|
1 /* |
|
2 * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. Oracle designates this |
|
8 * particular file as subject to the "Classpath" exception as provided |
|
9 * by Oracle in the LICENSE file that accompanied this code. |
|
10 * |
|
11 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 * version 2 for more details (a copy is included in the LICENSE file that |
|
15 * accompanied this code). |
|
16 * |
|
17 * You should have received a copy of the GNU General Public License version |
|
18 * 2 along with this work; if not, write to the Free Software Foundation, |
|
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 * |
|
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 * or visit www.oracle.com if you need additional information or have any |
|
23 * questions. |
|
24 */ |
|
25 |
|
26 package sun.security.provider; |
|
27 |
|
28 import java.io.*; |
|
29 import java.net.*; |
|
30 import java.util.Map; |
|
31 import java.security.*; |
|
32 |
|
33 /** |
|
34 * Defines the entries of the SUN provider. |
|
35 * |
|
36 * Algorithms supported, and their names: |
|
37 * |
|
38 * - SHA is the message digest scheme described in FIPS 180-1. |
|
39 * Aliases for SHA are SHA-1 and SHA1. |
|
40 * |
|
41 * - SHA1withDSA is the signature scheme described in FIPS 186. |
|
42 * (SHA used in DSA is SHA-1: FIPS 186 with Change No 1.) |
|
43 * Aliases for SHA1withDSA are DSA, DSS, SHA/DSA, SHA-1/DSA, SHA1/DSA, |
|
44 * SHAwithDSA, DSAWithSHA1, and the object |
|
45 * identifier strings "OID.1.3.14.3.2.13", "OID.1.3.14.3.2.27" and |
|
46 * "OID.1.2.840.10040.4.3". |
|
47 * |
|
48 * - SHA-2 is a set of message digest schemes described in FIPS 180-2. |
|
49 * SHA-2 family of hash functions includes SHA-224, SHA-256, SHA-384, |
|
50 * and SHA-512. |
|
51 * |
|
52 * - SHA-224withDSA/SHA-256withDSA are the signature schemes |
|
53 * described in FIPS 186-3. The associated object identifiers are |
|
54 * "OID.2.16.840.1.101.3.4.3.1", and "OID.2.16.840.1.101.3.4.3.2". |
|
55 |
|
56 * - DSA is the key generation scheme as described in FIPS 186. |
|
57 * Aliases for DSA include the OID strings "OID.1.3.14.3.2.12" |
|
58 * and "OID.1.2.840.10040.4.1". |
|
59 * |
|
60 * - MD5 is the message digest scheme described in RFC 1321. |
|
61 * There are no aliases for MD5. |
|
62 * |
|
63 * - X.509 is the certificate factory type for X.509 certificates |
|
64 * and CRLs. Aliases for X.509 are X509. |
|
65 * |
|
66 * - PKIX is the certification path validation algorithm described |
|
67 * in RFC 5280. The ValidationAlgorithm attribute notes the |
|
68 * specification that this provider implements. |
|
69 * |
|
70 * - JavaPolicy is the default file-based Policy type. |
|
71 * |
|
72 * - JavaLoginConfig is the default file-based LoginModule Configuration type. |
|
73 */ |
|
74 |
|
75 final class SunEntries { |
|
76 |
|
77 private SunEntries() { |
|
78 // empty |
|
79 } |
|
80 |
|
81 static void putEntries(Map<Object, Object> map) { |
|
82 |
|
83 /* |
|
84 * SecureRandom |
|
85 * |
|
86 * Register these first to speed up "new SecureRandom()", |
|
87 * which iterates through the list of algorithms |
|
88 */ |
|
89 // register the native PRNG, if available |
|
90 // if user selected /dev/urandom, we put it before SHA1PRNG, |
|
91 // otherwise after it |
|
92 boolean nativeAvailable = NativePRNG.isAvailable(); |
|
93 boolean useNativePRNG = seedSource.equals(URL_DEV_URANDOM) || |
|
94 seedSource.equals(URL_DEV_RANDOM); |
|
95 |
|
96 if (nativeAvailable && useNativePRNG) { |
|
97 map.put("SecureRandom.NativePRNG", |
|
98 "sun.security.provider.NativePRNG"); |
|
99 map.put("SecureRandom.NativePRNG ThreadSafe", "true"); |
|
100 } |
|
101 |
|
102 map.put("SecureRandom.DRBG", "sun.security.provider.DRBG"); |
|
103 map.put("SecureRandom.DRBG ThreadSafe", "true"); |
|
104 |
|
105 map.put("SecureRandom.SHA1PRNG", |
|
106 "sun.security.provider.SecureRandom"); |
|
107 |
|
108 map.put("SecureRandom.SHA1PRNG ThreadSafe", "true"); |
|
109 if (nativeAvailable && !useNativePRNG) { |
|
110 map.put("SecureRandom.NativePRNG", |
|
111 "sun.security.provider.NativePRNG"); |
|
112 map.put("SecureRandom.NativePRNG ThreadSafe", "true"); |
|
113 } |
|
114 |
|
115 if (NativePRNG.Blocking.isAvailable()) { |
|
116 map.put("SecureRandom.NativePRNGBlocking", |
|
117 "sun.security.provider.NativePRNG$Blocking"); |
|
118 map.put("SecureRandom.NativePRNGBlocking ThreadSafe", "true"); |
|
119 } |
|
120 |
|
121 if (NativePRNG.NonBlocking.isAvailable()) { |
|
122 map.put("SecureRandom.NativePRNGNonBlocking", |
|
123 "sun.security.provider.NativePRNG$NonBlocking"); |
|
124 map.put("SecureRandom.NativePRNGNonBlocking ThreadSafe", "true"); |
|
125 } |
|
126 |
|
127 /* |
|
128 * Signature engines |
|
129 */ |
|
130 map.put("Signature.SHA1withDSA", |
|
131 "sun.security.provider.DSA$SHA1withDSA"); |
|
132 map.put("Signature.NONEwithDSA", "sun.security.provider.DSA$RawDSA"); |
|
133 map.put("Alg.Alias.Signature.RawDSA", "NONEwithDSA"); |
|
134 map.put("Signature.SHA224withDSA", |
|
135 "sun.security.provider.DSA$SHA224withDSA"); |
|
136 map.put("Signature.SHA256withDSA", |
|
137 "sun.security.provider.DSA$SHA256withDSA"); |
|
138 |
|
139 map.put("Signature.SHA1withDSAinP1363Format", |
|
140 "sun.security.provider.DSA$SHA1withDSAinP1363Format"); |
|
141 map.put("Signature.NONEwithDSAinP1363Format", |
|
142 "sun.security.provider.DSA$RawDSAinP1363Format"); |
|
143 map.put("Signature.SHA224withDSAinP1363Format", |
|
144 "sun.security.provider.DSA$SHA224withDSAinP1363Format"); |
|
145 map.put("Signature.SHA256withDSAinP1363Format", |
|
146 "sun.security.provider.DSA$SHA256withDSAinP1363Format"); |
|
147 |
|
148 String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" + |
|
149 "|java.security.interfaces.DSAPrivateKey"; |
|
150 map.put("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses); |
|
151 map.put("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses); |
|
152 map.put("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses); |
|
153 map.put("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses); |
|
154 |
|
155 map.put("Alg.Alias.Signature.DSA", "SHA1withDSA"); |
|
156 map.put("Alg.Alias.Signature.DSS", "SHA1withDSA"); |
|
157 map.put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); |
|
158 map.put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA"); |
|
159 map.put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA"); |
|
160 map.put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA"); |
|
161 map.put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); |
|
162 map.put("Alg.Alias.Signature.OID.1.2.840.10040.4.3", |
|
163 "SHA1withDSA"); |
|
164 map.put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); |
|
165 map.put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA"); |
|
166 map.put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA"); |
|
167 map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1", |
|
168 "SHA224withDSA"); |
|
169 map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA"); |
|
170 map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2", |
|
171 "SHA256withDSA"); |
|
172 map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA"); |
|
173 |
|
174 /* |
|
175 * Key Pair Generator engines |
|
176 */ |
|
177 map.put("KeyPairGenerator.DSA", |
|
178 "sun.security.provider.DSAKeyPairGenerator"); |
|
179 map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA"); |
|
180 map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA"); |
|
181 map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA"); |
|
182 |
|
183 /* |
|
184 * Digest engines |
|
185 */ |
|
186 map.put("MessageDigest.MD2", "sun.security.provider.MD2"); |
|
187 map.put("MessageDigest.MD5", "sun.security.provider.MD5"); |
|
188 map.put("MessageDigest.SHA", "sun.security.provider.SHA"); |
|
189 |
|
190 map.put("Alg.Alias.MessageDigest.SHA-1", "SHA"); |
|
191 map.put("Alg.Alias.MessageDigest.SHA1", "SHA"); |
|
192 map.put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA"); |
|
193 map.put("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA"); |
|
194 |
|
195 map.put("MessageDigest.SHA-224", "sun.security.provider.SHA2$SHA224"); |
|
196 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224"); |
|
197 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4", |
|
198 "SHA-224"); |
|
199 |
|
200 map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2$SHA256"); |
|
201 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256"); |
|
202 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1", |
|
203 "SHA-256"); |
|
204 map.put("MessageDigest.SHA-384", "sun.security.provider.SHA5$SHA384"); |
|
205 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384"); |
|
206 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2", |
|
207 "SHA-384"); |
|
208 map.put("MessageDigest.SHA-512", "sun.security.provider.SHA5$SHA512"); |
|
209 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512"); |
|
210 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3", |
|
211 "SHA-512"); |
|
212 map.put("MessageDigest.SHA-512/224", "sun.security.provider.SHA5$SHA512_224"); |
|
213 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.5", "SHA-512/224"); |
|
214 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.5", |
|
215 "SHA-512/224"); |
|
216 map.put("MessageDigest.SHA-512/256", "sun.security.provider.SHA5$SHA512_256"); |
|
217 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.6", "SHA-512/256"); |
|
218 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.6", |
|
219 "SHA-512/256"); |
|
220 |
|
221 map.put("MessageDigest.SHA3-224", "sun.security.provider.SHA3$SHA224"); |
|
222 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.7", "SHA3-224"); |
|
223 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.7", |
|
224 "SHA3-224"); |
|
225 |
|
226 map.put("MessageDigest.SHA3-256", "sun.security.provider.SHA3$SHA256"); |
|
227 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.8", "SHA3-256"); |
|
228 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.8", |
|
229 "SHA3-256"); |
|
230 map.put("MessageDigest.SHA3-384", "sun.security.provider.SHA3$SHA384"); |
|
231 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.9", "SHA3-384"); |
|
232 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.9", |
|
233 "SHA3-384"); |
|
234 map.put("MessageDigest.SHA3-512", "sun.security.provider.SHA3$SHA512"); |
|
235 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.10", "SHA3-512"); |
|
236 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.10", |
|
237 "SHA3-512"); |
|
238 |
|
239 |
|
240 /* |
|
241 * Algorithm Parameter Generator engines |
|
242 */ |
|
243 map.put("AlgorithmParameterGenerator.DSA", |
|
244 "sun.security.provider.DSAParameterGenerator"); |
|
245 |
|
246 /* |
|
247 * Algorithm Parameter engines |
|
248 */ |
|
249 map.put("AlgorithmParameters.DSA", |
|
250 "sun.security.provider.DSAParameters"); |
|
251 map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA"); |
|
252 map.put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA"); |
|
253 map.put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA"); |
|
254 |
|
255 /* |
|
256 * Key factories |
|
257 */ |
|
258 map.put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory"); |
|
259 map.put("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA"); |
|
260 map.put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA"); |
|
261 map.put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA"); |
|
262 |
|
263 /* |
|
264 * Certificates |
|
265 */ |
|
266 map.put("CertificateFactory.X.509", |
|
267 "sun.security.provider.X509Factory"); |
|
268 map.put("Alg.Alias.CertificateFactory.X509", "X.509"); |
|
269 |
|
270 /* |
|
271 * KeyStore |
|
272 */ |
|
273 map.put("KeyStore.PKCS12", |
|
274 "sun.security.pkcs12.PKCS12KeyStore$DualFormatPKCS12"); |
|
275 map.put("KeyStore.JKS", |
|
276 "sun.security.provider.JavaKeyStore$DualFormatJKS"); |
|
277 map.put("KeyStore.CaseExactJKS", |
|
278 "sun.security.provider.JavaKeyStore$CaseExactJKS"); |
|
279 map.put("KeyStore.DKS", "sun.security.provider.DomainKeyStore$DKS"); |
|
280 |
|
281 /* |
|
282 * Policy |
|
283 */ |
|
284 map.put("Policy.JavaPolicy", "sun.security.provider.PolicySpiFile"); |
|
285 |
|
286 /* |
|
287 * Configuration |
|
288 */ |
|
289 map.put("Configuration.JavaLoginConfig", |
|
290 "sun.security.provider.ConfigFile$Spi"); |
|
291 |
|
292 /* |
|
293 * CertPathBuilder |
|
294 */ |
|
295 map.put("CertPathBuilder.PKIX", |
|
296 "sun.security.provider.certpath.SunCertPathBuilder"); |
|
297 map.put("CertPathBuilder.PKIX ValidationAlgorithm", |
|
298 "RFC5280"); |
|
299 |
|
300 /* |
|
301 * CertPathValidator |
|
302 */ |
|
303 map.put("CertPathValidator.PKIX", |
|
304 "sun.security.provider.certpath.PKIXCertPathValidator"); |
|
305 map.put("CertPathValidator.PKIX ValidationAlgorithm", |
|
306 "RFC5280"); |
|
307 |
|
308 /* |
|
309 * CertStores |
|
310 */ |
|
311 map.put("CertStore.Collection", |
|
312 "sun.security.provider.certpath.CollectionCertStore"); |
|
313 map.put("CertStore.com.sun.security.IndexedCollection", |
|
314 "sun.security.provider.certpath.IndexedCollectionCertStore"); |
|
315 |
|
316 /* |
|
317 * KeySize |
|
318 */ |
|
319 map.put("Signature.NONEwithDSA KeySize", "1024"); |
|
320 map.put("Signature.SHA1withDSA KeySize", "1024"); |
|
321 map.put("Signature.SHA224withDSA KeySize", "2048"); |
|
322 map.put("Signature.SHA256withDSA KeySize", "2048"); |
|
323 |
|
324 map.put("KeyPairGenerator.DSA KeySize", "2048"); |
|
325 map.put("AlgorithmParameterGenerator.DSA KeySize", "2048"); |
|
326 |
|
327 /* |
|
328 * Implementation type: software or hardware |
|
329 */ |
|
330 map.put("Signature.SHA1withDSA ImplementedIn", "Software"); |
|
331 map.put("KeyPairGenerator.DSA ImplementedIn", "Software"); |
|
332 map.put("MessageDigest.MD5 ImplementedIn", "Software"); |
|
333 map.put("MessageDigest.SHA ImplementedIn", "Software"); |
|
334 map.put("AlgorithmParameterGenerator.DSA ImplementedIn", |
|
335 "Software"); |
|
336 map.put("AlgorithmParameters.DSA ImplementedIn", "Software"); |
|
337 map.put("KeyFactory.DSA ImplementedIn", "Software"); |
|
338 map.put("SecureRandom.SHA1PRNG ImplementedIn", "Software"); |
|
339 map.put("SecureRandom.DRBG ImplementedIn", "Software"); |
|
340 map.put("CertificateFactory.X.509 ImplementedIn", "Software"); |
|
341 map.put("KeyStore.JKS ImplementedIn", "Software"); |
|
342 map.put("CertPathValidator.PKIX ImplementedIn", "Software"); |
|
343 map.put("CertPathBuilder.PKIX ImplementedIn", "Software"); |
|
344 map.put("CertStore.Collection ImplementedIn", "Software"); |
|
345 map.put("CertStore.com.sun.security.IndexedCollection ImplementedIn", |
|
346 "Software"); |
|
347 |
|
348 } |
|
349 |
|
350 // name of the *System* property, takes precedence over PROP_RNDSOURCE |
|
351 private static final String PROP_EGD = "java.security.egd"; |
|
352 // name of the *Security* property |
|
353 private static final String PROP_RNDSOURCE = "securerandom.source"; |
|
354 |
|
355 static final String URL_DEV_RANDOM = "file:/dev/random"; |
|
356 static final String URL_DEV_URANDOM = "file:/dev/urandom"; |
|
357 |
|
358 private static final String seedSource; |
|
359 |
|
360 static { |
|
361 seedSource = AccessController.doPrivileged( |
|
362 new PrivilegedAction<String>() { |
|
363 |
|
364 @Override |
|
365 public String run() { |
|
366 String egdSource = System.getProperty(PROP_EGD, ""); |
|
367 if (egdSource.length() != 0) { |
|
368 return egdSource; |
|
369 } |
|
370 egdSource = Security.getProperty(PROP_RNDSOURCE); |
|
371 if (egdSource == null) { |
|
372 return ""; |
|
373 } |
|
374 return egdSource; |
|
375 } |
|
376 }); |
|
377 } |
|
378 |
|
379 static String getSeedSource() { |
|
380 return seedSource; |
|
381 } |
|
382 |
|
383 /* |
|
384 * Use a URI to access this File. Previous code used a URL |
|
385 * which is less strict on syntax. If we encounter a |
|
386 * URISyntaxException we make best efforts for backwards |
|
387 * compatibility. e.g. space character in deviceName string. |
|
388 * |
|
389 * Method called within PrivilegedExceptionAction block. |
|
390 * |
|
391 * Moved from SeedGenerator to avoid initialization problems with |
|
392 * signed providers. |
|
393 */ |
|
394 static File getDeviceFile(URL device) throws IOException { |
|
395 try { |
|
396 URI deviceURI = device.toURI(); |
|
397 if(deviceURI.isOpaque()) { |
|
398 // File constructor does not accept opaque URI |
|
399 URI localDir = new File( |
|
400 System.getProperty("user.dir")).toURI(); |
|
401 String uriPath = localDir.toString() + |
|
402 deviceURI.toString().substring(5); |
|
403 return new File(URI.create(uriPath)); |
|
404 } else { |
|
405 return new File(deviceURI); |
|
406 } |
|
407 } catch (URISyntaxException use) { |
|
408 /* |
|
409 * Make best effort to access this File. |
|
410 * We can try using the URL path. |
|
411 */ |
|
412 return new File(device.getPath()); |
|
413 } |
|
414 } |
|
415 } |