From 834e8792532d89505e5cabfdbca0de3481b5c8ed Mon Sep 17 00:00:00 2001
From: z00558301 <zhoulei103@huawei.com>
Date: Wed, 8 Jun 2022 09:38:47 +0800
Subject: [PATCH 06/10] 7092821: java.security.Provider.getService() is
synchronized and became scalability bottleneck
Bug url: https://bugs.openjdk.java.net/browse/JDK-7092821
---
.../com/sun/crypto/provider/SunJCE.java | 1300 ++++++++---------
.../security/AlgorithmParameterGenerator.java | 5 +-
.../share/classes/java/security/Provider.java | 129 +-
.../classes/java/security/SecureRandom.java | 70 +-
.../share/classes/javax/crypto/Cipher.java | 8 +-
.../classes/javax/crypto/JceSecurity.java | 2 -
.../classes/javax/crypto/KeyAgreement.java | 4 +-
.../classes/javax/crypto/KeyGenerator.java | 4 +-
.../classes/sun/security/provider/Sun.java | 25 +-
.../sun/security/provider/SunEntries.java | 333 ++---
.../provider/VerificationProvider.java | 28 +-
.../classes/sun/security/rsa/SunRsaSign.java | 25 +-
.../sun/security/rsa/SunRsaSignEntries.java | 171 +--
.../classes/sun/security/ssl/SunJSSE.java | 136 +-
.../Provider/BaseProviderValidator.java | 76 +
.../security/Provider/GetServiceRace.java | 98 ++
.../security/Provider/LegacyPutAlias.java | 86 ++
.../Provider/ProviderValidationUtil.java | 270 ++++
.../security/Provider/SunJCEValidator.java | 574 ++++++++
.../security/Provider/SunJSSEValidator.java | 137 ++
.../Provider/SunRsaSignValidator.java | 154 ++
.../java/security/Provider/SunValidator.java | 263 ++++
.../security/SecureRandom/DefaultAlgo.java | 117 ++
.../provider/GetServiceBenchmark.java | 83 ++
24 files changed, 2965 insertions(+), 1133 deletions(-)
create mode 100644 jdk/test/java/security/Provider/BaseProviderValidator.java
create mode 100644 jdk/test/java/security/Provider/GetServiceRace.java
create mode 100644 jdk/test/java/security/Provider/LegacyPutAlias.java
create mode 100644 jdk/test/java/security/Provider/ProviderValidationUtil.java
create mode 100644 jdk/test/java/security/Provider/SunJCEValidator.java
create mode 100644 jdk/test/java/security/Provider/SunJSSEValidator.java
create mode 100644 jdk/test/java/security/Provider/SunRsaSignValidator.java
create mode 100644 jdk/test/java/security/Provider/SunValidator.java
create mode 100644 jdk/test/java/security/SecureRandom/DefaultAlgo.java
create mode 100644 jdk/test/micro/org/openeuler/bench/security/provider/GetServiceBenchmark.java
diff --git a/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java b/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java
index 1e5b5dd0..66a26db2 100644
--- a/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java
+++ b/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java
@@ -28,7 +28,10 @@ package com.sun.crypto.provider;
import java.security.AccessController;
import java.security.Provider;
import java.security.SecureRandom;
-
+import java.security.PrivilegedAction;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
/**
* The "SunJCE" Cryptographic Service Provider.
@@ -78,16 +81,6 @@ public final class SunJCE extends Provider {
"(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, "
+ "Diffie-Hellman, HMAC)";
- private static final String OID_PKCS12_RC4_128 = "1.2.840.113549.1.12.1.1";
- private static final String OID_PKCS12_RC4_40 = "1.2.840.113549.1.12.1.2";
- private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3";
- private static final String OID_PKCS12_RC2_128 = "1.2.840.113549.1.12.1.5";
- private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6";
- private static final String OID_PKCS5_MD5_DES = "1.2.840.113549.1.5.3";
- private static final String OID_PKCS5_PBKDF2 = "1.2.840.113549.1.5.12";
- private static final String OID_PKCS5_PBES2 = "1.2.840.113549.1.5.13";
- private static final String OID_PKCS3 = "1.2.840.113549.1.3.1";
-
/* Are we debugging? -- for developers */
static final boolean debug = false;
@@ -102,10 +95,115 @@ public final class SunJCE extends Provider {
}
static SecureRandom getRandom() { return SecureRandomHolder.RANDOM; }
+ // create an aliases List from the specified aliases
+ public static List<String> createAliases(String ... aliases) {
+ return Arrays.asList(aliases);
+ }
+
+ // create an aliases List from the specified oid followed by other aliases
+ public static List<String> createAliasesWithOid(String ... oids) {
+ String[] result = Arrays.copyOf(oids, oids.length + 1);
+ result[result.length - 1] = "OID." + oids[0];
+ return Arrays.asList(result);
+ }
+
+ private void ps(String type, String algo, String cn,
+ List<String> aliases, HashMap<String, String> attrs) {
+ putService(new Provider.Service(this, type, algo, cn, aliases, attrs));
+ }
+
public SunJCE() {
/* We are the "SunJCE" provider */
super("SunJCE", 1.8d, info);
+ // if there is no security manager installed, put directly into
+ // the provider
+ if (System.getSecurityManager() == null) {
+ putEntries();
+ } else {
+ AccessController.doPrivileged(new PrivilegedAction<Void>() {
+ @Override
+ public Void run() {
+ putEntries();
+ return null;
+ }
+ });
+ }
+ if (instance == null) {
+ instance = this;
+ }
+ }
+
+ void putEntries() {
+ // common aliases and oids
+ List<String> aesAliases = createAliases("Rijndael");
+ List<String> desEdeAliases = createAliases("TripleDES");
+ List<String> arcFourAliases = createAliases("RC4");
+ List<String> sunTlsMSAliases = createAliases(
+ "SunTls12MasterSecret", "SunTlsExtendedMasterSecret"
+ );
+ List<String> sunTlsKMAliases = createAliases("SunTls12KeyMaterial");
+ List<String> sunTlsRsaPMSAliases = createAliases("SunTls12RsaPremasterSecret");
+
+ String aes128Oid = "2.16.840.1.101.3.4.1.";
+ String aes192Oid = "2.16.840.1.101.3.4.1.2";
+ String aes256Oid = "2.16.840.1.101.3.4.1.4";
+
+ List<String> pkcs12RC4_128Aliases =
+ createAliasesWithOid("1.2.840.113549.1.12.1.1");
+
+ List<String> pkcs12RC4_40Aliases =
+ createAliasesWithOid("1.2.840.113549.1.12.1.2");
+
+ List<String> pkcs12DESedeAliases =
+ createAliasesWithOid("1.2.840.113549.1.12.1.3");
+
+ List<String> pkcs12RC2_128Aliases =
+ createAliasesWithOid("1.2.840.113549.1.12.1.5");
+
+ List<String> pkcs12RC2_40Aliases =
+ createAliasesWithOid("1.2.840.113549.1.12.1.6");
+
+ List<String> pkcs5MD5_DESAliases =
+ createAliasesWithOid("1.2.840.113549.1.5.3", "PBE");
+
+ List<String> pkcs5PBKDF2Aliases =
+ createAliasesWithOid("1.2.840.113549.1.5.12");
+
+ List<String> pkcs5PBES2Aliases =
+ createAliasesWithOid("1.2.840.113549.1.5.13");
+
+ List<String> diffieHellmanAliases =
+ createAliasesWithOid("1.2.840.113549.1.3.1", "DH");
+
+ String macOidBase = "1.2.840.113549.2.";
+ List<String> macSHA1Aliases = createAliasesWithOid(macOidBase + "7");
+ List<String> macSHA224Aliases = createAliasesWithOid(macOidBase + "8");
+ List<String> macSHA256Aliases = createAliasesWithOid(macOidBase + "9");
+ List<String> macSHA384Aliases = createAliasesWithOid(macOidBase + "10");
+ List<String> macSHA512Aliases = createAliasesWithOid(macOidBase + "11");
+
+ // reuse attribute map and reset before each reuse
+ HashMap<String, String> attrs = new HashMap<>(3);
+ attrs.put("SupportedModes", "ECB");
+ attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
+ + "|OAEPWITHMD5ANDMGF1PADDING"
+ + "|OAEPWITHSHA1ANDMGF1PADDING"
+ + "|OAEPWITHSHA-1ANDMGF1PADDING"
+ + "|OAEPWITHSHA-224ANDMGF1PADDING"
+ + "|OAEPWITHSHA-256ANDMGF1PADDING"
+ + "|OAEPWITHSHA-384ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
+ attrs.put("SupportedKeyClasses",
+ "java.security.interfaces.RSAPublicKey" +
+ "|java.security.interfaces.RSAPrivateKey");
+ ps("Cipher", "RSA",
+ "com.sun.crypto.provider.RSACipher", null, attrs);
+
+ // common block cipher modes, pads
+
final String BLOCK_MODES = "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" +
"|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" +
"|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64";
@@ -114,694 +212,529 @@ public final class SunJCE extends Provider {
"|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128";
final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING";
- AccessController.doPrivileged(
- new java.security.PrivilegedAction<Object>() {
- public Object run() {
-
- /*
- * Cipher engines
- */
- put("Cipher.RSA", "com.sun.crypto.provider.RSACipher");
- put("Cipher.RSA SupportedModes", "ECB");
- put("Cipher.RSA SupportedPaddings",
- "NOPADDING|PKCS1PADDING|OAEPPADDING"
- + "|OAEPWITHMD5ANDMGF1PADDING"
- + "|OAEPWITHSHA1ANDMGF1PADDING"
- + "|OAEPWITHSHA-1ANDMGF1PADDING"
- + "|OAEPWITHSHA-224ANDMGF1PADDING"
- + "|OAEPWITHSHA-256ANDMGF1PADDING"
- + "|OAEPWITHSHA-384ANDMGF1PADDING"
- + "|OAEPWITHSHA-512ANDMGF1PADDING"
- + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
- + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
- put("Cipher.RSA SupportedKeyClasses",
- "java.security.interfaces.RSAPublicKey" +
- "|java.security.interfaces.RSAPrivateKey");
-
- put("Cipher.DES", "com.sun.crypto.provider.DESCipher");
- put("Cipher.DES SupportedModes", BLOCK_MODES);
- put("Cipher.DES SupportedPaddings", BLOCK_PADS);
- put("Cipher.DES SupportedKeyFormats", "RAW");
-
- put("Cipher.DESede", "com.sun.crypto.provider.DESedeCipher");
- put("Alg.Alias.Cipher.TripleDES", "DESede");
- put("Cipher.DESede SupportedModes", BLOCK_MODES);
- put("Cipher.DESede SupportedPaddings", BLOCK_PADS);
- put("Cipher.DESede SupportedKeyFormats", "RAW");
-
- put("Cipher.DESedeWrap",
- "com.sun.crypto.provider.DESedeWrapCipher");
- put("Cipher.DESedeWrap SupportedModes", "CBC");
- put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING");
- put("Cipher.DESedeWrap SupportedKeyFormats", "RAW");
-
- // PBES1
-
- put("Cipher.PBEWithMD5AndDES",
- "com.sun.crypto.provider.PBEWithMD5AndDESCipher");
- put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES,
- "PBEWithMD5AndDES");
- put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES,
- "PBEWithMD5AndDES");
-
- put("Cipher.PBEWithMD5AndTripleDES",
- "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
-
- put("Cipher.PBEWithSHA1AndDESede",
- "com.sun.crypto.provider.PKCS12PBECipherCore$" +
- "PBEWithSHA1AndDESede");
- put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede,
- "PBEWithSHA1AndDESede");
- put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
- "PBEWithSHA1AndDESede");
-
- put("Cipher.PBEWithSHA1AndRC2_40",
- "com.sun.crypto.provider.PKCS12PBECipherCore$" +
- "PBEWithSHA1AndRC2_40");
- put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40,
- "PBEWithSHA1AndRC2_40");
- put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40,
- "PBEWithSHA1AndRC2_40");
-
- put("Cipher.PBEWithSHA1AndRC2_128",
- "com.sun.crypto.provider.PKCS12PBECipherCore$" +
- "PBEWithSHA1AndRC2_128");
- put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_128,
- "PBEWithSHA1AndRC2_128");
- put("Alg.Alias.Cipher." + OID_PKCS12_RC2_128,
- "PBEWithSHA1AndRC2_128");
-
- put("Cipher.PBEWithSHA1AndRC4_40",
- "com.sun.crypto.provider.PKCS12PBECipherCore$" +
- "PBEWithSHA1AndRC4_40");
- put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_40,
- "PBEWithSHA1AndRC4_40");
- put("Alg.Alias.Cipher." + OID_PKCS12_RC4_40,
- "PBEWithSHA1AndRC4_40");
-
- put("Cipher.PBEWithSHA1AndRC4_128",
- "com.sun.crypto.provider.PKCS12PBECipherCore$" +
- "PBEWithSHA1AndRC4_128");
- put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_128,
- "PBEWithSHA1AndRC4_128");
- put("Alg.Alias.Cipher." + OID_PKCS12_RC4_128,
- "PBEWithSHA1AndRC4_128");
-
- //PBES2
-
- put("Cipher.PBEWithHmacSHA1AndAES_128",
- "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
-
- put("Cipher.PBEWithHmacSHA224AndAES_128",
- "com.sun.crypto.provider.PBES2Core$" +
- "HmacSHA224AndAES_128");
-
- put("Cipher.PBEWithHmacSHA256AndAES_128",
- "com.sun.crypto.provider.PBES2Core$" +
- "HmacSHA256AndAES_128");
-
- put("Cipher.PBEWithHmacSHA384AndAES_128",
- "com.sun.crypto.provider.PBES2Core$" +
- "HmacSHA384AndAES_128");
-
- put("Cipher.PBEWithHmacSHA512AndAES_128",
- "com.sun.crypto.provider.PBES2Core$" +
- "HmacSHA512AndAES_128");
-
- put("Cipher.PBEWithHmacSHA1AndAES_256",
- "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
-
- put("Cipher.PBEWithHmacSHA224AndAES_256",
- "com.sun.crypto.provider.PBES2Core$" +
- "HmacSHA224AndAES_256");
-
- put("Cipher.PBEWithHmacSHA256AndAES_256",
- "com.sun.crypto.provider.PBES2Core$" +
- "HmacSHA256AndAES_256");
-
- put("Cipher.PBEWithHmacSHA384AndAES_256",
- "com.sun.crypto.provider.PBES2Core$" +
- "HmacSHA384AndAES_256");
-
- put("Cipher.PBEWithHmacSHA512AndAES_256",
- "com.sun.crypto.provider.PBES2Core$" +
- "HmacSHA512AndAES_256");
-
- put("Cipher.Blowfish",
- "com.sun.crypto.provider.BlowfishCipher");
- put("Cipher.Blowfish SupportedModes", BLOCK_MODES);
- put("Cipher.Blowfish SupportedPaddings", BLOCK_PADS);
- put("Cipher.Blowfish SupportedKeyFormats", "RAW");
-
- put("Cipher.AES", "com.sun.crypto.provider.AESCipher$General");
- put("Alg.Alias.Cipher.Rijndael", "AES");
- put("Cipher.AES SupportedModes", BLOCK_MODES128);
- put("Cipher.AES SupportedPaddings", BLOCK_PADS);
- put("Cipher.AES SupportedKeyFormats", "RAW");
-
- put("Cipher.AES_128/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding");
- put("Cipher.AES_128/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding");
- put("Cipher.AES_128/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding");
- put("Cipher.AES_128/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding");
- put("Cipher.AES_128/GCM/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_GCM_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding");
-
- put("Cipher.AES_192/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding");
- put("Cipher.AES_192/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding");
- put("Cipher.AES_192/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding");
- put("Cipher.AES_192/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding");
- put("Cipher.AES_192/GCM/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_GCM_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding");
-
- put("Cipher.AES_256/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding");
- put("Cipher.AES_256/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding");
- put("Cipher.AES_256/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding");
- put("Cipher.AES_256/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding");
- put("Cipher.AES_256/GCM/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_GCM_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding");
-
- put("Cipher.AESWrap", "com.sun.crypto.provider.AESWrapCipher$General");
- put("Cipher.AESWrap SupportedModes", "ECB");
- put("Cipher.AESWrap SupportedPaddings", "NOPADDING");
- put("Cipher.AESWrap SupportedKeyFormats", "RAW");
-
- put("Cipher.AESWrap_128", "com.sun.crypto.provider.AESWrapCipher$AES128");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.5", "AESWrap_128");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.5", "AESWrap_128");
- put("Cipher.AESWrap_192", "com.sun.crypto.provider.AESWrapCipher$AES192");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.25", "AESWrap_192");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.25", "AESWrap_192");
- put("Cipher.AESWrap_256", "com.sun.crypto.provider.AESWrapCipher$AES256");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.45", "AESWrap_256");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.45", "AESWrap_256");
-
- put("Cipher.RC2",
- "com.sun.crypto.provider.RC2Cipher");
- put("Cipher.RC2 SupportedModes", BLOCK_MODES);
- put("Cipher.RC2 SupportedPaddings", BLOCK_PADS);
- put("Cipher.RC2 SupportedKeyFormats", "RAW");
-
- put("Cipher.ARCFOUR",
- "com.sun.crypto.provider.ARCFOURCipher");
- put("Alg.Alias.Cipher.RC4", "ARCFOUR");
- put("Cipher.ARCFOUR SupportedModes", "ECB");
- put("Cipher.ARCFOUR SupportedPaddings", "NOPADDING");
- put("Cipher.ARCFOUR SupportedKeyFormats", "RAW");
-
- /*
- * Key(pair) Generator engines
- */
- put("KeyGenerator.DES",
- "com.sun.crypto.provider.DESKeyGenerator");
-
- put("KeyGenerator.DESede",
- "com.sun.crypto.provider.DESedeKeyGenerator");
- put("Alg.Alias.KeyGenerator.TripleDES", "DESede");
-
- put("KeyGenerator.Blowfish",
- "com.sun.crypto.provider.BlowfishKeyGenerator");
-
- put("KeyGenerator.AES",
- "com.sun.crypto.provider.AESKeyGenerator");
- put("Alg.Alias.KeyGenerator.Rijndael", "AES");
-
- put("KeyGenerator.RC2",
- "com.sun.crypto.provider.KeyGeneratorCore$" +
- "RC2KeyGenerator");
- put("KeyGenerator.ARCFOUR",
- "com.sun.crypto.provider.KeyGeneratorCore$" +
- "ARCFOURKeyGenerator");
- put("Alg.Alias.KeyGenerator.RC4", "ARCFOUR");
-
- put("KeyGenerator.HmacMD5",
- "com.sun.crypto.provider.HmacMD5KeyGenerator");
-
- put("KeyGenerator.HmacSHA1",
- "com.sun.crypto.provider.HmacSHA1KeyGenerator");
- put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.7", "HmacSHA1");
- put("Alg.Alias.KeyGenerator.1.2.840.113549.2.7", "HmacSHA1");
-
- put("KeyGenerator.HmacSHA224",
- "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224");
- put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.8", "HmacSHA224");
- put("Alg.Alias.KeyGenerator.1.2.840.113549.2.8", "HmacSHA224");
-
- put("KeyGenerator.HmacSHA256",
- "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256");
- put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.9", "HmacSHA256");
- put("Alg.Alias.KeyGenerator.1.2.840.113549.2.9", "HmacSHA256");
-
- put("KeyGenerator.HmacSHA384",
- "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384");
- put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.10", "HmacSHA384");
- put("Alg.Alias.KeyGenerator.1.2.840.113549.2.10", "HmacSHA384");
-
- put("KeyGenerator.HmacSHA512",
- "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512");
- put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.11", "HmacSHA512");
- put("Alg.Alias.KeyGenerator.1.2.840.113549.2.11", "HmacSHA512");
-
- put("KeyPairGenerator.DiffieHellman",
- "com.sun.crypto.provider.DHKeyPairGenerator");
- put("Alg.Alias.KeyPairGenerator.DH", "DiffieHellman");
- put("Alg.Alias.KeyPairGenerator.OID."+OID_PKCS3,
- "DiffieHellman");
- put("Alg.Alias.KeyPairGenerator."+OID_PKCS3,
- "DiffieHellman");
-
- /*
- * Algorithm parameter generation engines
- */
- put("AlgorithmParameterGenerator.DiffieHellman",
- "com.sun.crypto.provider.DHParameterGenerator");
- put("Alg.Alias.AlgorithmParameterGenerator.DH",
- "DiffieHellman");
- put("Alg.Alias.AlgorithmParameterGenerator.OID."+OID_PKCS3,
- "DiffieHellman");
- put("Alg.Alias.AlgorithmParameterGenerator."+OID_PKCS3,
- "DiffieHellman");
-
- /*
- * Key Agreement engines
- */
- put("KeyAgreement.DiffieHellman",
- "com.sun.crypto.provider.DHKeyAgreement");
- put("Alg.Alias.KeyAgreement.DH", "DiffieHellman");
- put("Alg.Alias.KeyAgreement.OID."+OID_PKCS3, "DiffieHellman");
- put("Alg.Alias.KeyAgreement."+OID_PKCS3, "DiffieHellman");
-
- put("KeyAgreement.DiffieHellman SupportedKeyClasses",
- "javax.crypto.interfaces.DHPublicKey" +
- "|javax.crypto.interfaces.DHPrivateKey");
-
- /*
- * Algorithm Parameter engines
- */
- put("AlgorithmParameters.DiffieHellman",
- "com.sun.crypto.provider.DHParameters");
- put("Alg.Alias.AlgorithmParameters.DH", "DiffieHellman");
- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS3,
- "DiffieHellman");
- put("Alg.Alias.AlgorithmParameters."+OID_PKCS3,
- "DiffieHellman");
-
- put("AlgorithmParameters.DES",
- "com.sun.crypto.provider.DESParameters");
-
- put("AlgorithmParameters.DESede",
- "com.sun.crypto.provider.DESedeParameters");
- put("Alg.Alias.AlgorithmParameters.TripleDES", "DESede");
-
- put("AlgorithmParameters.PBE",
- "com.sun.crypto.provider.PBEParameters");
-
- put("AlgorithmParameters.PBEWithMD5AndDES",
- "com.sun.crypto.provider.PBEParameters");
- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_MD5_DES,
- "PBEWithMD5AndDES");
- put("Alg.Alias.AlgorithmParameters."+OID_PKCS5_MD5_DES,
- "PBEWithMD5AndDES");
-
- put("AlgorithmParameters.PBEWithMD5AndTripleDES",
- "com.sun.crypto.provider.PBEParameters");
-
- put("AlgorithmParameters.PBEWithSHA1AndDESede",
- "com.sun.crypto.provider.PBEParameters");
- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_DESede,
- "PBEWithSHA1AndDESede");
- put("Alg.Alias.AlgorithmParameters."+OID_PKCS12_DESede,
- "PBEWithSHA1AndDESede");
-
- put("AlgorithmParameters.PBEWithSHA1AndRC2_40",
- "com.sun.crypto.provider.PBEParameters");
- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_40,
- "PBEWithSHA1AndRC2_40");
- put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40,
- "PBEWithSHA1AndRC2_40");
-
- put("AlgorithmParameters.PBEWithSHA1AndRC2_128",
- "com.sun.crypto.provider.PBEParameters");
- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_128,
- "PBEWithSHA1AndRC2_128");
- put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_128,
- "PBEWithSHA1AndRC2_128");
-
- put("AlgorithmParameters.PBEWithSHA1AndRC4_40",
- "com.sun.crypto.provider.PBEParameters");
- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_40,
- "PBEWithSHA1AndRC4_40");
- put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_40,
- "PBEWithSHA1AndRC4_40");
-
- put("AlgorithmParameters.PBEWithSHA1AndRC4_128",
- "com.sun.crypto.provider.PBEParameters");
- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_128,
- "PBEWithSHA1AndRC4_128");
- put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_128,
- "PBEWithSHA1AndRC4_128");
-
- put("AlgorithmParameters.PBES2",
- "com.sun.crypto.provider.PBES2Parameters$General");
- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_PBES2,
- "PBES2");
- put("Alg.Alias.AlgorithmParameters." + OID_PKCS5_PBES2,
- "PBES2");
-
- put("AlgorithmParameters.PBEWithHmacSHA1AndAES_128",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128");
-
- put("AlgorithmParameters.PBEWithHmacSHA224AndAES_128",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128");
-
- put("AlgorithmParameters.PBEWithHmacSHA256AndAES_128",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128");
-
- put("AlgorithmParameters.PBEWithHmacSHA384AndAES_128",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128");
-
- put("AlgorithmParameters.PBEWithHmacSHA512AndAES_128",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128");
-
- put("AlgorithmParameters.PBEWithHmacSHA1AndAES_256",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256");
-
- put("AlgorithmParameters.PBEWithHmacSHA224AndAES_256",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256");
-
- put("AlgorithmParameters.PBEWithHmacSHA256AndAES_256",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256");
-
- put("AlgorithmParameters.PBEWithHmacSHA384AndAES_256",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256");
-
- put("AlgorithmParameters.PBEWithHmacSHA512AndAES_256",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256");
-
- put("AlgorithmParameters.Blowfish",
- "com.sun.crypto.provider.BlowfishParameters");
-
- put("AlgorithmParameters.AES",
- "com.sun.crypto.provider.AESParameters");
- put("Alg.Alias.AlgorithmParameters.Rijndael", "AES");
- put("AlgorithmParameters.GCM",
- "com.sun.crypto.provider.GCMParameters");
-
-
- put("AlgorithmParameters.RC2",
- "com.sun.crypto.provider.RC2Parameters");
-
- put("AlgorithmParameters.OAEP",
- "com.sun.crypto.provider.OAEPParameters");
-
- /*
- * Key factories
- */
- put("KeyFactory.DiffieHellman",
- "com.sun.crypto.provider.DHKeyFactory");
- put("Alg.Alias.KeyFactory.DH", "DiffieHellman");
- put("Alg.Alias.KeyFactory.OID."+OID_PKCS3,
- "DiffieHellman");
- put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman");
-
- /*
- * Secret-key factories
- */
- put("SecretKeyFactory.DES",
- "com.sun.crypto.provider.DESKeyFactory");
-
- put("SecretKeyFactory.DESede",
- "com.sun.crypto.provider.DESedeKeyFactory");
- put("Alg.Alias.SecretKeyFactory.TripleDES", "DESede");
-
- put("SecretKeyFactory.PBEWithMD5AndDES",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES"
- );
- put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS5_MD5_DES,
- "PBEWithMD5AndDES");
- put("Alg.Alias.SecretKeyFactory."+OID_PKCS5_MD5_DES,
- "PBEWithMD5AndDES");
-
- put("Alg.Alias.SecretKeyFactory.PBE",
- "PBEWithMD5AndDES");
-
- /*
- * Internal in-house crypto algorithm used for
- * the JCEKS keystore type. Since this was developed
- * internally, there isn't an OID corresponding to this
- * algorithm.
- */
- put("SecretKeyFactory.PBEWithMD5AndTripleDES",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithMD5AndTripleDES"
- );
-
- put("SecretKeyFactory.PBEWithSHA1AndDESede",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede"
- );
- put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS12_DESede,
- "PBEWithSHA1AndDESede");
- put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_DESede,
- "PBEWithSHA1AndDESede");
-
- put("SecretKeyFactory.PBEWithSHA1AndRC2_40",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40"
- );
- put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_40,
- "PBEWithSHA1AndRC2_40");
- put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40,
- "PBEWithSHA1AndRC2_40");
-
- put("SecretKeyFactory.PBEWithSHA1AndRC2_128",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128"
- );
- put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_128,
- "PBEWithSHA1AndRC2_128");
- put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_128,
- "PBEWithSHA1AndRC2_128");
-
- put("SecretKeyFactory.PBEWithSHA1AndRC4_40",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40"
- );
-
- put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_40,
- "PBEWithSHA1AndRC4_40");
- put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_40,
- "PBEWithSHA1AndRC4_40");
-
- put("SecretKeyFactory.PBEWithSHA1AndRC4_128",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128"
- );
-
- put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_128,
- "PBEWithSHA1AndRC4_128");
- put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_128,
- "PBEWithSHA1AndRC4_128");
-
- put("SecretKeyFactory.PBEWithHmacSHA1AndAES_128",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA1AndAES_128");
-
- put("SecretKeyFactory.PBEWithHmacSHA224AndAES_128",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA224AndAES_128");
-
- put("SecretKeyFactory.PBEWithHmacSHA256AndAES_128",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA256AndAES_128");
-
- put("SecretKeyFactory.PBEWithHmacSHA384AndAES_128",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA384AndAES_128");
-
- put("SecretKeyFactory.PBEWithHmacSHA512AndAES_128",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA512AndAES_128");
-
- put("SecretKeyFactory.PBEWithHmacSHA1AndAES_256",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA1AndAES_256");
-
- put("SecretKeyFactory.PBEWithHmacSHA224AndAES_256",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA224AndAES_256");
-
- put("SecretKeyFactory.PBEWithHmacSHA256AndAES_256",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA256AndAES_256");
-
- put("SecretKeyFactory.PBEWithHmacSHA384AndAES_256",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA384AndAES_256");
-
- put("SecretKeyFactory.PBEWithHmacSHA512AndAES_256",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA512AndAES_256");
-
- // PBKDF2
-
- put("SecretKeyFactory.PBKDF2WithHmacSHA1",
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA1");
- put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2,
- "PBKDF2WithHmacSHA1");
- put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2,
- "PBKDF2WithHmacSHA1");
-
- put("SecretKeyFactory.PBKDF2WithHmacSHA224",
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
- put("SecretKeyFactory.PBKDF2WithHmacSHA256",
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
- put("SecretKeyFactory.PBKDF2WithHmacSHA384",
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
- put("SecretKeyFactory.PBKDF2WithHmacSHA512",
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
-
- /*
- * MAC
- */
- put("Mac.HmacMD5", "com.sun.crypto.provider.HmacMD5");
- put("Mac.HmacSHA1", "com.sun.crypto.provider.HmacSHA1");
- put("Alg.Alias.Mac.OID.1.2.840.113549.2.7", "HmacSHA1");
- put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1");
- put("Mac.HmacSHA224",
- "com.sun.crypto.provider.HmacCore$HmacSHA224");
- put("Alg.Alias.Mac.OID.1.2.840.113549.2.8", "HmacSHA224");
- put("Alg.Alias.Mac.1.2.840.113549.2.8", "HmacSHA224");
- put("Mac.HmacSHA256",
- "com.sun.crypto.provider.HmacCore$HmacSHA256");
- put("Alg.Alias.Mac.OID.1.2.840.113549.2.9", "HmacSHA256");
- put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256");
- put("Mac.HmacSHA384",
- "com.sun.crypto.provider.HmacCore$HmacSHA384");
- put("Alg.Alias.Mac.OID.1.2.840.113549.2.10", "HmacSHA384");
- put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384");
- put("Mac.HmacSHA512",
- "com.sun.crypto.provider.HmacCore$HmacSHA512");
- put("Alg.Alias.Mac.OID.1.2.840.113549.2.11", "HmacSHA512");
- put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512");
-
- put("Mac.HmacPBESHA1",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1");
- put("Mac.HmacPBESHA224",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224");
- put("Mac.HmacPBESHA256",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256");
- put("Mac.HmacPBESHA384",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384");
- put("Mac.HmacPBESHA512",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512");
- put("Mac.HmacPBESHA512/224",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224");
- put("Mac.HmacPBESHA512/256",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256");
-
- // PBMAC1
-
- put("Mac.PBEWithHmacSHA1",
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA1");
- put("Mac.PBEWithHmacSHA224",
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA224");
- put("Mac.PBEWithHmacSHA256",
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA256");
- put("Mac.PBEWithHmacSHA384",
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA384");
- put("Mac.PBEWithHmacSHA512",
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA512");
-
- put("Mac.SslMacMD5",
- "com.sun.crypto.provider.SslMacCore$SslMacMD5");
- put("Mac.SslMacSHA1",
- "com.sun.crypto.provider.SslMacCore$SslMacSHA1");
-
- put("Mac.HmacMD5 SupportedKeyFormats", "RAW");
- put("Mac.HmacSHA1 SupportedKeyFormats", "RAW");
- put("Mac.HmacSHA224 SupportedKeyFormats", "RAW");
- put("Mac.HmacSHA256 SupportedKeyFormats", "RAW");
- put("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
- put("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
- put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW");
- put("Mac.HmacPBESHA224 SupportedKeyFormats", "RAW");
- put("Mac.HmacPBESHA256 SupportedKeyFormats", "RAW");
- put("Mac.HmacPBESHA384 SupportedKeyFormats", "RAW");
- put("Mac.HmacPBESHA512 SupportedKeyFormats", "RAW");
- put("Mac.HmacPBESHA512/224 SupportedKeyFormats", "RAW");
- put("Mac.HmacPBESHA512/256 SupportedKeyFormats", "RAW");
- put("Mac.PBEWithHmacSHA1 SupportedKeyFormatS", "RAW");
- put("Mac.PBEWithHmacSHA224 SupportedKeyFormats", "RAW");
- put("Mac.PBEWithHmacSHA256 SupportedKeyFormats", "RAW");
- put("Mac.PBEWithHmacSHA384 SupportedKeyFormats", "RAW");
- put("Mac.PBEWithHmacSHA512 SupportedKeyFormats", "RAW");
- put("Mac.SslMacMD5 SupportedKeyFormats", "RAW");
- put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW");
-
- /*
- * KeyStore
- */
- put("KeyStore.JCEKS", "com.sun.crypto.provider.JceKeyStore");
-
- /*
- * SSL/TLS mechanisms
- *
- * These are strictly internal implementations and may
- * be changed at any time. These names were chosen
- * because PKCS11/SunPKCS11 does not yet have TLS1.2
- * mechanisms, and it will cause calls to come here.
- */
- put("KeyGenerator.SunTlsPrf",
- "com.sun.crypto.provider.TlsPrfGenerator$V10");
- put("KeyGenerator.SunTls12Prf",
- "com.sun.crypto.provider.TlsPrfGenerator$V12");
-
- put("KeyGenerator.SunTlsMasterSecret",
- "com.sun.crypto.provider.TlsMasterSecretGenerator");
- put("Alg.Alias.KeyGenerator.SunTls12MasterSecret",
- "SunTlsMasterSecret");
- put("Alg.Alias.KeyGenerator.SunTlsExtendedMasterSecret",
- "SunTlsMasterSecret");
-
- put("KeyGenerator.SunTlsKeyMaterial",
- "com.sun.crypto.provider.TlsKeyMaterialGenerator");
- put("Alg.Alias.KeyGenerator.SunTls12KeyMaterial",
- "SunTlsKeyMaterial");
-
- put("KeyGenerator.SunTlsRsaPremasterSecret",
- "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator");
- put("Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret",
- "SunTlsRsaPremasterSecret");
-
- return null;
- }
- });
-
- if (instance == null) {
- instance = this;
- }
+ attrs.clear();
+ attrs.put("SupportedModes", BLOCK_MODES);
+ attrs.put("SupportedPaddings", BLOCK_PADS);
+ attrs.put("SupportedKeyFormats", "RAW");
+ ps("Cipher", "DES",
+ "com.sun.crypto.provider.DESCipher", null, attrs);
+ ps("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher",
+ desEdeAliases, attrs);
+ ps("Cipher", "Blowfish",
+ "com.sun.crypto.provider.BlowfishCipher", null, attrs);
+
+ ps("Cipher", "RC2",
+ "com.sun.crypto.provider.RC2Cipher", null, attrs);
+
+ attrs.clear();
+ attrs.put("SupportedModes", BLOCK_MODES128);
+ attrs.put("SupportedPaddings", BLOCK_PADS);
+ attrs.put("SupportedKeyFormats", "RAW");
+ ps("Cipher", "AES", "com.sun.crypto.provider.AESCipher$General",
+ aesAliases, attrs);
+
+ attrs.clear();
+ attrs.put("SupportedKeyFormats", "RAW");
+ ps("Cipher", "AES_128/ECB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding",
+ createAliasesWithOid(aes128Oid+"1"), attrs);
+ ps("Cipher", "AES_128/CBC/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding",
+ createAliasesWithOid(aes128Oid+"2"), attrs);
+ ps("Cipher", "AES_128/OFB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding",
+ createAliasesWithOid(aes128Oid+"3"), attrs);
+ ps("Cipher", "AES_128/CFB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding",
+ createAliasesWithOid(aes128Oid+"4"), attrs);
+ ps("Cipher", "AES_128/GCM/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES128_GCM_NoPadding",
+ createAliasesWithOid(aes128Oid+"6"), attrs);
+
+ ps("Cipher", "AES_192/ECB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding",
+ createAliasesWithOid(aes192Oid+"1"), attrs);
+ ps("Cipher", "AES_192/CBC/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding",
+ createAliasesWithOid(aes192Oid+"2"), attrs);
+ ps("Cipher", "AES_192/OFB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding",
+ createAliasesWithOid(aes192Oid+"3"), attrs);
+ ps("Cipher", "AES_192/CFB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding",
+ createAliasesWithOid(aes192Oid+"4"), attrs);
+ ps("Cipher", "AES_192/GCM/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES192_GCM_NoPadding",
+ createAliasesWithOid(aes192Oid+"6"), attrs);
+
+ ps("Cipher", "AES_256/ECB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding",
+ createAliasesWithOid(aes256Oid+"1"), attrs);
+ ps("Cipher", "AES_256/CBC/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding",
+ createAliasesWithOid(aes256Oid+"2"), attrs);
+ ps("Cipher", "AES_256/OFB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding",
+ createAliasesWithOid(aes256Oid+"3"), attrs);
+ ps("Cipher", "AES_256/CFB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding",
+ createAliasesWithOid(aes256Oid+"4"), attrs);
+ ps("Cipher", "AES_256/GCM/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES256_GCM_NoPadding",
+ createAliasesWithOid(aes256Oid+"6"), attrs);
+
+ attrs.clear();
+ attrs.put("SupportedModes", "CBC");
+ attrs.put("SupportedPaddings", "NOPADDING");
+ attrs.put("SupportedKeyFormats", "RAW");
+ ps("Cipher", "DESedeWrap",
+ "com.sun.crypto.provider.DESedeWrapCipher", null, attrs);
+
+ attrs.clear();
+ attrs.put("SupportedModes", "ECB");
+ attrs.put("SupportedPaddings", "NOPADDING");
+ attrs.put("SupportedKeyFormats", "RAW");
+ ps("Cipher", "ARCFOUR", "com.sun.crypto.provider.ARCFOURCipher",
+ arcFourAliases, attrs);
+ ps("Cipher", "AESWrap", "com.sun.crypto.provider.AESWrapCipher$General",
+ null, attrs);
+ ps("Cipher", "AESWrap_128",
+ "com.sun.crypto.provider.AESWrapCipher$AES128",
+ createAliasesWithOid(aes128Oid+"5"), attrs);
+ ps("Cipher", "AESWrap_192",
+ "com.sun.crypto.provider.AESWrapCipher$AES192",
+ createAliasesWithOid(aes192Oid+"5"), attrs);
+ ps("Cipher", "AESWrap_256",
+ "com.sun.crypto.provider.AESWrapCipher$AES256",
+ createAliasesWithOid(aes256Oid+"5"), attrs);
+
+ attrs.clear();
+ attrs.put("SupportedKeyFormats", "RAW");
+
+ // PBES1
+ ps("Cipher", "PBEWithMD5AndDES",
+ "com.sun.crypto.provider.PBEWithMD5AndDESCipher",
+ pkcs5MD5_DESAliases, null);
+ ps("Cipher", "PBEWithMD5AndTripleDES",
+ "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher",
+ null, null);
+ ps("Cipher", "PBEWithSHA1AndDESede",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede",
+ pkcs12DESedeAliases, null);
+ ps("Cipher", "PBEWithSHA1AndRC2_40",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40",
+ pkcs12RC2_40Aliases, null);
+ ps("Cipher", "PBEWithSHA1AndRC2_128",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128",
+ pkcs12RC2_128Aliases, null);
+ ps("Cipher", "PBEWithSHA1AndRC4_40",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40",
+ pkcs12RC4_40Aliases, null);
+
+ ps("Cipher", "PBEWithSHA1AndRC4_128",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128",
+ pkcs12RC4_128Aliases, null);
+
+ // PBES2
+ ps("Cipher", "PBEWithHmacSHA1AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128",
+ null, null);
+
+ ps("Cipher", "PBEWithHmacSHA224AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128",
+ null, null);
+
+ ps("Cipher", "PBEWithHmacSHA256AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128",
+ null, null);
+
+ ps("Cipher", "PBEWithHmacSHA384AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128",
+ null, null);
+
+ ps("Cipher", "PBEWithHmacSHA512AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128",
+ null, null);
+
+ ps("Cipher", "PBEWithHmacSHA1AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256",
+ null, null);
+
+ ps("Cipher", "PBEWithHmacSHA224AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256",
+ null, null);
+
+ ps("Cipher", "PBEWithHmacSHA256AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256",
+ null, null);
+
+ ps("Cipher", "PBEWithHmacSHA384AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256",
+ null, null);
+
+ ps("Cipher", "PBEWithHmacSHA512AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256",
+ null, null);
+
+ /*
+ * Key(pair) Generator engines
+ */
+ ps("KeyGenerator", "DES",
+ "com.sun.crypto.provider.DESKeyGenerator",
+ null, null);
+ ps("KeyGenerator", "DESede",
+ "com.sun.crypto.provider.DESedeKeyGenerator",
+ desEdeAliases, null);
+ ps("KeyGenerator", "Blowfish",
+ "com.sun.crypto.provider.BlowfishKeyGenerator",
+ null, null);
+ ps("KeyGenerator", "AES",
+ "com.sun.crypto.provider.AESKeyGenerator",
+ aesAliases, null);
+ ps("KeyGenerator", "RC2",
+ "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator",
+ null, null);
+ ps("KeyGenerator", "ARCFOUR",
+ "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator",
+ arcFourAliases, null);
+ ps("KeyGenerator", "HmacMD5",
+ "com.sun.crypto.provider.HmacMD5KeyGenerator",
+ null, null);
+
+ ps("KeyGenerator", "HmacSHA1",
+ "com.sun.crypto.provider.HmacSHA1KeyGenerator",
+ macSHA1Aliases, null);
+ ps("KeyGenerator", "HmacSHA224",
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224",
+ macSHA224Aliases, null);
+ ps("KeyGenerator", "HmacSHA256",
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256",
+ macSHA256Aliases, null);
+ ps("KeyGenerator", "HmacSHA384",
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384",
+ macSHA384Aliases, null);
+ ps("KeyGenerator", "HmacSHA512",
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512",
+ macSHA512Aliases, null);
+
+ ps("KeyPairGenerator", "DiffieHellman",
+ "com.sun.crypto.provider.DHKeyPairGenerator",
+ diffieHellmanAliases, null);
+
+ /*
+ * Algorithm parameter generation engines
+ */
+ ps("AlgorithmParameterGenerator",
+ "DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator",
+ diffieHellmanAliases, null);
+
+ /*
+ * Key Agreement engines
+ */
+ attrs.clear();
+ attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" +
+ "|javax.crypto.interfaces.DHPrivateKey");
+ ps("KeyAgreement", "DiffieHellman",
+ "com.sun.crypto.provider.DHKeyAgreement",
+ diffieHellmanAliases, attrs);
+
+ /*
+ * Algorithm Parameter engines
+ */
+ ps("AlgorithmParameters", "DiffieHellman",
+ "com.sun.crypto.provider.DHParameters",
+ diffieHellmanAliases, null);
+
+ ps("AlgorithmParameters", "DES",
+ "com.sun.crypto.provider.DESParameters",
+ null, null);
+
+ ps("AlgorithmParameters", "DESede",
+ "com.sun.crypto.provider.DESedeParameters",
+ desEdeAliases, null);
+
+ ps("AlgorithmParameters", "PBEWithMD5AndDES",
+ "com.sun.crypto.provider.PBEParameters",
+ pkcs5MD5_DESAliases, null);
+
+ ps("AlgorithmParameters", "PBEWithMD5AndTripleDES",
+ "com.sun.crypto.provider.PBEParameters",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithSHA1AndDESede",
+ "com.sun.crypto.provider.PBEParameters",
+ pkcs12DESedeAliases, null);
+
+ ps("AlgorithmParameters", "PBEWithSHA1AndRC2_40",
+ "com.sun.crypto.provider.PBEParameters",
+ pkcs12RC2_40Aliases, null);
+
+ ps("AlgorithmParameters", "PBEWithSHA1AndRC2_128",
+ "com.sun.crypto.provider.PBEParameters",
+ pkcs12RC2_128Aliases, null);
+
+ ps("AlgorithmParameters", "PBEWithSHA1AndRC4_40",
+ "com.sun.crypto.provider.PBEParameters",
+ pkcs12RC4_40Aliases, null);
+
+ ps("AlgorithmParameters", "PBEWithSHA1AndRC4_128",
+ "com.sun.crypto.provider.PBEParameters",
+ pkcs12RC4_128Aliases, null);
+
+ ps("AlgorithmParameters", "PBES2",
+ "com.sun.crypto.provider.PBES2Parameters$General",
+ pkcs5PBES2Aliases, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256",
+ null, null);
+
+ ps("AlgorithmParameters", "Blowfish",
+ "com.sun.crypto.provider.BlowfishParameters",
+ null, null);
+
+ ps("AlgorithmParameters", "AES",
+ "com.sun.crypto.provider.AESParameters",
+ aesAliases, null);
+
+ ps("AlgorithmParameters", "GCM",
+ "com.sun.crypto.provider.GCMParameters",
+ null, null);
+
+ ps("AlgorithmParameters", "RC2",
+ "com.sun.crypto.provider.RC2Parameters",
+ null, null);
+
+ ps("AlgorithmParameters", "OAEP",
+ "com.sun.crypto.provider.OAEPParameters",
+ null, null);
+
+ /*
+ * Key factories
+ */
+ ps("KeyFactory", "DiffieHellman",
+ "com.sun.crypto.provider.DHKeyFactory",
+ diffieHellmanAliases, null);
+
+ /*
+ * Secret-key factories
+ */
+ ps("SecretKeyFactory", "DES",
+ "com.sun.crypto.provider.DESKeyFactory",
+ null, null);
+
+ ps("SecretKeyFactory", "DESede",
+ "com.sun.crypto.provider.DESedeKeyFactory",
+ desEdeAliases, null);
+
+ ps("SecretKeyFactory", "PBEWithMD5AndDES",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES",
+ pkcs5MD5_DESAliases, null);
+
+ /*
+ * Internal in-house crypto algorithm used for
+ * the JCEKS keystore type. Since this was developed
+ * internally, there isn't an OID corresponding to this
+ * algorithm.
+ */
+ ps("SecretKeyFactory", "PBEWithMD5AndTripleDES",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithSHA1AndDESede",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede",
+ pkcs12DESedeAliases, null);
+
+ ps("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40",
+ pkcs12RC2_40Aliases, null);
+
+ ps("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128",
+ pkcs12RC2_128Aliases, null);
+
+ ps("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40",
+ pkcs12RC4_40Aliases,null);
+
+ ps("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128",
+ pkcs12RC4_128Aliases, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256",
+ null, null);
+
+ // PBKDF2
+ ps("SecretKeyFactory", "PBKDF2WithHmacSHA1",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA1",
+ pkcs5PBKDF2Aliases, null);
+ ps("SecretKeyFactory", "PBKDF2WithHmacSHA224",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA224",
+ null, null);
+ ps("SecretKeyFactory", "PBKDF2WithHmacSHA256",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA256",
+ null, null);
+ ps("SecretKeyFactory", "PBKDF2WithHmacSHA384",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA384",
+ null, null);
+ ps("SecretKeyFactory", "PBKDF2WithHmacSHA512",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA512",
+ null, null);
+
+ /*
+ * MAC
+ */
+ attrs.clear();
+ attrs.put("SupportedKeyFormats", "RAW");
+ ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs);
+ ps("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1",
+ macSHA1Aliases, attrs);
+ ps("Mac", "HmacSHA224", "com.sun.crypto.provider.HmacCore$HmacSHA224",
+ macSHA224Aliases, attrs);
+ ps("Mac", "HmacSHA256", "com.sun.crypto.provider.HmacCore$HmacSHA256",
+ macSHA256Aliases, attrs);
+ ps("Mac", "HmacSHA384", "com.sun.crypto.provider.HmacCore$HmacSHA384",
+ macSHA384Aliases, attrs);
+ ps("Mac", "HmacSHA512", "com.sun.crypto.provider.HmacCore$HmacSHA512",
+ macSHA512Aliases, attrs);
+ // TODO: aliases with OIDs
+ ps("Mac", "HmacPBESHA1", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1",
+ null, attrs);
+ ps("Mac", "HmacPBESHA224", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224",
+ null, attrs);
+ ps("Mac", "HmacPBESHA256", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256",
+ null, attrs);
+ ps("Mac", "HmacPBESHA384", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384",
+ null, attrs);
+ ps("Mac", "HmacPBESHA512", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512",
+ null, attrs);
+ ps("Mac", "HmacPBESHA512/224", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224",
+ null, attrs);
+ ps("Mac", "HmacPBESHA512/256", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256",
+ null, attrs);
+
+ // PBMAC1
+ ps("Mac", "PBEWithHmacSHA1",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs);
+ ps("Mac", "PBEWithHmacSHA224",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA224", null, attrs);
+ ps("Mac", "PBEWithHmacSHA256",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA256", null, attrs);
+ ps("Mac", "PBEWithHmacSHA384",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs);
+ ps("Mac", "PBEWithHmacSHA512",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs);
+ ps("Mac", "SslMacMD5",
+ "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs);
+ ps("Mac", "SslMacSHA1",
+ "com.sun.crypto.provider.SslMacCore$SslMacSHA1", null, attrs);
+
+ /*
+ * KeyStore
+ */
+ ps("KeyStore", "JCEKS",
+ "com.sun.crypto.provider.JceKeyStore",
+ null, null);
+
+ /*
+ * SSL/TLS mechanisms
+ *
+ * These are strictly internal implementations and may
+ * be changed at any time. These names were chosen
+ * because PKCS11/SunPKCS11 does not yet have TLS1.2
+ * mechanisms, and it will cause calls to come here.
+ */
+ ps("KeyGenerator", "SunTlsPrf",
+ "com.sun.crypto.provider.TlsPrfGenerator$V10",
+ null, null);
+ ps("KeyGenerator", "SunTls12Prf",
+ "com.sun.crypto.provider.TlsPrfGenerator$V12",
+ null, null);
+
+ ps("KeyGenerator", "SunTlsMasterSecret",
+ "com.sun.crypto.provider.TlsMasterSecretGenerator",
+ createAliases("SunTls12MasterSecret",
+ "SunTlsExtendedMasterSecret"), null);
+ ps("KeyGenerator", "SunTlsKeyMaterial",
+ "com.sun.crypto.provider.TlsKeyMaterialGenerator",
+ createAliases("SunTls12KeyMaterial"), null);
+
+ ps("KeyGenerator", "SunTlsRsaPremasterSecret",
+ "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator",
+ createAliases("SunTls12RsaPremasterSecret"), null);
}
// Return the instance of this class or create one if needed.
diff --git a/jdk/src/share/classes/java/security/AlgorithmParameterGenerator.java b/jdk/src/share/classes/java/security/AlgorithmParameterGenerator.java
index 7f9c7cbf4..b8cb61a56 100644
--- a/jdk/src/share/classes/java/security/AlgorithmParameterGenerator.java
+++ b/jdk/src/share/classes/java/security/AlgorithmParameterGenerator.java
@@ -26,6 +26,7 @@
package java.security;
import java.security.spec.AlgorithmParameterSpec;
+import sun.security.jca.JCAUtil;
/**
* The {@code AlgorithmParameterGenerator} class is used to generate a
@@ -282,7 +283,7 @@ public class AlgorithmParameterGenerator {
* @param size the size (number of bits).
*/
public final void init(int size) {
- paramGenSpi.engineInit(size, new SecureRandom());
+ paramGenSpi.engineInit(size, JCAUtil.getSecureRandom());
}
/**
@@ -313,7 +314,7 @@ public class AlgorithmParameterGenerator {
*/
public final void init(AlgorithmParameterSpec genParamSpec)
throws InvalidAlgorithmParameterException {
- paramGenSpi.engineInit(genParamSpec, new SecureRandom());
+ paramGenSpi.engineInit(genParamSpec, JCAUtil.getSecureRandom());
}
/**
diff --git a/jdk/src/share/classes/java/security/Provider.java b/jdk/src/share/classes/java/security/Provider.java
index 1eadb0e62..34f5ab22b 100644
--- a/jdk/src/share/classes/java/security/Provider.java
+++ b/jdk/src/share/classes/java/security/Provider.java
@@ -30,6 +30,7 @@ import java.util.*;
import static java.util.Locale.ENGLISH;
import java.lang.ref.*;
import java.lang.reflect.*;
+import java.util.concurrent.ConcurrentHashMap;
import java.util.function.BiConsumer;
import java.util.function.BiFunction;
import java.util.function.Function;
@@ -135,6 +136,7 @@ public abstract class Provider extends Properties {
this.name = name;
this.version = version;
this.info = info;
+ this.serviceMap = new ConcurrentHashMap<>();
putId();
initialized = true;
}
@@ -662,15 +664,20 @@ public abstract class Provider extends Properties {
// legacy properties changed since last call to any services method?
private transient boolean legacyChanged;
// serviceMap changed since last call to getServices()
- private transient boolean servicesChanged;
+ private volatile transient boolean servicesChanged;
- // Map<String,String>
+ // Map<String,String> used to keep track of legacy registration
private transient Map<String,String> legacyStrings;
// Map<ServiceKey,Service>
// used for services added via putService(), initialized on demand
private transient Map<ServiceKey,Service> serviceMap;
+ // For backward compatibility, the registration ordering of
+ // SecureRandom (RNG) algorithms needs to be preserved for
+ // "new SecureRandom()" calls when this provider is used
+ private transient Set<String> prngAlgos;
+
// Map<ServiceKey,Service>
// used for services added via legacy methods, init on demand
private transient Map<ServiceKey,Service> legacyMap;
@@ -698,11 +705,13 @@ public abstract class Provider extends Properties {
}
defaults = null;
in.defaultReadObject();
+ this.serviceMap = new ConcurrentHashMap<>();
implClear();
initialized = true;
putAll(copy);
}
+ // check whether to update 'legacyString' with the specified key
private boolean checkLegacy(Object key) {
String keyString = (String)key;
if (keyString.startsWith("Provider.")) {
@@ -711,7 +720,7 @@ public abstract class Provider extends Properties {
legacyChanged = true;
if (legacyStrings == null) {
- legacyStrings = new LinkedHashMap<String,String>();
+ legacyStrings = new LinkedHashMap<>();
}
return true;
}
@@ -742,7 +751,7 @@ public abstract class Provider extends Properties {
if (!checkLegacy(key)) {
return false;
}
- legacyStrings.remove((String)key, value);
+ legacyStrings.remove((String)key, (String)value);
}
return super.remove(key, value);
}
@@ -772,7 +781,7 @@ public abstract class Provider extends Properties {
private void implReplaceAll(BiFunction<? super Object, ? super Object, ? extends Object> function) {
legacyChanged = true;
if (legacyStrings == null) {
- legacyStrings = new LinkedHashMap<String,String>();
+ legacyStrings = new LinkedHashMap<>();
} else {
legacyStrings.replaceAll((BiFunction<? super String, ? super String, ? extends String>) function);
}
@@ -796,8 +805,8 @@ public abstract class Provider extends Properties {
if (!checkLegacy(key)) {
return null;
}
- legacyStrings.computeIfAbsent((String) key,
- (Function<? super String, ? extends String>) remappingFunction);
+ legacyStrings.compute((String) key,
+ (BiFunction<? super String, ? super String, ? extends String>) remappingFunction);
}
return super.compute(key, remappingFunction);
}
@@ -851,12 +860,11 @@ public abstract class Provider extends Properties {
if (legacyMap != null) {
legacyMap.clear();
}
- if (serviceMap != null) {
- serviceMap.clear();
- }
+ serviceMap.clear();
legacyChanged = false;
servicesChanged = false;
serviceSet = null;
+ prngAlgos = null;
super.clear();
putId();
}
@@ -873,13 +881,13 @@ public abstract class Provider extends Properties {
this.algorithm = intern ? algorithm.intern() : algorithm;
}
public int hashCode() {
- return type.hashCode() + algorithm.hashCode();
+ return Objects.hash(type, algorithm);
}
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
- if (obj instanceof ServiceKey == false) {
+ if (!(obj instanceof ServiceKey)) {
return false;
}
ServiceKey other = (ServiceKey)obj;
@@ -901,7 +909,7 @@ public abstract class Provider extends Properties {
}
serviceSet = null;
if (legacyMap == null) {
- legacyMap = new LinkedHashMap<ServiceKey,Service>();
+ legacyMap = new ConcurrentHashMap<>();
} else {
legacyMap.clear();
}
@@ -957,7 +965,10 @@ public abstract class Provider extends Properties {
String type = getEngineName(typeAndAlg[0]);
String aliasAlg = typeAndAlg[1].intern();
ServiceKey key = new ServiceKey(type, stdAlg, true);
- Service s = legacyMap.get(key);
+ Service s = serviceMap.get(key);
+ if (s == null) {
+ s = legacyMap.get(key);
+ }
if (s == null) {
s = new Service(this);
s.type = type;
@@ -986,6 +997,10 @@ public abstract class Provider extends Properties {
legacyMap.put(key, s);
}
s.className = className;
+
+ if (type.equals("SecureRandom")) {
+ updateSecureRandomEntries(true, s.algorithm);
+ }
} else { // attribute
// e.g. put("MessageDigest.SHA-1 ImplementedIn", "Software");
String attributeValue = value;
@@ -1031,7 +1046,7 @@ public abstract class Provider extends Properties {
*
* @since 1.5
*/
- public synchronized Service getService(String type, String algorithm) {
+ public Service getService(String type, String algorithm) {
checkInitialized();
// avoid allocating a new key object if possible
ServiceKey key = previousKey;
@@ -1039,14 +1054,19 @@ public abstract class Provider extends Properties {
key = new ServiceKey(type, algorithm, false);
previousKey = key;
}
- if (serviceMap != null) {
- Service service = serviceMap.get(key);
- if (service != null) {
- return service;
+ if (!serviceMap.isEmpty()) {
+ Service s = serviceMap.get(key);
+ if (s != null) {
+ return s;
+ }
+ }
+ synchronized (this){
+ ensureLegacyParsed();
+ if (legacyMap != null && !legacyMap.isEmpty()) {
+ return legacyMap.get(key);
}
}
- ensureLegacyParsed();
- return (legacyMap != null) ? legacyMap.get(key) : null;
+ return null;
}
// ServiceKey from previous getService() call
@@ -1075,10 +1095,10 @@ public abstract class Provider extends Properties {
if (serviceSet == null) {
ensureLegacyParsed();
Set<Service> set = new LinkedHashSet<>();
- if (serviceMap != null) {
+ if (!serviceMap.isEmpty()) {
set.addAll(serviceMap.values());
}
- if (legacyMap != null) {
+ if (legacyMap != null && !legacyMap.isEmpty()) {
set.addAll(legacyMap.values());
}
serviceSet = Collections.unmodifiableSet(set);
@@ -1116,7 +1136,7 @@ public abstract class Provider extends Properties {
*
* @since 1.5
*/
- protected synchronized void putService(Service s) {
+ protected void putService(Service s) {
check("putProviderProperty." + name);
if (debug != null) {
debug.println(name + ".putService(): " + s);
@@ -1128,20 +1148,58 @@ public abstract class Provider extends Properties {
throw new IllegalArgumentException
("service.getProvider() must match this Provider object");
}
- if (serviceMap == null) {
- serviceMap = new LinkedHashMap<ServiceKey,Service>();
- }
- servicesChanged = true;
String type = s.getType();
String algorithm = s.getAlgorithm();
ServiceKey key = new ServiceKey(type, algorithm, true);
- // remove existing service
implRemoveService(serviceMap.get(key));
serviceMap.put(key, s);
for (String alias : s.getAliases()) {
serviceMap.put(new ServiceKey(type, alias, true), s);
}
- putPropertyStrings(s);
+ servicesChanged = true;
+ synchronized (this) {
+ putPropertyStrings(s);
+ if (type.equals("SecureRandom")) {
+ updateSecureRandomEntries(true, s.algorithm);
+ }
+ }
+ }
+
+ // keep tracks of the registered secure random algos and store them in order
+ private void updateSecureRandomEntries(boolean doAdd, String s) {
+ Objects.requireNonNull(s);
+ if (doAdd) {
+ if (prngAlgos == null) {
+ prngAlgos = new LinkedHashSet<String>();
+ }
+ prngAlgos.add(s);
+ } else {
+ prngAlgos.remove(s);
+ }
+
+ if (debug != null) {
+ debug.println((doAdd? "Add":"Remove") + " SecureRandom algo " + s);
+ }
+ }
+
+ // used by new SecureRandom() to find out the default SecureRandom
+ // service for this provider
+ synchronized Service getDefaultSecureRandomService() {
+ checkInitialized();
+
+ if (legacyChanged) {
+ prngAlgos = null;
+ ensureLegacyParsed();
+ }
+
+ if (prngAlgos != null && !prngAlgos.isEmpty()) {
+ // IMPORTANT: use the Service obj returned by getService(...) call
+ // as providers may override putService(...)/getService(...) and
+ // return their own Service objects
+ return getService("SecureRandom", prngAlgos.iterator().next());
+ }
+
+ return null;
}
/**
@@ -1208,7 +1266,7 @@ public abstract class Provider extends Properties {
*
* @since 1.5
*/
- protected synchronized void removeService(Service s) {
+ protected void removeService(Service s) {
check("removeProviderProperty." + name);
if (debug != null) {
debug.println(name + ".removeService(): " + s);
@@ -1220,7 +1278,7 @@ public abstract class Provider extends Properties {
}
private void implRemoveService(Service s) {
- if ((s == null) || (serviceMap == null)) {
+ if ((s == null) || serviceMap.isEmpty()) {
return;
}
String type = s.getType();
@@ -1235,7 +1293,12 @@ public abstract class Provider extends Properties {
for (String alias : s.getAliases()) {
serviceMap.remove(new ServiceKey(type, alias, false));
}
- removePropertyStrings(s);
+ synchronized (this) {
+ removePropertyStrings(s);
+ if (type.equals("SecureRandom")) {
+ updateSecureRandomEntries(false, s.algorithm);
+ }
+ }
}
// Wrapped String that behaves in a case insensitive way for equals/hashCode
diff --git a/jdk/src/share/classes/java/security/SecureRandom.java b/jdk/src/share/classes/java/security/SecureRandom.java
index 6848be5a2..05ff79191 100644
--- a/jdk/src/share/classes/java/security/SecureRandom.java
+++ b/jdk/src/share/classes/java/security/SecureRandom.java
@@ -32,6 +32,7 @@ import java.security.Provider.Service;
import sun.security.jca.*;
import sun.security.jca.GetInstance.Instance;
+import sun.security.provider.SunEntries;
import sun.security.util.Debug;
/**
@@ -191,35 +192,50 @@ public class SecureRandom extends java.util.Random {
}
private void getDefaultPRNG(boolean setSeed, byte[] seed) {
- String prng = getPrngAlgorithm();
- if (prng == null) {
- // bummer, get the SUN implementation
- prng = "SHA1PRNG";
+ Service prngService = null;
+ String prngAlgorithm = null;
+ for (Provider p : Providers.getProviderList().providers()) {
+ // SUN provider uses the SunEntries.DEF_SECURE_RANDOM_ALGO
+ // as the default SecureRandom algorithm; for other providers,
+ // Provider.getDefaultSecureRandom() will use the 1st
+ // registered SecureRandom algorithm
+ if (p.getName().equals("SUN")) {
+ prngAlgorithm = SunEntries.DEF_SECURE_RANDOM_ALGO;
+ prngService = p.getService("SecureRandom", prngAlgorithm);
+ break;
+ } else {
+ prngService = p.getDefaultSecureRandomService();
+ if (prngService != null) {
+ prngAlgorithm = prngService.getAlgorithm();
+ break;
+ }
+ }
+ }
+ // per javadoc, if none of the Providers support a RNG algorithm,
+ // then an implementation-specific default is returned.
+ if (prngService == null) {
+ prngAlgorithm = "SHA1PRNG";
this.secureRandomSpi = new sun.security.provider.SecureRandom();
this.provider = Providers.getSunProvider();
- if (setSeed) {
- this.secureRandomSpi.engineSetSeed(seed);
- }
} else {
try {
- SecureRandom random = SecureRandom.getInstance(prng);
- this.secureRandomSpi = random.getSecureRandomSpi();
- this.provider = random.getProvider();
- if (setSeed) {
- this.secureRandomSpi.engineSetSeed(seed);
- }
+ this.secureRandomSpi = (SecureRandomSpi) prngService.newInstance(null);
+ this.provider = prngService.getProvider();
} catch (NoSuchAlgorithmException nsae) {
- // never happens, because we made sure the algorithm exists
+ // should not happen
throw new RuntimeException(nsae);
}
}
+ if (setSeed) {
+ this.secureRandomSpi.engineSetSeed(seed);
+ }
// JDK 1.1 based implementations subclass SecureRandom instead of
// SecureRandomSpi. They will also go through this code path because
// they must call a SecureRandom constructor as it is their superclass.
// If we are dealing with such an implementation, do not set the
// algorithm value as it would be inaccurate.
if (getClass() == SecureRandom.class) {
- this.algorithm = prng;
+ this.algorithm = prngAlgorithm;
}
}
@@ -386,13 +402,6 @@ public class SecureRandom extends java.util.Random {
instance.provider, algorithm);
}
- /**
- * Returns the SecureRandomSpi of this SecureRandom object.
- */
- SecureRandomSpi getSecureRandomSpi() {
- return secureRandomSpi;
- }
-
/**
* Returns the provider of this SecureRandom object.
*
@@ -548,23 +557,6 @@ public class SecureRandom extends java.util.Random {
return retVal;
}
- /**
- * Gets a default PRNG algorithm by looking through all registered
- * providers. Returns the first PRNG algorithm of the first provider that
- * has registered a SecureRandom implementation, or null if none of the
- * registered providers supplies a SecureRandom implementation.
- */
- private static String getPrngAlgorithm() {
- for (Provider p : Providers.getProviderList().providers()) {
- for (Service s : p.getServices()) {
- if (s.getType().equals("SecureRandom")) {
- return s.getAlgorithm();
- }
- }
- }
- return null;
- }
-
/*
* Lazily initialize since Pattern.compile() is heavy.
* Effective Java (2nd Edition), Item 71.
diff --git a/jdk/src/share/classes/javax/crypto/Cipher.java b/jdk/src/share/classes/javax/crypto/Cipher.java
index d3d09d7e2..93c177e77 100644
--- a/jdk/src/share/classes/javax/crypto/Cipher.java
+++ b/jdk/src/share/classes/javax/crypto/Cipher.java
@@ -1186,7 +1186,7 @@ public class Cipher {
* by the underlying {@code CipherSpi}.
*/
public final void init(int opmode, Key key) throws InvalidKeyException {
- init(opmode, key, JceSecurity.RANDOM);
+ init(opmode, key, JCAUtil.getSecureRandom());
}
/**
@@ -1327,7 +1327,7 @@ public class Cipher {
public final void init(int opmode, Key key, AlgorithmParameterSpec params)
throws InvalidKeyException, InvalidAlgorithmParameterException
{
- init(opmode, key, params, JceSecurity.RANDOM);
+ init(opmode, key, params, JCAUtil.getSecureRandom());
}
/**
@@ -1470,7 +1470,7 @@ public class Cipher {
public final void init(int opmode, Key key, AlgorithmParameters params)
throws InvalidKeyException, InvalidAlgorithmParameterException
{
- init(opmode, key, params, JceSecurity.RANDOM);
+ init(opmode, key, params, JCAUtil.getSecureRandom());
}
/**
@@ -1618,7 +1618,7 @@ public class Cipher {
public final void init(int opmode, Certificate certificate)
throws InvalidKeyException
{
- init(opmode, certificate, JceSecurity.RANDOM);
+ init(opmode, certificate, JCAUtil.getSecureRandom());
}
/**
diff --git a/jdk/src/share/classes/javax/crypto/JceSecurity.java b/jdk/src/share/classes/javax/crypto/JceSecurity.java
index e7e3a99f5..1186dc351 100644
--- a/jdk/src/share/classes/javax/crypto/JceSecurity.java
+++ b/jdk/src/share/classes/javax/crypto/JceSecurity.java
@@ -49,8 +49,6 @@ import sun.security.util.Debug;
final class JceSecurity {
- static final SecureRandom RANDOM = new SecureRandom();
-
// The defaultPolicy and exemptPolicy will be set up
// in the static initializer.
private static CryptoPermissions defaultPolicy = null;
diff --git a/jdk/src/share/classes/javax/crypto/KeyAgreement.java b/jdk/src/share/classes/javax/crypto/KeyAgreement.java
index 513fc501e..4e16bcacb 100644
--- a/jdk/src/share/classes/javax/crypto/KeyAgreement.java
+++ b/jdk/src/share/classes/javax/crypto/KeyAgreement.java
@@ -438,7 +438,7 @@ public class KeyAgreement {
* has an incompatible algorithm type.
*/
public final void init(Key key) throws InvalidKeyException {
- init(key, JceSecurity.RANDOM);
+ init(key, JCAUtil.getSecureRandom());
}
/**
@@ -506,7 +506,7 @@ public class KeyAgreement {
public final void init(Key key, AlgorithmParameterSpec params)
throws InvalidKeyException, InvalidAlgorithmParameterException
{
- init(key, params, JceSecurity.RANDOM);
+ init(key, params, JCAUtil.getSecureRandom());
}
/**
diff --git a/jdk/src/share/classes/javax/crypto/KeyGenerator.java b/jdk/src/share/classes/javax/crypto/KeyGenerator.java
index 2a26da5e5..71fa64715 100644
--- a/jdk/src/share/classes/javax/crypto/KeyGenerator.java
+++ b/jdk/src/share/classes/javax/crypto/KeyGenerator.java
@@ -427,7 +427,7 @@ public class KeyGenerator {
public final void init(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException
{
- init(params, JceSecurity.RANDOM);
+ init(params, JCAUtil.getSecureRandom());
}
/**
@@ -491,7 +491,7 @@ public class KeyGenerator {
* supported.
*/
public final void init(int keysize) {
- init(keysize, JceSecurity.RANDOM);
+ init(keysize, JCAUtil.getSecureRandom());
}
/**
diff --git a/jdk/src/share/classes/sun/security/provider/Sun.java b/jdk/src/share/classes/sun/security/provider/Sun.java
index 07ef2ff4a..75b411605 100644
--- a/jdk/src/share/classes/sun/security/provider/Sun.java
+++ b/jdk/src/share/classes/sun/security/provider/Sun.java
@@ -28,7 +28,6 @@ package sun.security.provider;
import java.util.*;
import java.security.*;
-import sun.security.action.PutAllAction;
/**
* The SUN Security Provider.
@@ -49,17 +48,27 @@ public final class Sun extends Provider {
/* We are the SUN provider */
super("SUN", 1.8d, INFO);
+ Provider p = this;
+ Iterator<Provider.Service> serviceIter = new SunEntries(p).iterator();
+
// if there is no security manager installed, put directly into
- // the provider. Otherwise, create a temporary map and use a
- // doPrivileged() call at the end to transfer the contents
+ // the provider.
if (System.getSecurityManager() == null) {
- SunEntries.putEntries(this);
+ putEntries(serviceIter);
} else {
- // use LinkedHashMap to preserve the order of the PRNGs
- Map<Object, Object> map = new LinkedHashMap<>();
- SunEntries.putEntries(map);
- AccessController.doPrivileged(new PutAllAction(this, map));
+ AccessController.doPrivileged(new PrivilegedAction<Void>() {
+ @Override
+ public Void run() {
+ putEntries(serviceIter);
+ return null;
+ }
+ });
}
}
+ void putEntries(Iterator<Provider.Service> i) {
+ while (i.hasNext()) {
+ putService(i.next());
+ }
+ }
}
diff --git a/jdk/src/share/classes/sun/security/provider/SunEntries.java b/jdk/src/share/classes/sun/security/provider/SunEntries.java
index d85697841..fb61d40b0 100644
--- a/jdk/src/share/classes/sun/security/provider/SunEntries.java
+++ b/jdk/src/share/classes/sun/security/provider/SunEntries.java
@@ -27,7 +27,7 @@ package sun.security.provider;
import java.io.*;
import java.net.*;
-import java.util.Map;
+import java.util.*;
import java.security.*;
import sun.security.action.GetPropertyAction;
@@ -77,255 +77,222 @@ import sun.security.action.GetPropertyAction;
* - JavaLoginConfig is the default file-based LoginModule Configuration type.
*/
-final class SunEntries {
+public final class SunEntries {
- private static final boolean useLegacyDSA =
- Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty
- ("jdk.security.legacyDSAKeyPairGenerator"));
+ // the default algo used by SecureRandom class for new SecureRandom() calls
+ public static final String DEF_SECURE_RANDOM_ALGO;
+
+ // create an aliases List from the specified aliases
+ public static List<String> createAliases(String ... aliases) {
+ return Arrays.asList(aliases);
+ }
- private SunEntries() {
- // empty
+ // create an aliases List from the specified oid followed by other aliases
+ public static List<String> createAliasesWithOid(String ... oids) {
+ String[] result = Arrays.copyOf(oids, oids.length + 1);
+ result[result.length - 1] = "OID." + oids[0];
+ return Arrays.asList(result);
}
- static void putEntries(Map<Object, Object> map) {
+ SunEntries(Provider p) {
+ services = new LinkedHashSet<>(50, 0.9f);
+
+ // start populating content using the specified provider
+
+ // common attribute map
+ HashMap<String, String> attrs = new HashMap<>(3);
/*
- * SecureRandom
- *
- * Register these first to speed up "new SecureRandom()",
- * which iterates through the list of algorithms
+ * SecureRandom engines
*/
- // register the native PRNG, if available
- // if user selected /dev/urandom, we put it before SHA1PRNG,
- // otherwise after it
- boolean nativeAvailable = NativePRNG.isAvailable();
- boolean useNativePRNG = seedSource.equals(URL_DEV_URANDOM) ||
- seedSource.equals(URL_DEV_RANDOM);
-
- if (nativeAvailable && useNativePRNG) {
- map.put("SecureRandom.NativePRNG",
- "sun.security.provider.NativePRNG");
- }
- map.put("SecureRandom.SHA1PRNG",
- "sun.security.provider.SecureRandom");
- if (nativeAvailable && !useNativePRNG) {
- map.put("SecureRandom.NativePRNG",
- "sun.security.provider.NativePRNG");
+ if (NativePRNG.isAvailable()) {
+ add(p, "SecureRandom", "NativePRNG",
+ "sun.security.provider.NativePRNG",
+ null, attrs);
}
if (NativePRNG.Blocking.isAvailable()) {
- map.put("SecureRandom.NativePRNGBlocking",
- "sun.security.provider.NativePRNG$Blocking");
+ add(p, "SecureRandom", "NativePRNGBlocking",
+ "sun.security.provider.NativePRNG$Blocking", null, attrs);
}
if (NativePRNG.NonBlocking.isAvailable()) {
- map.put("SecureRandom.NativePRNGNonBlocking",
- "sun.security.provider.NativePRNG$NonBlocking");
+ add(p, "SecureRandom", "NativePRNGNonBlocking",
+ "sun.security.provider.NativePRNG$NonBlocking", null, attrs);
}
+ attrs.put("ImplementedIn", "Software");
+ add(p, "SecureRandom", "SHA1PRNG",
+ "sun.security.provider.SecureRandom", null, attrs);
+
/*
* Signature engines
*/
- map.put("Signature.SHA1withDSA",
- "sun.security.provider.DSA$SHA1withDSA");
- map.put("Signature.NONEwithDSA", "sun.security.provider.DSA$RawDSA");
- map.put("Alg.Alias.Signature.RawDSA", "NONEwithDSA");
- map.put("Signature.SHA224withDSA",
- "sun.security.provider.DSA$SHA224withDSA");
- map.put("Signature.SHA256withDSA",
- "sun.security.provider.DSA$SHA256withDSA");
-
+ attrs.clear();
String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +
"|java.security.interfaces.DSAPrivateKey";
- map.put("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses);
- map.put("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses);
- map.put("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses);
- map.put("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses);
-
- map.put("Alg.Alias.Signature.DSA", "SHA1withDSA");
- map.put("Alg.Alias.Signature.DSS", "SHA1withDSA");
- map.put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
- map.put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA");
- map.put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA");
- map.put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA");
- map.put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.10040.4.3",
- "SHA1withDSA");
- map.put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA");
- map.put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA");
- map.put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA");
- map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1",
- "SHA224withDSA");
- map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA");
- map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2",
- "SHA256withDSA");
- map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA");
+ attrs.put("SupportedKeyClasses", dsaKeyClasses);
+ attrs.put("ImplementedIn", "Software");
+
+ attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures
+
+ add(p, "Signature", "SHA1withDSA",
+ "sun.security.provider.DSA$SHA1withDSA",
+ createAliasesWithOid("1.2.840.10040.4.3", "DSA", "DSS",
+ "SHA/DSA", "SHA-1/DSA", "SHA1/DSA", "SHAwithDSA",
+ "DSAWithSHA1", "1.3.14.3.2.13", "1.3.14.3.2.27"), attrs);
+ add(p, "Signature", "NONEwithDSA", "sun.security.provider.DSA$RawDSA",
+ createAliases("RawDSA"), attrs);
+
+ attrs.put("KeySize", "2048"); // for SHA224 and SHA256 DSA signatures
+
+ add(p, "Signature", "SHA224withDSA",
+ "sun.security.provider.DSA$SHA224withDSA",
+ createAliasesWithOid("2.16.840.1.101.3.4.3.1"), attrs);
+ add(p, "Signature", "SHA256withDSA",
+ "sun.security.provider.DSA$SHA256withDSA",
+ createAliasesWithOid("2.16.840.1.101.3.4.3.2"), attrs);
+
+ attrs.remove("KeySize");
/*
* Key Pair Generator engines
*/
+ attrs.clear();
+ attrs.put("ImplementedIn", "Software");
+ attrs.put("KeySize", "2048"); // for DSA KPG and APG only
+
+ String dsaOid = "1.2.840.10040.4.1";
+ List<String> dsaAliases = createAliasesWithOid(dsaOid, "1.3.14.3.2.12");
String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
- map.put("KeyPairGenerator.DSA", dsaKPGImplClass);
- map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA");
- map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA");
- map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA");
-
- /*
- * Digest engines
- */
- map.put("MessageDigest.MD2", "sun.security.provider.MD2");
- map.put("MessageDigest.MD5", "sun.security.provider.MD5");
- map.put("MessageDigest.SHA", "sun.security.provider.SHA");
-
- map.put("Alg.Alias.MessageDigest.SHA-1", "SHA");
- map.put("Alg.Alias.MessageDigest.SHA1", "SHA");
- map.put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA");
- map.put("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA");
-
- map.put("MessageDigest.SHA-224", "sun.security.provider.SHA2$SHA224");
- map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224");
- map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4",
- "SHA-224");
-
- map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2$SHA256");
- map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256");
- map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1",
- "SHA-256");
- map.put("MessageDigest.SHA-384", "sun.security.provider.SHA5$SHA384");
- map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384");
- map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2",
- "SHA-384");
- map.put("MessageDigest.SHA-512", "sun.security.provider.SHA5$SHA512");
- map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512");
- map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3",
- "SHA-512");
- map.put("MessageDigest.SHA-512/224", "sun.security.provider.SHA5$SHA512_224");
- map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.5", "SHA-512/224");
- map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.5",
- "SHA-512/224");
- map.put("MessageDigest.SHA-512/256", "sun.security.provider.SHA5$SHA512_256");
- map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.6", "SHA-512/256");
- map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.6",
- "SHA-512/256");
+ add(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, dsaAliases, attrs);
/*
* Algorithm Parameter Generator engines
*/
- map.put("AlgorithmParameterGenerator.DSA",
- "sun.security.provider.DSAParameterGenerator");
+ add(p, "AlgorithmParameterGenerator", "DSA",
+ "sun.security.provider.DSAParameterGenerator", dsaAliases,
+ attrs);
+ attrs.remove("KeySize");
/*
* Algorithm Parameter engines
*/
- map.put("AlgorithmParameters.DSA",
- "sun.security.provider.DSAParameters");
- map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA");
- map.put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA");
- map.put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA");
+ add(p, "AlgorithmParameters", "DSA",
+ "sun.security.provider.DSAParameters", dsaAliases, attrs);
/*
* Key factories
*/
- map.put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory");
- map.put("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA");
- map.put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA");
- map.put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA");
+ add(p, "KeyFactory", "DSA", "sun.security.provider.DSAKeyFactory",
+ dsaAliases, attrs);
/*
- * Certificates
+ * Digest engines
*/
- map.put("CertificateFactory.X.509",
- "sun.security.provider.X509Factory");
- map.put("Alg.Alias.CertificateFactory.X509", "X.509");
+ add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", null, attrs);
+ add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", null, attrs);
+ add(p, "MessageDigest", "SHA", "sun.security.provider.SHA",
+ createAliasesWithOid("1.3.14.3.2.26", "SHA-1", "SHA1"), attrs);
+
+ String sha2BaseOid = "2.16.840.1.101.3.4.2";
+ add(p, "MessageDigest", "SHA-224", "sun.security.provider.SHA2$SHA224",
+ createAliasesWithOid(sha2BaseOid + ".4"), attrs);
+ add(p, "MessageDigest", "SHA-256", "sun.security.provider.SHA2$SHA256",
+ createAliasesWithOid(sha2BaseOid + ".1"), attrs);
+ add(p, "MessageDigest", "SHA-384", "sun.security.provider.SHA5$SHA384",
+ createAliasesWithOid(sha2BaseOid + ".2"), attrs);
+ add(p, "MessageDigest", "SHA-512", "sun.security.provider.SHA5$SHA512",
+ createAliasesWithOid(sha2BaseOid + ".3"), attrs);
+ add(p, "MessageDigest", "SHA-512/224",
+ "sun.security.provider.SHA5$SHA512_224",
+ createAliasesWithOid(sha2BaseOid + ".5"), attrs);
+ add(p, "MessageDigest", "SHA-512/256",
+ "sun.security.provider.SHA5$SHA512_256",
+ createAliasesWithOid(sha2BaseOid + ".6"), attrs);
- /*
- * KeyStore
- */
- map.put("KeyStore.JKS",
- "sun.security.provider.JavaKeyStore$DualFormatJKS");
- map.put("KeyStore.CaseExactJKS",
- "sun.security.provider.JavaKeyStore$CaseExactJKS");
- map.put("KeyStore.DKS", "sun.security.provider.DomainKeyStore$DKS");
/*
- * Policy
+ * Certificates
*/
- map.put("Policy.JavaPolicy", "sun.security.provider.PolicySpiFile");
+ add(p, "CertificateFactory", "X.509",
+ "sun.security.provider.X509Factory",
+ createAliases("X509"), attrs);
/*
- * Configuration
+ * KeyStore
*/
- map.put("Configuration.JavaLoginConfig",
- "sun.security.provider.ConfigFile$Spi");
+ add(p, "KeyStore", "JKS",
+ "sun.security.provider.JavaKeyStore$DualFormatJKS",
+ null, attrs);
+ add(p, "KeyStore", "CaseExactJKS",
+ "sun.security.provider.JavaKeyStore$CaseExactJKS",
+ null, attrs);
+ add(p, "KeyStore", "DKS", "sun.security.provider.DomainKeyStore$DKS",
+ null, attrs);
/*
- * CertPathBuilder
+ * CertStores
*/
- map.put("CertPathBuilder.PKIX",
- "sun.security.provider.certpath.SunCertPathBuilder");
- map.put("CertPathBuilder.PKIX ValidationAlgorithm",
- "RFC5280");
+ attrs.put("LDAPSchema", "RFC2587");
+ add(p, "CertStore", "LDAP",
+ "sun.security.provider.certpath.ldap.LDAPCertStore", null, attrs);
+ attrs.remove("LDAPSchema");
+ add(p, "CertStore", "Collection",
+ "sun.security.provider.certpath.CollectionCertStore",
+ null, attrs);
+ add(p, "CertStore", "com.sun.security.IndexedCollection",
+ "sun.security.provider.certpath.IndexedCollectionCertStore",
+ null, attrs);
/*
- * CertPathValidator
+ * Policy
*/
- map.put("CertPathValidator.PKIX",
- "sun.security.provider.certpath.PKIXCertPathValidator");
- map.put("CertPathValidator.PKIX ValidationAlgorithm",
- "RFC5280");
+ add(p, "Policy", "JavaPolicy", "sun.security.provider.PolicySpiFile",
+ null, null);
/*
- * CertStores
+ * Configuration
*/
- map.put("CertStore.LDAP",
- "sun.security.provider.certpath.ldap.LDAPCertStore");
- map.put("CertStore.LDAP LDAPSchema", "RFC2587");
- map.put("CertStore.Collection",
- "sun.security.provider.certpath.CollectionCertStore");
- map.put("CertStore.com.sun.security.IndexedCollection",
- "sun.security.provider.certpath.IndexedCollectionCertStore");
+ add(p, "Configuration", "JavaLoginConfig",
+ "sun.security.provider.ConfigFile$Spi", null, null);
/*
- * KeySize
+ * CertPathBuilder and CertPathValidator
*/
- map.put("Signature.NONEwithDSA KeySize", "1024");
- map.put("Signature.SHA1withDSA KeySize", "1024");
- map.put("Signature.SHA224withDSA KeySize", "2048");
- map.put("Signature.SHA256withDSA KeySize", "2048");
-
- map.put("KeyPairGenerator.DSA KeySize", "2048");
- map.put("AlgorithmParameterGenerator.DSA KeySize", "2048");
+ attrs.clear();
+ attrs.put("ValidationAlgorithm", "RFC5280");
+ attrs.put("ImplementedIn", "Software");
+ add(p, "CertPathBuilder", "PKIX",
+ "sun.security.provider.certpath.SunCertPathBuilder",
+ null, attrs);
+ add(p, "CertPathValidator", "PKIX",
+ "sun.security.provider.certpath.PKIXCertPathValidator",
+ null, attrs);
+ }
- /*
- * Implementation type: software or hardware
- */
- map.put("Signature.SHA1withDSA ImplementedIn", "Software");
- map.put("KeyPairGenerator.DSA ImplementedIn", "Software");
- map.put("MessageDigest.MD5 ImplementedIn", "Software");
- map.put("MessageDigest.SHA ImplementedIn", "Software");
- map.put("AlgorithmParameterGenerator.DSA ImplementedIn",
- "Software");
- map.put("AlgorithmParameters.DSA ImplementedIn", "Software");
- map.put("KeyFactory.DSA ImplementedIn", "Software");
- map.put("SecureRandom.SHA1PRNG ImplementedIn", "Software");
- map.put("CertificateFactory.X.509 ImplementedIn", "Software");
- map.put("KeyStore.JKS ImplementedIn", "Software");
- map.put("CertPathValidator.PKIX ImplementedIn", "Software");
- map.put("CertPathBuilder.PKIX ImplementedIn", "Software");
- map.put("CertStore.LDAP ImplementedIn", "Software");
- map.put("CertStore.Collection ImplementedIn", "Software");
- map.put("CertStore.com.sun.security.IndexedCollection ImplementedIn",
- "Software");
+ Iterator<Provider.Service> iterator() {
+ return services.iterator();
+ }
+ private void add(Provider p, String type, String algo, String cn,
+ List<String> aliases, HashMap<String, String> attrs) {
+ services.add(new Provider.Service(p, type, algo, cn, aliases, attrs));
}
+ private LinkedHashSet<Provider.Service> services;
+
// name of the *System* property, takes precedence over PROP_RNDSOURCE
private final static String PROP_EGD = "java.security.egd";
// name of the *Security* property
private final static String PROP_RNDSOURCE = "securerandom.source";
+ private static final boolean useLegacyDSA =
+ Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty
+ ("jdk.security.legacyDSAKeyPairGenerator"));
+
final static String URL_DEV_RANDOM = "file:/dev/random";
final static String URL_DEV_URANDOM = "file:/dev/urandom";
@@ -348,6 +315,12 @@ final class SunEntries {
return egdSource;
}
});
+
+ DEF_SECURE_RANDOM_ALGO = (NativePRNG.isAvailable() &&
+ (seedSource.equals(URL_DEV_URANDOM) ||
+ seedSource.equals(URL_DEV_RANDOM)) ?
+ "NativePRNG" : "SHA1PRNG");
+
}
static String getSeedSource() {
diff --git a/jdk/src/share/classes/sun/security/provider/VerificationProvider.java b/jdk/src/share/classes/sun/security/provider/VerificationProvider.java
index 296b03437..d76d81999 100644
--- a/jdk/src/share/classes/sun/security/provider/VerificationProvider.java
+++ b/jdk/src/share/classes/sun/security/provider/VerificationProvider.java
@@ -28,8 +28,6 @@ package sun.security.provider;
import java.util.*;
import java.security.*;
-import sun.security.action.PutAllAction;
-
import sun.security.rsa.SunRsaSignEntries;
/**
@@ -68,19 +66,29 @@ public final class VerificationProvider extends Provider {
return;
}
+ Provider p = this;
+ Iterator<Provider.Service> sunIter = new SunEntries(p).iterator();
+ Iterator<Provider.Service> rsaIter = new SunRsaSignEntries(p).iterator();
// if there is no security manager installed, put directly into
- // the provider. Otherwise, create a temporary map and use a
- // doPrivileged() call at the end to transfer the contents
+ // the provider.
if (System.getSecurityManager() == null) {
- SunEntries.putEntries(this);
- SunRsaSignEntries.putEntries(this);
+ putEntries(sunIter);
+ putEntries(rsaIter);
} else {
// use LinkedHashMap to preserve the order of the PRNGs
- Map<Object, Object> map = new LinkedHashMap<>();
- SunEntries.putEntries(map);
- SunRsaSignEntries.putEntries(map);
- AccessController.doPrivileged(new PutAllAction(this, map));
+ AccessController.doPrivileged(new PrivilegedAction<Object>() {
+ public Void run() {
+ putEntries(sunIter);
+ putEntries(rsaIter);
+ return null;
+ }
+ });
}
}
+ void putEntries(Iterator<Provider.Service> i) {
+ while (i.hasNext()) {
+ putService(i.next());
+ }
+ }
}
diff --git a/jdk/src/share/classes/sun/security/rsa/SunRsaSign.java b/jdk/src/share/classes/sun/security/rsa/SunRsaSign.java
index 65ae02a08..3c3d0f693 100644
--- a/jdk/src/share/classes/sun/security/rsa/SunRsaSign.java
+++ b/jdk/src/share/classes/sun/security/rsa/SunRsaSign.java
@@ -29,7 +29,6 @@ import java.util.*;
import java.security.*;
-import sun.security.action.PutAllAction;
/**
* Provider class for the RSA signature provider. Supports RSA keyfactory,
@@ -45,17 +44,25 @@ public final class SunRsaSign extends Provider {
public SunRsaSign() {
super("SunRsaSign", 1.8d, "Sun RSA signature provider");
- // if there is no security manager installed, put directly into
- // the provider. Otherwise, create a temporary map and use a
- // doPrivileged() call at the end to transfer the contents
+ Provider p = this;
+ Iterator<Provider.Service> serviceIter = new SunRsaSignEntries(p).iterator();
+
if (System.getSecurityManager() == null) {
- SunRsaSignEntries.putEntries(this);
+ putEntries(serviceIter);
} else {
- // use LinkedHashMap to preserve the order of the PRNGs
- Map<Object, Object> map = new HashMap<>();
- SunRsaSignEntries.putEntries(map);
- AccessController.doPrivileged(new PutAllAction(this, map));
+ AccessController.doPrivileged(new PrivilegedAction<Void>() {
+ @Override
+ public Void run() {
+ putEntries(serviceIter);
+ return null;
+ }
+ });
}
}
+ void putEntries(Iterator<Provider.Service> i) {
+ while (i.hasNext()) {
+ putService(i.next());
+ }
+ }
}
diff --git a/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java b/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java
index 6af5fdf85..f8de9eccc 100644
--- a/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java
+++ b/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java
@@ -25,7 +25,9 @@
package sun.security.rsa;
-import java.util.Map;
+import java.util.*;
+import java.security.Provider;
+import static sun.security.provider.SunEntries.createAliasesWithOid;
/**
* Defines the entries of the SunRsaSign provider.
@@ -34,102 +36,81 @@ import java.util.Map;
*/
public final class SunRsaSignEntries {
- private SunRsaSignEntries() {
- // empty
+ private void add(Provider p, String type, String algo, String cn,
+ List<String> aliases, HashMap<String, String> attrs) {
+ services.add(new Provider.Service(p, type, algo, cn, aliases, attrs));
}
- public static void putEntries(Map<Object, Object> map) {
-
- // main algorithms
- map.put("KeyFactory.RSA",
- "sun.security.rsa.RSAKeyFactory$Legacy");
- map.put("KeyPairGenerator.RSA",
- "sun.security.rsa.RSAKeyPairGenerator$Legacy");
- map.put("Signature.MD2withRSA",
- "sun.security.rsa.RSASignature$MD2withRSA");
- map.put("Signature.MD5withRSA",
- "sun.security.rsa.RSASignature$MD5withRSA");
- map.put("Signature.SHA1withRSA",
- "sun.security.rsa.RSASignature$SHA1withRSA");
- map.put("Signature.SHA224withRSA",
- "sun.security.rsa.RSASignature$SHA224withRSA");
- map.put("Signature.SHA256withRSA",
- "sun.security.rsa.RSASignature$SHA256withRSA");
- map.put("Signature.SHA384withRSA",
- "sun.security.rsa.RSASignature$SHA384withRSA");
- map.put("Signature.SHA512withRSA",
- "sun.security.rsa.RSASignature$SHA512withRSA");
- map.put("Signature.SHA512/224withRSA",
- "sun.security.rsa.RSASignature$SHA512_224withRSA");
- map.put("Signature.SHA512/256withRSA",
- "sun.security.rsa.RSASignature$SHA512_256withRSA");
-
- map.put("KeyFactory.RSASSA-PSS",
- "sun.security.rsa.RSAKeyFactory$PSS");
- map.put("KeyPairGenerator.RSASSA-PSS",
- "sun.security.rsa.RSAKeyPairGenerator$PSS");
- map.put("Signature.RSASSA-PSS",
- "sun.security.rsa.RSAPSSSignature");
- map.put("AlgorithmParameters.RSASSA-PSS",
- "sun.security.rsa.PSSParameters");
-
- // attributes for supported key classes
- String rsaKeyClasses = "java.security.interfaces.RSAPublicKey" +
- "|java.security.interfaces.RSAPrivateKey";
- map.put("Signature.MD2withRSA SupportedKeyClasses", rsaKeyClasses);
- map.put("Signature.MD5withRSA SupportedKeyClasses", rsaKeyClasses);
- map.put("Signature.SHA1withRSA SupportedKeyClasses", rsaKeyClasses);
- map.put("Signature.SHA224withRSA SupportedKeyClasses", rsaKeyClasses);
- map.put("Signature.SHA256withRSA SupportedKeyClasses", rsaKeyClasses);
- map.put("Signature.SHA384withRSA SupportedKeyClasses", rsaKeyClasses);
- map.put("Signature.SHA512withRSA SupportedKeyClasses", rsaKeyClasses);
- map.put("Signature.SHA512/224withRSA SupportedKeyClasses", rsaKeyClasses);
- map.put("Signature.SHA512/256withRSA SupportedKeyClasses", rsaKeyClasses);
- map.put("Signature.RSASSA-PSS SupportedKeyClasses", rsaKeyClasses);
-
- // aliases
- map.put("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA");
- map.put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA");
-
- map.put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA");
- map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA");
-
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2", "MD2withRSA");
-
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", "MD5withRSA");
-
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA");
- map.put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA");
-
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.14", "SHA224withRSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.14", "SHA224withRSA");
-
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256withRSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.11", "SHA256withRSA");
-
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384withRSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.12", "SHA384withRSA");
-
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512withRSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.13", "SHA512withRSA");
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.15", "SHA512/224withRSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.15", "SHA512/224withRSA");
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.16", "SHA512/256withRSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.16", "SHA512/256withRSA");
-
- map.put("Alg.Alias.KeyFactory.1.2.840.113549.1.1.10", "RSASSA-PSS");
- map.put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
-
- map.put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.10", "RSASSA-PSS");
- map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
-
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.10", "RSASSA-PSS");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
+ // extend LinkedHashSet for consistency with SunEntries
+ // used by sun.security.provider.VerificationProvider
+ public SunRsaSignEntries(Provider p) {
+ services = new LinkedHashSet<>(20, 0.9f);
+
+ // start populating content using the specified provider
+
+ // common oids
+ String rsaOid = "1.2.840.113549.1.1";
+ List<String> rsaAliases = createAliasesWithOid(rsaOid);
+ List<String> rsapssAliases = createAliasesWithOid(rsaOid + ".10");
+ String sha1withRSAOid2 = "1.3.14.3.2.29";
+
+ // common attribute map
+ HashMap<String, String> attrs = new HashMap<>(3);
+ attrs.put("SupportedKeyClasses",
+ "java.security.interfaces.RSAPublicKey" +
+ "|java.security.interfaces.RSAPrivateKey");
+
+ add(p, "KeyFactory", "RSA",
+ "sun.security.rsa.RSAKeyFactory$Legacy",
+ rsaAliases, null);
+ add(p, "KeyPairGenerator", "RSA",
+ "sun.security.rsa.RSAKeyPairGenerator$Legacy",
+ rsaAliases, null);
+ add(p, "Signature", "MD2withRSA",
+ "sun.security.rsa.RSASignature$MD2withRSA",
+ createAliasesWithOid(rsaOid + ".2"), attrs);
+ add(p, "Signature", "MD5withRSA",
+ "sun.security.rsa.RSASignature$MD5withRSA",
+ createAliasesWithOid(rsaOid + ".4"), attrs);
+ add(p, "Signature", "SHA1withRSA",
+ "sun.security.rsa.RSASignature$SHA1withRSA",
+ createAliasesWithOid(rsaOid + ".5", sha1withRSAOid2), attrs);
+ add(p, "Signature", "SHA224withRSA",
+ "sun.security.rsa.RSASignature$SHA224withRSA",
+ createAliasesWithOid(rsaOid + ".14"), attrs);
+ add(p, "Signature", "SHA256withRSA",
+ "sun.security.rsa.RSASignature$SHA256withRSA",
+ createAliasesWithOid(rsaOid + ".11"), attrs);
+ add(p, "Signature", "SHA384withRSA",
+ "sun.security.rsa.RSASignature$SHA384withRSA",
+ createAliasesWithOid(rsaOid + ".12"), attrs);
+ add(p, "Signature", "SHA512withRSA",
+ "sun.security.rsa.RSASignature$SHA512withRSA",
+ createAliasesWithOid(rsaOid + ".13"), attrs);
+ add(p, "Signature", "SHA512/224withRSA",
+ "sun.security.rsa.RSASignature$SHA512_224withRSA",
+ createAliasesWithOid(rsaOid + ".15"), attrs);
+ add(p, "Signature", "SHA512/256withRSA",
+ "sun.security.rsa.RSASignature$SHA512_256withRSA",
+ createAliasesWithOid(rsaOid + ".16"), attrs);
+
+ add(p, "KeyFactory", "RSASSA-PSS",
+ "sun.security.rsa.RSAKeyFactory$PSS",
+ rsapssAliases, null);
+ add(p, "KeyPairGenerator", "RSASSA-PSS",
+ "sun.security.rsa.RSAKeyPairGenerator$PSS",
+ rsapssAliases, null);
+ add(p, "Signature", "RSASSA-PSS",
+ "sun.security.rsa.RSAPSSSignature",
+ rsapssAliases, attrs);
+ add(p, "AlgorithmParameters", "RSASSA-PSS",
+ "sun.security.rsa.PSSParameters",
+ rsapssAliases, null);
+ }
- map.put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.1.10", "RSASSA-PSS");
- map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
+ public Iterator<Provider.Service> iterator() {
+ return services.iterator();
}
+
+ private LinkedHashSet<Provider.Service> services;
}
diff --git a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java b/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
index 2845dc379..58b791c99 100644
--- a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
+++ b/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
@@ -26,9 +26,12 @@
package sun.security.ssl;
-import static sun.security.util.SecurityConstants.PROVIDER_VER;
-
import java.security.*;
+import java.util.*;
+
+import static sun.security.provider.SunEntries.createAliasesWithOid;
+import static sun.security.util.SecurityConstants.PROVIDER_VER;
+import static sun.security.provider.SunEntries.createAliases;
/**
* The JSSE provider.
@@ -159,79 +162,78 @@ public abstract class SunJSSE extends java.security.Provider {
});
}
+ private void ps(String type, String algo, String cn,
+ List<String> aliases, HashMap<String, String> attrs) {
+ putService(new Provider.Service(this, type, algo, cn, aliases, attrs));
+ }
+
+
private void doRegister(boolean isfips) {
if (isfips == false) {
- put("KeyFactory.RSA",
- "sun.security.rsa.RSAKeyFactory$Legacy");
- put("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA");
- put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA");
-
- put("KeyPairGenerator.RSA",
- "sun.security.rsa.RSAKeyPairGenerator$Legacy");
- put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA");
- put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA");
-
- put("Signature.MD2withRSA",
- "sun.security.rsa.RSASignature$MD2withRSA");
- put("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA");
- put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2",
- "MD2withRSA");
-
- put("Signature.MD5withRSA",
- "sun.security.rsa.RSASignature$MD5withRSA");
- put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA");
- put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4",
- "MD5withRSA");
-
- put("Signature.SHA1withRSA",
- "sun.security.rsa.RSASignature$SHA1withRSA");
- put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA");
- put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5",
- "SHA1withRSA");
- put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA");
- put("Alg.Alias.Signature.OID.1.3.14.3.2.29", "SHA1withRSA");
+ // common oids
+ String rsaOid = "1.2.840.113549.1.1";
+ List<String> rsaAliases = createAliasesWithOid(rsaOid);
+ String sha1withRSAOid2 = "1.3.14.3.2.29";
+
+ // common attribute map
+ HashMap<String, String> attrs = new HashMap<>(3);
+ attrs.put("SupportedKeyClasses",
+ "java.security.interfaces.RSAPublicKey" +
+ "|java.security.interfaces.RSAPrivateKey");
+
+ ps("KeyFactory", "RSA",
+ "sun.security.rsa.RSAKeyFactory$Legacy",
+ rsaAliases, null);
+ ps("KeyPairGenerator", "RSA",
+ "sun.security.rsa.RSAKeyPairGenerator$Legacy",
+ rsaAliases, null);
+ ps("Signature", "MD2withRSA",
+ "sun.security.rsa.RSASignature$MD2withRSA",
+ createAliasesWithOid(rsaOid + ".2"), attrs);
+ ps("Signature", "MD5withRSA",
+ "sun.security.rsa.RSASignature$MD5withRSA",
+ createAliasesWithOid(rsaOid + ".4"), attrs);
+ ps("Signature", "SHA1withRSA",
+ "sun.security.rsa.RSASignature$SHA1withRSA",
+ createAliasesWithOid(rsaOid + ".5", sha1withRSAOid2, "OID." + sha1withRSAOid2), attrs);
}
- put("Signature.MD5andSHA1withRSA",
- "sun.security.ssl.RSASignature");
-
- put("KeyManagerFactory.SunX509",
- "sun.security.ssl.KeyManagerFactoryImpl$SunX509");
- put("KeyManagerFactory.NewSunX509",
- "sun.security.ssl.KeyManagerFactoryImpl$X509");
- put("Alg.Alias.KeyManagerFactory.PKIX", "NewSunX509");
-
- put("TrustManagerFactory.SunX509",
- "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory");
- put("TrustManagerFactory.PKIX",
- "sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory");
- put("Alg.Alias.TrustManagerFactory.SunPKIX", "PKIX");
- put("Alg.Alias.TrustManagerFactory.X509", "PKIX");
- put("Alg.Alias.TrustManagerFactory.X.509", "PKIX");
-
- put("SSLContext.TLSv1",
- "sun.security.ssl.SSLContextImpl$TLS10Context");
- put("SSLContext.TLSv1.1",
- "sun.security.ssl.SSLContextImpl$TLS11Context");
- put("SSLContext.TLSv1.2",
- "sun.security.ssl.SSLContextImpl$TLS12Context");
- put("SSLContext.TLSv1.3",
- "sun.security.ssl.SSLContextImpl$TLS13Context");
- put("SSLContext.TLS",
- "sun.security.ssl.SSLContextImpl$TLSContext");
- if (isfips == false) {
- put("Alg.Alias.SSLContext.SSL", "TLS");
- put("Alg.Alias.SSLContext.SSLv3", "TLSv1");
- }
-
- put("SSLContext.Default",
- "sun.security.ssl.SSLContextImpl$DefaultSSLContext");
+ ps("Signature", "MD5andSHA1withRSA",
+ "sun.security.ssl.RSASignature", null, null);
+
+ ps("KeyManagerFactory", "SunX509",
+ "sun.security.ssl.KeyManagerFactoryImpl$SunX509", null, null);
+ ps("KeyManagerFactory", "NewSunX509",
+ "sun.security.ssl.KeyManagerFactoryImpl$X509",
+ createAliases("PKIX"), null);
+
+ ps("TrustManagerFactory", "SunX509",
+ "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory", null, null);
+ ps("TrustManagerFactory", "PKIX",
+ "sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory",
+ createAliases("SunPKIX", "X509", "X.509"), null);
+
+ ps("SSLContext", "TLSv1",
+ "sun.security.ssl.SSLContextImpl$TLS10Context",
+ (isfips? null : createAliases("SSLv3")), null);
+ ps("SSLContext", "TLSv1.1",
+ "sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
+ ps("SSLContext", "TLSv1.2",
+ "sun.security.ssl.SSLContextImpl$TLS12Context", null, null);
+ ps("SSLContext", "TLSv1.3",
+ "sun.security.ssl.SSLContextImpl$TLS13Context", null, null);
+ ps("SSLContext", "TLS",
+ "sun.security.ssl.SSLContextImpl$TLSContext",
+ (isfips? null : createAliases("SSL")), null);
+
+ ps("SSLContext", "Default",
+ "sun.security.ssl.SSLContextImpl$DefaultSSLContext", null, null);
/*
* KeyStore
*/
- put("KeyStore.PKCS12",
- "sun.security.pkcs12.PKCS12KeyStore");
+ ps("KeyStore", "PKCS12",
+ "sun.security.pkcs12.PKCS12KeyStore", null, null);
}
private void subclassCheck() {
diff --git a/jdk/test/java/security/Provider/BaseProviderValidator.java b/jdk/test/java/security/Provider/BaseProviderValidator.java
new file mode 100644
index 000000000..510529baa
--- /dev/null
+++ b/jdk/test/java/security/Provider/BaseProviderValidator.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Huawei designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Huawei in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional
+ * information or have any questions.
+ */
+
+/*
+ * @bug 7092821
+ * @library ../testlibrary
+ * @summary make sure that Sun providers do not miss any algorithms after
+ * modifying the frameworks underneath
+ * @author Henry Yang
+ */
+
+import java.security.Provider;
+import java.security.Provider.Service;
+
+/**
+ * Base class for a provider validator
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+public abstract class BaseProviderValidator {
+ String providerName;
+ Provider provider;
+
+ public BaseProviderValidator() {
+ provider = getDefaultProvider();
+ providerName = provider.getName();
+ }
+
+ abstract Provider getDefaultProvider();
+
+ abstract boolean validate() throws Exception;
+
+ Service getService(String type, String algo) {
+ return ProviderValidationUtil.getService(provider, type, algo);
+ }
+
+ boolean checkService(String serviceName) {
+ String[] typeAndAlg = ProviderValidationUtil.getTypeAndAlgorithm(serviceName);
+ if(typeAndAlg == null || typeAndAlg.length < 2){
+ throw new RuntimeException("service name is not in a right formation");
+ }
+ return ProviderValidationUtil.checkService(provider, typeAndAlg[0], typeAndAlg[1]);
+ }
+
+ boolean checkAlias(String aliasFullName, String serviceShortName) {
+ return ProviderValidationUtil.checkAlias(provider, aliasFullName, serviceShortName);
+ }
+
+ boolean checkAttribute(String attrName, String attrValue) {
+ String[] nameAndAttr = attrName.split("\\s+");
+ return ProviderValidationUtil.checkAttribute(provider, nameAndAttr[0], nameAndAttr[1], attrValue);
+ }
+}
diff --git a/jdk/test/java/security/Provider/GetServiceRace.java b/jdk/test/java/security/Provider/GetServiceRace.java
new file mode 100644
index 000000000..b5b47b5d9
--- /dev/null
+++ b/jdk/test/java/security/Provider/GetServiceRace.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8231387
+ * @library ../testlibrary
+ * @summary make sure getService() avoids a race
+ * @author Tianmin Shi
+ */
+
+import java.security.Provider;
+
+public class GetServiceRace {
+
+ private static final Provider testProvider;
+ static {
+ testProvider = new Provider("MyProvider", 1.0, "test") {
+ };
+ testProvider.put("CertificateFactory.Fixed", "MyCertificateFactory");
+ }
+
+ private static final int NUMBER_OF_RETRIEVERS = 3;
+ private static final int TEST_TIME_MS = 1000;
+
+ public static boolean testFailed = false;
+
+ public static void main(String[] args) throws Exception {
+ Updater updater = new Updater();
+ updater.start();
+ Retriever [] retrievers = new Retriever[NUMBER_OF_RETRIEVERS];
+ for (int i=0; i<retrievers.length; i++) {
+ retrievers[i] = new Retriever();
+ retrievers[i].start();
+ }
+ Thread.sleep(TEST_TIME_MS);
+ System.out.println("Interrupt");
+ updater.interrupt();
+ updater.join();
+ for (int i=0; i<retrievers.length; i++) {
+ retrievers[i].interrupt();
+ retrievers[i].join();
+ }
+ System.out.println("Done");
+ if (testFailed) {
+ throw new Exception("Test Failed");
+ }
+ System.out.println("Test Passed");
+ }
+
+ private static class Updater extends Thread {
+ @Override
+ public void run() {
+ while (!isInterrupted()) {
+ testProvider.put("CertificateFactory.Added", "MyCertificateFactory");
+ }
+ System.out.println("Updater stopped");
+ }
+ }
+
+ private static class Retriever extends Thread {
+ @Override
+ public void run() {
+ while (!isInterrupted()) {
+ Provider.Service service = testProvider.getService("CertificateFactory", "Fixed");
+ if (service == null) {
+ if (!testFailed) {
+ System.err.println("CertificateFactory.Fixed is NULL");
+ testFailed = true;
+ }
+ } else {
+ //System.out.println("CertificateFactory.Fixed is good");
+ }
+ }
+ System.out.println("Retriever stopped");
+ }
+ }
+}
\ No newline at end of file
diff --git a/jdk/test/java/security/Provider/LegacyPutAlias.java b/jdk/test/java/security/Provider/LegacyPutAlias.java
new file mode 100644
index 000000000..44b0c3d9d
--- /dev/null
+++ b/jdk/test/java/security/Provider/LegacyPutAlias.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import static java.lang.System.out;
+
+import java.security.Provider;
+
+
+/**
+ * @test
+ * @bug 8250787
+ * @summary Ensure that aliases added with Provider.put work for services
+ * regardless which method was use to register the service, Provider.put
+ * or Provider.putService.
+ */
+public class LegacyPutAlias {
+ private static final String LEGACY_ALGO = "SRLegacy";
+ private static final String MODERN_ALGO = "SRModern";
+ private static final String LEGACY_ALIAS = "AliasLegacy";
+ private static final String MODERN_ALIAS = "AliasModern";
+
+ public static void main(String[] args) {
+ checkAlias(LEGACY_ALGO, LEGACY_ALIAS);
+ checkAlias(MODERN_ALGO, MODERN_ALIAS);
+ }
+
+ private static void checkAlias(String algo, String alias) {
+ out.println("Checking alias " + alias + " for " + algo);
+ Provider p = new CustomProvider();
+ p.put("Alg.Alias.SecureRandom." + alias, algo);
+ validate(p, algo, alias);
+ out.println("=> Test Passed");
+ }
+
+ private static void validate(Provider p, String algo, String alias) {
+ Provider.Service s = p.getService("SecureRandom", alias);
+ if (s == null) {
+ throw new RuntimeException("Failed alias " + alias + " check, " +
+ "exp: " + algo + ", got null");
+ }
+ if (!algo.equals(s.getAlgorithm())) {
+ throw new RuntimeException("Failed alias " + alias + " check, " +
+ "exp: " + algo + ", got " + s.getAlgorithm());
+ }
+ }
+
+
+ private static final String SR_IMPLCLASS =
+ "sun.security.provider.SecureRandom";
+ private static class CustomProvider extends Provider {
+ private static class CustomService extends Provider.Service {
+ CustomService(Provider p, String type, String algo, String cName) {
+ super(p, type, algo, cName, null, null);
+ }
+ }
+
+ CustomProvider() {
+ super("CP", 1.0, "test provider that registers two services, " +
+ "one with put and one with putService");
+
+ putService(new CustomService(this, "SecureRandom",
+ MODERN_ALGO, SR_IMPLCLASS));
+ put("SecureRandom." + LEGACY_ALGO, SR_IMPLCLASS);
+ }
+ }
+}
diff --git a/jdk/test/java/security/Provider/ProviderValidationUtil.java b/jdk/test/java/security/Provider/ProviderValidationUtil.java
new file mode 100644
index 000000000..8c4ef89c7
--- /dev/null
+++ b/jdk/test/java/security/Provider/ProviderValidationUtil.java
@@ -0,0 +1,269 @@
+/*
+ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Huawei designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Huawei in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional
+ * information or have any questions.
+ */
+
+/*
+ * @bug 7092821
+ * @library ../testlibrary
+ * @summary make sure that Sun providers do not miss any algorithms after
+ * modifying the frameworks underneath
+ * @author Henry Yang
+ */
+
+import static java.util.Locale.ENGLISH;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.security.Provider;
+import java.security.Provider.Service;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * utils for provider validator
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+public class ProviderValidationUtil {
+ private static final String ALIAS_PREFIX_LOWER = "alg.alias.";
+ private static final int ALIAS_LENGTH = ALIAS_PREFIX_LOWER.length();
+
+ /**
+ * get a service from a provider for a specific algorithm
+ *
+ * @param provider the provider to get a service
+ * @param type algorithm type
+ * @param algo algorithm name
+ * @return the service of the specific algorithm
+ */
+ public static Service getService(Provider provider, String type, String algo) {
+ Service service = provider.getService(type, algo);
+ if (service == null) {
+ throw new ServiceNotFoundException(provider.getName(), getServiceName(type, algo));
+ }
+ return service;
+ }
+
+ /**
+ * checks if the provider offers services for a specific algorithm
+ *
+ * @param provider the provider to check
+ * @param type algorithm type
+ * @param algo algorithm name
+ * @return true if passed this check
+ */
+ public static boolean checkService(Provider provider, String type, String algo) {
+ Service service = getService(provider, type, algo);
+ String className = service.getClassName();
+ if (className == null) {
+ throw new ServiceNotFoundException(provider.getName(), getServiceName(type, algo));
+ }
+ try {
+ Class.forName(className);
+ } catch (ClassNotFoundException e) {
+ throw new ServiceNotFoundException(provider.getName(), getServiceName(type, algo));
+ }
+ return true;
+ }
+
+ private static List<String> getAlias(Service service) {
+ try {
+ Method method = Service.class.getDeclaredMethod("getAliases");
+ method.setAccessible(true);
+ List<String> aliases = (List) method.invoke(service, null);
+ return aliases;
+ } catch (NoSuchMethodException | InvocationTargetException | IllegalAccessException e) {
+ e.printStackTrace();
+ }
+ return Collections.<String>emptyList();
+ }
+
+ /**
+ * check if the provider associates the alias name to the service
+ *
+ * @param provider the provider to check
+ * @param aliasFullName alias
+ * @param serviceShortName service name for short
+ * @return true if passed this check
+ */
+ public static boolean checkAlias(Provider provider, String aliasFullName, String serviceShortName) {
+ if (aliasFullName.toLowerCase(ENGLISH).startsWith(ALIAS_PREFIX_LOWER)) {
+ // for example, in provider defination put("Alg.Alias.MessageDigest.SHA", "SHA-1");
+ // Alg.Alias.MessageDigest.SHA for the aliasFullNanme and SHA-1 for serviceShortName
+ // the aliasKey is MessageDigest.SHA
+ String aliasKey = aliasFullName.substring(ALIAS_LENGTH);
+ String[] typeAndAlg = getTypeAndAlgorithm(aliasKey);
+ if (typeAndAlg == null || typeAndAlg.length < 2) {
+ throw new NameMalFormatException("alias name and type cannot be null");
+ }
+ String type = typeAndAlg[0];
+ String aliasAlg = typeAndAlg[1].intern();
+ Service aliasService = provider.getService(type, aliasAlg);
+ if (aliasService == null) {
+ throw new ServiceNotFoundException(provider.getName(), getServiceName(type, aliasAlg));
+ }
+ Service service = provider.getService(type, serviceShortName);
+ if (service == null) {
+ throw new ServiceNotFoundException(provider.getName(), getServiceName(type, serviceShortName));
+ }
+ if (service != aliasService || !checkAliasInService(service, aliasAlg)) {
+ throw new AliasNotMatchedException(
+ getServiceName(type, aliasAlg), getServiceName(type, serviceShortName));
+ }
+ } else {
+ throw new NameMalFormatException("Alias name is not in a proper format");
+ }
+ return true;
+ }
+
+ private static boolean checkAliasInService(Service service, String... aliasArray) {
+ List<String> aliases = getAlias(service);
+ Set<String> aliasesSet = new HashSet<>();
+ aliasesSet.addAll(aliases);
+ for (String aliasName : aliasArray) {
+ if (!aliasesSet.contains(aliasName)) {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ /**
+ * check if the service has a specific attribute with the correct value in the provider
+ *
+ * @param provider the provider to check
+ * @param serviceName service name
+ * @param attrName attribute name
+ * @param attrValue attribute value
+ * @return true if passed this check
+ */
+ public static boolean checkAttribute(Provider provider, String serviceName, String attrName, String attrValue) {
+ String[] typeAndAlg = getTypeAndAlgorithm(serviceName);
+ if (typeAndAlg == null || typeAndAlg.length < 2) {
+ throw new NameMalFormatException("service name is not in a right formation");
+ }
+ Service service = getService(provider, typeAndAlg[0], typeAndAlg[1]);
+ return checkAttribute(service, attrName, attrValue);
+ }
+
+ private static boolean checkAttribute(Service service, String attrName, String attrValue) {
+ if (!attrValue.equals(service.getAttribute(attrName))) {
+ throw new AttributeNotFoundException(service.getType(), service.getAlgorithm(), attrName, attrValue);
+ }
+ return true;
+ }
+
+ private static String getServiceName(String type, String algo) {
+ return type + "." + algo;
+ }
+
+ /**
+ * seperate algorithm key with type and name
+ *
+ * @param key algorithm full name
+ * @return string array with algorithm type and name
+ */
+ public static String[] getTypeAndAlgorithm(String key) {
+ int index = key.indexOf('.');
+ if (index < 1) {
+ return new String[0];
+ }
+ String type = key.substring(0, index);
+ String alg = key.substring(index + 1);
+ return new String[] {type, alg};
+ }
+
+ /**
+ * throws this exception if we cannot find the service in the provider
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+ public static class ServiceNotFoundException extends RuntimeException {
+ public ServiceNotFoundException(String provider, String serviceName) {
+ this("faild to find " + serviceName + " in " + provider + " provider");
+ }
+
+ public ServiceNotFoundException(String message) {
+ super(message);
+ }
+ }
+
+ /**
+ * throws this exception if we cannot find the attribute in the service
+ * or the attribute value is not correct
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+ public static class AttributeNotFoundException extends RuntimeException {
+ public AttributeNotFoundException(String type, String algo, String attrName, String attrValue) {
+ this(
+ "faild "
+ + type
+ + "."
+ + algo
+ + " '"
+ + attrName
+ + "' attribute check, "
+ + "the correct value should be '"
+ + attrValue
+ + "'");
+ }
+
+ public AttributeNotFoundException(String message) {
+ super(message);
+ }
+ }
+
+ /**
+ * throws this exception if we cannot find the alias name in the provider
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+ public static class AliasNotMatchedException extends RuntimeException {
+ public AliasNotMatchedException(String aliasName, String serviceName) {
+ this("faild to find alias name " + aliasName + " in " + serviceName);
+ }
+
+ public AliasNotMatchedException(String message) {
+ super(message);
+ }
+ }
+
+ /**
+ * throws this exception if the name is in a malformation
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+ public static class NameMalFormatException extends RuntimeException {
+ public NameMalFormatException(String message) {
+ super(message);
+ }
+ }
+}
diff --git a/jdk/test/java/security/Provider/SunJCEValidator.java b/jdk/test/java/security/Provider/SunJCEValidator.java
new file mode 100644
index 000000000..314abb380
--- /dev/null
+++ b/jdk/test/java/security/Provider/SunJCEValidator.java
@@ -0,0 +1,574 @@
+/*
+ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Huawei designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Huawei in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional
+ * information or have any questions.
+ */
+
+/*
+ * @test
+ * @bug 7092821
+ * @library ../testlibrary
+ * @summary make sure that Sun providers do not miss any algorithms after
+ * modifying the frameworks underneath
+ * @author Henry Yang
+ */
+
+/*
+ *- @TestCaseID:Provider/SunJCEValidator.java
+ *- @TestCaseName:Provider/SunJCEValidator.java
+ *- @TestCaseType:Function test
+ *- @RequirementID:AR.SR.IREQ02758058.001.001
+ *- @RequirementName: java.security.Provider.getService() is synchronized and became scalability bottleneck
+ *- @Condition:JDK8u302及以后
+ *- @Brief:测试相应provider更改底层架构以后所提供的service是否与原先有差异(以openJDK8u302为准)
+ * -#step:比较openJDK8u302 SunJceProvider与此特性修改后的SunJceProvider所提供的service是否一致
+ *- @Expect:正常运行
+ *- @Priority:Level 1
+ */
+
+import com.sun.crypto.provider.SunJCE;
+
+import java.security.Provider;
+
+/**
+ * validator for SunJCE provider, make sure we do not miss any algorithm
+ * after the modification.
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+public class SunJCEValidator extends BaseProviderValidator {
+ private static final String OID_PKCS12_RC4_128 = "1.2.840.113549.1.12.1.1";
+ private static final String OID_PKCS12_RC4_40 = "1.2.840.113549.1.12.1.2";
+ private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3";
+ private static final String OID_PKCS12_RC2_128 = "1.2.840.113549.1.12.1.5";
+ private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6";
+ private static final String OID_PKCS5_MD5_DES = "1.2.840.113549.1.5.3";
+ private static final String OID_PKCS5_PBKDF2 = "1.2.840.113549.1.5.12";
+ private static final String OID_PKCS5_PBES2 = "1.2.840.113549.1.5.13";
+ private static final String OID_PKCS3 = "1.2.840.113549.1.3.1";
+
+ public static void main(String[] args) throws Exception {
+ SunJCEValidator validator = new SunJCEValidator();
+ validator.validate();
+ }
+
+ @Override
+ Provider getDefaultProvider() {
+ return new SunJCE();
+ }
+
+ @Override
+ boolean validate() throws Exception {
+ final String BLOCK_MODES =
+ "ECB|CBC|PCBC|CTR|CTS|CFB|OFB"
+ + "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64"
+ + "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64";
+ final String BLOCK_MODES128 =
+ BLOCK_MODES
+ + "|GCM|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128"
+ + "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128";
+ final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING";
+
+ /*
+ * Cipher engines
+ */
+ checkService("Cipher.RSA");
+ checkAttribute("Cipher.RSA SupportedModes", "ECB");
+ checkAttribute(
+ "Cipher.RSA SupportedPaddings",
+ "NOPADDING|PKCS1PADDING|OAEPPADDING"
+ + "|OAEPWITHMD5ANDMGF1PADDING"
+ + "|OAEPWITHSHA1ANDMGF1PADDING"
+ + "|OAEPWITHSHA-1ANDMGF1PADDING"
+ + "|OAEPWITHSHA-224ANDMGF1PADDING"
+ + "|OAEPWITHSHA-256ANDMGF1PADDING"
+ + "|OAEPWITHSHA-384ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
+ checkAttribute(
+ "Cipher.RSA SupportedKeyClasses",
+ "java.security.interfaces.RSAPublicKey" + "|java.security.interfaces.RSAPrivateKey");
+
+ checkService("Cipher.DES");
+ checkAttribute("Cipher.DES SupportedModes", BLOCK_MODES);
+ checkAttribute("Cipher.DES SupportedPaddings", BLOCK_PADS);
+ checkAttribute("Cipher.DES SupportedKeyFormats", "RAW");
+
+ checkService("Cipher.DESede");
+ checkAlias("Alg.Alias.Cipher.TripleDES", "DESede");
+ checkAttribute("Cipher.DESede SupportedModes", BLOCK_MODES);
+ checkAttribute("Cipher.DESede SupportedPaddings", BLOCK_PADS);
+ checkAttribute("Cipher.DESede SupportedKeyFormats", "RAW");
+
+ checkService("Cipher.DESedeWrap");
+ checkAttribute("Cipher.DESedeWrap SupportedModes", "CBC");
+ checkAttribute("Cipher.DESedeWrap SupportedPaddings", "NOPADDING");
+ checkAttribute("Cipher.DESedeWrap SupportedKeyFormats", "RAW");
+ System.out.println("Cipher engines check passed");
+
+ // PBES1
+ checkService("Cipher.PBEWithMD5AndDES");
+ checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES");
+ checkAlias("Alg.Alias.Cipher." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES");
+
+ checkService("Cipher.PBEWithMD5AndTripleDES");
+
+ checkService("Cipher.PBEWithSHA1AndDESede");
+ checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede");
+ checkAlias("Alg.Alias.Cipher." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede");
+
+ checkService("Cipher.PBEWithSHA1AndRC2_40");
+ checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40");
+ checkAlias("Alg.Alias.Cipher." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40");
+
+ checkService("Cipher.PBEWithSHA1AndRC2_128");
+ checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128");
+ checkAlias("Alg.Alias.Cipher." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128");
+
+ checkService("Cipher.PBEWithSHA1AndRC4_40");
+ checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40");
+ checkAlias("Alg.Alias.Cipher." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40");
+
+ checkService("Cipher.PBEWithSHA1AndRC4_128");
+ checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128");
+ checkAlias("Alg.Alias.Cipher." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128");
+ System.out.println("PBES1 check passed");
+
+ // PBES2
+
+ checkService("Cipher.PBEWithHmacSHA1AndAES_128");
+
+ checkService("Cipher.PBEWithHmacSHA224AndAES_128");
+
+ checkService("Cipher.PBEWithHmacSHA256AndAES_128");
+
+ checkService("Cipher.PBEWithHmacSHA384AndAES_128");
+
+ checkService("Cipher.PBEWithHmacSHA512AndAES_128");
+
+ checkService("Cipher.PBEWithHmacSHA1AndAES_256");
+
+ checkService("Cipher.PBEWithHmacSHA224AndAES_256");
+
+ checkService("Cipher.PBEWithHmacSHA256AndAES_256");
+
+ checkService("Cipher.PBEWithHmacSHA384AndAES_256");
+
+ checkService("Cipher.PBEWithHmacSHA512AndAES_256");
+
+ checkService("Cipher.Blowfish");
+ checkAttribute("Cipher.Blowfish SupportedModes", BLOCK_MODES);
+ checkAttribute("Cipher.Blowfish SupportedPaddings", BLOCK_PADS);
+ checkAttribute("Cipher.Blowfish SupportedKeyFormats", "RAW");
+
+ checkService("Cipher.AES");
+ checkAlias("Alg.Alias.Cipher.Rijndael", "AES");
+ checkAttribute("Cipher.AES SupportedModes", BLOCK_MODES128);
+ checkAttribute("Cipher.AES SupportedPaddings", BLOCK_PADS);
+ checkAttribute("Cipher.AES SupportedKeyFormats", "RAW");
+
+ checkService("Cipher.AES_128/ECB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding");
+ checkService("Cipher.AES_128/CBC/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding");
+ checkService("Cipher.AES_128/OFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding");
+ checkService("Cipher.AES_128/CFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding");
+ checkService("Cipher.AES_128/GCM/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding");
+
+ checkService("Cipher.AES_192/ECB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding");
+ checkService("Cipher.AES_192/CBC/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding");
+ checkService("Cipher.AES_192/OFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding");
+ checkService("Cipher.AES_192/CFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding");
+ checkService("Cipher.AES_192/GCM/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding");
+
+ checkService("Cipher.AES_256/ECB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding");
+ checkService("Cipher.AES_256/CBC/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding");
+ checkService("Cipher.AES_256/OFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding");
+ checkService("Cipher.AES_256/CFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding");
+ checkService("Cipher.AES_256/GCM/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding");
+
+ checkService("Cipher.AESWrap");
+ checkAttribute("Cipher.AESWrap SupportedModes", "ECB");
+ checkAttribute("Cipher.AESWrap SupportedPaddings", "NOPADDING");
+ checkAttribute("Cipher.AESWrap SupportedKeyFormats", "RAW");
+
+ checkService("Cipher.AESWrap_128");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.5", "AESWrap_128");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.5", "AESWrap_128");
+ checkService("Cipher.AESWrap_192");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.25", "AESWrap_192");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.25", "AESWrap_192");
+ checkService("Cipher.AESWrap_256");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.45", "AESWrap_256");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.45", "AESWrap_256");
+
+ checkService("Cipher.RC2");
+ checkAttribute("Cipher.RC2 SupportedModes", BLOCK_MODES);
+ checkAttribute("Cipher.RC2 SupportedPaddings", BLOCK_PADS);
+ checkAttribute("Cipher.RC2 SupportedKeyFormats", "RAW");
+
+ checkService("Cipher.ARCFOUR");
+ checkAlias("Alg.Alias.Cipher.RC4", "ARCFOUR");
+ checkAttribute("Cipher.ARCFOUR SupportedModes", "ECB");
+ checkAttribute("Cipher.ARCFOUR SupportedPaddings", "NOPADDING");
+ checkAttribute("Cipher.ARCFOUR SupportedKeyFormats", "RAW");
+ System.out.println("PBES2 check passed");
+
+ /*
+ * Key(pair) Generator engines
+ */
+ checkService("KeyGenerator.DES");
+
+ checkService("KeyGenerator.DESede");
+ checkAlias("Alg.Alias.KeyGenerator.TripleDES", "DESede");
+
+ checkService("KeyGenerator.Blowfish");
+
+ checkService("KeyGenerator.AES");
+ checkAlias("Alg.Alias.KeyGenerator.Rijndael", "AES");
+
+ checkService("KeyGenerator.RC2");
+ checkService("KeyGenerator.ARCFOUR");
+ checkAlias("Alg.Alias.KeyGenerator.RC4", "ARCFOUR");
+
+ checkService("KeyGenerator.HmacMD5");
+
+ checkService("KeyGenerator.HmacSHA1");
+ checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.7", "HmacSHA1");
+ checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.7", "HmacSHA1");
+
+ checkService("KeyGenerator.HmacSHA224");
+ checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.8", "HmacSHA224");
+ checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.8", "HmacSHA224");
+
+ checkService("KeyGenerator.HmacSHA256");
+ checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.9", "HmacSHA256");
+ checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.9", "HmacSHA256");
+
+ checkService("KeyGenerator.HmacSHA384");
+ checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.10", "HmacSHA384");
+ checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.10", "HmacSHA384");
+
+ checkService("KeyGenerator.HmacSHA512");
+ checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.11", "HmacSHA512");
+ checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.11", "HmacSHA512");
+
+ checkService("KeyPairGenerator.DiffieHellman");
+ checkAlias("Alg.Alias.KeyPairGenerator.DH", "DiffieHellman");
+ checkAlias("Alg.Alias.KeyPairGenerator.OID." + OID_PKCS3, "DiffieHellman");
+ checkAlias("Alg.Alias.KeyPairGenerator." + OID_PKCS3, "DiffieHellman");
+ System.out.println("Key(pair) Generator engines check passed");
+
+ /*
+ * Algorithm parameter generation engines
+ */
+ checkService("AlgorithmParameterGenerator.DiffieHellman");
+ checkAlias("Alg.Alias.AlgorithmParameterGenerator.DH", "DiffieHellman");
+ checkAlias("Alg.Alias.AlgorithmParameterGenerator.OID." + OID_PKCS3, "DiffieHellman");
+ checkAlias("Alg.Alias.AlgorithmParameterGenerator." + OID_PKCS3, "DiffieHellman");
+ System.out.println("Algorithm parameter generation engines check passed");
+
+ /*
+ * Key Agreement engines
+ */
+ checkService("KeyAgreement.DiffieHellman");
+ checkAlias("Alg.Alias.KeyAgreement.DH", "DiffieHellman");
+ checkAlias("Alg.Alias.KeyAgreement.OID." + OID_PKCS3, "DiffieHellman");
+ checkAlias("Alg.Alias.KeyAgreement." + OID_PKCS3, "DiffieHellman");
+
+ checkAttribute(
+ "KeyAgreement.DiffieHellman SupportedKeyClasses",
+ "javax.crypto.interfaces.DHPublicKey" + "|javax.crypto.interfaces.DHPrivateKey");
+ System.out.println("Key Agreement engines check passed");
+
+ /*
+ * Algorithm Parameter engines
+ */
+ checkService("AlgorithmParameters.DiffieHellman");
+ checkAlias("Alg.Alias.AlgorithmParameters.DH", "DiffieHellman");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS3, "DiffieHellman");
+ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS3, "DiffieHellman");
+
+ checkService("AlgorithmParameters.DES");
+
+ checkService("AlgorithmParameters.DESede");
+ checkAlias("Alg.Alias.AlgorithmParameters.TripleDES", "DESede");
+
+ checkService("AlgorithmParameters.PBE");
+
+ checkService("AlgorithmParameters.PBEWithMD5AndDES");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES");
+ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES");
+
+ checkService("AlgorithmParameters.PBEWithMD5AndTripleDES");
+
+ checkService("AlgorithmParameters.PBEWithSHA1AndDESede");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede");
+ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede");
+
+ checkService("AlgorithmParameters.PBEWithSHA1AndRC2_40");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40");
+ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40");
+
+ checkService("AlgorithmParameters.PBEWithSHA1AndRC2_128");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128");
+ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128");
+
+ checkService("AlgorithmParameters.PBEWithSHA1AndRC4_40");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40");
+ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40");
+
+ checkService("AlgorithmParameters.PBEWithSHA1AndRC4_128");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128");
+ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128");
+
+ checkService("AlgorithmParameters.PBES2");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS5_PBES2, "PBES2");
+ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS5_PBES2, "PBES2");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA1AndAES_128");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA224AndAES_128");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA256AndAES_128");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA384AndAES_128");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA512AndAES_128");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA1AndAES_256");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA224AndAES_256");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA256AndAES_256");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA384AndAES_256");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA512AndAES_256");
+
+ checkService("AlgorithmParameters.Blowfish");
+
+ checkService("AlgorithmParameters.AES");
+ checkAlias("Alg.Alias.AlgorithmParameters.Rijndael", "AES");
+ checkService("AlgorithmParameters.GCM");
+
+ checkService("AlgorithmParameters.RC2");
+
+ checkService("AlgorithmParameters.OAEP");
+ System.out.println("Algorithm Parameter engines check passed");
+
+ /*
+ * Key factories
+ */
+ checkService("KeyFactory.DiffieHellman");
+ checkAlias("Alg.Alias.KeyFactory.DH", "DiffieHellman");
+ checkAlias("Alg.Alias.KeyFactory.OID." + OID_PKCS3, "DiffieHellman");
+ checkAlias("Alg.Alias.KeyFactory." + OID_PKCS3, "DiffieHellman");
+ System.out.println("Key factories check passed");
+
+ /*
+ * Secret-key factories
+ */
+ checkService("SecretKeyFactory.DES");
+
+ checkService("SecretKeyFactory.DESede");
+ checkAlias("Alg.Alias.SecretKeyFactory.TripleDES", "DESede");
+
+ checkService("SecretKeyFactory.PBEWithMD5AndDES");
+ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES");
+ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES");
+
+ checkAlias("Alg.Alias.SecretKeyFactory.PBE", "PBEWithMD5AndDES");
+
+ /*
+ * Internal in-house crypto algorithm used for
+ * the JCEKS keystore type. Since this was developed
+ * internally, there isn't an OID corresponding to this
+ * algorithm.
+ */
+ checkService("SecretKeyFactory.PBEWithMD5AndTripleDES");
+
+ checkService("SecretKeyFactory.PBEWithSHA1AndDESede");
+ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede");
+ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede");
+
+ checkService("SecretKeyFactory.PBEWithSHA1AndRC2_40");
+ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40");
+ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40");
+
+ checkService("SecretKeyFactory.PBEWithSHA1AndRC2_128");
+ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128");
+ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128");
+
+ checkService("SecretKeyFactory.PBEWithSHA1AndRC4_40");
+
+ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40");
+ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40");
+
+ checkService("SecretKeyFactory.PBEWithSHA1AndRC4_128");
+
+ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128");
+ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA1AndAES_128");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA224AndAES_128");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA256AndAES_128");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA384AndAES_128");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA512AndAES_128");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA1AndAES_256");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA224AndAES_256");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA256AndAES_256");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA384AndAES_256");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA512AndAES_256");
+ System.out.println("crypto algorithm for JCEKS keystore check passed ");
+
+ // PBKDF2
+
+ checkService("SecretKeyFactory.PBKDF2WithHmacSHA1");
+ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2, "PBKDF2WithHmacSHA1");
+ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2, "PBKDF2WithHmacSHA1");
+
+ checkService("SecretKeyFactory.PBKDF2WithHmacSHA224");
+ checkService("SecretKeyFactory.PBKDF2WithHmacSHA256");
+ checkService("SecretKeyFactory.PBKDF2WithHmacSHA384");
+ checkService("SecretKeyFactory.PBKDF2WithHmacSHA512");
+
+ System.out.println("PBKDF2 check passed");
+
+ /*
+ * MAC
+ */
+ checkService("Mac.HmacMD5");
+ checkService("Mac.HmacSHA1");
+ checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.7", "HmacSHA1");
+ checkAlias("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1");
+ checkService("Mac.HmacSHA224");
+ checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.8", "HmacSHA224");
+ checkAlias("Alg.Alias.Mac.1.2.840.113549.2.8", "HmacSHA224");
+ checkService("Mac.HmacSHA256");
+ checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.9", "HmacSHA256");
+ checkAlias("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256");
+ checkService("Mac.HmacSHA384");
+ checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.10", "HmacSHA384");
+ checkAlias("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384");
+ checkService("Mac.HmacSHA512");
+ checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.11", "HmacSHA512");
+ checkAlias("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512");
+ checkService("Mac.HmacPBESHA1");
+
+ System.out.println("MAC check passed");
+
+ // PBMAC1
+
+ checkService("Mac.PBEWithHmacSHA1");
+ checkService("Mac.PBEWithHmacSHA224");
+ checkService("Mac.PBEWithHmacSHA256");
+ checkService("Mac.PBEWithHmacSHA384");
+ checkService("Mac.PBEWithHmacSHA512");
+
+ checkService("Mac.SslMacMD5");
+ checkService("Mac.SslMacSHA1");
+
+ checkAttribute("Mac.HmacMD5 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.HmacSHA1 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.HmacSHA224 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.HmacSHA256 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.PBEWithHmacSHA1 SupportedKeyFormatS", "RAW");
+ checkAttribute("Mac.PBEWithHmacSHA224 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.PBEWithHmacSHA256 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.PBEWithHmacSHA384 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.PBEWithHmacSHA512 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.SslMacMD5 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.SslMacSHA1 SupportedKeyFormats", "RAW");
+ System.out.println("PBMAC1 check passed");
+
+ /*
+ * KeyStore
+ */
+ checkService("KeyStore.JCEKS");
+ System.out.println("KeyStore check passed");
+
+ /*
+ * SSL/TLS mechanisms
+ *
+ * These are strictly internal implementations and may
+ * be changed at any time. These names were chosen
+ * because PKCS11/SunPKCS11 does not yet have TLS1.2
+ * mechanisms, and it will cause calls to come here.
+ */
+ checkService("KeyGenerator.SunTlsPrf");
+ checkService("KeyGenerator.SunTls12Prf");
+
+ checkService("KeyGenerator.SunTlsMasterSecret");
+ checkAlias("Alg.Alias.KeyGenerator.SunTls12MasterSecret", "SunTlsMasterSecret");
+ checkAlias("Alg.Alias.KeyGenerator.SunTlsExtendedMasterSecret", "SunTlsMasterSecret");
+
+ checkService("KeyGenerator.SunTlsKeyMaterial");
+ checkAlias("Alg.Alias.KeyGenerator.SunTls12KeyMaterial", "SunTlsKeyMaterial");
+
+ checkService("KeyGenerator.SunTlsRsaPremasterSecret");
+ checkAlias("Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret", "SunTlsRsaPremasterSecret");
+ System.out.println("SSL/TLS mechanisms check passed");
+ return true;
+ }
+}
diff --git a/jdk/test/java/security/Provider/SunJSSEValidator.java b/jdk/test/java/security/Provider/SunJSSEValidator.java
new file mode 100644
index 000000000..5817c3b7f
--- /dev/null
+++ b/jdk/test/java/security/Provider/SunJSSEValidator.java
@@ -0,0 +1,137 @@
+/*
+ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Huawei designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Huawei in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional
+ * information or have any questions.
+ */
+
+/*
+ * @test
+ * @bug 7092821
+ * @library ../testlibrary
+ * @summary make sure that Sun providers do not miss any algorithms after
+ * modifying the frameworks underneath
+ * @author Henry Yang
+ */
+
+/*
+ *- @TestCaseID:Provider/SunJSSEValidator.java
+ *- @TestCaseName:Provider/SunJSSEValidator.java
+ *- @TestCaseType:Function test
+ *- @RequirementID:AR.SR.IREQ02758058.001.001
+ *- @RequirementName: java.security.Provider.getService() is synchronized and became scalability bottleneck
+ *- @Condition:JDK8u302及以后
+ *- @Brief:测试相应provider更改底层架构以后所提供的service是否与原先有差异(以openJDK8u302为准)
+ * -#step:比较openJDK8u302 SunJSSEProvider与此特性修改后的SunJSSEProvider所提供的service是否一致
+ *- @Expect:正常运行
+ *- @Priority:Level 1
+ */
+
+import java.security.Provider;
+import java.util.Locale;
+
+/**
+ * validator for SunJSSE provider, make sure we do not miss any algorithm
+ * after the modification.
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+public class SunJSSEValidator extends BaseProviderValidator {
+ private boolean fips = false;
+
+ public static void main(String[] args) throws Exception {
+ SunJSSEValidator validator = new SunJSSEValidator();
+ if (args != null && args.length > 0) {
+ String fipsStr = args[0].toLowerCase(Locale.ENGLISH);
+ if (!"true".equals(fipsStr) && !"false".equals(fipsStr)) {
+ throw new RuntimeException("Fips mode argument should be a boolean value");
+ }
+ validator.setFips(Boolean.parseBoolean(fipsStr));
+ }
+ validator.validate();
+ }
+
+ public void setFips(boolean isFips) {
+ this.fips = isFips;
+ }
+
+ @Override
+ Provider getDefaultProvider() {
+ return new com.sun.net.ssl.internal.ssl.Provider();
+ }
+
+ @Override
+ boolean validate() throws Exception {
+ if (fips == false) {
+ checkService("KeyFactory.RSA");
+ checkAlias("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA");
+ checkAlias("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA");
+
+ checkService("KeyPairGenerator.RSA");
+ checkAlias("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA");
+ checkAlias("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA");
+
+ checkService("Signature.MD2withRSA");
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2", "MD2withRSA");
+
+ checkService("Signature.MD5withRSA");
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", "MD5withRSA");
+
+ checkService("Signature.SHA1withRSA");
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA");
+ checkAlias("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.3.14.3.2.29", "SHA1withRSA");
+ }
+ checkService("Signature.MD5andSHA1withRSA");
+
+ checkService("KeyManagerFactory.SunX509");
+ checkService("KeyManagerFactory.NewSunX509");
+ checkAlias("Alg.Alias.KeyManagerFactory.PKIX", "NewSunX509");
+
+ checkService("TrustManagerFactory.SunX509");
+ checkService("TrustManagerFactory.PKIX");
+ checkAlias("Alg.Alias.TrustManagerFactory.SunPKIX", "PKIX");
+ checkAlias("Alg.Alias.TrustManagerFactory.X509", "PKIX");
+ checkAlias("Alg.Alias.TrustManagerFactory.X.509", "PKIX");
+
+ checkService("SSLContext.TLSv1");
+ checkService("SSLContext.TLSv1.1");
+ checkService("SSLContext.TLSv1.2");
+ checkService("SSLContext.TLSv1.3");
+ checkService("SSLContext.TLS");
+ if (fips == false) {
+ checkAlias("Alg.Alias.SSLContext.SSL", "TLS");
+ checkAlias("Alg.Alias.SSLContext.SSLv3", "TLSv1");
+ }
+
+ checkService("SSLContext.Default");
+
+ /*
+ * KeyStore
+ */
+ checkService("KeyStore.PKCS12");
+ System.out.println("SunJSSE check passed");
+ return true;
+ }
+}
diff --git a/jdk/test/java/security/Provider/SunRsaSignValidator.java b/jdk/test/java/security/Provider/SunRsaSignValidator.java
new file mode 100644
index 000000000..66fb33a44
--- /dev/null
+++ b/jdk/test/java/security/Provider/SunRsaSignValidator.java
@@ -0,0 +1,154 @@
+/*
+ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Huawei designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Huawei in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional
+ * information or have any questions.
+ */
+
+/*
+ * @test
+ * @bug 7092821
+ * @library ../testlibrary
+ * @summary make sure that Sun providers do not miss any algorithms after
+ * modifying the frameworks underneath
+ * @author Henry Yang
+ */
+
+/*
+ *- @TestCaseID:Provider/SunRsaSignValidator.java
+ *- @TestCaseName:Provider/SunRsaSignValidator.java
+ *- @TestCaseType:Function test
+ *- @RequirementID:AR.SR.IREQ02758058.001.001
+ *- @RequirementName: java.security.Provider.getService() is synchronized and became scalability bottleneck
+ *- @Condition:JDK8u302及以后
+ *- @Brief:测试相应provider更改底层架构以后所提供的service是否与原先有差异(以openJDK8u302为准)
+ * -#step:比较openJDK8u302 SunRsaSignProvider与此特性修改后的SunRsaSignProvider所提供的service是否一致
+ *- @Expect:正常运行
+ *- @Priority:Level 1
+ */
+
+import sun.security.rsa.SunRsaSign;
+
+import java.security.Provider;
+
+/**
+ * validator for SunRsaSign provider, make sure we do not miss any algorithm
+ * after the modification.
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+public class SunRsaSignValidator extends BaseProviderValidator {
+ public static void main(String[] args) throws Exception {
+ SunRsaSignValidator validator = new SunRsaSignValidator();
+ validator.validate();
+ }
+
+ @Override
+ Provider getDefaultProvider() {
+ return new SunRsaSign();
+ }
+
+ @Override
+ boolean validate() throws Exception {
+ // main algorithms
+ checkService("KeyFactory.RSA");
+ checkService("KeyPairGenerator.RSA");
+ checkService("Signature.MD2withRSA");
+ checkService("Signature.MD5withRSA");
+ checkService("Signature.SHA1withRSA");
+ checkService("Signature.SHA224withRSA");
+ checkService("Signature.SHA256withRSA");
+ checkService("Signature.SHA384withRSA");
+ checkService("Signature.SHA512withRSA");
+ checkService("Signature.SHA512/224withRSA");
+ checkService("Signature.SHA512/256withRSA");
+
+ checkService("KeyFactory.RSASSA-PSS");
+ checkService("KeyPairGenerator.RSASSA-PSS");
+ checkService("Signature.RSASSA-PSS");
+ checkService("AlgorithmParameters.RSASSA-PSS");
+
+ System.out.println("service check passed");
+
+ // attributes for supported key classes
+ String rsaKeyClasses = "java.security.interfaces.RSAPublicKey" + "|java.security.interfaces.RSAPrivateKey";
+ checkAttribute("Signature.MD2withRSA SupportedKeyClasses", rsaKeyClasses);
+ checkAttribute("Signature.MD5withRSA SupportedKeyClasses", rsaKeyClasses);
+ checkAttribute("Signature.SHA1withRSA SupportedKeyClasses", rsaKeyClasses);
+ checkAttribute("Signature.SHA224withRSA SupportedKeyClasses", rsaKeyClasses);
+ checkAttribute("Signature.SHA256withRSA SupportedKeyClasses", rsaKeyClasses);
+ checkAttribute("Signature.SHA384withRSA SupportedKeyClasses", rsaKeyClasses);
+ checkAttribute("Signature.SHA512withRSA SupportedKeyClasses", rsaKeyClasses);
+ checkAttribute("Signature.SHA512/224withRSA SupportedKeyClasses", rsaKeyClasses);
+ checkAttribute("Signature.SHA512/256withRSA SupportedKeyClasses", rsaKeyClasses);
+ checkAttribute("Signature.RSASSA-PSS SupportedKeyClasses", rsaKeyClasses);
+
+ System.out.println("attribute check passed");
+
+ // aliases
+ checkAlias("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA");
+ checkAlias("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA");
+
+ checkAlias("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA");
+ checkAlias("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA");
+
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2", "MD2withRSA");
+
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", "MD5withRSA");
+
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA");
+ checkAlias("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA");
+
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.14", "SHA224withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.14", "SHA224withRSA");
+
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.11", "SHA256withRSA");
+
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.12", "SHA384withRSA");
+
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.13", "SHA512withRSA");
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.15", "SHA512/224withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.15", "SHA512/224withRSA");
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.16", "SHA512/256withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.16", "SHA512/256withRSA");
+
+ checkAlias("Alg.Alias.KeyFactory.1.2.840.113549.1.1.10", "RSASSA-PSS");
+ checkAlias("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
+
+ checkAlias("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.10", "RSASSA-PSS");
+ checkAlias("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
+
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.10", "RSASSA-PSS");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
+
+ checkAlias("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.1.10", "RSASSA-PSS");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
+
+ System.out.println("check alias passed");
+ return true;
+ }
+}
diff --git a/jdk/test/java/security/Provider/SunValidator.java b/jdk/test/java/security/Provider/SunValidator.java
new file mode 100644
index 000000000..3f4b81222
--- /dev/null
+++ b/jdk/test/java/security/Provider/SunValidator.java
@@ -0,0 +1,263 @@
+/*
+ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Huawei designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Huawei in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional
+ * information or have any questions.
+ */
+
+/*
+ * @test
+ * @bug 7092821
+ * @library ../testlibrary
+ * @summary make sure that Sun providers do not miss any algorithms after
+ * modifying the frameworks underneath
+ * @author Henry Yang
+ */
+
+/*
+ *- @TestCaseID:Provider/SunValidator.java
+ *- @TestCaseName:Provider/SunValidator.java
+ *- @TestCaseType:Function test
+ *- @RequirementID:AR.SR.IREQ02758058.001.001
+ *- @RequirementName: java.security.Provider.getService() is synchronized and became scalability bottleneck
+ *- @Condition:JDK8u302及以后
+ *- @Brief:测试相应provider更改底层架构以后所提供的service是否与原先有差异(以openJDK8u302为准)
+ * -#step:比较openJDK8u302 SunProvider与此特性修改后的SunProvider所提供的service是否一致
+ *- @Expect:正常运行
+ *- @Priority:Level 1
+ */
+
+import sun.security.provider.NativePRNG;
+import sun.security.provider.Sun;
+
+import java.lang.reflect.Method;
+import java.security.Provider;
+
+/**
+ * validator for Sun provider, make sure we do not miss any algorithm
+ * after the modification.
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+public class SunValidator extends BaseProviderValidator {
+ public static void main(String[] args) throws Exception {
+ SunValidator validator = new SunValidator();
+ validator.validate();
+ }
+
+ @Override
+ Provider getDefaultProvider() {
+ return new Sun();
+ }
+
+ @Override
+ public boolean validate() throws Exception {
+ Method nativeAvailableMethod = NativePRNG.class.getDeclaredMethod("isAvailable");
+ nativeAvailableMethod.setAccessible(true);
+ boolean nativeAvailable = (Boolean) nativeAvailableMethod.invoke(null);
+ if (nativeAvailable) {
+ checkService("SecureRandom.NativePRNG");
+ }
+
+ checkService("SecureRandom.SHA1PRNG");
+
+ /*
+ * Signature engines
+ */
+ checkService("Signature.SHA1withDSA");
+ checkService("Signature.NONEwithDSA");
+ checkAlias("Alg.Alias.Signature.RawDSA", "NONEwithDSA");
+ checkService("Signature.SHA224withDSA");
+ checkService("Signature.SHA256withDSA");
+
+ String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" + "|java.security.interfaces.DSAPrivateKey";
+ checkAttribute("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses);
+ checkAttribute("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses);
+ checkAttribute("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses);
+ checkAttribute("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses);
+
+ checkAlias("Alg.Alias.Signature.DSA", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.DSS", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.10040.4.3", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1", "SHA224withDSA");
+ checkAlias("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA");
+ checkAlias("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2", "SHA256withDSA");
+ checkAlias("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA");
+ System.out.println("Signature engines check passed");
+
+ /*
+ * Key Pair Generator engines
+ */
+ checkService("KeyPairGenerator.DSA");
+ checkAlias("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA");
+ checkAlias("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA");
+ checkAlias("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA");
+ System.out.println("Key Pair Generator engines check passed");
+
+ /*
+ * Digest engines
+ */
+ checkService("MessageDigest.MD2");
+ checkService("MessageDigest.MD5");
+ checkService("MessageDigest.SHA");
+
+ checkAlias("Alg.Alias.MessageDigest.SHA-1", "SHA");
+ checkAlias("Alg.Alias.MessageDigest.SHA1", "SHA");
+ checkAlias("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA");
+ checkAlias("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA");
+
+ checkService("MessageDigest.SHA-224");
+ checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224");
+ checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4", "SHA-224");
+
+ checkService("MessageDigest.SHA-256");
+ checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256");
+ checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1", "SHA-256");
+ checkService("MessageDigest.SHA-384");
+ checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384");
+ checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2", "SHA-384");
+ checkService("MessageDigest.SHA-512");
+ checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512");
+ checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3", "SHA-512");
+ checkService("MessageDigest.SHA-512/224");
+ checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.5", "SHA-512/224");
+ checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.5", "SHA-512/224");
+ checkService("MessageDigest.SHA-512/256");
+ checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.6", "SHA-512/256");
+ checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.6", "SHA-512/256");
+ System.out.println("Digest engines check passed");
+
+ /*
+ * Algorithm Parameter Generator engines
+ */
+ checkService("AlgorithmParameterGenerator.DSA");
+ System.out.println("Algorithm Parameter Generator engines check passed");
+
+ /*
+ * Algorithm Parameter engines
+ */
+ checkService("AlgorithmParameters.DSA");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA");
+ checkAlias("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA");
+ checkAlias("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA");
+ System.out.println("Algorithm Parameter engines check passed");
+
+ /*
+ * Key factories
+ */
+ checkService("KeyFactory.DSA");
+ checkAlias("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA");
+ checkAlias("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA");
+ checkAlias("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA");
+ System.out.println("Key factories check passed");
+
+ /*
+ * Certificates
+ */
+ checkService("CertificateFactory.X.509");
+ checkAlias("Alg.Alias.CertificateFactory.X509", "X.509");
+ System.out.println("Certificates check passed");
+
+ /*
+ * KeyStore
+ */
+ checkService("KeyStore.JKS");
+ checkService("KeyStore.CaseExactJKS");
+ checkService("KeyStore.DKS");
+ System.out.println("KeyStore check passed");
+
+ /*
+ * Policy
+ */
+ checkService("Policy.JavaPolicy");
+ System.out.println("Policy check passed");
+
+ /*
+ * Configuration
+ */
+ checkService("Configuration.JavaLoginConfig");
+ System.out.println("Configuration check passed");
+
+ /*
+ * CertPathBuilder
+ */
+ checkService("CertPathBuilder.PKIX");
+ checkAttribute("CertPathBuilder.PKIX ValidationAlgorithm", "RFC5280");
+ System.out.println("CertPathBuilder check passed");
+
+ /*
+ * CertPathValidator
+ */
+ checkService("CertPathValidator.PKIX");
+ checkAttribute("CertPathValidator.PKIX ValidationAlgorithm", "RFC5280");
+ System.out.println("CertPathValidator check passed");
+
+ /*
+ * CertStores
+ */
+ checkService("CertStore.LDAP");
+ checkAttribute("CertStore.LDAP LDAPSchema", "RFC2587");
+ checkService("CertStore.Collection");
+ checkService("CertStore.com.sun.security.IndexedCollection");
+ System.out.println("CertStores check passed");
+
+ /*
+ * KeySize
+ */
+ checkAttribute("Signature.NONEwithDSA KeySize", "1024");
+ checkAttribute("Signature.SHA1withDSA KeySize", "1024");
+ checkAttribute("Signature.SHA224withDSA KeySize", "2048");
+ checkAttribute("Signature.SHA256withDSA KeySize", "2048");
+
+ checkAttribute("KeyPairGenerator.DSA KeySize", "2048");
+ checkAttribute("AlgorithmParameterGenerator.DSA KeySize", "2048");
+ System.out.println("KeySize attribute check passed");
+
+ /*
+ * Implementation type: software or hardware
+ */
+ checkAttribute("Signature.SHA1withDSA ImplementedIn", "Software");
+ checkAttribute("KeyPairGenerator.DSA ImplementedIn", "Software");
+ checkAttribute("MessageDigest.MD5 ImplementedIn", "Software");
+ checkAttribute("MessageDigest.SHA ImplementedIn", "Software");
+ checkAttribute("AlgorithmParameterGenerator.DSA ImplementedIn", "Software");
+ checkAttribute("AlgorithmParameters.DSA ImplementedIn", "Software");
+ checkAttribute("KeyFactory.DSA ImplementedIn", "Software");
+ checkAttribute("SecureRandom.SHA1PRNG ImplementedIn", "Software");
+ checkAttribute("CertificateFactory.X.509 ImplementedIn", "Software");
+ checkAttribute("KeyStore.JKS ImplementedIn", "Software");
+ checkAttribute("CertPathValidator.PKIX ImplementedIn", "Software");
+ checkAttribute("CertPathBuilder.PKIX ImplementedIn", "Software");
+ checkAttribute("CertStore.LDAP ImplementedIn", "Software");
+ checkAttribute("CertStore.Collection ImplementedIn", "Software");
+ checkAttribute("CertStore.com.sun.security.IndexedCollection ImplementedIn", "Software");
+ System.out.println("Implementation type attribute check passed");
+ return true;
+ }
+}
diff --git a/jdk/test/java/security/SecureRandom/DefaultAlgo.java b/jdk/test/java/security/SecureRandom/DefaultAlgo.java
new file mode 100644
index 000000000..ce786f7a2
--- /dev/null
+++ b/jdk/test/java/security/SecureRandom/DefaultAlgo.java
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import static java.lang.System.out;
+import java.security.Provider;
+import java.security.Security;
+import java.security.SecureRandom;
+import java.security.Provider.Service;
+import java.util.Objects;
+import java.util.Arrays;
+import sun.security.provider.SunEntries;
+
+/**
+ * @test
+ * @bug 8228613
+ * @summary Ensure that the default SecureRandom algo used is based
+ * on the registration ordering, and falls to next provider
+ * if none are found
+ * @modules java.base/sun.security.provider
+ */
+public class DefaultAlgo {
+
+ public static void main(String[] args) throws Exception {
+ String[] algos = { "A", "B", "C" };
+ test3rdParty(algos);
+ // reverse the order and re-check
+ String[] algosReversed = { "C", "B", "A" };
+ test3rdParty(algosReversed);
+ }
+
+ private static void test3rdParty(String[] algos) {
+ Provider[] provs = {
+ new SampleLegacyProvider(algos),
+ new SampleServiceProvider(algos)
+ };
+ for (Provider p : provs) {
+ checkDefault(p, algos);
+ }
+ }
+
+ // validate the specified SecureRandom obj to be from the specified
+ // provider and matches the specified algorithm
+ private static void validate(SecureRandom sr, String pName, String algo) {
+ if (!sr.getProvider().getName().equals(pName)) {
+ throw new RuntimeException("Failed provider check, exp: " +
+ pName + ", got " + sr.getProvider().getName());
+ }
+ if (!sr.getAlgorithm().equals(algo)) {
+ throw new RuntimeException("Failed algo check, exp: " +
+ algo + ", got " + sr.getAlgorithm());
+ }
+ }
+
+ private static void checkDefault(Provider p, String ... algos) {
+ out.println(p.getName() + " with " + Arrays.toString(algos));
+ int pos = Security.insertProviderAt(p, 1);
+ String pName = p.getName();
+ boolean isLegacy = pName.equals("SampleLegacy");
+ try {
+ if (isLegacy) {
+ for (String s : algos) {
+ validate(new SecureRandom(), pName, s);
+ p.remove("SecureRandom." + s);
+ out.println("removed " + s);
+ }
+ validate(new SecureRandom(), "SUN",
+ SunEntries.DEF_SECURE_RANDOM_ALGO);
+ } else {
+ validate(new SecureRandom(), pName, algos[0]);
+ }
+ out.println("=> Test Passed");
+ } finally {
+ if (pos != -1) {
+ Security.removeProvider(p.getName());
+ }
+ }
+ }
+
+ private static class SampleLegacyProvider extends Provider {
+ SampleLegacyProvider(String[] listOfSupportedRNGs) {
+ super("SampleLegacy", 1.0, "test provider using legacy put");
+ for (String s : listOfSupportedRNGs) {
+ put("SecureRandom." + s, "sun.security.provider.SecureRandom");
+ }
+ }
+ }
+
+ private static class SampleServiceProvider extends Provider {
+ SampleServiceProvider(String[] listOfSupportedRNGs) {
+ super("SampleService", 1.0, "test provider using putService");
+ for (String s : listOfSupportedRNGs) {
+ putService(new Provider.Service(this, "SecureRandom", s,
+ "sun.security.provider.SecureRandom", null, null));
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/jdk/test/micro/org/openeuler/bench/security/provider/GetServiceBenchmark.java b/jdk/test/micro/org/openeuler/bench/security/provider/GetServiceBenchmark.java
new file mode 100644
index 000000000..93cd887d6
--- /dev/null
+++ b/jdk/test/micro/org/openeuler/bench/security/provider/GetServiceBenchmark.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Huawei designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Huawei in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional
+ * information or have any questions.
+ */
+
+/*
+ * - @TestCaseID:provider/GetServiceBenchmark.java
+ * - @TestCaseName:provider/GetServiceBenchmark.java
+ * - @TestCaseType:Performance test
+ * - @RequirementID:AR.SR.IREQ02758058.001.001
+ * - @RequirementName:java.security.Provider.getService() is synchronized and became scalability bottleneck
+ * - @Condition:JDK8u302及以后
+ * - @Brief:测试provider.getService的性能
+ * -#step:创建jmh的maven项目mvn archetype:generate -DinteractiveMode=false -DarchetypeGroupId=org.openjdk.jmh -DarchetypeArtifactId=jmh-java-benchmark-archetype -DgroupId=org.openeuler.bench.security.provider -DartifactId=provider-benchmark -Dversion=1.0
+ * -#step2:删除项目中的多余文件rm -rf provider-benchmark/src/main/java/org/openeuler/bench/security/provider/MyBenchmark.java
+ * -#step3:将本文件拷贝进项目目录cp GetServiceBenchmark.java provider-benchmark/src/main/java/org/openeuler/bench/security/provider/
+ * -#step4:构建项目mvn install
+ * -#step5:运行测试java -jar target/benchmarks.jar GetServiceBenchmark
+ * - @Expect:正常运行
+ * - @Priority:Level 1
+ */
+
+package org.openeuler.bench.security.provider;
+
+import com.sun.crypto.provider.SunJCE;
+
+import org.openjdk.jmh.annotations.Benchmark;
+import org.openjdk.jmh.annotations.BenchmarkMode;
+import org.openjdk.jmh.annotations.Fork;
+import org.openjdk.jmh.annotations.Measurement;
+import org.openjdk.jmh.annotations.Mode;
+import org.openjdk.jmh.annotations.Scope;
+import org.openjdk.jmh.annotations.State;
+import org.openjdk.jmh.annotations.Threads;
+import org.openjdk.jmh.annotations.Warmup;
+
+import java.security.Provider;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * Benchmark to test the performance of provider.getService in
+ * high concurrency scenarios.
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+@BenchmarkMode(Mode.Throughput)
+@Fork(1)
+@Threads(2000)
+@Warmup(iterations = 3, time = 3, timeUnit = TimeUnit.SECONDS)
+@Measurement(iterations = 5, time = 3, timeUnit = TimeUnit.SECONDS)
+@State(Scope.Benchmark)
+public class GetServiceBenchmark {
+ private Provider provider = new SunJCE();
+
+ @Benchmark
+ public void getService() {
+ try {
+ provider.getService("Cipher", "RSA");
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
--
2.22.0