jdk-sandbox: comparison jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoProvider.java

equal deleted inserted replaced

-:14968253ce7e
+:e6470b24700d
 /*
-* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 */
 package com.oracle.security.ucrypto;
 import java.io.IOException;
-import java.util.HashMap;
+import java.io.File;
-import java.util.StringTokenizer;
+import java.util.*;
 import java.security.*;
-import sun.security.action.PutAllAction;
-import sun.security.action.GetPropertyAction;
 /**
 * OracleUcrypto provider main class.
 *
 * @since 1.9
 */
 public final class UcryptoProvider extends Provider {
 private static final long serialVersionUID = 351251234302833L;
-private static boolean DEBUG;
+private static boolean DEBUG = false;
-private static HashMap<String, String> provProp;
+private static HashMap<String, ServiceDesc> provProp = null;
+private static String defConfigName = "";
 static {
 try {
-DEBUG = Boolean.parseBoolean(AccessController.doPrivileged
-(new GetPropertyAction("com.oracle.security.ucrypto.debug")));
 // cannot use LoadLibraryAction because that would make the native
 // library available to the bootclassloader, but we run in the
 // extension classloader.
-provProp = AccessController.doPrivileged
+String osname = System.getProperty("os.name");
-(new PrivilegedAction<HashMap<String, String>>() {
+if (osname.startsWith("SunOS")) {
-public HashMap<String, String> run() {
+provProp = AccessController.doPrivileged
-try {
+(new PrivilegedAction<HashMap<String, ServiceDesc>>() {
-System.loadLibrary("j2ucrypto");
+public HashMap<String, ServiceDesc> run() {
-String osname = System.getProperty("os.name");
+try {
-if (osname.startsWith("SunOS")) {
+DEBUG = Boolean.parseBoolean(System.getProperty("com.oracle.security.ucrypto.debug"));
-return new HashMap<String, String>();
+String javaHome = System.getProperty("java.home");
-} else return null;
+String sep = System.getProperty("file.separator");
-} catch (Error err) {
+defConfigName = javaHome + sep + "conf" + sep + "security" + sep +
-return null;
+"ucrypto-solaris.cfg";
-} catch (SecurityException se) {
+System.loadLibrary("j2ucrypto");
-return null;
+return new HashMap<>();
+} catch (Error err) {
+if (DEBUG) err.printStackTrace();
+return null;
+} catch (SecurityException se) {
+if (DEBUG) se.printStackTrace();
+return null;
+}
 }
-}
+});
-});
+}
 if (provProp != null) {
 boolean[] result = loadLibraries();
 if (result.length == 2) {
 if (result[0]) { // successfully loaded libmd
 provProp.put("MessageDigest.MD5",
-"com.oracle.security.ucrypto.NativeDigest$MD5");
+sd("MessageDigest", "MD5",
+"com.oracle.security.ucrypto.NativeDigest$MD5"));
 provProp.put("MessageDigest.SHA",
-"com.oracle.security.ucrypto.NativeDigest$SHA1");
+sd("MessageDigest", "SHA",
-provProp.put("Alg.Alias.MessageDigest.SHA-1", "SHA");
+"com.oracle.security.ucrypto.NativeDigest$SHA1",
-provProp.put("Alg.Alias.MessageDigest.SHA1", "SHA");
+"SHA-1", "SHA1"));
 provProp.put("MessageDigest.SHA-256",
-"com.oracle.security.ucrypto.NativeDigest$SHA256");
+sd("MessageDigest", "SHA-256",
-provProp.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256");
+"com.oracle.security.ucrypto.NativeDigest$SHA256",
-provProp.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1", "SHA-256");
+"2.16.840.1.101.3.4.2.1", "OID.2.16.840.1.101.3.4.2.1"));
 provProp.put("MessageDigest.SHA-384",
-"com.oracle.security.ucrypto.NativeDigest$SHA384");
+sd("MessageDigest", "SHA-384",
-provProp.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384");
+"com.oracle.security.ucrypto.NativeDigest$SHA384",
-provProp.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2", "SHA-384");
+"2.16.840.1.101.3.4.2.2", "OID.2.16.840.1.101.3.4.2.2"));
 provProp.put("MessageDigest.SHA-512",
-"com.oracle.security.ucrypto.NativeDigest$SHA512");
+sd("MessageDigest", "SHA-512",
-provProp.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512");
+"com.oracle.security.ucrypto.NativeDigest$SHA512",
-provProp.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3", "SHA-512");
+"2.16.840.1.101.3.4.2.3", "OID.2.16.840.1.101.3.4.2.3"));
+};
-}
 if (result[1]) { // successfully loaded libsoftcrypto
 String supportedMechs = getMechList();
 debug("Prov: supported mechs = " + supportedMechs);
 for (UcryptoMech m : UcryptoMech.values()) {
 if (supportedMechs.indexOf(m.name() + ",") != -1) {
-String[] jceProps = m.jceProperties();
+ServiceDesc[] services = m.getServiceDescriptions();
 // skip unsupported UcryptoMech
-if (jceProps == null) continue;
+if (services == null || services.length == 0) continue;
-for (int p = 0; p < jceProps.length; p++) {
+for (int p = 0; p < services.length; p++) {
-StringTokenizer st =
+ServiceDesc entry = services[p];
-new StringTokenizer(jceProps[p], ";");
+provProp.put(entry.getType() + "." + entry.getAlgorithm(),
-if (st.countTokens() != 2) {
+entry);
-throw new RuntimeException("Wrong format: " + jceProps[p]);
-}
-provProp.put(st.nextToken(), st.nextToken());
 }
 }
 }
 // NOTE: GCM support is only available since jdk 7
 provProp.put("AlgorithmParameters.GCM",
-"com.oracle.security.ucrypto.GCMParameters");
+sd("AlgorithmParameters", "GCM", "com.oracle.security.ucrypto.GCMParameters"));
 }
 } else {
 debug("Prov: unexpected ucrypto library loading error, got " + result.length);
 }
 }
 } catch (AccessControlException ace) {
+if (DEBUG) ace.printStackTrace();
 // disable Ucrypto provider
-DEBUG = false;
 provProp = null;
+}
+}
+private static ServiceDesc sd(String type, String algo, String cn,
+String... aliases) {
+return new ServiceDesc(type, algo, cn, aliases);
+}
+private static final class ProviderService extends Provider.Service {
+ProviderService(Provider p, ServiceDesc sd) {
+super(p, sd.getType(), sd.getAlgorithm(), sd.getClassName(),
+sd.getAliases(), null);
+}
+@Override
+public Object newInstance(Object ctrParamObj)
+throws NoSuchAlgorithmException {
+String type = getType();
+if (ctrParamObj != null) {
+throw new InvalidParameterException
+("constructorParameter not used with " + type + " engines");
+}
+String algo = getAlgorithm();
+try {
+if (type.equals("Cipher")) {
+int keySize = -1;
+if (algo.charAt(3) == '_') {
+keySize = Integer.parseInt(algo.substring(4, 7))/8;
+algo = algo.substring(0, 3) + algo.substring(7);
+}
+if (algo.equals("AES/ECB/NoPadding")) {
+return new NativeCipher.AesEcbNoPadding(keySize);
+} else if (algo.equals("AES/ECB/PKCS5Padding")) {
+return new NativeCipherWithJavaPadding.AesEcbPKCS5();
+} else if (algo.equals("AES/CBC/NoPadding")) {
+return new NativeCipher.AesCbcNoPadding(keySize);
+} else if (algo.equals("AES/CBC/PKCS5Padding")) {
+return new NativeCipherWithJavaPadding.AesCbcPKCS5();
+} else if (algo.equals("AES/CTR/NoPadding")) {
+return new NativeCipher.AesCtrNoPadding();
+} else if (algo.equals("AES/GCM/NoPadding")) {
+return new NativeGCMCipher.AesGcmNoPadding(keySize);
+} else if (algo.equals("AES/CFB128/NoPadding")) {
+return new NativeCipher.AesCfb128NoPadding();
+} else if (algo.equals("AES/CFB128/PKCS5Padding")) {
+return new NativeCipherWithJavaPadding.AesCfb128PKCS5();
+} else if (algo.equals("RSA/ECB/NoPadding")) {
+return new NativeRSACipher.NoPadding();
+} else if (algo.equals("RSA/ECB/PKCS1Padding")) {
+return new NativeRSACipher.PKCS1Padding();
+}
+} else if (type.equals("Signature")) {
+if (algo.equals("SHA1withRSA")) {
+return new NativeRSASignature.SHA1();
+} else if (algo.equals("SHA256withRSA")) {
+return new NativeRSASignature.SHA256();
+} else if (algo.equals("SHA384withRSA")) {
+return new NativeRSASignature.SHA384();
+} else if (algo.equals("SHA512withRSA")) {
+return new NativeRSASignature.SHA512();
+} else if (algo.equals("MD5withRSA")) {
+return new NativeRSASignature.MD5();
+}
+} else if (type.equals("MessageDigest")) {
+if (algo.equals("SHA")) {
+return new NativeDigest.SHA1();
+} else if (algo.equals("SHA-256")) {
+return new NativeDigest.SHA256();
+} else if (algo.equals("SHA-384")) {
+return new NativeDigest.SHA384();
+} else if (algo.equals("SHA-512")) {
+return new NativeDigest.SHA512();
+} else if (algo.equals("MD5")) {
+return new NativeDigest.MD5();
+}
+} else if (type.equals("AlgorithmParameters")) {
+if (algo.equals("GCM")) {
+return new GCMParameters();
+}
+}
+} catch (Exception ex) {
+throw new NoSuchAlgorithmException("Error constructing " +
+type + " for " + algo + " using OracleUcrypto", ex);
+}
+throw new ProviderException("No impl for " + algo +
+" " + type);
 }
 }
 static Provider provider = null;
 private static native boolean[] loadLibraries();
 }
 }
 public UcryptoProvider() {
 super("OracleUcrypto", 1.9d, "Provider using Oracle Ucrypto API");
+AccessController.doPrivileged(new PrivilegedAction<>() {
+public Void run() {
+init(defConfigName);
+return null;
+}
+});
+if (provider == null) provider = this;
+}
+private void init(final String configName) {
 if (provProp != null) {
-AccessController.doPrivileged(new PutAllAction(this, provProp));
+debug("Prov: configuration file " + configName);
-}
+Config c;
-if (provider == null) provider = this;
+try {
-}
+c = new Config(configName);
+} catch (Exception ex) {
-public UcryptoProvider(String configName) {
+throw new UcryptoException("Error parsing Config", ex);
-super("OracleUcrypto", 1.9d, "Provider using Oracle Ucrypto API");
+}
-try {
-if (provProp != null) {
+String[] disabledServices = c.getDisabledServices();
-HashMap<String, String> customProvProp =
+for (String ds : disabledServices) {
-new HashMap<String, String>(provProp);
+if (provProp.remove(ds) != null) {
-Config c = new Config(configName);
+debug("Prov: remove config-disabled service " + ds);
-String[] disabledServices = c.getDisabledServices();
+} else {
-for (int i = 0; i < disabledServices.length; i++) {
+debug("Prov: ignore unsupported service " + ds);
-if (customProvProp.remove(disabledServices[i]) != null) {
-debug("Prov: remove config-disabled service " + disabledServices[i]);
-} else {
-debug("Prov: ignore unsupported config-disabled service " +
-disabledServices[i]);
-}
 }
-AccessController.doPrivileged(new PutAllAction(this, customProvProp));
+}
-}
-} catch (IOException ioe) { // thrown by Config
+for (ServiceDesc s: provProp.values()) {
-throw new UcryptoException("Error parsing Config", ioe);
+debug("Prov: add service for " + s);
-}
+putService(new ProviderService(this, s));
-if (provider == null) provider = this;
+}
+}
+}
+@Override
+public Provider configure(String configArg) throws InvalidParameterException {
+// default policy entry only grants read access to default config
+if (!defConfigName.equals(configArg)) {
+throw new InvalidParameterException("Ucrypto provider can only be " +
+"configured with default configuration file");
+}
+// re-read the config
+init(defConfigName);
+return this;
 }
 public boolean equals(Object obj) {
 return this == obj;
 }

changeset 31270	e6470b24700d
parent 27182	4525d13b8af1
child 33991	619bfc4d582d