/*
* Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.provider;
import java.io.*;
import java.net.*;
import java.util.*;
import java.security.*;
import jdk.internal.util.StaticProperty;
import sun.security.action.GetPropertyAction;
import sun.security.util.SecurityProviderConstants;
import static sun.security.util.SecurityProviderConstants.getAliases;
Defines the entries of the SUN provider.
Algorithms supported, and their names:
- SHA is the message digest scheme described in FIPS 180-1.
Aliases for SHA are SHA-1 and SHA1.
- SHA1withDSA is the signature scheme described in FIPS 186.
(SHA used in DSA is SHA-1: FIPS 186 with Change No 1.)
Aliases for SHA1withDSA are DSA, DSS, SHA/DSA, SHA-1/DSA, SHA1/DSA,
SHAwithDSA, DSAWithSHA1, and the object
identifier strings "OID.1.3.14.3.2.13", "OID.1.3.14.3.2.27" and
"OID.1.2.840.10040.4.3".
- SHA-2 is a set of message digest schemes described in FIPS 180-2.
SHA-2 family of hash functions includes SHA-224, SHA-256, SHA-384,
and SHA-512.
- [SHA-224|SHA-256|SHA-384|SHA-512]withDSA are the signature schemes
described in FIPS 186-3. The associated object identifiers are
"OID.2.16.840.1.101.3.4.3.[1|2|3|4]" respectively.
- [SHA3-224|SHA3-256|SHA3-384|SHA3-512]withDSA are the signature schemes
using SHA-3 family of digests with DSA. The associated object identifiers
are "OID.2.16.840.1.101.3.4.3.[5|6|7|8]" respectively.
- DSA is the key generation scheme as described in FIPS 186.
Aliases for DSA include the OID strings "OID.1.3.14.3.2.12"
and "OID.1.2.840.10040.4.1".
- MD5 is the message digest scheme described in RFC 1321.
There are no aliases for MD5.
- X.509 is the certificate factory type for X.509 certificates
and CRLs. Aliases for X.509 are X509.
- PKIX is the certification path validation algorithm described
in RFC 5280. The ValidationAlgorithm attribute notes the
specification that this provider implements.
- JavaPolicy is the default file-based Policy type.
- JavaLoginConfig is the default file-based LoginModule Configuration type.
/**
* Defines the entries of the SUN provider.
*
* Algorithms supported, and their names:
*
* - SHA is the message digest scheme described in FIPS 180-1.
* Aliases for SHA are SHA-1 and SHA1.
*
* - SHA1withDSA is the signature scheme described in FIPS 186.
* (SHA used in DSA is SHA-1: FIPS 186 with Change No 1.)
* Aliases for SHA1withDSA are DSA, DSS, SHA/DSA, SHA-1/DSA, SHA1/DSA,
* SHAwithDSA, DSAWithSHA1, and the object
* identifier strings "OID.1.3.14.3.2.13", "OID.1.3.14.3.2.27" and
* "OID.1.2.840.10040.4.3".
*
* - SHA-2 is a set of message digest schemes described in FIPS 180-2.
* SHA-2 family of hash functions includes SHA-224, SHA-256, SHA-384,
* and SHA-512.
*
* - [SHA-224|SHA-256|SHA-384|SHA-512]withDSA are the signature schemes
* described in FIPS 186-3. The associated object identifiers are
* "OID.2.16.840.1.101.3.4.3.[1|2|3|4]" respectively.
*
* - [SHA3-224|SHA3-256|SHA3-384|SHA3-512]withDSA are the signature schemes
* using SHA-3 family of digests with DSA. The associated object identifiers
* are "OID.2.16.840.1.101.3.4.3.[5|6|7|8]" respectively.
*
* - DSA is the key generation scheme as described in FIPS 186.
* Aliases for DSA include the OID strings "OID.1.3.14.3.2.12"
* and "OID.1.2.840.10040.4.1".
*
* - MD5 is the message digest scheme described in RFC 1321.
* There are no aliases for MD5.
*
* - X.509 is the certificate factory type for X.509 certificates
* and CRLs. Aliases for X.509 are X509.
*
* - PKIX is the certification path validation algorithm described
* in RFC 5280. The ValidationAlgorithm attribute notes the
* specification that this provider implements.
*
* - JavaPolicy is the default file-based Policy type.
*
* - JavaLoginConfig is the default file-based LoginModule Configuration type.
*/
public final class SunEntries {
// the default algo used by SecureRandom class for new SecureRandom() calls
public static final String DEF_SECURE_RANDOM_ALGO;
SunEntries(Provider p) {
services = new LinkedHashSet<>(50, 0.9f);
// start populating content using the specified provider
// common attribute map
HashMap<String, String> attrs = new HashMap<>(3);
/*
* SecureRandom engines
*/
attrs.put("ThreadSafe", "true");
if (NativePRNG.isAvailable()) {
add(p, "SecureRandom", "NativePRNG",
"sun.security.provider.NativePRNG", attrs);
}
if (NativePRNG.Blocking.isAvailable()) {
add(p, "SecureRandom", "NativePRNGBlocking",
"sun.security.provider.NativePRNG$Blocking", attrs);
}
if (NativePRNG.NonBlocking.isAvailable()) {
add(p, "SecureRandom", "NativePRNGNonBlocking",
"sun.security.provider.NativePRNG$NonBlocking", attrs);
}
attrs.put("ImplementedIn", "Software");
add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs);
add(p, "SecureRandom", "SHA1PRNG",
"sun.security.provider.SecureRandom", attrs);
/*
* Signature engines
*/
attrs.clear();
String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +
"|java.security.interfaces.DSAPrivateKey";
attrs.put("SupportedKeyClasses", dsaKeyClasses);
attrs.put("ImplementedIn", "Software");
attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures
addWithAlias(p, "Signature", "SHA1withDSA",
"sun.security.provider.DSA$SHA1withDSA", attrs);
addWithAlias(p, "Signature", "NONEwithDSA",
"sun.security.provider.DSA$RawDSA", attrs);
// for DSA signatures with 224/256-bit digests
attrs.put("KeySize", "2048");
addWithAlias(p, "Signature", "SHA224withDSA",
"sun.security.provider.DSA$SHA224withDSA", attrs);
addWithAlias(p, "Signature", "SHA256withDSA",
"sun.security.provider.DSA$SHA256withDSA", attrs);
addWithAlias(p, "Signature", "SHA3-224withDSA",
"sun.security.provider.DSA$SHA3_224withDSA", attrs);
addWithAlias(p, "Signature", "SHA3-256withDSA",
"sun.security.provider.DSA$SHA3_256withDSA", attrs);
attrs.put("KeySize", "3072"); // for DSA sig using 384/512-bit digests
addWithAlias(p, "Signature", "SHA384withDSA",
"sun.security.provider.DSA$SHA384withDSA", attrs);
addWithAlias(p, "Signature", "SHA512withDSA",
"sun.security.provider.DSA$SHA512withDSA", attrs);
addWithAlias(p, "Signature", "SHA3-384withDSA",
"sun.security.provider.DSA$SHA3_384withDSA", attrs);
addWithAlias(p, "Signature", "SHA3-512withDSA",
"sun.security.provider.DSA$SHA3_512withDSA", attrs);
attrs.remove("KeySize");
add(p, "Signature", "SHA1withDSAinP1363Format",
"sun.security.provider.DSA$SHA1withDSAinP1363Format");
add(p, "Signature", "NONEwithDSAinP1363Format",
"sun.security.provider.DSA$RawDSAinP1363Format");
add(p, "Signature", "SHA224withDSAinP1363Format",
"sun.security.provider.DSA$SHA224withDSAinP1363Format");
add(p, "Signature", "SHA256withDSAinP1363Format",
"sun.security.provider.DSA$SHA256withDSAinP1363Format");
add(p, "Signature", "SHA384withDSAinP1363Format",
"sun.security.provider.DSA$SHA384withDSAinP1363Format");
add(p, "Signature", "SHA512withDSAinP1363Format",
"sun.security.provider.DSA$SHA512withDSAinP1363Format");
add(p, "Signature", "SHA3-224withDSAinP1363Format",
"sun.security.provider.DSA$SHA3_224withDSAinP1363Format");
add(p, "Signature", "SHA3-256withDSAinP1363Format",
"sun.security.provider.DSA$SHA3_256withDSAinP1363Format");
add(p, "Signature", "SHA3-384withDSAinP1363Format",
"sun.security.provider.DSA$SHA3_384withDSAinP1363Format");
add(p, "Signature", "SHA3-512withDSAinP1363Format",
"sun.security.provider.DSA$SHA3_512withDSAinP1363Format");
/*
* Key Pair Generator engines
*/
attrs.clear();
attrs.put("ImplementedIn", "Software");
attrs.put("KeySize", "2048"); // for DSA KPG and APG only
String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
/*
* Algorithm Parameter Generator engines
*/
addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
"sun.security.provider.DSAParameterGenerator", attrs);
attrs.remove("KeySize");
/*
* Algorithm Parameter engines
*/
addWithAlias(p, "AlgorithmParameters", "DSA",
"sun.security.provider.DSAParameters", attrs);
/*
* Key factories
*/
addWithAlias(p, "KeyFactory", "DSA",
"sun.security.provider.DSAKeyFactory", attrs);
/*
* Digest engines
*/
add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", attrs);
add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs);
addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA",
attrs);
addWithAlias(p, "MessageDigest", "SHA-224",
"sun.security.provider.SHA2$SHA224", attrs);
addWithAlias(p, "MessageDigest", "SHA-256",
"sun.security.provider.SHA2$SHA256", attrs);
addWithAlias(p, "MessageDigest", "SHA-384",
"sun.security.provider.SHA5$SHA384", attrs);
addWithAlias(p, "MessageDigest", "SHA-512",
"sun.security.provider.SHA5$SHA512", attrs);
addWithAlias(p, "MessageDigest", "SHA-512/224",
"sun.security.provider.SHA5$SHA512_224", attrs);
addWithAlias(p, "MessageDigest", "SHA-512/256",
"sun.security.provider.SHA5$SHA512_256", attrs);
addWithAlias(p, "MessageDigest", "SHA3-224",
"sun.security.provider.SHA3$SHA224", attrs);
addWithAlias(p, "MessageDigest", "SHA3-256",
"sun.security.provider.SHA3$SHA256", attrs);
addWithAlias(p, "MessageDigest", "SHA3-384",
"sun.security.provider.SHA3$SHA384", attrs);
addWithAlias(p, "MessageDigest", "SHA3-512",
"sun.security.provider.SHA3$SHA512", attrs);
/*
* Certificates
*/
addWithAlias(p, "CertificateFactory", "X.509",
"sun.security.provider.X509Factory", attrs);
/*
* KeyStore
*/
add(p, "KeyStore", "PKCS12",
"sun.security.pkcs12.PKCS12KeyStore$DualFormatPKCS12");
add(p, "KeyStore", "JKS",
"sun.security.provider.JavaKeyStore$DualFormatJKS", attrs);
add(p, "KeyStore", "CaseExactJKS",
"sun.security.provider.JavaKeyStore$CaseExactJKS", attrs);
add(p, "KeyStore", "DKS", "sun.security.provider.DomainKeyStore$DKS",
attrs);
/*
* CertStores
*/
add(p, "CertStore", "Collection",
"sun.security.provider.certpath.CollectionCertStore",
attrs);
add(p, "CertStore", "com.sun.security.IndexedCollection",
"sun.security.provider.certpath.IndexedCollectionCertStore",
attrs);
/*
* Policy
*/
add(p, "Policy", "JavaPolicy", "sun.security.provider.PolicySpiFile");
/*
* Configuration
*/
add(p, "Configuration", "JavaLoginConfig",
"sun.security.provider.ConfigFile$Spi");
/*
* CertPathBuilder and CertPathValidator
*/
attrs.clear();
attrs.put("ValidationAlgorithm", "RFC5280");
attrs.put("ImplementedIn", "Software");
add(p, "CertPathBuilder", "PKIX",
"sun.security.provider.certpath.SunCertPathBuilder",
attrs);
add(p, "CertPathValidator", "PKIX",
"sun.security.provider.certpath.PKIXCertPathValidator",
attrs);
}
Iterator<Provider.Service> iterator() {
return services.iterator();
}
private void add(Provider p, String type, String algo, String cn) {
services.add(new Provider.Service(p, type, algo, cn, null, null));
}
private void add(Provider p, String type, String algo, String cn,
HashMap<String, String> attrs) {
services.add(new Provider.Service(p, type, algo, cn, null, attrs));
}
private void addWithAlias(Provider p, String type, String algo, String cn,
HashMap<String, String> attrs) {
services.add(new Provider.Service(p, type, algo, cn,
getAliases(algo), attrs));
}
private LinkedHashSet<Provider.Service> services;
// name of the *System* property, takes precedence over PROP_RNDSOURCE
private static final String PROP_EGD = "java.security.egd";
// name of the *Security* property
private static final String PROP_RNDSOURCE = "securerandom.source";
private static final boolean useLegacyDSA =
Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty
("jdk.security.legacyDSAKeyPairGenerator"));
static final String URL_DEV_RANDOM = "file:/dev/random";
static final String URL_DEV_URANDOM = "file:/dev/urandom";
private static final String seedSource;
static {
seedSource = AccessController.doPrivileged(
new PrivilegedAction<String>() {
@Override
public String run() {
String egdSource = System.getProperty(PROP_EGD, "");
if (egdSource.length() != 0) {
return egdSource;
}
egdSource = Security.getProperty(PROP_RNDSOURCE);
if (egdSource == null) {
return "";
}
return egdSource;
}
});
DEF_SECURE_RANDOM_ALGO = (NativePRNG.isAvailable() &&
(seedSource.equals(URL_DEV_URANDOM) ||
seedSource.equals(URL_DEV_RANDOM)) ?
"NativePRNG" : "DRBG");
}
static String getSeedSource() {
return seedSource;
}
/*
* Use a URI to access this File. Previous code used a URL
* which is less strict on syntax. If we encounter a
* URISyntaxException we make best efforts for backwards
* compatibility. e.g. space character in deviceName string.
*
* Method called within PrivilegedExceptionAction block.
*
* Moved from SeedGenerator to avoid initialization problems with
* signed providers.
*/
static File getDeviceFile(URL device) throws IOException {
try {
URI deviceURI = device.toURI();
if(deviceURI.isOpaque()) {
// File constructor does not accept opaque URI
URI localDir = new File(
StaticProperty.userDir()).toURI();
String uriPath = localDir.toString() +
deviceURI.toString().substring(5);
return new File(URI.create(uriPath));
} else {
return new File(deviceURI);
}
} catch (URISyntaxException use) {
/*
* Make best effort to access this File.
* We can try using the URL path.
*/
return new File(device.getPath());
}
}
}