8220016: Clean up redundant RSA services in the SunJSSE provider
Summary: Removed duplicated RSA signature/KF/KPG support in SunJSSE
Reviewed-by: xuelei
--- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java Tue Mar 26 16:09:33 2019 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java Fri Mar 29 00:39:49 2019 +0000
@@ -27,18 +27,12 @@
import java.security.*;
import java.util.*;
-import sun.security.rsa.SunRsaSignEntries;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
import static sun.security.provider.SunEntries.createAliases;
/**
* The JSSE provider.
*
- * The RSA implementation has been removed from JSSE, but we still need to
- * register the same algorithms for compatibility. We just point to the RSA
- * implementation in the SunRsaSign provider. This works because all classes
- * are in the bootclasspath and therefore loaded by the same classloader.
- *
* SunJSSE now supports an experimental FIPS compliant mode when used with an
* appropriate FIPS certified crypto provider. In FIPS mode, we:
* . allow only TLS 1.0 or later
@@ -84,12 +78,6 @@
}
private void doRegister() {
- Iterator<Provider.Service> rsaIter =
- new SunRsaSignEntries(this).iterator();
- while (rsaIter.hasNext()) {
- putService(rsaIter.next());
- }
-
ps("Signature", "MD5andSHA1withRSA",
"sun.security.ssl.RSASignature", null, null);
--- a/test/jdk/java/security/Signature/Offsets.java Tue Mar 26 16:09:33 2019 -0700
+++ b/test/jdk/java/security/Signature/Offsets.java Fri Mar 29 00:39:49 2019 +0000
@@ -123,8 +123,13 @@
throw new RuntimeException("Test doesn't support this signature "
+ "algorithm: " + algorithm);
}
-
- KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo, provider);
+ KeyPairGenerator kpg = null;
+ // first try matching provider, fallback to most preferred if none available
+ try {
+ kpg = KeyPairGenerator.getInstance(keyAlgo, provider);
+ } catch (NoSuchAlgorithmException nsae) {
+ kpg = KeyPairGenerator.getInstance(keyAlgo);
+ }
kpg.initialize(keySize);
KeyPair kp = kpg.generateKeyPair();
PublicKey pubkey = kp.getPublic();--- a/test/jdk/java/security/SignedObject/Chain.java Tue Mar 26 16:09:33 2019 -0700
+++ b/test/jdk/java/security/SignedObject/Chain.java Fri Mar 29 00:39:49 2019 +0000
@@ -1,5 +1,5 @@
/**
- * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -21,13 +21,7 @@
* questions.
*/
-import java.security.Signature;
-import java.security.SignedObject;
-import java.security.KeyPairGenerator;
-import java.security.KeyPair;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
+import java.security.*;
import java.security.spec.*;
import java.util.*;
import jdk.test.lib.SigTestUtil;
@@ -197,8 +191,15 @@
if (test.provider != Provider.Default) {
signature = Signature.getInstance(test.sigAlg.name,
test.provider.name);
- kpg = KeyPairGenerator.getInstance(
- test.keyAlg.name, test.provider.name);
+ // try using the same provider first, if not, fallback
+ // to the first available impl
+ try {
+ kpg = KeyPairGenerator.getInstance(
+ test.keyAlg.name, test.provider.name);
+ } catch (NoSuchAlgorithmException nsae) {
+ kpg = KeyPairGenerator.getInstance(
+ test.keyAlg.name);
+ }
} else {
signature = Signature.getInstance(test.sigAlg.name);
kpg = KeyPairGenerator.getInstance(test.keyAlg.name);--- a/test/jdk/sun/security/pkcs11/KeyStore/Basic.java Tue Mar 26 16:09:33 2019 -0700
+++ b/test/jdk/sun/security/pkcs11/KeyStore/Basic.java Fri Mar 29 00:39:49 2019 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -111,7 +111,7 @@
this.provider = p;
// get private keys
- KeyFactory kf = KeyFactory.getInstance("RSA", "SunJSSE");
+ KeyFactory kf = KeyFactory.getInstance("RSA");
KeyFactory dsaKf = KeyFactory.getInstance("DSA", "SUN");
ObjectInputStream ois1 = new ObjectInputStream--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/rsa/BrokenRSAPrivateCrtKey.java Fri Mar 29 00:39:49 2019 +0000
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 4503229 8220016
+ * @summary default RSA KeyFactory can return broken RSAPrivateCrtKey objects
+ * This test was taken directly from the bug report, which
+ * was fixed in the crippled JSAFE provider, and needed
+ * to be brought forward into SunRsaSign (was JSSE).
+ * @author Brad Wetmore
+ */
+
+import java.security.*;
+import java.security.interfaces.*;
+import java.security.spec.*;
+import java.math.BigInteger;
+
+public class BrokenRSAPrivateCrtKey {
+ public static void main(String[] args) throws Exception {
+ KeyPairGenerator generator =
+ KeyPairGenerator.getInstance("RSA", "SunRsaSign");
+ generator.initialize(512);
+
+ KeyPair pair = generator.generateKeyPair();
+
+ RSAPrivateCrtKey privatekey = (RSAPrivateCrtKey) pair.getPrivate();
+
+ RSAPrivateCrtKeySpec spec =
+ new RSAPrivateCrtKeySpec(privatekey.getModulus(),
+ privatekey.getPublicExponent(),
+ privatekey.getPrivateExponent(),
+ privatekey.getPrimeP(), privatekey.getPrimeQ(),
+ privatekey.getPrimeExponentP(),
+ privatekey.getPrimeExponentQ(),
+ privatekey.getCrtCoefficient());
+
+ KeyFactory factory = KeyFactory.getInstance("RSA", "SunRsaSign");
+
+ PrivateKey privatekey2 = factory.generatePrivate(spec);
+
+ BigInteger pe =
+ ((RSAPrivateCrtKey) privatekey2).getPublicExponent();
+
+ System.out.println("public exponent: " + pe);
+ }
+}--- a/test/jdk/sun/security/ssl/rsa/BrokenRSAPrivateCrtKey.java Tue Mar 26 16:09:33 2019 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,67 +0,0 @@
-/*
- * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 4503229
- * @summary default RSA KeyFactory can return broken RSAPrivateCrtKey objects
- * This test was taken directly from the bug report, which
- * was fixed in the crippled JSAFE provider, and needed
- * to be brought forward into JSSE.
- * @author Brad Wetmore
- */
-
-import java.security.*;
-import java.security.interfaces.*;
-import java.security.spec.*;
-import java.math.BigInteger;
-
-public class BrokenRSAPrivateCrtKey {
- public static void main(String[] args) throws Exception {
- KeyPairGenerator generator =
- KeyPairGenerator.getInstance("RSA", "SunJSSE");
- generator.initialize(512);
-
- KeyPair pair = generator.generateKeyPair();
-
- RSAPrivateCrtKey privatekey = (RSAPrivateCrtKey) pair.getPrivate();
-
- RSAPrivateCrtKeySpec spec =
- new RSAPrivateCrtKeySpec(privatekey.getModulus(),
- privatekey.getPublicExponent(),
- privatekey.getPrivateExponent(),
- privatekey.getPrimeP(), privatekey.getPrimeQ(),
- privatekey.getPrimeExponentP(),
- privatekey.getPrimeExponentQ(),
- privatekey.getCrtCoefficient());
-
- KeyFactory factory = KeyFactory.getInstance("RSA", "SunJSSE");
-
- PrivateKey privatekey2 = factory.generatePrivate(spec);
-
- BigInteger pe =
- ((RSAPrivateCrtKey) privatekey2).getPublicExponent();
-
- System.out.println("public exponent: " + pe);
- }
-}--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/ssl/rsa/CheckProviderEntries.java Fri Mar 29 00:39:49 2019 +0000
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.*;
+import java.util.Iterator;
+import java.security.Provider.Service;
+
+/*
+ * @test
+ * @bug 8220016
+ * @summary This test checks the RSA-related services in SunJSSE provider
+ */
+public class CheckProviderEntries {
+
+ private static boolean testResult = true;
+
+ private static void error(String msg) {
+ testResult = false;
+ System.out.println(msg);
+ }
+ public static void main(String[] args) throws NoSuchAlgorithmException,
+ InvalidKeyException, SignatureException {
+ Provider p = Security.getProvider("SunJSSE");
+ Iterator<Provider.Service> iter = p.getServices().iterator();
+ while (iter.hasNext()) {
+ Service s = iter.next();
+ String type = s.getType();
+ String algo = s.getAlgorithm();
+ System.out.println("Type: " + type + " " + algo);
+ try {
+ if (algo.indexOf("RSA") != -1) {
+ // only MD5andSHA1withRSA signature support
+ // error out on any other RSA support
+ if (type.equals("Signature") &&
+ algo.equals("MD5andSHA1withRSA")) {
+ s.newInstance(null);
+ continue;
+ }
+ error("Error: unexpected RSA services");
+ }
+ } catch (NoSuchAlgorithmException | InvalidParameterException e) {
+ error("Error: cannot create obj " + e);
+ }
+ }
+ if (testResult) {
+ System.out.println("Test Passed");
+ } else {
+ throw new RuntimeException("One or more tests failed");
+ }
+ }
+}--- a/test/jdk/sun/security/ssl/rsa/SignatureOffsets.java Tue Mar 26 16:09:33 2019 -0700
+++ b/test/jdk/sun/security/ssl/rsa/SignatureOffsets.java Fri Mar 29 00:39:49 2019 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,7 +27,7 @@
/*
* @test
- * @bug 8050374
+ * @bug 8050374 8220016
* @key randomness
* @summary This test validates signature verification
* Signature.verify(byte[], int, int). The test uses RandomFactory to
@@ -37,10 +37,7 @@
* @library /test/lib
* @build jdk.test.lib.RandomFactory
* @compile ../../../../java/security/Signature/Offsets.java
- * @run main SignatureOffsets SunJSSE MD2withRSA
- * @run main SignatureOffsets SunJSSE MD5withRSA
- * @run main SignatureOffsets SunJSSE SHA1withRSA
- * @run main SignatureOffsets SunJSSE MD5andSHA1withRSA
+ * @run main SignatureOffsets SunJSSE MD5andSHA1withRSA
*/
public class SignatureOffsets {
--- a/test/jdk/sun/security/ssl/rsa/SignedObjectChain.java Tue Mar 26 16:09:33 2019 -0700
+++ b/test/jdk/sun/security/ssl/rsa/SignedObjectChain.java Fri Mar 29 00:39:49 2019 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,7 @@
* @compile ../../../../java/security/SignedObject/Chain.java
* @run main SignedObjectChain
*/
+
public class SignedObjectChain {
private static class Test extends Chain.Test {
@@ -40,9 +41,6 @@
}
private static final Test[] tests = {
- new Test(Chain.SigAlg.MD2withRSA),
- new Test(Chain.SigAlg.MD5withRSA),
- new Test(Chain.SigAlg.SHA1withRSA),
new Test(Chain.SigAlg.MD5andSHA1withRSA),
};