packages/openjdk-1.8.0
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openjdk-1.8.0/7092821-java.security.Provider.getService-is-synchro.patch
kuenking111 b8f6993dad I6BBYW: upgrade to jdk8u362-ga
2023-01-28 14:19:32 +08:00

4814 lines
213 KiB
Diff
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From 834e8792532d89505e5cabfdbca0de3481b5c8ed Mon Sep 17 00:00:00 2001
From: z00558301 <zhoulei103@huawei.com>
Date: Wed, 8 Jun 2022 09:38:47 +0800
Subject: [PATCH 06/10] 7092821: java.security.Provider.getService() is
synchronized and became scalability bottleneck
Bug url: https://bugs.openjdk.java.net/browse/JDK-7092821
---
.../com/sun/crypto/provider/SunJCE.java | 1300 ++++++++---------
.../security/AlgorithmParameterGenerator.java | 5 +-
.../share/classes/java/security/Provider.java | 129 +-
.../classes/java/security/SecureRandom.java | 70 +-
.../share/classes/javax/crypto/Cipher.java | 8 +-
.../classes/javax/crypto/JceSecurity.java | 2 -
.../classes/javax/crypto/KeyAgreement.java | 4 +-
.../classes/javax/crypto/KeyGenerator.java | 4 +-
.../classes/sun/security/provider/Sun.java | 25 +-
.../sun/security/provider/SunEntries.java | 333 ++---
.../provider/VerificationProvider.java | 28 +-
.../classes/sun/security/rsa/SunRsaSign.java | 25 +-
.../sun/security/rsa/SunRsaSignEntries.java | 171 +--
.../classes/sun/security/ssl/SunJSSE.java | 136 +-
.../Provider/BaseProviderValidator.java | 76 +
.../security/Provider/GetServiceRace.java | 98 ++
.../security/Provider/LegacyPutAlias.java | 86 ++
.../Provider/ProviderValidationUtil.java | 270 ++++
.../security/Provider/SunJCEValidator.java | 574 ++++++++
.../security/Provider/SunJSSEValidator.java | 137 ++
.../Provider/SunRsaSignValidator.java | 154 ++
.../java/security/Provider/SunValidator.java | 263 ++++
.../security/SecureRandom/DefaultAlgo.java | 117 ++
.../provider/GetServiceBenchmark.java | 83 ++
24 files changed, 2965 insertions(+), 1133 deletions(-)
create mode 100644 jdk/test/java/security/Provider/BaseProviderValidator.java
create mode 100644 jdk/test/java/security/Provider/GetServiceRace.java
create mode 100644 jdk/test/java/security/Provider/LegacyPutAlias.java
create mode 100644 jdk/test/java/security/Provider/ProviderValidationUtil.java
create mode 100644 jdk/test/java/security/Provider/SunJCEValidator.java
create mode 100644 jdk/test/java/security/Provider/SunJSSEValidator.java
create mode 100644 jdk/test/java/security/Provider/SunRsaSignValidator.java
create mode 100644 jdk/test/java/security/Provider/SunValidator.java
create mode 100644 jdk/test/java/security/SecureRandom/DefaultAlgo.java
create mode 100644 jdk/test/micro/org/openeuler/bench/security/provider/GetServiceBenchmark.java
diff --git a/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java b/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java
index 1e5b5dd0..66a26db2 100644
--- a/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java
+++ b/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java
@@ -28,7 +28,10 @@ package com.sun.crypto.provider;
import java.security.AccessController;
import java.security.Provider;
import java.security.SecureRandom;
-
+import java.security.PrivilegedAction;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
/**
* The "SunJCE" Cryptographic Service Provider.
@@ -78,16 +81,6 @@ public final class SunJCE extends Provider {
"(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, "
+ "Diffie-Hellman, HMAC)";
- private static final String OID_PKCS12_RC4_128 = "1.2.840.113549.1.12.1.1";
- private static final String OID_PKCS12_RC4_40 = "1.2.840.113549.1.12.1.2";
- private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3";
- private static final String OID_PKCS12_RC2_128 = "1.2.840.113549.1.12.1.5";
- private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6";
- private static final String OID_PKCS5_MD5_DES = "1.2.840.113549.1.5.3";
- private static final String OID_PKCS5_PBKDF2 = "1.2.840.113549.1.5.12";
- private static final String OID_PKCS5_PBES2 = "1.2.840.113549.1.5.13";
- private static final String OID_PKCS3 = "1.2.840.113549.1.3.1";
-
/* Are we debugging? -- for developers */
static final boolean debug = false;
@@ -102,10 +95,115 @@ public final class SunJCE extends Provider {
}
static SecureRandom getRandom() { return SecureRandomHolder.RANDOM; }
+ // create an aliases List from the specified aliases
+ public static List<String> createAliases(String ... aliases) {
+ return Arrays.asList(aliases);
+ }
+
+ // create an aliases List from the specified oid followed by other aliases
+ public static List<String> createAliasesWithOid(String ... oids) {
+ String[] result = Arrays.copyOf(oids, oids.length + 1);
+ result[result.length - 1] = "OID." + oids[0];
+ return Arrays.asList(result);
+ }
+
+ private void ps(String type, String algo, String cn,
+ List<String> aliases, HashMap<String, String> attrs) {
+ putService(new Provider.Service(this, type, algo, cn, aliases, attrs));
+ }
+
public SunJCE() {
/* We are the "SunJCE" provider */
super("SunJCE", 1.8d, info);
+ // if there is no security manager installed, put directly into
+ // the provider
+ if (System.getSecurityManager() == null) {
+ putEntries();
+ } else {
+ AccessController.doPrivileged(new PrivilegedAction<Void>() {
+ @Override
+ public Void run() {
+ putEntries();
+ return null;
+ }
+ });
+ }
+ if (instance == null) {
+ instance = this;
+ }
+ }
+
+ void putEntries() {
+ // common aliases and oids
+ List<String> aesAliases = createAliases("Rijndael");
+ List<String> desEdeAliases = createAliases("TripleDES");
+ List<String> arcFourAliases = createAliases("RC4");
+ List<String> sunTlsMSAliases = createAliases(
+ "SunTls12MasterSecret", "SunTlsExtendedMasterSecret"
+ );
+ List<String> sunTlsKMAliases = createAliases("SunTls12KeyMaterial");
+ List<String> sunTlsRsaPMSAliases = createAliases("SunTls12RsaPremasterSecret");
+
+ String aes128Oid = "2.16.840.1.101.3.4.1.";
+ String aes192Oid = "2.16.840.1.101.3.4.1.2";
+ String aes256Oid = "2.16.840.1.101.3.4.1.4";
+
+ List<String> pkcs12RC4_128Aliases =
+ createAliasesWithOid("1.2.840.113549.1.12.1.1");
+
+ List<String> pkcs12RC4_40Aliases =
+ createAliasesWithOid("1.2.840.113549.1.12.1.2");
+
+ List<String> pkcs12DESedeAliases =
+ createAliasesWithOid("1.2.840.113549.1.12.1.3");
+
+ List<String> pkcs12RC2_128Aliases =
+ createAliasesWithOid("1.2.840.113549.1.12.1.5");
+
+ List<String> pkcs12RC2_40Aliases =
+ createAliasesWithOid("1.2.840.113549.1.12.1.6");
+
+ List<String> pkcs5MD5_DESAliases =
+ createAliasesWithOid("1.2.840.113549.1.5.3", "PBE");
+
+ List<String> pkcs5PBKDF2Aliases =
+ createAliasesWithOid("1.2.840.113549.1.5.12");
+
+ List<String> pkcs5PBES2Aliases =
+ createAliasesWithOid("1.2.840.113549.1.5.13");
+
+ List<String> diffieHellmanAliases =
+ createAliasesWithOid("1.2.840.113549.1.3.1", "DH");
+
+ String macOidBase = "1.2.840.113549.2.";
+ List<String> macSHA1Aliases = createAliasesWithOid(macOidBase + "7");
+ List<String> macSHA224Aliases = createAliasesWithOid(macOidBase + "8");
+ List<String> macSHA256Aliases = createAliasesWithOid(macOidBase + "9");
+ List<String> macSHA384Aliases = createAliasesWithOid(macOidBase + "10");
+ List<String> macSHA512Aliases = createAliasesWithOid(macOidBase + "11");
+
+ // reuse attribute map and reset before each reuse
+ HashMap<String, String> attrs = new HashMap<>(3);
+ attrs.put("SupportedModes", "ECB");
+ attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
+ + "|OAEPWITHMD5ANDMGF1PADDING"
+ + "|OAEPWITHSHA1ANDMGF1PADDING"
+ + "|OAEPWITHSHA-1ANDMGF1PADDING"
+ + "|OAEPWITHSHA-224ANDMGF1PADDING"
+ + "|OAEPWITHSHA-256ANDMGF1PADDING"
+ + "|OAEPWITHSHA-384ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
+ attrs.put("SupportedKeyClasses",
+ "java.security.interfaces.RSAPublicKey" +
+ "|java.security.interfaces.RSAPrivateKey");
+ ps("Cipher", "RSA",
+ "com.sun.crypto.provider.RSACipher", null, attrs);
+
+ // common block cipher modes, pads
+
final String BLOCK_MODES = "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" +
"|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" +
"|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64";
@@ -114,694 +212,529 @@ public final class SunJCE extends Provider {
"|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128";
final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING";
- AccessController.doPrivileged(
- new java.security.PrivilegedAction<Object>() {
- public Object run() {
-
- /*
- * Cipher engines
- */
- put("Cipher.RSA", "com.sun.crypto.provider.RSACipher");
- put("Cipher.RSA SupportedModes", "ECB");
- put("Cipher.RSA SupportedPaddings",
- "NOPADDING|PKCS1PADDING|OAEPPADDING"
- + "|OAEPWITHMD5ANDMGF1PADDING"
- + "|OAEPWITHSHA1ANDMGF1PADDING"
- + "|OAEPWITHSHA-1ANDMGF1PADDING"
- + "|OAEPWITHSHA-224ANDMGF1PADDING"
- + "|OAEPWITHSHA-256ANDMGF1PADDING"
- + "|OAEPWITHSHA-384ANDMGF1PADDING"
- + "|OAEPWITHSHA-512ANDMGF1PADDING"
- + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
- + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
- put("Cipher.RSA SupportedKeyClasses",
- "java.security.interfaces.RSAPublicKey" +
- "|java.security.interfaces.RSAPrivateKey");
-
- put("Cipher.DES", "com.sun.crypto.provider.DESCipher");
- put("Cipher.DES SupportedModes", BLOCK_MODES);
- put("Cipher.DES SupportedPaddings", BLOCK_PADS);
- put("Cipher.DES SupportedKeyFormats", "RAW");
-
- put("Cipher.DESede", "com.sun.crypto.provider.DESedeCipher");
- put("Alg.Alias.Cipher.TripleDES", "DESede");
- put("Cipher.DESede SupportedModes", BLOCK_MODES);
- put("Cipher.DESede SupportedPaddings", BLOCK_PADS);
- put("Cipher.DESede SupportedKeyFormats", "RAW");
-
- put("Cipher.DESedeWrap",
- "com.sun.crypto.provider.DESedeWrapCipher");
- put("Cipher.DESedeWrap SupportedModes", "CBC");
- put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING");
- put("Cipher.DESedeWrap SupportedKeyFormats", "RAW");
-
- // PBES1
-
- put("Cipher.PBEWithMD5AndDES",
- "com.sun.crypto.provider.PBEWithMD5AndDESCipher");
- put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES,
- "PBEWithMD5AndDES");
- put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES,
- "PBEWithMD5AndDES");
-
- put("Cipher.PBEWithMD5AndTripleDES",
- "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
-
- put("Cipher.PBEWithSHA1AndDESede",
- "com.sun.crypto.provider.PKCS12PBECipherCore$" +
- "PBEWithSHA1AndDESede");
- put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede,
- "PBEWithSHA1AndDESede");
- put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
- "PBEWithSHA1AndDESede");
-
- put("Cipher.PBEWithSHA1AndRC2_40",
- "com.sun.crypto.provider.PKCS12PBECipherCore$" +
- "PBEWithSHA1AndRC2_40");
- put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40,
- "PBEWithSHA1AndRC2_40");
- put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40,
- "PBEWithSHA1AndRC2_40");
-
- put("Cipher.PBEWithSHA1AndRC2_128",
- "com.sun.crypto.provider.PKCS12PBECipherCore$" +
- "PBEWithSHA1AndRC2_128");
- put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_128,
- "PBEWithSHA1AndRC2_128");
- put("Alg.Alias.Cipher." + OID_PKCS12_RC2_128,
- "PBEWithSHA1AndRC2_128");
-
- put("Cipher.PBEWithSHA1AndRC4_40",
- "com.sun.crypto.provider.PKCS12PBECipherCore$" +
- "PBEWithSHA1AndRC4_40");
- put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_40,
- "PBEWithSHA1AndRC4_40");
- put("Alg.Alias.Cipher." + OID_PKCS12_RC4_40,
- "PBEWithSHA1AndRC4_40");
-
- put("Cipher.PBEWithSHA1AndRC4_128",
- "com.sun.crypto.provider.PKCS12PBECipherCore$" +
- "PBEWithSHA1AndRC4_128");
- put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_128,
- "PBEWithSHA1AndRC4_128");
- put("Alg.Alias.Cipher." + OID_PKCS12_RC4_128,
- "PBEWithSHA1AndRC4_128");
-
- //PBES2
-
- put("Cipher.PBEWithHmacSHA1AndAES_128",
- "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
-
- put("Cipher.PBEWithHmacSHA224AndAES_128",
- "com.sun.crypto.provider.PBES2Core$" +
- "HmacSHA224AndAES_128");
-
- put("Cipher.PBEWithHmacSHA256AndAES_128",
- "com.sun.crypto.provider.PBES2Core$" +
- "HmacSHA256AndAES_128");
-
- put("Cipher.PBEWithHmacSHA384AndAES_128",
- "com.sun.crypto.provider.PBES2Core$" +
- "HmacSHA384AndAES_128");
-
- put("Cipher.PBEWithHmacSHA512AndAES_128",
- "com.sun.crypto.provider.PBES2Core$" +
- "HmacSHA512AndAES_128");
-
- put("Cipher.PBEWithHmacSHA1AndAES_256",
- "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
-
- put("Cipher.PBEWithHmacSHA224AndAES_256",
- "com.sun.crypto.provider.PBES2Core$" +
- "HmacSHA224AndAES_256");
-
- put("Cipher.PBEWithHmacSHA256AndAES_256",
- "com.sun.crypto.provider.PBES2Core$" +
- "HmacSHA256AndAES_256");
-
- put("Cipher.PBEWithHmacSHA384AndAES_256",
- "com.sun.crypto.provider.PBES2Core$" +
- "HmacSHA384AndAES_256");
-
- put("Cipher.PBEWithHmacSHA512AndAES_256",
- "com.sun.crypto.provider.PBES2Core$" +
- "HmacSHA512AndAES_256");
-
- put("Cipher.Blowfish",
- "com.sun.crypto.provider.BlowfishCipher");
- put("Cipher.Blowfish SupportedModes", BLOCK_MODES);
- put("Cipher.Blowfish SupportedPaddings", BLOCK_PADS);
- put("Cipher.Blowfish SupportedKeyFormats", "RAW");
-
- put("Cipher.AES", "com.sun.crypto.provider.AESCipher$General");
- put("Alg.Alias.Cipher.Rijndael", "AES");
- put("Cipher.AES SupportedModes", BLOCK_MODES128);
- put("Cipher.AES SupportedPaddings", BLOCK_PADS);
- put("Cipher.AES SupportedKeyFormats", "RAW");
-
- put("Cipher.AES_128/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding");
- put("Cipher.AES_128/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding");
- put("Cipher.AES_128/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding");
- put("Cipher.AES_128/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding");
- put("Cipher.AES_128/GCM/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_GCM_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding");
-
- put("Cipher.AES_192/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding");
- put("Cipher.AES_192/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding");
- put("Cipher.AES_192/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding");
- put("Cipher.AES_192/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding");
- put("Cipher.AES_192/GCM/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_GCM_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding");
-
- put("Cipher.AES_256/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding");
- put("Cipher.AES_256/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding");
- put("Cipher.AES_256/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding");
- put("Cipher.AES_256/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding");
- put("Cipher.AES_256/GCM/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_GCM_NoPadding");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding");
-
- put("Cipher.AESWrap", "com.sun.crypto.provider.AESWrapCipher$General");
- put("Cipher.AESWrap SupportedModes", "ECB");
- put("Cipher.AESWrap SupportedPaddings", "NOPADDING");
- put("Cipher.AESWrap SupportedKeyFormats", "RAW");
-
- put("Cipher.AESWrap_128", "com.sun.crypto.provider.AESWrapCipher$AES128");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.5", "AESWrap_128");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.5", "AESWrap_128");
- put("Cipher.AESWrap_192", "com.sun.crypto.provider.AESWrapCipher$AES192");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.25", "AESWrap_192");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.25", "AESWrap_192");
- put("Cipher.AESWrap_256", "com.sun.crypto.provider.AESWrapCipher$AES256");
- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.45", "AESWrap_256");
- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.45", "AESWrap_256");
-
- put("Cipher.RC2",
- "com.sun.crypto.provider.RC2Cipher");
- put("Cipher.RC2 SupportedModes", BLOCK_MODES);
- put("Cipher.RC2 SupportedPaddings", BLOCK_PADS);
- put("Cipher.RC2 SupportedKeyFormats", "RAW");
-
- put("Cipher.ARCFOUR",
- "com.sun.crypto.provider.ARCFOURCipher");
- put("Alg.Alias.Cipher.RC4", "ARCFOUR");
- put("Cipher.ARCFOUR SupportedModes", "ECB");
- put("Cipher.ARCFOUR SupportedPaddings", "NOPADDING");
- put("Cipher.ARCFOUR SupportedKeyFormats", "RAW");
-
- /*
- * Key(pair) Generator engines
- */
- put("KeyGenerator.DES",
- "com.sun.crypto.provider.DESKeyGenerator");
-
- put("KeyGenerator.DESede",
- "com.sun.crypto.provider.DESedeKeyGenerator");
- put("Alg.Alias.KeyGenerator.TripleDES", "DESede");
-
- put("KeyGenerator.Blowfish",
- "com.sun.crypto.provider.BlowfishKeyGenerator");
-
- put("KeyGenerator.AES",
- "com.sun.crypto.provider.AESKeyGenerator");
- put("Alg.Alias.KeyGenerator.Rijndael", "AES");
-
- put("KeyGenerator.RC2",
- "com.sun.crypto.provider.KeyGeneratorCore$" +
- "RC2KeyGenerator");
- put("KeyGenerator.ARCFOUR",
- "com.sun.crypto.provider.KeyGeneratorCore$" +
- "ARCFOURKeyGenerator");
- put("Alg.Alias.KeyGenerator.RC4", "ARCFOUR");
-
- put("KeyGenerator.HmacMD5",
- "com.sun.crypto.provider.HmacMD5KeyGenerator");
-
- put("KeyGenerator.HmacSHA1",
- "com.sun.crypto.provider.HmacSHA1KeyGenerator");
- put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.7", "HmacSHA1");
- put("Alg.Alias.KeyGenerator.1.2.840.113549.2.7", "HmacSHA1");
-
- put("KeyGenerator.HmacSHA224",
- "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224");
- put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.8", "HmacSHA224");
- put("Alg.Alias.KeyGenerator.1.2.840.113549.2.8", "HmacSHA224");
-
- put("KeyGenerator.HmacSHA256",
- "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256");
- put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.9", "HmacSHA256");
- put("Alg.Alias.KeyGenerator.1.2.840.113549.2.9", "HmacSHA256");
-
- put("KeyGenerator.HmacSHA384",
- "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384");
- put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.10", "HmacSHA384");
- put("Alg.Alias.KeyGenerator.1.2.840.113549.2.10", "HmacSHA384");
-
- put("KeyGenerator.HmacSHA512",
- "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512");
- put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.11", "HmacSHA512");
- put("Alg.Alias.KeyGenerator.1.2.840.113549.2.11", "HmacSHA512");
-
- put("KeyPairGenerator.DiffieHellman",
- "com.sun.crypto.provider.DHKeyPairGenerator");
- put("Alg.Alias.KeyPairGenerator.DH", "DiffieHellman");
- put("Alg.Alias.KeyPairGenerator.OID."+OID_PKCS3,
- "DiffieHellman");
- put("Alg.Alias.KeyPairGenerator."+OID_PKCS3,
- "DiffieHellman");
-
- /*
- * Algorithm parameter generation engines
- */
- put("AlgorithmParameterGenerator.DiffieHellman",
- "com.sun.crypto.provider.DHParameterGenerator");
- put("Alg.Alias.AlgorithmParameterGenerator.DH",
- "DiffieHellman");
- put("Alg.Alias.AlgorithmParameterGenerator.OID."+OID_PKCS3,
- "DiffieHellman");
- put("Alg.Alias.AlgorithmParameterGenerator."+OID_PKCS3,
- "DiffieHellman");
-
- /*
- * Key Agreement engines
- */
- put("KeyAgreement.DiffieHellman",
- "com.sun.crypto.provider.DHKeyAgreement");
- put("Alg.Alias.KeyAgreement.DH", "DiffieHellman");
- put("Alg.Alias.KeyAgreement.OID."+OID_PKCS3, "DiffieHellman");
- put("Alg.Alias.KeyAgreement."+OID_PKCS3, "DiffieHellman");
-
- put("KeyAgreement.DiffieHellman SupportedKeyClasses",
- "javax.crypto.interfaces.DHPublicKey" +
- "|javax.crypto.interfaces.DHPrivateKey");
-
- /*
- * Algorithm Parameter engines
- */
- put("AlgorithmParameters.DiffieHellman",
- "com.sun.crypto.provider.DHParameters");
- put("Alg.Alias.AlgorithmParameters.DH", "DiffieHellman");
- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS3,
- "DiffieHellman");
- put("Alg.Alias.AlgorithmParameters."+OID_PKCS3,
- "DiffieHellman");
-
- put("AlgorithmParameters.DES",
- "com.sun.crypto.provider.DESParameters");
-
- put("AlgorithmParameters.DESede",
- "com.sun.crypto.provider.DESedeParameters");
- put("Alg.Alias.AlgorithmParameters.TripleDES", "DESede");
-
- put("AlgorithmParameters.PBE",
- "com.sun.crypto.provider.PBEParameters");
-
- put("AlgorithmParameters.PBEWithMD5AndDES",
- "com.sun.crypto.provider.PBEParameters");
- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_MD5_DES,
- "PBEWithMD5AndDES");
- put("Alg.Alias.AlgorithmParameters."+OID_PKCS5_MD5_DES,
- "PBEWithMD5AndDES");
-
- put("AlgorithmParameters.PBEWithMD5AndTripleDES",
- "com.sun.crypto.provider.PBEParameters");
-
- put("AlgorithmParameters.PBEWithSHA1AndDESede",
- "com.sun.crypto.provider.PBEParameters");
- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_DESede,
- "PBEWithSHA1AndDESede");
- put("Alg.Alias.AlgorithmParameters."+OID_PKCS12_DESede,
- "PBEWithSHA1AndDESede");
-
- put("AlgorithmParameters.PBEWithSHA1AndRC2_40",
- "com.sun.crypto.provider.PBEParameters");
- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_40,
- "PBEWithSHA1AndRC2_40");
- put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40,
- "PBEWithSHA1AndRC2_40");
-
- put("AlgorithmParameters.PBEWithSHA1AndRC2_128",
- "com.sun.crypto.provider.PBEParameters");
- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_128,
- "PBEWithSHA1AndRC2_128");
- put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_128,
- "PBEWithSHA1AndRC2_128");
-
- put("AlgorithmParameters.PBEWithSHA1AndRC4_40",
- "com.sun.crypto.provider.PBEParameters");
- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_40,
- "PBEWithSHA1AndRC4_40");
- put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_40,
- "PBEWithSHA1AndRC4_40");
-
- put("AlgorithmParameters.PBEWithSHA1AndRC4_128",
- "com.sun.crypto.provider.PBEParameters");
- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_128,
- "PBEWithSHA1AndRC4_128");
- put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_128,
- "PBEWithSHA1AndRC4_128");
-
- put("AlgorithmParameters.PBES2",
- "com.sun.crypto.provider.PBES2Parameters$General");
- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_PBES2,
- "PBES2");
- put("Alg.Alias.AlgorithmParameters." + OID_PKCS5_PBES2,
- "PBES2");
-
- put("AlgorithmParameters.PBEWithHmacSHA1AndAES_128",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128");
-
- put("AlgorithmParameters.PBEWithHmacSHA224AndAES_128",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128");
-
- put("AlgorithmParameters.PBEWithHmacSHA256AndAES_128",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128");
-
- put("AlgorithmParameters.PBEWithHmacSHA384AndAES_128",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128");
-
- put("AlgorithmParameters.PBEWithHmacSHA512AndAES_128",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128");
-
- put("AlgorithmParameters.PBEWithHmacSHA1AndAES_256",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256");
-
- put("AlgorithmParameters.PBEWithHmacSHA224AndAES_256",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256");
-
- put("AlgorithmParameters.PBEWithHmacSHA256AndAES_256",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256");
-
- put("AlgorithmParameters.PBEWithHmacSHA384AndAES_256",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256");
-
- put("AlgorithmParameters.PBEWithHmacSHA512AndAES_256",
- "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256");
-
- put("AlgorithmParameters.Blowfish",
- "com.sun.crypto.provider.BlowfishParameters");
-
- put("AlgorithmParameters.AES",
- "com.sun.crypto.provider.AESParameters");
- put("Alg.Alias.AlgorithmParameters.Rijndael", "AES");
- put("AlgorithmParameters.GCM",
- "com.sun.crypto.provider.GCMParameters");
-
-
- put("AlgorithmParameters.RC2",
- "com.sun.crypto.provider.RC2Parameters");
-
- put("AlgorithmParameters.OAEP",
- "com.sun.crypto.provider.OAEPParameters");
-
- /*
- * Key factories
- */
- put("KeyFactory.DiffieHellman",
- "com.sun.crypto.provider.DHKeyFactory");
- put("Alg.Alias.KeyFactory.DH", "DiffieHellman");
- put("Alg.Alias.KeyFactory.OID."+OID_PKCS3,
- "DiffieHellman");
- put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman");
-
- /*
- * Secret-key factories
- */
- put("SecretKeyFactory.DES",
- "com.sun.crypto.provider.DESKeyFactory");
-
- put("SecretKeyFactory.DESede",
- "com.sun.crypto.provider.DESedeKeyFactory");
- put("Alg.Alias.SecretKeyFactory.TripleDES", "DESede");
-
- put("SecretKeyFactory.PBEWithMD5AndDES",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES"
- );
- put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS5_MD5_DES,
- "PBEWithMD5AndDES");
- put("Alg.Alias.SecretKeyFactory."+OID_PKCS5_MD5_DES,
- "PBEWithMD5AndDES");
-
- put("Alg.Alias.SecretKeyFactory.PBE",
- "PBEWithMD5AndDES");
-
- /*
- * Internal in-house crypto algorithm used for
- * the JCEKS keystore type. Since this was developed
- * internally, there isn't an OID corresponding to this
- * algorithm.
- */
- put("SecretKeyFactory.PBEWithMD5AndTripleDES",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithMD5AndTripleDES"
- );
-
- put("SecretKeyFactory.PBEWithSHA1AndDESede",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede"
- );
- put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS12_DESede,
- "PBEWithSHA1AndDESede");
- put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_DESede,
- "PBEWithSHA1AndDESede");
-
- put("SecretKeyFactory.PBEWithSHA1AndRC2_40",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40"
- );
- put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_40,
- "PBEWithSHA1AndRC2_40");
- put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40,
- "PBEWithSHA1AndRC2_40");
-
- put("SecretKeyFactory.PBEWithSHA1AndRC2_128",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128"
- );
- put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_128,
- "PBEWithSHA1AndRC2_128");
- put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_128,
- "PBEWithSHA1AndRC2_128");
-
- put("SecretKeyFactory.PBEWithSHA1AndRC4_40",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40"
- );
-
- put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_40,
- "PBEWithSHA1AndRC4_40");
- put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_40,
- "PBEWithSHA1AndRC4_40");
-
- put("SecretKeyFactory.PBEWithSHA1AndRC4_128",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128"
- );
-
- put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_128,
- "PBEWithSHA1AndRC4_128");
- put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_128,
- "PBEWithSHA1AndRC4_128");
-
- put("SecretKeyFactory.PBEWithHmacSHA1AndAES_128",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA1AndAES_128");
-
- put("SecretKeyFactory.PBEWithHmacSHA224AndAES_128",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA224AndAES_128");
-
- put("SecretKeyFactory.PBEWithHmacSHA256AndAES_128",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA256AndAES_128");
-
- put("SecretKeyFactory.PBEWithHmacSHA384AndAES_128",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA384AndAES_128");
-
- put("SecretKeyFactory.PBEWithHmacSHA512AndAES_128",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA512AndAES_128");
-
- put("SecretKeyFactory.PBEWithHmacSHA1AndAES_256",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA1AndAES_256");
-
- put("SecretKeyFactory.PBEWithHmacSHA224AndAES_256",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA224AndAES_256");
-
- put("SecretKeyFactory.PBEWithHmacSHA256AndAES_256",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA256AndAES_256");
-
- put("SecretKeyFactory.PBEWithHmacSHA384AndAES_256",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA384AndAES_256");
-
- put("SecretKeyFactory.PBEWithHmacSHA512AndAES_256",
- "com.sun.crypto.provider.PBEKeyFactory$" +
- "PBEWithHmacSHA512AndAES_256");
-
- // PBKDF2
-
- put("SecretKeyFactory.PBKDF2WithHmacSHA1",
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA1");
- put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2,
- "PBKDF2WithHmacSHA1");
- put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2,
- "PBKDF2WithHmacSHA1");
-
- put("SecretKeyFactory.PBKDF2WithHmacSHA224",
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
- put("SecretKeyFactory.PBKDF2WithHmacSHA256",
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
- put("SecretKeyFactory.PBKDF2WithHmacSHA384",
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
- put("SecretKeyFactory.PBKDF2WithHmacSHA512",
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
-
- /*
- * MAC
- */
- put("Mac.HmacMD5", "com.sun.crypto.provider.HmacMD5");
- put("Mac.HmacSHA1", "com.sun.crypto.provider.HmacSHA1");
- put("Alg.Alias.Mac.OID.1.2.840.113549.2.7", "HmacSHA1");
- put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1");
- put("Mac.HmacSHA224",
- "com.sun.crypto.provider.HmacCore$HmacSHA224");
- put("Alg.Alias.Mac.OID.1.2.840.113549.2.8", "HmacSHA224");
- put("Alg.Alias.Mac.1.2.840.113549.2.8", "HmacSHA224");
- put("Mac.HmacSHA256",
- "com.sun.crypto.provider.HmacCore$HmacSHA256");
- put("Alg.Alias.Mac.OID.1.2.840.113549.2.9", "HmacSHA256");
- put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256");
- put("Mac.HmacSHA384",
- "com.sun.crypto.provider.HmacCore$HmacSHA384");
- put("Alg.Alias.Mac.OID.1.2.840.113549.2.10", "HmacSHA384");
- put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384");
- put("Mac.HmacSHA512",
- "com.sun.crypto.provider.HmacCore$HmacSHA512");
- put("Alg.Alias.Mac.OID.1.2.840.113549.2.11", "HmacSHA512");
- put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512");
-
- put("Mac.HmacPBESHA1",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1");
- put("Mac.HmacPBESHA224",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224");
- put("Mac.HmacPBESHA256",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256");
- put("Mac.HmacPBESHA384",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384");
- put("Mac.HmacPBESHA512",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512");
- put("Mac.HmacPBESHA512/224",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224");
- put("Mac.HmacPBESHA512/256",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256");
-
- // PBMAC1
-
- put("Mac.PBEWithHmacSHA1",
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA1");
- put("Mac.PBEWithHmacSHA224",
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA224");
- put("Mac.PBEWithHmacSHA256",
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA256");
- put("Mac.PBEWithHmacSHA384",
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA384");
- put("Mac.PBEWithHmacSHA512",
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA512");
-
- put("Mac.SslMacMD5",
- "com.sun.crypto.provider.SslMacCore$SslMacMD5");
- put("Mac.SslMacSHA1",
- "com.sun.crypto.provider.SslMacCore$SslMacSHA1");
-
- put("Mac.HmacMD5 SupportedKeyFormats", "RAW");
- put("Mac.HmacSHA1 SupportedKeyFormats", "RAW");
- put("Mac.HmacSHA224 SupportedKeyFormats", "RAW");
- put("Mac.HmacSHA256 SupportedKeyFormats", "RAW");
- put("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
- put("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
- put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW");
- put("Mac.HmacPBESHA224 SupportedKeyFormats", "RAW");
- put("Mac.HmacPBESHA256 SupportedKeyFormats", "RAW");
- put("Mac.HmacPBESHA384 SupportedKeyFormats", "RAW");
- put("Mac.HmacPBESHA512 SupportedKeyFormats", "RAW");
- put("Mac.HmacPBESHA512/224 SupportedKeyFormats", "RAW");
- put("Mac.HmacPBESHA512/256 SupportedKeyFormats", "RAW");
- put("Mac.PBEWithHmacSHA1 SupportedKeyFormatS", "RAW");
- put("Mac.PBEWithHmacSHA224 SupportedKeyFormats", "RAW");
- put("Mac.PBEWithHmacSHA256 SupportedKeyFormats", "RAW");
- put("Mac.PBEWithHmacSHA384 SupportedKeyFormats", "RAW");
- put("Mac.PBEWithHmacSHA512 SupportedKeyFormats", "RAW");
- put("Mac.SslMacMD5 SupportedKeyFormats", "RAW");
- put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW");
-
- /*
- * KeyStore
- */
- put("KeyStore.JCEKS", "com.sun.crypto.provider.JceKeyStore");
-
- /*
- * SSL/TLS mechanisms
- *
- * These are strictly internal implementations and may
- * be changed at any time. These names were chosen
- * because PKCS11/SunPKCS11 does not yet have TLS1.2
- * mechanisms, and it will cause calls to come here.
- */
- put("KeyGenerator.SunTlsPrf",
- "com.sun.crypto.provider.TlsPrfGenerator$V10");
- put("KeyGenerator.SunTls12Prf",
- "com.sun.crypto.provider.TlsPrfGenerator$V12");
-
- put("KeyGenerator.SunTlsMasterSecret",
- "com.sun.crypto.provider.TlsMasterSecretGenerator");
- put("Alg.Alias.KeyGenerator.SunTls12MasterSecret",
- "SunTlsMasterSecret");
- put("Alg.Alias.KeyGenerator.SunTlsExtendedMasterSecret",
- "SunTlsMasterSecret");
-
- put("KeyGenerator.SunTlsKeyMaterial",
- "com.sun.crypto.provider.TlsKeyMaterialGenerator");
- put("Alg.Alias.KeyGenerator.SunTls12KeyMaterial",
- "SunTlsKeyMaterial");
-
- put("KeyGenerator.SunTlsRsaPremasterSecret",
- "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator");
- put("Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret",
- "SunTlsRsaPremasterSecret");
-
- return null;
- }
- });
-
- if (instance == null) {
- instance = this;
- }
+ attrs.clear();
+ attrs.put("SupportedModes", BLOCK_MODES);
+ attrs.put("SupportedPaddings", BLOCK_PADS);
+ attrs.put("SupportedKeyFormats", "RAW");
+ ps("Cipher", "DES",
+ "com.sun.crypto.provider.DESCipher", null, attrs);
+ ps("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher",
+ desEdeAliases, attrs);
+ ps("Cipher", "Blowfish",
+ "com.sun.crypto.provider.BlowfishCipher", null, attrs);
+
+ ps("Cipher", "RC2",
+ "com.sun.crypto.provider.RC2Cipher", null, attrs);
+
+ attrs.clear();
+ attrs.put("SupportedModes", BLOCK_MODES128);
+ attrs.put("SupportedPaddings", BLOCK_PADS);
+ attrs.put("SupportedKeyFormats", "RAW");
+ ps("Cipher", "AES", "com.sun.crypto.provider.AESCipher$General",
+ aesAliases, attrs);
+
+ attrs.clear();
+ attrs.put("SupportedKeyFormats", "RAW");
+ ps("Cipher", "AES_128/ECB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding",
+ createAliasesWithOid(aes128Oid+"1"), attrs);
+ ps("Cipher", "AES_128/CBC/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding",
+ createAliasesWithOid(aes128Oid+"2"), attrs);
+ ps("Cipher", "AES_128/OFB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding",
+ createAliasesWithOid(aes128Oid+"3"), attrs);
+ ps("Cipher", "AES_128/CFB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding",
+ createAliasesWithOid(aes128Oid+"4"), attrs);
+ ps("Cipher", "AES_128/GCM/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES128_GCM_NoPadding",
+ createAliasesWithOid(aes128Oid+"6"), attrs);
+
+ ps("Cipher", "AES_192/ECB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding",
+ createAliasesWithOid(aes192Oid+"1"), attrs);
+ ps("Cipher", "AES_192/CBC/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding",
+ createAliasesWithOid(aes192Oid+"2"), attrs);
+ ps("Cipher", "AES_192/OFB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding",
+ createAliasesWithOid(aes192Oid+"3"), attrs);
+ ps("Cipher", "AES_192/CFB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding",
+ createAliasesWithOid(aes192Oid+"4"), attrs);
+ ps("Cipher", "AES_192/GCM/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES192_GCM_NoPadding",
+ createAliasesWithOid(aes192Oid+"6"), attrs);
+
+ ps("Cipher", "AES_256/ECB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding",
+ createAliasesWithOid(aes256Oid+"1"), attrs);
+ ps("Cipher", "AES_256/CBC/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding",
+ createAliasesWithOid(aes256Oid+"2"), attrs);
+ ps("Cipher", "AES_256/OFB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding",
+ createAliasesWithOid(aes256Oid+"3"), attrs);
+ ps("Cipher", "AES_256/CFB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding",
+ createAliasesWithOid(aes256Oid+"4"), attrs);
+ ps("Cipher", "AES_256/GCM/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES256_GCM_NoPadding",
+ createAliasesWithOid(aes256Oid+"6"), attrs);
+
+ attrs.clear();
+ attrs.put("SupportedModes", "CBC");
+ attrs.put("SupportedPaddings", "NOPADDING");
+ attrs.put("SupportedKeyFormats", "RAW");
+ ps("Cipher", "DESedeWrap",
+ "com.sun.crypto.provider.DESedeWrapCipher", null, attrs);
+
+ attrs.clear();
+ attrs.put("SupportedModes", "ECB");
+ attrs.put("SupportedPaddings", "NOPADDING");
+ attrs.put("SupportedKeyFormats", "RAW");
+ ps("Cipher", "ARCFOUR", "com.sun.crypto.provider.ARCFOURCipher",
+ arcFourAliases, attrs);
+ ps("Cipher", "AESWrap", "com.sun.crypto.provider.AESWrapCipher$General",
+ null, attrs);
+ ps("Cipher", "AESWrap_128",
+ "com.sun.crypto.provider.AESWrapCipher$AES128",
+ createAliasesWithOid(aes128Oid+"5"), attrs);
+ ps("Cipher", "AESWrap_192",
+ "com.sun.crypto.provider.AESWrapCipher$AES192",
+ createAliasesWithOid(aes192Oid+"5"), attrs);
+ ps("Cipher", "AESWrap_256",
+ "com.sun.crypto.provider.AESWrapCipher$AES256",
+ createAliasesWithOid(aes256Oid+"5"), attrs);
+
+ attrs.clear();
+ attrs.put("SupportedKeyFormats", "RAW");
+
+ // PBES1
+ ps("Cipher", "PBEWithMD5AndDES",
+ "com.sun.crypto.provider.PBEWithMD5AndDESCipher",
+ pkcs5MD5_DESAliases, null);
+ ps("Cipher", "PBEWithMD5AndTripleDES",
+ "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher",
+ null, null);
+ ps("Cipher", "PBEWithSHA1AndDESede",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede",
+ pkcs12DESedeAliases, null);
+ ps("Cipher", "PBEWithSHA1AndRC2_40",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40",
+ pkcs12RC2_40Aliases, null);
+ ps("Cipher", "PBEWithSHA1AndRC2_128",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128",
+ pkcs12RC2_128Aliases, null);
+ ps("Cipher", "PBEWithSHA1AndRC4_40",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40",
+ pkcs12RC4_40Aliases, null);
+
+ ps("Cipher", "PBEWithSHA1AndRC4_128",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128",
+ pkcs12RC4_128Aliases, null);
+
+ // PBES2
+ ps("Cipher", "PBEWithHmacSHA1AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128",
+ null, null);
+
+ ps("Cipher", "PBEWithHmacSHA224AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128",
+ null, null);
+
+ ps("Cipher", "PBEWithHmacSHA256AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128",
+ null, null);
+
+ ps("Cipher", "PBEWithHmacSHA384AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128",
+ null, null);
+
+ ps("Cipher", "PBEWithHmacSHA512AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128",
+ null, null);
+
+ ps("Cipher", "PBEWithHmacSHA1AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256",
+ null, null);
+
+ ps("Cipher", "PBEWithHmacSHA224AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256",
+ null, null);
+
+ ps("Cipher", "PBEWithHmacSHA256AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256",
+ null, null);
+
+ ps("Cipher", "PBEWithHmacSHA384AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256",
+ null, null);
+
+ ps("Cipher", "PBEWithHmacSHA512AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256",
+ null, null);
+
+ /*
+ * Key(pair) Generator engines
+ */
+ ps("KeyGenerator", "DES",
+ "com.sun.crypto.provider.DESKeyGenerator",
+ null, null);
+ ps("KeyGenerator", "DESede",
+ "com.sun.crypto.provider.DESedeKeyGenerator",
+ desEdeAliases, null);
+ ps("KeyGenerator", "Blowfish",
+ "com.sun.crypto.provider.BlowfishKeyGenerator",
+ null, null);
+ ps("KeyGenerator", "AES",
+ "com.sun.crypto.provider.AESKeyGenerator",
+ aesAliases, null);
+ ps("KeyGenerator", "RC2",
+ "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator",
+ null, null);
+ ps("KeyGenerator", "ARCFOUR",
+ "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator",
+ arcFourAliases, null);
+ ps("KeyGenerator", "HmacMD5",
+ "com.sun.crypto.provider.HmacMD5KeyGenerator",
+ null, null);
+
+ ps("KeyGenerator", "HmacSHA1",
+ "com.sun.crypto.provider.HmacSHA1KeyGenerator",
+ macSHA1Aliases, null);
+ ps("KeyGenerator", "HmacSHA224",
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224",
+ macSHA224Aliases, null);
+ ps("KeyGenerator", "HmacSHA256",
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256",
+ macSHA256Aliases, null);
+ ps("KeyGenerator", "HmacSHA384",
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384",
+ macSHA384Aliases, null);
+ ps("KeyGenerator", "HmacSHA512",
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512",
+ macSHA512Aliases, null);
+
+ ps("KeyPairGenerator", "DiffieHellman",
+ "com.sun.crypto.provider.DHKeyPairGenerator",
+ diffieHellmanAliases, null);
+
+ /*
+ * Algorithm parameter generation engines
+ */
+ ps("AlgorithmParameterGenerator",
+ "DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator",
+ diffieHellmanAliases, null);
+
+ /*
+ * Key Agreement engines
+ */
+ attrs.clear();
+ attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" +
+ "|javax.crypto.interfaces.DHPrivateKey");
+ ps("KeyAgreement", "DiffieHellman",
+ "com.sun.crypto.provider.DHKeyAgreement",
+ diffieHellmanAliases, attrs);
+
+ /*
+ * Algorithm Parameter engines
+ */
+ ps("AlgorithmParameters", "DiffieHellman",
+ "com.sun.crypto.provider.DHParameters",
+ diffieHellmanAliases, null);
+
+ ps("AlgorithmParameters", "DES",
+ "com.sun.crypto.provider.DESParameters",
+ null, null);
+
+ ps("AlgorithmParameters", "DESede",
+ "com.sun.crypto.provider.DESedeParameters",
+ desEdeAliases, null);
+
+ ps("AlgorithmParameters", "PBEWithMD5AndDES",
+ "com.sun.crypto.provider.PBEParameters",
+ pkcs5MD5_DESAliases, null);
+
+ ps("AlgorithmParameters", "PBEWithMD5AndTripleDES",
+ "com.sun.crypto.provider.PBEParameters",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithSHA1AndDESede",
+ "com.sun.crypto.provider.PBEParameters",
+ pkcs12DESedeAliases, null);
+
+ ps("AlgorithmParameters", "PBEWithSHA1AndRC2_40",
+ "com.sun.crypto.provider.PBEParameters",
+ pkcs12RC2_40Aliases, null);
+
+ ps("AlgorithmParameters", "PBEWithSHA1AndRC2_128",
+ "com.sun.crypto.provider.PBEParameters",
+ pkcs12RC2_128Aliases, null);
+
+ ps("AlgorithmParameters", "PBEWithSHA1AndRC4_40",
+ "com.sun.crypto.provider.PBEParameters",
+ pkcs12RC4_40Aliases, null);
+
+ ps("AlgorithmParameters", "PBEWithSHA1AndRC4_128",
+ "com.sun.crypto.provider.PBEParameters",
+ pkcs12RC4_128Aliases, null);
+
+ ps("AlgorithmParameters", "PBES2",
+ "com.sun.crypto.provider.PBES2Parameters$General",
+ pkcs5PBES2Aliases, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256",
+ null, null);
+
+ ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256",
+ null, null);
+
+ ps("AlgorithmParameters", "Blowfish",
+ "com.sun.crypto.provider.BlowfishParameters",
+ null, null);
+
+ ps("AlgorithmParameters", "AES",
+ "com.sun.crypto.provider.AESParameters",
+ aesAliases, null);
+
+ ps("AlgorithmParameters", "GCM",
+ "com.sun.crypto.provider.GCMParameters",
+ null, null);
+
+ ps("AlgorithmParameters", "RC2",
+ "com.sun.crypto.provider.RC2Parameters",
+ null, null);
+
+ ps("AlgorithmParameters", "OAEP",
+ "com.sun.crypto.provider.OAEPParameters",
+ null, null);
+
+ /*
+ * Key factories
+ */
+ ps("KeyFactory", "DiffieHellman",
+ "com.sun.crypto.provider.DHKeyFactory",
+ diffieHellmanAliases, null);
+
+ /*
+ * Secret-key factories
+ */
+ ps("SecretKeyFactory", "DES",
+ "com.sun.crypto.provider.DESKeyFactory",
+ null, null);
+
+ ps("SecretKeyFactory", "DESede",
+ "com.sun.crypto.provider.DESedeKeyFactory",
+ desEdeAliases, null);
+
+ ps("SecretKeyFactory", "PBEWithMD5AndDES",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES",
+ pkcs5MD5_DESAliases, null);
+
+ /*
+ * Internal in-house crypto algorithm used for
+ * the JCEKS keystore type. Since this was developed
+ * internally, there isn't an OID corresponding to this
+ * algorithm.
+ */
+ ps("SecretKeyFactory", "PBEWithMD5AndTripleDES",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithSHA1AndDESede",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede",
+ pkcs12DESedeAliases, null);
+
+ ps("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40",
+ pkcs12RC2_40Aliases, null);
+
+ ps("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128",
+ pkcs12RC2_128Aliases, null);
+
+ ps("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40",
+ pkcs12RC4_40Aliases,null);
+
+ ps("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128",
+ pkcs12RC4_128Aliases, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256",
+ null, null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256",
+ null, null);
+
+ // PBKDF2
+ ps("SecretKeyFactory", "PBKDF2WithHmacSHA1",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA1",
+ pkcs5PBKDF2Aliases, null);
+ ps("SecretKeyFactory", "PBKDF2WithHmacSHA224",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA224",
+ null, null);
+ ps("SecretKeyFactory", "PBKDF2WithHmacSHA256",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA256",
+ null, null);
+ ps("SecretKeyFactory", "PBKDF2WithHmacSHA384",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA384",
+ null, null);
+ ps("SecretKeyFactory", "PBKDF2WithHmacSHA512",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA512",
+ null, null);
+
+ /*
+ * MAC
+ */
+ attrs.clear();
+ attrs.put("SupportedKeyFormats", "RAW");
+ ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs);
+ ps("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1",
+ macSHA1Aliases, attrs);
+ ps("Mac", "HmacSHA224", "com.sun.crypto.provider.HmacCore$HmacSHA224",
+ macSHA224Aliases, attrs);
+ ps("Mac", "HmacSHA256", "com.sun.crypto.provider.HmacCore$HmacSHA256",
+ macSHA256Aliases, attrs);
+ ps("Mac", "HmacSHA384", "com.sun.crypto.provider.HmacCore$HmacSHA384",
+ macSHA384Aliases, attrs);
+ ps("Mac", "HmacSHA512", "com.sun.crypto.provider.HmacCore$HmacSHA512",
+ macSHA512Aliases, attrs);
+ // TODO: aliases with OIDs
+ ps("Mac", "HmacPBESHA1", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1",
+ null, attrs);
+ ps("Mac", "HmacPBESHA224", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224",
+ null, attrs);
+ ps("Mac", "HmacPBESHA256", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256",
+ null, attrs);
+ ps("Mac", "HmacPBESHA384", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384",
+ null, attrs);
+ ps("Mac", "HmacPBESHA512", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512",
+ null, attrs);
+ ps("Mac", "HmacPBESHA512/224", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224",
+ null, attrs);
+ ps("Mac", "HmacPBESHA512/256", "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256",
+ null, attrs);
+
+ // PBMAC1
+ ps("Mac", "PBEWithHmacSHA1",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs);
+ ps("Mac", "PBEWithHmacSHA224",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA224", null, attrs);
+ ps("Mac", "PBEWithHmacSHA256",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA256", null, attrs);
+ ps("Mac", "PBEWithHmacSHA384",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs);
+ ps("Mac", "PBEWithHmacSHA512",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs);
+ ps("Mac", "SslMacMD5",
+ "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs);
+ ps("Mac", "SslMacSHA1",
+ "com.sun.crypto.provider.SslMacCore$SslMacSHA1", null, attrs);
+
+ /*
+ * KeyStore
+ */
+ ps("KeyStore", "JCEKS",
+ "com.sun.crypto.provider.JceKeyStore",
+ null, null);
+
+ /*
+ * SSL/TLS mechanisms
+ *
+ * These are strictly internal implementations and may
+ * be changed at any time. These names were chosen
+ * because PKCS11/SunPKCS11 does not yet have TLS1.2
+ * mechanisms, and it will cause calls to come here.
+ */
+ ps("KeyGenerator", "SunTlsPrf",
+ "com.sun.crypto.provider.TlsPrfGenerator$V10",
+ null, null);
+ ps("KeyGenerator", "SunTls12Prf",
+ "com.sun.crypto.provider.TlsPrfGenerator$V12",
+ null, null);
+
+ ps("KeyGenerator", "SunTlsMasterSecret",
+ "com.sun.crypto.provider.TlsMasterSecretGenerator",
+ createAliases("SunTls12MasterSecret",
+ "SunTlsExtendedMasterSecret"), null);
+ ps("KeyGenerator", "SunTlsKeyMaterial",
+ "com.sun.crypto.provider.TlsKeyMaterialGenerator",
+ createAliases("SunTls12KeyMaterial"), null);
+
+ ps("KeyGenerator", "SunTlsRsaPremasterSecret",
+ "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator",
+ createAliases("SunTls12RsaPremasterSecret"), null);
}
// Return the instance of this class or create one if needed.
diff --git a/jdk/src/share/classes/java/security/AlgorithmParameterGenerator.java b/jdk/src/share/classes/java/security/AlgorithmParameterGenerator.java
index 7f9c7cbf4..b8cb61a56 100644
--- a/jdk/src/share/classes/java/security/AlgorithmParameterGenerator.java
+++ b/jdk/src/share/classes/java/security/AlgorithmParameterGenerator.java
@@ -26,6 +26,7 @@
package java.security;
import java.security.spec.AlgorithmParameterSpec;
+import sun.security.jca.JCAUtil;
/**
* The {@code AlgorithmParameterGenerator} class is used to generate a
@@ -282,7 +283,7 @@ public class AlgorithmParameterGenerator {
* @param size the size (number of bits).
*/
public final void init(int size) {
- paramGenSpi.engineInit(size, new SecureRandom());
+ paramGenSpi.engineInit(size, JCAUtil.getSecureRandom());
}
/**
@@ -313,7 +314,7 @@ public class AlgorithmParameterGenerator {
*/
public final void init(AlgorithmParameterSpec genParamSpec)
throws InvalidAlgorithmParameterException {
- paramGenSpi.engineInit(genParamSpec, new SecureRandom());
+ paramGenSpi.engineInit(genParamSpec, JCAUtil.getSecureRandom());
}
/**
diff --git a/jdk/src/share/classes/java/security/Provider.java b/jdk/src/share/classes/java/security/Provider.java
index 1eadb0e62..34f5ab22b 100644
--- a/jdk/src/share/classes/java/security/Provider.java
+++ b/jdk/src/share/classes/java/security/Provider.java
@@ -30,6 +30,7 @@ import java.util.*;
import static java.util.Locale.ENGLISH;
import java.lang.ref.*;
import java.lang.reflect.*;
+import java.util.concurrent.ConcurrentHashMap;
import java.util.function.BiConsumer;
import java.util.function.BiFunction;
import java.util.function.Function;
@@ -135,6 +136,7 @@ public abstract class Provider extends Properties {
this.name = name;
this.version = version;
this.info = info;
+ this.serviceMap = new ConcurrentHashMap<>();
putId();
initialized = true;
}
@@ -662,15 +664,20 @@ public abstract class Provider extends Properties {
// legacy properties changed since last call to any services method?
private transient boolean legacyChanged;
// serviceMap changed since last call to getServices()
- private transient boolean servicesChanged;
+ private volatile transient boolean servicesChanged;
- // Map<String,String>
+ // Map<String,String> used to keep track of legacy registration
private transient Map<String,String> legacyStrings;
// Map<ServiceKey,Service>
// used for services added via putService(), initialized on demand
private transient Map<ServiceKey,Service> serviceMap;
+ // For backward compatibility, the registration ordering of
+ // SecureRandom (RNG) algorithms needs to be preserved for
+ // "new SecureRandom()" calls when this provider is used
+ private transient Set<String> prngAlgos;
+
// Map<ServiceKey,Service>
// used for services added via legacy methods, init on demand
private transient Map<ServiceKey,Service> legacyMap;
@@ -698,11 +705,13 @@ public abstract class Provider extends Properties {
}
defaults = null;
in.defaultReadObject();
+ this.serviceMap = new ConcurrentHashMap<>();
implClear();
initialized = true;
putAll(copy);
}
+ // check whether to update 'legacyString' with the specified key
private boolean checkLegacy(Object key) {
String keyString = (String)key;
if (keyString.startsWith("Provider.")) {
@@ -711,7 +720,7 @@ public abstract class Provider extends Properties {
legacyChanged = true;
if (legacyStrings == null) {
- legacyStrings = new LinkedHashMap<String,String>();
+ legacyStrings = new LinkedHashMap<>();
}
return true;
}
@@ -742,7 +751,7 @@ public abstract class Provider extends Properties {
if (!checkLegacy(key)) {
return false;
}
- legacyStrings.remove((String)key, value);
+ legacyStrings.remove((String)key, (String)value);
}
return super.remove(key, value);
}
@@ -772,7 +781,7 @@ public abstract class Provider extends Properties {
private void implReplaceAll(BiFunction<? super Object, ? super Object, ? extends Object> function) {
legacyChanged = true;
if (legacyStrings == null) {
- legacyStrings = new LinkedHashMap<String,String>();
+ legacyStrings = new LinkedHashMap<>();
} else {
legacyStrings.replaceAll((BiFunction<? super String, ? super String, ? extends String>) function);
}
@@ -796,8 +805,8 @@ public abstract class Provider extends Properties {
if (!checkLegacy(key)) {
return null;
}
- legacyStrings.computeIfAbsent((String) key,
- (Function<? super String, ? extends String>) remappingFunction);
+ legacyStrings.compute((String) key,
+ (BiFunction<? super String, ? super String, ? extends String>) remappingFunction);
}
return super.compute(key, remappingFunction);
}
@@ -851,12 +860,11 @@ public abstract class Provider extends Properties {
if (legacyMap != null) {
legacyMap.clear();
}
- if (serviceMap != null) {
- serviceMap.clear();
- }
+ serviceMap.clear();
legacyChanged = false;
servicesChanged = false;
serviceSet = null;
+ prngAlgos = null;
super.clear();
putId();
}
@@ -873,13 +881,13 @@ public abstract class Provider extends Properties {
this.algorithm = intern ? algorithm.intern() : algorithm;
}
public int hashCode() {
- return type.hashCode() + algorithm.hashCode();
+ return Objects.hash(type, algorithm);
}
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
- if (obj instanceof ServiceKey == false) {
+ if (!(obj instanceof ServiceKey)) {
return false;
}
ServiceKey other = (ServiceKey)obj;
@@ -901,7 +909,7 @@ public abstract class Provider extends Properties {
}
serviceSet = null;
if (legacyMap == null) {
- legacyMap = new LinkedHashMap<ServiceKey,Service>();
+ legacyMap = new ConcurrentHashMap<>();
} else {
legacyMap.clear();
}
@@ -957,7 +965,10 @@ public abstract class Provider extends Properties {
String type = getEngineName(typeAndAlg[0]);
String aliasAlg = typeAndAlg[1].intern();
ServiceKey key = new ServiceKey(type, stdAlg, true);
- Service s = legacyMap.get(key);
+ Service s = serviceMap.get(key);
+ if (s == null) {
+ s = legacyMap.get(key);
+ }
if (s == null) {
s = new Service(this);
s.type = type;
@@ -986,6 +997,10 @@ public abstract class Provider extends Properties {
legacyMap.put(key, s);
}
s.className = className;
+
+ if (type.equals("SecureRandom")) {
+ updateSecureRandomEntries(true, s.algorithm);
+ }
} else { // attribute
// e.g. put("MessageDigest.SHA-1 ImplementedIn", "Software");
String attributeValue = value;
@@ -1031,7 +1046,7 @@ public abstract class Provider extends Properties {
*
* @since 1.5
*/
- public synchronized Service getService(String type, String algorithm) {
+ public Service getService(String type, String algorithm) {
checkInitialized();
// avoid allocating a new key object if possible
ServiceKey key = previousKey;
@@ -1039,14 +1054,19 @@ public abstract class Provider extends Properties {
key = new ServiceKey(type, algorithm, false);
previousKey = key;
}
- if (serviceMap != null) {
- Service service = serviceMap.get(key);
- if (service != null) {
- return service;
+ if (!serviceMap.isEmpty()) {
+ Service s = serviceMap.get(key);
+ if (s != null) {
+ return s;
+ }
+ }
+ synchronized (this){
+ ensureLegacyParsed();
+ if (legacyMap != null && !legacyMap.isEmpty()) {
+ return legacyMap.get(key);
}
}
- ensureLegacyParsed();
- return (legacyMap != null) ? legacyMap.get(key) : null;
+ return null;
}
// ServiceKey from previous getService() call
@@ -1075,10 +1095,10 @@ public abstract class Provider extends Properties {
if (serviceSet == null) {
ensureLegacyParsed();
Set<Service> set = new LinkedHashSet<>();
- if (serviceMap != null) {
+ if (!serviceMap.isEmpty()) {
set.addAll(serviceMap.values());
}
- if (legacyMap != null) {
+ if (legacyMap != null && !legacyMap.isEmpty()) {
set.addAll(legacyMap.values());
}
serviceSet = Collections.unmodifiableSet(set);
@@ -1116,7 +1136,7 @@ public abstract class Provider extends Properties {
*
* @since 1.5
*/
- protected synchronized void putService(Service s) {
+ protected void putService(Service s) {
check("putProviderProperty." + name);
if (debug != null) {
debug.println(name + ".putService(): " + s);
@@ -1128,20 +1148,58 @@ public abstract class Provider extends Properties {
throw new IllegalArgumentException
("service.getProvider() must match this Provider object");
}
- if (serviceMap == null) {
- serviceMap = new LinkedHashMap<ServiceKey,Service>();
- }
- servicesChanged = true;
String type = s.getType();
String algorithm = s.getAlgorithm();
ServiceKey key = new ServiceKey(type, algorithm, true);
- // remove existing service
implRemoveService(serviceMap.get(key));
serviceMap.put(key, s);
for (String alias : s.getAliases()) {
serviceMap.put(new ServiceKey(type, alias, true), s);
}
- putPropertyStrings(s);
+ servicesChanged = true;
+ synchronized (this) {
+ putPropertyStrings(s);
+ if (type.equals("SecureRandom")) {
+ updateSecureRandomEntries(true, s.algorithm);
+ }
+ }
+ }
+
+ // keep tracks of the registered secure random algos and store them in order
+ private void updateSecureRandomEntries(boolean doAdd, String s) {
+ Objects.requireNonNull(s);
+ if (doAdd) {
+ if (prngAlgos == null) {
+ prngAlgos = new LinkedHashSet<String>();
+ }
+ prngAlgos.add(s);
+ } else {
+ prngAlgos.remove(s);
+ }
+
+ if (debug != null) {
+ debug.println((doAdd? "Add":"Remove") + " SecureRandom algo " + s);
+ }
+ }
+
+ // used by new SecureRandom() to find out the default SecureRandom
+ // service for this provider
+ synchronized Service getDefaultSecureRandomService() {
+ checkInitialized();
+
+ if (legacyChanged) {
+ prngAlgos = null;
+ ensureLegacyParsed();
+ }
+
+ if (prngAlgos != null && !prngAlgos.isEmpty()) {
+ // IMPORTANT: use the Service obj returned by getService(...) call
+ // as providers may override putService(...)/getService(...) and
+ // return their own Service objects
+ return getService("SecureRandom", prngAlgos.iterator().next());
+ }
+
+ return null;
}
/**
@@ -1208,7 +1266,7 @@ public abstract class Provider extends Properties {
*
* @since 1.5
*/
- protected synchronized void removeService(Service s) {
+ protected void removeService(Service s) {
check("removeProviderProperty." + name);
if (debug != null) {
debug.println(name + ".removeService(): " + s);
@@ -1220,7 +1278,7 @@ public abstract class Provider extends Properties {
}
private void implRemoveService(Service s) {
- if ((s == null) || (serviceMap == null)) {
+ if ((s == null) || serviceMap.isEmpty()) {
return;
}
String type = s.getType();
@@ -1235,7 +1293,12 @@ public abstract class Provider extends Properties {
for (String alias : s.getAliases()) {
serviceMap.remove(new ServiceKey(type, alias, false));
}
- removePropertyStrings(s);
+ synchronized (this) {
+ removePropertyStrings(s);
+ if (type.equals("SecureRandom")) {
+ updateSecureRandomEntries(false, s.algorithm);
+ }
+ }
}
// Wrapped String that behaves in a case insensitive way for equals/hashCode
diff --git a/jdk/src/share/classes/java/security/SecureRandom.java b/jdk/src/share/classes/java/security/SecureRandom.java
index 6848be5a2..05ff79191 100644
--- a/jdk/src/share/classes/java/security/SecureRandom.java
+++ b/jdk/src/share/classes/java/security/SecureRandom.java
@@ -32,6 +32,7 @@ import java.security.Provider.Service;
import sun.security.jca.*;
import sun.security.jca.GetInstance.Instance;
+import sun.security.provider.SunEntries;
import sun.security.util.Debug;
/**
@@ -191,35 +192,50 @@ public class SecureRandom extends java.util.Random {
}
private void getDefaultPRNG(boolean setSeed, byte[] seed) {
- String prng = getPrngAlgorithm();
- if (prng == null) {
- // bummer, get the SUN implementation
- prng = "SHA1PRNG";
+ Service prngService = null;
+ String prngAlgorithm = null;
+ for (Provider p : Providers.getProviderList().providers()) {
+ // SUN provider uses the SunEntries.DEF_SECURE_RANDOM_ALGO
+ // as the default SecureRandom algorithm; for other providers,
+ // Provider.getDefaultSecureRandom() will use the 1st
+ // registered SecureRandom algorithm
+ if (p.getName().equals("SUN")) {
+ prngAlgorithm = SunEntries.DEF_SECURE_RANDOM_ALGO;
+ prngService = p.getService("SecureRandom", prngAlgorithm);
+ break;
+ } else {
+ prngService = p.getDefaultSecureRandomService();
+ if (prngService != null) {
+ prngAlgorithm = prngService.getAlgorithm();
+ break;
+ }
+ }
+ }
+ // per javadoc, if none of the Providers support a RNG algorithm,
+ // then an implementation-specific default is returned.
+ if (prngService == null) {
+ prngAlgorithm = "SHA1PRNG";
this.secureRandomSpi = new sun.security.provider.SecureRandom();
this.provider = Providers.getSunProvider();
- if (setSeed) {
- this.secureRandomSpi.engineSetSeed(seed);
- }
} else {
try {
- SecureRandom random = SecureRandom.getInstance(prng);
- this.secureRandomSpi = random.getSecureRandomSpi();
- this.provider = random.getProvider();
- if (setSeed) {
- this.secureRandomSpi.engineSetSeed(seed);
- }
+ this.secureRandomSpi = (SecureRandomSpi) prngService.newInstance(null);
+ this.provider = prngService.getProvider();
} catch (NoSuchAlgorithmException nsae) {
- // never happens, because we made sure the algorithm exists
+ // should not happen
throw new RuntimeException(nsae);
}
}
+ if (setSeed) {
+ this.secureRandomSpi.engineSetSeed(seed);
+ }
// JDK 1.1 based implementations subclass SecureRandom instead of
// SecureRandomSpi. They will also go through this code path because
// they must call a SecureRandom constructor as it is their superclass.
// If we are dealing with such an implementation, do not set the
// algorithm value as it would be inaccurate.
if (getClass() == SecureRandom.class) {
- this.algorithm = prng;
+ this.algorithm = prngAlgorithm;
}
}
@@ -386,13 +402,6 @@ public class SecureRandom extends java.util.Random {
instance.provider, algorithm);
}
- /**
- * Returns the SecureRandomSpi of this SecureRandom object.
- */
- SecureRandomSpi getSecureRandomSpi() {
- return secureRandomSpi;
- }
-
/**
* Returns the provider of this SecureRandom object.
*
@@ -548,23 +557,6 @@ public class SecureRandom extends java.util.Random {
return retVal;
}
- /**
- * Gets a default PRNG algorithm by looking through all registered
- * providers. Returns the first PRNG algorithm of the first provider that
- * has registered a SecureRandom implementation, or null if none of the
- * registered providers supplies a SecureRandom implementation.
- */
- private static String getPrngAlgorithm() {
- for (Provider p : Providers.getProviderList().providers()) {
- for (Service s : p.getServices()) {
- if (s.getType().equals("SecureRandom")) {
- return s.getAlgorithm();
- }
- }
- }
- return null;
- }
-
/*
* Lazily initialize since Pattern.compile() is heavy.
* Effective Java (2nd Edition), Item 71.
diff --git a/jdk/src/share/classes/javax/crypto/Cipher.java b/jdk/src/share/classes/javax/crypto/Cipher.java
index d3d09d7e2..93c177e77 100644
--- a/jdk/src/share/classes/javax/crypto/Cipher.java
+++ b/jdk/src/share/classes/javax/crypto/Cipher.java
@@ -1186,7 +1186,7 @@ public class Cipher {
* by the underlying {@code CipherSpi}.
*/
public final void init(int opmode, Key key) throws InvalidKeyException {
- init(opmode, key, JceSecurity.RANDOM);
+ init(opmode, key, JCAUtil.getSecureRandom());
}
/**
@@ -1327,7 +1327,7 @@ public class Cipher {
public final void init(int opmode, Key key, AlgorithmParameterSpec params)
throws InvalidKeyException, InvalidAlgorithmParameterException
{
- init(opmode, key, params, JceSecurity.RANDOM);
+ init(opmode, key, params, JCAUtil.getSecureRandom());
}
/**
@@ -1470,7 +1470,7 @@ public class Cipher {
public final void init(int opmode, Key key, AlgorithmParameters params)
throws InvalidKeyException, InvalidAlgorithmParameterException
{
- init(opmode, key, params, JceSecurity.RANDOM);
+ init(opmode, key, params, JCAUtil.getSecureRandom());
}
/**
@@ -1618,7 +1618,7 @@ public class Cipher {
public final void init(int opmode, Certificate certificate)
throws InvalidKeyException
{
- init(opmode, certificate, JceSecurity.RANDOM);
+ init(opmode, certificate, JCAUtil.getSecureRandom());
}
/**
diff --git a/jdk/src/share/classes/javax/crypto/JceSecurity.java b/jdk/src/share/classes/javax/crypto/JceSecurity.java
index e7e3a99f5..1186dc351 100644
--- a/jdk/src/share/classes/javax/crypto/JceSecurity.java
+++ b/jdk/src/share/classes/javax/crypto/JceSecurity.java
@@ -49,8 +49,6 @@ import sun.security.util.Debug;
final class JceSecurity {
- static final SecureRandom RANDOM = new SecureRandom();
-
// The defaultPolicy and exemptPolicy will be set up
// in the static initializer.
private static CryptoPermissions defaultPolicy = null;
diff --git a/jdk/src/share/classes/javax/crypto/KeyAgreement.java b/jdk/src/share/classes/javax/crypto/KeyAgreement.java
index 513fc501e..4e16bcacb 100644
--- a/jdk/src/share/classes/javax/crypto/KeyAgreement.java
+++ b/jdk/src/share/classes/javax/crypto/KeyAgreement.java
@@ -438,7 +438,7 @@ public class KeyAgreement {
* has an incompatible algorithm type.
*/
public final void init(Key key) throws InvalidKeyException {
- init(key, JceSecurity.RANDOM);
+ init(key, JCAUtil.getSecureRandom());
}
/**
@@ -506,7 +506,7 @@ public class KeyAgreement {
public final void init(Key key, AlgorithmParameterSpec params)
throws InvalidKeyException, InvalidAlgorithmParameterException
{
- init(key, params, JceSecurity.RANDOM);
+ init(key, params, JCAUtil.getSecureRandom());
}
/**
diff --git a/jdk/src/share/classes/javax/crypto/KeyGenerator.java b/jdk/src/share/classes/javax/crypto/KeyGenerator.java
index 2a26da5e5..71fa64715 100644
--- a/jdk/src/share/classes/javax/crypto/KeyGenerator.java
+++ b/jdk/src/share/classes/javax/crypto/KeyGenerator.java
@@ -427,7 +427,7 @@ public class KeyGenerator {
public final void init(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException
{
- init(params, JceSecurity.RANDOM);
+ init(params, JCAUtil.getSecureRandom());
}
/**
@@ -491,7 +491,7 @@ public class KeyGenerator {
* supported.
*/
public final void init(int keysize) {
- init(keysize, JceSecurity.RANDOM);
+ init(keysize, JCAUtil.getSecureRandom());
}
/**
diff --git a/jdk/src/share/classes/sun/security/provider/Sun.java b/jdk/src/share/classes/sun/security/provider/Sun.java
index 07ef2ff4a..75b411605 100644
--- a/jdk/src/share/classes/sun/security/provider/Sun.java
+++ b/jdk/src/share/classes/sun/security/provider/Sun.java
@@ -28,7 +28,6 @@ package sun.security.provider;
import java.util.*;
import java.security.*;
-import sun.security.action.PutAllAction;
/**
* The SUN Security Provider.
@@ -49,17 +48,27 @@ public final class Sun extends Provider {
/* We are the SUN provider */
super("SUN", 1.8d, INFO);
+ Provider p = this;
+ Iterator<Provider.Service> serviceIter = new SunEntries(p).iterator();
+
// if there is no security manager installed, put directly into
- // the provider. Otherwise, create a temporary map and use a
- // doPrivileged() call at the end to transfer the contents
+ // the provider.
if (System.getSecurityManager() == null) {
- SunEntries.putEntries(this);
+ putEntries(serviceIter);
} else {
- // use LinkedHashMap to preserve the order of the PRNGs
- Map<Object, Object> map = new LinkedHashMap<>();
- SunEntries.putEntries(map);
- AccessController.doPrivileged(new PutAllAction(this, map));
+ AccessController.doPrivileged(new PrivilegedAction<Void>() {
+ @Override
+ public Void run() {
+ putEntries(serviceIter);
+ return null;
+ }
+ });
}
}
+ void putEntries(Iterator<Provider.Service> i) {
+ while (i.hasNext()) {
+ putService(i.next());
+ }
+ }
}
diff --git a/jdk/src/share/classes/sun/security/provider/SunEntries.java b/jdk/src/share/classes/sun/security/provider/SunEntries.java
index d85697841..fb61d40b0 100644
--- a/jdk/src/share/classes/sun/security/provider/SunEntries.java
+++ b/jdk/src/share/classes/sun/security/provider/SunEntries.java
@@ -27,7 +27,7 @@ package sun.security.provider;
import java.io.*;
import java.net.*;
-import java.util.Map;
+import java.util.*;
import java.security.*;
import sun.security.action.GetPropertyAction;
@@ -77,255 +77,222 @@ import sun.security.action.GetPropertyAction;
* - JavaLoginConfig is the default file-based LoginModule Configuration type.
*/
-final class SunEntries {
+public final class SunEntries {
- private static final boolean useLegacyDSA =
- Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty
- ("jdk.security.legacyDSAKeyPairGenerator"));
+ // the default algo used by SecureRandom class for new SecureRandom() calls
+ public static final String DEF_SECURE_RANDOM_ALGO;
+
+ // create an aliases List from the specified aliases
+ public static List<String> createAliases(String ... aliases) {
+ return Arrays.asList(aliases);
+ }
- private SunEntries() {
- // empty
+ // create an aliases List from the specified oid followed by other aliases
+ public static List<String> createAliasesWithOid(String ... oids) {
+ String[] result = Arrays.copyOf(oids, oids.length + 1);
+ result[result.length - 1] = "OID." + oids[0];
+ return Arrays.asList(result);
}
- static void putEntries(Map<Object, Object> map) {
+ SunEntries(Provider p) {
+ services = new LinkedHashSet<>(50, 0.9f);
+
+ // start populating content using the specified provider
+
+ // common attribute map
+ HashMap<String, String> attrs = new HashMap<>(3);
/*
- * SecureRandom
- *
- * Register these first to speed up "new SecureRandom()",
- * which iterates through the list of algorithms
+ * SecureRandom engines
*/
- // register the native PRNG, if available
- // if user selected /dev/urandom, we put it before SHA1PRNG,
- // otherwise after it
- boolean nativeAvailable = NativePRNG.isAvailable();
- boolean useNativePRNG = seedSource.equals(URL_DEV_URANDOM) ||
- seedSource.equals(URL_DEV_RANDOM);
-
- if (nativeAvailable && useNativePRNG) {
- map.put("SecureRandom.NativePRNG",
- "sun.security.provider.NativePRNG");
- }
- map.put("SecureRandom.SHA1PRNG",
- "sun.security.provider.SecureRandom");
- if (nativeAvailable && !useNativePRNG) {
- map.put("SecureRandom.NativePRNG",
- "sun.security.provider.NativePRNG");
+ if (NativePRNG.isAvailable()) {
+ add(p, "SecureRandom", "NativePRNG",
+ "sun.security.provider.NativePRNG",
+ null, attrs);
}
if (NativePRNG.Blocking.isAvailable()) {
- map.put("SecureRandom.NativePRNGBlocking",
- "sun.security.provider.NativePRNG$Blocking");
+ add(p, "SecureRandom", "NativePRNGBlocking",
+ "sun.security.provider.NativePRNG$Blocking", null, attrs);
}
if (NativePRNG.NonBlocking.isAvailable()) {
- map.put("SecureRandom.NativePRNGNonBlocking",
- "sun.security.provider.NativePRNG$NonBlocking");
+ add(p, "SecureRandom", "NativePRNGNonBlocking",
+ "sun.security.provider.NativePRNG$NonBlocking", null, attrs);
}
+ attrs.put("ImplementedIn", "Software");
+ add(p, "SecureRandom", "SHA1PRNG",
+ "sun.security.provider.SecureRandom", null, attrs);
+
/*
* Signature engines
*/
- map.put("Signature.SHA1withDSA",
- "sun.security.provider.DSA$SHA1withDSA");
- map.put("Signature.NONEwithDSA", "sun.security.provider.DSA$RawDSA");
- map.put("Alg.Alias.Signature.RawDSA", "NONEwithDSA");
- map.put("Signature.SHA224withDSA",
- "sun.security.provider.DSA$SHA224withDSA");
- map.put("Signature.SHA256withDSA",
- "sun.security.provider.DSA$SHA256withDSA");
-
+ attrs.clear();
String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +
"|java.security.interfaces.DSAPrivateKey";
- map.put("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses);
- map.put("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses);
- map.put("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses);
- map.put("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses);
-
- map.put("Alg.Alias.Signature.DSA", "SHA1withDSA");
- map.put("Alg.Alias.Signature.DSS", "SHA1withDSA");
- map.put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
- map.put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA");
- map.put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA");
- map.put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA");
- map.put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.10040.4.3",
- "SHA1withDSA");
- map.put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA");
- map.put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA");
- map.put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA");
- map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1",
- "SHA224withDSA");
- map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA");
- map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2",
- "SHA256withDSA");
- map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA");
+ attrs.put("SupportedKeyClasses", dsaKeyClasses);
+ attrs.put("ImplementedIn", "Software");
+
+ attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures
+
+ add(p, "Signature", "SHA1withDSA",
+ "sun.security.provider.DSA$SHA1withDSA",
+ createAliasesWithOid("1.2.840.10040.4.3", "DSA", "DSS",
+ "SHA/DSA", "SHA-1/DSA", "SHA1/DSA", "SHAwithDSA",
+ "DSAWithSHA1", "1.3.14.3.2.13", "1.3.14.3.2.27"), attrs);
+ add(p, "Signature", "NONEwithDSA", "sun.security.provider.DSA$RawDSA",
+ createAliases("RawDSA"), attrs);
+
+ attrs.put("KeySize", "2048"); // for SHA224 and SHA256 DSA signatures
+
+ add(p, "Signature", "SHA224withDSA",
+ "sun.security.provider.DSA$SHA224withDSA",
+ createAliasesWithOid("2.16.840.1.101.3.4.3.1"), attrs);
+ add(p, "Signature", "SHA256withDSA",
+ "sun.security.provider.DSA$SHA256withDSA",
+ createAliasesWithOid("2.16.840.1.101.3.4.3.2"), attrs);
+
+ attrs.remove("KeySize");
/*
* Key Pair Generator engines
*/
+ attrs.clear();
+ attrs.put("ImplementedIn", "Software");
+ attrs.put("KeySize", "2048"); // for DSA KPG and APG only
+
+ String dsaOid = "1.2.840.10040.4.1";
+ List<String> dsaAliases = createAliasesWithOid(dsaOid, "1.3.14.3.2.12");
String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
- map.put("KeyPairGenerator.DSA", dsaKPGImplClass);
- map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA");
- map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA");
- map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA");
-
- /*
- * Digest engines
- */
- map.put("MessageDigest.MD2", "sun.security.provider.MD2");
- map.put("MessageDigest.MD5", "sun.security.provider.MD5");
- map.put("MessageDigest.SHA", "sun.security.provider.SHA");
-
- map.put("Alg.Alias.MessageDigest.SHA-1", "SHA");
- map.put("Alg.Alias.MessageDigest.SHA1", "SHA");
- map.put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA");
- map.put("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA");
-
- map.put("MessageDigest.SHA-224", "sun.security.provider.SHA2$SHA224");
- map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224");
- map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4",
- "SHA-224");
-
- map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2$SHA256");
- map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256");
- map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1",
- "SHA-256");
- map.put("MessageDigest.SHA-384", "sun.security.provider.SHA5$SHA384");
- map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384");
- map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2",
- "SHA-384");
- map.put("MessageDigest.SHA-512", "sun.security.provider.SHA5$SHA512");
- map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512");
- map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3",
- "SHA-512");
- map.put("MessageDigest.SHA-512/224", "sun.security.provider.SHA5$SHA512_224");
- map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.5", "SHA-512/224");
- map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.5",
- "SHA-512/224");
- map.put("MessageDigest.SHA-512/256", "sun.security.provider.SHA5$SHA512_256");
- map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.6", "SHA-512/256");
- map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.6",
- "SHA-512/256");
+ add(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, dsaAliases, attrs);
/*
* Algorithm Parameter Generator engines
*/
- map.put("AlgorithmParameterGenerator.DSA",
- "sun.security.provider.DSAParameterGenerator");
+ add(p, "AlgorithmParameterGenerator", "DSA",
+ "sun.security.provider.DSAParameterGenerator", dsaAliases,
+ attrs);
+ attrs.remove("KeySize");
/*
* Algorithm Parameter engines
*/
- map.put("AlgorithmParameters.DSA",
- "sun.security.provider.DSAParameters");
- map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA");
- map.put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA");
- map.put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA");
+ add(p, "AlgorithmParameters", "DSA",
+ "sun.security.provider.DSAParameters", dsaAliases, attrs);
/*
* Key factories
*/
- map.put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory");
- map.put("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA");
- map.put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA");
- map.put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA");
+ add(p, "KeyFactory", "DSA", "sun.security.provider.DSAKeyFactory",
+ dsaAliases, attrs);
/*
- * Certificates
+ * Digest engines
*/
- map.put("CertificateFactory.X.509",
- "sun.security.provider.X509Factory");
- map.put("Alg.Alias.CertificateFactory.X509", "X.509");
+ add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", null, attrs);
+ add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", null, attrs);
+ add(p, "MessageDigest", "SHA", "sun.security.provider.SHA",
+ createAliasesWithOid("1.3.14.3.2.26", "SHA-1", "SHA1"), attrs);
+
+ String sha2BaseOid = "2.16.840.1.101.3.4.2";
+ add(p, "MessageDigest", "SHA-224", "sun.security.provider.SHA2$SHA224",
+ createAliasesWithOid(sha2BaseOid + ".4"), attrs);
+ add(p, "MessageDigest", "SHA-256", "sun.security.provider.SHA2$SHA256",
+ createAliasesWithOid(sha2BaseOid + ".1"), attrs);
+ add(p, "MessageDigest", "SHA-384", "sun.security.provider.SHA5$SHA384",
+ createAliasesWithOid(sha2BaseOid + ".2"), attrs);
+ add(p, "MessageDigest", "SHA-512", "sun.security.provider.SHA5$SHA512",
+ createAliasesWithOid(sha2BaseOid + ".3"), attrs);
+ add(p, "MessageDigest", "SHA-512/224",
+ "sun.security.provider.SHA5$SHA512_224",
+ createAliasesWithOid(sha2BaseOid + ".5"), attrs);
+ add(p, "MessageDigest", "SHA-512/256",
+ "sun.security.provider.SHA5$SHA512_256",
+ createAliasesWithOid(sha2BaseOid + ".6"), attrs);
- /*
- * KeyStore
- */
- map.put("KeyStore.JKS",
- "sun.security.provider.JavaKeyStore$DualFormatJKS");
- map.put("KeyStore.CaseExactJKS",
- "sun.security.provider.JavaKeyStore$CaseExactJKS");
- map.put("KeyStore.DKS", "sun.security.provider.DomainKeyStore$DKS");
/*
- * Policy
+ * Certificates
*/
- map.put("Policy.JavaPolicy", "sun.security.provider.PolicySpiFile");
+ add(p, "CertificateFactory", "X.509",
+ "sun.security.provider.X509Factory",
+ createAliases("X509"), attrs);
/*
- * Configuration
+ * KeyStore
*/
- map.put("Configuration.JavaLoginConfig",
- "sun.security.provider.ConfigFile$Spi");
+ add(p, "KeyStore", "JKS",
+ "sun.security.provider.JavaKeyStore$DualFormatJKS",
+ null, attrs);
+ add(p, "KeyStore", "CaseExactJKS",
+ "sun.security.provider.JavaKeyStore$CaseExactJKS",
+ null, attrs);
+ add(p, "KeyStore", "DKS", "sun.security.provider.DomainKeyStore$DKS",
+ null, attrs);
/*
- * CertPathBuilder
+ * CertStores
*/
- map.put("CertPathBuilder.PKIX",
- "sun.security.provider.certpath.SunCertPathBuilder");
- map.put("CertPathBuilder.PKIX ValidationAlgorithm",
- "RFC5280");
+ attrs.put("LDAPSchema", "RFC2587");
+ add(p, "CertStore", "LDAP",
+ "sun.security.provider.certpath.ldap.LDAPCertStore", null, attrs);
+ attrs.remove("LDAPSchema");
+ add(p, "CertStore", "Collection",
+ "sun.security.provider.certpath.CollectionCertStore",
+ null, attrs);
+ add(p, "CertStore", "com.sun.security.IndexedCollection",
+ "sun.security.provider.certpath.IndexedCollectionCertStore",
+ null, attrs);
/*
- * CertPathValidator
+ * Policy
*/
- map.put("CertPathValidator.PKIX",
- "sun.security.provider.certpath.PKIXCertPathValidator");
- map.put("CertPathValidator.PKIX ValidationAlgorithm",
- "RFC5280");
+ add(p, "Policy", "JavaPolicy", "sun.security.provider.PolicySpiFile",
+ null, null);
/*
- * CertStores
+ * Configuration
*/
- map.put("CertStore.LDAP",
- "sun.security.provider.certpath.ldap.LDAPCertStore");
- map.put("CertStore.LDAP LDAPSchema", "RFC2587");
- map.put("CertStore.Collection",
- "sun.security.provider.certpath.CollectionCertStore");
- map.put("CertStore.com.sun.security.IndexedCollection",
- "sun.security.provider.certpath.IndexedCollectionCertStore");
+ add(p, "Configuration", "JavaLoginConfig",
+ "sun.security.provider.ConfigFile$Spi", null, null);
/*
- * KeySize
+ * CertPathBuilder and CertPathValidator
*/
- map.put("Signature.NONEwithDSA KeySize", "1024");
- map.put("Signature.SHA1withDSA KeySize", "1024");
- map.put("Signature.SHA224withDSA KeySize", "2048");
- map.put("Signature.SHA256withDSA KeySize", "2048");
-
- map.put("KeyPairGenerator.DSA KeySize", "2048");
- map.put("AlgorithmParameterGenerator.DSA KeySize", "2048");
+ attrs.clear();
+ attrs.put("ValidationAlgorithm", "RFC5280");
+ attrs.put("ImplementedIn", "Software");
+ add(p, "CertPathBuilder", "PKIX",
+ "sun.security.provider.certpath.SunCertPathBuilder",
+ null, attrs);
+ add(p, "CertPathValidator", "PKIX",
+ "sun.security.provider.certpath.PKIXCertPathValidator",
+ null, attrs);
+ }
- /*
- * Implementation type: software or hardware
- */
- map.put("Signature.SHA1withDSA ImplementedIn", "Software");
- map.put("KeyPairGenerator.DSA ImplementedIn", "Software");
- map.put("MessageDigest.MD5 ImplementedIn", "Software");
- map.put("MessageDigest.SHA ImplementedIn", "Software");
- map.put("AlgorithmParameterGenerator.DSA ImplementedIn",
- "Software");
- map.put("AlgorithmParameters.DSA ImplementedIn", "Software");
- map.put("KeyFactory.DSA ImplementedIn", "Software");
- map.put("SecureRandom.SHA1PRNG ImplementedIn", "Software");
- map.put("CertificateFactory.X.509 ImplementedIn", "Software");
- map.put("KeyStore.JKS ImplementedIn", "Software");
- map.put("CertPathValidator.PKIX ImplementedIn", "Software");
- map.put("CertPathBuilder.PKIX ImplementedIn", "Software");
- map.put("CertStore.LDAP ImplementedIn", "Software");
- map.put("CertStore.Collection ImplementedIn", "Software");
- map.put("CertStore.com.sun.security.IndexedCollection ImplementedIn",
- "Software");
+ Iterator<Provider.Service> iterator() {
+ return services.iterator();
+ }
+ private void add(Provider p, String type, String algo, String cn,
+ List<String> aliases, HashMap<String, String> attrs) {
+ services.add(new Provider.Service(p, type, algo, cn, aliases, attrs));
}
+ private LinkedHashSet<Provider.Service> services;
+
// name of the *System* property, takes precedence over PROP_RNDSOURCE
private final static String PROP_EGD = "java.security.egd";
// name of the *Security* property
private final static String PROP_RNDSOURCE = "securerandom.source";
+ private static final boolean useLegacyDSA =
+ Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty
+ ("jdk.security.legacyDSAKeyPairGenerator"));
+
final static String URL_DEV_RANDOM = "file:/dev/random";
final static String URL_DEV_URANDOM = "file:/dev/urandom";
@@ -348,6 +315,12 @@ final class SunEntries {
return egdSource;
}
});
+
+ DEF_SECURE_RANDOM_ALGO = (NativePRNG.isAvailable() &&
+ (seedSource.equals(URL_DEV_URANDOM) ||
+ seedSource.equals(URL_DEV_RANDOM)) ?
+ "NativePRNG" : "SHA1PRNG");
+
}
static String getSeedSource() {
diff --git a/jdk/src/share/classes/sun/security/provider/VerificationProvider.java b/jdk/src/share/classes/sun/security/provider/VerificationProvider.java
index 296b03437..d76d81999 100644
--- a/jdk/src/share/classes/sun/security/provider/VerificationProvider.java
+++ b/jdk/src/share/classes/sun/security/provider/VerificationProvider.java
@@ -28,8 +28,6 @@ package sun.security.provider;
import java.util.*;
import java.security.*;
-import sun.security.action.PutAllAction;
-
import sun.security.rsa.SunRsaSignEntries;
/**
@@ -68,19 +66,29 @@ public final class VerificationProvider extends Provider {
return;
}
+ Provider p = this;
+ Iterator<Provider.Service> sunIter = new SunEntries(p).iterator();
+ Iterator<Provider.Service> rsaIter = new SunRsaSignEntries(p).iterator();
// if there is no security manager installed, put directly into
- // the provider. Otherwise, create a temporary map and use a
- // doPrivileged() call at the end to transfer the contents
+ // the provider.
if (System.getSecurityManager() == null) {
- SunEntries.putEntries(this);
- SunRsaSignEntries.putEntries(this);
+ putEntries(sunIter);
+ putEntries(rsaIter);
} else {
// use LinkedHashMap to preserve the order of the PRNGs
- Map<Object, Object> map = new LinkedHashMap<>();
- SunEntries.putEntries(map);
- SunRsaSignEntries.putEntries(map);
- AccessController.doPrivileged(new PutAllAction(this, map));
+ AccessController.doPrivileged(new PrivilegedAction<Object>() {
+ public Void run() {
+ putEntries(sunIter);
+ putEntries(rsaIter);
+ return null;
+ }
+ });
}
}
+ void putEntries(Iterator<Provider.Service> i) {
+ while (i.hasNext()) {
+ putService(i.next());
+ }
+ }
}
diff --git a/jdk/src/share/classes/sun/security/rsa/SunRsaSign.java b/jdk/src/share/classes/sun/security/rsa/SunRsaSign.java
index 65ae02a08..3c3d0f693 100644
--- a/jdk/src/share/classes/sun/security/rsa/SunRsaSign.java
+++ b/jdk/src/share/classes/sun/security/rsa/SunRsaSign.java
@@ -29,7 +29,6 @@ import java.util.*;
import java.security.*;
-import sun.security.action.PutAllAction;
/**
* Provider class for the RSA signature provider. Supports RSA keyfactory,
@@ -45,17 +44,25 @@ public final class SunRsaSign extends Provider {
public SunRsaSign() {
super("SunRsaSign", 1.8d, "Sun RSA signature provider");
- // if there is no security manager installed, put directly into
- // the provider. Otherwise, create a temporary map and use a
- // doPrivileged() call at the end to transfer the contents
+ Provider p = this;
+ Iterator<Provider.Service> serviceIter = new SunRsaSignEntries(p).iterator();
+
if (System.getSecurityManager() == null) {
- SunRsaSignEntries.putEntries(this);
+ putEntries(serviceIter);
} else {
- // use LinkedHashMap to preserve the order of the PRNGs
- Map<Object, Object> map = new HashMap<>();
- SunRsaSignEntries.putEntries(map);
- AccessController.doPrivileged(new PutAllAction(this, map));
+ AccessController.doPrivileged(new PrivilegedAction<Void>() {
+ @Override
+ public Void run() {
+ putEntries(serviceIter);
+ return null;
+ }
+ });
}
}
+ void putEntries(Iterator<Provider.Service> i) {
+ while (i.hasNext()) {
+ putService(i.next());
+ }
+ }
}
diff --git a/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java b/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java
index 6af5fdf85..f8de9eccc 100644
--- a/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java
+++ b/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java
@@ -25,7 +25,9 @@
package sun.security.rsa;
-import java.util.Map;
+import java.util.*;
+import java.security.Provider;
+import static sun.security.provider.SunEntries.createAliasesWithOid;
/**
* Defines the entries of the SunRsaSign provider.
@@ -34,102 +36,81 @@ import java.util.Map;
*/
public final class SunRsaSignEntries {
- private SunRsaSignEntries() {
- // empty
+ private void add(Provider p, String type, String algo, String cn,
+ List<String> aliases, HashMap<String, String> attrs) {
+ services.add(new Provider.Service(p, type, algo, cn, aliases, attrs));
}
- public static void putEntries(Map<Object, Object> map) {
-
- // main algorithms
- map.put("KeyFactory.RSA",
- "sun.security.rsa.RSAKeyFactory$Legacy");
- map.put("KeyPairGenerator.RSA",
- "sun.security.rsa.RSAKeyPairGenerator$Legacy");
- map.put("Signature.MD2withRSA",
- "sun.security.rsa.RSASignature$MD2withRSA");
- map.put("Signature.MD5withRSA",
- "sun.security.rsa.RSASignature$MD5withRSA");
- map.put("Signature.SHA1withRSA",
- "sun.security.rsa.RSASignature$SHA1withRSA");
- map.put("Signature.SHA224withRSA",
- "sun.security.rsa.RSASignature$SHA224withRSA");
- map.put("Signature.SHA256withRSA",
- "sun.security.rsa.RSASignature$SHA256withRSA");
- map.put("Signature.SHA384withRSA",
- "sun.security.rsa.RSASignature$SHA384withRSA");
- map.put("Signature.SHA512withRSA",
- "sun.security.rsa.RSASignature$SHA512withRSA");
- map.put("Signature.SHA512/224withRSA",
- "sun.security.rsa.RSASignature$SHA512_224withRSA");
- map.put("Signature.SHA512/256withRSA",
- "sun.security.rsa.RSASignature$SHA512_256withRSA");
-
- map.put("KeyFactory.RSASSA-PSS",
- "sun.security.rsa.RSAKeyFactory$PSS");
- map.put("KeyPairGenerator.RSASSA-PSS",
- "sun.security.rsa.RSAKeyPairGenerator$PSS");
- map.put("Signature.RSASSA-PSS",
- "sun.security.rsa.RSAPSSSignature");
- map.put("AlgorithmParameters.RSASSA-PSS",
- "sun.security.rsa.PSSParameters");
-
- // attributes for supported key classes
- String rsaKeyClasses = "java.security.interfaces.RSAPublicKey" +
- "|java.security.interfaces.RSAPrivateKey";
- map.put("Signature.MD2withRSA SupportedKeyClasses", rsaKeyClasses);
- map.put("Signature.MD5withRSA SupportedKeyClasses", rsaKeyClasses);
- map.put("Signature.SHA1withRSA SupportedKeyClasses", rsaKeyClasses);
- map.put("Signature.SHA224withRSA SupportedKeyClasses", rsaKeyClasses);
- map.put("Signature.SHA256withRSA SupportedKeyClasses", rsaKeyClasses);
- map.put("Signature.SHA384withRSA SupportedKeyClasses", rsaKeyClasses);
- map.put("Signature.SHA512withRSA SupportedKeyClasses", rsaKeyClasses);
- map.put("Signature.SHA512/224withRSA SupportedKeyClasses", rsaKeyClasses);
- map.put("Signature.SHA512/256withRSA SupportedKeyClasses", rsaKeyClasses);
- map.put("Signature.RSASSA-PSS SupportedKeyClasses", rsaKeyClasses);
-
- // aliases
- map.put("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA");
- map.put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA");
-
- map.put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA");
- map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA");
-
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2", "MD2withRSA");
-
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", "MD5withRSA");
-
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA");
- map.put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA");
-
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.14", "SHA224withRSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.14", "SHA224withRSA");
-
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256withRSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.11", "SHA256withRSA");
-
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384withRSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.12", "SHA384withRSA");
-
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512withRSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.13", "SHA512withRSA");
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.15", "SHA512/224withRSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.15", "SHA512/224withRSA");
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.16", "SHA512/256withRSA");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.16", "SHA512/256withRSA");
-
- map.put("Alg.Alias.KeyFactory.1.2.840.113549.1.1.10", "RSASSA-PSS");
- map.put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
-
- map.put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.10", "RSASSA-PSS");
- map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
-
- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.10", "RSASSA-PSS");
- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
+ // extend LinkedHashSet for consistency with SunEntries
+ // used by sun.security.provider.VerificationProvider
+ public SunRsaSignEntries(Provider p) {
+ services = new LinkedHashSet<>(20, 0.9f);
+
+ // start populating content using the specified provider
+
+ // common oids
+ String rsaOid = "1.2.840.113549.1.1";
+ List<String> rsaAliases = createAliasesWithOid(rsaOid);
+ List<String> rsapssAliases = createAliasesWithOid(rsaOid + ".10");
+ String sha1withRSAOid2 = "1.3.14.3.2.29";
+
+ // common attribute map
+ HashMap<String, String> attrs = new HashMap<>(3);
+ attrs.put("SupportedKeyClasses",
+ "java.security.interfaces.RSAPublicKey" +
+ "|java.security.interfaces.RSAPrivateKey");
+
+ add(p, "KeyFactory", "RSA",
+ "sun.security.rsa.RSAKeyFactory$Legacy",
+ rsaAliases, null);
+ add(p, "KeyPairGenerator", "RSA",
+ "sun.security.rsa.RSAKeyPairGenerator$Legacy",
+ rsaAliases, null);
+ add(p, "Signature", "MD2withRSA",
+ "sun.security.rsa.RSASignature$MD2withRSA",
+ createAliasesWithOid(rsaOid + ".2"), attrs);
+ add(p, "Signature", "MD5withRSA",
+ "sun.security.rsa.RSASignature$MD5withRSA",
+ createAliasesWithOid(rsaOid + ".4"), attrs);
+ add(p, "Signature", "SHA1withRSA",
+ "sun.security.rsa.RSASignature$SHA1withRSA",
+ createAliasesWithOid(rsaOid + ".5", sha1withRSAOid2), attrs);
+ add(p, "Signature", "SHA224withRSA",
+ "sun.security.rsa.RSASignature$SHA224withRSA",
+ createAliasesWithOid(rsaOid + ".14"), attrs);
+ add(p, "Signature", "SHA256withRSA",
+ "sun.security.rsa.RSASignature$SHA256withRSA",
+ createAliasesWithOid(rsaOid + ".11"), attrs);
+ add(p, "Signature", "SHA384withRSA",
+ "sun.security.rsa.RSASignature$SHA384withRSA",
+ createAliasesWithOid(rsaOid + ".12"), attrs);
+ add(p, "Signature", "SHA512withRSA",
+ "sun.security.rsa.RSASignature$SHA512withRSA",
+ createAliasesWithOid(rsaOid + ".13"), attrs);
+ add(p, "Signature", "SHA512/224withRSA",
+ "sun.security.rsa.RSASignature$SHA512_224withRSA",
+ createAliasesWithOid(rsaOid + ".15"), attrs);
+ add(p, "Signature", "SHA512/256withRSA",
+ "sun.security.rsa.RSASignature$SHA512_256withRSA",
+ createAliasesWithOid(rsaOid + ".16"), attrs);
+
+ add(p, "KeyFactory", "RSASSA-PSS",
+ "sun.security.rsa.RSAKeyFactory$PSS",
+ rsapssAliases, null);
+ add(p, "KeyPairGenerator", "RSASSA-PSS",
+ "sun.security.rsa.RSAKeyPairGenerator$PSS",
+ rsapssAliases, null);
+ add(p, "Signature", "RSASSA-PSS",
+ "sun.security.rsa.RSAPSSSignature",
+ rsapssAliases, attrs);
+ add(p, "AlgorithmParameters", "RSASSA-PSS",
+ "sun.security.rsa.PSSParameters",
+ rsapssAliases, null);
+ }
- map.put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.1.10", "RSASSA-PSS");
- map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
+ public Iterator<Provider.Service> iterator() {
+ return services.iterator();
}
+
+ private LinkedHashSet<Provider.Service> services;
}
diff --git a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java b/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
index 2845dc379..58b791c99 100644
--- a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
+++ b/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
@@ -26,9 +26,12 @@
package sun.security.ssl;
-import static sun.security.util.SecurityConstants.PROVIDER_VER;
-
import java.security.*;
+import java.util.*;
+
+import static sun.security.provider.SunEntries.createAliasesWithOid;
+import static sun.security.util.SecurityConstants.PROVIDER_VER;
+import static sun.security.provider.SunEntries.createAliases;
/**
* The JSSE provider.
@@ -159,79 +162,78 @@ public abstract class SunJSSE extends java.security.Provider {
});
}
+ private void ps(String type, String algo, String cn,
+ List<String> aliases, HashMap<String, String> attrs) {
+ putService(new Provider.Service(this, type, algo, cn, aliases, attrs));
+ }
+
+
private void doRegister(boolean isfips) {
if (isfips == false) {
- put("KeyFactory.RSA",
- "sun.security.rsa.RSAKeyFactory$Legacy");
- put("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA");
- put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA");
-
- put("KeyPairGenerator.RSA",
- "sun.security.rsa.RSAKeyPairGenerator$Legacy");
- put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA");
- put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA");
-
- put("Signature.MD2withRSA",
- "sun.security.rsa.RSASignature$MD2withRSA");
- put("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA");
- put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2",
- "MD2withRSA");
-
- put("Signature.MD5withRSA",
- "sun.security.rsa.RSASignature$MD5withRSA");
- put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA");
- put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4",
- "MD5withRSA");
-
- put("Signature.SHA1withRSA",
- "sun.security.rsa.RSASignature$SHA1withRSA");
- put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA");
- put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5",
- "SHA1withRSA");
- put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA");
- put("Alg.Alias.Signature.OID.1.3.14.3.2.29", "SHA1withRSA");
+ // common oids
+ String rsaOid = "1.2.840.113549.1.1";
+ List<String> rsaAliases = createAliasesWithOid(rsaOid);
+ String sha1withRSAOid2 = "1.3.14.3.2.29";
+
+ // common attribute map
+ HashMap<String, String> attrs = new HashMap<>(3);
+ attrs.put("SupportedKeyClasses",
+ "java.security.interfaces.RSAPublicKey" +
+ "|java.security.interfaces.RSAPrivateKey");
+
+ ps("KeyFactory", "RSA",
+ "sun.security.rsa.RSAKeyFactory$Legacy",
+ rsaAliases, null);
+ ps("KeyPairGenerator", "RSA",
+ "sun.security.rsa.RSAKeyPairGenerator$Legacy",
+ rsaAliases, null);
+ ps("Signature", "MD2withRSA",
+ "sun.security.rsa.RSASignature$MD2withRSA",
+ createAliasesWithOid(rsaOid + ".2"), attrs);
+ ps("Signature", "MD5withRSA",
+ "sun.security.rsa.RSASignature$MD5withRSA",
+ createAliasesWithOid(rsaOid + ".4"), attrs);
+ ps("Signature", "SHA1withRSA",
+ "sun.security.rsa.RSASignature$SHA1withRSA",
+ createAliasesWithOid(rsaOid + ".5", sha1withRSAOid2, "OID." + sha1withRSAOid2), attrs);
}
- put("Signature.MD5andSHA1withRSA",
- "sun.security.ssl.RSASignature");
-
- put("KeyManagerFactory.SunX509",
- "sun.security.ssl.KeyManagerFactoryImpl$SunX509");
- put("KeyManagerFactory.NewSunX509",
- "sun.security.ssl.KeyManagerFactoryImpl$X509");
- put("Alg.Alias.KeyManagerFactory.PKIX", "NewSunX509");
-
- put("TrustManagerFactory.SunX509",
- "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory");
- put("TrustManagerFactory.PKIX",
- "sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory");
- put("Alg.Alias.TrustManagerFactory.SunPKIX", "PKIX");
- put("Alg.Alias.TrustManagerFactory.X509", "PKIX");
- put("Alg.Alias.TrustManagerFactory.X.509", "PKIX");
-
- put("SSLContext.TLSv1",
- "sun.security.ssl.SSLContextImpl$TLS10Context");
- put("SSLContext.TLSv1.1",
- "sun.security.ssl.SSLContextImpl$TLS11Context");
- put("SSLContext.TLSv1.2",
- "sun.security.ssl.SSLContextImpl$TLS12Context");
- put("SSLContext.TLSv1.3",
- "sun.security.ssl.SSLContextImpl$TLS13Context");
- put("SSLContext.TLS",
- "sun.security.ssl.SSLContextImpl$TLSContext");
- if (isfips == false) {
- put("Alg.Alias.SSLContext.SSL", "TLS");
- put("Alg.Alias.SSLContext.SSLv3", "TLSv1");
- }
-
- put("SSLContext.Default",
- "sun.security.ssl.SSLContextImpl$DefaultSSLContext");
+ ps("Signature", "MD5andSHA1withRSA",
+ "sun.security.ssl.RSASignature", null, null);
+
+ ps("KeyManagerFactory", "SunX509",
+ "sun.security.ssl.KeyManagerFactoryImpl$SunX509", null, null);
+ ps("KeyManagerFactory", "NewSunX509",
+ "sun.security.ssl.KeyManagerFactoryImpl$X509",
+ createAliases("PKIX"), null);
+
+ ps("TrustManagerFactory", "SunX509",
+ "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory", null, null);
+ ps("TrustManagerFactory", "PKIX",
+ "sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory",
+ createAliases("SunPKIX", "X509", "X.509"), null);
+
+ ps("SSLContext", "TLSv1",
+ "sun.security.ssl.SSLContextImpl$TLS10Context",
+ (isfips? null : createAliases("SSLv3")), null);
+ ps("SSLContext", "TLSv1.1",
+ "sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
+ ps("SSLContext", "TLSv1.2",
+ "sun.security.ssl.SSLContextImpl$TLS12Context", null, null);
+ ps("SSLContext", "TLSv1.3",
+ "sun.security.ssl.SSLContextImpl$TLS13Context", null, null);
+ ps("SSLContext", "TLS",
+ "sun.security.ssl.SSLContextImpl$TLSContext",
+ (isfips? null : createAliases("SSL")), null);
+
+ ps("SSLContext", "Default",
+ "sun.security.ssl.SSLContextImpl$DefaultSSLContext", null, null);
/*
* KeyStore
*/
- put("KeyStore.PKCS12",
- "sun.security.pkcs12.PKCS12KeyStore");
+ ps("KeyStore", "PKCS12",
+ "sun.security.pkcs12.PKCS12KeyStore", null, null);
}
private void subclassCheck() {
diff --git a/jdk/test/java/security/Provider/BaseProviderValidator.java b/jdk/test/java/security/Provider/BaseProviderValidator.java
new file mode 100644
index 000000000..510529baa
--- /dev/null
+++ b/jdk/test/java/security/Provider/BaseProviderValidator.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Huawei designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Huawei in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional
+ * information or have any questions.
+ */
+
+/*
+ * @bug 7092821
+ * @library ../testlibrary
+ * @summary make sure that Sun providers do not miss any algorithms after
+ * modifying the frameworks underneath
+ * @author Henry Yang
+ */
+
+import java.security.Provider;
+import java.security.Provider.Service;
+
+/**
+ * Base class for a provider validator
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+public abstract class BaseProviderValidator {
+ String providerName;
+ Provider provider;
+
+ public BaseProviderValidator() {
+ provider = getDefaultProvider();
+ providerName = provider.getName();
+ }
+
+ abstract Provider getDefaultProvider();
+
+ abstract boolean validate() throws Exception;
+
+ Service getService(String type, String algo) {
+ return ProviderValidationUtil.getService(provider, type, algo);
+ }
+
+ boolean checkService(String serviceName) {
+ String[] typeAndAlg = ProviderValidationUtil.getTypeAndAlgorithm(serviceName);
+ if(typeAndAlg == null || typeAndAlg.length < 2){
+ throw new RuntimeException("service name is not in a right formation");
+ }
+ return ProviderValidationUtil.checkService(provider, typeAndAlg[0], typeAndAlg[1]);
+ }
+
+ boolean checkAlias(String aliasFullName, String serviceShortName) {
+ return ProviderValidationUtil.checkAlias(provider, aliasFullName, serviceShortName);
+ }
+
+ boolean checkAttribute(String attrName, String attrValue) {
+ String[] nameAndAttr = attrName.split("\\s+");
+ return ProviderValidationUtil.checkAttribute(provider, nameAndAttr[0], nameAndAttr[1], attrValue);
+ }
+}
diff --git a/jdk/test/java/security/Provider/GetServiceRace.java b/jdk/test/java/security/Provider/GetServiceRace.java
new file mode 100644
index 000000000..b5b47b5d9
--- /dev/null
+++ b/jdk/test/java/security/Provider/GetServiceRace.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8231387
+ * @library ../testlibrary
+ * @summary make sure getService() avoids a race
+ * @author Tianmin Shi
+ */
+
+import java.security.Provider;
+
+public class GetServiceRace {
+
+ private static final Provider testProvider;
+ static {
+ testProvider = new Provider("MyProvider", 1.0, "test") {
+ };
+ testProvider.put("CertificateFactory.Fixed", "MyCertificateFactory");
+ }
+
+ private static final int NUMBER_OF_RETRIEVERS = 3;
+ private static final int TEST_TIME_MS = 1000;
+
+ public static boolean testFailed = false;
+
+ public static void main(String[] args) throws Exception {
+ Updater updater = new Updater();
+ updater.start();
+ Retriever [] retrievers = new Retriever[NUMBER_OF_RETRIEVERS];
+ for (int i=0; i<retrievers.length; i++) {
+ retrievers[i] = new Retriever();
+ retrievers[i].start();
+ }
+ Thread.sleep(TEST_TIME_MS);
+ System.out.println("Interrupt");
+ updater.interrupt();
+ updater.join();
+ for (int i=0; i<retrievers.length; i++) {
+ retrievers[i].interrupt();
+ retrievers[i].join();
+ }
+ System.out.println("Done");
+ if (testFailed) {
+ throw new Exception("Test Failed");
+ }
+ System.out.println("Test Passed");
+ }
+
+ private static class Updater extends Thread {
+ @Override
+ public void run() {
+ while (!isInterrupted()) {
+ testProvider.put("CertificateFactory.Added", "MyCertificateFactory");
+ }
+ System.out.println("Updater stopped");
+ }
+ }
+
+ private static class Retriever extends Thread {
+ @Override
+ public void run() {
+ while (!isInterrupted()) {
+ Provider.Service service = testProvider.getService("CertificateFactory", "Fixed");
+ if (service == null) {
+ if (!testFailed) {
+ System.err.println("CertificateFactory.Fixed is NULL");
+ testFailed = true;
+ }
+ } else {
+ //System.out.println("CertificateFactory.Fixed is good");
+ }
+ }
+ System.out.println("Retriever stopped");
+ }
+ }
+}
\ No newline at end of file
diff --git a/jdk/test/java/security/Provider/LegacyPutAlias.java b/jdk/test/java/security/Provider/LegacyPutAlias.java
new file mode 100644
index 000000000..44b0c3d9d
--- /dev/null
+++ b/jdk/test/java/security/Provider/LegacyPutAlias.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import static java.lang.System.out;
+
+import java.security.Provider;
+
+
+/**
+ * @test
+ * @bug 8250787
+ * @summary Ensure that aliases added with Provider.put work for services
+ * regardless which method was use to register the service, Provider.put
+ * or Provider.putService.
+ */
+public class LegacyPutAlias {
+ private static final String LEGACY_ALGO = "SRLegacy";
+ private static final String MODERN_ALGO = "SRModern";
+ private static final String LEGACY_ALIAS = "AliasLegacy";
+ private static final String MODERN_ALIAS = "AliasModern";
+
+ public static void main(String[] args) {
+ checkAlias(LEGACY_ALGO, LEGACY_ALIAS);
+ checkAlias(MODERN_ALGO, MODERN_ALIAS);
+ }
+
+ private static void checkAlias(String algo, String alias) {
+ out.println("Checking alias " + alias + " for " + algo);
+ Provider p = new CustomProvider();
+ p.put("Alg.Alias.SecureRandom." + alias, algo);
+ validate(p, algo, alias);
+ out.println("=> Test Passed");
+ }
+
+ private static void validate(Provider p, String algo, String alias) {
+ Provider.Service s = p.getService("SecureRandom", alias);
+ if (s == null) {
+ throw new RuntimeException("Failed alias " + alias + " check, " +
+ "exp: " + algo + ", got null");
+ }
+ if (!algo.equals(s.getAlgorithm())) {
+ throw new RuntimeException("Failed alias " + alias + " check, " +
+ "exp: " + algo + ", got " + s.getAlgorithm());
+ }
+ }
+
+
+ private static final String SR_IMPLCLASS =
+ "sun.security.provider.SecureRandom";
+ private static class CustomProvider extends Provider {
+ private static class CustomService extends Provider.Service {
+ CustomService(Provider p, String type, String algo, String cName) {
+ super(p, type, algo, cName, null, null);
+ }
+ }
+
+ CustomProvider() {
+ super("CP", 1.0, "test provider that registers two services, " +
+ "one with put and one with putService");
+
+ putService(new CustomService(this, "SecureRandom",
+ MODERN_ALGO, SR_IMPLCLASS));
+ put("SecureRandom." + LEGACY_ALGO, SR_IMPLCLASS);
+ }
+ }
+}
diff --git a/jdk/test/java/security/Provider/ProviderValidationUtil.java b/jdk/test/java/security/Provider/ProviderValidationUtil.java
new file mode 100644
index 000000000..8c4ef89c7
--- /dev/null
+++ b/jdk/test/java/security/Provider/ProviderValidationUtil.java
@@ -0,0 +1,269 @@
+/*
+ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Huawei designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Huawei in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional
+ * information or have any questions.
+ */
+
+/*
+ * @bug 7092821
+ * @library ../testlibrary
+ * @summary make sure that Sun providers do not miss any algorithms after
+ * modifying the frameworks underneath
+ * @author Henry Yang
+ */
+
+import static java.util.Locale.ENGLISH;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.security.Provider;
+import java.security.Provider.Service;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * utils for provider validator
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+public class ProviderValidationUtil {
+ private static final String ALIAS_PREFIX_LOWER = "alg.alias.";
+ private static final int ALIAS_LENGTH = ALIAS_PREFIX_LOWER.length();
+
+ /**
+ * get a service from a provider for a specific algorithm
+ *
+ * @param provider the provider to get a service
+ * @param type algorithm type
+ * @param algo algorithm name
+ * @return the service of the specific algorithm
+ */
+ public static Service getService(Provider provider, String type, String algo) {
+ Service service = provider.getService(type, algo);
+ if (service == null) {
+ throw new ServiceNotFoundException(provider.getName(), getServiceName(type, algo));
+ }
+ return service;
+ }
+
+ /**
+ * checks if the provider offers services for a specific algorithm
+ *
+ * @param provider the provider to check
+ * @param type algorithm type
+ * @param algo algorithm name
+ * @return true if passed this check
+ */
+ public static boolean checkService(Provider provider, String type, String algo) {
+ Service service = getService(provider, type, algo);
+ String className = service.getClassName();
+ if (className == null) {
+ throw new ServiceNotFoundException(provider.getName(), getServiceName(type, algo));
+ }
+ try {
+ Class.forName(className);
+ } catch (ClassNotFoundException e) {
+ throw new ServiceNotFoundException(provider.getName(), getServiceName(type, algo));
+ }
+ return true;
+ }
+
+ private static List<String> getAlias(Service service) {
+ try {
+ Method method = Service.class.getDeclaredMethod("getAliases");
+ method.setAccessible(true);
+ List<String> aliases = (List) method.invoke(service, null);
+ return aliases;
+ } catch (NoSuchMethodException | InvocationTargetException | IllegalAccessException e) {
+ e.printStackTrace();
+ }
+ return Collections.<String>emptyList();
+ }
+
+ /**
+ * check if the provider associates the alias name to the service
+ *
+ * @param provider the provider to check
+ * @param aliasFullName alias
+ * @param serviceShortName service name for short
+ * @return true if passed this check
+ */
+ public static boolean checkAlias(Provider provider, String aliasFullName, String serviceShortName) {
+ if (aliasFullName.toLowerCase(ENGLISH).startsWith(ALIAS_PREFIX_LOWER)) {
+ // for example, in provider defination put("Alg.Alias.MessageDigest.SHA", "SHA-1");
+ // Alg.Alias.MessageDigest.SHA for the aliasFullNanme and SHA-1 for serviceShortName
+ // the aliasKey is MessageDigest.SHA
+ String aliasKey = aliasFullName.substring(ALIAS_LENGTH);
+ String[] typeAndAlg = getTypeAndAlgorithm(aliasKey);
+ if (typeAndAlg == null || typeAndAlg.length < 2) {
+ throw new NameMalFormatException("alias name and type cannot be null");
+ }
+ String type = typeAndAlg[0];
+ String aliasAlg = typeAndAlg[1].intern();
+ Service aliasService = provider.getService(type, aliasAlg);
+ if (aliasService == null) {
+ throw new ServiceNotFoundException(provider.getName(), getServiceName(type, aliasAlg));
+ }
+ Service service = provider.getService(type, serviceShortName);
+ if (service == null) {
+ throw new ServiceNotFoundException(provider.getName(), getServiceName(type, serviceShortName));
+ }
+ if (service != aliasService || !checkAliasInService(service, aliasAlg)) {
+ throw new AliasNotMatchedException(
+ getServiceName(type, aliasAlg), getServiceName(type, serviceShortName));
+ }
+ } else {
+ throw new NameMalFormatException("Alias name is not in a proper format");
+ }
+ return true;
+ }
+
+ private static boolean checkAliasInService(Service service, String... aliasArray) {
+ List<String> aliases = getAlias(service);
+ Set<String> aliasesSet = new HashSet<>();
+ aliasesSet.addAll(aliases);
+ for (String aliasName : aliasArray) {
+ if (!aliasesSet.contains(aliasName)) {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ /**
+ * check if the service has a specific attribute with the correct value in the provider
+ *
+ * @param provider the provider to check
+ * @param serviceName service name
+ * @param attrName attribute name
+ * @param attrValue attribute value
+ * @return true if passed this check
+ */
+ public static boolean checkAttribute(Provider provider, String serviceName, String attrName, String attrValue) {
+ String[] typeAndAlg = getTypeAndAlgorithm(serviceName);
+ if (typeAndAlg == null || typeAndAlg.length < 2) {
+ throw new NameMalFormatException("service name is not in a right formation");
+ }
+ Service service = getService(provider, typeAndAlg[0], typeAndAlg[1]);
+ return checkAttribute(service, attrName, attrValue);
+ }
+
+ private static boolean checkAttribute(Service service, String attrName, String attrValue) {
+ if (!attrValue.equals(service.getAttribute(attrName))) {
+ throw new AttributeNotFoundException(service.getType(), service.getAlgorithm(), attrName, attrValue);
+ }
+ return true;
+ }
+
+ private static String getServiceName(String type, String algo) {
+ return type + "." + algo;
+ }
+
+ /**
+ * seperate algorithm key with type and name
+ *
+ * @param key algorithm full name
+ * @return string array with algorithm type and name
+ */
+ public static String[] getTypeAndAlgorithm(String key) {
+ int index = key.indexOf('.');
+ if (index < 1) {
+ return new String[0];
+ }
+ String type = key.substring(0, index);
+ String alg = key.substring(index + 1);
+ return new String[] {type, alg};
+ }
+
+ /**
+ * throws this exception if we cannot find the service in the provider
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+ public static class ServiceNotFoundException extends RuntimeException {
+ public ServiceNotFoundException(String provider, String serviceName) {
+ this("faild to find " + serviceName + " in " + provider + " provider");
+ }
+
+ public ServiceNotFoundException(String message) {
+ super(message);
+ }
+ }
+
+ /**
+ * throws this exception if we cannot find the attribute in the service
+ * or the attribute value is not correct
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+ public static class AttributeNotFoundException extends RuntimeException {
+ public AttributeNotFoundException(String type, String algo, String attrName, String attrValue) {
+ this(
+ "faild "
+ + type
+ + "."
+ + algo
+ + " '"
+ + attrName
+ + "' attribute check, "
+ + "the correct value should be '"
+ + attrValue
+ + "'");
+ }
+
+ public AttributeNotFoundException(String message) {
+ super(message);
+ }
+ }
+
+ /**
+ * throws this exception if we cannot find the alias name in the provider
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+ public static class AliasNotMatchedException extends RuntimeException {
+ public AliasNotMatchedException(String aliasName, String serviceName) {
+ this("faild to find alias name " + aliasName + " in " + serviceName);
+ }
+
+ public AliasNotMatchedException(String message) {
+ super(message);
+ }
+ }
+
+ /**
+ * throws this exception if the name is in a malformation
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+ public static class NameMalFormatException extends RuntimeException {
+ public NameMalFormatException(String message) {
+ super(message);
+ }
+ }
+}
diff --git a/jdk/test/java/security/Provider/SunJCEValidator.java b/jdk/test/java/security/Provider/SunJCEValidator.java
new file mode 100644
index 000000000..314abb380
--- /dev/null
+++ b/jdk/test/java/security/Provider/SunJCEValidator.java
@@ -0,0 +1,574 @@
+/*
+ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Huawei designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Huawei in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional
+ * information or have any questions.
+ */
+
+/*
+ * @test
+ * @bug 7092821
+ * @library ../testlibrary
+ * @summary make sure that Sun providers do not miss any algorithms after
+ * modifying the frameworks underneath
+ * @author Henry Yang
+ */
+
+/*
+ *- @TestCaseID:Provider/SunJCEValidator.java
+ *- @TestCaseName:Provider/SunJCEValidator.java
+ *- @TestCaseType:Function test
+ *- @RequirementID:AR.SR.IREQ02758058.001.001
+ *- @RequirementName: java.security.Provider.getService() is synchronized and became scalability bottleneck
+ *- @Condition:JDK8u302及以后
+ *- @Brief:测试相应provider更改底层架构以后所提供的service是否与原先有差异以openJDK8u302为准
+ * -#step:比较openJDK8u302 SunJceProvider与此特性修改后的SunJceProvider所提供的service是否一致
+ *- @Expect:正常运行
+ *- @Priority:Level 1
+ */
+
+import com.sun.crypto.provider.SunJCE;
+
+import java.security.Provider;
+
+/**
+ * validator for SunJCE provider, make sure we do not miss any algorithm
+ * after the modification.
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+public class SunJCEValidator extends BaseProviderValidator {
+ private static final String OID_PKCS12_RC4_128 = "1.2.840.113549.1.12.1.1";
+ private static final String OID_PKCS12_RC4_40 = "1.2.840.113549.1.12.1.2";
+ private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3";
+ private static final String OID_PKCS12_RC2_128 = "1.2.840.113549.1.12.1.5";
+ private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6";
+ private static final String OID_PKCS5_MD5_DES = "1.2.840.113549.1.5.3";
+ private static final String OID_PKCS5_PBKDF2 = "1.2.840.113549.1.5.12";
+ private static final String OID_PKCS5_PBES2 = "1.2.840.113549.1.5.13";
+ private static final String OID_PKCS3 = "1.2.840.113549.1.3.1";
+
+ public static void main(String[] args) throws Exception {
+ SunJCEValidator validator = new SunJCEValidator();
+ validator.validate();
+ }
+
+ @Override
+ Provider getDefaultProvider() {
+ return new SunJCE();
+ }
+
+ @Override
+ boolean validate() throws Exception {
+ final String BLOCK_MODES =
+ "ECB|CBC|PCBC|CTR|CTS|CFB|OFB"
+ + "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64"
+ + "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64";
+ final String BLOCK_MODES128 =
+ BLOCK_MODES
+ + "|GCM|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128"
+ + "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128";
+ final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING";
+
+ /*
+ * Cipher engines
+ */
+ checkService("Cipher.RSA");
+ checkAttribute("Cipher.RSA SupportedModes", "ECB");
+ checkAttribute(
+ "Cipher.RSA SupportedPaddings",
+ "NOPADDING|PKCS1PADDING|OAEPPADDING"
+ + "|OAEPWITHMD5ANDMGF1PADDING"
+ + "|OAEPWITHSHA1ANDMGF1PADDING"
+ + "|OAEPWITHSHA-1ANDMGF1PADDING"
+ + "|OAEPWITHSHA-224ANDMGF1PADDING"
+ + "|OAEPWITHSHA-256ANDMGF1PADDING"
+ + "|OAEPWITHSHA-384ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
+ checkAttribute(
+ "Cipher.RSA SupportedKeyClasses",
+ "java.security.interfaces.RSAPublicKey" + "|java.security.interfaces.RSAPrivateKey");
+
+ checkService("Cipher.DES");
+ checkAttribute("Cipher.DES SupportedModes", BLOCK_MODES);
+ checkAttribute("Cipher.DES SupportedPaddings", BLOCK_PADS);
+ checkAttribute("Cipher.DES SupportedKeyFormats", "RAW");
+
+ checkService("Cipher.DESede");
+ checkAlias("Alg.Alias.Cipher.TripleDES", "DESede");
+ checkAttribute("Cipher.DESede SupportedModes", BLOCK_MODES);
+ checkAttribute("Cipher.DESede SupportedPaddings", BLOCK_PADS);
+ checkAttribute("Cipher.DESede SupportedKeyFormats", "RAW");
+
+ checkService("Cipher.DESedeWrap");
+ checkAttribute("Cipher.DESedeWrap SupportedModes", "CBC");
+ checkAttribute("Cipher.DESedeWrap SupportedPaddings", "NOPADDING");
+ checkAttribute("Cipher.DESedeWrap SupportedKeyFormats", "RAW");
+ System.out.println("Cipher engines check passed");
+
+ // PBES1
+ checkService("Cipher.PBEWithMD5AndDES");
+ checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES");
+ checkAlias("Alg.Alias.Cipher." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES");
+
+ checkService("Cipher.PBEWithMD5AndTripleDES");
+
+ checkService("Cipher.PBEWithSHA1AndDESede");
+ checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede");
+ checkAlias("Alg.Alias.Cipher." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede");
+
+ checkService("Cipher.PBEWithSHA1AndRC2_40");
+ checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40");
+ checkAlias("Alg.Alias.Cipher." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40");
+
+ checkService("Cipher.PBEWithSHA1AndRC2_128");
+ checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128");
+ checkAlias("Alg.Alias.Cipher." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128");
+
+ checkService("Cipher.PBEWithSHA1AndRC4_40");
+ checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40");
+ checkAlias("Alg.Alias.Cipher." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40");
+
+ checkService("Cipher.PBEWithSHA1AndRC4_128");
+ checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128");
+ checkAlias("Alg.Alias.Cipher." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128");
+ System.out.println("PBES1 check passed");
+
+ // PBES2
+
+ checkService("Cipher.PBEWithHmacSHA1AndAES_128");
+
+ checkService("Cipher.PBEWithHmacSHA224AndAES_128");
+
+ checkService("Cipher.PBEWithHmacSHA256AndAES_128");
+
+ checkService("Cipher.PBEWithHmacSHA384AndAES_128");
+
+ checkService("Cipher.PBEWithHmacSHA512AndAES_128");
+
+ checkService("Cipher.PBEWithHmacSHA1AndAES_256");
+
+ checkService("Cipher.PBEWithHmacSHA224AndAES_256");
+
+ checkService("Cipher.PBEWithHmacSHA256AndAES_256");
+
+ checkService("Cipher.PBEWithHmacSHA384AndAES_256");
+
+ checkService("Cipher.PBEWithHmacSHA512AndAES_256");
+
+ checkService("Cipher.Blowfish");
+ checkAttribute("Cipher.Blowfish SupportedModes", BLOCK_MODES);
+ checkAttribute("Cipher.Blowfish SupportedPaddings", BLOCK_PADS);
+ checkAttribute("Cipher.Blowfish SupportedKeyFormats", "RAW");
+
+ checkService("Cipher.AES");
+ checkAlias("Alg.Alias.Cipher.Rijndael", "AES");
+ checkAttribute("Cipher.AES SupportedModes", BLOCK_MODES128);
+ checkAttribute("Cipher.AES SupportedPaddings", BLOCK_PADS);
+ checkAttribute("Cipher.AES SupportedKeyFormats", "RAW");
+
+ checkService("Cipher.AES_128/ECB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding");
+ checkService("Cipher.AES_128/CBC/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding");
+ checkService("Cipher.AES_128/OFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding");
+ checkService("Cipher.AES_128/CFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding");
+ checkService("Cipher.AES_128/GCM/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding");
+
+ checkService("Cipher.AES_192/ECB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding");
+ checkService("Cipher.AES_192/CBC/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding");
+ checkService("Cipher.AES_192/OFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding");
+ checkService("Cipher.AES_192/CFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding");
+ checkService("Cipher.AES_192/GCM/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding");
+
+ checkService("Cipher.AES_256/ECB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding");
+ checkService("Cipher.AES_256/CBC/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding");
+ checkService("Cipher.AES_256/OFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding");
+ checkService("Cipher.AES_256/CFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding");
+ checkService("Cipher.AES_256/GCM/NoPadding");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding");
+
+ checkService("Cipher.AESWrap");
+ checkAttribute("Cipher.AESWrap SupportedModes", "ECB");
+ checkAttribute("Cipher.AESWrap SupportedPaddings", "NOPADDING");
+ checkAttribute("Cipher.AESWrap SupportedKeyFormats", "RAW");
+
+ checkService("Cipher.AESWrap_128");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.5", "AESWrap_128");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.5", "AESWrap_128");
+ checkService("Cipher.AESWrap_192");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.25", "AESWrap_192");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.25", "AESWrap_192");
+ checkService("Cipher.AESWrap_256");
+ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.45", "AESWrap_256");
+ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.45", "AESWrap_256");
+
+ checkService("Cipher.RC2");
+ checkAttribute("Cipher.RC2 SupportedModes", BLOCK_MODES);
+ checkAttribute("Cipher.RC2 SupportedPaddings", BLOCK_PADS);
+ checkAttribute("Cipher.RC2 SupportedKeyFormats", "RAW");
+
+ checkService("Cipher.ARCFOUR");
+ checkAlias("Alg.Alias.Cipher.RC4", "ARCFOUR");
+ checkAttribute("Cipher.ARCFOUR SupportedModes", "ECB");
+ checkAttribute("Cipher.ARCFOUR SupportedPaddings", "NOPADDING");
+ checkAttribute("Cipher.ARCFOUR SupportedKeyFormats", "RAW");
+ System.out.println("PBES2 check passed");
+
+ /*
+ * Key(pair) Generator engines
+ */
+ checkService("KeyGenerator.DES");
+
+ checkService("KeyGenerator.DESede");
+ checkAlias("Alg.Alias.KeyGenerator.TripleDES", "DESede");
+
+ checkService("KeyGenerator.Blowfish");
+
+ checkService("KeyGenerator.AES");
+ checkAlias("Alg.Alias.KeyGenerator.Rijndael", "AES");
+
+ checkService("KeyGenerator.RC2");
+ checkService("KeyGenerator.ARCFOUR");
+ checkAlias("Alg.Alias.KeyGenerator.RC4", "ARCFOUR");
+
+ checkService("KeyGenerator.HmacMD5");
+
+ checkService("KeyGenerator.HmacSHA1");
+ checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.7", "HmacSHA1");
+ checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.7", "HmacSHA1");
+
+ checkService("KeyGenerator.HmacSHA224");
+ checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.8", "HmacSHA224");
+ checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.8", "HmacSHA224");
+
+ checkService("KeyGenerator.HmacSHA256");
+ checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.9", "HmacSHA256");
+ checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.9", "HmacSHA256");
+
+ checkService("KeyGenerator.HmacSHA384");
+ checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.10", "HmacSHA384");
+ checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.10", "HmacSHA384");
+
+ checkService("KeyGenerator.HmacSHA512");
+ checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.11", "HmacSHA512");
+ checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.11", "HmacSHA512");
+
+ checkService("KeyPairGenerator.DiffieHellman");
+ checkAlias("Alg.Alias.KeyPairGenerator.DH", "DiffieHellman");
+ checkAlias("Alg.Alias.KeyPairGenerator.OID." + OID_PKCS3, "DiffieHellman");
+ checkAlias("Alg.Alias.KeyPairGenerator." + OID_PKCS3, "DiffieHellman");
+ System.out.println("Key(pair) Generator engines check passed");
+
+ /*
+ * Algorithm parameter generation engines
+ */
+ checkService("AlgorithmParameterGenerator.DiffieHellman");
+ checkAlias("Alg.Alias.AlgorithmParameterGenerator.DH", "DiffieHellman");
+ checkAlias("Alg.Alias.AlgorithmParameterGenerator.OID." + OID_PKCS3, "DiffieHellman");
+ checkAlias("Alg.Alias.AlgorithmParameterGenerator." + OID_PKCS3, "DiffieHellman");
+ System.out.println("Algorithm parameter generation engines check passed");
+
+ /*
+ * Key Agreement engines
+ */
+ checkService("KeyAgreement.DiffieHellman");
+ checkAlias("Alg.Alias.KeyAgreement.DH", "DiffieHellman");
+ checkAlias("Alg.Alias.KeyAgreement.OID." + OID_PKCS3, "DiffieHellman");
+ checkAlias("Alg.Alias.KeyAgreement." + OID_PKCS3, "DiffieHellman");
+
+ checkAttribute(
+ "KeyAgreement.DiffieHellman SupportedKeyClasses",
+ "javax.crypto.interfaces.DHPublicKey" + "|javax.crypto.interfaces.DHPrivateKey");
+ System.out.println("Key Agreement engines check passed");
+
+ /*
+ * Algorithm Parameter engines
+ */
+ checkService("AlgorithmParameters.DiffieHellman");
+ checkAlias("Alg.Alias.AlgorithmParameters.DH", "DiffieHellman");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS3, "DiffieHellman");
+ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS3, "DiffieHellman");
+
+ checkService("AlgorithmParameters.DES");
+
+ checkService("AlgorithmParameters.DESede");
+ checkAlias("Alg.Alias.AlgorithmParameters.TripleDES", "DESede");
+
+ checkService("AlgorithmParameters.PBE");
+
+ checkService("AlgorithmParameters.PBEWithMD5AndDES");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES");
+ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES");
+
+ checkService("AlgorithmParameters.PBEWithMD5AndTripleDES");
+
+ checkService("AlgorithmParameters.PBEWithSHA1AndDESede");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede");
+ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede");
+
+ checkService("AlgorithmParameters.PBEWithSHA1AndRC2_40");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40");
+ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40");
+
+ checkService("AlgorithmParameters.PBEWithSHA1AndRC2_128");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128");
+ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128");
+
+ checkService("AlgorithmParameters.PBEWithSHA1AndRC4_40");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40");
+ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40");
+
+ checkService("AlgorithmParameters.PBEWithSHA1AndRC4_128");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128");
+ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128");
+
+ checkService("AlgorithmParameters.PBES2");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS5_PBES2, "PBES2");
+ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS5_PBES2, "PBES2");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA1AndAES_128");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA224AndAES_128");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA256AndAES_128");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA384AndAES_128");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA512AndAES_128");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA1AndAES_256");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA224AndAES_256");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA256AndAES_256");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA384AndAES_256");
+
+ checkService("AlgorithmParameters.PBEWithHmacSHA512AndAES_256");
+
+ checkService("AlgorithmParameters.Blowfish");
+
+ checkService("AlgorithmParameters.AES");
+ checkAlias("Alg.Alias.AlgorithmParameters.Rijndael", "AES");
+ checkService("AlgorithmParameters.GCM");
+
+ checkService("AlgorithmParameters.RC2");
+
+ checkService("AlgorithmParameters.OAEP");
+ System.out.println("Algorithm Parameter engines check passed");
+
+ /*
+ * Key factories
+ */
+ checkService("KeyFactory.DiffieHellman");
+ checkAlias("Alg.Alias.KeyFactory.DH", "DiffieHellman");
+ checkAlias("Alg.Alias.KeyFactory.OID." + OID_PKCS3, "DiffieHellman");
+ checkAlias("Alg.Alias.KeyFactory." + OID_PKCS3, "DiffieHellman");
+ System.out.println("Key factories check passed");
+
+ /*
+ * Secret-key factories
+ */
+ checkService("SecretKeyFactory.DES");
+
+ checkService("SecretKeyFactory.DESede");
+ checkAlias("Alg.Alias.SecretKeyFactory.TripleDES", "DESede");
+
+ checkService("SecretKeyFactory.PBEWithMD5AndDES");
+ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES");
+ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES");
+
+ checkAlias("Alg.Alias.SecretKeyFactory.PBE", "PBEWithMD5AndDES");
+
+ /*
+ * Internal in-house crypto algorithm used for
+ * the JCEKS keystore type. Since this was developed
+ * internally, there isn't an OID corresponding to this
+ * algorithm.
+ */
+ checkService("SecretKeyFactory.PBEWithMD5AndTripleDES");
+
+ checkService("SecretKeyFactory.PBEWithSHA1AndDESede");
+ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede");
+ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede");
+
+ checkService("SecretKeyFactory.PBEWithSHA1AndRC2_40");
+ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40");
+ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40");
+
+ checkService("SecretKeyFactory.PBEWithSHA1AndRC2_128");
+ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128");
+ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128");
+
+ checkService("SecretKeyFactory.PBEWithSHA1AndRC4_40");
+
+ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40");
+ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40");
+
+ checkService("SecretKeyFactory.PBEWithSHA1AndRC4_128");
+
+ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128");
+ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA1AndAES_128");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA224AndAES_128");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA256AndAES_128");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA384AndAES_128");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA512AndAES_128");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA1AndAES_256");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA224AndAES_256");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA256AndAES_256");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA384AndAES_256");
+
+ checkService("SecretKeyFactory.PBEWithHmacSHA512AndAES_256");
+ System.out.println("crypto algorithm for JCEKS keystore check passed ");
+
+ // PBKDF2
+
+ checkService("SecretKeyFactory.PBKDF2WithHmacSHA1");
+ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2, "PBKDF2WithHmacSHA1");
+ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2, "PBKDF2WithHmacSHA1");
+
+ checkService("SecretKeyFactory.PBKDF2WithHmacSHA224");
+ checkService("SecretKeyFactory.PBKDF2WithHmacSHA256");
+ checkService("SecretKeyFactory.PBKDF2WithHmacSHA384");
+ checkService("SecretKeyFactory.PBKDF2WithHmacSHA512");
+
+ System.out.println("PBKDF2 check passed");
+
+ /*
+ * MAC
+ */
+ checkService("Mac.HmacMD5");
+ checkService("Mac.HmacSHA1");
+ checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.7", "HmacSHA1");
+ checkAlias("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1");
+ checkService("Mac.HmacSHA224");
+ checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.8", "HmacSHA224");
+ checkAlias("Alg.Alias.Mac.1.2.840.113549.2.8", "HmacSHA224");
+ checkService("Mac.HmacSHA256");
+ checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.9", "HmacSHA256");
+ checkAlias("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256");
+ checkService("Mac.HmacSHA384");
+ checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.10", "HmacSHA384");
+ checkAlias("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384");
+ checkService("Mac.HmacSHA512");
+ checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.11", "HmacSHA512");
+ checkAlias("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512");
+ checkService("Mac.HmacPBESHA1");
+
+ System.out.println("MAC check passed");
+
+ // PBMAC1
+
+ checkService("Mac.PBEWithHmacSHA1");
+ checkService("Mac.PBEWithHmacSHA224");
+ checkService("Mac.PBEWithHmacSHA256");
+ checkService("Mac.PBEWithHmacSHA384");
+ checkService("Mac.PBEWithHmacSHA512");
+
+ checkService("Mac.SslMacMD5");
+ checkService("Mac.SslMacSHA1");
+
+ checkAttribute("Mac.HmacMD5 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.HmacSHA1 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.HmacSHA224 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.HmacSHA256 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.PBEWithHmacSHA1 SupportedKeyFormatS", "RAW");
+ checkAttribute("Mac.PBEWithHmacSHA224 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.PBEWithHmacSHA256 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.PBEWithHmacSHA384 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.PBEWithHmacSHA512 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.SslMacMD5 SupportedKeyFormats", "RAW");
+ checkAttribute("Mac.SslMacSHA1 SupportedKeyFormats", "RAW");
+ System.out.println("PBMAC1 check passed");
+
+ /*
+ * KeyStore
+ */
+ checkService("KeyStore.JCEKS");
+ System.out.println("KeyStore check passed");
+
+ /*
+ * SSL/TLS mechanisms
+ *
+ * These are strictly internal implementations and may
+ * be changed at any time. These names were chosen
+ * because PKCS11/SunPKCS11 does not yet have TLS1.2
+ * mechanisms, and it will cause calls to come here.
+ */
+ checkService("KeyGenerator.SunTlsPrf");
+ checkService("KeyGenerator.SunTls12Prf");
+
+ checkService("KeyGenerator.SunTlsMasterSecret");
+ checkAlias("Alg.Alias.KeyGenerator.SunTls12MasterSecret", "SunTlsMasterSecret");
+ checkAlias("Alg.Alias.KeyGenerator.SunTlsExtendedMasterSecret", "SunTlsMasterSecret");
+
+ checkService("KeyGenerator.SunTlsKeyMaterial");
+ checkAlias("Alg.Alias.KeyGenerator.SunTls12KeyMaterial", "SunTlsKeyMaterial");
+
+ checkService("KeyGenerator.SunTlsRsaPremasterSecret");
+ checkAlias("Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret", "SunTlsRsaPremasterSecret");
+ System.out.println("SSL/TLS mechanisms check passed");
+ return true;
+ }
+}
diff --git a/jdk/test/java/security/Provider/SunJSSEValidator.java b/jdk/test/java/security/Provider/SunJSSEValidator.java
new file mode 100644
index 000000000..5817c3b7f
--- /dev/null
+++ b/jdk/test/java/security/Provider/SunJSSEValidator.java
@@ -0,0 +1,137 @@
+/*
+ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Huawei designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Huawei in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional
+ * information or have any questions.
+ */
+
+/*
+ * @test
+ * @bug 7092821
+ * @library ../testlibrary
+ * @summary make sure that Sun providers do not miss any algorithms after
+ * modifying the frameworks underneath
+ * @author Henry Yang
+ */
+
+/*
+ *- @TestCaseID:Provider/SunJSSEValidator.java
+ *- @TestCaseName:Provider/SunJSSEValidator.java
+ *- @TestCaseType:Function test
+ *- @RequirementID:AR.SR.IREQ02758058.001.001
+ *- @RequirementName: java.security.Provider.getService() is synchronized and became scalability bottleneck
+ *- @Condition:JDK8u302及以后
+ *- @Brief:测试相应provider更改底层架构以后所提供的service是否与原先有差异以openJDK8u302为准
+ * -#step:比较openJDK8u302 SunJSSEProvider与此特性修改后的SunJSSEProvider所提供的service是否一致
+ *- @Expect:正常运行
+ *- @Priority:Level 1
+ */
+
+import java.security.Provider;
+import java.util.Locale;
+
+/**
+ * validator for SunJSSE provider, make sure we do not miss any algorithm
+ * after the modification.
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+public class SunJSSEValidator extends BaseProviderValidator {
+ private boolean fips = false;
+
+ public static void main(String[] args) throws Exception {
+ SunJSSEValidator validator = new SunJSSEValidator();
+ if (args != null && args.length > 0) {
+ String fipsStr = args[0].toLowerCase(Locale.ENGLISH);
+ if (!"true".equals(fipsStr) && !"false".equals(fipsStr)) {
+ throw new RuntimeException("Fips mode argument should be a boolean value");
+ }
+ validator.setFips(Boolean.parseBoolean(fipsStr));
+ }
+ validator.validate();
+ }
+
+ public void setFips(boolean isFips) {
+ this.fips = isFips;
+ }
+
+ @Override
+ Provider getDefaultProvider() {
+ return new com.sun.net.ssl.internal.ssl.Provider();
+ }
+
+ @Override
+ boolean validate() throws Exception {
+ if (fips == false) {
+ checkService("KeyFactory.RSA");
+ checkAlias("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA");
+ checkAlias("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA");
+
+ checkService("KeyPairGenerator.RSA");
+ checkAlias("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA");
+ checkAlias("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA");
+
+ checkService("Signature.MD2withRSA");
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2", "MD2withRSA");
+
+ checkService("Signature.MD5withRSA");
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", "MD5withRSA");
+
+ checkService("Signature.SHA1withRSA");
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA");
+ checkAlias("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.3.14.3.2.29", "SHA1withRSA");
+ }
+ checkService("Signature.MD5andSHA1withRSA");
+
+ checkService("KeyManagerFactory.SunX509");
+ checkService("KeyManagerFactory.NewSunX509");
+ checkAlias("Alg.Alias.KeyManagerFactory.PKIX", "NewSunX509");
+
+ checkService("TrustManagerFactory.SunX509");
+ checkService("TrustManagerFactory.PKIX");
+ checkAlias("Alg.Alias.TrustManagerFactory.SunPKIX", "PKIX");
+ checkAlias("Alg.Alias.TrustManagerFactory.X509", "PKIX");
+ checkAlias("Alg.Alias.TrustManagerFactory.X.509", "PKIX");
+
+ checkService("SSLContext.TLSv1");
+ checkService("SSLContext.TLSv1.1");
+ checkService("SSLContext.TLSv1.2");
+ checkService("SSLContext.TLSv1.3");
+ checkService("SSLContext.TLS");
+ if (fips == false) {
+ checkAlias("Alg.Alias.SSLContext.SSL", "TLS");
+ checkAlias("Alg.Alias.SSLContext.SSLv3", "TLSv1");
+ }
+
+ checkService("SSLContext.Default");
+
+ /*
+ * KeyStore
+ */
+ checkService("KeyStore.PKCS12");
+ System.out.println("SunJSSE check passed");
+ return true;
+ }
+}
diff --git a/jdk/test/java/security/Provider/SunRsaSignValidator.java b/jdk/test/java/security/Provider/SunRsaSignValidator.java
new file mode 100644
index 000000000..66fb33a44
--- /dev/null
+++ b/jdk/test/java/security/Provider/SunRsaSignValidator.java
@@ -0,0 +1,154 @@
+/*
+ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Huawei designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Huawei in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional
+ * information or have any questions.
+ */
+
+/*
+ * @test
+ * @bug 7092821
+ * @library ../testlibrary
+ * @summary make sure that Sun providers do not miss any algorithms after
+ * modifying the frameworks underneath
+ * @author Henry Yang
+ */
+
+/*
+ *- @TestCaseID:Provider/SunRsaSignValidator.java
+ *- @TestCaseName:Provider/SunRsaSignValidator.java
+ *- @TestCaseType:Function test
+ *- @RequirementID:AR.SR.IREQ02758058.001.001
+ *- @RequirementName: java.security.Provider.getService() is synchronized and became scalability bottleneck
+ *- @Condition:JDK8u302及以后
+ *- @Brief:测试相应provider更改底层架构以后所提供的service是否与原先有差异以openJDK8u302为准
+ * -#step:比较openJDK8u302 SunRsaSignProvider与此特性修改后的SunRsaSignProvider所提供的service是否一致
+ *- @Expect:正常运行
+ *- @Priority:Level 1
+ */
+
+import sun.security.rsa.SunRsaSign;
+
+import java.security.Provider;
+
+/**
+ * validator for SunRsaSign provider, make sure we do not miss any algorithm
+ * after the modification.
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+public class SunRsaSignValidator extends BaseProviderValidator {
+ public static void main(String[] args) throws Exception {
+ SunRsaSignValidator validator = new SunRsaSignValidator();
+ validator.validate();
+ }
+
+ @Override
+ Provider getDefaultProvider() {
+ return new SunRsaSign();
+ }
+
+ @Override
+ boolean validate() throws Exception {
+ // main algorithms
+ checkService("KeyFactory.RSA");
+ checkService("KeyPairGenerator.RSA");
+ checkService("Signature.MD2withRSA");
+ checkService("Signature.MD5withRSA");
+ checkService("Signature.SHA1withRSA");
+ checkService("Signature.SHA224withRSA");
+ checkService("Signature.SHA256withRSA");
+ checkService("Signature.SHA384withRSA");
+ checkService("Signature.SHA512withRSA");
+ checkService("Signature.SHA512/224withRSA");
+ checkService("Signature.SHA512/256withRSA");
+
+ checkService("KeyFactory.RSASSA-PSS");
+ checkService("KeyPairGenerator.RSASSA-PSS");
+ checkService("Signature.RSASSA-PSS");
+ checkService("AlgorithmParameters.RSASSA-PSS");
+
+ System.out.println("service check passed");
+
+ // attributes for supported key classes
+ String rsaKeyClasses = "java.security.interfaces.RSAPublicKey" + "|java.security.interfaces.RSAPrivateKey";
+ checkAttribute("Signature.MD2withRSA SupportedKeyClasses", rsaKeyClasses);
+ checkAttribute("Signature.MD5withRSA SupportedKeyClasses", rsaKeyClasses);
+ checkAttribute("Signature.SHA1withRSA SupportedKeyClasses", rsaKeyClasses);
+ checkAttribute("Signature.SHA224withRSA SupportedKeyClasses", rsaKeyClasses);
+ checkAttribute("Signature.SHA256withRSA SupportedKeyClasses", rsaKeyClasses);
+ checkAttribute("Signature.SHA384withRSA SupportedKeyClasses", rsaKeyClasses);
+ checkAttribute("Signature.SHA512withRSA SupportedKeyClasses", rsaKeyClasses);
+ checkAttribute("Signature.SHA512/224withRSA SupportedKeyClasses", rsaKeyClasses);
+ checkAttribute("Signature.SHA512/256withRSA SupportedKeyClasses", rsaKeyClasses);
+ checkAttribute("Signature.RSASSA-PSS SupportedKeyClasses", rsaKeyClasses);
+
+ System.out.println("attribute check passed");
+
+ // aliases
+ checkAlias("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA");
+ checkAlias("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA");
+
+ checkAlias("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA");
+ checkAlias("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA");
+
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2", "MD2withRSA");
+
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", "MD5withRSA");
+
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA");
+ checkAlias("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA");
+
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.14", "SHA224withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.14", "SHA224withRSA");
+
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.11", "SHA256withRSA");
+
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.12", "SHA384withRSA");
+
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.13", "SHA512withRSA");
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.15", "SHA512/224withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.15", "SHA512/224withRSA");
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.16", "SHA512/256withRSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.16", "SHA512/256withRSA");
+
+ checkAlias("Alg.Alias.KeyFactory.1.2.840.113549.1.1.10", "RSASSA-PSS");
+ checkAlias("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
+
+ checkAlias("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.10", "RSASSA-PSS");
+ checkAlias("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
+
+ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.10", "RSASSA-PSS");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
+
+ checkAlias("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.1.10", "RSASSA-PSS");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
+
+ System.out.println("check alias passed");
+ return true;
+ }
+}
diff --git a/jdk/test/java/security/Provider/SunValidator.java b/jdk/test/java/security/Provider/SunValidator.java
new file mode 100644
index 000000000..3f4b81222
--- /dev/null
+++ b/jdk/test/java/security/Provider/SunValidator.java
@@ -0,0 +1,263 @@
+/*
+ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Huawei designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Huawei in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional
+ * information or have any questions.
+ */
+
+/*
+ * @test
+ * @bug 7092821
+ * @library ../testlibrary
+ * @summary make sure that Sun providers do not miss any algorithms after
+ * modifying the frameworks underneath
+ * @author Henry Yang
+ */
+
+/*
+ *- @TestCaseID:Provider/SunValidator.java
+ *- @TestCaseName:Provider/SunValidator.java
+ *- @TestCaseType:Function test
+ *- @RequirementID:AR.SR.IREQ02758058.001.001
+ *- @RequirementName: java.security.Provider.getService() is synchronized and became scalability bottleneck
+ *- @Condition:JDK8u302及以后
+ *- @Brief:测试相应provider更改底层架构以后所提供的service是否与原先有差异以openJDK8u302为准
+ * -#step:比较openJDK8u302 SunProvider与此特性修改后的SunProvider所提供的service是否一致
+ *- @Expect:正常运行
+ *- @Priority:Level 1
+ */
+
+import sun.security.provider.NativePRNG;
+import sun.security.provider.Sun;
+
+import java.lang.reflect.Method;
+import java.security.Provider;
+
+/**
+ * validator for Sun provider, make sure we do not miss any algorithm
+ * after the modification.
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+public class SunValidator extends BaseProviderValidator {
+ public static void main(String[] args) throws Exception {
+ SunValidator validator = new SunValidator();
+ validator.validate();
+ }
+
+ @Override
+ Provider getDefaultProvider() {
+ return new Sun();
+ }
+
+ @Override
+ public boolean validate() throws Exception {
+ Method nativeAvailableMethod = NativePRNG.class.getDeclaredMethod("isAvailable");
+ nativeAvailableMethod.setAccessible(true);
+ boolean nativeAvailable = (Boolean) nativeAvailableMethod.invoke(null);
+ if (nativeAvailable) {
+ checkService("SecureRandom.NativePRNG");
+ }
+
+ checkService("SecureRandom.SHA1PRNG");
+
+ /*
+ * Signature engines
+ */
+ checkService("Signature.SHA1withDSA");
+ checkService("Signature.NONEwithDSA");
+ checkAlias("Alg.Alias.Signature.RawDSA", "NONEwithDSA");
+ checkService("Signature.SHA224withDSA");
+ checkService("Signature.SHA256withDSA");
+
+ String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" + "|java.security.interfaces.DSAPrivateKey";
+ checkAttribute("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses);
+ checkAttribute("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses);
+ checkAttribute("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses);
+ checkAttribute("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses);
+
+ checkAlias("Alg.Alias.Signature.DSA", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.DSS", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.OID.1.2.840.10040.4.3", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA");
+ checkAlias("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1", "SHA224withDSA");
+ checkAlias("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA");
+ checkAlias("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2", "SHA256withDSA");
+ checkAlias("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA");
+ System.out.println("Signature engines check passed");
+
+ /*
+ * Key Pair Generator engines
+ */
+ checkService("KeyPairGenerator.DSA");
+ checkAlias("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA");
+ checkAlias("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA");
+ checkAlias("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA");
+ System.out.println("Key Pair Generator engines check passed");
+
+ /*
+ * Digest engines
+ */
+ checkService("MessageDigest.MD2");
+ checkService("MessageDigest.MD5");
+ checkService("MessageDigest.SHA");
+
+ checkAlias("Alg.Alias.MessageDigest.SHA-1", "SHA");
+ checkAlias("Alg.Alias.MessageDigest.SHA1", "SHA");
+ checkAlias("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA");
+ checkAlias("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA");
+
+ checkService("MessageDigest.SHA-224");
+ checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224");
+ checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4", "SHA-224");
+
+ checkService("MessageDigest.SHA-256");
+ checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256");
+ checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1", "SHA-256");
+ checkService("MessageDigest.SHA-384");
+ checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384");
+ checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2", "SHA-384");
+ checkService("MessageDigest.SHA-512");
+ checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512");
+ checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3", "SHA-512");
+ checkService("MessageDigest.SHA-512/224");
+ checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.5", "SHA-512/224");
+ checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.5", "SHA-512/224");
+ checkService("MessageDigest.SHA-512/256");
+ checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.6", "SHA-512/256");
+ checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.6", "SHA-512/256");
+ System.out.println("Digest engines check passed");
+
+ /*
+ * Algorithm Parameter Generator engines
+ */
+ checkService("AlgorithmParameterGenerator.DSA");
+ System.out.println("Algorithm Parameter Generator engines check passed");
+
+ /*
+ * Algorithm Parameter engines
+ */
+ checkService("AlgorithmParameters.DSA");
+ checkAlias("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA");
+ checkAlias("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA");
+ checkAlias("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA");
+ System.out.println("Algorithm Parameter engines check passed");
+
+ /*
+ * Key factories
+ */
+ checkService("KeyFactory.DSA");
+ checkAlias("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA");
+ checkAlias("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA");
+ checkAlias("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA");
+ System.out.println("Key factories check passed");
+
+ /*
+ * Certificates
+ */
+ checkService("CertificateFactory.X.509");
+ checkAlias("Alg.Alias.CertificateFactory.X509", "X.509");
+ System.out.println("Certificates check passed");
+
+ /*
+ * KeyStore
+ */
+ checkService("KeyStore.JKS");
+ checkService("KeyStore.CaseExactJKS");
+ checkService("KeyStore.DKS");
+ System.out.println("KeyStore check passed");
+
+ /*
+ * Policy
+ */
+ checkService("Policy.JavaPolicy");
+ System.out.println("Policy check passed");
+
+ /*
+ * Configuration
+ */
+ checkService("Configuration.JavaLoginConfig");
+ System.out.println("Configuration check passed");
+
+ /*
+ * CertPathBuilder
+ */
+ checkService("CertPathBuilder.PKIX");
+ checkAttribute("CertPathBuilder.PKIX ValidationAlgorithm", "RFC5280");
+ System.out.println("CertPathBuilder check passed");
+
+ /*
+ * CertPathValidator
+ */
+ checkService("CertPathValidator.PKIX");
+ checkAttribute("CertPathValidator.PKIX ValidationAlgorithm", "RFC5280");
+ System.out.println("CertPathValidator check passed");
+
+ /*
+ * CertStores
+ */
+ checkService("CertStore.LDAP");
+ checkAttribute("CertStore.LDAP LDAPSchema", "RFC2587");
+ checkService("CertStore.Collection");
+ checkService("CertStore.com.sun.security.IndexedCollection");
+ System.out.println("CertStores check passed");
+
+ /*
+ * KeySize
+ */
+ checkAttribute("Signature.NONEwithDSA KeySize", "1024");
+ checkAttribute("Signature.SHA1withDSA KeySize", "1024");
+ checkAttribute("Signature.SHA224withDSA KeySize", "2048");
+ checkAttribute("Signature.SHA256withDSA KeySize", "2048");
+
+ checkAttribute("KeyPairGenerator.DSA KeySize", "2048");
+ checkAttribute("AlgorithmParameterGenerator.DSA KeySize", "2048");
+ System.out.println("KeySize attribute check passed");
+
+ /*
+ * Implementation type: software or hardware
+ */
+ checkAttribute("Signature.SHA1withDSA ImplementedIn", "Software");
+ checkAttribute("KeyPairGenerator.DSA ImplementedIn", "Software");
+ checkAttribute("MessageDigest.MD5 ImplementedIn", "Software");
+ checkAttribute("MessageDigest.SHA ImplementedIn", "Software");
+ checkAttribute("AlgorithmParameterGenerator.DSA ImplementedIn", "Software");
+ checkAttribute("AlgorithmParameters.DSA ImplementedIn", "Software");
+ checkAttribute("KeyFactory.DSA ImplementedIn", "Software");
+ checkAttribute("SecureRandom.SHA1PRNG ImplementedIn", "Software");
+ checkAttribute("CertificateFactory.X.509 ImplementedIn", "Software");
+ checkAttribute("KeyStore.JKS ImplementedIn", "Software");
+ checkAttribute("CertPathValidator.PKIX ImplementedIn", "Software");
+ checkAttribute("CertPathBuilder.PKIX ImplementedIn", "Software");
+ checkAttribute("CertStore.LDAP ImplementedIn", "Software");
+ checkAttribute("CertStore.Collection ImplementedIn", "Software");
+ checkAttribute("CertStore.com.sun.security.IndexedCollection ImplementedIn", "Software");
+ System.out.println("Implementation type attribute check passed");
+ return true;
+ }
+}
diff --git a/jdk/test/java/security/SecureRandom/DefaultAlgo.java b/jdk/test/java/security/SecureRandom/DefaultAlgo.java
new file mode 100644
index 000000000..ce786f7a2
--- /dev/null
+++ b/jdk/test/java/security/SecureRandom/DefaultAlgo.java
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import static java.lang.System.out;
+import java.security.Provider;
+import java.security.Security;
+import java.security.SecureRandom;
+import java.security.Provider.Service;
+import java.util.Objects;
+import java.util.Arrays;
+import sun.security.provider.SunEntries;
+
+/**
+ * @test
+ * @bug 8228613
+ * @summary Ensure that the default SecureRandom algo used is based
+ * on the registration ordering, and falls to next provider
+ * if none are found
+ * @modules java.base/sun.security.provider
+ */
+public class DefaultAlgo {
+
+ public static void main(String[] args) throws Exception {
+ String[] algos = { "A", "B", "C" };
+ test3rdParty(algos);
+ // reverse the order and re-check
+ String[] algosReversed = { "C", "B", "A" };
+ test3rdParty(algosReversed);
+ }
+
+ private static void test3rdParty(String[] algos) {
+ Provider[] provs = {
+ new SampleLegacyProvider(algos),
+ new SampleServiceProvider(algos)
+ };
+ for (Provider p : provs) {
+ checkDefault(p, algos);
+ }
+ }
+
+ // validate the specified SecureRandom obj to be from the specified
+ // provider and matches the specified algorithm
+ private static void validate(SecureRandom sr, String pName, String algo) {
+ if (!sr.getProvider().getName().equals(pName)) {
+ throw new RuntimeException("Failed provider check, exp: " +
+ pName + ", got " + sr.getProvider().getName());
+ }
+ if (!sr.getAlgorithm().equals(algo)) {
+ throw new RuntimeException("Failed algo check, exp: " +
+ algo + ", got " + sr.getAlgorithm());
+ }
+ }
+
+ private static void checkDefault(Provider p, String ... algos) {
+ out.println(p.getName() + " with " + Arrays.toString(algos));
+ int pos = Security.insertProviderAt(p, 1);
+ String pName = p.getName();
+ boolean isLegacy = pName.equals("SampleLegacy");
+ try {
+ if (isLegacy) {
+ for (String s : algos) {
+ validate(new SecureRandom(), pName, s);
+ p.remove("SecureRandom." + s);
+ out.println("removed " + s);
+ }
+ validate(new SecureRandom(), "SUN",
+ SunEntries.DEF_SECURE_RANDOM_ALGO);
+ } else {
+ validate(new SecureRandom(), pName, algos[0]);
+ }
+ out.println("=> Test Passed");
+ } finally {
+ if (pos != -1) {
+ Security.removeProvider(p.getName());
+ }
+ }
+ }
+
+ private static class SampleLegacyProvider extends Provider {
+ SampleLegacyProvider(String[] listOfSupportedRNGs) {
+ super("SampleLegacy", 1.0, "test provider using legacy put");
+ for (String s : listOfSupportedRNGs) {
+ put("SecureRandom." + s, "sun.security.provider.SecureRandom");
+ }
+ }
+ }
+
+ private static class SampleServiceProvider extends Provider {
+ SampleServiceProvider(String[] listOfSupportedRNGs) {
+ super("SampleService", 1.0, "test provider using putService");
+ for (String s : listOfSupportedRNGs) {
+ putService(new Provider.Service(this, "SecureRandom", s,
+ "sun.security.provider.SecureRandom", null, null));
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/jdk/test/micro/org/openeuler/bench/security/provider/GetServiceBenchmark.java b/jdk/test/micro/org/openeuler/bench/security/provider/GetServiceBenchmark.java
new file mode 100644
index 000000000..93cd887d6
--- /dev/null
+++ b/jdk/test/micro/org/openeuler/bench/security/provider/GetServiceBenchmark.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Huawei designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Huawei in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional
+ * information or have any questions.
+ */
+
+/*
+ * - @TestCaseID:provider/GetServiceBenchmark.java
+ * - @TestCaseName:provider/GetServiceBenchmark.java
+ * - @TestCaseType:Performance test
+ * - @RequirementID:AR.SR.IREQ02758058.001.001
+ * - @RequirementName:java.security.Provider.getService() is synchronized and became scalability bottleneck
+ * - @Condition:JDK8u302及以后
+ * - @Brief:测试provider.getService的性能
+ * -#step:创建jmh的maven项目mvn archetype:generate -DinteractiveMode=false -DarchetypeGroupId=org.openjdk.jmh -DarchetypeArtifactId=jmh-java-benchmark-archetype -DgroupId=org.openeuler.bench.security.provider -DartifactId=provider-benchmark -Dversion=1.0
+ * -#step2:删除项目中的多余文件rm -rf provider-benchmark/src/main/java/org/openeuler/bench/security/provider/MyBenchmark.java
+ * -#step3:将本文件拷贝进项目目录cp GetServiceBenchmark.java provider-benchmark/src/main/java/org/openeuler/bench/security/provider/
+ * -#step4:构建项目mvn install
+ * -#step5:运行测试java -jar target/benchmarks.jar GetServiceBenchmark
+ * - @Expect:正常运行
+ * - @Priority:Level 1
+ */
+
+package org.openeuler.bench.security.provider;
+
+import com.sun.crypto.provider.SunJCE;
+
+import org.openjdk.jmh.annotations.Benchmark;
+import org.openjdk.jmh.annotations.BenchmarkMode;
+import org.openjdk.jmh.annotations.Fork;
+import org.openjdk.jmh.annotations.Measurement;
+import org.openjdk.jmh.annotations.Mode;
+import org.openjdk.jmh.annotations.Scope;
+import org.openjdk.jmh.annotations.State;
+import org.openjdk.jmh.annotations.Threads;
+import org.openjdk.jmh.annotations.Warmup;
+
+import java.security.Provider;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * Benchmark to test the performance of provider.getService in
+ * high concurrency scenarios.
+ *
+ * @author Henry Yang
+ * @since 2022-05-05
+ */
+@BenchmarkMode(Mode.Throughput)
+@Fork(1)
+@Threads(2000)
+@Warmup(iterations = 3, time = 3, timeUnit = TimeUnit.SECONDS)
+@Measurement(iterations = 5, time = 3, timeUnit = TimeUnit.SECONDS)
+@State(Scope.Benchmark)
+public class GetServiceBenchmark {
+ private Provider provider = new SunJCE();
+
+ @Benchmark
+ public void getService() {
+ try {
+ provider.getService("Cipher", "RSA");
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
--
2.22.0
Reference in New Issue View Git Blame Copy Permalink