40, - "PBEWithSHA1AndRC2_40"); - - put("Cipher.PBEWithSHA1AndRC2_128", - "com.sun.crypto.provider.PKCS12PBECipherCore$" + - "PBEWithSHA1AndRC2_128"); - put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_128, - "PBEWithSHA1AndRC2_128"); - put("Alg.Alias.Cipher." + OID_PKCS12_RC2_128, - "PBEWithSHA1AndRC2_128"); - - put("Cipher.PBEWithSHA1AndRC4_40", - "com.sun.crypto.provider.PKCS12PBECipherCore$" + - "PBEWithSHA1AndRC4_40"); - put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_40, - "PBEWithSHA1AndRC4_40"); - put("Alg.Alias.Cipher." + OID_PKCS12_RC4_40, - "PBEWithSHA1AndRC4_40"); - - put("Cipher.PBEWithSHA1AndRC4_128", - "com.sun.crypto.provider.PKCS12PBECipherCore$" + - "PBEWithSHA1AndRC4_128"); - put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_128, - "PBEWithSHA1AndRC4_128"); - put("Alg.Alias.Cipher." + OID_PKCS12_RC4_128, - "PBEWithSHA1AndRC4_128"); - - //PBES2 - - put("Cipher.PBEWithHmacSHA1AndAES_128", - "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128"); - - put("Cipher.PBEWithHmacSHA224AndAES_128", - "com.sun.crypto.provider.PBES2Core$" + - "HmacSHA224AndAES_128"); - - put("Cipher.PBEWithHmacSHA256AndAES_128", - "com.sun.crypto.provider.PBES2Core$" + - "HmacSHA256AndAES_128"); - - put("Cipher.PBEWithHmacSHA384AndAES_128", - "com.sun.crypto.provider.PBES2Core$" + - "HmacSHA384AndAES_128"); - - put("Cipher.PBEWithHmacSHA512AndAES_128", - "com.sun.crypto.provider.PBES2Core$" + - "HmacSHA512AndAES_128"); - - put("Cipher.PBEWithHmacSHA1AndAES_256", - "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256"); - - put("Cipher.PBEWithHmacSHA224AndAES_256", - "com.sun.crypto.provider.PBES2Core$" + - "HmacSHA224AndAES_256"); - - put("Cipher.PBEWithHmacSHA256AndAES_256", - "com.sun.crypto.provider.PBES2Core$" + - "HmacSHA256AndAES_256"); - - put("Cipher.PBEWithHmacSHA384AndAES_256", - "com.sun.crypto.provider.PBES2Core$" + - "HmacSHA384AndAES_256"); - - put("Cipher.PBEWithHmacSHA512AndAES_256", - "com.sun.crypto.provider.PBES2Core$" + - "HmacSHA512AndAES_256"); - - put("Cipher.Blowfish", - "com.sun.crypto.provider.BlowfishCipher"); - put("Cipher.Blowfish SupportedModes", BLOCK_MODES); - put("Cipher.Blowfish SupportedPaddings", BLOCK_PADS); - put("Cipher.Blowfish SupportedKeyFormats", "RAW"); - - put("Cipher.AES", "com.sun.crypto.provider.AESCipher$General"); - put("Alg.Alias.Cipher.Rijndael", "AES"); - put("Cipher.AES SupportedModes", BLOCK_MODES128); - put("Cipher.AES SupportedPaddings", BLOCK_PADS); - put("Cipher.AES SupportedKeyFormats", "RAW"); - - put("Cipher.AES_128/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding"); - put("Cipher.AES_128/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding"); - put("Cipher.AES_128/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding"); - put("Cipher.AES_128/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding"); - put("Cipher.AES_128/GCM/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_GCM_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding"); - - put("Cipher.AES_192/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding"); - put("Cipher.AES_192/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding"); - put("Cipher.AES_192/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding"); - put("Cipher.AES_192/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding"); - put("Cipher.AES_192/GCM/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_GCM_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding"); - - put("Cipher.AES_256/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding"); - put("Cipher.AES_256/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding"); - put("Cipher.AES_256/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding"); - put("Cipher.AES_256/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding"); - put("Cipher.AES_256/GCM/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_GCM_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding"); - - put("Cipher.AESWrap", "com.sun.crypto.provider.AESWrapCipher$General"); - put("Cipher.AESWrap SupportedModes", "ECB"); - put("Cipher.AESWrap SupportedPaddings", "NOPADDING"); - put("Cipher.AESWrap SupportedKeyFormats", "RAW"); - - put("Cipher.AESWrap_128", "com.sun.crypto.provider.AESWrapCipher$AES128"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.5", "AESWrap_128"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.5", "AESWrap_128"); - put("Cipher.AESWrap_192", "com.sun.crypto.provider.AESWrapCipher$AES192"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.25", "AESWrap_192"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.25", "AESWrap_192"); - put("Cipher.AESWrap_256", "com.sun.crypto.provider.AESWrapCipher$AES256"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.45", "AESWrap_256"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.45", "AESWrap_256"); - - put("Cipher.RC2", - "com.sun.crypto.provider.RC2Cipher"); - put("Cipher.RC2 SupportedModes", BLOCK_MODES); - put("Cipher.RC2 SupportedPaddings", BLOCK_PADS); - put("Cipher.RC2 SupportedKeyFormats", "RAW"); - - put("Cipher.ARCFOUR", - "com.sun.crypto.provider.ARCFOURCipher"); - put("Alg.Alias.Cipher.RC4", "ARCFOUR"); - put("Cipher.ARCFOUR SupportedModes", "ECB"); - put("Cipher.ARCFOUR SupportedPaddings", "NOPADDING"); - put("Cipher.ARCFOUR SupportedKeyFormats", "RAW"); - - /* - * Key(pair) Generator engines - */ - put("KeyGenerator.DES", - "com.sun.crypto.provider.DESKeyGenerator"); - - put("KeyGenerator.DESede", - "com.sun.crypto.provider.DESedeKeyGenerator"); - put("Alg.Alias.KeyGenerator.TripleDES", "DESede"); - - put("KeyGenerator.Blowfish", - "com.sun.crypto.provider.BlowfishKeyGenerator"); - - put("KeyGenerator.AES", - "com.sun.crypto.provider.AESKeyGenerator"); - put("Alg.Alias.KeyGenerator.Rijndael", "AES"); - - put("KeyGenerator.RC2", - "com.sun.crypto.provider.KeyGeneratorCore$" + - "RC2KeyGenerator"); - put("KeyGenerator.ARCFOUR", - "com.sun.crypto.provider.KeyGeneratorCore$" + - "ARCFOURKeyGenerator"); - put("Alg.Alias.KeyGenerator.RC4", "ARCFOUR"); - - put("KeyGenerator.HmacMD5", - "com.sun.crypto.provider.HmacMD5KeyGenerator"); - - put("KeyGenerator.HmacSHA1", - "com.sun.crypto.provider.HmacSHA1KeyGenerator"); - put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.7", "HmacSHA1"); - put("Alg.Alias.KeyGenerator.1.2.840.113549.2.7", "HmacSHA1"); - - put("KeyGenerator.HmacSHA224", - "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224"); - put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.8", "HmacSHA224"); - put("Alg.Alias.KeyGenerator.1.2.840.113549.2.8", "HmacSHA224"); - - put("KeyGenerator.HmacSHA256", - "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256"); - put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.9", "HmacSHA256"); - put("Alg.Alias.KeyGenerator.1.2.840.113549.2.9", "HmacSHA256"); - - put("KeyGenerator.HmacSHA384", - "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384"); - put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.10", "HmacSHA384"); - put("Alg.Alias.KeyGenerator.1.2.840.113549.2.10", "HmacSHA384"); - - put("KeyGenerator.HmacSHA512", - "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512"); - put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.11", "HmacSHA512"); - put("Alg.Alias.KeyGenerator.1.2.840.113549.2.11", "HmacSHA512"); - - put("KeyPairGenerator.DiffieHellman", - "com.sun.crypto.provider.DHKeyPairGenerator"); - put("Alg.Alias.KeyPairGenerator.DH", "DiffieHellman"); - put("Alg.Alias.KeyPairGenerator.OID."+OID_PKCS3, - "DiffieHellman"); - put("Alg.Alias.KeyPairGenerator."+OID_PKCS3, - "DiffieHellman"); - - /* - * Algorithm parameter generation engines - */ - put("AlgorithmParameterGenerator.DiffieHellman", - "com.sun.crypto.provider.DHParameterGenerator"); - put("Alg.Alias.AlgorithmParameterGenerator.DH", - "DiffieHellman"); - put("Alg.Alias.AlgorithmParameterGenerator.OID."+OID_PKCS3, - "DiffieHellman"); - put("Alg.Alias.AlgorithmParameterGenerator."+OID_PKCS3, - "DiffieHellman"); - - /* - * Key Agreement engines - */ - put("KeyAgreement.DiffieHellman", - "com.sun.crypto.provider.DHKeyAgreement"); - put("Alg.Alias.KeyAgreement.DH", "DiffieHellman"); - put("Alg.Alias.KeyAgreement.OID."+OID_PKCS3, "DiffieHellman"); - put("Alg.Alias.KeyAgreement."+OID_PKCS3, "DiffieHellman"); - - put("KeyAgreement.DiffieHellman SupportedKeyClasses", - "javax.crypto.interfaces.DHPublicKey" + - "|javax.crypto.interfaces.DHPrivateKey"); - - /* - * Algorithm Parameter engines - */ - put("AlgorithmParameters.DiffieHellman", - "com.sun.crypto.provider.DHParameters"); - put("Alg.Alias.AlgorithmParameters.DH", "DiffieHellman"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS3, - "DiffieHellman"); - put("Alg.Alias.AlgorithmParameters."+OID_PKCS3, - "DiffieHellman"); - - put("AlgorithmParameters.DES", - "com.sun.crypto.provider.DESParameters"); - - put("AlgorithmParameters.DESede", - "com.sun.crypto.provider.DESedeParameters"); - put("Alg.Alias.AlgorithmParameters.TripleDES", "DESede"); - - put("AlgorithmParameters.PBE", - "com.sun.crypto.provider.PBEParameters"); - - put("AlgorithmParameters.PBEWithMD5AndDES", - "com.sun.crypto.provider.PBEParameters"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_MD5_DES, - "PBEWithMD5AndDES"); - put("Alg.Alias.AlgorithmParameters."+OID_PKCS5_MD5_DES, - "PBEWithMD5AndDES"); - - put("AlgorithmParameters.PBEWithMD5AndTripleDES", - "com.sun.crypto.provider.PBEParameters"); - - put("AlgorithmParameters.PBEWithSHA1AndDESede", - "com.sun.crypto.provider.PBEParameters"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_DESede, - "PBEWithSHA1AndDESede"); - put("Alg.Alias.AlgorithmParameters."+OID_PKCS12_DESede, - "PBEWithSHA1AndDESede"); - - put("AlgorithmParameters.PBEWithSHA1AndRC2_40", - "com.sun.crypto.provider.PBEParameters"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_40, - "PBEWithSHA1AndRC2_40"); - put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40, - "PBEWithSHA1AndRC2_40"); - - put("AlgorithmParameters.PBEWithSHA1AndRC2_128", - "com.sun.crypto.provider.PBEParameters"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_128, - "PBEWithSHA1AndRC2_128"); - put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_128, - "PBEWithSHA1AndRC2_128"); - - put("AlgorithmParameters.PBEWithSHA1AndRC4_40", - "com.sun.crypto.provider.PBEParameters"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_40, - "PBEWithSHA1AndRC4_40"); - put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_40, - "PBEWithSHA1AndRC4_40"); - - put("AlgorithmParameters.PBEWithSHA1AndRC4_128", - "com.sun.crypto.provider.PBEParameters"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_128, - "PBEWithSHA1AndRC4_128"); - put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_128, - "PBEWithSHA1AndRC4_128"); - - put("AlgorithmParameters.PBES2", - "com.sun.crypto.provider.PBES2Parameters$General"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_PBES2, - "PBES2"); - put("Alg.Alias.AlgorithmParameters." + OID_PKCS5_PBES2, - "PBES2"); - - put("AlgorithmParameters.PBEWithHmacSHA1AndAES_128", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128"); - - put("AlgorithmParameters.PBEWithHmacSHA224AndAES_128", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128"); - - put("AlgorithmParameters.PBEWithHmacSHA256AndAES_128", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128"); - - put("AlgorithmParameters.PBEWithHmacSHA384AndAES_128", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128"); - - put("AlgorithmParameters.PBEWithHmacSHA512AndAES_128", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128"); - - put("AlgorithmParameters.PBEWithHmacSHA1AndAES_256", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256"); - - put("AlgorithmParameters.PBEWithHmacSHA224AndAES_256", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256"); - - put("AlgorithmParameters.PBEWithHmacSHA256AndAES_256", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256"); - - put("AlgorithmParameters.PBEWithHmacSHA384AndAES_256", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256"); - - put("AlgorithmParameters.PBEWithHmacSHA512AndAES_256", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256"); - - put("AlgorithmParameters.Blowfish", - "com.sun.crypto.provider.BlowfishParameters"); - - put("AlgorithmParameters.AES", - "com.sun.crypto.provider.AESParameters"); - put("Alg.Alias.AlgorithmParameters.Rijndael", "AES"); - put("AlgorithmParameters.GCM", - "com.sun.crypto.provider.GCMParameters"); - - - put("AlgorithmParameters.RC2", - "com.sun.crypto.provider.RC2Parameters"); - - put("AlgorithmParameters.OAEP", - "com.sun.crypto.provider.OAEPParameters"); - - /* - * Key factories - */ - put("KeyFactory.DiffieHellman", - "com.sun.crypto.provider.DHKeyFactory"); - put("Alg.Alias.KeyFactory.DH", "DiffieHellman"); - put("Alg.Alias.KeyFactory.OID."+OID_PKCS3, - "DiffieHellman"); - put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman"); - - /* - * Secret-key factories - */ - put("SecretKeyFactory.DES", - "com.sun.crypto.provider.DESKeyFactory"); - - put("SecretKeyFactory.DESede", - "com.sun.crypto.provider.DESedeKeyFactory"); - put("Alg.Alias.SecretKeyFactory.TripleDES", "DESede"); - - put("SecretKeyFactory.PBEWithMD5AndDES", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES" - ); - put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS5_MD5_DES, - "PBEWithMD5AndDES"); - put("Alg.Alias.SecretKeyFactory."+OID_PKCS5_MD5_DES, - "PBEWithMD5AndDES"); - - put("Alg.Alias.SecretKeyFactory.PBE", - "PBEWithMD5AndDES"); - - /* - * Internal in-house crypto algorithm used for - * the JCEKS keystore type. Since this was developed - * internally, there isn't an OID corresponding to this - * algorithm. - */ - put("SecretKeyFactory.PBEWithMD5AndTripleDES", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithMD5AndTripleDES" - ); - - put("SecretKeyFactory.PBEWithSHA1AndDESede", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede" - ); - put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS12_DESede, - "PBEWithSHA1AndDESede"); - put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_DESede, - "PBEWithSHA1AndDESede"); - - put("SecretKeyFactory.PBEWithSHA1AndRC2_40", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40" - ); - put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_40, - "PBEWithSHA1AndRC2_40"); - put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40, - "PBEWithSHA1AndRC2_40"); - - put("SecretKeyFactory.PBEWithSHA1AndRC2_128", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128" - ); - put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_128, - "PBEWithSHA1AndRC2_128"); - put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_128, - "PBEWithSHA1AndRC2_128"); - - put("SecretKeyFactory.PBEWithSHA1AndRC4_40", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40" - ); - - put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_40, - "PBEWithSHA1AndRC4_40"); - put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_40, - "PBEWithSHA1AndRC4_40"); - - put("SecretKeyFactory.PBEWithSHA1AndRC4_128", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128" - ); - - put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_128, - "PBEWithSHA1AndRC4_128"); - put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_128, - "PBEWithSHA1AndRC4_128"); - - put("SecretKeyFactory.PBEWithHmacSHA1AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA1AndAES_128"); - - put("SecretKeyFactory.PBEWithHmacSHA224AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA224AndAES_128"); - - put("SecretKeyFactory.PBEWithHmacSHA256AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA256AndAES_128"); - - put("SecretKeyFactory.PBEWithHmacSHA384AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA384AndAES_128"); - - put("SecretKeyFactory.PBEWithHmacSHA512AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA512AndAES_128"); - - put("SecretKeyFactory.PBEWithHmacSHA1AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA1AndAES_256"); - - put("SecretKeyFactory.PBEWithHmacSHA224AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA224AndAES_256"); - - put("SecretKeyFactory.PBEWithHmacSHA256AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA256AndAES_256"); - - put("SecretKeyFactory.PBEWithHmacSHA384AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA384AndAES_256"); - - put("SecretKeyFactory.PBEWithHmacSHA512AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA512AndAES_256"); - - // PBKDF2 - - put("SecretKeyFactory.PBKDF2WithHmacSHA1", - "com.sun.crypto.provider.PBKDF2Core$HmacSHA1"); - put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2, - "PBKDF2WithHmacSHA1"); - put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2, - "PBKDF2WithHmacSHA1"); - - put("SecretKeyFactory.PBKDF2WithHmacSHA224", - "com.sun.crypto.provider.PBKDF2Core$HmacSHA224"); - put("SecretKeyFactory.PBKDF2WithHmacSHA256", - "com.sun.crypto.provider.PBKDF2Core$HmacSHA256"); - put("SecretKeyFactory.PBKDF2WithHmacSHA384", - "com.sun.crypto.provider.PBKDF2Core$HmacSHA384"); - put("SecretKeyFactory.PBKDF2WithHmacSHA512", - "com.sun.crypto.provider.PBKDF2Core$HmacSHA512"); - - /* - * MAC - */ - put("Mac.HmacMD5", "com.sun.crypto.provider.HmacMD5"); - put("Mac.HmacSHA1", "com.sun.crypto.provider.HmacSHA1"); - put("Alg.Alias.Mac.OID.1.2.840.113549.2.7", "HmacSHA1"); - put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1"); - put("Mac.HmacSHA224", - "com.sun.crypto.provider.HmacCore$HmacSHA224"); - put("Alg.Alias.Mac.OID.1.2.840.113549.2.8", "HmacSHA224"); - put("Alg.Alias.Mac.1.2.840.113549.2.8", "HmacSHA224"); - put("Mac.HmacSHA256", - "com.sun.crypto.provider.HmacCore$HmacSHA256"); - put("Alg.Alias.Mac.OID.1.2.840.113549.2.9", "HmacSHA256"); - put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256"); - put("Mac.HmacSHA384", - "com.sun.crypto.provider.HmacCore$HmacSHA384"); - put("Alg.Alias.Mac.OID.1.2.840.113549.2.10", "HmacSHA384"); - put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384"); - put("Mac.HmacSHA512", - "com.sun.crypto.provider.HmacCore$HmacSHA512"); - put("Alg.Alias.Mac.OID.1.2.840.113549.2.11", "HmacSHA512"); - put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512"); - - put("Mac.HmacPBESHA1", - "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1"); - put("Mac.HmacPBESHA224", - "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224"); - put("Mac.HmacPBESHA256", - "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256"); - put("Mac.HmacPBESHA384", - "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384"); - put("Mac.HmacPBESHA512", - "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512"); - put("Mac.HmacPBESHA512/224", - "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224"); - put("Mac.HmacPBESHA512/256", - "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256"); - - // PBMAC1 - - put("Mac.PBEWithHmacSHA1", - "com.sun.crypto.provider.PBMAC1Core$HmacSHA1"); - put("Mac.PBEWithHmacSHA224", - "com.sun.crypto.provider.PBMAC1Core$HmacSHA224"); - put("Mac.PBEWithHmacSHA256", - "com.sun.crypto.provider.PBMAC1Core$HmacSHA256"); - put("Mac.PBEWithHmacSHA384", - "com.sun.crypto.provider.PBMAC1Core$HmacSHA384"); - put("Mac.PBEWithHmacSHA512", - "com.sun.crypto.provider.PBMAC1Core$HmacSHA512"); - - put("Mac.SslMacMD5", - "com.sun.crypto.provider.SslMacCore$SslMacMD5"); - put("Mac.SslMacSHA1", - "com.sun.crypto.provider.SslMacCore$SslMacSHA1"); - - put("Mac.HmacMD5 SupportedKeyFormats", "RAW"); - put("Mac.HmacSHA1 SupportedKeyFormats", "RAW"); - put("Mac.HmacSHA224 SupportedKeyFormats", "RAW"); - put("Mac.HmacSHA256 SupportedKeyFormats", "RAW"); - put("Mac.HmacSHA384 SupportedKeyFormats", "RAW"); - put("Mac.HmacSHA512 SupportedKeyFormats", "RAW"); - put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW"); - put("Mac.HmacPBESHA224 SupportedKeyFormats", "RAW"); - put("Mac.HmacPBESHA256 SupportedKeyFormats", "RAW"); - put("Mac.HmacPBESHA384 SupportedKeyFormats", "RAW"); - put("Mac.HmacPBESHA512 SupportedKeyFormats", "RAW"); - put("Mac.HmacPBESHA512/224 SupportedKeyFormats", "RAW"); - put("Mac.HmacPBESHA512/256 SupportedKeyFormats", "RAW"); - put("Mac.PBEWithHmacSHA1 SupportedKeyFormatS", "RAW"); - put("Mac.PBEWithHmacSHA224 SupportedKeyFormats", "RAW"); - put("Mac.PBEWithHmacSHA256 SupportedKeyFormats", "RAW"); - put("Mac.PBEWithHmacSHA384 SupportedKeyFormats", "RAW"); - put("Mac.PBEWithHmacSHA512 SupportedKeyFormats", "RAW"); - put("Mac.SslMacMD5 SupportedKeyFormats", "RAW"); - put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW"); - - /* - * KeyStore - */ - put("KeyStore.JCEKS", "com.sun.crypto.provider.JceKeyStore"); - - /* - * SSL/TLS mechanisms - * - * These are strictly internal implementations and may - * be changed at any time. These names were chosen - * because PKCS11/SunPKCS11 does not yet have TLS1.2 - * mechanisms, and it will cause calls to come here. - */ - put("KeyGenerator.SunTlsPrf", - "com.sun.crypto.provider.TlsPrfGenerator$V10"); - put("KeyGenerator.SunTls12Prf", - "com.sun.crypto.provider.TlsPrfGenerator$V12"); - - put("KeyGenerator.SunTlsMasterSecret", - "com.sun.crypto.provider.TlsMasterSecretGenerator"); - put("Alg.Alias.KeyGenerator.SunTls12MasterSecret", - "SunTlsMasterSecret"); - put("Alg.Alias.KeyGenerator.SunTlsExtendedMasterSecret", - "SunTlsMasterSecret"); - - put("KeyGenerator.SunTlsKeyMaterial", - "com.sun.crypto.provider.TlsKeyMaterialGenerator"); - put("Alg.Alias.KeyGenerator.SunTls12KeyMaterial", - "SunTlsKeyMaterial"); - - put("KeyGenerator.SunTlsRsaPremasterSecret", - "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator"); - put("Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret", - "SunTlsRsaPremasterSecret"); - - return null; - } - }); - - if (instance == null) { - instance = this; - } + attrs.clear(); + attrs.put("SupportedModes", BLOCK_MODES); + attrs.put("SupportedPaddings", BLOCK_PADS); + attrs.put("SupportedKeyFormats", "RAW"); + ps("Cipher", "DES", + "com.sun.crypto.provider.DESCipher", null, attrs); + ps("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher", + desEdeAliases, attrs); + ps("Cipher", "Blowfish", + "com.sun.crypto.provider.BlowfishCipher", null, attrs); + + ps("Cipher", "RC2", + "com.sun.crypto.provider.RC2Cipher", null, attrs); + + attrs.clear(); + attrs.put("SupportedModes", BLOCK_MODES128); + attrs.put("SupportedPaddings", BLOCK_PADS); + attrs.put("SupportedKeyFormats", "RAW"); + ps("Cipher", "AES", "com.sun.crypto.provider.AESCipher$General", + aesAliases, attrs); + + attrs.clear(); + attrs.put("SupportedKeyFormats", "RAW"); + ps("Cipher", "AES_128/ECB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding", + createAliasesWithOid(aes128Oid+"1"), attrs); + ps("Cipher", "AES_128/CBC/NoPadding", + "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding", + createAliasesWithOid(aes128Oid+"2"), attrs); + ps("Cipher", "AES_128/OFB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding", + createAliasesWithOid(aes128Oid+"3"), attrs); + ps("Cipher", "AES_128/CFB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding", + createAliasesWithOid(aes128Oid+"4"), attrs); + ps("Cipher", "AES_128/GCM/NoPadding", + "com.sun.crypto.provider.AESCipher$AES128_GCM_NoPadding", + createAliasesWithOid(aes128Oid+"6"), attrs); + + ps("Cipher", "AES_192/ECB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding", + createAliasesWithOid(aes192Oid+"1"), attrs); + ps("Cipher", "AES_192/CBC/NoPadding", + "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding", + createAliasesWithOid(aes192Oid+"2"), attrs); + ps("Cipher", "AES_192/OFB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding", + createAliasesWithOid(aes192Oid+"3"), attrs); + ps("Cipher", "AES_192/CFB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding", + createAliasesWithOid(aes192Oid+"4"), attrs); + ps("Cipher", "AES_192/GCM/NoPadding", + "com.sun.crypto.provider.AESCipher$AES192_GCM_NoPadding", + createAliasesWithOid(aes192Oid+"6"), attrs); + + ps("Cipher", "AES_256/ECB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding", + createAliasesWithOid(aes256Oid+"1"), attrs); + ps("Cipher", "AES_256/CBC/NoPadding", + "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding", + createAliasesWithOid(aes256Oid+"2"), attrs); + ps("Cipher", "AES_256/OFB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding", + createAliasesWithOid(aes256Oid+"3"), attrs); + ps("Cipher", "AES_256/CFB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding", + createAliasesWithOid(aes256Oid+"4"), attrs); + ps("Cipher", "AES_256/GCM/NoPadding", + "com.sun.crypto.provider.AESCipher$AES256_GCM_NoPadding", + createAliasesWithOid(aes256Oid+"6"), attrs); + + attrs.clear(); + attrs.put("SupportedModes", "CBC"); + attrs.put("SupportedPaddings", "NOPADDING"); + attrs.put("SupportedKeyFormats", "RAW"); + ps("Cipher", "DESedeWrap", + "com.sun.crypto.provider.DESedeWrapCipher", null, attrs); + + attrs.clear(); + attrs.put("SupportedModes", "ECB"); + attrs.put("SupportedPaddings", "NOPADDING"); + attrs.put("SupportedKeyFormats", "RAW"); + ps("Cipher", "ARCFOUR", "com.sun.crypto.provider.ARCFOURCipher", + arcFourAliases, attrs); + ps("Cipher", "AESWrap", "com.sun.crypto.provider.AESWrapCipher$General", + null, attrs); + ps("Cipher", "AESWrap_128", + "com.sun.crypto.provider.AESWrapCipher$AES128", + createAliasesWithOid(aes128Oid+"5"), attrs); + ps("Cipher", "AESWrap_192", + "com.sun.crypto.provider.AESWrapCipher$AES192", + createAliasesWithOid(aes192Oid+"5"), attrs); + ps("Cipher", "AESWrap_256", + "com.sun.crypto.provider.AESWrapCipher$AES256", + createAliasesWithOid(aes256Oid+"5"), attrs); + + attrs.clear(); + attrs.put("SupportedKeyFormats", "RAW"); + + // PBES1 + ps("Cipher", "PBEWithMD5AndDES", + "com.sun.crypto.provider.PBEWithMD5AndDESCipher", + pkcs5MD5_DESAliases, null); + ps("Cipher", "PBEWithMD5AndTripleDES", + "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher", + null, null); + ps("Cipher", "PBEWithSHA1AndDESede", + "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede", + pkcs12DESedeAliases, null); + ps("Cipher", "PBEWithSHA1AndRC2_40", + "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40", + pkcs12RC2_40Aliases, null); + ps("Cipher", "PBEWithSHA1AndRC2_128", + "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128", + pkcs12RC2_128Aliases, null); + ps("Cipher", "PBEWithSHA1AndRC4_40", + "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40", + pkcs12RC4_40Aliases, null); + + ps("Cipher", "PBEWithSHA1AndRC4_128", + "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128", + pkcs12RC4_128Aliases, null); + + // PBES2 + ps("Cipher", "PBEWithHmacSHA1AndAES_128", + "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128", + null, null); + + ps("Cipher", "PBEWithHmacSHA224AndAES_128", + "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128", + null, null); + + ps("Cipher", "PBEWithHmacSHA256AndAES_128", + "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128", + null, null); + + ps("Cipher", "PBEWithHmacSHA384AndAES_128", + "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128", + null, null); + + ps("Cipher", "PBEWithHmacSHA512AndAES_128", + "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128", + null, null); + + ps("Cipher", "PBEWithHmacSHA1AndAES_256", + "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256", + null, null); + + ps("Cipher", "PBEWithHmacSHA224AndAES_256", + "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256", + null, null); + + ps("Cipher", "PBEWithHmacSHA256AndAES_256", + "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256", + null, null); + + ps("Cipher", "PBEWithHmacSHA384AndAES_256", + "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256", + null, null); + + ps("Cipher", "PBEWithHmacSHA512AndAES_256", + "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256", + null, null); + + /* + * Key(pair) Generator engines + */ + ps("KeyGenerator", "DES", + "com.sun.crypto.provider.DESKeyGenerator", + null, null); + ps("KeyGenerator", "DESede", + "com.sun.crypto.provider.DESedeKeyGenerator", + desEdeAliases, null); + ps("KeyGenerator", "Blowfish", + "com.sun.crypto.provider.BlowfishKeyGenerator", + null, null); + ps("KeyGenerator", "AES", + "com.sun.crypto.provider.AESKeyGenerator", + aesAliases, null); + ps("KeyGenerator", "RC2", + "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator", + null, null); + ps("KeyGenerator", "ARCFOUR", + "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator", + arcFourAliases, null); + ps("KeyGenerator", "HmacMD5", + "com.sun.crypto.provider.HmacMD5KeyGenerator", + null, null); + + ps("KeyGenerator", "HmacSHA1", + "com.sun.crypto.provider.HmacSHA1KeyGenerator", + macSHA1Aliases, null); + ps("KeyGenerator", "HmacSHA224", + "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224", + macSHA224Aliases, null); + ps("KeyGenerator", "HmacSHA256", + "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256", + macSHA256Aliases, null); + ps("KeyGenerator", "HmacSHA384", + "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384", + macSHA384Aliases, null); + ps("KeyGenerator", "HmacSHA512", + "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512", + macSHA512Aliases, null); + + ps("KeyPairGenerator", "DiffieHellman", + "com.sun.crypto.provider.DHKeyPairGenerator", + diffieHellmanAliases, null); + + /* + * Algorithm parameter generation engines + */ + ps("AlgorithmParameterGenerator", + "DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator", + diffieHellmanAliases, null); + + /* + * Key Agreement engines + */ + attrs.clear(); + attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" + + "|javax.crypto.interfaces.DHPrivateKey"); + ps("KeyAgreement", "DiffieHellman", + "com.sun.crypto.provider.DHKeyAgreement", + diffieHellmanAliases, attrs); + + /* + * Algorithm Parameter engines + */ + ps("AlgorithmParameters", "DiffieHellman", + "com.sun.crypto.provider.DHParameters", + diffieHellmanAliases, null); + + ps("AlgorithmParameters", "DES", + "com.sun.crypto.provider.DESParameters", + null, null); + + ps("AlgorithmParameters", "DESede", + "com.sun.crypto.provider.DESedeParameters", + desEdeAliases, null); + + ps("AlgorithmParameters", "PBEWithMD5AndDES", + "com.sun.crypto.provider.PBEParameters", + pkcs5MD5_DESAliases, null); + + ps("AlgorithmParameters", "PBEWithMD5AndTripleDES", + "com.sun.crypto.provider.PBEParameters", + null, null); + + ps("AlgorithmParameters", "PBEWithSHA1AndDESede", + "com.sun.crypto.provider.PBEParameters", + pkcs12DESedeAliases, null); + + ps("AlgorithmParameters", "PBEWithSHA1AndRC2_40", + "com.sun.crypto.provider.PBEParameters", + pkcs12RC2_40Aliases, null); + + ps("AlgorithmParameters", "PBEWithSHA1AndRC2_128", + "com.sun.crypto.provider.PBEParameters", + pkcs12RC2_128Aliases, null); + + ps("AlgorithmParameters", "PBEWithSHA1AndRC4_40", + "com.sun.crypto.provider.PBEParameters", + pkcs12RC4_40Aliases, null); + + ps("AlgorithmParameters", "PBEWithSHA1AndRC4_128", + "com.sun.crypto.provider.PBEParameters", + pkcs12RC4_128Aliases, null); + + ps("AlgorithmParameters", "PBES2", + "com.sun.crypto.provider.PBES2Parameters$General", + pkcs5PBES2Aliases, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_128", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128", + null, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_128", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128", + null, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_128", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128", + null, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_128", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128", + null, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_128", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128", + null, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_256", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256", + null, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_256", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256", + null, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_256", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256", + null, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_256", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256", + null, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_256", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256", + null, null); + + ps("AlgorithmParameters", "Blowfish", + "com.sun.crypto.provider.BlowfishParameters", + null, null); + + ps("AlgorithmParameters", "AES", + "com.sun.crypto.provider.AESParameters", + aesAliases, null); + + ps("AlgorithmParameters", "GCM", + "com.sun.crypto.provider.GCMParameters", + null, null); + + ps("AlgorithmParameters", "RC2", + "com.sun.crypto.provider.RC2Parameters", + null, null); + + ps("AlgorithmParameters", "OAEP", + "com.sun.crypto.provider.OAEPParameters", + null, null); + + /* + * Key factories + */ + ps("KeyFactory", "DiffieHellman", + "com.sun.crypto.provider.DHKeyFactory", + diffieHellmanAliases, null); + + /* + * Secret-key factories + */ + ps("SecretKeyFactory", "DES", + "com.sun.crypto.provider.DESKeyFactory", + null, null); + + ps("SecretKeyFactory", "DESede", + "com.sun.crypto.provider.DESedeKeyFactory", + desEdeAliases, null); + + ps("SecretKeyFactory", "PBEWithMD5AndDES", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES", + pkcs5MD5_DESAliases, null); + + /* + * Internal in-house crypto algorithm used for + * the JCEKS keystore type. Since this was developed + * internally, there isn't an OID corresponding to this + * algorithm. + */ + ps("SecretKeyFactory", "PBEWithMD5AndTripleDES", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES", + null, null); + + ps("SecretKeyFactory", "PBEWithSHA1AndDESede", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede", + pkcs12DESedeAliases, null); + + ps("SecretKeyFactory", "PBEWithSHA1AndRC2_40", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40", + pkcs12RC2_40Aliases, null); + + ps("SecretKeyFactory", "PBEWithSHA1AndRC2_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128", + pkcs12RC2_128Aliases, null); + + ps("SecretKeyFactory", "PBEWithSHA1AndRC4_40", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40", + pkcs12RC4_40Aliases,null); + + ps("SecretKeyFactory", "PBEWithSHA1AndRC4_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128", + pkcs12RC4_128Aliases, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128", + null, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128", + null, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128", + null, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128", + null, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128", + null, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256", + null, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256", + null, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256", + null, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256", + null, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256", + null, null); + + // PBKDF2 + ps("SecretKeyFactory", "PBKDF2WithHmacSHA1", + "com.sun.crypto.provider.PBKDF2Core$HmacSHA1", + pkcs5PBKDF2Aliases, null); + ps("SecretKeyFactory", "PBKDF2WithHmacSHA224", + "com.sun.crypto.provider.PBKDF2Core$HmacSHA224", + null, null); + ps("SecretKeyFactory", "PBKDF2WithHmacSHA256", + "com.sun.crypto.provider.PBKDF2Core$HmacSHA256", + null, null); + ps("SecretKeyFactory", "PBKDF2WithHmacSHA384", + "com.sun.crypto.provider.PBKDF2Core$HmacSHA384", + null, null); + ps("SecretKeyFactory", "PBKDF2WithHmacSHA512", + "com.sun.crypto.provider.PBKDF2Core$HmacSHA512", + null, null); + + /* + * MAC + */ + attrs.clear(); + attrs.put("SupportedKeyFormats", "RAW"); + ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs); + ps("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1", + macSHA1Aliases, attrs); + ps("Mac", "HmacSHA224", "com.sun.crypto.provider.HmacCore$HmacSHA224", + macSHA224Aliases, attrs); + ps("Mac", "HmacSHA256", "com.sun.crypto.provider.HmacCore$HmacSHA256", + macSHA256Aliases, attrs); + ps("Mac", "HmacSHA384", "com.sun.crypto.provider.HmacCore$HmacSHA384", + macSHA384Aliases, attrs); + ps("Mac", "HmacSHA512", "com.sun.crypto.provider.HmacCore$HmacSHA512", + macSHA512Aliases, attrs); + // TODO: aliases with OIDs + ps("Mac", "HmacPBESHA1", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1", + null, attrs); + ps("Mac", "HmacPBESHA224", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224", + null, attrs); + ps("Mac", "HmacPBESHA256", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256", + null, attrs); + ps("Mac", "HmacPBESHA384", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384", + null, attrs); + ps("Mac", "HmacPBESHA512", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512", + null, attrs); + ps("Mac", "HmacPBESHA512/224", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224", + null, attrs); + ps("Mac", "HmacPBESHA512/256", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256", + null, attrs); + + // PBMAC1 + ps("Mac", "PBEWithHmacSHA1", + "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs); + ps("Mac", "PBEWithHmacSHA224", + "com.sun.crypto.provider.PBMAC1Core$HmacSHA224", null, attrs); + ps("Mac", "PBEWithHmacSHA256", + "com.sun.crypto.provider.PBMAC1Core$HmacSHA256", null, attrs); + ps("Mac", "PBEWithHmacSHA384", + "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs); + ps("Mac", "PBEWithHmacSHA512", + "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs); + ps("Mac", "SslMacMD5", + "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs); + ps("Mac", "SslMacSHA1", + "com.sun.crypto.provider.SslMacCore$SslMacSHA1", null, attrs); + + /* + * KeyStore + */ + ps("KeyStore", "JCEKS", + "com.sun.crypto.provider.JceKeyStore", + null, null); + + /* + * SSL/TLS mechanisms + * + * These are strictly internal implementations and may + * be changed at any time. These names were chosen + * because PKCS11/SunPKCS11 does not yet have TLS1.2 + * mechanisms, and it will cause calls to come here. + */ + ps("KeyGenerator", "SunTlsPrf", + "com.sun.crypto.provider.TlsPrfGenerator$V10", + null, null); + ps("KeyGenerator", "SunTls12Prf", + "com.sun.crypto.provider.TlsPrfGenerator$V12", + null, null); + + ps("KeyGenerator", "SunTlsMasterSecret", + "com.sun.crypto.provider.TlsMasterSecretGenerator", + createAliases("SunTls12MasterSecret", + "SunTlsExtendedMasterSecret"), null); + ps("KeyGenerator", "SunTlsKeyMaterial", + "com.sun.crypto.provider.TlsKeyMaterialGenerator", + createAliases("SunTls12KeyMaterial"), null); + + ps("KeyGenerator", "SunTlsRsaPremasterSecret", + "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator", + createAliases("SunTls12RsaPremasterSecret"), null); } // Return the instance of this class or create one if needed. diff --git a/jdk/src/share/classes/java/security/AlgorithmParameterGenerator.java b/jdk/src/share/classes/java/security/AlgorithmParameterGenerator.java index 7f9c7cbf4..b8cb61a56 100644 --- a/jdk/src/share/classes/java/security/AlgorithmParameterGenerator.java +++ b/jdk/src/share/classes/java/security/AlgorithmParameterGenerator.java @@ -26,6 +26,7 @@ package java.security; import java.security.spec.AlgorithmParameterSpec; +import sun.security.jca.JCAUtil; /** * The {@code AlgorithmParameterGenerator} class is used to generate a @@ -282,7 +283,7 @@ public class AlgorithmParameterGenerator { * @param size the size (number of bits). */ public final void init(int size) { - paramGenSpi.engineInit(size, new SecureRandom()); + paramGenSpi.engineInit(size, JCAUtil.getSecureRandom()); } /** @@ -313,7 +314,7 @@ public class AlgorithmParameterGenerator { */ public final void init(AlgorithmParameterSpec genParamSpec) throws InvalidAlgorithmParameterException { - paramGenSpi.engineInit(genParamSpec, new SecureRandom()); + paramGenSpi.engineInit(genParamSpec, JCAUtil.getSecureRandom()); } /** diff --git a/jdk/src/share/classes/java/security/Provider.java b/jdk/src/share/classes/java/security/Provider.java index 1eadb0e62..34f5ab22b 100644 --- a/jdk/src/share/classes/java/security/Provider.java +++ b/jdk/src/share/classes/java/security/Provider.java @@ -30,6 +30,7 @@ import java.util.*; import static java.util.Locale.ENGLISH; import java.lang.ref.*; import java.lang.reflect.*; +import java.util.concurrent.ConcurrentHashMap; import java.util.function.BiConsumer; import java.util.function.BiFunction; import java.util.function.Function; @@ -135,6 +136,7 @@ public abstract class Provider extends Properties { this.name = name; this.version = version; this.info = info; + this.serviceMap = new ConcurrentHashMap<>(); putId(); initialized = true; } @@ -662,15 +664,20 @@ public abstract class Provider extends Properties { // legacy properties changed since last call to any services method? private transient boolean legacyChanged; // serviceMap changed since last call to getServices() - private transient boolean servicesChanged; + private volatile transient boolean servicesChanged; - // Map<String,String> + // Map<String,String> used to keep track of legacy registration private transient Map<String,String> legacyStrings; // Map<ServiceKey,Service> // used for services added via putService(), initialized on demand private transient Map<ServiceKey,Service> serviceMap; + // For backward compatibility, the registration ordering of + // SecureRandom (RNG) algorithms needs to be preserved for + // "new SecureRandom()" calls when this provider is used + private transient Set<String> prngAlgos; + // Map<ServiceKey,Service> // used for services added via legacy methods, init on demand private transient Map<ServiceKey,Service> legacyMap; @@ -698,11 +705,13 @@ public abstract class Provider extends Properties { } defaults = null; in.defaultReadObject(); + this.serviceMap = new ConcurrentHashMap<>(); implClear(); initialized = true; putAll(copy); } + // check whether to update 'legacyString' with the specified key private boolean checkLegacy(Object key) { String keyString = (String)key; if (keyString.startsWith("Provider.")) { @@ -711,7 +720,7 @@ public abstract class Provider extends Properties { legacyChanged = true; if (legacyStrings == null) { - legacyStrings = new LinkedHashMap<String,String>(); + legacyStrings = new LinkedHashMap<>(); } return true; } @@ -742,7 +751,7 @@ public abstract class Provider extends Properties { if (!checkLegacy(key)) { return false; } - legacyStrings.remove((String)key, value); + legacyStrings.remove((String)key, (String)value); } return super.remove(key, value); } @@ -772,7 +781,7 @@ public abstract class Provider extends Properties { private void implReplaceAll(BiFunction<? super Object, ? super Object, ? extends Object> function) { legacyChanged = true; if (legacyStrings == null) { - legacyStrings = new LinkedHashMap<String,String>(); + legacyStrings = new LinkedHashMap<>(); } else { legacyStrings.replaceAll((BiFunction<? super String, ? super String, ? extends String>) function); } @@ -796,8 +805,8 @@ public abstract class Provider extends Properties { if (!checkLegacy(key)) { return null; } - legacyStrings.computeIfAbsent((String) key, - (Function<? super String, ? extends String>) remappingFunction); + legacyStrings.compute((String) key, + (BiFunction<? super String, ? super String, ? extends String>) remappingFunction); } return super.compute(key, remappingFunction); } @@ -851,12 +860,11 @@ public abstract class Provider extends Properties { if (legacyMap != null) { legacyMap.clear(); } - if (serviceMap != null) { - serviceMap.clear(); - } + serviceMap.clear(); legacyChanged = false; servicesChanged = false; serviceSet = null; + prngAlgos = null; super.clear(); putId(); } @@ -873,13 +881,13 @@ public abstract class Provider extends Properties { this.algorithm = intern ? algorithm.intern() : algorithm; } public int hashCode() { - return type.hashCode() + algorithm.hashCode(); + return Objects.hash(type, algorithm); } public boolean equals(Object obj) { if (this == obj) { return true; } - if (obj instanceof ServiceKey == false) { + if (!(obj instanceof ServiceKey)) { return false; } ServiceKey other = (ServiceKey)obj; @@ -901,7 +909,7 @@ public abstract class Provider extends Properties { } serviceSet = null; if (legacyMap == null) { - legacyMap = new LinkedHashMap<ServiceKey,Service>(); + legacyMap = new ConcurrentHashMap<>(); } else { legacyMap.clear(); } @@ -957,7 +965,10 @@ public abstract class Provider extends Properties { String type = getEngineName(typeAndAlg[0]); String aliasAlg = typeAndAlg[1].intern(); ServiceKey key = new ServiceKey(type, stdAlg, true); - Service s = legacyMap.get(key); + Service s = serviceMap.get(key); + if (s == null) { + s = legacyMap.get(key); + } if (s == null) { s = new Service(this); s.type = type; @@ -986,6 +997,10 @@ public abstract class Provider extends Properties { legacyMap.put(key, s); } s.className = className; + + if (type.equals("SecureRandom")) { + updateSecureRandomEntries(true, s.algorithm); + } } else { // attribute // e.g. put("MessageDigest.SHA-1 ImplementedIn", "Software"); String attributeValue = value; @@ -1031,7 +1046,7 @@ public abstract class Provider extends Properties { * * @since 1.5 */ - public synchronized Service getService(String type, String algorithm) { + public Service getService(String type, String algorithm) { checkInitialized(); // avoid allocating a new key object if possible ServiceKey key = previousKey; @@ -1039,14 +1054,19 @@ public abstract class Provider extends Properties { key = new ServiceKey(type, algorithm, false); previousKey = key; } - if (serviceMap != null) { - Service service = serviceMap.get(key); - if (service != null) { - return service; + if (!serviceMap.isEmpty()) { + Service s = serviceMap.get(key); + if (s != null) { + return s; + } + } + synchronized (this){ + ensureLegacyParsed(); + if (legacyMap != null && !legacyMap.isEmpty()) { + return legacyMap.get(key); } } - ensureLegacyParsed(); - return (legacyMap != null) ? legacyMap.get(key) : null; + return null; } // ServiceKey from previous getService() call @@ -1075,10 +1095,10 @@ public abstract class Provider extends Properties { if (serviceSet == null) { ensureLegacyParsed(); Set<Service> set = new LinkedHashSet<>(); - if (serviceMap != null) { + if (!serviceMap.isEmpty()) { set.addAll(serviceMap.values()); } - if (legacyMap != null) { + if (legacyMap != null && !legacyMap.isEmpty()) { set.addAll(legacyMap.values()); } serviceSet = Collections.unmodifiableSet(set); @@ -1116,7 +1136,7 @@ public abstract class Provider extends Properties { * * @since 1.5 */ - protected synchronized void putService(Service s) { + protected void putService(Service s) { check("putProviderProperty." + name); if (debug != null) { debug.println(name + ".putService(): " + s); @@ -1128,20 +1148,58 @@ public abstract class Provider extends Properties { throw new IllegalArgumentException ("service.getProvider() must match this Provider object"); } - if (serviceMap == null) { - serviceMap = new LinkedHashMap<ServiceKey,Service>(); - } - servicesChanged = true; String type = s.getType(); String algorithm = s.getAlgorithm(); ServiceKey key = new ServiceKey(type, algorithm, true); - // remove existing service implRemoveService(serviceMap.get(key)); serviceMap.put(key, s); for (String alias : s.getAliases()) { serviceMap.put(new ServiceKey(type, alias, true), s); } - putPropertyStrings(s); + servicesChanged = true; + synchronized (this) { + putPropertyStrings(s); + if (type.equals("SecureRandom")) { + updateSecureRandomEntries(true, s.algorithm); + } + } + } + + // keep tracks of the registered secure random algos and store them in order + private void updateSecureRandomEntries(boolean doAdd, String s) { + Objects.requireNonNull(s); + if (doAdd) { + if (prngAlgos == null) { + prngAlgos = new LinkedHashSet<String>(); + } + prngAlgos.add(s); + } else { + prngAlgos.remove(s); + } + + if (debug != null) { + debug.println((doAdd? "Add":"Remove") + " SecureRandom algo " + s); + } + } + + // used by new SecureRandom() to find out the default SecureRandom + // service for this provider + synchronized Service getDefaultSecureRandomService() { + checkInitialized(); + + if (legacyChanged) { + prngAlgos = null; + ensureLegacyParsed(); + } + + if (prngAlgos != null && !prngAlgos.isEmpty()) { + // IMPORTANT: use the Service obj returned by getService(...) call + // as providers may override putService(...)/getService(...) and + // return their own Service objects + return getService("SecureRandom", prngAlgos.iterator().next()); + } + + return null; } /** @@ -1208,7 +1266,7 @@ public abstract class Provider extends Properties { * * @since 1.5 */ - protected synchronized void removeService(Service s) { + protected void removeService(Service s) { check("removeProviderProperty." + name); if (debug != null) { debug.println(name + ".removeService(): " + s); @@ -1220,7 +1278,7 @@ public abstract class Provider extends Properties { } private void implRemoveService(Service s) { - if ((s == null) || (serviceMap == null)) { + if ((s == null) || serviceMap.isEmpty()) { return; } String type = s.getType(); @@ -1235,7 +1293,12 @@ public abstract class Provider extends Properties { for (String alias : s.getAliases()) { serviceMap.remove(new ServiceKey(type, alias, false)); } - removePropertyStrings(s); + synchronized (this) { + removePropertyStrings(s); + if (type.equals("SecureRandom")) { + updateSecureRandomEntries(false, s.algorithm); + } + } } // Wrapped String that behaves in a case insensitive way for equals/hashCode diff --git a/jdk/src/share/classes/java/security/SecureRandom.java b/jdk/src/share/classes/java/security/SecureRandom.java index 6848be5a2..05ff79191 100644 --- a/jdk/src/share/classes/java/security/SecureRandom.java +++ b/jdk/src/share/classes/java/security/SecureRandom.java @@ -32,6 +32,7 @@ import java.security.Provider.Service; import sun.security.jca.*; import sun.security.jca.GetInstance.Instance; +import sun.security.provider.SunEntries; import sun.security.util.Debug; /** @@ -191,35 +192,50 @@ public class SecureRandom extends java.util.Random { } private void getDefaultPRNG(boolean setSeed, byte[] seed) { - String prng = getPrngAlgorithm(); - if (prng == null) { - // bummer, get the SUN implementation - prng = "SHA1PRNG"; + Service prngService = null; + String prngAlgorithm = null; + for (Provider p : Providers.getProviderList().providers()) { + // SUN provider uses the SunEntries.DEF_SECURE_RANDOM_ALGO + // as the default SecureRandom algorithm; for other providers, + // Provider.getDefaultSecureRandom() will use the 1st + // registered SecureRandom algorithm + if (p.getName().equals("SUN")) { + prngAlgorithm = SunEntries.DEF_SECURE_RANDOM_ALGO; + prngService = p.getService("SecureRandom", prngAlgorithm); + break; + } else { + prngService = p.getDefaultSecureRandomService(); + if (prngService != null) { + prngAlgorithm = prngService.getAlgorithm(); + break; + } + } + } + // per javadoc, if none of the Providers support a RNG algorithm, + // then an implementation-specific default is returned. + if (prngService == null) { + prngAlgorithm = "SHA1PRNG"; this.secureRandomSpi = new sun.security.provider.SecureRandom(); this.provider = Providers.getSunProvider(); - if (setSeed) { - this.secureRandomSpi.engineSetSeed(seed); - } } else { try { - SecureRandom random = SecureRandom.getInstance(prng); - this.secureRandomSpi = random.getSecureRandomSpi(); - this.provider = random.getProvider(); - if (setSeed) { - this.secureRandomSpi.engineSetSeed(seed); - } + this.secureRandomSpi = (SecureRandomSpi) prngService.newInstance(null); + this.provider = prngService.getProvider(); } catch (NoSuchAlgorithmException nsae) { - // never happens, because we made sure the algorithm exists + // should not happen throw new RuntimeException(nsae); } } + if (setSeed) { + this.secureRandomSpi.engineSetSeed(seed); + } // JDK 1.1 based implementations subclass SecureRandom instead of // SecureRandomSpi. They will also go through this code path because // they must call a SecureRandom constructor as it is their superclass. // If we are dealing with such an implementation, do not set the // algorithm value as it would be inaccurate. if (getClass() == SecureRandom.class) { - this.algorithm = prng; + this.algorithm = prngAlgorithm; } } @@ -386,13 +402,6 @@ public class SecureRandom extends java.util.Random { instance.provider, algorithm); } - /** - * Returns the SecureRandomSpi of this SecureRandom object. - */ - SecureRandomSpi getSecureRandomSpi() { - return secureRandomSpi; - } - /** * Returns the provider of this SecureRandom object. * @@ -548,23 +557,6 @@ public class SecureRandom extends java.util.Random { return retVal; } - /** - * Gets a default PRNG algorithm by looking through all registered - * providers. Returns the first PRNG algorithm of the first provider that - * has registered a SecureRandom implementation, or null if none of the - * registered providers supplies a SecureRandom implementation. - */ - private static String getPrngAlgorithm() { - for (Provider p : Providers.getProviderList().providers()) { - for (Service s : p.getServices()) { - if (s.getType().equals("SecureRandom")) { - return s.getAlgorithm(); - } - } - } - return null; - } - /* * Lazily initialize since Pattern.compile() is heavy. * Effective Java (2nd Edition), Item 71. diff --git a/jdk/src/share/classes/javax/crypto/Cipher.java b/jdk/src/share/classes/javax/crypto/Cipher.java index d3d09d7e2..93c177e77 100644 --- a/jdk/src/share/classes/javax/crypto/Cipher.java +++ b/jdk/src/share/classes/javax/crypto/Cipher.java @@ -1186,7 +1186,7 @@ public class Cipher { * by the underlying {@code CipherSpi}. */ public final void init(int opmode, Key key) throws InvalidKeyException { - init(opmode, key, JceSecurity.RANDOM); + init(opmode, key, JCAUtil.getSecureRandom()); } /** @@ -1327,7 +1327,7 @@ public class Cipher { public final void init(int opmode, Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException { - init(opmode, key, params, JceSecurity.RANDOM); + init(opmode, key, params, JCAUtil.getSecureRandom()); } /** @@ -1470,7 +1470,7 @@ public class Cipher { public final void init(int opmode, Key key, AlgorithmParameters params) throws InvalidKeyException, InvalidAlgorithmParameterException { - init(opmode, key, params, JceSecurity.RANDOM); + init(opmode, key, params, JCAUtil.getSecureRandom()); } /** @@ -1618,7 +1618,7 @@ public class Cipher { public final void init(int opmode, Certificate certificate) throws InvalidKeyException { - init(opmode, certificate, JceSecurity.RANDOM); + init(opmode, certificate, JCAUtil.getSecureRandom()); } /** diff --git a/jdk/src/share/classes/javax/crypto/JceSecurity.java b/jdk/src/share/classes/javax/crypto/JceSecurity.java index e7e3a99f5..1186dc351 100644 --- a/jdk/src/share/classes/javax/crypto/JceSecurity.java +++ b/jdk/src/share/classes/javax/crypto/JceSecurity.java @@ -49,8 +49,6 @@ import sun.security.util.Debug; final class JceSecurity { - static final SecureRandom RANDOM = new SecureRandom(); - // The defaultPolicy and exemptPolicy will be set up // in the static initializer. private static CryptoPermissions defaultPolicy = null; diff --git a/jdk/src/share/classes/javax/crypto/KeyAgreement.java b/jdk/src/share/classes/javax/crypto/KeyAgreement.java index 513fc501e..4e16bcacb 100644 --- a/jdk/src/share/classes/javax/crypto/KeyAgreement.java +++ b/jdk/src/share/classes/javax/crypto/KeyAgreement.java @@ -438,7 +438,7 @@ public class KeyAgreement { * has an incompatible algorithm type. */ public final void init(Key key) throws InvalidKeyException { - init(key, JceSecurity.RANDOM); + init(key, JCAUtil.getSecureRandom()); } /** @@ -506,7 +506,7 @@ public class KeyAgreement { public final void init(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException { - init(key, params, JceSecurity.RANDOM); + init(key, params, JCAUtil.getSecureRandom()); } /** diff --git a/jdk/src/share/classes/javax/crypto/KeyGenerator.java b/jdk/src/share/classes/javax/crypto/KeyGenerator.java index 2a26da5e5..71fa64715 100644 --- a/jdk/src/share/classes/javax/crypto/KeyGenerator.java +++ b/jdk/src/share/classes/javax/crypto/KeyGenerator.java @@ -427,7 +427,7 @@ public class KeyGenerator { public final void init(AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException { - init(params, JceSecurity.RANDOM); + init(params, JCAUtil.getSecureRandom()); } /** @@ -491,7 +491,7 @@ public class KeyGenerator { * supported. */ public final void init(int keysize) { - init(keysize, JceSecurity.RANDOM); + init(keysize, JCAUtil.getSecureRandom()); } /** diff --git a/jdk/src/share/classes/sun/security/provider/Sun.java b/jdk/src/share/classes/sun/security/provider/Sun.java index 07ef2ff4a..75b411605 100644 --- a/jdk/src/share/classes/sun/security/provider/Sun.java +++ b/jdk/src/share/classes/sun/security/provider/Sun.java @@ -28,7 +28,6 @@ package sun.security.provider; import java.util.*; import java.security.*; -import sun.security.action.PutAllAction; /** * The SUN Security Provider. @@ -49,17 +48,27 @@ public final class Sun extends Provider { /* We are the SUN provider */ super("SUN", 1.8d, INFO); + Provider p = this; + Iterator<Provider.Service> serviceIter = new SunEntries(p).iterator(); + // if there is no security manager installed, put directly into - // the provider. Otherwise, create a temporary map and use a - // doPrivileged() call at the end to transfer the contents + // the provider. if (System.getSecurityManager() == null) { - SunEntries.putEntries(this); + putEntries(serviceIter); } else { - // use LinkedHashMap to preserve the order of the PRNGs - Map<Object, Object> map = new LinkedHashMap<>(); - SunEntries.putEntries(map); - AccessController.doPrivileged(new PutAllAction(this, map)); + AccessController.doPrivileged(new PrivilegedAction<Void>() { + @Override + public Void run() { + putEntries(serviceIter); + return null; + } + }); } } + void putEntries(Iterator<Provider.Service> i) { + while (i.hasNext()) { + putService(i.next()); + } + } } diff --git a/jdk/src/share/classes/sun/security/provider/SunEntries.java b/jdk/src/share/classes/sun/security/provider/SunEntries.java index d85697841..fb61d40b0 100644 --- a/jdk/src/share/classes/sun/security/provider/SunEntries.java +++ b/jdk/src/share/classes/sun/security/provider/SunEntries.java @@ -27,7 +27,7 @@ package sun.security.provider; import java.io.*; import java.net.*; -import java.util.Map; +import java.util.*; import java.security.*; import sun.security.action.GetPropertyAction; @@ -77,255 +77,222 @@ import sun.security.action.GetPropertyAction; * - JavaLoginConfig is the default file-based LoginModule Configuration type. */ -final class SunEntries { +public final class SunEntries { - private static final boolean useLegacyDSA = - Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty - ("jdk.security.legacyDSAKeyPairGenerator")); + // the default algo used by SecureRandom class for new SecureRandom() calls + public static final String DEF_SECURE_RANDOM_ALGO; + + // create an aliases List from the specified aliases + public static List<String> createAliases(String ... aliases) { + return Arrays.asList(aliases); + } - private SunEntries() { - // empty + // create an aliases List from the specified oid followed by other aliases + public static List<String> createAliasesWithOid(String ... oids) { + String[] result = Arrays.copyOf(oids, oids.length + 1); + result[result.length - 1] = "OID." + oids[0]; + return Arrays.asList(result); } - static void putEntries(Map<Object, Object> map) { + SunEntries(Provider p) { + services = new LinkedHashSet<>(50, 0.9f); + + // start populating content using the specified provider + + // common attribute map + HashMap<String, String> attrs = new HashMap<>(3); /* - * SecureRandom - * - * Register these first to speed up "new SecureRandom()", - * which iterates through the list of algorithms + * SecureRandom engines */ - // register the native PRNG, if available - // if user selected /dev/urandom, we put it before SHA1PRNG, - // otherwise after it - boolean nativeAvailable = NativePRNG.isAvailable(); - boolean useNativePRNG = seedSource.equals(URL_DEV_URANDOM) || - seedSource.equals(URL_DEV_RANDOM); - - if (nativeAvailable && useNativePRNG) { - map.put("SecureRandom.NativePRNG", - "sun.security.provider.NativePRNG"); - } - map.put("SecureRandom.SHA1PRNG", - "sun.security.provider.SecureRandom"); - if (nativeAvailable && !useNativePRNG) { - map.put("SecureRandom.NativePRNG", - "sun.security.provider.NativePRNG"); + if (NativePRNG.isAvailable()) { + add(p, "SecureRandom", "NativePRNG", + "sun.security.provider.NativePRNG", + null, attrs); } if (NativePRNG.Blocking.isAvailable()) { - map.put("SecureRandom.NativePRNGBlocking", - "sun.security.provider.NativePRNG$Blocking"); + add(p, "SecureRandom", "NativePRNGBlocking", + "sun.security.provider.NativePRNG$Blocking", null, attrs); } if (NativePRNG.NonBlocking.isAvailable()) { - map.put("SecureRandom.NativePRNGNonBlocking", - "sun.security.provider.NativePRNG$NonBlocking"); + add(p, "SecureRandom", "NativePRNGNonBlocking", + "sun.security.provider.NativePRNG$NonBlocking", null, attrs); } + attrs.put("ImplementedIn", "Software"); + add(p, "SecureRandom", "SHA1PRNG", + "sun.security.provider.SecureRandom", null, attrs); + /* * Signature engines */ - map.put("Signature.SHA1withDSA", - "sun.security.provider.DSA$SHA1withDSA"); - map.put("Signature.NONEwithDSA", "sun.security.provider.DSA$RawDSA"); - map.put("Alg.Alias.Signature.RawDSA", "NONEwithDSA"); - map.put("Signature.SHA224withDSA", - "sun.security.provider.DSA$SHA224withDSA"); - map.put("Signature.SHA256withDSA", - "sun.security.provider.DSA$SHA256withDSA"); - + attrs.clear(); String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" + "|java.security.interfaces.DSAPrivateKey"; - map.put("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses); - map.put("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses); - map.put("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses); - map.put("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses); - - map.put("Alg.Alias.Signature.DSA", "SHA1withDSA"); - map.put("Alg.Alias.Signature.DSS", "SHA1withDSA"); - map.put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); - map.put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA"); - map.put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA"); - map.put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA"); - map.put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.10040.4.3", - "SHA1withDSA"); - map.put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); - map.put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA"); - map.put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA"); - map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1", - "SHA224withDSA"); - map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA"); - map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2", - "SHA256withDSA"); - map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA"); + attrs.put("SupportedKeyClasses", dsaKeyClasses); + attrs.put("ImplementedIn", "Software"); + + attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures + + add(p, "Signature", "SHA1withDSA", + "sun.security.provider.DSA$SHA1withDSA", + createAliasesWithOid("1.2.840.10040.4.3", "DSA", "DSS", + "SHA/DSA", "SHA-1/DSA", "SHA1/DSA", "SHAwithDSA", + "DSAWithSHA1", "1.3.14.3.2.13", "1.3.14.3.2.27"), attrs); + add(p, "Signature", "NONEwithDSA", "sun.security.provider.DSA$RawDSA", + createAliases("RawDSA"), attrs); + + attrs.put("KeySize", "2048"); // for SHA224 and SHA256 DSA signatures + + add(p, "Signature", "SHA224withDSA", + "sun.security.provider.DSA$SHA224withDSA", + createAliasesWithOid("2.16.840.1.101.3.4.3.1"), attrs); + add(p, "Signature", "SHA256withDSA", + "sun.security.provider.DSA$SHA256withDSA", + createAliasesWithOid("2.16.840.1.101.3.4.3.2"), attrs); + + attrs.remove("KeySize"); /* * Key Pair Generator engines */ + attrs.clear(); + attrs.put("ImplementedIn", "Software"); + attrs.put("KeySize", "2048"); // for DSA KPG and APG only + + String dsaOid = "1.2.840.10040.4.1"; + List<String> dsaAliases = createAliasesWithOid(dsaOid, "1.3.14.3.2.12"); String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$"; dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current"); - map.put("KeyPairGenerator.DSA", dsaKPGImplClass); - map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA"); - map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA"); - map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA"); - - /* - * Digest engines - */ - map.put("MessageDigest.MD2", "sun.security.provider.MD2"); - map.put("MessageDigest.MD5", "sun.security.provider.MD5"); - map.put("MessageDigest.SHA", "sun.security.provider.SHA"); - - map.put("Alg.Alias.MessageDigest.SHA-1", "SHA"); - map.put("Alg.Alias.MessageDigest.SHA1", "SHA"); - map.put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA"); - map.put("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA"); - - map.put("MessageDigest.SHA-224", "sun.security.provider.SHA2$SHA224"); - map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224"); - map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4", - "SHA-224"); - - map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2$SHA256"); - map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256"); - map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1", - "SHA-256"); - map.put("MessageDigest.SHA-384", "sun.security.provider.SHA5$SHA384"); - map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384"); - map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2", - "SHA-384"); - map.put("MessageDigest.SHA-512", "sun.security.provider.SHA5$SHA512"); - map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512"); - map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3", - "SHA-512"); - map.put("MessageDigest.SHA-512/224", "sun.security.provider.SHA5$SHA512_224"); - map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.5", "SHA-512/224"); - map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.5", - "SHA-512/224"); - map.put("MessageDigest.SHA-512/256", "sun.security.provider.SHA5$SHA512_256"); - map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.6", "SHA-512/256"); - map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.6", - "SHA-512/256"); + add(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, dsaAliases, attrs); /* * Algorithm Parameter Generator engines */ - map.put("AlgorithmParameterGenerator.DSA", - "sun.security.provider.DSAParameterGenerator"); + add(p, "AlgorithmParameterGenerator", "DSA", + "sun.security.provider.DSAParameterGenerator", dsaAliases, + attrs); + attrs.remove("KeySize"); /* * Algorithm Parameter engines */ - map.put("AlgorithmParameters.DSA", - "sun.security.provider.DSAParameters"); - map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA"); - map.put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA"); - map.put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA"); + add(p, "AlgorithmParameters", "DSA", + "sun.security.provider.DSAParameters", dsaAliases, attrs); /* * Key factories */ - map.put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory"); - map.put("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA"); - map.put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA"); - map.put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA"); + add(p, "KeyFactory", "DSA", "sun.security.provider.DSAKeyFactory", + dsaAliases, attrs); /* - * Certificates + * Digest engines */ - map.put("CertificateFactory.X.509", - "sun.security.provider.X509Factory"); - map.put("Alg.Alias.CertificateFactory.X509", "X.509"); + add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", null, attrs); + add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", null, attrs); + add(p, "MessageDigest", "SHA", "sun.security.provider.SHA", + createAliasesWithOid("1.3.14.3.2.26", "SHA-1", "SHA1"), attrs); + + String sha2BaseOid = "2.16.840.1.101.3.4.2"; + add(p, "MessageDigest", "SHA-224", "sun.security.provider.SHA2$SHA224", + createAliasesWithOid(sha2BaseOid + ".4"), attrs); + add(p, "MessageDigest", "SHA-256", "sun.security.provider.SHA2$SHA256", + createAliasesWithOid(sha2BaseOid + ".1"), attrs); + add(p, "MessageDigest", "SHA-384", "sun.security.provider.SHA5$SHA384", + createAliasesWithOid(sha2BaseOid + ".2"), attrs); + add(p, "MessageDigest", "SHA-512", "sun.security.provider.SHA5$SHA512", + createAliasesWithOid(sha2BaseOid + ".3"), attrs); + add(p, "MessageDigest", "SHA-512/224", + "sun.security.provider.SHA5$SHA512_224", + createAliasesWithOid(sha2BaseOid + ".5"), attrs); + add(p, "MessageDigest", "SHA-512/256", + "sun.security.provider.SHA5$SHA512_256", + createAliasesWithOid(sha2BaseOid + ".6"), attrs); - /* - * KeyStore - */ - map.put("KeyStore.JKS", - "sun.security.provider.JavaKeyStore$DualFormatJKS"); - map.put("KeyStore.CaseExactJKS", - "sun.security.provider.JavaKeyStore$CaseExactJKS"); - map.put("KeyStore.DKS", "sun.security.provider.DomainKeyStore$DKS"); /* - * Policy + * Certificates */ - map.put("Policy.JavaPolicy", "sun.security.provider.PolicySpiFile"); + add(p, "CertificateFactory", "X.509", + "sun.security.provider.X509Factory", + createAliases("X509"), attrs); /* - * Configuration + * KeyStore */ - map.put("Configuration.JavaLoginConfig", - "sun.security.provider.ConfigFile$Spi"); + add(p, "KeyStore", "JKS", + "sun.security.provider.JavaKeyStore$DualFormatJKS", + null, attrs); + add(p, "KeyStore", "CaseExactJKS", + "sun.security.provider.JavaKeyStore$CaseExactJKS", + null, attrs); + add(p, "KeyStore", "DKS", "sun.security.provider.DomainKeyStore$DKS", + null, attrs); /* - * CertPathBuilder + * CertStores */ - map.put("CertPathBuilder.PKIX", - "sun.security.provider.certpath.SunCertPathBuilder"); - map.put("CertPathBuilder.PKIX ValidationAlgorithm", - "RFC5280"); + attrs.put("LDAPSchema", "RFC2587"); + add(p, "CertStore", "LDAP", + "sun.security.provider.certpath.ldap.LDAPCertStore", null, attrs); + attrs.remove("LDAPSchema"); + add(p, "CertStore", "Collection", + "sun.security.provider.certpath.CollectionCertStore", + null, attrs); + add(p, "CertStore", "com.sun.security.IndexedCollection", + "sun.security.provider.certpath.IndexedCollectionCertStore", + null, attrs); /* - * CertPathValidator + * Policy */ - map.put("CertPathValidator.PKIX", - "sun.security.provider.certpath.PKIXCertPathValidator"); - map.put("CertPathValidator.PKIX ValidationAlgorithm", - "RFC5280"); + add(p, "Policy", "JavaPolicy", "sun.security.provider.PolicySpiFile", + null, null); /* - * CertStores + * Configuration */ - map.put("CertStore.LDAP", - "sun.security.provider.certpath.ldap.LDAPCertStore"); - map.put("CertStore.LDAP LDAPSchema", "RFC2587"); - map.put("CertStore.Collection", - "sun.security.provider.certpath.CollectionCertStore"); - map.put("CertStore.com.sun.security.IndexedCollection", - "sun.security.provider.certpath.IndexedCollectionCertStore"); + add(p, "Configuration", "JavaLoginConfig", + "sun.security.provider.ConfigFile$Spi", null, null); /* - * KeySize + * CertPathBuilder and CertPathValidator */ - map.put("Signature.NONEwithDSA KeySize", "1024"); - map.put("Signature.SHA1withDSA KeySize", "1024"); - map.put("Signature.SHA224withDSA KeySize", "2048"); - map.put("Signature.SHA256withDSA KeySize", "2048"); - - map.put("KeyPairGenerator.DSA KeySize", "2048"); - map.put("AlgorithmParameterGenerator.DSA KeySize", "2048"); + attrs.clear(); + attrs.put("ValidationAlgorithm", "RFC5280"); + attrs.put("ImplementedIn", "Software"); + add(p, "CertPathBuilder", "PKIX", + "sun.security.provider.certpath.SunCertPathBuilder", + null, attrs); + add(p, "CertPathValidator", "PKIX", + "sun.security.provider.certpath.PKIXCertPathValidator", + null, attrs); + } - /* - * Implementation type: software or hardware - */ - map.put("Signature.SHA1withDSA ImplementedIn", "Software"); - map.put("KeyPairGenerator.DSA ImplementedIn", "Software"); - map.put("MessageDigest.MD5 ImplementedIn", "Software"); - map.put("MessageDigest.SHA ImplementedIn", "Software"); - map.put("AlgorithmParameterGenerator.DSA ImplementedIn", - "Software"); - map.put("AlgorithmParameters.DSA ImplementedIn", "Software"); - map.put("KeyFactory.DSA ImplementedIn", "Software"); - map.put("SecureRandom.SHA1PRNG ImplementedIn", "Software"); - map.put("CertificateFactory.X.509 ImplementedIn", "Software"); - map.put("KeyStore.JKS ImplementedIn", "Software"); - map.put("CertPathValidator.PKIX ImplementedIn", "Software"); - map.put("CertPathBuilder.PKIX ImplementedIn", "Software"); - map.put("CertStore.LDAP ImplementedIn", "Software"); - map.put("CertStore.Collection ImplementedIn", "Software"); - map.put("CertStore.com.sun.security.IndexedCollection ImplementedIn", - "Software"); + Iterator<Provider.Service> iterator() { + return services.iterator(); + } + private void add(Provider p, String type, String algo, String cn, + List<String> aliases, HashMap<String, String> attrs) { + services.add(new Provider.Service(p, type, algo, cn, aliases, attrs)); } + private LinkedHashSet<Provider.Service> services; + // name of the *System* property, takes precedence over PROP_RNDSOURCE private final static String PROP_EGD = "java.security.egd"; // name of the *Security* property private final static String PROP_RNDSOURCE = "securerandom.source"; + private static final boolean useLegacyDSA = + Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty + ("jdk.security.legacyDSAKeyPairGenerator")); + final static String URL_DEV_RANDOM = "file:/dev/random"; final static String URL_DEV_URANDOM = "file:/dev/urandom"; @@ -348,6 +315,12 @@ final class SunEntries { return egdSource; } }); + + DEF_SECURE_RANDOM_ALGO = (NativePRNG.isAvailable() && + (seedSource.equals(URL_DEV_URANDOM) || + seedSource.equals(URL_DEV_RANDOM)) ? + "NativePRNG" : "SHA1PRNG"); + } static String getSeedSource() { diff --git a/jdk/src/share/classes/sun/security/provider/VerificationProvider.java b/jdk/src/share/classes/sun/security/provider/VerificationProvider.java index 296b03437..d76d81999 100644 --- a/jdk/src/share/classes/sun/security/provider/VerificationProvider.java +++ b/jdk/src/share/classes/sun/security/provider/VerificationProvider.java @@ -28,8 +28,6 @@ package sun.security.provider; import java.util.*; import java.security.*; -import sun.security.action.PutAllAction; - import sun.security.rsa.SunRsaSignEntries; /** @@ -68,19 +66,29 @@ public final class VerificationProvider extends Provider { return; } + Provider p = this; + Iterator<Provider.Service> sunIter = new SunEntries(p).iterator(); + Iterator<Provider.Service> rsaIter = new SunRsaSignEntries(p).iterator(); // if there is no security manager installed, put directly into - // the provider. Otherwise, create a temporary map and use a - // doPrivileged() call at the end to transfer the contents + // the provider. if (System.getSecurityManager() == null) { - SunEntries.putEntries(this); - SunRsaSignEntries.putEntries(this); + putEntries(sunIter); + putEntries(rsaIter); } else { // use LinkedHashMap to preserve the order of the PRNGs - Map<Object, Object> map = new LinkedHashMap<>(); - SunEntries.putEntries(map); - SunRsaSignEntries.putEntries(map); - AccessController.doPrivileged(new PutAllAction(this, map)); + AccessController.doPrivileged(new PrivilegedAction<Object>() { + public Void run() { + putEntries(sunIter); + putEntries(rsaIter); + return null; + } + }); } } + void putEntries(Iterator<Provider.Service> i) { + while (i.hasNext()) { + putService(i.next()); + } + } } diff --git a/jdk/src/share/classes/sun/security/rsa/SunRsaSign.java b/jdk/src/share/classes/sun/security/rsa/SunRsaSign.java index 65ae02a08..3c3d0f693 100644 --- a/jdk/src/share/classes/sun/security/rsa/SunRsaSign.java +++ b/jdk/src/share/classes/sun/security/rsa/SunRsaSign.java @@ -29,7 +29,6 @@ import java.util.*; import java.security.*; -import sun.security.action.PutAllAction; /** * Provider class for the RSA signature provider. Supports RSA keyfactory, @@ -45,17 +44,25 @@ public final class SunRsaSign extends Provider { public SunRsaSign() { super("SunRsaSign", 1.8d, "Sun RSA signature provider"); - // if there is no security manager installed, put directly into - // the provider. Otherwise, create a temporary map and use a - // doPrivileged() call at the end to transfer the contents + Provider p = this; + Iterator<Provider.Service> serviceIter = new SunRsaSignEntries(p).iterator(); + if (System.getSecurityManager() == null) { - SunRsaSignEntries.putEntries(this); + putEntries(serviceIter); } else { - // use LinkedHashMap to preserve the order of the PRNGs - Map<Object, Object> map = new HashMap<>(); - SunRsaSignEntries.putEntries(map); - AccessController.doPrivileged(new PutAllAction(this, map)); + AccessController.doPrivileged(new PrivilegedAction<Void>() { + @Override + public Void run() { + putEntries(serviceIter); + return null; + } + }); } } + void putEntries(Iterator<Provider.Service> i) { + while (i.hasNext()) { + putService(i.next()); + } + } } diff --git a/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java b/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java index 6af5fdf85..f8de9eccc 100644 --- a/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java +++ b/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java @@ -25,7 +25,9 @@ package sun.security.rsa; -import java.util.Map; +import java.util.*; +import java.security.Provider; +import static sun.security.provider.SunEntries.createAliasesWithOid; /** * Defines the entries of the SunRsaSign provider. @@ -34,102 +36,81 @@ import java.util.Map; */ public final class SunRsaSignEntries { - private SunRsaSignEntries() { - // empty + private void add(Provider p, String type, String algo, String cn, + List<String> aliases, HashMap<String, String> attrs) { + services.add(new Provider.Service(p, type, algo, cn, aliases, attrs)); } - public static void putEntries(Map<Object, Object> map) { - - // main algorithms - map.put("KeyFactory.RSA", - "sun.security.rsa.RSAKeyFactory$Legacy"); - map.put("KeyPairGenerator.RSA", - "sun.security.rsa.RSAKeyPairGenerator$Legacy"); - map.put("Signature.MD2withRSA", - "sun.security.rsa.RSASignature$MD2withRSA"); - map.put("Signature.MD5withRSA", - "sun.security.rsa.RSASignature$MD5withRSA"); - map.put("Signature.SHA1withRSA", - "sun.security.rsa.RSASignature$SHA1withRSA"); - map.put("Signature.SHA224withRSA", - "sun.security.rsa.RSASignature$SHA224withRSA"); - map.put("Signature.SHA256withRSA", - "sun.security.rsa.RSASignature$SHA256withRSA"); - map.put("Signature.SHA384withRSA", - "sun.security.rsa.RSASignature$SHA384withRSA"); - map.put("Signature.SHA512withRSA", - "sun.security.rsa.RSASignature$SHA512withRSA"); - map.put("Signature.SHA512/224withRSA", - "sun.security.rsa.RSASignature$SHA512_224withRSA"); - map.put("Signature.SHA512/256withRSA", - "sun.security.rsa.RSASignature$SHA512_256withRSA"); - - map.put("KeyFactory.RSASSA-PSS", - "sun.security.rsa.RSAKeyFactory$PSS"); - map.put("KeyPairGenerator.RSASSA-PSS", - "sun.security.rsa.RSAKeyPairGenerator$PSS"); - map.put("Signature.RSASSA-PSS", - "sun.security.rsa.RSAPSSSignature"); - map.put("AlgorithmParameters.RSASSA-PSS", - "sun.security.rsa.PSSParameters"); - - // attributes for supported key classes - String rsaKeyClasses = "java.security.interfaces.RSAPublicKey" + - "|java.security.interfaces.RSAPrivateKey"; - map.put("Signature.MD2withRSA SupportedKeyClasses", rsaKeyClasses); - map.put("Signature.MD5withRSA SupportedKeyClasses", rsaKeyClasses); - map.put("Signature.SHA1withRSA SupportedKeyClasses", rsaKeyClasses); - map.put("Signature.SHA224withRSA SupportedKeyClasses", rsaKeyClasses); - map.put("Signature.SHA256withRSA SupportedKeyClasses", rsaKeyClasses); - map.put("Signature.SHA384withRSA SupportedKeyClasses", rsaKeyClasses); - map.put("Signature.SHA512withRSA SupportedKeyClasses", rsaKeyClasses); - map.put("Signature.SHA512/224withRSA SupportedKeyClasses", rsaKeyClasses); - map.put("Signature.SHA512/256withRSA SupportedKeyClasses", rsaKeyClasses); - map.put("Signature.RSASSA-PSS SupportedKeyClasses", rsaKeyClasses); - - // aliases - map.put("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA"); - map.put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA"); - - map.put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA"); - map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA"); - - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2", "MD2withRSA"); - - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", "MD5withRSA"); - - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA"); - map.put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA"); - - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.14", "SHA224withRSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.14", "SHA224withRSA"); - - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256withRSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.11", "SHA256withRSA"); - - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384withRSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.12", "SHA384withRSA"); - - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512withRSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.13", "SHA512withRSA"); - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.15", "SHA512/224withRSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.15", "SHA512/224withRSA"); - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.16", "SHA512/256withRSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.16", "SHA512/256withRSA"); - - map.put("Alg.Alias.KeyFactory.1.2.840.113549.1.1.10", "RSASSA-PSS"); - map.put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); - - map.put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.10", "RSASSA-PSS"); - map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); - - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.10", "RSASSA-PSS"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); + // extend LinkedHashSet for consistency with SunEntries + // used by sun.security.provider.VerificationProvider + public SunRsaSignEntries(Provider p) { + services = new LinkedHashSet<>(20, 0.9f); + + // start populating content using the specified provider + + // common oids + String rsaOid = "1.2.840.113549.1.1"; + List<String> rsaAliases = createAliasesWithOid(rsaOid); + List<String> rsapssAliases = createAliasesWithOid(rsaOid + ".10"); + String sha1withRSAOid2 = "1.3.14.3.2.29"; + + // common attribute map + HashMap<String, String> attrs = new HashMap<>(3); + attrs.put("SupportedKeyClasses", + "java.security.interfaces.RSAPublicKey" + + "|java.security.interfaces.RSAPrivateKey"); + + add(p, "KeyFactory", "RSA", + "sun.security.rsa.RSAKeyFactory$Legacy", + rsaAliases, null); + add(p, "KeyPairGenerator", "RSA", + "sun.security.rsa.RSAKeyPairGenerator$Legacy", + rsaAliases, null); + add(p, "Signature", "MD2withRSA", + "sun.security.rsa.RSASignature$MD2withRSA", + createAliasesWithOid(rsaOid + ".2"), attrs); + add(p, "Signature", "MD5withRSA", + "sun.security.rsa.RSASignature$MD5withRSA", + createAliasesWithOid(rsaOid + ".4"), attrs); + add(p, "Signature", "SHA1withRSA", + "sun.security.rsa.RSASignature$SHA1withRSA", + createAliasesWithOid(rsaOid + ".5", sha1withRSAOid2), attrs); + add(p, "Signature", "SHA224withRSA", + "sun.security.rsa.RSASignature$SHA224withRSA", + createAliasesWithOid(rsaOid + ".14"), attrs); + add(p, "Signature", "SHA256withRSA", + "sun.security.rsa.RSASignature$SHA256withRSA", + createAliasesWithOid(rsaOid + ".11"), attrs); + add(p, "Signature", "SHA384withRSA", + "sun.security.rsa.RSASignature$SHA384withRSA", + createAliasesWithOid(rsaOid + ".12"), attrs); + add(p, "Signature", "SHA512withRSA", + "sun.security.rsa.RSASignature$SHA512withRSA", + createAliasesWithOid(rsaOid + ".13"), attrs); + add(p, "Signature", "SHA512/224withRSA", + "sun.security.rsa.RSASignature$SHA512_224withRSA", + createAliasesWithOid(rsaOid + ".15"), attrs); + add(p, "Signature", "SHA512/256withRSA", + "sun.security.rsa.RSASignature$SHA512_256withRSA", + createAliasesWithOid(rsaOid + ".16"), attrs); + + add(p, "KeyFactory", "RSASSA-PSS", + "sun.security.rsa.RSAKeyFactory$PSS", + rsapssAliases, null); + add(p, "KeyPairGenerator", "RSASSA-PSS", + "sun.security.rsa.RSAKeyPairGenerator$PSS", + rsapssAliases, null); + add(p, "Signature", "RSASSA-PSS", + "sun.security.rsa.RSAPSSSignature", + rsapssAliases, attrs); + add(p, "AlgorithmParameters", "RSASSA-PSS", + "sun.security.rsa.PSSParameters", + rsapssAliases, null); + } - map.put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.1.10", "RSASSA-PSS"); - map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); + public Iterator<Provider.Service> iterator() { + return services.iterator(); } + + private LinkedHashSet<Provider.Service> services; } diff --git a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java b/jdk/src/share/classes/sun/security/ssl/SunJSSE.java index 2845dc379..58b791c99 100644 --- a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java +++ b/jdk/src/share/classes/sun/security/ssl/SunJSSE.java @@ -26,9 +26,12 @@ package sun.security.ssl; -import static sun.security.util.SecurityConstants.PROVIDER_VER; - import java.security.*; +import java.util.*; + +import static sun.security.provider.SunEntries.createAliasesWithOid; +import static sun.security.util.SecurityConstants.PROVIDER_VER; +import static sun.security.provider.SunEntries.createAliases; /** * The JSSE provider. @@ -159,79 +162,78 @@ public abstract class SunJSSE extends java.security.Provider { }); } + private void ps(String type, String algo, String cn, + List<String> aliases, HashMap<String, String> attrs) { + putService(new Provider.Service(this, type, algo, cn, aliases, attrs)); + } + + private void doRegister(boolean isfips) { if (isfips == false) { - put("KeyFactory.RSA", - "sun.security.rsa.RSAKeyFactory$Legacy"); - put("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA"); - put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA"); - - put("KeyPairGenerator.RSA", - "sun.security.rsa.RSAKeyPairGenerator$Legacy"); - put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA"); - put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA"); - - put("Signature.MD2withRSA", - "sun.security.rsa.RSASignature$MD2withRSA"); - put("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA"); - put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2", - "MD2withRSA"); - - put("Signature.MD5withRSA", - "sun.security.rsa.RSASignature$MD5withRSA"); - put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA"); - put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", - "MD5withRSA"); - - put("Signature.SHA1withRSA", - "sun.security.rsa.RSASignature$SHA1withRSA"); - put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA"); - put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", - "SHA1withRSA"); - put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA"); - put("Alg.Alias.Signature.OID.1.3.14.3.2.29", "SHA1withRSA"); + // common oids + String rsaOid = "1.2.840.113549.1.1"; + List<String> rsaAliases = createAliasesWithOid(rsaOid); + String sha1withRSAOid2 = "1.3.14.3.2.29"; + + // common attribute map + HashMap<String, String> attrs = new HashMap<>(3); + attrs.put("SupportedKeyClasses", + "java.security.interfaces.RSAPublicKey" + + "|java.security.interfaces.RSAPrivateKey"); + + ps("KeyFactory", "RSA", + "sun.security.rsa.RSAKeyFactory$Legacy", + rsaAliases, null); + ps("KeyPairGenerator", "RSA", + "sun.security.rsa.RSAKeyPairGenerator$Legacy", + rsaAliases, null); + ps("Signature", "MD2withRSA", + "sun.security.rsa.RSASignature$MD2withRSA", + createAliasesWithOid(rsaOid + ".2"), attrs); + ps("Signature", "MD5withRSA", + "sun.security.rsa.RSASignature$MD5withRSA", + createAliasesWithOid(rsaOid + ".4"), attrs); + ps("Signature", "SHA1withRSA", + "sun.security.rsa.RSASignature$SHA1withRSA", + createAliasesWithOid(rsaOid + ".5", sha1withRSAOid2, "OID." + sha1withRSAOid2), attrs); } - put("Signature.MD5andSHA1withRSA", - "sun.security.ssl.RSASignature"); - - put("KeyManagerFactory.SunX509", - "sun.security.ssl.KeyManagerFactoryImpl$SunX509"); - put("KeyManagerFactory.NewSunX509", - "sun.security.ssl.KeyManagerFactoryImpl$X509"); - put("Alg.Alias.KeyManagerFactory.PKIX", "NewSunX509"); - - put("TrustManagerFactory.SunX509", - "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory"); - put("TrustManagerFactory.PKIX", - "sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory"); - put("Alg.Alias.TrustManagerFactory.SunPKIX", "PKIX"); - put("Alg.Alias.TrustManagerFactory.X509", "PKIX"); - put("Alg.Alias.TrustManagerFactory.X.509", "PKIX"); - - put("SSLContext.TLSv1", - "sun.security.ssl.SSLContextImpl$TLS10Context"); - put("SSLContext.TLSv1.1", - "sun.security.ssl.SSLContextImpl$TLS11Context"); - put("SSLContext.TLSv1.2", - "sun.security.ssl.SSLContextImpl$TLS12Context"); - put("SSLContext.TLSv1.3", - "sun.security.ssl.SSLContextImpl$TLS13Context"); - put("SSLContext.TLS", - "sun.security.ssl.SSLContextImpl$TLSContext"); - if (isfips == false) { - put("Alg.Alias.SSLContext.SSL", "TLS"); - put("Alg.Alias.SSLContext.SSLv3", "TLSv1"); - } - - put("SSLContext.Default", - "sun.security.ssl.SSLContextImpl$DefaultSSLContext"); + ps("Signature", "MD5andSHA1withRSA", + "sun.security.ssl.RSASignature", null, null); + + ps("KeyManagerFactory", "SunX509", + "sun.security.ssl.KeyManagerFactoryImpl$SunX509", null, null); + ps("KeyManagerFactory", "NewSunX509", + "sun.security.ssl.KeyManagerFactoryImpl$X509", + createAliases("PKIX"), null); + + ps("TrustManagerFactory", "SunX509", + "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory", null, null); + ps("TrustManagerFactory", "PKIX", + "sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory", + createAliases("SunPKIX", "X509", "X.509"), null); + + ps("SSLContext", "TLSv1", + "sun.security.ssl.SSLContextImpl$TLS10Context", + (isfips? null : createAliases("SSLv3")), null); + ps("SSLContext", "TLSv1.1", + "sun.security.ssl.SSLContextImpl$TLS11Context", null, null); + ps("SSLContext", "TLSv1.2", + "sun.security.ssl.SSLContextImpl$TLS12Context", null, null); + ps("SSLContext", "TLSv1.3", + "sun.security.ssl.SSLContextImpl$TLS13Context", null, null); + ps("SSLContext", "TLS", + "sun.security.ssl.SSLContextImpl$TLSContext", + (isfips? null : createAliases("SSL")), null); + + ps("SSLContext", "Default", + "sun.security.ssl.SSLContextImpl$DefaultSSLContext", null, null); /* * KeyStore */ - put("KeyStore.PKCS12", - "sun.security.pkcs12.PKCS12KeyStore"); + ps("KeyStore", "PKCS12", + "sun.security.pkcs12.PKCS12KeyStore", null, null); } private void subclassCheck() { diff --git a/jdk/test/java/security/Provider/BaseProviderValidator.java b/jdk/test/java/security/Provider/BaseProviderValidator.java new file mode 100644 index 000000000..510529baa --- /dev/null +++ b/jdk/test/java/security/Provider/BaseProviderValidator.java @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Huawei designates this + * particular file as subject to the "Classpath" exception as provided + * by Huawei in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional + * information or have any questions. + */ + +/* + * @bug 7092821 + * @library ../testlibrary + * @summary make sure that Sun providers do not miss any algorithms after + * modifying the frameworks underneath + * @author Henry Yang + */ + +import java.security.Provider; +import java.security.Provider.Service; + +/** + * Base class for a provider validator + * + * @author Henry Yang + * @since 2022-05-05 + */ +public abstract class BaseProviderValidator { + String providerName; + Provider provider; + + public BaseProviderValidator() { + provider = getDefaultProvider(); + providerName = provider.getName(); + } + + abstract Provider getDefaultProvider(); + + abstract boolean validate() throws Exception; + + Service getService(String type, String algo) { + return ProviderValidationUtil.getService(provider, type, algo); + } + + boolean checkService(String serviceName) { + String[] typeAndAlg = ProviderValidationUtil.getTypeAndAlgorithm(serviceName); + if(typeAndAlg == null || typeAndAlg.length < 2){ + throw new RuntimeException("service name is not in a right formation"); + } + return ProviderValidationUtil.checkService(provider, typeAndAlg[0], typeAndAlg[1]); + } + + boolean checkAlias(String aliasFullName, String serviceShortName) { + return ProviderValidationUtil.checkAlias(provider, aliasFullName, serviceShortName); + } + + boolean checkAttribute(String attrName, String attrValue) { + String[] nameAndAttr = attrName.split("\\s+"); + return ProviderValidationUtil.checkAttribute(provider, nameAndAttr[0], nameAndAttr[1], attrValue); + } +} diff --git a/jdk/test/java/security/Provider/GetServiceRace.java b/jdk/test/java/security/Provider/GetServiceRace.java new file mode 100644 index 000000000..b5b47b5d9 --- /dev/null +++ b/jdk/test/java/security/Provider/GetServiceRace.java @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8231387 + * @library ../testlibrary + * @summary make sure getService() avoids a race + * @author Tianmin Shi + */ + +import java.security.Provider; + +public class GetServiceRace { + + private static final Provider testProvider; + static { + testProvider = new Provider("MyProvider", 1.0, "test") { + }; + testProvider.put("CertificateFactory.Fixed", "MyCertificateFactory"); + } + + private static final int NUMBER_OF_RETRIEVERS = 3; + private static final int TEST_TIME_MS = 1000; + + public static boolean testFailed = false; + + public static void main(String[] args) throws Exception { + Updater updater = new Updater(); + updater.start(); + Retriever [] retrievers = new Retriever[NUMBER_OF_RETRIEVERS]; + for (int i=0; i<retrievers.length; i++) { + retrievers[i] = new Retriever(); + retrievers[i].start(); + } + Thread.sleep(TEST_TIME_MS); + System.out.println("Interrupt"); + updater.interrupt(); + updater.join(); + for (int i=0; i<retrievers.length; i++) { + retrievers[i].interrupt(); + retrievers[i].join(); + } + System.out.println("Done"); + if (testFailed) { + throw new Exception("Test Failed"); + } + System.out.println("Test Passed"); + } + + private static class Updater extends Thread { + @Override + public void run() { + while (!isInterrupted()) { + testProvider.put("CertificateFactory.Added", "MyCertificateFactory"); + } + System.out.println("Updater stopped"); + } + } + + private static class Retriever extends Thread { + @Override + public void run() { + while (!isInterrupted()) { + Provider.Service service = testProvider.getService("CertificateFactory", "Fixed"); + if (service == null) { + if (!testFailed) { + System.err.println("CertificateFactory.Fixed is NULL"); + testFailed = true; + } + } else { + //System.out.println("CertificateFactory.Fixed is good"); + } + } + System.out.println("Retriever stopped"); + } + } +} \ No newline at end of file diff --git a/jdk/test/java/security/Provider/LegacyPutAlias.java b/jdk/test/java/security/Provider/LegacyPutAlias.java new file mode 100644 index 000000000..44b0c3d9d --- /dev/null +++ b/jdk/test/java/security/Provider/LegacyPutAlias.java @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import static java.lang.System.out; + +import java.security.Provider; + + +/** + * @test + * @bug 8250787 + * @summary Ensure that aliases added with Provider.put work for services + * regardless which method was use to register the service, Provider.put + * or Provider.putService. + */ +public class LegacyPutAlias { + private static final String LEGACY_ALGO = "SRLegacy"; + private static final String MODERN_ALGO = "SRModern"; + private static final String LEGACY_ALIAS = "AliasLegacy"; + private static final String MODERN_ALIAS = "AliasModern"; + + public static void main(String[] args) { + checkAlias(LEGACY_ALGO, LEGACY_ALIAS); + checkAlias(MODERN_ALGO, MODERN_ALIAS); + } + + private static void checkAlias(String algo, String alias) { + out.println("Checking alias " + alias + " for " + algo); + Provider p = new CustomProvider(); + p.put("Alg.Alias.SecureRandom." + alias, algo); + validate(p, algo, alias); + out.println("=> Test Passed"); + } + + private static void validate(Provider p, String algo, String alias) { + Provider.Service s = p.getService("SecureRandom", alias); + if (s == null) { + throw new RuntimeException("Failed alias " + alias + " check, " + + "exp: " + algo + ", got null"); + } + if (!algo.equals(s.getAlgorithm())) { + throw new RuntimeException("Failed alias " + alias + " check, " + + "exp: " + algo + ", got " + s.getAlgorithm()); + } + } + + + private static final String SR_IMPLCLASS = + "sun.security.provider.SecureRandom"; + private static class CustomProvider extends Provider { + private static class CustomService extends Provider.Service { + CustomService(Provider p, String type, String algo, String cName) { + super(p, type, algo, cName, null, null); + } + } + + CustomProvider() { + super("CP", 1.0, "test provider that registers two services, " + + "one with put and one with putService"); + + putService(new CustomService(this, "SecureRandom", + MODERN_ALGO, SR_IMPLCLASS)); + put("SecureRandom." + LEGACY_ALGO, SR_IMPLCLASS); + } + } +} diff --git a/jdk/test/java/security/Provider/ProviderValidationUtil.java b/jdk/test/java/security/Provider/ProviderValidationUtil.java new file mode 100644 index 000000000..8c4ef89c7 --- /dev/null +++ b/jdk/test/java/security/Provider/ProviderValidationUtil.java @@ -0,0 +1,269 @@ +/* + * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Huawei designates this + * particular file as subject to the "Classpath" exception as provided + * by Huawei in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional + * information or have any questions. + */ + +/* + * @bug 7092821 + * @library ../testlibrary + * @summary make sure that Sun providers do not miss any algorithms after + * modifying the frameworks underneath + * @author Henry Yang + */ + +import static java.util.Locale.ENGLISH; + +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.security.Provider; +import java.security.Provider.Service; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +/** + * utils for provider validator + * + * @author Henry Yang + * @since 2022-05-05 + */ +public class ProviderValidationUtil { + private static final String ALIAS_PREFIX_LOWER = "alg.alias."; + private static final int ALIAS_LENGTH = ALIAS_PREFIX_LOWER.length(); + + /** + * get a service from a provider for a specific algorithm + * + * @param provider the provider to get a service + * @param type algorithm type + * @param algo algorithm name + * @return the service of the specific algorithm + */ + public static Service getService(Provider provider, String type, String algo) { + Service service = provider.getService(type, algo); + if (service == null) { + throw new ServiceNotFoundException(provider.getName(), getServiceName(type, algo)); + } + return service; + } + + /** + * checks if the provider offers services for a specific algorithm + * + * @param provider the provider to check + * @param type algorithm type + * @param algo algorithm name + * @return true if passed this check + */ + public static boolean checkService(Provider provider, String type, String algo) { + Service service = getService(provider, type, algo); + String className = service.getClassName(); + if (className == null) { + throw new ServiceNotFoundException(provider.getName(), getServiceName(type, algo)); + } + try { + Class.forName(className); + } catch (ClassNotFoundException e) { + throw new ServiceNotFoundException(provider.getName(), getServiceName(type, algo)); + } + return true; + } + + private static List<String> getAlias(Service service) { + try { + Method method = Service.class.getDeclaredMethod("getAliases"); + method.setAccessible(true); + List<String> aliases = (List) method.invoke(service, null); + return aliases; + } catch (NoSuchMethodException | InvocationTargetException | IllegalAccessException e) { + e.printStackTrace(); + } + return Collections.<String>emptyList(); + } + + /** + * check if the provider associates the alias name to the service + * + * @param provider the provider to check + * @param aliasFullName alias + * @param serviceShortName service name for short + * @return true if passed this check + */ + public static boolean checkAlias(Provider provider, String aliasFullName, String serviceShortName) { + if (aliasFullName.toLowerCase(ENGLISH).startsWith(ALIAS_PREFIX_LOWER)) { + // for example, in provider defination put("Alg.Alias.MessageDigest.SHA", "SHA-1"); + // Alg.Alias.MessageDigest.SHA for the aliasFullNanme and SHA-1 for serviceShortName + // the aliasKey is MessageDigest.SHA + String aliasKey = aliasFullName.substring(ALIAS_LENGTH); + String[] typeAndAlg = getTypeAndAlgorithm(aliasKey); + if (typeAndAlg == null || typeAndAlg.length < 2) { + throw new NameMalFormatException("alias name and type cannot be null"); + } + String type = typeAndAlg[0]; + String aliasAlg = typeAndAlg[1].intern(); + Service aliasService = provider.getService(type, aliasAlg); + if (aliasService == null) { + throw new ServiceNotFoundException(provider.getName(), getServiceName(type, aliasAlg)); + } + Service service = provider.getService(type, serviceShortName); + if (service == null) { + throw new ServiceNotFoundException(provider.getName(), getServiceName(type, serviceShortName)); + } + if (service != aliasService || !checkAliasInService(service, aliasAlg)) { + throw new AliasNotMatchedException( + getServiceName(type, aliasAlg), getServiceName(type, serviceShortName)); + } + } else { + throw new NameMalFormatException("Alias name is not in a proper format"); + } + return true; + } + + private static boolean checkAliasInService(Service service, String... aliasArray) { + List<String> aliases = getAlias(service); + Set<String> aliasesSet = new HashSet<>(); + aliasesSet.addAll(aliases); + for (String aliasName : aliasArray) { + if (!aliasesSet.contains(aliasName)) { + return false; + } + } + return true; + } + + /** + * check if the service has a specific attribute with the correct value in the provider + * + * @param provider the provider to check + * @param serviceName service name + * @param attrName attribute name + * @param attrValue attribute value + * @return true if passed this check + */ + public static boolean checkAttribute(Provider provider, String serviceName, String attrName, String attrValue) { + String[] typeAndAlg = getTypeAndAlgorithm(serviceName); + if (typeAndAlg == null || typeAndAlg.length < 2) { + throw new NameMalFormatException("service name is not in a right formation"); + } + Service service = getService(provider, typeAndAlg[0], typeAndAlg[1]); + return checkAttribute(service, attrName, attrValue); + } + + private static boolean checkAttribute(Service service, String attrName, String attrValue) { + if (!attrValue.equals(service.getAttribute(attrName))) { + throw new AttributeNotFoundException(service.getType(), service.getAlgorithm(), attrName, attrValue); + } + return true; + } + + private static String getServiceName(String type, String algo) { + return type + "." + algo; + } + + /** + * seperate algorithm key with type and name + * + * @param key algorithm full name + * @return string array with algorithm type and name + */ + public static String[] getTypeAndAlgorithm(String key) { + int index = key.indexOf('.'); + if (index < 1) { + return new String[0]; + } + String type = key.substring(0, index); + String alg = key.substring(index + 1); + return new String[] {type, alg}; + } + + /** + * throws this exception if we cannot find the service in the provider + * + * @author Henry Yang + * @since 2022-05-05 + */ + public static class ServiceNotFoundException extends RuntimeException { + public ServiceNotFoundException(String provider, String serviceName) { + this("faild to find " + serviceName + " in " + provider + " provider"); + } + + public ServiceNotFoundException(String message) { + super(message); + } + } + + /** + * throws this exception if we cannot find the attribute in the service + * or the attribute value is not correct + * + * @author Henry Yang + * @since 2022-05-05 + */ + public static class AttributeNotFoundException extends RuntimeException { + public AttributeNotFoundException(String type, String algo, String attrName, String attrValue) { + this( + "faild " + + type + + "." + + algo + + " '" + + attrName + + "' attribute check, " + + "the correct value should be '" + + attrValue + + "'"); + } + + public AttributeNotFoundException(String message) { + super(message); + } + } + + /** + * throws this exception if we cannot find the alias name in the provider + * + * @author Henry Yang + * @since 2022-05-05 + */ + public static class AliasNotMatchedException extends RuntimeException { + public AliasNotMatchedException(String aliasName, String serviceName) { + this("faild to find alias name " + aliasName + " in " + serviceName); + } + + public AliasNotMatchedException(String message) { + super(message); + } + } + + /** + * throws this exception if the name is in a malformation + * + * @author Henry Yang + * @since 2022-05-05 + */ + public static class NameMalFormatException extends RuntimeException { + public NameMalFormatException(String message) { + super(message); + } + } +} diff --git a/jdk/test/java/security/Provider/SunJCEValidator.java b/jdk/test/java/security/Provider/SunJCEValidator.java new file mode 100644 index 000000000..314abb380 --- /dev/null +++ b/jdk/test/java/security/Provider/SunJCEValidator.java @@ -0,0 +1,574 @@ +/* + * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Huawei designates this + * particular file as subject to the "Classpath" exception as provided + * by Huawei in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional + * information or have any questions. + */ + +/* + * @test + * @bug 7092821 + * @library ../testlibrary + * @summary make sure that Sun providers do not miss any algorithms after + * modifying the frameworks underneath + * @author Henry Yang + */ + +/* + *- @TestCaseID:Provider/SunJCEValidator.java + *- @TestCaseName:Provider/SunJCEValidator.java + *- @TestCaseType:Function test + *- @RequirementID:AR.SR.IREQ02758058.001.001 + *- @RequirementName: java.security.Provider.getService() is synchronized and became scalability bottleneck + *- @Condition:JDK8u302及以后 + *- @Brief:测试相应provider更改底层架构以后所提供的service是否与原先有差异(以openJDK8u302为准) + * -#step:比较openJDK8u302 SunJceProvider与此特性修改后的SunJceProvider所提供的service是否一致 + *- @Expect:正常运行 + *- @Priority:Level 1 + */ + +import com.sun.crypto.provider.SunJCE; + +import java.security.Provider; + +/** + * validator for SunJCE provider, make sure we do not miss any algorithm + * after the modification. + * + * @author Henry Yang + * @since 2022-05-05 + */ +public class SunJCEValidator extends BaseProviderValidator { + private static final String OID_PKCS12_RC4_128 = "1.2.840.113549.1.12.1.1"; + private static final String OID_PKCS12_RC4_40 = "1.2.840.113549.1.12.1.2"; + private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3"; + private static final String OID_PKCS12_RC2_128 = "1.2.840.113549.1.12.1.5"; + private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6"; + private static final String OID_PKCS5_MD5_DES = "1.2.840.113549.1.5.3"; + private static final String OID_PKCS5_PBKDF2 = "1.2.840.113549.1.5.12"; + private static final String OID_PKCS5_PBES2 = "1.2.840.113549.1.5.13"; + private static final String OID_PKCS3 = "1.2.840.113549.1.3.1"; + + public static void main(String[] args) throws Exception { + SunJCEValidator validator = new SunJCEValidator(); + validator.validate(); + } + + @Override + Provider getDefaultProvider() { + return new SunJCE(); + } + + @Override + boolean validate() throws Exception { + final String BLOCK_MODES = + "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" + + "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" + + "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64"; + final String BLOCK_MODES128 = + BLOCK_MODES + + "|GCM|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128" + + "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128"; + final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING"; + + /* + * Cipher engines + */ + checkService("Cipher.RSA"); + checkAttribute("Cipher.RSA SupportedModes", "ECB"); + checkAttribute( + "Cipher.RSA SupportedPaddings", + "NOPADDING|PKCS1PADDING|OAEPPADDING" + + "|OAEPWITHMD5ANDMGF1PADDING" + + "|OAEPWITHSHA1ANDMGF1PADDING" + + "|OAEPWITHSHA-1ANDMGF1PADDING" + + "|OAEPWITHSHA-224ANDMGF1PADDING" + + "|OAEPWITHSHA-256ANDMGF1PADDING" + + "|OAEPWITHSHA-384ANDMGF1PADDING" + + "|OAEPWITHSHA-512ANDMGF1PADDING" + + "|OAEPWITHSHA-512/224ANDMGF1PADDING" + + "|OAEPWITHSHA-512/256ANDMGF1PADDING"); + checkAttribute( + "Cipher.RSA SupportedKeyClasses", + "java.security.interfaces.RSAPublicKey" + "|java.security.interfaces.RSAPrivateKey"); + + checkService("Cipher.DES"); + checkAttribute("Cipher.DES SupportedModes", BLOCK_MODES); + checkAttribute("Cipher.DES SupportedPaddings", BLOCK_PADS); + checkAttribute("Cipher.DES SupportedKeyFormats", "RAW"); + + checkService("Cipher.DESede"); + checkAlias("Alg.Alias.Cipher.TripleDES", "DESede"); + checkAttribute("Cipher.DESede SupportedModes", BLOCK_MODES); + checkAttribute("Cipher.DESede SupportedPaddings", BLOCK_PADS); + checkAttribute("Cipher.DESede SupportedKeyFormats", "RAW"); + + checkService("Cipher.DESedeWrap"); + checkAttribute("Cipher.DESedeWrap SupportedModes", "CBC"); + checkAttribute("Cipher.DESedeWrap SupportedPaddings", "NOPADDING"); + checkAttribute("Cipher.DESedeWrap SupportedKeyFormats", "RAW"); + System.out.println("Cipher engines check passed"); + + // PBES1 + checkService("Cipher.PBEWithMD5AndDES"); + checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES"); + checkAlias("Alg.Alias.Cipher." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES"); + + checkService("Cipher.PBEWithMD5AndTripleDES"); + + checkService("Cipher.PBEWithSHA1AndDESede"); + checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede"); + checkAlias("Alg.Alias.Cipher." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede"); + + checkService("Cipher.PBEWithSHA1AndRC2_40"); + checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40"); + checkAlias("Alg.Alias.Cipher." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40"); + + checkService("Cipher.PBEWithSHA1AndRC2_128"); + checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128"); + checkAlias("Alg.Alias.Cipher." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128"); + + checkService("Cipher.PBEWithSHA1AndRC4_40"); + checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40"); + checkAlias("Alg.Alias.Cipher." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40"); + + checkService("Cipher.PBEWithSHA1AndRC4_128"); + checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128"); + checkAlias("Alg.Alias.Cipher." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128"); + System.out.println("PBES1 check passed"); + + // PBES2 + + checkService("Cipher.PBEWithHmacSHA1AndAES_128"); + + checkService("Cipher.PBEWithHmacSHA224AndAES_128"); + + checkService("Cipher.PBEWithHmacSHA256AndAES_128"); + + checkService("Cipher.PBEWithHmacSHA384AndAES_128"); + + checkService("Cipher.PBEWithHmacSHA512AndAES_128"); + + checkService("Cipher.PBEWithHmacSHA1AndAES_256"); + + checkService("Cipher.PBEWithHmacSHA224AndAES_256"); + + checkService("Cipher.PBEWithHmacSHA256AndAES_256"); + + checkService("Cipher.PBEWithHmacSHA384AndAES_256"); + + checkService("Cipher.PBEWithHmacSHA512AndAES_256"); + + checkService("Cipher.Blowfish"); + checkAttribute("Cipher.Blowfish SupportedModes", BLOCK_MODES); + checkAttribute("Cipher.Blowfish SupportedPaddings", BLOCK_PADS); + checkAttribute("Cipher.Blowfish SupportedKeyFormats", "RAW"); + + checkService("Cipher.AES"); + checkAlias("Alg.Alias.Cipher.Rijndael", "AES"); + checkAttribute("Cipher.AES SupportedModes", BLOCK_MODES128); + checkAttribute("Cipher.AES SupportedPaddings", BLOCK_PADS); + checkAttribute("Cipher.AES SupportedKeyFormats", "RAW"); + + checkService("Cipher.AES_128/ECB/NoPadding"); + checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding"); + checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding"); + checkService("Cipher.AES_128/CBC/NoPadding"); + checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding"); + checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding"); + checkService("Cipher.AES_128/OFB/NoPadding"); + checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding"); + checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding"); + checkService("Cipher.AES_128/CFB/NoPadding"); + checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding"); + checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding"); + checkService("Cipher.AES_128/GCM/NoPadding"); + checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding"); + checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding"); + + checkService("Cipher.AES_192/ECB/NoPadding"); + checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding"); + checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding"); + checkService("Cipher.AES_192/CBC/NoPadding"); + checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding"); + checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding"); + checkService("Cipher.AES_192/OFB/NoPadding"); + checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding"); + checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding"); + checkService("Cipher.AES_192/CFB/NoPadding"); + checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding"); + checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding"); + checkService("Cipher.AES_192/GCM/NoPadding"); + checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding"); + checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding"); + + checkService("Cipher.AES_256/ECB/NoPadding"); + checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding"); + checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding"); + checkService("Cipher.AES_256/CBC/NoPadding"); + checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding"); + checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding"); + checkService("Cipher.AES_256/OFB/NoPadding"); + checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding"); + checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding"); + checkService("Cipher.AES_256/CFB/NoPadding"); + checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding"); + checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding"); + checkService("Cipher.AES_256/GCM/NoPadding"); + checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding"); + checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding"); + + checkService("Cipher.AESWrap"); + checkAttribute("Cipher.AESWrap SupportedModes", "ECB"); + checkAttribute("Cipher.AESWrap SupportedPaddings", "NOPADDING"); + checkAttribute("Cipher.AESWrap SupportedKeyFormats", "RAW"); + + checkService("Cipher.AESWrap_128"); + checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.5", "AESWrap_128"); + checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.5", "AESWrap_128"); + checkService("Cipher.AESWrap_192"); + checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.25", "AESWrap_192"); + checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.25", "AESWrap_192"); + checkService("Cipher.AESWrap_256"); + checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.45", "AESWrap_256"); + checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.45", "AESWrap_256"); + + checkService("Cipher.RC2"); + checkAttribute("Cipher.RC2 SupportedModes", BLOCK_MODES); + checkAttribute("Cipher.RC2 SupportedPaddings", BLOCK_PADS); + checkAttribute("Cipher.RC2 SupportedKeyFormats", "RAW"); + + checkService("Cipher.ARCFOUR"); + checkAlias("Alg.Alias.Cipher.RC4", "ARCFOUR"); + checkAttribute("Cipher.ARCFOUR SupportedModes", "ECB"); + checkAttribute("Cipher.ARCFOUR SupportedPaddings", "NOPADDING"); + checkAttribute("Cipher.ARCFOUR SupportedKeyFormats", "RAW"); + System.out.println("PBES2 check passed"); + + /* + * Key(pair) Generator engines + */ + checkService("KeyGenerator.DES"); + + checkService("KeyGenerator.DESede"); + checkAlias("Alg.Alias.KeyGenerator.TripleDES", "DESede"); + + checkService("KeyGenerator.Blowfish"); + + checkService("KeyGenerator.AES"); + checkAlias("Alg.Alias.KeyGenerator.Rijndael", "AES"); + + checkService("KeyGenerator.RC2"); + checkService("KeyGenerator.ARCFOUR"); + checkAlias("Alg.Alias.KeyGenerator.RC4", "ARCFOUR"); + + checkService("KeyGenerator.HmacMD5"); + + checkService("KeyGenerator.HmacSHA1"); + checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.7", "HmacSHA1"); + checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.7", "HmacSHA1"); + + checkService("KeyGenerator.HmacSHA224"); + checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.8", "HmacSHA224"); + checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.8", "HmacSHA224"); + + checkService("KeyGenerator.HmacSHA256"); + checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.9", "HmacSHA256"); + checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.9", "HmacSHA256"); + + checkService("KeyGenerator.HmacSHA384"); + checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.10", "HmacSHA384"); + checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.10", "HmacSHA384"); + + checkService("KeyGenerator.HmacSHA512"); + checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.11", "HmacSHA512"); + checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.11", "HmacSHA512"); + + checkService("KeyPairGenerator.DiffieHellman"); + checkAlias("Alg.Alias.KeyPairGenerator.DH", "DiffieHellman"); + checkAlias("Alg.Alias.KeyPairGenerator.OID." + OID_PKCS3, "DiffieHellman"); + checkAlias("Alg.Alias.KeyPairGenerator." + OID_PKCS3, "DiffieHellman"); + System.out.println("Key(pair) Generator engines check passed"); + + /* + * Algorithm parameter generation engines + */ + checkService("AlgorithmParameterGenerator.DiffieHellman"); + checkAlias("Alg.Alias.AlgorithmParameterGenerator.DH", "DiffieHellman"); + checkAlias("Alg.Alias.AlgorithmParameterGenerator.OID." + OID_PKCS3, "DiffieHellman"); + checkAlias("Alg.Alias.AlgorithmParameterGenerator." + OID_PKCS3, "DiffieHellman"); + System.out.println("Algorithm parameter generation engines check passed"); + + /* + * Key Agreement engines + */ + checkService("KeyAgreement.DiffieHellman"); + checkAlias("Alg.Alias.KeyAgreement.DH", "DiffieHellman"); + checkAlias("Alg.Alias.KeyAgreement.OID." + OID_PKCS3, "DiffieHellman"); + checkAlias("Alg.Alias.KeyAgreement." + OID_PKCS3, "DiffieHellman"); + + checkAttribute( + "KeyAgreement.DiffieHellman SupportedKeyClasses", + "javax.crypto.interfaces.DHPublicKey" + "|javax.crypto.interfaces.DHPrivateKey"); + System.out.println("Key Agreement engines check passed"); + + /* + * Algorithm Parameter engines + */ + checkService("AlgorithmParameters.DiffieHellman"); + checkAlias("Alg.Alias.AlgorithmParameters.DH", "DiffieHellman"); + checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS3, "DiffieHellman"); + checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS3, "DiffieHellman"); + + checkService("AlgorithmParameters.DES"); + + checkService("AlgorithmParameters.DESede"); + checkAlias("Alg.Alias.AlgorithmParameters.TripleDES", "DESede"); + + checkService("AlgorithmParameters.PBE"); + + checkService("AlgorithmParameters.PBEWithMD5AndDES"); + checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES"); + checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES"); + + checkService("AlgorithmParameters.PBEWithMD5AndTripleDES"); + + checkService("AlgorithmParameters.PBEWithSHA1AndDESede"); + checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede"); + checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede"); + + checkService("AlgorithmParameters.PBEWithSHA1AndRC2_40"); + checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40"); + checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40"); + + checkService("AlgorithmParameters.PBEWithSHA1AndRC2_128"); + checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128"); + checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128"); + + checkService("AlgorithmParameters.PBEWithSHA1AndRC4_40"); + checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40"); + checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40"); + + checkService("AlgorithmParameters.PBEWithSHA1AndRC4_128"); + checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128"); + checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128"); + + checkService("AlgorithmParameters.PBES2"); + checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS5_PBES2, "PBES2"); + checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS5_PBES2, "PBES2"); + + checkService("AlgorithmParameters.PBEWithHmacSHA1AndAES_128"); + + checkService("AlgorithmParameters.PBEWithHmacSHA224AndAES_128"); + + checkService("AlgorithmParameters.PBEWithHmacSHA256AndAES_128"); + + checkService("AlgorithmParameters.PBEWithHmacSHA384AndAES_128"); + + checkService("AlgorithmParameters.PBEWithHmacSHA512AndAES_128"); + + checkService("AlgorithmParameters.PBEWithHmacSHA1AndAES_256"); + + checkService("AlgorithmParameters.PBEWithHmacSHA224AndAES_256"); + + checkService("AlgorithmParameters.PBEWithHmacSHA256AndAES_256"); + + checkService("AlgorithmParameters.PBEWithHmacSHA384AndAES_256"); + + checkService("AlgorithmParameters.PBEWithHmacSHA512AndAES_256"); + + checkService("AlgorithmParameters.Blowfish"); + + checkService("AlgorithmParameters.AES"); + checkAlias("Alg.Alias.AlgorithmParameters.Rijndael", "AES"); + checkService("AlgorithmParameters.GCM"); + + checkService("AlgorithmParameters.RC2"); + + checkService("AlgorithmParameters.OAEP"); + System.out.println("Algorithm Parameter engines check passed"); + + /* + * Key factories + */ + checkService("KeyFactory.DiffieHellman"); + checkAlias("Alg.Alias.KeyFactory.DH", "DiffieHellman"); + checkAlias("Alg.Alias.KeyFactory.OID." + OID_PKCS3, "DiffieHellman"); + checkAlias("Alg.Alias.KeyFactory." + OID_PKCS3, "DiffieHellman"); + System.out.println("Key factories check passed"); + + /* + * Secret-key factories + */ + checkService("SecretKeyFactory.DES"); + + checkService("SecretKeyFactory.DESede"); + checkAlias("Alg.Alias.SecretKeyFactory.TripleDES", "DESede"); + + checkService("SecretKeyFactory.PBEWithMD5AndDES"); + checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES"); + checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES"); + + checkAlias("Alg.Alias.SecretKeyFactory.PBE", "PBEWithMD5AndDES"); + + /* + * Internal in-house crypto algorithm used for + * the JCEKS keystore type. Since this was developed + * internally, there isn't an OID corresponding to this + * algorithm. + */ + checkService("SecretKeyFactory.PBEWithMD5AndTripleDES"); + + checkService("SecretKeyFactory.PBEWithSHA1AndDESede"); + checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede"); + checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede"); + + checkService("SecretKeyFactory.PBEWithSHA1AndRC2_40"); + checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40"); + checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40"); + + checkService("SecretKeyFactory.PBEWithSHA1AndRC2_128"); + checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128"); + checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128"); + + checkService("SecretKeyFactory.PBEWithSHA1AndRC4_40"); + + checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40"); + checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40"); + + checkService("SecretKeyFactory.PBEWithSHA1AndRC4_128"); + + checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128"); + checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128"); + + checkService("SecretKeyFactory.PBEWithHmacSHA1AndAES_128"); + + checkService("SecretKeyFactory.PBEWithHmacSHA224AndAES_128"); + + checkService("SecretKeyFactory.PBEWithHmacSHA256AndAES_128"); + + checkService("SecretKeyFactory.PBEWithHmacSHA384AndAES_128"); + + checkService("SecretKeyFactory.PBEWithHmacSHA512AndAES_128"); + + checkService("SecretKeyFactory.PBEWithHmacSHA1AndAES_256"); + + checkService("SecretKeyFactory.PBEWithHmacSHA224AndAES_256"); + + checkService("SecretKeyFactory.PBEWithHmacSHA256AndAES_256"); + + checkService("SecretKeyFactory.PBEWithHmacSHA384AndAES_256"); + + checkService("SecretKeyFactory.PBEWithHmacSHA512AndAES_256"); + System.out.println("crypto algorithm for JCEKS keystore check passed "); + + // PBKDF2 + + checkService("SecretKeyFactory.PBKDF2WithHmacSHA1"); + checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2, "PBKDF2WithHmacSHA1"); + checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2, "PBKDF2WithHmacSHA1"); + + checkService("SecretKeyFactory.PBKDF2WithHmacSHA224"); + checkService("SecretKeyFactory.PBKDF2WithHmacSHA256"); + checkService("SecretKeyFactory.PBKDF2WithHmacSHA384"); + checkService("SecretKeyFactory.PBKDF2WithHmacSHA512"); + + System.out.println("PBKDF2 check passed"); + + /* + * MAC + */ + checkService("Mac.HmacMD5"); + checkService("Mac.HmacSHA1"); + checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.7", "HmacSHA1"); + checkAlias("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1"); + checkService("Mac.HmacSHA224"); + checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.8", "HmacSHA224"); + checkAlias("Alg.Alias.Mac.1.2.840.113549.2.8", "HmacSHA224"); + checkService("Mac.HmacSHA256"); + checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.9", "HmacSHA256"); + checkAlias("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256"); + checkService("Mac.HmacSHA384"); + checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.10", "HmacSHA384"); + checkAlias("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384"); + checkService("Mac.HmacSHA512"); + checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.11", "HmacSHA512"); + checkAlias("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512"); + checkService("Mac.HmacPBESHA1"); + + System.out.println("MAC check passed"); + + // PBMAC1 + + checkService("Mac.PBEWithHmacSHA1"); + checkService("Mac.PBEWithHmacSHA224"); + checkService("Mac.PBEWithHmacSHA256"); + checkService("Mac.PBEWithHmacSHA384"); + checkService("Mac.PBEWithHmacSHA512"); + + checkService("Mac.SslMacMD5"); + checkService("Mac.SslMacSHA1"); + + checkAttribute("Mac.HmacMD5 SupportedKeyFormats", "RAW"); + checkAttribute("Mac.HmacSHA1 SupportedKeyFormats", "RAW"); + checkAttribute("Mac.HmacSHA224 SupportedKeyFormats", "RAW"); + checkAttribute("Mac.HmacSHA256 SupportedKeyFormats", "RAW"); + checkAttribute("Mac.HmacSHA384 SupportedKeyFormats", "RAW"); + checkAttribute("Mac.HmacSHA512 SupportedKeyFormats", "RAW"); + checkAttribute("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW"); + checkAttribute("Mac.PBEWithHmacSHA1 SupportedKeyFormatS", "RAW"); + checkAttribute("Mac.PBEWithHmacSHA224 SupportedKeyFormats", "RAW"); + checkAttribute("Mac.PBEWithHmacSHA256 SupportedKeyFormats", "RAW"); + checkAttribute("Mac.PBEWithHmacSHA384 SupportedKeyFormats", "RAW"); + checkAttribute("Mac.PBEWithHmacSHA512 SupportedKeyFormats", "RAW"); + checkAttribute("Mac.SslMacMD5 SupportedKeyFormats", "RAW"); + checkAttribute("Mac.SslMacSHA1 SupportedKeyFormats", "RAW"); + System.out.println("PBMAC1 check passed"); + + /* + * KeyStore + */ + checkService("KeyStore.JCEKS"); + System.out.println("KeyStore check passed"); + + /* + * SSL/TLS mechanisms + * + * These are strictly internal implementations and may + * be changed at any time. These names were chosen + * because PKCS11/SunPKCS11 does not yet have TLS1.2 + * mechanisms, and it will cause calls to come here. + */ + checkService("KeyGenerator.SunTlsPrf"); + checkService("KeyGenerator.SunTls12Prf"); + + checkService("KeyGenerator.SunTlsMasterSecret"); + checkAlias("Alg.Alias.KeyGenerator.SunTls12MasterSecret", "SunTlsMasterSecret"); + checkAlias("Alg.Alias.KeyGenerator.SunTlsExtendedMasterSecret", "SunTlsMasterSecret"); + + checkService("KeyGenerator.SunTlsKeyMaterial"); + checkAlias("Alg.Alias.KeyGenerator.SunTls12KeyMaterial", "SunTlsKeyMaterial"); + + checkService("KeyGenerator.SunTlsRsaPremasterSecret"); + checkAlias("Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret", "SunTlsRsaPremasterSecret"); + System.out.println("SSL/TLS mechanisms check passed"); + return true; + } +} diff --git a/jdk/test/java/security/Provider/SunJSSEValidator.java b/jdk/test/java/security/Provider/SunJSSEValidator.java new file mode 100644 index 000000000..5817c3b7f --- /dev/null +++ b/jdk/test/java/security/Provider/SunJSSEValidator.java @@ -0,0 +1,137 @@ +/* + * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Huawei designates this + * particular file as subject to the "Classpath" exception as provided + * by Huawei in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional + * information or have any questions. + */ + +/* + * @test + * @bug 7092821 + * @library ../testlibrary + * @summary make sure that Sun providers do not miss any algorithms after + * modifying the frameworks underneath + * @author Henry Yang + */ + +/* + *- @TestCaseID:Provider/SunJSSEValidator.java + *- @TestCaseName:Provider/SunJSSEValidator.java + *- @TestCaseType:Function test + *- @RequirementID:AR.SR.IREQ02758058.001.001 + *- @RequirementName: java.security.Provider.getService() is synchronized and became scalability bottleneck + *- @Condition:JDK8u302及以后 + *- @Brief:测试相应provider更改底层架构以后所提供的service是否与原先有差异(以openJDK8u302为准) + * -#step:比较openJDK8u302 SunJSSEProvider与此特性修改后的SunJSSEProvider所提供的service是否一致 + *- @Expect:正常运行 + *- @Priority:Level 1 + */ + +import java.security.Provider; +import java.util.Locale; + +/** + * validator for SunJSSE provider, make sure we do not miss any algorithm + * after the modification. + * + * @author Henry Yang + * @since 2022-05-05 + */ +public class SunJSSEValidator extends BaseProviderValidator { + private boolean fips = false; + + public static void main(String[] args) throws Exception { + SunJSSEValidator validator = new SunJSSEValidator(); + if (args != null && args.length > 0) { + String fipsStr = args[0].toLowerCase(Locale.ENGLISH); + if (!"true".equals(fipsStr) && !"false".equals(fipsStr)) { + throw new RuntimeException("Fips mode argument should be a boolean value"); + } + validator.setFips(Boolean.parseBoolean(fipsStr)); + } + validator.validate(); + } + + public void setFips(boolean isFips) { + this.fips = isFips; + } + + @Override + Provider getDefaultProvider() { + return new com.sun.net.ssl.internal.ssl.Provider(); + } + + @Override + boolean validate() throws Exception { + if (fips == false) { + checkService("KeyFactory.RSA"); + checkAlias("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA"); + checkAlias("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA"); + + checkService("KeyPairGenerator.RSA"); + checkAlias("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA"); + checkAlias("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA"); + + checkService("Signature.MD2withRSA"); + checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA"); + checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2", "MD2withRSA"); + + checkService("Signature.MD5withRSA"); + checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA"); + checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", "MD5withRSA"); + + checkService("Signature.SHA1withRSA"); + checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA"); + checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA"); + checkAlias("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA"); + checkAlias("Alg.Alias.Signature.OID.1.3.14.3.2.29", "SHA1withRSA"); + } + checkService("Signature.MD5andSHA1withRSA"); + + checkService("KeyManagerFactory.SunX509"); + checkService("KeyManagerFactory.NewSunX509"); + checkAlias("Alg.Alias.KeyManagerFactory.PKIX", "NewSunX509"); + + checkService("TrustManagerFactory.SunX509"); + checkService("TrustManagerFactory.PKIX"); + checkAlias("Alg.Alias.TrustManagerFactory.SunPKIX", "PKIX"); + checkAlias("Alg.Alias.TrustManagerFactory.X509", "PKIX"); + checkAlias("Alg.Alias.TrustManagerFactory.X.509", "PKIX"); + + checkService("SSLContext.TLSv1"); + checkService("SSLContext.TLSv1.1"); + checkService("SSLContext.TLSv1.2"); + checkService("SSLContext.TLSv1.3"); + checkService("SSLContext.TLS"); + if (fips == false) { + checkAlias("Alg.Alias.SSLContext.SSL", "TLS"); + checkAlias("Alg.Alias.SSLContext.SSLv3", "TLSv1"); + } + + checkService("SSLContext.Default"); + + /* + * KeyStore + */ + checkService("KeyStore.PKCS12"); + System.out.println("SunJSSE check passed"); + return true; + } +} diff --git a/jdk/test/java/security/Provider/SunRsaSignValidator.java b/jdk/test/java/security/Provider/SunRsaSignValidator.java new file mode 100644 index 000000000..66fb33a44 --- /dev/null +++ b/jdk/test/java/security/Provider/SunRsaSignValidator.java @@ -0,0 +1,154 @@ +/* + * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Huawei designates this + * particular file as subject to the "Classpath" exception as provided + * by Huawei in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional + * information or have any questions. + */ + +/* + * @test + * @bug 7092821 + * @library ../testlibrary + * @summary make sure that Sun providers do not miss any algorithms after + * modifying the frameworks underneath + * @author Henry Yang + */ + +/* + *- @TestCaseID:Provider/SunRsaSignValidator.java + *- @TestCaseName:Provider/SunRsaSignValidator.java + *- @TestCaseType:Function test + *- @RequirementID:AR.SR.IREQ02758058.001.001 + *- @RequirementName: java.security.Provider.getService() is synchronized and became scalability bottleneck + *- @Condition:JDK8u302及以后 + *- @Brief:测试相应provider更改底层架构以后所提供的service是否与原先有差异(以openJDK8u302为准) + * -#step:比较openJDK8u302 SunRsaSignProvider与此特性修改后的SunRsaSignProvider所提供的service是否一致 + *- @Expect:正常运行 + *- @Priority:Level 1 + */ + +import sun.security.rsa.SunRsaSign; + +import java.security.Provider; + +/** + * validator for SunRsaSign provider, make sure we do not miss any algorithm + * after the modification. + * + * @author Henry Yang + * @since 2022-05-05 + */ +public class SunRsaSignValidator extends BaseProviderValidator { + public static void main(String[] args) throws Exception { + SunRsaSignValidator validator = new SunRsaSignValidator(); + validator.validate(); + } + + @Override + Provider getDefaultProvider() { + return new SunRsaSign(); + } + + @Override + boolean validate() throws Exception { + // main algorithms + checkService("KeyFactory.RSA"); + checkService("KeyPairGenerator.RSA"); + checkService("Signature.MD2withRSA"); + checkService("Signature.MD5withRSA"); + checkService("Signature.SHA1withRSA"); + checkService("Signature.SHA224withRSA"); + checkService("Signature.SHA256withRSA"); + checkService("Signature.SHA384withRSA"); + checkService("Signature.SHA512withRSA"); + checkService("Signature.SHA512/224withRSA"); + checkService("Signature.SHA512/256withRSA"); + + checkService("KeyFactory.RSASSA-PSS"); + checkService("KeyPairGenerator.RSASSA-PSS"); + checkService("Signature.RSASSA-PSS"); + checkService("AlgorithmParameters.RSASSA-PSS"); + + System.out.println("service check passed"); + + // attributes for supported key classes + String rsaKeyClasses = "java.security.interfaces.RSAPublicKey" + "|java.security.interfaces.RSAPrivateKey"; + checkAttribute("Signature.MD2withRSA SupportedKeyClasses", rsaKeyClasses); + checkAttribute("Signature.MD5withRSA SupportedKeyClasses", rsaKeyClasses); + checkAttribute("Signature.SHA1withRSA SupportedKeyClasses", rsaKeyClasses); + checkAttribute("Signature.SHA224withRSA SupportedKeyClasses", rsaKeyClasses); + checkAttribute("Signature.SHA256withRSA SupportedKeyClasses", rsaKeyClasses); + checkAttribute("Signature.SHA384withRSA SupportedKeyClasses", rsaKeyClasses); + checkAttribute("Signature.SHA512withRSA SupportedKeyClasses", rsaKeyClasses); + checkAttribute("Signature.SHA512/224withRSA SupportedKeyClasses", rsaKeyClasses); + checkAttribute("Signature.SHA512/256withRSA SupportedKeyClasses", rsaKeyClasses); + checkAttribute("Signature.RSASSA-PSS SupportedKeyClasses", rsaKeyClasses); + + System.out.println("attribute check passed"); + + // aliases + checkAlias("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA"); + checkAlias("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA"); + + checkAlias("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA"); + checkAlias("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA"); + + checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA"); + checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2", "MD2withRSA"); + + checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA"); + checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", "MD5withRSA"); + + checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA"); + checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA"); + checkAlias("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA"); + + checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.14", "SHA224withRSA"); + checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.14", "SHA224withRSA"); + + checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256withRSA"); + checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.11", "SHA256withRSA"); + + checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384withRSA"); + checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.12", "SHA384withRSA"); + + checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512withRSA"); + checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.13", "SHA512withRSA"); + checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.15", "SHA512/224withRSA"); + checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.15", "SHA512/224withRSA"); + checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.16", "SHA512/256withRSA"); + checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.16", "SHA512/256withRSA"); + + checkAlias("Alg.Alias.KeyFactory.1.2.840.113549.1.1.10", "RSASSA-PSS"); + checkAlias("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); + + checkAlias("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.10", "RSASSA-PSS"); + checkAlias("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); + + checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.10", "RSASSA-PSS"); + checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); + + checkAlias("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.1.10", "RSASSA-PSS"); + checkAlias("Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); + + System.out.println("check alias passed"); + return true; + } +} diff --git a/jdk/test/java/security/Provider/SunValidator.java b/jdk/test/java/security/Provider/SunValidator.java new file mode 100644 index 000000000..3f4b81222 --- /dev/null +++ b/jdk/test/java/security/Provider/SunValidator.java @@ -0,0 +1,263 @@ +/* + * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Huawei designates this + * particular file as subject to the "Classpath" exception as provided + * by Huawei in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional + * information or have any questions. + */ + +/* + * @test + * @bug 7092821 + * @library ../testlibrary + * @summary make sure that Sun providers do not miss any algorithms after + * modifying the frameworks underneath + * @author Henry Yang + */ + +/* + *- @TestCaseID:Provider/SunValidator.java + *- @TestCaseName:Provider/SunValidator.java + *- @TestCaseType:Function test + *- @RequirementID:AR.SR.IREQ02758058.001.001 + *- @RequirementName: java.security.Provider.getService() is synchronized and became scalability bottleneck + *- @Condition:JDK8u302及以后 + *- @Brief:测试相应provider更改底层架构以后所提供的service是否与原先有差异(以openJDK8u302为准) + * -#step:比较openJDK8u302 SunProvider与此特性修改后的SunProvider所提供的service是否一致 + *- @Expect:正常运行 + *- @Priority:Level 1 + */ + +import sun.security.provider.NativePRNG; +import sun.security.provider.Sun; + +import java.lang.reflect.Method; +import java.security.Provider; + +/** + * validator for Sun provider, make sure we do not miss any algorithm + * after the modification. + * + * @author Henry Yang + * @since 2022-05-05 + */ +public class SunValidator extends BaseProviderValidator { + public static void main(String[] args) throws Exception { + SunValidator validator = new SunValidator(); + validator.validate(); + } + + @Override + Provider getDefaultProvider() { + return new Sun(); + } + + @Override + public boolean validate() throws Exception { + Method nativeAvailableMethod = NativePRNG.class.getDeclaredMethod("isAvailable"); + nativeAvailableMethod.setAccessible(true); + boolean nativeAvailable = (Boolean) nativeAvailableMethod.invoke(null); + if (nativeAvailable) { + checkService("SecureRandom.NativePRNG"); + } + + checkService("SecureRandom.SHA1PRNG"); + + /* + * Signature engines + */ + checkService("Signature.SHA1withDSA"); + checkService("Signature.NONEwithDSA"); + checkAlias("Alg.Alias.Signature.RawDSA", "NONEwithDSA"); + checkService("Signature.SHA224withDSA"); + checkService("Signature.SHA256withDSA"); + + String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" + "|java.security.interfaces.DSAPrivateKey"; + checkAttribute("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses); + checkAttribute("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses); + checkAttribute("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses); + checkAttribute("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses); + + checkAlias("Alg.Alias.Signature.DSA", "SHA1withDSA"); + checkAlias("Alg.Alias.Signature.DSS", "SHA1withDSA"); + checkAlias("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); + checkAlias("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA"); + checkAlias("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA"); + checkAlias("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA"); + checkAlias("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); + checkAlias("Alg.Alias.Signature.OID.1.2.840.10040.4.3", "SHA1withDSA"); + checkAlias("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); + checkAlias("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA"); + checkAlias("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA"); + checkAlias("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1", "SHA224withDSA"); + checkAlias("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA"); + checkAlias("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2", "SHA256withDSA"); + checkAlias("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA"); + System.out.println("Signature engines check passed"); + + /* + * Key Pair Generator engines + */ + checkService("KeyPairGenerator.DSA"); + checkAlias("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA"); + checkAlias("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA"); + checkAlias("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA"); + System.out.println("Key Pair Generator engines check passed"); + + /* + * Digest engines + */ + checkService("MessageDigest.MD2"); + checkService("MessageDigest.MD5"); + checkService("MessageDigest.SHA"); + + checkAlias("Alg.Alias.MessageDigest.SHA-1", "SHA"); + checkAlias("Alg.Alias.MessageDigest.SHA1", "SHA"); + checkAlias("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA"); + checkAlias("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA"); + + checkService("MessageDigest.SHA-224"); + checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224"); + checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4", "SHA-224"); + + checkService("MessageDigest.SHA-256"); + checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256"); + checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1", "SHA-256"); + checkService("MessageDigest.SHA-384"); + checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384"); + checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2", "SHA-384"); + checkService("MessageDigest.SHA-512"); + checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512"); + checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3", "SHA-512"); + checkService("MessageDigest.SHA-512/224"); + checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.5", "SHA-512/224"); + checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.5", "SHA-512/224"); + checkService("MessageDigest.SHA-512/256"); + checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.6", "SHA-512/256"); + checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.6", "SHA-512/256"); + System.out.println("Digest engines check passed"); + + /* + * Algorithm Parameter Generator engines + */ + checkService("AlgorithmParameterGenerator.DSA"); + System.out.println("Algorithm Parameter Generator engines check passed"); + + /* + * Algorithm Parameter engines + */ + checkService("AlgorithmParameters.DSA"); + checkAlias("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA"); + checkAlias("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA"); + checkAlias("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA"); + System.out.println("Algorithm Parameter engines check passed"); + + /* + * Key factories + */ + checkService("KeyFactory.DSA"); + checkAlias("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA"); + checkAlias("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA"); + checkAlias("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA"); + System.out.println("Key factories check passed"); + + /* + * Certificates + */ + checkService("CertificateFactory.X.509"); + checkAlias("Alg.Alias.CertificateFactory.X509", "X.509"); + System.out.println("Certificates check passed"); + + /* + * KeyStore + */ + checkService("KeyStore.JKS"); + checkService("KeyStore.CaseExactJKS"); + checkService("KeyStore.DKS"); + System.out.println("KeyStore check passed"); + + /* + * Policy + */ + checkService("Policy.JavaPolicy"); + System.out.println("Policy check passed"); + + /* + * Configuration + */ + checkService("Configuration.JavaLoginConfig"); + System.out.println("Configuration check passed"); + + /* + * CertPathBuilder + */ + checkService("CertPathBuilder.PKIX"); + checkAttribute("CertPathBuilder.PKIX ValidationAlgorithm", "RFC5280"); + System.out.println("CertPathBuilder check passed"); + + /* + * CertPathValidator + */ + checkService("CertPathValidator.PKIX"); + checkAttribute("CertPathValidator.PKIX ValidationAlgorithm", "RFC5280"); + System.out.println("CertPathValidator check passed"); + + /* + * CertStores + */ + checkService("CertStore.LDAP"); + checkAttribute("CertStore.LDAP LDAPSchema", "RFC2587"); + checkService("CertStore.Collection"); + checkService("CertStore.com.sun.security.IndexedCollection"); + System.out.println("CertStores check passed"); + + /* + * KeySize + */ + checkAttribute("Signature.NONEwithDSA KeySize", "1024"); + checkAttribute("Signature.SHA1withDSA KeySize", "1024"); + checkAttribute("Signature.SHA224withDSA KeySize", "2048"); + checkAttribute("Signature.SHA256withDSA KeySize", "2048"); + + checkAttribute("KeyPairGenerator.DSA KeySize", "2048"); + checkAttribute("AlgorithmParameterGenerator.DSA KeySize", "2048"); + System.out.println("KeySize attribute check passed"); + + /* + * Implementation type: software or hardware + */ + checkAttribute("Signature.SHA1withDSA ImplementedIn", "Software"); + checkAttribute("KeyPairGenerator.DSA ImplementedIn", "Software"); + checkAttribute("MessageDigest.MD5 ImplementedIn", "Software"); + checkAttribute("MessageDigest.SHA ImplementedIn", "Software"); + checkAttribute("AlgorithmParameterGenerator.DSA ImplementedIn", "Software"); + checkAttribute("AlgorithmParameters.DSA ImplementedIn", "Software"); + checkAttribute("KeyFactory.DSA ImplementedIn", "Software"); + checkAttribute("SecureRandom.SHA1PRNG ImplementedIn", "Software"); + checkAttribute("CertificateFactory.X.509 ImplementedIn", "Software"); + checkAttribute("KeyStore.JKS ImplementedIn", "Software"); + checkAttribute("CertPathValidator.PKIX ImplementedIn", "Software"); + checkAttribute("CertPathBuilder.PKIX ImplementedIn", "Software"); + checkAttribute("CertStore.LDAP ImplementedIn", "Software"); + checkAttribute("CertStore.Collection ImplementedIn", "Software"); + checkAttribute("CertStore.com.sun.security.IndexedCollection ImplementedIn", "Software"); + System.out.println("Implementation type attribute check passed"); + return true; + } +} diff --git a/jdk/test/java/security/SecureRandom/DefaultAlgo.java b/jdk/test/java/security/SecureRandom/DefaultAlgo.java new file mode 100644 index 000000000..ce786f7a2 --- /dev/null +++ b/jdk/test/java/security/SecureRandom/DefaultAlgo.java @@ -0,0 +1,117 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import static java.lang.System.out; +import java.security.Provider; +import java.security.Security; +import java.security.SecureRandom; +import java.security.Provider.Service; +import java.util.Objects; +import java.util.Arrays; +import sun.security.provider.SunEntries; + +/** + * @test + * @bug 8228613 + * @summary Ensure that the default SecureRandom algo used is based + * on the registration ordering, and falls to next provider + * if none are found + * @modules java.base/sun.security.provider + */ +public class DefaultAlgo { + + public static void main(String[] args) throws Exception { + String[] algos = { "A", "B", "C" }; + test3rdParty(algos); + // reverse the order and re-check + String[] algosReversed = { "C", "B", "A" }; + test3rdParty(algosReversed); + } + + private static void test3rdParty(String[] algos) { + Provider[] provs = { + new SampleLegacyProvider(algos), + new SampleServiceProvider(algos) + }; + for (Provider p : provs) { + checkDefault(p, algos); + } + } + + // validate the specified SecureRandom obj to be from the specified + // provider and matches the specified algorithm + private static void validate(SecureRandom sr, String pName, String algo) { + if (!sr.getProvider().getName().equals(pName)) { + throw new RuntimeException("Failed provider check, exp: " + + pName + ", got " + sr.getProvider().getName()); + } + if (!sr.getAlgorithm().equals(algo)) { + throw new RuntimeException("Failed algo check, exp: " + + algo + ", got " + sr.getAlgorithm()); + } + } + + private static void checkDefault(Provider p, String ... algos) { + out.println(p.getName() + " with " + Arrays.toString(algos)); + int pos = Security.insertProviderAt(p, 1); + String pName = p.getName(); + boolean isLegacy = pName.equals("SampleLegacy"); + try { + if (isLegacy) { + for (String s : algos) { + validate(new SecureRandom(), pName, s); + p.remove("SecureRandom." + s); + out.println("removed " + s); + } + validate(new SecureRandom(), "SUN", + SunEntries.DEF_SECURE_RANDOM_ALGO); + } else { + validate(new SecureRandom(), pName, algos[0]); + } + out.println("=> Test Passed"); + } finally { + if (pos != -1) { + Security.removeProvider(p.getName()); + } + } + } + + private static class SampleLegacyProvider extends Provider { + SampleLegacyProvider(String[] listOfSupportedRNGs) { + super("SampleLegacy", 1.0, "test provider using legacy put"); + for (String s : listOfSupportedRNGs) { + put("SecureRandom." + s, "sun.security.provider.SecureRandom"); + } + } + } + + private static class SampleServiceProvider extends Provider { + SampleServiceProvider(String[] listOfSupportedRNGs) { + super("SampleService", 1.0, "test provider using putService"); + for (String s : listOfSupportedRNGs) { + putService(new Provider.Service(this, "SecureRandom", s, + "sun.security.provider.SecureRandom", null, null)); + } + } + } +} \ No newline at end of file diff --git a/jdk/test/micro/org/openeuler/bench/security/provider/GetServiceBenchmark.java b/jdk/test/micro/org/openeuler/bench/security/provider/GetServiceBenchmark.java new file mode 100644 index 000000000..93cd887d6 --- /dev/null +++ b/jdk/test/micro/org/openeuler/bench/security/provider/GetServiceBenchmark.java @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Huawei designates this + * particular file as subject to the "Classpath" exception as provided + * by Huawei in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional + * information or have any questions. + */ + +/* + * - @TestCaseID:provider/GetServiceBenchmark.java + * - @TestCaseName:provider/GetServiceBenchmark.java + * - @TestCaseType:Performance test + * - @RequirementID:AR.SR.IREQ02758058.001.001 + * - @RequirementName:java.security.Provider.getService() is synchronized and became scalability bottleneck + * - @Condition:JDK8u302及以后 + * - @Brief:测试provider.getService的性能 + * -#step:创建jmh的maven项目mvn archetype:generate -DinteractiveMode=false -DarchetypeGroupId=org.openjdk.jmh -DarchetypeArtifactId=jmh-java-benchmark-archetype -DgroupId=org.openeuler.bench.security.provider -DartifactId=provider-benchmark -Dversion=1.0 + * -#step2:删除项目中的多余文件rm -rf provider-benchmark/src/main/java/org/openeuler/bench/security/provider/MyBenchmark.java + * -#step3:将本文件拷贝进项目目录cp GetServiceBenchmark.java provider-benchmark/src/main/java/org/openeuler/bench/security/provider/ + * -#step4:构建项目mvn install + * -#step5:运行测试java -jar target/benchmarks.jar GetServiceBenchmark + * - @Expect:正常运行 + * - @Priority:Level 1 + */ + +package org.openeuler.bench.security.provider; + +import com.sun.crypto.provider.SunJCE; + +import org.openjdk.jmh.annotations.Benchmark; +import org.openjdk.jmh.annotations.BenchmarkMode; +import org.openjdk.jmh.annotations.Fork; +import org.openjdk.jmh.annotations.Measurement; +import org.openjdk.jmh.annotations.Mode; +import org.openjdk.jmh.annotations.Scope; +import org.openjdk.jmh.annotations.State; +import org.openjdk.jmh.annotations.Threads; +import org.openjdk.jmh.annotations.Warmup; + +import java.security.Provider; +import java.util.concurrent.TimeUnit; + +/** + * Benchmark to test the performance of provider.getService in + * high concurrency scenarios. + * + * @author Henry Yang + * @since 2022-05-05 + */ +@BenchmarkMode(Mode.Throughput) +@Fork(1) +@Threads(2000) +@Warmup(iterations = 3, time = 3, timeUnit = TimeUnit.SECONDS) +@Measurement(iterations = 5, time = 3, timeUnit = TimeUnit.SECONDS) +@State(Scope.Benchmark) +public class GetServiceBenchmark { + private Provider provider = new SunJCE(); + + @Benchmark + public void getService() { + try { + provider.getService("Cipher", "RSA"); + } catch (Exception e) { + e.printStackTrace(); + } + } +} -- 2.22.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2