8056026: Debug security logging should print Provider used for each crypto operation
Reviewed-by: mullan
--- a/jdk/src/java.base/share/classes/java/security/KeyPairGenerator.java Thu Sep 25 13:03:27 2014 +0200
+++ b/jdk/src/java.base/share/classes/java/security/KeyPairGenerator.java Thu Sep 25 12:24:19 2014 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@
import sun.security.jca.*;
import sun.security.jca.GetInstance.Instance;
+import sun.security.util.Debug;
/**
* The KeyPairGenerator class is used to generate pairs of
@@ -126,6 +127,11 @@
public abstract class KeyPairGenerator extends KeyPairGeneratorSpi {
+ private static final Debug pdebug =
+ Debug.getInstance("provider", "Provider");
+ private static final boolean skipDebug =
+ Debug.isOn("engine=") && !Debug.isOn("keypairgenerator");
+
private final String algorithm;
// The provider
@@ -167,6 +173,12 @@
kpg = new Delegate(spi, algorithm);
}
kpg.provider = instance.provider;
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("KeyPairGenerator." + algorithm +
+ " algorithm from: " + kpg.provider.getName());
+ }
+
return kpg;
}
@@ -557,6 +569,11 @@
provider = instance.provider;
this.serviceIterator = serviceIterator;
initType = I_NONE;
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("KeyPairGenerator." + algorithm +
+ " algorithm from: " + provider.getName());
+ }
}
/**
--- a/jdk/src/java.base/share/classes/java/security/KeyStore.java Thu Sep 25 13:03:27 2014 +0200
+++ b/jdk/src/java.base/share/classes/java/security/KeyStore.java Thu Sep 25 12:24:19 2014 +0100
@@ -37,6 +37,8 @@
import javax.security.auth.DestroyFailedException;
import javax.security.auth.callback.*;
+import sun.security.util.Debug;
+
/**
* This class represents a storage facility for cryptographic
* keys and certificates.
@@ -177,6 +179,11 @@
public class KeyStore {
+ private static final Debug pdebug =
+ Debug.getInstance("provider", "Provider");
+ private static final boolean skipDebug =
+ Debug.isOn("engine=") && !Debug.isOn("keystore");
+
/*
* Constant to lookup in the Security properties file to determine
* the default keystore type.
@@ -801,6 +808,11 @@
this.keyStoreSpi = keyStoreSpi;
this.provider = provider;
this.type = type;
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("KeyStore." + type.toUpperCase() + " type from: " +
+ this.provider.getName());
+ }
}
/**
--- a/jdk/src/java.base/share/classes/java/security/MessageDigest.java Thu Sep 25 13:03:27 2014 +0200
+++ b/jdk/src/java.base/share/classes/java/security/MessageDigest.java Thu Sep 25 12:24:19 2014 +0100
@@ -35,6 +35,8 @@
import java.nio.ByteBuffer;
+import sun.security.util.Debug;
+
/**
* This MessageDigest class provides applications the functionality of a
* message digest algorithm, such as SHA-1 or SHA-256.
@@ -103,6 +105,11 @@
public abstract class MessageDigest extends MessageDigestSpi {
+ private static final Debug pdebug =
+ Debug.getInstance("provider", "Provider");
+ private static final boolean skipDebug =
+ Debug.isOn("engine=") && !Debug.isOn("messagedigest");
+
private String algorithm;
// The state of this digest
@@ -156,18 +163,23 @@
public static MessageDigest getInstance(String algorithm)
throws NoSuchAlgorithmException {
try {
+ MessageDigest md;
Object[] objs = Security.getImpl(algorithm, "MessageDigest",
(String)null);
if (objs[0] instanceof MessageDigest) {
- MessageDigest md = (MessageDigest)objs[0];
- md.provider = (Provider)objs[1];
- return md;
+ md = (MessageDigest)objs[0];
} else {
- MessageDigest delegate =
- new Delegate((MessageDigestSpi)objs[0], algorithm);
- delegate.provider = (Provider)objs[1];
- return delegate;
+ md = new Delegate((MessageDigestSpi)objs[0], algorithm);
}
+ md.provider = (Provider)objs[1];
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("MessageDigest." + algorithm +
+ " algorithm from: " + md.provider.getName());
+ }
+
+ return md;
+
} catch(NoSuchProviderException e) {
throw new NoSuchAlgorithmException(algorithm + " not found");
}
--- a/jdk/src/java.base/share/classes/java/security/SecureRandom.java Thu Sep 25 13:03:27 2014 +0200
+++ b/jdk/src/java.base/share/classes/java/security/SecureRandom.java Thu Sep 25 12:24:19 2014 +0100
@@ -32,6 +32,7 @@
import sun.security.jca.*;
import sun.security.jca.GetInstance.Instance;
+import sun.security.util.Debug;
/**
* This class provides a cryptographically strong random number
@@ -93,6 +94,11 @@
public class SecureRandom extends java.util.Random {
+ private static final Debug pdebug =
+ Debug.getInstance("provider", "Provider");
+ private static final boolean skipDebug =
+ Debug.isOn("engine=") && !Debug.isOn("securerandom");
+
/**
* The provider.
*
@@ -235,6 +241,11 @@
this.secureRandomSpi = secureRandomSpi;
this.provider = provider;
this.algorithm = algorithm;
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("SecureRandom." + algorithm +
+ " algorithm from: " + this.provider.getName());
+ }
}
/**
--- a/jdk/src/java.base/share/classes/java/security/Signature.java Thu Sep 25 13:03:27 2014 +0200
+++ b/jdk/src/java.base/share/classes/java/security/Signature.java Thu Sep 25 12:24:19 2014 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -121,6 +121,11 @@
private static final Debug debug =
Debug.getInstance("jca", "Signature");
+ private static final Debug pdebug =
+ Debug.getInstance("provider", "Provider");
+ private static final boolean skipDebug =
+ Debug.isOn("engine=") && !Debug.isOn("signature");
+
/*
* The algorithm for this signature object.
* This value is used to map an OID to the particular algorithm.
@@ -451,6 +456,11 @@
throws InvalidKeyException {
engineInitVerify(publicKey);
state = VERIFY;
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("Signature." + algorithm +
+ " verification algorithm from: " + this.provider.getName());
+ }
}
/**
@@ -495,6 +505,11 @@
PublicKey publicKey = certificate.getPublicKey();
engineInitVerify(publicKey);
state = VERIFY;
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("Signature." + algorithm +
+ " verification algorithm from: " + this.provider.getName());
+ }
}
/**
@@ -511,6 +526,11 @@
throws InvalidKeyException {
engineInitSign(privateKey);
state = SIGN;
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("Signature." + algorithm +
+ " signing algorithm from: " + this.provider.getName());
+ }
}
/**
@@ -529,6 +549,11 @@
throws InvalidKeyException {
engineInitSign(privateKey, random);
state = SIGN;
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("Signature." + algorithm +
+ " signing algorithm from: " + this.provider.getName());
+ }
}
/**
--- a/jdk/src/java.base/share/classes/javax/crypto/Cipher.java Thu Sep 25 13:03:27 2014 +0200
+++ b/jdk/src/java.base/share/classes/javax/crypto/Cipher.java Thu Sep 25 12:24:19 2014 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -167,6 +167,11 @@
private static final Debug debug =
Debug.getInstance("jca", "Cipher");
+ private static final Debug pdebug =
+ Debug.getInstance("provider", "Provider");
+ private static final boolean skipDebug =
+ Debug.isOn("engine=") && !Debug.isOn("cipher");
+
/**
* Constant used to initialize cipher to encryption mode.
*/
@@ -1110,6 +1115,21 @@
}
}
+ private static String getOpmodeString(int opmode) {
+ switch (opmode) {
+ case ENCRYPT_MODE:
+ return "encryption";
+ case DECRYPT_MODE:
+ return "decryption";
+ case WRAP_MODE:
+ return "key wrapping";
+ case UNWRAP_MODE:
+ return "key unwrapping";
+ default:
+ return "";
+ }
+ }
+
/**
* Initializes this cipher with a key.
*
@@ -1235,6 +1255,12 @@
initialized = true;
this.opmode = opmode;
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("Cipher." + transformation + " " +
+ getOpmodeString(opmode) + " algorithm from: " +
+ this.provider.getName());
+ }
}
/**
@@ -1372,6 +1398,12 @@
initialized = true;
this.opmode = opmode;
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("Cipher." + transformation + " " +
+ getOpmodeString(opmode) + " algorithm from: " +
+ this.provider.getName());
+ }
}
/**
@@ -1509,6 +1541,12 @@
initialized = true;
this.opmode = opmode;
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("Cipher." + transformation + " " +
+ getOpmodeString(opmode) + " algorithm from: " +
+ this.provider.getName());
+ }
}
/**
@@ -1693,6 +1731,12 @@
initialized = true;
this.opmode = opmode;
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("Cipher." + transformation + " " +
+ getOpmodeString(opmode) + " algorithm from: " +
+ this.provider.getName());
+ }
}
/**
--- a/jdk/src/java.base/share/classes/javax/crypto/KeyAgreement.java Thu Sep 25 13:03:27 2014 +0200
+++ b/jdk/src/java.base/share/classes/javax/crypto/KeyAgreement.java Thu Sep 25 12:24:19 2014 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -78,6 +78,11 @@
private static final Debug debug =
Debug.getInstance("jca", "KeyAgreement");
+ private static final Debug pdebug =
+ Debug.getInstance("provider", "Provider");
+ private static final boolean skipDebug =
+ Debug.isOn("engine=") && !Debug.isOn("keyagreement");
+
// The provider
private Provider provider;
@@ -468,6 +473,11 @@
throw new InvalidKeyException(e);
}
}
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("KeyAgreement." + algorithm + " algorithm from: " +
+ this.provider.getName());
+ }
}
/**
@@ -524,6 +534,11 @@
} else {
chooseProvider(I_PARAMS, key, params, random);
}
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("KeyAgreement." + algorithm + " algorithm from: " +
+ this.provider.getName());
+ }
}
/**
--- a/jdk/src/java.base/share/classes/javax/crypto/KeyGenerator.java Thu Sep 25 13:03:27 2014 +0200
+++ b/jdk/src/java.base/share/classes/javax/crypto/KeyGenerator.java Thu Sep 25 12:24:19 2014 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@
import sun.security.jca.*;
import sun.security.jca.GetInstance.Instance;
+import sun.security.util.Debug;
/**
* This class provides the functionality of a secret (symmetric) key generator.
@@ -108,6 +109,11 @@
public class KeyGenerator {
+ private static final Debug pdebug =
+ Debug.getInstance("provider", "Provider");
+ private static final boolean skipDebug =
+ Debug.isOn("engine=") && !Debug.isOn("keygenerator");
+
// see java.security.KeyPairGenerator for failover notes
private final static int I_NONE = 1;
@@ -145,6 +151,11 @@
this.spi = keyGenSpi;
this.provider = provider;
this.algorithm = algorithm;
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("KeyGenerator." + algorithm + " algorithm from: " +
+ this.provider.getName());
+ }
}
private KeyGenerator(String algorithm) throws NoSuchAlgorithmException {
@@ -158,6 +169,11 @@
throw new NoSuchAlgorithmException
(algorithm + " KeyGenerator not available");
}
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("KeyGenerator." + algorithm + " algorithm from: " +
+ this.provider.getName());
+ }
}
/**
--- a/jdk/src/java.base/share/classes/javax/crypto/Mac.java Thu Sep 25 13:03:27 2014 +0200
+++ b/jdk/src/java.base/share/classes/javax/crypto/Mac.java Thu Sep 25 12:24:19 2014 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -77,6 +77,11 @@
private static final Debug debug =
Debug.getInstance("jca", "Mac");
+ private static final Debug pdebug =
+ Debug.getInstance("provider", "Provider");
+ private static final boolean skipDebug =
+ Debug.isOn("engine=") && !Debug.isOn("mac");
+
// The provider
private Provider provider;
@@ -413,6 +418,11 @@
throw new InvalidKeyException("init() failed", e);
}
initialized = true;
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("Mac." + algorithm + " algorithm from: " +
+ this.provider.getName());
+ }
}
/**
@@ -435,6 +445,11 @@
chooseProvider(key, params);
}
initialized = true;
+
+ if (!skipDebug && pdebug != null) {
+ pdebug.println("Mac." + algorithm + " algorithm from: " +
+ this.provider.getName());
+ }
}
/**
--- a/jdk/src/java.base/share/classes/sun/security/util/Debug.java Thu Sep 25 13:03:27 2014 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/util/Debug.java Thu Sep 25 12:24:19 2014 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -104,7 +104,15 @@
System.err.println("codebase=<URL>");
System.err.println(" only dump output if specified codebase");
System.err.println(" is being checked");
-
+ System.err.println();
+ System.err.println("The following can be used with provider:");
+ System.err.println();
+ System.err.println("engine=<engines>");
+ System.err.println(" only dump output for the specified list");
+ System.err.println(" of JCA engines. Supported values:");
+ System.err.println(" Cipher, KeyAgreement, KeyGenerator,");
+ System.err.println(" KeyPairGenerator, KeyStore, Mac,");
+ System.err.println(" MessageDigest, SecureRandom, Signature.");
System.err.println();
System.err.println("Note: Separate multiple options with a comma");
System.exit(0);