--- a/jdk/make/gendata/Gendata-java.base.gmk Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/make/gendata/Gendata-java.base.gmk Mon Oct 19 17:35:18 2015 -0700
@@ -70,7 +70,7 @@
$(ECHO) "Generating java.security"
$(MKDIR) -p $(@D)
$(TOOL_MAKEJAVASECURITY) $(GENDATA_JAVA_SECURITY_SRC) $@ $(OPENJDK_TARGET_OS) \
- $(RESTRICTED_PKGS_SRC) || exit 1
+ $(OPENJDK_TARGET_CPU_ARCH) $(RESTRICTED_PKGS_SRC) || exit 1
TARGETS += $(GENDATA_JAVA_SECURITY)
--- a/jdk/make/src/classes/build/tools/makejavasecurity/MakeJavaSecurity.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/make/src/classes/build/tools/makejavasecurity/MakeJavaSecurity.java Mon Oct 19 17:35:18 2015 -0700
@@ -50,19 +50,21 @@
public static void main(String[] args) throws Exception {
- if (args.length < 3) {
+ if (args.length < 4) {
System.err.println("Usage: java MakeJavaSecurity " +
"[input java.security file name] " +
"[output java.security file name] " +
"[openjdk target os] " +
+ "[openjdk target cpu architecture]" +
"[more restricted packages file name?]");
- System.exit(1);
+
+ System.exit(1);
}
// more restricted packages
List<String> extraLines;
- if (args.length == 4) {
- extraLines = Files.readAllLines(Paths.get(args[3]));
+ if (args.length == 5) {
+ extraLines = Files.readAllLines(Paths.get(args[4]));
} else {
extraLines = Collections.emptyList();
}
@@ -96,7 +98,11 @@
mode = 0;
iter.remove();
} else if (line.startsWith("#ifdef ")) {
- mode = line.endsWith(args[2])?1:2;
+ if (line.indexOf('-') > 0) {
+ mode = line.endsWith(args[2]+"-"+args[3]) ? 1 : 2;
+ } else {
+ mode = line.endsWith(args[2]) ? 1 : 2;
+ }
iter.remove();
} else if (line.startsWith("#ifndef ")) {
mode = line.endsWith(args[2])?2:1;
--- a/jdk/src/java.base/share/classes/java/security/AlgorithmParameterGenerator.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/security/AlgorithmParameterGenerator.java Mon Oct 19 17:35:18 2015 -0700
@@ -138,6 +138,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param algorithm the name of the algorithm this
* parameter generator is associated with.
* See the AlgorithmParameterGenerator section in the <a href=
--- a/jdk/src/java.base/share/classes/java/security/AlgorithmParameters.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/security/AlgorithmParameters.java Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -126,6 +126,13 @@
* {@code init}, using an appropriate parameter specification or
* parameter encoding.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param algorithm the name of the algorithm requested.
* See the AlgorithmParameters section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#AlgorithmParameters">
--- a/jdk/src/java.base/share/classes/java/security/KeyFactory.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/security/KeyFactory.java Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -153,6 +153,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param algorithm the name of the requested key algorithm.
* See the KeyFactory section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyFactory">
--- a/jdk/src/java.base/share/classes/java/security/KeyPairGenerator.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/security/KeyPairGenerator.java Mon Oct 19 17:35:18 2015 -0700
@@ -195,6 +195,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param algorithm the standard string name of the algorithm.
* See the KeyPairGenerator section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyPairGenerator">
--- a/jdk/src/java.base/share/classes/java/security/KeyStore.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/security/KeyStore.java Mon Oct 19 17:35:18 2015 -0700
@@ -841,6 +841,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param type the type of keystore.
* See the KeyStore section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyStore">
--- a/jdk/src/java.base/share/classes/java/security/MessageDigest.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/security/MessageDigest.java Mon Oct 19 17:35:18 2015 -0700
@@ -146,6 +146,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param algorithm the name of the algorithm requested.
* See the MessageDigest section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#MessageDigest">
--- a/jdk/src/java.base/share/classes/java/security/Policy.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/security/Policy.java Mon Oct 19 17:35:18 2015 -0700
@@ -355,6 +355,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param type the specified Policy type. See the Policy section in the
* <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#Policy">
--- a/jdk/src/java.base/share/classes/java/security/SecureRandom.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/security/SecureRandom.java Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -268,6 +268,13 @@
* This self-seeding will not occur if {@code setSeed} was
* previously called.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param algorithm the name of the RNG algorithm.
* See the SecureRandom section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom">
--- a/jdk/src/java.base/share/classes/java/security/Signature.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/security/Signature.java Mon Oct 19 17:35:18 2015 -0700
@@ -203,6 +203,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param algorithm the standard name of the algorithm requested.
* See the Signature section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
--- a/jdk/src/java.base/share/classes/java/security/cert/CertPathBuilder.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/security/cert/CertPathBuilder.java Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -142,6 +142,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param algorithm the name of the requested {@code CertPathBuilder}
* algorithm. See the CertPathBuilder section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathBuilder">
--- a/jdk/src/java.base/share/classes/java/security/cert/CertPathValidator.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/security/cert/CertPathValidator.java Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -143,6 +143,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param algorithm the name of the requested {@code CertPathValidator}
* algorithm. See the CertPathValidator section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathValidator">
--- a/jdk/src/java.base/share/classes/java/security/cert/CertStore.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/security/cert/CertStore.java Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -201,6 +201,13 @@
* Note that the specified {@code CertStoreParameters} object is
* cloned.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param type the name of the requested {@code CertStore} type.
* See the CertStore section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertStore">
--- a/jdk/src/java.base/share/classes/java/security/cert/CertificateFactory.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/security/cert/CertificateFactory.java Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -163,6 +163,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param type the name of the requested certificate type.
* See the CertificateFactory section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertificateFactory">
--- a/jdk/src/java.base/share/classes/javax/crypto/Cipher.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/javax/crypto/Cipher.java Mon Oct 19 17:35:18 2015 -0700
@@ -478,6 +478,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param transformation the name of the transformation, e.g.,
* <i>DES/CBC/PKCS5Padding</i>.
* See the Cipher section in the <a href=
--- a/jdk/src/java.base/share/classes/javax/crypto/ExemptionMechanism.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/javax/crypto/ExemptionMechanism.java Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -112,6 +112,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param algorithm the standard name of the requested exemption
* mechanism.
* See the ExemptionMechanism section in the
--- a/jdk/src/java.base/share/classes/javax/crypto/KeyAgreement.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/javax/crypto/KeyAgreement.java Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -150,6 +150,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param algorithm the standard name of the requested key agreement
* algorithm.
* See the KeyAgreement section in the <a href=
--- a/jdk/src/java.base/share/classes/javax/crypto/KeyGenerator.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/javax/crypto/KeyGenerator.java Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -202,6 +202,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param algorithm the standard name of the requested key algorithm.
* See the KeyGenerator section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyGenerator">
--- a/jdk/src/java.base/share/classes/javax/crypto/Mac.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/javax/crypto/Mac.java Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -152,6 +152,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param algorithm the standard name of the requested MAC algorithm.
* See the Mac section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#Mac">
--- a/jdk/src/java.base/share/classes/javax/crypto/SecretKeyFactory.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/javax/crypto/SecretKeyFactory.java Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -137,6 +137,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param algorithm the standard name of the requested secret-key
* algorithm.
* See the SecretKeyFactory section in the <a href=
--- a/jdk/src/java.base/share/classes/javax/net/ssl/KeyManagerFactory.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/javax/net/ssl/KeyManagerFactory.java Mon Oct 19 17:35:18 2015 -0700
@@ -116,6 +116,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param algorithm the standard name of the requested algorithm.
* See the <a href=
* "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
--- a/jdk/src/java.base/share/classes/javax/net/ssl/SSLContext.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/javax/net/ssl/SSLContext.java Mon Oct 19 17:35:18 2015 -0700
@@ -136,6 +136,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param protocol the standard name of the requested protocol.
* See the SSLContext section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#SSLContext">
--- a/jdk/src/java.base/share/classes/javax/net/ssl/TrustManagerFactory.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/javax/net/ssl/TrustManagerFactory.java Mon Oct 19 17:35:18 2015 -0700
@@ -130,6 +130,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param algorithm the standard name of the requested trust management
* algorithm. See the <a href=
* "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
--- a/jdk/src/java.base/share/classes/javax/security/auth/login/Configuration.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/javax/security/auth/login/Configuration.java Mon Oct 19 17:35:18 2015 -0700
@@ -311,6 +311,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param type the specified Configuration type. See the Configuration
* section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#Configuration">
--- a/jdk/src/java.base/share/classes/sun/security/jca/ProviderList.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/jca/ProviderList.java Mon Oct 19 17:35:18 2015 -0700
@@ -27,8 +27,11 @@
import java.util.*;
-import java.security.*;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.Provider;
import java.security.Provider.Service;
+import java.security.Security;
/**
* List of Providers. Used to represent the provider preferences.
@@ -65,6 +68,9 @@
// constant for an ProviderList with no elements
static final ProviderList EMPTY = new ProviderList(PC0, true);
+ // list of all jdk.security.provider.preferred entries
+ static private PreferredList preferredPropList = null;
+
// dummy provider object to use during initialization
// used to avoid explicit null checks in various places
private static final Provider EMPTY_PROVIDER =
@@ -162,11 +168,10 @@
*/
private ProviderList() {
List<ProviderConfig> configList = new ArrayList<>();
- for (int i = 1; true; i++) {
- String entry = Security.getProperty("security.provider." + i);
- if (entry == null) {
- break;
- }
+ String entry;
+ int i = 1;
+
+ while ((entry = Security.getProperty("security.provider." + i)) != null) {
entry = entry.trim();
if (entry.length() == 0) {
System.err.println("invalid entry for " +
@@ -187,10 +192,36 @@
if (configList.contains(config) == false) {
configList.add(config);
}
+ i++;
}
configs = configList.toArray(PC0);
+
+ // Load config entries for use when getInstance is called
+ entry = Security.getProperty("jdk.security.provider.preferred");
+ if (entry != null && (entry = entry.trim()).length() > 0) {
+ String[] entries = entry.split(",");
+ if (ProviderList.preferredPropList == null) {
+ ProviderList.preferredPropList = new PreferredList();
+ }
+
+ for (String e : entries) {
+ i = e.indexOf(':');
+ if (i < 0) {
+ if (debug != null) {
+ debug.println("invalid preferred entry skipped. " +
+ "Missing colon delimiter \"" + e + "\"");
+ }
+ continue;
+ }
+ ProviderList.preferredPropList.add(new PreferredEntry(
+ e.substring(0, i).trim(), e.substring(i + 1).trim()));
+ }
+ }
+
if (debug != null) {
debug.println("provider configuration: " + configList);
+ debug.println("config configuration: " +
+ ProviderList.preferredPropList);
}
}
@@ -327,7 +358,22 @@
* algorithm.
*/
public Service getService(String type, String name) {
- for (int i = 0; i < configs.length; i++) {
+ ArrayList<PreferredEntry> pList = null;
+ int i;
+
+ // Preferred provider list
+ if (preferredPropList != null &&
+ (pList = preferredPropList.getAll(type, name)) != null) {
+ for (i = 0; i < pList.size(); i++) {
+ Provider p = getProvider(pList.get(i).provider);
+ Service s = p.getService(type, name);
+ if (s != null) {
+ return s;
+ }
+ }
+ }
+
+ for (i = 0; i < configs.length; i++) {
Provider p = getProvider(i);
Service s = p.getService(type, name);
if (s != null) {
@@ -394,7 +440,11 @@
private List<Service> services;
// index into config[] of the next provider we need to query
- private int providerIndex;
+ private int providerIndex = 0;
+
+ // Matching preferred provider list for this ServiceList
+ ArrayList<PreferredEntry> preferredList = null;
+ private int preferredIndex = 0;
ServiceList(String type, String algorithm) {
this.type = type;
@@ -421,6 +471,14 @@
}
private Service tryGet(int index) {
+ Provider p;
+
+ // If preferred providers are configured, check for matches with
+ // the requested service.
+ if (preferredPropList != null && preferredList == null) {
+ preferredList = preferredPropList.getAll(this);
+ }
+
while (true) {
if ((index == 0) && (firstService != null)) {
return firstService;
@@ -430,8 +488,27 @@
if (providerIndex >= configs.length) {
return null;
}
- // check all algorithms in this provider before moving on
- Provider p = getProvider(providerIndex++);
+
+ // If there were matches with a preferred provider, iterate
+ // through the list first before going through the
+ // ordered list (java.security.provider.#)
+ if (preferredList != null &&
+ preferredIndex < preferredList.size()) {
+ PreferredEntry entry = preferredList.get(preferredIndex++);
+ // Look for the provider name in the PreferredEntry
+ p = getProvider(entry.provider);
+ if (p == null) {
+ if (debug != null) {
+ debug.println("No provider found with name: " +
+ entry.provider);
+ }
+ continue;
+ }
+ } else {
+ // check all algorithms in this provider before moving on
+ p = getProvider(providerIndex++);
+ }
+
if (type != null) {
// simple lookup
Service s = p.getService(type, algorithm);
@@ -502,4 +579,119 @@
}
}
+ // Provider list defined by jdk.security.provider.preferred entry
+ static final class PreferredList {
+ ArrayList<PreferredEntry> list = new ArrayList<PreferredEntry>();
+
+ /*
+ * Return a list of all preferred entries that match the passed
+ * ServiceList.
+ */
+ ArrayList<PreferredEntry> getAll(ServiceList s) {
+ if (s.ids == null) {
+ return getAll(s.type, s.algorithm);
+
+ }
+
+ ArrayList<PreferredEntry> l = new ArrayList<PreferredEntry>();
+ for (ServiceId id : s.ids) {
+ implGetAll(l, id.type, id.algorithm);
+ }
+
+ return l;
+ }
+
+ /*
+ * Return a list of all preferred entries that match the passed
+ * type and algorithm.
+ */
+ ArrayList<PreferredEntry> getAll(String type, String algorithm) {
+ ArrayList<PreferredEntry> l = new ArrayList<PreferredEntry>();
+ implGetAll(l, type, algorithm);
+ return l;
+ }
+
+ /*
+ * Compare each preferred entry against the passed type and
+ * algorithm, putting any matches in the passed ArrayList.
+ */
+ private void implGetAll(ArrayList<PreferredEntry> l, String type,
+ String algorithm) {
+ PreferredEntry e;
+
+ for (int i = 0; i < size(); i++) {
+ e = list.get(i);
+ if (e.match(type, algorithm)) {
+ l.add(e);
+ }
+ }
+ }
+
+ public PreferredEntry get(int i) {
+ return list.get(i);
+ }
+
+ public int size() {
+ return list.size();
+ }
+
+ public boolean add(PreferredEntry e) {
+ return list.add(e);
+ }
+
+ public String toString() {
+ String s = "";
+ for (PreferredEntry e: list) {
+ s += e.toString();
+ }
+ return s;
+ }
+ }
+
+ // Individual preferred property entry from jdk.security.provider.preferred
+ private class PreferredEntry {
+ String type = null;
+ String algorithm;
+ String provider;
+
+ PreferredEntry(String t, String p) {
+ int i = t.indexOf('.');
+ if (i > 0) {
+ type = t.substring(0, i);
+ algorithm = t.substring(i + 1);
+ } else {
+ algorithm = t;
+ }
+
+ provider = p;
+ }
+
+ boolean match(String t, String a) {
+ if (debug != null) {
+ debug.println("Config match: " + toString() + " == [" + t +
+ ", " + a + "]");
+ }
+
+ // Compare service type if configured
+ if (type != null && type.compareToIgnoreCase(t) != 0) {
+ return false;
+ }
+
+ // Compare the algorithm string.
+ if (a.compareToIgnoreCase(algorithm) == 0) {
+ if (debug != null) {
+ debug.println("Config entry found: " + toString());
+ }
+ return true;
+ }
+
+ // No match
+ return false;
+ }
+
+ public String toString() {
+ return "[" + type + ", " + algorithm + " : " + provider + "] ";
+ }
+ }
+
}
--- a/jdk/src/java.base/share/conf/security/java.security Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.base/share/conf/security/java.security Mon Oct 19 17:35:18 2015 -0700
@@ -90,6 +90,31 @@
security.provider.tbd=sun.security.pkcs11.SunPKCS11
#endif
+#
+# A list of preferred providers for specific algorithms. These providers will
+# be searched for matching algorithms before the list of registered providers.
+# Entries containing errors (parsing, etc) will be ignored. Use the
+# -Djava.security.debug=jca property to debug these errors.
+#
+# The property is a comma-separated list of serviceType.algorithm:provider
+# entries. The serviceType (example: "MessageDigest") is optional, and if
+# not specified, the algorithm applies to all service types that support it.
+# The algorithm is the standard algorithm name or transformation.
+# Transformations can be specified in their full standard name
+# (ex: AES/CBC/PKCS5Padding), or as partial matches (ex: AES, AES/CBC).
+# The provider is the name of the provider. Any provider that does not
+# also appear in the registered list will be ignored.
+#
+# Example:
+# jdk.security.provider.preferred=AES/GCM/NoPadding:SunJCE, \
+# MessageDigest.SHA-256:SUN
+#ifdef solaris-sparc
+jdk.security.provider.preferred=AES:SunJCE, SHA-256:SUN, SHA-384:SUN, SHA-512:SUN
+#endif
+#ifdef solaris-x86
+jdk.security.provider.preferred=AES:SunJCE, RSA:SunRsaSign
+#endif
+
#
# Sun Provider SecureRandom seed source.
--- a/jdk/src/java.security.sasl/share/classes/javax/security/sasl/Sasl.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.security.sasl/share/classes/javax/security/sasl/Sasl.java Mon Oct 19 17:35:18 2015 -0700
@@ -310,6 +310,13 @@
* for information about how to install and configure security service
* providers.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param mechanisms The non-null list of mechanism names to try. Each is the
* IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
* @param authorizationId The possibly null protocol-dependent
@@ -452,6 +459,13 @@
* for information about how to install and configure security
* service providers.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param mechanism The non-null mechanism name. It must be an
* IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
* @param protocol The non-null string name of the protocol for which
--- a/jdk/src/java.smartcardio/share/classes/javax/smartcardio/TerminalFactory.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.smartcardio/share/classes/javax/smartcardio/TerminalFactory.java Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -229,6 +229,13 @@
* specified parameters Object. The type of parameters
* needed may vary between different types of <code>TerminalFactory</code>s.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param type the type of the requested TerminalFactory
* @param params the parameters to pass to the TerminalFactorySpi
* implementation, or null if no parameters are needed
--- a/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/TransformService.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/TransformService.java Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -136,6 +136,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param algorithm the URI of the algorithm
* @param mechanismType the type of the XML processing mechanism and
* representation
--- a/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/XMLSignatureFactory.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/XMLSignatureFactory.java Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -173,6 +173,13 @@
* <p>Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param mechanismType the type of the XML processing mechanism and
* representation. See the <a
* href="../../../../../technotes/guides/security/xmldsig/overview.html#Service%20Provider">
--- a/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/keyinfo/KeyInfoFactory.java Mon Oct 19 17:26:01 2015 -0700
+++ b/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/keyinfo/KeyInfoFactory.java Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -129,6 +129,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @param mechanismType the type of the XML processing mechanism and
* representation. See the <a
* href="../../../../../../technotes/guides/security/xmldsig/overview.html#Service%20Provider">
@@ -263,6 +270,13 @@
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
* @return a new <code>KeyInfoFactory</code>
* @throws NoSuchMechanismException if no <code>Provider</code> supports a
* <code>KeyInfoFactory</code> implementation for the DOM mechanism