8159180: Remove default setting for jdk.security.provider.preferred
Reviewed-by: xuelei
--- a/jdk/src/java.base/share/conf/security/java.security Fri Jul 01 15:13:00 2016 -0700
+++ b/jdk/src/java.base/share/conf/security/java.security Sat Jul 02 13:51:20 2016 -0700
@@ -116,15 +116,7 @@
# Example:
# jdk.security.provider.preferred=AES/GCM/NoPadding:SunJCE, \
# MessageDigest.SHA-256:SUN, Group.HmacSHA2:SunJCE
-#ifdef solaris-sparc
-jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, \
- HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE
-#endif
-#ifdef solaris-x86
-jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, \
- HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE, RSA:SunRsaSign, \
- SHA1withRSA:SunRsaSign, Group.SHA2RSA:SunRsaSign
-#endif
+#jdk.security.provider.preferred=
#
--- a/jdk/test/sun/security/jca/PreferredProviderNegativeTest.java Fri Jul 01 15:13:00 2016 -0700
+++ b/jdk/test/sun/security/jca/PreferredProviderNegativeTest.java Sat Jul 02 13:51:20 2016 -0700
@@ -62,7 +62,7 @@
}
} else {
if (!cipher.getProvider().getName().equals(arrays[1])) {
- throw new RuntimeException("Test Faild:The provider could be "
+ throw new RuntimeException("Test Failed:The provider could be "
+ "set by valid provider.");
}
}
@@ -73,13 +73,13 @@
* Test that the setting of the security property after Cipher.getInstance()
* does not influence previously loaded instances
*/
- public static void afterJCESet(String value)
+ public static void afterJCESet(String value, String expected)
throws NoSuchAlgorithmException, NoSuchPaddingException {
String[] arrays = value.split(":");
Cipher cipher = Cipher.getInstance(arrays[0]);
Security.setProperty(SEC_PREF_PROP, value);
- if (!cipher.getProvider().getName().equals("SunJCE")) {
+ if (!cipher.getProvider().getName().equals(expected)) {
throw new RuntimeException("Test Failed:The security property can't"
+ " be updated after JCE load.");
}
@@ -105,25 +105,28 @@
public static void main(String[] args)
throws NoSuchAlgorithmException, NoSuchPaddingException {
+ String expected;
+ String value = args[1];
+ // If OS is solaris, expect OracleUcrypto, otherwise SunJCE
+ if (System.getProperty("os.name").toLowerCase().contains("sun")) {
+ expected = "OracleUcrypto";
+ } else {
+ expected = "SunJCE";
+ }
+
if (args.length >= 2) {
switch (args[0]) {
case "preSet":
boolean negativeProvider = Boolean.valueOf(args[2]);
- boolean solaris = System.getProperty("os.name")
- .toLowerCase().contains("sun");
- String value = args[1];
- if (args[1].split(":").length < 2) {
- if (solaris) {
- value += ":OracleUcrypto";
- } else {
- value += ":SunJCE";
- }
+ if (!args[1].contains(":")) {
+ value += ":" + expected;
}
PreferredProviderNegativeTest.preJCESet(
value, negativeProvider);
break;
case "afterSet":
- PreferredProviderNegativeTest.afterJCESet(args[1]);
+ PreferredProviderNegativeTest.afterJCESet(args[1],
+ expected);
break;
case "invalidAlg":
PreferredProviderNegativeTest.invalidAlg(args[1]);
--- a/jdk/test/sun/security/jca/PreferredProviderTest.java Fri Jul 01 15:13:00 2016 -0700
+++ b/jdk/test/sun/security/jca/PreferredProviderTest.java Sat Jul 02 13:51:20 2016 -0700
@@ -38,6 +38,7 @@
* @bug 8076359 8133151 8145344 8150512 8155847
* @summary Test the value for new jdk.security.provider.preferred
* security property
+ * @run main/othervm PreferredProviderTest
*/
public class PreferredProviderTest {
@@ -59,12 +60,14 @@
verifyDigestProvider(os, type, Arrays.asList(
new DataTuple("SHA-256", "SUN")));
} else {
- //For solaris the preferred algorithm/provider is already set in
- //java.security file which will be verified.
+ //Solaris has different providers that support the same algorithm
+ //which makes for better testing.
switch (type) {
case "sparcv9":
preferredProp = "AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, " +
"HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE";
+ Security.setProperty(
+ "jdk.security.provider.preferred", preferredProp);
verifyPreferredProviderProperty(os, type, preferredProp);
verifyDigestProvider(os, type, Arrays.asList(
@@ -89,7 +92,8 @@
"HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE, " +
"RSA:SunRsaSign, SHA1withRSA:SunRsaSign, " +
"Group.SHA2RSA:SunRsaSign";
-
+ Security.setProperty(
+ "jdk.security.provider.preferred", preferredProp);
verifyPreferredProviderProperty(os, type, preferredProp);
verifyKeyFactoryProvider(os, type, Arrays.asList(