Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/sun/security/provider/SunEntries.java
38830 views
/*1* Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package sun.security.provider;2627import java.io.*;28import java.net.*;29import java.util.Map;30import java.security.*;31import sun.security.action.GetPropertyAction;3233/**34* Defines the entries of the SUN provider.35*36* Algorithms supported, and their names:37*38* - SHA is the message digest scheme described in FIPS 180-1.39* Aliases for SHA are SHA-1 and SHA1.40*41* - SHA1withDSA is the signature scheme described in FIPS 186.42* (SHA used in DSA is SHA-1: FIPS 186 with Change No 1.)43* Aliases for SHA1withDSA are DSA, DSS, SHA/DSA, SHA-1/DSA, SHA1/DSA,44* SHAwithDSA, DSAWithSHA1, and the object45* identifier strings "OID.1.3.14.3.2.13", "OID.1.3.14.3.2.27" and46* "OID.1.2.840.10040.4.3".47*48* - SHA-2 is a set of message digest schemes described in FIPS 180-2.49* SHA-2 family of hash functions includes SHA-224, SHA-256, SHA-384,50* and SHA-512.51*52* - SHA-224withDSA/SHA-256withDSA are the signature schemes53* described in FIPS 186-3. The associated object identifiers are54* "OID.2.16.840.1.101.3.4.3.1", and "OID.2.16.840.1.101.3.4.3.2".5556* - DSA is the key generation scheme as described in FIPS 186.57* Aliases for DSA include the OID strings "OID.1.3.14.3.2.12"58* and "OID.1.2.840.10040.4.1".59*60* - MD5 is the message digest scheme described in RFC 1321.61* There are no aliases for MD5.62*63* - X.509 is the certificate factory type for X.509 certificates64* and CRLs. Aliases for X.509 are X509.65*66* - PKIX is the certification path validation algorithm described67* in RFC 5280. The ValidationAlgorithm attribute notes the68* specification that this provider implements.69*70* - LDAP is the CertStore type for LDAP repositories. The71* LDAPSchema attribute notes the specification defining the72* schema that this provider uses to find certificates and CRLs.73*74* - JavaPolicy is the default file-based Policy type.75*76* - JavaLoginConfig is the default file-based LoginModule Configuration type.77*/7879final class SunEntries {8081private static final boolean useLegacyDSA =82Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty83("jdk.security.legacyDSAKeyPairGenerator"));8485private SunEntries() {86// empty87}8889static void putEntries(Map<Object, Object> map) {9091/*92* SecureRandom93*94* Register these first to speed up "new SecureRandom()",95* which iterates through the list of algorithms96*/97// register the native PRNG, if available98// if user selected /dev/urandom, we put it before SHA1PRNG,99// otherwise after it100boolean nativeAvailable = NativePRNG.isAvailable();101boolean useNativePRNG = seedSource.equals(URL_DEV_URANDOM) ||102seedSource.equals(URL_DEV_RANDOM);103104if (nativeAvailable && useNativePRNG) {105map.put("SecureRandom.NativePRNG",106"sun.security.provider.NativePRNG");107}108109map.put("SecureRandom.SHA1PRNG",110"sun.security.provider.SecureRandom");111if (nativeAvailable && !useNativePRNG) {112map.put("SecureRandom.NativePRNG",113"sun.security.provider.NativePRNG");114}115116if (NativePRNG.Blocking.isAvailable()) {117map.put("SecureRandom.NativePRNGBlocking",118"sun.security.provider.NativePRNG$Blocking");119}120121if (NativePRNG.NonBlocking.isAvailable()) {122map.put("SecureRandom.NativePRNGNonBlocking",123"sun.security.provider.NativePRNG$NonBlocking");124}125126/*127* Signature engines128*/129map.put("Signature.SHA1withDSA",130"sun.security.provider.DSA$SHA1withDSA");131map.put("Signature.NONEwithDSA", "sun.security.provider.DSA$RawDSA");132map.put("Alg.Alias.Signature.RawDSA", "NONEwithDSA");133map.put("Signature.SHA224withDSA",134"sun.security.provider.DSA$SHA224withDSA");135map.put("Signature.SHA256withDSA",136"sun.security.provider.DSA$SHA256withDSA");137138String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +139"|java.security.interfaces.DSAPrivateKey";140map.put("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses);141map.put("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses);142map.put("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses);143map.put("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses);144145map.put("Alg.Alias.Signature.DSA", "SHA1withDSA");146map.put("Alg.Alias.Signature.DSS", "SHA1withDSA");147map.put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");148map.put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA");149map.put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA");150map.put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA");151map.put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");152map.put("Alg.Alias.Signature.OID.1.2.840.10040.4.3",153"SHA1withDSA");154map.put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA");155map.put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA");156map.put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA");157map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1",158"SHA224withDSA");159map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA");160map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2",161"SHA256withDSA");162map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA");163164/*165* Key Pair Generator engines166*/167String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";168dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");169map.put("KeyPairGenerator.DSA", dsaKPGImplClass);170map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA");171map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA");172map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA");173174/*175* Digest engines176*/177map.put("MessageDigest.MD2", "sun.security.provider.MD2");178map.put("MessageDigest.MD5", "sun.security.provider.MD5");179map.put("MessageDigest.SHA", "sun.security.provider.SHA");180181map.put("Alg.Alias.MessageDigest.SHA-1", "SHA");182map.put("Alg.Alias.MessageDigest.SHA1", "SHA");183map.put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA");184map.put("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA");185186map.put("MessageDigest.SHA-224", "sun.security.provider.SHA2$SHA224");187map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224");188map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4",189"SHA-224");190191map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2$SHA256");192map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256");193map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1",194"SHA-256");195map.put("MessageDigest.SHA-384", "sun.security.provider.SHA5$SHA384");196map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384");197map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2",198"SHA-384");199map.put("MessageDigest.SHA-512", "sun.security.provider.SHA5$SHA512");200map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512");201map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3",202"SHA-512");203map.put("MessageDigest.SHA-512/224", "sun.security.provider.SHA5$SHA512_224");204map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.5", "SHA-512/224");205map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.5",206"SHA-512/224");207map.put("MessageDigest.SHA-512/256", "sun.security.provider.SHA5$SHA512_256");208map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.6", "SHA-512/256");209map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.6",210"SHA-512/256");211212/*213* Algorithm Parameter Generator engines214*/215map.put("AlgorithmParameterGenerator.DSA",216"sun.security.provider.DSAParameterGenerator");217218/*219* Algorithm Parameter engines220*/221map.put("AlgorithmParameters.DSA",222"sun.security.provider.DSAParameters");223map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA");224map.put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA");225map.put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA");226227/*228* Key factories229*/230map.put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory");231map.put("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA");232map.put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA");233map.put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA");234235/*236* Certificates237*/238map.put("CertificateFactory.X.509",239"sun.security.provider.X509Factory");240map.put("Alg.Alias.CertificateFactory.X509", "X.509");241242/*243* KeyStore244*/245map.put("KeyStore.JKS",246"sun.security.provider.JavaKeyStore$DualFormatJKS");247map.put("KeyStore.CaseExactJKS",248"sun.security.provider.JavaKeyStore$CaseExactJKS");249map.put("KeyStore.DKS", "sun.security.provider.DomainKeyStore$DKS");250251/*252* Policy253*/254map.put("Policy.JavaPolicy", "sun.security.provider.PolicySpiFile");255256/*257* Configuration258*/259map.put("Configuration.JavaLoginConfig",260"sun.security.provider.ConfigFile$Spi");261262/*263* CertPathBuilder264*/265map.put("CertPathBuilder.PKIX",266"sun.security.provider.certpath.SunCertPathBuilder");267map.put("CertPathBuilder.PKIX ValidationAlgorithm",268"RFC5280");269270/*271* CertPathValidator272*/273map.put("CertPathValidator.PKIX",274"sun.security.provider.certpath.PKIXCertPathValidator");275map.put("CertPathValidator.PKIX ValidationAlgorithm",276"RFC5280");277278/*279* CertStores280*/281map.put("CertStore.LDAP",282"sun.security.provider.certpath.ldap.LDAPCertStore");283map.put("CertStore.LDAP LDAPSchema", "RFC2587");284map.put("CertStore.Collection",285"sun.security.provider.certpath.CollectionCertStore");286map.put("CertStore.com.sun.security.IndexedCollection",287"sun.security.provider.certpath.IndexedCollectionCertStore");288289/*290* KeySize291*/292map.put("Signature.NONEwithDSA KeySize", "1024");293map.put("Signature.SHA1withDSA KeySize", "1024");294map.put("Signature.SHA224withDSA KeySize", "2048");295map.put("Signature.SHA256withDSA KeySize", "2048");296297map.put("KeyPairGenerator.DSA KeySize", "2048");298map.put("AlgorithmParameterGenerator.DSA KeySize", "2048");299300/*301* Implementation type: software or hardware302*/303map.put("Signature.SHA1withDSA ImplementedIn", "Software");304map.put("KeyPairGenerator.DSA ImplementedIn", "Software");305map.put("MessageDigest.MD5 ImplementedIn", "Software");306map.put("MessageDigest.SHA ImplementedIn", "Software");307map.put("AlgorithmParameterGenerator.DSA ImplementedIn",308"Software");309map.put("AlgorithmParameters.DSA ImplementedIn", "Software");310map.put("KeyFactory.DSA ImplementedIn", "Software");311map.put("SecureRandom.SHA1PRNG ImplementedIn", "Software");312map.put("CertificateFactory.X.509 ImplementedIn", "Software");313map.put("KeyStore.JKS ImplementedIn", "Software");314map.put("CertPathValidator.PKIX ImplementedIn", "Software");315map.put("CertPathBuilder.PKIX ImplementedIn", "Software");316map.put("CertStore.LDAP ImplementedIn", "Software");317map.put("CertStore.Collection ImplementedIn", "Software");318map.put("CertStore.com.sun.security.IndexedCollection ImplementedIn",319"Software");320321}322323// name of the *System* property, takes precedence over PROP_RNDSOURCE324private final static String PROP_EGD = "java.security.egd";325// name of the *Security* property326private final static String PROP_RNDSOURCE = "securerandom.source";327328final static String URL_DEV_RANDOM = "file:/dev/random";329final static String URL_DEV_URANDOM = "file:/dev/urandom";330331private static final String seedSource;332333static {334seedSource = AccessController.doPrivileged(335new PrivilegedAction<String>() {336337@Override338public String run() {339String egdSource = System.getProperty(PROP_EGD, "");340if (egdSource.length() != 0) {341return egdSource;342}343egdSource = Security.getProperty(PROP_RNDSOURCE);344if (egdSource == null) {345return "";346}347return egdSource;348}349});350}351352static String getSeedSource() {353return seedSource;354}355356/*357* Use a URI to access this File. Previous code used a URL358* which is less strict on syntax. If we encounter a359* URISyntaxException we make best efforts for backwards360* compatibility. e.g. space character in deviceName string.361*362* Method called within PrivilegedExceptionAction block.363*364* Moved from SeedGenerator to avoid initialization problems with365* signed providers.366*/367static File getDeviceFile(URL device) throws IOException {368try {369URI deviceURI = device.toURI();370if(deviceURI.isOpaque()) {371// File constructor does not accept opaque URI372URI localDir = new File(373System.getProperty("user.dir")).toURI();374String uriPath = localDir.toString() +375deviceURI.toString().substring(5);376return new File(URI.create(uriPath));377} else {378return new File(deviceURI);379}380} catch (URISyntaxException use) {381/*382* Make best effort to access this File.383* We can try using the URL path.384*/385return new File(device.getPath());386}387}388}389390391