1 /* 2 * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.provider; 27 28 import java.io.*; 29 import java.net.*; 30 import java.util.*; 31 import java.security.*; 32 33 import jdk.internal.util.StaticProperty; 34 import sun.security.action.GetPropertyAction; 35 import sun.security.util.SecurityProviderConstants; 36 import static sun.security.util.SecurityProviderConstants.getAliases; 37 38 /** 39 * Defines the entries of the SUN provider. 40 * 41 * Algorithms supported, and their names: 42 * 43 * - SHA is the message digest scheme described in FIPS 180-1. 44 * Aliases for SHA are SHA-1 and SHA1. 45 * 46 * - SHA1withDSA is the signature scheme described in FIPS 186. 47 * (SHA used in DSA is SHA-1: FIPS 186 with Change No 1.) 48 * Aliases for SHA1withDSA are DSA, DSS, SHA/DSA, SHA-1/DSA, SHA1/DSA, 49 * SHAwithDSA, DSAWithSHA1, and the object 50 * identifier strings "OID.1.3.14.3.2.13", "OID.1.3.14.3.2.27" and 51 * "OID.1.2.840.10040.4.3". 52 * 53 * - SHA-2 is a set of message digest schemes described in FIPS 180-2. 54 * SHA-2 family of hash functions includes SHA-224, SHA-256, SHA-384, 55 * and SHA-512. 56 * 57 * - SHA-224withDSA/SHA-256withDSA are the signature schemes 58 * described in FIPS 186-3. The associated object identifiers are 59 * "OID.2.16.840.1.101.3.4.3.1", and "OID.2.16.840.1.101.3.4.3.2". 60 * 61 * - DSA is the key generation scheme as described in FIPS 186. 62 * Aliases for DSA include the OID strings "OID.1.3.14.3.2.12" 63 * and "OID.1.2.840.10040.4.1". 64 * 65 * - MD5 is the message digest scheme described in RFC 1321. 66 * There are no aliases for MD5. 67 * 68 * - X.509 is the certificate factory type for X.509 certificates 69 * and CRLs. Aliases for X.509 are X509. 70 * 71 * - PKIX is the certification path validation algorithm described 72 * in RFC 5280. The ValidationAlgorithm attribute notes the 73 * specification that this provider implements. 74 * 75 * - JavaPolicy is the default file-based Policy type. 76 * 77 * - JavaLoginConfig is the default file-based LoginModule Configuration type. 78 */ 79 80 public final class SunEntries { 81 82 // the default algo used by SecureRandom class for new SecureRandom() calls 83 public static final String DEF_SECURE_RANDOM_ALGO; 84 SunEntries(Provider p)85 SunEntries(Provider p) { 86 services = new LinkedHashSet<>(50, 0.9f); 87 88 // start populating content using the specified provider 89 90 // common attribute map 91 HashMap<String, String> attrs = new HashMap<>(3); 92 93 /* 94 * SecureRandom engines 95 */ 96 attrs.put("ThreadSafe", "true"); 97 if (NativePRNG.isAvailable()) { 98 add(p, "SecureRandom", "NativePRNG", 99 "sun.security.provider.NativePRNG", attrs); 100 } 101 if (NativePRNG.Blocking.isAvailable()) { 102 add(p, "SecureRandom", "NativePRNGBlocking", 103 "sun.security.provider.NativePRNG$Blocking", attrs); 104 } 105 if (NativePRNG.NonBlocking.isAvailable()) { 106 add(p, "SecureRandom", "NativePRNGNonBlocking", 107 "sun.security.provider.NativePRNG$NonBlocking", attrs); 108 } 109 attrs.put("ImplementedIn", "Software"); 110 add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs); 111 add(p, "SecureRandom", "SHA1PRNG", 112 "sun.security.provider.SecureRandom", attrs); 113 114 /* 115 * Signature engines 116 */ 117 attrs.clear(); 118 String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" + 119 "|java.security.interfaces.DSAPrivateKey"; 120 attrs.put("SupportedKeyClasses", dsaKeyClasses); 121 attrs.put("ImplementedIn", "Software"); 122 123 attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures 124 125 addWithAlias(p, "Signature", "SHA1withDSA", 126 "sun.security.provider.DSA$SHA1withDSA", attrs); 127 addWithAlias(p, "Signature", "NONEwithDSA", 128 "sun.security.provider.DSA$RawDSA", attrs); 129 130 attrs.put("KeySize", "2048"); // for SHA224 and SHA256 DSA signatures 131 132 addWithAlias(p, "Signature", "SHA224withDSA", 133 "sun.security.provider.DSA$SHA224withDSA", attrs); 134 addWithAlias(p, "Signature", "SHA256withDSA", 135 "sun.security.provider.DSA$SHA256withDSA", attrs); 136 137 attrs.remove("KeySize"); 138 139 add(p, "Signature", "SHA1withDSAinP1363Format", 140 "sun.security.provider.DSA$SHA1withDSAinP1363Format"); 141 add(p, "Signature", "NONEwithDSAinP1363Format", 142 "sun.security.provider.DSA$RawDSAinP1363Format"); 143 add(p, "Signature", "SHA224withDSAinP1363Format", 144 "sun.security.provider.DSA$SHA224withDSAinP1363Format"); 145 add(p, "Signature", "SHA256withDSAinP1363Format", 146 "sun.security.provider.DSA$SHA256withDSAinP1363Format"); 147 148 /* 149 * Key Pair Generator engines 150 */ 151 attrs.clear(); 152 attrs.put("ImplementedIn", "Software"); 153 attrs.put("KeySize", "2048"); // for DSA KPG and APG only 154 155 String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$"; 156 dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current"); 157 addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs); 158 159 /* 160 * Algorithm Parameter Generator engines 161 */ 162 addWithAlias(p, "AlgorithmParameterGenerator", "DSA", 163 "sun.security.provider.DSAParameterGenerator", attrs); 164 attrs.remove("KeySize"); 165 166 /* 167 * Algorithm Parameter engines 168 */ 169 addWithAlias(p, "AlgorithmParameters", "DSA", 170 "sun.security.provider.DSAParameters", attrs); 171 172 /* 173 * Key factories 174 */ 175 addWithAlias(p, "KeyFactory", "DSA", 176 "sun.security.provider.DSAKeyFactory", attrs); 177 178 /* 179 * Digest engines 180 */ 181 add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", attrs); 182 add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs); 183 addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA", 184 attrs); 185 186 addWithAlias(p, "MessageDigest", "SHA-224", 187 "sun.security.provider.SHA2$SHA224", attrs); 188 addWithAlias(p, "MessageDigest", "SHA-256", 189 "sun.security.provider.SHA2$SHA256", attrs); 190 addWithAlias(p, "MessageDigest", "SHA-384", 191 "sun.security.provider.SHA5$SHA384", attrs); 192 addWithAlias(p, "MessageDigest", "SHA-512", 193 "sun.security.provider.SHA5$SHA512", attrs); 194 addWithAlias(p, "MessageDigest", "SHA-512/224", 195 "sun.security.provider.SHA5$SHA512_224", attrs); 196 addWithAlias(p, "MessageDigest", "SHA-512/256", 197 "sun.security.provider.SHA5$SHA512_256", attrs); 198 addWithAlias(p, "MessageDigest", "SHA3-224", 199 "sun.security.provider.SHA3$SHA224", attrs); 200 addWithAlias(p, "MessageDigest", "SHA3-256", 201 "sun.security.provider.SHA3$SHA256", attrs); 202 addWithAlias(p, "MessageDigest", "SHA3-384", 203 "sun.security.provider.SHA3$SHA384", attrs); 204 addWithAlias(p, "MessageDigest", "SHA3-512", 205 "sun.security.provider.SHA3$SHA512", attrs); 206 207 /* 208 * Certificates 209 */ 210 addWithAlias(p, "CertificateFactory", "X.509", 211 "sun.security.provider.X509Factory", attrs); 212 213 /* 214 * KeyStore 215 */ 216 add(p, "KeyStore", "PKCS12", 217 "sun.security.pkcs12.PKCS12KeyStore$DualFormatPKCS12"); 218 add(p, "KeyStore", "JKS", 219 "sun.security.provider.JavaKeyStore$DualFormatJKS", attrs); 220 add(p, "KeyStore", "CaseExactJKS", 221 "sun.security.provider.JavaKeyStore$CaseExactJKS", attrs); 222 add(p, "KeyStore", "DKS", "sun.security.provider.DomainKeyStore$DKS", 223 attrs); 224 225 226 /* 227 * CertStores 228 */ 229 add(p, "CertStore", "Collection", 230 "sun.security.provider.certpath.CollectionCertStore", 231 attrs); 232 add(p, "CertStore", "com.sun.security.IndexedCollection", 233 "sun.security.provider.certpath.IndexedCollectionCertStore", 234 attrs); 235 236 /* 237 * Policy 238 */ 239 add(p, "Policy", "JavaPolicy", "sun.security.provider.PolicySpiFile"); 240 241 /* 242 * Configuration 243 */ 244 add(p, "Configuration", "JavaLoginConfig", 245 "sun.security.provider.ConfigFile$Spi"); 246 247 /* 248 * CertPathBuilder and CertPathValidator 249 */ 250 attrs.clear(); 251 attrs.put("ValidationAlgorithm", "RFC5280"); 252 attrs.put("ImplementedIn", "Software"); 253 254 add(p, "CertPathBuilder", "PKIX", 255 "sun.security.provider.certpath.SunCertPathBuilder", 256 attrs); 257 add(p, "CertPathValidator", "PKIX", 258 "sun.security.provider.certpath.PKIXCertPathValidator", 259 attrs); 260 } 261 iterator()262 Iterator<Provider.Service> iterator() { 263 return services.iterator(); 264 } 265 add(Provider p, String type, String algo, String cn)266 private void add(Provider p, String type, String algo, String cn) { 267 services.add(new Provider.Service(p, type, algo, cn, null, null)); 268 } 269 add(Provider p, String type, String algo, String cn, HashMap<String, String> attrs)270 private void add(Provider p, String type, String algo, String cn, 271 HashMap<String, String> attrs) { 272 services.add(new Provider.Service(p, type, algo, cn, null, attrs)); 273 } 274 addWithAlias(Provider p, String type, String algo, String cn, HashMap<String, String> attrs)275 private void addWithAlias(Provider p, String type, String algo, String cn, 276 HashMap<String, String> attrs) { 277 services.add(new Provider.Service(p, type, algo, cn, 278 getAliases(algo), attrs)); 279 } 280 281 private LinkedHashSet<Provider.Service> services; 282 283 // name of the *System* property, takes precedence over PROP_RNDSOURCE 284 private static final String PROP_EGD = "java.security.egd"; 285 // name of the *Security* property 286 private static final String PROP_RNDSOURCE = "securerandom.source"; 287 288 private static final boolean useLegacyDSA = 289 Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty 290 ("jdk.security.legacyDSAKeyPairGenerator")); 291 292 static final String URL_DEV_RANDOM = "file:/dev/random"; 293 static final String URL_DEV_URANDOM = "file:/dev/urandom"; 294 295 private static final String seedSource; 296 297 static { 298 seedSource = AccessController.doPrivileged( 299 new PrivilegedAction<String>() { 300 301 @Override 302 public String run() { 303 String egdSource = System.getProperty(PROP_EGD, ""); 304 if (egdSource.length() != 0) { 305 return egdSource; 306 } 307 egdSource = Security.getProperty(PROP_RNDSOURCE); 308 if (egdSource == null) { 309 return ""; 310 } 311 return egdSource; 312 } 313 }); 314 315 DEF_SECURE_RANDOM_ALGO = (NativePRNG.isAvailable() && 316 (seedSource.equals(URL_DEV_URANDOM) || 317 seedSource.equals(URL_DEV_RANDOM)) ? 318 "NativePRNG" : "DRBG"); 319 } 320 getSeedSource()321 static String getSeedSource() { 322 return seedSource; 323 } 324 325 /* 326 * Use a URI to access this File. Previous code used a URL 327 * which is less strict on syntax. If we encounter a 328 * URISyntaxException we make best efforts for backwards 329 * compatibility. e.g. space character in deviceName string. 330 * 331 * Method called within PrivilegedExceptionAction block. 332 * 333 * Moved from SeedGenerator to avoid initialization problems with 334 * signed providers. 335 */ getDeviceFile(URL device)336 static File getDeviceFile(URL device) throws IOException { 337 try { 338 URI deviceURI = device.toURI(); 339 if(deviceURI.isOpaque()) { 340 // File constructor does not accept opaque URI 341 URI localDir = new File( 342 StaticProperty.userDir()).toURI(); 343 String uriPath = localDir.toString() + 344 deviceURI.toString().substring(5); 345 return new File(URI.create(uriPath)); 346 } else { 347 return new File(deviceURI); 348 } 349 } catch (URISyntaxException use) { 350 /* 351 * Make best effort to access this File. 352 * We can try using the URL path. 353 */ 354 return new File(device.getPath()); 355 } 356 } 357 } 358