# HG changeset patch # User ascarpino # Date 1467492680 25200 # Node ID 3a9850ed77e86b337c624be52c771348679f5648 # Parent 83b771c59414c29dfae7bdec56c7011cc23e9072 8159180: Remove default setting for jdk.security.provider.preferred Reviewed-by: xuelei diff -r 83b771c59414 -r 3a9850ed77e8 jdk/src/java.base/share/conf/security/java.security --- a/jdk/src/java.base/share/conf/security/java.security Fri Jul 01 15:13:00 2016 -0700 +++ b/jdk/src/java.base/share/conf/security/java.security Sat Jul 02 13:51:20 2016 -0700 @@ -116,15 +116,7 @@ # Example: # jdk.security.provider.preferred=AES/GCM/NoPadding:SunJCE, \ # MessageDigest.SHA-256:SUN, Group.HmacSHA2:SunJCE -#ifdef solaris-sparc -jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, \ - HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE -#endif -#ifdef solaris-x86 -jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, \ - HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE, RSA:SunRsaSign, \ - SHA1withRSA:SunRsaSign, Group.SHA2RSA:SunRsaSign -#endif +#jdk.security.provider.preferred= # diff -r 83b771c59414 -r 3a9850ed77e8 jdk/test/sun/security/jca/PreferredProviderNegativeTest.java --- a/jdk/test/sun/security/jca/PreferredProviderNegativeTest.java Fri Jul 01 15:13:00 2016 -0700 +++ b/jdk/test/sun/security/jca/PreferredProviderNegativeTest.java Sat Jul 02 13:51:20 2016 -0700 @@ -62,7 +62,7 @@ } } else { if (!cipher.getProvider().getName().equals(arrays[1])) { - throw new RuntimeException("Test Faild:The provider could be " + throw new RuntimeException("Test Failed:The provider could be " + "set by valid provider."); } } @@ -73,13 +73,13 @@ * Test that the setting of the security property after Cipher.getInstance() * does not influence previously loaded instances */ - public static void afterJCESet(String value) + public static void afterJCESet(String value, String expected) throws NoSuchAlgorithmException, NoSuchPaddingException { String[] arrays = value.split(":"); Cipher cipher = Cipher.getInstance(arrays[0]); Security.setProperty(SEC_PREF_PROP, value); - if (!cipher.getProvider().getName().equals("SunJCE")) { + if (!cipher.getProvider().getName().equals(expected)) { throw new RuntimeException("Test Failed:The security property can't" + " be updated after JCE load."); } @@ -105,25 +105,28 @@ public static void main(String[] args) throws NoSuchAlgorithmException, NoSuchPaddingException { + String expected; + String value = args[1]; + // If OS is solaris, expect OracleUcrypto, otherwise SunJCE + if (System.getProperty("os.name").toLowerCase().contains("sun")) { + expected = "OracleUcrypto"; + } else { + expected = "SunJCE"; + } + if (args.length >= 2) { switch (args[0]) { case "preSet": boolean negativeProvider = Boolean.valueOf(args[2]); - boolean solaris = System.getProperty("os.name") - .toLowerCase().contains("sun"); - String value = args[1]; - if (args[1].split(":").length < 2) { - if (solaris) { - value += ":OracleUcrypto"; - } else { - value += ":SunJCE"; - } + if (!args[1].contains(":")) { + value += ":" + expected; } PreferredProviderNegativeTest.preJCESet( value, negativeProvider); break; case "afterSet": - PreferredProviderNegativeTest.afterJCESet(args[1]); + PreferredProviderNegativeTest.afterJCESet(args[1], + expected); break; case "invalidAlg": PreferredProviderNegativeTest.invalidAlg(args[1]); diff -r 83b771c59414 -r 3a9850ed77e8 jdk/test/sun/security/jca/PreferredProviderTest.java --- a/jdk/test/sun/security/jca/PreferredProviderTest.java Fri Jul 01 15:13:00 2016 -0700 +++ b/jdk/test/sun/security/jca/PreferredProviderTest.java Sat Jul 02 13:51:20 2016 -0700 @@ -38,6 +38,7 @@ * @bug 8076359 8133151 8145344 8150512 8155847 * @summary Test the value for new jdk.security.provider.preferred * security property + * @run main/othervm PreferredProviderTest */ public class PreferredProviderTest { @@ -59,12 +60,14 @@ verifyDigestProvider(os, type, Arrays.asList( new DataTuple("SHA-256", "SUN"))); } else { - //For solaris the preferred algorithm/provider is already set in - //java.security file which will be verified. + //Solaris has different providers that support the same algorithm + //which makes for better testing. switch (type) { case "sparcv9": preferredProp = "AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, " + "HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE"; + Security.setProperty( + "jdk.security.provider.preferred", preferredProp); verifyPreferredProviderProperty(os, type, preferredProp); verifyDigestProvider(os, type, Arrays.asList( @@ -89,7 +92,8 @@ "HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE, " + "RSA:SunRsaSign, SHA1withRSA:SunRsaSign, " + "Group.SHA2RSA:SunRsaSign"; - + Security.setProperty( + "jdk.security.provider.preferred", preferredProp); verifyPreferredProviderProperty(os, type, preferredProp); verifyKeyFactoryProvider(os, type, Arrays.asList(